kernel: Enable macro protection for sulog
- Only enabled on kernel versions greater than 5.10.245
This commit is contained in:
ShirkNeko
@@ -254,7 +254,6 @@ static void disable_seccomp(struct task_struct *tsk)
|
|||||||
void escape_to_root(void)
|
void escape_to_root(void)
|
||||||
{
|
{
|
||||||
struct cred *newcreds;
|
struct cred *newcreds;
|
||||||
uid_t original_uid = current_euid().val;
|
|
||||||
|
|
||||||
if (current_euid().val == 0) {
|
if (current_euid().val == 0) {
|
||||||
pr_warn("Already root, don't escape!\n");
|
pr_warn("Already root, don't escape!\n");
|
||||||
@@ -264,7 +263,9 @@ void escape_to_root(void)
|
|||||||
newcreds = prepare_creds();
|
newcreds = prepare_creds();
|
||||||
if (newcreds == NULL) {
|
if (newcreds == NULL) {
|
||||||
pr_err("%s: failed to allocate new cred.\n", __func__);
|
pr_err("%s: failed to allocate new cred.\n", __func__);
|
||||||
ksu_sulog_report_su_grant(original_uid, NULL, "escape_to_root_failed");
|
#if __SULOG_GATE
|
||||||
|
ksu_sulog_report_su_grant(current_euid().val, NULL, "escape_to_root_failed");
|
||||||
|
#endif
|
||||||
return;
|
return;
|
||||||
}
|
}
|
||||||
|
|
||||||
@@ -305,8 +306,9 @@ void escape_to_root(void)
|
|||||||
spin_unlock_irq(¤t->sighand->siglock);
|
spin_unlock_irq(¤t->sighand->siglock);
|
||||||
|
|
||||||
setup_selinux(profile->selinux_domain);
|
setup_selinux(profile->selinux_domain);
|
||||||
|
#if __SULOG_GATE
|
||||||
ksu_sulog_report_su_grant(original_uid, NULL, "escape_to_root");
|
ksu_sulog_report_su_grant(current_euid().val, NULL, "escape_to_root");
|
||||||
|
#endif
|
||||||
}
|
}
|
||||||
|
|
||||||
#ifdef CONFIG_KSU_MANUAL_SU
|
#ifdef CONFIG_KSU_MANUAL_SU
|
||||||
@@ -346,7 +348,9 @@ void escape_to_root_for_cmd_su(uid_t target_uid, pid_t target_pid)
|
|||||||
if (!target_task) {
|
if (!target_task) {
|
||||||
rcu_read_unlock();
|
rcu_read_unlock();
|
||||||
pr_err("cmd_su: target task not found for PID: %d\n", target_pid);
|
pr_err("cmd_su: target task not found for PID: %d\n", target_pid);
|
||||||
|
#if __SULOG_GATE
|
||||||
ksu_sulog_report_su_grant(target_uid, "cmd_su", "target_not_found");
|
ksu_sulog_report_su_grant(target_uid, "cmd_su", "target_not_found");
|
||||||
|
#endif
|
||||||
return;
|
return;
|
||||||
}
|
}
|
||||||
get_task_struct(target_task);
|
get_task_struct(target_task);
|
||||||
@@ -361,7 +365,9 @@ void escape_to_root_for_cmd_su(uid_t target_uid, pid_t target_pid)
|
|||||||
newcreds = prepare_kernel_cred(target_task);
|
newcreds = prepare_kernel_cred(target_task);
|
||||||
if (newcreds == NULL) {
|
if (newcreds == NULL) {
|
||||||
pr_err("cmd_su: failed to allocate new cred for PID: %d\n", target_pid);
|
pr_err("cmd_su: failed to allocate new cred for PID: %d\n", target_pid);
|
||||||
|
#if __SULOG_GATE
|
||||||
ksu_sulog_report_su_grant(target_uid, "cmd_su", "cred_alloc_failed");
|
ksu_sulog_report_su_grant(target_uid, "cmd_su", "cred_alloc_failed");
|
||||||
|
#endif
|
||||||
put_task_struct(target_task);
|
put_task_struct(target_task);
|
||||||
return;
|
return;
|
||||||
}
|
}
|
||||||
@@ -411,8 +417,9 @@ void escape_to_root_for_cmd_su(uid_t target_uid, pid_t target_pid)
|
|||||||
}
|
}
|
||||||
|
|
||||||
put_task_struct(target_task);
|
put_task_struct(target_task);
|
||||||
