diff --git a/packages/android-tools/CVE-2022-20128.patch b/packages/android-tools/CVE-2022-20128.patch deleted file mode 100644 index ab515efccf..0000000000 --- a/packages/android-tools/CVE-2022-20128.patch +++ /dev/null @@ -1,47 +0,0 @@ -From a547c7001ce5a3f5ff6611086d0c9e2d6b52c6d9 Mon Sep 17 00:00:00 2001 -From: Shaju Mathew -Date: Mon, 17 Jan 2022 17:42:05 -0800 -Subject: [PATCH] Now suppressing ability for a potentially rogue device to - engage in directory traversal on host. - -Bug:209438553 - -Ignore-AOSP-First: Resolution for (potential) security exploit if the device daemon -happens to be compromised. - -Test: - Manual/cursory test against poc daemon (py script). - - For addressing flake: $aosp-master-with-phones/tools/asuite/atest$ atest atest_unittests - - Summary - ------- - arm64-v8a atest_unittests: Passed: 288, Failed: 0, Ignored: 0, Assumption Failed: 0 -All tests passed! - -Signed-off-by: Shaju Mathew -Change-Id: I3e28b8882a0741a734422c52057d5ad1e608d8a8 ---- - client/file_sync_client.cpp | 8 ++++++++ - 1 file changed, 8 insertions(+) - -diff --git a/client/file_sync_client.cpp b/client/file_sync_client.cpp -index af1deba1..1b1dfa89 100644 ---- a/client/file_sync_client.cpp -+++ b/vendor/adb/client/file_sync_client.cpp -@@ -545,6 +545,14 @@ class SyncConnection { - if (!ReadFdExactly(fd, buf, len)) return false; - buf[len] = 0; - -+ // Address the highly unlikely scenario wherein a -+ // compromised device/service might be able to -+ // traverse across directories on the host. Let's -+ // shut that door! -+ if (strchr(buf, '/')) { -+ return false; -+ } -+ - callback(dent.mode, dent.size, dent.mtime, buf); - } - } --- -2.38.0 - diff --git a/packages/android-tools/CVE-2022-3168.patch b/packages/android-tools/CVE-2022-3168.patch deleted file mode 100644 index b87010d4d0..0000000000 --- a/packages/android-tools/CVE-2022-3168.patch +++ /dev/null @@ -1,184 +0,0 @@ -From 13508c1c97da14a294c04e5097ea81c9ce7edf33 Mon Sep 17 00:00:00 2001 -From: Shaju Mathew -Date: Sat, 25 Jun 2022 14:57:31 +0000 -Subject: [PATCH] Reject external connect: requests. - -Steps: - 1. Track forward:reverse config in a data-structure. - 2. connect_to_remote() examines each socket transport and updates - this data-structure. - 3. handle_packet() takes appropriate action - (abort) for an unknown connect: request originating from the device. - -Bug:205286508 - -Test: treehugger - -Signed-off-by: jmgao -Change-Id: I0ec7d6f8e60afc2ee5d1be2b63bf90ca99443a52 ---- - adb.cpp | 11 +++++++++- - sockets.cpp | 6 +++++ - transport.cpp | 61 ++++++++++++++++++++++++++++++++++++++++++++++++++- - transport.h | 12 ++++++++++ - 4 files changed, 88 insertions(+), 2 deletions(-) - -diff --git a/adb.cpp b/adb.cpp -index 5d481295..f397da09 100644 ---- a/adb.cpp -+++ b/vendor/adb/adb.cpp -@@ -485,7 +485,16 @@ void handle_packet(apacket *p, atransport *t) - // byte. The client sent strings with null termination, which post-string_view, start - // being interpreted as part of the string, unless we explicitly strip them. - address = StripTrailingNulls(address); -- -+#if ADB_HOST -+ // The incoming address (from the payload) might be some other -+ // target (e.g tcp::8000), however we do not allow *any* -+ // such requests - namely, those from (a potentially compromised) -+ // adbd (reverse:forward: source) port transport. -+ if (!t->IsReverseConfigured(address.data())) { -+ LOG(FATAL) << __func__ << " disallowed connect to " << address << " from " -+ << t->serial_name(); -+ } -+#endif - asocket* s = create_local_service_socket(address, t); - if (s == nullptr) { - send_close(0, p->msg.arg0, t); -diff --git a/sockets.cpp b/sockets.cpp -index 61a2d9d9..3cd43f92 100644 ---- a/sockets.cpp -+++ b/vendor/adb/sockets.cpp -@@ -560,6 +560,12 @@ asocket* create_remote_socket(unsigned id, atransport* t) { - } - - void connect_to_remote(asocket* s, std::string_view destination) { -+#if ADB_HOST -+ // Snoop reverse:forward: requests to track them so that an -+ // appropriate filter (to figure out whether the remote is -+ // allowed to connect locally) can be applied. -+ s->transport->UpdateReverseConfig(destination); -+#endif - D("Connect_to_remote call RS(%d) fd=%d", s->id, s->fd); - apacket* p = get_apacket(); - -diff --git a/transport.cpp b/transport.cpp -index 71771d31..f1cae405 100644 ---- a/transport.cpp -+++ b/vendor/adb/transport.cpp -@@ -1219,8 +1219,10 @@ bool atransport::HandleRead(std::unique_ptr p) { - VLOG(TRANSPORT) << dump_packet(serial.c_str(), "from remote", p.get()); - apacket* packet = p.release(); - -- // TODO: Does this need to run on the main thread? -+ // This needs to run on the main thread since the associated fdevent -+ // message pump exists in that context. - fdevent_run_on_main_thread([packet, this]() { handle_packet(packet, this); }); -+ - return true; - } - -@@ -1614,6 +1616,63 @@ void unregister_usb_transport(usb_handle* usb) { - return t->GetUsbHandle() == usb && t->GetConnectionState() == kCsNoPerm; - }); - } -+ -+// Track reverse:forward commands, so that info can be used to develop -+// an 'allow-list': -+// - adb reverse tcp: localhost: : responds with the -+// device_port -+// - adb reverse --remove tcp: : responds OKAY -+// - adb reverse --remove-all : responds OKAY -+void atransport::UpdateReverseConfig(std::string_view service_addr) { -+ check_main_thread(); -+ if (!android::base::ConsumePrefix(&service_addr, "reverse:")) { -+ return; -+ } -+ -+ if (android::base::ConsumePrefix(&service_addr, "forward:")) { -+ // forward:[norebind:]; -+ bool norebind = android::base::ConsumePrefix(&service_addr, "norebind:"); -+ auto it = service_addr.find(';'); -+ if (it == std::string::npos) { -+ return; -+ } -+ std::string remote(service_addr.substr(0, it)); -+ -+ if (norebind && reverse_forwards_.find(remote) != reverse_forwards_.end()) { -+ // This will fail, don't update the map. -+ LOG(DEBUG) << "ignoring reverse forward that will fail due to norebind"; -+ return; -+ } -+ -+ std::string local(service_addr.substr(it + 1)); -+ reverse_forwards_[remote] = local; -+ } else if (android::base::ConsumePrefix(&service_addr, "killforward:")) { -+ // kill-forward: -+ auto it = service_addr.find(';'); -+ if (it != std::string::npos) { -+ return; -+ } -+ reverse_forwards_.erase(std::string(service_addr)); -+ } else if (service_addr == "killforward-all") { -+ reverse_forwards_.clear(); -+ } else if (service_addr == "list-forward") { -+ LOG(DEBUG) << __func__ << " ignoring --list"; -+ } else { // Anything else we need to know about? -+ LOG(FATAL) << "unhandled reverse service: " << service_addr; -+ } -+} -+ -+// Is this an authorized :connect request? -+bool atransport::IsReverseConfigured(const std::string& local_addr) { -+ check_main_thread(); -+ for (const auto& [remote, local] : reverse_forwards_) { -+ if (local == local_addr) { -+ return true; -+ } -+ } -+ return false; -+} -+ - #endif - - bool check_header(apacket* p, atransport* t) { -diff --git a/transport.h b/transport.h -index ed2cd81f..fc0e322d 100644 ---- a/transport.h -+++ b/vendor/adb/transport.h -@@ -31,6 +31,7 @@ - #include - #include - #include -+#include - #include - - #include -@@ -298,6 +299,10 @@ class atransport : public enable_weak_from_this { - #if ADB_HOST - void SetUsbHandle(usb_handle* h) { usb_handle_ = h; } - usb_handle* GetUsbHandle() { return usb_handle_; } -+ -+ // Interface for management/filter on forward:reverse: configuration. -+ void UpdateReverseConfig(std::string_view service_addr); -+ bool IsReverseConfigured(const std::string& local_addr); - #endif - - const TransportId id; -@@ -427,6 +432,13 @@ class atransport : public enable_weak_from_this { - - bool delayed_ack_ = false; - -+#if ADB_HOST -+ // Track remote addresses against local addresses (configured) -+ // through `adb reverse` commands. -+ // Access constrained to primary thread by virtue of check_main_thread(). -+ std::unordered_map reverse_forwards_; -+#endif -+ - DISALLOW_COPY_AND_ASSIGN(atransport); - }; - --- -2.38.0 - diff --git a/packages/android-tools/build.sh b/packages/android-tools/build.sh index 6ae1c216dc..f26dbffeb1 100644 --- a/packages/android-tools/build.sh +++ b/packages/android-tools/build.sh @@ -1,14 +1,14 @@ TERMUX_PKG_HOMEPAGE=https://developer.android.com/ TERMUX_PKG_DESCRIPTION="Android platform tools" -TERMUX_PKG_LICENSE="Apache-2.0, MIT" +TERMUX_PKG_LICENSE="Apache-2.0, BSD 2-Clause" +TERMUX_PKG_LICENSE_FILE="LICENSE, vendor/core/fastboot/LICENSE" TERMUX_PKG_MAINTAINER="@termux" -TERMUX_PKG_VERSION=31.0.3p1 -TERMUX_PKG_REVISION=7 +TERMUX_PKG_VERSION=33.0.3p2 TERMUX_PKG_SRCURL=https://github.com/nmeum/android-tools/releases/download/$TERMUX_PKG_VERSION/android-tools-$TERMUX_PKG_VERSION.tar.xz -TERMUX_PKG_SHA256=0ef69f919d58a2bdff2083d2e83a9ef38df079ec82651b2544e9e48086df5ab8 +TERMUX_PKG_SHA256=6bf6b52d7389e79fc92b63cc206451ee42fc4f7da769d76922193e98d75f5604 TERMUX_PKG_AUTO_UPDATE=true -TERMUX_PKG_DEPENDS="brotli, libc++, liblz4, libprotobuf, libusb, zlib, zstd" -TERMUX_PKG_BUILD_DEPENDS="googletest, pcre2" +TERMUX_PKG_DEPENDS="brotli, libc++, liblz4, libprotobuf, libusb, pcre2, zlib, zstd" +TERMUX_PKG_BUILD_DEPENDS="googletest" termux_step_pre_configure() { termux_setup_protobuf diff --git a/packages/android-tools/vendor_CMakeLists.adb.txt.patch b/packages/android-tools/vendor_CMakeLists.adb.txt.patch deleted file mode 100644 index 545e459bc1..0000000000 --- a/packages/android-tools/vendor_CMakeLists.adb.txt.patch +++ /dev/null @@ -1,12 +0,0 @@ -diff --git a/vendor/CMakeLists.adb.txt b/vendor/CMakeLists.adb.txt -index 2b6d8f0..ee55949 100644 ---- a/vendor/CMakeLists.adb.txt -+++ b/vendor/CMakeLists.adb.txt -@@ -192,7 +192,6 @@ target_link_libraries(adb - brotlidec - brotlienc - lz4 -- pthread - usb-1.0 - z - zstd) diff --git a/packages/android-tools/vendor_CMakeLists.fastboot.txt.patch b/packages/android-tools/vendor_CMakeLists.fastboot.txt.patch index 62b40ee762..adc7fc4931 100644 --- a/packages/android-tools/vendor_CMakeLists.fastboot.txt.patch +++ b/packages/android-tools/vendor_CMakeLists.fastboot.txt.patch @@ -1,10 +1,87 @@ diff --git a/vendor/CMakeLists.fastboot.txt b/vendor/CMakeLists.fastboot.txt -index 1d43937..880bb8c 100644 +index a217ecc..1d8d3b1 100644 --- a/vendor/CMakeLists.fastboot.txt +++ b/vendor/CMakeLists.fastboot.txt -@@ -135,4 +135,4 @@ target_compile_definitions(fastboot PRIVATE +@@ -5,7 +5,7 @@ add_library(libzip STATIC + libziparchive/zip_error.cpp + libziparchive/zip_writer.cc) + +-target_compile_definitions(libzip PRIVATE -DZLIB_CONST) ++target_compile_definitions(libzip PRIVATE -DZLIB_CONST -DINCFS_SUPPORT_DISABLED) + target_include_directories(libzip PUBLIC + libziparchive/include + libziparchive/incfs_support/include +@@ -61,7 +61,41 @@ add_library(libselinux STATIC + selinux/libselinux/src/setrans_client.c + selinux/libselinux/src/sha1.c + selinux/libselinux/src/label_file.c +- selinux/libselinux/src/regex.c) ++ selinux/libselinux/src/regex.c ++ selinux/libselinux/src/android/android_platform.c ++ selinux/libselinux/src/android/android.c ++ selinux/libselinux/src/avc.c ++ selinux/libselinux/src/avc_internal.c ++ selinux/libselinux/src/avc_sidtab.c ++ selinux/libselinux/src/canonicalize_context.c ++ selinux/libselinux/src/checkAccess.c ++ selinux/libselinux/src/check_context.c ++ selinux/libselinux/src/compute_av.c ++ selinux/libselinux/src/compute_create.c ++ selinux/libselinux/src/compute_member.c ++ selinux/libselinux/src/context.c ++ selinux/libselinux/src/deny_unknown.c ++ selinux/libselinux/src/disable.c ++ selinux/libselinux/src/enabled.c ++ selinux/libselinux/src/fgetfilecon.c ++ selinux/libselinux/src/fsetfilecon.c ++ selinux/libselinux/src/getenforce.c ++ selinux/libselinux/src/getfilecon.c ++ selinux/libselinux/src/get_initial_context.c ++ selinux/libselinux/src/getpeercon.c ++ selinux/libselinux/src/init.c ++ selinux/libselinux/src/lgetfilecon.c ++ selinux/libselinux/src/load_policy.c ++ selinux/libselinux/src/lsetfilecon.c ++ selinux/libselinux/src/mapping.c ++ selinux/libselinux/src/policyvers.c ++ selinux/libselinux/src/procattr.c ++ selinux/libselinux/src/reject_unknown.c ++ selinux/libselinux/src/sestatus.c ++ selinux/libselinux/src/setenforce.c ++ selinux/libselinux/src/setfilecon.c ++ selinux/libselinux/src/stringrep.c ++ core/libpackagelistparser/packagelistparser.cpp) + + target_compile_definitions(libselinux PRIVATE + -DAUDITD_LOG_TAG=1003 -D_GNU_SOURCE -DBUILD_HOST -DUSE_PCRE2 +@@ -82,6 +86,13 @@ target_compile_definitions(libselinux PRIVATE + target_include_directories(libselinux PUBLIC + selinux/libselinux/include selinux/libsepol/include) + ++target_include_directories(libselinux PRIVATE ++ selinux/libselinux/src ++ libselinux/src/android ++ core/include ++ core/libpackagelistparser/include ++ logging/liblog/include) ++ + add_library(libsepol + selinux/libsepol/src/assertion.c + selinux/libsepol/src/avrule_block.c +@@ -100,6 +111,7 @@ add_library(libsepol + selinux/libsepol/src/policydb.c + selinux/libsepol/src/policydb_convert.c + selinux/libsepol/src/policydb_public.c ++ selinux/libsepol/src/policydb_validate.c + selinux/libsepol/src/services.c + selinux/libsepol/src/sidtab.c + selinux/libsepol/src/symtab.c +@@ -135,7 +147,7 @@ target_compile_definitions(fastboot PRIV target_link_libraries(fastboot libsparse libzip libcutils liblog libfsmgr libutil libbase libext4 libselinux libsepol libdiagnoseusb crypto -- z pcre2-8 pthread dl) -+ z pcre2-8 dl usb-1.0) +- z PkgConfig::libpcre2-8 Threads::Threads dl) ++ z PkgConfig::libpcre2-8 Threads::Threads dl usb-1.0) + + if(APPLE) + target_link_libraries(fastboot diff --git a/packages/android-tools/vendor_CMakeLists.mke2fs.txt.patch b/packages/android-tools/vendor_CMakeLists.mke2fs.txt.patch index faf42e7d7d..4300dfc9b8 100644 --- a/packages/android-tools/vendor_CMakeLists.mke2fs.txt.patch +++ b/packages/android-tools/vendor_CMakeLists.mke2fs.txt.patch @@ -1,12 +1,19 @@ -diff --git a/vendor/CMakeLists.mke2fs.txt b/vendor/CMakeLists.mke2fs.txt -index a8f89fd..d1cae40 100644 ---- a/vendor/CMakeLists.mke2fs.txt -+++ b/vendor/CMakeLists.mke2fs.txt -@@ -112,6 +112,6 @@ add_executable("${ANDROID_MKE2FS_NAME}" - e2fsprogs/misc/util.c) +--- a/vendor/CMakeLists.mke2fs.txt 2022-10-27 01:17:32.706970654 +0530 ++++ b/vendor/CMakeLists.mke2fs.txt 2022-10-27 01:18:27.256970633 +0530 +@@ -135,7 +135,7 @@ endif(HAVE_SYS_TYPES_H) - target_link_libraries("${ANDROID_MKE2FS_NAME}" -- libext2fs libsparse libbase libzip liblog