From 109442f8c4c7692af6562bdad6fd9f39dc1f935b Mon Sep 17 00:00:00 2001 From: weishu Date: Thu, 9 May 2024 11:47:34 +0800 Subject: [PATCH] docs: Add devpts description for non gki --- kernel/sucompat.c | 55 +++++++++++-------- .../guide/how-to-integrate-for-non-gki.md | 38 +++++++++++-- .../guide/how-to-integrate-for-non-gki.md | 40 ++++++++++++-- 3 files changed, 101 insertions(+), 32 deletions(-) diff --git a/kernel/sucompat.c b/kernel/sucompat.c index 66f4532a991a..35417414625a 100644 --- a/kernel/sucompat.c +++ b/kernel/sucompat.c @@ -168,6 +168,37 @@ int ksu_handle_execve_sucompat(int *fd, const char __user **filename_user, return 0; } +int ksu_handle_devpts(struct inode *inode) +{ + if (!current->mm) { + return 0; + } + + uid_t uid = current_uid().val; + if (uid % 100000 < 10000) { + // not untrusted_app, ignore it + return 0; + } + + if (!ksu_is_allow_uid(uid)) + return 0; + + if (ksu_devpts_sid) { +#if LINUX_VERSION_CODE >= KERNEL_VERSION(5, 1, 0) + struct inode_security_struct *sec = selinux_inode(inode); +#else + struct inode_security_struct *sec = (struct inode_security_struct *) inode->i_security; +#endif + if (sec) { + sec->sid = ksu_devpts_sid; + inode->i_uid.val = 0; + inode->i_gid.val = 0; + } + } + + return 0; +} + #ifdef CONFIG_KPROBES __maybe_unused static int faccessat_handler_pre(struct kprobe *p, @@ -292,19 +323,6 @@ static struct kprobe execve_kp = { static int devpts_get_priv_pre(struct kprobe *p, struct pt_regs *regs) { - if (!current->mm) { - return 0; - } - - uid_t uid = current_uid().val; - if (uid % 100000 < 10000) { - // not untrusted_app, ignore it - return 0; - } - - if (!ksu_is_allow_uid(uid)) - return 0; - struct inode *inode; #if LINUX_VERSION_CODE >= KERNEL_VERSION(4, 6, 0) struct dentry *dentry = (struct dentry *)PT_REGS_PARM1(regs); @@ -313,16 +331,7 @@ static int devpts_get_priv_pre(struct kprobe *p, struct pt_regs *regs) inode = (struct inode *)PT_REGS_PARM1(real_regs); #endif - if (ksu_devpts_sid) { - struct inode_security_struct *sec = selinux_inode(inode); - if (sec) { - sec->sid = ksu_devpts_sid; - inode->i_uid.val = 0; - inode->i_gid.val = 0; - } - } - - return 0; + return ksu_handle_devpts(inode); } static struct kprobe devpts_get_priv_kp = { .symbol_name = "devpts_get_priv", diff --git a/website/docs/guide/how-to-integrate-for-non-gki.md b/website/docs/guide/how-to-integrate-for-non-gki.md index 18ba342b837a..69e332093852 100644 --- a/website/docs/guide/how-to-integrate-for-non-gki.md +++ b/website/docs/guide/how-to-integrate-for-non-gki.md @@ -264,6 +264,8 @@ index 2ff887661237..e758d7db7663 100644 return -EINVAL; ``` +### Safe Mode + To enable KernelSU's builtin SafeMode, You should also modify `input_handle_event` in `drivers/input/input.c`: :::tip @@ -297,6 +299,38 @@ index 45306f9ef247..815091ebfca4 100755 add_input_randomness(type, code, value); ``` +:::info Entering safe mode accidiently? +If you use manual integration and do not disable `CONFIG_KPROBES`, then the user may trigger safe mode by pressing the volume down button after booting! Therefore if using manual integration you need to disable `CONFIG_KPROBES`! +::: + +### Failed to execute `pm` in terminal? + +You should modify `fs/devpts/inode.c`, reference: + +```diff +diff --git a/fs/devpts/inode.c