fix.patch

diff -u a/kernel/sucompat.c b/kernel/sucompat.c
--- a/kernel/sucompat.c
+++ b/kernel/sucompat.c
@@ -21,271 +21,302 @@
 #define SH_PATH "/system/bin/sh"
 
 extern void ksu_escape_to_root();
 
 static void __user *userspace_stack_buffer(const void *d, size_t len)
 {
-	/* To avoid having to mmap a page in userspace, just write below the stack
-   * pointer. */
-	char __user *p = (void __user *)current_user_stack_pointer() - len;
+    /* To avoid having to mmap a page in userspace, just write below the stack
+     * pointer. */
+    char __user *p = (void __user *)current_user_stack_pointer() - len;
 
-	return copy_to_user(p, d, len) ? NULL : p;
+    return copy_to_user(p, d, len) ? NULL : p;
 }
 
 static char __user *sh_user_path(void)
 {
-	static const char sh_path[] = "/system/bin/sh";
+    static const char sh_path[] = "/system/bin/sh";
 
-	return userspace_stack_buffer(sh_path, sizeof(sh_path));
+    return userspace_stack_buffer(sh_path, sizeof(sh_path));
 }
 
 static char __user *ksud_user_path(void)
 {
-	static const char ksud_path[] = KSUD_PATH;
+    static const char ksud_path[] = KSUD_PATH;
 
-	return userspace_stack_buffer(ksud_path, sizeof(ksud_path));
+    return userspace_stack_buffer(ksud_path, sizeof(ksud_path));
 }
 
 int ksu_handle_faccessat(int *dfd, const char __user **filename_user, int *mode,
-			 int *__unused_flags)
+                         int *__unused_flags)
 {
-	const char su[] = SU_PATH;
+    const char su[] = SU_PATH;
 
-	if (!ksu_is_allow_uid(current_uid().val)) {
-		return 0;
-	}
+    if (!ksu_is_allow_uid(current_uid().val)) {
+        return 0;
+    }
 
-	char path[sizeof(su) + 1];
-	memset(path, 0, sizeof(path));
-	ksu_strncpy_from_user_nofault(path, *filename_user, sizeof(path));
+    char path[sizeof(su) + 1];
+    memset(path, 0, sizeof(path));
+    ksu_strncpy_from_user_nofault(path, *filename_user, sizeof(path));
 
-	if (unlikely(!memcmp(path, su, sizeof(su)))) {
-		pr_info("faccessat su->sh!\n");
-		*filename_user = sh_user_path();
-	}
+    if (unlikely(!memcmp(path, su, sizeof(su)))) {
+        pr_info("faccessat su->sh!\n");
+        *filename_user = sh_user_path();
+    }
 
-	return 0;
+    return 0;
 }
 
 #if LINUX_VERSION_CODE >= KERNEL_VERSION(6, 1, 0) && defined(CONFIG_KSU_SUSFS_SUS_SU)
 struct filename* susfs_ksu_handle_stat(int *dfd, const char __user **filename_user, int *flags) {
-	// const char sh[] = SH_PATH;
-	const char su[] = SU_PATH;
-	struct filename *name = getname_flags(*filename_user, getname_statx_lookup_flags(*flags), NULL);
+    // const char sh[] = SH_PATH;
+    const char su[] = SU_PATH;
+    struct filename *name = getname_flags(*filename_user, getname_statx_lookup_flags(*flags), NULL);
 
-	if (unlikely(IS_ERR(name) || name->name == NULL)) {
-		return name;
-	}
+    if (unlikely(IS_ERR(name) || name->name == NULL)) {
+        return name;
+    }
 
-	if (!ksu_is_allow_uid(current_uid().val)) {
-		return name;
-	}
+    if (!ksu_is_allow_uid(current_uid().val)) {
+        return name;
+    }
 
-	if (likely(memcmp(name->name, su, sizeof(su)))) {
-		return name;
-	}
+    if (likely(memcmp(name->name, su, sizeof(su)))) {
+        return name;
+    }
 
