Example #1
0
static long htc_msgservice_ioctl(struct file *file, uint32_t command, unsigned long arg)
{
	htc_msgservcie_t mmsg;
	int32_t ret = 0;
	int32_t ii;
	/*
	if (!capable(CAP_SYS_ADMIN)) {
		return -EPERM;
	}
	*/
	PDEBUG("command = %x\n", command);
	switch (command) {
	case HTC_IOCTL_MSGSERVICE:
		if (copy_from_user(&mmsg, (void __user *)arg, sizeof(htc_msgservcie_t))) {
			PERR("copy_from_user error (msg)");
			return -EFAULT;
		}
		PDEBUG("func = %x\n", mmsg.func);

		switch (mmsg.func) {
		case ITEM_REMOTE_MSG:
			if ((mmsg.req_buf == NULL) || (mmsg.req_len != sizeof(htc_remote_msg_t))) {
				PERR("invalid arguments");
				return -EFAULT;
			}
			if (copy_from_user(htc_rmt_msg, (void __user *)mmsg.req_buf, mmsg.req_len)) {
				PERR("copy_from_user error (sdkey)");
				return -EFAULT;
			}
			PDEBUG("Input message:");
			for (ii = 0; ii < sizeof(htc_remote_msg_t); ii++) {
				PDEBUG("%02x", *((uint8_t *)htc_rmt_msg + ii));
			}
			scm_flush_range((uint32_t)htc_rmt_msg, (uint32_t)(htc_rmt_msg) + mmsg.req_len);
			ret = secure_access_item(1, ITEM_REMOTE_MSG, mmsg.req_len, htc_rmt_msg);
			PERR("Do nothing! (%d)\n", ret);
			break;

		default:
			PERR("func error\n");
			return -EFAULT;
		}
		break;

	default:
		PERR("command error\n");
		return -EFAULT;
	}
	return ret;
}
Example #2
0
static long htc_sdservice_ioctl(struct file *file, unsigned int command, unsigned long arg)
{
	htc_sdservice_msg_s hmsg;
	htc_sec_ats_t amsg;
	int ret = 0;

	PDEBUG("command = %x\n", command);
	switch (command) {
	case HTC_IOCTL_SDSERVICE:
		if (copy_from_user(&hmsg, (void __user *)arg, sizeof(hmsg))) {
			PERR("copy_from_user error (msg)");
			return -EFAULT;
		}
#ifdef CONFIG_ARCH_MSM7X30
		oem_rapi_client_init2();
#endif 
		PDEBUG("func = %x\n", hmsg.func);
		switch (hmsg.func) {
		case ITEM_SD_KEY_ENCRYPT:
			if ((hmsg.req_buf == NULL) || (hmsg.req_len != HTC_SDKEY_LEN)) {
				PERR("invalid arguments");
				return -EFAULT;
			}
			if (copy_from_user(htc_sdkey, (void __user *)hmsg.req_buf, hmsg.req_len)) {
				PERR("copy_from_user error (sdkey)");
				return -EFAULT;
			}
#ifdef CONFIG_ARCH_MSM7X30
			ret = oem_rapi_pack_send(OEM_RAPI_CLIENT_EVENT_SDSERVICE_ENC, htc_sdkey, hmsg.req_len);
			oem_rapi_client_close2();
#else
			ret = secure_access_item(0, ITEM_SD_KEY_ENCRYPT, hmsg.req_len, htc_sdkey);
#endif	
			if (ret)
				PERR("Encrypt SD key fail (%d)\n", ret);

			scm_inv_range((uint32_t)htc_sdkey, (uint32_t)htc_sdkey + HTC_SDKEY_LEN);
			if (copy_to_user((void __user *)hmsg.resp_buf, htc_sdkey, hmsg.req_len)) {
				PERR("copy_to_user error (sdkey)");
				return -EFAULT;
			}
			break;

		case ITEM_SD_KEY_DECRYPT:
			if ((hmsg.req_buf == NULL) || (hmsg.req_len != HTC_SDKEY_LEN)) {
				PERR("invalid arguments");
				return -EFAULT;
			}
			if (copy_from_user(htc_sdkey, (void __user *)hmsg.req_buf, hmsg.req_len)) {
				PERR("copy_from_user error (sdkey)");
				return -EFAULT;
			}
#ifdef CONFIG_ARCH_MSM7X30
			ret = oem_rapi_pack_send(OEM_RAPI_CLIENT_EVENT_SDSERVICE_DEC, htc_sdkey, hmsg.req_len);
			oem_rapi_client_close2();
#else
			ret = secure_access_item(0, ITEM_SD_KEY_DECRYPT, hmsg.req_len, htc_sdkey);
#endif	
			if (ret)
				PERR("Encrypt SD key fail (%d)\n", ret);

