Blaster4385/adevtool
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity

fix-keys: Add support for wrapping stock sources

Browse source
This commit is contained in:
Danny Lin 2021-12-18 18:58:30 -08:00
parent 482691c5ae
commit 3803585e71
1 changed files with 30 additions and 19 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

49
src/commands/fix-keys.ts
View file

@ -1,6 +1,9 @@
import { Command, flags } from '@oclif/command' import { Command, flags } from '@oclif/command'
import { wrapSystemSrc } from '../frontend/source'
import { KeyInfo, MacSigner, readKeysConfRecursive, readMacPermissionsRecursive, readPartMacPermissions, resolveKeys, writeMappedKeys } from '../selinux/keys' import { KeyInfo, MacSigner, readKeysConfRecursive, readMacPermissionsRecursive, readPartMacPermissions, resolveKeys, writeMappedKeys } from '../selinux/keys'
import { withSpinner } from '../util/cli'
import { withTempDir } from '../util/fs'
export default class FixKeys extends Command { export default class FixKeys extends Command {
static description = 'fix SELinux presigned app keys' static description = 'fix SELinux presigned app keys'
@ -8,31 +11,39 @@ export default class FixKeys extends Command {
static flags = { static flags = {
help: flags.help({char: 'h'}), help: flags.help({char: 'h'}),
sepolicy: flags.string({char: 'p', description: 'paths to device and vendor sepolicy dirs', required: true, multiple: true}), sepolicy: flags.string({char: 'p', description: 'paths to device and vendor sepolicy dirs', required: true, multiple: true}),
device: flags.string({char: 'd', description: 'device codename', required: true}),
buildId: flags.string({char: 'b', description: 'build ID of the stock images (optional, only used for locating factory images)'}),
stockSrc: flags.string({char: 's', description: 'path to (extracted) factory images, (mounted) images, (extracted) OTA package, OTA payload, or directory containing any such files (optionally under device and/or build ID directory)', required: true}),
useTemp: flags.boolean({char: 't', description: 'use a temporary directory for all extraction (prevents reusing extracted files across runs)', default: false}),
} }
static args = [
{name: 'source', description: 'path to mounted factory images', required: true},
]
async run() { async run() {
let {flags: {sepolicy: sepolicyDirs}, args: {source}} = this.parse(FixKeys) let {flags: {sepolicy: sepolicyDirs, device, buildId, stockSrc, useTemp}} = this.parse(FixKeys)
let srcSigners: Array<MacSigner> = [] await withTempDir(async (tmp) => {
let srcKeys: Array<KeyInfo> = [] // Prepare stock system source
for (let dir of sepolicyDirs) { let wrapBuildId = buildId == undefined ? null : buildId
srcSigners.push(...(await readMacPermissionsRecursive(dir))) let wrapped = await withSpinner('Extracting stock system source', (spinner) =>
srcKeys.push(...(await readKeysConfRecursive(dir))) wrapSystemSrc(stockSrc, device, wrapBuildId, useTemp, tmp, spinner))
} stockSrc = wrapped.src!
let compiledSigners = await readPartMacPermissions(source) let srcSigners: Array<MacSigner> = []
let keys = resolveKeys(srcKeys, srcSigners, compiledSigners) let srcKeys: Array<KeyInfo> = []
for (let dir of sepolicyDirs) {
for (let paths of keys.values()) { srcSigners.push(...(await readMacPermissionsRecursive(dir)))
for (let path of paths) { srcKeys.push(...(await readKeysConfRecursive(dir)))
this.log(path)
} }
}
await writeMappedKeys(keys) let compiledSigners = await readPartMacPermissions(stockSrc)
let keys = resolveKeys(srcKeys, srcSigners, compiledSigners)
for (let paths of keys.values()) {
for (let path of paths) {
this.log(path)
}
}
await writeMappedKeys(keys)
})
} }
} }