kernel: ksud, core_hook: migrate ksud execution to security_bprm_check #2653
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Contributor
Author
|
context: logs on lkm mode (via sys_execve) dmesg_6.1.txt from fergus LKM demo LSM / GKI demo prolly unneeded -- I havent tested lsm hook hack but this can be hooked on different places 5.8+ bprm_creds_for_exec + bprm_creds_from_file? however for my purposes, I chose bprm_check_security since
|
e4b852c to
ce728be
Compare
as per upstream, we only mostly need top 32 bytes and top 256 bytes anyway since these are good enough allowances, we can allocate this on stack. Signed-off-by: backslashxx <[email protected]>
backslashxx
added a commit
to backslashxx/KernelSU
that referenced
this pull request
Jul 2, 2025
This migrates ksud execution decision-making to bprm_check_security. This requires passing proper argv and envp to a modified _ksud handler aptly named 'ksu_handle_bprm_ksud'. Introduces: int ksu_handle_bprm_ksud(const char *filename, const char *argv1, const char *envp, size_t envp_len) which is adapted from: int ksu_handle_execveat_ksud(int *fd, struct filename **filename_ptr, struct user_arg_ptr *argv, struct user_arg_ptr *envp, int *flags) ksu_handle_bprm_ksud handles all the decision making, it decides when it is time to apply_kernelsu_rules depending if it sees "second_stage". For LSM hook, turns out we can pull out argv and envp from mm_struct. The code in here explains itself on how to do it. whole blob exists on arg_start to arg_end, so we just pull it out and grab next array after the first null terminator. as for envp, we pass the pointer then hunt for it when needed My reasoning on adding a fallback on usercopy is that on some devices a fault happens, and it copies garbled data. On my creation of this, I actually had to lock that _nofault copy on a spinlock as a way to mimic preempt_disable/enable without actually doing it. As per user reports, no failed _nofault copies anyway but we have-to-have a fallback for resilience. References: - old version1 6efcd81 - old version2 37d5938 - bad usercopy #21 This now provides a small helper function, ksu_copy_from_user_retry, which explains itself. First we attempt a _nofault copy, if that fails, we try plain. While using strncpy_from_user_nofault was considered, this wont do, this will only copy up to the first \0. devlog: ximi-libra-test/android_kernel_xiaomi_libra@16e5dce...16c1f5f ximi-mojito-test/mojito_krenol@28642e6...728de0c References: https://elixir.bootlin.com/linux/v4.14.1/source/include/linux/mm_types.h#L429 https://elixir.bootlin.com/linux/v4.14.1/source/include/linux/lsm_hooks.h Stale: tiann#2653 Signed-off-by: backslashxx <[email protected]>
backslashxx
added a commit
to backslashxx/KernelSU
that referenced
this pull request
Jul 2, 2025
Added from 5ec1cff@16e13ae (+24) implement magic mount restorecon: set adb_file to system_file for module files magic_mount: use trusted.overlay.opaque chore: fmt magic_mount: supports whiteout chore: refine code magic_mount: fix log: make verbose logging optional magic_mount: refine ksud: fix disable / enable modules ksud: fix odm not magic-mounted manager: no need to check overlayfs ksud: fix partition link ksud: fix clone symlink ksud: refine tmpfs ksud: add KSU_MAGIC_MOUNT to env (5ec1cff#5) manager: remove shrink image use module dir name as real id allow restore uninstalled module ksud: make tmpfs and magic mount optional ksud: fix stat reformat rust codes ksud: probe for more workdir candidates (5ec1cff#12) app: persist show system app settings Other changes: (+49) manager: show module id on module page (tiann#2365) workflows: debloat ksud: add armeabi-v7a support manager: Add ABI and Kernel archirecture info into InfoCardItem manager: failure mode dummy demo dummy.keystore manager: unofficial build kernel: drop LKM and kprobes support kernel: restore compat code required for old kernels kernel: expose allowlist workaround as Kconfig option kernel: core_hook: screw path_umount backport, call sys_umount directly kernel: handle backports kernel: sucompat: sucompat toggle support for non-kp (tiann#2506) kernel: core_hook: automate and refactor umount (tiann#2531) kernel: core_hook: only umount when unmountable > 0 kernel: throne_tracker: offload to kthread (tiann#2632) kernel: selinux: fix pointer mismatch with 32-bit ksud on 64-bit kernels kernel: ksud: dont create structs just to deconstruct them for a string (tiann#2595) kernel: ksud: add commonized execve/compat_execve hooks for ksud kernel: sucompat: increase reliability, commonize and micro-optimize (tiann#2656) kernel: opt-out of struct filename use when unused kernel: core_hook: intercept devpts via security_inode_permission LSM kernel: sucompat: dummify devpts hook kernel: ksud: migrate ksud execution to security_bprm_check (tiann#2653) kernel: sucompat: strncpy_from_user -> copy_from_user kernel: ksud: reuse bprm_ksud logic on old handlers kernel: ksud: deadcode / no-op old hooks kernel: core_hook: fixup 32-on-64 compat detection via linux_binprm kernel: core_hook: earlier escape_to_root already-root check kernel: selinux: rules: Fix illegal RCU lock usage in apply_kernelsu_rules() (tiann#2646) kernel: expose KSU_LSM_SECURITY_HOOKS on Kconfig kernel: sucompat: provide do_execve_common handler for <= 3.18 kernel: ksud: provide is_ksu_transition check v2 kernel: core_hook: no ext4_unregister_sysfs, no problem kernel: throne_tracker: add strscpy/strlcpy compat kernel: ksud: d_is_reg to IS_REG kernel: Makefile: remove overlayfs requirement kernel: throne_tracker: resolve s_magic for < 3.9 kernel: ksud: handle read_iter requirement conditionally kernel: apk_sign: casting to char for strcmp -> memcmp kernel: apk_sign: migrate generic_file_llseek -> vfs_llseek kernel: throne_tracker: handle filldir_t ABI mismatch on <= 3.18 kernel: compat: inline iterate_dir -> vfs_readdir compat kernel: apk_sign: fix return check for ksu_sha256 kernel: apk_sign: add more size/hash pairs kernel: ksu: printout quirks / backports / etc on init kernel: sucompat: provide getname_flags (user) ultimatum hook kernel: sucompat: provide getname_flags (kernel) ultimatum hook KernelSU v1.0.5+magic Warning: Managers built from this repo has a known keystore. See dummy.keystore. Signed-off-by: backslashxx <[email protected]>
backslashxx
added a commit
to backslashxx/KernelSU
that referenced
this pull request
Jul 3, 2025
Added from 5ec1cff@16e13ae (+24) implement magic mount restorecon: set adb_file to system_file for module files magic_mount: use trusted.overlay.opaque chore: fmt magic_mount: supports whiteout chore: refine code magic_mount: fix log: make verbose logging optional magic_mount: refine ksud: fix disable / enable modules ksud: fix odm not magic-mounted manager: no need to check overlayfs ksud: fix partition link ksud: fix clone symlink ksud: refine tmpfs ksud: add KSU_MAGIC_MOUNT to env (5ec1cff#5) manager: remove shrink image use module dir name as real id allow restore uninstalled module ksud: make tmpfs and magic mount optional ksud: fix stat reformat rust codes ksud: probe for more workdir candidates (5ec1cff#12) app: persist show system app settings Other changes: (+49) manager: show module id on module page (tiann#2365) workflows: debloat ksud: add armeabi-v7a support manager: Add ABI and Kernel archirecture info into InfoCardItem manager: failure mode dummy demo dummy.keystore manager: unofficial build kernel: drop LKM and kprobes support kernel: restore compat code required for old kernels kernel: expose allowlist workaround as Kconfig option kernel: core_hook: screw path_umount backport, call sys_umount directly kernel: handle backports kernel: sucompat: sucompat toggle support for non-kp (tiann#2506) kernel: core_hook: automate and refactor umount (tiann#2531) kernel: core_hook: only umount when unmountable > 0 kernel: throne_tracker: offload to kthread (tiann#2632) kernel: selinux: fix pointer mismatch with 32-bit ksud on 64-bit kernels kernel: ksud: dont create structs just to deconstruct them for a string (tiann#2595) kernel: ksud: add commonized execve/compat_execve hooks for ksud kernel: sucompat: increase reliability, commonize and micro-optimize (tiann#2656) kernel: opt-out of struct filename use when unused kernel: core_hook: intercept devpts via security_inode_permission LSM kernel: sucompat: dummify devpts hook kernel: ksud: migrate ksud execution to security_bprm_check (tiann#2653) kernel: sucompat: strncpy_from_user -> copy_from_user kernel: ksud: reuse bprm_ksud logic on old handlers kernel: ksud: deadcode / no-op old hooks kernel: core_hook: fixup 32-on-64 compat detection via linux_binprm kernel: core_hook: earlier escape_to_root already-root check kernel: selinux: rules: Fix illegal RCU lock usage in apply_kernelsu_rules() (tiann#2646) kernel: expose KSU_LSM_SECURITY_HOOKS on Kconfig kernel: sucompat: provide do_execve_common handler for <= 3.18 kernel: ksud: provide is_ksu_transition check v2 kernel: core_hook: no ext4_unregister_sysfs, no problem kernel: throne_tracker: add strscpy/strlcpy compat kernel: ksud: d_is_reg to IS_REG kernel: Makefile: remove overlayfs requirement kernel: throne_tracker: resolve s_magic for < 3.9 kernel: ksud: handle read_iter requirement conditionally kernel: apk_sign: casting to char for strcmp -> memcmp kernel: apk_sign: migrate generic_file_llseek -> vfs_llseek kernel: throne_tracker: handle filldir_t ABI mismatch on <= 3.18 kernel: compat: inline iterate_dir -> vfs_readdir compat kernel: apk_sign: fix return check for ksu_sha256 kernel: apk_sign: add more size/hash pairs kernel: ksu: printout quirks / backports / etc on init kernel: sucompat: provide getname_flags (user) ultimatum hook kernel: sucompat: provide getname_flags (kernel) ultimatum hook KernelSU v1.0.5+magic Warning: Managers built from this repo has a known keystore. See dummy.keystore. Signed-off-by: backslashxx <[email protected]>
backslashxx
added a commit
to backslashxx/KernelSU
that referenced
this pull request
Jul 3, 2025
This migrates ksud execution decision-making to bprm_check_security. This requires passing proper argv and envp to a modified _ksud handler aptly named 'ksu_handle_bprm_ksud'. Introduces: int ksu_handle_bprm_ksud(const char *filename, const char *argv1, const char *envp, size_t envp_len) which is adapted from: int ksu_handle_execveat_ksud(int *fd, struct filename **filename_ptr, struct user_arg_ptr *argv, struct user_arg_ptr *envp, int *flags) ksu_handle_bprm_ksud handles all the decision making, it decides when it is time to apply_kernelsu_rules depending if it sees "second_stage". For LSM hook, turns out we can pull out argv and envp from mm_struct. The code in here explains itself on how to do it. whole blob exists on arg_start to arg_end, so we just pull it out and grab next array after the first null terminator. as for envp, we pass the pointer then hunt for it when needed My reasoning on adding a fallback on usercopy is that on some devices a fault happens, and it copies garbled data. On my creation of this, I actually had to lock that _nofault copy on a spinlock as a way to mimic preempt_disable/enable without actually doing it. As per user reports, no failed _nofault copies anyway but we have-to-have a fallback for resilience. References: - old version1 6efcd81 - old version2 37d5938 - bad usercopy #21 This now provides a small helper function, ksu_copy_from_user_retry, which explains itself. First we attempt a _nofault copy, if that fails, we try plain. While using strncpy_from_user_nofault was considered, this wont do, this will only copy up to the first \0. devlog: ximi-libra-test/android_kernel_xiaomi_libra@16e5dce...16c1f5f ximi-mojito-test/mojito_krenol@28642e6...728de0c References: https://elixir.bootlin.com/linux/v4.14.1/source/include/linux/mm_types.h#L429 https://elixir.bootlin.com/linux/v4.14.1/source/include/linux/lsm_hooks.h Stale: tiann#2653 Signed-off-by: backslashxx <[email protected]>
backslashxx
added a commit
to backslashxx/KernelSU
that referenced
this pull request
Jul 3, 2025
Added from 5ec1cff@16e13ae (+24) implement magic mount restorecon: set adb_file to system_file for module files magic_mount: use trusted.overlay.opaque chore: fmt magic_mount: supports whiteout chore: refine code magic_mount: fix log: make verbose logging optional magic_mount: refine ksud: fix disable / enable modules ksud: fix odm not magic-mounted manager: no need to check overlayfs ksud: fix partition link ksud: fix clone symlink ksud: refine tmpfs ksud: add KSU_MAGIC_MOUNT to env (5ec1cff#5) manager: remove shrink image use module dir name as real id allow restore uninstalled module ksud: make tmpfs and magic mount optional ksud: fix stat reformat rust codes ksud: probe for more workdir candidates (5ec1cff#12) app: persist show system app settings Other changes: (+49) manager: show module id on module page (tiann#2365) workflows: debloat ksud: add armeabi-v7a support manager: Add ABI and Kernel archirecture info into InfoCardItem manager: failure mode dummy demo dummy.keystore manager: unofficial build kernel: drop LKM and kprobes support kernel: restore compat code required for old kernels kernel: expose allowlist workaround as Kconfig option kernel: core_hook: screw path_umount backport, call sys_umount directly kernel: handle backports kernel: sucompat: sucompat toggle support for non-kp (tiann#2506) kernel: core_hook: automate and refactor umount (tiann#2531) kernel: core_hook: only umount when unmountable > 0 kernel: throne_tracker: offload to kthread (tiann#2632) kernel: selinux: fix pointer mismatch with 32-bit ksud on 64-bit kernels kernel: ksud: dont create structs just to deconstruct them for a string (tiann#2595) kernel: ksud: add commonized execve/compat_execve hooks for ksud kernel: sucompat: increase reliability, commonize and micro-optimize (tiann#2656) kernel: opt-out of struct filename use when unused kernel: core_hook: intercept devpts via security_inode_permission LSM kernel: sucompat: dummify devpts hook kernel: ksud: migrate ksud execution to security_bprm_check (tiann#2653) kernel: sucompat: strncpy_from_user -> copy_from_user kernel: ksud: reuse bprm_ksud logic on old handlers kernel: ksud: deadcode / no-op old hooks kernel: core_hook: fixup 32-on-64 compat detection via linux_binprm kernel: core_hook: earlier escape_to_root already-root check kernel: selinux: rules: Fix illegal RCU lock usage in apply_kernelsu_rules() (tiann#2646) kernel: expose KSU_LSM_SECURITY_HOOKS on Kconfig kernel: sucompat: provide do_execve_common handler for <= 3.18 kernel: ksud: provide is_ksu_transition check v2 kernel: core_hook: no ext4_unregister_sysfs, no problem kernel: throne_tracker: add strscpy/strlcpy compat kernel: ksud: d_is_reg to IS_REG kernel: Makefile: remove overlayfs requirement kernel: throne_tracker: resolve s_magic for < 3.9 kernel: ksud: handle read_iter requirement conditionally kernel: apk_sign: casting to char for strcmp -> memcmp kernel: apk_sign: migrate generic_file_llseek -> vfs_llseek kernel: throne_tracker: handle filldir_t ABI mismatch on <= 3.18 kernel: compat: inline iterate_dir -> vfs_readdir compat kernel: apk_sign: fix return check for ksu_sha256 kernel: apk_sign: add more size/hash pairs kernel: ksu: printout quirks / backports / etc on init kernel: sucompat: provide getname_flags (user) ultimatum hook kernel: sucompat: provide getname_flags (kernel) ultimatum hook KernelSU v1.0.5+magic Warning: Managers built from this repo has a known keystore. See dummy.keystore. Signed-off-by: backslashxx <[email protected]>
pershoot
added a commit
to pershoot/KernelSU-Next
that referenced
this pull request
Jul 3, 2025
-v1.5 __backslashxx/KernelSU#5 ____kernel_compat: remove cond. check against ksu_access_ok in ksu_copy_from_user_retry <><><> Description addendum: kernel: ksud: migrate ksud execution to security_bprm_check (tiann/KernelSU#2653) backslashxx/KernelSU@1e5994d ... References: ... - old version2 backslashxx/KernelSU@37d5938 ... This now provides a small helper function, ksu_copy_from_user_retry, which explains itself. First we attempt a _nofault copy, if that fails, we try plain. While using strncpy_from_user_nofault was considered, this wont do, this will only copy up to the first \0. ... Stale: tiann/KernelSU#2653 Signed-off-by: backslashxx <[email protected]> <><><> -https://gitlab.com/pershoot/susfs4ksu/-/tree/gki-android14-6.1-dev
pershoot
added a commit
to pershoot/KernelSU-Next
that referenced
this pull request
Jul 3, 2025
-v1.5 __backslashxx/KernelSU#5 ____kernel_compat: remove cond. check against ksu_access_ok in ksu_copy_from_user_retry <><><> Description addendum: kernel: ksud: migrate ksud execution to security_bprm_check (tiann/KernelSU#2653) backslashxx/KernelSU@1e5994d ... References: ... - old version2 backslashxx/KernelSU@37d5938 ... This now provides a small helper function, ksu_copy_from_user_retry, which explains itself. First we attempt a _nofault copy, if that fails, we try plain. While using strncpy_from_user_nofault was considered, this wont do, this will only copy up to the first \0. ... Stale: tiann/KernelSU#2653 Signed-off-by: backslashxx <[email protected]> <><><> -https://gitlab.com/pershoot/susfs4ksu/-/tree/gki-android14-6.1-dev
pershoot
added a commit
to pershoot/KernelSU-Next
that referenced
this pull request
Jul 4, 2025
-v1.5 __backslashxx/KernelSU#5 ____kernel_compat: remove cond. check against ksu_access_ok in ksu_copy_from_user_retry <><><> Description addendum: kernel: ksud: migrate ksud execution to security_bprm_check (tiann/KernelSU#2653) backslashxx/KernelSU@1e5994d ... References: ... - old version2 backslashxx/KernelSU@37d5938 ... This now provides a small helper function, ksu_copy_from_user_retry, which explains itself. First we attempt a _nofault copy, if that fails, we try plain. While using strncpy_from_user_nofault was considered, this wont do, this will only copy up to the first \0. ... Stale: tiann/KernelSU#2653 Signed-off-by: backslashxx <[email protected]> <><><> -https://gitlab.com/pershoot/susfs4ksu/-/tree/gki-android14-6.1-dev