|
#if __SULOG_GATE
|
||||||
ksu_sulog_report_su_grant(target_uid, "cmd_su", "manual_escalation");
|
ksu_sulog_report_su_grant(target_uid, "cmd_su", "manual_escalation");
|
||||||
|
#endif
|
||||||
pr_info("cmd_su: privilege escalation completed for UID: %d, PID: %d\n", target_uid, target_pid);
|
pr_info("cmd_su: privilege escalation completed for UID: %d, PID: %d\n", target_uid, target_pid);
|
||||||
}
|
}
|
||||||
#endif
|
#endif
|
||||||
@@ -522,6 +529,7 @@ static void init_uid_scanner(void)
|
|||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
|
#if __SULOG_GATE
|
||||||
static void sulog_prctl_cmd(uid_t uid, unsigned long cmd)
|
static void sulog_prctl_cmd(uid_t uid, unsigned long cmd)
|
||||||
{
|
{
|
||||||
const char *name = NULL;
|
const char *name = NULL;
|
||||||
@@ -588,6 +596,7 @@ static void sulog_prctl_cmd(uid_t uid, unsigned long cmd)
|
|||||||
|
|
||||||
ksu_sulog_report_syscall(uid, NULL, name, NULL);
|
ksu_sulog_report_syscall(uid, NULL, name, NULL);
|
||||||
}
|
}
|
||||||
|
#endif
|
||||||
|
|
||||||
int ksu_handle_prctl(int option, unsigned long arg2, unsigned long arg3,
|
int ksu_handle_prctl(int option, unsigned long arg2, unsigned long arg3,
|
||||||
unsigned long arg4, unsigned long arg5)
|
unsigned long arg4, unsigned long arg5)
|
||||||
@@ -631,7 +640,9 @@ int ksu_handle_prctl(int option, unsigned long arg2, unsigned long arg3,
|
|||||||
bool from_root = 0 == current_uid().val;
|
bool from_root = 0 == current_uid().val;
|
||||||
bool from_manager = is_manager();
|
bool from_manager = is_manager();
|
||||||
|
|
||||||
|
#if __SULOG_GATE
|
||||||
sulog_prctl_cmd(current_uid().val, arg2);
|
sulog_prctl_cmd(current_uid().val, arg2);
|
||||||
|
#endif
|
||||||
|
|
||||||
DONT_GET_SMART();
|
DONT_GET_SMART();
|
||||||
if (!from_root && !from_manager
|
if (!from_root && !from_manager
|
||||||
@@ -656,10 +667,13 @@ int ksu_handle_prctl(int option, unsigned long arg2, unsigned long arg3,
|
|||||||
}
|
}
|
||||||
|
|
||||||
if (arg2 == CMD_GRANT_ROOT) {
|
if (arg2 == CMD_GRANT_ROOT) {
|
||||||
|
#if __SULOG_GATE
|
||||||
bool is_allowed = is_allow_su();
|
bool is_allowed = is_allow_su();
|
||||||
ksu_sulog_report_permission_check(current_uid().val, current->comm, is_allowed);
|
ksu_sulog_report_permission_check(current_uid().val, current->comm, is_allowed);
|
||||||
|
|
||||||
if (is_allowed) {
|
if (is_allowed) {
|
||||||
|
#else
|
||||||
|
if (is_allow_su()) {
|
||||||
|
#endif
|
||||||
pr_info("allow root for: %d\n", current_uid().val);
|
pr_info("allow root for: %d\n", current_uid().val);
|
||||||
escape_to_root();
|
escape_to_root();
|
||||||
if (copy_to_user(result, &reply_ok, sizeof(reply_ok))) {
|
if (copy_to_user(result, &reply_ok, sizeof(reply_ok))) {
|
||||||
@@ -766,7 +780,9 @@ int ksu_handle_prctl(int option, unsigned long arg2, unsigned long arg3,
|
|||||||
susfs_on_post_fs_data();
|
susfs_on_post_fs_data();
|
||||||
#endif
|
#endif
|
||||||
on_post_fs_data();
|
on_post_fs_data();
|
||||||
|
#if __SULOG_GATE
|
||||||
ksu_sulog_init();
|
ksu_sulog_init();
|
||||||
|
#endif
|
||||||
// Initialize UID scanner if enabled
|
// Initialize UID scanner if enabled
|
||||||
init_uid_scanner();
|
init_uid_scanner();
|
||||||
// Initializing Dynamic Signatures
|
