sys: initial trusty support

Trusty is a set of software components supporting a Trusted Execution Environment (TEE) on mobile devices. https://source.android.com/security/trusty Add syscall descriptions and some boilerplate.
author: Dmitry Vyukov <dvyukov@google.com> 2018-11-07 17:52:06 -0800
committer: Dmitry Vyukov <dvyukov@google.com> 2018-11-07 17:52:06 -0800
commit: 0d872150de5bcd8d9c037302629df30bba4efc80 (patch)
tree: 165f2d593796b18be29be5cb105e253471cdb699
parent: e85d2a6170932cb475cf91be848c7593598eb81c (diff)
13 files changed, 389 insertions, 0 deletions
diff --git a/Makefile b/Makefile
index 18e777b9e..8c931312f 100644
--- a/Makefile
+++ b/Makefile
@@ -78,6 +78,11 @@ ifeq ("$(TARGETOS)", "akaros")
 	TARGETGOARCH := $(HOSTARCH)
 endif
 
+ifeq ("$(TARGETOS)", "trusty")
+	TARGETGOOS := $(HOSTOS)
+	TARGETGOARCH := $(HOSTARCH)
+endif
+
 .PHONY: all host target \
 	manager runtest fuzzer executor \
 	ci hub \
diff --git a/docs/trusty/README.md b/docs/trusty/README.md
new file mode 100644
index 000000000..cbd532cdf
--- /dev/null
+++ b/docs/trusty/README.md
@@ -0,0 +1,6 @@
+# Trusty support
+
+[Trusty](https://source.android.com/security/trusty) is a set of software
+components supporting a Trusted Execution Environment (TEE) on mobile devices.
+
+WIP
diff --git a/executor/defs.h b/executor/defs.h
index d78d5a7d1..bd7a001cf 100644
--- a/executor/defs.h
+++ b/executor/defs.h
@@ -185,6 +185,21 @@
 
 #endif
 
+#if GOOS_trusty
+#define GOOS "trusty"
+
+#if GOARCH_arm
+#define GOARCH "arm"
+#define SYZ_REVISION "e310afc1c6f271074c53522dc18d6a86e8f2553f"
+#define SYZ_EXECUTOR_USES_FORK_SERVER 0
+#define SYZ_EXECUTOR_USES_SHMEM 0
+#define SYZ_PAGE_SIZE 4096
+#define SYZ_NUM_PAGES 4096
+#define SYZ_DATA_OFFSET 536870912
+#endif
+
+#endif
+
 #if GOOS_windows
 #define GOOS "windows"
 
diff --git a/executor/syscalls.h b/executor/syscalls.h
index cd2c10d73..2b63527cb 100644
--- a/executor/syscalls.h
+++ b/executor/syscalls.h
@@ -13033,6 +13033,40 @@ const call_t syscalls[] = {
 
 #endif
 
+#if GOOS_trusty
+
+#if GOARCH_arm
+const call_t syscalls[] = {
+    {"accept", 18},
+    {"brk", 2},
+    {"close", 19},
+    {"connect", 17},
+    {"exit_etc", 3},
+    {"finish_dma", 11},
+    {"get_msg", 32},
+    {"gettime", 7},
+    {"handle_set_create", 21},
+    {"handle_set_ctrl", 22},
+    {"ioctl", 5},
+    {"mmap", 8},
+    {"munmap", 9},
+    {"nanosleep", 6},
+    {"port_create", 16},
+    {"prepare_dma", 10},
+    {"put_msg", 34},
+    {"read", 4},
+    {"read_msg", 33},
+    {"send_msg", 35},
+    {"set_cookie", 20},
+    {"wait", 24},
+    {"wait_any", 25},
+    {"write", 1},
+
+};
+#endif
+
+#endif
+
 #if GOOS_windows
 
 #if GOARCH_amd64
diff --git a/sys/sys.go b/sys/sys.go
index 25e144070..39ed86f95 100644
--- a/sys/sys.go
