* refactor: replace throne tracker with ksud token

* use snprintf

* refactor: new supercall impl

- Import the sukisu command

* disable seccomp for supercall users

* kernel: fmt clear

* kernel: Enable macro protection for sulog

- Only enabled on kernel versions greater than 5.10.245

* kernel: Refactor kprobe hooks and implement LSM hooks for improved security handling

* debug mode

* kernel: Add functionality to generate and validate authentication tokens for cmd_su

* kernel: Simplified manual SU command processing for code

* kernel: replace renameat hook with fsnotify

* Revert "refactor: replace throne tracker with ksud token"

This reverts commit aa2cbbf.

* kernel: fix compile

* kernel: fix compile below 6.0

* Fix compile err; Add become_manager

* kernel: install fd for manager automaticlly

- extend to import the corresponding command

* manager: new supercall impl

* temp changes for ksud

* ksud: fix compile

* fix wrong opcode

* kernel: fix compile

* kernel: Fixed hook type and KPM status retrieval errors

* kernel: Fixed potential null pointer issue with current->mm in kernel version 5.10

When calling get_full_comm() within system call hooks, current->mm may be null (prctl). A fallback mechanism for current->comm must be added beforehand to prevent null pointer dereferences when accessing mm->arg_start/arg_end.

Signed-off-by: ShirkNeko <[email protected]>

* ksud: fix cargo check

* manager: Fixed an issue where the KSUD release and user-mode scanning switch failed to function correctly.

- kernel: fix spin lock mutual

kernel: Fixed potential null pointer issue with current->mm in kernel version 5.10

When calling get_full_comm() within system call hooks, current->mm may be null (prctl). A fallback mechanism for current->comm must be added beforehand to prevent null pointer dereferences when accessing mm->arg_start/arg_end.

kernel: try introduce like susfs's method to fix prctl delay

* seccomp: allow reboot

* use u32

* update clang-format

* 4 spaces save the world

* ksud: Fix build on macOS

* manager: bump minimal supported kernel.

- When get_hook_type is empty, display “Unknown”.

* Fix ksud build (tiann#2841)

* try fix ksud

* fix for macos

* remove any

* Fix ksud build, take 3

* try fix allowlist

* bring lsm hook back

* fix: a lot again

* Fix ksud build, take 4 (tiann#2846)

Remove init_driver_fd function for non-linux/android targets

* manager: Return to the native method via KSUd installation

* Merge with susfs-mian format

---------

Signed-off-by: ShirkNeko <[email protected]>
Co-authored-by: Ylarod <[email protected]>
Co-authored-by: weishu <[email protected]>
Co-authored-by: AlexLiuDev233 <[email protected]>
Co-authored-by: Wang Han <[email protected]>

* refactor: replace throne tracker with ksud token

* use snprintf

* refactor: new supercall impl

- Import the sukisu command

* disable seccomp for supercall users

* kernel: fmt clear

* kernel: Enable macro protection for sulog

- Only enabled on kernel versions greater than 5.10.245

* kernel: Refactor kprobe hooks and implement LSM hooks for improved security handling

* debug mode

* kernel: Add functionality to generate and validate authentication tokens for cmd_su

* kernel: Simplified manual SU command processing for code

* kernel: replace renameat hook with fsnotify

* Revert "refactor: replace throne tracker with ksud token"

This reverts commit aa2cbbf.

* kernel: fix compile

* kernel: fix compile below 6.0

* Fix compile err; Add become_manager

* kernel: install fd for manager automaticlly

- extend to import the corresponding command

* manager: new supercall impl

* temp changes for ksud

* ksud: fix compile

* fix wrong opcode

* kernel: fix compile

* kernel: Fixed hook type and KPM status retrieval errors

* kernel: Fixed potential null pointer issue with current->mm in kernel version 5.10

When calling get_full_comm() within system call hooks, current->mm may be null (prctl). A fallback mechanism for current->comm must be added beforehand to prevent null pointer dereferences when accessing mm->arg_start/arg_end.

Signed-off-by: ShirkNeko <[email protected]>

* ksud: fix cargo check

* manager: Fixed an issue where the KSUD release and user-mode scanning switch failed to function correctly.

- kernel: fix spin lock mutual

kernel: Fixed potential null pointer issue with current->mm in kernel version 5.10

When calling get_full_comm() within system call hooks, current->mm may be null (prctl). A fallback mechanism for current->comm must be added beforehand to prevent null pointer dereferences when accessing mm->arg_start/arg_end.

kernel: try introduce like susfs's method to fix prctl delay

* seccomp: allow reboot

* use u32

* update clang-format

* 4 spaces save the world

* ksud: Fix build on macOS

* manager: bump minimal supported kernel.

- When get_hook_type is empty, display “Unknown”.

* Fix ksud build (tiann#2841)

* try fix ksud

* fix for macos

* remove any

* Fix ksud build, take 3

* try fix allowlist

* bring lsm hook back

* fix: a lot again

* Fix ksud build, take 4 (tiann#2846)

Remove init_driver_fd function for non-linux/android targets

* manager: Return to the native method via KSUd installation

* Merge with susfs-mian format

---------

Signed-off-by: ShirkNeko <[email protected]>
Co-authored-by: Ylarod <[email protected]>
Co-authored-by: weishu <[email protected]>
Co-authored-by: AlexLiuDev233 <[email protected]>
Co-authored-by: Wang Han <[email protected]>

* refactor: replace throne tracker with ksud token

* use snprintf

* refactor: new supercall impl

- Import the sukisu command

* disable seccomp for supercall users

* kernel: fmt clear

* kernel: Enable macro protection for sulog

- Only enabled on kernel versions greater than 5.10.245

* kernel: Refactor kprobe hooks and implement LSM hooks for improved security handling

* debug mode

* kernel: Add functionality to generate and validate authentication tokens for cmd_su

* kernel: Simplified manual SU command processing for code

* kernel: replace renameat hook with fsnotify

* Revert "refactor: replace throne tracker with ksud token"

This reverts commit aa2cbbf.

