moonjuice/kernel_arpi
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

ANDROID: GKI: Protect exports of protected GKI modules

Browse Source 
Implement support for protecting the exported symbols of
protected GKI modules.

Only signed GKI modules are permitted to export symbols
listed in the android/abi_gki_protected_exports file.
Attempting to export these symbols from an unsigned module
will result in the module failing to load, with a
'Permission denied' error message.

Bug: 232430739
Test: TH
Change-Id: I3e8b330938e116bb2e022d356ac0d55108a84a01
Signed-off-by: Ramji Jiyani <ramjiyani@google.com>
This commit is contained in:
Ramji Jiyani
2022-12-16 06:32:13 +00:00
committed by Treehugger Robot
parent 5e28b84896
commit fd1e768866
6 changed files with 54 additions and 13 deletions
Download Patch File Download Diff File Expand all files Collapse all files

5
kernel/module-internal.h
View File

@@ -32,9 +32,14 @@ extern int mod_verify_sig(const void *mod, struct load_info *info);
#ifdef CONFIG_MODULE_SIG_PROTECT
extern bool gki_is_module_unprotected_symbol(const char *name);
extern bool gki_is_module_protected_export(const char *name);
#else
static inline bool gki_is_module_unprotected_symbol(const char *name)
{
return 1;
}
static inline bool gki_is_module_protected_export(const char *name)
{
return 0;
}
#endif /* CONFIG_MODULE_SIG_PROTECT */