1*dd0948b3SAndroid Build Coastguard Worker/* 2*dd0948b3SAndroid Build Coastguard Worker * Copyright (C) 2023 The Android Open Source Project 3*dd0948b3SAndroid Build Coastguard Worker * 4*dd0948b3SAndroid Build Coastguard Worker * Licensed under the Apache License, Version 2.0 (the "License"); 5*dd0948b3SAndroid Build Coastguard Worker * you may not use this file except in compliance with the License. 6*dd0948b3SAndroid Build Coastguard Worker * You may obtain a copy of the License at 7*dd0948b3SAndroid Build Coastguard Worker * 8*dd0948b3SAndroid Build Coastguard Worker * http://www.apache.org/licenses/LICENSE-2.0 9*dd0948b3SAndroid Build Coastguard Worker * 10*dd0948b3SAndroid Build Coastguard Worker * Unless required by applicable law or agreed to in writing, software 11*dd0948b3SAndroid Build Coastguard Worker * distributed under the License is distributed on an "AS IS" BASIS, 12*dd0948b3SAndroid Build Coastguard Worker * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13*dd0948b3SAndroid Build Coastguard Worker * See the License for the specific language governing permissions and 14*dd0948b3SAndroid Build Coastguard Worker * limitations under the License. 15*dd0948b3SAndroid Build Coastguard Worker */ 16*dd0948b3SAndroid Build Coastguard Worker 17*dd0948b3SAndroid Build Coastguard Worker// Shell code that sets the current SELinux context to a given string. 18*dd0948b3SAndroid Build Coastguard Worker// 19*dd0948b3SAndroid Build Coastguard Worker// The desired SELinux context is appended to the payload as a null-terminated 20*dd0948b3SAndroid Build Coastguard Worker// string. 21*dd0948b3SAndroid Build Coastguard Worker// 22*dd0948b3SAndroid Build Coastguard Worker// After the SELinux context has been updated the current process will raise 23*dd0948b3SAndroid Build Coastguard Worker// SIGSTOP. 24*dd0948b3SAndroid Build Coastguard Worker 25*dd0948b3SAndroid Build Coastguard Worker#include "./shell-code/constants.S" 26*dd0948b3SAndroid Build Coastguard Worker#include "./shell-code/constants-arm64.S" 27*dd0948b3SAndroid Build Coastguard Worker 28*dd0948b3SAndroid Build Coastguard Worker.globl __setcon_shell_code_start 29*dd0948b3SAndroid Build Coastguard Worker.globl __setcon_shell_code_end 30*dd0948b3SAndroid Build Coastguard Worker 31*dd0948b3SAndroid Build Coastguard Worker__setcon_shell_code_start: 32*dd0948b3SAndroid Build Coastguard Worker // Ensure that the context and SELinux /proc file are readable. This assumes 33*dd0948b3SAndroid Build Coastguard Worker // that the max length of these two strings is shorter than 0x1000. 34*dd0948b3SAndroid Build Coastguard Worker // 35*dd0948b3SAndroid Build Coastguard Worker // mprotect(context & ~0xFFF, 0x2000, PROT_READ | PROT_EXEC) 36*dd0948b3SAndroid Build Coastguard Worker mov x8, SYS_MPROTECT 37*dd0948b3SAndroid Build Coastguard Worker adr X0, __setcon_shell_code_end 38*dd0948b3SAndroid Build Coastguard Worker and x0, x0, ~0xFFF 39*dd0948b3SAndroid Build Coastguard Worker mov x1, 0x2000 40*dd0948b3SAndroid Build Coastguard Worker mov x2, (PROT_READ | PROT_EXEC) 41*dd0948b3SAndroid Build Coastguard Worker svc 0 42*dd0948b3SAndroid Build Coastguard Worker 43*dd0948b3SAndroid Build Coastguard Worker // x10 = openat(AT_FDCWD, "/proc/self/attr/current", O_WRONLY, O_WRONLY) 44*dd0948b3SAndroid Build Coastguard Worker mov x8, SYS_OPENAT 45*dd0948b3SAndroid Build Coastguard Worker mov x0, AT_FDCWD 46*dd0948b3SAndroid Build Coastguard Worker adr x1, selinux_proc_file 47*dd0948b3SAndroid Build Coastguard Worker mov x2, O_WRONLY 48*dd0948b3SAndroid Build Coastguard Worker mov x3, O_WRONLY 49*dd0948b3SAndroid Build Coastguard Worker svc 0 50*dd0948b3SAndroid Build Coastguard Worker mov x10, x0 51*dd0948b3SAndroid Build Coastguard Worker 52*dd0948b3SAndroid Build Coastguard Worker // x11 = strlen(context) 53*dd0948b3SAndroid Build Coastguard Worker mov x11, 0 54*dd0948b3SAndroid Build Coastguard Worker adr x0, context 55*dd0948b3SAndroid Build Coastguard Workerstrlen_start: 56*dd0948b3SAndroid Build Coastguard Worker ldrb w1, [x0, x11] 57*dd0948b3SAndroid Build Coastguard Worker cmp w1, 0 58*dd0948b3SAndroid Build Coastguard Worker b.eq strlen_done 59*dd0948b3SAndroid Build Coastguard Worker add x11, x11, 1 60*dd0948b3SAndroid Build Coastguard Worker b strlen_start 61*dd0948b3SAndroid Build Coastguard Workerstrlen_done: 62*dd0948b3SAndroid Build Coastguard Worker 63*dd0948b3SAndroid Build Coastguard Worker // write(x10, context, x11) 64*dd0948b3SAndroid Build Coastguard Worker mov x8, SYS_WRITE 65*dd0948b3SAndroid Build Coastguard Worker mov x0, x10 66*dd0948b3SAndroid Build Coastguard Worker adr x1, context 67*dd0948b3SAndroid Build Coastguard Worker mov x2, x11 68*dd0948b3SAndroid Build Coastguard Worker svc 0 69*dd0948b3SAndroid Build Coastguard Worker 70*dd0948b3SAndroid Build Coastguard Worker // close(x10) 71*dd0948b3SAndroid Build Coastguard Worker mov x8, SYS_CLOSE 72*dd0948b3SAndroid Build Coastguard Worker mov x0, x10 73*dd0948b3SAndroid Build Coastguard Worker svc 0 74*dd0948b3SAndroid Build Coastguard Worker 75*dd0948b3SAndroid Build Coastguard Worker // x0 = getpid() 76*dd0948b3SAndroid Build Coastguard Worker mov x8, SYS_GETPID 77*dd0948b3SAndroid Build Coastguard Worker svc 0 78*dd0948b3SAndroid Build Coastguard Worker 79*dd0948b3SAndroid Build Coastguard Worker // kill(x0, SIGSTOP) 80*dd0948b3SAndroid Build Coastguard Worker mov x8, SYS_KILL 81*dd0948b3SAndroid Build Coastguard Worker mov x1, SIGSTOP 82*dd0948b3SAndroid Build Coastguard Worker svc 0 83*dd0948b3SAndroid Build Coastguard Worker 84*dd0948b3SAndroid Build Coastguard Workerselinux_proc_file: 85*dd0948b3SAndroid Build Coastguard Worker .asciz "/proc/thread-self/attr/current" 86*dd0948b3SAndroid Build Coastguard Worker 87*dd0948b3SAndroid Build Coastguard Workercontext: 88*dd0948b3SAndroid Build Coastguard Worker__setcon_shell_code_end: 89