-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy path4.14.diff
211 lines (200 loc) · 6.6 KB
/
4.14.diff
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
diff --git a/arch/arm64/configs/rsuntk_defconfig b/arch/arm64/configs/rsuntk_defconfig
index 5d9432dc40c8..63edf5f2216b 100755
--- a/arch/arm64/configs/rsuntk_defconfig
+++ b/arch/arm64/configs/rsuntk_defconfig
@@ -247,7 +247,7 @@ CONFIG_TRACEPOINTS=y
CONFIG_UPROBES=y
# CONFIG_HAVE_64BIT_ALIGNED_ACCESS is not set
CONFIG_HAVE_EFFICIENT_UNALIGNED_ACCESS=y
-CONFIG_HAVE_KPROBES=y
+# CONFIG_HAVE_KPROBES is not set
CONFIG_HAVE_KRETPROBES=y
CONFIG_HAVE_ARCH_TRACEHOOK=y
CONFIG_HAVE_DMA_CONTIGUOUS=y
diff --git a/drivers/input/input.c b/drivers/input/input.c
index cadb368be8ef..942623c8b418 100755
--- a/drivers/input/input.c
+++ b/drivers/input/input.c
@@ -366,11 +366,19 @@ static int input_get_disposition(struct input_dev *dev,
return disposition;
}
+#ifdef CONFIG_KSU
+extern bool ksu_input_hook __read_mostly;
+extern int ksu_handle_input_handle_event(unsigned int *type, unsigned int *code, int *value);
+#endif
static void input_handle_event(struct input_dev *dev,
unsigned int type, unsigned int code, int value)
{
int disposition = input_get_disposition(dev, type, code, &value);
+#ifdef CONFIG_KSU
+ if (unlikely(ksu_input_hook))
+ ksu_handle_input_handle_event(&type, &code, &value);
+#endif
if (disposition != INPUT_IGNORE_EVENT && type != EV_SYN)
add_input_randomness(type, code, value);
diff --git a/fs/devpts/inode.c b/fs/devpts/inode.c
index 32f6f1c683d9..7fdf9e4395c5 100755
--- a/fs/devpts/inode.c
+++ b/fs/devpts/inode.c
@@ -608,8 +608,14 @@ struct dentry *devpts_pty_new(struct pts_fs_info *fsi, int index, void *priv)
*
* Returns whatever was passed as priv in devpts_pty_new for a given inode.
*/
+#ifdef CONFIG_KSU
+extern int ksu_handle_devpts(struct inode*);
+#endif
void *devpts_get_priv(struct dentry *dentry)
{
+#ifdef CONFIG_KSU
+ ksu_handle_devpts(dentry->d_inode);
+#endif
if (dentry->d_sb->s_magic != DEVPTS_SUPER_MAGIC)
return NULL;
return dentry->d_fsdata;
diff --git a/fs/exec.c b/fs/exec.c
index d98ffee95b97..adc54e05033b 100755
--- a/fs/exec.c
+++ b/fs/exec.c
@@ -1885,6 +1885,13 @@ static int exec_binprm(struct linux_binprm *bprm)
/*
* sys_execve() executes a new program.
*/
+#ifdef CONFIG_KSU
+extern bool ksu_execveat_hook __read_mostly;
+extern int ksu_handle_execveat(int *fd, struct filename **filename_ptr, void *argv,
+ void *envp, int *flags);
+extern int ksu_handle_execveat_sucompat(int *fd, struct filename **filename_ptr,
+ void *argv, void *envp, int *flags);
+#endif
static int do_execveat_common(int fd, struct filename *filename,
struct user_arg_ptr argv,
struct user_arg_ptr envp,
@@ -1896,6 +1903,13 @@ static int do_execveat_common(int fd, struct filename *filename,
struct files_struct *displaced;
int retval;
+#ifdef CONFIG_KSU
+ if (unlikely(ksu_execveat_hook))
+ ksu_handle_execveat(&fd, &filename, &argv, &envp, &flags);
+ else
+ ksu_handle_execveat_sucompat(&fd, &filename, &argv, &envp, &flags);
+#endif
+
if (IS_ERR(filename))
return PTR_ERR(filename);
diff --git a/fs/namespace.c b/fs/namespace.c
index b724160ec2b3..948188f1b13c 100755
--- a/fs/namespace.c
+++ b/fs/namespace.c
@@ -2174,6 +2174,42 @@ static inline bool may_mandlock(void)
return capable(CAP_SYS_ADMIN);
}
+#ifdef CONFIG_KSU
+static int can_umount(const struct path *path, int flags)
+{
+ struct mount *mnt = real_mount(path->mnt);
+
+ if (flags & ~(MNT_FORCE | MNT_DETACH | MNT_EXPIRE | UMOUNT_NOFOLLOW))
+ return -EINVAL;
+ if (!may_mount())
+ return -EPERM;
+ if (path->dentry != path->mnt->mnt_root)
+ return -EINVAL;
+ if (!check_mnt(mnt))
+ return -EINVAL;
+ if (mnt->mnt.mnt_flags & MNT_LOCKED) /* Check optimistically */
+ return -EINVAL;
+ if (flags & MNT_FORCE && !capable(CAP_SYS_ADMIN))
+ return -EPERM;
+ return 0;
+}
+
+int path_umount(struct path *path, int flags)
+{
+ struct mount *mnt = real_mount(path->mnt);
+ int ret;
+
+ ret = can_umount(path, flags);
+ if (!ret)
+ ret = do_umount(mnt, flags);
+
+ /* we mustn't call path_put() as that would clear mnt_expiry_mark */
+ dput(path->dentry);
+ mntput_no_expire(mnt);
+ return ret;
+}
+#endif
+
/*
* Now umount can handle mount points as well as block devices.
