Stratosphere: Fix FS permissions for <4.0.0 KIPs

This commit is contained in:
Michael Scire 2018-10-17 16:26:36 -07:00
parent 781f2597e5
commit 5dc31f001e
10 changed files with 183 additions and 15 deletions

View file

@ -28,6 +28,7 @@
#include "pm_process_track.hpp" #include "pm_process_track.hpp"
#include "pm_registration.hpp" #include "pm_registration.hpp"
#include "pm_debug_monitor.hpp" #include "pm_debug_monitor.hpp"
#include "smm_ams.h"
extern "C" { extern "C" {
extern u32 __start__; extern u32 __start__;
@ -56,6 +57,20 @@ void __libnx_initheap(void) {
fake_heap_end = (char*)addr + size; fake_heap_end = (char*)addr + size;
} }
void RegisterPrivilegedProcessesWithFs() {
/* Ensures that all privileged processes are registered with full FS permissions. */
constexpr u64 PRIVILEGED_PROCESS_MIN = 0;
constexpr u64 PRIVILEGED_PROCESS_MAX = 0x4F;
const u32 PRIVILEGED_FAH[0x1C/sizeof(u32)] = {0x00000001, 0x00000000, 0x80000000, 0x0000001C, 0x00000000, 0x0000001C, 0x00000000};
const u32 PRIVILEGED_FAC[0x2C/sizeof(u32)] = {0x00000001, 0x00000000, 0x80000000, 0x00000000, 0x00000000, 0xFFFFFFFF, 0xFFFFFFFF, 0x00000000, 0x00000000, 0xFFFFFFFF, 0xFFFFFFFF};
for (u64 pid = PRIVILEGED_PROCESS_MIN; pid <= PRIVILEGED_PROCESS_MAX; pid++) {
fsprUnregisterProgram(pid);
fsprRegisterProgram(pid, pid, FsStorageId_NandSystem, PRIVILEGED_FAH, sizeof(PRIVILEGED_FAH), PRIVILEGED_FAC, sizeof(PRIVILEGED_FAC));
}
}
void __appInit(void) { void __appInit(void) {
Result rc; Result rc;
@ -64,27 +79,33 @@ void __appInit(void) {
fatalSimple(MAKERESULT(Module_Libnx, LibnxError_InitFail_SM)); fatalSimple(MAKERESULT(Module_Libnx, LibnxError_InitFail_SM));
} }
rc = fsInitialize(); rc = fsprInitialize();
if (R_FAILED(rc)) {
fatalSimple(MAKERESULT(Module_Libnx, LibnxError_InitFail_FS));
}
rc = lrInitialize();
if (R_FAILED(rc)) { if (R_FAILED(rc)) {
fatalSimple(0xCAFE << 4 | 1); fatalSimple(0xCAFE << 4 | 1);
} }
rc = fsprInitialize(); /* This works around a bug with process permissions on < 4.0.0. */
if (R_FAILED(rc)) { RegisterPrivilegedProcessesWithFs();
rc = smManagerAmsInitialize();
if (R_SUCCEEDED(rc)) {
smManagerAmsEndInitialDefers();
smManagerAmsExit();
} else {
fatalSimple(0xCAFE << 4 | 2); fatalSimple(0xCAFE << 4 | 2);
} }
rc = ldrPmInitialize(); rc = smManagerInitialize();
if (R_FAILED(rc)) {
fatalSimple(0xCAFE << 4 | 3);
}
rc = lrInitialize();
if (R_FAILED(rc)) { if (R_FAILED(rc)) {
fatalSimple(0xCAFE << 4 | 4); fatalSimple(0xCAFE << 4 | 4);
} }
rc = smManagerInitialize(); rc = ldrPmInitialize();
if (R_FAILED(rc)) { if (R_FAILED(rc)) {
fatalSimple(0xCAFE << 4 | 5); fatalSimple(0xCAFE << 4 | 5);
} }
@ -94,6 +115,11 @@ void __appInit(void) {
fatalSimple(0xCAFE << 4 | 6); fatalSimple(0xCAFE << 4 | 6);
} }
rc = fsInitialize();
if (R_FAILED(rc)) {
fatalSimple(MAKERESULT(Module_Libnx, LibnxError_InitFail_FS));
}
CheckAtmosphereVersion(); CheckAtmosphereVersion();
} }

View file

@ -182,7 +182,8 @@ void ResourceLimitUtils::InitializeLimits() {
/* Atmosphere: Allocate extra memory (24 MiB) to SYSTEM away from Applet. */ /* Atmosphere: Allocate extra memory (24 MiB) to SYSTEM away from Applet. */
for (unsigned int i = 0; i < 6; i++) { for (unsigned int i = 0; i < 6; i++) {
g_memory_resource_limits[i][0] += ATMOSPHERE_EXTRA_SYSTEM_MEMORY_FOR_SYSMODULES; g_memory_resource_limits[i][0] += ATMOSPHERE_EXTRA_SYSTEM_MEMORY_FOR_SYSMODULES;
g_memory_resource_limits[i][2] -= ATMOSPHERE_EXTRA_SYSTEM_MEMORY_FOR_SYSMODULES; //g_memory_resource_limits[i][2] -= ATMOSPHERE_EXTRA_SYSTEM_MEMORY_FOR_SYSMODULES;
g_memory_resource_limits[i][1] -= ATMOSPHERE_EXTRA_SYSTEM_MEMORY_FOR_SYSMODULES;
} }
/* Set resource limits. */ /* Set resource limits. */

