Update Indonesian translation#634
Merged
tiann merged 3 commits intotiann:mainfrom Jun 16, 2023
Rem01Gaming:main
Merged
Conversation
tiann
approved these changes
Jun 16, 2023
ImSpiDy
added a commit
to ImSpiDy/KernelSU
that referenced
this pull request
Jun 26, 2023
commit cd5bc2e Author: Zillion <77107077+DevZillion@users.noreply.github.com> Date: Mon Jun 26 04:45:24 2023 +0200 Add Spanish Translation (tiann#689) commit 477361f Author: Pegioner <87282574+Pegioner@users.noreply.github.com> Date: Sat Jun 24 15:17:51 2023 +0300 Update Russian translation (tiann#681) commit d3632e4 Author: Gustavo Mendes <gusttavo.me@outlook.com> Date: Sat Jun 24 09:17:15 2023 -0300 Update Portuguese brazilian translation (tiann#682) Signed-off-by: Gustavo Mendes <gusttavo.me@outlook.com> commit 0c2f901 Author: SoDebug <30922923+SoDebug@users.noreply.github.com> Date: Sat Jun 24 20:16:25 2023 +0800 repos.json: Update the link of the KernelSU kernel release repo of the device I maintain (tiann#686) Update the link of the KernelSU kernel release repo of the device I maintain commit 09d90e1 Author: Howard Wu <HowardWu20@outlook.com> Date: Fri Jun 23 17:48:18 2023 +0800 ci: update gki version (tiann#679) Fix the version name of android13-5.15.74 Add android12-5.10.117 commit 4fe167c Author: Trịnh Văn Lợi <72311759+trinhloivn@users.noreply.github.com> Date: Fri Jun 23 16:30:04 2023 +0700 Update Vietnamese strings (tiann#678) commit 58ffaeb Author: raystef66 <s.vanbarel@gmail.com> Date: Fri Jun 23 03:31:58 2023 +0200 Update Flemish/Dutch translation (tiann#677) commit 76499ee Author: Ali Beyaz <symbuzzer@users.noreply.github.com> Date: Fri Jun 23 04:31:23 2023 +0300 Translated latest strings to Turkish (tiann#676) commit fedfa3e Author: weishu <twsxtd@gmail.com> Date: Fri Jun 23 00:35:25 2023 +0800 manager: update card color commit 2902e42 Author: Igor Sorocean <sorocean.igor@gmail.com> Date: Thu Jun 22 19:32:26 2023 +0300 manager: update ro translation (tiann#674) commit 37f4045 Author: weishu <twsxtd@gmail.com> Date: Fri Jun 23 00:31:36 2023 +0800 manager: add a simple manager updater, close tiann#627 commit 12761ee Author: weishu <twsxtd@gmail.com> Date: Thu Jun 22 23:24:35 2023 +0800 manager: don't remember state when process died. commit 0d25423 Author: weishu <twsxtd@gmail.com> Date: Thu Jun 22 23:20:13 2023 +0800 manager: fix module install commit f5bb246 Author: weishu <twsxtd@gmail.com> Date: Thu Jun 22 19:46:26 2023 +0800 manager: fix download state commit 303a3a8 Author: weishu <twsxtd@gmail.com> Date: Thu Jun 22 19:29:37 2023 +0800 manager: fix update button commit 07273b6 Author: weishu <twsxtd@gmail.com> Date: Thu Jun 22 18:40:28 2023 +0800 manager: support module update online commit c7c9e9c Author: weishu <twsxtd@gmail.com> Date: Thu Jun 22 17:00:02 2023 +0800 ksud: respect the skip_mount flag of module commit c3c990c Author: weishu <twsxtd@gmail.com> Date: Thu Jun 22 16:48:13 2023 +0800 ksud: increase reserved size to 256M commit 6942fe1 Author: weishu <twsxtd@gmail.com> Date: Thu Jun 22 16:46:29 2023 +0800 manager: set keyboard options for inputtext commit f5cfb32 Author: weishu <twsxtd@gmail.com> Date: Thu Jun 22 15:17:32 2023 +0800 kernel: fix incorrect umount for apps commit e17f3ea Author: weishu <twsxtd@gmail.com> Date: Thu Jun 22 14:37:17 2023 +0800 Revert "kernel: use vfs_fstatat on kernel 5.10+, vfs_statx may have cfi." This reverts commit cd3e292. commit 08884da Author: weishu <twsxtd@gmail.com> Date: Thu Jun 22 13:42:28 2023 +0800 kernel: don't alloc groups for default groups commit 5f1d70d Author: weishu <twsxtd@gmail.com> Date: Thu Jun 22 12:54:30 2023 +0800 Revert "kernel: getname might sleep in kprobe handler (tiann#670)" This reverts commit 79bb981. commit 79bb981 Author: weishu <twsxtd@gmail.com> Date: Thu Jun 22 10:54:50 2023 +0800 kernel: getname might sleep in kprobe handler (tiann#670) commit 1cda4ba Author: Ali Beyaz <symbuzzer@users.noreply.github.com> Date: Tue Jun 20 13:45:24 2023 +0300 Update latest strings to Turkish (tiann#662) commit 1cc678d Author: raystef66 <s.vanbarel@gmail.com> Date: Tue Jun 20 12:44:04 2023 +0200 Update Flemish/Dutch translation (tiann#665) commit cd3e292 Author: weishu <twsxtd@gmail.com> Date: Tue Jun 20 18:42:22 2023 +0800 kernel: use vfs_fstatat on kernel 5.10+, vfs_statx may have cfi. commit 40ea27a Author: Howard Wu <HowardWu20@outlook.com> Date: Tue Jun 20 18:10:07 2023 +0800 ci: Fix kernel version (tiann#666) commit e95ca93 Author: Azeroth <telifesite@gmail.com> Date: Tue Jun 20 13:28:05 2023 +0330 Fix typo (tiann#667) Fixed typo in this section https://kernelsu.org/guide/installation.html#patch-boot-img-manully commit 9b2f907 Author: Ikko Eltociear Ashimine <eltociear@gmail.com> Date: Tue Jun 20 12:03:09 2023 +0900 kernel: fix typo in allowlist.c (tiann#663) creat -> create commit 90299ad Author: Coconut <85353552+Coconutat@users.noreply.github.com> Date: Tue Jun 20 10:35:07 2023 +0800 kernel:Fix the issue of incompatible __maybe_unused in the GCC compiler kernel used in versions 4.4. x to 4.9. x. (tiann#660) commit 22d084f Author: weishu <twsxtd@gmail.com> Date: Mon Jun 19 22:16:46 2023 +0800 manager: Add selinux rules UI commit 99770a7 Author: Muhammad Fadlyas <mhmmdfdlyas@gmail.com> Date: Mon Jun 19 19:07:47 2023 +0700 Update Indonesian translation (tiann#659) commit bbc7ebe Author: weishu <twsxtd@gmail.com> Date: Mon Jun 19 17:57:15 2023 +0800 kernel: Enforcement of Manager Signature Verification commit d131b75 Author: exer <98556122+ekkusa@users.noreply.github.com> Date: Sun Jun 18 17:06:41 2023 +0800 [add device]: Sony Tama (XZ2/c/p, XZ3) (tiann#656) commit ff8c614 Author: weishu <twsxtd@gmail.com> Date: Sun Jun 18 13:00:24 2023 +0800 kernel: allow uid 1000(system_uid) to grant root. close tiann#645 commit c12ad9d Author: weishu <twsxtd@gmail.com> Date: Sun Jun 18 12:51:27 2023 +0800 kernel: fix compile err. close tiann#647 commit 1703c16 Author: weishu <twsxtd@gmail.com> Date: Sun Jun 18 12:47:29 2023 +0800 ci: support deprecated kernel versions (tiann#648) commit a48d7b1 Author: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com> Date: Sat Jun 17 23:11:41 2023 +0800 [add device]: (tiann#650) has been added to the website. Related issue: tiann#644 Co-authored-by: GitHub Actions <41898282+github-actions[bot]@users.noreply.github.com> commit f2d5e57 Author: Ylarod <me@ylarod.cn> Date: Sat Jun 17 22:07:39 2023 +0800 fix add-device (tiann#649) commit 4111bbf Author: Gustavo Mendes <gusttavo.me@outlook.com> Date: Sat Jun 17 10:14:36 2023 -0300 Update Portuguese brazilian translation (tiann#643) Signed-off-by: Gustavo Mendes <gusttavo.me@outlook.com> commit cd32ad8 Author: Ali Beyaz <symbuzzer@users.noreply.github.com> Date: Sat Jun 17 16:14:09 2023 +0300 Fixed some Turkish strings again (tiann#646) commit fefb826 Author: Rem01Gaming <wisnugunawan2008@gmail.com> Date: Fri Jun 16 19:50:31 2023 +0700 Update Indonesian translation (tiann#634) commit e27fc04 Author: Ali Beyaz <symbuzzer@users.noreply.github.com> Date: Fri Jun 16 15:50:13 2023 +0300 Fixed some Turkish strings (tiann#640) commit 168f412 Author: SupeChicken666 <supechicken666@gmail.com> Date: Fri Jun 16 20:49:51 2023 +0800 Add CI workflow for ChromeOS ARCVM (tiann#641) All changes are tested on my fork (the Telegram error was fixed in 9b16150): https://github.com/supechicken/KernelSU/actions/runs/5287864543 --------- Co-authored-by: weishu <twsxtd@gmail.com> commit bd8434f Author: Juhyung Park <qkrwngud825@gmail.com> Date: Fri Jun 16 20:53:15 2023 +0900 Hook improvements (take 2) (tiann#563) Hi @tiann. Thanks for the great project, I had great fun playing around with it. This PR mainly tries to further minimize the possible delays caused by KernelSU hooking. There are 3 major changes: - Processes with 0 < UID < 2000 are blocked straight-up before going through the allow_list. I don't see any need for such processes to be interested in root, and this allows returning early before going through a more expensive lookup. If there's an expected breakage due to this change, I'll remove it. Let me know. - A page-sized (4K) bitmap is added. This allows O(1) lookup for UID <= 32767. This speeds up `ksu_is_allow_uid()` by about 4.8x by sacrificing a 4K memory. IMHO, a good trade-off. Most notably, this reduces the 99.999% result previously from worrying milliseconds scale to microseconds scale. For UID > 32767, another page-sized (4K) sequential array is used to cache allow_list. Compared to the previous PR tiann#557, this new approach gives another nice 25% performance boost in average, 63-96% boost in worst cases. Benchmark results are available at https://docs.google.com/spreadsheets/d/1w_tO1zRLPNMFRer49pL1TQfL6ndEhilRrDU1XFIcWXY/edit?usp=sharing Thanks! --------- Signed-off-by: Juhyung Park <qkrwngud825@gmail.com> commit c697398 Author: weishu <twsxtd@gmail.com> Date: Fri Jun 16 19:32:48 2023 +0800 kernel: fix warning on x86_64, close tiann#637
itswill00
pushed a commit
to itswill00/KernelSU-Next-4.14
that referenced
this pull request
Jan 19, 2025
LeCmnGend
pushed a commit
to LeCmnGend/KernelSU
that referenced
this pull request
Jul 23, 2025
* New translations manager/app/src/main/res/values-ar-rSA/strings.xml (bundle: 8) * New translations manager/app/src/main/res/values-bn-rBD/strings.xml (bundle: 8) * New translations manager/app/src/main/res/values-bg-rBG/strings.xml (bundle: 8) * New translations manager/app/src/main/res/values-zh-rCN/strings.xml (bundle: 8) * New translations manager/app/src/main/res/values-zh-rTW/strings.xml (bundle: 8) * New translations manager/app/src/main/res/values-fr-rFR/strings.xml (bundle: 8) * New translations manager/app/src/main/res/values-de-rDE/strings.xml (bundle: 8) * New translations manager/app/src/main/res/values-hi-rIN/strings.xml (bundle: 8) * New translations manager/app/src/main/res/values-hu-rHU/strings.xml (bundle: 8) * New translations manager/app/src/main/res/values-in-rID/strings.xml (bundle: 8) * New translations manager/app/src/main/res/values-it-rIT/strings.xml (bundle: 8) * New translations manager/app/src/main/res/values-ja-rJP/strings.xml (bundle: 8) * New translations manager/app/src/main/res/values-ko-rKR/strings.xml (bundle: 8) * New translations manager/app/src/main/res/values-fa-rIR/strings.xml (bundle: 8) * New translations manager/app/src/main/res/values-pl-rPL/strings.xml (bundle: 8) * New translations manager/app/src/main/res/values-pt-rBR/strings.xml (bundle: 8) * New translations manager/app/src/main/res/values-ru-rRU/strings.xml (bundle: 8) * New translations manager/app/src/main/res/values-es-rEM/strings.xml (bundle: 8) * New translations manager/app/src/main/res/values-sv-rSE/strings.xml (bundle: 8) * New translations manager/app/src/main/res/values-th-rTH/strings.xml (bundle: 8) * New translations manager/app/src/main/res/values-tr-rTR/strings.xml (bundle: 8) * New translations manager/app/src/main/res/values-uk-rUA/strings.xml (bundle: 8) * New translations manager/app/src/main/res/values-vi-rVN/strings.xml (bundle: 8)
chenzhu005774
pushed a commit
to chenzhu005774/KernelSU
that referenced
this pull request
Sep 12, 2025
backslashxx
added a commit
to backslashxx/KernelSU
that referenced
this pull request
Oct 30, 2025
kernel: drop LKM and kprobes support Since upstream has kprobes default, and now a requirement, cleaning up support for LKM and kprobes is kind of a must. This simplifies porting small changes, debloat, and makes it easier to maintain downstream, e.g. avoiding excessive use of conditionals (ifdef hell). what breaks: current_user_stack_pointer, sucompat.c - mitigate this by including linux/ptrace.h fatal_signal_pending, ksud.c - mitigate this by including linux/sched/signal.h other changes: Kconfig, CONFIG_KSU, tristate to bool ksud.c, stop_input_hook(), short-circuit redundant logic left by this change. Signed-off-by: backslashxx <118538522+backslashxx@users.noreply.github.com> Revert "kernel: transition devpts in kernel" Reverts 98757bc Signed-off-by: backslashxx <118538522+backslashxx@users.noreply.github.com> kernel: restore compat code required for old kernels This commit restores compatibility code needed that was removed at tiann/KernelSU@898e9d4 . where upstream dropped all pre-5.10 support Reverts `kernel:Add Huawei hisi check (tiann#1545)` - upstream tiann/KernelSU@4f05fe2 - superceded by `kernel: expose allowlist workaround as Kconfig option` on next commit Reverts packages.list fsnotify watcher - rename hook is way simpler and we have full access to LSM hooks on this kernel - revert: cf031b4 - kernel: replace renameat hook with fsnotify - revert: 5ac010d - kernel: fix compile - revert: 3138651 - kernel: fix compile below 6.0 Restores LSM hooks: - inode_rename - task_fix_setuid - key permission other changes and cleanups sucompat: ksu_handle_stat(), remove dead ifdef. - just use `ksu_handle_stat(&dfd, &filename->name, &flags);` if you want to hook vfs_statx on 6.1 LINUX_VERSION_CODE / KERNEL_VERSION, ksu.c - reported by Sinclair19 - fix by including version.h fatal_signal_pending, ksud.c - add compat by including sched.h or sched/signal.h conditionally - ref: torvalds/linux@2a1f062 selinux_state.ss, core_hook.c - remove rcu_dereference use - ref: tiann#2695 seccomp.filter_count, core_hook.c - reset this only for 5.9 and up as it only exists there - ref: tiann#2708, gregkh/linux@c818c03 Signed-off-by: backslashxx <118538522+backslashxx@users.noreply.github.com> kernel: selinux: force sepol_data.sepol to be u64 if we properly align our struct members as such. we wont need all this compat_ptr bullshit. Signed-off-by: backslashxx <118538522+backslashxx@users.noreply.github.com> kernel: expose allowlist workaround as Kconfig option Useful for situations where the SU allowlist is not kept after a reboot. As per upstream this is only used for < 4.10 and Huawei HiSilicon devices. but theres user reports having issues even on 4.14/4.19 samsung kernels. Expose this option so users affected can opt-in. This supercedes ` kernel:Add Huawei hisi check (tiann#1545) ` References: tiann@f57d351 tiann@b61cb30 Reviewed-by: Alex <a.mihail@pm.me> Signed-off-by: backslashxx <118538522+backslashxx@users.noreply.github.com> kernel: core_hook: screw path_umount backport, call sys_umount directly I am repasting here what I posted on the source code originally: /* * turns out path_umount backport is completely unneeded * we copy the trick used on strncpy_from_unsafe_user / strncpy_from_user_nofault * https://elixir.bootlin.com/linux/v4.4.302/source/mm/maccess.c#L184 * basically * * mm_segment_t old_fs = get_fs(); // remember original fs segment * set_fs(USER_DS); // or KERNEL_DS * * do_whatever_in_userspace(); * set_fs(old_fs); // restore fs segment * * * kernel -> user, KERNEL_DS, user -> kernel, USER_DS * * so yes, we can try to straight up call a syscall from kernel space * * NOTE: on newer kernels you can use force_uaccess_begin + force_uaccess_end * ref: https://elixir.bootlin.com/linux/v5.10.237/source/mm/maccess.c#L250 * */ path_umount backport now optional — neat trick, werks, what can I say. Backports? Nah, we’re good. EDITS: - rename path_umount_handler for clarity + proper guards - add a fix for 4.17~5.8 `fs: add ksys_umount() helper; remove in-kernel call to sys_umount()` torvalds/linux@3a18ef5 - which adds a ksys_umount helper, basically turning sys_umount `syscalls/core: Introduce CONFIG_ARCH_HAS_SYSCALL_WRAPPER=y` torvalds/linux@1bd21c6 - which undefines in-kernel calls of syscalls, which is enabled on 4.19's arch/arm64/Kconfig Ref: - https://github.com/torvalds/linux/commits/v4.17/include/linux/syscalls.h - rsuntk@d20f15e Reported-by: rsuntk <90097027+rsuntk@users.noreply.github.com> Signed-off-by: backslashxx <118538522+backslashxx@users.noreply.github.com> kernel: throne_tracker: offload to kthread (tiann#2632) Run throne_tracker() in kthread instead of blocking the caller. Prevents full lockup during installation and removing the manager. By default, first run remains synchronous for compatibility purposes (FDE, FBEv1, FBEv2) Features: - looks and waits for manager UID in /data/system/packages.list - run track_throne() in a kthread after the first synchronous run - prevent duplicate thread creation with a single-instance check - spinlock-on-d_lock based polling adressing possible race conditions. Race conditions adressed - single instance kthread lock, smp_mb() - track_throne_function, packages.list, spinlock-on-d_lock based polling - is_manager_apk, apk, spinlock-on-d_lock based polling This is a squash of: tiann#2632 Original skeleton based on: `kernelsu: move throne_tracker() to kthread` `kernelsu: check locking before accessing files and dirs during searching manager` `kernelsu: look for manager UID in /data/system/packages.list, not /data/system/packages.list.tmp` acroreiser/android_kernel_lge_hammerhead@0b05e92...8783bad Signed-off-by: backslashxx <118538522+backslashxx@users.noreply.github.com> kernel: ksud: migrate ksud execution to security_bprm_check (tiann#2653) This migrates ksud execution decision-making to bprm_check_security. This requires passing proper argv and envp to a modified _ksud handler aptly named 'ksu_handle_bprm_ksud'. Introduces: int ksu_handle_bprm_ksud(const char *filename, const char *argv1, const char *envp, size_t envp_len) which is adapted from: int ksu_handle_execveat_ksud(int *fd, struct filename **filename_ptr, struct user_arg_ptr *argv, struct user_arg_ptr *envp, int *flags) ksu_handle_bprm_ksud handles all the decision making, it decides when it is time to apply_kernelsu_rules depending if it sees "second_stage". For LSM hook, turns out we can pull out argv and envp from mm_struct. The code in here explains itself on how to do it. whole blob exists on arg_start to arg_end, so we just pull it out and grab next array after the first null terminator. as for envp, we pass the pointer then hunt for it when needed My reasoning on adding a fallback on usercopy is that on some devices a fault happens, and it copies garbled data. On my creation of this, I actually had to lock that _nofault copy on a spinlock as a way to mimic preempt_disable/enable without actually doing it. As per user reports, no failed _nofault copies anyway but we have-to-have a fallback for resilience. References: - old version1 6efcd81 - old version2 37d5938 - bad usercopy #21 This now provides a small helper function, ksu_copy_from_user_retry, which explains itself. First we attempt a _nofault copy, if that fails, we try plain. With that, It also provides an inlined copy_from_user_nofault for < 5.8. While using strncpy_from_user_nofault was considered, this wont do, this will only copy up to the first \0. devlog: ximi-libra-test/android_kernel_xiaomi_libra@16e5dce...16c1f5f ximi-mojito-test/mojito_krenol@28642e6...728de0c References: https://elixir.bootlin.com/linux/v4.14.1/source/include/linux/mm_types.h#L429 https://elixir.bootlin.com/linux/v4.14.1/source/include/linux/lsm_hooks.h Stale: tiann#2653 Signed-off-by: backslashxx <118538522+backslashxx@users.noreply.github.com> kernel: sucompat: increase reliability, commonize and micro-optimize (tiann#2656) On plain ARMv8.0 devices (A53,A57,A73), strncpy_from_user_nofault() sometimes fails to copy `filename_user` string correctly. This breaks su ofc, breaking some apps like Termux (Play Store ver), ZArchiver and Root Explorer. This does NOT seem to affect newer ARMv8.2+ CPUs (A75/A76 and newer) My speculation? ARMv8.0 has weak speculation :) here we replace `ksu_strncpy_from_user_nofault` with ksu_strncpy_from_user_retry: - ksu_strncpy_from_user_nofault as fast-path copy - fallback to access_ok to validate the pointer + strncpy_from_user - manual null-termination just in case, as strncpy_from_user_nofault also does it - remove that memset, seems useless as it is an strncpy, not strncat basically, we retry on pagefualt for usercopies, its not like were doing memset(dest, 0, sizeof(dest)); strncat(dest, var, bytes); that memset seems unneeded. instead we use strncpy itself to do proper error and oob check and null term it after. as for optimizations - just return early if unauthorized - commonized logic - reduced duplication - migrate from strncpy_from_user to copy_from_user Tested on: - ARMv8.0 A73.a53, A57.a53, A53.a53 - ARMv8.2 A76.a55 Stale: tiann#2656 Signed-off-by: backslashxx <118538522+backslashxx@users.noreply.github.com> kernel: sucompat: sucompat toggle support for non-kp (tiann#2506) This is done like how vfs_read_hook, input_hook and execve_hook is disabled. While this is not exactly the same thing, this CAN achieve the same results. The complete disabling of all KernelSU hooks. While this is likely unneeded, It keeps feature parity to non-kprobe builds. adapted from upstream: kernel: Allow to re-enable sucompat - tiann@4593ae8 Rejected: tiann#2506 Signed-off-by: backslashxx <118538522+backslashxx@users.noreply.github.com> kernel: ksud: provide dummy handlers for old hooks prevents breaking old builds. kernel: core_hook: earlier escape_to_root already-root check micro-opt Signed-off-by: backslashxx <118538522+backslashxx@users.noreply.github.com> kernel: expose KSU_LSM_SECURITY_HOOKS on Kconfig disabling this removes the need for LSM_HOOK_INIT, security_add_hooks and such,. furthermore, this will also allow easier integration on pre-4.1 kernels. Expose this and make it a configurable option. Signed-off-by: backslashxx <118538522+backslashxx@users.noreply.github.com> kernel: sucompat: provide do_execve_common handler for < 3.14 usage on do_execve_common: ksu_legacy_execve_sucompat(&filename, NULL, NULL); Signed-off-by: backslashxx <118538522+backslashxx@users.noreply.github.com> kernel: sucompat: provide getname_flags (user) ultimatum hook I'm providing this as an option if you want an ultimatum. Usage: ksu_getname_flags_user(&filename, flags); on entry of getname_flags on namei.c This can replace exec, faccessat and stat hooks. I don't recommend it, but its an option. Signed-off-by: backslashxx <118538522+backslashxx@users.noreply.github.com> kernel: sucompat: provide getname_flags (kernel) ultimatum hook put me right after strncpy_from user on getname_flags on namei.c ksu_getname_flags_kernel(&kname, flags); This can replace exec, faccessat and stat hooks. I don't recommend it, but its an option. Signed-off-by: backslashxx <118538522+backslashxx@users.noreply.github.com> kernel: sucompat: provide vfs_statx hook handler >= 5.18 just put ksu_handle_vfs_statx((void *)&dfd, &filename, (void *)&flags, (void **)&stat, (void *)&request_mask); on vfs_statx's entry while this hooks all stat syscalls, this skips usercopy Signed-off-by: backslashxx <118538522+backslashxx@users.noreply.github.com> kernel: kp_ksud: restore kprobes for early-boot and used-once hooks since kprobes offer dynamic hooking and shit, this is going to be better on something that we only need temporarily. this still keeps whole sucompat onto manual hooks as those are performance sensitive, needed to be permanent and "timeable". as for these hooks that got hooked here they are only used either only at boot or on some, used only once. symbols hooked: vfs_read - needed only at boot for read proxy-ing atrace.rc input_event - needed only up to like boot_complete, for 3-button-press safemode feature security_key_permission - needed for a keygrab on allowlist workaround for kernels below 4.10 and some sys_execve - a substitute for security_bprm_check LSM. for reference purposes. -- as for unregistration, we defer this once boot is completed and then have a kthread unregister everything. credits: some of these are just straight up copied from upstream. Tests: ximi mi a2 lite, arm64, Linux 4.9 samsung galaxy s3, arm, Linux 3.0 #26 Signed-off-by: backslashxx <118538522+backslashxx@users.noreply.github.com> kernel: kp_ksud: add security_bounded_transition hook for < 4.14 (tiann#1704) - torvalds/linux@af63f41 - SELinux domain transitions under NNP/nosuid environment was introduced in 4.14 by the above commit, for older kernels, we need to make sure our domain transitions are allowed when calling ksud at boot from the init - Adapted from tiann#270 (comment) tiann@0950fbb - tiann#1704 tiann@d664fe3 Difference to tiann's version: - use a kretprobe to force a 0 return - grab sids outside of kprobe context to avoid stuckups / hangups Logs: daisy:/ # dmesg | grep -E "transition|grab_sids" [ 5.977810] KernelSU: ksud_grab_sids: got init sid: 62 [ 5.977907] KernelSU: ksud_grab_sids: got su sid: 537 [ 5.980497] KernelSU: kp_ksud: register kretprobe: security_bounded_transition ret: 0 [ 32.008560] KernelSU: kp_ksud: security_bounded_transition: allowing init (62) -> su (537) [ 32.008663] type=1401 audit(2247197.199:61): op=security_bounded_transition seresult=denied oldcontext=u:r:init:s0 newcontext=u:r:su:s0 [ 36.946527] KernelSU: kp_ksud: security_bounded_transition: allowing init (62) -> su (537) [ 61.202278] KernelSU: kp_ksud: security_bounded_transition: allowing init (62) -> su (537) [ 61.202395] type=1401 audit(1761288080.219:1045): op=security_bounded_transition seresult=denied oldcontext=u:r:init:s0 newcontext=u:r:su:s0 daisy:/ # uname -a Linux localhost 4.9.337+64-daikura/db23b17 tiann#634 SMP PREEMPT Fri Oct 24 14:37:19 PST 2025 aarch64 Toybox Signed-off-by: backslashxx <118538522+backslashxx@users.noreply.github.com> kernel: rp_sucompat: add kretprobes-hooked getname_flags for sucompat This introduces a kretprobe on getname_flags that improves the stealth and reliability of sucompat feature. Changes: - CONFIG_KSU_KRETPROBES_SUCOMPAT option to enable this hooking method - Hooks getname_flags() via kretprobe to intercept and modify filename->name on the return - prevent timing-based detections since it avoids individual syscall hijacking (newfstat vs newfstatat timing detections) - prevents doing usercopies, which in turn increases reliability on pagefaulty moments This allows sucompat to operate against anti-root detection techniques known as - Delayed syscall - KSU (ND) - sucompat SCA (Discolusre) - Abnormal Environment (NT) This is still very experimental, so default n, but yeah, it works. Related: - #5 (comment) Signed-off-by: backslashxx <118538522+backslashxx@users.noreply.github.com> kernel: extras: base implementation of avc log spoofing this exposes a new handler int ksu_handle_slow_avc_audit(u32 *tsid) which will check if su_sid is going to be printed on the audit log. Usage: ksu_handle_slow_avc_audit(&tsid); on slow_avc_audit() on security/selinux/avc.c This way, we replace sid right before that struct is created. This can also be implemented in kprobes which will be on enxt commit. Signed-off-by: backslashxx <118538522+backslashxx@users.noreply.github.com> kernel: extras/avc_spoof: add kprobe support I'll just paste code comments. I've already done this standalone on https://github.com/backslashxx/selinux_avc_spoof_lkm -- just pass both arg2 and arg3 to original handler this removes all the headache. for < 4.17 int slow_avc_audit(u32 ssid, u32 tsid for >= 4.17 int slow_avc_audit(struct selinux_state *state, u32 ssid, u32 tsid for >= 6.4 int slow_avc_audit(u32 ssid, u32 tsid not to mention theres also DKSU_HAS_SELINUX_STATE since its hard to make sure this selinux state thing cross crossing with 4.17 ~ 6.4's where slow_avc_audit changes abi (tsid in arg2 vs arg3) lets just pass both to the handler Signed-off-by: backslashxx <118538522+backslashxx@users.noreply.github.com> kernel: ksud: provide is_ksu_transition check v2 context: this is known by many as `selinux hook`, `4.9 hook` add is_ksu_transition check which allows ksud execution under nosuid. it also eases up integration on 3.X kernels that does not have check_nnp_nosuid. Usage: if (is_ksu_transition(old_tsec, new_tsec)) return 0; on either check_nnp_nosuid or selinux_bprm_set_creds (after execve sid reset) reference: https://github.com/backslashxx/msm8953-kernel/commits/dfe003c9fdfa394a2bffe74668987a19a0d2f546 taken from: `allow init exec ksud under nosuid` - LineageOS/android_kernel_oneplus_msm8998@3df9df4 - tiann#166 (comment) 250611-edit: - remove ksu_execveat_hook entry check - turns out some devices needs the transition for multiple times Reported-by: edenadversary <143865198+edenadversary@users.noreply.github.com> Signed-off-by: backslashxx <118538522+backslashxx@users.noreply.github.com> kernel: apk_sign: casting to char for strcmp -> memcmp style thing Signed-off-by: backslashxx <118538522+backslashxx@users.noreply.github.com> kernel: apk_sign: migrate generic_file_llseek -> vfs_llseek seems it has the same abi anyway and this is what syscalls use this is to handle shitty backports common on 3.x vfs_llseek falls back to generic anyway depending on filesystem's f_op https://elixir.bootlin.com/linux/v3.10.108/source/fs/read_write.c#L225 Signed-off-by: backslashxx <118538522+backslashxx@users.noreply.github.com> kernel: core_hook: no ext4_unregister_sysfs, no problem If ext4_unregister_sysfs ain't there, we don't care. This is mostly for UL builds. Signed-off-by: backslashxx <118538522+backslashxx@users.noreply.github.com> kernel: ksud: d_is_reg to S_ISREG d_is_reg requires 4.0 - torvalds/linux@e36cb0b S_ISREG is still there on 6.15 so I do NOT see any issues forcing it for all. Signed-off-by: backslashxx <118538522+backslashxx@users.noreply.github.com> kernel: Makefile: remove overlayfs requirement as title Signed-off-by: backslashxx <118538522+backslashxx@users.noreply.github.com> kernel: throne_tracker: resolve s_magic for < 3.9 throne_tracker, cross-fs avoidance: f_inode is f_path.dentry->d_inode so file->f_inode->i_sb->s_magic is file->f_path.dentry->d_inode->i_sb->s_magic Signed-off-by: backslashxx <118538522+backslashxx@users.noreply.github.com> kernel: ksud: handle conditional read_iter requirement for < 3.16 nothing uses this on old kernels, so even backporting this to file_operations is not really needed though if it is found, we probably need to proxy it https://elixir.bootlin.com/linux/v3.16/source/include/linux/fs.h#L1463 Signed-off-by: backslashxx <118538522+backslashxx@users.noreply.github.com> kernel: throne_tracker: handle filldir_t ABI mismatch on <= 3.18 Clang splats the following: drivers/kernelsu/throne_tracker.c:237:47: error: incompatible function pointer types initializing 'const filldir_t' (aka 'int (*const)(void *, const char *, int, long long, unsigned long long, unsigned int)') with an expression of type 'int (struct dir_context *, const char *, int, loff_t, u64, unsigned int)' (aka 'int (struct dir_context *, const char *, int, long long, unsigned long long, unsigned int)') [-Wincompatible-function-pointer-types] 237 | struct my_dir_context ctx = { .ctx.actor = my_actor, | ^~~~~~~~ 1 error generated. reference: - 3.18: https://elixir.bootlin.com/linux/v3.18/source/include/linux/fs.h#L1469 - 3.19: https://elixir.bootlin.com/linux/v3.19/source/include/linux/fs.h#L1489 so just pass as void, then cast it back ximi-libra-test/android_kernel_xiaomi_libra@036c532 Signed-off-by: backslashxx <118538522+backslashxx@users.noreply.github.com> kernel: compat: iterate_dir -> vfs_readdir compat for < 3.11 I'll just copy what I put in comments originally: 7a87f5c this is backported on msm-3.10 though SO YEAH WE STILL USE IT IF ITS THERE !! (ref: Makefile) but we have to try to follow what upstream linux is, and it is only added on 3.11 need to inline struct dir_context since this doesnt exist pre-iterate_dir era! ref: torvalds/linux@5c0ba4e analysis: int kernel_iterate_dir(struct file *file, struct dir_context *ctx) -> res = readdir(file, ctx, ctx->actor); ++++ file, struct -> file, struct, struct->member int vfs_readdir(struct file *file, filldir_t filler, void *buf) -> res = readdir(file, buf, filler); file, ??, ?? +++ 1 3 2 Signed-off-by: backslashxx <118538522+backslashxx@users.noreply.github.com> kernel: sucompat: bruteforce writeable stack from start_stack for < 3.8 I'll just put original inlined comments: 939f0fb hunt from start_stack we start 32 bytes deep and double on every iteration coming from start_stack downwards we normally get one on the first iteration anyway so the loop is just for resilience -- this removes the need for backporting current_user_stack_pointer for sub 3.8 kernels. while it looks like a bad meme, this works so yeah. Signed-off-by: backslashxx <118538522+backslashxx@users.noreply.github.com> kernel: apk_sign: provide bin2hex compat for < 3.18 from 3.18-rc1: - Provide a binary to hex conversion function - torvalds/linux@53d91c5 for this one, also use pack_hex_byte instead of hex_byte_pack for 3.0 its there just marked deprecated on 3.3 to 3.16 and since nobody has 3.17 on android, its fine to miss that doesnt have bin2hex and no more pack_hex_byte either. since UL is only like, 3.0, 3.4, 3.10, 3.18 Signed-off-by: backslashxx <118538522+backslashxx@users.noreply.github.com> kernel: throne_tracker: add strscpy pseudo-compat for < 4.3 strscpy requires 4.3 strscpy on this usage can be replaced with strncpy + null term. and since this call doesnt really care about the return value, we only need a terminated copy, so this is good enough Signed-off-by: backslashxx <118538522+backslashxx@users.noreply.github.com> kernel: apk_sign: fix return check for ksu_sha256 upstream used IS_ERR to check for negative return and that is int, so correct it. This is one headache for old compilers. Signed-off-by: backslashxx <118538522+backslashxx@users.noreply.github.com> kernel: handle backports It is a common thing on the scene to backport things, so this breaks kernel versioning assumptions. As for those, we have to scan and check kernel source. The following are commonly backported: - path_umount: context: tiann#1464 (comment) apply: xiaomi-sdm678/android_kernel_xiaomi_mojito@2d51422 - probe_user_read / copy_from_user_nofault gregkh/linux@3d70818 gregkh/linux@c0ee37e - kernel_read / kernel_write < 4.14, backport chain, tested on 4.9 torvalds/linux@e13ec93 torvalds/linux@bdd1d2d torvalds/linux@c41fbad torvalds/linux@ac452ac - hint, `curl $url.patch | git am` Signed-off-by: backslashxx <118538522+backslashxx@users.noreply.github.com> kernel: apk_sign: add more size/hash pairs this will make it support - this repo's manager - official manager, but I guess up to 1.0.1 for non-gki - 5ec1cff's MKSU - KernelSU NEXT - kowx712's MKSU - rsuntk's MKSU - SukiSU-Ultra kernel: ksu: printout quirks / backports / etc on init Signed-off-by: backslashxx <118538522+backslashxx@users.noreply.github.com> not implemented Co-Authored-By: ExtremeXT <75576145+extremext@users.noreply.github.com> Co-Authored-By: backslashxx <118538522+backslashxx@users.noreply.github.com> Co-Authored-By: Yaroslav Zviezda <10716792+acroreiser@users.noreply.github.com>
backslashxx
added a commit
to backslashxx/KernelSU
that referenced
this pull request
Nov 1, 2025
Update core_hook.c not implemented kernel: ksu: printout quirks / backports / etc on init Signed-off-by: backslashxx <118538522+backslashxx@users.noreply.github.com> kernel: apk_sign: add more size/hash pairs this will make it support - this repo's manager - official manager, but I guess up to 1.0.1 for non-gki - 5ec1cff's MKSU - KernelSU NEXT - kowx712's MKSU - rsuntk's MKSU - SukiSU-Ultra kernel: handle backports It is a common thing on the scene to backport things, so this breaks kernel versioning assumptions. As for those, we have to scan and check kernel source. The following are commonly backported: - path_umount: context: tiann#1464 (comment) apply: xiaomi-sdm678/android_kernel_xiaomi_mojito@2d51422 - probe_user_read / copy_from_user_nofault gregkh/linux@3d70818 gregkh/linux@c0ee37e - kernel_read / kernel_write < 4.14, backport chain, tested on 4.9 torvalds/linux@e13ec93 torvalds/linux@bdd1d2d torvalds/linux@c41fbad torvalds/linux@ac452ac - hint, `curl $url.patch | git am` Signed-off-by: backslashxx <118538522+backslashxx@users.noreply.github.com> kernel: apk_sign: fix return check for ksu_sha256 upstream used IS_ERR to check for negative return and that is int, so correct it. This is one headache for old compilers. Signed-off-by: backslashxx <118538522+backslashxx@users.noreply.github.com> kernel: throne_tracker: add strscpy pseudo-compat for < 4.3 strscpy requires 4.3 strscpy on this usage can be replaced with strncpy + null term. and since this call doesnt really care about the return value, we only need a terminated copy, so this is good enough Signed-off-by: backslashxx <118538522+backslashxx@users.noreply.github.com> kernel: apk_sign: provide bin2hex compat for < 3.18 from 3.18-rc1: - Provide a binary to hex conversion function - torvalds/linux@53d91c5 for this one, also use pack_hex_byte instead of hex_byte_pack for 3.0 its there just marked deprecated on 3.3 to 3.16 and since nobody has 3.17 on android, its fine to miss that doesnt have bin2hex and no more pack_hex_byte either. since UL is only like, 3.0, 3.4, 3.10, 3.18 Signed-off-by: backslashxx <118538522+backslashxx@users.noreply.github.com> kernel: sucompat: bruteforce writeable stack from start_stack for < 3.8 I'll just put original inlined comments: 939f0fb hunt from start_stack we start 32 bytes deep and double on every iteration coming from start_stack downwards we normally get one on the first iteration anyway so the loop is just for resilience -- this removes the need for backporting current_user_stack_pointer for sub 3.8 kernels. while it looks like a bad meme, this works so yeah. Signed-off-by: backslashxx <118538522+backslashxx@users.noreply.github.com> kernel: compat: iterate_dir -> vfs_readdir compat for < 3.11 I'll just copy what I put in comments originally: 7a87f5c this is backported on msm-3.10 though SO YEAH WE STILL USE IT IF ITS THERE !! (ref: Makefile) but we have to try to follow what upstream linux is, and it is only added on 3.11 need to inline struct dir_context since this doesnt exist pre-iterate_dir era! ref: torvalds/linux@5c0ba4e analysis: int kernel_iterate_dir(struct file *file, struct dir_context *ctx) -> res = readdir(file, ctx, ctx->actor); ++++ file, struct -> file, struct, struct->member int vfs_readdir(struct file *file, filldir_t filler, void *buf) -> res = readdir(file, buf, filler); file, ??, ?? +++ 1 3 2 Signed-off-by: backslashxx <118538522+backslashxx@users.noreply.github.com> kernel: throne_tracker: handle filldir_t ABI mismatch on <= 3.18 Clang splats the following: drivers/kernelsu/throne_tracker.c:237:47: error: incompatible function pointer types initializing 'const filldir_t' (aka 'int (*const)(void *, const char *, int, long long, unsigned long long, unsigned int)') with an expression of type 'int (struct dir_context *, const char *, int, loff_t, u64, unsigned int)' (aka 'int (struct dir_context *, const char *, int, long long, unsigned long long, unsigned int)') [-Wincompatible-function-pointer-types] 237 | struct my_dir_context ctx = { .ctx.actor = my_actor, | ^~~~~~~~ 1 error generated. reference: - 3.18: https://elixir.bootlin.com/linux/v3.18/source/include/linux/fs.h#L1469 - 3.19: https://elixir.bootlin.com/linux/v3.19/source/include/linux/fs.h#L1489 so just pass as void, then cast it back ximi-libra-test/android_kernel_xiaomi_libra@036c532 Signed-off-by: backslashxx <118538522+backslashxx@users.noreply.github.com> kernel: ksud: handle conditional read_iter requirement for < 3.16 nothing uses this on old kernels, so even backporting this to file_operations is not really needed though if it is found, we probably need to proxy it https://elixir.bootlin.com/linux/v3.16/source/include/linux/fs.h#L1463 Signed-off-by: backslashxx <118538522+backslashxx@users.noreply.github.com> kernel: throne_tracker: resolve s_magic for < 3.9 throne_tracker, cross-fs avoidance: f_inode is f_path.dentry->d_inode so file->f_inode->i_sb->s_magic is file->f_path.dentry->d_inode->i_sb->s_magic Signed-off-by: backslashxx <118538522+backslashxx@users.noreply.github.com> kernel: Makefile: remove overlayfs requirement as title Signed-off-by: backslashxx <118538522+backslashxx@users.noreply.github.com> kernel: ksud: d_is_reg to S_ISREG d_is_reg requires 4.0 - torvalds/linux@e36cb0b S_ISREG is still there on 6.15 so I do NOT see any issues forcing it for all. Signed-off-by: backslashxx <118538522+backslashxx@users.noreply.github.com> kernel: core_hook: no ext4_unregister_sysfs, no problem If ext4_unregister_sysfs ain't there, we don't care. This is mostly for UL builds. Signed-off-by: backslashxx <118538522+backslashxx@users.noreply.github.com> kernel: apk_sign: migrate generic_file_llseek -> vfs_llseek seems it has the same abi anyway and this is what syscalls use this is to handle shitty backports common on 3.x vfs_llseek falls back to generic anyway depending on filesystem's f_op https://elixir.bootlin.com/linux/v3.10.108/source/fs/read_write.c#L225 Signed-off-by: backslashxx <118538522+backslashxx@users.noreply.github.com> kernel: apk_sign: casting to char for strcmp -> memcmp style thing Signed-off-by: backslashxx <118538522+backslashxx@users.noreply.github.com> kernel: ksud: provide is_ksu_transition check v2 context: this is known by many as `selinux hook`, `4.9 hook` add is_ksu_transition check which allows ksud execution under nosuid. it also eases up integration on 3.X kernels that does not have check_nnp_nosuid. Usage: if (is_ksu_transition(old_tsec, new_tsec)) return 0; on either check_nnp_nosuid or selinux_bprm_set_creds (after execve sid reset) reference: https://github.com/backslashxx/msm8953-kernel/commits/dfe003c9fdfa394a2bffe74668987a19a0d2f546 taken from: `allow init exec ksud under nosuid` - LineageOS/android_kernel_oneplus_msm8998@3df9df4 - tiann#166 (comment) 250611-edit: - remove ksu_execveat_hook entry check - turns out some devices needs the transition for multiple times Reported-by: edenadversary <143865198+edenadversary@users.noreply.github.com> Signed-off-by: backslashxx <118538522+backslashxx@users.noreply.github.com> kernel: extras/avc_spoof: add kprobe support I'll just paste code comments. I've already done this standalone on https://github.com/backslashxx/selinux_avc_spoof_lkm -- just pass both arg2 and arg3 to original handler this removes all the headache. for < 4.17 int slow_avc_audit(u32 ssid, u32 tsid for >= 4.17 int slow_avc_audit(struct selinux_state *state, u32 ssid, u32 tsid for >= 6.4 int slow_avc_audit(u32 ssid, u32 tsid not to mention theres also DKSU_HAS_SELINUX_STATE since its hard to make sure this selinux state thing cross crossing with 4.17 ~ 6.4's where slow_avc_audit changes abi (tsid in arg2 vs arg3) lets just pass both to the handler Signed-off-by: backslashxx <118538522+backslashxx@users.noreply.github.com> kernel: extras: base implementation of avc log spoofing this exposes a new handler int ksu_handle_slow_avc_audit(u32 *tsid) which will check if su_sid is going to be printed on the audit log. Usage: ksu_handle_slow_avc_audit(&tsid); on slow_avc_audit() on security/selinux/avc.c This way, we replace sid right before that struct is created. This can also be implemented in kprobes which will be on enxt commit. Signed-off-by: backslashxx <118538522+backslashxx@users.noreply.github.com> kernel: rp_sucompat: add kretprobes-hooked getname_flags for sucompat This introduces a kretprobe on getname_flags that improves the stealth and reliability of sucompat feature. Changes: - CONFIG_KSU_KRETPROBES_SUCOMPAT option to enable this hooking method - Hooks getname_flags() via kretprobe to intercept and modify filename->name on the return - prevent timing-based detections since it avoids individual syscall hijacking (newfstat vs newfstatat timing detections) - prevents doing usercopies, which in turn increases reliability on pagefaulty moments This allows sucompat to operate against anti-root detection techniques known as - Delayed syscall - KSU (ND) - sucompat SCA (Discolusre) - Abnormal Environment (NT) This is still very experimental, so default n, but yeah, it works. Related: - #5 (comment) Signed-off-by: backslashxx <118538522+backslashxx@users.noreply.github.com> kernel: kp_ksud: add security_bounded_transition hook for < 4.14 (tiann#1704) - torvalds/linux@af63f41 - SELinux domain transitions under NNP/nosuid environment was introduced in 4.14 by the above commit, for older kernels, we need to make sure our domain transitions are allowed when calling ksud at boot from the init - Adapted from tiann#270 (comment) tiann@0950fbb - tiann#1704 tiann@d664fe3 Difference to tiann's version: - use a kretprobe to force a 0 return - grab sids outside of kprobe context to avoid stuckups / hangups Logs: daisy:/ # dmesg | grep -E "transition|grab_sids" [ 5.977810] KernelSU: ksud_grab_sids: got init sid: 62 [ 5.977907] KernelSU: ksud_grab_sids: got su sid: 537 [ 5.980497] KernelSU: kp_ksud: register kretprobe: security_bounded_transition ret: 0 [ 32.008560] KernelSU: kp_ksud: security_bounded_transition: allowing init (62) -> su (537) [ 32.008663] type=1401 audit(2247197.199:61): op=security_bounded_transition seresult=denied oldcontext=u:r:init:s0 newcontext=u:r:su:s0 [ 36.946527] KernelSU: kp_ksud: security_bounded_transition: allowing init (62) -> su (537) [ 61.202278] KernelSU: kp_ksud: security_bounded_transition: allowing init (62) -> su (537) [ 61.202395] type=1401 audit(1761288080.219:1045): op=security_bounded_transition seresult=denied oldcontext=u:r:init:s0 newcontext=u:r:su:s0 daisy:/ # uname -a Linux localhost 4.9.337+64-daikura/db23b17 tiann#634 SMP PREEMPT Fri Oct 24 14:37:19 PST 2025 aarch64 Toybox Signed-off-by: backslashxx <118538522+backslashxx@users.noreply.github.com> kernel: kp_ksud: restore kprobes for early-boot and used-once hooks since kprobes offer dynamic hooking and shit, this is going to be better on something that we only need temporarily. this still keeps whole sucompat onto manual hooks as those are performance sensitive, needed to be permanent and "timeable". as for these hooks that got hooked here they are only used either only at boot or on some, used only once. symbols hooked: vfs_read - needed only at boot for read proxy-ing atrace.rc input_event - needed only up to like boot_complete, for 3-button-press safemode feature security_key_permission - needed for a keygrab on allowlist workaround for kernels below 4.10 and some sys_execve - a substitute for security_bprm_check LSM. for reference purposes. -- as for unregistration, we defer this once boot is completed and then have a kthread unregister everything. credits: some of these are just straight up copied from upstream. Tests: ximi mi a2 lite, arm64, Linux 4.9 samsung galaxy s3, arm, Linux 3.0 #26 Signed-off-by: backslashxx <118538522+backslashxx@users.noreply.github.com> kernel: sucompat: provide vfs_statx hook handler >= 5.18 just put ksu_handle_vfs_statx((void *)&dfd, &filename, (void *)&flags, (void **)&stat, (void *)&request_mask); on vfs_statx's entry while this hooks all stat syscalls, this skips usercopy Signed-off-by: backslashxx <118538522+backslashxx@users.noreply.github.com> kernel: sucompat: provide getname_flags (kernel) ultimatum hook put me right after strncpy_from user on getname_flags on namei.c ksu_getname_flags_kernel(&kname, flags); This can replace exec, faccessat and stat hooks. I don't recommend it, but its an option. Signed-off-by: backslashxx <118538522+backslashxx@users.noreply.github.com> kernel: sucompat: provide getname_flags (user) ultimatum hook I'm providing this as an option if you want an ultimatum. Usage: ksu_getname_flags_user(&filename, flags); on entry of getname_flags on namei.c This can replace exec, faccessat and stat hooks. I don't recommend it, but its an option. Signed-off-by: backslashxx <118538522+backslashxx@users.noreply.github.com> kernel: sucompat: provide do_execve_common handler for < 3.14 usage on do_execve_common: ksu_legacy_execve_sucompat(&filename, NULL, NULL); Signed-off-by: backslashxx <118538522+backslashxx@users.noreply.github.com> kernel: expose KSU_LSM_SECURITY_HOOKS on Kconfig disabling this removes the need for LSM_HOOK_INIT, security_add_hooks and such,. furthermore, this will also allow easier integration on pre-4.1 kernels. Expose this and make it a configurable option. Signed-off-by: backslashxx <118538522+backslashxx@users.noreply.github.com> kernel: core_hook: earlier escape_to_root already-root check micro-opt Signed-off-by: backslashxx <118538522+backslashxx@users.noreply.github.com> kernel: ksud: provide dummy handlers for old hooks prevents breaking old builds. kernel: sucompat: sucompat toggle support for non-kp (tiann#2506) This is done like how vfs_read_hook, input_hook and execve_hook is disabled. While this is not exactly the same thing, this CAN achieve the same results. The complete disabling of all KernelSU hooks. While this is likely unneeded, It keeps feature parity to non-kprobe builds. adapted from upstream: kernel: Allow to re-enable sucompat - tiann@4593ae8 Rejected: tiann#2506 Signed-off-by: backslashxx <118538522+backslashxx@users.noreply.github.com> kernel: sucompat: increase reliability, commonize and micro-optimize (tiann#2656) On plain ARMv8.0 devices (A53,A57,A73), strncpy_from_user_nofault() sometimes fails to copy `filename_user` string correctly. This breaks su ofc, breaking some apps like Termux (Play Store ver), ZArchiver and Root Explorer. This does NOT seem to affect newer ARMv8.2+ CPUs (A75/A76 and newer) My speculation? ARMv8.0 has weak speculation :) here we replace `ksu_strncpy_from_user_nofault` with ksu_strncpy_from_user_retry: - ksu_strncpy_from_user_nofault as fast-path copy - fallback to access_ok to validate the pointer + strncpy_from_user - manual null-termination just in case, as strncpy_from_user_nofault also does it - remove that memset, seems useless as it is an strncpy, not strncat basically, we retry on pagefualt for usercopies, its not like were doing memset(dest, 0, sizeof(dest)); strncat(dest, var, bytes); that memset seems unneeded. instead we use strncpy itself to do proper error and oob check and null term it after. as for optimizations - just return early if unauthorized - commonized logic - reduced duplication - migrate from strncpy_from_user to copy_from_user Tested on: - ARMv8.0 A73.a53, A57.a53, A53.a53 - ARMv8.2 A76.a55 Stale: tiann#2656 Signed-off-by: backslashxx <118538522+backslashxx@users.noreply.github.com> kernel: ksud: migrate ksud execution to security_bprm_check (tiann#2653) This migrates ksud execution decision-making to bprm_check_security. This requires passing proper argv and envp to a modified _ksud handler aptly named 'ksu_handle_bprm_ksud'. Introduces: int ksu_handle_bprm_ksud(const char *filename, const char *argv1, const char *envp, size_t envp_len) which is adapted from: int ksu_handle_execveat_ksud(int *fd, struct filename **filename_ptr, struct user_arg_ptr *argv, struct user_arg_ptr *envp, int *flags) ksu_handle_bprm_ksud handles all the decision making, it decides when it is time to apply_kernelsu_rules depending if it sees "second_stage". For LSM hook, turns out we can pull out argv and envp from mm_struct. The code in here explains itself on how to do it. whole blob exists on arg_start to arg_end, so we just pull it out and grab next array after the first null terminator. as for envp, we pass the pointer then hunt for it when needed My reasoning on adding a fallback on usercopy is that on some devices a fault happens, and it copies garbled data. On my creation of this, I actually had to lock that _nofault copy on a spinlock as a way to mimic preempt_disable/enable without actually doing it. As per user reports, no failed _nofault copies anyway but we have-to-have a fallback for resilience. References: - old version1 6efcd81 - old version2 37d5938 - bad usercopy #21 This now provides a small helper function, ksu_copy_from_user_retry, which explains itself. First we attempt a _nofault copy, if that fails, we try plain. With that, It also provides an inlined copy_from_user_nofault for < 5.8. While using strncpy_from_user_nofault was considered, this wont do, this will only copy up to the first \0. devlog: ximi-libra-test/android_kernel_xiaomi_libra@16e5dce...16c1f5f ximi-mojito-test/mojito_krenol@28642e6...728de0c References: https://elixir.bootlin.com/linux/v4.14.1/source/include/linux/mm_types.h#L429 https://elixir.bootlin.com/linux/v4.14.1/source/include/linux/lsm_hooks.h Stale: tiann#2653 Signed-off-by: backslashxx <118538522+backslashxx@users.noreply.github.com> kernel: throne_tracker: offload to kthread (tiann#2632) Run throne_tracker() in kthread instead of blocking the caller. Prevents full lockup during installation and removing the manager. By default, first run remains synchronous for compatibility purposes (FDE, FBEv1, FBEv2) Features: - looks and waits for manager UID in /data/system/packages.list - run track_throne() in a kthread after the first synchronous run - prevent duplicate thread creation with a single-instance check - spinlock-on-d_lock based polling adressing possible race conditions. Race conditions adressed - single instance kthread lock, smp_mb() - track_throne_function, packages.list, spinlock-on-d_lock based polling - is_manager_apk, apk, spinlock-on-d_lock based polling This is a squash of: tiann#2632 Original skeleton based on: `kernelsu: move throne_tracker() to kthread` `kernelsu: check locking before accessing files and dirs during searching manager` `kernelsu: look for manager UID in /data/system/packages.list, not /data/system/packages.list.tmp` acroreiser/android_kernel_lge_hammerhead@0b05e92...8783bad Signed-off-by: backslashxx <118538522+backslashxx@users.noreply.github.com> kernel: core_hook: screw path_umount backport, call sys_umount directly I am repasting here what I posted on the source code originally: /* * turns out path_umount backport is completely unneeded * we copy the trick used on strncpy_from_unsafe_user / strncpy_from_user_nofault * https://elixir.bootlin.com/linux/v4.4.302/source/mm/maccess.c#L184 * basically * * mm_segment_t old_fs = get_fs(); // remember original fs segment * set_fs(USER_DS); // or KERNEL_DS * * do_whatever_in_userspace(); * set_fs(old_fs); // restore fs segment * * * kernel -> user, KERNEL_DS, user -> kernel, USER_DS * * so yes, we can try to straight up call a syscall from kernel space * * NOTE: on newer kernels you can use force_uaccess_begin + force_uaccess_end * ref: https://elixir.bootlin.com/linux/v5.10.237/source/mm/maccess.c#L250 * */ path_umount backport now optional — neat trick, werks, what can I say. Backports? Nah, we’re good. EDITS: - rename path_umount_handler for clarity + proper guards - add a fix for 4.17~5.8 `fs: add ksys_umount() helper; remove in-kernel call to sys_umount()` torvalds/linux@3a18ef5 - which adds a ksys_umount helper, basically turning sys_umount `syscalls/core: Introduce CONFIG_ARCH_HAS_SYSCALL_WRAPPER=y` torvalds/linux@1bd21c6 - which undefines in-kernel calls of syscalls, which is enabled on 4.19's arch/arm64/Kconfig Ref: - https://github.com/torvalds/linux/commits/v4.17/include/linux/syscalls.h - rsuntk@d20f15e Reported-by: rsuntk <90097027+rsuntk@users.noreply.github.com> Signed-off-by: backslashxx <118538522+backslashxx@users.noreply.github.com> kernel: expose allowlist workaround as Kconfig option Useful for situations where the SU allowlist is not kept after a reboot. As per upstream this is only used for < 4.10 and Huawei HiSilicon devices. but theres user reports having issues even on 4.14/4.19 samsung kernels. Expose this option so users affected can opt-in. This supercedes ` kernel:Add Huawei hisi check (tiann#1545) ` References: tiann@f57d351 tiann@b61cb30 Reviewed-by: Alex <a.mihail@pm.me> Signed-off-by: backslashxx <118538522+backslashxx@users.noreply.github.com> kernel: selinux: force sepol_data.sepol to be u64 if we properly align our struct members as such. we wont need all this compat_ptr bullshit. Signed-off-by: backslashxx <118538522+backslashxx@users.noreply.github.com> kernel: restore compat code required for old kernels This commit restores compatibility code needed that was removed at tiann/KernelSU@898e9d4 . where upstream dropped all pre-5.10 support Reverts `kernel:Add Huawei hisi check (tiann#1545)` - upstream tiann/KernelSU@4f05fe2 - superceded by `kernel: expose allowlist workaround as Kconfig option` on next commit Reverts packages.list fsnotify watcher - rename hook is way simpler and we have full access to LSM hooks on this kernel - revert: cf031b4 - kernel: replace renameat hook with fsnotify - revert: 5ac010d - kernel: fix compile - revert: 3138651 - kernel: fix compile below 6.0 Restores LSM hooks: - inode_rename - task_fix_setuid - key permission other changes and cleanups sucompat: ksu_handle_stat(), remove dead ifdef. - just use `ksu_handle_stat(&dfd, &filename->name, &flags);` if you want to hook vfs_statx on 6.1 LINUX_VERSION_CODE / KERNEL_VERSION, ksu.c - reported by Sinclair19 - fix by including version.h fatal_signal_pending, ksud.c - add compat by including sched.h or sched/signal.h conditionally - ref: torvalds/linux@2a1f062 selinux_state.ss, core_hook.c - remove rcu_dereference use - ref: tiann#2695 seccomp.filter_count, core_hook.c - reset this only for 5.9 and up as it only exists there - ref: tiann#2708, gregkh/linux@c818c03 Signed-off-by: backslashxx <118538522+backslashxx@users.noreply.github.com> Co-Authored-By: backslashxx <118538522+backslashxx@users.noreply.github.com> Co-Authored-By: Yaroslav Zviezda <10716792+acroreiser@users.noreply.github.com> Co-Authored-By: ExtremeXT <75576145+extremext@users.noreply.github.com>