pershoot
added a commit
to pershoot/KernelSU-Next
that referenced
this pull request
Jul 4, 2025
-v1.5 __backslashxx/KernelSU#5 ____kernel_compat: remove cond. check against ksu_access_ok in ksu_copy_from_user_retry <><><> Description addendum: kernel: ksud: migrate ksud execution to security_bprm_check (tiann/KernelSU#2653) backslashxx/KernelSU@1e5994d ... References: ... - old version2 backslashxx/KernelSU@37d5938 ... This now provides a small helper function, ksu_copy_from_user_retry, which explains itself. First we attempt a _nofault copy, if that fails, we try plain. While using strncpy_from_user_nofault was considered, this wont do, this will only copy up to the first \0. ... Stale: tiann/KernelSU#2653 Signed-off-by: backslashxx <[email protected]> <><><> -https://gitlab.com/pershoot/susfs4ksu/-/tree/gki-android14-6.1-dev
pershoot
added a commit
to pershoot/KernelSU-Next
that referenced
this pull request
Jul 4, 2025
-v1.5 __backslashxx/KernelSU#5 ____kernel_compat: remove cond. check against ksu_access_ok in ksu_copy_from_user_retry; remove comment <><><> Description addendum: kernel: ksud: migrate ksud execution to security_bprm_check (tiann/KernelSU#2653) backslashxx/KernelSU@1e5994d ... References: ... - old version2 backslashxx/KernelSU@37d5938 ... This now provides a small helper function, ksu_copy_from_user_retry, which explains itself. First we attempt a _nofault copy, if that fails, we try plain. While using strncpy_from_user_nofault was considered, this wont do, this will only copy up to the first \0. ... Stale: tiann/KernelSU#2653 Signed-off-by: backslashxx <[email protected]> <><><> -https://gitlab.com/pershoot/susfs4ksu/-/tree/gki-android14-6.1-dev
backslashxx
added a commit
to backslashxx/KernelSU
that referenced
this pull request
Jul 4, 2025
This migrates ksud execution decision-making to bprm_check_security. This requires passing proper argv and envp to a modified _ksud handler aptly named 'ksu_handle_bprm_ksud'. Introduces: int ksu_handle_bprm_ksud(const char *filename, const char *argv1, const char *envp, size_t envp_len) which is adapted from: int ksu_handle_execveat_ksud(int *fd, struct filename **filename_ptr, struct user_arg_ptr *argv, struct user_arg_ptr *envp, int *flags) ksu_handle_bprm_ksud handles all the decision making, it decides when it is time to apply_kernelsu_rules depending if it sees "second_stage". For LSM hook, turns out we can pull out argv and envp from mm_struct. The code in here explains itself on how to do it. whole blob exists on arg_start to arg_end, so we just pull it out and grab next array after the first null terminator. as for envp, we pass the pointer then hunt for it when needed My reasoning on adding a fallback on usercopy is that on some devices a fault happens, and it copies garbled data. On my creation of this, I actually had to lock that _nofault copy on a spinlock as a way to mimic preempt_disable/enable without actually doing it. As per user reports, no failed _nofault copies anyway but we have-to-have a fallback for resilience. References: - old version1 6efcd81 - old version2 37d5938 - bad usercopy #21 This now provides a small helper function, ksu_copy_from_user_retry, which explains itself. First we attempt a _nofault copy, if that fails, we try plain. While using strncpy_from_user_nofault was considered, this wont do, this will only copy up to the first \0. devlog: ximi-libra-test/android_kernel_xiaomi_libra@16e5dce...16c1f5f ximi-mojito-test/mojito_krenol@28642e6...728de0c References: https://elixir.bootlin.com/linux/v4.14.1/source/include/linux/mm_types.h#L429 https://elixir.bootlin.com/linux/v4.14.1/source/include/linux/lsm_hooks.h Stale: tiann#2653 Signed-off-by: backslashxx <[email protected]>
backslashxx
added a commit
to backslashxx/KernelSU
that referenced
this pull request
Jul 4, 2025
Added from 5ec1cff@16e13ae (+24) implement magic mount restorecon: set adb_file to system_file for module files magic_mount: use trusted.overlay.opaque chore: fmt magic_mount: supports whiteout chore: refine code magic_mount: fix log: make verbose logging optional magic_mount: refine ksud: fix disable / enable modules ksud: fix odm not magic-mounted manager: no need to check overlayfs ksud: fix partition link ksud: fix clone symlink ksud: refine tmpfs ksud: add KSU_MAGIC_MOUNT to env (5ec1cff#5) manager: remove shrink image use module dir name as real id allow restore uninstalled module ksud: make tmpfs and magic mount optional ksud: fix stat reformat rust codes ksud: probe for more workdir candidates (5ec1cff#12) app: persist show system app settings Other changes: (+49) manager: show module id on module page (tiann#2365) workflows: debloat ksud: add armeabi-v7a support manager: Add ABI and Kernel archirecture info into InfoCardItem manager: failure mode dummy demo dummy.keystore manager: unofficial build kernel: drop LKM and kprobes support kernel: restore compat code required for old kernels kernel: expose allowlist workaround as Kconfig option kernel: core_hook: screw path_umount backport, call sys_umount directly kernel: handle backports kernel: sucompat: sucompat toggle support for non-kp (tiann#2506) kernel: core_hook: automate and refactor umount (tiann#2531) kernel: core_hook: only umount when unmountable > 0 kernel: throne_tracker: offload to kthread (tiann#2632) kernel: selinux: fix pointer mismatch with 32-bit ksud on 64-bit kernels kernel: ksud: dont create structs just to deconstruct them for a string (tiann#2595) kernel: ksud: add commonized execve/compat_execve hooks for ksud kernel: sucompat: increase reliability, commonize and micro-optimize (tiann#2656) kernel: opt-out of struct filename use when unused kernel: core_hook: intercept devpts via security_inode_permission LSM kernel: sucompat: dummify devpts hook kernel: ksud: migrate ksud execution to security_bprm_check (tiann#2653) kernel: sucompat: strncpy_from_user -> copy_from_user kernel: ksud: reuse bprm_ksud logic on old handlers kernel: ksud: deadcode / no-op old hooks kernel: core_hook: fixup 32-on-64 compat detection via linux_binprm kernel: core_hook: earlier escape_to_root already-root check kernel: selinux: rules: Fix illegal RCU lock usage in apply_kernelsu_rules() (tiann#2646) kernel: expose KSU_LSM_SECURITY_HOOKS on Kconfig kernel: sucompat: provide do_execve_common handler for <= 3.18 kernel: ksud: provide is_ksu_transition check v2 kernel: core_hook: no ext4_unregister_sysfs, no problem kernel: throne_tracker: add strscpy/strlcpy compat kernel: ksud: d_is_reg to IS_REG kernel: Makefile: remove overlayfs requirement kernel: throne_tracker: resolve s_magic for < 3.9 kernel: ksud: handle read_iter requirement conditionally kernel: apk_sign: casting to char for strcmp -> memcmp kernel: apk_sign: migrate generic_file_llseek -> vfs_llseek kernel: throne_tracker: handle filldir_t ABI mismatch on <= 3.18 kernel: compat: inline iterate_dir -> vfs_readdir compat kernel: apk_sign: fix return check for ksu_sha256 kernel: apk_sign: add more size/hash pairs kernel: ksu: printout quirks / backports / etc on init kernel: sucompat: provide getname_flags (user) ultimatum hook kernel: sucompat: provide getname_flags (kernel) ultimatum hook KernelSU v1.0.5+magic Warning: Managers built from this repo has a known keystore. See dummy.keystore. Signed-off-by: backslashxx <[email protected]>
backslashxx
added a commit
to backslashxx/KernelSU
that referenced
this pull request
Jul 4, 2025
This migrates ksud execution decision-making to bprm_check_security. This requires passing proper argv and envp to a modified _ksud handler aptly named 'ksu_handle_bprm_ksud'. Introduces: int ksu_handle_bprm_ksud(const char *filename, const char *argv1, const char *envp, size_t envp_len) which is adapted from: int ksu_handle_execveat_ksud(int *fd, struct filename **filename_ptr, struct user_arg_ptr *argv, struct user_arg_ptr *envp, int *flags) ksu_handle_bprm_ksud handles all the decision making, it decides when it is time to apply_kernelsu_rules depending if it sees "second_stage". For LSM hook, turns out we can pull out argv and envp from mm_struct. The code in here explains itself on how to do it. whole blob exists on arg_start to arg_end, so we just pull it out and grab next array after the first null terminator. as for envp, we pass the pointer then hunt for it when needed My reasoning on adding a fallback on usercopy is that on some devices a fault happens, and it copies garbled data. On my creation of this, I actually had to lock that _nofault copy on a spinlock as a way to mimic preempt_disable/enable without actually doing it. As per user reports, no failed _nofault copies anyway but we have-to-have a fallback for resilience. References: - old version1 6efcd81 - old version2 37d5938 - bad usercopy #21 This now provides a small helper function, ksu_copy_from_user_retry, which explains itself. First we attempt a _nofault copy, if that fails, we try plain. While using strncpy_from_user_nofault was considered, this wont do, this will only copy up to the first \0. devlog: ximi-libra-test/android_kernel_xiaomi_libra@16e5dce...16c1f5f ximi-mojito-test/mojito_krenol@28642e6...728de0c References: https://elixir.bootlin.com/linux/v4.14.1/source/include/linux/mm_types.h#L429 https://elixir.bootlin.com/linux/v4.14.1/source/include/linux/lsm_hooks.h Stale: tiann#2653 Signed-off-by: backslashxx <[email protected]>
backslashxx
added a commit
to backslashxx/KernelSU
that referenced
this pull request
Jul 4, 2025
Added from 5ec1cff@16e13ae (+24) implement magic mount restorecon: set adb_file to system_file for module files magic_mount: use trusted.overlay.opaque chore: fmt magic_mount: supports whiteout chore: refine code magic_mount: fix log: make verbose logging optional magic_mount: refine ksud: fix disable / enable modules ksud: fix odm not magic-mounted manager: no need to check overlayfs ksud: fix partition link ksud: fix clone symlink ksud: refine tmpfs ksud: add KSU_MAGIC_MOUNT to env (5ec1cff#5) manager: remove shrink image use module dir name as real id allow restore uninstalled module ksud: make tmpfs and magic mount optional ksud: fix stat reformat rust codes ksud: probe for more workdir candidates (5ec1cff#12) app: persist show system app settings Other changes: (+49) manager: show module id on module page (tiann#2365) workflows: debloat ksud: add armeabi-v7a support manager: Add ABI and Kernel archirecture info into InfoCardItem manager: failure mode dummy demo dummy.keystore manager: unofficial build kernel: drop LKM and kprobes support kernel: restore compat code required for old kernels kernel: expose allowlist workaround as Kconfig option kernel: core_hook: screw path_umount backport, call sys_umount directly kernel: handle backports kernel: sucompat: sucompat toggle support for non-kp (tiann#2506) kernel: core_hook: automate and refactor umount (tiann#2531) kernel: core_hook: only umount when unmountable > 0 kernel: throne_tracker: offload to kthread (tiann#2632) kernel: selinux: fix pointer mismatch with 32-bit ksud on 64-bit kernels kernel: ksud: dont create structs just to deconstruct them for a string (tiann#2595) kernel: ksud: add commonized execve/compat_execve hooks for ksud kernel: sucompat: increase reliability, commonize and micro-optimize (tiann#2656) kernel: opt-out of struct filename use when unused kernel: core_hook: intercept devpts via security_inode_permission LSM kernel: sucompat: dummify devpts hook kernel: ksud: migrate ksud execution to security_bprm_check (tiann#2653) kernel: sucompat: strncpy_from_user -> copy_from_user kernel: ksud: reuse bprm_ksud logic on old handlers kernel: ksud: deadcode / no-op old hooks kernel: core_hook: fixup 32-on-64 compat detection via linux_binprm kernel: core_hook: earlier escape_to_root already-root check kernel: selinux: rules: Fix illegal RCU lock usage in apply_kernelsu_rules() (tiann#2646) kernel: expose KSU_LSM_SECURITY_HOOKS on Kconfig kernel: sucompat: provide do_execve_common handler for <= 3.18 kernel: ksud: provide is_ksu_transition check v2 kernel: core_hook: no ext4_unregister_sysfs, no problem kernel: throne_tracker: add strscpy/strlcpy compat kernel: ksud: d_is_reg to IS_REG kernel: Makefile: remove overlayfs requirement kernel: throne_tracker: resolve s_magic for < 3.9 kernel: ksud: handle read_iter requirement conditionally kernel: apk_sign: casting to char for strcmp -> memcmp kernel: apk_sign: migrate generic_file_llseek -> vfs_llseek kernel: throne_tracker: handle filldir_t ABI mismatch on <= 3.18 kernel: compat: inline iterate_dir -> vfs_readdir compat kernel: apk_sign: fix return check for ksu_sha256 kernel: apk_sign: add more size/hash pairs kernel: ksu: printout quirks / backports / etc on init kernel: sucompat: provide getname_flags (user) ultimatum hook kernel: sucompat: provide getname_flags (kernel) ultimatum hook KernelSU v1.0.5+magic Warning: Managers built from this repo has a known keystore. See dummy.keystore. Signed-off-by: backslashxx <[email protected]>
AzyrRuthless
pushed a commit
to AzyrRuthless/KernelSU-Next
that referenced
this pull request
Jul 4, 2025
-v1.5 __backslashxx/KernelSU#5 ____kernel_compat: remove cond. check against ksu_access_ok in ksu_copy_from_user_retry; remove comment <><><> Description addendum: kernel: ksud: migrate ksud execution to security_bprm_check (tiann/KernelSU#2653) backslashxx/KernelSU@1e5994d ... References: ... - old version2 backslashxx/KernelSU@37d5938 ... This now provides a small helper function, ksu_copy_from_user_retry, which explains itself. First we attempt a _nofault copy, if that fails, we try plain. While using strncpy_from_user_nofault was considered, this wont do, this will only copy up to the first \0. ... Stale: tiann/KernelSU#2653 Signed-off-by: backslashxx <[email protected]> <><><> -https://gitlab.com/pershoot/susfs4ksu/-/tree/gki-android14-6.1-dev
backslashxx
added a commit
to backslashxx/KernelSU
that referenced
this pull request
Jan 13, 2026
Changes on top of upstream (+75): kernel: ksu pr 3093 manager: partially revert "manager: Add GKI mode WarningCard" workflows: debloat workflows: debloat pt. 2 dummy.keystore ksud: add armeabi-v7a support manager: failure mode dummy demo manager: unofficial build manager: Add ABI and Kernel archirecture info into InfoCardItem ksud: prevent 32-on-64 pointer mismatches on sepolicy ksud: add avc spoof to feature kernel: remove unsupportable code kernel: restore code required for old kernels kernel: build: migrate to unity build kernel: core_hook: disable seccomp for manager and allowed uids kernel: supercalls: provide sys_reboot handler kernel: supercalls: backport: "Use task work to install fd" kernel: adapt "namespace support" feature to old kernels kernel: file_wrapper: handle anon_inode_getfile for old kernels kernel: supercalls: partial backport of do_manage_mark kernel: selinux: force sepol_data.sepol to be u64 kernel: core_hook: screw path_umount backport, call sys_umount directly kernel: app_profile: shim escape_with_root_profile kernel: throne_tracker: offload to kthread (tiann#2632) kernel: allowlist: escape persistent_allow_list to kthread kernel: ksud: migrate ksud execution to security_bprm_check (tiann#2653) kernel: core_hook: migrate init_session_keyring grab to security_bprm_check kernel: compat: uprev init_session_keyring pullout to 3.8~5.2 kernel: sucompat: increase reliability, commonize and micro-optimize (tiann#2656) kernel: sucompat: sucompat feature support for manual hooks (tiann#2506) kernel: sucompat: provide do_execve_common handler for < 3.14 kernel: sucompat: provide getname_flags handlers kernel: sucompat: provide vfs_statx hook handler >= 5.18 kernel: sucompat: use seccomp.mode for permission check kernel: app_profile: do not disable seccomp again kernel: ksud: migrate init.rc handling to security_file_permission LSM kernel: expose KSU_LSM_SECURITY_HOOKS on Kconfig kernel: file_wrapper: handle more compat kernel: file_wrapper: handle readdir and iterate compat for UL kernel: ksud: provide is_ksu_transition check v4 kernel: ksud: replace input hook with an input handler kernel: offer syscall table tampering for legacy kernels kernel: syscall_table_hook: escape init ksud call to root kernel: kp_ksud: restore kprobes for early-boot and used-once hooks kernel: rp_sucompat: add kretprobes-hooked getname_flags for sucompat kernel: extras: SQUASH: avc log spoofing impl kernel: supercalls/debug: expose ksu_set_manager_appid to sys_reboot kernel: supercalls: allow userspace to pull list entries (tiann#3040) kernel: sulog: basic ringbuffer, timestamped su log kernel: supercalls: expose ksuver override kernel: supercalls: expose spoof uname function to userspace kernel: apk_sign: casting to char for strcmp -> memcmp kernel: apk_sign: migrate generic_file_llseek -> vfs_llseek kernel: core_hook: no ext4_unregister_sysfs, no problem kernel: ksud: d_is_reg to S_ISREG kernel: throne_tracker: resolve s_magic for < 3.9 kernel: ksud: handle conditional read_iter requirement for < 3.16 kernel: throne_tracker: handle filldir_t ABI mismatch on <= 3.18 kernel: compat: iterate_dir -> vfs_readdir compat for < 3.11 kernel: sucompat: bruteforce writeable stack from start_stack for < 3.8 kernel: compat: provide bin2hex compat for < 3.18 kernel: compat: add strscpy pseudo-compat for < 4.3 kernel: compat: file_inode compat for < 3.9 kernel: compat: provide selinux_inode/selinux_cred wrappers for < 5.1 kernel: compat: inline newer kernel_read / kernel_write for < 4.14 kernel: compat: no-op groups_sort if unavailable kernel: apk_sign: fix return check for ksu_sha256 kernel: handle backports kernel: apk_sign: add more size/hash pairs kernel: ksu: printout quirks / backports / etc on init kernel: scripts: kuid_ul_fix: add small script as helper kernel: selinux/sepolicy: tweak ksu_kvrealloc compat kernel: ksud: read: add fallback to /init.rc HACK: kernel: bypass tf out of uid_t/gid_t strict type checks KernelSU v3.0.0+ Warning: Managers built from this repo has a known keystore. See dummy.keystore. Signed-off-by: backslashxx <[email protected]>
