Unmount isolated process which forks from zygote unconditionally#2747
Merged
Conversation
Rethink about this patch, isolated process which directly forks from zygote is just like normal app, so there is no reason apps won't crash but Isolated process will. Also zygote reopens fd before actually fork, so it should be fine. This reverts commit 2a1741d.
Contributor
There was a problem hiding this comment.
Pull Request Overview
This PR reverts a previous change to handle isolated processes differently when unmounting overlayfs. The change rethinks the logic for isolated processes that fork directly from zygote, treating them like normal applications rather than avoiding unmounting operations.
- Reverts special handling that prevented unmounting for isolated processes
- Refactors function names to clarify their purpose (renaming functions for better clarity)
- Ensures isolated processes forked from zygote are properly handled with unconditional unmounting
Tip: Customize your code reviews with copilot-instructions.md. Create the file or learn how to get started.
Ylarod
approved these changes
Sep 7, 2025
pershoot
pushed a commit
to pershoot/KernelSU-Next
that referenced
this pull request
Sep 7, 2025
…nn/KernelSU#2747) Rethink about this patch, isolated process which directly forks from zygote is just like normal app, so there is no reason apps won't crash but Isolated process will. Also zygote reopens fd before actually fork, so it should be fine. This reverts commit tiann/KernelSU@2a1741d.
pershoot
pushed a commit
to pershoot/KernelSU-Next
that referenced
this pull request
Sep 7, 2025
…nn/KernelSU#2747) Rethink about this patch, isolated process which directly forks from zygote is just like normal app, so there is no reason apps won't crash but Isolated process will. Also zygote reopens fd before actually fork, so it should be fine. This reverts commit tiann/KernelSU@2a1741d.
pershoot
pushed a commit
to pershoot/KernelSU-Next
that referenced
this pull request
Sep 7, 2025
-remove some extra spaces from (TG) patch -try_umount -> ksu_try_umount if not CONFIG_KSU_SUSFS_TRY_UMOUNT (ksu_handle_setuid) -7/10/25: selinux/rules: fix merge conflict with previous change (Fix illegal RCU lock usage): __4d633a1 -7/14/25: core_hook: fix merge conflict with previous change (remove redundant get_cred_rcu): __bd03c29 -7/20/25: ksud: fix merge conflict with previous change (guard syscall hook types): __45ad73e -7/20/26: core_hook: fix merge conflict with previous change (support for KernelNoSU): __948975b -7/24/25: core_hook: fix merge conflict with previous change (allow only perms ... and guard kernelnosu perms): __3f4c23a -8/10/25: Kconfig: fix merge conflict with previous change (nest ksun switch manager support) __e0c4613 -9/7/25: core_hook: fix merge conflict with previous change (Unmount isolated process) __'Unmount isolated process which forks from zygote unconditionally (tiann/KernelSU#2747)' -https://gitlab.com/simonpunk/susfs4ksu/-/tree/gki-android14-6.1
pershoot
pushed a commit
to pershoot/KernelSU-Next
that referenced
this pull request
Sep 7, 2025
- 1. We flag the zygote spawned process TIF_PROC_ROOT_NOT_ALLOWED durint ksu_set_uid() if it is not root allowed - 2. THen we ust check the flag before going into any ksu syscall handlers in sucompat.c, because it is just a check of a bit flag so it is ultra fast for non root allowed process which is bascially and theoretically side channel attacks free - 3. Other processes that are not flagged with TIF_PROC_ROOT_NOT_ALLOWED will just go thru the ksu syscall handlers just the same as before -9/7/25: core_hook: fix merge conflict with previous change (Unmount isolated process) __'Unmount isolated process which forks from zygote unconditionally (tiann/KernelSU#2747)' -https://gitlab.com/simonpunk/susfs4ksu/-/tree/gki-android14-6.1 -sucompat: retain logic (ksu_is_allow_uid)
pershoot
pushed a commit
to pershoot/KernelSU-Next
that referenced
this pull request
Sep 7, 2025
- In order to reduce the extra patch code and increase the rate of hunk succeed, we do not rename the symbols in KernelSU drvier but instead do it all in kernel/kallsym.c - Make susfs_starts_with() global as it maybe useful in future -9/7/25: core_hook: fix merge conflict with previous change (Unmount isolated process) __'Unmount isolated process which forks from zygote unconditionally (tiann/KernelSU#2747)' -https://gitlab.com/simonpunk/susfs4ksu/-/tree/gki-android14-6.1 -Revert (Ref: 'kernel: implement susfs v1.5.8 KernelSU Next v1.0.8') - __resolves 'undefined symbols': ksu_is_manager_apk, is_manager, track_throne: ____apk_sign, throne_tracker: ksu_is_manager_apk -> is_manager_apk ____manager: ksu_is_manager -> is_manager ____throne_tracker: ksu_track_throne -> track_throne
pershoot
pushed a commit
to pershoot/KernelSU-Next
that referenced
this pull request
Sep 7, 2025
…nn/KernelSU#2747) Rethink about this patch, isolated process which directly forks from zygote is just like normal app, so there is no reason apps won't crash but Isolated process will. Also zygote reopens fd before actually fork, so it should be fine. This reverts commit tiann/KernelSU@2a1741d.
