1 /*
2 * Copyright (C) 2022 Huawei Technologies Co., Ltd.
3 * Licensed under the Mulan PSL v2.
4 * You can use this software according to the terms and conditions of the Mulan PSL v2.
5 * You may obtain a copy of Mulan PSL v2 at:
6 * http://license.coscl.org.cn/MulanPSL2
7 * THIS SOFTWARE IS PROVIDED ON AN "AS IS" BASIS, WITHOUT WARRANTIES OF ANY KIND, EITHER EXPRESS OR
8 * IMPLIED, INCLUDING BUT NOT LIMITED TO NON-INFRINGEMENT, MERCHANTABILITY OR FIT FOR A PARTICULAR
9 * PURPOSE.
10 * See the Mulan PSL v2 for more details.
11 */
12 #include <string.h>
13 #include <sys/mman.h>
14 #include "ta_framework.h"
15 #include "tee_log.h"
16 #include "tee_init.h"
17 #include "tee_ext_api.h"
18 #include "tee_ss_agent_api.h"
19 #include "sfs_internal.h"
20 #include "sfs.h"
21 #include "securec.h"
22 #include "permsrv_api.h"
23 #include "ssa_helper.h"
24 #include "ssa_enumerator.h"
25 #include "tee_internal_task_pub.h"
26
27 #ifndef CMAC_DERV_MAX_DATA_IN_SIZE
28 #define CMAC_DERV_MAX_DATA_IN_SIZE 0x400UL
29 #endif
30 /* Returns a pointer to open file. Obj is an index of open files of TA. */
get_file_pointer(uint32_t sender,int32_t obj)31 file_instance_t *get_file_pointer(uint32_t sender, int32_t obj)
32 {
33 tlogd("objID: %d\n", obj);
34 client_t *client = get_sender_client(sender);
35 if (client == NULL) {
36 tloge("Illegal client\n");
37 return NULL;
38 }
39
40 if ((obj <= 0) || (obj > MAX_CLIENT_OPEN_FILES)) {
41 tloge("Object not found\n");
42 return NULL;
43 }
44
45 if (client->file_instance[obj - 1].file_link == NULL) {
46 tloge("Object not found\n");
47 return NULL;
48 }
49 if (client->file_instance[obj - 1].file_link->sfd == NULL) {
50 /* requested file has been deleted, remove this instance */
51 tloge("requested file has been deleted");
52
53 if (client->file_instance[obj - 1].file_link->link_count != 0)
54 client->file_instance[obj - 1].file_link->link_count--;
55
56 client->file_instance[obj - 1].file_link = NULL;
57
58 tloge("Object not found\n");
59 return NULL;
60 }
61
62 return (&client->file_instance[obj - 1]);
63 }
64
get_object_attr_header(struct sfd_t * sfd,uint8_t * buff,uint32_t buff_size)65 static TEE_Result get_object_attr_header(struct sfd_t *sfd, uint8_t *buff, uint32_t buff_size)
66 {
67 uint32_t count;
68 TEE_Result error = TEE_SUCCESS;
69
70 if (sfd == NULL || buff == NULL || sfd->meta_data == NULL || sfd->meta_data->file_id == NULL)
71 return TEE_ERROR_BAD_PARAMETERS;
72
73 if (buff_size < sizeof(struct saved_attr_info_t))
74 return TEE_ERROR_SHORT_BUFFER;
75
76 tlogd("arch_version=%u\n", sfd->meta_data->arch_version);
77 count = ssa_read(buff, sizeof(struct saved_attr_info_t), sfd, &error);
78 if ((count == sizeof(struct saved_attr_info_t)) && (error == TEE_SUCCESS)) {
79 sfd->attr_size = sizeof(struct saved_attr_info_t) + ((struct saved_attr_info_t *)buff)->attr_size;
80 return TEE_SUCCESS;
81 }
82
83 return error;
84 }
85
ssa_read_attr(struct sfd_t * sfd,uint8_t * vm_addr,union ssa_agent_msg * msg,file_instance_t * fpointer,struct ssa_agent_rsp * rsp)86 static TEE_Result ssa_read_attr(struct sfd_t *sfd, uint8_t *vm_addr, union ssa_agent_msg *msg,
87 file_instance_t *fpointer, struct ssa_agent_rsp *rsp)
88 {
89 uint32_t count;
90 TEE_Result ret;
91 TEE_Result error = TEE_SUCCESS;
92
93 if (sfd->meta_data->arch_version == SFS_ARCH_VERSION_SSA) {
94 count = ssa_read(vm_addr, msg->get_obj_attrs.size, fpointer->file_link->sfd, &error);
95 if ((count == msg->get_obj_attrs.size) && (error == TEE_SUCCESS)) {
96 ret = TEE_SUCCESS;
97 } else {
98 rsp->get_obj_attrs.size = 0;
99 ret = error;
100 tloge("read error:0x%x\n", error);
101 }
102 } else {
103 tloge("invalid sfs arch version %u\n", sfd->meta_data->arch_version);
104 ret = TEE_ERROR_BAD_FORMAT;
105 }
106
107 return ret;
108 }
109
judge_valid_version(struct sfd_t * sfd)110 static bool judge_valid_version(struct sfd_t *sfd)
111 {
112 (void)sfd;
113 return true;
114 }
115