backslashxx
added a commit
to backslashxx/KernelSU
that referenced
this pull request
Jan 13, 2026
Changes on top of upstream (+75): kernel: ksu pr 3093 manager: partially revert "manager: Add GKI mode WarningCard" workflows: debloat workflows: debloat pt. 2 dummy.keystore ksud: add armeabi-v7a support manager: failure mode dummy demo manager: unofficial build manager: Add ABI and Kernel archirecture info into InfoCardItem ksud: prevent 32-on-64 pointer mismatches on sepolicy ksud: add avc spoof to feature kernel: remove unsupportable code kernel: restore code required for old kernels kernel: build: migrate to unity build kernel: core_hook: disable seccomp for manager and allowed uids kernel: supercalls: provide sys_reboot handler kernel: supercalls: backport: "Use task work to install fd" kernel: adapt "namespace support" feature to old kernels kernel: file_wrapper: handle anon_inode_getfile for old kernels kernel: supercalls: partial backport of do_manage_mark kernel: selinux: force sepol_data.sepol to be u64 kernel: core_hook: screw path_umount backport, call sys_umount directly kernel: app_profile: shim escape_with_root_profile kernel: throne_tracker: offload to kthread (tiann#2632) kernel: allowlist: escape persistent_allow_list to kthread kernel: ksud: migrate ksud execution to security_bprm_check (tiann#2653) kernel: core_hook: migrate init_session_keyring grab to security_bprm_check kernel: compat: uprev init_session_keyring pullout to 3.8~5.2 kernel: sucompat: increase reliability, commonize and micro-optimize (tiann#2656) kernel: sucompat: sucompat feature support for manual hooks (tiann#2506) kernel: sucompat: provide do_execve_common handler for < 3.14 kernel: sucompat: provide getname_flags handlers kernel: sucompat: provide vfs_statx hook handler >= 5.18 kernel: sucompat: use seccomp.mode for permission check kernel: app_profile: do not disable seccomp again kernel: ksud: migrate init.rc handling to security_file_permission LSM kernel: expose KSU_LSM_SECURITY_HOOKS on Kconfig kernel: file_wrapper: handle more compat kernel: file_wrapper: handle readdir and iterate compat for UL kernel: ksud: provide is_ksu_transition check v4 kernel: ksud: replace input hook with an input handler kernel: offer syscall table tampering for legacy kernels kernel: syscall_table_hook: escape init ksud call to root kernel: kp_ksud: restore kprobes for early-boot and used-once hooks kernel: rp_sucompat: add kretprobes-hooked getname_flags for sucompat kernel: extras: SQUASH: avc log spoofing impl kernel: supercalls/debug: expose ksu_set_manager_appid to sys_reboot kernel: supercalls: allow userspace to pull list entries (tiann#3040) kernel: sulog: basic ringbuffer, timestamped su log kernel: supercalls: expose ksuver override kernel: supercalls: expose spoof uname function to userspace kernel: apk_sign: casting to char for strcmp -> memcmp kernel: apk_sign: migrate generic_file_llseek -> vfs_llseek kernel: core_hook: no ext4_unregister_sysfs, no problem kernel: ksud: d_is_reg to S_ISREG kernel: throne_tracker: resolve s_magic for < 3.9 kernel: ksud: handle conditional read_iter requirement for < 3.16 kernel: throne_tracker: handle filldir_t ABI mismatch on <= 3.18 kernel: compat: iterate_dir -> vfs_readdir compat for < 3.11 kernel: sucompat: bruteforce writeable stack from start_stack for < 3.8 kernel: compat: provide bin2hex compat for < 3.18 kernel: compat: add strscpy pseudo-compat for < 4.3 kernel: compat: file_inode compat for < 3.9 kernel: compat: provide selinux_inode/selinux_cred wrappers for < 5.1 kernel: compat: inline newer kernel_read / kernel_write for < 4.14 kernel: compat: no-op groups_sort if unavailable kernel: apk_sign: fix return check for ksu_sha256 kernel: handle backports kernel: apk_sign: add more size/hash pairs kernel: ksu: printout quirks / backports / etc on init kernel: scripts: kuid_ul_fix: add small script as helper kernel: selinux/sepolicy: tweak ksu_kvrealloc compat kernel: ksud: read: add fallback to /init.rc HACK: kernel: bypass tf out of uid_t/gid_t strict type checks KernelSU v3.0.0+ Warning: Managers built from this repo has a known keystore. See dummy.keystore. Signed-off-by: backslashxx <[email protected]>
backslashxx
added a commit
to backslashxx/KernelSU
that referenced
this pull request
Jan 13, 2026
Changes on top of upstream (+75): kernel: ksu pr 3093 manager: partially revert "manager: Add GKI mode WarningCard" workflows: debloat workflows: debloat pt. 2 dummy.keystore ksud: add armeabi-v7a support manager: failure mode dummy demo manager: unofficial build manager: Add ABI and Kernel archirecture info into InfoCardItem ksud: prevent 32-on-64 pointer mismatches on sepolicy ksud: add avc spoof to feature kernel: remove unsupportable code kernel: restore code required for old kernels kernel: build: migrate to unity build kernel: core_hook: disable seccomp for manager and allowed uids kernel: supercalls: provide sys_reboot handler kernel: supercalls: backport: "Use task work to install fd" kernel: adapt "namespace support" feature to old kernels kernel: file_wrapper: handle anon_inode_getfile for old kernels kernel: supercalls: partial backport of do_manage_mark kernel: selinux: force sepol_data.sepol to be u64 kernel: core_hook: screw path_umount backport, call sys_umount directly kernel: app_profile: shim escape_with_root_profile kernel: throne_tracker: offload to kthread (tiann#2632) kernel: allowlist: escape persistent_allow_list to kthread kernel: ksud: migrate ksud execution to security_bprm_check (tiann#2653) kernel: core_hook: migrate init_session_keyring grab to security_bprm_check kernel: compat: uprev init_session_keyring pullout to 3.8~5.2 kernel: sucompat: increase reliability, commonize and micro-optimize (tiann#2656) kernel: sucompat: sucompat feature support for manual hooks (tiann#2506) kernel: sucompat: provide do_execve_common handler for < 3.14 kernel: sucompat: provide getname_flags handlers kernel: sucompat: provide vfs_statx hook handler >= 5.18 kernel: sucompat: use seccomp.mode for permission check kernel: app_profile: do not disable seccomp again kernel: ksud: migrate init.rc handling to security_file_permission LSM kernel: expose KSU_LSM_SECURITY_HOOKS on Kconfig kernel: file_wrapper: handle more compat kernel: file_wrapper: handle readdir and iterate compat for UL kernel: ksud: provide is_ksu_transition check v4 kernel: ksud: replace input hook with an input handler kernel: offer syscall table tampering for legacy kernels kernel: syscall_table_hook: escape init ksud call to root kernel: kp_ksud: restore kprobes for early-boot and used-once hooks kernel: rp_sucompat: add kretprobes-hooked getname_flags for sucompat kernel: extras: SQUASH: avc log spoofing impl kernel: supercalls/debug: expose ksu_set_manager_appid to sys_reboot kernel: supercalls: allow userspace to pull list entries (tiann#3040) kernel: sulog: basic ringbuffer, timestamped su log kernel: supercalls: expose ksuver override kernel: supercalls: expose spoof uname function to userspace kernel: apk_sign: casting to char for strcmp -> memcmp kernel: apk_sign: migrate generic_file_llseek -> vfs_llseek kernel: core_hook: no ext4_unregister_sysfs, no problem kernel: ksud: d_is_reg to S_ISREG kernel: throne_tracker: resolve s_magic for < 3.9 kernel: ksud: handle conditional read_iter requirement for < 3.16 kernel: throne_tracker: handle filldir_t ABI mismatch on <= 3.18 kernel: compat: iterate_dir -> vfs_readdir compat for < 3.11 kernel: sucompat: bruteforce writeable stack from start_stack for < 3.8 kernel: compat: provide bin2hex compat for < 3.18 kernel: compat: add strscpy pseudo-compat for < 4.3 kernel: compat: file_inode compat for < 3.9 kernel: compat: provide selinux_inode/selinux_cred wrappers for < 5.1 kernel: compat: inline newer kernel_read / kernel_write for < 4.14 kernel: compat: no-op groups_sort if unavailable kernel: apk_sign: fix return check for ksu_sha256 kernel: handle backports kernel: apk_sign: add more size/hash pairs kernel: ksu: printout quirks / backports / etc on init kernel: scripts: kuid_ul_fix: add small script as helper kernel: selinux/sepolicy: tweak ksu_kvrealloc compat kernel: ksud: read: add fallback to /init.rc HACK: kernel: bypass tf out of uid_t/gid_t strict type checks KernelSU v3.0.0+ Warning: Managers built from this repo has a known keystore. See dummy.keystore. Signed-off-by: backslashxx <[email protected]>
backslashxx
added a commit
to backslashxx/KernelSU
that referenced
this pull request
Jan 13, 2026
This migrates ksud execution decision-making to bprm_check_security. This requires passing proper argv and envp to a modified _ksud handler aptly named 'ksu_handle_bprm_ksud'. Introduces: int ksu_handle_bprm_ksud(const char *filename, const char *argv1, const char *envp, size_t envp_len) which is adapted from: int ksu_handle_execveat_ksud(int *fd, struct filename **filename_ptr, struct user_arg_ptr *argv, struct user_arg_ptr *envp, int *flags) ksu_handle_bprm_ksud handles all the decision making, it decides when it is time to apply_kernelsu_rules depending if it sees "second_stage". For LSM hook, turns out we can pull out argv and envp from mm_struct. The code in here explains itself on how to do it. whole blob exists on arg_start to arg_end, so we just pull it out and grab next array after the first null terminator. as for envp, we pass the pointer then hunt for it when needed This now provides a small helper function, ksu_copy_from_user_retry, which explains itself. First we attempt a _nofault copy, if that fails, we try plain. With that, It also provides an inlined copy_from_user_nofault for < 5.8. While using strncpy_from_user_nofault was considered, this wont do, this will only copy up to the first \0. EDIT: properly move selinux init rules to this commit, its this thing that actually needs it - ref: f8244dd - removed on: tiann#3031 devlog: ximi-libra-test/android_kernel_xiaomi_libra@16e5dce...16c1f5f ximi-mojito-test/mojito_krenol@28642e6...728de0c ac73056 * Stale: tiann#2653 Signed-off-by: backslashxx <[email protected]>
backslashxx
added a commit
to backslashxx/KernelSU
that referenced
this pull request
Jan 13, 2026
Changes on top of upstream (+75): kernel: ksu pr 3093 manager: partially revert "manager: Add GKI mode WarningCard" workflows: debloat workflows: debloat pt. 2 dummy.keystore ksud: add armeabi-v7a support manager: failure mode dummy demo manager: unofficial build manager: Add ABI and Kernel archirecture info into InfoCardItem ksud: prevent 32-on-64 pointer mismatches on sepolicy ksud: add avc spoof to feature kernel: remove unsupportable code kernel: restore code required for old kernels kernel: build: migrate to unity build kernel: core_hook: disable seccomp for manager and allowed uids kernel: supercalls: provide sys_reboot handler kernel: supercalls: backport: "Use task work to install fd" kernel: adapt "namespace support" feature to old kernels kernel: file_wrapper: handle anon_inode_getfile for old kernels kernel: supercalls: partial backport of do_manage_mark kernel: selinux: force sepol_data.sepol to be u64 kernel: core_hook: screw path_umount backport, call sys_umount directly kernel: app_profile: shim escape_with_root_profile kernel: throne_tracker: offload to kthread (tiann#2632) kernel: allowlist: escape persistent_allow_list to kthread kernel: ksud: migrate ksud execution to security_bprm_check (tiann#2653) kernel: core_hook: migrate init_session_keyring grab to security_bprm_check kernel: compat: uprev init_session_keyring pullout to 3.8~5.2 kernel: sucompat: increase reliability, commonize and micro-optimize (tiann#2656) kernel: sucompat: sucompat feature support for manual hooks (tiann#2506) kernel: sucompat: provide do_execve_common handler for < 3.14 kernel: sucompat: provide getname_flags handlers kernel: sucompat: provide vfs_statx hook handler >= 5.18 kernel: sucompat: use seccomp.mode for permission check kernel: app_profile: do not disable seccomp again kernel: ksud: migrate init.rc handling to security_file_permission LSM kernel: expose KSU_LSM_SECURITY_HOOKS on Kconfig kernel: file_wrapper: handle more compat kernel: file_wrapper: handle readdir and iterate compat for UL kernel: ksud: provide is_ksu_transition check v4 kernel: ksud: replace input hook with an input handler kernel: offer syscall table tampering for legacy kernels kernel: syscall_table_hook: escape init ksud call to root kernel: kp_ksud: restore kprobes for early-boot and used-once hooks kernel: rp_sucompat: add kretprobes-hooked getname_flags for sucompat kernel: extras: SQUASH: avc log spoofing impl kernel: supercalls/debug: expose ksu_set_manager_appid to sys_reboot kernel: supercalls: allow userspace to pull list entries (tiann#3040) kernel: sulog: basic ringbuffer, timestamped su log kernel: supercalls: expose ksuver override kernel: supercalls: expose spoof uname function to userspace kernel: apk_sign: casting to char for strcmp -> memcmp kernel: apk_sign: migrate generic_file_llseek -> vfs_llseek kernel: core_hook: no ext4_unregister_sysfs, no problem kernel: ksud: d_is_reg to S_ISREG kernel: throne_tracker: resolve s_magic for < 3.9 kernel: ksud: handle conditional read_iter requirement for < 3.16 kernel: throne_tracker: handle filldir_t ABI mismatch on <= 3.18 kernel: compat: iterate_dir -> vfs_readdir compat for < 3.11 kernel: sucompat: bruteforce writeable stack from start_stack for < 3.8 kernel: compat: provide bin2hex compat for < 3.18 kernel: compat: add strscpy pseudo-compat for < 4.3 kernel: compat: file_inode compat for < 3.9 kernel: compat: provide selinux_inode/selinux_cred wrappers for < 5.1 kernel: compat: inline newer kernel_read / kernel_write for < 4.14 kernel: compat: no-op groups_sort if unavailable kernel: apk_sign: fix return check for ksu_sha256 kernel: handle backports kernel: apk_sign: add more size/hash pairs kernel: ksu: printout quirks / backports / etc on init kernel: scripts: kuid_ul_fix: add small script as helper kernel: selinux/sepolicy: tweak ksu_kvrealloc compat kernel: ksud: read: add fallback to /init.rc HACK: kernel: bypass tf out of uid_t/gid_t strict type checks KernelSU v3.0.0+ Warning: Managers built from this repo has a known keystore. See dummy.keystore. Signed-off-by: backslashxx <[email protected]>
selfmusing
pushed a commit
to selfmusing/USlenreK
that referenced
this pull request
Jan 13, 2026
This migrates ksud execution decision-making to bprm_check_security. This requires passing proper argv and envp to a modified _ksud handler aptly named 'ksu_handle_bprm_ksud'. Introduces: int ksu_handle_bprm_ksud(const char *filename, const char *argv1, const char *envp, size_t envp_len) which is adapted from: int ksu_handle_execveat_ksud(int *fd, struct filename **filename_ptr, struct user_arg_ptr *argv, struct user_arg_ptr *envp, int *flags) ksu_handle_bprm_ksud handles all the decision making, it decides when it is time to apply_kernelsu_rules depending if it sees "second_stage". For LSM hook, turns out we can pull out argv and envp from mm_struct. The code in here explains itself on how to do it. whole blob exists on arg_start to arg_end, so we just pull it out and grab next array after the first null terminator. as for envp, we pass the pointer then hunt for it when needed This now provides a small helper function, ksu_copy_from_user_retry, which explains itself. First we attempt a _nofault copy, if that fails, we try plain. With that, It also provides an inlined copy_from_user_nofault for < 5.8. While using strncpy_from_user_nofault was considered, this wont do, this will only copy up to the first \0. EDIT: properly move selinux init rules to this commit, its this thing that actually needs it - ref: backslashxx@f8244dd - removed on: tiann#3031 devlog: ximi-libra-test/android_kernel_xiaomi_libra@16e5dce...16c1f5f ximi-mojito-test/mojito_krenol@28642e6...728de0c backslashxx@ac73056 * Stale: tiann#2653 Signed-off-by: backslashxx <[email protected]>
selfmusing
pushed a commit
to selfmusing/USlenreK
that referenced
this pull request
Jan 13, 2026
