From 3c954212889b24376419ee647a7d14cf7878b390 Mon Sep 17 00:00:00 2001 From: Lukasz Kostyra Date: Thu, 26 Oct 2017 17:08:08 +0200 Subject: [PATCH 01/16] Redirect TA output to file before posix_spawn (append mode) Change-Id: Ic9e8853b86029badee226a6b263254102b98dc1c --- include/include/config.h | 1 + simulatordaemon/src/TAFactory.cpp | 24 +++++++++++++++++++++++- 2 files changed, 24 insertions(+), 1 deletion(-) diff --git a/include/include/config.h b/include/include/config.h index 51752fe..e5cd6c9 100644 --- a/include/include/config.h +++ b/include/include/config.h @@ -27,6 +27,7 @@ //TEEStub must have write access in this directory (creating socket per TA) #define TEE_TASOCK_ROOT "/tmp/" +#define TEE_TALOG_ROOT "/tmp/" #define SHM_PATH "/tmp/shm" #define SIMDAEMON_SOCK_PATH "/tmp/simdaemon" diff --git a/simulatordaemon/src/TAFactory.cpp b/simulatordaemon/src/TAFactory.cpp index 4c5bcbe..0ab0067 100644 --- a/simulatordaemon/src/TAFactory.cpp +++ b/simulatordaemon/src/TAFactory.cpp @@ -400,8 +400,30 @@ bool TAFactory::launchTA(string TAUUID, std::stringstream& str, bool debug, argv[2] = NULL; envp[0] = NULL; + // redirect TA output to file + posix_spawn_file_actions_t child_fd_actions; + int ret = posix_spawn_file_actions_init(&child_fd_actions); + if (ret != 0) { + LOGE(SIM_DAEMON, "posix_spawn_file_actions_init failed"); + return false; + } + + ret = posix_spawn_file_actions_addopen(&child_fd_actions, 1, + (TEE_TALOG_ROOT + TAUUID + ".log").c_str(), + O_WRONLY | O_CREAT | O_APPEND | O_SYNC, 0644); + if (ret != 0) { + LOGE(SIM_DAEMON, "posix_spawn_file_actions_addopen failed"); + return false; + } + + ret = posix_spawn_file_actions_adddup2(&child_fd_actions, 1, 2); + if (ret != 0) { + LOGE(SIM_DAEMON, "posix_spawn_file_actions_adddup2 failed"); + return false; + } + // Spawn TA - result = posix_spawn(&pid, argv[0], NULL, NULL, argv, envp); + result = posix_spawn(&pid, argv[0], &child_fd_actions, NULL, argv, envp); if (result == 0) { LOGD(SIM_DAEMON, "TA pid: %i\n", pid); LOGD(SIM_DAEMON, "Launched Trusted Application"); -- 2.7.4 From 3fc1c1ab7a7ece0cdfbe998555d214aa5d4fa581 Mon Sep 17 00:00:00 2001 From: Krzysztof Dynowski Date: Wed, 3 Jan 2018 11:50:25 +0100 Subject: [PATCH 02/16] fix: check context before use (where missing) Change-Id: I6494cffdfb77bda7cc191a0be76f350b79322568 --- TEECLib/src/teec_api.c | 35 +++++++++++++++++++++++++++++++++-- 1 file changed, 33 insertions(+), 2 deletions(-) diff --git a/TEECLib/src/teec_api.c b/TEECLib/src/teec_api.c index e4cb0c2..132f4d9 100644 --- a/TEECLib/src/teec_api.c +++ b/TEECLib/src/teec_api.c @@ -739,7 +739,7 @@ TEEC_Result TEEC_RegisterSharedMemory(TEEC_Context *context, // Check if the context is initialized if (!checkContext(context)) { - LOGE(TEEC_LIB, "Invalid context %p", context); + LOGE(TEEC_LIB, "Invalid context"); return TEEC_ERROR_BAD_PARAMETERS; } @@ -876,7 +876,7 @@ TEEC_Result TEEC_AllocateSharedMemory(TEEC_Context *context, // Check if the Context is initialized if (!checkContext(context)) { - LOGE(TEEC_LIB, "context is not found"); + LOGE(TEEC_LIB, "Invalid context"); return TEEC_ERROR_BAD_PARAMETERS; } @@ -1016,6 +1016,13 @@ void TEEC_ReleaseSharedMemory(TEEC_SharedMemory *sharedMem) return; } + // Check if the Context is initialized + if (!checkContext(context)) { + LOGE(TEEC_LIB, "Invalid context"); + return; + } + + // Check if the Context imp structure is valid context_imp = (TEEC_ContextImp *)context->imp; @@ -1098,6 +1105,12 @@ TEEC_Result TEEC_OpenSession(TEEC_Context *context, TEEC_Session *session, return TEEC_ERROR_BAD_PARAMETERS; } + // Check if the context is initialized + if (!checkContext(context)) { + LOGE(TEEC_LIB, "Invalid context"); + return TEEC_ERROR_BAD_PARAMETERS; + } + // Check if the context imp is valid TEEC_ContextImp *context_imp = (TEEC_ContextImp *)context->imp; @@ -1279,6 +1292,12 @@ void TEEC_CloseSession(TEEC_Session *session) return; } + // Check if the context is initialized + if (!checkContext(session_imp->context)) { + LOGE(TEEC_LIB, "Invalid context"); + return; + } + // Check if Context imp is valid TEEC_ContextImp *context_imp = (TEEC_ContextImp *)session_imp->context->imp; @@ -1359,6 +1378,12 @@ TEEC_Result TEEC_InvokeCommand(TEEC_Session *session, uint32_t commandID, return TEEC_ERROR_BAD_PARAMETERS; } + // Check if the context is initialized + if (!checkContext(session_imp->context)) { + LOGE(TEEC_LIB, "Invalid context"); + return TEEC_ERROR_BAD_PARAMETERS; + } + // Check if Context imp is valid TEEC_ContextImp *context_imp = (TEEC_ContextImp *)session_imp->context->imp; @@ -1507,6 +1532,12 @@ void TEEC_RequestCancellation(TEEC_Operation *operation) return; } + // Check if the context is initialized + if (!checkContext(session_imp->context)) { + LOGE(TEEC_LIB, "Invalid context"); + return; + } + // Check if Context imp is valid TEEC_ContextImp *context_imp = (TEEC_ContextImp *)session_imp->context->imp; -- 2.7.4 From 6925d644eec8cc17d65bf0b00ba2a95c63872712 Mon Sep 17 00:00:00 2001 From: leejungkyuen Date: Wed, 26 Jul 2017 15:58:50 +0900 Subject: [PATCH 03/16] Delete duplicate macros, move them to one config.h Change-Id: Idbebaec899d491786402172e5e9a554a72e8e45c --- TEECLib/src/teec_api.c | 3 +- TEEStub/teestubmain.cpp | 4 ++- include/include/config.h | 4 ++- simulatordaemon/inc/path.h | 36 ---------------------- simulatordaemon/src/SimulatorDaemon.cpp | 7 ++--- .../src/TABinaryManager/TABinaryManager.cpp | 4 +-- simulatordaemon/src/TABinaryManager/TestMain.cpp | 7 +++-- simulatordaemon/src/TAInstance.cpp | 1 + ssflib/dep/swdss/source/secure_file.cpp | 2 +- ssflib/src/ssf_client.cpp | 1 - 10 files changed, 18 insertions(+), 51 deletions(-) delete mode 100644 simulatordaemon/inc/path.h diff --git a/TEECLib/src/teec_api.c b/TEECLib/src/teec_api.c index 132f4d9..c46c933 100644 --- a/TEECLib/src/teec_api.c +++ b/TEECLib/src/teec_api.c @@ -191,8 +191,7 @@ static void freeSharedMemory(TEEC_SharedMemory *shm) return; } - ret = snprintf(shm_name, sizeof(shm_name), SHM_NAME_TEMPLATE, - sharedMem_imp->shmKey); + ret = snprintf(shm_name, sizeof(shm_name), SHM_NAME_TEMPLATE, sharedMem_imp->shmKey); if (ret == sizeof(shm_name)) { LOGE(TEE_STUB, "the shm object name is too long"); diff --git a/TEEStub/teestubmain.cpp b/TEEStub/teestubmain.cpp index 3b1cd3b..b66cd4e 100644 --- a/TEEStub/teestubmain.cpp +++ b/TEEStub/teestubmain.cpp @@ -108,7 +108,9 @@ int main(int argc, char* argv[]) { // Once the server is started, it exits only after the // connection is lost or gracefully disconnected. - StartServer(string(TEE_TASOCK_ROOT) + string(argv[1])); + std::string sock = string(TEE_TASOCK_ROOT) + argv[1]; + LOGD(TEE_STUB, "StartServer on %s\n", sock.c_str()); + StartServer(sock); LOGD(TEE_STUB, "Exiting TEEStub\n"); // Deallocate property objects if (TEE_SUCCESS == initStatus) DeInitPropertyModule(); diff --git a/include/include/config.h b/include/include/config.h index e5cd6c9..19c251c 100644 --- a/include/include/config.h +++ b/include/include/config.h @@ -25,13 +25,15 @@ //this is ln -s to /usr/lib/tastore or /usr/lib64/tastore (see spec file) #define TEE_TASTORE_ROOT "/opt/tastore/" +#define SIMDAEMON_SOCK_PATH "/tmp/simdaemon" //TEEStub must have write access in this directory (creating socket per TA) #define TEE_TASOCK_ROOT "/tmp/" #define TEE_TALOG_ROOT "/tmp/" #define SHM_PATH "/tmp/shm" -#define SIMDAEMON_SOCK_PATH "/tmp/simdaemon" #define TEE_PROP_PATH "/usr/bin/GPD_TEE_PROP" +#define TEE_SS_ROOT "/tmp/tastore2/" + #endif /* INCLUDE_CONFIG_H_ */ diff --git a/simulatordaemon/inc/path.h b/simulatordaemon/inc/path.h deleted file mode 100644 index 37a528f..0000000 --- a/simulatordaemon/inc/path.h +++ /dev/null @@ -1,36 +0,0 @@ -/** - * Copyright (c) 2015-2017 Samsung Electronics Co., Ltd All Rights Reserved - * - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ - -/** - * @file - * @author CHERYL (cb) (cheryl.b@samsung.com) - * @brief