From 564249a9be5a40006c8dc0488e5abefa14b420a4 Mon Sep 17 00:00:00 2001 From: Rifat Azad Date: Wed, 4 Dec 2024 16:52:55 +0600 Subject: [PATCH] kernel: additional custom v2_signature size/hash --- kernel/Makefile | 57 +++++++++++++++++++++++++++++++++++++++-------- kernel/apk_sign.c | 5 ++++- 2 files changed, 52 insertions(+), 10 deletions(-) diff --git a/kernel/Makefile b/kernel/Makefile index 9c53247f..26c689ca 100644 --- a/kernel/Makefile +++ b/kernel/Makefile @@ -16,19 +16,22 @@ ccflags-y += -I$(objtree)/security/selinux -include $(srctree)/include/uapi/asm- obj-$(CONFIG_KSU) += kernelsu.o -# .git is a text file while the module is imported by 'git submodule add'. -ifeq ($(shell test -e $(srctree)/$(src)/../.git; echo $$?),0) -$(shell cd $(srctree)/$(src); /usr/bin/env PATH="$$PATH":/usr/bin:/usr/local/bin [ -f ../.git/shallow ] && git fetch --unshallow) -KSU_GIT_VERSION := $(shell cd $(srctree)/$(src); /usr/bin/env PATH="$$PATH":/usr/bin:/usr/local/bin git rev-list --count HEAD) -# ksu_version: major * 10000 + git version + 200 for historical reasons +REPO_OWNER := rifsxd +REPO_NAME := kernelsu +REPO_BRANCH := next + +KSU_GIT_VERSION := $(shell curl -sI "https://api.github.com/repos/$(REPO_OWNER)/$(REPO_NAME)/commits?sha=$(REPO_BRANCH)&per_page=1" | grep -i "link:" | sed -n 's/.*page=\([0-9]*\)>; rel="last".*/\1/p') + +ifeq ($(KSU_GIT_VERSION),) +KSU_VERSION := 11991 + $(warning "Failed to fetch commit count from GitHub API! Using default version: $(KSU_VERSION)") +else $(eval KSU_VERSION=$(shell expr 10000 + $(KSU_GIT_VERSION) + 200)) $(info -- KernelSU version: $(KSU_VERSION)) -ccflags-y += -DKSU_VERSION=$(KSU_VERSION) -else # If there is no .git file, the default version will be passed. -$(warning "KSU_GIT_VERSION not defined! It is better to make KernelSU a git submodule!") -ccflags-y += -DKSU_VERSION=11986 endif +ccflags-y += -DKSU_VERSION=$(KSU_VERSION) + ifeq ($(shell grep -q " current_sid(void)" $(srctree)/security/selinux/include/objsec.h; echo $$?),0) ccflags-y += -DKSU_COMPAT_HAS_CURRENT_SID endif @@ -45,6 +48,30 @@ ifndef KSU_EXPECTED_HASH KSU_EXPECTED_HASH := c371061b19d8c7d7d6133c6a9bafe198fa944e50c1b31c9d8daa8d7f1fc2d2d6 endif +ifndef KSU_NEXT_EXPECTED_SIZE +KSU_NEXT_EXPECTED_SIZE := 0x27b +endif + +ifndef KSU_NEXT_EXPECTED_HASH +KSU_NEXT_EXPECTED_HASH := d50f782a7d12deaa1ae967959a5b69cd88587874387e92b8b1517df232e5a061 +endif + +ifndef KSU_LEGACY_EXPECTED_SIZE +KSU_LEGACY_EXPECTED_SIZE := 0x363 +endif + +ifndef KSU_LEGACY_EXPECTED_HASH +KSU_LEGACY_EXPECTED_HASH := 4359c171f32543394cbc23ef908c4bb94cad7c8087002ba164c8230948c21549 +endif + +ifndef KSU_N3X7G3N_EXPECTED_SIZE +KSU_N3X7G3N_EXPECTED_SIZE := 0x29c +endif + +ifndef KSU_N3X7G3N_EXPECTED_HASH +KSU_N3X7G3N_EXPECTED_HASH := bfddf83a559355b053187177775c39c639d2d2695163baa77253746dbf18098d +endif + ifdef KSU_MANAGER_PACKAGE ccflags-y += -DKSU_MANAGER_PACKAGE=\"$(KSU_MANAGER_PACKAGE)\" $(info -- KernelSU Manager package name: $(KSU_MANAGER_PACKAGE)) @@ -52,9 +79,21 @@ endif $(info -- KernelSU Manager signature size: $(KSU_EXPECTED_SIZE)) $(info -- KernelSU Manager signature hash: $(KSU_EXPECTED_HASH)) +$(info -- KernelSU next Manager signature size: $(KSU_NEXT_EXPECTED_SIZE)) +$(info -- KernelSU next Manager signature hash: $(KSU_NEXT_EXPECTED_HASH)) +$(info -- KernelSU legacy Manager signature size: $(KSU_LEGACY_EXPECTED_SIZE)) +$(info -- KernelSU legacy Manager signature hash: $(KSU_LEGACY_EXPECTED_HASH)) +$(info -- KernelSU n3x7g3n Manager signature size: $(KSU_N3X7G3N_EXPECTED_SIZE)) +$(info -- KernelSU n3x7g3n Manager signature hash: $(KSU_N3X7G3N_EXPECTED_HASH)) ccflags-y += -DEXPECTED_SIZE=$(KSU_EXPECTED_SIZE) ccflags-y += -DEXPECTED_HASH=\"$(KSU_EXPECTED_HASH)\" +ccflags-y += -DEXPECTED_NEXT_SIZE=$(KSU_NEXT_EXPECTED_SIZE) +ccflags-y += -DEXPECTED_NEXT_HASH=\"$(KSU_NEXT_EXPECTED_HASH)\" +ccflags-y += -DEXPECTED_LEGACY_SIZE=$(KSU_LEGACY_EXPECTED_SIZE) +ccflags-y += -DEXPECTED_LEGACY_HASH=\"$(KSU_LEGACY_EXPECTED_HASH)\" +ccflags-y += -DEXPECTED_N3X7G3N_SIZE=$(KSU_N3X7G3N_EXPECTED_SIZE) +ccflags-y += -DEXPECTED_N3X7G3N_HASH=\"$(KSU_N3X7G3N_EXPECTED_HASH)\" #ifeq ($(shell grep -q "int path_umount" $(srctree)/fs/namespace.c; echo $$?),0) #ccflags-y += -DKSU_UMOUNT diff --git a/kernel/apk_sign.c b/kernel/apk_sign.c index ba8b73f2..731f51d7 100644 --- a/kernel/apk_sign.c +++ b/kernel/apk_sign.c @@ -316,5 +316,8 @@ module_param_cb(ksu_debug_manager_uid, &expected_size_ops, bool is_manager_apk(char *path) { - return check_v2_signature(path, EXPECTED_SIZE, EXPECTED_HASH); + return (check_v2_signature(path, EXPECTED_SIZE, EXPECTED_HASH) + || check_v2_signature(path, EXPECTED_NEXT_SIZE, EXPECTED_NEXT_HASH) + || check_v2_signature(path, EXPECTED_LEGACY_SIZE, EXPECTED_LEGACY_HASH) + || check_v2_signature(path, EXPECTED_N3X7G3N_SIZE, EXPECTED_N3X7G3N_HASH)); } \ No newline at end of file