Merge "gatekeeperd: use std::unique_ptr" into oc-mr1-dev
diff --git a/adb/Android.mk b/adb/Android.mk
index 5913d94..d5b069a 100644
--- a/adb/Android.mk
+++ b/adb/Android.mk
@@ -360,8 +360,6 @@
LOCAL_MODULE := adbd
LOCAL_FORCE_STATIC_EXECUTABLE := true
-LOCAL_MODULE_PATH := $(TARGET_ROOT_OUT_SBIN)
-LOCAL_UNSTRIPPED_PATH := $(TARGET_ROOT_OUT_SBIN_UNSTRIPPED)
LOCAL_SANITIZE := $(adb_target_sanitize)
LOCAL_STRIP_MODULE := keep_symbols
diff --git a/fastboot/fastboot.cpp b/fastboot/fastboot.cpp
index 271ca95..49d9438 100644
--- a/fastboot/fastboot.cpp
+++ b/fastboot/fastboot.cpp
@@ -93,6 +93,9 @@
static unsigned second_offset = 0x00f00000;
static unsigned tags_offset = 0x00000100;
+static bool g_disable_verity = false;
+static bool g_disable_verification = false;
+
static const std::string convert_fbe_marker_filename("convert_fbe");
enum fb_buffer_type {
@@ -419,6 +422,10 @@
" --skip-reboot Will not reboot the device when\n"
" performing commands that normally\n"
" trigger a reboot.\n"
+ " --disable-verity Set the disable-verity flag in the\n"
+ " the vbmeta image being flashed.\n"
+ " --disable-verification Set the disable-verification flag in"
+ " the vbmeta image being flashed.\n"
#if !defined(_WIN32)
" --wipe-and-use-fbe On devices which support it,\n"
" erase userdata and cache, and\n"
@@ -858,10 +865,55 @@
return load_buf_fd(transport, fd.release(), buf);
}
+static void rewrite_vbmeta_buffer(struct fastboot_buffer* buf) {
+ // Buffer needs to be at least the size of the VBMeta struct which
+ // is 256 bytes.
+ if (buf->sz < 256) {
+ return;
+ }
+
+ int fd = make_temporary_fd();
+ if (fd == -1) {
+ die("Failed to create temporary file for vbmeta rewriting");
+ }
+
+ std::string data;
+ if (!android::base::ReadFdToString(buf->fd, &data)) {
+ die("Failed reading from vbmeta");
+ }
+
+ // There's a 32-bit big endian |flags| field at offset 120 where
+ // bit 0 corresponds to disable-verity and bit 1 corresponds to
+ // disable-verification.
+ //
+ // See external/avb/libavb/avb_vbmeta_image.h for the layout of
+ // the VBMeta struct.
+ if (g_disable_verity) {
+ data[123] |= 0x01;
+ }
+ if (g_disable_verification) {
+ data[123] |= 0x02;
+ }
+
+ if (!android::base::WriteStringToFd(data, fd)) {
+ die("Failed writing to modified vbmeta");
+ }
+ close(buf->fd);
+ buf->fd = fd;
+ lseek(fd, 0, SEEK_SET);
+}
+
static void flash_buf(const char *pname, struct fastboot_buffer *buf)
{
sparse_file** s;
+ // Rewrite vbmeta if that's what we're flashing and modification has been requested.
