Gitiles
Code Review Sign In
review.shift-gmbh.com / SHIFTPHONES / android_system_vold / 52f7a9193479a48c3377fa597191d4dac71f4416 / . / VoldNativeService.cpp
blob: 6c256742553eceb1ab1390fce47a4b6d31751b7c [file] [log] [blame]
Jeff Sharkey068c6be2017-09-06 13:47:40 -0600[diff] [blame]1/*
2 * Copyright (C) 2017 The Android Open Source Project
3 *
4 * Licensed under the Apache License, Version 2.0 (the "License");
5 * you may not use this file except in compliance with the License.
6 * You may obtain a copy of the License at
7 *
8 * http://www.apache.org/licenses/LICENSE-2.0
9 *
10 * Unless required by applicable law or agreed to in writing, software
11 * distributed under the License is distributed on an "AS IS" BASIS,
12 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13 * See the License for the specific language governing permissions and
14 * limitations under the License.
15 */
16
17#include "VoldNativeService.h"
18#include "VolumeManager.h"
Jeff Sharkey52f7a912017-09-15 12:57:44 -0600[diff] [blame^]19#include "BenchmarkTask.h"
Jeff Sharkey9462bdd2017-09-07 15:27:28 -0600[diff] [blame]20#include "MoveTask.h"
Jeff Sharkey83b559c2017-09-12 16:30:52 -0600[diff] [blame]21#include "Process.h"
Jeff Sharkey11c2d382017-09-11 10:32:01 -0600[diff] [blame]22#include "TrimTask.h"
Jeff Sharkey068c6be2017-09-06 13:47:40 -0600[diff] [blame]23
Jeff Sharkey83b559c2017-09-12 16:30:52 -0600[diff] [blame]24#include "cryptfs.h"
25#include "Ext4Crypt.h"
26#include "MetadataCrypt.h"
27
Jeff Sharkey068c6be2017-09-06 13:47:40 -0600[diff] [blame]28#include <fstream>
29
30#include <android-base/logging.h>
31#include <android-base/stringprintf.h>
32#include <android-base/strings.h>
Jeff Sharkey11c2d382017-09-11 10:32:01 -0600[diff] [blame]33#include <fs_mgr.h>
Jeff Sharkey068c6be2017-09-06 13:47:40 -0600[diff] [blame]34#include <private/android_filesystem_config.h>
35
36#ifndef LOG_TAG
37#define LOG_TAG "vold"
38#endif
39
40using android::base::StringPrintf;
41using std::endl;
42
43namespace android {
44namespace vold {
45
46namespace {
47
48constexpr const char* kDump = "android.permission.DUMP";
49
50static binder::Status ok() {
51 return binder::Status::ok();
52}
53
54static binder::Status exception(uint32_t code, const std::string& msg) {
55 return binder::Status::fromExceptionCode(code, String8(msg.c_str()));
56}
57
Jeff Sharkey9462bdd2017-09-07 15:27:28 -0600[diff] [blame]58static binder::Status error(const std::string& msg) {
59 PLOG(ERROR) << msg;
60 return binder::Status::fromServiceSpecificError(errno, String8(msg.c_str()));
61}
62
Jeff Sharkey83b559c2017-09-12 16:30:52 -0600[diff] [blame]63static binder::Status translate(int status) {
Jeff Sharkey9462bdd2017-09-07 15:27:28 -0600[diff] [blame]64 if (status == 0) {
65 return binder::Status::ok();
66 } else {
Jeff Sharkey11c2d382017-09-11 10:32:01 -0600[diff] [blame]67 return binder::Status::fromServiceSpecificError(status);
