kernel: core_hook: automate and refactor umount

kernel/core_hook.c

@@ -503,34 +503,13 @@ static bool is_appuid(kuid_t uid)
 	return appid >= FIRST_APPLICATION_UID && appid <= LAST_APPLICATION_UID;
 }
 
-static bool should_umount(struct path *path)
-{
-	if (!path) {
-		return false;
-	}
-
-	if (current->nsproxy->mnt_ns == init_nsproxy.mnt_ns) {
-		pr_info("ignore global mnt namespace process: %d\n",
-			current_uid().val);
-		return false;
-	}
-
-	if (path->mnt && path->mnt->mnt_sb && path->mnt->mnt_sb->s_type) {
-		const char *fstype = path->mnt->mnt_sb->s_type->name;
-		return strcmp(fstype, "overlay") == 0;
-	}
-	return false;
-}
-
-static void ksu_umount_mnt(struct path *path, int flags)
-{
-	int err = path_umount(path, flags);
-	if (err) {
-		pr_info("umount %s failed: %d\n", path->dentry->d_iname, err);
-	}
-}
+struct mount_entry {
+    char *umountable;
+    struct list_head list;
+};
+LIST_HEAD(mount_list);
 
-static void try_umount(const char *mnt, bool check_mnt, int flags)
+static void try_umount(const char *mnt, int flags)
 {
 	struct path path;
 	int err = kern_path(mnt, 0, &path);
@@ -542,17 +521,18 @@ static void try_umount(const char *mnt, bool check_mnt, int flags)
 		// it is not root mountpoint, maybe umounted by others already.
 		return;
 	}
-
-	// we are only interest in some specific mounts
-	if (check_mnt && !should_umount(&path)) {
-		return;
-	}
-
-	ksu_umount_mnt(&path, flags);
+
+	int val = path_umount(&path, flags);
+	if (val)
+		pr_info("umount %s failed: %d\n", mnt, val);
+	else
+		pr_info("umount %s success: %d\n", mnt, val);
 }
 
 int ksu_handle_setuid(struct cred *new, const struct cred *old)
 {
+	struct mount_entry *entry, *tmp;
+
 	// this hook is used for umounting overlayfs for some uid, if there isn't any module mounted, just ignore it!
 	if (!ksu_module_mounted) {
 		return 0;
@@ -603,20 +583,45 @@ int ksu_handle_setuid(struct cred *new, const struct cred *old)
 		current->pid);
 #endif
 
-	// fixme: use `collect_mounts` and `iterate_mount` to iterate all mountpoint and
-	// filter the mountpoint whose target is `/data/adb`
-	try_umount("/system", true, 0);
-	try_umount("/vendor", true, 0);
-	try_umount("/product", true, 0);
-	try_umount("/system_ext", true, 0);
-	try_umount("/data/adb/modules", false, MNT_DETACH);
+	list_for_each_entry_safe(entry, tmp, &mount_list, list) {
+		try_umount(entry->umountable, MNT_DETACH);
+	}
+
+	try_umount("/data/adb/modules", MNT_DETACH);
 
 	// try umount ksu temp path
-	try_umount("/debug_ramdisk", false, MNT_DETACH);
+	try_umount("/debug_ramdisk", MNT_DETACH);
 
 	return 0;
 }
 
+int ksu_mount_monitor(const char *dev_name, const char *dirname, const char *type) 
+{
+
+	char *device_name_copy = kstrdup(dev_name, GFP_KERNEL);
+	char *fstype_copy = kstrdup(type, GFP_KERNEL);
+	struct mount_entry *new_entry;
+
+	if (!device_name_copy || !fstype_copy ) {
+		goto out;
+	}
+
+	// overlay, overlayfs, change pattern later
+	if ( strstr(fstype_copy, "overlay") && (strncmp(device_name_copy, "KSU", 3) == 0) ) {
+		new_entry = kmalloc(sizeof(*new_entry), GFP_KERNEL);
+		if (new_entry) {
+			new_entry->umountable = kstrdup(dirname, GFP_KERNEL);
+			list_add(&new_entry->list, &mount_list);
+			pr_info("security_sb_mount: devicename %s fstype: %s path: %s\n", device_name_copy, fstype_copy, new_entry->umountable);
+		}
+	}
+out:
+	kfree(device_name_copy);
+	kfree(fstype_copy);
+	return 0;
+}
+
+
 // Init functons
 
 static int handler_pre(struct kprobe *p, struct pt_regs *regs)
@@ -699,11 +704,24 @@ static int ksu_task_fix_setuid(struct cred *new, const struct cred *old,
 	return ksu_handle_setuid(new, old);
 }
 
