kernel: sucompat: sucompat toggle support for non-kp (tiann#2506)

backslashxx · backslashxx · commit 9d2a4736a837 · 2025-05-20T07:53:12.000+08:00
This is done like how vfs_read_hook, input_hook and execve_hook is disabled. While this is not exactly the same thing, this CAN achieve the same results. The complete disabling of all KernelSU hooks. While this is likely unneeded, It keeps feature parity to non-kprobe builds. adapted from upstream: kernel: Allow to re-enable sucompat - tiann@4593ae8 Rejected: tiann#2506 Signed-off-by: backslashxx <118538522+backslashxx@users.noreply.github.com>
diff --git a/kernel/sucompat.c b/kernel/sucompat.c
@@ -25,6 +25,8 @@
 
 extern void escape_to_root();
 
+static bool ksu_sucompat_non_kp __read_mostly = true;
+
 static void __user *userspace_stack_buffer(const void *d, size_t len)
 {
 	/* To avoid having to mmap a page in userspace, just write below the stack
@@ -53,6 +55,10 @@ int ksu_handle_faccessat(int *dfd, const char __user **filename_user, int *mode,
 {
 	const char su[] = SU_PATH;
 
+	if (!ksu_sucompat_non_kp) {
+		return 0;
+	}
+	
 	if (!ksu_is_allow_uid(current_uid().val)) {
 		return 0;
 	}
@@ -74,6 +80,10 @@ int ksu_handle_stat(int *dfd, const char __user **filename_user, int *flags)
 	// const char sh[] = SH_PATH;
 	const char su[] = SU_PATH;
 
+	if (!ksu_sucompat_non_kp) {
+		return 0;
+	}
+	
 	if (!ksu_is_allow_uid(current_uid().val)) {
 		return 0;
 	}
@@ -103,6 +113,10 @@ int ksu_handle_execveat_sucompat(int *fd, struct filename **filename_ptr,
 	const char sh[] = KSUD_PATH;
 	const char su[] = SU_PATH;
 
+	if (!ksu_sucompat_non_kp){
+		return 0;
+	}
+	
 	if (unlikely(!filename_ptr))
 		return 0;
 
@@ -132,6 +146,10 @@ int ksu_handle_execve_sucompat(int *fd, const char __user **filename_user,
 	const char su[] = SU_PATH;
 	char path[sizeof(su) + 1];
 
+	if (!ksu_sucompat_non_kp){
+		return 0;
+	}
+	
 	if (unlikely(!filename_user))
 		return 0;
 
@@ -154,6 +172,10 @@ int ksu_handle_execve_sucompat(int *fd, const char __user **filename_user,
 
 int ksu_handle_devpts(struct inode *inode)
 {
+	if (!ksu_sucompat_non_kp) {
+		return 0;
+	}
+	
 	if (!current->mm) {
 		return 0;
 	}
@@ -185,8 +207,12 @@ int ksu_handle_devpts(struct inode *inode)
 // sucompat: permited process can execute 'su' to gain root access.
 void ksu_sucompat_init()
 {
+	ksu_sucompat_non_kp = true;
+	pr_info("ksu_sucompat_init: hooks enabled: execve/execveat_su, faccessat, stat, devpts\n");
 }
 
 void ksu_sucompat_exit()
 {
+	ksu_sucompat_non_kp = false;
+	pr_info("ksu_sucompat_exit: hooks disabled: execve/execveat_su, faccessat, stat, devpts\n");
 }
