android/android_bootable_recovery
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

Working ASLR implementation

Browse Source 
Separate files for retouch functionality are in minelf/*

ASLR for shared libraries is controlled by "-a" in ota_from_target_files.
Binary files are self-contained. Retouch logic can recover from crashes.

Signed-off-by: Hristo Bojinov <hristo@google.com>
Change-Id: I76c596abf4febd68c14f9d807ac62e8751e0b1bd
This commit is contained in:
Hristo Bojinov 2010-08-02 10:29:49 -07:00
parent f635d2e910
commit db314d69f0
10 changed files with 649 additions and 18 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
Android.mk
View File

@ -67,6 +67,7 @@ include $(BUILD_EXECUTABLE)
include $(commands_recovery_local_path)/minui/Android.mk
include $(commands_recovery_local_path)/minelf/Android.mk
include $(commands_recovery_local_path)/minzip/Android.mk
include $(commands_recovery_local_path)/mtdutils/Android.mk
include $(commands_recovery_local_path)/tools/Android.mk

4
applypatch/Android.mk
View File

@ -31,7 +31,7 @@ include $(CLEAR_VARS)
LOCAL_SRC_FILES := main.c
LOCAL_MODULE := applypatch
LOCAL_C_INCLUDES += bootable/recovery
LOCAL_STATIC_LIBRARIES += libapplypatch libmtdutils libmincrypt libbz
LOCAL_STATIC_LIBRARIES += libapplypatch libmtdutils libmincrypt libbz libminelf
LOCAL_SHARED_LIBRARIES += libz libcutils libstdc++ libc
include $(BUILD_EXECUTABLE)
@ -43,7 +43,7 @@ LOCAL_MODULE := applypatch_static
LOCAL_FORCE_STATIC_EXECUTABLE := true
LOCAL_MODULE_TAGS := eng
LOCAL_C_INCLUDES += bootable/recovery
LOCAL_STATIC_LIBRARIES += libapplypatch libmtdutils libmincrypt libbz
LOCAL_STATIC_LIBRARIES += libapplypatch libmtdutils libmincrypt libbz libminelf
LOCAL_STATIC_LIBRARIES += libz libcutils libstdc++ libc
include $(BUILD_EXECUTABLE)

