Android 10  |  10.0.0_r6
文本文件  |  122行  |  3.06 KB 

# Copyright 2018 syzkaller project authors. All rights reserved.
# Use of this source code is governed by Apache 2 LICENSE that can be found in the LICENSE file.

include <uapi/linux/a.out.h>
include <uapi/linux/elf.h>

execve(file ptr[in, filename], argv ptr[in, array[ptr[in, string]]], envp ptr[in, array[ptr[in, string]]])
execveat(dirfd fd_dir, file ptr[in, filename], argv ptr[in, array[ptr[in, string]]], envp ptr[in, array[ptr[in, string]]], flags flags[at_flags])

write$binfmt_script(fd fd, data ptr[in, binfmt_script], len bytesize[data])
write$binfmt_misc(fd fd, data ptr[in, binfmt_misc], len bytesize[data])
write$binfmt_aout(fd fd, data ptr[in, binfmt_aout], len bytesize[data])
write$binfmt_elf32(fd fd, data ptr[in, binfmt_elf32], len bytesize[data])
write$binfmt_elf64(fd fd, data ptr[in, binfmt_elf64], len bytesize[data])

binfmt_script {
	hdr	stringnoz["#! "]
	bin	stringnoz[filename]
	args	array[binfmt_script_arg]
	nl	const[0xa, int8]
	data	array[int8]
} [packed]

binfmt_script_arg {
	sp	const[0x20, int8]
	arg	stringnoz
}

binfmt_misc {
	hdr	stringnoz[binfmt_misc_headers]
	data	array[int8]
}

binfmt_misc_headers = "syz0", "syz1"

binfmt_aout {
	exec	exec
	data	array[int8]
# Just to make the file of a non-trivial size.
	pad	array[array[const[0, int64], 32], 0:10]
} [packed]

exec {
	magic		flags[aouthdr_magics, int16]
	machtype	int8
	flags		int8
	a_text		int32[0:1000]
	a_data		int32[0:1000]
	a_bss		int32
	a_syms		int32[0:1000]
	a_entry		int32
	a_trsize	const[0, int32]
	a_drsize	const[0, int32]
}

aouthdr_magics = OMAGIC, NMAGIC, ZMAGIC, QMAGIC

type binfmt_elf32 binfmt_elf[int32, elf32_phdr, ELF32_PHDR_SIZE]
type binfmt_elf64 binfmt_elf[int64, elf64_phdr, ELF64_PHDR_SIZE]

type binfmt_elf[ADDR, PHDR, PHENTSIZE] {
	hdr	elf_hdr[ADDR, PHENTSIZE]
	phdr	array[PHDR, 1:2]
	data	array[int8]
# Just to make the file of a non-trivial size.
	pad	array[array[const[0, int64], 32], 0:10]
} [packed]

type elf_hdr[ADDR, PHENTSIZE] {
	e_ident0	const[0x7f, int8]
	e_ident1	const[0x45, int8]
	e_ident2	const[0x4c, int8]
	e_ident3	const[0x46, int8]
	e_ident_class	int8
	e_ident_data	int8
	e_ident_ver	int8
	e_ident_osabi	int8
	e_ident_pad	int64
	e_type		flags[elf_types, int16]
	e_machine	flags[elf_machines, int16]
	e_version	int32
	e_entry		ADDR[0:1000]
	e_phoff		bytesize[parent, ADDR]
	e_shoff		ADDR[0:1000]
	e_flags		int32
	e_ehsize	int16
	e_phentsize	const[PHENTSIZE, int16]
	e_phnum		int16[1:2]
	e_shentsize	int16
	e_shnum		int16
	e_shstrndx	int16
}

elf32_phdr {
	p_type		flags[elf_ptypes, int32]
	p_offset	int32
	p_vaddr		int32
	p_paddr		int32
	p_filesz	int32
	p_memsz		int32
	p_flags		int32
	p_align		int32
} [size[ELF32_PHDR_SIZE]]

elf64_phdr {
	p_type		flags[elf_ptypes, int32]
	p_flags		int32
	p_offset	int64
	p_vaddr		int64
	p_paddr		int64
	p_filesz	int64
	p_memsz		int64
	p_align		int64
} [size[ELF64_PHDR_SIZE]]

elf_types = ET_EXEC, ET_DYN
elf_machines = EM_386, EM_486, EM_X86_64
elf_ptypes = PT_LOAD, PT_DYNAMIC, PT_INTERP, PT_NOTE, PT_SHLIB, PT_PHDR, PT_TLS, PT_LOOS, PT_LOPROC, PT_GNU_STACK

define ELF32_PHDR_SIZE	sizeof(struct elf32_phdr)
define ELF64_PHDR_SIZE	sizeof(struct elf64_phdr)