Skip to content

Oemconfig example

Overview

Oemconfig.so can be programmed to blacklist certain shared objects which have security vulnerabilities. DSP restricts any shared object from loading on to DSP, which is blacklisted in oemconfig.so

Refer to the Feature Matrix for example support and to know the DSP architecture on the target.

oemconfig.so generation

  • Information pertaining to shared objects and their respective versions stored in JSON format
  • Blacklisting can be either with library version or library hash.
  • Shared objects and blacklisted version pairs are stored in a dictionary like format in an array of JSON strings. Versioning Scheme should stick to the format defined below. Versions should only contain integers. "\"lib_vers_pairs\":[\"library1:4.3.0\", \"library2:3.4\"],"
  • Hash details are stored as a string of hex values (64 Hex values corresponding to a 32 byte hash) "\"lib_hash\":[\"72557abe35e4dc5abc58bca2b3b5a32a45a89cd34e53efa3ba4c332a45afe2aa\"],"
  • It is not required to provide "\"chip_id\", "\"tcg_codesig\" and "\"tcg_testsig\" for blacklisting shared objects using "\"lib_vers_pairs\" and "\"lib_hash\". It is valid to just provide "\"lib_vers_pairs\" or "\"lib_hash\" in oemconfig, without including "\"chip_id\", "\"tcg_codesig\" and "\"tcg_testsig\".

Sample code

    #include <string.h>
    #include "oemconfig.h"


    static const char *pszSecurity = {
        "{"
            "\"chip_id\": 11,"
            "\"tcg_codesig\": [ 10, 11, 12 ],"
            "\"tcg_testsig\": [ 13, 14, 15, 16 ],"
            "\"lib_vers_pairs\":[\"libcalculator_skel.so:4.3.0\", \"library2.so:3.4\"],"
            "\"lib_hash\":[\"72557abe35e4dc5abc58bca2b3b5a32a45a89cd34e53efa3ba4c332a45afe2aa\"],"

        "}"
    };

    int getstring(const char *key, const char** psz)
    {
        if (0 == strcmp("security", key)) {
            *psz = pszSecurity;
            return 0;
        }
        return -1;
    }

Using the walkthrough script

The walkthrough script oemconfig_walkthrough.py automates the steps of signing the device, building, pushing and running the oemconfig example. You can run the walkthrough script with the dry-run (-DR) option to display all the commands that the script would execute without actually running them.

Review the generic setup and walkthrough_scripts instructions to learn more about setting up your device and using the walkthrough script.

Sample code to preload shared objects

Oemconfig.so can also be programmed as shown in the sample code below to preload shared objects onto the NSP to reduce dynamic loading latency.

#include <string.h>
#include "oemconfig.h"


static const char *pszSecurity = {
    "{"
        "\"chip_id\": 11," // chip id of target
        "\"preload_libs_NSP\":[\"libA.so\", \"libB.so\"]," // names of shared objects to be preloaded
    "}"
};

This sample code preloads libraries libA.so and libB.so. The FastRPC framework finds them in default DSP search paths. getstring() function must be defined along with this sample code in oemconfig.so to get loaded onto the NSP. Its implementation is same as shown in sample_code_of_library_versioning

Note : Shared objects to be preloaded must be present in default DSP search paths

The steps for generating oemconfig.so and flashing it on target remain identical to those discussed above.