Qnx optee

.github/workflows/run_ci_checks.yaml

@@ -0,0 +1,15 @@
+---
+name: Run CI checks
+
+on:
+  pull_request:
+    types: "**"
+    branches: "**"
+  pull_request_review:
+    types: "**"
+    branches: "**"
+jobs:
+  TriggerWorkfows:
+    uses: projectceladon/celadonworkflows/.github/workflows/[email protected]
+    with:
+      EVENT: ${{ toJSON(github.event) }}

Android.mk

@@ -26,10 +26,18 @@ ifeq ($(TARGET_UEFI_ARCH),x86_64)
     KERNELFLINGER_CFLAGS += -DARCH_X86_64=1
 endif
 
+ifeq ($(TARGET_USE_SBL),true)
+    KERNELFLINGER_CFLAGS += -DUSE_SBL
+endif
+
 ifeq ($(TARGET_USE_TRUSTY),true)
     KERNELFLINGER_CFLAGS += -DUSE_TRUSTY
 endif
 
+ifeq ($(TARGET_USE_IVSHMEM),true)
+    KERNELFLINGER_CFLAGS += -DUSE_IVSHMEM
+endif
+
 ifeq ($(TARGET_USE_MULTIBOOT),true)
     KERNELFLINGER_CFLAGS += -DUSE_MULTIBOOT
 endif
@@ -90,7 +98,6 @@ ifneq ($(TARGET_BUILD_VARIANT),user)
 endif
 
 ifneq ($(strip $(KERNELFLINGER_USE_UI)),false)
-    KERNELFLINGER_CFLAGS += -DUSE_UI
 endif
 
 ifeq ($(KERNELFLINGER_OS_SECURE_BOOT),true)
@@ -281,6 +288,7 @@ LOCAL_STATIC_LIBRARIES := \
 	libfastboot-for-installer-$(TARGET_BUILD_VARIANT) \
 	libxbc-$(TARGET_BUILD_VARIANT)
 
+
 ifeq ($(TARGET_USE_TPM),true)
 	SHARED_STATIC_LIBRARIES += libedk2_tpm
 endif
@@ -330,7 +338,9 @@ LOCAL_GENERATED_SOURCES += $(KFINS_AVB_PK_OBJ)
 LOCAL_C_INCLUDES += $(addprefix $(LOCAL_PATH)/,avb)
 LOCAL_STATIC_LIBRARIES += libavb_kernelflinger-$(TARGET_BUILD_VARIANT)
 
+ifneq ($(TARGET_USE_SBL),true)
 include $(BUILD_EFI_EXECUTABLE) # For installer-$(TARGET_BUILD_VARIANT)
+endif
 
 ifeq ($(BOOTLOADER_SLOT), true)
 ifeq ($(BOARD_SLOT_AB_ENABLE),true)
@@ -355,13 +365,11 @@ include $(BUILD_EFI_EXECUTABLE) # For installer-$(TARGET_BUILD_VARIANT)
 endif # BOARD_SLOT_AB_ENABLE
 endif # BOOTLOADER_SLOT
 
-
-
 ifeq ($(KERNELFLINGER_SUPPORT_NON_EFI_BOOT),true)
 
 include $(CLEAR_VARS)
-LOCAL_MODULE := kf4abl-$(TARGET_BUILD_VARIANT)
-LOCAL_MODULE_STEM := kf4abl
+LOCAL_MODULE := kf4sbl-$(TARGET_BUILD_VARIANT)
+LOCAL_MODULE_STEM := kf4sbl
 LOCAL_CFLAGS := $(SHARED_CFLAGS)
 
 ifeq ($(KERNELFLINGER_DISABLE_DEBUG_PRINT),true)
@@ -379,7 +387,8 @@ LOCAL_STATIC_LIBRARIES += \
 	libefiwrapper-$(TARGET_BUILD_VARIANT) \
 	libefiwrapper_drivers-$(TARGET_BUILD_VARIANT) \
 	efiwrapper-$(TARGET_BUILD_VARIANT) \
-	libelfloader-$(TARGET_BUILD_VARIANT)
+	libelfloader-$(TARGET_BUILD_VARIANT) \
+	libxbc-$(TARGET_BUILD_VARIANT)
 
 ifeq ($(TARGET_USE_TRUSTY),true)
     LOCAL_STATIC_LIBRARIES += libqltipc-$(TARGET_BUILD_VARIANT)
@@ -390,8 +399,13 @@ LOCAL_STATIC_LIBRARIES += libavb_kernelflinger-$(TARGET_BUILD_VARIANT)
 ifneq ($(TARGET_BUILD_VARIANT),user)
     LOCAL_STATIC_LIBRARIES += libadb-$(TARGET_BUILD_VARIANT)
 endif
+#Replace kf4sbl.c by kernelflinger.c
 LOCAL_SRC_FILES := \
-	kf4abl.c
+	kernelflinger.c
+
+ifneq ($(TARGET_BUILD_VARIANT),user)
+    LOCAL_SRC_FILES += unittest.c
+endif
 