ssa_create_object(union ssa_agent_msg * msg,uint32_t sndr,struct ssa_agent_rsp * rsp)116 void ssa_create_object(union ssa_agent_msg *msg, uint32_t sndr, struct ssa_agent_rsp *rsp)
117 {
118 mem_map_info_t obj_id_info = { 0 };
119 mem_map_info_t attributes_info = { 0 };
120 mem_map_info_t initial_data = { 0 };
121 struct create_obj_msg_t create_obj = { 0 };
122 TEE_Result ret;
123 char obj_id[HASH_NAME_BUFF_LEN] = { 0 };
124
125 if (rsp == NULL)
126 return;
127
128 if (msg == NULL) {
129 rsp->ret = TEE_ERROR_BAD_PARAMETERS;
130 return;
131 }
132
133 ret = create_param_mapping(msg, sndr, &obj_id_info, &attributes_info, &initial_data);
134 if (ret != TEE_SUCCESS) {
135 rsp->ret = ret;
136 goto clean;
137 }
138
139 ret = copy_and_check_file_name((char *)obj_id_info.vm_addr, obj_id_info.size, obj_id, sizeof(obj_id));
140 if (ret != TEE_SUCCESS) {
141 rsp->ret = ret;
142 goto clean;
143 }
144
145 TEE_UUID *uuid = get_sender_uuid(sndr);
146 if (uuid == NULL) {
147 tloge("uuid read fail\n");
148 rsp->ret = TEE_ERROR_GENERIC;
149 goto clean;
150 }
151
152 create_obj.attributes = attributes_info.vm_addr;
153 create_obj.attributes_len = attributes_info.size;
154 create_obj.object_id = (uintptr_t)obj_id;
155 create_obj.obj_id_len = strlen(obj_id);
156 create_obj.initial_data = initial_data.vm_addr;
157 create_obj.data_len = initial_data.size;
158 create_obj.storage_id = msg->create_obj.storage_id;
159 create_obj.flags = msg->create_obj.flags;
160
161 create_object_proc(&create_obj, sndr, uuid, rsp);
162 if (rsp->ret != TEE_SUCCESS)
163 goto clean;
164
165 if (is_enum_enable(uuid)) {
166 if (add_objinfo_into_enum_file(&create_obj, rsp->create_obj.new_size, sndr) != TEE_SUCCESS)
167 tloge("add object info into enum file failed\n");
168 }
169 clean:
170 create_param_unmapping(&obj_id_info, &attributes_info, &initial_data);
171 }
172
open_object(struct open_obj_msg_t * open_obj,const TEE_UUID * uuid,uint32_t sndr,struct ssa_agent_rsp * rsp)173 void open_object(struct open_obj_msg_t *open_obj, const TEE_UUID *uuid, uint32_t sndr, struct ssa_agent_rsp *rsp)
174 {
175 struct sfd_t *sfd = NULL;
176 TEE_Result error = TEE_ERROR_GENERIC;
177 uint32_t obj;
178
179 if (rsp == NULL)
180 return;
181
182 if (open_obj == NULL || uuid == NULL || open_obj->object_id == 0) {
183 rsp->ret = TEE_ERROR_BAD_PARAMETERS;
184 return;
185 }
186
187 meta_data_t *meta = create_meta_data((uint8_t *)(uintptr_t)open_obj->object_id, open_obj->obj_id_len,
188 open_obj->storage_id, open_obj->flags, uuid, &error, SFS_ARCH_VERSION_SSA);
189 if (meta == NULL) {
190 tloge("meta create fail\n");
191 rsp->ret = error;
192 return;
193 }
194
195 obj = open_file(meta, sndr, open_obj->flags, &sfd, &error);
196 if (error == TEE_ERROR_ITEM_NOT_FOUND) {
197 /* file nonexist, need not print error log */
198 goto out;
199 } else if ((error != TEE_SUCCESS) || (obj == 0)) {
200 tloge("open fail %x\n", error);
201 goto out;
202 }
203
204 if ((open_obj->attr_head_size != 0) && (open_obj->attr_head != 0)) {
205 error = get_object_attr_header(sfd, (uint8_t *)(uintptr_t)open_obj->attr_head, open_obj->attr_head_size);
206 if (error != TEE_SUCCESS) {
207 tloge("read attribute head fail, %x\n", error);
208 goto closeFile;
209 }
210 }
211
212 rsp->ret = TEE_SUCCESS;
213 rsp->open_obj.obj_index = obj;
214 rsp->open_obj.err = 0;
215 rsp->open_obj.new_seek_pos = sfd->seek_position;
216 rsp->open_obj.new_size = sfd->size - sfd->attr_size;
217 tlogd("objID %u opened\n", rsp->open_obj.obj_index);
218 tlogd("totalSize=%u, attr_size=%u\n", sfd->size, sfd->attr_size);
219
220 return;
221
222 closeFile:
223 close_file_from_client(sndr, obj);
224 return;
225 out:
226 free_meta_data(&meta);
227 rsp->ret = error;
228 }
229
ssa_open_object(union ssa_agent_msg * msg,uint32_t sndr,struct ssa_agent_rsp * rsp)230 void ssa_open_object(union ssa_agent_msg *msg, uint32_t sndr, struct ssa_agent_rsp *rsp)
231 {
