kernel: Replace sys_newfstatat with vfs_fstatat

For those old Android applications, we need to hook vfs_fstatat. Signed-off-by: hamjin <[email protected]>
hamjin · Sep 21, 2024 · 730341a · 730341a
1 parent ac20b76
commit 730341a
Show file tree

Hide file tree

Showing 2 changed files with 11 additions and 12 deletions.
diff --git a/kernel/arch.h b/kernel/arch.h
@@ -3,6 +3,8 @@
 
 #include <linux/version.h>
 
+#define VFS_FSTATAT_SYMBOL "vfs_fstatat"
+
 #if defined(__aarch64__)
 
 #define __PT_PARM1_REG regs[0]
@@ -20,7 +22,6 @@
 
 #define PRCTL_SYMBOL "__arm64_sys_prctl"
 #define SYS_READ_SYMBOL "__arm64_sys_read"
-#define SYS_NEWFSTATAT_SYMBOL "__arm64_sys_newfstatat"
 #define SYS_FACCESSAT_SYMBOL "__arm64_sys_faccessat"
 #define SYS_EXECVE_SYMBOL "__arm64_sys_execve"
 
@@ -41,7 +42,6 @@
 #define __PT_IP_REG ip
 #define PRCTL_SYMBOL "__x64_sys_prctl"
 #define SYS_READ_SYMBOL "__x64_sys_read"
-#define SYS_NEWFSTATAT_SYMBOL "__x64_sys_newfstatat"
 #define SYS_FACCESSAT_SYMBOL "__x64_sys_faccessat"
 #define SYS_EXECVE_SYMBOL "__x64_sys_execve"
 

diff --git a/kernel/sucompat.c b/kernel/sucompat.c
@@ -202,12 +202,11 @@ static int sys_faccessat_handler_pre(struct kprobe *p, struct pt_regs *regs)
 	return ksu_handle_faccessat(dfd, filename_user, mode, NULL);
 }
 
-static int sys_newfstatat_handler_pre(struct kprobe *p, struct pt_regs *regs)
+static int vfs_fstatat_handler_pre(struct kprobe *p, struct pt_regs *regs)
 {
-	struct pt_regs *real_regs = PT_REAL_REGS(regs);
-	int *dfd = (int *)&PT_REGS_PARM1(real_regs);
-	const char __user **filename_user = (const char **)&PT_REGS_PARM2(real_regs);
-	int *flags = (int *)&PT_REGS_SYSCALL_PARM4(real_regs);
+	int *dfd = (int *)&PT_REGS_PARM1(regs);
+	const char __user **filename_user = (const char **)&PT_REGS_PARM2(regs);
+	int *flags = (int *)&PT_REGS_SYSCALL_PARM4(regs);
 
 	return ksu_handle_stat(dfd, filename_user, flags);
 }
@@ -227,9 +226,9 @@ static struct kprobe faccessat_kp = {
 	.pre_handler = sys_faccessat_handler_pre,
 };
 
-static struct kprobe newfstatat_kp = {
-	.symbol_name = SYS_NEWFSTATAT_SYMBOL,
-	.pre_handler = sys_newfstatat_handler_pre,
+static struct kprobe vfs_fstatat_kp = {
+	.symbol_name = VFS_FSTATAT_SYMBOL,
+	.pre_handler = vfs_fstatat_handler_pre,
 };
 
 static struct kprobe execve_kp = {
@@ -260,8 +259,8 @@ void ksu_sucompat_init()
 	int ret;
 	ret = register_kprobe(&execve_kp);
 	pr_info("sucompat: execve_kp: %d\n", ret);
-	ret = register_kprobe(&newfstatat_kp);
-	pr_info("sucompat: newfstatat_kp: %d\n", ret);
+	ret = register_kprobe(&vfs_fstatat_kp);
+	pr_info("sucompat: vfs_fstatat_kp: %d\n", ret);
 	ret = register_kprobe(&faccessat_kp);
 	pr_info("sucompat: faccessat_kp: %d\n", ret);
 	ret = register_kprobe(&pts_unix98_lookup_kp);