diff --git a/kernel/include/cache.h b/kernel/include/cache.h index 0e31fe8..1c0c4e2 100644 --- a/kernel/include/cache.h +++ b/kernel/include/cache.h @@ -45,7 +45,7 @@ enum dma_data_direction static inline uint32_t current_el(void) { uint32_t el; - asm volatile("mrs %w0, CurrentEL" : "=r"(el)); + asm volatile("mrs %0, CurrentEL" : "=r"(el)); return el >> 2; } diff --git a/kernel/include/hook.h b/kernel/include/hook.h index 0d028c4..b9ced84 100644 --- a/kernel/include/hook.h +++ b/kernel/include/hook.h @@ -14,13 +14,12 @@ typedef enum { HOOK_NO_ERR = 0, - HOOK_BAD_ADDRESS = 4089, - HOOK_NO_MEM = 4090, - HOOK_BAD_RELO = 4091, - HOOK_TRANSIT_NO_MEM = 4092, - HOOK_CHAIN_FULL = 4093, - HOOK_NOT_HOOK = 4094, - HOOK_INST_BUSY = 4095, + HOOK_BAD_ADDRESS = 4095, + HOOK_DUPLICATED = 4094, + HOOK_NO_MEM = 4093, + HOOK_BAD_RELO = 4092, + HOOK_TRANSIT_NO_MEM = 4091, + HOOK_CHAIN_FULL = 4090, } hook_err_t; enum hook_type @@ -38,7 +37,7 @@ typedef int8_t chain_item_state; #define CHAIN_ITEM_STATE_BUSY 2 #define local_offsetof(TYPE, MEMBER) ((size_t) & ((TYPE *)0)->MEMBER) -#define local_container_of(ptr, type, member) ({ (type *)((char *)(ptr)-local_offsetof(type, member)); }) +#define local_container_of(ptr, type, member) ({ (type *)((char *)(ptr) - local_offsetof(type, member)); }) #define HOOK_MEM_REGION_NUM 4 #define TRAMPOLINE_NUM 4 @@ -50,6 +49,9 @@ typedef int8_t chain_item_state; #define FP_HOOK_CHAIN_NUM 0x20 #define ARM64_NOP 0xd503201f +#define ARM64_BTI_C 0xd503245f +#define ARM64_BTI_J 0xd503249f +#define ARM64_BTI_JC 0xd50324df typedef struct { @@ -59,8 +61,8 @@ typedef struct uint64_t replace_addr; uint64_t relo_addr; // out - int32_t tramp_insts_len; - int32_t relo_insts_len; + int32_t tramp_insts_num; + int32_t relo_insts_num; uint32_t origin_insts[TRAMPOLINE_NUM] __attribute__((aligned(8))); uint32_t tramp_insts[TRAMPOLINE_NUM] __attribute__((aligned(8))); uint32_t relo_insts[RELOCATE_INST_NUM] __attribute__((aligned(8))); @@ -242,13 +244,74 @@ int32_t ret_absolute(uint32_t *buf, uint64_t addr); hook_err_t hook_prepare(hook_t *hook); void hook_install(hook_t *hook); void hook_uninstall(hook_t *hook); + +/** + * @brief Inline-hook function which address is @param func with function @param replace, + * after hook, original @param func is backuped in @param backup. + * + * @note If multiple modules hook this function simultaneously, + * it will cause abnormality when unload the modules. Please use hook_wrap instead + * + * @see hook_wrap + * + * @param func + * @param replace + * @param backup + * @return hook_err_t + */ hook_err_t hook(void *func, void *replace, void **backup); + +/** + * @brief unhook of hooked function + * + * @param func + */ void unhook(void *func); -// todo: hook priority +/** + * @brief + * + * @param chain + * @param before + * @param after + * @param udata + * @return hook_err_t + */ hook_err_t hook_chain_add(hook_chain_t *chain, void *before, void *after, void *udata); +/** + * @brief + * + * @param chain + * @param before + * @param after + */ void hook_chain_remove(hook_chain_t *chain, void *before, void *after); + +/** + * @brief Wrap a function with before and after function. + * The same function can do hook and unhook multiple times + * + * @see hook_chain0_callback + * @see hook_fargs0_t + * + * @param func The address of function + * @param argno The number of method arguments + * @param before This function will be called before hooked function, + * the type of before is hook_chain{n}_callback which n is equal to argno. + * @param after The same as before but will be call after hooked function + * @param udata + * @return hook_err_t + */ hook_err_t hook_wrap(void *func, int32_t argno, void *before, void *after, void *udata); + +/** + * @brief + * + * @param func + * @param before + * @param after + * @param remove + */ void hook_unwrap_remove(void *func, void *before, void *after, int remove); static inline void hook_unwrap(void *func, void *before, void *after) @@ -256,18 +319,64 @@ static inline void hook_unwrap(void *func, void *before, void *after) return hook_unwrap_remove(func, before, after, 1); } -static inline void *hook_chain_origin_func(void *hook_args) +/** + * @param hook_args + */ +static inline void *wrap_get_origin_func(void *hook_args) { hook_fargs0_t *args = (hook_fargs0_t *)hook_args; hook_chain_t *chain = (hook_chain_t *)args->chain; return (void *)chain->hook.relo_addr; } +/** + * @brief + * + * @param fp_addr + * @param replace + * @param backup + */ void fp_hook(uintptr_t fp_addr, void *replace, void **backup); + +/** + * @brief + * + * @param fp_addr + * @param backup + */ void fp_unhook(uintptr_t fp_addr, void *backup); + +/** + * @brief + * + * @param fp_addr + * @param argno + * @param before + * @param after + * @param udata + * @return hook_err_t + */ hook_err_t fp_hook_wrap(uintptr_t fp_addr, int32_t argno, void *before, void *after, void *udata); + +/** + * @brief + * + * @param fp_addr + * @param before + * @param after + */ void fp_hook_unwrap(uintptr_t fp_addr, void *before, void *after); +/** + * + */ +static inline void *fp_get_origin_func(void *hook_args) +{ + hook_fargs0_t *args = (hook_fargs0_t *)hook_args; + fp_hook_chain_t *chain = (fp_hook_chain_t *)args->chain; + return (void *)chain->hook.origin_fp; +} + static inline void hook_chain_install(hook_chain_t *chain) { hook_install(&chain->hook); diff --git a/kernel/include/hotpatch.h b/kernel/include/hotpatch.h new file mode 100644 index 0000000..3a418f4 --- /dev/null +++ b/kernel/include/hotpatch.h @@ -0,0 +1,13 @@ +/* SPDX-License-Identifier: GPL-2.0-or-later */ +/* + * Copyright (C) 2024 bmax121. All Rights Reserved. + */ + +#ifndef _KP_HOTPATCH_H_ +#define _KP_HOTPATCH_H_ + +#include + +int kp_insn_patch_text(void *addrs[], uint32_t insn[], int cnt); + +#endif \ No newline at end of file diff --git a/kernel/include/kallsyms.h b/kernel/include/kallsyms.h index 7e75e67..049da1a 100644 --- a/kernel/include/kallsyms.h +++ b/kernel/include/kallsyms.h @@ -7,7 +7,5 @@ struct module; extern int (*kallsyms_on_each_symbol)(int (*fn)(void *, const char *, struct module *, unsigned long), void *data); extern unsigned long (*kallsyms_lookup_name)(const char *name); -extern int (*lookup_symbol_attrs)(unsigned long addr, unsigned long *size, unsigned long *offset, char *modname, - char *name); #endif \ No newline at end of file diff --git a/kernel/include/predata.h b/kernel/include/predata.h index 66e60ec..1568393 100644 --- a/kernel/include/predata.h +++ b/kernel/include/predata.h @@ -9,14 +9,15 @@ #include #include +extern struct patch_config *patch_config; +extern setup_header_t *setup_header; + int auth_superkey(const char *key); void reset_superkey(const char *key); -void enable_auth_root_key(int skip_hash); +void enable_auth_root_key(bool enable); const char *get_superkey(); - +const char *get_build_time(); uint64_t rand_next(); -uint64_t get_build_config(); -struct patch_symbol *get_preset_patch_sym(); int on_each_extra_item(int (*callback)(const patch_extra_item_t *extra, const char *arg, const void *data, void *udata), void *udata); diff --git a/kernel/include/preset.h b/kernel/include/preset.h index af5921f..6f9b601 100644 --- a/kernel/include/preset.h +++ b/kernel/include/preset.h @@ -20,7 +20,7 @@ #define COMPILE_TIME_LEN 0x18 #define MAP_MAX_SIZE 0xa00 #define HOOK_ALLOC_SIZE (1 << 20) -#define MEMORY_ROX_SIZE (2 << 20) +#define MEMORY_ROX_SIZE (4 << 20) #define MEMORY_RW_SIZE (2 << 20) #define MAP_ALIGN 0x10 @@ -30,7 +30,7 @@ #define MAP_SYMBOL_NUM (5) #define MAP_SYMBOL_SIZE (MAP_SYMBOL_NUM * 8) -#define PATCH_SYMBOL_LEN (512) +#define PATCH_CONFIG_LEN (512) #define ADDITIONAL_LEN (512) @@ -98,7 +98,12 @@ _Static_assert(sizeof(map_symbol_t) == MAP_SYMBOL_SIZE, "sizeof map_symbol_t mis #endif #ifndef __ASSEMBLY__ -struct patch_symbol + +#define PATCH_CONFIG_SU_ENABLE 0x1 +#define PATCH_CONFIG_SU_HOOK_NO_WRAP 0x2 +#define PATCH_CONFIG_SU_ENABLE32 0x2 + +struct patch_config { union { @@ -106,7 +111,6 @@ struct patch_symbol { uint64_t kallsyms_lookup_name; uint64_t printk; - uint64_t vm_area_add_early; uint64_t panic; uint64_t rest_init; @@ -117,24 +121,17 @@ struct patch_symbol uint64_t __cfi_slowpath; uint64_t copy_process; uint64_t cgroup_post_fork; - uint64_t do_execveat_common; - uint64_t __do_execve_file; - uint64_t do_execve_common; - uint64_t do_faccessat; - uint64_t sys_faccessat; - uint64_t sys_faccessat2; - uint64_t sys_newfstatat; - uint64_t vfs_statx; - uint64_t vfs_fstatat; uint64_t avc_denied; uint64_t slow_avc_audit; uint64_t input_handle_event; + + uint8_t patch_su_config; }; - char _cap[PATCH_SYMBOL_LEN]; + char _cap[PATCH_CONFIG_LEN]; }; }; -typedef struct patch_symbol patch_symbol_t; -_Static_assert(sizeof(patch_symbol_t) == PATCH_SYMBOL_LEN, "sizeof patch_symbol_t mismatch"); +typedef struct patch_config patch_config_t; +_Static_assert(sizeof(patch_config_t) == PATCH_CONFIG_LEN, "sizeof patch_config_t mismatch"); #endif #ifndef __ASSEMBLY__ @@ -220,7 +217,7 @@ typedef struct map_symbol_t map_symbol; uint8_t header_backup[HDR_BACKUP_SIZE]; uint8_t superkey[SUPER_KEY_LEN]; - patch_symbol_t patch_symbol; + patch_config_t patch_config; char additional[ADDITIONAL_LEN]; } setup_preset_be_000a04_t; @@ -245,7 +242,7 @@ typedef struct _setup_preset_t uint8_t superkey[SUPER_KEY_LEN]; uint8_t root_superkey[ROOT_SUPER_KEY_HASH_LEN]; uint8_t __[SETUP_PRESERVE_LEN]; - patch_symbol_t patch_symbol; + patch_config_t patch_config; char additional[ADDITIONAL_LEN]; } setup_preset_t; #else @@ -266,8 +263,8 @@ typedef struct _setup_preset_t #define setup_header_backup_offset (setup_map_symbol_offset + MAP_SYMBOL_SIZE) #define setup_superkey_offset (setup_header_backup_offset + HDR_BACKUP_SIZE) #define setup_root_superkey_offset (setup_superkey_offset + SUPER_KEY_LEN) -#define setup_patch_symbol_offset (setup_root_superkey_offset + ROOT_SUPER_KEY_HASH_LEN + SETUP_PRESERVE_LEN) -#define setup_end (setup_patch_symbol_offset + PATCH_SYMBOL_LEN) +#define setup_patch_config_offset (setup_root_superkey_offset + ROOT_SUPER_KEY_HASH_LEN + SETUP_PRESERVE_LEN) +#define setup_end (setup_patch_config_offset + PATCH_CONFIG_LEN) #endif #ifndef __ASSEMBLY__ diff --git a/kernel/include/stdbool.h b/kernel/include/stdbool.h index 488efdb..f66cbbb 100644 --- a/kernel/include/stdbool.h +++ b/kernel/include/stdbool.h @@ -1,8 +1,12 @@ #ifndef _KP_STDBOOL_H_ #define _KP_STDBOOL_H_ -typedef unsigned char bool; -#define true ((bool)1) -#define false ((bool)0) +#ifndef __bool_true_false_are_defined + +#define bool _Bool +#define true 1 +#define false 0 + +#endif #endif \ No newline at end of file diff --git a/kernel/include/symbol.h b/kernel/include/symbol.h index 14a487f..c9e620c 100644 --- a/kernel/include/symbol.h +++ b/kernel/include/symbol.h @@ -22,8 +22,14 @@ typedef struct #define KP_EXPORT_SYMBOL(sym) _KP_EXPORT_SYMBOL(sym) +extern unsigned long link_base_addr; +extern unsigned long runtime_base_addr; + unsigned long symbol_lookup_name(const char *name); -int symbol_init(); +static inline unsigned long link2runtime(unsigned long addr) +{ + return addr - link_base_addr + runtime_base_addr; +} #endif \ No newline at end of file diff --git a/kernel/include/tlsf.h b/kernel/include/tlsf.h index 25f34ca..e13876a 100644 --- a/kernel/include/tlsf.h +++ b/kernel/include/tlsf.h @@ -1,87 +1,87 @@ -#ifndef INCLUDED_tlsf -#define INCLUDED_tlsf - -/* -** Two Level Segregated Fit memory allocator, version 3.1. -** Written by Matthew Conte -** http://tlsf.baisoku.org -** -** Based on the original documentation by Miguel Masmano: -** http://www.gii.upv.es/tlsf/main/docs -** -** This implementation was written to the specification -** of the document, therefore no GPL restrictions apply. -** -** Copyright (c) 2006-2016, Matthew Conte -** All rights reserved. -** -** Redistribution and use in source and binary forms, with or without -** modification, are permitted provided that the following conditions are met: -** * Redistributions of source code must retain the above copyright -** notice, this list of conditions and the following