kernel: susfs 1.5.9 a13-5.15 patch

kernel/Kconfig

@@ -40,4 +40,139 @@ config KSU_LSM_SECURITY_HOOKS
 	  Disabling this is mostly only useful for kernel 4.1 and older.
 	  Make sure to implement manual hooks on security/security.c.
 
+menu "KernelSU - SUSFS"
+config KSU_SUSFS
+    bool "KernelSU addon - SUSFS"
+    depends on KSU
+    depends on THREAD_INFO_IN_TASK
+    default y
+    help
+      Patch and Enable SUSFS to kernel with KernelSU.
+
+config KSU_SUSFS_HAS_MAGIC_MOUNT
+    bool "Say yes if the current KernelSU repo has magic mount implemented (default y)"
+    depends on KSU
+    default y
+    help
+      - Enable to indicate that the current SUSFS kernel supports the auto hide features for 5ec1cff's Magic Mount KernelSU
+      - Every mounts from /debug_ramdisk/workdir will be treated as magic mount and processed differently by susfs
+
+config KSU_SUSFS_SUS_PATH
+    bool "Enable to hide suspicious path (NOT recommended)"
+    depends on KSU_SUSFS
+    default y
+    help
+      - Allow hiding the user-defined path and all its sub-paths from various system calls.
+      - Includes temp fix for the leaks of app path in /sdcard/Android/data directory.
+      - Effective only on zygote spawned user app process.
+      - Use with cautious as it may cause performance loss and will be vulnerable to side channel attacks,
+        just disable this feature if it doesn't work for you or you don't need it at all.
+
+config KSU_SUSFS_SUS_MOUNT
+    bool "Enable to hide suspicious mounts"
+    depends on KSU_SUSFS
+    default y
+    help
+      - Allow hiding the user-defined mount paths from /proc/self/[mounts|mountinfo|mountstat].
+      - Effective on all processes for hiding mount entries.
+      - Mounts mounted by process with ksu domain will be forced to be assigned the dev name "KSU".
+      - mnt_id and mnt_group_id of the sus mount will be assigned to a much bigger number to solve the issue of id not being contiguous.  
+
+config KSU_SUSFS_AUTO_ADD_SUS_KSU_DEFAULT_MOUNT
+    bool "Enable to hide KSU's default mounts automatically (experimental)"
+    depends on KSU_SUSFS_SUS_MOUNT
+    default y
+    help
+      - Automatically add KSU's default mounts to sus_mount.
+      - No susfs command is needed in userspace.
+      - Only mount operation from process with ksu domain will be checked.
+
+config KSU_SUSFS_AUTO_ADD_SUS_BIND_MOUNT
+    bool "Enable to hide suspicious bind mounts automatically (experimental)"
+    depends on KSU_SUSFS_SUS_MOUNT
+    default y
+    help
+      - Automatically add binded mounts to sus_mount.
+      - No susfs command is needed in userspace.
+      - Only mount operation from process with ksu domain will be checked.
+
+config KSU_SUSFS_SUS_KSTAT
+    bool "Enable to spoof suspicious kstat"
+    depends on KSU_SUSFS
+    default y
+    help
+      - Allow spoofing the kstat of user-defined file/directory.
+      - Effective only on zygote spawned user app process.
+
+config KSU_SUSFS_TRY_UMOUNT
+    bool "Enable to use ksu's ksu_try_umount"
+    depends on KSU_SUSFS
+    default y
+    help
+      - Allow using ksu_try_umount to umount other user-defined mount paths prior to ksu's default umount paths.
+      - Effective on all NO-root-access-granted processes.
+
+config KSU_SUSFS_AUTO_ADD_TRY_UMOUNT_FOR_BIND_MOUNT
+    bool "Enable to add bind mounts to ksu's ksu_try_umount automatically (experimental)"
+    depends on KSU_SUSFS_TRY_UMOUNT
+    default y
+    help
+      - Automatically add binded mounts to ksu's ksu_try_umount.
+      - No susfs command is needed in userspace.
+      - Only mount operation from process with ksu domain will be checked.
+
+config KSU_SUSFS_SPOOF_UNAME
+    bool "Enable to spoof uname"
+    depends on KSU_SUSFS
+    default y
+    help
+      - Allow spoofing the string returned by uname syscall to user-defined string.
+      - Effective on all processes.
+      
+config KSU_SUSFS_ENABLE_LOG
+    bool "Enable logging susfs log to kernel"
+    depends on KSU_SUSFS
+    default y
+    help
+      - Allow logging susfs log to kernel, uncheck it to completely disable all susfs log.
+
+config KSU_SUSFS_HIDE_KSU_SUSFS_SYMBOLS
+    bool "Enable to automatically hide ksu and susfs symbols from /proc/kallsyms"
+    depends on KSU_SUSFS
+    default y
+    help
+      - Automatically hide ksu and susfs symbols from '/proc/kallsyms'.
+      - Effective on all processes.
+
+config KSU_SUSFS_SPOOF_CMDLINE_OR_BOOTCONFIG
+    bool "Enable to spoof /proc/bootconfig (gki) or /proc/cmdline (non-gki)"
+    depends on KSU_SUSFS
+    default y
+    help
+      - Spoof the output of /proc/bootconfig (gki) or /proc/cmdline (non-gki) with a user-defined file.
+      - Effective on all processes.
+
+config KSU_SUSFS_OPEN_REDIRECT
+    bool "Enable to redirect a path to be opened with another path (experimental)"
+    depends on KSU_SUSFS
+    default y
+    help
+      - Allow redirecting a target path to be opened with another user-defined path.
+      - Effective only on processes with uid < 2000.
+      - Please be reminded that process with open access to the target and redirected path can be detected.
+
+config KSU_SUSFS_SUS_SU
+    bool "Enable SUS-SU in runtime temporarily"
+    depends on KSU_SUSFS && KPROBES && HAVE_KPROBES && KPROBE_EVENTS
+    default y
+    help
+      - Allow user to enable or disable core ksu kprobes hooks temporarily in runtime. There are 2 working modes for sus_su.
+      - Mode 0 (default): Disable sus_su, and enable ksu kprobe hooks for su instead.
+      - Mode 1 (deprecated): 
+      - Mode 2: Enable sus_su, and disable ksu kprobe hooks for su, which means the kernel inline hooks are enabled,
+                the same as the su implementaion of non-gki kernel without kprobe supported.
+      - Only apps with root access granted by ksu manager are allowed to get root.
+
+endmenu
+
 endmenu