From 48bd1a7fa88b52ba932af6d3d9806874052c8eca Mon Sep 17 00:00:00 2001 From: zhangpan Date: Mon, 13 Mar 2023 20:03:10 +0800 Subject: [PATCH 1/3] add new xpm module Change-Id: I93c68b43a16fa07fc97684da0d1a8f5a4f3106eb --- arch/arm/mm/mmap.c | 7 +- fs/proc/base.c | 33 +- include/linux/sched.h | 5 + include/linux/xpm_common.h | 60 ++ mm/mmap.c | 25 +- security/Kconfig | 1 + security/Makefile | 2 + security/xpm/Kconfig | 26 + security/xpm/Makefile | 16 + security/xpm/inc/xpm_driver_manager.h | 26 + security/xpm/inc/xpm_log.h | 32 + security/xpm/inc/xpm_policy_manager.h | 29 + security/xpm/inc/xpm_process_manager.h | 26 + security/xpm/src/xpm_common.c | 20 + security/xpm/src/xpm_driver_manager.c | 133 ++++ security/xpm/src/xpm_module.c | 51 ++ security/xpm/src/xpm_policy_manager.c | 87 +++ security/xpm/src/xpm_process_manager.c | 13 + ...47\350\241\214\346\235\203\351\231\220.md" | 598 ++++++++++++++++++ 19 files changed, 1181 insertions(+), 9 deletions(-) create mode 100644 include/linux/xpm_common.h create mode 100644 security/xpm/Kconfig create mode 100644 security/xpm/Makefile create mode 100644 security/xpm/inc/xpm_driver_manager.h create mode 100644 security/xpm/inc/xpm_log.h create mode 100644 security/xpm/inc/xpm_policy_manager.h create mode 100644 security/xpm/inc/xpm_process_manager.h create mode 100644 security/xpm/src/xpm_common.c create mode 100644 security/xpm/src/xpm_driver_manager.c create mode 100644 security/xpm/src/xpm_module.c create mode 100644 security/xpm/src/xpm_policy_manager.c create mode 100644 security/xpm/src/xpm_process_manager.c create mode 100644 "security/xpm/src/\344\273\243\347\240\201\346\211\247\350\241\214\346\235\203\351\231\220.md" diff --git a/arch/arm/mm/mmap.c b/arch/arm/mm/mmap.c index c64124fb34ea..0ba604402db0 100644 --- a/arch/arm/mm/mmap.c +++ b/arch/arm/mm/mmap.c @@ -12,6 +12,7 @@ #include #include #include +#include #define COLOUR_ALIGN(addr,pgoff) \ ((((addr)+SHMLBA-1)&~(SHMLBA-1)) + \ @@ -64,7 +65,8 @@ arch_get_unmapped_area(struct file *filp, unsigned long addr, vma = find_vma(mm, addr); if (TASK_SIZE - len >= addr && - (!vma || addr + len <= vm_start_gap(vma))) + (!vma || addr + len <= vm_start_gap(vma)) && + (!xpm_va_across(addr, addr + len))) return addr; } @@ -115,7 +117,8 @@ arch_get_unmapped_area_topdown(struct file *filp, const unsigned long addr0, addr = PAGE_ALIGN(addr); vma = find_vma(mm, addr); if (TASK_SIZE - len >= addr && - (!vma || addr + len <= vm_start_gap(vma))) + (!vma || addr + len <= vm_start_gap(vma)) && + (!xpm_va_across(addr, addr + len))) return addr; } diff --git a/fs/proc/base.c b/fs/proc/base.c index 27145778c144..68245f6c877c 100644 --- a/fs/proc/base.c +++ b/fs/proc/base.c @@ -2368,7 +2368,7 @@ struct map_files_info { static const char * proc_map_files_get_link(struct dentry *dentry, struct inode *inode, - struct delayed_call *done) + struct delayed_call *done) { if (!checkpoint_restore_ns_capable(&init_user_ns)) return ERR_PTR(-EPERM); @@ -3286,6 +3286,31 @@ static const struct file_operations proc_setgroups_operations = { }; #endif /* CONFIG_USER_NS */ +#ifdef CONFIG_XPM +static ssize_t proc_xpm_validate_region_read(struct file *file, + char __user *buf, size_t count, loff_t *pos) +{ + struct task_struct *task = get_proc_task(file_inode(file)); + char content[XPM_PROC_CONTENT_LEN] = {0}; + size_t len; + + if (task == NULL) + return -ESRCH; + + len = snprintf(content, sizeof(content), "%x-%x", + task->xpm_info.region.addr_start, + task->xpm_info.region.addr_end); + put_task_struct(task); + + return simple_read_from_buffer(buf, count, pos, content, len); +} + +static const struct file_operations proc_xpm_validate_region_operations = { + .read = proc_xpm_validate_region_read, + .llseek = generic_file_llseek, +}; +#endif + static int proc_pid_personality(struct seq_file *m, struct pid_namespace *ns, struct pid *pid, struct task_struct *task) { @@ -3459,6 +3484,9 @@ static const struct pid_entry tgid_base_stuff[] = { #ifdef CONFIG_SCHED_RTG_DEBUG REG("sched_group_id", S_IRUGO|S_IWUGO, proc_pid_sched_group_id_operations), #endif +#ifdef CONFIG_XPM + REG("xpm_validate_region", S_IRUGO, proc_xpm_validate_region_operations), +#endif }; static int proc_tgid_base_readdir(struct file *file, struct dir_context *ctx) @@ -3794,6 +3822,9 @@ static const struct pid_entry tid_base_stuff[] = { #ifdef CONFIG_SCHED_RTG_DEBUG REG("sched_group_id", S_IRUGO|S_IWUGO, proc_pid_sched_group_id_operations), #endif +#ifdef CONFIG_XPM + REG("xpm_validate_region", S_IRUGO, proc_xpm_validate_region_operations), +#endif }; static int proc_tid_base_readdir(struct file *file, struct dir_context *ctx) diff --git a/include/linux/sched.h b/include/linux/sched.h index 5bc758263d09..9fea93eddbc4 100644 --- a/include/linux/sched.h +++ b/include/linux/sched.h @@ -35,6 +35,7 @@ #include #include #include +#include /* task_struct member predeclarations (sorted alphabetically): */ struct audit_context; @@ -886,6 +887,10 @@ struct task_struct { struct mm_struct *mm; struct mm_struct *active_mm; +#ifdef CONFIG_XPM + struct xpm_info xpm_info; +#endif + /* Per-thread vma caching: */ struct vmacache vmacache; diff --git a/include/linux/xpm_common.h b/include/linux/xpm_common.h new file mode 100644 index 000000000000..cea7f8e2ff93 --- /dev/null +++ b/include/linux/xpm_common.h @@ -0,0 +1,60 @@ +/* SPDX-License-Identifier: BSD-3-Clause */ +/* +* Copyright (c) 2023 Huawei Device Co., Ltd. +*/ + +#ifndef _XPM_H +#define _XPM_H + +#include + +#define XPM_PROC_CONTENT_LEN 33 + +struct xpm_process_policy { + /* process policy type, such as webview or debug */ + uint32_t type; + /* check code signature is valid or not */ + int (*check_code_signature_func)(void); + /* check anoymous memory has exetuable permission or not */ + int (*check_anonymous_mem_func)(void); + /* check writeable memory has exetuable permission or not */ + int (*check_writable_mem_func)(void); +}; + +struct xpm_validate_region { + unsigned long addr_start; /* start adress of xpm validate region */ + unsigned long addr_end; /* end address of xpm validate region */ +}; + +struct xpm_info { + struct xpm_validate_region region; + struct xpm_process_policy *policy; +}; + +/** + * check that whether the input address region is intersect with the xpm virtal + * address region + */ +#ifdef CONFIG_XPM +extern bool xpm_va_intersect(unsigned long addr_start, unsigned long addr_end); + +/** + * check that theinput addr region is across the boundary of xpm reserved virtal + * addr region + */ +extern bool xpm_va_across(unsigned long addr_start, unsigned long addr_end); +#else +static inline bool xpm_va_intersect(unsigned long addr_start, + unsigned long addr_end) +{ + return false; +} + +static inline bool xpm_va_across(unsigned long addr_start, + unsigned long addr_end) +{ + return false; +} +#endif + +#endif /* _XPM_H */ \ No newline at end of file diff --git a/mm/mmap.c b/mm/mmap.c index bccc3235cd61..9688ea530f67 100644 --- a/mm/mmap.c +++ b/mm/mmap.c @@ -48,6 +48,7 @@ #include #include #include +#include #include #include @@ -2000,8 +2001,9 @@ static unsigned long unmapped_area(struct vm_unmapped_area_info *info) /* Check if current node has a suitable gap */ if (gap_start > high_limit) return -ENOMEM; - if (gap_end >= low_limit && - gap_end > gap_start && gap_end - gap_start >= length) + if ((gap_end >= low_limit && + gap_end > gap_start && gap_end - gap_start >= length) && + (!xpm_va_intersect(gap_start, gap_end))) goto found; /* Visit right subtree if it looks promising */ @@ -2032,7 +2034,11 @@ static unsigned long unmapped_area(struct vm_unmapped_area_info *info) check_highest: /* Check highest gap, which does not precede any rbtree node */ +#ifndef CONFIG_XPM gap_start = mm->highest_vm_end; +#else + gap_start = max(mm->highest_vm_end, current->xpm_info.region.addr_end); +#endif gap_end = ULONG_MAX; /* Only for VM_BUG_ON below */ if (gap_start > high_limit) return -ENOMEM; @@ -2075,7 +2081,11 @@ static unsigned long unmapped_area_topdown(struct vm_unmapped_area_info *info) low_limit = info->low_limit + length; /* Check highest gap, which does not precede any rbtree node */ +#ifndef CONFIG_XPM gap_start = mm->highest_vm_end; +#else + gap_start = max(mm->highest_vm_end, current->xpm_info.region.addr_end); +#endif if (gap_start <= high_limit) goto found_highest; @@ -2104,8 +2114,9 @@ static unsigned long unmapped_area_topdown(struct vm_unmapped_area_info *info) gap_end = vm_start_gap(vma); if (gap_end < low_limit) return -ENOMEM; - if (gap_start <= high_limit && - gap_end > gap_start && gap_end - gap_start >= length) + if ((gap_start <= high_limit && + gap_end > gap_start && gap_end - gap_start >= length) && + (!xpm_va_intersect(gap_start, gap_end))) goto found; /* Visit left subtree if it looks promising */ @@ -2203,7 +2214,8 @@ arch_get_unmapped_area(struct file *filp, unsigned long addr, vma = find_vma_prev(mm, addr, &prev); if (mmap_end - len >= addr && addr >= mmap_min_addr && (!vma || addr + len <= vm_start_gap(vma)) && - (!prev || addr >= vm_end_gap(prev))) + (!prev || addr >= vm_end_gap(prev)) && + (!xpm_va_across(addr, addr + len))) return addr; } @@ -2245,7 +2257,8 @@ arch_get_unmapped_area_topdown(struct file *filp, unsigned long addr, vma = find_vma_prev(mm, addr, &prev); if (mmap_end - len >= addr && addr >= mmap_min_addr && (!vma || addr + len <= vm_start_gap(vma)) && - (!prev || addr >= vm_end_gap(prev))) + (!prev || addr >= vm_end_gap(prev)) && + (!xpm_va_across(addr, addr + len))) return addr; } diff --git a/security/Kconfig b/security/Kconfig index 9893c316da89..43cd1c19a90a 100644 --- a/security/Kconfig +++ b/security/Kconfig @@ -230,6 +230,7 @@ source "security/loadpin/Kconfig" source "security/yama/Kconfig" source "security/safesetid/Kconfig" source "security/lockdown/Kconfig" +source "security/xpm/Kconfig" source "security/integrity/Kconfig" diff --git a/security/Makefile b/security/Makefile index 3baf435de541..edbffda9c54d 100644 --- a/security/Makefile +++ b/security/Makefile @@ -13,6 +13,7 @@ subdir-$(CONFIG_SECURITY_LOADPIN) += loadpin subdir-$(CONFIG_SECURITY_SAFESETID) += safesetid subdir-$(CONFIG_SECURITY_LOCKDOWN_LSM) += lockdown subdir-$(CONFIG_BPF_LSM) += bpf +subdir-$(CONFIG_XPM) += xpm # always enable default capabilities obj-y += commoncap.o @@ -32,6 +33,7 @@ obj-$(CONFIG_SECURITY_SAFESETID) += safesetid/ obj-$(CONFIG_SECURITY_LOCKDOWN_LSM) += lockdown/ obj-$(CONFIG_CGROUPS) += device_cgroup.o obj-$(CONFIG_BPF_LSM) += bpf/ +obj-$(CONFIG_XPM) += xpm/ # Object integrity file lists subdir-$(CONFIG_INTEGRITY) += integrity diff --git a/security/xpm/Kconfig b/security/xpm/Kconfig new file mode 100644 index 000000000000..e1df286e07ac --- /dev/null +++ b/security/xpm/Kconfig @@ -0,0 +1,26 @@ +# SPDX-License-Identifier: BSD-3-Clause +# Copyright (c) 2023 Huawei Device Co., Ltd. +# +# Config for the excutable permission manager +# + +menu "executable permission manager" + +config XPM + bool "enables excutable permission manager feature" + default n + help + The Executable Permission Manager(XPM) control process execution + by inserting control poliy into the security hook list, such as execv, + mmap and etc. It can control not to execute an illegal signature + process. + +config XPM_DEBUG + bool "excutable permission manager debug mode" + depends on XPM + default n + help + This option should only be enabled for debug test which can enable + some debug interfaces to obtain detailed information. +endmenu +# a blank line must be existed \ No newline at end of file diff --git a/security/xpm/Makefile b/security/xpm/Makefile new file mode 100644 index 000000000000..375e89c52bcb --- /dev/null +++ b/security/xpm/Makefile @@ -0,0 +1,16 @@ +# SPDX-License-Identifier: GPL-2.0 +# +# Copyright (c) 2023 Huawei Device Co., Ltd. +# +# Makefile for the excutable permission manager +# + +obj-$(CONFIG_XPM) += \ + src/xpm_common.o \ + src/xpm_module.o \ + src/xpm_driver_manager.o \ + src/xpm_policy_manager.o \ + src/xpm_process_manager.o + +ccflags-$(CONFIG_XPM) += \ + -I$(srctree)/security/xpm/inc diff --git a/security/xpm/inc/xpm_driver_manager.h b/security/xpm/inc/xpm_driver_manager.h new file mode 100644 index 000000000000..e7eb880c003d --- /dev/null +++ b/security/xpm/inc/xpm_driver_manager.h @@ -0,0 +1,26 @@ +/* SPDX-License-Identifier: BSD-3-Clause */ +/* +* Copyright (c) 2023 Huawei Device Co., Ltd. +* +* XPM policy manager define & interfaces. +*/ + +#ifndef _XPM_DRIVER_MANAGER +#define _XPM_DRIVER_MANAGER + +#include + +struct xpm_hap_info { + uint32_t type; + + unsigned long addr_base; + unsigned long length; +}; + +/* Initialize the xpm driver node operation hook functions */ +int xpm_init_misc_device(void); + +/* Unregister the xpm driver node */ +void xpm_deinit_misc_device(void); + +#endif /* _XPM_DRIVER_MANAGER */ \ No newline at end of file diff --git a/security/xpm/inc/xpm_log.h b/security/xpm/inc/xpm_log.h new file mode 100644 index 000000000000..898405825d42 --- /dev/null +++ b/security/xpm/inc/xpm_log.h @@ -0,0 +1,32 @@ +/* SPDX-License-Identifier: BSD-3-Clause */ +/* +* Copyright (c) 2023 Huawei Device Co., Ltd. +* +* XPM log printing define. +*/ + +#ifndef _XPM_LOG_H +#define _XPM_LOG_H + +#include + +#define XPM_TAG "xpm_kernel" + +#define XPM_INFO "I" +#define XPM_ERROR "E" +#define XPM_DEBUG "D" + +#define xpm_info(fmt, args...) pr_info("[%s/%s]%s: " fmt "\n", \ + XPM_INFO, XPM_TAG, __func__, ##args) + +#define xpm_error(fmt, args...) pr_err("[%s/%s]%s: " fmt "\n", \ + XPM_ERROR, XPM_TAG, __func__, ##args) + +#ifdef CONFIG_XPM_DEBUG +#define xpm_debug(fmt, args...) pr_info("[%s/%s]%s: " fmt "\n", \ + XPM_DEBUG, XPM_TAG, __func__, ##args) +#else +#define xpm_debug(fmt, args...) no_printk(fmt, ##args) +#endif + +#endif /* _XPM_LOG_H */ \ No newline at end of file diff --git a/security/xpm/inc/xpm_policy_manager.h b/security/xpm/inc/xpm_policy_manager.h new file mode 100644 index 000000000000..f7f910b887c6 --- /dev/null +++ b/security/xpm/inc/xpm_policy_manager.h @@ -0,0 +1,29 @@ +/* SPDX-License-Identifier: BSD-3-Clause */ +/* +* Copyright (c) 2023 Huawei Device Co., Ltd. +*/ + +#ifndef _XPM_POLICY_MANAGER_H +#define _XPM_POLICY_MANAGER_H + +#include + +enum { + POLICY_TYPE_NORMAL, + POLICY_TYPE_WEBVIEW, + POLICY_TYPE_SANDBOX, + POLICY_TYPE_DEBUG, +}; + +/** + * Set control policy of process to it's task_struct + * + * @task: The task_struct of process + * @policy_type: The policy type that specify to set. if NULL, policy type will + * set by process name of @task. + * + * Return: 0 on success, -errno on failure + */ +int xpm_set_process_policy(struct task_struct *task, uint32_t *policy_type); + +#endif /* _XPM_POLICY_MANAGER_H */ \ No newline at end of file diff --git a/security/xpm/inc/xpm_process_manager.h b/security/xpm/inc/xpm_process_manager.h new file mode 100644 index 000000000000..3c207af3caa0 --- /dev/null +++ b/security/xpm/inc/xpm_process_manager.h @@ -0,0 +1,26 @@ +/* SPDX-License-Identifier: BSD-3-Clause */ +/* +* Copyright (c) 2023 Huawei Device Co., Ltd. +*/ + +#ifndef _XPM_PROCESS_MANAGER_H +#define _XPM_PROCESS_MANAGER_H + +#include + +typedef struct { + uint32_t file_type; + union { + uint32_t policy_type; + struct task_struct *task; + } temp; +}; + +enum { + FILE_TYPE_EXETUABLE = 0, + FILE_TYPE_ABC, +}; + +int xpm_register_security_hooks(void); + +#endif \ No newline at end of file diff --git a/security/xpm/src/xpm_common.c b/security/xpm/src/xpm_common.c new file mode 100644 index 000000000000..b2ad63675b10 --- /dev/null +++ b/security/xpm/src/xpm_common.c @@ -0,0 +1,20 @@ +// SPDX-License-Identifier: BSD-3-Clause +/* + * Copyright (c) 2023 Huawei Device Co., Ltd. + */ + +#include +#include + +bool xpm_va_intersect(unsigned long addr_start, unsigned long addr_end) +{ + return !((addr_start >= current->xpm_info.region.addr_end) || + (addr_end <= current->xpm_info.region.addr_start)); +} + +bool xpm_va_across(unsigned long addr_start, unsigned long addr_end) +{ + return xpm_va_intersect(addr_start, addr_end) && + (!