From e3e4d2eed49fc1334fae5831b3cd49e084825cf5 Mon Sep 17 00:00:00 2001
From: Ylarod <me@ylarod.cn>
Date: Sat, 6 Jan 2024 08:59:30 +0800
Subject: [PATCH 01/30] Try umount `/sbin` in kernel (#1257)

---
 kernel/core_hook.c | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/kernel/core_hook.c b/kernel/core_hook.c
index 0cfc7872c2fc..998ff5b29e4d 100644
--- a/kernel/core_hook.c
+++ b/kernel/core_hook.c
@@ -569,7 +569,10 @@ int ksu_handle_setuid(struct cred *new, const struct cred *old)
 	try_umount("/vendor", true, 0);
 	try_umount("/product", true, 0);
 	try_umount("/data/adb/modules", false, MNT_DETACH);
+
+	// try umount ksu temp path
 	try_umount("/debug_ramdisk", false, MNT_DETACH);
+	try_umount("/sbin", false, MNT_DETACH);
 
 	return 0;
 }

From fd7681c3ff99f70e3d929b742d0632bdd28b7ed6 Mon Sep 17 00:00:00 2001
From: Ylarod <me@ylarod.cn>
Date: Sat, 6 Jan 2024 10:28:06 +0800
Subject: [PATCH 02/30] [skip ci] Skip building kernel in draft pr (#1256)

---
 .github/workflows/build-kernel-a12.yml   | 2 +-
 .github/workflows/build-kernel-a13.yml   | 2 +-
 .github/workflows/build-kernel-a14.yml   | 2 +-
 .github/workflows/build-kernel-arcvm.yml | 1 +
 .github/workflows/build-kernel-wsa.yml   | 1 +
 5 files changed, 5 insertions(+), 3 deletions(-)

diff --git a/.github/workflows/build-kernel-a12.yml b/.github/workflows/build-kernel-a12.yml
index ca2d9b7e70f4..b3d0f6f9ff1e 100644
--- a/.github/workflows/build-kernel-a12.yml
+++ b/.github/workflows/build-kernel-a12.yml
@@ -124,7 +124,7 @@ jobs:
           path: Image-android12*/*.img.gz
 
   check-build-kernel:
-    if: github.event_name == 'pull_request'
+    if: github.event_name == 'pull_request' && !github.event.pull_request.draft
     uses: ./.github/workflows/gki-kernel.yml
     with:
       version: android12-5.10
diff --git a/.github/workflows/build-kernel-a13.yml b/.github/workflows/build-kernel-a13.yml
index 18984cc7212e..a27c6f821379 100644
--- a/.github/workflows/build-kernel-a13.yml
+++ b/.github/workflows/build-kernel-a13.yml
@@ -151,7 +151,7 @@ jobs:
           path: Image-android13*/*.img.gz
 
   check-build-kernel:
-    if: github.event_name == 'pull_request'
+    if: github.event_name == 'pull_request' && !github.event.pull_request.draft
     strategy:
       matrix:
         include:
diff --git a/.github/workflows/build-kernel-a14.yml b/.github/workflows/build-kernel-a14.yml
index 0a650efc4056..e03fea074e85 100644
--- a/.github/workflows/build-kernel-a14.yml
+++ b/.github/workflows/build-kernel-a14.yml
@@ -115,7 +115,7 @@ jobs:
           path: Image-android14*/*.img.gz
 
   check-build-kernel:
-    if: github.event_name == 'pull_request'
+    if: github.event_name == 'pull_request' && !github.event.pull_request.draft
     strategy:
       matrix:
         include:
diff --git a/.github/workflows/build-kernel-arcvm.yml b/.github/workflows/build-kernel-arcvm.yml
index 4c79c0aec358..6fb662fe1c31 100644
--- a/.github/workflows/build-kernel-arcvm.yml
+++ b/.github/workflows/build-kernel-arcvm.yml
@@ -15,6 +15,7 @@ on:
 
 jobs:
   build:
+    if: github.event_name == 'pull_request' && !github.event.pull_request.draft
     strategy:
       matrix:
         arch: [x86_64]
diff --git a/.github/workflows/build-kernel-wsa.yml b/.github/workflows/build-kernel-wsa.yml
index c8a7f94d726a..8319ff576449 100644
--- a/.github/workflows/build-kernel-wsa.yml
+++ b/.github/workflows/build-kernel-wsa.yml
@@ -15,6 +15,7 @@ on:
 
 jobs:
   build:
+    if: github.event_name == 'pull_request' && !github.event.pull_request.draft
     strategy:
       matrix:
         arch: [x86_64, arm64]

From c7a9655ab9b3fbc0cdaf8adfa3589bf27b4bd4ec Mon Sep 17 00:00:00 2001
From: igor <134963561+igormiguell@users.noreply.github.com>
Date: Fri, 5 Jan 2024 23:28:50 -0300
Subject: [PATCH 03/30] website: update installation instructions and fix some
 typos (#1255)

---
 website/docs/pt_BR/guide/app-profile.md      |   8 +-
 website/docs/pt_BR/guide/faq.md              |   2 +-
 website/docs/pt_BR/guide/installation.md     | 136 ++++++++++---------
 website/docs/pt_BR/guide/what-is-kernelsu.md |   2 +-
 website/docs/pt_BR/index.md                  |   4 +-
 5 files changed, 82 insertions(+), 70 deletions(-)

diff --git a/website/docs/pt_BR/guide/app-profile.md b/website/docs/pt_BR/guide/app-profile.md
index f724327ad6b4..378741aa3f40 100644
--- a/website/docs/pt_BR/guide/app-profile.md
+++ b/website/docs/pt_BR/guide/app-profile.md
@@ -37,7 +37,7 @@ O Perfil Root do KernelSU permite a personalização do UID, GID e grupos para o
 O Perfil do Aplicativo controla apenas as permissões do processo root após usar `su`, e ele não controla as permissões do próprio app. Se um app solicitou permissão de acesso à rede, ele ainda poderá acessar a rede mesmo sem usar `su`. Remover o grupo `inet` de `su` apenas impede que `su` acesse a rede.
 :::
 
-O Perfil Root é aplicado no kernel e não depende do comportamento voluntário de apps root, ao contrário da troca de usuários ou grupos por meio de `su`, a concessão da permissão `su` depende inteiramente do usuário e não do desenvolvedor.
+O Perfil Root é aplicado no kernel e não depende do comportamento voluntário de apps root, ao contrário da troca de usuários ou grupos por meio de `su` A concessão da permissão `su` depende inteiramente do usuário e não do desenvolvedor.
 
 ### Capacidades
 
@@ -93,8 +93,8 @@ Se a configuração do Perfil Root não estiver definida corretamente, poderá o
 
 Por exemplo, se você conceder permissão root a um usuário ADB shell (que é um caso comum) e, em seguida, conceder permissão root a um app normal, mas configurar seu Perfil Root com UID 2000 (que é o UID do usuário ADB shell), o app pode obter acesso root completo executando o comando `su` duas vezes:
 
-1. A primeira execução `su` está sujeita à aplicação do Perfil do Aplicativo e mudará para UID `2000` (adb shell) em vez de `0` (root).
-2. A segunda execução `su`, como o UID é `2000` e você concedeu acesso root ao UID `2000` (adb shell) na configuração, o app obterá privilégio de root completo.
+1. A primeira execução `su` está sujeita à aplicação do Perfil do Aplicativo e mudará para UID `2000` (ADB shell) em vez de `0` (root).
+2. A segunda execução `su`, como o UID é `2000` e você concedeu acesso root ao UID `2000` (ADB shell) na configuração, o app obterá privilégio de root completo.
 
 :::warning OBSERVAÇÃO
 Este comportamento é totalmente esperado e não é um bug. Portanto, recomendamos o seguinte:
@@ -114,5 +114,5 @@ Além disso, a interface de configurações do gerenciador KernelSU fornece uma
 2. Desative a opção "desmontar módulos por padrão" e ative individualmente a opção "desmontar módulos" no Perfil do Aplicativo para apps que exigem descarregamento do módulo (agindo como uma "lista negra").
 
 :::info INFORMAÇÕES
-Em dispositivos que utilizam kernel versão 5.10 e superior, o kernel realiza o descarregamento dos módulos. No entanto, para dispositivos que executam versões de kernel abaixo de 5.10, essa opção é apenas uma opção de configuração e o próprio KernelSU não executa nenhuma ação. Alguns módulos, como Zygisksu, podem usar essa opção para determinar se o descarregamento do módulo é necessário.
+Em dispositivos que utilizam kernel versão 5.10 e superior, o kernel realiza o descarregamento dos módulos. No entanto, para dispositivos que executam versões de kernel abaixo de 5.10, essa opção é apenas uma opção de configuração e o próprio KernelSU não executa nenhuma ação. Alguns módulos, como ZygiskNext, podem usar essa opção para determinar se o descarregamento do módulo é necessário.
 :::
diff --git a/website/docs/pt_BR/guide/faq.md b/website/docs/pt_BR/guide/faq.md
index 5a49fc573e7f..a9fe2d20d5cd 100644
--- a/website/docs/pt_BR/guide/faq.md
+++ b/website/docs/pt_BR/guide/faq.md
@@ -63,6 +63,6 @@ GKI1 é completamente diferente do GKI2, você deve compilar o kernel sozinho.
 
 Não recomendamos que você modifique a partição do sistema diretamente. Você deve usar [Guias de módulo](module.md) para modificá-lo sem sistema. Se você insiste em fazer isso, verifique [magisk_overlayfs](https://github.com/HuskyDG/magic_overlayfs).
 
-## O KernelSU pode modificar hosts? Como posso usar o AdAday?
+## O KernelSU pode modificar hosts? Como posso usar AdAway?
 
 Claro. Mas o KernelSU não tem suporte a hosts integrados, você pode instalar [systemless-hosts](https://github.com/symbuzzer/systemless-hosts-KernelSU-module) para fazer isso.
diff --git a/website/docs/pt_BR/guide/installation.md b/website/docs/pt_BR/guide/installation.md
index 8c15e5564187..831fd32bff2a 100644
--- a/website/docs/pt_BR/guide/installation.md
+++ b/website/docs/pt_BR/guide/installation.md
@@ -4,16 +4,16 @@
 
 Baixe o app gerenciador do KernelSU em [GitHub Releases](https://github.com/tiann/KernelSU/releases), e instale-o no seu dispositivo:
 
-- Se o app mostrar `Sem suporte`, significa que **você deve compilar o kernel sozinho**, o KernelSU não fornecerá e nunca fornecerá uma boot image para você instalar.
+- Se o app mostrar `Sem suporte`, significa que **você deve compilar o kernel sozinho**. O KernelSU não fornecerá e nunca fornecerá uma boot.img para você instalar.
 - Se o app mostrar `Não instalado`, então seu dispositivo é oficialmente suportado pelo KernelSU.
 
 ::: info INFORMAÇÕES
-Para dispositivos mostrando `Sem suporte`, aqui está os [Dispositivos com suporte não oficial](unofficially-support-devices.md), você mesmo pode compilar o kernel.
+Para dispositivos mostrando `Sem suporte`, aqui está os [Dispositivos com suporte não oficial](unofficially-support-devices.md). Você mesmo pode compilar o kernel.
 :::
 
 ## Backup padrão do boot.img
 
-Antes de fazer o flash, você deve primeiro fazer backup de seu boot.img padrão. Se você encontrar algum bootloop, você sempre pode restaurar o sistema voltando para o boot de fábrica usando o fastboot.
+Antes de fazer o flash, você deve primeiro fazer backup de seu boot.img padrão. Se você encontrar algum bootloop, você sempre pode restaurar o sistema voltando para o boot padrão de fábrica usando o fastboot.
 
 ::: warning AVISO
 Flashar pode causar perda de dados, certifique-se de executar esta etapa bem antes de prosseguir para a próxima! Você também pode fazer backup de todos os dados do seu telefone, se necessário.
@@ -27,9 +27,9 @@ Por padrão, você usará as ferramentas ADB e fastboot neste tutorial, portanto
 
 ### KMI
 
-Kernel Module Interface (KMI), versões de kernel com o mesmo KMI são **compatíveis**, isso é o que "geral" significa no GKI; por outro lado, se o KMI for diferente, então esses kernels não são compatíveis entre si, e atualizar uma imagem do kernel com um KMI diferente do seu dispositivo pode causar um bootloop.
+Kernel Module Interface (KMI), versões de kernel com o mesmo KMI são **compatíveis**, isso é o que "geral" significa no GKI. Por outro lado, se o KMI for diferente, então esses kernels não são compatíveis entre si, e atualizar uma imagem do kernel com um KMI diferente do seu dispositivo pode causar um bootloop.
 
-Especificamente, para dispositivos GKI, o formato da versão do kernel deve ser o seguinte:
+Especificamente, para dispositivos GKI, o formato da versão do kernel deve ser a seguinte:
 
 ```txt
 KernelRelease :=
@@ -45,7 +45,7 @@ Observe que o SubLevel na versão do kernel não faz parte do KMI! Isso signific
 
 ### Nível do patch de segurança {#security-patch-level}
 
-Dispositivos Android mais recentes podem ter mecanismos anti-rollback que não permitem a atualização de uma imagem de inicialização com um nível de patch de segurança antigo. Por exemplo, se o kernel do seu dispositivo for `5.10.101-android12-9-g30979850fc20`, o patch de segurança será `2023-11`, mesmo se você atualizar o kernel consistente com o KMI do kernel, se o nível do patch de segurança for anterior a `2023-11` (como `2023-06`), então isso pode causar bootloop.
+Dispositivos Android mais recentes podem ter mecanismos anti-rollback que não permitem flashar uma boot.img com um nível de patch de segurança antigo. Por exemplo, se o kernel do seu dispositivo for `5.10.101-android12-9-g30979850fc20`, o patch de segurança será `2023-11`, mesmo se você atualizar o kernel consistente com o KMI do kernel, se o nível do patch de segurança for anterior a `2023-11` (como `2023-06`), então isso pode causar bootloop.
 
 Portanto, os kernels com os níveis de patch de segurança mais recentes são preferidos, mantendo a consistência do KMI.
 
@@ -59,51 +59,22 @@ Se você descobrir que a versão do seu kernel é `android12-5.10.101`, mas a ve
 
 Existem vários métodos de instalação do KernelSU, cada um adequado para um cenário diferente, portanto escolha conforme necessário.
 
-1. Instalar com Recovery personalizado (por exemplo, TWRP)
-2. Instalar com um app kernel flash, como Franco Kernel Manager
-3. Instalar com fastboot usando o boot.img fornecido por KernelSU
-4. Repare o boot.img manualmente e instale-o
-
-## Instalar com Recovery personalizado
-
-Pré-requisito: Seu dispositivo deve ter um Recovery personalizado, como TWRP. Se apenas o Recovery oficial estiver disponível, use outro método.
-
-Etapa:
-
-1. Na [página de lançamento](https://github.com/tiann/KernelSU/releases) do KernelSU, baixe o pacote zip começando com AnyKernel3 que corresponde à versão do seu telefone; por exemplo, a versão do kernel do telefone é `android12-5.10. 66`, então você deve baixar o arquivo `AnyKernel3-android12-5.10.66_yyyy-MM.zip` (onde `yyyy` é o ano e `MM` é o mês).
-2. Reinicie o telefone no TWRP.
-3. Use o adb para colocar AnyKernel3-*.zip no telefone /sdcard e escolha instalá-lo na interface do TWRP; ou você pode diretamente `adb sideload AnyKernel-*.zip` para instalar.
-
-PS. Este método é adequado para qualquer instalação (não limitado à instalação inicial ou atualizações subsequentes), desde que você use TWRP.
-
-## Instalar com Kernel Flasher
-
-Pré-requisito: Seu dispositivo deve estar rooteado. Por exemplo, você instalou o Magisk para obter root ou instalou uma versão antiga do KernelSU e precisa atualizar para outra versão do KernelSU. Se o seu dispositivo não estiver rooteado, tente outros métodos.
-
-Etapa:
-
-1. Baixe o zip AnyKernel3; consulte a seção *Instalar com Recovery personalizado* para obter instruções de download.
-2. Abra o app Kernel Flash e use o zip AnyKernel3 fornecido para fazer o flash.
-
-Se você nunca usou algum app kernel flash antes, os seguintes são os mais populares.
-
-1. [Kernel Flasher](https://github.com/capntrips/KernelFlasher/releases)
-2. [Franco Kernel Manager](https://play.google.com/store/apps/details?id=com.franco.kernel)
-3. [Ex Kernel Manager](https://play.google.com/store/apps/details?id=flar2.exkernelmanager)
-
-PS. Este método é mais conveniente ao atualizar o KernelSU e pode ser feito sem um computador (backup primeiro).
+1. Instalar com fastboot usando o boot.img fornecido por KernelSU
+2. Instalar com um app kernel flash, como KernelFlasher
+3. Repare o boot.img manualmente e instale-o
+4. Instalar com Recovery personalizado (por exemplo, TWRP)
 
 ## Instalar com o boot.img fornecido por KernelSU
 
-Este método não requer que você tenha TWRP, nem que seu telefone tenha privilégios de root; é adequado para sua primeira instalação do KernelSU.
+Se o `boot.img` do seu dispositivo usa um formato de compactação comumente usado, você pode usar as imagens GKI fornecidas pelo KernelSU para atualizá-lo diretamente. Não requer TWRP ou autocorreção da imagem.
 
 ### Encontre o boot.img adequado
 
 O KernelSU fornece um boot.img genérico para dispositivos GKI e você deve liberar o boot.img para a partição boot do dispositivo.
 
-Você pode baixar o boot.img em [GitHub Release](https://github.com/tiann/KernelSU/releases), por favor, observe que você deve usar a versão correta do boot.img. Por exemplo, se o seu dispositivo exibe o kernel `android12-5.10.101` , você precisa baixar `android-5.10.101_yyyy-MM.boot-<format>.img`. (Mantenha o KMI consistente!)
+Você pode baixar o boot.img em [GitHub Release](https://github.com/tiann/KernelSU/releases), por favor, observe que você deve usar a versão correta do boot.img. Se você não sabe qual arquivo baixar, leia atentamente a descrição de [KMI](#kmi) e [Nível do patch de segurança](#security-patch-level) neste documento.
 
-Onde `<format>` se refere ao formato de compactação do kernel do seu boot.img oficial, por favor, verifique o formato de compactação do kernel de seu boot.img original. Você deve usar o formato correto, por exemplo: `lz4`, `gz`. Se você usar um formato de compactação incorreto, poderá encontrar bootloop.
+Normalmente, existem três arquivos de inicialização em formatos diferentes no mesmo KMI e nível do patch de segurança. Eles são todos iguais, exceto pelo formato de compactação do kernel. Por favor, verifique o formato de compactação do kernel de seu boot.img original. Você deve usar o formato correto, como `lz4`, `gz`. Se você usar um formato de compactação incorreto, poderá encontrar bootloop após flashar o boot.img.
 
 ::: info INFORMAÇÕES
 1. Você pode usar o magiskboot para obter o formato de compactação de seu boot original; é claro que você também pode perguntar a outras pessoas mais experientes com o mesmo modelo do seu dispositivo. Além disso, o formato de compactação do kernel geralmente não muda, portanto, se você inicializar com êxito com um determinado formato de compactação, poderá tentar esse formato mais tarde.
@@ -113,7 +84,7 @@ Onde `<format>` se refere ao formato de compactação do kernel do seu boot.img
 
 ### Flash boot.img para o dispositivo
 
-Use o `adb` para conectar seu dispositivo, execute `adb reboot bootloader` para entrar no modo fastboot e use este comando para atualizar o KernelSU:
+Use o `adb` para conectar seu dispositivo, execute `adb reboot bootloader` para entrar no modo fastboot e use este comando para flashar o KernelSU:
 