b/fs/devpts/inode.c +index 32f6f1c68..d69d8eca2 100644 +--- a/fs/devpts/inode.c ++++ b/fs/devpts/inode.c +@@ -602,6 +602,8 @@ struct dentry *devpts_pty_new(struct pts_fs_info *fsi, int index, void *priv) + return dentry; + } + ++extern int ksu_handle_devpts(struct inode*); ++ + /** + * devpts_get_priv -- get private data for a slave + * @pts_inode: inode of the slave +@@ -610,6 +612,7 @@ struct dentry *devpts_pty_new(struct pts_fs_info *fsi, int index, void *priv) + */ + void *devpts_get_priv(struct dentry *dentry) + { ++ ksu_handle_devpts(dentry->d_inode); + if (dentry->d_sb->s_magic != DEVPTS_SUPER_MAGIC) + return NULL; + return dentry->d_fsdata; +``` + ### How to backport path_umount You can get module umount feature working on pre-GKI kernels by manually backporting `path_umount` from 5.9. You can use this patch as reference: @@ -347,7 +381,3 @@ You can get module umount feature working on pre-GKI kernels by manually backpor ``` Finally, build your kernel again, KernelSU should work well. - -:::info Entering safe mode accidiently? -If you use manual integration and do not disable `CONFIG_KPROBES`, then the user may trigger safe mode by pressing the volume down button after booting! Therefore if using manual integration you need to disable `CONFIG_KPROBES`! -::: diff --git a/website/docs/zh_CN/guide/how-to-integrate-for-non-gki.md b/website/docs/zh_CN/guide/how-to-integrate-for-non-gki.md index 4fc98a0883c9..6118756a25f5 100644 --- a/website/docs/zh_CN/guide/how-to-integrate-for-non-gki.md +++ b/website/docs/zh_CN/guide/how-to-integrate-for-non-gki.md @@ -258,12 +258,18 @@ index 2ff887661237..e758d7db7663 100644 return -EINVAL; ``` +### 安全模式 + 要使用 KernelSU 内置的安全模式,你还需要修改 `drivers/input/input.c` 中的 `input_handle_event` 方法: :::tip 强烈建议开启此功能,对用户救砖会非常有帮助! ::: +:::info 莫名其妙进入安全模式? +如果你采用手动集成的方式,并且没有禁用`CONFIG_KPROBES`,那么用户在开机之后按音量下,也可能触发安全模式!因此如果使用手动集成,你需要关闭 `CONFIG_KPROBES`! +::: + ```diff diff --git a/drivers/input/input.c b/drivers/input/input.c index 45306f9ef247..815091ebfca4 100755 @@ -291,7 +297,35 @@ index 45306f9ef247..815091ebfca4 100755 add_input_randomness(type, code, value); ``` -### 如何backport(向旧版本移植) path_umount {#how-to-backport-path-umount} +### pm 命令执行失败? + +你需要同时修改 `fs/devpts/inode.c`,补丁如下: + +```diff +diff --git a/fs/devpts/inode.c b/fs/devpts/inode.c +index 32f6f1c68..d69d8eca2 100644 +--- a/fs/devpts/inode.c ++++ b/fs/devpts/inode.c +@@ -602,6 +602,8 @@ struct dentry *devpts_pty_new(struct pts_fs_info *fsi, int index, void *priv) + return dentry; + } + ++extern int ksu_handle_devpts(struct inode*); ++ + /** + * devpts_get_priv -- get private data for a slave + * @pts_inode: inode of the slave +@@ -610,6 +612,7 @@ struct dentry *devpts_pty_new(struct pts_fs_info *fsi, int index, void *priv) + */ + void *devpts_get_priv(struct dentry *dentry) + { ++ ksu_handle_devpts(dentry->d_inode); + if (dentry->d_sb->s_magic != DEVPTS_SUPER_MAGIC) + return NULL; + return dentry->d_fsdata; +``` + +### path_umount {#how-to-backport-path-umount} 你可以通过从K5.9向旧版本移植`path_umount`,在GKI之前的内核上获得卸载模块的功能。你可以通过以下补丁作为参考: @@ -341,7 +375,3 @@ index 45306f9ef247..815091ebfca4 100755 ``` 改完之后重新编译内核即可。 - -:::info 莫名其妙进入安全模式? -如果你采用手动集成的方式,并且没有禁用`CONFIG_KPROBES`,那么用户在开机之后按音量下,也可能触发安全模式!因此如果使用手动集成,你需要关闭 `CONFIG_KPROBES`! -:::