src/devices/bin/driver_manager/driver_host_loader_service.cc - fuchsia - Git at Google

 // Copyright 2019 The Fuchsia Authors. All rights reserved.
 // Use of this source code is governed by a BSD-style license that can be
 // found in the LICENSE file.

 #include "src/devices/bin/driver_manager/driver_host_loader_service.h"

 #include <zircon/errors.h>

 #include "src/devices/lib/log/log.h"
 #include "src/lib/files/path.h"

 namespace driver_manager {
 namespace {

 // TODO(https://fxbug.dev/42155836): Read this list from a config file instead of having an array.
 constexpr std::array kDriverAllowlist{
     "libasync-default.so",
     "libclang_rt.asan.so",
     "libclang_rt.hwasan.so",
     "libcrypto.so",
     "libc.so",
     "libdriver_runtime.so",
     "libfdio.so",
     "libssl.so",
     "libsyslog.so",
     "libtrace-engine.so",
     "libbackend_fuchsia_globals.so",
     "libzircon.so",
     "libtee-client-api.so",
     "ld.so.1",
     "libc++.so.2",
     "libc++abi.so.1",
     "libunwind.so.1",
     "libsvc.so",
     "libvfs_internal.so",
 };

 // Check if the driver is in the allowlist.
 bool InAllowlist(std::string path) {
   // path may have multiple path components, e.g. if loading the asan variant of a library, and
   // these should be allowed as long as the library name is in the allowlist.
   std::string base = files::GetBaseName(path);
   for (const char* entry : kDriverAllowlist) {
     if (base == entry) {
       return true;
     }
   }

   LOGF(ERROR, "Driver-Loader: %s: Not in allowlist", path.c_str());
   return false;
 }

 }  // namespace

 // static
 std::shared_ptr<DriverHostLoaderService> DriverHostLoaderService::Create(
     async_dispatcher_t* dispatcher, fbl::unique_fd lib_fd, std::string name) {
   // Can't use make_shared because constructor is private
   return std::shared_ptr<DriverHostLoaderService>(
       new DriverHostLoaderService(dispatcher, std::move(lib_fd), std::move(name)));
 }

 zx::result<zx::vmo> DriverHostLoaderService::LoadObjectImpl(std::string path) {
   if (!InAllowlist(path)) {
     return zx::error(ZX_ERR_ACCESS_DENIED);
   }
   return LoaderService::LoadObjectImpl(path);
 }

 }  // namespace driver_manager
	// Copyright 2019 The Fuchsia Authors. All rights reserved.
	// Use of this source code is governed by a BSD-style license that can be
	// found in the LICENSE file.

	#include "src/devices/bin/driver_manager/driver_host_loader_service.h"

	#include <zircon/errors.h>

	#include "src/devices/lib/log/log.h"
	#include "src/lib/files/path.h"

	namespace driver_manager {
	namespace {

	// TODO(https://fxbug.dev/42155836): Read this list from a config file instead of having an array.
	constexpr std::array kDriverAllowlist{
	"libasync-default.so",
	"libclang_rt.asan.so",
	"libclang_rt.hwasan.so",
	"libcrypto.so",
	"libc.so",
	"libdriver_runtime.so",
	"libfdio.so",
	"libssl.so",
	"libsyslog.so",
	"libtrace-engine.so",
	"libbackend_fuchsia_globals.so",
	"libzircon.so",
	"libtee-client-api.so",
	"ld.so.1",
	"libc++.so.2",
	"libc++abi.so.1",
	"libunwind.so.1",
	"libsvc.so",
	"libvfs_internal.so",
	};

	// Check if the driver is in the allowlist.
	bool InAllowlist(std::string path) {
	// path may have multiple path components, e.g. if loading the asan variant of a library, and
	// these should be allowed as long as the library name is in the allowlist.
	std::string base = files::GetBaseName(path);
	for (const char* entry : kDriverAllowlist) {
	if (base == entry) {
	return true;
	}
	}

	LOGF(ERROR, "Driver-Loader: %s: Not in allowlist", path.c_str());
	return false;
	}

	} // namespace

	// static
	std::shared_ptr<DriverHostLoaderService> DriverHostLoaderService::Create(
	async_dispatcher_t* dispatcher, fbl::unique_fd lib_fd, std::string name) {
	// Can't use make_shared because constructor is private
	return std::shared_ptr<DriverHostLoaderService>(
	new DriverHostLoaderService(dispatcher, std::move(lib_fd), std::move(name)));
	}

	zx::result<zx::vmo> DriverHostLoaderService::LoadObjectImpl(std::string path) {
	if (!InAllowlist(path)) {
	return zx::error(ZX_ERR_ACCESS_DENIED);
	}
	return LoaderService::LoadObjectImpl(path);
	}

	} // namespace driver_manager