From 79661036b427a890b1d3d435ffab7c811ec9e5f4 Mon Sep 17 00:00:00 2001
From: Daniel Rosenberg <drosen@google.com>
Date: Fri, 12 Jun 2020 04:11:38 -0700
Subject: [PATCH] AOSP: ANDROID: e2fsck: Do not mutate encrypted names

We can't mutate a name without the key, as this will at best cause the
name to become gibberish, and at worst may introduce invalid characters
or even fail to be unique after decoding, so drop duplicates instead.
Files lost in this way will be reconnected to lost+found

Fixes: dbff534ec685 ("e2fsck: suppress bad name checks for encrypted directories")
Signed-off-by: Daniel Rosenberg <drosen@google.com>
Google-Bug-Id: 138322712
Test: f_dup_de_crypt
Change-Id: I8d6cc3984872868a845fafabc554abdd86351fcc
From AOSP commit: 80b85f8a0b2ba7090a927f692ff9d2097ffd8d1f
---
 e2fsck/problem.c              |   5 +++++
 e2fsck/problem.h              |  12 ++++++++++++
 e2fsck/rehash.c               |   9 +++++++++
 tests/f_dup_de_crypt/expect.1 |  18 ++++++++++++++++++
 tests/f_dup_de_crypt/expect.2 |   7 +++++++
 tests/f_dup_de_crypt/image.gz | Bin 0 -> 3039 bytes
 tests/f_dup_de_crypt/name     |   1 +
 7 files changed, 52 insertions(+)
 create mode 100644 tests/f_dup_de_crypt/expect.1
 create mode 100644 tests/f_dup_de_crypt/expect.2
 create mode 100644 tests/f_dup_de_crypt/image.gz
 create mode 100644 tests/f_dup_de_crypt/name

diff --git a/e2fsck/problem.c b/e2fsck/problem.c
index 78d66891a..f8882a592 100644
--- a/e2fsck/problem.c
+++ b/e2fsck/problem.c
@@ -1779,6 +1779,11 @@ static struct e2fsck_problem problem_table[] = {
 	  N_("Encrypted @E is too short.\n"),
 	  PROMPT_CLEAR, 0, 0, 0, 0 },
 
+	 /* Non-unique filename found, but can't rename */
+	 { PR_2_NON_UNIQUE_FILE_NO_RENAME,
+	   N_("Duplicate filename @E found.  "),
+	   PROMPT_CLEAR, 0, 0, 0, 0 },
+
 	/* Pass 3 errors */
 
 	/* Pass 3: Checking directory connectivity */
diff --git a/e2fsck/problem.h b/e2fsck/problem.h
index 7a7294dc7..7e144cac8 100644
--- a/e2fsck/problem.h
+++ b/e2fsck/problem.h
@@ -1017,6 +1017,18 @@ struct problem_context {
 /* Encrypted directory entry is too short */
 #define PR_2_BAD_ENCRYPTED_NAME		0x020050
 
