Merge "Check maximum allowed download size for download command."
diff --git a/adb/daemon/file_sync_service.cpp b/adb/daemon/file_sync_service.cpp
index 8c39a20..d55096a 100644
--- a/adb/daemon/file_sync_service.cpp
+++ b/adb/daemon/file_sync_service.cpp
@@ -32,6 +32,10 @@
#include <unistd.h>
#include <utime.h>
+#include <memory>
+#include <string>
+#include <vector>
+
#include <android-base/file.h>
#include <android-base/stringprintf.h>
#include <android-base/strings.h>
@@ -47,6 +51,7 @@
#include "security_log_tags.h"
#include "sysdeps/errno.h"
+using android::base::Dirname;
using android::base::StringPrintf;
static bool should_use_fs_config(const std::string& path) {
@@ -219,7 +224,7 @@
}
if (fd < 0 && errno == ENOENT) {
- if (!secure_mkdirs(android::base::Dirname(path))) {
+ if (!secure_mkdirs(Dirname(path))) {
SendSyncFailErrno(s, "secure_mkdirs failed");
goto fail;
}
@@ -327,8 +332,6 @@
#else
static bool handle_send_link(int s, const std::string& path, std::vector<char>& buffer) {
syncmsg msg;
- unsigned int len;
- int ret;
if (!ReadFdExactly(s, &msg.data, sizeof(msg.data))) return false;
@@ -337,24 +340,28 @@
return false;
}
- len = msg.data.size;
+ unsigned int len = msg.data.size;
if (len > buffer.size()) { // TODO: resize buffer?
SendSyncFail(s, "oversize data message");
return false;
}
if (!ReadFdExactly(s, &buffer[0], len)) return false;
- ret = symlink(&buffer[0], path.c_str());
- if (ret && errno == ENOENT) {
- if (!secure_mkdirs(android::base::Dirname(path))) {
- SendSyncFailErrno(s, "secure_mkdirs failed");
+ std::string buf_link;
+ if (!android::base::Readlink(path, &buf_link) || (buf_link != &buffer[0])) {
+ adb_unlink(path.c_str());
+ auto ret = symlink(&buffer[0], path.c_str());
+ if (ret && errno == ENOENT) {
+ if (!secure_mkdirs(Dirname(path))) {
+ SendSyncFailErrno(s, "secure_mkdirs failed");
+ return false;
+ }
+ ret = symlink(&buffer[0], path.c_str());
+ }
+ if (ret) {
+ SendSyncFailErrno(s, "symlink failed");
return false;
}
- ret = symlink(&buffer[0], path.c_str());
- }
- if (ret) {
- SendSyncFailErrno(s, "symlink failed");
- return false;
}
if (!ReadFdExactly(s, &msg.data, sizeof(msg.data))) return false;
@@ -391,7 +398,8 @@
// Don't delete files before copying if they are not "regular" or symlinks.
struct stat st;
- bool do_unlink = (lstat(path.c_str(), &st) == -1) || S_ISREG(st.st_mode) || S_ISLNK(st.st_mode);
+ bool do_unlink = (lstat(path.c_str(), &st) == -1) || S_ISREG(st.st_mode) ||
+ (S_ISLNK(st.st_mode) && !S_ISLNK(mode));
if (do_unlink) {
adb_unlink(path.c_str());
}
diff --git a/base/include/android-base/parseint.h b/base/include/android-base/parseint.h
index 9444fdd..be8b97b 100644
--- a/base/include/android-base/parseint.h
+++ b/base/include/android-base/parseint.h
@@ -22,6 +22,7 @@
#include <limits>
#include <string>
+#include <type_traits>
namespace android {
namespace base {
@@ -33,6 +34,7 @@
template <typename T>
bool ParseUint(const char* s, T* out, T max = std::numeric_limits<T>::max(),
bool allow_suffixes = false) {
+ static_assert(std::is_unsigned<T>::value, "ParseUint can only be used with unsigned types");
while (isspace(*s)) {
s++;
}
@@ -96,6 +98,7 @@
bool ParseInt(const char* s, T* out,
T min = std::numeric_limits<T>::min(),
T max = std::numeric_limits<T>::max()) {
+ static_assert(std::is_signed<T>::value, "ParseInt can only be used with signed types");
while (isspace(*s)) {
s++;
}
diff --git a/fastboot/device/commands.cpp b/fastboot/device/commands.cpp
index 042e337..d5ea6db 100644
--- a/fastboot/device/commands.cpp
+++ b/fastboot/device/commands.cpp
@@ -131,6 +131,11 @@
if (args.size() < 2) {
return device->WriteStatus(FastbootResult::FAIL, "Invalid arguments");
}
+
+ if (GetDeviceLockStatus()) {
+ return device->WriteStatus(FastbootResult::FAIL, "Erase is not allowed on locked devices");
+ }
+
PartitionHandle handle;
if (!OpenPartition(device, args[1], &handle)) {
return device->WriteStatus(FastbootResult::FAIL, "Partition doesn't exist");
@@ -163,6 +168,12 @@
if (args.size() < 2) {
return device->WriteStatus(FastbootResult::FAIL, "size argument unspecified");
}
+
+ if (GetDeviceLockStatus()) {
+ return device->WriteStatus(FastbootResult::FAIL,
+ "Download is not allowed on locked devices");
+ }
+
// arg[0] is the command name, arg[1] contains size of data to be downloaded
unsigned int size;
if (!android::base::ParseUint("0x" + args[1], &size, kMaxDownloadSizeDefault)) {
@@ -203,6 +214,11 @@
return device->WriteStatus(FastbootResult::FAIL, "Missing slot argument");
}
+ if (GetDeviceLockStatus()) {
+ return device->WriteStatus(FastbootResult::FAIL,
+ "set_active command is not allowed on locked devices");
+ }
+
// Slot suffix needs to be between 'a' and 'z'.
