xref: /aosp_15_r20/platform_testing/utils/shell-as/shell-code/selinux-x86.S (revision dd0948b35e70be4c0246aabd6c72554a5eb8b22a) 
1*dd0948b3SAndroid Build Coastguard Worker/*
2*dd0948b3SAndroid Build Coastguard Worker * Copyright (C) 2023 The Android Open Source Project
3*dd0948b3SAndroid Build Coastguard Worker *
4*dd0948b3SAndroid Build Coastguard Worker * Licensed under the Apache License, Version 2.0 (the "License");
5*dd0948b3SAndroid Build Coastguard Worker * you may not use this file except in compliance with the License.
6*dd0948b3SAndroid Build Coastguard Worker * You may obtain a copy of the License at
7*dd0948b3SAndroid Build Coastguard Worker *
8*dd0948b3SAndroid Build Coastguard Worker *     http://www.apache.org/licenses/LICENSE-2.0
9*dd0948b3SAndroid Build Coastguard Worker *
10*dd0948b3SAndroid Build Coastguard Worker * Unless required by applicable law or agreed to in writing, software
11*dd0948b3SAndroid Build Coastguard Worker * distributed under the License is distributed on an "AS IS" BASIS,
12*dd0948b3SAndroid Build Coastguard Worker * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13*dd0948b3SAndroid Build Coastguard Worker * See the License for the specific language governing permissions and
14*dd0948b3SAndroid Build Coastguard Worker * limitations under the License.
15*dd0948b3SAndroid Build Coastguard Worker */
16*dd0948b3SAndroid Build Coastguard Worker
17*dd0948b3SAndroid Build Coastguard Worker// Shell code that sets the current SELinux context to a given string.
18*dd0948b3SAndroid Build Coastguard Worker//
19*dd0948b3SAndroid Build Coastguard Worker// The desired SELinux context is appended to the payload as a null-terminated
20*dd0948b3SAndroid Build Coastguard Worker// string.
21*dd0948b3SAndroid Build Coastguard Worker//
22*dd0948b3SAndroid Build Coastguard Worker// After the SELinux context has been updated the current process will raise
23*dd0948b3SAndroid Build Coastguard Worker// SIGSTOP.
24*dd0948b3SAndroid Build Coastguard Worker
25*dd0948b3SAndroid Build Coastguard Worker#include "./shell-code/constants.S"
26*dd0948b3SAndroid Build Coastguard Worker#include "./shell-code/constants-x86.S"
27*dd0948b3SAndroid Build Coastguard Worker
28*dd0948b3SAndroid Build Coastguard Worker.globl __setcon_shell_code_start
29*dd0948b3SAndroid Build Coastguard Worker.globl __setcon_shell_code_end
30*dd0948b3SAndroid Build Coastguard Worker
31*dd0948b3SAndroid Build Coastguard Worker__setcon_shell_code_start:
32*dd0948b3SAndroid Build Coastguard Worker
33*dd0948b3SAndroid Build Coastguard Worker  // x86 does not have RIP relative addressing. To work around this, relative
34*dd0948b3SAndroid Build Coastguard Worker  // calls are used to obtain the runtime address of a label. Once the location
35*dd0948b3SAndroid Build Coastguard Worker  // of one label is known, other labels can be addressed relative to the known
36*dd0948b3SAndroid Build Coastguard Worker  // label.
37*dd0948b3SAndroid Build Coastguard Worker  call constant_relative_address
38*dd0948b3SAndroid Build Coastguard Workerconstant_relative_address:
39*dd0948b3SAndroid Build Coastguard Worker  pop %esi
40*dd0948b3SAndroid Build Coastguard Worker
41*dd0948b3SAndroid Build Coastguard Worker  // Ensure that the context and SELinux /proc file are readable. This assumes
42*dd0948b3SAndroid Build Coastguard Worker  // that the max length of these two strings is shorter than 0x1000.
