kernel: Fix `setup_selinux` using `__task_cred` directly by jsoltan226 · Pull Request #3189 · tiann/KernelSU

jsoltan226 · 2026-01-28T14:41:52Z

This PR fixes an unsafe direct modification of task credentials in the SELinux integration code used by KernelSU.

In kernel/selinux, KernelSU currently accesses and mutates the struct cred returned by __task_cred(). While this may work on many kernels, it can cause kernel crashes on systems that enforce additional protections on credential memory, such as Samsung devices using the RKP (UH) hypervisor.

On such systems, the credential pages returned by __task_cred() may be write-protected, and writing to them directly can result in a panic during early boot or when launching the KernelSU manager app.

More recent KernelSU versions already address this issue in the “escape to root” logic by switching to the proper kernel APIs (prepare_creds() / commit_creds()), which avoids directly modifying protected credential memory.
However, setup_selinux() (in selinux/selinux.c) still accesses __task_cred() directly. This patch updates that code path to use the same safe credential handling approach, eliminating the remaining unsafe

This change improves compatibility with kernels that enforce credential memory protections (e.g. Samsung kernels with RKP enabled) and removes the need for users to disable CONFIG_UH as a workaround.

I do not currently have access to a GKI-based device to test this on real hardware. However:
The change builds successfully in the AOSP mainline kernel tree
I've backported the logic to my Samsung 4.14 non-GKI kernel tree and KernelSU 0.9.5 works (even with CONFIG_UH=y)

Additional note:
It may be helpful to document this behavior in the non-GKI integration notes, particularly for Samsung kernels that enable RKP/UH.
Several users (myself included) have run into build-time or runtime issues on Samsung kernels due to this interaction and initially worked around it by disabling RKP or switching to a non-kernel-based root solution. Making this information more visible could help others avoid those problems.
I’d be happy to help update or contribute to the relevant documentation if that would be useful.

jsoltan226 · 2026-01-29T08:30:05Z

ehhh third time's a charm I guess
I have no idea how this built in AOSP lol, maybe it wasn't building in my changes?
Whatever...

In newer versions, there appear to be more things that trigger RKP-based crashes, since when I tried to launch a backport of release 3.0.0, I was getting the same
Unexpected single-step exception at EL1
kernel log spam and then reset as when I was getting with 0.9.5 without this patch

Also, after patching the commandline to set (among others) androidboot.verifiedbootstate to green in early kernel startup, even WITH the patch on 0.9.5, RKP (or maybe DEFEX?) starts causing crashes again in the same way as before...
So don't close this PR yet, I'll try to look into the other issues. Also I have set up code completion properly now, so there shouldn't be any silly back and forth like this anymore

Copilot

Pull request overview

This PR fixes a critical compatibility issue where KernelSU's SELinux integration code directly modified write-protected credential memory, causing kernel crashes on devices with hardware-enforced credential protections (such as Samsung devices with RKP/UH enabled). The fix updates setup_selinux() to accept a struct cred parameter instead of accessing __task_cred() directly, allowing it to work with credentials obtained through the proper prepare_creds()/commit_creds() API.

Changes:

Modified setup_selinux() signature to accept a struct cred * parameter instead of directly accessing task credentials
Updated escape_to_root_for_init() to use the proper prepare_creds()/commit_creds() pattern
Corrected the ordering in escape_with_root_profile() to call setup_selinux() before commit_creds()

Reviewed changes

Copilot reviewed 3 out of 3 changed files in this pull request and generated no comments.

File	Description
kernel/selinux/selinux.h	Updated `setup_selinux()` function declaration to accept `struct cred *` parameter
kernel/selinux/selinux.c	Modified `setup_selinux()` implementation to use passed credential parameter instead of `__task_cred(current)`
kernel/app_profile.c	Updated both call sites: moved `setup_selinux()` before `commit_creds()` in `escape_with_root_profile()`, and added proper credential lifecycle management in `escape_to_root_for_init()`

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

aviraxp · 2026-02-02T02:21:17Z

I will merge this commit ahead. It is reasonable.

…lSU#3189) This PR fixes an unsafe direct modification of task credentials in the SELinux integration code used by KernelSU. In kernel/selinux, KernelSU currently accesses and mutates the struct cred returned by __task_cred(). While this may work on many kernels, it can cause kernel crashes on systems that enforce additional protections on credential memory, such as Samsung devices using the RKP (UH) hypervisor. On such systems, the credential pages returned by __task_cred() may be write-protected, and writing to them directly can result in a panic during early boot or when launching the KernelSU manager app. More recent KernelSU versions already address this issue in the “escape to root” logic by switching to the proper kernel APIs (prepare_creds() / commit_creds()), which avoids directly modifying protected credential memory. However, setup_selinux() (in selinux/selinux.c) still accesses __task_cred() directly. This patch updates that code path to use the same safe credential handling approach, eliminating the remaining unsafe This change improves compatibility with kernels that enforce credential memory protections (e.g. Samsung kernels with RKP enabled) and removes the need for users to disable CONFIG_UH as a workaround. I do not currently have access to a GKI-based device to test this on real hardware. However: The change builds successfully in the AOSP mainline kernel tree I've backported the logic to my Samsung 4.14 non-GKI kernel tree and KernelSU 0.9.5 works (even with CONFIG_UH=y) Additional note: It may be helpful to document this behavior in the non-GKI integration notes, particularly for Samsung kernels that enable RKP/UH. Several users (myself included) have run into build-time or runtime issues on Samsung kernels due to this interaction and initially worked around it by disabling RKP or switching to a non-kernel-based root solution. Making this information more visible could help others avoid those problems. I’d be happy to help update or contribute to the relevant documentation if that would be useful. --------- Co-authored-by: Wang Han <[email protected]>

…nn#3189)" This reverts commit 35d8162.

Changes on top of upstream (+79): manager: partially revert "manager: Add GKI mode WarningCard" workflows: debloat workflows: debloat pt. 2 dummy.keystore ksud: add armeabi-v7a support manager: failure mode dummy demo manager: unofficial build manager: Add ABI and Kernel archirecture info into InfoCardItem ksud: prevent 32-on-64 pointer mismatches on sepolicy ksud: add avc spoof to feature Revert "kernel: Fix `setup_selinux` using `__task_cred` directly (tiann#3189)" kernel: ksu pr 3093 kernel: remove unsupportable code reapply 3189 kernel: restore code required for old kernels kernel: build: migrate to unity build kernel: core_hook: disable seccomp for manager and allowed uids kernel: supercalls: provide sys_reboot handler kernel: supercalls: backport: "Use task work to install fd" kernel: adapt "namespace support" feature to old kernels kernel: file_wrapper: handle anon_inode_getfile for old kernels kernel: supercalls: partial backport of do_manage_mark kernel: selinux: force sepol_data.sepol to be u64 kernel: core_hook: screw path_umount backport, call sys_umount directly kernel: app_profile: shim escape_with_root_profile kernel: throne_tracker: offload to kthread (tiann#2632) kernel: throne_tracker: fixup deadlocks on iterate_dir kernel: allowlist: escape persistent_allow_list to kthread kernel: ksud: migrate ksud execution to security_bprm_check (tiann#2653) kernel: core_hook: migrate init_session_keyring grab to security_bprm_check kernel: sucompat: increase reliability, commonize and micro-optimize (tiann#2656) kernel: sucompat: sucompat feature support for manual hooks (tiann#2506) kernel: sucompat: provide do_execve_common handler for < 3.14 kernel: sucompat: provide getname_flags handlers kernel: sucompat: provide vfs_statx hook handler >= 5.18 kernel: sucompat: use seccomp.mode for permission check kernel: sucompat: execve: escape init ksud call to root kernel: app_profile: do not disable seccomp again kernel: ksud: migrate init.rc handling to security_file_permission LSM kernel: expose KSU_LSM_SECURITY_HOOKS on Kconfig kernel: core_hook: introduce selinux_ops LSM tampering for < 4.2 kernel: file_wrapper: handle more compat kernel: file_wrapper: handle readdir and iterate compat for UL kernel: ksud: provide is_ksu_transition check v4 kernel: ksud: replace input hook with an input handler kernel: syscall_table_hook: introduce syscall table tampering kernel: syscall_table_hook: wire up sucompat unhooking kernel: kp_ksud: restore kprobes for early-boot and used-once hooks kernel: rp_sucompat: add kretprobes-hooked getname_flags for sucompat kernel: extras: SQUASH: avc log spoofing impl kernel: supercalls/debug: expose ksu_set_manager_appid to sys_reboot kernel: supercalls: allow userspace to pull list entries (tiann#3040) kernel: sulog: basic ringbuffer, timestamped su log kernel: supercalls: expose ksuver override kernel: supercalls: expose spoof uname function to userspace kernel: apk_sign: casting to char for strcmp -> memcmp kernel: apk_sign: migrate generic_file_llseek -> vfs_llseek kernel: core_hook: no ext4_unregister_sysfs, no problem kernel: ksud: d_is_reg to S_ISREG kernel: throne_tracker: strscpy -> strncpy kernel: throne_tracker: resolve s_magic for < 3.9 kernel: ksud: handle conditional read_iter requirement for < 3.16 kernel: throne_tracker: handle filldir_t ABI mismatch on <= 3.18 kernel: compat: iterate_dir -> vfs_readdir compat for < 3.11 kernel: sucompat: bruteforce writeable stack from start_stack for < 3.8 kernel: compat: provide bin2hex compat for < 3.18 kernel: compat: file_inode compat for < 3.9 kernel: compat: provide selinux_inode/selinux_cred wrappers for < 5.1 kernel: compat: inline newer kernel_read / kernel_write for < 4.14 kernel: compat: no-op groups_sort if unavailable kernel: apk_sign: fix return check for ksu_sha256 kernel: handle backports kernel: apk_sign: add more size/hash pairs kernel: ksu: printout quirks / backports / etc on init kernel: scripts: kuid_ul_fix: add small script as helper kernel: selinux/sepolicy: tweak ksu_kvrealloc compat kernel: ksud: read: add fallback to /init.rc HACK: kernel: bypass tf out of uid_t/gid_t strict type checks KernelSU v3.0.0+ Warning: Managers built from this repo has a known keystore. See dummy.keystore. Signed-off-by: backslashxx <[email protected]>

