diff --git a/smcinvoke/IClientEnv.h b/smcinvoke/IClientEnv.h index 1ad17971f2..2c6d329ddf 100644 --- a/smcinvoke/IClientEnv.h +++ b/smcinvoke/IClientEnv.h @@ -1,12 +1,15 @@ /* SPDX-License-Identifier: GPL-2.0-only * * Copyright (c) 2021 The Linux Foundation. All rights reserved. + * Copyright (c) 2022 Qualcomm Innovation Center, Inc. All rights reserved. */ #define IClientEnv_OP_open 0 #define IClientEnv_OP_registerLegacy 1 #define IClientEnv_OP_register 2 #define IClientEnv_OP_registerWithWhitelist 3 +#define IClientEnv_OP_notifyDomainChange 4 +#define IClientEnv_OP_registerWithCredentials 5 static inline int32_t IClientEnv_release(struct Object self) @@ -89,3 +92,26 @@ IClientEnv_registerWithWhitelist(struct Object self, return result; } +static inline int32_t +IClientEnv_notifyDomainChange(struct Object self) +{ + return Object_invoke(self, IClientEnv_OP_notifyDomainChange, 0, 0); +} + +static inline int32_t +IClientEnv_registerWithCredentials(struct Object self, struct Object + credentials_val, struct Object *clientEnv_ptr) +{ + union ObjectArg a[2]={{{0,0}}}; + int32_t result; + + a[0].o = credentials_val; + + result = Object_invoke(self, IClientEnv_OP_registerWithCredentials, a, + ObjectCounts_pack(0, 0, 1, 1)); + + *clientEnv_ptr = a[1].o; + + return result; +} + diff --git a/smcinvoke/smcinvoke.c b/smcinvoke/smcinvoke.c index d8af89b708..98d79869bf 100644 --- a/smcinvoke/smcinvoke.c +++ b/smcinvoke/smcinvoke.c @@ -33,6 +33,7 @@ #include "misc/qseecom_kernel.h" #include "smcinvoke.h" #include "smcinvoke_object.h" +#include "IClientEnv.h" #define CREATE_TRACE_POINTS #include "trace_smcinvoke.h" @@ -2256,6 +2257,14 @@ static long process_invoke_req(struct file *filp, unsigned int cmd, return -EINVAL; } + if (context_type == SMCINVOKE_OBJ_TYPE_TZ_OBJ && + tzobj->tzhandle == SMCINVOKE_TZ_ROOT_OBJ && + (req.op == IClientEnv_OP_notifyDomainChange || + req.op == IClientEnv_OP_registerWithCredentials)) { + pr_err("invalid rootenv op\n"); + return -EINVAL; + } + nr_args = OBJECT_COUNTS_NUM_buffers(req.counts) + OBJECT_COUNTS_NUM_objects(req.counts); diff --git a/smcinvoke/smcinvoke_kernel.c b/smcinvoke/smcinvoke_kernel.c index 96fe0af47a..46a292613c 100644 --- a/smcinvoke/smcinvoke_kernel.c +++ b/smcinvoke/smcinvoke_kernel.c @@ -1,6 +1,7 @@ // SPDX-License-Identifier: GPL-2.0-only /* * Copyright (c) 2021, The Linux Foundation. All rights reserved. + * Copyright (c) 2022 Qualcomm Innovation Center, Inc. All rights reserved. */ #if !IS_ENABLED(CONFIG_QSEECOM) #include @@ -277,23 +278,12 @@ static int get_root_obj(struct Object *rootObj) } /* - * Get a client environment using CBOR encoded credentials - * with UID of SYSTEM_UID (1000) + * Get a client environment using a NULL credentials Object */ int32_t get_client_env_object(struct Object *clientEnvObj) { int32_t ret = OBJECT_ERROR; struct Object rootObj = Object_NULL; - /* Hardcode self cred buffer in CBOR encoded format. - * CBOR encoded credentials is created using following parameters, - * #define ATTR_UID 1 - * #define ATTR_PKG_NAME 3 - * #define SYSTEM_UID 1000 - * static const uint8_t bufString[] = {"UefiSmcInvoke"}; - */ - uint8_t encodedBuf[] = {0xA2, 0x01, 0x19, 0x03, 0xE8, 0x03, 0x6E, 0x55, - 0x65, 0x66, 0x69, 0x53, 0x6D, 0x63, 0x49, 0x6E, - 0x76, 0x6F, 0x6B, 0x65, 0x0}; /* get rootObj */ ret = get_root_obj(&rootObj); @@ -303,8 +293,8 @@ int32_t get_client_env_object(struct Object *clientEnvObj) } /* get client env */ - ret = IClientEnv_registerLegacy(rootObj, encodedBuf, - sizeof(encodedBuf), clientEnvObj); + ret = IClientEnv_registerWithCredentials(rootObj, + Object_NULL, clientEnvObj); if (ret) pr_err("Failed to get ClientEnvObject, ret = %d\n", ret); Object_release(rootObj);