Conversation
|
这么快 |
|
好快的修 |
|
闪电般快 |
Contributor
There was a problem hiding this comment.
Pull request overview
This PR introduces a new cross-stack feature flag, SELinux Hide, intended to sanitize /sys/fs/selinux context/access query results for app UIDs. It adds the feature ID to the shared UAPI, wires it through ksud feature management, exposes toggles in the Android manager UI, and implements a kernel-side hook that patches SELinuxfs write operations.
Changes:
- Add
selinux_hideas a new feature ID (value4) across UAPI,ksud, and Android manager. - Implement a kernel feature handler (
KSU_FEATURE_SELINUX_HIDE) and selinuxfs hook patching logic. - Add manager UI/state/repository plumbing and JNI/native bindings for toggling the feature.
Reviewed changes
Copilot reviewed 21 out of 21 changed files in this pull request and generated 11 comments.
Show a summary per file
| File | Description |
|---|---|
| userspace/ksud/src/feature.rs | Adds SelinuxHide feature ID/name/description and includes it in list/save/apply flows. |
| userspace/ksud/src/cli.rs | Updates CLI help text to include selinux_hide as a valid feature name. |
| uapi/feature.h | Adds KSU_FEATURE_SELINUX_HIDE = 4 to the shared feature enum. |
| manager/app/src/main/res/values/strings.xml | Adds user-facing strings for the SELinux Hide setting and summary. |
| manager/app/src/main/java/me/weishu/kernelsu/ui/viewmodel/SettingsViewModel.kt | Loads SELinux Hide status/value into UI state and adds a setter action. |
| manager/app/src/main/java/me/weishu/kernelsu/ui/screen/settings/SettingsUiState.kt | Extends UI state and actions with SELinux Hide fields/callback. |
| manager/app/src/main/java/me/weishu/kernelsu/ui/screen/settings/SettingsScreen.kt | Wires the SELinux Hide action from UI to the ViewModel. |
| manager/app/src/main/java/me/weishu/kernelsu/ui/screen/settings/SettingsMiuix.kt | Adds a MIUIX switch UI element for SELinux Hide. |
| manager/app/src/main/java/me/weishu/kernelsu/ui/screen/settings/SettingsMaterial.kt | Adds a Material switch UI element for SELinux Hide. |
| manager/app/src/main/java/me/weishu/kernelsu/Natives.kt | Adds JNI declarations for getting/setting SELinux Hide enablement. |
| manager/app/src/main/java/me/weishu/kernelsu/data/repository/SettingsRepositoryImpl.kt | Implements repository methods to read status and toggle SELinux Hide via JNI/features. |
| manager/app/src/main/java/me/weishu/kernelsu/data/repository/SettingsRepository.kt | Extends the repository interface with SELinux Hide APIs. |
| manager/app/src/main/cpp/ksu.h | Declares native C++ helpers for SELinux Hide feature get/set. |
| manager/app/src/main/cpp/ksu.cc | Implements native SELinux Hide get/set using the feature ioctl. |
| manager/app/src/main/cpp/jni.cc | Exposes SELinux Hide native helpers to Kotlin via JNI. |
| kernel/selinux/rules.c | Adds backup_sepolicy creation intended for use by SELinux Hide sanitization. |
| kernel/Kbuild | Adds feature/selinux_hide.o to the kernel build. |
| kernel/include/ksu.h | Exposes backup_sepolicy as a global for other kernel components. |
| kernel/feature/selinux_hide.h | Adds header for SELinux Hide init/exit. |
| kernel/feature/selinux_hide.c | Implements SELinux Hide feature handler and selinuxfs hook patching logic. |
| kernel/core/init.c | Registers/unregisters SELinux Hide feature during KernelSU init/exit. |
💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.
