diff --git a/drivers/android/vendor_hooks.c b/drivers/android/vendor_hooks.c index ed451cd3882b..0d62f320fa57 100644 --- a/drivers/android/vendor_hooks.c +++ b/drivers/android/vendor_hooks.c @@ -36,6 +36,7 @@ #include #include #include +#include #include #include #include @@ -131,6 +132,10 @@ EXPORT_TRACEPOINT_SYMBOL_GPL(android_rvh_selinux_avc_insert); EXPORT_TRACEPOINT_SYMBOL_GPL(android_rvh_selinux_avc_node_delete); EXPORT_TRACEPOINT_SYMBOL_GPL(android_rvh_selinux_avc_node_replace); EXPORT_TRACEPOINT_SYMBOL_GPL(android_rvh_selinux_avc_lookup); +EXPORT_TRACEPOINT_SYMBOL_GPL(android_rvh_commit_creds); +EXPORT_TRACEPOINT_SYMBOL_GPL(android_rvh_exit_creds); +EXPORT_TRACEPOINT_SYMBOL_GPL(android_rvh_override_creds); +EXPORT_TRACEPOINT_SYMBOL_GPL(android_rvh_revert_creds); EXPORT_TRACEPOINT_SYMBOL_GPL(android_rvh_selinux_is_initialized); EXPORT_TRACEPOINT_SYMBOL_GPL(android_rvh_shmem_get_folio); EXPORT_TRACEPOINT_SYMBOL_GPL(android_vh_check_mmap_file); diff --git a/include/trace/hooks/creds.h b/include/trace/hooks/creds.h new file mode 100644 index 000000000000..69a68081f2a3 --- /dev/null +++ b/include/trace/hooks/creds.h @@ -0,0 +1,33 @@ +/* SPDX-License-Identifier: GPL-2.0 */ +#undef TRACE_SYSTEM +#define TRACE_SYSTEM creds + +#define TRACE_INCLUDE_PATH trace/hooks +#if !defined(_TRACE_HOOK_CREDS_H) || defined(TRACE_HEADER_MULTI_READ) +#define _TRACE_HOOK_CREDS_H +#include +/* + * Following tracepoints are not exported in tracefs and provide a + * mechanism for vendor modules to hook and extend functionality + */ +struct cred; +struct task_struct; +DECLARE_RESTRICTED_HOOK(android_rvh_commit_creds, + TP_PROTO(const struct task_struct *task, const struct cred *new), + TP_ARGS(task, new), 1); + +DECLARE_RESTRICTED_HOOK(android_rvh_exit_creds, + TP_PROTO(const struct task_struct *task, const struct cred *cred), + TP_ARGS(task, cred), 1); + +DECLARE_RESTRICTED_HOOK(android_rvh_override_creds, + TP_PROTO(const struct task_struct *task, const struct cred *new), + TP_ARGS(task, new), 1); + +DECLARE_RESTRICTED_HOOK(android_rvh_revert_creds, + TP_PROTO(const struct task_struct *task, const struct cred *old), + TP_ARGS(task, old), 1); + +#endif /* _TRACE_HOOK_CREDS_H */ +/* This part must be outside protection */ +#include diff --git a/kernel/cred.c b/kernel/cred.c index e10c15f51c1f..d4a529cd4737 100644 --- a/kernel/cred.c +++ b/kernel/cred.c @@ -17,6 +17,8 @@ #include #include +#include + #if 0 #define kdebug(FMT, ...) \ printk("[%-5.5s%5u] " FMT "\n", \ @@ -181,6 +183,7 @@ void exit_creds(struct task_struct *tsk) key_put(tsk->cached_requested_key); tsk->cached_requested_key = NULL; #endif + trace_android_rvh_exit_creds(tsk, cred); } /** @@ -499,6 +502,7 @@ int commit_creds(struct cred *new) inc_rlimit_ucounts(new->ucounts, UCOUNT_RLIMIT_NPROC, 1); rcu_assign_pointer(task->real_cred, new); rcu_assign_pointer(task->cred, new); + trace_android_rvh_commit_creds(task, new); if (new->user != old->user || new->user_ns != old->user_ns) dec_rlimit_ucounts(old->ucounts, UCOUNT_RLIMIT_NPROC, 1); alter_cred_subscribers(old, -2); @@ -576,6 +580,7 @@ const struct cred *override_creds(const struct cred *new) get_new_cred((struct cred *)new); alter_cred_subscribers(new, 1); rcu_assign_pointer(current->cred, new); + trace_android_rvh_override_creds(current, new); alter_cred_subscribers(old, -1); kdebug("override_creds() = %p{%d,%d}", old, @@ -604,6 +609,7 @@ void revert_creds(const struct cred *old) validate_creds(override); alter_cred_subscribers(old, 1); rcu_assign_pointer(current->cred, old); + trace_android_rvh_revert_creds(current, old); alter_cred_subscribers(override, -1); put_cred(override); }