From ab3446dd3400652ecf50682d0e5c4184628e9930 Mon Sep 17 00:00:00 2001 From: Badhri Jagan Sridharan Date: Mon, 27 Oct 2014 18:26:17 -0700 Subject: [PATCH 01/15] adbd & fastbootd: Support for new f_fs descriptor format The patch "[RFC] usb: gadget: f_fs: Add flags to descriptors block" marks the current usb_functionfs_descs_head format deprecated and introduces support for sending SuperSpeed descriptors. This CL makes adbd to send Descriptors in the new format. Adbd would fall back to the old format, if kernel is not able to recognize the new format. This is done to prevent adbd from breaking in the older versions of the kernel. (cherry-pick of fad60336daa5a7adf82d8140cbddd1c735770e71.) Bug: 17394972 Change-Id: I05095ccdcc74bf6953cbef847d7583eab137e12e Signed-off-by: Badhri Jagan Sridharan --- adb/usb_linux_client.c | 215 ++++++++++++++++------------------- fastbootd/usb_linux_client.c | 167 ++++++++++++++++----------- 2 files changed, 202 insertions(+), 180 deletions(-) diff --git a/adb/usb_linux_client.c b/adb/usb_linux_client.c index 70d2ad01d..fd566f48e 100644 --- a/adb/usb_linux_client.c +++ b/adb/usb_linux_client.c @@ -56,119 +56,85 @@ struct usb_handle int bulk_in; /* "in" from the host's perspective => sink for adbd */ }; -static const struct { - __le32 magic; - __le32 length; - __le32 flags; - __le32 fs_count; - __le32 hs_count; - __le32 ss_count; - struct { - struct usb_interface_descriptor intf; - struct usb_endpoint_descriptor_no_audio source; - struct usb_endpoint_descriptor_no_audio sink; - } __attribute__((packed)) fs_descs, hs_descs; - struct { - struct usb_interface_descriptor intf; - struct usb_endpoint_descriptor_no_audio source; - struct usb_ss_ep_comp_descriptor source_comp; - struct usb_endpoint_descriptor_no_audio sink; - struct usb_ss_ep_comp_descriptor sink_comp; - } __attribute__((packed)) ss_descs; -} __attribute__((packed)) descriptors = { - .magic = cpu_to_le32(FUNCTIONFS_DESCRIPTORS_MAGIC_V2), - .length = cpu_to_le32(sizeof(descriptors)), - .flags = cpu_to_le32(FUNCTIONFS_HAS_FS_DESC | - FUNCTIONFS_HAS_HS_DESC | - FUNCTIONFS_HAS_SS_DESC), - .fs_count = 3, - .hs_count = 3, - .ss_count = 5, - .fs_descs = { - .intf = { - .bLength = sizeof(descriptors.fs_descs.intf), - .bDescriptorType = USB_DT_INTERFACE, - .bInterfaceNumber = 0, - .bNumEndpoints = 2, - .bInterfaceClass = ADB_CLASS, - .bInterfaceSubClass = ADB_SUBCLASS, - .bInterfaceProtocol = ADB_PROTOCOL, - .iInterface = 1, /* first string from the provided table */ - }, - .source = { - .bLength = sizeof(descriptors.fs_descs.source), - .bDescriptorType = USB_DT_ENDPOINT, - .bEndpointAddress = 1 | USB_DIR_OUT, - .bmAttributes = USB_ENDPOINT_XFER_BULK, - .wMaxPacketSize = MAX_PACKET_SIZE_FS, - }, - .sink = { - .bLength = sizeof(descriptors.fs_descs.sink), - .bDescriptorType = USB_DT_ENDPOINT, - .bEndpointAddress = 2 | USB_DIR_IN, - .bmAttributes = USB_ENDPOINT_XFER_BULK, - .wMaxPacketSize = MAX_PACKET_SIZE_FS, - }, +struct func_desc { + struct usb_interface_descriptor intf; + struct usb_endpoint_descriptor_no_audio source; + struct usb_endpoint_descriptor_no_audio sink; +} __attribute__((packed)); + +struct desc_v1 { + struct usb_functionfs_descs_head_v1 { + __le32 magic; + __le32 length; + __le32 fs_count; + __le32 hs_count; + } __attribute__((packed)) header; + struct func_desc fs_descs, hs_descs; +} __attribute__((packed)); + +struct desc_v2 { + struct usb_functionfs_descs_head_v2 { + __le32 magic; + __le32 length; + __le32 flags; + __le32 fs_count; + __le32 hs_count; + __le32 ss_count; + } __attribute__((packed)) header; + struct func_desc fs_descs, hs_descs; +} __attribute__((packed)); + +struct func_desc fs_descriptors = { + .intf = { + .bLength = sizeof(fs_descriptors.intf), + .bDescriptorType = USB_DT_INTERFACE, + .bInterfaceNumber = 0, + .bNumEndpoints = 2, + .bInterfaceClass = ADB_CLASS, + .bInterfaceSubClass = ADB_SUBCLASS, + .bInterfaceProtocol = ADB_PROTOCOL, + .iInterface = 1, /* first string from the provided table */ }, - .hs_descs = { - .intf = { - .bLength = sizeof(descriptors.hs_descs.intf), - .bDescriptorType = USB_DT_INTERFACE, - .bInterfaceNumber = 0, - .bNumEndpoints = 2, - .bInterfaceClass = ADB_CLASS, - .bInterfaceSubClass = ADB_SUBCLASS, - .bInterfaceProtocol = ADB_PROTOCOL, - .iInterface = 1, /* first string from the provided table */ - }, - .source = { - .bLength = sizeof(descriptors.hs_descs.source), - .bDescriptorType = USB_DT_ENDPOINT, - .bEndpointAddress = 1 | USB_DIR_OUT, - .bmAttributes = USB_ENDPOINT_XFER_BULK, - .wMaxPacketSize = MAX_PACKET_SIZE_HS, - }, - .sink = { - .bLength = sizeof(descriptors.hs_descs.sink), - .bDescriptorType = USB_DT_ENDPOINT, - .bEndpointAddress = 2 | USB_DIR_IN, - .bmAttributes = USB_ENDPOINT_XFER_BULK, - .wMaxPacketSize = MAX_PACKET_SIZE_HS, - }, + .source = { + .bLength = sizeof(fs_descriptors.source), + .bDescriptorType = USB_DT_ENDPOINT, + .bEndpointAddress = 1 | USB_DIR_OUT, + .bmAttributes = USB_ENDPOINT_XFER_BULK, + .wMaxPacketSize = MAX_PACKET_SIZE_FS, }, - .ss_descs = { - .intf = { - .bLength = sizeof(descriptors.ss_descs.intf), - .bDescriptorType = USB_DT_INTERFACE, - .bInterfaceNumber = 0, - .bNumEndpoints = 2, - .bInterfaceClass = ADB_CLASS, - .bInterfaceSubClass = ADB_SUBCLASS, - .bInterfaceProtocol = ADB_PROTOCOL, - .iInterface = 1, /* first string from the provided table */ - }, - .source = { - .bLength = sizeof(descriptors.ss_descs.source), - .bDescriptorType = USB_DT_ENDPOINT, - .bEndpointAddress = 1 | USB_DIR_OUT, - .bmAttributes = USB_ENDPOINT_XFER_BULK, - .wMaxPacketSize = MAX_PACKET_SIZE_SS, - }, - .source_comp = { - .bLength = sizeof(descriptors.ss_descs.source_comp), - .bDescriptorType = USB_DT_SS_ENDPOINT_COMP, - }, - .sink = { - .bLength = sizeof(descriptors.ss_descs.sink), - .bDescriptorType = USB_DT_ENDPOINT, - .bEndpointAddress = 2 | USB_DIR_IN, - .bmAttributes = USB_ENDPOINT_XFER_BULK, - .wMaxPacketSize = MAX_PACKET_SIZE_SS, - }, - .sink_comp = { - .bLength = sizeof(descriptors.ss_descs.sink_comp), - .bDescriptorType = USB_DT_SS_ENDPOINT_COMP, - }, + .sink = { + .bLength = sizeof(fs_descriptors.sink), + .bDescriptorType = USB_DT_ENDPOINT, + .bEndpointAddress = 2 | USB_DIR_IN, + .bmAttributes = USB_ENDPOINT_XFER_BULK, + .wMaxPacketSize = MAX_PACKET_SIZE_FS, + }, +}; + +struct func_desc hs_descriptors = { + .intf = { + .bLength = sizeof(hs_descriptors.intf), + .bDescriptorType = USB_DT_INTERFACE, + .bInterfaceNumber = 0, + .bNumEndpoints = 2, + .bInterfaceClass = ADB_CLASS, + .bInterfaceSubClass = ADB_SUBCLASS, + .bInterfaceProtocol = ADB_PROTOCOL, + .iInterface = 1, /* first string from the provided table */ + }, + .source = { + .bLength = sizeof(hs_descriptors.source), + .bDescriptorType = USB_DT_ENDPOINT, + .bEndpointAddress = 1 | USB_DIR_OUT, + .bmAttributes = USB_ENDPOINT_XFER_BULK, + .wMaxPacketSize = MAX_PACKET_SIZE_HS, + }, + .sink = { + .bLength = sizeof(hs_descriptors.sink), + .bDescriptorType = USB_DT_ENDPOINT, + .bEndpointAddress = 2 | USB_DIR_IN, + .bmAttributes = USB_ENDPOINT_XFER_BULK, + .wMaxPacketSize = MAX_PACKET_SIZE_HS, }, }; @@ -312,6 +278,17 @@ static void usb_adb_init() static void init_functionfs(struct usb_handle *h) { ssize_t ret; + struct desc_v1 v1_descriptor; + struct desc_v2 v2_descriptor; + + v2_descriptor.header.magic = cpu_to_le32(FUNCTIONFS_DESCRIPTORS_MAGIC_V2); + v2_descriptor.header.length = cpu_to_le32(sizeof(v2_descriptor)); + v2_descriptor.header.flags = FUNCTIONFS_HAS_FS_DESC | FUNCTIONFS_HAS_HS_DESC; + v2_descriptor.header.fs_count = 3; + v2_descriptor.header.hs_count = 3; + v2_descriptor.header.ss_count = 0; + v2_descriptor.fs_descs = fs_descriptors; + v2_descriptor.hs_descs = hs_descriptors; if (h->control < 0) { // might have already done this before D("OPENING %s\n", USB_FFS_ADB_EP0); @@ -321,10 +298,20 @@ static void init_functionfs(struct usb_handle *h) goto err; } - ret = adb_write(h->control, &descriptors, sizeof(descriptors)); + ret = adb_write(h->control, &v2_descriptor, sizeof(v2_descriptor)); if (ret < 0) { - D("[ %s: write descriptors failed: errno=%d ]\n", USB_FFS_ADB_EP0, errno); - goto err; + v1_descriptor.header.magic = cpu_to_le32(FUNCTIONFS_DESCRIPTORS_MAGIC); + v1_descriptor.header.length = cpu_to_le32(sizeof(v1_descriptor)); + v1_descriptor.header.fs_count = 3; + v1_descriptor.header.hs_count = 3; + v1_descriptor.fs_descs = fs_descriptors; + v1_descriptor.hs_descs = hs_descriptors; + D("[ %s: Switching to V1_descriptor format errno=%d ]\n", USB_FFS_ADB_EP0, errno); + ret = adb_write(h->control, &v1_descriptor, sizeof(v1_descriptor)); + if (ret < 0) { + D("[ %s: write descriptors failed: errno=%d ]\n", USB_FFS_ADB_EP0, errno); + goto err; + } } ret = adb_write(h->control, &strings, sizeof(strings)); diff --git a/fastbootd/usb_linux_client.c b/fastbootd/usb_linux_client.c index 64420e986..f21eaf535 100644 --- a/fastbootd/usb_linux_client.c +++ b/fastbootd/usb_linux_client.c @@ -69,71 +69,85 @@ struct usb_handle { struct transport_handle handle; }; -static const struct { - struct usb_functionfs_descs_head header; - struct { - struct usb_interface_descriptor intf; - struct usb_endpoint_descriptor_no_audio source; - struct usb_endpoint_descriptor_no_audio sink; - } __attribute__((packed)) fs_descs, hs_descs; -} __attribute__((packed)) descriptors = { - .header = { - .magic = cpu_to_le32(FUNCTIONFS_DESCRIPTORS_MAGIC), - .length = cpu_to_le32(sizeof(descriptors)), - .fs_count = 3, - .hs_count = 3, +struct func_desc { + struct usb_interface_descriptor intf; + struct usb_endpoint_descriptor_no_audio source; + struct usb_endpoint_descriptor_no_audio sink; +} __attribute__((packed)); + +struct desc_v1 { + struct usb_functionfs_descs_head_v1 { + __le32 magic; + __le32 length; + __le32 fs_count; + __le32 hs_count; + } __attribute__((packed)) header; + struct func_desc fs_descs, hs_descs; +} __attribute__((packed)); + +struct desc_v2 { + struct usb_functionfs_descs_head_v2 { + __le32 magic; + __le32 length; + __le32 flags; + __le32 fs_count; + __le32 hs_count; + __le32 ss_count; + } __attribute__((packed)) header; + struct func_desc fs_descs, hs_descs; +} __attribute__((packed)); + +struct func_desc fs_descriptors = { + .intf = { + .bLength = sizeof(fs_descriptors.intf), + .bDescriptorType = USB_DT_INTERFACE, + .bInterfaceNumber = 0, + .bNumEndpoints = 2, + .bInterfaceClass = ADB_CLASS, + .bInterfaceSubClass = ADB_SUBCLASS, + .bInterfaceProtocol = ADB_PROTOCOL, + .iInterface = 1, /* first string from the provided table */ }, - .fs_descs = { - .intf = { - .bLength = sizeof(descriptors.fs_descs.intf), - .bDescriptorType = USB_DT_INTERFACE, - .bInterfaceNumber = 0, - .bNumEndpoints = 2, - .bInterfaceClass = FASTBOOT_CLASS, - .bInterfaceSubClass = FASTBOOT_SUBCLASS, - .bInterfaceProtocol = FASTBOOT_PROTOCOL, - .iInterface = 1, /* first string from the provided table */ - }, - .source = { - .bLength = sizeof(descriptors.fs_descs.source), - .bDescriptorType = USB_DT_ENDPOINT, - .bEndpointAddress = 1 | USB_DIR_OUT, - .bmAttributes = USB_ENDPOINT_XFER_BULK, - .wMaxPacketSize = MAX_PACKET_SIZE_FS, - }, - .sink = { - .bLength = sizeof(descriptors.fs_descs.sink), - .bDescriptorType = USB_DT_ENDPOINT, - .bEndpointAddress = 2 | USB_DIR_IN, - .bmAttributes = USB_ENDPOINT_XFER_BULK, - .wMaxPacketSize = MAX_PACKET_SIZE_FS, - }, + .source = { + .bLength = sizeof(fs_descriptors.source), + .bDescriptorType = USB_DT_ENDPOINT, + .bEndpointAddress = 1 | USB_DIR_OUT, + .bmAttributes = USB_ENDPOINT_XFER_BULK, + .wMaxPacketSize = MAX_PACKET_SIZE_FS, }, - .hs_descs = { - .intf = { - .bLength = sizeof(descriptors.hs_descs.intf), - .bDescriptorType = USB_DT_INTERFACE, - .bInterfaceNumber = 0, - .bNumEndpoints = 2, - .bInterfaceClass = FASTBOOT_CLASS, - .bInterfaceSubClass = FASTBOOT_SUBCLASS, - .bInterfaceProtocol = FASTBOOT_PROTOCOL, - .iInterface = 1, /* first string from the provided table */ - }, - .source = { - .bLength = sizeof(descriptors.hs_descs.source), - .bDescriptorType = USB_DT_ENDPOINT, - .bEndpointAddress = 1 | USB_DIR_OUT, - .bmAttributes = USB_ENDPOINT_XFER_BULK, - .wMaxPacketSize = MAX_PACKET_SIZE_HS, - }, - .sink = { - .bLength = sizeof(descriptors.hs_descs.sink), - .bDescriptorType = USB_DT_ENDPOINT, - .bEndpointAddress = 2 | USB_DIR_IN, - .bmAttributes = USB_ENDPOINT_XFER_BULK, - .wMaxPacketSize = MAX_PACKET_SIZE_HS, - }, + .sink = { + .bLength = sizeof(fs_descriptors.sink), + .bDescriptorType = USB_DT_ENDPOINT, + .bEndpointAddress = 2 | USB_DIR_IN, + .bmAttributes = USB_ENDPOINT_XFER_BULK, + .wMaxPacketSize = MAX_PACKET_SIZE_FS, + }, +}; + +struct func_desc hs_descriptors = { + .intf = { + .bLength = sizeof(hs_descriptors.intf), + .bDescriptorType = USB_DT_INTERFACE, + .bInterfaceNumber = 0, + .bNumEndpoints = 2, + .bInterfaceClass = ADB_CLASS, + .bInterfaceSubClass = ADB_SUBCLASS, + .bInterfaceProtocol = ADB_PROTOCOL, + .iInterface = 1, /* first string from the provided table */ + }, + .source = { + .bLength = sizeof(hs_descriptors.source), + .bDescriptorType = USB_DT_ENDPOINT, + .bEndpointAddress = 1 | USB_DIR_OUT, + .bmAttributes = USB_ENDPOINT_XFER_BULK, + .wMaxPacketSize = MAX_PACKET_SIZE_HS, + }, + .sink = { + .bLength = sizeof(hs_descriptors.sink), + .bDescriptorType = USB_DT_ENDPOINT, + .bEndpointAddress = 2 | USB_DIR_IN, + .bmAttributes = USB_ENDPOINT_XFER_BULK, + .wMaxPacketSize = MAX_PACKET_SIZE_HS, }, }; @@ -161,6 +175,17 @@ static const struct { static int init_functionfs(struct usb_transport *usb_transport) { ssize_t ret; + struct desc_v1 v1_descriptor; + struct desc_v2 v2_descriptor; + + v2_descriptor.header.magic = cpu_to_le32(FUNCTIONFS_DESCRIPTORS_MAGIC_V2); + v2_descriptor.header.length = cpu_to_le32(sizeof(v2_descriptor)); + v2_descriptor.header.flags = FUNCTIONFS_HAS_FS_DESC | FUNCTIONFS_HAS_HS_DESC; + v2_descriptor.header.fs_count = 3; + v2_descriptor.header.hs_count = 3; + v2_descriptor.header.ss_count = 0; + v2_descriptor.fs_descs = fs_descriptors; + v2_descriptor.hs_descs = hs_descriptors; D(VERBOSE, "OPENING %s", USB_FFS_FASTBOOT_EP0); usb_transport->control = open(USB_FFS_FASTBOOT_EP0, O_RDWR); @@ -169,10 +194,20 @@ static int init_functionfs(struct usb_transport *usb_transport) goto err; } - ret = write(usb_transport->control, &descriptors, sizeof(descriptors)); + ret = write(usb_transport->control, &v2_descriptor, sizeof(v2_descriptor)); if (ret < 0) { - D(ERR, "[ %s: write descriptors failed: errno=%d ]", USB_FFS_FASTBOOT_EP0, errno); - goto err; + v1_descriptor.header.magic = cpu_to_le32(FUNCTIONFS_DESCRIPTORS_MAGIC); + v1_descriptor.header.length = cpu_to_le32(sizeof(v1_descriptor)); + v1_descriptor.header.fs_count = 3; + v1_descriptor.header.hs_count = 3; + v1_descriptor.fs_descs = fs_descriptors; + v1_descriptor.hs_descs = hs_descriptors; + D("[ %s: Switching to V1_descriptor format errno=%d ]\n", USB_FFS_FASTBOOT_EP0, errno); + ret = write(usb_transport->control, &v1_descriptor, sizeof(v1_descriptor)); + if (ret < 0) { + D(ERR, "[ %s: write descriptors failed: errno=%d ]", USB_FFS_FASTBOOT_EP0, errno); + goto err; + } } ret = write(usb_transport->control, &strings, sizeof(strings)); From e3c72fd51a4c25f49cf7154e1be89c33c4f8711b Mon Sep 17 00:00:00 2001 From: Badhri Jagan Sridharan Date: Thu, 30 Oct 2014 20:26:29 -0700 Subject: [PATCH 02/15] fastbootd: Use FASTBOOT constants instead of ADB constants (cherry-pick of ae17fb8f24c2d4dbb000c8943e2caa428fbf4c9b.) Change-Id: I4a67e7144b5c4a10e809821feb7f8c16540831cb --- fastbootd/usb_linux_client.c | 14 +++++++------- 1 file changed, 7 insertions(+), 7 deletions(-) diff --git a/fastbootd/usb_linux_client.c b/fastbootd/usb_linux_client.c index f21eaf535..2c678b92a 100644 --- a/fastbootd/usb_linux_client.c +++ b/fastbootd/usb_linux_client.c @@ -103,9 +103,9 @@ struct func_desc fs_descriptors = { .bDescriptorType = USB_DT_INTERFACE, .bInterfaceNumber = 0, .bNumEndpoints = 2, - .bInterfaceClass = ADB_CLASS, - .bInterfaceSubClass = ADB_SUBCLASS, - .bInterfaceProtocol = ADB_PROTOCOL, + .bInterfaceClass = FASTBOOT_CLASS, + .bInterfaceSubClass = FASTBOOT_SUBCLASS, + .bInterfaceProtocol = FASTBOOT_PROTOCOL, .iInterface = 1, /* first string from the provided table */ }, .source = { @@ -130,9 +130,9 @@ struct func_desc hs_descriptors = { .bDescriptorType = USB_DT_INTERFACE, .bInterfaceNumber = 0, .bNumEndpoints = 2, - .bInterfaceClass = ADB_CLASS, - .bInterfaceSubClass = ADB_SUBCLASS, - .bInterfaceProtocol = ADB_PROTOCOL, + .bInterfaceClass = FASTBOOT_CLASS, + .bInterfaceSubClass = FASTBOOT_SUBCLASS, + .bInterfaceProtocol = FASTBOOT_PROTOCOL, .iInterface = 1, /* first string from the provided table */ }, .source = { @@ -202,7 +202,7 @@ static int init_functionfs(struct usb_transport *usb_transport) v1_descriptor.header.hs_count = 3; v1_descriptor.fs_descs = fs_descriptors; v1_descriptor.hs_descs = hs_descriptors; - D("[ %s: Switching to V1_descriptor format errno=%d ]\n", USB_FFS_FASTBOOT_EP0, errno); + D(ERR, "[ %s: Switching to V1_descriptor format errno=%d ]\n", USB_FFS_FASTBOOT_EP0, errno); ret = write(usb_transport->control, &v1_descriptor, sizeof(v1_descriptor)); if (ret < 0) { D(ERR, "[ %s: write descriptors failed: errno=%d ]", USB_FFS_FASTBOOT_EP0, errno); From 34637555c25a6663658b1ff45e98272b10b449f4 Mon Sep 17 00:00:00 2001 From: Paul Lawrence Date: Mon, 27 Oct 2014 10:37:59 -0700 Subject: [PATCH 03/15] adb warns on remount when verity is enabled (cherry-pick of f643beced1d154726dca7115014d2d1fdfcca993.) Bug: 18119147 Change-Id: I75e5edf83fa01dbf2495e24df4597dce41f13654 --- adb/remount_service.c | 34 +++++++++++++++++++++++++++++++++- 1 file changed, 33 insertions(+), 1 deletion(-) diff --git a/adb/remount_service.c b/adb/remount_service.c index 72d15a1d1..36367a73f 100644 --- a/adb/remount_service.c +++ b/adb/remount_service.c @@ -14,6 +14,8 @@ * limitations under the License. */ +#include "sysdeps.h" + #include #include #include @@ -22,7 +24,7 @@ #include #include -#include "sysdeps.h" +#include "cutils/properties.h" #define TRACE_TAG TRACE_ADB #include "adb.h" @@ -115,6 +117,36 @@ static void write_string(int fd, const char* str) void remount_service(int fd, void *cookie) { char buffer[200]; + char prop_buf[PROPERTY_VALUE_MAX]; + + bool system_verified = false, vendor_verified = false; + property_get("partition.system.verified", prop_buf, "0"); + if (!strcmp(prop_buf, "1")) { + system_verified = true; + } + + property_get("partition.vendor.verified", prop_buf, "0"); + if (!strcmp(prop_buf, "1")) { + vendor_verified = true; + } + + if (system_verified || vendor_verified) { + // Allow remount but warn of likely bad effects + bool both = system_verified && vendor_verified; + snprintf(buffer, sizeof(buffer), + "dm_verity is enabled on the %s%s%s partition%s.\n", + system_verified ? "system" : "", + both ? " and " : "", + vendor_verified ? "vendor" : "", + both ? "s" : ""); + write_string(fd, buffer); + snprintf(buffer, sizeof(buffer), + "Use \"adb disable-verity\" to disable verity.