backslashxx
added a commit
to backslashxx/KernelSU
that referenced
this pull request
Nov 1, 2025
Update core_hook.c not implemented kernel: ksu: printout quirks / backports / etc on init Signed-off-by: backslashxx <118538522+backslashxx@users.noreply.github.com> kernel: apk_sign: add more size/hash pairs this will make it support - this repo's manager - official manager, but I guess up to 1.0.1 for non-gki - 5ec1cff's MKSU - KernelSU NEXT - kowx712's MKSU - rsuntk's MKSU - SukiSU-Ultra kernel: handle backports It is a common thing on the scene to backport things, so this breaks kernel versioning assumptions. As for those, we have to scan and check kernel source. The following are commonly backported: - path_umount: context: tiann#1464 (comment) apply: xiaomi-sdm678/android_kernel_xiaomi_mojito@2d51422 - probe_user_read / copy_from_user_nofault gregkh/linux@3d70818 gregkh/linux@c0ee37e - kernel_read / kernel_write < 4.14, backport chain, tested on 4.9 torvalds/linux@e13ec93 torvalds/linux@bdd1d2d torvalds/linux@c41fbad torvalds/linux@ac452ac - hint, `curl $url.patch | git am` Signed-off-by: backslashxx <118538522+backslashxx@users.noreply.github.com> kernel: apk_sign: fix return check for ksu_sha256 upstream used IS_ERR to check for negative return and that is int, so correct it. This is one headache for old compilers. Signed-off-by: backslashxx <118538522+backslashxx@users.noreply.github.com> kernel: throne_tracker: add strscpy pseudo-compat for < 4.3 strscpy requires 4.3 strscpy on this usage can be replaced with strncpy + null term. and since this call doesnt really care about the return value, we only need a terminated copy, so this is good enough Signed-off-by: backslashxx <118538522+backslashxx@users.noreply.github.com> kernel: apk_sign: provide bin2hex compat for < 3.18 from 3.18-rc1: - Provide a binary to hex conversion function - torvalds/linux@53d91c5 for this one, also use pack_hex_byte instead of hex_byte_pack for 3.0 its there just marked deprecated on 3.3 to 3.16 and since nobody has 3.17 on android, its fine to miss that doesnt have bin2hex and no more pack_hex_byte either. since UL is only like, 3.0, 3.4, 3.10, 3.18 Signed-off-by: backslashxx <118538522+backslashxx@users.noreply.github.com> kernel: sucompat: bruteforce writeable stack from start_stack for < 3.8 I'll just put original inlined comments: 939f0fb hunt from start_stack we start 32 bytes deep and double on every iteration coming from start_stack downwards we normally get one on the first iteration anyway so the loop is just for resilience -- this removes the need for backporting current_user_stack_pointer for sub 3.8 kernels. while it looks like a bad meme, this works so yeah. Signed-off-by: backslashxx <118538522+backslashxx@users.noreply.github.com> kernel: compat: iterate_dir -> vfs_readdir compat for < 3.11 I'll just copy what I put in comments originally: 7a87f5c this is backported on msm-3.10 though SO YEAH WE STILL USE IT IF ITS THERE !! (ref: Makefile) but we have to try to follow what upstream linux is, and it is only added on 3.11 need to inline struct dir_context since this doesnt exist pre-iterate_dir era! ref: torvalds/linux@5c0ba4e analysis: int kernel_iterate_dir(struct file *file, struct dir_context *ctx) -> res = readdir(file, ctx, ctx->actor); ++++ file, struct -> file, struct, struct->member int vfs_readdir(struct file *file, filldir_t filler, void *buf) -> res = readdir(file, buf, filler); file, ??, ?? +++ 1 3 2 Signed-off-by: backslashxx <118538522+backslashxx@users.noreply.github.com> kernel: throne_tracker: handle filldir_t ABI mismatch on <= 3.18 Clang splats the following: drivers/kernelsu/throne_tracker.c:237:47: error: incompatible function pointer types initializing 'const filldir_t' (aka 'int (*const)(void *, const char *, int, long long, unsigned long long, unsigned int)') with an expression of type 'int (struct dir_context *, const char *, int, loff_t, u64, unsigned int)' (aka 'int (struct dir_context *, const char *, int, long long, unsigned long long, unsigned int)') [-Wincompatible-function-pointer-types] 237 | struct my_dir_context ctx = { .ctx.actor = my_actor, | ^~~~~~~~ 1 error generated. reference: - 3.18: https://elixir.bootlin.com/linux/v3.18/source/include/linux/fs.h#L1469 - 3.19: https://elixir.bootlin.com/linux/v3.19/source/include/linux/fs.h#L1489 so just pass as void, then cast it back ximi-libra-test/android_kernel_xiaomi_libra@036c532 Signed-off-by: backslashxx <118538522+backslashxx@users.noreply.github.com> kernel: ksud: handle conditional read_iter requirement for < 3.16 nothing uses this on old kernels, so even backporting this to file_operations is not really needed though if it is found, we probably need to proxy it https://elixir.bootlin.com/linux/v3.16/source/include/linux/fs.h#L1463 Signed-off-by: backslashxx <118538522+backslashxx@users.noreply.github.com> kernel: throne_tracker: resolve s_magic for < 3.9 throne_tracker, cross-fs avoidance: f_inode is f_path.dentry->d_inode so file->f_inode->i_sb->s_magic is file->f_path.dentry->d_inode->i_sb->s_magic Signed-off-by: backslashxx <118538522+backslashxx@users.noreply.github.com> kernel: Makefile: remove overlayfs requirement as title Signed-off-by: backslashxx <118538522+backslashxx@users.noreply.github.com> kernel: ksud: d_is_reg to S_ISREG d_is_reg requires 4.0 - torvalds/linux@e36cb0b S_ISREG is still there on 6.15 so I do NOT see any issues forcing it for all. Signed-off-by: backslashxx <118538522+backslashxx@users.noreply.github.com> kernel: core_hook: no ext4_unregister_sysfs, no problem If ext4_unregister_sysfs ain't there, we don't care. This is mostly for UL builds. Signed-off-by: backslashxx <118538522+backslashxx@users.noreply.github.com> kernel: apk_sign: migrate generic_file_llseek -> vfs_llseek seems it has the same abi anyway and this is what syscalls use this is to handle shitty backports common on 3.x vfs_llseek falls back to generic anyway depending on filesystem's f_op https://elixir.bootlin.com/linux/v3.10.108/source/fs/read_write.c#L225 Signed-off-by: backslashxx <118538522+backslashxx@users.noreply.github.com> kernel: apk_sign: casting to char for strcmp -> memcmp style thing Signed-off-by: backslashxx <118538522+backslashxx@users.noreply.github.com> kernel: ksud: provide is_ksu_transition check v2 context: this is known by many as `selinux hook`, `4.9 hook` add is_ksu_transition check which allows ksud execution under nosuid. it also eases up integration on 3.X kernels that does not have check_nnp_nosuid. Usage: if (is_ksu_transition(old_tsec, new_tsec)) return 0; on either check_nnp_nosuid or selinux_bprm_set_creds (after execve sid reset) reference: https://github.com/backslashxx/msm8953-kernel/commits/dfe003c9fdfa394a2bffe74668987a19a0d2f546 taken from: `allow init exec ksud under nosuid` - LineageOS/android_kernel_oneplus_msm8998@3df9df4 - tiann#166 (comment) 250611-edit: - remove ksu_execveat_hook entry check - turns out some devices needs the transition for multiple times Reported-by: edenadversary <143865198+edenadversary@users.noreply.github.com> Signed-off-by: backslashxx <118538522+backslashxx@users.noreply.github.com> kernel: extras/avc_spoof: add kprobe support I'll just paste code comments. I've already done this standalone on https://github.com/backslashxx/selinux_avc_spoof_lkm -- just pass both arg2 and arg3 to original handler this removes all the headache. for < 4.17 int slow_avc_audit(u32 ssid, u32 tsid for >= 4.17 int slow_avc_audit(struct selinux_state *state, u32 ssid, u32 tsid for >= 6.4 int slow_avc_audit(u32 ssid, u32 tsid not to mention theres also DKSU_HAS_SELINUX_STATE since its hard to make sure this selinux state thing cross crossing with 4.17 ~ 6.4's where slow_avc_audit changes abi (tsid in arg2 vs arg3) lets just pass both to the handler Signed-off-by: backslashxx <118538522+backslashxx@users.noreply.github.com> kernel: extras: base implementation of avc log spoofing this exposes a new handler int ksu_handle_slow_avc_audit(u32 *tsid) which will check if su_sid is going to be printed on the audit log. Usage: ksu_handle_slow_avc_audit(&tsid); on slow_avc_audit() on security/selinux/avc.c This way, we replace sid right before that struct is created. This can also be implemented in kprobes which will be on enxt commit. Signed-off-by: backslashxx <118538522+backslashxx@users.noreply.github.com> kernel: rp_sucompat: add kretprobes-hooked getname_flags for sucompat This introduces a kretprobe on getname_flags that improves the stealth and reliability of sucompat feature. Changes: - CONFIG_KSU_KRETPROBES_SUCOMPAT option to enable this hooking method - Hooks getname_flags() via kretprobe to intercept and modify filename->name on the return - prevent timing-based detections since it avoids individual syscall hijacking (newfstat vs newfstatat timing detections) - prevents doing usercopies, which in turn increases reliability on pagefaulty moments This allows sucompat to operate against anti-root detection techniques known as - Delayed syscall - KSU (ND) - sucompat SCA (Discolusre) - Abnormal Environment (NT) This is still very experimental, so default n, but yeah, it works. Related: - #5 (comment) Signed-off-by: backslashxx <118538522+backslashxx@users.noreply.github.com> kernel: kp_ksud: add security_bounded_transition hook for < 4.14 (tiann#1704) - torvalds/linux@af63f41 - SELinux domain transitions under NNP/nosuid environment was introduced in 4.14 by the above commit, for older kernels, we need to make sure our domain transitions are allowed when calling ksud at boot from the init - Adapted from tiann#270 (comment) tiann@0950fbb - tiann#1704 tiann@d664fe3 Difference to tiann's version: - use a kretprobe to force a 0 return - grab sids outside of kprobe context to avoid stuckups / hangups Logs: daisy:/ # dmesg | grep -E "transition|grab_sids" [ 5.977810] KernelSU: ksud_grab_sids: got init sid: 62 [ 5.977907] KernelSU: ksud_grab_sids: got su sid: 537 [ 5.980497] KernelSU: kp_ksud: register kretprobe: security_bounded_transition ret: 0 [ 32.008560] KernelSU: kp_ksud: security_bounded_transition: allowing init (62) -> su (537) [ 32.008663] type=1401 audit(2247197.199:61): op=security_bounded_transition seresult=denied oldcontext=u:r:init:s0 newcontext=u:r:su:s0 [ 36.946527] KernelSU: kp_ksud: security_bounded_transition: allowing init (62) -> su (537) [ 61.202278] KernelSU: kp_ksud: security_bounded_transition: allowing init (62) -> su (537) [ 61.202395] type=1401 audit(1761288080.219:1045): op=security_bounded_transition seresult=denied oldcontext=u:r:init:s0 newcontext=u:r:su:s0 daisy:/ # uname -a Linux localhost 4.9.337+64-daikura/db23b17 tiann#634 SMP PREEMPT Fri Oct 24 14:37:19 PST 2025 aarch64 Toybox Signed-off-by: backslashxx <118538522+backslashxx@users.noreply.github.com> kernel: kp_ksud: restore kprobes for early-boot and used-once hooks since kprobes offer dynamic hooking and shit, this is going to be better on something that we only need temporarily. this still keeps whole sucompat onto manual hooks as those are performance sensitive, needed to be permanent and "timeable". as for these hooks that got hooked here they are only used either only at boot or on some, used only once. symbols hooked: vfs_read - needed only at boot for read proxy-ing atrace.rc input_event - needed only up to like boot_complete, for 3-button-press safemode feature security_key_permission - needed for a keygrab on allowlist workaround for kernels below 4.10 and some sys_execve - a substitute for security_bprm_check LSM. for reference purposes. -- as for unregistration, we defer this once boot is completed and then have a kthread unregister everything. credits: some of these are just straight up copied from upstream. Tests: ximi mi a2 lite, arm64, Linux 4.9 samsung galaxy s3, arm, Linux 3.0 #26 Signed-off-by: backslashxx <118538522+backslashxx@users.noreply.github.com> kernel: sucompat: provide vfs_statx hook handler >= 5.18 just put ksu_handle_vfs_statx((void *)&dfd, &filename, (void *)&flags, (void **)&stat, (void *)&request_mask); on vfs_statx's entry while this hooks all stat syscalls, this skips usercopy Signed-off-by: backslashxx <118538522+backslashxx@users.noreply.github.com> kernel: sucompat: provide getname_flags (kernel) ultimatum hook put me right after strncpy_from user on getname_flags on namei.c ksu_getname_flags_kernel(&kname, flags); This can replace exec, faccessat and stat hooks. I don't recommend it, but its an option. Signed-off-by: backslashxx <118538522+backslashxx@users.noreply.github.com> kernel: sucompat: provide getname_flags (user) ultimatum hook I'm providing this as an option if you want an ultimatum. Usage: ksu_getname_flags_user(&filename, flags); on entry of getname_flags on namei.c This can replace exec, faccessat and stat hooks. I don't recommend it, but its an option. Signed-off-by: backslashxx <118538522+backslashxx@users.noreply.github.com> kernel: sucompat: provide do_execve_common handler for < 3.14 usage on do_execve_common: ksu_legacy_execve_sucompat(&filename, NULL, NULL); Signed-off-by: backslashxx <118538522+backslashxx@users.noreply.github.com> kernel: expose KSU_LSM_SECURITY_HOOKS on Kconfig disabling this removes the need for LSM_HOOK_INIT, security_add_hooks and such,. furthermore, this will also allow easier integration on pre-4.1 kernels. Expose this and make it a configurable option. Signed-off-by: backslashxx <118538522+backslashxx@users.noreply.github.com> kernel: core_hook: earlier escape_to_root already-root check micro-opt Signed-off-by: backslashxx <118538522+backslashxx@users.noreply.github.com> kernel: ksud: provide dummy handlers for old hooks prevents breaking old builds. kernel: sucompat: sucompat toggle support for non-kp (tiann#2506) This is done like how vfs_read_hook, input_hook and execve_hook is disabled. While this is not exactly the same thing, this CAN achieve the same results. The complete disabling of all KernelSU hooks. While this is likely unneeded, It keeps feature parity to non-kprobe builds. adapted from upstream: kernel: Allow to re-enable sucompat - tiann@4593ae8 Rejected: tiann#2506 Signed-off-by: backslashxx <118538522+backslashxx@users.noreply.github.com> kernel: sucompat: increase reliability, commonize and micro-optimize (tiann#2656) On plain ARMv8.0 devices (A53,A57,A73), strncpy_from_user_nofault() sometimes fails to copy `filename_user` string correctly. This breaks su ofc, breaking some apps like Termux (Play Store ver), ZArchiver and Root Explorer. This does NOT seem to affect newer ARMv8.2+ CPUs (A75/A76 and newer) My speculation? ARMv8.0 has weak speculation :) here we replace `ksu_strncpy_from_user_nofault` with ksu_strncpy_from_user_retry: - ksu_strncpy_from_user_nofault as fast-path copy - fallback to access_ok to validate the pointer + strncpy_from_user - manual null-termination just in case, as strncpy_from_user_nofault also does it - remove that memset, seems useless as it is an strncpy, not strncat basically, we retry on pagefualt for usercopies, its not like were doing memset(dest, 0, sizeof(dest)); strncat(dest, var, bytes); that memset seems unneeded. instead we use strncpy itself to do proper error and oob check and null term it after. as for optimizations - just return early if unauthorized - commonized logic - reduced duplication - migrate from strncpy_from_user to copy_from_user Tested on: - ARMv8.0 A73.a53, A57.a53, A53.a53 - ARMv8.2 A76.a55 Stale: tiann#2656 Signed-off-by: backslashxx <118538522+backslashxx@users.noreply.github.com> kernel: ksud: migrate ksud execution to security_bprm_check (tiann#2653) This migrates ksud execution decision-making to bprm_check_security. This requires passing proper argv and envp to a modified _ksud handler aptly named 'ksu_handle_bprm_ksud'. Introduces: int ksu_handle_bprm_ksud(const char *filename, const char *argv1, const char *envp, size_t envp_len) which is adapted from: int ksu_handle_execveat_ksud(int *fd, struct filename **filename_ptr, struct user_arg_ptr *argv, struct user_arg_ptr *envp, int *flags) ksu_handle_bprm_ksud handles all the decision making, it decides when it is time to apply_kernelsu_rules depending if it sees "second_stage". For LSM hook, turns out we can pull out argv and envp from mm_struct. The code in here explains itself on how to do it. whole blob exists on arg_start to arg_end, so we just pull it out and grab next array after the first null terminator. as for envp, we pass the pointer then hunt for it when needed My reasoning on adding a fallback on usercopy is that on some devices a fault happens, and it copies garbled data. On my creation of this, I actually had to lock that _nofault copy on a spinlock as a way to mimic preempt_disable/enable without actually doing it. As per user reports, no failed _nofault copies anyway but we have-to-have a fallback for resilience. References: - old version1 6efcd81 - old version2 37d5938 - bad usercopy #21 This now provides a small helper function, ksu_copy_from_user_retry, which explains itself. First we attempt a _nofault copy, if that fails, we try plain. With that, It also provides an inlined copy_from_user_nofault for < 5.8. While using strncpy_from_user_nofault was considered, this wont do, this will only copy up to the first \0. devlog: ximi-libra-test/android_kernel_xiaomi_libra@16e5dce...16c1f5f ximi-mojito-test/mojito_krenol@28642e6...728de0c References: https://elixir.bootlin.com/linux/v4.14.1/source/include/linux/mm_types.h#L429 https://elixir.bootlin.com/linux/v4.14.1/source/include/linux/lsm_hooks.h Stale: tiann#2653 Signed-off-by: backslashxx <118538522+backslashxx@users.noreply.github.com> kernel: throne_tracker: offload to kthread (tiann#2632) Run throne_tracker() in kthread instead of blocking the caller. Prevents full lockup during installation and removing the manager. By default, first run remains synchronous for compatibility purposes (FDE, FBEv1, FBEv2) Features: - looks and waits for manager UID in /data/system/packages.list - run track_throne() in a kthread after the first synchronous run - prevent duplicate thread creation with a single-instance check - spinlock-on-d_lock based polling adressing possible race conditions. Race conditions adressed - single instance kthread lock, smp_mb() - track_throne_function, packages.list, spinlock-on-d_lock based polling - is_manager_apk, apk, spinlock-on-d_lock based polling This is a squash of: tiann#2632 Original