+/* Encrypted directory contains unencrypted file */
+#define PR_2_UNENCRYPTED_FILE		0x020051
+
+/* Encrypted directory contains file with different encryption policy */
+#define PR_2_INCONSISTENT_ENCRYPTION_POLICY	0x020052
+
+/* Encoded directory entry has illegal characters in its name */
+#define PR_2_BAD_ENCODED_NAME		0x020053
+
+/* Non-unique filename found, but can't rename */
+#define PR_2_NON_UNIQUE_FILE_NO_RENAME	0x020054
+
 /*
  * Pass 3 errors
  */
diff --git a/e2fsck/rehash.c b/e2fsck/rehash.c
index 30e510a6c..0d218e83f 100644
--- a/e2fsck/rehash.c
+++ b/e2fsck/rehash.c
@@ -416,6 +416,15 @@ static int duplicate_search_and_fix(e2fsck_t ctx, ext2_filsys fs,
 			fixed++;
 			continue;
 		}
+		/* Can't alter encrypted name without key, so just drop it */
+		if (fd->inode->i_flags & EXT4_ENCRYPT_FL) {
+			if (fix_problem(ctx, PR_2_NON_UNIQUE_FILE_NO_RENAME, &pctx)) {
+				e2fsck_adjust_inode_count(ctx, ent->dir->inode, -1);
+				ent->dir->inode = 0;
+				fixed++;
+				continue;
+			}
+		}
 		new_len = ext2fs_dirent_name_len(ent->dir);
 		if (new_len == 0) {
 			 /* should never happen */
diff --git a/tests/f_dup_de_crypt/expect.1 b/tests/f_dup_de_crypt/expect.1
new file mode 100644
index 000000000..03e0ad6c2
--- /dev/null
+++ b/tests/f_dup_de_crypt/expect.1
@@ -0,0 +1,18 @@
+Pass 1: Checking inodes, blocks, and sizes
+Pass 2: Checking directory structure
+Duplicate entry '+M-^AT^EM-1M-^CM-/)*M-L^RM-^L^@M-WM-)M-+' found.
+	Marking /test (12) to be rebuilt.
+
+Pass 3: Checking directory connectivity
+Pass 3A: Optimizing directories
+Duplicate filename entry '+M-^AT^EM-1M-^CM-/)*M-L^RM-^L^@M-WM-)M-+' in /test (12) found.  Clear? yes
+
+Pass 4: Checking reference counts
+Unattached inode 13
+Connect to /lost+found? yes
+
+Pass 5: Checking group summary information
+
+test_filesys: ***** FILE SYSTEM WAS MODIFIED *****
+test_filesys: 14/16 files (0.0% non-contiguous), 26/60 blocks
+Exit status is 1
diff --git a/tests/f_dup_de_crypt/expect.2 b/tests/f_dup_de_crypt/expect.2
new file mode 100644
index 000000000..cfca772d9
--- /dev/null
+++ b/tests/f_dup_de_crypt/expect.2
@@ -0,0 +1,7 @@
+Pass 1: Checking inodes, blocks, and sizes
+Pass 2: Checking directory structure
+Pass 3: Checking directory connectivity
