1 /*
2 * Copyright (C) 2022 Huawei Technologies Co., Ltd.
3 * Licensed under the Mulan PSL v2.
4 * You can use this software according to the terms and conditions of the Mulan PSL v2.
5 * You may obtain a copy of Mulan PSL v2 at:
6 * http://license.coscl.org.cn/MulanPSL2
7 * THIS SOFTWARE IS PROVIDED ON AN "AS IS" BASIS, WITHOUT WARRANTIES OF ANY KIND, EITHER EXPRESS OR
8 * IMPLIED, INCLUDING BUT NOT LIMITED TO NON-INFRINGEMENT, MERCHANTABILITY OR FIT FOR A PARTICULAR
9 * PURPOSE.
10 * See the Mulan PSL v2 for more details.
11 */
12 #include <stdio.h>
13 #include <sys/mman.h>
14 #include <tee_log.h>
15 #include <ipclib.h> /* for channel */
16 #include <sys/priorities.h>
17 #include <pthread.h> /* for thread */
18 #include <stdlib.h>
19 #include <tee_defines.h>
20 #include <tee_init.h>
21 #include <tee_ext_api.h>
22 #include <ta_framework.h>
23 #include <tee_internal_task_pub.h>
24 #include "permission_service.h"
25 #include "perm_srv_common.h"
26 #include "perm_srv_ta_crl_cmd.h"
27 #include "perm_srv_ta_crl.h"
28 #include "perm_srv_elf_verify_cmd.h"
29 #include "perm_srv_cms_crl_storage.h"
30 #include "perm_srv_ta_cert.h"
31 #include "perm_srv_ta_config.h"
32 #include "perm_srv_ta_ctrl.h"
33 #include <ipclib_hal.h>
34 #include <spawn_ext.h>
35 #include <securec.h>
36
37 #ifdef LOG_TAG
38 #undef LOG_TAG
39 #endif
40 #define LOG_TAG "permission service"
41 #define CERT_PATH "permservice"
42
43 #define WEAK __attribute__((weak))
44 #define BSS_START_MAGIC 0x12345678
45 #define BSS_END_MAGIC 0x87654321
46
47 uint32_t WEAK TA_BSS_START = BSS_START_MAGIC;
48 uint32_t WEAK TA_BSS_END = BSS_END_MAGIC;
49
clear_ta_bss(void)50 static void clear_ta_bss(void)
51 {
52 uint32_t ta_bss_start = (uint32_t)&TA_BSS_START;
53 uint32_t ta_bss_end = (uint32_t)&TA_BSS_END;
54
55 if (TA_BSS_START == BSS_START_MAGIC && TA_BSS_END == BSS_END_MAGIC) {
56 tlogd("only weak bss define\n");
57 return;
58 }
59
60 if (ta_bss_end > ta_bss_start)
61 (void)memset_s((void *)(uintptr_t)ta_bss_start, ta_bss_end - ta_bss_start, 0, ta_bss_end - ta_bss_start);
62 else if (ta_bss_end == ta_bss_start)
63 tlogd("bss addr end equals to start\n");
64 else
65 tloge("failed\n");
66 }
67
68 static const struct ta_init_msg g_permsrv_init_msg = {
69 .prop.uuid = TEE_SERVICE_PERM,
70 };
71
perm_srv_load_crl_and_ctrl_list(const perm_srv_req_msg_t * req_msg,uint32_t sndr_taskid,const TEE_UUID * sndr_uuid,perm_srv_reply_msg_t * rsp)72 static TEE_Result perm_srv_load_crl_and_ctrl_list(const perm_srv_req_msg_t *req_msg, uint32_t sndr_taskid,
73 const TEE_UUID *sndr_uuid, perm_srv_reply_msg_t *rsp)
74 {
75 TEE_Result ret;
76
77 (void)req_msg;
78 (void)sndr_taskid;
79 (void)sndr_uuid;
80
81 ret = perm_srv_global_ta_crl_list_loading(false);
82 if (ret != TEE_SUCCESS) {
83 tloge("CRL list loading fail, ret is 0x%x\n", ret);
84 goto out;
85 }
86
87 ret = perm_srv_global_ta_ctrl_list_loading(false);