disclaimer. -** * Redistributions in binary form must reproduce the above copyright -** notice, this list of conditions and the following disclaimer in the -** documentation and/or other materials provided with the distribution. -** * Neither the name of the copyright holder nor the -** names of its contributors may be used to endorse or promote products -** derived from this software without specific prior written permission. -** -** THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND -** ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED -** WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE -** DISCLAIMED. IN NO EVENT SHALL MATTHEW CONTE BE LIABLE FOR ANY -** DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES -** (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; -** LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND -** ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT -** (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS -** SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. -*/ - -/* -from: -https://github.com/mattconte/tlsf -*/ - -#include -#include - -/* tlsf_t: a TLSF structure. Can contain 1 to N pools. */ -/* pool_t: a block of memory that TLSF can manage. */ -typedef void *tlsf_t; -typedef void *pool_t; - -/* Create/destroy a memory pool. */ -tlsf_t tlsf_create(void *mem); -tlsf_t tlsf_create_with_pool(void *mem, size_t bytes); -void tlsf_destroy(tlsf_t tlsf); -pool_t tlsf_get_pool(tlsf_t tlsf); - -/* Add/remove memory pools. */ -pool_t tlsf_add_pool(tlsf_t tlsf, void *mem, size_t bytes); -void tlsf_remove_pool(tlsf_t tlsf, pool_t pool); - -/* malloc/memalign/realloc/free replacements. */ -void *tlsf_malloc(tlsf_t tlsf, size_t bytes); -void *tlsf_memalign(tlsf_t tlsf, size_t align, size_t bytes); -void *tlsf_realloc(tlsf_t tlsf, void *ptr, size_t size); -void tlsf_free(tlsf_t tlsf, void *ptr); - -/* Returns internal block size, not original request size */ -size_t tlsf_block_size(void *ptr); - -/* Overheads/limits of internal structures. */ -size_t tlsf_size(void); -size_t tlsf_align_size(void); -size_t tlsf_block_size_min(void); -size_t tlsf_block_size_max(void); -size_t tlsf_pool_overhead(void); -size_t tlsf_alloc_overhead(void); - -typedef void (*tlsf_walker)(void *ptr, size_t size, int used, void *user); -void tlsf_walk_pool(pool_t pool, tlsf_walker walker, void *user); -/* Returns nonzero if any internal consistency check fails. */ -int tlsf_check(tlsf_t tlsf); -int tlsf_check_pool(pool_t pool); - +#ifndef INCLUDED_tlsf +#define INCLUDED_tlsf + +/* +** Two Level Segregated Fit memory allocator, version 3.1. +** Written by Matthew Conte +** http://tlsf.baisoku.org +** +** Based on the original documentation by Miguel Masmano: +** http://www.gii.upv.es/tlsf/main/docs +** +** This implementation was written to the specification +** of the document, therefore no GPL restrictions apply. +** +** Copyright (c) 2006-2016, Matthew Conte +** All rights reserved. +** +** Redistribution and use in source and binary forms, with or without +** modification, are permitted provided that the following conditions are met: +** * Redistributions of source code must retain the above copyright +** notice, this list of conditions and the following disclaimer. +** * Redistributions in binary form must reproduce the above copyright +** notice, this list of conditions and the following disclaimer in the +** documentation and/or other materials provided with the distribution. +** * Neither the name of the copyright holder nor the +** names of its contributors may be used to endorse or promote products +** derived from this software without specific prior written permission. +** +** THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND +** ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED +** WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE +** DISCLAIMED. IN NO EVENT SHALL MATTHEW CONTE BE LIABLE FOR ANY +** DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES +** (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; +** LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND +** ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT +** (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS +** SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. +*/ + +/* +from: +https://github.com/mattconte/tlsf +*/ + +#include +#include + +/* tlsf_t: a TLSF structure. Can contain 1 to N pools. */ +/* pool_t: a block of memory that TLSF can manage. */ +typedef void *tlsf_t; +typedef void *pool_t; + +/* Create/destroy a memory pool. */ +tlsf_t tlsf_create(void *mem); +tlsf_t tlsf_create_with_pool(void *mem, size_t bytes); +void tlsf_destroy(tlsf_t tlsf); +pool_t tlsf_get_pool(tlsf_t tlsf); + +/* Add/remove memory pools. */ +pool_t tlsf_add_pool(tlsf_t tlsf, void *mem, size_t bytes); +void tlsf_remove_pool(tlsf_t tlsf, pool_t pool); + +/* malloc/memalign/realloc/free replacements. */ +void *tlsf_malloc(tlsf_t tlsf, size_t bytes); +void *tlsf_memalign(tlsf_t tlsf, size_t align, size_t bytes); +void *tlsf_realloc(tlsf_t tlsf, void *ptr, size_t size); +void tlsf_free(tlsf_t tlsf, void *ptr); + +/* Returns internal block size, not original request size */ +size_t tlsf_block_size(void *ptr); + +/* Overheads/limits of internal structures. */ +size_t tlsf_size(void); +size_t tlsf_align_size(void); +size_t tlsf_block_size_min(void); +size_t tlsf_block_size_max(void); +size_t tlsf_pool_overhead(void); +size_t tlsf_alloc_overhead(void); + +typedef void (*tlsf_walker)(void *ptr, size_t size, int used, void *user); +void tlsf_walk_pool(pool_t pool, tlsf_walker walker, void *user); +/* Returns nonzero if any internal consistency check fails. */ +int tlsf_check(tlsf_t tlsf); +int tlsf_check_pool(pool_t pool); + #endif \ No newline at end of file diff --git a/kernel/kpm/include/kpm_hook_utils.h b/kernel/kpm/include/kpm_hook_utils.h index 7c88fce..7b75aa6 100644 --- a/kernel/kpm/include/kpm_hook_utils.h +++ b/kernel/kpm/include/kpm_hook_utils.h @@ -19,7 +19,7 @@ hook_original_def(func); \ hook_backup_def(func); \ hook_replace_func_include(func, retType, __VA_ARGS__); \ - static hook_err_t hook_##func##_err = HOOK_NOT_HOOK; + static hook_err_t hook_##func##_err = HOOK_DUPLICATED; #define find_and_hook_func_with(func, original, replace, backup, tag) \ static inline bool hook_##func() \ diff --git a/kernel/linux/arch/arm64/include/asm/processor.h b/kernel/linux/arch/arm64/include/asm/processor.h index ca39a61..79dad53 100644 --- a/kernel/linux/arch/arm64/include/asm/processor.h +++ b/kernel/linux/arch/arm64/include/asm/processor.h @@ -17,8 +17,6 @@ // #define THREAD_START_SP (THREAD_SIZE - 16) // #define task_pt_regs(p) ((struct pt_regs *)(THREAD_START_SP + task_stack_page(p)) - 1) -// implemented in utils - extern int16_t pt_regs_offset; struct pt_regs *_task_pt_reg(struct task_struct *task); diff --git a/kernel/linux/include/linux/cred.h b/kernel/linux/include/linux/cred.h index b425a0e..b36d5f7 100644 --- a/kernel/linux/include/linux/cred.h +++ b/kernel/linux/include/linux/cred.h @@ -97,113 +97,82 @@ extern bool kfunc_def(creds_are_invalid)(const struct cred *cred); static inline void __put_cred(struct cred *cred) { - kfunc_call(__put_cred, cred); - kfunc_not_found(); + kfunc_direct_call(__put_cred, cred); } + static inline void exit_creds(struct task_struct *task) { - kfunc_call(exit_creds, task); - kfunc_not_found(); + kfunc_direct_call_void(exit_creds, task); } + static inline int copy_creds(struct task_struct *p, unsigned long clone_flags) { - kfunc_call(copy_creds, p, clone_flags); - kfunc_not_found(); - return 0; + kfunc_direct_call(copy_creds, p, clone_flags); } + static inline const struct cred *get_task_cred(struct task_struct *task) { - kfunc_call(get_task_cred, task); - kfunc_not_found(); - return 0; + kfunc_direct_call(get_task_cred, task); } + static inline struct cred *cred_alloc_blank(void) { - kfunc_call(cred_alloc_blank); - kfunc_not_found(); - return 0; + kfunc_direct_call(cred_alloc_blank); } + static inline struct cred *prepare_creds(void) { - kfunc_call(prepare_creds); - kfunc_not_found(); - return 0; + kfunc_direct_call(prepare_creds); } + static inline struct cred *prepare_exec_creds(void) { - kfunc_call(prepare_exec_creds); - kfunc_not_found(); - return 0; + kfunc_direct_call(prepare_exec_creds); } + static inline int commit_creds(struct cred *new) { - kfunc_call(commit_creds, new); - kfunc_not_found(); - return 0; + kfunc_direct_call(commit_creds, new); } + static inline void abort_creds(struct cred *new) { - kfunc_call(abort_creds, new); - kfunc_not_found(); + kfunc_direct_call_void(abort_creds, new); } + static inline const struct cred *override_creds(const struct cred *new) { - kfunc_call(override_creds, new); - kfunc_not_found(); - return 0; + kfunc_direct_call(override_creds, new); } + static inline void revert_creds(const struct cred *old) { - kfunc_call(revert_creds, old); - kfunc_not_found(); + kfunc_direct_call(revert_creds, old); } + static inline struct cred *prepare_kernel_cred(struct task_struct *daemon) { - kfunc_call(prepare_kernel_cred, daemon); - kfunc_not_found(); - return 0; -} -static inline int change_create_files_as(struct cred *cred, struct inode *inode) -{ - kfunc_call(change_create_files_as, cred, inode); - kfunc_not_found(); - return 0; + kfunc_direct_call(prepare_kernel_cred, daemon); } + static inline int set_security_override(struct cred *new, u32 secid) { - kfunc_call(set_security_override, new, secid); - kfunc_not_found(); - return 0; + kfunc_direct_call(set_security_override, new, secid); } + static inline int set_security_override_from_ctx(struct cred *new, const char *secctx) { - kfunc_call(set_security_override_from_ctx, new, secctx); - kfunc_not_found(); - return 0; -} -static inline int set_create_files_as(struct cred *new, struct inode *inode) -{ - kfunc_call(set_create_files_as, new, inode); - kfunc_not_found(); - return 0; + kfunc_direct_call(set_security_override_from_ctx, new, secctx); } + static inline int cred_fscmp(const struct cred *a, const struct cred *b) { - kfunc_call(cred_fscmp, a, b); - kfunc_not_found(); - return 0; -} -static inline void cred_init(void) -{ - kfunc_call(cred_init); - kfunc_not_found(); + kfunc_direct_call(cred_fscmp, a, b); } static inline bool creds_are_invalid(const struct cred *cred) { - kfunc_call(creds_are_invalid, cred); - kfunc_not_found(); - return 0; + kfunc_direct_call(creds_are_invalid, cred); } #endif diff --git a/kernel/linux/include/linux/err.h b/kernel/linux/include/linux/err.h index df1ea59..9f50c92 100644 --- a/kernel/linux/include/linux/err.h +++ b/kernel/linux/include/linux/err.h @@ -18,11 +18,16 @@ static inline long __must_check PTR_ERR(__force const void *ptr) return (long)ptr; } -static inline int __must_check IS_ERR(__force const void *ptr) +static inline bool __must_check IS_ERR(__force const void *ptr) { return IS_ERR_VALUE((unsigned long)ptr); } +static inline bool __must_check IS_ERR_OR_NULL(__force const void *ptr) +{ + return unlikely(!ptr) || IS_ERR_VALUE((unsigned long)ptr); +} + static inline int __must_check PTR_ERR_OR_ZERO(__force const void *ptr) { if (IS_ERR(ptr)) diff --git a/kernel/linux/include/linux/fs.h b/kernel/linux/include/linux/fs.h index 799980a..896915f 100644 --- a/kernel/linux/include/linux/fs.h +++ b/kernel/linux/include/linux/fs.h @@ -359,7 +359,6 @@ static inline loff_t vfs_llseek(struct file *file, loff_t offset, int whence) static inline void putname(struct filename *name) { - // logkd("aaaaaaaaaaa %llx\n", kfunc(putname)); kfunc_direct_call_void(putname, name); // kfunc_direct_call_void(final_putname, name); } diff --git a/kernel/linux/include/linux/security.h b/kernel/linux/include/linux/security.h index 51922cd..18f3eb4 100644 --- a/kernel/linux/include/linux/security.h +++ b/kernel/linux/include/linux/security.h @@ -624,8 +624,6 @@ static inline int cap_vm_enough_memory(struct mm_struct *mm, long pages) return 0; } -// - static inline void security_task_getsecid(struct task_struct *task, u32 *secid) { kfunc_call(security_task_getsecid, task, secid); @@ -633,19 +631,14 @@ static inline void security_task_getsecid(struct task_struct *task, u32 *secid) kfunc_not_found(); } -// When we are uncertain whether secctx exists or is correct, we cannot rely on security_secctx_to_secid; otherwise, secid might be set to an unexpected value. static inline int security_secctx_to_secid(const char *secdata, u32 seclen, u32 *secid) { - kfunc_call(security_secctx_to_secid, secdata, seclen, secid); - kfunc_not_found(); - return 0; + kfunc_direct_call(security_secctx_to_secid, secdata, seclen, secid); } static inline int security_secid_to_secctx(u32 secid, char **secdata, u32 *seclen) { - kfunc_call(security_secid_to_secctx, secid, secdata, seclen); - kfunc_not_found(); - return 0; + kfunc_direct_call(security_secid_to_secctx, secid, secdata, seclen); } static inline void security_release_secctx(char *secdata, u32 seclen) diff --git a/kernel/linux/include/linux/string.h b/kernel/linux/include/linux/string.h index c52930b..1404d35 100644 --- a/kernel/linux/include/linux/string.h +++ b/kernel/linux/include/linux/string.h @@ -6,11 +6,15 @@ #include #include +extern char *kfunc_def(strndup_user)(const char __user *, long); +extern void *kfunc_def(memdup_user)(const void __user *, size_t); +extern void *kfunc_def(vmemdup_user)(const void __user *, size_t); +extern void *kfunc_def(memdup_user_nul)(const void __user *, size_t); + extern void kfunc_def(kfree_const)(const void *x); extern char *kfunc_def(kstrdup)(const char *s, gfp_t gfp); extern const char *kfunc_def(kstrdup_const)(const char *s, gfp_t gfp); extern char *kfunc_def(kstrndup)(const char *s, size_t len, gfp_t gfp); -extern void *kfunc_def(memdup_user)(const void __user *src, size_t len); extern void *kfunc_def(kmemdup)(const void *src, size_t len, gfp_t gfp); extern char *kfunc_def(kmemdup_nul)(const char *s, size_t len, gfp_t gfp); extern char **kfunc_def(argv_split)(gfp_t gfp, const char *str, int *argcp); @@ -62,6 +66,9 @@ extern void *kfunc_def(memchr_inv)(const void *start, int c, size_t bytes); extern char *kfunc_def(strreplace)(char *s, char old, char new); extern void kfunc_def(fortify_panic)(const char *name); +extern int kfunc_def(kstrtoull)(const char *s, unsigned int base, unsigned long long *res); +extern int kfunc_def(kstrtoll)(const char *s, unsigned int base, long long *res); + static inline void kfree_const(const void *x) { kfunc_direct_call(kfree_const, x); @@ -92,6 +99,11 @@ static inline char *kmemdup_nul(const char *s, size_t len, gfp_t gfp) kfunc_direct_call(kmemdup_nul, s, len, gfp); } +static inline char *strndup_user(const void __user *s, long len) +{ + kfunc_direct_call(strndup_user, s, len); +} + static inline void *memdup_user(const void __user *src, size_t len) { kfunc_direct_call(memdup_user, src, len); @@ -332,4 +344,14 @@ static inline void fortify_panic(const char *name) kfunc_direct_call(fortify_panic, name); } +static inline int __must_check kstrtoull(const char *s, unsigned int base, unsigned long long *res) +{ + kfunc_direct_call(kstrtoull, s, base, res); +} + +static inline int __must_check kstrtoll(const char *s, unsigned int base, long long *res) +{ + kfunc_direct_call(kstrtoll, s, base, res); +} + #endif \ No newline at end of file diff --git a/kernel/linux/include/linux/uaccess.h b/kernel/linux/include/linux/uaccess.h index 4400e03..22230db 100644 --- a/kernel/linux/include/linux/uaccess.h +++ b/kernel/linux/include/linux/uaccess.h @@ -60,6 +60,4 @@ extern long kfunc_def(strnlen_user_nofault)(const void __user *unsafe_addr, long extern long kfunc_def(strnlen_unsafe_user)(const void __user *unsafe_addr, long count); extern long kfunc_def(strnlen_user)(const char __user *str, long n); -long compat_strncpy_from_user(char *dest, const char __user *src, long count); - #endif \ No newline at end of file diff --git a/kernel/patch/include/accctl.h b/kernel/patch/include/accctl.h index 8e6960a..829fe53 100644 --- a/kernel/patch/include/accctl.h +++ b/kernel/patch/include/accctl.h @@ -11,26 +11,30 @@ #include #include #include +#include +#include +#include -int set_priv_selinx_allow(struct task_struct *task, int val); -int commit_kernel_cred(); +extern char all_allow_sctx[SUPERCALL_SCONTEXT_LEN]; +extern uint32_t all_allow_sid; + +int set_all_allow_sctx(const char *sctx); +int commit_kernel_su(); +int commit_common_su(uid_t to_uid, const char *sctx); int commit_su(uid_t uid, const char *sctx); int task_su(pid_t pid, uid_t to_uid, const char *sctx); -int selinux_hook_install(); -int supercall_install(); - -#ifdef ANDROID -int kpuserd_init(); -int su_compat_init(); -int su_add_allow_uid(uid_t uid, struct su_profile *profile, int async); -int su_remove_allow_uid(uid_t uid, int async); -int su_allow_uid_nums(); -int su_allow_uids(uid_t *__user uuids, int unum); -int su_allow_uid_profile(uid_t uid, struct su_profile *__user uprofile); -int su_reset_path(const char *path); -int su_get_path(char *__user ubuf, int buf_len); -long supercall_android(long cmd, long arg1, long arg2, long arg3); -#endif +/** + * @brief Whether to make the current task bypass all selinux permission checks. + * + * @param task + * @param val + */ +static inline void set_priv_sel_allow(struct task_struct *task, bool val) +{ + struct task_ext *ext = get_task_ext(task); + ext->priv_sel_allow = val; + dsb(ish); +} #endif \ No newline at end of file diff --git a/kernel/patch/include/hotpatch.h b/kernel/patch/include/hotpatch.h index 983d72d..48c405a 100644 --- a/kernel/patch/include/hotpatch.h +++ b/kernel/patch/include/hotpatch.h @@ -8,6 +8,4 @@ #include -int patch_verify_safety(); - #endif \ No newline at end of file diff --git a/kernel/patch/include/kputils.h b/kernel/patch/include/kputils.h index 9e847ef..9329fce 100644 --- a/kernel/patch/include/kputils.h +++ b/kernel/patch/include/kputils.h @@ -10,11 +10,10 @@ #include int __must_check compat_copy_to_user(void __user *to, const void *from, int n); - +long compat_strncpy_from_user(char *dest, const char __user *src, long count); void *__user copy_to_user_stack(const void *data, int