Jeff Sharkey9462bdd2017-09-07 15:27:28 -0600[diff] [blame]68 }
69}
70
Jeff Sharkey83b559c2017-09-12 16:30:52 -0600[diff] [blame]71static binder::Status translateBool(bool status) {
72 if (status) {
73 return binder::Status::ok();
74 } else {
75 return binder::Status::fromServiceSpecificError(status);
76 }
77}
78
Jeff Sharkey068c6be2017-09-06 13:47:40 -0600[diff] [blame]79binder::Status checkPermission(const char* permission) {
80 pid_t pid;
81 uid_t uid;
82
83 if (checkCallingPermission(String16(permission), reinterpret_cast<int32_t*>(&pid),
84 reinterpret_cast<int32_t*>(&uid))) {
85 return ok();
86 } else {
87 return exception(binder::Status::EX_SECURITY,
88 StringPrintf("UID %d / PID %d lacks permission %s", uid, pid, permission));
89 }
90}
91
92binder::Status checkUid(uid_t expectedUid) {
93 uid_t uid = IPCThreadState::self()->getCallingUid();
94 if (uid == expectedUid || uid == AID_ROOT) {
95 return ok();
96 } else {
97 return exception(binder::Status::EX_SECURITY,
98 StringPrintf("UID %d is not expected UID %d", uid, expectedUid));
99 }
100}
101
Jeff Sharkeyec4fda22017-09-12 13:19:24 -0600[diff] [blame]102binder::Status checkArgumentId(const std::string& id) {
103 if (id.empty()) {
104 return exception(binder::Status::EX_ILLEGAL_ARGUMENT, "Missing ID");
105 }
106 for (const char& c : id) {
107 if (!std::isalnum(c) && c != ':' && c != ',') {
108 return exception(binder::Status::EX_ILLEGAL_ARGUMENT,
109 StringPrintf("ID %s is malformed", id.c_str()));
110 }
111 }
112 return ok();
113}
114
115binder::Status checkArgumentPath(const std::string& path) {
116 if (path.empty()) {
117 return exception(binder::Status::EX_ILLEGAL_ARGUMENT, "Missing path");
118 }
119 if (path[0] != '/') {
120 return exception(binder::Status::EX_ILLEGAL_ARGUMENT,
121 StringPrintf("Path %s is relative", path.c_str()));
122 }
123 for (const char& c : path) {
124 if (c == '\0' || c == '\n') {
125 return exception(binder::Status::EX_ILLEGAL_ARGUMENT,
126 StringPrintf("Path %s is malformed", path.c_str()));
127 }
128 }
129 return ok();
130}
131
132binder::Status checkArgumentHex(const std::string& hex) {
133 // Empty hex strings are allowed
134 for (const char& c : hex) {
135 if (!std::isxdigit(c) && c != ':' && c != '-') {
136 return exception(binder::Status::EX_ILLEGAL_ARGUMENT,
137 StringPrintf("Hex %s is malformed", hex.c_str()));
138 }
139 }
140 return ok();
141}
142
Jeff Sharkey068c6be2017-09-06 13:47:40 -0600[diff] [blame]143#define ENFORCE_UID(uid) { \
144 binder::Status status = checkUid((uid)); \
145 if (!status.isOk()) { \
146 return status; \
147 } \
148}
149
Jeff Sharkeyec4fda22017-09-12 13:19:24 -0600[diff] [blame]150#define CHECK_ARGUMENT_ID(id) { \
151 binder::Status status = checkArgumentId((id)); \
152 if (!status.isOk()) { \
153 return status; \
154 } \
155}
156
157#define CHECK_ARGUMENT_PATH(path) { \
158 binder::Status status = checkArgumentPath((path)); \
159 if (!status.isOk()) { \