MhmRdd
reviewed
May 11, 2026
MhmRdd
reviewed
May 11, 2026
MhmRdd
reviewed
May 11, 2026
MhmRdd
reviewed
May 11, 2026
MhmRdd
reviewed
May 11, 2026
pershoot
pushed a commit
to KernelSU-Next/KernelSU-Next
that referenced
this pull request
May 12, 2026
- Add selinux_hide feature, which can be enable/disable at runtime. - It requires backing up the policydb at boot, which consumes a certain amount of memory (approximately a few MB). Therefore, if this feature is not enabled at boot, the backed-up policydb will be released, and the user will need to reboot for the changes to take effect after enabling it. Co-authored-by: KOWX712 <leecc0503@gmail.com> -Settings: Update SharedPreferences
jinetty
pushed a commit
to jinetty/android_kernel_xiaomi_sm8450
that referenced
this pull request
May 14, 2026
- Add selinux_hide feature, which can be enable/disable at runtime. - It requires backing up the policydb at boot, which consumes a certain amount of memory (approximately a few MB). Therefore, if this feature is not enabled at boot, the backed-up policydb will be released, and the user will need to reboot for the changes to take effect after enabling it. Co-authored-by: KOWX712 <leecc0503@gmail.com> -Settings: Update SharedPreferences
shoey63
pushed a commit
to shoey63/KernelSU
that referenced
this pull request
May 19, 2026
-'kernel_patches: fs/susfs: Implement SuSFS and Toolkit coexistence' https://gitlab.com/pershoot/susfs4ksu/-/tree/gki-android14-6.1-dev -Accommodate: -4/15/26: 'kernel: refactor allowlist' (upstream: ksu: tiann#3418) allowlist: ksu_uid_should_umount - new app profile lookup (heap-based) -4/18/26: 'Use static_key in replace of boolean toggle switch' (upstream: susfs: ee6b1970) init: moved susfs_init() (top of kernelsu_init()) for jump label alignment extras/supercall: avc/uname for static key (global visibility) -4/22/26: sucompat: Seperate ksu_handle_stat for compatibility -4/23/26: sucompat: Lower boundary for ksu_handle_stat -4/24/26: 'kernel & KernelSU: Invert initial static_key status; Rename all static_key variables' (upstream: susfs: 5c5c0dd9) extras: use new symbol (susfs_is_avc_log_spoofing_enabled) supercall: check new label (susfs_is_uname_spoof_buffer_set) extras/boot_event/ksud_integration/supercall: Move jump_label inclusion to top-level for (uapi) consistency Revert: 'sucompat: Lower boundary for ksu_handle_stat' (4/23/26) (<6.1 uses legacy) -4/25/26: 'KernelSU: Replace bunch of if clauses with switch case in ksu_handle_sys_reboot()' (upstream: susfs: cbda1353) dispatch: convert copy_from_user to peeking for avc/uname 'KernelSU: Disable seccomp for all zygote spawned root allowed app processes' (upstream: susfs: ea24aa94) app_profile: optimize escape_with_root_profile setuid_hook: unify setresuid -4/26/26: 'kernel & KernelSU: Replace ksu_su_compat_enabled boolean toggle with static_key' (upstream: susfs: 71507103) syscall_event_bridge: optimize hot-path via static_branch_likely -4/27/26: 'kernel & KernelSU: Use test_thread_flag() and set_thread_flag() instead of test_ti_thread_flag() and set_ti_thread_flag()' (upstream: susfs: e1c57040) -4/28/26: 'KernelSU: More optimization in ksu_handle_setresuid() and ksu_handle_umount()' (upstream: susfs: b1dceb4c) kernel_umount: remove redundant cred overrides setuid_hook/kernel_umount: consolidate cred overrides -4/29/26: 'KernelSU: Test making some compiler happy' (upstream: susfs: c228b924) setuid_hook: reduce cred override scope -5/2/26: 'kernel & KernelSU: defer susfs_run_sus_path_loop() to workqueue' (upstream: susfs: f6255b5f) init: move susfs_init (above) kernel_umount: restore cred overrides -5/6/26: 'KernelSU: Remove the unused deprecated residual devpts hook' (upstream: susfs: 9da70b0c) -5/11/26: 