\n" + "If you do not, remount may succeed, however, you will still " + "not be able to write to these volumes.\n"); + write_string(fd, buffer); + } + if (remount("/system", &system_ro)) { snprintf(buffer, sizeof(buffer), "remount of system failed: %s\n",strerror(errno)); write_string(fd, buffer); From ec900bba20630934dc51a1b3a57d6d7a30fed325 Mon Sep 17 00:00:00 2001 From: Paul Lawrence Date: Thu, 9 Oct 2014 14:22:49 +0000 Subject: [PATCH 04/15] Revert "Revert "Enable verity on userdebug, and add disable-verity to adb"" This reverts commit 152d2d4234ba89e0c20c4af13e291b6049a7bc33. Fixed build error, and also fixed memory leak spotted from warning. (cherry-pick of bbb36319119edde9377fb80015235893c30d2bc9.) Bug: 17691572 Change-Id: I23b5ba537f7b557432041d4338b38b9be434e981 --- adb/Android.mk | 16 ++- adb/adb.h | 1 + adb/commandline.c | 6 +- adb/disable_verity_service.c | 199 +++++++++++++++++++++++++++++++++++ adb/services.c | 2 + fs_mgr/Android.mk | 4 + fs_mgr/fs_mgr.c | 26 +++-- fs_mgr/fs_mgr_fstab.c | 5 + fs_mgr/fs_mgr_priv_verity.h | 5 +- fs_mgr/fs_mgr_verity.c | 68 ++++++++---- fs_mgr/include/fs_mgr.h | 8 ++ 11 files changed, 307 insertions(+), 33 deletions(-) create mode 100644 adb/disable_verity_service.c diff --git a/adb/Android.mk b/adb/Android.mk index 7136afb78..99a7ce61d 100644 --- a/adb/Android.mk +++ b/adb/Android.mk @@ -110,6 +110,7 @@ LOCAL_SRC_FILES := \ jdwp_service.c \ framebuffer_service.c \ remount_service.c \ + disable_verity_service.c \ usb_linux_client.c LOCAL_CFLAGS := \ @@ -124,14 +125,27 @@ ifneq (,$(filter userdebug eng,$(TARGET_BUILD_VARIANT))) LOCAL_CFLAGS += -DALLOW_ADBD_ROOT=1 endif +ifneq (,$(filter userdebug,$(TARGET_BUILD_VARIANT))) +LOCAL_CFLAGS += -DALLOW_ADBD_DISABLE_VERITY=1 +endif + LOCAL_MODULE := adbd LOCAL_FORCE_STATIC_EXECUTABLE := true LOCAL_MODULE_PATH := $(TARGET_ROOT_OUT_SBIN) LOCAL_UNSTRIPPED_PATH := $(TARGET_ROOT_OUT_SBIN_UNSTRIPPED) +LOCAL_C_INCLUDES += system/extras/ext4_utils system/core/fs_mgr/include + +LOCAL_STATIC_LIBRARIES := liblog \ + libfs_mgr \ + libcutils \ + libc \ + libmincrypt \ + libselinux \ + libext4_utils_static -LOCAL_STATIC_LIBRARIES := liblog libcutils libc libmincrypt libselinux LOCAL_ADDITIONAL_DEPENDENCIES := $(LOCAL_PATH)/Android.mk + include $(BUILD_EXECUTABLE) diff --git a/adb/adb.h b/adb/adb.h index 89a233f86..044760e24 100644 --- a/adb/adb.h +++ b/adb/adb.h @@ -329,6 +329,7 @@ int handle_forward_request(const char* service, transport_type ttype, char* seri #if !ADB_HOST void framebuffer_service(int fd, void *cookie); void remount_service(int fd, void *cookie); +void disable_verity_service(int fd, void* cookie); #endif /* packet allocator */ diff --git a/adb/commandline.c b/adb/commandline.c index aa97eb45a..21945d9eb 100644 --- a/adb/commandline.c +++ b/adb/commandline.c @@ -193,6 +193,7 @@ void help() " adb keygen - generate adb public/private key. The private key is stored in ,\n" " and the public key is stored in .pub. Any existing files\n" " are overwritten.\n" + " adb disable-verity - disable dm-verity checking on USERDEBUG builds\n" " adb help - show this help message\n" " adb version - show version num\n" "\n" @@ -209,8 +210,7 @@ void help() " adb reboot-bootloader - reboots the device into the bootloader\n" " adb root - restarts the adbd daemon with root permissions\n" " adb usb - restarts the adbd daemon listening on USB\n" - " adb tcpip - restarts the adbd daemon listening on TCP on the specified port" - "\n" + " adb tcpip - restarts the adbd daemon listening on TCP on the specified port\n" "networking:\n" " adb ppp [parameters] - Run PPP over USB.\n" " Note: you should not automatically start a PPP connection.\n" @@ -1446,7 +1446,7 @@ top: if(!strcmp(argv[0], "remount") || !strcmp(argv[0], "reboot") || !strcmp(argv[0], "reboot-bootloader") || !strcmp(argv[0], "tcpip") || !strcmp(argv[0], "usb") - || !strcmp(argv[0], "root")) { + || !strcmp(argv[0], "root") || !strcmp(argv[0], "disable-verity")) { char command[100]; if (!strcmp(argv[0], "reboot-bootloader")) snprintf(command, sizeof(command), "reboot:bootloader"); diff --git a/adb/disable_verity_service.c b/adb/disable_verity_service.c new file mode 100644 index 000000000..ed3da5210 --- /dev/null +++ b/adb/disable_verity_service.c @@ -0,0 +1,199 @@ +/* + * Copyright (C) 2014 The Android Open Source Project + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +#include "sysdeps.h" + +#define TRACE_TAG TRACE_ADB +#include "adb.h" + +#include +#include +#include +#include +#include + +#include "cutils/properties.h" +#include "ext4_sb.h" +#include + +#define FSTAB_PREFIX "/fstab." +struct fstab *fstab; + +__attribute__((__format__(printf, 2, 3))) __nonnull((2)) +static void write_console(int fd, const char* format, ...) +{ + char buffer[256]; + va_list args; + va_start (args, format); + vsnprintf (buffer, sizeof(buffer), format, args); + va_end (args); + + adb_write(fd, buffer, strnlen(buffer, sizeof(buffer))); +} + +static int get_target_device_size(int fd, const char *blk_device, + uint64_t *device_size) +{ + int data_device; + struct ext4_super_block sb; + struct fs_info info; + + info.len = 0; /* Only len is set to 0 to ask the device for real size. */ + + data_device = adb_open(blk_device, O_RDONLY | O_CLOEXEC); + if (data_device < 0) { + write_console(fd, "Error opening block device (%s)\n", strerror(errno)); + return -1; + } + + if (lseek64(data_device, 1024, SEEK_SET) < 0) { + write_console(fd, "Error seeking to superblock\n"); + adb_close(data_device); + return -1; + } + + if (adb_read(data_device, &sb, sizeof(sb)) != sizeof(sb)) { + write_console(fd, "Error reading superblock\n"); + adb_close(data_device); + return -1; + } + + ext4_parse_sb(&sb, &info); + *device_size = info.len; + + adb_close(data_device); + return 0; +} + +static int disable_verity(int fd, const char *block_device, + const char* mount_point) +{ + uint32_t magic_number; + const uint32_t voff = VERITY_METADATA_MAGIC_DISABLE; + uint64_t device_length; + int device; + int retval = -1; + + device = adb_open(block_device, O_RDWR | O_CLOEXEC); + if (device == -1) { + write_console(fd, "Could not open block device %s (%s).\n", + block_device, strerror(errno)); + write_console(fd, "Maybe run adb remount?\n"); + goto errout; + } + + // find the start of the verity metadata + if (get_target_device_size(fd, (char*)block_device, &device_length) < 0) { + write_console(fd, "Could not get target device size.\n"); + goto errout; + } + + if (lseek64(device, device_length, SEEK_SET) < 0) { + write_console(fd, + "Could not seek to start of verity metadata block.\n"); + goto errout; + } + + // check the magic number + if (adb_read(device, &magic_number, sizeof(magic_number)) + != sizeof(magic_number)) { + write_console(fd, "Couldn't read magic number!\n"); + goto errout; + } + + if (magic_number == VERITY_METADATA_MAGIC_DISABLE) { + write_console(fd, "Verity already disabled on %s\n", mount_point); + goto errout; + } + + if (magic_number != VERITY_METADATA_MAGIC_NUMBER) { + write_console(fd, + "Couldn't find verity metadata at offset %"PRIu64"!\n", + device_length); + goto errout; + } + + if (lseek64(device, device_length, SEEK_SET) < 0) { + write_console(fd, + "Could not seek to start of verity metadata block.\n"); + goto errout; + } + + if (adb_write(device, &voff, sizeof(voff)) != sizeof(voff)) { + write_console(fd, "Could not set verity disabled flag on device %s\n", + block_device); + goto errout; + } + + write_console(fd, "Verity disabled on %s\n", mount_point); + retval = 0; +errout: + if (device != -1) + adb_close(device); + return retval; +} + +void disable_verity_service(int fd, void* cookie) +{ +#ifdef ALLOW_ADBD_DISABLE_VERITY + char fstab_filename[PROPERTY_VALUE_MAX + sizeof(FSTAB_PREFIX)]; + char propbuf[PROPERTY_VALUE_MAX]; + int i; + bool any_disabled = false; + + property_get("ro.secure", propbuf, "0"); + if (strcmp(propbuf, "1")) { + write_console(fd, "verity not enabled - ENG build\n"); + goto errout; + } + + property_get("ro.debuggable", propbuf, "0"); + if (strcmp(propbuf, "1")) { + write_console(fd, "verity cannot be disabled - USER build\n"); + goto errout; + } + + property_get("ro.hardware", propbuf, ""); + snprintf(fstab_filename, sizeof(fstab_filename), FSTAB_PREFIX"%s", propbuf); + + fstab = fs_mgr_read_fstab(fstab_filename); + if (!fstab) { + write_console(fd, "Failed to open %s\nMaybe run adb root?\n", + fstab_filename); + goto errout; + } + + /* Loop through entries looking for ones that vold manages */ + for (i = 0; i < fstab->num_entries; i++) { + if(fs_mgr_is_verified(&fstab->recs[i])) { + if (!disable_verity(fd, fstab->recs[i].blk_device, + fstab->recs[i].mount_point)) { + any_disabled = true; + } + } + } + + if (any_disabled) { + write_console(fd, + "Now reboot your device for settings to take effect\n"); + } +#else + write_console(fd, "disable-verity only works for userdebug builds\n"); +#endif + +errout: + adb_close(fd); +} diff --git a/adb/services.c b/adb/services.c index 300807a63..1aeb37655 100644 --- a/adb/services.c +++ b/adb/services.c @@ -471,6 +471,8 @@ int service_to_fd(const char *name) free(cookie); } } + } else if(!strncmp(name, "disable-verity:", 15)) { + ret = create_service_thread(disable_verity_service, NULL); #endif } if (ret >= 0) { diff --git a/fs_mgr/Android.mk b/fs_mgr/Android.mk index 7cffc37a5..61bf1ee6a 100644 --- a/fs_mgr/Android.mk +++ b/fs_mgr/Android.mk @@ -13,6 +13,10 @@ LOCAL_C_INCLUDES += system/extras/ext4_utils LOCAL_EXPORT_C_INCLUDE_DIRS := $(LOCAL_PATH)/include LOCAL_CFLAGS := -Werror +ifneq (,$(filter userdebug,$(TARGET_BUILD_VARIANT))) +LOCAL_CFLAGS += -DALLOW_ADBD_DISABLE_VERITY=1 +endif + include $(BUILD_STATIC_LIBRARY) diff --git a/fs_mgr/fs_mgr.c b/fs_mgr/fs_mgr.c index 91e6c3326..40878c1f6 100644 --- a/fs_mgr/fs_mgr.c +++ b/fs_mgr/fs_mgr.c @@ -245,6 +245,16 @@ static int device_is_debuggable() { return strcmp(value, "1") ? 