160 return status; \
161 } \
162}
163
164#define CHECK_ARGUMENT_HEX(hex) { \
165 binder::Status status = checkArgumentHex((hex)); \
166 if (!status.isOk()) { \
167 return status; \
168 } \
169}
170
Jeff Sharkey83b559c2017-09-12 16:30:52 -0600[diff] [blame]171#define ACQUIRE_LOCK \
172 std::lock_guard<std::mutex> lock(VolumeManager::Instance()->getLock());
173
174#define ACQUIRE_CRYPT_LOCK \
175 std::lock_guard<std::mutex> lock(VolumeManager::Instance()->getCryptLock());
Jeff Sharkey9462bdd2017-09-07 15:27:28 -0600[diff] [blame]176
Jeff Sharkey068c6be2017-09-06 13:47:40 -0600[diff] [blame]177} // namespace
178
179status_t VoldNativeService::start() {
180 IPCThreadState::self()->disableBackgroundScheduling(true);
181 status_t ret = BinderService<VoldNativeService>::publish();
182 if (ret != android::OK) {
183 return ret;
184 }
185 sp<ProcessState> ps(ProcessState::self());
186 ps->startThreadPool();
187 ps->giveThreadPoolName();
188 return android::OK;
189}
190
191status_t VoldNativeService::dump(int fd, const Vector<String16> & /* args */) {
192 auto out = std::fstream(StringPrintf("/proc/self/fd/%d", fd));
193 const binder::Status dump_permission = checkPermission(kDump);
194 if (!dump_permission.isOk()) {
195 out << dump_permission.toString8() << endl;
196 return PERMISSION_DENIED;
197 }
198
Jeff Sharkey9462bdd2017-09-07 15:27:28 -0600[diff] [blame]199 ACQUIRE_LOCK;
Jeff Sharkey068c6be2017-09-06 13:47:40 -0600[diff] [blame]200 out << "vold is happy!" << endl;
201 out.flush();
Jeff Sharkey068c6be2017-09-06 13:47:40 -0600[diff] [blame]202 return NO_ERROR;
203}
204
Jeff Sharkey814e9d32017-09-13 11:49:44 -0600[diff] [blame]205binder::Status VoldNativeService::setListener(
206 const android::sp<android::os::IVoldListener>& listener) {
207 ENFORCE_UID(AID_SYSTEM);
208 ACQUIRE_LOCK;
209
210 VolumeManager::Instance()->setListener(listener);
211 return ok();
212}
213
Jeff Sharkey068c6be2017-09-06 13:47:40 -0600[diff] [blame]214binder::Status VoldNativeService::reset() {
215 ENFORCE_UID(AID_SYSTEM);
Jeff Sharkey9462bdd2017-09-07 15:27:28 -0600[diff] [blame]216 ACQUIRE_LOCK;
Jeff Sharkey068c6be2017-09-06 13:47:40 -0600[diff] [blame]217
Jeff Sharkey9462bdd2017-09-07 15:27:28 -0600[diff] [blame]218 return translate(VolumeManager::Instance()->reset());
219}
220
221binder::Status VoldNativeService::shutdown() {
222 ENFORCE_UID(AID_SYSTEM);
223 ACQUIRE_LOCK;
224
225 return translate(VolumeManager::Instance()->shutdown());
226}
227
Jeff Sharkey11c2d382017-09-11 10:32:01 -0600[diff] [blame]228binder::Status VoldNativeService::mountAll() {
Jeff Sharkey9462bdd2017-09-07 15:27:28 -0600[diff] [blame]229 ENFORCE_UID(AID_SYSTEM);
230 ACQUIRE_LOCK;
231
Jeff Sharkey11c2d382017-09-11 10:32:01 -0600[diff] [blame]232 struct fstab* fstab = fs_mgr_read_fstab_default();
233 int res = fs_mgr_mount_all(fstab, MOUNT_MODE_DEFAULT);
234 fs_mgr_free_fstab(fstab);
235 return translate(res);
