QSEE SECURITY TEST APP
======================

This application is used to repeatedly test the QSEECom interface, ensuring that
buffer protections are applied and proper security precautions taken. Each run 
of the security app performs, at a minimum, the following:

1.  A number of client threads are spawned, each starting the Security QSApp.
2.  Each client spawns a number of listener threads, each registering with the QSApp.
3.  The client threads perform a simple send command to ensure the QSApp is working.
4.  Each client then sends a command to the QSApp, which in turn wakes up each of 
    the listener threads originally spawned by the invoking client.
5.  Listener threads, when woken, attempt to modify their parent client's send and 
    receive buffers (to ensure the buffers have been locked), as well as modify 
    the other listener's buffers (to ensure all non-secure memory to be used by the 
    QSApp is secured).
6.  Once the tests are complete, the listeners unregister and exit, followed by the 
    clients shutting down the QSApp and exiting.
7.  Application returns 0 on success.

The number of clients, listeners, and test runs are compile-time defines. In addition 
to the above, some extra tests are available to be enabled via commandline arguments.  
These tests are not included in the regular suite due to the inability for further 
tests to be run afterwards, or non-deterministic inputs.  The tests include:

1.  Secure PIL Test: replace part of the QSApp image with randomly generated 
    data to verify that it is checked for tampering before being allowed to execute:
    ./qseecom_security_test r
2.  Protected Memory Access: attempts to access protected memory regions as a HLOS 
    application, besides the clients' send/receive buffers; some of these memory 
    accesses will cause the device to hang.  The index of g_protected_memory to 
    test is supplied as an argument:
    ./qseecom_security_test p <0...sizeof(g_protected_memory)>
    The following address areas are included for testing:
      TZ IMEM
      Multi-media sub-system
      Modem sub-system, firmware
      Modem sub-system, software
      Riva sub-system
      LPASS sub-system
      Secure Application in DDR
3.  Secure Memory as Input Parameter: The ION buffer address used for the send/receive 
    buffers is modified to, after the user virtual to kernel physical address conversion, 
    point to a secure memory address.  This ensures that TZ will not allow a secure 
    application to overwrite secure memory.  The caveat to this test is that the
    conversion factor is not deterministic, because it depends on the address space
    provided by Android to the test application at runtime.
    ./qseecom_security_test b <user_virt_to_kernel_phys_offset_as_hex>