88 if (ret != TEE_SUCCESS)
89 tloge("TA control list loading fail, ret is 0x%x\n", ret);
90
91 out:
92 rsp->reply.ret = ret;
93 return ret;
94 }
95
96 /* check the cmd permission of TAs who are not gtask. */
check_file_cmd_perm(uint32_t sndr_taskid,uint32_t cmd)97 static bool check_file_cmd_perm(uint32_t sndr_taskid, uint32_t cmd)
98 {
99 TEE_Result ret;
100 struct config_info config;
101
102 (void)memset_s(&config, sizeof(config), 0, sizeof(config));
103 ret = perm_srv_get_config_by_taskid(sndr_taskid, &config);
104 if (ret != TEE_SUCCESS) {
105 tloge("get config by taskid failed\n");
106 return false;
107 }
108
109 bool is_cert_import_enable = false;
110 ret = perm_srv_check_cert_import_enable(&config, cmd, &is_cert_import_enable);
111 if (ret != TEE_SUCCESS) {
112 tloge("check cert import enable failed\n");
113 return false;
114 }
115 if (is_cert_import_enable)
116 return true;
117
118 static const TEE_UUID crl_agent_uuid = TEE_SERVICE_CRLAGENT;
119 bool is_crl_ctrl_enable = TEE_MemCompare(&crl_agent_uuid, &config.uuid, sizeof(config.uuid)) == 0 &&
120 (cmd == PERMSRV_SET_CRL_CERT || cmd == PERMSRV_SET_TA_CTRL_LIST);
121 if (is_crl_ctrl_enable)
122 return true;
123
124 return false;
125 }
126
127 static const perm_srv_cmd_t g_file_thread_cmd_tbl[] = {
128 {TEE_TASK_LOAD_CRL_AND_CTRL_LIST, perm_srv_load_crl_and_ctrl_list},
129 {PERMSRV_SET_CRL_CERT, perm_srv_set_crl_cert},
130 };
131 static const uint32_t g_file_thread_cmd_num = sizeof(g_file_thread_cmd_tbl) / sizeof(g_file_thread_cmd_tbl[0]);
132
handle_file_msg_cmd(const perm_srv_req_msg_t * req_msg,uint32_t cmd_id,uint32_t sndr_taskid,perm_srv_reply_msg_t * rsp)133 static TEE_Result handle_file_msg_cmd(const perm_srv_req_msg_t *req_msg, uint32_t cmd_id, uint32_t sndr_taskid,
134 perm_srv_reply_msg_t *rsp)
135 {
136 TEE_Result ret = TEE_ERROR_INVALID_CMD;
137 uint32_t i;
138
139 /* File_OPT subthread cannot receive synchronization messages sent by gtask to avoid deadlock. */
140 for (i = 0; i < g_file_thread_cmd_num; i++) {
141 if (cmd_id != g_file_thread_cmd_tbl[i].cmd)
142 continue;
143 ret = g_file_thread_cmd_tbl[i].func(req_msg, sndr_taskid, NULL, rsp);
144 break;
145 }
146 if (i >= g_file_thread_cmd_num)
147 tloge("not support the cmd id 0x%x\n", cmd_id);
148
149 if (ret != TEE_SUCCESS)
150 tloge("handle msg cmd fail 0x%x\n", ret);
151 return ret;
152 }
153
perm_thread_handle_file_msg(const perm_srv_req_msg_t * req_msg,uint32_t sndr_taskid,uint16_t msg_type,cref_t msghdl)154 static void perm_thread_handle_file_msg(const perm_srv_req_msg_t *req_msg, uint32_t sndr_taskid,
155 uint16_t msg_type, cref_t msghdl)
156 {
157 uint32_t cmd_id = req_msg->header.send.msg_id;
158 perm_srv_reply_msg_t rsp;
159 TEE_Result ret;
160 int32_t rc;
161
162 (void)memset_s(&rsp, sizeof(rsp), 0, sizeof(rsp));
163
164 bool is_access_perm = (sndr_taskid == GLOBAL_HANDLE) || check_file_cmd_perm(sndr_taskid, cmd_id);