Path detail - */ - - -#if !defined(_PATH_H) -#define _PATH_H - -/*----------------------------------------------------------------------------- - * MACROS - *-----------------------------------------------------------------------------*/ - -// shm path to be created for Shared memory functionality support -#define SHM_PATH "/tmp/shm" -// socket path for connection with Simulator Daemon -#define SIMDAEMON_PATH "/tmp/simdaemon" - -#endif //_PATH_H diff --git a/simulatordaemon/src/SimulatorDaemon.cpp b/simulatordaemon/src/SimulatorDaemon.cpp index f5928f1..70dd279 100644 --- a/simulatordaemon/src/SimulatorDaemon.cpp +++ b/simulatordaemon/src/SimulatorDaemon.cpp @@ -24,10 +24,9 @@ /*----------------------------------------------------------------------------- * Include files *-----------------------------------------------------------------------------*/ -#include "path.h" #include "SimulatorDaemonServer.h" - #include +#include /*----------------------------------------------------------------------------- * Local functions @@ -108,7 +107,7 @@ int main() { LOGD(SIM_DAEMON, "Entry"); uint32_t result = 0; try { - int sockFD = getSystemdSocket(SIMDAEMON_PATH); + int sockFD = getSystemdSocket(SIMDAEMON_SOCK_PATH); //initializeShm(); if (sockFD > 0) { @@ -117,7 +116,7 @@ int main() { startServer(ioService::getInstance()); } else { LOGI(SIM_DAEMON, "No systemd socket available - creating own one"); - SimulatorDaemonServer s(ioService::getInstance(), SIMDAEMON_PATH); + SimulatorDaemonServer s(ioService::getInstance(), SIMDAEMON_SOCK_PATH); startServer(ioService::getInstance()); } diff --git a/simulatordaemon/src/TABinaryManager/TABinaryManager.cpp b/simulatordaemon/src/TABinaryManager/TABinaryManager.cpp index 298a76d..18910d7 100644 --- a/simulatordaemon/src/TABinaryManager/TABinaryManager.cpp +++ b/simulatordaemon/src/TABinaryManager/TABinaryManager.cpp @@ -25,7 +25,6 @@ * Include files *-----------------------------------------------------------------------------*/ #include "TABinaryManager.h" -#include #include #include #include @@ -36,6 +35,7 @@ #include #include #include +#include /*----------------------------------------------------------------------------- * Globals *-----------------------------------------------------------------------------*/ @@ -251,7 +251,7 @@ bool TABinaryManager::unpackBinary(const string &uuid, StructBinaryInfo& info) { if (0 == unpacker->unpackTA(string(TEE_TASTORE_ROOT), uuid)) { LOGD(SIM_DAEMON, "Unpacked, filling info"); // 1. Set binary info - info.path = string(TEE_TASTORE_ROOT)+ uuid; + info.path = string(TEE_TASTORE_ROOT) + uuid; info.extractpath = string(TEE_TASTORE_ROOT) + uuid + "-ext/"; info.imagePath = info.extractpath + uuid + ".image"; info.manifestPath = info.extractpath + uuid + ".manifest"; diff --git a/simulatordaemon/src/TABinaryManager/TestMain.cpp b/simulatordaemon/src/TABinaryManager/TestMain.cpp index f66443d..b0b322a 100644 --- a/simulatordaemon/src/TABinaryManager/TestMain.cpp +++ b/simulatordaemon/src/TABinaryManager/TestMain.cpp @@ -26,7 +26,8 @@ #include "TABinaryManager.h" #include "TAManifest.h" #include "TAUnpack.h" -#include "Config.h" +#include + using namespace std; int test_main() { @@ -49,7 +50,7 @@ int test_main() { // Unpack TA case 1: { TAUnpack *unpacker = TAUnpack::getInstance(); - unpacker->unpackTA(TA_STORE_PATH, "0000-0000-0000-0000000000c7"); + unpacker->unpackTA(TEE_TASTORE_ROOT, "0000-0000-0000-0000000000c7"); break; } // Manifest test @@ -57,7 +58,7 @@ int test_main() { TAManifest manifest; manifest.processXML( string( - TA_STORE_PATH"0000-0000-0000-0000000000c7-ext/0000-0000-0000-0000000000c7.manifest")); + TEE_TASTORE_ROOT"0000-0000-0000-0000000000c7-ext/0000-0000-0000-0000000000c7.manifest")); manifest.printProcessedData(); break; } diff --git a/simulatordaemon/src/TAInstance.cpp b/simulatordaemon/src/TAInstance.cpp index afa5ad7..15da04e 100644 --- a/simulatordaemon/src/TAInstance.cpp +++ b/simulatordaemon/src/TAInstance.cpp @@ -26,6 +26,7 @@ *-----------------------------------------------------------------------------*/ #include "TAInstance.h" #include "ResponseCommands/ResMakeCommand.h" +#include /*----------------------------------------------------------------------------- * Member functions diff --git a/ssflib/dep/swdss/source/secure_file.cpp b/ssflib/dep/swdss/source/secure_file.cpp index 96c89e7..c2de76f 100644 --- a/ssflib/dep/swdss/source/secure_file.cpp +++ b/ssflib/dep/swdss/source/secure_file.cpp @@ -1705,7 +1705,7 @@ int secure_file::get_data_name(char* data_name, int maxlen, bool is_dir) { char* ptr = data_name; int remain = maxlen; - strncpy(ptr, TEE_TASTORE_ROOT, remain); + strncpy(ptr, TEE_SS_ROOT, remain); if (ptr[remain - 1] != '\0') return -1; ptr += strlen(ptr); diff --git a/ssflib/src/ssf_client.cpp b/ssflib/src/ssf_client.cpp index edec1cc..8094a29 100644 --- a/ssflib/src/ssf_client.cpp +++ b/ssflib/src/ssf_client.cpp @@ -36,7 +36,6 @@ * MACROS *-----------------------------------------------------------------------------*/ - /*----------------------------------------------------------------------------- * local functions *-----------------------------------------------------------------------------*/ -- 2.7.4 From c6356470d4dd1ad73fbd8572c9248376c64659b9 Mon Sep 17 00:00:00 2001 From: Krzysztof Dynowski Date: Thu, 11 Jan 2018 16:37:10 +0100 Subject: [PATCH 04/16] fix SHM path, remove unused code, replace system wih boost API (for simple cases) Change-Id: I1a3e868fe11de69cae5ac6740ebe75b64ff4297e --- TEECLib/src/teec_api.c | 17 ++++---- TEECLib/src/teec_connection.c | 16 +++++--- TEEStub/PropertyAccess/TEEProperty.cpp | 2 +- TEEStub/TACommands/SharedMemoryMap.cpp | 2 +- include/include/config.h | 7 ++-- simulatordaemon/src/SimulatorDaemon.cpp | 14 ------- .../src/TABinaryManager/TABinaryManager.cpp | 45 ++++++++++++---------- 7 files changed, 48 insertions(+), 55 deletions(-) diff --git a/TEECLib/src/teec_api.c b/TEECLib/src/teec_api.c index c46c933..085f57a 100644 --- a/TEECLib/src/teec_api.c +++ b/TEECLib/src/teec_api.c @@ -32,6 +32,7 @@ #include #include #include +#include /*----------------------------------------------------------------------------- * MACROS @@ -40,7 +41,6 @@ #define PAGE_MASK (~(PAGE_SIZE - 1)) #define SHM_MAX_ID INT32_MAX -#define SHM_NAME_TEMPLATE "/teec_shm%d" #define SHM_FILE_MODE 0660 /*----------------------------------------------------------------------------- * Globals @@ -102,15 +102,13 @@ static int32_t allocateSharedMemory(TEEC_SharedMemory *shm) int res; do { - res = snprintf(shm_name, sizeof(shm_name), SHM_NAME_TEMPLATE, memKey); - + res = snprintf(shm_name, sizeof(shm_name), SHM_NAME_PREFIX "%d", memKey); if (res == sizeof(shm_name)) { LOGE(TEEC_LIB, "the shm object name is too long"); return TEEC_ERROR_GENERIC; } fd_shm = shm_open(shm_name, O_RDWR | O_CREAT | O_EXCL, SHM_FILE_MODE); - if (fd_shm >= 0) { res = fchmod(fd_shm, SHM_FILE_MODE); @@ -127,8 +125,8 @@ static int32_t allocateSharedMemory(TEEC_SharedMemory *shm) } if (errno != EEXIST) { - LOGE(TEEC_LIB, "Cannot create shared memory object, error: %s", - strerror(errno)); + LOGE(TEEC_LIB, "Cannot create shared memory object '%s', error: %s", + shm_name, strerror(errno)); return TEEC_ERROR_GENERIC; } @@ -191,15 +189,14 @@ static void freeSharedMemory(TEEC_SharedMemory *shm) return; } - ret = snprintf(shm_name, sizeof(shm_name), SHM_NAME_TEMPLATE, sharedMem_imp->shmKey); - + ret = snprintf(shm_name, sizeof(shm_name), SHM_NAME_PREFIX "%d", sharedMem_imp->shmKey); if (ret == sizeof(shm_name)) { - LOGE(TEE_STUB, "the shm object name is too long"); + LOGE(TEEC_LIB, "the shm object name is too long"); return; } if (shm_unlink(shm_name) == -1) { - LOGE(TEE_STUB, "shm_unlink failed for %s, error: %s", shm_name, + LOGE(TEEC_LIB, "shm_unlink failed for %s, error: %s", shm_name, strerror(errno)); return; } diff --git