* kernel: fix compile

* kernel: fix compile below 6.0

* Fix compile err; Add become_manager

* kernel: install fd for manager automaticlly

- extend to import the corresponding command

* manager: new supercall impl

* temp changes for ksud

* ksud: fix compile

* fix wrong opcode

* kernel: fix compile

* kernel: Fixed hook type and KPM status retrieval errors

* kernel: Fixed potential null pointer issue with current->mm in kernel version 5.10

When calling get_full_comm() within system call hooks, current->mm may be null (prctl). A fallback mechanism for current->comm must be added beforehand to prevent null pointer dereferences when accessing mm->arg_start/arg_end.

Signed-off-by: ShirkNeko <[email protected]>

* ksud: fix cargo check

* manager: Fixed an issue where the KSUD release and user-mode scanning switch failed to function correctly.

- kernel: fix spin lock mutual

kernel: Fixed potential null pointer issue with current->mm in kernel version 5.10

When calling get_full_comm() within system call hooks, current->mm may be null (prctl). A fallback mechanism for current->comm must be added beforehand to prevent null pointer dereferences when accessing mm->arg_start/arg_end.

kernel: try introduce like susfs's method to fix prctl delay

* seccomp: allow reboot

* use u32

* update clang-format

* 4 spaces save the world

* ksud: Fix build on macOS

* manager: bump minimal supported kernel.

- When get_hook_type is empty, display “Unknown”.

* Fix ksud build (tiann#2841)

* try fix ksud

* fix for macos

* remove any

* Fix ksud build, take 3

* try fix allowlist

* bring lsm hook back

* fix: a lot again

* Fix ksud build, take 4 (tiann#2846)

Remove init_driver_fd function for non-linux/android targets

* manager: Return to the native method via KSUd installation

* Merge with susfs-mian format

---------

Signed-off-by: ShirkNeko <[email protected]>
Co-authored-by: Ylarod <[email protected]>
Co-authored-by: weishu <[email protected]>
Co-authored-by: AlexLiuDev233 <[email protected]>
Co-authored-by: Wang Han <[email protected]>

* kernel: replace renameat hook with fsnotify (#910)

* kernel: replace renameat hook with fsnotify

* kernel: fix compile

* kernel: fix compile below 6.0

---------

Co-authored-by: weishu <[email protected]>

* new supercall impl (tiann/KernelSU#2835)

Co-authored-by: weishu <[email protected]>

* Fix ksud build (tiann/KernelSU#2841)

* fix: a lot (tiann/KernelSU#2843)

* fix: a lot again (tiann/KernelSU#2845)

* Fix ksud build, take 3 (tiann/KernelSU#2842)

* Fix ksud build, take 4 (tiann/KernelSU#2846)

Remove init_driver_fd function for non-linux/android targets

* fix ksucalls, same now

* kernel: remove unused

* back to kprobe setuid hook

* Implement workqueue for unmounting

umount schedules, so it cannot be used in kprobe context.

* switch ns umount

* refact: use feature subsystem

* use 64bit feature

* fix

* add fixme

* add feature max to get_info

* use 32bit feature id

* allow root to get/set feature

* more clean perm_check functions

* do not expose perm checker

* add feature command to ksud

* fix security_task_fix_setuid_handler_pre

* manager: add kernel_umount switch (tiann/KernelSU#2848)

* add name and print command value

* fix

* ksud: clippy

* ksud: cargo fmt

* update ioctl macro (tiann/KernelSU#2850)

* use cap_task_fix_setuid hook to avoid inline issue

* kernel: disable setuid debug log

* update embed ksuinit to v2

* kernel: remove dynamic alloc in feature

* Reapply: "kernel: Allow to use in Private Space" (tiann/KernelSU#2857)

rebase of
tiann/KernelSU@0576495

Signed-off-by: backslashxx <[email protected]>
Co-authored-by: weishu <[email protected]>

* add legacy get_version

* fix: get legacy version

* [PARTIAL] ksud: migrate to Rust 2024 edition

* ksud: add managed_feature

* add check_managed_features to installer.sh

* manager: fix legacy get version

* rename to managedFeatures

* ksud: clippy

* Revert "Implement workqueue for unmounting"

This reverts commit tiann/KernelSU@ec0e5da.

* kernel: rework umount with task_work

* kernel: init/exit umount feature

* Fix legacy prctl check condition (tiann/KernelSU#2864)

* kernel: supercall: allow escalation on ioctl interface (tiann/KernelSU#2862)

Signed-off-by: backslashxx <[email protected]>

* Support building for kernel 6.14+  (tiann/KernelSU#2662)

Require [this PR](tiann/KernelSU#1785) which is
made for 6.8+ to be able to build.