(addr_start >= current->xpm_info.region.addr_start && + addr_end <= current->xpm_info.region.addr_end)); +} diff --git a/security/xpm/src/xpm_driver_manager.c b/security/xpm/src/xpm_driver_manager.c new file mode 100644 index 000000000000..e9f24e15adc3 --- /dev/null +++ b/security/xpm/src/xpm_driver_manager.c @@ -0,0 +1,133 @@ +// SPDX-License-Identifier: BSD-3-Clause +/* + * Copyright (c) 2023 Huawei Device Co., Ltd. + * + * Executable permission manager driver module. + */ + +#include +#include +#include +#include +#include +#include +#include +#include +#include "xpm_driver_manager.h" +#include "xpm_policy_manager.h" +#include "xpm_log.h" + +#define XPM_SET_HAP_INFO _IOW('x', 0x01, struct xpm_hap_info) + +static int xpm_set_validate_region(unsigned long addr_base, unsigned long length) +{ + unsigned long addr; + + // 1. 获取length大小的虚拟地址空间,appspawn安全内存为0 + addr = get_unmapped_area(NULL, addr_base, length, 0, MAP_PRIVATE); + if (IS_ERR_VALUE(addr)) { + xpm_error("get unmmaped area failed, addr = 0x%x", addr); + return -EINVAL; + } + + xpm_debug("xpm va region: [0x%x, 0x%x]", addr, addr+length); + + // 2. 将进程地址空间设置到task_struct结构体中 + task_lock(current); + current->xpm_info.region.addr_start = addr; + current->xpm_info.region.addr_end = addr + length; + task_unlock(current); + return 0; +} + +static int xpm_set_hap_info(struct xpm_hap_info *info) { + int ret; + + ret = xpm_set_validate_region(info->addr_base, info->length); + if (ret) { + xpm_error("xpm set hap process secure virtual address failed"); + return ret; + } + + ret = xpm_set_process_policy(current, &info->type); + if (ret) { + xpm_error("xpm set hap process policy failed"); + return ret; + } + + xpm_info("xpm set hap process info success"); + return 0; +} + +static long xpm_ioctl(struct file *file, unsigned int cmd, unsigned long arg) +{ + struct xpm_hap_info info = {0}; + + if (unlikely(copy_from_user(&info, (void __user *)(uintptr_t)arg, + sizeof(struct xpm_hap_info)))) + return -EFAULT; + + xpm_debug("hap type: %u, secure va base: 0x%x, secure va length: 0x%x", + info.type, info.addr_base, info.length); + + switch (cmd) { + case XPM_SET_HAP_INFO: + return xpm_set_hap_info(&info); + default: + xpm_error("input cmd error"); + return -EINVAL; + } +} + +#ifdef CONFIG_COMPAT +static long xpm_compat_ioctl(struct file *file, unsigned int cmd, + unsigned long arg) +{ + return xpm_ioctl(file, cmd, (uintptr_t)compat_ptr(arg)); +} +#endif + +static int xpm_open(struct inode *inode, struct file *file) +{ + return 0; +} + +static int xpm_release(struct inode *inode, struct file *file) +{ + return 0; +} + +static const struct file_operations xpm_fops = { + .owner = THIS_MODULE, + .open = xpm_open, + .release = xpm_release, + .unlocked_ioctl = xpm_ioctl, +#ifdef CONFIG_COMPAT + .compat_ioctl = xpm_compat_ioctl, +#endif +}; + +static struct miscdevice xpm_misc = { + .minor = MISC_DYNAMIC_MINOR, + .name = "xpm", + .fops = &xpm_fops, +}; + +int xpm_init_misc_device(void) +{ + int ret; + + ret = misc_register(&xpm_misc); + if (unlikely(ret)) { + xpm_error("xpm misc device register failed"); + return ret; + } + + xpm_info("xpm driver init success"); + return 0; +} + +void xpm_deinit_misc_device(void) +{ + misc_deregister(&xpm_misc); +} \ No newline at end of file diff --git a/security/xpm/src/xpm_module.c b/security/xpm/src/xpm_module.c new file mode 100644 index 000000000000..c9f354d01f46 --- /dev/null +++ b/security/xpm/src/xpm_module.c @@ -0,0 +1,51 @@ +// SPDX-License-Identifier: BSD-3-Clause +/* + * Copyright (c) 2023 Huawei Device Co., Ltd. + * + * Executable permission manager module. + */ + +#include +#include +#include +#include +#include "xpm_driver_manager.h" +#include "xpm_process_manager.h" +#include "xpm_log.h" + +static int __init xpm_module_init(void) +{ + int ret; + + // 1.初始化驱动节点/dev/xpm的处理函数 + ret = xpm_init_misc_device(); + if (ret) { + xpm_error("xpm int misc device failed"); + return ret; + } + + // 2.注册系统调用mmap和execv的处理函数 + ret = xpm_register_security_hooks(); + if (ret) { + xpm_error("xpm register security hooks failed"); + return ret; + } + + xpm_info("xpm module init success"); + return 0; +} + +static void __exit xpm_module_exit(void) +{ + xpm_deinit_misc_device(); + xpm_info("xpm module exit success"); +} + +module_init(xpm_module_init); +module_exit(xpm_module_exit); + +// 1、代码文件是否包含合法签名(代码没有签名是否放过) +// 2、是否允许匿名可执行内存映射, vma->file_ops是否为NULL,或者vma_is_anomonus +// 3、是否允许修改代码,需要在mmap和mprotect中映射wx权限, 判断映射参数中是否有wx权限 + +// 出现异常如何处理 \ No newline at end of file diff --git a/security/xpm/src/xpm_policy_manager.c b/security/xpm/src/xpm_policy_manager.c new file mode 100644 index 000000000000..e750dc8ee85b --- /dev/null +++ b/security/xpm/src/xpm_policy_manager.c @@ -0,0 +1,87 @@ +// SPDX-License-Identifier: BSD-3-Clause +/* + * Copyright (c) 2023 Huawei Device Co., Ltd. + */ +#include +#include +#include +#include "xpm_policy_manager.h" +#include "xpm_process_manager.h" +#include "xpm_log.h" + +#define XPM_POLICY_INIT(POLICY_TYPE, FUNC1, FUNC2, FUNC3) { \ + .type = POLICY_TYPE, \ + .check_code_signature_func = FUNC1, \ + .check_anonymous_mem_func = FUNC2, \ + .check_writable_mem_func = FUNC3, \ +} + +// FIXME: 可能无法使用mm_sturct,因为当前还没有启动进程 +static int check_code_signature(void) +{ + return 0; +} + +// TODO: 检查是否存在可写的匿名可执行内存 +static int check_anonymous_mem(void) +{ + return 0; +} + +// TODO: 检查是否映射了wx的内存 +static int check_writable_mem(void) +{ + return 0; +} + +static uint32_t get_process_policy_type(struct task_struct *task) +{ + (void)task; + return POLICY_TYPE_NORMAL; +} + +static uint32_t get_policy_type(struct task_struct *task, uint32_t *policy_type) +{ + if (policy_type) + return (*policy_type); + else + return get_process_policy_type(task); +} + +static void set_process_policy(struct xpm_process_policy *policy) +{ + task_lock(current); + current->xpm_info.policy = policy; + task_unlock(current); +} + +int xpm_set_process_policy(struct task_struct *task, uint32_t *policy_type) +{ + int type, i; + static struct xpm_process_policy xpm_policy[] = { + XPM_POLICY_INIT(POLICY_TYPE_NORMAL, check_code_signature, + check_anonymous_mem, check_writable_mem ), + XPM_POLICY_INIT(POLICY_TYPE_WEBVIEW, check_code_signature, + NULL, check_writable_mem ), + XPM_POLICY_INIT(POLICY_TYPE_SANDBOX, NULL, + check_anonymous_mem, check_writable_mem ), + XPM_POLICY_INIT(POLICY_TYPE_SANDBOX, NULL, + check_anonymous_mem, check_writable_mem ), + }; + + if (task == NULL) { + xpm_error("input task struct is invalid"); + return -EINVAL; + } + + type = get_policy_type(task, policy_type); + for (i = 0; i < ARRAY_SIZE(xpm_policy); i++) { + if (xpm_policy[i].type = type) { + set_process_policy(&xpm_policy[i]); + return 0; + } + } + + return -EINVAL; +} + diff --git a/security/xpm/src/xpm_process_manager.c b/security/xpm/src/xpm_process_manager.c new file mode 100644 index 000000000000..03eb34ee083d --- /dev/null +++ b/security/xpm/src/xpm_process_manager.c @@ -0,0 +1,13 @@ +// SPDX-License-Identifier: BSD-3-Clause +/* + * Copyright (c) 2023 Huawei Device Co., Ltd. + */ + +#include +#include +#include "xpm_policy_manager.h" + +int xpm_register_security_hooks(void) +{ + return 0; +} \ No newline at end of file diff --git "a/security/xpm/src/\344\273\243\347\240\201\346\211\247\350\241\214\346\235\203\351\231\220.md" "b/security/xpm/src/\344\273\243\347\240\201\346\211\247\350\241\214\346\235\203\351\231\220.md" new file mode 100644 index 000000000000..51ebedcc6d7b --- /dev/null +++ "b/security/xpm/src/\344\273\243\347\240\201\346\211\247\350\241\214\346\235\203\351\231\220.md" @@ -0,0 +1,598 @@ +# 代码执行权限 + +## 代码下载 +**方式一(推荐):通过repo + ssh下载(需注册公钥,请参考码云帮助中心)。** +>repo init -u git@gitee.com:openharmony/manifest.git -b master --no-repo-verify +repo sync -c +repo forall -c 'git lfs pull' + +**方式二:通过repo + https下载。** +> repo init -u https://gitee.com/openharmony/manifest.git -b master --no-repo-verify +repo sync -c +repo forall -c 'git lfs pull' + +**执行prebuilts** +>bash build/prebuilts_download.sh + + + +## 编译命令 +|目标|命令| +|---|---| +|rk3568内核|./build.sh --product-name rk3568 --target-cpu arm64 --build-target kernel --gn-args linux_kernel_version="linux-5.10"| + +## 配置文件 +>kernel/linux/config/linux-5.10/arch/arm64/configs/rk3568_standard_defconfig + +### 安全内存相关 + +#### 函数签名 +``` +int xpm_set_process_va_region(unsigned long addr_base, unsigned long length); +``` +1. 