0.7.1

bmax121 · Dec 29, 2023 · 1801e07 · 1801e07
2 parents d6f5a6b + 2aa6da4
commit 1801e07
Show file tree

Hide file tree

Showing 27 changed files with 584 additions and 126 deletions.
diff --git a/README.md b/README.md
@@ -18,6 +18,11 @@
 
 If you are using Android, [APatch](https://github.com/bmax121/APatch) would be a better choice.
 
+## Requirement
+
+CONFIG_KALLSYMS=y
+CONFIG_KALLSYMS_ALL=y
+
 ## Supported Versions
 
 Currently only supports arm64 architecture.  

diff --git a/kernel/patch/android/kpuserd.c b/kernel/patch/android/kpuserd.c
@@ -39,14 +39,14 @@ static const char patch_rc[] = ""
                                "    rm %s \n"
                                "on post-fs-data\n"
                                "    start logd\n"
-                               "    exec -- /system/bin/truncate %s android_user_init --kernel\n"
-                               "    exec u:r:magisk:s0 root -- " APD_PATH " post-fs-data\n"
+                               "    exec -- " KPATCH_SHADOW_PATH " %s android_user init -k\n"
+                               "    exec -- " KPATCH_SHADOW_PATH " %s android_user post-fs-data -k'\n"
                                "on nonencrypted\n"
-                               "    exec u:r:magisk:s0 root -- " APD_PATH " services\n"
+                               "    exec -- " KPATCH_SHADOW_PATH " %s android_user services -k'\n"
                                "on property:vold.decrypt=trigger_restart_framework\n"
-                               "    exec u:r:magisk:s0 root -- " APD_PATH " services\n"
+                               "    exec -- " KPATCH_SHADOW_PATH " %s android_user services -k'\n"
                                "on property:sys.boot_completed=1\n"
-                               "    exec u:r:magisk:s0 root -- " APD_PATH " boot-completed\n"
+                               "    exec -- " KPATCH_SHADOW_PATH " %s android_user boot-completed -k'\n"
                                "\n"
                                "";
 
@@ -194,9 +194,9 @@ static void before_openat(hook_fargs4_t *args, void *udata)
     }
     const char *ori_rc_data = kernel_read_file(origin_rc_file, &ori_len);
     if (!ori_rc_data) goto out;
-    char *replace_rc_data = vmalloc(sizeof(patch_rc) + sizeof(replace_rc_file) + SUPER_KEY_LEN);
+    char *replace_rc_data = vmalloc(sizeof(patch_rc) + sizeof(replace_rc_file) + 5 * SUPER_KEY_LEN);
     const char *superkey = get_superkey();
-    sprintf(replace_rc_data, patch_rc, replace_rc_file, superkey);
+    sprintf(replace_rc_data, patch_rc, replace_rc_file, superkey, superkey, superkey, superkey, superkey);
     loff_t off = 0;
     kernel_write(newfp, replace_rc_data, strlen(replace_rc_data), &off);
     kernel_write(newfp, ori_rc_data, ori_len, &off);
@@ -212,7 +212,7 @@ static void before_openat(hook_fargs4_t *args, void *udata)
     kvfree(ori_rc_data);
     kvfree(replace_rc_data);
 out:
-    // read file not require selinux permission, so set not allow now
+    // read file not require selinux permission, reset not allow now
     set_priv_selinx_allow(current, 0);
     return;
 }

diff --git a/kernel/patch/android/sucompat.c b/kernel/patch/android/sucompat.c
@@ -34,7 +34,7 @@ Modified from KernelSU, GPLv2
 */
 
 static const char sh_path[] = ANDROID_SH_PATH;
-static const char su_path[SU_PATH_MAX_LEN] = ANDROID_SU_PATH;
+static const char default_su_path[] = ANDROID_SU_PATH;
 static const char *current_su_path = 0;
 static const char apd_path[] = APD_PATH;
 static const char kpatch_path[] = KPATCH_PATH;
@@ -229,7 +229,7 @@ int su_reset_path(const char *path)
 int su_get_path(char *__user ubuf, int buf_len)
 {
     int len = strnlen(current_su_path, SU_PATH_MAX_LEN);
-    if (buf_len < len) return -ENOMEM;
+    if (buf_len < len) return -ENOBUFS;
     logkfi("%s\n", current_su_path);
     return seq_copy_to_user(ubuf, current_su_path, len + 1);
 }
@@ -258,7 +258,7 @@ static inline char *__user android_sh_user_path()
 
 static inline char *__user android_su_user_path()
 {
-    return (char *__user)copy_to_user_stack((void *)su_path, sizeof(su_path));
+    return (char *__user)copy_to_user_stack((void *)default_su_path, sizeof(default_su_path));
 }
 