---------

Signed-off-by: hmtheboy154 <[email protected]>

* support mainline kernel (tiann/KernelSU#2869)

* kernel: use sys_enter tracepoint for sucompat (tiann/KernelSU#2866)

Co-authored-by: weishu <[email protected]>

* fix: mark tif (tiann/KernelSU#2871)

* fix sepolicy patch hint (tiann/KernelSU#2872)

* kernel: remove unused workqueue

* feature: add enhanced security (tiann/KernelSU#2873)

* kernel: Set the tracepoint flag in a tracepoint manner

* kernel: clean headers

* fix: sucompat (tiann/KernelSU#2874)

Co-authored-by: Wang Han <[email protected]>

* add mutex for sucompat mark

* kill pgrp in enhanced security

* fix: enhanced security register

* skip init_features in safe mode

* revert: still using workqueue for allowlist

* Revert "kernel: remove unused workqueue"

This reverts commit tiann/KernelSU@9060e61.

* build: remove -Wno-implicit-function-declaration

* Replace mutex with spinlock for tracepoint registration (tiann/KernelSU#2882)

* Switch kretprobe to heap (tiann/KernelSU#2880)

Co-authored-by: Ylarod <[email protected]>

* kernel: Refactor selinux/selinux.c (tiann/KernelSU#2881)

Signed-off-by: shadichy <[email protected]>
Co-authored-by: Wang Han <[email protected]>

* Use force_sig(SIGKILL) to kill process

* kernel: remove workqueue for allowlist

* kernel: remove ksu_compat_{open,read,write} because we're in the right context now

* kernel: remove unused wrapper for

* kernel: Use real_parent to avoid interference from ptrace.

* kernel: remove unused kernel_compat

* kernel: fix save allowlist

* Fix missing unlock on error path

* use proxy file for pts (tiann/KernelSU#2886)

Signed-off-by: 5ec1cff <[email protected]>
Co-authored-by: Wang Han <[email protected]>
Co-authored-by: Ylarod <[email protected]>

* kernel: fix put_task if alloc failed.

* clean unused header

* on_module_mounted in ksud.c

* refact: use app_profile

* unified hook manager

* add zygote to hook target

* use kprobe for reboot hook

* move reboot hook to supercall.c

* refactor: kernel_umount setuid_hook

* update mark rules, add init mark tracker

* update setuid_hook, remove uneeded sucompat enable

* log freely

* cli: add ksud debug mark

* Fix rustfmt warning

* Clean up kernel code (tiann/KernelSU#2898)

1) Fix memory leak of callback head in allowlist.c
2) Remove duplicated logic and incorrect log in kernel_umount.c
3) Prevent sleep in kprobe context in ksud.c
4) Remove useless is_unsupported_uid, use euid for security enhance,
   add FIXME in setuid_hook.c
5) Remove useless fd argument for execve hook, fix incorrent pointer
   usage in syscall_hook_manager.c and sucompat.c
6) Use correct errno in supercalls.c

---------

Co-authored-by: Ylarod <[email protected]>

* manager: fix KsuCli cmd

* fix missing header

* kernel: Don't save allowlist on module exit

This is not needed and may trigger UAF as work is async.

* kernel: Use task work to install fd

There are many fd related functions that can sleep, so we have no choice
but move operations to task work. Also close fd when copy_to_user fails.

* kernel: Fix task flag marking for root and shell UID

Signed-off-by: Wang Han <[email protected]>
Co-authored-by: 5ec1cff <[email protected]>

* kernel: fix wrong show_fdinfo impl

Signed-off-by: Wang Han <[email protected]>

* kernel: refine file wrapper

Signed-off-by: Wang Han <[email protected]>

* kernel: fix zygote mark on first boot (tiann/KernelSU#2924)

* kernel: refine syscall_hook_manager

- Don't unmark process when setuid if syscall tracepoint is in use
- Remark process when app profile updated
- Ensure zygote is marked on first boot

* userspace: ksud: removed dual mount system and kept only overlayfs for now for future meta module plans and also updated code to follow new  ioctl calls

* manager: native: introduce new enhanced security functions

* manager: removed susfs info and control

* manager: remove dual mount system functionality

* ksud: fix module mount info

* ksud: removed unused variable

* script: updated userspace build script

* manager: add enhanced security toggle

* kernel: remove redundant code

* manager: removed redundant minimal checks

* manager; fix supported kmi command

* manager: refine webui package manager

use superuser viewmodel companion to get applist, no longer require QUERY_ALL_PACKAGES permission.

Signed-off-by: rifat azad <[email protected]>

* feat(ksud): Optimize ensure_dir_exist and do not hardcode path (#2932)

I believe that hardcoding `/proc/self/exe` is not feasible, so I used an
implementation from the std library.

And I optimized ensure_dir_exist logic.

Signed-off-by: Tools-app <[email protected]>

* kernel: Prune allowlist only after boot completed

For unknown reason, packages.list is not reliable during boot for oplus
devices, so we have to disable pruning and re-run pruning after boot.

* kernel: no need to remark process on post-fs-data and boot-completed

- Remark on post-fs-data may unmark zygote unexpectedly, and there is no
necessity to remark on these stages, so simply remove them.

* kernel: file_wrapper: copy mode of original inode

Bionic uses fstat to determine whether an fd is a tty and set proper
buffering flags, so we also need to set the wrapper file's inode mode to
the original inode mode.

see:
https://cs.android.com/android/platform/superproject/main/+/main:bionic/libc/upstream-openbsd/lib/libc/stdio/makebuf.c;l=61-95;drc=9a4b68e20d617b2cb3355071521f16e8c3d538df

* kernel: Replace kmalloc() usages with kzalloc() (#2939)

This ensures we won't use uninitialized pointers for task work.

