From 0e97f7e73ae8ee04dacaf26d5d1630a92efdf68b Mon Sep 17 00:00:00 2001 From: bigbiff Date: Thu, 25 Feb 2021 10:16:59 -0500 Subject: [PATCH] apex: fix selinux denials We also look to use the loop-control device to identify loop devices. We only create devices if they don't exist. Modern kernels can have an option CONFIG_BLK_DEV_LOOP_MIN_COUNT=16 to pre-create the devices. Change-Id: Ib10cd29f17be4684dd75e0927a2862bf541cd661 --- sepolicy/twrp.te | 2 ++ twrpApex.cpp | 63 +++++++++++++++++++++++++++++------------------- twrpApex.hpp | 4 +-- 3 files changed, 42 insertions(+), 27 deletions(-) diff --git a/sepolicy/twrp.te b/sepolicy/twrp.te index c27571ad..d868cd4e 100755 --- a/sepolicy/twrp.te +++ b/sepolicy/twrp.te @@ -3,4 +3,6 @@ recovery_only(` permissive init; permissive logd; permissive adbd; + allow kernel tmpfs:file { read }; + allow kernel recovery:fd { use }; ') diff --git a/twrpApex.cpp b/twrpApex.cpp index a6041f12..52dd9e50 100755 --- a/twrpApex.cpp +++ b/twrpApex.cpp @@ -1,4 +1,5 @@ #include "twrpApex.hpp" +#include "twrp-functions.hpp" namespace fs = std::filesystem; @@ -23,16 +24,11 @@ bool twrpApex::loadApexImages() { } return true; } - if (!createLoopBackDevices(apexFiles.size())) { + if (!mountApexOnLoopbackDevices(apexFiles)) { LOGERR("Unable to create loop devices to mount apex files\n"); return false; } - size_t apexFileCount = 0; - for (auto&& apexFile : apexFiles) { - std::string fileToMount = unzipImage(apexFile); - loadApexImage(fileToMount, apexFileCount++); - } return true; } @@ -66,31 +62,36 @@ std::string twrpApex::unzipImage(std::string file) { return nullptr; } - close(fd); CloseArchive(handle); + close(fd); return path; } -bool twrpApex::createLoopBackDevices(size_t count) { - size_t existing_loop_device_count = 0; - - for (const auto& entry : fs::directory_iterator(LOOP_BLOCK_DEVICE_DIR)) { - if (entry.is_block_file() && entry.path().string().find("loop") != std::string::npos) { - existing_loop_device_count++; - } +bool twrpApex::mountApexOnLoopbackDevices(std::vector apexFiles) { + int fd = open(LOOP_CONTROL, O_RDWR | O_CLOEXEC); + if (fd < 0) { + LOGERR("Unable to open %s device. Reason: %s\n", LOOP_CONTROL, strerror(errno)); + return false; } - if (existing_loop_device_count < count) { - size_t devices_to_create = count - existing_loop_device_count; - for (size_t i = existing_loop_device_count; i < (devices_to_create + existing_loop_device_count); ++i) { - std::string loop_device = LOOP_BLOCK_DEVICE_DIR; - loop_device = loop_device + "loop" + std::to_string(i); - int ret = mknod(loop_device.c_str(), S_IFBLK | S_IRUSR | S_IWUSR , makedev(7, i)); + size_t device_no = 0; + for (auto&& apexFile:apexFiles) { + int num = ioctl(fd, LOOP_CTL_GET_FREE); + std::string loop_device = LOOP_BLOCK_DEVICE_DIR; + loop_device = loop_device + "loop" + std::to_string(num); + if (!TWFunc::Path_Exists(loop_device)) { + int ret = mknod(loop_device.c_str(), S_IFBLK | S_IRUSR | S_IWUSR , makedev(7, device_no)); if (ret != 0) { - LOGERR("unable to create loop device: %s\n", loop_device.c_str()); + LOGERR("Unable to create loop device: %s\n", loop_device.c_str()); return false; } } + std::string fileToMount = unzipImage(apexFile); + bool load_result = loadApexImage(fileToMount, device_no); + if (!load_result) { + return false; + } + device_no++; } return true; } @@ -98,9 +99,9 @@ bool twrpApex::createLoopBackDevices(size_t count) { bool twrpApex::loadApexImage(std::string fileToMount, size_t loop_device_number) { struct loop_info64 info; - int fd = open(fileToMount.c_str(), O_RDONLY); + int fd = open(fileToMount.c_str(), O_RDONLY | O_CLOEXEC); if (fd < 0) { - LOGERR("unable to open apex file: %s\n", fileToMount.c_str()); + LOGERR("unable to open apex file: %s. Reason: %s\n", fileToMount.c_str(), strerror(errno)); return false; } @@ -122,23 +123,35 @@ bool twrpApex::loadApexImage(std::string fileToMount, size_t loop_device_number) close(fd); memset(&info, 0, sizeof(struct loop_info64)); + strlcpy((char*)info.lo_crypt_name, "twrpApex", LO_NAME_SIZE); + off_t apex_size = lseek(fd, 0, SEEK_END); + info.lo_sizelimit = apex_size; if (ioctl(loop_fd, LOOP_SET_STATUS64, &info)) { LOGERR("failed to mount loop: %s: %s\n", fileToMount.c_str(), strerror(errno)); close(loop_fd); return false; } + if (ioctl(loop_fd, BLKFLSBUF, 0) == -1) { + LOGERR("Unable to flush loop device buffers\n"); + return false; + } + if (ioctl(loop_fd, LOOP_SET_BLOCK_SIZE, 4096) == -1) { + LOGINFO("Failed to set DIRECT_IO buffer size\n"); + } close(loop_fd); + std::string bind_mount(APEX_BASE); bind_mount = bind_mount + basename(fileToMount.c_str()); + int ret = mkdir(bind_mount.c_str(), 0666); if (ret != 0) { - LOGERR("Unable to create mount directory: %s\n", bind_mount.c_str()); + LOGERR("Unable to create bind mount directory: %s\n", bind_mount.c_str()); return false; } ret = mount(loop_device.c_str(), bind_mount.c_str(), "ext4", MS_RDONLY, nullptr); if (ret != 0) { - LOGERR("unable to mount loop device %s to %s. reason: %s\n", loop_device.c_str(), bind_mount.c_str(), strerror(errno)); + LOGERR("unable to mount loop device %s to %s. Reason: %s\n", loop_device.c_str(), bind_mount.c_str(), strerror(errno)); return false; } diff --git a/twrpApex.hpp b/twrpApex.hpp index b00b9ae1..f42ed8a2 100755 --- a/twrpApex.hpp +++ b/twrpApex.hpp @@ -18,11 +18,11 @@ #include #include "twcommon.h" - #define APEX_DIR "/system_root/system/apex" #define APEX_PAYLOAD "apex_payload.img" #define LOOP_BLOCK_DEVICE_DIR "/dev/block/" #define APEX_BASE "/apex/" +#define LOOP_CONTROL "/dev/loop-control" class twrpApex { public: @@ -30,7 +30,7 @@ public: private: std::string unzipImage(std::string file); - bool createLoopBackDevices(size_t count); + bool mountApexOnLoopbackDevices(std::vector apexFiles); bool loadApexImage(std::string fileToMount, size_t loop_device_number); }; #endif