1/*
2 * Copyright (C) 2023 The Android Open Source Project
3 *
4 * Licensed under the Apache License, Version 2.0 (the "License");
5 * you may not use this file except in compliance with the License.
6 * You may obtain a copy of the License at
7 *
8 *     http://www.apache.org/licenses/LICENSE-2.0
9 *
10 * Unless required by applicable law or agreed to in writing, software
11 * distributed under the License is distributed on an "AS IS" BASIS,
12 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13 * See the License for the specific language governing permissions and
14 * limitations under the License.
15 */
16
17// Shell code that sets the current SELinux context to a given string.
18//
19// The desired SELinux context is appended to the payload as a null-terminated
20// string.
21//
22// After the SELinux context has been updated the current process will raise
23// SIGSTOP.
24
25#include "./shell-code/constants.S"
26#include "./shell-code/constants-x86_64.S"
27
28.globl __setcon_shell_code_start
29.globl __setcon_shell_code_end
30
31__setcon_shell_code_start:
32
33  // Ensure that the context and SELinux /proc file are readable. This assumes
34  // that the max length of these two strings is shorter than 0x1000.
35  //
36  // mprotect(context & ~0xFFF, 0x2000, PROT_READ | PROT_EXEC)
37  mov $SYS_MPROTECT, %rax
38  lea context(%rip), %rdi
39  and $~0xFFF, %rdi
40  mov $0x2000, %rsi
41  mov $(PROT_READ | PROT_EXEC), %rdx
42  syscall
43
44  // rdi = open("/proc/self/attr/current", O_WRONLY, O_WRONLY)
45  mov $SYS_OPEN, %eax
46  lea selinux_proc_file(%rip), %rdi
47  mov $O_WRONLY, %rsi
48  mov $O_WRONLY, %rdx
49  syscall
50  mov %rax, %rdi
51
52  // write(rdi, context, strlen(context))
53  xor %rdx, %rdx
54  lea context(%rip), %rsi
55strlen_start:
56  movb (%rsi, %rdx), %al
57  test %al, %al
58  jz strlen_done
59  inc %rdx
60  jmp strlen_start
61strlen_done:
62  mov $SYS_WRITE, %rax
63  syscall
64
65  // close(rdi)
66  mov $SYS_CLOSE, %rax
67  syscall
68
69  // rdi = getpid()
70  mov $SYS_GETPID, %rax
71  syscall
72  mov %rax, %rdi
73
74  // kill(rdi, SIGSTOP)
75  mov $SYS_KILL, %rax
76  mov $SIGSTOP, %rsi
77  syscall
78
79selinux_proc_file:
80  .asciz "/proc/self/attr/current"
81
82context:
83__setcon_shell_code_end:
84