5.3.3. EwoK permissions

5.3.3.1. General principle

Permissions are statically set at configuration time, before building the firmware, and cannot be updated during the device life-cycle. Each application permission is stored in a .rodata part of the kernel, reducing the risk of any tampering with.

5.3.3.2. Configuring the permissions

Permissions are configured by using two complementary means:

  • The whole permissions, except IPCs, are set using menuconfig
  • IPCs are configured by editing apps/ipc.config and apps/dmashm.config files

5.3.3.2.2. IPCs

Communication permissions are based on two arrays, found in plain-text files:

  • The array in apps/ipc.config is used to set the permissions for using the IPC mechanism
  • The array in apps/dmashm.config is used to set the permissions for using the DMA shared memory mechanism

IPC array is in apps/ipc.config. The sender is on the left column. Setting 1 in a box means that the task on the left is able to send a message using IPCs to the one above:

comment "------ SDIO  USB CRYPTO SMART PIN"
comment "SDIO    [#]  [1]  [ ]   [ ]  [ ]"
comment "USB     [ ]  [#]  [ ]   [ ]  [ ]"
comment "CRYPTO  [ ]  [ ]  [#]   [ ]  [ ]"
comment "SMART   [ ]  [ ]  [ ]   [#]  [ ]"
comment "PIN     [ ]  [ ]  [ ]   [ ]  [#]"

Warning

A task is not allowed to send IPC to itself

DMA shared memory array is in apps/dmashm.config. The “caller” is on the left column. A mark in a box means that the task on the left (the “caller”) is able to share a buffer with another task (the “granted”). The task selected on the right columns are granted to use a buffer in “caller” address space for DMA transfers:

comment "------ SDIO  USB CRYPTO SMART PIN"
comment "SDIO    [#]  [ ]  [ ]   [ ]  [ ]"
comment "USB     [ ]  [#]  [ ]   [ ]  [ ]"
comment "CRYPTO  [ ]  [ ]  [#]   [ ]  [ ]"
comment "SMART   [ ]  [ ]  [ ]   [#]  [ ]"
comment "PIN     [ ]  [ ]  [ ]   [ ]  [#]"

Note that menuconfig displays those arrays, but without the possibility to modify them: you will have to edit the associated files manually.

communication permissions menu communication permissions matrices

Warning

A task is not allowed to delcare DMA SHM to itself