cryptohome: Test for symlinks before copying attestation file.
BUG=chromium:649039
TEST=Rebooted device with normal file vs. symlink.
Change-Id: I3a86d5bec4495f8a0dd9e038ab3278bd394517d8
Reviewed-on: https://chromium-review.googlesource.com/388186
Commit-Ready: Ricky Zhou <rickyz@chromium.org>
Tested-by: Ricky Zhou <rickyz@chromium.org>
Reviewed-by: Mike Frysinger <vapier@chromium.org>
diff --git a/cryptohome/init/cryptohomed.conf b/cryptohome/init/cryptohomed.conf
index c65c2d8..90b14b5 100644
--- a/cryptohome/init/cryptohomed.conf
+++ b/cryptohome/init/cryptohomed.conf
@@ -15,14 +15,26 @@
# Where we store the attestation-based enterprise enrollment data. The
# daemon will check for this environment variable and read the file at
# startup before forking.
-env ABE_DATA_FILE=/var/run/cryptohomed.abe_data
+env ABE_DATA_FILE=/run/cryptohomed.abe_data
+
+env OLD_ATTESTATION_PATH="/mnt/stateful_partition/home/.shadow/attestation.epb"
+env NEW_ATTESTATION_PATH="/mnt/stateful_partition/unencrypted/preserve/attestation.epb"
# If attestation.epb still exists in its old location, move it to the new
# location where cryptohome will look for it.
pre-start script
- if [ -e /mnt/stateful_partition/home/.shadow/attestation.epb ]; then
- mv /mnt/stateful_partition/home/.shadow/attestation.epb \
- /mnt/stateful_partition/unencrypted/preserve/attestation.epb
+ # Paths under the stateful partition cannot be trusted. Only operate
+ # on them after verifying that they don't contain symlinks pointing
+ # elsewhere.
+ has_symlink() {
+ local path="$1"
+ [ "$(realpath "${path}")" != "${path}" ]
+ }
+
+ if [ -f "${OLD_ATTESTATION_PATH}" ] &&
+ ! has_symlink "${OLD_ATTESTATION_PATH}" &&
+ ! has_symlink "${NEW_ATTESTATION_PATH}"; then
+ mv "${OLD_ATTESTATION_PATH}" "${NEW_ATTESTATION_PATH}"
fi
(vpd -g stable_device_secret_DO_NOT_SHARE || printf '') >$ABE_DATA_FILE
end script
