mirror of
https://github.com/followmsi/android_kernel_google_msm.git
synced 2024-11-06 23:17:41 +00:00
ff9ff2f4b9
(cherry pick from commit a9ac1262ce
)
With Android M, Android environments use a separate execution
domain for 32bit processes.
See:
https://android-review.googlesource.com/#/c/122131/
This results in systems that use kernel modules to see selinux
audit noise like:
type=1400 audit(28.989:15): avc: denied { module_request } for
pid=1622 comm="app_process32" kmod="personality-8"
scontext=u:r:zygote:s0 tcontext=u:r:kernel:s0 tclass=system
While using kernel modules is unadvised, some systems do require
them.
Thus to avoid developers adding sepolicy exceptions to allow for
request_module calls, this patch disables the logic which tries
to call request_module for the 32bit personality (ie:
personality-8), which doesn't actually exist.
Signed-off-by: John Stultz <john.stultz@linaro.org>
Change-Id: I9cb90bd1291f0a858befa7d347c85464346702db
202 lines
4.5 KiB
C
202 lines
4.5 KiB
C
/*
|
|
* Handling of different ABIs (personalities).
|
|
*
|
|
* We group personalities into execution domains which have their
|
|
* own handlers for kernel entry points, signal mapping, etc...
|
|
*
|
|
* 2001-05-06 Complete rewrite, Christoph Hellwig (hch@infradead.org)
|
|
*/
|
|
|
|
#include <linux/init.h>
|
|
#include <linux/kernel.h>
|
|
#include <linux/kmod.h>
|
|
#include <linux/module.h>
|
|
#include <linux/personality.h>
|
|
#include <linux/proc_fs.h>
|
|
#include <linux/sched.h>
|
|
#include <linux/seq_file.h>
|
|
#include <linux/syscalls.h>
|
|
#include <linux/sysctl.h>
|
|
#include <linux/types.h>
|
|
#include <linux/fs_struct.h>
|
|
|
|
|
|
static void default_handler(int, struct pt_regs *);
|
|
|
|
static struct exec_domain *exec_domains = &default_exec_domain;
|
|
static DEFINE_RWLOCK(exec_domains_lock);
|
|
|
|
|
|
static unsigned long ident_map[32] = {
|
|
0, 1, 2, 3, 4, 5, 6, 7,
|
|
8, 9, 10, 11, 12, 13, 14, 15,
|
|
16, 17, 18, 19, 20, 21, 22, 23,
|
|
24, 25, 26, 27, 28, 29, 30, 31
|
|
};
|
|
|
|
struct exec_domain default_exec_domain = {
|
|
.name = "Linux", /* name */
|
|
.handler = default_handler, /* lcall7 causes a seg fault. */
|
|
.pers_low = 0, /* PER_LINUX personality. */
|
|
.pers_high = 0, /* PER_LINUX personality. */
|
|
.signal_map = ident_map, /* Identity map signals. */
|
|
.signal_invmap = ident_map, /* - both ways. */
|
|
};
|
|
|
|
|
|
static void
|
|
default_handler(int segment, struct pt_regs *regp)
|
|
{
|
|
set_personality(0);
|
|
|
|
if (current_thread_info()->exec_domain->handler != default_handler)
|
|
current_thread_info()->exec_domain->handler(segment, regp);
|
|
else
|
|
send_sig(SIGSEGV, current, 1);
|
|
}
|
|
|
|
static struct exec_domain *
|
|
lookup_exec_domain(unsigned int personality)
|
|
{
|
|
unsigned int pers = personality(personality);
|
|
struct exec_domain *ep;
|
|
|
|
read_lock(&exec_domains_lock);
|
|
for (ep = exec_domains; ep; ep = ep->next) {
|
|
if (pers >= ep->pers_low && pers <= ep->pers_high)
|
|
if (try_module_get(ep->module))
|
|
goto out;
|
|
}
|
|
|
|
/*
|
|
* Disable the request_module here to avoid trying to
|
|
* load the personality-8 module, which doesn't exist,
|
|
* and results in selinux audit noise.