-	const char sh[] = SH_PATH;
-	pr_info("vfs_fstatat su->sh!\n");
-	memcpy((void *)name->name, sh, sizeof(sh));
-	return name;
+    const char sh[] = SH_PATH;
+    pr_info("vfs_fstatat su->sh!\n");
+    memcpy((void *)name->name, sh, sizeof(sh));
+    return name;
 }
 #endif
 
 int ksu_handle_stat(int *dfd, const char __user **filename_user, int *flags)
 {
-	// const char sh[] = SH_PATH;
-	const char su[] = SU_PATH;
+    // const char sh[] = SH_PATH;
+    const char su[] = SU_PATH;
 
-	if (!ksu_is_allow_uid(current_uid().val)) {
-		return 0;
-	}
+    if (!ksu_is_allow_uid(current_uid().val)) {
+        return 0;
+    }
 
-	if (unlikely(!filename_user)) {
-		return 0;
-	}
+    if (unlikely(!filename_user)) {
+        return 0;
+    }
 
-	char path[sizeof(su) + 1];
-	memset(path, 0, sizeof(path));
-// Remove this later!! we use syscall hook, so this will never happen!!!!!
+    char path[sizeof(su) + 1];
+    memset(path, 0, sizeof(path));
+    // Remove this later!! we use syscall hook, so this will never happen!!!!!
 #if LINUX_VERSION_CODE >= KERNEL_VERSION(5, 18, 0) && 0
-	// it becomes a `struct filename *` after 5.18
-	// https://elixir.bootlin.com/linux/v5.18/source/fs/stat.c#L216
-	const char sh[] = SH_PATH;
-	struct filename *filename = *((struct filename **)filename_user);
-	if (IS_ERR(filename)) {
-		return 0;
-	}
-	if (likely(memcmp(filename->name, su, sizeof(su))))
-		return 0;
-	pr_info("vfs_statx su->sh!\n");
-	memcpy((void *)filename->name, sh, sizeof(sh));
+    // it becomes a `struct filename *` after 5.18
+    // https://elixir.bootlin.com/linux/v5.18/source/fs/stat.c#L216
+    const char sh[] = SH_PATH;
+    struct filename *filename = *((struct filename **)filename_user);
+    if (IS_ERR(filename)) {
+        return 0;
+    }
+    if (likely(memcmp(filename->name, su, sizeof(su))))
+        return 0;
+    pr_info("vfs_statx su->sh!\n");
+    memcpy((void *)filename->name, sh, sizeof(sh));
 #else
-	ksu_strncpy_from_user_nofault(path, *filename_user, sizeof(path));
+    ksu_strncpy_from_user_nofault(path, *filename_user, sizeof(path));
 
-	if (unlikely(!memcmp(path, su, sizeof(su)))) {
-		pr_info("newfstatat su->sh!\n");
-		*filename_user = sh_user_path();
-	}
+    if (unlikely(!memcmp(path, su, sizeof(su)))) {
+        pr_info("newfstatat su->sh!\n");
+        *filename_user = sh_user_path();
+    }
 #endif
 
-	return 0;
+    return 0;
 }
 
 // the call from execve_handler_pre won't provided correct value for __never_use_argument, use them after fix execve_handler_pre, keeping them for consistence for manually patched code
 int ksu_handle_execveat_sucompat(int *fd, struct filename **filename_ptr,
-				 void *__never_use_argv, void *__never_use_envp,
-				 int *__never_use_flags)
+                                 void *__never_use_argv, void *__never_use_envp,
+                                 int *__never_use_flags)
 {
-	struct filename *filename;
-	const char sh[] = KSUD_PATH;
-	const char su[] = SU_PATH;
+    struct filename *filename;
+    const char sh[] = KSUD_PATH;
+    const char su[] = SU_PATH;
 
-	if (unlikely(!filename_ptr))
-		return 0;
+    if (unlikely(!filename_ptr))
+        return 0;
 
-	filename = *filename_ptr;
-	if (IS_ERR(filename)) {
-		return 0;
-	}
+    filename = *filename_ptr;
+    if (IS_ERR(filename)) {
+        return 0;
+    }
 
-	if (likely(memcmp(filename->name, su, sizeof(su))))
-		return 0;
+    if (likely(memcmp(filename->name, su, sizeof(su))))
+        return 0;
 