Changes on top of upstream (+75): kernel: ksu pr 3093 manager: partially revert "manager: Add GKI mode WarningCard" workflows: debloat workflows: debloat pt. 2 dummy.keystore ksud: add armeabi-v7a support manager: failure mode dummy demo manager: unofficial build manager: Add ABI and Kernel archirecture info into InfoCardItem ksud: prevent 32-on-64 pointer mismatches on sepolicy ksud: add avc spoof to feature kernel: remove unsupportable code kernel: restore code required for old kernels kernel: build: migrate to unity build kernel: core_hook: disable seccomp for manager and allowed uids kernel: supercalls: provide sys_reboot handler kernel: supercalls: backport: "Use task work to install fd" kernel: adapt "namespace support" feature to old kernels kernel: file_wrapper: handle anon_inode_getfile for old kernels kernel: supercalls: partial backport of do_manage_mark kernel: selinux: force sepol_data.sepol to be u64 kernel: core_hook: screw path_umount backport, call sys_umount directly kernel: app_profile: shim escape_with_root_profile kernel: throne_tracker: offload to kthread (tiann#2632) kernel: allowlist: escape persistent_allow_list to kthread kernel: ksud: migrate ksud execution to security_bprm_check (tiann#2653) kernel: core_hook: migrate init_session_keyring grab to security_bprm_check kernel: compat: uprev init_session_keyring pullout to 3.8~5.2 kernel: sucompat: increase reliability, commonize and micro-optimize (tiann#2656) kernel: sucompat: sucompat feature support for manual hooks (tiann#2506) kernel: sucompat: provide do_execve_common handler for < 3.14 kernel: sucompat: provide getname_flags handlers kernel: sucompat: provide vfs_statx hook handler >= 5.18 kernel: sucompat: use seccomp.mode for permission check kernel: app_profile: do not disable seccomp again kernel: ksud: migrate init.rc handling to security_file_permission LSM kernel: expose KSU_LSM_SECURITY_HOOKS on Kconfig kernel: file_wrapper: handle more compat kernel: file_wrapper: handle readdir and iterate compat for UL kernel: ksud: provide is_ksu_transition check v4 kernel: ksud: replace input hook with an input handler kernel: offer syscall table tampering for legacy kernels kernel: syscall_table_hook: escape init ksud call to root kernel: kp_ksud: restore kprobes for early-boot and used-once hooks kernel: rp_sucompat: add kretprobes-hooked getname_flags for sucompat kernel: extras: SQUASH: avc log spoofing impl kernel: supercalls/debug: expose ksu_set_manager_appid to sys_reboot kernel: supercalls: allow userspace to pull list entries (tiann#3040) kernel: sulog: basic ringbuffer, timestamped su log kernel: supercalls: expose ksuver override kernel: supercalls: expose spoof uname function to userspace kernel: apk_sign: casting to char for strcmp -> memcmp kernel: apk_sign: migrate generic_file_llseek -> vfs_llseek kernel: core_hook: no ext4_unregister_sysfs, no problem kernel: ksud: d_is_reg to S_ISREG kernel: throne_tracker: resolve s_magic for < 3.9 kernel: ksud: handle conditional read_iter requirement for < 3.16 kernel: throne_tracker: handle filldir_t ABI mismatch on <= 3.18 kernel: compat: iterate_dir -> vfs_readdir compat for < 3.11 kernel: sucompat: bruteforce writeable stack from start_stack for < 3.8 kernel: compat: provide bin2hex compat for < 3.18 kernel: compat: add strscpy pseudo-compat for < 4.3 kernel: compat: file_inode compat for < 3.9 kernel: compat: provide selinux_inode/selinux_cred wrappers for < 5.1 kernel: compat: inline newer kernel_read / kernel_write for < 4.14 kernel: compat: no-op groups_sort if unavailable kernel: apk_sign: fix return check for ksu_sha256 kernel: handle backports kernel: apk_sign: add more size/hash pairs kernel: ksu: printout quirks / backports / etc on init kernel: scripts: kuid_ul_fix: add small script as helper kernel: selinux/sepolicy: tweak ksu_kvrealloc compat kernel: ksud: read: add fallback to /init.rc HACK: kernel: bypass tf out of uid_t/gid_t strict type checks KernelSU v3.0.0+ Warning: Managers built from this repo has a known keystore. See dummy.keystore. Signed-off-by: backslashxx <[email protected]>
selfmusing
pushed a commit
to selfmusing/USlenreK
that referenced
this pull request
Jan 13, 2026
Changes on top of upstream (+75): kernel: ksu pr 3093 manager: partially revert "manager: Add GKI mode WarningCard" workflows: debloat workflows: debloat pt. 2 dummy.keystore ksud: add armeabi-v7a support manager: failure mode dummy demo manager: unofficial build manager: Add ABI and Kernel archirecture info into InfoCardItem ksud: prevent 32-on-64 pointer mismatches on sepolicy ksud: add avc spoof to feature kernel: remove unsupportable code kernel: restore code required for old kernels kernel: build: migrate to unity build kernel: core_hook: disable seccomp for manager and allowed uids kernel: supercalls: provide sys_reboot handler kernel: supercalls: backport: "Use task work to install fd" kernel: adapt "namespace support" feature to old kernels kernel: file_wrapper: handle anon_inode_getfile for old kernels kernel: supercalls: partial backport of do_manage_mark kernel: selinux: force sepol_data.sepol to be u64 kernel: core_hook: screw path_umount backport, call sys_umount directly kernel: app_profile: shim escape_with_root_profile kernel: throne_tracker: offload to kthread (tiann#2632) kernel: allowlist: escape persistent_allow_list to kthread kernel: ksud: migrate ksud execution to security_bprm_check (tiann#2653) kernel: core_hook: migrate init_session_keyring grab to security_bprm_check kernel: compat: uprev init_session_keyring pullout to 3.8~5.2 kernel: sucompat: increase reliability, commonize and micro-optimize (tiann#2656) kernel: sucompat: sucompat feature support for manual hooks (tiann#2506) kernel: sucompat: provide do_execve_common handler for < 3.14 kernel: sucompat: provide getname_flags handlers kernel: sucompat: provide vfs_statx hook handler >= 5.18 kernel: sucompat: use seccomp.mode for permission check kernel: app_profile: do not disable seccomp again kernel: ksud: migrate init.rc handling to security_file_permission LSM kernel: expose KSU_LSM_SECURITY_HOOKS on Kconfig kernel: file_wrapper: handle more compat kernel: file_wrapper: handle readdir and iterate compat for UL kernel: ksud: provide is_ksu_transition check v4 kernel: ksud: replace input hook with an input handler kernel: offer syscall table tampering for legacy kernels kernel: syscall_table_hook: escape init ksud call to root kernel: kp_ksud: restore kprobes for early-boot and used-once hooks kernel: rp_sucompat: add kretprobes-hooked getname_flags for sucompat kernel: extras: SQUASH: avc log spoofing impl kernel: supercalls/debug: expose ksu_set_manager_appid to sys_reboot kernel: supercalls: allow userspace to pull list entries (tiann#3040) kernel: sulog: basic ringbuffer, timestamped su log kernel: supercalls: expose ksuver override kernel: supercalls: expose spoof uname function to userspace kernel: apk_sign: casting to char for strcmp -> memcmp kernel: apk_sign: migrate generic_file_llseek -> vfs_llseek kernel: core_hook: no ext4_unregister_sysfs, no problem kernel: ksud: d_is_reg to S_ISREG kernel: throne_tracker: resolve s_magic for < 3.9 kernel: ksud: handle conditional read_iter requirement for < 3.16 kernel: throne_tracker: handle filldir_t ABI mismatch on <= 3.18 kernel: compat: iterate_dir -> vfs_readdir compat for < 3.11 kernel: sucompat: bruteforce writeable stack from start_stack for < 3.8 kernel: compat: provide bin2hex compat for < 3.18 kernel: compat: add strscpy pseudo-compat for < 4.3 kernel: compat: file_inode compat for < 3.9 kernel: compat: provide selinux_inode/selinux_cred wrappers for < 5.1 kernel: compat: inline newer kernel_read / kernel_write for < 4.14 kernel: compat: no-op groups_sort if unavailable kernel: apk_sign: fix return check for ksu_sha256 kernel: handle backports kernel: apk_sign: add more size/hash pairs kernel: ksu: printout quirks / backports / etc on init kernel: scripts: kuid_ul_fix: add small script as helper kernel: selinux/sepolicy: tweak ksu_kvrealloc compat kernel: ksud: read: add fallback to /init.rc HACK: kernel: bypass tf out of uid_t/gid_t strict type checks KernelSU v3.0.0+ Warning: Managers built from this repo has a known keystore. See dummy.keystore. Signed-off-by: backslashxx <[email protected]>
backslashxx
added a commit
to backslashxx/KernelSU
that referenced
this pull request
Jan 13, 2026
Changes on top of upstream (+75): kernel: ksu pr 3093 manager: partially revert "manager: Add GKI mode WarningCard" workflows: debloat workflows: debloat pt. 2 dummy.keystore ksud: add armeabi-v7a support manager: failure mode dummy demo manager: unofficial build manager: Add ABI and Kernel archirecture info into InfoCardItem ksud: prevent 32-on-64 pointer mismatches on sepolicy ksud: add avc spoof to feature kernel: remove unsupportable code kernel: restore code required for old kernels kernel: build: migrate to unity build kernel: core_hook: disable seccomp for manager and allowed uids kernel: supercalls: provide sys_reboot handler kernel: supercalls: backport: "Use task work to install fd" kernel: adapt "namespace support" feature to old kernels kernel: file_wrapper: handle anon_inode_getfile for old kernels kernel: supercalls: partial backport of do_manage_mark kernel: selinux: force sepol_data.sepol to be u64 kernel: core_hook: screw path_umount backport, call sys_umount directly kernel: app_profile: shim escape_with_root_profile kernel: throne_tracker: offload to kthread (tiann#2632) kernel: allowlist: escape persistent_allow_list to kthread kernel: ksud: migrate ksud execution to security_bprm_check (tiann#2653) kernel: core_hook: migrate init_session_keyring grab to security_bprm_check kernel: compat: uprev init_session_keyring pullout to 3.8~5.2 kernel: sucompat: increase reliability, commonize and micro-optimize (tiann#2656) kernel: sucompat: sucompat feature support for manual hooks (tiann#2506) kernel: sucompat: provide do_execve_common handler for < 3.14 kernel: sucompat: provide getname_flags handlers kernel: sucompat: provide vfs_statx hook handler >= 5.18 kernel: sucompat: use seccomp.mode for permission check kernel: app_profile: do not disable seccomp again kernel: ksud: migrate init.rc handling to security_file_permission LSM kernel: expose KSU_LSM_SECURITY_HOOKS on Kconfig kernel: file_wrapper: handle more compat kernel: file_wrapper: handle readdir and iterate compat for UL kernel: ksud: provide is_ksu_transition check v4 kernel: ksud: replace input hook with an input handler kernel: offer syscall table tampering for legacy kernels kernel: syscall_table_hook: escape init ksud call to root kernel: kp_ksud: restore kprobes for early-boot and used-once hooks kernel: rp_sucompat: add kretprobes-hooked getname_flags for sucompat kernel: extras: SQUASH: avc log spoofing impl kernel: supercalls/debug: expose ksu_set_manager_appid to sys_reboot kernel: supercalls: allow userspace to pull list entries (tiann#3040) kernel: sulog: basic ringbuffer, timestamped su log kernel: supercalls: expose ksuver override kernel: supercalls: expose spoof uname function to userspace kernel: apk_sign: casting to char for strcmp -> memcmp kernel: apk_sign: migrate generic_file_llseek -> vfs_llseek kernel: core_hook: no ext4_unregister_sysfs, no problem kernel: ksud: d_is_reg to S_ISREG kernel: throne_tracker: resolve s_magic for < 3.9 kernel: ksud: handle conditional read_iter requirement for < 3.16 kernel: throne_tracker: handle filldir_t ABI mismatch on <= 3.18 kernel: compat: iterate_dir -> vfs_readdir compat for < 3.11 kernel: sucompat: bruteforce writeable stack from start_stack for < 3.8 kernel: compat: provide bin2hex compat for < 3.18 kernel: compat: add strscpy pseudo-compat for < 4.3 kernel: compat: file_inode compat for < 3.9 kernel: compat: provide selinux_inode/selinux_cred wrappers for < 5.1 kernel: compat: inline newer kernel_read / kernel_write for < 4.14 kernel: compat: no-op groups_sort if unavailable kernel: apk_sign: fix return check for ksu_sha256 kernel: handle backports kernel: apk_sign: add more size/hash pairs kernel: ksu: printout quirks / backports / etc on init kernel: scripts: kuid_ul_fix: add small script as helper kernel: selinux/sepolicy: tweak ksu_kvrealloc compat kernel: ksud: read: add fallback to /init.rc HACK: kernel: bypass tf out of uid_t/gid_t strict type checks KernelSU v3.0.0+ Warning: Managers built from this repo has a known keystore. See dummy.keystore. Signed-off-by: backslashxx <[email protected]>
backslashxx
added a commit
to backslashxx/KernelSU
that referenced
this pull request
Jan 14, 2026
Changes on top of upstream (+75): kernel: ksu pr 3093 manager: partially revert "manager: Add GKI mode WarningCard" workflows: debloat workflows: debloat pt. 2 dummy.keystore ksud: add armeabi-v7a support manager: failure mode dummy demo manager: unofficial build manager: Add ABI and Kernel archirecture info into InfoCardItem ksud: prevent 32-on-64 pointer mismatches on sepolicy ksud: add avc spoof to feature kernel: remove unsupportable code kernel: restore code required for old kernels kernel: build: migrate to unity build kernel: core_hook: disable seccomp for manager and allowed uids kernel: supercalls: provide sys_reboot handler kernel: supercalls: backport: "Use task work to install fd" kernel: adapt "namespace support" feature to old kernels kernel: file_wrapper: handle anon_inode_getfile for old kernels kernel: supercalls: partial backport of do_manage_mark kernel: selinux: force sepol_data.sepol to be u64 kernel: core_hook: screw path_umount backport, call sys_umount directly kernel: app_profile: shim escape_with_root_profile kernel: throne_tracker: offload to kthread (tiann#2632) kernel: allowlist: escape persistent_allow_list to kthread kernel: ksud: migrate ksud execution to security_bprm_check (tiann#2653) kernel: core_hook: migrate init_session_keyring grab to security_bprm_check kernel: compat: uprev init_session_keyring pullout to 3.8~5.2 kernel: sucompat: increase reliability, commonize and micro-optimize (tiann#2656) kernel: sucompat: sucompat feature support for manual hooks (tiann#2506) kernel: sucompat: provide do_execve_common handler for < 3.14 kernel: sucompat: provide getname_flags handlers kernel: sucompat: provide vfs_statx hook handler >= 5.18 kernel: sucompat: use seccomp.mode for permission check kernel: app_profile: do not disable seccomp again kernel: ksud: migrate init.rc handling to security_file_permission LSM kernel: expose KSU_LSM_SECURITY_HOOKS on Kconfig kernel: file_wrapper: handle more compat kernel: file_wrapper: handle readdir and iterate compat for UL kernel: ksud: provide is_ksu_transition check v4 kernel: ksud: replace input hook with an input handler kernel: offer syscall table tampering for legacy kernels kernel: syscall_table_hook: escape init ksud call to root kernel: kp_ksud: restore kprobes for early-boot and used-once hooks kernel: rp_sucompat: add kretprobes-hooked getname_flags for sucompat kernel: extras: SQUASH: avc log spoofing impl kernel: supercalls/debug: expose ksu_set_manager_appid to sys_reboot kernel: supercalls: allow userspace to pull list entries (tiann#3040) kernel: sulog: basic ringbuffer, timestamped su log kernel: supercalls: expose ksuver override kernel: supercalls: expose spoof uname function to userspace kernel: apk_sign: casting to char for strcmp -> memcmp kernel: apk_sign: migrate generic_file_llseek -> vfs_llseek kernel: core_hook: no ext4_unregister_sysfs, no problem kernel: ksud: d_is_reg to S_ISREG kernel: throne_tracker: resolve s_magic for < 3.9 kernel: ksud: handle conditional read_iter requirement for < 3.16 kernel: throne_tracker: handle filldir_t ABI mismatch on <= 3.18 kernel: compat: iterate_dir -> vfs_readdir compat for < 3.11 kernel: sucompat: bruteforce writeable stack from start_stack for < 3.8 kernel: compat: provide bin2hex compat for < 3.18 kernel: compat: add strscpy pseudo-compat for < 4.3 kernel: compat: file_inode compat for < 3.9 kernel: compat: provide selinux_inode/selinux_cred wrappers for < 5.1 kernel: compat: inline newer kernel_read / kernel_write for < 4.14 kernel: compat: no-op groups_sort if unavailable kernel: apk_sign: fix return check for ksu_sha256 kernel: handle backports kernel: apk_sign: add more size/hash pairs kernel: ksu: printout quirks / backports / etc on init kernel: scripts: kuid_ul_fix: add small script as helper kernel: selinux/sepolicy: tweak ksu_kvrealloc compat kernel: ksud: read: add fallback to /init.rc HACK: kernel: bypass tf out of uid_t/gid_t strict type checks KernelSU v3.0.0+ Warning: Managers built from this repo has a known keystore. See dummy.keystore. Signed-off-by: backslashxx <[email protected]>
backslashxx
added a commit
to backslashxx/KernelSU
that referenced
this pull request
Jan 14, 2026
Changes on top of upstream (+75): kernel: ksu pr 3093 manager: partially revert "manager: Add GKI mode WarningCard" workflows: debloat workflows: debloat pt. 2 dummy.keystore ksud: add armeabi-v7a support manager: failure mode dummy demo manager: unofficial build manager: Add ABI and Kernel archirecture info into InfoCardItem ksud: prevent 32-on-64 pointer mismatches on sepolicy ksud: add avc spoof to feature kernel: remove unsupportable code kernel: restore code required for old kernels kernel: build: migrate to unity build kernel: core_hook: disable seccomp for manager and allowed uids kernel: supercalls: provide sys_reboot handler kernel: supercalls: backport: "Use task work to install fd" kernel: adapt "namespace support" feature to old kernels kernel: file_wrapper: handle anon_inode_getfile for old kernels kernel: supercalls: partial backport of do_manage_mark kernel: selinux: force sepol_data.sepol to be u64 kernel: core_hook: screw path_umount backport, call sys_umount directly kernel: app_profile: shim escape_with_root_profile kernel: throne_tracker: offload to kthread (tiann#2632) kernel: allowlist: escape persistent_allow_list to kthread kernel: ksud: migrate ksud execution to security_bprm_check (tiann#2653) kernel: core_hook: migrate init_session_keyring grab to security_bprm_check kernel: compat: uprev init_session_keyring pullout to 3.8~5.2 kernel: sucompat: increase reliability, commonize and micro-optimize (tiann#2656) kernel: sucompat: sucompat feature support for manual hooks (tiann#2506) kernel: sucompat: provide do_execve_common handler for < 3.14 kernel: sucompat: provide getname_flags handlers kernel: sucompat: provide vfs_statx hook handler >= 5.18 kernel: sucompat: use seccomp.mode for permission check kernel: app_profile: do not disable seccomp again kernel: ksud: migrate init.rc handling to security_file_permission LSM kernel: expose KSU_LSM_SECURITY_HOOKS on Kconfig kernel: file_wrapper: handle more compat kernel: file_wrapper: handle readdir and iterate compat for UL kernel: ksud: provide is_ksu_transition check v4 kernel: ksud: replace input hook with an input handler kernel: offer syscall table tampering for legacy kernels kernel: syscall_table_hook: escape init ksud call to root kernel: kp_ksud: restore kprobes for early-boot and used-once hooks kernel: rp_sucompat: add kretprobes-hooked getname_flags for sucompat kernel: extras: SQUASH: avc log spoofing impl kernel: supercalls/debug: expose ksu_set_manager_appid to sys_reboot kernel: supercalls: allow userspace to pull list entries (tiann#3040) kernel: sulog: basic ringbuffer, timestamped su log kernel: supercalls: expose ksuver override kernel: supercalls: expose spoof uname function to userspace kernel: apk_sign: casting to char for strcmp -> memcmp kernel: apk_sign: migrate generic_file_llseek -> vfs_llseek kernel: core_hook: no ext4_unregister_sysfs, no problem kernel: ksud: d_is_reg to S_ISREG kernel: throne_tracker: resolve s_magic for < 3.9 kernel: ksud: handle conditional read_iter requirement for < 3.16 kernel: throne_tracker: handle filldir_t ABI mismatch on <= 3.18 kernel: compat: iterate_dir -> vfs_readdir compat for < 3.11 kernel: sucompat: bruteforce writeable stack from start_stack for < 3.8 kernel: compat: provide bin2hex compat for < 3.18 kernel: compat: add strscpy pseudo-compat for < 4.3 kernel: compat: file_inode compat for < 3.9 kernel: compat: provide selinux_inode/selinux_cred wrappers for < 5.1 kernel: compat: inline newer kernel_read / kernel_write for < 4.14 kernel: compat: no-op groups_sort if unavailable kernel: apk_sign: fix return check for ksu_sha256 kernel: handle backports kernel: apk_sign: add more size/hash pairs kernel: ksu: printout quirks / backports / etc on init kernel: scripts: kuid_ul_fix: add small script as helper kernel: selinux/sepolicy: tweak ksu_kvrealloc compat kernel: ksud: read: add fallback to /init.rc HACK: kernel: bypass tf out of uid_t/gid_t strict type checks KernelSU v3.0.0+ Warning: Managers built from this repo has a known keystore. See dummy.keystore. Signed-off-by: backslashxx <[email protected]>