'feature: selinux hide (tiann#3457)'/'selinux_hide: fix attr/current detection (tiann#3459)' (upstream: ksu: 0efe3cf)/(upstream: ksu: 3f388ef) init: cleanup calls registration (kernelsu_exit) kbuild: refine arch detection and unify core utils 'kernel & KernelSU: Sync with the upstream fix for new selinux detections' (upstream: susfs: 5900f1a3) lsm_hook: sync engine rewrite selinux: implement SID batching and support exec_sid clearing init: Ensure late-load is in-tact and exit cleanup -5/12/26: init: Format a few spaces to tabs dispatch: Disable KSU AVC Spoof conditionally -5/16/26: 'KernelSU: Do not schedule susfs_extra_works when it is already pending' (upstream: susfs: f7ae19ef) -5/17/26: 'kernel: refine symbol_resolver (tiann#3469)' (upstream: ksu: da8e0ab) selinux_hide: use it -https://gitlab.com/simonpunk/susfs4ksu/-/tree/gki-android14-6.1
shoey63
pushed a commit
to shoey63/KernelSU
that referenced
this pull request
May 20, 2026
-'kernel_patches: fs/susfs: Implement SuSFS and Toolkit coexistence' https://gitlab.com/pershoot/susfs4ksu/-/tree/gki-android14-6.1-dev -Accommodate: -4/15/26: 'kernel: refactor allowlist' (upstream: ksu: tiann#3418) allowlist: ksu_uid_should_umount - new app profile lookup (heap-based) -4/18/26: 'Use static_key in replace of boolean toggle switch' (upstream: susfs: ee6b1970) init: moved susfs_init() (top of kernelsu_init()) for jump label alignment extras/supercall: avc/uname for static key (global visibility) -4/22/26: sucompat: Seperate ksu_handle_stat for compatibility -4/23/26: sucompat: Lower boundary for ksu_handle_stat -4/24/26: 'kernel & KernelSU: Invert initial static_key status; Rename all static_key variables' (upstream: susfs: 5c5c0dd9) extras: use new symbol (susfs_is_avc_log_spoofing_enabled) supercall: check new label (susfs_is_uname_spoof_buffer_set) extras/boot_event/ksud_integration/supercall: Move jump_label inclusion to top-level for (uapi) consistency Revert: 'sucompat: Lower boundary for ksu_handle_stat' (4/23/26) (<6.1 uses legacy) -4/25/26: 'KernelSU: Replace bunch of if clauses with switch case in ksu_handle_sys_reboot()' (upstream: susfs: cbda1353) dispatch: convert copy_from_user to peeking for avc/uname 'KernelSU: Disable seccomp for all zygote spawned root allowed app processes' (upstream: susfs: ea24aa94) app_profile: optimize escape_with_root_profile setuid_hook: unify setresuid -4/26/26: 'kernel & KernelSU: Replace ksu_su_compat_enabled boolean toggle with static_key' (upstream: susfs: 71507103) syscall_event_bridge: optimize hot-path via static_branch_likely -4/27/26: 'kernel & KernelSU: Use test_thread_flag() and set_thread_flag() instead of test_ti_thread_flag() and set_ti_thread_flag()' (upstream: susfs: e1c57040) -4/28/26: 'KernelSU: More optimization in ksu_handle_setresuid() and ksu_handle_umount()' (upstream: susfs: b1dceb4c) kernel_umount: remove redundant cred overrides setuid_hook/kernel_umount: consolidate cred overrides -4/29/26: 'KernelSU: Test making some compiler happy' (upstream: susfs: c228b924) setuid_hook: reduce cred override scope -5/2/26: 'kernel & KernelSU: defer susfs_run_sus_path_loop() to workqueue' (upstream: susfs: f6255b5f) init: move susfs_init (above) kernel_umount: restore cred overrides -5/6/26: 'KernelSU: Remove the unused deprecated residual devpts hook' (upstream: susfs: 9da70b0c) -5/11/26: 'feature: selinux hide (tiann#3457)'/'selinux_hide: fix attr/current detection (tiann#3459)' (upstream: ksu: 0efe3cf)/(upstream: ksu: 3f388ef) init: cleanup calls registration (kernelsu_exit) kbuild: refine arch detection and unify core utils 'kernel & KernelSU: Sync with the upstream fix for new selinux detections' (upstream: susfs: 5900f1a3) lsm_hook: sync engine rewrite selinux: implement SID batching and support exec_sid clearing init: Ensure late-load is in-tact and exit cleanup -5/12/26: init: Format a few spaces to tabs dispatch: Disable KSU AVC Spoof conditionally -5/16/26: 'KernelSU: Do not schedule susfs_extra_works when it is already pending' (upstream: susfs: f7ae19ef) -5/17/26: 'kernel: refine symbol_resolver (tiann#3469)' (upstream: ksu: da8e0ab) selinux_hide: use it -5/20/26: Resolve KernelSU conflicts (@shoey63) -https://gitlab.com/simonpunk/susfs4ksu/-/tree/gki-android14-6.1