165 if (is_access_perm == false) {
166 rsp.reply.ret = TEE_ERROR_ACCESS_DENIED;
167 goto end;
168 }
169
170 ret = handle_file_msg_cmd(req_msg, cmd_id, sndr_taskid, &rsp);
171 if (ret != TEE_SUCCESS)
172 tlogd("handle file msg cmd fail 0x%x\n", ret);
173
174 end:
175 if (msg_type == MSG_TYPE_CALL) {
176 rc = ipc_msg_reply(msghdl, &rsp, sizeof(rsp));
177 if (rc != 0)
178 tloge("reply error 0x%x\n", rc);
179 }
180 return;
181 }
182
perm_thread_file_create_ipc_channel(cref_t * msghdl,cref_t * native_channel,cref_t * file_channel)183 static TEE_Result perm_thread_file_create_ipc_channel(cref_t *msghdl, cref_t *native_channel, cref_t *file_channel)
184 {
185 TEE_Result ret;
186
187 *msghdl = ipc_msg_create_hdl();
188 if (!check_ref_valid(*msghdl)) {
189 tloge("thread file operation function create msg_hdl failed\n");
190 return TEE_ERROR_GENERIC;
191 }
192
193 if (ipc_create_channel_native(PERMSRV_FILE_OPT, native_channel) != 0) {
194 tloge("thread file operation function create native channel failed\n");
195 return TEE_ERROR_GENERIC;
196 }
197
198 /* create IPC channel */
199 if (ipc_create_single_channel(PERMSRV_SAVE_FILE, file_channel, true, false, true) != 0) {
200 tloge("thread file operation function create file channel failed\n");
201 return TEE_ERROR_GENERIC;
202 }
203
204 /* The tee_init() cannot be deleted from subthread 2. Otherwise, the ssa function will be affected. */
205 ret = tee_init(&g_permsrv_init_msg);
206 if (ret != TEE_SUCCESS)
207 /* no care the return code */
208 tloge("TEE init error\n");
209
210 return TEE_SUCCESS;
211 }
212
perm_thread_remove_channel(const char * name,cref_t channel)213 static void perm_thread_remove_channel(const char *name, cref_t channel)
214 {
215 taskid_t pid;
216
217 pid = get_self_taskid();
218 if (pid < 0) {
219 tloge("get self pid error\n");
220 return;
221 }
222
223 if (ipc_remove_channel(pid, name, 0, channel) != 0)
224 tloge("remove the file channel failed\n");
225 }
226
perm_thread_init_file(void * data)227 void *perm_thread_init_file(void *data)
228 {
229 int32_t rc;
230 perm_srv_req_msg_t req_msg;
231 uint32_t sender_taskid = 0;
232 cref_t native_channel = 0;
233 cref_t file_channel = 0;
234 struct src_msginfo info = { 0 };
235 cref_t msghdl;
236 (void)data;
237
238 (void)memset_s(&req_msg, sizeof(req_msg), 0, sizeof(req_msg));
239
240 rc = (int32_t)perm_thread_file_create_ipc_channel(&msghdl, &native_channel, &file_channel);
241 if (rc != 0)
242 goto exit;
243
244 while (true) {
245 rc = ipc_msg_receive(native_channel, &req_msg, (unsigned long)sizeof(req_msg), msghdl, &info, -1);
246 if (rc < 0) {
247 tloge("%s: message receive failed, %llx\n", LOG_TAG, rc);
248 continue;
249 }
250
251 if (info.src_pid == 0)
252 sender_taskid = GLOBAL_HANDLE;
253 else
254 sender_taskid = (uint32_t)pid_to_taskid(info.src_tid, info.src_pid);
255
256 perm_thread_handle_file_msg(&req_msg, sender_taskid, info.msg_type, msghdl);
