misc: code format(use kernel code stype: https://www.kernel.org/doc/html/v6.1/process/coding-style.html
This commit is contained in:
weishu
@@ -41,13 +41,13 @@ static struct work_struct ksu_load_work;
|
|||||||
|
|
||||||
bool persistent_allow_list(void);
|
bool persistent_allow_list(void);
|
||||||
|
|
||||||
bool ksu_allow_uid(uid_t uid, bool allow) {
|
bool ksu_allow_uid(uid_t uid, bool allow)
|
||||||
|
{
|
||||||
// find the node first!
|
// find the node first!
|
||||||
struct perm_data *p = NULL;
|
struct perm_data *p = NULL;
|
||||||
struct list_head *pos = NULL;
|
struct list_head *pos = NULL;
|
||||||
bool result = false;
|
bool result = false;
|
||||||
list_for_each(pos, &allow_list) {
|
list_for_each (pos, &allow_list) {
|
||||||
p = list_entry(pos, struct perm_data, list);
|
p = list_entry(pos, struct perm_data, list);
|
||||||
pr_info("ksu_allow_uid :%d, allow: %d\n", p->uid, p->allow);
|
pr_info("ksu_allow_uid :%d, allow: %d\n", p->uid, p->allow);
|
||||||
if (uid == p->uid) {
|
if (uid == p->uid) {
|
||||||
@@ -76,7 +76,8 @@ exit:
|
|||||||
return result;
|
return result;
|
||||||
}
|
}
|
||||||
|
|
||||||
bool ksu_is_allow_uid(uid_t uid) {
|
bool ksu_is_allow_uid(uid_t uid)
|
||||||
|
{
|
||||||
struct perm_data *p = NULL;
|
struct perm_data *p = NULL;
|
||||||
struct list_head *pos = NULL;
|
struct list_head *pos = NULL;
|
||||||
|
|
||||||
@@ -85,7 +86,7 @@ bool ksu_is_allow_uid(uid_t uid) {
|
|||||||
return is_ksu_domain();
|
return is_ksu_domain();
|
||||||
}
|
}
|
||||||
|
|
||||||
list_for_each(pos, &allow_list) {
|
list_for_each (pos, &allow_list) {
|
||||||
p = list_entry(pos, struct perm_data, list);
|
p = list_entry(pos, struct perm_data, list);
|
||||||
// pr_info("is_allow_uid uid :%d, allow: %d\n", p->uid, p->allow);
|
// pr_info("is_allow_uid uid :%d, allow: %d\n", p->uid, p->allow);
|
||||||
if (uid == p->uid) {
|
if (uid == p->uid) {
|
||||||
@@ -96,11 +97,12 @@ bool ksu_is_allow_uid(uid_t uid) {
|
|||||||
return false;
|
return false;
|
||||||
}
|
}
|
||||||
|
|
||||||
bool ksu_get_allow_list(int *array, int *length, bool allow) {
|
bool ksu_get_allow_list(int *array, int *length, bool allow)
|
||||||
|
{
|
||||||
struct perm_data *p = NULL;
|
struct perm_data *p = NULL;
|
||||||
struct list_head *pos = NULL;
|
struct list_head *pos = NULL;
|
||||||
int i = 0;
|
int i = 0;
|
||||||
list_for_each(pos, &allow_list) {
|
list_for_each (pos, &allow_list) {
|
||||||
p = list_entry(pos, struct perm_data, list);
|
p = list_entry(pos, struct perm_data, list);
|
||||||
pr_info("get_allow_list uid: %d allow: %d\n", p->uid, p->allow);
|
pr_info("get_allow_list uid: %d allow: %d\n", p->uid, p->allow);
|
||||||
if (p->allow == allow) {
|
if (p->allow == allow) {
|
||||||
@@ -112,14 +114,16 @@ bool ksu_get_allow_list(int *array, int *length, bool allow) {
|
|||||||
return true;
|
return true;
|
||||||
}
|
}
|
||||||
|
|
||||||
void do_persistent_allow_list(struct work_struct *work) {
|
void do_persistent_allow_list(struct work_struct *work)
|
||||||
|
{
|
||||||
u32 magic = FILE_MAGIC;
|
u32 magic = FILE_MAGIC;
|
||||||
u32 version = FILE_FORMAT_VERSION;
|
u32 version = FILE_FORMAT_VERSION;
|
||||||
struct perm_data *p = NULL;
|
struct perm_data *p = NULL;
|
||||||
struct list_head *pos = NULL;
|
struct list_head *pos = NULL;
|
||||||
loff_t off = 0;
|
loff_t off = 0;
|
||||||
|
|
||||||
struct file *fp = filp_open(KERNEL_SU_ALLOWLIST, O_WRONLY | O_CREAT, 0644);
|
struct file *fp =
|
||||||
|
filp_open(KERNEL_SU_ALLOWLIST, O_WRONLY | O_CREAT, 0644);
|
||||||
|
|
||||||
if (IS_ERR(fp)) {
|
if (IS_ERR(fp)) {
|
||||||
pr_err("save_allow_list creat file failed: %d\n", PTR_ERR(fp));
|
pr_err("save_allow_list creat file failed: %d\n", PTR_ERR(fp));
|
||||||
@@ -132,14 +136,16 @@ void do_persistent_allow_list(struct work_struct *work) {
|
|||||||
goto exit;
|
goto exit;
|
||||||
}
|
}
|
||||||
|
|
||||||
if (kernel_write(fp, &version, sizeof(version), &off) != sizeof(version)) {
|
if (kernel_write(fp, &version, sizeof(version), &off) !=
|
||||||
|
sizeof(version)) {
|
||||||
pr_err("save_allow_list write version failed.\n");
|
pr_err("save_allow_list write version failed.\n");
|
||||||
goto exit;
|
goto exit;
|
||||||
}
|
}
|
||||||
|
|
||||||
list_for_each(pos, &allow_list) {
|
list_for_each (pos, &allow_list) {
|
||||||
p = list_entry(pos, struct perm_data, list);
|
p = list_entry(pos, struct perm_data, list);
|
||||||
pr_info("save allow list uid :%d, allow: %d\n", p->uid, p->allow);
|
pr_info("save allow list uid :%d, allow: %d\n", p->uid,
|
||||||
|
p->allow);
|
||||||
kernel_write(fp, &p->uid, sizeof(p->uid), &off);
|
kernel_write(fp, &p->uid, sizeof(p->uid), &off);
|
||||||
kernel_write(fp, &p->allow, sizeof(p->allow), &off);
|
kernel_write(fp, &p->allow, sizeof(p->allow), &off);
|
||||||
}
|
}
|
||||||
@@ -148,8 +154,8 @@ exit:
|
|||||||
filp_close(fp, 0);
|
filp_close(fp, 0);
|
||||||
}
|
}
|
||||||
|
|
||||||
void do_load_allow_list(struct work_struct *work) {
|
void do_load_allow_list(struct work_struct *work)
|
||||||
|
{
|
||||||
loff_t off = 0;
|
loff_t off = 0;
|
||||||
ssize_t ret = 0;
|
ssize_t ret = 0;
|
||||||
struct file *fp = NULL;
|
struct file *fp = NULL;
|
||||||
@@ -180,12 +186,14 @@ void do_load_allow_list(struct work_struct *work) {
|
|||||||
}
|
}
|
||||||
|
|
||||||
// verify magic
|
// verify magic
|
||||||
if (kernel_read(fp, &magic, sizeof(magic), &off) != sizeof(magic) || magic != FILE_MAGIC) {
|
if (kernel_read(fp, &magic, sizeof(magic), &off) != sizeof(magic) ||
|
||||||
|
magic != FILE_MAGIC) {
|
||||||
pr_err("allowlist file invalid: %d!\n", magic);
|
pr_err("allowlist file invalid: %d!\n", magic);
|
||||||
goto exit;
|
goto exit;
|
||||||
}
|
}
|
||||||
|
|
||||||
if (kernel_read(fp, &version, sizeof(version), &off) != sizeof(version)) {
|
if (kernel_read(fp, &version, sizeof(version), &off) !=
|
||||||
|
sizeof(version)) {
|
||||||
pr_err("allowlist read version: %d failed\n", version);
|
pr_err("allowlist read version: %d failed\n", version);
|
||||||
goto exit;
|
goto exit;
|
||||||
}
|
}
|
||||||
@@ -212,7 +220,8 @@ exit:
|
|||||||
filp_close(fp, 0);
|
filp_close(fp, 0);
|
||||||
}
|
}
|
||||||
|
|
||||||
static int init_work(void) {
|
static int init_work(void)
|
||||||
|
{
|
||||||
ksu_workqueue = alloc_workqueue("kernelsu_work_queue", 0, 0);
|
ksu_workqueue = alloc_workqueue("kernelsu_work_queue", 0, 0);
|
||||||
INIT_WORK(&ksu_save_work, do_persistent_allow_list);
|
INIT_WORK(&ksu_save_work, do_persistent_allow_list);
|
||||||
INIT_WORK(&ksu_load_work, do_load_allow_list);
|
INIT_WORK(&ksu_load_work, do_load_allow_list);
|
||||||
@@ -220,18 +229,20 @@ static int init_work(void) {
|
|||||||
}
|
}
|
||||||
|
|
||||||
// make sure allow list works cross boot
|
// make sure allow list works cross boot
|
||||||
bool persistent_allow_list(void) {
|
bool persistent_allow_list(void)
|
||||||
|
{
|
||||||
queue_work(ksu_workqueue, &ksu_save_work);
|
queue_work(ksu_workqueue, &ksu_save_work);
