Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Commit 40cb5f52 authored by Vamsi Krishna Gattupalli's avatar Vamsi Krishna Gattupalli
Browse files

msm: ADSPRPC: Restrict untrusted applications from attaching to GuestOS 



Untrusted application can attach to guestOS and staticPD if it can
somehow make INIT IOCTL call with ATTACH flag. This is a potential
security issue as the untrusted application can crash guestOS or
staticPD. Restrict attach to guestOS or staticPD request if request
is being made using non-secure device node.

Change-Id: I322c7b242fd0baaf1c1bce2d83b992fecb0ca593
Acked-by: default avatarEkansh Gupta <ekangupt@qti.qualcomm.com>
Signed-off-by: default avatarVamsi Krishna Gattupalli <quic_vgattupa@quicinc.com>
parent 3e7bb833

drivers/char/adsprpc.c

+13 −0
Original line number Diff line number Diff line
@@ -2543,6 +2543,12 @@ static int fastrpc_init_process(struct fastrpc_file *fl, 
		remote_arg_t ra[1];

		int tgid = fl->tgid;



		if (fl->dev_minor == MINOR_NUM_DEV) {

			err = -ECONNREFUSED;

			pr_err("adsprpc: %s: untrusted app trying to attach to privileged DSP PD\n",

				__func__);

			return err;

		}

		ra[0].buf.pv = (void *)&tgid;

		ra[0].buf.len = sizeof(tgid);

		ioctl.inv.handle = FASTRPC_STATIC_HANDLE_PROCESS_GROUP;
@@ -2683,6 +2689,13 @@ static int fastrpc_init_process(struct fastrpc_file *fl, 
			unsigned int pageslen;

		} inbuf;



		if (fl->dev_minor == MINOR_NUM_DEV) {

			err = -ECONNREFUSED;

			pr_err("adsprpc: %s: untrusted app trying to attach to audio PD\n",

				__func__);

			return err;

		}



		if (!init->filelen)

			goto bail;