diff --git a/kernel/base/predata.c b/kernel/base/predata.c index 71878bb..1809a41 100644 --- a/kernel/base/predata.c +++ b/kernel/base/predata.c @@ -7,6 +7,7 @@ #include #include #include +#include #include "start.h" #include "pgtable.h" @@ -16,7 +17,9 @@ extern start_preset_t start_preset; static char *superkey = 0; static char *root_superkey = 0; -static struct patch_symbol *patch_symbol = 0; + +struct patch_config *patch_config = 0; +KP_EXPORT_SYMBOL(patch_config); static const char bstr[] = "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789"; @@ -71,11 +74,6 @@ const char *get_superkey() return superkey; } -struct patch_symbol *get_preset_patch_sym() -{ - return patch_symbol; -} - int on_each_extra_item(int (*callback)(const patch_extra_item_t *extra, const char *arg, const void *con, void *udata), void *udata) { @@ -128,9 +126,9 @@ void predata_init() } log_boot("gen rand key: %s\n", superkey); - patch_symbol = &start_preset.patch_symbol; + patch_config = &start_preset.patch_config; - for (uintptr_t addr = (uint64_t)patch_symbol; addr < (uintptr_t)patch_symbol + PATCH_SYMBOL_LEN; + for (uintptr_t addr = (uint64_t)patch_config; addr < (uintptr_t)patch_config + PATCH_CONFIG_LEN; addr += sizeof(uintptr_t)) { uintptr_t *p = (uintptr_t *)addr; if (*p) *p += kernel_va; diff --git a/kernel/base/setup1.S b/kernel/base/setup1.S index 10c05e2..9cb6f97 100644 --- a/kernel/base/setup1.S +++ b/kernel/base/setup1.S @@ -109,10 +109,10 @@ start_prepare: mov x2, #ROOT_SUPER_KEY_HASH_LEN bl memcpy8 - // memcpy(&start_preset.patch_symbol, &setup_preset.patch_symbol, sizeof(header.patch_symbol)); - add x0, x11, #start_patch_symbol_offset; - add x1, x10, #setup_patch_symbol_offset - mov x2, #PATCH_SYMBOL_LEN + // memcpy(&start_preset.patch_config, &setup_preset.patch_config, sizeof(header.patch_config)); + add x0, x11, #start_patch_config_offset; + add x1, x10, #setup_patch_config_offset + mov x2, #PATCH_CONFIG_LEN bl memcpy8 // backup map area diff --git a/kernel/base/start.h b/kernel/base/start.h index 5766bfb..3cc3b66 100644 --- a/kernel/base/start.h +++ b/kernel/base/start.h @@ -24,7 +24,7 @@ typedef struct uint8_t map_backup[MAP_MAX_SIZE]; uint8_t superkey[SUPER_KEY_LEN]; uint8_t root_superkey[ROOT_SUPER_KEY_HASH_LEN]; - patch_symbol_t patch_symbol; + patch_config_t patch_config; } start_preset_t; #else #define start_header_offset 0 @@ -39,8 +39,8 @@ typedef struct #define start_map_backup_offset (start_map_backup_len_offset + 8) #define start_superkey_offset (start_map_backup_offset + MAP_MAX_SIZE) #define start_root_superkey_offset (start_superkey_offset + SUPER_KEY_LEN) -#define start_patch_symbol_offset (start_root_superkey_offset + ROOT_SUPER_KEY_HASH_LEN) -#define start_patch_extra_offset_offset (start_patch_symbol_offset + PATCH_SYMBOL_LEN) +#define start_patch_config_offset (start_root_superkey_offset + ROOT_SUPER_KEY_HASH_LEN) +#define start_patch_extra_offset_offset (start_patch_config_offset + PATCH_CONFIG_LEN) #define start_patch_extra_size_offset (start_patch_extra_offset_offset + 8) #define start_end (start_patch_extra_size_offset + 8) #endif diff --git a/kernel/include/predata.h b/kernel/include/predata.h index 5d02451..136b77e 100644 --- a/kernel/include/predata.h +++ b/kernel/include/predata.h @@ -9,14 +9,13 @@ #include #include +extern struct patch_config *patch_config; + int auth_superkey(const char *key); void reset_superkey(const char *key); void enable_auth_root_key(bool enable); const char *get_superkey(); - uint64_t rand_next(); -uint64_t get_build_config(); -struct patch_symbol *get_preset_patch_sym(); int on_each_extra_item(int (*callback)(const patch_extra_item_t *extra, const char *arg, const void *data, void *udata), void *udata); diff --git a/kernel/include/preset.h b/kernel/include/preset.h index b1a3edc..ba7471f 100644 --- a/kernel/include/preset.h +++ b/kernel/include/preset.h @@ -30,7 +30,7 @@ #define MAP_SYMBOL_NUM (5) #define MAP_SYMBOL_SIZE (MAP_SYMBOL_NUM * 8) -#define PATCH_SYMBOL_LEN (512) +#define PATCH_CONFIG_LEN (512) #define ADDITIONAL_LEN (512) @@ -98,7 +98,7 @@ _Static_assert(sizeof(map_symbol_t) == MAP_SYMBOL_SIZE, "sizeof map_symbol_t mis #endif #ifndef __ASSEMBLY__ -struct patch_symbol +struct patch_config { union { @@ -120,11 +120,11 @@ struct patch_symbol uint64_t slow_avc_audit; uint64_t input_handle_event; }; - char _cap[PATCH_SYMBOL_LEN]; + char _cap[PATCH_CONFIG_LEN]; }; }; -typedef struct patch_symbol patch_symbol_t; -_Static_assert(sizeof(patch_symbol_t) == PATCH_SYMBOL_LEN, "sizeof patch_symbol_t mismatch"); +typedef struct patch_config patch_config_t; +_Static_assert(sizeof(patch_config_t) == PATCH_CONFIG_LEN, "sizeof patch_config_t mismatch"); #endif #ifndef __ASSEMBLY__ @@ -210,7 +210,7 @@ typedef struct map_symbol_t map_symbol; uint8_t header_backup[HDR_BACKUP_SIZE]; uint8_t superkey[SUPER_KEY_LEN]; - patch_symbol_t patch_symbol; + patch_config_t patch_config; char additional[ADDITIONAL_LEN]; } setup_preset_be_000a04_t; @@ -235,7 +235,7 @@ typedef struct _setup_preset_t uint8_t superkey[SUPER_KEY_LEN]; uint8_t root_superkey[ROOT_SUPER_KEY_HASH_LEN]; uint8_t __[SETUP_PRESERVE_LEN]; - patch_symbol_t patch_symbol; + patch_config_t patch_config; char additional[ADDITIONAL_LEN]; } setup_preset_t; #else @@ -256,8 +256,8 @@ typedef struct _setup_preset_t #define setup_header_backup_offset (setup_map_symbol_offset + MAP_SYMBOL_SIZE) #define setup_superkey_offset (setup_header_backup_offset + HDR_BACKUP_SIZE) #define setup_root_superkey_offset (setup_superkey_offset + SUPER_KEY_LEN) -#define setup_patch_symbol_offset (setup_root_superkey_offset + ROOT_SUPER_KEY_HASH_LEN + SETUP_PRESERVE_LEN) -#define setup_end (setup_patch_symbol_offset + PATCH_SYMBOL_LEN) +#define setup_patch_config_offset (setup_root_superkey_offset + ROOT_SUPER_KEY_HASH_LEN + SETUP_PRESERVE_LEN) +#define setup_end (setup_patch_config_offset + PATCH_CONFIG_LEN) #endif #ifndef __ASSEMBLY__ diff --git a/kernel/patch/android/userd.c b/kernel/patch/android/userd.c index e120767..2c20299 100644 --- a/kernel/patch/android/userd.c +++ b/kernel/patch/android/userd.c @@ -371,7 +371,7 @@ int android_user_init() log_boot("hook __NR_openat rc: %d\n", rc); ret |= rc; - unsigned long input_handle_event_addr = get_preset_patch_sym()->input_handle_event; + unsigned long input_handle_event_addr = patch_config->input_handle_event; if (input_handle_event_addr) { rc = hook_wrap4((void *)input_handle_event_addr, before_input_handle_event, 0, 0); ret |= rc; diff --git a/kernel/patch/common/accctl.c b/kernel/patch/common/accctl.c index 73d3995..6d09f1b 100644 --- a/kernel/patch/common/accctl.c +++ b/kernel/patch/common/accctl.c @@ -234,7 +234,7 @@ static int