+++ b/sys/sys.go
@@ -12,6 +12,7 @@ import (
 	_ "github.com/google/syzkaller/sys/netbsd/gen"
 	_ "github.com/google/syzkaller/sys/openbsd/gen"
 	_ "github.com/google/syzkaller/sys/test/gen"
+	_ "github.com/google/syzkaller/sys/trusty/gen"
 	_ "github.com/google/syzkaller/sys/windows/gen"
 )
 
diff --git a/sys/syz-extract/extract.go b/sys/syz-extract/extract.go
index 4a937b0f6..fc63f7384 100644
--- a/sys/syz-extract/extract.go
+++ b/sys/syz-extract/extract.go
@@ -63,6 +63,7 @@ var extractors = map[string]Extractor{
 	"android": new(linux),
 	"fuchsia": new(fuchsia),
 	"windows": new(windows),
+	"trusty":  new(trusty),
 }
 
 func main() {
diff --git a/sys/syz-extract/trusty.go b/sys/syz-extract/trusty.go
new file mode 100644
index 000000000..325925c14
--- /dev/null
+++ b/sys/syz-extract/trusty.go
@@ -0,0 +1,37 @@
+// Copyright 2018 syzkaller project authors. All rights reserved.
+// Use of this source code is governed by Apache 2 LICENSE that can be found in the LICENSE file.
+
+package main
+
+import (
+	"fmt"
+	"path/filepath"
+
+	"github.com/google/syzkaller/pkg/compiler"
+)
+
+type trusty struct{}
+
+func (*trusty) prepare(sourcedir string, build bool, arches []string) error {
+	if sourcedir == "" {
+		return fmt.Errorf("provide path to kernel checkout via -sourcedir flag (or make extract SOURCEDIR)")
+	}
+	return nil
+}
+
+func (*trusty) prepareArch(arch *Arch) error {
+	return nil
+}
+
+func (*trusty) processFile(arch *Arch, info *compiler.ConstInfo) (map[string]uint64, map[string]bool, error) {
+	dir := arch.sourceDir
+	args := []string{
+		"-fmessage-length=0",
+		"-I", filepath.Join(dir, "external", "lk", "include", "shared"),
+		"-I", filepath.Join(dir, "trusty", "user", "base", "include"),
+	}
+	for _, incdir := range info.Incdirs {
+		args = append(args, "-I"+filepath.Join(dir, incdir))
+	}
+	return extract(info, "gcc", args, "", true)
+}
diff --git a/sys/targets/targets.go b/sys/targets/targets.go
index 24fcd5392..ad47579ed 100644
--- a/sys/targets/targets.go
+++ b/sys/targets/targets.go
@@ -243,6 +243,13 @@ var List = map[string]map[string]*Target{
 			},
 		},
 	},
+	"trusty": {
+		"arm": {
+			PtrSize:           4,
+			PageSize:          4 << 10,
+			NeedSyscallDefine: dontNeedSyscallDefine,
+		},
+	},
 }
 
 var oses = map[string]osCommon{
@@ -294,6 +301,10 @@ var oses = map[string]osCommon{
 		ExecutorUsesForkServer: true,
 		KernelObject:           "akaros-kernel-64b",
 	},
+	"trusty": {
+		SyscallNumbers: true,
+		SyscallPrefix:  "__NR_",
+	},
 }
 
 func init() {
diff --git a/sys/trusty/gen/arm.go b/sys/trusty/gen/arm.go
new file mode 100644
index 000000000..1f45d6904
--- /dev/null
+++ b/sys/trusty/gen/arm.go
@@ -0,0 +1,176 @@
+// AUTOGENERATED FILE
+// +build !syz_target syz_target,syz_os_trusty,syz_arch_arm
+
