From b578608941b02394d4788a5c2c2b63ddb958018d Mon Sep 17 00:00:00 2001 From: maliang Date: Sat, 27 Jul 2024 21:51:00 +0800 Subject: [PATCH] Add dec policy configure interfaces: (1) add misc device /dev/dec; (2) provide ioctl interface entry without actual function. Change-Id: Iee38b9d784524edd73e9e925ba3e2721c500fae4 Signed-off-by: maliang --- dec/Kconfig | 15 ++++ dec/Makefile | 10 +++ dec/apply_dec.sh | 28 ++++++++ dec/dec_misc.c | 176 +++++++++++++++++++++++++++++++++++++++++++++++ dec/dec_misc.h | 61 ++++++++++++++++ 5 files changed, 290 insertions(+) create mode 100644 dec/Kconfig create mode 100644 dec/Makefile create mode 100755 dec/apply_dec.sh create mode 100644 dec/dec_misc.c create mode 100644 dec/dec_misc.h diff --git a/dec/Kconfig b/dec/Kconfig new file mode 100644 index 0000000..82f837b --- /dev/null +++ b/dec/Kconfig @@ -0,0 +1,15 @@ +# SPDX-License-Identifier: GPL-2.0-only +# +# Copyright (c) 2024 Huawei Device Co., Ltd +# +# Dec policy configuration +# + +menu "Dec policy" + +config SECURITY_DEC + bool "dec feature" + depends on CONFIG_ACCESS_TOKENID + default n + +endmenu diff --git a/dec/Makefile b/dec/Makefile new file mode 100644 index 0000000..9cf2d73 --- /dev/null +++ b/dec/Makefile @@ -0,0 +1,10 @@ +# SPDX-License-Identifier: GPL-2.0-only +# +# Copyright (c) 2024 Huawei Device Co., Ltd +# +# Makefile for dec module +# + +obj-$(CONFIG_SECURITY_DEC) += dec_misc.o + +ccflags-$(CONFIG_SECURITY_DEC) += -I$(srctree)/security/dec diff --git a/dec/apply_dec.sh b/dec/apply_dec.sh new file mode 100755 index 0000000..87c05ef --- /dev/null +++ b/dec/apply_dec.sh @@ -0,0 +1,28 @@ +#!/bin/bash +# SPDX-License-Identifier: GPL-2.0 +# Copyright (c) 2022 Huawei Device Co., Ltd. +# + +set -e + +OHOS_SOURCE_ROOT=$1 +KERNEL_BUILD_ROOT=$2 +PRODUCT_NAME=$3 +KERNEL_VERSION=$4 +DEC_SOURCE_ROOT=$OHOS_SOURCE_ROOT/kernel/linux/common_modules/dec + +function main() +{ + pushd . + + if [ ! -d " $KERNEL_BUILD_ROOT/security/dec" ]; then + mkdir $KERNEL_BUILD_ROOT/security/dec + fi + + cd $KERNEL_BUILD_ROOT/security/dec + ln -s -f $(realpath --relative-to=$KERNEL_BUILD_ROOT/security/dec/ $DEC_SOURCE_ROOT)/* ./ + + popd +} + +main diff --git a/dec/dec_misc.c b/dec/dec_misc.c new file mode 100644 index 0000000..bea24eb --- /dev/null +++ b/dec/dec_misc.c @@ -0,0 +1,176 @@ +/* SPDX-License-Identifier: GPL-2.0-only +* +* Copyright (c) 2024 Huawei Device Co., Ltd +* +* source for dec misc +* +*/ + +#include +#include +#include +#include +#include + +#include "dec_misc.h" + +#define PATH_MAX_LEN 4096 +#define DEC_FUNC_MAX 8 + +typedef int (*dec_func)(void __user *arg); +static dec_fun g_dec_func_array[8] = { + NULL, + set_dec_policy, + del_dec_policy, + query_dec_policy, + check_dec_policy, + destroy_dec_policy, + constraint_dec_policy, + deny_dec_policy, +}; + +static long dec_ioctl(struct file *file, unsigned int cmd, unsigned long arg) +{ + void __user *uarg = (void __user *)arg; + unsigned int func_idx = _IOC_NR(cmd); + + if (uarg == NULL) { + pr_err("[dec]%s: invalid user uarg\n", __func__); + return -EINVAL; + } + + if (_IOC_TYPE(cmd) != DEC_IOCTL_BASE) { + pr_err("[dec]%s: invalid magic, TYPE: %u\n", __func__, + _IOC_TYPE(cmd)); + return -EINVAL; + } + + if (func_cmd >= DEC_FUNC_MAX) { + pr_err("[dec]%s: invalid magic type: %u\n", __func__, func_idx); + return -EINVAL; + } + + if (g_dec_func_array[fun_idx]) + return (*g_dec_func_array[func_idx])(uarg); + + return -EINVAL; +} + +static int dec_open(struct inode *inode, struct file *filp) +{ + return 0; +} + +static int dec_release(struct inode *inode, struct file *filp) +{ + return 0; +} + +static const struct file_operations dec_fops = { + .owner = THIS_MODULE, + .open = dec_open, + .release = dec_release, + .unlocked_ioctl = dec_ioctl, + .compat_ioctl = dec_ioctl, +}; + +static struct