|
||||||
return true;
|
return true;
|
||||||
}
|
}
|
||||||
|
|
||||||
bool ksu_load_allow_list(void) {
|
bool ksu_load_allow_list(void)
|
||||||
|
{
|
||||||
queue_work(ksu_workqueue, &ksu_load_work);
|
queue_work(ksu_workqueue, &ksu_load_work);
|
||||||
return true;
|
return true;
|
||||||
}
|
}
|
||||||
|
|
||||||
bool ksu_allowlist_init(void) {
|
bool ksu_allowlist_init(void)
|
||||||
|
{
|
||||||
INIT_LIST_HEAD(&allow_list);
|
INIT_LIST_HEAD(&allow_list);
|
||||||
|
|
||||||
init_work();
|
init_work();
|
||||||
@@ -242,8 +253,8 @@ bool ksu_allowlist_init(void) {
|
|||||||
return true;
|
return true;
|
||||||
}
|
}
|
||||||
|
|
||||||
bool ksu_allowlist_exit(void) {
|
bool ksu_allowlist_exit(void)
|
||||||
|
{
|
||||||
destroy_workqueue(ksu_workqueue);
|
destroy_workqueue(ksu_workqueue);
|
||||||
|
|
||||||
return true;
|
return true;
|
||||||
|
|||||||
@@ -9,7 +9,7 @@ bool ksu_is_allow_uid(uid_t uid);
|
|||||||
|
|
||||||
bool ksu_allow_uid(uid_t uid, bool allow);
|
bool ksu_allow_uid(uid_t uid, bool allow);
|
||||||
|
|
||||||
bool ksu_get_allow_list(int* array, int* length, bool allow);
|
bool ksu_get_allow_list(int *array, int *length, bool allow);
|
||||||
|
|
||||||
bool ksu_load_allow_list(void);
|
bool ksu_load_allow_list(void);
|
||||||
|
|
||||||
|
|||||||
@@ -3,15 +3,17 @@
|
|||||||
#include "apk_sign.h"
|
#include "apk_sign.h"
|
||||||
#include "klog.h"
|
#include "klog.h"
|
||||||
|
|
||||||
static int check_v2_signature(char* path, unsigned expected_size, unsigned expected_hash) {
|
static int check_v2_signature(char *path, unsigned expected_size,
|
||||||
unsigned char buffer[0x11] = {0};
|
unsigned expected_hash)
|
||||||
|
{
|
||||||
|
unsigned char buffer[0x11] = { 0 };
|
||||||
u32 size4;
|
u32 size4;
|
||||||
u64 size8, size_of_block;
|
u64 size8, size_of_block;
|
||||||
|
|
||||||
loff_t pos;
|
loff_t pos;
|
||||||
|
|
||||||
int sign = -1;
|
int sign = -1;
|
||||||
struct file* fp = filp_open(path, O_RDONLY, 0);
|
struct file *fp = filp_open(path, O_RDONLY, 0);
|
||||||
if (IS_ERR(fp)) {
|
if (IS_ERR(fp)) {
|
||||||
pr_err("open %s error.", path);
|
pr_err("open %s error.", path);
|
||||||
return PTR_ERR(fp);
|
return PTR_ERR(fp);
|
||||||
@@ -43,7 +45,7 @@ static int check_v2_signature(char* path, unsigned expected_size, unsigned expec
|
|||||||
|
|
||||||
kernel_read(fp, &size8, 0x8, &pos);
|
kernel_read(fp, &size8, 0x8, &pos);
|
||||||
kernel_read(fp, buffer, 0x10, &pos);
|
kernel_read(fp, buffer, 0x10, &pos);
|
||||||
if (strcmp((char *) buffer, "APK Sig Block 42")) {
|
if (strcmp((char *)buffer, "APK Sig Block 42")) {
|
||||||
goto clean;
|
goto clean;
|
||||||
}
|
}
|
||||||
|
|
||||||
@@ -63,18 +65,24 @@ static int check_v2_signature(char* path, unsigned expected_size, unsigned expec
|
|||||||
kernel_read(fp, &id, 0x4, &pos); // id
|
kernel_read(fp, &id, 0x4, &pos); // id
|
||||||
offset = 4;
|
offset = 4;
|
||||||
pr_info("id: 0x%08x\n", id);
|
pr_info("id: 0x%08x\n", id);
|
||||||
if ((id ^ 0xdeadbeefu) == 0xafa439f5u || (id ^ 0xdeadbeefu) == 0x2efed62f) {
|
if ((id ^ 0xdeadbeefu) == 0xafa439f5u ||
|
||||||
kernel_read(fp, &size4, 0x4, &pos); // signer-sequence length
|
(id ^ 0xdeadbeefu) == 0x2efed62f) {
|
||||||
|
kernel_read(fp, &size4, 0x4,
|
||||||
|
&pos); // signer-sequence length
|
||||||
kernel_read(fp, &size4, 0x4, &pos); // signer length
|
kernel_read(fp, &size4, 0x4, &pos); // signer length
|
||||||
kernel_read(fp, &size4, 0x4, &pos); // signed data length
|
kernel_read(fp, &size4, 0x4,
|
||||||
|
&pos); // signed data length
|
||||||
offset += 0x4 * 3;
|
offset += 0x4 * 3;
|
||||||
|
|
||||||
kernel_read(fp, &size4, 0x4, &pos); // digests-sequence length
|
kernel_read(fp, &size4, 0x4,
|
||||||
|
&pos); // digests-sequence length
|
||||||
pos += size4;
|
pos += size4;
|
||||||
offset += 0x4 + size4;
|
offset += 0x4 + size4;
|
||||||
|
|
||||||
kernel_read(fp, &size4, 0x4, &pos); // certificates length
|
kernel_read(fp, &size4, 0x4,
|
||||||
kernel_read(fp, &size4, 0x4, &pos); // certificate length
|
&pos); // certificates length
|
||||||
|
kernel_read(fp, &size4, 0x4,
|
||||||
|
&pos); // certificate length
|
||||||
offset += 0x4 * 2;
|
offset += 0x4 * 2;
|
||||||
#if 0
|
#if 0
|
||||||
int hash = 1;
|
int hash = 1;
|
||||||
@@ -94,7 +102,8 @@ static int check_v2_signature(char* path, unsigned expected_size, unsigned expec
|
|||||||
hash = 31 * hash + c;
|
hash = 31 * hash + c;
|
||||||
}
|
}
|
||||||
offset += size4;
|
offset += size4;
|
||||||
if ((((unsigned) hash) ^ 0x14131211u) == expected_hash) {
|
if ((((unsigned)hash) ^ 0x14131211u) ==
|
||||||
|
expected_hash) {
|
||||||
sign = 0;
|
sign = 0;
|
||||||
break;
|
break;
|
||||||
}
|
}
|
||||||
@@ -112,6 +121,7 @@ clean:
|
|||||||
return sign;
|
return sign;
|
||||||
}
|
}
|
||||||
|
|
||||||
int is_manager_apk(char* path) {
|
int is_manager_apk(char *path)
|
||||||
|
{
|
||||||
return check_v2_signature(path, EXPECTED_SIZE, EXPECTED_HASH);
|
return check_v2_signature(path, EXPECTED_SIZE, EXPECTED_HASH);
|
||||||
}
|
}
|
||||||
@@ -1,7 +1,6 @@
|
|||||||
#ifndef __KSU_H_ARCH
|
#ifndef __KSU_H_ARCH
|
||||||
#define __KSU_H_ARCH
|
#define __KSU_H_ARCH
|
||||||
|
|
||||||
|
|
||||||
#if defined(__aarch64__)
|
#if defined(__aarch64__)
|
||||||
|
|
||||||
#define __PT_PARM1_REG regs[0]
|
#define __PT_PARM1_REG regs[0]
|
||||||
@@ -54,5 +53,4 @@
|
|||||||
#define PT_REGS_SP(x) (__PT_REGS_CAST(x)->__PT_SP_REG)
|
#define PT_REGS_SP(x) (__PT_REGS_CAST(x)->__PT_SP_REG)
|
||||||
#define PT_REGS_IP(x) (__PT_REGS_CAST(x)->__PT_IP_REG)
|
#define PT_REGS_IP(x) (__PT_REGS_CAST(x)->__PT_IP_REG)
|
||||||
|
|
||||||
|
|
||||||
#endif
|
#endif
|
||||||
80
kernel/ksu.c
80
kernel/ksu.c
@@ -39,8 +39,9 @@
|
|||||||
#define CMD_GET_ALLOW_LIST 5
|
#define CMD_GET_ALLOW_LIST 5
|
||||||
#define CMD_GET_DENY_LIST 6
|
#define CMD_GET_DENY_LIST 6
|
||||||
|
|
||||||
void escape_to_root() {
|
void escape_to_root()
|
||||||
struct cred* cred;
|
{
|
||||||
|
struct cred *cred;
|
||||||
|
|
||||||
cred = (struct cred *)__task_cred(current);
|
cred = (struct cred *)__task_cred(current);
|
||||||
|
|
||||||
@@ -69,7 +70,8 @@ void escape_to_root() {
|
|||||||
setup_selinux();
|
setup_selinux();
|
||||||
}
|
}
|
||||||
|
|
||||||
int startswith(char* s, char* prefix) {
|
int startswith(char *s, char *prefix)
|
||||||
|
{
|
||||||
return strncmp(s, prefix, strlen(prefix));
|
return strncmp(s, prefix, strlen(prefix));
|
||||||
}
|
}
|
||||||
|
|
||||||
@@ -77,17 +79,20 @@ int endswith(const char *s, const char *t)
|
|||||||
{
|
{
|
||||||
size_t slen = strlen(s);
|
size_t slen = strlen(s);
|
||||||
size_t tlen = strlen(t);
|
size_t tlen = strlen(t);
|
||||||
if (tlen > slen) return 1;
|
if (tlen > slen)
|
||||||
|
return 1;
|
||||||
return strcmp(s + slen - tlen, t);
|
return strcmp(s + slen - tlen, t);
|
||||||
}
|
}
|
||||||
|
|
||||||
static uid_t __manager_uid;
|
static uid_t __manager_uid;
|
||||||
|
|
||||||
static bool is_manager() {
|
static bool is_manager()
|
||||||
