tz_iccc.c 9.8 KB

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247248249250251252253254255256257258259260261262263264265266267268269270271272273274275276277278279280281282283284285286287288289290291292293294295296297298299300301302303304305306307308309310311312313314315316317318319320321322323324325326327328329
  1. /*
  2. * @file tz_iccc.c
  3. * @brief Kernel API code for tz_iccc
  4. * Copyright (c) 2015, Samsung Electronics Corporation. All rights reserved.
  5. */
  6. #include <asm/uaccess.h>
  7. #include <linux/list.h>
  8. #include <linux/device.h>
  9. #include <linux/kernel.h>
  10. #include <linux/kobject.h>
  11. #include <linux/module.h>
  12. #include <linux/miscdevice.h>
  13. #include <linux/slab.h>
  14. #include <linux/syscalls.h>
  15. #include "tz_iccc.h"
  16. #include <linux/security/iccc_interface.h>
  17. #include <linux/qseecom.h>
  18. #include <linux/init.h>
  19. #include <linux/types.h>
  20. #include <linux/proc_fs.h>
  21. #if defined(CONFIG_SECURITY_SELINUX)
  22. #include <linux/selinux.h>
  23. #endif
  24. /* ICCC implementation for kernel */
  25. int is_iccc_ready;
  26. #define DRIVER_DESC "A kernel module to read boot_completed status"
  27. int tima_iccc_load(char* appname,struct qseecom_handle** handle)
  28. {
  29. int ret=ICCC_SUCCESS;
  30. int qsee_ret = 0;
  31. struct qseecom_handle* q_iccc_handle = NULL;
  32. *handle = NULL;
  33. /* start the iccc tzapp only when it is not loaded. */
  34. qsee_ret = qseecom_start_app(&q_iccc_handle, appname, ICCC_QSEE_BUFFER_LENGTH);
  35. if ( NULL == q_iccc_handle ) {
  36. /* q_iccc_handle is still NULL. It seems we couldn't start iccc tzapp. */
  37. pr_err("TIMA: iccc--cannot get tzapp handle from kernel.\n");
  38. ret = ICCC_FAILURE; /* iccc authentication failed. */
  39. }
  40. if (qsee_ret) {
  41. /* Another way for iccc tzapp loading to fail. */
  42. pr_err("TIMA: iccc--cannot load tzapp from kernel; qsee_ret = %d.\n", qsee_ret);
  43. ret = ICCC_FAILURE;
  44. }
  45. if(ret == ICCC_SUCCESS)
  46. {
  47. *handle = q_iccc_handle;
  48. }
  49. return ret;
  50. }
  51. int tima_iccc_terminate(struct qseecom_handle** q_iccc_handle)
  52. {
  53. int qsee_ret = 0;
  54. qsee_ret = qseecom_shutdown_app(q_iccc_handle);
  55. if ( qsee_ret ) {
  56. pr_err("TIMA: iccc--failed to shut down the tzapp.\n");
  57. }
  58. else
  59. *q_iccc_handle = NULL;
  60. return qsee_ret;
  61. }
  62. uint32_t Iccc_SaveData_Kernel(uint32_t type, uint32_t value)
  63. {
  64. char app_name[MAX_APP_NAME_SIZE]={0};
  65. int ret=0;
  66. tciMessage_t * iccc_req = NULL;
  67. tciMessage_t * iccc_rsp = NULL;
  68. int req_len = 0, rsp_len = 0;
  69. tciMessage_t *msg;
  70. int qsee_ret = 0; /* value used to capture qsee return state */
  71. struct qseecom_handle *q_iccc_handle = NULL;
  72. printk(KERN_ERR "inside Iccc_SaveData_Kernel \n");
  73. if (!is_iccc_ready) {
  74. ret = ICCC_PERMISSION_DENIED;
  75. pr_err("%s: Not ready! type:%#x, ret:%d\n", __func__, type, ret);
  76. goto iccc_err_ret;
  77. }
  78. if (ICCC_SECTION_TYPE(type) == BL_ICCC_TYPE_START ||
  79. ICCC_SECTION_TYPE(type) == SYS_ICCC_TYPE_START)
  80. {
  81. ret=ICCC_PERMISSION_DENIED;
  82. pr_err("iccc--Write permission is denied on type %x, ret = %d.\n", type, ret);
  83. goto iccc_err_ret;
  84. }
  85. /**
  86. * selinux param is updated by both TZ(by PKM) as well as kernel so that
  87. * that even if PKM is disabled, selinux will still be updated by kernel.
