Revert "fs: suspicious-fs: Introduce kstat spoofing"

This reverts commit 36066c8. This wouldn't work anyway if (((they))) actually read the file. Better umount the damn thing. Good thing we have KernelSU so handle it there tiann/KernelSU#1494
backslashxx · Mar 22, 2024 · 3e1b2a2 · 3e1b2a2
1 parent 086d18d
commit 3e1b2a2
Show file tree

Hide file tree

Showing 3 changed files with 0 additions and 55 deletions.
diff --git a/fs/stat.c b/fs/stat.c
@@ -204,12 +204,6 @@ int vfs_statx(int dfd, const char __user *filename, int flags,
 		goto out;
 
 	error = vfs_getattr(&path, stat, request_mask, flags);
-
-#ifdef CONFIG_SUS_FS	
-	if (!error)
-		check_if_spoof_kstat(&path, stat);
-#endif
-
 	path_put(&path);
 	if (retry_estale(error, lookup_flags)) {
 		lookup_flags |= LOOKUP_REVAL;

diff --git a/fs/suspicious.c b/fs/suspicious.c
@@ -54,54 +54,6 @@ static uid_t getuid(void) {
 
 }
 
-static void do_spoof_kstat_hosts(struct kstat* const stat) {
-// Change the HOSTS_TIME for atime,mtime,ctime accordingly
-#define HOSTS_TIME 1230768000 //since Epoch: 1230768000 -> 2009-01-01 08:00:00.000000000
-// Change the HOSTS_SIZE for file size accordingly */
-#define HOSTS_SIZE 56
-	if (stat != NULL) {
-		// assign your own value below accordingly
-		stat->atime.tv_sec = HOSTS_TIME;
-		stat->atime.tv_nsec = 0;
-		stat->mtime.tv_sec = HOSTS_TIME;
-		stat->mtime.tv_nsec = 0;
-		stat->ctime.tv_sec = HOSTS_TIME;
-		stat->ctime.tv_nsec = 0;
-		//uncomment 'stat->size' below if you need to spoof the file size as well
-		// stat->size = HOSTS_SIZE;
-	}
-}
-
-static const char* const spoof_kstat_paths[] = {
-	"/system/etc/hosts"
-};
-// Be careful to not mess up the order with 'spoof_kstat_paths[]'
-static void (*fn_ptr_spoof_kstat[])(struct kstat* const) = {
-    do_spoof_kstat_hosts
-};
-
-void check_if_spoof_kstat(struct path* const path, struct kstat* const stat) {
-	char pathname[128]; // change to a larger buffer size if there are longer absolute path names you want to spoof
-	char *p_pathname;
-	int index;
-
-	if (!uid_matches()) {
-		return;
-	}
-
-	for (index = 0; index < ARRAY_SIZE(spoof_kstat_paths); index++) {
-		p_pathname = d_path(path, pathname, sizeof(pathname));
-		if (!IS_ERR(p_pathname)) {
-			const char* const name = spoof_kstat_paths[index];
-			if (memcmp(name, p_pathname, strlen(name)) == 0) {
-				printk(KERN_INFO "suspicious-fs: spoofing kstat for path '%s' to process with UID %i\n", name, getuid());
-				fn_ptr_spoof_kstat[index](stat);
-				return;
-			}
-		}
-	}
-}
-
 int is_suspicious_path(const struct path* const file)
 {
 

diff --git a/include/linux/suspicious.h b/include/linux/suspicious.h
@@ -7,7 +7,6 @@
 #define getname_safe(name) (name == NULL ? ERR_PTR(-EINVAL) : getname(name))
 #define putname_safe(name) (IS_ERR(name) ? NULL : putname(name))
 
-void check_if_spoof_kstat(struct path* const path, struct kstat* const stat);
 int is_suspicious_path(const struct path* const file);
 int is_suspicious_mount(struct vfsmount* const mnt, const struct path* const root);
 int suspicious_path(const struct filename* const name);