a/TEECLib/src/teec_connection.c b/TEECLib/src/teec_connection.c index a5feaa4..dbfff73 100644 --- a/TEECLib/src/teec_connection.c +++ b/TEECLib/src/teec_connection.c @@ -49,21 +49,25 @@ int32_t connecttoServer(void) { LOGD(TEEC_LIB, "Entry"); int32_t serverSocket, socklen; - size_t sock_path_len = 0; struct sockaddr *sockptr; struct sockaddr_un daemonsock; + daemonsock.sun_family = AF_UNIX; + daemonsock.sun_path[sizeof(daemonsock.sun_path)-1] = 0; + strncpy(daemonsock.sun_path, SIMDAEMON_SOCK_PATH, sizeof(daemonsock.sun_path)); + + // Check simulator socket name length is valid + if (daemonsock.sun_path[sizeof(daemonsock.sun_path)-1] != 0) { + LOGE(TEEC_LIB, "Socket name too long: ", daemonsock.sun_path); + return -1; + } + // Get socket decriptor if ((serverSocket = socket(AF_UNIX, SOCK_STREAM, 0)) == -1) { LOGE(TEEC_LIB, "No socket for simdaemon"); return -1; } - daemonsock.sun_family = AF_UNIX; - - sock_path_len = strlen(SIMDAEMON_SOCK_PATH); - strncpy(daemonsock.sun_path, SIMDAEMON_SOCK_PATH, sock_path_len + 1); - socklen = sizeof(daemonsock); sockptr = (struct sockaddr *)&daemonsock; diff --git a/TEEStub/PropertyAccess/TEEProperty.cpp b/TEEStub/PropertyAccess/TEEProperty.cpp index 1d3e1e2..d82af16 100644 --- a/TEEStub/PropertyAccess/TEEProperty.cpp +++ b/TEEStub/PropertyAccess/TEEProperty.cpp @@ -115,7 +115,7 @@ bool TEEProperty::getNextProperty() { * @return true if property file successfully read else false */ bool TEEProperty::start() { - bool ret = readPropertyFile(string(TEE_PROP_PATH)); + bool ret = readPropertyFile(TEE_PROP_PATH); currentItr = propertiesMap.begin(); return ret; } diff --git a/TEEStub/TACommands/SharedMemoryMap.cpp b/TEEStub/TACommands/SharedMemoryMap.cpp index 44e5ac4..1ee9c87 100644 --- a/TEEStub/TACommands/SharedMemoryMap.cpp +++ b/TEEStub/TACommands/SharedMemoryMap.cpp @@ -37,6 +37,7 @@ #include #include #include +#include #include "log.h" using namespace std; @@ -48,7 +49,6 @@ using namespace std; #define PAGE_MASK (~(PAGE_SIZE - 1)) #define SHM_MAX_ID INT32_MAX -#define SHM_NAME_PREFIX "/teec_shm" map SharedMemoryMap::shmMap; diff --git a/include/include/config.h b/include/include/config.h index 19c251c..07404a1 100644 --- a/include/include/config.h +++ b/include/include/config.h @@ -24,16 +24,17 @@ //this is ln -s to /usr/lib/tastore or /usr/lib64/tastore (see spec file) #define TEE_TASTORE_ROOT "/opt/tastore/" +#define TEE_SS_ROOT "/opt/tastore/" #define SIMDAEMON_SOCK_PATH "/tmp/simdaemon" //TEEStub must have write access in this directory (creating socket per TA) #define TEE_TASOCK_ROOT "/tmp/" #define TEE_TALOG_ROOT "/tmp/" -#define SHM_PATH "/tmp/shm" +// from manpages: For portable use, a shared memory object +// should be identified by a name of the form /somename +#define SHM_NAME_PREFIX "/teec_shm" #define TEE_PROP_PATH "/usr/bin/GPD_TEE_PROP" -#define TEE_SS_ROOT "/tmp/tastore2/" - #endif /* INCLUDE_CONFIG_H_ */ diff --git a/simulatordaemon/src/SimulatorDaemon.cpp b/simulatordaemon/src/SimulatorDaemon.cpp index 70dd279..a8bd820 100644 --- a/simulatordaemon/src/SimulatorDaemon.cpp +++ b/simulatordaemon/src/SimulatorDaemon.cpp @@ -31,19 +31,6 @@ /*----------------------------------------------------------------------------- * Local functions *-----------------------------------------------------------------------------*/ -/** - * Create shm file for shared memory implementation (IPC) - */ -void initializeShm() { - LOGD(SIM_DAEMON, "Entry"); - ::unlink(SHM_PATH); - int fd = creat(SHM_PATH, S_IRWXU); - if (-1 == fd) { - LOGE(SIM_DAEMON, "shm file creation failed"); - exit(0); - } - close(fd); -} /** * Starts the Simulator Daemon as server which listens for connection from @@ -109,7 +96,6 @@ int main() { try { int sockFD = getSystemdSocket(SIMDAEMON_SOCK_PATH); - //initializeShm(); if (sockFD > 0) { LOGI(SIM_DAEMON, "Using existing systemd socket %d", sockFD); SimulatorDaemonServer s(ioService::getInstance(), sockFD); diff --git a/simulatordaemon/src/TABinaryManager/TABinaryManager.cpp b/simulatordaemon/src/TABinaryManager/TABinaryManager.cpp index 18910d7..dbb6b1e 100644 --- a/simulatordaemon/src/TABinaryManager/TABinaryManager.cpp +++ b/simulatordaemon/src/TABinaryManager/TABinaryManager.cpp @@ -163,9 +163,8 @@ bool TABinaryManager::initTA(const string &uuid) { LOGD(SIM_DAEMON, "Entry"); pthread_rwlock_wrlock(&binaryMapLock); - StructBinaryInfo value; - bool res = false; StructBinaryInfo info; + bool res = false; if (boost::filesystem::exists(TEE_TASTORE_ROOT + uuid)) { pthread_mutex_lock(&taLock); @@ -207,31 +206,34 @@ void TABinaryManager::decryptImage(StructBinaryInfo& info) { myfile.close(); } + boost::filesystem::path decName = info.imagePath + "_dec"; // hash of Keydata is not required. string dec_command = "openssl enc " + cipher + " -d -nopad -nosalt -K " + secret - + " -in " + info.imagePath + " -out " + info.imagePath - + "_dec -iv 0000000000000000"; + + " -in " + info.imagePath + " -out " + decName.string() + + + " -iv 0000000000000000"; result = system(dec_command.c_str()); if (result != 0) { LOGE(SIM_DAEMON, "Image decryption failed"); } - string removeEncImage = "rm -f " + info.imagePath; - result = system(removeEncImage.c_str()); - if (result != 0) { - LOGE(SIM_DAEMON, "Post decryption operations failed"); + boost::system::error_code ec; + boost::filesystem::remove(boost::filesystem::path(info.imagePath), ec); + if (ec) { + LOGE(SIM_DAEMON, "Post decryption failed: unlink %s : %s", info.imagePath.c_str(), + ec.message()); } - string renameDecImage = "mv " + info.imagePath + "_dec " + info.imagePath; - result = system(renameDecImage.c_str()); - if (result != 0) { - LOGE(SIM_DAEMON, "Post decryption operations failed"); + boost::filesystem::rename(decName, boost::filesystem::path(info.imagePath), ec); + if (ec) { + LOGE(SIM_DAEMON, "Post decryption failed: rename %s -> %s : %s", + decName.string().c_str(), info.imagePath.c_str(), + ec.message()); } - string removeKeyHash = "rm -f " + keyhashFilename; - result = system(removeKeyHash.c_str()); - if (result != 0) { - LOGE(SIM_DAEMON, "Post decryption operations failed"); + boost::filesystem::remove(boost::filesystem::path(keyhashFilename), ec); + if (ec) { + LOGE(SIM_DAEMON, "Post decryption failed: unlink %s : %s", keyhashFilename.c_str(), + ec.message()); } } @@ -261,12 +263,15 @@ bool TABinaryManager::unpackBinary(const string &uuid, StructBinaryInfo& info) { LOGD(SIM_DAEMON, "Decrypting"); // 3. Decrypt image using secret value in manifest if (info.manifest.properties.extension.launchMode == "debug") - decryptImage(info); + decryptImage(info); - string s = "chmod +x " + info.imagePath; - int result = system(s.c_str()); + struct stat st; + int result = stat(info.imagePath.c_str(), &st); + if (result == 0) { + result = chmod(info.imagePath.c_str(), st.st_mode|S_IXUSR|S_IXGRP|S_IXOTH); + } if (result != 0) { - LOGE(SIM_DAEMON, "Unpacking executable TA failed"); + LOGE(SIM_DAEMON, "Unpacking executable TA failed: %s", strerror(errno)); } ret = true; -- 2.7.4 From c0728663605794c11644ea329c44dd136d0dc44c Mon Sep 17 00:00:00 2001 From: Krzysztof Dynowski Date: Tue, 16 Jan 2018 12:30:17 +0100 Subject: [PATCH 05/16] Initialize shared->buffer with NULL Change-Id: Ia6bf28f88d9ec05cfdb941f82687f9d061312b1e --- TEECLib/src/teec_api.c | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/TEECLib/src/teec_api.c b/TEECLib/src/teec_api.c index 085f57a..813f46d 100644 --- a/TEECLib/src/teec_api.c +++ b/TEECLib/src/teec_api.c @@ -864,6 +864,10 @@ TEEC_Result TEEC_AllocateSharedMemory(TEEC_Context *context, TEEC_ContextImp *context_imp; RegSharedMemData regmem; + if (sharedMem) { + sharedMem->buffer = NULL; + } + // Check if the Context is valid if (!context) { LOGE(TEEC_LIB, "context is NULL"); @@ -921,7 +925,6 @@ TEEC_Result TEEC_AllocateSharedMemory(TEEC_Context *context, return TEE_ERROR_OUT_OF_MEMORY; TEEC_SharedMemoryImp *sharedMem_imp = (TEEC_SharedMemoryImp *)sharedMem->imp; - sharedMem->buffer = NULL; sharedMem_imp->context = context; /* Allocate shared memory and get the Shared Memory key to be shared with -- 2.7.4 From 55abe3746c624e999f07eac5a2061f2be9019a0f Mon Sep 17 00:00:00 2001 From: Krzysztof Dynowski Date: Tue, 16 Jan 2018 15:02:25 +0100 Subject: [PATCH 06/16] Return error TEEC_ERROR_OUT_OF_MEMORY if requested size too large Change-Id: Ia1f87109c2a1444f7491489b84e0d2633c07b61e --- TEECLib/src/teec_api.