kernel, ksud, manager: Remove enhanced security feature #3123
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This feature does not work with tracepoint hook because setresuid is not even hooked for apps not in allowlist. It was invented when we still use task_fix_setuid LSM hook, but since it is inlined in oplus kernel and we switched to tracepoint hook, we don't have a reliable way to implement this feature without introducing side channels. Remove it and avoid confuse users.
Contributor
There was a problem hiding this comment.
Pull request overview
This PR removes the enhanced_security feature from KernelSU due to its incompatibility with the current tracepoint hook implementation. The feature was designed for the old LSM hook-based approach but cannot be reliably implemented with tracepoint hooks without introducing security side channels, particularly because setresuid is not hooked for apps outside the allowlist.
- Removes the
EnhancedSecurityfeature enum and all related code from kernel, userspace daemon, and manager app - Removes UI controls and localized strings for the enhanced security toggle across all supported languages
- Updates documentation to remove references to
enhanced_securityfrom the list of supported module features
Reviewed changes
Copilot reviewed 31 out of 31 changed files in this pull request and generated no comments.
Show a summary per file
| File | Description |
|---|---|
kernel/feature.h |
Removes KSU_FEATURE_ENHANCED_SECURITY enum value |
kernel/setuid_hook.c |
Removes enhanced security handler registration, security checks, and related static variables |
userspace/ksud/src/feature.rs |
Removes EnhancedSecurity variant from FeatureId enum and related match arms |
manager/app/src/main/cpp/ksu.h |
Removes KSU_FEATURE_ENHANCED_SECURITY enum definition |
manager/app/src/main/cpp/ksu.cc |
Removes set_enhanced_security_enabled() and is_enhanced_security_enabled() functions |
manager/app/src/main/cpp/jni.cc |
Removes JNI bindings for enhanced security native methods |
manager/app/src/main/java/me/weishu/kernelsu/Natives.kt |
Removes enhanced security native method declarations |
manager/app/src/main/java/me/weishu/kernelsu/ui/screen/Settings.kt |
Removes enhanced security UI dropdown control and state management |
manager/app/src/main/res/values*/strings.xml |
Removes settings_enable_enhanced_security strings from 18 language resource files |
website/docs/*/guide/module-config.md |
Removes enhanced_security from supported features list in 8 localized documentation files |
💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.
rsuntk
pushed a commit
to rsuntk/KernelSU
that referenced
this pull request
Dec 31, 2025
This feature does not work with tracepoint hook because setresuid is not even hooked for apps not in allowlist. It was invented when we still use task_fix_setuid LSM hook, but since it is inlined in oplus kernel and we switched to tracepoint hook, we don't have a reliable way to implement this feature without introducing side channels. Remove it and avoid confuse users. Signed-off-by: rsuntk <[email protected]>
pershoot
pushed a commit
to pershoot/KernelSU-Next
that referenced
this pull request
Dec 31, 2025
…SU#3123) This feature does not work with tracepoint hook because setresuid is not even hooked for apps not in allowlist. It was invented when we still use task_fix_setuid LSM hook, but since it is inlined in oplus kernel and we switched to tracepoint hook, we don't have a reliable way to implement this feature without introducing side channels. Remove it and avoid confuse users.
