diff --git a/LICENSE b/LICENSE index fc48fd28904f6680c1da24e70d27c7ffb7a31c16..dd8f155da637ccf9fa67aed0c1760fb6ab85da99 100644 --- a/LICENSE +++ b/LICENSE @@ -2,5 +2,6 @@ ./newip/ ./xpm/ ./qos_auth/ + ./vma/ As for the specific use of the licenses, please refer to the relevant description in the documents. diff --git a/vma/Kconfig b/vma/Kconfig new file mode 100755 index 0000000000000000000000000000000000000000..ab6cb621d9dac860862dcde8d4669704d030cf5f --- /dev/null +++ b/vma/Kconfig @@ -0,0 +1,11 @@ +# SPDX-License-Identifier: GPL-2.0-or-later +# Copyright (c) 2023 Huawei Device Co., Ltd. +# +# Config for hide excutable memory address of render process manager +# +config HIDE_RENDER_ADDRESS + default n + bool "Hide excutable memory address in proc/[render]/maps " + help + Select show address about anonymous area of the render process memory + with -rx- permissions or not. diff --git a/vma/Makefile b/vma/Makefile new file mode 100755 index 0000000000000000000000000000000000000000..d7cbd17da49801b468b0984acc8da36c76e3fd12 --- /dev/null +++ b/vma/Makefile @@ -0,0 +1,9 @@ +# SPDX-License-Identifier: GPL-2.0-or-later +# +# Copyright (c) 2023 Huawei Device Co., Ltd. +# +# Makefile for hide excutable memory address of render process manager module +# + +ccflags-$(CONFIG_HIDE_RENDER_ADDRESS) += -I$(srctree)/fs/proc +proc-$(CONFIG_HIDE_RENDER_ADDRESS) += vma_render.o diff --git a/vma/apply_vma.sh b/vma/apply_vma.sh new file mode 100755 index 0000000000000000000000000000000000000000..541630b7faaaa686df01bea087b2317db10a63dc --- /dev/null +++ b/vma/apply_vma.sh @@ -0,0 +1,30 @@ +#!/bin/bash +# SPDX-License-Identifier: GPL-2.0 +# Copyright (c) 2022 Huawei Device Co., Ltd. +# +# Description: Create a symbolic link for vma_render in Linux 5.10 +# + +set -e + +OHOS_SOURCE_ROOT=$1 +KERNEL_BUILD_ROOT=$2 +PRODUCT_NAME=$3 +KERNEL_VERSION=$4 +VMA_SOURCE_ROOT=$OHOS_SOURCE_ROOT/kernel/linux/common_modules/vma + +function main() +{ + pushd . + + if [ ! -d "$KERNEL_BUILD_ROOT/fs/proc" ]; then + mkdir $KERNEL_BUILD_ROOT/fs/proc + fi + + cd $KERNEL_BUILD_ROOT/fs/proc + ln -s -f $(realpath --relative-to=$KERNEL_BUILD_ROOT/fs/proc $VMA_SOURCE_ROOT)/* ./ + + popd +} + +main diff --git a/vma/vma_render.c b/vma/vma_render.c new file mode 100644 index 0000000000000000000000000000000000000000..0b7c74b9d2cc1cbe16034e925f99529bc3ef88b8 --- /dev/null +++ b/vma/vma_render.c @@ -0,0 +1,57 @@ +#include "vma_render.h" +#include +#include +#include +#include +#include +#include + +#define PROCESS_LABEL "u:r:isolated_render:s0" + +bool is_render_task_vma(struct seq_file *m, struct vm_area_struct *vma) +{ + struct inode *inode_task = file_inode(m->file); + char *current_label = NULL; + int rc; + u32 secid; + u32 secctx_sz = 0; + bool is_render = false; + bool is_exec = false; + bool is_anon = false; + struct task_struct *task = get_proc_task(inode_task); + const char *name = NULL; + vm_flags_t flags = vma->vm_flags; + + security_cred_getsecid(task->cred, &secid); + rc = security_secid_to_secctx(secid, ¤t_label, &secctx_sz); + if (!rc) { + if (strcmp(current_label, PROCESS_LABEL) == 0) { + is_render = true; + } + } + + if (flags & VM_EXEC) { + is_exec = true; + } + + name = arch_vma_name(vma); + if (!name) { + struct anon_vma_name *anon_name; + anon_name = anon_vma_name(vma); + if (anon_name) { + is_anon = true; + } + } + + return is_exec && is_render && is_anon; +} + +void hck_show_map_vma(unsigned long *start, unsigned long *end, vm_flags_t *flags, + struct seq_file *m, struct vm_area_struct *vma) { + + if (is_render_task_vma(m, vma)) { + *start = NULL; + *end = NULL; + *flags = NULL; + } +} \ No newline at end of file diff --git a/vma/vma_render.h b/vma/vma_render.h new file mode 100644 index 0000000000000000000000000000000000000000..5eb9a95b455de960912050151b8970b0882e06c6 --- /dev/null +++ b/vma/vma_render.h @@ -0,0 +1,10 @@ +#ifndef _VMA_RENDER +#define _VMA_RENDER + +#include +#include + +void hck_show_map_vma(unsigned long *start, unsigned long *end, vm_flags_t *flags, + struct seq_file *m, struct vm_area_struct *vma); + +#endif \ No newline at end of file