Secure DPU: add securedpud daemon

1. Add daemon implementation 2. Update sepolicy Bug: 176508588 Change-Id: I1186a205d60f1cf0e308d636f9828b249b5513f4
author: ichihlu <ichihlu@google.com> 2020-12-26 13:42:57 +0000
committer: ichihlu <ichihlu@google.com> 2021-01-08 01:28:48 +0000
commit: d44cf0504567c5f7201565a39fd3864d3ce03470 (patch)
tree: 87f40a1a345b14ee789a96b98827d21920f01ab6
parent: e58784d037cb8fd5841d9ae3ecb040f8af9b2223 (diff)
download: trusty-d44cf0504567c5f7201565a39fd3864d3ce03470.tar.gz
9 files changed, 404 insertions, 0 deletions
diff --git a/qemu_trusty_base.mk b/qemu_trusty_base.mk
index fc4655f..496f3d2 100644
--- a/qemu_trusty_base.mk
+++ b/qemu_trusty_base.mk
@@ -50,6 +50,7 @@ PRODUCT_PACKAGES += \
     mediaserver \
     mdnsd \
     reboot \
+    securedpud \
     servicemanager \
     sh \
     su \
diff --git a/secure_dpu/Android.bp b/secure_dpu/Android.bp
new file mode 100644
index 0000000..5170cf9
--- /dev/null
+++ b/secure_dpu/Android.bp
@@ -0,0 +1,37 @@
+// Copyright (C) 2020 The Android Open-Source Project
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+//      http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+//
+
+cc_binary {
+    name: "securedpud",
+    vendor: true,
+
+    srcs: [
+        "main.cpp",
+        "EmulatorDPUHandler.cpp",
+    ],
+
+    shared_libs: [
+        "libbase",
+        "libtrusty",
+        "libutils",
+    ],
+
+    init_rc: ["securedpud.rc"],
+
+    cflags: [
+        "-Wall",
+        "-Werror",
+    ],
+}
diff --git a/secure_dpu/DPUHandler.h b/secure_dpu/DPUHandler.h
new file mode 100644
index 0000000..5f11412
--- /dev/null
+++ b/secure_dpu/DPUHandler.h
@@ -0,0 +1,46 @@
+/*
+ * Copyright 2020, The Android Open Source Project
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+#pragma once
+
+#include <android-base/result.h>
+#include <string>
+
+namespace android {
+namespace trusty {
+namespace secure_dpu {
+
+class DPUHandler {
+  private:
+    int dpu_handle_;
+
+    android::base::Result<void> HandleStartSecureDisplay();
+    android::base::Result<void> HandleStopSecureDisplay();
+    android::base::Result<void> HandleCmd(const void* in_buf,
+                                          const size_t in_size,
+                                          void* out_buf,
+                                          size_t &out_size);
+
+  public:
+    DPUHandler();
+    ~DPUHandler();
+    android::base::Result<void> Init(std::string device_name);
+    android::base::Result<void> Handle();
+};
+
+}  // namespace secure_dpu
+}  // namespace trusty
+}  // namespace android
diff --git a/secure_dpu/EmulatorDPUHandler.cpp b/secure_dpu/EmulatorDPUHandler.cpp
new file mode 100644
index 0000000..c7eb8c4
--- /dev/null
+++ b/secure_dpu/EmulatorDPUHandler.cpp
@@ -0,0 +1,125 @@
+/*
+ * Copyright 2020, The Android Open Source Project
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+#include "DPUHandler.h"
+#include "SecureDpu.h"
+
+#include <android-base/logging.h>
+#include <errno.h>
+#include <poll.h>
+#include <stdio.h>
+#include <sys/stat.h>
+#include <sys/uio.h>
+#include <unistd.h>
+#include <trusty/tipc.h>
+
+namespace android {
+namespace trusty {
+namespace secure_dpu {
+
+DPUHandler::DPUHandler() {
+}
+
+DPUHandler::~DPUHandler() {
+    tipc_close(dpu_handle_);
+}
+
+android::base::Result<void> DPUHandler::Init(std::string device_name) {
+    dpu_handle_ = tipc_connect(device_name.c_str(),
+                               SECURE_DPU_PORT_NAME);