其中入参addr_base为用户态进程推荐的安全内存的起始地址,如果该值为0,则用户态对安全内存的起始地址没有要求,值得注意的是**该值仅为推荐,如果该地址已经被分配vma,这安全内存会继续向下寻找符合length长度的虚拟地址范围**。 +2. length为申请虚拟地址的长度。 +## 设置流程 +### 1. 寻找一块符合要求的虚拟地址范围 +linux进程典型内存布局: +![avtar](https://img-blog.csdn.net/20180615113202958) + +#### unmmaped_area获取关键函数 +```C +unsigned long +get_unmapped_area(struct file *file, unsigned long addr, unsigned long len, + unsigned long pgoff, unsigned long flags) +{ + unsigned long (*get_area)(struct file *, unsigned long, + unsigned long, unsigned long, unsigned long); + + unsigned long error = arch_mmap_check(addr, len, flags); + if (error) + return error; + + /* Careful about overflows.. */ + if (len > TASK_SIZE) + return -ENOMEM; + + get_area = current->mm->get_unmapped_area; + if (file) { + if (file->f_op->get_unmapped_area) + get_area = file->f_op->get_unmapped_area; + } else if (flags & MAP_SHARED) { + /* + * mmap_region() will call shmem_zero_setup() to create a file, + * so use shmem's get_unmapped_area in case it can be huge. + * do_mmap() will clear pgoff, so match alignment. + */ + pgoff = 0; + get_area = shmem_get_unmapped_area; + } + + addr = get_area(file, addr, len, pgoff, flags); + if (IS_ERR_VALUE(addr)) + return addr; + + if (addr > TASK_SIZE - len) + return -ENOMEM; + if (offset_in_page(addr)) + return -EINVAL; + + error = security_mmap_addr(addr); + return error ? error : addr; +} +``` +#### 关键点1 +**mm/mmap.c** +```C +#ifndef HAVE_ARCH_UNMAPPED_AREA +unsigned long +arch_get_unmapped_area(struct file *filp, unsigned long addr, + unsigned long len, unsigned long pgoff, unsigned long flags) +{ + struct mm_struct *mm = current->mm; + struct vm_area_struct *vma, *prev; + struct vm_unmapped_area_info info; + const unsigned long mmap_end = arch_get_mmap_end(addr); + + if (len > mmap_end - mmap_min_addr) + return -ENOMEM; + + if (flags & MAP_FIXED) + return addr; + + if (addr) { + addr = PAGE_ALIGN(addr); + // find_vam_prev解释:查找挨着addr前一个vma以及addr后一个vma,以便于计算vma之间的GAP + vma = find_vma_prev(mm, addr, &prev); + //判断解释: + // 1.addr开始的unmmaped的region需要在mmap_min_addr和mmap_end之间。 + // 2.如果addr后面的vma不存在,则证明addr后面都是unmmaped区域;如果vma后面的vma存在,则addr申请的region不能超过后面vma的起始地址,超过了说明这个GAP不合适。 + // 3.同理addr前面的vma不存在,则证明addr前面都unmmaped区域;如果前面的vma存在,则addr申请的region的起始地址不能小于前面vma的结束地址;到了这一步可以确定这个GAP是否满足对应addr申请的大小了。 + + // 但是:xpm又安全虚拟地址范围(xpm_va_region),addr申请的unmmaped的虚拟地址范围要么全在xpm内,要么全不在,一半在一半不在,那就不行。即(addr + len < xpm_va_region->start) || (addr > xpm_va_region->end) || (addr >= xpm_va_region->start && addr + len <= xpm_va_region->end) + // bool is_cross_xpm_va_region(addr, len) + // 问题1:如果存在安全内存不够的情况,是否要返回mmap成功,但是mmap的内存不在安全内存范围内? + if (mmap_end - len >= addr && addr >= mmap_min_addr && + (!vma || addr + len <= vm_start_gap(vma)) && + (!prev || addr >= vm_end_gap(prev))) + return addr; + } + + info.flags = 0; + info.length = len; + info.low_limit = mm->mmap_base; + info.high_limit = mmap_end; + info.align_mask = 0; + info.align_offset = 0; + return vm_unmapped_area(&info); +} +#endif + +#ifndef HAVE_ARCH_UNMAPPED_AREA_TOPDOWN +unsigned long +arch_get_unmapped_area_topdown(struct file *filp, unsigned long addr, + unsigned long len, unsigned long pgoff, + unsigned long flags) +{ + struct vm_area_struct *vma, *prev; + struct mm_struct *mm = current->mm; + struct vm_unmapped_area_info info; + const unsigned long mmap_end = arch_get_mmap_end(addr); + + /* requested length too big for entire address space */ + if (len > mmap_end - mmap_min_addr) + return -ENOMEM; + + if (flags & MAP_FIXED) + return addr; + + /* requesting a specific address */ + if (addr) { + addr = PAGE_ALIGN(addr); + // 1. 与arch_get_unmapped_area基本一致 + vma = find_vma_prev(mm, addr, &prev); + if (mmap_end - len >= addr && addr >= mmap_min_addr && + (!vma || addr + len <= vm_start_gap(vma)) && + (!prev || addr >= vm_end_gap(prev))) + return addr; + } + + info.flags = VM_UNMAPPED_AREA_TOPDOWN; + info.length = len; + info.low_limit = max(PAGE_SIZE, mmap_min_addr); + info.high_limit = arch_get_mmap_base(addr, mm->mmap_base); + info.align_mask = 0; + info.align_offset = 0; + addr = vm_unmapped_area(&info); + + /* + * A failed mmap() very likely causes application failure, + * so fall back to the bottom-up function here. This scenario + * can happen with large stack limits and large mmap() + * allocations. + */ + if (offset_in_page(addr)) { + VM_BUG_ON(addr != -ENOMEM); + info.flags = 0; + info.low_limit = TASK_UNMAPPED_BASE; + info.high_limit = mmap_end; + addr = vm_unmapped_area(&info); + } + + return addr; +} +#endif +``` +**arch/arm/mm/mmap.c** +```C +unsigned long +arch_get_unmapped_area(struct file *filp, unsigned long addr, + unsigned long len, unsigned long pgoff, unsigned long flags) +{ + struct mm_struct *mm = current->mm; + struct vm_area_struct *vma; + int do_align = 0; + int aliasing = cache_is_vipt_aliasing(); + struct vm_unmapped_area_info info; + + /* + * We only need to do colour alignment if either the I or D + * caches alias. + */ + if (aliasing) + do_align = filp || (flags & MAP_SHARED); + + /* + * We enforce the MAP_FIXED case. + */ + if (flags & MAP_FIXED) { + if (aliasing && flags & MAP_SHARED && + (addr - (pgoff << PAGE_SHIFT)) & (SHMLBA - 1)) + return -EINVAL; + return addr; + } + + if (len > TASK_SIZE) + return -ENOMEM; + + if (addr) { + if (do_align) + addr = COLOUR_ALIGN(addr, pgoff); + else + addr = PAGE_ALIGN(addr); + + // 1. 获取addr小于vma->end的最靠近的一个vma + vma = find_vma(mm, addr); + // 2. 当前只检查了vma,如果addr插入到了其他vma中应该怎么办呢? + if (TASK_SIZE - len >= addr && + (!vma || addr + len <= vm_start_gap(vma))) + return addr; + } + + info.flags = 0; + info.length = len; + info.low_limit = mm->mmap_base; + info.high_limit = TASK_SIZE; + info.align_mask = do_align ? (PAGE_MASK & (SHMLBA - 1)) : 0; + info.align_offset = pgoff << PAGE_SHIFT; + return vm_unmapped_area(&info); +} + +unsigned long +arch_get_unmapped_area_topdown(struct file *filp, const unsigned long addr0, + const unsigned long len, const unsigned long pgoff, + const unsigned long flags) +{ + struct vm_area_struct *vma; + struct mm_struct *mm = current->mm; + unsigned long addr = addr0; + int do_align = 0; + int aliasing = cache_is_vipt_aliasing(); + struct vm_unmapped_area_info info; + + /* + * We only need to do colour alignment if either the I or D + * caches alias. + */ + if (aliasing) + do_align = filp || (flags & MAP_SHARED); + + /* requested length too big for entire address space */ + if (len > TASK_SIZE) + return -ENOMEM; + + if (flags & MAP_FIXED) { + if (aliasing && flags & MAP_SHARED && + (addr - (pgoff << PAGE_SHIFT)) & (SHMLBA - 1)) + return -EINVAL; + return addr; + } + + /* requesting a specific address */ + if (addr) { + if (do_align) + addr = COLOUR_ALIGN(addr, pgoff); + else + addr = PAGE_ALIGN(addr); + vma = find_vma(mm, addr); + // 1. 