skeleton based on: `kernelsu: move throne_tracker() to kthread` `kernelsu: check locking before accessing files and dirs during searching manager` `kernelsu: look for manager UID in /data/system/packages.list, not /data/system/packages.list.tmp` acroreiser/android_kernel_lge_hammerhead@0b05e92...8783bad Signed-off-by: backslashxx <118538522+backslashxx@users.noreply.github.com> kernel: core_hook: screw path_umount backport, call sys_umount directly I am repasting here what I posted on the source code originally: /* * turns out path_umount backport is completely unneeded * we copy the trick used on strncpy_from_unsafe_user / strncpy_from_user_nofault * https://elixir.bootlin.com/linux/v4.4.302/source/mm/maccess.c#L184 * basically * * mm_segment_t old_fs = get_fs(); // remember original fs segment * set_fs(USER_DS); // or KERNEL_DS * * do_whatever_in_userspace(); * set_fs(old_fs); // restore fs segment * * * kernel -> user, KERNEL_DS, user -> kernel, USER_DS * * so yes, we can try to straight up call a syscall from kernel space * * NOTE: on newer kernels you can use force_uaccess_begin + force_uaccess_end * ref: https://elixir.bootlin.com/linux/v5.10.237/source/mm/maccess.c#L250 * */ path_umount backport now optional — neat trick, werks, what can I say. Backports? Nah, we’re good. EDITS: - rename path_umount_handler for clarity + proper guards - add a fix for 4.17~5.8 `fs: add ksys_umount() helper; remove in-kernel call to sys_umount()` torvalds/linux@3a18ef5 - which adds a ksys_umount helper, basically turning sys_umount `syscalls/core: Introduce CONFIG_ARCH_HAS_SYSCALL_WRAPPER=y` torvalds/linux@1bd21c6 - which undefines in-kernel calls of syscalls, which is enabled on 4.19's arch/arm64/Kconfig Ref: - https://github.com/torvalds/linux/commits/v4.17/include/linux/syscalls.h - rsuntk@d20f15e Reported-by: rsuntk <90097027+rsuntk@users.noreply.github.com> Signed-off-by: backslashxx <118538522+backslashxx@users.noreply.github.com> kernel: expose allowlist workaround as Kconfig option Useful for situations where the SU allowlist is not kept after a reboot. As per upstream this is only used for < 4.10 and Huawei HiSilicon devices. but theres user reports having issues even on 4.14/4.19 samsung kernels. Expose this option so users affected can opt-in. This supercedes ` kernel:Add Huawei hisi check (tiann#1545) ` References: tiann@f57d351 tiann@b61cb30 Reviewed-by: Alex <a.mihail@pm.me> Signed-off-by: backslashxx <118538522+backslashxx@users.noreply.github.com> kernel: selinux: force sepol_data.sepol to be u64 if we properly align our struct members as such. we wont need all this compat_ptr bullshit. Signed-off-by: backslashxx <118538522+backslashxx@users.noreply.github.com> kernel: restore compat code required for old kernels This commit restores compatibility code needed that was removed at tiann/KernelSU@898e9d4 . where upstream dropped all pre-5.10 support Reverts `kernel:Add Huawei hisi check (tiann#1545)` - upstream tiann/KernelSU@4f05fe2 - superceded by `kernel: expose allowlist workaround as Kconfig option` on next commit Reverts packages.list fsnotify watcher - rename hook is way simpler and we have full access to LSM hooks on this kernel - revert: cf031b4 - kernel: replace renameat hook with fsnotify - revert: 5ac010d - kernel: fix compile - revert: 3138651 - kernel: fix compile below 6.0 Restores LSM hooks: - inode_rename - task_fix_setuid - key permission other changes and cleanups sucompat: ksu_handle_stat(), remove dead ifdef. - just use `ksu_handle_stat(&dfd, &filename->name, &flags);` if you want to hook vfs_statx on 6.1 LINUX_VERSION_CODE / KERNEL_VERSION, ksu.c - reported by Sinclair19 - fix by including version.h fatal_signal_pending, ksud.c - add compat by including sched.h or sched/signal.h conditionally - ref: torvalds/linux@2a1f062 selinux_state.ss, core_hook.c - remove rcu_dereference use - ref: tiann#2695 seccomp.filter_count, core_hook.c - reset this only for 5.9 and up as it only exists there - ref: tiann#2708, gregkh/linux@c818c03 Signed-off-by: backslashxx <118538522+backslashxx@users.noreply.github.com> Revert "kernel: transition devpts in kernel" Reverts 98757bc Signed-off-by: backslashxx <118538522+backslashxx@users.noreply.github.com> kernel: drop LKM and kprobes support Since upstream has kprobes default, and now a requirement, cleaning up support for LKM and kprobes is kind of a must. This simplifies porting small changes, debloat, and makes it easier to maintain downstream, e.g. avoiding excessive use of conditionals (ifdef hell). what breaks: current_user_stack_pointer, sucompat.c - mitigate this by including linux/ptrace.h fatal_signal_pending, ksud.c - mitigate this by including linux/sched/signal.h other changes: Kconfig, CONFIG_KSU, tristate to bool ksud.c, stop_input_hook(), short-circuit redundant logic left by this change. Signed-off-by: backslashxx <118538522+backslashxx@users.noreply.github.com> Co-Authored-By: backslashxx <118538522+backslashxx@users.noreply.github.com> Co-Authored-By: Yaroslav Zviezda <10716792+acroreiser@users.noreply.github.com> Co-Authored-By: ExtremeXT <75576145+extremext@users.noreply.github.com>
backslashxx
pushed a commit
to backslashxx/KernelSU
that referenced
this pull request
Nov 1, 2025
…nn#1704) - torvalds/linux@af63f41 - SELinux domain transitions under NNP/nosuid environment was introduced in 4.14 by the above commit, for older kernels, we need to make sure our domain transitions are allowed when calling ksud at boot from the init - Adapted from tiann#270 (comment) tiann@0950fbb - tiann#1704 tiann@d664fe3 Difference to tiann's version: - use a kretprobe to force a 0 return - grab sids outside of kprobe context to avoid stuckups / hangups Logs: daisy:/ # dmesg | grep -E "transition|grab_sids" [ 5.977810] KernelSU: ksud_grab_sids: got init sid: 62 [ 5.977907] KernelSU: ksud_grab_sids: got su sid: 537 [ 5.980497] KernelSU: kp_ksud: register kretprobe: security_bounded_transition ret: 0 [ 32.008560] KernelSU: kp_ksud: security_bounded_transition: allowing init (62) -> su (537) [ 32.008663] type=1401 audit(2247197.199:61): op=security_bounded_transition seresult=denied oldcontext=u:r:init:s0 newcontext=u:r:su:s0 [ 36.946527] KernelSU: kp_ksud: security_bounded_transition: allowing init (62) -> su (537) [ 61.202278] KernelSU: kp_ksud: security_bounded_transition: allowing init (62) -> su (537) [ 61.202395] type=1401 audit(1761288080.219:1045): op=security_bounded_transition seresult=denied oldcontext=u:r:init:s0 newcontext=u:r:su:s0 daisy:/ # uname -a Linux localhost 4.9.337+64-daikura/db23b17 tiann#634 SMP PREEMPT Fri Oct 24 14:37:19 PST 2025 aarch64 Toybox Signed-off-by: backslashxx <118538522+backslashxx@users.noreply.github.com>
backslashxx
pushed a commit
to backslashxx/KernelSU
that referenced
this pull request
Nov 1, 2025
…nn#1704) - torvalds/linux@af63f41 - SELinux domain transitions under NNP/nosuid environment was introduced in 4.14 by the above commit, for older kernels, we need to make sure our domain transitions are allowed when calling ksud at boot from the init - Adapted from tiann#270 (comment) tiann@0950fbb - tiann#1704 tiann@d664fe3 Difference to tiann's version: - use a kretprobe to force a 0 return - grab sids outside of kprobe context to avoid stuckups / hangups Logs: daisy:/ # dmesg | grep -E "transition|grab_sids" [ 5.977810] KernelSU: ksud_grab_sids: got init sid: 62 [ 5.977907] KernelSU: ksud_grab_sids: got su sid: 537 [ 5.980497] KernelSU: kp_ksud: register kretprobe: security_bounded_transition ret: 0 [ 32.008560] KernelSU: kp_ksud: security_bounded_transition: allowing init (62) -> su (537) [ 32.008663] type=1401 audit(2247197.199:61): op=security_bounded_transition seresult=denied oldcontext=u:r:init:s0 newcontext=u:r:su:s0 [ 36.946527] KernelSU: kp_ksud: security_bounded_transition: allowing init (62) -> su (537) [ 61.202278] KernelSU: kp_ksud: security_bounded_transition: allowing init (62) -> su (537) [ 61.202395] type=1401 audit(1761288080.219:1045): op=security_bounded_transition seresult=denied oldcontext=u:r:init:s0 newcontext=u:r:su:s0 daisy:/ # uname -a Linux localhost 4.9.337+64-daikura/db23b17 tiann#634 SMP PREEMPT Fri Oct 24 14:37:19 PST 2025 aarch64 Toybox Signed-off-by: backslashxx <118538522+backslashxx@users.noreply.github.com>
backslashxx
pushed a commit
to backslashxx/KernelSU
that referenced
this pull request
Nov 1, 2025
…nn#1704) - torvalds/linux@af63f41 - SELinux domain transitions under NNP/nosuid environment was introduced in 4.14 by the above commit, for older kernels, we need to make sure our domain transitions are allowed when calling ksud at boot from the init - Adapted from tiann#270 (comment) tiann@0950fbb - tiann#1704 tiann@d664fe3 Difference to tiann's version: - use a kretprobe to force a 0 return - grab sids outside of kprobe context to avoid stuckups / hangups Logs: daisy:/ # dmesg | grep -E "transition|grab_sids" [ 5.977810] KernelSU: ksud_grab_sids: got init sid: 62 [ 5.977907] KernelSU: ksud_grab_sids: got su sid: 537 [ 5.980497] KernelSU: kp_ksud: register kretprobe: security_bounded_transition ret: 0 [ 32.008560] KernelSU: kp_ksud: security_bounded_transition: allowing init (62) -> su (537) [ 32.008663] type=1401 audit(2247197.199:61): op=security_bounded_transition seresult=denied oldcontext=u:r:init:s0 newcontext=u:r:su:s0 [ 36.946527] KernelSU: kp_ksud: security_bounded_transition: allowing init (62) -> su (537) [ 61.202278] KernelSU: kp_ksud: security_bounded_transition: allowing init (62) -> su (537) [ 61.202395] type=1401 audit(1761288080.219:1045): op=security_bounded_transition seresult=denied oldcontext=u:r:init:s0 newcontext=u:r:su:s0 daisy:/ # uname -a Linux localhost 4.9.337+64-daikura/db23b17 tiann#634 SMP PREEMPT Fri Oct 24 14:37:19 PST 2025 aarch64 Toybox Signed-off-by: backslashxx <118538522+backslashxx@users.noreply.github.com>
backslashxx
pushed a commit
to backslashxx/KernelSU
that referenced
this pull request
Nov 2, 2025
…nn#1704) - torvalds/linux@af63f41 - SELinux domain transitions under NNP/nosuid environment was introduced in 4.14 by the above commit, for older kernels, we need to make sure our domain transitions are allowed when calling ksud at boot from the init - Adapted from tiann#270 (comment) tiann@0950fbb - tiann#1704 tiann@d664fe3 Difference to tiann's version: - use a kretprobe to force a 0 return - grab sids outside of kprobe context to avoid stuckups / hangups Logs: daisy:/ # dmesg | grep -E "transition|grab_sids" [ 5.977810] KernelSU: ksud_grab_sids: got init sid: 62 [ 5.977907] KernelSU: ksud_grab_sids: got su sid: 537 [ 5.980497] KernelSU: kp_ksud: register kretprobe: security_bounded_transition ret: 0 [ 32.008560] KernelSU: kp_ksud: security_bounded_transition: allowing init (62) -> su (537) [ 32.008663] type=1401 audit(2247197.199:61): op=security_bounded_transition seresult=denied oldcontext=u:r:init:s0 newcontext=u:r:su:s0 [ 36.946527] KernelSU: kp_ksud: security_bounded_transition: allowing init (62) -> su (537) [ 61.202278] KernelSU: kp_ksud: security_bounded_transition: allowing init (62) -> su (537) [ 61.202395] type=1401 audit(1761288080.219:1045): op=security_bounded_transition seresult=denied oldcontext=u:r:init:s0 newcontext=u:r:su:s0 daisy:/ # uname -a Linux localhost 4.9.337+64-daikura/db23b17 tiann#634 SMP PREEMPT Fri Oct 24 14:37:19 PST 2025 aarch64 Toybox Signed-off-by: backslashxx <118538522+backslashxx@users.noreply.github.com>
backslashxx
pushed a commit
to backslashxx/KernelSU
that referenced
this pull request
Nov 2, 2025
…nn#1704) - torvalds/linux@af63f41 - SELinux domain transitions under NNP/nosuid environment was introduced in 4.14 by the above commit, for older kernels, we need to make sure our domain transitions are allowed when calling ksud at boot from the init - Adapted from tiann#270 (comment) tiann@0950fbb - tiann#1704 tiann@d664fe3 Difference to tiann's version: - use a kretprobe to force a 0 return - grab sids outside of kprobe context to avoid stuckups / hangups Logs: daisy:/ # dmesg | grep -E "transition|grab_sids" [ 5.977810] KernelSU: ksud_grab_sids: got init sid: 62 [ 5.977907] KernelSU: ksud_grab_sids: got su sid: 537 [ 5.980497] KernelSU: kp_ksud: register kretprobe: security_bounded_transition ret: 0 [ 32.008560] KernelSU: kp_ksud: security_bounded_transition: allowing init (62) -> su (537) [ 32.008663] type=1401 audit(2247197.199:61): op=security_bounded_transition seresult=denied oldcontext=u:r:init:s0 newcontext=u:r:su:s0 [ 36.946527] KernelSU: kp_ksud: security_bounded_transition: allowing init (62) -> su (537) [ 61.202278] KernelSU: kp_ksud: security_bounded_transition: allowing init (62) -> su (537) [ 61.202395] type=1401 audit(1761288080.219:1045): op=security_bounded_transition seresult=denied oldcontext=u:r:init:s0 newcontext=u:r:su:s0 daisy:/ # uname -a Linux localhost 4.9.337+64-daikura/db23b17 tiann#634 SMP PREEMPT Fri Oct 24 14:37:19 PST 2025 aarch64 Toybox Signed-off-by: backslashxx <118538522+backslashxx@users.noreply.github.com>
backslashxx
pushed a commit
to backslashxx/KernelSU
that referenced
this pull request
Nov 2, 2025
…nn#1704) - torvalds/linux@af63f41 - SELinux domain transitions under NNP/nosuid environment was introduced in 4.14 by the above commit, for older kernels, we need to make sure our domain transitions are allowed when calling ksud at boot from the init - Adapted from tiann#270 (comment) tiann@0950fbb - tiann#1704 tiann@d664fe3 Difference to tiann's version: - use a kretprobe to force a 0 return - grab sids outside of kprobe context to avoid stuckups / hangups Logs: daisy:/ # dmesg | grep -E "transition|grab_sids" [ 5.977810] KernelSU: ksud_grab_sids: got init sid: 62 [ 5.977907] KernelSU: ksud_grab_sids: got su sid: 537 [ 5.980497] KernelSU: kp_ksud: register kretprobe: security_bounded_transition ret: 0 [ 32.008560] KernelSU: kp_ksud: security_bounded_transition: allowing init (62) -> su (537) [ 32.008663] type=1401 audit(2247197.199:61): op=security_bounded_transition seresult=denied oldcontext=u:r:init:s0 newcontext=u:r:su:s0 [ 36.946527] KernelSU: kp_ksud: security_bounded_transition: allowing init (62) -> su (537) [ 61.202278] KernelSU: kp_ksud: security_bounded_transition: allowing init (62) -> su (537) [ 61.202395] type=1401 audit(1761288080.219:1045): op=security_bounded_transition seresult=denied oldcontext=u:r:init:s0 newcontext=u:r:su:s0 daisy:/ # uname -a Linux localhost 4.9.337+64-daikura/db23b17 tiann#634 SMP PREEMPT Fri Oct 24 14:37:19 PST 2025 aarch64 Toybox Signed-off-by: backslashxx <118538522+backslashxx@users.noreply.github.com>
backslashxx
pushed a commit
to backslashxx/KernelSU
that referenced
this pull request
Nov 2, 2025
…nn#1704) - torvalds/linux@af63f41 - SELinux domain transitions under NNP/nosuid environment was introduced in 4.14 by the above commit, for older kernels, we need to make sure our domain transitions are allowed when calling ksud at boot from the init - Adapted from tiann#270 (comment) tiann@0950fbb - tiann#1704 tiann@d664fe3 Difference to tiann's version: - use a kretprobe to force a 0 return - grab sids outside of kprobe context to avoid stuckups / hangups Logs: daisy:/ # dmesg | grep -E "transition|grab_sids" [ 5.977810] KernelSU: ksud_grab_sids: got init sid: 62 [ 5.977907] KernelSU: ksud_grab_sids: got su sid: 537 [ 5.980497] KernelSU: kp_ksud: register kretprobe: security_bounded_transition ret: 0 [ 32.008560] KernelSU: kp_ksud: security_bounded_transition: allowing init (62) -> su (537) [ 32.008663] type=1401 audit(2247197.199:61): op=security_bounded_transition seresult=denied oldcontext=u:r:init:s0 newcontext=u:r:su:s0 [ 36.946527] KernelSU: kp_ksud: security_bounded_transition: allowing init (62) -> su (537) [ 61.202278] KernelSU: kp_ksud: security_bounded_transition: allowing init (62) -> su (537) [ 61.202395] type=1401 audit(1761288080.219:1045): op=security_bounded_transition seresult=denied oldcontext=u:r:init:s0 newcontext=u:r:su:s0 daisy:/ # uname -a Linux localhost 4.9.337+64-daikura/db23b17 tiann#634 SMP PREEMPT Fri Oct 24 14:37:19 PST 2025 aarch64 Toybox Signed-off-by: backslashxx <118538522+backslashxx@users.noreply.github.com>
backslashxx
pushed a commit
to backslashxx/KernelSU
that referenced
this pull request
Nov 2, 2025
…nn#1704) - torvalds/linux@af63f41 - SELinux domain transitions under NNP/nosuid environment was introduced in 4.14 by the above commit, for older kernels, we need to make sure our domain transitions are allowed when calling ksud at boot from the init - Adapted from tiann#270 (comment) tiann@0950fbb - tiann#1704 tiann@d664fe3 Difference to tiann's version: - use a kretprobe to force a 0 return - grab sids outside of kprobe context to avoid stuckups / hangups Logs: daisy:/ # dmesg | grep -E "transition|grab_sids" [ 5.977810] KernelSU: ksud_grab_sids: got init sid: 62 [ 5.977907] KernelSU: ksud_grab_sids: got su sid: 537 [ 5.980497] KernelSU: kp_ksud: register kretprobe: security_bounded_transition ret: 0 [ 32.008560] KernelSU: kp_ksud: security_bounded_transition: allowing init (62) -> su (537) [ 32.008663] type=1401 audit(2247197.199:61): op=security_bounded_transition seresult=denied oldcontext=u:r:init:s0 newcontext=u:r:su:s0 [ 36.946527] KernelSU: kp_ksud: security_bounded_transition: allowing init (62) -> su (537) [ 61.202278] KernelSU: kp_ksud: security_bounded_transition: allowing init (62) -> su (537) [ 61.202395] type=1401 audit(1761288080.219:1045): op=security_bounded_transition seresult=denied oldcontext=u:r:init:s0 newcontext=u:r:su:s0 daisy:/ # uname -a Linux localhost 4.9.337+64-daikura/db23b17 tiann#634 SMP PREEMPT Fri Oct 24 14:37:19 PST 2025 aarch64 Toybox Signed-off-by: backslashxx <118538522+backslashxx@users.noreply.github.com>
backslashxx
pushed a commit
to backslashxx/KernelSU
that referenced
this pull request
Nov 2, 2025
…nn#1704) - torvalds/linux@af63f41 - SELinux domain transitions under NNP/nosuid environment was introduced in 4.14 by the above commit, for older kernels, we need to make sure our domain transitions are allowed when calling ksud at boot from the init - Adapted from tiann#270 (comment) tiann@0950fbb - tiann#1704 tiann@d664fe3 Difference to tiann's version: - use a kretprobe to force a 0 return - grab sids outside of kprobe context to avoid stuckups / hangups Logs: daisy:/ # dmesg | grep -E "transition|grab_sids" [ 5.977810] KernelSU: ksud_grab_sids: got init sid: 62 [ 5.977907] KernelSU: ksud_grab_sids: got su sid: 537 [ 5.980497] KernelSU: kp_ksud: register kretprobe: security_bounded_transition ret: 0 [ 32.008560] KernelSU: kp_ksud: security_bounded_transition: allowing init (62) -> su (537) [ 32.008663] type=1401 audit(2247197.199:61): op=security_bounded_transition seresult=denied oldcontext=u:r:init:s0 newcontext=u:r:su:s0 [ 36.946527] KernelSU: kp_ksud: security_bounded_transition: allowing init (62) -> su (537) [ 61.202278] KernelSU: kp_ksud: security_bounded_transition: allowing init (62) -> su (537) [ 61.202395] type=1401 audit(1761288080.219:1045): op=security_bounded_transition seresult=denied oldcontext=u:r:init:s0 newcontext=u:r:su:s0 daisy:/ # uname -a Linux localhost 4.9.337+64-daikura/db23b17 tiann#634 SMP PREEMPT Fri Oct 24 14:37:19 PST 2025 aarch64 Toybox Signed-off-by: backslashxx <118538522+backslashxx@users.noreply.github.com>
