cryptohome: Test for symlinks before copying attestation file.
BUG=chromium:649039
TEST=Rebooted device with normal file vs. symlink.
Change-Id: I3a86d5bec4495f8a0dd9e038ab3278bd394517d8
Reviewed-on: https://chromium-review.googlesource.com/388186
Commit-Ready: Ricky Zhou <rickyz@chromium.org>
Tested-by: Ricky Zhou <rickyz@chromium.org>
Reviewed-by: Mike Frysinger <vapier@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/389651
Reviewed-by: Ricky Zhou <rickyz@chromium.org>
Commit-Queue: Ricky Zhou <rickyz@chromium.org>
diff --git a/cryptohome/init/cryptohomed.conf b/cryptohome/init/cryptohomed.conf
index e91d7ad..01dfaa0 100644
--- a/cryptohome/init/cryptohomed.conf
+++ b/cryptohome/init/cryptohomed.conf
@@ -12,12 +12,24 @@
stop on stopping boot-services
respawn
+env OLD_ATTESTATION_PATH="/mnt/stateful_partition/home/.shadow/attestation.epb"
+env NEW_ATTESTATION_PATH="/mnt/stateful_partition/unencrypted/preserve/attestation.epb"
+
# If attestation.epb still exists in its old location, move it to the new
# location where cryptohome will look for it.
pre-start script
- if [ -e /mnt/stateful_partition/home/.shadow/attestation.epb ]; then
- mv /mnt/stateful_partition/home/.shadow/attestation.epb \
- /mnt/stateful_partition/unencrypted/preserve/attestation.epb
+ # Paths under the stateful partition cannot be trusted. Only operate
+ # on them after verifying that they don't contain symlinks pointing
+ # elsewhere.
+ has_symlink() {
+ local path="$1"
+ [ "$(realpath "${path}")" != "${path}" ]
+ }
+
+ if [ -f "${OLD_ATTESTATION_PATH}" ] &&
+ ! has_symlink "${OLD_ATTESTATION_PATH}" &&
+ ! has_symlink "${NEW_ATTESTATION_PATH}"; then
+ mv "${OLD_ATTESTATION_PATH}" "${NEW_ATTESTATION_PATH}"
fi
end script