exec: Add node tampering blacklist function

We'll be adding checks to block writes from processes which tamper with values that we control from within the kernel, especially ones that userspace writes to for boosting. Add a central function to perform the process check to reduce code duplication. This blacklists the following processes which are known to tamper with such values: Binder Signed-off-by: Danny Lin <danny@kdrag0n.dev>
acuicultor · Nov 23, 2020 · b73d502 · b73d502
1 parent 21a4b9f
commit b73d502
Showing 1 changed file with 8 additions and 0 deletions.
diff --git a/include/linux/binfmts.h b/include/linux/binfmts.h
@@ -152,4 +152,12 @@ extern int do_execveat(int, struct filename *,
 		       int);
 int do_execve_file(struct file *file, void *__argv, void *__envp);
 
+static inline bool task_is_booster(struct task_struct *tsk)
+{
+	char comm[sizeof(tsk->comm)];
+
+	get_task_comm(comm, tsk);
+	return !memcmp(comm, "Binder", 6);
+}
+
 #endif /* _LINUX_BINFMTS_H */