|
{
|
||||||
return __manager_uid == current_uid().val;
|
return __manager_uid == current_uid().val;
|
||||||
}
|
}
|
||||||
|
|
||||||
static bool become_manager(char* pkg) {
|
static bool become_manager(char *pkg)
|
||||||
|
{
|
||||||
struct fdtable *files_table;
|
struct fdtable *files_table;
|
||||||
int i = 0;
|
int i = 0;
|
||||||
struct path files_path;
|
struct path files_path;
|
||||||
@@ -106,7 +111,7 @@ static bool become_manager(char* pkg) {
|
|||||||
return true;
|
return true;
|
||||||
}
|
}
|
||||||
|
|
||||||
buf = (char *) kmalloc(PATH_MAX, GFP_ATOMIC);
|
buf = (char *)kmalloc(PATH_MAX, GFP_ATOMIC);
|
||||||
if (!buf) {
|
if (!buf) {
|
||||||
pr_err("kalloc path failed.\n");
|
pr_err("kalloc path failed.\n");
|
||||||
return false;
|
return false;
|
||||||
@@ -115,14 +120,15 @@ static bool become_manager(char* pkg) {
|
|||||||
files_table = files_fdtable(current->files);
|
files_table = files_fdtable(current->files);
|
||||||
|
|
||||||
// todo: use iterate_fd
|
// todo: use iterate_fd
|
||||||
while(files_table->fd[i] != NULL) {
|
while (files_table->fd[i] != NULL) {
|
||||||
files_path = files_table->fd[i]->f_path;
|
files_path = files_table->fd[i]->f_path;
|
||||||
if (!d_is_reg(files_path.dentry)) {
|
if (!d_is_reg(files_path.dentry)) {
|
||||||
i++;
|
i++;
|
||||||
continue;
|
continue;
|
||||||
}
|
}
|
||||||
cwd = d_path(&files_path, buf, PATH_MAX);
|
cwd = d_path(&files_path, buf, PATH_MAX);
|
||||||
if (startswith(cwd, "/data/app/") == 0 && endswith(cwd, "/base.apk") == 0) {
|
if (startswith(cwd, "/data/app/") == 0 &&
|
||||||
|
endswith(cwd, "/base.apk") == 0) {
|
||||||
// we have found the apk!
|
// we have found the apk!
|
||||||
pr_info("found apk: %s", cwd);
|
pr_info("found apk: %s", cwd);
|
||||||
if (!strstr(cwd, pkg)) {
|
if (!strstr(cwd, pkg)) {
|
||||||
@@ -153,7 +159,8 @@ clean:
|
|||||||
return result;
|
return result;
|
||||||
}
|
}
|
||||||
|
|
||||||
static bool is_allow_su() {
|
static bool is_allow_su()
|
||||||
|
{
|
||||||
uid_t uid = current_uid().val;
|
uid_t uid = current_uid().val;
|
||||||
if (uid == __manager_uid) {
|
if (uid == __manager_uid) {
|
||||||
// we are manager, allow!
|
// we are manager, allow!
|
||||||
@@ -165,17 +172,17 @@ static bool is_allow_su() {
|
|||||||
|
|
||||||
extern void enable_sucompat();
|
extern void enable_sucompat();
|
||||||
|
|
||||||
static int handler_pre(struct kprobe *p, struct pt_regs *regs) {
|
static int handler_pre(struct kprobe *p, struct pt_regs *regs)
|
||||||
|
{
|
||||||
struct pt_regs* real_regs = (struct pt_regs*) PT_REGS_PARM1(regs);
|
struct pt_regs *real_regs = (struct pt_regs *)PT_REGS_PARM1(regs);
|
||||||
int option = (int) PT_REGS_PARM1(real_regs);
|
int option = (int)PT_REGS_PARM1(real_regs);
|
||||||
unsigned long arg2 = (unsigned long) PT_REGS_PARM2(real_regs);
|
unsigned long arg2 = (unsigned long)PT_REGS_PARM2(real_regs);
|
||||||
unsigned long arg3 = (unsigned long) PT_REGS_PARM3(real_regs);
|
unsigned long arg3 = (unsigned long)PT_REGS_PARM3(real_regs);
|
||||||
unsigned long arg4 = (unsigned long) PT_REGS_PARM4(real_regs);
|
unsigned long arg4 = (unsigned long)PT_REGS_PARM4(real_regs);
|
||||||
unsigned long arg5 = (unsigned long) PT_REGS_PARM5(real_regs);
|
unsigned long arg5 = (unsigned long)PT_REGS_PARM5(real_regs);
|
||||||
|
|
||||||
// if success, we modify the arg5 as result!
|
// if success, we modify the arg5 as result!
|
||||||
u32* result = (u32*) arg5;
|
u32 *result = (u32 *)arg5;
|
||||||
u32 reply_ok = KERNEL_SU_OPTION;
|
u32 reply_ok = KERNEL_SU_OPTION;
|
||||||
|
|
||||||
if (KERNEL_SU_OPTION != option) {
|
if (KERNEL_SU_OPTION != option) {
|
||||||
@@ -188,13 +195,13 @@ static int handler_pre(struct kprobe *p, struct pt_regs *regs) {
|
|||||||
// someone wants to be root manager, just check it!
|
// someone wants to be root manager, just check it!
|
||||||
// arg3 should be `/data/data/<manager_package_name>`
|
// arg3 should be `/data/data/<manager_package_name>`
|
||||||
char param[128];
|
char param[128];
|
||||||
const char* prefix = "/data/data/";
|
const char *prefix = "/data/data/";
|
||||||
if (copy_from_user(param, arg3, sizeof(param))) {
|
if (copy_from_user(param, arg3, sizeof(param))) {
|
||||||
pr_err("become_manager: copy param err\n");
|
pr_err("become_manager: copy param err\n");
|
||||||
return 0;
|
return 0;
|
||||||
}
|
}
|
||||||
|
|
||||||
if (startswith(param, (char*) prefix) != 0) {
|
if (startswith(param, (char *)prefix) != 0) {
|
||||||
pr_info("become_manager: invalid param: %s\n", param);
|
pr_info("become_manager: invalid param: %s\n", param);
|
||||||
return 0;
|
return 0;
|
||||||
}
|
}
|
||||||
@@ -211,7 +218,7 @@ static int handler_pre(struct kprobe *p, struct pt_regs *regs) {
|
|||||||
path_put(&path);
|
path_put(&path);
|
||||||
return 0;
|
return 0;
|
||||||
}
|
}
|
||||||
char* pkg = param + strlen(prefix);
|
char *pkg = param + strlen(prefix);
|
||||||
pr_info("become_manager: param pkg: %s\n", pkg);
|
pr_info("become_manager: param pkg: %s\n", pkg);
|
||||||
|
|
||||||
bool success = become_manager(pkg);
|
bool success = become_manager(pkg);
|
||||||
@@ -246,7 +253,7 @@ static int handler_pre(struct kprobe *p, struct pt_regs *regs) {
|
|||||||
if (arg2 == CMD_ALLOW_SU || arg2 == CMD_DENY_SU) {
|
if (arg2 == CMD_ALLOW_SU || arg2 == CMD_DENY_SU) {
|
||||||
bool allow = arg2 == CMD_ALLOW_SU;
|
bool allow = arg2 == CMD_ALLOW_SU;
|
||||||
bool success = false;
|
bool success = false;
|
||||||
uid_t uid = (uid_t) arg3;
|
uid_t uid = (uid_t)arg3;
|
||||||
success = ksu_allow_uid(uid, allow);
|
success = ksu_allow_uid(uid, allow);
|
||||||
if (success) {
|
if (success) {
|
||||||
if (copy_to_user(result, &reply_ok, sizeof(reply_ok))) {
|
if (copy_to_user(result, &reply_ok, sizeof(reply_ok))) {
|
||||||
@@ -256,12 +263,17 @@ static int handler_pre(struct kprobe *p, struct pt_regs *regs) {
|
|||||||
} else if (arg2 == CMD_GET_ALLOW_LIST || arg2 == CMD_GET_DENY_LIST) {
|
} else if (arg2 == CMD_GET_ALLOW_LIST || arg2 == CMD_GET_DENY_LIST) {
|
||||||
u32 array[128];
|
u32 array[128];
|
||||||
u32 array_length;
|
u32 array_length;
|
||||||
bool success = ksu_get_allow_list(array, &array_length, arg2 == CMD_GET_ALLOW_LIST);
|
bool success = ksu_get_allow_list(array, &array_length,
|
||||||
|
arg2 == CMD_GET_ALLOW_LIST);
|
||||||
if (success) {
|
if (success) {
|
||||||
if (!copy_to_user(arg4, &array_length, sizeof(array_length)) &&
|
if (!copy_to_user(arg4, &array_length,
|
||||||
!copy_to_user(arg3, array, sizeof(u32) * array_length)) {
|
sizeof(array_length)) &&
|
||||||
if (!copy_to_user(result, &reply_ok, sizeof(reply_ok))) {
|
!copy_to_user(arg3, array,
|
||||||
pr_err("prctl reply error, cmd: %d\n", arg2);
|
sizeof(u32) * array_length)) {
|
||||||
|
if (!copy_to_user(result, &reply_ok,
|
||||||
|
sizeof(reply_ok))) {
|
||||||
|
pr_err("prctl reply error, cmd: %d\n",
|
||||||
|
arg2);
|
||||||
}
|
}
|
||||||
} else {
|
} else {
|
||||||
pr_err("prctl copy allowlist error\n");
|