257 }
258
259 perm_thread_remove_channel(PERMSRV_SAVE_FILE, file_channel);
260
261 exit:
262 ipc_msg_delete_hdl(msghdl);
263 return NULL;
264 }
265
266 static const perm_srv_cmd_t g_async_file_thread_cmd_tbl[] = {
267 {TEE_TASK_ELF_VERIFY, perm_srv_elf_verify},
268 };
269 static const uint32_t g_async_file_thread_cmd_num = sizeof(g_async_file_thread_cmd_tbl) /
270 sizeof(g_async_file_thread_cmd_tbl[0]);
271
handle_async_file_msg_cmd(const perm_srv_req_msg_t * req_msg,uint32_t cmd_id,uint32_t sndr_taskid)272 static TEE_Result handle_async_file_msg_cmd(const perm_srv_req_msg_t *req_msg, uint32_t cmd_id, uint32_t sndr_taskid)
273 {
274 TEE_Result ret = TEE_ERROR_INVALID_CMD;
275 uint32_t i;
276
277 /* Async_file_OPT subthread cannot receive synchronization messages sent by gtask to avoid deadlock. */
278 for (i = 0; i < g_async_file_thread_cmd_num; i++) {
279 if (cmd_id != g_async_file_thread_cmd_tbl[i].cmd)
280 continue;
281 ret = g_async_file_thread_cmd_tbl[i].func(req_msg, sndr_taskid, NULL, NULL);
282 break;
283 }
284 if (i >= g_async_file_thread_cmd_num)
285 tloge("not support the cmd id 0x%x\n", cmd_id);
286
287 if (ret != TEE_SUCCESS)
288 tloge("handle msg cmd fail 0x%x\n", ret);
289
290 perm_srv_cms_crl_store(cmd_id);
291
292 return ret;
293 }
294
perm_thread_handle_async_file_msg(const perm_srv_req_msg_t * req_msg,uint32_t sndr_taskid)295 static void perm_thread_handle_async_file_msg(const perm_srv_req_msg_t *req_msg, uint32_t sndr_taskid)
296 {
297 uint32_t cmd_id = req_msg->header.send.msg_id;
298 TEE_Result ret;
299
300 if (sndr_taskid != GLOBAL_HANDLE) {
301 /* only gtask can call this interface */
302 tloge("sender 0x%x no perm\n", sndr_taskid);
303 return;
304 }
305
306 /*
307 * TA_verify\CA_verify\CRL_update need to load\store cms crl from\to ssa and update cms crl in memory,
308 * so they cannot be in the same thread with other sync cmds,
309 * and concurrent invokcation is not supported.
310 */
311 perm_srv_cms_crl_load();
312
313 ret = handle_async_file_msg_cmd(req_msg, cmd_id, sndr_taskid);
314 if (ret != TEE_SUCCESS)
315 tlogd("handle async file msg cmd fail 0x%x\n", ret);
316 }
317
perm_thread_async_file_create_ipc_channel(cref_t * msghdl,cref_t * native_channel,cref_t * file_channel)318 static TEE_Result perm_thread_async_file_create_ipc_channel(cref_t *msghdl, cref_t *native_channel,
319 cref_t *file_channel)
320 {
321 *msghdl = ipc_msg_create_hdl();
322 if (!check_ref_valid(*msghdl)) {
323 tloge("thread async file operation function create msg_hdl failed\n");
324 return TEE_ERROR_GENERIC;
325 }
326
327 if (ipc_create_channel_native(PERMSRV_ASYNC_OPT, native_channel) != 0) {
328 tloge("thread async file operation function create native channel failed\n");
329 return TEE_ERROR_GENERIC;
330 }
331
332 /* create IPC channel */
333 if (ipc_create_single_channel(PERMSRV_ASYNC_OPT_FILE, file_channel, true, false, false) != 0) {
