kernel: add check flag on escape_to_root

backslashxx · backslashxx · commit 0de076f635b8 · 2025-09-14T10:50:44.000+08:00
this just adds a flag that if when true, we check if its already root and return.

kthread will need this check skipped, so add a way for it to happen.

Signed-off-by: backslashxx &lt;118538522+backslashxx@users.noreply.github.com&gt;
diff --git a/kernel/core_hook.c b/kernel/core_hook.c
@@ -123,19 +123,18 @@ static void disable_seccomp()
 #endif
 }
 
-void escape_to_root(void)
+void escape_to_root(bool do_check_first)
 {
 	struct cred *cred;
 
-	cred = prepare_creds();
-	if (!cred) {
-		pr_warn("prepare_creds failed!\n");
+	if (do_check_first && current_euid().val == 0) {
+		pr_warn("Already root, don't escape!\n");
 		return;
 	}
 
-	if (cred->euid.val == 0) {
-		pr_warn("Already root, don't escape!\n");
-		abort_creds(cred);
+	cred = prepare_creds();
+	if (!cred) {
+		pr_warn("prepare_creds failed!\n");
 		return;
 	}
 
@@ -331,7 +330,7 @@ int ksu_handle_prctl(int option, unsigned long arg2, unsigned long arg3,
 	if (arg2 == CMD_GRANT_ROOT) {
 		if (is_allow_su()) {
 			pr_info("allow root for: %d\n", current_uid().val);
-			escape_to_root();
+			escape_to_root(true);
 			if (copy_to_user(result, &reply_ok, sizeof(reply_ok))) {
 				pr_err("grant_root: prctl reply error\n");
 			}
diff --git a/kernel/ksud.h b/kernel/ksud.h
@@ -14,4 +14,6 @@ extern u32 ksu_devpts_sid;
 extern bool ksu_execveat_hook __read_mostly;
 extern int ksu_handle_pre_ksud(const char *filename);
 
+extern void escape_to_root(bool do_check_first);
+
 #endif
diff --git a/kernel/sucompat.c b/kernel/sucompat.c
@@ -23,8 +23,6 @@
 #define SU_PATH "/system/bin/su"
 #define SH_PATH "/system/bin/sh"
 
-extern void escape_to_root();
-
 static bool ksu_sucompat_non_kp __read_mostly = true;
 
 static void __user *userspace_stack_buffer(const void *d, size_t len)
@@ -85,7 +83,7 @@ static int ksu_sucompat_user_common(const char __user **filename_user,
 	if (escalate) {
 		pr_info("%s su found\n", syscall_name);
 		*filename_user = ksud_user_path();
-		escape_to_root(); // escalate !!
+		escape_to_root(true); // escalate !!
 	} else {
 		pr_info("%s su->sh!\n", syscall_name);
 		*filename_user = sh_user_path();
@@ -147,7 +145,7 @@ int ksu_handle_execveat_sucompat(int *fd, struct filename **filename_ptr,
 	pr_info("do_execveat_common su found\n");
 	memcpy((void *)filename->name, sh, sizeof(sh));
 
-	escape_to_root();
+	escape_to_root(true);
 
 	return 0;
 }