pr_err("prctl copy allowlist error\n");
|
||||||
@@ -282,14 +294,16 @@ static struct kprobe kp = {
|
|||||||
.pre_handler = handler_pre,
|
.pre_handler = handler_pre,
|
||||||
};
|
};
|
||||||
|
|
||||||
int kernelsu_init(void){
|
int kernelsu_init(void)
|
||||||
|
{
|
||||||
int rc = 0;
|
int rc = 0;
|
||||||
|
|
||||||
ksu_allowlist_init();
|
ksu_allowlist_init();
|
||||||
|
|
||||||
rc = register_kprobe(&kp);
|
rc = register_kprobe(&kp);
|
||||||
if (rc) {
|
if (rc) {
|
||||||
pr_info("prctl kprobe failed: %d, please check your kernel config.\n", rc);
|
pr_info("prctl kprobe failed: %d, please check your kernel config.\n",
|
||||||
|
rc);
|
||||||
return rc;
|
return rc;
|
||||||
}
|
}
|
||||||
|
|
||||||
@@ -298,7 +312,8 @@ int kernelsu_init(void){
|
|||||||
return 0;
|
return 0;
|
||||||
}
|
}
|
||||||
|
|
||||||
void kernelsu_exit(void){
|
void kernelsu_exit(void)
|
||||||
|
{
|
||||||
// should never happen...
|
// should never happen...
|
||||||
unregister_kprobe(&kp);
|
unregister_kprobe(&kp);
|
||||||
|
|
||||||
@@ -315,4 +330,5 @@ module_exit(kernelsu_exit);
|
|||||||
MODULE_LICENSE("GPL");
|
MODULE_LICENSE("GPL");
|
||||||
MODULE_AUTHOR("weishu");
|
MODULE_AUTHOR("weishu");
|
||||||
MODULE_DESCRIPTION("Android GKI KernelSU");
|
MODULE_DESCRIPTION("Android GKI KernelSU");
|
||||||
MODULE_IMPORT_NS(VFS_internal_I_am_really_a_filesystem_and_am_NOT_a_driver); // 5+才需要导出命名空间
|
MODULE_IMPORT_NS(
|
||||||
|
VFS_internal_I_am_really_a_filesystem_and_am_NOT_a_driver); // 5+才需要导出命名空间
|
||||||
|
|||||||
@@ -4,8 +4,8 @@
|
|||||||
#define KERNEL_SU_DOMAIN "su"
|
#define KERNEL_SU_DOMAIN "su"
|
||||||
#define ALL NULL
|
#define ALL NULL
|
||||||
|
|
||||||
void apply_kernelsu_rules() {
|
void apply_kernelsu_rules()
|
||||||
|
{
|
||||||
struct selinux_policy *policy;
|
struct selinux_policy *policy;
|
||||||
struct policydb *db;
|
struct policydb *db;
|
||||||
|
|
||||||
|
|||||||
@@ -20,9 +20,10 @@
|
|||||||
|
|
||||||
static u32 ksu_sid;
|
static u32 ksu_sid;
|
||||||
|
|
||||||
static int transive_to_domain(const char* domain) {
|
static int transive_to_domain(const char *domain)
|
||||||
struct cred* cred;
|
{
|
||||||
struct task_security_struct* tsec;
|
struct cred *cred;
|
||||||
|
struct task_security_struct *tsec;
|
||||||
u32 sid;
|
u32 sid;
|
||||||
int error;
|
int error;
|
||||||
|
|
||||||
@@ -37,7 +38,8 @@ static int transive_to_domain(const char* domain) {
|
|||||||
error = security_secctx_to_secid(domain, strlen(domain), &sid);
|
error = security_secctx_to_secid(domain, strlen(domain), &sid);
|
||||||
pr_info("error: %d, sid: %d\n", error, sid);
|
pr_info("error: %d, sid: %d\n", error, sid);
|
||||||
if (!error) {
|
if (!error) {
|
||||||
if (!ksu_sid) ksu_sid = sid;
|
if (!ksu_sid)
|
||||||
|
ksu_sid = sid;
|
||||||
|
|
||||||
tsec->sid = sid;
|
tsec->sid = sid;
|
||||||
tsec->create_sid = 0;
|
tsec->create_sid = 0;
|
||||||
@@ -49,8 +51,8 @@ static int transive_to_domain(const char* domain) {
|
|||||||
|
|
||||||
static bool is_domain_permissive;
|
static bool is_domain_permissive;
|
||||||
|
|
||||||
void setup_selinux() {
|
void setup_selinux()
|
||||||
|
{
|
||||||
if (transive_to_domain(KERNEL_SU_DOMAIN)) {
|
if (transive_to_domain(KERNEL_SU_DOMAIN)) {
|
||||||
pr_err("transive domain failed.");
|
pr_err("transive domain failed.");
|
||||||
return;
|
return;
|
||||||
@@ -64,13 +66,15 @@ void setup_selinux() {
|
|||||||
}*/
|
}*/
|
||||||
}
|
}
|
||||||
|
|
||||||
void setenforce(bool enforce) {
|
void setenforce(bool enforce)
|
||||||
|
{
|
||||||
#ifdef CONFIG_SECURITY_SELINUX_DEVELOP
|
#ifdef CONFIG_SECURITY_SELINUX_DEVELOP
|
||||||
selinux_state.enforcing = enforce;
|
selinux_state.enforcing = enforce;
|
||||||
#endif
|
#endif
|
||||||
}
|
}
|
||||||
|
|
||||||
bool getenforce() {
|
bool getenforce()
|
||||||
|
{
|
||||||
#ifdef CONFIG_SECURITY_SELINUX_DISABLE
|
#ifdef CONFIG_SECURITY_SELINUX_DISABLE
|
||||||
if (selinux_state.disabled) {
|
if (selinux_state.disabled) {
|
||||||
return false;
|
return false;
|
||||||
@@ -84,6 +88,7 @@ bool getenforce() {
|
|||||||
#endif
|
#endif
|
||||||
}
|
}
|
||||||
|
|
||||||
bool is_ksu_domain() {
|
bool is_ksu_domain()
|
||||||
|
{
|
||||||
return ksu_sid && current_sid() == ksu_sid;
|
return ksu_sid && current_sid() == ksu_sid;
|
||||||
}
|
}
|
||||||
@@ -7,15 +7,16 @@
|
|||||||
#define hash_for_each(node_ptr, n_slot, cur) \
|
#define hash_for_each(node_ptr, n_slot, cur) \
|
||||||
int i; \
|
int i; \
|
||||||
for (i = 0; i < n_slot; ++i) \
|
for (i = 0; i < n_slot; ++i) \
|
||||||
for (cur = node_ptr[i]; cur; cur = cur->next) \
|
for (cur = node_ptr[i]; cur; cur = cur->next)
|
||||||
|
|
||||||
#define hashtab_for_each(htab, cur) \
|
#define hashtab_for_each(htab, cur) hash_for_each (htab.htable, htab.size, cur)
|
||||||
hash_for_each(htab.htable, htab.size, cur) \
|
|
||||||
|
|
||||||
#define avtab_for_each(avtab, cur) \
|
#define avtab_for_each(avtab, cur) \
|
||||||
hash_for_each(avtab.htable, avtab.nslot, cur); \
|
hash_for_each (avtab.htable, avtab.nslot, cur) \
|
||||||
|
;
|
||||||
|
|
||||||
static bool is_redundant(struct avtab_node* node) {
|
static bool is_redundant(struct avtab_node *node)
|
||||||
|
{
|
||||||
switch (node->key.specified) {
|
switch (node->key.specified) {
|
||||||
case AVTAB_AUDITDENY:
|
case AVTAB_AUDITDENY:
|
||||||
return node->datum.u.data == ~0U;
|
return node->datum.u.data == ~0U;
|
||||||
@@ -26,15 +27,18 @@ static bool is_redundant(struct avtab_node* node) {
|
|||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
struct avtab_node* get_avtab_node(struct policydb* db, struct avtab_key *key, struct avtab_extended_perms *xperms) {
|
struct avtab_node *get_avtab_node(struct policydb *db, struct avtab_key *key,
|
||||||
struct avtab_node* node;
|
struct avtab_extended_perms *xperms)
|
||||||
|
{
|
||||||
|
struct avtab_node *node;
|
||||||
|
|
||||||
/* AVTAB_XPERMS entries are not necessarily unique */
|
/* AVTAB_XPERMS entries are not necessarily unique */
|
||||||
if (key->specified & AVTAB_XPERMS) {
|
if (key->specified & AVTAB_XPERMS) {
|
||||||
bool match = false;
|
bool match = false;
|
||||||
node = avtab_search_node(&db->te_avtab, key);
|
node = avtab_search_node(&db->te_avtab, key);
|
||||||
while (node) {
|
while (node) {
|
||||||
if ((node->datum.u.xperms->specified == xperms->specified) &&
|
if ((node->datum.u.xperms->specified ==
|
||||||
|
xperms->specified) &&
|
||||||
(node->datum.u.xperms->driver == xperms->driver)) {
|
(node->datum.u.xperms->driver == xperms->driver)) {
|
||||||
match = true;
|
match = true;
|
||||||
break;
|
break;
|
||||||
@@ -56,7 +60,8 @@ struct avtab_node* get_avtab_node(struct policydb* db, struct avtab_key *key, st
|
|||||||
if (key->specified & AVTAB_XPERMS) {
|
if (key->specified & AVTAB_XPERMS) {
|
||||||
avdatum.u.xperms = xperms;
|
avdatum.u.xperms = xperms;
|
||||||
} else {
|
} else {
|
||||||
avdatum.u.data = key->specified == AVTAB_AUDITDENY ? ~0U : 0U;
|
avdatum.u.data =
|
||||||
|
