SSI-87: soc: imx: secvio: Report to audit FW all security violations

Report to audit framework in case a secure violation is reported to the driver. Signed-off-by: Franck LENORMAND <franck.lenormand@nxp.com>
2019-12-05 14:51:09 +01:00 · 2019-12-05 14:51:09 +01:00 · 9e2b6dacf5
parent 53dca82ef1
commit 9e2b6dacf5
4 changed files with 60 additions and 0 deletions
--- a/drivers/soc/imx/secvio/Makefile
+++ b/drivers/soc/imx/secvio/Makefile
@ -1,2 +1,3 @@
 obj-y +=  imx-secvio-sc.o
 obj-$(CONFIG_DEBUG_FS) += imx-secvio-debugfs.o
+obj-$(CONFIG_AUDIT) += imx-secvio-audit.o
--- a/drivers/soc/imx/secvio/imx-secvio-audit.c
+++ b/drivers/soc/imx/secvio/imx-secvio-audit.c
@ -0,0 +1,31 @@
+// SPDX-License-Identifier: GPL-2.0
+/*
+ * Copyright 2019 NXP
+ *
+ */
+
+#include <linux/audit.h>
+
+#include <soc/imx/imx-secvio-sc.h>
+
+int report_to_audit_notify(struct notifier_block *nb, unsigned long status,
+			   void *notif_info)
+{
+	int ret = 0;
+	struct audit_buffer *ab;
+	struct secvio_sc_notifier_info *info = notif_info;
+
+	ab = audit_log_start(audit_context(), GFP_KERNEL, AUDIT_INTEGRITY_RULE);
+	if (!ab) {
+		ret = -ENOMEM;
+		goto exit;
+	}
+
+	audit_log_format(ab, " hpsvs=0x%.08x lps=0x%.08x lptds=0x%.08x",
+			 info->hpsvs, info->lps, info->lptds);
+	audit_log_task_info(ab);
+	audit_log_end(ab);
+
+exit:
+	return ret;
+}
--- a/drivers/soc/imx/secvio/imx-secvio-sc-int.h
+++ b/drivers/soc/imx/secvio/imx-secvio-sc-int.h
@ -25,6 +25,7 @@ struct imx_secvio_sc_data {

 	struct notifier_block irq_nb;
 	struct notifier_block report_nb;
+	struct notifier_block audit_nb;

 	struct nvmem_device *nvmem;

@ -67,4 +68,16 @@ int imx_secvio_sc_debugfs(struct device *dev)
 }
 #endif /* CONFIG_DEBUG_FS */

+#ifdef CONFIG_AUDIT
+int report_to_audit_notify(struct notifier_block *nb, unsigned long status,
+			   void *notif_info);
+#else /* CONFIG_AUDIT */
+static inline
+int report_to_audit_notify(struct notifier_block *nb, unsigned long status,
+			   void *notif_info)
+{
+	return 0;
+}
+#endif /* CONFIG_AUDIT */
+
 #endif /* SECVIO_SC_H */
--- a/drivers/soc/imx/secvio/imx-secvio-sc.c
+++ b/drivers/soc/imx/secvio/imx-secvio-sc.c
@ -590,6 +590,21 @@ static int imx_secvio_sc_setup(struct device *dev)
 		goto clean;
 	}

+	/* Register the notification to report to audit FW */
+	data->audit_nb.notifier_call = report_to_audit_notify;
+	ret = register_imx_secvio_sc_notifier(&data->audit_nb);
+	if (ret) {
+		dev_err(dev, "Failed to register report audit handler\n");
+		goto clean;
+	}
+
+	ret = devm_add_action(dev, if_unregister_imx_secvio_sc_notifier,
+				   &data->audit_nb);
+	if (ret) {
+		dev_err(dev, "Failed to add action to remove audit notif\n");
+		goto clean;
+	}
+
 	/* Register misc device for IOCTL */
 	data->miscdev.name = devm_kstrdup(dev, "secvio-sc", GFP_KERNEL);
 	data->miscdev.minor = MISC_DYNAMIC_MINOR;