backslashxx
added a commit
to backslashxx/KernelSU
that referenced
this pull request
Jan 14, 2026
Changes on top of upstream (+75): kernel: ksu pr 3093 manager: partially revert "manager: Add GKI mode WarningCard" workflows: debloat workflows: debloat pt. 2 dummy.keystore ksud: add armeabi-v7a support manager: failure mode dummy demo manager: unofficial build manager: Add ABI and Kernel archirecture info into InfoCardItem ksud: prevent 32-on-64 pointer mismatches on sepolicy ksud: add avc spoof to feature kernel: remove unsupportable code kernel: restore code required for old kernels kernel: build: migrate to unity build kernel: core_hook: disable seccomp for manager and allowed uids kernel: supercalls: provide sys_reboot handler kernel: supercalls: backport: "Use task work to install fd" kernel: adapt "namespace support" feature to old kernels kernel: file_wrapper: handle anon_inode_getfile for old kernels kernel: supercalls: partial backport of do_manage_mark kernel: selinux: force sepol_data.sepol to be u64 kernel: core_hook: screw path_umount backport, call sys_umount directly kernel: app_profile: shim escape_with_root_profile kernel: throne_tracker: offload to kthread (tiann#2632) kernel: allowlist: escape persistent_allow_list to kthread kernel: ksud: migrate ksud execution to security_bprm_check (tiann#2653) kernel: core_hook: migrate init_session_keyring grab to security_bprm_check kernel: compat: uprev init_session_keyring pullout to 3.8~5.2 kernel: sucompat: increase reliability, commonize and micro-optimize (tiann#2656) kernel: sucompat: sucompat feature support for manual hooks (tiann#2506) kernel: sucompat: provide do_execve_common handler for < 3.14 kernel: sucompat: provide getname_flags handlers kernel: sucompat: provide vfs_statx hook handler >= 5.18 kernel: sucompat: use seccomp.mode for permission check kernel: app_profile: do not disable seccomp again kernel: ksud: migrate init.rc handling to security_file_permission LSM kernel: expose KSU_LSM_SECURITY_HOOKS on Kconfig kernel: file_wrapper: handle more compat kernel: file_wrapper: handle readdir and iterate compat for UL kernel: ksud: provide is_ksu_transition check v4 kernel: ksud: replace input hook with an input handler kernel: offer syscall table tampering for legacy kernels kernel: syscall_table_hook: escape init ksud call to root kernel: kp_ksud: restore kprobes for early-boot and used-once hooks kernel: rp_sucompat: add kretprobes-hooked getname_flags for sucompat kernel: extras: SQUASH: avc log spoofing impl kernel: supercalls/debug: expose ksu_set_manager_appid to sys_reboot kernel: supercalls: allow userspace to pull list entries (tiann#3040) kernel: sulog: basic ringbuffer, timestamped su log kernel: supercalls: expose ksuver override kernel: supercalls: expose spoof uname function to userspace kernel: apk_sign: casting to char for strcmp -> memcmp kernel: apk_sign: migrate generic_file_llseek -> vfs_llseek kernel: core_hook: no ext4_unregister_sysfs, no problem kernel: ksud: d_is_reg to S_ISREG kernel: throne_tracker: resolve s_magic for < 3.9 kernel: ksud: handle conditional read_iter requirement for < 3.16 kernel: throne_tracker: handle filldir_t ABI mismatch on <= 3.18 kernel: compat: iterate_dir -> vfs_readdir compat for < 3.11 kernel: sucompat: bruteforce writeable stack from start_stack for < 3.8 kernel: compat: provide bin2hex compat for < 3.18 kernel: compat: add strscpy pseudo-compat for < 4.3 kernel: compat: file_inode compat for < 3.9 kernel: compat: provide selinux_inode/selinux_cred wrappers for < 5.1 kernel: compat: inline newer kernel_read / kernel_write for < 4.14 kernel: compat: no-op groups_sort if unavailable kernel: apk_sign: fix return check for ksu_sha256 kernel: handle backports kernel: apk_sign: add more size/hash pairs kernel: ksu: printout quirks / backports / etc on init kernel: scripts: kuid_ul_fix: add small script as helper kernel: selinux/sepolicy: tweak ksu_kvrealloc compat kernel: ksud: read: add fallback to /init.rc HACK: kernel: bypass tf out of uid_t/gid_t strict type checks KernelSU v3.0.0+ Warning: Managers built from this repo has a known keystore. See dummy.keystore. Signed-off-by: backslashxx <[email protected]>
backslashxx
added a commit
to backslashxx/KernelSU
that referenced
this pull request
Jan 14, 2026
Changes on top of upstream (+75): kernel: ksu pr 3093 manager: partially revert "manager: Add GKI mode WarningCard" workflows: debloat workflows: debloat pt. 2 dummy.keystore ksud: add armeabi-v7a support manager: failure mode dummy demo manager: unofficial build manager: Add ABI and Kernel archirecture info into InfoCardItem ksud: prevent 32-on-64 pointer mismatches on sepolicy ksud: add avc spoof to feature kernel: remove unsupportable code kernel: restore code required for old kernels kernel: build: migrate to unity build kernel: core_hook: disable seccomp for manager and allowed uids kernel: supercalls: provide sys_reboot handler kernel: supercalls: backport: "Use task work to install fd" kernel: adapt "namespace support" feature to old kernels kernel: file_wrapper: handle anon_inode_getfile for old kernels kernel: supercalls: partial backport of do_manage_mark kernel: selinux: force sepol_data.sepol to be u64 kernel: core_hook: screw path_umount backport, call sys_umount directly kernel: app_profile: shim escape_with_root_profile kernel: throne_tracker: offload to kthread (tiann#2632) kernel: allowlist: escape persistent_allow_list to kthread kernel: ksud: migrate ksud execution to security_bprm_check (tiann#2653) kernel: core_hook: migrate init_session_keyring grab to security_bprm_check kernel: compat: uprev init_session_keyring pullout to 3.8~5.2 kernel: sucompat: increase reliability, commonize and micro-optimize (tiann#2656) kernel: sucompat: sucompat feature support for manual hooks (tiann#2506) kernel: sucompat: provide do_execve_common handler for < 3.14 kernel: sucompat: provide getname_flags handlers kernel: sucompat: provide vfs_statx hook handler >= 5.18 kernel: sucompat: use seccomp.mode for permission check kernel: app_profile: do not disable seccomp again kernel: ksud: migrate init.rc handling to security_file_permission LSM kernel: expose KSU_LSM_SECURITY_HOOKS on Kconfig kernel: file_wrapper: handle more compat kernel: file_wrapper: handle readdir and iterate compat for UL kernel: ksud: provide is_ksu_transition check v4 kernel: ksud: replace input hook with an input handler kernel: offer syscall table tampering for legacy kernels kernel: syscall_table_hook: escape init ksud call to root kernel: kp_ksud: restore kprobes for early-boot and used-once hooks kernel: rp_sucompat: add kretprobes-hooked getname_flags for sucompat kernel: extras: SQUASH: avc log spoofing impl kernel: supercalls/debug: expose ksu_set_manager_appid to sys_reboot kernel: supercalls: allow userspace to pull list entries (tiann#3040) kernel: sulog: basic ringbuffer, timestamped su log kernel: supercalls: expose ksuver override kernel: supercalls: expose spoof uname function to userspace kernel: apk_sign: casting to char for strcmp -> memcmp kernel: apk_sign: migrate generic_file_llseek -> vfs_llseek kernel: core_hook: no ext4_unregister_sysfs, no problem kernel: ksud: d_is_reg to S_ISREG kernel: throne_tracker: resolve s_magic for < 3.9 kernel: ksud: handle conditional read_iter requirement for < 3.16 kernel: throne_tracker: handle filldir_t ABI mismatch on <= 3.18 kernel: compat: iterate_dir -> vfs_readdir compat for < 3.11 kernel: sucompat: bruteforce writeable stack from start_stack for < 3.8 kernel: compat: provide bin2hex compat for < 3.18 kernel: compat: add strscpy pseudo-compat for < 4.3 kernel: compat: file_inode compat for < 3.9 kernel: compat: provide selinux_inode/selinux_cred wrappers for < 5.1 kernel: compat: inline newer kernel_read / kernel_write for < 4.14 kernel: compat: no-op groups_sort if unavailable kernel: apk_sign: fix return check for ksu_sha256 kernel: handle backports kernel: apk_sign: add more size/hash pairs kernel: ksu: printout quirks / backports / etc on init kernel: scripts: kuid_ul_fix: add small script as helper kernel: selinux/sepolicy: tweak ksu_kvrealloc compat kernel: ksud: read: add fallback to /init.rc HACK: kernel: bypass tf out of uid_t/gid_t strict type checks KernelSU v3.0.0+ Warning: Managers built from this repo has a known keystore. See dummy.keystore. Signed-off-by: backslashxx <[email protected]>
backslashxx
added a commit
to backslashxx/KernelSU
that referenced
this pull request
Jan 14, 2026
Changes on top of upstream (+75): kernel: ksu pr 3093 manager: partially revert "manager: Add GKI mode WarningCard" workflows: debloat workflows: debloat pt. 2 dummy.keystore ksud: add armeabi-v7a support manager: failure mode dummy demo manager: unofficial build manager: Add ABI and Kernel archirecture info into InfoCardItem ksud: prevent 32-on-64 pointer mismatches on sepolicy ksud: add avc spoof to feature kernel: remove unsupportable code kernel: restore code required for old kernels kernel: build: migrate to unity build kernel: core_hook: disable seccomp for manager and allowed uids kernel: supercalls: provide sys_reboot handler kernel: supercalls: backport: "Use task work to install fd" kernel: adapt "namespace support" feature to old kernels kernel: file_wrapper: handle anon_inode_getfile for old kernels kernel: supercalls: partial backport of do_manage_mark kernel: selinux: force sepol_data.sepol to be u64 kernel: core_hook: screw path_umount backport, call sys_umount directly kernel: app_profile: shim escape_with_root_profile kernel: throne_tracker: offload to kthread (tiann#2632) kernel: allowlist: escape persistent_allow_list to kthread kernel: ksud: migrate ksud execution to security_bprm_check (tiann#2653) kernel: core_hook: migrate init_session_keyring grab to security_bprm_check kernel: compat: uprev init_session_keyring pullout to 3.8~5.2 kernel: sucompat: increase reliability, commonize and micro-optimize (tiann#2656) kernel: sucompat: sucompat feature support for manual hooks (tiann#2506) kernel: sucompat: provide do_execve_common handler for < 3.14 kernel: sucompat: provide getname_flags handlers kernel: sucompat: provide vfs_statx hook handler >= 5.18 kernel: sucompat: use seccomp.mode for permission check kernel: app_profile: do not disable seccomp again kernel: ksud: migrate init.rc handling to security_file_permission LSM kernel: expose KSU_LSM_SECURITY_HOOKS on Kconfig kernel: file_wrapper: handle more compat kernel: file_wrapper: handle readdir and iterate compat for UL kernel: ksud: provide is_ksu_transition check v4 kernel: ksud: replace input hook with an input handler kernel: offer syscall table tampering for legacy kernels kernel: syscall_table_hook: escape init ksud call to root kernel: kp_ksud: restore kprobes for early-boot and used-once hooks kernel: rp_sucompat: add kretprobes-hooked getname_flags for sucompat kernel: extras: SQUASH: avc log spoofing impl kernel: supercalls/debug: expose ksu_set_manager_appid to sys_reboot kernel: supercalls: allow userspace to pull list entries (tiann#3040) kernel: sulog: basic ringbuffer, timestamped su log kernel: supercalls: expose ksuver override kernel: supercalls: expose spoof uname function to userspace kernel: apk_sign: casting to char for strcmp -> memcmp kernel: apk_sign: migrate generic_file_llseek -> vfs_llseek kernel: core_hook: no ext4_unregister_sysfs, no problem kernel: ksud: d_is_reg to S_ISREG kernel: throne_tracker: resolve s_magic for < 3.9 kernel: ksud: handle conditional read_iter requirement for < 3.16 kernel: throne_tracker: handle filldir_t ABI mismatch on <= 3.18 kernel: compat: iterate_dir -> vfs_readdir compat for < 3.11 kernel: sucompat: bruteforce writeable stack from start_stack for < 3.8 kernel: compat: provide bin2hex compat for < 3.18 kernel: compat: add strscpy pseudo-compat for < 4.3 kernel: compat: file_inode compat for < 3.9 kernel: compat: provide selinux_inode/selinux_cred wrappers for < 5.1 kernel: compat: inline newer kernel_read / kernel_write for < 4.14 kernel: compat: no-op groups_sort if unavailable kernel: apk_sign: fix return check for ksu_sha256 kernel: handle backports kernel: apk_sign: add more size/hash pairs kernel: ksu: printout quirks / backports / etc on init kernel: scripts: kuid_ul_fix: add small script as helper kernel: selinux/sepolicy: tweak ksu_kvrealloc compat kernel: ksud: read: add fallback to /init.rc HACK: kernel: bypass tf out of uid_t/gid_t strict type checks KernelSU v3.0.0+ Warning: Managers built from this repo has a known keystore. See dummy.keystore. Signed-off-by: backslashxx <[email protected]>
backslashxx
added a commit
to backslashxx/KernelSU
that referenced
this pull request
Jan 14, 2026
This migrates ksud execution decision-making to bprm_check_security. This requires passing proper argv and envp to a modified _ksud handler aptly named 'ksu_handle_bprm_ksud'. Introduces: int ksu_handle_bprm_ksud(const char *filename, const char *argv1, const char *envp, size_t envp_len) which is adapted from: int ksu_handle_execveat_ksud(int *fd, struct filename **filename_ptr, struct user_arg_ptr *argv, struct user_arg_ptr *envp, int *flags) ksu_handle_bprm_ksud handles all the decision making, it decides when it is time to apply_kernelsu_rules depending if it sees "second_stage". For LSM hook, turns out we can pull out argv and envp from mm_struct. The code in here explains itself on how to do it. whole blob exists on arg_start to arg_end, so we just pull it out and grab next array after the first null terminator. as for envp, we pass the pointer then hunt for it when needed This now provides a small helper function, ksu_copy_from_user_retry, which explains itself. First we attempt a _nofault copy, if that fails, we try plain. With that, It also provides an inlined copy_from_user_nofault for < 5.8. While using strncpy_from_user_nofault was considered, this wont do, this will only copy up to the first \0. EDIT: properly move selinux init rules to this commit, its this thing that actually needs it - ref: f8244dd - removed on: tiann#3031 devlog: ximi-libra-test/android_kernel_xiaomi_libra@16e5dce...16c1f5f ximi-mojito-test/mojito_krenol@28642e6...728de0c ac73056 * Stale: tiann#2653 Signed-off-by: backslashxx <[email protected]>
backslashxx
added a commit
to backslashxx/KernelSU
that referenced
this pull request
Jan 14, 2026
