fd1e768866
Implement support for protecting the exported symbols of protected GKI modules. Only signed GKI modules are permitted to export symbols listed in the android/abi_gki_protected_exports file. Attempting to export these symbols from an unsigned module will result in the module failing to load, with a 'Permission denied' error message. Bug: 232430739 Test: TH Change-Id: I3e8b330938e116bb2e022d356ac0d55108a84a01 Signed-off-by: Ramji Jiyani <ramjiyani@google.com>
46 lines
1.1 KiB
C
46 lines
1.1 KiB
C
/* SPDX-License-Identifier: GPL-2.0-or-later */
|
|
/* Module internals
|
|
*
|
|
* Copyright (C) 2012 Red Hat, Inc. All Rights Reserved.
|
|
* Written by David Howells (dhowells@redhat.com)
|
|
*/
|
|
|
|
#include <linux/elf.h>
|
|
#include <asm/module.h>
|
|
|
|
struct load_info {
|
|
const char *name;
|
|
/* pointer to module in temporary copy, freed at end of load_module() */
|
|
struct module *mod;
|
|
Elf_Ehdr *hdr;
|
|
unsigned long len;
|
|
Elf_Shdr *sechdrs;
|
|
char *secstrings, *strtab;
|
|
unsigned long symoffs, stroffs, init_typeoffs, core_typeoffs;
|
|
struct _ddebug *debug;
|
|
unsigned int num_debug;
|
|
bool sig_ok;
|
|
#ifdef CONFIG_KALLSYMS
|
|
unsigned long mod_kallsyms_init_off;
|
|
#endif
|
|
struct {
|
|
unsigned int sym, str, mod, vers, info, pcpu;
|
|
} index;
|
|
};
|
|
|
|
extern int mod_verify_sig(const void *mod, struct load_info *info);
|
|
|
|
#ifdef CONFIG_MODULE_SIG_PROTECT
|
|
extern bool gki_is_module_unprotected_symbol(const char *name);
|
|
extern bool gki_is_module_protected_export(const char *name);
|
|
#else
|
|
static inline bool gki_is_module_unprotected_symbol(const char *name)
|
|
{
|
|
return 1;
|
|
}
|
|
static inline bool gki_is_module_protected_export(const char *name)
|
|
{
|
|
return 0;
|
|
}
|
|
#endif /* CONFIG_MODULE_SIG_PROTECT */
|