This PR fixes an unsafe direct modification of task credentials in the SELinux integration code used by KernelSU. In kernel/selinux, KernelSU currently accesses and mutates the struct cred returned by __task_cred(). While this may work on many kernels, it can cause kernel crashes on systems that enforce additional protections on credential memory, such as Samsung devices using the RKP (UH) hypervisor. On such systems, the credential pages returned by __task_cred() may be write-protected, and writing to them directly can result in a panic during early boot or when launching the KernelSU manager app. More recent KernelSU versions already address this issue in the “escape to root” logic by switching to the proper kernel APIs (prepare_creds() / commit_creds()), which avoids directly modifying protected credential memory. However, setup_selinux() (in selinux/selinux.c) still accesses __task_cred() directly. This patch updates that code path to use the same safe credential handling approach, eliminating the remaining unsafe This change improves compatibility with kernels that enforce credential memory protections (e.g. Samsung kernels with RKP enabled) and removes the need for users to disable CONFIG_UH as a workaround. I do not currently have access to a GKI-based device to test this on real hardware. However: The change builds successfully in the AOSP mainline kernel tree I've backported the logic to my Samsung 4.14 non-GKI kernel tree and KernelSU 0.9.5 works (even with CONFIG_UH=y) Additional note: It may be helpful to document this behavior in the non-GKI integration notes, particularly for Samsung kernels that enable RKP/UH. Several users (myself included) have run into build-time or runtime issues on Samsung kernels due to this interaction and initially worked around it by disabling RKP or switching to a non-kernel-based root solution. Making this information more visible could help others avoid those problems. I’d be happy to help update or contribute to the relevant documentation if that would be useful. --------- Co-authored-by: Wang Han <[email protected]>

…lSU#3189) This PR fixes an unsafe direct modification of task credentials in the SELinux integration code used by KernelSU. In kernel/selinux, KernelSU currently accesses and mutates the struct cred returned by __task_cred(). While this may work on many kernels, it can cause kernel crashes on systems that enforce additional protections on credential memory, such as Samsung devices using the RKP (UH) hypervisor. On such systems, the credential pages returned by __task_cred() may be write-protected, and writing to them directly can result in a panic during early boot or when launching the KernelSU manager app. More recent KernelSU versions already address this issue in the “escape to root” logic by switching to the proper kernel APIs (prepare_creds() / commit_creds()), which avoids directly modifying protected credential memory. However, setup_selinux() (in selinux/selinux.c) still accesses __task_cred() directly. This patch updates that code path to use the same safe credential handling approach, eliminating the remaining unsafe This change improves compatibility with kernels that enforce credential memory protections (e.g. Samsung kernels with RKP enabled) and removes the need for users to disable CONFIG_UH as a workaround. I do not currently have access to a GKI-based device to test this on real hardware. However: The change builds successfully in the AOSP mainline kernel tree I've backported the logic to my Samsung 4.14 non-GKI kernel tree and KernelSU 0.9.5 works (even with CONFIG_UH=y) Additional note: It may be helpful to document this behavior in the non-GKI integration notes, particularly for Samsung kernels that enable RKP/UH. Several users (myself included) have run into build-time or runtime issues on Samsung kernels due to this interaction and initially worked around it by disabling RKP or switching to a non-kernel-based root solution. Making this information more visible could help others avoid those problems. I’d be happy to help update or contribute to the relevant documentation if that would be useful. --------- Co-authored-by: Wang Han <[email protected]>

This PR fixes an unsafe direct modification of task credentials in the SELinux integration code used by KernelSU. In kernel/selinux, KernelSU currently accesses and mutates the struct cred returned by __task_cred(). While this may work on many kernels, it can cause kernel crashes on systems that enforce additional protections on credential memory, such as Samsung devices using the RKP (UH) hypervisor. On such systems, the credential pages returned by __task_cred() may be write-protected, and writing to them directly can result in a panic during early boot or when launching the KernelSU manager app. More recent KernelSU versions already address this issue in the “escape to root” logic by switching to the proper kernel APIs (prepare_creds() / commit_creds()), which avoids directly modifying protected credential memory. However, setup_selinux() (in selinux/selinux.c) still accesses __task_cred() directly. This patch updates that code path to use the same safe credential handling approach, eliminating the remaining unsafe This change improves compatibility with kernels that enforce credential memory protections (e.g. Samsung kernels with RKP enabled) and removes the need for users to disable CONFIG_UH as a workaround. I do not currently have access to a GKI-based device to test this on real hardware. However: The change builds successfully in the AOSP mainline kernel tree I've backported the logic to my Samsung 4.14 non-GKI kernel tree and KernelSU 0.9.5 works (even with CONFIG_UH=y) Additional note: It may be helpful to document this behavior in the non-GKI integration notes, particularly for Samsung kernels that enable RKP/UH. Several users (myself included) have run into build-time or runtime issues on Samsung kernels due to this interaction and initially worked around it by disabling RKP or switching to a non-kernel-based root solution. Making this information more visible could help others avoid those problems. I’d be happy to help update or contribute to the relevant documentation if that would be useful. --------- Co-authored-by: Wang Han <[email protected]>

…nn#3189)" This reverts commit 35d8162.

Changes on top of upstream (+79): manager: partially revert "manager: Add GKI mode WarningCard" workflows: debloat workflows: debloat pt. 2 dummy.keystore ksud: add armeabi-v7a support manager: failure mode dummy demo manager: unofficial build manager: Add ABI and Kernel archirecture info into InfoCardItem ksud: prevent 32-on-64 pointer mismatches on sepolicy ksud: add avc spoof to feature Revert "kernel: Fix `setup_selinux` using `__task_cred` directly (tiann#3189)" kernel: ksu pr 3093 kernel: remove unsupportable code reapply 3189 kernel: restore code required for old kernels kernel: build: migrate to unity build kernel: core_hook: disable seccomp for manager and allowed uids kernel: supercalls: provide sys_reboot handler kernel: supercalls: backport: "Use task work to install fd" kernel: adapt "namespace support" feature to old kernels kernel: file_wrapper: handle anon_inode_getfile for old kernels kernel: supercalls: partial backport of do_manage_mark kernel: selinux: force sepol_data.sepol to be u64 kernel: core_hook: screw path_umount backport, call sys_umount directly kernel: app_profile: shim escape_with_root_profile kernel: throne_tracker: offload to kthread (tiann#2632) kernel: throne_tracker: fixup deadlocks on iterate_dir kernel: allowlist: escape persistent_allow_list to kthread kernel: ksud: migrate ksud execution to security_bprm_check (tiann#2653) kernel: core_hook: migrate init_session_keyring grab to security_bprm_check kernel: sucompat: increase reliability, commonize and micro-optimize (tiann#2656) kernel: sucompat: sucompat feature support for manual hooks (tiann#2506) kernel: sucompat: provide do_execve_common handler for < 3.14 kernel: sucompat: provide getname_flags handlers kernel: sucompat: provide vfs_statx hook handler >= 5.18 kernel: sucompat: use seccomp.mode for permission check kernel: sucompat: execve: escape init ksud call to root kernel: app_profile: do not disable seccomp again kernel: ksud: migrate init.rc handling to security_file_permission LSM kernel: expose KSU_LSM_SECURITY_HOOKS on Kconfig kernel: core_hook: introduce selinux_ops LSM tampering for < 4.2 kernel: file_wrapper: handle more compat kernel: file_wrapper: handle readdir and iterate compat for UL kernel: ksud: provide is_ksu_transition check v4 kernel: ksud: replace input hook with an input handler kernel: syscall_table_hook: introduce syscall table tampering kernel: syscall_table_hook: wire up sucompat unhooking kernel: kp_ksud: restore kprobes for early-boot and used-once hooks kernel: rp_sucompat: add kretprobes-hooked getname_flags for sucompat kernel: extras: SQUASH: avc log spoofing impl kernel: supercalls/debug: expose ksu_set_manager_appid to sys_reboot kernel: supercalls: allow userspace to pull list entries (tiann#3040) kernel: sulog: basic ringbuffer, timestamped su log kernel: supercalls: expose ksuver override kernel: supercalls: expose spoof uname function to userspace kernel: apk_sign: casting to char for strcmp -> memcmp kernel: apk_sign: migrate generic_file_llseek -> vfs_llseek kernel: core_hook: no ext4_unregister_sysfs, no problem kernel: ksud: d_is_reg to S_ISREG kernel: throne_tracker: strscpy -> strncpy kernel: throne_tracker: resolve s_magic for < 3.9 kernel: ksud: handle conditional read_iter requirement for < 3.16 kernel: throne_tracker: handle filldir_t ABI mismatch on <= 3.18 kernel: compat: iterate_dir -> vfs_readdir compat for < 3.11 kernel: sucompat: bruteforce writeable stack from start_stack for < 3.8 kernel: compat: provide bin2hex compat for < 3.18 kernel: compat: file_inode compat for < 3.9 kernel: compat: provide selinux_inode/selinux_cred wrappers for < 5.1 kernel: compat: inline newer kernel_read / kernel_write for < 4.14 kernel: compat: no-op groups_sort if unavailable kernel: apk_sign: fix return check for ksu_sha256 kernel: handle backports kernel: apk_sign: add more size/hash pairs kernel: ksu: printout quirks / backports / etc on init kernel: scripts: kuid_ul_fix: add small script as helper kernel: selinux/sepolicy: tweak ksu_kvrealloc compat kernel: ksud: read: add fallback to /init.rc HACK: kernel: bypass tf out of uid_t/gid_t strict type checks KernelSU v3.0.0+ Warning: Managers built from this repo has a known keystore. See dummy.keystore. Signed-off-by: backslashxx <[email protected]>

This PR fixes an unsafe direct modification of task credentials in the SELinux integration code used by KernelSU. In kernel/selinux, KernelSU currently accesses and mutates the struct cred returned by __task_cred(). While this may work on many kernels, it can cause kernel crashes on systems that enforce additional protections on credential memory, such as Samsung devices using the RKP (UH) hypervisor. On such systems, the credential pages returned by __task_cred() may be write-protected, and writing to them directly can result in a panic during early boot or when launching the KernelSU manager app. More recent KernelSU versions already address this issue in the “escape to root” logic by switching to the proper kernel APIs (prepare_creds() / commit_creds()), which avoids directly modifying protected credential memory. However, setup_selinux() (in selinux/selinux.c) still accesses __task_cred() directly. This patch updates that code path to use the same safe credential handling approach, eliminating the remaining unsafe This change improves compatibility with kernels that enforce credential memory protections (e.g. Samsung kernels with RKP enabled) and removes the need for users to disable CONFIG_UH as a workaround. I do not currently have access to a GKI-based device to test this on real hardware. However: The change builds successfully in the AOSP mainline kernel tree I've backported the logic to my Samsung 4.14 non-GKI kernel tree and KernelSU 0.9.5 works (even with CONFIG_UH=y) Additional note: It may be helpful to document this behavior in the non-GKI integration notes, particularly for Samsung kernels that enable RKP/UH. Several users (myself included) have run into build-time or runtime issues on Samsung kernels due to this interaction and initially worked around it by disabling RKP or switching to a non-kernel-based root solution. Making this information more visible could help others avoid those problems. I’d be happy to help update or contribute to the relevant documentation if that would be useful. --------- Co-authored-by: Wang Han <[email protected]>