shoey63
pushed a commit
to shoey63/KernelSU
that referenced
this pull request
May 20, 2026
-'kernel_patches: fs/susfs: Implement SuSFS and Toolkit coexistence' https://gitlab.com/pershoot/susfs4ksu/-/tree/gki-android14-6.1-dev -Accommodate: -4/15/26: 'kernel: refactor allowlist' (upstream: ksu: tiann#3418) allowlist: ksu_uid_should_umount - new app profile lookup (heap-based) -4/18/26: 'Use static_key in replace of boolean toggle switch' (upstream: susfs: ee6b1970) init: moved susfs_init() (top of kernelsu_init()) for jump label alignment extras/supercall: avc/uname for static key (global visibility) -4/22/26: sucompat: Seperate ksu_handle_stat for compatibility -4/23/26: sucompat: Lower boundary for ksu_handle_stat -4/24/26: 'kernel & KernelSU: Invert initial static_key status; Rename all static_key variables' (upstream: susfs: 5c5c0dd9) extras: use new symbol (susfs_is_avc_log_spoofing_enabled) supercall: check new label (susfs_is_uname_spoof_buffer_set) extras/boot_event/ksud_integration/supercall: Move jump_label inclusion to top-level for (uapi) consistency Revert: 'sucompat: Lower boundary for ksu_handle_stat' (4/23/26) (<6.1 uses legacy) -4/25/26: 'KernelSU: Replace bunch of if clauses with switch case in ksu_handle_sys_reboot()' (upstream: susfs: cbda1353) dispatch: convert copy_from_user to peeking for avc/uname 'KernelSU: Disable seccomp for all zygote spawned root allowed app processes' (upstream: susfs: ea24aa94) app_profile: optimize escape_with_root_profile setuid_hook: unify setresuid -4/26/26: 'kernel & KernelSU: Replace ksu_su_compat_enabled boolean toggle with static_key' (upstream: susfs: 71507103) syscall_event_bridge: optimize hot-path via static_branch_likely -4/27/26: 'kernel & KernelSU: Use test_thread_flag() and set_thread_flag() instead of test_ti_thread_flag() and set_ti_thread_flag()' (upstream: susfs: e1c57040) -4/28/26: 'KernelSU: More optimization in ksu_handle_setresuid() and ksu_handle_umount()' (upstream: susfs: b1dceb4c) kernel_umount: remove redundant cred overrides setuid_hook/kernel_umount: consolidate cred overrides -4/29/26: 'KernelSU: Test making some compiler happy' (upstream: susfs: c228b924) setuid_hook: reduce cred override scope -5/2/26: 'kernel & KernelSU: defer susfs_run_sus_path_loop() to workqueue' (upstream: susfs: f6255b5f) init: move susfs_init (above) kernel_umount: restore cred overrides -5/6/26: 'KernelSU: Remove the unused deprecated residual devpts hook' (upstream: susfs: 9da70b0c) -5/11/26: 'feature: selinux hide (tiann#3457)'/'selinux_hide: fix attr/current detection (tiann#3459)' (upstream: ksu: 0efe3cf)/(upstream: ksu: 3f388ef) init: cleanup calls registration (kernelsu_exit) kbuild: refine arch detection and unify core utils 'kernel & KernelSU: Sync with the upstream fix for new selinux detections' (upstream: susfs: 5900f1a3) lsm_hook: sync engine rewrite selinux: implement SID batching and support exec_sid clearing init: Ensure late-load is in-tact and exit cleanup -5/12/26: init: Format a few spaces to tabs dispatch: Disable KSU AVC Spoof conditionally -5/16/26: 'KernelSU: Do not schedule susfs_extra_works when it is already pending' (upstream: susfs: f7ae19ef) -5/17/26: 'kernel: refine symbol_resolver (tiann#3469)' (upstream: ksu: da8e0ab) selinux_hide: use it -5/20/26: Resolve KernelSU conflicts (@shoey63) -https://gitlab.com/simonpunk/susfs4ksu/-/tree/gki-android14-6.1