43*dd0948b3SAndroid Build Coastguard Worker  //
44*dd0948b3SAndroid Build Coastguard Worker  // mprotect(context & ~0xFFF, 0x2000, PROT_READ | PROT_EXEC)
45*dd0948b3SAndroid Build Coastguard Worker  mov $SYS_MPROTECT, %eax
46*dd0948b3SAndroid Build Coastguard Worker  mov $~0xFFF, %ebx
47*dd0948b3SAndroid Build Coastguard Worker  and %esi, %ebx
48*dd0948b3SAndroid Build Coastguard Worker  mov $0x2000, %ecx
49*dd0948b3SAndroid Build Coastguard Worker  mov $(PROT_READ | PROT_EXEC), %edx
50*dd0948b3SAndroid Build Coastguard Worker  int $0x80
51*dd0948b3SAndroid Build Coastguard Worker
52*dd0948b3SAndroid Build Coastguard Worker  // ebx = open("/proc/self/attr/current", O_WRONLY, O_WRONLY)
53*dd0948b3SAndroid Build Coastguard Worker  mov $SYS_OPEN, %eax
54*dd0948b3SAndroid Build Coastguard Worker  lea (selinux_proc_file - constant_relative_address)(%esi), %ebx
55*dd0948b3SAndroid Build Coastguard Worker  mov $O_WRONLY, %ecx
56*dd0948b3SAndroid Build Coastguard Worker  mov $O_WRONLY, %edx
57*dd0948b3SAndroid Build Coastguard Worker  int $0x80
58*dd0948b3SAndroid Build Coastguard Worker  mov %eax, %ebx
59*dd0948b3SAndroid Build Coastguard Worker
60*dd0948b3SAndroid Build Coastguard Worker  // write(ebx, context, strlen(context))
61*dd0948b3SAndroid Build Coastguard Worker  xor %edx, %edx
62*dd0948b3SAndroid Build Coastguard Worker  leal (context - constant_relative_address)(%esi), %ecx
63*dd0948b3SAndroid Build Coastguard Workerstrlen_start:
64*dd0948b3SAndroid Build Coastguard Worker  movb (%ecx, %edx), %al
65*dd0948b3SAndroid Build Coastguard Worker  test %al, %al
66*dd0948b3SAndroid Build Coastguard Worker  jz strlen_done
67*dd0948b3SAndroid Build Coastguard Worker  inc %edx
68*dd0948b3SAndroid Build Coastguard Worker  jmp strlen_start
69*dd0948b3SAndroid Build Coastguard Workerstrlen_done:
70*dd0948b3SAndroid Build Coastguard Worker  mov $SYS_WRITE, %eax
71*dd0948b3SAndroid Build Coastguard Worker  int $0x80
72*dd0948b3SAndroid Build Coastguard Worker
73*dd0948b3SAndroid Build Coastguard Worker  // close(ebx)
74*dd0948b3SAndroid Build Coastguard Worker  mov $SYS_CLOSE, %eax
75*dd0948b3SAndroid Build Coastguard Worker  int $0x80
76*dd0948b3SAndroid Build Coastguard Worker
77*dd0948b3SAndroid Build Coastguard Worker  // ebx = getpid()
78*dd0948b3SAndroid Build Coastguard Worker  mov $SYS_GETPID, %eax
79*dd0948b3SAndroid Build Coastguard Worker  int $0x80
80*dd0948b3SAndroid Build Coastguard Worker  mov %eax, %ebx
81*dd0948b3SAndroid Build Coastguard Worker
82*dd0948b3SAndroid Build Coastguard Worker  // kill(ebx, SIGSTOP)
83*dd0948b3SAndroid Build Coastguard Worker  mov $SYS_KILL, %eax
84*dd0948b3SAndroid Build Coastguard Worker  mov $SIGSTOP, %ecx
85*dd0948b3SAndroid Build Coastguard Worker  int $0x80
86*dd0948b3SAndroid Build Coastguard Worker
87*dd0948b3SAndroid Build Coastguard Workerselinux_proc_file:
88*dd0948b3SAndroid Build Coastguard Worker  .asciz "/proc/self/attr/current"
89*dd0948b3SAndroid Build Coastguard Worker
90*dd0948b3SAndroid Build Coastguard Workercontext:
91*dd0948b3SAndroid Build Coastguard Worker__setcon_shell_code_end:
92