apex: fix selinux denials

We also look to use the loop-control device to identify loop devices.
We only create devices if they don't exist. Modern kernels can have
an option CONFIG_BLK_DEV_LOOP_MIN_COUNT=16 to pre-create the devices.

Change-Id: Ib10cd29f17be4684dd75e0927a2862bf541cd661

sepolicy/twrp.te

@@ -3,4 +3,6 @@ recovery_only(`
   permissive init;
   permissive logd;
   permissive adbd;
+  allow kernel tmpfs:file { read };
+  allow kernel recovery:fd { use };
 ')

twrpApex.cpp

@@ -1,4 +1,5 @@
 #include "twrpApex.hpp"
+#include "twrp-functions.hpp"
 
 namespace fs = std::filesystem;
 
@@ -23,16 +24,11 @@ bool twrpApex::loadApexImages() {
 		}
 		return true;
 	}
-	if (!createLoopBackDevices(apexFiles.size())) {
+	if (!mountApexOnLoopbackDevices(apexFiles)) {
 		LOGERR("Unable to create loop devices to mount apex files\n");
 		return false;
 	}
 
-	size_t apexFileCount = 0;
-	for (auto&& apexFile : apexFiles) {
-		std::string fileToMount = unzipImage(apexFile);
-		loadApexImage(fileToMount, apexFileCount++);
-	}
 	return true;
 }
 
@@ -66,31 +62,36 @@ std::string twrpApex::unzipImage(std::string file) {
 		return nullptr;
 	}
 
-	close(fd);
 	CloseArchive(handle);
+	close(fd);
 	return path;
 }
 
-bool twrpApex::createLoopBackDevices(size_t count) {
-	size_t existing_loop_device_count = 0;
-
-	for (const auto& entry : fs::directory_iterator(LOOP_BLOCK_DEVICE_DIR)) {
-	   if (entry.is_block_file() && entry.path().string().find("loop") != std::string::npos) {
-		   existing_loop_device_count++;
-	   }
+bool twrpApex::mountApexOnLoopbackDevices(std::vector<std::string> apexFiles) {
+	int fd = open(LOOP_CONTROL, O_RDWR | O_CLOEXEC);
+	if (fd < 0) {
+		LOGERR("Unable to open %s device. Reason: %s\n", LOOP_CONTROL, strerror(errno));
+		return false;
 	}
 
-	if (existing_loop_device_count < count) {
-		size_t devices_to_create = count - existing_loop_device_count;
-		for (size_t i = existing_loop_device_count; i < (devices_to_create + existing_loop_device_count); ++i) {
-			std::string loop_device = LOOP_BLOCK_DEVICE_DIR;
-			loop_device = loop_device + "loop" + std::to_string(i);
-			int ret = mknod(loop_device.c_str(), S_IFBLK | S_IRUSR | S_IWUSR , makedev(7, i));
+	size_t device_no = 0;
+	for (auto&& apexFile:apexFiles) {
+		int num = ioctl(fd, LOOP_CTL_GET_FREE);
+		std::string loop_device = LOOP_BLOCK_DEVICE_DIR;
+		loop_device = loop_device + "loop" + std::to_string(num);
+		if (!TWFunc::Path_Exists(loop_device)) {
+			int ret = mknod(loop_device.c_str(), S_IFBLK | S_IRUSR | S_IWUSR , makedev(7, device_no));
 			if (ret != 0) {
-				LOGERR("unable to create loop device: %s\n", loop_device.c_str());
+				LOGERR("Unable to create loop device: %s\n", loop_device.c_str());
 				return false;
 			}
 		}
+		std::string fileToMount = unzipImage(apexFile);
+		bool load_result = loadApexImage(fileToMount, device_no);
+		if (!load_result) {
+			return false;
+		}
+		device_no++;
 	}
 	return true;
 }
@@ -98,9 +99,9 @@ bool twrpApex::createLoopBackDevices(size_t count) {
 bool twrpApex::loadApexImage(std::string fileToMount, size_t loop_device_number) {
 	struct loop_info64 info;
 
-	int fd = open(fileToMount.c_str(), O_RDONLY);
+	int fd = open(fileToMount.c_str(), O_RDONLY | O_CLOEXEC);
 	if (fd < 0) {
-		LOGERR("unable to open apex file: %s\n", fileToMount.c_str());
+		LOGERR("unable to open apex file: %s. Reason: %s\n", fileToMount.c_str(), strerror(errno));
 		return false;
 	}
 
@@ -122,23 +123,35 @@ bool twrpApex::loadApexImage(std::string fileToMount, size_t loop_device_number)
 	close(fd);
 
 	memset(&info, 0, sizeof(struct loop_info64));
+	strlcpy((char*)info.lo_crypt_name, "twrpApex", LO_NAME_SIZE);
+	off_t apex_size = lseek(fd, 0, SEEK_END);
+	info.lo_sizelimit = apex_size;
 	if (ioctl(loop_fd, LOOP_SET_STATUS64, &info)) {
 		LOGERR("failed to mount loop: %s: %s\n", fileToMount.c_str(), strerror(errno));
 		close(loop_fd);
 		return false;
 	}
+	if (ioctl(loop_fd, BLKFLSBUF, 0) == -1) {
+		LOGERR("Unable to flush loop device buffers\n");
+		return false;
+	}
+	if (ioctl(loop_fd, LOOP_SET_BLOCK_SIZE, 4096) == -1) {
+		LOGINFO("Failed to set DIRECT_IO buffer size\n");
+	}
 	close(loop_fd);
+
 	std::string bind_mount(APEX_BASE);
 	bind_mount = bind_mount + basename(fileToMount.c_str());
+
 	int ret = mkdir(bind_mount.c_str(), 0666);
 	if (ret != 0) {
-		LOGERR("Unable to create mount directory: %s\n", bind_mount.c_str());
+		LOGERR("Unable to create bind mount directory: %s\n", bind_mount.c_str());
 		return false;
 	}
 
 	ret = mount(loop_device.c_str(), bind_mount.c_str(), "ext4", MS_RDONLY, nullptr);
 	if (ret != 0) {
-		LOGERR("unable to mount loop device %s to %s. reason: %s\n", loop_device.c_str(), bind_mount.c_str(), strerror(errno));
+		LOGERR("unable to mount loop device %s to %s. Reason: %s\n", loop_device.c_str(), bind_mount.c_str(), strerror(errno));
 		return false;
 	}
 

twrpApex.hpp

@@ -18,11 +18,11 @@
 #include <ziparchive/zip_archive.h>
 #include "twcommon.h"
 
-
 #define APEX_DIR "/system_root/system/apex"
 #define APEX_PAYLOAD "apex_payload.img"
 #define LOOP_BLOCK_DEVICE_DIR "/dev/block/"
 #define APEX_BASE "/apex/"
+#define LOOP_CONTROL "/dev/loop-control"
 
 class twrpApex {
 public:
@@ -30,7 +30,7 @@ public:
 
 private:
 	std::string unzipImage(std::string file);
-	bool createLoopBackDevices(size_t count);
+	bool mountApexOnLoopbackDevices(std::vector<std::string> apexFiles);
 	bool loadApexImage(std::string fileToMount, size_t loop_device_number);
 };
 #endif