Skip to content

Commit 2a1741d

Browse files
YlarodYlarod
authored
Revert "Handle unmount for isolated process correctly" (tiann#2718)
Reverts tiann#2696
1 parent 49b7c67 commit 2a1741d

File tree

1 file changed

+9
-20
lines changed

1 file changed

+9
-20
lines changed

kernel/core_hook.c

Lines changed: 9 additions & 20 deletions
Original file line numberDiff line numberDiff line change
@@ -62,7 +62,7 @@ static inline bool is_allow_su()
6262
return ksu_is_allow_uid(current_uid().val);
6363
}
6464

65-
static inline bool is_unsupported_app_uid(uid_t uid)
65+
static inline bool is_unsupported_uid(uid_t uid)
6666
{
6767
#define LAST_APPLICATION_UID 19999
6868
uid_t appid = uid % 100000;
@@ -506,13 +506,14 @@ int ksu_handle_prctl(int option, unsigned long arg2, unsigned long arg3,
506506
return 0;
507507
}
508508

509-
static bool is_non_appuid(kuid_t uid)
509+
static bool is_appuid(kuid_t uid)
510510
{
511511
#define PER_USER_RANGE 100000
512512
#define FIRST_APPLICATION_UID 10000
513+
#define LAST_APPLICATION_UID 19999
513514

514515
uid_t appid = uid.val % PER_USER_RANGE;
515-
return appid < FIRST_APPLICATION_UID;
516+
return appid >= FIRST_APPLICATION_UID && appid <= LAST_APPLICATION_UID;
516517
}
517518

518519
static bool should_umount(struct path *path)
@@ -584,25 +585,13 @@ int ksu_handle_setuid(struct cred *new, const struct cred *old)
584585
return 0;
585586
}
586587

587-
if (is_non_appuid(new_uid)) {
588-
#ifdef CONFIG_KSU_DEBUG
589-
pr_info("handle setuid ignore non application uid: %d\n", new_uid.val);
590-
#endif
588+
if (!is_appuid(new_uid) || is_unsupported_uid(new_uid.val)) {
589+
// pr_info("handle setuid ignore non application or isolated uid: %d\n", new_uid.val);
591590
return 0;
592591
}
593592

594-
// isolated process may be directly forked from zygote, always unmount
595-
if (is_unsupported_app_uid(new_uid.val)) {
596-
#ifdef CONFIG_KSU_DEBUG
597-
pr_info("handle umount for unsupported application uid: %d\n", new_uid.val);
598-
#endif
599-
goto do_umount;
600-
}
601-
602593
if (ksu_is_allow_uid(new_uid.val)) {
603-
#ifdef CONFIG_KSU_DEBUG
604-
pr_info("handle setuid ignore allowed application: %d\n", new_uid.val);
605-
#endif
594+
// pr_info("handle setuid ignore allowed application: %d\n", new_uid.val);
606595
return 0;
607596
}
608597

@@ -614,11 +603,11 @@ int ksu_handle_setuid(struct cred *new, const struct cred *old)
614603
#endif
615604
}
616605

617-
do_umount:
618606
// check old process's selinux context, if it is not zygote, ignore it!
619607
// because some su apps may setuid to untrusted_app but they are in global mount namespace
620608
// when we umount for such process, that is a disaster!
621-
if (!is_zygote(old->security)) {
609+
bool is_zygote_child = is_zygote(old->security);
610+
if (!is_zygote_child) {
622611
pr_info("handle umount ignore non zygote child: %d\n",
623612
current->pid);
624613
return 0;

0 commit comments

Comments
 (0)