rifsxd
pushed a commit
to KernelSU-Next/KernelSU-Next
that referenced
this pull request
Jan 1, 2026
kernel, ksud, manager: Remove enhanced security feature (tiann/KernelSU#3123)
SaleOff
pushed a commit
to SaleOff/KernelSU-Next
that referenced
this pull request
Jan 4, 2026
kernel, ksud, manager: Remove enhanced security feature (tiann/KernelSU#3123)
Sorayukii
pushed a commit
to Sorayukii/KernelSU-Next
that referenced
this pull request
Jan 4, 2026
kernel, ksud, manager: Remove enhanced security feature (tiann/KernelSU#3123)
Sorayukii
pushed a commit
to Sorayukii/KernelSU-Next
that referenced
this pull request
Jan 4, 2026
kernel, ksud, manager: Remove enhanced security feature (tiann/KernelSU#3123)
Sorayukii
pushed a commit
to Sorayukii/KernelSU-Next
that referenced
this pull request
Jan 4, 2026
kernel, ksud, manager: Remove enhanced security feature (tiann/KernelSU#3123)
rifsxd
pushed a commit
to KernelSU-Next/KernelSU-Next
that referenced
this pull request
Jan 4, 2026
….7 (#1047) * KSU-Next: Debloat Signed-off-by: Sorayukii <[email protected]> * kernel: fix Wcalloc-transposed-args (tiann/KernelSU#3121) * Merge pull request #1035 from pershoot/dev1 kernel, ksud, manager: Remove enhanced security feature (tiann/KernelSU#3123) * kernel: extras: avc log spoofing * kernel: extras: base implementation of avc log spoofing * kernel: extras: properly version out slow_avc_audit_pre_handler * kernel: extras: add avc spoof to feature this is a rebase of: KOWX712/KernelSU@4b6f76d * kernel/extra: replace sensitive context with priv_app ref: aviraxp/ZN-AuditPatch@a0a46bd Co-Authored-By: backslashxx <[email protected]> Co-Authored-By: Wang Han <[email protected]> Signed-off-by: Sorayukii <[email protected]> * kernel: ksud: migrate init.rc handling to security_file_permission LSM devlog backslashxx/KernelSU@5ba658b...8a6ae25 backslashxx/KernelSU@b7df5d1...754bbd5 Signed-off-by: backslashxx <[email protected]> Signed-off-by: Sorayukii <[email protected]> * kernel: Try to fix CONFIG_KSU_ALLOWLIST_WORKAROUND ../drivers/kernelsu/lsm_hooks.c:145:32: error: use of undeclared identifier 'ksu_key_permission'; did you mean 'ksu_inode_permission'? 145 | LSM_HOOK_INIT(key_permission, ksu_key_permission), | ^~~~~~~~~~~~~~~~~~ | ksu_inode_permission ../include/linux/lsm_hooks.h:2060:57: note: expanded from macro 'LSM_HOOK_INIT' 2060 | { .head = &security_hook_heads.HEAD, .hook = { .HEAD = HOOK } } | ^~~~ ../drivers/kernelsu/lsm_hooks.c:107:5: note: 'ksu_inode_permission' declared here 107 | int ksu_inode_permission(struct inode inode, int mask) | ^ ../drivers/kernelsu/lsm_hooks.c:145:32: error: incompatible function pointer types initializing 'int ()(key_ref_t, const struct cred , unsigned int)' (aka 'int ()(struct __key_reference_with_attributes *, const struct cred *, unsigned int)') with an expression of type 'int (struct inode *, int)' [-Wincompatible-function-pointer-types] 145 | LSM_HOOK_INIT(key_permission, ksu_key_permission), | ^~~~~~~~~~~~~~~~~~ 2 errors generated. Signed-off-by: Sorayukii <[email protected]> --------- Signed-off-by: Sorayukii <[email protected]> Signed-off-by: backslashxx <[email protected]> Co-authored-by: libingxuan <[email protected]> Co-authored-by: pershoot <[email protected]> Co-authored-by: KOWX712 <[email protected]> Co-authored-by: backslashxx <[email protected]> Co-authored-by: Wang Han <[email protected]>
ikwfahmi
pushed a commit
to ikwfahmi/KernelSU-Next
that referenced
this pull request
Jan 4, 2026
