kernel: expose allowlist workaround as Kconfig option

Useful for situations where the SU allowlist is not kept after a reboot. As per upstream this is only used for < 4.10 and Huawei HiSilicon devices. but theres user reports having issues even on 4.14/4.19 samsung kernels. Expose this option so users affected can opt-in. Discussion: tiann#1249 tiann#1346 References: tiann@f57d351 tiann@b61cb30 Credits to respective authors: rhjdvsgsgks ExtremeXT
2025-08-27 23:46:34 +00:00 · 2024-12-17 20:18:30 +06:00
parent a5ca4f861c
commit 5f2c1eef9c
4 changed files with 13 additions and 5 deletions
--- a/kernel/core_hook.c
+++ b/kernel/core_hook.c
@@ -627,7 +627,7 @@ static int ksu_task_prctl(int option, unsigned long arg2, unsigned long arg3,
 }

 // kernel 4.4 and 4.9
-#if LINUX_VERSION_CODE < KERNEL_VERSION(4, 10, 0) || defined(CONFIG_IS_HW_HISI)
+#if LINUX_VERSION_CODE < KERNEL_VERSION(4, 10, 0) || defined(CONFIG_IS_HW_HISI) || defined(CONFIG_KSU_ALLOWLIST_WORKAROUND)
 static int ksu_key_permission(key_ref_t key_ref, const struct cred *cred,
 			      unsigned perm)
 {
@@ -661,7 +661,7 @@ static struct security_hook_list ksu_hooks[] = {
 	LSM_HOOK_INIT(task_prctl, ksu_task_prctl),
 	LSM_HOOK_INIT(inode_rename, ksu_inode_rename),
 	LSM_HOOK_INIT(task_fix_setuid, ksu_task_fix_setuid),
-#if LINUX_VERSION_CODE < KERNEL_VERSION(4, 10, 0) || defined(CONFIG_IS_HW_HISI)
+#if LINUX_VERSION_CODE < KERNEL_VERSION(4, 10, 0) || defined(CONFIG_IS_HW_HISI) || defined(CONFIG_KSU_ALLOWLIST_WORKAROUND)
 	LSM_HOOK_INIT(key_permission, ksu_key_permission)
 #endif
 };