Skip to content

Commit

Permalink
[WIP]: Neo/Next の全ビルドに対応
Browse files Browse the repository at this point in the history 
Signed-off-by: Syuugo <[email protected]>
  • Loading branch information
@s1204IT
s1204IT authored May 14, 2024
1 parent bdd58f6 commit dd176e7
Showing 1 changed file with 172 additions and 16 deletions.
188 changes: 172 additions & 16 deletions mali_shrinker_mmap32.c
View file
Original file line number Diff line number Diff line change
Expand Up @@ -62,14 +62,114 @@

#define ADD_COMMIT_INDEX 3

// TAB-A05-BD
#define SELINUX_ENFORCING_neo 0x129d9bc
#define SEL_READ_HANDLE_UNKNOWN_neo 0x365d80 // 0xffffff80083e5d80 - 0xffffff8008080000 = 0x365d80
#define INIT_CRED_neo 0x11553f0 //0xffffff80091d53f0 - 0xffffff8008080000 = 0x11553f0
#define COMMIT_CREDS_neo 0x5a120 //0xffffff80080da120 - 0xffffff8008080000 = 0x5a120
#define ADD_INIT_neo 0x910FC000
#define ADD_COMMIT_neo 0x91048108
#define AVC_DENY_neo 0x35acc8//0xffffff80083dacc8 - 0xffffff8008080000 = 0x35acc8
/*
base address = do_undefinstr - 0x1000
COMMIT_CREDS = commit_creds - base address
AVC_DENY= avc_denied.isra.4 - base address
SEL_READ_ENFORCE = sel_read_enforce - base address
SEL_READ_HANDLE_UNKNOWN = sel_read_handle_unknown - base address
Need: Ghidra
Search: prepare_kernel_cred ->
INIT_CRED = mov - base address
Search: sel_read_enforce ->
SELINUX_ENFORCING = ldr - base address
Need: ARM to HEX
ADD_COMMIT = add x8, x8, #0x(Last 3 digits of INIT_CRED)
ADD_INIT = add x0, x0, #0x(Last 3 digits of INIT_CRED)
*/

// TAB-A05-BD 01.00.000
#define SELINUX_ENFORCING_CTX_01_00_000 0x129d9bc
#define SEL_READ_HANDLE_UNKNOWN_CTX_01_00_000 0x365d80 // 0xffffff80083e5d80 - 0xffffff8008080000 = 0x365d80
#define SEL_READ_ENFORCE_CTX_01_00_000 0x3653a8 //0xffffff80083e53a8 - 0xffffff8008080000 = 0x3653A8 //add
#define INIT_CRED_CTX_01_00_000 0x11553f0 //0xffffff80091d53f0 - 0xffffff8008080000 = 0x11553F0
#define COMMIT_CREDS_CTX_01_00_000 0x5a120 //0xffffff80080da120 - 0xffffff8008080000 = 0x5a120
#define ADD_INIT_CTX_01_00_000 0x910fc000
#define ADD_COMMIT_CTX_01_00_000 0x91048108
//avc_denied.isra.4
#define AVC_DENY_CTX_01_00_000 0x35acc8 //0xffffff80083dacc8 - 0xffffff8008080000 = 0x35ACC8;//add

// TAB-A05-BD 01.01.001
#define COMMIT_CREDS_CTX_01_01_001 0x5a120
#define AVC_DENY_CTX_01_01_001 0x35acc8
#define SEL_READ_ENFORCE_CTX_01_01_001 0x365418
#define SEL_READ_HANDLE_UNKNOWN_CTX_01_01_001 0x365df0
#define INIT_CRED_CTX_01_01_001 0x11653f0
#define SELINUX_ENFORCING_CTX_01_01_001 0x12ad9bc
#define ADD_INIT_CTX_01_01_001 0x910fc000
#define ADD_COMMIT_CTX_01_01_001 0x91048108

