static long htc_msgservice_ioctl(struct file *file, uint32_t command, unsigned long arg) { htc_msgservcie_t mmsg; int32_t ret = 0; int32_t ii; /* if (!capable(CAP_SYS_ADMIN)) { return -EPERM; } */ PDEBUG("command = %x\n", command); switch (command) { case HTC_IOCTL_MSGSERVICE: if (copy_from_user(&mmsg, (void __user *)arg, sizeof(htc_msgservcie_t))) { PERR("copy_from_user error (msg)"); return -EFAULT; } PDEBUG("func = %x\n", mmsg.func); switch (mmsg.func) { case ITEM_REMOTE_MSG: if ((mmsg.req_buf == NULL) || (mmsg.req_len != sizeof(htc_remote_msg_t))) { PERR("invalid arguments"); return -EFAULT; } if (copy_from_user(htc_rmt_msg, (void __user *)mmsg.req_buf, mmsg.req_len)) { PERR("copy_from_user error (sdkey)"); return -EFAULT; } PDEBUG("Input message:"); for (ii = 0; ii < sizeof(htc_remote_msg_t); ii++) { PDEBUG("%02x", *((uint8_t *)htc_rmt_msg + ii)); } scm_flush_range((uint32_t)htc_rmt_msg, (uint32_t)(htc_rmt_msg) + mmsg.req_len); ret = secure_access_item(1, ITEM_REMOTE_MSG, mmsg.req_len, htc_rmt_msg); PERR("Do nothing! (%d)\n", ret); break; default: PERR("func error\n"); return -EFAULT; } break; default: PERR("command error\n"); return -EFAULT; } return ret; }
static long htc_sdservice_ioctl(struct file *file, unsigned int command, unsigned long arg) { htc_sdservice_msg_s hmsg; htc_sec_ats_t amsg; int ret = 0; PDEBUG("command = %x\n", command); switch (command) { case HTC_IOCTL_SDSERVICE: if (copy_from_user(&hmsg, (void __user *)arg, sizeof(hmsg))) { PERR("copy_from_user error (msg)"); return -EFAULT; } #ifdef CONFIG_ARCH_MSM7X30 oem_rapi_client_init2(); #endif PDEBUG("func = %x\n", hmsg.func); switch (hmsg.func) { case ITEM_SD_KEY_ENCRYPT: if ((hmsg.req_buf == NULL) || (hmsg.req_len != HTC_SDKEY_LEN)) { PERR("invalid arguments"); return -EFAULT; } if (copy_from_user(htc_sdkey, (void __user *)hmsg.req_buf, hmsg.req_len)) { PERR("copy_from_user error (sdkey)"); return -EFAULT; } #ifdef CONFIG_ARCH_MSM7X30 ret = oem_rapi_pack_send(OEM_RAPI_CLIENT_EVENT_SDSERVICE_ENC, htc_sdkey, hmsg.req_len); oem_rapi_client_close2(); #else ret = secure_access_item(0, ITEM_SD_KEY_ENCRYPT, hmsg.req_len, htc_sdkey); #endif if (ret) PERR("Encrypt SD key fail (%d)\n", ret); scm_inv_range((uint32_t)htc_sdkey, (uint32_t)htc_sdkey + HTC_SDKEY_LEN); if (copy_to_user((void __user *)hmsg.resp_buf, htc_sdkey, hmsg.req_len)) { PERR("copy_to_user error (sdkey)"); return -EFAULT; } break; case ITEM_SD_KEY_DECRYPT: if ((hmsg.req_buf == NULL) || (hmsg.req_len != HTC_SDKEY_LEN)) { PERR("invalid arguments"); return -EFAULT; } if (copy_from_user(htc_sdkey, (void __user *)hmsg.req_buf, hmsg.req_len)) { PERR("copy_from_user error (sdkey)"); return -EFAULT; } #ifdef CONFIG_ARCH_MSM7X30 ret = oem_rapi_pack_send(OEM_RAPI_CLIENT_EVENT_SDSERVICE_DEC, htc_sdkey, hmsg.req_len); oem_rapi_client_close2(); #else ret = secure_access_item(0, ITEM_SD_KEY_DECRYPT, hmsg.req_len, htc_sdkey); #endif if (ret) PERR("Encrypt SD key fail (%d)\n", ret); scm_inv_range((uint32_t)htc_sdkey, (uint32_t)htc_sdkey + HTC_SDKEY_LEN); if (copy_to_user((void __user *)hmsg.resp_buf, htc_sdkey, hmsg.req_len)) { PERR("copy_to_user error (sdkey)"); return -EFAULT; } break; default: PERR("func error\n"); return -EFAULT; } break; case HTC_IOCTL_SEC_ATS_GET: if (!arg) { PERR("invalid arguments"); return -ENOMEM; } ret = secure_access_item(0, ITEM_SEC_ATS, sizeof(htc_sec_ats_t), (unsigned char *)&amsg); if (ret) { PERR("ATS service fail (%d)\n", ret); return ret; } scm_inv_range((uint32_t)&amsg, (uint32_t)&amsg + sizeof(htc_sec_ats_t)); if (copy_to_user((void __user *)arg, &amsg, sizeof(htc_sec_ats_t))) { PERR("copy_to_user error (msg)"); return -EFAULT; } break; case HTC_IOCTL_SEC_ATS_SET: if (!arg) { PERR("invalid arguments"); return -ENOMEM; } if (copy_from_user(&amsg, (void __user *)arg, sizeof(htc_sec_ats_t))) { PERR("copy_from_user error (msg)"); return -EFAULT; } PDEBUG("func = %x, sizeof htc_sec_ats_t = %d\n", amsg.func_info.func_id, sizeof(htc_sec_ats_t)); ret = secure_access_item(1, ITEM_SEC_ATS, sizeof(htc_sec_ats_t), (unsigned char *)&amsg); if (ret) PERR("ATS service fail (%d)\n", ret); break; default: PERR("command error\n"); return -EFAULT; } return ret; }
static ssize_t scm_memchk_read(struct device *dev, struct device_attribute *attr, char *buf) { mem_chk_t *mem_chk; unsigned int addr, chk_cln = 0; unsigned int *rbuf, buf_len; int len, i, ret, prt_len = 0; if (mem_addr == 0 && mem_len == 0) return 0; /* Don't change the output format (or MPU verification tool need to be modified accordingly) */ addr = mem_addr; len = mem_len; chk_cln = mem_chk_cln; if (chk_cln) buf_len = sizeof(mem_chk_t); else buf_len = ((len<<2) > sizeof(mem_chk_t))? (len<<2): sizeof(mem_chk_t); /* buffer allocate for read memory */ rbuf = (unsigned int *)kzalloc(buf_len, GFP_KERNEL); if (rbuf == NULL) { pr_err("[MEMCHK] Out of mem...\n"); return -1; } mem_chk = (mem_chk_t *)rbuf; mem_chk->enable = 1; mem_chk->chk_cln = chk_cln; mem_chk->addr = addr; mem_chk->len = len; ret = secure_access_item(1, ITEM_READ_MEM, sizeof(mem_chk_t), (unsigned char *)mem_chk); if (ret) { pr_err("Access Error\n"); kfree(rbuf); return -1; } ret = secure_access_item(0, ITEM_READ_MEM, buf_len, (unsigned char *)rbuf); if (ret) { pr_err("Access Error\n"); kfree(rbuf); return -1; } if (chk_cln) { if (rbuf[0]) prt_len += sprintf(buf + prt_len, "[%X]: %X\n", rbuf[0], rbuf[1]); else prt_len += sprintf(buf + prt_len, "Memory Region Clean\n"); } else { for (i = 0; i < len; i++) prt_len += sprintf(buf + prt_len, "[%X]: %X\n", addr + (i<<2), rbuf[i]); } kfree(rbuf); return prt_len; }