pershoot
pushed a commit
to pershoot/KernelSU-Next
that referenced
this pull request
Sep 7, 2025
…nn/KernelSU#2747) Rethink about this patch, isolated process which directly forks from zygote is just like normal app, so there is no reason apps won't crash but Isolated process will. Also zygote reopens fd before actually fork, so it should be fine. This reverts commit tiann/KernelSU@2a1741d.
pershoot
pushed a commit
to pershoot/KernelSU-Next
that referenced
this pull request
Sep 7, 2025
-remove some extra spaces from (TG) patch -try_umount -> ksu_try_umount if not CONFIG_KSU_SUSFS_TRY_UMOUNT (ksu_handle_setuid) -7/10/25: selinux/rules: fix merge conflict with previous change (Fix illegal RCU lock usage): __4d633a1 -7/14/25: core_hook: fix merge conflict with previous change (remove redundant get_cred_rcu): __bd03c29 -7/20/25: ksud: fix merge conflict with previous change (guard syscall hook types): __45ad73e -7/20/26: core_hook: fix merge conflict with previous change (support for KernelNoSU): __948975b -7/24/25: core_hook: fix merge conflict with previous change (allow only perms ... and guard kernelnosu perms): __3f4c23a -8/10/25: Kconfig: fix merge conflict with previous change (nest ksun switch manager support) __e0c4613 -9/7/25: core_hook: fix merge conflict with previous change (Unmount isolated process) __'Unmount isolated process which forks from zygote unconditionally (tiann/KernelSU#2747)' -https://gitlab.com/simonpunk/susfs4ksu/-/tree/gki-android14-6.1
pershoot
pushed a commit
to pershoot/KernelSU-Next
that referenced
this pull request
Sep 7, 2025
- 1. We flag the zygote spawned process TIF_PROC_ROOT_NOT_ALLOWED durint ksu_set_uid() if it is not root allowed - 2. THen we ust check the flag before going into any ksu syscall handlers in sucompat.c, because it is just a check of a bit flag so it is ultra fast for non root allowed process which is bascially and theoretically side channel attacks free - 3. Other processes that are not flagged with TIF_PROC_ROOT_NOT_ALLOWED will just go thru the ksu syscall handlers just the same as before -9/7/25: core_hook: fix merge conflict with previous change (Unmount isolated process) __'Unmount isolated process which forks from zygote unconditionally (tiann/KernelSU#2747)' -https://gitlab.com/simonpunk/susfs4ksu/-/tree/gki-android14-6.1 -sucompat: retain logic (ksu_is_allow_uid)
pershoot
pushed a commit
to pershoot/KernelSU-Next
that referenced
this pull request
Sep 7, 2025
- In order to reduce the extra patch code and increase the rate of hunk succeed, we do not rename the symbols in KernelSU drvier but instead do it all in kernel/kallsym.c - Make susfs_starts_with() global as it maybe useful in future -9/7/25: core_hook: fix merge conflict with previous change (Unmount isolated process) __'Unmount isolated process which forks from zygote unconditionally (tiann/KernelSU#2747)' -https://gitlab.com/simonpunk/susfs4ksu/-/tree/gki-android14-6.1 -Revert (Ref: 'kernel: implement susfs v1.5.8 KernelSU Next v1.0.8') - __resolves 'undefined symbols': ksu_is_manager_apk, is_manager, track_throne: ____apk_sign, throne_tracker: ksu_is_manager_apk -> is_manager_apk ____manager: ksu_is_manager -> is_manager ____throne_tracker: ksu_track_throne -> track_throne
pershoot
pushed a commit
to pershoot/KernelSU-Next
that referenced
this pull request
Sep 7, 2025
-remove some extra spaces from (TG) patch -try_umount -> ksu_try_umount if not CONFIG_KSU_SUSFS_TRY_UMOUNT (ksu_handle_setuid) -7/10/25: selinux/rules: fix merge conflict with previous change (Fix illegal RCU lock usage): __4d633a1 -7/14/25: core_hook: fix merge conflict with previous change (remove redundant get_cred_rcu): __bd03c29 -7/20/25: ksud: fix merge conflict with previous change (guard syscall hook types): __45ad73e -7/20/26: core_hook: fix merge conflict with previous change (support for KernelNoSU): __948975b -7/24/25: core_hook: fix merge conflict with previous change (allow only perms ... and guard kernelnosu perms): __3f4c23a -8/10/25: Kconfig: fix merge conflict with previous change (nest ksun switch manager support) __e0c4613 -9/7/25: core_hook: fix merge conflict with previous change (Unmount isolated process) __'Unmount isolated process which forks from zygote unconditionally (tiann/KernelSU#2747)' -https://gitlab.com/simonpunk/susfs4ksu/-/tree/gki-android14-6.1
pershoot
pushed a commit
to pershoot/KernelSU-Next
that referenced
this pull request
Sep 7, 2025
- 1. We flag the zygote spawned process TIF_PROC_ROOT_NOT_ALLOWED durint ksu_set_uid() if it is not root allowed - 2. THen we ust check the flag before going into any ksu syscall handlers in sucompat.c, because it is just a check of a bit flag so it is ultra fast for non root allowed process which is bascially and theoretically side channel attacks free - 3. Other processes that are not flagged with TIF_PROC_ROOT_NOT_ALLOWED will just go thru the ksu syscall handlers just the same as before -9/7/25: core_hook: fix merge conflict with previous change (Unmount isolated process) __'Unmount isolated process which forks from zygote unconditionally (tiann/KernelSU#2747)' -https://gitlab.com/simonpunk/susfs4ksu/-/tree/gki-android14-6.1 -sucompat: retain logic (ksu_is_allow_uid)