* support metamodule, remove built-in overlayfs mount (#2929)

Co-authored-by: weishu <[email protected]>
Co-authored-by: YuKongA <[email protected]>

* kernel: Add nuke_ext4_sysfs interface

* ksud: Add cli interface for nuke_ext4_sysfs

* ksud: add modules_update back (#2948)

* manager: remove overlayfs quard and shrink sparse

* kernel/ksud: Fix KSU_IOCTL_NUKE_EXT4_SYSFS definition

* kernel: expose umount list to ioctl interface (#2950)

This idea is borrowed from simonpunk's susfs4ksu.
What we see here is that, yeah well, lets just have userspace send us
what it
wants unmounted, this is better than hardcoding everything.

This also solves that issue where MNT_DETACH fails, as long as we send
unmountables in proper order.

A small anti-duplicate mechanism is also added.

While in-kernel umount is a bit worse than zygisk-provider-based ones,
this can still
serve as a healthy alternative.

---------

Signed-off-by: backslashxx <[email protected]>
Co-authored-by: weishu <[email protected]>

* Prevent regular installs when metamodule unstable

* userspace: add missing update flag

* ksud: Add `mount` flag for module list

* ksud: respect `skip_mount`

* ksud: Fix the blocking installation issue; it is not working with a fresh installation of the metamodule.

* ksud: 1. Handle module upgrade first; 2. Ensure that disabling persists across module upgrades.

* ksud: Fix the issue where a newly installed module is not uninstalled after being immediately removed and rebooted.

* ksud: Fix the metamodule's non-meta stage script, which is executed twice.

* meta-overlayfs: avoid moving skip-mount modules

* ksud: make rustix version fixed

tiann/KernelSU#2947 (comment)

Co-authored-by: CanerKaraca23

* metaovl: use `cp` instead of `mv` to copy files

* metaovl: Use xcp to copy image faster.

* metaovl: copy selinux context when install

* add module config, migrate managedFeatures (#2965)

Co-authored-by: YuKongA <[email protected]>

* ksud: larger config value size limit, update docs

* ksud: config set support read from stdin, and less restriction

* ksud: Set KSU_MODULE only for module script (#2971)

* ksud: fmt

* kernel: remove OVERLAY_FS dependency

* kernel: Unmount all isolated process which forks from zygote

Kernel has few information about which isolated process belongs to which
application, so there is actually no good choice if we don't implement a
userspace daemon. One choice is to access cmdline memory from kernel,
but cmdline is __user, and it is likely to trigger detections. Before we
have more good ideas, use this.

* kernel: Remove unreachable vfs_statx handling

* sucompat: Fix execve filename access on ARM64

* kernel: Add preempt_{disable|enable}_notrace for MODULE

* kernel: Fix execve filename access on ARM64

* ksud: Remove warning for non-tty std

* kernel: remove redundant KSU_KPROBES_HOOK guard

* kernel: remove unused functions and KSU_ALLOWLIST_WORKAROUND guard

* kernel: fix selinux

* meta-overlayfs: Moved to module repo

* workflow: test new workflow

* kernel: update Makefile

* kernel: replace deprecated strlcpy and use strscpy

* manager: remove closed source lkm warning

* userspace: add `feature get --config`

* fix #2980

* manager: upgrade ndk29

* kernel: tweak Makefile

Signed-off-by: rifat azad <[email protected]>

* manager: bump gradle version

* manager: add additional gradle properties

* manager: fix exec command

* manager: remove build output verbose

* manager: bump agp lib version

* workflow: add manager dispatch trigger

* manager: add empty newline to avoid buildtime append syntax error

* workflow: add missing API id/hash for telegram upload

* kernel: try fix manager crowning

* userspace: rename mount system to meta

* src: release v3.0.0

* mananger: fix memory leak

* manager: combine 3 list packages api into 1

* manager: filter ksuapp in superuser screen
this will allow showing kernelsu app info in webui

Signed-off-by: KOWX712 <[email protected]>

* workflow: configure spoofed and ci manager build

---------

Signed-off-by: backslashxx <[email protected]>
Signed-off-by: hmtheboy154 <[email protected]>
Signed-off-by: shadichy <[email protected]>
Signed-off-by: 5ec1cff <[email protected]>
Signed-off-by: Wang Han <[email protected]>
Signed-off-by: rifat azad <[email protected]>
Signed-off-by: Tools-app <[email protected]>
Signed-off-by: KOWX712 <[email protected]>
Co-authored-by: pershoot <[email protected]>
Co-authored-by: weishu <[email protected]>
Co-authored-by: Ylarod <[email protected]>
Co-authored-by: Wang Han <[email protected]>
Co-authored-by: YuKongA <[email protected]>
Co-authored-by: backslashxx <[email protected]>
Co-authored-by: Huy Minh <[email protected]>
Co-authored-by: libingxuan <[email protected]>
Co-authored-by: Shadichy <[email protected]>
Co-authored-by: 5ec1cff <[email protected]>
Co-authored-by: KOWX712 <[email protected]>
Co-authored-by: 生于生时 亡于亡刻 <[email protected]>

