Resources | developer.brewmp.com Resources | developer.brewmp.com

Developer

resources

Implementing file system access restrictions for diagnostic tools

Implementing file system access restrictions for diagnostic tools

The purpose of this feature is to impose restrictions on remotely accessing certain types of files on a device. Remote access refers to accessing files on a device through the serial or USB interface using diagnostics commands. OEMs are required to implement the Brew MP file access restrictions to help ensure that Brew MP applications and their content are protected from unauthorized copying.

Serial Port Access Restrictions (SPAR) is a mechanism and a set of rules that prevents tools that connect to the serial port from copying Brew MP applications. Tools include QPST (EFS Explorer) and bitpim. The rules control access to specific file paths.

The following outlines implementation of Brew MP file access restrictions:

  1. Implement the access restriction feature based on the feature definition, FEATURE_DIAG_FS_ACCESS_VALIDATION.
  2. Implement the registration function OEMFSSpar_AccessCbk(). OS Services calls this registration function during tmc_init(), when tmc_init() calls fs_spar_init(). If fs_spar_init() is not invoked from tmc_init(), SPARs are not enabled. The purpose of this function is to register a callback function that must be called each time a file access is attempted remotely.
  3. Invoke the OEM Layer function OEMFSSpar_Access() from OS Services FS when callback in step 2 fires. OEMFSSpar_Access() must call the PFNCHKRMTACCESS (access check) function passed as an argument to OEMFSSpar_Access() each time a file access is attempted remotely. When this function is invoked, OS Services applies this set of rules in the following order to decide whether to allow or deny access to the file specified.
    • Listing files is always allowed
    • Any access to the fs:/ringers directory will be denied
    • Any access to the fs:/download directory will be denied
    • Any access to the fs:/sys/priv directory will be denied
    • For numerically-named application directories (for example, fs:/mod/1234):
      • Files may not be read
      • Files may not be deleted
    • Any access to a subdirectory named private of a numerically-named application directory will be denied
    • For numerically-named files with a .mif extension in the fs:/mif directory:
      • Files may not be read
      • Files may not be deleted

Requirements

The following are the requirements for providing SPARs:

  • OEMFSSpar_AccessCbk() is provided in OEMFSSpar.c; no modifications are necessary. This function is called during device initialization by the tmc_init() function and is used to register a list of directories to monitor, including the OS Services layer callback function to be called when a remote file access request is made. (This OS Services callback function in turn invokes OEMFSSpar_Access().)
  • The second requirement is met by calling the OS Services PFNCHKRMTACCESS (access check) function from OEMFSSpar_Access(). This means calling the function pointed to by the argument pfn of OEMFSSpar_Access() when an access request is made to a file contained in one of the directories listed in the OEMFSSpar_AccessCbk() in the pszDirList argument to diag_fs_register_access_check().
  • The OS Services layer access check function returns either TRUE or FALSE, signaling whether file access is allowed or denied. A reference implementation for this is already provided in OEMFSSpar.c. No modifications are necessary. The third requirement is met by blocking or allowing the file access based on the return value from the callback function of the second requirement. The AMSS files provide this implementation.

Testing the device build

After completing the device build, perform the following tests to ensure that it has been incorporated correctly.

  1. Using a tool such as EFS Explorer or Loader, ensure that these files cannot be copied from the device:
    • prefs.dat from the Brew MP directory
    • Any numbered MIF (for example, 450.mif) inside the Brew MP directory
    • Any file from a directory inside the Brew MP directory that is all numbers (for example, 450)
    • Any file from the download directory within the Brew MP directory
  2. Ensure that the following file types can be copied from the device:
    • Any file from the shared directory
    • A named MIF (for example, hello.mif) inside the Brew MP directory
    • Any file from a directory that is named (for example, hello) inside the Brew MP directory