			scm_inv_range((uint32_t)htc_sdkey, (uint32_t)htc_sdkey + HTC_SDKEY_LEN);
			if (copy_to_user((void __user *)hmsg.resp_buf, htc_sdkey, hmsg.req_len)) {
				PERR("copy_to_user error (sdkey)");
				return -EFAULT;
			}
			break;

		default:
			PERR("func error\n");
			return -EFAULT;
		}
		break;

	case HTC_IOCTL_SEC_ATS_GET:
		if (!arg) {
			PERR("invalid arguments");
			return -ENOMEM;
		}
		ret = secure_access_item(0, ITEM_SEC_ATS, sizeof(htc_sec_ats_t), (unsigned char *)&amsg);
		if (ret) {
			PERR("ATS service fail (%d)\n", ret);
			return ret;
		}
		scm_inv_range((uint32_t)&amsg, (uint32_t)&amsg + sizeof(htc_sec_ats_t));

		if (copy_to_user((void __user *)arg, &amsg, sizeof(htc_sec_ats_t))) {
			PERR("copy_to_user error (msg)");
			return -EFAULT;
		}
		break;

	case HTC_IOCTL_SEC_ATS_SET:
		if (!arg) {
			PERR("invalid arguments");
			return -ENOMEM;
		}
		if (copy_from_user(&amsg, (void __user *)arg, sizeof(htc_sec_ats_t))) {
			PERR("copy_from_user error (msg)");
			return -EFAULT;
		}
		PDEBUG("func = %x, sizeof htc_sec_ats_t = %d\n", amsg.func_info.func_id, sizeof(htc_sec_ats_t));
		ret = secure_access_item(1, ITEM_SEC_ATS, sizeof(htc_sec_ats_t), (unsigned char *)&amsg);
		if (ret)
			PERR("ATS service fail (%d)\n", ret);
		break;

	default:
		PERR("command error\n");
		return -EFAULT;
	}
	return ret;
}
Example #3
0
static ssize_t scm_memchk_read(struct device *dev,
				  struct device_attribute *attr, char *buf)
{
	mem_chk_t *mem_chk;
	unsigned int addr, chk_cln = 0;
	unsigned int *rbuf, buf_len;
	int len, i, ret, prt_len = 0;

	if (mem_addr == 0 && mem_len == 0)
		return 0;

	/* Don't change the output format
	    (or MPU verification tool need to be modified accordingly) */
	addr = mem_addr;
	len = mem_len;
	chk_cln = mem_chk_cln;

	if (chk_cln)
		buf_len = sizeof(mem_chk_t);
	else
		buf_len = ((len<<2) > sizeof(mem_chk_t))? (len<<2): sizeof(mem_chk_t);

	/* buffer allocate for read memory */
	rbuf = (unsigned int *)kzalloc(buf_len, GFP_KERNEL);
	if (rbuf == NULL) {
		pr_err("[MEMCHK] Out of mem...\n");
		return -1;
	}

	mem_chk = (mem_chk_t *)rbuf;
	mem_chk->enable = 1;
	mem_chk->chk_cln = chk_cln;
	mem_chk->addr = addr;
	mem_chk->len = len;

	ret = secure_access_item(1, ITEM_READ_MEM, sizeof(mem_chk_t), (unsigned char *)mem_chk);
	if (ret) {
		pr_err("Access Error\n");
		kfree(rbuf);
		return -1;
	}

	ret = secure_access_item(0, ITEM_READ_MEM, buf_len, (unsigned char *)rbuf);
	if (ret) {
		pr_err("Access Error\n");
		kfree(rbuf);
		return -1;
	}

	if (chk_cln) {
		if (rbuf[0])
			prt_len += sprintf(buf + prt_len, "[%X]: %X\n", rbuf[0], rbuf[1]);
		else
			prt_len += sprintf(buf + prt_len, "Memory Region Clean\n");
	} else {
		for (i = 0; i < len; i++)
			prt_len += sprintf(buf + prt_len, "[%X]: %X\n", addr + (i<<2), rbuf[i]);
	}

	kfree(rbuf);
	return prt_len;
}
Example #4
0
static int htcdrm_ioctl(struct inode *inode, struct file *file,
						unsigned int command, unsigned long arg)
{
	htc_drm_msg_s hmsg;
	int ret = 0;
	unsigned char *ptr;

