From patchwork Mon Nov 16 09:14:44 2020 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Stefano Babic X-Patchwork-Id: 1400720 Return-Path: X-Original-To: incoming@patchwork.ozlabs.org Delivered-To: patchwork-incoming@bilbo.ozlabs.org Authentication-Results: ozlabs.org; spf=pass (sender SPF authorized) smtp.mailfrom=googlegroups.com (client-ip=2a00:1450:4864:20::237; helo=mail-lj1-x237.google.com; envelope-from=swupdate+bncbcxploxj6ikrbjegzh6qkgqetubimgy@googlegroups.com; receiver=) Authentication-Results: ozlabs.org; dmarc=none (p=none dis=none) header.from=denx.de Authentication-Results: ozlabs.org; dkim=pass (2048-bit key; unprotected) header.d=googlegroups.com header.i=@googlegroups.com header.a=rsa-sha256 header.s=20161025 header.b=eujrXYuN; dkim-atps=neutral Received: from mail-lj1-x237.google.com (mail-lj1-x237.google.com [IPv6:2a00:1450:4864:20::237]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (No client certificate requested) by ozlabs.org (Postfix) with ESMTPS id 4CZNhS5c5zz9sPB for ; Mon, 16 Nov 2020 20:15:19 +1100 (AEDT) Received: by mail-lj1-x237.google.com with SMTP id e25sf8248648ljg.18 for ; Mon, 16 Nov 2020 01:15:19 -0800 (PST) ARC-Seal: i=2; a=rsa-sha256; t=1605518116; cv=pass; d=google.com; s=arc-20160816; b=k6cghlce6RBF7cTjGeWZtaCvNj0pGjfQoQojJqUrUk7aEzSfudUdnJzLhnd9RNyTD9 xdxh9/PTbVO+Ey+dIQ4hVHSNXXCGl81xJNbdMoYj3047GskFk++s1K9BdbeJQQ5eNe6/ ysuyJsVLuw4sNI5xGwGVbLUYwjkWO2oGT9FC/CSk4sqFBjSWnhRpH883LuuvxXQQ1fvI Xz0CxJpmVYuGxJBOsn423iQo8f2DMP2cAoz0fdtPa3+g4B1QXbPYcc3qcdxEGLje91gq +HYKOV9ET5LTLyNrBwj7ZeknwulRJYbucx5t5tYkuL1AOxlnSgCkYX8YxT0Yn8Vy7V2g +rpA== ARC-Message-Signature: i=2; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-unsubscribe:list-subscribe:list-archive:list-help:list-post :list-id:mailing-list:precedence:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:sender:dkim-signature; bh=5sOLYJASAVinaT2DoeJMca039vjkJmFyYWnveBdSHlM=; b=NTEbP8TG27/CIpAbs4kPT0wqvB+09+nvFkEmOv5iRmHygeVqPoT9Vy/uI4bQkXwp4O s5eIRbQmN6r98IgZvxFt/ICQIF7Jy7jo9i4hOYnPXapsatDmml3qLNMlnO9DXJ5smR0D JmVVyYlrVWW12ZYytuDBt6OXjGVJmUOqG3FEzozIZEMXtaawhL6l7OsO4T5UEefnLd37 7kH11ck1Ss1+sm62iv9SAZQtRuU/Ce+Et6bOL6dOFrV6x5qihif9AS1vzGyQnAPIOcQM +ZwSchpJC7A7Xk94D+rcgRacv/0/SbLUZJnWJPboqcJvqQ13HbwIOwapSX2Pr1CVO8mT QJaw== ARC-Authentication-Results: i=2; gmr-mx.google.com; spf=neutral (google.com: 212.18.0.9 is neither permitted nor denied by best guess record for domain of sbabic@denx.de) smtp.mailfrom=sbabic@denx.de DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=googlegroups.com; s=20161025; h=sender:from:to:cc:subject:date:message-id:in-reply-to:references :mime-version:x-original-sender:x-original-authentication-results :precedence:mailing-list:list-id:list-post:list-help:list-archive :list-subscribe:list-unsubscribe; bh=5sOLYJASAVinaT2DoeJMca039vjkJmFyYWnveBdSHlM=; b=eujrXYuNYBcn9beWvp4jDe39ltPeR46SOT9UPOLGVG97rLSCKOakqK5f+Jw5n7Lj4y lurR+/+b2EBUEA+oJmtPG7Ya+qYBLG21OsUH3VdvfXm8VKhLaVuriP/w0p7QOXambRl/ LY9UB0sgJ34QzSEVTAsYx4ylUWFHf1WbXHyISgOg6rlup9bxy2HeY58rAI6F6IZBCXr9 AfWH4+PiiVrdvH9hem5oVX542hVS243s9mnHIVMVaTnAuVXu3FYL4UMx+fyIioUFHTiX +CawxlIJtLCRd2MiID+moeqBoEXlCcWkwL9UO8vhN+NI/mjYbnqk0TEePQmLbr6PsB3p gYcg== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=sender:x-gm-message-state:from:to:cc:subject:date:message-id :in-reply-to:references:mime-version:x-original-sender :x-original-authentication-results:precedence:mailing-list:list-id :x-spam-checked-in-group:list-post:list-help:list-archive :list-subscribe:list-unsubscribe; bh=5sOLYJASAVinaT2DoeJMca039vjkJmFyYWnveBdSHlM=; b=bhJlqhXG/RtcE9ztxyBn2h3GQszT7NuAu0gGBCEufPg9gYUZNIBiJC73WE+F90YNq0 EzhXzuIJvUPwJwAruOG1ck+G3A6gIAYC8YWSnj/vZvjVhhKLRGykfy7GBXracKGEvkzX LYh5Y0MhYabaRcp7hlr6YoR2Q9yen6DQgd49rgKyCc42YDK8zgxgKFeUKrITdvVEGdgu NyQDQpgFMuQqnlBnVd+u2CX5bdNToSWSv0cuE08azTY+nT94FzRoMLrsOS1FvUtZ6jaB l1N0pvKGm3BQ8peGzigLmzn7F55ivUTvlbNbsjkzCah5Ny/F/u7vS3wBSFBMJfBUNsEj diCA== Sender: swupdate@googlegroups.com X-Gm-Message-State: AOAM532XsM/l0EWJJGYaOLN4DoMgDh1FIaz18yT+2AID/YYjqjUXl9k7 S/Pk/VOmcyu8Td1sTzagcI4= X-Google-Smtp-Source: ABdhPJyyX6rQpT6eXo4lXtPY/qxCcOS3ZbxqsJQTxW+6tWA/PIqKEuq1M/UMU3PwYi4tyX8pXIG9Rw== X-Received: by 2002:a05:6512:2103:: with SMTP id q3mr5411368lfr.11.1605518116532; Mon, 16 Nov 2020 01:15:16 -0800 (PST) X-BeenThere: swupdate@googlegroups.com Received: by 2002:a19:d0e:: with SMTP id 14ls8044850lfn.0.gmail; Mon, 16 Nov 2020 01:15:15 -0800 (PST) X-Received: by 2002:a19:8982:: with SMTP id l124mr5534410lfd.368.1605518115298; Mon, 16 Nov 2020 01:15:15 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1605518115; cv=none; d=google.com; s=arc-20160816; b=ZSDnWGQ8EmDViiCMr2uIB9oW8vezBU3tn4vJ2yyapIblc2MBMFtM8Tkyg+1roNiGxi 2nMwcWwvffCXU88bcJrNNab3nGG+PquVM8yZlCYW+54YoWB6Bs5XPkamppLoYTbF0Lp8 LKNXYl6LDEx4r3K88dCSLJUAFu9iLxAlQZZPSK4Jrxjq1PbPR6NPH7l6B4je10jWKOzo wE1hKjdVye+lSeOtmFQKM2gHpPVk/7McFEz6qH5rxnX6IZn4rUxWeFBgIzVtbSlpt4mK 2vmpI91jjb4kO5F2lDhv54t2pAHRhB812h2Qz4zzVgTv6mWO8j82M1u5c2M1tgRT44Sx Yymw== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from; bh=PThQxkQcs/fMNJtSLh1sWgiM1TPU3SVAFhuOfgm93FQ=; b=UZmnUg2+Nrvc6QN3NC21wxt4aoZd2zx27+zC+YilWL1Sf+lzmhytu1SESvw90o3ixy gKvrAn9l1lJHCWidrjyWf8lhipgZDcteJagFXZC8iMoEiSxf4uJqiIfhipED7b87OW7O l9kHeqhyS0QjYbsyNGNXP43LIVAm50nzmSgO0H9fpXh+dAErSORWvrALopIR7MNyk8oC mX0HxzAvK1HlWKzRMICnPByDiS7+udVYeRwb6oK8pfMy/ROyEq1Z4rIdJ/Njlf9kB64Q dE9v/eL6QNwHSn810cEHHoy7Poj00hPdji4VApBPOc4AHaTnLjBp0jTJA2oFPE90adfm gxKQ== ARC-Authentication-Results: i=1; gmr-mx.google.com; spf=neutral (google.com: 212.18.0.9 is neither permitted nor denied by best guess record for domain of sbabic@denx.de) smtp.mailfrom=sbabic@denx.de Received: from mail-out.m-online.net (mail-out.m-online.net. [212.18.0.9]) by gmr-mx.google.com with ESMTPS id i12si410648lfl.0.2020.11.16.01.15.15 for (version=TLS1_2 cipher=ECDHE-ECDSA-AES128-GCM-SHA256 bits=128/128); Mon, 16 Nov 2020 01:15:15 -0800 (PST) Received-SPF: neutral (google.com: 212.18.0.9 is neither permitted nor denied by best guess record for domain of sbabic@denx.de) client-ip=212.18.0.9; Received: from frontend01.mail.m-online.net (unknown [192.168.8.182]) by mail-out.m-online.net (Postfix) with ESMTP id 4CZNhL5pdJz1qsZm; Mon, 16 Nov 2020 10:15:14 +0100 (CET) Received: from localhost (dynscan1.mnet-online.de [192.168.6.70]) by mail.m-online.net (Postfix) with ESMTP id 4CZNhL5gjpz1qs0c; Mon, 16 Nov 2020 10:15:14 +0100 (CET) X-Virus-Scanned: amavisd-new at mnet-online.de Received: from mail.mnet-online.de ([192.168.8.182]) by localhost (dynscan1.mail.m-online.net [192.168.6.70]) (amavisd-new, port 10024) with ESMTP id xoxAivhZRcKE; Mon, 16 Nov 2020 10:15:13 +0100 (CET) Received: from babic.homelinux.org (host-88-217-136-221.customer.m-online.net [88.217.136.221]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mail.mnet-online.de (Postfix) with ESMTPS; Mon, 16 Nov 2020 10:15:13 +0100 (CET) Received: from localhost (mail.babic.homelinux.org [127.0.0.1]) by babic.homelinux.org (Postfix) with