Skip to content

use syscall table hook, replace some GFP_ATOMIC to GFP_KERNEL #32

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Draft
5ec1cff wants to merge 16 commits into
base: main
Choose a base branch
from
Draft

use syscall table hook, replace some GFP_ATOMIC to GFP_KERNEL #32

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
16 commits
Select commit Hold shift + click to select a range
39c3d04
actions: quote shell vars
5ec1cff Nov 1, 2024
f552ef0
actions: setup my sign key
5ec1cff Nov 2, 2024
d85c48f
actions: use var for chat id
5ec1cff Nov 23, 2024
2f6017e
actions: add more path to trigger build manager when pull request
5ec1cff Nov 6, 2025
586b244
ksubot: make MESSAGE_THREAD_ID optional
5ec1cff Nov 23, 2024
1d9cd79
ksubot: collect all commits
5ec1cff Sep 7, 2025
63a2cde
ksubot: add upstream diff
5ec1cff Nov 6, 2025
3035928
add switch to init pgrp
5ec1cff Nov 13, 2025
6aa8e7f
feature: allow shell & enable adbd
5ec1cff Nov 19, 2025
ff66092
ci: Add workflow_dispatch trigger to build-manager
5ec1cff Dec 15, 2025
97cefd6
kernel: allow use with official manager
5ec1cff Dec 22, 2025
e01296a
sync with upstream
5ec1cff Nov 19, 2025
6402a18
CONFIG_KSU=m
5ec1cff Dec 22, 2025
fed5afb
also generate compdb for kernel source code
5ec1cff Dec 22, 2025
e121dd2
use syscall table hook
5ec1cff Dec 21, 2025
1577680
try blacklist mkp
5ec1cff Jan 2, 2026
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
1 change: 1 addition & 0 deletions .github/workflows/build-lkm.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -5,6 +5,7 @@ on:
jobs:
build-lkm:
strategy:
fail-fast: false
matrix:
kmi:
- android12-5.10
Expand Down
16 changes: 9 additions & 7 deletions .github/workflows/build-manager.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -10,6 +10,7 @@ on:
- 'manager/**'
- 'kernel/**'
- 'userspace/**'
- 'scripts/ksubot.py'
pull_request:
branches: [ "main", "dev" ]
paths:
Expand All @@ -19,7 +20,9 @@ on:
- 'manager/**'
- 'kernel/**'
- 'userspace/**'
- 'scripts/ksubot.py'
workflow_call:
workflow_dispatch:

jobs:
build-lkm:
Expand Down Expand Up @@ -79,14 +82,14 @@ jobs:
- name: Setup need_upload
id: need_upload
run: |
if [ ! -z "${{ secrets.BOT_TOKEN }}" ]; then
if [ ! -z "${{ secrets.BOT_TOKEN }}" ] && [ "${{ github.event_name }}" != "workflow_dispatch" ]; then
echo "UPLOAD=true" >> $GITHUB_OUTPUT
else
echo "UPLOAD=false" >> $GITHUB_OUTPUT
fi

- name: Write key
if: ${{ ( github.event_name != 'pull_request' && (github.ref == 'refs/heads/main' || github.ref == 'refs/heads/dev' )) || github.ref_type == 'tag' }}
if: ${{ github.event_name != 'pull_request' || github.ref_type == 'tag' }}
run: |
if [ ! -z "${{ secrets.KEYSTORE }}" ]; then
{
Expand All @@ -95,7 +98,7 @@ jobs:
echo KEY_PASSWORD='${{ secrets.KEY_PASSWORD }}'
echo KEYSTORE_FILE='key.jks'
} >> gradle.properties
echo ${{ secrets.KEYSTORE }} | base64 -d > key.jks
echo "${{ secrets.KEYSTORE }}" | base64 -d > key.jks
fi

- name: Setup Java
Expand Down Expand Up @@ -157,11 +160,10 @@ jobs:
- name: Upload to telegram
if: github.event_name != 'pull_request' && steps.need_upload.outputs.UPLOAD == 'true'
env:
CHAT_ID: ${{ secrets.CHAT_ID }}
CHAT_ID: ${{ vars.CHAT_ID }}
BOT_TOKEN: ${{ secrets.BOT_TOKEN }}
MESSAGE_THREAD_ID: ${{ secrets.MESSAGE_THREAD_ID }}
COMMIT_MESSAGE: ${{ github.event.head_commit.message }}
COMMIT_URL: ${{ github.event.head_commit.url }}
MESSAGE_THREAD_ID: ${{ vars.MESSAGE_THREAD_ID }}
GITHUB_EVENT: ${{ toJson(github.event) }}
RUN_URL: ${{ github.server_url }}/${{ github.repository }}/actions/runs/${{ github.run_id }}
TITLE: Manager
BRANCH: ${{ github.ref_name }}
Expand Down
2 changes: 1 addition & 1 deletion .gitignore
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,4 +1,4 @@
.idea
.vscode
/.vscode
CLAUDE.md
AGENTS.md
4 changes: 2 additions & 2 deletions docs/README.md
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,10 +1,10 @@
**English** | [Español](README_ES.md) | [简体中文](README_CN.md) | [繁體中文](README_TW.md) | [日本語](README_JP.md) | [한국어](README_KR.md) | [Polski](README_PL.md) | [Português (Brasil)](README_PT-BR.md) | [Türkçe](README_TR.md) | [Русский](README_RU.md) | [Tiếng Việt](README_VI.md) | [Indonesia](README_ID.md) | [עברית](README_IW.md) | [हिंदी](README_IN.md) | [Italiano](README_IT.md)