// TAB-A05-BD 01.04.000
#define COMMIT_CREDS_CTX_01_04_000 0x5a120
#define AVC_DENY_CTX_01_04_000 0x35ac10
#define SEL_READ_ENFORCE_CTX_01_04_000 0x365360
#define SEL_READ_HANDLE_UNKNOWN_CTX_01_04_000 0x365d38
#define INIT_CRED_CTX_01_04_000 0x11653f0
#define SELINUX_ENFORCING_CTX_01_04_000 0x12ae9bc
#define ADD_INIT_CTX_01_04_000 0x910fc000
#define ADD_COMMIT_CTX_01_04_000 0x91048108

// TAB-A05-BD 01.11.000
#define COMMIT_CREDS_CTX_01_11_000 0x5a120
#define AVC_DENY_CTX_01_11_000 0x359c20
#define SEL_READ_ENFORCE_CTX_01_11_000 0x364370
#define SEL_READ_HANDLE_UNKNOWN_CTX_01_11_000 0x364d48
#define INIT_CRED_CTX_01_11_000 0x11653f0
#define SELINUX_ENFORCING_CTX_01_11_000 0x1149a88
#define ADD_INIT_CTX_01_11_000 0x910fc000
#define ADD_COMMIT_CTX_01_11_000 0x91048108

// TAB-A05-BA1 01.00.000
#define COMMIT_CREDS_CTZ_01_00_000 0x5a120
#define AVC_DENY_CTZ_01_00_000 0x359c20
#define SEL_READ_ENFORCE_CTZ_01_00_000 0x364370
#define SEL_READ_HANDLE_UNKNOWN_CTZ_01_00_000 0x364d48
#define INIT_CRED_CTZ_01_00_000 0x11653f0
#define SELINUX_ENFORCING_CTZ_01_00_000 0x12d49bc
#define ADD_INIT_CTZ_01_00_000 0x910fc000
#define ADD_COMMIT_CTZ_01_00_000 0x91048108

// TAB-A05-BA1 01.01.000
#define COMMIT_CREDS_CTZ_01_01_000 0x5a120
#define AVC_DENY_CTZ_01_01_000 0x359a68
#define SEL_READ_ENFORCE_CTZ_01_01_000 0x3641b8
#define SEL_READ_HANDLE_UNKNOWN_CTZ_01_01_000 0x364b90
#define INIT_CRED_CTZ_01_01_000 0x11653f0
#define SELINUX_ENFORCING_CTZ_01_01_000 0x12d49bc
#define ADD_INIT_CTZ_01_01_000 0x910fc000
#define ADD_COMMIT_CTZ_01_01_000 0x91048108

// TAB-A05-BA1 01.02.004
#define COMMIT_CREDS_CTZ_01_02_004 0x5a120
#define AVC_DENY_CTZ_01_02_004 0x35bad0
#define SEL_READ_ENFORCE_CTZ_01_02_004 0x366190
#define SEL_READ_HANDLE_UNKNOWN_CTZ_01_02_004 0x366b68
#define INIT_CRED_CTZ_01_02_004 0x11a53f0
#define SELINUX_ENFORCING_CTZ_01_02_004 0x13199bc
#define ADD_INIT_CTZ_01_02_004 0x910fc000
#define ADD_COMMIT_CTZ_01_02_004 0x91048108

// TAB-A05-BA1 01.02.005
#define COMMIT_CREDS_CTZ_01_02_005 0x5a120
#define AVC_DENY_CTZ_01_02_005 0x35bad0
#define SEL_READ_ENFORCE_CTZ_01_02_005 0x366190
#define SEL_READ_HANDLE_UNKNOWN_CTZ_01_02_005 0x366b68
#define INIT_CRED_CTZ_01_02_005 0x11a53f0
#define SELINUX_ENFORCING_CTZ_01_02_005 0x13199bc
#define ADD_INIT_CTZ_01_02_005 0x910fc000
#define ADD_COMMIT_CTZ_01_02_005 0x91048108

// TAB-A05-BA1 01.03.000
#define COMMIT_CREDS_CTZ_01_03_000 0x5a120
#define AVC_DENY_CTZ_01_03_000 0x35bad0
#define SEL_READ_ENFORCE_CTZ_01_03_000 0x366190
#define SEL_READ_HANDLE_UNKNOWN_CTZ_01_03_000 0x366b68
#define INIT_CRED_CTZ_01_03_000 0x11a53f0
#define SELINUX_ENFORCING_CTZ_01_03_000 0x13199bc
#define ADD_INIT_CTZ_01_03_000 0x910fc000
#define ADD_COMMIT_CTZ_01_03_000 0x91048108

static uint64_t sel_read_handle_unknown = SEL_READ_HANDLE_UNKNOWN_neo;

