diff options
author | Shelley Chen <shchen@chromium.org> | 2015-08-10 11:24:36 -0700 |
---|---|---|
committer | ChromeOS Commit Bot <chromeos-commit-bot@chromium.org> | 2015-08-20 23:26:59 +0000 |
commit | 26825b53dc914e4599767ae1e78fe731840027c1 (patch) | |
tree | d4090adfa5386e6490b5e66ce5d7bebf7d3ccc5e | |
parent | d8ace3dee99487a77be0057e7872b0b5b3a05c0b (diff) | |
download | vboot-26825b53dc914e4599767ae1e78fe731840027c1.tar.gz |
crossystem: Updated crossystem to accomodate Android
Previously crossystem assumed that mosys was located
in /usr/sbin. In Android mosys is currently located
in /system/bin. Using fixed paths as opposed to
'which' to prevent attacks where attacker could insert
mosys in PATH.
BUG=none
BRANCH=none
TEST=ran crossystem, crossystem fw_try_count/
fw_try_next, crossystem fw_try_count/fw_try_next=x
on link and smaug.
Change-Id: I9604f008d457147188dc852c173d5a184163b339
Signed-off-by: Shelley Chen <shchen@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/292314
Reviewed-by: Randall Spangler <rspangler@chromium.org>
-rw-r--r-- | host/arch/arm/lib/crossystem_arch.c | 70 |
1 files changed, 62 insertions, 8 deletions
diff --git a/host/arch/arm/lib/crossystem_arch.c b/host/arch/arm/lib/crossystem_arch.c index 6c745ff2..b69f435d 100644 --- a/host/arch/arm/lib/crossystem_arch.c +++ b/host/arch/arm/lib/crossystem_arch.c @@ -25,7 +25,8 @@ #include "crossystem.h" #include "crossystem_arch.h" -#define MOSYS_PATH "/usr/sbin/mosys" +#define MOSYS_CROS_PATH "/usr/sbin/mosys" +#define MOSYS_ANDROID_PATH "/system/bin/mosys" /* Base name for firmware FDT files */ #define FDT_BASE_PATH "/proc/device-tree/firmware/chromeos" @@ -48,6 +49,7 @@ #define FNAME_SIZE 80 #define SECTOR_SIZE 512 #define MAX_NMMCBLK 9 +#define MAX_ARRAY_SIZE 256 typedef struct PlatformFamily { const char* compatible_string; /* Last string in FDT compatible entry */ @@ -69,6 +71,31 @@ const PlatformFamily platform_family_array[] = { {NULL, NULL} }; +static const char* GetMosysPath() { + int fd; + struct stat s; + + /* In Android, mosys utility located in /system/bin + check if file exists. Using fstat because for some + reason, stat() was seg faulting in Android */ + fd = open(MOSYS_ANDROID_PATH, O_RDONLY); + if (fstat(fd, &s) == 0) { + close(fd); + return MOSYS_ANDROID_PATH; + } + close(fd); + + fd = open(MOSYS_CROS_PATH, O_RDONLY); + if (fstat(fd, &s) == 0) { + close(fd); + return MOSYS_CROS_PATH; + } + close(fd); + + return NULL; + +} + static int FindEmmcDev(void) { int mmcblk; unsigned value; @@ -287,10 +314,12 @@ out: return ret; } -static int ExecuteMosys(char * const argv[], char *buf, size_t bufsize) { +static int ExecuteMosys(const char * const argv[], char *buf, size_t bufsize) { int status, mosys_to_crossystem[2]; pid_t pid; ssize_t n; + char *argv_cpy[MAX_ARRAY_SIZE]; + int i = 0; if (pipe(mosys_to_crossystem) < 0) { VBDEBUG(("pipe() error\n")); @@ -312,10 +341,30 @@ static int ExecuteMosys(char * const argv[], char *buf, size_t bufsize) { exit(1); } } - /* Execute mosys */ - execv(MOSYS_PATH, argv); + + /* for some reason execv takes a char *const, so need to + make a duplicate copy of it and free it right after exec + in order to minimize the passing around of a non-const + copy of our array */ + for (i = 0; argv[i] != NULL && i < MAX_ARRAY_SIZE; i++) { + argv_cpy[i] = strdup(argv[i]); + } + if (i >= MAX_ARRAY_SIZE) { + VBDEBUG(("too many args (mosys)\n")) + for (i = 0; argv_cpy[i] != NULL && i < MAX_ARRAY_SIZE; i++) { + free(argv_cpy[i]); + } + close(mosys_to_crossystem[1]); + exit(1); + } + argv_cpy[i] = NULL; + execv(argv[0], argv_cpy); + /* We shouldn't be here; exit now! */ VBDEBUG(("execv() of mosys failed\n")); + for (i = 0; argv_cpy[i] != NULL && i < MAX_ARRAY_SIZE; i++) { + free(argv_cpy[i]); + } close(mosys_to_crossystem[1]); exit(1); } else { /* Parent */ @@ -330,6 +379,9 @@ static int ExecuteMosys(char * const argv[], char *buf, size_t bufsize) { } else { n = 0; } + for (i = 0; argv_cpy[i] != NULL && i < MAX_ARRAY_SIZE; i++) { + free(argv_cpy[i]); + } close(mosys_to_crossystem[0]); if (n < 0) VBDEBUG(("read() error while reading output from mosys\n")); @@ -346,8 +398,9 @@ static int ExecuteMosys(char * const argv[], char *buf, size_t bufsize) { static int VbReadNvStorage_mosys(VbNvContext* vnc) { char hexstring[VBNV_BLOCK_SIZE * 2 + 32]; /* Reserve extra 32 bytes */ - char * const argv[] = { - MOSYS_PATH, "nvram", "vboot", "read", NULL + const char *path = GetMosysPath(); + const char * const argv[] = { + path, "nvram", "vboot", "read", NULL }; char hexdigit[3]; int i; @@ -365,8 +418,9 @@ static int VbReadNvStorage_mosys(VbNvContext* vnc) { static int VbWriteNvStorage_mosys(VbNvContext* vnc) { char hexstring[VBNV_BLOCK_SIZE * 2 + 1]; - char * const argv[] = { - MOSYS_PATH, "nvram", "vboot", "write", hexstring, NULL + const char *path = GetMosysPath(); + const char * const argv[] = { + path, "nvram", "vboot", "write", hexstring, NULL }; int i; |