KernelSU v3.2.4+

Changes on top of upstream (+89):
	manager: keep api 29 support
	manager: QOL
	manager: restore api 26 support
	manager: fix search bar focus bug on Android 8
	manager: Adjust for Android v7.1 support (#31)
	manager: fixup updates
	workflows: debloat
	dummy.keystore
	ksud: add armeabi-v7a support
	workflows: scripts: workaround armv7/a triple mismatch
	kernel:
	kernel: prepare for legacy support
	kernel: uapi: fix portability
	kernel: build: migrate to unity build
	kernel: init lsm_hook infrastructure
	kernel: lsm_hook: introduce selinux_ops LSM tampering for < 4.2
	kernel: lsm_hook: introduce ARM64 branch patching for 6.8+
	kernel: pkg_observer: initialize for downstream
	kernel: setuid_hook: disable seccomp for manager and allowed uids
	kernel: app_profile: adapt disable_seccomp to legacy
	kernel: selinux/sepolicy: handle selinux policydb backports
	kernel: selinux/sepolicy: abstract avtab slot access for compat
	kernel: selinux/rules: backport handle_sepolicy to legacy policydb
	kernel: selinux/rules: Pin task to current CPU to avoid cross-CPU rwlock release
	kernel: supercall: provide sys_reboot handler
	kernel: supercalls: tweak sys_reboot fd install
	kernel: adapt "namespace support" feature to old kernels
	kernel: allowlist: always allow shell for su on CONFIG_KSU_DEBUG
	kernel: file_wrapper: handle anon_inode_getfile for old kernels
	kernel: supercalls: partial backport of do_manage_mark
	kernel: compat: screw path_umount backport, call sys_umount directly
	kernel: app_profile: shim escape_with_root_profile
	kernel: throne_tracker: fixup deadlocks on iterate_dir
	kernel: throne_tracker: offload to kthread (tiann#2632)
	kernel: allowlist: escape allowlist handling to kthread
	kernel: ksud/lsm_hook: migrate ksu_install_rc_hook to security_file_permission LSM
	kernel: ksud: handle newfstat rc size injection
	kernel: ksud: wire up jump_label on vfs_read controlled hooks
	kernel: ksud: read: add fallback to /init.rc
	kernel: ksud: read: move second stage apply on read hook
	kernel: ksud: read: grab init_session_keyring on read hook
	kernel: ksud: replace input hook with an input handler
	kernel: sucompat: squash reworked sucompat changes
	kernel: lsm_hook: bprm: escape init ksud call to root for 3.x
	kernel: lsm_hook: bprm: escape init ksud call to root for < 4.14
	kernel: ksud: spit a kthread as unhook watchdog
	kernel: file_wrapper: handle more compat
	kernel: file_wrapper: handle readdir and iterate compat for UL
	kernel: syscall_table_hook: introduce syscall table tampering
	kernel: syscall_table_hook: wire up sucompat unhooking
	kernel: sucompat: wire up jump label for sucompat unhooking
	kernel: kp_ksud: restore kprobes for early-boot and used-once hooks
	kernel: branch_link_hook: introduce arm64 branch link callsite hijacking
	kernel: feature: sulog: adjust for downstream
	kernel: feature: adbroot: adjust for downstream
	kernel: feature: wire up a smaller selinux_hide implementation
	kernel: lsm_hook: wire up setprocattr lsm hack for selinux_hide
	kernel: supercalls: expose ksu_set_manager_appid to sys_reboot
	kernel: supercalls: allow userspace to pull list entries (tiann#3040)
	kernel: tiny_sulog: basic ringbuffer, timestamped su log
	kernel: supercalls: expose ksuver override
	kernel: supercalls: expose spoof uname function to userspace
	kernel: supercalls: expose ksuflags override
	kernel: apk_sign: casting to char for strcmp -> memcmp
	kernel: apk_sign: migrate generic_file_llseek -> vfs_llseek
	kernel: throne_tracker: resolve s_magic for < 3.9
	kernel: ksud: handle conditional read_iter requirement for < 3.16
	kernel: throne_tracker: handle filldir_t ABI mismatch on <= 3.18
	kernel: sucompat: bruteforce writeable stack from start_stack for < 3.8
	kernel: compat: no ext4_unregister_sysfs, no problem
	kernel: compat: provide good-enough strscpy replacement
	kernel: compat: d_is_reg to S_ISREG
	kernel: compat: handle alloc_uid for < 3.5
	kernel: compat: iterate_dir -> vfs_readdir compat for < 3.11
	kernel: compat: provide bin2hex compat for < 3.18
	kernel: compat: file_inode compat for < 3.9
	kernel: compat: provide selinux_inode/selinux_cred wrappers for < 5.1
	kernel: compat: no-op groups_sort if unavailable
	kernel: compat: define U16_MAX if absent
	kernel: compat: fix sulog/adbroot compile for legacy
	kernel: compat: inline newer kernel_read / kernel_write for < 4.14
	kernel: apk_sign, throne_tracker: heap-ify search_manager/check_block
	kernel: compat: handle UL compat for refactored allowlist
	kernel: apk_sign: fix return check for ksu_sha256
	kernel: apk_sign: add more size/hash pairs
	kernel: ksu: printout quirks / backports / etc on init
	HACK: kernel: bypass tf out of uid_t/gid_t strict type checks
	kernel: build: sucompat: hide / inline hook fns on syscall table hook
	KernelSU v3.2.4+

Warning: Managers built from this repo has a known keystore.
See dummy.keystore.

