diff --git a/abootimg/src/main/groovy/cfig/bootimg/CImgInfo.groovy b/abootimg/src/main/groovy/cfig/bootimg/CImgInfo.groovy index c02cc40..8f8d5d4 100644 --- a/abootimg/src/main/groovy/cfig/bootimg/CImgInfo.groovy +++ b/abootimg/src/main/groovy/cfig/bootimg/CImgInfo.groovy @@ -42,9 +42,9 @@ class CImgInfo extends CArgs { aArg.os_version = result.bootimg.args.os_version; aArg.os_patch_level = result.bootimg.args.os_patch_level; //image info - aArg.kernel_len = result.bootimg.img.kernel_len; - aArg.ramdisk_len = result.bootimg.img.ramdisk_len; - aArg.second_len = result.bootimg.img.second_len; + aArg.kernel_len = Integer.decode(result.bootimg.img.kernel_len); + aArg.ramdisk_len = Integer.decode(result.bootimg.img.ramdisk_len); + aArg.second_len = Integer.decode(result.bootimg.img.second_len); //adjust preset info if (0 == aArg.ramdisk_len) { aArg.ramdisk = null; @@ -82,12 +82,12 @@ class CImgInfo extends CArgs { id this.id; } img { - kernel_pos this.kernel_pos; - kernel_len this.kernel_len; - ramdisk_pos this.ramdisk_pos; - ramdisk_len this.ramdisk_len; - second_pos this.second_pos; - second_len this.second_len; + kernel_pos "0x" + Integer.toHexString(this.kernel_pos); + kernel_len "0x" + Integer.toHexString(this.kernel_len); + ramdisk_pos "0x" + Integer.toHexString(this.ramdisk_pos); + ramdisk_len "0x" + Integer.toHexString(this.ramdisk_len); + second_pos "0x" + Integer.toHexString(this.second_pos); + second_len "0x" + Integer.toHexString(this.second_len); hash hashString; } } diff --git a/bouncycastle/bcprov/src/main/java/org/bouncycastle/crypto/agreement/ECDHBasicAgreement.java b/bouncycastle/bcprov/src/main/java/org/bouncycastle/crypto/agreement/ECDHBasicAgreement.java index a491b9d..5aa2f2b 100644 --- a/bouncycastle/bcprov/src/main/java/org/bouncycastle/crypto/agreement/ECDHBasicAgreement.java +++ b/bouncycastle/bcprov/src/main/java/org/bouncycastle/crypto/agreement/ECDHBasicAgreement.java @@ -6,6 +6,9 @@ import org.bouncycastle.crypto.BasicAgreement; import org.bouncycastle.crypto.CipherParameters; import org.bouncycastle.crypto.params.ECPrivateKeyParameters; import org.bouncycastle.crypto.params.ECPublicKeyParameters; +// BEGIN android-added +import org.bouncycastle.math.ec.ECCurve; +// END android-added import org.bouncycastle.math.ec.ECPoint; /** @@ -41,8 +44,23 @@ public class ECDHBasicAgreement public BigInteger calculateAgreement( CipherParameters pubKey) { - ECPublicKeyParameters pub = (ECPublicKeyParameters)pubKey; - ECPoint P = pub.getQ().multiply(key.getD()).normalize(); + // BEGIN android-changed + ECPoint peerPoint = ((ECPublicKeyParameters) pubKey).getQ(); + ECCurve myCurve = key.getParameters().getCurve(); + if (peerPoint.isInfinity()) { + throw new IllegalStateException("Infinity is not a valid public key for ECDH"); + } + try { + myCurve.validatePoint(peerPoint.getXCoord().toBigInteger(), + peerPoint.getYCoord().toBigInteger()); + } catch (IllegalArgumentException ex) { + throw new IllegalStateException("The peer public key must be on the curve for ECDH"); + } + // Explicitly construct a public key using the private key's curve. + ECPoint pubPoint = myCurve.createPoint(peerPoint.getXCoord().toBigInteger(), + peerPoint.getYCoord().toBigInteger()); + ECPoint P = pubPoint.multiply(key.getD()).normalize(); + // END android-changed if (P.isInfinity()) { diff --git a/bouncycastle/bcprov/src/main/java/org/bouncycastle/jcajce/provider/asymmetric/dsa/DSASigner.java b/bouncycastle/bcprov/src/main/java/org/bouncycastle/jcajce/provider/asymmetric/dsa/DSASigner.java index bdda6a2..fead55d 100644 --- a/bouncycastle/bcprov/src/main/java/org/bouncycastle/jcajce/provider/asymmetric/dsa/DSASigner.java +++ b/bouncycastle/bcprov/src/main/java/org/bouncycastle/jcajce/provider/asymmetric/dsa/DSASigner.java @@ -33,6 +33,10 @@ import org.bouncycastle.crypto.digests.AndroidDigestFactory; // import org.bouncycastle.crypto.digests.SHA384Digest; // import org.bouncycastle.crypto.digests.SHA512Digest; // END android-removed +// BEGIN android-added +import org.bouncycastle.crypto.params.DSAKeyParameters; +import org.bouncycastle.crypto.params.DSAParameters; +// END android-added import org.bouncycastle.crypto.params.ParametersWithRandom; // BEGIN android-removed // import org.bouncycastle.crypto.signers.HMacDSAKCalculator; @@ -107,6 +111,10 @@ public class DSASigner CipherParameters param; param = DSAUtil.generatePrivateKeyParameter(privateKey); + // BEGIN android-added + DSAParameters dsaParam = ((DSAKeyParameters) param).getParameters(); + checkKey(dsaParam); + // END android-added if (random != null) { @@ -180,6 +188,28 @@ public class DSASigner throw new UnsupportedOperationException("engineSetParameter unsupported"); } + // BEGIN android-added + protected void checkKey(DSAParameters params) throws InvalidKeyException { + int valueL = params.getP().bitLength(); + int valueN = params.getQ().bitLength(); + int digestSize = digest.getDigestSize(); + + // The checks are consistent with DSAParametersGenerator's init method. + if ((valueL < 1024 || valueL > 3072) || valueL % 1024 != 0) { + throw new InvalidKeyException("valueL values must be between 1024 and 3072 and a multiple of 1024"); + } else if (valueL == 1024 && valueN != 160) { + throw new InvalidKeyException("valueN must be 160 for valueL = 1024"); + } else if (valueL == 2048 && (valueN != 224 && valueN != 256)) { + throw new InvalidKeyException("valueN must be 224 or 256 for valueL = 2048"); + } else if (valueL == 3072 && valueN != 256) { + throw new InvalidKeyException("valueN must be 256 for valueL = 3072"); + } + if (!(digest instanceof NullDigest) && valueN > digestSize * 8) { + throw new InvalidKeyException("Key is too strong for this signature algorithm"); + } + } + + // END android-added /** * @deprecated replaced with */ diff --git a/bouncycastle/bcprov/src/main/java/org/bouncycastle/jcajce/provider/asymmetric/ec/KeyAgreementSpi.java b/bouncycastle/bcprov/src/main/java/org/bouncycastle/jcajce/provider/asymmetric/ec/KeyAgreementSpi.java index 18fb306..004e287 100644 --- a/bouncycastle/bcprov/src/main/java/org/bouncycastle/jcajce/provider/asymmetric/ec/KeyAgreementSpi.java +++ b/bouncycastle/bcprov/src/main/java/org/bouncycastle/jcajce/provider/asymmetric/ec/KeyAgreementSpi.java @@ -139,7 +139,15 @@ public class KeyAgreementSpi // TODO Validate that all the keys are using the same parameters? } + // BEGIN android-added + try { + // END android-added result = agreement.calculateAgreement(pubKey); + // BEGIN android-added + } catch (IllegalStateException e) { + throw new InvalidKeyException("Invalid public key"); + } + // END android-added return null; } diff --git a/src/mkbootfs/c/fs_config.c b/src/mkbootfs/c/fs_config.c index e46eb2a..547e873 100644 --- a/src/mkbootfs/c/fs_config.c +++ b/src/mkbootfs/c/fs_config.c @@ -80,6 +80,7 @@ static const struct fs_path_config android_dirs[] = { { 00500, AID_ROOT, AID_ROOT, 0, "config" }, { 00771, AID_SYSTEM, AID_SYSTEM, 0, "data/app" }, { 00771, AID_SYSTEM, AID_SYSTEM, 0, "data/app-private" }, + { 00771, AID_SYSTEM, AID_SYSTEM, 0, "data/app-ephemeral" }, { 00771, AID_ROOT, AID_ROOT, 0, "data/dalvik-cache" }, { 00771, AID_SYSTEM, AID_SYSTEM, 0, "data/data" }, { 00771, AID_SHELL, AID_SHELL, 