 ifneq ($(strip $(KERNELFLINGER_USE_UI)),false)
     LOCAL_SRC_FILES += \
@@ -463,16 +477,15 @@ $(ABL_AVB_PK_OBJ): $(ABL_PADDED_AVB_PK)
 LOCAL_GENERATED_SOURCES += $(ABL_AVB_PK_OBJ)
 LOCAL_C_INCLUDES := \
 	$(addprefix $(LOCAL_PATH)/,avb)
-
-LOCAL_C_INCLUDES := \
+LOCAL_C_INCLUDES += \
 	$(addprefix $(LOCAL_PATH)/,libkernelflinger)
-LOCAL_C_INCLUDES := \
+LOCAL_C_INCLUDES += \
 	$(addprefix $(LOCAL_PATH)/,libsslsupport)
-include $(BUILD_ABL_EXECUTABLE)
+include $(BUILD_SBL_EXECUTABLE)
 
 include $(CLEAR_VARS)
-LOCAL_MODULE := fb4abl-$(TARGET_BUILD_VARIANT)
-LOCAL_MODULE_STEM := fb4abl
+LOCAL_MODULE := fb4sbl-$(TARGET_BUILD_VARIANT)
+LOCAL_MODULE_STEM := fb4sbl
 LOCAL_CFLAGS := $(SHARED_CFLAGS)
 
 LOCAL_CFLAGS += -D__FORCE_FASTBOOT
@@ -488,7 +501,8 @@ LOCAL_STATIC_LIBRARIES += \
 	libefiwrapper-$(TARGET_BUILD_VARIANT) \
 	libefiwrapper_drivers-$(TARGET_BUILD_VARIANT) \
 	efiwrapper-$(TARGET_BUILD_VARIANT) \
-	libelfloader-$(TARGET_BUILD_VARIANT)
+	libelfloader-$(TARGET_BUILD_VARIANT) \
+	libxbc-$(TARGET_BUILD_VARIANT)
 
 ifeq ($(TARGET_USE_TRUSTY),true)
     LOCAL_STATIC_LIBRARIES += libqltipc-$(TARGET_BUILD_VARIANT)
@@ -498,26 +512,31 @@ ifneq ($(TARGET_BUILD_VARIANT),user)
     LOCAL_STATIC_LIBRARIES += libadb-$(TARGET_BUILD_VARIANT)
 endif
 LOCAL_STATIC_LIBRARIES += libavb_kernelflinger-$(TARGET_BUILD_VARIANT)
+#reuse kernelflinger.c
 LOCAL_SRC_FILES := \
-	kf4abl.c
+	kernelflinger.c
 
 ifneq ($(strip $(KERNELFLINGER_USE_UI)),false)
     LOCAL_SRC_FILES += \
         ux.c
 endif
 
+ifneq ($(TARGET_BUILD_VARIANT),user)
+    LOCAL_SRC_FILES += unittest.c
+endif
+
 ifeq ($(PRODUCT_SUPPORTS_VERITY),true)
 LOCAL_GENERATED_SOURCES := $(ABL_OEMCERT_OBJ)
 endif
 
 LOCAL_GENERATED_SOURCES += $(ABL_AVB_PK_OBJ)
 LOCAL_C_INCLUDES := \
 	$(addprefix $(LOCAL_PATH)/,avb)
-LOCAL_C_INCLUDES := \
+LOCAL_C_INCLUDES += \
 	$(addprefix $(LOCAL_PATH)/,libkernelflinger)
-LOCAL_C_INCLUDES := \
+LOCAL_C_INCLUDES += \
 	$(addprefix $(LOCAL_PATH)/,libsslsupport)
-include $(BUILD_ABL_EXECUTABLE)
+include $(BUILD_SBL_EXECUTABLE)
 
 endif  #KERNELFLINGER_SUPPORT_NON_EFI_BOOT
 

avb/Android.mk

@@ -52,7 +52,9 @@ LOCAL_EXPORT_C_INCLUDE_DIRS := $(KERNELFLINGER_LOCAL_PATH)/include
 LOCAL_CFLAGS := $(avb_common_cflags) -DAVB_COMPILATION -Wno-error -DAVB_AB_I_UNDERSTAND_LIBAVB_AB_IS_DEPRECATED
 
