kernel: core_hook: fixup 32-on-64 compat detection via linux_binprm

backslashxx · backslashxx · commit ca22487e13b0 · 2025-06-25T20:56:36.000+08:00
I'll just post code comments as I'm too lazy. Maybe i'll do a writeup later blah blah /* * 32-on-64 compat detection * * notes: * bprm->buf provides the binary itself !! * https://unix.stackexchange.com/questions/106234/determine-if-a-specific-process-is-32-or-64-bit * buf[0] == 0x7f && buf[1] == 'E' && buf[2] == 'L' && buf[3] == 'F' * so as that said, we check ELF header, then we check 5th byte, 0x01 = 32-bit, 0x02 = 64 bit * we only check first execution of /data/adb/ksud and while ksu_execveat_hook is open! * */ Signed-off-by: backslashxx <118538522+backslashxx@users.noreply.github.com>
diff --git a/kernel/core_hook.c b/kernel/core_hook.c
@@ -693,13 +693,40 @@ int ksu_inode_permission(struct inode *inode, int mask)
 	return 0;
 }
 
+#ifdef CONFIG_COMPAT
+bool ksu_is_compat __read_mostly = false;
+#endif
+
 int ksu_bprm_check(struct linux_binprm *bprm)
 {
 	char *filename = (char *)bprm->filename;
 	
 	if (likely(!ksu_execveat_hook))
 		return 0;
 
+/*
+ * 32-on-64 compat detection 
+ *
+ * notes:
+ * bprm->buf provides the binary itself !!
+ * https://unix.stackexchange.com/questions/106234/determine-if-a-specific-process-is-32-or-64-bit
+ * buf[0] == 0x7f && buf[1] == 'E' &&  buf[2] == 'L' && buf[3] == 'F' 
+ * so as that said, we check ELF header, then we check 5th byte, 0x01 = 32-bit, 0x02 = 64 bit
+ * we only check first execution of /data/adb/ksud and while ksu_execveat_hook is open!
+ * 
+ */
+#ifdef CONFIG_COMPAT
+	static bool compat_check_done __read_mostly = false;
+	if ( unlikely(!compat_check_done) && unlikely(!strcmp(filename, "/data/adb/ksud"))
+		&& !memcmp(bprm->buf, "\x7f\x45\x4c\x46", 4) ) {
+		if (bprm->buf[4] == 0x01 )
+			ksu_is_compat = true;
+
+		pr_info("%s: %s ELF magic found! ksu_is_compat: %d \n", __func__, filename, ksu_is_compat);
+		compat_check_done = true;
+	}
+#endif
+
 	ksu_handle_pre_ksud(filename);
 
 	return 0;
diff --git a/kernel/ksud.c b/kernel/ksud.c
@@ -64,10 +64,6 @@ bool ksu_input_hook __read_mostly = true;
 
 u32 ksu_devpts_sid;
 
-#ifdef CONFIG_COMPAT
-bool ksu_is_compat __read_mostly = false;
-#endif
-
 void on_post_fs_data(void)
 {
 	static bool done = false;

Original file line number	Diff line number	Diff line change
`@@ -64,10 +64,6 @@ bool ksu_input_hook __read_mostly = true;`
`64`	`64`
`65`	`65`	`u32 ksu_devpts_sid;`
`66`	`66`
`67`		`-#ifdef CONFIG_COMPAT`
`68`		`-bool ksu_is_compat __read_mostly = false;`
`69`		`-#endif`
`70`		`-`
`71`	`67`	`void on_post_fs_data(void)`
`72`	`68`	`{`
`73`	`69`	`static bool done = false;`