 // int do_execveat_common(int fd, struct filename *filename, struct user_arg_ptr argv, struct user_arg_ptr envp, int flags)
@@ -296,8 +296,8 @@ static void before_do_execve(hook_fargs8_t *args, void *udata)
             strcpy((char *)filename->name, apd_path);
             const char *__user p0 =
                 get_user_arg_ptr((void *)args->args[filename_index + 1], (void *)args->args[filename_index + 2], 0);
-            int sz = seq_copy_to_user((char *__user)p0, sh_path, sizeof(sh_path));
-            if (sz != sizeof(sh_path)) logkfe("seq_copy_to_user error: %d\n", sz);
+            int sz = seq_copy_to_user((char *__user)p0, default_su_path, sizeof(default_su_path));
+            if (sz != sizeof(default_su_path)) logkfe("seq_copy_to_user error: %d\n", sz);
         }
         kvfree(profile);
     } else if (!strcmp(kpatch_shadow_path, filename->name)) {
@@ -310,7 +310,7 @@ static void before_do_execve(hook_fargs8_t *args, void *udata)
         commit_su(0, 0);
         strcpy((char *)filename->name, kpatch_path);
         // log
-        char log_buf[256];
+        char log_buf[512];
         int log_off = 0;
         for (int i = 2; i < 6; i++) {
             const char *pn =
@@ -432,7 +432,7 @@ int su_compat_init()
 {
     int rc = 0;
 
-    current_su_path = su_path;
+    current_su_path = default_su_path;
     INIT_LIST_HEAD(&allow_uid_list);
     spin_lock_init(&list_lock);
 

diff --git a/kernel/patch/common/selinuxhook.c b/kernel/patch/common/selinuxhook.c
@@ -295,6 +295,8 @@ static int hook_replace(slow_avc_audit)(struct selinux_state *_state, void *_ssi
 
 int selinux_hook_install()
 {
+    // todo: gcc -fipa-sra eg: avc_denied.isra.5
+
     hook_kfunc(avc_denied);
     hook_kfunc(slow_avc_audit);
 

diff --git a/kernel/patch/common/supercall.c b/kernel/patch/common/supercall.c
@@ -77,10 +77,12 @@ static long call_kpm_nums()
 static long call_kpm_list(char *__user names, int len)
 {
     if (len <= 0) return -EINVAL;
-    char buf[len];
-    int sz = list_modules(buf, len);
-    sz = seq_copy_to_user(names, buf, sz);
-    return sz;
+    char buf[4096];
+    int sz = list_modules(buf, sizeof(buf));
+    if (sz > len) return -ENOBUFS;
+    sz = seq_copy_to_user(names, buf, len);
+    if (sz < 0) return sz;
+    return 0;
 }
 
 static long call_kpm_info(const char *__user uname, char *__user out_info, int out_len)
@@ -125,8 +127,10 @@ static long supercall(long cmd, long arg1, long arg2, long arg3)
         return SUPERCALL_HELLO_MAGIC;
     case SUPERCALL_KLOG:
         return call_klog((const char *__user)arg1);
-    case SUPERCALL_KP_VERSION:
+    case SUPERCALL_KERNELPATCH_VER:
         return kpver;
+    case SUPERCALL_KERNEL_VER:
+        return kver;
     }
     logkd("supercall with cmd: %x\n", cmd);
     switch (cmd) {

diff --git a/kernel/patch/include/uapi/scdefs.h b/kernel/patch/include/uapi/scdefs.h
@@ -18,7 +18,8 @@ static inline long hash_key(const char *key)
 #define SUPERCALL_HELLO 0x1000
 #define SUPERCALL_KLOG 0x1004
 
-#define SUPERCALL_KP_VERSION 0x1008
+#define SUPERCALL_KERNELPATCH_VER 0x1008
+#define SUPERCALL_KERNEL_VER 0x1009
 
 #define SUPERCALL_SU 0x1010
 #define SUPERCALL_SU_TASK 0x1011 // syscall(__NR_gettid)
@@ -58,6 +59,8 @@ struct su_profile
 #define APATCH_LOG_FLODER "/data/adb/ap/log/"
 #define SAFE_MODE_FLAG_FILE "/dev/.sefemode"
 