232 mem_map_info_t obj_id_info = { 0 };
233 mem_map_info_t attributes_info = { 0 };
234 TEE_UUID *uuid = NULL;
235 struct open_obj_msg_t open_obj = { 0 };
236 TEE_Result ret;
237 char obj_id[HASH_NAME_BUFF_LEN] = { 0 };
238
239 if (rsp == NULL)
240 return;
241
242 if (msg == NULL) {
243 rsp->ret = TEE_ERROR_BAD_PARAMETERS;
244 return;
245 }
246
247 uuid = get_sender_uuid(sndr);
248 if (uuid == NULL) {
249 tloge("uuid read fail\n");
250 rsp->ret = TEE_ERROR_GENERIC;
251 return;
252 }
253
254 ret = open_param_mapping(msg, sndr, &obj_id_info, &attributes_info);
255 if (ret != TEE_SUCCESS) {
256 rsp->ret = ret;
257 goto clean;
258 }
259
260 ret = copy_and_check_file_name((char *)obj_id_info.vm_addr, obj_id_info.size, obj_id, sizeof(obj_id));
261 if (ret != TEE_SUCCESS) {
262 rsp->ret = ret;
263 goto clean;
264 }
265
266 open_obj.attr_head = attributes_info.vm_addr;
267 open_obj.attr_head_size = attributes_info.size;
268 open_obj.storage_id = msg->open_obj.storage_id;
269 open_obj.flags = msg->open_obj.flags;
270 open_obj.object_id = (uintptr_t)obj_id;
271 open_obj.obj_id_len = strlen(obj_id);
272 open_object(&open_obj, uuid, sndr, rsp);
273
274 clean:
275 open_param_unmapping(&obj_id_info, &attributes_info);
276 }
277
ssa_get_objects_attrinfo(const union ssa_agent_msg * msg,uint32_t sndr,mem_map_info_t * attr_info,file_instance_t ** fpointer)278 static TEE_Result ssa_get_objects_attrinfo(const union ssa_agent_msg *msg, uint32_t sndr,
279 mem_map_info_t *attr_info, file_instance_t **fpointer)
280 {
281 int32_t obj;
282
283 obj = (int32_t)msg->get_obj_attrs.obj_index;
284
285 *fpointer = get_file_pointer(sndr, obj);
286
287 if (((*fpointer) == NULL) || (((*fpointer)->file_link) == NULL) ||
288 ((*fpointer)->file_link->sfd == NULL)) {
289 tloge("get session Fail\n");
290 return TEE_ERROR_BAD_PARAMETERS;
291 }
292
293 attr_info->vm_addr = 0;
294 attr_info->size = msg->get_obj_attrs.size;
295 attr_info->mapped = false;
296
297 if (ssa_map_from_task(sndr, msg->get_obj_attrs.buffer, msg->get_obj_attrs.size,
298 g_ssagent_handle, &attr_info->vm_addr) != 0) {
299 tloge("map objectAttrs from 0x%x fail\n", sndr);
300 return TEE_ERROR_GENERIC;
301 }
302
303 attr_info->mapped = true;
304
305 return TEE_SUCCESS;
306 }
307
ssa_get_object_attr(union ssa_agent_msg * msg,uint32_t sndr,struct ssa_agent_rsp * rsp)308 void ssa_get_object_attr(union ssa_agent_msg *msg, uint32_t sndr, struct ssa_agent_rsp *rsp)
309 {
310 TEE_Result ret;
311 mem_map_info_t obj_attr_info;
312 struct sfd_t *sfd = NULL;
313 file_instance_t *fpointer = NULL;
314
315 if (rsp == NULL)
316 return;
317
318 if (msg == NULL || msg->get_obj_attrs.buffer == 0) {
319 tloge("invalid msg or buffer!\n");
320 rsp->ret = TEE_ERROR_BAD_PARAMETERS;
321 return;
322 }
323
324 /* get objects will map buffer */
325 ret = ssa_get_objects_attrinfo(msg, sndr, &obj_attr_info, &fpointer);
326 if (ret != TEE_SUCCESS) {
327 rsp->ret = ret;
328 return;
329 }
330
331 sfd = fpointer->file_link->sfd;
332 if (sfd->meta_data == NULL) {
333 tloge("meta_data is null\n");
334 rsp->ret = TEE_ERROR_BAD_PARAMETERS;
335 goto clean;
336 }
337
338 rsp->ret = ssa_read_attr(sfd, (uint8_t *)obj_attr_info.vm_addr, msg, fpointer, rsp);
339
340 clean:
341 ssa_unmap_from_task(g_ssagent_handle, obj_attr_info.vm_addr, obj_attr_info.size, obj_attr_info.mapped);
342 }
343
ssa_write_obj_params_check(const union ssa_agent_msg * msg,uint32_t sndr,struct ssa_agent_rsp * rsp,TEE_UUID ** uuid,file_instance_t ** fpointer)344 static TEE_Result ssa_write_obj_params_check(const union ssa_agent_msg *msg, uint32_t sndr,
345 struct ssa_agent_rsp *rsp, TEE_UUID **uuid, file_instance_t **fpointer)
346 {
347 int32_t obj;
348
349 if (rsp == NULL)
350 return TEE_ERROR_BAD_PARAMETERS;
351
352 if (msg == NULL) {
353 rsp->ret = TEE_ERROR_BAD_PARAMETERS;
354 return TEE_ERROR_BAD_PARAMETERS;
355 }
356
357 if (msg->write_obj.buffer == 0) {
358 rsp->ret = TEE_ERROR_BAD_PARAMETERS;