….7 (KernelSU-Next#1047) * KSU-Next: Debloat Signed-off-by: Sorayukii <[email protected]> * kernel: fix Wcalloc-transposed-args (tiann/KernelSU#3121) * Merge pull request KernelSU-Next#1035 from pershoot/dev1 kernel, ksud, manager: Remove enhanced security feature (tiann/KernelSU#3123) * kernel: extras: avc log spoofing * kernel: extras: base implementation of avc log spoofing * kernel: extras: properly version out slow_avc_audit_pre_handler * kernel: extras: add avc spoof to feature this is a rebase of: KOWX712/KernelSU@4b6f76d * kernel/extra: replace sensitive context with priv_app ref: aviraxp/ZN-AuditPatch@a0a46bd Co-Authored-By: backslashxx <[email protected]> Co-Authored-By: Wang Han <[email protected]> Signed-off-by: Sorayukii <[email protected]> * kernel: ksud: migrate init.rc handling to security_file_permission LSM devlog backslashxx/KernelSU@5ba658b...8a6ae25 backslashxx/KernelSU@b7df5d1...754bbd5 Signed-off-by: backslashxx <[email protected]> Signed-off-by: Sorayukii <[email protected]> * kernel: Try to fix CONFIG_KSU_ALLOWLIST_WORKAROUND ../drivers/kernelsu/lsm_hooks.c:145:32: error: use of undeclared identifier 'ksu_key_permission'; did you mean 'ksu_inode_permission'? 145 | LSM_HOOK_INIT(key_permission, ksu_key_permission), | ^~~~~~~~~~~~~~~~~~ | ksu_inode_permission ../include/linux/lsm_hooks.h:2060:57: note: expanded from macro 'LSM_HOOK_INIT' 2060 | { .head = &security_hook_heads.HEAD, .hook = { .HEAD = HOOK } } | ^~~~ ../drivers/kernelsu/lsm_hooks.c:107:5: note: 'ksu_inode_permission' declared here 107 | int ksu_inode_permission(struct inode inode, int mask) | ^ ../drivers/kernelsu/lsm_hooks.c:145:32: error: incompatible function pointer types initializing 'int ()(key_ref_t, const struct cred , unsigned int)' (aka 'int ()(struct __key_reference_with_attributes *, const struct cred *, unsigned int)') with an expression of type 'int (struct inode *, int)' [-Wincompatible-function-pointer-types] 145 | LSM_HOOK_INIT(key_permission, ksu_key_permission), | ^~~~~~~~~~~~~~~~~~ 2 errors generated. Signed-off-by: Sorayukii <[email protected]> --------- Signed-off-by: Sorayukii <[email protected]> Signed-off-by: backslashxx <[email protected]> Co-authored-by: libingxuan <[email protected]> Co-authored-by: pershoot <[email protected]> Co-authored-by: KOWX712 <[email protected]> Co-authored-by: backslashxx <[email protected]> Co-authored-by: Wang Han <[email protected]>
u9521
added a commit
to u9521/KernelSU
that referenced
this pull request
Jan 5, 2026
This feature does not work with tracepoint hook because setresuid is not even hooked for apps not in allowlist. It was invented when we still use task_fix_setuid LSM hook, but since it is inlined in oplus kernel and we switched to tracepoint hook, we don't have a reliable way to implement this feature without introducing side channels. Remove it and avoid confuse users. Co-authored-by: Wang Han <[email protected]> Signed-off-by: u9521 <[email protected]>
u9521
added a commit
to u9521/KernelSU
that referenced
this pull request
Jan 5, 2026
This feature does not work with tracepoint hook because setresuid is not even hooked for apps not in allowlist. It was invented when we still use task_fix_setuid LSM hook, but since it is inlined in oplus kernel and we switched to tracepoint hook, we don't have a reliable way to implement this feature without introducing side channels. Remove it and avoid confuse users. Co-authored-by: Wang Han <[email protected]> Signed-off-by: u9521 <[email protected]>
slipzryzens
pushed a commit
to slipzryzens/KernelSU-Next
that referenced
this pull request
Jan 6, 2026