shoey63
pushed a commit
to shoey63/KernelSU
that referenced
this pull request
May 21, 2026
-'kernel_patches: fs/susfs: Implement SuSFS and Toolkit coexistence' https://gitlab.com/pershoot/susfs4ksu/-/tree/gki-android14-6.1-dev -Accommodate: -4/15/26: 'kernel: refactor allowlist' (upstream: ksu: tiann#3418) allowlist: ksu_uid_should_umount - new app profile lookup (heap-based) -4/18/26: 'Use static_key in replace of boolean toggle switch' (upstream: susfs: ee6b1970) init: moved susfs_init() (top of kernelsu_init()) for jump label alignment extras/supercall: avc/uname for static key (global visibility) -4/22/26: sucompat: Seperate ksu_handle_stat for compatibility -4/23/26: sucompat: Lower boundary for ksu_handle_stat -4/24/26: 'kernel & KernelSU: Invert initial static_key status; Rename all static_key variables' (upstream: susfs: 5c5c0dd9) extras: use new symbol (susfs_is_avc_log_spoofing_enabled) supercall: check new label (susfs_is_uname_spoof_buffer_set) extras/boot_event/ksud_integration/supercall: Move jump_label inclusion to top-level for (uapi) consistency Revert: 'sucompat: Lower boundary for ksu_handle_stat' (4/23/26) (<6.1 uses legacy) -4/25/26: 'KernelSU: Replace bunch of if clauses with switch case in ksu_handle_sys_reboot()' (upstream: susfs: cbda1353) dispatch: convert copy_from_user to peeking for avc/uname 'KernelSU: Disable seccomp for all zygote spawned root allowed app processes' (upstream: susfs: ea24aa94) app_profile: optimize escape_with_root_profile setuid_hook: unify setresuid -4/26/26: 'kernel & KernelSU: Replace ksu_su_compat_enabled boolean toggle with static_key' (upstream: susfs: 71507103) syscall_event_bridge: optimize hot-path via static_branch_likely -4/27/26: 'kernel & KernelSU: Use test_thread_flag() and set_thread_flag() instead of test_ti_thread_flag() and set_ti_thread_flag()' (upstream: susfs: e1c57040) -4/28/26: 'KernelSU: More optimization in ksu_handle_setresuid() and ksu_handle_umount()' (upstream: susfs: b1dceb4c) kernel_umount: remove redundant cred overrides setuid_hook/kernel_umount: consolidate cred overrides -4/29/26: 'KernelSU: Test making some compiler happy' (upstream: susfs: c228b924) setuid_hook: reduce cred override scope -5/2/26: 'kernel & KernelSU: defer susfs_run_sus_path_loop() to workqueue' (upstream: susfs: f6255b5f) init: move susfs_init (above) kernel_umount: restore cred overrides -5/6/26: 'KernelSU: Remove the unused deprecated residual devpts hook' (upstream: susfs: 9da70b0c) -5/11/26: 'feature: selinux hide (tiann#3457)'/'selinux_hide: fix attr/current detection (tiann#3459)' (upstream: ksu: 0efe3cf)/(upstream: ksu: 3f388ef) init: cleanup calls registration (kernelsu_exit) kbuild: refine arch detection and unify core utils 'kernel & KernelSU: Sync with the upstream fix for new selinux detections' (upstream: susfs: 5900f1a3) lsm_hook: sync engine rewrite selinux: implement SID batching and support exec_sid clearing init: Ensure late-load is in-tact and exit cleanup -5/12/26: init: Format a few spaces to tabs dispatch: Disable KSU AVC Spoof conditionally -5/16/26: 'KernelSU: Do not schedule susfs_extra_works when it is already pending' (upstream: susfs: f7ae19ef) -5/17/26: 'kernel: refine symbol_resolver (tiann#3469)' (upstream: ksu: da8e0ab) selinux_hide: use it -5/20/26: Resolve KernelSU conflicts (@shoey63) -https://gitlab.com/simonpunk/susfs4ksu/-/tree/gki-android14-6.1
jinetty
added a commit
to jinetty/android_kernel_xiaomi_sm8450
that referenced
this pull request
May 22, 2026
This reverts commit ffd418d.
