INT_32 procInitFs(VOID) { struct proc_dir_entry *prEntry; if (init_net.proc_net == (struct proc_dir_entry *)NULL) { pr_err("init proc fs fail: proc_net == NULL\n"); return -ENOENT; } /* * Directory: Root (/proc/net/wlan0) */ gprProcRoot = proc_mkdir(PROC_ROOT_NAME, init_net.proc_net); if (!gprProcRoot) { pr_err("gprProcRoot == NULL\n"); return -ENOENT; } proc_set_user(gprProcRoot, KUIDT_INIT(PROC_UID_SHELL), KGIDT_INIT(PROC_GID_WIFI)); prEntry = proc_create(PROC_DBG_LEVEL_NAME, 0664, gprProcRoot, &dbglevel_ops); if (prEntry == NULL) { pr_err("Unable to create /proc entry dbgLevel\n\r"); return -1; } proc_set_user(prEntry, KUIDT_INIT(PROC_UID_SHELL), KGIDT_INIT(PROC_GID_WIFI)); return 0; } /* end of procInitProcfs() */
/* * Create the trusted keyrings */ static __init int system_trusted_keyring_init(void) { pr_notice("Initialise system trusted keyrings\n"); builtin_trusted_keys = keyring_alloc(".builtin_trusted_keys", KUIDT_INIT(0), KGIDT_INIT(0), current_cred(), ((KEY_POS_ALL & ~KEY_POS_SETATTR) | KEY_USR_VIEW | KEY_USR_READ | KEY_USR_SEARCH), KEY_ALLOC_NOT_IN_QUOTA, NULL, NULL); if (IS_ERR(builtin_trusted_keys)) panic("Can't allocate builtin trusted keyring\n"); #ifdef CONFIG_SECONDARY_TRUSTED_KEYRING secondary_trusted_keys = keyring_alloc(".secondary_trusted_keys", KUIDT_INIT(0), KGIDT_INIT(0), current_cred(), ((KEY_POS_ALL & ~KEY_POS_SETATTR) | KEY_USR_VIEW | KEY_USR_READ | KEY_USR_SEARCH | KEY_USR_WRITE), KEY_ALLOC_NOT_IN_QUOTA, get_builtin_and_secondary_restriction(), NULL); if (IS_ERR(secondary_trusted_keys)) panic("Can't allocate secondary trusted keyring\n"); if (key_link(secondary_trusted_keys, builtin_trusted_keys) < 0) panic("Can't link trusted keyrings\n"); #endif return 0; }
static void bluesleep_proc_set_uid_gid(struct proc_dir_entry *ent) { #if LINUX_VERSION_CODE >= KERNEL_VERSION(3, 5, 0) proc_set_user(ent, KUIDT_INIT(AID_BLUETOOTH), KGIDT_INIT(AID_NET_BT_STACK)); #else ent->uid = AID_BLUETOOTH; ent->gid = AID_NET_BT_STACK; #endif }
/** * cap_capable - Determine whether a task has a particular effective capability * @cred: The credentials to use * @ns: The user namespace in which we need the capability * @cap: The capability to check for * @audit: Whether to write an audit message or not * * Determine whether the nominated task has the specified capability amongst * its effective set, returning 0 if it does, -ve if it does not. * * NOTE WELL: cap_has_capability() cannot be used like the kernel's capable() * and has_capability() functions. That is, it has the reverse semantics: * cap_has_capability() returns 0 when a task has a capability, but the * kernel's capable() and has_capability() returns 1 for this case. */ int cap_capable(const struct cred *cred, struct user_namespace *targ_ns, int cap, int audit) { struct user_namespace *ns = targ_ns; #ifdef CONFIG_ANDROID_PARANOID_NETWORK if (cap == CAP_NET_RAW && in_egroup_p(KGIDT_INIT(AID_NET_RAW))) return 0; if (cap == CAP_NET_ADMIN && in_egroup_p(KGIDT_INIT(AID_NET_ADMIN))) return 0; #endif /* See if cred has the capability in the target user namespace * by examining the target user namespace and all of the target * user namespace's parents. */ for (;;) { /* Do we have the necessary capabilities? */ if (ns == cred->user_ns) return cap_raised(cred->cap_effective, cap) ? 