ANDROID: GKI: Add module load time symbol protection

Add CONFIG_MODULE_SIG_PROTECT to enable lookup for the unprotected symbols from the build time generated list of symbols. Module loading behavior will change as follows: - Allows Android GKI Modules signed using MODULE_SIG_ALL during build. - Allows other modules to load if they don't violate the access to Android GKI protected symbols. Loading will fail and return -EACCES (Permission denied) if these modules access the symbol which is not allowlisted via symbol list or exported by a GKI module. Bug: 232430739 Test: TH Signed-off-by: Ramji Jiyani <ramjiyani@google.com> Change-Id: I751b1951241b45712c20ac0e3878abd2152dd002
2022-09-21 14:26:52 -07:00
parent ea705b4ac3
commit e7451150cb
8 changed files with 201 additions and 4 deletions
--- a/kernel/gki_module.c
+++ b/kernel/gki_module.c
@@ -0,0 +1,35 @@
+// SPDX-License-Identifier: GPL-2.0-only
+/*
+ * Copyright 2022 Google LLC
+ * Author: ramjiyani@google.com (Ramji Jiyani)
+ */
+
+#include <linux/bsearch.h>
+#include <linux/errno.h>
+#include <linux/kernel.h>
+#include <linux/printk.h>
+#include <linux/string.h>
+
+/*
+ * Build time generated header files
+ *
+ * gki_module_unprotected.h -- Symbols allowed to _access_ by unsigned modules
+ */
+#include "gki_module_unprotected.h"
+
+/* bsearch() comparision callback */
+static int cmp_name(const void *sym, const void *protected_sym)
+{
+	return strncmp(sym, protected_sym, MAX_UNPROTECTED_NAME_LEN);
+}
+
+/**
+ * gki_is_module_unprotected_symbol - Is a symbol unprotected for unsigned module?
+ *
+ * @name:	Symbol being checked in list of unprotected symbols
+ */
+bool gki_is_module_unprotected_symbol(const char *name)
+{
+	return bsearch(name, gki_unprotected_symbols, NO_OF_UNPROTECTED_SYMBOLS,
+		       MAX_UNPROTECTED_NAME_LEN, cmp_name) != NULL;
+}