pershoot
pushed a commit
to pershoot/KernelSU-Next
that referenced
this pull request
Sep 7, 2025
- In order to reduce the extra patch code and increase the rate of hunk succeed, we do not rename the symbols in KernelSU drvier but instead do it all in kernel/kallsym.c - Make susfs_starts_with() global as it maybe useful in future -9/7/25: core_hook: fix merge conflict with previous change (Unmount isolated process) __'Unmount isolated process which forks from zygote unconditionally (tiann/KernelSU#2747)' -https://gitlab.com/simonpunk/susfs4ksu/-/tree/gki-android14-6.1 -Revert (Ref: 'kernel: implement susfs v1.5.8 KernelSU Next v1.0.8') - __resolves 'undefined symbols': ksu_is_manager_apk, is_manager, track_throne: ____apk_sign, throne_tracker: ksu_is_manager_apk -> is_manager_apk ____manager: ksu_is_manager -> is_manager ____throne_tracker: ksu_track_throne -> track_throne
AzyrRuthless
pushed a commit
to AzyrRuthless/KernelSU-Next
that referenced
this pull request
Sep 8, 2025
…nn/KernelSU#2747) Rethink about this patch, isolated process which directly forks from zygote is just like normal app, so there is no reason apps won't crash but Isolated process will. Also zygote reopens fd before actually fork, so it should be fine. This reverts commit tiann/KernelSU@2a1741d.
AzyrRuthless
pushed a commit
to AzyrRuthless/KernelSU-Next
that referenced
this pull request
Sep 8, 2025
-remove some extra spaces from (TG) patch -try_umount -> ksu_try_umount if not CONFIG_KSU_SUSFS_TRY_UMOUNT (ksu_handle_setuid) -7/10/25: selinux/rules: fix merge conflict with previous change (Fix illegal RCU lock usage): __pershoot@4d633a1 -7/14/25: core_hook: fix merge conflict with previous change (remove redundant get_cred_rcu): __pershoot@bd03c29 -7/20/25: ksud: fix merge conflict with previous change (guard syscall hook types): __pershoot@45ad73e -7/20/26: core_hook: fix merge conflict with previous change (support for KernelNoSU): __pershoot@948975b -7/24/25: core_hook: fix merge conflict with previous change (allow only perms ... and guard kernelnosu perms): __pershoot@3f4c23a -8/10/25: Kconfig: fix merge conflict with previous change (nest ksun switch manager support) __pershoot@e0c4613 -9/7/25: core_hook: fix merge conflict with previous change (Unmount isolated process) __'Unmount isolated process which forks from zygote unconditionally (tiann/KernelSU#2747)' -https://gitlab.com/simonpunk/susfs4ksu/-/tree/gki-android14-6.1
rifsxd
pushed a commit
to KernelSU-Next/KernelSU-Next
that referenced
this pull request
Sep 10, 2025
…nn/KernelSU#2747) (#776) Rethink about this patch, isolated process which directly forks from zygote is just like normal app, so there is no reason apps won't crash but Isolated process will. Also zygote reopens fd before actually fork, so it should be fine. This reverts commit tiann/KernelSU@2a1741d. Co-authored-by: Wang Han <416810799@qq.com>
pershoot
pushed a commit
to pershoot/KernelSU-Next
that referenced
this pull request
Sep 10, 2025
-remove some extra spaces from (TG) patch -try_umount -> ksu_try_umount if not CONFIG_KSU_SUSFS_TRY_UMOUNT (ksu_handle_setuid) -7/10/25: selinux/rules: fix merge conflict with previous change (Fix illegal RCU lock usage): __4d633a1 -7/14/25: core_hook: fix merge conflict with previous change (remove redundant get_cred_rcu): __bd03c29 -7/20/25: ksud: fix merge conflict with previous change (guard syscall hook types): __45ad73e -7/20/26: core_hook: fix merge conflict with previous change (support for KernelNoSU): __948975b -7/24/25: core_hook: fix merge conflict with previous change (allow only perms ... and guard kernelnosu perms): __3f4c23a -8/10/25: Kconfig: fix merge conflict with previous change (nest ksun switch manager support) __e0c4613 -9/7/25: core_hook: fix merge conflict with previous change (Unmount isolated process) __'Unmount isolated process which forks from zygote unconditionally (tiann/KernelSU#2747)' -https://gitlab.com/simonpunk/susfs4ksu/-/tree/gki-android14-6.1
pershoot
pushed a commit
to pershoot/KernelSU-Next
that referenced
this pull request
Sep 10, 2025
- 1. We flag the zygote spawned process TIF_PROC_ROOT_NOT_ALLOWED durint ksu_set_uid() if it is not root allowed - 2. THen we ust check the flag before going into any ksu syscall handlers in sucompat.c, because it is just a check of a bit flag so it is ultra fast for non root allowed process which is bascially and theoretically side channel attacks free - 3. Other processes that are not flagged with TIF_PROC_ROOT_NOT_ALLOWED will just go thru the ksu syscall handlers just the same as before -9/7/25: core_hook: fix merge conflict with previous change (Unmount isolated process) __'Unmount isolated process which forks from zygote unconditionally (tiann/KernelSU#2747)' -https://gitlab.com/simonpunk/susfs4ksu/-/tree/gki-android14-6.1 -sucompat: retain logic (ksu_is_allow_uid)
