From 8f9de06deef6310cd7d858cc2cbf9a886c01a4eb Mon Sep 17 00:00:00 2001 From: c30043414 Date: Mon, 18 Sep 2023 19:46:04 +0800 Subject: [PATCH] Signed-off-by: c30043414 Change-Id: Ia89c5a5c5447403f731343661f131f8b2a6dd996 Change-Id: I4b37ecef030bcd9bb523a62772e47827c1897041 --- LICENSE | 1 + OAT.xml | 2 ++ vma/Kconfig | 11 ++++++++++ vma/Makefile | 9 ++++++++ vma/apply_vma.sh | 32 +++++++++++++++++++++++++++ vma/vma_render.c | 57 ++++++++++++++++++++++++++++++++++++++++++++++++ vma/vma_render.h | 10 +++++++++ 7 files changed, 122 insertions(+) create mode 100755 vma/Kconfig create mode 100755 vma/Makefile create mode 100755 vma/apply_vma.sh create mode 100644 vma/vma_render.c create mode 100644 vma/vma_render.h diff --git a/LICENSE b/LICENSE index fc48fd2..dd8f155 100644 --- a/LICENSE +++ b/LICENSE @@ -2,5 +2,6 @@ ./newip/ ./xpm/ ./qos_auth/ + ./vma/ As for the specific use of the licenses, please refer to the relevant description in the documents. diff --git a/OAT.xml b/OAT.xml index 9de7aac..6fa5a40 100644 --- a/OAT.xml +++ b/OAT.xml @@ -60,9 +60,11 @@ Note:If the text contains special characters, please escape them according to th + + diff --git a/vma/Kconfig b/vma/Kconfig new file mode 100755 index 0000000..962b86b --- /dev/null +++ b/vma/Kconfig @@ -0,0 +1,11 @@ +# SPDX-License-Identifier: GPL-2.0-or-later +# Copyright (c) 2023 Huawei Device Co., Ltd. +# +# Config for hide excutable memory address of render process manager +# +config HIDE_RENDER_ADDRESS + default n + bool "Hide excutable memory address in proc/[render]/maps " + help + Select show address about anonymous area of the render process memory + with -rx- permissions or not. diff --git a/vma/Makefile b/vma/Makefile new file mode 100755 index 0000000..3770ce6 --- /dev/null +++ b/vma/Makefile @@ -0,0 +1,9 @@ +# SPDX-License-Identifier: GPL-2.0-or-later +# +# Copyright (c) 2023 Huawei Device Co., Ltd. +# +# Makefile for hide excutable memory address of render process manager module +# + +ccflags-$(CONFIG_HIDE_RENDER_ADDRESS) += -I$(srctree)/fs/proc +proc-$(CONFIG_HIDE_RENDER_ADDRESS) += vma_render.o diff --git a/vma/apply_vma.sh b/vma/apply_vma.sh new file mode 100755 index 0000000..c5401bf --- /dev/null +++ b/vma/apply_vma.sh @@ -0,0 +1,32 @@ +#!/bin/bash +# SPDX-License-Identifier: GPL-2.0 +# Copyright (c) 2022 Huawei Device Co., Ltd. +# +# Description: Create a symbolic link for vma_render in Linux 5.10 +# + +set -e + +OHOS_SOURCE_ROOT=$1 +KERNEL_BUILD_ROOT=$2 +PRODUCT_NAME=$3 +KERNEL_VERSION=$4 +VMA_SOURCE_ROOT=$OHOS_SOURCE_ROOT/kernel/linux/common_modules/vma + +function main() +{ + pushd . + +# if [ ! -d "$KERNEL_BUILD_ROOT/fs/proc" ]; then +# mkdir $KERNEL_BUILD_ROOT/fs/proc +# fi +# +# cd $KERNEL_BUILD_ROOT/fs/proc +# ln -s -f $(realpath --relative-to=$KERNEL_BUILD_ROOT/fs/proc $VMA_SOURCE_ROOT)/* ./ +# + cd $KERNEL_BUILD_ROOT/fs/proc + ln -s -f ../../common_moudles/vma vma + popd +} + +main diff --git a/vma/vma_render.c b/vma/vma_render.c new file mode 100644 index 0000000..59245c0 --- /dev/null +++ b/vma/vma_render.c @@ -0,0 +1,57 @@ +#include "vma_render.h" +#include +#include +#include +#include +#include +#include + +#define PROCESS_LABEL "u:r:isolated_render:s0" + +bool is_render_task_vma(struct seq_file *m, struct vm_area_struct *vma) +{ + struct inode *inode_task = file_inode(m->file); + char *current_label = NULL; + int rc; + u32 secid; + u32 secctx_sz = 0; + bool is_render = false; + bool is_exec = false; + bool is_anon = false; + struct task_struct *task = get_proc_task(inode_task); + const char *name = NULL; + vm_flags_t flags = vma->vm_flags; + + security_cred_getsecid(task->cred, &secid); + rc = security_secid_to_secctx(secid, ¤t_label, &secctx_sz); + if (!rc) { + if (strcmp(current_label, PROCESS_LABEL) == 0) { + is_render = true; + } + } + + if (flags & VM_EXEC) { + is_exec = true; + } + + name = arch_vma_name(vma); + if (!name) { + struct anon_vma_name *anon_name; + anon_name = anon_vma_name(vma); + if (anon_name) { + is_anon = true; + } + } + + return is_exec && is_render && is_anon; +} + +void hck_show_map_vma(unsigned long *start, unsigned long *end, vm_flags_t *flags, + struct seq_file *m, struct vm_area_struct *vma) { + + if (is_render_task_vma(m, vma)) { + *start = NULL; + *end = NULL; + *flags = NULL; + } +} \ No newline at end of file diff --git a/vma/vma_render.h b/vma/vma_render.h new file mode 100644 index 0000000..aa270f8 --- /dev/null +++ b/vma/vma_render.h @@ -0,0 +1,10 @@ +#ifndef _VMA_RENDER +#define _VMA_RENDER + +#include +#include + +void hck_show_map_vma(unsigned long *start, unsigned long *end, vm_flags_t *flags, + struct seq_file *m, struct vm_area_struct *vma); + +#endif \ No newline at end of file -- Gitee