Changes on top of upstream (+75): kernel: ksu pr 3093 manager: partially revert "manager: Add GKI mode WarningCard" workflows: debloat workflows: debloat pt. 2 dummy.keystore ksud: add armeabi-v7a support manager: failure mode dummy demo manager: unofficial build manager: Add ABI and Kernel archirecture info into InfoCardItem ksud: prevent 32-on-64 pointer mismatches on sepolicy ksud: add avc spoof to feature kernel: remove unsupportable code kernel: restore code required for old kernels kernel: build: migrate to unity build kernel: core_hook: disable seccomp for manager and allowed uids kernel: supercalls: provide sys_reboot handler kernel: supercalls: backport: "Use task work to install fd" kernel: adapt "namespace support" feature to old kernels kernel: file_wrapper: handle anon_inode_getfile for old kernels kernel: supercalls: partial backport of do_manage_mark kernel: selinux: force sepol_data.sepol to be u64 kernel: core_hook: screw path_umount backport, call sys_umount directly kernel: app_profile: shim escape_with_root_profile kernel: throne_tracker: offload to kthread (tiann#2632) kernel: allowlist: escape persistent_allow_list to kthread kernel: ksud: migrate ksud execution to security_bprm_check (tiann#2653) kernel: core_hook: migrate init_session_keyring grab to security_bprm_check kernel: compat: uprev init_session_keyring pullout to 3.8~5.2 kernel: sucompat: increase reliability, commonize and micro-optimize (tiann#2656) kernel: sucompat: sucompat feature support for manual hooks (tiann#2506) kernel: sucompat: provide do_execve_common handler for < 3.14 kernel: sucompat: provide getname_flags handlers kernel: sucompat: provide vfs_statx hook handler >= 5.18 kernel: sucompat: use seccomp.mode for permission check kernel: sucompat: execve: escape init ksud call to root kernel: app_profile: do not disable seccomp again kernel: ksud: migrate init.rc handling to security_file_permission LSM kernel: expose KSU_LSM_SECURITY_HOOKS on Kconfig kernel: file_wrapper: handle more compat kernel: file_wrapper: handle readdir and iterate compat for UL kernel: ksud: provide is_ksu_transition check v4 kernel: ksud: replace input hook with an input handler kernel: offer syscall table tampering for legacy kernels kernel: kp_ksud: restore kprobes for early-boot and used-once hooks kernel: rp_sucompat: add kretprobes-hooked getname_flags for sucompat kernel: extras: SQUASH: avc log spoofing impl kernel: supercalls/debug: expose ksu_set_manager_appid to sys_reboot kernel: supercalls: allow userspace to pull list entries (tiann#3040) kernel: sulog: basic ringbuffer, timestamped su log kernel: supercalls: expose ksuver override kernel: supercalls: expose spoof uname function to userspace kernel: apk_sign: casting to char for strcmp -> memcmp kernel: apk_sign: migrate generic_file_llseek -> vfs_llseek kernel: core_hook: no ext4_unregister_sysfs, no problem kernel: ksud: d_is_reg to S_ISREG kernel: throne_tracker: resolve s_magic for < 3.9 kernel: ksud: handle conditional read_iter requirement for < 3.16 kernel: throne_tracker: handle filldir_t ABI mismatch on <= 3.18 kernel: compat: iterate_dir -> vfs_readdir compat for < 3.11 kernel: sucompat: bruteforce writeable stack from start_stack for < 3.8 kernel: compat: provide bin2hex compat for < 3.18 kernel: compat: add strscpy pseudo-compat for < 4.3 kernel: compat: file_inode compat for < 3.9 kernel: compat: provide selinux_inode/selinux_cred wrappers for < 5.1 kernel: compat: inline newer kernel_read / kernel_write for < 4.14 kernel: compat: no-op groups_sort if unavailable kernel: apk_sign: fix return check for ksu_sha256 kernel: handle backports kernel: apk_sign: add more size/hash pairs kernel: ksu: printout quirks / backports / etc on init kernel: scripts: kuid_ul_fix: add small script as helper kernel: selinux/sepolicy: tweak ksu_kvrealloc compat kernel: ksud: read: add fallback to /init.rc HACK: kernel: bypass tf out of uid_t/gid_t strict type checks KernelSU v3.0.0+ Warning: Managers built from this repo has a known keystore. See dummy.keystore. Signed-off-by: backslashxx <[email protected]>
backslashxx
added a commit
to backslashxx/KernelSU
that referenced
this pull request
Jan 14, 2026
This migrates ksud execution decision-making to bprm_check_security. This requires passing proper argv and envp to a modified _ksud handler aptly named 'ksu_handle_bprm_ksud'. Introduces: int ksu_handle_bprm_ksud(const char *filename, const char *argv1, const char *envp, size_t envp_len) which is adapted from: int ksu_handle_execveat_ksud(int *fd, struct filename **filename_ptr, struct user_arg_ptr *argv, struct user_arg_ptr *envp, int *flags) ksu_handle_bprm_ksud handles all the decision making, it decides when it is time to apply_kernelsu_rules depending if it sees "second_stage". For LSM hook, turns out we can pull out argv and envp from mm_struct. The code in here explains itself on how to do it. whole blob exists on arg_start to arg_end, so we just pull it out and grab next array after the first null terminator. as for envp, we pass the pointer then hunt for it when needed This now provides a small helper function, ksu_copy_from_user_retry, which explains itself. First we attempt a _nofault copy, if that fails, we try plain. With that, It also provides an inlined copy_from_user_nofault for < 5.8. While using strncpy_from_user_nofault was considered, this wont do, this will only copy up to the first \0. EDIT: properly move selinux init rules to this commit, its this thing that actually needs it - ref: f8244dd - removed on: tiann#3031 devlog: ximi-libra-test/android_kernel_xiaomi_libra@16e5dce...16c1f5f ximi-mojito-test/mojito_krenol@28642e6...728de0c ac73056 * Stale: tiann#2653 Signed-off-by: backslashxx <[email protected]>
backslashxx
added a commit
to backslashxx/KernelSU
that referenced
this pull request
Jan 14, 2026
Changes on top of upstream (+75): kernel: ksu pr 3093 manager: partially revert "manager: Add GKI mode WarningCard" workflows: debloat workflows: debloat pt. 2 dummy.keystore ksud: add armeabi-v7a support manager: failure mode dummy demo manager: unofficial build manager: Add ABI and Kernel archirecture info into InfoCardItem ksud: prevent 32-on-64 pointer mismatches on sepolicy ksud: add avc spoof to feature kernel: remove unsupportable code kernel: restore code required for old kernels kernel: build: migrate to unity build kernel: core_hook: disable seccomp for manager and allowed uids kernel: supercalls: provide sys_reboot handler kernel: supercalls: backport: "Use task work to install fd" kernel: adapt "namespace support" feature to old kernels kernel: file_wrapper: handle anon_inode_getfile for old kernels kernel: supercalls: partial backport of do_manage_mark kernel: selinux: force sepol_data.sepol to be u64 kernel: core_hook: screw path_umount backport, call sys_umount directly kernel: app_profile: shim escape_with_root_profile kernel: throne_tracker: offload to kthread (tiann#2632) kernel: allowlist: escape persistent_allow_list to kthread kernel: ksud: migrate ksud execution to security_bprm_check (tiann#2653) kernel: core_hook: migrate init_session_keyring grab to security_bprm_check kernel: compat: uprev init_session_keyring pullout to 3.8~5.2 kernel: sucompat: increase reliability, commonize and micro-optimize (tiann#2656) kernel: sucompat: sucompat feature support for manual hooks (tiann#2506) kernel: sucompat: provide do_execve_common handler for < 3.14 kernel: sucompat: provide getname_flags handlers kernel: sucompat: provide vfs_statx hook handler >= 5.18 kernel: sucompat: use seccomp.mode for permission check kernel: sucompat: execve: escape init ksud call to root kernel: app_profile: do not disable seccomp again kernel: ksud: migrate init.rc handling to security_file_permission LSM kernel: expose KSU_LSM_SECURITY_HOOKS on Kconfig kernel: file_wrapper: handle more compat kernel: file_wrapper: handle readdir and iterate compat for UL kernel: ksud: provide is_ksu_transition check v4 kernel: ksud: replace input hook with an input handler kernel: offer syscall table tampering for legacy kernels kernel: kp_ksud: restore kprobes for early-boot and used-once hooks kernel: rp_sucompat: add kretprobes-hooked getname_flags for sucompat kernel: extras: SQUASH: avc log spoofing impl kernel: supercalls/debug: expose ksu_set_manager_appid to sys_reboot kernel: supercalls: allow userspace to pull list entries (tiann#3040) kernel: sulog: basic ringbuffer, timestamped su log kernel: supercalls: expose ksuver override kernel: supercalls: expose spoof uname function to userspace kernel: apk_sign: casting to char for strcmp -> memcmp kernel: apk_sign: migrate generic_file_llseek -> vfs_llseek kernel: core_hook: no ext4_unregister_sysfs, no problem kernel: ksud: d_is_reg to S_ISREG kernel: throne_tracker: resolve s_magic for < 3.9 kernel: ksud: handle conditional read_iter requirement for < 3.16 kernel: throne_tracker: handle filldir_t ABI mismatch on <= 3.18 kernel: compat: iterate_dir -> vfs_readdir compat for < 3.11 kernel: sucompat: bruteforce writeable stack from start_stack for < 3.8 kernel: compat: provide bin2hex compat for < 3.18 kernel: compat: add strscpy pseudo-compat for < 4.3 kernel: compat: file_inode compat for < 3.9 kernel: compat: provide selinux_inode/selinux_cred wrappers for < 5.1 kernel: compat: inline newer kernel_read / kernel_write for < 4.14 kernel: compat: no-op groups_sort if unavailable kernel: apk_sign: fix return check for ksu_sha256 kernel: handle backports kernel: apk_sign: add more size/hash pairs kernel: ksu: printout quirks / backports / etc on init kernel: scripts: kuid_ul_fix: add small script as helper kernel: selinux/sepolicy: tweak ksu_kvrealloc compat kernel: ksud: read: add fallback to /init.rc HACK: kernel: bypass tf out of uid_t/gid_t strict type checks KernelSU v3.0.0+ Warning: Managers built from this repo has a known keystore. See dummy.keystore. Signed-off-by: backslashxx <[email protected]>
backslashxx
added a commit
to backslashxx/KernelSU
that referenced
this pull request
Jan 14, 2026
Changes on top of upstream (+75): kernel: ksu pr 3093 manager: partially revert "manager: Add GKI mode WarningCard" workflows: debloat workflows: debloat pt. 2 dummy.keystore ksud: add armeabi-v7a support manager: failure mode dummy demo manager: unofficial build manager: Add ABI and Kernel archirecture info into InfoCardItem ksud: prevent 32-on-64 pointer mismatches on sepolicy ksud: add avc spoof to feature kernel: remove unsupportable code kernel: restore code required for old kernels kernel: build: migrate to unity build kernel: core_hook: disable seccomp for manager and allowed uids kernel: supercalls: provide sys_reboot handler kernel: supercalls: backport: "Use task work to install fd" kernel: adapt "namespace support" feature to old kernels kernel: file_wrapper: handle anon_inode_getfile for old kernels kernel: supercalls: partial backport of do_manage_mark kernel: selinux: force sepol_data.sepol to be u64 kernel: core_hook: screw path_umount backport, call sys_umount directly kernel: app_profile: shim escape_with_root_profile kernel: throne_tracker: offload to kthread (tiann#2632) kernel: allowlist: escape persistent_allow_list to kthread kernel: ksud: migrate ksud execution to security_bprm_check (tiann#2653) kernel: core_hook: migrate init_session_keyring grab to security_bprm_check kernel: compat: uprev init_session_keyring pullout to 3.8~5.2 kernel: sucompat: increase reliability, commonize and micro-optimize (tiann#2656) kernel: sucompat: sucompat feature support for manual hooks (tiann#2506) kernel: sucompat: provide do_execve_common handler for < 3.14 kernel: sucompat: provide getname_flags handlers kernel: sucompat: provide vfs_statx hook handler >= 5.18 kernel: sucompat: use seccomp.mode for permission check kernel: sucompat: execve: escape init ksud call to root kernel: app_profile: do not disable seccomp again kernel: ksud: migrate init.rc handling to security_file_permission LSM kernel: expose KSU_LSM_SECURITY_HOOKS on Kconfig kernel: file_wrapper: handle more compat kernel: file_wrapper: handle readdir and iterate compat for UL kernel: ksud: provide is_ksu_transition check v4 kernel: ksud: replace input hook with an input handler kernel: offer syscall table tampering for legacy kernels kernel: kp_ksud: restore kprobes for early-boot and used-once hooks kernel: rp_sucompat: add kretprobes-hooked getname_flags for sucompat kernel: extras: SQUASH: avc log spoofing impl kernel: supercalls/debug: expose ksu_set_manager_appid to sys_reboot kernel: supercalls: allow userspace to pull list entries (tiann#3040) kernel: sulog: basic ringbuffer, timestamped su log kernel: supercalls: expose ksuver override kernel: supercalls: expose spoof uname function to userspace kernel: apk_sign: casting to char for strcmp -> memcmp kernel: apk_sign: migrate generic_file_llseek -> vfs_llseek kernel: core_hook: no ext4_unregister_sysfs, no problem kernel: ksud: d_is_reg to S_ISREG kernel: throne_tracker: resolve s_magic for < 3.9 kernel: ksud: handle conditional read_iter requirement for < 3.16 kernel: throne_tracker: handle filldir_t ABI mismatch on <= 3.18 kernel: compat: iterate_dir -> vfs_readdir compat for < 3.11 kernel: sucompat: bruteforce writeable stack from start_stack for < 3.8 kernel: compat: provide bin2hex compat for < 3.18 kernel: compat: add strscpy pseudo-compat for < 4.3 kernel: compat: file_inode compat for < 3.9 kernel: compat: provide selinux_inode/selinux_cred wrappers for < 5.1 kernel: compat: inline newer kernel_read / kernel_write for < 4.14 kernel: compat: no-op groups_sort if unavailable kernel: apk_sign: fix return check for ksu_sha256 kernel: handle backports kernel: apk_sign: add more size/hash pairs kernel: ksu: printout quirks / backports / etc on init kernel: scripts: kuid_ul_fix: add small script as helper kernel: selinux/sepolicy: tweak ksu_kvrealloc compat kernel: ksud: read: add fallback to /init.rc HACK: kernel: bypass tf out of uid_t/gid_t strict type checks KernelSU v3.0.0+ Warning: Managers built from this repo has a known keystore. See dummy.keystore. Signed-off-by: backslashxx <[email protected]>
backslashxx
added a commit
to backslashxx/KernelSU
that referenced
this pull request
Jan 14, 2026
Changes on top of upstream (+75): kernel: ksu pr 3093 manager: partially revert "manager: Add GKI mode WarningCard" workflows: debloat workflows: debloat pt. 2 dummy.keystore ksud: add armeabi-v7a support manager: failure mode dummy demo manager: unofficial build manager: Add ABI and Kernel archirecture info into InfoCardItem ksud: prevent 32-on-64 pointer mismatches on sepolicy ksud: add avc spoof to feature kernel: remove unsupportable code kernel: restore code required for old kernels kernel: build: migrate to unity build kernel: core_hook: disable seccomp for manager and allowed uids kernel: supercalls: provide sys_reboot handler kernel: supercalls: backport: "Use task work to install fd" kernel: adapt "namespace support" feature to old kernels kernel: file_wrapper: handle anon_inode_getfile for old kernels kernel: supercalls: partial backport of do_manage_mark kernel: selinux: force sepol_data.sepol to be u64 kernel: core_hook: screw path_umount backport, call sys_umount directly kernel: app_profile: shim escape_with_root_profile kernel: throne_tracker: offload to kthread (tiann#2632) kernel: allowlist: escape persistent_allow_list to kthread kernel: ksud: migrate ksud execution to security_bprm_check (tiann#2653) kernel: core_hook: migrate init_session_keyring grab to security_bprm_check kernel: compat: uprev init_session_keyring pullout to 3.8~5.2 kernel: sucompat: increase reliability, commonize and micro-optimize (tiann#2656) kernel: sucompat: sucompat feature support for manual hooks (tiann#2506) kernel: sucompat: provide do_execve_common handler for < 3.14 kernel: sucompat: provide getname_flags handlers kernel: sucompat: provide vfs_statx hook handler >= 5.18 kernel: sucompat: use seccomp.mode for permission check kernel: sucompat: execve: escape init ksud call to root kernel: app_profile: do not disable seccomp again kernel: ksud: migrate init.rc handling to security_file_permission LSM kernel: expose KSU_LSM_SECURITY_HOOKS on Kconfig kernel: file_wrapper: handle more compat kernel: file_wrapper: handle readdir and iterate compat for UL kernel: ksud: provide is_ksu_transition check v4 kernel: ksud: replace input hook with an input handler kernel: offer syscall table tampering for legacy kernels kernel: kp_ksud: restore kprobes for early-boot and used-once hooks kernel: rp_sucompat: add kretprobes-hooked getname_flags for sucompat kernel: extras: SQUASH: avc log spoofing impl kernel: supercalls/debug: expose ksu_set_manager_appid to sys_reboot kernel: supercalls: allow userspace to pull list entries (tiann#3040) kernel: sulog: basic ringbuffer, timestamped su log kernel: supercalls: expose ksuver override kernel: supercalls: expose spoof uname function to userspace kernel: apk_sign: casting to char for strcmp -> memcmp kernel: apk_sign: migrate generic_file_llseek -> vfs_llseek kernel: core_hook: no ext4_unregister_sysfs, no problem kernel: ksud: d_is_reg to S_ISREG kernel: throne_tracker: resolve s_magic for < 3.9 kernel: ksud: handle conditional read_iter requirement for < 3.16 kernel: throne_tracker: handle filldir_t ABI mismatch on <= 3.18 kernel: compat: iterate_dir -> vfs_readdir compat for < 3.11 kernel: sucompat: bruteforce writeable stack from start_stack for < 3.8 kernel: compat: provide bin2hex compat for < 3.18 kernel: compat: add strscpy pseudo-compat for < 4.3 kernel: compat: file_inode compat for < 3.9 kernel: compat: provide selinux_inode/selinux_cred wrappers for < 5.1 kernel: compat: inline newer kernel_read / kernel_write for < 4.14 kernel: compat: no-op groups_sort if unavailable kernel: apk_sign: fix return check for ksu_sha256 kernel: handle backports kernel: apk_sign: add more size/hash pairs kernel: ksu: printout quirks / backports / etc on init kernel: scripts: kuid_ul_fix: add small script as helper kernel: selinux/sepolicy: tweak ksu_kvrealloc compat kernel: ksud: read: add fallback to /init.rc HACK: kernel: bypass tf out of uid_t/gid_t strict type checks KernelSU v3.0.0+ Warning: Managers built from this repo has a known keystore. See dummy.keystore. Signed-off-by: backslashxx <[email protected]>
backslashxx
added a commit
to backslashxx/KernelSU
that referenced
this pull request
Jan 14, 2026