	PDEBUG("command = %x\n", command);
	switch (command) {
	case HTCDRM_IOCTL_WIDEVINE:
		if (copy_from_user(&hmsg, (void __user *)arg, sizeof(hmsg))) {
			PERR("copy_from_user error (msg)");
			return -EFAULT;
		}

		PDEBUG("func = %x\n", hmsg.func);
		switch (hmsg.func) {
		case HTC_OEMCRYPTO_STORE_KEYBOX:
			if ((hmsg.req_buf == NULL) || (hmsg.req_len != WIDEVINE_KEYBOX_LEN)) {
				PERR("invalid arguments");
				return -EFAULT;
			}
			if (copy_from_user(htc_keybox, (void __user *)hmsg.req_buf, hmsg.req_len)) {
				PERR("copy_from_user error (keybox)");
				return -EFAULT;
			}

			ret = secure_access_item(1, ITEM_KEYBOX_PROVISION, hmsg.req_len,
					htc_keybox);
			if (ret)
				PERR("provision keybox failed (%d)\n", ret);
			break;
		case HTC_OEMCRYPTO_GET_KEYBOX:
			if ((hmsg.resp_buf == NULL) || !hmsg.resp_len ||
					((hmsg.offset + hmsg.resp_len) > WIDEVINE_KEYBOX_LEN)) {
				PERR("invalid arguments");
				return -EFAULT;
			}

			ret = secure_access_item(0, ITEM_KEYBOX_DATA, WIDEVINE_KEYBOX_LEN,
					htc_keybox);
			if (ret)
				PERR("get keybox failed (%d)\n", ret);
			else {
				if (copy_to_user((void __user *)hmsg.resp_buf, htc_keybox + hmsg.offset, hmsg.resp_len)) {
					PERR("copy_to_user error (keybox)");
					return -EFAULT;
				}
			}
			break;
		case HTC_OEMCRYPTO_IDENTIFY_DEVICE:
			if ((hmsg.resp_buf == NULL) || (hmsg.resp_len != DEVICE_ID_LEN)) {
				PERR("invalid arguments");
				return -EFAULT;
			}

			ret = secure_access_item(0, ITEM_DEVICE_ID, DEVICE_ID_LEN,
					htc_device_id);
			if (ret)
				PERR("get device ID failed (%d)\n", ret);
			else {
				if (copy_to_user((void __user *)hmsg.resp_buf, htc_device_id, DEVICE_ID_LEN)) {
					PERR("copy_to_user error (device ID)");
					return -EFAULT;
				}
			}
			break;
		case HTC_OEMCRYPTO_GET_RANDOM:
			if ((hmsg.resp_buf == NULL) || !hmsg.resp_len) {
				PERR("invalid arguments");
				return -EFAULT;
			}
			ptr = kzalloc(hmsg.resp_len, GFP_KERNEL);
			if (ptr == NULL) {
				PERR("allocate the space for random data failed\n");
				return -1;
			}

			ret = secure_access_item(0, ITEM_RAND_DATA, hmsg.resp_len, ptr);
			if (ret)
				PERR("get random data failed (%d)\n", ret);
			else {
				if (copy_to_user((void __user *)hmsg.resp_buf, ptr, hmsg.resp_len)) {
					PERR("copy_to_user error (random data)");
					kfree(ptr);
					return -EFAULT;
				}
			}
			kfree(ptr);
			break;
		default:
			PERR("func error\n");
			return -EFAULT;
		}

		break;

	default:
		PERR("command error\n");
		return -EFAULT;
	}
	return ret;
}
Example #5
0
static long htc_fingerprint_ioctl(struct file *file, unsigned int command, unsigned long arg)
{
	htc_fingerprint_msg_s hmsg;
	htc_sec_ats_t amsg;
	int ret = 0;

