moonjuice/kernel_arpi
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Revert "ANDROID: GKI: Add module load time protected symbol lookup"

Browse Source 
This reverts commit f8bd6cf70d.

Reason for revert: Part of old protected/unprotected module implemenation.
It is being replaced by a new design listed as option 2A at
go/gki-modules-build-integration

Bug: 232430739
Test: TH
Signed-off-by: Ramji Jiyani <ramjiyani@google.com>
Change-Id: I0fbb4e4aede5f94c3454ea4be1735c837cae5118
This commit is contained in:
Ramji Jiyani
2022-09-21 14:01:42 -07:00
parent 89ec07979b
commit 734319f979
7 changed files with 1 additions and 115 deletions
Download Patch File Download Diff File Expand all files Collapse all files

1
android/abi_gki_modules_exports
View File

@@ -1 +0,0 @@
[abi_symbol_list]

1
android/abi_gki_modules_protected
View File

@@ -1 +0,0 @@
[abi_symbol_list]

14
init/Kconfig
View File

@@ -2205,20 +2205,6 @@ config MODULE_SIG_FORCE
Reject unsigned modules or signed modules for which we don't have a Reject unsigned modules or signed modules for which we don't have a
key. Without this, such modules will simply taint the kernel. key. Without this, such modules will simply taint the kernel.
config MODULE_SIG_PROTECT
bool "Android GKI module protection"
depends on MODULE_SIG && !MODULE_SIG_FORCE
select MODULE_SIG_ALL
help
Enables Android GKI symbol and export protection support.
This modifies the behavior of the MODULE_SIG_FORCE as follows:
- Allows Android GKI Modules signed using MODULE_SIG_ALL during build.
- Allows other modules to load if they don't violate the access to
Android GKI protected symbols and do not export the symbols already
exported by the Android GKI modules. Loading will fail and return
-EACCES (Permission denied) if symbol access contidions are not met.
config MODULE_SIG_ALL config MODULE_SIG_ALL
bool "Automatically sign all modules" bool "Automatically sign all modules"
default y default y

17
kernel/Makefile
View File

@@ -69,7 +69,6 @@ obj-$(CONFIG_UID16) += uid16.o
obj-$(CONFIG_MODULES) += module.o obj-$(CONFIG_MODULES) += module.o
obj-$(CONFIG_MODULE_SIG) += module_signing.o obj-$(CONFIG_MODULE_SIG) += module_signing.o
obj-$(CONFIG_MODULE_SIG_FORMAT) += module_signature.o obj-$(CONFIG_MODULE_SIG_FORMAT) += module_signature.o
obj-$(CONFIG_MODULE_SIG_PROTECT) += gki_module.o
obj-$(CONFIG_KALLSYMS) += kallsyms.o obj-$(CONFIG_KALLSYMS) += kallsyms.o
obj-$(CONFIG_BSD_PROCESS_ACCT) += acct.o obj-$(CONFIG_BSD_PROCESS_ACCT) += acct.o
obj-$(CONFIG_CRASH_CORE) += crash_core.o obj-$(CONFIG_CRASH_CORE) += crash_core.o
@@ -161,19 +160,3 @@ $(obj)/kheaders_data.tar.xz: FORCE
$(call cmd,genikh) $(call cmd,genikh)
clean-files := kheaders_data.tar.xz kheaders.md5 clean-files := kheaders_data.tar.xz kheaders.md5
#
# ANDROID: GKI: Generate headerfiles required for gki_module.o
#
# Dependencies on generated files need to be listed explicitly
$(obj)/gki_module.o: $(obj)/gki_module_protected.h $(obj)/gki_module_exported.h
$(obj)/gki_module_protected.h: $(srctree)/android/abi_gki_modules_protected \
$(srctree)/scripts/gen_gki_modules_headers.sh
$(Q)$(CONFIG_SHELL) $(srctree)/scripts/gen_gki_modules_headers.sh $@ \
"$(srctree)"
$(obj)/gki_module_exported.h: $(srctree)/android/abi_gki_modules_exports \
$(srctree)/scripts/gen_gki_modules_headers.sh
$(Q)$(CONFIG_SHELL) $(srctree)/scripts/gen_gki_modules_headers.sh $@ \
"$(srctree)"