334 tloge("thread async file operation function create file channel failed\n");
335 return TEE_ERROR_GENERIC;
336 }
337
338 return TEE_SUCCESS;
339 }
340
perm_thread_init_async_file(void * data)341 void *perm_thread_init_async_file(void *data)
342 {
343 int32_t rc;
344 perm_srv_req_msg_t req_msg;
345 uint32_t sender_taskid = 0;
346 cref_t async_native_channel = 0;
347 cref_t async_file_channel = 0;
348 struct src_msginfo info = { 0 };
349 cref_t msghdl;
350 (void)data;
351
352 (void)memset_s(&req_msg, sizeof(req_msg), 0, sizeof(req_msg));
353
354 rc = (int32_t)perm_thread_async_file_create_ipc_channel(&msghdl, &async_native_channel, &async_file_channel);
355 if (rc != 0)
356 goto del_hdl;
357
358 while (true) {
359 rc = ipc_msg_receive(async_native_channel, &req_msg, (unsigned long)sizeof(req_msg), msghdl, &info, -1);
360 if (rc < 0) {
361 tloge("%s: async msg receive failed, %llx\n", LOG_TAG, rc);
362 continue;
363 }
364
365 if (info.src_pid == 0)
366 sender_taskid = GLOBAL_HANDLE;
367 else
368 sender_taskid = (uint32_t)pid_to_taskid(info.src_tid, info.src_pid);
369
370 perm_thread_handle_async_file_msg(&req_msg, sender_taskid);
371 }
372
373 perm_thread_remove_channel(PERMSRV_ASYNC_OPT_FILE, async_file_channel);
374
375 del_hdl:
376 ipc_msg_delete_hdl(msghdl);
377 return NULL;
378 }
379
380 #define THREAD_STACK (16 * 4096)
381
perm_srv_create_rw_thread(void * (* thread_entry)(void *),const char * file,const char * buff,size_t buff_size)382 TEE_Result perm_srv_create_rw_thread(void *(*thread_entry)(void *), const char *file, const char *buff,
383 size_t buff_size)
384 {
385 pthread_t thread = NULL;
386 pthread_attr_t attr = { 0 };
387 uint32_t stack_size = THREAD_STACK;
388 int32_t rc;
389
390 (void)file;
391 (void)buff_size;
392 (void)buff;
393 /* Init pthread attr */
394 if (pthread_attr_init(&attr) != 0) {
395 tloge("pthread attr init failed\n");
396 return TEE_ERROR_GENERIC;
397 }
398
399 /* Set stack size for new thread */
400 if (pthread_attr_setstacksize(&attr, stack_size) != 0) {
401 tloge("pthread set stack failed, size = 0x%x\n", stack_size);
402 return TEE_ERROR_GENERIC;
403 }
404
405 rc = pthread_create(&thread, &attr, thread_entry, NULL);
406 if (rc != 0) {
407 tloge("create thread error 0x%x\n", rc);
408 return TEE_ERROR_GENERIC;
409 }
410
411 return TEE_SUCCESS;
412 }
413
perm_srv_register_ta(const perm_srv_req_msg_t * msg,uint32_t sndr_taskid,const TEE_UUID * sndr_uuid,perm_srv_reply_msg_t * rsp)414 static TEE_Result perm_srv_register_ta(const perm_srv_req_msg_t *msg, uint32_t sndr_taskid,
415 const TEE_UUID *sndr_uuid, perm_srv_reply_msg_t *rsp)
416 {
417 TEE_Result ret;
418
419 (void)sndr_uuid;
420 (void)rsp;
421 if (sndr_taskid != GLOBAL_HANDLE)
422 return TEE_ERROR_ACCESS_DENIED;
423
424 TEE_UUID uuid = msg->req_msg.reg_ta.uuid;
425 ret = perm_srv_register_ta_taskid(&uuid, msg->req_msg.reg_ta.taskid,