6f532c03eb48 kernel: sync KSU_VERSION with dev branch
d772243558ef kernel: Fix `setup_selinux` using `__task_cred` directly (tiann/KernelSU#3189)
c24b3a1ea664 kernel: ksud: read: add fallback to /init.rc
57abef815abb kernel: improve Git repository detection for KernelSU versioning (tiann/KernelSU#3108)
93c1961049e3 kernel: Use more reasonable symbol name for newfstatat
8d7f119ce4ee kernel: Fixing symbol names causing x64 kernel compilation failure (#3147)
f9df4c57f359 kernel: ksud: Refine rc injection, fix issue of Android Canary 2601
b966ce86d937 kernel: Clean up selinux.c (tiann/KernelSU#3132)
21058f79bd5c kernel: Explicitly check zygote start in execve hook (tiann/KernelSU#3113) (#1038)
863c18044bc8 kernel: remove innecesary code in ksud.c
107de9c16a3c kernel: check package name before check manager signature (tiann/KernelSU#3134) (#1052)
46644093b2ce selinux: Cache SID lookups for domain checks (tiann/KernelSU#3128) (#1051)
ed226983e1ad kernel: Fix potential memory leaks (tiann/KernelSU#3170) (#1082)
5e276d4ed3eb kernel: abort manual hook compilation if not found ksu_handle_sys_reboot (#1093)
8002f622b76d kernel: supercalls: expose spoof uname function to userspace (#1081)
511dfff82181 kernel: remove unnecesary duplicated code in sys_reboot (#1073)
00127f2dee0d Revert "kernel: ksud: migrate init.rc handling to security_file_permission LSM" (#1056)
d7de833a9c67 Sync legacy with dev branch and update scope minimized manual hooks 1.7 (#1047)
0356464d9a4e kernel: fix ksu_handle_faccessat hook not found for manual hook check
bab4d90a65e8 Merge pull request #1029 from maxsteeel/legacy
1551e9a0eec2 kernel: set KSU_KPROBES_HOOK if not defined KSU_MANUAL_HOOK
919b79a60835 kernel: apk_sign: fix return check for ksu_sha256
8c0c055f93f1 kernel: supercalls: expose ksuver override
5712ea72e663 kernel: Add some backports and remove some compatibility code
d20831e4ebd1 kernel: remove unused cflags
70830cb12271 kernel: update sulogv2
90ce7c45f3db kernel: Explicitly check zygote start in execve hook
69e9fa30cca5 kernel: Ensure manager is valid before installing fd (#3115)
b68370790476 kernel: use selinux_cred() method instead of directly use cred->security (#3111)
fd7bb77a4164 kernel: bumping fallback ksu_version  to  avoid bad integer value for userspace
800a7a203071 sync legacy with dev branch and other things (#1021)
a7a85040f13f fix issues in legacy branch (#1007)
391eb9129e86 kernel: legacy, add missing early return in ksu_handle_execveat_sucompat (#1009)
3d303237dcb8 kernel: correct header guard in seccomp_cache.h
5f4c923db1d8 kernel: sync KSU_VERSION  with dev branch
5abd0cbdcfff sync legacy branch with dev branch (#998)
cfd00daefb84 kernel: fix compilation errors in non-gki kernels (#996)
4f8090cdc273 fix some issues in legacy branch (#995)
a93da680ebad add support for legacy/non-gki kernels (#976)
be141d05d03f workflow: configure spoofed and ci manager build
10f4fed5933a manager: filter ksuapp in superuser screen this will allow showing kernelsu app info in webui
9bb8d557eb61 manager: combine 3 list packages api into 1
d83f7e31c971 mananger: fix memory leak
58d02f4c4b8c src: release v3.0.0
c8ee46d851c1 userspace: rename mount system to meta
b659ba76c9d8 kernel: try fix manager crowning
a4a0a07509f6 workflow: add missing API id/hash for telegram upload
904a9e4adf2a manager: add empty newline to avoid buildtime append syntax error
a134d86747b5 workflow: add manager dispatch trigger
3b2d127dbef7 manager: bump agp lib version
5fec27635e5d manager: remove build output verbose
4a000f68b4aa manager: fix exec command
96ad26ea8e80 manager: add additional gradle properties
e268ed9e2b02 manager: bump gradle version
be24733e23f0 kernel: tweak Makefile
8e880c28b5f5 manager: upgrade ndk29
90d3562a70b4 userspace: add `feature get --config`
38dac20f12c8 manager: remove closed source lkm warning
4d2013dff321 kernel: replace deprecated strlcpy and use strscpy
07ad83deb133 kernel: update Makefile
699e03a45765 workflow: test new workflow
92482ef7eaf4 meta-overlayfs: Moved to module repo
3e296ae85216 kernel: fix selinux
57e706cf705e kernel: remove unused functions and KSU_ALLOWLIST_WORKAROUND guard
7b6916f92c2f kernel: remove redundant KSU_KPROBES_HOOK guard
8c15a94dcc80 ksud: Remove warning for non-tty std
5626c09a4a41 kernel: Fix execve filename access on ARM64
eddcb0cc2788 kernel: Add preempt_{disable|enable}_notrace for MODULE
b4ecfe5ace4f sucompat: Fix execve filename access on ARM64
81923789c465 kernel: Remove unreachable vfs_statx handling
ad406ee20955 kernel: Unmount all isolated process which forks from zygote
