summarylogtreecommitdiffstats
path: root/kernel-5.6.patch
blob: 8e5ece93c0985dbfe8b40bd176f3baa7d0d9fc54 (plain) 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81

diff -ruw lkrg-0.7.orig/src/modules/exploit_detection/p_exploit_detection.c lkrg-0.7/src/modules/exploit_detection/p_exploit_detection.c
--- lkrg-0.7.orig/src/modules/exploit_detection/p_exploit_detection.c	2019-07-19 13:51:17.000000000 +0200
+++ lkrg-0.7/src/modules/exploit_detection/p_exploit_detection.c	2020-04-21 19:04:29.138591608 +0200
@@ -772,6 +772,7 @@
           "Entering function <p_validate_selinux>\n");
 
    mutex_lock(&p_ed_guard_globals.p_selinux_lock);
+#if LINUX_VERSION_CODE < KERNEL_VERSION(5, 6, 0)
    if (p_ed_guard_globals.p_selinux.p_selinux_enabled != *p_selinux_enabled) {
       p_print_log(P_LKRG_CRIT,
              "<Exploit Detection> Detected data corruption against SELINUX! 'selinux_enabled' has "
@@ -779,6 +780,7 @@
                                   *p_selinux_enabled,p_ed_guard_globals.p_selinux.p_selinux_enabled);
       *p_selinux_enabled = p_ed_guard_globals.p_selinux.p_selinux_enabled;
    }
+#endif
 
 #ifdef CONFIG_SECURITY_SELINUX_DEVELOP
  #if LINUX_VERSION_CODE >= KERNEL_VERSION(4,17,0)
@@ -1264,7 +1266,9 @@
    }
 
 #ifdef CONFIG_SECURITY_SELINUX
+#if LINUX_VERSION_CODE < KERNEL_VERSION(5, 6, 0)
    p_selinux_enabled    = (int *)p_kallsyms_lookup_name("selinux_enabled");
+#endif
 #ifdef CONFIG_SECURITY_SELINUX_DEVELOP
  #if LINUX_VERSION_CODE >= KERNEL_VERSION(4,17,0)
    p_selinux_state      = (struct p_selinux_state *)p_kallsyms_lookup_name("selinux_state");
@@ -1287,6 +1291,7 @@
  #endif
 #endif
 
+#if LINUX_VERSION_CODE < KERNEL_VERSION(5, 6, 0)
    if (!p_selinux_enabled) {
       p_print_log(P_LKRG_ERR,
              "[ED] ERROR: Can't find 'selinux_enabled' variable :( Exiting...\n");
@@ -1294,6 +1299,7 @@
       goto p_exploit_detection_init_out;
    }
 #endif
+#endif
 
    if (p_init_rb_ed_pids()) {
       p_print_log(P_LKRG_ERR,
@@ -1314,7 +1320,9 @@
    p_ed_guard_globals.p_selinux.p_selinux_enforcing = *p_selinux_enforcing;
  #endif
 #endif
+#if LINUX_VERSION_CODE < KERNEL_VERSION(5, 6, 0)
    p_ed_guard_globals.p_selinux.p_selinux_enabled = *p_selinux_enabled;
+#endif
    mutex_init(&p_ed_guard_globals.p_selinux_lock);
 #endif
 
diff -ruw lkrg-0.7.orig/src/modules/exploit_detection/p_exploit_detection.h lkrg-0.7/src/modules/exploit_detection/p_exploit_detection.h
--- lkrg-0.7.orig/src/modules/exploit_detection/p_exploit_detection.h	2019-07-19 13:51:17.000000000 +0200
+++ lkrg-0.7/src/modules/exploit_detection/p_exploit_detection.h	2020-04-21 19:04:59.588485501 +0200
@@ -222,7 +222,9 @@
    int p_selinux_enforcing;
  #endif
 #endif
+#if LINUX_VERSION_CODE < KERNEL_VERSION(5, 6, 0)
    int p_selinux_enabled;
+#endif
 
 };
 #endif
diff -ruw lkrg-0.7.orig/src/modules/exploit_detection/syscalls/p_sel_write_enforce/p_sel_write_enforce.c lkrg-0.7/src/modules/exploit_detection/syscalls/p_sel_write_enforce/p_sel_write_enforce.c
--- lkrg-0.7.orig/src/modules/exploit_detection/syscalls/p_sel_write_enforce/p_sel_write_enforce.c	2019-05-09 17:08:25.000000000 +0200
+++ lkrg-0.7/src/modules/exploit_detection/syscalls/p_sel_write_enforce/p_sel_write_enforce.c	2020-04-21 19:05:39.418333669 +0200
@@ -91,7 +91,9 @@
       p_ed_guard_globals.p_selinux.p_selinux_enforcing = *p_selinux_enforcing;
  #endif
 #endif
+#if LINUX_VERSION_CODE < KERNEL_VERSION(5, 6, 0)
       p_ed_guard_globals.p_selinux.p_selinux_enabled = *p_selinux_enabled;
+#endif
    }
 
    // unlock shadow SELinux updates