 ```sh
 fastboot flash boot boot.img
@@ -131,45 +102,86 @@ Após a conclusão do flash, você deve reiniciar o dispositivo:
 fastboot reboot
 ```
 
+## Instalar com Kernel Flasher
+
+Etapa:
+
+1. Baixe o zip AnyKernel3. Se você não sabe qual arquivo baixar, leia atentamente a descrição de [KMI](#kmi) e [Nível do patch de segurança](#security-patch-level) neste documento.
+2. Abra o app Kernel Flash (conceda as permissões de root necessárias) e use o zip AnyKernel3 fornecido para fazer o flash.
+
+Dessa forma, é necessário que o app Kernel Flasher tenha permissões root. Você pode usar os seguintes métodos para conseguir isso:
+
+1. Seu dispositivo está rooteado. Por exemplo, você instalou o KernelSU e deseja atualizar para a versão mais recente ou fez o root por meio de outros métodos (como Magisk).
+2. Se o seu telefone não estiver rooteado, mas o telefone suportar o método de inicialização temporária de `fastboot boot boot.img`, você pode usar a imagem GKI fornecida pelo KernelSU para inicializar temporariamente o seu dispositivo, obter permissões de root temporária e, em seguida, usar o Kernel Flasher para obter privilégios de root permanente.
+
+1. [Kernel Flasher](https://github.com/capntrips/KernelFlasher/releases)
+2. [Franco Kernel Manager](https://play.google.com/store/apps/details?id=com.franco.kernel)
+3. [Ex Kernel Manager](https://play.google.com/store/apps/details?id=flar2.exkernelmanager)
+
+PS. Este método é mais conveniente ao atualizar o KernelSU e pode ser feito sem um computador (backup primeiro).
+
 ## Corrigir boot.img manualmente
 
-Para alguns dispositivos, o formato boot.img não é tão comum, como `lz4`, `gz` e `uncompressed`. O mais típico é o Pixel, seu formato boot.img é `lz4_legacy` compactado, ramdisk pode ser `gz` também pode ser compactado `lz4_legacy`. Neste momento, se você fleshar diretamente o boot.img fornecido pelo KernelSU, o telefone pode não conseguir inicializar. Neste momento, você pode corrigir manualmente o boot.img para conseguir isso.
+Para alguns dispositivos, o formato boot.img não é tão comum como `lz4`, `gz` e `uncompressed`. O mais típico é o Pixel, seu formato boot.img é `lz4_legacy` compactado, ramdisk pode ser `gz` também pode ser compactado `lz4_legacy`. Neste momento, se você flashar diretamente o boot.img fornecido pelo KernelSU, o telefone pode não conseguir inicializar. Neste momento, você pode corrigir manualmente o boot.img para conseguir isso.
 
-Geralmente existem dois métodos de patch:
+É sempre recomendado usar `magiskboot` para corrigir imagens, existem duas maneiras:
 
-1. [Android-Image-Kitchen](https://forum.xda-developers.com/t/tool-android-image-kitchen-unpack-repack-kernel-ramdisk-win-android-linux-mac.2073775/)
-2. [magiskboot](https://github.com/topjohnwu/Magisk/releases)
+1. [magiskboot](https://github.com/topjohnwu/Magisk/releases)
+2. [magiskboot_build](https://github.com/ookiineko/magiskboot_build/releases/tag/last-ci)
 
-Entre eles, o Android-Image-Kitchen é adequado para operação no PC e o magiskboot precisa da cooperação do telefone.
+A versão oficial do `magiskboot` só pode rodar em dispositivos Android, se você quiser rodar no PC, você pode tentar a segunda.
+
+::: tip DICA
+Android-Image-Kitchen não é recomendado agora, porque ele não lida corretamente com os metadados de inicialização (como o nível do patch de segurança). Portanto, pode não funcionar em alguns dispositivos.
+:::
 
 ### Preparação
 
-1. Obtenha o boot.img padrão do telefone; você pode obtê-lo com os fabricantes do seu dispositivo, você pode precisar do [payload-dumper-go](https://github.com/ssut/payload-dumper-go).
-2. Baixe o arquivo zip AnyKernel3 fornecido pelo KernelSU que corresponde à versão KMI do seu dispositivo (você pode consultar *Instalar com Recovery personalizado*).
+1. Obtenha o boot.img padrão do telefone. Você pode obtê-lo com os fabricantes do seu dispositivo, talvez você precise do [payload-dumper-go](https://github.com/ssut/payload-dumper-go).
+2. Baixe o arquivo zip AnyKernel3 fornecido pelo KernelSU que corresponde à versão KMI do seu dispositivo. Você pode consultar [Instalar com Recovery personalizado](#install-with-custom-recovery).
 3. Descompacte o pacote AnyKernel3 e obtenha o arquivo `Image`, que é o arquivo do kernel do KernelSU.
 
-### Usando o Android-Image-Kitchen
-
-1. Baixe o Android-Image-Kitchen para o seu computador.
-2. Coloque o boot.img padrão na pasta raiz do Android-Image-Kitchen.
-3. Execute `./unpackimg.sh boot.img` no diretório raiz do Android-Image-Kitchen, este comando descompactará o boot.img e você obterá alguns arquivos.
-4. Substitua `boot.img-kernel` no diretório `split_img` pela `Image` que você extraiu do AnyKernel3 (observe a mudança de nome para boot.img-kernel).
-5. Execute `./repackimg.sh` no diretório raiz de 在 Android-Image-Kitchen, e você obterá um arquivo chamado `image-new.img`. Faça o flash deste boot.img por fastboot (consulte a seção anterior).
-
-### Usando o magiskboot
+### Usando o magiskboot em dispositivos Android {#using-magiskboot-on-Android-devices}
 
 1. Baixe o Magisk mais recente em [GitHub Releases](https://github.com/topjohnwu/Magisk/releases).
 2. Renomeie o Magisk-*.apk para Magisk-vesion.zip e descompacte-o.
-3. Envie `Magisk-v25.2/lib/arm64-v8a/libmagiskboot.so` para o seu dispositivo por adb: `adb push Magisk-v25.2/lib/arm64-v8a/libmagiskboot.so /data/local/tmp/magiskboot`.
+3. Envie `Magisk-v25.2/lib/arm64-v8a/libmagiskboot.so` para o seu dispositivo por ADB: `adb push Magisk-v25.2/lib/arm64-v8a/libmagiskboot.so /data/local/tmp/magiskboot`.
 4. Envie o boot.img padrão e Image em AnyKernel3 para o seu dispositivo.
-5. Entre no diretório adb shell e cd `/data/local/tmp/` e, em seguida, `chmod +x magiskboot`.
-6. Entre no shell adb e no diretório cd `/data/local/tmp/`, execute `./magiskboot unpack boot.img` para descompactar `boot.img`, você obterá um arquivo `kernel`, este é o seu kernel padrão.
+5. Entre no ADB shell e no diretório cd `/data/local/tmp/`, em seguida, `chmod +x magiskboot`.
+6. Entre no ADB shell e no diretório cd `/data/local/tmp/`, execute `./magiskboot unpack boot.img` para descompactar `boot.img`, você obterá um arquivo `kernel`, este é o seu kernel padrão.
 7. Substitua `kernel` por `Image`: `mv -f Image kernel`.
 8. Execute `./magiskboot repack boot.img` para reembalar o boot.img, e você obterá um arquivo `new-boot.img`, faça o flash deste arquivo para o dispositivo por fastboot.
 
+### Usando o magiskboot no PC Windows/macOS/Linux {#using-magiskboot-on-PC}
+
+1. Baixe o `magiskboot` adequado para o seu sistema operacional em [magiskboot_build](https://github.com/ookiineko/magiskboot_build/releases/tag/last-ci).
+2. Prepare o boot.img padrão e Image em seu PC.
+3. `chmod +x magiskboot`
+4. Entre no diretório apropriado, execute `./magiskboot unpack boot.img` para descompactar `boot.img`. Você obterá um arquivo `kernel`, este é o seu kernel padrão.
+5. Substitua `kernel` por `Image`: `mv -f Image kernel`.
+6. Execute `./magiskboot repack boot.img` para reembalar o boot.img, e você obterá um arquivo `new-boot.img`, faça o flash deste arquivo para o dispositivo por fastboot.
+
+::: info INFORMAÇÕES
+O `magiskboot` oficial pode executar o dispositivo `Linux` normalmente. Se você for um usuário Linux, você pode usar a versão oficial.
+:::
+
+## Instalar com Recovery personalizado
+
+Pré-requisito: Seu dispositivo deve ter um Recovery personalizado, como TWRP. Se apenas o Recovery oficial estiver disponível, use outro método.
+
+Etapa:
+
+1. Na [página de lançamento](https://github.com/tiann/KernelSU/releases) do KernelSU, baixe o pacote zip começando com AnyKernel3 que corresponde à versão do seu telefone; por exemplo, a versão do kernel do telefone é `android12-5.10. 66`, então você deve baixar o arquivo `AnyKernel3-android12-5.10.66_yyyy-MM.zip` (onde `yyyy` é o ano e `MM` é o mês).
+2. Reinicie o telefone no TWRP.
+3. Use o adb para colocar AnyKernel3-*.zip no telefone /sdcard e escolha instalá-lo na interface do TWRP; ou você pode diretamente `adb sideload AnyKernel-*.zip` para instalar.
+
+PS. Este método é adequado para qualquer instalação (não limitado à instalação inicial ou atualizações subsequentes), desde que você use TWRP.
+
 ## Outros métodos
 
 Na verdade, todos esses métodos de instalação têm apenas uma ideia principal, que é **substituir o kernel original pelo fornecido pelo KernelSU**, desde que isso possa ser alcançado, ele pode ser instalado. Por exemplo, a seguir estão outros métodos possíveis.
 
 1. Primeiro instale o Magisk, obtenha privilégios de root através do Magisk e então use o kernel flasher para fazer o flash no zip AnyKernel do KernelSU.
 2. Use algum kit de ferramentas de flash em PCs para flashar no kernel fornecido pelo KernelSU.
+
+Mas se não funcionar, por favor, tente o método `magiskboot`.
diff --git a/website/docs/pt_BR/guide/what-is-kernelsu.md b/website/docs/pt_BR/guide/what-is-kernelsu.md
index ec8d799b60a9..1716eeebb5a0 100644
--- a/website/docs/pt_BR/guide/what-is-kernelsu.md
+++ b/website/docs/pt_BR/guide/what-is-kernelsu.md
@@ -4,7 +4,7 @@ O KernelSU é uma solução root para dispositivos Android GKI, funciona no modo
 
 ## Características
 
-A principal característica do KernelSU é que ele é **baseado em kernel**. O KernelSU funciona no modo kernel, portanto pode fornecer uma interface de kernel que nunca tivemos antes. Por exemplo, podemos adicionar um ponto de interrupção de hardware a qualquer processo no modo kernel; Podemos acessar a memória física de qualquer processo sem que ninguém perceba; Podemos interceptar qualquer syscall no espaço do kernel; etc.
+A principal característica do KernelSU é que ele é **baseado em kernel**. O KernelSU funciona no modo kernel, portanto pode fornecer uma interface de kernel que nunca tivemos antes. Por exemplo, podemos adicionar um ponto de interrupção de hardware a qualquer processo no modo kernel, podemos acessar a memória física de qualquer processo sem que ninguém perceba, podemos interceptar qualquer syscall no espaço do kernel, etc.
 
 E também, o KernelSU fornece um sistema de módulos via overlayfs, que permite carregar seu plugin personalizado no sistema. Ele também fornece um mecanismo para modificar arquivos na partição `/system`.
 
diff --git a/website/docs/pt_BR/index.md b/website/docs/pt_BR/index.md
index 824c3f410ec1..ad8d2ed6bc57 100644
--- a/website/docs/pt_BR/index.md
+++ b/website/docs/pt_BR/index.md
@@ -24,5 +24,5 @@ features:
     details: Somente apps permitidos podem acessar ou ver su, todos os outros apps não estão cientes disso.
   - title: Privilégios de root personalizáveis
     details: KernelSU permite a personalização de uid, gid, grupos, capacidades e regras SELinux do su, bloqueando privilégios de root.
-  - title: Módulo
-    details: Os módulos podem modificar /system sem sistema usando overlayfs permitindo grande potência.
+  - title: Módulos
+    details: Os módulos podem modificar /system sem sistema usando overlayfs permitindo uma grande potência.

From ddff9ee701845c6063b53805b73bd94f4ac13a31 Mon Sep 17 00:00:00 2001
From: "Weblate (bot)" <hosted@weblate.org>
Date: Sat, 6 Jan 2024 14:27:48 +0100
Subject: [PATCH 04/30] Translations update from Hosted Weblate (#1237)
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

Translations update from [Hosted Weblate](https://hosted.weblate.org)
for
[KernelSU/Manager](https://hosted.weblate.org/projects/kernelsu/manager/).



Current translation status:

![Weblate translation
status](https://hosted.weblate.org/widget/kernelsu/manager/horizontal-auto.svg)

---------

Co-authored-by: Ali Beyaz <alipolatbeyaz@gmail.com>
Co-authored-by: Сергій <sergiy.goncharuk.1@gmail.com>
Co-authored-by: Jia-Bin <cracky.ice@gmail.com>
Co-authored-by: dabao1955 <dabao1955@163.com>
Co-authored-by: I g o r <igormczampola1@gmail.com>
---
 manager/app/src/main/res/values-nl/strings.xml | 12 +++++++-----
 .../app/src/main/res/values-pt-rBR/strings.xml |  6 +++---
 manager/app/src/main/res/values-tr/strings.xml | 18 +++++++++---------
 manager/app/src/main/res/values-uk/strings.xml |  2 +-
 manager/app/src/main/res/values-vi/strings.xml |  4 +++-
 .../app/src/main/res/values-zh-rTW/strings.xml | 16 ++++++++++++++++
 6 files changed, 39 insertions(+), 19 deletions(-)

diff --git a/manager/app/src/main/res/values-nl/strings.xml b/manager/app/src/main/res/values-nl/strings.xml
index 3beda53f3616..36f79e2f6993 100644
--- a/manager/app/src/main/res/values-nl/strings.xml
+++ b/manager/app/src/main/res/values-nl/strings.xml
@@ -17,10 +17,10 @@
     <string name="selinux_status_enforcing">Afgedwongen</string>
     <string name="selinux_status_permissive">Permissief</string>
     <string name="selinux_status_unknown">Niet gekend</string>
-    <string name="superuser">Supergebruiker</string>
+    <string name="superuser">SupergeBruiker</string>
     <string name="module_failed_to_enable">Mislukt om module in te schakelen: %s</string>
     <string name="module_failed_to_disable">Mislukt om module uit te schakelen: %s</string>
-    <string name="module_empty">Geen module geïnstalleerd</string>
+    <string name="module_empty">Geen geïnstalleerde modules</string>
     <string name="module">Module</string>
     <string name="uninstall">Verwijderen</string>
     <string name="module_install">Installeren</string>
@@ -34,7 +34,7 @@
     <string name="reboot_edl">Herstart naar EDL</string>
     <string name="about">Over</string>
     <string name="module_uninstall_confirm">Zeker van het verwijderen van module %s?</string>
-    <string name="module_uninstall_success">%s verwijderd</string>
+    <string name="module_uninstall_success">%s is verwijderd</string>
     <string name="module_uninstall_failed">Mislukt om te verwijderen: %s</string>
     <string name="module_version">Versie</string>
     <string name="module_author">Auteur</string>
@@ -42,7 +42,7 @@
     <string name="refresh">Vernieuwen</string>
     <string name="show_system_apps">Toon systeem apps</string>
     <string name="hide_system_apps">Verberg systeem apps</string>
-    <string name="send_log">Stuur Log</string>
+    <string name="send_log">Rapport Log</string>
     <string name="safe_mode">Safe mode</string>
     <string name="reboot_to_apply">Herstart om effect te hebben</string>
     <string name="module_magisk_conflict">Modules zijn uitgeschakeld omdat ze in conflict zijn met magisk!</string>
@@ -73,11 +73,13 @@
     <string name="profile_selinux_rules">Regels</string>
     <string name="module_update">Update</string>
     <string name="module_downloading">Downloaden van module: %s</string>
-    <string name="new_version_available">Nieuwe versie: %s is beschikbaar, klik om te downloaden</string>
+    <string name="new_version_available">Nieuwe versie: %s is beschikbaar,klik om te upgraden</string>
     <string name="launch_app">Start</string>
     <string name="force_stop_app">Forceer Stop</string>
     <string name="restart_app">Herstart</string>
     <string name="module_start_downloading">Begin met downloaden: %s</string>
     <string name="failed_to_update_sepolicy">Kan SELinux-regels niet bijwerken voor: %s</string>
     <string name="require_kernel_version">De huidige KernelSU-versie %d is te laag om de manager correct te laten functioneren. Upgrade naar versie %d of hoger!</string>
+    <string name="module_changelog">wijzigings logboek</string>
+    <string name="settings_profile_template">App-profiel Sjabloon</string>
 </resources>
\ No newline at end of file
diff --git a/manager/app/src/main/res/values-pt-rBR/strings.xml b/manager/app/src/main/res/values-pt-rBR/strings.xml
index 5e6df754b404..ceb56c8130e9 100644
--- a/manager/app/src/main/res/values-pt-rBR/strings.xml
+++ b/manager/app/src/main/res/values-pt-rBR/strings.xml
@@ -13,8 +13,8 @@
     <string name="home_manager_version">Versão do gerenciador</string>
     <string name="home_fingerprint">Impressão digital</string>
     <string name="home_selinux_status">Status do SELinux</string>
-    <string name="selinux_status_disabled">Desabilitado</string>
-    <string name="selinux_status_enforcing">Execução</string>
+    <string name="selinux_status_disabled">Desativado</string>
+    <string name="selinux_status_enforcing">Impondo</string>
     <string name="selinux_status_permissive">Permissivo</string>
     <string name="selinux_status_unknown">Desconhecido</string>
     <string name="superuser">SuperUsuário</string>
@@ -73,7 +73,7 @@
     <string name="profile_selinux_rules">Regras</string>
     <string name="module_update">Atualizar</string>
     <string name="module_downloading">Baixando módulo: %s</string>
-    <string name="module_start_downloading">Iniciar o download: %s</string>
+    <string name="module_start_downloading">Iniciar download: %s</string>
     <string name="new_version_available">Nova versão: %s está disponível, clique para atualizar</string>
     <string name="launch_app">Iniciar</string>
     <string name="force_stop_app">Forçar parada</string>
diff --git a/manager/app/src/main/res/values-tr/strings.xml b/manager/app/src/main/res/values-tr/strings.xml
index 71c0afac82b0..6638b2bfdcaf 100644
--- a/manager/app/src/main/res/values-tr/strings.xml
+++ b/manager/app/src/main/res/values-tr/strings.xml
@@ -6,12 +6,12 @@
     <string name="home_click_to_install">Yüklemek için tıklayın</string>
     <string name="home_working">Çalışıyor</string>
     <string name="home_working_version">Sürüm: %d</string>
-    <string name="home_superuser_count">Süper kullanıcı: %d</string>
+    <string name="home_superuser_count">Süper kullanıcılar: %d</string>
     <string name="home_module_count">Modüller: %d</string>
     <string name="home_unsupported">Desteklenmiyor</string>
-    <string name="home_unsupported_reason">KernelSU şu an sadece GKI çekirdeklerini destekliyor</string>
+    <string name="home_unsupported_reason">KernelSU şimdilik sadece GKI çekirdeklerini destekliyor</string>
     <string name="home_kernel">Çekirdek</string>
-    <string name="home_manager_version">Uygulama sürümü</string>
+    <string name="home_manager_version">Yönetici sürümü</string>
     <string name="home_fingerprint">Parmak izi</string>
     <string name="home_selinux_status">SELinux durumu</string>
     <string name="selinux_status_disabled">Devre dışı</string>
@@ -39,7 +39,7 @@
     <string name="module_uninstall_failed">Kaldırma başarısız: %s</string>
     <string name="module_version">Sürüm</string>
     <string name="module_author">Geliştirici</string>
-    <string name="module_overlay_fs_not_available">Overlayfs mevcut değil, modül çalışamaz!</string>
+    <string name="module_overlay_fs_not_available">overlayfs mevcut değil, modül çalışamaz!</string>
     <string name="refresh">Yenile</string>
     <string name="show_system_apps">Sistem uygulamalarını göster</string>
     <string name="hide_system_apps">Sistem uygulamalarını gizle</string>
@@ -51,8 +51,8 @@
     <string name="home_learn_kernelsu_url">https://kernelsu.org/guide/what-is-kernelsu.html</string>
     <string name="home_click_to_learn_kernelsu">KernelSU\'nun nasıl kurulacağını ve modüllerin nasıl kullanılacağını öğrenin</string>
     <string name="home_support_title">Bizi destekleyin</string>
-    <string name="home_support_content">KernelSU ücretsiz ve açık kaynaklı bir yazılımdır ve her zaman öyle kalacaktır. Ancak, bize bağış yaparak destek olduğunuzu gösterebilirsiniz.</string>
-    <string name="about_source_code"><![CDATA[Kaynak kodunu görüntüle: %1$s<br/>%2$s kanalımıza katılın]]></string>
+    <string name="home_support_content">KernelSU ücretsiz ve açık kaynaklı bir yazılımdır ve her zaman öyle kalacaktır. Ancak bağış yaparak bize destek olduğunuzu gösterebilirsiniz.</string>
+    <string name="about_source_code">Kaynak kodunu görüntüleyin: %1$s<br/>%2$s kanalımıza katılın</string>
     <string name="profile" translatable="false">Uygulama profili</string>
     <string name="profile_default">Varsayılan</string>
     <string name="profile_template">Şablon</string>
@@ -69,7 +69,7 @@
     <string name="failed_to_update_app_profile">%s için uygulama profili güncellenemedi.</string>
     <string name="require_kernel_version">Mevcut KernelSU sürümü %d, yöneticinin düzgün çalışabilmesi için çok düşük. Lütfen %d veya daha yüksek bir sürüme güncelleyin!</string>
     <string name="settings_umount_modules_default">Varsayılan olarak modüllerin bağlantısını kes</string>
-    <string name="settings_umount_modules_default_summary">Uygulamalar için \"Modüllerin bağlantısını kes\" seçeneği için varsayılan değer. Etkinleştirilirse, profil ayarı yapılmamış uygulamalar için modüllerin sistemde yaptığı tüm değişiklikler kaldırılacaktır.</string>
+    <string name="settings_umount_modules_default_summary">Uygulama profilindeki \"Modüllerin bağlantısını kes\" seçeneği için varsayılan değer. Etkinleştirilirse, profil ayarı yapılmamış uygulamalar için modüllerin sistemde yaptığı tüm değişiklikler kaldırılacaktır.</string>
     <string name="profile_umount_modules_summary">Bu seçeneği etkinleştirmek, KernelSU\'nun bu uygulama için modüller tarafından değiştirilen dosyaları geri yüklemesine izin verir.</string>
     <string name="profile_selinux_domain">İsim alanı</string>
     <string name="profile_selinux_rules">Kurallar</string>
@@ -80,10 +80,10 @@
     <string name="launch_app">Uygulamayı başlat</string>
     <string name="force_stop_app">Uygulamayı durmaya zorla</string>
     <string name="restart_app">Uygulamayı yeniden başlat</string>
-    <string name="failed_to_update_sepolicy">SELinux kuralları güncellenemedi: %s</string>
+    <string name="failed_to_update_sepolicy">%s için SELinux kuralları güncellenemedi.</string>
     <string name="module_changelog">Değişiklik geçmişi</string>
     <string name="settings_profile_template">Uygulama profili şablonu</string>
-    <string name="settings_profile_template_summary">Yerel ve çevrimiçi uygulama profil şablonlarını yönetin</string>
+    <string name="settings_profile_template_summary">Yerel ve çevrimiçi uygulama profili şablonlarını yönetin</string>
