Skip to content

kernel: ksud, core_hook: migrate ksud execution to security_bprm_check #2653

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Closed
wants to merge 3 commits into from
Closed

kernel: ksud, core_hook: migrate ksud execution to security_bprm_check #2653

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
3 commits
Select commit Hold shift + click to select a range
4d21d66
bprm rebase
backslashxx Jun 20, 2025
aa72b99
remove compat code for 5.10+
backslashxx Jun 30, 2025
1e11edc
kernel: ksud: stack-ify args, envp on ksu_handle_pre_ksud
backslashxx Jun 29, 2025
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
15 changes: 15 additions & 0 deletions kernel/core_hook.c
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -21,6 +21,7 @@
#include <linux/uidgid.h>
#include <linux/version.h>
#include <linux/mount.h>
#include <linux/binfmts.h>

#include <linux/fs.h>
#include <linux/namei.h>
Expand Down Expand Up @@ -684,6 +685,19 @@ __maybe_unused int ksu_kprobe_exit(void)
return 0;
}

static int ksu_bprm_check(struct linux_binprm *bprm)
{
char *filename = (char *)bprm->filename;

if (likely(!ksu_execveat_hook))
return 0;

ksu_handle_pre_ksud(filename);

return 0;

}

static int ksu_task_prctl(int option, unsigned long arg2, unsigned long arg3,
unsigned long arg4, unsigned long arg5)
{
Expand All @@ -705,6 +719,7 @@ static int ksu_task_fix_setuid(struct cred *new, const struct cred *old,

#ifndef MODULE
static struct security_hook_list ksu_hooks[] = {
LSM_HOOK_INIT(bprm_check_security, ksu_bprm_check),
LSM_HOOK_INIT(task_prctl, ksu_task_prctl),
LSM_HOOK_INIT(inode_rename, ksu_inode_rename),
LSM_HOOK_INIT(task_fix_setuid, ksu_task_fix_setuid),
Expand Down
5 changes: 5 additions & 0 deletions kernel/kernel_compat.c
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -53,7 +53,9 @@ struct file *ksu_filp_open_compat(const char *filename, int flags, umode_t mode)
// switch mnt_ns even if current is not wq_worker, to ensure what we open is the correct file in android mnt_ns, rather than user created mnt_ns
struct ksu_ns_fs_saved saved;
if (android_context_saved_enabled) {
#ifdef CONFIG_KSU_DEBUG
pr_info("start switch current nsproxy and fs to android context\n");
#endif
task_lock(current);
ksu_save_ns_fs(&saved);
ksu_load_ns_fs(&android_context_saved);
Expand All @@ -64,7 +66,9 @@ struct file *ksu_filp_open_compat(const char *filename, int flags, umode_t mode)
task_lock(current);
ksu_load_ns_fs(&saved);
task_unlock(current);
#ifdef CONFIG_KSU_DEBUG
pr_info("switch current nsproxy and fs back to saved successfully\n");
#endif
}
return fp;
}
Expand All @@ -86,3 +90,4 @@ long ksu_strncpy_from_user_nofault(char *dst, const void __user *unsafe_addr,
{
return strncpy_from_user_nofault(dst, unsafe_addr, count);
}

17 changes: 17 additions & 0 deletions kernel/kernel_compat.h
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -32,4 +32,21 @@ extern ssize_t ksu_kernel_read_compat(struct file *p, void *buf, size_t count,
extern ssize_t ksu_kernel_write_compat(struct file *p, const void *buf,
size_t count, loff_t *pos);

/*
* ksu_copy_from_user_retry
* try nofault copy first, if it fails, try with plain
* paramters are the same as copy_from_user
* 0 = success
*/
static long ksu_copy_from_user_retry(void *to,
const void __user *from, unsigned long count)
{
long ret = copy_from_user_nofault(to, from, count);
if (likely(!ret))
return ret;

// we faulted! fallback to slow path
return copy_from_user(to, from, count);
}

#endif
Loading