diff --git a/BUILD.gn b/BUILD.gn index 24735a2f40ee2a9405400a37a3cf1575d7aac19b..f745cbf3f3236c77a853a1aa52222894b2db9b38 100644 --- a/BUILD.gn +++ b/BUILD.gn @@ -25,6 +25,7 @@ config("common_utils_config") { group("subcomponents") { deps = [ + "${code_signature_root_dir}/interfaces/innerkits/code_sign_attr_utils:libcode_sign_attr_utils", "${code_signature_root_dir}/interfaces/innerkits/code_sign_utils:libcode_sign_utils", "${code_signature_root_dir}/interfaces/innerkits/local_code_sign:liblocal_code_sign_sdk", "${code_signature_root_dir}/services/key_enable:key_enable_targets", diff --git a/bundle.json b/bundle.json index cd87ffb273e0c1c01b610f4c9c8548094a41659f..8ca502bd6796b2b3c83f9a6128f60e1918431806 100644 --- a/bundle.json +++ b/bundle.json @@ -62,6 +62,13 @@ "header_files": [], "header_base": "//base/security/code_signature/interfaces/innerkits/local_code_sign/include" } + }, + { + "name" : "//base/security/code_signature/interfaces/innerkits/code_sign_attr_utils:libcode_sign_attr_utils", + "header": { + "header_files": [], + "header_base": "//base/security/code_signature/interfaces/innerkits/code_sign_attr_utils/include" + } } ], "test": [ "//base/security/code_signature/test:testgroup" ] diff --git a/interfaces/innerkits/code_sign_attr_utils/BUILD.gn b/interfaces/innerkits/code_sign_attr_utils/BUILD.gn new file mode 100755 index 0000000000000000000000000000000000000000..5a53cfb6afd9e9ee4de47a9929b94a97f07bc607 --- /dev/null +++ b/interfaces/innerkits/code_sign_attr_utils/BUILD.gn @@ -0,0 +1,39 @@ +# Copyright (c) 2023 Huawei Device Co., Ltd. +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +import("//build/ohos.gni") +import("../../../code_signature.gni") + +config("public_attr_utils_configs") { + include_dirs = [ "include" ] +} + +ohos_static_library("libcode_sign_attr_utils") { + sources = [ "src/code_sign_attr_utils.c" ] + + configs = [ + ":public_attr_utils_configs", + "${code_signature_root_dir}:common_public_config", + "${code_signature_root_dir}:common_utils_config", + ] + + public_configs = [ ":public_attr_utils_configs" ] + + external_deps = [ + "c_utils:utils", + "hilog:libhilog", + ] + + part_name = "code_signature" + subsystem_name = "security" +} diff --git a/interfaces/innerkits/code_sign_attr_utils/include/code_sign_attr_utils.h b/interfaces/innerkits/code_sign_attr_utils/include/code_sign_attr_utils.h new file mode 100755 index 0000000000000000000000000000000000000000..232636aabd9c0bc395cb6561be60c5761f993234 --- /dev/null +++ b/interfaces/innerkits/code_sign_attr_utils/include/code_sign_attr_utils.h @@ -0,0 +1,70 @@ +/* + * Copyright (c) 2023 Huawei Device Co., Ltd. + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +#ifndef CODE_SIGN_ATTR_UTILS_H +#define CODE_SIGN_ATTR_UTILS_H + +#include + +#ifdef __cplusplus +extern "C" { +#endif + +#define MAX_OWNERID_LEN 64 +#define XPM_REGION_LEN 0x10000000 + +#define OWNERID_SYSTEM_TAG "SYSTEM_LIB_ID" +#define OWNERID_DEBUG_TAG "DEBUG_LIB_ID" +#define OWNERID_SHARED_TAG "SHARED_LIB_ID" +#define OWNERID_COMPAT_TAG "COMPAT_LIB_ID" + +enum file_ownerid_type { + FILE_OWNERID_UNINT = 0, + FILE_OWNERID_SYSTEM, + FILE_OWNERID_APP, + FILE_OWNERID_DEBUG, + FILE_OWNERID_SHARED, + FILE_OWNERID_COMPAT, + FILE_OWNERID_MAX +}; + +/* process and file ownerid types need to correspond to each other */ +enum process_ownerid_type { + PROCESS_OWNERID_UNINIT = FILE_OWNERID_UNINT, + PROCESS_OWNERID_SYSTEM = FILE_OWNERID_SYSTEM, + PROCESS_OWNERID_APP = FILE_OWNERID_APP, + PROCESS_OWNERID_DEBUG = FILE_OWNERID_DEBUG, + PROCESS_OWNERID_COMPAT = FILE_OWNERID_COMPAT, + PROCESS_OWNERID_EXTEND, + PROCESS_OWNERID_MAX +}; + +struct XpmConfig { + uint64_t regionAddr; + uint64_t regionLength; + + uint32_t idType; + char ownerId[MAX_OWNERID_LEN]; +}; + +int InitXpmRegion(void); + +int SetXpmOwnerId(uint32_t idType, const char *ownerId); + +#ifdef __cplusplus +} +#endif + +#endif // CODE_SIGN_ATTR_UTILS_H diff --git a/interfaces/innerkits/code_sign_attr_utils/src/code_sign_attr_utils.c b/interfaces/innerkits/code_sign_attr_utils/src/code_sign_attr_utils.c new file mode 100755 index 0000000000000000000000000000000000000000..100b0eb8e0d3ebeb28159bab2317396cee1b22c2 --- /dev/null +++ b/interfaces/innerkits/code_sign_attr_utils/src/code_sign_attr_utils.c @@ -0,0 +1,79 @@ +/* + * Copyright (c) 2023 Huawei Device Co., Ltd. + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +#include "code_sign_attr_utils.h" + +#include +#include +#include +#include +#include + +#include "errcode.h" +#include "log.h" + +#define XPM_DEV_PATH "/dev/xpm" + +#define XPM_SET_REGION _IOW('x', 0x01, struct XpmConfig) +#define XPM_SET_OWNERID _IOW('x', 0x02, struct XpmConfig) + +static int XpmIoctl(uint32_t cmd, struct XpmConfig *config) +{ + int fd = open(XPM_DEV_PATH, O_RDWR); + if (fd == -1) { + LOG_INFO("Open device file failed: %{public}s (ignore)", strerror(errno)); + return CS_SUCCESS; + } + + int ret = ioctl(fd, cmd, config); + if (ret == -1) { + LOG_ERROR("Ioctl cmd %{public}x failed: %{public}s (ignore)", cmd, strerror(errno)); + } else { + LOG_DEBUG("Ioctl cmd %{public}x success", cmd); + } + close(fd); + + return CS_SUCCESS; +} + +int InitXpmRegion(void) +{ + struct XpmConfig config = {0}; + + config.regionAddr = 0; + config.regionLength = XPM_REGION_LEN; + return XpmIoctl(XPM_SET_REGION, &config); +} + +int SetXpmOwnerId(uint32_t idType, const char *ownerId) +{ + struct XpmConfig config = {0}; + + if (idType >= PROCESS_OWNERID_MAX) { + LOG_ERROR("Input idType is invalid: %{public}u", idType); + return CS_ERR_PARAM_INVALID; + } + + config.idType = idType; + if ((ownerId != NULL) && (strlen(ownerId) != 0)) { + if (memcpy_s(config.ownerId, sizeof(config.ownerId) - 1, ownerId, strlen(ownerId)) != EOK) { + LOG_ERROR("Memcpy ownerId failed, ownerId: %{public}s", ownerId); + return