     <string name="app_profile_template_create">Şablon oluştur</string>
     <string name="app_profile_template_edit">Şablonu düzenle</string>
     <string name="app_profile_template_id">Kimlik</string>
diff --git a/manager/app/src/main/res/values-uk/strings.xml b/manager/app/src/main/res/values-uk/strings.xml
index e94d6a9b6485..10b0533bc1cd 100644
--- a/manager/app/src/main/res/values-uk/strings.xml
+++ b/manager/app/src/main/res/values-uk/strings.xml
@@ -17,7 +17,7 @@
     <string name="selinux_status_enforcing">Примусовий</string>
     <string name="selinux_status_permissive">Дозвільний</string>
     <string name="selinux_status_unknown">Невідомо</string>
-    <string name="superuser">Суперкористувачі</string>
+    <string name="superuser">Суперкористувач</string>
     <string name="module_failed_to_enable">Не вдалося ввімкнути модуль: %s</string>
     <string name="module_failed_to_disable">Не вдалося вимкнути модуль: %s</string>
     <string name="module_empty">Немає встановлених модулів</string>
diff --git a/manager/app/src/main/res/values-vi/strings.xml b/manager/app/src/main/res/values-vi/strings.xml
index 1b1c176f2dd3..e2140e63b13a 100644
--- a/manager/app/src/main/res/values-vi/strings.xml
+++ b/manager/app/src/main/res/values-vi/strings.xml
@@ -21,7 +21,7 @@
     <string name="about_source_code"><![CDATA[Xem mã nguồn tại %1$s<br/>Tham gia kênh %2$s của chúng tôi]]></string>
     <string name="module_magisk_conflict">Các mô-đun bị vô hiệu hóa vì chúng xung đột với Magisk!</string>
     <string name="module_uninstall_confirm">Bạn có muốn gỡ cài đặt mô-đun %s không\?</string>
-    <string name="send_log">Gửi nhật ký</string>
+    <string name="send_log">báo cáo nhật ký</string>
     <string name="home">Trang chủ</string>
     <string name="home_not_installed">Chưa cài đặt</string>
     <string name="home_click_to_install">Nhấn để cài dặt</string>
@@ -101,4 +101,6 @@
     <string name="app_profile_template_delete">Xóa</string>
     <string name="app_profile_template_import_empty">Bảng tạm trống!</string>
     <string name="app_profile_template_view">Xem Bản Mẫu</string>
+    <string name="app_profile_template_readonly">chỉ đọc</string>
+    <string name="app_profile_template_id">id</string>
 </resources>
\ No newline at end of file
diff --git a/manager/app/src/main/res/values-zh-rTW/strings.xml b/manager/app/src/main/res/values-zh-rTW/strings.xml
index 8d2188e908a2..0536994302e6 100644
--- a/manager/app/src/main/res/values-zh-rTW/strings.xml
+++ b/manager/app/src/main/res/values-zh-rTW/strings.xml
@@ -86,4 +86,20 @@
     <string name="app_profile_template_id">模板 id</string>
     <string name="settings_profile_template">App Profile 模板</string>
     <string name="settings_profile_template_summary">管理本地和在線的App Profile模板</string>
+    <string name="app_profile_template_import_success">成功匯出</string>
+    <string name="app_profile_export_to_clipboard">匯出至剪貼簿</string>
+    <string name="app_profile_template_export_empty">本地沒有模板可匯出！</string>
+    <string name="app_profile_template_id_exist">模板 ID 已存在！</string>
+    <string name="app_profile_import_from_clipboard">從剪貼簿匯入</string>
+    <string name="module_changelog_failed">獲取更新日誌失敗：%s</string>
+    <string name="app_profile_template_name">名稱</string>
+    <string name="app_profile_template_sync">與線上規則同步</string>
+    <string name="app_profile_template_readonly">只讀</string>
+    <string name="app_profile_import_export">匯出 / 匯入</string>
+    <string name="app_profile_template_save_failed">模板儲存失敗</string>
+    <string name="app_profile_template_description">描述</string>
+    <string name="app_profile_template_save">儲存</string>
+    <string name="app_profile_template_delete">刪除</string>
+    <string name="app_profile_template_import_empty">剪貼簿沒有內容！</string>
+    <string name="app_profile_template_view">檢查模板</string>
 </resources>
\ No newline at end of file

From 1fad91a4e2d473faa4a2c4f9957b5918e03ac05e Mon Sep 17 00:00:00 2001
From: Yogesh <92950980+y0geshx@users.noreply.github.com>
Date: Sat, 6 Jan 2024 20:11:14 +0530
Subject: [PATCH 05/30] Added security  in README.md (#1258)

Added security  in README.md

---------

Co-authored-by: weishu <twsxtd@gmail.com>
---
 docs/README.md | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/docs/README.md b/docs/README.md
index 1150737076bc..ed1e465c335c 100644
--- a/docs/README.md
+++ b/docs/README.md
@@ -42,6 +42,9 @@ To help translate KernelSU or improve existing translations, please use [Weblate
 
 - Telegram: [@KernelSU](https://t.me/KernelSU)
 
+## Security
+For information on reporting security vulnerabilities in KernelSU, see [SECURITY.md](/SECURITY.md).
+
 ## License
 
 - Files under the `kernel` directory are [GPL-2.0-only](https://www.gnu.org/licenses/old-licenses/gpl-2.0.en.html)

From 0f8a1346c7c8597096dcb01fd64fe0360a876759 Mon Sep 17 00:00:00 2001
From: Ylarod <me@ylarod.cn>
Date: Sun, 7 Jan 2024 12:47:03 +0800
Subject: [PATCH 06/30] [skip ci] fix ci (#1263)

---
 .github/workflows/build-kernel-arcvm.yml | 2 +-
 .github/workflows/build-kernel-wsa.yml   | 2 +-
 2 files changed, 2 insertions(+), 2 deletions(-)

diff --git a/.github/workflows/build-kernel-arcvm.yml b/.github/workflows/build-kernel-arcvm.yml
index 6fb662fe1c31..048d2dfdff59 100644
--- a/.github/workflows/build-kernel-arcvm.yml
+++ b/.github/workflows/build-kernel-arcvm.yml
@@ -15,7 +15,7 @@ on:
 
 jobs:
   build:
-    if: github.event_name == 'pull_request' && !github.event.pull_request.draft
+    if: github.event_name != 'pull_request' || (github.event_name == 'pull_request' && !github.event.pull_request.draft)
     strategy:
       matrix:
         arch: [x86_64]
diff --git a/.github/workflows/build-kernel-wsa.yml b/.github/workflows/build-kernel-wsa.yml
index 8319ff576449..94d1f1b57059 100644
--- a/.github/workflows/build-kernel-wsa.yml
+++ b/.github/workflows/build-kernel-wsa.yml
@@ -15,7 +15,7 @@ on:
 
 jobs:
   build:
-    if: github.event_name == 'pull_request' && !github.event.pull_request.draft
+    if: github.event_name != 'pull_request' || (github.event_name == 'pull_request' && !github.event.pull_request.draft)
     strategy:
       matrix:
         arch: [x86_64, arm64]

From 90d63fe1844eb0583bb3e129f659b2c262740fcc Mon Sep 17 00:00:00 2001
From: "Weblate (bot)" <hosted@weblate.org>
Date: Sun, 7 Jan 2024 07:37:28 +0100
Subject: [PATCH 07/30] Translations update from Hosted Weblate (#1259)
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

Translations update from [Hosted Weblate](https://hosted.weblate.org)
for
[KernelSU/Manager](https://hosted.weblate.org/projects/kernelsu/manager/).



Current translation status:

![Weblate translation
status](https://hosted.weblate.org/widget/kernelsu/manager/horizontal-auto.svg)

---------

Co-authored-by: Ali Beyaz <alipolatbeyaz@gmail.com>
Co-authored-by: Сергій <sergiy.goncharuk.1@gmail.com>
Co-authored-by: Jia-Bin <cracky.ice@gmail.com>
Co-authored-by: dabao1955 <dabao1955@163.com>
Co-authored-by: I g o r <igormczampola1@gmail.com>
Co-authored-by: Ričards L <ricards.lacis18@gmail.com>
Co-authored-by: Madis Otenurm <robotkoer@gmail.com>
---
 .../app/src/main/res/values-et/strings.xml    | 105 ++++++++++++++++++
 .../app/src/main/res/values-lv/strings.xml    | 104 +++++++++++++++++
 2 files changed, 209 insertions(+)
 create mode 100644 manager/app/src/main/res/values-et/strings.xml
 create mode 100644 manager/app/src/main/res/values-lv/strings.xml

diff --git a/manager/app/src/main/res/values-et/strings.xml b/manager/app/src/main/res/values-et/strings.xml
new file mode 100644
index 000000000000..dab1441d01c6
--- /dev/null
+++ b/manager/app/src/main/res/values-et/strings.xml
@@ -0,0 +1,105 @@
+<?xml version="1.0" encoding="utf-8"?>
+<resources>
+    <string name="home_working">Töötamine</string>
+    <string name="home_working_version">Versioon: %d</string>
+    <string name="home_module_count">Mooduleid: %d</string>
+    <string name="home_kernel">Tuum</string>
+    <string name="home_manager_version">Manageri versioon</string>
+    <string name="home_fingerprint">Sõrmejälg</string>
+    <string name="selinux_status_permissive">Lubav</string>
+    <string name="module_failed_to_enable">Mooduli lubamine ebaõnnestus: %s</string>
+    <string name="module_empty">Mooduleid pole paigaldatud</string>
+    <string name="reboot">Taaskäivita</string>
+    <string name="reboot_recovery">Taaskäivita taastusesse</string>
+    <string name="module_uninstall_confirm">Kas soovid kindlasti eemaldada mooduli %s?</string>
+    <string name="module_uninstall_success">%s on eemaldatud</string>
+    <string name="send_log">Raporteeri logi</string>
+    <string name="safe_mode">Turvarežiim</string>
+    <string name="reboot_to_apply">Muudatuste rakendamiseks taaskäivita</string>
+    <string name="home_learn_kernelsu">Õpi KernelSUd</string>
+    <string name="home_learn_kernelsu_url">https://kernelsu.org/guide/what-is-kernelsu.html</string>
+    <string name="profile_default">Vaikimisi</string>
+    <string name="profile_namespace">Haagi nimeruum</string>
+    <string name="profile_umount_modules">Lahtihaagitud moodulid</string>
+    <string name="failed_to_update_app_profile">Rakenduseprofiili uuendamine %s jaoks ebaõnnestus</string>
+    <string name="settings_umount_modules_default">Haagi moodulid vaikimisi lahti</string>
+    <string name="module_start_downloading">Allalaadimise alustamine: %s</string>
+    <string name="failed_to_update_sepolicy">SELinux reeglite uuendamine ebaõnnestus: %s</string>
+    <string name="app_profile_template_edit">Muuda malli</string>
+    <string name="settings_profile_template">Rakenduseprofiili mall</string>
+    <string name="app_profile_template_id">ID</string>
+    <string name="app_profile_template_readonly">vaid lugemiseks</string>
+    <string name="app_profile_template_id_exist">malli ID juba eksisteerib!</string>
+    <string name="app_profile_export_to_clipboard">Ekspordi lõikelauale</string>
+    <string name="app_profile_template_sync">Sünkrooni võrgumallid</string>
+    <string name="module_changelog_failed">Muudatuste logi hankimine ebaõnnestus: %s</string>
+    <string name="home">Kodu</string>
+    <string name="home_click_to_install">Klõpsa paigaldamiseks</string>
+    <string name="home_not_installed">Pole paigaldatud</string>
+    <string name="home_unsupported">Mittetoetatud</string>
+    <string name="home_superuser_count">Superkasutajaid: %d</string>
+    <string name="home_unsupported_reason">KernelSU toetab hetkel vaid GSI tuumasid</string>
+    <string name="home_selinux_status">SELinuxi olek</string>
+    <string name="selinux_status_disabled">Keelatud</string>
+    <string name="selinux_status_enforcing">Jõustav</string>
+    <string name="selinux_status_unknown">Teadmata</string>
+    <string name="superuser">Superkasutaja</string>
+    <string name="module_failed_to_disable">Mooduli keelamine ebaõnnestus: %s</string>
+    <string name="module">Moodul</string>
+    <string name="reboot_bootloader">Taaskäivita käivituslaadurisse</string>
+    <string name="uninstall">Eemalda</string>
+    <string name="install">Paigalda</string>
+    <string name="about">Teave</string>
+    <string name="module_install">Paigalda</string>
+    <string name="settings">Seaded</string>
+    <string name="reboot_userspace">Pehme taaskäivitus</string>
+    <string name="reboot_download">Taaskäivita allalaadimisrežiimi</string>
+    <string name="reboot_edl">Taaskäivita EDL-i</string>
+    <string name="refresh">Värskenda</string>
+    <string name="module_author">Autor</string>
+    <string name="module_uninstall_failed">Eemaldamine ebaõnnestus: %s</string>
+    <string name="module_version">Versioon</string>
+    <string name="module_overlay_fs_not_available">overlayfs pole saadaval, moodul ei saa töötada!</string>
+    <string name="show_system_apps">Kuva süsteemirakendused</string>
+    <string name="hide_system_apps">Peida süsteemirakendused</string>
+    <string name="module_magisk_conflict">Moodulid on keelatud, kuna need lähevad konflikti Magiski omadega!</string>
+    <string name="home_click_to_learn_kernelsu">Õpi KernelSUd paigaldama ja mooduleid kasutama</string>
+    <string name="home_support_title">Toeta meid</string>
+    <string name="profile_groups">Grupid</string>
+    <string name="home_support_content">KernelSU on, ja alati jääb, tasuta ning avatud lähtekoodiga kättesaadavaks. Sellegipoolest võid sa näidata, et hoolid, ning teha annetuse.</string>
+    <string name="profile_template">Mall</string>
+    <string name="about_source_code">Vaata lähtekoodi %1$sis<br/>Liitu meie %2$si kanaliga</string>
+    <string name="profile_name">Profiili nimi</string>
+    <string name="profile_custom">Kohandatud</string>
+    <string name="profile_namespace_inherited">Päritud</string>
+    <string name="profile_namespace_global">Globaalne</string>
+    <string name="profile_namespace_individual">Individuaalne</string>
+    <string name="profile_capabilities">Võimekused</string>
+    <string name="app_profile_template_id_invalid">Sobimatu malli ID</string>
+    <string name="profile_selinux_context">SELinux kontekst</string>
+    <string name="require_kernel_version">Praegune KernelSU versioon %d on liiga madal, haldur ei saa konkreetselt toimida. Palun täienda versioonile %d või kõrgem!</string>
+    <string name="profile_selinux_domain">Domeen</string>
+    <string name="launch_app">Käivita</string>
+    <string name="force_stop_app">Sundpeata</string>
+    <string name="profile_selinux_rules">Reeglid</string>
+    <string name="module_update">Uuenda</string>
+    <string name="module_downloading">Mooduli allalaadimine: %s</string>
+    <string name="new_version_available">Uus versioon: %s on saadaval, klõpsa täiendamiseks</string>
+    <string name="restart_app">Taaskäivita</string>
+    <string name="module_changelog">Muudatuste logi</string>
+    <string name="app_profile_template_name">Nimi</string>
+    <string name="app_profile_template_description">Kirjeldus</string>
+    <string name="app_profile_template_import_success">Edukalt imporditud</string>
+    <string name="app_profile_template_save">Salvesta</string>
+    <string name="app_profile_template_import_empty">Lõikelaud on tühi!</string>
+    <string name="app_profile_template_delete">Kustuta</string>
+    <string name="app_profile_template_view">Vaata malli</string>
+    <string name="app_profile_import_export">Impordi/ekspordi</string>
+    <string name="app_profile_import_from_clipboard">Impordi lõikelaualt</string>
+    <string name="app_profile_template_save_failed">Malli salvestamine ebaõnnestus</string>
+    <string name="app_profile_template_create">Loo mall</string>
+    <string name="settings_profile_template_summary">Halda kohalikke ja võrgusolevaid rakenduseprofiili malle</string>
+    <string name="profile_umount_modules_summary">Selle valiku lubamine lubab KernelSU-l taastada selle rakenduse moodulite poolt mistahes muudetud faile.</string>
+    <string name="app_profile_template_export_empty">Eksportimiseks kohalikku malli ei leitud!</string>
+    <string name="settings_umount_modules_default_summary">Globaalne vaikeväärtus \"Lahtihaagitud moodulitele\" rakenduseprofiilides. Lubamisel eemaldab see kõik moodulite süsteemimuudatused rakendustele, millel ei ole profiili määratud.</string>
+</resources>
\ No newline at end of file
diff --git a/manager/app/src/main/res/values-lv/strings.xml b/manager/app/src/main/res/values-lv/strings.xml
new file mode 100644
index 000000000000..f185a312b3f3
--- /dev/null
+++ b/manager/app/src/main/res/values-lv/strings.xml
@@ -0,0 +1,104 @@
+<?xml version="1.0" encoding="utf-8"?>
+<resources>
+    <string name="profile_umount_modules_summary">Iespējojot šo opciju, KernelSU varēs atjaunot visus moduļos šīs lietojumprogrammas modificētos failus.</string>
+    <string name="failed_to_update_sepolicy">Neizdevās atjaunināt SELinux noteikumus: %s</string>
+    <string name="settings_profile_template_summary">Pārvaldiet vietējo un tiešsaistes lietotņu profila veidni</string>
+    <string name="app_profile_template_id_invalid">Nederīgs veidnes id</string>
+    <string name="app_profile_template_id_exist">veidnes id jau pastāv!</string>
+    <string name="app_profile_export_to_clipboard">Eksportēt starpliktuvē</string>
+    <string name="app_profile_import_from_clipboard">Importēt no starpliktuves</string>
+    <string name="app_profile_template_import_success">Importēts veiksmīgi</string>
+    <string name="app_profile_template_sync">Sinhronizēt tiešsaistes veidnes</string>
+    <string name="home">Sākums</string>
+    <string name="home_not_installed">Nav ieinstalēts</string>
+    <string name="home_click_to_install">Noklikšķiniet, lai instalētu</string>
+    <string name="home_working">Darbojas</string>
+    <string name="home_working_version">Versija: %d</string>
+    <string name="home_superuser_count">Superlietotāji: %d</string>
+    <string name="home_module_count">Moduļi: %d</string>
+    <string name="home_unsupported">Neatbalstīts</string>
+    <string name="home_unsupported_reason">KernelSU tagad atbalsta tikai GKI kodolus</string>
+    <string name="home_kernel">Kodols</string>
+    <string name="home_manager_version">Pārvaldnieka versija</string>
+    <string name="home_fingerprint">Pirkstu nospiedums</string>
+    <string name="home_selinux_status">SELinux statuss</string>
+    <string name="selinux_status_enforcing">Izpildīšana</string>
+    <string name="selinux_status_disabled">Atspējots</string>
+    <string name="selinux_status_unknown">Nezināms</string>
+    <string name="superuser">SuperLietotājs</string>
+    <string name="module_failed_to_disable">Neizdevās atspējot moduli: %s</string>
+    <string name="module_empty">Nav instalētu moduļu</string>
+    <string name="module">Moduļi</string>
+    <string name="uninstall">Atinstalēt</string>
+    <string name="install">Instalēt</string>
+    <string name="reboot">Restartēt</string>
+    <string name="settings">Iestatījumi</string>
+    <string name="reboot_userspace">Ātri restartēt</string>
+    <string name="reboot_bootloader">Restartēt uz Bootloaderu</string>
+    <string name="reboot_recovery">Restartēt uz Recovery</string>
+    <string name="reboot_download">Restartēt uz Download</string>
+    <string name="reboot_edl">Restartēt uz EDL</string>
+    <string name="about">Par</string>
+    <string name="module_uninstall_success">%s ir atinstalēts</string>
+    <string name="module_uninstall_failed">Neizdevās atinstalēt: %s</string>
+    <string name="module_author">Autors</string>
+    <string name="refresh">Atjaunot</string>
+    <string name="show_system_apps">Rādīt sistēmas lietotnes</string>
+    <string name="hide_system_apps">Slēpt sistēmas lietotnes</string>
+    <string name="send_log">Ziņot žurnālu</string>
+    <string name="reboot_to_apply">Restartējiet, lai stātos spēkā</string>
+    <string name="home_learn_kernelsu">Uzzināt par KernelSU</string>
+    <string name="home_learn_kernelsu_url">https://kernelsu.org/guide/what-is-kernelsu.html</string>
+    <string name="home_click_to_learn_kernelsu">Uzzināt, kā instalēt KernelSU un izmantot moduļus</string>
+    <string name="home_support_title">Atbalsti mūs</string>
+    <string name="about_source_code">Skatiet avota kodu vietnē %1$s<br/>Pievienojies mūsu %2$s kanālam</string>
+    <string name="profile_default">Noklusējums</string>
+    <string name="profile_template">Veidne</string>
+    <string name="profile_custom">Pielāgots</string>
+    <string name="profile_name">Profila vārds</string>
+    <string name="profile_namespace">Mount nosaukumvieta</string>
+    <string name="profile_namespace_individual">Individuāls</string>
+    <string name="profile_capabilities">Iespējas</string>
+    <string name="profile_selinux_context">SELinux konteksts</string>
+    <string name="profile_umount_modules">Atvienot moduļus</string>
+    <string name="failed_to_update_app_profile">Neizdevās atjaunināt lietotnes profilu %s</string>
+    <string name="settings_umount_modules_default">Pēc noklusējuma atvienot moduļus</string>
+    <string name="settings_umount_modules_default_summary">Globālā noklusējuma vērtība vienumam “Atvienot moduļus” lietotņu profilos. Ja tas ir iespējots, lietojumprogrammām, kurām nav iestatīts profils, tiks noņemtas visas sistēmas moduļu modifikācijas.</string>
+    <string name="profile_selinux_domain">Domēns</string>
+    <string name="profile_selinux_rules">Noteikumi</string>
+    <string name="module_update">Atjaunināt</string>
+    <string name="module_downloading">Lejupielādē moduli: %s</string>
+    <string name="module_start_downloading">Sākt lejupielādi: %s</string>
+    <string name="new_version_available">Jaunā versija: %s ir pieejama, noklikšķiniet, lai atjauninātu</string>
+    <string name="launch_app">Palaist</string>
+    <string name="force_stop_app">Piespiedu apstāšana</string>
+    <string name="restart_app">Restartēt aplikāciju</string>
+    <string name="module_changelog">Izmaiņu žurnāls</string>
+    <string name="settings_profile_template">Lietotnes profila veidne</string>
+    <string name="app_profile_template_create">Izveidot veidni</string>
+    <string name="app_profile_template_edit">Rediģēt veidni</string>
+    <string name="app_profile_template_id">id</string>
+    <string name="app_profile_template_name">Vārds</string>
+    <string name="app_profile_template_description">Apraksts</string>
+    <string name="app_profile_template_save">Saglabāt</string>
+    <string name="app_profile_template_delete">Dzēst</string>
+    <string name="app_profile_template_view">Skatīt veidni</string>
+    <string name="app_profile_template_readonly">tikai lasīt</string>
+    <string name="app_profile_import_export">Importēt/Eksportēt</string>
+    <string name="app_profile_template_export_empty">Nevar atrast vietējo eksportējamo veidni!</string>
+    <string name="app_profile_template_save_failed">Neizdevās saglabāt veidni</string>
+    <string name="app_profile_template_import_empty">Starpliktuve ir tukša!</string>
