diff --git a/kernel/Makefile b/kernel/Makefile index 4fc6b336..f88f1164 100644 --- a/kernel/Makefile +++ b/kernel/Makefile @@ -2,6 +2,8 @@ ifndef TARGET_COMPILE $(error TARGET_COMPILE is not set) endif +TARGET=kpimg + CC = $(TARGET_COMPILE)gcc LD = $(TARGET_COMPILE)ld AS = $(TARGET_COMPILE)as @@ -39,6 +41,9 @@ BASE_SRCS += $(wildcard init/ksyms/*.c) BASE_SRCS += $(wildcard init/struct/*.c) BASE_SRCS += $(wildcard init/debug/*.c) +ifdef ANDROID + BASE_SRCS += $(wildcard init/android/*.c) +endif SRCS += $(BASE_SRCS) SRCS += $(LINUX_SRCS) @@ -46,12 +51,13 @@ SRCS += $(LINUX_SRCS) OBJS := $(SRCS:.c=.o) OBJS := $(OBJS:.S=.o) -all: kpimg hdr -kpimg: kpimg.elf +all: ${TARGET} hdr + +${TARGET}: ${TARGET}.elf ${OBJCOPY} -O binary -S $^ $@ -kpimg.elf: ${OBJS} +${TARGET}.elf: ${OBJS} ${LD} -nostdlib -static -no-pie -Tkpimg.lds -o $@ $^ %.o: %.c diff --git a/kernel/init/accctl/supercall.c b/kernel/init/accctl/supercall.c index b859190e..d306bea7 100644 --- a/kernel/init/accctl/supercall.c +++ b/kernel/init/accctl/supercall.c @@ -48,21 +48,6 @@ static inline long call_su(const char *sctx) return ret; } -static long call_grant_su(uid_t uid) -{ - return add_allow_uid(uid); -} - -static long call_revoke_su(uid_t uid) -{ - return remove_allow_uid(uid); -} - -static long call_list_su_allow(uid_t *__user uids, size_t *__user size) -{ - return list_allow_uids(uids, size); -} - static long call_thread_su(pid_t pid, const char *sctx) { int ret = SUPERCALL_RES_SUCCEED; @@ -79,7 +64,8 @@ static long supercall(long cmd, void *__user arg1, void *__user arg2, void *__us { logkd("SuperCall with cmd: %x\n", cmd); - long ret = SUPERCALL_RES_SUCCEED; + long ret = SUPERCALL_RES_NOT_IMPL; + if (cmd == SUPERCALL_HELLO) { ret = call_hello(); } else if (cmd == SUPERCALL_GET_KERNEL_VERSION) { @@ -91,29 +77,23 @@ static long supercall(long cmd, void *__user arg1, void *__user arg2, void *__us } else if (cmd == SUPERCALL_UNLOAD_KPM) { ret = call_unload_kpm(0, 0); } else if (cmd == SUPERCALL_SU) { - char sctx[SUPERCALL_SCONTEXT_LEN] = { '\0' }; - long len = strncpy_from_user(sctx, (const char *)arg1, SUPERCALL_SCONTEXT_LEN - 1); + char sctx[SUPERCALL_SCONTEXT_LEN + 1]; + sctx[SUPERCALL_SCONTEXT_LEN] = 0; + long len = strncpy_from_user(sctx, (const char *)arg1, SUPERCALL_SCONTEXT_LEN); ret = call_su(len > 0 ? sctx : 0); - } else if (cmd == SUPERCALL_GRANT_SU) { - uid_t uid = (uid_t)(uintptr_t)arg1; - ret = call_grant_su(uid); - } else if (cmd == SUPERCALL_REVOKE_SU) { - uid_t uid = (uid_t)(uintptr_t)arg1; - ret = call_revoke_su(uid); - } else if (cmd == SUPERCALL_LIST_SU_ALLOW) { - uid_t *uids = (uid_t *)arg1; - size_t *size = (size_t *)arg2; - ret = call_list_su_allow(uids, size); } else if (cmd == SUPERCALL_THREAD_SU) { pid_t pid = (pid_t)(uintptr_t)arg1; - char sctx[SUPERCALL_SCONTEXT_LEN] = { '\0' }; - long len = strncpy_from_user(sctx, (const char *)arg2, SUPERCALL_SCONTEXT_LEN - 1); + char sctx[SUPERCALL_SCONTEXT_LEN + 1]; + sctx[SUPERCALL_SCONTEXT_LEN] = 0; + long len = strncpy_from_user(sctx, (const char *)arg2, SUPERCALL_SCONTEXT_LEN); ret = call_thread_su(pid, len > 0 ? sctx : 0); } else if (cmd == SUPERCALL_THREAD_UNSU) { pid_t pid = (pid_t)(uintptr_t)arg1; ret = call_thread_unsu(pid); } else { - ret = SUPERCALL_RES_NOT_IMPL; +#ifdef ANDROID + ret = supercall_android(cmd, arg1, arg2, arg3); +#endif } return ret; } diff --git a/kernel/init/accctl/sucompat.c b/kernel/init/android/sucompat.c similarity index 97% rename from kernel/init/accctl/sucompat.c rename to kernel/init/android/sucompat.c index 5422e976..8af0b09a 100644 --- a/kernel/init/accctl/sucompat.c +++ b/kernel/init/android/sucompat.c @@ -182,7 +182,7 @@ static void *replace_do_execve(void *a0, void *a1, void *a2, void *a3, void *a4, } if (!IS_ERR(filename)) { if (!min_strcmp(filename->name, android_su_path)) { - // todo: bugs printk + // todo: panic printk // logkd("exec: uid: %d, filename: %s\n", uid, filename->name); commit_su(0, 0); min_strcpy((char *)filename->name, android_sh_path); @@ -204,7 +204,7 @@ static long replace_faccessat(int dfd, char __user *filename, int mode, int flag char buf[sizeof(android_su_path) + 1] = { '\0' }; strncpy_from_user(buf, filename, sizeof(android_su_path)); if (!min_strcmp(buf, android_su_path)) { - logkd("access: uid: %d, filename: %s\n", uid, buf); + // logkd("access: uid: %d, filename: %s\n", uid, buf); copy_to_user(filename, android_sh_path, sizeof(android_sh_path)); change_flag = 1; } @@ -229,14 +229,14 @@ static void *replace_vfs_stat(int dfd, void *a1, void *a2, void *a3, void *a4, v if ((((uintptr_t)a1) & 0xF000000000000000) == 0xF000000000000000) { struct filename *filename = (struct filename *)a1; if (!min_strcmp(filename->name, android_su_path)) { - logkd("stat: uid: %d, filename: %s\n", uid, filename); + // logkd("stat: uid: %d, filename: %s\n", uid, filename); min_strcpy((char *)filename->name, android_sh_path); } } else { char buf[sizeof(android_su_path) + 1] = { '\0' }; strncpy_from_user(buf, a1, sizeof(android_su_path)); if (!min_strcmp(buf, android_su_path)) { - logkd("stat: uid: %d, user filename: %s\n", uid, buf); + // logkd("stat: uid: %d, user filename: %s\n", uid, buf); copy_to_user(a1, android_sh_path, sizeof(android_sh_path)); change_flag = 1; } diff --git a/kernel/init/android/supercall.c b/kernel/init/android/supercall.c new file mode 100644 index 00000000..8f76211d --- /dev/null +++ b/kernel/init/android/supercall.c @@ -0,0 +1,45 @@ +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include + +static long call_grant_su(uid_t uid) +{ + return add_allow_uid(uid); +} + +static long call_revoke_su(uid_t uid) +{ + return remove_allow_uid(uid); +} + +static long call_list_su_allow(uid_t *__user uids, size_t *__user size) +{ + return list_allow_uids(uids, size); +} + +long supercall_android(long cmd, void *__user arg1, void *__user arg2, void *__user arg3) +{ + long ret; + if (cmd == SUPERCALL_GRANT_SU) { + uid_t uid = (uid_t)(uintptr_t)arg1; + ret = call_grant_su(uid); + } else if (cmd == SUPERCALL_REVOKE_SU) { + uid_t uid = (uid_t)(uintptr_t)arg1; + ret = call_revoke_su(uid); + } else if (cmd == SUPERCALL_LIST_SU_ALLOW) { + uid_t *uids = (uid_t *)arg1; + size_t *size = (size_t *)arg2; + ret = call_list_su_allow(uids, size); + } else { + ret = SUPERCALL_RES_NOT_IMPL; + } + return ret; +} diff --git a/kernel/init/include/accctl.h b/kernel/init/include/accctl.h index 7907a870..8c17aa5e 100644 --- a/kernel/init/include/accctl.h +++ b/kernel/init/include/accctl.h @@ -22,4 +22,8 @@ int su_compat_init(); int selinux_hook_install(); int supercall_install(); +#ifdef ANDROID +long supercall_android(long cmd, void *__user arg1, void *__user arg2, void *__user arg3); +#endif + #endif \ No newline at end of file diff --git a/kernel/init/include/uapi/scdefs.h b/kernel/init/include/uapi/scdefs.h index 1beddf08..6427e0b1 100644 --- a/kernel/init/include/uapi/scdefs.h +++ b/kernel/init/include/uapi/scdefs.h @@ -19,11 +19,14 @@ static inline long hash_key(const char *key) #define SUPERCALL_LOAD_KPM 0x1003 #define SUPERCALL_UNLOAD_KPM 0x1004 #define SUPERCALL_SU 0x1005 -#define SUPERCALL_GRANT_SU 0x1006 -#define SUPERCALL_REVOKE_SU 0x1007 -#define SUPERCALL_LIST_SU_ALLOW 0x1008 -#define SUPERCALL_THREAD_SU 0x1009 -#define SUPERCALL_THREAD_UNSU 0x100a +#define SUPERCALL_THREAD_SU 0x1006 +#define SUPERCALL_THREAD_UNSU 0x1007 + +#ifdef ANDROID +#define SUPERCALL_GRANT_SU 0x1020 +#define SUPERCALL_REVOKE_SU 0x1021 +#define SUPERCALL_LIST_SU_ALLOW 0x1022 +#endif #define SUPERCALL_MAX 0x1100 diff --git a/kernel/init/init.c b/kernel/init/init.c index 25e773e1..23ae528e 100644 --- a/kernel/init/init.c +++ b/kernel/init/init.c @@ -68,17 +68,16 @@ int linux_symbol_init() static inline void do_init() { logki("==== KernelPatch Do Init ====\n"); - linux_symbol_init(); linux_sybmol_len_init(); - syscall_init(); build_struct(); task_observer(); selinux_hook_install(); supercall_install(); +#ifdef ANDROID su_compat_init(); - +#endif logki("==== KernelPatch Everything Done ====\n"); } diff --git a/user/main.c b/user/main.c index f458dcee..b81f1543 100644 --- a/user/main.c +++ b/user/main.c @@ -112,17 +112,6 @@ int main(int argc, char **argv) continue; } } -#if 1 - uint64_t stack_pointer; - __asm__ volatile("mov %0, sp" : "=r"(stack_pointer)); - fprintf(stdout, "Stack Pointer (SP): %p\n", stack_pointer); - uid_t ruid, euid, suid; - gid_t rgid, egid, sgid; - getresuid(&ruid, &euid, &suid); - getresgid(&rgid, &egid, &sgid); - fprintf(stdout, "resuid: %ud, %ud, %ud, resgid: %ud, %ud, %ud\n", ruid, euid, suid, rgid, egid, sgid); - fprintf(stdout, "command no: %x, arg1: %s, arg2: %s, arg3:%s\n", cmd, arg1, arg2, arg3); -#endif long ret = 0; if (cmd == SUPERCALL_HELLO) { ret = sc_hello(key); @@ -156,9 +145,11 @@ int main(int argc, char **argv) ret = sc_list_su_allow(key, uids, &size); if (ret) return ret; + fprintf(stdout, "su allow nums: %d\n", (int)size); for (int i = 0; i < size; i++) { - fprintf(stdout, "su allow uid: %d\n", uids[i]); + fprintf(stdout, "%d\t", uids[i]); } + fprintf(stdout, "\n"); } else if (cmd == SUPERCALL_THREAD_SU) { if (!arg1) { fprintf(stderr, "Empty tid!\n");