Revert "kernel: added susfs v1.5.3"

This reverts commit bdf81c0880.
2025-08-27 23:46:34 +00:00 · 2024-12-24 08:21:10 +06:00
parent bdf81c0880
commit 8fbddc959a
18 changed files with 58 additions and 842 deletions
--- a/kernel/selinux/rules.c
+++ b/kernel/selinux/rules.c
@@ -36,9 +36,9 @@ static struct policydb *get_policydb(void)
 	return db;
 }

-void ksu_apply_kernelsu_rules()
+void apply_kernelsu_rules()
 {
-	if (!ksu_getenforce()) {
+	if (!getenforce()) {
 		pr_info("SELinux permissive or disabled, apply rules!\n");
 	}

@@ -134,14 +134,6 @@ void ksu_apply_kernelsu_rules()
    ksu_allow(db, "system_server", KERNEL_SU_DOMAIN, "process", "getpgid");
    ksu_allow(db, "system_server", KERNEL_SU_DOMAIN, "process", "sigkill");

-#ifdef CONFIG_KSU_SUSFS
-	// Allow umount in zygote process without installing zygisk
-	ksu_allow(db, "zygote", "labeledfs", "filesystem", "unmount");
-	susfs_set_init_sid();
-	susfs_set_ksu_sid();
-	susfs_set_zygote_sid();
-#endif
-
 	rcu_read_unlock();
 }

@@ -203,13 +195,13 @@ static void reset_avc_cache()
 	selinux_xfrm_notify_policyload();
 }

-int ksu_handle_sepolicy(unsigned long arg3, void __user *arg4)
+int handle_sepolicy(unsigned long arg3, void __user *arg4)
 {
 	if (!arg4) {
 		return -1;
 	}

-	if (!ksu_getenforce()) {
+	if (!getenforce()) {
 		pr_info("SELinux permissive or disabled when handle policy!\n");
 	}

--- a/kernel/selinux/selinux.c
+++ b/kernel/selinux/selinux.c
@@ -8,14 +8,6 @@

 #define KERNEL_SU_DOMAIN "u:r:su:s0"

-#ifdef CONFIG_KSU_SUSFS
-#define KERNEL_INIT_DOMAIN "u:r:init:s0"
-#define KERNEL_ZYGOTE_DOMAIN "u:r:zygote:s0"
-u32 susfs_ksu_sid = 0;
-u32 susfs_init_sid = 0;
-u32 susfs_zygote_sid = 0;
-#endif
-
 static int transive_to_domain(const char *domain)
 {
 	struct cred *cred;
@@ -45,7 +37,7 @@ static int transive_to_domain(const char *domain)
 	return error;
 }

-void ksu_setup_selinux(const char *domain)
+void setup_selinux(const char *domain)
 {
 	if (transive_to_domain(domain)) {
 		pr_err("transive domain failed.\n");
@@ -60,7 +52,7 @@ if (!is_domain_permissive) {
 }*/
 }

-void ksu_setenforce(bool enforce)
+void setenforce(bool enforce)
 {
 #ifdef CONFIG_SECURITY_SELINUX_DEVELOP
 #ifdef KSU_COMPAT_USE_SELINUX_STATE
@@ -71,7 +63,7 @@ void ksu_setenforce(bool enforce)
 #endif
 }

-bool ksu_getenforce()
+bool getenforce()
 {
 #ifdef CONFIG_SECURITY_SELINUX_DISABLE
 #ifdef KSU_COMPAT_USE_SELINUX_STATE
@@ -107,7 +99,7 @@ static inline u32 current_sid(void)
 }
 #endif

-bool ksu_is_ksu_domain()
+bool is_ksu_domain()
 {
 	char *domain;
 	u32 seclen;
@@ -121,7 +113,7 @@ bool ksu_is_ksu_domain()
 	return result;
 }

