Merge branch 'main' of https://github.com/tiann/KernelSU into HEAD

* 'main' of https://github.com/tiann/KernelSU:
  use ubuntu-22.04 to build avd kernel (tiann#2396)
  kernel: clear securebits (tiann#2387)
  Clean up umount targets (tiann#2386)
  Update busybox (tiann#2383)
  manager: Disable interactions for uninstalled & disabled module (tiann#2380)
  ksud: Fix warning unused import (tiann#2382)
  Avoid unnecessarily overriding capabilities (tiann#2381)
  build(deps): bump the npm group across 1 directory with 45 updates (tiann#2372)
  build(deps): bump the maven group across 1 directory with 11 updates (tiann#2361)
  [add device]: (tiann#2351)
  [add device]: (tiann#2356)
  Translations update from Hosted Weblate (tiann#2341)
  Add m23xq device kernel (tiann#2346)
  Update clippy.yml
  ksud: fix copy sparse file (tiann#2374)
  Don't unshare after entering global namespace (tiann#2373)

.github/workflows/avd-kernel.yml

@@ -37,7 +37,7 @@ on:
 jobs:
   build:
     name: Build ${{ inputs.version_name }}
-    runs-on: ubuntu-latest
+    runs-on: ubuntu-22.04
     steps:
       - name: Maximize build space
         uses: easimon/maximize-build-space@master

.github/workflows/clippy.yml

@@ -22,7 +22,7 @@ jobs:
     runs-on: ubuntu-latest
     steps:
       - uses: actions/checkout@v4
-      - run: rustup update --force-non-host stable-x86_64-unknown-linux-gnu
+      - run: rustup update stable
       - uses: Swatinem/rust-cache@v2
         with:
           workspaces: userspace/ksud

kernel/allowlist.c

@@ -1,3 +1,4 @@
+#include <linux/capability.h>
 #include <linux/compiler.h>
 #include <linux/fs.h>
 #include <linux/gfp.h>
@@ -64,12 +65,14 @@ static void remove_uid_from_arr(uid_t uid)
 
 static void init_default_profiles()
 {
+	kernel_cap_t full_cap = CAP_FULL_SET;
+
 	default_root_profile.uid = 0;
 	default_root_profile.gid = 0;
 	default_root_profile.groups_count = 1;
 	default_root_profile.groups[0] = 0;
-	memset(&default_root_profile.capabilities, 0xff,
-	       sizeof(default_root_profile.capabilities));
+	memcpy(&default_root_profile.capabilities.effective, &full_cap,
+		sizeof(default_root_profile.capabilities.effective));
 	default_root_profile.namespaces = 0;
 	strcpy(default_root_profile.selinux_domain, KSU_DEFAULT_SELINUX_DOMAIN);
 

kernel/core_hook.c

@@ -131,6 +131,7 @@ void escape_to_root(void)
 	cred->fsgid.val = profile->gid;
 	cred->sgid.val = profile->gid;
 	cred->egid.val = profile->gid;
+	cred->securebits = 0;
 
 	BUILD_BUG_ON(sizeof(profile->capabilities.effective) !=
 		     sizeof(kernel_cap_t));
@@ -142,14 +143,10 @@ void escape_to_root(void)
 		profile->capabilities.effective | CAP_DAC_READ_SEARCH;
 	memcpy(&cred->cap_effective, &cap_for_ksud,
 	       sizeof(cred->cap_effective));
-	memcpy(&cred->cap_inheritable, &profile->capabilities.effective,
-	       sizeof(cred->cap_inheritable));
 	memcpy(&cred->cap_permitted, &profile->capabilities.effective,
 	       sizeof(cred->cap_permitted));
 	memcpy(&cred->cap_bset, &profile->capabilities.effective,
 	       sizeof(cred->cap_bset));
-	memcpy(&cred->cap_ambient, &profile->capabilities.effective,
-	       sizeof(cred->cap_ambient));
 
 	// disable seccomp
 #if defined(CONFIG_GENERIC_ENTRY) &&                                           \
@@ -541,11 +538,11 @@ int ksu_handle_setuid(struct cred *new, const struct cred *old)
 	try_umount("/system", true, 0);
 	try_umount("/vendor", true, 0);
 	try_umount("/product", true, 0);
+	try_umount("/system_ext", true, 0);
 	try_umount("/data/adb/modules", false, MNT_DETACH);
 