+package gen
+
+import . "github.com/google/syzkaller/prog"
+import . "github.com/google/syzkaller/sys/trusty"
+
+func init() {
+	RegisterTarget(&Target{OS: "trusty", Arch: "arm", Revision: revision_arm, PtrSize: 4, PageSize: 4096, NumPages: 4096, DataOffset: 536870912, Syscalls: syscalls_arm, Resources: resources_arm, Structs: structDescs_arm, Consts: consts_arm}, InitTarget)
+}
+
+var resources_arm = []*ResourceDesc(nil)
+
+var structDescs_arm = []*KeyedStruct{
+	{Key: StructKey{Name: "dma_pmem"}, Desc: &StructDesc{TypeCommon: TypeCommon{TypeName: "dma_pmem", TypeSize: 4}, Fields: []Type{
+		&IntType{IntTypeCommon: IntTypeCommon{TypeCommon: TypeCommon{TypeName: "int32", FldName: "todo", TypeSize: 4}}},
+	}}},
+	{Key: StructKey{Name: "ipc_msg"}, Desc: &StructDesc{TypeCommon: TypeCommon{TypeName: "ipc_msg", TypeSize: 4}, Fields: []Type{
+		&IntType{IntTypeCommon: IntTypeCommon{TypeCommon: TypeCommon{TypeName: "int32", FldName: "todo", TypeSize: 4}}},
+	}}},
+	{Key: StructKey{Name: "ipc_msg", Dir: 1}, Desc: &StructDesc{TypeCommon: TypeCommon{TypeName: "ipc_msg", TypeSize: 4, ArgDir: 1}, Fields: []Type{
+		&IntType{IntTypeCommon: IntTypeCommon{TypeCommon: TypeCommon{TypeName: "int32", FldName: "todo", TypeSize: 4, ArgDir: 1}}},
+	}}},
+	{Key: StructKey{Name: "ipc_msg_info"}, Desc: &StructDesc{TypeCommon: TypeCommon{TypeName: "ipc_msg_info", TypeSize: 4}, Fields: []Type{
+		&IntType{IntTypeCommon: IntTypeCommon{TypeCommon: TypeCommon{TypeName: "int32", FldName: "todo", TypeSize: 4}}},
+	}}},
+	{Key: StructKey{Name: "uevent"}, Desc: &StructDesc{TypeCommon: TypeCommon{TypeName: "uevent", TypeSize: 4}, Fields: []Type{
+		&IntType{IntTypeCommon: IntTypeCommon{TypeCommon: TypeCommon{TypeName: "int32", FldName: "todo", TypeSize: 4}}},
+	}}},
+	{Key: StructKey{Name: "uevent", Dir: 1}, Desc: &StructDesc{TypeCommon: TypeCommon{TypeName: "uevent", TypeSize: 4, ArgDir: 1}, Fields: []Type{
+		&IntType{IntTypeCommon: IntTypeCommon{TypeCommon: TypeCommon{TypeName: "int32", FldName: "todo", TypeSize: 4, ArgDir: 1}}},
+	}}},
+	{Key: StructKey{Name: "uuid", Dir: 1}, Desc: &StructDesc{TypeCommon: TypeCommon{TypeName: "uuid", TypeSize: 4, ArgDir: 1}, Fields: []Type{
+		&IntType{IntTypeCommon: IntTypeCommon{TypeCommon: TypeCommon{TypeName: "int32", FldName: "todo", TypeSize: 4, ArgDir: 1}}},
+	}}},
+}
+
+var syscalls_arm = []*Syscall{
+	{NR: 18, Name: "accept", CallName: "accept", Args: []Type{
+		&IntType{IntTypeCommon: IntTypeCommon{TypeCommon: TypeCommon{TypeName: "int32", FldName: "handle_id", TypeSize: 4}}},
+		&PtrType{TypeCommon: TypeCommon{TypeName: "ptr", FldName: "peer_uuid", TypeSize: 4}, Type: &StructType{Key: StructKey{Name: "uuid", Dir: 1}}},
+	}},
+	{NR: 2, Name: "brk", CallName: "brk", Args: []Type{