与arch_get_unmapped_area基本一致,无需分析 + if (TASK_SIZE - len >= addr && + (!vma || addr + len <= vm_start_gap(vma))) + return addr; + } + + info.flags = VM_UNMAPPED_AREA_TOPDOWN; + info.length = len; + info.low_limit = FIRST_USER_ADDRESS; + info.high_limit = mm->mmap_base; + info.align_mask = do_align ? (PAGE_MASK & (SHMLBA - 1)) : 0; + info.align_offset = pgoff << PAGE_SHIFT; + addr = vm_unmapped_area(&info); + + /* + * A failed mmap() very likely causes application failure, + * so fall back to the bottom-up function here. This scenario + * can happen with large stack limits and large mmap() + * allocations. + */ + if (addr & ~PAGE_MASK) { + VM_BUG_ON(addr != -ENOMEM); + info.flags = 0; + info.low_limit = mm->mmap_base; + info.high_limit = TASK_SIZE; + addr = vm_unmapped_area(&info); + } + + return addr; +} + +``` + +#### 关键点2 +```C +/* + * Search for an unmapped address range. + * + * We are looking for a range that: + * - does not intersect with any VMA; + * - is contained within the [low_limit, high_limit) interval; + * - is at least the desired size. + * - satisfies (begin_addr & align_mask) == (align_offset & align_mask) + */ +unsigned long vm_unmapped_area(struct vm_unmapped_area_info *info) +{ + unsigned long addr; + + if (info->flags & VM_UNMAPPED_AREA_TOPDOWN) + addr = unmapped_area_topdown(info); + else + addr = unmapped_area(info); + + trace_vm_unmapped_area(addr, info); + return addr; +} + +static unsigned long unmapped_area_topdown(struct vm_unmapped_area_info *info) +{ + struct mm_struct *mm = current->mm; + struct vm_area_struct *vma; + unsigned long length, low_limit, high_limit, gap_start, gap_end; + + /* Adjust search length to account for worst case alignment overhead */ + length = info->length + info->align_mask; + if (length < info->length) + return -ENOMEM; + + /* + * Adjust search limits by the desired length. + * See implementation comment at top of unmapped_area(). + */ + // 1. high_limit: 申请的region的addr_end不能大于high_limit + // 2. low_limit:申请的region的addr_start不能小于low_limit + gap_end = info->high_limit; + if (gap_end < length) + return -ENOMEM; + high_limit = gap_end - length; + + if (info->low_limit > high_limit) + return -ENOMEM; + low_limit = info->low_limit + length; + + /* Check highest gap, which does not precede any rbtree node */ + // 3. 当前进程使用的最高的地址,如果小于high_limit,那[highest_vm_end,最初的hign_limit)都是干净没用过的,并且大小合适,按规则取一块就行。 + // 4. 但是有了安全内存: gap_start = max(mm->highest_vm_end, xpm_va_region->end),xpm_va_region->也是要和最大使用的vma较量较量,虽然没有添加到vma链表里面,但是这个坑我已经占了 + + gap_start = mm->highest_vm_end; + if (gap_start <= high_limit) + goto found_highest; + + // 5. 发现没有合适的干净的ummaped内存,那只能在vma之间卑微的找合适的gap了 + /* Check if rbtree root looks promising */ + if (RB_EMPTY_ROOT(&mm->mm_rb)) + return -ENOMEM; + vma = rb_entry(mm->mm_rb.rb_node, struct vm_area_struct, vm_rb); + if (vma->rb_subtree_gap < length) + return -ENOMEM; + + while (true) { + /* Visit right subtree if it looks promising */ + gap_start = vma->vm_prev ? vm_end_gap(vma->vm_prev) : 0; + if (gap_start <= high_limit && vma->vm_rb.rb_right) { + struct vm_area_struct *right = + rb_entry(vma->vm_rb.rb_right, + struct vm_area_struct, vm_rb); + if (right->rb_subtree_gap >= length) { + vma = right; + continue; + } + } + + // 6. 找到一个最接近high_limit的并且满足length长度的gap,左侧prev vma的end地址就是gap_start,右侧vma的start地址就是gap_end,如果gap_end也满足low_limit的限制,那后面再校验下gap的范围就找到了。 +check_current: + /* Check if current node has a suitable gap */ + gap_end = vm_start_gap(vma); + if (gap_end < low_limit) + return -ENOMEM; + // 7. 感觉这个校验没啥意义,但是这块需要加上xpm的校验,即不能落到xpm安全内存范围内,才算找到了,要不然继续循环 + // 条件: 不能与安全内存相交、不能在安全内存里面 + if (gap_start <= high_limit && + gap_end > gap_start && gap_end - gap_start >= length) + goto found; + + /* Visit left subtree if it looks promising */ + if (vma->vm_rb.rb_left) { + struct vm_area_struct *left = + rb_entry(vma->vm_rb.rb_left, + struct vm_area_struct, vm_rb); + if (left->rb_subtree_gap >= length) { + vma = left; + continue; + } + } + + /* Go back up the rbtree to find next candidate node */ + while (true) { + struct rb_node *prev = &vma->vm_rb; + if (!rb_parent(prev)) + return -ENOMEM; + vma = rb_entry(rb_parent(prev), + struct vm_area_struct, vm_rb); + if (prev == vma->vm_rb.rb_right) { + gap_start = vma->vm_prev ? + vm_end_gap(vma->vm_prev) : 0; + goto check_current; + } + } + } + +found: + /* We found a suitable gap. Clip it with the original high_limit. */ + if (gap_end > info->high_limit) + gap_end = info->high_limit; + +found_highest: + /* Compute highest gap address at the desired alignment */ + gap_end -= info->length; + gap_end -= (gap_end - info->align_offset) & info->align_mask; + + VM_BUG_ON(gap_end < info->low_limit); + VM_BUG_ON(gap_end < gap_start); + return gap_end; +} + +static unsigned long unmapped_area(struct vm_unmapped_area_info *info) +{ + /* + * We implement the search by looking for an rbtree node that + * immediately follows a suitable gap. That is, + * - gap_start = vma->vm_prev->vm_end <= info->high_limit - length; + * - gap_end = vma->vm_start >= info->low_limit + length; + * - gap_end - gap_start >= length + */ + + struct mm_struct *mm = current->mm; + struct vm_area_struct *vma; + unsigned long length, low_limit, high_limit, gap_start, gap_end; + + /* Adjust search length to account for worst case alignment overhead */ + length = info->length + info->align_mask; + if (length < info->length) + return -ENOMEM; + + /* Adjust search limits by the desired length */ + if (info->high_limit < length) + return -ENOMEM; + high_limit = info->high_limit - length; + + if (info->low_limit > high_limit) + return -ENOMEM; + low_limit = info->low_limit + length; + + /* Check if rbtree root looks promising */ + if (RB_EMPTY_ROOT(&mm->mm_rb)) + goto check_highest; + vma = rb_entry(mm->mm_rb.rb_node, struct vm_area_struct, vm_rb); + if (vma->rb_subtree_gap < length) + goto check_highest; + + while (true) { + /* Visit left subtree if it looks promising */ + gap_end = vm_start_gap(vma); + if (gap_end >= low_limit && vma->vm_rb.rb_left) { + struct vm_area_struct *left = + rb_entry(vma->vm_rb.rb_left, + struct vm_area_struct, vm_rb); + if (left->rb_subtree_gap >= length) { + vma = left; + continue; + } + } + + gap_start = vma->vm_prev ? vm_end_gap(vma->vm_prev) : 0; +check_current: + /* Check if current node has a suitable gap */ + if (gap_start > high_limit) + return -ENOMEM; + if (gap_end >= low_limit && + gap_end > gap_start && gap_end - gap_start >= length) + goto found; + + /* Visit right subtree if it looks promising */ + if (vma->vm_rb.rb_right) { + struct vm_area_struct *right = + rb_entry(vma->vm_rb.rb_right, + struct vm_area_struct, vm_rb); + if (right->rb_subtree_gap >= length) { + vma = right; + continue; + } + } + + /* Go back up the rbtree to find next candidate node */ + while (true) { + struct rb_node *prev = &vma->vm_rb; + if (!rb_parent(prev)) + goto check_highest; + vma = rb_entry(rb_parent(prev), + struct vm_area_struct, vm_rb); + if (prev == vma->vm_rb.rb_left) { + gap_start = vm_end_gap(vma->vm_prev); + gap_end = vm_start_gap(vma); + goto check_current; + } + } + } + +check_highest: + /* Check highest gap, which does not precede any rbtree node */ + gap_start = mm->highest_vm_end; + gap_end = ULONG_MAX; /* Only for VM_BUG_ON below */ + if (gap_start > high_limit) + return -ENOMEM; + +found: + /* We found a suitable gap. Clip it with the original low_limit. */ + if (gap_start < info->low_limit) + gap_start = info->low_limit; + + /* Adjust gap address to the desired alignment */ + gap_start += (info->align_offset - gap_start) & info->align_mask; + + VM_BUG_ON(gap_start + info->length > info->high_limit); + VM_BUG_ON(gap_start + info->length > gap_end); + return gap_start; +} +``` + + + +#### 2. 将虚拟地址范围从vma自动分配中剔除 +#### 3. 将获取的虚拟地址范围返回为用户态 +#### /proc目录下文件创建 +**1. proc文件创建&读写参考:** +```C +static ssize_t oom_score_adj_read(struct file *file, char __user *buf, + size_t count, loff_t *ppos) +{ + struct task_struct *task = get_proc_task(file_inode(file)); + char buffer[PROC_NUMBUF]; + short oom_score_adj = OOM_SCORE_ADJ_MIN; + size_t len; + + if (!task) + return -ESRCH; + oom_score_adj = task->signal->oom_score_adj; + put_task_struct(task); + len = snprintf(buffer, sizeof(buffer), "%hd\n", oom_score_adj); + return simple_read_from_buffer(buf, count, ppos, buffer, len); +} + +static const struct file_operations proc_oom_score_adj_operations = { + .read = oom_score_adj_read, + .write = oom_score_adj_write, + .llseek = default_llseek, +}; + +``` +**2. mmap的参考** +```C +static void show_vma_header_prefix(struct seq_file *m, + unsigned long start, unsigned long end, + vm_flags_t flags, unsigned long long pgoff, + dev_t dev, unsigned long ino) +{ + seq_setwidth(m, 25 + sizeof(void *) * 6 - 1); + seq_put_hex_ll(m, NULL, start, 8); + seq_put_hex_ll(m, "-", end, 8); + seq_putc(m, ' '); + seq_putc(m, flags & VM_READ ? 'r' : '-'); + seq_putc(m, flags & VM_WRITE ? 'w' : '-'); + seq_putc(m, flags & VM_EXEC ? 'x' : '-'); + seq_putc(m, flags & VM_MAYSHARE ? 