diff options
| -rw-r--r-- | Android.mk | 8 | ||||
| -rw-r--r-- | install.cpp | 2 | ||||
| -rw-r--r-- | minui/resources.cpp | 2 | ||||
| -rw-r--r-- | recovery-persist.cpp | 30 | ||||
| -rw-r--r-- | recovery.cpp | 48 | ||||
| -rw-r--r-- | roots.cpp | 62 | ||||
| -rw-r--r-- | tests/component/updater_test.cpp | 4 | ||||
| -rw-r--r-- | tests/manual/recovery_test.cpp | 2 | ||||
| -rw-r--r-- | updater/install.cpp | 27 | ||||
| -rw-r--r-- | verifier.cpp | 143 |
10 files changed, 201 insertions, 127 deletions
diff --git a/Android.mk b/Android.mk index dc066dd48..3eed7a696 100644 --- a/Android.mk +++ b/Android.mk @@ -85,9 +85,11 @@ LOCAL_MODULE := recovery LOCAL_FORCE_STATIC_EXECUTABLE := true +LOCAL_REQUIRED_MODULES := e2fsdroid_static mke2fs_static mke2fs.conf + ifeq ($(TARGET_USERIMAGES_USE_F2FS),true) ifeq ($(HOST_OS),linux) -LOCAL_REQUIRED_MODULES := mkfs.f2fs +LOCAL_REQUIRED_MODULES += mkfs.f2fs endif endif @@ -120,6 +122,7 @@ LOCAL_STATIC_LIBRARIES := \ libverifier \ libbatterymonitor \ libbootloader_message \ + libfs_mgr \ libext4_utils \ libsparse \ libziparchive \ @@ -130,7 +133,6 @@ LOCAL_STATIC_LIBRARIES := \ libfusesideload \ libminui \ libpng \ - libfs_mgr \ libcrypto_utils \ libcrypto \ libvintf_recovery \ @@ -159,7 +161,7 @@ else endif ifeq ($(BOARD_CACHEIMAGE_PARTITION_SIZE),) -LOCAL_REQUIRED_MODULES := recovery-persist recovery-refresh +LOCAL_REQUIRED_MODULES += recovery-persist recovery-refresh endif include $(BUILD_EXECUTABLE) diff --git a/install.cpp b/install.cpp index 7ba8f0139..7fbf5c01f 100644 --- a/install.cpp +++ b/install.cpp @@ -265,7 +265,7 @@ int update_binary_command(const std::string& package, ZipArchiveHandle zip, } unlink(binary_path.c_str()); - int fd = creat(binary_path.c_str(), 0755); + int fd = open(binary_path.c_str(), O_CREAT | O_WRONLY | O_TRUNC | O_CLOEXEC, 0755); if (fd == -1) { PLOG(ERROR) << "Failed to create " << binary_path; return INSTALL_ERROR; diff --git a/minui/resources.cpp b/minui/resources.cpp index 86c731b02..8f8d36d27 100644 --- a/minui/resources.cpp +++ b/minui/resources.cpp @@ -56,7 +56,7 @@ static int open_png(const char* name, png_structp* png_ptr, png_infop* info_ptr, snprintf(resPath, sizeof(resPath)-1, "/res/images/%s.png", name); resPath[sizeof(resPath)-1] = '\0'; - FILE* fp = fopen(resPath, "rb"); + FILE* fp = fopen(resPath, "rbe"); if (fp == NULL) { result = -1; goto exit; diff --git a/recovery-persist.cpp b/recovery-persist.cpp index d706ccac8..dbce7ff74 100644 --- a/recovery-persist.cpp +++ b/recovery-persist.cpp @@ -59,21 +59,21 @@ static void check_and_fclose(FILE *fp, const char *name) { } static void copy_file(const char* source, const char* destination) { - FILE* dest_fp = fopen(destination, "w"); - if (dest_fp == nullptr) { - PLOG(ERROR) << "Can't open " << destination; - } else { - FILE* source_fp = fopen(source, "r"); - if (source_fp != nullptr) { - char buf[4096]; - size_t bytes; - while ((bytes = fread(buf, 1, sizeof(buf), source_fp)) != 0) { - fwrite(buf, 1, bytes, dest_fp); - } - check_and_fclose(source_fp, source); - } - check_and_fclose(dest_fp, destination); + FILE* dest_fp = fopen(destination, "we"); + if (dest_fp == nullptr) { + PLOG(ERROR) << "Can't