len); - uint64_t get_random_u64(void); void print_bootlog(); -#endif \ No newline at end of file +#endif diff --git a/kernel/patch/include/kstorage.h b/kernel/patch/include/kstorage.h new file mode 100644 index 0000000..fca8c68 --- /dev/null +++ b/kernel/patch/include/kstorage.h @@ -0,0 +1,42 @@ +/* SPDX-License-Identifier: GPL-2.0-or-later */ +/* + * Copyright (C) 2024 bmax121. All Rights Reserved. + */ + +#ifndef _KP_KSTORAGE_H_ +#define _KP_KSTORAGE_H_ + +#include +#include +#include + +struct kstorage +{ + struct list_head list; + struct rcu_head rcu; + + int gid; + long did; + int dlen; + char data[0]; +}; + +int try_alloc_kstroage_group(); + +int kstorage_group_size(int gid); + +int write_kstorage(int gid, long did, void *data, int offset, int len, bool data_is_user); + +/// must within rcu read lock +const struct kstorage *get_kstorage(int gid, long did); + +typedef int (*on_kstorage_cb)(struct kstorage *kstorage, void *udata); +int on_each_kstorage_elem(int gid, on_kstorage_cb cb, void *udata); + +int read_kstorage(int gid, long did, void *data, int offset, int len, bool data_is_user); + +int list_kstorage_ids(int gid, long *ids, int idslen, bool data_is_user); + +int remove_kstorage(int gid, long did); + +#endif \ No newline at end of file diff --git a/kernel/patch/include/module.h b/kernel/patch/include/module.h index dff4146..08e8755 100644 --- a/kernel/patch/include/module.h +++ b/kernel/patch/include/module.h @@ -62,6 +62,4 @@ int get_module_nums(); int list_modules(char *out_names, int size); int get_module_info(const char *name, char *out_info, int size); -int module_init(); - #endif \ No newline at end of file diff --git a/kernel/patch/include/pidmem.h b/kernel/patch/include/pidmem.h index 5cb10c2..e9761f1 100644 --- a/kernel/patch/include/pidmem.h +++ b/kernel/patch/include/pidmem.h @@ -8,7 +8,7 @@ #include -phys_addr_t pid_virt_to_phys(pid_t pid, uintptr_t vaddr); +// phys_addr_t pid_virt_to_phys(pid_t pid, uintptr_t vaddr); // void *pid_map_mem(pid_t pid, void *mem, size_t size, ) diff --git a/kernel/patch/include/sepolicy_flags.h b/kernel/patch/include/sepolicy_flags.h new file mode 100644 index 0000000..4a6b921 --- /dev/null +++ b/kernel/patch/include/sepolicy_flags.h @@ -0,0 +1,40 @@ +/* SPDX-License-Identifier: GPL-2.0-or-later */ +/* + * Copyright (C) 2024 1f2003d5. All Rights Reserved. + * Copyright (C) 2024 sekaiacg. All Rights Reserved. + */ + +#ifndef _KP_SEPOLICY_FLAGS_H_ +#define _KP_SEPOLICY_FLAGS_H_ + +#include + +#define SELINUX_MAGIC 0xf97cff8c +#define POLICYDB_MAGIC SELINUX_MAGIC +#define POLICYDB_STRING "SE Linux" + +#define POLICYDB_CONFIG_MLS 1 +#define POLICYDB_CONFIG_ANDROID_NETLINK_ROUTE (1 << 31) +#define POLICYDB_CONFIG_ANDROID_NETLINK_GETNEIGH (1 << 30) + +/* + * config offset: + * __le32(POLICYDB_MAGIC) + __le32(POLICYDB_STRING_LEN) + + * char[POLICYDB_STRING_LEN] + __le32(policyvers) + */ +#define POLICYDB_CONFIG_OFFSET (2 * sizeof(__le32) + strlen(POLICYDB_STRING) + sizeof(__le32)) + +struct _policy_file +{ + char *data; + size_t len; +}; + +struct _policydb +{ + int mls_enabled; + int android_netlink_route; + int android_netlink_getneigh; +}; + +#endif \ No newline at end of file diff --git a/kernel/patch/include/sucompat.h b/kernel/patch/include/sucompat.h index f227787..f09a95e 100644 --- a/kernel/patch/include/sucompat.h +++ b/kernel/patch/include/sucompat.h @@ -8,6 +8,12 @@ #include #include +#include + +extern const char sh_path[]; +extern const char default_su_path[]; +extern const char legacy_su_path[]; +extern const char apd_path[]; struct allow_uid { @@ -17,7 +23,17 @@ struct allow_uid struct rcu_head rcu; }; -struct su_profile profile_su_allow_uid(uid_t uid); int is_su_allow_uid(uid_t uid); +int su_add_allow_uid(uid_t uid, uid_t to_uid, const char *scontext); +int su_remove_allow_uid(uid_t uid); +int su_allow_uid_nums(); +int su_allow_uids(int is_user, uid_t *out_uids, int out_num); +int su_allow_uid_profile(int is_user, uid_t uid, struct su_profile *profile); +int su_reset_path(const char *path); +const char *su_get_path(); + +int get_ap_mod_exclude(uid_t uid); +int set_ap_mod_exclude(uid_t uid, int exclude); +int list_ap_mod_exclude(uid_t *uids, int len); #endif diff --git a/kernel/patch/include/syscall.h b/kernel/patch/include/syscall.h index af024ea..a20bfc7 100644 --- a/kernel/patch/include/syscall.h +++ b/kernel/patch/include/syscall.h @@ -12,11 +12,21 @@ #include #include -extern uintptr_t *sys_call_table; -extern uintptr_t *compat_sys_call_table; extern int has_syscall_wrapper; +extern struct +{ + const char *name; + uintptr_t addr; +} syscall_name_table[460]; + +extern struct +{ + const char *name; + uintptr_t addr; +} compat_syscall_name_table[460]; const char __user *get_user_arg_ptr(void *a0, void *a1, int nr); + int set_user_arg_ptr(void *a0, void *a1, int nr, uintptr_t val); long raw_syscall0(long nr); @@ -29,6 +39,10 @@ long raw_syscall6(long nr, long arg0, long arg1, long arg2, long arg3, long arg4 #define raw_syscall(f) raw_syscall##f +uintptr_t syscalln_name_addr(int nr, int is_compat); + +uintptr_t syscalln_addr(int nr, int is_compat); + static inline uint64_t *syscall_args(void *hook_fargs) { uint64_t *args; @@ -56,67 +70,100 @@ static inline void *syscall_argn_p(void *fdata_args, int n) return syscall_args(fdata_args) + n; } +/** + * @brief + * + * @param nr + * @param narg + * @param is_compat + * @param before + * @param after + * @param udata + * @return hook_err_t + */ +hook_err_t fp_wrap_syscalln(int nr, int narg, int is_compat, void *before, void *after, void *udata); + +/** + * @brief + * + * @param nr + * @param is_compat + * @param before + * @param after + */ +void fp_unwrap_syscalln(int nr, int is_compat, void *before, void *after); + static inline hook_err_t fp_hook_syscalln(int nr, int narg, void *before, void *after, void *udata) { - uintptr_t fp_addr = (uintptr_t)(sys_call_table + nr); - if (has_syscall_wrapper) narg = 1; - return fp_hook_wrap(fp_addr, narg, before, after, udata); + return fp_wrap_syscalln(nr, narg, 