42
applypatch/applypatch.c
View File

@ -30,16 +30,21 @@
#include "mtdutils/mtdutils.h"
#include "edify/expr.h"
static int SaveFileContents(const char* filename, FileContents file);
int SaveFileContents(const char* filename, FileContents file);
static int LoadPartitionContents(const char* filename, FileContents* file);
int ParseSha1(const char* str, uint8_t* digest);
static ssize_t FileSink(unsigned char* data, ssize_t len, void* token);
static int mtd_partitions_scanned = 0;
// Read a file into memory; store it and its associated metadata in
// *file. Return 0 on success.
int LoadFileContents(const char* filename, FileContents* file) {
// Read a file into memory; optionally (retouch_flag == RETOUCH_DO_MASK) mask
// the retouched entries back to their original value (such that SHA-1 checks
// don't fail due to randomization); store the file contents and associated
// metadata in *file.
//
// Return 0 on success.
int LoadFileContents(const char* filename, FileContents* file,
int retouch_flag) {
file->data = NULL;
// A special 'filename' beginning with "MTD:" or "EMMC:" means to
@ -75,6 +80,20 @@ int LoadFileContents(const char* filename, FileContents* file) {
}
fclose(f);
// apply_patch[_check] functions are blind to randomization. Randomization
// is taken care of in [Undo]RetouchBinariesFn. If there is a mismatch
// within a file, this means the file is assumed "corrupt" for simplicity.
if (retouch_flag) {
int32_t desired_offset = 0;
if (retouch_mask_data(file->data, file->size,
&desired_offset, NULL) != RETOUCH_DATA_MATCHED) {
printf("error trying to mask retouch entries\n");
free(file->data);
file->data = NULL;
return -1;
}
}
SHA(file->data, file->size, file->sha1);
return 0;
}
@ -303,7 +322,7 @@ static int LoadPartitionContents(const char* filename, FileContents* file) {
// Save the contents of the given FileContents object under the given
// filename. Return 0 on success.
static int SaveFileContents(const char* filename, FileContents file) {
int SaveFileContents(const char* filename, FileContents file) {
int fd = open(filename, O_WRONLY | O_CREAT | O_TRUNC);
if (fd < 0) {
printf("failed to open \"%s\" for write: %s\n",
@ -477,7 +496,7 @@ int applypatch_check(const char* filename,
// LoadFileContents is successful. (Useful for reading
// partitions, where the filename encodes the sha1s; no need to
// check them twice.)
if (LoadFileContents(filename, &file) != 0 ||
if (LoadFileContents(filename, &file, RETOUCH_DO_MASK) != 0 ||
(num_patches > 0 &&
FindMatchingPatch(file.sha1, patch_sha1_str, num_patches) < 0)) {
printf("file \"%s\" doesn't have any of expected "
@ -491,7 +510,7 @@ int applypatch_check(const char* filename,
// exists and matches the sha1 we're looking for, the check still
// passes.
if (LoadFileContents(CACHE_TEMP_SOURCE, &file) != 0) {
if (LoadFileContents(CACHE_TEMP_SOURCE, &file, RETOUCH_DO_MASK) != 0) {
printf("failed to load cache file\n");
return 1;
}
@ -617,7 +636,8 @@ int applypatch(const char* source_filename,
int made_copy = 0;
// We try to load the target file into the source_file object.
if (LoadFileContents(target_filename, &source_file) == 0) {
if (LoadFileContents(target_filename, &source_file,
RETOUCH_DO_MASK) == 0) {
if (memcmp(source_file.sha1, target_sha1, SHA_DIGEST_SIZE) == 0) {
// The early-exit case: the patch was already applied, this file
// has the desired hash, nothing for us to do.
@ -633,7 +653,8 @@ int applypatch(const char* source_filename,
// Need to load the source file: either we failed to load the
// target file, or we did but it's different from the source file.
free(source_file.data);
LoadFileContents(source_filename, &source_file);
LoadFileContents(source_filename, &source_file,
RETOUCH_DO_MASK);
}
if (source_file.data != NULL) {
@ -648,7 +669,8 @@ int applypatch(const char* source_filename,
free(source_file.data);
printf("source file is bad; trying copy\n");
if (LoadFileContents(CACHE_TEMP_SOURCE, &copy_file) < 0) {
if (LoadFileContents(CACHE_TEMP_SOURCE, &copy_file,
RETOUCH_DO_MASK) < 0) {
// fail.
printf("failed to read copy file\n");
return 1;

9
applypatch/applypatch.h
View File

@ -19,6 +19,7 @@
#include <sys/stat.h>
#include "mincrypt/sha.h"
#include "minelf/Retouch.h"
#include "edify/expr.h"
typedef struct _Patch {
@ -59,10 +60,12 @@ int applypatch_check(const char* filename,
int num_patches,
char** const patch_sha1_str);
// Read a file into memory; store it and its associated metadata in
// *file. Return 0 on success.
int LoadFileContents(const char* filename, FileContents* file);
int LoadFileContents(const char* filename, FileContents* file,
int retouch_flag);
int SaveFileContents(const char* filename, FileContents file);
void FreeFileContents(FileContents* file);
int FindMatchingPatch(uint8_t* sha1, char** const patch_sha1_str,
int num_patches);
// bsdiff.c
void ShowBSDiffLicense();

2
applypatch/main.c
View File

@ -74,7 +74,7 @@ static int ParsePatchArgs(int argc, char** argv,
(*patches)[i] = NULL;
} else {
FileContents fc;
if (LoadFileContents(colon, &fc) != 0) {
if (LoadFileContents(colon, &fc, RETOUCH_DONT_MASK) != 0) {
goto abort;
}
(*patches)[i] = malloc(sizeof(Value));

27
minelf/Android.mk Normal file
View File

@ -0,0 +1,27 @@
# Copyright (C) 2009 The Android Open Source Project
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
LOCAL_PATH := $(call my-dir)
include $(CLEAR_VARS)
LOCAL_SRC_FILES := \
Retouch.c
LOCAL_C_INCLUDES += bootable/recovery
LOCAL_MODULE := libminelf
LOCAL_CFLAGS += -Wall
include $(BUILD_STATIC_LIBRARY)

