moonjuice/kernel_arpi
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
1,061,497 Commits 7 Branches 0 Tags
4612862d6de6329175b46521d83b10a82f92bd76
Commit Graph

5 Commits

Author SHA1 Message Date
Ramji Jiyani
e7451150cb ANDROID: GKI: Add module load time symbol protection 
Add CONFIG_MODULE_SIG_PROTECT to enable lookup for the unprotected
symbols from the build time generated list of symbols.

Module loading behavior will change as follows:
- Allows Android GKI Modules signed using MODULE_SIG_ALL during build.
- Allows other modules to load if they don't violate the access to
  Android GKI protected symbols. Loading will fail and return
  -EACCES (Permission denied) if these modules access the symbol which
  is not allowlisted via symbol list or exported by a GKI module.

Bug: 232430739
Test: TH
Signed-off-by: Ramji Jiyani <ramjiyani@google.com>
Change-Id: I751b1951241b45712c20ac0e3878abd2152dd002
 2022-09-30 17:41:39 +00:00
Ramji Jiyani
ea705b4ac3 Revert "ANDROID: GKI: Add script to generate symbol protection headers" 
This reverts commit 31d5735baf.

Reason for revert: Part of old protected/unprotected module implemenation.
It is being replaced by a new design listed as option 2A at
go/gki-modules-build-integration

Bug: 232430739
Test: TH
Signed-off-by: Ramji Jiyani <ramjiyani@google.com>
Change-Id: I649c57196b167d9452e5e6d3b2af2dd8c1d4bcdd
 2022-09-30 17:41:39 +00:00
Ramji Jiyani
94442686bc Revert "ANDROID: GKI: remove info print for header generation" 
This reverts commit 438c43687f.

Reason for revert: Part of old protected/unprotected module implemenation.
It is being replaced by a new design listed as option 2A at
go/gki-modules-build-integration

Bug: 232430739
Test: TH

Signed-off-by: Ramji Jiyani <ramjiyani@google.com>
Change-Id: I994b0ce0f30c4098bc5d3d2560b10a117486cc1f
 2022-09-30 17:41:39 +00:00
Ramji Jiyani
438c43687f ANDROID: GKI: remove info print for header generation 
Script doesn't honor the Kernel's quiet command
mechanism with KBuild; so need to remove info
only echo. Added set -x in case make V=1 for keeping
debugging handy for script in the future.

Bug: 234116152
Test: TH
Signed-off-by: Ramji Jiyani <ramjiyani@google.com>
Change-Id: Iea881816b9bc8c47157a33da67d6cf5f8357a7be
(cherry picked from commit 08a1879c87)
 2022-06-10 18:21:21 +00:00
Ramji Jiyani
31d5735baf ANDROID: GKI: Add script to generate symbol protection headers 
Called By: KERNEL_SRC/kernel/Makefile if CONFIG_MODULE_SIG_PROTECT=y

Generates headers required by gki_modules.c from symbol lists:

gki_module_protected.h: from android/abi_gki_modules_protected
gki_module_exported.h: from android/abi_gki_modules_exports

Bug: 200082547
Test: Treehugger
Signed-off-by: Ramji Jiyani <ramjiyani@google.com>
Change-Id: Ibcc6e6fe0ad6c7850d48f7c0a283c7f9b06e4456
(cherry picked from commit 23cd26aab14d813fd73eced18988bae06d5b9334)
 2022-01-05 18:38:02 +00:00