+static int ksu_sb_mount(const char *dev_name, const struct path *path,
+                        const char *type, unsigned long flags, void *data)
+{
+	char buf[256];
+	char *dir_name = d_path(path, buf, sizeof(buf));
+
+	if (dir_name)
+		return ksu_mount_monitor(dev_name, dir_name, type);
+	else
+		return 0;
+}
+
 #ifndef MODULE
 static struct security_hook_list ksu_hooks[] = {
 	LSM_HOOK_INIT(task_prctl, ksu_task_prctl),
 	LSM_HOOK_INIT(inode_rename, ksu_inode_rename),
 	LSM_HOOK_INIT(task_fix_setuid, ksu_task_fix_setuid),
+	LSM_HOOK_INIT(sb_mount, ksu_sb_mount),
 };
 
 void __init ksu_lsm_hook_init(void)

userspace/ksud/src/mount.rs

@@ -63,18 +63,7 @@ pub fn mount_ext4(source: impl AsRef<Path>, target: impl AsRef<Path>) -> Result<
         .attach(source)
         .with_context(|| "Failed to attach loop")?;
     let lo = new_loopback.path().ok_or(anyhow!("no loop"))?;
-    let fs = fsopen("ext4", FsOpenFlags::FSOPEN_CLOEXEC)?;
-    let fs = fs.as_fd();
-    fsconfig_set_string(fs, "source", lo)?;
-    fsconfig_create(fs)?;
-    let mount = fsmount(fs, FsMountFlags::FSMOUNT_CLOEXEC, MountAttrFlags::empty())?;
-    move_mount(
-        mount.as_fd(),
-        "",
-        CWD,
-        target.as_ref(),
-        MoveMountFlags::MOVE_MOUNT_F_EMPTY_PATH,
-    )?;
+    mount(lo, target.as_ref(), "ext4", MountFlags::empty(), "")?;
     Ok(())
 }
 
@@ -114,58 +103,19 @@ pub fn mount_overlayfs(
         .filter(|wd| wd.exists())
         .map(|e| e.display().to_string());
 
-    let result = (|| {
-        let fs = fsopen("overlay", FsOpenFlags::FSOPEN_CLOEXEC)?;
-        let fs = fs.as_fd();
-        fsconfig_set_string(fs, "lowerdir", &lowerdir_config)?;
-        if let (Some(upperdir), Some(workdir)) = (&upperdir, &workdir) {
-            fsconfig_set_string(fs, "upperdir", upperdir)?;
-            fsconfig_set_string(fs, "workdir", workdir)?;
-        }
-        fsconfig_set_string(fs, "source", KSU_OVERLAY_SOURCE)?;
-        fsconfig_create(fs)?;
-        let mount = fsmount(fs, FsMountFlags::FSMOUNT_CLOEXEC, MountAttrFlags::empty())?;
-        move_mount(
-            mount.as_fd(),
-            "",
-            CWD,
-            dest.as_ref(),
-            MoveMountFlags::MOVE_MOUNT_F_EMPTY_PATH,
-        )
-    })();
-
-    if let Err(e) = result {
-        warn!("fsopen mount failed: {:#}, fallback to mount", e);
-        let mut data = format!("lowerdir={lowerdir_config}");
-        if let (Some(upperdir), Some(workdir)) = (upperdir, workdir) {
-            data = format!("{data},upperdir={upperdir},workdir={workdir}");
-        }
-        mount(
-            KSU_OVERLAY_SOURCE,
-            dest.as_ref(),
-            "overlay",
-            MountFlags::empty(),
-            data,
-        )?;
-    }
+    let mut data = format!("lowerdir={lowerdir_config}");
+    if let (Some(upperdir), Some(workdir)) = (upperdir, workdir) {
+       data = format!("{data},upperdir={upperdir},workdir={workdir}");
+     }
+    mount(KSU_OVERLAY_SOURCE, dest.as_ref(), "overlay", MountFlags::empty(), &data)?;
+
     Ok(())
 }
 
 #[cfg(any(target_os = "linux", target_os = "android"))]
 pub fn mount_tmpfs(dest: impl AsRef<Path>) -> Result<()> {
     info!("mount tmpfs on {}", dest.as_ref().display());
-    let fs = fsopen("tmpfs", FsOpenFlags::FSOPEN_CLOEXEC)?;
-    let fs = fs.as_fd();
-    fsconfig_set_string(fs, "source", KSU_OVERLAY_SOURCE)?;
-    fsconfig_create(fs)?;
-    let mount = fsmount(fs, FsMountFlags::FSMOUNT_CLOEXEC, MountAttrFlags::empty())?;
-    move_mount(
-        mount.as_fd(),
-        "",
-        CWD,
-        dest.as_ref(),
-        MoveMountFlags::MOVE_MOUNT_F_EMPTY_PATH,
-    )?;
+    mount(KSU_OVERLAY_SOURCE, dest.as_ref(), "tmpfs", MountFlags::empty(), "")?;
     Ok(())
 }
 
@@ -176,20 +126,7 @@ pub fn bind_mount(from: impl AsRef<Path>, to: impl AsRef<Path>) -> Result<()> {
         from.as_ref().display(),
         to.as_ref().display()
     );
-    let tree = open_tree(
-        CWD,
-        from.as_ref(),
-        OpenTreeFlags::OPEN_TREE_CLOEXEC
-            | OpenTreeFlags::OPEN_TREE_CLONE
-            | OpenTreeFlags::AT_RECURSIVE,
-    )?;
-    move_mount(
-        tree.as_fd(),
-        "",
-        CWD,
-        to.as_ref(),
-        MoveMountFlags::MOVE_MOUNT_F_EMPTY_PATH,
-    )?;
+    mount(from.as_ref(), to.as_ref(), "", MountFlags::BIND | MountFlags::REC, "")?;
     Ok(())
 }