diff options
-rw-r--r-- | domx/omx_core/Android.mk | 2 | ||||
-rwxr-xr-x | domx/omx_core/src/OMX_Core.c | 53 | ||||
-rw-r--r-- | domx/omx_proxy_component/omx_video_dec/src/omx_proxy_videodec_secure.c | 81 |
3 files changed, 86 insertions, 50 deletions
diff --git a/domx/omx_core/Android.mk b/domx/omx_core/Android.mk index 072b81b..1c217b3 100644 --- a/domx/omx_core/Android.mk +++ b/domx/omx_core/Android.mk @@ -15,7 +15,7 @@ LOCAL_SHARED_LIBRARIES := \ liblog \ libmm_osal -LOCAL_CFLAGS += -DSTATIC_TABLE -D_Android +LOCAL_CFLAGS += -DSTATIC_TABLE -D_Android -DCHECK_SECURE_STATE LOCAL_MODULE:= libOMX_Core LOCAL_MODULE_TAGS:= optional include $(BUILD_HEAPTRACKED_SHARED_LIBRARY) diff --git a/domx/omx_core/src/OMX_Core.c b/domx/omx_core/src/OMX_Core.c index 8c2fb15..d585ac5 100755 --- a/domx/omx_core/src/OMX_Core.c +++ b/domx/omx_core/src/OMX_Core.c @@ -47,6 +47,12 @@ #include "timm_osal_trace.h" #include "timm_osal_mutex.h" +#ifdef CHECK_SECURE_STATE +#include <sys/ioctl.h> +#include <errno.h> +#include <fcntl.h> +#endif + /** size for the array of allocated components. Sets the maximum * number of components that can be allocated at once */ #define MAXCOMP (50) @@ -100,7 +106,6 @@ char *tComponentName[MAXCOMP][MAX_ROLES] = { //AD extern OMX_ERRORTYPE OMX_ComponentInit(OMX_HANDLETYPE hComponent); - #define CORE_assert CORE_paramCheck #define CORE_require CORE_paramCheck #define CORE_ensure CORE_paramCheck @@ -113,9 +118,6 @@ extern OMX_ERRORTYPE OMX_ComponentInit(OMX_HANDLETYPE hComponent); goto EXIT; }\ } while(0) -OMX_U32 DUCATI_IN_SECURE_MODE = 0; -OMX_U32 SECURE_COMPONENTS_RUNNING = 0; - /******************************Public*Routine******************************\ * OMX_Init() * @@ -189,6 +191,10 @@ OMX_ERRORTYPE OMX_GetHandle(OMX_HANDLETYPE * pHandle, char buf[sizeof(prefix) + MAXNAMESIZE + sizeof(postfix)]; const char *pErr = dlerror(); char *dlError = NULL; +#ifdef CHECK_SECURE_STATE + int secure_misc_drv_fd,ret; + OMX_U8 mode, enable=1; +#endif if (pthread_mutex_lock(&mutex) != 0) { TIMM_OSAL_Error("Core: Error in Mutex lock"); @@ -231,15 +237,40 @@ OMX_ERRORTYPE OMX_GetHandle(OMX_HANDLETYPE * pHandle, strcat(buf, cComponentName); /* checked already, so strcpy and strcat are */ strcat(buf, postfix); /* are safe to use in this context. */ - if(DUCATI_IN_SECURE_MODE == 1) +#ifdef CHECK_SECURE_STATE + //Dont return errors from misc driver to the user if any. + //Since this affects all usecases, secure and non-secure. + //Do log the errors though. + secure_misc_drv_fd = open("/dev/rproc_user", O_SYNC | O_RDONLY); + if (secure_misc_drv_fd < 0) { - if(strstr(cComponentName,"secure") == NULL) - { - TIMM_OSAL_Error("non-secure component not supported in secure mode"); - eError = OMX_ErrorComponentNotFound; - goto EXIT; - } + TIMM_OSAL_Error("Can't open misc driver device 0x%x\n", errno); } + + ret = read(secure_misc_drv_fd, &mode, sizeof(mode)); + if (ret < 0) + { + TIMM_OSAL_Error("Can't read from the misc driver"); + } + if(mode == enable && strstr(cComponentName,"secure") == NULL) + { + TIMM_OSAL_Error("non-secure component not supported in secure mode"); + eError = OMX_ErrorComponentNotFound; + } + ret = close(secure_misc_drv_fd); + if (ret < 0) + { + TIMM_OSAL_Error("Can't close the misc driver"); + } + //Dont allow non-secure usecases if we are in secure state. + //Else some of the memory regions will be unexpected firewalled. + //This provides a clean exit in case we are in secure mode. + if(eError == OMX_ErrorComponentNotFound) + { + goto EXIT; + } +#endif + //#if 0 pModules[i] = dlopen(buf, RTLD_LAZY | RTLD_GLOBAL); if (pModules[i] == NULL) diff --git a/domx/omx_proxy_component/omx_video_dec/src/omx_proxy_videodec_secure.c b/domx/omx_proxy_component/omx_video_dec/src/omx_proxy_videodec_secure.c index f0db1f5..667a8d8 100644 --- a/domx/omx_proxy_component/omx_video_dec/src/omx_proxy_videodec_secure.c +++ b/domx/omx_proxy_component/omx_video_dec/src/omx_proxy_videodec_secure.c @@ -21,7 +21,8 @@ OMX_ERRORTYPE OMX_ComponentInit(OMX_HANDLETYPE hComponent) OMX_ERRORTYPE eError = OMX_ErrorNone; OMX_COMPONENTTYPE *pHandle = NULL; PROXY_COMPONENT_PRIVATE *pComponentPrivate = NULL; - OMX_U8 enable = 1, mode; + const OMX_U8 enable = 1, disable = 0; + OMX_U8 mode; int ret; pHandle = (OMX_COMPONENTTYPE *) hComponent; @@ -60,30 +61,35 @@ OMX_ERRORTYPE OMX_ComponentInit(OMX_HANDLETYPE hComponent) TIMM_OSAL_Memcpy(pComponentPrivate->cCompName, COMPONENT_NAME, strlen(COMPONENT_NAME) + 1); - if(DUCATI_IN_SECURE_MODE == 0) + pComponentPrivate->secure_misc_drv_fd = open("/dev/rproc_user", O_SYNC | O_RDWR); + if (pComponentPrivate->secure_misc_drv_fd < 0) { - DUCATI_IN_SECURE_MODE = 1; - pComponentPrivate->secure_misc_drv_fd = open("/dev/rproc_user", O_SYNC | O_RDWR); - if (pComponentPrivate->secure_misc_drv_fd < 0) - { - DOMX_ERROR("Can't open rproc_user device 0x%x\n", errno); - return OMX_ErrorInsufficientResources; - } - - ret = write(pComponentPrivate->secure_misc_drv_fd, &enable, sizeof(enable)); - if(ret != 1) - { - DOMX_ERROR("errno from setting secure mode = %x",errno); - } - PROXY_assert(ret == 1, OMX_ErrorUndefined,"ERROR: Unable to set secure mode"); - DOMX_DEBUG("ret value from Misc driver for secure playback = 0x%x\n", ret); - - ret = read(pComponentPrivate->secure_misc_drv_fd, &mode, sizeof(mode)); - PROXY_assert(mode == enable, OMX_ErrorUndefined,"ERROR: We are not in secure mode"); - DOMX_DEBUG("secure mode recieved from Misc driver for secure playback = 0x%x\n", mode); + DOMX_ERROR("Can't open rproc_user device 0x%x\n", errno); + return OMX_ErrorInsufficientResources; } - SECURE_COMPONENTS_RUNNING++; + ret = write(pComponentPrivate->secure_misc_drv_fd, &enable, sizeof(enable)); + if(ret != 1) + { + DOMX_ERROR("errno from setting secure mode = %x",errno); + ret = write(pComponentPrivate->secure_misc_drv_fd, &disable, sizeof(disable)); + if (ret < 0) + { + DOMX_ERROR("Setting unsecure mode failed"); + } + + ret = close(pComponentPrivate->secure_misc_drv_fd); + if (ret < 0) + { + DOMX_ERROR("Can't close the driver"); + } + eError = OMX_ErrorInsufficientResources; + goto EXIT; + } + + ret = read(pComponentPrivate->secure_misc_drv_fd, &mode, sizeof(mode)); + PROXY_assert(mode == enable, OMX_ErrorUndefined,"ERROR: We are not in secure mode"); + DOMX_DEBUG("secure mode recieved from Misc driver for secure playback = 0x%x\n", mode); eError = OMX_ProxyViddecInit(hComponent); pHandle->ComponentDeInit = PROXY_VIDDEC_Secure_ComponentDeInit; @@ -93,6 +99,11 @@ OMX_ERRORTYPE OMX_ComponentInit(OMX_HANDLETYPE hComponent) pComponentPrivate->bMapIonBuffers = OMX_FALSE; #endif EXIT: + if(eError != OMX_ErrorNone) + { + TIMM_OSAL_Free(pHandle->pComponentPrivate); + pHandle->pComponentPrivate = NULL; + } return eError; } @@ -102,7 +113,7 @@ OMX_ERRORTYPE PROXY_VIDDEC_Secure_ComponentDeInit(OMX_HANDLETYPE hComponent) OMX_COMPONENTTYPE *pHandle = NULL; PROXY_COMPONENT_PRIVATE *pComponentPrivate = NULL; int ret; - OMX_U8 disable = 0; + const OMX_U8 disable = 0; int secure_misc_drv_fd; pHandle = (OMX_COMPONENTTYPE *) hComponent; @@ -119,23 +130,17 @@ OMX_ERRORTYPE PROXY_VIDDEC_Secure_ComponentDeInit(OMX_HANDLETYPE hComponent) } pComponentPrivate = NULL; - if(DUCATI_IN_SECURE_MODE == 1 && SECURE_COMPONENTS_RUNNING == 1) + ret = write(secure_misc_drv_fd, &disable, sizeof(disable)); + if (ret < 0) { - ret = write(secure_misc_drv_fd, &disable, sizeof(disable)); - if (ret < 0) - { - DOMX_ERROR("Setting unsecure mode failed"); - } - - ret = close(secure_misc_drv_fd); - if (ret < 0) - { - DOMX_ERROR("Can't close the driver"); - } - DUCATI_IN_SECURE_MODE = 0; - } + DOMX_ERROR("Setting unsecure mode failed"); + } - SECURE_COMPONENTS_RUNNING--; + ret = close(secure_misc_drv_fd); + if (ret < 0) + { + DOMX_ERROR("Can't close the driver"); + } return eError; } |