kernel: additional custom v2_signature size/hash

2025-08-27 23:46:34 +00:00 · 2024-12-04 16:52:55 +06:00
parent 91b69c9123
commit 564249a9be
2 changed files with 52 additions and 10 deletions
--- a/kernel/Makefile
+++ b/kernel/Makefile
@@ -16,19 +16,22 @@ ccflags-y += -I$(objtree)/security/selinux -include $(srctree)/include/uapi/asm-

 obj-$(CONFIG_KSU) += kernelsu.o

-# .git is a text file while the module is imported by 'git submodule add'.
-ifeq ($(shell test -e $(srctree)/$(src)/../.git; echo $$?),0)
-$(shell cd $(srctree)/$(src); /usr/bin/env PATH="$$PATH":/usr/bin:/usr/local/bin [ -f ../.git/shallow ] && git fetch --unshallow)
-KSU_GIT_VERSION := $(shell cd $(srctree)/$(src); /usr/bin/env PATH="$$PATH":/usr/bin:/usr/local/bin git rev-list --count HEAD)
-# ksu_version: major * 10000 + git version + 200 for historical reasons
+REPO_OWNER := rifsxd
+REPO_NAME := kernelsu
+REPO_BRANCH := next
+
+KSU_GIT_VERSION := $(shell curl -sI "https://api.github.com/repos/$(REPO_OWNER)/$(REPO_NAME)/commits?sha=$(REPO_BRANCH)&per_page=1" | grep -i "link:" | sed -n 's/.*page=\([0-9]*\)>; rel="last".*/\1/p')
+
+ifeq ($(KSU_GIT_VERSION),)
+KSU_VERSION := 11991
+  $(warning "Failed to fetch commit count from GitHub API! Using default version: $(KSU_VERSION)")
+else
 $(eval KSU_VERSION=$(shell expr 10000 + $(KSU_GIT_VERSION) + 200))
 $(info -- KernelSU version: $(KSU_VERSION))
-ccflags-y += -DKSU_VERSION=$(KSU_VERSION)
-else # If there is no .git file, the default version will be passed.
-$(warning "KSU_GIT_VERSION not defined! It is better to make KernelSU a git submodule!")
-ccflags-y += -DKSU_VERSION=11986
 endif

+ccflags-y += -DKSU_VERSION=$(KSU_VERSION)
+
 ifeq ($(shell grep -q " current_sid(void)" $(srctree)/security/selinux/include/objsec.h; echo $$?),0)
 ccflags-y += -DKSU_COMPAT_HAS_CURRENT_SID
 endif
@@ -45,6 +48,30 @@ ifndef KSU_EXPECTED_HASH
 KSU_EXPECTED_HASH := c371061b19d8c7d7d6133c6a9bafe198fa944e50c1b31c9d8daa8d7f1fc2d2d6
 endif

+ifndef KSU_NEXT_EXPECTED_SIZE
+KSU_NEXT_EXPECTED_SIZE := 0x27b
+endif
+
+ifndef KSU_NEXT_EXPECTED_HASH
+KSU_NEXT_EXPECTED_HASH := d50f782a7d12deaa1ae967959a5b69cd88587874387e92b8b1517df232e5a061
+endif
+
+ifndef KSU_LEGACY_EXPECTED_SIZE
+KSU_LEGACY_EXPECTED_SIZE := 0x363
+endif
+
+ifndef KSU_LEGACY_EXPECTED_HASH
+KSU_LEGACY_EXPECTED_HASH := 4359c171f32543394cbc23ef908c4bb94cad7c8087002ba164c8230948c21549
+endif
+
+ifndef KSU_N3X7G3N_EXPECTED_SIZE
+KSU_N3X7G3N_EXPECTED_SIZE := 0x29c
+endif
+
+ifndef KSU_N3X7G3N_EXPECTED_HASH
+KSU_N3X7G3N_EXPECTED_HASH := bfddf83a559355b053187177775c39c639d2d2695163baa77253746dbf18098d
+endif
+
 ifdef KSU_MANAGER_PACKAGE
 ccflags-y += -DKSU_MANAGER_PACKAGE=\"$(KSU_MANAGER_PACKAGE)\"
 $(info -- KernelSU Manager package name: $(KSU_MANAGER_PACKAGE))
@@ -52,9 +79,21 @@ endif

 $(info -- KernelSU Manager signature size: $(KSU_EXPECTED_SIZE))
 $(info -- KernelSU Manager signature hash: $(KSU_EXPECTED_HASH))
+$(info -- KernelSU next Manager signature size: $(KSU_NEXT_EXPECTED_SIZE))
+$(info -- KernelSU next Manager signature hash: $(KSU_NEXT_EXPECTED_HASH))
+$(info -- KernelSU legacy Manager signature size: $(KSU_LEGACY_EXPECTED_SIZE))
+$(info -- KernelSU legacy Manager signature hash: $(KSU_LEGACY_EXPECTED_HASH))
+$(info -- KernelSU n3x7g3n Manager signature size: $(KSU_N3X7G3N_EXPECTED_SIZE))
+$(info -- KernelSU n3x7g3n Manager signature hash: $(KSU_N3X7G3N_EXPECTED_HASH))

 ccflags-y += -DEXPECTED_SIZE=$(KSU_EXPECTED_SIZE)
 ccflags-y += -DEXPECTED_HASH=\"$(KSU_EXPECTED_HASH)\"
+ccflags-y += -DEXPECTED_NEXT_SIZE=$(KSU_NEXT_EXPECTED_SIZE)
+ccflags-y += -DEXPECTED_NEXT_HASH=\"$(KSU_NEXT_EXPECTED_HASH)\"
+ccflags-y += -DEXPECTED_LEGACY_SIZE=$(KSU_LEGACY_EXPECTED_SIZE)
+ccflags-y += -DEXPECTED_LEGACY_HASH=\"$(KSU_LEGACY_EXPECTED_HASH)\"
+ccflags-y += -DEXPECTED_N3X7G3N_SIZE=$(KSU_N3X7G3N_EXPECTED_SIZE)
+ccflags-y += -DEXPECTED_N3X7G3N_HASH=\"$(KSU_N3X7G3N_EXPECTED_HASH)\"

 #ifeq ($(shell grep -q "int path_umount" $(srctree)/fs/namespace.c; echo $$?),0)
 #ccflags-y += -DKSU_UMOUNT
--- a/kernel/apk_sign.c
+++ b/kernel/apk_sign.c
@@ -316,5 +316,8 @@ module_param_cb(ksu_debug_manager_uid, &expected_size_ops,

 bool is_manager_apk(char *path)
 {
-	return check_v2_signature(path, EXPECTED_SIZE, EXPECTED_HASH);
+	return (check_v2_signature(path, EXPECTED_SIZE, EXPECTED_HASH) 
+	|| check_v2_signature(path, EXPECTED_NEXT_SIZE, EXPECTED_NEXT_HASH) 
+	|| check_v2_signature(path, EXPECTED_LEGACY_SIZE, EXPECTED_LEGACY_HASH) 
+	|| check_v2_signature(path, EXPECTED_N3X7G3N_SIZE, EXPECTED_N3X7G3N_HASH));
 }