pershoot
pushed a commit
to pershoot/KernelSU-Next
that referenced
this pull request
Sep 10, 2025
- In order to reduce the extra patch code and increase the rate of hunk succeed, we do not rename the symbols in KernelSU drvier but instead do it all in kernel/kallsym.c - Make susfs_starts_with() global as it maybe useful in future -9/7/25: core_hook: fix merge conflict with previous change (Unmount isolated process) __'Unmount isolated process which forks from zygote unconditionally (tiann/KernelSU#2747)' -https://gitlab.com/simonpunk/susfs4ksu/-/tree/gki-android14-6.1 -Revert (Ref: 'kernel: implement susfs v1.5.8 KernelSU Next v1.0.8') - __resolves 'undefined symbols': ksu_is_manager_apk, is_manager, track_throne: ____apk_sign, throne_tracker: ksu_is_manager_apk -> is_manager_apk ____manager: ksu_is_manager -> is_manager ____throne_tracker: ksu_track_throne -> track_throne
pershoot
pushed a commit
to pershoot/KernelSU-Next
that referenced
this pull request
Sep 10, 2025
-remove some extra spaces from (TG) patch -try_umount -> ksu_try_umount if not CONFIG_KSU_SUSFS_TRY_UMOUNT (ksu_handle_setuid) -7/10/25: selinux/rules: fix merge conflict with previous change (Fix illegal RCU lock usage): __4d633a1 -7/14/25: core_hook: fix merge conflict with previous change (remove redundant get_cred_rcu): __bd03c29 -7/20/25: ksud: fix merge conflict with previous change (guard syscall hook types): __45ad73e -7/20/26: core_hook: fix merge conflict with previous change (support for KernelNoSU): __948975b -7/24/25: core_hook: fix merge conflict with previous change (allow only perms ... and guard kernelnosu perms): __3f4c23a -8/10/25: Kconfig: fix merge conflict with previous change (nest ksun switch manager support) __e0c4613 -9/7/25: core_hook: fix merge conflict with previous change (Unmount isolated process) __'Unmount isolated process which forks from zygote unconditionally (tiann/KernelSU#2747)' -https://gitlab.com/simonpunk/susfs4ksu/-/tree/gki-android14-6.1
pershoot
pushed a commit
to pershoot/KernelSU-Next
that referenced
this pull request
Sep 12, 2025
- In order to reduce the extra patch code and increase the rate of hunk succeed, we do not rename the symbols in KernelSU drvier but instead do it all in kernel/kallsym.c - Make susfs_starts_with() global as it maybe useful in future -9/7/25: core_hook: fix merge conflict with previous change (Unmount isolated process) __'Unmount isolated process which forks from zygote unconditionally (tiann/KernelSU#2747)' -https://gitlab.com/simonpunk/susfs4ksu/-/tree/gki-android14-6.1 -Revert (Ref: 'kernel: implement susfs v1.5.8 KernelSU Next v1.0.8') - __resolves 'undefined symbols': ksu_is_manager_apk, is_manager, track_throne: ____apk_sign, throne_tracker: ksu_is_manager_apk -> is_manager_apk ____manager: ksu_is_manager -> is_manager ____throne_tracker: ksu_track_throne -> track_throne
fadlyas07
added a commit
to bengal-upstream/KernelSU
that referenced
this pull request
Sep 13, 2025
* 'main' of https://github.com/tiann/KernelSU: (42 commits) Unmount isolated process which forks from zygote unconditionally (tiann#2747) fix 'for' loop problem (tiann#2745) update resetprop (tiann#2733) Strip JNI debug logs on release build (tiann#2732) manager: Support search module (tiann#2730) manager: Add uninstall 2nd confirm (tiann#2729) manager: Fix some issues (tiann#2725) manager: fix button issues in module cards (tiann#2719) manager: switch ui to miuix design style (tiann#2710) Revert "Handle unmount for isolated process correctly" (tiann#2718) Handle unmount for isolated process correctly (tiann#2696) Reset seccomp filter count when escaping to root (tiann#2708) kernel: selinux: rules: Micro-optimize get_policydb() and fix illegal RCU lock usage in handle_sepolicy() (tiann#2695) Update resetprop from Magisk v30.2 (tiann#2700) ksud: support vendor_boot patching for some odd devices (tiann#2650) ksud: make clippy happy (tiann#2683) feat(ui): improve predictive back animations (tiann#2675) kernel: added new prctl CMD_GET_MANAGER_UID to get the uid of the crowned manager (tiann#2673) kernel: selinux: rules: Fix illegal RCU lock usage in apply_kernelsu_rules() (tiann#2646) manger: fix lkm detection (tiann#2654) ... Conflicts: kernel/core_hook.c kernel/selinux/rules.c kernel/throne_tracker.c Change-Id: Iebf7dd870a7d9e35f4cecbf97fa13eeb174b7b5d
luyanci
added a commit
to luyanci/KernelSU
that referenced
this pull request
Sep 13, 2025
…lly (tiann#2747)" This reverts commit d81ce5e.