…lSU#3189) This PR fixes an unsafe direct modification of task credentials in the SELinux integration code used by KernelSU. In kernel/selinux, KernelSU currently accesses and mutates the struct cred returned by __task_cred(). While this may work on many kernels, it can cause kernel crashes on systems that enforce additional protections on credential memory, such as Samsung devices using the RKP (UH) hypervisor. On such systems, the credential pages returned by __task_cred() may be write-protected, and writing to them directly can result in a panic during early boot or when launching the KernelSU manager app. More recent KernelSU versions already address this issue in the “escape to root” logic by switching to the proper kernel APIs (prepare_creds() / commit_creds()), which avoids directly modifying protected credential memory. However, setup_selinux() (in selinux/selinux.c) still accesses __task_cred() directly. This patch updates that code path to use the same safe credential handling approach, eliminating the remaining unsafe This change improves compatibility with kernels that enforce credential memory protections (e.g. Samsung kernels with RKP enabled) and removes the need for users to disable CONFIG_UH as a workaround. I do not currently have access to a GKI-based device to test this on real hardware. However: The change builds successfully in the AOSP mainline kernel tree I've backported the logic to my Samsung 4.14 non-GKI kernel tree and KernelSU 0.9.5 works (even with CONFIG_UH=y) Additional note: It may be helpful to document this behavior in the non-GKI integration notes, particularly for Samsung kernels that enable RKP/UH. Several users (myself included) have run into build-time or runtime issues on Samsung kernels due to this interaction and initially worked around it by disabling RKP or switching to a non-kernel-based root solution. Making this information more visible could help others avoid those problems. I’d be happy to help update or contribute to the relevant documentation if that would be useful. --------- Co-authored-by: Wang Han <[email protected]>

Changes on top of upstream (+79): manager: partially revert "manager: Add GKI mode WarningCard" workflows: debloat workflows: debloat pt. 2 dummy.keystore ksud: add armeabi-v7a support manager: failure mode dummy demo manager: unofficial build manager: Add ABI and Kernel archirecture info into InfoCardItem ksud: prevent 32-on-64 pointer mismatches on sepolicy ksud: add avc spoof to feature Revert "kernel: Fix `setup_selinux` using `__task_cred` directly (tiann#3189)" kernel: ksu pr 3093 kernel: remove unsupportable code reapply 3189 kernel: restore code required for old kernels kernel: build: migrate to unity build kernel: core_hook: disable seccomp for manager and allowed uids kernel: supercalls: provide sys_reboot handler kernel: supercalls: backport: "Use task work to install fd" kernel: adapt "namespace support" feature to old kernels kernel: file_wrapper: handle anon_inode_getfile for old kernels kernel: supercalls: partial backport of do_manage_mark kernel: selinux: force sepol_data.sepol to be u64 kernel: core_hook: screw path_umount backport, call sys_umount directly kernel: app_profile: shim escape_with_root_profile kernel: throne_tracker: offload to kthread (tiann#2632) kernel: throne_tracker: fixup deadlocks on iterate_dir kernel: allowlist: escape persistent_allow_list to kthread kernel: ksud: migrate ksud execution to security_bprm_check (tiann#2653) kernel: core_hook: migrate init_session_keyring grab to security_bprm_check kernel: sucompat: increase reliability, commonize and micro-optimize (tiann#2656) kernel: sucompat: sucompat feature support for manual hooks (tiann#2506) kernel: sucompat: provide do_execve_common handler for < 3.14 kernel: sucompat: provide getname_flags handlers kernel: sucompat: provide vfs_statx hook handler >= 5.18 kernel: sucompat: use seccomp.mode for permission check kernel: sucompat: execve: escape init ksud call to root kernel: app_profile: do not disable seccomp again kernel: ksud: migrate init.rc handling to security_file_permission LSM kernel: expose KSU_LSM_SECURITY_HOOKS on Kconfig kernel: core_hook: introduce selinux_ops LSM tampering for < 4.2 kernel: file_wrapper: handle more compat kernel: file_wrapper: handle readdir and iterate compat for UL kernel: ksud: provide is_ksu_transition check v4 kernel: ksud: replace input hook with an input handler kernel: syscall_table_hook: introduce syscall table tampering kernel: syscall_table_hook: wire up sucompat unhooking kernel: kp_ksud: restore kprobes for early-boot and used-once hooks kernel: rp_sucompat: add kretprobes-hooked getname_flags for sucompat kernel: extras: SQUASH: avc log spoofing impl kernel: supercalls/debug: expose ksu_set_manager_appid to sys_reboot kernel: supercalls: allow userspace to pull list entries (tiann#3040) kernel: sulog: basic ringbuffer, timestamped su log kernel: supercalls: expose ksuver override kernel: supercalls: expose spoof uname function to userspace kernel: apk_sign: casting to char for strcmp -> memcmp kernel: apk_sign: migrate generic_file_llseek -> vfs_llseek kernel: core_hook: no ext4_unregister_sysfs, no problem kernel: ksud: d_is_reg to S_ISREG kernel: throne_tracker: strscpy -> strncpy kernel: throne_tracker: resolve s_magic for < 3.9 kernel: ksud: handle conditional read_iter requirement for < 3.16 kernel: throne_tracker: handle filldir_t ABI mismatch on <= 3.18 kernel: compat: iterate_dir -> vfs_readdir compat for < 3.11 kernel: sucompat: bruteforce writeable stack from start_stack for < 3.8 kernel: compat: provide bin2hex compat for < 3.18 kernel: compat: file_inode compat for < 3.9 kernel: compat: provide selinux_inode/selinux_cred wrappers for < 5.1 kernel: compat: inline newer kernel_read / kernel_write for < 4.14 kernel: compat: no-op groups_sort if unavailable kernel: apk_sign: fix return check for ksu_sha256 kernel: handle backports kernel: apk_sign: add more size/hash pairs kernel: ksu: printout quirks / backports / etc on init kernel: scripts: kuid_ul_fix: add small script as helper kernel: selinux/sepolicy: tweak ksu_kvrealloc compat kernel: ksud: read: add fallback to /init.rc HACK: kernel: bypass tf out of uid_t/gid_t strict type checks KernelSU v3.0.0+ Warning: Managers built from this repo has a known keystore. See dummy.keystore. Signed-off-by: backslashxx <[email protected]>

…lSU#3189) This PR fixes an unsafe direct modification of task credentials in the SELinux integration code used by KernelSU. In kernel/selinux, KernelSU currently accesses and mutates the struct cred returned by __task_cred(). While this may work on many kernels, it can cause kernel crashes on systems that enforce additional protections on credential memory, such as Samsung devices using the RKP (UH) hypervisor. On such systems, the credential pages returned by __task_cred() may be write-protected, and writing to them directly can result in a panic during early boot or when launching the KernelSU manager app. More recent KernelSU versions already address this issue in the “escape to root” logic by switching to the proper kernel APIs (prepare_creds() / commit_creds()), which avoids directly modifying protected credential memory. However, setup_selinux() (in selinux/selinux.c) still accesses __task_cred() directly. This patch updates that code path to use the same safe credential handling approach, eliminating the remaining unsafe This change improves compatibility with kernels that enforce credential memory protections (e.g. Samsung kernels with RKP enabled) and removes the need for users to disable CONFIG_UH as a workaround. I do not currently have access to a GKI-based device to test this on real hardware. However: The change builds successfully in the AOSP mainline kernel tree I've backported the logic to my Samsung 4.14 non-GKI kernel tree and KernelSU 0.9.5 works (even with CONFIG_UH=y) Additional note: It may be helpful to document this behavior in the non-GKI integration notes, particularly for Samsung kernels that enable RKP/UH. Several users (myself included) have run into build-time or runtime issues on Samsung kernels due to this interaction and initially worked around it by disabling RKP or switching to a non-kernel-based root solution. Making this information more visible could help others avoid those problems. I’d be happy to help update or contribute to the relevant documentation if that would be useful. --------- Co-authored-by: Wang Han <[email protected]>

…nn#3189)" This reverts commit 35d8162.

Changes on top of upstream (+78): manager: partially revert "manager: Add GKI mode WarningCard" workflows: debloat workflows: debloat pt. 2 dummy.keystore ksud: add armeabi-v7a support manager: unofficial build manager: Add ABI and Kernel archirecture info into InfoCardItem ksud: prevent 32-on-64 pointer mismatches on sepolicy ksud: add avc spoof to feature Revert "kernel: Fix `setup_selinux` using `__task_cred` directly (tiann#3189)" kernel: ksu pr 3093 kernel: remove unsupportable code reapply 3189 kernel: restore code required for old kernels kernel: build: migrate to unity build kernel: core_hook: disable seccomp for manager and allowed uids kernel: supercalls: provide sys_reboot handler kernel: supercalls: backport: "Use task work to install fd" kernel: adapt "namespace support" feature to old kernels kernel: file_wrapper: handle anon_inode_getfile for old kernels kernel: supercalls: partial backport of do_manage_mark kernel: selinux: force sepol_data.sepol to be u64 kernel: core_hook: screw path_umount backport, call sys_umount directly kernel: app_profile: shim escape_with_root_profile kernel: throne_tracker: offload to kthread (tiann#2632) kernel: throne_tracker: fixup deadlocks on iterate_dir kernel: allowlist: escape persistent_allow_list to kthread kernel: ksud: migrate ksud execution to security_bprm_check (tiann#2653) kernel: core_hook: migrate init_session_keyring grab to security_bprm_check kernel: sucompat: increase reliability, commonize and micro-optimize (tiann#2656) kernel: sucompat: sucompat feature support for manual hooks (tiann#2506) kernel: sucompat: provide do_execve_common handler for < 3.14 kernel: sucompat: provide getname_flags handlers kernel: sucompat: provide vfs_statx hook handler >= 5.18 kernel: sucompat: use seccomp.mode for permission check kernel: sucompat: execve: escape init ksud call to root kernel: app_profile: do not disable seccomp again kernel: ksud: migrate init.rc handling to security_file_permission LSM kernel: expose KSU_LSM_SECURITY_HOOKS on Kconfig kernel: core_hook: introduce selinux_ops LSM tampering for < 4.2 kernel: file_wrapper: handle more compat kernel: file_wrapper: handle readdir and iterate compat for UL kernel: ksud: provide is_ksu_transition check v4 kernel: ksud: replace input hook with an input handler kernel: syscall_table_hook: introduce syscall table tampering kernel: syscall_table_hook: wire up sucompat unhooking kernel: kp_ksud: restore kprobes for early-boot and used-once hooks kernel: rp_sucompat: add kretprobes-hooked getname_flags for sucompat kernel: extras: SQUASH: avc log spoofing impl kernel: supercalls/debug: expose ksu_set_manager_appid to sys_reboot kernel: supercalls: allow userspace to pull list entries (tiann#3040) kernel: sulog: basic ringbuffer, timestamped su log kernel: supercalls: expose ksuver override kernel: supercalls: expose spoof uname function to userspace kernel: apk_sign: casting to char for strcmp -> memcmp kernel: apk_sign: migrate generic_file_llseek -> vfs_llseek kernel: core_hook: no ext4_unregister_sysfs, no problem kernel: ksud: d_is_reg to S_ISREG kernel: throne_tracker: strscpy -> strncpy kernel: throne_tracker: resolve s_magic for < 3.9 kernel: ksud: handle conditional read_iter requirement for < 3.16 kernel: throne_tracker: handle filldir_t ABI mismatch on <= 3.18 kernel: compat: iterate_dir -> vfs_readdir compat for < 3.11 kernel: sucompat: bruteforce writeable stack from start_stack for < 3.8 kernel: compat: provide bin2hex compat for < 3.18 kernel: compat: file_inode compat for < 3.9 kernel: compat: provide selinux_inode/selinux_cred wrappers for < 5.1 kernel: compat: inline newer kernel_read / kernel_write for < 4.14 kernel: compat: no-op groups_sort if unavailable kernel: apk_sign: fix return check for ksu_sha256 kernel: handle backports kernel: apk_sign: add more size/hash pairs kernel: ksu: printout quirks / backports / etc on init kernel: scripts: kuid_ul_fix: add small script as helper kernel: selinux/sepolicy: tweak ksu_kvrealloc compat kernel: ksud: read: add fallback to /init.rc HACK: kernel: bypass tf out of uid_t/gid_t strict type checks KernelSU v3.0.0+ Warning: Managers built from this repo has a known keystore. See dummy.keystore. Signed-off-by: backslashxx <[email protected]>