 	// try umount ksu temp path
 	try_umount("/debug_ramdisk", false, MNT_DETACH);
-	try_umount("/sbin", false, MNT_DETACH);
 
 	return 0;
 }

manager/app/src/main/java/me/weishu/kernelsu/ui/screen/Module.kt

@@ -548,6 +548,7 @@ fun ModuleItem(
                     if (module.hasWebUi) {
                         toggleable(
                             value = module.enabled,
+                            enabled = !module.remove && module.enabled,
                             interactionSource = interactionSource,
                             role = Role.Button,
                             indication = indication,
@@ -637,6 +638,7 @@ fun ModuleItem(
                 if (module.hasActionScript) {
                     FilledTonalButton(
                         modifier = Modifier.defaultMinSize(52.dp, 32.dp),
+                        enabled = !module.remove && module.enabled,
                         onClick = {
                             navigator.navigate(ExecuteModuleActionScreenDestination(module.id))
                             viewModel.markNeedRefresh()
@@ -664,6 +666,7 @@ fun ModuleItem(
                 if (module.hasWebUi) {
                     FilledTonalButton(
                         modifier = Modifier.defaultMinSize(52.dp, 32.dp),
+                        enabled = !module.remove && module.enabled,
                         onClick = { onClick(module) },
                         interactionSource = interactionSource,
                         contentPadding = ButtonDefaults.TextButtonContentPadding
@@ -689,6 +692,7 @@ fun ModuleItem(
                 if (updateUrl.isNotEmpty()) {
                     Button(
                         modifier = Modifier.defaultMinSize(52.dp, 32.dp),
+                        enabled = !module.remove,
                         onClick = { onUpdate(module) },
                         shape = ButtonDefaults.textShape,
                         contentPadding = ButtonDefaults.TextButtonContentPadding

manager/app/src/main/res/values-ar/strings.xml

@@ -133,4 +133,6 @@
     <string name="save_log">حفظ السجلات</string>
     <string name="action">إجراء</string>
     <string name="log_saved">السجلات محفوظة</string>
+    <string name="module_sort_enabled_first">فرز (الممكن أولاً)</string>
+    <string name="module_sort_action_first">فرز (الإجراء أولاً)</string>
 </resources>

manager/app/src/main/res/values-fr/strings.xml

@@ -67,7 +67,7 @@
     <string name="failed_to_update_app_profile">Échec de la modification du profil d\'application de %s</string>
     <string name="profile_umount_modules_summary">L\'activation de cette option permettra à KernelSU de restaurer tous les fichiers modifiés par les modules pour cette application.</string>
     <string name="settings_umount_modules_default">Démonter les modules par défaut</string>
-    <string name="settings_umount_modules_default_summary">Valeur globale par défaut pour l\'option « Démonter les modules » dans les profils d\'application. Lorsqu\'elle est activée, les modifications apportées au système par les modules seront supprimées pour les applications qui n\'ont pas de profil défini.</string>
+    <string name="settings_umount_modules_default_summary">Valeur globale par défaut pour l\'option « Démonter les modules » dans les profils d\'application. Lorsqu\'elle est activée, les modifications apportées au système par les modules seront supprimées pour les applications qui n\'ont pas de profil défini.</string>
     <string name="profile_selinux_domain">Domaine</string>
     <string name="profile_selinux_rules">Règles</string>
     <string name="module_update">Mettre à jour</string>
@@ -123,7 +123,7 @@
     <string name="settings_uninstall_temporary">Désinstaller temporairement</string>
     <string name="settings_uninstall_permanent">Désinstaller définitivement</string>
     <string name="settings_restore_stock_image">Restaurer l\'image d\'origine</string>
-    <string name="settings_restore_stock_image_message">Restaurer l\'image d\'origine d\'usine (s\'il en existe une sauvegarde), option généralement utilisée avant une mise à jour OTA ; si vous avez besoin de désinstaller KernelSU, utilisez plutôt l\'option « Désinstaller définitivement ».</string>
+    <string name="settings_restore_stock_image_message">Restaurer l\'image d\'origine d\'usine (s\'il en existe une sauvegarde), option généralement utilisée avant une mise à jour OTA ; si vous avez besoin de désinstaller KernelSU, utilisez plutôt l\'option « Désinstaller définitivement ».</string>
     <string name="flashing">Flash en cours</string>
     <string name="flash_success">Flash réussi</string>
     <string name="flash_failed">Échec du flash</string>