-	if (!ksu_is_allow_uid(current_uid().val))
-		return 0;
+    if (!ksu_is_allow_uid(current_uid().val))
+        return 0;
 
-	pr_info("do_execveat_common su found\n");
-	memcpy((void *)filename->name, sh, sizeof(sh));
+    pr_info("do_execveat_common su found\n");
+    memcpy((void *)filename->name, sh, sizeof(sh));
 
-	ksu_escape_to_root();
+    ksu_escape_to_root();
 
-	return 0;
+    return 0;
 }
 
 int ksu_handle_execve_sucompat(int *fd, const char __user **filename_user,
-			       void *__never_use_argv, void *__never_use_envp,
-			       int *__never_use_flags)
+                               void *__never_use_argv, void *__never_use_envp,
+                               int *__never_use_flags)
 {
-	const char su[] = SU_PATH;
-	char path[sizeof(su) + 1];
+    const char su[] = SU_PATH;
+    char path[sizeof(su) + 1];
 
-	if (unlikely(!filename_user))
-		return 0;
+    if (unlikely(!filename_user))
+        return 0;
 
-	memset(path, 0, sizeof(path));
-	ksu_strncpy_from_user_nofault(path, *filename_user, sizeof(path));
+    memset(path, 0, sizeof(path));
+    ksu_strncpy_from_user_nofault(path, *filename_user, sizeof(path));
 
-	if (likely(memcmp(path, su, sizeof(su))))
-		return 0;
+    if (likely(memcmp(path, su, sizeof(su))))
+        return 0;
 
-	if (!ksu_is_allow_uid(current_uid().val))
-		return 0;
+    if (!ksu_is_allow_uid(current_uid().val))
+        return 0;
 
-	pr_info("sys_execve su found\n");
-	*filename_user = ksud_user_path();
+    pr_info("sys_execve su found\n");
+    *filename_user = ksud_user_path();
 
-	ksu_escape_to_root();
+    ksu_escape_to_root();
 
-	return 0;
+    return 0;
 }
 
+int ksu_handle_devpts(struct inode *inode)
+{
+    if (!current->mm) {
+        return 0;
+    }
 
+    uid_t uid = current_uid().val;
+    if (uid % 100000 < 10000) {
+        // not untrusted_app, ignore it
+        return 0;
+    }
+
+    if (!ksu_is_allow_uid(uid))
+        return 0;
+
+    if (ksu_devpts_sid) {
+        struct inode_security_struct *sec = selinux_inode(inode);
+        if (sec) {
+            sec->sid = ksu_devpts_sid;
+        }
+    }
+
+    return 0;
+}
+
+#ifdef CONFIG_KPROBES
 static int faccessat_handler_pre(struct kprobe *p, struct pt_regs *regs)
 {
-	struct pt_regs *real_regs = PT_REAL_REGS(regs);
-	int *dfd = (int *)&PT_REGS_PARM1(real_regs);
-	const char __user **filename_user =
-		(const char **)&PT_REGS_PARM2(real_regs);
-	int *mode = (int *)&PT_REGS_PARM3(real_regs);
+    struct pt_regs *real_regs = PT_REAL_REGS(regs);
+    int *dfd = (int *)&PT_REGS_PARM1(real_regs);
+    const char __user **filename_user =
+        (const char **)&PT_REGS_PARM2(real_regs);
+    int *mode = (int *)&PT_REGS_PARM3(real_regs);
 
-	return ksu_handle_faccessat(dfd, filename_user, mode, NULL);
+    return ksu_handle_faccessat(dfd, filename_user, mode, NULL);
 }
 
 static int newfstatat_handler_pre(struct kprobe *p, struct pt_regs *regs)
 {
-	struct pt_regs *real_regs = PT_REAL_REGS(regs);
-	int *dfd = (int *)&PT_REGS_PARM1(real_regs);
-	const char __user **filename_user =
-		(const char **)&PT_REGS_PARM2(real_regs);
-	int *flags = (int *)&PT_REGS_SYSCALL_PARM4(real_regs);
+    struct pt_regs *real_regs = PT_REAL_REGS(regs);
+    int *dfd = (int *)&PT_REGS_PARM1(real_regs);
+    const char __user **filename_user =
+        (const char **)&PT_REGS_PARM2(real_regs);
+    int *flags = (int *)&PT_REGS_SYSCALL_PARM4(real_regs);
 