+ if ((g_disable_verity || g_disable_verification) &&
+ (strcmp(pname, "vbmeta") == 0 || strcmp(pname, "vbmeta_a") == 0 ||
+ strcmp(pname, "vbmeta_b") == 0)) {
+ rewrite_vbmeta_buffer(buf);
+ }
+
switch (buf->type) {
case FB_BUFFER_SPARSE: {
std::vector<std::pair<sparse_file*, int64_t>> sparse_files;
@@ -1470,6 +1522,8 @@
{"set-active", optional_argument, 0, 'a'},
{"skip-secondary", no_argument, 0, 0},
{"skip-reboot", no_argument, 0, 0},
+ {"disable-verity", no_argument, 0, 0},
+ {"disable-verification", no_argument, 0, 0},
#if !defined(_WIN32)
{"wipe-and-use-fbe", no_argument, 0, 0},
#endif
@@ -1555,6 +1609,10 @@
skip_secondary = true;
} else if (strcmp("skip-reboot", longopts[longindex].name) == 0 ) {
skip_reboot = true;
+ } else if (strcmp("disable-verity", longopts[longindex].name) == 0 ) {
+ g_disable_verity = true;
+ } else if (strcmp("disable-verification", longopts[longindex].name) == 0 ) {
+ g_disable_verification = true;
#if !defined(_WIN32)
} else if (strcmp("wipe-and-use-fbe", longopts[longindex].name) == 0) {
wants_wipe = true;
diff --git a/libvndksupport/linker.c b/libvndksupport/linker.c
index 703b593..d06cafc 100644
--- a/libvndksupport/linker.c
+++ b/libvndksupport/linker.c
@@ -23,23 +23,38 @@
extern struct android_namespace_t* android_get_exported_namespace(const char*);
+static const char* namespace_name = NULL;
+
+static struct android_namespace_t* get_vendor_namespace() {
+ const char* namespace_names[] = {"sphal", "default", NULL};
+ static struct android_namespace_t* vendor_namespace = NULL;
+ if (vendor_namespace == NULL) {
+ int name_idx = 0;
+ while (namespace_names[name_idx] != NULL) {
+ vendor_namespace = android_get_exported_namespace(namespace_names[name_idx]);
+ if (vendor_namespace != NULL) {
+ namespace_name = namespace_names[name_idx];
+ break;
+ }
+ name_idx++;
+ }
+ }
+ return vendor_namespace;
+}
+
void* android_load_sphal_library(const char* name, int flag) {
- struct android_namespace_t* sphal_namespace = android_get_exported_namespace("sphal");
- if (sphal_namespace != NULL) {
+ struct android_namespace_t* vendor_namespace = get_vendor_namespace();
+ if (vendor_namespace != NULL) {
const android_dlextinfo dlextinfo = {
- .flags = ANDROID_DLEXT_USE_NAMESPACE, .library_namespace = sphal_namespace,
+ .flags = ANDROID_DLEXT_USE_NAMESPACE, .library_namespace = vendor_namespace,
};
void* handle = android_dlopen_ext(name, flag, &dlextinfo);
if (!handle) {
- ALOGE(
- "Could not load %s from sphal namespace: %s.",
- name, dlerror());
+ ALOGE("Could not load %s from %s namespace: %s.", name, namespace_name, dlerror());
}
return handle;
} else {
- ALOGD(
- "Loading %s from current namespace instead of sphal namespace.",
- name);
+ ALOGD("Loading %s from current namespace instead of sphal namespace.", name);
return dlopen(name, flag);
}
}
diff --git a/libziparchive/zip_archive.cc b/libziparchive/zip_archive.cc
index 17c268b..4559b32 100644
--- a/libziparchive/zip_archive.cc
+++ b/libziparchive/zip_archive.cc
@@ -379,6 +379,22 @@
return -1;
}
}
+
+ uint32_t lfh_start_bytes;
+ if (!archive->mapped_zip.ReadAtOffset(reinterpret_cast<uint8_t*>(&lfh_start_bytes),
+ sizeof(uint32_t), 0)) {
+ ALOGW("Zip: Unable to read header for entry at offset == 0.");
+ return -1;
+ }
+
+ if (lfh_start_bytes != LocalFileHeader::kSignature) {
+ ALOGW("Zip: Entry at offset zero has invalid LFH signature %" PRIx32, lfh_start_bytes);
+#if defined(__ANDROID__)
+ android_errorWriteLog(0x534e4554, "64211847");
+#endif
+ return -1;
+ }
+
ALOGV("+++ zip good scan %" PRIu16 " entries", num_entries);
return 0;
diff --git a/libziparchive/zip_archive_test.cc b/libziparchive/zip_archive_test.cc
index dbc14f0..753bd44 100644
--- a/libziparchive/zip_archive_test.cc
+++ b/libziparchive/zip_archive_test.cc
@@ -717,6 +717,55 @@
ASSERT_STREQ("I/O error", ErrorCodeString(kIoError));
}
+// A zip file whose local file header at offset zero is corrupted.
+//
+// ---------------
+// cat foo > a.txt
+// zip a.zip a.txt
+// cat a.zip | xxd -i
+//
+// Manual changes :
+// [2] = 0xff // Corrupt the LFH signature of entry 0.
+// [3] = 0xff // Corrupt the LFH signature of entry 0.