luyanci
added a commit
to luyanci/KernelSU
that referenced
this pull request
Sep 13, 2025
…lly (tiann#2747)" This reverts commit d81ce5e.
pershoot
pushed a commit
to pershoot/KernelSU-Next
that referenced
this pull request
Sep 13, 2025
-remove some extra spaces from (TG) patch -try_umount -> ksu_try_umount if not CONFIG_KSU_SUSFS_TRY_UMOUNT (ksu_handle_setuid) -7/10/25: selinux/rules: fix merge conflict with previous change (Fix illegal RCU lock usage): __4d633a1 -7/14/25: core_hook: fix merge conflict with previous change (remove redundant get_cred_rcu): __bd03c29 -7/20/25: ksud: fix merge conflict with previous change (guard syscall hook types): __45ad73e -7/20/26: core_hook: fix merge conflict with previous change (support for KernelNoSU): __948975b -7/24/25: core_hook: fix merge conflict with previous change (allow only perms ... and guard kernelnosu perms): __3f4c23a -8/10/25: Kconfig: fix merge conflict with previous change (nest ksun switch manager support) __e0c4613 -9/7/25: core_hook: fix merge conflict with previous change (Unmount isolated process) __'Unmount isolated process which forks from zygote unconditionally (tiann/KernelSU#2747)' -https://gitlab.com/simonpunk/susfs4ksu/-/tree/gki-android14-6.1
pershoot
pushed a commit
to pershoot/KernelSU-Next
that referenced
this pull request
Sep 13, 2025
- 1. We flag the zygote spawned process TIF_PROC_ROOT_NOT_ALLOWED durint ksu_set_uid() if it is not root allowed - 2. THen we ust check the flag before going into any ksu syscall handlers in sucompat.c, because it is just a check of a bit flag so it is ultra fast for non root allowed process which is bascially and theoretically side channel attacks free - 3. Other processes that are not flagged with TIF_PROC_ROOT_NOT_ALLOWED will just go thru the ksu syscall handlers just the same as before -9/7/25: core_hook: fix merge conflict with previous change (Unmount isolated process) __'Unmount isolated process which forks from zygote unconditionally (tiann/KernelSU#2747)' -https://gitlab.com/simonpunk/susfs4ksu/-/tree/gki-android14-6.1 -sucompat: retain logic (ksu_is_allow_uid)
pershoot
pushed a commit
to pershoot/KernelSU-Next
that referenced
this pull request
Sep 13, 2025
- In order to reduce the extra patch code and increase the rate of hunk succeed, we do not rename the symbols in KernelSU drvier but instead do it all in kernel/kallsym.c - Make susfs_starts_with() global as it maybe useful in future -9/7/25: core_hook: fix merge conflict with previous change (Unmount isolated process) __'Unmount isolated process which forks from zygote unconditionally (tiann/KernelSU#2747)' -https://gitlab.com/simonpunk/susfs4ksu/-/tree/gki-android14-6.1 -Revert (Ref: 'kernel: implement susfs v1.5.8 KernelSU Next v1.0.8') - __resolves 'undefined symbols': ksu_is_manager_apk, is_manager, track_throne: ____apk_sign, throne_tracker: ksu_is_manager_apk -> is_manager_apk ____manager: ksu_is_manager -> is_manager ____throne_tracker: ksu_track_throne -> track_throne
AzyrRuthless
added a commit
to AzyrRuthless/KernelSU-Next
that referenced
this pull request
Sep 14, 2025
…lly (tiann/KernelSU#2747) (KernelSU-Next#776)" This reverts commit cee92d6.
