diff options
author | ichihlu <ichihlu@google.com> | 2020-12-26 13:42:57 +0000 |
---|---|---|
committer | ichihlu <ichihlu@google.com> | 2021-01-08 01:28:48 +0000 |
commit | d44cf0504567c5f7201565a39fd3864d3ce03470 (patch) | |
tree | 87f40a1a345b14ee789a96b98827d21920f01ab6 | |
parent | e58784d037cb8fd5841d9ae3ecb040f8af9b2223 (diff) | |
download | trusty-d44cf0504567c5f7201565a39fd3864d3ce03470.tar.gz |
Secure DPU: add securedpud daemon
1. Add daemon implementation
2. Update sepolicy
Bug: 176508588
Change-Id: I1186a205d60f1cf0e308d636f9828b249b5513f4
-rw-r--r-- | qemu_trusty_base.mk | 1 | ||||
-rw-r--r-- | secure_dpu/Android.bp | 37 | ||||
-rw-r--r-- | secure_dpu/DPUHandler.h | 46 | ||||
-rw-r--r-- | secure_dpu/EmulatorDPUHandler.cpp | 125 | ||||
-rw-r--r-- | secure_dpu/SecureDpu.h | 85 | ||||
-rw-r--r-- | secure_dpu/main.cpp | 85 | ||||
-rw-r--r-- | secure_dpu/securedpud.rc | 18 | ||||
-rw-r--r-- | sepolicy/file_contexts | 1 | ||||
-rw-r--r-- | sepolicy/securedpud.te | 6 |
9 files changed, 404 insertions, 0 deletions
diff --git a/qemu_trusty_base.mk b/qemu_trusty_base.mk index fc4655f..496f3d2 100644 --- a/qemu_trusty_base.mk +++ b/qemu_trusty_base.mk @@ -50,6 +50,7 @@ PRODUCT_PACKAGES += \ mediaserver \ mdnsd \ reboot \ + securedpud \ servicemanager \ sh \ su \ diff --git a/secure_dpu/Android.bp b/secure_dpu/Android.bp new file mode 100644 index 0000000..5170cf9 --- /dev/null +++ b/secure_dpu/Android.bp @@ -0,0 +1,37 @@ +// Copyright (C) 2020 The Android Open-Source Project +// +// Licensed under the Apache License, Version 2.0 (the "License"); +// you may not use this file except in compliance with the License. +// You may obtain a copy of the License at +// +// http://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, software +// distributed under the License is distributed on an "AS IS" BASIS, +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +// See the License for the specific language governing permissions and +// limitations under the License. +// + +cc_binary { + name: "securedpud", + vendor: true, + + srcs: [ + "main.cpp", + "EmulatorDPUHandler.cpp", + ], + + shared_libs: [ + "libbase", + "libtrusty", + "libutils", + ], + + init_rc: ["securedpud.rc"], + + cflags: [ + "-Wall", + "-Werror", + ], +} diff --git a/secure_dpu/DPUHandler.h b/secure_dpu/DPUHandler.h new file mode 100644 index 0000000..5f11412 --- /dev/null +++ b/secure_dpu/DPUHandler.h @@ -0,0 +1,46 @@ +/* + * Copyright 2020, The Android Open Source Project + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +#pragma once + +#include <android-base/result.h> +#include <string> + +namespace android { +namespace trusty { +namespace secure_dpu { + +class DPUHandler { + private: + int dpu_handle_; + + android::base::Result<void> HandleStartSecureDisplay(); + android::base::Result<void> HandleStopSecureDisplay(); + android::base::Result<void> HandleCmd(const void* in_buf, + const size_t in_size, + void* out_buf, + size_t &out_size); + + public: + DPUHandler(); + ~DPUHandler(); + android::base::Result<void> Init(std::string device_name); + android::base::Result<void> Handle(); +}; + +} // namespace secure_dpu +} // namespace trusty +} // namespace android diff --git a/secure_dpu/EmulatorDPUHandler.cpp b/secure_dpu/EmulatorDPUHandler.cpp new file mode 100644 index 0000000..c7eb8c4 --- /dev/null +++ b/secure_dpu/EmulatorDPUHandler.cpp @@ -0,0 +1,125 @@ +/* + * Copyright 2020, The Android Open Source Project + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +#include "DPUHandler.h" +#include "SecureDpu.h" + +#include <android-base/logging.h> +#include <errno.h> +#include <poll.h> +#include <stdio.h> +#include <sys/stat.h> +#include <sys/uio.h> +#include <unistd.h> +#include <trusty/tipc.h> + +namespace android { +namespace trusty { +namespace secure_dpu { + +DPUHandler::DPUHandler() { +} + +DPUHandler::~DPUHandler() { + tipc_close(dpu_handle_); +} + +android::base::Result<void> DPUHandler::Init(std::string device_name) { + dpu_handle_ = tipc_connect(device_name.c_str(), + SECURE_DPU_PORT_NAME); + if (dpu_handle_ < 0) { + return base::Error() << "Failed to connect to: " << device_name; + } + return {}; +} + +android::base::Result<void> DPUHandler::HandleStartSecureDisplay() { + LOG(INFO) << "Started Secure Display."; + return {}; +} + +android::base::Result<void> DPUHandler::HandleStopSecureDisplay() { + LOG(INFO) << "Stopped Secure Display."; + return {}; +} + +android::base::Result<void> DPUHandler::HandleCmd(const void* in_buf, + const size_t in_size, + void* out_buf, + size_t &out_size) { + if (in_size < sizeof(struct secure_dpu_req)) { + return base::Error() << "Invalid payload"; + } + const struct secure_dpu_req* req = reinterpret_cast<const struct secure_dpu_req*>(in_buf); + switch (req->cmd) { + case SECURE_DPU_CMD_START_SECURE_DISPLAY: { + struct secure_dpu_resp* rsp = reinterpret_cast<struct secure_dpu_resp*>(out_buf); + rsp->cmd = SECURE_DPU_CMD_START_SECURE_DISPLAY | SECURE_DPU_CMD_RESP_BIT; + + auto result = HandleStartSecureDisplay(); + if (result.ok()) { + rsp->status = SECURE_DPU_ERROR_OK; + } else { + rsp->status = SECURE_DPU_ERROR_FAIL; + } + + out_size = sizeof(struct secure_dpu_resp); + break; + } + case SECURE_DPU_CMD_STOP_SECURE_DISPLAY: { + struct secure_dpu_resp* rsp = reinterpret_cast<struct secure_dpu_resp*>(out_buf); + rsp->cmd = SECURE_DPU_CMD_STOP_SECURE_DISPLAY | SECURE_DPU_CMD_RESP_BIT; + + auto result = HandleStopSecureDisplay(); + if (result.ok()) { + rsp->status = SECURE_DPU_ERROR_OK; + } else { + rsp->status = SECURE_DPU_ERROR_FAIL; + } + + out_size = sizeof(struct secure_dpu_resp); + break; + } + default: + LOG(ERROR) << "Unknown command: " << (uint32_t)req->cmd; + return base::Error() << "Unknown command"; + } + return {}; +} + +android::base::Result<void> DPUHandler::Handle() { + uint8_t in_buf[SECURE_DPU_MAX_MSG_SIZE]; + uint8_t out_buf[SECURE_DPU_MAX_MSG_SIZE]; + size_t out_size = 0; + + auto read_len = read(dpu_handle_, in_buf, sizeof(in_buf)); + if (read_len < 0) { + return base::Error() << "Failed to read command"; + } + auto result = HandleCmd(in_buf, read_len, out_buf, out_size); + if (!result.ok()) { + return base::Error() << "Failed to handle command"; + } + auto write_len = write(dpu_handle_, out_buf, out_size); + if (write_len != out_size) { + return base::Error() << "Failed to write command"; + } + return {}; +} + +} // namespace secure_dpu +} // namespace trusty +} // namespace android diff --git a/secure_dpu/SecureDpu.h b/secure_dpu/SecureDpu.h new file mode 100644 index 0000000..921d24b --- /dev/null +++ b/secure_dpu/SecureDpu.h @@ -0,0 +1,85 @@ +/* + * Copyright 2020, The Android Open Source Project + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +#pragma once + +#include <stdint.h> + +/** + * DOC: Secure DPU + * + * The Secure DPU works as the persistent channel between the non-secure and the + * secure world. The channel is established during the boot up stage of the + * non-secure world system. + * + * The channel allows the secure world application to issue commands with + * operations needed to be performed by the non-secure world system. These + * operations include starting / stopping the secure display mode. The secure + * world application can only control the display when the system is set as the + * secure display mode. + * + * This header file needs to be synced on both the Trusty and the Android + * codebase. + */ + +#define SECURE_DPU_PORT_NAME "com.android.trusty.secure_dpu" +#define SECURE_DPU_MAX_MSG_SIZE 64 + +/** + * enum secure_dpu_cmd - command identifiers for secure_fb interface + * @SECURE_DPU_CMD_RESP_BIT: + * Message is a response. + * @SECURE_DPU_CMD_REQ_SHIFT: + * Number of bits used by @SECURE_DPU_CMD_RESP_BIT. + * @SECURE_DPU_CMD_START_SECURE_DISPLAY: + * Notify the system to start secure display mode + * @SECURE_DPU_CMD_STOP_SECURE_DISPLAY: + * Notify the system to stop secure display mode + */ +enum secure_dpu_cmd { + SECURE_DPU_CMD_RESP_BIT = 1, + SECURE_DPU_CMD_REQ_SHIFT = 1, + SECURE_DPU_CMD_START_SECURE_DISPLAY = (1 << SECURE_DPU_CMD_REQ_SHIFT), + SECURE_DPU_CMD_STOP_SECURE_DISPLAY = (2 << SECURE_DPU_CMD_REQ_SHIFT), +}; + +/** + * struct secure_fb_req - common structure for secure_fb requests. + * @cmd: Command identifier - one of &enum secure_dpu_cmd. + */ +struct secure_dpu_req { + uint32_t cmd; +}; + +/** + * struct secure_dpu_resp - common structure for secure_dpu responses. + * @cmd: Command identifier - %SECURE_DPU_CMD_RESP_BIT or'ed with the + * command identifier of the corresponding + * request. + * @status: Status of requested operation. One of &enum secure_dpu_error. + */ +struct secure_dpu_resp { + uint32_t cmd; + int32_t status; +}; + +enum secure_dpu_error { + SECURE_DPU_ERROR_OK = 0, + SECURE_DPU_ERROR_FAIL = -1, + SECURE_DPU_ERROR_UNINITIALIZED = -2, + SECURE_DPU_ERROR_PARAMETERS = -3, + SECURE_DPU_ERROR_NO_MEMORY = -4, +}; diff --git a/secure_dpu/main.cpp b/secure_dpu/main.cpp new file mode 100644 index 0000000..a88d231 --- /dev/null +++ b/secure_dpu/main.cpp @@ -0,0 +1,85 @@ +/* + * Copyright (C) 2016 The Android Open Source Project + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +#include <android-base/logging.h> +#include <errno.h> +#include <getopt.h> +#include <stdbool.h> +#include <stdint.h> +#include <stdlib.h> +#include <string.h> + +#include <cutils/android_filesystem_config.h> + +#include "DPUHandler.h" + +static void show_usage_and_exit(int code) { + LOG(ERROR) << "usage: securedpud -d <trusty_dev>"; + exit(code); +} + +static void parse_device_name(int argc, char* argv[], char*& device_name) { + static const char* _sopts = "h:d:"; + static const struct option _lopts[] = {{"help", no_argument, NULL, 'h'}, + {"trusty_dev", required_argument, NULL, 'd'}, + {0, 0, 0, 0}}; + int opt; + int oidx = 0; + + while ((opt = getopt_long(argc, argv, _sopts, _lopts, &oidx)) != -1) { + switch (opt) { + case 'd': + device_name = strdup(optarg); + break; + + default: + LOG(ERROR) << "unrecognized option: " << opt; + show_usage_and_exit(EXIT_FAILURE); + } + } + + if (device_name == nullptr) { + LOG(ERROR) << "missing required argument(s)"; + show_usage_and_exit(EXIT_FAILURE); + } + + LOG(INFO) << "starting securedpud"; + LOG(INFO) << "trusty dev: " << device_name; +} + +int main(int argc, char* argv[]) +{ + char* device_name; + /* parse arguments */ + parse_device_name(argc, argv, device_name); + + android::trusty::secure_dpu::DPUHandler dpu_handler; + auto rc = dpu_handler.Init(std::string(device_name)); + if (!rc.ok()) { + return EXIT_FAILURE; + } + + /* main loop */ + while (1) { + auto result = dpu_handler.Handle(); + if (!result.ok()) { + LOG(ERROR) << result.error(); + } + } + LOG(ERROR) << "exiting securedpud loop"; + + return EXIT_FAILURE; +} diff --git a/secure_dpu/securedpud.rc b/secure_dpu/securedpud.rc new file mode 100644 index 0000000..86df222 --- /dev/null +++ b/secure_dpu/securedpud.rc @@ -0,0 +1,18 @@ +# Copyright (C) 2020 The Android Open-Source Project +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +service securedpud /vendor/bin/securedpud -d /dev/trusty-ipc-dev0 + class main + user system + group system diff --git a/sepolicy/file_contexts b/sepolicy/file_contexts index 3153bd1..7c72e1f 100644 --- a/sepolicy/file_contexts +++ b/sepolicy/file_contexts @@ -2,6 +2,7 @@ /dev/vport3p1 u:object_r:rpmb_virt_device:s0 /dev/vport3p2 u:object_r:spi_virt_device:s0 /vendor/bin/dhcpclient u:object_r:dhcpclient_exec:s0 +/vendor/bin/securedpud u:object_r:securedpud_exec:s0 /vendor/bin/spiproxyd u:object_r:tee_exec:s0 /vendor/bin/storageproxyd u:object_r:tee_exec:s0 /data/vendor/var/run(/.*)? u:object_r:varrun_file:s0 diff --git a/sepolicy/securedpud.te b/sepolicy/securedpud.te new file mode 100644 index 0000000..3eae5e0 --- /dev/null +++ b/sepolicy/securedpud.te @@ -0,0 +1,6 @@ +type securedpud, domain; +type securedpud_exec, exec_type, vendor_file_type, file_type; + +init_daemon_domain(securedpud) + +allow securedpud tee_device:chr_file rw_file_perms; |