Signed-off-by: backslashxx <118538522+backslashxx@users.noreply.github.com>

Author: backslashxx

kernel/INTERNAL.md

@@ -0,0 +1,91 @@
+# Quirks / Adaptations
+
+## hooking
+- prefer syscalls and LSM always
+- syscall table hooking is implemented but only for !CFI
+- on legacy theres no kprobes/kretprobes and syscall tracepoint guarantees
+- theres no guarantee for kallsyms even!
+- lots have random backports left and right, theres no abi stability guarantee at all!
+- theres partial kp/rp support on boot-time hooks
+
+## sucompat
+- tweaked for downstream
+- last word first, per word compare, this is faster
+- sucompat gate is tweaked too
+
+## task_fix_setuid LSM
+- upstream was on this before
+- for seccomp disabling and umount feature
+#### we don't have seccomp filter caching
+- we just disable seccomp on setuid LSM
+- we also reuse this seccomp status as sucompat gate
+- we do this regardless of kernel version
+
+## pkg_observer is on inode_rename LSM
+- upstream was on this before
+- this is faster, we filter uid
+- we dont watch a full folder for shit
+#### throne_tracker
+- first run is synchronous by default due to FDE/FBEv1 (some)
+- kthreaded on successive runs
+- lock contention/double locking and race conditions are handled
+
+## security_file_permission LSM
+- we use this to avoid hooking sys_read for manual hooks
+- after all we just need file pointer
+- however if theres syscall table hook or kprobes_ksud, we hook it on there instead
+- we also use this for "second stage apply" instead of execve_ksud
+- we also grab init_session_keyring here
+
+## security_bprm_check LSM
+- think of this as "after sys_execve"
+- lockless argv pullouts for sulog
+- might be used for something later
+
+## safe mode
+- the implementation accepts 3x VOLUME_UP or 3x VOLUNE_DOWN to trigger safemode
+- we have a dedicated input handler for this
+- this will be disabled once ksud runs on_post_fs_data / ksu_is_safe_mode
+- if theres no ksud to call it, it will disable itself 30s after init.rc load
+- this should be enough allowance time from init.rc to post-fs-data
+
+## build system
+- unity build, single unit
+- causes heavy inlining (high stack overflow risk)
+- ensure inlining control (inline, noinline attributes)
+- stack safety is disabled
+- redefines str/mem fn's to builtins if !FORTIFY_SOURCE
+
+## compat handling
+- always redefine/override if possible
+- avoid heavy metaprogramming on macros
+- if easy, backport newer kernel fn/macro's as is, then redefine.
+- if hard, mimic what it does then redefine. as long as it works it is good enough.
+- lots of casting hacks / type punning / void* / void** abuse are used
+- kernel_compat.h for small functions
+- kernel_compat.c for big functions marked __weak and tagged with extern on callee site
+
+## kthreads
+- theres a lot of these on the codebase even for mundane tasks
+- fearless concurrency
+
+## hacks
+#### sleeping on spinlocks
+- on apply_kernelsu_rules and handle_sepolicy
+- pin task to x cpu, hold rwlock, enable preempt, jack priority, apply rules, do the reverse.
+#### pointers
+- this is C, theres tons of pointer hacks around.
+- im not pinpointing everything
+#### little endian hacks
+- unused MSB reuse for tiny_sulog
+- long to int dereferences
+#### envp pullouts for adb root
+- on execveat (kernel) hook, we pull this on envp since
+- struct user_arg_ptr envp = { .ptr.native = __envp };
+- __envp is const char __user *const __user * envp
+- so this becomes void * const char __user *const __user * envp
+- this is also used on the execve hook
+#### toolkit's uname hax
+- since we pass arg as reference of arg on sys_reboot
+- this is actually void * const char __user * const char __user *
+

kernel/Makefile

@@ -11,8 +11,8 @@ MDIR := $(realpath $(dir $(abspath $(lastword $(MAKEFILE_LIST)))))
 $(info -- KDIR: $(KDIR))
 $(info -- MDIR: $(MDIR))
 
-# MINIMAL_SUPPORTED_KERNEL
-CFLAGS_ksu.o += -DKSU_VERSION=32377
+# compliant to last upstream kernel change as of 33dcf82
+CFLAGS_ksu.o += -DKSU_VERSION=32505
 
 ifndef KSU_EXPECTED_SIZE
 KSU_EXPECTED_SIZE := 0x033b

manager/build.gradle.kts

@@ -27,7 +27,7 @@ fun getGitDescribe(): String {
 
 fun getVersionCode(): Int {
     val commitCount = getGitCommitCount()
-    return 30000 + commitCount
+    return 30000 + commitCount - 89
 }
 
 fun getVersionName(): String {

userspace/ksud/build.rs

@@ -15,7 +15,7 @@ fn get_git_version() -> Result<(u32, String), std::io::Error> {
         .trim()
         .parse()
         .map_err(|_| std::io::Error::other("Failed to parse git count"))?;
-    let version_code = 30000 + version_code;
+    let version_code = 30000 + version_code - 89;
 
     let version_name = String::from_utf8(
         Command::new("git")