pershoot
pushed a commit
to pershoot/KernelSU-Next
that referenced
this pull request
Sep 15, 2025
-remove some extra spaces from (TG) patch -try_umount -> ksu_try_umount if not CONFIG_KSU_SUSFS_TRY_UMOUNT (ksu_handle_setuid) -7/10/25: selinux/rules: fix merge conflict with previous change (Fix illegal RCU lock usage): __4d633a1 -7/14/25: core_hook: fix merge conflict with previous change (remove redundant get_cred_rcu): __bd03c29 -7/20/25: ksud: fix merge conflict with previous change (guard syscall hook types): __45ad73e -7/20/26: core_hook: fix merge conflict with previous change (support for KernelNoSU): __948975b -7/24/25: core_hook: fix merge conflict with previous change (allow only perms ... and guard kernelnosu perms): __3f4c23a -8/10/25: Kconfig: fix merge conflict with previous change (nest ksun switch manager support) __e0c4613 -9/7/25: core_hook: fix merge conflict with previous change (Unmount isolated process) __'Unmount isolated process which forks from zygote unconditionally (tiann/KernelSU#2747)' -https://gitlab.com/simonpunk/susfs4ksu/-/tree/gki-android14-6.1
pershoot
pushed a commit
to pershoot/KernelSU-Next
that referenced
this pull request
Sep 15, 2025
- 1. We flag the zygote spawned process TIF_PROC_ROOT_NOT_ALLOWED durint ksu_set_uid() if it is not root allowed - 2. THen we ust check the flag before going into any ksu syscall handlers in sucompat.c, because it is just a check of a bit flag so it is ultra fast for non root allowed process which is bascially and theoretically side channel attacks free - 3. Other processes that are not flagged with TIF_PROC_ROOT_NOT_ALLOWED will just go thru the ksu syscall handlers just the same as before -9/7/25: core_hook: fix merge conflict with previous change (Unmount isolated process) __'Unmount isolated process which forks from zygote unconditionally (tiann/KernelSU#2747)' -https://gitlab.com/simonpunk/susfs4ksu/-/tree/gki-android14-6.1 -sucompat: retain logic (ksu_is_allow_uid)
pershoot
pushed a commit
to pershoot/KernelSU-Next
that referenced
this pull request
Sep 15, 2025
- In order to reduce the extra patch code and increase the rate of hunk succeed, we do not rename the symbols in KernelSU drvier but instead do it all in kernel/kallsym.c - Make susfs_starts_with() global as it maybe useful in future -9/7/25: core_hook: fix merge conflict with previous change (Unmount isolated process) __'Unmount isolated process which forks from zygote unconditionally (tiann/KernelSU#2747)' -https://gitlab.com/simonpunk/susfs4ksu/-/tree/gki-android14-6.1 -Revert (Ref: 'kernel: implement susfs v1.5.8 KernelSU Next v1.0.8') - __resolves 'undefined symbols': ksu_is_manager_apk, is_manager, track_throne: ____apk_sign, throne_tracker: ksu_is_manager_apk -> is_manager_apk ____manager: ksu_is_manager -> is_manager ____throne_tracker: ksu_track_throne -> track_throne
sidex15
pushed a commit
to sidex15/KernelSU-Next
that referenced
this pull request
Sep 16, 2025
…nn/KernelSU#2747) (KernelSU-Next#776) Rethink about this patch, isolated process which directly forks from zygote is just like normal app, so there is no reason apps won't crash but Isolated process will. Also zygote reopens fd before actually fork, so it should be fine. This reverts commit tiann/KernelSU@2a1741d. Co-authored-by: Wang Han <416810799@qq.com>
xvergilantte
pushed a commit
to xvergilantte/KernelSU-Next
that referenced
this pull request
Sep 18, 2025
…nn/KernelSU#2747) (KernelSU-Next#776) Rethink about this patch, isolated process which directly forks from zygote is just like normal app, so there is no reason apps won't crash but Isolated process will. Also zygote reopens fd before actually fork, so it should be fine. This reverts commit tiann/KernelSU@2a1741d. Co-authored-by: Wang Han <416810799@qq.com>
Flopster101
added a commit
to FlopKernel-Series/flop_trinket-mi_kernel
that referenced
this pull request
Sep 20, 2025
