Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Commit 469a464b authored by David Anderson's avatar David Anderson Committed by Automerger Merge Worker
Browse files

libdm: Redact keys from dm-crypt targets when calling GetTable. am: 9b9233f4 

Original change: https://googleplex-android-review.googlesource.com/c/platform/system/core/+/30066839



Change-Id: Id17a999dc3c71a32d33d9454193207a01c2f4d87
Signed-off-by: default avatarAutomerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
parents daaf9559 9b9233f4

fs_mgr/libdm/dm.cpp

+14 −0
Original line number Diff line number Diff line
@@ -540,6 +540,17 @@ bool DeviceMapper::GetTableInfo(const std::string& name, std::vector<TargetInfo> 
    return GetTable(name, DM_STATUS_TABLE_FLAG, table);

}



void RedactTableInfo(const struct dm_target_spec& spec, std::string* data) {

    if (DeviceMapper::GetTargetType(spec) == "crypt") {

        auto parts = android::base::Split(*data, " ");

        if (parts.size() < 2) {

            return;

        }

        parts[1] = "redacted";

        *data = android::base::Join(parts, " ");

    }

}



// private methods of DeviceMapper

bool DeviceMapper::GetTable(const std::string& name, uint32_t flags,

                            std::vector<TargetInfo>* table) {
@@ -578,6 +589,9 @@ bool DeviceMapper::GetTable(const std::string& name, uint32_t flags, 
            // Note: we use c_str() to eliminate any extra trailing 0s.

            data = std::string(&buffer[data_offset], next_cursor - data_offset).c_str();

        }

        if (flags & DM_STATUS_TABLE_FLAG) {

            RedactTableInfo(*spec, &data);

        }

        table->emplace_back(*spec, data);

        cursor = next_cursor;

    }

fs_mgr/libdm/dm_test.cpp

+28 −0
Original line number Diff line number Diff line
@@ -757,3 +757,31 @@ TEST_F(DmTest, GetNameAndUuid) { 
    ASSERT_EQ(name, test_name_);

    ASSERT_FALSE(uuid.empty());

}



TEST_F(DmTest, RedactDmCrypt) {

    static constexpr uint64_t kImageSize = 65536;

    unique_fd temp_file(CreateTempFile("file_1", kImageSize));

    ASSERT_GE(temp_file, 0);



    LoopDevice loop(temp_file, 10s);

    ASSERT_TRUE(loop.valid());



    static constexpr const char* kAlgorithm = "aes-cbc-essiv:sha256";

    static constexpr const char* kKey = "0e64ef514e6a1315b1f6390cb57c9e6a";



    auto target = std::make_unique<DmTargetCrypt>(0, kImageSize / 512, kAlgorithm, kKey, 0,

                                                  loop.device(), 0);

    target->AllowDiscards();



    DmTable table;

    table.AddTarget(std::move(target));



    auto& dm = DeviceMapper::Instance();

    std::string crypt_path;

    ASSERT_TRUE(dm.CreateDevice(test_name_, table, &crypt_path, 10s));



    std::vector<DeviceMapper::TargetInfo> targets;

    ASSERT_TRUE(dm.GetTableInfo(test_name_, &targets));

    ASSERT_EQ(targets.size(), 1);

    EXPECT_EQ(targets[0].data.find(kKey), std::string::npos);

}