+    <string name="module_changelog_failed">Izmaiņu žurnāla iegūšana neizdevās: %s</string>
+    <string name="selinux_status_permissive">Visatļautība</string>
+    <string name="module_failed_to_enable">Neizdevās iespējot moduli: %s</string>
+    <string name="module_install">Instalēt</string>
+    <string name="module_uninstall_confirm">Vai tiešām vēlaties atinstalēt moduli %s?</string>
+    <string name="module_version">Versija</string>
+    <string name="module_overlay_fs_not_available">overlayfs nav pieejams, modulis nevar darboties!</string>
+    <string name="safe_mode">Drošais režīms</string>
+    <string name="module_magisk_conflict">Moduļi ir atspējoti, jo tie konfliktē ar Magisk!</string>
+    <string name="home_support_content">KernelSU ir un vienmēr būs bezmaksas un atvērtā koda. Tomēr jūs varat parādīt mums, ka jums rūp, veicot ziedojumu.</string>
+    <string name="profile_groups">Grupas</string>
+    <string name="profile_namespace_global">Globāli</string>
+    <string name="require_kernel_version">Pašreizējā KernelSU versija %d ir pārāk zema, lai pārvaldnieks darbotos pareizi. Lūdzu, atjauniniet uz versiju %d vai jaunāku!</string>
+</resources>
\ No newline at end of file

From 1326fd32c5f79d02da046f047ff66744d5b6cf5c Mon Sep 17 00:00:00 2001
From: iceBear67 <48877375+iceBear67@users.noreply.github.com>
Date: Sun, 7 Jan 2024 23:12:23 +0800
Subject: [PATCH 08/30] Add unofficial support for Galaxy Note9 (#1268)
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

第一次构建内核，虽然狗屎，总比没有好（

等有空再清理一下更新仓库，现在能正常使用，也没太大问题
---
 website/docs/repos.json | 7 +++++++
 1 file changed, 7 insertions(+)

diff --git a/website/docs/repos.json b/website/docs/repos.json
index bbc68c45e91b..92b21e42119e 100644
--- a/website/docs/repos.json
+++ b/website/docs/repos.json
@@ -558,5 +558,12 @@
         "kernel_name": "Kernel_xiaomi_sdm845",
         "kernel_link": "https://github.com/lonelystar9x/android_kernel_xiaomi_sdm845",
         "devices": "Poco F1 | MI8 | MiMix2S | MiMix3"
+    },
+    {
+        "maintainer": "iceBear67",
+        "maintainer_link": "https://github.com/iceBear67",
+        "kernel_name": "android_kernel_exynos9810_kernelsu",
+        "kernel_link": "https://github.com/iceBear67/android_kernel_exynos9810_kernelsu",
+        "devices": "Galaxy Note 9(N960N/F)"
     }
 ]

From 4b27a9a324a7170f639f139c4d87e43f17af3c54 Mon Sep 17 00:00:00 2001
From: Salvo Giangreco <giangrecosalvo9@gmail.com>
Date: Sun, 7 Jan 2024 17:06:55 +0100
Subject: [PATCH 09/30] website: update Galaxy A52s/M52 repo link (#1267)

Signed-off-by: BlackMesa123 <giangrecosalvo9@gmail.com>
---
 website/docs/repos.json | 8 ++++----
 1 file changed, 4 insertions(+), 4 deletions(-)

diff --git a/website/docs/repos.json b/website/docs/repos.json
index 92b21e42119e..1a95ca8b39bc 100644
--- a/website/docs/repos.json
+++ b/website/docs/repos.json
@@ -512,16 +512,16 @@
     },
     {
         "maintainer": "BlackMesa123",
-        "maintainer_link": "https://xdaforums.com/t/kernel-a528b-n-kernelsu-v0-7-1-for-galaxy-a52s-5g.4603287/",
+        "maintainer_link": "https://xdaforums.com/t/kernel-a528b-n-kernelsu-v0-7-5-for-galaxy-a52s-5g.4603287/",
         "kernel_name": "android_kernel_samsung_sm7325",
-        "kernel_link": "https://github.com/BlackMesa123/android_kernel_samsung_sm7325/tree/sep-14.1/ksu",
+        "kernel_link": "https://github.com/BlackMesa123/android_kernel_samsung_sm7325",
         "devices": "Samsung Galaxy A52s 5G (a52sxq)"
     },
     {
         "maintainer": "BlackMesa123",
-        "maintainer_link": "https://xdaforums.com/t/kernel-m526b-br-kernelsu-v0-7-1-for-galaxy-m52-5g.4603295/",
+        "maintainer_link": "https://xdaforums.com/t/kernel-m526b-br-kernelsu-v0-7-5-for-galaxy-m52-5g.4603295/",
         "kernel_name": "android_kernel_samsung_sm7325",
-        "kernel_link": "https://github.com/BlackMesa123/android_kernel_samsung_sm7325/tree/sep-14.1/ksu",
+        "kernel_link": "https://github.com/BlackMesa123/android_kernel_samsung_sm7325",
         "devices": "Samsung Galaxy M52 5G (m52xq)"
     },
     {

From 506385cfadea57527ef459f704264d6fe26b0a80 Mon Sep 17 00:00:00 2001
From: Ylarod <me@ylarod.cn>
Date: Mon, 8 Jan 2024 09:54:14 +0800
Subject: [PATCH 10/30] ci: build less wsa image in pr (#1273)

---
 .github/workflows/build-kernel-a12.yml   |   7 +-
 .github/workflows/build-kernel-a13.yml   |   7 +-
 .github/workflows/build-kernel-a14.yml   |   7 +-
 .github/workflows/build-kernel-arcvm.yml |   2 +-
 .github/workflows/build-kernel-wsa.yml   | 140 +++--------------------
 .github/workflows/wsa-kernel.yml         | 135 ++++++++++++++++++++++
 6 files changed, 166 insertions(+), 132 deletions(-)
 create mode 100644 .github/workflows/wsa-kernel.yml

diff --git a/.github/workflows/build-kernel-a12.yml b/.github/workflows/build-kernel-a12.yml
index b3d0f6f9ff1e..30d777c7fafd 100644
--- a/.github/workflows/build-kernel-a12.yml
+++ b/.github/workflows/build-kernel-a12.yml
@@ -1,7 +1,7 @@
 name: Build Kernel - Android 12
 on:
   push:
-    branches: ["main", "ci"]
+    branches: ["main", "ci", "checkci"]
     paths:
       - ".github/workflows/build-kernel-a12.yml"
       - ".github/workflows/gki-kernel.yml"
@@ -17,7 +17,7 @@ on:
   workflow_call:
 jobs:
   build-kernel:
-    if: github.event_name != 'pull_request'
+    if: github.event_name != 'pull_request' && github.ref != 'refs/heads/checkci'
     strategy:
       matrix:
         include:
@@ -53,6 +53,7 @@ jobs:
       tag: android12-5.10-${{ matrix.os_patch_level }}
       os_patch_level: ${{ matrix.os_patch_level }}
       patch_path: "5.10"
+  
   upload-artifacts:
     needs: build-kernel
     runs-on: ubuntu-latest
@@ -124,7 +125,7 @@ jobs:
           path: Image-android12*/*.img.gz
 
   check-build-kernel:
-    if: github.event_name == 'pull_request' && !github.event.pull_request.draft
+    if: (github.event_name == 'pull_request' && !github.event.pull_request.draft) || github.ref == 'refs/heads/checkci'
     uses: ./.github/workflows/gki-kernel.yml
     with:
       version: android12-5.10
diff --git a/.github/workflows/build-kernel-a13.yml b/.github/workflows/build-kernel-a13.yml
index a27c6f821379..7026e25e4b94 100644
--- a/.github/workflows/build-kernel-a13.yml
+++ b/.github/workflows/build-kernel-a13.yml
@@ -1,7 +1,7 @@
 name: Build Kernel - Android 13
 on:
   push:
-    branches: ["main", "ci"]
+    branches: ["main", "ci", "checkci"]
     paths:
       - ".github/workflows/build-kernel-a13.yml"
       - ".github/workflows/gki-kernel.yml"
@@ -17,7 +17,7 @@ on:
   workflow_call:
 jobs:
   build-kernel:
-    if: github.event_name != 'pull_request'
+    if: github.event_name != 'pull_request' && github.ref != 'refs/heads/checkci'
     strategy:
       matrix:
         include:
@@ -80,6 +80,7 @@ jobs:
       tag: android13-${{ matrix.version }}-${{ matrix.os_patch_level }}
       os_patch_level: ${{ matrix.os_patch_level }}
       patch_path: ${{ matrix.version }}
+  
   upload-artifacts:
     needs: build-kernel
     runs-on: ubuntu-latest
@@ -151,7 +152,7 @@ jobs:
           path: Image-android13*/*.img.gz
 
   check-build-kernel:
-    if: github.event_name == 'pull_request' && !github.event.pull_request.draft
+    if: (github.event_name == 'pull_request' && !github.event.pull_request.draft) || github.ref == 'refs/heads/checkci'
     strategy:
       matrix:
         include:
diff --git a/.github/workflows/build-kernel-a14.yml b/.github/workflows/build-kernel-a14.yml
index e03fea074e85..36a19605234a 100644
--- a/.github/workflows/build-kernel-a14.yml
+++ b/.github/workflows/build-kernel-a14.yml
@@ -1,7 +1,7 @@
 name: Build Kernel - Android 14
 on:
   push:
-    branches: ["main", "ci"]
+    branches: ["main", "ci", "checkci"]
     paths:
       - ".github/workflows/build-kernel-a14.yml"
       - ".github/workflows/gki-kernel.yml"
@@ -17,7 +17,7 @@ on:
   workflow_call:
 jobs:
   build-kernel:
-    if: github.event_name != 'pull_request'
+    if: github.event_name != 'pull_request' && github.ref != 'refs/heads/checkci'
     strategy:
       matrix:
         include:
@@ -44,6 +44,7 @@ jobs:
       tag: android14-${{ matrix.version }}-${{ matrix.os_patch_level }}
       os_patch_level: ${{ matrix.os_patch_level }}
       patch_path: ${{ matrix.version }}
+  
   upload-artifacts:
     needs: build-kernel
     runs-on: ubuntu-latest
@@ -115,7 +116,7 @@ jobs:
           path: Image-android14*/*.img.gz
 
   check-build-kernel:
-    if: github.event_name == 'pull_request' && !github.event.pull_request.draft
+    if: (github.event_name == 'pull_request' && !github.event.pull_request.draft) || github.ref == 'refs/heads/checkci'
     strategy:
       matrix:
         include:
diff --git a/.github/workflows/build-kernel-arcvm.yml b/.github/workflows/build-kernel-arcvm.yml
index 048d2dfdff59..50da5f67cf4f 100644
--- a/.github/workflows/build-kernel-arcvm.yml
+++ b/.github/workflows/build-kernel-arcvm.yml
@@ -1,7 +1,7 @@
 name: Build Kernel - ChromeOS ARCVM
 on:
   push:
-    branches: ["main"]
+    branches: ["main", "ci", "checkci"]
     paths:
       - ".github/workflows/build-kernel-arcvm.yml"
       - "kernel/**"
diff --git a/.github/workflows/build-kernel-wsa.yml b/.github/workflows/build-kernel-wsa.yml
index 94d1f1b57059..9a313de9a1db 100644
--- a/.github/workflows/build-kernel-wsa.yml
+++ b/.github/workflows/build-kernel-wsa.yml
@@ -1,142 +1,38 @@
 name: Build Kernel - WSA
 on:
   push:
-    branches: ["main"]
+    branches: ["main", "ci", "checkci"]
     paths:
       - ".github/workflows/build-kernel-wsa.yml"
+      - ".github/workflows/wsa-kernel.yml"
       - "kernel/**"
   pull_request:
     branches: ["main"]
     paths:
       - ".github/workflows/build-kernel-wsa.yml"
+      - ".github/workflows/wsa-kernel.yml"
       - "kernel/**"
   workflow_call:
   workflow_dispatch:
 
 jobs:
   build:
-    if: github.event_name != 'pull_request' || (github.event_name == 'pull_request' && !github.event.pull_request.draft)
+    if: github.event_name != 'pull_request' && github.ref != 'refs/heads/checkci'
     strategy:
       matrix:
         arch: [x86_64, arm64]
         version: ["5.15.94.2", "5.15.104.1", "5.15.104.2", "5.15.104.3", "5.15.104.4"]
-
-    name: Build WSA-Kernel-${{ matrix.version }}-${{ matrix.arch }}
-    runs-on: ubuntu-20.04
-    env:
-      CCACHE_COMPILERCHECK: "%compiler% -dumpmachine; %compiler% -dumpversion"
-      CCACHE_NOHASHDIR: "true"
-      CCACHE_HARDLINK: "true"
-
-    steps:
-      - name: Install Build Tools
-        uses: awalsh128/cache-apt-pkgs-action@v1
-        with:
-          packages: bc bison build-essential flex libelf-dev binutils-aarch64-linux-gnu gcc-aarch64-linux-gnu gzip ccache
-          version: 1.0
-
-      - name: Cache LLVM
-        id: cache-llvm
-        uses: actions/cache@v3
-        with:
-          path: ./llvm
-          key: llvm-12.0.1
-
-      - name: Setup LLVM
-        uses: KyleMayes/install-llvm-action@v1
-        with:
-          version: "12.0.1"
-          force-version: true
-          ubuntu-version: "16.04"
-          cached: ${{ steps.cache-llvm.outputs.cache-hit }}
-
-      - name: Checkout KernelSU
-        uses: actions/checkout@v4
-        with:
-          path: KernelSU
-          fetch-depth: 0
-
-      - name: Setup kernel source
-        uses: actions/checkout@v4
-        with:
-          repository: microsoft/WSA-Linux-Kernel
-          ref: android-lts/latte-2/${{ matrix.version }}
-          path: WSA-Linux-Kernel
-
-      - name: Setup Ccache
-        uses: hendrikmuhs/ccache-action@v1.2
-        with:
-          key: WSA-Kernel-${{ matrix.version }}-${{ matrix.arch }}
-          save: ${{ github.event_name == 'push' && github.ref == 'refs/heads/main' }}
-          max-size: 2G
-
-      - name: Setup KernelSU
-        working-directory: WSA-Linux-Kernel
-        run: |
-          echo "[+] KernelSU setup"
-          KERNEL_ROOT=$GITHUB_WORKSPACE/WSA-Linux-Kernel
-          echo "[+] KERNEL_ROOT: $KERNEL_ROOT"
-          echo "[+] Copy KernelSU driver to $KERNEL_ROOT/drivers"
-          ln -sf $GITHUB_WORKSPACE/KernelSU/kernel $KERNEL_ROOT/drivers/kernelsu
-          echo "[+] Add KernelSU driver to Makefile"
-          DRIVER_MAKEFILE=$KERNEL_ROOT/drivers/Makefile
-          grep -q "kernelsu" $DRIVER_MAKEFILE || echo "obj-y += kernelsu/" >> $DRIVER_MAKEFILE
-          echo "[+] Apply KernelSU patches"
-          cd $KERNEL_ROOT && git apply $GITHUB_WORKSPACE/KernelSU/.github/patches/5.15/*.patch
-          echo "[+] KernelSU setup done."
-          cd $GITHUB_WORKSPACE/KernelSU
-          VERSION=$(($(git rev-list --count HEAD) + 10200))
-          echo "VERSION: $VERSION"
-          echo "kernelsu_version=$VERSION" >> $GITHUB_ENV
-
-      - name: Build Kernel
-        working-directory: WSA-Linux-Kernel
-        run: |
-          if [ ! -z ${{ vars.EXPECTED_SIZE }} ] && [ ! -z ${{ vars.EXPECTED_HASH }} ]; then
-            export KSU_EXPECTED_SIZE=${{ vars.EXPECTED_SIZE }}
-            export KSU_EXPECTED_HASH=${{ vars.EXPECTED_HASH }}
-          fi
-          declare -A ARCH_MAP=(["x86_64"]="x64" ["arm64"]="arm64")
-          cp configs/wsa/config-wsa-${ARCH_MAP[${{ matrix.arch }}]} .config
-          make olddefconfig
-          declare -A FILE_NAME=(["x86_64"]="bzImage" ["arm64"]="Image")
-          make -j`nproc` LLVM=1 ARCH=${{ matrix.arch }} $(if [ "${{ matrix.arch }}" == "arm64" ]; then echo CROSS_COMPILE=aarch64-linux-gnu; fi) ${FILE_NAME[${{ matrix.arch }}]} CCACHE="/usr/bin/ccache"
-          declare -A ARCH_MAP_FILE=(["x86_64"]="x86" ["arm64"]="arm64")
-          echo "file_path=WSA-Linux-Kernel/arch/${ARCH_MAP_FILE[${{ matrix.arch }}]}/boot/${FILE_NAME[${{ matrix.arch }}]}" >> $GITHUB_ENV
-
-      - name: Upload kernel-${{ matrix.arch }}-${{ matrix.version }}
-        uses: actions/upload-artifact@v4
-        with:
-          name: kernel-WSA-${{ matrix.arch }}-${{ matrix.version }}
-          path: "${{ env.file_path }}"
-
-      - name: Bot session cache
-        if: github.event_name == 'push' && github.ref == 'refs/heads/main' || github.ref_type == 'tag'
-        id: bot_session_cache
-        uses: actions/cache@v3
-        with:
-          path: scripts/ksubot.session
-          key: ${{ runner.os }}-bot-session
-
-      - name: Post to Telegram
-        if: github.event_name == 'push' && github.ref == 'refs/heads/main' || github.ref_type == 'tag'
-        env:
-          CHAT_ID: ${{ secrets.CHAT_ID }}
-          BOT_TOKEN: ${{ secrets.BOT_TOKEN }}
-          MESSAGE_THREAD_ID: ${{ secrets.MESSAGE_THREAD_ID }}
-          COMMIT_MESSAGE: ${{ github.event.head_commit.message }}
-          COMMIT_URL: ${{ github.event.head_commit.url }}
-          RUN_URL: ${{ github.server_url }}/${{ github.repository }}/actions/runs/${{ github.run_id }}    
-        run: |
-          TITLE=kernel-${{ matrix.arch }}-WSA-${{ matrix.version }}
-          echo "[+] title: $TITLE"
-          export TITLE
-          export VERSION="${{ env.kernelsu_version }}"
-          echo "[+] Compress images"
-          gzip -n -f -9 "${{ env.file_path }}"
-          echo "[+] Image to upload"
-          ls -l "${{ env.file_path }}.gz"
-          if [ -n "${{ secrets.BOT_TOKEN }}" ]; then
-            pip3 install telethon==1.31.1
-            python3 "$GITHUB_WORKSPACE/KernelSU/scripts/ksubot.py" "${{ env.file_path }}.gz"
-          fi
+    uses: ./.github/workflows/wsa-kernel.yml
+    with:
+      arch: ${{ matrix.arch }}
+      version: ${{ matrix.version }}
+
+  check_build:
+    if: (github.event_name == 'pull_request' && !github.event.pull_request.draft) || github.ref == 'refs/heads/checkci'
+    uses: ./.github/workflows/wsa-kernel.yml
+    strategy:
+      matrix:
+        arch: [x86_64, arm64]
+    with:
+      arch: ${{ matrix.arch }}
+      version: "5.15.104.4"
\ No newline at end of file
diff --git a/.github/workflows/wsa-kernel.yml b/.github/workflows/wsa-kernel.yml
new file mode 100644
index 000000000000..98ea96edb81f
--- /dev/null
+++ b/.github/workflows/wsa-kernel.yml
@@ -0,0 +1,135 @@
+name: Build Kernel - WSA
+on:
+  workflow_call:
+    inputs:
+      arch:
+        required: true
+        type: string
+        description: >
+          Build arch: x86_64 / arm64
+      version:
+        required: true
+        type: string
+        description: >
+          Build version
+jobs:
+  build:
+    name: Build WSA-Kernel-${{ inputs.version }}-${{ inputs.arch }}
+    runs-on: ubuntu-20.04
+    env:
+      CCACHE_COMPILERCHECK: "%compiler% -dumpmachine; %compiler% -dumpversion"
+      CCACHE_NOHASHDIR: "true"
+      CCACHE_HARDLINK: "true"
+
+    steps:
+      - name: Install Build Tools
+        uses: awalsh128/cache-apt-pkgs-action@v1
+        with:
+          packages: bc bison build-essential flex libelf-dev binutils-aarch64-linux-gnu gcc-aarch64-linux-gnu gzip ccache
+          version: 1.0
+
+      - name: Cache LLVM
+        id: cache-llvm
+        uses: actions/cache@v3
+        with:
+          path: ./llvm
+          key: llvm-12.0.1
+
+      - name: Setup LLVM
+        uses: KyleMayes/install-llvm-action@v1
+        with:
+          version: "12.0.1"
+          force-version: true
+          ubuntu-version: "16.04"
+          cached: ${{ steps.cache-llvm.outputs.cache-hit }}
+
+      - name: Checkout KernelSU
+        uses: actions/checkout@v4
+        with:
+          path: KernelSU
+          fetch-depth: 0
+
+      - name: Setup kernel source
+        uses: actions/checkout@v4
+        with:
+          repository: microsoft/WSA-Linux-Kernel
+          ref: android-lts/latte-2/${{ inputs.version }}
+          path: WSA-Linux-Kernel
+
+      - name: Setup Ccache
+        uses: hendrikmuhs/ccache-action@v1.2
+        with:
+          key: WSA-Kernel-${{ inputs.version }}-${{ inputs.arch }}
+          save: ${{ github.event_name == 'push' && github.ref == 'refs/heads/main' }}
+          max-size: 2G
+
+      - name: Setup KernelSU
+        working-directory: WSA-Linux-Kernel
+        run: |
+          echo "[+] KernelSU setup"
+          KERNEL_ROOT=$GITHUB_WORKSPACE/WSA-Linux-Kernel
+          echo "[+] KERNEL_ROOT: $KERNEL_ROOT"
+          echo "[+] Copy KernelSU driver to $KERNEL_ROOT/drivers"
+          ln -sf $GITHUB_WORKSPACE/KernelSU/kernel $KERNEL_ROOT/drivers/kernelsu
+          echo "[+] Add KernelSU driver to Makefile"
+          DRIVER_MAKEFILE=$KERNEL_ROOT/drivers/Makefile
+          grep -q "kernelsu" $DRIVER_MAKEFILE || echo "obj-y += kernelsu/" >> $DRIVER_MAKEFILE
+          echo "[+] Apply KernelSU patches"
+          cd $KERNEL_ROOT && git apply $GITHUB_WORKSPACE/KernelSU/.github/patches/5.15/*.patch
+          echo "[+] KernelSU setup done."
+          cd $GITHUB_WORKSPACE/KernelSU
+          VERSION=$(($(git rev-list --count HEAD) + 10200))
+          echo "VERSION: $VERSION"
+          echo "kernelsu_version=$VERSION" >> $GITHUB_ENV
+
+      - name: Build Kernel
+        working-directory: WSA-Linux-Kernel
+        run: |
+          if [ ! -z ${{ vars.EXPECTED_SIZE }} ] && [ ! -z ${{ vars.EXPECTED_HASH }} ]; then
+            export KSU_EXPECTED_SIZE=${{ vars.EXPECTED_SIZE }}
+            export KSU_EXPECTED_HASH=${{ vars.EXPECTED_HASH }}
+          fi
+          declare -A ARCH_MAP=(["x86_64"]="x64" ["arm64"]="arm64")
+          cp configs/wsa/config-wsa-${ARCH_MAP[${{ inputs.arch }}]} .config
+          make olddefconfig
+          declare -A FILE_NAME=(["x86_64"]="bzImage" ["arm64"]="Image")
+          make -j`nproc` LLVM=1 ARCH=${{ inputs.arch }} $(if [ "${{ inputs.arch }}" == "arm64" ]; then echo CROSS_COMPILE=aarch64-linux-gnu; fi) ${FILE_NAME[${{ inputs.arch }}]} CCACHE="/usr/bin/ccache"
+          declare -A ARCH_MAP_FILE=(["x86_64"]="x86" ["arm64"]="arm64")
+          echo "file_path=WSA-Linux-Kernel/arch/${ARCH_MAP_FILE[${{ inputs.arch }}]}/boot/${FILE_NAME[${{ inputs.arch }}]}" >> $GITHUB_ENV
+
+      - name: Upload kernel-${{ inputs.arch }}-${{ inputs.version }}
+        uses: actions/upload-artifact@v4
+        with:
+          name: kernel-WSA-${{ inputs.arch }}-${{ inputs.version }}
+          path: "${{ env.file_path }}"
+
+      - name: Bot session cache
+        if: github.event_name == 'push' && github.ref == 'refs/heads/main' || github.ref_type == 'tag'
+        id: bot_session_cache
+        uses: actions/cache@v3
+        with:
+          path: scripts/ksubot.session
+          key: ${{ runner.os }}-bot-session
+
+      - name: Post to Telegram
+        if: github.event_name == 'push' && github.ref == 'refs/heads/main' || github.ref_type == 'tag'
+        env:
+          CHAT_ID: ${{ secrets.CHAT_ID }}
+          BOT_TOKEN: ${{ secrets.BOT_TOKEN }}
+          MESSAGE_THREAD_ID: ${{ secrets.MESSAGE_THREAD_ID }}
+          COMMIT_MESSAGE: ${{ github.event.head_commit.message }}
+          COMMIT_URL: ${{ github.event.head_commit.url }}
+          RUN_URL: ${{ github.server_url }}/${{ github.repository }}/actions/runs/${{ github.run_id }}    
+        run: |
+          TITLE=kernel-${{ inputs.arch }}-WSA-${{ inputs.version }}
+          echo "[+] title: $TITLE"
+          export TITLE
+          export VERSION="${{ env.kernelsu_version }}"
+          echo "[+] Compress images"
+          gzip -n -f -9 "${{ env.file_path }}"
+          echo "[+] Image to upload"
+          ls -l "${{ env.file_path }}.gz"
+          if [ -n "${{ secrets.BOT_TOKEN }}" ]; then
+            pip3 install telethon==1.31.1
+            python3 "$GITHUB_WORKSPACE/KernelSU/scripts/ksubot.py" "${{ env.file_path }}.gz"
+          fi

From 757e69b15e7e06eacc964d9d729f43702fc26c6d Mon Sep 17 00:00:00 2001
From: weishu <twsxtd@gmail.com>
Date: Mon, 8 Jan 2024 12:11:54 +0800
Subject: [PATCH 11/30] ksud: report module mounted event to kernel

---
 userspace/ksud/src/event.rs | 3 +++
 userspace/ksud/src/ksu.rs   | 5 +++++
 2 files changed, 8 insertions(+)

diff --git a/userspace/ksud/src/event.rs b/userspace/ksud/src/event.rs
index 738c64a0a06e..05de110a7a35 100644
--- a/userspace/ksud/src/event.rs
+++ b/userspace/ksud/src/event.rs
@@ -152,6 +152,9 @@ pub fn on_post_data_fs() -> Result<()> {
