123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247248249250251252253254255256257258259260261262263264265266267268269270271272273274275276277278279280281282283284285286287288289290291292293294295296297298299300301302303304305306307308309310311312313314315316317318319320321322323324325326327328329 |
- /*
- * @file tz_iccc.c
- * @brief Kernel API code for tz_iccc
- * Copyright (c) 2015, Samsung Electronics Corporation. All rights reserved.
- */
- #include <asm/uaccess.h>
- #include <linux/list.h>
- #include <linux/device.h>
- #include <linux/kernel.h>
- #include <linux/kobject.h>
- #include <linux/module.h>
- #include <linux/miscdevice.h>
- #include <linux/slab.h>
- #include <linux/syscalls.h>
- #include "tz_iccc.h"
- #include <linux/security/iccc_interface.h>
- #include <linux/qseecom.h>
- #include <linux/init.h>
- #include <linux/types.h>
- #include <linux/proc_fs.h>
- #if defined(CONFIG_SECURITY_SELINUX)
- #include <linux/selinux.h>
- #endif
- /* ICCC implementation for kernel */
- int is_iccc_ready;
- #define DRIVER_DESC "A kernel module to read boot_completed status"
- int tima_iccc_load(char* appname,struct qseecom_handle** handle)
- {
- int ret=ICCC_SUCCESS;
- int qsee_ret = 0;
- struct qseecom_handle* q_iccc_handle = NULL;
- *handle = NULL;
- /* start the iccc tzapp only when it is not loaded. */
- qsee_ret = qseecom_start_app(&q_iccc_handle, appname, ICCC_QSEE_BUFFER_LENGTH);
- if ( NULL == q_iccc_handle ) {
- /* q_iccc_handle is still NULL. It seems we couldn't start iccc tzapp. */
- pr_err("TIMA: iccc--cannot get tzapp handle from kernel.\n");
- ret = ICCC_FAILURE; /* iccc authentication failed. */
- }
- if (qsee_ret) {
- /* Another way for iccc tzapp loading to fail. */
- pr_err("TIMA: iccc--cannot load tzapp from kernel; qsee_ret = %d.\n", qsee_ret);
- ret = ICCC_FAILURE;
- }
- if(ret == ICCC_SUCCESS)
- {
- *handle = q_iccc_handle;
- }
- return ret;
- }
- int tima_iccc_terminate(struct qseecom_handle** q_iccc_handle)
- {
- int qsee_ret = 0;
- qsee_ret = qseecom_shutdown_app(q_iccc_handle);
- if ( qsee_ret ) {
- pr_err("TIMA: iccc--failed to shut down the tzapp.\n");
- }
- else
- *q_iccc_handle = NULL;
- return qsee_ret;
- }
- uint32_t Iccc_SaveData_Kernel(uint32_t type, uint32_t value)
- {
- char app_name[MAX_APP_NAME_SIZE]={0};
- int ret=0;
- tciMessage_t * iccc_req = NULL;
- tciMessage_t * iccc_rsp = NULL;
- int req_len = 0, rsp_len = 0;
- tciMessage_t *msg;
- int qsee_ret = 0; /* value used to capture qsee return state */
- struct qseecom_handle *q_iccc_handle = NULL;
- printk(KERN_ERR "inside Iccc_SaveData_Kernel \n");
- if (!is_iccc_ready) {
- ret = ICCC_PERMISSION_DENIED;
- pr_err("%s: Not ready! type:%#x, ret:%d\n", __func__, type, ret);
- goto iccc_err_ret;
- }
- if (ICCC_SECTION_TYPE(type) == BL_ICCC_TYPE_START ||
- ICCC_SECTION_TYPE(type) == SYS_ICCC_TYPE_START)
- {
- ret=ICCC_PERMISSION_DENIED;
- pr_err("iccc--Write permission is denied on type %x, ret = %d.\n", type, ret);
- goto iccc_err_ret;
- }
- /**
- * selinux param is updated by both TZ(by PKM) as well as kernel so that
- * that even if PKM is disabled, selinux will still be updated by kernel.