50
kernel/gki_module.c
View File

@@ -1,50 +0,0 @@
// SPDX-License-Identifier: GPL-2.0-only
/*
* Copyright 2021 Google LLC
* Author: ramjiyani@google.com (Ramji Jiyani)
*/
#include <linux/bsearch.h>
#include <linux/errno.h>
#include <linux/kernel.h>
#include <linux/printk.h>
#include <linux/string.h>
/*
* Build time generated header files
*
* gki_module_exported.h -- Symbols protected from _export_ by unsigned modules
* gki_module_protected.h -- Symbols protected from _access_ by unsigned modules
*/
#include "gki_module_protected.h"
#include "gki_module_exported.h"
#define MAX_STRCMP_LEN (max(MAX_PROTECTED_NAME_LEN, MAX_EXPORTED_NAME_LEN))
/* bsearch() comparision callback */
static int cmp_name(const void *sym, const void *protected_sym)
{
return strncmp(sym, protected_sym, MAX_STRCMP_LEN);
}
/**
* gki_is_module_protected_symbol - Is a symbol protected from unsigned module?
*
* @name: Symbol being checked against protection from unsigned module
*/
bool gki_is_module_protected_symbol(const char *name)
{
return bsearch(name, gki_protected_symbols, NO_OF_PROTECTED_SYMBOLS,
MAX_PROTECTED_NAME_LEN, cmp_name) != NULL;
}
/**
* gki_is_module_exported_symbol - Is a symbol exported from a GKI module?
*
* @name: Symbol being checked against exported symbols from GKI modules
*/
bool gki_is_module_exported_symbol(const char *name)
{
return bsearch(name, gki_exported_symbols, NO_OF_EXPORTED_SYMBOLS,
MAX_EXPORTED_NAME_LEN, cmp_name) != NULL;
}

14
kernel/module-internal.h
View File

@@ -29,17 +29,3 @@ struct load_info {
}; };
extern int mod_verify_sig(const void *mod, struct load_info *info); extern int mod_verify_sig(const void *mod, struct load_info *info);
#ifdef CONFIG_MODULE_SIG_PROTECT
extern bool gki_is_module_exported_symbol(const char *name);
extern bool gki_is_module_protected_symbol(const char *name);
#else
static inline bool gki_is_module_exported_symbol(const char *name)
{
return 0;
}
static inline bool gki_is_module_protected_symbol(const char *name)
{
return 0;
}
#endif /* CONFIG_MODULE_SIG_PROTECT */

19
kernel/module.c
View File

@@ -271,7 +271,7 @@ static void module_assert_mutex_or_preempt(void)
#endif #endif
} }
#if defined(CONFIG_MODULE_SIG) && !defined(CONFIG_MODULE_SIG_PROTECT) #ifdef CONFIG_MODULE_SIG
static bool sig_enforce = IS_ENABLED(CONFIG_MODULE_SIG_FORCE); static bool sig_enforce = IS_ENABLED(CONFIG_MODULE_SIG_FORCE);
module_param(sig_enforce, bool_enable_only, 0644); module_param(sig_enforce, bool_enable_only, 0644);
@@ -2267,14 +2267,6 @@ static int verify_exported_symbols(struct module *mod)
.name = kernel_symbol_name(s), .name = kernel_symbol_name(s),
.gplok = true, .gplok = true,
}; };
if (!mod->sig_ok && gki_is_module_exported_symbol(
kernel_symbol_name(s))) {
pr_err("%s: exporting protected symbol(%s)\n",
mod->name, kernel_symbol_name(s));
return -EACCES;
}
if (find_symbol(&fsa)) { if (find_symbol(&fsa)) {
pr_err("%s: exports duplicate symbol %s" pr_err("%s: exports duplicate symbol %s"
" (owned by %s)\n", " (owned by %s)\n",
@@ -2342,13 +2334,6 @@ static int simplify_symbols(struct module *mod, const struct load_info *info)
break; break;
case SHN_UNDEF: case SHN_UNDEF:
if (!mod->sig_ok &&
gki_is_module_protected_symbol(name)) {
pr_err("%s: is not an Android GKI signed module. It can not access protected symbol: %s\n",
mod->name, name);
return -EACCES;
}
ksym = resolve_symbol_wait(mod, info, name); ksym = resolve_symbol_wait(mod, info, name);
/* Ok if resolved. */ /* Ok if resolved. */
if (ksym && !IS_ERR(ksym)) { if (ksym && !IS_ERR(ksym)) {
@@ -4060,8 +4045,6 @@ static int load_module(struct load_info *info, const char __user *uargs,
"kernel\n", mod->name); "kernel\n", mod->name);
add_taint_module(mod, TAINT_UNSIGNED_MODULE, LOCKDEP_STILL_OK); add_taint_module(mod, TAINT_UNSIGNED_MODULE, LOCKDEP_STILL_OK);
} }
#else
mod->sig_ok = 0;
#endif #endif
/* To avoid stressing percpu allocator, do this once we're unique. */ /* To avoid stressing percpu allocator, do this once we're unique. */