Termux
/
termux-packages
mirror of https://github.com/termux/termux-packages
1
0
Fork 0
Code Issues Releases Wiki Activity

bump(main/android-tools): 33.0.3p2 

- Remove no longer required `pthread` patches:
    * vendor_CMakeLists.adb.txt.patch
    * vendor_CMakeLists.fastboot.txt.patch
See: 8d839f8635

- Update patch `vendor_CMakeLists.mke2fs.txt.patch`.

Signed-off-by: Aditya Alok <alok@termux.dev>

* Add `dlopen()` hack for function `int __system_properties_init(void)`

Co-authored-by: Tee KOBAYASHI <xtkoba@gmail.com>
This commit is contained in:
Aditya Alok 2022-10-27 01:23:03 +05:30 committed by xtkoba
parent ac0d70a63a
commit 9f39439abf
9 changed files with 170 additions and 263 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

47
packages/android-tools/CVE-2022-20128.patch
View File

@ -1,47 +0,0 @@
From a547c7001ce5a3f5ff6611086d0c9e2d6b52c6d9 Mon Sep 17 00:00:00 2001
From: Shaju Mathew <shaju@google.com>
Date: Mon, 17 Jan 2022 17:42:05 -0800
Subject: [PATCH] Now suppressing ability for a potentially rogue device to
engage in directory traversal on host.
Bug:209438553
Ignore-AOSP-First: Resolution for (potential) security exploit if the device daemon
happens to be compromised.
Test: - Manual/cursory test against poc daemon (py script).
- For addressing flake: $aosp-master-with-phones/tools/asuite/atest$ atest atest_unittests
<snip>
Summary
-------
arm64-v8a atest_unittests: Passed: 288, Failed: 0, Ignored: 0, Assumption Failed: 0 <snip>
All tests passed!
Signed-off-by: Shaju Mathew <shaju@google.com>
Change-Id: I3e28b8882a0741a734422c52057d5ad1e608d8a8
---
client/file_sync_client.cpp | 8 ++++++++
1 file changed, 8 insertions(+)
diff --git a/client/file_sync_client.cpp b/client/file_sync_client.cpp
index af1deba1..1b1dfa89 100644
--- a/client/file_sync_client.cpp
+++ b/vendor/adb/client/file_sync_client.cpp
@@ -545,6 +545,14 @@ class SyncConnection {
if (!ReadFdExactly(fd, buf, len)) return false;
buf[len] = 0;
+ // Address the highly unlikely scenario wherein a
+ // compromised device/service might be able to
+ // traverse across directories on the host. Let's
+ // shut that door!
+ if (strchr(buf, '/')) {
+ return false;
+ }
+
callback(dent.mode, dent.size, dent.mtime, buf);
}
}
--
2.38.0