libutil pthread z) + target_link_libraries(e2fsdroid + libext2fs libsparse libzip libcutils liblog libutil +- libbase libselinux libsepol z PkgConfig::libpcre2-8 pthread) ++ libbase libselinux libsepol z PkgConfig::libpcre2-8) + target_include_directories(e2fsdroid PRIVATE + e2fsprogs/lib e2fsprogs/lib/ext2fs selinux/libselinux/include + core/libcutils/include e2fsprogs/misc) +@@ -142,6 +142,6 @@ + e2fsprogs/contrib/android/ext2simg.c) + + target_link_libraries(ext2simg +- libext2fs libsparse libbase libzip liblog libutil z pthread) + libext2fs libsparse libbase libzip liblog libutil z) - target_include_directories("${ANDROID_MKE2FS_NAME}" PRIVATE - e2fsprogs/lib) + target_include_directories(ext2simg PRIVATE + e2fsprogs/lib core/libsparse/include) diff --git a/packages/android-tools/vendor_selinux_libselinux_android_common.patch b/packages/android-tools/vendor_selinux_libselinux_android_common.patch new file mode 100644 index 0000000000..ee6458a078 --- /dev/null +++ b/packages/android-tools/vendor_selinux_libselinux_android_common.patch @@ -0,0 +1,11 @@ +--- a/vendor/selinux/libselinux/src/android/android_common.h ++++ b/vendor/selinux/libselinux/src/android/android_common.h +@@ -20,7 +20,7 @@ + #include + #include + #ifndef __ANDROID_VNDK__ +-#include ++#include + #endif + #include + #include "policy.h" diff --git a/packages/android-tools/vendor_selinux_libselinux_fgets_unlocked.patch b/packages/android-tools/vendor_selinux_libselinux_fgets_unlocked.patch new file mode 100644 index 0000000000..8ec4b911db --- /dev/null +++ b/packages/android-tools/vendor_selinux_libselinux_fgets_unlocked.patch @@ -0,0 +1,28 @@ +diff --git a/libselinux/src/label_internal.h b/libselinux/src/label_internal.h +index d09847c8..253ddbef 100644 +--- a/vendor/selinux/libselinux/src/label_internal.h ++++ b/vendor/selinux/libselinux/src/label_internal.h +@@ -15,7 +15,7 @@ + #include + #include "sha1.h" + +-#if defined(ANDROID) || defined(__APPLE__) ++#if defined(__ANDROID__) || defined(__APPLE__) + // Android and Mac do not have fgets_unlocked() + #define fgets_unlocked(buf, size, fp) fgets(buf, size, fp) + #endif +diff --git a/libselinux/src/selinux_internal.h b/libselinux/src/selinux_internal.h +index 27e9ac53..be28fa04 100644 +--- a/vendor/selinux/libselinux/src/selinux_internal.h ++++ b/vendor/selinux/libselinux/src/selinux_internal.h +@@ -1,6 +1,10 @@ + #include + #include + ++#if defined(__ANDROID__) ++// Android do not have fgets_unlocked() ++#define fgets_unlocked(buf, size, fp) fgets(buf, size, fp) ++#endif + + extern int require_seusers ; + extern int selinux_page_size ; diff --git a/packages/android-tools/vendor_selinux_libselinux_src_android_android_platform.c.patch b/packages/android-tools/vendor_selinux_libselinux_src_android_android_platform.c.patch new file mode 100644 index 0000000000..46d2046ff6 --- /dev/null +++ b/packages/android-tools/vendor_selinux_libselinux_src_android_android_platform.c.patch @@ -0,0 +1,27 @@ +--- a/vendor/selinux/libselinux/src/android/android_platform.c ++++ b/vendor/selinux/libselinux/src/android/android_platform.c +@@ -952,6 +952,24 @@ + return rc; + } + ++#if 1 ++#include ++int __system_properties_init(void) ++{ ++ static int initialized = 0; ++ static int (*libc_impl)(void) = NULL; ++ if (!initialized) { ++ void *libc_handle = dlopen("libc.so", RTLD_NOW); ++ if (libc_handle != NULL) ++ libc_impl = dlsym(libc_handle, "__system_properties_init"); ++ initialized = 1; ++ } ++ if (libc_impl != NULL) ++ return libc_impl(); ++ return -1; ++} ++#endif ++ + int selinux_android_setcon(const char *con) + { + int ret = setcon(con);