|
|
* Disabling this here avoids folks adding module_request
|
|
* to their sepolicy, which is maybe too generous
|
|
*/
|
|
#if 0
|
|
read_unlock(&exec_domains_lock);
|
|
request_module("personality-%d", pers);
|
|
read_lock(&exec_domains_lock);
|
|
|
|
for (ep = exec_domains; ep; ep = ep->next) {
|
|
if (pers >= ep->pers_low && pers <= ep->pers_high)
|
|
if (try_module_get(ep->module))
|
|
goto out;
|
|
}
|
|
#endif
|
|
|
|
ep = &default_exec_domain;
|
|
out:
|
|
read_unlock(&exec_domains_lock);
|
|
return (ep);
|
|
}
|
|
|
|
int
|
|
register_exec_domain(struct exec_domain *ep)
|
|
{
|
|
struct exec_domain *tmp;
|
|
int err = -EBUSY;
|
|
|
|
if (ep == NULL)
|
|
return -EINVAL;
|
|
|
|
if (ep->next != NULL)
|
|
return -EBUSY;
|
|
|
|
write_lock(&exec_domains_lock);
|
|
for (tmp = exec_domains; tmp; tmp = tmp->next) {
|
|
if (tmp == ep)
|
|
goto out;
|
|
}
|
|
|
|
ep->next = exec_domains;
|
|
exec_domains = ep;
|
|
err = 0;
|
|
|
|
out:
|
|
write_unlock(&exec_domains_lock);
|
|
return (err);
|
|
}
|
|
|
|
int
|
|
unregister_exec_domain(struct exec_domain *ep)
|
|
{
|
|
struct exec_domain **epp;
|
|
|
|
epp = &exec_domains;
|
|
write_lock(&exec_domains_lock);
|
|
for (epp = &exec_domains; *epp; epp = &(*epp)->next) {
|
|
if (ep == *epp)
|
|
goto unregister;
|
|
}
|
|
write_unlock(&exec_domains_lock);
|
|
return -EINVAL;
|
|
|
|
unregister:
|
|
*epp = ep->next;
|
|
ep->next = NULL;
|
|
write_unlock(&exec_domains_lock);
|
|
return 0;
|
|
}
|
|
|
|
int __set_personality(unsigned int personality)
|
|
{
|
|
struct exec_domain *oep = current_thread_info()->exec_domain;
|
|
|
|
current_thread_info()->exec_domain = lookup_exec_domain(personality);
|
|
current->personality = personality;
|
|
module_put(oep->module);
|
|
|
|
return 0;
|
|
}
|
|
|
|
#ifdef CONFIG_PROC_FS
|
|
static int execdomains_proc_show(struct seq_file *m, void *v)
|
|
{
|
|
struct exec_domain *ep;
|
|
|
|
read_lock(&exec_domains_lock);
|
|
for (ep = exec_domains; ep; ep = ep->next)
|
|
seq_printf(m, "%d-%d\t%-16s\t[%s]\n",
|
|
ep->pers_low, ep->pers_high, ep->name,
|
|
module_name(ep->module));
|
|
read_unlock(&exec_domains_lock);
|
|
return 0;
|
|
}
|
|
|
|
static int execdomains_proc_open(struct inode *inode, struct file *file)
|
|
{
|
|
return single_open(file, execdomains_proc_show, NULL);
|
|
}
|
|
|
|
static const struct file_operations execdomains_proc_fops = {
|
|
.open = execdomains_proc_open,
|
|
.read = seq_read,
|
|
.llseek = seq_lseek,
|
|
.release = single_release,
|
|
};
|
|
|
|
static int __init proc_execdomains_init(void)
|
|
{
|
|
proc_create("execdomains", 0, NULL, &execdomains_proc_fops);
|
|
return 0;
|
|
}
|
|
module_init(proc_execdomains_init);
|
|
#endif
|
|
|
|
SYSCALL_DEFINE1(personality, unsigned int, personality)
|
|
{
|
|
unsigned int old = current->personality;
|
|
|
|
if (personality != 0xffffffff)
|
|
set_personality(personality);
|
|
|
|
return old;
|
|
}
|
|
|
|
|
|
EXPORT_SYMBOL(register_exec_domain);
|
|
EXPORT_SYMBOL(unregister_exec_domain);
|
|
EXPORT_SYMBOL(__set_personality);
|