 ifneq ($(KERNELFLINGER_DISABLE_DEBUG_PRINT),true)
-    LOCAL_CFLAGS += -DAVB_ENABLE_DEBUG
+    ifeq ($(TARGET_BUILD_VARIANT),userdebug)
+        LOCAL_CFLAGS += -DAVB_ENABLE_DEBUG
+    endif
 endif
 
 ifeq ($(TARGET_USE_TPM),true)
@@ -68,7 +70,6 @@ LOCAL_STATIC_LIBRARIES := \
 	libkernelflinger-$(TARGET_BUILD_VARIANT)
 
 ifneq ($(strip $(KERNELFLINGER_USE_UI)),false)
-    LOCAL_CFLAGS += -DUSE_UI
 endif
 
 LOCAL_SRC_FILES := \

avb/libavb/avb_slot_verify.c

@@ -905,6 +905,10 @@ static AvbSlotVerifyResult load_and_verify_vbmeta(
    */
   descriptors =
       avb_descriptor_get_all(vbmeta_buf, vbmeta_num_read, &num_descriptors);
+  if (!descriptors) {
+      ret = AVB_SLOT_VERIFY_RESULT_ERROR_OOM;
+      goto out;
+  }
   for (n = 0; n < num_descriptors; n++) {
     AvbDescriptor desc;
 

avb/libavb/avb_util.h

@@ -105,6 +105,7 @@ extern "C" {
 /* Prints out a message. This is typically used if a runtime-error
  * occurs.
  */
+#ifdef AVB_ENABLE_DEBUG
 #define avb_error(message)              \
   do {                                  \
     avb_printv(avb_basename(__FILE__),  \
@@ -126,6 +127,10 @@ extern "C" {
       avb_printv_ui(message,            \
                ##__VA_ARGS__);          \
   } while (0)
+#else
+#define avb_error(message)
+#define avb_errorv(message, ...)
+#endif
 
 /* Prints out a message and calls avb_abort().
  */

avb/libavb_user/uefi_avb_ops.c

@@ -46,6 +46,7 @@ static AvbIOResult read_from_partition(__attribute__((unused)) AvbOps* ops,
                                        size_t num_bytes,
                                        void* buf,
                                        size_t* out_num_read) {
+  AvbIOResult ret;
   EFI_STATUS efi_ret;
   struct gpt_partition_interface gpart;
   int64_t partition_size;
@@ -65,7 +66,8 @@ static AvbIOResult read_from_partition(__attribute__((unused)) AvbOps* ops,
   efi_ret = gpt_get_partition_by_label(label, &gpart, LOGICAL_UNIT_USER);
   if (EFI_ERROR(efi_ret)) {
     error(L"Partition %s not found", label);
-    return AVB_IO_RESULT_ERROR_NO_SUCH_PARTITION;
+    ret = AVB_IO_RESULT_ERROR_NO_SUCH_PARTITION;
+    goto failed;
   }
 
   partition_size =
@@ -75,7 +77,8 @@ static AvbIOResult read_from_partition(__attribute__((unused)) AvbOps* ops,
   if (offset_from_partition < 0) {
     if ((-offset_from_partition) > partition_size) {
       avb_error("Offset outside range.\n");
-      return AVB_IO_RESULT_ERROR_RANGE_OUTSIDE_PARTITION;
+      ret = AVB_IO_RESULT_ERROR_RANGE_OUTSIDE_PARTITION;
+      goto failed;
     }
     offset_from_partition = partition_size - (-offset_from_partition);
   }
@@ -100,17 +103,23 @@ static AvbIOResult read_from_partition(__attribute__((unused)) AvbOps* ops,
   if (EFI_ERROR(efi_ret)) {
     avb_error("Could not read from Disk.\n");
     *out_num_read = 0;
-    return AVB_IO_RESULT_ERROR_IO;
+    ret = AVB_IO_RESULT_ERROR_IO;
+    goto failed;
   }
-
+  FreePool((VOID *)label);
   return AVB_IO_RESULT_OK;
+
+failed:
+  FreePool((VOID *)label);
+  return ret;
 }
 
 static AvbIOResult write_to_partition(__attribute__((unused)) AvbOps* ops,
                                       const char* partition_name,
                                       int64_t offset_from_partition,
                                       size_t num_bytes,
                                       const void* buf) {
+  AvbIOResult ret;
   EFI_STATUS efi_ret;
   struct gpt_partition_interface gpart;
   uint64_t partition_size;
@@ -128,7 +137,8 @@ static AvbIOResult write_to_partition(__attribute__((unused)) AvbOps* ops,
   efi_ret = gpt_get_partition_by_label(label, &gpart, LOGICAL_UNIT_USER);
   if (EFI_ERROR(efi_ret)) {
     error(L"Partition %s not found", label);
-    return AVB_IO_RESULT_ERROR_NO_SUCH_PARTITION;
+    ret = AVB_IO_RESULT_ERROR_NO_SUCH_PARTITION;
+    goto failed;
   }
 