View file

@ -0,0 +1,69 @@
/*
* Copyright (c) 2018 Atmosphère-NX
*
* This program is free software; you can redistribute it and/or modify it
* under the terms and conditions of the GNU General Public License,
* version 2, as published by the Free Software Foundation.
*
* This program is distributed in the hope it will be useful, but WITHOUT
* ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
* FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for
* more details.
*
* You should have received a copy of the GNU General Public License
* along with this program. If not, see <http://www.gnu.org/licenses/>.
*/
#include <switch.h>
#include <switch/arm/atomics.h>
#include "smm_ams.h"
static Service g_smManagerAmsSrv;
static u64 g_smManagerAmsRefcnt;
Result smManagerAmsInitialize(void) {
atomicIncrement64(&g_smManagerAmsRefcnt);
if (serviceIsActive(&g_smManagerAmsSrv))
return 0;
return smGetService(&g_smManagerAmsSrv, "sm:m");
}
void smManagerAmsExit(void) {
if (atomicDecrement64(&g_smManagerAmsRefcnt) == 0)
serviceClose(&g_smManagerAmsSrv);
}
Result smManagerAmsEndInitialDefers(void) {
IpcCommand c;
ipcInitialize(&c);
struct {
u64 magic;
u64 cmd_id;
} *raw;
raw = serviceIpcPrepareHeader(&g_smManagerAmsSrv, &c, sizeof(*raw));
raw->magic = SFCI_MAGIC;
raw->cmd_id = 65000;
Result rc = serviceIpcDispatch(&g_smManagerAmsSrv);
if (R_SUCCEEDED(rc)) {
IpcParsedCommand r;
struct {
u64 magic;
u64 result;
} *resp;
serviceIpcParse(&g_smManagerAmsSrv, &r, sizeof(*resp));
resp = r.Raw;
rc = resp->result;
}
return rc;
}

View file

@ -0,0 +1,21 @@
/**
* @file smm_ams.h
* @brief Service manager (sm:m) IPC wrapper for Atmosphere extensions.
* @author SciresM
* @copyright libnx Authors
*/
#pragma once
#include <switch.h>
#ifdef __cplusplus
extern "C" {
#endif
Result smManagerAmsInitialize(void);
void smManagerAmsExit(void);
Result smManagerAmsEndInitialDefers(void);
#ifdef __cplusplus
}
#endif

View file

@ -34,7 +34,7 @@ ARCH := -march=armv8-a -mtune=cortex-a57 -mtp=soft -fPIE
CFLAGS := -g -Wall -O2 -ffunction-sections \ CFLAGS := -g -Wall -O2 -ffunction-sections \
$(ARCH) $(DEFINES) $(ARCH) $(DEFINES)
CFLAGS += $(INCLUDE) -D__SWITCH__ -DSM_ENABLE_SMHAX -DSM_ENABLE_MITM -DSM_MINIMUM_SESSION_LIMIT=8 CFLAGS += $(INCLUDE) -D__SWITCH__ -DSM_ENABLE_SMHAX -DSM_ENABLE_MITM -DSM_ENABLE_INIT_DEFERS -DSM_MINIMUM_SESSION_LIMIT=8
CXXFLAGS := $(CFLAGS) -fno-rtti -fno-exceptions -std=gnu++17 CXXFLAGS := $(CFLAGS) -fno-rtti -fno-exceptions -std=gnu++17

View file

@ -28,6 +28,9 @@ Result ManagerService::dispatch(IpcParsedCommand &r, IpcCommand &out_c, u64 cmd_
case Manager_Cmd_UnregisterProcess: case Manager_Cmd_UnregisterProcess:
rc = WrapIpcCommandImpl<&ManagerService::unregister_process>(this, r, out_c, pointer_buffer, pointer_buffer_size); rc = WrapIpcCommandImpl<&ManagerService::unregister_process>(this, r, out_c, pointer_buffer, pointer_buffer_size);
break; break;
case Manager_Cmd_AtmosphereEndInitDefers:
rc = WrapIpcCommandImpl<&ManagerService::end_init_defers>(this, r, out_c, pointer_buffer, pointer_buffer_size);
break;
default: default:
break; break;
} }
@ -47,3 +50,9 @@ std::tuple<Result> ManagerService::register_process(u64 pid, InBuffer<u8> acid_s
std::tuple<Result> ManagerService::unregister_process(u64 pid) { std::tuple<Result> ManagerService::unregister_process(u64 pid) {
return {Registration::UnregisterProcess(pid)}; return {Registration::UnregisterProcess(pid)};
} }
std::tuple<Result> ManagerService::end_init_defers() {
Registration::EndInitDefers();
return {0};
}

