summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorBenoit Goby <benoit@android.com>2013-01-14 21:26:30 -0800
committerBenoit Goby <benoit@android.com>2013-01-15 17:16:22 -0800
commit345cb066d2e0c774c877a85d3035f298df1daf16 (patch)
tree9a4b087758ace8a5118985c184d791e99b5b4384
parentd984497a8886251540a057f379e0f016ea72696b (diff)
downloadsystem_core-345cb066d2e0c774c877a85d3035f298df1daf16.zip
system_core-345cb066d2e0c774c877a85d3035f298df1daf16.tar.gz
system_core-345cb066d2e0c774c877a85d3035f298df1daf16.tar.bz2
adb: Read secure adb keys on every auth request
The framework can now clear the user key list, so we need to reload the key list on every auth request instead of loading it once when adbd starts. This also fixes issues with encrypted devices, where the user key file is only readable after the user has unlocked the device. Change-Id: I350c5aab986f8ca86b95f316398d03012553e581
-rw-r--r--adb/adb_auth.h2
-rw-r--r--adb/adb_auth_client.c23
2 files changed, 11 insertions, 14 deletions
diff --git a/adb/adb_auth.h b/adb/adb_auth.h
index 1fffa49..96f637b 100644
--- a/adb/adb_auth.h
+++ b/adb/adb_auth.h
@@ -36,7 +36,6 @@ int adb_auth_get_userkey(unsigned char *data, size_t len);
static inline int adb_auth_generate_token(void *token, size_t token_size) { return 0; }
static inline int adb_auth_verify(void *token, void *sig, int siglen) { return 0; }
static inline void adb_auth_confirm_key(unsigned char *data, size_t len, atransport *t) { }
-static inline void adb_auth_reload_keys(void) { }
#else // !ADB_HOST
@@ -47,7 +46,6 @@ static inline int adb_auth_get_userkey(unsigned char *data, size_t len) { return
int adb_auth_generate_token(void *token, size_t token_size);
int adb_auth_verify(void *token, void *sig, int siglen);
void adb_auth_confirm_key(unsigned char *data, size_t len, atransport *t);
-void adb_auth_reload_keys(void);
#endif // ADB_HOST
diff --git a/adb/adb_auth_client.c b/adb/adb_auth_client.c
index 0b4913e..a4ad18f 100644
--- a/adb/adb_auth_client.c
+++ b/adb/adb_auth_client.c
@@ -34,8 +34,6 @@ struct adb_public_key {
RSAPublicKey key;
};
-static struct listnode key_list;
-
static char *key_paths[] = {
"/adb_keys",
"/data/misc/adb/adb_keys",
@@ -102,18 +100,18 @@ static void free_keys(struct listnode *list)
}
}
-void adb_auth_reload_keys(void)
+static void load_keys(struct listnode *list)
{
char *path;
char **paths = key_paths;
struct stat buf;
- free_keys(&key_list);
+ list_init(list);
while ((path = *paths++)) {
if (!stat(path, &buf)) {
D("Loading keys from '%s'\n", path);
- read_keys(path, &key_list);
+ read_keys(path, list);
}
}
}
@@ -137,19 +135,24 @@ int adb_auth_verify(void *token, void *sig, int siglen)
{
struct listnode *item;
struct adb_public_key *key;
- int ret;
+ struct listnode key_list;
+ int ret = 0;
if (siglen != RSANUMBYTES)
return 0;
+ load_keys(&key_list);
+
list_for_each(item, &key_list) {
key = node_to_item(item, struct adb_public_key, node);
ret = RSA_verify(&key->key, sig, siglen, token);
if (ret)
- return 1;
+ break;
}
- return 0;
+ free_keys(&key_list);
+
+ return ret;
}
static void adb_auth_event(int fd, unsigned events, void *data)
@@ -166,7 +169,6 @@ static void adb_auth_event(int fd, unsigned events, void *data)
framework_fd = -1;
}
else if (ret == 2 && response[0] == 'O' && response[1] == 'K') {
- adb_auth_reload_keys();
adb_auth_verified(t);
}
}
@@ -225,9 +227,6 @@ void adb_auth_init(void)
{
int fd, ret;
- list_init(&key_list);
- adb_auth_reload_keys();
-
fd = android_get_control_socket("adbd");
if (fd < 0) {
D("Failed to get adbd socket\n");