crossystem: Updated crossystem to accomodate Android

Previously crossystem assumed that mosys was located in /usr/sbin. In Android mosys is currently located in /system/bin. Using fixed paths as opposed to 'which' to prevent attacks where attacker could insert mosys in PATH. BUG=none BRANCH=none TEST=ran crossystem, crossystem fw_try_count/ fw_try_next, crossystem fw_try_count/fw_try_next=x on link and smaug. Change-Id: I9604f008d457147188dc852c173d5a184163b339 Signed-off-by: Shelley Chen <shchen@chromium.org> Reviewed-on: https://chromium-review.googlesource.com/292314 Reviewed-by: Randall Spangler <rspangler@chromium.org>
author: Shelley Chen <shchen@chromium.org> 2015-08-10 11:24:36 -0700
committer: ChromeOS Commit Bot <chromeos-commit-bot@chromium.org> 2015-08-20 23:26:59 +0000
commit: 26825b53dc914e4599767ae1e78fe731840027c1 (patch)
tree: d4090adfa5386e6490b5e66ce5d7bebf7d3ccc5e
parent: d8ace3dee99487a77be0057e7872b0b5b3a05c0b (diff)
download: vboot-26825b53dc914e4599767ae1e78fe731840027c1.tar.gz
1 files changed, 62 insertions, 8 deletions
diff --git a/host/arch/arm/lib/crossystem_arch.c b/host/arch/arm/lib/crossystem_arch.c
index 6c745ff2..b69f435d 100644
--- a/host/arch/arm/lib/crossystem_arch.c
+++ b/host/arch/arm/lib/crossystem_arch.c
@@ -25,7 +25,8 @@
 #include "crossystem.h"
 #include "crossystem_arch.h"
 
-#define MOSYS_PATH "/usr/sbin/mosys"
+#define MOSYS_CROS_PATH "/usr/sbin/mosys"
+#define MOSYS_ANDROID_PATH "/system/bin/mosys"
 
 /* Base name for firmware FDT files */
 #define FDT_BASE_PATH "/proc/device-tree/firmware/chromeos"
@@ -48,6 +49,7 @@
 #define FNAME_SIZE  80
 #define SECTOR_SIZE 512
 #define MAX_NMMCBLK 9
+#define MAX_ARRAY_SIZE 256
 
 typedef struct PlatformFamily {
   const char* compatible_string; /* Last string in FDT compatible entry */
@@ -69,6 +71,31 @@ const PlatformFamily platform_family_array[] = {
   {NULL, NULL}
 };
 
+static const char* GetMosysPath() {
+	int fd;
+	struct stat s;
+
+	/* In Android, mosys utility located in /system/bin
+	   check if file exists.  Using fstat because for some
+	   reason, stat() was seg faulting in Android */
+	fd = open(MOSYS_ANDROID_PATH, O_RDONLY);
+	if (fstat(fd, &s) == 0) {
+		close(fd);
+		return MOSYS_ANDROID_PATH;
+	}
+	close(fd);
+
+	fd = open(MOSYS_CROS_PATH, O_RDONLY);
+	if (fstat(fd, &s) == 0) {
+		close(fd);
+		return MOSYS_CROS_PATH;
+	}
+	close(fd);
+
+	return NULL;
+
+}
+
 static int FindEmmcDev(void) {
   int mmcblk;
   unsigned value;
@@ -287,10 +314,12 @@ out:
   return ret;
 }
 
-static int ExecuteMosys(char * const argv[], char *buf, size_t bufsize) {
+static int ExecuteMosys(const char * const argv[], char *buf, size_t bufsize) {
   int status, mosys_to_crossystem[2];
   pid_t pid;
   ssize_t n;
+  char *argv_cpy[MAX_ARRAY_SIZE];
+  int i = 0;
 
   if (pipe(mosys_to_crossystem) < 0) {
     VBDEBUG(("pipe() error\n"));
@@ -312,10 +341,30 @@ static int ExecuteMosys(char * const argv[], char *buf, size_t bufsize) {
         exit(1);
       }
     }
-    /* Execute mosys */
-    execv(MOSYS_PATH, argv);
+
+    /* for some reason execv takes a char *const, so need to
+       make a duplicate copy of it and free it right after exec
+       in order to minimize the passing around of a non-const
+       copy of our array */
+    for (i = 0; argv[i] != NULL && i < MAX_ARRAY_SIZE; i++) {
+      argv_cpy[i] = strdup(argv[i]);
+    }
+    if (i >= MAX_ARRAY_SIZE) {
+      VBDEBUG(("too many args (mosys)\n"))
+      for (i = 0; argv_cpy[i] != NULL && i < MAX_ARRAY_SIZE; i++) {
+        free(argv_cpy[i]);
+      }
+      close(mosys_to_crossystem[1]);
+      exit(1);
+    }
+    argv_cpy[i] = NULL;
+    execv(argv[0], argv_cpy);
+
     /* We shouldn't be here; exit now! */
     VBDEBUG(("execv() of mosys failed\n"));
+    for (i = 0; argv_cpy[i] != NULL && i < MAX_ARRAY_SIZE; i++) {
+      free(argv_cpy[i]);
+    }
     close(mosys_to_crossystem[1]);
     exit(1);
   } else {  /* Parent */
@@ -330,6 +379,9 @@ static int ExecuteMosys(char * const argv[], char *buf, size_t bufsize) {
     } else {
       n = 0;
     }
+    for (i = 0; argv_cpy[i] != NULL && i < MAX_ARRAY_SIZE; i++) {
+      free(argv_cpy[i]);
+    }
     close(mosys_to_crossystem[0]);
     if (n < 0)
       VBDEBUG(("read() error while reading output from mosys\n"));
@@ -346,8 +398,9 @@ static int ExecuteMosys(char * const argv[], char *buf, size_t bufsize) {
 
 static int VbReadNvStorage_mosys(VbNvContext* vnc) {
   char hexstring[VBNV_BLOCK_SIZE * 2 + 32];  /* Reserve extra 32 bytes */
-  char * const argv[] = {
-    MOSYS_PATH, "nvram", "vboot", "read", NULL
+  const char *path = GetMosysPath();
+  const char * const argv[] = {
+    path, "nvram", "vboot", "read", NULL
   };
   char hexdigit[3];
   int i;
@@ -365,8 +418,9 @@ static int VbReadNvStorage_mosys(VbNvContext* vnc) {
 
 static int VbWriteNvStorage_mosys(VbNvContext* vnc) {
   char hexstring[VBNV_BLOCK_SIZE * 2 + 1];
-  char * const argv[] = {
-    MOSYS_PATH, "nvram", "vboot", "write", hexstring, NULL
+  const char *path = GetMosysPath();
+  const char * const argv[] = {
+    path, "nvram", "vboot", "write", hexstring, NULL
   };
   int i;
author	Shelley Chen <shchen@chromium.org>	2015-08-10 11:24:36 -0700
committer	ChromeOS Commit Bot <chromeos-commit-bot@chromium.org>	2015-08-20 23:26:59 +0000
commit	26825b53dc914e4599767ae1e78fe731840027c1 (patch)
tree	d4090adfa5386e6490b5e66ce5d7bebf7d3ccc5e
parent	d8ace3dee99487a77be0057e7872b0b5b3a05c0b (diff)
download	vboot-26825b53dc914e4599767ae1e78fe731840027c1.tar.gz