-	return ksu_handle_stat(dfd, filename_user, flags);
+    return ksu_handle_stat(dfd, filename_user, flags);
 }
 
 static int execve_handler_pre(struct kprobe *p, struct pt_regs *regs)
 {
-	struct pt_regs *real_regs = PT_REAL_REGS(regs);
-	const char __user **filename_user =
-		(const char **)&PT_REGS_PARM1(real_regs);
+    struct pt_regs *real_regs = PT_REAL_REGS(regs);
+    const char __user **filename_user =
+        (const char **)&PT_REGS_PARM1(real_regs);
 
-	return ksu_handle_execve_sucompat(AT_FDCWD, filename_user, NULL, NULL,
-					  NULL);
+    return ksu_handle_execve_sucompat(AT_FDCWD, filename_user, NULL, NULL,
+                                      NULL);
 }
 
-static struct kprobe *init_kprobe(const char *name,
-				  kprobe_pre_handler_t handler)
+
+static int pts_unix98_lookup_pre(struct kprobe *p, struct pt_regs *regs)
 {
-	struct kprobe *kp = kzalloc(sizeof(struct kprobe), GFP_KERNEL);
-	if (!kp)
-		return NULL;
-	kp->symbol_name = name;
-	kp->pre_handler = handler;
-
-	int ret = register_kprobe(kp);
-	pr_info("sucompat: register_%s kprobe: %d\n", name, ret);
-	if (ret) {
-		kfree(kp);
-		return NULL;
-	}
+    return 0;
+}
 
-	return kp;
-}
+static struct kprobe newfstatat_kp = {
+    .symbol_name = "newfstatat",
+    .pre_handler = newfstatat_handler_pre,
+};
 
-static void destroy_kprobe(struct kprobe **kp_ptr)
-{
-	struct kprobe *kp = *kp_ptr;
-	if (!kp)
-		return;
-	unregister_kprobe(kp);
-	synchronize_rcu();
-	kfree(kp);
-	*kp_ptr = NULL;
-}
+static struct kprobe faccessat_kp = {
+    .symbol_name = "faccessat",
+    .pre_handler = faccessat_handler_pre,
+};
+
+static struct kprobe execve_kp = {
+    .symbol_name = SYS_EXECVE_SYMBOL,
+    .pre_handler = execve_handler_pre,
+};
 
-static struct kprobe *su_kps[3];
+static struct kprobe pts_unix98_lookup_kp = {
+    .symbol_name = "pts_unix98_lookup",
+    .pre_handler = pts_unix98_lookup_pre,
+};
 
-// sucompat: permited process can execute 'su' to gain root access.
 void ksu_sucompat_init()
 {
-	su_kps[0] = init_kprobe(SYS_EXECVE_SYMBOL, execve_handler_pre);
-	su_kps[1] = init_kprobe(SYS_FACCESSAT_SYMBOL, faccessat_handler_pre);
-	su_kps[2] = init_kprobe(SYS_NEWFSTATAT_SYMBOL, newfstatat_handler_pre);
+    int ret;
+
+    ret = register_kprobe(&execve_kp);
+    pr_info("sucompat: execve_kp: %d\n", ret);
+
+    ret = register_kprobe(&newfstatat_kp);
+    pr_info("sucompat: newfstatat_kp: %d\n", ret);
+
+    ret = register_kprobe(&faccessat_kp);
+    pr_info("sucompat: faccessat_kp: %d\n", ret);
+
+    ret = register_kprobe(&pts_unix98_lookup_kp);
+    pr_info("sucompat: devpts_kp: %d\n", ret);
 }
 
 void ksu_sucompat_exit()
 {
-	for (int i = 0; i < ARRAY_SIZE(su_kps); i++) {
-		destroy_kprobe(&su_kps[i]);
-	}
+    unregister_kprobe(&execve_kp);
+    unregister_kprobe(&newfstatat_kp);
+    unregister_kprobe(&faccessat_kp);
+    unregister_kprobe(&pts_unix98_lookup_kp);
 }
 