+		&IntType{IntTypeCommon: IntTypeCommon{TypeCommon: TypeCommon{TypeName: "int32", FldName: "brk", TypeSize: 4}}},
+	}},
+	{NR: 19, Name: "close", CallName: "close", Args: []Type{
+		&IntType{IntTypeCommon: IntTypeCommon{TypeCommon: TypeCommon{TypeName: "int32", FldName: "handle_id", TypeSize: 4}}},
+	}},
+	{NR: 17, Name: "connect", CallName: "connect", Args: []Type{
+		&PtrType{TypeCommon: TypeCommon{TypeName: "ptr", FldName: "path", TypeSize: 4}, Type: &BufferType{TypeCommon: TypeCommon{TypeName: "string", IsVarlen: true}, Kind: 2}},
+		&IntType{IntTypeCommon: IntTypeCommon{TypeCommon: TypeCommon{TypeName: "int32", FldName: "flags", TypeSize: 4}}},
+	}},
+	{NR: 3, Name: "exit_etc", CallName: "exit_etc", Args: []Type{
+		&IntType{IntTypeCommon: IntTypeCommon{TypeCommon: TypeCommon{TypeName: "int32", FldName: "status", TypeSize: 4}}},
+		&IntType{IntTypeCommon: IntTypeCommon{TypeCommon: TypeCommon{TypeName: "int32", FldName: "flags", TypeSize: 4}}},
+	}},
+	{NR: 11, Name: "finish_dma", CallName: "finish_dma", Args: []Type{
+		&PtrType{TypeCommon: TypeCommon{TypeName: "ptr", FldName: "uaddr", TypeSize: 4}, Type: &BufferType{TypeCommon: TypeCommon{TypeName: "array", ArgDir: 1, IsVarlen: true}}},
+		&LenType{IntTypeCommon: IntTypeCommon{TypeCommon: TypeCommon{TypeName: "len", FldName: "size", TypeSize: 4}}, Buf: "uaddr"},
+		&IntType{IntTypeCommon: IntTypeCommon{TypeCommon: TypeCommon{TypeName: "int32", FldName: "flags", TypeSize: 4}}},
+	}},
+	{NR: 32, Name: "get_msg", CallName: "get_msg", Args: []Type{
+		&IntType{IntTypeCommon: IntTypeCommon{TypeCommon: TypeCommon{TypeName: "int32", FldName: "handle", TypeSize: 4}}},
+		&PtrType{TypeCommon: TypeCommon{TypeName: "ptr", FldName: "msg_info", TypeSize: 4}, Type: &StructType{Key: StructKey{Name: "ipc_msg_info"}}},
+	}},
+	{NR: 7, Name: "gettime", CallName: "gettime", Args: []Type{
+		&IntType{IntTypeCommon: IntTypeCommon{TypeCommon: TypeCommon{TypeName: "int32", FldName: "clock_id", TypeSize: 4}}},
+		&IntType{IntTypeCommon: IntTypeCommon{TypeCommon: TypeCommon{TypeName: "int32", FldName: "flags", TypeSize: 4}}},
+		&PtrType{TypeCommon: TypeCommon{TypeName: "ptr", FldName: "time", TypeSize: 4}, Type: &IntType{IntTypeCommon: IntTypeCommon{TypeCommon: TypeCommon{TypeName: "int64", TypeSize: 8, ArgDir: 1}}}},
+	}},
+	{NR: 21, Name: "handle_set_create", CallName: "handle_set_create"},
+	{NR: 22, Name: "handle_set_ctrl", CallName: "handle_set_ctrl", Args: []Type{
+		&IntType{IntTypeCommon: IntTypeCommon{TypeCommon: TypeCommon{TypeName: "int32", FldName: "handle", TypeSize: 4}}},
+		&IntType{IntTypeCommon: IntTypeCommon{TypeCommon: TypeCommon{TypeName: "int32", FldName: "cmd", TypeSize: 4}}},
+		&PtrType{TypeCommon: TypeCommon{TypeName: "ptr", FldName: "evt", TypeSize: 4}, Type: &StructType{Key: StructKey{Name: "uevent"}}},