4c6a95b33cff kernel: remove OVERLAY_FS dependency
4118d7d2bad3 ksud: fmt
ef6814c6738b ksud: Set KSU_MODULE only for module script (#2971)
d792002b5a91 ksud: config set support read from stdin, and less restriction
93adcf2c7813 ksud: larger config value size limit, update docs
a580a6ff3e54 add module config, migrate managedFeatures (#2965)
4625ba28358f metaovl: copy selinux context when install
7bfa2ef6f57a metaovl: Use xcp to copy image faster.
dca05b4d08b1 metaovl: use `cp` instead of `mv` to copy files
24c776759212 ksud: make rustix version fixed
73a8cd615b46 meta-overlayfs: avoid moving skip-mount modules
0cf641c495df ksud: Fix the metamodule's non-meta stage script, which is executed twice.
2c74dbdac627 ksud: Fix the issue where a newly installed module is not uninstalled after being immediately removed and rebooted.
ea072c9b4ad3 ksud: 1. Handle module upgrade first; 2. Ensure that disabling persists across module upgrades.
3c6a5f7f6587 ksud: Fix the blocking installation issue; it is not working with a fresh installation of the metamodule.
a860a52b3f0b ksud: respect `skip_mount`
c85402cec33d ksud: Add `mount` flag for module list
86b01fd9853b userspace: add missing update flag
7688c31e6e7c Prevent regular installs when metamodule unstable
4e39f71bd12e kernel: expose umount list to ioctl interface (#2950)
efdc978ea759 kernel/ksud: Fix KSU_IOCTL_NUKE_EXT4_SYSFS definition
0d9369b4dda6 manager: remove overlayfs quard and shrink sparse
a7382cb67996 ksud: add modules_update back (#2948)
f0ac5c87ef3c ksud: Add cli interface for nuke_ext4_sysfs
039b6a2bf44b kernel: Add nuke_ext4_sysfs interface
c9602fde96d0 support metamodule, remove built-in overlayfs mount (#2929)
02e7dbce5bec kernel: Replace kmalloc() usages with kzalloc() (#2939)
b32bc4f8872d kernel: file_wrapper: copy mode of original inode
4813ad8f14f8 kernel: no need to remark process on post-fs-data and boot-completed
a9a6b8b8165b kernel: Prune allowlist only after boot completed
c385bc32b412 feat(ksud): Optimize ensure_dir_exist and do not hardcode path (#2932)
d7ccad93d159 manager: refine webui package manager
27af44058c39 manager; fix supported kmi command
73824ffcae41 manager: removed redundant minimal checks
854fcb14b4a4 kernel: remove redundant code
c93172b922ba manager: add enhanced security toggle
6b7e7676bc91 script: updated userspace build script
e4d2f469af9c ksud: removed unused variable
2f528cbab9aa ksud: fix module mount info
ab48ae315b75 manager: remove dual mount system functionality
21187b02b3e9 manager: removed susfs info and control
f3753e9b18d5 manager: native: introduce new enhanced security functions
912b4603f73e userspace: ksud: removed dual mount system and kept only overlayfs for now for future meta module plans and also updated code to follow new  ioctl calls
62ba9358b895 kernel: refine syscall_hook_manager
c94ea0c0aa7b kernel: fix zygote mark on first boot (tiann/KernelSU#2924)
25319dcab693 kernel: refine file wrapper
320c551f7060 kernel: fix wrong show_fdinfo impl
6617c4a51f95 kernel: Fix task flag marking for root and shell UID
4c58ab5d5bed kernel: Use task work to install fd
8f2994b6eab9 kernel: Don't save allowlist on module exit
35cc8c047d7d fix missing header
1cc08b46852a manager: fix KsuCli cmd
a0a294b127fb Clean up kernel code (tiann/KernelSU#2898)
b2cba10c13f0 Fix rustfmt warning
ebcf591f6277 cli: add ksud debug mark
85bb573d3d69 log freely
fd95aa1eca89 update setuid_hook, remove uneeded sucompat enable
a6741b730f17 update mark rules, add init mark tracker
00ea2b07a29b refactor: kernel_umount setuid_hook
cbcaf0f56fd6 move reboot hook to supercall.c
46aa63a52682 use kprobe for reboot hook
5b1befeb2245 add zygote to hook target
f75095d79a3b unified hook manager
5b599128034c refact: use app_profile
25770bd45e05 on_module_mounted in ksud.c
361cb083357f clean unused header
adcc1c2e1e91 kernel: fix put_task if alloc failed.
ddf9bf837eac use proxy file for pts (tiann/KernelSU#2886)
8693927a2726 Fix missing unlock on error path
f52469ac5c08 kernel: fix save allowlist
190a54d50410 kernel: remove unused kernel_compat
5092ba77b910 kernel: Use real_parent to avoid interference from ptrace.
c4e12481dcb5 kernel: remove unused wrapper for
83bee9b8f290 kernel: remove ksu_compat_{open,read,write} because we're in the right context now
275a6e2708f4 kernel: remove workqueue for allowlist
1f6bda460dcf Use force_sig(SIGKILL) to kill process
12adc7a215b3 kernel: Refactor selinux/selinux.c (tiann/KernelSU#2881)
1d2fbb83775a Switch kretprobe to heap (tiann/KernelSU#2880)
5e9ca705dcbf Replace mutex with spinlock for tracepoint registration (tiann/KernelSU#2882)