 #ifdef CONFIG_KSU_SUSFS_SUS_SU
 extern bool ksu_devpts_hook;
 
-void ksu_susfs_disable_sus_su(void) {
-	enable_kprobe(&execve_kp);
-	enable_kprobe(&newfstatat_kp);
-	enable_kprobe(&faccessat_kp);
-	enable_kprobe(&pts_unix98_lookup_kp);
-	ksu_devpts_hook = false;
+void ksu_susfs_disable_sus_su(void)
+{
+    enable_kprobe(&execve_kp);
+    enable_kprobe(&newfstatat_kp);
+    enable_kprobe(&faccessat_kp);
+    enable_kprobe(&pts_unix98_lookup_kp);
+    ksu_devpts_hook = false;
 }
 
-void ksu_susfs_enable_sus_su(void) {
-	disable_kprobe(&execve_kp);
-	disable_kprobe(&newfstatat_kp);
-	disable_kprobe(&faccessat_kp);
-	disable_kprobe(&pts_unix98_lookup_kp);
-	ksu_devpts_hook = true;
+void ksu_susfs_enable_sus_su(void)
+{
+    disable_kprobe(&execve_kp);
+    disable_kprobe(&newfstatat_kp);
+    disable_kprobe(&faccessat_kp);
+    disable_kprobe(&pts_unix98_lookup_kp);
+    ksu_devpts_hook = true;
 }
-#endif // #ifdef CONFIG_KSU_SUSFS_SUS_SU
-
+#endif // CONFIG_KSU_SUSFS_SUS_SU
+#endif // CONFIG_KPROBES

diff -u a/kernel/ksud.c b/kernel/ksud.c
--- a/kernel/ksud.c
+++ b/kernel/ksud.c
@@ -524,12 +524,16 @@
 }
 
 static void stop_execve_hook()
 {
 	bool ret = schedule_work(&stop_execve_hook_work);
 	pr_info("unregister execve kprobe: %d!\n", ret);
+#ifdef CONFIG_KSU_SUSFS_SUS_SU
+	susfs_is_sus_su_ready = true;
+	pr_info("susfs: sus_su is ready\n");
+#endif
 }
 
 static void stop_input_hook()
 {
 	static bool input_hook_stopped = false;
 	if (input_hook_stopped) {

diff -u a/kernel/core_hook.c b/kernel/core_hook.c
--- a/kernel/core_hook.c
+++ b/kernel/core_hook.c
@@ -46,23 +46,91 @@
 #include "manager.h"
 #include "selinux/selinux.h"
 #include "throne_tracker.h"
 #include "throne_tracker.h"
 #include "kernel_compat.h"
 