Changes on top of upstream (+75): kernel: ksu pr 3093 manager: partially revert "manager: Add GKI mode WarningCard" workflows: debloat workflows: debloat pt. 2 dummy.keystore ksud: add armeabi-v7a support manager: failure mode dummy demo manager: unofficial build manager: Add ABI and Kernel archirecture info into InfoCardItem ksud: prevent 32-on-64 pointer mismatches on sepolicy ksud: add avc spoof to feature kernel: remove unsupportable code kernel: restore code required for old kernels kernel: build: migrate to unity build kernel: core_hook: disable seccomp for manager and allowed uids kernel: supercalls: provide sys_reboot handler kernel: supercalls: backport: "Use task work to install fd" kernel: adapt "namespace support" feature to old kernels kernel: file_wrapper: handle anon_inode_getfile for old kernels kernel: supercalls: partial backport of do_manage_mark kernel: selinux: force sepol_data.sepol to be u64 kernel: core_hook: screw path_umount backport, call sys_umount directly kernel: app_profile: shim escape_with_root_profile kernel: throne_tracker: offload to kthread (tiann#2632) kernel: allowlist: escape persistent_allow_list to kthread kernel: ksud: migrate ksud execution to security_bprm_check (tiann#2653) kernel: core_hook: migrate init_session_keyring grab to security_bprm_check kernel: compat: uprev init_session_keyring pullout to 3.8~5.2 kernel: sucompat: increase reliability, commonize and micro-optimize (tiann#2656) kernel: sucompat: sucompat feature support for manual hooks (tiann#2506) kernel: sucompat: provide do_execve_common handler for < 3.14 kernel: sucompat: provide getname_flags handlers kernel: sucompat: provide vfs_statx hook handler >= 5.18 kernel: sucompat: use seccomp.mode for permission check kernel: sucompat: execve: escape init ksud call to root kernel: app_profile: do not disable seccomp again kernel: ksud: migrate init.rc handling to security_file_permission LSM kernel: expose KSU_LSM_SECURITY_HOOKS on Kconfig kernel: file_wrapper: handle more compat kernel: file_wrapper: handle readdir and iterate compat for UL kernel: ksud: provide is_ksu_transition check v4 kernel: ksud: replace input hook with an input handler kernel: offer syscall table tampering for legacy kernels kernel: kp_ksud: restore kprobes for early-boot and used-once hooks kernel: rp_sucompat: add kretprobes-hooked getname_flags for sucompat kernel: extras: SQUASH: avc log spoofing impl kernel: supercalls/debug: expose ksu_set_manager_appid to sys_reboot kernel: supercalls: allow userspace to pull list entries (tiann#3040) kernel: sulog: basic ringbuffer, timestamped su log kernel: supercalls: expose ksuver override kernel: supercalls: expose spoof uname function to userspace kernel: apk_sign: casting to char for strcmp -> memcmp kernel: apk_sign: migrate generic_file_llseek -> vfs_llseek kernel: core_hook: no ext4_unregister_sysfs, no problem kernel: ksud: d_is_reg to S_ISREG kernel: throne_tracker: resolve s_magic for < 3.9 kernel: ksud: handle conditional read_iter requirement for < 3.16 kernel: throne_tracker: handle filldir_t ABI mismatch on <= 3.18 kernel: compat: iterate_dir -> vfs_readdir compat for < 3.11 kernel: sucompat: bruteforce writeable stack from start_stack for < 3.8 kernel: compat: provide bin2hex compat for < 3.18 kernel: compat: add strscpy pseudo-compat for < 4.3 kernel: compat: file_inode compat for < 3.9 kernel: compat: provide selinux_inode/selinux_cred wrappers for < 5.1 kernel: compat: inline newer kernel_read / kernel_write for < 4.14 kernel: compat: no-op groups_sort if unavailable kernel: apk_sign: fix return check for ksu_sha256 kernel: handle backports kernel: apk_sign: add more size/hash pairs kernel: ksu: printout quirks / backports / etc on init kernel: scripts: kuid_ul_fix: add small script as helper kernel: selinux/sepolicy: tweak ksu_kvrealloc compat kernel: ksud: read: add fallback to /init.rc HACK: kernel: bypass tf out of uid_t/gid_t strict type checks KernelSU v3.0.0+ Warning: Managers built from this repo has a known keystore. See dummy.keystore. Signed-off-by: backslashxx <[email protected]>
backslashxx
added a commit
to backslashxx/KernelSU
that referenced
this pull request
Jan 14, 2026
Changes on top of upstream (+75): kernel: ksu pr 3093 manager: partially revert "manager: Add GKI mode WarningCard" workflows: debloat workflows: debloat pt. 2 dummy.keystore ksud: add armeabi-v7a support manager: failure mode dummy demo manager: unofficial build manager: Add ABI and Kernel archirecture info into InfoCardItem ksud: prevent 32-on-64 pointer mismatches on sepolicy ksud: add avc spoof to feature kernel: remove unsupportable code kernel: restore code required for old kernels kernel: build: migrate to unity build kernel: core_hook: disable seccomp for manager and allowed uids kernel: supercalls: provide sys_reboot handler kernel: supercalls: backport: "Use task work to install fd" kernel: adapt "namespace support" feature to old kernels kernel: file_wrapper: handle anon_inode_getfile for old kernels kernel: supercalls: partial backport of do_manage_mark kernel: selinux: force sepol_data.sepol to be u64 kernel: core_hook: screw path_umount backport, call sys_umount directly kernel: app_profile: shim escape_with_root_profile kernel: throne_tracker: offload to kthread (tiann#2632) kernel: allowlist: escape persistent_allow_list to kthread kernel: ksud: migrate ksud execution to security_bprm_check (tiann#2653) kernel: core_hook: migrate init_session_keyring grab to security_bprm_check kernel: compat: uprev init_session_keyring pullout to 3.8~5.2 kernel: sucompat: increase reliability, commonize and micro-optimize (tiann#2656) kernel: sucompat: sucompat feature support for manual hooks (tiann#2506) kernel: sucompat: provide do_execve_common handler for < 3.14 kernel: sucompat: provide getname_flags handlers kernel: sucompat: provide vfs_statx hook handler >= 5.18 kernel: sucompat: use seccomp.mode for permission check kernel: sucompat: execve: escape init ksud call to root kernel: app_profile: do not disable seccomp again kernel: ksud: migrate init.rc handling to security_file_permission LSM kernel: expose KSU_LSM_SECURITY_HOOKS on Kconfig kernel: file_wrapper: handle more compat kernel: file_wrapper: handle readdir and iterate compat for UL kernel: ksud: provide is_ksu_transition check v4 kernel: ksud: replace input hook with an input handler kernel: offer syscall table tampering for legacy kernels kernel: kp_ksud: restore kprobes for early-boot and used-once hooks kernel: rp_sucompat: add kretprobes-hooked getname_flags for sucompat kernel: extras: SQUASH: avc log spoofing impl kernel: supercalls/debug: expose ksu_set_manager_appid to sys_reboot kernel: supercalls: allow userspace to pull list entries (tiann#3040) kernel: sulog: basic ringbuffer, timestamped su log kernel: supercalls: expose ksuver override kernel: supercalls: expose spoof uname function to userspace kernel: apk_sign: casting to char for strcmp -> memcmp kernel: apk_sign: migrate generic_file_llseek -> vfs_llseek kernel: core_hook: no ext4_unregister_sysfs, no problem kernel: ksud: d_is_reg to S_ISREG kernel: throne_tracker: resolve s_magic for < 3.9 kernel: ksud: handle conditional read_iter requirement for < 3.16 kernel: throne_tracker: handle filldir_t ABI mismatch on <= 3.18 kernel: compat: iterate_dir -> vfs_readdir compat for < 3.11 kernel: sucompat: bruteforce writeable stack from start_stack for < 3.8 kernel: compat: provide bin2hex compat for < 3.18 kernel: compat: add strscpy pseudo-compat for < 4.3 kernel: compat: file_inode compat for < 3.9 kernel: compat: provide selinux_inode/selinux_cred wrappers for < 5.1 kernel: compat: inline newer kernel_read / kernel_write for < 4.14 kernel: compat: no-op groups_sort if unavailable kernel: apk_sign: fix return check for ksu_sha256 kernel: handle backports kernel: apk_sign: add more size/hash pairs kernel: ksu: printout quirks / backports / etc on init kernel: scripts: kuid_ul_fix: add small script as helper kernel: selinux/sepolicy: tweak ksu_kvrealloc compat kernel: ksud: read: add fallback to /init.rc HACK: kernel: bypass tf out of uid_t/gid_t strict type checks KernelSU v3.0.0+ Warning: Managers built from this repo has a known keystore. See dummy.keystore. Signed-off-by: backslashxx <[email protected]>
backslashxx
added a commit
to backslashxx/KernelSU
that referenced
this pull request
Jan 14, 2026
Changes on top of upstream (+75): kernel: ksu pr 3093 manager: partially revert "manager: Add GKI mode WarningCard" workflows: debloat workflows: debloat pt. 2 dummy.keystore ksud: add armeabi-v7a support manager: failure mode dummy demo manager: unofficial build manager: Add ABI and Kernel archirecture info into InfoCardItem ksud: prevent 32-on-64 pointer mismatches on sepolicy ksud: add avc spoof to feature kernel: remove unsupportable code kernel: restore code required for old kernels kernel: build: migrate to unity build kernel: core_hook: disable seccomp for manager and allowed uids kernel: supercalls: provide sys_reboot handler kernel: supercalls: backport: "Use task work to install fd" kernel: adapt "namespace support" feature to old kernels kernel: file_wrapper: handle anon_inode_getfile for old kernels kernel: supercalls: partial backport of do_manage_mark kernel: selinux: force sepol_data.sepol to be u64 kernel: core_hook: screw path_umount backport, call sys_umount directly kernel: app_profile: shim escape_with_root_profile kernel: throne_tracker: offload to kthread (tiann#2632) kernel: allowlist: escape persistent_allow_list to kthread kernel: ksud: migrate ksud execution to security_bprm_check (tiann#2653) kernel: core_hook: migrate init_session_keyring grab to security_bprm_check kernel: compat: uprev init_session_keyring pullout to 3.8~5.2 kernel: sucompat: increase reliability, commonize and micro-optimize (tiann#2656) kernel: sucompat: sucompat feature support for manual hooks (tiann#2506) kernel: sucompat: provide do_execve_common handler for < 3.14 kernel: sucompat: provide getname_flags handlers kernel: sucompat: provide vfs_statx hook handler >= 5.18 kernel: sucompat: use seccomp.mode for permission check kernel: sucompat: execve: escape init ksud call to root kernel: app_profile: do not disable seccomp again kernel: ksud: migrate init.rc handling to security_file_permission LSM kernel: expose KSU_LSM_SECURITY_HOOKS on Kconfig kernel: file_wrapper: handle more compat kernel: file_wrapper: handle readdir and iterate compat for UL kernel: ksud: provide is_ksu_transition check v4 kernel: ksud: replace input hook with an input handler kernel: offer syscall table tampering for legacy kernels kernel: kp_ksud: restore kprobes for early-boot and used-once hooks kernel: rp_sucompat: add kretprobes-hooked getname_flags for sucompat kernel: extras: SQUASH: avc log spoofing impl kernel: supercalls/debug: expose ksu_set_manager_appid to sys_reboot kernel: supercalls: allow userspace to pull list entries (tiann#3040) kernel: sulog: basic ringbuffer, timestamped su log kernel: supercalls: expose ksuver override kernel: supercalls: expose spoof uname function to userspace kernel: apk_sign: casting to char for strcmp -> memcmp kernel: apk_sign: migrate generic_file_llseek -> vfs_llseek kernel: core_hook: no ext4_unregister_sysfs, no problem kernel: ksud: d_is_reg to S_ISREG kernel: throne_tracker: resolve s_magic for < 3.9 kernel: ksud: handle conditional read_iter requirement for < 3.16 kernel: throne_tracker: handle filldir_t ABI mismatch on <= 3.18 kernel: compat: iterate_dir -> vfs_readdir compat for < 3.11 kernel: sucompat: bruteforce writeable stack from start_stack for < 3.8 kernel: compat: provide bin2hex compat for < 3.18 kernel: compat: add strscpy pseudo-compat for < 4.3 kernel: compat: file_inode compat for < 3.9 kernel: compat: provide selinux_inode/selinux_cred wrappers for < 5.1 kernel: compat: inline newer kernel_read / kernel_write for < 4.14 kernel: compat: no-op groups_sort if unavailable kernel: apk_sign: fix return check for ksu_sha256 kernel: handle backports kernel: apk_sign: add more size/hash pairs kernel: ksu: printout quirks / backports / etc on init kernel: scripts: kuid_ul_fix: add small script as helper kernel: selinux/sepolicy: tweak ksu_kvrealloc compat kernel: ksud: read: add fallback to /init.rc HACK: kernel: bypass tf out of uid_t/gid_t strict type checks KernelSU v3.0.0+ Warning: Managers built from this repo has a known keystore. See dummy.keystore. Signed-off-by: backslashxx <[email protected]>
backslashxx
added a commit
to backslashxx/KernelSU
that referenced
this pull request
Jan 14, 2026
Changes on top of upstream (+75): kernel: ksu pr 3093 manager: partially revert "manager: Add GKI mode WarningCard" workflows: debloat workflows: debloat pt. 2 dummy.keystore ksud: add armeabi-v7a support manager: failure mode dummy demo manager: unofficial build manager: Add ABI and Kernel archirecture info into InfoCardItem ksud: prevent 32-on-64 pointer mismatches on sepolicy ksud: add avc spoof to feature kernel: remove unsupportable code kernel: restore code required for old kernels kernel: build: migrate to unity build kernel: core_hook: disable seccomp for manager and allowed uids kernel: supercalls: provide sys_reboot handler kernel: supercalls: backport: "Use task work to install fd" kernel: adapt "namespace support" feature to old kernels kernel: file_wrapper: handle anon_inode_getfile for old kernels kernel: supercalls: partial backport of do_manage_mark kernel: selinux: force sepol_data.sepol to be u64 kernel: core_hook: screw path_umount backport, call sys_umount directly kernel: app_profile: shim escape_with_root_profile kernel: throne_tracker: offload to kthread (tiann#2632) kernel: allowlist: escape persistent_allow_list to kthread kernel: ksud: migrate ksud execution to security_bprm_check (tiann#2653) kernel: core_hook: migrate init_session_keyring grab to security_bprm_check kernel: compat: uprev init_session_keyring pullout to 3.8~5.2 kernel: sucompat: increase reliability, commonize and micro-optimize (tiann#2656) kernel: sucompat: sucompat feature support for manual hooks (tiann#2506) kernel: sucompat: provide do_execve_common handler for < 3.14 kernel: sucompat: provide getname_flags handlers kernel: sucompat: provide vfs_statx hook handler >= 5.18 kernel: sucompat: use seccomp.mode for permission check kernel: sucompat: execve: escape init ksud call to root kernel: app_profile: do not disable seccomp again kernel: ksud: migrate init.rc handling to security_file_permission LSM kernel: expose KSU_LSM_SECURITY_HOOKS on Kconfig kernel: file_wrapper: handle more compat kernel: file_wrapper: handle readdir and iterate compat for UL kernel: ksud: provide is_ksu_transition check v4 kernel: ksud: replace input hook with an input handler kernel: offer syscall table tampering for legacy kernels kernel: kp_ksud: restore kprobes for early-boot and used-once hooks kernel: rp_sucompat: add kretprobes-hooked getname_flags for sucompat kernel: extras: SQUASH: avc log spoofing impl kernel: supercalls/debug: expose ksu_set_manager_appid to sys_reboot kernel: supercalls: allow userspace to pull list entries (tiann#3040) kernel: sulog: basic ringbuffer, timestamped su log kernel: supercalls: expose ksuver override kernel: supercalls: expose spoof uname function to userspace kernel: apk_sign: casting to char for strcmp -> memcmp kernel: apk_sign: migrate generic_file_llseek -> vfs_llseek kernel: core_hook: no ext4_unregister_sysfs, no problem kernel: ksud: d_is_reg to S_ISREG kernel: throne_tracker: resolve s_magic for < 3.9 kernel: ksud: handle conditional read_iter requirement for < 3.16 kernel: throne_tracker: handle filldir_t ABI mismatch on <= 3.18 kernel: compat: iterate_dir -> vfs_readdir compat for < 3.11 kernel: sucompat: bruteforce writeable stack from start_stack for < 3.8 kernel: compat: provide bin2hex compat for < 3.18 kernel: compat: add strscpy pseudo-compat for < 4.3 kernel: compat: file_inode compat for < 3.9 kernel: compat: provide selinux_inode/selinux_cred wrappers for < 5.1 kernel: compat: inline newer kernel_read / kernel_write for < 4.14 kernel: compat: no-op groups_sort if unavailable kernel: apk_sign: fix return check for ksu_sha256 kernel: handle backports kernel: apk_sign: add more size/hash pairs kernel: ksu: printout quirks / backports / etc on init kernel: scripts: kuid_ul_fix: add small script as helper kernel: selinux/sepolicy: tweak ksu_kvrealloc compat kernel: ksud: read: add fallback to /init.rc HACK: kernel: bypass tf out of uid_t/gid_t strict type checks KernelSU v3.0.0+ Warning: Managers built from this repo has a known keystore. See dummy.keystore. Signed-off-by: backslashxx <[email protected]>
backslashxx
added a commit
to backslashxx/KernelSU
that referenced
this pull request
Jan 14, 2026
Changes on top of upstream (+76): kernel: ksu pr 3093 manager: partially revert "manager: Add GKI mode WarningCard" workflows: debloat workflows: debloat pt. 2 dummy.keystore ksud: add armeabi-v7a support manager: failure mode dummy demo manager: unofficial build manager: Add ABI and Kernel archirecture info into InfoCardItem ksud: prevent 32-on-64 pointer mismatches on sepolicy ksud: add avc spoof to feature kernel: remove unsupportable code kernel: restore code required for old kernels kernel: build: migrate to unity build kernel: core_hook: disable seccomp for manager and allowed uids kernel: supercalls: provide sys_reboot handler kernel: supercalls: backport: "Use task work to install fd" kernel: adapt "namespace support" feature to old kernels kernel: file_wrapper: handle anon_inode_getfile for old kernels kernel: supercalls: partial backport of do_manage_mark kernel: selinux: force sepol_data.sepol to be u64 kernel: core_hook: screw path_umount backport, call sys_umount directly kernel: app_profile: shim escape_with_root_profile kernel: throne_tracker: offload to kthread (tiann#2632) kernel: allowlist: escape persistent_allow_list to kthread kernel: ksud: migrate ksud execution to security_bprm_check (tiann#2653) kernel: core_hook: migrate init_session_keyring grab to security_bprm_check kernel: compat: uprev init_session_keyring pullout to 3.8~5.2 kernel: sucompat: increase reliability, commonize and micro-optimize (tiann#2656) kernel: sucompat: sucompat feature support for manual hooks (tiann#2506) kernel: sucompat: provide do_execve_common handler for < 3.14 kernel: sucompat: provide getname_flags handlers kernel: sucompat: provide vfs_statx hook handler >= 5.18 kernel: sucompat: use seccomp.mode for permission check kernel: sucompat: execve: escape init ksud call to root kernel: app_profile: do not disable seccomp again kernel: ksud: migrate init.rc handling to security_file_permission LSM kernel: expose KSU_LSM_SECURITY_HOOKS on Kconfig kernel: core_hook: introduce selinux_ops LSM tampering for < 4.2 kernel: file_wrapper: handle more compat kernel: file_wrapper: handle readdir and iterate compat for UL kernel: ksud: provide is_ksu_transition check v4 kernel: ksud: replace input hook with an input handler kernel: offer syscall table tampering for legacy kernels kernel: kp_ksud: restore kprobes for early-boot and used-once hooks kernel: rp_sucompat: add kretprobes-hooked getname_flags for sucompat kernel: extras: SQUASH: avc log spoofing impl kernel: supercalls/debug: expose ksu_set_manager_appid to sys_reboot kernel: supercalls: allow userspace to pull list entries (tiann#3040) kernel: sulog: basic ringbuffer, timestamped su log kernel: supercalls: expose ksuver override kernel: supercalls: expose spoof uname function to userspace kernel: apk_sign: casting to char for strcmp -> memcmp kernel: apk_sign: migrate generic_file_llseek -> vfs_llseek kernel: core_hook: no ext4_unregister_sysfs, no problem kernel: ksud: d_is_reg to S_ISREG kernel: throne_tracker: resolve s_magic for < 3.9 kernel: ksud: handle conditional read_iter requirement for < 3.16 kernel: throne_tracker: handle filldir_t ABI mismatch on <= 3.18 kernel: compat: iterate_dir -> vfs_readdir compat for < 3.11 kernel: sucompat: bruteforce writeable stack from start_stack for < 3.8 kernel: compat: provide bin2hex compat for < 3.18 kernel: compat: add strscpy pseudo-compat for < 4.3 kernel: compat: file_inode compat for < 3.9 kernel: compat: provide selinux_inode/selinux_cred wrappers for < 5.1 kernel: compat: inline newer kernel_read / kernel_write for < 4.14 kernel: compat: no-op groups_sort if unavailable kernel: apk_sign: fix return check for ksu_sha256 kernel: handle backports kernel: apk_sign: add more size/hash pairs kernel: ksu: printout quirks / backports / etc on init kernel: scripts: kuid_ul_fix: add small script as helper kernel: selinux/sepolicy: tweak ksu_kvrealloc compat kernel: ksud: read: add fallback to /init.rc HACK: kernel: bypass tf out of uid_t/gid_t strict type checks KernelSU v3.0.0+ Warning: Managers built from this repo has a known keystore. See dummy.keystore. Signed-off-by: backslashxx <[email protected]>
