1/*
2 * Copyright (C) 2023 The Android Open Source Project
3 *
4 * Licensed under the Apache License, Version 2.0 (the "License");
5 * you may not use this file except in compliance with the License.
6 * You may obtain a copy of the License at
7 *
8 *     http://www.apache.org/licenses/LICENSE-2.0
9 *
10 * Unless required by applicable law or agreed to in writing, software
11 * distributed under the License is distributed on an "AS IS" BASIS,
12 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13 * See the License for the specific language governing permissions and
14 * limitations under the License.
15 */
16
17// Shell code that sets the current SELinux context to a given string.
18//
19// The desired SELinux context is appended to the payload as a null-terminated
20// string.
21//
22// After the SELinux context has been updated the current process will raise
23// SIGSTOP.
24
25#include "./shell-code/constants.S"
26#include "./shell-code/constants-arm64.S"
27
28.globl __setcon_shell_code_start
29.globl __setcon_shell_code_end
30
31__setcon_shell_code_start:
32  // Ensure that the context and SELinux /proc file are readable. This assumes
33  // that the max length of these two strings is shorter than 0x1000.
34  //
35  // mprotect(context & ~0xFFF, 0x2000, PROT_READ | PROT_EXEC)
36  mov x8, SYS_MPROTECT
37  adr X0, __setcon_shell_code_end
38  and x0, x0, ~0xFFF
39  mov x1, 0x2000
40  mov x2, (PROT_READ | PROT_EXEC)
41  svc 0
42
43  // x10 = openat(AT_FDCWD, "/proc/self/attr/current", O_WRONLY, O_WRONLY)
44  mov x8, SYS_OPENAT
45  mov x0, AT_FDCWD
46  adr x1, selinux_proc_file
47  mov x2, O_WRONLY
48  mov x3, O_WRONLY
49  svc 0
50  mov x10, x0
51
52  // x11 = strlen(context)
53  mov x11, 0
54  adr x0, context
55strlen_start:
56  ldrb w1, [x0, x11]
57  cmp w1, 0
58  b.eq strlen_done
59  add x11, x11, 1
60  b strlen_start
61strlen_done:
62
63  // write(x10, context, x11)
64  mov x8, SYS_WRITE
65  mov x0, x10
66  adr x1, context
67  mov x2, x11
68  svc 0
69
70  // close(x10)
71  mov x8, SYS_CLOSE
72  mov x0, x10
73  svc 0
74
75  // x0 = getpid()
76  mov x8, SYS_GETPID
77  svc 0
78
79  // kill(x0, SIGSTOP)
80  mov x8, SYS_KILL
81  mov x1, SIGSTOP
82  svc 0
83
84selinux_proc_file:
85  .asciz "/proc/thread-self/attr/current"
86
87context:
88__setcon_shell_code_end:
89