89a0d4c53e9d kernel: sucompat: fix improper sizeof(su) dd44d4212eb2 kernel: ksud and core_hook: wrap execveat_hook checks with CONFIG_KSU_KPROBES_HOOK guard b0e9976288da Revert "kernel: core_hook: expose prctl interface for umount list (5ec1cff#16)" 427f724c1cca Revert "kernel: core_hook: expose nuke_ext4_sysfs on prctl" 8809224691fa kernel: sucompat: add missing import arch.h 4acc51af02ad ci: swtiched to min syscall hooks v1.5 028237652296 kernel: sucompat: ducplicate declaration, previous declaration is in kernel_compat 4c66d8cb5847 kernel: throne_tracker: offload to kthread (tiann#2632) e7a090322545 kernel: ksud: provide is_ksu_transition check v2 3cd88145cc89 kernel: selinux: fix pointer mismatch with 32-bit ksud on 64-bit kernels 8d8220b38b93 kernel: ksud: migrate ksud execution to security_bprm_check (tiann#2653) 35a6c1d1c1cc kernel: sucompat: increase reliability, commonize and micro-optimize (tiann#2656) 1f95c35dc431 kernel: core_hook: expose nuke_ext4_sysfs on prctl 2d60fdb944b4 kernel: core_hook: expose prctl interface for umount list (5ec1cff#16) e37c14b9f603 magic mount: make mount points read only 26ee31e01c6c kernel: remove KSU_SWITCH_MANAGER logic 4df1cf0f5724 New Crowdin updates (#794) 6212a6907769 Update english strings & readme (#783) 21c879d49e1d Fix rustfmt again (#788) 2c02db6323f1 ci: update workflows (#724) b01e8503cd97 deps: update (#723) 04c6bbf035cb kernel: Remove duplicate include in core_hook (#784) 8edb892792dc fix rustfmt (#722) 49ffbae2ce1d Added Crowdin localized status in README_UA (#690) 9708c953efb7 Update README_RU.md (#683) 4ff58a33bc19 docs: Update Buglarian README (#667) 91dcdebb8b85 docs: Update Polish README (#641) 17a7ad9c8ee0 Edit Security to Contribution and add Crowdin link to README (#639) dad404e7b591 fix typos in readme (#638) 44360ffa25a2 New Crowdin updates (#701) 04c128694707 Fix mount not working in android 8/9 (#741) cee92d6926eb Unmount isolated process which forks from zygote unconditionally (tiann/KernelSU#2747) (#776) 5bdb938e845f fix 'for' loop problem (tiann/KernelSU#2745) (#772) 429ae53c5c8d Strip JNI debug logs on release build (#2732) 43c600f295a9 ksud: updated resetprop 316a679260a0 manager: Optimized import, optimized all libsu shell calls, and fixed WebUI memory leaks (#754) a540992e9b63 Reset seccomp filter count when escaping to root (tiann/KernelSU#2708) (#743) ba16e0c83ffa kernel: selinux: rules: Micro-optimize get_policydb() and fix illegal RCU lock usage in handle_sepolicy() (tiann/KernelSU#2695) (#721) fa5c545b4bee ksud_overlayfs: change custom sparse file name 1de68a8ed2a0 Revert "userspace: implement OSS ksuinit" e0c461322bca kernel: nest ksun switch manager support under CONFIG_KSU_SWITCH_MANAGER config default as disabled edb99a2c1a87 userspace: implement OSS ksuinit eaab98b7ecb2 ci(workflows): add artifact caching to build-manager-ci and build-manager-spoofed workflows (#702) aa37bcc3683f New Crowdin updates (#660) 107cd4add0ca Update README.md 94c4b41ea3de README: updated 0bde9047b935 manager: add -spoof string to apk output bc9927b9b66e POC: load icon app via ksu://icon/[packageName] (#674) d4f4c0a0ccad Syscall Hooks (#686) 0aaae919c08a userspace/su: add ndk compatible su from kernelnosu 3f4c23a34f4f kernel: allow only perms for /{system | vendor | product | system_ext}/bin/su path kernel: guard kernelnosu perms if not using KSU_KPROBES_HOOK d69a72c6586b src: build script for a full featured manager adbff41a2215 ksud: decide best partition to direct flash LKM 512f84504ec1 ksud: create our own new ramdisk when no compatible ramdisk found c44f48c8a410 Update README.md 5c6c3870a01c ksud_magic: fix rust fmt c6b54406829d manager | ksud: Add toggle for global mount namespace (#99) a917314e8439 manager: fixed sus_su features 948975ba35be kernel: core_hook: add support for KernelNoSU 45ad73e9dd86 kernel: guard syscall hook types 892a62afdf0b manager: bump MINIMAL_SUPPORTED_KERNEL to 12797 d61de07c2189 kernel: implement v2_signature size/hash override from userspace through kernel module parameter 4382dca515b5 ksud: do backup for vendor_boot partition 2c9078e038bc kernel: use ksu_strncpy_from_user_retry when kprobes hook sucompat pagefaults 81f4f09d0c6f ksud: Address pagefault in ksu_handle_execveat_ksud (#662) git-subtree-dir: drivers/kernelsu git-subtree-split: 89a0d4c53e9d5d8c6d53922f342d858c4c7f300c
rsuntk
pushed a commit
to rsuntk/KernelSU
that referenced
this pull request
Sep 21, 2025
…lly (tiann#2747) Rethink about this patch, isolated process which directly forks from zygote is just like normal app, so there is no reason apps won't crash but Isolated process will. Also zygote reopens fd before actually fork, so it should be fine. This reverts commit 2a1741d. Signed-off-by: rsuntk <rsuntk@yukiprjkt.my.id>