's' : 'p'); + seq_put_hex_ll(m, " ", pgoff, 8); + seq_put_hex_ll(m, " ", MAJOR(dev), 2); + seq_put_hex_ll(m, ":", MINOR(dev), 2); + seq_put_decimal_ull(m, " ", ino); + seq_putc(m, ' '); +} +``` \ No newline at end of file -- Gitee From 80ecda5585cdeeb7fcaed7c979f1bad41f300dda Mon Sep 17 00:00:00 2001 From: limerence Date: Mon, 20 Mar 2023 17:33:42 +0800 Subject: [PATCH 2/3] fix xpm coding bug --- fs/proc/base.c | 1 + include/linux/xpm_common.h | 18 +++---- mm/mmap.c | 12 ++--- security/xpm/inc/xpm_driver_manager.h | 16 +++--- security/xpm/inc/xpm_log.h | 10 ++-- security/xpm/inc/xpm_policy_manager.h | 7 ++- security/xpm/inc/xpm_process_manager.h | 17 ++---- security/xpm/src/xpm_common.c | 27 +++++++--- security/xpm/src/xpm_driver_manager.c | 46 +++++++++------- security/xpm/src/xpm_module.c | 17 +++--- security/xpm/src/xpm_policy_manager.c | 53 +++++++++---------- security/xpm/src/xpm_process_manager.c | 31 +++++++++-- ...47\350\241\214\346\235\203\351\231\220.md" | 13 ++++- 13 files changed, 150 insertions(+), 118 deletions(-) diff --git a/fs/proc/base.c b/fs/proc/base.c index 68245f6c877c..cc04fc1a3ccd 100644 --- a/fs/proc/base.c +++ b/fs/proc/base.c @@ -3287,6 +3287,7 @@ static const struct file_operations proc_setgroups_operations = { #endif /* CONFIG_USER_NS */ #ifdef CONFIG_XPM +#define XPM_PROC_CONTENT_LEN 33 static ssize_t proc_xpm_validate_region_read(struct file *file, char __user *buf, size_t count, loff_t *pos) { diff --git a/include/linux/xpm_common.h b/include/linux/xpm_common.h index cea7f8e2ff93..a00dd670a0ac 100644 --- a/include/linux/xpm_common.h +++ b/include/linux/xpm_common.h @@ -8,8 +8,6 @@ #include -#define XPM_PROC_CONTENT_LEN 33 - struct xpm_process_policy { /* process policy type, such as webview or debug */ uint32_t type; @@ -32,25 +30,25 @@ struct xpm_info { }; /** - * check that whether the input address region is intersect with the xpm virtal - * address region + * check that whether the input address region is outer the xpm validate region */ #ifdef CONFIG_XPM -extern bool xpm_va_intersect(unsigned long addr_start, unsigned long addr_end); +extern bool xpm_mmap_unaddr_check(unsigned long addr_start, + unsigned long addr_end); /** - * check that theinput addr region is across the boundary of xpm reserved virtal - * addr region + * check that the input address is outer or inner the xpm validate region */ -extern bool xpm_va_across(unsigned long addr_start, unsigned long addr_end); +extern bool xpm_mmap_addr_check(unsigned long addr_start, + unsigned long addr_end); #else -static inline bool xpm_va_intersect(unsigned long addr_start, +static inline bool xpm_mmap_unaddr_check(unsigned long addr_start, unsigned long addr_end) { return false; } -static inline bool xpm_va_across(unsigned long addr_start, +static inline bool xpm_mmap_addr_check(unsigned long addr_start, unsigned long addr_end) { return false; diff --git a/mm/mmap.c b/mm/mmap.c index 9688ea530f67..8b95b7281fdf 100644 --- a/mm/mmap.c +++ b/mm/mmap.c @@ -2003,7 +2003,7 @@ static unsigned long unmapped_area(struct vm_unmapped_area_info *info) return -ENOMEM; if ((gap_end >= low_limit && gap_end > gap_start && gap_end - gap_start >= length) && - (!xpm_va_intersect(gap_start, gap_end))) + (xpm_mmap_unaddr_check(gap_start, gap_end))) goto found; /* Visit right subtree if it looks promising */ @@ -2037,7 +2037,7 @@ static unsigned long unmapped_area(struct vm_unmapped_area_info *info) #ifndef CONFIG_XPM gap_start = mm->highest_vm_end; #else - gap_start = max(mm->highest_vm_end, current->xpm_info.region.addr_end); + gap_start = max(mm->highest_vm_end, current->xpm_info.region.addr_end); #endif gap_end = ULONG_MAX; /* Only for VM_BUG_ON below */ if (gap_start > high_limit) @@ -2084,7 +2084,7 @@ static unsigned long unmapped_area_topdown(struct vm_unmapped_area_info *info) #ifndef CONFIG_XPM gap_start = mm->highest_vm_end; #else - gap_start = max(mm->highest_vm_end, current->xpm_info.region.addr_end); + gap_start = max(mm->highest_vm_end, current->xpm_info.region.addr_end); #endif if (gap_start <= high_limit) goto found_highest; @@ -2116,7 +2116,7 @@ static unsigned long unmapped_area_topdown(struct vm_unmapped_area_info *info) return -ENOMEM; if ((gap_start <= high_limit && gap_end > gap_start && gap_end - gap_start >= length) && - (!xpm_va_intersect(gap_start, gap_end))) + (xpm_mmap_unaddr_check(gap_start, gap_end))) goto found; /* Visit left subtree if it looks promising */ @@ -2215,7 +2215,7 @@ arch_get_unmapped_area(struct file *filp, unsigned long addr, if (mmap_end - len >= addr && addr >= mmap_min_addr && (!vma || addr + len <= vm_start_gap(vma)) && (!prev || addr >= vm_end_gap(prev)) && - (!xpm_va_across(addr, addr + len))) + (xpm_mmap_addr_check(addr, addr + len))) return addr; } @@ -2258,7 +2258,7 @@ arch_get_unmapped_area_topdown(struct file *filp, unsigned long addr, if (mmap_end - len >= addr && addr >= mmap_min_addr && (!vma || addr + len <= vm_start_gap(vma)) && (!prev || addr >= vm_end_gap(prev)) && - (!xpm_va_across(addr, addr + len))) + (xpm_mmap_addr_check(addr, addr + len))) return addr; } diff --git a/security/xpm/inc/xpm_driver_manager.h b/security/xpm/inc/xpm_driver_manager.h index e7eb880c003d..2e24aeffb013 100644 --- a/security/xpm/inc/xpm_driver_manager.h +++ b/security/xpm/inc/xpm_driver_manager.h @@ -1,8 +1,6 @@ /* SPDX-License-Identifier: BSD-3-Clause */ /* * Copyright (c) 2023 Huawei Device Co., Ltd. -* -* XPM policy manager define & interfaces. */ #ifndef _XPM_DRIVER_MANAGER @@ -11,16 +9,16 @@ #include struct xpm_hap_info { - uint32_t type; + uint32_t type; - unsigned long addr_base; - unsigned long length; + unsigned long addr_base; + unsigned long length; }; -/* Initialize the xpm driver node operation hook functions */ -int xpm_init_misc_device(void); +/* register the xpm driver functions */ +int xpm_register_misc_device(void); -/* Unregister the xpm driver node */ -void xpm_deinit_misc_device(void); +/* deregister the xpm driver */ +void xpm_deregister_misc_device(void); #endif /* _XPM_DRIVER_MANAGER */ \ No newline at end of file diff --git a/security/xpm/inc/xpm_log.h b/security/xpm/inc/xpm_log.h index 898405825d42..7cecd9e1f280 100644 --- a/security/xpm/inc/xpm_log.h +++ b/security/xpm/inc/xpm_log.h @@ -1,8 +1,6 @@ /* SPDX-License-Identifier: BSD-3-Clause */ /* * Copyright (c) 2023 Huawei Device Co., Ltd. -* -* XPM log printing define. */ #ifndef _XPM_LOG_H @@ -16,17 +14,17 @@ #define XPM_ERROR "E" #define XPM_DEBUG "D" -#define xpm_info(fmt, args...) pr_info("[%s/%s]%s: " fmt "\n", \ +#define xpm_log_info(fmt, args...) pr_info("[%s/%s]%s: " fmt "\n", \ XPM_INFO, XPM_TAG, __func__, ##args) -#define xpm_error(fmt, args...) pr_err("[%s/%s]%s: " fmt "\n", \ +#define xpm_log_error(fmt, args...) pr_err("[%s/%s]%s: " fmt "\n", \ XPM_ERROR, XPM_TAG, __func__, ##args) #ifdef CONFIG_XPM_DEBUG -#define xpm_debug(fmt, args...) pr_info("[%s/%s]%s: " fmt "\n", \ +#define xpm_log_debug(fmt, args...) pr_info("[%s/%s]%s: " fmt "\n", \ XPM_DEBUG, XPM_TAG, __func__, ##args) #else -#define xpm_debug(fmt, args...) no_printk(fmt, ##args) +#define xpm_log_debug(fmt, args...) no_printk(fmt, ##args) #endif #endif /* _XPM_LOG_H */ \ No newline at end of file diff --git a/security/xpm/inc/xpm_policy_manager.h b/security/xpm/inc/xpm_policy_manager.h index f7f910b887c6..ef1eae830051 100644 --- a/security/xpm/inc/xpm_policy_manager.h +++ b/security/xpm/inc/xpm_policy_manager.h @@ -9,7 +9,7 @@ #include enum { - POLICY_TYPE_NORMAL, + POLICY_TYPE_NORMAL = 0, POLICY_TYPE_WEBVIEW, POLICY_TYPE_SANDBOX, POLICY_TYPE_DEBUG, @@ -18,12 +18,11 @@ enum { /** * Set control policy of process to it's task_struct * - * @task: The task_struct of process - * @policy_type: The policy type that specify to set. if NULL, policy type will + * policy_type: The policy type that specify to set. if NULL, policy type will * set by process name of @task. * * Return: 0 on success, -errno on failure */ -int xpm_set_process_policy(struct task_struct *task, uint32_t *policy_type); +int xpm_set_process_policy(uint32_t *type); #endif /* _XPM_POLICY_MANAGER_H */ \ No newline at end of file diff --git a/security/xpm/inc/xpm_process_manager.h b/security/xpm/inc/xpm_process_manager.h index 3c207af3caa0..cd38ae693e64 100644 --- a/security/xpm/inc/xpm_process_manager.h +++ b/security/xpm/inc/xpm_process_manager.h @@ -8,19 +8,10 @@ #include -typedef struct { - uint32_t file_type; - union { - uint32_t policy_type; - struct task_struct *task; - } temp; -}; - -enum { - FILE_TYPE_EXETUABLE = 0, - FILE_TYPE_ABC, -}; - +/* register the security hooks in execv/mmap/mprotect svc*/ int xpm_register_security_hooks(void); +/* deregister the security hooks */ +void xpm_deregister_security_hooks(void); + #endif \ No newline at end of file diff --git a/security/xpm/src/xpm_common.c b/security/xpm/src/xpm_common.c index b2ad63675b10..74916d0d2b18 100644 --- a/security/xpm/src/xpm_common.c +++ b/security/xpm/src/xpm_common.c @@ -5,16 +5,29 @@ #include #include +#include "xpm_log.h" -bool xpm_va_intersect(unsigned long addr_start, unsigned long addr_end) +bool xpm_mmap_unaddr_check(unsigned long addr_start, unsigned long addr_end) { - return !