+#ifdef CONFIG_KSU_SUSFS
+bool susfs_is_allow_su(void)
+{
+	if (ksu_is_manager()) {
+		// we are manager, allow!
+		return true;
+	}
+	return ksu_is_allow_uid(current_uid().val);
+}
+
+extern u32 susfs_zygote_sid;
+extern bool susfs_is_mnt_devname_ksu(struct path *path);
+#ifdef CONFIG_KSU_SUSFS_ENABLE_LOG
+extern bool susfs_is_log_enabled __read_mostly;
+#endif
+#ifdef CONFIG_KSU_SUSFS_TRY_UMOUNT
+extern void susfs_run_try_umount_for_current_mnt_ns(void);
+#endif // #ifdef CONFIG_KSU_SUSFS_TRY_UMOUNT
+#ifdef CONFIG_KSU_SUSFS_SUS_MOUNT
+static bool susfs_is_umount_for_zygote_system_process_enabled = false;
+#endif // #ifdef CONFIG_KSU_SUSFS_SUS_MOUNT
+#ifdef CONFIG_KSU_SUSFS_AUTO_ADD_SUS_BIND_MOUNT
+extern bool susfs_is_auto_add_sus_bind_mount_enabled;
+#endif // #ifdef CONFIG_KSU_SUSFS_AUTO_ADD_SUS_BIND_MOUNT
+#ifdef CONFIG_KSU_SUSFS_AUTO_ADD_SUS_KSU_DEFAULT_MOUNT
+extern bool susfs_is_auto_add_sus_ksu_default_mount_enabled;
+#endif // #ifdef CONFIG_KSU_SUSFS_AUTO_ADD_SUS_KSU_DEFAULT_MOUNT
+#ifdef CONFIG_KSU_SUSFS_AUTO_ADD_TRY_UMOUNT_FOR_BIND_MOUNT
+extern bool susfs_is_auto_add_try_umount_for_bind_mount_enabled;
+#endif // #ifdef CONFIG_KSU_SUSFS_AUTO_ADD_TRY_UMOUNT_FOR_BIND_MOUNT
+
+static inline void susfs_on_post_fs_data(void) {
+	struct path path;
+#ifdef CONFIG_KSU_SUSFS_SUS_MOUNT
+	if (!kern_path(DATA_ADB_UMOUNT_FOR_ZYGOTE_SYSTEM_PROCESS, 0, &path)) {
+		susfs_is_umount_for_zygote_system_process_enabled = true;
+		path_put(&path);
+	}
+	pr_info("susfs_is_umount_for_zygote_system_process_enabled: %d\n", susfs_is_umount_for_zygote_system_process_enabled);
+#endif // #ifdef CONFIG_KSU_SUSFS_SUS_MOUNT
+#ifdef CONFIG_KSU_SUSFS_AUTO_ADD_SUS_BIND_MOUNT
+	if (!kern_path(DATA_ADB_NO_AUTO_ADD_SUS_BIND_MOUNT, 0, &path)) {
+		susfs_is_auto_add_sus_bind_mount_enabled = false;
+		path_put(&path);
+	}
+	pr_info("susfs_is_auto_add_sus_bind_mount_enabled: %d\n", susfs_is_auto_add_sus_bind_mount_enabled);
+#endif // #ifdef CONFIG_KSU_SUSFS_AUTO_ADD_SUS_BIND_MOUNT
+#ifdef CONFIG_KSU_SUSFS_AUTO_ADD_SUS_KSU_DEFAULT_MOUNT
+	if (!kern_path(DATA_ADB_NO_AUTO_ADD_SUS_KSU_DEFAULT_MOUNT, 0, &path)) {
+		susfs_is_auto_add_sus_ksu_default_mount_enabled = false;
+		path_put(&path);
+	}
+	pr_info("susfs_is_auto_add_sus_ksu_default_mount_enabled: %d\n", susfs_is_auto_add_sus_ksu_default_mount_enabled);
+#endif // #ifdef CONFIG_KSU_SUSFS_AUTO_ADD_SUS_KSU_DEFAULT_MOUNT
+#ifdef CONFIG_KSU_SUSFS_AUTO_ADD_TRY_UMOUNT_FOR_BIND_MOUNT
+	if (!kern_path(DATA_ADB_NO_AUTO_ADD_TRY_UMOUNT_FOR_BIND_MOUNT, 0, &path)) {
+		susfs_is_auto_add_try_umount_for_bind_mount_enabled = false;
+		path_put(&path);
+	}
+	pr_info("susfs_is_auto_add_try_umount_for_bind_mount_enabled: %d\n", susfs_is_auto_add_try_umount_for_bind_mount_enabled);
+#endif // #ifdef CONFIG_KSU_SUSFS_AUTO_ADD_TRY_UMOUNT_FOR_BIND_MOUNT
+}
+#endif // #ifdef CONFIG_KSU_SUSFS
+
+#ifdef CONFIG_KSU_SUSFS_SUS_SU
+extern bool susfs_is_sus_su_ready;
+#endif // #ifdef CONFIG_KSU_SUSFS_SUS_SU
+
 static bool ksu_module_mounted = false;
 
-extern int handle_sepolicy(unsigned long arg3, void __user *arg4);
+extern int ksu_handle_sepolicy(unsigned long arg3, void __user *arg4);
 
 static bool ksu_su_compat_enabled = true;
 extern void ksu_sucompat_init();
 extern void ksu_sucompat_exit();
 
 static inline bool is_allow_su()
 {
-	if (is_manager()) {
+	if (ksu_is_manager()) {
 		// we are manager, allow!
 		return true;
 	}
 	return ksu_is_allow_uid(current_uid().val);
 }