…lSU#3189) This PR fixes an unsafe direct modification of task credentials in the SELinux integration code used by KernelSU. In kernel/selinux, KernelSU currently accesses and mutates the struct cred returned by __task_cred(). While this may work on many kernels, it can cause kernel crashes on systems that enforce additional protections on credential memory, such as Samsung devices using the RKP (UH) hypervisor. On such systems, the credential pages returned by __task_cred() may be write-protected, and writing to them directly can result in a panic during early boot or when launching the KernelSU manager app. More recent KernelSU versions already address this issue in the “escape to root” logic by switching to the proper kernel APIs (prepare_creds() / commit_creds()), which avoids directly modifying protected credential memory. However, setup_selinux() (in selinux/selinux.c) still accesses __task_cred() directly. This patch updates that code path to use the same safe credential handling approach, eliminating the remaining unsafe This change improves compatibility with kernels that enforce credential memory protections (e.g. Samsung kernels with RKP enabled) and removes the need for users to disable CONFIG_UH as a workaround. I do not currently have access to a GKI-based device to test this on real hardware. However: The change builds successfully in the AOSP mainline kernel tree I've backported the logic to my Samsung 4.14 non-GKI kernel tree and KernelSU 0.9.5 works (even with CONFIG_UH=y) Additional note: It may be helpful to document this behavior in the non-GKI integration notes, particularly for Samsung kernels that enable RKP/UH. Several users (myself included) have run into build-time or runtime issues on Samsung kernels due to this interaction and initially worked around it by disabling RKP or switching to a non-kernel-based root solution. Making this information more visible could help others avoid those problems. I’d be happy to help update or contribute to the relevant documentation if that would be useful. --------- Co-authored-by: Wang Han <[email protected]>

…nn#3189)" This reverts commit 35d8162.

Changes on top of upstream (+78): manager: partially revert "manager: Add GKI mode WarningCard" workflows: debloat workflows: debloat pt. 2 dummy.keystore ksud: add armeabi-v7a support manager: unofficial build manager: Add ABI and Kernel archirecture info into InfoCardItem ksud: prevent 32-on-64 pointer mismatches on sepolicy ksud: add avc spoof to feature Revert "kernel: Fix `setup_selinux` using `__task_cred` directly (tiann#3189)" kernel: ksu pr 3093 kernel: remove unsupportable code reapply 3189 kernel: restore code required for old kernels kernel: build: migrate to unity build kernel: core_hook: disable seccomp for manager and allowed uids kernel: supercalls: provide sys_reboot handler kernel: supercalls: backport: "Use task work to install fd" kernel: adapt "namespace support" feature to old kernels kernel: file_wrapper: handle anon_inode_getfile for old kernels kernel: supercalls: partial backport of do_manage_mark kernel: selinux: force sepol_data.sepol to be u64 kernel: core_hook: screw path_umount backport, call sys_umount directly kernel: app_profile: shim escape_with_root_profile kernel: throne_tracker: offload to kthread (tiann#2632) kernel: throne_tracker: fixup deadlocks on iterate_dir kernel: allowlist: escape persistent_allow_list to kthread kernel: ksud: migrate ksud execution to security_bprm_check (tiann#2653) kernel: core_hook: migrate init_session_keyring grab to security_bprm_check kernel: sucompat: increase reliability, commonize and micro-optimize (tiann#2656) kernel: sucompat: sucompat feature support for manual hooks (tiann#2506) kernel: sucompat: provide do_execve_common handler for < 3.14 kernel: sucompat: provide getname_flags handlers kernel: sucompat: provide vfs_statx hook handler >= 5.18 kernel: sucompat: use seccomp.mode for permission check kernel: sucompat: execve: escape init ksud call to root kernel: app_profile: do not disable seccomp again kernel: ksud: migrate init.rc handling to security_file_permission LSM kernel: expose KSU_LSM_SECURITY_HOOKS on Kconfig kernel: core_hook: introduce selinux_ops LSM tampering for < 4.2 kernel: file_wrapper: handle more compat kernel: file_wrapper: handle readdir and iterate compat for UL kernel: ksud: provide is_ksu_transition check v4 kernel: ksud: replace input hook with an input handler kernel: syscall_table_hook: introduce syscall table tampering kernel: syscall_table_hook: wire up sucompat unhooking kernel: kp_ksud: restore kprobes for early-boot and used-once hooks kernel: rp_sucompat: add kretprobes-hooked getname_flags for sucompat kernel: extras: SQUASH: avc log spoofing impl kernel: supercalls/debug: expose ksu_set_manager_appid to sys_reboot kernel: supercalls: allow userspace to pull list entries (tiann#3040) kernel: sulog: basic ringbuffer, timestamped su log kernel: supercalls: expose ksuver override kernel: supercalls: expose spoof uname function to userspace kernel: apk_sign: casting to char for strcmp -> memcmp kernel: apk_sign: migrate generic_file_llseek -> vfs_llseek kernel: core_hook: no ext4_unregister_sysfs, no problem kernel: ksud: d_is_reg to S_ISREG kernel: throne_tracker: strscpy -> strncpy kernel: throne_tracker: resolve s_magic for < 3.9 kernel: ksud: handle conditional read_iter requirement for < 3.16 kernel: throne_tracker: handle filldir_t ABI mismatch on <= 3.18 kernel: compat: iterate_dir -> vfs_readdir compat for < 3.11 kernel: sucompat: bruteforce writeable stack from start_stack for < 3.8 kernel: compat: provide bin2hex compat for < 3.18 kernel: compat: file_inode compat for < 3.9 kernel: compat: provide selinux_inode/selinux_cred wrappers for < 5.1 kernel: compat: inline newer kernel_read / kernel_write for < 4.14 kernel: compat: no-op groups_sort if unavailable kernel: apk_sign: fix return check for ksu_sha256 kernel: handle backports kernel: apk_sign: add more size/hash pairs kernel: ksu: printout quirks / backports / etc on init kernel: scripts: kuid_ul_fix: add small script as helper kernel: selinux/sepolicy: tweak ksu_kvrealloc compat kernel: ksud: read: add fallback to /init.rc HACK: kernel: bypass tf out of uid_t/gid_t strict type checks KernelSU v3.0.0+ Warning: Managers built from this repo has a known keystore. See dummy.keystore. Signed-off-by: backslashxx <[email protected]>

…nn#3189)" This reverts commit 35d8162.

…iann#3189)" This reverts commit 4e3f5fb.

Changes on top of upstream (+78): manager: partially revert "manager: Add GKI mode WarningCard" workflows: debloat workflows: debloat pt. 2 dummy.keystore ksud: add armeabi-v7a support manager: unofficial build manager: Add ABI and Kernel archirecture info into InfoCardItem ksud: prevent 32-on-64 pointer mismatches on sepolicy ksud: add avc spoof to feature Revert "kernel: Fix `setup_selinux` using `__task_cred` directly (tiann#3189)" kernel: ksu pr 3093 kernel: remove unsupportable code reapply 3189 kernel: restore code required for old kernels kernel: build: migrate to unity build kernel: core_hook: disable seccomp for manager and allowed uids kernel: supercalls: provide sys_reboot handler kernel: supercalls: backport: "Use task work to install fd" kernel: adapt "namespace support" feature to old kernels kernel: file_wrapper: handle anon_inode_getfile for old kernels kernel: supercalls: partial backport of do_manage_mark kernel: selinux: force sepol_data.sepol to be u64 kernel: core_hook: screw path_umount backport, call sys_umount directly kernel: app_profile: shim escape_with_root_profile kernel: throne_tracker: offload to kthread (tiann#2632) kernel: throne_tracker: fixup deadlocks on iterate_dir kernel: allowlist: escape persistent_allow_list to kthread kernel: ksud: migrate ksud execution to security_bprm_check (tiann#2653) kernel: core_hook: migrate init_session_keyring grab to security_bprm_check kernel: sucompat: increase reliability, commonize and micro-optimize (tiann#2656) kernel: sucompat: sucompat feature support for manual hooks (tiann#2506) kernel: sucompat: provide do_execve_common handler for < 3.14 kernel: sucompat: provide getname_flags handlers kernel: sucompat: provide vfs_statx hook handler >= 5.18 kernel: sucompat: use seccomp.mode for permission check kernel: sucompat: execve: escape init ksud call to root kernel: app_profile: do not disable seccomp again kernel: ksud: migrate init.rc handling to security_file_permission LSM kernel: expose KSU_LSM_SECURITY_HOOKS on Kconfig kernel: core_hook: introduce selinux_ops LSM tampering for < 4.2 kernel: file_wrapper: handle more compat kernel: file_wrapper: handle readdir and iterate compat for UL kernel: ksud: provide is_ksu_transition check v4 kernel: ksud: replace input hook with an input handler kernel: syscall_table_hook: introduce syscall table tampering kernel: syscall_table_hook: wire up sucompat unhooking kernel: kp_ksud: restore kprobes for early-boot and used-once hooks kernel: rp_sucompat: add kretprobes-hooked getname_flags for sucompat kernel: extras: SQUASH: avc log spoofing impl kernel: supercalls/debug: expose ksu_set_manager_appid to sys_reboot kernel: supercalls: allow userspace to pull list entries (tiann#3040) kernel: sulog: basic ringbuffer, timestamped su log kernel: supercalls: expose ksuver override kernel: supercalls: expose spoof uname function to userspace kernel: apk_sign: casting to char for strcmp -> memcmp kernel: apk_sign: migrate generic_file_llseek -> vfs_llseek kernel: core_hook: no ext4_unregister_sysfs, no problem kernel: ksud: d_is_reg to S_ISREG kernel: throne_tracker: strscpy -> strncpy kernel: throne_tracker: resolve s_magic for < 3.9 kernel: ksud: handle conditional read_iter requirement for < 3.16 kernel: throne_tracker: handle filldir_t ABI mismatch on <= 3.18 kernel: compat: iterate_dir -> vfs_readdir compat for < 3.11 kernel: sucompat: bruteforce writeable stack from start_stack for < 3.8 kernel: compat: provide bin2hex compat for < 3.18 kernel: compat: file_inode compat for < 3.9 kernel: compat: provide selinux_inode/selinux_cred wrappers for < 5.1 kernel: compat: inline newer kernel_read / kernel_write for < 4.14 kernel: compat: no-op groups_sort if unavailable kernel: apk_sign: fix return check for ksu_sha256 kernel: handle backports kernel: apk_sign: add more size/hash pairs kernel: ksu: printout quirks / backports / etc on init kernel: scripts: kuid_ul_fix: add small script as helper kernel: selinux/sepolicy: handle half-assed selinux backports kernel: ksud: read: add fallback to /init.rc HACK: kernel: bypass tf out of uid_t/gid_t strict type checks KernelSU v3.0.0+ Warning: Managers built from this repo has a known keystore. See dummy.keystore. Signed-off-by: backslashxx <[email protected]>

…nn#3189)" This reverts commit 35d8162.

