Light

lsposed / wsa-kernel-su Goto Github PK

View Code? Open in Web Editor NEW

212.0 10.0 84.0 218.44 MB

A kernel module to provide /system/xbin/su to Android Kernel (especially to WSA)

Makefile 3.12% C 96.88%

wsa-kernel-su's Introduction

WSA-Kernel-SU

Intro

This is a kernel module to provide /system/xbin/su to Android Kernel (especially to WSA). This is the best root solution if hiding is required. When GKI is ready, kernelsu is definitely the next generation of root.

Only works on 4.17+ kernel (both WSA and GKI is 5.0+). For older kernel, you can refer to the origin repo.

How it works

Replace syscall newfstatat, faccessat and execve on /system/xbin/su to /system/bin/sh
When execve on /system/xbin/su, change SELinux to permissive, set all kinds of uids and gids to 0 and permit all capabilities
Set SELinux context su to permissive
Set the selinux context of the current process to u:r:su:s0

License

GPLv2

Credits

Jason A. Donenfeld for the original implementation

wsa-kernel-su's People

Contributors

Stargazers

Watchers

Forkers

crackercat ckandroidproject cosmoslx nekkidso 0nahid liwei-bst robika420 micfogas killvxk wuwu57575 avaneesh438 ebjw chrsjbmrqz timonil samsquanch01 romjacket demongit01 gregg1117 mkmkbk illest1xx69 sasabrahim rebeldesigns-net scott20022 marufhossainkabir pagkly anonto220000 supercuglong hk-yxm nanaseee joniv26 wenbook123 pipoyenk msgpo dbmmf gamevtd salmannazim0 erickong0505 amirkh77 osman02 goudakamal1 haha647 chadg858 zehanfahri24 lyes113 giova-fonseca mdzzjb mukhtiyar123 caledajoana aoshan0313 michalbilekcz andersongsouza adamg1010 kanghai1108dd ferraritm mokomoko00 kernel-hacker billwelcome dasarivenkanna mhamdy2012 xyxdaily atrimo kings-en zhanweiw srdptsclue mohamedhassaninghg fatiop honeyflyfish justincase010 shuixi2013 nelvalderramaf st-rnd donvito007 ghvip100 franciiscodev joe-tang 123ljxcw assestinar chofi1 furpatch xiaotujinbnb mianliupindao huaji2333dada

wsa-kernel-su's Issues

JavaBinder: !!! FAILED BINDER TRANSACTION !!!

The hidden API is called through reflection. The original code is complex and simplified to:
new android.app.UiAutomation(new HandlerThread("name").getLooper(), new UiAutomationConnection()).connect();

adb shell "app_process64 ...'" works fine
adb shell "su -c 'app_process64 ...'" working abnormally

Logcat:
2022-08-29 12:46:56.917 212-212/? E/JavaBinder: !!! FAILED BINDER TRANSACTION !!! (parcel size = 192)

--------- beginning of system

2022-08-29 12:46:56.917 212-212/? W/UiAutomationManager: Error initialized connection
android.os.DeadObjectException: Transaction failed on small parcel; remote process probably died
at android.os.BinderProxy.transactNative(Native Method)
at android.os.BinderProxy.transact(BinderProxy.java:571)
at android.accessibilityservice.IAccessibilityServiceClient$Stub$Proxy.init(IAccessibilityServiceClient.java:347)
at com.android.server.accessibility.UiAutomationManager$UiAutomationService.lambda$connectServiceUnknownThread$0$UiAutomationManager$UiAutomationService(UiAutomationManager.java:281)
at com.android.server.accessibility.UiAutomationManager$UiAutomationService$$ExternalSyntheticLambda0.run(Unknown Source:2)
at android.os.Handler.handleCallback(Handler.java:938)
at android.os.Handler.dispatchMessage(Handler.java:99)
at android.os.Looper.loopOnce(Looper.java:201)
at android.os.Looper.loop(Looper.java:288)
at com.android.server.SystemServer.run(SystemServer.java:904)
at com.android.server.SystemServer.main(SystemServer.java:611)
at java.lang.reflect.Method.invoke(Native Method)
at com.android.internal.os.RuntimeInit$MethodAndArgsCaller.run(RuntimeInit.java:548)
at com.android.internal.os.ZygoteInit.main(ZygoteInit.java:981)
2022-08-29 12:46:56.918 212-212/? E/JavaBinder: !!! FAILED BINDER TRANSACTION !!! (parcel size = 192)
2022-08-29 12:47:01.943 4428-4445/? E/app: Java.Lang.RuntimeException: java.util.concurrent.TimeoutException: Timeout while connecting UiAutomation@22bf0d4[id=-1, flags=0]
---> Java.Util.Concurrent.TimeoutException: Timeout while connecting UiAutomation@22bf0d4[id=-1, flags=0]

  --- End of managed Java.Util.Concurrent.TimeoutException stack trace ---
java.util.concurrent.TimeoutException: Timeout while connecting UiAutomation@22bf0d4[id=-1, flags=0]
    at android.app.UiAutomation.connectWithTimeout(UiAutomation.java:346)
    at android.app.UiAutomation.connect(UiAutomation.java:276)

