Skip to content

Sync legacy with dev branch and update scope minimized manual hooks 1.7#1047

Merged
rifsxd merged 6 commits into
KernelSU-Next:legacyfrom
Sorayukii:legacy
Jan 4, 2026
Merged

Sync legacy with dev branch and update scope minimized manual hooks 1.7#1047
rifsxd merged 6 commits into
KernelSU-Next:legacyfrom
Sorayukii:legacy

Conversation

@Sorayukii

@Sorayukii Sorayukii commented Jan 4, 2026
edited
Loading

Copy link
Copy Markdown
Contributor

Changes:

  • Debloat manager, just driver only
  • Remove enhanced security feature
  • Update scope minimized manual hooks v1.7
  • Add avc log spoofed
  • Try to fix CONFIG_KSU_ALLOWLIST_WORKAROUND(untested)

Tested k4.9.337

Sorayukii and others added 6 commits January 4, 2026 04:04
@Sorayukii
KSU-Next: Debloat
f1e277e 
Signed-off-by: Sorayukii <sorayukii69@gmail.com>
@aaaaaaaa-815 @Sorayukii
kernel: fix Wcalloc-transposed-args (tiann/KernelSU#3121)
31346c5
@pershoot @Sorayukii
Merge pull request KernelSU-Next#1035 from pershoot/dev1
ff3b271 
kernel, ksud, manager: Remove enhanced security feature (tiann/KernelSU#3123)
@KOWX712 @backslashxx
@aviraxp @Sorayukii
kernel: extras: avc log spoofing
661e782 
* kernel: extras: base implementation of avc log spoofing

* kernel: extras: properly version out slow_avc_audit_pre_handler

* kernel: extras: add avc spoof to feature
this is a rebase of: KOWX712/KernelSU@4b6f76d

* kernel/extra: replace sensitive context with priv_app
ref: aviraxp/ZN-AuditPatch@a0a46bd

Co-Authored-By: backslashxx <118538522+backslashxx@users.noreply.github.com>
Co-Authored-By: Wang Han <18079988+aviraxp@users.noreply.github.com>
Signed-off-by: Sorayukii <sorayukii69@gmail.com>
@backslashxx @Sorayukii
kernel: ksud: migrate init.rc handling to security_file_permission LSM
ad6ed53 
devlog

backslashxx/KernelSU@5ba658b...8a6ae25
backslashxx/KernelSU@b7df5d1...754bbd5

Signed-off-by: backslashxx <118538522+backslashxx@users.noreply.github.com>
Signed-off-by: Sorayukii <sorayukii69@gmail.com>
@Sorayukii
kernel: Try to fix CONFIG_KSU_ALLOWLIST_WORKAROUND
632ac79 
../drivers/kernelsu/lsm_hooks.c:145:32: error: use of undeclared identifier 'ksu_key_permission'; did you mean 'ksu_inode_permission'?
145 | LSM_HOOK_INIT(key_permission, ksu_key_permission),
| ^~~~~~~~~~~~~~~~~~
| ksu_inode_permission
../include/linux/lsm_hooks.h:2060:57: note: expanded from macro 'LSM_HOOK_INIT'
2060 | { .head = &security_hook_heads.HEAD, .hook = { .HEAD = HOOK } }
| ^~~~
../drivers/kernelsu/lsm_hooks.c:107:5: note: 'ksu_inode_permission' declared here
107 | int ksu_inode_permission(struct inode inode, int mask)
| ^
../drivers/kernelsu/lsm_hooks.c:145:32: error: incompatible function pointer types initializing 'int ()(key_ref_t, const struct cred , unsigned int)' (aka 'int ()(struct __key_reference_with_attributes *, const struct cred *,
unsigned int)') with an expression of type 'int (struct inode *, int)' [-Wincompatible-function-pointer-types]
145 | LSM_HOOK_INIT(key_permission, ksu_key_permission),
| ^~~~~~~~~~~~~~~~~~
2 errors generated.

Signed-off-by: Sorayukii <sorayukii69@gmail.com>
@Sorayukii Sorayukii changed the title Sync dev branch and update scope minimized manual hooks 1.7 Sync legacy with dev branch and update scope minimized manual hooks 1.7 Jan 4, 2026
@rifsxd rifsxd merged commit d7de833 into KernelSU-Next:legacy Jan 4, 2026
@twu2

twu2 commented Jan 5, 2026

Copy link
Copy Markdown

this break for CONFIG_KSU_KPROBE_HOOKS=y

ksu_handle_sys_read() used in sys_read_handler_pre(), so we shouldn't mark it as deprecated.

drivers/kernelsu/ksud.c:803:9: error: 'ksu_handle_sys_read' is deprecated [-Werror,-Wdeprecated-declarations]
803 | return ksu_handle_sys_read(fd, buf_ptr, count_ptr);
| ^
drivers/kernelsu/ksud.c:688:16: note: 'ksu_handle_sys_read' has been explicitly marked deprecated here
688 | attribute((deprecated))
| ^
1 error generated.