manager/app/src/main/res/values-in/strings.xml

@@ -88,7 +88,7 @@
     <string name="app_profile_import_from_clipboard">Impor dari papan klip</string>
     <string name="module_changelog_failed">Gagal mengambil Changelog: %s</string>
     <string name="app_profile_template_name">Nama</string>
-    <string name="app_profile_template_id_invalid">Id templat tidak valid</string>
+    <string name="app_profile_template_id_invalid">ID template tidak valid</string>
     <string name="app_profile_template_sync">Sinkronkan templat daring</string>
     <string name="app_profile_template_create">Buat templat</string>
     <string name="app_profile_import_export">Impor/Ekspor</string>
@@ -104,7 +104,7 @@
     <string name="app_profile_template_view">Lihat templat</string>
     <string name="app_profile_template_readonly">readonly</string>
     <string name="enable_web_debugging">Pengawakutuan WebView</string>
-    <string name="enable_web_debugging_summary">Dapat mengawakutu WebView, hanya aktifkan jika butuh.</string>
+    <string name="enable_web_debugging_summary">Dapat digunakan untuk men-debug WebUI. Harap aktifkan hanya bila diperlukan.</string>
     <string name="select_file_tip">%1$s image partisi terekomendasi</string>
     <string name="select_kmi">Pilih KMI</string>
     <string name="install_next">Selanjutnya</string>

manager/app/src/main/res/values-ja/strings.xml

@@ -88,7 +88,7 @@
     <string name="app_profile_import_from_clipboard">クリップボードからインポート</string>
     <string name="module_changelog_failed">変更ログの取得に失敗しました: %s</string>
     <string name="app_profile_template_name">名前</string>
-    <string name="app_profile_template_id_invalid">無効なテンプレート id</string>
+    <string name="app_profile_template_id_invalid">無効なテンプレート ID</string>
     <string name="app_profile_template_sync">オンラインテンプレートの同期</string>
     <string name="app_profile_template_create">テンプレートの作成</string>
     <string name="app_profile_template_readonly">読み取り専用</string>

manager/app/src/main/res/values-ko/strings.xml

@@ -131,4 +131,6 @@
     <string name="settings_check_update">업데이트 확인</string>
     <string name="settings_check_update_summary">앱 실행시 자동으로 업데이트 확인</string>
     <string name="log_saved">로그 저장됨</string>
+    <string name="module_sort_enabled_first">정렬 (활성화됨 우선)</string>
+    <string name="module_sort_action_first">정렬 (동작이 있는 것 우선)</string>
 </resources>

manager/app/src/main/res/values-ms/strings.xml

@@ -3,36 +3,36 @@
     <string name="selinux_status_unknown">Tidak Diketahui</string>
     <string name="selinux_status_disabled">Lumpuhkan</string>
     <string name="selinux_status_permissive">Permisif</string>
-    <string name="reboot_download">Mulakan semula ke Download</string>
-    <string name="module_failed_to_enable">Modul tidak berjaya Diaktifkan:%s</string>
-    <string name="reboot_edl">Mulakan semula ke EDL</string>
-    <string name="home_superuser_count">Superusers%d</string>
-    <string name="home_module_count">Modul%d</string>
+    <string name="reboot_download">Reboot ke Download</string>
+    <string name="module_failed_to_enable">Modul tidak berjaya diaktifkan: %s</string>
+    <string name="reboot_edl">Reboot ke EDL</string>
+    <string name="home_superuser_count">Superusers: %d</string>
+    <string name="home_module_count">Modul: %d</string>
     <string name="selinux_status_enforcing">Enforcing</string>
     <string name="home_fingerprint">Cap Jari</string>
-    <string name="reboot_recovery">Mulakan semula ke Recovery</string>
-    <string name="reboot_userspace">Soft reboot</string>
+    <string name="reboot_recovery">Reboot ke Recovery</string>
+    <string name="reboot_userspace">Soft Reboot</string>
     <string name="uninstall">Padam</string>
     <string name="module_install">Pasang</string>
     <string name="home_click_to_install">Tekan untuk memasang</string>
     <string name="module">Modul</string>
     <string name="about">Tentang</string>
-    <string name="home_working_version">Versi%d</string>
-    <string name="reboot">Mulakan semula</string>
+    <string name="home_working_version">Versi: %d</string>
+    <string name="reboot">Reboot</string>
     <string name="home_unsupported_reason">KernelSU ketika ini hanya menyokong kernel GKI</string>
     <string name="home_selinux_status">Status SELinux</string>
     <string name="home_unsupported">Tidak Disokong</string>
     <string name="home">Layar Utama</string>
     <string name="module_uninstall_confirm">Apakah anda pasti ingin membuang modul %s\?</string>
-    <string name="superuser">SuperUser</string>
+    <string name="superuser">Superuser</string>
     <string name="settings">Tetapan</string>
     <string name="home_working">Berjalan</string>
-    <string name="module_failed_to_disable">Gagal mematikan modul:%s</string>
+    <string name="module_failed_to_disable">Gagal mematikan modul: %s</string>
     <string name="module_empty">Tiada modul dipasang</string>
     <string name="install">Pasang</string>
     <string name="home_kernel">Kernel</string>
     <string name="home_not_installed">Tidak terpasang</string>
-    <string name="reboot_bootloader">Mulakan semula ke bootloader</string>
-    <string name="home_manager_version">Versi Manager</string>
+    <string name="reboot_bootloader">Reboot ke Bootloader</string>
+    <string name="home_manager_version">Versi manager</string>
     <string name="save_log">Simpan Log</string>
 </resources>