359 return TEE_ERROR_BAD_PARAMETERS;
360 }
361
362 *uuid = get_sender_uuid(sndr);
363 if (*uuid == NULL) {
364 tloge("write object uuid read fail\n");
365 rsp->ret = TEE_ERROR_GENERIC;
366 return TEE_ERROR_GENERIC;
367 }
368
369 if (msg->write_obj.len > MAX_FILE_SIZE) {
370 tloge("write count is too big\n");
371 rsp->ret = TEE_ERROR_BAD_PARAMETERS;
372 return TEE_ERROR_BAD_PARAMETERS;
373 }
374
375 obj = (int32_t)msg->write_obj.obj_index;
376
377 *fpointer = get_file_pointer(sndr, obj);
378 if (((*fpointer) == NULL) || ((*fpointer)->file_link == NULL) || ((*fpointer)->file_link->sfd == NULL)) {
379 tloge("get session Fail\n");
380 rsp->ret = TEE_ERROR_BAD_PARAMETERS;
381 return TEE_ERROR_BAD_PARAMETERS;
382 }
383
384 return TEE_SUCCESS;
385 }
386
ssa_write_object_data(mem_map_info_t write_info,const union ssa_agent_msg * msg,struct sfd_t * sfd)387 static TEE_Result ssa_write_object_data(mem_map_info_t write_info, const union ssa_agent_msg *msg,
388 struct sfd_t *sfd)
389 {
390 uint32_t ret;
391 TEE_Result error = TEE_SUCCESS;
392
393 ret = ssa_write((uint8_t *)write_info.vm_addr, msg->write_obj.len, sfd, &error);
394 if ((ret != msg->write_obj.len) || (error != TEE_SUCCESS)) {
395 tloge("write fail ret 0x%x err 0x%x\n", ret, error);
396 return error;
397 }
398
399 if (sfd->need_update_hmac) {
400 sfd->need_update_hmac = false;
401
402 error = ssa_write_mac(sfd);
403 if (error != TEE_SUCCESS) {
404 tloge("write mac fail 0x%x", error);
405 return error;
406 }
407 }
408
409 return TEE_SUCCESS;
410 }
411
ssa_write_object(union ssa_agent_msg * msg,uint32_t sndr,struct ssa_agent_rsp * rsp)412 void ssa_write_object(union ssa_agent_msg *msg, uint32_t sndr, struct ssa_agent_rsp *rsp)
413 {
414 uint32_t ret;
415 mem_map_info_t write_buffer_info;
416 struct sfd_t *sfd = NULL;
417 TEE_UUID *uuid = NULL;
418 file_instance_t *fpointer = NULL;
419
420 ret = ssa_write_obj_params_check(msg, sndr, rsp, &uuid, &fpointer);
421 if (ret != TEE_SUCCESS)
422 return;
423
424 sfd = fpointer->file_link->sfd;
425 sfd->seek_position = fpointer->seek_position;
426 tlogd("set seek:%u\n", sfd->seek_position);
427
428 if ((sfd->flags & TEE_DATA_FLAG_ACCESS_WRITE) == 0) {
429 tloge("access conflict %x\n", sfd->flags);
430 rsp->ret = TEE_ERROR_ACCESS_CONFLICT;
431 return;
432 }
433
434 write_buffer_info.vm_addr = 0;
435 write_buffer_info.size = msg->write_obj.len;
436 write_buffer_info.mapped = false;
437
438 if (ssa_map_from_task(sndr, msg->write_obj.buffer, msg->write_obj.len,
439 g_ssagent_handle, &write_buffer_info.vm_addr) != 0) {
440 tloge("map writeBuffer from 0x%x fail\n", sndr);
441 rsp->ret = TEE_ERROR_GENERIC;
442 return;
443 }
444
445 write_buffer_info.mapped = true;
446 ret = ssa_write_object_data(write_buffer_info, msg, sfd);
447 if (ret != TEE_SUCCESS) {
448 rsp->ret = ret;
449 goto clean;
450 }
451
452 fpointer->seek_position = sfd->seek_position;
453 rsp->write_obj.new_seek_pos = fpointer->seek_position;
454 rsp->write_obj.new_size = sfd->size - sfd->attr_size;
455 rsp->ret = TEE_SUCCESS;
456
457 if (is_enum_enable(uuid)) {
458 ret = update_objinfo_in_enum_file(sfd->meta_data->file_id, sfd->meta_data->file_id_len, rsp->write_obj.new_size,
459 rsp->write_obj.new_seek_pos, sndr);
460 if (ret != TEE_SUCCESS)
461 tloge("Failed to update the info of object in enum file.\n");
462 }
463 clean:
464 ssa_unmap_from_task(g_ssagent_handle, write_buffer_info.vm_addr, write_buffer_info.size, write_buffer_info.mapped);
465 }
466
ssa_read_object(union ssa_agent_msg * msg,uint32_t sndr,struct ssa_agent_rsp * rsp)467 void ssa_read_object(union ssa_agent_msg *msg, uint32_t sndr, struct ssa_agent_rsp *rsp)
468 {
469 uint32_t ret;
470 TEE_Result error = TEE_SUCCESS;
471 mem_map_info_t read_buffer_info;
472
473 if (rsp == NULL)
474 return;
475
476 if (msg == NULL || msg->read_obj.buffer == 0) {
477 tloge("invalid msg or buffer!\n");
478 rsp->ret = TEE_ERROR_BAD_PARAMETERS;