…iann#3189)" This reverts commit 4e3f5fb.

Changes on top of upstream (+78): manager: partially revert "manager: Add GKI mode WarningCard" workflows: debloat workflows: debloat pt. 2 dummy.keystore ksud: add armeabi-v7a support manager: unofficial build manager: Add ABI and Kernel archirecture info into InfoCardItem ksud: prevent 32-on-64 pointer mismatches on sepolicy ksud: add avc spoof to feature Revert "kernel: Fix `setup_selinux` using `__task_cred` directly (tiann#3189)" kernel: ksu pr 3093 kernel: remove unsupportable code reapply 3189 kernel: restore code required for old kernels kernel: build: migrate to unity build kernel: core_hook: disable seccomp for manager and allowed uids kernel: supercalls: provide sys_reboot handler kernel: supercalls: backport: "Use task work to install fd" kernel: adapt "namespace support" feature to old kernels kernel: file_wrapper: handle anon_inode_getfile for old kernels kernel: supercalls: partial backport of do_manage_mark kernel: selinux: force sepol_data.sepol to be u64 kernel: core_hook: screw path_umount backport, call sys_umount directly kernel: app_profile: shim escape_with_root_profile kernel: throne_tracker: offload to kthread (tiann#2632) kernel: throne_tracker: fixup deadlocks on iterate_dir kernel: allowlist: escape persistent_allow_list to kthread kernel: ksud: migrate ksud execution to security_bprm_check (tiann#2653) kernel: core_hook: migrate init_session_keyring grab to security_bprm_check kernel: sucompat: increase reliability, commonize and micro-optimize (tiann#2656) kernel: sucompat: sucompat feature support for manual hooks (tiann#2506) kernel: sucompat: provide do_execve_common handler for < 3.14 kernel: sucompat: provide getname_flags handlers kernel: sucompat: provide vfs_statx hook handler >= 5.18 kernel: sucompat: use seccomp.mode for permission check kernel: sucompat: execve: escape init ksud call to root kernel: app_profile: do not disable seccomp again kernel: ksud: migrate init.rc handling to security_file_permission LSM kernel: expose KSU_LSM_SECURITY_HOOKS on Kconfig kernel: core_hook: introduce selinux_ops LSM tampering for < 4.2 kernel: file_wrapper: handle more compat kernel: file_wrapper: handle readdir and iterate compat for UL kernel: ksud: provide is_ksu_transition check v4 kernel: ksud: replace input hook with an input handler kernel: syscall_table_hook: introduce syscall table tampering kernel: syscall_table_hook: wire up sucompat unhooking kernel: kp_ksud: restore kprobes for early-boot and used-once hooks kernel: rp_sucompat: add kretprobes-hooked getname_flags for sucompat kernel: extras: SQUASH: avc log spoofing impl kernel: supercalls/debug: expose ksu_set_manager_appid to sys_reboot kernel: supercalls: allow userspace to pull list entries (tiann#3040) kernel: sulog: basic ringbuffer, timestamped su log kernel: supercalls: expose ksuver override kernel: supercalls: expose spoof uname function to userspace kernel: apk_sign: casting to char for strcmp -> memcmp kernel: apk_sign: migrate generic_file_llseek -> vfs_llseek kernel: core_hook: no ext4_unregister_sysfs, no problem kernel: ksud: d_is_reg to S_ISREG kernel: throne_tracker: strscpy -> strncpy kernel: throne_tracker: resolve s_magic for < 3.9 kernel: ksud: handle conditional read_iter requirement for < 3.16 kernel: throne_tracker: handle filldir_t ABI mismatch on <= 3.18 kernel: compat: iterate_dir -> vfs_readdir compat for < 3.11 kernel: sucompat: bruteforce writeable stack from start_stack for < 3.8 kernel: compat: provide bin2hex compat for < 3.18 kernel: compat: file_inode compat for < 3.9 kernel: compat: provide selinux_inode/selinux_cred wrappers for < 5.1 kernel: compat: inline newer kernel_read / kernel_write for < 4.14 kernel: compat: no-op groups_sort if unavailable kernel: apk_sign: fix return check for ksu_sha256 kernel: handle backports kernel: apk_sign: add more size/hash pairs kernel: ksu: printout quirks / backports / etc on init kernel: scripts: kuid_ul_fix: add small script as helper kernel: selinux/sepolicy: handle half-assed selinux backports kernel: ksud: read: add fallback to /init.rc HACK: kernel: bypass tf out of uid_t/gid_t strict type checks KernelSU v3.0.0+ Warning: Managers built from this repo has a known keystore. See dummy.keystore. Signed-off-by: backslashxx <[email protected]>

…lSU#3189) This PR fixes an unsafe direct modification of task credentials in the SELinux integration code used by KernelSU. In kernel/selinux, KernelSU currently accesses and mutates the struct cred returned by __task_cred(). While this may work on many kernels, it can cause kernel crashes on systems that enforce additional protections on credential memory, such as Samsung devices using the RKP (UH) hypervisor. On such systems, the credential pages returned by __task_cred() may be write-protected, and writing to them directly can result in a panic during early boot or when launching the KernelSU manager app. More recent KernelSU versions already address this issue in the “escape to root” logic by switching to the proper kernel APIs (prepare_creds() / commit_creds()), which avoids directly modifying protected credential memory. However, setup_selinux() (in selinux/selinux.c) still accesses __task_cred() directly. This patch updates that code path to use the same safe credential handling approach, eliminating the remaining unsafe This change improves compatibility with kernels that enforce credential memory protections (e.g. Samsung kernels with RKP enabled) and removes the need for users to disable CONFIG_UH as a workaround. I do not currently have access to a GKI-based device to test this on real hardware. However: The change builds successfully in the AOSP mainline kernel tree I've backported the logic to my Samsung 4.14 non-GKI kernel tree and KernelSU 0.9.5 works (even with CONFIG_UH=y) Additional note: It may be helpful to document this behavior in the non-GKI integration notes, particularly for Samsung kernels that enable RKP/UH. Several users (myself included) have run into build-time or runtime issues on Samsung kernels due to this interaction and initially worked around it by disabling RKP or switching to a non-kernel-based root solution. Making this information more visible could help others avoid those problems. I’d be happy to help update or contribute to the relevant documentation if that would be useful. --------- Co-authored-by: Wang Han <[email protected]>

…nn#3189)" This reverts commit 35d8162.

…iann#3189)" This reverts commit 4e3f5fb.

Changes on top of upstream (+78): manager: partially revert "manager: Add GKI mode WarningCard" workflows: debloat workflows: debloat pt. 2 dummy.keystore ksud: add armeabi-v7a support manager: unofficial build manager: Add ABI and Kernel archirecture info into InfoCardItem ksud: prevent 32-on-64 pointer mismatches on sepolicy ksud: add avc spoof to feature Revert "kernel: Fix `setup_selinux` using `__task_cred` directly (tiann#3189)" kernel: ksu pr 3093 Reapply: "kernel: Fix `setup_selinux` using `__task_cred` directly (tiann#3189)" kernel: remove unsupportable code kernel: restore code required for old kernels kernel: build: migrate to unity build kernel: core_hook: disable seccomp for manager and allowed uids kernel: supercalls: provide sys_reboot handler kernel: supercalls: backport: "Use task work to install fd" kernel: adapt "namespace support" feature to old kernels kernel: file_wrapper: handle anon_inode_getfile for old kernels kernel: supercalls: partial backport of do_manage_mark kernel: selinux: force sepol_data.sepol to be u64 kernel: core_hook: screw path_umount backport, call sys_umount directly kernel: app_profile: shim escape_with_root_profile kernel: throne_tracker: offload to kthread (tiann#2632) kernel: throne_tracker: fixup deadlocks on iterate_dir kernel: allowlist: escape persistent_allow_list to kthread kernel: ksud: migrate ksud execution to security_bprm_check (tiann#2653) kernel: core_hook: migrate init_session_keyring grab to security_bprm_check kernel: sucompat: increase reliability, commonize and micro-optimize (tiann#2656) kernel: sucompat: sucompat feature support for manual hooks (tiann#2506) kernel: sucompat: provide do_execve_common handler for < 3.14 kernel: sucompat: provide getname_flags handlers kernel: sucompat: provide vfs_statx hook handler >= 5.18 kernel: sucompat: use seccomp.mode for permission check kernel: sucompat: execve: escape init ksud call to root kernel: app_profile: do not disable seccomp again kernel: ksud: migrate init.rc handling to security_file_permission LSM kernel: expose KSU_LSM_SECURITY_HOOKS on Kconfig kernel: core_hook: introduce selinux_ops LSM tampering for < 4.2 kernel: file_wrapper: handle more compat kernel: file_wrapper: handle readdir and iterate compat for UL kernel: ksud: provide is_ksu_transition check v4 kernel: ksud: replace input hook with an input handler kernel: syscall_table_hook: introduce syscall table tampering kernel: syscall_table_hook: wire up sucompat unhooking kernel: kp_ksud: restore kprobes for early-boot and used-once hooks kernel: rp_sucompat: add kretprobes-hooked getname_flags for sucompat kernel: extras: SQUASH: avc log spoofing impl kernel: supercalls/debug: expose ksu_set_manager_appid to sys_reboot kernel: supercalls: allow userspace to pull list entries (tiann#3040) kernel: sulog: basic ringbuffer, timestamped su log kernel: supercalls: expose ksuver override kernel: supercalls: expose spoof uname function to userspace kernel: apk_sign: casting to char for strcmp -> memcmp kernel: apk_sign: migrate generic_file_llseek -> vfs_llseek kernel: core_hook: no ext4_unregister_sysfs, no problem kernel: ksud: d_is_reg to S_ISREG kernel: throne_tracker: strscpy -> strncpy kernel: throne_tracker: resolve s_magic for < 3.9 kernel: ksud: handle conditional read_iter requirement for < 3.16 kernel: throne_tracker: handle filldir_t ABI mismatch on <= 3.18 kernel: compat: iterate_dir -> vfs_readdir compat for < 3.11 kernel: sucompat: bruteforce writeable stack from start_stack for < 3.8 kernel: compat: provide bin2hex compat for < 3.18 kernel: compat: file_inode compat for < 3.9 kernel: compat: provide selinux_inode/selinux_cred wrappers for < 5.1 kernel: compat: inline newer kernel_read / kernel_write for < 4.14 kernel: compat: no-op groups_sort if unavailable kernel: apk_sign: fix return check for ksu_sha256 kernel: handle backports kernel: apk_sign: add more size/hash pairs kernel: ksu: printout quirks / backports / etc on init kernel: scripts: kuid_ul_fix: add small script as helper kernel: selinux/sepolicy: handle selinux policydb backports kernel: ksud: read: add fallback to /init.rc HACK: kernel: bypass tf out of uid_t/gid_t strict type checks KernelSU v3.0.0+ Warning: Managers built from this repo has a known keystore. See dummy.keystore. Signed-off-by: backslashxx <[email protected]>

…nn#3189)" This reverts commit 35d8162.

