Verify wipe package when wiping A/B device in recovery.

To increase the security of wiping A/B devices, let uncrypt write wipe package in misc partition. Then recovery verifies the wipe package before wiping the device. Bug: 29159185 Change-Id: I186691bab1928d3dc036bc5542abd64a81bc2168
author: Yabin Cui 2016-06-09 16:09:39 -0500
committer: Yabin Cui 2016-06-20 20:18:02 -0500
commit: 6faf0265c9b58db2c15b53f6d29025629d52f882 (patch)
tree: fc2e067205a986071615f936e8ff7040e01520f5 /uncrypt
parent: dc1393d09bcc09ae246cd46b2248d9401605d0f5 (diff)
download: platform-bootable-recovery-6faf0265c9b58db2c15b53f6d29025629d52f882.tar.gz
platform-bootable-recovery-6faf0265c9b58db2c15b53f6d29025629d52f882.tar.xz
platform-bootable-recovery-6faf0265c9b58db2c15b53f6d29025629d52f882.zip
3 files changed, 37 insertions, 3 deletions
diff --git a/uncrypt/bootloader_message_writer.cpp b/uncrypt/bootloader_message_writer.cpp
index 3bb106aa..42df31ef 100644
--- a/uncrypt/bootloader_message_writer.cpp
+++ b/uncrypt/bootloader_message_writer.cpp
@@ -58,7 +58,7 @@ static std::string get_misc_blk_device(std::string* err) {
  return record->blk_device;
 }
-static bool write_bootloader_message(const bootloader_message& boot, std::string* err) {
+static bool write_misc_partition(const void* p, size_t size, size_t misc_offset, std::string* err) {
  std::string misc_blk_device = get_misc_blk_device(err);
  if (misc_blk_device.empty()) {
    return false;
@@ -69,11 +69,18 @@ static bool write_bootloader_message(const bootloader_message& boot, std::string
                                       strerror(errno));
    return false;
  }
-  if (!android::base::WriteFully(fd.get(), &boot, sizeof(boot))) {
+  if (lseek(fd.get(), static_cast<off_t>(misc_offset), SEEK_SET) !=
+      static_cast<off_t>(misc_offset)) {
+    *err = android::base::StringPrintf("failed to lseek %s: %s", misc_blk_device.c_str(),
+                                       strerror(errno));
+    return false;
+  }
+  if (!android::base::WriteFully(fd.get(), p, size)) {
    *err = android::base::StringPrintf("failed to write %s: %s", misc_blk_device.c_str(),
                                       strerror(errno));
    return false;
  }
  // TODO: O_SYNC and fsync duplicates each other?
  if (fsync(fd.get()) == -1) {
    *err = android::base::StringPrintf("failed to fsync %s: %s", misc_blk_device.c_str(),
@@ -83,6 +90,10 @@ static bool write_bootloader_message(const bootloader_message& boot, std::string
  return true;
 }
+static bool write_bootloader_message(const bootloader_message& boot, std::string* err) {
+  return write_misc_partition(&boot, sizeof(boot), BOOTLOADER_MESSAGE_OFFSET_IN_MISC, err);
+}
 bool clear_bootloader_message(std::string* err) {
  bootloader_message boot = {};
  return write_bootloader_message(boot, err);
@@ -101,6 +112,11 @@ bool write_bootloader_message(const std::vector<std::string>& options, std::stri
  return write_bootloader_message(boot, err);
 }
+bool write_wipe_package(const std::string& package_data, std::string* err) {
+  return write_misc_partition(package_data.data(), package_data.size(),
+                              WIPE_PACKAGE_OFFSET_IN_MISC, err);
+}
 extern "C" bool write_bootloader_message(const char* options) {
  std::string err;
  return write_bootloader_message({options}, &err);
diff --git a/uncrypt/include/bootloader_message_writer.h b/uncrypt/include/bootloader_message_writer.h
index e0ca3f44..1344bc83 100644
--- a/uncrypt/include/bootloader_message_writer.h
+++ b/uncrypt/include/bootloader_message_writer.h
@@ -24,6 +24,7 @@
 bool clear_bootloader_message(std::string* err);
 bool write_bootloader_message(const std::vector<std::string>& options, std::string* err);
+bool write_wipe_package(const std::string& package_data, std::string* err);
 #else
 #include <stdbool.h>
diff --git a/uncrypt/uncrypt.cpp b/uncrypt/uncrypt.cpp
index d7105a01..f62d1327 100644
--- a/uncrypt/uncrypt.cpp
+++ b/uncrypt/uncrypt.cpp
@@ -503,14 +503,31 @@ static bool setup_bcb(const int socket) {
        return false;
    }
    ALOGI("  received command: [%s] (%zu)", content.c_str(), content.size());
+    std::vector<std::string> options = android::base::Split(content, "\n");
+    std::string wipe_package;
+    for (auto& option : options) {
+        if (android::base::StartsWith(option, "--wipe_package=")) {
+            std::string path = option.substr(strlen("--wipe_package="));
+            if (!android::base::ReadFileToString(path, &wipe_package)) {
+                ALOGE("failed to read %s: %s", path.c_str(), strerror(errno));
+                return false;
+            }
+            option = android::base::StringPrintf("--wipe_package_size=%zu", wipe_package.size());
+        }
+    }
    // c8. setup the bcb command
    std::string err;
-    if (!write_bootloader_message({content}, &err)) {
+    if (!write_bootloader_message(options, &err)) {
        ALOGE("failed to set bootloader message: %s", err.c_str());
        write_status_to_socket(-1, socket);
        return false;
    }
+    if (!wipe_package.empty() && !write_wipe_package(wipe_package, &err)) {
+        ALOGE("failed to set wipe package: %s", err.c_str());
+        write_status_to_socket(-1, socket);
+        return false;
+    }
    // c10. send "100" status
    write_status_to_socket(100, socket);
    return true;
author	Yabin Cui	2016-06-09 16:09:39 -0500
committer	Yabin Cui	2016-06-20 20:18:02 -0500
commit	6faf0265c9b58db2c15b53f6d29025629d52f882 (patch)
tree	fc2e067205a986071615f936e8ff7040e01520f5 /uncrypt
parent	dc1393d09bcc09ae246cd46b2248d9401605d0f5 (diff)
download	platform-bootable-recovery-6faf0265c9b58db2c15b53f6d29025629d52f882.tar.gz platform-bootable-recovery-6faf0265c9b58db2c15b53f6d29025629d52f882.tar.xz platform-bootable-recovery-6faf0265c9b58db2c15b53f6d29025629d52f882.zip