479 return;
480 }
481
482 uint32_t obj = msg->read_obj.obj_index;
483 file_instance_t *fpointer = get_file_pointer(sndr, obj);
484 if ((fpointer == NULL) || (fpointer->file_link == NULL) || (fpointer->file_link->sfd == NULL)) {
485 tloge("get session Fail %x\n", obj);
486 rsp->ret = TEE_ERROR_BAD_PARAMETERS;
487 return;
488 }
489 fpointer->file_link->sfd->seek_position = fpointer->seek_position;
490 if ((fpointer->file_link->sfd->flags & TEE_DATA_FLAG_ACCESS_READ) == 0) {
491 tloge("access conflict %x\n", fpointer->file_link->sfd->flags);
492 rsp->ret = TEE_ERROR_ACCESS_CONFLICT;
493 return;
494 }
495
496 read_buffer_info.vm_addr = 0;
497 read_buffer_info.size = msg->read_obj.len;
498 read_buffer_info.mapped = false;
499
500 if (ssa_map_from_task(sndr, msg->read_obj.buffer, msg->read_obj.len,
501 g_ssagent_handle, &read_buffer_info.vm_addr) != 0) {
502 tloge("map writeBuffer from 0x%x fail\n", sndr);
503 rsp->ret = TEE_ERROR_GENERIC;
504 return;
505 }
506 read_buffer_info.mapped = true;
507
508 ret = ssa_read((uint8_t *)read_buffer_info.vm_addr, msg->read_obj.len, fpointer->file_link->sfd, &error);
509 if (error != TEE_SUCCESS) {
510 tloge("read fail %x\n", error);
511 rsp->ret = error;
512 goto clean;
513 }
514
515 fpointer->seek_position = fpointer->file_link->sfd->seek_position;
516 tlogd("restore seek:%u\n", fpointer->file_link->sfd->seek_position);
517
518 rsp->ret = TEE_SUCCESS;
519 rsp->read_obj.new_seek_pos = fpointer->seek_position;
520 rsp->read_obj.new_size = fpointer->file_link->sfd->size - fpointer->file_link->sfd->attr_size;
521 rsp->read_obj.count = ret;
522 clean:
523 ssa_unmap_from_task(g_ssagent_handle, read_buffer_info.vm_addr, read_buffer_info.size, read_buffer_info.mapped);
524 }
525
ssa_seek_params_check(union ssa_agent_msg * msg,uint32_t sndr,struct ssa_agent_rsp * rsp,TEE_UUID ** uuid)526 static TEE_Result ssa_seek_params_check(union ssa_agent_msg *msg, uint32_t sndr,
527 struct ssa_agent_rsp *rsp, TEE_UUID **uuid)
528 {
529 if (rsp == NULL)
530 return TEE_ERROR_BAD_PARAMETERS;
531
532 if (msg == NULL) {
533 rsp->ret = TEE_ERROR_BAD_PARAMETERS;
534 return TEE_ERROR_BAD_PARAMETERS;
535 }
536
537 *uuid = get_sender_uuid(sndr);
538 if (*uuid == NULL) {
539 tloge("seek object uuid read fail\n");
540 rsp->ret = TEE_ERROR_GENERIC;
541 return TEE_ERROR_BAD_PARAMETERS;
542 }
543
544 if (msg->seek_obj.offset > MAX_FILE_SIZE) {
545 tloge("offset is too big\n");
546 rsp->ret = TEE_ERROR_BAD_PARAMETERS;
547 return TEE_ERROR_BAD_PARAMETERS;
548 }
549
550 return TEE_SUCCESS;
551 }
552
ssa_seek_object(union ssa_agent_msg * msg,uint32_t sndr,struct ssa_agent_rsp * rsp)553 void ssa_seek_object(union ssa_agent_msg *msg, uint32_t sndr, struct ssa_agent_rsp *rsp)
554 {
555 int32_t new_offset;
556 struct sfd_t *sfd = NULL;
557 TEE_UUID *uuid = NULL;
558
559 TEE_Result ret = ssa_seek_params_check(msg, sndr, rsp, &uuid);
560 if (ret != TEE_SUCCESS)
561 return;
562
563 int32_t offset = msg->seek_obj.offset;
564
565 file_instance_t *fpointer = get_file_pointer(sndr, msg->seek_obj.obj_index);
566 bool check_ptr_null = (fpointer == NULL) || (fpointer->file_link == NULL) || (fpointer->file_link->sfd == NULL);
567 if (check_ptr_null) {
568 tloge("get session Fail %x\n", msg->seek_obj.obj_index);
569 rsp->ret = TEE_ERROR_BAD_PARAMETERS;
570 return;
571 }
572 sfd = fpointer->file_link->sfd;
573
574 if (msg->seek_obj.whence == TEE_DATA_SEEK_SET) {
575 if (offset < 0)
576 offset = 0;
577 new_offset = offset + (int32_t)sfd->attr_size;
578 } else {
579 new_offset = offset;
580 }
581
582 ret = ssa_seek(sfd, new_offset, msg->seek_obj.whence);
583 if (ret != TEE_SUCCESS) {
584 tloge("ssa seek fail %x", ret);
585 rsp->ret = ret;
586 return;
587 }
588
589 fpointer->seek_position = sfd->seek_position;
590
591 if (sfd->need_update_hmac) {
592 sfd->need_update_hmac = false;
593
594 ret = ssa_write_mac(sfd);
595 if (ret != TEE_SUCCESS) {