0 : -EPERM; /* Have we tried all of the parent namespaces? */ if (ns == &init_user_ns) return -EPERM; /* * The owner of the user namespace in the parent of the * user namespace has all caps. */ if ((ns->parent == cred->user_ns) && uid_eq(ns->owner, cred->euid)) return 0; /* * If you have a capability in a parent user ns, then you have * it over all children user namespaces as well. */ ns = ns->parent; } /* We never get here */ }
/* * Create the persistent keyring register for the current user namespace. * * Called with the namespace's sem locked for writing. */ static int key_create_persistent_register(struct user_namespace *ns) { struct key *reg = keyring_alloc(".persistent_register", KUIDT_INIT(0), KGIDT_INIT(0), current_cred(), ((KEY_POS_ALL & ~KEY_POS_SETATTR) | KEY_USR_VIEW | KEY_USR_READ), KEY_ALLOC_NOT_IN_QUOTA, NULL, NULL); if (IS_ERR(reg)) return PTR_ERR(reg); ns->persistent_keyring_register = reg; return 0; }
/* * Load the compiled-in keys */ static __init int system_trusted_keyring_init(void) { pr_notice("Initialise system trusted keyring\n"); system_trusted_keyring = keyring_alloc(".system_keyring", KUIDT_INIT(0), KGIDT_INIT(0), current_cred(), ((KEY_POS_ALL & ~KEY_POS_SETATTR) | KEY_USR_VIEW | KEY_USR_READ | KEY_USR_SEARCH), KEY_ALLOC_NOT_IN_QUOTA, NULL); if (IS_ERR(system_trusted_keyring)) panic("Can't allocate system trusted keyring\n"); set_bit(KEY_FLAG_TRUSTED_ONLY, &system_trusted_keyring->flags); return 0; }
/* * Load the compiled-in keys */ static __init int module_verify_init(void) { pr_notice("Initialise module verification\n"); modsign_keyring = key_alloc(&key_type_keyring, ".module_sign", KUIDT_INIT(0), KGIDT_INIT(0), current_cred(), (KEY_POS_ALL & ~KEY_POS_SETATTR) | KEY_USR_VIEW | KEY_USR_READ, KEY_ALLOC_NOT_IN_QUOTA); if (IS_ERR(modsign_keyring)) panic("Can't allocate module signing keyring\n"); if (key_instantiate_and_link(modsign_keyring, NULL, 0, NULL, NULL) < 0) panic("Can't instantiate module signing keyring\n"); return 0; }
static int __integrity_init_keyring(const unsigned int id, key_perm_t perm, struct key_restriction *restriction) { const struct cred *cred = current_cred(); int err = 0; keyring[id] = keyring_alloc(keyring_name[id], KUIDT_INIT(0), KGIDT_INIT(0), cred, perm, KEY_ALLOC_NOT_IN_QUOTA, restriction, NULL); if (IS_ERR(keyring[id])) { err = PTR_ERR(keyring[id]); pr_info("Can't allocate %s keyring (%d)\n", keyring_name[id], err); keyring[id] = NULL; } return err; }