backslashxx
pushed a commit
to backslashxx/KernelSU
that referenced
this pull request
Nov 2, 2025
…nn#1704) - torvalds/linux@af63f41 - SELinux domain transitions under NNP/nosuid environment was introduced in 4.14 by the above commit, for older kernels, we need to make sure our domain transitions are allowed when calling ksud at boot from the init - Adapted from tiann#270 (comment) tiann@0950fbb - tiann#1704 tiann@d664fe3 Difference to tiann's version: - use a kretprobe to force a 0 return - grab sids outside of kprobe context to avoid stuckups / hangups Logs: daisy:/ # dmesg | grep -E "transition|grab_sids" [ 5.977810] KernelSU: ksud_grab_sids: got init sid: 62 [ 5.977907] KernelSU: ksud_grab_sids: got su sid: 537 [ 5.980497] KernelSU: kp_ksud: register kretprobe: security_bounded_transition ret: 0 [ 32.008560] KernelSU: kp_ksud: security_bounded_transition: allowing init (62) -> su (537) [ 32.008663] type=1401 audit(2247197.199:61): op=security_bounded_transition seresult=denied oldcontext=u:r:init:s0 newcontext=u:r:su:s0 [ 36.946527] KernelSU: kp_ksud: security_bounded_transition: allowing init (62) -> su (537) [ 61.202278] KernelSU: kp_ksud: security_bounded_transition: allowing init (62) -> su (537) [ 61.202395] type=1401 audit(1761288080.219:1045): op=security_bounded_transition seresult=denied oldcontext=u:r:init:s0 newcontext=u:r:su:s0 daisy:/ # uname -a Linux localhost 4.9.337+64-daikura/db23b17 tiann#634 SMP PREEMPT Fri Oct 24 14:37:19 PST 2025 aarch64 Toybox Signed-off-by: backslashxx <118538522+backslashxx@users.noreply.github.com>
backslashxx
pushed a commit
to backslashxx/KernelSU
that referenced
this pull request
Nov 2, 2025
…nn#1704) - torvalds/linux@af63f41 - SELinux domain transitions under NNP/nosuid environment was introduced in 4.14 by the above commit, for older kernels, we need to make sure our domain transitions are allowed when calling ksud at boot from the init - Adapted from tiann#270 (comment) tiann@0950fbb - tiann#1704 tiann@d664fe3 Difference to tiann's version: - use a kretprobe to force a 0 return - grab sids outside of kprobe context to avoid stuckups / hangups Logs: daisy:/ # dmesg | grep -E "transition|grab_sids" [ 5.977810] KernelSU: ksud_grab_sids: got init sid: 62 [ 5.977907] KernelSU: ksud_grab_sids: got su sid: 537 [ 5.980497] KernelSU: kp_ksud: register kretprobe: security_bounded_transition ret: 0 [ 32.008560] KernelSU: kp_ksud: security_bounded_transition: allowing init (62) -> su (537) [ 32.008663] type=1401 audit(2247197.199:61): op=security_bounded_transition seresult=denied oldcontext=u:r:init:s0 newcontext=u:r:su:s0 [ 36.946527] KernelSU: kp_ksud: security_bounded_transition: allowing init (62) -> su (537) [ 61.202278] KernelSU: kp_ksud: security_bounded_transition: allowing init (62) -> su (537) [ 61.202395] type=1401 audit(1761288080.219:1045): op=security_bounded_transition seresult=denied oldcontext=u:r:init:s0 newcontext=u:r:su:s0 daisy:/ # uname -a Linux localhost 4.9.337+64-daikura/db23b17 tiann#634 SMP PREEMPT Fri Oct 24 14:37:19 PST 2025 aarch64 Toybox Signed-off-by: backslashxx <118538522+backslashxx@users.noreply.github.com>
backslashxx
pushed a commit
to backslashxx/KernelSU
that referenced
this pull request
Nov 2, 2025
…nn#1704) - torvalds/linux@af63f41 - SELinux domain transitions under NNP/nosuid environment was introduced in 4.14 by the above commit, for older kernels, we need to make sure our domain transitions are allowed when calling ksud at boot from the init - Adapted from tiann#270 (comment) tiann@0950fbb - tiann#1704 tiann@d664fe3 Difference to tiann's version: - use a kretprobe to force a 0 return - grab sids outside of kprobe context to avoid stuckups / hangups Logs: daisy:/ # dmesg | grep -E "transition|grab_sids" [ 5.977810] KernelSU: ksud_grab_sids: got init sid: 62 [ 5.977907] KernelSU: ksud_grab_sids: got su sid: 537 [ 5.980497] KernelSU: kp_ksud: register kretprobe: security_bounded_transition ret: 0 [ 32.008560] KernelSU: kp_ksud: security_bounded_transition: allowing init (62) -> su (537) [ 32.008663] type=1401 audit(2247197.199:61): op=security_bounded_transition seresult=denied oldcontext=u:r:init:s0 newcontext=u:r:su:s0 [ 36.946527] KernelSU: kp_ksud: security_bounded_transition: allowing init (62) -> su (537) [ 61.202278] KernelSU: kp_ksud: security_bounded_transition: allowing init (62) -> su (537) [ 61.202395] type=1401 audit(1761288080.219:1045): op=security_bounded_transition seresult=denied oldcontext=u:r:init:s0 newcontext=u:r:su:s0 daisy:/ # uname -a Linux localhost 4.9.337+64-daikura/db23b17 tiann#634 SMP PREEMPT Fri Oct 24 14:37:19 PST 2025 aarch64 Toybox Signed-off-by: backslashxx <118538522+backslashxx@users.noreply.github.com>
backslashxx
pushed a commit
to backslashxx/KernelSU
that referenced
this pull request
Nov 2, 2025
…nn#1704) - torvalds/linux@af63f41 - SELinux domain transitions under NNP/nosuid environment was introduced in 4.14 by the above commit, for older kernels, we need to make sure our domain transitions are allowed when calling ksud at boot from the init - Adapted from tiann#270 (comment) tiann@0950fbb - tiann#1704 tiann@d664fe3 Difference to tiann's version: - use a kretprobe to force a 0 return - grab sids outside of kprobe context to avoid stuckups / hangups Logs: daisy:/ # dmesg | grep -E "transition|grab_sids" [ 5.977810] KernelSU: ksud_grab_sids: got init sid: 62 [ 5.977907] KernelSU: ksud_grab_sids: got su sid: 537 [ 5.980497] KernelSU: kp_ksud: register kretprobe: security_bounded_transition ret: 0 [ 32.008560] KernelSU: kp_ksud: security_bounded_transition: allowing init (62) -> su (537) [ 32.008663] type=1401 audit(2247197.199:61): op=security_bounded_transition seresult=denied oldcontext=u:r:init:s0 newcontext=u:r:su:s0 [ 36.946527] KernelSU: kp_ksud: security_bounded_transition: allowing init (62) -> su (537) [ 61.202278] KernelSU: kp_ksud: security_bounded_transition: allowing init (62) -> su (537) [ 61.202395] type=1401 audit(1761288080.219:1045): op=security_bounded_transition seresult=denied oldcontext=u:r:init:s0 newcontext=u:r:su:s0 daisy:/ # uname -a Linux localhost 4.9.337+64-daikura/db23b17 tiann#634 SMP PREEMPT Fri Oct 24 14:37:19 PST 2025 aarch64 Toybox Signed-off-by: backslashxx <118538522+backslashxx@users.noreply.github.com>
backslashxx
pushed a commit
to backslashxx/KernelSU
that referenced
this pull request
Nov 2, 2025
…nn#1704) - torvalds/linux@af63f41 - SELinux domain transitions under NNP/nosuid environment was introduced in 4.14 by the above commit, for older kernels, we need to make sure our domain transitions are allowed when calling ksud at boot from the init - Adapted from tiann#270 (comment) tiann@0950fbb - tiann#1704 tiann@d664fe3 Difference to tiann's version: - use a kretprobe to force a 0 return - grab sids outside of kprobe context to avoid stuckups / hangups Logs: daisy:/ # dmesg | grep -E "transition|grab_sids" [ 5.977810] KernelSU: ksud_grab_sids: got init sid: 62 [ 5.977907] KernelSU: ksud_grab_sids: got su sid: 537 [ 5.980497] KernelSU: kp_ksud: register kretprobe: security_bounded_transition ret: 0 [ 32.008560] KernelSU: kp_ksud: security_bounded_transition: allowing init (62) -> su (537) [ 32.008663] type=1401 audit(2247197.199:61): op=security_bounded_transition seresult=denied oldcontext=u:r:init:s0 newcontext=u:r:su:s0 [ 36.946527] KernelSU: kp_ksud: security_bounded_transition: allowing init (62) -> su (537) [ 61.202278] KernelSU: kp_ksud: security_bounded_transition: allowing init (62) -> su (537) [ 61.202395] type=1401 audit(1761288080.219:1045): op=security_bounded_transition seresult=denied oldcontext=u:r:init:s0 newcontext=u:r:su:s0 daisy:/ # uname -a Linux localhost 4.9.337+64-daikura/db23b17 tiann#634 SMP PREEMPT Fri Oct 24 14:37:19 PST 2025 aarch64 Toybox Signed-off-by: backslashxx <118538522+backslashxx@users.noreply.github.com>
backslashxx
pushed a commit
to backslashxx/KernelSU
that referenced
this pull request
Nov 2, 2025
…nn#1704) - torvalds/linux@af63f41 - SELinux domain transitions under NNP/nosuid environment was introduced in 4.14 by the above commit, for older kernels, we need to make sure our domain transitions are allowed when calling ksud at boot from the init - Adapted from tiann#270 (comment) tiann@0950fbb - tiann#1704 tiann@d664fe3 Difference to tiann's version: - use a kretprobe to force a 0 return - grab sids outside of kprobe context to avoid stuckups / hangups Logs: daisy:/ # dmesg | grep -E "transition|grab_sids" [ 5.977810] KernelSU: ksud_grab_sids: got init sid: 62 [ 5.977907] KernelSU: ksud_grab_sids: got su sid: 537 [ 5.980497] KernelSU: kp_ksud: register kretprobe: security_bounded_transition ret: 0 [ 32.008560] KernelSU: kp_ksud: security_bounded_transition: allowing init (62) -> su (537) [ 32.008663] type=1401 audit(2247197.199:61): op=security_bounded_transition seresult=denied oldcontext=u:r:init:s0 newcontext=u:r:su:s0 [ 36.946527] KernelSU: kp_ksud: security_bounded_transition: allowing init (62) -> su (537) [ 61.202278] KernelSU: kp_ksud: security_bounded_transition: allowing init (62) -> su (537) [ 61.202395] type=1401 audit(1761288080.219:1045): op=security_bounded_transition seresult=denied oldcontext=u:r:init:s0 newcontext=u:r:su:s0 daisy:/ # uname -a Linux localhost 4.9.337+64-daikura/db23b17 tiann#634 SMP PREEMPT Fri Oct 24 14:37:19 PST 2025 aarch64 Toybox Signed-off-by: backslashxx <118538522+backslashxx@users.noreply.github.com>
backslashxx
pushed a commit
to backslashxx/KernelSU
that referenced
this pull request
Nov 3, 2025
…nn#1704) - torvalds/linux@af63f41 - SELinux domain transitions under NNP/nosuid environment was introduced in 4.14 by the above commit, for older kernels, we need to make sure our domain transitions are allowed when calling ksud at boot from the init - Adapted from tiann#270 (comment) tiann@0950fbb - tiann#1704 tiann@d664fe3 Difference to tiann's version: - use a kretprobe to force a 0 return - grab sids outside of kprobe context to avoid stuckups / hangups Logs: daisy:/ # dmesg | grep -E "transition|grab_sids" [ 5.977810] KernelSU: ksud_grab_sids: got init sid: 62 [ 5.977907] KernelSU: ksud_grab_sids: got su sid: 537 [ 5.980497] KernelSU: kp_ksud: register kretprobe: security_bounded_transition ret: 0 [ 32.008560] KernelSU: kp_ksud: security_bounded_transition: allowing init (62) -> su (537) [ 32.008663] type=1401 audit(2247197.199:61): op=security_bounded_transition seresult=denied oldcontext=u:r:init:s0 newcontext=u:r:su:s0 [ 36.946527] KernelSU: kp_ksud: security_bounded_transition: allowing init (62) -> su (537) [ 61.202278] KernelSU: kp_ksud: security_bounded_transition: allowing init (62) -> su (537) [ 61.202395] type=1401 audit(1761288080.219:1045): op=security_bounded_transition seresult=denied oldcontext=u:r:init:s0 newcontext=u:r:su:s0 daisy:/ # uname -a Linux localhost 4.9.337+64-daikura/db23b17 tiann#634 SMP PREEMPT Fri Oct 24 14:37:19 PST 2025 aarch64 Toybox Signed-off-by: backslashxx <118538522+backslashxx@users.noreply.github.com>
backslashxx
pushed a commit
to backslashxx/KernelSU
that referenced
this pull request
Nov 3, 2025
…nn#1704) - torvalds/linux@af63f41 - SELinux domain transitions under NNP/nosuid environment was introduced in 4.14 by the above commit, for older kernels, we need to make sure our domain transitions are allowed when calling ksud at boot from the init - Adapted from tiann#270 (comment) tiann@0950fbb - tiann#1704 tiann@d664fe3 Difference to tiann's version: - use a kretprobe to force a 0 return - grab sids outside of kprobe context to avoid stuckups / hangups Logs: daisy:/ # dmesg | grep -E "transition|grab_sids" [ 5.977810] KernelSU: ksud_grab_sids: got init sid: 62 [ 5.977907] KernelSU: ksud_grab_sids: got su sid: 537 [ 5.980497] KernelSU: kp_ksud: register kretprobe: security_bounded_transition ret: 0 [ 32.008560] KernelSU: kp_ksud: security_bounded_transition: allowing init (62) -> su (537) [ 32.008663] type=1401 audit(2247197.199:61): op=security_bounded_transition seresult=denied oldcontext=u:r:init:s0 newcontext=u:r:su:s0 [ 36.946527] KernelSU: kp_ksud: security_bounded_transition: allowing init (62) -> su (537) [ 61.202278] KernelSU: kp_ksud: security_bounded_transition: allowing init (62) -> su (537) [ 61.202395] type=1401 audit(1761288080.219:1045): op=security_bounded_transition seresult=denied oldcontext=u:r:init:s0 newcontext=u:r:su:s0 daisy:/ # uname -a Linux localhost 4.9.337+64-daikura/db23b17 tiann#634 SMP PREEMPT Fri Oct 24 14:37:19 PST 2025 aarch64 Toybox Signed-off-by: backslashxx <118538522+backslashxx@users.noreply.github.com>
backslashxx
pushed a commit
to backslashxx/KernelSU
that referenced
this pull request
Nov 3, 2025
…nn#1704) - torvalds/linux@af63f41 - SELinux domain transitions under NNP/nosuid environment was introduced in 4.14 by the above commit, for older kernels, we need to make sure our domain transitions are allowed when calling ksud at boot from the init - Adapted from tiann#270 (comment) tiann@0950fbb - tiann#1704 tiann@d664fe3 Difference to tiann's version: - use a kretprobe to force a 0 return - grab sids outside of kprobe context to avoid stuckups / hangups Logs: daisy:/ # dmesg | grep -E "transition|grab_sids" [ 5.977810] KernelSU: ksud_grab_sids: got init sid: 62 [ 5.977907] KernelSU: ksud_grab_sids: got su sid: 537 [ 5.980497] KernelSU: kp_ksud: register kretprobe: security_bounded_transition ret: 0 [ 32.008560] KernelSU: kp_ksud: security_bounded_transition: allowing init (62) -> su (537) [ 32.008663] type=1401 audit(2247197.199:61): op=security_bounded_transition seresult=denied oldcontext=u:r:init:s0 newcontext=u:r:su:s0 [ 36.946527] KernelSU: kp_ksud: security_bounded_transition: allowing init (62) -> su (537) [ 61.202278] KernelSU: kp_ksud: security_bounded_transition: allowing init (62) -> su (537) [ 61.202395] type=1401 audit(1761288080.219:1045): op=security_bounded_transition seresult=denied oldcontext=u:r:init:s0 newcontext=u:r:su:s0 daisy:/ # uname -a Linux localhost 4.9.337+64-daikura/db23b17 tiann#634 SMP PREEMPT Fri Oct 24 14:37:19 PST 2025 aarch64 Toybox Signed-off-by: backslashxx <118538522+backslashxx@users.noreply.github.com>
backslashxx
pushed a commit
to backslashxx/KernelSU
that referenced
this pull request
Nov 3, 2025
…nn#1704) - torvalds/linux@af63f41 - SELinux domain transitions under NNP/nosuid environment was introduced in 4.14 by the above commit, for older kernels, we need to make sure our domain transitions are allowed when calling ksud at boot from the init - Adapted from tiann#270 (comment) tiann@0950fbb - tiann#1704 tiann@d664fe3 Difference to tiann's version: - use a kretprobe to force a 0 return - grab sids outside of kprobe context to avoid stuckups / hangups Logs: daisy:/ # dmesg | grep -E "transition|grab_sids" [ 5.977810] KernelSU: ksud_grab_sids: got init sid: 62 [ 5.977907] KernelSU: ksud_grab_sids: got su sid: 537 [ 5.980497] KernelSU: kp_ksud: register kretprobe: security_bounded_transition ret: 0 [ 32.008560] KernelSU: kp_ksud: security_bounded_transition: allowing init (62) -> su (537) [ 32.008663] type=1401 audit(2247197.199:61): op=security_bounded_transition seresult=denied oldcontext=u:r:init:s0 newcontext=u:r:su:s0 [ 36.946527] KernelSU: kp_ksud: security_bounded_transition: allowing init (62) -> su (537) [ 61.202278] KernelSU: kp_ksud: security_bounded_transition: allowing init (62) -> su (537) [ 61.202395] type=1401 audit(1761288080.219:1045): op=security_bounded_transition seresult=denied oldcontext=u:r:init:s0 newcontext=u:r:su:s0 daisy:/ # uname -a Linux localhost 4.9.337+64-daikura/db23b17 tiann#634 SMP PREEMPT Fri Oct 24 14:37:19 PST 2025 aarch64 Toybox Signed-off-by: backslashxx <118538522+backslashxx@users.noreply.github.com>
backslashxx
pushed a commit
to backslashxx/KernelSU
that referenced
this pull request
Nov 3, 2025
…nn#1704) - torvalds/linux@af63f41 - SELinux domain transitions under NNP/nosuid environment was introduced in 4.14 by the above commit, for older kernels, we need to make sure our domain transitions are allowed when calling ksud at boot from the init - Adapted from tiann#270 (comment) tiann@0950fbb - tiann#1704 tiann@d664fe3 Difference to tiann's version: - use a kretprobe to force a 0 return - grab sids outside of kprobe context to avoid stuckups / hangups Logs: daisy:/ # dmesg | grep -E "transition|grab_sids" [ 5.977810] KernelSU: ksud_grab_sids: got init sid: 62 [ 5.977907] KernelSU: ksud_grab_sids: got su sid: 537 [ 5.980497] KernelSU: kp_ksud: register kretprobe: security_bounded_transition ret: 0 [ 32.008560] KernelSU: kp_ksud: security_bounded_transition: allowing init (62) -> su (537) [ 32.008663] type=1401 audit(2247197.199:61): op=security_bounded_transition seresult=denied oldcontext=u:r:init:s0 newcontext=u:r:su:s0 [ 36.946527] KernelSU: kp_ksud: security_bounded_transition: allowing init (62) -> su (537) [ 61.202278] KernelSU: kp_ksud: security_bounded_transition: allowing init (62) -> su (537) [ 61.202395] type=1401 audit(1761288080.219:1045): op=security_bounded_transition seresult=denied oldcontext=u:r:init:s0 newcontext=u:r:su:s0 daisy:/ # uname -a Linux localhost 4.9.337+64-daikura/db23b17 tiann#634 SMP PREEMPT Fri Oct 24 14:37:19 PST 2025 aarch64 Toybox Signed-off-by: backslashxx <118538522+backslashxx@users.noreply.github.com>
backslashxx
pushed a commit
to backslashxx/KernelSU
that referenced
this pull request
Nov 3, 2025
…nn#1704) - torvalds/linux@af63f41 - SELinux domain transitions under NNP/nosuid environment was introduced in 4.14 by the above commit, for older kernels, we need to make sure our domain transitions are allowed when calling ksud at boot from the init - Adapted from tiann#270 (comment) tiann@0950fbb - tiann#1704 tiann@d664fe3 Difference to tiann's version: - use a kretprobe to force a 0 return - grab sids outside of kprobe context to avoid stuckups / hangups Logs: daisy:/ # dmesg | grep -E "transition|grab_sids" [ 5.977810] KernelSU: ksud_grab_sids: got init sid: 62 [ 5.977907] KernelSU: ksud_grab_sids: got su sid: 537 [ 5.980497] KernelSU: kp_ksud: register kretprobe: security_bounded_transition ret: 0 [ 32.008560] KernelSU: kp_ksud: security_bounded_transition: allowing init (62) -> su (537) [ 32.008663] type=1401 audit(2247197.199:61): op=security_bounded_transition seresult=denied oldcontext=u:r:init:s0 newcontext=u:r:su:s0 [ 36.946527] KernelSU: kp_ksud: security_bounded_transition: allowing init (62) -> su (537) [ 61.202278] KernelSU: kp_ksud: security_bounded_transition: allowing init (62) -> su (537) [ 61.202395] type=1401 audit(1761288080.219:1045): op=security_bounded_transition seresult=denied oldcontext=u:r:init:s0 newcontext=u:r:su:s0 daisy:/ # uname -a Linux localhost 4.9.337+64-daikura/db23b17 tiann#634 SMP PREEMPT Fri Oct 24 14:37:19 PST 2025 aarch64 Toybox Signed-off-by: backslashxx <118538522+backslashxx@users.noreply.github.com>