- */
- if (ICCC_SECTION_TYPE(type) == TA_ICCC_TYPE_START && type != SELINUX_STATUS)
- {
- ret=ICCC_PERMISSION_DENIED;
- pr_err("iccc--Write permission is denied on type %x, ret = %d.\n", type, ret);
- goto iccc_err_ret;
- }
- snprintf(app_name, MAX_APP_NAME_SIZE, "%s", ICCC_TZAPP_NAME);
- if (tima_iccc_load(app_name,&q_iccc_handle)) {
- pr_err("%s: tima_iccc_load() error!\n", __func__);
- /* Another way for iccc tzapp loading to fail. */
- q_iccc_handle = NULL; /* Do we have a memory leak this way? */
- ret = ICCC_FAILURE; /* iccc authentication failed. */
- goto iccc_err_ret; /* leave the function now. */
- }
- iccc_req = (tciMessage_t *) q_iccc_handle->sbuf;
- req_len = sizeof(tciMessage_t);
- if (req_len & QSEECOM_ALIGN_MASK)
- req_len = QSEECOM_ALIGN(req_len);
- /* prepare the response buffer */
- iccc_rsp =(tciMessage_t *)(q_iccc_handle->sbuf + req_len);
- rsp_len = sizeof(tciMessage_t);
- if (rsp_len & QSEECOM_ALIGN_MASK)
- rsp_len = QSEECOM_ALIGN(rsp_len);
- if ((rsp_len + req_len) > ICCC_QSEE_BUFFER_LENGTH) {
- pr_err("TIMA: iccc--in suffcient buffer length: %d\n", rsp_len + req_len);
- ret = ICCC_FAILURE;
- goto iccc_err_ret;
- }
- msg = (tciMessage_t *)iccc_req;
- msg->header.id = CMD_ICCC_SAVEDATA_KERN;
- msg->payload.generic.content.iccc_req.cmd_id = CMD_ICCC_SAVEDATA_KERN;
- msg->payload.generic.content.iccc_req.type = type;
- msg->payload.generic.content.iccc_req.value = value;
- #ifdef CONFIG_64BIT
- pr_warn("TIMA: iccc--send cmd (%s) cmdlen(%lx:%d), rsplen(%lx:%d) id 0x%08X, \
- type 0x%08X, value %08d, req (0x%16lX), rsp(0x%16lX)\n", \
- app_name, sizeof(tciMessage_t), req_len, sizeof(tciMessage_t), rsp_len, \
- msg->header.id,type,value, (unsigned long)iccc_req, (unsigned long)iccc_rsp);
- #else
- pr_warn("TIMA: iccc--send cmd (%s) cmdlen(%d:%d), rsplen(%d:%d) id 0x%08X, \
- type 0x%08X, value %08d, req (0x%08X), rsp(0x%08X)\n", \
- app_name, sizeof(tciMessage_t), req_len, sizeof(tciMessage_t), rsp_len, \
- msg->header.id,type,value, (int)iccc_req, (int)iccc_rsp);
- #endif
- qseecom_set_bandwidth(q_iccc_handle, true);
- qsee_ret = qseecom_send_command(q_iccc_handle, iccc_req, req_len, iccc_rsp, rsp_len);
- qseecom_set_bandwidth(q_iccc_handle, false);
- if (qsee_ret) {
- pr_err("TIMA: iccc--failed to send cmd to qseecom; qsee_ret = %d.\n", qsee_ret);
- pr_warn("TIMA: iccc--shutting down the tzapp.\n");
- ret = ICCC_FAILURE;
- goto iccc_err_ret;
- }
- if (iccc_rsp->payload.generic.content.iccc_rsp.ret == ICCC_SUCCESS) {
- pr_info("TIMA: iccc--Iccc_SaveData_Kernel sucessfully\n");
- ret = ICCC_SUCCESS;
- }
- else
- {
- ret = ICCC_FAILURE;
- pr_err("TIMA: iccc-- Iccc_SaveData_Kernel failed (%d)\n",msg->payload.generic.content.iccc_rsp.ret);
- goto iccc_err_ret;
- }
- iccc_err_ret:
- if(q_iccc_handle)
- tima_iccc_terminate(&q_iccc_handle);
- return ret;
- }
- uint32_t Iccc_ReadData_Kernel(uint32_t type, uint32_t *value)
- {
- char app_name[MAX_APP_NAME_SIZE]={0};
- int ret=0;
- tciMessage_t * iccc_req = NULL;
- tciMessage_t * iccc_rsp = NULL;
- int req_len = 0, rsp_len = 0;
- tciMessage_t *msg;
- int qsee_ret = 0; /* value used to capture qsee return state */
- struct qseecom_handle *q_iccc_handle = NULL;
- printk(KERN_ERR "inside Iccc_ReadData_Kernel \n");
- if (!is_iccc_ready) {
- ret = ICCC_PERMISSION_DENIED;
- pr_err("%s: Not ready! type:%#x, ret:%d\n", __func__, type, ret);
- goto iccc_err_ret;
- }
- snprintf(app_name, MAX_APP_NAME_SIZE, "%s", ICCC_TZAPP_NAME);
- if (tima_iccc_load(app_name,&q_iccc_handle)) {
- /* Another way for iccc tzapp loading to fail. */
- q_iccc_handle = NULL; /* Do we have a memory leak this way? */
- ret = -1; /* iccc authentication failed. */