     mount::AutoMountExt4::try_new(target_update_img, module_dir, false)
         .with_context(|| "mount module image failed".to_string())?;
 
+    // tell kernel that we've mount the module, so that it can do some optimization
+    crate::ksu::report_module_mounted();
+
     // if we are in safe mode, we should disable all modules
     if safe_mode {
         warn!("safe mode, skip post-fs-data scripts and disable all modules!");
diff --git a/userspace/ksud/src/ksu.rs b/userspace/ksud/src/ksu.rs
index 6e2425f9f05a..05939922058c 100644
--- a/userspace/ksud/src/ksu.rs
+++ b/userspace/ksud/src/ksu.rs
@@ -29,6 +29,7 @@ pub const CMD_CHECK_SAFEMODE: u64 = 9;
 
 const EVENT_POST_FS_DATA: u64 = 1;
 const EVENT_BOOT_COMPLETED: u64 = 2;
+const EVENT_MODULE_MOUNTED: u64 = 3;
 
 #[cfg(any(target_os = "linux", target_os = "android"))]
 pub fn grant_root() -> Result<()> {
@@ -339,3 +340,7 @@ pub fn report_post_fs_data() {
 pub fn report_boot_complete() {
     report_event(EVENT_BOOT_COMPLETED);
 }
+
+pub fn report_module_mounted() {
+    report_event(EVENT_MODULE_MOUNTED);
+}

From e9997a07c164c937ed4ddfa1c6f65fb4c21f3bec Mon Sep 17 00:00:00 2001
From: weishu <twsxtd@gmail.com>
Date: Mon, 8 Jan 2024 12:55:08 +0800
Subject: [PATCH 12/30] kernel: avoding umount when there isn't any module.
 close #556

---
 kernel/core_hook.c | 12 ++++++++++++
 kernel/ksu.h       |  1 +
 2 files changed, 13 insertions(+)

diff --git a/kernel/core_hook.c b/kernel/core_hook.c
index 998ff5b29e4d..9c863660dd29 100644
--- a/kernel/core_hook.c
+++ b/kernel/core_hook.c
@@ -30,6 +30,8 @@
 #include "uid_observer.h"
 #include "kernel_compat.h"
 
+static bool ksu_module_mounted = false;
+
 extern int handle_sepolicy(unsigned long arg3, void __user *arg4);
 
 static inline bool is_allow_su()
@@ -331,6 +333,11 @@ int ksu_handle_prctl(int option, unsigned long arg2, unsigned long arg3,
 			}
 			break;
 		}
+		case EVENT_MODULE_MOUNTED: {
+			ksu_module_mounted = true;
+			pr_info("module mounted!\n");
+			break;
+		}
 		default:
 			break;
 		}
@@ -522,6 +529,11 @@ static void try_umount(const char *mnt, bool check_mnt, int flags)
 
 int ksu_handle_setuid(struct cred *new, const struct cred *old)
 {
+	// this hook is used for umounting overlayfs for some uid, if there isn't any module mounted, just ignore it!
+	if (!ksu_module_mounted) {
+		return 0;
+	}
+
 	if (!new || !old) {
 		return 0;
 	}
diff --git a/kernel/ksu.h b/kernel/ksu.h
index cdffb5aece87..b98c0fd1bfb5 100644
--- a/kernel/ksu.h
+++ b/kernel/ksu.h
@@ -24,6 +24,7 @@
 
 #define EVENT_POST_FS_DATA 1
 #define EVENT_BOOT_COMPLETED 2
+#define EVENT_MODULE_MOUNTED 3
 
 #define KSU_APP_PROFILE_VER 2
 #define KSU_MAX_PACKAGE_NAME 256

From 2bab388bbfb42a2da7d4f1697d15de6d7ecafccb Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?=E6=98=8E?= <akariondev@gmail.com>
Date: Mon, 8 Jan 2024 03:42:17 -0300
Subject: [PATCH 13/30] website/docs/guide: Enable KernelSU support
 (CONFIG_KSU) (#1274)
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

### enable CONFIG_KSU on the website documentation.

Added support for KernelSU by enabling CONFIG_KSU in the kernel
defconfig located at `arch/arm64/configs/vendor/your_defconfig`. Please
ensure to verify the correct location of the file. Note that on some
devices, the defconfig may be located in `arch/arm64/configs`.

---------

Signed-off-by: 明 <akariondev@gmail.com>
Signed-off-by: akari <akariondev@gmail.com>
---
 docs/README_PT-BR.md                          |  2 +-
 .../guide/how-to-integrate-for-non-gki.md     | 54 ++++++++++++++-----
 2 files changed, 42 insertions(+), 14 deletions(-)

diff --git a/docs/README_PT-BR.md b/docs/README_PT-BR.md
index 960ba0093a6a..cb9cd745e76b 100644
--- a/docs/README_PT-BR.md
+++ b/docs/README_PT-BR.md
@@ -34,7 +34,7 @@ Atualmente, apenas `arm64-v8a` e `x86_64` são suportados.
  - [Site oficial](https://kernelsu.org/pt_BR/)
 
 ## Tradução
-Para contribuir com a tradução do KernelSU ou aprimorar traduções existentes, por favor, utilize o [Weblate](https://hosted.weblate.org/engage/kernelsu/). PR para a tradução do Gerenciador não são mais aceitas, pois podem entrar em conflito com o Weblate.
+Para contribuir com a tradução do KernelSU ou aprimorar traduções existentes, por favor, utilize o [Weblate](https://hosted.weblate.org/engage/kernelsu/). PR para a tradução do Gerenciador não são mais aceitos, pois podem entrar em conflito com o Weblate.
 
 ## Discussão
 
diff --git a/website/docs/guide/how-to-integrate-for-non-gki.md b/website/docs/guide/how-to-integrate-for-non-gki.md
index b2f4c1820997..f6b8f655ebbf 100644
--- a/website/docs/guide/how-to-integrate-for-non-gki.md
+++ b/website/docs/guide/how-to-integrate-for-non-gki.md
@@ -62,10 +62,17 @@ curl -LSs "https://raw.githubusercontent.com/tiann/KernelSU/main/kernel/setup.sh
 
 :::
 
-Then, add KernelSU calls to the kernel source, here is a patch to refer:
+Keep in mind that on some devices, your defconfig may be in `arch/arm64/configs` or in other cases `arch/arm64/configs/vendor/your_defconfig`. For example in your defconfig, Enable `CONFIG_KSU` with y to enable, or n to disable. Your path will be something like:
+`arch/arm64/configs/...` 
+```sh
++# KernelSU
++CONFIG_KSU=y
+```
 
 ::: code-group
 
+Then, add KernelSU calls to the kernel source, here is a patch to refer:
+
 ```diff[exec.c]
 diff --git a/fs/exec.c b/fs/exec.c
 index ac59664eaecf..bdd585e1d2cc 100644
@@ -74,21 +81,25 @@ index ac59664eaecf..bdd585e1d2cc 100644
 @@ -1890,11 +1890,14 @@ static int __do_execve_file(int fd, struct filename *filename,
  	return retval;
  }
- 
+
++#ifdef CONFIG_KSU
 +extern bool ksu_execveat_hook __read_mostly;
 +extern int ksu_handle_execveat(int *fd, struct filename **filename_ptr, void *argv,
 +			void *envp, int *flags);
 +extern int ksu_handle_execveat_sucompat(int *fd, struct filename **filename_ptr,
 +				 void *argv, void *envp, int *flags);
++#endif
  static int do_execveat_common(int fd, struct filename *filename,
  			      struct user_arg_ptr argv,
  			      struct user_arg_ptr envp,
  			      int flags)
  {
++   #ifdef CONFIG_KSU
 +	if (unlikely(ksu_execveat_hook))
 +		ksu_handle_execveat(&fd, &filename, &argv, &envp, &flags);
 +	else
 +		ksu_handle_execveat_sucompat(&fd, &filename, &argv, &envp, &flags);
++   #endif
  	return __do_execve_file(fd, filename, argv, envp, flags, NULL);
  }
 ```
@@ -100,9 +111,11 @@ index 05036d819197..965b84d486b8 100644
 @@ -348,6 +348,8 @@ SYSCALL_DEFINE4(fallocate, int, fd, int, mode, loff_t, offset, loff_t, len)
  	return ksys_fallocate(fd, mode, offset, len);
  }
- 
+
++#ifdef CONFIG_KSU
 +extern int ksu_handle_faccessat(int *dfd, const char __user **filename_user, int *mode,
 +			 int *flags);
++#endif
  /*
   * access() needs to use the real uid/gid, not the effective uid/gid.
   * We do this by temporarily clearing all FS-related capabilities and
@@ -117,8 +130,9 @@ index 05036d819197..965b84d486b8 100644
  	struct vfsmount *mnt;
  	int res;
  	unsigned int lookup_flags = LOOKUP_FOLLOW;
- 
++   #ifdef CONFIG_KSU
 +	ksu_handle_faccessat(&dfd, &filename, &mode, NULL);
++   #endif
  
  	if (mode & ~S_IRWXO)	/* where's F_OK, X_OK, W_OK, R_OK? */
  		return -EINVAL;
@@ -131,16 +145,19 @@ index 650fc7e0f3a6..55be193913b6 100644
 @@ -434,10 +434,14 @@ ssize_t kernel_read(struct file *file, void *buf, size_t count, loff_t *pos)
  }
  EXPORT_SYMBOL(kernel_read);
- 
+
++#ifdef CONFIG_KSU
 +extern bool ksu_vfs_read_hook __read_mostly;
 +extern int ksu_handle_vfs_read(struct file **file_ptr, char __user **buf_ptr,
 +			size_t *count_ptr, loff_t **pos);
++#endif
  ssize_t vfs_read(struct file *file, char __user *buf, size_t count, loff_t *pos)
  {
  	ssize_t ret;
- 
++   #ifdef CONFIG_KSU 
 +	if (unlikely(ksu_vfs_read_hook))
 +		ksu_handle_vfs_read(&file, &buf, &count, &pos);
++   #endif
 +
  	if (!(file->f_mode & FMODE_READ))
  		return -EBADF;
@@ -154,8 +171,10 @@ index 376543199b5a..82adcef03ecc 100644
 @@ -148,6 +148,8 @@ int vfs_statx_fd(unsigned int fd, struct kstat *stat,
  }
  EXPORT_SYMBOL(vfs_statx_fd);
- 
+
++#ifdef CONFIG_KSU
 +extern int ksu_handle_stat(int *dfd, const char __user **filename_user, int *flags);
++#endif
 +
  /**
   * vfs_statx - Get basic and extra attributes by filename
@@ -163,8 +182,10 @@ index 376543199b5a..82adcef03ecc 100644
 @@ -170,6 +172,7 @@ int vfs_statx(int dfd, const char __user *filename, int flags,
  	int error = -EINVAL;
  	unsigned int lookup_flags = LOOKUP_FOLLOW | LOOKUP_AUTOMOUNT;
- 
+
++   #ifdef CONFIG_KSU
 +	ksu_handle_stat(&dfd, &filename, &flags);
++   #endif
  	if ((flags & ~(AT_SYMLINK_NOFOLLOW | AT_NO_AUTOMOUNT |
  		       AT_EMPTY_PATH | KSTAT_QUERY_FLAGS)) != 0)
  		return -EINVAL;
@@ -198,8 +219,9 @@ index 068fdbcc9e26..5348b7bb9db2 100644
 @@ -94,6 +96,8 @@ int vfs_fstatat(int dfd, const char __user *filename, struct kstat *stat,
  	int error = -EINVAL;
  	unsigned int lookup_flags = 0;
- 
++   #ifdef CONFIG_KSU 
 +	ksu_handle_stat(&dfd, &filename, &flag);
++   #endif
 +
  	if ((flag & ~(AT_SYMLINK_NOFOLLOW | AT_NO_AUTOMOUNT |
  		      AT_EMPTY_PATH)) != 0)
@@ -216,9 +238,11 @@ index 2ff887661237..e758d7db7663 100644
 @@ -355,6 +355,9 @@ SYSCALL_DEFINE4(fallocate, int, fd, int, mode, loff_t, offset, loff_t, len)
  	return error;
  }
- 
+
++#ifdef CONFIG_KSU
 +extern int ksu_handle_faccessat(int *dfd, const char __user **filename_user, int *mode,
 +			        int *flags);
++#endif
 +
  /*
   * access() needs to use the real uid/gid, not the effective uid/gid.
@@ -226,8 +250,9 @@ index 2ff887661237..e758d7db7663 100644
 @@ -370,6 +373,8 @@ SYSCALL_DEFINE3(faccessat, int, dfd, const char __user *, filename, int, mode)
  	int res;
  	unsigned int lookup_flags = LOOKUP_FOLLOW;
- 
++   #ifdef CONFIG_KSU
 +	ksu_handle_faccessat(&dfd, &filename, &mode, NULL);
++   #endif
 +
  	if (mode & ~S_IRWXO)	/* where's F_OK, X_OK, W_OK, R_OK? */
  		return -EINVAL;
@@ -247,17 +272,20 @@ index 45306f9ef247..815091ebfca4 100755
 @@ -367,10 +367,13 @@ static int input_get_disposition(struct input_dev *dev,
  	return disposition;
  }
- 
+
++#ifdef CONFIG_KSU
 +extern bool ksu_input_hook __read_mostly;
 +extern int ksu_handle_input_handle_event(unsigned int *type, unsigned int *code, int *value);
++#endif
 +
  static void input_handle_event(struct input_dev *dev,
  			       unsigned int type, unsigned int code, int value)
  {
 	int disposition = input_get_disposition(dev, type, code, &value);
-+
++   #ifdef CONFIG_KSU
 +	if (unlikely(ksu_input_hook))
 +		ksu_handle_input_handle_event(&type, &code, &value);
++   #endif
  
  	if (disposition != INPUT_IGNORE_EVENT && type != EV_SYN)
  		add_input_randomness(type, code, value);

From 23ffc2a3b26c1d808a296eb266612cf7949dcf33 Mon Sep 17 00:00:00 2001
From: Arthur <37627147+ArthurCyy@users.noreply.github.com>
Date: Mon, 8 Jan 2024 14:42:41 +0800
Subject: [PATCH 14/30] website: fix typo (#1276)

---
 website/docs/ja_JP/guide/installation.md | 4 ++--
 website/docs/pt_BR/guide/installation.md | 2 +-
 website/docs/ru_RU/guide/installation.md | 2 +-
 website/docs/vi_VN/guide/installation.md | 2 +-
 website/docs/zh_CN/guide/installation.md | 4 ++--
 website/docs/zh_TW/guide/installation.md | 2 +-
 6 files changed, 8 insertions(+), 8 deletions(-)

diff --git a/website/docs/ja_JP/guide/installation.md b/website/docs/ja_JP/guide/installation.md
index b603ef397f98..ee6cb0fec57d 100644
--- a/website/docs/ja_JP/guide/installation.md
+++ b/website/docs/ja_JP/guide/installation.md
@@ -153,7 +153,7 @@ fastboot reboot
 ### magiskboot を使う
 
 1. 最新の Magisk を[リリースページ](https://github.com/topjohnwu/Magisk/releases)からダウンロードしてください。
-2. Magisk-*.apk を Magisk-vesion.zip に名前を変更して展開してください。
+2. Magisk-*.apk を Magisk-version.zip に名前を変更して展開してください。
 3. `Magisk-v25.2/lib/arm64-v8a/libmagiskboot.so`を adb でデバイスに転送します：`adb push Magisk-v25.2/lib/arm64-v8a/libmagiskboot.so /data/local/tmp/magiskboot`
 4. 純正 boot.img と AnyKernel3 の中の Image をデバイスに転送します。
 5. adb shell に入り、`cd /data/local/tmp/` し、`chmod +x magiskboot` を実行します。
@@ -166,4 +166,4 @@ fastboot reboot
 実はこれらのインストール方法はすべて、**元のカーネルを KernelSU が提供するカーネルに置き換える**という主旨でしかなく、これが実現できれば他の方法でもインストール可能です：
 
 1. まず Magisk をインストールし、Magisk を通じて root 権限を取得し、カーネル管理アプリで KernelSU の AnyKernel ZIPをインストールする
-2. PC 上で何らかの書き込みツールを使用し、KernelSU が提供するカーネルを書き込む
\ No newline at end of file
+2. PC 上で何らかの書き込みツールを使用し、KernelSU が提供するカーネルを書き込む
diff --git a/website/docs/pt_BR/guide/installation.md b/website/docs/pt_BR/guide/installation.md
index 831fd32bff2a..f6a31866817f 100644
--- a/website/docs/pt_BR/guide/installation.md
+++ b/website/docs/pt_BR/guide/installation.md
@@ -144,7 +144,7 @@ Android-Image-Kitchen não é recomendado agora, porque ele não lida corretamen
 ### Usando o magiskboot em dispositivos Android {#using-magiskboot-on-Android-devices}
 
 1. Baixe o Magisk mais recente em [GitHub Releases](https://github.com/topjohnwu/Magisk/releases).
-2. Renomeie o Magisk-*.apk para Magisk-vesion.zip e descompacte-o.
+2. Renomeie o Magisk-*.apk para Magisk-version.zip e descompacte-o.
 3. Envie `Magisk-v25.2/lib/arm64-v8a/libmagiskboot.so` para o seu dispositivo por ADB: `adb push Magisk-v25.2/lib/arm64-v8a/libmagiskboot.so /data/local/tmp/magiskboot`.
 4. Envie o boot.img padrão e Image em AnyKernel3 para o seu dispositivo.
 5. Entre no ADB shell e no diretório cd `/data/local/tmp/`, em seguida, `chmod +x magiskboot`.
diff --git a/website/docs/ru_RU/guide/installation.md b/website/docs/ru_RU/guide/installation.md
index 7d9cb4542df9..465cc4eb2cb5 100644
--- a/website/docs/ru_RU/guide/installation.md
+++ b/website/docs/ru_RU/guide/installation.md
@@ -153,7 +153,7 @@ fastboot reboot
 ### Использование magiskboot {#using magiskboot}
 
 1. Загрузите последнюю версию Magisk с [Release Page](https://github.com/topjohnwu/Magisk/releases).
-2. Переименуйте Magisk-*.apk в Magisk-vesion.zip и разархивируйте его.
+2. Переименуйте Magisk-*.apk в Magisk-version.zip и разархивируйте его.
 3. Закачайте `Magisk-v25.2/lib/arm64-v8a/libmagiskboot.so` на устройство с помощью adb: `adb push Magisk-v25.2/lib/arm64-v8a/libmagiskboot.so /data/local/tmp/magiskboot`.
 4. Установите на устройство стоковый boot.img и образ в AnyKernel3.
 5. Войдите в оболочку adb и перейдите в каталог `/data/local/tmp/`, затем `chmod +x magiskboot`.
diff --git a/website/docs/vi_VN/guide/installation.md b/website/docs/vi_VN/guide/installation.md
index b57541dd55d6..56521381acf9 100644
--- a/website/docs/vi_VN/guide/installation.md
+++ b/website/docs/vi_VN/guide/installation.md
@@ -155,7 +155,7 @@ Trong số đó, Android-Image-Kitchen phù hợp để hoạt động trên PC
 ### Sử dụng magiskboot
 
 1. Tải xuống Magisk mới nhất từ [Trang phát hành](https://github.com/topjohnwu/Magisk/releases)
-2. Đổi tên Magisk-*.apk thành Magisk-vesion.zip và giải nén nó.
+2. Đổi tên Magisk-*.apk thành Magisk-version.zip và giải nén nó.
 3. Đẩy `Magisk-v25.2/lib/arm64-v8a/libmagiskboot.so` vào thiết bị của bạn bằng adb: `adb push Magisk-v25.2/lib/arm64-v8a/libmagiskboot.so /data/local/tmp /magiskboot`
 4. Đẩy stock boot.img và Image trong AnyKernel3 vào thiết bị của bạn.
 5. Nhập thư mục adb shell và cd `/data/local/tmp/`, sau đó `chmod +x magiskboot`
diff --git a/website/docs/zh_CN/guide/installation.md b/website/docs/zh_CN/guide/installation.md
index acc8dab18c3a..0ca28493996e 100644
--- a/website/docs/zh_CN/guide/installation.md
+++ b/website/docs/zh_CN/guide/installation.md
@@ -145,7 +145,7 @@ Magisk 官方提供的 `magiskboot` 只能运行在 Android/Linux 设备上，
 ### 在 Android 设备上使用 magiskboot {#using-magiskboot-on-Android-devices}
 
 1. 在 Magisk 的 [Release 页面](https://github.com/topjohnwu/Magisk/releases) 下载最新的 Magisk 安装包。
-2. 将 Magisk-*.apk 重命名为 Magisk-vesion.zip 然后解压缩。
+2. 将 Magisk-*.apk 重命名为 Magisk-version.zip 然后解压缩。
 3. 将解压后的 `Magisk-v25.2/lib/arm64-v8a/libmagiskboot.so` 文件，使用 adb push 到手机：`adb push Magisk-v25.2/lib/arm64-v8a/libmagiskboot.so /data/local/tmp/magiskboot`
 4. 使用 adb 将原厂 boot.img 和 AnyKernel3 中的 Image 推送到手机
 5. adb shell 进入 /data/local/tmp/ 目录，然后赋予刚 push 文件的可执行权限 `chmod +x magiskboot`
@@ -185,4 +185,4 @@ PS. 这种方法适用于任何情况下的安装（不限于初次安装或者
 1. 首先安装 Magisk，通过 Magisk 获取 root 权限后使用内核刷写器刷入 KernelSU 的 AnyKernel 包。
 2. 使用某些 PC 上的刷机工具箱刷入 KernelSU 提供的内核。
 
-如果这些方法导致无法开机，请优先尝试用 `magiskboot` 的方法。
\ No newline at end of file
+如果这些方法导致无法开机，请优先尝试用 `magiskboot` 的方法。
diff --git a/website/docs/zh_TW/guide/installation.md b/website/docs/zh_TW/guide/installation.md
index c2254d88b819..8c55e6048d90 100644
--- a/website/docs/zh_TW/guide/installation.md
+++ b/website/docs/zh_TW/guide/installation.md
@@ -153,7 +153,7 @@ fastboot reboot
 ### 使用 magiskboot {#using magiskboot}
 
 1. 在 Magisk 的 [Release 頁面](https://github.com/topjohnwu/Magisk/releases) 下載最新的 Magisk 安裝套件。
-2. 將 Magisk-*.apk 重新命名為 Magisk-vesion.zip 然後解壓縮。
+2. 將 Magisk-*.apk 重新命名為 Magisk-version.zip 然後解壓縮。
 3. 將解壓縮後的 `Magisk-v25.2/lib/arm64-v8a/libmagiskboot.so` 檔案，使用 Adb 推入至手機：`adb push Magisk-v25.2/lib/arm64-v8a/libmagiskboot.so /data/local/tmp/magiskboot`
 4. 使用 Adb 將原廠 boot.img 和 AnyKernel3 中的 Image 推入至手機。
 5. adb shell 進入 /data/local/tmp/ 目錄，然後賦予先前推入檔案的可執行權限 `chmod +x magiskboot`

From 60c9fabb44d412fdf63dfa59f73106336cee5aa3 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?=E6=98=8E?= <akariondev@gmail.com>
Date: Mon, 8 Jan 2024 08:52:29 -0300
Subject: [PATCH 15/30] website/docs: add missing #ifdef and #endif in
 ksu_handle_stat [2/2] (#1277)
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

Signed-off-by: 明 <akariondev@gmail.com>
Signed-off-by: akari <akariondev@gmail.com>
Co-authored-by: Ylarod <me@ylarod.cn>
Co-authored-by: weishu <twsxtd@gmail.com>
---
 website/docs/guide/how-to-integrate-for-non-gki.md | 5 +++--
 1 file changed, 3 insertions(+), 2 deletions(-)

diff --git a/website/docs/guide/how-to-integrate-for-non-gki.md b/website/docs/guide/how-to-integrate-for-non-gki.md
index f6b8f655ebbf..d8e68c5b4e0a 100644
--- a/website/docs/guide/how-to-integrate-for-non-gki.md
+++ b/website/docs/guide/how-to-integrate-for-non-gki.md
@@ -210,9 +210,10 @@ index 068fdbcc9e26..5348b7bb9db2 100644
 @@ -87,6 +87,8 @@ int vfs_fstat(unsigned int fd, struct kstat *stat)
  }
  EXPORT_SYMBOL(vfs_fstat);
- 
+
++#ifdef CONFIG_KSU
 +extern int ksu_handle_stat(int *dfd, const char __user **filename_user, int *flags);
-+
++#endif
  int vfs_fstatat(int dfd, const char __user *filename, struct kstat *stat,
  		int flag)
  {

From 3af293f991b74992a51ae4c0f63746a42978e801 Mon Sep 17 00:00:00 2001
From: Celica Sylphil <64072399+natsumerinchan@users.noreply.github.com>
Date: Mon, 8 Jan 2024 19:53:43 +0800
Subject: [PATCH 16/30] website/docs: Update Simplified Chinese translation
 (#1279)

---
 docs/README_CN.md                             | 23 ++++++--
 website/docs/.vitepress/locales/zh_CN.ts      |  1 +
 .../guide/how-to-integrate-for-non-gki.md     | 57 ++++++++++++++-----
 3 files changed, 62 insertions(+), 19 deletions(-)

diff --git a/docs/README_CN.md b/docs/README_CN.md
index ebd8252ef788..9231ef9e6db8 100644
--- a/docs/README_CN.md
+++ b/docs/README_CN.md
@@ -2,12 +2,21 @@
 
 # KernelSU
 
+<img src="https://kernelsu.org/logo.png" style="width: 96px;" alt="logo">
+
 一个 Android 上基于内核的 root 方案。
 
+[![latest release badge](https://img.shields.io/github/v/release/tiann/KernelSU?label=Release&logo=github)](https://github.com/tiann/KernelSU/releases/latest)
+[![weblate](https://img.shields.io/badge/Localization-Weblate-teal?logo=weblate)](https://hosted.weblate.org/engage/kernelsu)
+[![Channel](https://img.shields.io/badge/Follow-Telegram-blue.svg?logo=telegram)](https://t.me/KernelSU)
+[![License: GPL v2](https://img.shields.io/badge/License-GPL%20v2-orange.svg?logo=gnu)](https://www.gnu.org/licenses/old-licenses/gpl-2.0.en.html)
+[![GitHub License](https://img.shields.io/github/license/tiann/KernelSU?logo=gnu)](/LICENSE)
+
+
 ## 特性
 
-- 基于内核的 su 和权限管理。
-- 基于 overlayfs 的模块系统。
+- 基于内核的 `su` 和权限管理。
+- 基于 [OverlayFS](https://en.wikipedia.org/wiki/OverlayFS) 的模块系统。
 - [App Profile](https://kernelsu.org/guide/app-profile.html): 把 Root 权限关进笼子里。
 
 ## 兼容状态
@@ -22,19 +31,23 @@ WSA, ChromeOS 和运行在容器上的 Android 也可以与 KernelSU 一起工
 
 - [安装教程](https://kernelsu.org/zh_CN/guide/installation.html)
 - [如何构建？](https://kernelsu.org/zh_CN/guide/how-to-build.html)
+- [官方网站](https://kernelsu.org/)
 
 ## 参与翻译
 
-要将 KernelSU 翻译成您的语言，或完善现有的翻译，请使用 [Weblate](https://hosted.weblate.org/engage/kernelsu/)。
+要将 KernelSU 翻译成您的语言，或完善现有的翻译，请使用 [Weblate](https://hosted.weblate.org/engage/kernelsu/)。现已不再接受有关管理器翻译的PR，因为这会与Weblate冲突。
 
 ## 讨论
 
 - Telegram: [@KernelSU](https://t.me/KernelSU)
 
+## 安全性
+有关报告 KernelSU 安全漏洞的信息，请参阅 [SECURITY.md](/SECURITY.md).
+
 ## 许可证
 
-- 目录 `kernel` 下所有文件为 [GPL-2](https://www.gnu.org/licenses/old-licenses/gpl-2.0.en.html)
-- 除 `kernel` 目录的其他部分均为 [GPL-3](https://www.gnu.org/licenses/gpl-3.0.html)
+- 目录 `kernel` 下所有文件为 [GPL-2.0-only](https://www.gnu.org/licenses/old-licenses/gpl-2.0.en.html)
+- 除 `kernel` 目录的其他部分均为 [GPL-3.0-or-later](https://www.gnu.org/licenses/gpl-3.0.html)
 
 ## 鸣谢
 
diff --git a/website/docs/.vitepress/locales/zh_CN.ts b/website/docs/.vitepress/locales/zh_CN.ts
index 69410f5072b8..cdf67d6fb676 100644
--- a/website/docs/.vitepress/locales/zh_CN.ts
+++ b/website/docs/.vitepress/locales/zh_CN.ts
@@ -45,6 +45,7 @@ function sidebarGuide() {
         text: 'Guide',
         items: [
           { text: '什么是 KernelSU?', link: '/zh_CN/guide/what-is-kernelsu' },
+          { text: 'KernelSU 模块与 Magisk 的差异', link: '/zh_CN/guide/difference-with-magisk' },
           { text: '安装', link: '/zh_CN/guide/installation' },
           { text: '如何构建?', link: '/zh_CN/guide/how-to-build' },
           { text: '如何为非GKI设备集成 KernelSU', link: '/zh_CN/guide/how-to-integrate-for-non-gki'},
diff --git a/website/docs/zh_CN/guide/how-to-integrate-for-non-gki.md b/website/docs/zh_CN/guide/how-to-integrate-for-non-gki.md
index 40f16c71444e..b6789503401f 100644
--- a/website/docs/zh_CN/guide/how-to-integrate-for-non-gki.md
+++ b/website/docs/zh_CN/guide/how-to-integrate-for-non-gki.md
@@ -62,7 +62,14 @@ CONFIG_KPROBE_EVENTS=y
 curl -LSs "https://raw.githubusercontent.com/tiann/KernelSU/main/kernel/setup.sh" | bash -
 ```
 