….7 (KernelSU-Next#1047) * KSU-Next: Debloat Signed-off-by: Sorayukii <[email protected]> * kernel: fix Wcalloc-transposed-args (tiann/KernelSU#3121) * Merge pull request KernelSU-Next#1035 from pershoot/dev1 kernel, ksud, manager: Remove enhanced security feature (tiann/KernelSU#3123) * kernel: extras: avc log spoofing * kernel: extras: base implementation of avc log spoofing * kernel: extras: properly version out slow_avc_audit_pre_handler * kernel: extras: add avc spoof to feature this is a rebase of: KOWX712/KernelSU@4b6f76d * kernel/extra: replace sensitive context with priv_app ref: aviraxp/ZN-AuditPatch@a0a46bd Co-Authored-By: backslashxx <[email protected]> Co-Authored-By: Wang Han <[email protected]> Signed-off-by: Sorayukii <[email protected]> * kernel: ksud: migrate init.rc handling to security_file_permission LSM devlog backslashxx/KernelSU@5ba658b...8a6ae25 backslashxx/KernelSU@b7df5d1...754bbd5 Signed-off-by: backslashxx <[email protected]> Signed-off-by: Sorayukii <[email protected]> * kernel: Try to fix CONFIG_KSU_ALLOWLIST_WORKAROUND ../drivers/kernelsu/lsm_hooks.c:145:32: error: use of undeclared identifier 'ksu_key_permission'; did you mean 'ksu_inode_permission'? 145 | LSM_HOOK_INIT(key_permission, ksu_key_permission), | ^~~~~~~~~~~~~~~~~~ | ksu_inode_permission ../include/linux/lsm_hooks.h:2060:57: note: expanded from macro 'LSM_HOOK_INIT' 2060 | { .head = &security_hook_heads.HEAD, .hook = { .HEAD = HOOK } } | ^~~~ ../drivers/kernelsu/lsm_hooks.c:107:5: note: 'ksu_inode_permission' declared here 107 | int ksu_inode_permission(struct inode inode, int mask) | ^ ../drivers/kernelsu/lsm_hooks.c:145:32: error: incompatible function pointer types initializing 'int ()(key_ref_t, const struct cred , unsigned int)' (aka 'int ()(struct __key_reference_with_attributes *, const struct cred *, unsigned int)') with an expression of type 'int (struct inode *, int)' [-Wincompatible-function-pointer-types] 145 | LSM_HOOK_INIT(key_permission, ksu_key_permission), | ^~~~~~~~~~~~~~~~~~ 2 errors generated. Signed-off-by: Sorayukii <[email protected]> --------- Signed-off-by: Sorayukii <[email protected]> Signed-off-by: backslashxx <[email protected]> Co-authored-by: libingxuan <[email protected]> Co-authored-by: pershoot <[email protected]> Co-authored-by: KOWX712 <[email protected]> Co-authored-by: backslashxx <[email protected]> Co-authored-by: Wang Han <[email protected]>
u9521
added a commit
to u9521/KernelSU
that referenced
this pull request
Jan 8, 2026
This feature does not work with tracepoint hook because setresuid is not even hooked for apps not in allowlist. It was invented when we still use task_fix_setuid LSM hook, but since it is inlined in oplus kernel and we switched to tracepoint hook, we don't have a reliable way to implement this feature without introducing side channels. Remove it and avoid confuse users. Co-authored-by: Wang Han <[email protected]> Signed-off-by: u9521 <[email protected]>
u9521
added a commit
to u9521/KernelSU
that referenced
this pull request
Jan 13, 2026
This feature does not work with tracepoint hook because setresuid is not even hooked for apps not in allowlist. It was invented when we still use task_fix_setuid LSM hook, but since it is inlined in oplus kernel and we switched to tracepoint hook, we don't have a reliable way to implement this feature without introducing side channels. Remove it and avoid confuse users. Co-authored-by: Wang Han <[email protected]> Signed-off-by: u9521 <[email protected]>
Olzhas-Kdyr
pushed a commit