@Sorayukii

Sorayukii commented Jan 5, 2026

Copy link
Copy Markdown
Contributor Author

this break for CONFIG_KSU_KPROBE_HOOKS=y

ksu_handle_sys_read() used in sys_read_handler_pre(), so we shouldn't mark it as deprecated.

drivers/kernelsu/ksud.c:803:9: error: 'ksu_handle_sys_read' is deprecated [-Werror,-Wdeprecated-declarations] 803 | return ksu_handle_sys_read(fd, buf_ptr, count_ptr); | ^ drivers/kernelsu/ksud.c:688:16: note: 'ksu_handle_sys_read' has been explicitly marked deprecated here 688 | attribute((deprecated)) | ^ 1 error generated.

I am not use kprobe hooks, waiting for kprobes user to fix it

slipzryzens pushed a commit to slipzryzens/KernelSU-Next that referenced this pull request Jan 6, 2026
@Sorayukii @aaaaaaaa-815
@pershoot @KOWX712 @backslashxx @aviraxp @slipzsix
Sync legacy with dev branch and update scope minimized manual hooks 1…
b8763fe 
….7 (KernelSU-Next#1047)

* KSU-Next: Debloat

Signed-off-by: Sorayukii <sorayukii69@gmail.com>

* kernel: fix Wcalloc-transposed-args (tiann/KernelSU#3121)

* Merge pull request KernelSU-Next#1035 from pershoot/dev1

kernel, ksud, manager: Remove enhanced security feature (tiann/KernelSU#3123)

* kernel: extras: avc log spoofing

* kernel: extras: base implementation of avc log spoofing

* kernel: extras: properly version out slow_avc_audit_pre_handler

* kernel: extras: add avc spoof to feature
this is a rebase of: KOWX712/KernelSU@4b6f76d

* kernel/extra: replace sensitive context with priv_app
ref: aviraxp/ZN-AuditPatch@a0a46bd

Co-Authored-By: backslashxx <118538522+backslashxx@users.noreply.github.com>
Co-Authored-By: Wang Han <18079988+aviraxp@users.noreply.github.com>
Signed-off-by: Sorayukii <sorayukii69@gmail.com>

* kernel: ksud: migrate init.rc handling to security_file_permission LSM

devlog

backslashxx/KernelSU@5ba658b...8a6ae25
backslashxx/KernelSU@b7df5d1...754bbd5

Signed-off-by: backslashxx <118538522+backslashxx@users.noreply.github.com>
Signed-off-by: Sorayukii <sorayukii69@gmail.com>

* kernel: Try to fix CONFIG_KSU_ALLOWLIST_WORKAROUND

../drivers/kernelsu/lsm_hooks.c:145:32: error: use of undeclared identifier 'ksu_key_permission'; did you mean 'ksu_inode_permission'?
145 | LSM_HOOK_INIT(key_permission, ksu_key_permission),
| ^~~~~~~~~~~~~~~~~~
| ksu_inode_permission
../include/linux/lsm_hooks.h:2060:57: note: expanded from macro 'LSM_HOOK_INIT'
2060 | { .head = &security_hook_heads.HEAD, .hook = { .HEAD = HOOK } }
| ^~~~
../drivers/kernelsu/lsm_hooks.c:107:5: note: 'ksu_inode_permission' declared here
107 | int ksu_inode_permission(struct inode inode, int mask)
| ^
../drivers/kernelsu/lsm_hooks.c:145:32: error: incompatible function pointer types initializing 'int ()(key_ref_t, const struct cred , unsigned int)' (aka 'int ()(struct __key_reference_with_attributes *, const struct cred *,
unsigned int)') with an expression of type 'int (struct inode *, int)' [-Wincompatible-function-pointer-types]
145 | LSM_HOOK_INIT(key_permission, ksu_key_permission),
| ^~~~~~~~~~~~~~~~~~
2 errors generated.

Signed-off-by: Sorayukii <sorayukii69@gmail.com>

---------

Signed-off-by: Sorayukii <sorayukii69@gmail.com>
Signed-off-by: backslashxx <118538522+backslashxx@users.noreply.github.com>
Co-authored-by: libingxuan <84086386+aaaaaaaa-815@users.noreply.github.com>
Co-authored-by: pershoot <190600+pershoot@users.noreply.github.com>
Co-authored-by: KOWX712 <leecc0503@gmail.com>
Co-authored-by: backslashxx <118538522+backslashxx@users.noreply.github.com>
Co-authored-by: Wang Han <18079988+aviraxp@users.noreply.github.com>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

7 participants

@Sorayukii @twu2 @rifsxd @aaaaaaaa-815 @pershoot @KOWX712 @backslashxx