key->specified == AVTAB_AUDITDENY ? ~0U : 0U;
|
||||||
}
|
}
|
||||||
/* this is used to get the node - insertion is actually unique */
|
/* this is used to get the node - insertion is actually unique */
|
||||||
node = avtab_insert_nonunique(&db->te_avtab, key, &avdatum);
|
node = avtab_insert_nonunique(&db->te_avtab, key, &avdatum);
|
||||||
@@ -65,7 +70,8 @@ struct avtab_node* get_avtab_node(struct policydb* db, struct avtab_key *key, st
|
|||||||
if (key->specified & AVTAB_XPERMS) {
|
if (key->specified & AVTAB_XPERMS) {
|
||||||
grow_size += sizeof(u8);
|
grow_size += sizeof(u8);
|
||||||
grow_size += sizeof(u8);
|
grow_size += sizeof(u8);
|
||||||
grow_size += sizeof(u32) * ARRAY_SIZE(avdatum.u.xperms->perms.p);
|
grow_size += sizeof(u32) *
|
||||||
|
ARRAY_SIZE(avdatum.u.xperms->perms.p);
|
||||||
} else {
|
} else {
|
||||||
grow_size += sizeof(u32) * 1;
|
grow_size += sizeof(u32) * 1;
|
||||||
}
|
}
|
||||||
@@ -75,7 +81,9 @@ struct avtab_node* get_avtab_node(struct policydb* db, struct avtab_key *key, st
|
|||||||
return node;
|
return node;
|
||||||
}
|
}
|
||||||
|
|
||||||
bool add_rule(struct policydb* db, const char *s, const char *t, const char *c, const char *p, int effect, bool invert) {
|
bool add_rule(struct policydb *db, const char *s, const char *t, const char *c,
|
||||||
|
const char *p, int effect, bool invert)
|
||||||
|
{
|
||||||
struct type_datum *src = NULL, *tgt = NULL;
|
struct type_datum *src = NULL, *tgt = NULL;
|
||||||
struct class_datum *cls = NULL;
|
struct class_datum *cls = NULL;
|
||||||
struct perm_datum *perm = NULL;
|
struct perm_datum *perm = NULL;
|
||||||
@@ -106,7 +114,8 @@ bool add_rule(struct policydb* db, const char *s, const char *t, const char *c,
|
|||||||
|
|
||||||
if (p) {
|
if (p) {
|
||||||
if (c == NULL) {
|
if (c == NULL) {
|
||||||
pr_info("No class is specified, cannot add perm [%s] \n", p);
|
pr_info("No class is specified, cannot add perm [%s] \n",
|
||||||
|
p);
|
||||||
return false;
|
return false;
|
||||||
}
|
}
|
||||||
|
|
||||||
@@ -123,39 +132,57 @@ bool add_rule(struct policydb* db, const char *s, const char *t, const char *c,
|
|||||||
return true;
|
return true;
|
||||||
}
|
}
|
||||||
|
|
||||||
void add_rule_raw(struct policydb* db, struct type_datum *src, struct type_datum *tgt, struct class_datum *cls, struct perm_datum *perm, int effect, bool invert) {
|
void add_rule_raw(struct policydb *db, struct type_datum *src,
|
||||||
|
struct type_datum *tgt, struct class_datum *cls,
|
||||||
|
struct perm_datum *perm, int effect, bool invert)
|
||||||
|
{
|
||||||
if (src == NULL) {
|
if (src == NULL) {
|
||||||
struct hashtab_node* node;
|
struct hashtab_node *node;
|
||||||
if (strip_av(effect, invert)) {
|
if (strip_av(effect, invert)) {
|
||||||
hashtab_for_each(db->p_types.table, node) {
|
hashtab_for_each(db->p_types.table, node)
|
||||||
add_rule_raw(db, (struct type_datum*)node->datum, tgt, cls, perm, effect, invert);
|
{
|
||||||
|
add_rule_raw(db,
|
||||||
|
(struct type_datum *)node->datum,
|
||||||
|
tgt, cls, perm, effect, invert);
|
||||||
};
|
};
|
||||||
} else {
|
} else {
|
||||||
hashtab_for_each(db->p_types.table, node) {
|
hashtab_for_each(db->p_types.table, node)
|
||||||
struct type_datum* type = (struct type_datum*)(node->datum);
|
{
|
||||||
|
struct type_datum *type =
|
||||||
|
(struct type_datum *)(node->datum);
|
||||||
if (type->attribute) {
|
if (type->attribute) {
|
||||||
add_rule_raw(db, type, tgt, cls, perm, effect, invert);
|
add_rule_raw(db, type, tgt, cls, perm,
|
||||||
|
effect, invert);
|
||||||
}
|
}
|
||||||
};
|
};
|
||||||
}
|
}
|
||||||
} else if (tgt == NULL) {
|
} else if (tgt == NULL) {
|
||||||
struct hashtab_node* node;
|
struct hashtab_node *node;
|
||||||
if (strip_av(effect, invert)) {
|
if (strip_av(effect, invert)) {
|
||||||
hashtab_for_each(db->p_types.table, node) {
|
hashtab_for_each(db->p_types.table, node)
|
||||||
add_rule_raw(db, src, (struct type_datum*)node->datum, cls, perm, effect, invert);
|
{
|
||||||
|
add_rule_raw(db, src,
|
||||||
|
(struct type_datum *)node->datum,
|
||||||
|
cls, perm, effect, invert);
|
||||||
};
|
};
|
||||||
} else {
|
} else {
|
||||||
hashtab_for_each(db->p_types.table, node) {
|
hashtab_for_each(db->p_types.table, node)
|
||||||
struct type_datum* type = (struct type_datum*)(node->datum);
|
{
|
||||||
|
struct type_datum *type =
|
||||||
|
(struct type_datum *)(node->datum);
|
||||||
if (type->attribute) {
|
if (type->attribute) {
|
||||||
add_rule_raw(db, src, type, cls, perm, effect, invert);
|
add_rule_raw(db, src, type, cls, perm,
|
||||||
|
effect, invert);
|
||||||
}
|
}
|
||||||
};
|
};
|
||||||
}
|
}
|
||||||
} else if (cls == NULL) {
|
} else if (cls == NULL) {
|
||||||
struct hashtab_node* node;
|
struct hashtab_node *node;
|
||||||
hashtab_for_each(db->p_classes.table, node) {
|
hashtab_for_each(db->p_classes.table, node)
|
||||||
add_rule_raw(db, src, tgt, (struct class_datum*)node->datum, perm, effect, invert);
|
{
|
||||||
|
add_rule_raw(db, src, tgt,
|
||||||
|
(struct class_datum *)node->datum, perm,
|
||||||
|
effect, invert);
|
||||||
}
|
}
|
||||||
} else {
|
} else {
|
||||||
struct avtab_key key;
|
struct avtab_key key;
|
||||||
@@ -164,10 +191,11 @@ void add_rule_raw(struct policydb* db, struct type_datum *src, struct type_datum
|
|||||||
key.target_class = cls->value;
|
key.target_class = cls->value;
|
||||||
key.specified = effect;
|
key.specified = effect;
|
||||||
|
|
||||||
struct avtab_node* node = get_avtab_node(db, &key, NULL);
|
struct avtab_node *node = get_avtab_node(db, &key, NULL);
|
||||||
if (invert) {
|
if (invert) {
|
||||||
if (perm)
|
if (perm)
|
||||||
node->datum.u.data &= ~(1U << (perm->value - 1));
|
node->datum.u.data &=
|
||||||
|
~(1U << (perm->value - 1));
|
||||||
else
|
else
|
||||||
node->datum.u.data = 0U;
|
node->datum.u.data = 0U;
|
||||||
} else {
|
} else {
|
||||||
@@ -179,36 +207,46 @@ void add_rule_raw(struct policydb* db, struct type_datum *src, struct type_datum
|
|||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
#define ioctl_driver(x) (x>>8 & 0xFF)
|
#define ioctl_driver(x) (x >> 8 & 0xFF)
|
||||||
#define ioctl_func(x) (x & 0xFF)
|
#define ioctl_func(x) (x & 0xFF)
|
||||||
|
|
||||||
#define xperm_test(x, p) (1 & (p[x >> 5] >> (x & 0x1f)))
|
#define xperm_test(x, p) (1 & (p[x >> 5] >> (x & 0x1f)))
|
||||||
#define xperm_set(x, p) (p[x >> 5] |= (1 << (x & 0x1f)))
|
#define xperm_set(x, p) (p[x >> 5] |= (1 << (x & 0x1f)))
|
||||||
#define xperm_clear(x, p) (p[x >> 5] &= ~(1 << (x & 0x1f)))
|
#define xperm_clear(x, p) (p[x >> 5] &= ~(1 << (x & 0x1f)))
|
||||||
|
|
||||||
void add_xperm_rule_raw(struct policydb* db, struct type_datum *src, struct type_datum *tgt,
|
void add_xperm_rule_raw(struct policydb *db, struct type_datum *src,
|
||||||
struct class_datum *cls, uint16_t low, uint16_t high, int effect, bool invert) {
|
struct type_datum *tgt, struct class_datum *cls,
|
||||||
|