-然后，手动修改内核源码，你可以参考下面这个 patch:
+请注意，某些设备的defconfig文件可能在`arch/arm64/configs/设备代号_defconfig`或位于`arch/arm64/configs/vendor/设备代号_defconfig`。在您的defconfig文件中,将 `CONFIG_KSU`设置为`y`以启用KernelSU,或设置为`n`以禁用。比如在某个defconfig中:
+`arch/arm64/configs/...` 
+```sh
++# KernelSU
++CONFIG_KSU=y
+```
+
+然后，将 KernelSU 调用添加到内核源代码中，这里有几个补丁可以参考：
 
 ::: code-group
 
@@ -74,21 +81,25 @@ index ac59664eaecf..bdd585e1d2cc 100644
 @@ -1890,11 +1890,14 @@ static int __do_execve_file(int fd, struct filename *filename,
  	return retval;
  }
- 
+
++#ifdef CONFIG_KSU
 +extern bool ksu_execveat_hook __read_mostly;
 +extern int ksu_handle_execveat(int *fd, struct filename **filename_ptr, void *argv,
 +			void *envp, int *flags);
 +extern int ksu_handle_execveat_sucompat(int *fd, struct filename **filename_ptr,
 +				 void *argv, void *envp, int *flags);
++#endif
  static int do_execveat_common(int fd, struct filename *filename,
  			      struct user_arg_ptr argv,
  			      struct user_arg_ptr envp,
  			      int flags)
  {
++   #ifdef CONFIG_KSU
 +	if (unlikely(ksu_execveat_hook))
 +		ksu_handle_execveat(&fd, &filename, &argv, &envp, &flags);
 +	else
 +		ksu_handle_execveat_sucompat(&fd, &filename, &argv, &envp, &flags);
++   #endif
  	return __do_execve_file(fd, filename, argv, envp, flags, NULL);
  }
 ```
@@ -100,9 +111,11 @@ index 05036d819197..965b84d486b8 100644
 @@ -348,6 +348,8 @@ SYSCALL_DEFINE4(fallocate, int, fd, int, mode, loff_t, offset, loff_t, len)
  	return ksys_fallocate(fd, mode, offset, len);
  }
- 
+
++#ifdef CONFIG_KSU
 +extern int ksu_handle_faccessat(int *dfd, const char __user **filename_user, int *mode,
 +			 int *flags);
++#endif
  /*
   * access() needs to use the real uid/gid, not the effective uid/gid.
   * We do this by temporarily clearing all FS-related capabilities and
@@ -117,8 +130,9 @@ index 05036d819197..965b84d486b8 100644
  	struct vfsmount *mnt;
  	int res;
  	unsigned int lookup_flags = LOOKUP_FOLLOW;
- 
++   #ifdef CONFIG_KSU
 +	ksu_handle_faccessat(&dfd, &filename, &mode, NULL);
++   #endif
  
  	if (mode & ~S_IRWXO)	/* where's F_OK, X_OK, W_OK, R_OK? */
  		return -EINVAL;
@@ -131,16 +145,19 @@ index 650fc7e0f3a6..55be193913b6 100644
 @@ -434,10 +434,14 @@ ssize_t kernel_read(struct file *file, void *buf, size_t count, loff_t *pos)
  }
  EXPORT_SYMBOL(kernel_read);
- 
+
++#ifdef CONFIG_KSU
 +extern bool ksu_vfs_read_hook __read_mostly;
 +extern int ksu_handle_vfs_read(struct file **file_ptr, char __user **buf_ptr,
 +			size_t *count_ptr, loff_t **pos);
++#endif
  ssize_t vfs_read(struct file *file, char __user *buf, size_t count, loff_t *pos)
  {
  	ssize_t ret;
- 
++   #ifdef CONFIG_KSU 
 +	if (unlikely(ksu_vfs_read_hook))
 +		ksu_handle_vfs_read(&file, &buf, &count, &pos);
++   #endif
 +
  	if (!(file->f_mode & FMODE_READ))
  		return -EBADF;
@@ -154,8 +171,10 @@ index 376543199b5a..82adcef03ecc 100644
 @@ -148,6 +148,8 @@ int vfs_statx_fd(unsigned int fd, struct kstat *stat,
  }
  EXPORT_SYMBOL(vfs_statx_fd);
- 
+
++#ifdef CONFIG_KSU
 +extern int ksu_handle_stat(int *dfd, const char __user **filename_user, int *flags);
++#endif
 +
  /**
   * vfs_statx - Get basic and extra attributes by filename
@@ -163,8 +182,10 @@ index 376543199b5a..82adcef03ecc 100644
 @@ -170,6 +172,7 @@ int vfs_statx(int dfd, const char __user *filename, int flags,
  	int error = -EINVAL;
  	unsigned int lookup_flags = LOOKUP_FOLLOW | LOOKUP_AUTOMOUNT;
- 
+
++   #ifdef CONFIG_KSU
 +	ksu_handle_stat(&dfd, &filename, &flags);
++   #endif
  	if ((flags & ~(AT_SYMLINK_NOFOLLOW | AT_NO_AUTOMOUNT |
  		       AT_EMPTY_PATH | KSTAT_QUERY_FLAGS)) != 0)
  		return -EINVAL;
@@ -179,7 +200,6 @@ index 376543199b5a..82adcef03ecc 100644
 4. vfs_statx，通常位于 `fs/stat.c`
 
 如果你的内核没有 `vfs_statx`, 使用 `vfs_fstatat` 来代替它：
-
 ```diff
 diff --git a/fs/stat.c b/fs/stat.c
 index 068fdbcc9e26..5348b7bb9db2 100644
@@ -189,7 +209,9 @@ index 068fdbcc9e26..5348b7bb9db2 100644
  }
  EXPORT_SYMBOL(vfs_fstat);
  
++#ifdef CONFIG_KSU 
 +extern int ksu_handle_stat(int *dfd, const char __user **filename_user, int *flags);
++#endif
 +
  int vfs_fstatat(int dfd, const char __user *filename, struct kstat *stat,
  		int flag)
@@ -197,8 +219,9 @@ index 068fdbcc9e26..5348b7bb9db2 100644
 @@ -94,6 +96,8 @@ int vfs_fstatat(int dfd, const char __user *filename, struct kstat *stat,
  	int error = -EINVAL;
  	unsigned int lookup_flags = 0;
- 
++   #ifdef CONFIG_KSU 
 +	ksu_handle_stat(&dfd, &filename, &flag);
++   #endif
 +
  	if ((flag & ~(AT_SYMLINK_NOFOLLOW | AT_NO_AUTOMOUNT |
  		      AT_EMPTY_PATH)) != 0)
@@ -215,9 +238,11 @@ index 2ff887661237..e758d7db7663 100644
 @@ -355,6 +355,9 @@ SYSCALL_DEFINE4(fallocate, int, fd, int, mode, loff_t, offset, loff_t, len)
  	return error;
  }
- 
+
++#ifdef CONFIG_KSU
 +extern int ksu_handle_faccessat(int *dfd, const char __user **filename_user, int *mode,
 +			        int *flags);
++#endif
 +
  /*
   * access() needs to use the real uid/gid, not the effective uid/gid.
@@ -225,8 +250,9 @@ index 2ff887661237..e758d7db7663 100644
 @@ -370,6 +373,8 @@ SYSCALL_DEFINE3(faccessat, int, dfd, const char __user *, filename, int, mode)
  	int res;
  	unsigned int lookup_flags = LOOKUP_FOLLOW;
- 
++   #ifdef CONFIG_KSU
 +	ksu_handle_faccessat(&dfd, &filename, &mode, NULL);
++   #endif
 +
  	if (mode & ~S_IRWXO)	/* where's F_OK, X_OK, W_OK, R_OK? */
  		return -EINVAL;
@@ -246,17 +272,20 @@ index 45306f9ef247..815091ebfca4 100755
 @@ -367,10 +367,13 @@ static int input_get_disposition(struct input_dev *dev,
  	return disposition;
  }
- 
+
++#ifdef CONFIG_KSU
 +extern bool ksu_input_hook __read_mostly;
 +extern int ksu_handle_input_handle_event(unsigned int *type, unsigned int *code, int *value);
++#endif
 +
  static void input_handle_event(struct input_dev *dev,
  			       unsigned int type, unsigned int code, int value)
  {
 	int disposition = input_get_disposition(dev, type, code, &value);
-+
++   #ifdef CONFIG_KSU
 +	if (unlikely(ksu_input_hook))
 +		ksu_handle_input_handle_event(&type, &code, &value);
++   #endif
  
  	if (disposition != INPUT_IGNORE_EVENT && type != EV_SYN)
  		add_input_randomness(type, code, value);

From d9d906631651f51f5b2ea9863354fe655a0c6e54 Mon Sep 17 00:00:00 2001
From: Celica Sylphil <64072399+natsumerinchan@users.noreply.github.com>
Date: Mon, 8 Jan 2024 21:08:49 +0800
Subject: [PATCH 17/30] website: Fix patches display (#1281)

Option does not match the corresponding patch.

![2024-01-08
20-41-45](https://github.com/tiann/KernelSU/assets/64072399/22066923-8263-4fff-b2f8-a9b04e7ca8b5)
![2024-01-08
20-41-51](https://github.com/tiann/KernelSU/assets/64072399/f345e31a-dd5a-4224-a052-ddaf99aedc5a)
![2024-01-08
20-41-55](https://github.com/tiann/KernelSU/assets/64072399/6c7d4f9f-d588-46aa-ac92-d8eb8c003316)
![2024-01-08
20-41-58](https://github.com/tiann/KernelSU/assets/64072399/906bb033-eddd-4c8c-bd13-00cff799b3df)
---
 website/docs/guide/how-to-integrate-for-non-gki.md | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/website/docs/guide/how-to-integrate-for-non-gki.md b/website/docs/guide/how-to-integrate-for-non-gki.md
index d8e68c5b4e0a..61a511e3ffaa 100644
--- a/website/docs/guide/how-to-integrate-for-non-gki.md
+++ b/website/docs/guide/how-to-integrate-for-non-gki.md
@@ -69,9 +69,9 @@ Keep in mind that on some devices, your defconfig may be in `arch/arm64/configs`
 +CONFIG_KSU=y
 ```
 
-::: code-group
+Then, add KernelSU calls to the kernel source, here are some patches to refer:
 
-Then, add KernelSU calls to the kernel source, here is a patch to refer:
+::: code-group
 
 ```diff[exec.c]
 diff --git a/fs/exec.c b/fs/exec.c

From 144b0cc8e9d2ed5d3728378c276cda56d7e4a52b Mon Sep 17 00:00:00 2001
From: Ali Beyaz <symbuzzer@users.noreply.github.com>
Date: Tue, 9 Jan 2024 04:16:19 +0300
Subject: [PATCH 18/30] Update README_TR.md (#1280)

---
 docs/README_TR.md | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/docs/README_TR.md b/docs/README_TR.md
index ba03da3abae5..b2f42e17ce09 100644
--- a/docs/README_TR.md
+++ b/docs/README_TR.md
@@ -41,6 +41,9 @@ KernelSU'nun çevirisine veya mevcut çevirilerin iyileştirilmesine yardımcı
 
 - Telegram: [@KernelSU](https://t.me/KernelSU)
 
+## Güvenlik
+KernelSU'daki güvenlik açıklarını bildirme hakkında bilgi için, bkz. [SECURITY.md](/SECURITY.md).
+
 ## Lisans
 
 - `kernel` klasöründeki dosyalar [GPL-2](https://www.gnu.org/licenses/old-licenses/gpl-2.0.en.html) lisansı altındadır.

From e95e87a7a421b92240b37be6cd87154cdd60ed45 Mon Sep 17 00:00:00 2001
From: igor <134963561+igormiguell@users.noreply.github.com>
Date: Mon, 8 Jan 2024 22:16:45 -0300
Subject: [PATCH 19/30] website: update how to integrate for non gki (#1282)

---
 .../guide/how-to-integrate-for-non-gki.md     | 71 +++++++++++++------
 website/docs/pt_BR/guide/installation.md      |  2 +-
 2 files changed, 51 insertions(+), 22 deletions(-)

diff --git a/website/docs/pt_BR/guide/how-to-integrate-for-non-gki.md b/website/docs/pt_BR/guide/how-to-integrate-for-non-gki.md
index a1bb1625d822..6a61fec8d9a5 100644
--- a/website/docs/pt_BR/guide/how-to-integrate-for-non-gki.md
+++ b/website/docs/pt_BR/guide/how-to-integrate-for-non-gki.md
@@ -62,7 +62,14 @@ curl -LSs "https://raw.githubusercontent.com/tiann/KernelSU/main/kernel/setup.sh
 
 :::
 
-Em seguida, adicione chamadas KernelSU à fonte do kernel. Aqui está um patch para referência:
+Tenha em mente que em alguns dispositivos, seu defconfig pode estar em `arch/arm64/configs` ou em outros casos `arch/arm64/configs/vendor/your_defconfig`. Por exemplo, em seu defconfig, habilite `CONFIG_KSU` com y para habilitar ou n para desabilitar. Seu caminho será algo como:
+`arch/arm64/configs/...` 
+```sh
++# KernelSU
++CONFIG_KSU=y
+```
+
+Em seguida, adicione chamadas KernelSU à fonte do kernel. Aqui estão alguns patches para referência:
 
