From 89a03ccd36cfc0403c255b75067ab68b019d83b9 Mon Sep 17 00:00:00 2001 From: Captain Throwback Date: Tue, 4 Feb 2020 15:34:06 -0500 Subject: [PATCH] vold_decrypt: automatically set Android version & patch level - Requires TW_INCLUDE_LIBRESETPROP (set automatically if TW_OEM_BUILD is not set) - Set based on installed system (if present) - Will set values back to TWRP defaults after decryption completes - Only included/run on Oreo+ systems Change-Id: I41fcc1af8cd4b15329574f7403f7491320199f48 (cherry picked from commit 3284a66e23fbc6e1a82df668b497ef931d9c0081) --- Android.mk | 3 + crypto/vold_decrypt/Android.mk | 6 ++ crypto/vold_decrypt/vold_decrypt.cpp | 129 ++++++++++++++++++++++++++- 3 files changed, 137 insertions(+), 1 deletion(-) mode change 100644 => 100755 crypto/vold_decrypt/vold_decrypt.cpp diff --git a/Android.mk b/Android.mk index 2e341d90..8cb0a990 100755 --- a/Android.mk +++ b/Android.mk @@ -325,6 +325,9 @@ ifeq ($(TW_INCLUDE_CRYPTO), true) endif ifneq ($(TW_CRYPTO_USE_SYSTEM_VOLD),) ifneq ($(TW_CRYPTO_USE_SYSTEM_VOLD),false) + ifeq ($(shell test $(PLATFORM_SDK_VERSION) -ge 26; echo $$?),0) + TW_INCLUDE_LIBRESETPROP := true + endif LOCAL_CFLAGS += -DTW_CRYPTO_USE_SYSTEM_VOLD LOCAL_STATIC_LIBRARIES += libvolddecrypt endif diff --git a/crypto/vold_decrypt/Android.mk b/crypto/vold_decrypt/Android.mk index 8d609119..e70f61fb 100644 --- a/crypto/vold_decrypt/Android.mk +++ b/crypto/vold_decrypt/Android.mk @@ -107,6 +107,12 @@ ifeq ($(TW_INCLUDE_CRYPTO), true) endif endif + ifeq ($(shell test $(PLATFORM_SDK_VERSION) -ge 26; echo $$?),0) + ifeq ($(TW_INCLUDE_LIBRESETPROP), true) + LOCAL_CFLAGS += -DTW_INCLUDE_LIBRESETPROP + endif + endif + LOCAL_SRC_FILES = vold_decrypt.cpp LOCAL_SHARED_LIBRARIES := libcutils include $(BUILD_STATIC_LIBRARY) diff --git a/crypto/vold_decrypt/vold_decrypt.cpp b/crypto/vold_decrypt/vold_decrypt.cpp old mode 100644 new mode 100755 index ac872ea2..078cd5fa --- a/crypto/vold_decrypt/vold_decrypt.cpp +++ b/crypto/vold_decrypt/vold_decrypt.cpp @@ -780,6 +780,128 @@ void Set_Needed_Properties(void) { property_set("vendor.sys.listeners.registered", "false"); } +void Update_Patch_Level(void) { + // On Oreo and above, keymaster requires Android version & patch level to match installed system + string sdkverstr = TWFunc::System_Property_Get("ro.build.version.sdk"); + if (!sdkverstr.empty()) { + sdkver = atoi(sdkverstr.c_str()); + } + if (sdkver <= 25) { + property_set("vold_decrypt.legacy_system", "true"); + } else { + LOGINFO("Current system is Oreo or above. Setting OS version and security patch level from installed system...\n"); + property_set("vold_decrypt.legacy_system", "false"); + } + + char prop_value[PROPERTY_VALUE_MAX]; + char legacy_system_value[PROPERTY_VALUE_MAX] = "false"; + property_get("vold_decrypt.legacy_system", prop_value, ""); + + // Only set OS ver and patch level if device uses Oreo+ system + if (strcmp(prop_value, legacy_system_value) == 0) { + property_get("ro.build.version.release", prop_value, ""); + std::string osver_orig = prop_value; + property_set("vold_decrypt.osver_orig", osver_orig.c_str()); + LOGINFO("Current OS version: %s\n", osver_orig.c_str()); + + int error = 0; + std::string osver = TWFunc::System_Property_Get("ro.build.version.release"); + if (!(osver == osver_orig)) { + if (!(error = TWFunc::Property_Override("ro.build.version.release", osver))) { + LOGINFO("Property override successful! New OS version: %s\n", osver.c_str()); + } else { + LOGERROR("Property override failed, code %d\n", error); + return; + } + // TODO: Confirm whether we actually need to update the props in prop.default + std::string sed_osver = "sed -i 's/ro.build.version.release=.*/ro.build.version.release=" + osver + "/g' /prop.default"; + TWFunc::Exec_Cmd(sed_osver); + property_set("vold_decrypt.osver_set", "true"); + } else { + LOGINFO("Current OS version & System OS version already match. Proceeding to next step.