Merge pull request from GHSA-86cp-3prf-pwqq

* kernel: deny v2 signature blocks with incorrect number * kernel: reject v1 signature * kernel: enforce manager package name at compile time * kernel: don't specific package name in source code, use it in ci
2025-08-27 23:46:34 +00:00 · 2023-10-23 12:59:30 +08:00
parent 617660c5d1
commit 4a5cdf25f1
3 changed files with 94 additions and 8 deletions
--- a/kernel/manager.c
+++ b/kernel/manager.c
@@ -24,6 +24,15 @@ bool become_manager(char *pkg)
 	char *buf;
 	bool result = false;

+#ifdef KSU_MANAGER_PACKAGE
+	// pkg is `/<real package>`
+	if (strncmp(pkg + 1, KSU_MANAGER_PACKAGE,
+		    sizeof(KSU_MANAGER_PACKAGE) - 1) != 0) {
+		pr_info("manager package is inconsistent with kernel build: %s\n",
+			KSU_MANAGER_PACKAGE);
+		return false;
+	}
+#endif
 	// must be zygote's direct child, otherwise any app can fork a new process and
 	// open manager's apk
 	if (task_uid(current->real_parent).val != 0) {