trusty: confui: Add option to use handle prot library am: c7d8c1cc22
Original change: https://android-review.googlesource.com/c/trusty/app/confirmationui/+/2654014
Change-Id: I97f83687f2fdcb67cbffcbce2b7f1dd62302b675
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
diff --git a/rules.mk b/rules.mk
index a5b0063..98432a2 100644
--- a/rules.mk
+++ b/rules.mk
@@ -35,6 +35,13 @@
trusty/user/base/lib/tipc \
external/boringssl \
+# Enable handle prot if required
+ifeq (true,$(call TOBOOL,$(CONFIRMATIONUI_HANDLE_PROT)))
+MODULE_DEFINES += WITH_HANDLE_PROT
+MODULE_LIBRARY_DEPS += \
+ trusty/user/whitechapel/tz/base/lib/handle_prot
+endif
+
# Use the example layouts unless we have a vendor specific layout defined.
ifeq ($(CONFIRMATIONUI_LAYOUTS),)
MODULE_LIBRARY_DEPS += $(LOCAL_DIR)/examples/layouts
diff --git a/src/main.cpp b/src/main.cpp
index b6f3ad6..54adda4 100644
--- a/src/main.cpp
+++ b/src/main.cpp
@@ -16,6 +16,9 @@
#define TLOG_TAG "confirmationui"
+#ifdef WITH_HANDLE_PROT
+#include <lib/handle_prot/handle_prot.h>
+#endif
#include <lib/keymaster/keymaster.h>
#include <lib/tipc/tipc.h>
#include <lib/tipc/tipc_srv.h>
@@ -133,7 +136,19 @@
TLOGE("Shared memory too long\n");
return ERR_BAD_LEN;
}
+#ifdef WITH_HANDLE_PROT
+ rc = handle_prot_secure(shm_handle, false);
+ if (rc < 0) {
+ TLOGE("Shared memory should be non-secure, rc=%d\n", rc);
+ return rc;
+ }
+ rc = handle_prot_prot_id(shm_handle, 0);
+ if (rc < 0) {
+ TLOGE("Shared memory prot Id invalid, rc=%d.\n", rc);
+ return rc;
+ }
+#endif
void* shm_base = mmap(0, shm_len, PROT_READ | PROT_WRITE, 0, shm_handle, 0);
if (shm_base == MAP_FAILED) {
TLOGE("Failed to mmap() handle\n");
