xiaomi-sm8450/android_kernel_xiaomi_sm8450
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

ANDROID: kernel: Add vendor hook in creds

Browse Source 
Add vendor hook for creds, so we get the cred information
to monitor cred lifetime.

Bug: 181639260

Signed-off-by: Kuan-Ying Lee <Kuan-Ying.Lee@mediatek.com>
Change-Id: I8f254464e07f9c88336995152479ce91deb13c75
This commit is contained in:
Kuan-Ying Lee
2021-02-22 16:25:20 +08:00
committed by Todd Kjos
parent 0a3b407463
commit dccee128b7
3 changed files with 45 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

5
drivers/android/vendor_hooks.c
View File

@@ -42,6 +42,7 @@
#include <trace/hooks/sys.h> #include <trace/hooks/sys.h>
#include <trace/hooks/traps.h> #include <trace/hooks/traps.h>
#include <trace/hooks/avc.h> #include <trace/hooks/avc.h>
#include <trace/hooks/creds.h>
/* /*
* Export tracepoints that act as a bare tracehook (ie: have no trace event * Export tracepoints that act as a bare tracehook (ie: have no trace event
@@ -188,3 +189,7 @@ EXPORT_TRACEPOINT_SYMBOL_GPL(android_vh_selinux_avc_insert);
EXPORT_TRACEPOINT_SYMBOL_GPL(android_vh_selinux_avc_node_delete); EXPORT_TRACEPOINT_SYMBOL_GPL(android_vh_selinux_avc_node_delete);
EXPORT_TRACEPOINT_SYMBOL_GPL(android_vh_selinux_avc_node_replace); EXPORT_TRACEPOINT_SYMBOL_GPL(android_vh_selinux_avc_node_replace);
EXPORT_TRACEPOINT_SYMBOL_GPL(android_vh_selinux_avc_lookup); EXPORT_TRACEPOINT_SYMBOL_GPL(android_vh_selinux_avc_lookup);
EXPORT_TRACEPOINT_SYMBOL_GPL(android_vh_commit_creds);
EXPORT_TRACEPOINT_SYMBOL_GPL(android_vh_exit_creds);
EXPORT_TRACEPOINT_SYMBOL_GPL(android_vh_override_creds);
EXPORT_TRACEPOINT_SYMBOL_GPL(android_vh_revert_creds);

34
include/trace/hooks/creds.h Normal file
View File

@@ -0,0 +1,34 @@
/* SPDX-License-Identifier: GPL-2.0 */
#undef TRACE_SYSTEM
#define TRACE_SYSTEM creds
#define TRACE_INCLUDE_PATH trace/hooks
#if !defined(_TRACE_HOOK_CREDS_H) || defined(TRACE_HEADER_MULTI_READ)
#define _TRACE_HOOK_CREDS_H
#include <linux/tracepoint.h>
#include <trace/hooks/vendor_hooks.h>
/*
* Following tracepoints are not exported in tracefs and provide a
* mechanism for vendor modules to hook and extend functionality
*/
struct cred;
struct task_struct;
DECLARE_HOOK(android_vh_commit_creds,
TP_PROTO(const struct task_struct *task, const struct cred *new),
TP_ARGS(task, new));
DECLARE_HOOK(android_vh_exit_creds,
TP_PROTO(const struct task_struct *task, const struct cred *cred),
TP_ARGS(task, cred));
DECLARE_HOOK(android_vh_override_creds,
TP_PROTO(const struct task_struct *task, const struct cred *new),
TP_ARGS(task, new));
DECLARE_HOOK(android_vh_revert_creds,
TP_PROTO(const struct task_struct *task, const struct cred *old),
TP_ARGS(task, old));
#endif /* _TRACE_HOOK_CREDS_H */
/* This part must be outside protection */
#include <trace/define_trace.h>

6
kernel/cred.c
View File

@@ -17,6 +17,8 @@
#include <linux/cn_proc.h> #include <linux/cn_proc.h>
#include <linux/uidgid.h> #include <linux/uidgid.h>
#include <trace/hooks/creds.h>
#if 0 #if 0
#define kdebug(FMT, ...) \ #define kdebug(FMT, ...) \
printk("[%-5.5s%5u] " FMT "\n", \ printk("[%-5.5s%5u] " FMT "\n", \
@@ -178,6 +180,7 @@ void exit_creds(struct task_struct *tsk)
key_put(tsk->cached_requested_key); key_put(tsk->cached_requested_key);
tsk->cached_requested_key = NULL; tsk->cached_requested_key = NULL;
#endif #endif
trace_android_vh_exit_creds(tsk, cred);
} }
/** /**
@@ -489,6 +492,7 @@ int commit_creds(struct cred *new)
atomic_inc(&new->user->processes); atomic_inc(&new->user->processes);
rcu_assign_pointer(task->real_cred, new); rcu_assign_pointer(task->real_cred, new);
rcu_assign_pointer(task->cred, new); rcu_assign_pointer(task->cred, new);
trace_android_vh_commit_creds(task, new);
if (new->user != old->user) if (new->user != old->user)
atomic_dec(&old->user->processes); atomic_dec(&old->user->processes);
alter_cred_subscribers(old, -2); alter_cred_subscribers(old, -2);
@@ -566,6 +570,7 @@ const struct cred *override_creds(const struct cred *new)
get_new_cred((struct cred *)new); get_new_cred((struct cred *)new);
alter_cred_subscribers(new, 1); alter_cred_subscribers(new, 1);
rcu_assign_pointer(current->cred, new); rcu_assign_pointer(current->cred, new);
trace_android_vh_override_creds(current, new);
alter_cred_subscribers(old, -1); alter_cred_subscribers(old, -1);
kdebug("override_creds() = %p{%d,%d}", old, kdebug("override_creds() = %p{%d,%d}", old,
@@ -594,6 +599,7 @@ void revert_creds(const struct cred *old)
validate_creds(override); validate_creds(override);
alter_cred_subscribers(old, 1); alter_cred_subscribers(old, 1);
rcu_assign_pointer(current->cred, old); rcu_assign_pointer(current->cred, old);
trace_android_vh_revert_creds(current, old);
alter_cred_subscribers(override, -1); alter_cred_subscribers(override, -1);
put_cred(override); put_cred(override);
} }