184
packages/android-tools/CVE-2022-3168.patch
View File

@ -1,184 +0,0 @@
From 13508c1c97da14a294c04e5097ea81c9ce7edf33 Mon Sep 17 00:00:00 2001
From: Shaju Mathew <shaju@google.com>
Date: Sat, 25 Jun 2022 14:57:31 +0000
Subject: [PATCH] Reject external connect: requests.
Steps:
1. Track forward:reverse config in a data-structure.
2. connect_to_remote() examines each socket transport and updates
this data-structure.
3. handle_packet() takes appropriate action
(abort) for an unknown connect: request originating from the device.
Bug:205286508
Test: treehugger
Signed-off-by: jmgao <jmgao@fb.com>
Change-Id: I0ec7d6f8e60afc2ee5d1be2b63bf90ca99443a52
---
adb.cpp | 11 +++++++++-
sockets.cpp | 6 +++++
transport.cpp | 61 ++++++++++++++++++++++++++++++++++++++++++++++++++-
transport.h | 12 ++++++++++
4 files changed, 88 insertions(+), 2 deletions(-)
diff --git a/adb.cpp b/adb.cpp
index 5d481295..f397da09 100644
--- a/adb.cpp
+++ b/vendor/adb/adb.cpp
@@ -485,7 +485,16 @@ void handle_packet(apacket *p, atransport *t)
// byte. The client sent strings with null termination, which post-string_view, start
// being interpreted as part of the string, unless we explicitly strip them.
address = StripTrailingNulls(address);
-
+#if ADB_HOST
+ // The incoming address (from the payload) might be some other
+ // target (e.g tcp:<ip>:8000), however we do not allow *any*
+ // such requests - namely, those from (a potentially compromised)
+ // adbd (reverse:forward: source) port transport.
+ if (!t->IsReverseConfigured(address.data())) {
+ LOG(FATAL) << __func__ << " disallowed connect to " << address << " from "
+ << t->serial_name();
+ }
+#endif
asocket* s = create_local_service_socket(address, t);
if (s == nullptr) {
send_close(0, p->msg.arg0, t);
diff --git a/sockets.cpp b/sockets.cpp
index 61a2d9d9..3cd43f92 100644
--- a/sockets.cpp
+++ b/vendor/adb/sockets.cpp
@@ -560,6 +560,12 @@ asocket* create_remote_socket(unsigned id, atransport* t) {
}
void connect_to_remote(asocket* s, std::string_view destination) {
+#if ADB_HOST
+ // Snoop reverse:forward: requests to track them so that an
+ // appropriate filter (to figure out whether the remote is
+ // allowed to connect locally) can be applied.
+ s->transport->UpdateReverseConfig(destination);
+#endif
D("Connect_to_remote call RS(%d) fd=%d", s->id, s->fd);
apacket* p = get_apacket();
diff --git a/transport.cpp b/transport.cpp
index 71771d31..f1cae405 100644
--- a/transport.cpp
+++ b/vendor/adb/transport.cpp
@@ -1219,8 +1219,10 @@ bool atransport::HandleRead(std::unique_ptr<apacket> p) {
VLOG(TRANSPORT) << dump_packet(serial.c_str(), "from remote", p.get());
apacket* packet = p.release();
- // TODO: Does this need to run on the main thread?
+ // This needs to run on the main thread since the associated fdevent
+ // message pump exists in that context.
fdevent_run_on_main_thread([packet, this]() { handle_packet(packet, this); });
+
return true;
}
@@ -1614,6 +1616,63 @@ void unregister_usb_transport(usb_handle* usb) {
return t->GetUsbHandle() == usb && t->GetConnectionState() == kCsNoPerm;
});
}
+
+// Track reverse:forward commands, so that info can be used to develop
+// an 'allow-list':
+// - adb reverse tcp:<device_port> localhost:<host_port> : responds with the
+// device_port
+// - adb reverse --remove tcp:<device_port> : responds OKAY
+// - adb reverse --remove-all : responds OKAY
+void atransport::UpdateReverseConfig(std::string_view service_addr) {
+ check_main_thread();
+ if (!android::base::ConsumePrefix(&service_addr, "reverse:")) {
+ return;
+ }
+
+ if (android::base::ConsumePrefix(&service_addr, "forward:")) {
+ // forward:[norebind:]<remote>;<local>
+ bool norebind = android::base::ConsumePrefix(&service_addr, "norebind:");
+ auto it = service_addr.find(';');
+ if (it == std::string::npos) {
+ return;
+ }
+ std::string remote(service_addr.substr(0, it));
+
+ if (norebind && reverse_forwards_.find(remote) != reverse_forwards_.end()) {
+ // This will fail, don't update the map.
+ LOG(DEBUG) << "ignoring reverse forward that will fail due to norebind";
+ return;
+ }
+
+ std::string local(service_addr.substr(it + 1));
+ reverse_forwards_[remote] = local;
+ } else if (android::base::ConsumePrefix(&service_addr, "killforward:")) {
+ // kill-forward:<remote>
+ auto it = service_addr.find(';');
+ if (it != std::string::npos) {
+ return;
+ }
+ reverse_forwards_.erase(std::string(service_addr));
+ } else if (service_addr == "killforward-all") {
+ reverse_forwards_.clear();
+ } else if (service_addr == "list-forward") {
+ LOG(DEBUG) << __func__ << " ignoring --list";
+ } else { // Anything else we need to know about?
+ LOG(FATAL) << "unhandled reverse service: " << service_addr;
+ }
+}
+
+// Is this an authorized :connect request?
+bool atransport::IsReverseConfigured(const std::string& local_addr) {
+ check_main_thread();
+ for (const auto& [remote, local] : reverse_forwards_) {
+ if (local == local_addr) {
+ return true;
+ }
+ }
+ return false;
+}
+
#endif
bool check_header(apacket* p, atransport* t) {
diff --git a/transport.h b/transport.h
index ed2cd81f..fc0e322d 100644
--- a/transport.h
+++ b/vendor/adb/transport.h
@@ -31,6 +31,7 @@
#include <string>
#include <string_view>
#include <thread>
+#include <unordered_map>
#include <vector>
#include <android-base/macros.h>
@@ -298,6 +299,10 @@ class atransport : public enable_weak_from_this<atransport> {
#if ADB_HOST
void SetUsbHandle(usb_handle* h) { usb_handle_ = h; }
usb_handle* GetUsbHandle() { return usb_handle_; }
+
+ // Interface for management/filter on forward:reverse: configuration.
+ void UpdateReverseConfig(std::string_view service_addr);
+ bool IsReverseConfigured(const std::string& local_addr);
#endif
const TransportId id;
@@ -427,6 +432,13 @@ class atransport : public enable_weak_from_this<atransport> {
bool delayed_ack_ = false;
+#if ADB_HOST
+ // Track remote addresses against local addresses (configured)
+ // through `adb reverse` commands.
+ // Access constrained to primary thread by virtue of check_main_thread().
+ std::unordered_map<std::string, std::string> reverse_forwards_;
+#endif
+
DISALLOW_COPY_AND_ASSIGN(atransport);
};
--
2.38.0