0, before, after, udata); } -static inline void fp_unhook_syscall(int nr, void *before, void *after) +static inline void fp_unhook_syscalln(int nr, void *before, void *after) { - uintptr_t fp_addr = (uintptr_t)(sys_call_table + nr); - fp_hook_unwrap(fp_addr, before, after); + return fp_unwrap_syscalln(nr, 0, before, after); } static inline hook_err_t fp_hook_compat_syscalln(int nr, int narg, void *before, void *after, void *udata) { - if (!compat_sys_call_table) return HOOK_BAD_ADDRESS; - uintptr_t fp_addr = (uintptr_t)(compat_sys_call_table + nr); - if (has_syscall_wrapper) narg = 1; - return fp_hook_wrap(fp_addr, narg, before, after, udata); + return fp_wrap_syscalln(nr, narg, 1, before, after, udata); } -static inline void fp_unhook_compat_syscall(int nr, void *before, void *after) +static inline void fp_unhook_compat_syscalln(int nr, void *before, void *after) { - if (!compat_sys_call_table) return; - uintptr_t fp_addr = (uintptr_t)(compat_sys_call_table + nr); - fp_hook_unwrap(fp_addr, before, after); + return fp_unwrap_syscalln(nr, 1, before, after); } -/* -xxx.cfi_jt example: -hint #0x22 -b #0xfffffffffeb452f4 -*/ +/** + * @brief + * + * @param nr + * @param narg + * @param is_compat + * @param before + * @param after + * @param udata + * @return hook_err_t + */ +hook_err_t inline_wrap_syscalln(int nr, int narg, int is_compat, void *before, void *after, void *udata); + +/** + * @brief + * + * @param nr + * @param is_compat + * @param before + * @param after + */ +void inline_unwrap_syscalln(int nr, int is_compat, void *before, void *after); + static inline hook_err_t inline_hook_syscalln(int nr, int narg, void *before, void *after, void *udata) { - uintptr_t fp = sys_call_table[nr]; - if (has_syscall_wrapper) narg = 1; - return hook_wrap((void *)fp, narg, before, after, udata); + return inline_wrap_syscalln(nr, narg, 0, before, after, udata); } -static inline void inline_unhook_syscall(int nr, void *before, void *after) +static inline void inline_unhook_syscalln(int nr, void *before, void *after) { - uintptr_t fp = sys_call_table[nr]; - hook_unwrap((void *)fp, before, after); + inline_unwrap_syscalln(nr, 0, before, after); } static inline hook_err_t inline_hook_compat_syscalln(int nr, int narg, void *before, void *after, void *udata) { - if (!compat_sys_call_table) return HOOK_BAD_ADDRESS; - uintptr_t fp = compat_sys_call_table[nr]; - if (has_syscall_wrapper) narg = 1; - return hook_wrap((void *)fp, narg, before, after, udata); + return inline_wrap_syscalln(nr, narg, 1, before, after, udata); } -static inline void inline_unhook_compat_syscall(int nr, void *before, void *after) +static inline void inline_unhook_compat_syscalln(int nr, void *before, void *after) { - if (!compat_sys_call_table) return; - uintptr_t fp = compat_sys_call_table[nr]; - hook_unwrap((void *)fp, before, after); + inline_unwrap_syscalln(nr, 0, before, after); } -int syscall_init(); +// + +hook_err_t hook_syscalln(int nr, int narg, void *before, void *after, void *udata); + +void unhook_syscalln(int nr, void *before, void *after); + +hook_err_t hook_compat_syscalln(int nr, int narg, void *before, void *after, void *udata); + +void unhook_compat_syscalln(int nr, void *before, void *after); #endif \ No newline at end of file diff --git a/kernel/patch/include/taskext.h b/kernel/patch/include/taskext.h index 901a0e0..06240e2 100644 --- a/kernel/patch/include/taskext.h +++ b/kernel/patch/include/taskext.h @@ -9,26 +9,91 @@ #include #include #include +#include +#include -#define TASK_EXT_MAGIC 0x1158115811581158 +#define TASK_EXT_MAGIC 0x11581158 +/// @brief the size of current struct task_ext, not included _magic +extern int task_ext_size; + +/** + * @brief An extension of task_struct, stored in the kernel thread stack, + * can be used to store task-local(thread-local) variables. + * This can be very useful if you need to pass thread-local variables across multiple hook points. + * + * Task-local variables can be dynamically expanded. + * @see reg_task_local + * @see has_task_local + * @see task_local_ptr + */ struct task_ext { // first + int size; pid_t pid; pid_t tgid; - int super; - int _; - int selinux_allow; - int priv_selinux_allow; - void *__; + bool root; + bool sel_allow; + bool priv_sel_allow; // last - uint64_t magic; + int _magic; }; -static inline int task_ext_valid(struct task_ext *ext) +/** + * @brief Is task_ext dirty, and is it available? + * + * @param ext + * @return int + */ +static inline bool task_ext_valid(struct task_ext *ext) +{ + return !IS_ERR(ext) && (*(int *)(ext->size + (uintptr_t)ext) == TASK_EXT_MAGIC); +} + +/** + * @brief Register a new task-local varilable + * + * @param size The size of task-local varilable + * @return The offset of of task-local varilable, + * This value is needed when access this task-local variable. + * + * @see has_task_local + * @see task_local_ptr + */ +static inline int reg_task_local(int size) +{ + int offset = task_ext_size; + task_ext_size += size; + return offset; +} + +/** + * @brief Is there a task-local variable regiseted? + * + * @param ext + * @param offset Return value of reg_task_local + * @return true + * @return false + * + * @see reg_task_local + */ +static inline bool has_task_local(struct task_ext *ext, int offset) +{ + return offset >= ext->size; +} + +/** + * @brief Access task-local varilable, + * + * @param offset Return value of reg_task_local + * @return void* Task-local varilable pointer + * + * @see reg_task_local + */ +static inline void *task_local_ptr(struct task_ext *ext, int offset) { - return ext && (ext->magic == TASK_EXT_MAGIC); + return (void *)((uintptr_t)ext + offset); } #endif diff --git a/kernel/patch/include/uapi/scdefs.h b/kernel/patch/include/uapi/scdefs.h index 1126c79..0cd22f0 100644 --- a/kernel/patch/include/uapi/scdefs.h +++ b/kernel/patch/include/uapi/scdefs.h @@ -23,6 +23,7 @@ static inline long hash_key(const char *key) #define SUPERCALL_HELLO 0x1000 #define SUPERCALL_KLOG 0x1004 +#define SUPERCALL_BUILD_TIME 0x1007 #define SUPERCALL_KERNELPATCH_VER 0x1008 #define SUPERCALL_KERNEL_VER 0x1009 @@ -41,12 +42,23 @@ static inline long hash_key(const char *key) #define SUPERCALL_KPM_LIST 0x1031 #define SUPERCALL_KPM_INFO 0x1032 -#define SUPERCALL_MEM_PHYS 0x1041 -#define SUPERCALL_MEM_KERNEL_PHYS 0x1042 -#define SUPERCALL_MEM_MAP_KERNEL 0x1048 -#define SUPERCALL_MEM_MAP_USER 0x1049 -#define SUPERCALL_MEM_PROT 0x1049 -#define SUPERCALL_MEM_CACHE_FLUSH 0x1049 +struct kernel_storage +{ + void *data; + int len; +}; + +#define SUPERCALL_KSTORAGE_ALLOC_GROUP 0x1040 +#define SUPERCALL_KSTORAGE_WRITE 0x1041 +#define SUPERCALL_KSTORAGE_READ 0x1042 +#define SUPERCALL_KSTORAGE_LIST_IDS 0x1043 +#define SUPERCALL_KSTORAGE_REMOVE 0x1044 +#define SUPERCALL_KSTORAGE_REMOVE_GROUP 0x1045 + +#define KSTORAGE_SU_LIST_GROUP 0 +#define KSTORAGE_EXCLUDE_LIST_GROUP 1 +#define KSTORAGE_UNUSED_GROUP_2 2 +#define KSTORAGE_UNUSED_GROUP_3 3 #define SUPERCALL_BOOTLOG 0x10fd #define SUPERCALL_PANIC 0x10fe @@ -63,39 +75,39 @@ struct su_profile }; #ifdef ANDROID - -#define ANDROID_SH_PATH "/system/bin/sh" -#define SU_PATH_MAX_LEN 128 - -#define ANDROID_SU_PATH "/system/bin/kp" -#define ANDROID_LEGACY_SU_PATH "/system/bin/su" -#define KPATCH_DATA_PATH "/data/adb/kpatch" -#define KPATCH_DEV_PATH "/dev/kpatch" -#define KPATCH_DEV_WORK_DIR "/dev/kp/" +#define SH_PATH "/system/bin/sh" +#define SU_PATH "/system/bin/kp" +#define LEGACY_SU_PATH "/system/bin/su" +#define ECHO_PATH "/system/bin/echo" #define KERNELPATCH_DATA_DIR "/data/adb/kp" #define KERNELPATCH_MODULE_DATA_DIR KERNELPATCH_DATA_DIR "/modules" #define APD_PATH "/data/adb/apd" +#define ALL_ALLOW_SCONTEXT "u:r:kp:s0" +#define ALL_ALLOW_SCONTEXT_MAGISK "u:r:magisk:s0" +#define ALL_ALLOW_SCONTEXT_KERNEL "u:r:kernel:s0" +#else +#define SH_PATH "/usr/bin/sh" +#define ECHO_PATH "/usr/bin/echo" +#define SU_PATH "/usr/bin/kp" +#define ALL_ALLOW_SCONTEXT "u:r:kernel:s0" +#endif + +#define SU_PATH_MAX_LEN 128 + #define SUPERCMD "/system/bin/truncate" -#define ADB_FLODER "/data/adb/" -#define APATCH_FLODER "/data/adb/ap/" -#define APATCH_BIN_FLODER APATCH_FLODER "bin/" -#define APATCH_LOG_FLODER APATCH_FLODER "log/" #define SAFE_MODE_FLAG_FILE "/dev/.safemode" -#define EARLY_INIT_LOG_0 "/dev/early_init_0.log" -#define EARLY_INIT_LOG_1 "/dev/early_init_1.log" - -#define ALL_ALLOW_SCONTEXT "u:r:magisk:s0" #define SUPERCALL_SU_GRANT_UID 0x1100 #define SUPERCALL_SU_REVOKE_UID 0x1101 #define SUPERCALL_SU_NUMS 0x1102 #define SUPERCALL_SU_LIST 0x1103 #define SUPERCALL_SU_PROFILE 0x1104 +#define SUPERCALL_SU_GET_ALLOW_SCTX 0x1105 +#define SUPERCALL_SU_SET_ALLOW_SCTX 0x1106 #define SUPERCALL_SU_GET_PATH 0x1110 #define SUPERCALL_SU_RESET_PATH 0x1111 - -#endif +#define SUPERCALL_SU_GET_SAFEMODE 0x1112 #define SUPERCALL_MAX 0x1200 diff --git a/kernel/patch/include/user_event.h b/kernel/patch/include/user_event.h new file mode 100644 index 0000000..c64f61b --- /dev/null +++ b/kernel/patch/include/user_event.h @@ -0,0 +1,11 @@ +/* SPDX-License-Identifier: GPL-2.0-or-later */ +/* + * Copyright (C) 2024 bmax121. All Rights Reserved. + */ + +#ifndef _KP_USER_EVENT_H_ +#define _KP_USER_EVENT_H_ + +int report_user_event(const char *event, const char *args); + +#endif \ No newline at end of file diff --git a/src/cgroupv2_freeze/cgroupv2_freeze.c b/src/cgroupv2_freeze/cgroupv2_freeze.c index 5dc6702..d97a54e 100644 --- a/src/cgroupv2_freeze/cgroupv2_freeze.c +++ b/src/cgroupv2_freeze/cgroupv2_freeze.c @@ -201,7 +201,7 @@ static void cgroup_addrm_files_after(hook_fargs4_t* args, void* udata) { return; ((typeof(cgroup_addrm_files)) - hook_chain_origin_func(args))((struct cgroup_subsys_state*)args->arg0, (struct cgroup*)args->arg1, cgroup_freeze_files, (bool)args->arg3); + wrap_get_origin_func(args))((struct cgroup_subsys_state*)args->arg0, (struct cgroup*)args->arg1, cgroup_freeze_files, (bool)args->arg3); } static const char uid_[] = "uid_"; diff --git a/src/critical_partition_protect/critical_partition_protect.c b/src/critical_partition_protect/critical_partition_protect.c index 3a66764..8d67546 100644 --- a/src/critical_partition_protect/critical_partition_protect.c +++ b/src/critical_partition_protect/critical_partition_protect.c @@ -23,7 +23,7 @@ KPM_NAME("Anti Format Critical Partition"); KPM_VERSION(ANTI_FORMAT_VERSION); KPM_LICENSE("GPL v2"); KPM_AUTHOR("1f2003d5 & sekaiacg"); -KPM_DESCRIPTION("通过拦截内核调用对关键分区进行保护,防止被恶意格机"); +KPM_DESCRIPTION("By intercepting kernel calls, critical partitions are protected to prevent malicious formatting"); char *skfunc_def(d_path)(const struct path *path, char *buf, int buflen) = NULL; void skfunc_def(fput)(struct file *file) = NULL; @@ -77,7 +77,7 @@ static inline bool uninstallHook() { if (hook_success(do_filp_open)) { unhook((void *)hook_original(do_filp_open)); - hook_err(do_filp_open) = HOOK_NOT_HOOK; + hook_err(do_filp_open) = HOOK_DUPLICATED; pr_info("[AntiFormatDevice] hook uninstalled...\n"); } else { pr_info("[AntiFormatDevice] Maybe it's not hooked, skipping...\n"); diff --git a/src/hosts_file_redirect/hosts_file_redirect.c b/src/hosts_file_redirect/hosts_file_redirect.c index 12fd64a..2e51181 100644 --- a/src/hosts_file_redirect/hosts_file_redirect.c +++ b/src/hosts_file_redirect/hosts_file_redirect.c @@ -74,7 +74,7 @@ static inline bool uninstallHook() { if (hook_success(do_filp_open)) { unhook((void *)hook_original(do_filp_open)); - hook_err(do_filp_open) = HOOK_NOT_HOOK; + hook_err(do_filp_open) = HOOK_DUPLICATED; pr_info("HFR: disbaled !\n"); } else { pr_info("HFR: Always disabled !\n"); diff --git a/src/selinux_policydb_fix/selinux_policydb_fix.c b/src/selinux_policydb_fix/selinux_policydb_fix.c index fa097bc..7877a17 100644 --- a/src/selinux_policydb_fix/selinux_policydb_fix.c +++ b/src/selinux_policydb_fix/selinux_policydb_fix.c @@ -67,7 +67,7 @@ static inline bool uninstallHook() { if (hook_success(policydb_write)) { unhook((void *)hook_original(policydb_write)); - hook_err(policydb_write) = HOOK_NOT_HOOK; + hook_err(policydb_write) = HOOK_DUPLICATED; pr_info("PDBF: disbaled !\n"); } else { pr_info("PDBF: Always disabled !\n");