pershoot
pushed a commit
to pershoot/KernelSU-Next
that referenced
this pull request
Sep 21, 2025
-remove some extra spaces from (TG) patch -try_umount -> ksu_try_umount if not CONFIG_KSU_SUSFS_TRY_UMOUNT (ksu_handle_setuid) -7/10/25: selinux/rules: fix merge conflict with previous change (Fix illegal RCU lock usage): __4d633a1 -7/14/25: core_hook: fix merge conflict with previous change (remove redundant get_cred_rcu): __bd03c29 -7/20/25: ksud: fix merge conflict with previous change (guard syscall hook types): __45ad73e -7/20/26: core_hook: fix merge conflict with previous change (support for KernelNoSU): __948975b -7/24/25: core_hook: fix merge conflict with previous change (allow only perms ... and guard kernelnosu perms): __3f4c23a -8/10/25: Kconfig: fix merge conflict with previous change (nest ksun switch manager support) __e0c4613 -9/7/25: core_hook: fix merge conflict with previous change (Unmount isolated process) __'Unmount isolated process which forks from zygote unconditionally (tiann/KernelSU#2747)' -9/21/25: fix merge conflicts with previous changes (Kconfig, apk_sign, throne_tracker): __'kernel: throne_tracker: offload to kthread (tiann#2632)' __'kernel: remove KSU_SWITCH_MANAGER logic' -https://gitlab.com/simonpunk/susfs4ksu/-/tree/gki-android14-6.1
pershoot
pushed a commit
to pershoot/KernelSU-Next
that referenced
this pull request
Sep 21, 2025
- 1. We flag the zygote spawned process TIF_PROC_ROOT_NOT_ALLOWED durint ksu_set_uid() if it is not root allowed - 2. THen we ust check the flag before going into any ksu syscall handlers in sucompat.c, because it is just a check of a bit flag so it is ultra fast for non root allowed process which is bascially and theoretically side channel attacks free - 3. Other processes that are not flagged with TIF_PROC_ROOT_NOT_ALLOWED will just go thru the ksu syscall handlers just the same as before -9/7/25: core_hook: fix merge conflict with previous change (Unmount isolated process) __'Unmount isolated process which forks from zygote unconditionally (tiann/KernelSU#2747)' -https://gitlab.com/simonpunk/susfs4ksu/-/tree/gki-android14-6.1 -sucompat: retain logic (ksu_is_allow_uid)
pershoot
pushed a commit
to pershoot/KernelSU-Next
that referenced
this pull request
Sep 21, 2025
- In order to reduce the extra patch code and increase the rate of hunk succeed, we do not rename the symbols in KernelSU drvier but instead do it all in kernel/kallsym.c - Make susfs_starts_with() global as it maybe useful in future -9/7/25: core_hook: fix merge conflict with previous change (Unmount isolated process) __'Unmount isolated process which forks from zygote unconditionally (tiann/KernelSU#2747)' -9/21/25: fix merge conflicts with previous changes (apk_sign, throne_tracker): __'kernel: throne_tracker: offload to kthread (tiann#2632)' __'kernel: remove KSU_SWITCH_MANAGER logic' -https://gitlab.com/simonpunk/susfs4ksu/-/tree/gki-android14-6.1 -Revert (Ref: 'kernel: implement susfs v1.5.8 KernelSU Next v1.0.8') - __resolves 'undefined symbols': ksu_is_manager_apk, is_manager, track_throne_function, track_throne: ____apk_sign, throne_tracker: ksu_is_manager_apk -> is_manager_apk ____manager: ksu_is_manager -> is_manager ____throne_tracker: ksu_track_throne_function -> track_throne_function ____throne_tracker: ksu_track_throne -> track_throne
3 tasks
|
这个pr导致字体模块异常(SukiSU-Ultra/SukiSU-Ultra#422 附带日志),@aviraxp 能否看看咋回事?谢谢 |
Collaborator
Author
|
你是要隐藏还是要模块能生效?ksu没有magisk那样的用户侧守护进程,没有很好的办法处理isolated process这个Android直接的东西,导致需要完整隐藏只能全部umount,但是这又会导致webview的sandbox进程无法加载任何模块) 比较好的方式是内核读取进程cmdline(注意这时是用户空间内存),然后和app名称做一个匹配,但是我不确定是否真的可行,以及会不会带来新的检测点。 |
Collaborator
Author
|
我不理解的是,我已经判断了先前的selinux context是不是zygote,理论上可以规避此问题,但是貌似没生效。 |
我想要的是模块生效,现在字体模块不生效了。 |
Collaborator
Author
|
我本人无法复现这个问题。 |
我是一加12,有这个问题。另外看群里有一台三星设备也有同样的问题。 经过我测试,卸载shamiko无效,问题仍在。 |
Collaborator
完全不生效么,我在一加 Ace 5 Ultra 上复现不了 |
用的MFGA字体模块,也不能说完全不生效。 退回老版本ksu则全部生效 |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Rethink about this patch, isolated process which directly forks from zygote is just like normal app, so there is no reason apps won't crash but Isolated process will. Also zygote reopens fd before actually fork, so it should be fine.
This reverts commit 2a1741d.