596 tloge("write mac fail %x", ret);
597 rsp->ret = ret;
598 return;
599 }
600 }
601
602 rsp->seek_obj.new_seek_pos = fpointer->seek_position;
603 rsp->seek_obj.new_size = sfd->size - sfd->attr_size;
604
605 if (is_enum_enable(uuid)) {
606 ret = update_objinfo_in_enum_file(sfd->meta_data->file_id, sfd->meta_data->file_id_len, rsp->seek_obj.new_size,
607 rsp->seek_obj.new_seek_pos, sndr);
608 if (ret != TEE_SUCCESS)
609 tloge("Failed to update the info of object in enum file.\n");
610 }
611 rsp->ret = TEE_SUCCESS;
612 }
613
ssa_truncate_params_check(const union ssa_agent_msg * msg,uint32_t sndr,struct ssa_agent_rsp * rsp,file_instance_t ** fpointer,TEE_UUID ** uuid)614 static void ssa_truncate_params_check(const union ssa_agent_msg *msg, uint32_t sndr,
615 struct ssa_agent_rsp *rsp, file_instance_t **fpointer, TEE_UUID **uuid)
616 {
617 uint32_t obj;
618
619 if (rsp == NULL)
620 return;
621
622 if (msg == NULL) {
623 rsp->ret = TEE_ERROR_BAD_PARAMETERS;
624 return;
625 }
626
627 *uuid = get_sender_uuid(sndr);
628 if (*uuid == NULL) {
629 tloge("truncate object uuid read fail\n");
630 rsp->ret = TEE_ERROR_GENERIC;
631 return;
632 }
633
634 if (msg->truncate_obj.size > MAX_FILE_SIZE) {
635 tloge("truncate size is too big\n");
636 rsp->ret = TEE_ERROR_BAD_PARAMETERS;
637 return;
638 }
639
640 obj = (uint32_t)msg->truncate_obj.obj_index;
641 *fpointer = get_file_pointer(sndr, (int32_t)obj);
642
643 bool is_fp_invalid = (*fpointer == NULL) || ((*fpointer)->file_link == NULL) ||
644 ((*fpointer)->file_link->sfd == NULL) ||
645 ((*fpointer)->file_link->sfd->meta_data == NULL);
646 if (is_fp_invalid) {
647 tloge("get session fail 0x%x\n", obj);
648 rsp->ret = TEE_ERROR_BAD_PARAMETERS;
649 return;
650 }
651
652 rsp->ret = TEE_SUCCESS;
653 }
654
ssa_truncate_object(union ssa_agent_msg * msg,uint32_t sndr,struct ssa_agent_rsp * rsp)655 void ssa_truncate_object(union ssa_agent_msg *msg, uint32_t sndr, struct ssa_agent_rsp *rsp)
656 {
657 TEE_Result ret;
658 file_instance_t *fpointer = NULL;
659 uint32_t new_size;
660 struct sfd_t *sfd = NULL;
661 TEE_UUID *uuid = NULL;
662
663 ssa_truncate_params_check(msg, sndr, rsp, &fpointer, &uuid);
664 if (rsp == NULL || rsp->ret != TEE_SUCCESS || fpointer == NULL)
665 return;
666
667 new_size = (uint32_t)msg->truncate_obj.size;
668 sfd = fpointer->file_link->sfd;
669
670 tlogd("oldSize=%u, new_size=%d, attr_size=%u\n", sfd->size, msg->truncate_obj.size, sfd->attr_size);
671
672 sfd->seek_position = fpointer->seek_position;
673 if (judge_valid_version(sfd))
674 new_size += sfd->attr_size;
675
676 ret = ssa_truncate(sfd, new_size);
677
678 if (sfd->need_update_hmac) {
679 sfd->need_update_hmac = false;
680
681 ret = ssa_write_mac(sfd);
682 if (ret != TEE_SUCCESS) {
683 tloge("write mac fail %x", ret);
684 rsp->ret = ret;
685 return;
686 }
687 }
688
689 fpointer->seek_position = sfd->seek_position;
690
691 rsp->truncate_obj.new_size = sfd->size;
692 if (judge_valid_version(sfd))
693 rsp->truncate_obj.new_size -= sfd->attr_size;
694 rsp->truncate_obj.new_seek_pos = fpointer->seek_position;
695
696 if (is_enum_enable(uuid)) {
697 ret = update_objinfo_in_enum_file(sfd->meta_data->file_id, sfd->meta_data->file_id_len,
698 rsp->truncate_obj.new_size, rsp->truncate_obj.new_seek_pos, sndr);
699 if (ret != TEE_SUCCESS)
700 tloge("Failed to update the info of object in enum file.\n");
701 }
702 rsp->ret = TEE_SUCCESS;
703 }
704
ssa_rename_params_check(const union ssa_agent_msg * msg,uint32_t sndr,file_instance_t ** fpointer,TEE_UUID ** uuid)705 static TEE_Result ssa_rename_params_check(const union ssa_agent_msg *msg, uint32_t sndr,
706 file_instance_t **fpointer, TEE_UUID **uuid)
707 {
708 TEE_Result ret;
709
710 if (msg == NULL || msg->rename_obj.new_object_id == 0) {
711 tloge("invalid msg or buffer!\n");
712 ret = TEE_ERROR_BAD_PARAMETERS;
713 return ret;
714 }
715
716 *uuid = get_sender_uuid(sndr);
717 if (*uuid == NULL) {
