1

backslashxx · backslashxx · commit 9f4aa7302ddc · 2026-04-16T11:32:36.000+08:00
for: tiann#3378
diff --git a/kernel/hook/core_hook.c b/kernel/hook/core_hook.c
@@ -62,13 +62,11 @@ LSM_HANDLER_TYPE ksu_handle_setuid(struct cred *new, const struct cred *old)
 		disable_seccomp();
 		pr_info("install fd for: %d\n", new_uid);
 		ksu_install_fd();
-		set_thread_flag(TIF_KSU_MANAGED);
 		return 0;
 	}
 
 	if (unlikely(ksu_is_allow_uid_for_current(new_uid))) {
 		disable_seccomp();
-		set_thread_flag(TIF_KSU_MANAGED);
 		return 0;
 	}
 
@@ -105,6 +103,19 @@ LSM_HANDLER_TYPE ksu_file_permission(struct file *file, int mask)
 	return 0;
 }
 
+LSM_HANDLER_TYPE ksu_task_alloc(struct task_struct *p, unsigned long clone_flags)
+{
+	struct mount_entry *entry;
+	kuid_t child_uid = p->cred->uid; // new uid beuing prepped
+
+	if (unlikely(ksu_is_allow_uid_for_current(child_uid.val))) {
+		pr_info("task_alloc: uid: %d pid: %d\n", child_uid.val, p->pid);
+		set_ti_thread_flag(task_thread_info(p), TIF_KSU_MANAGED);
+	}
+
+	return 0;
+}
+
 #ifdef CONFIG_KSU_LSM_SECURITY_HOOKS
 static int ksu_inode_rename(struct inode *old_inode, struct dentry *old_dentry,
 			    struct inode *new_inode, struct dentry *new_dentry)
@@ -123,6 +134,8 @@ static struct security_hook_list ksu_hooks[] = {
 	LSM_HOOK_INIT(inode_rename, ksu_inode_rename),
 	LSM_HOOK_INIT(task_fix_setuid, ksu_task_fix_setuid),
 	LSM_HOOK_INIT(bprm_check_security, ksu_bprm_check),
+	LSM_HOOK_INIT(task_alloc, ksu_task_alloc),
+
 #if !defined(CONFIG_KSU_TAMPER_SYSCALL_TABLE) && !defined(CONFIG_KSU_KPROBES_KSUD)
 	LSM_HOOK_INIT(file_permission, ksu_file_permission),
 #endif
