Just apply one of the following patches, depending on your kernel version https://android-review.googlesource.com/#/q/a9ac1262ce80c287562e604f3bb24f232fcb686e
On Mon, Jun 13, 2016 at 2:41 PM, Wei Liu <[email protected]> wrote: > Dear All, > > > > We met one issue on the android M as below: > > > > [ 137.663890] type=1400 audit(946684934.059:69): avc: denied { > module_request } for pid=3135 comm="dmesg" kmod="personality-8" > scontext=u:r:shell:s0 tcontext=u:r:kernel:s0 tclass=system permissive=1 > > > > I saw there was a thread to discuss this before, just wondering what would > be the solution at least risk? > > 1) To revert the commit? > > commit f643eb38c36eb63f612e20dea09fd43ac6a6b360 > Author: Dmitriy Ivanov <[email protected]> > Date: Tue Jun 30 15:10:51 2015 -0700 > > Improve personality initialization > > 1. Personality parameter should be unsigned int (not long) > 2. Do not reset bits outside of PER_MASK when setting > personality value. > 3. Set personality for static executables. > > Bug: http://b/21900686 > Change-Id: I4c7e34079cbd59b818ce221eed325c05b9bb2303 > > diff --git a/libc/bionic/libc_init_common.cpp > b/libc/bionic/libc_init_common.cpp > index 9b23ece..bd71628 100644 > --- a/libc/bionic/libc_init_common.cpp > +++ b/libc/bionic/libc_init_common.cpp > @@ -37,6 +37,7 @@ > #include <stdlib.h> > #include <string.h> > #include <sys/auxv.h> > +#include <sys/personality.h> > #include <sys/time.h> > #include <unistd.h> > > @@ -44,6 +45,7 @@ > #include "private/bionic_ssp.h" > #include "private/bionic_tls.h" > #include "private/KernelArgumentBlock.h" > +#include "private/libc_logging.h" > #include "pthread_internal.h" > > extern "C" abort_msg_t** __abort_message_ptr; > @@ -289,6 +291,19 @@ static void __sanitize_environment_variables(char** > env) { > dst[0] = nullptr; > } > > +static void __initialize_personality() { > +#if !defined(__LP64__) > + int old_value = personality(0xffffffff); > + if (old_value == -1) { > + __libc_fatal("error getting old personality value: %s", > strerror(errno)); > + } > + > + if (personality((static_cast<unsigned int>(old_value) & ~PER_MASK) | > PER_LINUX32) == -1) { > + __libc_fatal("error setting PER_LINUX32 personality: %s", > strerror(errno)); > + } > +#endif > +} > + > void __libc_init_AT_SECURE(KernelArgumentBlock& args) { > __libc_auxv = args.auxv; > > @@ -312,6 +327,8 @@ void __libc_init_AT_SECURE(KernelArgumentBlock& args) { > > // Now the environment has been sanitized, make it available. > environ = args.envp; > + > + __initialize_personality(); > } > > /* This function will be called during normal program termination > diff --git a/libc/include/sys/personality.h > b/libc/include/sys/personality.h > index 8a023f9..7764468 100644 > --- a/libc/include/sys/personality.h > +++ b/libc/include/sys/personality.h > @@ -34,7 +34,7 @@ > > __BEGIN_DECLS > > -extern int personality (unsigned long persona); > +extern int personality (unsigned int persona); > > __END_DECLS > > diff --git a/linker/linker.cpp b/linker/linker.cpp > index f7b58c4..60f8489 100644 > --- a/linker/linker.cpp > +++ b/linker/linker.cpp > @@ -37,7 +37,6 @@ > #include <string.h> > #include <sys/mman.h> > #include <sys/param.h> > -#include <sys/personality.h> > #include <unistd.h> > > #include <new> > @@ -3111,12 +3110,6 @@ static ElfW(Addr) > __linker_init_post_relocation(KernelArgumentBlock& args, ElfW( > ldpreload_env = getenv("LD_PRELOAD"); > } > > -#if !defined(__LP64__) > - if (personality(PER_LINUX32) == -1) { > - __libc_fatal("error setting PER_LINUX32 personality: %s", > strerror(errno)); > - } > -#endif > - > INFO("[ android linker & debugger ]"); > > soinfo* si = soinfo_alloc(args.argv[0], nullptr, 0, RTLD_GLOBAL); > diff --git a/tests/sys_personality_test.cpp > b/tests/sys_personality_test.cpp > index 55a023d..2dfaa65 100644 > --- a/tests/sys_personality_test.cpp > +++ b/tests/sys_personality_test.cpp > @@ -19,7 +19,7 @@ > #include <sys/personality.h> > > TEST(sys_personality, current_persona) { > - int persona = personality(0xffffffff); > + int persona = personality(0xffffffff) & PER_MASK; > #if defined(__BIONIC__) > #if defined(__LP64__) > ASSERT_EQ(PER_LINUX, persona); > > 2) Or we can make some fix in kernel as suggested in previous thread. > If so, what the commit/change will be? > > > > Thanks! > > > > > > > > _______________________________________________ > Seandroid-list mailing list > [email protected] > To unsubscribe, send email to [email protected]. > To get help, send an email containing "help" to > [email protected]. > -- Nick Kralevich | Android Security | [email protected] | 650.214.4037
_______________________________________________ Seandroid-list mailing list [email protected] To unsubscribe, send email to [email protected]. To get help, send an email containing "help" to [email protected].