to Olzhas-Kdyr/KernelSU-Next
that referenced
this pull request
Jan 13, 2026
….7 (KernelSU-Next#1047) * KSU-Next: Debloat Signed-off-by: Sorayukii <[email protected]> * kernel: fix Wcalloc-transposed-args (tiann/KernelSU#3121) * Merge pull request KernelSU-Next#1035 from pershoot/dev1 kernel, ksud, manager: Remove enhanced security feature (tiann/KernelSU#3123) * kernel: extras: avc log spoofing * kernel: extras: base implementation of avc log spoofing * kernel: extras: properly version out slow_avc_audit_pre_handler * kernel: extras: add avc spoof to feature this is a rebase of: KOWX712/KernelSU@4b6f76d * kernel/extra: replace sensitive context with priv_app ref: aviraxp/ZN-AuditPatch@a0a46bd Co-Authored-By: backslashxx <[email protected]> Co-Authored-By: Wang Han <[email protected]> Signed-off-by: Sorayukii <[email protected]> * kernel: ksud: migrate init.rc handling to security_file_permission LSM devlog backslashxx/KernelSU@5ba658b...8a6ae25 backslashxx/KernelSU@b7df5d1...754bbd5 Signed-off-by: backslashxx <[email protected]> Signed-off-by: Sorayukii <[email protected]> * kernel: Try to fix CONFIG_KSU_ALLOWLIST_WORKAROUND ../drivers/kernelsu/lsm_hooks.c:145:32: error: use of undeclared identifier 'ksu_key_permission'; did you mean 'ksu_inode_permission'? 145 | LSM_HOOK_INIT(key_permission, ksu_key_permission), | ^~~~~~~~~~~~~~~~~~ | ksu_inode_permission ../include/linux/lsm_hooks.h:2060:57: note: expanded from macro 'LSM_HOOK_INIT' 2060 | { .head = &security_hook_heads.HEAD, .hook = { .HEAD = HOOK } } | ^~~~ ../drivers/kernelsu/lsm_hooks.c:107:5: note: 'ksu_inode_permission' declared here 107 | int ksu_inode_permission(struct inode inode, int mask) | ^ ../drivers/kernelsu/lsm_hooks.c:145:32: error: incompatible function pointer types initializing 'int ()(key_ref_t, const struct cred , unsigned int)' (aka 'int ()(struct __key_reference_with_attributes *, const struct cred *, unsigned int)') with an expression of type 'int (struct inode *, int)' [-Wincompatible-function-pointer-types] 145 | LSM_HOOK_INIT(key_permission, ksu_key_permission), | ^~~~~~~~~~~~~~~~~~ 2 errors generated. Signed-off-by: Sorayukii <[email protected]> --------- Signed-off-by: Sorayukii <[email protected]> Signed-off-by: backslashxx <[email protected]> Co-authored-by: libingxuan <[email protected]> Co-authored-by: pershoot <[email protected]> Co-authored-by: KOWX712 <[email protected]> Co-authored-by: backslashxx <[email protected]> Co-authored-by: Wang Han <[email protected]>
Olzhas-Kdyr
pushed a commit
to Olzhas-Kdyr/KernelSU-Next
that referenced
this pull request
Jan 13, 2026
….7 (KernelSU-Next#1047) * KSU-Next: Debloat Signed-off-by: Sorayukii <[email protected]> * kernel: fix Wcalloc-transposed-args (tiann/KernelSU#3121) * Merge pull request KernelSU-Next#1035 from pershoot/dev1 kernel, ksud, manager: Remove enhanced security feature (tiann/KernelSU#3123) * kernel: extras: avc log spoofing * kernel: extras: base implementation of avc log spoofing * kernel: extras: properly version out slow_avc_audit_pre_handler * kernel: extras: add avc spoof to feature this is a rebase of: KOWX712/KernelSU@4b6f76d * kernel/extra: replace sensitive context with priv_app ref: aviraxp/ZN-AuditPatch@a0a46bd Co-Authored-By: backslashxx <[email protected]> Co-Authored-By: Wang Han <[email protected]> Signed-off-by: Sorayukii <[email protected]> * kernel: ksud: migrate init.rc handling to security_file_permission LSM devlog backslashxx/KernelSU@5ba658b...8a6ae25 backslashxx/KernelSU@b7df5d1...754bbd5 Signed-off-by: backslashxx <[email protected]> Signed-off-by: Sorayukii <[email protected]> * kernel: Try to fix CONFIG_KSU_ALLOWLIST_WORKAROUND ../drivers/kernelsu/lsm_hooks.c:145:32: error: use of undeclared identifier 'ksu_key_permission'; did you mean 'ksu_inode_permission'? 