406
minelf/Retouch.c Normal file
View File

@ -0,0 +1,406 @@
/*
* Copyright (C) 2009 The Android Open Source Project
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
#include <errno.h>
#include <sys/stat.h>
#include <fcntl.h>
#include <stdio.h>
#include <unistd.h>
#include <string.h>
#include <strings.h>
#include "Retouch.h"
#include "applypatch/applypatch.h"
typedef struct {
int32_t mmap_addr;
char tag[4]; /* 'P', 'R', 'E', ' ' */
} prelink_info_t __attribute__((packed));
#define false 0
#define true 1
static int32_t offs_prev;
static uint32_t cont_prev;
static void init_compression_state(void) {
offs_prev = 0;
cont_prev = 0;
}
// For details on the encoding used for relocation lists, please
// refer to build/tools/retouch/retouch-prepare.c. The intent is to
// save space by removing most of the inherent redundancy.
static void decode_bytes(uint8_t *encoded_bytes, int encoded_size,
int32_t *dst_offset, uint32_t *dst_contents) {
if (encoded_size == 2) {
*dst_offset = offs_prev + (((encoded_bytes[0]&0x60)>>5)+1)*4;
// if the original was negative, we need to 1-pad before applying delta
int32_t tmp = (((encoded_bytes[0] & 0x0000001f) << 8) |
encoded_bytes[1]);
if (tmp & 0x1000) tmp = 0xffffe000 | tmp;
*dst_contents = cont_prev + tmp;
} else if (encoded_size == 3) {
*dst_offset = offs_prev + (((encoded_bytes[0]&0x30)>>4)+1)*4;
// if the original was negative, we need to 1-pad before applying delta
int32_t tmp = (((encoded_bytes[0] & 0x0000000f) << 16) |
(encoded_bytes[1] << 8) |
encoded_bytes[2]);
if (tmp & 0x80000) tmp = 0xfff00000 | tmp;
*dst_contents = cont_prev + tmp;
} else {
*dst_offset =
(encoded_bytes[0]<<24) |
(encoded_bytes[1]<<16) |
(encoded_bytes[2]<<8) |
encoded_bytes[3];
if (*dst_offset == 0x3fffffff) *dst_offset = -1;
*dst_contents =
(encoded_bytes[4]<<24) |
(encoded_bytes[5]<<16) |
(encoded_bytes[6]<<8) |
encoded_bytes[7];
}
}
static uint8_t *decode_in_memory(uint8_t *encoded_bytes,
int32_t *offset, uint32_t *contents) {
int input_size, charIx;
uint8_t input[8];
input[0] = *(encoded_bytes++);
if (input[0] & 0x80)
input_size = 2;
else if (input[0] & 0x40)
input_size = 3;
else
input_size = 8;
// we already read one byte..
charIx = 1;
while (charIx < input_size) {
input[charIx++] = *(encoded_bytes++);
}
// depends on the decoder state!
decode_bytes(input, input_size, offset, contents);
offs_prev = *offset;
cont_prev = *contents;
return encoded_bytes;
}
int retouch_mask_data(uint8_t *binary_object,
int32_t binary_size,
int32_t *desired_offset,
int32_t *retouch_offset) {
retouch_info_t *r_info;
prelink_info_t *p_info;
int32_t target_offset = 0;
if (desired_offset) target_offset = *desired_offset;
int32_t p_offs = binary_size-sizeof(prelink_info_t); // prelink_info_t
int32_t r_offs = p_offs-sizeof(retouch_info_t); // retouch_info_t
int32_t b_offs; // retouch data blob
// If not retouched, we say it was a match. This might get invoked on
// non-retouched binaries, so that's why we need to do this.
if (retouch_offset != NULL) *retouch_offset = target_offset;
if (r_offs < 0) return (desired_offset == NULL) ?
RETOUCH_DATA_NOTAPPLICABLE : RETOUCH_DATA_MATCHED;
p_info = (prelink_info_t *)(binary_object+p_offs);
r_info = (retouch_info_t *)(binary_object+r_offs);
if (strncmp(p_info->tag, "PRE ", 4) ||
strncmp(r_info->tag, "RETOUCH ", 8))
return (desired_offset == NULL) ?
RETOUCH_DATA_NOTAPPLICABLE : RETOUCH_DATA_MATCHED;
b_offs = r_offs-r_info->blob_size;
if (b_offs < 0) {
printf("negative binary offset: %d = %d - %d\n",
b_offs, r_offs, r_info->blob_size);
return RETOUCH_DATA_ERROR;
}
uint8_t *b_ptr = binary_object+b_offs;
// Retouched: let's go through the work then.
int32_t offset_candidate = target_offset;
bool offset_set = false, offset_mismatch = false;
init_compression_state();
while (b_ptr < (uint8_t *)r_info) {
int32_t retouch_entry_offset;
uint32_t *retouch_entry;
uint32_t retouch_original_value;