jinetty
added a commit
to jinetty/android_kernel_xiaomi_sm8450
that referenced
this pull request
May 22, 2026
This reverts commit ffd418d.
shoey63
pushed a commit
to shoey63/KernelSU
that referenced
this pull request
May 23, 2026
-'kernel_patches: fs/susfs: Implement SuSFS and Toolkit coexistence' https://gitlab.com/pershoot/susfs4ksu/-/tree/gki-android14-6.1-dev -Accommodate: -4/15/26: 'kernel: refactor allowlist' (upstream: ksu: tiann#3418) allowlist: ksu_uid_should_umount - new app profile lookup (heap-based) -4/18/26: 'Use static_key in replace of boolean toggle switch' (upstream: susfs: ee6b1970) init: moved susfs_init() (top of kernelsu_init()) for jump label alignment extras/supercall: avc/uname for static key (global visibility) -4/22/26: sucompat: Seperate ksu_handle_stat for compatibility -4/23/26: sucompat: Lower boundary for ksu_handle_stat -4/24/26: 'kernel & KernelSU: Invert initial static_key status; Rename all static_key variables' (upstream: susfs: 5c5c0dd9) extras: use new symbol (susfs_is_avc_log_spoofing_enabled) supercall: check new label (susfs_is_uname_spoof_buffer_set) extras/boot_event/ksud_integration/supercall: Move jump_label inclusion to top-level for (uapi) consistency Revert: 'sucompat: Lower boundary for ksu_handle_stat' (4/23/26) (<6.1 uses legacy) -4/25/26: 'KernelSU: Replace bunch of if clauses with switch case in ksu_handle_sys_reboot()' (upstream: susfs: cbda1353) dispatch: convert copy_from_user to peeking for avc/uname 'KernelSU: Disable seccomp for all zygote spawned root allowed app processes' (upstream: susfs: ea24aa94) app_profile: optimize escape_with_root_profile setuid_hook: unify setresuid -4/26/26: 'kernel & KernelSU: Replace ksu_su_compat_enabled boolean toggle with static_key' (upstream: susfs: 71507103) syscall_event_bridge: optimize hot-path via static_branch_likely -4/27/26: 'kernel & KernelSU: Use test_thread_flag() and set_thread_flag() instead of test_ti_thread_flag() and set_ti_thread_flag()' (upstream: susfs: e1c57040) -4/28/26: 'KernelSU: More optimization in ksu_handle_setresuid() and ksu_handle_umount()' (upstream: susfs: b1dceb4c) kernel_umount: remove redundant cred overrides setuid_hook/kernel_umount: consolidate cred overrides -4/29/26: 'KernelSU: Test making some compiler happy' (upstream: susfs: c228b924) setuid_hook: reduce cred override scope -5/2/26: 'kernel & KernelSU: defer susfs_run_sus_path_loop() to workqueue' (upstream: susfs: f6255b5f) init: move susfs_init (above) kernel_umount: restore cred overrides -5/6/26: 'KernelSU: Remove the unused deprecated residual devpts hook' (upstream: susfs: 9da70b0c) -5/11/26: 'feature: selinux hide (tiann#3457)'/'selinux_hide: fix attr/current detection (tiann#3459)' (upstream: ksu: 0efe3cf)/(upstream: ksu: 3f388ef) init: cleanup calls registration (kernelsu_exit) kbuild: refine arch detection and unify core utils 'kernel & KernelSU: Sync with the upstream fix for new selinux detections' (upstream: susfs: 5900f1a3) lsm_hook: sync engine rewrite selinux: implement SID batching and support exec_sid clearing init: Ensure late-load is in-tact and exit cleanup -5/12/26: init: Format a few spaces to tabs dispatch: Disable KSU AVC Spoof conditionally -5/16/26: 'KernelSU: Do not schedule susfs_extra_works when it is already pending' (upstream: susfs: f7ae19ef) -5/17/26: 'kernel: refine symbol_resolver (tiann#3469)' (upstream: ksu: da8e0ab) selinux_hide: use it -5/20/26: Resolve KernelSU conflicts (@shoey63) -https://gitlab.com/simonpunk/susfs4ksu/-/tree/gki-android14-6.1