0 : 1; } +static int device_is_secure() { + int ret = -1; + char value[PROP_VALUE_MAX]; + ret = __system_property_get("ro.secure", value); + /* If error, we want to fail secure */ + if (ret < 0) + return 1; + return strcmp(value, "0") ? 1 : 0; +} + /* * Tries to mount any of the consecutive fstab entries that match * the mountpoint of the one given by fstab->recs[start_idx]. @@ -350,9 +360,11 @@ int fs_mgr_mount_all(struct fstab *fstab) wait_for_file(fstab->recs[i].blk_device, WAIT_TIMEOUT); } - if ((fstab->recs[i].fs_mgr_flags & MF_VERIFY) && - !device_is_debuggable()) { - if (fs_mgr_setup_verity(&fstab->recs[i]) < 0) { + if ((fstab->recs[i].fs_mgr_flags & MF_VERIFY) && device_is_secure()) { + int rc = fs_mgr_setup_verity(&fstab->recs[i]); + if (device_is_debuggable() && rc == FS_MGR_SETUP_VERITY_DISABLED) { + INFO("Verity disabled"); + } else if (rc != FS_MGR_SETUP_VERITY_SUCCESS) { ERROR("Could not set up verified partition, skipping!\n"); continue; } @@ -467,9 +479,11 @@ int fs_mgr_do_mount(struct fstab *fstab, char *n_name, char *n_blk_device, fstab->recs[i].mount_point); } - if ((fstab->recs[i].fs_mgr_flags & MF_VERIFY) && - !device_is_debuggable()) { - if (fs_mgr_setup_verity(&fstab->recs[i]) < 0) { + if ((fstab->recs[i].fs_mgr_flags & MF_VERIFY) && device_is_secure()) { + int rc = fs_mgr_setup_verity(&fstab->recs[i]); + if (device_is_debuggable() && rc == FS_MGR_SETUP_VERITY_DISABLED) { + INFO("Verity disabled"); + } else if (rc != FS_MGR_SETUP_VERITY_SUCCESS) { ERROR("Could not set up verified partition, skipping!\n"); continue; } diff --git a/fs_mgr/fs_mgr_fstab.c b/fs_mgr/fs_mgr_fstab.c index 3f841792c..ab8f128ce 100644 --- a/fs_mgr/fs_mgr_fstab.c +++ b/fs_mgr/fs_mgr_fstab.c @@ -418,6 +418,11 @@ int fs_mgr_is_nonremovable(struct fstab_rec *fstab) return fstab->fs_mgr_flags & MF_NONREMOVABLE; } +int fs_mgr_is_verified(struct fstab_rec *fstab) +{ + return fstab->fs_mgr_flags & MF_VERIFY; +} + int fs_mgr_is_encryptable(struct fstab_rec *fstab) { return fstab->fs_mgr_flags & (MF_CRYPT | MF_FORCECRYPT); diff --git a/fs_mgr/fs_mgr_priv_verity.h b/fs_mgr/fs_mgr_priv_verity.h index 61937849a..f90e59683 100644 --- a/fs_mgr/fs_mgr_priv_verity.h +++ b/fs_mgr/fs_mgr_priv_verity.h @@ -14,4 +14,7 @@ * limitations under the License. */ -int fs_mgr_setup_verity(struct fstab_rec *fstab); \ No newline at end of file +#define FS_MGR_SETUP_VERITY_DISABLED -2 +#define FS_MGR_SETUP_VERITY_FAIL -1 +#define FS_MGR_SETUP_VERITY_SUCCESS 0 +int fs_mgr_setup_verity(struct fstab_rec *fstab); diff --git a/fs_mgr/fs_mgr_verity.c b/fs_mgr/fs_mgr_verity.c index 01f784456..39f96a7a2 100644 --- a/fs_mgr/fs_mgr_verity.c +++ b/fs_mgr/fs_mgr_verity.c @@ -43,7 +43,6 @@ #include "fs_mgr_priv_verity.h" #define VERITY_METADATA_SIZE 32768 -#define VERITY_METADATA_MAGIC_NUMBER 0xb001b001 #define VERITY_TABLE_RSA_KEY "/verity_key" extern struct fs_info info; @@ -157,7 +156,9 @@ static int read_verity_metadata(char *block_device, char **signature, char **tab uint64_t device_length; int protocol_version; FILE *device; - int retval = -1; + int retval = FS_MGR_SETUP_VERITY_FAIL; + *signature = 0; + *table = 0; device = fopen(block_device, "r"); if (!device) { @@ -180,8 +181,18 @@ static int read_verity_metadata(char *block_device, char **signature, char **tab ERROR("Couldn't read magic number!\n"); goto out; } + +#ifdef ALLOW_ADBD_DISABLE_VERITY + if (magic_number == VERITY_METADATA_MAGIC_DISABLE) { + retval = FS_MGR_SETUP_VERITY_DISABLED; + INFO("Attempt to cleanly disable verity - only works in USERDEBUG"); + goto out; + } +#endif + if (magic_number != VERITY_METADATA_MAGIC_NUMBER) { - ERROR("Couldn't find verity metadata at offset %"PRIu64"!\n", device_length); + ERROR("Couldn't find verity metadata at offset %"PRIu64"!\n", + device_length); goto out; } @@ -203,14 +214,12 @@ static int read_verity_metadata(char *block_device, char **signature, char **tab } if (!fread(*signature, RSANUMBYTES, 1, device)) { ERROR("Couldn't read signature from verity metadata!\n"); - free(*signature); goto out; } // get the size of the table if (!fread(&table_length, sizeof(int), 1, device)) { ERROR("Couldn't get the size of the verity table from metadata!\n"); - free(*signature); goto out; } @@ -223,16 +232,22 @@ static int read_verity_metadata(char *block_device, char **signature, char **tab } if (!fgets(*table, table_length, device)) { ERROR("Couldn't read the verity table from metadata!\n"); - free(*table); - free(*signature); goto out; } - retval = 0; + retval = FS_MGR_SETUP_VERITY_SUCCESS; out: if (device) fclose(device); + + if (retval != FS_MGR_SETUP_VERITY_SUCCESS) { + free(*table); + free(*signature); + *table = 0; + *signature = 0; + } + return retval; } @@ -360,10 +375,11 @@ static int set_verified_property(char *name) { int fs_mgr_setup_verity(struct fstab_rec *fstab) { int retval = -1; + int fd = -1; - char *verity_blk_name; - char *verity_table; - char *verity_table_signature; + char *verity_blk_name = 0; + char *verity_table = 0; + char *verity_table_signature = 0; char buffer[DM_BUF_SIZE]; struct dm_ioctl *io = (struct dm_ioctl *) buffer; @@ -380,11 +396,19 @@ int fs_mgr_setup_verity(struct fstab_rec *fstab) { return retval; } + // read the verity block at the end of the block device + // send error code up the chain so we can detect attempts to disable verity + retval = read_verity_metadata(fstab->blk_device, + &verity_table_signature, + &verity_table); + if (retval < 0) { + goto out; + } + // get the device mapper fd - int fd; if ((fd = open("/dev/device-mapper", O_RDWR)) < 0) { ERROR("Error opening device mapper (%s)", strerror(errno)); - return retval; + goto out;; } // create the device @@ -399,14 +423,6 @@ int fs_mgr_setup_verity(struct fstab_rec *fstab) { goto out; } - verity_table = verity_table_signature = NULL; - // read the verity block at the end of the block device - if (read_verity_metadata(fstab->blk_device, - &verity_table_signature, - &verity_table) < 0) { - goto out; - } - // verify the signature on the table if (verify_table(verity_table_signature, verity_table, @@ -427,6 +443,7 @@ int fs_mgr_setup_verity(struct fstab_rec *fstab) { // assign the new verity block device as the block device free(fstab->blk_device); fstab->blk_device = verity_blk_name; + verity_blk_name = 0; // make sure we've set everything up properly if (test_access(fstab->blk_device) < 0) { @@ -437,6 +454,13 @@ int fs_mgr_setup_verity(struct fstab_rec *fstab) { retval = set_verified_property(mount_point); out: - close(fd); + if (fd != -1) { + close(fd); + } + + free (verity_table); + free (verity_table_signature); + free (verity_blk_name); + return retval; } diff --git a/fs_mgr/include/fs_mgr.h b/fs_mgr/include/fs_mgr.h index 0c7eb20d2..5e2ff416a 100644 --- a/fs_mgr/include/fs_mgr.h +++ b/fs_mgr/include/fs_mgr.h @@ -20,6 +20,13 @@ #include #include +// Magic number at start of verity metadata +#define VERITY_METADATA_MAGIC_NUMBER 0xb001b001 + +// Replacement magic number at start of verity metadata to cleanly +// turn verity off in userdebug builds. +#define VERITY_METADATA_MAGIC_DISABLE 0x46464f56 // "VOFF" + #ifdef __cplusplus extern "C" { #endif @@ -74,6 +81,7 @@ int fs_mgr_add_entry(struct fstab *fstab, struct fstab_rec *fs_mgr_get_entry_for_mount_point(struct fstab *fstab, const char *path); int fs_mgr_is_voldmanaged(struct fstab_rec *fstab); int fs_mgr_is_nonremovable(struct fstab_rec *fstab); +int fs_mgr_is_verified(struct fstab_rec *fstab); int fs_mgr_is_encryptable(struct fstab_rec *fstab); int fs_mgr_is_noemulatedsd(struct fstab_rec *fstab); int fs_mgr_swapon_all(struct fstab *fstab); From 982089d83879c768eac3fd36f19665463a550b53 Mon Sep 17 00:00:00 2001 From: Paul Lawrence Date: Wed, 3 Dec 2014 15:31:57 -0800 Subject: [PATCH 05/15] Add adb enable-verity Note that it is *easy* to break your phone with this feature. It is not a bug that reenabling verity after changing one byte of the system partition stops the device booting. (cherry-pick of 7c442e1700e6312727283db402dec6f666f1b55a.) Bug: 18529433 Change-Id: I632e91281884471a362960f1ba30312d2669b8ff --- adb/Android.mk | 2 +- adb/adb.h | 4 +- adb/commandline.c | 6 +- adb/remount_service.c | 67 ++++++++++++++++--- adb/services.c | 4 +- ...ce.c => set_verity_enable_state_service.c} | 52 +++++++++----- 6 files changed, 104 insertions(+), 31 deletions(-) rename adb/{disable_verity_service.c => set_verity_enable_state_service.c} (73%) diff --git a/adb/Android.mk b/adb/Android.mk index 99a7ce61d..8ebcbf0d2 100644 --- a/adb/Android.mk +++ b/adb/Android.mk @@ -110,7 +110,7 @@ LOCAL_SRC_FILES := \ jdwp_service.c \ framebuffer_service.c \ remount_service.c \ - disable_verity_service.c \ + set_verity_enable_state_service.c \ usb_linux_client.c LOCAL_CFLAGS := \ diff --git a/adb/adb.h b/adb/adb.h index 044760e24..35d8a4d10 100644 --- a/adb/adb.h +++ b/adb/adb.h @@ -328,8 +328,10 @@ int handle_forward_request(const char* service, transport_type ttype, char* seri #if !ADB_HOST void framebuffer_service(int fd, void *cookie); +// Allow enable-verity to write to system and vendor block devices +int make_system_and_vendor_block_devices_writable(); void remount_service(int fd, void *cookie); -void disable_verity_service(int fd, void* cookie); +void set_verity_enabled_state_service(int fd, void* cookie); #endif /* packet allocator */ diff --git a/adb/commandline.c b/adb/commandline.c index 21945d9eb..49f1b9585 100644 --- a/adb/commandline.c +++ b/adb/commandline.c @@ -190,10 +190,11 @@ void help() "\n" " adb restore - restore device contents from the backup archive\n" "\n" + " adb disable-verity - disable dm-verity checking on USERDEBUG builds\n" + " adb enable-verity - re-enable dm-verity checking on USERDEBUG builds\n" " adb keygen - generate adb public/private key. The private key is stored in ,\n" " and the public key is stored in .pub. Any existing files\n" " are overwritten.