  --- End of managed Java.Util.Concurrent.TimeoutException stack trace ---
java.util.concurrent.TimeoutException: Timeout while connecting UiAutomation@22bf0d4[id=-1, flags=0]
    at android.app.UiAutomation.connectWithTimeout(UiAutomation.java:346)
    at android.app.UiAutomation.connect(UiAutomation.java:276)

dmesg:
[ 4206.368888] audit: type=1400 audit(1661665816.648:152): avc: denied { getattr } for pid=1874 comm="sh" path="/system/bin/app_process64" dev="pmem0" ino=163 scontext=u:r:su:s0 tcontext=u:object_r:zygote_exec:s0 tclass=file permissive=1
[ 4206.372815] audit: type=1400 audit(1661665816.648:153): avc: denied { execute } for pid=1874 comm="sh" name="app_process64" dev="pmem0" ino=163 scontext=u:r:su:s0 tcontext=u:object_r:zygote_exec:s0 tclass=file permissive=1
[ 4206.375633] audit: type=1400 audit(1661665816.648:154): avc: denied { read open } for pid=1930 comm="sh" path="/system/bin/app_process64" dev="pmem0" ino=163 scontext=u:r:su:s0 tcontext=u:object_r:zygote_exec:s0 tclass=file permissive=1
[ 4206.377713] audit: type=1400 audit(1661665816.648:155): avc: denied { execute_no_trans } for pid=1930 comm="sh" path="/system/bin/app_process64" dev="pmem0" ino=163 scontext=u:r:su:s0 tcontext=u:object_r:zygote_exec:s0 tclass=file permissive=1
[ 4206.379807] audit: type=1400 audit(1661665816.648:156): avc: denied { map } for pid=1930 comm="app_process64" path="/system/bin/app_process64" dev="pmem0" ino=163 scontext=u:r:su:s0 tcontext=u:object_r:zygote_exec:s0 tclass=file permissive=1
[ 4206.410895] audit: type=1400 audit(1661665816.688:157): avc: denied { read } for pid=1930 comm="app_process64" name="u:object_r:dalvik_runtime_prop:s0" dev="tmpfs" ino=85 scontext=u:r:su:s0 tcontext=u:object_r:dalvik_runtime_prop:s0 tclass=file permissive=1
[ 4206.416126] audit: type=1400 audit(1661665816.688:158): avc: denied { open } for pid=1930 comm="app_process64" path="/dev/properties/u:object_r:dalvik_runtime_prop:s0" dev="tmpfs" ino=85 scontext=u:r:su:s0 tcontext=u:object_r:dalvik_runtime_prop:s0 tclass=file permissive=1
[ 4206.419072] audit: type=1400 audit(1661665816.688:159): avc: denied { getattr } for pid=1930 comm="app_process64" path="/dev/properties/u:object_r:dalvik_runtime_prop:s0" dev="tmpfs" ino=85 scontext=u:r:su:s0 tcontext=u:object_r:dalvik_runtime_prop:s0 tclass=file permissive=1
[ 4206.421936] audit: type=1400 audit(1661665816.688:160): avc: denied { map } for pid=1930 comm="app_process64" path="/dev/properties/u:object_r:dalvik_runtime_prop:s0" dev="tmpfs" ino=85 scontext=u:r:su:s0 tcontext=u:object_r:dalvik_runtime_prop:s0 tclass=file permissive=1
[ 4206.425576] audit: type=1400 audit(1661665816.688:161): avc: denied { read } for pid=1930 comm="app_process64" name="u:object_r:dalvik_config_prop:s0" dev="tmpfs" ino=83 scontext=u:r:su:s0 tcontext=u:object_r:dalvik_config_prop:s0 tclass=file permissive=1
[ 4206.740184] binder: 598:598 transaction failed 29201/-1, size 192-16 line 2746
[ 4206.740820] binder: 598:598 transaction failed 29201/-1, size 192-0 line 2746

After setenforce 0, it can work normally

WSA：2206.40000.15.0_x64
Kernel: Linux version 5.10.110-windows-subsystem-for-android-20220617 (Ubuntu clang version 10.0.1-++20211003084855+ef32c611aa21-1~~exp1~~20211003085243.2, LLD 10.0.1)

[Request] Guide on how to build the kernel locally?

Hi I am curious as to how you build this kernel from normal WSA kernel?
Is there any guide that I can follow?

Thank you for your work.

并入wsa kernel驱动内后编译出x86的kernel替换到wsa无法启动

Recommend Projects

React

A declarative, efficient, and flexible JavaScript library for building user interfaces.
Vue.js

🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
Typescript

TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
TensorFlow

An Open Source Machine Learning Framework for Everyone
Django

The Web framework for perfectionists with deadlines.
Laravel

A PHP framework for web artisans
D3

Bring data to life with SVG, Canvas and HTML. 📊📈🎉

Recommend Topics

javascript

JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
web

Some thing interesting about web. New door for the world.
server

A server is a program made to process requests and deliver data to clients.
Machine learning

Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Visualization

Some thing interesting about visualization, use data art
Game

Some thing interesting about game, make everyone happy.

Recommend Org

Facebook

We are working to build community through open source technology. NB: members must have two-factor auth.
Microsoft

Open source projects and samples from Microsoft.
Google

Google ❤️ Open Source for everyone.
Alibaba

Alibaba Open Source for everyone
D3

Data-Driven Documents codes.
Tencent

China tencent open source team.