CS_ERR_MEMORY; + } + } + + LOG_DEBUG("Set type = %{public}u, ownerId = %{public}s", idType, ownerId ? ownerId : "NULL"); + return XpmIoctl(XPM_SET_OWNERID, &config); +} diff --git a/interfaces/innerkits/common/include/errcode.h b/interfaces/innerkits/common/include/errcode.h index 290090b02791aecd2b28d02168c635c1e7545355..ebefc8692f05f7fd54a0be6d8b33471ba3e4fc70 100644 --- a/interfaces/innerkits/common/include/errcode.h +++ b/interfaces/innerkits/common/include/errcode.h @@ -16,9 +16,6 @@ #ifndef CODE_SIGN_ERR_CODE_H #define CODE_SIGN_ERR_CODE_H -namespace OHOS { -namespace Security { -namespace CodeSign { enum CommonErrCode { CS_SUCCESS = 0, CS_ERR_MEMORY = -0x1, @@ -99,7 +96,4 @@ enum SignBlockErrCode { CS_ERR_SIGN_EXTENSION_OFFSET_ALIGN = -0x622, CS_ERR_TARGET_FILE_PATH = -0x623, }; -} -} -} #endif diff --git a/test/unittest/BUILD.gn b/test/unittest/BUILD.gn index 0b533d3abdaa2d52d575874dbe046751b768e63e..dd1bb28a8d2979ddaed3bc3102b7369b3348d9ef 100644 --- a/test/unittest/BUILD.gn +++ b/test/unittest/BUILD.gn @@ -205,6 +205,7 @@ ohos_unittest("enable_verity_ioctl_unittest") { ] deps = [ ":key_enable_src_set", + "${code_signature_root_dir}/interfaces/innerkits/code_sign_attr_utils:libcode_sign_attr_utils", "${googletest_dir}:gtest", ] external_deps = [ diff --git a/test/unittest/enable_verity_test.cpp b/test/unittest/enable_verity_test.cpp index 1f09d6964958bec2c2d5a25507b40da72822acb5..be5c8507994cfae1c3e70b192ee33767d504a287 100644 --- a/test/unittest/enable_verity_test.cpp +++ b/test/unittest/enable_verity_test.cpp @@ -35,6 +35,7 @@ #include "enable_key_utils.h" #include "log.h" #include "xpm_common.h" +#include "code_sign_attr_utils.h" using namespace testing::ext; @@ -73,6 +74,7 @@ public: static void SetUpTestCase() { EXPECT_EQ(EnableTestKey(TEST_SUBJECT.c_str(), TEST_ISSUER.c_str()), 0); + EXPECT_EQ(SetXpmOwnerId(PROCESS_OWNERID_COMPAT, NULL), 0); g_isXpmOn = AllocXpmRegion(); SaveStringToFile(SELINUX_MODE_PATH, PERMISSIVE_MODE); SaveStringToFile(XPM_DEBUG_FS_MODE_PATH, ENFORCE_MODE); diff --git a/test/unittest/utils/src/xpm_common.cpp b/test/unittest/utils/src/xpm_common.cpp index 7c0aa7044daa95583ffb70d72d8283003e0ad7c8..ccf46b795ae9202c362966f3a163a678f15a69e6 100644 --- a/test/unittest/utils/src/xpm_common.cpp +++ b/test/unittest/utils/src/xpm_common.cpp @@ -14,6 +14,7 @@ */ #include "xpm_common.h" + #include #include #include @@ -22,54 +23,28 @@ #include #include #include + +#include "code_sign_attr_utils.h" #include "log.h" #include "securec.h" namespace OHOS { namespace Security { namespace CodeSign { -struct XpmRegionInfo { - uint64_t base; - uint64_t length; -}; - struct XpmRegionArea { uint64_t start; uint64_t end; }; -const std::string XPM_DEV_PATH = "/dev/xpm"; const std::string XPM_PROC_PREFIX_PATH = "/proc/"; const std::string XPM_PROC_SUFFIX_PATH = "/xpm_region"; constexpr unsigned long XPM_PROC_LENGTH = 50; -constexpr unsigned long