tiann · Ylarod · Nov 5, 2025 · Nov 4, 2025 · Nov 5, 2025
diff --git a/kernel/supercalls.c b/kernel/supercalls.c
@@ -47,14 +47,15 @@ bool always_allow(void)
     return true; // No permission check
 }
 
-static int do_grant_root(void __user *arg)
+bool allowed_for_su(void)
 {
-    // Check if current UID is allowed
     bool is_allowed = is_manager() || ksu_is_allow_uid(current_uid().val);
+    return is_allowed;
+}
 
-    if (!is_allowed) {
-        return -EPERM;
-    }
+static int do_grant_root(void __user *arg)
+{
+    // we already check uid above on allowed_for_su()
 
     pr_info("allow root for: %d\n", current_uid().val);
     escape_to_root();
@@ -330,7 +331,7 @@ static int do_set_feature(void __user *arg)
 
 // IOCTL handlers mapping table
 static const struct ksu_ioctl_cmd_map ksu_ioctl_handlers[] = {
-    { .cmd = KSU_IOCTL_GRANT_ROOT, .name = "GRANT_ROOT", .handler = do_grant_root, .perm_check = manager_or_root },
+    { .cmd = KSU_IOCTL_GRANT_ROOT, .name = "GRANT_ROOT", .handler = do_grant_root, .perm_check = allowed_for_su },
     { .cmd = KSU_IOCTL_GET_INFO, .name = "GET_INFO", .handler = do_get_info, .perm_check = always_allow },
     { .cmd = KSU_IOCTL_REPORT_EVENT, .name = "REPORT_EVENT", .handler = do_report_event, .perm_check = only_root },
     { .cmd = KSU_IOCTL_SET_SEPOLICY, .name = "SET_SEPOLICY", .handler = do_set_sepolicy, .perm_check = only_root },