718 tloge("rename object uuid read fail\n");
719 ret = TEE_ERROR_GENERIC;
720 return ret;
721 }
722 uint32_t obj = msg->rename_obj.obj_index;
723 tlogd("Rename: IDlen %u\n", msg->rename_obj.objIdLen);
724
725 *fpointer = get_file_pointer(sndr, (int32_t)obj);
726 bool pointer_flag = ((*fpointer) == NULL) || ((*fpointer)->file_link == NULL);
727 if (pointer_flag) {
728 tloge("get session fail %x\n", obj);
729 ret = TEE_ERROR_BAD_PARAMETERS;
730 return ret;
731 }
732
733 if (((*fpointer)->file_link->sfd == NULL) || ((*fpointer)->file_link->sfd->meta_data == NULL)) {
734 tloge("get sfd fail!\n");
735 ret = TEE_ERROR_BAD_PARAMETERS;
736 return ret;
737 }
738
739 bool flag = (((*fpointer)->file_link->sfd->flags & TEE_DATA_FLAG_ACCESS_WRITE_META) == 0);
740 if (flag) {
741 ret = TEE_ERROR_ACCESS_CONFLICT;
742 tloge("Access conflict %x\n", ret);
743 return ret;
744 }
745
746 return TEE_SUCCESS;
747 }
748
ssa_rename_object_proc(const union ssa_agent_msg * msg,uint32_t sndr,mem_map_info_t * new_object_id_info,struct sfd_t * sfd,const TEE_UUID * uuid)749 static TEE_Result ssa_rename_object_proc(const union ssa_agent_msg *msg, uint32_t sndr,
750 mem_map_info_t *new_object_id_info, struct sfd_t *sfd, const TEE_UUID *uuid)
751 {
752 TEE_Result ret;
753 TEE_Result ret_enum;
754 char new_obj_id[HASH_NAME_BUFF_LEN] = { 0 };
755 uint8_t origin_object_id[HASH_NAME_BUFF_LEN] = { 0 };
756
757 ret = copy_and_check_file_name((char *)new_object_id_info->vm_addr, new_object_id_info->size,
758 new_obj_id, sizeof(new_obj_id));
759 if (ret != TEE_SUCCESS)
760 return ret;
761
762 ret = check_name_by_storageid(new_obj_id, strlen(new_obj_id), sfd->meta_data->storage_id);
763 if (ret != TEE_SUCCESS)
764 return ret;
765
766 if (sfd->meta_data->file_id != NULL) {
767 if (memcpy_s(origin_object_id, HASH_NAME_BUFF_LEN, sfd->meta_data->file_id,
768 sfd->meta_data->file_id_len) != EOK) {
769 tloge("Failed to copy origin object id.\n");
770 ret = TEE_ERROR_GENERIC;
771 return ret;
772 }
773 }
774
775 ret = ssa_rename(sfd, (uint8_t *)new_obj_id, msg->rename_obj.obj_id_len);
776 if (ret == TEE_SUCCESS) {
777 sfd->need_update_hmac = false;
778 ret = ssa_write_mac(sfd);
779 if (ret != TEE_SUCCESS) {
780 tloge("write mac fail %x", ret);
781 return ret;
782 }
783 }
784 if (is_enum_enable(uuid)) {
785 ret_enum = rename_obj_in_enum_file(origin_object_id, (uint8_t *)new_obj_id,
786 msg->rename_obj.obj_id_len, sndr);
787 if (ret_enum != TEE_SUCCESS)
788 tloge("Failed to rename the obj info in enum file.\n");
789 }
790
791 return ret;
792 }
793
ssa_rename_object(union ssa_agent_msg * msg,uint32_t sndr,struct ssa_agent_rsp * rsp)794 void ssa_rename_object(union ssa_agent_msg *msg, uint32_t sndr, struct ssa_agent_rsp *rsp)
795 {
796 mem_map_info_t new_object_id_info;
797 file_instance_t *fpointer = NULL;
798 TEE_UUID *uuid = NULL;
799
800 if (rsp == NULL)
801 return;
802
803 rsp->ret = ssa_rename_params_check(msg, sndr, &fpointer, &uuid);
804 if (rsp->ret != TEE_SUCCESS)
805 return;
806
807 new_object_id_info.vm_addr = 0;
808 new_object_id_info.size = msg->rename_obj.obj_id_len;
809 new_object_id_info.mapped = false;
810
811 if (ssa_map_from_task(sndr, msg->rename_obj.new_object_id, msg->rename_obj.obj_id_len, g_ssagent_handle,
812 &new_object_id_info.vm_addr) != 0) {
813 tloge("map objectID from 0x%x fail\n", sndr);
814 rsp->ret = TEE_ERROR_GENERIC;
815 return;
816 }
817 new_object_id_info.mapped = true;
818
819 struct sfd_t *sfd = fpointer->file_link->sfd;
820 rsp->ret = ssa_rename_object_proc(msg, sndr, &new_object_id_info, sfd, uuid);
821 if (rsp->ret != TEE_SUCCESS)
822 tloge("ssa rename object failed.\n");
823
824 ssa_unmap_from_task(g_ssagent_handle, new_object_id_info.vm_addr,
825 new_object_id_info.size, new_object_id_info.mapped);
826 }
827
ssa_info_object(union ssa_agent_msg * msg,uint32_t sndr,struct ssa_agent_rsp * rsp)828 void ssa_info_object(union ssa_agent_msg *msg, uint32_t sndr, struct ssa_agent_rsp *rsp)