Jeff Sharkey9462bdd2017-09-07 15:27:28 -0600[diff] [blame]236}
237
238binder::Status VoldNativeService::onUserAdded(int32_t userId, int32_t userSerial) {
239 ENFORCE_UID(AID_SYSTEM);
240 ACQUIRE_LOCK;
241
242 return translate(VolumeManager::Instance()->onUserAdded(userId, userSerial));
243}
244
245binder::Status VoldNativeService::onUserRemoved(int32_t userId) {
246 ENFORCE_UID(AID_SYSTEM);
247 ACQUIRE_LOCK;
248
249 return translate(VolumeManager::Instance()->onUserRemoved(userId));
250}
251
252binder::Status VoldNativeService::onUserStarted(int32_t userId) {
253 ENFORCE_UID(AID_SYSTEM);
254 ACQUIRE_LOCK;
255
256 return translate(VolumeManager::Instance()->onUserStarted(userId));
257}
258
259binder::Status VoldNativeService::onUserStopped(int32_t userId) {
260 ENFORCE_UID(AID_SYSTEM);
261 ACQUIRE_LOCK;
262
263 return translate(VolumeManager::Instance()->onUserStopped(userId));
264}
265
Jeff Sharkey11c2d382017-09-11 10:32:01 -0600[diff] [blame]266binder::Status VoldNativeService::partition(const std::string& diskId, int32_t partitionType,
267 int32_t ratio) {
Jeff Sharkey9462bdd2017-09-07 15:27:28 -0600[diff] [blame]268 ENFORCE_UID(AID_SYSTEM);
Jeff Sharkeyec4fda22017-09-12 13:19:24 -0600[diff] [blame]269 CHECK_ARGUMENT_ID(diskId);
Jeff Sharkey9462bdd2017-09-07 15:27:28 -0600[diff] [blame]270 ACQUIRE_LOCK;
271
272 auto disk = VolumeManager::Instance()->findDisk(diskId);
273 if (disk == nullptr) {
274 return error("Failed to find disk " + diskId);
275 }
276 switch (partitionType) {
277 case PARTITION_TYPE_PUBLIC: return translate(disk->partitionPublic());
278 case PARTITION_TYPE_PRIVATE: return translate(disk->partitionPrivate());
279 case PARTITION_TYPE_MIXED: return translate(disk->partitionMixed(ratio));
280 default: return error("Unknown type " + std::to_string(partitionType));
281 }
282}
283
284binder::Status VoldNativeService::forgetPartition(const std::string& partGuid) {
285 ENFORCE_UID(AID_SYSTEM);
Jeff Sharkeyec4fda22017-09-12 13:19:24 -0600[diff] [blame]286 CHECK_ARGUMENT_HEX(partGuid);
Jeff Sharkey9462bdd2017-09-07 15:27:28 -0600[diff] [blame]287 ACQUIRE_LOCK;
288
289 return translate(VolumeManager::Instance()->forgetPartition(partGuid));
290}
291
Jeff Sharkey11c2d382017-09-11 10:32:01 -0600[diff] [blame]292binder::Status VoldNativeService::mount(const std::string& volId, int32_t mountFlags,
293 int32_t mountUserId) {
Jeff Sharkey9462bdd2017-09-07 15:27:28 -0600[diff] [blame]294 ENFORCE_UID(AID_SYSTEM);
Jeff Sharkeyec4fda22017-09-12 13:19:24 -0600[diff] [blame]295 CHECK_ARGUMENT_ID(volId);
Jeff Sharkey9462bdd2017-09-07 15:27:28 -0600[diff] [blame]296 ACQUIRE_LOCK;
297
298 auto vol = VolumeManager::Instance()->findVolume(volId);
299 if (vol == nullptr) {
300 return error("Failed to find volume " + volId);
301 }
302
303 vol->setMountFlags(mountFlags);
304 vol->setMountUserId(mountUserId);
305
306 int res = vol->mount();
Jeff Sharkey83b559c2017-09-12 16:30:52 -0600[diff] [blame]307 if ((mountFlags & MOUNT_FLAG_PRIMARY) != 0) {