…iann#3189)" This reverts commit 4e3f5fb.

Changes on top of upstream (+78): manager: partially revert "manager: Add GKI mode WarningCard" workflows: debloat workflows: debloat pt. 2 dummy.keystore ksud: add armeabi-v7a support manager: unofficial build manager: Add ABI and Kernel archirecture info into InfoCardItem ksud: prevent 32-on-64 pointer mismatches on sepolicy ksud: add avc spoof to feature Revert "kernel: Fix `setup_selinux` using `__task_cred` directly (tiann#3189)" kernel: ksu pr 3093 Reapply: "kernel: Fix `setup_selinux` using `__task_cred` directly (tiann#3189)" kernel: remove unsupportable code kernel: restore code required for old kernels kernel: build: migrate to unity build kernel: core_hook: disable seccomp for manager and allowed uids kernel: supercalls: provide sys_reboot handler kernel: supercalls: backport: "Use task work to install fd" kernel: adapt "namespace support" feature to old kernels kernel: file_wrapper: handle anon_inode_getfile for old kernels kernel: supercalls: partial backport of do_manage_mark kernel: selinux: force sepol_data.sepol to be u64 kernel: core_hook: screw path_umount backport, call sys_umount directly kernel: app_profile: shim escape_with_root_profile kernel: throne_tracker: offload to kthread (tiann#2632) kernel: throne_tracker: fixup deadlocks on iterate_dir kernel: allowlist: escape persistent_allow_list to kthread kernel: ksud: migrate ksud execution to security_bprm_check (tiann#2653) kernel: core_hook: migrate init_session_keyring grab to security_bprm_check kernel: sucompat: increase reliability, commonize and micro-optimize (tiann#2656) kernel: sucompat: sucompat feature support for manual hooks (tiann#2506) kernel: sucompat: provide do_execve_common handler for < 3.14 kernel: sucompat: provide getname_flags handlers kernel: sucompat: provide vfs_statx hook handler >= 5.18 kernel: sucompat: use seccomp.mode for permission check kernel: sucompat: execve: escape init ksud call to root kernel: app_profile: do not disable seccomp again kernel: ksud: migrate init.rc handling to security_file_permission LSM kernel: expose KSU_LSM_SECURITY_HOOKS on Kconfig kernel: core_hook: introduce selinux_ops LSM tampering for < 4.2 kernel: file_wrapper: handle more compat kernel: file_wrapper: handle readdir and iterate compat for UL kernel: ksud: provide is_ksu_transition check v4 kernel: ksud: replace input hook with an input handler kernel: syscall_table_hook: introduce syscall table tampering kernel: syscall_table_hook: wire up sucompat unhooking kernel: kp_ksud: restore kprobes for early-boot and used-once hooks kernel: rp_sucompat: add kretprobes-hooked getname_flags for sucompat kernel: extras: SQUASH: avc log spoofing impl kernel: supercalls/debug: expose ksu_set_manager_appid to sys_reboot kernel: supercalls: allow userspace to pull list entries (tiann#3040) kernel: sulog: basic ringbuffer, timestamped su log kernel: supercalls: expose ksuver override kernel: supercalls: expose spoof uname function to userspace kernel: apk_sign: casting to char for strcmp -> memcmp kernel: apk_sign: migrate generic_file_llseek -> vfs_llseek kernel: core_hook: no ext4_unregister_sysfs, no problem kernel: ksud: d_is_reg to S_ISREG kernel: throne_tracker: strscpy -> strncpy kernel: throne_tracker: resolve s_magic for < 3.9 kernel: ksud: handle conditional read_iter requirement for < 3.16 kernel: throne_tracker: handle filldir_t ABI mismatch on <= 3.18 kernel: compat: iterate_dir -> vfs_readdir compat for < 3.11 kernel: sucompat: bruteforce writeable stack from start_stack for < 3.8 kernel: compat: provide bin2hex compat for < 3.18 kernel: compat: file_inode compat for < 3.9 kernel: compat: provide selinux_inode/selinux_cred wrappers for < 5.1 kernel: compat: inline newer kernel_read / kernel_write for < 4.14 kernel: compat: no-op groups_sort if unavailable kernel: apk_sign: fix return check for ksu_sha256 kernel: handle backports kernel: apk_sign: add more size/hash pairs kernel: ksu: printout quirks / backports / etc on init kernel: scripts: kuid_ul_fix: add small script as helper kernel: selinux/sepolicy: handle selinux policydb backports kernel: ksud: read: add fallback to /init.rc HACK: kernel: bypass tf out of uid_t/gid_t strict type checks KernelSU v3.0.0+ Warning: Managers built from this repo has a known keystore. See dummy.keystore. Signed-off-by: backslashxx <[email protected]>

…lSU#3189) This PR fixes an unsafe direct modification of task credentials in the SELinux integration code used by KernelSU. In kernel/selinux, KernelSU currently accesses and mutates the struct cred returned by __task_cred(). While this may work on many kernels, it can cause kernel crashes on systems that enforce additional protections on credential memory, such as Samsung devices using the RKP (UH) hypervisor. On such systems, the credential pages returned by __task_cred() may be write-protected, and writing to them directly can result in a panic during early boot or when launching the KernelSU manager app. More recent KernelSU versions already address this issue in the “escape to root” logic by switching to the proper kernel APIs (prepare_creds() / commit_creds()), which avoids directly modifying protected credential memory. However, setup_selinux() (in selinux/selinux.c) still accesses __task_cred() directly. This patch updates that code path to use the same safe credential handling approach, eliminating the remaining unsafe This change improves compatibility with kernels that enforce credential memory protections (e.g. Samsung kernels with RKP enabled) and removes the need for users to disable CONFIG_UH as a workaround. I do not currently have access to a GKI-based device to test this on real hardware. However: The change builds successfully in the AOSP mainline kernel tree I've backported the logic to my Samsung 4.14 non-GKI kernel tree and KernelSU 0.9.5 works (even with CONFIG_UH=y) Additional note: It may be helpful to document this behavior in the non-GKI integration notes, particularly for Samsung kernels that enable RKP/UH. Several users (myself included) have run into build-time or runtime issues on Samsung kernels due to this interaction and initially worked around it by disabling RKP or switching to a non-kernel-based root solution. Making this information more visible could help others avoid those problems. I’d be happy to help update or contribute to the relevant documentation if that would be useful. --------- Co-authored-by: Wang Han <[email protected]>

Changes on top of upstream (+78): manager: partially revert "manager: Add GKI mode WarningCard" workflows: debloat workflows: debloat pt. 2 dummy.keystore ksud: add armeabi-v7a support manager: unofficial build manager: Add ABI and Kernel archirecture info into InfoCardItem ksud: prevent 32-on-64 pointer mismatches on sepolicy ksud: add avc spoof to feature Revert "kernel: Fix `setup_selinux` using `__task_cred` directly (tiann#3189)" kernel: ksu pr 3093 Reapply: "kernel: Fix `setup_selinux` using `__task_cred` directly (tiann#3189)" kernel: remove unsupportable code kernel: restore code required for old kernels kernel: build: migrate to unity build kernel: core_hook: disable seccomp for manager and allowed uids kernel: supercalls: provide sys_reboot handler kernel: supercalls: backport: "Use task work to install fd" kernel: adapt "namespace support" feature to old kernels kernel: file_wrapper: handle anon_inode_getfile for old kernels kernel: supercalls: partial backport of do_manage_mark kernel: selinux: force sepol_data.sepol to be u64 kernel: core_hook: screw path_umount backport, call sys_umount directly kernel: app_profile: shim escape_with_root_profile kernel: throne_tracker: offload to kthread (tiann#2632) kernel: throne_tracker: fixup deadlocks on iterate_dir kernel: allowlist: escape persistent_allow_list to kthread kernel: ksud: migrate ksud execution to security_bprm_check (tiann#2653) kernel: core_hook: migrate init_session_keyring grab to security_bprm_check kernel: sucompat: increase reliability, commonize and micro-optimize (tiann#2656) kernel: sucompat: sucompat feature support for manual hooks (tiann#2506) kernel: sucompat: provide do_execve_common handler for < 3.14 kernel: sucompat: provide getname_flags handlers kernel: sucompat: provide vfs_statx hook handler >= 5.18 kernel: sucompat: use seccomp.mode for permission check kernel: sucompat: execve: escape init ksud call to root kernel: app_profile: do not disable seccomp again kernel: ksud: migrate init.rc handling to security_file_permission LSM kernel: expose KSU_LSM_SECURITY_HOOKS on Kconfig kernel: core_hook: introduce selinux_ops LSM tampering for < 4.2 kernel: file_wrapper: handle more compat kernel: file_wrapper: handle readdir and iterate compat for UL kernel: ksud: provide is_ksu_transition check v4 kernel: ksud: replace input hook with an input handler kernel: syscall_table_hook: introduce syscall table tampering kernel: syscall_table_hook: wire up sucompat unhooking kernel: kp_ksud: restore kprobes for early-boot and used-once hooks kernel: rp_sucompat: add kretprobes-hooked getname_flags for sucompat kernel: extras: SQUASH: avc log spoofing impl kernel: supercalls/debug: expose ksu_set_manager_appid to sys_reboot kernel: supercalls: allow userspace to pull list entries (tiann#3040) kernel: sulog: basic ringbuffer, timestamped su log kernel: supercalls: expose ksuver override kernel: supercalls: expose spoof uname function to userspace kernel: apk_sign: casting to char for strcmp -> memcmp kernel: apk_sign: migrate generic_file_llseek -> vfs_llseek kernel: core_hook: no ext4_unregister_sysfs, no problem kernel: ksud: d_is_reg to S_ISREG kernel: throne_tracker: strscpy -> strncpy kernel: throne_tracker: resolve s_magic for < 3.9 kernel: ksud: handle conditional read_iter requirement for < 3.16 kernel: throne_tracker: handle filldir_t ABI mismatch on <= 3.18 kernel: compat: iterate_dir -> vfs_readdir compat for < 3.11 kernel: sucompat: bruteforce writeable stack from start_stack for < 3.8 kernel: compat: provide bin2hex compat for < 3.18 kernel: compat: file_inode compat for < 3.9 kernel: compat: provide selinux_inode/selinux_cred wrappers for < 5.1 kernel: compat: inline newer kernel_read / kernel_write for < 4.14 kernel: compat: no-op groups_sort if unavailable kernel: apk_sign: fix return check for ksu_sha256 kernel: handle backports kernel: apk_sign: add more size/hash pairs kernel: ksu: printout quirks / backports / etc on init kernel: scripts: kuid_ul_fix: add small script as helper kernel: selinux/sepolicy: handle selinux policydb backports kernel: ksud: read: add fallback to /init.rc HACK: kernel: bypass tf out of uid_t/gid_t strict type checks KernelSU v3.0.0+ Warning: Managers built from this repo has a known keystore. See dummy.keystore. Signed-off-by: backslashxx <[email protected]>

