msm: ADSPRPC: Restrict untrusted applications from attaching to GuestOS (ccb839ea) · Commits · e / devices / android_kernel_fairphone_FP5

Untrusted application can attach to guestOS and staticPD if it can somehow make INIT IOCTL call with ATTACH flag. This is a potential security issue as the untrusted application can crash guestOS or staticPD. Restrict attach to guestOS or staticPD request if request is being made using non-secure device node. Change-Id: I322c7b242fd0baaf1c1bce2d83b992fecb0ca593 Acked-by:

Ekansh Gupta <ekangupt@qti.qualcomm.com> Signed-off-by:

Vamsi Krishna Gattupalli <quic_vgattupa@quicinc.com>

drivers/char/adsprpc.c

+13 −0

Original line number	Diff line number	Diff line
		@@ -3637,6 +3637,12 @@ static int fastrpc_init_attach_process(struct fastrpc_file *fl,
		remote_arg_t ra[1];
		struct fastrpc_ioctl_invoke_async ioctl;

		if (fl->dev_minor == MINOR_NUM_DEV) {
		err = -ECONNREFUSED;
		ADSPRPC_ERR(
		"untrusted app trying to attach to privileged DSP PD\n");
		return err;
		}
		/*
		* Prepare remote arguments for creating thread group
		* in guestOS/staticPD on the remote subsystem.
		@@ -3911,6 +3917,13 @@ static int fastrpc_init_create_static_process(struct fastrpc_file *fl,
		unsigned int pageslen;
		} inbuf;

		if (fl->dev_minor == MINOR_NUM_DEV) {
		err = -ECONNREFUSED;
		ADSPRPC_ERR(
		"untrusted app trying to attach to audio PD\n");
		return err;
		}

		if (!init->filelen)
		goto bail;