diff --git a/binder/binder.c b/binder/binder.c index 721902a..36b8a46 100644 --- a/binder/binder.c +++ b/binder/binder.c @@ -2869,8 +2869,8 @@ static void binder_transaction(struct binder_proc *proc, binder_size_t last_fixup_min_off = 0; struct binder_context *context = proc->context; int t_debug_id = atomic_inc_return(&binder_last_id); -#if LINUX_VERSION_CODE >= KERNEL_VERSION(6, 14, 0) - struct lsm_context lsmctx = {}; +#if LINUX_VERSION_CODE >= KERNEL_VERSION(6, 8, 0) + struct lsmcontext lsmctx = {}; #else char *secctx = NULL; u32 secctx_sz = 0; @@ -3134,12 +3134,14 @@ static void binder_transaction(struct binder_proc *proc, #if LINUX_VERSION_CODE >= KERNEL_VERSION(6, 13, 0) security_cred_getsecid(proc->cred, &secid); +#elif LINUX_VERSION_CODE >= KERNEL_VERSION(6, 8, 0) + secid = 0; #elif LINUX_VERSION_CODE >= KERNEL_VERSION(5, 13, 0) security_task_getsecid_obj(proc->tsk, &secid); #else security_task_getsecid(proc->tsk, &secid); #endif -#if LINUX_VERSION_CODE >= KERNEL_VERSION(6, 14, 0) +#if LINUX_VERSION_CODE >= KERNEL_VERSION(6, 8, 0) ret = security_secid_to_secctx(secid, &lsmctx); if (ret < 0) { #else @@ -3151,7 +3153,7 @@ static void binder_transaction(struct binder_proc *proc, return_error_line = __LINE__; goto err_get_secctx_failed; } -#if LINUX_VERSION_CODE >= KERNEL_VERSION(6, 14, 0) +#if LINUX_VERSION_CODE >= KERNEL_VERSION(6, 8, 0) added_size = ALIGN(lsmctx.len, sizeof(u64)); #else added_size = ALIGN(secctx_sz, sizeof(u64)); @@ -3182,7 +3184,7 @@ static void binder_transaction(struct binder_proc *proc, t->buffer = NULL; goto err_binder_alloc_buf_failed; } -#if LINUX_VERSION_CODE >= KERNEL_VERSION(6, 14, 0) +#if LINUX_VERSION_CODE >= KERNEL_VERSION(6, 8, 0) if (lsmctx.context) { #else if (secctx) { @@ -3191,7 +3193,7 @@ static void binder_transaction(struct binder_proc *proc, size_t buf_offset = ALIGN(tr->data_size, sizeof(void *)) + ALIGN(tr->offsets_size, sizeof(void *)) + ALIGN(extra_buffers_size, sizeof(void *)) - -#if LINUX_VERSION_CODE >= KERNEL_VERSION(6, 14, 0) +#if LINUX_VERSION_CODE >= KERNEL_VERSION(6, 8, 0) ALIGN(lsmctx.len, sizeof(u64)); #else ALIGN(secctx_sz, sizeof(u64)); @@ -3200,7 +3202,7 @@ static void binder_transaction(struct binder_proc *proc, t->security_ctx = (uintptr_t)t->buffer->user_data + buf_offset; err = binder_alloc_copy_to_buffer(&target_proc->alloc, t->buffer, buf_offset, -#if LINUX_VERSION_CODE >= KERNEL_VERSION(6, 14, 0) +#if LINUX_VERSION_CODE >= KERNEL_VERSION(6, 8, 0) lsmctx.context, lsmctx.len); #else secctx, secctx_sz); @@ -3209,7 +3211,7 @@ static void binder_transaction(struct binder_proc *proc, t->security_ctx = 0; WARN_ON(1); } -#if LINUX_VERSION_CODE >= KERNEL_VERSION(6, 14, 0) +#if LINUX_VERSION_CODE >= KERNEL_VERSION(6, 8, 0) security_release_secctx(&lsmctx); lsmctx.context = NULL; #else @@ -3272,7 +3274,7 @@ static void binder_transaction(struct binder_proc *proc, off_end_offset = off_start_offset + tr->offsets_size; sg_buf_offset = ALIGN(off_end_offset, sizeof(void *)); sg_buf_end_offset = sg_buf_offset + extra_buffers_size - -#if LINUX_VERSION_CODE >= KERNEL_VERSION(6, 14, 0) +#if LINUX_VERSION_CODE >= KERNEL_VERSION(6, 8, 0) ALIGN(lsmctx.len, sizeof(u64)); #else ALIGN(secctx_sz, sizeof(u64)); @@ -3552,7 +3554,7 @@ static void binder_transaction(struct binder_proc *proc, binder_alloc_free_buf(&target_proc->alloc, t->buffer); err_binder_alloc_buf_failed: err_bad_extra_size: -#if LINUX_VERSION_CODE >= KERNEL_VERSION(6, 14, 0) +#if LINUX_VERSION_CODE >= KERNEL_VERSION(6, 8, 0) if (lsmctx.context) security_release_secctx(&lsmctx); #else diff --git a/binder/deps.c b/binder/deps.c index 63accc0..896bdb0 