   partition_size =
@@ -138,7 +148,8 @@ static AvbIOResult write_to_partition(__attribute__((unused)) AvbOps* ops,
   if (offset_from_partition < 0) {
     if ((-offset_from_partition) > (int)partition_size) {
       avb_error("Offset outside range.\n");
-      return AVB_IO_RESULT_ERROR_RANGE_OUTSIDE_PARTITION;
+      ret = AVB_IO_RESULT_ERROR_RANGE_OUTSIDE_PARTITION;
+      goto failed;
     }
     offset_from_partition = partition_size - (-offset_from_partition);
   }
@@ -148,7 +159,8 @@ static AvbIOResult write_to_partition(__attribute__((unused)) AvbOps* ops,
    */
   if (num_bytes > partition_size - offset_from_partition) {
     avb_error("Cannot write beyond partition boundary.\n");
-    return AVB_IO_RESULT_ERROR_RANGE_OUTSIDE_PARTITION;
+    ret = AVB_IO_RESULT_ERROR_RANGE_OUTSIDE_PARTITION;
+    goto failed;
   }
 
   efi_ret = uefi_call_wrapper(
@@ -163,10 +175,15 @@ static AvbIOResult write_to_partition(__attribute__((unused)) AvbOps* ops,
 
   if (EFI_ERROR(efi_ret)) {
     avb_error("Could not write to Disk.\n");
-    return AVB_IO_RESULT_ERROR_IO;
+    ret = AVB_IO_RESULT_ERROR_IO;
+    goto failed;
   }
-
+  FreePool((VOID *)label);
   return AVB_IO_RESULT_OK;
+
+failed:
+  FreePool((VOID *)label);
+  return ret;
 }
 
 static AvbIOResult get_size_of_partition(__attribute__((unused)) AvbOps* ops,
@@ -188,6 +205,7 @@ static AvbIOResult get_size_of_partition(__attribute__((unused)) AvbOps* ops,
   efi_ret = gpt_get_partition_by_label(label, &gpart, LOGICAL_UNIT_USER);
   if (EFI_ERROR(efi_ret)) {
     error(L"Partition %s not found", label);
+    FreePool((VOID *)label);
     return AVB_IO_RESULT_ERROR_NO_SUCH_PARTITION;
   }
 
@@ -198,7 +216,7 @@ static AvbIOResult get_size_of_partition(__attribute__((unused)) AvbOps* ops,
   if (out_size != NULL) {
     *out_size = partition_size;
   }
-
+  FreePool((VOID *)label);
   return AVB_IO_RESULT_OK;
 }
 
@@ -299,6 +317,7 @@ static AvbIOResult get_unique_guid_for_partition(__attribute__((unused)) AvbOps*
                                                  const char* partition,
                                                  char* guid_buf,
                                                  size_t guid_buf_size) {
+  AvbIOResult ret;
   EFI_STATUS efi_ret;
   struct gpt_partition_interface gpart;
   uint8_t * unique_guid;
@@ -318,12 +337,14 @@ static AvbIOResult get_unique_guid_for_partition(__attribute__((unused)) AvbOps*
   efi_ret = gpt_get_partition_by_label(label, &gpart, LOGICAL_UNIT_USER);
   if (EFI_ERROR(efi_ret)) {
     error(L"Partition %s not found", label);
-    return AVB_IO_RESULT_ERROR_IO;
+    ret = AVB_IO_RESULT_ERROR_IO;
+    goto failed;
   }
 
   if (guid_buf_size < 37) {
     avb_error("GUID buffer size too small.\n");
-    return AVB_IO_RESULT_ERROR_IO;
+    ret = AVB_IO_RESULT_ERROR_IO;
+    goto failed;
   }
 
   unique_guid =(uint8_t *)&(gpart.part.unique);
@@ -351,7 +372,13 @@ static AvbIOResult get_unique_guid_for_partition(__attribute__((unused)) AvbOps*
   set_hex(guid_buf + 32, unique_guid[14]);
   set_hex(guid_buf + 34, unique_guid[15]);
   guid_buf[36] = '\0';
+
+  FreePool((VOID *)label);
   return AVB_IO_RESULT_OK;
+
+failed:
+  FreePool((VOID *)label);
+  return ret;
 }
 
 AvbOps* uefi_avb_ops_new(void) {