diff options
author | Benoit Goby <benoit@android.com> | 2013-01-14 21:26:30 -0800 |
---|---|---|
committer | Benoit Goby <benoit@android.com> | 2013-01-15 17:16:22 -0800 |
commit | 345cb066d2e0c774c877a85d3035f298df1daf16 (patch) | |
tree | 9a4b087758ace8a5118985c184d791e99b5b4384 | |
parent | d984497a8886251540a057f379e0f016ea72696b (diff) | |
download | system_core-345cb066d2e0c774c877a85d3035f298df1daf16.zip system_core-345cb066d2e0c774c877a85d3035f298df1daf16.tar.gz system_core-345cb066d2e0c774c877a85d3035f298df1daf16.tar.bz2 |
adb: Read secure adb keys on every auth request
The framework can now clear the user key list, so we need to reload the
key list on every auth request instead of loading it once when adbd
starts.
This also fixes issues with encrypted devices, where the user key file
is only readable after the user has unlocked the device.
Change-Id: I350c5aab986f8ca86b95f316398d03012553e581
-rw-r--r-- | adb/adb_auth.h | 2 | ||||
-rw-r--r-- | adb/adb_auth_client.c | 23 |
2 files changed, 11 insertions, 14 deletions
diff --git a/adb/adb_auth.h b/adb/adb_auth.h index 1fffa49..96f637b 100644 --- a/adb/adb_auth.h +++ b/adb/adb_auth.h @@ -36,7 +36,6 @@ int adb_auth_get_userkey(unsigned char *data, size_t len); static inline int adb_auth_generate_token(void *token, size_t token_size) { return 0; } static inline int adb_auth_verify(void *token, void *sig, int siglen) { return 0; } static inline void adb_auth_confirm_key(unsigned char *data, size_t len, atransport *t) { } -static inline void adb_auth_reload_keys(void) { } #else // !ADB_HOST @@ -47,7 +46,6 @@ static inline int adb_auth_get_userkey(unsigned char *data, size_t len) { return int adb_auth_generate_token(void *token, size_t token_size); int adb_auth_verify(void *token, void *sig, int siglen); void adb_auth_confirm_key(unsigned char *data, size_t len, atransport *t); -void adb_auth_reload_keys(void); #endif // ADB_HOST diff --git a/adb/adb_auth_client.c b/adb/adb_auth_client.c index 0b4913e..a4ad18f 100644 --- a/adb/adb_auth_client.c +++ b/adb/adb_auth_client.c @@ -34,8 +34,6 @@ struct adb_public_key { RSAPublicKey key; }; -static struct listnode key_list; - static char *key_paths[] = { "/adb_keys", "/data/misc/adb/adb_keys", @@ -102,18 +100,18 @@ static void free_keys(struct listnode *list) } } -void adb_auth_reload_keys(void) +static void load_keys(struct listnode *list) { char *path; char **paths = key_paths; struct stat buf; - free_keys(&key_list); + list_init(list); while ((path = *paths++)) { if (!stat(path, &buf)) { D("Loading keys from '%s'\n", path); - read_keys(path, &key_list); + read_keys(path, list); } } } @@ -137,19 +135,24 @@ int adb_auth_verify(void *token, void *sig, int siglen) { struct listnode *item; struct adb_public_key *key; - int ret; + struct listnode key_list; + int ret = 0; if (siglen != RSANUMBYTES) return 0; + load_keys(&key_list); + list_for_each(item, &key_list) { key = node_to_item(item, struct adb_public_key, node); ret = RSA_verify(&key->key, sig, siglen, token); if (ret) - return 1; + break; } - return 0; + free_keys(&key_list); + + return ret; } static void adb_auth_event(int fd, unsigned events, void *data) @@ -166,7 +169,6 @@ static void adb_auth_event(int fd, unsigned events, void *data) framework_fd = -1; } else if (ret == 2 && response[0] == 'O' && response[1] == 'K') { - adb_auth_reload_keys(); adb_auth_verified(t); } } @@ -225,9 +227,6 @@ void adb_auth_init(void) { int fd, ret; - list_init(&key_list); - adb_auth_reload_keys(); - fd = android_get_control_socket("adbd"); if (fd < 0) { D("Failed to get adbd socket\n"); |