Revert "ANDROID: GKI: Add module load time protected symbol lookup"

This reverts commit f8bd6cf70d. Reason for revert: Part of old protected/unprotected module implemenation. It is being replaced by a new design listed as option 2A at go/gki-modules-build-integration Bug: 232430739 Test: TH Signed-off-by: Ramji Jiyani <ramjiyani@google.com> Change-Id: I0fbb4e4aede5f94c3454ea4be1735c837cae5118
2022-09-21 14:01:42 -07:00
parent 89ec07979b
commit 734319f979
7 changed files with 1 additions and 115 deletions
--- a/android/abi_gki_modules_exports
+++ b/android/abi_gki_modules_exports
@@ -1 +0,0 @@
-[abi_symbol_list]
--- a/android/abi_gki_modules_protected
+++ b/android/abi_gki_modules_protected
@@ -1 +0,0 @@
-[abi_symbol_list]
--- a/init/Kconfig
+++ b/init/Kconfig
@@ -2205,20 +2205,6 @@ config MODULE_SIG_FORCE
 	  Reject unsigned modules or signed modules for which we don't have a
 	  key.  Without this, such modules will simply taint the kernel.

-config MODULE_SIG_PROTECT
-	bool "Android GKI module protection"
-	depends on MODULE_SIG && !MODULE_SIG_FORCE
-	select MODULE_SIG_ALL
-	help
-	  Enables Android GKI symbol and export protection support.
-
-	  This modifies the behavior of the MODULE_SIG_FORCE as follows:
-	  - Allows Android GKI Modules signed using MODULE_SIG_ALL during build.
-	  - Allows other modules to load if they don't violate the access to
-	    Android GKI protected symbols and do not export the symbols already
-	    exported by the Android GKI modules. Loading will fail and return
-	    -EACCES (Permission denied) if symbol access contidions are not met.
-
 config MODULE_SIG_ALL
 	bool "Automatically sign all modules"
 	default y
--- a/kernel/Makefile
+++ b/kernel/Makefile
@@ -69,7 +69,6 @@ obj-$(CONFIG_UID16) += uid16.o
 obj-$(CONFIG_MODULES) += module.o
 obj-$(CONFIG_MODULE_SIG) += module_signing.o
 obj-$(CONFIG_MODULE_SIG_FORMAT) += module_signature.o
-obj-$(CONFIG_MODULE_SIG_PROTECT) += gki_module.o
 obj-$(CONFIG_KALLSYMS) += kallsyms.o
 obj-$(CONFIG_BSD_PROCESS_ACCT) += acct.o
 obj-$(CONFIG_CRASH_CORE) += crash_core.o
@@ -161,19 +160,3 @@ $(obj)/kheaders_data.tar.xz: FORCE
 	$(call cmd,genikh)