Slot slot;
if (!GetSlotNumber(args[1], &slot)) {
diff --git a/fastboot/device/utility.cpp b/fastboot/device/utility.cpp
index 528abec..b844b9f 100644
--- a/fastboot/device/utility.cpp
+++ b/fastboot/device/utility.cpp
@@ -23,6 +23,7 @@
#include <android-base/file.h>
#include <android-base/logging.h>
+#include <android-base/strings.h>
#include <fs_mgr.h>
#include <fs_mgr_dm_linear.h>
#include <liblp/liblp.h>
@@ -82,6 +83,10 @@
}
std::optional<std::string> FindPhysicalPartition(const std::string& name) {
+ // Check for an invalid file name
+ if (android::base::StartsWith(name, "../") || name.find("/../") != std::string::npos) {
+ return {};
+ }
std::string path = "/dev/block/by-name/" + name;
if (access(path.c_str(), W_OK) < 0) {
return {};
@@ -164,6 +169,9 @@
bool GetDeviceLockStatus() {
std::string cmdline;
- android::base::ReadFileToString("/proc/cmdline", &cmdline);
+ // Return lock status true if unable to read kernel command line.
+ if (!android::base::ReadFileToString("/proc/cmdline", &cmdline)) {
+ return true;
+ }
return cmdline.find("androidboot.verifiedbootstate=orange") == std::string::npos;
}
diff --git a/fs_mgr/fs_mgr.cpp b/fs_mgr/fs_mgr.cpp
index 3ab9732..7f9d9a4 100644
--- a/fs_mgr/fs_mgr.cpp
+++ b/fs_mgr/fs_mgr.cpp
@@ -37,6 +37,7 @@
#include <memory>
#include <string>
#include <thread>
+#include <utility>
#include <vector>
#include <android-base/file.h>
@@ -1500,16 +1501,17 @@
bool system_root = android::base::GetProperty("ro.build.system_root_image", "") == "true";
for (int i = 0; i < fstab->num_entries; i++) {
- if (!fs_mgr_is_verified(&fstab->recs[i]) && !fs_mgr_is_avb(&fstab->recs[i])) {
+ auto fsrec = &fstab->recs[i];
+ if (!fs_mgr_is_verified(fsrec) && !fs_mgr_is_avb(fsrec)) {
continue;
}
std::string mount_point;
- if (system_root && !strcmp(fstab->recs[i].mount_point, "/")) {
+ if (system_root && !strcmp(fsrec->mount_point, "/")) {
// In AVB, the dm device name is vroot instead of system.
- mount_point = fs_mgr_is_avb(&fstab->recs[i]) ? "vroot" : "system";
+ mount_point = fs_mgr_is_avb(fsrec) ? "vroot" : "system";
} else {
- mount_point = basename(fstab->recs[i].mount_point);
+ mount_point = basename(fsrec->mount_point);
}
if (dm.GetState(mount_point) == DmDeviceState::INVALID) {
@@ -1517,15 +1519,14 @@
continue;
}
- const char* status = nullptr;
+ const char* status;
std::vector<DeviceMapper::TargetInfo> table;
if (!dm.GetTableStatus(mount_point, &table) || table.empty() || table[0].data.empty()) {
- if (fstab->recs[i].fs_mgr_flags & MF_VERIFYATBOOT) {
- status = "V";
- } else {
- PERROR << "Failed to query DM_TABLE_STATUS for " << mount_point.c_str();
+ if (!fs_mgr_is_verifyatboot(fsrec)) {
+ PERROR << "Failed to query DM_TABLE_STATUS for " << mount_point;
continue;
}
+ status = "V";
} else {
status = table[0].data.c_str();
}
@@ -1535,7 +1536,7 @@
// instead of [partition.vroot.verified].
if (mount_point == "vroot") mount_point = "system";
if (*status == 'C' || *status == 'V') {
- callback(&fstab->recs[i], mount_point.c_str(), mode, *status);
+ callback(fsrec, mount_point.c_str(), mode, *status);
}
}
diff --git a/libcutils/include/private/android_filesystem_config.h b/libcutils/include/private/android_filesystem_config.h
index 3be8ad0..845c586 100644
--- a/libcutils/include/private/android_filesystem_config.h
+++ b/libcutils/include/private/android_filesystem_config.h
@@ -131,6 +131,7 @@
#define AID_SECURE_ELEMENT 1068 /* secure element subsystem */
#define AID_LMKD 1069 /* low memory killer daemon */
#define AID_LLKD 1070 /* live lock daemon */
+#define AID_IORAPD 1071 /* input/output readahead and pin daemon */
/* Changes to this file must be made in AOSP, *not* in internal branches. */
#define AID_SHELL 2000 /* adb and debug shell user */
diff --git a/llkd/include/llkd.h b/llkd/include/llkd.h
index c724fce..1e2df2f 100644
--- a/llkd/include/llkd.h
+++ b/llkd/include/llkd.h
@@ -57,7 +57,7 @@
#define LLK_BLACKLIST_UID_PROPERTY "ro.llk.blacklist.uid"
#define LLK_BLACKLIST_UID_DEFAULT ""
#define LLK_BLACKLIST_STACK_PROPERTY "ro.llk.blacklist.process.stack"
-#define LLK_BLACKLIST_STACK_DEFAULT "init,lmkd.llkd,llkd,keystore,/system/bin/keystore"
+#define LLK_BLACKLIST_STACK_DEFAULT "init,lmkd.llkd,llkd,keystore,/system/bin/keystore,ueventd"
/* clang-format on */
__END_DECLS