slow_avc_audit_replace(struct selinux_state *_state, void *_ssid, voi int bypass_selinux() { - unsigned long avc_denied_addr = get_preset_patch_sym()->avc_denied; + unsigned long avc_denied_addr = patch_config->avc_denied; if (avc_denied_addr) { hook_err_t err = hook((void *)avc_denied_addr, (void *)avc_denied_replace, (void **)&avc_denied_backup); if (err != HOOK_NO_ERR) { @@ -242,7 +242,7 @@ int bypass_selinux() } } - unsigned long slow_avc_audit_addr = get_preset_patch_sym()->slow_avc_audit; + unsigned long slow_avc_audit_addr = patch_config->slow_avc_audit; if (slow_avc_audit_addr) { hook_err_t err = hook((void *)slow_avc_audit_addr, (void *)slow_avc_audit_replace, (void **)&slow_avc_audit_backup); diff --git a/kernel/patch/common/secpass.c b/kernel/patch/common/secpass.c index d1d4a39..2b6bce9 100644 --- a/kernel/patch/common/secpass.c +++ b/kernel/patch/common/secpass.c @@ -52,7 +52,7 @@ int bypass_kcfi() // 6.1.0 // todo: Is there more elegant way? - unsigned long report_cfi_failure_addr = get_preset_patch_sym()->report_cfi_failure; + unsigned long report_cfi_failure_addr = patch_config->report_cfi_failure; if (report_cfi_failure_addr) { hook_err_t err = hook((void *)report_cfi_failure_addr, (void *)replace_report_cfi_failure, (void **)&backup_report_cfi_failure); @@ -64,9 +64,9 @@ int bypass_kcfi() } // todo: direct modify cfi_shadow, __cfi_check? - unsigned long __cfi_slowpath_addr = get_preset_patch_sym()->__cfi_slowpath_diag; + unsigned long __cfi_slowpath_addr = patch_config->__cfi_slowpath_diag; if (!__cfi_slowpath_addr) { - __cfi_slowpath_addr = get_preset_patch_sym()->__cfi_slowpath; + __cfi_slowpath_addr = patch_config->__cfi_slowpath; } if (__cfi_slowpath_addr) { hook_err_t err = diff --git a/kernel/patch/common/selinuxhook.c.bak b/kernel/patch/common/selinuxhook.c.bak index 2e2329c..20be0f2 100644 --- a/kernel/patch/common/selinuxhook.c.bak +++ b/kernel/patch/common/selinuxhook.c.bak @@ -299,7 +299,7 @@ static int slow_avc_audit_replace(struct selinux_state *_state, void *_ssid, voi int selinux_hook_install() { - unsigned long avc_denied_addr = get_preset_patch_sym()->avc_denied; + unsigned long avc_denied_addr = patch_config->avc_denied; if (avc_denied_addr) { hook_err_t err = hook((void *)avc_denied_addr, (void *)avc_denied_replace, (void **)&avc_denied_backup); if (err != HOOK_NO_ERR) { @@ -307,7 +307,7 @@ int selinux_hook_install() } } - unsigned long slow_avc_audit_addr = get_preset_patch_sym()->slow_avc_audit; + unsigned long slow_avc_audit_addr = patch_config->slow_avc_audit; if (slow_avc_audit_addr) { hook_err_t err = hook((void *)slow_avc_audit_addr, (void *)slow_avc_audit_replace, (void **)&slow_avc_audit_backup); diff --git a/kernel/patch/common/taskob.c b/kernel/patch/common/taskob.c index d8fe863..5b10b9b 100644 --- a/kernel/patch/common/taskob.c +++ b/kernel/patch/common/taskob.c @@ -75,12 +75,12 @@ int task_observer() prepare_init_ext(init_task); - unsigned long copy_process_addr = get_preset_patch_sym()->copy_process; + unsigned long copy_process_addr = patch_config->copy_process; if (copy_process_addr) { rc |= hook_wrap8((void *)copy_process_addr, 0, after_copy_process, 0); log_boot("hook copy_process: %llx, rc: %d\n", copy_process_addr, rc); } else { - unsigned long cgroup_post_fork_addr = get_preset_patch_sym()->cgroup_post_fork; + unsigned long