diff options
Diffstat (limited to 'cmds')
| -rw-r--r-- | cmds/keystore/keystore.c | 34 | ||||
| -rw-r--r-- | cmds/keystore/keystore_get.h | 22 | ||||
| -rw-r--r-- | cmds/runtime/main_runtime.cpp | 2 |
3 files changed, 33 insertions, 25 deletions
diff --git a/cmds/keystore/keystore.c b/cmds/keystore/keystore.c index ba74c78..60cc521 100644 --- a/cmds/keystore/keystore.c +++ b/cmds/keystore/keystore.c @@ -46,7 +46,7 @@ * user-defined password. To keep things simple, buffers are always larger than * the maximum space we needed, so boundary checks on buffers are omitted. */ -#define KEY_SIZE 120 +#define KEY_SIZE ((NAME_MAX - 15) / 2) #define VALUE_SIZE 32768 #define PASSWORD_SIZE VALUE_SIZE @@ -163,19 +163,19 @@ static struct __attribute__((packed)) { static int8_t encrypt_blob(char *name, AES_KEY *aes_key) { uint8_t vector[AES_BLOCK_SIZE]; - int length = blob.length; + int length; int fd; if (read(the_entropy, vector, AES_BLOCK_SIZE) != AES_BLOCK_SIZE) { return SYSTEM_ERROR; } - length += blob.value - blob.digested; + length = blob.length + blob.value - blob.encrypted; + length = (length + AES_BLOCK_SIZE - 1) / AES_BLOCK_SIZE * AES_BLOCK_SIZE; + blob.length = htonl(blob.length); - MD5(blob.digested, length, blob.digest); + MD5(blob.digested, length - (blob.digested - blob.encrypted), blob.digest); - length += blob.digested - blob.encrypted; - length = (length + AES_BLOCK_SIZE - 1) / AES_BLOCK_SIZE * AES_BLOCK_SIZE; memcpy(vector, blob.vector, AES_BLOCK_SIZE); AES_cbc_encrypt(blob.encrypted, blob.encrypted, length, aes_key, vector, AES_ENCRYPT); @@ -184,11 +184,9 @@ static int8_t encrypt_blob(char *name, AES_KEY *aes_key) length += blob.encrypted - (uint8_t *)&blob; fd = open(".tmp", O_WRONLY | O_TRUNC | O_CREAT, S_IRUSR | S_IWUSR); - if (fd == -1 || write(fd, &blob, length) != length) { - return SYSTEM_ERROR; - } + length -= write(fd, &blob, length); close(fd); - return rename(".tmp", name) ? SYSTEM_ERROR : NO_ERROR; + return (length || rename(".tmp", name)) ? SYSTEM_ERROR : NO_ERROR; } static int8_t decrypt_blob(char *name, AES_KEY *aes_key) @@ -210,14 +208,15 @@ static int8_t decrypt_blob(char *name, AES_KEY *aes_key) AES_cbc_encrypt(blob.encrypted, blob.encrypted, length, aes_key, blob.vector, AES_DECRYPT); length -= blob.digested - blob.encrypted; - if (!memcmp(blob.digest, MD5(blob.digested, length, NULL), - MD5_DIGEST_LENGTH)) { + if (memcmp(blob.digest, MD5(blob.digested, length, NULL), + MD5_DIGEST_LENGTH)) { return VALUE_CORRUPTED; } length -= blob.value - blob.digested; blob.length = ntohl(blob.length); - return (length < blob.length) ? VALUE_CORRUPTED : NO_ERROR; + return (blob.length < 0 || blob.length > length) ? VALUE_CORRUPTED : + NO_ERROR; } /* Here are the actions. Each of them is a function without arguments. All @@ -443,10 +442,11 @@ static struct user { uid_t euid; uint32_t perms; } users[] = { - {AID_SYSTEM, 0, ~GET}, + {AID_SYSTEM, ~0, ~GET}, {AID_VPN, AID_SYSTEM, GET}, {AID_WIFI, AID_SYSTEM, GET}, - {0, 0, TEST | GET | INSERT | DELETE | EXIST | SAW}, + {AID_ROOT, AID_SYSTEM, GET}, + {~0, ~0, TEST | GET | INSERT | DELETE | EXIST | SAW}, }; static int8_t process(int8_t code) { @@ -454,7 +454,7 @@ static int8_t process(int8_t code) { struct action *action = actions; int i; - while (user->uid && user->uid != uid) { + while (~user->uid && user->uid != uid) { ++user; } while (action->code && action->code != code) { @@ -469,7 +469,7 @@ static int8_t process(int8_t code) { if (action->state && action->state != state) { return state; } - if (user->euid) { + if (~user->euid) { uid = user->euid; } for (i = 0; i < MAX_PARAM && action->lengths[i]; ++i) { diff --git a/cmds/keystore/keystore_get.h b/cmds/keystore/keystore_get.h index 0e7e1ae..141f69b 100644 --- a/cmds/keystore/keystore_get.h +++ b/cmds/keystore/keystore_get.h @@ -19,7 +19,6 @@ #include <stdio.h> #include <stdint.h> -#include <string.h> #include <unistd.h> #include <sys/types.h> #include <sys/socket.h> @@ -28,18 +27,23 @@ #define KEYSTORE_MESSAGE_SIZE 65535 +#ifdef __cplusplus +extern "C" { +#endif + /* This function is provided for native components to get values from keystore. - * Users are required to link against libcutils. The lengths of keys and values - * are limited to KEYSTORE_MESSAGE_SIZE. This function returns the length of - * the requested value or -1 if something goes wrong. */ -static int keystore_get(const char *key, char *value) + * Users are required to link against libcutils. Keys are values are 8-bit safe. + * The first two arguments are the key and its length. The third argument + * specifies the buffer to store the retrieved value, which must be an array of + * KEYSTORE_MESSAGE_SIZE bytes. This function returns the length of the value or + * -1 if an error happens. */ +static int keystore_get(const char *key, int length, char *value) { - int length = strlen(key); uint8_t bytes[2] = {length >> 8, length}; uint8_t code = 'g'; int sock; - if (length > KEYSTORE_MESSAGE_SIZE) { + if (length < 0 || length > KEYSTORE_MESSAGE_SIZE) { return -1; } sock = socket_local_client("keystore", ANDROID_SOCKET_NAMESPACE_RESERVED, @@ -66,4 +70,8 @@ static int keystore_get(const char *key, char *value) return length; } +#ifdef __cplusplus +} +#endif + #endif diff --git a/cmds/runtime/main_runtime.cpp b/cmds/runtime/main_runtime.cpp index 21e0e4d..83cb533 100644 --- a/cmds/runtime/main_runtime.cpp +++ b/cmds/runtime/main_runtime.cpp @@ -19,7 +19,7 @@ #include <private/utils/Static.h> -#include <ui/ISurfaceComposer.h> +#include <surfaceflinger/ISurfaceComposer.h> #include <android_runtime/AndroidRuntime.h> |