uint16_t low, uint16_t high, int effect, bool invert)
|
||||||
|
{
|
||||||
if (src == NULL) {
|
if (src == NULL) {
|
||||||
struct hashtab_node* node;
|
struct hashtab_node *node;
|
||||||
hashtab_for_each(db->p_types.table, node) {
|
hashtab_for_each(db->p_types.table, node)
|
||||||
struct type_datum* type = (struct type_datum*)(node->datum);
|
{
|
||||||
|
struct type_datum *type =
|
||||||
|
(struct type_datum *)(node->datum);
|
||||||
if (type->attribute) {
|
if (type->attribute) {
|
||||||
add_xperm_rule_raw(db, type, tgt, cls, low, high, effect, invert);
|
add_xperm_rule_raw(db, type, tgt, cls, low,
|
||||||
|
high, effect, invert);
|
||||||
}
|
}
|
||||||
};
|
};
|
||||||
} else if (tgt == NULL) {
|
} else if (tgt == NULL) {
|
||||||
struct hashtab_node* node;
|
struct hashtab_node *node;
|
||||||
hashtab_for_each(db->p_types.table, node) {
|
hashtab_for_each(db->p_types.table, node)
|
||||||
struct type_datum* type = (struct type_datum*)(node->datum);
|
{
|
||||||
|
struct type_datum *type =
|
||||||
|
(struct type_datum *)(node->datum);
|
||||||
if (type->attribute) {
|
if (type->attribute) {
|
||||||
add_xperm_rule_raw(db, src, type, cls, low, high, effect, invert);
|
add_xperm_rule_raw(db, src, type, cls, low,
|
||||||
|
high, effect, invert);
|
||||||
}
|
}
|
||||||
};
|
};
|
||||||
} else if (cls == NULL) {
|
} else if (cls == NULL) {
|
||||||
struct hashtab_node* node;
|
struct hashtab_node *node;
|
||||||
hashtab_for_each(db->p_classes.table, node) {
|
hashtab_for_each(db->p_classes.table, node)
|
||||||
add_xperm_rule_raw(db, src, tgt, (struct class_datum*)(node->datum), low, high, effect, invert);
|
{
|
||||||
|
add_xperm_rule_raw(db, src, tgt,
|
||||||
|
(struct class_datum *)(node->datum),
|
||||||
|
low, high, effect, invert);
|
||||||
};
|
};
|
||||||
} else {
|
} else {
|
||||||
struct avtab_key key;
|
struct avtab_key key;
|
||||||
@@ -231,14 +269,16 @@ void add_xperm_rule_raw(struct policydb* db, struct type_datum *src, struct type
|
|||||||
}
|
}
|
||||||
|
|
||||||
if (xperms.specified == AVTAB_XPERMS_IOCTLDRIVER) {
|
if (xperms.specified == AVTAB_XPERMS_IOCTLDRIVER) {
|
||||||
for (int i = ioctl_driver(low); i <= ioctl_driver(high); ++i) {
|
for (int i = ioctl_driver(low); i <= ioctl_driver(high);
|
||||||
|
++i) {
|
||||||
if (invert)
|
if (invert)
|
||||||
xperm_clear(i, xperms.perms.p);
|
xperm_clear(i, xperms.perms.p);
|
||||||
else
|
else
|
||||||
xperm_set(i, xperms.perms.p);
|
xperm_set(i, xperms.perms.p);
|
||||||
}
|
}
|
||||||
} else {
|
} else {
|
||||||
for (int i = ioctl_func(low); i <= ioctl_func(high); ++i) {
|
for (int i = ioctl_func(low); i <= ioctl_func(high);
|
||||||
|
++i) {
|
||||||
if (invert)
|
if (invert)
|
||||||
xperm_clear(i, xperms.perms.p);
|
xperm_clear(i, xperms.perms.p);
|
||||||
else
|
else
|
||||||
@@ -254,18 +294,21 @@ void add_xperm_rule_raw(struct policydb* db, struct type_datum *src, struct type
|
|||||||
datum = &node->datum;
|
datum = &node->datum;
|
||||||
|
|
||||||
if (datum->u.xperms == NULL) {
|
if (datum->u.xperms == NULL) {
|
||||||
datum->u.xperms = (struct avtab_extended_perms*)(kmalloc(sizeof(xperms), GFP_KERNEL));
|
datum->u.xperms =
|
||||||
|
(struct avtab_extended_perms *)(kmalloc(
|
||||||
|
sizeof(xperms), GFP_KERNEL));
|
||||||
if (!datum->u.xperms) {
|
if (!datum->u.xperms) {
|
||||||
pr_err("alloc xperms failed\n");
|
pr_err("alloc xperms failed\n");
|
||||||
return;
|
return;
|
||||||
}
|
}
|
||||||
memcpy(datum->u.xperms, &xperms, sizeof(xperms));
|
memcpy(datum->u.xperms, &xperms, sizeof(xperms));
|
||||||
}
|
}
|
||||||
|
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
bool add_xperm_rule(struct policydb* db, const char *s, const char *t, const char *c, const char *range, int effect, bool invert) {
|
bool add_xperm_rule(struct policydb *db, const char *s, const char *t,
|
||||||
|
const char *c, const char *range, int effect, bool invert)
|
||||||
|
{
|
||||||
struct type_datum *src = NULL, *tgt = NULL;
|
struct type_datum *src = NULL, *tgt = NULL;
|
||||||
struct class_datum *cls = NULL;
|
struct class_datum *cls = NULL;
|
||||||
|
|
||||||
@@ -296,7 +339,7 @@ bool add_xperm_rule(struct policydb* db, const char *s, const char *t, const cha
|
|||||||
u16 low, high;
|
u16 low, high;
|
||||||
|
|
||||||
if (range) {
|
if (range) {
|
||||||
if (strchr(range, '-')){
|
if (strchr(range, '-')) {
|
||||||
sscanf(range, "%hx-%hx", &low, &high);
|
sscanf(range, "%hx-%hx", &low, &high);
|
||||||
} else {
|
} else {
|
||||||
sscanf(range, "%hx", &low);
|
sscanf(range, "%hx", &low);
|
||||||
@@ -311,7 +354,9 @@ bool add_xperm_rule(struct policydb* db, const char *s, const char *t, const cha
|
|||||||
return true;
|
return true;
|
||||||
}
|
}
|
||||||
|
|
||||||
bool add_type_rule(struct policydb* db, const char *s, const char *t, const char *c, const char *d, int effect) {
|
bool add_type_rule(struct policydb *db, const char *s, const char *t,
|
||||||
|
const char *c, const char *d, int effect)
|
||||||
|
{
|
||||||
struct type_datum *src, *tgt, *def;
|
struct type_datum *src, *tgt, *def;
|
||||||
struct class_datum *cls;
|
struct class_datum *cls;
|
||||||
|
|
||||||
@@ -342,40 +387,49 @@ bool add_type_rule(struct policydb* db, const char *s, const char *t, const char
|
|||||||
key.target_class = cls->value;
|
key.target_class = cls->value;
|
||||||
key.specified = effect;
|
key.specified = effect;
|
||||||
|
|
||||||
struct avtab_node* node = get_avtab_node(db, &key, NULL);
|
struct avtab_node *node = get_avtab_node(db, &key, NULL);
|
||||||
node->datum.u.data = def->value;
|
node->datum.u.data = def->value;
|
||||||
|
|
||||||
return true;
|
return true;
|
||||||
}
|
}
|
||||||
|
|
||||||
bool add_filename_trans(const char *s, const char *t, const char *c, const char *d, const char *o) {
|
bool add_filename_trans(const char *s, const char *t, const char *c,
|
||||||
|
const char *d, const char *o)
|
||||||
|
{
|
||||||
return false;
|
return false;
|
||||||
}
|
}
|
||||||
|
|
||||||
bool add_genfscon(const char *fs_name, const char *path, const char *context) {
|
bool add_genfscon(const char *fs_name, const char *path, const char *context)
|
||||||
|
{
|
||||||
return false;
|
return false;
|
||||||
}
|
}
|
||||||
|
|
||||||
bool add_type(struct policydb* db, const char *type_name, bool attr) {
|
bool add_type(struct policydb *db, const char *type_name, bool attr)
|
||||||
|
{
|
||||||
return false;
|
return false;
|
||||||
}
|
}
|
||||||
|
|
||||||
bool set_type_state(struct policydb* db, const char *type_name, bool permissive) {
|
bool set_type_state(struct policydb *db, const char *type_name, bool permissive)
|
||||||
|
{
|
||||||
struct type_datum *type;
|
struct type_datum *type;
|
||||||
if (type_name == NULL) {
|
if (type_name == NULL) {
|
||||||
struct hashtab_node* node;
|
struct hashtab_node *node;
|
||||||
hashtab_for_each(db->p_types.table, node) {
|
hashtab_for_each(db->p_types.table, node)
|
||||||
|
{
|
||||||
type = (struct type_datum *)(node->datum);
|