+    if (dpu_handle_ < 0) {
+        return base::Error() << "Failed to connect to: " << device_name;
+    }
+    return {};
+}
+
+android::base::Result<void> DPUHandler::HandleStartSecureDisplay() {
+    LOG(INFO) << "Started Secure Display.";
+    return {};
+}
+
+android::base::Result<void> DPUHandler::HandleStopSecureDisplay() {
+    LOG(INFO) << "Stopped Secure Display.";
+    return {};
+}
+
+android::base::Result<void> DPUHandler::HandleCmd(const void* in_buf,
+                                                  const size_t in_size,
+                                                  void* out_buf,
+                                                  size_t &out_size) {
+    if (in_size < sizeof(struct secure_dpu_req)) {
+        return base::Error() << "Invalid payload";
+    }
+    const struct secure_dpu_req* req = reinterpret_cast<const struct secure_dpu_req*>(in_buf);
+    switch (req->cmd) {
+        case SECURE_DPU_CMD_START_SECURE_DISPLAY: {
+            struct secure_dpu_resp* rsp = reinterpret_cast<struct secure_dpu_resp*>(out_buf);
+            rsp->cmd = SECURE_DPU_CMD_START_SECURE_DISPLAY | SECURE_DPU_CMD_RESP_BIT;
+
+            auto result = HandleStartSecureDisplay();
+            if (result.ok()) {
+                rsp->status = SECURE_DPU_ERROR_OK;
+            } else {
+                rsp->status = SECURE_DPU_ERROR_FAIL;
+            }
+
+            out_size = sizeof(struct secure_dpu_resp);
+            break;
+        }
+        case SECURE_DPU_CMD_STOP_SECURE_DISPLAY: {
+            struct secure_dpu_resp* rsp = reinterpret_cast<struct secure_dpu_resp*>(out_buf);
+            rsp->cmd = SECURE_DPU_CMD_STOP_SECURE_DISPLAY | SECURE_DPU_CMD_RESP_BIT;
+
+            auto result = HandleStopSecureDisplay();
+            if (result.ok()) {
+                rsp->status = SECURE_DPU_ERROR_OK;
+            } else {
+                rsp->status = SECURE_DPU_ERROR_FAIL;
+            }
+
+            out_size = sizeof(struct secure_dpu_resp);
+            break;
+        }
+        default:
+            LOG(ERROR) << "Unknown command: " << (uint32_t)req->cmd;
+            return base::Error() << "Unknown command";
+    }
+    return {};
+}
+
+android::base::Result<void> DPUHandler::Handle() {
+    uint8_t in_buf[SECURE_DPU_MAX_MSG_SIZE];
+    uint8_t out_buf[SECURE_DPU_MAX_MSG_SIZE];
+    size_t out_size = 0;
+
+    auto read_len = read(dpu_handle_, in_buf, sizeof(in_buf));
+    if (read_len < 0) {
+        return base::Error() << "Failed to read command";
+    }
+    auto result = HandleCmd(in_buf, read_len, out_buf, out_size);
+    if (!result.ok()) {
+        return base::Error() << "Failed to handle command";
+    }
+    auto write_len = write(dpu_handle_, out_buf, out_size);
+    if (write_len != out_size) {
+        return base::Error() << "Failed to write command";
+    }
+    return {};
+}
+
+}  // namespace secure_dpu
+}  // namespace trusty
+}  // namespace android
diff --git a/secure_dpu/SecureDpu.h b/secure_dpu/SecureDpu.h
new file mode 100644
index 0000000..921d24b
--- /dev/null
+++ b/secure_dpu/SecureDpu.h
@@ -0,0 +1,85 @@
+/*
+ * Copyright 2020, The Android Open Source Project
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+#pragma once
+
+#include <stdint.h>
+
+/**
+ * DOC: Secure DPU
+ *
+ * The Secure DPU works as the persistent channel between the non-secure and the
+ * secure world. The channel is established during the boot up stage of the
+ * non-secure world system.