  88. */
  89. if (ICCC_SECTION_TYPE(type) == TA_ICCC_TYPE_START && type != SELINUX_STATUS)
  90. {
  91. ret=ICCC_PERMISSION_DENIED;
  92. pr_err("iccc--Write permission is denied on type %x, ret = %d.\n", type, ret);
  93. goto iccc_err_ret;
  94. }
  95. snprintf(app_name, MAX_APP_NAME_SIZE, "%s", ICCC_TZAPP_NAME);
  96. if (tima_iccc_load(app_name,&q_iccc_handle)) {
  97. pr_err("%s: tima_iccc_load() error!\n", __func__);
  98. /* Another way for iccc tzapp loading to fail. */
  99. q_iccc_handle = NULL; /* Do we have a memory leak this way? */
  100. ret = ICCC_FAILURE; /* iccc authentication failed. */
  101. goto iccc_err_ret; /* leave the function now. */
  102. }
  103. iccc_req = (tciMessage_t *) q_iccc_handle->sbuf;
  104. req_len = sizeof(tciMessage_t);
  105. if (req_len & QSEECOM_ALIGN_MASK)
  106. req_len = QSEECOM_ALIGN(req_len);
  107. /* prepare the response buffer */
  108. iccc_rsp =(tciMessage_t *)(q_iccc_handle->sbuf + req_len);
  109. rsp_len = sizeof(tciMessage_t);
  110. if (rsp_len & QSEECOM_ALIGN_MASK)
  111. rsp_len = QSEECOM_ALIGN(rsp_len);
  112. if ((rsp_len + req_len) > ICCC_QSEE_BUFFER_LENGTH) {
  113. pr_err("TIMA: iccc--in suffcient buffer length: %d\n", rsp_len + req_len);
  114. ret = ICCC_FAILURE;
  115. goto iccc_err_ret;
  116. }
  117. msg = (tciMessage_t *)iccc_req;
  118. msg->header.id = CMD_ICCC_SAVEDATA_KERN;
  119. msg->payload.generic.content.iccc_req.cmd_id = CMD_ICCC_SAVEDATA_KERN;
  120. msg->payload.generic.content.iccc_req.type = type;
  121. msg->payload.generic.content.iccc_req.value = value;
  122. #ifdef CONFIG_64BIT
  123. pr_warn("TIMA: iccc--send cmd (%s) cmdlen(%lx:%d), rsplen(%lx:%d) id 0x%08X, \
  124. type 0x%08X, value %08d, req (0x%16lX), rsp(0x%16lX)\n", \
  125. app_name, sizeof(tciMessage_t), req_len, sizeof(tciMessage_t), rsp_len, \
  126. msg->header.id,type,value, (unsigned long)iccc_req, (unsigned long)iccc_rsp);
  127. #else
  128. pr_warn("TIMA: iccc--send cmd (%s) cmdlen(%d:%d), rsplen(%d:%d) id 0x%08X, \
  129. type 0x%08X, value %08d, req (0x%08X), rsp(0x%08X)\n", \
  130. app_name, sizeof(tciMessage_t), req_len, sizeof(tciMessage_t), rsp_len, \
  131. msg->header.id,type,value, (int)iccc_req, (int)iccc_rsp);
  132. #endif
  133. qseecom_set_bandwidth(q_iccc_handle, true);
  134. qsee_ret = qseecom_send_command(q_iccc_handle, iccc_req, req_len, iccc_rsp, rsp_len);
  135. qseecom_set_bandwidth(q_iccc_handle, false);
  136. if (qsee_ret) {
  137. pr_err("TIMA: iccc--failed to send cmd to qseecom; qsee_ret = %d.\n", qsee_ret);
  138. pr_warn("TIMA: iccc--shutting down the tzapp.\n");
  139. ret = ICCC_FAILURE;
  140. goto iccc_err_ret;
  141. }
  142. if (iccc_rsp->payload.generic.content.iccc_rsp.ret == ICCC_SUCCESS) {