jinetty
pushed a commit
to jinetty/android_kernel_xiaomi_sm8450
that referenced
this pull request
May 24, 2026
- Add selinux_hide feature, which can be enable/disable at runtime. - It requires backing up the policydb at boot, which consumes a certain amount of memory (approximately a few MB). Therefore, if this feature is not enabled at boot, the backed-up policydb will be released, and the user will need to reboot for the changes to take effect after enabling it. Co-authored-by: KOWX712 <leecc0503@gmail.com> -Settings: Update SharedPreferences
jinetty
added a commit
to jinetty/android_kernel_xiaomi_sm8450
that referenced
this pull request
May 25, 2026
This reverts commit 06ef4aa.
jinetty
added a commit
to jinetty/android_kernel_xiaomi_sm8450
that referenced
this pull request
May 25, 2026
This reverts commit 06ef4aa.
Anatdx
added a commit
to Anatdx/YukiSU
that referenced
this pull request
Jun 5, 2026
Align YukiSU kernel directory structure with upstream tiann/KernelSU layout (core/ feature/ hook/ include/ infra/ manager/ policy/ runtime/ sulog/ supercall/), and create unified uapi/ headers as the single source of truth for kernel-userspace ABI. === Directory Restructuring === - Split flat kernel/ into modular subdirectories matching upstream - Extract uapi/ headers (app_profile, feature, ksu, selinux, sulog, supercall) with dual kernel/userspace compatibility - Move ksud boot events into runtime/boot_event.c with ksud_boot.h - Split supercalls.c into dispatch.c + perm.c + supercall.c + internal.h - Split sulog into event.c + fd.c under sulog/ - Extract syscall event bridge from syscall_hook_manager into hook/syscall_event_bridge.c/h - Add infra/su_mount_ns.c/h for per-app mount namespace setup - Split manager.h into manager_identity.h + manager_observer.h === Upstream Features & Fixes Incorporated === SELinux Hide (tiann/KernelSU#3457, #3459, #3495): 0efe3cf0 feature: selinux hide 3f388ef1 selinux_hide: fix attr/current detection 33dcf82d selinux_hide: hide status ADB Root (tiann/KernelSU#3382, #3391): 1835fe32 feature: adb root 70ca1353 kernel: fix path check in adb root SuLog (tiann/KernelSU#3360, #3364, #3401): fb7b6668 feat(kernel ksud): add sulog d13bac52 kernel: sulog: fix return value a5c357e6 kernel: Fix building sulog on kernel 6.1 & x86_64 LSM Hook Framework: 3e271ac4 kernel: add lsm hook framework c963aa71 kernel: fix lsm hook Syscall Table Hook (TSR): 225ffbbf kernel: use syscall table hook to avoid atomic context 5f9cada6 kernel: handle ksud execve by syscall_hook_manager Symbol Resolver Chain (#3461, #3469, #3475): 6f609368 kernel: common symbol resolve tool 1e7bc48c kernel: Resolve dotted CFI symbol variants da8e0ab1 kernel: refine symbol_resolver 96a72dd0 kernel: symbol_resolver: resolve suffix starts with "$" b11be252 kernel: Prefer hashed .cfi_jt variants before bare symbols Policydb / AVTab (#3350, #3352, #3439): f9c7823e kernel: simpler implementation of copying policydb e7b6bf08 kernel: fix copy avtab cc83433b kernel: prune redundant avtab nodes after deny rules Allowlist (#3418, #3093): 12304099 kernel: refactor allowlist 