+ *
+ * The channel allows the secure world application to issue commands with
+ * operations needed to be performed by the non-secure world system. These
+ * operations include starting / stopping the secure display mode. The secure
+ * world application can only control the display when the system is set as the
+ * secure display mode.
+ *
+ * This header file needs to be synced on both the Trusty and the Android
+ * codebase.
+ */
+
+#define SECURE_DPU_PORT_NAME "com.android.trusty.secure_dpu"
+#define SECURE_DPU_MAX_MSG_SIZE 64
+
+/**
+ * enum secure_dpu_cmd - command identifiers for secure_fb interface
+ * @SECURE_DPU_CMD_RESP_BIT:
+ *      Message is a response.
+ * @SECURE_DPU_CMD_REQ_SHIFT:
+ *      Number of bits used by @SECURE_DPU_CMD_RESP_BIT.
+ * @SECURE_DPU_CMD_START_SECURE_DISPLAY:
+ *      Notify the system to start secure display mode
+ * @SECURE_DPU_CMD_STOP_SECURE_DISPLAY:
+ *      Notify the system to stop secure display mode
+ */
+enum secure_dpu_cmd {
+    SECURE_DPU_CMD_RESP_BIT = 1,
+    SECURE_DPU_CMD_REQ_SHIFT = 1,
+    SECURE_DPU_CMD_START_SECURE_DISPLAY = (1 << SECURE_DPU_CMD_REQ_SHIFT),
+    SECURE_DPU_CMD_STOP_SECURE_DISPLAY = (2 << SECURE_DPU_CMD_REQ_SHIFT),
+};
+
+/**
+ * struct secure_fb_req - common structure for secure_fb requests.
+ * @cmd: Command identifier - one of &enum secure_dpu_cmd.
+ */
+struct secure_dpu_req {
+    uint32_t cmd;
+};
+
+/**
+ * struct secure_dpu_resp - common structure for secure_dpu responses.
+ * @cmd:    Command identifier - %SECURE_DPU_CMD_RESP_BIT or'ed with the
+ *                               command identifier of the corresponding
+ *                               request.
+ * @status: Status of requested operation. One of &enum secure_dpu_error.
+ */
+struct secure_dpu_resp {
+    uint32_t cmd;
+    int32_t status;
+};
+
+enum secure_dpu_error {
+    SECURE_DPU_ERROR_OK = 0,
+    SECURE_DPU_ERROR_FAIL = -1,
+    SECURE_DPU_ERROR_UNINITIALIZED = -2,
+    SECURE_DPU_ERROR_PARAMETERS = -3,
+    SECURE_DPU_ERROR_NO_MEMORY = -4,
+};
diff --git a/secure_dpu/main.cpp b/secure_dpu/main.cpp
new file mode 100644
index 0000000..a88d231
--- /dev/null
+++ b/secure_dpu/main.cpp
@@ -0,0 +1,85 @@
+/*
+ * Copyright (C) 2016 The Android Open Source Project
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *      http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+#include <android-base/logging.h>
+#include <errno.h>
+#include <getopt.h>
+#include <stdbool.h>
+#include <stdint.h>
+#include <stdlib.h>
+#include <string.h>
+
+#include <cutils/android_filesystem_config.h>
+
+#include "DPUHandler.h"
+
+static void show_usage_and_exit(int code) {
+    LOG(ERROR) << "usage: securedpud -d <trusty_dev>";
+    exit(code);
+}
+
+static void parse_device_name(int argc, char* argv[], char*& device_name) {
+    static const char* _sopts = "h:d:";
+    static const struct option _lopts[] = {{"help", no_argument, NULL, 'h'},
+                                           {"trusty_dev", required_argument, NULL, 'd'},