cgroup_post_fork_addr = patch_config->cgroup_post_fork; if (cgroup_post_fork_addr) { rc |= hook_wrap4((void *)cgroup_post_fork_addr, 0, after_cgroup_post_fork, 0); log_boot("hook cgroup_post_fork: %llx, rc: %d\n", cgroup_post_fork_addr, rc); diff --git a/kernel/patch/patch.c b/kernel/patch/patch.c index 4b32201..9f30d86 100644 --- a/kernel/patch/patch.c +++ b/kernel/patch/patch.c @@ -125,7 +125,7 @@ int patch() hook_err_t rc = 0; - unsigned long panic_addr = get_preset_patch_sym()->panic; + unsigned long panic_addr = patch_config->panic; logkd("panic addr: %llx\n", panic_addr); if (panic_addr) { rc = hook_wrap12((void *)panic_addr, before_panic, 0, 0); @@ -134,8 +134,8 @@ int patch() if (rc) return rc; // rest_init or cgroup_init - unsigned long init_addr = get_preset_patch_sym()->rest_init; - if (!init_addr) init_addr = get_preset_patch_sym()->cgroup_init; + unsigned long init_addr = patch_config->rest_init; + if (!init_addr) init_addr = patch_config->cgroup_init; if (init_addr) { rc = hook_wrap4((void *)init_addr, before_rest_init, 0, (void *)init_addr); log_boot("hook rest_init rc: %d\n", rc); @@ -143,7 +143,7 @@ int patch() if (rc) return rc; // kernel_init - unsigned long kernel_init_addr = get_preset_patch_sym()->kernel_init; + unsigned long kernel_init_addr = patch_config->kernel_init; if (kernel_init_addr) { rc = hook_wrap4((void *)kernel_init_addr, before_kernel_init, after_kernel_init, 0); log_boot("hook kernel_init rc: %d\n", rc); diff --git a/tools/patch.c b/tools/patch.c index bc981db..cb2d0d2 100644 --- a/tools/patch.c +++ b/tools/patch.c @@ -531,7 +531,7 @@ int patch_update_img(const char *kimg_path, const char *kpimg_path, const char * memcpy(setup->header_backup, kallsym_kimg, sizeof(setup->header_backup)); // start symbol - fillin_patch_symbol(&kallsym, kallsym_kimg, ori_kimg_len, &setup->patch_symbol, kinfo->is_be, 0); + fillin_patch_config(&kallsym, kallsym_kimg, ori_kimg_len, &setup->patch_config, kinfo->is_be, 0); // superkey if (!root_key) { diff --git a/tools/symbol.c b/tools/symbol.c index d3787b9..e8d3c40 100644 --- a/tools/symbol.c +++ b/tools/symbol.c @@ -101,7 +101,7 @@ static int get_cand_arr_symbol_offset_zero(kallsym_t *kallsym, char *img_buf, ch return offset; } -int fillin_patch_symbol(kallsym_t *kallsym, char *img_buf, int imglen, patch_symbol_t *symbol, int32_t target_is_be, +int fillin_patch_config(kallsym_t *kallsym, char *img_buf, int imglen, patch_config_t *symbol, int32_t target_is_be, bool is_android) { symbol->panic = get_symbol_offset_zero(kallsym, img_buf, "panic"); diff --git a/tools/symbol.h b/tools/symbol.h index 03a00a9..86f22bc 100644 --- a/tools/symbol.h +++ b/tools/symbol.h @@ -19,7 +19,7 @@ int32_t get_symbol_offset_exit(kallsym_t *info, char *img, char *symbol); int32_t find_suffixed_symbol(kallsym_t *kallsym, char *img_buf, const char *symbol); void select_map_area(kallsym_t *kallsym, char *image_buf, int32_t *map_start, int32_t *max_size); int fillin_map_symbol(kallsym_t *kallsym, char *img_buf, map_symbol_t *symbol, int32_t target_is_be); -int fillin_patch_symbol(kallsym_t *kallsym, char *img_buf, int imglen, patch_symbol_t *symbol, int32_t target_is_be, +int fillin_patch_config(kallsym_t *kallsym, char *img_buf, int imglen, patch_config_t *symbol, int32_t target_is_be, bool is_android); #endif \ No newline at end of file