 clean-files := kheaders_data.tar.xz kheaders.md5
-
-#
-# ANDROID: GKI: Generate headerfiles required for gki_module.o
-#
-# Dependencies on generated files need to be listed explicitly
-$(obj)/gki_module.o: $(obj)/gki_module_protected.h $(obj)/gki_module_exported.h
-
-$(obj)/gki_module_protected.h: $(srctree)/android/abi_gki_modules_protected \
-				$(srctree)/scripts/gen_gki_modules_headers.sh
-	$(Q)$(CONFIG_SHELL) $(srctree)/scripts/gen_gki_modules_headers.sh $@ \
-	"$(srctree)"
-
-$(obj)/gki_module_exported.h: $(srctree)/android/abi_gki_modules_exports \
-				$(srctree)/scripts/gen_gki_modules_headers.sh
-	$(Q)$(CONFIG_SHELL) $(srctree)/scripts/gen_gki_modules_headers.sh $@ \
-	"$(srctree)"
--- a/kernel/gki_module.c
+++ b/kernel/gki_module.c
@@ -1,50 +0,0 @@
-// SPDX-License-Identifier: GPL-2.0-only
-/*
- * Copyright 2021 Google LLC
- * Author: ramjiyani@google.com (Ramji Jiyani)
- */
-
-#include <linux/bsearch.h>
-#include <linux/errno.h>
-#include <linux/kernel.h>
-#include <linux/printk.h>
-#include <linux/string.h>
-
-/*
- * Build time generated header files
- *
- * gki_module_exported.h -- Symbols protected from _export_ by unsigned modules
- * gki_module_protected.h -- Symbols protected from _access_ by unsigned modules
- */
-#include "gki_module_protected.h"
-#include "gki_module_exported.h"
-
-#define MAX_STRCMP_LEN (max(MAX_PROTECTED_NAME_LEN, MAX_EXPORTED_NAME_LEN))
-
-/* bsearch() comparision callback */
-static int cmp_name(const void *sym, const void *protected_sym)
-{
-	return strncmp(sym, protected_sym, MAX_STRCMP_LEN);
-}
-
-/**
- * gki_is_module_protected_symbol - Is a symbol protected from unsigned module?
- *
- * @name:	Symbol being checked against protection from unsigned module
- */
-bool gki_is_module_protected_symbol(const char *name)
-{
-	return bsearch(name, gki_protected_symbols, NO_OF_PROTECTED_SYMBOLS,
-		       MAX_PROTECTED_NAME_LEN, cmp_name) != NULL;
-}
-
-/**
- * gki_is_module_exported_symbol - Is a symbol exported from a GKI module?
- *
- * @name:	Symbol being checked against exported symbols from GKI modules
- */
-bool gki_is_module_exported_symbol(const char *name)
-{
-	return bsearch(name, gki_exported_symbols, NO_OF_EXPORTED_SYMBOLS,
-		       MAX_EXPORTED_NAME_LEN, cmp_name) != NULL;
-}
--- a/kernel/module-internal.h
+++ b/kernel/module-internal.h
@@ -29,17 +29,3 @@ struct load_info {
 };

 extern int mod_verify_sig(const void *mod, struct load_info *info);
-
-#ifdef CONFIG_MODULE_SIG_PROTECT
-extern bool gki_is_module_exported_symbol(const char *name);
-extern bool gki_is_module_protected_symbol(const char *name);
-#else
-static inline bool gki_is_module_exported_symbol(const char *name)
-{
-	return 0;
-}
-static inline bool gki_is_module_protected_symbol(const char *name)
-{
-	return 0;
-}
-#endif /* CONFIG_MODULE_SIG_PROTECT */
--- a/kernel/module.c
+++ b/kernel/module.c
@@ -271,7 +271,7 @@ static void module_assert_mutex_or_preempt(void)
 #endif
 }

-#if defined(CONFIG_MODULE_SIG) && !defined(CONFIG_MODULE_SIG_PROTECT)
+#ifdef CONFIG_MODULE_SIG
 static bool sig_enforce = IS_ENABLED(CONFIG_MODULE_SIG_FORCE);
 module_param(sig_enforce, bool_enable_only, 0644);

@@ -2267,14 +2267,6 @@ static int verify_exported_symbols(struct module *mod)
 				.name	= kernel_symbol_name(s),
 				.gplok	= true,
 			};
-
-			if (!mod->sig_ok && gki_is_module_exported_symbol(
-						    kernel_symbol_name(s))) {
-				pr_err("%s: exporting protected symbol(%s)\n",
-				       mod->name, kernel_symbol_name(s));
-				return -EACCES;
-			}
-
 			if (find_symbol(&fsa)) {
 				pr_err("%s: exports duplicate symbol %s"
 				       " (owned by %s)\n",
@@ -2342,13 +2334,6 @@ static int simplify_symbols(struct module *mod, const struct load_info *info)
 			break;

 		case SHN_UNDEF:
-			if (!mod->sig_ok &&
-			    gki_is_module_protected_symbol(name)) {
-				pr_err("%s: is not an Android GKI signed module. It can not access protected symbol: %s\n",
-				       mod->name, name);
-				return -EACCES;
-			}
-
 			ksym = resolve_symbol_wait(mod, info, name);
 			/* Ok if resolved.  */
 			if (ksym && !IS_ERR(ksym)) {
@@ -4060,8 +4045,6 @@ static int load_module(struct load_info *info, const char __user *uargs,
 			       "kernel\n", mod->name);
 		add_taint_module(mod, TAINT_UNSIGNED_MODULE, LOCKDEP_STILL_OK);
 	}
-#else
-	mod->sig_ok = 0;
 #endif

 	/* To avoid stressing percpu allocator, do this once we're unique. */