-
Notifications
You must be signed in to change notification settings - Fork 55
/
fopskit.h
103 lines (81 loc) · 3.04 KB
/
fopskit.h
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
#ifndef FOPSKIT_H_INCLUDED
#define FOPSKIT_H_INCLUDED
#include <linux/ftrace.h>
#include <linux/stop_machine.h>
#include <linux/slab.h>
#ifdef CONFIG_X86_64
#define REGS_ARG1 regs->di
#define REGS_ARG2 regs->si
#define REGS_ARG3 regs->dx
#else
#error "Arch not currently supported."
#endif
#ifndef CONFIG_SECURITY
#error "This module requires CONFIG_SECURITY to be enabled"
#endif
#ifndef CONFIG_FUNCTION_TRACER
#error "This module requires CONFIG_FUNCTION_TRACER to be enabled"
#endif
struct fops_hook {
char *name;
void *addr;
bool found;
bool hooked;
struct ftrace_ops *fops;
};
struct fops_cred_handler {
int (*proc_sys_write)(struct file *);
int (*security_prepare_creds)(struct cred *, const struct cred *, gfp_t);
int (*security_cred_alloc_blank)(struct cred *, gfp_t);
};
#define fopskit_return(func) {regs->ip = (unsigned long)func; return;}
#define fops_hook_val(val) \
{#val, NULL, false, false, &fops_##val}
#define fopskit_hook_handler(val) \
static void notrace fopskit_##val(unsigned long, unsigned long, \
struct ftrace_ops *, struct pt_regs *); \
static struct ftrace_ops fops_##val __read_mostly = { \
.func = fopskit_##val, \
.flags = FTRACE_OPS_FL_SAVE_REGS | FTRACE_OPS_FL_IPMODIFY, \
}; \
static void notrace fopskit_##val(unsigned long ip, unsigned long parent_ip, \
struct ftrace_ops *fops, struct pt_regs *regs)
#define IN_ERR(x) (x < 0)
int fopskit_ok(void);
int fopskit_eperm(void);
int fopskit_eacces(void);
int fopskit_enomem(void);
int fopskit_sym_hook(struct fops_hook *);
int fopskit_sym_unhook(struct fops_hook *);
int fopskit_sym_int(char *);
char *fopskit_sym_str(char *);
void *fopskit_sym_ptr(char *);
#define fops_hook_error(func, ret, fops) printk("fopskit: %s() failed with return code %d for fops_hook { name => %s, addr => %lx, found => %d, hooked => %d } at %s() line %d\n", \
func, ret, fops->name, (unsigned long)fops->addr, fops->found, fops->hooked, __FUNCTION__, __LINE__)
#define fopskit_hook_list(hooks, val) \
for (i = 0; i < ARRAY_SIZE(hooks); i++) { \
ret = fopskit_sym_hook(&hooks[i]); \
if (IN_ERR(ret)) { \
if (val) { \
printk("fopskit: returning error %d to module_init because symbol \"%s\" is marked as required\n", ret, hooks[i].name); \
goto out_err; \
} \
} \
}
#define fopskit_unhook_list(hooks) \
for (i = 0; i < ARRAY_SIZE(hooks); i++) { \
fopskit_sym_unhook(&hooks[i]); \
}
extern bool fopskit_cred_remapped;
extern size_t cred_sec_size;
int fopskit_init_cred_security(struct fops_cred_handler *);
void fopskit_exit(int);
/* this struct occupies the appended memory area of a task's cred->security
* change this to your heart's desire; just use the fopskit_cred_security_ptr() macro to access it */
struct fopskit_cred_security {
unsigned long fopskit_flags;
};
/* roll a pointer forward to the fopskit_cred_security struct area of the given cred->security pointer */
#define fopskit_cred_security_ptr(ptr, tsec) ptr = (struct fopskit_cred_security *) tsec+(cred_sec_size/sizeof(void *))
#define FOPSKIT_CRED_SIZE (cred_sec_size+sizeof(struct fopskit_cred_security))
#endif