Jeff Sharkey9462bdd2017-09-07 15:27:28 -0600[diff] [blame]308 VolumeManager::Instance()->setPrimary(vol);
309 }
310 return translate(res);
311}
312
313binder::Status VoldNativeService::unmount(const std::string& volId) {
314 ENFORCE_UID(AID_SYSTEM);
Jeff Sharkeyec4fda22017-09-12 13:19:24 -0600[diff] [blame]315 CHECK_ARGUMENT_ID(volId);
Jeff Sharkey9462bdd2017-09-07 15:27:28 -0600[diff] [blame]316 ACQUIRE_LOCK;
317
318 auto vol = VolumeManager::Instance()->findVolume(volId);
319 if (vol == nullptr) {
320 return error("Failed to find volume " + volId);
321 }
322 return translate(vol->unmount());
323}
324
325binder::Status VoldNativeService::format(const std::string& volId, const std::string& fsType) {
326 ENFORCE_UID(AID_SYSTEM);
Jeff Sharkeyec4fda22017-09-12 13:19:24 -0600[diff] [blame]327 CHECK_ARGUMENT_ID(volId);
Jeff Sharkey9462bdd2017-09-07 15:27:28 -0600[diff] [blame]328 ACQUIRE_LOCK;
329
330 auto vol = VolumeManager::Instance()->findVolume(volId);
331 if (vol == nullptr) {
332 return error("Failed to find volume " + volId);
333 }
334 return translate(vol->format(fsType));
335}
336
Jeff Sharkey52f7a912017-09-15 12:57:44 -0600[diff] [blame^]337binder::Status VoldNativeService::benchmark(const std::string& volId,
338 const android::sp<android::os::IVoldTaskListener>& listener) {
Jeff Sharkey9462bdd2017-09-07 15:27:28 -0600[diff] [blame]339 ENFORCE_UID(AID_SYSTEM);
Jeff Sharkeyec4fda22017-09-12 13:19:24 -0600[diff] [blame]340 CHECK_ARGUMENT_ID(volId);
Jeff Sharkey9462bdd2017-09-07 15:27:28 -0600[diff] [blame]341 ACQUIRE_LOCK;
342
Jeff Sharkey52f7a912017-09-15 12:57:44 -0600[diff] [blame^]343 std::string path;
344 if (volId == "private" || volId == "null") {
345 path = "/data";
346 } else {
347 auto vol = VolumeManager::Instance()->findVolume(volId);
348 if (vol == nullptr) {
349 return error("Failed to find volume " + volId);
350 }
351 if (vol->getType() != VolumeBase::Type::kPrivate) {
352 return error("Volume " + volId + " not private");
353 }
354 if (vol->getState() != VolumeBase::State::kMounted) {
355 return error("Volume " + volId + " not mounted");
356 }
357 path = vol->getPath();
358 }
359
360 if (path.empty()) {
361 return error("Volume " + volId + " missing path");
362 }
363
364 (new android::vold::BenchmarkTask(path, listener))->start();
Jeff Sharkey068c6be2017-09-06 13:47:40 -0600[diff] [blame]365 return ok();
366}
367
Jeff Sharkey11c2d382017-09-11 10:32:01 -0600[diff] [blame]368binder::Status VoldNativeService::moveStorage(const std::string& fromVolId,
Jeff Sharkey52f7a912017-09-15 12:57:44 -0600[diff] [blame^]369 const std::string& toVolId, const android::sp<android::os::IVoldTaskListener>& listener) {
Jeff Sharkey9462bdd2017-09-07 15:27:28 -0600[diff] [blame]370 ENFORCE_UID(AID_SYSTEM);
Jeff Sharkeyec4fda22017-09-12 13:19:24 -0600[diff] [blame]371 CHECK_ARGUMENT_ID(fromVolId);
372 CHECK_ARGUMENT_ID(toVolId);