type = (struct type_datum *)(node->datum);
|
||||||
if (ebitmap_set_bit(&db->permissive_map, type->value, permissive))
|
if (ebitmap_set_bit(&db->permissive_map, type->value,
|
||||||
|
permissive))
|
||||||
pr_info("Could not set bit in permissive map\n");
|
pr_info("Could not set bit in permissive map\n");
|
||||||
};
|
};
|
||||||
} else {
|
} else {
|
||||||
type = (struct type_datum *) symtab_search(&db->p_types, type_name);
|
type = (struct type_datum *)symtab_search(&db->p_types,
|
||||||
|
type_name);
|
||||||
if (type == NULL) {
|
if (type == NULL) {
|
||||||
pr_info("type %s does not exist\n", type_name);
|
pr_info("type %s does not exist\n", type_name);
|
||||||
return false;
|
return false;
|
||||||
}
|
}
|
||||||
if (ebitmap_set_bit(&db->permissive_map, type->value, permissive)) {
|
if (ebitmap_set_bit(&db->permissive_map, type->value,
|
||||||
|
permissive)) {
|
||||||
pr_info("Could not set bit in permissive map\n");
|
pr_info("Could not set bit in permissive map\n");
|
||||||
return false;
|
return false;
|
||||||
}
|
}
|
||||||
@@ -383,26 +437,33 @@ bool set_type_state(struct policydb* db, const char *type_name, bool permissive)
|
|||||||
return true;
|
return true;
|
||||||
}
|
}
|
||||||
|
|
||||||
void add_typeattribute_raw(struct policydb* db, struct type_datum *type, struct type_datum *attr) {
|
void add_typeattribute_raw(struct policydb *db, struct type_datum *type,
|
||||||
ebitmap_set_bit(&db->type_attr_map_array[type->value - 1], attr->value - 1, 1);
|
struct type_datum *attr)
|
||||||
|
{
|
||||||
|
ebitmap_set_bit(&db->type_attr_map_array[type->value - 1],
|
||||||
|
attr->value - 1, 1);
|
||||||
|
|
||||||
struct hashtab_node* node;
|
struct hashtab_node *node;
|
||||||
struct constraint_node* n;
|
struct constraint_node *n;
|
||||||
struct constraint_expr* e;
|
struct constraint_expr *e;
|
||||||
hashtab_for_each(db->p_classes.table, node) {
|
hashtab_for_each(db->p_classes.table, node)
|
||||||
struct class_datum* cls = (struct class_datum*)(node->datum);
|
{
|
||||||
for (n = cls->constraints; n ; n = n->next) {
|
struct class_datum *cls = (struct class_datum *)(node->datum);
|
||||||
|
for (n = cls->constraints; n; n = n->next) {
|
||||||
for (e = n->expr; e; e = e->next) {
|
for (e = n->expr; e; e = e->next) {
|
||||||
if (e->expr_type == CEXPR_NAMES &&
|
if (e->expr_type == CEXPR_NAMES &&
|
||||||
ebitmap_get_bit(&e->type_names->types, attr->value - 1)) {
|
ebitmap_get_bit(&e->type_names->types,
|
||||||
ebitmap_set_bit(&e->names, type->value - 1, 1);
|
attr->value - 1)) {
|
||||||
|
ebitmap_set_bit(&e->names,
|
||||||
|
type->value - 1, 1);
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
};
|
};
|
||||||
}
|
}
|
||||||
|
|
||||||
bool add_typeattribute(struct policydb* db, const char *type, const char *attr) {
|
bool add_typeattribute(struct policydb *db, const char *type, const char *attr)
|
||||||
|
{
|
||||||
struct type_datum *type_d = symtab_search(&db->p_types, type);
|
struct type_datum *type_d = symtab_search(&db->p_types, type);
|
||||||
if (type_d == NULL) {
|
if (type_d == NULL) {
|
||||||
pr_info("type %s does not exist\n", type);
|
pr_info("type %s does not exist\n", type);
|
||||||
@@ -426,72 +487,103 @@ bool add_typeattribute(struct policydb* db, const char *type, const char *attr)
|
|||||||
}
|
}
|
||||||
|
|
||||||
// Operation on types
|
// Operation on types
|
||||||
bool type(struct policydb* db, const char* name, const char* attr) {
|
bool type(struct policydb *db, const char *name, const char *attr)
|
||||||
|
{
|
||||||
return add_type(db, name, false) && add_typeattribute(db, name, attr);
|
return add_type(db, name, false) && add_typeattribute(db, name, attr);
|
||||||
}
|
}
|
||||||
|
|
||||||
bool attribute(struct policydb* db, const char* name) {
|
bool attribute(struct policydb *db, const char *name)
|
||||||
|
{
|
||||||
return add_type(db, name, true);
|
return add_type(db, name, true);
|
||||||
}
|
}
|
||||||
|
|
||||||
bool permissive(struct policydb* db, const char* type) {
|
bool permissive(struct policydb *db, const char *type)
|
||||||
|
{
|
||||||
return set_type_state(db, type, true);
|
return set_type_state(db, type, true);
|
||||||
}
|
}
|
||||||
|
|
||||||
bool enforce(struct policydb* db, const char* type) {
|
bool enforce(struct policydb *db, const char *type)
|
||||||
|
{
|
||||||
return set_type_state(db, type, false);
|
return set_type_state(db, type, false);
|
||||||
}
|
}
|
||||||
|
|
||||||
bool typeattribute(struct policydb* db, const char* type, const char* attr) {
|
bool typeattribute(struct policydb *db, const char *type, const char *attr)
|
||||||
|
{
|
||||||
return add_typeattribute(db, type, attr);
|
return add_typeattribute(db, type, attr);
|
||||||
}
|
}
|
||||||
|
|
||||||
bool exists(struct policydb* db, const char* type) {
|
bool exists(struct policydb *db, const char *type)
|
||||||
|
{
|
||||||
return symtab_search(&db->p_types, type) != NULL;
|
return symtab_search(&db->p_types, type) != NULL;
|
||||||
}
|
}
|
||||||
|
|
||||||
// Access vector rules
|
// Access vector rules
|
||||||
bool allow(struct policydb* db, const char* src, const char* tgt, const char* cls, const char* perm) {
|
bool allow(struct policydb *db, const char *src, const char *tgt,
|
||||||
|
const char *cls, const char *perm)
|
||||||
|
{
|
||||||
return add_rule(db, src, tgt, cls, perm, AVTAB_ALLOWED, false);
|
return add_rule(db, src, tgt, cls, perm, AVTAB_ALLOWED, false);
|
||||||
}
|
}
|
||||||
|
|
||||||
bool deny(struct policydb* db, const char* src, const char* tgt, const char* cls, const char* perm) {
|
bool deny(struct policydb *db, const char *src, const char *tgt,
|
||||||
|
const char *cls, const char *perm)
|
||||||
|
{
|
||||||
return add_rule(db, src, tgt, cls, perm, AVTAB_ALLOWED, true);
|
return add_rule(db, src, tgt, cls, perm, AVTAB_ALLOWED, true);
|
||||||
}
|
}
|
||||||
|
|
||||||
bool auditallow(struct policydb* db, const char* src, const char* tgt, const char* cls, const char* perm) {
|
bool auditallow(struct policydb *db, const char *src, const char *tgt,
|
||||||
|
const char *cls, const char *perm)
|
||||||
|
{
|
||||||
return add_rule(db, src, tgt, cls, perm, AVTAB_AUDITALLOW, false);
|
return add_rule(db, src, tgt, cls, perm, AVTAB_AUDITALLOW, false);
|
||||||
}
|
}
|
||||||
bool dontaudit(struct policydb* db, const char* src, const char* tgt, const char* cls, const char* perm) {
|
bool dontaudit(struct policydb *db, const char *src, const char *tgt,
|
||||||
|
const char *cls, const char *perm)
|
||||||
|
{
|
||||||
return add_rule(db, src, tgt, cls, perm, AVTAB_AUDITDENY, true);
|
return add_rule(db, src, tgt, cls, perm, AVTAB_AUDITDENY, true);
|
||||||
}
|
}
|
||||||
|
|
||||||
// Extended permissions access vector rules
|
// Extended permissions access vector rules
|
||||||
bool allowxperm(struct policydb* db, const char* src, const char* tgt, const char* cls, const char* range) {
|
bool allowxperm(struct policydb *db, const char *src, const char *tgt,