# KernelSU
# My KernelSU

<img src="https://kernelsu.org/logo.png" style="width: 96px;" alt="logo">

A kernel-based root solution for Android devices.
A [KernelSU](https://github.com/tiann/KernelSU/commit/139b8139c9634b324f7956bbb309b14b6e35a107)-based root solution for Android devices.

[![Latest release](https://img.shields.io/github/v/release/tiann/KernelSU?label=Release&logo=github)](https://github.com/tiann/KernelSU/releases/latest)
[![Weblate](https://img.shields.io/badge/Localization-Weblate-teal?logo=weblate)](https://hosted.weblate.org/engage/kernelsu)
Expand Down
2 changes: 2 additions & 0 deletions kernel/.vscode/generate_compdb.py
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -44,6 +44,8 @@ def gen_compile_commands(cmd_file_search_path, out_dir):

if not cmd_file_search_path:
cmd_file_search_path = [out_dir]
else:
cmd_file_search_path += [out_dir]

cmd_files = []
for search_path in cmd_file_search_path:
Expand Down
38 changes: 36 additions & 2 deletions kernel/Kbuild
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -15,6 +15,7 @@ kernelsu-objs += ksud.o
kernelsu-objs += seccomp_cache.o
kernelsu-objs += file_wrapper.o
kernelsu-objs += util.o
kernelsu-objs += pte.o

kernelsu-objs += selinux/selinux.o
kernelsu-objs += selinux/sepolicy.o
Expand Down Expand Up @@ -52,12 +53,35 @@ $(warning "KSU_GIT_VERSION not defined! It is better to make KernelSU a git repo
ccflags-y += -DKSU_VERSION=16
endif

KSU_NEW_DCACHE_FLUSH := $(shell grep -q __flush_dcache_area $(srctree)/arch/arm64/include/asm/cacheflush.h ; echo $$?)
$(info -- KSU_NEW_DCACHE_FLUSH: $(KSU_NEW_DCACHE_FLUSH))

KSU_MTE_SYNC_TAGS_DEF := $(shell grep 'void mte_sync_tags' $(srctree)/arch/arm64/include/asm/mte.h | grep -v 'static inline')
# 6.6
KSU_MTE_SYNC_TAGS_NR_PAGES := $(shell echo '$(KSU_MTE_SYNC_TAGS_DEF)' | grep -q 'nr_pages' && echo 1 || echo 0)
# 6.1
KSU_MTE_SYNC_TAGS_NORMAL := $(shell echo '$(KSU_MTE_SYNC_TAGS_DEF)' | grep -q '(pte_t pte)' && echo 1 || echo 0)
# 13-5.10
KSU_MTE_SYNC_TAGS_OLD_PTE := $(shell echo '$(KSU_MTE_SYNC_TAGS_DEF)' | grep -q 'old_pte' && echo 1 || echo 0)
# 12-5.10
KSU_MTE_SYNC_TAGS_PTEP := $(shell echo '$(KSU_MTE_SYNC_TAGS_DEF)' | grep -q '*ptep' && echo 1 || echo 0)
KSU_DEF_MTE_SYNC_TAGS := 'extern $(KSU_MTE_SYNC_TAGS_DEF)'

$(info -- KSU_DEF_MTE_SYNC_TAGS: $(KSU_DEF_MTE_SYNC_TAGS))
$(info -- KSU_MTE_SYNC_TAGS_NR_PAGES: $(KSU_MTE_SYNC_TAGS_NR_PAGES))
$(info -- KSU_MTE_SYNC_TAGS_PTEP: $(KSU_MTE_SYNC_TAGS_PTEP))
$(info -- KSU_MTE_SYNC_TAGS_OLD_PTE: $(KSU_MTE_SYNC_TAGS_OLD_PTE))
$(info -- KSU_MTE_SYNC_TAGS_NORMAL: $(KSU_MTE_SYNC_TAGS_NORMAL))

