diff --git a/src/modules/database/CPU.c b/src/modules/database/CPU.c index c475f1e..315bb1d 100644 --- a/src/modules/database/CPU.c +++ b/src/modules/database/CPU.c @@ -174,7 +174,7 @@ int p_cpu_online_action(unsigned int p_cpu) { mutex_lock(&module_mutex); #if LINUX_VERSION_CODE >= KERNEL_VERSION(3,14,0) /* Hacky way of 'stopping' KOBJs activities */ - mutex_lock(p_kernfs_mutex); +// mutex_lock(p_kernfs_mutex); #endif spin_lock(&p_db_lock); @@ -237,7 +237,7 @@ int p_cpu_online_action(unsigned int p_cpu) { spin_unlock(&p_db_lock); #if LINUX_VERSION_CODE >= KERNEL_VERSION(3,14,0) /* unlock KOBJ activities */ - mutex_unlock(p_kernfs_mutex); +// mutex_unlock(p_kernfs_mutex); #endif /* Release the 'module_mutex' */ mutex_unlock(&module_mutex); @@ -263,7 +263,7 @@ int p_cpu_dead_action(unsigned int p_cpu) { mutex_lock(&module_mutex); #if LINUX_VERSION_CODE >= KERNEL_VERSION(3,14,0) /* Hacky way of 'stopping' KOBJs activities */ - mutex_lock(p_kernfs_mutex); +// mutex_lock(p_kernfs_mutex); #endif spin_lock(&p_db_lock); @@ -334,7 +334,7 @@ int p_cpu_dead_action(unsigned int p_cpu) { spin_unlock(&p_db_lock); #if LINUX_VERSION_CODE >= KERNEL_VERSION(3,14,0) /* unlock KOBJ activities */ - mutex_unlock(p_kernfs_mutex); +// mutex_unlock(p_kernfs_mutex); #endif /* Release the 'module_mutex' */ mutex_unlock(&module_mutex); diff --git a/src/modules/exploit_detection/p_exploit_detection.c b/src/modules/exploit_detection/p_exploit_detection.c index 5a06ae0..41cb11d 100644 --- a/src/modules/exploit_detection/p_exploit_detection.c +++ b/src/modules/exploit_detection/p_exploit_detection.c @@ -18,12 +18,14 @@ #include "../../p_lkrg_main.h" struct p_ed_global_variables p_ed_guard_globals; +/* #ifdef CONFIG_SECURITY_SELINUX int *p_selinux_enabled; #ifdef CONFIG_SECURITY_SELINUX_DEVELOP int *p_selinux_enforcing; #endif #endif +*/ unsigned long p_global_off_cookie; unsigned long p_global_cnt_cookie; @@ -464,7 +466,7 @@ p_validate_task_out: return p_ret; } - +/* #ifdef CONFIG_SECURITY_SELINUX void p_validate_selinux(void) { @@ -497,7 +499,7 @@ void p_validate_selinux(void) { "Leaving function \n"); } #endif - +*/ void p_ed_enforce_validation(void) { // STRONG_DEBUG @@ -508,10 +510,12 @@ void p_ed_enforce_validation(void) { p_iterate_processes(p_validate_task_f); /* Validate critical globals */ +/* #ifdef CONFIG_SECURITY_SELINUX // SELinux p_validate_selinux(); #endif +*/ // STRONG_DEBUG p_debug_log(P_LKRG_STRONG_DBG, @@ -532,7 +536,7 @@ int p_exploit_detection_init(void) { p_global_off_cookie |= P_NORMALIZE_LONG; p_global_cnt_cookie |= P_NORMALIZE_LONG; p_global_cnt_cookie &= P_MASK_COUNTER; - +/* #ifdef CONFIG_SECURITY_SELINUX p_selinux_enabled = (int *)p_kallsyms_lookup_name("selinux_enabled"); #ifdef CONFIG_SECURITY_SELINUX_DEVELOP @@ -553,7 +557,7 @@ int p_exploit_detection_init(void) { goto p_exploit_detection_init_out; } #endif - +*/ if (p_init_rb_ed_pids()) { p_print_log(P_LKRG_ERR, "ERROR: Can\'t initialize ED pids cache and red-black tree :(\n"); @@ -563,7 +567,7 @@ int p_exploit_detection_init(void) { // Dump processes and threads p_iterate_processes(p_dump_task_f); - +/* #ifdef CONFIG_SECURITY_SELINUX // SELinux information #ifdef