Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Commit bc067ef9 authored by David Anderson's avatar David Anderson
Browse files

libdm: Redact keys from dm-crypt targets when calling GetTable. 

Ignore-AOSP-First: security fix
Bug: 368069390
Test: libdm_test
Change-Id: I40b9a0129e58b1a0f116ca29f0ee66f91a27a73d
parent d453aa48

fs_mgr/libdm/dm.cpp

+14 −0
Original line number Original line Diff line number Diff line
@@ -551,6 +551,17 @@ bool DeviceMapper::GetTableInfo(const std::string& name, std::vector<TargetInfo> 
    return GetTable(name, DM_STATUS_TABLE_FLAG, table);

    return GetTable(name, DM_STATUS_TABLE_FLAG, table);

}

}





void RedactTableInfo(const struct dm_target_spec& spec, std::string* data) {

    if (DeviceMapper::GetTargetType(spec) == "crypt") {

        auto parts = android::base::Split(*data, " ");

        if (parts.size() < 2) {

            return;

        }

        parts[1] = "redacted";

        *data = android::base::Join(parts, " ");

    }

}



// private methods of DeviceMapper

// private methods of DeviceMapper

bool DeviceMapper::GetTable(const std::string& name, uint32_t flags,

bool DeviceMapper::GetTable(const std::string& name, uint32_t flags,

                            std::vector<TargetInfo>* table) {

                            std::vector<TargetInfo>* table) {
@@ -589,6 +600,9 @@ bool DeviceMapper::GetTable(const std::string& name, uint32_t flags, 
            // Note: we use c_str() to eliminate any extra trailing 0s.

            // Note: we use c_str() to eliminate any extra trailing 0s.

            data = std::string(&buffer[data_offset], next_cursor - data_offset).c_str();

            data = std::string(&buffer[data_offset], next_cursor - data_offset).c_str();

        }

        }

        if (flags & DM_STATUS_TABLE_FLAG) {

            RedactTableInfo(*spec, &data);

        }

        table->emplace_back(*spec, data);

        table->emplace_back(*spec, data);

        cursor = next_cursor;

        cursor = next_cursor;

    }

    }

fs_mgr/libdm/dm_test.cpp

+28 −0
Original line number Original line Diff line number Diff line
@@ -814,3 +814,31 @@ TEST_F(DmTest, ThinProvisioning) { 
    TempDevice thin("thin", thinTable);

    TempDevice thin("thin", thinTable);

    ASSERT_TRUE(thin.valid());

    ASSERT_TRUE(thin.valid());

}

}



TEST_F(DmTest, RedactDmCrypt) {

    static constexpr uint64_t kImageSize = 65536;

    unique_fd temp_file(CreateTempFile("file_1", kImageSize));

    ASSERT_GE(temp_file, 0);



    LoopDevice loop(temp_file, 10s);

    ASSERT_TRUE(loop.valid());



    static constexpr const char* kAlgorithm = "aes-cbc-essiv:sha256";

    static constexpr const char* kKey = "0e64ef514e6a1315b1f6390cb57c9e6a";



    auto target = std::make_unique<DmTargetCrypt>(0, kImageSize / 512, kAlgorithm, kKey, 0,

                                                  loop.device(), 0);

    target->AllowDiscards();



    DmTable table;

    table.AddTarget(std::move(target));



    auto& dm = DeviceMapper::Instance();

    std::string crypt_path;

    ASSERT_TRUE(dm.CreateDevice(test_name_, table, &crypt_path, 10s));



    std::vector<DeviceMapper::TargetInfo> targets;

    ASSERT_TRUE(dm.GetTableInfo(test_name_, &targets));

    ASSERT_EQ(targets.size(), 1);

    EXPECT_EQ(targets[0].data.find(kKey), std::string::npos);

}