backslashxx
pushed a commit
to backslashxx/KernelSU
that referenced
this pull request
Nov 4, 2025
…nn#1704) - torvalds/linux@af63f41 - SELinux domain transitions under NNP/nosuid environment was introduced in 4.14 by the above commit, for older kernels, we need to make sure our domain transitions are allowed when calling ksud at boot from the init - Adapted from tiann#270 (comment) tiann@0950fbb - tiann#1704 tiann@d664fe3 Difference to tiann's version: - use a kretprobe to force a 0 return - grab sids outside of kprobe context to avoid stuckups / hangups Logs: daisy:/ # dmesg | grep -E "transition|grab_sids" [ 5.977810] KernelSU: ksud_grab_sids: got init sid: 62 [ 5.977907] KernelSU: ksud_grab_sids: got su sid: 537 [ 5.980497] KernelSU: kp_ksud: register kretprobe: security_bounded_transition ret: 0 [ 32.008560] KernelSU: kp_ksud: security_bounded_transition: allowing init (62) -> su (537) [ 32.008663] type=1401 audit(2247197.199:61): op=security_bounded_transition seresult=denied oldcontext=u:r:init:s0 newcontext=u:r:su:s0 [ 36.946527] KernelSU: kp_ksud: security_bounded_transition: allowing init (62) -> su (537) [ 61.202278] KernelSU: kp_ksud: security_bounded_transition: allowing init (62) -> su (537) [ 61.202395] type=1401 audit(1761288080.219:1045): op=security_bounded_transition seresult=denied oldcontext=u:r:init:s0 newcontext=u:r:su:s0 daisy:/ # uname -a Linux localhost 4.9.337+64-daikura/db23b17 tiann#634 SMP PREEMPT Fri Oct 24 14:37:19 PST 2025 aarch64 Toybox Signed-off-by: backslashxx <118538522+backslashxx@users.noreply.github.com>
backslashxx
pushed a commit
to backslashxx/KernelSU
that referenced
this pull request
Nov 4, 2025
…nn#1704) - torvalds/linux@af63f41 - SELinux domain transitions under NNP/nosuid environment was introduced in 4.14 by the above commit, for older kernels, we need to make sure our domain transitions are allowed when calling ksud at boot from the init - Adapted from tiann#270 (comment) tiann@0950fbb - tiann#1704 tiann@d664fe3 Difference to tiann's version: - use a kretprobe to force a 0 return - grab sids outside of kprobe context to avoid stuckups / hangups Logs: daisy:/ # dmesg | grep -E "transition|grab_sids" [ 5.977810] KernelSU: ksud_grab_sids: got init sid: 62 [ 5.977907] KernelSU: ksud_grab_sids: got su sid: 537 [ 5.980497] KernelSU: kp_ksud: register kretprobe: security_bounded_transition ret: 0 [ 32.008560] KernelSU: kp_ksud: security_bounded_transition: allowing init (62) -> su (537) [ 32.008663] type=1401 audit(2247197.199:61): op=security_bounded_transition seresult=denied oldcontext=u:r:init:s0 newcontext=u:r:su:s0 [ 36.946527] KernelSU: kp_ksud: security_bounded_transition: allowing init (62) -> su (537) [ 61.202278] KernelSU: kp_ksud: security_bounded_transition: allowing init (62) -> su (537) [ 61.202395] type=1401 audit(1761288080.219:1045): op=security_bounded_transition seresult=denied oldcontext=u:r:init:s0 newcontext=u:r:su:s0 daisy:/ # uname -a Linux localhost 4.9.337+64-daikura/db23b17 tiann#634 SMP PREEMPT Fri Oct 24 14:37:19 PST 2025 aarch64 Toybox Signed-off-by: backslashxx <118538522+backslashxx@users.noreply.github.com>
backslashxx
pushed a commit
to backslashxx/KernelSU
that referenced
this pull request
Nov 4, 2025
…nn#1704) - torvalds/linux@af63f41 - SELinux domain transitions under NNP/nosuid environment was introduced in 4.14 by the above commit, for older kernels, we need to make sure our domain transitions are allowed when calling ksud at boot from the init - Adapted from tiann#270 (comment) tiann@0950fbb - tiann#1704 tiann@d664fe3 Difference to tiann's version: - use a kretprobe to force a 0 return - grab sids outside of kprobe context to avoid stuckups / hangups Logs: daisy:/ # dmesg | grep -E "transition|grab_sids" [ 5.977810] KernelSU: ksud_grab_sids: got init sid: 62 [ 5.977907] KernelSU: ksud_grab_sids: got su sid: 537 [ 5.980497] KernelSU: kp_ksud: register kretprobe: security_bounded_transition ret: 0 [ 32.008560] KernelSU: kp_ksud: security_bounded_transition: allowing init (62) -> su (537) [ 32.008663] type=1401 audit(2247197.199:61): op=security_bounded_transition seresult=denied oldcontext=u:r:init:s0 newcontext=u:r:su:s0 [ 36.946527] KernelSU: kp_ksud: security_bounded_transition: allowing init (62) -> su (537) [ 61.202278] KernelSU: kp_ksud: security_bounded_transition: allowing init (62) -> su (537) [ 61.202395] type=1401 audit(1761288080.219:1045): op=security_bounded_transition seresult=denied oldcontext=u:r:init:s0 newcontext=u:r:su:s0 daisy:/ # uname -a Linux localhost 4.9.337+64-daikura/db23b17 tiann#634 SMP PREEMPT Fri Oct 24 14:37:19 PST 2025 aarch64 Toybox Signed-off-by: backslashxx <118538522+backslashxx@users.noreply.github.com>
backslashxx
pushed a commit
to backslashxx/KernelSU
that referenced
this pull request
Nov 4, 2025
…nn#1704) - torvalds/linux@af63f41 - SELinux domain transitions under NNP/nosuid environment was introduced in 4.14 by the above commit, for older kernels, we need to make sure our domain transitions are allowed when calling ksud at boot from the init - Adapted from tiann#270 (comment) tiann@0950fbb - tiann#1704 tiann@d664fe3 Difference to tiann's version: - use a kretprobe to force a 0 return - grab sids outside of kprobe context to avoid stuckups / hangups Logs: daisy:/ # dmesg | grep -E "transition|grab_sids" [ 5.977810] KernelSU: ksud_grab_sids: got init sid: 62 [ 5.977907] KernelSU: ksud_grab_sids: got su sid: 537 [ 5.980497] KernelSU: kp_ksud: register kretprobe: security_bounded_transition ret: 0 [ 32.008560] KernelSU: kp_ksud: security_bounded_transition: allowing init (62) -> su (537) [ 32.008663] type=1401 audit(2247197.199:61): op=security_bounded_transition seresult=denied oldcontext=u:r:init:s0 newcontext=u:r:su:s0 [ 36.946527] KernelSU: kp_ksud: security_bounded_transition: allowing init (62) -> su (537) [ 61.202278] KernelSU: kp_ksud: security_bounded_transition: allowing init (62) -> su (537) [ 61.202395] type=1401 audit(1761288080.219:1045): op=security_bounded_transition seresult=denied oldcontext=u:r:init:s0 newcontext=u:r:su:s0 daisy:/ # uname -a Linux localhost 4.9.337+64-daikura/db23b17 tiann#634 SMP PREEMPT Fri Oct 24 14:37:19 PST 2025 aarch64 Toybox Signed-off-by: backslashxx <118538522+backslashxx@users.noreply.github.com>
backslashxx
pushed a commit
to backslashxx/KernelSU
that referenced
this pull request
Nov 5, 2025
…nn#1704) - torvalds/linux@af63f41 - SELinux domain transitions under NNP/nosuid environment was introduced in 4.14 by the above commit, for older kernels, we need to make sure our domain transitions are allowed when calling ksud at boot from the init - Adapted from tiann#270 (comment) tiann@0950fbb - tiann#1704 tiann@d664fe3 Difference to tiann's version: - use a kretprobe to force a 0 return - grab sids outside of kprobe context to avoid stuckups / hangups Logs: daisy:/ # dmesg | grep -E "transition|grab_sids" [ 5.977810] KernelSU: ksud_grab_sids: got init sid: 62 [ 5.977907] KernelSU: ksud_grab_sids: got su sid: 537 [ 5.980497] KernelSU: kp_ksud: register kretprobe: security_bounded_transition ret: 0 [ 32.008560] KernelSU: kp_ksud: security_bounded_transition: allowing init (62) -> su (537) [ 32.008663] type=1401 audit(2247197.199:61): op=security_bounded_transition seresult=denied oldcontext=u:r:init:s0 newcontext=u:r:su:s0 [ 36.946527] KernelSU: kp_ksud: security_bounded_transition: allowing init (62) -> su (537) [ 61.202278] KernelSU: kp_ksud: security_bounded_transition: allowing init (62) -> su (537) [ 61.202395] type=1401 audit(1761288080.219:1045): op=security_bounded_transition seresult=denied oldcontext=u:r:init:s0 newcontext=u:r:su:s0 daisy:/ # uname -a Linux localhost 4.9.337+64-daikura/db23b17 tiann#634 SMP PREEMPT Fri Oct 24 14:37:19 PST 2025 aarch64 Toybox Signed-off-by: backslashxx <118538522+backslashxx@users.noreply.github.com>
backslashxx
pushed a commit
to backslashxx/KernelSU
that referenced
this pull request
Nov 5, 2025
…nn#1704) - torvalds/linux@af63f41 - SELinux domain transitions under NNP/nosuid environment was introduced in 4.14 by the above commit, for older kernels, we need to make sure our domain transitions are allowed when calling ksud at boot from the init - Adapted from tiann#270 (comment) tiann@0950fbb - tiann#1704 tiann@d664fe3 Difference to tiann's version: - use a kretprobe to force a 0 return - grab sids outside of kprobe context to avoid stuckups / hangups Logs: daisy:/ # dmesg | grep -E "transition|grab_sids" [ 5.977810] KernelSU: ksud_grab_sids: got init sid: 62 [ 5.977907] KernelSU: ksud_grab_sids: got su sid: 537 [ 5.980497] KernelSU: kp_ksud: register kretprobe: security_bounded_transition ret: 0 [ 32.008560] KernelSU: kp_ksud: security_bounded_transition: allowing init (62) -> su (537) [ 32.008663] type=1401 audit(2247197.199:61): op=security_bounded_transition seresult=denied oldcontext=u:r:init:s0 newcontext=u:r:su:s0 [ 36.946527] KernelSU: kp_ksud: security_bounded_transition: allowing init (62) -> su (537) [ 61.202278] KernelSU: kp_ksud: security_bounded_transition: allowing init (62) -> su (537) [ 61.202395] type=1401 audit(1761288080.219:1045): op=security_bounded_transition seresult=denied oldcontext=u:r:init:s0 newcontext=u:r:su:s0 daisy:/ # uname -a Linux localhost 4.9.337+64-daikura/db23b17 tiann#634 SMP PREEMPT Fri Oct 24 14:37:19 PST 2025 aarch64 Toybox Signed-off-by: backslashxx <118538522+backslashxx@users.noreply.github.com>
backslashxx
pushed a commit
to backslashxx/KernelSU
that referenced
this pull request
Nov 5, 2025
…nn#1704) - torvalds/linux@af63f41 - SELinux domain transitions under NNP/nosuid environment was introduced in 4.14 by the above commit, for older kernels, we need to make sure our domain transitions are allowed when calling ksud at boot from the init - Adapted from tiann#270 (comment) tiann@0950fbb - tiann#1704 tiann@d664fe3 Difference to tiann's version: - use a kretprobe to force a 0 return - grab sids outside of kprobe context to avoid stuckups / hangups Logs: daisy:/ # dmesg | grep -E "transition|grab_sids" [ 5.977810] KernelSU: ksud_grab_sids: got init sid: 62 [ 5.977907] KernelSU: ksud_grab_sids: got su sid: 537 [ 5.980497] KernelSU: kp_ksud: register kretprobe: security_bounded_transition ret: 0 [ 32.008560] KernelSU: kp_ksud: security_bounded_transition: allowing init (62) -> su (537) [ 32.008663] type=1401 audit(2247197.199:61): op=security_bounded_transition seresult=denied oldcontext=u:r:init:s0 newcontext=u:r:su:s0 [ 36.946527] KernelSU: kp_ksud: security_bounded_transition: allowing init (62) -> su (537) [ 61.202278] KernelSU: kp_ksud: security_bounded_transition: allowing init (62) -> su (537) [ 61.202395] type=1401 audit(1761288080.219:1045): op=security_bounded_transition seresult=denied oldcontext=u:r:init:s0 newcontext=u:r:su:s0 daisy:/ # uname -a Linux localhost 4.9.337+64-daikura/db23b17 tiann#634 SMP PREEMPT Fri Oct 24 14:37:19 PST 2025 aarch64 Toybox Signed-off-by: backslashxx <118538522+backslashxx@users.noreply.github.com>
backslashxx
pushed a commit
to backslashxx/KernelSU
that referenced
this pull request
Nov 5, 2025
…nn#1704) - torvalds/linux@af63f41 - SELinux domain transitions under NNP/nosuid environment was introduced in 4.14 by the above commit, for older kernels, we need to make sure our domain transitions are allowed when calling ksud at boot from the init - Adapted from tiann#270 (comment) tiann@0950fbb - tiann#1704 tiann@d664fe3 Difference to tiann's version: - use a kretprobe to force a 0 return - grab sids outside of kprobe context to avoid stuckups / hangups Logs: daisy:/ # dmesg | grep -E "transition|grab_sids" [ 5.977810] KernelSU: ksud_grab_sids: got init sid: 62 [ 5.977907] KernelSU: ksud_grab_sids: got su sid: 537 [ 5.980497] KernelSU: kp_ksud: register kretprobe: security_bounded_transition ret: 0 [ 32.008560] KernelSU: kp_ksud: security_bounded_transition: allowing init (62) -> su (537) [ 32.008663] type=1401 audit(2247197.199:61): op=security_bounded_transition seresult=denied oldcontext=u:r:init:s0 newcontext=u:r:su:s0 [ 36.946527] KernelSU: kp_ksud: security_bounded_transition: allowing init (62) -> su (537) [ 61.202278] KernelSU: kp_ksud: security_bounded_transition: allowing init (62) -> su (537) [ 61.202395] type=1401 audit(1761288080.219:1045): op=security_bounded_transition seresult=denied oldcontext=u:r:init:s0 newcontext=u:r:su:s0 daisy:/ # uname -a Linux localhost 4.9.337+64-daikura/db23b17 tiann#634 SMP PREEMPT Fri Oct 24 14:37:19 PST 2025 aarch64 Toybox Signed-off-by: backslashxx <118538522+backslashxx@users.noreply.github.com>
backslashxx
pushed a commit
to backslashxx/KernelSU
that referenced
this pull request
Nov 5, 2025
…nn#1704) - torvalds/linux@af63f41 - SELinux domain transitions under NNP/nosuid environment was introduced in 4.14 by the above commit, for older kernels, we need to make sure our domain transitions are allowed when calling ksud at boot from the init - Adapted from tiann#270 (comment) tiann@0950fbb - tiann#1704 tiann@d664fe3 Difference to tiann's version: - use a kretprobe to force a 0 return - grab sids outside of kprobe context to avoid stuckups / hangups Logs: daisy:/ # dmesg | grep -E "transition|grab_sids" [ 5.977810] KernelSU: ksud_grab_sids: got init sid: 62 [ 5.977907] KernelSU: ksud_grab_sids: got su sid: 537 [ 5.980497] KernelSU: kp_ksud: register kretprobe: security_bounded_transition ret: 0 [ 32.008560] KernelSU: kp_ksud: security_bounded_transition: allowing init (62) -> su (537) [ 32.008663] type=1401 audit(2247197.199:61): op=security_bounded_transition seresult=denied oldcontext=u:r:init:s0 newcontext=u:r:su:s0 [ 36.946527] KernelSU: kp_ksud: security_bounded_transition: allowing init (62) -> su (537) [ 61.202278] KernelSU: kp_ksud: security_bounded_transition: allowing init (62) -> su (537) [ 61.202395] type=1401 audit(1761288080.219:1045): op=security_bounded_transition seresult=denied oldcontext=u:r:init:s0 newcontext=u:r:su:s0 daisy:/ # uname -a Linux localhost 4.9.337+64-daikura/db23b17 tiann#634 SMP PREEMPT Fri Oct 24 14:37:19 PST 2025 aarch64 Toybox Signed-off-by: backslashxx <118538522+backslashxx@users.noreply.github.com>
backslashxx
pushed a commit
to backslashxx/KernelSU
that referenced
this pull request
Nov 5, 2025
…nn#1704) - torvalds/linux@af63f41 - SELinux domain transitions under NNP/nosuid environment was introduced in 4.14 by the above commit, for older kernels, we need to make sure our domain transitions are allowed when calling ksud at boot from the init - Adapted from tiann#270 (comment) tiann@0950fbb - tiann#1704 tiann@d664fe3 Difference to tiann's version: - use a kretprobe to force a 0 return - grab sids outside of kprobe context to avoid stuckups / hangups Logs: daisy:/ # dmesg | grep -E "transition|grab_sids" [ 5.977810] KernelSU: ksud_grab_sids: got init sid: 62 [ 5.977907] KernelSU: ksud_grab_sids: got su sid: 537 [ 5.980497] KernelSU: kp_ksud: register kretprobe: security_bounded_transition ret: 0 [ 32.008560] KernelSU: kp_ksud: security_bounded_transition: allowing init (62) -> su (537) [ 32.008663] type=1401 audit(2247197.199:61): op=security_bounded_transition seresult=denied oldcontext=u:r:init:s0 newcontext=u:r:su:s0 [ 36.946527] KernelSU: kp_ksud: security_bounded_transition: allowing init (62) -> su (537) [ 61.202278] KernelSU: kp_ksud: security_bounded_transition: allowing init (62) -> su (537) [ 61.202395] type=1401 audit(1761288080.219:1045): op=security_bounded_transition seresult=denied oldcontext=u:r:init:s0 newcontext=u:r:su:s0 daisy:/ # uname -a Linux localhost 4.9.337+64-daikura/db23b17 tiann#634 SMP PREEMPT Fri Oct 24 14:37:19 PST 2025 aarch64 Toybox Signed-off-by: backslashxx <118538522+backslashxx@users.noreply.github.com>
backslashxx
pushed a commit
to backslashxx/KernelSU
that referenced
this pull request
Nov 5, 2025
…nn#1704) - torvalds/linux@af63f41 - SELinux domain transitions under NNP/nosuid environment was introduced in 4.14 by the above commit, for older kernels, we need to make sure our domain transitions are allowed when calling ksud at boot from the init - Adapted from tiann#270 (comment) tiann@0950fbb - tiann#1704 tiann@d664fe3 Difference to tiann's version: - use a kretprobe to force a 0 return - grab sids outside of kprobe context to avoid stuckups / hangups Logs: daisy:/ # dmesg | grep -E "transition|grab_sids" [ 5.977810] KernelSU: ksud_grab_sids: got init sid: 62 [ 5.977907] KernelSU: ksud_grab_sids: got su sid: 537 [ 5.980497] KernelSU: kp_ksud: register kretprobe: security_bounded_transition ret: 0 [ 32.008560] KernelSU: kp_ksud: security_bounded_transition: allowing init (62) -> su (537) [ 32.008663] type=1401 audit(2247197.199:61): op=security_bounded_transition seresult=denied oldcontext=u:r:init:s0 newcontext=u:r:su:s0 [ 36.946527] KernelSU: kp_ksud: security_bounded_transition: allowing init (62) -> su (537) [ 61.202278] KernelSU: kp_ksud: security_bounded_transition: allowing init (62) -> su (537) [ 61.202395] type=1401 audit(1761288080.219:1045): op=security_bounded_transition seresult=denied oldcontext=u:r:init:s0 newcontext=u:r:su:s0 daisy:/ # uname -a Linux localhost 4.9.337+64-daikura/db23b17 tiann#634 SMP PREEMPT Fri Oct 24 14:37:19 PST 2025 aarch64 Toybox Signed-off-by: backslashxx <118538522+backslashxx@users.noreply.github.com>
backslashxx
pushed a commit
to backslashxx/KernelSU
that referenced
this pull request
Nov 6, 2025
…nn#1704) - torvalds/linux@af63f41 - SELinux domain transitions under NNP/nosuid environment was introduced in 4.14 by the above commit, for older kernels, we need to make sure our domain transitions are allowed when calling ksud at boot from the init - Adapted from tiann#270 (comment) tiann@0950fbb - tiann#1704 tiann@d664fe3 Difference to tiann's version: - use a kretprobe to force a 0 return - grab sids outside of kprobe context to avoid stuckups / hangups Logs: daisy:/ # dmesg | grep -E "transition|grab_sids" [ 5.977810] KernelSU: ksud_grab_sids: got init sid: 62 [ 5.977907] KernelSU: ksud_grab_sids: got su sid: 537 [ 5.980497] KernelSU: kp_ksud: register kretprobe: security_bounded_transition ret: 0 [ 32.008560] KernelSU: kp_ksud: security_bounded_transition: allowing init (62) -> su (537) [ 32.008663] type=1401 audit(2247197.199:61): op=security_bounded_transition seresult=denied oldcontext=u:r:init:s0 newcontext=u:r:su:s0 [ 36.946527] KernelSU: kp_ksud: security_bounded_transition: allowing init (62) -> su (537) [ 61.202278] KernelSU: kp_ksud: security_bounded_transition: allowing init (62) -> su (537) [ 61.202395] type=1401 audit(1761288080.219:1045): op=security_bounded_transition seresult=denied oldcontext=u:r:init:s0 newcontext=u:r:su:s0 daisy:/ # uname -a Linux localhost 4.9.337+64-daikura/db23b17 tiann#634 SMP PREEMPT Fri Oct 24 14:37:19 PST 2025 aarch64 Toybox Signed-off-by: backslashxx <118538522+backslashxx@users.noreply.github.com>