	switch (command) {
	case HTC_IOCTL_FPSERVICE:
		if (copy_from_user(&hmsg, (void __user *)arg, sizeof(hmsg))) {
			PERR("copy_from_user error (msg)");
			return -EFAULT;
		}
		PERR("func = %x", hmsg.func);
		switch (hmsg.func) {
		case ITEM_FP_KEY_ENCRYPT:
			if ((hmsg.req_buf == NULL) || (hmsg.req_len == 0)){
				PERR("invalid arguments (ITEM_FP_KEY_ENCRYPT)");
				return -EFAULT;
			}
			htc_fpkey = kzalloc(hmsg.req_len, GFP_KERNEL);
			if (htc_fpkey == NULL) {
				PERR("allocate the space for data failed (%d)", hmsg.req_len);
				return -EFAULT;
			}
			if (copy_from_user(htc_fpkey, (void __user *)hmsg.req_buf, hmsg.req_len)) {
				PERR("copy_from_user error (fpkey)");
				kfree(htc_fpkey);
				return -EFAULT;
			}

			ret = secure_access_item(0, ITEM_FP_KEY_ENCRYPT, hmsg.req_len, htc_fpkey);

			if (ret)
				PERR("encrypt FP key fail (%d)", ret);

			scm_inv_range((uint32_t)htc_fpkey, (uint32_t)htc_fpkey + hmsg.req_len);
			if (copy_to_user((void __user *)hmsg.resp_buf, htc_fpkey, hmsg.req_len)) {
				PERR("copy_to_user error (fpkey)");
				kfree(htc_fpkey);
				return -EFAULT;
			}

			kfree(htc_fpkey);
			break;

		case ITEM_FP_KEY_DECRYPT:
			if ((hmsg.req_buf == NULL) || (hmsg.req_len == 0)){
				PERR("invalid arguments");
				return -EFAULT;
			}
			htc_fpkey = kzalloc(hmsg.req_len, GFP_KERNEL);
			if (htc_fpkey == NULL) {
				PERR("allocate the space for data failed (%d)", hmsg.req_len);
				return -EFAULT;
			}
			if (copy_from_user(htc_fpkey, (void __user *)hmsg.req_buf, hmsg.req_len)) {
				PERR("copy_from_user error (fpkey)");
				kfree(htc_fpkey);
				return -EFAULT;
			}

			ret = secure_access_item(0, ITEM_FP_KEY_DECRYPT, hmsg.req_len, htc_fpkey);

			if (ret)
				PERR("decrypt FP key fail (%d)", ret);

			scm_inv_range((uint32_t)htc_fpkey, (uint32_t)htc_fpkey + hmsg.req_len);
			if (copy_to_user((void __user *)hmsg.resp_buf, htc_fpkey, hmsg.req_len)) {
				PERR("copy_to_user error (fpkey)");
				kfree(htc_fpkey);
				return -EFAULT;
			}

			kfree(htc_fpkey);
			break;

		default:
			PERR("func error");
			return -EFAULT;
		}
		break;

	case HTC_IOCTL_SEC_ATS_GET:
		if (!arg) {
			PERR("invalid arguments");
			return -ENOMEM;
		}
		ret = secure_access_item(0, ITEM_SEC_ATS, sizeof(htc_sec_ats_t), (unsigned char *)&amsg);
		if (ret) {
			PERR("ATS service fail (%d)", ret);
			return ret;
		}
		scm_inv_range((uint32_t)&amsg, (uint32_t)&amsg + sizeof(htc_sec_ats_t));

		if (copy_to_user((void __user *)arg, &amsg, sizeof(htc_sec_ats_t))) {
			PERR("copy_to_user error (msg)");
			return -EFAULT;
		}
		break;

	case HTC_IOCTL_SEC_ATS_SET:
		if (!arg) {
			PERR("invalid arguments");
			return -ENOMEM;
		}
		if (copy_from_user(&amsg, (void __user *)arg, sizeof(htc_sec_ats_t))) {
			PERR("copy_from_user error (msg)");
			return -EFAULT;
		}
		PDEBUG("func = %x, sizeof htc_sec_ats_t = %d", amsg.func_info.func_id, sizeof(htc_sec_ats_t));
		ret = secure_access_item(1, ITEM_SEC_ATS, sizeof(htc_sec_ats_t), (unsigned char *)&amsg);
		if (ret)
			PERR("ATS service fail (%d)", ret);
		break;

	default:
		PERR("command error");
		return -EFAULT;
	}
	return ret;
}