ANDROID: Improve module loader checks for GKI symbol protection

* Deny loading of unsigned modules which use protected vmlinux
  symbols.
* Optimize symbols resolution for unsigned modules by avoiding
  searching for symbols exported by other unsigned modules in the list
  of unprotected symbols.

Bug: 343540599
Change-Id: I64bc03ad9e37ec7e85be2099d0132966ffe1b35b
Signed-off-by: Sid Nayyar <sidnayyar@google.com>
(cherry picked from commit 8faec9ddf1)
This commit is contained in:
Sid Nayyar 2024-05-31 13:05:29 +00:00 committed by Treehugger Robot
parent 9acf2adaf5
commit bb064dd1e0

View File

@ -1113,6 +1113,8 @@ static const struct kernel_symbol *resolve_symbol(struct module *mod,
const char *name,
char ownername[])
{
bool is_vendor_module;
bool is_vendor_exported_symbol;
struct find_symbol_arg fsa = {
.name = name,
.gplok = !(mod->taints & (1 << TAINT_PROPRIETARY_MODULE)),
@ -1150,16 +1152,19 @@ static const struct kernel_symbol *resolve_symbol(struct module *mod,
}
/*
* ANDROID: GKI:
* In case of an unsigned module symbol resolves only if:
* 1. Symbol is in the list of unprotected symbol list OR
* 2. If symbol owner is not NULL i.e. owner is another module;
* it has to be an unsigned module and not signed GKI module
* to protect symbols exported by signed GKI modules.
* ANDROID GKI
*
* Vendor (i.e., unsigned) modules are only permitted to use:
*
* 1. symbols exported by other vendor (unsigned) modules
* 2. unprotected symbols
*/
if (!mod->sig_ok &&
!gki_is_module_unprotected_symbol(name) &&
fsa.owner && fsa.owner->sig_ok) {
is_vendor_module = !mod->sig_ok;
is_vendor_exported_symbol = fsa.owner && !fsa.owner->sig_ok;
if (is_vendor_module &&
!is_vendor_exported_symbol &&
!gki_is_module_unprotected_symbol(name)) {
fsa.sym = ERR_PTR(-EACCES);
goto getname;
}