From ed5ad643ba013e9df793b5d72ea71b260e97ce0f Mon Sep 17 00:00:00 2001
From: Xi_Yuhao <xiyuhao@huawei.com>
Date: Sun, 30 Jan 2022 16:13:43 +0800
Subject: [PATCH] binder:Use ioctl cmd to support access token rather than
 changing existing struct

ohos inclusion
category: feature
issue: #I4SCSR
CVE: NA

-----------
tokendid is used for special app security control

Signed-off-by: Xi_Yuhao <xiyuhao@huawei.com>
---
 drivers/android/binder.c            | 58 ++++++++++++++++++++++++++---
 include/uapi/linux/android/binder.h | 26 ++++++-------
 2 files changed, 66 insertions(+), 18 deletions(-)

diff --git a/drivers/android/binder.c b/drivers/android/binder.c
index e58dd44eee3d..3604f0df6896 100644
--- a/drivers/android/binder.c
+++ b/drivers/android/binder.c
@@ -95,6 +95,15 @@ DEFINE_SHOW_ATTRIBUTE(proc);
 
 #define FORBIDDEN_MMAP_FLAGS                (VM_WRITE)
 
+#ifdef CONFIG_ACCESS_TOKENID
+#define ENABLE_ACCESS_TOKENID 1
+#else
+#define ENABLE_ACCESS_TOKENID 0
+#endif /* CONFIG_ACCESS_TOKENID */
+
+#define ACCESS_TOKENID_FEATURE_VALUE (ENABLE_ACCESS_TOKENID << 0)
+#define BINDER_CURRENT_FEATURE_SET ACCESS_TOKENID_FEATURE_VALUE
+
 enum {
 	BINDER_DEBUG_USER_ERROR             = 1U << 0,
 	BINDER_DEBUG_FAILED_TRANSACTION     = 1U << 1,
@@ -4455,10 +4464,6 @@ static int binder_thread_read(struct binder_proc *proc,
 		trd->code = t->code;
 		trd->flags = t->flags;
 		trd->sender_euid = from_kuid(current_user_ns(), t->sender_euid);
-#ifdef CONFIG_ACCESS_TOKENID
-		trd->sender_tokenid = t->sender_tokenid;
-		trd->first_tokenid = t->first_tokenid;
-#endif /* CONFIG_ACCESS_TOKENID */
 
 		t_from = binder_get_txn_from(t);
 		if (t_from) {
@@ -5093,7 +5098,7 @@ static long binder_ioctl(struct file *filp, unsigned int cmd, unsigned long arg)
 			ret = -EINVAL;
 			goto err;
 		}
-		if (put_user(BINDER_CURRENT_PROTOCOL_VERSION + BINDER_SUB_VERSION,
+		if (put_user(BINDER_CURRENT_PROTOCOL_VERSION,
 			     &ver->protocol_version)) {
 			ret = -EINVAL;
 			goto err;
@@ -5137,6 +5142,49 @@ static long binder_ioctl(struct file *filp, unsigned int cmd, unsigned long arg)
 		}
 		break;
 	}
+	case BINDER_FEATURE_SET: {
+		struct binder_feature_set __user *features = ubuf;
+
+		if (size != sizeof(struct binder_feature_set)) {
+			ret = -EINVAL;
+			goto err;
+		}
+		if (put_user(BINDER_CURRENT_FEATURE_SET, &features->feature_set)) {
+			ret = -EINVAL;
+			goto err;
+		}
+		break;
+	}
+#ifdef CONFIG_ACCESS_TOKENID
+	case BINDER_GET_ACCESS_TOKEN: {
+		struct access_token __user *tokens = ubuf;
+		u64 token, ftoken;
+
+		if (size != sizeof(struct access_token)) {
+			ret = -EINVAL;
+			goto err;
+		}
+		binder_inner_proc_lock(proc);
+		if (thread->transaction_stack == NULL) {
+			ret = -EFAULT;
+			binder_inner_proc_unlock(proc);
+			goto err;
+		}
+		token = thread->transaction_stack->sender_tokenid;
+		ftoken = thread->transaction_stack->first_tokenid;
+
+		binder_inner_proc_unlock(proc);
+		if (put_user(token, &tokens->sender_tokenid)) {
+			ret = -EINVAL;
+			goto err;
+		}
+		if (put_user(ftoken, &tokens->first_tokenid)) {
+			ret = -EINVAL;
+			goto err;
+		}
+		break;
+	}
+#endif /* CONFIG_ACCESS_TOKENID */
 	default:
 		ret = -EINVAL;
 		goto err;
diff --git a/include/uapi/linux/android/binder.h b/include/uapi/linux/android/binder.h
index 1b75626269a3..3abb5b15aa71 100644
--- a/include/uapi/linux/android/binder.h
+++ b/include/uapi/linux/android/binder.h
@@ -195,15 +195,6 @@ struct binder_version {
 #define BINDER_CURRENT_PROTOCOL_VERSION 8
 #endif
 
-#ifdef CONFIG_ACCESS_TOKENID
-#define ENABLE_ACCESS_TOKENID 1
-#else
-#define ENABLE_ACCESS_TOKENID 0
-#endif /* CONFIG_ACCESS_TOKENID */
-
-#define BINDER_SUB_VERSION_SHIFT_BASE 16
-#define BINDER_SUB_VERSION (ENABLE_ACCESS_TOKENID << BINDER_SUB_VERSION_SHIFT_BASE)
-
 /*
  * Use with BINDER_GET_NODE_DEBUG_INFO, driver reads ptr, writes to all fields.
  * Set ptr to NULL for the first call to get the info for the first node, and
@@ -226,6 +217,16 @@ struct binder_node_info_for_ref {
 	__u32            reserved3;
 };
 
+struct binder_feature_set {
+	__u64 feature_set;
+};
+
+struct access_token {
+	__u64 sender_tokenid;
+	__u64 first_tokenid;
+	__u64 reserved[2];
+};
+
 #define BINDER_WRITE_READ		_IOWR('b', 1, struct binder_write_read)
 #define BINDER_SET_IDLE_TIMEOUT		_IOW('b', 3, __s64)
 #define BINDER_SET_MAX_THREADS		_IOW('b', 5, __u32)
@@ -237,6 +238,9 @@ struct binder_node_info_for_ref {
 #define BINDER_GET_NODE_INFO_FOR_REF	_IOWR('b', 12, struct binder_node_info_for_ref)
 #define BINDER_SET_CONTEXT_MGR_EXT	_IOW('b', 13, struct flat_binder_object)
 
+#define BINDER_FEATURE_SET	_IOWR('b', 30, struct binder_feature_set)
+#define BINDER_GET_ACCESS_TOKEN	_IOWR('b', 31, struct access_token)
+
 /*
  * NOTE: Two special error codes you should check for when calling
  * in to the driver are:
@@ -293,10 +297,6 @@ struct binder_transaction_data {
 		} ptr;
 		__u8	buf[8];
 	} data;
-#ifdef CONFIG_ACCESS_TOKENID
-	__u64 sender_tokenid;
-	__u64 first_tokenid;
-#endif /* CONFIG_ACCESS_TOKENID */
 };
 
 struct binder_transaction_data_secctx {
-- 
Gitee