Verify wipe package when wiping A/B device in recovery.
To increase the security of wiping A/B devices, let uncrypt write
wipe package in misc partition. Then recovery verifies the wipe
package before wiping the device.
Based on the original cherrypick, this CL also has additional changes to
address the LOG statements and libziparchive changes.
Bug: 29159185
Test: Build and boot into recovery.
Change-Id: I186691bab1928d3dc036bc5542abd64a81bc2168
(cherry picked from commit 6faf0265c9b58db2c15b53f6d29025629d52f882)
diff --git a/uncrypt/include/bootloader_message_writer.h b/uncrypt/include/bootloader_message_writer.h
deleted file mode 100644
index e0ca3f4..0000000
--- a/uncrypt/include/bootloader_message_writer.h
+++ /dev/null
@@ -1,35 +0,0 @@
-/*
- * Copyright (C) 2016 The Android Open Source Project
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-
-#ifndef BOOTLOADER_MESSAGE_WRITER_H
-#define BOOTLOADER_MESSAGE_WRITER_H
-
-#ifdef __cplusplus
-#include <string>
-#include <vector>
-
-bool clear_bootloader_message(std::string* err);
-
-bool write_bootloader_message(const std::vector<std::string>& options, std::string* err);
-
-#else
-#include <stdbool.h>
-
-// C Interface.
-bool write_bootloader_message(const char* options);
-#endif
-
-#endif // BOOTLOADER_MESSAGE_WRITER_H
diff --git a/uncrypt/uncrypt.cpp b/uncrypt/uncrypt.cpp
index 8b4d8ef..a5d692b 100644
--- a/uncrypt/uncrypt.cpp
+++ b/uncrypt/uncrypt.cpp
@@ -528,14 +528,31 @@
return false;
}
LOG(INFO) << " received command: [" << content << "] (" << content.size() << ")";
+ std::vector<std::string> options = android::base::Split(content, "\n");
+ std::string wipe_package;
+ for (auto& option : options) {
+ if (android::base::StartsWith(option, "--wipe_package=")) {
+ std::string path = option.substr(strlen("--wipe_package="));
+ if (!android::base::ReadFileToString(path, &wipe_package)) {
+ PLOG(ERROR) << "failed to read " << path;
+ return false;
+ }
+ option = android::base::StringPrintf("--wipe_package_size=%zu", wipe_package.size());
+ }
+ }
// c8. setup the bcb command
std::string err;
- if (!write_bootloader_message({content}, &err)) {
+ if (!write_bootloader_message(options, &err)) {
LOG(ERROR) << "failed to set bootloader message: " << err;
write_status_to_socket(-1, socket);
return false;
}
+ if (!wipe_package.empty() && !write_wipe_package(wipe_package, &err)) {
+ PLOG(ERROR) << "failed to set wipe package: " << err;
+ write_status_to_socket(-1, socket);
+ return false;
+ }
// c10. send "100" status
write_status_to_socket(100, socket);
return true;