+	}},
+	{NR: 5, Name: "ioctl", CallName: "ioctl", Args: []Type{
+		&IntType{IntTypeCommon: IntTypeCommon{TypeCommon: TypeCommon{TypeName: "int32", FldName: "fd", TypeSize: 4}}},
+		&IntType{IntTypeCommon: IntTypeCommon{TypeCommon: TypeCommon{TypeName: "int32", FldName: "req", TypeSize: 4}}},
+		&PtrType{TypeCommon: TypeCommon{TypeName: "ptr", FldName: "buf", TypeSize: 4}, Type: &BufferType{TypeCommon: TypeCommon{TypeName: "array", IsVarlen: true}}},
+	}},
+	{NR: 8, Name: "mmap", CallName: "mmap", Args: []Type{
+		&VmaType{TypeCommon: TypeCommon{TypeName: "vma", FldName: "uaddr", TypeSize: 4}},
+		&LenType{IntTypeCommon: IntTypeCommon{TypeCommon: TypeCommon{TypeName: "len", FldName: "size", TypeSize: 4}}, Buf: "uaddr"},
+		&IntType{IntTypeCommon: IntTypeCommon{TypeCommon: TypeCommon{TypeName: "int32", FldName: "flags", TypeSize: 4}}},
+		&IntType{IntTypeCommon: IntTypeCommon{TypeCommon: TypeCommon{TypeName: "int32", FldName: "handle", TypeSize: 4}}},
+	}},
+	{NR: 9, Name: "munmap", CallName: "munmap", Args: []Type{
+		&VmaType{TypeCommon: TypeCommon{TypeName: "vma", FldName: "uaddr", TypeSize: 4}},
+		&LenType{IntTypeCommon: IntTypeCommon{TypeCommon: TypeCommon{TypeName: "len", FldName: "size", TypeSize: 4}}, Buf: "uaddr"},
+	}},
+	{NR: 6, Name: "nanosleep", CallName: "nanosleep", Args: []Type{
+		&IntType{IntTypeCommon: IntTypeCommon{TypeCommon: TypeCommon{TypeName: "int32", FldName: "clock_id", TypeSize: 4}}},
+		&IntType{IntTypeCommon: IntTypeCommon{TypeCommon: TypeCommon{TypeName: "int32", FldName: "flags", TypeSize: 4}}},
+		&IntType{IntTypeCommon: IntTypeCommon{TypeCommon: TypeCommon{TypeName: "int64", FldName: "sleep_time", TypeSize: 8}}},
+	}},
+	{NR: 16, Name: "port_create", CallName: "port_create", Args: []Type{
+		&PtrType{TypeCommon: TypeCommon{TypeName: "ptr", FldName: "path", TypeSize: 4}, Type: &BufferType{TypeCommon: TypeCommon{TypeName: "string", IsVarlen: true}, Kind: 2}},
+		&IntType{IntTypeCommon: IntTypeCommon{TypeCommon: TypeCommon{TypeName: "int32", FldName: "num_recv_bufs", TypeSize: 4}}},
+		&IntType{IntTypeCommon: IntTypeCommon{TypeCommon: TypeCommon{TypeName: "int32", FldName: "recv_buf_size", TypeSize: 4}}},
+		&IntType{IntTypeCommon: IntTypeCommon{TypeCommon: TypeCommon{TypeName: "int32", FldName: "flags", TypeSize: 4}}},
+	}},
+	{NR: 10, Name: "prepare_dma", CallName: "prepare_dma", Args: []Type{
+		&PtrType{TypeCommon: TypeCommon{TypeName: "ptr", FldName: "uaddr", TypeSize: 4}, Type: &BufferType{TypeCommon: TypeCommon{TypeName: "array", ArgDir: 1, IsVarlen: true}}},
+		&LenType{IntTypeCommon: IntTypeCommon{TypeCommon: TypeCommon{TypeName: "len", FldName: "size", TypeSize: 4}}, Buf: "uaddr"},
+		&IntType{IntTypeCommon: IntTypeCommon{TypeCommon: TypeCommon{TypeName: "int32", FldName: "flags", TypeSize: 4}}},