// Initializing Dynamic Signatures
|
||||||
@@ -1230,8 +1246,10 @@ int ksu_handle_prctl(int option, unsigned long arg2, unsigned long arg3,
|
|||||||
|
|
||||||
// todo: validate the params
|
// todo: validate the params
|
||||||
if (ksu_set_app_profile(&profile, true)) {
|
if (ksu_set_app_profile(&profile, true)) {
|
||||||
|
#if __SULOG_GATE
|
||||||
ksu_sulog_report_manager_operation("SET_APP_PROFILE",
|
ksu_sulog_report_manager_operation("SET_APP_PROFILE",
|
||||||
current_uid().val, profile.current_uid);
|
current_uid().val, profile.current_uid);
|
||||||
|
#endif
|
||||||
|
|
||||||
if (copy_to_user(result, &reply_ok, sizeof(reply_ok))) {
|
if (copy_to_user(result, &reply_ok, sizeof(reply_ok))) {
|
||||||
pr_err("prctl reply error, cmd: %lu\n", arg2);
|
pr_err("prctl reply error, cmd: %lu\n", arg2);
|
||||||
@@ -1493,8 +1511,9 @@ int ksu_handle_setuid(struct cred *new, const struct cred *old)
|
|||||||
if (unlikely(is_some_system_uid(new_uid.val) && susfs_is_umount_for_zygote_system_process_enabled)) {
|
if (unlikely(is_some_system_uid(new_uid.val) && susfs_is_umount_for_zygote_system_process_enabled)) {
|
||||||
goto do_umount;
|
goto do_umount;
|
||||||
}
|
}
|
||||||
|
#if __SULOG_GATE
|
||||||
ksu_sulog_report_syscall(new_uid.val, NULL, "setuid", NULL);
|
ksu_sulog_report_syscall(new_uid.val, NULL, "setuid", NULL);
|
||||||
|
#endif
|
||||||
|
|
||||||
return 0;
|
return 0;
|
||||||
|
|
||||||
@@ -1590,7 +1609,9 @@ int ksu_handle_setuid(struct cred *new, const struct cred *old)
|
|||||||
current->pid);
|
current->pid);
|
||||||
return 0;
|
return 0;
|
||||||
}
|
}
|
||||||
|
#if __SULOG_GATE
|
||||||
ksu_sulog_report_syscall(new_uid.val, NULL, "setuid", NULL);
|
ksu_sulog_report_syscall(new_uid.val, NULL, "setuid", NULL);
|
||||||
|
#endif
|
||||||
#ifdef CONFIG_KSU_DEBUG
|
#ifdef CONFIG_KSU_DEBUG
|
||||||
// umount the target mnt
|
// umount the target mnt
|
||||||
pr_info("handle umount for uid: %d, pid: %d\n", new_uid.val,
|
pr_info("handle umount for uid: %d, pid: %d\n", new_uid.val,
|
||||||
@@ -1960,7 +1981,9 @@ void ksu_core_exit(void)
|
|||||||
{
|
{
|
||||||
ksu_uid_exit();
|
ksu_uid_exit();
|
||||||
ksu_throne_comm_exit();
|
ksu_throne_comm_exit();
|
||||||
|
#if __SULOG_GATE
|
||||||
ksu_sulog_exit();
|
ksu_sulog_exit();
|
||||||
|
#endif
|
||||||
|
|
||||||
#ifdef CONFIG_KSU_KPROBES_HOOK
|
#ifdef CONFIG_KSU_KPROBES_HOOK
|
||||||
pr_info("ksu_core_kprobe_exit\n");
|
pr_info("ksu_core_kprobe_exit\n");
|
||||||
|
|||||||
@@ -81,7 +81,9 @@ int ksu_handle_faccessat(int *dfd, const char __user **filename_user, int *mode,
|
|||||||
ksu_strncpy_from_user_nofault(path, *filename_user, sizeof(path));
|
ksu_strncpy_from_user_nofault(path, *filename_user, sizeof(path));
|
||||||
|
|
||||||
if (unlikely(!memcmp(path, su, sizeof(su)))) {
|
if (unlikely(!memcmp(path, su, sizeof(su)))) {
|
||||||
|
#if __SULOG_GATE
|
||||||
ksu_sulog_report_syscall(current_uid().val, NULL, "faccessat", path);
|
ksu_sulog_report_syscall(current_uid().val, NULL, "faccessat", path);
|
||||||
|
#endif
|
||||||
pr_info("faccessat su->sh!\n");
|
pr_info("faccessat su->sh!\n");
|
||||||
*filename_user = sh_user_path();
|
*filename_user = sh_user_path();
|
||||||
}
|
}
|
||||||