open " << destination; + } else { + FILE* source_fp = fopen(source, "re"); + if (source_fp != nullptr) { + char buf[4096]; + size_t bytes; + while ((bytes = fread(buf, 1, sizeof(buf), source_fp)) != 0) { + fwrite(buf, 1, bytes, dest_fp); + } + check_and_fclose(source_fp, source); } + check_and_fclose(dest_fp, destination); + } } static bool rotated = false; @@ -120,7 +120,7 @@ int main(int argc, char **argv) { */ bool has_cache = false; static const char mounts_file[] = "/proc/mounts"; - FILE *fp = fopen(mounts_file, "r"); + FILE* fp = fopen(mounts_file, "re"); if (!fp) { PLOG(ERROR) << "failed to open " << mounts_file; } else { diff --git a/recovery.cpp b/recovery.cpp index 122b89d0b..e2d993e23 100644 --- a/recovery.cpp +++ b/recovery.cpp @@ -249,7 +249,7 @@ static void redirect_stdio(const char* filename) { auto start = std::chrono::steady_clock::now(); // Child logger to actually write to the log file. - FILE* log_fp = fopen(filename, "a"); + FILE* log_fp = fopen(filename, "ae"); if (log_fp == nullptr) { PLOG(ERROR) << "fopen \"" << filename << "\" failed"; close(pipefd[0]); @@ -418,27 +418,27 @@ static void copy_log_file_to_pmsg(const char* source, const char* destination) { static off_t tmplog_offset = 0; static void copy_log_file(const char* source, const char* destination, bool append) { - FILE* dest_fp = fopen_path(destination, append ? "a" : "w"); - if (dest_fp == nullptr) { - PLOG(ERROR) << "Can't open " << destination; - } else { - FILE* source_fp = fopen(source, "r"); - if (source_fp != nullptr) { - if (append) { - fseeko(source_fp, tmplog_offset, SEEK_SET); // Since last write - } - char buf[4096]; - size_t bytes; - while ((bytes = fread(buf, 1, sizeof(buf), source_fp)) != 0) { - fwrite(buf, 1, bytes, dest_fp); - } - if (append) { - tmplog_offset = ftello(source_fp); - } - check_and_fclose(source_fp, source); - } - check_and_fclose(dest_fp, destination); + FILE* dest_fp = fopen_path(destination, append ? "ae" : "we"); + if (dest_fp == nullptr) { + PLOG(ERROR) << "Can't open " << destination; + } else { + FILE* source_fp = fopen(source, "re"); + if (source_fp != nullptr) { + if (append) { + fseeko(source_fp, tmplog_offset, SEEK_SET); // Since last write + } + char buf[4096]; + size_t bytes; + while ((bytes = fread(buf, 1, sizeof(buf), source_fp)) != 0) { + fwrite(buf, 1, bytes, dest_fp); + } + if (append) { + tmplog_offset = ftello(source_fp); + } + check_and_fclose(source_fp, source); } + check_and_fclose(dest_fp, destination); + } } static void copy_logs() { @@ -487,7 +487,7 @@ static void finish_recovery() { if (!locale.empty() && has_cache) { LOG(INFO) << "Saving locale \"" << locale << "\""; - FILE* fp = fopen_path(LOCALE_FILE, "w"); + FILE* fp = fopen_path(LOCALE_FILE, "we"); if (!android::base::WriteStringToFd(locale, fileno(fp))) { PLOG(ERROR) << "Failed to save locale to " << LOCALE_FILE; } @@ -551,7 +551,7 @@ static bool erase_volume(const char* volume) { } std::string data(sb.st_size, '\0'); - FILE* f = fopen(path.c_str(), "rb"); + FILE* f = fopen(path.c_str(), "rbe"); fread(&data[0], 1, data.size(), f); fclose(f); @@ -579,7 +579,7 @@ static bool erase_volume(const char* volume) { ui->Print("Failed