\n" - " adb disable-verity - disable dm-verity checking on USERDEBUG builds\n" " adb help - show this help message\n" " adb version - show version num\n" "\n" @@ -1446,7 +1447,8 @@ top: if(!strcmp(argv[0], "remount") || !strcmp(argv[0], "reboot") || !strcmp(argv[0], "reboot-bootloader") || !strcmp(argv[0], "tcpip") || !strcmp(argv[0], "usb") - || !strcmp(argv[0], "root") || !strcmp(argv[0], "disable-verity")) { + || !strcmp(argv[0], "root") || !strcmp(argv[0], "disable-verity") + || !strcmp(argv[0], "enable-verity")) { char command[100]; if (!strcmp(argv[0], "reboot-bootloader")) snprintf(command, sizeof(command), "reboot:bootloader"); diff --git a/adb/remount_service.c b/adb/remount_service.c index 36367a73f..05d31691e 100644 --- a/adb/remount_service.c +++ b/adb/remount_service.c @@ -79,29 +79,57 @@ static int hasVendorPartition() return false; } +static int make_block_device_writable(const char* dir) +{ + char *dev = 0; + int fd = -1; + int OFF = 0; + int rc = -1; + + dev = find_mount(dir); + if (!dev) + goto errout; + + fd = unix_open(dev, O_RDONLY | O_CLOEXEC); + if (fd < 0) + goto errout; + + if (ioctl(fd, BLKROSET, &OFF)) { + goto errout; + } + + rc = 0; + +errout: + if (fd >= 0) { + adb_close(fd); + } + + if (dev) { + free(dev); + } + return rc; +} + /* Init mounts /system as read only, remount to enable writes. */ static int remount(const char* dir, int* dir_ro) { char *dev; - int fd; int OFF = 0; if (dir_ro == 0) { return 0; } + if (make_block_device_writable(dir)) { + return -1; + } + dev = find_mount(dir); if (!dev) return -1; - fd = unix_open(dev, O_RDONLY | O_CLOEXEC); - if (fd < 0) - return -1; - - ioctl(fd, BLKROSET, &OFF); - adb_close(fd); - *dir_ro = mount(dev, dir, "none", MS_REMOUNT, NULL); free(dev); @@ -114,6 +142,28 @@ static void write_string(int fd, const char* str) writex(fd, str, strlen(str)); } +int make_system_and_vendor_block_devices_writable(int fd) +{ + char buffer[200]; + if (make_block_device_writable("/system")) { + snprintf(buffer, sizeof(buffer), + "Failed to make system block device writable %s\n", + strerror(errno)); + write_string(fd, buffer); + return -1; + } + + if (hasVendorPartition() && make_block_device_writable("/vendor")) { + snprintf(buffer, sizeof(buffer), + "Failed to make vendor block device writable: %s\n", + strerror(errno)); + write_string(fd, buffer); + return -1; + } + + return 0; +} + void remount_service(int fd, void *cookie) { char buffer[200]; @@ -167,4 +217,3 @@ void remount_service(int fd, void *cookie) adb_close(fd); } - diff --git a/adb/services.c b/adb/services.c index 1aeb37655..d5a464277 100644 --- a/adb/services.c +++ b/adb/services.c @@ -472,7 +472,9 @@ int service_to_fd(const char *name) } } } else if(!strncmp(name, "disable-verity:", 15)) { - ret = create_service_thread(disable_verity_service, NULL); + ret = create_service_thread(set_verity_enabled_state_service, (void*)0); + } else if(!strncmp(name, "enable-verity:", 15)) { + ret = create_service_thread(set_verity_enabled_state_service, (void*)1); #endif } if (ret >= 0) { diff --git a/adb/disable_verity_service.c b/adb/set_verity_enable_state_service.c similarity index 73% rename from adb/disable_verity_service.c rename to adb/set_verity_enable_state_service.c index ed3da5210..6692ab757 100644 --- a/adb/disable_verity_service.c +++ b/adb/set_verity_enable_state_service.c @@ -78,11 +78,13 @@ static int get_target_device_size(int fd, const char *blk_device, return 0; } -static int disable_verity(int fd, const char *block_device, - const char* mount_point) +/* Turn verity on/off */ +static int set_verity_enabled_state(int fd, const char *block_device, + const char* mount_point, bool enable) { uint32_t magic_number; - const uint32_t voff = VERITY_METADATA_MAGIC_DISABLE; + const uint32_t new_magic = enable ? VERITY_METADATA_MAGIC_NUMBER + : VERITY_METADATA_MAGIC_DISABLE; uint64_t device_length; int device; int retval = -1; @@ -114,12 +116,18 @@ static int disable_verity(int fd, const char *block_device, goto errout; } - if (magic_number == VERITY_METADATA_MAGIC_DISABLE) { + if (!enable && magic_number == VERITY_METADATA_MAGIC_DISABLE) { write_console(fd, "Verity already disabled on %s\n", mount_point); goto errout; } - if (magic_number != VERITY_METADATA_MAGIC_NUMBER) { + if (enable && magic_number == VERITY_METADATA_MAGIC_NUMBER) { + write_console(fd, "Verity already enabled on %s\n", mount_point); + goto errout; + } + + if (magic_number != VERITY_METADATA_MAGIC_NUMBER + && magic_number != VERITY_METADATA_MAGIC_DISABLE) { write_console(fd, "Couldn't find verity metadata at offset %"PRIu64"!\n", device_length); @@ -132,13 +140,17 @@ static int disable_verity(int fd, const char *block_device, goto errout; } - if (adb_write(device, &voff, sizeof(voff)) != sizeof(voff)) { - write_console(fd, "Could not set verity disabled flag on device %s\n", - block_device); + if (adb_write(device, &new_magic, sizeof(new_magic)) != sizeof(new_magic)) { + write_console(fd, "Could not set verity %s flag on device %s with error %s\n", + enable ? "enabled" : "disabled", + block_device, + strerror(errno)); goto errout; } - write_console(fd, "Verity disabled on %s\n", mount_point); + write_console(fd, "Verity %s on %s\n", + enable ? "enabled" : "disabled", + mount_point); retval = 0; errout: if (device != -1) @@ -146,13 +158,14 @@ errout: return retval; } -void disable_verity_service(int fd, void* cookie) +void set_verity_enabled_state_service(int fd, void* cookie) { + bool enable = (cookie != NULL); #ifdef ALLOW_ADBD_DISABLE_VERITY char fstab_filename[PROPERTY_VALUE_MAX + sizeof(FSTAB_PREFIX)]; char propbuf[PROPERTY_VALUE_MAX]; int i; - bool any_disabled = false; + bool any_changed = false; property_get("ro.secure", propbuf, "0"); if (strcmp(propbuf, "1")) { @@ -162,7 +175,7 @@ void disable_verity_service(int fd, void* cookie) property_get("ro.debuggable", propbuf, "0"); if (strcmp(propbuf, "1")) { - write_console(fd, "verity cannot be disabled - USER build\n"); + write_console(fd, "verity cannot be disabled/enabled - USER build\n"); goto errout; } @@ -176,22 +189,27 @@ void disable_verity_service(int fd, void* cookie) goto errout; } + if (enable && make_system_and_vendor_block_devices_writable(fd)) { + goto errout; + } + /* Loop through entries looking for ones that vold manages */ for (i = 0; i < fstab->num_entries; i++) { if(fs_mgr_is_verified(&fstab->recs[i])) { - if (!disable_verity(fd, fstab->recs[i].blk_device, - fstab->recs[i].mount_point)) { - any_disabled = true; + if (!set_verity_enabled_state(fd, fstab->recs[i].blk_device, + fstab->recs[i].mount_point, enable)) { + any_changed = true; } } } - if (any_disabled) { + if (any_changed) { write_console(fd, "Now reboot your device for settings to take effect\n"); } #else - write_console(fd, "disable-verity only works for userdebug builds\n"); + write_console(fd, "%s-verity only works for userdebug builds\n", + disabling ? "disable" : "enable"); #endif errout: From 1d931bca26331c82777a1a75579a2d7405d5c49b Mon Sep 17 00:00:00 2001 From: Paul Lawrence Date: Thu, 4 Dec 2014 14:54:18 -0800 Subject: [PATCH 06/15] Fix build (cherry-pick of 731136ca36bb7af1490856373d463e3a6c4df1c8.) Change-Id: I9b493fd5fc5c5f62f02bc5234ccca2a5118380b4 --- adb/set_verity_enable_state_service.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/adb/set_verity_enable_state_service.c b/adb/set_verity_enable_state_service.c index 6692ab757..1e22149b2 100644 --- a/adb/set_verity_enable_state_service.c +++ b/adb/set_verity_enable_state_service.c @@ -209,7 +209,7 @@ void set_verity_enabled_state_service(int fd, void* cookie) } #else write_console(fd, "%s-verity only works for userdebug builds\n", - disabling ? "disable" : "enable"); + enable ? "enable" : "disable"); #endif errout: From c8514c886e2103d1c4f3f74d5a94472396615b3b Mon Sep 17 00:00:00 2001 From: Riley Andrews Date: Fri, 5 Dec 2014 17:32:46 -0800 Subject: [PATCH 07/15] Refactor the host adb argument parsing loop to remove a goto Change-Id: I3412ac473abc4efa51a6275658e65f7191b5439d --- adb/commandline.c | 171 +++++++++++++++++++--------------------------- 1 file changed, 70 insertions(+), 101 deletions(-) diff --git a/adb/commandline.c b/adb/commandline.c index 49f1b9585..425ef7d5d 100644 --- a/adb/commandline.c +++ b/adb/commandline.c @@ -1266,13 +1266,44 @@ int adb_commandline(int argc, char **argv) return r; } -top: if(argc == 0) { return usage(); } - /* adb_connect() commands */ + /* handle wait-for-* prefix */ + if (!strncmp(argv[0], "wait-for-", strlen("wait-for-"))) { + char* service = argv[0]; + if (!strncmp(service, "wait-for-device", strlen("wait-for-device"))) { + if (ttype == kTransportUsb) { + service = "wait-for-usb"; + } else if (ttype == kTransportLocal) { + service = "wait-for-local"; + } else { + service = "wait-for-any"; + } + } + format_host_command(buf, sizeof buf, service, ttype, serial); + + if (adb_command(buf)) { + D("failure: %s *\n",adb_error()); + fprintf(stderr,"error: %s\n", adb_error()); + return 1; + } + + /* Allow a command to be run after wait-for-device, + * e.g. 