\n"); + property_set("vold_decrypt.osver_set", "false"); + } + + property_get("ro.build.version.security_patch", prop_value, ""); + std::string patchlevel_orig = prop_value; + property_set("vold_decrypt.patchlevel_orig", patchlevel_orig.c_str()); + LOGINFO("Current security patch level: %s\n", patchlevel_orig.c_str()); + + std::string patchlevel = TWFunc::System_Property_Get("ro.build.version.security_patch"); + if (!(patchlevel == patchlevel_orig)) { + if (!(error = TWFunc::Property_Override("ro.build.version.security_patch", patchlevel))) { + LOGINFO("Property override successful! New security patch level: %s\n", patchlevel.c_str()); + } else { + LOGERROR("Property override failed, code %d\n", error); + return; + } + // TODO: Confirm whether we actually need to update the props in prop.default + std::string sed_patchlevel = "sed -i 's/ro.build.version.security_patch=.*/ro.build.version.security_patch=" + patchlevel + "/g' /prop.default"; + TWFunc::Exec_Cmd(sed_patchlevel); + property_set("vold_decrypt.patchlevel_set", "true"); + } else { + LOGINFO("Current security patch level & System security patch level already match. Proceeding to next step.\n"); + property_set("vold_decrypt.patchlevel_set", "false"); + } + return; + } else { + LOGINFO("Current system is Nougat or older. Skipping OS version and security patch level setting...\n"); + return; + } +} + +void Revert_Patch_Level(void) { + char osver_set[PROPERTY_VALUE_MAX]; + char patchlevel_set[PROPERTY_VALUE_MAX]; + char osver_patchlevel_set[PROPERTY_VALUE_MAX] = "false"; + + property_get("vold_decrypt.osver_set", osver_set, ""); + property_get("vold_decrypt.patchlevel_set", patchlevel_set, ""); + + int osver_result = strcmp(osver_set, osver_patchlevel_set); + int patchlevel_result = strcmp(patchlevel_set, osver_patchlevel_set); + if (!(osver_result == 0 && patchlevel_result == 0)) { + char prop_value[PROPERTY_VALUE_MAX]; + LOGINFO("Reverting OS version and security patch level to original TWRP values...\n"); + property_get("vold_decrypt.osver_orig", prop_value, ""); + std::string osver_orig = prop_value; + property_get("ro.build.version.release", prop_value, ""); + std::string osver = prop_value; + + int error = 0; + if (!(osver == osver_orig)) { + if (!(error = TWFunc::Property_Override("ro.build.version.release", osver_orig))) { + LOGINFO("Property override successful! Original OS version: %s\n", osver_orig.c_str()); + } else { + LOGERROR("Property override failed, code %d\n", error); + return; + } + // TODO: Confirm whether we actually need to update the props in prop.default + std::string sed_osver_orig = "sed -i 's/ro.build.version.release=.*/ro.build.version.release=" + osver_orig + "/g' /prop.default"; + TWFunc::Exec_Cmd(sed_osver_orig); + } + + property_get("vold_decrypt.patchlevel_orig", prop_value, ""); + std::string patchlevel_orig = prop_value; + property_get("ro.build.version.security_patch", prop_value, ""); + std::string patchlevel = prop_value; + + if (!(patchlevel == patchlevel_orig)) { + if (!(error = TWFunc::Property_Override("ro.build.version.security_patch", patchlevel_orig))) { + LOGINFO("Property override successful! Original security patch level: %s\n", patchlevel_orig.c_str()); + } else { + LOGERROR("Property override failed, code %d\n", error); + return; + } + // TODO: Confirm whether we actually need to update the props in prop.default + std::string sed_patchlevel_orig = "sed -i 's/ro.build.version.security_patch=.*/ro.build.version.security_patch=" + patchlevel_orig + "/g' /prop.default"; + TWFunc::Exec_Cmd(sed_patchlevel_orig); + } + } else { + return; + } +} + static unsigned int get_blkdev_size(int fd) { unsigned long nr_sec; @@ -1161,6 +1283,9 @@ int Vold_Decrypt_Core(const string& Password) { Symlink_Firmware_Files(is_vendor_symlinked, is_firmware_symlinked); Set_Needed_Properties(); +#ifdef TW_INCLUDE_LIBRESETPROP + Update_Patch_Level(); +#endif // Start services needed for vold decrypt LOGINFO("Starting services...\n"); @@ -1225,7 +1350,9 @@ int Vold_Decrypt_Core(const string& Password) { LOGINFO("Failed to start vold\n"); res = VD_ERR_VOLD_FAILED_TO_START; } - +#ifdef TW_INCLUDE_LIBRESETPROP + Revert_Patch_Level(); +#endif // Stop services needed for vold decrypt so /system can be unmounted LOGINFO("Stopping services...\n"); Stop_Service("sys_vold");