b_ptr = decode_in_memory(b_ptr,
&retouch_entry_offset,
&retouch_original_value);
if (retouch_entry_offset < (-1) ||
retouch_entry_offset >= b_offs) {
printf("bad retouch_entry_offset: %d", retouch_entry_offset);
return RETOUCH_DATA_ERROR;
}
// "-1" means this is the value in prelink_info_t, which also gets
// randomized.
if (retouch_entry_offset == -1)
retouch_entry = (uint32_t *)&(p_info->mmap_addr);
else
retouch_entry = (uint32_t *)(binary_object+retouch_entry_offset);
if (desired_offset)
*retouch_entry = retouch_original_value + target_offset;
// Infer the randomization shift, compare to previously inferred.
int32_t offset_of_this_entry = (int32_t)(*retouch_entry-
retouch_original_value);
if (!offset_set) {
offset_candidate = offset_of_this_entry;
offset_set = true;
} else {
if (offset_candidate != offset_of_this_entry) {
offset_mismatch = true;
printf("offset is mismatched: %d, this entry is %d,"
" original 0x%x @ 0x%x",
offset_candidate, offset_of_this_entry,
retouch_original_value, retouch_entry_offset);
}
}
}
if (b_ptr > (uint8_t *)r_info) {
printf("b_ptr went too far: %p, while r_info is %p",
b_ptr, r_info);
return RETOUCH_DATA_ERROR;
}
if (offset_mismatch) return RETOUCH_DATA_MISMATCHED;
if (retouch_offset != NULL) *retouch_offset = offset_candidate;
return RETOUCH_DATA_MATCHED;
}
// On success, _override is set to the offset that was actually applied.
// This implies that once we randomize to an offset we stick with it.
// This in turn is necessary in order to guarantee recovery after crash.
bool retouch_one_library(const char *binary_name,
const char *binary_sha1,
int32_t retouch_offset,
int32_t *retouch_offset_override) {
bool success = true;
int result;
FileContents file;
file.data = NULL;
char binary_name_atomic[strlen(binary_name)+10];
strcpy(binary_name_atomic, binary_name);
strcat(binary_name_atomic, ".atomic");
// We need a path that exists for calling statfs() later.
//
// Assume that binary_name (eg "/system/app/Foo.apk") is located
// on the same filesystem as its top-level directory ("/system").
char target_fs[strlen(binary_name)+1];
char* slash = strchr(binary_name+1, '/');
if (slash != NULL) {
int count = slash - binary_name;
strncpy(target_fs, binary_name, count);
target_fs[count] = '\0';
} else {
strcpy(target_fs, binary_name);
}
result = LoadFileContents(binary_name, &file, RETOUCH_DONT_MASK);
if (result == 0) {
// Figure out the *apparent* offset to which this file has been
// retouched. If it looks good, we will skip processing (we might
// have crashed and during this recovery pass we don't want to
// overwrite a valuable saved file in /cache---which would happen
// if we blindly retouch everything again). NOTE: This implies
// that we might have to override the supplied retouch offset. We
// can do the override only once though: everything should match
// afterward.
int32_t inferred_offset;
int retouch_probe_result = retouch_mask_data(file.data,
file.size,
NULL,
&inferred_offset);
if (retouch_probe_result == RETOUCH_DATA_MATCHED) {
if ((retouch_offset == inferred_offset) ||
((retouch_offset != 0 && inferred_offset != 0) &&
(retouch_offset_override != NULL))) {
// This file is OK already and we are allowed to override.
// Let's just return the offset override value. It is critical
// to skip regardless of override: a broken file might need
// recovery down the list and we should not mess up the saved
// copy by doing unnecessary retouching.
//
// NOTE: If retouching was already started with a different
// value, we will not be allowed to override. This happens
// if on the retouch list there is a patched binary (which is
// masked in apply_patch()) before there is a non-patched
// binary.
if (retouch_offset_override != NULL)
*retouch_offset_override = inferred_offset;
success = true;
goto out;
} else {
// Retouch to zero (mask the retouching), to make sure that
// the SHA-1 check will pass below.