Jeff Sharkey9462bdd2017-09-07 15:27:28 -0600[diff] [blame]373 ACQUIRE_LOCK;
374
375 auto fromVol = VolumeManager::Instance()->findVolume(fromVolId);
376 auto toVol = VolumeManager::Instance()->findVolume(toVolId);
377 if (fromVol == nullptr) {
378 return error("Failed to find volume " + fromVolId);
379 } else if (toVol == nullptr) {
380 return error("Failed to find volume " + toVolId);
381 }
Jeff Sharkey52f7a912017-09-15 12:57:44 -0600[diff] [blame^]382 (new android::vold::MoveTask(fromVol, toVol, listener))->start();
Jeff Sharkey9462bdd2017-09-07 15:27:28 -0600[diff] [blame]383 return ok();
384}
385
386binder::Status VoldNativeService::remountUid(int32_t uid, int32_t remountMode) {
387 ENFORCE_UID(AID_SYSTEM);
388 ACQUIRE_LOCK;
389
390 std::string tmp;
391 switch (remountMode) {
392 case REMOUNT_MODE_NONE: tmp = "none"; break;
393 case REMOUNT_MODE_DEFAULT: tmp = "default"; break;
394 case REMOUNT_MODE_READ: tmp = "read"; break;
395 case REMOUNT_MODE_WRITE: tmp = "write"; break;
396 default: return error("Unknown mode " + std::to_string(remountMode));
397 }
398 return translate(VolumeManager::Instance()->remountUid(uid, tmp));
399}
400
401binder::Status VoldNativeService::mkdirs(const std::string& path) {
402 ENFORCE_UID(AID_SYSTEM);
Jeff Sharkeyec4fda22017-09-12 13:19:24 -0600[diff] [blame]403 CHECK_ARGUMENT_PATH(path);
Jeff Sharkey9462bdd2017-09-07 15:27:28 -0600[diff] [blame]404 ACQUIRE_LOCK;
405
406 return translate(VolumeManager::Instance()->mkdirs(path.c_str()));
407}
408
Jeff Sharkey11c2d382017-09-11 10:32:01 -0600[diff] [blame]409binder::Status VoldNativeService::createObb(const std::string& sourcePath,
410 const std::string& sourceKey, int32_t ownerGid, std::string* _aidl_return) {
411 ENFORCE_UID(AID_SYSTEM);
Jeff Sharkeyec4fda22017-09-12 13:19:24 -0600[diff] [blame]412 CHECK_ARGUMENT_PATH(sourcePath);
413 CHECK_ARGUMENT_HEX(sourceKey);
Jeff Sharkey11c2d382017-09-11 10:32:01 -0600[diff] [blame]414 ACQUIRE_LOCK;
415
416 return translate(
417 VolumeManager::Instance()->createObb(sourcePath, sourceKey, ownerGid, _aidl_return));
418}
419
420binder::Status VoldNativeService::destroyObb(const std::string& volId) {
421 ENFORCE_UID(AID_SYSTEM);
Jeff Sharkeyec4fda22017-09-12 13:19:24 -0600[diff] [blame]422 CHECK_ARGUMENT_ID(volId);
Jeff Sharkey11c2d382017-09-11 10:32:01 -0600[diff] [blame]423 ACQUIRE_LOCK;
424
425 return translate(VolumeManager::Instance()->destroyObb(volId));
426}
427
Jeff Sharkey52f7a912017-09-15 12:57:44 -0600[diff] [blame^]428binder::Status VoldNativeService::fstrim(int32_t fstrimFlags,
429 const android::sp<android::os::IVoldTaskListener>& listener) {
Jeff Sharkey11c2d382017-09-11 10:32:01 -0600[diff] [blame]430 ENFORCE_UID(AID_SYSTEM);
431 ACQUIRE_LOCK;
432
Jeff Sharkey52f7a912017-09-15 12:57:44 -0600[diff] [blame^]433 (new android::vold::TrimTask(fstrimFlags, listener))->start();
Jeff Sharkey11c2d382017-09-11 10:32:01 -0600[diff] [blame]434 return ok();