manager/app/src/main/res/values-nl/strings.xml

@@ -85,7 +85,7 @@
     <string name="app_profile_template_create">Maken sjabloon</string>
     <string name="app_profile_template_edit">Bewerkin sjabloon</string>
     <string name="app_profile_template_id">ID</string>
-    <string name="app_profile_template_id_invalid">Ongeldige sjabloon id</string>
+    <string name="app_profile_template_id_invalid">Ongeldige sjabloon ID</string>
     <string name="app_profile_template_name">Naam</string>
     <string name="app_profile_template_save">Redde</string>
     <string name="app_profile_template_view">Bekijken sjabloon</string>

manager/app/src/main/res/values-pt-rBR/strings.xml

@@ -125,8 +125,8 @@
     <string name="settings_uninstall_permanent">Desinstalar permanentemente</string>
     <string name="settings_restore_stock_image">Restaurar imagem de fábrica</string>
     <string name="settings_restore_stock_image_message">Restaure a imagem de fábrica (se existir um backup), geralmente usada antes do OTA. Se você precisar desinstalar o KernelSU, use \"Desinstalar permanentemente\".</string>
-    <string name="settings_uninstall_temporary_message">Desinstale temporariamente o KernelSU e restaure ao estado original após a próxima reinicialização</string>
-    <string name="settings_uninstall_permanent_message">Desinstale o KernelSU (root e todos os módulos) completamente e permanentemente</string>
+    <string name="settings_uninstall_temporary_message">Desinstale temporariamente o KernelSU e restaure ao estado original após a próxima reinicialização.</string>
+    <string name="settings_uninstall_permanent_message">Desinstale o KernelSU (root e todos os módulos) completamente e permanentemente.</string>
     <string name="selected_lkm">LKM selecionado: %s</string>
     <string name="flash_failed">Flash falhou</string>
     <string name="flashing">Flashando</string>

manager/app/src/main/res/values-ru/strings.xml

@@ -91,7 +91,7 @@
     <string name="app_profile_import_from_clipboard">Импортировать из буфера обмена</string>
     <string name="module_changelog_failed">Не удалось получить список изменений: %s</string>
     <string name="app_profile_template_name">Название</string>
-    <string name="app_profile_template_id_invalid">Неверный id шаблона</string>
+    <string name="app_profile_template_id_invalid">Неверный ID шаблона</string>
     <string name="app_profile_template_sync">Синхронизировать онлайн-шаблоны</string>
     <string name="app_profile_template_create">Создать шаблон</string>
     <string name="app_profile_template_readonly">Только чтение</string>
@@ -137,6 +137,6 @@
     <string name="save_log">Сохранить логи</string>
     <string name="action">Действие</string>
     <string name="log_saved">Логи сохранены</string>
-    <string name="module_sort_action_first">Сортировка (Сначала с действием)</string>
+    <string name="module_sort_action_first">Сортировать (Сначала с действием)</string>
     <string name="module_sort_enabled_first">Сортировать (Сначала включённые)</string>
 </resources>

manager/app/src/main/res/values-th/strings.xml

@@ -113,7 +113,7 @@
     <string name="install_inactive_slot">ติดตั้งลงในสล็อตที่ไม่ใช้งาน (หลังจาก OTA)</string>
     <string name="direct_install">ติดตั้งโดยตรง (แนะนำ)</string>
     <string name="select_file_tip">แนะนำให้ใช้อิมเมจพาร์ติชัน %1$s</string>
-    <string name="enable_web_debugging_summary">สามารถใช้เพื่อดีบัก WebUI โปรดเปิดใช้งานเมื่อจำเป็นเท่านั้น</string>
+    <string name="enable_web_debugging_summary">ใช้เพื่อดีบัก WebUI เท่านั้น โปรดเปิดใช้งานเมื่อจำเป็น</string>
     <string name="install_inactive_slot_warning">อุปกรณ์ของคุณจะถูก **บังคับ** ให้บูตไปยังสล็อตที่ไม่ได้ใช้งานหลังจากรีบูต!
 \nโปรดใช้ตัวเลือกนี้หลังจาก OTA เสร็จแล้วเท่านั้น
 \nดำเนินการต่อหรือไม่?</string>