ESMTP id 034F8454064F; Mon, 16 Nov 2020 10:15:12 +0100 (CET) X-Virus-Scanned: Debian amavisd-new at babic.homelinux.org Received: from babic.homelinux.org ([127.0.0.1]) by localhost (mail.babic.homelinux.org [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 9BWyzOD9XgoR; Mon, 16 Nov 2020 10:15:07 +0100 (CET) Received: from paperino.fritz.box (paperino.fritz.box [192.168.178.64]) by babic.homelinux.org (Postfix) with ESMTP id 4001B4540B1F; Mon, 16 Nov 2020 10:14:52 +0100 (CET) From: Stefano Babic To: swupdate@googlegroups.com Cc: Stefano Babic Subject: [swupdate] [PATCH V3 09/10] Accept selections from IPC if configured at startup Date: Mon, 16 Nov 2020 10:14:44 +0100 Message-Id: <20201116091445.797119-10-sbabic@denx.de> X-Mailer: git-send-email 2.25.1 In-Reply-To: <20201116091445.797119-1-sbabic@denx.de> References: <20201116091445.797119-1-sbabic@denx.de> MIME-Version: 1.0 X-Original-Sender: sbabic@denx.de X-Original-Authentication-Results: gmr-mx.google.com; spf=neutral (google.com: 212.18.0.9 is neither permitted nor denied by best guess record for domain of sbabic@denx.de) smtp.mailfrom=sbabic@denx.de Precedence: list Mailing-list: list swupdate@googlegroups.com; contact swupdate+owners@googlegroups.com List-ID: X-Spam-Checked-In-Group: swupdate@googlegroups.com X-Google-Group-Id: 605343134186 List-Post: , List-Help: , List-Archive: , List-Unsubscribe: , If selection can be set via IPC, it could be possible to activate a selection that can damage the board. For example, the IPC selects to install into the running rootfs instead of the stand-by copy. Do not accept any incoming selection, but verify it with a list that is configured at the startup via command line parameter. The list is set using --accepted-select, that can be issued multiple times. The behavior is compatible with the past because if no --accepted-select is issued, the feature is completely disabled and no selection can be set via IPC. Signed-off-by: Stefano Babic --- core/network_thread.c | 62 ++++++++++++++++++++++++++++++++++------- core/swupdate.c | 11 +++++++- doc/source/swupdate.rst | 7 +++++ include/swupdate.h | 1 + 4 files changed, 70 insertions(+), 11 deletions(-) diff --git a/core/network_thread.c b/core/network_thread.c index 6757cc4..0e6080d 100644 --- a/core/network_thread.c +++ b/core/network_thread.c @@ -56,6 +56,43 @@ static unsigned long nrmsgs = 0; static pthread_mutex_t msglock = PTHREAD_MUTEX_INITIALIZER; +static bool is_selection_allowed(const char *software_set, char *running_mode, + struct dict const *acceptedlist) +{ + char *swset = NULL; + struct dict_list *sets; + struct dict_list_elem *selection; + bool allowed = false; + + /* + * No attempt to change software set + */ + if (!strlen(software_set) || !strlen(running_mode)) + return true; + + if (ENOMEM_ASPRINTF == + asprintf(&swset, "%s,%s", software_set, running_mode)) { + ERROR("OOM generating selection string"); + return false; + } + sets = dict_get_list((struct dict *)acceptedlist, "accepted"); + if (sets && swset) { + LIST_FOREACH(selection, sets, next) { + if (!strcmp(swset, selection->value)) { + allowed = true; + } + } + free(swset); + } + + if (allowed) { + INFO("Accepted selection %s,%s", software_set, running_mode); + }else + ERROR("Selection %s,%s is not allowed, rejected !", + software_set, running_mode); + return allowed; +} + static void clean_msg(char *msg, char drop) { char *lfpos; @@ -349,17 +386,22 @@ void *network_thread (void *data) if (instp->status == IDLE) { instp->fd = ctrlconnfd; instp->req = msg.data.instmsg.req; + if (is_selection_allowed(instp->req.software_set, + instp->req.running_mode, + &instp->software->accepted_set)) { + /* + * Prepare answer + */ + msg.type = ACK; + + /* Drop all old notification from last run */ + cleanum_msg_list(); + + /* Wake-up the installer */ + pthread_cond_signal(&stream_wkup); + } else + msg.type = NACK; - /* - * Prepare answer - */ - msg.type = ACK; - - /* Drop all old notification from last run */ - cleanum_msg_list(); - - /* Wake-up the installer */ - pthread_cond_signal(&stream_wkup); } else { msg.type = NACK; sprintf(msg.data.msg, "Installation in progress"); diff --git a/core/swupdate.c b/core/swupdate.c index b746d8c..ba3656a 100644 --- a/core/swupdate.c +++ b/core/swupdate.c @@ -76,6 +76,7 @@ static struct option long_options[] = { {"loglevel", required_argument, NULL, 'l'}, {"syslog", no_argument, NULL, 'L' }, {"select", required_argument, NULL, 'e'}, + {"accepted-select", required_argument, NULL, 'q'}, {"output", required_argument, NULL, 'o'}, {"dry-run", no_argument, NULL, 'n'}, {"no-downgrading", required_argument, NULL, 'N'}, @@ -128,6 +129,11 @@ static void usage(char *programname) " -P, --preupdate : execute pre-update command\n" " -e, --select , : Select software images set and source\n" " Ex.: stable,main\n" + " --accepted-select\n" + " , : List for software images set and source\n" + " that are accepted via IPC\n" + " Ex.: stable,main\n" + " it can be set multiple times\n" " -i, --image : Software to be installed\n" " -l, --loglevel : logging level\n" " -L, --syslog : enable syslog logger\n" @@ -661,7 +667,7 @@ int main(int argc, char **argv) #endif memset(main_options, 0, sizeof(main_options)); memset(image_url, 0, sizeof(image_url)); - strcpy(main_options, "vhni:e:l:Lcf:p:P:o:N:R:M"); + strcpy(main_options, "vhni:e:q:l:Lcf:p:P:o:N:R:M"); #ifdef CONFIG_MTD strcat(main_options, "b:"); #endif @@ -858,6 +864,9 @@ int main(int argc, char **argv) if (opt_to_hwrev(optarg, &swcfg.hw) < 0) exit(EXIT_FAILURE); break; + case 'q': + dict_insert_value(&swcfg.accepted_set, "accepted", optarg); + break; #ifdef CONFIG_SURICATTA case 'u': if (asprintf(&suricattaoptions,"%s %s", argv[0], optarg) == diff --git a/doc/source/swupdate.rst b/doc/source/swupdate.rst index 306f2ac..fadc62b 100644 --- a/doc/source/swupdate.rst +++ b/doc/source/swupdate.rst @@ -442,6 +442,13 @@ Command line parameters | | | -e "stable, copy1" ==> install on copy1 | | | | -e "stable, copy2" ==> install on copy2 | +-------------+----------+--------------------------------------------+ +| --excluded | string | ``sel`` is in the format ,.| +| | | It sets a blacklist of selections that | +| | | cannot be used for an update. | +| | | Selections can be activated not only with | +| | | -e, but also via IPC. | +| | | Multiple --excluded are allowed | ++-------------+----------+--------------------------------------------+ | -h | - | Run usage with help. | +-------------+----------+--------------------------------------------+ | -k | string | Available if CONFIG_SIGNED is set. | diff --git a/include/swupdate.h b/include/swupdate.h index 4ae0b43..2b554b6 100644 --- a/include/swupdate.h +++ b/include/swupdate.h @@ -158,6 +158,7 @@ struct swupdate_cfg { struct imglist scripts; struct imglist bootscripts; struct dict bootloader; + struct dict accepted_set; struct proclist extprocs; void *dgst; /* Structure for signed images */ struct swupdate_global_cfg globals;