int integrity_init_keyring(const unsigned int id) { const struct cred *cred = current_cred(); int err = 0; keyring[id] = keyring_alloc(keyring_name[id], KUIDT_INIT(0), KGIDT_INIT(0), cred, ((KEY_POS_ALL & ~KEY_POS_SETATTR) | KEY_USR_VIEW | KEY_USR_READ | KEY_USR_WRITE | KEY_USR_SEARCH), KEY_ALLOC_NOT_IN_QUOTA, NULL); if (!IS_ERR(keyring[id])) set_bit(KEY_FLAG_TRUSTED_ONLY, &keyring[id]->flags); else { err = PTR_ERR(keyring[id]); pr_info("Can't allocate %s keyring (%d)\n", keyring_name[id], err); keyring[id] = NULL; } return err; }
kgid_t make_kgid(struct user_namespace *ns, gid_t gid) { /* Map the gid to a global kernel gid */ return KGIDT_INIT(gid); }
/* static unsigned long cl_shutdown_state[MAX_NUM_INSTANCE_MTK_COOLER_SHUTDOWN] = { 0 }; */ static struct sd_state cl_sd_state[MAX_NUM_INSTANCE_MTK_COOLER_SHUTDOWN]; #if defined(MTK_COOLER_SHUTDOWN_SIGNAL) static unsigned int tm_pid; static unsigned int tm_input_pid; static unsigned int mtk_cl_sd_rst; static struct task_struct g_task; static struct task_struct *pg_task = &g_task; static int sd_debouncet = 1; /* static int sd_cnt = 0; */ static int sd_happened; static kuid_t uid = KUIDT_INIT(0); static kgid_t gid = KGIDT_INIT(1000); static ssize_t _mtk_cl_sd_rst_write(struct file *filp, const char __user *buf, size_t len, loff_t *data) { int ret = 0; char tmp[MAX_LEN] = { 0 }; /* write data to the buffer */ if (copy_from_user(tmp, buf, len)) return -EFAULT; ret = kstrtouint(tmp, 10, &mtk_cl_sd_rst); if (ret) WARN_ON(1);
static int _stp_create_procfs(const char *path, int num, const struct file_operations *fops, int perm, void *data) { const char *p; char *next; struct proc_dir_entry *last_dir, *de; if (num >= STP_MAX_PROCFS_FILES) { _stp_error("Requested file number %d is larger than max (%d)\n", num, STP_MAX_PROCFS_FILES); return -1; } last_dir = _stp_proc_root; /* if no path, use default one */ if (strlen(path) == 0) p = "command"; else p = path; #ifdef _STP_ALLOW_PROCFS_PATH_SUBDIRS while ((next = strchr(p, '/'))) { if (_stp_num_pde == STP_MAX_PROCFS_FILES) goto too_many; *next = 0; de = _stp_procfs_lookup(p, last_dir); if (de == NULL) { last_dir = proc_mkdir(p, last_dir); if (!last_dir) { _stp_error("Could not create directory \"%s\"\n", p); goto err; } _stp_pde[_stp_num_pde++] = last_dir; #ifdef STAPCONF_PROCFS_OWNER last_dir->owner = THIS_MODULE; #endif proc_set_user(last_dir, KUIDT_INIT(_stp_uid), KGIDT_INIT(_stp_gid)); } else { last_dir = de; } p = next + 1; } #else /* !_STP_ALLOW_PROCFS_PATH_SUBDIRS */ if (strchr(p, '/') != NULL) { _stp_error("Could not create path \"%s\"," " contains subdirectories\n", p); goto err; } #endif /* !_STP_ALLOW_PROCFS_PATH_SUBDIRS */ if (_stp_num_pde == STP_MAX_PROCFS_FILES) goto too_many; de = proc_create_data(p, perm, last_dir, fops, data); if (de == NULL) { _stp_error("Could not create file \"%s\" in path \"%s\"\n", p, path); goto err; } #ifdef STAPCONF_PROCFS_OWNER de->owner = THIS_MODULE; #endif proc_set_user(de, KUIDT_INIT(_stp_uid), KGIDT_INIT(_stp_gid)); _stp_pde[_stp_num_pde++] = de; return 0; too_many: _stp_error("Attempted to open too many procfs files. Maximum is %d\n", STP_MAX_PROCFS_FILES); err: _stp_close_procfs(); return -1; }