KernelSU v2.1.2+

backslashxx · backslashxx · commit 5ba4dc9c0faa · 2025-11-26T13:15:30.000+08:00
Changes on top of upstream (+68): workflows: debloat workflows: debloat pt. 2 dummy.keystore ksud: add armeabi-v7a support manager: failure mode dummy demo manager: unofficial build manager: Add ABI and Kernel archirecture info into InfoCardItem ksud: prevent 32-on-64 pointer mismatches on sepolicy ksud: add avc spoof to feature kernel: remove unsupportable code kernel: restore code required for old kernels kernel: compat: remove ksu_android_ns_fs_check kernel: core_hook: backport ksu_enhanced_security rules kernel: core_hook: disable seccomp for allowed uids kernel: supercalls: provide sys_reboot handler kernel: supercalls: backport: "Use task work to install fd" kernel: supercalls: partial backport of do_manage_mark kernel: selinux: force sepol_data.sepol to be u64 kernel: core_hook: screw path_umount backport, call sys_umount directly kernel: app_profile: shim escape_with_root_profile kernel: throne_tracker: offload to kthread (tiann#2632) kernel: allowlist: escape persistent_allow_list to kthread kernel: ksud: migrate ksud execution to security_bprm_check (tiann#2653) kernel: core_hook: migrate init_session_keyring grab to security_bprm_check kernel: compat: uprev init_session_keyring pullout to < 5.2 kernel: sucompat: increase reliability, commonize and micro-optimize (tiann#2656) kernel: sucompat: sucompat feature support for manual hooks (tiann#2506) kernel: sucompat: use seccomp.mode for permission check kernel: app_profile: do not disable seccomp again kernel: expose KSU_LSM_SECURITY_HOOKS on Kconfig kernel: sucompat: commonize and provide explicit compatibility to old hooks kernel: sucompat: provide do_execve_common handler for < 3.14 kernel: sucompat: provide getname_flags (user) ultimatum hook kernel: sucompat: provide getname_flags (kernel) ultimatum hook kernel: sucompat: provide vfs_statx hook handler >= 5.18 kernel: file_wrapper: handle more compat kernel: file_wrapper: handle readdir and iterate compat for UL kernel: ksud: provide is_ksu_transition check v4 kernel: kp_ksud: restore kprobes for early-boot and used-once hooks kernel: kp_ksud: add security_bounded_transition hook for < 4.14 (tiann#1704) kernel: kp_ksud: add sys_reboot kp hook kernel: rp_sucompat: add kretprobes-hooked getname_flags for sucompat kernel: extras: base implementation of avc log spoofing kernel: extras/avc_spoof: add kprobe support kernel: extras: add avc spoof to feature kernel/extra: replace sensitive context with priv_app kernel: apk_sign: casting to char for strcmp -> memcmp kernel: apk_sign: migrate generic_file_llseek -> vfs_llseek kernel: core_hook: no ext4_unregister_sysfs, no problem kernel: ksud: d_is_reg to S_ISREG kernel: throne_tracker: resolve s_magic for < 3.9 kernel: ksud: handle conditional read_iter requirement for < 3.16 kernel: throne_tracker: handle filldir_t ABI mismatch on <= 3.18 kernel: compat: iterate_dir -> vfs_readdir compat for < 3.11 kernel: sucompat: bruteforce writeable stack from start_stack for < 3.8 kernel: compat: provide bin2hex compat for < 3.18 kernel: compat: add strscpy pseudo-compat for < 4.3 kernel: compat: file_inode compat for < 3.9 kernel: compat: provide weak anon_inode_getfd_secure for < 5.12 kernel: compat: provide selinux_inode wrapper for < 5.1 kernel: compat: provide selinux_cred wrapper for < 5.1 kernel: apk_sign: fix return check for ksu_sha256 kernel: handle backports kernel: apk_sign: add more size/hash pairs kernel: ksu: printout quirks / backports / etc on init kernel: scripts: kuid_ul_fix: add small script as helper kernel: selinux: fix wrong return type KernelSU v2.1.2+ Warning: Managers built from this repo has a known keystore. See dummy.keystore. Signed-off-by: backslashxx <118538522+backslashxx@users.noreply.github.com>
diff --git a/kernel/Makefile b/kernel/Makefile
@@ -38,32 +38,8 @@ MDIR := $(realpath $(dir $(abspath $(lastword $(MAKEFILE_LIST)))))
 $(info -- KDIR: $(KDIR))
 $(info -- MDIR: $(MDIR))
 