426 msg->req_msg.reg_ta.userid);
427 if (ret != TEE_SUCCESS)
428 tloge("register ta error, 0x%x\n", ret);
429
430 return ret;
431 }
432
perm_srv_unregister_ta(const perm_srv_req_msg_t * msg,uint32_t sndr_taskid,const TEE_UUID * sndr_uuid,perm_srv_reply_msg_t * rsp)433 static TEE_Result perm_srv_unregister_ta(const perm_srv_req_msg_t *msg, uint32_t sndr_taskid,
434 const TEE_UUID *sndr_uuid, perm_srv_reply_msg_t *rsp)
435 {
436 TEE_Result ret;
437
438 (void)sndr_uuid;
439 (void)rsp;
440 if (sndr_taskid != GLOBAL_HANDLE)
441 return TEE_ERROR_ACCESS_DENIED;
442
443 TEE_UUID uuid = msg->req_msg.reg_ta.uuid;
444 ret = perm_srv_unregister_ta_taskid(&uuid, msg->req_msg.reg_ta.taskid);
445 if (ret != TEE_SUCCESS)
446 tloge("unregister ta error, 0x%x\n", ret);
447
448 return ret;
449 }
450
perm_srv_release_ta(const perm_srv_req_msg_t * msg,uint32_t sndr_taskid,const TEE_UUID * sndr_uuid,perm_srv_reply_msg_t * rsp)451 static TEE_Result perm_srv_release_ta(const perm_srv_req_msg_t *msg, uint32_t sndr_taskid,
452 const TEE_UUID *sndr_uuid, perm_srv_reply_msg_t *rsp)
453 {
454 (void)sndr_uuid;
455 (void)rsp;
456 if (sndr_taskid != GLOBAL_HANDLE) {
457 tloge("sender has no permission\n");
458 return TEE_ERROR_ACCESS_DENIED;
459 }
460
461 TEE_UUID uuid = msg->req_msg.ta_unload.uuid;
462
463 perm_srv_clear_ta_permissions(&uuid);
464 return TEE_SUCCESS;
465 }
466
467 static const perm_srv_cmd_t g_main_thread_cmd_tbl[] = {
468 {TEE_TASK_OPEN_TA_SESSION, perm_srv_register_ta},
469 {TEE_TASK_CLOSE_TA_SESSION, perm_srv_unregister_ta},
470 {TEE_TASK_RELEASE_TA_SERVICE, perm_srv_release_ta},
471 };
472 static const uint32_t g_main_thread_cmd_num = sizeof(g_main_thread_cmd_tbl) / sizeof(g_main_thread_cmd_tbl[0]);
473
handle_main_thread_msg_cmd(const perm_srv_req_msg_t * req_msg,uint32_t cmd_id,uint32_t sndr_taskid,const TEE_UUID * sndr_uuid,perm_srv_reply_msg_t * rsp)474 static TEE_Result handle_main_thread_msg_cmd(const perm_srv_req_msg_t *req_msg, uint32_t cmd_id, uint32_t sndr_taskid,
475 const TEE_UUID *sndr_uuid, perm_srv_reply_msg_t *rsp)
476 {
477 TEE_Result ret = TEE_ERROR_INVALID_CMD;
478 uint32_t i;
479
480 /* Main thread cannot receive synchronization messages sent by gtask to avoid deadlock. */
481 for (i = 0; i < g_main_thread_cmd_num; i++) {
482 if (cmd_id != g_main_thread_cmd_tbl[i].cmd)
483 continue;
484 ret = g_main_thread_cmd_tbl[i].func(req_msg, sndr_taskid, sndr_uuid, rsp);
485 break;
486 }
487 if (i >= g_main_thread_cmd_num)
488 tloge("not support the cmd id 0x%x\n", cmd_id);
489
490 if (ret != TEE_SUCCESS)
491 tloge("handle msg cmd fail 0x%x\n", ret);
492
493 return ret;
494 }
495
perm_thread_handle_main_msg(const perm_srv_req_msg_t * req_msg,uint32_t sndr_taskid,const TEE_UUID * sndr_uuid,uint16_t msg_type,cref_t msghdl)496 static void perm_thread_handle_main_msg(const perm_srv_req_msg_t *req_msg, uint32_t sndr_taskid,