((addr_start >= current->xpm_info.region.addr_end) || - (addr_end <= current->xpm_info.region.addr_start)); + struct xpm_validate_region *region= &(current->xpm_info.region); + bool result = ((addr_start >= region->addr_end) || (addr_end <= region->addr_start)); + if (!result) + xpm_log_info("addr region: [0x%lx, 0x%lx], xpm region: [0x%lx, 0x%lx]", + addr_start, addr_end, region->addr_start, region->addr_end); + + return result; } -bool xpm_va_across(unsigned long addr_start, unsigned long addr_end) +bool xpm_mmap_addr_check(unsigned long addr_start, unsigned long addr_end) { - return xpm_va_intersect(addr_start, addr_end) && - (!(addr_start >= current->xpm_info.region.addr_start && - addr_end <= current->xpm_info.region.addr_end)); + struct xpm_validate_region *region= &(current->xpm_info.region); + + bool result = (xpm_mmap_unaddr_check(addr_start, addr_end) || + ((addr_start >= region->addr_start) && + (addr_end <= region->addr_end))); + + if (!result) + xpm_log_info("addr region: [0x%lx, 0x%lx], xpm region: [0x%lx, 0x%lx]", + addr_start, addr_end, region->addr_start, region->addr_end); + return result; } diff --git a/security/xpm/src/xpm_driver_manager.c b/security/xpm/src/xpm_driver_manager.c index e9f24e15adc3..3c97efd771b6 100644 --- a/security/xpm/src/xpm_driver_manager.c +++ b/security/xpm/src/xpm_driver_manager.c @@ -22,40 +22,45 @@ static int xpm_set_validate_region(unsigned long addr_base, unsigned long length) { unsigned long addr; + struct xpm_validate_region *region= &(current->xpm_info.region); + + if ((region->addr_start != 0) || (region->addr_end != 0)) { + xpm_log_info("xpm validate region has been set"); + return 0; + } - // 1. 获取length大小的虚拟地址空间,appspawn安全内存为0 addr = get_unmapped_area(NULL, addr_base, length, 0, MAP_PRIVATE); if (IS_ERR_VALUE(addr)) { - xpm_error("get unmmaped area failed, addr = 0x%x", addr); + xpm_log_error("xpm get unmmaped area failed"); return -EINVAL; } - xpm_debug("xpm va region: [0x%x, 0x%x]", addr, addr+length); - - // 2. 将进程地址空间设置到task_struct结构体中 task_lock(current); - current->xpm_info.region.addr_start = addr; - current->xpm_info.region.addr_end = addr + length; + region->addr_start = addr; + region->addr_end = addr + length; task_unlock(current); + xpm_log_debug("xpm validate region: [0x%lx, 0x%lx]", region->addr_start, region->addr_end); + return 0; } -static int xpm_set_hap_info(struct xpm_hap_info *info) { +static int xpm_set_hap_info(struct xpm_hap_info *info) +{ int ret; ret = xpm_set_validate_region(info->addr_base, info->length); if (ret) { - xpm_error("xpm set hap process secure virtual address failed"); + xpm_log_error("xpm set validate region failed"); return ret; } - ret = xpm_set_process_policy(current, &info->type); + ret = xpm_set_process_policy(&info->type); if (ret) { - xpm_error("xpm set hap process policy failed"); + xpm_log_error("xpm set process policy failed"); return ret; } - xpm_info("xpm set hap process info success"); + xpm_log_info("xpm set hap info success"); return 0; } @@ -67,14 +72,15 @@ static long xpm_ioctl(struct file *file, unsigned int cmd, unsigned long arg) sizeof(struct xpm_hap_info)))) return -EFAULT; - xpm_debug("hap type: %u, secure va base: 0x%x, secure va length: 0x%x", + xpm_log_debug("hap policy type: %u, validate region addr_base: 0x%x, " + "validate region length: 0x%x", info.type, info.addr_base, info.length); switch (cmd) { case XPM_SET_HAP_INFO: return xpm_set_hap_info(&info); default: - xpm_error("input cmd error"); + xpm_log_error("xpm input cmd error"); return -EINVAL; } } @@ -109,25 +115,25 @@ static const struct file_operations xpm_fops = { static struct miscdevice xpm_misc = { .minor = MISC_DYNAMIC_MINOR, - .name = "xpm", - .fops = &xpm_fops, + .name = "xpm", + .fops = &xpm_fops, }; -int xpm_init_misc_device(void) +int xpm_register_misc_device(void) { int ret; ret = misc_register(&xpm_misc); if (unlikely(ret)) { - xpm_error("xpm misc device register failed"); + xpm_log_error("xpm register misc device failed"); return ret; } - xpm_info("xpm driver init success"); + xpm_log_info("xpm register misc device success"); return 0; } -void xpm_deinit_misc_device(void) +void xpm_deregister_misc_device(void) { misc_deregister(&xpm_misc); } \ No newline at end of file diff --git a/security/xpm/src/xpm_module.c b/security/xpm/src/xpm_module.c index c9f354d01f46..56c6f484c93b 100644 --- a/security/xpm/src/xpm_module.c +++ b/security/xpm/src/xpm_module.c @@ -1,8 +1,6 @@ // SPDX-License-Identifier: BSD-3-Clause /* * Copyright (c) 2023 Huawei Device Co., Ltd. - * - * Executable permission manager module. */ #include @@ -17,28 +15,27 @@ static int __init xpm_module_init(void) { int ret; - // 1.初始化驱动节点/dev/xpm的处理函数 - ret = xpm_init_misc_device(); + ret = xpm_register_misc_device(); if (ret) { - xpm_error("xpm int misc device failed"); + xpm_log_error("xpm register misc device failed"); return ret; } - // 2.注册系统调用mmap和execv的处理函数 ret = xpm_register_security_hooks(); if (ret) { - xpm_error("xpm register security hooks failed"); + xpm_log_error("xpm register security hooks failed"); + xpm_deregister_misc_device(); return ret; } - xpm_info("xpm module init success"); + xpm_log_info("xpm module init success"); return 0; } static void __exit xpm_module_exit(void) { - xpm_deinit_misc_device(); - xpm_info("xpm module exit success"); + xpm_deregister_misc_device(); + xpm_log_info("xpm module exit success"); } module_init(xpm_module_init); diff --git a/security/xpm/src/xpm_policy_manager.c b/security/xpm/src/xpm_policy_manager.c index e750dc8ee85b..9fdb83d2f629 100644 --- a/security/xpm/src/xpm_policy_manager.c +++ b/security/xpm/src/xpm_policy_manager.c @@ -34,54 +34,51 @@ static int check_writable_mem(void) return 0; } -static uint32_t get_process_policy_type(struct task_struct *task) +static uint32_t get_process_policy_type(void) { - (void)task; return POLICY_TYPE_NORMAL; } -static uint32_t get_policy_type(struct task_struct *task, uint32_t *policy_type) +static uint32_t get_policy_type(uint32_t *type) { - if (policy_type) - return (*policy_type); - else - return get_process_policy_type(task); + if (type) + return (*type); + + return POLICY_TYPE_NORMAL; } static void set_process_policy(struct xpm_process_policy *policy) { + struct xpm_info *xpm_info = &(current->xpm_info); + task_lock(current); - current->xpm_info.policy = policy; - task_unlock(current); + xpm_info->policy = policy; + task_unlock(current); } -int xpm_set_process_policy(struct task_struct *task, uint32_t *policy_type) +int xpm_set_process_policy(uint32_t *type) { - int type, i; - static struct xpm_process_policy xpm_policy[] = { - XPM_POLICY_INIT(POLICY_TYPE_NORMAL, check_code_signature, - check_anonymous_mem, check_writable_mem ), - XPM_POLICY_INIT(POLICY_TYPE_WEBVIEW, check_code_signature, - NULL, check_writable_mem ), - XPM_POLICY_INIT(POLICY_TYPE_SANDBOX, NULL, - check_anonymous_mem, check_writable_mem ), - XPM_POLICY_INIT(POLICY_TYPE_SANDBOX, NULL, - check_anonymous_mem, check_writable_mem ), - }; - - if (task == NULL) { - xpm_error("input task