6948a44d kernel: Fix OOB read caused by missing null terminator 71410ccd kernel: don not call path_put when kern_path failed App Profile v3 Migration (#3363): 18754602 kernel: bump app profile version, migrate selinux domain Late-Load / Init.rc Injection (#3478, #3498): 9ab31068 kernel,ksud: support module-provided init.rc injection 64fb0888 kernel: Improve late load mode sequence calculation Safe Exit / Module Lifecycle (#3317): 3054cc0b feat: safe exit 2ddeed9c kernel: allow exit 08378e55 kernel: mark more functions as init/exit functions Cred / RLIMIT Fixes (#3286, #3338): 218502a0 kernel: Fix RLIMIT_NPROC leak on root escape 68143c96 kernel: remove usage of get_current_cred 15790ccb kernel_umount: fixup printout and avoid UAF Misc Fixes: 8c108e1b kernel: allow disable manager or policy a92f8c75 supercall: perform free_pid() for kernel 6.15+ 8bc28033 feat: support switch to init_group (SET_INIT_PGRP) d21c4436 kernel: Replace GFP_ATOMIC in throne tracker 279c7501 kernel: sepolicy: use GFP_KERNEL 40e8fb76 Bring back x86_64 support 73fc1003 kernel: fix compile for x86-64 v6.13 1625043f kernel: Fix absolute src handling in Kbuild e04f12ec kernel: Fix extmod config propagation 95a31f28 fix: GKI kernel build 9ae97f97 syscall_hook: Fix building on kernel 6.6 and below f3b4d783 Update KSU config to require EXT4_FS UAPI / Layout: 91d0848f kernel: reorganize source layout bd1b00cc kernel: unified uapi header fefa61d5 kernel: move selinux context to ksu 25c92eb9 refact: top level cargo workspace, fix uapi 17367e37 kernel: use parallel build 1576cc33 kernel: selinux: minify rules === YukiSU-Specific Additions === - SuperKey authentication (prctl + reboot kprobe) — YukiSU core feature - KERNEL_SU_DOMAIN defaults to "su" (u:r:su:s0), not upstream "ksu" - Single release signature via manager_sign.h - CONFIG_KSU_SUPERKEY / CONFIG_KSU_DISABLE_MANAGER Kconfig options - Enhanced security feature at ID 100 - app_profile v2→v3 domain migration: ksu→su - CONFIG_KSU_MANUAL_SU removed (legacy SukiSU old-branch feature) - CONFIG_KSU_SUSFS removed (YukiSU does not support SUSFS) - YukiSU version string in Kbuild (GitHub API + local git fallback) - YukiSU-specific ioctls: GET_MANAGER_UID (201), LIST_TRY_UMOUNT (200) - Batch sepolicy ABI (data_len/data payload replacing cmd/arg struct) - Samsung KDP / SELinux porting detection in Kbuild - Backport compatibility macros (KSU_OPTIONAL_*, KSU_COMPAT_HAS_*) Co-authored-by: weishu <twsxtd@gmail.com> Co-authored-by: Ylarod <me@ylarod.cn> Co-authored-by: 5ec1cff <ewtqyqyewtqyqy@gmail.com> Co-authored-by: Wang Han <416810799@qq.com> Co-authored-by: backslashxx <118538522+backslashxx@users.noreply.github.com> Co-authored-by: YuKongA <70465933+YuKongA@users.noreply.github.com> Co-authored-by: Shadichy <60534636+shadichy@users.noreply.github.com> Co-authored-by: u9521 <63995396+u9521@users.noreply.github.com> Co-authored-by: libingxuan <84086386+aaaaaaaa-815@users.noreply.github.com> Co-authored-by: Huy Minh <39849246+hmtheboy154@users.noreply.github.com> Co-authored-by: Kamenta <st2011_230635@qq.com> Co-authored-by: AlexLiuDev233 <wzylin11@outlook.com> Co-authored-by: 小潼 <110387028+XiaoTong6666@users.noreply.github.com> Co-authored-by: Mohammed Riad <1@mhmrdd.me>
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
No description provided.