+                                           {0, 0, 0, 0}};
+    int opt;
+    int oidx = 0;
+
+    while ((opt = getopt_long(argc, argv, _sopts, _lopts, &oidx)) != -1) {
+        switch (opt) {
+            case 'd':
+                device_name = strdup(optarg);
+                break;
+
+            default:
+                LOG(ERROR) << "unrecognized option: " << opt;
+                show_usage_and_exit(EXIT_FAILURE);
+        }
+    }
+
+    if (device_name == nullptr) {
+        LOG(ERROR) << "missing required argument(s)";
+        show_usage_and_exit(EXIT_FAILURE);
+    }
+
+    LOG(INFO) << "starting securedpud";
+    LOG(INFO) << "trusty dev: " << device_name;
+}
+
+int main(int argc, char* argv[])
+{
+    char* device_name;
+    /* parse arguments */
+    parse_device_name(argc, argv, device_name);
+
+    android::trusty::secure_dpu::DPUHandler dpu_handler;
+    auto rc = dpu_handler.Init(std::string(device_name));
+    if (!rc.ok()) {
+        return EXIT_FAILURE;
+    }
+
+    /* main loop */
+    while (1) {
+        auto result = dpu_handler.Handle();
+        if (!result.ok()) {
+          LOG(ERROR) << result.error();
+        }
+    }
+    LOG(ERROR) << "exiting securedpud loop";
+
+    return EXIT_FAILURE;
+}
diff --git a/secure_dpu/securedpud.rc b/secure_dpu/securedpud.rc
new file mode 100644
index 0000000..86df222
--- /dev/null
+++ b/secure_dpu/securedpud.rc
@@ -0,0 +1,18 @@
+# Copyright (C) 2020 The Android Open-Source Project
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#      http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+service securedpud /vendor/bin/securedpud -d /dev/trusty-ipc-dev0
+    class main
+    user system
+    group system
diff --git a/sepolicy/file_contexts b/sepolicy/file_contexts
index 3153bd1..7c72e1f 100644
--- a/sepolicy/file_contexts
+++ b/sepolicy/file_contexts
@@ -2,6 +2,7 @@
 /dev/vport3p1                        u:object_r:rpmb_virt_device:s0
 /dev/vport3p2                        u:object_r:spi_virt_device:s0
 /vendor/bin/dhcpclient               u:object_r:dhcpclient_exec:s0
+/vendor/bin/securedpud               u:object_r:securedpud_exec:s0
 /vendor/bin/spiproxyd                u:object_r:tee_exec:s0
 /vendor/bin/storageproxyd            u:object_r:tee_exec:s0
 /data/vendor/var/run(/.*)?           u:object_r:varrun_file:s0
diff --git a/sepolicy/securedpud.te b/sepolicy/securedpud.te
new file mode 100644
index 0000000..3eae5e0
--- /dev/null
+++ b/sepolicy/securedpud.te
@@ -0,0 +1,6 @@
+type securedpud, domain;
+type securedpud_exec, exec_type, vendor_file_type, file_type;
+
+init_daemon_domain(securedpud)
+
+allow securedpud tee_device:chr_file rw_file_perms;
author	ichihlu <ichihlu@google.com>	2020-12-26 13:42:57 +0000
committer	ichihlu <ichihlu@google.com>	2021-01-08 01:28:48 +0000
commit	d44cf0504567c5f7201565a39fd3864d3ce03470 (patch)
tree	87f40a1a345b14ee789a96b98827d21920f01ab6
parent	e58784d037cb8fd5841d9ae3ecb040f8af9b2223 (diff)
download	trusty-d44cf0504567c5f7201565a39fd3864d3ce03470.tar.gz