12
packages/android-tools/build.sh
View File

@ -1,14 +1,14 @@
TERMUX_PKG_HOMEPAGE=https://developer.android.com/
TERMUX_PKG_DESCRIPTION="Android platform tools"
TERMUX_PKG_LICENSE="Apache-2.0, MIT"
TERMUX_PKG_LICENSE="Apache-2.0, BSD 2-Clause"
TERMUX_PKG_LICENSE_FILE="LICENSE, vendor/core/fastboot/LICENSE"
TERMUX_PKG_MAINTAINER="@termux"
TERMUX_PKG_VERSION=31.0.3p1
TERMUX_PKG_REVISION=7
TERMUX_PKG_VERSION=33.0.3p2
TERMUX_PKG_SRCURL=https://github.com/nmeum/android-tools/releases/download/$TERMUX_PKG_VERSION/android-tools-$TERMUX_PKG_VERSION.tar.xz
TERMUX_PKG_SHA256=0ef69f919d58a2bdff2083d2e83a9ef38df079ec82651b2544e9e48086df5ab8
TERMUX_PKG_SHA256=6bf6b52d7389e79fc92b63cc206451ee42fc4f7da769d76922193e98d75f5604
TERMUX_PKG_AUTO_UPDATE=true
TERMUX_PKG_DEPENDS="brotli, libc++, liblz4, libprotobuf, libusb, zlib, zstd"
TERMUX_PKG_BUILD_DEPENDS="googletest, pcre2"
TERMUX_PKG_DEPENDS="brotli, libc++, liblz4, libprotobuf, libusb, pcre2, zlib, zstd"
TERMUX_PKG_BUILD_DEPENDS="googletest"
termux_step_pre_configure() {
termux_setup_protobuf

12
packages/android-tools/vendor_CMakeLists.adb.txt.patch
View File

@ -1,12 +0,0 @@
diff --git a/vendor/CMakeLists.adb.txt b/vendor/CMakeLists.adb.txt
index 2b6d8f0..ee55949 100644
--- a/vendor/CMakeLists.adb.txt
+++ b/vendor/CMakeLists.adb.txt
@@ -192,7 +192,6 @@ target_link_libraries(adb
brotlidec
brotlienc
lz4
- pthread
usb-1.0
z
zstd)