View file

@ -20,7 +20,10 @@
enum ManagerServiceCmd { enum ManagerServiceCmd {
Manager_Cmd_RegisterProcess = 0, Manager_Cmd_RegisterProcess = 0,
Manager_Cmd_UnregisterProcess = 1 Manager_Cmd_UnregisterProcess = 1,
Manager_Cmd_AtmosphereEndInitDefers = 65000,
}; };
class ManagerService final : public IServiceObject { class ManagerService final : public IServiceObject {
@ -36,4 +39,5 @@ class ManagerService final : public IServiceObject {
/* Actual commands. */ /* Actual commands. */
std::tuple<Result> register_process(u64 pid, InBuffer<u8> acid_sac, InBuffer<u8> aci0_sac); std::tuple<Result> register_process(u64 pid, InBuffer<u8> acid_sac, InBuffer<u8> aci0_sac);
std::tuple<Result> unregister_process(u64 pid); std::tuple<Result> unregister_process(u64 pid);
std::tuple<Result> end_init_defers();
}; };

View file

@ -26,6 +26,7 @@ static std::array<Registration::Service, REGISTRATION_LIST_MAX_SERVICE> g_servic
static u64 g_initial_process_id_low = 0; static u64 g_initial_process_id_low = 0;
static u64 g_initial_process_id_high = 0; static u64 g_initial_process_id_high = 0;
static bool g_determined_initial_process_ids = false; static bool g_determined_initial_process_ids = false;
static bool g_end_init_defers = false;
u64 GetServiceNameLength(u64 service) { u64 GetServiceNameLength(u64 service) {
u64 service_name_len = 0; u64 service_name_len = 0;
@ -36,6 +37,38 @@ u64 GetServiceNameLength(u64 service) {
return service_name_len; return service_name_len;
} }
/* Atmosphere extension utilities. */
void Registration::EndInitDefers() {
g_end_init_defers = true;
}
constexpr u64 EncodeNameConstant(const char *name) {
u64 service = 0;
for (unsigned int i = 0; i < sizeof(service); i++) {
if (name[i] == '\x00') {
break;
}
service |= ((u64)name[i]) << (8 * i);
}
return service;
}
bool Registration::ShouldInitDefer(u64 service) {
/* Only enable if compile-time generated. */
#ifndef SM_ENABLE_INIT_DEFERS
return false;
#endif
if (g_end_init_defers) {
return false;
}
/* This is a mechanism by which certain services will always be deferred until sm:m receives a special command. */
/* This can be extended with more services as needed at a later date. */
constexpr u64 FSP_SRV = EncodeNameConstant("fsp-srv");
return service == FSP_SRV;
}
/* Utilities. */ /* Utilities. */
Registration::Process *Registration::GetProcessForPid(u64 pid) { Registration::Process *Registration::GetProcessForPid(u64 pid) {
auto process_it = std::find_if(g_process_list.begin(), g_process_list.end(), member_equals_fn(&Process::pid, pid)); auto process_it = std::find_if(g_process_list.begin(), g_process_list.end(), member_equals_fn(&Process::pid, pid));
@ -188,11 +221,13 @@ bool Registration::HasService(u64 service) {
Result Registration::GetServiceHandle(u64 pid, u64 service, Handle *out) { Result Registration::GetServiceHandle(u64 pid, u64 service, Handle *out) {
Registration::Service *target_service = GetService(service); Registration::Service *target_service = GetService(service);
if (target_service == NULL) { if (target_service == NULL || ShouldInitDefer(service)) {
/* Note: This defers the result until later. */ /* Note: This defers the result until later. */
return RESULT_DEFER_SESSION; return RESULT_DEFER_SESSION;
} }
/* */
*out = 0; *out = 0;
Result rc; Result rc;
if (target_service->mitm_pid == 0 || target_service->mitm_pid == pid) { if (target_service->mitm_pid == 0 || target_service->mitm_pid == pid) {

View file

@ -46,6 +46,9 @@ class Registration {
}; };
/* Utilities. */ /* Utilities. */
static void EndInitDefers();
static bool ShouldInitDefer(u64 service);
static Registration::Process *GetProcessForPid(u64 pid); static Registration::Process *GetProcessForPid(u64 pid);
static Registration::Process *GetFreeProcess(); static Registration::Process *GetFreeProcess();
static Registration::Service *GetService(u64 service); static Registration::Service *GetService(u64 service);

View file

@ -53,7 +53,7 @@ Result UserService::dispatch(IpcParsedCommand &r, IpcCommand &out_c, u64 cmd_id,
Result UserService::handle_deferred() { Result UserService::handle_deferred() {
/* If we're deferred, GetService failed. */ /* If we're deferred, GetService failed. */
return WrapDeferredIpcCommandImpl<&UserService::deferred_get_service>(this, this->deferred_service);; return WrapDeferredIpcCommandImpl<&UserService::deferred_get_service>(this, this->deferred_service);
} }