Dear All,
We met one issue on the android M as below:
[ 137.663890] type=1400 audit(946684934.059:69): avc: denied { module_request
} for pid=3135 comm="dmesg" kmod="personality-8" scontext=u:r:shell:s0
tcontext=u:r:kernel:s0 tclass=system permissive=1
I saw there was a thread to discuss this before, just wondering what would be
the solution at least risk?
1) To revert the commit?
commit f643eb38c36eb63f612e20dea09fd43ac6a6b360
Author: Dmitriy Ivanov <[email protected]>
Date: Tue Jun 30 15:10:51 2015 -0700
Improve personality initialization
1. Personality parameter should be unsigned int (not long)
2. Do not reset bits outside of PER_MASK when setting
personality value.
3. Set personality for static executables.
Bug: http://b/21900686
Change-Id: I4c7e34079cbd59b818ce221eed325c05b9bb2303
diff --git a/libc/bionic/libc_init_common.cpp b/libc/bionic/libc_init_common.cpp
index 9b23ece..bd71628 100644
--- a/libc/bionic/libc_init_common.cpp
+++ b/libc/bionic/libc_init_common.cpp
@@ -37,6 +37,7 @@
#include <stdlib.h>
#include <string.h>
#include <sys/auxv.h>
+#include <sys/personality.h>
#include <sys/time.h>
#include <unistd.h>
@@ -44,6 +45,7 @@
#include "private/bionic_ssp.h"
#include "private/bionic_tls.h"
#include "private/KernelArgumentBlock.h"
+#include "private/libc_logging.h"
#include "pthread_internal.h"
extern "C" abort_msg_t** __abort_message_ptr;
@@ -289,6 +291,19 @@ static void __sanitize_environment_variables(char** env) {
dst[0] = nullptr;
}
+static void __initialize_personality() {
+#if !defined(__LP64__)
+ int old_value = personality(0xffffffff);
+ if (old_value == -1) {
+ __libc_fatal("error getting old personality value: %s", strerror(errno));
+ }
+
+ if (personality((static_cast<unsigned int>(old_value) & ~PER_MASK) |
PER_LINUX32) == -1) {
+ __libc_fatal("error setting PER_LINUX32 personality: %s", strerror(errno));
+ }
+#endif
+}
+
void __libc_init_AT_SECURE(KernelArgumentBlock& args) {
__libc_auxv = args.auxv;
@@ -312,6 +327,8 @@ void __libc_init_AT_SECURE(KernelArgumentBlock& args) {
// Now the environment has been sanitized, make it available.
environ = args.envp;
+
+ __initialize_personality();
}
/* This function will be called during normal program termination
diff --git a/libc/include/sys/personality.h b/libc/include/sys/personality.h
index 8a023f9..7764468 100644
--- a/libc/include/sys/personality.h
+++ b/libc/include/sys/personality.h
@@ -34,7 +34,7 @@
__BEGIN_DECLS
-extern int personality (unsigned long persona);
+extern int personality (unsigned int persona);
__END_DECLS
diff --git a/linker/linker.cpp b/linker/linker.cpp
index f7b58c4..60f8489 100644
--- a/linker/linker.cpp
+++ b/linker/linker.cpp
@@ -37,7 +37,6 @@
#include <string.h>
#include <sys/mman.h>
#include <sys/param.h>
-#include <sys/personality.h>
#include <unistd.h>
#include <new>
@@ -3111,12 +3110,6 @@ static ElfW(Addr)
__linker_init_post_relocation(KernelArgumentBlock& args, ElfW(
ldpreload_env = getenv("LD_PRELOAD");
}
-#if !defined(__LP64__)
- if (personality(PER_LINUX32) == -1) {
- __libc_fatal("error setting PER_LINUX32 personality: %s", strerror(errno));
- }
-#endif
-
INFO("[ android linker & debugger ]");
soinfo* si = soinfo_alloc(args.argv[0], nullptr, 0, RTLD_GLOBAL);
diff --git a/tests/sys_personality_test.cpp b/tests/sys_personality_test.cpp
index 55a023d..2dfaa65 100644
--- a/tests/sys_personality_test.cpp
+++ b/tests/sys_personality_test.cpp
@@ -19,7 +19,7 @@
#include <sys/personality.h>
TEST(sys_personality, current_persona) {
- int persona = personality(0xffffffff);
+ int persona = personality(0xffffffff) & PER_MASK;
#if defined(__BIONIC__)
#if defined(__LP64__)
ASSERT_EQ(PER_LINUX, persona);
2) Or we can make some fix in kernel as suggested in previous thread. If so,
what the commit/change will be?
Thanks!
_______________________________________________
Seandroid-list mailing list
[email protected]
To unsubscribe, send email to [email protected].
To get help, send an email containing "help" to
[email protected].