+		&PtrType{TypeCommon: TypeCommon{TypeName: "ptr", FldName: "pmem", TypeSize: 4}, Type: &StructType{Key: StructKey{Name: "dma_pmem"}}},
+	}},
+	{NR: 34, Name: "put_msg", CallName: "put_msg", Args: []Type{
+		&IntType{IntTypeCommon: IntTypeCommon{TypeCommon: TypeCommon{TypeName: "int32", FldName: "handle", TypeSize: 4}}},
+		&IntType{IntTypeCommon: IntTypeCommon{TypeCommon: TypeCommon{TypeName: "int32", FldName: "msg_id", TypeSize: 4}}},
+	}},
+	{NR: 4, Name: "read", CallName: "read", Args: []Type{
+		&IntType{IntTypeCommon: IntTypeCommon{TypeCommon: TypeCommon{TypeName: "int32", FldName: "fd", TypeSize: 4}}},
+		&PtrType{TypeCommon: TypeCommon{TypeName: "ptr", FldName: "msg", TypeSize: 4}, Type: &BufferType{TypeCommon: TypeCommon{TypeName: "array", ArgDir: 1, IsVarlen: true}}},
+		&LenType{IntTypeCommon: IntTypeCommon{TypeCommon: TypeCommon{TypeName: "len", FldName: "size", TypeSize: 4}}, Buf: "msg"},
+	}},
+	{NR: 33, Name: "read_msg", CallName: "read_msg", Args: []Type{
+		&IntType{IntTypeCommon: IntTypeCommon{TypeCommon: TypeCommon{TypeName: "int32", FldName: "handle", TypeSize: 4}}},
+		&IntType{IntTypeCommon: IntTypeCommon{TypeCommon: TypeCommon{TypeName: "int32", FldName: "msg_id", TypeSize: 4}}},
+		&IntType{IntTypeCommon: IntTypeCommon{TypeCommon: TypeCommon{TypeName: "int32", FldName: "offset", TypeSize: 4}}},
+		&PtrType{TypeCommon: TypeCommon{TypeName: "ptr", FldName: "msg", TypeSize: 4}, Type: &StructType{Key: StructKey{Name: "ipc_msg", Dir: 1}}},
+	}},
+	{NR: 35, Name: "send_msg", CallName: "send_msg", Args: []Type{
+		&IntType{IntTypeCommon: IntTypeCommon{TypeCommon: TypeCommon{TypeName: "int32", FldName: "handle", TypeSize: 4}}},
+		&PtrType{TypeCommon: TypeCommon{TypeName: "ptr", FldName: "msg", TypeSize: 4}, Type: &StructType{Key: StructKey{Name: "ipc_msg"}}},
+	}},
+	{NR: 20, Name: "set_cookie", CallName: "set_cookie", Args: []Type{
+		&IntType{IntTypeCommon: IntTypeCommon{TypeCommon: TypeCommon{TypeName: "int32", FldName: "handle", TypeSize: 4}}},
+		&IntType{IntTypeCommon: IntTypeCommon{TypeCommon: TypeCommon{TypeName: "intptr", FldName: "cookie", TypeSize: 4}}},
+	}},
+	{NR: 24, Name: "wait", CallName: "wait", Args: []Type{
+		&IntType{IntTypeCommon: IntTypeCommon{TypeCommon: TypeCommon{TypeName: "int32", FldName: "handle_id", TypeSize: 4}}},
+		&PtrType{TypeCommon: TypeCommon{TypeName: "ptr", FldName: "event", TypeSize: 4}, Type: &StructType{Key: StructKey{Name: "uevent"}}},
+		&IntType{IntTypeCommon: IntTypeCommon{TypeCommon: TypeCommon{TypeName: "int32", FldName: "timeout_msecs", TypeSize: 4}}},
+	}},
+	{NR: 25, Name: "wait_any", CallName: "wait_any", Args: []Type{
+		&PtrType{TypeCommon: TypeCommon{TypeName: "ptr", FldName: "event", TypeSize: 4}, Type: &StructType{Key: StructKey{Name: "uevent", Dir: 1}}},