int32_t zero = 0;
retouch_mask_data(file.data, file.size, &zero, NULL);
SHA(file.data, file.size, file.sha1);
}
}
if (retouch_probe_result == RETOUCH_DATA_NOTAPPLICABLE) {
// In the case of not retouchable, fake it. We do not want
// to do the normal processing and overwrite the backup file:
// we might be recovering!
//
// We return a zero override, which tells the caller that we
// simply skipped the file.
if (retouch_offset_override != NULL)
*retouch_offset_override = 0;
success = true;
goto out;
}
// If we get here, either there was a mismatch in the offset, or
// the file has not been processed yet. Continue with normal
// processing.
}
if (result != 0 || FindMatchingPatch(file.sha1, &binary_sha1, 1) < 0) {
free(file.data);
printf("Attempting to recover source from '%s' ...\n",
CACHE_TEMP_SOURCE);
result = LoadFileContents(CACHE_TEMP_SOURCE, &file, RETOUCH_DO_MASK);
if (result != 0 || FindMatchingPatch(file.sha1, &binary_sha1, 1) < 0) {
printf(" failed.\n");
success = false;
goto out;
}
printf(" succeeded.\n");
}
// Retouch in-memory before worrying about backing up the original.
//
// Recovery steps will be oblivious to the actual retouch offset used,
// so might as well write out the already-retouched copy. Then, in the
// usual case, we will just swap the file locally, with no more writes
// needed. In the no-free-space case, we will then write the same to the
// original location.
result = retouch_mask_data(file.data, file.size, &retouch_offset, NULL);
if (result != RETOUCH_DATA_MATCHED) {
success = false;
goto out;
}
if (retouch_offset_override != NULL)
*retouch_offset_override = retouch_offset;
// How much free space do we need?
bool enough_space = false;
size_t free_space = FreeSpaceForFile(target_fs);
// 50% margin when estimating the space needed.
enough_space = (free_space > (file.size * 3 / 2));
// The experts say we have to allow for a retry of the
// whole process to avoid filesystem weirdness.
int retry = 1;
bool made_copy = false;
do {
// First figure out where to store a copy of the original.
// Ideally leave the original itself intact until the
// atomic swap. If no room on the same partition, fall back
// to the cache partition and remove the original.
if (!enough_space) {
printf("Target is %ldB; free space is %ldB: not enough.\n",
(long)file.size, (long)free_space);
retry = 0;
if (MakeFreeSpaceOnCache(file.size) < 0) {
printf("Not enough free space on '/cache'.\n");
success = false;
goto out;
}
if (SaveFileContents(CACHE_TEMP_SOURCE, file) < 0) {
printf("Failed to back up source file.\n");
success = false;
goto out;
}
made_copy = true;
unlink(binary_name);
size_t free_space = FreeSpaceForFile(target_fs);
printf("(now %ld bytes free for target)\n", (long)free_space);
}
result = SaveFileContents(binary_name_atomic, file);
if (result != 0) {
// Maybe the filesystem was optimistic: retry.
enough_space = false;
unlink(binary_name_atomic);
printf("Saving the retouched contents failed; retrying.\n");
continue;
}
// Succeeded; no need to retry.
break;
} while (retry-- > 0);
// Give the .atomic file the same owner, group, and mode of the
// original source file.
if (chmod(binary_name_atomic, file.st.st_mode) != 0) {
printf("chmod of \"%s\" failed: %s\n",
binary_name_atomic, strerror(errno));
success = false;
goto out;
}
if (chown(binary_name_atomic, file.st.st_uid, file.st.st_gid) != 0) {
printf("chown of \"%s\" failed: %s\n",
binary_name_atomic,
strerror(errno));
success = false;
goto out;
}
// Finally, rename the .atomic file to replace the target file.
if (rename(binary_name_atomic, binary_name) != 0) {
printf("rename of .atomic to \"%s\" failed: %s\n",
binary_name, strerror(errno));
success = false;
goto out;
}
// If this run created a copy, and we're here, we can delete it.
if (made_copy) unlink(CACHE_TEMP_SOURCE);
out:
// clean up
free(file.data);
unlink(binary_name_atomic);
return success;
}