@@ -102,7 +104,9 @@ struct filename* susfs_ksu_handle_stat(int *dfd, const char __user **filename_us
|
|||||||
}
|
}
|
||||||
|
|
||||||
const char sh[] = SH_PATH;
|
const char sh[] = SH_PATH;
|
||||||
|
#if __SULOG_GATE
|
||||||
ksu_sulog_report_syscall(current_uid().val, NULL, "vfs_fstatat", sh);
|
ksu_sulog_report_syscall(current_uid().val, NULL, "vfs_fstatat", sh);
|
||||||
|
#endif
|
||||||
pr_info("vfs_fstatat su->sh!\n");
|
pr_info("vfs_fstatat su->sh!\n");
|
||||||
memcpy((void *)name->name, sh, sizeof(sh));
|
memcpy((void *)name->name, sh, sizeof(sh));
|
||||||
return name;
|
return name;
|
||||||
@@ -151,7 +155,9 @@ int ksu_handle_stat(int *dfd, const char __user **filename_user, int *flags)
|
|||||||
ksu_strncpy_from_user_nofault(path, *filename_user, sizeof(path));
|
ksu_strncpy_from_user_nofault(path, *filename_user, sizeof(path));
|
||||||
|
|
||||||
if (unlikely(!memcmp(path, su, sizeof(su)))) {
|
if (unlikely(!memcmp(path, su, sizeof(su)))) {
|
||||||
|
#if __SULOG_GATE
|
||||||
ksu_sulog_report_syscall(current_uid().val, NULL, "newfstatat", path);
|
ksu_sulog_report_syscall(current_uid().val, NULL, "newfstatat", path);
|
||||||
|
#endif
|
||||||
pr_info("newfstatat su->sh!\n");
|
pr_info("newfstatat su->sh!\n");
|
||||||
*filename_user = sh_user_path();
|
*filename_user = sh_user_path();
|
||||||
}
|
}
|
||||||
@@ -166,7 +172,6 @@ int ksu_handle_execveat_sucompat(int *fd, struct filename **filename_ptr,
|
|||||||
int *__never_use_flags)
|
int *__never_use_flags)
|
||||||
{
|
{
|
||||||
struct filename *filename;
|
struct filename *filename;
|
||||||
uid_t current_uid_val = current_uid().val;
|
|
||||||
|
|
||||||
#ifndef CONFIG_KSU_KPROBES_HOOK
|
#ifndef CONFIG_KSU_KPROBES_HOOK
|
||||||
if (!ksu_sucompat_hook_state) {
|
if (!ksu_sucompat_hook_state) {
|
||||||
@@ -185,20 +190,24 @@ int ksu_handle_execveat_sucompat(int *fd, struct filename **filename_ptr,
|
|||||||
if (likely(memcmp(filename->name, su, sizeof(su))))
|
if (likely(memcmp(filename->name, su, sizeof(su))))
|
||||||
return 0;
|
return 0;
|
||||||
|
|
||||||
ksu_sulog_report_syscall(current_uid_val, NULL, "execve", filename->name);
|
#if __SULOG_GATE
|
||||||
|
ksu_sulog_report_syscall(current_uid().val, NULL, "execve", filename->name);
|
||||||
bool is_allowed = ksu_is_allow_uid(current_uid_val);
|
bool is_allowed = ksu_is_allow_uid(current_uid().val);
|
||||||
|
|
||||||
#ifndef CONFIG_KSU_SUSFS_SUS_SU
|
|
||||||
if (!is_allowed)
|
|
||||||
return 0;
|
|
||||||
#endif
|
#endif
|
||||||
|
|
||||||
ksu_sulog_report_su_attempt(current_uid_val, NULL, filename->name, is_allowed);
|
#ifndef CONFIG_KSU_SUSFS_SUS_SU
|
||||||
|
|
||||||
if (!is_allowed) {
|
#if __SULOG_GATE
|
||||||
|
if (!is_allowed)
|
||||||
|
return 0;
|
||||||
|
|
||||||
|
ksu_sulog_report_su_attempt(current_uid().val, NULL, filename->name, is_allowed);
|
||||||
|
#else
|
||||||
|
if (!ksu_is_allow_uid(current_uid().val)) {
|
||||||
return 0;
|
return 0;
|
||||||
}
|
}
|
||||||
|
#endif
|
||||||
|
#endif
|
||||||
|
|
||||||
pr_info("do_execveat_common su found\n");
|
pr_info("do_execveat_common su found\n");
|
||||||
memcpy((void *)filename->name, ksud_path, sizeof(ksud_path));
|
memcpy((void *)filename->name, ksud_path, sizeof(ksud_path));
|
||||||