+		&IntType{IntTypeCommon: IntTypeCommon{TypeCommon: TypeCommon{TypeName: "int32", FldName: "timeout_msecs", TypeSize: 4}}},
+	}},
+	{NR: 1, Name: "write", CallName: "write", Args: []Type{
+		&IntType{IntTypeCommon: IntTypeCommon{TypeCommon: TypeCommon{TypeName: "int32", FldName: "fd", TypeSize: 4}}},
+		&PtrType{TypeCommon: TypeCommon{TypeName: "ptr", FldName: "msg", TypeSize: 4}, Type: &BufferType{TypeCommon: TypeCommon{TypeName: "array", IsVarlen: true}}},
+		&LenType{IntTypeCommon: IntTypeCommon{TypeCommon: TypeCommon{TypeName: "len", FldName: "size", TypeSize: 4}}, Buf: "msg"},
+	}},
+}
+
+var consts_arm = []ConstValue{
+	{Name: "__NR_accept", Value: 18},
+	{Name: "__NR_brk", Value: 2},
+	{Name: "__NR_close", Value: 19},
+	{Name: "__NR_connect", Value: 17},
+	{Name: "__NR_exit_etc", Value: 3},
+	{Name: "__NR_finish_dma", Value: 11},
+	{Name: "__NR_get_msg", Value: 32},
+	{Name: "__NR_gettime", Value: 7},
+	{Name: "__NR_handle_set_create", Value: 21},
+	{Name: "__NR_handle_set_ctrl", Value: 22},
+	{Name: "__NR_ioctl", Value: 5},
+	{Name: "__NR_mmap", Value: 8},
+	{Name: "__NR_munmap", Value: 9},
+	{Name: "__NR_nanosleep", Value: 6},
+	{Name: "__NR_port_create", Value: 16},
+	{Name: "__NR_prepare_dma", Value: 10},
+	{Name: "__NR_put_msg", Value: 34},
+	{Name: "__NR_read", Value: 4},
+	{Name: "__NR_read_msg", Value: 33},
+	{Name: "__NR_send_msg", Value: 35},
+	{Name: "__NR_set_cookie", Value: 20},
+	{Name: "__NR_wait", Value: 24},
+	{Name: "__NR_wait_any", Value: 25},
+	{Name: "__NR_write", Value: 1},
+}
+
+const revision_arm = "e310afc1c6f271074c53522dc18d6a86e8f2553f"
diff --git a/sys/trusty/gen/empty.go b/sys/trusty/gen/empty.go
new file mode 100644
index 000000000..5baff07bf
--- /dev/null
+++ b/sys/trusty/gen/empty.go
@@ -0,0 +1,3 @@
+// AUTOGENERATED FILE
+// This file is needed if OS is completely excluded by build tags.
+package gen
diff --git a/sys/trusty/init.go b/sys/trusty/init.go
new file mode 100644
index 000000000..5f5335566
--- /dev/null
+++ b/sys/trusty/init.go
@@ -0,0 +1,21 @@
+// Copyright 2018 syzkaller project authors. All rights reserved.
+// Use of this source code is governed by Apache 2 LICENSE that can be found in the LICENSE file.
+
+package trusty
+
+import (
+	"github.com/google/syzkaller/prog"
+	"github.com/google/syzkaller/sys/targets"
+)
+
+type arch struct {
+}
+
+func InitTarget(target *prog.Target) {
+	arch := &arch{}
+	target.MakeMmap = targets.MakeSyzMmap(target)
+	target.SanitizeCall = arch.sanitizeCall
+}
+
+func (arch *arch) sanitizeCall(c *prog.Call) {
+}
diff --git a/sys/trusty/sys.txt b/sys/trusty/sys.txt
new file mode 100644
index 000000000..7629b6b70
--- /dev/null
+++ b/sys/trusty/sys.txt
@@ -0,0 +1,54 @@
+# Copyright 2018 syzkaller project authors. All rights reserved.
