diff options
-rwxr-xr-x | toj/center/src/judgk_proc.c | 1 | ||||
-rwxr-xr-x | toj/center/src/judgk_security.c | 43 | ||||
-rwxr-xr-x | toj/center/src/judgk_security.h | 3 |
3 files changed, 28 insertions, 19 deletions
diff --git a/toj/center/src/judgk_proc.c b/toj/center/src/judgk_proc.c index 17a0375..9780498 100755 --- a/toj/center/src/judgk_proc.c +++ b/toj/center/src/judgk_proc.c @@ -176,7 +176,6 @@ static int proc_watcher(void *data){ list_for_each_entry_rcu(info,&proc_task_list,list){ if(cputime_to_usecs(info->task->utime) > info->timelimit){ - pr_alert("judgk:TLE"); info->status = JUDGE_TLE; send_sig(SIGKILL,info->task,0); }else if(time_after(jiffies,info->jiff_end)){ diff --git a/toj/center/src/judgk_security.c b/toj/center/src/judgk_security.c index 876bb1b..8eb54cb 100755 --- a/toj/center/src/judgk_security.c +++ b/toj/center/src/judgk_security.c @@ -10,7 +10,7 @@ int judgk_security_hook(){ - security_hook_addr = security_get_addr(); + security_init_hook(); ori_sops = (struct security_operations*)*security_hook_addr; memcpy(&hook_sops,ori_sops,sizeof(struct security_operations)); @@ -200,7 +200,7 @@ int judgk_security_unhook(){ return 0; } -static unsigned long* security_get_addr(){ +static int security_init_hook(){ ssize_t ret; int i; int j; @@ -210,6 +210,10 @@ static unsigned long* security_get_addr(){ unsigned char code[3] = {0x48,0xc7,0x05}; unsigned long addr; + f = filp_open("/proc/meminfo",O_RDONLY,0); + security_meminfo_ino = f->f_dentry->d_inode->i_ino; + filp_close(f,NULL); + f = filp_open("/proc/kallsyms",O_RDONLY,0); set_fs(KERNEL_DS); @@ -270,7 +274,9 @@ static unsigned long* security_get_addr(){ addr++; } - return (unsigned long*)(addr + (unsigned long)*(unsigned int*)addr + 8UL); + security_hook_addr = (unsigned long*)(addr + (unsigned long)*(unsigned int*)addr + 8UL); + + return 0; } static inline void security_hook_rf(struct judgk_proc_info *info){ info->status = JUDGE_RF; @@ -315,7 +321,8 @@ static int hook_file_open(struct file *file, const struct cred *cred){ int i; struct judgk_proc_info *info; - char *buf_path,*path; + char *buf_path + char *path; info = judgk_proc_task_lookup(current); if(likely(info == NULL || in_interrupt())){ @@ -328,7 +335,7 @@ static int hook_file_open(struct file *file, const struct cred *cred){ if((file->f_mode & !(FMODE_READ | FMODE_LSEEK | FMODE_PREAD | FMODE_EXEC)) != 0){ ret = -EACCES; - }else if(strcmp(path,"/proc/meminfo") != 0){ + }else if(file->f_dentry->d_inode == NULL || file->f_dentry->d_inode->i_ino != security_meminfo_ino){ i = 0; while(info->run_path[i] != '\0'){ if(path[i] != info->run_path[i]){ @@ -368,6 +375,20 @@ static int hook_file_ioctl(struct file *file,unsigned int cmd,unsigned long arg) } return ori_sops->file_ioctl(file,cmd,arg); } +static void hook_d_instantiate(struct dentry *dentry,struct inode *inode){ + struct judgk_proc_info *info; + + info = judgk_proc_task_lookup(current); + if(likely(info == NULL || in_interrupt())){ + return ori_sops->d_instantiate(dentry,inode); + } + + if(inode == NULL || inode->i_ino != security_meminfo_ino){ + pr_alert("judgk:PID %d d_instantiate\n",current->tgid); + security_hook_rf(info); + } + return ori_sops->d_instantiate(dentry,inode); +} static int hook_vm_enough_memory(struct mm_struct *mm,long pages){ struct judgk_proc_info *info; @@ -1932,18 +1953,6 @@ static int hook_netlink_send(struct sock *sk,struct sk_buff *skb){ security_hook_rf(info); return -EACCES; } -static void hook_d_instantiate(struct dentry *dentry,struct inode *inode){ - struct judgk_proc_info *info; - - info = judgk_proc_task_lookup(current); - if(likely(info == NULL || in_interrupt())){ - return ori_sops->d_instantiate(dentry,inode); - } - - pr_alert("judgk:PID %d d_instantiate\n",current->tgid); - - security_hook_rf(info); -} static int hook_getprocattr(struct task_struct *p,char *name,char **value){ struct judgk_proc_info *info; diff --git a/toj/center/src/judgk_security.h b/toj/center/src/judgk_security.h index 5080dd0..61a2808 100755 --- a/toj/center/src/judgk_security.h +++ b/toj/center/src/judgk_security.h @@ -1,6 +1,7 @@ -static unsigned long* security_get_addr(void); +static int security_init_hook(void); static inline void security_hook_rf(struct judgk_proc_info *info); +static unsigned long security_meminfo_ino; static unsigned long* security_hook_addr; static struct security_operations *ori_sops; static struct security_operations hook_sops; |