145 | LSM_HOOK_INIT(key_permission, ksu_key_permission), | ^~~~~~~~~~~~~~~~~~ | ksu_inode_permission ../include/linux/lsm_hooks.h:2060:57: note: expanded from macro 'LSM_HOOK_INIT' 2060 | { .head = &security_hook_heads.HEAD, .hook = { .HEAD = HOOK } } | ^~~~ ../drivers/kernelsu/lsm_hooks.c:107:5: note: 'ksu_inode_permission' declared here 107 | int ksu_inode_permission(struct inode inode, int mask) | ^ ../drivers/kernelsu/lsm_hooks.c:145:32: error: incompatible function pointer types initializing 'int ()(key_ref_t, const struct cred , unsigned int)' (aka 'int ()(struct __key_reference_with_attributes *, const struct cred *, unsigned int)') with an expression of type 'int (struct inode *, int)' [-Wincompatible-function-pointer-types] 145 | LSM_HOOK_INIT(key_permission, ksu_key_permission), | ^~~~~~~~~~~~~~~~~~ 2 errors generated. Signed-off-by: Sorayukii <[email protected]> --------- Signed-off-by: Sorayukii <[email protected]> Signed-off-by: backslashxx <[email protected]> Co-authored-by: libingxuan <[email protected]> Co-authored-by: pershoot <[email protected]> Co-authored-by: KOWX712 <[email protected]> Co-authored-by: backslashxx <[email protected]> Co-authored-by: Wang Han <[email protected]>
u9521
added a commit
to u9521/KernelSU
that referenced
this pull request
Jan 13, 2026
This feature does not work with tracepoint hook because setresuid is not even hooked for apps not in allowlist. It was invented when we still use task_fix_setuid LSM hook, but since it is inlined in oplus kernel and we switched to tracepoint hook, we don't have a reliable way to implement this feature without introducing side channels. Remove it and avoid confuse users. Co-authored-by: Wang Han <[email protected]> Signed-off-by: u9521 <[email protected]>
u9521
added a commit
to u9521/KernelSU
that referenced
this pull request
Jan 13, 2026
This feature does not work with tracepoint hook because setresuid is not even hooked for apps not in allowlist. It was invented when we still use task_fix_setuid LSM hook, but since it is inlined in oplus kernel and we switched to tracepoint hook, we don't have a reliable way to implement this feature without introducing side channels. Remove it and avoid confuse users. Co-authored-by: Wang Han <[email protected]> Signed-off-by: u9521 <[email protected]>
u9521
added a commit
to u9521/KernelSU
that referenced
this pull request
Jan 14, 2026
This feature does not work with tracepoint hook because setresuid is not even hooked for apps not in allowlist. It was invented when we still use task_fix_setuid LSM hook, but since it is inlined in oplus kernel and we switched to tracepoint hook, we don't have a reliable way to implement this feature without introducing side channels. Remove it and avoid confuse users. Co-authored-by: Wang Han <[email protected]> Signed-off-by: u9521 <[email protected]>
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
This feature does not work with tracepoint hook because setresuid is not even hooked for apps not in allowlist. It was invented when we still use task_fix_setuid LSM hook, but since it is inlined in oplus kernel and we switched to tracepoint hook, we don't have a reliable way to implement this feature without introducing side channels. Remove it and avoid confuse users.