+#define ALL_ALLOW_SCONTEXT "u:r:magisk:s0"
+
 #define SUPERCALL_SU_GRANT_UID 0x1100
 #define SUPERCALL_SU_REVOKE_UID 0x1101
 #define SUPERCALL_SU_NUMS 0x1102

diff --git a/kernel/patch/ksyms/suffix_sym.c b/kernel/patch/ksyms/suffix_sym.c
diff --git a/kernel/patch/module/module.c b/kernel/patch/module/module.c
@@ -416,7 +416,7 @@ int load_module(void *data, int len, const char *args)
     }
 
     if (find_module(info->info.name)) {
-        logkd("module: %s exist\n", info->info.name);
+        logkfd("%s exist\n", info->info.name);
         err = -EEXIST;
         goto out;
     }
@@ -492,16 +492,16 @@ int unload_module(const char *name)
 int load_module_path(const char *path, const char *args)
 {
     long err = 0;
-    logkd("loading module with path: %s, args: %s\n", path, args);
+    logkfd("path: %s, args: %s\n", path, args);
 
     struct file *filp = filp_open(path, O_RDONLY, 0);
     if (unlikely(IS_ERR(filp))) {
-        logke("open module error\n");
+        logkfe("open module: %s error\n", path);
         err = PTR_ERR(filp);
         goto out;
     }
     loff_t len = vfs_llseek(filp, 0, SEEK_END);
-    logkd("module size: %llx\n", len);
+    logkfd("module size: %llx\n", len);
     vfs_llseek(filp, 0, SEEK_SET);
 
     void *data = kp_malloc(len);
@@ -516,7 +516,7 @@ int load_module_path(const char *path, const char *args)
     filp_close(filp, 0);
 
     if (pos != len) {
-        logke("read module error\n");
+        logkfe("read module: %s error\n", path);
         err = -EIO;
         goto free;
     }
@@ -550,6 +550,7 @@ int get_module_nums()
     {
         n++;
     }
+    logkfd("%d\n", n);
     return n;
 }
 
@@ -559,8 +560,9 @@ int list_modules(char *out_names, int size)
     int off = 0;
     list_for_each_entry(pos, &modules.list, list)
     {
-        off = snprintf(out_names + off, size - off, "%s\n", pos->info.name);
+        off += snprintf(out_names + off, size - 1 - off, "%s\n", pos->info.name);
     }
+    out_names[off] = '\0';
     return off;
 }
 
@@ -578,6 +580,7 @@ int get_module_info(const char *name, char *out_info, int size)
                       "author=%s\n"
                       "description=%s\n",
                       mod->info.name, mod->info.version, mod->info.license, mod->info.author, mod->info.description);
+    logkfd("%s", out_info);
     return sz;
 }
 

diff --git a/tools/image.c b/tools/image.c
@@ -62,7 +62,7 @@ int32_t get_kernel_info(kernel_info_t *kinfo, char *img, int32_t imglen)
 
     arm64_hdr_t *khdr = (arm64_hdr_t *)(img + kinfo->img_offset);
     if (strncmp(khdr->magic, KERNEL_MAGIC, strlen(KERNEL_MAGIC))) {
-        fprintf(stderr, "[-] kernel magic error :%s\n", khdr->magic);
+        fprintf(stdout, "[-] kernel magic error: %s\n", khdr->magic);
         return -1;
     }
 
@@ -81,6 +81,7 @@ int32_t get_kernel_info(kernel_info_t *kinfo, char *img, int32_t imglen)
 
     b_primary_entry_insn = u32le(b_primary_entry_insn);
     if ((b_primary_entry_insn & 0xFC000000) != 0x14000000) {
+        fprintf(stdout, "[-] kernel primary entry error: %x\n", b_primary_entry_insn);
         return -1;
     } else {
         uint32_t imm = (b_primary_entry_insn & 0x03ffffff) << 2;
@@ -93,7 +94,7 @@ int32_t get_kernel_info(kernel_info_t *kinfo, char *img, int32_t imglen)
     uint8_t flag = u64le(khdr->kernel_flag_le) & 0x0f;
     kinfo->is_be = flag & 0x01;
     if (kinfo->is_be) {
-        fprintf(stderr, "[-] kernel unexpected arm64 big endian img\n");
+        fprintf(stdout, "[-] kernel unexpected arm64 big endian img\n");
         return -1;
     }