1 /* 2 * Copyright (C) 2022 The Android Open Source Project 3 * 4 * Licensed under the Apache License, Version 2.0 (the "License"); 5 * you may not use this file except in compliance with the License. 6 * You may obtain a copy of the License at 7 * 8 * http://www.apache.org/licenses/LICENSE-2.0 9 * 10 * Unless required by applicable law or agreed to in writing, software 11 * distributed under the License is distributed on an "AS IS" BASIS, 12 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 * See the License for the specific language governing permissions and 14 * limitations under the License. 15 */ 16 17 #pragma once 18 19 #include <lk/compiler.h> 20 #include <stdbool.h> 21 #include <stdint.h> 22 #include <uapi/trusty_uuid.h> 23 24 __BEGIN_CDECLS 25 26 /** 27 * struct manifest_extracts - a subset of the manifest, that may 28 * influence if app loading is allowed 29 * @uuid: The UUID of the app. 30 * @non_critical_app: Whether the app manifest opted-in to 31 * NON_CRITICAL_APP. 32 * @version: Application version 33 * @min_version: Application minimum future loadable version. 34 * @requires_encryption: Whether the app manifest indicated that the ELF image 35 * must be protected by encryption. 36 */ 37 struct manifest_extracts { 38 uuid_t uuid; 39 bool non_critical_app; 40 uint32_t version; 41 uint32_t min_version; 42 bool requires_encryption; 43 }; 44 45 /** 46 * struct apploader_policy_data - Data about the application and package which 47 * can be used to determine loading eligability. 48 * @manifest_extracts: Extracts from the application package manifest. 49 * @public_key: Pointer to the application package public key. 50 * @public_key_size: Byte length of the public_key. 51 * @app_stored_version: Version of the application from storage for 52 * rollback protection. 53 * @force_store_min_version: If true, the min_verion should be written to 54 * storage, allowing overriding of anti-rollback. 55 */ 56 struct apploader_policy_data { 57 struct manifest_extracts manifest_extracts; 58 const uint8_t* public_key; 59 unsigned int public_key_size; 60 uint32_t app_stored_version; 61 bool force_store_min_version; 62 }; 63 64 /** 65 * apploader_policy_engine_get_key() - Retrieves the public key indexed 66 * by the key ID, if policy permits. 67 * @kid: Key ID. 68 * @public_key_ptr: Public key in DER encoding will be stored here, if 69 * retrieval is successful. If the call is successful, 70 * the caller should call apploader_policy_engine_put_key() 71 * on @public_key_ptr to dispose of the key. 72 * @public_key_size_ptr: The size of the public key will be stored here, if 73 * retrieval is successful. 74 * 75 * Returns: NO_ERROR if key retrieval is successful, assorted error codes 76 * otherwise. 77 */ 78 int apploader_policy_engine_get_key(uint8_t kid, 79 const uint8_t** public_key_ptr, 80 unsigned int* public_key_size_ptr); 81 82 /** 83 * apploader_policy_engine_put_key() - Dispose of a key that was returned 84 * by apploader_policy_engine_get_key(). 85 * @public_key_ptr: The public key that was returned by a successful call 86 * to apploader_policy_engine_get_key(). 87 */ 88 void apploader_policy_engine_put_key(const uint8_t* public_key_ptr); 89 90 /** 91 * apploader_policy_engine_validate() - Check if app loading is allowed 92 * when using the specified apploader 93 * policy data fields which includes 94 * public key, UUID, 95 * NON_CRITICAL_APP and version fields. 96 * @data: Information about the application on which loading decisions maybe 97 * made. 98 * 99 * Note this function may modify some aspects of policy_data to alter 100 * later loading behaviour e.g. force_store_min_version. 101 * 102 * Forcing an update of the application version does not override the system 103 * state server i.e. system_state_app_loading_skip_version_check() and 104 * system_state_app_loading_skip_version_update(). 105 * 106 * Returns: true if app loading is allowed, false otherwise. 107 */ 108 bool apploader_policy_engine_validate(struct apploader_policy_data* data); 109 110 __END_CDECLS 111