'adb wait-for-device shell'. + */ + if (argc == 1) { + return 0; + } + + /* Fall through */ + argc--; + argv++; + } + + /* adb_connect() commands */ if(!strcmp(argv[0], "devices")) { char *tmp; char *listopt; @@ -1294,8 +1325,7 @@ top: return 1; } } - - if(!strcmp(argv[0], "connect")) { + else if (!strcmp(argv[0], "connect")) { char *tmp; if (argc != 2) { fprintf(stderr, "Usage: adb connect [:]\n"); @@ -1310,8 +1340,7 @@ top: return 1; } } - - if(!strcmp(argv[0], "disconnect")) { + else if (!strcmp(argv[0], "disconnect")) { char *tmp; if (argc > 2) { fprintf(stderr, "Usage: adb disconnect [[:]]\n"); @@ -1330,12 +1359,10 @@ top: return 1; } } - - if (!strcmp(argv[0], "emu")) { + else if (!strcmp(argv[0], "emu")) { return adb_send_emulator_command(argc, argv); } - - if(!strcmp(argv[0], "shell") || !strcmp(argv[0], "hell")) { + else if (!strcmp(argv[0], "shell") || !strcmp(argv[0], "hell")) { int r; int fd; @@ -1394,8 +1421,7 @@ top: } } } - - if (!strcmp(argv[0], "exec-in") || !strcmp(argv[0], "exec-out")) { + else if (!strcmp(argv[0], "exec-in") || !strcmp(argv[0], "exec-out")) { int exec_in = !strcmp(argv[0], "exec-in"); int fd; @@ -1424,8 +1450,7 @@ top: adb_close(fd); return 0; } - - if(!strcmp(argv[0], "kill-server")) { + else if (!strcmp(argv[0], "kill-server")) { int fd; fd = _adb_connect("host:kill"); if(fd == -1) { @@ -1434,21 +1459,22 @@ top: } return 0; } - - if(!strcmp(argv[0], "sideload")) { - if(argc != 2) return usage(); + else if (!strcmp(argv[0], "sideload")) { + if (argc != 2) return usage(); if (adb_sideload_host(argv[1])) { return 1; } else { return 0; } } - - if(!strcmp(argv[0], "remount") || !strcmp(argv[0], "reboot") - || !strcmp(argv[0], "reboot-bootloader") - || !strcmp(argv[0], "tcpip") || !strcmp(argv[0], "usb") - || !strcmp(argv[0], "root") || !strcmp(argv[0], "disable-verity") - || !strcmp(argv[0], "enable-verity")) { + else if (!strcmp(argv[0], "remount") || + !strcmp(argv[0], "reboot") || + !strcmp(argv[0], "reboot-bootloader") || + !strcmp(argv[0], "tcpip") || + !strcmp(argv[0], "usb") || + !strcmp(argv[0], "root") || + !strcmp(argv[0], "disable-verity") || + !strcmp(argv[0], "enable-verity")) { char command[100]; if (!strcmp(argv[0], "reboot-bootloader")) snprintf(command, sizeof(command), "reboot:bootloader"); @@ -1465,49 +1491,13 @@ top: fprintf(stderr,"error: %s\n", adb_error()); return 1; } - - if(!strcmp(argv[0], "bugreport")) { + else if (!strcmp(argv[0], "bugreport")) { if (argc != 1) return usage(); do_cmd(ttype, serial, "shell", "bugreport", 0); return 0; } - /* adb_command() wrapper commands */ - - if(!strncmp(argv[0], "wait-for-", strlen("wait-for-"))) { - char* service = argv[0]; - if (!strncmp(service, "wait-for-device", strlen("wait-for-device"))) { - if (ttype == kTransportUsb) { - service = "wait-for-usb"; - } else if (ttype == kTransportLocal) { - service = "wait-for-local"; - } else { - service = "wait-for-any"; - } - } - - format_host_command(buf, sizeof buf, service, ttype, serial); - - if (adb_command(buf)) { - D("failure: %s *\n",adb_error()); - fprintf(stderr,"error: %s\n", adb_error()); - return 1; - } - - /* Allow a command to be run after wait-for-device, - * e.g. 'adb wait-for-device shell'. - */ - if(argc > 1) { - argc--; - argv++; - goto top; - } - return 0; - } - - if(!strcmp(argv[0], "forward") || - !strcmp(argv[0], "reverse")) - { + else if (!strcmp(argv[0], "forward") || !strcmp(argv[0], "reverse")) { char host_prefix[64]; char reverse = (char) !strcmp(argv[0], "reverse"); char remove = 0; @@ -1598,15 +1588,12 @@ top: } return 0; } - /* do_sync_*() commands */ - - if(!strcmp(argv[0], "ls")) { - if(argc != 2) return usage(); + else if (!strcmp(argv[0], "ls")) { + if (argc != 2) return usage(); return do_sync_ls(argv[1]); } - - if(!strcmp(argv[0], "push")) { + else if (!strcmp(argv[0], "push")) { int show_progress = 0; int copy_attrs = 0; // unused const char* lpath = NULL, *rpath = NULL; @@ -1619,8 +1606,7 @@ top: return usage(); } - - if(!strcmp(argv[0], "pull")) { + else if (!strcmp(argv[0], "pull")) { int show_progress = 0; int copy_attrs = 0; const char* rpath = NULL, *lpath = "."; @@ -1633,23 +1619,19 @@ top: return usage(); } - - if (!strcmp(argv[0], "install")) { + else if (!strcmp(argv[0], "install")) { if (argc < 2) return usage(); return install_app(ttype, serial, argc, argv); } - - if (!strcmp(argv[0], "install-multiple")) { + else if (!strcmp(argv[0], "install-multiple")) { if (argc < 2) return usage(); return install_multiple_app(ttype, serial, argc, argv); } - - if (!strcmp(argv[0], "uninstall")) { + else if (!strcmp(argv[0], "uninstall")) { if (argc < 2) return usage(); return uninstall_app(ttype, serial, argc, argv); } - - if(!strcmp(argv[0], "sync")) { + else if (!strcmp(argv[0], "sync")) { char *srcarg, *android_srcpath, *data_srcpath, *vendor_srcpath; int listonly = 0; @@ -1685,10 +1667,8 @@ top: free(data_srcpath); return ret; } - /* passthrough commands */ - - if(!strcmp(argv[0],"get-state") || + else if (!strcmp(argv[0],"get-state") || !strcmp(argv[0],"get-serialno") || !strcmp(argv[0],"get-devpath")) { @@ -1703,40 +1683,31 @@ top: return 1; } } - /* other commands */ - - if(!strcmp(argv[0],"status-window")) { + else if (!strcmp(argv[0],"status-window")) { status_window(ttype, serial); return 0; } - - if(!strcmp(argv[0],"logcat") || !strcmp(argv[0],"lolcat") || !strcmp(argv[0],"longcat")) { + else if (!strcmp(argv[0],"logcat") || !strcmp(argv[0],"lolcat") || !strcmp(argv[0],"longcat")) { return logcat(ttype, serial, argc, argv); } - - if(!strcmp(argv[0],"ppp")) { + else if (!strcmp(argv[0],"ppp")) { return ppp(argc, argv); } - - if (!strcmp(argv[0], "start-server")) { + else if (!strcmp(argv[0], "start-server")) { return adb_connect("host:start-server"); } - - if (!strcmp(argv[0], "backup")) { + else if (!strcmp(argv[0], "backup")) { return backup(argc, argv); } - - if (!strcmp(argv[0], "restore")) { + else if (!strcmp(argv[0], "restore")) { return restore(argc, argv); } - - if (!strcmp(argv[0], "keygen")) { + else if (!strcmp(argv[0], "keygen")) { if (argc < 2) return usage(); return adb_auth_keygen(argv[1]); } - - if (!strcmp(argv[0], "jdwp")) { + else if (!strcmp(argv[0], "jdwp")) { int fd = adb_connect("jdwp"); if (fd >= 0) { read_and_dump(fd); @@ -1747,14 +1718,12 @@ top: return -1; } } - /* "adb /?" is a common idiom under Windows */ - if(!strcmp(argv[0], "help") || !strcmp(argv[0], "/?")) { + else if (!strcmp(argv[0], "help") || !strcmp(argv[0], "/?")) { help(); return 0; } - - if(!strcmp(argv[0], "version")) { + else if (!strcmp(argv[0], "version")) { version(stdout); return 0; } From 98f58e83c0f2a282c70706f9cc3c25edc7a2e756 Mon Sep 17 00:00:00 2001 From: Riley Andrews Date: Fri, 5 Dec 2014 17:37:24 -0800 Subject: [PATCH 08/15] Fix some style issues in adb_commandline(). Change-Id: I8ed7899e7e137405594b3f3cbb0a87eae411dfc9 --- adb/commandline.c | 54 +++++++++++++++++++++++------------------------ 1 file changed, 27 insertions(+), 27 deletions(-) diff --git a/adb/commandline.c b/adb/commandline.c index 425ef7d5d..f34578797 100644 --- a/adb/commandline.c +++ b/adb/commandline.c @@ -1168,17 +1168,17 @@ int adb_commandline(int argc, char **argv) } /* modifiers and flags */ - while(argc > 0) { - if(!strcmp(argv[0],"server")) { + while (argc > 0) { + if (!strcmp(argv[0],"server")) { is_server = 1; - } else if(!strcmp(argv[0],"nodaemon")) { + } else if (!strcmp(argv[0],"nodaemon")) { no_daemon = 1; } else if (!strcmp(argv[0], "fork-server")) { /* this is a special flag used only when the ADB client launches the ADB Server */ is_daemon = 1; - } else if(!strcmp(argv[0],"persist")) { + } else if (!strcmp(argv[0],"persist")) { persist = 1; - } else if(!strncmp(argv[0], "-p", 2)) { + } else if (!strncmp(argv[0], "-p", 2)) { const char *product = NULL; if (argv[0][2] == '\0') { if (argc < 2) return usage(); @@ -1198,7 +1198,7 @@ int adb_commandline(int argc, char **argv) if (isdigit(argv[0][2])) { serial = argv[0] + 2; } else { - if(argc < 2 || argv[0][2] != '\0') return usage(); + if (argc < 2 || argv[0][2] != '\0') return usage(); serial = argv[1]; argc--; argv++; @@ -1209,7 +1209,7 @@ int adb_commandline(int argc, char **argv) ttype = kTransportLocal; } else if (!strcmp(argv[0],"-a")) { gListenAll = 1; - } else if(!strncmp(argv[0], "-H", 2)) { + } else if (!strncmp(argv[0], "-H", 2)) { const char *hostname = NULL; if (argv[0][2] == '\0') { if (argc < 2) return usage(); @@ -1221,7 +1221,7 @@ int adb_commandline(int argc, char **argv) } adb_set_tcp_name(hostname); - } else if(!strncmp(argv[0], "-P", 2)) { + } else if (!strncmp(argv[0], "-P", 2)) { if (argv[0][2] == '\0') { if (argc < 2) return usage(); server_port_str = argv[1]; @@ -1260,13 +1260,13 @@ int adb_commandline(int argc, char **argv) } else { r = launch_server(server_port); } - if(r) { + if (r) { fprintf(stderr,"* could not start server *\n"); } return r; } - if(argc == 0) { + if (argc == 0) { return usage(); } @@ -1304,7 +1304,7 @@ int adb_commandline(int argc, char **argv) } /* adb_connect() commands */ - if(!strcmp(argv[0], "devices")) { + if (!strcmp(argv[0], "devices")) { char *tmp; char *listopt; if (argc < 2) @@ -1317,7 +1317,7 @@ int adb_commandline(int argc, char **argv) } snprintf(buf, sizeof buf, "host:%s%s", argv[0], listopt); tmp = adb_query(buf); - if(tmp) { + if (tmp) { printf("List of devices attached \n"); printf("%s\n", tmp); return 0; @@ -1333,7 +1333,7 @@ int adb_commandline(int argc, char **argv) } snprintf(buf, sizeof buf, "host:connect:%s", argv[1]); tmp = adb_query(buf); - if(tmp) { + if (tmp) { printf("%s\n", tmp); return 0; } else { @@ -1352,7 +1352,7 @@ int adb_commandline(int argc, char **argv) snprintf(buf, sizeof buf, "host:disconnect:"); } tmp = adb_query(buf); - if(tmp) { + if (tmp) { printf("%s\n", tmp); return 0; } else { @@ -1373,7 +1373,7 @@ int adb_commandline(int argc, char **argv) fflush(stdout); } - if(argc < 2) { + if (argc < 2) { D("starting interactive shell\n"); r = interactive_shell(); if (h) { @@ -1396,7 +1396,7 @@ int adb_commandline(int argc, char **argv) for(;;) { D("interactive shell loop. buff=%s\n", buf); fd = adb_connect(buf); - if(fd >= 0) { + if (fd >= 0) { D("about to read_and_dump(fd=%d)\n", fd); read_and_dump(fd); D("read_and_dump() done.\n"); @@ -1407,7 +1407,7 @@ int adb_commandline(int argc, char **argv) r = -1; } - if(persist) { + if (persist) { fprintf(stderr,"\n- waiting for device -\n"); adb_sleep_ms(1000); do_cmd(ttype, serial, "wait-for-device", 0); @@ -1453,7 +1453,7 @@ int adb_commandline(int argc, char **argv) else if (!strcmp(argv[0], "kill-server")) { int fd; fd = _adb_connect("host:kill"); - if(fd == -1) { + if (fd == -1) { fprintf(stderr,"* server not running *\n"); return 1; } @@ -1483,7 +1483,7 @@ int adb_commandline(int argc, char **argv) else snprintf(command, sizeof(command), "%s:", argv[0]); int fd = adb_connect(command); - if(fd >= 0) { + if (fd >= 0) { read_and_dump(fd); adb_close(fd); return 0; @@ -1582,7 +1582,7 @@ int adb_commandline(int argc, char **argv) snprintf(buf, sizeof buf, "%s:%s:%s;%s", host_prefix, command, argv[1], argv[2]); } - if(adb_command(buf)) { + if (adb_command(buf)) { fprintf(stderr,"error: %s\n", adb_error()); return 1; } @@ -1636,7 +1636,7 @@ int adb_commandline(int argc, char **argv) int listonly = 0; int ret; - if(argc < 2) { + if (argc < 2) { /* No local path was specified. */ srcarg = NULL; } else if (argc >= 2 && strcmp(argv[1], "-l") == 0) { @@ -1646,20 +1646,20 @@ int adb_commandline(int argc, char **argv) } else { srcarg = NULL; } - } else if(argc == 2) { + } else if (argc == 2) { /* A local path or "android"/"data" arg was specified. */ srcarg = argv[1]; } else { return usage(); } ret = find_sync_dirs(srcarg, &android_srcpath, &data_srcpath, &vendor_srcpath); - if(ret != 0) return usage(); + if (ret != 0) return usage(); - if(android_srcpath != NULL) + if (android_srcpath != NULL) ret = do_sync_sync(android_srcpath, "/system", listonly); - if(ret == 0 && vendor_srcpath != NULL) + if (ret == 0 && vendor_srcpath != NULL) ret = do_sync_sync(vendor_srcpath, "/vendor", listonly); - if(ret == 0 && data_srcpath != NULL) + if (ret == 0 && data_srcpath != NULL) ret = do_sync_sync(data_srcpath, "/data", listonly); free(android_srcpath); @@ -1676,7 +1676,7 @@ int adb_commandline(int argc, char **argv) format_host_command(buf, sizeof buf, argv[0], ttype, serial); tmp = adb_query(buf); - if(tmp) { + if (tmp) { printf("%s\n", tmp); return 0; } else { From 59f64ec31ffa4ca75f39006c1ce30acf71d71407 Mon Sep 17 00:00:00 2001 From: Nick Kralevich Date: Wed, 10 Dec 2014 02:02:32 +0000 Subject: [PATCH 09/15] Revert "Move property_context label handling to libselinux." Emulator fails to boot. This reverts commit 98069027bd90d2139d54affa1367dcd3317a1c11. Bug: 18692152 Change-Id: If362e1311bc3f07e033ba81190c05608ada7c361 --- init/init.c | 20 ++++++++++++++++++++ 1 file changed, 20 insertions(+) diff --git a/init/init.c b/init/init.c index 7ddab80ae..2b829379e 100644 --- a/init/init.c +++ b/init/init.c @@ -858,6 +858,26 @@ static int bootchart_init_action(int nargs, char **args) } #endif +static const struct selinux_opt seopts_prop[] = { + { SELABEL_OPT_PATH, "/property_contexts" }, + { SELABEL_OPT_PATH, "/data/security/current/property_contexts" }, + { 0, NULL } +}; + +struct selabel_handle* selinux_android_prop_context_handle(void) +{ + int policy_index = selinux_android_use_data_policy() ? 1 : 0; + struct selabel_handle* sehandle = selabel_open(SELABEL_CTX_ANDROID_PROP, + &seopts_prop[policy_index], 1); + if (!sehandle) { + ERROR("SELinux: Could not load property_contexts: %s\n", + strerror(errno)); + return NULL; + } + INFO("SELinux: Loaded property contexts from %s\n", seopts_prop[policy_index].value); + return sehandle; +} + void selinux_init_all_handles(void) { sehandle = selinux_android_file_context_handle(); From 02c698d93f627e92795234eb8a78fad585a2f191 Mon Sep 17 00:00:00 2001 From: Sami Tolvanen Date: Fri, 24 Oct 2014 15:41:59 -0700 Subject: [PATCH 10/15] Fix verity on system partitions larger than 2G If the system partition is larger than 2G, the device fails to read verity metadata, because fseek accepts only a 32-bit signed offset. Switch from fseek to lseek64 to allow seeking using a 64-bit offset, which solves the problem. At the same time, move away from stdio in the function. (cherry-pick of 4cafe2ff89b49329e0e880900195d8e061bd3750.) Bug: 17705619 Change-Id: I226320498dcb750ec6cde84411c7fe0774c9cab7 --- fs_mgr/fs_mgr_verity.c | 48 +++++++++++++++++++++++------------------- 1 file changed, 26 insertions(+), 22 deletions(-) diff --git a/fs_mgr/fs_mgr_verity.c b/fs_mgr/fs_mgr_verity.c index 39f96a7a2..5899758e9 100644 --- a/fs_mgr/fs_mgr_verity.c +++ b/fs_mgr/fs_mgr_verity.c @@ -124,28 +124,28 @@ static int get_target_device_size(char *blk_device, uint64_t *device_size) info.len = 0; /* Only len is set to 0 to ask the device for real size. */ - data_device = open(blk_device, O_RDONLY); - if (data_device < 0) { + data_device = TEMP_FAILURE_RETRY(open(blk_device, O_RDONLY | O_CLOEXEC)); + if (data_device == -1) { ERROR("Error opening block device (%s)", strerror(errno)); return -1; } - if (lseek64(data_device, 1024, SEEK_SET) < 0) { + if (TEMP_FAILURE_RETRY(lseek64(data_device, 1024, SEEK_SET)) < 0) { ERROR("Error seeking to superblock"); - close(data_device); + TEMP_FAILURE_RETRY(close(data_device)); return -1; } - if (read(data_device, &sb, sizeof(sb)) != sizeof(sb)) { + if (TEMP_FAILURE_RETRY(read(data_device, &sb, sizeof(sb))) != sizeof(sb)) { ERROR("Error reading superblock"); - close(data_device); + TEMP_FAILURE_RETRY(close(data_device)); return -1; } ext4_parse_sb(&sb, &info); *device_size = info.len; - close(data_device); + TEMP_FAILURE_RETRY(close(data_device)); return 0; } @@ -155,13 +155,13 @@ static int read_verity_metadata(char *block_device, char **signature, char **tab unsigned table_length; uint64_t device_length; int protocol_version; - FILE *device; + int device; int retval = FS_MGR_SETUP_VERITY_FAIL; *signature = 0; *table = 0; - device = fopen(block_device, "r"); - if (!device) { + device = TEMP_FAILURE_RETRY(open(block_device, O_RDONLY | O_CLOEXEC)); + if (device == -1) { ERROR("Could not open block device %s (%s).\n", block_device, strerror(errno)); goto out; } @@ -171,13 +171,14 @@ static int read_verity_metadata(char *block_device, char **signature, char **tab ERROR("Could not get target device size.\n"); goto out; } - if (fseek(device, device_length, SEEK_SET) < 0) { + if (TEMP_FAILURE_RETRY(lseek64(device, device_length, SEEK_SET)) < 0) { ERROR("Could not seek to start of verity metadata block.\n"); goto out; } // check the magic number - if (!fread(&magic_number, sizeof(int), 1, device)) { + if (TEMP_FAILURE_RETRY(read(device, &magic_number, sizeof(magic_number))) != + sizeof(magic_number)) { ERROR("Couldn't read magic number!\n"); goto out; } @@ -197,7 +198,8 @@ static int read_verity_metadata(char *block_device, char **signature, char **tab } // check the protocol version - if (!fread(&protocol_version, sizeof(int), 1, device)) { + if (TEMP_FAILURE_RETRY(read(device, &protocol_version, + sizeof(protocol_version))) != sizeof(protocol_version)) { ERROR("Couldn't read verity metadata protocol version!\n"); goto out; } @@ -207,39 +209,41 @@ static int read_verity_metadata(char *block_device, char **signature, char **tab } // get the signature - *signature = (char*) malloc(RSANUMBYTES * sizeof(char)); + *signature = (char*) malloc(RSANUMBYTES); if (!*signature) { ERROR("Couldn't allocate memory for signature!\n"); goto out; } - if (!fread(*signature, RSANUMBYTES, 1, device)) { + if (TEMP_FAILURE_RETRY(read(device, *signature, RSANUMBYTES)) != RSANUMBYTES) { ERROR("Couldn't read signature from verity metadata!\n"); goto out; } // get the size of the table - if (!fread(&table_length, sizeof(int), 1, device)) { + if (TEMP_FAILURE_RETRY(read(device, &table_length, sizeof(table_length))) != + sizeof(table_length)) { ERROR("Couldn't get the size of the verity table from metadata!\n"); goto out; } // get the table + null terminator - table_length += 1; - *table = malloc(table_length); - if(!