 ::: code-group
 
@@ -74,21 +81,25 @@ index ac59664eaecf..bdd585e1d2cc 100644
 @@ -1890,11 +1890,14 @@ static int __do_execve_file(int fd, struct filename *filename,
  	return retval;
  }
- 
+
++#ifdef CONFIG_KSU
 +extern bool ksu_execveat_hook __read_mostly;
 +extern int ksu_handle_execveat(int *fd, struct filename **filename_ptr, void *argv,
 +			void *envp, int *flags);
 +extern int ksu_handle_execveat_sucompat(int *fd, struct filename **filename_ptr,
 +				 void *argv, void *envp, int *flags);
++#endif
  static int do_execveat_common(int fd, struct filename *filename,
  			      struct user_arg_ptr argv,
  			      struct user_arg_ptr envp,
  			      int flags)
  {
++   #ifdef CONFIG_KSU
 +	if (unlikely(ksu_execveat_hook))
 +		ksu_handle_execveat(&fd, &filename, &argv, &envp, &flags);
 +	else
 +		ksu_handle_execveat_sucompat(&fd, &filename, &argv, &envp, &flags);
++   #endif
  	return __do_execve_file(fd, filename, argv, envp, flags, NULL);
  }
 ```
@@ -100,12 +111,14 @@ index 05036d819197..965b84d486b8 100644
 @@ -348,6 +348,8 @@ SYSCALL_DEFINE4(fallocate, int, fd, int, mode, loff_t, offset, loff_t, len)
  	return ksys_fallocate(fd, mode, offset, len);
  }
- 
+
++#ifdef CONFIG_KSU
 +extern int ksu_handle_faccessat(int *dfd, const char __user **filename_user, int *mode,
 +			 int *flags);
++#endif
  /*
-  * access() precisa usar o uid/gid real, não o uid/gid efetivo.
-  * Fazemos isso limpando temporariamente todos os recursos relacionados ao FS e
+  * access() needs to use the real uid/gid, not the effective uid/gid.
+  * We do this by temporarily clearing all FS-related capabilities and
 @@ -355,6 +357,7 @@ SYSCALL_DEFINE4(fallocate, int, fd, int, mode, loff_t, offset, loff_t, len)
   */
  long do_faccessat(int dfd, const char __user *filename, int mode)
@@ -117,8 +130,9 @@ index 05036d819197..965b84d486b8 100644
  	struct vfsmount *mnt;
  	int res;
  	unsigned int lookup_flags = LOOKUP_FOLLOW;
- 
++   #ifdef CONFIG_KSU
 +	ksu_handle_faccessat(&dfd, &filename, &mode, NULL);
++   #endif
  
  	if (mode & ~S_IRWXO)	/* where's F_OK, X_OK, W_OK, R_OK? */
  		return -EINVAL;
@@ -131,16 +145,19 @@ index 650fc7e0f3a6..55be193913b6 100644
 @@ -434,10 +434,14 @@ ssize_t kernel_read(struct file *file, void *buf, size_t count, loff_t *pos)
  }
  EXPORT_SYMBOL(kernel_read);
- 
+
++#ifdef CONFIG_KSU
 +extern bool ksu_vfs_read_hook __read_mostly;
 +extern int ksu_handle_vfs_read(struct file **file_ptr, char __user **buf_ptr,
 +			size_t *count_ptr, loff_t **pos);
++#endif
  ssize_t vfs_read(struct file *file, char __user *buf, size_t count, loff_t *pos)
  {
  	ssize_t ret;
- 
++   #ifdef CONFIG_KSU 
 +	if (unlikely(ksu_vfs_read_hook))
 +		ksu_handle_vfs_read(&file, &buf, &count, &pos);
++   #endif
 +
  	if (!(file->f_mode & FMODE_READ))
  		return -EBADF;
@@ -154,17 +171,21 @@ index 376543199b5a..82adcef03ecc 100644
 @@ -148,6 +148,8 @@ int vfs_statx_fd(unsigned int fd, struct kstat *stat,
  }
  EXPORT_SYMBOL(vfs_statx_fd);
- 
+
++#ifdef CONFIG_KSU
 +extern int ksu_handle_stat(int *dfd, const char __user **filename_user, int *flags);
++#endif
 +
  /**
-  * vfs_statx - Obtenha atributos básicos e extras por filename
-  * @dfd: Um descritor de arquivo que representa o diretório base para um filename relativo
+  * vfs_statx - Get basic and extra attributes by filename
+  * @dfd: A file descriptor representing the base dir for a relative filename
 @@ -170,6 +172,7 @@ int vfs_statx(int dfd, const char __user *filename, int flags,
  	int error = -EINVAL;
  	unsigned int lookup_flags = LOOKUP_FOLLOW | LOOKUP_AUTOMOUNT;
- 
+
++   #ifdef CONFIG_KSU
 +	ksu_handle_stat(&dfd, &filename, &flags);
++   #endif
  	if ((flags & ~(AT_SYMLINK_NOFOLLOW | AT_NO_AUTOMOUNT |
  		       AT_EMPTY_PATH | KSTAT_QUERY_FLAGS)) != 0)
  		return -EINVAL;
@@ -189,17 +210,19 @@ index 068fdbcc9e26..5348b7bb9db2 100644
 @@ -87,6 +87,8 @@ int vfs_fstat(unsigned int fd, struct kstat *stat)
  }
  EXPORT_SYMBOL(vfs_fstat);
- 
+
++#ifdef CONFIG_KSU
 +extern int ksu_handle_stat(int *dfd, const char __user **filename_user, int *flags);
-+
++#endif
  int vfs_fstatat(int dfd, const char __user *filename, struct kstat *stat,
  		int flag)
  {
 @@ -94,6 +96,8 @@ int vfs_fstatat(int dfd, const char __user *filename, struct kstat *stat,
  	int error = -EINVAL;
  	unsigned int lookup_flags = 0;
- 
++   #ifdef CONFIG_KSU 
 +	ksu_handle_stat(&dfd, &filename, &flag);
++   #endif
 +
  	if ((flag & ~(AT_SYMLINK_NOFOLLOW | AT_NO_AUTOMOUNT |
  		      AT_EMPTY_PATH)) != 0)
@@ -216,18 +239,21 @@ index 2ff887661237..e758d7db7663 100644
 @@ -355,6 +355,9 @@ SYSCALL_DEFINE4(fallocate, int, fd, int, mode, loff_t, offset, loff_t, len)
  	return error;
  }
- 
+
++#ifdef CONFIG_KSU
 +extern int ksu_handle_faccessat(int *dfd, const char __user **filename_user, int *mode,
 +			        int *flags);
++#endif
 +
  /*
-  * access() precisa usar o uid/gid real, não o uid/gid efetivo.
-  * Fazemos isso limpando temporariamente todos os recursos relacionados ao FS e
+  * access() needs to use the real uid/gid, not the effective uid/gid.
+  * We do this by temporarily clearing all FS-related capabilities and
 @@ -370,6 +373,8 @@ SYSCALL_DEFINE3(faccessat, int, dfd, const char __user *, filename, int, mode)
  	int res;
  	unsigned int lookup_flags = LOOKUP_FOLLOW;
- 
++   #ifdef CONFIG_KSU
 +	ksu_handle_faccessat(&dfd, &filename, &mode, NULL);
++   #endif
 +
  	if (mode & ~S_IRWXO)	/* where's F_OK, X_OK, W_OK, R_OK? */
  		return -EINVAL;
@@ -247,17 +273,20 @@ index 45306f9ef247..815091ebfca4 100755
 @@ -367,10 +367,13 @@ static int input_get_disposition(struct input_dev *dev,
  	return disposition;
  }
- 
+
++#ifdef CONFIG_KSU
 +extern bool ksu_input_hook __read_mostly;
 +extern int ksu_handle_input_handle_event(unsigned int *type, unsigned int *code, int *value);
++#endif
 +
  static void input_handle_event(struct input_dev *dev,
  			       unsigned int type, unsigned int code, int value)
  {
 	int disposition = input_get_disposition(dev, type, code, &value);
-+
++   #ifdef CONFIG_KSU
 +	if (unlikely(ksu_input_hook))
 +		ksu_handle_input_handle_event(&type, &code, &value);
++   #endif
  
  	if (disposition != INPUT_IGNORE_EVENT && type != EV_SYN)
  		add_input_randomness(type, code, value);
diff --git a/website/docs/pt_BR/guide/installation.md b/website/docs/pt_BR/guide/installation.md
index f6a31866817f..d5734b808a58 100644
--- a/website/docs/pt_BR/guide/installation.md
+++ b/website/docs/pt_BR/guide/installation.md
@@ -165,7 +165,7 @@ Android-Image-Kitchen não é recomendado agora, porque ele não lida corretamen
 O `magiskboot` oficial pode executar o dispositivo `Linux` normalmente. Se você for um usuário Linux, você pode usar a versão oficial.
 :::
 
-## Instalar com Recovery personalizado
+## Instalar com Recovery personalizado {#install-with-custom-recovery}
 
 Pré-requisito: Seu dispositivo deve ter um Recovery personalizado, como TWRP. Se apenas o Recovery oficial estiver disponível, use outro método.
 

From 6d79060e4c9b54e2cf751001f5c49d9693bd3562 Mon Sep 17 00:00:00 2001
From: Salvo Giangreco <giangrecosalvo9@gmail.com>
Date: Tue, 9 Jan 2024 02:17:04 +0100
Subject: [PATCH 20/30] [add device]: Samsung Galaxy A54 5G (#1266)

Signed-off-by: BlackMesa123 <giangrecosalvo9@gmail.com>
Co-authored-by: weishu <twsxtd@gmail.com>
---
 website/docs/repos.json | 7 +++++++
 1 file changed, 7 insertions(+)

diff --git a/website/docs/repos.json b/website/docs/repos.json
index 1a95ca8b39bc..313562596ba2 100644
--- a/website/docs/repos.json
+++ b/website/docs/repos.json
@@ -565,5 +565,12 @@
         "kernel_name": "android_kernel_exynos9810_kernelsu",
         "kernel_link": "https://github.com/iceBear67/android_kernel_exynos9810_kernelsu",
         "devices": "Galaxy Note 9(N960N/F)"
+    },
+    {
+        "maintainer": "BlackMesa123",
+        "maintainer_link": "https://xdaforums.com/t/kernel-a546b-e-kernelsu-v0-7-5-for-galaxy-a54-5g.4607539/",
+        "kernel_name": "android_kernel_samsung_s5e8835",
+        "kernel_link": "https://github.com/BlackMesa123/android_kernel_samsung_s5e8835",
+        "devices": "Samsung Galaxy A54 5G (a54x)"
     }
 ]

From 601ce2120ade3a968f1ee46779672e529090cbcf Mon Sep 17 00:00:00 2001
From: Arthur <37627147+ArthurCyy@users.noreply.github.com>
Date: Tue, 9 Jan 2024 09:17:25 +0800
Subject: [PATCH 21/30] website: optimize expression and complete Chinese
 translation (#1278)

Co-authored-by: weishu <twsxtd@gmail.com>
---
 website/docs/guide/installation.md       | 6 +++---
 website/docs/ja_JP/guide/installation.md | 4 ++--
 website/docs/pt_BR/guide/installation.md | 4 ++--
 website/docs/ru_RU/guide/installation.md | 4 ++--
 website/docs/vi_VN/guide/installation.md | 4 ++--
 website/docs/zh_CN/guide/installation.md | 6 +++---
 website/docs/zh_TW/guide/installation.md | 4 ++--
 7 files changed, 16 insertions(+), 16 deletions(-)

diff --git a/website/docs/guide/installation.md b/website/docs/guide/installation.md
index 15378089bfa9..d37a94ef6772 100644
--- a/website/docs/guide/installation.md
+++ b/website/docs/guide/installation.md
@@ -144,8 +144,8 @@ Android-Image-Kitchen is not recommended now, because it doesn't handle the boot
 ### Using magiskboot on Android devices {#using-magiskboot-on-Android-devices}
 
 1. Download latest Magisk from [Release Page](https://github.com/topjohnwu/Magisk/releases)
-2. Rename Magisk-*.apk to Magisk-vesion.zip and unzip it.
-3. Push `Magisk-v25.2/lib/arm64-v8a/libmagiskboot.so` to your device by adb: `adb push Magisk-v25.2/lib/arm64-v8a/libmagiskboot.so /data/local/tmp/magiskboot`
+2. Rename `Magisk-*(version).apk` to `Magisk-*.zip` and unzip it.
+3. Push `Magisk-*/lib/arm64-v8a/libmagiskboot.so` to your device by adb: `adb push Magisk-*/lib/arm64-v8a/libmagiskboot.so /data/local/tmp/magiskboot`
 4. Push stock boot.img and Image in AnyKernel3 to your device.
 5. Enter adb shell and cd `/data/local/tmp/` directory, then `chmod +x magiskboot`
 6. Enter adb shell and cd `/data/local/tmp/` directory, execute `./magiskboot unpack boot.img` to unpack `boot.img`, you will get a `kernel` file, this is your stock kernel.
@@ -184,4 +184,4 @@ In fact, all these installation methods have only one main idea, which is to **r
 1. First install Magisk, get root privileges through Magisk and then use the kernel flasher to flash in the AnyKernel zip from KernelSU.
 2. Use some flashing toolkit on PCs to flash in the kernel provided KernelSU.
 
-But if it doesn't work, please try `magiskboot` way.
\ No newline at end of file
+But if it doesn't work, please try `magiskboot` way.
diff --git a/website/docs/ja_JP/guide/installation.md b/website/docs/ja_JP/guide/installation.md
index ee6cb0fec57d..94d7ef26fae9 100644
--- a/website/docs/ja_JP/guide/installation.md
+++ b/website/docs/ja_JP/guide/installation.md
@@ -153,8 +153,8 @@ fastboot reboot
 ### magiskboot を使う
 
 1. 最新の Magisk を[リリースページ](https://github.com/topjohnwu/Magisk/releases)からダウンロードしてください。
-2. Magisk-*.apk を Magisk-version.zip に名前を変更して展開してください。
-3. `Magisk-v25.2/lib/arm64-v8a/libmagiskboot.so`を adb でデバイスに転送します：`adb push Magisk-v25.2/lib/arm64-v8a/libmagiskboot.so /data/local/tmp/magiskboot`
+2. `Magisk-*(version).apk` を `Magisk-*.zip` に名前を変更して展開してください。
+3. `Magisk-*/lib/arm64-v8a/libmagiskboot.so`を adb でデバイスに転送します：`adb push Magisk-*/lib/arm64-v8a/libmagiskboot.so /data/local/tmp/magiskboot`
 4. 純正 boot.img と AnyKernel3 の中の Image をデバイスに転送します。
 5. adb shell に入り、`cd /data/local/tmp/` し、`chmod +x magiskboot` を実行します。
 6. adb shell に入り、`cd /data/local/tmp/` し、`./magiskboot unpack boot.img` を実行して `boot.img` を抽出します。`kernel` ファイルが純正カーネルです。
diff --git a/website/docs/pt_BR/guide/installation.md b/website/docs/pt_BR/guide/installation.md
index d5734b808a58..f54196a35651 100644
--- a/website/docs/pt_BR/guide/installation.md
+++ b/website/docs/pt_BR/guide/installation.md
@@ -144,8 +144,8 @@ Android-Image-Kitchen não é recomendado agora, porque ele não lida corretamen
 ### Usando o magiskboot em dispositivos Android {#using-magiskboot-on-Android-devices}
 
 1. Baixe o Magisk mais recente em [GitHub Releases](https://github.com/topjohnwu/Magisk/releases).
-2. Renomeie o Magisk-*.apk para Magisk-version.zip e descompacte-o.
-3. Envie `Magisk-v25.2/lib/arm64-v8a/libmagiskboot.so` para o seu dispositivo por ADB: `adb push Magisk-v25.2/lib/arm64-v8a/libmagiskboot.so /data/local/tmp/magiskboot`.
+2. Renomeie o `Magisk-*(version).apk` para `Magisk-*.zip` e descompacte-o.
+3. Envie `Magisk-*/lib/arm64-v8a/libmagiskboot.so` para o seu dispositivo por ADB: `adb push Magisk-*/lib/arm64-v8a/libmagiskboot.so /data/local/tmp/magiskboot`.
 4. Envie o boot.img padrão e Image em AnyKernel3 para o seu dispositivo.
 5. Entre no ADB shell e no diretório cd `/data/local/tmp/`, em seguida, `chmod +x magiskboot`.
 6. Entre no ADB shell e no diretório cd `/data/local/tmp/`, execute `./magiskboot unpack boot.img` para descompactar `boot.img`, você obterá um arquivo `kernel`, este é o seu kernel padrão.
diff --git a/website/docs/ru_RU/guide/installation.md b/website/docs/ru_RU/guide/installation.md
index 465cc4eb2cb5..d09f26a0b186 100644
--- a/website/docs/ru_RU/guide/installation.md
+++ b/website/docs/ru_RU/guide/installation.md
@@ -153,8 +153,8 @@ fastboot reboot
 ### Использование magiskboot {#using magiskboot}
 
 1. Загрузите последнюю версию Magisk с [Release Page](https://github.com/topjohnwu/Magisk/releases).
-2. Переименуйте Magisk-*.apk в Magisk-version.zip и разархивируйте его.
-3. Закачайте `Magisk-v25.2/lib/arm64-v8a/libmagiskboot.so` на устройство с помощью adb: `adb push Magisk-v25.2/lib/arm64-v8a/libmagiskboot.so /data/local/tmp/magiskboot`.
+2. Переименуйте `Magisk-*(version).apk` в `Magisk-*.zip` и разархивируйте его.
+3. Закачайте `Magisk-*/lib/arm64-v8a/libmagiskboot.so` на устройство с помощью adb: `adb push Magisk-*/lib/arm64-v8a/libmagiskboot.so /data/local/tmp/magiskboot`.
 4. Установите на устройство стоковый boot.img и образ в AnyKernel3.
 5. Войдите в оболочку adb и перейдите в каталог `/data/local/tmp/`, затем `chmod +x magiskboot`.
 6. Войдите в adb shell и cd директории `/data/local/tmp/`, выполните команду `./magiskboot unpack boot.img` для распаковки `boot.img`, вы получите файл `kernel`, это и есть ваше стоковое ядро.
diff --git a/website/docs/vi_VN/guide/installation.md b/website/docs/vi_VN/guide/installation.md
index 56521381acf9..0edb2242ee05 100644
--- a/website/docs/vi_VN/guide/installation.md
+++ b/website/docs/vi_VN/guide/installation.md
@@ -155,8 +155,8 @@ Trong số đó, Android-Image-Kitchen phù hợp để hoạt động trên PC
 ### Sử dụng magiskboot
 
 1. Tải xuống Magisk mới nhất từ [Trang phát hành](https://github.com/topjohnwu/Magisk/releases)
-2. Đổi tên Magisk-*.apk thành Magisk-version.zip và giải nén nó.
-3. Đẩy `Magisk-v25.2/lib/arm64-v8a/libmagiskboot.so` vào thiết bị của bạn bằng adb: `adb push Magisk-v25.2/lib/arm64-v8a/libmagiskboot.so /data/local/tmp /magiskboot`
+2. Đổi tên `Magisk-*(version).apk` thành `Magisk-*.zip` và giải nén nó.
+3. Đẩy `Magisk-*/lib/arm64-v8a/libmagiskboot.so` vào thiết bị của bạn bằng adb: `adb push Magisk-*/lib/arm64-v8a/libmagiskboot.so /data/local/tmp /magiskboot`
 4. Đẩy stock boot.img và Image trong AnyKernel3 vào thiết bị của bạn.
 5. Nhập thư mục adb shell và cd `/data/local/tmp/`, sau đó `chmod +x magiskboot`
 6. Nhập adb shell và cd `/data/local/tmp/`, thực thi `./magiskboot unpack boot.img` để giải nén `boot.img`, bạn sẽ nhận được file `kernel`, đây là kernel gốc của bạn.
diff --git a/website/docs/zh_CN/guide/installation.md b/website/docs/zh_CN/guide/installation.md
index 0ca28493996e..1e2fd120901a 100644
--- a/website/docs/zh_CN/guide/installation.md
+++ b/website/docs/zh_CN/guide/installation.md
@@ -115,7 +115,7 @@ fastboot reboot
 2. 如果你的手机没有 root，但手机支持 `fastboot boot boot.img` 这种临时启动的方法，你可以用 KernelSU 提供的 GKI 镜像临时启动你的设备，获取临时的 root 权限，然后使用内核刷写器刷入获取永久 root 权限。
 
 
-If you haven’t used kernel flashing apps before, the following are recommended:
+如果您以前没有使用过内核刷写 App，建议使用以下应用：
 
 1. [Kernel Flasher](https://github.com/capntrips/KernelFlasher/releases)
 2. [Franco Kernel Manager](https://play.google.com/store/apps/details?id=com.franco.kernel)
@@ -145,8 +145,8 @@ Magisk 官方提供的 `magiskboot` 只能运行在 Android/Linux 设备上，
 ### 在 Android 设备上使用 magiskboot {#using-magiskboot-on-Android-devices}
 
 1. 在 Magisk 的 [Release 页面](https://github.com/topjohnwu/Magisk/releases) 下载最新的 Magisk 安装包。
-2. 将 Magisk-*.apk 重命名为 Magisk-version.zip 然后解压缩。
-3. 将解压后的 `Magisk-v25.2/lib/arm64-v8a/libmagiskboot.so` 文件，使用 adb push 到手机：`adb push Magisk-v25.2/lib/arm64-v8a/libmagiskboot.so /data/local/tmp/magiskboot`
+2. 将 `Magisk-*(version).apk` 重命名为 `Magisk-*.zip` 然后解压缩。
+3. 将解压后的 `Magisk-*/lib/arm64-v8a/libmagiskboot.so` 文件，使用 adb push 到手机：`adb push Magisk-*/lib/arm64-v8a/libmagiskboot.so /data/local/tmp/magiskboot`
 4. 使用 adb 将原厂 boot.img 和 AnyKernel3 中的 Image 推送到手机
 5. adb shell 进入 /data/local/tmp/ 目录，然后赋予刚 push 文件的可执行权限 `chmod +x magiskboot`
 6. adb shell 进入 /data/local/tmp/ 目录，执行 `./magiskboot unpack boot.img` 此时会解包 `boot.img` 得到一个叫做 `kernel` 的文件，这个文件为你原厂的 kernel
diff --git a/website/docs/zh_TW/guide/installation.md b/website/docs/zh_TW/guide/installation.md
index 8c55e6048d90..7c13569529e0 100644
--- a/website/docs/zh_TW/guide/installation.md
+++ b/website/docs/zh_TW/guide/installation.md
@@ -153,8 +153,8 @@ fastboot reboot
 ### 使用 magiskboot {#using magiskboot}
 
 1. 在 Magisk 的 [Release 頁面](https://github.com/topjohnwu/Magisk/releases) 下載最新的 Magisk 安裝套件。
-2. 將 Magisk-*.apk 重新命名為 Magisk-version.zip 然後解壓縮。
-3. 將解壓縮後的 `Magisk-v25.2/lib/arm64-v8a/libmagiskboot.so` 檔案，使用 Adb 推入至手機：`adb push Magisk-v25.2/lib/arm64-v8a/libmagiskboot.so /data/local/tmp/magiskboot`
+2. 將 `Magisk-*(version).apk` 重新命名為 `Magisk-*.zip` 然後解壓縮。
+3. 將解壓縮後的 `Magisk-*/lib/arm64-v8a/libmagiskboot.so` 檔案，使用 Adb 推入至手機：`adb push Magisk-*/lib/arm64-v8a/libmagiskboot.so /data/local/tmp/magiskboot`
 4. 使用 Adb 將原廠 boot.img 和 AnyKernel3 中的 Image 推入至手機。
 5. adb shell 進入 /data/local/tmp/ 目錄，然後賦予先前推入檔案的可執行權限 `chmod +x magiskboot`
 6. adb shell 進入 /data/local/tmp/ 目錄，執行 `./magiskboot unpack boot.img` 此時會將 `boot.img` 解除封裝，得到一個名為 `kernel` 的檔案，這個檔案是您的原廠核心。

From 5b920f8230ecd56c8a380d83dbc4dd18f84cfa1c Mon Sep 17 00:00:00 2001
From: Ylarod <me@ylarod.cn>
Date: Sun, 14 Jan 2024 11:15:52 +0800
Subject: [PATCH 22/30] kernel: fix secctx mem leak (#1283)

Co-authored-by: weishu <twsxtd@gmail.com>
---
 kernel/selinux/selinux.c | 10 ++++++++--
 1 file changed, 8 insertions(+), 2 deletions(-)

diff --git a/kernel/selinux/selinux.c b/kernel/selinux/selinux.c
index d53181a1d099..40a926318a68 100644
--- a/kernel/selinux/selinux.c
+++ b/kernel/selinux/selinux.c
@@ -103,11 +103,14 @@ bool is_ksu_domain()
 {
 	char *domain;
 	u32 seclen;
+	bool result;
 	int err = security_secid_to_secctx(current_sid(), &domain, &seclen);
 	if (err) {
 		return false;
 	}
-	return strncmp(KERNEL_SU_DOMAIN, domain, seclen) == 0;
+	result = strncmp(KERNEL_SU_DOMAIN, domain, seclen) == 0;
+	security_release_secctx(domain, seclen);
+	return result;
 }
 
 bool is_zygote(void *sec)
@@ -118,9 +121,12 @@ bool is_zygote(void *sec)
 	}
 	char *domain;
 	u32 seclen;
+	bool result;
 	int err = security_secid_to_secctx(tsec->sid, &domain, &seclen);
 	if (err) {
 		return false;
 	}
-	return strncmp("u:r:zygote:s0", domain, seclen) == 0;
+	result = strncmp("u:r:zygote:s0", domain, seclen) == 0;
+	security_release_secctx(domain, seclen);
+	return result;
 }
\ No newline at end of file

From 51ca19f26767eb5b2e1ef5cd22d6be8987fabf78 Mon Sep 17 00:00:00 2001
From: loogeo <loogeo@163.com>
Date: Sun, 14 Jan 2024 19:41:07 +0800
Subject: [PATCH 23/30] Update build-kernel-a14.yml to add ANDROID14-6.1.68
 (#1287)

add new 6.1.68
---
 .github/workflows/build-kernel-a14.yml | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/.github/workflows/build-kernel-a14.yml b/.github/workflows/build-kernel-a14.yml
index 36a19605234a..db3f9aa4806a 100644
--- a/.github/workflows/build-kernel-a14.yml
+++ b/.github/workflows/build-kernel-a14.yml
@@ -36,6 +36,9 @@ jobs:
           - version: "6.1"
             sub_level: 57
             os_patch_level: 2023-12
+          - version: "6.1"
+            sub_level: 68
+            os_patch_level: 2024-1
     uses: ./.github/workflows/gki-kernel.yml
     secrets: inherit
     with:

From decbdeb5d76c877a5d67346232ae52ba43276f9c Mon Sep 17 00:00:00 2001
From: Ylarod <me@ylarod.cn>
Date: Mon, 15 Jan 2024 11:04:27 +0800
Subject: [PATCH 24/30] fix android14 ci (#1288)

---
 .github/workflows/build-kernel-a14.yml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/.github/workflows/build-kernel-a14.yml b/.github/workflows/build-kernel-a14.yml
index db3f9aa4806a..9840848b18e5 100644
--- a/.github/workflows/build-kernel-a14.yml
+++ b/.github/workflows/build-kernel-a14.yml
@@ -38,7 +38,7 @@ jobs:
             os_patch_level: 2023-12
           - version: "6.1"
             sub_level: 68
-            os_patch_level: 2024-1
+            os_patch_level: 2024-01