CONFIG_SECURITY_SELINUX_DEVELOP @@ -572,7 +576,7 @@ int p_exploit_detection_init(void) { p_ed_guard_globals.p_selinux.p_selinux_enabled = *p_selinux_enabled; mutex_init(&p_ed_guard_globals.p_selinux_lock); #endif - +*/ if (p_install_sys_setuid_hook()) { p_print_log(P_LKRG_ERR, "ERROR: Can\'t hook setuid syscall :(\n"); @@ -658,7 +662,7 @@ int p_exploit_detection_init(void) { p_ret = P_LKRG_GENERAL_ERROR; goto p_exploit_detection_init_err; } - +/* #ifdef CONFIG_SECURITY_SELINUX if (p_install_sel_write_enforce_hook()) { p_print_log(P_LKRG_ERR, @@ -667,7 +671,7 @@ int p_exploit_detection_init(void) { goto p_exploit_detection_init_err; } #endif - +*/ if (p_install_seccomp_hook()) { p_print_log(P_LKRG_ERR, "ERROR: Can\'t hook seccomp function :(\n"); @@ -776,9 +780,11 @@ void p_exploit_detection_exit(void) { p_uninstall_sys_finit_module_hook(); #endif p_uninstall_sys_delete_module_hook(); +/* #ifdef CONFIG_SECURITY_SELINUX p_uninstall_sel_write_enforce_hook(); #endif +*/ p_uninstall_seccomp_hook(); p_uninstall_sys_unshare_hook(); #ifdef CONFIG_USER_NS diff --git a/src/modules/exploit_detection/syscalls/p_sel_write_enforce/p_sel_write_enforce.c b/src/modules/exploit_detection/syscalls/p_sel_write_enforce/p_sel_write_enforce.c index 1bec7f0..7a76a39 100644 --- a/src/modules/exploit_detection/syscalls/p_sel_write_enforce/p_sel_write_enforce.c +++ b/src/modules/exploit_detection/syscalls/p_sel_write_enforce/p_sel_write_enforce.c @@ -17,7 +17,7 @@ * - Adam 'pi3' Zabrocki (http://pi3.com.pl) * */ - +/* #ifdef CONFIG_SECURITY_SELINUX #include "../../../../p_lkrg_main.h" @@ -29,7 +29,7 @@ static struct kretprobe p_sel_write_enforce_kretprobe = { .handler = p_sel_write_enforce_ret, .entry_handler = p_sel_write_enforce_entry, .data_size = sizeof(struct p_sel_write_enforce_data), - /* Probe up to 20 instances concurrently. */ + /* Probe up to 20 instances concurrently.* .maxactive = 40, }; @@ -43,7 +43,7 @@ static struct kretprobe p_sel_write_enforce_kretprobe = { * * r8 - probably 5th one * r9 - probably 5th one - */ + * int p_sel_write_enforce_entry(struct kretprobe_instance *p_ri, struct pt_regs *p_regs) { @@ -142,3 +142,4 @@ void p_uninstall_sel_write_enforce_hook(void) { } #endif +*/ diff --git a/src/modules/integrity_timer/p_integrity_timer.c b/src/modules/integrity_timer/p_integrity_timer.c index faedbd6..9b77b8c 100644 --- a/src/modules/integrity_timer/p_integrity_timer.c +++ b/src/modules/integrity_timer/p_integrity_timer.c @@ -186,7 +186,7 @@ void p_check_integrity(struct work_struct *p_work) { mutex_lock(&module_mutex); #if LINUX_VERSION_CODE >= KERNEL_VERSION(3,14,0) /* Hacky way of 'stopping' KOBJs activities */ - mutex_lock(p_kernfs_mutex); +// mutex_lock(p_kernfs_mutex); #endif /* @@ -202,7 +202,7 @@ void p_check_integrity(struct work_struct *p_work) { mutex_unlock(&module_mutex); #if LINUX_VERSION_CODE >= KERNEL_VERSION(3,14,0) /* unlock KOBJ activities */ - mutex_unlock(p_kernfs_mutex); +// mutex_unlock(p_kernfs_mutex); #endif /* Find information about current CPUs in the system */ diff --git a/src/modules/kmod/client/cli/p_lkrg-client.c b/src/modules/kmod/client/cli/p_lkrg-client.c index 6351349..7203ba2 100644 --- a/src/modules/kmod/client/cli/p_lkrg-client.c +++ b/src/modules/kmod/client/cli/p_lkrg-client.c @@ -43,7 +43,7 @@ #define PI3_MODULE_PARAM_PF "pi3_path" //#define PI3_MODULE_CTRL_NAME "p_ctrl_module" #define PI3_MODULE_CTRL_NAME "p_lkrg_kmod_cli" -#define P_DEFAULT_PATH "/root/p_lkrg-beta/output/client/kmod/"PI3_MODULE_CTRL_NAME".ko" +#define P_DEFAULT_PATH "/root/lkrg-experimental/output/client/kmod/"PI3_MODULE_CTRL_NAME".ko" #define VAL_TOO_BIG(a,b) \ ({ \ diff --git a/src/modules/kmod/p_kmod.c b/src/modules/kmod/p_kmod.c index 683e325..e9140dc 100644 --- a/src/modules/kmod/p_kmod.c +++ b/src/modules/kmod/p_kmod.c @@ -51,6 +51,14 @@ int p_kmod_init(void) { #endif p_module_kset = (struct kset **)p_kallsyms_lookup_name("module_kset"); + if (!p_global_modules) { + p_global_modules = (struct list_head *)&THIS_MODULE->list; + } + + if (!p_module_kset) { + p_module_kset = (struct kset **)&THIS_MODULE->mkobj.kobj.kset; + } + // DEBUG p_debug_log(P_LKRG_DBG, " p_ddebug_tables[0x%lx] p_ddebug_lock[0x%lx] " @@ -75,7 +83,7 @@ int p_kmod_init(void) { p_ret = P_LKRG_GENERAL_ERROR; goto p_kmod_init_out; } - +/* #if LINUX_VERSION_CODE >= KERNEL_VERSION(3,14,0) if (!p_kernfs_mutex) { p_print_log(P_LKRG_ERR, @@ -84,7 +92,7 @@ int p_kmod_init(void) { goto p_kmod_init_out; } #endif - +*/ if (!p_module_kset) { p_print_log(P_LKRG_ERR, "KMOD error! Can't find 'module_kset' variable :( Exiting...\n"); diff --git a/src/modules/kmod/p_kmod_notifier.c b/src/modules/kmod/p_kmod_notifier.c index 763330a..9ac298e 100644 --- a/src/modules/kmod/p_kmod_notifier.c +++ b/src/modules/kmod/p_kmod_notifier.c @@ -177,7 +177,7 @@ static int p_module_event_notifier(struct notifier_block *p_this, unsigned long mutex_lock(&module_mutex); #if LINUX_VERSION_CODE >= KERNEL_VERSION(3,14,0) /* Hacky way of 'stopping' KOBJs activities */ - mutex_lock(p_kernfs_mutex); +// mutex_lock(p_kernfs_mutex); #endif /* @@ -261,7 +261,7 @@ static int p_module_event_notifier(struct notifier_block *p_this, unsigned long #if LINUX_VERSION_CODE >= KERNEL_VERSION(3,14,0) /* Hacky way of 'stopping' KOBJs activities */ - mutex_lock(p_kernfs_mutex); +// mutex_lock(p_kernfs_mutex); #endif /* @@ -314,7 +314,7 @@ p_module_event_notifier_unlock_out: spin_unlock_irqrestore(&p_db_lock,p_db_flags); #if LINUX_VERSION_CODE >= KERNEL_VERSION(3,14,0) /* unlock KOBJ activities */ - mutex_unlock(p_kernfs_mutex); +// mutex_unlock(p_kernfs_mutex); #endif /* Release the 'module_mutex' */ mutex_unlock(&module_mutex); diff --git a/src/modules/protected_features/p_protected_API.h b/src/modules/protected_features/p_protected_API.h index bf8cd45..4b3199d 100644 --- a/src/modules/protected_features/p_protected_API.h +++ b/src/modules/protected_features/p_protected_API.h @@ -45,8 +45,8 @@ #define P_PROTECTED_FEATURES_INIT "/root/.p_lkrg-pf" -#define P_LKRG_KMOD_CLI "/root/p_lkrg-beta/output/client/kmod/p_lkrg_kmod_cli.ko" -#define P_LKRG_USER_CLI "/root/p_lkrg-beta/output/client/cli/p_lkrg-client" +#define P_LKRG_KMOD_CLI "/root/lkrg-experimental/output/client/kmod/p_lkrg_kmod_cli.ko" +#define P_LKRG_USER_CLI "/root/lkrg-experimental/output/client/cli/p_lkrg-client" #define P_PROTECTED_FILES_OPT_FILE 0x1 #define P_PROTECTED_FILES_OPT_LOGS 0x2