From 7092d7aa0c0e69820300b86cf240713286bc0d6d Mon Sep 17 00:00:00 2001 From: Adam_pi3 Date: Fri, 5 Mar 2021 15:18:57 -0500 Subject: [PATCH] Add support for RHEL 8.3 RHEL 8.3 backported modern *_JUMP_LABEL logic to own kernels. This commit add supports for it. --- .../p_arch_jump_label_transform_apply.c | 3 ++- src/modules/exploit_detection/p_exploit_detection.c | 12 ++++++++---- .../p_sel_write_enforce/p_sel_write_enforce.c | 3 ++- 3 files changed, 12 insertions(+), 6 deletions(-) diff --git a/src/modules/database/JUMP_LABEL/p_arch_jump_label_transform_apply/p_arch_jump_label_transform_apply.c b/src/modules/database/JUMP_LABEL/p_arch_jump_label_transform_apply/p_arch_jump_label_transform_apply.c index fdc8cd16..c65e3655 100644 --- a/src/modules/database/JUMP_LABEL/p_arch_jump_label_transform_apply/p_arch_jump_label_transform_apply.c +++ b/src/modules/database/JUMP_LABEL/p_arch_jump_label_transform_apply/p_arch_jump_label_transform_apply.c @@ -72,7 +72,8 @@ notrace int p_arch_jump_label_transform_apply_entry(struct kretprobe_instance *p #else if (p_tmp->len == JUMP_LABEL_NOP_SIZE && p_tmp->addr -#if LINUX_VERSION_CODE >= KERNEL_VERSION(5, 5, 0) +#if LINUX_VERSION_CODE >= KERNEL_VERSION(5, 5, 0) || \ + (defined(RHEL_RELEASE_CODE) && RHEL_RELEASE_CODE >= RHEL_RELEASE_VERSION(8, 3)) && p_tmp->opcode) { #else && p_tmp->detour) { diff --git a/src/modules/exploit_detection/p_exploit_detection.c b/src/modules/exploit_detection/p_exploit_detection.c index cc696582..6ccd5ba9 100644 --- a/src/modules/exploit_detection/p_exploit_detection.c +++ b/src/modules/exploit_detection/p_exploit_detection.c @@ -1672,7 +1672,8 @@ static void p_validate_selinux(void) { } } while(1); -#if LINUX_VERSION_CODE < KERNEL_VERSION(5, 6, 0) +#if (!defined(RHEL_RELEASE_CODE) && LINUX_VERSION_CODE < KERNEL_VERSION(5, 6, 0)) || \ + (defined(RHEL_RELEASE_CODE) && RHEL_RELEASE_CODE < RHEL_RELEASE_VERSION(8, 3)) if (p_ed_guard_globals.p_selinux.p_selinux_enabled != *P_SYM(p_selinux_enabled)) { p_print_log(P_LKRG_CRIT, " Detected data corruption against SELINUX! 'selinux_enabled' has " @@ -2280,7 +2281,8 @@ int p_exploit_detection_init(void) { } #ifdef CONFIG_SECURITY_SELINUX -#if LINUX_VERSION_CODE < KERNEL_VERSION(5, 6, 0) +#if (!defined(RHEL_RELEASE_CODE) && LINUX_VERSION_CODE < KERNEL_VERSION(5, 6, 0)) || \ + (defined(RHEL_RELEASE_CODE) && RHEL_RELEASE_CODE < RHEL_RELEASE_VERSION(8, 3)) P_SYM(p_selinux_enabled) = (int *)P_SYM(p_kallsyms_lookup_name)("selinux_enabled"); #endif #ifdef CONFIG_SECURITY_SELINUX_DEVELOP @@ -2305,7 +2307,8 @@ int p_exploit_detection_init(void) { #endif #endif -#if LINUX_VERSION_CODE < KERNEL_VERSION(5, 6, 0) +#if (!defined(RHEL_RELEASE_CODE) && LINUX_VERSION_CODE < KERNEL_VERSION(5, 6, 0)) || \ + (defined(RHEL_RELEASE_CODE) && RHEL_RELEASE_CODE < RHEL_RELEASE_VERSION(8, 3)) if (!P_SYM(p_selinux_enabled)) { p_print_log(P_LKRG_ERR, "[ED] ERROR: Can't find 'selinux_enabled' variable :( Exiting...\n"); @@ -2334,7 +2337,8 @@ int p_exploit_detection_init(void) { p_ed_guard_globals.p_selinux.p_selinux_enforcing = *P_SYM(p_selinux_enforcing); #endif #endif -#if LINUX_VERSION_CODE < KERNEL_VERSION(5, 6, 0) +#if (!defined(RHEL_RELEASE_CODE) && LINUX_VERSION_CODE < KERNEL_VERSION(5, 6, 0)) || \ + (defined(RHEL_RELEASE_CODE) && RHEL_RELEASE_CODE < RHEL_RELEASE_VERSION(8, 3)) p_ed_guard_globals.p_selinux.p_selinux_enabled = *P_SYM(p_selinux_enabled); #endif p_lkrg_counter_lock_init(&p_ed_guard_globals.p_selinux_lock); diff --git a/src/modules/exploit_detection/syscalls/p_sel_write_enforce/p_sel_write_enforce.c b/src/modules/exploit_detection/syscalls/p_sel_write_enforce/p_sel_write_enforce.c index a9efef03..a3943776 100644 --- a/src/modules/exploit_detection/syscalls/p_sel_write_enforce/p_sel_write_enforce.c +++ b/src/modules/exploit_detection/syscalls/p_sel_write_enforce/p_sel_write_enforce.c @@ -81,7 +81,8 @@ int p_sel_write_enforce_ret(struct kretprobe_instance *p_ri, struct pt_regs *p_r p_ed_guard_globals.p_selinux.p_selinux_enforcing = *P_SYM(p_selinux_enforcing); #endif #endif -#if LINUX_VERSION_CODE < KERNEL_VERSION(5, 6, 0) +#if (!defined(RHEL_RELEASE_CODE) && LINUX_VERSION_CODE < KERNEL_VERSION(5, 6, 0)) || \ + (defined(RHEL_RELEASE_CODE) && RHEL_RELEASE_CODE < RHEL_RELEASE_VERSION(8, 3)) p_ed_guard_globals.p_selinux.p_selinux_enabled = *P_SYM(p_selinux_enabled); #endif }