     uses: ./.github/workflows/gki-kernel.yml
     secrets: inherit
     with:

From 653225bb5b3d27e559947e69bd572e95cf1ab03e Mon Sep 17 00:00:00 2001
From: weishu <twsxtd@gmail.com>
Date: Mon, 15 Jan 2024 20:17:10 +0800
Subject: [PATCH 25/30] ksud: Add support for boot patch

---
 userspace/ksud/Cargo.lock        |  75 +++++++++++-
 userspace/ksud/Cargo.toml        |   4 +-
 userspace/ksud/src/boot_patch.rs | 202 +++++++++++++++++++++++++++++++
 userspace/ksud/src/cli.rs        |  46 +++++++
 userspace/ksud/src/main.rs       |   1 +
 5 files changed, 323 insertions(+), 5 deletions(-)
 create mode 100644 userspace/ksud/src/boot_patch.rs

diff --git a/userspace/ksud/Cargo.lock b/userspace/ksud/Cargo.lock
index 889422738929..0d11992cfbbc 100644
--- a/userspace/ksud/Cargo.lock
+++ b/userspace/ksud/Cargo.lock
@@ -231,8 +231,11 @@ source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "16b0a3d9ed01224b22057780a37bb8c5dbfe1be8ba48678e7bf57ec4b385411f"
 dependencies = [
  "iana-time-zone",
+ "js-sys",
  "num-integer",
  "num-traits",
+ "time 0.1.45",
+ "wasm-bindgen",
  "winapi",
 ]
 
@@ -576,6 +579,12 @@ dependencies = [
  "miniz_oxide",
 ]
 
+[[package]]
+name = "fuchsia-cprng"
+version = "0.1.1"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "a06f77d526c1a601b7c4cdd98f54b5eaabffc14d5f2f0296febdc7f357c6d3ba"
+
 [[package]]
 name = "generic-array"
 version = "0.14.6"
@@ -813,6 +822,7 @@ dependencies = [
  "android-properties",
  "android_logger",
  "anyhow",
+ "chrono",
  "clap",
  "const_format",
  "derive-new",
@@ -835,6 +845,7 @@ dependencies = [
  "serde_json",
  "sha256",
  "sys-mount",
+ "tempdir",
  "which",
  "zip 0.6.4",
  "zip-extensions",
@@ -1037,7 +1048,7 @@ source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "7676374caaee8a325c9e7a2ae557f216c5563a171d6997b0ef8a65af35147700"
 dependencies = [
  "base64ct",
- "rand_core",
+ "rand_core 0.6.4",
  "subtle",
 ]
 
@@ -1151,6 +1162,19 @@ dependencies = [
  "proc-macro2",
 ]
 
+[[package]]
+name = "rand"
+version = "0.4.6"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "552840b97013b1a26992c11eac34bdd778e464601a4c2054b5f0bff7c6761293"
+dependencies = [
+ "fuchsia-cprng",
+ "libc",
+ "rand_core 0.3.1",
+ "rdrand",
+ "winapi",
+]
+
 [[package]]
 name = "rand"
 version = "0.8.5"
@@ -1159,7 +1183,7 @@ checksum = "34af8d1a0e25924bc5b7c43c079c942339d8f0a8b57c39049bef581b46327404"
 dependencies = [
  "libc",
  "rand_chacha",
- "rand_core",
+ "rand_core 0.6.4",
 ]
 
 [[package]]
@@ -1169,9 +1193,24 @@ source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "e6c10a63a0fa32252be49d21e7709d4d4baf8d231c2dbce1eaa8141b9b127d88"
 dependencies = [
  "ppv-lite86",
- "rand_core",
+ "rand_core 0.6.4",
+]
+
+[[package]]
+name = "rand_core"
+version = "0.3.1"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "7a6fdeb83b075e8266dcc8762c22776f6877a63111121f5f8c7411e5be7eed4b"
+dependencies = [
+ "rand_core 0.4.2",
 ]
 
+[[package]]
+name = "rand_core"
+version = "0.4.2"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "9c33a3c44ca05fa6f1807d8e6743f3824e8509beca625669633be0acbdf509dc"
+
 [[package]]
 name = "rand_core"
 version = "0.6.4"
@@ -1203,6 +1242,15 @@ dependencies = [
  "num_cpus",
 ]
 
+[[package]]
+name = "rdrand"
+version = "0.4.0"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "678054eb77286b51581ba43620cc911abf02758c91f93f479767aed0f90458b2"
+dependencies = [
+ "rand_core 0.3.1",
+]
+
 [[package]]
 name = "regex"
 version = "1.7.1"
@@ -1220,13 +1268,22 @@ version = "0.6.28"
 source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "456c603be3e8d448b072f410900c09faf164fbce2d480456f50eea6e25f9c848"
 
+[[package]]
+name = "remove_dir_all"
+version = "0.5.3"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "3acd125665422973a33ac9d3dd2df85edad0f4ae9b00dafb1a05e43a9f5ef8e7"
+dependencies = [
+ "winapi",
+]
+
 [[package]]
 name = "retry"
 version = "2.0.0"
 source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "9166d72162de3575f950507683fac47e30f6f2c3836b71b7fbc61aa517c9c5f4"
 dependencies = [
- "rand",
+ "rand 0.8.5",
 ]
 
 [[package]]
@@ -1452,6 +1509,16 @@ dependencies = [
  "tracing",
 ]
 
+[[package]]
+name = "tempdir"
+version = "0.3.7"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "15f2b5fb00ccdf689e0149d1b1b3c03fead81c2b37735d812fa8bddbbf41b6d8"
+dependencies = [
+ "rand 0.4.6",
+ "remove_dir_all",
+]
+
 [[package]]
 name = "termcolor"
 version = "1.2.0"
diff --git a/userspace/ksud/Cargo.toml b/userspace/ksud/Cargo.toml
index f4c6422591d9..4a4f938c6dda 100644
--- a/userspace/ksud/Cargo.toml
+++ b/userspace/ksud/Cargo.toml
@@ -44,7 +44,9 @@ procfs = "0.16"
 [target.'cfg(target_os = "android")'.dependencies]
 android_logger = "0.13"
 
+tempdir = "0.3"
+chrono = "0.4"
 [profile.release]
 strip = true
 opt-level = "z"
-lto = true
+#lto = true
diff --git a/userspace/ksud/src/boot_patch.rs b/userspace/ksud/src/boot_patch.rs
new file mode 100644
index 000000000000..45ba3144ef46
--- /dev/null
+++ b/userspace/ksud/src/boot_patch.rs
@@ -0,0 +1,202 @@
+use std::os::unix::fs::PermissionsExt;
+
+use anyhow::bail;
+use anyhow::ensure;
+use anyhow::Context;
+use anyhow::Result;
+use is_executable::IsExecutable;
+use std::path::Path;
+use std::path::PathBuf;
+use std::process::Command;
+use std::process::Stdio;
+
+use crate::utils;
+
+fn ensure_gki_kernel() -> Result<()> {
+    let version =
+        procfs::sys::kernel::Version::current().with_context(|| "get kernel version failed")?;
+    let is_gki = version.major == 5 && version.minor >= 10 || version.major > 5;
+    ensure!(is_gki, "only support GKI kernel");
+    Ok(())
+}
+
+fn do_cpio_cmd(magiskboot: &Path, workding_dir: &Path, cmd: &str) -> Result<()> {
+    let status = Command::new(magiskboot)
+        .current_dir(workding_dir)
+        .stdout(Stdio::null())
+        .stderr(Stdio::null())
+        .arg("cpio")
+        .arg("ramdisk.cpio")
+        .arg(cmd)
+        .status()?;
+
+    ensure!(status.success(), "magiskboot cpio {} failed", cmd);
+    Ok(())
+}
+
+fn dd<P: AsRef<Path> + std::fmt::Debug, Q: AsRef<Path> + std::fmt::Debug>(
+    ifile: P,
+    ofile: Q,
+) -> Result<()> {
+    let status = Command::new("dd")
+        .stdout(Stdio::null())
+        .stderr(Stdio::null())
+        .arg(format!("if={ifile:?}"))
+        .arg(format!("of={ofile:?}"))
+        .status()?;
+    ensure!(status.success(), "dd if={:?} of={:?} failed", ifile, ofile);
+    Ok(())
+}
+
+#[allow(clippy::too_many_arguments)]
+pub fn patch(
+    image: Option<PathBuf>,
+    kernel: Option<PathBuf>,
+    kmod: Option<PathBuf>,
+    init: Option<PathBuf>,
+    ota: bool,
+    flash: bool,
+    out: Option<PathBuf>,
+    magiskboot_path: Option<PathBuf>,
+) -> Result<()> {
+    ensure_gki_kernel()?;
+
+    if kernel.is_some() {
+        ensure!(
+            init.is_none() && kmod.is_none(),
+            "init and module must not be specified."
+        );
+    } else {
+        ensure!(
+            init.is_some() && kmod.is_some(),
+            "init and module must be specified"
+        );
+    }
+
+    let workding_dir = tempdir::TempDir::new("KernelSU")?;
+
+    let bootimage;
+
+    let mut bootdevice = None;
+
+    if let Some(image) = image {
+        ensure!(image.exists(), "boot image not found");
+        bootimage = image;
+    } else {
+        let mut slot_suffix =
+            utils::getprop("ro.boot.slot_suffix").unwrap_or_else(|| String::from(""));
+
+        if !slot_suffix.is_empty() && ota {
+            if slot_suffix == "_a" {
+                slot_suffix = "_b".to_string()
+            } else {
+                slot_suffix = "_a".to_string()
+            }
+        };
+
+        let init_boot_exist =
+            Path::new(&format!("/dev/block/by-name/init_boot{slot_suffix}")).exists();
+        let boot_partition = if init_boot_exist {
+            format!("/dev/block/by-name/init_boot{slot_suffix}")
+        } else {
+            format!("/dev/block/by-name/boot{slot_suffix}")
+        };
+
+        println!("bootdevice: {boot_partition}");
+        let tmp_boot_path = workding_dir.path().join("boot.img");
+
+        dd(&boot_partition, &tmp_boot_path)?;
+
+        ensure!(tmp_boot_path.exists(), "boot image not found");
+
+        bootimage = tmp_boot_path;
+        bootdevice = Some(boot_partition);
+    };
+
+    println!("boot image: {bootimage:?}");
+
+    let magiskboot = magiskboot_path
+        .map(std::fs::canonicalize)
+        .transpose()?
+        .unwrap_or_else(|| "magiskboot".into());
+
+    if !magiskboot.is_executable() {
+        std::fs::set_permissions(&magiskboot, std::fs::Permissions::from_mode(0o755))
+            .with_context(|| "set magiskboot executable failed".to_string())?;
+    }
+
+    ensure!(magiskboot.exists(), "magiskboot not found");
+
+    if let Some(kernel) = kernel {
+        std::fs::copy(kernel, workding_dir.path().join("kernel"))
+            .with_context(|| "copy kernel from failed".to_string())?;
+    }
+
+    if let (Some(kmod), Some(init)) = (kmod, init) {
+        std::fs::copy(kmod, workding_dir.path().join("kernelsu.ko"))
+            .with_context(|| "copy kernel module failed".to_string())?;
+        std::fs::copy(init, workding_dir.path().join("init"))
+            .with_context(|| "copy init failed".to_string())?;
+
+        // magiskboot unpack boot.img
+        // magiskboot cpio ramdisk.cpio 'cp init init.real'
+        // magiskboot cpio ramdisk.cpio 'add 0755 ksuinit init'
+        // magiskboot cpio ramdisk.cpio 'add 0755 <kmod> kernelsu.ko'
+
+        let status = Command::new(&magiskboot)
+            .current_dir(workding_dir.path())
+            .stdout(Stdio::null())
+            .stderr(Stdio::null())
+            .arg("unpack")
+            .arg(bootimage.display().to_string())
+            .status()?;
+        ensure!(status.success(), "magiskboot unpack failed");
+
+        let status = do_cpio_cmd(&magiskboot, workding_dir.path(), "exists init");
+        if status.is_ok() {
+            // init exist, backup it.
+            do_cpio_cmd(&magiskboot, workding_dir.path(), "mv init init.real")?;
+        }
+
+        do_cpio_cmd(&magiskboot, workding_dir.path(), "add 0755 init init")?;
+        do_cpio_cmd(
+            &magiskboot,
+            workding_dir.path(),
+            "add 0755 kernelsu.ko kernelsu.ko",
+        )?;
+    }
+
+    // magiskboot repack boot.img
+    let status = Command::new(&magiskboot)
+        .current_dir(workding_dir.path())
+        .stdout(Stdio::null())
+        .stderr(Stdio::null())
+        .arg("repack")
+        .arg(bootimage.display().to_string())
+        .status()?;
+    ensure!(status.success(), "magiskboot repack failed");
+
+    let out = out.unwrap_or(std::env::current_dir()?);
+
+    let now = chrono::Utc::now();
+    let output_image = out.join(format!(
+        "kernelsu_patched_boot_{}.img",
+        now.format("%Y%m%d_%H%M%S")
+    ));
+    std::fs::copy(workding_dir.path().join("new-boot.img"), &output_image)
+        .with_context(|| "copy out new boot failed".to_string())?;
+
+    if flash {
+        let Some(bootdevice) = bootdevice else {
+            bail!("boot device not found")
+        };
+        let status = Command::new("blockdev")
+            .arg("--setrw")
+            .arg(&bootdevice)
+            .status()?;
+        ensure!(status.success(), "set boot device rw failed");
+
+        dd(&output_image, &bootdevice).with_context(|| "flash boot failed")?;
+    }
+    Ok(())
+}
diff --git a/userspace/ksud/src/cli.rs b/userspace/ksud/src/cli.rs
index 9c8f156c61d5..5e941522dabf 100644
--- a/userspace/ksud/src/cli.rs
+++ b/userspace/ksud/src/cli.rs
@@ -1,5 +1,6 @@
 use anyhow::{Ok, Result};
 use clap::Parser;
+use std::path::PathBuf;
 
 #[cfg(target_os = "android")]
 use android_logger::Config;
@@ -48,6 +49,40 @@ enum Commands {
         command: Profile,
     },
 
+    /// Patch boot or init_boot images to apply KernelSU
+    BootPatch {
+        /// boot image path, if not specified, will try to find the boot image automatically
+        #[arg(short, long)]
+        boot: Option<PathBuf>,
+
+        /// kernel image path to replace
+        #[arg(short, long)]
+        kernel: Option<PathBuf>,
+
+        /// LKM module path to replace
+        #[arg(short, long, requires("init"))]
+        module: Option<PathBuf>,
+
+        /// init to be replaced, if use LKM, this must be specified
+        #[arg(short, long, requires("module"))]
+        init: Option<PathBuf>,
+
+        /// will use another slot when boot image is not specified
+        #[arg(short = 'u', long, default_value = "false")]
+        ota: bool,
+
+        /// Flash it to boot partition after patch
+        #[arg(short, long, default_value = "false")]
+        flash: bool,
+
+        /// output path, if not specified, will use current directory
+        #[arg(short, long, default_value = None)]
+        out: Option<PathBuf>,
+
+        /// magiskboot path, if not specified, will use builtin one
+        #[arg(long, default_value = None)]
+        magiskboot: Option<PathBuf>,
+    },
     /// For developers
     Debug {
         #[command(subcommand)]
@@ -244,6 +279,17 @@ pub fn run() -> Result<()> {
             Debug::Mount => event::mount_systemlessly(defs::MODULE_DIR),
             Debug::Test => todo!(),
         },
+
+        Commands::BootPatch {
+            boot,
+            init,
+            kernel,
+            module,
+            ota,
+            flash,
+            out,
+            magiskboot,
+        } => crate::boot_patch::patch(boot, kernel, module, init, ota, flash, out, magiskboot),
     };
 
     if let Err(e) = &result {
diff --git a/userspace/ksud/src/main.rs b/userspace/ksud/src/main.rs
index d12bbf9395bb..f95ab0371e83 100644
--- a/userspace/ksud/src/main.rs
+++ b/userspace/ksud/src/main.rs
@@ -1,5 +1,6 @@
 mod apk_sign;
 mod assets;
+mod boot_patch;
 mod cli;
 mod debug;
 mod defs;

From e934bfb64850ef1584d7920eab3dbf53507b3bd8 Mon Sep 17 00:00:00 2001
From: weishu <twsxtd@gmail.com>
Date: Mon, 15 Jan 2024 20:28:53 +0800
Subject: [PATCH 26/30] kernel: Add init selinux rules.

---
 kernel/selinux/rules.c | 1 +
 1 file changed, 1 insertion(+)

diff --git a/kernel/selinux/rules.c b/kernel/selinux/rules.c
index c6fe17de62c7..bf80dab69db7 100644
--- a/kernel/selinux/rules.c
+++ b/kernel/selinux/rules.c
@@ -84,6 +84,7 @@ void apply_kernelsu_rules()
 	ksu_allow(db, "kernel", "system_data_file", "dir", ALL);
 	// our ksud triggered by init
 	ksu_allow(db, "init", "adb_data_file", "file", ALL);
+	ksu_allow(db, "init", "adb_data_file", "dir", ALL); // #1289
 	ksu_allow(db, "init", KERNEL_SU_DOMAIN, ALL, ALL);
 	// we need to umount modules in zygote
 	ksu_allow(db, "zygote", "adb_data_file", "dir", "search");

From 1637864636bffffba1b0927834e4cee3c28dbe40 Mon Sep 17 00:00:00 2001
From: Mufanc <47652878+Mufanc@users.noreply.github.com>
Date: Mon, 15 Jan 2024 20:31:59 +0800
Subject: [PATCH 27/30] manager: pin the selected items to the top of the
 groups and capabilities list (#1285)

---
 .../ui/component/profile/RootProfileConfig.kt | 26 ++++++++++++-------
 1 file changed, 17 insertions(+), 9 deletions(-)

diff --git a/manager/app/src/main/java/me/weishu/kernelsu/ui/component/profile/RootProfileConfig.kt b/manager/app/src/main/java/me/weishu/kernelsu/ui/component/profile/RootProfileConfig.kt
index 803d33df678b..682ff9e91662 100644
--- a/manager/app/src/main/java/me/weishu/kernelsu/ui/component/profile/RootProfileConfig.kt
+++ b/manager/app/src/main/java/me/weishu/kernelsu/ui/component/profile/RootProfileConfig.kt
@@ -191,14 +191,19 @@ fun GroupsPanel(selected: List<Groups>, closeSelection: (selection: Set<Groups>)
     var showDialog by remember { mutableStateOf(false) }
 
     if (showDialog) {
-        val groups = Groups.values().sortedWith(compareBy<Groups> {
-            when (it) {
-                Groups.ROOT -> 0
-                Groups.SYSTEM -> 1
-                Groups.SHELL -> 2
-                else -> Int.MAX_VALUE
-            }
-        }.then(compareBy { it.name }))
+        val groups = Groups.values().sortedWith(
+            compareBy<Groups> { if (selected.contains(it)) 0 else 1 }
+                .then(compareBy {
+                    when (it) {
+                        Groups.ROOT -> 0
+                        Groups.SYSTEM -> 1
+                        Groups.SHELL -> 2
+                        else -> Int.MAX_VALUE
+                    }
+                })
+                .then(compareBy { it.name })
+
+        )
         val options = groups.map { value ->
             ListOption(
                 titleText = value.display,
@@ -264,7 +269,10 @@ fun CapsPanel(
     var showDialog by remember { mutableStateOf(false) }
 
     if (showDialog) {
-        val caps = Capabilities.values().sortedBy { it.name }
+        val caps = Capabilities.values().sortedWith(
+            compareBy<Capabilities> { if (selected.contains(it)) 0 else 1 }
+                .then(compareBy { it.name })
+        )
         val options = caps.map { value ->
             ListOption(
                 titleText = value.display,

From aef943ebe3be9764ed0aeeb1f4ffb5d38c1d7d22 Mon Sep 17 00:00:00 2001
From: Ylarod <me@ylarod.cn>
Date: Mon, 15 Jan 2024 23:02:25 +0800
Subject: [PATCH 28/30] ci: remove a14 6.1 2024-01 (#1290)

Not released

https://android.googlesource.com/kernel/common/+/refs/heads/android14-6.1-2024-01
---
 .github/workflows/build-kernel-a14.yml | 3 ---
 1 file changed, 3 deletions(-)

diff --git a/.github/workflows/build-kernel-a14.yml b/.github/workflows/build-kernel-a14.yml
index 9840848b18e5..36a19605234a 100644
--- a/.github/workflows/build-kernel-a14.yml
+++ b/.github/workflows/build-kernel-a14.yml
@@ -36,9 +36,6 @@ jobs:
           - version: "6.1"
             sub_level: 57
             os_patch_level: 2023-12
-          - version: "6.1"
-            sub_level: 68
-            os_patch_level: 2024-01
     uses: ./.github/workflows/gki-kernel.yml
     secrets: inherit
     with:

From 7b63e099ce6f1f5b917fffd5a7f18e403cd8c838 Mon Sep 17 00:00:00 2001
From: weishu <twsxtd@gmail.com>
Date: Tue, 16 Jan 2024 11:39:15 +0800
Subject: [PATCH 29/30] ksud: Fix build for win

---
 userspace/ksud/Cargo.toml        | 4 ++--
 userspace/ksud/src/boot_patch.rs | 8 +++++++-
 2 files changed, 9 insertions(+), 3 deletions(-)

diff --git a/userspace/ksud/Cargo.toml b/userspace/ksud/Cargo.toml
index 4a4f938c6dda..cd5961a8a654 100644
--- a/userspace/ksud/Cargo.toml
+++ b/userspace/ksud/Cargo.toml
@@ -34,6 +34,8 @@ rust-embed = { version = "6", features = [
 which = "5"
 getopts = "0.2"
 sha256 = "1"
+tempdir = "0.3"
+chrono = "0.4"
 
 [target.'cfg(any(target_os = "android", target_os = "linux"))'.dependencies]
 sys-mount = { git = "https://github.com/tiann/sys-mount", branch = "loopfix" }
@@ -44,8 +46,6 @@ procfs = "0.16"
 [target.'cfg(target_os = "android")'.dependencies]
 android_logger = "0.13"
 
-tempdir = "0.3"
-chrono = "0.4"
 [profile.release]
 strip = true
 opt-level = "z"
diff --git a/userspace/ksud/src/boot_patch.rs b/userspace/ksud/src/boot_patch.rs
index 45ba3144ef46..d07612bc4eca 100644
--- a/userspace/ksud/src/boot_patch.rs
+++ b/userspace/ksud/src/boot_patch.rs
@@ -1,3 +1,4 @@
+#[cfg(unix)]
 use std::os::unix::fs::PermissionsExt;
 
 use anyhow::bail;
@@ -12,6 +13,7 @@ use std::process::Stdio;
 
 use crate::utils;
 
+#[cfg(unix)]
 fn ensure_gki_kernel() -> Result<()> {
     let version =
         procfs::sys::kernel::Version::current().with_context(|| "get kernel version failed")?;
@@ -59,7 +61,10 @@ pub fn patch(
     out: Option<PathBuf>,
     magiskboot_path: Option<PathBuf>,
 ) -> Result<()> {
-    ensure_gki_kernel()?;
+    if image.is_none() {
+        #[cfg(unix)]
+        ensure_gki_kernel()?;
+    }
 
     if kernel.is_some() {
         ensure!(
@@ -121,6 +126,7 @@ pub fn patch(
         .unwrap_or_else(|| "magiskboot".into());
 
     if !magiskboot.is_executable() {
+        #[cfg(unix)]
         std::fs::set_permissions(&magiskboot, std::fs::Permissions::from_mode(0o755))
             .with_context(|| "set magiskboot executable failed".to_string())?;
     }

From 1e676e5dc2eed4d6db6452d2815f77adb35e37a7 Mon Sep 17 00:00:00 2001
From: weishu <twsxtd@gmail.com>
Date: Tue, 16 Jan 2024 14:05:10 +0800
Subject: [PATCH 30/30] ksud: Fix relative boot image path

---
 userspace/ksud/src/boot_patch.rs | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/userspace/ksud/src/boot_patch.rs b/userspace/ksud/src/boot_patch.rs
index d07612bc4eca..619d095327dd 100644
--- a/userspace/ksud/src/boot_patch.rs
+++ b/userspace/ksud/src/boot_patch.rs
@@ -86,7 +86,7 @@ pub fn patch(
 
     if let Some(image) = image {
         ensure!(image.exists(), "boot image not found");
-        bootimage = image;
+        bootimage = std::fs::canonicalize(image)?;
     } else {
         let mut slot_suffix =
             utils::getprop("ro.boot.slot_suffix").unwrap_or_else(|| String::from(""));