…lSU#3189) This PR fixes an unsafe direct modification of task credentials in the SELinux integration code used by KernelSU. In kernel/selinux, KernelSU currently accesses and mutates the struct cred returned by __task_cred(). While this may work on many kernels, it can cause kernel crashes on systems that enforce additional protections on credential memory, such as Samsung devices using the RKP (UH) hypervisor. On such systems, the credential pages returned by __task_cred() may be write-protected, and writing to them directly can result in a panic during early boot or when launching the KernelSU manager app. More recent KernelSU versions already address this issue in the “escape to root” logic by switching to the proper kernel APIs (prepare_creds() / commit_creds()), which avoids directly modifying protected credential memory. However, setup_selinux() (in selinux/selinux.c) still accesses __task_cred() directly. This patch updates that code path to use the same safe credential handling approach, eliminating the remaining unsafe This change improves compatibility with kernels that enforce credential memory protections (e.g. Samsung kernels with RKP enabled) and removes the need for users to disable CONFIG_UH as a workaround. I do not currently have access to a GKI-based device to test this on real hardware. However: The change builds successfully in the AOSP mainline kernel tree I've backported the logic to my Samsung 4.14 non-GKI kernel tree and KernelSU 0.9.5 works (even with CONFIG_UH=y) Additional note: It may be helpful to document this behavior in the non-GKI integration notes, particularly for Samsung kernels that enable RKP/UH. Several users (myself included) have run into build-time or runtime issues on Samsung kernels due to this interaction and initially worked around it by disabling RKP or switching to a non-kernel-based root solution. Making this information more visible could help others avoid those problems. I’d be happy to help update or contribute to the relevant documentation if that would be useful. --------- Co-authored-by: Wang Han <[email protected]>

This PR fixes an unsafe direct modification of task credentials in the SELinux integration code used by KernelSU. In kernel/selinux, KernelSU currently accesses and mutates the struct cred returned by __task_cred(). While this may work on many kernels, it can cause kernel crashes on systems that enforce additional protections on credential memory, such as Samsung devices using the RKP (UH) hypervisor. On such systems, the credential pages returned by __task_cred() may be write-protected, and writing to them directly can result in a panic during early boot or when launching the KernelSU manager app. More recent KernelSU versions already address this issue in the “escape to root” logic by switching to the proper kernel APIs (prepare_creds() / commit_creds()), which avoids directly modifying protected credential memory. However, setup_selinux() (in selinux/selinux.c) still accesses __task_cred() directly. This patch updates that code path to use the same safe credential handling approach, eliminating the remaining unsafe This change improves compatibility with kernels that enforce credential memory protections (e.g. Samsung kernels with RKP enabled) and removes the need for users to disable CONFIG_UH as a workaround. I do not currently have access to a GKI-based device to test this on real hardware. However: The change builds successfully in the AOSP mainline kernel tree I've backported the logic to my Samsung 4.14 non-GKI kernel tree and KernelSU 0.9.5 works (even with CONFIG_UH=y) Additional note: It may be helpful to document this behavior in the non-GKI integration notes, particularly for Samsung kernels that enable RKP/UH. Several users (myself included) have run into build-time or runtime issues on Samsung kernels due to this interaction and initially worked around it by disabling RKP or switching to a non-kernel-based root solution. Making this information more visible could help others avoid those problems. I’d be happy to help update or contribute to the relevant documentation if that would be useful. --------- Co-authored-by: Wang Han <[email protected]>

Changes on top of upstream (+78): manager: partially revert "manager: Add GKI mode WarningCard" workflows: debloat workflows: debloat pt. 2 dummy.keystore ksud: add armeabi-v7a support manager: unofficial build manager: Add ABI and Kernel archirecture info into InfoCardItem ksud: prevent 32-on-64 pointer mismatches on sepolicy ksud: add avc spoof to feature Revert "kernel: Fix `setup_selinux` using `__task_cred` directly (tiann#3189)" kernel: ksu pr 3093 Reapply: "kernel: Fix `setup_selinux` using `__task_cred` directly (tiann#3189)" kernel: remove unsupportable code kernel: restore code required for old kernels kernel: build: migrate to unity build kernel: core_hook: disable seccomp for manager and allowed uids kernel: supercalls: provide sys_reboot handler kernel: supercalls: backport: "Use task work to install fd" kernel: adapt "namespace support" feature to old kernels kernel: file_wrapper: handle anon_inode_getfile for old kernels kernel: supercalls: partial backport of do_manage_mark kernel: selinux: force sepol_data.sepol to be u64 kernel: core_hook: screw path_umount backport, call sys_umount directly kernel: app_profile: shim escape_with_root_profile kernel: throne_tracker: offload to kthread (tiann#2632) kernel: throne_tracker: fixup deadlocks on iterate_dir kernel: allowlist: escape persistent_allow_list to kthread kernel: ksud: migrate ksud execution to security_bprm_check (tiann#2653) kernel: core_hook: migrate init_session_keyring grab to security_bprm_check kernel: sucompat: increase reliability, commonize and micro-optimize (tiann#2656) kernel: sucompat: sucompat feature support for manual hooks (tiann#2506) kernel: sucompat: provide do_execve_common handler for < 3.14 kernel: sucompat: provide getname_flags handlers kernel: sucompat: provide vfs_statx hook handler >= 5.18 kernel: sucompat: use seccomp.mode for permission check kernel: sucompat: execve: escape init ksud call to root kernel: app_profile: do not disable seccomp again kernel: ksud: migrate init.rc handling to security_file_permission LSM kernel: expose KSU_LSM_SECURITY_HOOKS on Kconfig kernel: core_hook: introduce selinux_ops LSM tampering for < 4.2 kernel: file_wrapper: handle more compat kernel: file_wrapper: handle readdir and iterate compat for UL kernel: ksud: provide is_ksu_transition check v4 kernel: ksud: replace input hook with an input handler kernel: syscall_table_hook: introduce syscall table tampering kernel: syscall_table_hook: wire up sucompat unhooking kernel: kp_ksud: restore kprobes for early-boot and used-once hooks kernel: rp_sucompat: add kretprobes-hooked getname_flags for sucompat kernel: extras: SQUASH: avc log spoofing impl kernel: supercalls/debug: expose ksu_set_manager_appid to sys_reboot kernel: supercalls: allow userspace to pull list entries (tiann#3040) kernel: sulog: basic ringbuffer, timestamped su log kernel: supercalls: expose ksuver override kernel: supercalls: expose spoof uname function to userspace kernel: apk_sign: casting to char for strcmp -> memcmp kernel: apk_sign: migrate generic_file_llseek -> vfs_llseek kernel: core_hook: no ext4_unregister_sysfs, no problem kernel: ksud: d_is_reg to S_ISREG kernel: throne_tracker: strscpy -> strncpy kernel: throne_tracker: resolve s_magic for < 3.9 kernel: ksud: handle conditional read_iter requirement for < 3.16 kernel: throne_tracker: handle filldir_t ABI mismatch on <= 3.18 kernel: compat: iterate_dir -> vfs_readdir compat for < 3.11 kernel: sucompat: bruteforce writeable stack from start_stack for < 3.8 kernel: compat: provide bin2hex compat for < 3.18 kernel: compat: file_inode compat for < 3.9 kernel: compat: provide selinux_inode/selinux_cred wrappers for < 5.1 kernel: compat: inline newer kernel_read / kernel_write for < 4.14 kernel: compat: no-op groups_sort if unavailable kernel: apk_sign: fix return check for ksu_sha256 kernel: handle backports kernel: apk_sign: add more size/hash pairs kernel: ksu: printout quirks / backports / etc on init kernel: scripts: kuid_ul_fix: add small script as helper kernel: selinux/sepolicy: handle selinux policydb backports kernel: ksud: read: add fallback to /init.rc HACK: kernel: bypass tf out of uid_t/gid_t strict type checks KernelSU v3.0.0+ Warning: Managers built from this repo has a known keystore. See dummy.keystore. Signed-off-by: backslashxx <[email protected]>

119b36986b37 kernel: don't use "reset seccomp filter count when escaping to root" for kernel version <5.9.0 fe83b2d09385 kernel: sync KSU_VERSION wit dev branch 8174393b324f kernel: use correct errno when add_try_umount failed (tiann/KernelSU#3212) 0a815847e311 kernel: supercalls: take sulog_init_heap() out of kprobes guard to fix sulog for manual hooks 1fe50d167faf kernel: Kbuild: Remove duplicate extras.o 85dde0cdee93 kernel: ksud: Restore init.rc injection for manual hooks 6f532c03eb48 kernel: sync KSU_VERSION with dev branch d772243558ef kernel: Fix `setup_selinux` using `__task_cred` directly (tiann/KernelSU#3189) c24b3a1ea664 kernel: ksud: read: add fallback to /init.rc 57abef815abb kernel: improve Git repository detection for KernelSU versioning (tiann/KernelSU#3108) 93c1961049e3 kernel: Use more reasonable symbol name for newfstatat 8d7f119ce4ee kernel: Fixing symbol names causing x64 kernel compilation failure (#3147) f9df4c57f359 kernel: ksud: Refine rc injection, fix issue of Android Canary 2601 b966ce86d937 kernel: Clean up selinux.c (tiann/KernelSU#3132) 21058f79bd5c kernel: Explicitly check zygote start in execve hook (tiann/KernelSU#3113) (#1038) 863c18044bc8 kernel: remove innecesary code in ksud.c 107de9c16a3c kernel: check package name before check manager signature (tiann/KernelSU#3134) (#1052) 46644093b2ce selinux: Cache SID lookups for domain checks (tiann/KernelSU#3128) (#1051) ed226983e1ad kernel: Fix potential memory leaks (tiann/KernelSU#3170) (#1082) 5e276d4ed3eb kernel: abort manual hook compilation if not found ksu_handle_sys_reboot (#1093) git-subtree-dir: drivers/kernelsu git-subtree-split: 119b36986b37aaaad798835fee0337e687a0c8ac

…nn#3189)" This reverts commit 35d8162.