Expand Down Expand Up @@ -630,25 +730,81 @@ void select_offset() {
LOG("fingerprint: %s\n", fingerprint);

if (!strcmp(fingerprint, "benesse/TAB-A05-BD/TAB-A05-BD:9/01.00.000/01.00.000:user/release-keys")) {
selinux_enforcing = SELINUX_ENFORCING_neo;
sel_read_handle_unknown = SEL_READ_HANDLE_UNKNOWN_neo;
fixup_root_shell(INIT_CRED_neo, COMMIT_CREDS_neo, SEL_READ_HANDLE_UNKNOWN_neo, ADD_INIT_neo, ADD_COMMIT_neo);
return;
selinux_enforcing = SELINUX_ENFORCING_CTX_01_00_000;
sel_read_handle_unknown = SEL_READ_HANDLE_UNKNOWN_CTX_01_00_000;
fixup_root_shell(INIT_CRED_CTX_01_00_000, COMMIT_CREDS_CTX_01_00_000, SEL_READ_HANDLE_UNKNOWN_CTX_01_00_000, ADD_INIT_CTX_01_00_000, ADD_COMMIT_CTX_01_00_000);
return;
}

if (!strcmp(fingerprint, "benesse/TAB-A05-BD/TAB-A05-BD:9/01.01.001/01.01.001:user/release-keys")) {
selinux_enforcing = SELINUX_ENFORCING_CTX_01_01_001;
sel_read_handle_unknown = SEL_READ_HANDLE_UNKNOWN_CTX_01_01_001;
fixup_root_shell(INIT_CRED_CTX_01_01_001, COMMIT_CREDS_CTX_01_01_001, SEL_READ_HANDLE_UNKNOWN_CTX_01_01_001, ADD_INIT_CTX_01_01_001, ADD_COMMIT_CTX_01_01_001);
return;
}

if (!strcmp(fingerprint, "benesse/TAB-A05-BD/TAB-A05-BD:9/01.04.000/01.04.000:user/release-keys")) {
selinux_enforcing = SELINUX_ENFORCING_CTX_01_04_000;
sel_read_handle_unknown = SEL_READ_HANDLE_UNKNOWN_CTX_01_04_000;
fixup_root_shell(INIT_CRED_CTX_01_04_000, COMMIT_CREDS_CTX_01_04_000, SEL_READ_HANDLE_UNKNOWN_CTX_01_04_000, ADD_INIT_CTX_01_04_000, ADD_COMMIT_CTX_01_04_000);
return;
}

if (!strcmp(fingerprint, "benesse/TAB-A05-BD/TAB-A05-BD:9/01.11.000/01.11.000:user/release-keys")) {
selinux_enforcing = SELINUX_ENFORCING_CTX_01_11_000;
sel_read_handle_unknown = SEL_READ_HANDLE_UNKNOWN_CTX_01_11_000;
fixup_root_shell(INIT_CRED_CTX_01_11_000, COMMIT_CREDS_CTX_01_11_000, SEL_READ_HANDLE_UNKNOWN_CTX_01_11_000, ADD_INIT_CTX_01_11_000, ADD_COMMIT_CTX_01_11_000);
return;
}

if (!strcmp(fingerprint, "benesse/TAB-A05-BA1/TAB-A05-BA1:9/01.00.000/01.00.000:user/release-keys")) {
selinux_enforcing = SELINUX_ENFORCING_CTZ_01_00_000;
sel_read_handle_unknown = SEL_READ_HANDLE_UNKNOWN_CTZ_01_00_000;
fixup_root_shell(INIT_CRED_CTZ_01_00_000, COMMIT_CREDS_CTZ_01_00_000, SEL_READ_HANDLE_UNKNOWN_CTZ_01_00_000, ADD_INIT_CTZ_01_00_000, ADD_COMMIT_CTZ_01_00_000);
return;
}