435}
436
437binder::Status VoldNativeService::mountAppFuse(int32_t uid, int32_t pid, int32_t mountId,
438 android::base::unique_fd* _aidl_return) {
439 ENFORCE_UID(AID_SYSTEM);
440 ACQUIRE_LOCK;
441
442 return translate(VolumeManager::Instance()->mountAppFuse(uid, pid, mountId, _aidl_return));
443}
444
445binder::Status VoldNativeService::unmountAppFuse(int32_t uid, int32_t pid, int32_t mountId) {
446 ENFORCE_UID(AID_SYSTEM);
447 ACQUIRE_LOCK;
448
449 return translate(VolumeManager::Instance()->unmountAppFuse(uid, pid, mountId));
450}
451
Jeff Sharkey83b559c2017-09-12 16:30:52 -0600[diff] [blame]452binder::Status VoldNativeService::fdeCheckPassword(const std::string& password) {
453 ENFORCE_UID(AID_SYSTEM);
454 ACQUIRE_CRYPT_LOCK;
455
456 return translate(cryptfs_check_passwd(password.c_str()));
457}
458
459binder::Status VoldNativeService::fdeRestart() {
460 ENFORCE_UID(AID_SYSTEM);
461 ACQUIRE_CRYPT_LOCK;
462
463 // Spawn as thread so init can issue commands back to vold without
464 // causing deadlock, usually as a result of prep_data_fs.
465 std::thread(&cryptfs_restart).detach();
466 return ok();
467}
468
469binder::Status VoldNativeService::fdeComplete(int32_t* _aidl_return) {
470 ENFORCE_UID(AID_SYSTEM);
471 ACQUIRE_CRYPT_LOCK;
472
473 *_aidl_return = cryptfs_crypto_complete();
474 return ok();
475}
476
477static int fdeEnableInternal(int32_t passwordType, const std::string& password,
478 int32_t encryptionFlags) {
479 bool noUi = (encryptionFlags & VoldNativeService::ENCRYPTION_FLAG_NO_UI) != 0;
480
481 std::string how;
482 if ((encryptionFlags & VoldNativeService::ENCRYPTION_FLAG_IN_PLACE) != 0) {
483 how = "inplace";
484 } else if ((encryptionFlags & VoldNativeService::ENCRYPTION_FLAG_WIPE) != 0) {
485 how = "wipe";
486 } else {
487 LOG(ERROR) << "Missing encryption flag";
488 return -1;
489 }
490
491 for (int tries = 0; tries < 2; ++tries) {
492 int rc;
493 if (passwordType == VoldNativeService::PASSWORD_TYPE_DEFAULT) {
494 rc = cryptfs_enable_default(how.c_str(), noUi);
495 } else {
496 rc = cryptfs_enable(how.c_str(), passwordType, password.c_str(), noUi);
497 }
498
499 if (rc == 0) {
500 return 0;
501 } else if (tries == 0) {
502 Process::killProcessesWithOpenFiles(DATA_MNT_POINT, SIGKILL);
503 }
504 }
505
506 return -1;
507}
508
509binder::Status VoldNativeService::fdeEnable(int32_t passwordType,
510 const std::string& password, int32_t encryptionFlags) {
511 ENFORCE_UID(AID_SYSTEM);
512 ACQUIRE_CRYPT_LOCK;
513
514 if (e4crypt_is_native()) {
515 if (passwordType != PASSWORD_TYPE_DEFAULT) {
516 return error("Unexpected password type");
517 }
518 if (encryptionFlags != (ENCRYPTION_FLAG_IN_PLACE | ENCRYPTION_FLAG_NO_UI)) {
519 return error("Unexpected flags");
520 }
521 return translateBool(e4crypt_enable_crypto());
522 }
523
524 // Spawn as thread so init can issue commands back to vold without
525 // causing deadlock, usually as a result of prep_data_fs.
