70 lines
1.7 KiB
C
70 lines
1.7 KiB
C
#include <linux/version.h>
|
|
#include <linux/kprobes.h>
|
|
|
|
#include "arch.h"
|
|
#include "ksu.h"
|
|
#include "klog.h"
|
|
|
|
static int handler_pre(struct kprobe *p, struct pt_regs *regs)
|
|
{
|
|
#if LINUX_VERSION_CODE >= KERNEL_VERSION(4, 16, 0)
|
|
struct pt_regs *real_regs = (struct pt_regs *)PT_REGS_PARM1(regs);
|
|
#else
|
|
struct pt_regs *real_regs = regs;
|
|
#endif
|
|
int option = (int)PT_REGS_PARM1(real_regs);
|
|
unsigned long arg2 = (unsigned long)PT_REGS_PARM2(real_regs);
|
|
unsigned long arg3 = (unsigned long)PT_REGS_PARM3(real_regs);
|
|
unsigned long arg4 = (unsigned long)PT_REGS_PARM4(real_regs);
|
|
unsigned long arg5 = (unsigned long)PT_REGS_PARM5(real_regs);
|
|
|
|
return ksu_handle_prctl(option, arg2, arg3, arg4, arg5);
|
|
}
|
|
|
|
static struct kprobe prctl_kp = {
|
|
.symbol_name = PRCTL_SYMBOL,
|
|
.pre_handler = handler_pre,
|
|
};
|
|
|
|
static int renameat_handler_pre(struct kprobe *p, struct pt_regs *regs)
|
|
{
|
|
#if LINUX_VERSION_CODE >= KERNEL_VERSION(5, 12, 0)
|
|
// https://elixir.bootlin.com/linux/v5.12-rc1/source/include/linux/fs.h
|
|
struct renamedata *rd = PT_REGS_PARM1(regs);
|
|
struct dentry *old_entry = rd->old_dentry;
|
|
struct dentry *new_entry = rd->new_dentry;
|
|
#else
|
|
struct dentry *old_entry = PT_REGS_PARM2(regs);
|
|
struct dentry *new_entry = PT_REGS_PARM4(regs);
|
|
#endif
|
|
|
|
return ksu_handle_rename(old_entry, new_entry);
|
|
}
|
|
|
|
static struct kprobe renameat_kp = {
|
|
.symbol_name = "vfs_rename",
|
|
.pre_handler = renameat_handler_pre,
|
|
};
|
|
|
|
__maybe_unused int ksu_kprobe_init()
|
|
{
|
|
int rc = 0;
|
|
rc = register_kprobe(&prctl_kp);
|
|
|
|
if (rc) {
|
|
pr_info("prctl kprobe failed: %d.\n", rc);
|
|
return rc;
|
|
}
|
|
|
|
rc = register_kprobe(&renameat_kp);
|
|
pr_info("renameat kp: %d\n", rc);
|
|
|
|
return rc;
|
|
}
|
|
|
|
__maybe_unused int ksu_kprobe_exit()
|
|
{
|
|
unregister_kprobe(&prctl_kp);
|
|
unregister_kprobe(&renameat_kp);
|
|
return 0;
|
|
} |