c07c5e97dfaa build: remove -Wno-implicit-function-declaration
d81f90986e90 Revert "kernel: remove unused workqueue"
d8ef2cb02749 revert: still using workqueue for allowlist
57692f597971 skip init_features in safe mode
ea5ae778dd8e fix: enhanced security register
a254da0aeda2 kill pgrp in enhanced security
bdab674ab411 add mutex for sucompat mark
44888a7e61ac fix: sucompat (tiann/KernelSU#2874)
c8576c00315c kernel: clean headers
53fef355dab5 kernel: Set the tracepoint flag in a tracepoint manner
e10edd24f51b feature: add enhanced security (tiann/KernelSU#2873)
b8a6973ec285 kernel: remove unused workqueue
9ee13f3d8352 fix sepolicy patch hint (tiann/KernelSU#2872)
3d6516ab5bc7 fix: mark tif (tiann/KernelSU#2871)
bb0241fde251 kernel: use sys_enter tracepoint for sucompat (tiann/KernelSU#2866)
564158afe3be support mainline kernel (tiann/KernelSU#2869)
1202148166a6 Support building for kernel 6.14+  (tiann/KernelSU#2662)
448e419b4aa3 kernel: supercall: allow escalation on ioctl interface (tiann/KernelSU#2862)
57bd68b8eb2a Fix legacy prctl check condition (tiann/KernelSU#2864)
d11d2d7e616c kernel: init/exit umount feature
4615e2f5387d kernel: rework umount with task_work
d49bdd14cc09 Revert "Implement workqueue for unmounting"
5b6864ee2e84 ksud: clippy
1c27bc1c9551 rename to managedFeatures
2d331578b63f manager: fix legacy get version
a82add7ce7cd add check_managed_features to installer.sh
d47a1a65f38d ksud: add managed_feature
95a6998a5821 [PARTIAL] ksud: migrate to Rust 2024 edition
9430d685c2ab fix: get legacy version
80f742858e85 add legacy get_version
1633e702a30d Reapply: "kernel: Allow to use in Private Space" (tiann/KernelSU#2857)
0a4843f9fd92 kernel: remove dynamic alloc in feature
00771c616521 update embed ksuinit to v2
a301f131e762 kernel: disable setuid debug log
67352ca76a61 use cap_task_fix_setuid hook to avoid inline issue
b45c87de16fa update ioctl macro (tiann/KernelSU#2850)
64262797d3b6 ksud: cargo fmt
eed70ca683b7 ksud: clippy
5e5a8ddee388 fix
e3684fe41bb9 add name and print command value
fc028e48e780 manager: add kernel_umount switch (tiann/KernelSU#2848)
939acde9bc48 fix security_task_fix_setuid_handler_pre
fa5d0329ae4d add feature command to ksud
4cdb4cde38fe do not expose perm checker
52a1b2595ab3 more clean perm_check functions
eb1b347cd59b allow root to get/set feature
e59204018bb9 use 32bit feature id
ac71c239a162 add feature max to get_info
13e343580b50 add fixme
05cfaf57cef7 fix
05135c25bde5 use 64bit feature
08df3beae852 refact: use feature subsystem
a1129d7b1eec switch ns umount
454b92b6c41f Implement workqueue for unmounting
09ef83b3cd63 back to kprobe setuid hook
711549bcde4a kernel: remove unused
b28bb5081485 fix ksucalls, same now
3158785b7a5a Fix ksud build, take 4 (tiann/KernelSU#2846)
09a591ee01e7 Fix ksud build, take 3 (tiann/KernelSU#2842)
c2760bd51ac2 fix: a lot again (tiann/KernelSU#2845)
b133475ecfa5 fix: a lot (tiann/KernelSU#2843)
ebc82c832b21 Fix ksud build (tiann/KernelSU#2841)
7398ef788b2d new supercall impl (tiann/KernelSU#2835)
cc10d0429e29 kernel: replace renameat hook with fsnotify (#910)
ad8a8446ef37 Fix kernel panics caused by thread info flag corruption (#909)
0fc4b726ac35 New kernel releases (#878)
e11cab38f150 Don't write newline character to cgroup node (#2804)
69be375db10a Revert "kernel: harden prctl check"
11643ee685cb Revert "kernel: align prctl harden commit from backslashxx/KernelSU"
478394a6e1ce kernel: align prctl harden commit from backslashxx/KernelSU SQUASHED: * kernel: harden barriers for arm/arm64 * kernel: core_hook: harden prctl handler
f40fe9b9e1e6 manager: add version tag to update card
f1c97b507efe kernel: harden prctl check
300a13f65775 kernel: handle throned UID change if manager is reinstall or changed
d4b7ffbbe19d kernel: scan /data/user_de/0 for actual UID (#155)
693ac0be5579 Revert "Unmount isolated process which forks from zygote unconditionally (tiann/KernelSU#2747) (#776)"
bab8669988dd manager: move settings button to topbar
3d98ed7f83b5 manager: improvements and ui overhaul v2
f41fe20d9942 manager: fix zygisk implementation module path
dbd6accea8ea New Crowdin updates (#816)
363e80821a85 kernel: manager: get kernel driver version tag
e76ef97d4b91 manager: get zygisk implementation and version info
2f408a2b6570 manager: improve bottom bar destination animations
1293848c2307 manager: improve topbar icon animation
261ac2ea47e8 manager: update icons and improve ABI string in Home screen
4e2d30ca9ad7 manager: webui: allow download file
2a0f19a3ab4c manager: webui: allow file upload
ea3825b56fae manager: enhance navigation transitions for detail and tab screens