*table) { + *table = malloc(table_length + 1); + if (!*table) { ERROR("Couldn't allocate memory for verity table!\n"); goto out; } - if (!fgets(*table, table_length, device)) { + if (TEMP_FAILURE_RETRY(read(device, *table, table_length)) != + (ssize_t)table_length) { ERROR("Couldn't read the verity table from metadata!\n"); goto out; } + (*table)[table_length] = 0; retval = FS_MGR_SETUP_VERITY_SUCCESS; out: - if (device) - fclose(device); + if (device != -1) + TEMP_FAILURE_RETRY(close(device)); if (retval != FS_MGR_SETUP_VERITY_SUCCESS) { free(*table); From 2f38122a0f77db4e002abfcb313ddfc06fa5fba2 Mon Sep 17 00:00:00 2001 From: Elliott Hughes Date: Tue, 9 Dec 2014 19:35:21 -0800 Subject: [PATCH 11/15] Remove dead file. Change-Id: I70a37679a624f2ea2c2d6e1610ad8999c09e5262 --- adb/disable_verity_service.c | 199 ----------------------------------- 1 file changed, 199 deletions(-) delete mode 100644 adb/disable_verity_service.c diff --git a/adb/disable_verity_service.c b/adb/disable_verity_service.c deleted file mode 100644 index ed3da5210..000000000 --- a/adb/disable_verity_service.c +++ /dev/null @@ -1,199 +0,0 @@ -/* - * Copyright (C) 2014 The Android Open Source Project - * - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ - -#include "sysdeps.h" - -#define TRACE_TAG TRACE_ADB -#include "adb.h" - -#include -#include -#include -#include -#include - -#include "cutils/properties.h" -#include "ext4_sb.h" -#include - -#define FSTAB_PREFIX "/fstab." -struct fstab *fstab; - -__attribute__((__format__(printf, 2, 3))) __nonnull((2)) -static void write_console(int fd, const char* format, ...) -{ - char buffer[256]; - va_list args; - va_start (args, format); - vsnprintf (buffer, sizeof(buffer), format, args); - va_end (args); - - adb_write(fd, buffer, strnlen(buffer, sizeof(buffer))); -} - -static int get_target_device_size(int fd, const char *blk_device, - uint64_t *device_size) -{ - int data_device; - struct ext4_super_block sb; - struct fs_info info; - - info.len = 0; /* Only len is set to 0 to ask the device for real size. */ - - data_device = adb_open(blk_device, O_RDONLY | O_CLOEXEC); - if (data_device < 0) { - write_console(fd, "Error opening block device (%s)\n", strerror(errno)); - return -1; - } - - if (lseek64(data_device, 1024, SEEK_SET) < 0) { - write_console(fd, "Error seeking to superblock\n"); - adb_close(data_device); - return -1; - } - - if (adb_read(data_device, &sb, sizeof(sb)) != sizeof(sb)) { - write_console(fd, "Error reading superblock\n"); - adb_close(data_device); - return -1; - } - - ext4_parse_sb(&sb, &info); - *device_size = info.len; - - adb_close(data_device); - return 0; -} - -static int disable_verity(int fd, const char *block_device, - const char* mount_point) -{ - uint32_t magic_number; - const uint32_t voff = VERITY_METADATA_MAGIC_DISABLE; - uint64_t device_length; - int device; - int retval = -1; - - device = adb_open(block_device, O_RDWR | O_CLOEXEC); - if (device == -1) { - write_console(fd, "Could not open block device %s (%s).\n", - block_device, strerror(errno)); - write_console(fd, "Maybe run adb remount?\n"); - goto errout; - } - - // find the start of the verity metadata - if (get_target_device_size(fd, (char*)block_device, &device_length) < 0) { - write_console(fd, "Could not get target device size.\n"); - goto errout; - } - - if (lseek64(device, device_length, SEEK_SET) < 0) { - write_console(fd, - "Could not seek to start of verity metadata block.\n"); - goto errout; - } - - // check the magic number - if (adb_read(device, &magic_number, sizeof(magic_number)) - != sizeof(magic_number)) { - write_console(fd, "Couldn't read magic number!\n"); - goto errout; - } - - if (magic_number == VERITY_METADATA_MAGIC_DISABLE) { - write_console(fd, "Verity already disabled on %s\n", mount_point); - goto errout; - } - - if (magic_number != VERITY_METADATA_MAGIC_NUMBER) { - write_console(fd, - "Couldn't find verity metadata at offset %"PRIu64"!\n", - device_length); - goto errout; - } - - if (lseek64(device, device_length, SEEK_SET) < 0) { - write_console(fd, - "Could not seek to start of verity metadata block.\n"); - goto errout; - } - - if (adb_write(device, &voff, sizeof(voff)) != sizeof(voff)) { - write_console(fd, "Could not set verity disabled flag on device %s\n", - block_device); - goto errout; - } - - write_console(fd, "Verity disabled on %s\n", mount_point); - retval = 0; -errout: - if (device != -1) - adb_close(device); - return retval; -} - -void disable_verity_service(int fd, void* cookie) -{ -#ifdef ALLOW_ADBD_DISABLE_VERITY - char fstab_filename[PROPERTY_VALUE_MAX + sizeof(FSTAB_PREFIX)]; - char propbuf[PROPERTY_VALUE_MAX]; - int i; - bool any_disabled = false; - - property_get("ro.secure", propbuf, "0"); - if (strcmp(propbuf, "1")) { - write_console(fd, "verity not enabled - ENG build\n"); - goto errout; - } - - property_get("ro.debuggable", propbuf, "0"); - if (strcmp(propbuf, "1")) { - write_console(fd, "verity cannot be disabled - USER build\n"); - goto errout; - } - - property_get("ro.hardware", propbuf, ""); - snprintf(fstab_filename, sizeof(fstab_filename), FSTAB_PREFIX"%s", propbuf); - - fstab = fs_mgr_read_fstab(fstab_filename); - if (!fstab) { - write_console(fd, "Failed to open %s\nMaybe run adb root?\n", - fstab_filename); - goto errout; - } - - /* Loop through entries looking for ones that vold manages */ - for (i = 0; i < fstab->num_entries; i++) { - if(fs_mgr_is_verified(&fstab->recs[i])) { - if (!disable_verity(fd, fstab->recs[i].blk_device, - fstab->recs[i].mount_point)) { - any_disabled = true; - } - } - } - - if (any_disabled) { - write_console(fd, - "Now reboot your device for settings to take effect\n"); - } -#else - write_console(fd, "disable-verity only works for userdebug builds\n"); -#endif - -errout: - adb_close(fd); -} From 88a12fb381875639e5c381b333bcfeaf83b1efbf Mon Sep 17 00:00:00 2001 From: Paul Lawrence Date: Thu, 9 Oct 2014 09:37:00 -0700 Subject: [PATCH 12/15] Fix Nick's nits (cherry-pick of 97e487311b1cb780dfd3b0994917c72047d6188f.) Change-Id: Ide7925e7ad328f0343d444d63ff72f1a26206d4c --- fs_mgr/fs_mgr_verity.c | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/fs_mgr/fs_mgr_verity.c b/fs_mgr/fs_mgr_verity.c index 5899758e9..ef7cf6e7d 100644 --- a/fs_mgr/fs_mgr_verity.c +++ b/fs_mgr/fs_mgr_verity.c @@ -412,7 +412,7 @@ int fs_mgr_setup_verity(struct fstab_rec *fstab) { // get the device mapper fd if ((fd = open("/dev/device-mapper", O_RDWR)) < 0) { ERROR("Error opening device mapper (%s)", strerror(errno)); - goto out;; + goto out; } // create the device @@ -462,9 +462,9 @@ out: close(fd); } - free (verity_table); - free (verity_table_signature); - free (verity_blk_name); + free(verity_table); + free(verity_table_signature); + free(verity_blk_name); return retval; } From 71a968602d566691a4647435e65494c272953426 Mon Sep 17 00:00:00 2001 From: Yabin Cui Date: Tue, 9 Dec 2014 22:17:30 -0800 Subject: [PATCH 13/15] kill libunz Bug: 18571533 Change-Id: I4214f9236f80629152d969a6ee9fce489079cefa --- fastboot/Android.mk | 1 - 1 file changed, 1 deletion(-) diff --git a/fastboot/Android.mk b/fastboot/Android.mk index f03bbea56..aa5b14a36 100644 --- a/fastboot/Android.mk +++ b/fastboot/Android.mk @@ -53,7 +53,6 @@ endif LOCAL_STATIC_LIBRARIES := \ $(EXTRA_STATIC_LIBS) \ libzipfile \ - libunz \ libext4_utils_host \ libsparse_host \ libz From 052fc0a225e5e866d4c20a8d5baecbc3dd4a62eb Mon Sep 17 00:00:00 2001 From: Dmitriy Ivanov Date: Tue, 9 Dec 2014 16:25:46 -0800 Subject: [PATCH 14/15] Print ASCII near register for all archs Bug: 17880617 Change-Id: I6870e8ac670c08e45d8efb64479976a38edfdc93 --- debuggerd/utility.cpp | 8 -------- 1 file changed, 8 deletions(-) diff --git a/debuggerd/utility.cpp b/debuggerd/utility.cpp index 2baf9de19..e10feff39 100644 --- a/debuggerd/utility.cpp +++ b/debuggerd/utility.cpp @@ -131,12 +131,6 @@ int wait_for_sigstop(pid_t tid, int* total_sleep_time_usec, bool* detach_failed) return -1; } -#if defined (__mips__) -#define DUMP_MEMORY_AS_ASCII 1 -#else -#define DUMP_MEMORY_AS_ASCII 0 -#endif - void dump_memory(log_t* log, pid_t tid, uintptr_t addr) { char code_buffer[64]; char ascii_buffer[32]; @@ -183,7 +177,6 @@ void dump_memory(log_t* log, pid_t tid, uintptr_t addr) { static_cast(data)); } -#if DUMP_MEMORY_AS_ASCII for (size_t j = 0; j < sizeof(long); j++) { /* * Our isprint() allows high-ASCII characters that display @@ -197,7 +190,6 @@ void dump_memory(log_t* log, pid_t tid, uintptr_t addr) { *asc_out++ = '.'; } } -#endif p += sizeof(long); } *asc_out = '\0'; From a80f0986bb39ae03ba9014bf4974fc26ae48da70 Mon Sep 17 00:00:00 2001 From: Marco Nelissen Date: Wed, 10 Dec 2014 10:44:20 -0800 Subject: [PATCH 15/15] Allow updates for open file descriptors even if the calling process itself would not be able to open the file. Bug: 18688419 Change-Id: I640db19f19c1a677735fd0c14b7e2e38977d0f4d --- sdcard/sdcard.c | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/sdcard/sdcard.c b/sdcard/sdcard.c index 9ba81ff10..d7bcceaef 100644 --- a/sdcard/sdcard.c +++ b/sdcard/sdcard.c @@ -904,7 +904,9 @@ static int handle_setattr(struct fuse* fuse, struct fuse_handler* handler, if (!node) { return -ENOENT; } - if (!check_caller_access_to_node(fuse, hdr, node, W_OK, has_rw)) { + + if (!(req->valid & FATTR_FH) && + !check_caller_access_to_node(fuse, hdr, node, W_OK, has_rw)) { return -EACCES; }