85
packages/android-tools/vendor_CMakeLists.fastboot.txt.patch
View File

@ -1,10 +1,87 @@
diff --git a/vendor/CMakeLists.fastboot.txt b/vendor/CMakeLists.fastboot.txt
index 1d43937..880bb8c 100644
index a217ecc..1d8d3b1 100644
--- a/vendor/CMakeLists.fastboot.txt
+++ b/vendor/CMakeLists.fastboot.txt
@@ -135,4 +135,4 @@ target_compile_definitions(fastboot PRIVATE
@@ -5,7 +5,7 @@ add_library(libzip STATIC
libziparchive/zip_error.cpp
libziparchive/zip_writer.cc)
-target_compile_definitions(libzip PRIVATE -DZLIB_CONST)
+target_compile_definitions(libzip PRIVATE -DZLIB_CONST -DINCFS_SUPPORT_DISABLED)
target_include_directories(libzip PUBLIC
libziparchive/include
libziparchive/incfs_support/include
@@ -61,7 +61,41 @@ add_library(libselinux STATIC
selinux/libselinux/src/setrans_client.c
selinux/libselinux/src/sha1.c
selinux/libselinux/src/label_file.c
- selinux/libselinux/src/regex.c)
+ selinux/libselinux/src/regex.c
+ selinux/libselinux/src/android/android_platform.c
+ selinux/libselinux/src/android/android.c
+ selinux/libselinux/src/avc.c
+ selinux/libselinux/src/avc_internal.c
+ selinux/libselinux/src/avc_sidtab.c
+ selinux/libselinux/src/canonicalize_context.c
+ selinux/libselinux/src/checkAccess.c
+ selinux/libselinux/src/check_context.c
+ selinux/libselinux/src/compute_av.c
+ selinux/libselinux/src/compute_create.c
+ selinux/libselinux/src/compute_member.c
+ selinux/libselinux/src/context.c
+ selinux/libselinux/src/deny_unknown.c
+ selinux/libselinux/src/disable.c
+ selinux/libselinux/src/enabled.c
+ selinux/libselinux/src/fgetfilecon.c
+ selinux/libselinux/src/fsetfilecon.c
+ selinux/libselinux/src/getenforce.c
+ selinux/libselinux/src/getfilecon.c
+ selinux/libselinux/src/get_initial_context.c
+ selinux/libselinux/src/getpeercon.c
+ selinux/libselinux/src/init.c
+ selinux/libselinux/src/lgetfilecon.c
+ selinux/libselinux/src/load_policy.c
+ selinux/libselinux/src/lsetfilecon.c
+ selinux/libselinux/src/mapping.c
+ selinux/libselinux/src/policyvers.c
+ selinux/libselinux/src/procattr.c
+ selinux/libselinux/src/reject_unknown.c
+ selinux/libselinux/src/sestatus.c
+ selinux/libselinux/src/setenforce.c
+ selinux/libselinux/src/setfilecon.c
+ selinux/libselinux/src/stringrep.c
+ core/libpackagelistparser/packagelistparser.cpp)
target_compile_definitions(libselinux PRIVATE
-DAUDITD_LOG_TAG=1003 -D_GNU_SOURCE -DBUILD_HOST -DUSE_PCRE2
@@ -82,6 +86,13 @@ target_compile_definitions(libselinux PRIVATE
target_include_directories(libselinux PUBLIC
selinux/libselinux/include selinux/libsepol/include)
+target_include_directories(libselinux PRIVATE
+ selinux/libselinux/src
+ libselinux/src/android
+ core/include
+ core/libpackagelistparser/include
+ logging/liblog/include)
+
add_library(libsepol
selinux/libsepol/src/assertion.c
selinux/libsepol/src/avrule_block.c
@@ -100,6 +111,7 @@ add_library(libsepol
selinux/libsepol/src/policydb.c
selinux/libsepol/src/policydb_convert.c
selinux/libsepol/src/policydb_public.c
+ selinux/libsepol/src/policydb_validate.c
selinux/libsepol/src/services.c
selinux/libsepol/src/sidtab.c
selinux/libsepol/src/symtab.c
@@ -135,7 +147,7 @@ target_compile_definitions(fastboot PRIV
target_link_libraries(fastboot
libsparse libzip libcutils liblog libfsmgr libutil
libbase libext4 libselinux libsepol libdiagnoseusb crypto
- z pcre2-8 pthread dl)
+ z pcre2-8 dl usb-1.0)
- z PkgConfig::libpcre2-8 Threads::Threads dl)
+ z PkgConfig::libpcre2-8 Threads::Threads dl usb-1.0)
if(APPLE)
target_link_libraries(fastboot