51
minelf/Retouch.h Normal file
View File

@ -0,0 +1,51 @@
/*
* Copyright (C) 2009 The Android Open Source Project
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
#ifndef _MINELF_RETOUCH
#define _MINELF_RETOUCH
#include <stdbool.h>
#include <sys/types.h>
typedef struct {
char tag[8]; /* "RETOUCH ", not zero-terminated */
uint32_t blob_size; /* in bytes, located right before this struct */
} retouch_info_t __attribute__((packed));
// Retouch a file. Use CACHED_SOURCE_TEMP to store a copy.
bool retouch_one_library(const char *binary_name,
const char *binary_sha1,
int32_t retouch_offset,
int32_t *retouch_offset_override);
#define RETOUCH_DONT_MASK 0
#define RETOUCH_DO_MASK 1
#define RETOUCH_DATA_ERROR 0 // This is bad. Should not happen.
#define RETOUCH_DATA_MATCHED 1 // Up to an uniform random offset.
#define RETOUCH_DATA_MISMATCHED 2 // Partially randomized, or total mess.
#define RETOUCH_DATA_NOTAPPLICABLE 3 // Not retouched. Only when inferring.
// Mask retouching in-memory. Used before apply_patch[_check].
// Also used to determine status of retouching after a crash.
//
// If desired_offset is not NULL, then apply retouching instead,
// and return that in retouch_offset.
int retouch_mask_data(uint8_t *binary_object,
int32_t binary_size,
int32_t *desired_offset,
int32_t *retouch_offset);
#endif

1
updater/Android.mk
View File

@ -27,6 +27,7 @@ endif
LOCAL_STATIC_LIBRARIES += $(TARGET_RECOVERY_UPDATER_LIBS) $(TARGET_RECOVERY_UPDATER_EXTRA_LIBS)
LOCAL_STATIC_LIBRARIES += libapplypatch libedify libmtdutils libminzip libz
LOCAL_STATIC_LIBRARIES += libmincrypt libbz
LOCAL_STATIC_LIBRARIES += libminelf
LOCAL_STATIC_LIBRARIES += libcutils libstdc++ libc
LOCAL_C_INCLUDES += $(LOCAL_PATH)/..

