From cb46b011675a7edb9d7604e537fdcbc8f744c5a3 Mon Sep 17 00:00:00 2001 From: Andreas Gampe Date: Tue, 18 Apr 2017 15:19:36 -0700 Subject: [PATCH] Asan_extract: Add FDE check Under full-disk encryption, we must skip extracting libraries into the temporary /data directory. It is too small, and the framework will not be able to come up. Add a check for the vold.decrypt system property. As it turns out that we can't reliably use this, also add a size check (and use 512M = 131072 4K blocks as the limit). Bug: 36458146 Test: m && m SANITIZE_TARGET=address SANITIZE_TARGET_SYSTEM=true Change-Id: Ib350094b049b6e75832d393527b8b62a58a7fece --- rootdir/asan_extract.sh | 22 ++++++++++++++++++++++ 1 file changed, 22 insertions(+) diff --git a/rootdir/asan_extract.sh b/rootdir/asan_extract.sh index c7d2fdfcc..9db689318 100644 --- a/rootdir/asan_extract.sh +++ b/rootdir/asan_extract.sh @@ -26,6 +26,24 @@ SRC=/system/asan.tar.bz2 MD5_FILE=/data/asan.md5sum ASAN_DIR=/data/asan +# Minimum /data size in blocks. Arbitrarily 512M. +MIN_DATA_SIZE=131072 + +# Checks for FDE pre-decrypt state. + +VOLD_STATUS=$(getprop vold.decrypt) +if [ "$VOLD_STATUS" = "trigger_restart_min_framework" ] ; then + log -p i -t asan_install "Pre-decrypt FDE detected (by vold property)!" + exit 1 +fi + +STATFS_BLOCKS=$(stat -f -c '%b' /data) +if [ "$STATFS_BLOCKS" -le "$MIN_DATA_SIZE" ] ; then + log -p i -t asan_install "Pre-decrypt FDE detected (by /data size)!" + exit 1 +fi + +# Check for ASAN source. if ! test -f $SRC ; then log -p i -t asan_install "Did not find $SRC!" @@ -34,6 +52,8 @@ fi log -p i -t asan_install "Found $SRC, checking whether we need to apply it." +# Checksum check. + ASAN_TAR_MD5=$(md5sum $SRC) if test -f $MD5_FILE ; then INSTALLED_MD5=$(cat $MD5_FILE) @@ -43,6 +63,8 @@ if test -f $MD5_FILE ; then fi fi +# Actually apply the source. + # Just clean up, helps with restorecon. rm -rf $ASAN_DIR