27
packages/android-tools/vendor_CMakeLists.mke2fs.txt.patch
View File

@ -1,12 +1,19 @@
diff --git a/vendor/CMakeLists.mke2fs.txt b/vendor/CMakeLists.mke2fs.txt
index a8f89fd..d1cae40 100644
--- a/vendor/CMakeLists.mke2fs.txt
+++ b/vendor/CMakeLists.mke2fs.txt
@@ -112,6 +112,6 @@ add_executable("${ANDROID_MKE2FS_NAME}"
e2fsprogs/misc/util.c)
--- a/vendor/CMakeLists.mke2fs.txt 2022-10-27 01:17:32.706970654 +0530
+++ b/vendor/CMakeLists.mke2fs.txt 2022-10-27 01:18:27.256970633 +0530
@@ -135,7 +135,7 @@ endif(HAVE_SYS_TYPES_H)
target_link_libraries("${ANDROID_MKE2FS_NAME}"
- libext2fs libsparse libbase libzip liblog libutil pthread z)
target_link_libraries(e2fsdroid
libext2fs libsparse libzip libcutils liblog libutil
- libbase libselinux libsepol z PkgConfig::libpcre2-8 pthread)
+ libbase libselinux libsepol z PkgConfig::libpcre2-8)
target_include_directories(e2fsdroid PRIVATE
e2fsprogs/lib e2fsprogs/lib/ext2fs selinux/libselinux/include
core/libcutils/include e2fsprogs/misc)
@@ -142,6 +142,6 @@
e2fsprogs/contrib/android/ext2simg.c)
target_link_libraries(ext2simg
- libext2fs libsparse libbase libzip liblog libutil z pthread)
+ libext2fs libsparse libbase libzip liblog libutil z)
target_include_directories("${ANDROID_MKE2FS_NAME}" PRIVATE
e2fsprogs/lib)
target_include_directories(ext2simg PRIVATE
e2fsprogs/lib core/libsparse/include)

11
packages/android-tools/vendor_selinux_libselinux_android_common.patch Normal file
View File

@ -0,0 +1,11 @@
--- a/vendor/selinux/libselinux/src/android/android_common.h
+++ b/vendor/selinux/libselinux/src/android/android_common.h
@@ -20,7 +20,7 @@
#include <selinux/android.h>
#include <selinux/label.h>
#ifndef __ANDROID_VNDK__
-#include <private/android_filesystem_config.h>
+#include <cutils/android_filesystem_config.h>
#endif
#include <log/log.h>
#include "policy.h"

28
packages/android-tools/vendor_selinux_libselinux_fgets_unlocked.patch Normal file
View File

@ -0,0 +1,28 @@
diff --git a/libselinux/src/label_internal.h b/libselinux/src/label_internal.h
index d09847c8..253ddbef 100644
--- a/vendor/selinux/libselinux/src/label_internal.h
+++ b/vendor/selinux/libselinux/src/label_internal.h
@@ -15,7 +15,7 @@
#include <selinux/label.h>
#include "sha1.h"
-#if defined(ANDROID) || defined(__APPLE__)
+#if defined(__ANDROID__) || defined(__APPLE__)
// Android and Mac do not have fgets_unlocked()
#define fgets_unlocked(buf, size, fp) fgets(buf, size, fp)
#endif
diff --git a/libselinux/src/selinux_internal.h b/libselinux/src/selinux_internal.h
index 27e9ac53..be28fa04 100644
--- a/vendor/selinux/libselinux/src/selinux_internal.h
+++ b/vendor/selinux/libselinux/src/selinux_internal.h
@@ -1,6 +1,10 @@
#include <selinux/selinux.h>
#include <pthread.h>
+#if defined(__ANDROID__)
+// Android do not have fgets_unlocked()
+#define fgets_unlocked(buf, size, fp) fgets(buf, size, fp)
+#endif
extern int require_seusers ;
extern int selinux_page_size ;

27
packages/android-tools/vendor_selinux_libselinux_src_android_android_platform.c.patch Normal file
View File

@ -0,0 +1,27 @@
--- a/vendor/selinux/libselinux/src/android/android_platform.c
+++ b/vendor/selinux/libselinux/src/android/android_platform.c
@@ -952,6 +952,24 @@
return rc;
}
+#if 1
+#include <dlfcn.h>
+int __system_properties_init(void)
+{
+ static int initialized = 0;
+ static int (*libc_impl)(void) = NULL;
+ if (!initialized) {
+ void *libc_handle = dlopen("libc.so", RTLD_NOW);
+ if (libc_handle != NULL)
+ libc_impl = dlsym(libc_handle, "__system_properties_init");
+ initialized = 1;
+ }
+ if (libc_impl != NULL)
+ return libc_impl();
+ return -1;
+}
+#endif
+
int selinux_android_setcon(const char *con)
{
int ret = setcon(con);