1/*
2 * Copyright (C) 2023 The Android Open Source Project
3 *
4 * Licensed under the Apache License, Version 2.0 (the "License");
5 * you may not use this file except in compliance with the License.
6 * You may obtain a copy of the License at
7 *
8 *     http://www.apache.org/licenses/LICENSE-2.0
9 *
10 * Unless required by applicable law or agreed to in writing, software
11 * distributed under the License is distributed on an "AS IS" BASIS,
12 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13 * See the License for the specific language governing permissions and
14 * limitations under the License.
15 */
16
17// Shell code that sets the current SELinux context to a given string.
18//
19// The desired SELinux context is appended to the payload as a null-terminated
20// string.
21//
22// After the SELinux context has been updated the current process will raise
23// SIGSTOP.
24
25#include "./shell-code/constants.S"
26#include "./shell-code/constants-arm.S"
27
28.thumb
29
30.globl __setcon_shell_code_start
31.globl __setcon_shell_code_end
32
33__setcon_shell_code_start:
34  // Ensure that the context and SELinux /proc file are readable. This assumes
35  // that the max length of these two strings is shorter than 0x1000.
36  //
37  // mprotect(context & ~0xFFF, 0x2000, PROT_READ | PROT_EXEC)
38  mov r7, SYS_MPROTECT
39  adr r0, context
40  movw r2, 0xF000
41  movt r2, 0xFFFF
42  and r0, r0, r2
43  mov r1, 0x2000
44  mov r2, (PROT_READ | PROT_EXEC)
45  swi 0
46
47  // r10 = open("/proc/self/attr/current", O_WRONLY, O_WRONLY)
48  mov r7, SYS_OPEN
49  adr r0, selinux_proc_file
50  mov r1, O_WRONLY
51  mov r2, O_WRONLY
52  swi 0
53  mov r10, r0
54
55  // r11 = strlen(context)
56  mov r11, 0
57  adr r0, context
58strlen_start:
59  ldrb r1, [r0, r11]
60  cmp r1, 0
61  beq strlen_done
62  add r11, r11, 1
63  b strlen_start
64strlen_done:
65
66  // write(r10, context, r11)
67  mov r7, SYS_WRITE
68  mov r0, r10
69  adr r1, context
70  mov r2, r11
71  swi 0
72
73  // close(r10)
74  mov r7, SYS_CLOSE
75  mov r0, r10
76  swi 0
77
78  // r0 = getpid()
79  mov r7, SYS_GETPID
80  swi 0
81
82  // kill(r0, SIGSTOP)
83  mov r7, SYS_KILL
84  mov r1, SIGSTOP
85  swi 0
86
87selinux_proc_file:
88  .asciz "/proc/thread-self/attr/current"
89
90context:
91__setcon_shell_code_end:
92