if (!strcmp(fingerprint, "benesse/TAB-A05-BA1/TAB-A05-BA1:9/01.01.000/01.01.000:user/release-keys")) {
selinux_enforcing = SELINUX_ENFORCING_CTZ_01_01_000;
sel_read_handle_unknown = SEL_READ_HANDLE_UNKNOWN_CTZ_01_01_000;
fixup_root_shell(INIT_CRED_CTZ_01_01_000, COMMIT_CREDS_CTZ_01_01_000, SEL_READ_HANDLE_UNKNOWN_CTZ_01_01_000, ADD_INIT_CTZ_01_01_000, ADD_COMMIT_CTZ_01_01_000);
return;
}

if (!strcmp(fingerprint, "benesse/TAB-A05-BA1/TAB-A05-BA1:9/01.02.004/01.02.004:user/release-keys")) {
selinux_enforcing = SELINUX_ENFORCING_CTZ_01_02_004;
sel_read_handle_unknown = SEL_READ_HANDLE_UNKNOWN_CTZ_01_02_004;
fixup_root_shell(INIT_CRED_CTZ_01_02_004, COMMIT_CREDS_CTZ_01_02_004, SEL_READ_HANDLE_UNKNOWN_CTZ_01_02_004, ADD_INIT_CTZ_01_02_004, ADD_COMMIT_CTZ_01_02_004);
return;
}

if (!strcmp(fingerprint, "benesse/TAB-A05-BA1/TAB-A05-BA1:9/01.02.005/01.02.005:user/release-keys")) {
selinux_enforcing = SELINUX_ENFORCING_CTZ_01_02_005;
sel_read_handle_unknown = SEL_READ_HANDLE_UNKNOWN_CTZ_01_02_005;
fixup_root_shell(INIT_CRED_CTZ_01_02_005, COMMIT_CREDS_CTZ_01_02_005, SEL_READ_HANDLE_UNKNOWN_CTZ_01_02_005, ADD_INIT_CTZ_01_02_005, ADD_COMMIT_CTZ_01_02_005);
return;
}

if (!strcmp(fingerprint, "benesse/TAB-A05-BA1/TAB-A05-BA1:9/01.03.000/01.03.000:user/release-keys")) {
selinux_enforcing = SELINUX_ENFORCING_CTZ_01_03_000;
sel_read_handle_unknown = SEL_READ_HANDLE_UNKNOWN_CTZ_01_03_000;
fixup_root_shell(INIT_CRED_CTZ_01_03_000, COMMIT_CREDS_CTZ_01_03_000, SEL_READ_HANDLE_UNKNOWN_CTZ_01_03_000, ADD_INIT_CTZ_01_03_000, ADD_COMMIT_CTZ_01_03_000);
return;
}

/*
if (1) {
// avc_deny = 0x321C64; // avc_denied.isra.6
// selinux_enforcing_READ = 0x32CC2C ; // t sel_read_enforce
// selinux_enforcing_WRITE = 0x32E01C ; // t sel_read_enforce
//avc_deny = 0x321C64; // avc_denied.isra.6
//selinux_enforcing_READ = 0x32CC2C ; // t sel_read_enforce
//selinux_enforcing_WRITE = 0x32E01C ; // t sel_read_enforce
selinux_enforcing = SELINUX_ENFORCING_neo;
sel_read_handle_unknown = SEL_READ_HANDLE_UNKNOWN_neo;
//fixup_root_shell(0x12253F0, 0x5B328, selinux_enforcing_WRITE, 0x910FC000, 0x910CA108);
// fixup_root_shell(0x12253F0, 0x5B328, selinux_enforcing_READ, 0x910FC000, 0x910CA108);
//fixup_root_shell(0x12253F0, 0x5B328, selinux_enforcing_READ, 0x910FC000, 0x910CA108);
fixup_root_shell_un(INIT_CRED_neo, COMMIT_CREDS_neo, sel_read_handle_unknown, ADD_INIT_neo, ADD_COMMIT_neo);
return;
}
*/
err(1, "unable to match build id\n");
}

Expand Down

0 comments on commit dd176e7

Please sign in to comment.