100644 --- a/binder/deps.c +++ b/binder/deps.c @@ -121,36 +121,52 @@ void mmput_async(struct mm_struct *mm) return mmput_async_ptr(mm); } +#if (LINUX_VERSION_CODE >= KERNEL_VERSION(5,15,2)) +static int (*security_binder_set_context_mgr_ptr)(const struct cred *mgr) = NULL; +int security_binder_set_context_mgr(const struct cred *mgr) +#else static int (*security_binder_set_context_mgr_ptr)(struct task_struct *mgr) = NULL; - int security_binder_set_context_mgr(struct task_struct *mgr) +#endif { if (!security_binder_set_context_mgr_ptr) security_binder_set_context_mgr_ptr = kallsyms_lookup_name_wrapper("security_binder_set_context_mgr"); return security_binder_set_context_mgr_ptr(mgr); } +#if (LINUX_VERSION_CODE >= KERNEL_VERSION(5,15,2)) +static int (*security_binder_transaction_ptr)(const struct cred *from, const struct cred *to) = NULL; +int security_binder_transaction(const struct cred *from, const struct cred *to) +#else static int (*security_binder_transaction_ptr)(struct task_struct *from, struct task_struct *to) = NULL; - int security_binder_transaction(struct task_struct *from, struct task_struct *to) +#endif { if (!security_binder_transaction_ptr) security_binder_transaction_ptr = kallsyms_lookup_name_wrapper("security_binder_transaction"); return security_binder_transaction_ptr(from, to); } +#if (LINUX_VERSION_CODE >= KERNEL_VERSION(5,15,2)) +static int (*security_binder_transfer_binder_ptr)(const struct cred *from, const struct cred *to) = NULL; +int security_binder_transfer_binder(const struct cred *from, const struct cred *to) +#else static int (*security_binder_transfer_binder_ptr)(struct task_struct *from, struct task_struct *to) = NULL; - int security_binder_transfer_binder(struct task_struct *from, struct task_struct *to) +#endif { if (!security_binder_transfer_binder_ptr) security_binder_transfer_binder_ptr = kallsyms_lookup_name_wrapper("security_binder_transfer_binder"); return security_binder_transfer_binder_ptr(from, to); } +#if (LINUX_VERSION_CODE >= KERNEL_VERSION(5,15,2)) +static int (*security_binder_transfer_file_ptr)(const struct cred *from, const struct cred *to, const struct file *file) = NULL; +int security_binder_transfer_file(const struct cred *from, const struct cred *to, const struct file *file) +#else static int (*security_binder_transfer_file_ptr)(struct task_struct *from, struct task_struct *to, struct file *file) = NULL; - int security_binder_transfer_file(struct task_struct *from, struct task_struct *to, struct file *file) +#endif { if (!security_binder_transfer_file_ptr) security_binder_transfer_file_ptr = kallsyms_lookup_name_wrapper("security_binder_transfer_file"); diff --git a/binder/deps.h b/binder/deps.h index 771e268..5666e7f 100644 --- a/binder/deps.h +++ b/binder/deps.h @@ -3,3 +3,18 @@ #include struct ipc_namespace* get_init_ipc_ns_ptr(void); + +#include +#include + +#if (LINUX_VERSION_CODE >= KERNEL_VERSION(5,15,2)) +int security_binder_set_context_mgr(const struct cred *mgr); +int security_binder_transaction(const struct cred *from, const struct cred *to); +int security_binder_transfer_binder(const struct cred *from, const struct cred *to); +int security_binder_transfer_file(const struct cred *from, const struct cred *to, const struct file *file); +#else +int security_binder_set_context_mgr(struct task_struct *mgr); +int security_binder_transaction(struct task_struct *from, struct task_struct *to); +int security_binder_transfer_binder(struct task_struct *from, struct task_struct *to); +int security_binder_transfer_file(struct task_struct *from, struct task_struct *to, struct file *file); +#endif