124
updater/install.c
View File

@ -25,12 +25,15 @@
#include <sys/types.h>
#include <sys/wait.h>
#include <unistd.h>
#include <fcntl.h>
#include <time.h>
#include "cutils/misc.h"
#include "cutils/properties.h"
#include "edify/expr.h"
#include "mincrypt/sha.h"
#include "minzip/DirUtil.h"
#include "minelf/Retouch.h"
#include "mtdutils/mounts.h"
#include "mtdutils/mtdutils.h"
#include "updater.h"
@ -429,6 +432,121 @@ Value* PackageExtractFileFn(const char* name, State* state,
}
// retouch_binaries(lib1, lib2, ...)
Value* RetouchBinariesFn(const char* name, State* state,
int argc, Expr* argv[]) {
UpdaterInfo* ui = (UpdaterInfo*)(state->cookie);
char **retouch_entries = ReadVarArgs(state, argc, argv);
if (retouch_entries == NULL) {
return StringValue(strdup("t"));
}
// some randomness from the clock
int32_t override_base;
bool override_set = false;
int32_t random_base = time(NULL) % 1024;
// some more randomness from /dev/random
FILE *f_random = fopen("/dev/random", "rb");
uint16_t random_bits = 0;
if (f_random != NULL) {
fread(&random_bits, 2, 1, f_random);
random_bits = random_bits % 1024;
fclose(f_random);
}
random_base = (random_base + random_bits) % 1024;
fprintf(ui->cmd_pipe, "ui_print Random offset: 0x%x\n", random_base);
fprintf(ui->cmd_pipe, "ui_print\n");
// make sure we never randomize to zero; this let's us look at a file
// and know for sure whether it has been processed; important in the
// crash recovery process
if (random_base == 0) random_base = 1;
// make sure our randomization is page-aligned
random_base *= -0x1000;
override_base = random_base;
int i = 0;
bool success = true;
while (i < (argc - 1)) {
success = success && retouch_one_library(retouch_entries[i],
retouch_entries[i+1],
random_base,
override_set ?
NULL :
&override_base);
if (!success)
ErrorAbort(state, "Failed to retouch '%s'.", retouch_entries[i]);
free(retouch_entries[i]);
free(retouch_entries[i+1]);
i += 2;
if (success && override_base != 0) {
random_base = override_base;
override_set = true;
}
}
if (i < argc) {
free(retouch_entries[i]);
success = false;
}
free(retouch_entries);
if (!success) {
Value* v = malloc(sizeof(Value));
v->type = VAL_STRING;
v->data = NULL;
v->size = -1;
return v;
}
return StringValue(strdup("t"));
}
// undo_retouch_binaries(lib1, lib2, ...)
Value* UndoRetouchBinariesFn(const char* name, State* state,
int argc, Expr* argv[]) {
UpdaterInfo* ui = (UpdaterInfo*)(state->cookie);
char **retouch_entries = ReadVarArgs(state, argc, argv);
if (retouch_entries == NULL) {
return StringValue(strdup("t"));
}
int i = 0;
bool success = true;
int32_t override_base;
while (i < (argc-1)) {
success = success && retouch_one_library(retouch_entries[i],
retouch_entries[i+1],
0 /* undo => offset==0 */,
NULL);
if (!success)
ErrorAbort(state, "Failed to unretouch '%s'.",
retouch_entries[i]);
free(retouch_entries[i]);
free(retouch_entries[i+1]);
i += 2;
}
if (i < argc) {
free(retouch_entries[i]);
success = false;
}
free(retouch_entries);
if (!success) {
Value* v = malloc(sizeof(Value));
v->type = VAL_STRING;
v->data = NULL;
v->size = -1;
return v;
}
return StringValue(strdup("t"));
}
// symlink target src1 src2 ...
// unlinks any previously existing src1, src2, etc before creating symlinks.
Value* SymlinkFn(const char* name, State* state, int argc, Expr* argv[]) {
@ -1007,7 +1125,7 @@ Value* Sha1CheckFn(const char* name, State* state, int argc, Expr* argv[]) {
return args[i];
}
// Read a local file and return its contents (the char* returned
// Read a local file and return its contents (the Value* returned
// is actually a FileContents*).
Value* ReadFileFn(const char* name, State* state, int argc, Expr* argv[]) {
if (argc != 1) {
@ -1020,7 +1138,7 @@ Value* ReadFileFn(const char* name, State* state, int argc, Expr* argv[]) {
v->type = VAL_BLOB;
FileContents fc;
if (LoadFileContents(filename, &fc) != 0) {
if (LoadFileContents(filename, &fc, RETOUCH_DONT_MASK) != 0) {
ErrorAbort(state, "%s() loading \"%s\" failed: %s",
name, filename, strerror(errno));
free(filename);
@ -1047,6 +1165,8 @@ void RegisterInstallFunctions() {
RegisterFunction("delete_recursive", DeleteFn);
RegisterFunction("package_extract_dir", PackageExtractDirFn);
RegisterFunction("package_extract_file", PackageExtractFileFn);
RegisterFunction("retouch_binaries", RetouchBinariesFn);
RegisterFunction("undo_retouch_binaries", UndoRetouchBinariesFn);
RegisterFunction("symlink", SymlinkFn);
RegisterFunction("set_perm", SetPermFn);
RegisterFunction("set_perm_recursive", SetPermFn);