-bool ksu_is_zygote(void *sec)
+bool is_zygote(void *sec)
 {
 	struct task_security_struct *tsec = (struct task_security_struct *)sec;
 	if (!tsec) {
@@ -139,83 +131,6 @@ bool ksu_is_zygote(void *sec)
 	return result;
 }

-#ifdef CONFIG_KSU_SUSFS
-static inline void susfs_set_sid(const char *secctx_name, u32 *out_sid)
-{
-	int err;
-	
-	if (!secctx_name || !out_sid) {
-		pr_err("secctx_name || out_sid is NULL\n");
-		return;
-	}
-
-	err = security_secctx_to_secid(secctx_name, strlen(secctx_name),
-					   out_sid);
-	if (err) {
-		pr_err("failed setting sid for '%s', err: %d\n", secctx_name, err);
-		return;
-	}
-	pr_info("sid '%u' is set for secctx_name '%s'\n", *out_sid, secctx_name);
-}
-
-bool susfs_is_sid_equal(void *sec, u32 sid2) {
-	struct task_security_struct *tsec = (struct task_security_struct *)sec;
-	if (!tsec) {
-		return false;
-	}
-	return tsec->sid == sid2;
-}
-
-u32 susfs_get_sid_from_name(const char *secctx_name)
-{
-	u32 out_sid = 0;
-	int err;
-	
-	if (!secctx_name) {
-		pr_err("secctx_name is NULL\n");
-		return 0;
-	}
-	err = security_secctx_to_secid(secctx_name, strlen(secctx_name),
-					   &out_sid);
-	if (err) {
-		pr_err("failed getting sid from secctx_name: %s, err: %d\n", secctx_name, err);
-		return 0;
-	}
-	return out_sid;
-}
-
-u32 susfs_get_current_sid(void) {
-	return current_sid();
-}
-
-void susfs_set_zygote_sid(void)
-{
-	susfs_set_sid(KERNEL_ZYGOTE_DOMAIN, &susfs_zygote_sid);
-}
-
-bool susfs_is_current_zygote_domain(void) {
-	return unlikely(current_sid() == susfs_zygote_sid);
-}
-
-void susfs_set_ksu_sid(void)
-{
-	susfs_set_sid(KERNEL_SU_DOMAIN, &susfs_ksu_sid);
-}
-
-bool susfs_is_current_ksu_domain(void) {
-	return unlikely(current_sid() == susfs_ksu_sid);
-}
-
-void susfs_set_init_sid(void)
-{
-	susfs_set_sid(KERNEL_INIT_DOMAIN, &susfs_init_sid);
-}
-
-bool susfs_is_current_init_domain(void) {
-	return unlikely(current_sid() == susfs_init_sid);
-}
-#endif
-
 #define DEVPTS_DOMAIN "u:object_r:ksu_file:s0"

 u32 ksu_get_devpts_sid()
--- a/kernel/selinux/selinux.h
+++ b/kernel/selinux/selinux.h
@@ -8,29 +8,17 @@
 #define KSU_COMPAT_USE_SELINUX_STATE
 #endif

-void ksu_setup_selinux(const char *);
+void setup_selinux(const char *);

-void ksu_setenforce(bool);
+void setenforce(bool);

-bool ksu_getenforce();
+bool getenforce();

-bool ksu_is_ksu_domain();
+bool is_ksu_domain();

-bool ksu_is_zygote(void *cred);
+bool is_zygote(void *cred);

-void ksu_apply_kernelsu_rules();
-
-#ifdef CONFIG_KSU_SUSFS_SUS_MOUNT
-bool susfs_is_sid_equal(void *sec, u32 sid2);
-u32 susfs_get_sid_from_name(const char *secctx_name);
-u32 susfs_get_current_sid(void);
-void susfs_set_zygote_sid(void);
-bool susfs_is_current_zygote_domain(void);
-void susfs_set_ksu_sid(void);
-bool susfs_is_current_ksu_domain(void);
-void susfs_set_init_sid(void);
-bool susfs_is_current_init_domain(void);
-#endif
+void apply_kernelsu_rules();

 u32 ksu_get_devpts_sid();