diff options
| author | Nick Kralevich <nnk@google.com> | 2016-03-27 16:55:59 -0700 |
|---|---|---|
| committer | Nick Kralevich <nnk@google.com> | 2016-03-29 16:53:08 -0700 |
| commit | 124a9c97e9815142a33480b81a5a3041a7cd66bd (patch) | |
| tree | 8e6c0010207e657d0e9b6e78cb221c29d6b84fa4 /init | |
| parent | fbdbf100cb48f18d308c96f1959945cf7d1909ec (diff) | |
| download | core-124a9c97e9815142a33480b81a5a3041a7cd66bd.tar.gz core-124a9c97e9815142a33480b81a5a3041a7cd66bd.tar.bz2 core-124a9c97e9815142a33480b81a5a3041a7cd66bd.zip | |
init/builtins.cpp: Switch to finit_module
Switch insmod from using init_module to finit_module. From
"man finit_module":
The finit_module() system call is like init_module(), but reads the
module to be loaded from the file descriptor fd. It is useful when the
authenticity of a kernel module can be determined from its location in
the file system; in cases where that is possible, the overhead of
using cryptographically signed modules to determine the authenticity
of a module can be avoided.
finit_module is preferred over init_module because it allows LSMs, such
as SELinux, to perform a permission check on kernel module loads based on
the file from which the module is loaded. This functionality is not yet
implemented in the Linux kernel, but is on the SEAndroid TODO list.
See https://bitbucket.org/seandroid/wiki/wiki/ToDo
Bug: 27824855
Change-Id: Id0ea88cd1930393c8c73ce38e63d5b2eeadf946a
Diffstat (limited to 'init')
| -rw-r--r-- | init/builtins.cpp | 18 |
1 files changed, 10 insertions, 8 deletions
diff --git a/init/builtins.cpp b/init/builtins.cpp index 35f1a9e04..6469ec488 100644 --- a/init/builtins.cpp +++ b/init/builtins.cpp @@ -27,6 +27,7 @@ #include <sys/socket.h> #include <sys/mount.h> #include <sys/resource.h> +#include <sys/syscall.h> #include <sys/time.h> #include <sys/types.h> #include <sys/stat.h> @@ -61,19 +62,20 @@ #define UNMOUNT_CHECK_MS 5000 #define UNMOUNT_CHECK_TIMES 10 -// System call provided by bionic but not in any header file. -extern "C" int init_module(void *, unsigned long, const char *); - static const int kTerminateServiceDelayMicroSeconds = 50000; static int insmod(const char *filename, const char *options) { - std::string module; - if (!read_file(filename, &module)) { + int fd = open(filename, O_RDONLY | O_NOFOLLOW | O_CLOEXEC); + if (fd == -1) { + ERROR("insmod: open(\"%s\") failed: %s", filename, strerror(errno)); return -1; } - - // TODO: use finit_module for >= 3.8 kernels. - return init_module(&module[0], module.size(), options); + int rc = syscall(__NR_finit_module, fd, options, 0); + if (rc == -1) { + ERROR("finit_module for \"%s\" failed: %s", filename, strerror(errno)); + } + close(fd); + return rc; } static int __ifupdown(const char *interface, int up) { |