[lineage-19] Fix CVE-2021-3968

Flamefire commented 2 years ago

As described in #66 this is the minimal approach to fix CVE-2021-3968 (with 2 simple commits first for extra safety)

Upstream those are:

Commits dd0859dccbe291cf8179a96390f5c0e45cb9af1d & ca97d939db114c8d1619e10a3b82af8615372dae for readonly hooks
3dfc9b02864b19f4dab376f14479ee4ad1de6c9e to add new hooks without explicitly adding them (another time)
Add a new hook in 3ec30113264a7bcd389f51d1738e42da0f41bb5a used to fix the CVE with 11db2de0a

The IMO better approach would be to backport as many of the LSM changes as possible. I've done that for 17.1/18.1 with https://github.com/Flamefire/android_kernel_sony_msm8998/pull/24 I can rebase that on your 19.1 branch too if you want that (see again #66)

IMPORTANT: This an untested port from the 17.1/18.1 build where this works (device boots and camera shows pictures) but I couldn't test it for 19.1 myself, so please do that first. Note that you can fetch from a pr with git fetch github pull/<pr-num>/head and access that via git checkout FETCH_HEAD (or merge, or ...)

derfelot commented 2 years ago

Thanks, I'll try to do a quick test build now

derfelot commented 2 years ago

looks like something is missing:

../../../../../../kernel/sony/msm8998/drivers/android/binder.c:3139:32: error: no member named 'cred' in 'struct binder_proc'
                security_cred_getsecid(proc->cred, &secid);

Flamefire commented 2 years ago

Yes, seems you need 1 commit (or better all 4) from https://github.com/Flamefire/android_kernel_sony_msm8998/pull/15

Flamefire commented 1 year ago

I rebased this and https://github.com/Flamefire/android_kernel_sony_msm8998/pull/15 onto your 19.1 branch so this should work now. I'll also open a PR with the same 9 commits onto lineage-20

whatawurst / android_kernel_sony_msm8998

[lineage-19] Fix CVE-2021-3968 #67