+Pass 4: Checking reference counts
+Pass 5: Checking group summary information
+test_filesys: 14/16 files (0.0% non-contiguous), 26/60 blocks
+Exit status is 0
diff --git a/tests/f_dup_de_crypt/image.gz b/tests/f_dup_de_crypt/image.gz
new file mode 100644
index 0000000000000000000000000000000000000000..07a44d7c9e9a91ab00b1146568c91c7162f9e3c2
GIT binary patch
literal 3039
zc-pPR_dgVl!vOFL85udNfkZ}jNJfRsj3b*9N*r?Lg`AaSkHgur_nv3F`zT6?F2Wt1
znL{p|J?`%NH$1P`^Zwy2l*G*JGPdaip!f8C>Fx#~&9kUlg$gn4<|*J<qBjD*p{M=Y
zMa!W$3(*W?``Fgh*5p=sVF$3Tn6|ia=G_(j$_!a!^XI%7VpbK;YNZJ`w$P7%A8YLV
zCcukkclIAS6UR@Bm1wk(lR~xqV*v&_K#P?>wrtPeF`17?c4RV`(~&J)(}-f}@OQns
zbBuF;f1P_IhN4YZjE}${PWeMSwoCOO%ak-`M!X`k?*M66p}dm~M-M!<lCi`H#JxvG
z7e~`!$FNZ~OT^8_B}4ML!6fouqlWVH=7kmoC56CkeZ!9$;r-h}^BS6nNG@`4XVQhd
zI{lJa*{pbewi`2?Qtr`=U3{wxc-QO};RN%)1h9kO#~cCxfW^`3bHLg0qS<NwvCt|$
zK1TlbNJ({PN>q|P^ojhq-VZEBM=AXKlS_c?4}TB-B32@MsimBB#iXw$tgNyP@x!N}
zvwmSF*^eDE1~L<ffT>S9tm|e6nzX&MuUdW7?@V&*mb49o;1torFY=JVli`l_pSO|K
zjUoYiVGs{W#Hb4^d6v34>x{-=X>vYJhljLEni)}p_K>nqOQHIA+4E1+zU<K^H;P-g
znMJRh|5d*dGb~3neG6>3TXqd+M!+R$2Y@dMc3x<eUofvlMg-gf?EaFC$fopBt8eiA
z6#}&A{)f2$*!7lBFa6&tdp5Z-X^XuB8rivM%SvdCp`PGAwflkc_xQgtl<_BU#cQ>(
z$wIG{RSw0TjPH4I+yLzI^90KGKODqPPS_S|i>NQL=)Om)+XJI?%Yf=a3Wugc#(YNX
z<WeEqe~nnE1EoDOHq86{#|De;F25Y4-13RI+!fiWxx1Tv=OB=i0uMusa)JrzQLFak
zkE+Hbb!@IK%k?k)=Rn`grE&<Qef97=?-Z%@0kN>5iP9mR3={XN90<ylc0Vy?x;m*4
zz=fdjgyfJCg89g91ka13S(k~k$v;9O8^!Q>Rre}YzjVrzC$i>Rupqm`Y#V^2Clpnn
z*U^3B)MBaeXP3Sr90<8v*w`2FcsuQeSe%%fC|yf#+0319H%6qJ^Gy05e>HBWt15PQ
z<#JQtT&A$C;4gS;U!x;47R(tm$>c3N?OvSRc60jK&$Z;cK2WEo?_dw-=GYSQ&`91d
zkQ(}ME!)bw37xmgg>|sJ_EV%OMs!GpzuMMg32FIkN<~oB#%=9j)Ir5}GqD5c@1RoR
z>sRJrJVboQXhDwO3K?7wt+m|gS9od}%5K|EHyX!Zi6=xOswPE03P3eV`X++ss8KLn
z`d4m!->_Rpj7AzK?+SS1YrbR@wWMG;AH^7l%ES%CS^tc;O_h(AA8swk_V-rqPBeu6
z_Tqb!GN%MCGRth&)EObZowm2M;aOfz>if)(><)G71m;^e#jv`&az{1<dfYzpFvpzZ
zcK+yOg<lnn2jeOV5}gL0_wW_g_WpY?KV+r$D<iP0(;|2w*if1=QxWp~LS-0~<#pYR
zmjj=BCtFP7%@>P3gw-}-%zJq{=O@@#;zK<fIwiih8<C}**Y<;e5}qJyQ#vXQ?LMO=
z2u*TsZ8b6uJ^^zN7-yvdN-Ity!UsXh4-6HA3nzwGtP7*{>@&m(U-Fcar34{Lm<8XQ
z8aqtWf=S<zT+u#N*XlL?<}y}elZ1EAa>;7e^R}uH`$yFpCL$132mSG?!D1D#J|A=C
zq+bK}<;;v!E=_-v@R{Y7eAfm3SBmqmUn@Arp#qG}wo+Mvh1k*vbd!fqxCM?E#XgZ0
zJ@L>6eJyF}^BHUbey`oyM%D_oI6M?>pmxHRRbsP$KRo>C@EPLIojeh>>qg~^lTkts