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/TEECLib/src/teec_api.c b/TEECLib/src/teec_api.c index 813f46d..cb77a74 100644 --- a/TEECLib/src/teec_api.c +++ b/TEECLib/src/teec_api.c @@ -907,7 +907,7 @@ TEEC_Result TEEC_AllocateSharedMemory(TEEC_Context *context, */ if (sharedMem->size > TEEC_CONFIG_SHAREDMEM_MAX_SIZE) { LOGE(TEEC_LIB, "Shared Memory size is too large 0x%x", sharedMem->size); - return TEEC_ERROR_BAD_PARAMETERS; + return TEEC_ERROR_OUT_OF_MEMORY; } // Check if the Shared memory flags are valid -- 2.7.4 From ea0b3ea706fb26092ece1c8d3f5ad8bef22fe594 Mon Sep 17 00:00:00 2001 From: Krzysztof Dynowski Date: Tue, 16 Jan 2018 12:28:37 +0100 Subject: [PATCH 07/16] Change sock/log to /var/{run,log}, tastore/storage to /opt/usr/apps/ta_sdk/{tee,data} Change-Id: Ieb32041f41e71db5e8f6b8bf39d2287a43a5c4c7 --- CMakeLists.txt | 3 +++ include/include/config.h | 28 +++++++++++++++++----- log/CMakeLists.txt | 1 + packaging/tef-simulator.spec | 26 +++++++++++++------- simulatordaemon/CMakeLists.txt | 3 ++- .../src/TABinaryManager/TABinaryManager.cpp | 2 ++ simulatordaemon/src/TABinaryManager/TAUnpack.cpp | 2 +- simulatordaemon/src/TAFactory.cpp | 4 +++- simulatordaemon/src/TAInstance.cpp | 5 ++-- systemd/tef-simulator.socket | 2 +- 10 files changed, 56 insertions(+), 20 deletions(-) diff --git a/CMakeLists.txt b/CMakeLists.txt index d0f1ceb..5e3144b 100644 --- a/CMakeLists.txt +++ b/CMakeLists.txt @@ -49,6 +49,9 @@ ADD_DEFINITIONS("-Werror") # Make all warnings into errors. #ADD_DEFINITIONS("-Wextra") # Generate even more extra warnings ADD_DEFINITIONS("-D_ARCH_=${ARCH}") +ADD_DEFINITIONS(-DTEE_TASTORE_ROOT="${TASTORE_DIR}/") +ADD_DEFINITIONS(-DTEE_SS_ROOT="${STORAGE_DIR}/") +ADD_DEFINITIONS(-DTEE_TALOG_ROOT="${TALOG_DIR}/") # Enable tizen-specific preprocessor defines IF(DEFINED TIZEN) diff --git a/include/include/config.h b/include/include/config.h index 07404a1..a037025 100644 --- a/include/include/config.h +++ b/include/include/config.h @@ -22,14 +22,30 @@ #ifndef INCLUDE_CONFIG_H_ #define INCLUDE_CONFIG_H_ -//this is ln -s to /usr/lib/tastore or /usr/lib64/tastore (see spec file) -#define TEE_TASTORE_ROOT "/opt/tastore/" -#define TEE_SS_ROOT "/opt/tastore/" +#ifndef TEE_TASTORE_ROOT +//keep in sync ln -s to /usr/lib/tastore or /usr/lib64/tastore in packaging/tef-simulator.spec +#if _ARCH_ == 32 + #define TEE_TASTORE_ROOT "/opt/usr/apps/ta_sdk/tee/" +#elif _ARCH_ == 64 + #define TEE_TASTORE_ROOT "/opt/usr/apps/ta_sdk/tee64/" +#else + #error "Invalid architecture was set!" +#endif +#endif + +#ifndef TEE_SS_ROOT +#define TEE_SS_ROOT "/opt/usr/apps/ta_sdk/data/" +#endif + +#ifndef TEE_TALOG_ROOT +#define TEE_TALOG_ROOT "/var/log/ta/" +#endif + +//keep in sync with systemd/tef-simulator.socket +#define SIMDAEMON_SOCK_PATH "/var/run/simdaemon" -#define SIMDAEMON_SOCK_PATH "/tmp/simdaemon" //TEEStub must have write access in this directory (creating socket per TA) -#define TEE_TASOCK_ROOT "/tmp/" -#define TEE_TALOG_ROOT "/tmp/" +#define TEE_TASOCK_ROOT "/var/run/" // from manpages: For portable use, a shared memory object // should be identified by a name of the form /somename diff --git a/log/CMakeLists.txt b/log/CMakeLists.txt index 1a67c56..81382ec 100644 --- a/log/CMakeLists.txt +++ b/log/CMakeLists.txt @@ -24,3 +24,4 @@ SET(LOG_SOURCES ADD_LIBRARY(${TARGET_TEF_SIMULATOR_LOG} ${LOG_SOURCES}) INSTALL(TARGETS ${TARGET_TEF_SIMULATOR_LOG} DESTINATION ${LIB_DIR}) +INSTALL(DIRECTORY DESTINATION ${BUILD_ROOT}${TALOG_DIR}) diff --git a/packaging/tef-simulator.spec b/packaging/tef-simulator.spec index 83a8df9..33645b4 100644 --- a/packaging/tef-simulator.spec +++ b/packaging/tef-simulator.spec @@ -25,14 +25,19 @@ PreReq: tef-libteec %define lib_dir %{?TZ_SYS_LIB:%TZ_SYS_LIB}%{!?TZ_SYS_LIB:%_libdir} %define data_dir %{?TZ_SYS_RO_SHARE:%TZ_SYS_RO_SHARE}%{!?TZ_SYS_RO_SHARE:%_datadir} %define include_dir %{?TZ_SYS_INCLUDE:%TZ_SYS_INCLUDE}%{!?TZ_SYS_INCLUDE:%_includedir} -%define tastore_dir %{lib_dir}/tastore -%define link_tastore_dir /opt/tastore +%define link_tastore_dir %{lib_dir}/tastore +%if %{__isa_bits} == 64 +%define tastore_dir /opt/usr/apps/ta_sdk/tee64 +%else +%define tastore_dir /opt/usr/apps/ta_sdk/tee +%endif +%define storage_dir /opt/usr/apps/ta_sdk/data +%define talog_dir /var/log/ta %define build_bin_dir %{buildroot}%{bin_dir} %define build_lib_dir %{buildroot}%{lib_dir} -%define build_data_dir %{buildroot}%{data_dir} %define build_include_dir %{buildroot}%{include_dir} -%define build_tastore_dir %{buildroot}%{tastore_dir} +%define build_data_dir %{buildroot}%{data_dir} %define build_unit_dir %{buildroot}%{_unitdir} %define smack_domain_name System @@ -74,11 +79,14 @@ cp %{SOURCE1} . # cannot call cmake rpmbuild macro because of scripts removing libTEEStub.a, which is a part of devkit cmake . \ -DCMAKE_BUILD_TYPE=%{?build_type:%build_type}%{!?build_type:RELEASE} \ + -DBUILD_ROOT=%{buildroot} \ -DBIN_DIR=%{build_bin_dir} \ -DLIB_DIR=%{build_lib_dir} \ -DDATA_DIR=%{build_data_dir} \ -DINCLUDE_DIR=%{build_include_dir} \ - -DTASTORE_DIR=%{build_tastore_dir} \ + -DTASTORE_DIR=%{tastore_dir} \ + -DSTORAGE_DIR=%{storage_dir} \ + -DTALOG_DIR=%{talog_dir} \ -DSYSTEMD_UNIT_DIR=%{build_unit_dir} \ -DSYSTEMD_CFG_BIN_DIR=%{bin_dir} \ -DPKGCFG_LIB_DIR=%{lib_dir} \ @@ -97,9 +105,9 @@ cp include/include/LICENSE LICENSE.BSD %pre %post -rm -f %{link_tastore_dir} -mkdir -p %{link_tastore_dir} -rmdir %{link_tastore_dir} +systemctl stop tef-simulator +rm -rf %{link_tastore_dir} +mkdir -p `dirname %{link_tastore_dir}` ln -sf %{tastore_dir} %{link_tastore_dir} tef-update.sh simulator systemctl enable tef-simulator @@ -122,6 +130,8 @@ fi %attr(444,security_fw,security_fw) %{_unitdir}/tef-simulator.service %attr(444,security_fw,security_fw) %{_unitdir}/tef-simulator.socket %attr(755,security_fw,security_fw) %{lib_dir}/tef/simulator/libteec.so +%attr(770,root,security_fw) %{talog_dir} +%attr(770,root,security_fw) %{storage_dir} %files -n %{name}-devkit %license LICENSE diff --git a/simulatordaemon/CMakeLists.txt b/simulatordaemon/CMakeLists.txt index 0774429..e57cc44 100644 --- a/simulatordaemon/CMakeLists.txt +++ b/simulatordaemon/CMakeLists.txt @@ -104,4 +104,5 @@ TARGET_LINK_LIBRARIES(${TARGET_TEF_SIMULATOR_DAEMON} INSTALL(TARGETS ${TARGET_TEF_SIMULATOR_DAEMON} DESTINATION ${BIN_DIR}) -INSTALL(DIRECTORY DESTINATION ${TASTORE_DIR}) +INSTALL(DIRECTORY DESTINATION ${BUILD_ROOT}${TASTORE_DIR}) +INSTALL(DIRECTORY DESTINATION ${BUILD_ROOT}${STORAGE_DIR}) diff --git a/simulatordaemon/src/TABinaryManager/TABinaryManager.cpp b/simulatordaemon/src/TABinaryManager/TABinaryManager.cpp index dbb6b1e..52fba75 100644 --- a/simulatordaemon/src/TABinaryManager/TABinaryManager.cpp +++ b/simulatordaemon/src/TABinaryManager/TABinaryManager.cpp @@ -177,6 +177,8 @@ bool TABinaryManager::initTA(const string &uuid) { res = false; } pthread_mutex_unlock(&taLock); + } else { + LOGD(SIM_DAEMON, "TA not exist %s", (TEE_TASTORE_ROOT + uuid).c_str()); } pthread_rwlock_unlock(&binaryMapLock); return res; diff --git a/simulatordaemon/src/TABinaryManager/TAUnpack.cpp b/simulatordaemon/src/TABinaryManager/TAUnpack.cpp index 5279024..cce3913 100644 --- a/simulatordaemon/src/TABinaryManager/TAUnpack.cpp +++ b/simulatordaemon/src/TABinaryManager/TAUnpack.cpp @@ -73,7 +73,7 @@ int TAUnpack::unpackTA(string path, string uuid) { struct stat info; if (stat(extract_dir_path.c_str(), &info) != 0) { if (0 != mkdir(extract_dir_path.c_str(), 0777)) { - LOGE(SIM_DAEMON, "mkdir failed"); + LOGE(SIM_DAEMON, "mkdir failed %s %s", extract_dir_path.c_str(), strerror(errno)); return -1; } } diff --git a/simulatordaemon/src/TAFactory.cpp b/simulatordaemon/src/TAFactory.cpp index 0ab0067..272b912 100644 --- a/simulatordaemon/src/TAFactory.cpp +++ b/simulatordaemon/src/TAFactory.cpp @@ -422,13 +422,15 @@ bool TAFactory::launchTA(string TAUUID, std::stringstream& str, bool debug, return false; } + LOGD(SIM_DAEMON, "spawn TA %s %s", argv[0], argv[1]); // Spawn TA result = posix_spawn(&pid, argv[0], &child_fd_actions, NULL, argv, envp); if (result == 0) { LOGD(SIM_DAEMON, "TA pid: %i\n", pid); LOGD(SIM_DAEMON, "Launched Trusted Application"); } else { - LOGE(SIM_DAEMON, "Launching Trusted Application FAILED"); + ret = errno; + LOGE(SIM_DAEMON, "Launching Trusted Application FAILED %s(%d)", strerror(ret), ret); pthread_mutex_unlock(&TABin->taLock); return false; } diff --git a/simulatordaemon/src/TAInstance.cpp b/simulatordaemon/src/TAInstance.cpp index 15da04e..8eca010 100644 --- a/simulatordaemon/src/TAInstance.cpp +++ b/simulatordaemon/src/TAInstance.cpp @@ -178,9 +178,10 @@ TEEC_Result TAInstance::connecttoTA(std::stringstream& str) { unsigned long int retry_count = 0; try { boost::system::error_code error = boost::asio::error::host_not_found; - stream_protocol::endpoint ep(string(TEE_TASOCK_ROOT) + str.str()); + string tasock = string(TEE_TASOCK_ROOT) + str.str(); + stream_protocol::endpoint ep(tasock); - LOGD(SIM_DAEMON, "Connect to TEEStub %s", str.str().c_str()); + LOGD(SIM_DAEMON, "Connect to TEEStub %s", tasock.c_str()); // Try to connect to TA RETRY_COUNT number of times while (error && (retry_count < RETRY_COUNT)) { #if 0 diff --git a/systemd/tef-simulator.socket b/systemd/tef-simulator.socket index 09ecd71..f4295d2 100644 --- a/systemd/tef-simulator.socket +++ b/systemd/tef-simulator.socket @@ -1,5 +1,5 @@ [Socket] -ListenStream=/tmp/simdaemon +ListenStream=/var/run/simdaemon SocketMode=0777 SmackLabelIPIn=* SmackLabelIPOut=@ -- 2.7.4 From 3fdc864a361c0c3566a534f007e023aaa3b5d4d4 Mon Sep 17 00:00:00 2001 From: Krzysztof Dynowski Date: Tue, 13 Feb 2018 10:15:32 +0100 Subject: [PATCH 08/16] Separate extract path support Change-Id: I0741a959e01858941e3e5a23e5f032f237af2a33 --- CMakeLists.txt | 1 + TEEStub/PropertyAccess/PropertyApi.cpp | 2 +- include/include/config.h | 5 +++++ packaging/tef-simulator.spec | 3 +++ simulatordaemon/CMakeLists.txt | 1 + simulatordaemon/src/TABinaryManager/TABinaryManager.cpp | 4 ++-- simulatordaemon/src/TABinaryManager/TAUnpack.cpp | 15 ++++++++------- simulatordaemon/src/TABinaryManager/TAUnpack.h | 2 +- 8 files changed, 22 insertions(+), 11 deletions(-) diff --git a/CMakeLists.txt b/CMakeLists.txt index 5e3144b..147e771 100644 --- a/CMakeLists.txt +++ b/CMakeLists.txt @@ -50,6 +50,7 @@ ADD_DEFINITIONS("-Werror") # Make all warnings into errors. ADD_DEFINITIONS("-D_ARCH_=${ARCH}") ADD_DEFINITIONS(-DTEE_TASTORE_ROOT="${TASTORE_DIR}/") +ADD_DEFINITIONS(-DTEE_EXTRACT_ROOT="${EXTRACT_DIR}/") ADD_DEFINITIONS(-DTEE_SS_ROOT="${STORAGE_DIR}/") ADD_DEFINITIONS(-DTEE_TALOG_ROOT="${TALOG_DIR}/") diff --git a/TEEStub/PropertyAccess/PropertyApi.cpp b/TEEStub/PropertyAccess/PropertyApi.cpp index 50e3a99..da9da5e 100644 --- a/TEEStub/PropertyAccess/PropertyApi.cpp +++ b/TEEStub/PropertyAccess/PropertyApi.cpp @@ -326,7 +326,7 @@ void TEE_StartPropertyEnumerator(TEE_PropSetHandle enumerator, switch ((uintptr_t)propSet) { case TEE_PROPSET_CURRENT_TA: { newEnumHandle->property = new TAProperty( - string(TEE_TASTORE_ROOT) + thisTAUUIDGlobal + "-ext/" + string(TEE_EXTRACT_ROOT) + thisTAUUIDGlobal + "-ext/" + thisTAUUIDGlobal + ".manifest"); break; } diff --git a/include/include/config.h b/include/include/config.h index a037025..97abb4b 100644 --- a/include/include/config.h +++ b/include/include/config.h @@ -33,6 +33,10 @@ #endif #endif +#ifndef TEE_EXTRACT_ROOT +#define TEE_EXTRACT_ROOT "/opt/usr/apps/ta_sdk/extract/" +#endif + #ifndef TEE_SS_ROOT #define TEE_SS_ROOT "/opt/usr/apps/ta_sdk/data/" #endif @@ -41,6 +45,7 @@ #define TEE_TALOG_ROOT "/var/log/ta/" #endif + //keep in sync with systemd/tef-simulator.socket #define SIMDAEMON_SOCK_PATH "/var/run/simdaemon" diff --git a/packaging/tef-simulator.spec b/packaging/tef-simulator.spec index 33645b4..8cab70e 100644 --- a/packaging/tef-simulator.spec +++ b/packaging/tef-simulator.spec @@ -32,6 +32,7 @@ PreReq: tef-libteec %define tastore_dir /opt/usr/apps/ta_sdk/tee %endif %define storage_dir /opt/usr/apps/ta_sdk/data +%define extract_dir /opt/usr/apps/ta_sdk/extract %define talog_dir /var/log/ta %define build_bin_dir %{buildroot}%{bin_dir} @@ -85,6 +86,7 @@ cmake . \ -DDATA_DIR=%{build_data_dir} \ -DINCLUDE_DIR=%{build_include_dir} \ -DTASTORE_DIR=%{tastore_dir} \ + -DEXTRACT_DIR=%{extract_dir} \ -DSTORAGE_DIR=%{storage_dir} \ -DTALOG_DIR=%{talog_dir} \ -DSYSTEMD_UNIT_DIR=%{build_unit_dir} \ @@ -132,6 +134,7 @@ fi %attr(755,security_fw,security_fw) %{lib_dir}/tef/simulator/libteec.so %attr(770,root,security_fw) %{talog_dir} %attr(770,root,security_fw) %{storage_dir} +%attr(770,root,security_fw) %{extract_dir} %files -n %{name}-devkit %license LICENSE diff --git a/simulatordaemon/CMakeLists.txt b/simulatordaemon/CMakeLists.txt index e57cc44..f330065 100644 --- a/simulatordaemon/CMakeLists.txt +++ b/simulatordaemon/CMakeLists.txt @@ -105,4 +105,5 @@ TARGET_LINK_LIBRARIES(${TARGET_TEF_SIMULATOR_DAEMON} INSTALL(TARGETS ${TARGET_TEF_SIMULATOR_DAEMON} DESTINATION ${BIN_DIR}) INSTALL(DIRECTORY DESTINATION ${BUILD_ROOT}${TASTORE_DIR}) +INSTALL(DIRECTORY DESTINATION ${BUILD_ROOT}${EXTRACT_DIR}) INSTALL(DIRECTORY DESTINATION ${BUILD_ROOT}${STORAGE_DIR}) diff --git a/simulatordaemon/src/TABinaryManager/TABinaryManager.cpp b/simulatordaemon/src/TABinaryManager/TABinaryManager.cpp index 52fba75..c609831 100644 --- a/simulatordaemon/src/TABinaryManager/TABinaryManager.cpp +++ b/simulatordaemon/src/TABinaryManager/TABinaryManager.cpp @@ -252,11 +252,11 @@ void TABinaryManager::decryptImage(StructBinaryInfo& info) { bool TABinaryManager::unpackBinary(const string &uuid, StructBinaryInfo& info) { TAUnpack* unpacker = TAUnpack::getInstance(); bool ret = false; - if (0 == unpacker->unpackTA(string(TEE_TASTORE_ROOT), uuid)) { + if (0 == unpacker->unpackTA(TEE_TASTORE_ROOT, uuid)) { LOGD(SIM_DAEMON, "Unpacked, filling info"); // 1. Set binary info info.path = string(TEE_TASTORE_ROOT) + uuid; - info.extractpath = string(TEE_TASTORE_ROOT) + uuid + "-ext/"; + info.extractpath = string(TEE_EXTRACT_ROOT) + uuid + "-ext/"; info.imagePath = info.extractpath + uuid + ".image"; info.manifestPath = info.extractpath + uuid + ".manifest"; // 2. Parse manifest and store results diff --git a/simulatordaemon/src/TABinaryManager/TAUnpack.cpp b/simulatordaemon/src/TABinaryManager/TAUnpack.cpp index cce3913..28c906a 100644 --- a/simulatordaemon/src/TABinaryManager/TAUnpack.cpp +++ b/simulatordaemon/src/TABinaryManager/TAUnpack.cpp @@ -61,15 +61,13 @@ TAUnpack* TAUnpack::getInstance() { * @param uuid uuid of package * @return -1 on error otherwise 0 */ -int TAUnpack::unpackTA(string path, string uuid) { +int TAUnpack::unpackTA(const string& path, const string& uuid) { LOGD(SIM_DAEMON, ""); TAPackageHeaderV2 packageHeader; memset(&packageHeader, 0, sizeof(TAPackageHeaderV2)); - // Open file - string path_to_file = path + uuid; - ifstream tapackage(path_to_file.c_str(), ios::in | ios::binary); - // Create directory for UUID - string extract_dir_path = path + uuid + "-ext/"; + + // Create directory for TA extracted files + string extract_dir_path = TEE_EXTRACT_ROOT + uuid + "-ext/"; struct stat info; if (stat(extract_dir_path.c_str(), &info) != 0) { if (0 != mkdir(extract_dir_path.c_str(), 0777)) { @@ -78,8 +76,11 @@ int TAUnpack::unpackTA(string path, string uuid) { } } + // Open TA package file + string