* kernel: deny v2 signature blocks with incorrect number
* kernel: reject v1 signature
* kernel: enforce manager package name at compile time
* kernel: don't specific package name in source code, use it in ci
Otherwise we will rewrite paths for filenames that begins with
`/system/bin/su`.
This fix copies one extra byte from userspace filename so that when we
encounter filenames like `/system/bin/suasf`,
`/system/bin/su\0` gets compared with `/system/bin/sua`, which correctly
prevents the `su -> sh` path rewriting.
Close#957
According to the instructions in Kconfig, when the `CONFIG_KSU_DEBUG`
option is turned on, KernelSU will run in `debug mode` instead of the
`debug version` mentioned in kernel/ksu.c.
Basic support for the case that init_task.mnt_ns != zygote.mnt_ns(WSA),
just copy nsproxy and fs pointers for solve #276.
Note the copy in `apk_sign.c` is not required but suggested for
secure(ensure the checked mnt_ns is what ns android running, not created
by user, although many distributions does not have user ns.).
Tested with latest release on Win10 19045.3086(with WSAPatch).
Further review required for:
- [x] Security of this operation (without locking).
- [x] The impact of these modifications on other Android distributions.
This patch modifies the following:
- Move the version addition logic in ksu.h to Makefile processing
- Print the current version number of KernelSU during make build
build test (normal):
buildlog:
HOSTCC scripts/basic/bin2c Using .. as source for kernel -- KernelSU
version: 11055
CHK include/generated/utsrelease.h
UPD include/generated/utsrelease.h
KernelSU software:
KernelSU Working Version: 11055 (v) Superusers: 0 Modules: 0
build test (missing .git file):
buildlog:
HOSTCC scripts/basic/bin2c Using .. as source for kernel
../drivers/kernelsu/Makefile:23: "KSU_GIT_VERSION not defined! It is
better to make KernelSU a git submodule!"
CHK include/generated/utsrelease.h
CHK scripts/mod/devicetable-offsets.h
KernelSU software:
KernelSU Working Version: 16 (v) Superusers: 0 Modules: 0
The current kernel version 16 is too low for the manager to function
properly. Please upgrade to version 10977 or higher!
(cherry picked from commit 0c38a1614a77d80de752aba20908e3f9d21660a8)
Change-Id: I570f2ee33db224e1a36770f847137f290ba9bcfd
Co-authored-by: stic-server-open <1138705738@qq.com>