to make convert_fbe dir %s\n", strerror(errno)); return true; } - FILE* f = fopen(CONVERT_FBE_FILE, "wb"); + FILE* f = fopen(CONVERT_FBE_FILE, "wbe"); if (!f) { ui->Print("Failed to convert to file encryption %s\n", strerror(errno)); return true; @@ -27,7 +27,8 @@ #include <fcntl.h> #include <android-base/logging.h> -#include <ext4_utils/make_ext4fs.h> +#include <android-base/properties.h> +#include <android-base/stringprintf.h> #include <ext4_utils/wipe.h> #include <fs_mgr.h> @@ -215,11 +216,60 @@ int format_volume(const char* volume, const char* directory) { } int result; if (strcmp(v->fs_type, "ext4") == 0) { - if (v->erase_blk_size != 0 && v->logical_blk_size != 0) { - result = make_ext4fs_directory_align(v->blk_device, length, volume, sehandle, - directory, v->erase_blk_size, v->logical_blk_size); - } else { - result = make_ext4fs_directory(v->blk_device, length, volume, sehandle, directory); + static constexpr int block_size = 4096; + int raid_stride = v->logical_blk_size / block_size; + int raid_stripe_width = v->erase_blk_size / block_size; + + // stride should be the max of 8kb and logical block size + if (v->logical_blk_size != 0 && v->logical_blk_size < 8192) { + raid_stride = 8192 / block_size; + } + + const char* mke2fs_argv[] = { "/sbin/mke2fs_static", + "-F", + "-t", + "ext4", + "-b", + nullptr, + nullptr, + nullptr, + nullptr, + nullptr, + nullptr }; + + int i = 5; + std::string block_size_str = std::to_string(block_size); + mke2fs_argv[i++] = block_size_str.c_str(); + + std::string ext_args; + if (v->erase_blk_size != 0 && v->logical_blk_size != 0) { + ext_args = android::base::StringPrintf("stride=%d,stripe-width=%d", raid_stride, + raid_stripe_width); + mke2fs_argv[i++] = "-E"; + mke2fs_argv[i++] = ext_args.c_str(); + } + + mke2fs_argv[i++] = v->blk_device; + + std::string size_str = std::to_string(length / block_size); + if (length != 0) { + mke2fs_argv[i++] = size_str.c_str(); + } + + result = exec_cmd(mke2fs_argv[0], const_cast<char**>(mke2fs_argv)); + if (result == 0 && directory != nullptr) { + const char* e2fsdroid_argv[] = { "/sbin/e2fsdroid_static", + "-e", + "-S", + "/file_contexts", + "-f", + directory, + "-a", + volume, + v->blk_device, + nullptr }; + + result = exec_cmd(e2fsdroid_argv[0], const_cast<char**>(e2fsdroid_argv)); } } else { /* Has to be f2fs because we checked earlier. */ if (v->key_loc != NULL && strcmp(v->key_loc, "footer") == 0 && length < 0) { diff --git a/tests/component/updater_test.cpp b/tests/component/updater_test.cpp index 0a9328849..6c341c111 100644 --- a/tests/component/updater_test.cpp +++ b/tests/component/updater_test.cpp @@ -485,7 +485,7 @@ TEST_F(UpdaterTest, block_image_update) { UpdaterInfo updater_info; updater_info.package_zip = handle; TemporaryFile temp_pipe; - updater_info.cmd_pipe = fopen(temp_pipe.path, "wb"); + updater_info.cmd_pipe = fopen(temp_pipe.path, "wbe"); updater_info.package_zip_addr = map.addr; updater_info.package_zip_len = map.length; @@ -561,7 +561,7 @@ TEST_F(UpdaterTest, new_data_short_write) { UpdaterInfo updater_info; updater_info.package_zip = handle; TemporaryFile temp_pipe; - updater_info.cmd_pipe = fopen(temp_pipe.path, "wb"); + updater_info.cmd_pipe = fopen(temp_pipe.path, "wbe"); updater_info.package_zip_addr = map.addr; updater_info.package_zip_len = map.length; diff --git a/tests/manual/recovery_test.cpp b/tests/manual/recovery_test.cpp index d36dd331e..92c6ef2d4 100644 --- a/tests/manual/recovery_test.cpp +++ b/tests/manual/recovery_test.cpp @@ -141,7 +141,7 @@ class ResourceTest : public testing::TestWithParam<std::string> { // under recovery. void SetUp() override { std::string file_path = GetParam(); - fp = fopen(file_path.c_str(), "rb"); + fp = fopen(file_path.c_str(), "rbe"); ASSERT_NE(nullptr, fp); unsigned char header[8]; diff --git a/updater/install.cpp b/updater/install.cpp index ff79edce0..c9a3a0799 100644 --- a/updater/install.cpp +++ b/updater/install.cpp @@ -302,9 +302,32 @@ Value* FormatFn(const char* name, State* state, const std::vector<std::unique_pt } if (fs_type == "ext4") { - int status = make_ext4fs(location.c_str(), size, mount_point.c_str(), sehandle); + const char* mke2fs_argv[] = { "/sbin/mke2fs_static", "-t", "ext4", "-b", "4096", + location.c_str(), nullptr, nullptr }; + std::string size_str; + if (size != 0) { + size_str = std::to_string(size / 4096LL); + mke2fs_argv[6] = size_str.c_str(); + } + + int status = exec_cmd(mke2fs_argv[0], const_cast<char**>(mke2fs_argv)); + if (status != 0) { + LOG(WARNING) << name << ": mke2fs failed (" << status << ") on " << location + << ", falling back to make_ext4fs"; + status = make_ext4fs(location.c_str(), size, mount_point.c_str(), sehandle); + if (status != 0) { + LOG(ERROR) << name << ": make_ext4fs failed (" << status << ") on " << location; + return StringValue(""); + } + return StringValue(location); + } + + const char* e2fsdroid_argv[] = { "/sbin/e2fsdroid_static", "-e", "-S", + "/file_contexts", "-a", mount_point.c_str(), + location.c_str(), nullptr }; + status = exec_cmd(e2fsdroid_argv[0], const_cast<char**>(e2fsdroid_argv)); if (status != 0) { - LOG(ERROR) << name << ": make_ext4fs failed (" << status << ") on " << location; + LOG(ERROR) << name << ": e2fsdroid failed (" << status << ") on " << location; return StringValue(""); } return StringValue(location); diff --git a/verifier.cpp b/verifier.cpp index 2ef9c4c37..18437fb7a 100644 --- a/verifier.cpp +++ b/verifier.cpp @@ -474,81 +474,80 @@ std::unique_ptr<EC_KEY, ECKEYDeleter> parse_ec_key(FILE* file) { // Otherwise returns false if the file failed to parse, or if it contains zero // keys. The contents in certs would be unspecified on failure. bool load_keys(const char* filename, std::vector<Certificate>& certs) { - std::unique_ptr<FILE, decltype(&fclose)> f(fopen(filename, "r"), fclose); - if (!f) { - PLOG(ERROR) << "error opening " << filename; - return false; - } - - while (true) { - certs.emplace_back(0, Certificate::KEY_TYPE_RSA, nullptr, nullptr); - Certificate& cert = certs.back(); - uint32_t exponent = 0; - - char start_char; - if (fscanf(f.get(), " %c", &start_char) != 1) return false; - if (start_char == '{') { - // a version 1 key has no version specifier. - cert.key_type = Certificate::KEY_TYPE_RSA; - exponent = 3; - cert.hash_len = SHA_DIGEST_LENGTH; - } else if (start_char == 'v') { - int version; - if (fscanf(f.get(), "%d {", &version) != 1) return false; - switch (version) { - case 2: - cert.key_type = Certificate::KEY_TYPE_RSA; - exponent = 65537; - cert.hash_len = SHA_DIGEST_LENGTH; - break; - case 3: - cert.key_type = Certificate::KEY_TYPE_RSA; - exponent = 3; - cert.hash_len = SHA256_DIGEST_LENGTH; - break; - case 4: - cert.key_type = Certificate::KEY_TYPE_RSA; - exponent = 65537; - cert.hash_len = SHA256_DIGEST_LENGTH; - break; - case 5: - cert.key_type = Certificate::KEY_TYPE_EC; - cert.hash_len = SHA256_DIGEST_LENGTH; - break; - default: - return false; - } - } + std::unique_ptr<FILE, decltype(&fclose)> f(fopen(filename, "re"), fclose); + if (!f) { + PLOG(ERROR) << "error opening " << filename; + return false; + } - if (cert.key_type == Certificate::KEY_TYPE_RSA) { - cert.rsa = parse_rsa_key(f.get(), exponent); - if (!cert.rsa) { - return false; - } + while (true) { + certs.emplace_back(0, Certificate::KEY_TYPE_RSA, nullptr, nullptr); + Certificate& cert = certs.back(); + uint32_t exponent = 0; + + char start_char; + if (fscanf(f.get(), " %c", &start_char) != 1) return false; + if (start_char == '{') { + // a version 1 key has no version specifier. + cert.key_type = Certificate::KEY_TYPE_RSA; + exponent = 3; + cert.hash_len = SHA_DIGEST_LENGTH; + } else if (start_char == 'v') { + int version; + if (fscanf(f.get(), "%d {", &version) != 1) return false; + switch (version) { + case 2: + cert.key_type = Certificate::KEY_TYPE_RSA; + exponent = 65537; + cert.hash_len = SHA_DIGEST_LENGTH; + break; + case 3: + cert.key_type = Certificate::KEY_TYPE_RSA; + exponent = 3; + cert.hash_len = SHA256_DIGEST_LENGTH; + break; + case 4: + cert.key_type = Certificate::KEY_TYPE_RSA; + exponent = 65537; + cert.hash_len = SHA256_DIGEST_LENGTH; + break; + case 5: + cert.key_type = Certificate::KEY_TYPE_EC; + cert.hash_len = SHA256_DIGEST_LENGTH; + break; + default: + return false; + } + } - LOG(INFO) << "read key e=" << exponent << " hash=" << cert.hash_len; - } else if (cert.key_type == Certificate::KEY_TYPE_EC) { - cert.ec = parse_ec_key(f.get()); - if (!cert.ec) { - return false; - } - } else { - LOG(ERROR) << "Unknown key type " << cert.key_type; - return false; - } + if (cert.key_type == Certificate::KEY_TYPE_RSA) { + cert.rsa = parse_rsa_key(f.get(), exponent); + if (!cert.rsa) { + return false; + } - // if the line ends in a comma, this file has more keys. - int ch = fgetc(f.get()); - if (ch == ',') { - // more keys to come. - continue; - } else if (ch == EOF) { - break; - } else { - LOG(ERROR) << "unexpected character between keys"; - return false; - } + LOG(INFO) << "read key e=" << exponent << " hash=" << cert.hash_len; + } else if (cert.key_type == Certificate::KEY_TYPE_EC) { + cert.ec = parse_ec_key(f.get()); + if (!cert.ec) { + return false; + } + } else { + LOG(ERROR) << "Unknown key type " << cert.key_type; + return false; } - return true; + // if the line ends in a comma, this file has more keys. + int ch = fgetc(f.get()); + if (ch == ',') { + // more keys to come. + continue; + } else if (ch == EOF) { + break; + } else { + LOG(ERROR) << "unexpected character between keys"; + return false; + } + } + return true; } |