Use huawei_hisi_check.h to determine whether it is an old Huawei
HiSilicon device.
Solve:
1. Compatible with non-GKI Huawei HiSilicon devices
2. Solve different bugs in EMUI of different system versions
3. Does not affect other devices
EMUI 10 kernel version is 4.14.xxx.
The SELinux of Huawei's modified EMUI10 kernel is still similar to the
EMUI 9 version. This commit not support HarmonyOS 2 based EMUI 10.
Hi @tiann.
Thanks for the great project, I had great fun playing around with it.
This PR mainly tries to further minimize the possible delays caused by
KernelSU hooking.
There are 3 major changes:
- Processes with 0 < UID < 2000 are blocked straight-up before going
through the allow_list.
I don't see any need for such processes to be interested in root, and
this allows returning early before going through a more expensive
lookup.
If there's an expected breakage due to this change, I'll remove it. Let
me know.
- A page-sized (4K) bitmap is added.
This allows O(1) lookup for UID <= 32767.
This speeds up `ksu_is_allow_uid()` by about 4.8x by sacrificing a 4K
memory. IMHO, a good trade-off.
Most notably, this reduces the 99.999% result previously from worrying
milliseconds scale to microseconds scale.
For UID > 32767, another page-sized (4K) sequential array is used to
cache allow_list.
Compared to the previous PR #557, this new approach gives another nice
25% performance boost in average, 63-96% boost in worst cases.
Benchmark results are available at
https://docs.google.com/spreadsheets/d/1w_tO1zRLPNMFRer49pL1TQfL6ndEhilRrDU1XFIcWXY/edit?usp=sharing
Thanks!
---------
Signed-off-by: Juhyung Park <qkrwngud825@gmail.com>
- Seen with Linux 4.14 kernel with error message:
In file included from ../drivers/android/kernelsu/selinux/sepolicy.c:1:
In file included from ../drivers/android/kernelsu/selinux/sepolicy.h:6:
In file included from ../security/selinux/ss/policydb.h:30: In file
included from ../security/selinux/ss/avtab.h:26:
../security/selinux/include/security.h:240:10: error: use of undeclared
identifier 'EIDRM'
return -EIDRM;
^
CC drivers/base/transport_class.o
CC kernel/rcu/update.o
../security/selinux/include/security.h:246:10: error: use of undeclared
identifier 'ENOENT'
return -ENOENT;
^
This checks `selinux_state` and `current_sid` supports in a raw way.
Feels more reliable than the version checks.
Supersedes #401, fixes#280, fixes#400.
4.9's last release aka 4.9.337 still needs the same fallbacks as 4.9.212
and breaks otherwise, upgrade this to fix compilation
Tested and working on POCO F1, 4.9.337
_selinux_state_ is backported to 4.9 kernel with the 4.9.212 release,
use it to fix the build.
many thanks to @reallysnow for figuring this out.
inspired by
d7c2c5f02a
* Merged related changes in android-common-kernel-4.14.163 [1] Handle
correct checks for older versions (below 4.14.163, 4.9, 4.4)
* fixes 14be7562, it is required in 4.14.163 kernel, it is not needed in
4.14.163 and later
[1]: https://github.com/MiCode/Xiaomi_Kernel_OpenSource/commits/1cfd8419
Change-Id: Iade104312d058a249667ca836259d5608418bb55
Co-authored-by: admin <paper@localhost>
* d77ab8d although fixed some typo, but since there is no include avc.h,
this will cause the build to fail
* Error:
/mnt/HDD/fish/aospa/kernel/msm-4.9/drivers/staging/ksu/selinux/selinux.c:60:2:
error: use of undeclared identifier 'selinux_enforcing'
selinux_enforcing = enforce;
^
/mnt/HDD/fish/aospa/kernel/msm-4.9/drivers/staging/ksu/selinux/selinux.c:81:9:
error: use of undeclared identifier 'selinux_enforcing'
return selinux_enforcing;
^
2 errors generated.
Change-Id: I4cc8917b2b73ca467873222e02d498da8718988e
