scripts/gen_gki_modules_headers.sh:
Add an option to only keep unique symbols during the
symbol list prep phase as for header generation symbol
list needs to be unique union of all vendor symbol
lists in an ascending order.
This reduces the array size and improves the lookup
time for the binary search.
Bug: 232430739
Test: TH
Fixes: 0a903fe828 ("ANDROID: GKI: Header generation fix and improvements")
Change-Id: Ib6868f5a8eb0b3713e192bec111804e993e3d085
Signed-off-by: Ramji Jiyani <ramjiyani@google.com>
Remove dependency on kleaf intermediate abi_symbollist.raw
and use vendor symbol lists as dependencies for header
generation targets. This prevents the feature to break in
case kleaf path and/or sandboxes changes and rebuilds the
header files if any vendor symbol list changes.
Update the header generation script to process the symbol lists
before generating headers to make sure symbols are in byte order,
any symbol list marker, whitespaces and emptylines are removed
for kernel binary search API.
Bug: 232430739
Test: TH
Change-Id: Ib5783fb21543844dac7faf1fb0fcf3e7bd2bf608
Signed-off-by: Ramji Jiyani <ramjiyani@google.com>
Implement support for protecting the exported symbols of
protected GKI modules.
Only signed GKI modules are permitted to export symbols
listed in the android/abi_gki_protected_exports file.
Attempting to export these symbols from an unsigned module
will result in the module failing to load, with a
'Permission denied' error message.
Bug: 232430739
Test: TH
Change-Id: I3e8b330938e116bb2e022d356ac0d55108a84a01
Signed-off-by: Ramji Jiyani <ramjiyani@google.com>
Add CONFIG_MODULE_SIG_PROTECT to enable lookup for the unprotected
symbols from the build time generated list of symbols.
Module loading behavior will change as follows:
- Allows Android GKI Modules signed using MODULE_SIG_ALL during build.
- Allows other modules to load if they don't violate the access to
Android GKI protected symbols. Loading will fail and return
-EACCES (Permission denied) if these modules access the symbol which
is not allowlisted via symbol list or exported by a GKI module.
Bug: 232430739
Test: TH
Signed-off-by: Ramji Jiyani <ramjiyani@google.com>
Change-Id: I751b1951241b45712c20ac0e3878abd2152dd002
This reverts commit 31d5735baf.
Reason for revert: Part of old protected/unprotected module implemenation.
It is being replaced by a new design listed as option 2A at
go/gki-modules-build-integration
Bug: 232430739
Test: TH
Signed-off-by: Ramji Jiyani <ramjiyani@google.com>
Change-Id: I649c57196b167d9452e5e6d3b2af2dd8c1d4bcdd
This reverts commit 438c43687f.
Reason for revert: Part of old protected/unprotected module implemenation.
It is being replaced by a new design listed as option 2A at
go/gki-modules-build-integration
Bug: 232430739
Test: TH
Signed-off-by: Ramji Jiyani <ramjiyani@google.com>
Change-Id: I994b0ce0f30c4098bc5d3d2560b10a117486cc1f
Script doesn't honor the Kernel's quiet command
mechanism with KBuild; so need to remove info
only echo. Added set -x in case make V=1 for keeping
debugging handy for script in the future.
Bug: 234116152
Test: TH
Signed-off-by: Ramji Jiyani <ramjiyani@google.com>
Change-Id: Iea881816b9bc8c47157a33da67d6cf5f8357a7be
(cherry picked from commit 08a1879c87)
Called By: KERNEL_SRC/kernel/Makefile if CONFIG_MODULE_SIG_PROTECT=y
Generates headers required by gki_modules.c from symbol lists:
gki_module_protected.h: from android/abi_gki_modules_protected
gki_module_exported.h: from android/abi_gki_modules_exports
Bug: 200082547
Test: Treehugger
Signed-off-by: Ramji Jiyani <ramjiyani@google.com>
Change-Id: Ibcc6e6fe0ad6c7850d48f7c0a283c7f9b06e4456
(cherry picked from commit 23cd26aab14d813fd73eced18988bae06d5b9334)