static int htcdrm_ioctl(struct inode *inode, struct file *file, unsigned int command, unsigned long arg) { htc_drm_msg_s hmsg; int ret = 0; unsigned char *ptr; PDEBUG("command = %x\n", command); switch (command) { case HTCDRM_IOCTL_WIDEVINE: if (copy_from_user(&hmsg, (void __user *)arg, sizeof(hmsg))) { PERR("copy_from_user error (msg)"); return -EFAULT; } PDEBUG("func = %x\n", hmsg.func); switch (hmsg.func) { case HTC_OEMCRYPTO_STORE_KEYBOX: if ((hmsg.req_buf == NULL) || (hmsg.req_len != WIDEVINE_KEYBOX_LEN)) { PERR("invalid arguments"); return -EFAULT; } if (copy_from_user(htc_keybox, (void __user *)hmsg.req_buf, hmsg.req_len)) { PERR("copy_from_user error (keybox)"); return -EFAULT; } ret = secure_access_item(1, ITEM_KEYBOX_PROVISION, hmsg.req_len, htc_keybox); if (ret) PERR("provision keybox failed (%d)\n", ret); break; case HTC_OEMCRYPTO_GET_KEYBOX: if ((hmsg.resp_buf == NULL) || !hmsg.resp_len || ((hmsg.offset + hmsg.resp_len) > WIDEVINE_KEYBOX_LEN)) { PERR("invalid arguments"); return -EFAULT; } ret = secure_access_item(0, ITEM_KEYBOX_DATA, WIDEVINE_KEYBOX_LEN, htc_keybox); if (ret) PERR("get keybox failed (%d)\n", ret); else { if (copy_to_user((void __user *)hmsg.resp_buf, htc_keybox + hmsg.offset, hmsg.resp_len)) { PERR("copy_to_user error (keybox)"); return -EFAULT; } } break; case HTC_OEMCRYPTO_IDENTIFY_DEVICE: if ((hmsg.resp_buf == NULL) || (hmsg.resp_len != DEVICE_ID_LEN)) { PERR("invalid arguments"); return -EFAULT; } ret = secure_access_item(0, ITEM_DEVICE_ID, DEVICE_ID_LEN, htc_device_id); if (ret) PERR("get device ID failed (%d)\n", ret); else { if (copy_to_user((void __user *)hmsg.resp_buf, htc_device_id, DEVICE_ID_LEN)) { PERR("copy_to_user error (device ID)"); return -EFAULT; } } break; case HTC_OEMCRYPTO_GET_RANDOM: if ((hmsg.resp_buf == NULL) || !hmsg.resp_len) { PERR("invalid arguments"); return -EFAULT; } ptr = kzalloc(hmsg.resp_len, GFP_KERNEL); if (ptr == NULL) { PERR("allocate the space for random data failed\n"); return -1; } ret = secure_access_item(0, ITEM_RAND_DATA, hmsg.resp_len, ptr); if (ret) PERR("get random data failed (%d)\n", ret); else { if (copy_to_user((void __user *)hmsg.resp_buf, ptr, hmsg.resp_len)) { PERR("copy_to_user error (random data)"); kfree(ptr); return -EFAULT; } } kfree(ptr); break; default: PERR("func error\n"); return -EFAULT; } break; default: PERR("command error\n"); return -EFAULT; } return ret; }