path_to_file = path + uuid; + ifstream tapackage(path_to_file.c_str(), ios::in | ios::binary); if (!tapackage.is_open()) { - LOGE(SIM_DAEMON, "Already open - failed"); + LOGE(SIM_DAEMON, "Cannot open ta: %s", path_to_file.c_str()); return -1; //> unable to open file } // 1. Read header diff --git a/simulatordaemon/src/TABinaryManager/TAUnpack.h b/simulatordaemon/src/TABinaryManager/TAUnpack.h index a598e0a..b701d67 100644 --- a/simulatordaemon/src/TABinaryManager/TAUnpack.h +++ b/simulatordaemon/src/TABinaryManager/TAUnpack.h @@ -78,7 +78,7 @@ private: unsigned int paddedSize); public: static TAUnpack* getInstance(); - int unpackTA(string path, string uuid); + int unpackTA(const string& path, const string& uuid); virtual ~TAUnpack(); }; -- 2.7.4 From 03b793c1505364376be9148fecea5b3faab49b21 Mon Sep 17 00:00:00 2001 From: Krzysztof Dynowski Date: Tue, 13 Feb 2018 10:15:32 +0100 Subject: [PATCH 09/16] Fix TA file names, remove dash (-) Change-Id: Iec46e9fd2012b1e2c7c135b139db27c937b2f7b3 --- simulatordaemon/src/TABinaryManager/TestMain.cpp | 18 +++++++++--------- 1 file changed, 9 insertions(+), 9 deletions(-) diff --git a/simulatordaemon/src/TABinaryManager/TestMain.cpp b/simulatordaemon/src/TABinaryManager/TestMain.cpp index b0b322a..0882888 100644 --- a/simulatordaemon/src/TABinaryManager/TestMain.cpp +++ b/simulatordaemon/src/TABinaryManager/TestMain.cpp @@ -50,7 +50,7 @@ int test_main() { // Unpack TA case 1: { TAUnpack *unpacker = TAUnpack::getInstance(); - unpacker->unpackTA(TEE_TASTORE_ROOT, "0000-0000-0000-0000000000c7"); + unpacker->unpackTA(TEE_TASTORE_ROOT, "0000000000000000000000c7"); break; } // Manifest test @@ -58,7 +58,7 @@ int test_main() { TAManifest manifest; manifest.processXML( string( - TEE_TASTORE_ROOT"0000-0000-0000-0000000000c7-ext/0000-0000-0000-0000000000c7.manifest")); + TEE_EXTRACT_ROOT"0000000000000000000000c7-ext/0000000000000000000000c7.manifest")); manifest.printProcessedData(); break; } @@ -72,15 +72,15 @@ int test_main() { std::cout << "[SIM_DAEMON] Binary Manager successfully initialized" << std::endl; std::cout - << "[SIM_DAEMON] Image Path of 0000-0000-0000-0000000000c7: " - << bm->getImagePath("0000-0000-0000-0000000000c7") << std::endl; + << "[SIM_DAEMON] Image Path of 0000000000000000000000c7: " + << bm->getImagePath("0000000000000000000000c7") << std::endl; std::cout - << "[SIM_DAEMON] Image Path of 0000-0000-0000-0000001234d5: " - << bm->getImagePath("0000-0000-0000-0000001234d5") << std::endl; + << "[SIM_DAEMON] Image Path of 0000000000000000001234d5: " + << bm->getImagePath("0000000000000000001234d5") << std::endl; std::cout - << "[SIM_DAEMON] Image Path of 0000-0000-0000-0000004567c8: " - << bm->getImagePath("0000-0000-0000-0000004567c8") << std::endl; - bm->getManifest("0000-0000-0000-0000004567c8")->printProcessedData(); + << "[SIM_DAEMON] Image Path of 0000000000000000004567c8: " + << bm->getImagePath("0000000000000000004567c8") << std::endl; + bm->getManifest("0000000000000000004567c8")->printProcessedData(); break; } -- 2.7.4 From 02a289075046cb82bf001fee02c26f27fe0b791a Mon Sep 17 00:00:00 2001 From: Krzysztof Dynowski Date: Tue, 13 Feb 2018 10:17:13 +0100 Subject: [PATCH 10/16] Fix return origin in invoke command Change-Id: If392e598ff6f3accec83c639a868eb3ba895c09c --- TEECLib/src/teec_api.c | 14 ++++++++------ TEEStub/TACommands/CommandInvoke.cpp | 8 ++++---- simulatordaemon/src/ConnectionSession.cpp | 5 +---- 3 files changed, 13 insertions(+), 14 deletions(-) diff --git a/TEECLib/src/teec_api.c b/TEECLib/src/teec_api.c index cb77a74..3ceee06 100644 --- a/TEECLib/src/teec_api.c +++ b/TEECLib/src/teec_api.c @@ -1363,6 +1363,11 @@ TEEC_Result TEEC_InvokeCommand(TEEC_Session *session, uint32_t commandID, memset(tmpSharedMem, 0x0, sizeof(tmpSharedMem)); + // Set returnOrigin + if (returnOrigin) { + *returnOrigin = TEEC_ORIGIN_API; + } + // Check if Session is valid if (!session) { LOGE(TEEC_LIB, "NULL session"); @@ -1396,12 +1401,7 @@ TEEC_Result TEEC_InvokeCommand(TEEC_Session *session, uint32_t commandID, */ memset(&ic, 0x00, sizeof(InvokeCommandData)); memset(&op, 0x00, sizeof(OperationData)); - - // Set returnOrigin - if (returnOrigin) { - *returnOrigin = TEEC_ORIGIN_API; - ic.returnOrigin = *returnOrigin; - } else ic.returnOrigin = 0x00; + ic.returnOrigin = TEEC_ORIGIN_API; if (operation) { result = preProcessOperation(session, operation, &op, tmpSharedMem); @@ -1454,6 +1454,8 @@ TEEC_Result TEEC_InvokeCommand(TEEC_Session *session, uint32_t commandID, return result; } + LOGE(TEEC_LIB, "sendCommand to Simulator Daemon succes, origin=%d", ic.returnOrigin); + if (returnOrigin) *returnOrigin = ic.returnOrigin; result = ic.returnValue; diff --git a/TEEStub/TACommands/CommandInvoke.cpp b/TEEStub/TACommands/CommandInvoke.cpp index 1844bb6..0bd908a 100644 --- a/TEEStub/TACommands/CommandInvoke.cpp +++ b/TEEStub/TACommands/CommandInvoke.cpp @@ -57,19 +57,19 @@ TEE_Result CommandInvoke::execute() { bool sharedResult = true; TOGGLE_PROPERTY_ACCESS; + data.returnOrigin = TEE_ORIGIN_TEE; sharedResult = SharedMemoryMap::allocateSharedMemory(data.op); if (sharedResult) { + data.returnOrigin = TEE_ORIGIN_TRUSTED_APP; data.returnValue = TA_InvokeCommandEntryPoint(sessionContext, data.commandID, data.op.paramTypes, data.op.params); - LOGD(TEE_STUB, "TA_InvokeCommandEntryPoint done"); + LOGD(TEE_STUB, "TA_InvokeCommandEntryPoint done, data.origin = %d", data.returnOrigin); } else { - data.returnOrigin = TEE_ORIGIN_TRUSTED_APP; data.returnValue = TEE_ERROR_OUT_OF_MEMORY; } sharedResult = SharedMemoryMap::deleteSharedMemory(data.op); if (!sharedResult) { - data.returnOrigin = TEE_ORIGIN_TRUSTED_APP; - data.returnValue = TEE_ERROR_OUT_OF_MEMORY; + LOGE(TEE_STUB, "deleteSharedMemory failed"); } TOGGLE_PROPERTY_ACCESS; diff --git a/simulatordaemon/src/ConnectionSession.cpp b/simulatordaemon/src/ConnectionSession.cpp index 8fadf2f..97d7304 100644 --- a/simulatordaemon/src/ConnectionSession.cpp +++ b/simulatordaemon/src/ConnectionSession.cpp @@ -160,10 +160,7 @@ void ConnectionSession::handleRead(const boost::system::error_code& error, } //case } //switch } else { - LOGE(SIM_DAEMON, "Error in reading from CA"); - LOGE(SIM_DAEMON, "Response returned with error code %d", error.value()); - LOGE(SIM_DAEMON, "Response returned with error code %s", - error.category().name()); + LOGE(SIM_DAEMON, "Error in reading from CA %s(%d)", error.category().name(), error.value()); // Call the TEEContext object to cleanup FinalizeContextData data; data.contextID = 0; -- 2.7.4 From 5da48e810589e93c7d7487e567af46b6ab93470b Mon Sep 17 00:00:00 2001 From: Krzysztof Dynowski Date: Wed, 14 Feb 2018 14:07:58 +0100 Subject: [PATCH 11/16] Embedded path configuration Change-Id: I7ae530892a878a5009cab75e0610056c42f4ce59 --- include/include/config.h | 2 + .../src/TABinaryManager/TABinaryManager.cpp | 56 ++++++++++++++-------- .../src/TABinaryManager/TABinaryManager.h | 2 +- simulatordaemon/src/TABinaryManager/TAUnpack.cpp | 20 +++++--- 4 files changed, 52 insertions(+), 28 deletions(-) diff --git a/include/include/config.h b/include/include/config.h index 97abb4b..e10eb5c 100644 --- a/include/include/config.h +++ b/include/include/config.h @@ -33,6 +33,8 @@ #endif #endif +#define TEE_EMBEDDED_TASTORE_ROOT "/usr/apps/tee/" + #ifndef TEE_EXTRACT_ROOT #define TEE_EXTRACT_ROOT "/opt/usr/apps/ta_sdk/extract/" #endif diff --git a/simulatordaemon/src/TABinaryManager/TABinaryManager.cpp b/simulatordaemon/src/TABinaryManager/TABinaryManager.cpp index c609831..1a37cfb 100644 --- a/simulatordaemon/src/TABinaryManager/TABinaryManager.cpp +++ b/simulatordaemon/src/TABinaryManager/TABinaryManager.cpp @@ -36,6 +36,8 @@ #include #include #include + +namespace fs = boost::filesystem; /*----------------------------------------------------------------------------- * Globals *-----------------------------------------------------------------------------*/ @@ -162,24 +164,38 @@ TABinaryManager* TABinaryManager::getInstance() { bool TABinaryManager::initTA(const string &uuid) { LOGD(SIM_DAEMON, "Entry"); - pthread_rwlock_wrlock(&binaryMapLock); + string tapath; + const char * paths[] = { TEE_TASTORE_ROOT, TEE_EMBEDDED_TASTORE_ROOT, NULL }; + + for (int i = 0; paths[i] != NULL; ++i) { + if (*paths[i] == '\0') continue; // ignore empty paths + string path_to_file = paths[i] + uuid; + boost::system::error_code ec; + if (fs::exists(path_to_file, ec)) { + tapath = paths[i]; + break; + } + } + + if (tapath.empty()) { + LOGE(SIM_DAEMON, "Cannot find TA: %s", uuid.c_str()); + return false; + } + StructBinaryInfo info; bool res = false; - if (boost::filesystem::exists(TEE_TASTORE_ROOT + uuid)) { - pthread_mutex_lock(&taLock); - try { - if (unpackBinary(uuid, info)) { - binaryMap[uuid] = info; - res = true; - } - } catch (...) { - res = false; + pthread_rwlock_wrlock(&binaryMapLock); + pthread_mutex_lock(&taLock); + try { + if (unpackBinary(uuid, tapath, info)) { + binaryMap[uuid] = info; + res = true; } - pthread_mutex_unlock(&taLock); - } else { - LOGD(SIM_DAEMON, "TA not exist %s", (TEE_TASTORE_ROOT + uuid).c_str()); + } catch (...) { + res = false; } + pthread_mutex_unlock(&taLock); pthread_rwlock_unlock(&binaryMapLock); return res; } @@ -208,7 +224,7 @@ void TABinaryManager::decryptImage(StructBinaryInfo& info) { myfile.close(); } - boost::filesystem::path decName = info.imagePath + "_dec"; + fs::path decName = info.imagePath + "_dec"; // hash of Keydata is not required. string dec_command = "openssl enc " + cipher + " -d -nopad -nosalt -K " + secret + " -in " + info.imagePath + " -out " + decName.string() + @@ -219,20 +235,20 @@ void TABinaryManager::decryptImage(StructBinaryInfo& info) { } boost::system::error_code ec; - boost::filesystem::remove(boost::filesystem::path(info.imagePath), ec); + fs::remove(fs::path(info.imagePath), ec); if (ec) { LOGE(SIM_DAEMON, "Post decryption failed: unlink %s : %s", info.imagePath.c_str(), ec.message()); } - boost::filesystem::rename(decName, boost::filesystem::path(info.imagePath), ec); + fs::rename(decName, fs::path(info.imagePath), ec); if (ec) { LOGE(SIM_DAEMON, "Post decryption failed: rename %s -> %s : %s", decName.string().c_str(), info.imagePath.c_str(), ec.message()); } - boost::filesystem::remove(boost::filesystem::path(keyhashFilename), ec); + fs::remove(fs::path(keyhashFilename), ec); if (ec) { LOGE(SIM_DAEMON, "Post decryption failed: unlink %s : %s", keyhashFilename.c_str(), ec.message()); @@ -249,13 +265,13 @@ void TABinaryManager::decryptImage(StructBinaryInfo& info) { * It is very important to check for return value from this function. */ -bool TABinaryManager::unpackBinary(const string &uuid, StructBinaryInfo& info) { +bool TABinaryManager::unpackBinary(const string &uuid, const string& tapath, StructBinaryInfo& info) { TAUnpack* unpacker = TAUnpack::getInstance(); bool ret = false; - if (0 == unpacker->unpackTA(TEE_TASTORE_ROOT, uuid)) { + if (0 == unpacker->unpackTA(tapath, uuid)) { LOGD(SIM_DAEMON, "Unpacked, filling info"); // 1. Set binary info - info.path = string(TEE_TASTORE_ROOT) + uuid; + info.path = tapath + uuid; info.extractpath = string(TEE_EXTRACT_ROOT) + uuid + "-ext/"; info.imagePath = info.extractpath + uuid + ".image"; info.manifestPath = info.extractpath + uuid + ".manifest"; diff --git a/simulatordaemon/src/TABinaryManager/TABinaryManager.h b/simulatordaemon/src/TABinaryManager/TABinaryManager.h index 108fff0..b2b471d 100644 --- a/simulatordaemon/src/TABinaryManager/TABinaryManager.h +++ b/simulatordaemon/src/TABinaryManager/TABinaryManager.h @@ -64,7 +64,7 @@ private: // map < string uuid, StructBinaryInfo> map binaryMap; TABinaryManager(); - bool unpackBinary(const string &uuid, StructBinaryInfo& info); + bool unpackBinary(const string &uuid, const string& tapath, StructBinaryInfo& info); template std::string IntToHex(T i, int width = sizeof(T) * 2) { std::stringstream stream; diff --git a/simulatordaemon/src/TABinaryManager/TAUnpack.cpp b/simulatordaemon/src/TABinaryManager/TAUnpack.cpp index 28c906a..bda56dc 100644 --- a/simulatordaemon/src/TABinaryManager/TAUnpack.cpp +++ b/simulatordaemon/src/TABinaryManager/TAUnpack.cpp @@ -28,14 +28,17 @@ #include #include #include +#include #include #include #include #include #include +#include #include using namespace std; +namespace fs = boost::filesystem; /*----------------------------------------------------------------------------- * Globals @@ -66,14 +69,17 @@ int TAUnpack::unpackTA(const string& path, const string& uuid) { TAPackageHeaderV2 packageHeader; memset(&packageHeader, 0, sizeof(TAPackageHeaderV2)); - // Create directory for TA extracted files + // Re-create directory for TA extracted files string extract_dir_path = TEE_EXTRACT_ROOT + uuid + "-ext/"; - struct stat info; - if (stat(extract_dir_path.c_str(), &info) != 0) { - if (0 != mkdir(extract_dir_path.c_str(), 0777)) { - LOGE(SIM_DAEMON, "mkdir failed %s %s", extract_dir_path.c_str(), strerror(errno)); - return -1; - } + boost::system::error_code ec; + fs::remove_all(extract_dir_path, ec); + if (ec != 0){ + LOGE(SIM_DAEMON, "remove_all failed %s %s (trying to continue)", extract_dir_path.c_str(), ec.message().c_str()); + } + fs::create_directory(extract_dir_path, ec); + if (ec != 0){ + LOGE(SIM_DAEMON, "create_directory failed %s %s", extract_dir_path.c_str(), ec.message().c_str()); + return -1; } // Open TA package file -- 2.7.4 From dca48516c434be4576e49da4ae3abf7334c845c7 Mon Sep 17 00:00:00 2001 From: Krzysztof Dynowski Date: Thu, 22 Feb 2018 12:22:18 +0100 Subject: [PATCH 12/16] Fix reset property Change-Id: I027f13e452663fe6fd1547bb64fd88026c6f42c7 --- TEEStub/PropertyAccess/PropertyApi.cpp | 11 +++++++++-- 1 file changed, 9 insertions(+), 2 deletions(-) diff --git a/TEEStub/PropertyAccess/PropertyApi.cpp b/TEEStub/PropertyAccess/PropertyApi.cpp index da9da5e..323e489 100644 --- a/TEEStub/PropertyAccess/PropertyApi.cpp +++ b/TEEStub/PropertyAccess/PropertyApi.cpp @@ -358,8 +358,15 @@ void TEE_StartPropertyEnumerator(TEE_PropSetHandle enumerator, } void TEE_ResetPropertyEnumerator(TEE_PropSetHandle enumerator) { - PropertyEnumHandle* enumeratorHandle = (PropertyEnumHandle*)enumerator; - if (enumeratorHandle->property) delete enumeratorHandle->property; + Property* targetProperty = _GetTargetProperty(enumerator); + if (targetProperty != NULL + && targetProperty != teeProperty + && targetProperty != clientProperty + && targetProperty != taProperty) { + PropertyEnumHandle* enumeratorHandle = (PropertyEnumHandle*)enumerator; + delete enumeratorHandle->property; + enumeratorHandle->property = NULL; + } } /* -- 2.7.4 From 86a730c32ca1aa6dbe245d50839c18acef979b3b Mon Sep 17 00:00:00 2001 From: leejungkyuen Date: Thu, 26 Oct 2017 12:49:13 +0900 Subject: [PATCH 13/16] fix simuldaemon crash Change-Id: Ia1dcdfcefc0285b3104119c94429dcac95095ccb --- simulatordaemon/src/Session.cpp | 9 +++++++-- simulatordaemon/src/TEEContext.cpp | 1 + 2 files changed, 8 insertions(+), 2 deletions(-) diff --git a/simulatordaemon/src/Session.cpp b/simulatordaemon/src/Session.cpp index e9b84d3..adfd12e 100644 --- a/simulatordaemon/src/Session.cpp +++ b/simulatordaemon/src/Session.cpp @@ -64,7 +64,10 @@ TAInstancePtr Session::getTAInstance() { } SecurityContext Session::getSecurityContext() { - return mContext->secContext; + if (mContext != NULL) { + return mContext->secContext; + } + return SecurityContext(); } void Session::detachFromContext() { @@ -82,7 +85,9 @@ void Session::detachFromContext() { } TEEC_Result Session::writeResponse(TEE_CMD command, char* data, size_t size) { - return mContext->mConnSess->write(command, data, size); + if (mContext != NULL) + return mContext->mConnSess->write(command, data, size); + else return TEEC_ERROR_GENERIC; } /** * Session initializer. Called after Session constructor