Add command for setting the key binding seed

The seed value is passed to vold early in startup so that the
key-encryption keys are bound to the seed. This is useful for systems
like auto, in which the Android device may not require credentials to
use. In that case, the device should be bound to the rest of the system
(the car, in the case of auto) to guard against theft.

cherry-pick: aosp/1757970

Test: manual
Bug: 157501579
Change-Id: I2e16387b0752a30ef226b5ddf32ebf955aa9610a
Merged-In: I2e16387b0752a30ef226b5ddf32ebf955aa9610a
diff --git a/Android.bp b/Android.bp
index 84809a3..d2c6ffc 100644
--- a/Android.bp
+++ b/Android.bp
@@ -222,11 +222,16 @@
     name: "vdc",
     defaults: ["vold_default_flags"],
 
-    srcs: ["vdc.cpp"],
+    srcs: [
+        "vdc.cpp",
+        "Utils.cpp",
+    ],
     shared_libs: [
         "libbase",
         "libbinder",
         "libcutils",
+        "liblogwrap",
+        "libselinux",
         "libutils",
     ],
     static_libs: [
diff --git a/vdc.cpp b/vdc.cpp
index 47d98de..313ef55 100644
--- a/vdc.cpp
+++ b/vdc.cpp
@@ -28,6 +28,7 @@
 #include <sys/types.h>
 #include <sys/un.h>
 
+#include "Utils.h"
 #include "android/os/IVold.h"
 
 #include <android-base/logging.h>
@@ -37,6 +38,7 @@
 #include <android-base/strings.h>
 #include <binder/IServiceManager.h>
 #include <binder/Status.h>
+#include <utils/Errors.h>
 
 #include <private/android_filesystem_config.h>
 
@@ -64,6 +66,26 @@
     exit(ENOTTY);
 }
 
+static void bindkeys(std::vector<std::string>& args, const android::sp<android::os::IVold>& vold) {
+    std::string raw_bytes;
+    const char* seed_value;
+
+    seed_value = getenv("SEED_VALUE");
+    if (seed_value == NULL) {
+        LOG(ERROR) << "Empty seed";
+        exit(EINVAL);
+    }
+
+    android::status_t status = android::vold::HexToStr(seed_value, raw_bytes);
+    if (status != android::OK) {
+        LOG(ERROR) << "Extraction of seed failed: " << status;
+        exit(status);
+    }
+
+    std::vector<uint8_t> seed{raw_bytes.begin(), raw_bytes.end()};
+    checkStatus(args, vold->setStorageBindingSeed(seed));
+}
+
 int main(int argc, char** argv) {
     setenv("ANDROID_LOG_TAGS", "*:v", 1);
     if (getppid() == 1) {
@@ -106,6 +128,8 @@
         checkStatus(args, vold->shutdown());
     } else if (args[0] == "volume" && args[1] == "reset") {
         checkStatus(args, vold->reset());
+    } else if (args[0] == "cryptfs" && args[1] == "bindkeys") {
+        bindkeys(args, vold);
     } else if (args[0] == "cryptfs" && args[1] == "mountFstab" && args.size() == 4) {
         checkStatus(args, vold->mountFstab(args[2], args[3]));
     } else if (args[0] == "cryptfs" && args[1] == "encryptFstab" && args.size() == 6) {