-# Check if this is a git repository
-# For in-tree build: check $(srctree)/$(src)/../.git
-# For out-of-tree build: check $(MDIR)/../.git
-ifeq ($(shell test -e $(srctree)/$(src)/../.git && echo "in-tree"),in-tree)
-# In-tree build (git submodule)
-$(shell cd $(srctree)/$(src); /usr/bin/env PATH="$$PATH":/usr/bin:/usr/local/bin [ -f ../.git/shallow ] && git fetch --unshallow)
-KSU_GIT_VERSION := $(shell cd $(srctree)/$(src); /usr/bin/env PATH="$$PATH":/usr/bin:/usr/local/bin git rev-list --count HEAD)
-KSU_GIT_VERSION_VALID := 1
-else ifeq ($(shell test -e $(MDIR)/../.git && echo "out-of-tree"),out-of-tree)
-# Out-of-tree build (standalone repository)
-$(shell cd $(MDIR); /usr/bin/env PATH="$$PATH":/usr/bin:/usr/local/bin [ -f ../.git/shallow ] && git fetch --unshallow)
-KSU_GIT_VERSION := $(shell cd $(MDIR); /usr/bin/env PATH="$$PATH":/usr/bin:/usr/local/bin git rev-list --count HEAD)
-KSU_GIT_VERSION_VALID := 1
-endif
-
-# Calculate version if git version is available
-ifdef KSU_GIT_VERSION_VALID
-# ksu_version: major * 10000 + git version + 200 for historical reasons
-$(eval KSU_VERSION=$(shell expr 20000 + $(KSU_GIT_VERSION)))
-$(info -- KernelSU version: $(KSU_VERSION))
-ccflags-y += -DKSU_VERSION=$(KSU_VERSION)
-else
-# If there is no .git directory, use default version
-$(warning "KSU_GIT_VERSION not defined! It is better to make KernelSU a git repository!")
-ccflags-y += -DKSU_VERSION=16
-endif
+# compliant to last upstream kernel change as of 5007bea
+ccflags-y += -DKSU_VERSION=22153
 
 ifeq ($(shell grep -q " current_sid(void)" $(srctree)/security/selinux/include/objsec.h; echo $$?),0)
 ccflags-y += -DKSU_COMPAT_HAS_CURRENT_SID
diff --git a/manager/build.gradle.kts b/manager/build.gradle.kts
@@ -50,7 +50,7 @@ fun getGitDescribe(): String {
 fun getVersionCode(): Int {
     val commitCount = getGitCommitCount()
     val major = 2
-    return major * 10000 + commitCount
+    return major * 10000 + commitCount - 68
 }
 
 fun getVersionName(): String {
@@ -87,4 +87,4 @@ subprojects {
             }
         }
     }
-}
+}
diff --git a/userspace/ksud/build.rs b/userspace/ksud/build.rs
@@ -15,7 +15,7 @@ fn get_git_version() -> Result<(u32, String), std::io::Error> {
         .trim()
         .parse()
         .map_err(|_| std::io::Error::other("Failed to parse git count"))?;
-    let version_code = 20000 + version_code;
+    let version_code = 20000 - 68 + version_code;
 
     let version_name = String::from_utf8(
         Command::new("git")

Original file line number	Diff line number	Diff line change
`@@ -50,7 +50,7 @@ fun getGitDescribe(): String {`
`50`	`50`	`fun getVersionCode(): Int {`
`51`	`51`	`val commitCount = getGitCommitCount()`
`52`	`52`	`val major = 2`
`53`		`- return major * 10000 + commitCount`
	`53`	`+ return major * 10000 + commitCount - 68`
`54`	`54`	`}`
`55`	`55`
`56`	`56`	`fun getVersionName(): String {`
`@@ -87,4 +87,4 @@ subprojects {`
`87`	`87`	`}`
`88`	`88`	`}`
`89`	`89`	`}`
`90`		`-}`
	`90`	`+}`