br0kenpixel/KernelSU
1
0
Fork 0
mirror of https://github.com/tiann/KernelSU.git synced 2025-08-27 23:46:34 +00:00
Code Issues Packages Projects Releases Wiki Activity

Merge remote-tracking branch 'origin/main'

Browse Source
This commit is contained in:
Hosted Weblate
2025-07-10 12:33:13 +02:00
parent bc59ed2d7f 9014c663d1
commit 53336ce4c6
1 changed files with 11 additions and 6 deletions
Download Patch File Download Diff File Expand all files Collapse all files

17
kernel/selinux/rules.c
View File

@@ -24,14 +24,19 @@ static struct policydb *get_policydb(void)
return db; return db;
} }
static DEFINE_MUTEX(ksu_rules);
void apply_kernelsu_rules() void apply_kernelsu_rules()
{ {
struct policydb *db;
if (!getenforce()) { if (!getenforce()) {
pr_info("SELinux permissive or disabled, apply rules!\n"); pr_info("SELinux permissive or disabled, apply rules!\n");
} }
rcu_read_lock(); mutex_lock(&ksu_rules);
struct policydb *db = get_policydb();
db = get_policydb();
ksu_permissive(db, KERNEL_SU_DOMAIN); ksu_permissive(db, KERNEL_SU_DOMAIN);
ksu_typeattribute(db, KERNEL_SU_DOMAIN, "mlstrustedsubject"); ksu_typeattribute(db, KERNEL_SU_DOMAIN, "mlstrustedsubject");
@@ -118,11 +123,11 @@ void apply_kernelsu_rules()
// Allow all binder transactions // Allow all binder transactions
ksu_allow(db, ALL, KERNEL_SU_DOMAIN, "binder", ALL); ksu_allow(db, ALL, KERNEL_SU_DOMAIN, "binder", ALL);
// Allow system server kill su process // Allow system server kill su process
ksu_allow(db, "system_server", KERNEL_SU_DOMAIN, "process", "getpgid"); ksu_allow(db, "system_server", KERNEL_SU_DOMAIN, "process", "getpgid");
ksu_allow(db, "system_server", KERNEL_SU_DOMAIN, "process", "sigkill"); ksu_allow(db, "system_server", KERNEL_SU_DOMAIN, "process", "sigkill");
rcu_read_unlock(); mutex_unlock(&ksu_rules);
} }
#define MAX_SEPOL_LEN 128 #define MAX_SEPOL_LEN 128