  143. pr_info("TIMA: iccc--Iccc_SaveData_Kernel sucessfully\n");
  144. ret = ICCC_SUCCESS;
  145. }
  146. else
  147. {
  148. ret = ICCC_FAILURE;
  149. pr_err("TIMA: iccc-- Iccc_SaveData_Kernel failed (%d)\n",msg->payload.generic.content.iccc_rsp.ret);
  150. goto iccc_err_ret;
  151. }
  152. iccc_err_ret:
  153. if(q_iccc_handle)
  154. tima_iccc_terminate(&q_iccc_handle);
  155. return ret;
  156. }
  157. uint32_t Iccc_ReadData_Kernel(uint32_t type, uint32_t *value)
  158. {
  159. char app_name[MAX_APP_NAME_SIZE]={0};
  160. int ret=0;
  161. tciMessage_t * iccc_req = NULL;
  162. tciMessage_t * iccc_rsp = NULL;
  163. int req_len = 0, rsp_len = 0;
  164. tciMessage_t *msg;
  165. int qsee_ret = 0; /* value used to capture qsee return state */
  166. struct qseecom_handle *q_iccc_handle = NULL;
  167. printk(KERN_ERR "inside Iccc_ReadData_Kernel \n");
  168. if (!is_iccc_ready) {
  169. ret = ICCC_PERMISSION_DENIED;
  170. pr_err("%s: Not ready! type:%#x, ret:%d\n", __func__, type, ret);
  171. goto iccc_err_ret;
  172. }
  173. snprintf(app_name, MAX_APP_NAME_SIZE, "%s", ICCC_TZAPP_NAME);
  174. if (tima_iccc_load(app_name,&q_iccc_handle)) {
  175. /* Another way for iccc tzapp loading to fail. */
  176. q_iccc_handle = NULL; /* Do we have a memory leak this way? */
  177. ret = -1; /* iccc authentication failed. */
  178. goto iccc_err_ret; /* leave the function now. */
  179. }
  180. iccc_req = (tciMessage_t *) q_iccc_handle->sbuf;
  181. req_len = sizeof(tciMessage_t);
  182. if (req_len & QSEECOM_ALIGN_MASK)
  183. req_len = QSEECOM_ALIGN(req_len);
  184. /* prepare the response buffer */
  185. iccc_rsp =(tciMessage_t *)(q_iccc_handle->sbuf + req_len);
  186. rsp_len = sizeof(tciMessage_t);
  187. if (rsp_len & QSEECOM_ALIGN_MASK)
  188. rsp_len = QSEECOM_ALIGN(rsp_len);
  189. if ((rsp_len + req_len) > ICCC_QSEE_BUFFER_LENGTH) {
  190. pr_err("TIMA: iccc--in suffcient buffer length: %d\n", rsp_len + req_len);
  191. ret = ICCC_FAILURE;
  192. goto iccc_err_ret;
  193. }
  194. msg = (tciMessage_t *)iccc_req;
  195. msg->header.id = CMD_ICCC_READDATA_KERN;
  196. msg->payload.generic.content.iccc_req.cmd_id = CMD_ICCC_READDATA_KERN;
  197. msg->payload.generic.content.iccc_req.type = type;
  198. msg->payload.generic.content.iccc_req.value = *value;
  199. #ifdef CONFIG_64BIT
  200. pr_warn("TIMA: iccc--send cmd (%s) cmdlen(%lx:%d), rsplen(%lx:%d) id 0x%08X, \
  201. type 0x%08X, value %08d, req (0x%16lX), rsp(0x%16lX)\n", \
  202. app_name, sizeof(tciMessage_t), req_len, sizeof(tciMessage_t), rsp_len, \
  203. msg->header.id,type,*value, (unsigned long)iccc_req, (unsigned long)iccc_rsp);
  204. #else
  205. pr_warn("TIMA: iccc--send cmd (%s) cmdlen(%d:%d), rsplen(%d:%d) id 0x%08X, \