@@ -212,7 +221,6 @@ int ksu_handle_execve_sucompat(int *fd, const char __user **filename_user,
|
|||||||
void *__never_use_argv, void *__never_use_envp,
|
void *__never_use_argv, void *__never_use_envp,
|
||||||
int *__never_use_flags)
|
int *__never_use_flags)
|
||||||
{
|
{
|
||||||
uid_t current_uid_val = current_uid().val;
|
|
||||||
//const char su[] = SU_PATH;
|
//const char su[] = SU_PATH;
|
||||||
#ifdef CONFIG_KSU_SUSFS_SUS_SU
|
#ifdef CONFIG_KSU_SUSFS_SUS_SU
|
||||||
char path[sizeof(su) + 1] = {0};
|
char path[sizeof(su) + 1] = {0};
|
||||||
@@ -247,15 +255,19 @@ int ksu_handle_execve_sucompat(int *fd, const char __user **filename_user,
|
|||||||
if (likely(memcmp(path, su, sizeof(su))))
|
if (likely(memcmp(path, su, sizeof(su))))
|
||||||
return 0;
|
return 0;
|
||||||
|
|
||||||
ksu_sulog_report_syscall(current_uid_val, NULL, "execve", path);
|
#if __SULOG_GATE
|
||||||
|
ksu_sulog_report_syscall(current_uid().val, NULL, "execve", path);
|
||||||
bool is_allowed = ksu_is_allow_uid(current_uid_val);
|
bool is_allowed = ksu_is_allow_uid(current_uid().val);
|
||||||
|
|
||||||
ksu_sulog_report_su_attempt(current_uid_val, NULL, path, is_allowed);
|
|
||||||
|
|
||||||
if (!is_allowed)
|
if (!is_allowed)
|
||||||
return 0;
|
return 0;
|
||||||
|
|
||||||
|
ksu_sulog_report_su_attempt(current_uid().val, NULL, path, is_allowed);
|
||||||
|
#else
|
||||||
|
if (!ksu_is_allow_uid(current_uid().val)) {
|
||||||
|
return 0;
|
||||||
|
}
|
||||||
|
#endif
|
||||||
|
|
||||||
pr_info("sys_execve su found\n");
|
pr_info("sys_execve su found\n");
|
||||||
*filename_user = ksud_user_path();
|
*filename_user = ksud_user_path();
|
||||||
|
|
||||||
|
|||||||
@@ -18,6 +18,7 @@
|
|||||||
#include "sulog.h"
|
#include "sulog.h"
|
||||||
#include "ksu.h"
|
#include "ksu.h"
|
||||||
|
|
||||||
|
#if __SULOG_GATE
|
||||||
struct dedup_entry dedup_tbl[SULOG_COMM_LEN];
|
struct dedup_entry dedup_tbl[SULOG_COMM_LEN];
|
||||||
DEFINE_SPINLOCK(dedup_lock);
|
DEFINE_SPINLOCK(dedup_lock);
|
||||||
static LIST_HEAD(sulog_queue);
|
static LIST_HEAD(sulog_queue);
|
||||||
@@ -419,3 +420,4 @@ void ksu_sulog_exit(void)
|
|||||||
|
|
||||||
pr_info("sulog: cleaned up successfully\n");
|
pr_info("sulog: cleaned up successfully\n");
|
||||||
}
|
}
|
||||||
|
#endif // __SULOG_GATE
|
||||||
@@ -2,7 +2,15 @@
|
|||||||
#define __KSU_SULOG_H
|
#define __KSU_SULOG_H
|
||||||
|
|
||||||
#include <linux/types.h>
|
#include <linux/types.h>
|
||||||
|
#include <linux/version.h>
|
||||||
|
|
||||||
|
#if LINUX_VERSION_CODE >= KERNEL_VERSION(5, 10, 245)
|
||||||
|
#define __SULOG_GATE 1
|
||||||
|
#else
|
||||||
|
#define __SULOG_GATE 0
|
||||||
|
#endif
|
||||||
|
|
||||||
|
#if __SULOG_GATE
|
||||||
extern struct timezone sys_tz;
|
extern struct timezone sys_tz;
|
||||||
|
|
||||||
#define SULOG_PATH "/data/adb/ksu/log/sulog.log"
|
#define SULOG_PATH "/data/adb/ksu/log/sulog.log"
|
||||||
@@ -49,5 +57,6 @@ void ksu_sulog_report_syscall(uid_t uid, const char *comm, const char *syscall,
|
|||||||
|
|
||||||
int ksu_sulog_init(void);
|
int ksu_sulog_init(void);
|
||||||
void ksu_sulog_exit(void);
|
void ksu_sulog_exit(void);
|
||||||
|
#endif // __SULOG_GATE
|
||||||
|
|
||||||
#endif /* __KSU_SULOG_H */
|
#endif /* __KSU_SULOG_H */
|
||||||
Reference in New Issue
Block a user