XPM_REGION_LEN = 0x8000000; -constexpr unsigned long SET_XPM_REGION = _IOW('x', 0x01, struct XpmRegionInfo); -static int SetXpmRegion(void) +static int GetXpmRegion(struct XpmRegionArea &area) { - struct XpmRegionInfo info = { 0, XPM_REGION_LEN }; - - int fd = open(XPM_DEV_PATH.c_str(), O_RDWR); - if (fd < 0) { - LOG_ERROR(LABEL, "open xpm dev file failed(%{public}s)", strerror(errno)); - return -1; - } - - int ret = ioctl(fd, SET_XPM_REGION, &info); - if (ret < 0) { - LOG_ERROR(LABEL, "xpm set region failed(%{public}s)", strerror(errno)); - return -1; - } - - close(fd); - return 0; -} - -static int GetXpmRegion(struct XpmRegionArea *area) -{ - if (area == nullptr) { - LOG_ERROR(LABEL, "input area is NULL"); + if (InitXpmRegion() != 0) { + LOG_ERROR(LABEL, "init xpm region failed"); return -1; } @@ -88,7 +63,7 @@ static int GetXpmRegion(struct XpmRegionArea *area) return -1; } - ret = sscanf_s(xpm_region, "%llx-%llx", &area->start, &area->end); + ret = sscanf_s(xpm_region, "%llx-%llx", &area.start, &area.end); if (ret < 0) { LOG_ERROR(LABEL, "sscanf xpm region string failed(%{public}s)", strerror(errno)); return -1; @@ -98,33 +73,11 @@ static int GetXpmRegion(struct XpmRegionArea *area) return 0; } -static int InitXpmRegion(struct XpmRegionArea *area) -{ - if (area == nullptr) { - LOG_ERROR(LABEL, "input area is NULL"); - return -1; - } - - int ret = SetXpmRegion(); - if (ret != 0) { - LOG_ERROR(LABEL, "set xpm region failed"); - return ret; - } - - ret = GetXpmRegion(area); - if (ret != 0) { - LOG_ERROR(LABEL, "get xpm region failed"); - return ret; - } - - return 0; -} - bool AllocXpmRegion() { struct XpmRegionArea area = {0}; - if (InitXpmRegion(&area)) { + if (GetXpmRegion(area)) { return false; } if (!area.start) { diff --git a/utils/include/log.h b/utils/include/log.h index 5393516f93d5d6ab0cb83279fa58a3c3e7020f2f..4bf40cffb49cc5cad37e57992b5739e2ae95806b 100644 --- a/utils/include/log.h +++ b/utils/include/log.h @@ -22,6 +22,24 @@ #include "hilog/log.h" #endif +#ifndef __cplusplus +#ifdef LOG_TAG +#undef LOG_TAG +#endif +#define LOG_TAG "CODE_SIGN" + +#ifdef LOG_DOMAIN +#undef LOG_DOMAIN +#endif +#define LOG_DOMAIN 0xD002F00 + +#define LOG_DEBUG(fmt, ...) HILOG_DEBUG(LOG_CORE, "[%{public}s]:" fmt, __func__, ##__VA_ARGS__) +#define LOG_INFO(fmt, ...) HILOG_INFO(LOG_CORE, "[%{public}s]:" fmt, __func__, ##__VA_ARGS__) +#define LOG_WARN(fmt, ...) HILOG_WARN(LOG_CORE, "[%{public}s]:" fmt, __func__, ##__VA_ARGS__) +#define LOG_ERROR(fmt, ...) HILOG_ERROR(LOG_CORE, "[%{public}s]:" fmt, __func__, ##__VA_ARGS__) +#define LOG_FATAL(fmt, ...) HILOG_FATAL(LOG_CORE, "[%{public}s]:" fmt, __func__, ##__VA_ARGS__) + +#else // __cplusplus namespace OHOS { namespace Security { namespace CodeSign { @@ -41,4 +59,5 @@ static constexpr OHOS::HiviewDFX::HiLogLabel LABEL = {LOG_CORE, SECURITY_DOMAIN, } } } -#endif \ No newline at end of file +#endif +#endif // CODE_SIGN_LOG_H