Hi @selinux@xxxxxxxxxxxxxxx,
We are getting below Crash while doing "cp" exectutables to /system/bin inside adb shell.
Reproducible steps:
adb root
adb remount
adb shell
cp <file_name> /system/bin
Crash :
[ 298.902980][ T7012] pstate: 60400005 (nZCv daif +PAN -UAO)
[ 298.908637][ T7012] pc : file_has_perm+0x64/0x1f0
[ 298.913483][ T7012] lr : file_has_perm+0x1bc/0x1f0
[ 298.918415][ T7012] sp : ffffffc02a3c3b80
[ 298.922556][ T7012] x29: ffffffc02a3c3bb0 x28: 0000000000010000
[ 298.928744][ T7012] x27: 0000000000010000 x26: ffffffe94ca17000
[ 298.934927][ T7012] x25: 0000000000000000 x24: ffffffaca6e90008
[ 298.941102][ T7012] x23: ffffffe94bf77000 x22: ffffffad42699d00
[ 298.947283][ T7012] x21: ffffffacb8829b40 x20: 0000000000000000
[ 298.953467][ T7012] x19: 0000000000000002 x18: ffffffc01ffb3050
[ 298.959652][ T7012] x17: 0000000000000031 x16: ffffffe94b265120
[ 298.965836][ T7012] x15: ffffffe94bf76417 x14: ffffffad3d3cfa00
[ 298.972014][ T7012] x13: 0000000000000004 x12: 0000000155de28d6
[ 298.978197][ T7012] x11: 0000000000000015 x10: 000000000682aaab
[ 298.984379][ T7012] x9 : dcd4944bf4caa800 x8 : 0000000000000000
[ 298.990561][ T7012] x7 : ffffffe949f06644 x6 : ffffffad3cbce518
[ 298.996741][ T7012] x5 : 0000000000000000 x4 : 0000000000000008
[ 299.002919][ T7012] x3 : ffffffad3cbce468 x2 : ffffffe949fb6d84
[ 299.009106][ T7012] x1 : ffffffe949fb6d84 x0 : 000000000000001a
[ 299.015286][ T7012] Call trace:
[ 299.018527][ T7012] file_has_perm+0x64/0x1f0
[ 299.023025][ T7012] selinux_file_permission+0x1a0/0x224
[ 299.028501][ T7012] security_file_permission+0x54/0x150
[ 299.033972][ T7012] rw_verify_area+0x70/0xe8
[ 299.038460][ T7012] splice_direct_to_actor+0xc0/0x318
[ 299.043757][ T7012] do_splice_direct+0x84/0xd8
[ 299.048423][ T7012] vfs_copy_file_range+0x1c4/0x458
[ 299.053545][ T7012] __arm64_sys_copy_file_range+0xe8/0x1a8
[ 299.059289][ T7012] el0_svc_common+0xcc/0x1d8
[ 299.063876][ T7012] el0_svc_handler+0x84/0x90
[ 299.068456][ T7012] el0_svc+0x8/0x100
[ 299.072318][ T7012] Code: b4000ae0 f9403e88 b987cee9 8b090108 (b9400501)
[ 299.079300][ T7012] ---[ end trace 9ef748cec7fd66eb ]---
[ 299.084775][ T7012] Kernel panic - not syncing: Fatal exception
Analysis :
We added the log in current_sid function and found out current_cred is coming as NULL.
/*
* get the subjective security ID of the current task
*/
static inline u32 current_sid(void)
{
const struct task_security_struct *tsec = selinux_cred(current_cred());
return tsec->sid;
}
extern struct lsm_blob_sizes selinux_blob_sizes;
static inline struct task_security_struct *selinux_cred(const struct cred *cred)
{
+ if (cred == NULL) {
+ pr_err("SELinux: cred is NULL ...\n");
+ return 0;
+ }
return cred->security + selinux_blob_sizes.lbs_cred;
}
comm 'cp' has 'cred' value as zero which is causing above crash.
Could you please provide your expert opinion on how to fix this issue .
Thanks & Regards
Jaihind Yadav
