commit 781f9fc4af6002f5eb47b2bad852e1090d525298
author Szymon Starzycki <sstar@google.com> Wed Oct 02 17:21:41 2013 -0700
committer Szymon Starzycki <sstar@google.com> Wed Oct 02 18:24:58 2013 -0700
tree 7da996c8f21426acda2a0686254e73ddd4477203
parent 8c3263ea94ab7292ce8ba88d60c4672ec75b5e1a

Revert "Revert "Fastbootd: flashing certification""

CMS functionality is now available

This reverts commit 068b71dd9cd6cb03dfcdc0c9deced361780bc0d3.

Conflicts:
	fastbootd/Android.mk
	fastbootd/fastbootd.c
	fastbootd/utils.c
	fastbootd/utils.h

Change-Id: I1a27459b41d9297603deb124c65f237ff971e5b6

fastbootd/commands.c

diff --git a/fastbootd/commands.c b/fastbootd/commands.c
index 83e86b0..2f6e86a 100644
--- a/fastbootd/commands.c
+++ b/fastbootd/commands.c
@@ -52,6 +52,8 @@
 
 static void cmd_boot(struct protocol_handle *phandle, const char *arg)
 {
+    int sz, atags_sz, new_atags_sz;
+    int rv;
     unsigned kernel_actual;
     unsigned ramdisk_actual;
     unsigned second_actual;
@@ -59,9 +61,11 @@
     void *ramdisk_ptr;
     void *second_ptr;
     struct boot_img_hdr *hdr;
-    int sz, atags_sz, new_atags_sz;
-    int rv;
-    char *ptr = NULL, *atags_ptr = NULL, *new_atags = NULL;
+    char *ptr = NULL;
+    char *atags_ptr = NULL;
+    char *new_atags = NULL;
+    int data_fd = 0;
+
     D(DEBUG, "cmd_boot %s\n", arg);
 
     if (phandle->download_fd < 0) {
@@ -75,9 +79,18 @@
         goto error;
     }
 
-    sz = get_file_size(phandle->download_fd);
+    // TODO: With cms we can also verify partition name included as
+    // cms signed attribute
+    if (flash_validate_certificate(phandle->download_fd, &data_fd) != 1) {
+        fastboot_fail(phandle, "Access forbiden you need the certificate");
+        return;
+    }
+
+    sz = get_file_size(data_fd);
+
     ptr = (char *) mmap(NULL, sz, PROT_READ,
-                        MAP_POPULATE | MAP_PRIVATE, phandle->download_fd, 0);
+                        MAP_POPULATE | MAP_PRIVATE, data_fd, 0);
+
     hdr = (struct boot_img_hdr *) ptr;
 
     if (ptr == MAP_FAILED) {
@@ -130,6 +143,7 @@
     free(atags_ptr);
     munmap(ptr, sz);
     free(new_atags);
+    close(data_fd);
 
     D(INFO, "Kexec going to reboot");
     reboot(LINUX_REBOOT_CMD_KEXEC);
@@ -256,6 +270,7 @@
     char data[BOOT_MAGIC_SIZE];
     char path[PATH_MAX];
     ssize_t header_sz = 0;
+    int data_fd = 0;
 
     D(DEBUG, "cmd_flash %s\n", arg);
 
@@ -273,9 +288,14 @@
         return;
     }
 
+    if (flash_validate_certificate(phandle->download_fd, &data_fd) != 1) {
+        fastboot_fail(phandle, "Access forbiden you need certificate");
+        return;
+    }
+
     // TODO: Maybe its goot idea to check whether the partition is just bootable partition
     if (!strcmp(arg, "boot") || !strcmp(arg, "recovery")) {
-        if (read_data_once(phandle->download_fd, data, BOOT_MAGIC_SIZE) < BOOT_MAGIC_SIZE) {
+        if (read_data_once(data_fd, data, BOOT_MAGIC_SIZE) < BOOT_MAGIC_SIZE) {
             fastboot_fail(phandle, "incoming data read error, cannot read boot header");
             return;
         }
@@ -287,7 +307,10 @@
 
     partition = flash_get_partiton(path);
 
-    sz = get_file_size64(phandle->download_fd);
+    sz = get_file_size64(data_fd);
+
+    sz -= header_sz;
+
     if (sz > get_file_size64(partition)) {
         flash_close(partition);
         D(WARN, "size of file too large");
@@ -304,6 +327,8 @@
     D(INFO, "partition '%s' updated\n", arg);
 
     flash_close(partition);
+    close(data_fd);
+    //TODO: check who is closing phandle->download_fd
 
     fastboot_okay(phandle, "");
 }