0, "data/local/tmp" }, @@ -91,6 +92,7 @@ static const struct fs_path_config android_dirs[] = { { 00775, AID_MEDIA_RW, AID_MEDIA_RW, 0, "data/media/Music" }, { 00750, AID_ROOT, AID_SHELL, 0, "data/nativetest" }, { 00750, AID_ROOT, AID_SHELL, 0, "data/nativetest64" }, + { 00775, AID_ROOT, AID_ROOT, 0, "data/preloads" }, { 00771, AID_SYSTEM, AID_SYSTEM, 0, "data" }, { 00755, AID_ROOT, AID_SYSTEM, 0, "mnt" }, { 00755, AID_ROOT, AID_ROOT, 0, "root" }, @@ -118,7 +120,6 @@ static const struct fs_path_config android_files[] = { { 00440, AID_ROOT, AID_SHELL, 0, "system/etc/init.goldfish.rc" }, { 00550, AID_ROOT, AID_SHELL, 0, "system/etc/init.goldfish.sh" }, { 00550, AID_ROOT, AID_SHELL, 0, "system/etc/init.ril" }, - { 00550, AID_DHCP, AID_SHELL, 0, "system/etc/dhcpcd/dhcpcd-run-hooks" }, { 00555, AID_ROOT, AID_ROOT, 0, "system/etc/ppp/*" }, { 00555, AID_ROOT, AID_ROOT, 0, "system/etc/rc.*" }, { 00440, AID_ROOT, AID_ROOT, 0, "system/etc/recovery.img" }, @@ -127,6 +128,7 @@ static const struct fs_path_config android_files[] = { { 00644, AID_SYSTEM, AID_SYSTEM, 0, "data/app/*" }, { 00644, AID_MEDIA_RW, AID_MEDIA_RW, 0, "data/media/*" }, { 00644, AID_SYSTEM, AID_SYSTEM, 0, "data/app-private/*" }, + { 00644, AID_SYSTEM, AID_SYSTEM, 0, "data/app-ephemeral/*" }, { 00644, AID_APP, AID_APP, 0, "data/data/*" }, { 00640, AID_ROOT, AID_SHELL, 0, "data/nativetest/tests.txt" }, { 00640, AID_ROOT, AID_SHELL, 0, "data/nativetest64/tests.txt" }, @@ -142,6 +144,9 @@ static const struct fs_path_config android_files[] = { { 00750, AID_ROOT, AID_SHELL, CAP_MASK_LONG(CAP_SETUID) | CAP_MASK_LONG(CAP_SETGID), "system/bin/run-as" }, { 00700, AID_SYSTEM, AID_SHELL, CAP_MASK_LONG(CAP_BLOCK_SUSPEND), "system/bin/inputflinger" }, + /* Support FIFO scheduling mode in SurfaceFlinger. */ + { 00755, AID_SYSTEM, AID_GRAPHICS, CAP_MASK_LONG(CAP_SYS_NICE), "system/bin/surfaceflinger" }, + { 00750, AID_ROOT, AID_ROOT, 0, "system/bin/uncrypt" }, { 00750, AID_ROOT, AID_ROOT, 0, "system/bin/install-recovery.sh" }, { 00755, AID_ROOT, AID_SHELL, 0, "system/bin/*" }, @@ -149,7 +154,9 @@ static const struct fs_path_config android_files[] = { { 00755, AID_ROOT, AID_ROOT, 0, "system/lib64/valgrind/*" }, { 00755, AID_ROOT, AID_SHELL, 0, "system/xbin/*" }, { 00755, AID_ROOT, AID_SHELL, 0, "system/vendor/bin/*" }, + { 00755, AID_ROOT, AID_SHELL, 0, "system/vendor/xbin/*" }, { 00755, AID_ROOT, AID_SHELL, 0, "vendor/bin/*" }, + { 00755, AID_ROOT, AID_SHELL, 0, "vendor/xbin/*" }, { 00750, AID_ROOT, AID_SHELL, 0, "sbin/*" }, { 00755, AID_ROOT, AID_ROOT, 0, "bin/*" }, { 00750, AID_ROOT, AID_SHELL, 0, "init*" }, diff --git a/src/mkbootfs/headers/private/android_filesystem_config.h b/src/mkbootfs/headers/private/android_filesystem_config.h index e540de2..5ccd80e 100644 --- a/src/mkbootfs/headers/private/android_filesystem_config.h +++ b/src/mkbootfs/headers/private/android_filesystem_config.h @@ -92,6 +92,8 @@ #define AID_FIREWALL 1048 /* firewalld process */ #define AID_TRUNKS 1049 /* trunksd process (TPM daemon) */ #define AID_NVRAM 1050 /* Access-controlled NVRAM */ +#define AID_DNS 1051 /* DNS resolution daemon (system: netd) */ +#define AID_DNS_TETHER 1052 /* DNS resolution daemon (tether: dnsmasq) */ /* Changes to this file must be made in AOSP, *not* in internal branches. */ #define AID_SHELL 2000 /* adb and debug shell user */ @@ -203,6 +205,8 @@ static const struct android_id_info android_ids[] = { { "firewall", AID_FIREWALL, }, { "trunks", AID_TRUNKS, }, { "nvram", AID_NVRAM, }, + { "dns", AID_DNS, }, + { "dns_tether", AID_DNS_TETHER, }, { "shell", AID_SHELL, }, { "cache", AID_CACHE, },