Android 15.0.0 Release 14 (AP4A.250205.002)

-----BEGIN PGP SIGNATURE----- iF0EABECAB0WIQRDQNE1cO+UXoOBCWTorT+BmrEOeAUCZ6KKkQAKCRDorT+BmrEO eJGvAJ9LFzDH9Bc8ZfcBE7rlzaCpbSgoJQCeImt0uAic0coI65/qnUCfwUwToQw= =vwD5 -----END PGP SIGNATURE----- gpgsig -----BEGIN SSH SIGNATURE----- U1NIU0lHAAAAAQAAADMAAAALc3NoLWVkMjU1MTkAAAAgPpdpjxPACTIhnlvYz0GM4BR7FJ +rYv3jMbfxNKD3JvcAAAADZ2l0AAAAAAAAAAZzaGE1MTIAAABTAAAAC3NzaC1lZDI1NTE5 AAAAQOt1n2ljmJJ/zGJRHaumnlZjhGgYEH4sJkTH+G+JWCLPBB0rIL9zg1BrV9wn6i/E0R 8RNbXocUAHUF5AqZ/RcQc= -----END SSH SIGNATURE----- Merge tag 'android-15.0.0_r14' into staging/lineage-22.1_merge-android-15.0.0_r14 Android 15.0.0 Release 14 (AP4A.250205.002) # -----BEGIN PGP SIGNATURE----- # # iF0EABECAB0WIQRDQNE1cO+UXoOBCWTorT+BmrEOeAUCZ6KKkQAKCRDorT+BmrEO # eJGvAJ9LFzDH9Bc8ZfcBE7rlzaCpbSgoJQCeImt0uAic0coI65/qnUCfwUwToQw= # =vwD5 # -----END PGP SIGNATURE----- # gpg: Signature made Tue Feb 4 23:45:53 2025 EET # gpg: using DSA key 4340D13570EF945E83810964E8AD3F819AB10E78 # gpg: Good signature from "The Android Open Source Project <initial-contribution@android.com>" [ultimate] # By David Anderson # Via Android Build Coastguard Worker * tag 'android-15.0.0_r14': libdm: Redact keys from dm-crypt targets when calling GetTable. Change-Id: I88baf10a62473ef584efbcce461dc0149ee138f4
2025-02-05 17:53:13 +02:00 · 2025-02-05 17:53:13 +02:00 · 5860c0fa2e
commit 5860c0fa2e
parent ffe39e16d3 32ecbe3713
2 changed files with 42 additions and 0 deletions
--- a/fs_mgr/libdm/dm.cpp
+++ b/fs_mgr/libdm/dm.cpp
@ -551,6 +551,17 @@ bool DeviceMapper::GetTableInfo(const std::string& name, std::vector<TargetInfo>
    return GetTable(name, DM_STATUS_TABLE_FLAG, table);
 }

+void RedactTableInfo(const struct dm_target_spec& spec, std::string* data) {
+    if (DeviceMapper::GetTargetType(spec) == "crypt") {
+        auto parts = android::base::Split(*data, " ");
+        if (parts.size() < 2) {
+            return;
+        }
+        parts[1] = "redacted";
+        *data = android::base::Join(parts, " ");
+    }
+}
+
 // private methods of DeviceMapper
 bool DeviceMapper::GetTable(const std::string& name, uint32_t flags,
                            std::vector<TargetInfo>* table) {
@ -589,6 +600,9 @@ bool DeviceMapper::GetTable(const std::string& name, uint32_t flags,
            // Note: we use c_str() to eliminate any extra trailing 0s.
            data = std::string(&buffer[data_offset], next_cursor - data_offset).c_str();
        }
+        if (flags & DM_STATUS_TABLE_FLAG) {
+            RedactTableInfo(*spec, &data);
+        }
        table->emplace_back(*spec, data);
        cursor = next_cursor;
    }
--- a/fs_mgr/libdm/dm_test.cpp
+++ b/fs_mgr/libdm/dm_test.cpp
@ -814,3 +814,31 @@ TEST_F(DmTest, ThinProvisioning) {
    TempDevice thin("thin", thinTable);
    ASSERT_TRUE(thin.valid());
 }
+
+TEST_F(DmTest, RedactDmCrypt) {
+    static constexpr uint64_t kImageSize = 65536;
+    unique_fd temp_file(CreateTempFile("file_1", kImageSize));
+    ASSERT_GE(temp_file, 0);
+
+    LoopDevice loop(temp_file, 10s);
+    ASSERT_TRUE(loop.valid());
+
+    static constexpr const char* kAlgorithm = "aes-cbc-essiv:sha256";
+    static constexpr const char* kKey = "0e64ef514e6a1315b1f6390cb57c9e6a";
+
+    auto target = std::make_unique<DmTargetCrypt>(0, kImageSize / 512, kAlgorithm, kKey, 0,
+                                                  loop.device(), 0);
+    target->AllowDiscards();
+
+    DmTable table;
+    table.AddTarget(std::move(target));
+
+    auto& dm = DeviceMapper::Instance();
+    std::string crypt_path;
+    ASSERT_TRUE(dm.CreateDevice(test_name_, table, &crypt_path, 10s));
+
+    std::vector<DeviceMapper::TargetInfo> targets;
+    ASSERT_TRUE(dm.GetTableInfo(test_name_, &targets));
+    ASSERT_EQ(targets.size(), 1);
+    EXPECT_EQ(targets[0].data.find(kKey), std::string::npos);
+}