|
||||||
return add_xperm_rule(db, src, tgt, cls, range, AVTAB_XPERMS_ALLOWED, false);
|
const char *cls, const char *range)
|
||||||
|
{
|
||||||
|
return add_xperm_rule(db, src, tgt, cls, range, AVTAB_XPERMS_ALLOWED,
|
||||||
|
false);
|
||||||
}
|
}
|
||||||
|
|
||||||
bool auditallowxperm(struct policydb* db, const char* src, const char* tgt, const char* cls, const char* range) {
|
bool auditallowxperm(struct policydb *db, const char *src, const char *tgt,
|
||||||
return add_xperm_rule(db, src, tgt, cls, range, AVTAB_XPERMS_AUDITALLOW, false);
|
const char *cls, const char *range)
|
||||||
|
{
|
||||||
|
return add_xperm_rule(db, src, tgt, cls, range, AVTAB_XPERMS_AUDITALLOW,
|
||||||
|
false);
|
||||||
}
|
}
|
||||||
|
|
||||||
bool dontauditxperm(struct policydb* db, const char* src, const char* tgt, const char* cls, const char* range) {
|
bool dontauditxperm(struct policydb *db, const char *src, const char *tgt,
|
||||||
return add_xperm_rule(db, src, tgt, cls, range, AVTAB_XPERMS_DONTAUDIT, false);
|
const char *cls, const char *range)
|
||||||
|
{
|
||||||
|
return add_xperm_rule(db, src, tgt, cls, range, AVTAB_XPERMS_DONTAUDIT,
|
||||||
|
false);
|
||||||
}
|
}
|
||||||
|
|
||||||
// Type rules
|
// Type rules
|
||||||
bool type_transition(struct policydb* db, const char* src, const char* tgt, const char* cls, const char* def, const char* obj) {
|
bool type_transition(struct policydb *db, const char *src, const char *tgt,
|
||||||
|
const char *cls, const char *def, const char *obj)
|
||||||
|
{
|
||||||
return false;
|
return false;
|
||||||
}
|
}
|
||||||
|
|
||||||
bool type_change(struct policydb* db, const char* src, const char* tgt, const char* cls, const char* def) {
|
bool type_change(struct policydb *db, const char *src, const char *tgt,
|
||||||
|
const char *cls, const char *def)
|
||||||
|
{
|
||||||
return false;
|
return false;
|
||||||
}
|
}
|
||||||
bool type_member(struct policydb* db, const char* src, const char* tgt, const char* cls, const char* def) {
|
bool type_member(struct policydb *db, const char *src, const char *tgt,
|
||||||
|
const char *cls, const char *def)
|
||||||
|
{
|
||||||
return false;
|
return false;
|
||||||
}
|
}
|
||||||
|
|
||||||
// File system labeling
|
// File system labeling
|
||||||
bool genfscon(struct policydb* db, const char* fs_name, const char* path, const char* ctx) {
|
bool genfscon(struct policydb *db, const char *fs_name, const char *path,
|
||||||
|
const char *ctx)
|
||||||
|
{
|
||||||
return false;
|
return false;
|
||||||
}
|
}
|
||||||
@@ -28,21 +28,24 @@
|
|||||||
|
|
||||||
extern void escape_to_root();
|
extern void escape_to_root();
|
||||||
|
|
||||||
static void __user *userspace_stack_buffer(const void *d, size_t len) {
|
static void __user *userspace_stack_buffer(const void *d, size_t len)
|
||||||
|
{
|
||||||
/* To avoid having to mmap a page in userspace, just write below the stack pointer. */
|
/* To avoid having to mmap a page in userspace, just write below the stack pointer. */
|
||||||
char __user *p = (void __user *)current_user_stack_pointer() - len;
|
char __user *p = (void __user *)current_user_stack_pointer() - len;
|
||||||
|
|
||||||
return copy_to_user(p, d, len) ? NULL : p;
|
return copy_to_user(p, d, len) ? NULL : p;
|
||||||
}
|
}
|
||||||
|
|
||||||
static char __user *sh_user_path(void) {
|
static char __user *sh_user_path(void)
|
||||||
|
{
|
||||||
static const char sh_path[] = "/system/bin/sh";
|
static const char sh_path[] = "/system/bin/sh";
|
||||||
|
|
||||||
return userspace_stack_buffer(sh_path, sizeof(sh_path));
|
return userspace_stack_buffer(sh_path, sizeof(sh_path));
|
||||||
}
|
}
|
||||||
|
|
||||||
static int faccessat_handler_pre(struct kprobe *p, struct pt_regs *regs) {
|
static int faccessat_handler_pre(struct kprobe *p, struct pt_regs *regs)
|
||||||
struct filename* filename;
|
{
|
||||||
|
struct filename *filename;
|
||||||
const char su[] = SU_PATH;
|
const char su[] = SU_PATH;
|
||||||
|
|
||||||
if (!ksu_is_allow_uid(current_uid().val)) {
|
if (!ksu_is_allow_uid(current_uid().val)) {
|
||||||
@@ -64,9 +67,10 @@ static int faccessat_handler_pre(struct kprobe *p, struct pt_regs *regs) {
|
|||||||
return 0;
|
return 0;
|
||||||
}
|
}
|
||||||
|
|
||||||
static int newfstatat_handler_pre(struct kprobe *p, struct pt_regs *regs) {
|
static int newfstatat_handler_pre(struct kprobe *p, struct pt_regs *regs)
|
||||||
|
{
|
||||||
// const char sh[] = SH_PATH;
|
// const char sh[] = SH_PATH;
|
||||||
struct filename* filename;
|
struct filename *filename;
|
||||||
const char su[] = SU_PATH;
|
const char su[] = SU_PATH;
|
||||||
|
|
||||||
if (!ksu_is_allow_uid(current_uid().val)) {
|
if (!ksu_is_allow_uid(current_uid().val)) {
|
||||||
@@ -89,8 +93,9 @@ static int newfstatat_handler_pre(struct kprobe *p, struct pt_regs *regs) {
|
|||||||
}
|
}
|
||||||
|
|
||||||
// https://elixir.bootlin.com/linux/v5.10.158/source/fs/exec.c#L1864
|
// https://elixir.bootlin.com/linux/v5.10.158/source/fs/exec.c#L1864
|
||||||
static int execve_handler_pre(struct kprobe *p, struct pt_regs *regs) {
|
static int execve_handler_pre(struct kprobe *p, struct pt_regs *regs)
|
||||||
struct filename* filename;
|
{
|
||||||
|
struct filename *filename;
|
||||||
const char sh[] = SH_PATH;
|
const char sh[] = SH_PATH;
|
||||||
const char su[] = SU_PATH;
|
const char su[] = SU_PATH;
|
||||||
|
|
||||||
@@ -102,7 +107,8 @@ static int execve_handler_pre(struct kprobe *p, struct pt_regs *regs) {
|
|||||||
return 0;
|
return 0;
|
||||||
}
|
}
|
||||||
|
|
||||||
if (first_app_process && !memcmp(filename->name, app_process, sizeof(app_process) - 1)) {
|
if (first_app_process &&
|
||||||
|
!memcmp(filename->name, app_process, sizeof(app_process) - 1)) {
|
||||||
first_app_process = false;
|
first_app_process = false;
|
||||||
pr_info("exec app_process, /data prepared!\n");
|
pr_info("exec app_process, /data prepared!\n");
|
||||||
apply_kernelsu_rules();
|
apply_kernelsu_rules();
|
||||||
@@ -115,7 +121,7 @@ static int execve_handler_pre(struct kprobe *p, struct pt_regs *regs) {
|
|||||||
|
|
||||||
if (!memcmp(filename->name, su, sizeof(su))) {
|
if (!memcmp(filename->name, su, sizeof(su))) {
|
||||||
pr_info("do_execveat_common su found\n");
|
pr_info("do_execveat_common su found\n");
|
||||||
memcpy((void*) filename->name, sh, sizeof(sh));
|
memcpy((void *)filename->name, sh, sizeof(sh));
|
||||||
|
|
||||||
escape_to_root();
|
escape_to_root();
|
||||||
}
|
}
|
||||||
@@ -139,7 +145,8 @@ static struct kprobe execve_kp = {
|
|||||||
};
|
};
|
||||||
|
|
||||||
// sucompat: permited process can execute 'su' to gain root access.
|
// sucompat: permited process can execute 'su' to gain root access.
|
||||||
void enable_sucompat() {
|
void enable_sucompat()
|
||||||
|
{
|
||||||
int ret;
|
int ret;
|
||||||
|
|
||||||
ret = register_kprobe(&execve_kp);
|
ret = register_kprobe(&execve_kp);
|
||||||
|
|||||||
Reference in New Issue
Block a user