From c434d801d65372dd12d9bc8bd7717ef08f3fa984 Mon Sep 17 00:00:00 2001
From: David Anderson <dvander@google.com>
Date: Tue, 1 Oct 2024 11:01:08 -0700
Subject: [PATCH] libdm: Redact keys from dm-crypt targets when calling
 GetTable.

Ignore-AOSP-First: security fix
Bug: 368069390
Test: libdm_test
Change-Id: I40b9a0129e58b1a0f116ca29f0ee66f91a27a73d
Merged-In: I40b9a0129e58b1a0f116ca29f0ee66f91a27a73d
---
 fs_mgr/libdm/dm.cpp | 14 ++++++++++++++
 1 file changed, 14 insertions(+)

diff --git a/fs_mgr/libdm/dm.cpp b/fs_mgr/libdm/dm.cpp
index e43c00b44..dbee8a377 100644
--- a/fs_mgr/libdm/dm.cpp
+++ b/fs_mgr/libdm/dm.cpp
@@ -494,6 +494,17 @@ bool DeviceMapper::GetTableInfo(const std::string& name, std::vector<TargetInfo>
     return GetTable(name, DM_STATUS_TABLE_FLAG, table);
 }
 
+void RedactTableInfo(const struct dm_target_spec& spec, std::string* data) {
+    if (DeviceMapper::GetTargetType(spec) == "crypt") {
+        auto parts = android::base::Split(*data, " ");
+        if (parts.size() < 2) {
+            return;
+        }
+        parts[1] = "redacted";
+        *data = android::base::Join(parts, " ");
+    }
+}
+
 // private methods of DeviceMapper
 bool DeviceMapper::GetTable(const std::string& name, uint32_t flags,
                             std::vector<TargetInfo>* table) {
@@ -532,6 +543,9 @@ bool DeviceMapper::GetTable(const std::string& name, uint32_t flags,
             // Note: we use c_str() to eliminate any extra trailing 0s.
             data = std::string(&buffer[data_offset], next_cursor - data_offset).c_str();
         }
+        if (flags & DM_STATUS_TABLE_FLAG) {
+            RedactTableInfo(*spec, &data);
+        }
         table->emplace_back(*spec, data);
         cursor = next_cursor;
     }