  206. type 0x%08X, value %08d, req (0x%08X), rsp(0x%08X)\n", \
  207. app_name, sizeof(tciMessage_t), req_len, sizeof(tciMessage_t), rsp_len, \
  208. msg->header.id,type,*value, (int)iccc_req, (int)iccc_rsp);
  209. #endif
  210. qseecom_set_bandwidth(q_iccc_handle, true);
  211. qsee_ret = qseecom_send_command(q_iccc_handle, iccc_req, req_len, iccc_rsp, rsp_len);
  212. qseecom_set_bandwidth(q_iccc_handle, false);
  213. if (qsee_ret) {
  214. pr_err("TIMA: iccc--failed to send cmd to qseecom; qsee_ret = %d.\n", qsee_ret);
  215. pr_warn("TIMA: iccc--shutting down the tzapp.\n");
  216. ret = ICCC_FAILURE;
  217. goto iccc_err_ret;
  218. }
  219. if (iccc_rsp->payload.generic.content.iccc_rsp.ret == ICCC_SUCCESS) {
  220. pr_info("TIMA: iccc--Iccc_ReadData_Kernel sucessfully\n");
  221. ret = ICCC_SUCCESS;
  222. }
  223. else
  224. {
  225. ret = ICCC_FAILURE;
  226. pr_err("TIMA: iccc-- Iccc_ReadData_Kernel failed (%d)\n",iccc_rsp->payload.generic.content.iccc_rsp.ret);
  227. goto iccc_err_ret;
  228. }
  229. pr_err("ICCC Info type:0x%08x value:%d",type,iccc_rsp->payload.generic.content.iccc_rsp.value);
  230. *value = iccc_rsp->payload.generic.content.iccc_rsp.value;
  231. ret = ICCC_SUCCESS;
  232. iccc_err_ret:
  233. if(q_iccc_handle)
  234. tima_iccc_terminate(&q_iccc_handle);
  235. return ret;
  236. }
  237. static ssize_t iccc_write(struct file *fp, const char __user *buf, size_t len, loff_t *off)
  238. {
  239. printk(KERN_INFO "%s:\n", __func__);
  240. is_iccc_ready = 1;
  241. #if defined(CONFIG_SECURITY_SELINUX)
  242. printk(KERN_INFO "%s: selinux_enabled:%d, selinux_enforcing:%d\n",
  243. __func__, selinux_is_enabled(), selinux_is_enforcing());
  244. if (selinux_is_enabled() && selinux_is_enforcing())
  245. Iccc_SaveData_Kernel(SELINUX_STATUS, 0x0);
  246. else
  247. Iccc_SaveData_Kernel(SELINUX_STATUS, 0x1);
  248. #endif
  249. // len bytes successfully written
  250. return len;
  251. }
  252. static const struct file_operations iccc_proc_fops = {
  253. .write = iccc_write,
  254. };
  255. static int __init iccc_init(void)
  256. {
  257. printk(KERN_INFO"%s:\n", __func__);
  258. if (proc_create("iccc_ready", 0644, NULL, &iccc_proc_fops) == NULL) {
  259. printk(KERN_ERR"%s: proc_create() failed\n", __func__);
  260. return -1;
  261. }
  262. printk(KERN_INFO"%s: registered /proc/iccc_ready interface\n", __func__);
  263. return 0;
  264. }
  265. static void __exit iccc_exit(void)
  266. {
  267. printk(KERN_INFO"deregistering /proc/iccc_boot_completed interface\n");
  268. remove_proc_entry("iccc_ready", NULL);
  269. }
  270. module_init(iccc_init);
  271. module_exit(iccc_exit);
  272. MODULE_DESCRIPTION(DRIVER_DESC);