zQW6wFw6F<ezu|O((r}2kL5JnLhjN+fB89QR*`Xm}+<IYpfsL-g5pt_yo>;;5b^F;u
zVsd#i45IhV(|lSXPxN$kkX|0Bx(apT3B+WK#mtO7btbeO`AddDEurMvr5`*C?N`R@
zs{F=kLfS6yM@hY#v-9=M8h7~Hq>=tP`UVbcRuWYOGx{1Hpb=#S{9+^gUhk^okCcyI
zZa>ep3q$FGK&FQop&9gn$!p5x3kzdR?h+KXhpkL<uybZBQm&}KWr0e3AOtGKxfXf?
zMxpguE4%_@z}+4*c2w}ME#)=7e{7~9HkDk|@4W^L{@#zTgsCLT@{D>7cY|WCl6*FT
z_H%G3ZA~J%6V}*;RyxQUuyB7A^!1KQsOBb<bjX4+Z)+{lit2n;iz;VJSHISDdAcje
z^+Q~W_n-hTVYQKay~lsQJG7={Hn#4d)>>s=Za3>paic=+VYV#wk))o4Q>Piv=T9Tp
zxHOe!(#9;wJueCVs|zLECnCS8g~&fxHvyhYE!yrV(y@&ePfCe+yHS*~c)KL^++*ua
zpVnk%5L&-nHko0OA~G-V6k!{JT2%#vo_%r*wpdwO_n}W;I%5EqfxzFx!?J|0(OB0$
z?~s-IbsEJIu10zcOg4LO!nm3v)m>d)Z*6gy&8zY;BKQ%oDfyicSLm$!@{Xihf0viz
z#Ze$t|Kiu2ZFN>!_)h)(QR&Epw$vKdu<tg1q*D5zxLrH&&~_%MN56zqLHC|`-i75X
z4n5>zS@#=V{T@ynKM)G{MOqg;02)VJ_`&MOuDYelm7k^NI$XM3+C63{A#`egis>0`
zIhRA-o_hQGEu6SM)b#DEJghkD<<$Z4AzN9DOaAp8VVmo)oL4`PvpuC<t@Bd1Jmue6
zC^_N0H%C<@1NiqZ&aF74AL}P2p&hBsY^X*@Z39tPq;YRFN3T@gi?6P^SDLQZjVAiv
zzPdM_H&NA}`q;*<bf)1wCA}1$R;^HAZ(5uGO$S5cq{UbKTz1J=K7Rp8_|UU^LVm@v
zBGbDXB$n){BH>)cDQAAK|LnarQ=E<0N1p{!8n-$g|65&H=mxa}`y^2TJ%Oa9nsG!;
zYR?=%oS;A@+uRVd`XxUazK-2!<>_*ph*xci3)WLUF^v(0?ieEn4hMac3@$nvUwf|B
z#TF&`=3ZHA`_|<gbBq}l+FS$tO8_|vl77c0ZFS+YG2ETzhB!5R`pdz8hT(9?3jB1Y
zZgZ6auk-v8P#>`J0dk<7D`140+xvX03VEch53gJIZNB>w#rmirf4&8L_jkDwL5a(f
zS3+L|oT8I!BlLS7PMkO`G29ROiB%R_&r3#C2H7zFF(nqZwD`6swEmeJK?d7C32HK{
z<c7f~<DzxYC{mXolWS+gxB~O;R~MNx2Nk|GTO@fjaQzB=Rt$WI*r*)Hy$9b!?Hmb;
zCmrbW<EDZLIQDd#SI6Di_T_uN9NFI2rmssik$GV#&|VV{GDJ~RQrNCWqPM?jyetiS
z7$gpcGbC^brJKR4?&nEFMD&9oAP``2^UNyvfy0Aiu9SVsGX3VI&s^t53nvivR7csr
z>s*kme6N~HBg253Hoe)`U7cZ40%Svsvt)1f0Alenufv;1$0vj)nDT1K&<@Uc7&l;x
z@A)@S6TYc!?So{S`tKvyufQW`yJ&2FP9hqq)*oY4vmmBjJIs!kk@9&Nx7)-QI>F{k
zVm_HUmI3_#`>!hs9$P`FaOWbuIB}Eae#J^3E~#aVgk0z=Ms4VqF^Hte=&;Vmc(B-L
z@-Lkz$FTuU*b{rN5ek<!+==z3!a%`Y29ZI-!iIP)5iD~dVhdSZp@eyg9=SKCrRWe?
zcCdej(3$lJKP`%^pyt#o8E8@HcfBd;XE{IIyoezqHFKvPE8`|-dwts-t8>7oJlUPP
zvJK_W?C`7{3<K*uY2<XiF*)6wkx|s{w!s_TqCXYhzOPP5N51eCz&p%`LuYnYjM=4K
G0N{Vjegp3S

literal 0
Hc-jL100001

diff --git a/tests/f_dup_de_crypt/name b/tests/f_dup_de_crypt/name
new file mode 100644
index 000000000..aff30a8f1
--- /dev/null
+++ b/tests/f_dup_de_crypt/name
@@ -0,0 +1 @@
+duplicate directory entries for encrypted dirs
-- 
2.47.2