struct is invalid"); - return -EINVAL; - } + int policy_type, i; + static struct xpm_process_policy xpm_policy[] = { + XPM_POLICY_INIT(POLICY_TYPE_NORMAL, check_code_signature, + check_anonymous_mem, check_writable_mem ), + XPM_POLICY_INIT(POLICY_TYPE_WEBVIEW, check_code_signature, + NULL, check_writable_mem ), + XPM_POLICY_INIT(POLICY_TYPE_SANDBOX, NULL, + check_anonymous_mem, check_writable_mem ), + XPM_POLICY_INIT(POLICY_TYPE_SANDBOX, NULL, + check_anonymous_mem, check_writable_mem ), + }; - type = get_policy_type(task, policy_type); + policy_type = get_policy_type(type); for (i = 0; i < ARRAY_SIZE(xpm_policy); i++) { - if (xpm_policy[i].type = type) { + if (policy_type == xpm_policy[i].type) { set_process_policy(&xpm_policy[i]); return 0; } } + xpm_log_error("no policy were found for the process"); return -EINVAL; } diff --git a/security/xpm/src/xpm_process_manager.c b/security/xpm/src/xpm_process_manager.c index 03eb34ee083d..064a72e7f77b 100644 --- a/security/xpm/src/xpm_process_manager.c +++ b/security/xpm/src/xpm_process_manager.c @@ -3,11 +3,36 @@ * Copyright (c) 2023 Huawei Device Co., Ltd. */ -#include #include +#include +#include +#include +#include #include "xpm_policy_manager.h" +#include "xpm_log.h" + +static int xpm_bprm_policy_hook(struct linux_binprm *bprm) +{ + if (bprm == NULL) { + xpm_log_error("input bprm parameter is NULL"); + return -EINVAL; + } + + +} + +static struct security_hook_list xpm_bprm_check_hooks[] __lsm_ro_after_init = { + LSM_HOOK_INIT(bprm_check, xpm_bprm_policy_hook), +}; + int xpm_register_security_hooks(void) { - return 0; -} \ No newline at end of file + return 0; +} + + +void xpm_deregister_security_hooks(void) +{ + return; +} diff --git "a/security/xpm/src/\344\273\243\347\240\201\346\211\247\350\241\214\346\235\203\351\231\220.md" "b/security/xpm/src/\344\273\243\347\240\201\346\211\247\350\241\214\346\235\203\351\231\220.md" index 51ebedcc6d7b..7d2b6d7b5db6 100644 --- "a/security/xpm/src/\344\273\243\347\240\201\346\211\247\350\241\214\346\235\203\351\231\220.md" +++ "b/security/xpm/src/\344\273\243\347\240\201\346\211\247\350\241\214\346\235\203\351\231\220.md" @@ -14,7 +14,9 @@ repo forall -c 'git lfs pull' **执行prebuilts** >bash build/prebuilts_download.sh - +##版本相关 +**daliy build** +>http://ci.openharmony.cn/dailys/dailybuilds ## 编译命令 |目标|命令| @@ -595,4 +597,11 @@ static void show_vma_header_prefix(struct seq_file *m, seq_put_decimal_ull(m, " ", ino); seq_putc(m, ' '); } -``` \ No newline at end of file +``` + +### 进程管理 +#### HAP进程fork流程中需要设置进程调试标识&策略函数 +hap应用通过ioctl的方式设置调试标识&管控策略。 +#### 普通二进制进程需要在exec中设置进程调试标识&策略函数 +普通二进制需要在exec系统调用流程中添加设置进程标识和管控策略的函数调调用,security_bprm_check LSM函数处进行拦截 +#### 在mmap中 \ No newline at end of file -- Gitee From d1010faedd325670886d4cbe8e5cc16b94ffd321 Mon Sep 17 00:00:00 2001 From: zhang pan Date: Wed, 22 Mar 2023 22:52:24 +0800 Subject: [PATCH 3/3] =?UTF-8?q?=E5=B0=86xpm=5Flog.h=E5=86=85=E5=AE=B9?= =?UTF-8?q?=E7=A7=BB=E5=88=B0xpm=5Fcommon.h?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Change-Id: Id83345f961f581618547d6c5164dda19fce5aa4c --- include/linux/xpm_common.h | 28 ++++++++++++++++++++++++ security/xpm/inc/xpm_log.h | 30 -------------------------- security/xpm/inc/xpm_policy_manager.h | 1 + security/xpm/src/xpm_common.c | 3 +-- security/xpm/src/xpm_driver_manager.c | 1 - security/xpm/src/xpm_module.c | 2 +- security/xpm/src/xpm_policy_manager.c | 1 - security/xpm/src/xpm_process_manager.c | 6 +++--- 8 files changed, 34 insertions(+), 38 deletions(-) delete mode 100644 security/xpm/inc/xpm_log.h diff --git a/include/linux/xpm_common.h b/include/linux/xpm_common.h index a00dd670a0ac..c4c24f301835 100644 --- a/include/linux/xpm_common.h +++ b/include/linux/xpm_common.h @@ -7,6 +7,34 @@ #define _XPM_H #include +#include +#include + +struct page; +struct vm_fault; +struct vm_area_struct; +struct task_struct; + +#define XPM_PROC_CONTENT_LEN 33 + +#define XPM_TAG "xpm_kernel" + +#define XPM_INFO "I" +#define XPM_ERROR "E" +#define XPM_DEBUG "D" + +#define xpm_log_info(fmt, args...) pr_info("[%s/%s]%s: " fmt "\n", \ + XPM_INFO, XPM_TAG, __func__, ##args) + +#define xpm_log_error(fmt, args...) pr_err("[%s/%s]%s: " fmt "\n", \ + XPM_ERROR, XPM_TAG, __func__, ##args) + +#ifdef CONFIG_XPM_DEBUG +#define xpm_debug(fmt, args...) pr_info("[%s/%s]%s: " fmt "\n", \ + XPM_DEBUG, XPM_TAG, __func__, ##args) +#else +#define xpm_log_debug(fmt, args...) no_printk(fmt, ##args) +#endif struct xpm_process_policy { /* process policy type, such as webview or debug */ diff --git a/security/xpm/inc/xpm_log.h b/security/xpm/inc/xpm_log.h deleted file mode 100644 index 7cecd9e1f280..000000000000 --- a/security/xpm/inc/xpm_log.h +++ /dev/null @@ -1,30 +0,0 @@ -/* SPDX-License-Identifier: BSD-3-Clause */ -/* -* Copyright (c) 2023 Huawei Device Co., Ltd. -*/ - -#ifndef _XPM_LOG_H -#define _XPM_LOG_H - -#include - -#define XPM_TAG "xpm_kernel" - -#define XPM_INFO "I" -#define XPM_ERROR "E" -#define XPM_DEBUG "D" - -#define xpm_log_info(fmt, args...) pr_info("[%s/%s]%s: " fmt "\n", \ - XPM_INFO, XPM_TAG, __func__, ##args) - -#define xpm_log_error(fmt, args...) pr_err("[%s/%s]%s: " fmt "\n", \ - XPM_ERROR, XPM_TAG, __func__, ##args) - -#ifdef CONFIG_XPM_DEBUG -#define xpm_log_debug(fmt, args...) pr_info("[%s/%s]%s: " fmt "\n", \ - XPM_DEBUG, XPM_TAG, __func__, ##args) -#else -#define xpm_log_debug(fmt, args...) no_printk(fmt, ##args) -#endif - -#endif /* _XPM_LOG_H */ \ No newline at end of file diff --git a/security/xpm/inc/xpm_policy_manager.h b/security/xpm/inc/xpm_policy_manager.h index ef1eae830051..11d27bd496e8 100644 --- a/security/xpm/inc/xpm_policy_manager.h +++ b/security/xpm/inc/xpm_policy_manager.h @@ -6,6 +6,7 @@ #ifndef _XPM_POLICY_MANAGER_H #define _XPM_POLICY_MANAGER_H +#include #include enum { diff --git a/security/xpm/src/xpm_common.c b/security/xpm/src/xpm_common.c index 74916d0d2b18..2d5d43c70041 100644 --- a/security/xpm/src/xpm_common.c +++ b/security/xpm/src/xpm_common.c @@ -3,9 +3,8 @@ * Copyright (c) 2023 Huawei Device Co., Ltd. */ -#include #include -#include "xpm_log.h" +#include bool xpm_mmap_unaddr_check(unsigned long addr_start, unsigned long addr_end) { diff --git a/security/xpm/src/xpm_driver_manager.c b/security/xpm/src/xpm_driver_manager.c index 3c97efd771b6..bf57ac5f9bfd 100644 --- a/security/xpm/src/xpm_driver_manager.c +++ b/security/xpm/src/xpm_driver_manager.c @@ -15,7 +15,6 @@ #include #include "xpm_driver_manager.h" #include "xpm_policy_manager.h" -#include "xpm_log.h" #define XPM_SET_HAP_INFO _IOW('x', 0x01, struct xpm_hap_info) diff --git a/security/xpm/src/xpm_module.c b/security/xpm/src/xpm_module.c index 56c6f484c93b..c10d9610b8af 100644 --- a/security/xpm/src/xpm_module.c +++ b/security/xpm/src/xpm_module.c @@ -7,9 +7,9 @@ #include #include #include +#include #include "xpm_driver_manager.h" #include "xpm_process_manager.h" -#include "xpm_log.h" static int __init xpm_module_init(void) { diff --git a/security/xpm/src/xpm_policy_manager.c b/security/xpm/src/xpm_policy_manager.c index 9fdb83d2f629..f46f530280d5 100644 --- a/security/xpm/src/xpm_policy_manager.c +++ b/security/xpm/src/xpm_policy_manager.c @@ -7,7 +7,6 @@ #include #include "xpm_policy_manager.h" #include "xpm_process_manager.h" -#include "xpm_log.h" #define XPM_POLICY_INIT(POLICY_TYPE, FUNC1, FUNC2, FUNC3) { \ .type = POLICY_TYPE, \ diff --git a/security/xpm/src/xpm_process_manager.c b/security/xpm/src/xpm_process_manager.c index 064a72e7f77b..caaa46e89f0f 100644 --- a/security/xpm/src/xpm_process_manager.c +++ b/security/xpm/src/xpm_process_manager.c @@ -8,8 +8,8 @@ #include #include #include +#include #include "xpm_policy_manager.h" -#include "xpm_log.h" static int xpm_bprm_policy_hook(struct linux_binprm *bprm) { @@ -18,11 +18,11 @@ static int xpm_bprm_policy_hook(struct linux_binprm *bprm) return -EINVAL; } - + return 0; } static struct security_hook_list xpm_bprm_check_hooks[] __lsm_ro_after_init = { - LSM_HOOK_INIT(bprm_check, xpm_bprm_policy_hook), + // LSM_HOOK_INIT(bprm_check, xpm_bprm_policy_hook), }; -- Gitee