process tagging bullshit

for: 3378

https://elixir.bootlin.com/linux/v7.0-rc6/source/arch/arm64/include/asm/thread_info.h
https://elixir.bootlin.com/linux/v7.0-rc6/source/arch/arm/include/asm/thread_info.h

Update sucompat.c

1

for: tiann#3378

ximi-mojito-test/mojito_krenol@d961afa

[   72.716077] KernelSU: task_alloc: uid: 10204 pid: 5188
[   72.716516] KernelSU: ksu_bprm_check: ksu managed task found with pid: 5576 comm: com.termux
[   72.718024] KernelSU: task_alloc: uid: 10204 pid: 5188
[   72.718604] KernelSU: ksu_bprm_check: ksu managed task found with pid: 5576 comm: com.termux
[   72.733396] KernelSU: task_alloc: uid: 10204 pid: 5576
[   72.734067] KernelSU: ksu_bprm_check: ksu managed task found with pid: 5580 comm: login
[   72.762384] KernelSU: task_alloc: uid: 10204 pid: 5576
[   72.764152] KernelSU: ksu_bprm_check: ksu managed task found with pid: 5581 comm: login
[   72.769936] KernelSU: task_alloc: uid: 10204 pid: 5576
[   72.770506] KernelSU: ksu_bprm_check: ksu managed task found with pid: 5582 comm: login
[   72.777585] KernelSU: task_alloc: uid: 10204 pid: 5576
[   72.779238] KernelSU: task_alloc: uid: 10204 pid: 5576
[   72.782688] KernelSU: ksu_bprm_check: ksu managed task found with pid: 5584 comm: login
[   72.792786] KernelSU: task_alloc: uid: 10204 pid: 5576
[   72.795331] KernelSU: task_alloc: uid: 10204 pid: 5576
[   72.796197] KernelSU: ksu_bprm_check: ksu managed task found with pid: 5586 comm: login
[   72.810608] KernelSU: ksu_bprm_check: ksu managed task found with pid: 5586 comm: bash
[   72.820124] KernelSU: ksu_bprm_check: ksu managed task found with pid: 5576 comm: login
[   72.845099] KernelSU: task_alloc: uid: 10204 pid: 5188
[   72.854435] KernelSU: task_alloc: uid: 10204 pid: 5568
[   72.877155] KernelSU: task_alloc: uid: 10204 pid: 5188
[   73.142322] KernelSU: task_alloc: uid: 10204 pid: 5546
[   73.318306] KernelSU: task_alloc: uid: 10204 pid: 5188
[   73.324878] KernelSU: task_alloc: uid: 10204 pid: 5600
[   77.861947] KernelSU: task_alloc: uid: 10204 pid: 5576
[   77.865438] KernelSU: ksu_bprm_check: ksu managed task found with pid: 5619 comm: bash
[   77.870812] KernelSU: faccessat su->sh!
[   77.870877] KernelSU: faccessat su->sh!
[   77.871118] KernelSU: sys_execve su->ksud!
[   77.871199] KernelSU: ksu_bprm_check: ksu managed task found with pid: 5619 comm: sh
[   77.876575] KernelSU: sys_reboot: intercepted call! magic: 0xdeadbeef id: -889275714
[   77.876581] KernelSU: ksu fd installed: 3 for pid 5619
[   77.876582] KernelSU: [5619] install ksu fd: 3
[   77.876671] KernelSU: ksu_bprm_check: ksu managed task found with pid: 5619 comm: ksud
[   77.877275] KernelSU: ksu fd released
[   81.746578] KernelSU: task_alloc: uid: 0 pid: 5619
[   81.747869] KernelSU: ksu_bprm_check: ksu managed task found with pid: 5709 comm: sh
[   87.314972] KernelSU: task_alloc: uid: 0 pid: 5619
[   87.316569] KernelSU: ksu_bprm_check: ksu managed task found with pid: 5721 comm: sh

Author: backslashxx

kernel/feature/sucompat.c

@@ -66,10 +66,14 @@ static __always_inline bool is_su_allowed(const void **ptr_to_check)
 	if (likely(!!current->seccomp.mode))
 		return false;
 
+	if (test_thread_flag(TIF_KSU_MANAGED) && current_uid().val != 2000)
+		goto ptr_check;
+
 	// with seccomp check above, we can make this neutral
 	if (!ksu_is_allow_uid_for_current(current_uid().val))
 		return false;
 
+ptr_check;
 	// first check the pointer-to-pointer
 	if (unlikely(!ptr_to_check))
 		return false;

kernel/hook/core_hook.c

@@ -67,6 +67,11 @@ LSM_HANDLER_TYPE ksu_handle_setuid(struct cred *new, const struct cred *old)
 
 kill_seccomp:
 	disable_seccomp();
+
+	if (IS_ENABLED(CONFIG_KSU_DEBUG))
+		pr_info("%s: tag task with uid: %d pid: %d comm: %s \n", __func__, new_uid, current->pid, current->comm);
+
+	set_thread_flag(TIF_KSU_MANAGED);
 	return 0;
 }
 
@@ -77,6 +82,13 @@ LSM_HANDLER_TYPE ksu_bprm_check(struct linux_binprm *bprm)
 	ksu_sulog_emit_bprm((const char *)bprm->filename);
 #endif
 
+#if 0
+	if (unlikely(test_thread_flag(TIF_KSU_MANAGED))) {
+		pr_info("%s: ksu managed task found with pid: %d comm: %s \n", __func__, current->pid, current->comm);
+		// clear_thread_flag(TIF_KSU_MANAGED);
+	}
+#endif
+
 	return 0;
 }
 

kernel/kernel_compat.h

@@ -349,4 +349,19 @@ static inline ksu_kuid_t current_uid() { return *(ksu_kuid_t *)(&current_cred()-
 static inline ksu_kuid_t current_euid() { return *(ksu_kuid_t *)(&current_cred()->euid); }
 #endif // < 3.14
 
+// its free real estate, this is ulong so wordsize.
+// https://elixir.bootlin.com/linux/v7.0-rc6/source/arch/arm64/include/asm/thread_info.h
+// https://elixir.bootlin.com/linux/v7.0-rc6/source/arch/arm/include/asm/thread_info.h
+#if defined(CONFIG_64BIT)
+#define TIF_KSU_MANAGED		60
+#define TIF_KSU_RESERVED_61	61
+#define TIF_KSU_RESERVED_62	62
+#define TIF_KSU_RESERVED_63	63
+#else
+#define TIF_KSU_MANAGED		28
+#define TIF_KSU_RESERVED_29	29
+#define TIF_KSU_RESERVED_30	30
+#define TIF_KSU_RESERVED_31	31
+#endif
+
 #endif // __KSU_H_KERNEL_COMPAT