diff options
| author | Florian Mayer <fmayer@google.com> | 2022-07-27 14:52:29 -0700 |
|---|---|---|
| committer | Florian Mayer <fmayer@google.com> | 2022-08-01 16:09:26 -0700 |
| commit | 965e509113bd593ff6792301d8567d9e66e0ab3b (patch) | |
| tree | 03ece99c91f5335efea6a72942f665dd54235f8c /mtectrl | |
| parent | 86bbe649362e49b600af8211c53f27552000aec5 (diff) | |
| download | extras-965e509113bd593ff6792301d8567d9e66e0ab3b.tar.gz | |
[MTE] Support device_config override in mtectrl.
Bug: 235129567
Change-Id: I1afde08dfb6a9c8b8127bf84daebd8f88a865741
Diffstat (limited to 'mtectrl')
| -rw-r--r-- | mtectrl/mtectrl.cc | 56 | ||||
| -rw-r--r-- | mtectrl/mtectrl.rc | 5 |
2 files changed, 48 insertions, 13 deletions
diff --git a/mtectrl/mtectrl.cc b/mtectrl/mtectrl.cc index 118c71c7..eefc1588 100644 --- a/mtectrl/mtectrl.cc +++ b/mtectrl/mtectrl.cc @@ -21,15 +21,16 @@ #include <iostream> int main(int argc, char** argv) { - if (argc != 2) { - std::cerr - << "Usage: " << argv[0] - << " none|memtag|memtag-once|memtag-kernel|memtag-kernel-once[,...]\n"; - return 1; - } + if (argc != 2 && argc != 3) { + std::cerr << "Usage: " << argv[0] + << " none|memtag|memtag-once|memtag-kernel|memtag-kernel-once[,.." + ".] [default|force_on|force_off]\n"; + return 1; + } std::string value = argv[1]; misc_memtag_message m = {.version = MISC_MEMTAG_MESSAGE_VERSION, .magic = MISC_MEMTAG_MAGIC_HEADER}; + bool valid_value = true; for (const auto& field : android::base::Split(value, ",")) { if (field == "memtag") { m.memtag_mode |= MISC_MEMTAG_MODE_MEMTAG; @@ -42,17 +43,48 @@ int main(int argc, char** argv) { } else if (field == "memtag-off") { m.memtag_mode |= MISC_MEMTAG_MODE_MEMTAG_OFF; } else if (field != "none") { - LOG(ERROR) << "Unknown value for arm64.memtag.bootctl: " << field; - return 1; + LOG(ERROR) << "Unknown value for mode: " << field; + valid_value = false; + m = {.version = MISC_MEMTAG_MESSAGE_VERSION, .magic = MISC_MEMTAG_MAGIC_HEADER}; + break; } } + bool valid_override = true; + std::string override_value; + if (argc == 3) { + override_value = argv[2]; + } + if (override_value == "force_off") { + // If the force_off override is active, only allow MEMTAG_MODE_MEMTAG_ONCE. + m.memtag_mode |= MISC_MEMTAG_MODE_MEMTAG_OFF; + m.memtag_mode &= ~MISC_MEMTAG_MODE_MEMTAG; + } else if (override_value == "force_on") { + m.memtag_mode |= MISC_MEMTAG_MODE_MEMTAG; + m.memtag_mode &= ~MISC_MEMTAG_MODE_MEMTAG_OFF; + } else if (!override_value.empty() && override_value != "default") { + LOG(ERROR) << "Unknown value for override: " << override_value; + valid_override = false; + } + if (!valid_value && !valid_override) { + return 1; + } std::string err; if (!WriteMiscMemtagMessage(m, &err)) { - LOG(ERROR) << "Failed to apply arm64.memtag.bootctl: " << value << ". " - << err; + LOG(ERROR) << "Failed to apply mode: " << value << ", override: " << override_value << err; return 1; } else { - LOG(INFO) << "Applied arm64.memtag.bootctl: " << value; - return 0; + const char* parse_error = ""; + const char* verb = "Applied"; + if (!valid_value) { + parse_error = " (invalid mode)"; + verb = "Partially applied"; + } else if (!valid_override) { + // else if because we bail out if both are false above. + parse_error = " (invalid override)"; + verb = "Partially applied"; + } + LOG(INFO) << verb << " mode: " << value << ", " + << "override: " << override_value << parse_error; + return !valid_value || !valid_override; } } diff --git a/mtectrl/mtectrl.rc b/mtectrl/mtectrl.rc index de042376..05bdaa23 100644 --- a/mtectrl/mtectrl.rc +++ b/mtectrl/mtectrl.rc @@ -13,4 +13,7 @@ # limitations under the License. on property:arm64.memtag.bootctl=* - exec -- /system/bin/mtectrl ${arm64.memtag.bootctl} + exec -- /system/bin/mtectrl ${arm64.memtag.bootctl:-none} ${persist.device_config.memory_safety_native.bootloader_override:-default} + +on property:persist.device_config.memory_safety_native.bootloader_override=* + exec -- /system/bin/mtectrl ${arm64.memtag.bootctl:-none} ${persist.device_config.memory_safety_native.bootloader_override:-default} |