- goto iccc_err_ret; /* leave the function now. */
- }
- iccc_req = (tciMessage_t *) q_iccc_handle->sbuf;
- req_len = sizeof(tciMessage_t);
- if (req_len & QSEECOM_ALIGN_MASK)
- req_len = QSEECOM_ALIGN(req_len);
- /* prepare the response buffer */
- iccc_rsp =(tciMessage_t *)(q_iccc_handle->sbuf + req_len);
- rsp_len = sizeof(tciMessage_t);
- if (rsp_len & QSEECOM_ALIGN_MASK)
- rsp_len = QSEECOM_ALIGN(rsp_len);
- if ((rsp_len + req_len) > ICCC_QSEE_BUFFER_LENGTH) {
- pr_err("TIMA: iccc--in suffcient buffer length: %d\n", rsp_len + req_len);
- ret = ICCC_FAILURE;
- goto iccc_err_ret;
- }
- msg = (tciMessage_t *)iccc_req;
- msg->header.id = CMD_ICCC_READDATA_KERN;
- msg->payload.generic.content.iccc_req.cmd_id = CMD_ICCC_READDATA_KERN;
- msg->payload.generic.content.iccc_req.type = type;
- msg->payload.generic.content.iccc_req.value = *value;
- #ifdef CONFIG_64BIT
- pr_warn("TIMA: iccc--send cmd (%s) cmdlen(%lx:%d), rsplen(%lx:%d) id 0x%08X, \
- type 0x%08X, value %08d, req (0x%16lX), rsp(0x%16lX)\n", \
- app_name, sizeof(tciMessage_t), req_len, sizeof(tciMessage_t), rsp_len, \
- msg->header.id,type,*value, (unsigned long)iccc_req, (unsigned long)iccc_rsp);
- #else
- pr_warn("TIMA: iccc--send cmd (%s) cmdlen(%d:%d), rsplen(%d:%d) id 0x%08X, \
- type 0x%08X, value %08d, req (0x%08X), rsp(0x%08X)\n", \
- app_name, sizeof(tciMessage_t), req_len, sizeof(tciMessage_t), rsp_len, \
- msg->header.id,type,*value, (int)iccc_req, (int)iccc_rsp);
- #endif
- qseecom_set_bandwidth(q_iccc_handle, true);
- qsee_ret = qseecom_send_command(q_iccc_handle, iccc_req, req_len, iccc_rsp, rsp_len);
- qseecom_set_bandwidth(q_iccc_handle, false);
- if (qsee_ret) {
- pr_err("TIMA: iccc--failed to send cmd to qseecom; qsee_ret = %d.\n", qsee_ret);
- pr_warn("TIMA: iccc--shutting down the tzapp.\n");
- ret = ICCC_FAILURE;
- goto iccc_err_ret;
- }
- if (iccc_rsp->payload.generic.content.iccc_rsp.ret == ICCC_SUCCESS) {
- pr_info("TIMA: iccc--Iccc_ReadData_Kernel sucessfully\n");
- ret = ICCC_SUCCESS;
- }
- else
- {
- ret = ICCC_FAILURE;
- pr_err("TIMA: iccc-- Iccc_ReadData_Kernel failed (%d)\n",iccc_rsp->payload.generic.content.iccc_rsp.ret);
- goto iccc_err_ret;
- }
- pr_err("ICCC Info type:0x%08x value:%d",type,iccc_rsp->payload.generic.content.iccc_rsp.value);
- *value = iccc_rsp->payload.generic.content.iccc_rsp.value;
- ret = ICCC_SUCCESS;
- iccc_err_ret:
- if(q_iccc_handle)
- tima_iccc_terminate(&q_iccc_handle);
- return ret;
- }
- static ssize_t iccc_write(struct file *fp, const char __user *buf, size_t len, loff_t *off)
- {
- printk(KERN_INFO "%s:\n", __func__);
- is_iccc_ready = 1;
- #if defined(CONFIG_SECURITY_SELINUX)
- printk(KERN_INFO "%s: selinux_enabled:%d, selinux_enforcing:%d\n",
- __func__, selinux_is_enabled(), selinux_is_enforcing());
- if (selinux_is_enabled() && selinux_is_enforcing())
- Iccc_SaveData_Kernel(SELINUX_STATUS, 0x0);
- else
- Iccc_SaveData_Kernel(SELINUX_STATUS, 0x1);
- #endif
- // len bytes successfully written
- return len;
- }
- static const struct file_operations iccc_proc_fops = {
- .write = iccc_write,
- };
- static int __init iccc_init(void)
- {
- printk(KERN_INFO"%s:\n", __func__);
- if (proc_create("iccc_ready", 0644, NULL, &iccc_proc_fops) == NULL) {
- printk(KERN_ERR"%s: proc_create() failed\n", __func__);
- return -1;
- }
- printk(KERN_INFO"%s: registered /proc/iccc_ready interface\n", __func__);
- return 0;
- }
- static void __exit iccc_exit(void)
- {
- printk(KERN_INFO"deregistering /proc/iccc_boot_completed interface\n");
- remove_proc_entry("iccc_ready", NULL);
- }
- module_init(iccc_init);
- module_exit(iccc_exit);
- MODULE_DESCRIPTION(DRIVER_DESC);
|