tiann · aviraxp · Nov 1, 2025 · Nov 1, 2025 · Nov 1, 2025 · Nov 1, 2025
diff --git a/.github/workflows/avd-kernel.yml b/.github/workflows/avd-kernel.yml
diff --git a/.github/workflows/build-kernel-arcvm.yml b/.github/workflows/build-kernel-arcvm.yml
@@ -1,15 +1,5 @@
 name: Build Kernel - ChromeOS ARCVM
 on:
-  push:
-    branches: ["main", "ci", "checkci"]
-    paths:
-      - ".github/workflows/build-kernel-arcvm.yml"
-      - "kernel/**"
-  pull_request:
-    branches: ["main"]
-    paths:
-      - ".github/workflows/build-kernel-arcvm.yml"
-      - "kernel/**"
   workflow_call:
   workflow_dispatch:
 

diff --git a/.github/workflows/build-kernel-avd.yml b/.github/workflows/build-kernel-avd.yml
diff --git a/.github/workflows/build-kernel-wsa.yml b/.github/workflows/build-kernel-wsa.yml
@@ -1,17 +1,5 @@
 name: Build Kernel - WSA
 on:
-  push:
-    branches: ["main", "ci", "checkci"]
-    paths:
-      - ".github/workflows/build-kernel-wsa.yml"
-      - ".github/workflows/wsa-kernel.yml"
-      - "kernel/**"
-  pull_request:
-    branches: ["main"]
-    paths:
-      - ".github/workflows/build-kernel-wsa.yml"
-      - ".github/workflows/wsa-kernel.yml"
-      - "kernel/**"
   workflow_call:
   workflow_dispatch:
 

diff --git a/kernel/core_hook.c b/kernel/core_hook.c
@@ -280,13 +280,21 @@ int ksu_handle_setuid(struct cred *new, const struct cred *old)
 
     if (ksu_get_manager_uid() == new_uid.val) {
         pr_info("install fd for: %d\n", new_uid.val);
-        spin_lock_irq(&current->sighand->siglock);
         ksu_install_fd();
+        spin_lock_irq(&current->sighand->siglock);
         ksu_seccomp_allow_cache(current->seccomp.filter, __NR_reboot);
         spin_unlock_irq(&current->sighand->siglock);
         return 0;
     }
 
+    if (ksu_is_allow_uid(new_uid.val)) {
+        if (current->seccomp.mode == SECCOMP_MODE_FILTER && current->seccomp.filter) {
+            spin_lock_irq(&current->sighand->siglock);
+            ksu_seccomp_allow_cache(current->seccomp.filter, __NR_reboot);
+            spin_unlock_irq(&current->sighand->siglock);
+        }
+    }
+
     // this hook is used for umounting overlayfs for some uid, if there isn't any module mounted, just ignore it!
     if (!ksu_module_mounted) {
         return 0;

diff --git a/userspace/ksud/src/ksucalls.rs b/userspace/ksud/src/ksucalls.rs
@@ -88,14 +88,22 @@ fn init_driver_fd() -> Option<RawFd> {
     }
 }
 
+#[cfg(not(any(target_os = "linux", target_os = "android")))]
+fn init_driver_fd() -> Option<RawFd> {
+    None
+}
+
 // ioctl wrapper using libc
 #[cfg(any(target_os = "linux", target_os = "android"))]
 fn ksuctl<T>(request: u32, arg: *mut T) -> std::io::Result<i32> {
     use std::io;
 
     let fd = *DRIVER_FD.get_or_init(|| init_driver_fd().unwrap_or(-1));
     unsafe {
-        let ret = libc::ioctl(fd as libc::c_int, request as libc::c_int, arg);
+        #[cfg(target_os = "android")]
+        let ret = libc::ioctl(fd as libc::c_int, request as i32, arg);
+        #[cfg(not(target_os = "android"))]
+        let ret = libc::ioctl(fd as libc::c_int, request as u64, arg);
         if ret < 0 {
             Err(io::Error::last_os_error())
         } else {