backslashxx
pushed a commit
to backslashxx/KernelSU
that referenced
this pull request
Nov 6, 2025
…nn#1704) - torvalds/linux@af63f41 - SELinux domain transitions under NNP/nosuid environment was introduced in 4.14 by the above commit, for older kernels, we need to make sure our domain transitions are allowed when calling ksud at boot from the init - Adapted from tiann#270 (comment) tiann@0950fbb - tiann#1704 tiann@d664fe3 Difference to tiann's version: - use a kretprobe to force a 0 return - grab sids outside of kprobe context to avoid stuckups / hangups Logs: daisy:/ # dmesg | grep -E "transition|grab_sids" [ 5.977810] KernelSU: ksud_grab_sids: got init sid: 62 [ 5.977907] KernelSU: ksud_grab_sids: got su sid: 537 [ 5.980497] KernelSU: kp_ksud: register kretprobe: security_bounded_transition ret: 0 [ 32.008560] KernelSU: kp_ksud: security_bounded_transition: allowing init (62) -> su (537) [ 32.008663] type=1401 audit(2247197.199:61): op=security_bounded_transition seresult=denied oldcontext=u:r:init:s0 newcontext=u:r:su:s0 [ 36.946527] KernelSU: kp_ksud: security_bounded_transition: allowing init (62) -> su (537) [ 61.202278] KernelSU: kp_ksud: security_bounded_transition: allowing init (62) -> su (537) [ 61.202395] type=1401 audit(1761288080.219:1045): op=security_bounded_transition seresult=denied oldcontext=u:r:init:s0 newcontext=u:r:su:s0 daisy:/ # uname -a Linux localhost 4.9.337+64-daikura/db23b17 tiann#634 SMP PREEMPT Fri Oct 24 14:37:19 PST 2025 aarch64 Toybox Signed-off-by: backslashxx <118538522+backslashxx@users.noreply.github.com>
backslashxx
pushed a commit
to backslashxx/KernelSU
that referenced
this pull request
Nov 6, 2025
…nn#1704) - torvalds/linux@af63f41 - SELinux domain transitions under NNP/nosuid environment was introduced in 4.14 by the above commit, for older kernels, we need to make sure our domain transitions are allowed when calling ksud at boot from the init - Adapted from tiann#270 (comment) tiann@0950fbb - tiann#1704 tiann@d664fe3 Difference to tiann's version: - use a kretprobe to force a 0 return - grab sids outside of kprobe context to avoid stuckups / hangups Logs: daisy:/ # dmesg | grep -E "transition|grab_sids" [ 5.977810] KernelSU: ksud_grab_sids: got init sid: 62 [ 5.977907] KernelSU: ksud_grab_sids: got su sid: 537 [ 5.980497] KernelSU: kp_ksud: register kretprobe: security_bounded_transition ret: 0 [ 32.008560] KernelSU: kp_ksud: security_bounded_transition: allowing init (62) -> su (537) [ 32.008663] type=1401 audit(2247197.199:61): op=security_bounded_transition seresult=denied oldcontext=u:r:init:s0 newcontext=u:r:su:s0 [ 36.946527] KernelSU: kp_ksud: security_bounded_transition: allowing init (62) -> su (537) [ 61.202278] KernelSU: kp_ksud: security_bounded_transition: allowing init (62) -> su (537) [ 61.202395] type=1401 audit(1761288080.219:1045): op=security_bounded_transition seresult=denied oldcontext=u:r:init:s0 newcontext=u:r:su:s0 daisy:/ # uname -a Linux localhost 4.9.337+64-daikura/db23b17 tiann#634 SMP PREEMPT Fri Oct 24 14:37:19 PST 2025 aarch64 Toybox Signed-off-by: backslashxx <118538522+backslashxx@users.noreply.github.com>
backslashxx
pushed a commit
to backslashxx/KernelSU
that referenced
this pull request
Nov 6, 2025
…nn#1704) - torvalds/linux@af63f41 - SELinux domain transitions under NNP/nosuid environment was introduced in 4.14 by the above commit, for older kernels, we need to make sure our domain transitions are allowed when calling ksud at boot from the init - Adapted from tiann#270 (comment) tiann@0950fbb - tiann#1704 tiann@d664fe3 Difference to tiann's version: - use a kretprobe to force a 0 return - grab sids outside of kprobe context to avoid stuckups / hangups Logs: daisy:/ # dmesg | grep -E "transition|grab_sids" [ 5.977810] KernelSU: ksud_grab_sids: got init sid: 62 [ 5.977907] KernelSU: ksud_grab_sids: got su sid: 537 [ 5.980497] KernelSU: kp_ksud: register kretprobe: security_bounded_transition ret: 0 [ 32.008560] KernelSU: kp_ksud: security_bounded_transition: allowing init (62) -> su (537) [ 32.008663] type=1401 audit(2247197.199:61): op=security_bounded_transition seresult=denied oldcontext=u:r:init:s0 newcontext=u:r:su:s0 [ 36.946527] KernelSU: kp_ksud: security_bounded_transition: allowing init (62) -> su (537) [ 61.202278] KernelSU: kp_ksud: security_bounded_transition: allowing init (62) -> su (537) [ 61.202395] type=1401 audit(1761288080.219:1045): op=security_bounded_transition seresult=denied oldcontext=u:r:init:s0 newcontext=u:r:su:s0 daisy:/ # uname -a Linux localhost 4.9.337+64-daikura/db23b17 tiann#634 SMP PREEMPT Fri Oct 24 14:37:19 PST 2025 aarch64 Toybox Signed-off-by: backslashxx <118538522+backslashxx@users.noreply.github.com>
backslashxx
pushed a commit
to backslashxx/KernelSU
that referenced
this pull request
Nov 6, 2025
…nn#1704) - torvalds/linux@af63f41 - SELinux domain transitions under NNP/nosuid environment was introduced in 4.14 by the above commit, for older kernels, we need to make sure our domain transitions are allowed when calling ksud at boot from the init - Adapted from tiann#270 (comment) tiann@0950fbb - tiann#1704 tiann@d664fe3 Difference to tiann's version: - use a kretprobe to force a 0 return - grab sids outside of kprobe context to avoid stuckups / hangups Logs: daisy:/ # dmesg | grep -E "transition|grab_sids" [ 5.977810] KernelSU: ksud_grab_sids: got init sid: 62 [ 5.977907] KernelSU: ksud_grab_sids: got su sid: 537 [ 5.980497] KernelSU: kp_ksud: register kretprobe: security_bounded_transition ret: 0 [ 32.008560] KernelSU: kp_ksud: security_bounded_transition: allowing init (62) -> su (537) [ 32.008663] type=1401 audit(2247197.199:61): op=security_bounded_transition seresult=denied oldcontext=u:r:init:s0 newcontext=u:r:su:s0 [ 36.946527] KernelSU: kp_ksud: security_bounded_transition: allowing init (62) -> su (537) [ 61.202278] KernelSU: kp_ksud: security_bounded_transition: allowing init (62) -> su (537) [ 61.202395] type=1401 audit(1761288080.219:1045): op=security_bounded_transition seresult=denied oldcontext=u:r:init:s0 newcontext=u:r:su:s0 daisy:/ # uname -a Linux localhost 4.9.337+64-daikura/db23b17 tiann#634 SMP PREEMPT Fri Oct 24 14:37:19 PST 2025 aarch64 Toybox Signed-off-by: backslashxx <118538522+backslashxx@users.noreply.github.com>
backslashxx
pushed a commit
to backslashxx/KernelSU
that referenced
this pull request
Nov 6, 2025
…nn#1704) - torvalds/linux@af63f41 - SELinux domain transitions under NNP/nosuid environment was introduced in 4.14 by the above commit, for older kernels, we need to make sure our domain transitions are allowed when calling ksud at boot from the init - Adapted from tiann#270 (comment) tiann@0950fbb - tiann#1704 tiann@d664fe3 Difference to tiann's version: - use a kretprobe to force a 0 return - grab sids outside of kprobe context to avoid stuckups / hangups Logs: daisy:/ # dmesg | grep -E "transition|grab_sids" [ 5.977810] KernelSU: ksud_grab_sids: got init sid: 62 [ 5.977907] KernelSU: ksud_grab_sids: got su sid: 537 [ 5.980497] KernelSU: kp_ksud: register kretprobe: security_bounded_transition ret: 0 [ 32.008560] KernelSU: kp_ksud: security_bounded_transition: allowing init (62) -> su (537) [ 32.008663] type=1401 audit(2247197.199:61): op=security_bounded_transition seresult=denied oldcontext=u:r:init:s0 newcontext=u:r:su:s0 [ 36.946527] KernelSU: kp_ksud: security_bounded_transition: allowing init (62) -> su (537) [ 61.202278] KernelSU: kp_ksud: security_bounded_transition: allowing init (62) -> su (537) [ 61.202395] type=1401 audit(1761288080.219:1045): op=security_bounded_transition seresult=denied oldcontext=u:r:init:s0 newcontext=u:r:su:s0 daisy:/ # uname -a Linux localhost 4.9.337+64-daikura/db23b17 tiann#634 SMP PREEMPT Fri Oct 24 14:37:19 PST 2025 aarch64 Toybox Signed-off-by: backslashxx <118538522+backslashxx@users.noreply.github.com>
backslashxx
pushed a commit
to backslashxx/KernelSU
that referenced
this pull request
Nov 6, 2025
…nn#1704) - torvalds/linux@af63f41 - SELinux domain transitions under NNP/nosuid environment was introduced in 4.14 by the above commit, for older kernels, we need to make sure our domain transitions are allowed when calling ksud at boot from the init - Adapted from tiann#270 (comment) tiann@0950fbb - tiann#1704 tiann@d664fe3 Difference to tiann's version: - use a kretprobe to force a 0 return - grab sids outside of kprobe context to avoid stuckups / hangups Logs: daisy:/ # dmesg | grep -E "transition|grab_sids" [ 5.977810] KernelSU: ksud_grab_sids: got init sid: 62 [ 5.977907] KernelSU: ksud_grab_sids: got su sid: 537 [ 5.980497] KernelSU: kp_ksud: register kretprobe: security_bounded_transition ret: 0 [ 32.008560] KernelSU: kp_ksud: security_bounded_transition: allowing init (62) -> su (537) [ 32.008663] type=1401 audit(2247197.199:61): op=security_bounded_transition seresult=denied oldcontext=u:r:init:s0 newcontext=u:r:su:s0 [ 36.946527] KernelSU: kp_ksud: security_bounded_transition: allowing init (62) -> su (537) [ 61.202278] KernelSU: kp_ksud: security_bounded_transition: allowing init (62) -> su (537) [ 61.202395] type=1401 audit(1761288080.219:1045): op=security_bounded_transition seresult=denied oldcontext=u:r:init:s0 newcontext=u:r:su:s0 daisy:/ # uname -a Linux localhost 4.9.337+64-daikura/db23b17 tiann#634 SMP PREEMPT Fri Oct 24 14:37:19 PST 2025 aarch64 Toybox Signed-off-by: backslashxx <118538522+backslashxx@users.noreply.github.com>
backslashxx
pushed a commit
to backslashxx/KernelSU
that referenced
this pull request
Nov 6, 2025
…nn#1704) - torvalds/linux@af63f41 - SELinux domain transitions under NNP/nosuid environment was introduced in 4.14 by the above commit, for older kernels, we need to make sure our domain transitions are allowed when calling ksud at boot from the init - Adapted from tiann#270 (comment) tiann@0950fbb - tiann#1704 tiann@d664fe3 Difference to tiann's version: - use a kretprobe to force a 0 return - grab sids outside of kprobe context to avoid stuckups / hangups Logs: daisy:/ # dmesg | grep -E "transition|grab_sids" [ 5.977810] KernelSU: ksud_grab_sids: got init sid: 62 [ 5.977907] KernelSU: ksud_grab_sids: got su sid: 537 [ 5.980497] KernelSU: kp_ksud: register kretprobe: security_bounded_transition ret: 0 [ 32.008560] KernelSU: kp_ksud: security_bounded_transition: allowing init (62) -> su (537) [ 32.008663] type=1401 audit(2247197.199:61): op=security_bounded_transition seresult=denied oldcontext=u:r:init:s0 newcontext=u:r:su:s0 [ 36.946527] KernelSU: kp_ksud: security_bounded_transition: allowing init (62) -> su (537) [ 61.202278] KernelSU: kp_ksud: security_bounded_transition: allowing init (62) -> su (537) [ 61.202395] type=1401 audit(1761288080.219:1045): op=security_bounded_transition seresult=denied oldcontext=u:r:init:s0 newcontext=u:r:su:s0 daisy:/ # uname -a Linux localhost 4.9.337+64-daikura/db23b17 tiann#634 SMP PREEMPT Fri Oct 24 14:37:19 PST 2025 aarch64 Toybox Signed-off-by: backslashxx <118538522+backslashxx@users.noreply.github.com>
backslashxx
pushed a commit
to backslashxx/KernelSU
that referenced
this pull request
Nov 6, 2025
…nn#1704) - torvalds/linux@af63f41 - SELinux domain transitions under NNP/nosuid environment was introduced in 4.14 by the above commit, for older kernels, we need to make sure our domain transitions are allowed when calling ksud at boot from the init - Adapted from tiann#270 (comment) tiann@0950fbb - tiann#1704 tiann@d664fe3 Difference to tiann's version: - use a kretprobe to force a 0 return - grab sids outside of kprobe context to avoid stuckups / hangups Logs: daisy:/ # dmesg | grep -E "transition|grab_sids" [ 5.977810] KernelSU: ksud_grab_sids: got init sid: 62 [ 5.977907] KernelSU: ksud_grab_sids: got su sid: 537 [ 5.980497] KernelSU: kp_ksud: register kretprobe: security_bounded_transition ret: 0 [ 32.008560] KernelSU: kp_ksud: security_bounded_transition: allowing init (62) -> su (537) [ 32.008663] type=1401 audit(2247197.199:61): op=security_bounded_transition seresult=denied oldcontext=u:r:init:s0 newcontext=u:r:su:s0 [ 36.946527] KernelSU: kp_ksud: security_bounded_transition: allowing init (62) -> su (537) [ 61.202278] KernelSU: kp_ksud: security_bounded_transition: allowing init (62) -> su (537) [ 61.202395] type=1401 audit(1761288080.219:1045): op=security_bounded_transition seresult=denied oldcontext=u:r:init:s0 newcontext=u:r:su:s0 daisy:/ # uname -a Linux localhost 4.9.337+64-daikura/db23b17 tiann#634 SMP PREEMPT Fri Oct 24 14:37:19 PST 2025 aarch64 Toybox Signed-off-by: backslashxx <118538522+backslashxx@users.noreply.github.com>
backslashxx
pushed a commit
to backslashxx/KernelSU
that referenced
this pull request
Nov 6, 2025
…nn#1704) - torvalds/linux@af63f41 - SELinux domain transitions under NNP/nosuid environment was introduced in 4.14 by the above commit, for older kernels, we need to make sure our domain transitions are allowed when calling ksud at boot from the init - Adapted from tiann#270 (comment) tiann@0950fbb - tiann#1704 tiann@d664fe3 Difference to tiann's version: - use a kretprobe to force a 0 return - grab sids outside of kprobe context to avoid stuckups / hangups Logs: daisy:/ # dmesg | grep -E "transition|grab_sids" [ 5.977810] KernelSU: ksud_grab_sids: got init sid: 62 [ 5.977907] KernelSU: ksud_grab_sids: got su sid: 537 [ 5.980497] KernelSU: kp_ksud: register kretprobe: security_bounded_transition ret: 0 [ 32.008560] KernelSU: kp_ksud: security_bounded_transition: allowing init (62) -> su (537) [ 32.008663] type=1401 audit(2247197.199:61): op=security_bounded_transition seresult=denied oldcontext=u:r:init:s0 newcontext=u:r:su:s0 [ 36.946527] KernelSU: kp_ksud: security_bounded_transition: allowing init (62) -> su (537) [ 61.202278] KernelSU: kp_ksud: security_bounded_transition: allowing init (62) -> su (537) [ 61.202395] type=1401 audit(1761288080.219:1045): op=security_bounded_transition seresult=denied oldcontext=u:r:init:s0 newcontext=u:r:su:s0 daisy:/ # uname -a Linux localhost 4.9.337+64-daikura/db23b17 tiann#634 SMP PREEMPT Fri Oct 24 14:37:19 PST 2025 aarch64 Toybox Signed-off-by: backslashxx <118538522+backslashxx@users.noreply.github.com>
backslashxx
pushed a commit
to backslashxx/KernelSU
that referenced
this pull request
Nov 6, 2025
…nn#1704) - torvalds/linux@af63f41 - SELinux domain transitions under NNP/nosuid environment was introduced in 4.14 by the above commit, for older kernels, we need to make sure our domain transitions are allowed when calling ksud at boot from the init - Adapted from tiann#270 (comment) tiann@0950fbb - tiann#1704 tiann@d664fe3 Difference to tiann's version: - use a kretprobe to force a 0 return - grab sids outside of kprobe context to avoid stuckups / hangups Logs: daisy:/ # dmesg | grep -E "transition|grab_sids" [ 5.977810] KernelSU: ksud_grab_sids: got init sid: 62 [ 5.977907] KernelSU: ksud_grab_sids: got su sid: 537 [ 5.980497] KernelSU: kp_ksud: register kretprobe: security_bounded_transition ret: 0 [ 32.008560] KernelSU: kp_ksud: security_bounded_transition: allowing init (62) -> su (537) [ 32.008663] type=1401 audit(2247197.199:61): op=security_bounded_transition seresult=denied oldcontext=u:r:init:s0 newcontext=u:r:su:s0 [ 36.946527] KernelSU: kp_ksud: security_bounded_transition: allowing init (62) -> su (537) [ 61.202278] KernelSU: kp_ksud: security_bounded_transition: allowing init (62) -> su (537) [ 61.202395] type=1401 audit(1761288080.219:1045): op=security_bounded_transition seresult=denied oldcontext=u:r:init:s0 newcontext=u:r:su:s0 daisy:/ # uname -a Linux localhost 4.9.337+64-daikura/db23b17 tiann#634 SMP PREEMPT Fri Oct 24 14:37:19 PST 2025 aarch64 Toybox Signed-off-by: backslashxx <118538522+backslashxx@users.noreply.github.com>
backslashxx
pushed a commit
to backslashxx/KernelSU
that referenced
this pull request
Nov 6, 2025
…nn#1704) - torvalds/linux@af63f41 - SELinux domain transitions under NNP/nosuid environment was introduced in 4.14 by the above commit, for older kernels, we need to make sure our domain transitions are allowed when calling ksud at boot from the init - Adapted from tiann#270 (comment) tiann@0950fbb - tiann#1704 tiann@d664fe3 Difference to tiann's version: - use a kretprobe to force a 0 return - grab sids outside of kprobe context to avoid stuckups / hangups Logs: daisy:/ # dmesg | grep -E "transition|grab_sids" [ 5.977810] KernelSU: ksud_grab_sids: got init sid: 62 [ 5.977907] KernelSU: ksud_grab_sids: got su sid: 537 [ 5.980497] KernelSU: kp_ksud: register kretprobe: security_bounded_transition ret: 0 [ 32.008560] KernelSU: kp_ksud: security_bounded_transition: allowing init (62) -> su (537) [ 32.008663] type=1401 audit(2247197.199:61): op=security_bounded_transition seresult=denied oldcontext=u:r:init:s0 newcontext=u:r:su:s0 [ 36.946527] KernelSU: kp_ksud: security_bounded_transition: allowing init (62) -> su (537) [ 61.202278] KernelSU: kp_ksud: security_bounded_transition: allowing init (62) -> su (537) [ 61.202395] type=1401 audit(1761288080.219:1045): op=security_bounded_transition seresult=denied oldcontext=u:r:init:s0 newcontext=u:r:su:s0 daisy:/ # uname -a Linux localhost 4.9.337+64-daikura/db23b17 tiann#634 SMP PREEMPT Fri Oct 24 14:37:19 PST 2025 aarch64 Toybox Signed-off-by: backslashxx <118538522+backslashxx@users.noreply.github.com>
backslashxx
pushed a commit
to backslashxx/KernelSU
that referenced
this pull request
Nov 6, 2025
…nn#1704) - torvalds/linux@af63f41 - SELinux domain transitions under NNP/nosuid environment was introduced in 4.14 by the above commit, for older kernels, we need to make sure our domain transitions are allowed when calling ksud at boot from the init - Adapted from tiann#270 (comment) tiann@0950fbb - tiann#1704 tiann@d664fe3 Difference to tiann's version: - use a kretprobe to force a 0 return - grab sids outside of kprobe context to avoid stuckups / hangups Logs: daisy:/ # dmesg | grep -E "transition|grab_sids" [ 5.977810] KernelSU: ksud_grab_sids: got init sid: 62 [ 5.977907] KernelSU: ksud_grab_sids: got su sid: 537 [ 5.980497] KernelSU: kp_ksud: register kretprobe: security_bounded_transition ret: 0 [ 32.008560] KernelSU: kp_ksud: security_bounded_transition: allowing init (62) -> su (537) [ 32.008663] type=1401 audit(2247197.199:61): op=security_bounded_transition seresult=denied oldcontext=u:r:init:s0 newcontext=u:r:su:s0 [ 36.946527] KernelSU: kp_ksud: security_bounded_transition: allowing init (62) -> su (537) [ 61.202278] KernelSU: kp_ksud: security_bounded_transition: allowing init (62) -> su (537) [ 61.202395] type=1401 audit(1761288080.219:1045): op=security_bounded_transition seresult=denied oldcontext=u:r:init:s0 newcontext=u:r:su:s0 daisy:/ # uname -a Linux localhost 4.9.337+64-daikura/db23b17 tiann#634 SMP PREEMPT Fri Oct 24 14:37:19 PST 2025 aarch64 Toybox Signed-off-by: backslashxx <118538522+backslashxx@users.noreply.github.com>
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
2 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
No description provided.