backslashxx
added a commit
to backslashxx/KernelSU
that referenced
this pull request
Jan 14, 2026
This migrates ksud execution decision-making to bprm_check_security. This requires passing proper argv and envp to a modified _ksud handler aptly named 'ksu_handle_bprm_ksud'. Introduces: int ksu_handle_bprm_ksud(const char *filename, const char *argv1, const char *envp, size_t envp_len) which is adapted from: int ksu_handle_execveat_ksud(int *fd, struct filename **filename_ptr, struct user_arg_ptr *argv, struct user_arg_ptr *envp, int *flags) ksu_handle_bprm_ksud handles all the decision making, it decides when it is time to apply_kernelsu_rules depending if it sees "second_stage". For LSM hook, turns out we can pull out argv and envp from mm_struct. The code in here explains itself on how to do it. whole blob exists on arg_start to arg_end, so we just pull it out and grab next array after the first null terminator. as for envp, we pass the pointer then hunt for it when needed This now provides a small helper function, ksu_copy_from_user_retry, which explains itself. First we attempt a _nofault copy, if that fails, we try plain. With that, It also provides an inlined copy_from_user_nofault for < 5.8. While using strncpy_from_user_nofault was considered, this wont do, this will only copy up to the first \0. EDIT: properly move selinux init rules to this commit, its this thing that actually needs it - ref: f8244dd - removed on: tiann#3031 devlog: ximi-libra-test/android_kernel_xiaomi_libra@16e5dce...16c1f5f ximi-mojito-test/mojito_krenol@28642e6...728de0c ac73056 * Stale: tiann#2653 Signed-off-by: backslashxx <[email protected]>
backslashxx
added a commit
to backslashxx/KernelSU
that referenced
this pull request
Jan 14, 2026
Changes on top of upstream (+76): kernel: ksu pr 3093 manager: partially revert "manager: Add GKI mode WarningCard" workflows: debloat workflows: debloat pt. 2 dummy.keystore ksud: add armeabi-v7a support manager: failure mode dummy demo manager: unofficial build manager: Add ABI and Kernel archirecture info into InfoCardItem ksud: prevent 32-on-64 pointer mismatches on sepolicy ksud: add avc spoof to feature kernel: remove unsupportable code kernel: restore code required for old kernels kernel: build: migrate to unity build kernel: core_hook: disable seccomp for manager and allowed uids kernel: supercalls: provide sys_reboot handler kernel: supercalls: backport: "Use task work to install fd" kernel: adapt "namespace support" feature to old kernels kernel: file_wrapper: handle anon_inode_getfile for old kernels kernel: supercalls: partial backport of do_manage_mark kernel: selinux: force sepol_data.sepol to be u64 kernel: core_hook: screw path_umount backport, call sys_umount directly kernel: app_profile: shim escape_with_root_profile kernel: throne_tracker: offload to kthread (tiann#2632) kernel: allowlist: escape persistent_allow_list to kthread kernel: ksud: migrate ksud execution to security_bprm_check (tiann#2653) kernel: core_hook: migrate init_session_keyring grab to security_bprm_check kernel: compat: uprev init_session_keyring pullout to 3.8~5.2 kernel: sucompat: increase reliability, commonize and micro-optimize (tiann#2656) kernel: sucompat: sucompat feature support for manual hooks (tiann#2506) kernel: sucompat: provide do_execve_common handler for < 3.14 kernel: sucompat: provide getname_flags handlers kernel: sucompat: provide vfs_statx hook handler >= 5.18 kernel: sucompat: use seccomp.mode for permission check kernel: sucompat: execve: escape init ksud call to root kernel: app_profile: do not disable seccomp again kernel: ksud: migrate init.rc handling to security_file_permission LSM kernel: expose KSU_LSM_SECURITY_HOOKS on Kconfig kernel: core_hook: introduce selinux_ops LSM tampering for < 4.2 kernel: file_wrapper: handle more compat kernel: file_wrapper: handle readdir and iterate compat for UL kernel: ksud: provide is_ksu_transition check v4 kernel: ksud: replace input hook with an input handler kernel: offer syscall table tampering for legacy kernels kernel: kp_ksud: restore kprobes for early-boot and used-once hooks kernel: rp_sucompat: add kretprobes-hooked getname_flags for sucompat kernel: extras: SQUASH: avc log spoofing impl kernel: supercalls/debug: expose ksu_set_manager_appid to sys_reboot kernel: supercalls: allow userspace to pull list entries (tiann#3040) kernel: sulog: basic ringbuffer, timestamped su log kernel: supercalls: expose ksuver override kernel: supercalls: expose spoof uname function to userspace kernel: apk_sign: casting to char for strcmp -> memcmp kernel: apk_sign: migrate generic_file_llseek -> vfs_llseek kernel: core_hook: no ext4_unregister_sysfs, no problem kernel: ksud: d_is_reg to S_ISREG kernel: throne_tracker: resolve s_magic for < 3.9 kernel: ksud: handle conditional read_iter requirement for < 3.16 kernel: throne_tracker: handle filldir_t ABI mismatch on <= 3.18 kernel: compat: iterate_dir -> vfs_readdir compat for < 3.11 kernel: sucompat: bruteforce writeable stack from start_stack for < 3.8 kernel: compat: provide bin2hex compat for < 3.18 kernel: compat: add strscpy pseudo-compat for < 4.3 kernel: compat: file_inode compat for < 3.9 kernel: compat: provide selinux_inode/selinux_cred wrappers for < 5.1 kernel: compat: inline newer kernel_read / kernel_write for < 4.14 kernel: compat: no-op groups_sort if unavailable kernel: apk_sign: fix return check for ksu_sha256 kernel: handle backports kernel: apk_sign: add more size/hash pairs kernel: ksu: printout quirks / backports / etc on init kernel: scripts: kuid_ul_fix: add small script as helper kernel: selinux/sepolicy: tweak ksu_kvrealloc compat kernel: ksud: read: add fallback to /init.rc HACK: kernel: bypass tf out of uid_t/gid_t strict type checks KernelSU v3.0.0+ Warning: Managers built from this repo has a known keystore. See dummy.keystore. Signed-off-by: backslashxx <[email protected]>
selfmusing
pushed a commit
to selfmusing/USlenreK
that referenced
this pull request
Jan 14, 2026
This migrates ksud execution decision-making to bprm_check_security. This requires passing proper argv and envp to a modified _ksud handler aptly named 'ksu_handle_bprm_ksud'. Introduces: int ksu_handle_bprm_ksud(const char *filename, const char *argv1, const char *envp, size_t envp_len) which is adapted from: int ksu_handle_execveat_ksud(int *fd, struct filename **filename_ptr, struct user_arg_ptr *argv, struct user_arg_ptr *envp, int *flags) ksu_handle_bprm_ksud handles all the decision making, it decides when it is time to apply_kernelsu_rules depending if it sees "second_stage". For LSM hook, turns out we can pull out argv and envp from mm_struct. The code in here explains itself on how to do it. whole blob exists on arg_start to arg_end, so we just pull it out and grab next array after the first null terminator. as for envp, we pass the pointer then hunt for it when needed This now provides a small helper function, ksu_copy_from_user_retry, which explains itself. First we attempt a _nofault copy, if that fails, we try plain. With that, It also provides an inlined copy_from_user_nofault for < 5.8. While using strncpy_from_user_nofault was considered, this wont do, this will only copy up to the first \0. EDIT: properly move selinux init rules to this commit, its this thing that actually needs it - ref: backslashxx@f8244dd - removed on: tiann#3031 devlog: ximi-libra-test/android_kernel_xiaomi_libra@16e5dce...16c1f5f ximi-mojito-test/mojito_krenol@28642e6...728de0c backslashxx@ac73056 * Stale: tiann#2653 Signed-off-by: backslashxx <[email protected]>
selfmusing
pushed a commit
to selfmusing/USlenreK
that referenced
this pull request
Jan 14, 2026
Changes on top of upstream (+76): kernel: ksu pr 3093 manager: partially revert "manager: Add GKI mode WarningCard" workflows: debloat workflows: debloat pt. 2 dummy.keystore ksud: add armeabi-v7a support manager: failure mode dummy demo manager: unofficial build manager: Add ABI and Kernel archirecture info into InfoCardItem ksud: prevent 32-on-64 pointer mismatches on sepolicy ksud: add avc spoof to feature kernel: remove unsupportable code kernel: restore code required for old kernels kernel: build: migrate to unity build kernel: core_hook: disable seccomp for manager and allowed uids kernel: supercalls: provide sys_reboot handler kernel: supercalls: backport: "Use task work to install fd" kernel: adapt "namespace support" feature to old kernels kernel: file_wrapper: handle anon_inode_getfile for old kernels kernel: supercalls: partial backport of do_manage_mark kernel: selinux: force sepol_data.sepol to be u64 kernel: core_hook: screw path_umount backport, call sys_umount directly kernel: app_profile: shim escape_with_root_profile kernel: throne_tracker: offload to kthread (tiann#2632) kernel: allowlist: escape persistent_allow_list to kthread kernel: ksud: migrate ksud execution to security_bprm_check (tiann#2653) kernel: core_hook: migrate init_session_keyring grab to security_bprm_check kernel: compat: uprev init_session_keyring pullout to 3.8~5.2 kernel: sucompat: increase reliability, commonize and micro-optimize (tiann#2656) kernel: sucompat: sucompat feature support for manual hooks (tiann#2506) kernel: sucompat: provide do_execve_common handler for < 3.14 kernel: sucompat: provide getname_flags handlers kernel: sucompat: provide vfs_statx hook handler >= 5.18 kernel: sucompat: use seccomp.mode for permission check kernel: sucompat: execve: escape init ksud call to root kernel: app_profile: do not disable seccomp again kernel: ksud: migrate init.rc handling to security_file_permission LSM kernel: expose KSU_LSM_SECURITY_HOOKS on Kconfig kernel: core_hook: introduce selinux_ops LSM tampering for < 4.2 kernel: file_wrapper: handle more compat kernel: file_wrapper: handle readdir and iterate compat for UL kernel: ksud: provide is_ksu_transition check v4 kernel: ksud: replace input hook with an input handler kernel: offer syscall table tampering for legacy kernels kernel: kp_ksud: restore kprobes for early-boot and used-once hooks kernel: rp_sucompat: add kretprobes-hooked getname_flags for sucompat kernel: extras: SQUASH: avc log spoofing impl kernel: supercalls/debug: expose ksu_set_manager_appid to sys_reboot kernel: supercalls: allow userspace to pull list entries (tiann#3040) kernel: sulog: basic ringbuffer, timestamped su log kernel: supercalls: expose ksuver override kernel: supercalls: expose spoof uname function to userspace kernel: apk_sign: casting to char for strcmp -> memcmp kernel: apk_sign: migrate generic_file_llseek -> vfs_llseek kernel: core_hook: no ext4_unregister_sysfs, no problem kernel: ksud: d_is_reg to S_ISREG kernel: throne_tracker: resolve s_magic for < 3.9 kernel: ksud: handle conditional read_iter requirement for < 3.16 kernel: throne_tracker: handle filldir_t ABI mismatch on <= 3.18 kernel: compat: iterate_dir -> vfs_readdir compat for < 3.11 kernel: sucompat: bruteforce writeable stack from start_stack for < 3.8 kernel: compat: provide bin2hex compat for < 3.18 kernel: compat: add strscpy pseudo-compat for < 4.3 kernel: compat: file_inode compat for < 3.9 kernel: compat: provide selinux_inode/selinux_cred wrappers for < 5.1 kernel: compat: inline newer kernel_read / kernel_write for < 4.14 kernel: compat: no-op groups_sort if unavailable kernel: apk_sign: fix return check for ksu_sha256 kernel: handle backports kernel: apk_sign: add more size/hash pairs kernel: ksu: printout quirks / backports / etc on init kernel: scripts: kuid_ul_fix: add small script as helper kernel: selinux/sepolicy: tweak ksu_kvrealloc compat kernel: ksud: read: add fallback to /init.rc HACK: kernel: bypass tf out of uid_t/gid_t strict type checks KernelSU v3.0.0+ Warning: Managers built from this repo has a known keystore. See dummy.keystore. Signed-off-by: backslashxx <[email protected]>
selfmusing
pushed a commit
to selfmusing/USlenreK
that referenced
this pull request
Jan 14, 2026
Changes on top of upstream (+76): kernel: ksu pr 3093 manager: partially revert "manager: Add GKI mode WarningCard" workflows: debloat workflows: debloat pt. 2 dummy.keystore ksud: add armeabi-v7a support manager: failure mode dummy demo manager: unofficial build manager: Add ABI and Kernel archirecture info into InfoCardItem ksud: prevent 32-on-64 pointer mismatches on sepolicy ksud: add avc spoof to feature kernel: remove unsupportable code kernel: restore code required for old kernels kernel: build: migrate to unity build kernel: core_hook: disable seccomp for manager and allowed uids kernel: supercalls: provide sys_reboot handler kernel: supercalls: backport: "Use task work to install fd" kernel: adapt "namespace support" feature to old kernels kernel: file_wrapper: handle anon_inode_getfile for old kernels kernel: supercalls: partial backport of do_manage_mark kernel: selinux: force sepol_data.sepol to be u64 kernel: core_hook: screw path_umount backport, call sys_umount directly kernel: app_profile: shim escape_with_root_profile kernel: throne_tracker: offload to kthread (tiann#2632) kernel: allowlist: escape persistent_allow_list to kthread kernel: ksud: migrate ksud execution to security_bprm_check (tiann#2653) kernel: core_hook: migrate init_session_keyring grab to security_bprm_check kernel: compat: uprev init_session_keyring pullout to 3.8~5.2 kernel: sucompat: increase reliability, commonize and micro-optimize (tiann#2656) kernel: sucompat: sucompat feature support for manual hooks (tiann#2506) kernel: sucompat: provide do_execve_common handler for < 3.14 kernel: sucompat: provide getname_flags handlers kernel: sucompat: provide vfs_statx hook handler >= 5.18 kernel: sucompat: use seccomp.mode for permission check kernel: sucompat: execve: escape init ksud call to root kernel: app_profile: do not disable seccomp again kernel: ksud: migrate init.rc handling to security_file_permission LSM kernel: expose KSU_LSM_SECURITY_HOOKS on Kconfig kernel: core_hook: introduce selinux_ops LSM tampering for < 4.2 kernel: file_wrapper: handle more compat kernel: file_wrapper: handle readdir and iterate compat for UL kernel: ksud: provide is_ksu_transition check v4 kernel: ksud: replace input hook with an input handler kernel: offer syscall table tampering for legacy kernels kernel: kp_ksud: restore kprobes for early-boot and used-once hooks kernel: rp_sucompat: add kretprobes-hooked getname_flags for sucompat kernel: extras: SQUASH: avc log spoofing impl kernel: supercalls/debug: expose ksu_set_manager_appid to sys_reboot kernel: supercalls: allow userspace to pull list entries (tiann#3040) kernel: sulog: basic ringbuffer, timestamped su log kernel: supercalls: expose ksuver override kernel: supercalls: expose spoof uname function to userspace kernel: apk_sign: casting to char for strcmp -> memcmp kernel: apk_sign: migrate generic_file_llseek -> vfs_llseek kernel: core_hook: no ext4_unregister_sysfs, no problem kernel: ksud: d_is_reg to S_ISREG kernel: throne_tracker: resolve s_magic for < 3.9 kernel: ksud: handle conditional read_iter requirement for < 3.16 kernel: throne_tracker: handle filldir_t ABI mismatch on <= 3.18 kernel: compat: iterate_dir -> vfs_readdir compat for < 3.11 kernel: sucompat: bruteforce writeable stack from start_stack for < 3.8 kernel: compat: provide bin2hex compat for < 3.18 kernel: compat: add strscpy pseudo-compat for < 4.3 kernel: compat: file_inode compat for < 3.9 kernel: compat: provide selinux_inode/selinux_cred wrappers for < 5.1 kernel: compat: inline newer kernel_read / kernel_write for < 4.14 kernel: compat: no-op groups_sort if unavailable kernel: apk_sign: fix return check for ksu_sha256 kernel: handle backports kernel: apk_sign: add more size/hash pairs kernel: ksu: printout quirks / backports / etc on init kernel: scripts: kuid_ul_fix: add small script as helper kernel: selinux/sepolicy: tweak ksu_kvrealloc compat kernel: ksud: read: add fallback to /init.rc HACK: kernel: bypass tf out of uid_t/gid_t strict type checks KernelSU v3.0.0+ Warning: Managers built from this repo has a known keystore. See dummy.keystore. Signed-off-by: backslashxx <[email protected]>
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Uh oh!
There was an error while loading. Please reload this page.