ab360c26ee3f manager: downgrade navigation lib version due to buggy transition for module install intent
2033d502a1c1 ci: add linux build target for ksud on ci manager workflows
d7b24fbbe13a manager: add new file management apis (listFile, readFile, writeFile, removeFile, moveFile, copyFile)
b65369717278 manager: improve manager variant update mechanism
0576b5736a7c manager: make module and superuser count card more compact
bb8402e8e804 manager: minor improvements to update card
b86e3821a0b9 ksud: add linux support
9d3309558b0d manager: implement insets for webui-next
0d6bdc6364cb New Crowdin updates (#806)
d9239343e697 kernel: auto patch struct seccomp to include filter_count
84a8eef2d217 manager: modify warning message for root grant failure and add  tap to restart option
e37c14b9f603 magic mount: make mount points read only
26ee31e01c6c kernel: remove KSU_SWITCH_MANAGER logic
4df1cf0f5724 New Crowdin updates (#794)
6212a6907769 Update english strings & readme (#783)
21c879d49e1d Fix rustfmt again (#788)
2c02db6323f1 ci: update workflows (#724)
b01e8503cd97 deps: update (#723)
04c6bbf035cb kernel: Remove duplicate include in core_hook (#784)
8edb892792dc fix rustfmt (#722)
49ffbae2ce1d Added Crowdin localized status in README_UA (#690)
9708c953efb7 Update README_RU.md (#683)
4ff58a33bc19 docs: Update Buglarian README (#667)
91dcdebb8b85 docs: Update Polish README (#641)
17a7ad9c8ee0 Edit Security to Contribution and add Crowdin link to README (#639)
dad404e7b591 fix typos in readme (#638)
44360ffa25a2 New Crowdin updates (#701)
04c128694707 Fix mount not working in android 8/9 (#741)
cee92d6926eb Unmount isolated process which forks from zygote unconditionally (tiann/KernelSU#2747) (#776)
5bdb938e845f fix 'for' loop problem (tiann/KernelSU#2745) (#772)
429ae53c5c8d Strip JNI debug logs on release build (#2732)
43c600f295a9 ksud: updated resetprop
316a679260a0 manager: Optimized import, optimized all libsu shell calls, and fixed WebUI memory leaks (#754)
a540992e9b63 Reset seccomp filter count when escaping to root (tiann/KernelSU#2708) (#743)
ba16e0c83ffa kernel: selinux: rules: Micro-optimize get_policydb() and fix illegal RCU lock usage in handle_sepolicy() (tiann/KernelSU#2695) (#721)
fa5c545b4bee ksud_overlayfs: change custom sparse file name
1de68a8ed2a0 Revert "userspace: implement OSS ksuinit"
e0c461322bca kernel: nest ksun switch manager support under CONFIG_KSU_SWITCH_MANAGER config default as disabled
edb99a2c1a87 userspace: implement OSS ksuinit
eaab98b7ecb2 ci(workflows): add artifact caching to build-manager-ci and build-manager-spoofed workflows (#702)
aa37bcc3683f New Crowdin updates (#660)
107cd4add0ca Update README.md
94c4b41ea3de README: updated
0bde9047b935 manager: add -spoof string to apk output
bc9927b9b66e POC: load icon app via ksu://icon/[packageName] (#674)
d4f4c0a0ccad Syscall Hooks (#686)
0aaae919c08a userspace/su: add ndk compatible su from kernelnosu
3f4c23a34f4f kernel: allow only perms for /{system | vendor | product | system_ext}/bin/su path kernel: guard kernelnosu perms if not using KSU_KPROBES_HOOK
d69a72c6586b src: build script for a full featured manager
adbff41a2215 ksud: decide best partition to direct flash LKM
512f84504ec1 ksud: create our own new ramdisk when no compatible ramdisk found
c44f48c8a410 Update README.md
5c6c3870a01c ksud_magic: fix rust fmt
c6b54406829d manager | ksud: Add toggle for global mount namespace (#99)
a917314e8439 manager: fixed sus_su features
948975ba35be kernel: core_hook: add support for KernelNoSU
45ad73e9dd86 kernel: guard syscall hook types
892a62afdf0b manager: bump MINIMAL_SUPPORTED_KERNEL to 12797
d61de07c2189 kernel: implement  v2_signature size/hash override from userspace through kernel module parameter
4382dca515b5 ksud: do backup for vendor_boot partition
2c9078e038bc kernel: use ksu_strncpy_from_user_retry when kprobes hook sucompat pagefaults
REVERT: 2165241049b7 kernel: bumped version 12802
REVERT: 0c6c0a512cd0 kernel: implement  v2_signature size/hash override from userspace through kernel module parameter
REVERT: d88bffdba20e kernel: bumped version 12800
REVERT: 278b1226dc29 kernel: bumped version
REVERT: 89c9b1b8b85e kernel: use ksu_strncpy_from_user_retry when kprobes hook sucompat pagefaults
REVERT: b04f45c2783d kernel: set fasle to  /sbin for susfs_try_umount_all
REVERT: e4a6ade95826 kernel/Makefile: hardcore driver version
REVERT: 6fe4fcbce009 kernel: susfs 1.5.9 a13-5.15 patch
REVERT: 52112a7ee342 source: clean up

git-subtree-dir: techpack/KernelSU
git-subtree-split: 6f532c03eb48ed70a61017fef756ecf1396a9550