497 const TEE_UUID *sndr_uuid, uint16_t msg_type, cref_t msghdl)
498 {
499 uint32_t cmd_id = req_msg->header.send.msg_id;
500 perm_srv_reply_msg_t rsp;
501 TEE_Result ret;
502
503 (void)memset_s(&rsp, sizeof(rsp), 0, sizeof(rsp));
504
505 ret = handle_main_thread_msg_cmd(req_msg, cmd_id, sndr_taskid, sndr_uuid, &rsp);
506 if (ret != TEE_SUCCESS)
507 tlogd("handle main msg cmd fail 0x%x\n", ret);
508 if (msg_type == MSG_TYPE_CALL) {
509 if (ipc_msg_reply(msghdl, &rsp, sizeof(rsp)) != 0) {
510 tloge("reply error\n");
511 return;
512 }
513 }
514 }
515
516 #define TEE_TASK_EXIT (-1)
create_subthreads(void)517 static void create_subthreads(void)
518 {
519 /*
520 * File thread can process messages from TAs, except for gtask synchronization messages.
521 * The reason for naming is that this thread currently mainly handles file operations.
522 */
523 if (perm_srv_create_rw_thread(perm_thread_init_file, NULL, NULL, 0) != TEE_SUCCESS) {
524 tloge("file opt thread created fail\n");
525 exit(TEE_TASK_EXIT);
526 }
527
528 /*
529 * Async_file thread can only process asynchronous messages from gtask.
530 * The reason for naming is that this thread currently mainly handles asynchronous file operations.
531 */
532 if (perm_srv_create_rw_thread(perm_thread_init_async_file, NULL, NULL, 0) != TEE_SUCCESS) {
533 tloge("async file opt thread created fail\n");
534 exit(TEE_TASK_EXIT);
535 }
536 }
537
tee_task_entry(int32_t init_build)538 __attribute__((visibility("default"))) void tee_task_entry(int32_t init_build)
539 {
540 perm_srv_req_msg_t req_msg;
541 uint32_t sender_taskid = 0;
542 spawn_uuid_t sender_uuid;
543 int32_t ret;
544
545 (void)memset_s(&req_msg, sizeof(req_msg), 0, sizeof(req_msg));
546 cref_t native_channel = 0;
547 struct src_msginfo info = { 0 };
548 cref_t msghdl;
549
550 if (init_build == 0)
551 clear_ta_bss();
552
553 msghdl = ipc_get_my_msghdl();
554 if (!check_ref_valid(msghdl)) {
555 tloge("Cannot create msg_hdl, %x\n", (int32_t)msghdl);
556 exit((int32_t)msghdl);
557 }
558
559 if (ipc_create_channel_native(CERT_PATH, &native_channel) != 0) {
560 tloge("create main thread native channel failed\n");
561 exit(TEE_TASK_EXIT);
562 }
563
564 create_subthreads();
565
566 while (true) {
567 ret = ipc_msg_receive(native_channel, &req_msg, sizeof(req_msg), msghdl, &info, -1);
568 if (ret < 0) {
569 tloge("%s: message receive failed, %llx\n", LOG_TAG, ret);
570 continue;
571 }
572
573 if (info.src_pid == 0)
574 sender_taskid = GLOBAL_HANDLE;
575 else
576 sender_taskid = (uint32_t)pid_to_taskid(info.src_tid, info.src_pid);
577
578 (void)memset_s(&sender_uuid, sizeof(sender_uuid), 0, sizeof(sender_uuid));
579 if (getuuid((pid_t)info.src_pid, &sender_uuid) != 0)
580 tloge("get uuid failed\n");
581
582 perm_thread_handle_main_msg(&req_msg, sender_taskid, &sender_uuid.uuid, info.msg_type, msghdl);
583 }
584 tloge("permission service abort\n");
585 }
586