static long htc_fingerprint_ioctl(struct file *file, unsigned int command, unsigned long arg) { htc_fingerprint_msg_s hmsg; htc_sec_ats_t amsg; int ret = 0; switch (command) { case HTC_IOCTL_FPSERVICE: if (copy_from_user(&hmsg, (void __user *)arg, sizeof(hmsg))) { PERR("copy_from_user error (msg)"); return -EFAULT; } PERR("func = %x", hmsg.func); switch (hmsg.func) { case ITEM_FP_KEY_ENCRYPT: if ((hmsg.req_buf == NULL) || (hmsg.req_len == 0)){ PERR("invalid arguments (ITEM_FP_KEY_ENCRYPT)"); return -EFAULT; } htc_fpkey = kzalloc(hmsg.req_len, GFP_KERNEL); if (htc_fpkey == NULL) { PERR("allocate the space for data failed (%d)", hmsg.req_len); return -EFAULT; } if (copy_from_user(htc_fpkey, (void __user *)hmsg.req_buf, hmsg.req_len)) { PERR("copy_from_user error (fpkey)"); kfree(htc_fpkey); return -EFAULT; } ret = secure_access_item(0, ITEM_FP_KEY_ENCRYPT, hmsg.req_len, htc_fpkey); if (ret) PERR("encrypt FP key fail (%d)", ret); scm_inv_range((uint32_t)htc_fpkey, (uint32_t)htc_fpkey + hmsg.req_len); if (copy_to_user((void __user *)hmsg.resp_buf, htc_fpkey, hmsg.req_len)) { PERR("copy_to_user error (fpkey)"); kfree(htc_fpkey); return -EFAULT; } kfree(htc_fpkey); break; case ITEM_FP_KEY_DECRYPT: if ((hmsg.req_buf == NULL) || (hmsg.req_len == 0)){ PERR("invalid arguments"); return -EFAULT; } htc_fpkey = kzalloc(hmsg.req_len, GFP_KERNEL); if (htc_fpkey == NULL) { PERR("allocate the space for data failed (%d)", hmsg.req_len); return -EFAULT; } if (copy_from_user(htc_fpkey, (void __user *)hmsg.req_buf, hmsg.req_len)) { PERR("copy_from_user error (fpkey)"); kfree(htc_fpkey); return -EFAULT; } ret = secure_access_item(0, ITEM_FP_KEY_DECRYPT, hmsg.req_len, htc_fpkey); if (ret) PERR("decrypt FP key fail (%d)", ret); scm_inv_range((uint32_t)htc_fpkey, (uint32_t)htc_fpkey + hmsg.req_len); if (copy_to_user((void __user *)hmsg.resp_buf, htc_fpkey, hmsg.req_len)) { PERR("copy_to_user error (fpkey)"); kfree(htc_fpkey); return -EFAULT; } kfree(htc_fpkey); break; default: PERR("func error"); return -EFAULT; } break; case HTC_IOCTL_SEC_ATS_GET: if (!arg) { PERR("invalid arguments"); return -ENOMEM; } ret = secure_access_item(0, ITEM_SEC_ATS, sizeof(htc_sec_ats_t), (unsigned char *)&amsg); if (ret) { PERR("ATS service fail (%d)", ret); return ret; } scm_inv_range((uint32_t)&amsg, (uint32_t)&amsg + sizeof(htc_sec_ats_t)); if (copy_to_user((void __user *)arg, &amsg, sizeof(htc_sec_ats_t))) { PERR("copy_to_user error (msg)"); return -EFAULT; } break; case HTC_IOCTL_SEC_ATS_SET: if (!arg) { PERR("invalid arguments"); return -ENOMEM; } if (copy_from_user(&amsg, (void __user *)arg, sizeof(htc_sec_ats_t))) { PERR("copy_from_user error (msg)"); return -EFAULT; } PDEBUG("func = %x, sizeof htc_sec_ats_t = %d", amsg.func_info.func_id, sizeof(htc_sec_ats_t)); ret = secure_access_item(1, ITEM_SEC_ATS, sizeof(htc_sec_ats_t), (unsigned char *)&amsg); if (ret) PERR("ATS service fail (%d)", ret); break; default: PERR("command error"); return -EFAULT; } return ret; }