miscdevice dec_misc = { + .minor = MISC_DYNAMIC_MINOR, + .name = "dec", + .fops = &dec_fops, +}; + +static int __init dec_init(void) +{ + int err = 0; + + err = misc_register(&dec_misc); + if (err < 0) { + pr_err("[dec]dec device init failed\n"); + return err; + } + + pr_err("[dec]dec device init success\n"); + return 0; +} + +static void __exit dec_exit(void) +{ + misc_deregister(&dec_misc); + pr_info("[dec]dec exited"); +} + +/* module entry points */ +module_init(dec_init); +module_exit(dec_exit); + +static int do_configure(void __user *arg) +{ + /* receive dec_info and print key infomation */ + struct dec_policy_info info = { 0 }; + if (arg == NULL) { + pr_err("[dec]Input arg invalid\n"); + return -EINVAL; + } + if (copy_from_user(&info, (struct dec_policy_info __user *)arg, + sizeof(info)) != 0) { + pr_err("[dec]Receive dec_policy_info failed!\n"); + return -EFAULT; + } + pr_err("[dec]Received data: tokenid=%lu, path_num=%u\n", info.tokenid, + info.path_num); + return 0; +} + +static int set_dec_policy(void __user *arg) +{ + pr_info("[dec]set_dec_policy\n"); + return do_configure(arg); +} + +static int del_dec_policy(void __user *arg) +{ + pr_info("[dec]del_dec_policy\n"); + return do_configure(arg); +} +static int query_dec_policy(void __user *arg) +{ + pr_info("[dec]query_dec_policy\n"); + return do_configure(arg); +} + +static int check_dec_policy(void __user *arg) +{ + pr_info("[dec]check_dec_policy\n"); + return do_configure(arg); +} + +static int destroy_dec_policy(void __user *arg) +{ + uint64_t tokenid = 0; + + if (arg == NULL) { + pr_err("[dec]Input arg invalid\n"); + return -EINVAL; + } + if (copy_from_user(&tokenid, arg, sizeof(tokenid)) != 0) { + pr_err("[dec]destroy_dec_policy receive tokenid failed!\n"); + return -EFAULT; + } + pr_info("[dec]destroy_dec_policy with tokenid: %lu\n", tokenid); + return 0; +} + +static int constraint_dec_policy(void __user *arg) +{ + pr_info("[dec]constraint_dec_policy\n"); + return do_configure(arg); +} + +static int deny_dec_policy(void __user *arg) +{ + pr_info("[dec]deny_dec_policy\n"); + return do_configure(arg); +} + +MODULE_LICENSE("GPL"); \ No newline at end of file diff --git a/dec/dec_misc.h b/dec/dec_misc.h new file mode 100644 index 0000000..50767a0 --- /dev/null +++ b/dec/dec_misc.h @@ -0,0 +1,61 @@ +/* SPDX-License-Identifier: GPL-2.0-only +* +* Copyright (c) 2024 Huawei Device Co., Ltd +* +* hearder for dec misc +* +*/ + +#ifndef _DEC_MISC_H +#define _DEC_MISC_H + +#include +#include +#include +#include + +#define MAX_PATH_NUM 32 + +#define DEV_DEC_MINOR 0x25 +#define DEC_IOCTL_BASE 's' +#define SET_POLICY_ID 1 +#define DEL_POLICY_ID 2 +#define QUERY_POLICY_ID 3 +#define CHECK_POLICY_ID 4 +#define DESTROY_POLICY_ID 5 +#define CONSTRAINT_POLICY_ID 6 +#define DENY_POLICY_ID 7 + +struct path_info; +struct dec_policy_info; + +#define SET_DEC_POLICY_CMD \ + _IOWR(DEC_IOCTL_BASE, SET_POLICY_ID, struct dec_policy_info) +#define DEL_DEC_POLICY_CMD \ + _IOWR(DEC_IOCTL_BASE, DEL_POLICY_ID, struct dec_policy_info) +#define QUERY_DEC_POLICY_CMD \ + _IOWR(DEC_IOCTL_BASE, QUERY_POLICY_ID, struct dec_policy_info) +#define CHECK_DEC_POLICY_CMD \ + _IOWR(DEC_IOCTL_BASE, CHECK_POLICY_ID, struct dec_policy_info) +#define DESTROY_DEC_POLICY_CMD \ + _IOWR(DEC_IOCTL_BASE, DESTROY_POLICY_ID, uint64_t) +#define CONSTRAINT_DEC_POLICY_CMD \ + _IOWR(DEC_IOCTL_BASE, CONSTRAINT_POLICY_ID, struct dec_policy_info) +#define DENY_DEC_POLICY_CMD \ + _IOWR(DEC_IOCTL_BASE, DENY_POLICY_ID, struct dec_policy_info) + +struct path_info { + char *path; + uint32_t path_len; + uint32_t mode; + bool ret_flag; +}; + +struct dec_policy_info { + uint64_t tokenid; + struct path_info path[MAX_PATH_NUM]; + uint32_t path_num; + bool persist_flag; +}; + +#endif /* _DEC_MISC_H */ \ No newline at end of file -- Gitee