829 {
830 TEE_Result ret;
831 uint32_t pos = 0;
832 uint32_t len = 0;
833 uint32_t obj;
834 file_instance_t *fpointer = NULL;
835
836 if (rsp == NULL)
837 return;
838
839 if (msg == NULL) {
840 tloge("invalid msg!\n");
841 rsp->ret = TEE_ERROR_BAD_PARAMETERS;
842 return;
843 }
844
845 obj = (uint32_t)msg->get_info_obj.obj_index;
846 fpointer = get_file_pointer(sndr, (int32_t)obj);
847 if ((fpointer == NULL) || (fpointer->file_link == NULL) || (fpointer->file_link->sfd == NULL)) {
848 tloge("get session Fail %x\n", obj);
849 rsp->ret = TEE_ERROR_BAD_PARAMETERS;
850 return;
851 }
852
853 ret = ssa_info(fpointer->file_link->sfd, &pos, &len);
854 rsp->ret = ret;
855 rsp->get_info_obj.pos = pos - fpointer->file_link->sfd->attr_size;
856 rsp->get_info_obj.len = len - fpointer->file_link->sfd->attr_size;
857 }
858
ssa_close_object(union ssa_agent_msg * msg,uint32_t sndr,struct ssa_agent_rsp * rsp)859 void ssa_close_object(union ssa_agent_msg *msg, uint32_t sndr, struct ssa_agent_rsp *rsp)
860 {
861 uint32_t obj;
862
863 if (rsp == NULL)
864 return;
865
866 if (msg == NULL) {
867 tloge("invalid msg!\n");
868 rsp->ret = TEE_ERROR_BAD_PARAMETERS;
869 return;
870 }
871
872 obj = (uint32_t)msg->close_obj.obj_index;
873
874 tlogd("close Obj: %u\n", obj);
875 close_file_from_client(sndr, obj);
876 rsp->ret = TEE_SUCCESS;
877 }
878
ssa_sync_object(union ssa_agent_msg * msg,uint32_t sndr,struct ssa_agent_rsp * rsp)879 void ssa_sync_object(union ssa_agent_msg *msg, uint32_t sndr, struct ssa_agent_rsp *rsp)
880 {
881 uint32_t obj;
882
883 if (rsp == NULL)
884 return;
885
886 if (msg == NULL) {
887 tloge("invalid msg!\n");
888 rsp->ret = TEE_ERROR_BAD_PARAMETERS;
889 return;
890 }
891
892 obj = (uint32_t)msg->sync_obj.obj_index;
893
894 file_instance_t *fpointer = get_file_pointer(sndr, obj);
895 if ((fpointer == NULL) || (fpointer->file_link == NULL)) {
896 tloge("get session Fail %x\n", obj);
897 rsp->ret = TEE_ERROR_BAD_PARAMETERS;
898 return;
899 }
900
901 (void)ssa_sync(fpointer->file_link->sfd);
902 rsp->ret = TEE_SUCCESS;
903 }
904
ssa_close_and_delete_object(union ssa_agent_msg * msg,uint32_t sndr,struct ssa_agent_rsp * rsp)905 void ssa_close_and_delete_object(union ssa_agent_msg *msg, uint32_t sndr, struct ssa_agent_rsp *rsp)
906 {
907 uint32_t obj;
908 TEE_Result ret;
909 struct sfd_t *sfd = NULL;
910 uint8_t obj_id[HASH_NAME_BUFF_LEN] = { 0 };
911
912 if (rsp == NULL)
913 return;
914
915 if (msg == NULL) {
916 tloge("invalid msg!\n");
917 rsp->ret = TEE_ERROR_BAD_PARAMETERS;
918 return;
919 }
920
921 TEE_UUID *uuid = get_sender_uuid(sndr);
922 if (uuid == NULL) {
923 tloge("delete object uuid read fail\n");
924 rsp->ret = TEE_ERROR_GENERIC;
925 return;
926 }
927 obj = (uint32_t)msg->close_and_delete_obj.obj_index;
928 file_instance_t *fpointer = get_file_pointer(sndr, obj);
929 if ((fpointer == NULL) || (fpointer->file_link == NULL) || (fpointer->file_link->sfd == NULL)) {
930 tloge("get session Fail %x\n", obj);
931 rsp->ret = TEE_ERROR_BAD_PARAMETERS;
932 return;
933 }
934 sfd = fpointer->file_link->sfd;
935
936 tlogd("flags %x\n", sfd->flags);
937 if ((sfd->flags & TEE_DATA_FLAG_ACCESS_WRITE_META) == 0) {
938 tloge("Access conflict, %x\n", sfd->flags);
939 close_file_from_client(sndr, obj);
940 rsp->ret = TEE_ERROR_ACCESS_CONFLICT;
941 return;
942 }
943
944 if (sfd->meta_data != NULL && sfd->meta_data->file_id != NULL) {
945 int32_t rc = memcpy_s(obj_id, HASH_NAME_BUFF_LEN, sfd->meta_data->file_id, sfd->meta_data->file_id_len);
946 if (rc != EOK) {
947 rsp->ret = TEE_ERROR_SECURITY;
948 return;
949 }
950 }
951
952 rsp->ret = delete_file(sndr, obj);
953 if (rsp->ret != TEE_SUCCESS)
954 return;
955
956 if (is_enum_enable(uuid)) {
957 ret = delete_obj_in_enum_file(obj_id, strlen((char *)obj_id), sndr);
958 if (ret != TEE_SUCCESS)
959 tloge("Failed to delete obj info from enum file.\n");
960 }
961 }
962
963