to initialize a diff --git a/simulatordaemon/src/TEEContext.cpp b/simulatordaemon/src/TEEContext.cpp index 189f918..0bcd678 100644 --- a/simulatordaemon/src/TEEContext.cpp +++ b/simulatordaemon/src/TEEContext.cpp @@ -138,6 +138,7 @@ void TEEContext::finContext(FinalizeContextData data) { CloseSessionData cdata; cdata.contextID = data.contextID; cdata.sessionID = it->first; + it->second->finalize(0); result = closeSession(cdata); if (TEE_SUCCESS != result) { LOGE(SIM_DAEMON, "Finalize Context - close session FAILED Session ID = %d\n", it->first); -- 2.7.4 From cd5a62705a98681c3c3f30a77bb4260e4beaafb5 Mon Sep 17 00:00:00 2001 From: "inho1220.kim" Date: Wed, 26 Jul 2017 16:34:00 +0900 Subject: [PATCH 14/16] Fix bug in checkTADomain function - TC TEE_core/4 is failed. (OpenSession with Invalid UUID) need to check NULL. Change-Id: I61f2996ec3443703afdafdeeb712ea8dc20fa35f --- simulatordaemon/src/TEEContext.cpp | 8 +++++++- 1 file changed, 7 insertions(+), 1 deletion(-) diff --git a/simulatordaemon/src/TEEContext.cpp b/simulatordaemon/src/TEEContext.cpp index 0bcd678..0cbdaed 100644 --- a/simulatordaemon/src/TEEContext.cpp +++ b/simulatordaemon/src/TEEContext.cpp @@ -381,6 +381,7 @@ TEEC_Result TEEContext::openTASession(IntTAOpenSessionData data) { memcpy(&sdata.uuid, &data.destination, sizeof(TEEC_UUID)); result = checkTADomain(data); + if (TEEC_SUCCESS != result) { data.returnValue = result; @@ -559,7 +560,7 @@ TEEC_Result TEEContext::releaseSharedMemory(RelSharedMemData data) { } TEEC_Result TEEContext::checkTADomain(IntTAOpenSessionData data) { - TEEC_Result result = TEEC_ERROR_GENERIC; + TEEC_Result result = TEEC_ERROR_ACCESS_DENIED; LOGD(SIM_DAEMON, "Entry"); @@ -589,6 +590,11 @@ TEEC_Result TEEContext::checkTADomain(IntTAOpenSessionData data) { dstTAManifest = TABin->getManifest(dest_uuid); srcTAManifest = TABin->getManifest(source_uuid); + if(srcTAManifest == NULL || dstTAManifest == NULL) { + LOGE(SIM_DAEMON, "Can`t find TA Manifest - source_uuid(%s), destination_uuid(%s)", source_uuid.c_str(), dest_uuid.c_str()); + return TEEC_ERROR_ACCESS_DENIED; + } + srcCreateDomain = srcTAManifest->policy.protectionDomain.createDomain; dstAllowedDomainCount = dstTAManifest->policy.protectionDomain.allowedDomain.size(); -- 2.7.4 From 367408b570327d86b191ee822cd46ec1b5e4f82b Mon Sep 17 00:00:00 2001 From: Krzysztof Dynowski Date: Thu, 22 Feb 2018 15:47:20 +0100 Subject: [PATCH 15/16] Fix return origin in open command Change-Id: Iddc7ede6fe28fee099a0e33bb2e786461266fffc --- TEECLib/src/teec_api.c | 12 ++++++------ TEEStub/TACommands/CommandOpenSession.cpp | 6 +++--- 2 files changed, 9 insertions(+), 9 deletions(-) diff --git a/TEECLib/src/teec_api.c b/TEECLib/src/teec_api.c index 3ceee06..cd887ad 100644 --- a/TEECLib/src/teec_api.c +++ b/TEECLib/src/teec_api.c @@ -1098,6 +1098,11 @@ TEEC_Result TEEC_OpenSession(TEEC_Context *context, TEEC_Session *session, memset(tmpSharedMem, 0x0, sizeof(tmpSharedMem)); + // Set returnOrigin + if (returnOrigin) { + *returnOrigin = TEEC_ORIGIN_API; + } + // Check if the context, session and UUID is valid if (!session || !context || !destination) { LOGE(TEEC_LIB, "Invalid input parameters"); @@ -1123,12 +1128,7 @@ TEEC_Result TEEC_OpenSession(TEEC_Context *context, TEEC_Session *session, */ memset(&os, 0x00, sizeof(OpenSessionData)); memset(&op, 0x00, sizeof(OperationData)); - - // Set returnOrigin - if (returnOrigin) { - *returnOrigin = TEEC_ORIGIN_API; - os.returnOrigin = *returnOrigin; - } else os.returnOrigin = 0x00; + os.returnOrigin = TEEC_ORIGIN_API; // Update Context ID os.contextID = context_imp->contextID; diff --git a/TEEStub/TACommands/CommandOpenSession.cpp b/TEEStub/TACommands/CommandOpenSession.cpp index 4d24654..7a8eddb 100644 --- a/TEEStub/TACommands/CommandOpenSession.cpp +++ b/TEEStub/TACommands/CommandOpenSession.cpp @@ -52,19 +52,19 @@ TEE_Result CommandOpenSession::execute() { // If param. type is of memory reference type then allocate shared memory bool sharedResult = true; TOGGLE_PROPERTY_ACCESS; + data.returnOrigin = TEE_ORIGIN_TEE; sharedResult = SharedMemoryMap::allocateSharedMemory(data.op); if (sharedResult) { + data.returnOrigin = TEE_ORIGIN_TRUSTED_APP; data.returnValue = TA_OpenSessionEntryPoint(data.op.paramTypes, data.op.params, &sessionContext); LOGD(TEE_STUB, "TA_OpenSessionEntryPoint done"); } else { - data.returnOrigin = TEE_ORIGIN_TRUSTED_APP; data.returnValue = TEE_ERROR_OUT_OF_MEMORY; } sharedResult = SharedMemoryMap::deleteSharedMemory(data.op); if (!sharedResult) { - data.returnOrigin = TEE_ORIGIN_TRUSTED_APP; - data.returnValue = TEE_ERROR_OUT_OF_MEMORY; + LOGE(TEE_STUB, "deleteSharedMemory failed"); } TOGGLE_PROPERTY_ACCESS; return data.returnValue; -- 2.7.4 From 2fe168c38a00a38c7339b8824b97880ce979b76c Mon Sep 17 00:00:00 2001 From: Krzysztof Dynowski Date: Thu, 15 Feb 2018 13:13:27 +0100 Subject: [PATCH 16/16] Downloadable TA support Change-Id: Ic80740993dd815b6acffd42241046f934249ae03 --- include/include/config.h | 1 + simulatordaemon/inc/SecurityContext.h | 2 -- simulatordaemon/src/SecurityContext.cpp | 1 - simulatordaemon/src/TABinaryManager/TABinaryManager.cpp | 17 ++++++++++------- 4 files changed, 11 insertions(+), 10 deletions(-) diff --git a/include/include/config.h b/include/include/config.h index e10eb5c..32c8bf3 100644 --- a/include/include/config.h +++ b/include/include/config.h @@ -34,6 +34,7 @@ #endif #define TEE_EMBEDDED_TASTORE_ROOT "/usr/apps/tee/" +#define TEE_DOWNLOADED_TA_SUFFIX "res/tee/" #ifndef TEE_EXTRACT_ROOT #define TEE_EXTRACT_ROOT "/opt/usr/apps/ta_sdk/extract/" diff --git a/simulatordaemon/inc/SecurityContext.h b/simulatordaemon/inc/SecurityContext.h index 645a110..8f1f8c7 100644 --- a/simulatordaemon/inc/SecurityContext.h +++ b/simulatordaemon/inc/SecurityContext.h @@ -29,8 +29,6 @@ #include #include -#define TA_LOCAL_PATH "/res/tee" - class SecurityContext { private: int m_connFd; diff --git a/simulatordaemon/src/SecurityContext.cpp b/simulatordaemon/src/SecurityContext.cpp index 70b867f..66d6759 100644 --- a/simulatordaemon/src/SecurityContext.cpp +++ b/simulatordaemon/src/SecurityContext.cpp @@ -95,7 +95,6 @@ bool SecurityContext::clientHasCynaraPermission(const std::string &privelege) { RETURN_UNLOCK(true, cynara_mutex); } - cynara* SecurityContext::initCynara() { int ret = -1; cynara_configuration *p_conf = nullptr; diff --git a/simulatordaemon/src/TABinaryManager/TABinaryManager.cpp b/simulatordaemon/src/TABinaryManager/TABinaryManager.cpp index 1a37cfb..7fbcb80 100644 --- a/simulatordaemon/src/TABinaryManager/TABinaryManager.cpp +++ b/simulatordaemon/src/TABinaryManager/TABinaryManager.cpp @@ -164,15 +164,18 @@ TABinaryManager* TABinaryManager::getInstance() { bool TABinaryManager::initTA(const string &uuid) { LOGD(SIM_DAEMON, "Entry"); - string tapath; - const char * paths[] = { TEE_TASTORE_ROOT, TEE_EMBEDDED_TASTORE_ROOT, NULL }; + std::vector paths; + paths.push_back(TEE_TASTORE_ROOT); + paths.push_back(TEE_EMBEDDED_TASTORE_ROOT); + paths.push_back(TEE_TASTORE_ROOT TEE_DOWNLOADED_TA_SUFFIX); - for (int i = 0; paths[i] != NULL; ++i) { - if (*paths[i] == '\0') continue; // ignore empty paths - string path_to_file = paths[i] + uuid; + string tapath; + for(auto const& p: paths) { + if (p.empty()) continue; // ignore empty paths + string path_to_file = p + uuid; boost::system::error_code ec; if (fs::exists(path_to_file, ec)) { - tapath = paths[i]; + tapath = p; break; } } @@ -269,7 +272,7 @@ bool TABinaryManager::unpackBinary(const string &uuid, const string& tapath, Str TAUnpack* unpacker = TAUnpack::getInstance(); bool ret = false; if (0 == unpacker->unpackTA(tapath, uuid)) { - LOGD(SIM_DAEMON, "Unpacked, filling info"); + LOGD(SIM_DAEMON, "Unpacked TA %s from %s", uuid.c_str(), tapath.c_str()); // 1. Set binary info info.path = tapath + uuid; info.extractpath = string(TEE_EXTRACT_ROOT) + uuid + "-ext/"; -- 2.7.4