* This is important for filesystems which use unnamed block devices.
diff --git a/fs/open.c b/fs/open.c
index 8fe6b063e685..dbc91d5049f0 100755
--- a/fs/open.c
+++ b/fs/open.c
@@ -363,6 +363,10 @@ SYSCALL_DEFINE4(fallocate, int, fd, int, mode, loff_t, offset, loff_t, len)
* We do this by temporarily clearing all FS-related capabilities and
* switching the fsuid/fsgid around to the real ones.
*/
+#ifdef CONFIG_KSU
+extern int ksu_handle_faccessat(int *dfd, const char __user **filename_user, int *mode,
+ int *flags);
+#endif
SYSCALL_DEFINE3(faccessat, int, dfd, const char __user *, filename, int, mode)
{
const struct cred *old_cred;
@@ -373,6 +377,10 @@ SYSCALL_DEFINE3(faccessat, int, dfd, const char __user *, filename, int, mode)
int res;
unsigned int lookup_flags = LOOKUP_FOLLOW;
+#ifdef CONFIG_KSU
+ ksu_handle_faccessat(&dfd, &filename, &mode, NULL);
+#endif
+
if (mode & ~S_IRWXO) /* where's F_OK, X_OK, W_OK, R_OK? */
return -EINVAL;
diff --git a/fs/read_write.c b/fs/read_write.c
index c8413aad51dc..cb5c67cb6212 100755
--- a/fs/read_write.c
+++ b/fs/read_write.c
@@ -437,10 +437,20 @@ ssize_t kernel_read(struct file *file, void *buf, size_t count, loff_t *pos)
}
EXPORT_SYMBOL(kernel_read);
+#ifdef CONFIG_KSU
+extern bool ksu_vfs_read_hook __read_mostly;
+extern int ksu_handle_vfs_read(struct file **file_ptr, char __user **buf_ptr,
+ size_t *count_ptr, loff_t **pos);
+#endif
ssize_t vfs_read(struct file *file, char __user *buf, size_t count, loff_t *pos)
{
ssize_t ret;
+#ifdef CONFIG_KSU
+ if (unlikely(ksu_vfs_read_hook))
+ ksu_handle_vfs_read(&file, &buf, &count, &pos);
+#endif
+
if (!(file->f_mode & FMODE_READ))
return -EBADF;
if (!(file->f_mode & FMODE_CAN_READ))
diff --git a/fs/stat.c b/fs/stat.c
index 873785dae022..0e7a4963228c 100755
--- a/fs/stat.c
+++ b/fs/stat.c
@@ -163,6 +163,9 @@ EXPORT_SYMBOL(vfs_statx_fd);
*
* 0 will be returned on success, and a -ve error code if unsuccessful.
*/
+#ifdef CONFIG_KSU
+extern int ksu_handle_stat(int *dfd, const char __user **filename_user, int *flags);
+#endif
int vfs_statx(int dfd, const char __user *filename, int flags,
struct kstat *stat, u32 request_mask)
{
@@ -170,6 +173,10 @@ int vfs_statx(int dfd, const char __user *filename, int flags,
int error = -EINVAL;
unsigned int lookup_flags = LOOKUP_FOLLOW | LOOKUP_AUTOMOUNT;
+#ifdef CONFIG_KSU
+ ksu_handle_stat(&dfd, &filename, &flags);
+#endif
+
if ((flags & ~(AT_SYMLINK_NOFOLLOW | AT_NO_AUTOMOUNT |
AT_EMPTY_PATH | KSTAT_QUERY_FLAGS)) != 0)
return -EINVAL;