+static const std::vector<uint8_t> kZipFileWithBrokenLfhSignature{
+ //[lfh-sig-----------], [lfh contents---------------------------------
+ 0x50, 0x4b, 0xff, 0xff, 0x0a, 0x00, 0x00, 0x00, 0x00, 0x00, 0x77, 0x80,
+ //--------------------------------------------------------------------
+ 0x09, 0x4b, 0xa8, 0x65, 0x32, 0x7e, 0x04, 0x00, 0x00, 0x00, 0x04, 0x00,
+ //-------------------------------] [file-name-----------------], [---
+ 0x00, 0x00, 0x05, 0x00, 0x1c, 0x00, 0x61, 0x2e, 0x74, 0x78, 0x74, 0x55,
+ // entry-contents------------------------------------------------------
+ 0x54, 0x09, 0x00, 0x03, 0x51, 0x24, 0x8b, 0x59, 0x51, 0x24, 0x8b, 0x59,
+ //--------------------------------------------------------------------
+ 0x75, 0x78, 0x0b, 0x00, 0x01, 0x04, 0x89, 0x42, 0x00, 0x00, 0x04, 0x88,
+ //-------------------------------------], [cd-record-sig-------], [---
+ 0x13, 0x00, 0x00, 0x66, 0x6f, 0x6f, 0x0a, 0x50, 0x4b, 0x01, 0x02, 0x1e,
+ // cd-record-----------------------------------------------------------
+ 0x03, 0x0a, 0x00, 0x00, 0x00, 0x00, 0x00, 0x77, 0x80, 0x09, 0x4b, 0xa8,
+ //--------------------------------------------------------------------
+ 0x65, 0x32, 0x7e, 0x04, 0x00, 0x00, 0x00, 0x04, 0x00, 0x00, 0x00, 0x05,
+ //--------------------------------------------------------------------
+ 0x00, 0x18, 0x00, 0x00, 0x00, 0x00, 0x00, 0x01, 0x00, 0x00, 0x00, 0xa0,
+ //-] [lfh-file-header-off-], [file-name-----------------], [extra----
+ 0x81, 0x00, 0x00, 0x00, 0x00, 0x61, 0x2e, 0x74, 0x78, 0x74, 0x55, 0x54,
+ //--------------------------------------------------------------------
+ 0x05, 0x00, 0x03, 0x51, 0x24, 0x8b, 0x59, 0x75, 0x78, 0x0b, 0x00, 0x01,
+ //-------------------------------------------------------], [eocd-sig-
+ 0x04, 0x89, 0x42, 0x00, 0x00, 0x04, 0x88, 0x13, 0x00, 0x00, 0x50, 0x4b,
+ //-------], [---------------------------------------------------------
+ 0x05, 0x06, 0x00, 0x00, 0x00, 0x00, 0x01, 0x00, 0x01, 0x00, 0x4b, 0x00,
+ //-------------------------------------------]
+ 0x00, 0x00, 0x43, 0x00, 0x00, 0x00, 0x00, 0x00};
+
+TEST(ziparchive, BrokenLfhSignature) {
+ TemporaryFile tmp_file;
+ ASSERT_NE(-1, tmp_file.fd);
+ ASSERT_TRUE(android::base::WriteFully(tmp_file.fd, &kZipFileWithBrokenLfhSignature[0],
+ kZipFileWithBrokenLfhSignature.size()));
+ ZipArchiveHandle handle;
+ ASSERT_EQ(-1, OpenArchiveFd(tmp_file.fd, "LeadingNonZipBytes", &handle));
+}
+
int main(int argc, char** argv) {
::testing::InitGoogleTest(&argc, argv);
diff --git a/rootdir/etc/ld.config.txt b/rootdir/etc/ld.config.txt
index 16db770..57ec518 100644
--- a/rootdir/etc/ld.config.txt
+++ b/rootdir/etc/ld.config.txt
@@ -81,6 +81,7 @@
# to load the compiled *.so file and libmediandk.so can be used here.
###############################################################################
namespace.rs.isolated = true
+namespace.rs.visible = true
namespace.rs.search.paths = /vendor/${LIB}/vndk-sp:/system/${LIB}/vndk-sp:/vendor/${LIB}
namespace.rs.permitted.paths = /vendor/${LIB}:/data
diff --git a/rootdir/init.usb.rc b/rootdir/init.usb.rc
index 915d159..3168f40 100644
--- a/rootdir/init.usb.rc
+++ b/rootdir/init.usb.rc
@@ -12,7 +12,7 @@
mkdir /data/adb 0700 root root
# adbd is controlled via property triggers in init.<platform>.usb.rc
-service adbd /sbin/adbd --root_seclabel=u:r:su:s0
+service adbd /system/bin/adbd --root_seclabel=u:r:su:s0
class core
socket adbd stream 660 system system
disabled