+# Use of this source code is governed by Apache 2 LICENSE that can be found in the LICENSE file.
+
+# https://android.googlesource.com/trusty/lk/trusty/+/master/lib/trusty/include/syscall_table.h
+
+include <user/trusty_syscalls.h>
+
+write(fd int32, msg ptr[in, array[int8]], size len[msg])
+brk(brk int32)
+exit_etc(status int32, flags int32)
+read(fd int32, msg ptr[out, array[int8]], size len[msg])
+ioctl(fd int32, req int32, buf ptr[in, array[int8]])
+nanosleep(clock_id int32, flags int32, sleep_time int64)
+gettime(clock_id int32, flags int32, time ptr[out, int64])
+mmap(uaddr vma, size len[uaddr], flags int32, handle int32)
+munmap(uaddr vma, size len[uaddr])
+prepare_dma(uaddr ptr[out, array[int8]], size len[uaddr], flags int32, pmem ptr[in, dma_pmem])
+finish_dma(uaddr ptr[out, array[int8]], size len[uaddr], flags int32)
+
+port_create(path ptr[in, string], num_recv_bufs int32, recv_buf_size int32, flags int32)
+connect(path ptr[in, string], flags int32)
+accept(handle_id int32, peer_uuid ptr[out, uuid])
+close(handle_id int32)
+set_cookie(handle int32, cookie intptr)
+handle_set_create()
+handle_set_ctrl(handle int32, cmd int32, evt ptr[in, uevent])
+
+wait(handle_id int32, event ptr[in, uevent], timeout_msecs int32)
+wait_any(event ptr[out, uevent], timeout_msecs int32)
+
+get_msg(handle int32, msg_info ptr[in, ipc_msg_info])
+read_msg(handle int32, msg_id int32, offset int32, msg ptr[out, ipc_msg])
+put_msg(handle int32, msg_id int32)
+send_msg(handle int32, msg ptr[in, ipc_msg])
+
+dma_pmem {
+	todo	int32
+}
+
+uuid {
+	todo	int32
+}
+
+uevent {
+	todo	int32
+}
+
+ipc_msg_info {
+	todo	int32
+}
+
+ipc_msg {
+	todo	int32
+}
diff --git a/sys/trusty/sys_arm.const b/sys/trusty/sys_arm.const
new file mode 100644
index 000000000..10596a690
--- /dev/null
+++ b/sys/trusty/sys_arm.const
@@ -0,0 +1,25 @@
+# AUTOGENERATED FILE
+__NR_accept = 18
+__NR_brk = 2
+__NR_close = 19
+__NR_connect = 17
+__NR_exit_etc = 3
+__NR_finish_dma = 11
+__NR_get_msg = 32
+__NR_gettime = 7
+__NR_handle_set_create = 21
+__NR_handle_set_ctrl = 22
+__NR_ioctl = 5
+__NR_mmap = 8
+__NR_munmap = 9
+__NR_nanosleep = 6
+__NR_port_create = 16
+__NR_prepare_dma = 10
+__NR_put_msg = 34
+__NR_read = 4
+__NR_read_msg = 33
+__NR_send_msg = 35
+__NR_set_cookie = 20
+__NR_wait = 24
+__NR_wait_any = 25
+__NR_write = 1
author	Dmitry Vyukov <dvyukov@google.com>	2018-11-07 17:52:06 -0800
committer	Dmitry Vyukov <dvyukov@google.com>	2018-11-07 17:52:06 -0800
commit	0d872150de5bcd8d9c037302629df30bba4efc80 (patch)
tree	165f2d593796b18be29be5cb105e253471cdb699
parent	e85d2a6170932cb475cf91be848c7593598eb81c (diff)