Hook syscalls and stable symbols

[anotherjin]

1. Replace do_execveat_common with sys_execve and sys_execveat
2. Replace input_handle_event with input_event and input_inject_event

Tested on android12-5.10-2024-04, android13-5.15-2024-04. android14-6.1-2024-04

[tiann]

There are generally several scenarios where su is needed:

1. Call su through shell, i.e. /system/bin/sh
2. Call Runtime.exec() directly in Java
3. Call execve directly in jni

Therefore, I think we don't need to handle so many execve calls, because:

1. The compat_ series is not needed; because we don't support 32-bit ourselves; for the case of "kernel is 64-bit, but system is 32-bit", this situation did exist, but we have never provided a 32-bit manager, so it has never been supported, too.
2. The execveat series does not need to be handled; because
   • Android's shell ash always uses execve when executing commands (http://aospxref.com/android-14.0.0_r2/xref/external/mksh/src/exec.c)
   • Runtime.exec always uses execve (http://aospxref.com/android-14.0.0_r2/xref/libcore/ojluni/src/main/native/UNIXProcess_md.c#666)
   • If you write jni code yourself, you can use execve directly;

I think it should work fine to remove those three kprobes.

[anotherjin]

There are generally several scenarios where su is needed:

1. Call su through shell, i.e. /system/bin/sh
2. Call Runtime.exec() directly in Java
3. Call execve directly in jni

Therefore, I think we don't need to handle so many execve calls, because:

1. The compat_ series is not needed; because we don't support 32-bit ourselves; for the case of "kernel is 64-bit, but system is 32-bit", this situation did exist, but we have never provided a 32-bit manager, so it has never been supported, too.

2. The execveat series does not need to be handled; because

   • Android's shell ash always uses execve when executing commands (http://aospxref.com/android-14.0.0_r2/xref/external/mksh/src/exec.c)
   • Runtime.exec always uses execve (http://aospxref.com/android-14.0.0_r2/xref/libcore/ojluni/src/main/native/UNIXProcess_md.c#666)
   • If you write jni code yourself, you can use execve directly;

I think it should work fine to remove those three kprobes.

In old implemention, hooking do_execveat_common equals hooking those syscalls since they calls this function. I'll remove these hooks you think it useless in a new commit, but I'm not sure about whether it will break any application.

[anotherjin]

fixed

[tiann]

drivers/kernelsu/sucompat.c:278:17: error: use of undeclared identifier 'SYS_EXECVE_SYMBOL'
.symbol_name = SYS_EXECVE_SYMBOL,
^
1 error generated.
make[2]: *** [scripts/Makefile.build:287: drivers/kernelsu/sucompat.o] Error 1
make[1]: *** [scripts/Makefile.build:549: drivers/kernelsu] Error 2
make: *** [Makefile:1957: drivers] Error 2

x86_64 failed

[anotherjin]

drivers/kernelsu/sucompat.c:278:17: error: use of undeclared identifier 'SYS_EXECVE_SYMBOL'
.symbol_name = SYS_EXECVE_SYMBOL,
^
1 error generated.
make[2]: *** [scripts/Makefile.build:287: drivers/kernelsu/sucompat.o] Error 1
make[1]: *** [scripts/Makefile.build:549: drivers/kernelsu] Error 2
make: *** [Makefile:1957: drivers] Error 2

x86_64 failed

Fixed in 14def44