…iann#3189)" This reverts commit 4e3f5fb.

…nn#3189)" This reverts commit 35d8162.

…iann#3189)" This reverts commit 4e3f5fb.

Changes on top of upstream (+78): manager: partially revert "manager: Add GKI mode WarningCard" workflows: debloat workflows: debloat pt. 2 dummy.keystore ksud: add armeabi-v7a support manager: unofficial build manager: Add ABI and Kernel archirecture info into InfoCardItem ksud: prevent 32-on-64 pointer mismatches on sepolicy ksud: add avc spoof to feature Revert "kernel: Fix `setup_selinux` using `__task_cred` directly (tiann#3189)" kernel: ksu pr 3093 Reapply: "kernel: Fix `setup_selinux` using `__task_cred` directly (tiann#3189)" kernel: remove unsupportable code kernel: restore code required for old kernels kernel: build: migrate to unity build kernel: core_hook: disable seccomp for manager and allowed uids kernel: supercalls: provide sys_reboot handler kernel: supercalls: backport: "Use task work to install fd" kernel: adapt "namespace support" feature to old kernels kernel: file_wrapper: handle anon_inode_getfile for old kernels kernel: supercalls: partial backport of do_manage_mark kernel: selinux: force sepol_data.sepol to be u64 kernel: core_hook: screw path_umount backport, call sys_umount directly kernel: app_profile: shim escape_with_root_profile kernel: throne_tracker: offload to kthread (tiann#2632) kernel: throne_tracker: fixup deadlocks on iterate_dir kernel: allowlist: escape persistent_allow_list to kthread kernel: ksud: migrate ksud execution to security_bprm_check (tiann#2653) kernel: core_hook: migrate init_session_keyring grab to security_bprm_check kernel: sucompat: increase reliability, commonize and micro-optimize (tiann#2656) kernel: sucompat: sucompat feature support for manual hooks (tiann#2506) kernel: sucompat: provide do_execve_common handler for < 3.14 kernel: sucompat: provide getname_flags handlers kernel: sucompat: provide vfs_statx hook handler >= 5.18 kernel: sucompat: use seccomp.mode for permission check kernel: sucompat: execve: escape init ksud call to root kernel: app_profile: do not disable seccomp again kernel: ksud: migrate init.rc handling to security_file_permission LSM kernel: expose KSU_LSM_SECURITY_HOOKS on Kconfig kernel: core_hook: introduce selinux_ops LSM tampering for < 4.2 kernel: file_wrapper: handle more compat kernel: file_wrapper: handle readdir and iterate compat for UL kernel: ksud: provide is_ksu_transition check v4 kernel: ksud: replace input hook with an input handler kernel: syscall_table_hook: introduce syscall table tampering kernel: syscall_table_hook: wire up sucompat unhooking kernel: kp_ksud: restore kprobes for early-boot and used-once hooks kernel: rp_sucompat: add kretprobes-hooked getname_flags for sucompat kernel: extras: SQUASH: avc log spoofing impl kernel: supercalls/debug: expose ksu_set_manager_appid to sys_reboot kernel: supercalls: allow userspace to pull list entries (tiann#3040) kernel: sulog: basic ringbuffer, timestamped su log kernel: supercalls: expose ksuver override kernel: supercalls: expose spoof uname function to userspace kernel: apk_sign: casting to char for strcmp -> memcmp kernel: apk_sign: migrate generic_file_llseek -> vfs_llseek kernel: core_hook: no ext4_unregister_sysfs, no problem kernel: ksud: d_is_reg to S_ISREG kernel: throne_tracker: strscpy -> strncpy kernel: throne_tracker: resolve s_magic for < 3.9 kernel: ksud: handle conditional read_iter requirement for < 3.16 kernel: throne_tracker: handle filldir_t ABI mismatch on <= 3.18 kernel: compat: iterate_dir -> vfs_readdir compat for < 3.11 kernel: sucompat: bruteforce writeable stack from start_stack for < 3.8 kernel: compat: provide bin2hex compat for < 3.18 kernel: compat: file_inode compat for < 3.9 kernel: compat: provide selinux_inode/selinux_cred wrappers for < 5.1 kernel: compat: inline newer kernel_read / kernel_write for < 4.14 kernel: compat: no-op groups_sort if unavailable kernel: apk_sign: fix return check for ksu_sha256 kernel: handle backports kernel: apk_sign: add more size/hash pairs kernel: ksu: printout quirks / backports / etc on init kernel: scripts: kuid_ul_fix: add small script as helper kernel: selinux/sepolicy: handle selinux policydb backports kernel: ksud: read: add fallback to /init.rc HACK: kernel: bypass tf out of uid_t/gid_t strict type checks KernelSU v3.0.0+ Warning: Managers built from this repo has a known keystore. See dummy.keystore. Signed-off-by: backslashxx <[email protected]>

jsoltan226 and others added 2 commits January 28, 2026 15:28

kernel: Fix setup_selinux using __task_cred directly

58685c2

Fix syntax error in setup_selinux function

be4eca0

aviraxp requested a review from Copilot February 2, 2026 02:13

Copilot started reviewing on behalf of aviraxp February 2, 2026 02:13 View session

Copilot AI reviewed Feb 2, 2026

View reviewed changes

aviraxp merged commit 35d8162 into tiann:main Feb 2, 2026
23 checks passed

pershoot mentioned this pull request Feb 2, 2026

kernel: Fix setup_selinux using __task_cred directly (https://github.com/tiann/KernelSU/pull/3189) KernelSU-Next/KernelSU-Next#1100

Merged

backslashxx added a commit to backslashxx/KernelSU that referenced this pull request Feb 2, 2026

Revert "kernel: Fix setup_selinux using __task_cred directly (tia…

b1cee70

…nn#3189)" This reverts commit 35d8162.

selfmusing pushed a commit to selfmusing/USlenreK that referenced this pull request Feb 2, 2026

Revert "kernel: Fix setup_selinux using __task_cred directly (tia…

aa5047d

…nn#3189)" This reverts commit 35d8162.

backslashxx added a commit to backslashxx/KernelSU that referenced this pull request Feb 3, 2026

Revert "kernel: Fix setup_selinux using __task_cred directly (tia…

4e3f5fb

…nn#3189)" This reverts commit 35d8162.

selfmusing pushed a commit to selfmusing/USlenreK that referenced this pull request Feb 3, 2026

Revert "kernel: Fix setup_selinux using __task_cred directly (tia…

824bd36

…nn#3189)" This reverts commit 35d8162.

backslashxx added a commit to backslashxx/KernelSU that referenced this pull request Feb 10, 2026

Revert "kernel: Fix setup_selinux using __task_cred directly (tia…

0688282

…nn#3189)" This reverts commit 35d8162.

backslashxx added a commit to backslashxx/KernelSU that referenced this pull request Feb 10, 2026

Reapply: "kernel: Fix setup_selinux using __task_cred directly (t…

7cfda13

…iann#3189)" This reverts commit 4e3f5fb.

selfmusing pushed a commit to selfmusing/USlenreK that referenced this pull request Feb 10, 2026

Revert "kernel: Fix setup_selinux using __task_cred directly (tia…

37db215

…nn#3189)" This reverts commit 35d8162.

selfmusing pushed a commit to selfmusing/USlenreK that referenced this pull request Feb 10, 2026

Reapply: "kernel: Fix setup_selinux using __task_cred directly (t…

0b0903e

…iann#3189)" This reverts commit 4e3f5fb.

backslashxx added a commit to backslashxx/KernelSU that referenced this pull request Feb 11, 2026

Revert "kernel: Fix setup_selinux using __task_cred directly (tia…

f9d6db6

…nn#3189)" This reverts commit 35d8162.

backslashxx added a commit to backslashxx/KernelSU that referenced this pull request Feb 11, 2026

Reapply: "kernel: Fix setup_selinux using __task_cred directly (t…

fbce85f

…iann#3189)" This reverts commit 4e3f5fb.

selfmusing pushed a commit to selfmusing/USlenreK that referenced this pull request Feb 11, 2026

Revert "kernel: Fix setup_selinux using __task_cred directly (tia…

39eec5b

…nn#3189)" This reverts commit 35d8162.

selfmusing pushed a commit to selfmusing/USlenreK that referenced this pull request Feb 11, 2026

Reapply: "kernel: Fix setup_selinux using __task_cred directly (t…

f544bc7

…iann#3189)" This reverts commit 4e3f5fb.

bklynali pushed a commit to bklynali/BK-KSU that referenced this pull request Feb 20, 2026

Revert "kernel: Fix setup_selinux using __task_cred directly (tia…

e7de8f1

…nn#3189)" This reverts commit 35d8162.

bklynali pushed a commit to bklynali/BK-KSU that referenced this pull request Feb 20, 2026

Revert "kernel: Fix setup_selinux using __task_cred directly (tia…

0d70c4f

…nn#3189)" This reverts commit 35d8162.

bklynali pushed a commit to bklynali/BK-KSU that referenced this pull request Feb 20, 2026

Reapply: "kernel: Fix setup_selinux using __task_cred directly (t…

e4e76dd

…iann#3189)" This reverts commit 4e3f5fb.

bklynali pushed a commit to bklynali/BK-KSU that referenced this pull request Feb 20, 2026

Revert "kernel: Fix setup_selinux using __task_cred directly (tia…

a5bcfce

…nn#3189)" This reverts commit 35d8162.

bklynali pushed a commit to bklynali/BK-KSU that referenced this pull request Feb 20, 2026

Reapply: "kernel: Fix setup_selinux using __task_cred directly (t…

1f1bb99

…iann#3189)" This reverts commit 4e3f5fb.

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

Comments

kernel: Fix `setup_selinux` using `__task_cred` directly#3189

kernel: Fix `setup_selinux` using `__task_cred` directly#3189
aviraxp merged 2 commits intotiann:mainfrom
jsoltan226:rkp-cred-fix

jsoltan226 commented Jan 28, 2026

Uh oh!

jsoltan226 commented Jan 29, 2026

Uh oh!

Copilot AI left a comment

Uh oh!

aviraxp commented Feb 2, 2026 •

edited

Loading

Uh oh!

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

2 participants

Uh oh!

Comments

Conversation

jsoltan226 commented Jan 28, 2026

Uh oh!

jsoltan226 commented Jan 29, 2026

Uh oh!

Copilot AI left a comment

Choose a reason for hiding this comment

Pull request overview

Reviewed changes

Uh oh!

aviraxp commented Feb 2, 2026 • edited Loading Uh oh! There was an error while loading. Please reload this page.

Uh oh!

Uh oh!

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

2 participants

aviraxp commented Feb 2, 2026 •

edited

Loading