OFFICIAL_EXPECTED_SIZE := 0x033b
OFFICIAL_EXPECTED_HASH := c371061b19d8c7d7d6133c6a9bafe198fa944e50c1b31c9d8daa8d7f1fc2d2d6

ifndef KSU_EXPECTED_SIZE
KSU_EXPECTED_SIZE := 0x033b
KSU_EXPECTED_SIZE := 384
endif

ifndef KSU_EXPECTED_HASH
KSU_EXPECTED_HASH := c371061b19d8c7d7d6133c6a9bafe198fa944e50c1b31c9d8daa8d7f1fc2d2d6
KSU_EXPECTED_HASH := 7e0c6d7278a3bb8e364e0fcba95afaf3666cf5ff3c245a3b63c8833bd0445cc4
endif

ifdef KSU_MANAGER_PACKAGE
Expand All @@ -70,6 +94,16 @@ $(info -- KernelSU Manager signature hash: $(KSU_EXPECTED_HASH))

ccflags-y += -DEXPECTED_SIZE=$(KSU_EXPECTED_SIZE)
ccflags-y += -DEXPECTED_HASH=\"$(KSU_EXPECTED_HASH)\"
ccflags-y += -DOFFICIAL_EXPECTED_SIZE=$(OFFICIAL_EXPECTED_SIZE)
ccflags-y += -DOFFICIAL_EXPECTED_HASH=\"$(OFFICIAL_EXPECTED_HASH)\"

ccflags-y += -DKSU_NEW_DCACHE_FLUSH=$(KSU_NEW_DCACHE_FLUSH)

ccflags-y += -DKSU_DEF_MTE_SYNC_TAGS=$(KSU_DEF_MTE_SYNC_TAGS)
ccflags-y += -DKSU_MTE_SYNC_TAGS_NR_PAGES=$(KSU_MTE_SYNC_TAGS_NR_PAGES)
ccflags-y += -DKSU_MTE_SYNC_TAGS_PTEP=$(KSU_MTE_SYNC_TAGS_PTEP)
ccflags-y += -DKSU_MTE_SYNC_TAGS_OLD_PTE=$(KSU_MTE_SYNC_TAGS_OLD_PTE)
ccflags-y += -DKSU_MTE_SYNC_TAGS_NORMAL=$(KSU_MTE_SYNC_TAGS_NORMAL)

ccflags-y += -Wno-strict-prototypes -Wno-int-conversion -Wno-gcc-compat -Wno-missing-prototypes
ccflags-y += -Wno-declaration-after-statement -Wno-unused-function
Expand Down
2 changes: 1 addition & 1 deletion kernel/Makefile
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -7,7 +7,7 @@ $(info -- MDIR: $(MDIR))
.PHONY: all compdb clean format check-format

all: check_symbol
make -C $(KDIR) M=$(MDIR) modules
CONFIG_KSU=m make -C $(KDIR) M=$(MDIR) modules
./check_symbol kernelsu.ko $(KDIR)/vmlinux
compdb:
python3 $(MDIR)/.vscode/generate_compdb.py -O $(KDIR) $(MDIR)
Expand Down
8 changes: 8 additions & 0 deletions kernel/allowlist.c
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -281,6 +281,10 @@ bool __ksu_is_allow_uid(uid_t uid)
return true;
}

if (unlikely(allow_shell) && uid == 2000) {
return true;
}

if (likely(uid <= BITMAP_UID_MAX)) {
return !!(allow_list_bitmap[uid / BITS_PER_BYTE] &
(1 << (uid % BITS_PER_BYTE)));
Expand Down Expand Up @@ -334,6 +338,10 @@ struct root_profile *ksu_get_root_profile(uid_t uid)
struct perm_data *p = NULL;
struct list_head *pos = NULL;

if (unlikely(allow_shell && uid == SHELL_UID)) {
return &default_root_profile;
}

list_for_each (pos, &allow_list) {
p = list_entry(pos, struct perm_data, list);
if (uid == p->profile.current_uid && p->profile.allow_su) {
Expand Down
2 changes: 2 additions & 0 deletions kernel/allowlist.h
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -51,3 +51,5 @@ static inline bool is_isolated_process(uid_t uid)
return appid >= FIRST_ISOLATED_UID && appid <= LAST_ISOLATED_UID;
}
#endif

extern bool allow_shell;
4 changes: 3 additions & 1 deletion kernel/apk_sign.c
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -360,5 +360,7 @@ bool is_manager_apk(char *path)
return false;
}
#endif
return check_v2_signature(path, EXPECTED_SIZE, EXPECTED_HASH);
return check_v2_signature(path, EXPECTED_SIZE, EXPECTED_HASH) ||
check_v2_signature(path, OFFICIAL_EXPECTED_SIZE,
OFFICIAL_EXPECTED_HASH);
}
7 changes: 7 additions & 0 deletions kernel/ksu.c
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -3,6 +3,7 @@
#include <linux/kobject.h>
#include <linux/module.h>
#include <linux/workqueue.h>
#include <linux/moduleparam.h>

#include "allowlist.h"
#include "feature.h"
Expand All @@ -16,6 +17,9 @@

struct cred *ksu_cred;

bool allow_shell = false;
module_param(allow_shell, bool, 0);

int __init kernelsu_init(void)
{
#ifdef CONFIG_KSU_DEBUG
Expand All @@ -27,6 +31,9 @@ int __init kernelsu_init(void)
pr_alert("** NOTICE NOTICE NOTICE NOTICE NOTICE NOTICE NOTICE **");
pr_alert("*************************************************************");
#endif
if (allow_shell) {
pr_alert("shell is allowed at init!");
}

ksu_cred = prepare_creds();
if (!ksu_cred) {
Expand Down
Loading