526 std::thread(&fdeEnableInternal, passwordType, password, encryptionFlags).detach();
527 return ok();
528}
529
530binder::Status VoldNativeService::fdeChangePassword(int32_t passwordType,
531 const std::string& password) {
532 ENFORCE_UID(AID_SYSTEM);
533 ACQUIRE_CRYPT_LOCK;
534
535 return translate(cryptfs_changepw(passwordType, password.c_str()));
536}
537
538binder::Status VoldNativeService::fdeVerifyPassword(const std::string& password) {
539 ENFORCE_UID(AID_SYSTEM);
540 ACQUIRE_CRYPT_LOCK;
541
542 return translate(cryptfs_verify_passwd(password.c_str()));
543}
544
545binder::Status VoldNativeService::fdeGetField(const std::string& key,
546 std::string* _aidl_return) {
547 ENFORCE_UID(AID_SYSTEM);
548 ACQUIRE_CRYPT_LOCK;
549
550 char buf[PROPERTY_VALUE_MAX];
551 if (cryptfs_getfield(key.c_str(), buf, sizeof(buf)) != CRYPTO_GETFIELD_OK) {
552 return error(StringPrintf("Failed to read field %s", key.c_str()));
553 } else {
554 *_aidl_return = buf;
555 return ok();
556 }
557}
558
559binder::Status VoldNativeService::fdeSetField(const std::string& key,
560 const std::string& value) {
561 ENFORCE_UID(AID_SYSTEM);
562 ACQUIRE_CRYPT_LOCK;
563
564 return translate(cryptfs_setfield(key.c_str(), value.c_str()));
565}
566
567binder::Status VoldNativeService::fdeGetPasswordType(int32_t* _aidl_return) {
568 ENFORCE_UID(AID_SYSTEM);
569 ACQUIRE_CRYPT_LOCK;
570
571 *_aidl_return = cryptfs_get_password_type();
572 return ok();
573}
574
575binder::Status VoldNativeService::fdeGetPassword(std::string* _aidl_return) {
576 ENFORCE_UID(AID_SYSTEM);
577 ACQUIRE_CRYPT_LOCK;
578
579 const char* res = cryptfs_get_password();
580 if (res != nullptr) {
581 *_aidl_return = res;
582 }
583 return ok();
584}
585
586binder::Status VoldNativeService::fdeClearPassword() {
587 ENFORCE_UID(AID_SYSTEM);
588 ACQUIRE_CRYPT_LOCK;
589
590 cryptfs_clear_password();
591 return ok();
592}
593
594binder::Status VoldNativeService::fbeEnable() {
595 ENFORCE_UID(AID_SYSTEM);
596 ACQUIRE_CRYPT_LOCK;
597
598 return translateBool(e4crypt_initialize_global_de());
599}
600
601binder::Status VoldNativeService::mountDefaultEncrypted() {
602 ENFORCE_UID(AID_SYSTEM);
603 ACQUIRE_CRYPT_LOCK;
604
605 if (e4crypt_is_native()) {
606 return translateBool(e4crypt_mount_metadata_encrypted());
607 } else {
608 // Spawn as thread so init can issue commands back to vold without
609 // causing deadlock, usually as a result of prep_data_fs.
610 std::thread(&cryptfs_mount_default_encrypted).detach();
611 return ok();
612 }
613}
614
615binder::Status VoldNativeService::initUser0() {
616 ENFORCE_UID(AID_SYSTEM);
617 ACQUIRE_CRYPT_LOCK;
618
619 return translateBool(e4crypt_init_user0());
620}
621
622binder::Status VoldNativeService::isConvertibleToFbe(bool* _aidl_return) {
623 ENFORCE_UID(AID_SYSTEM);
624 ACQUIRE_CRYPT_LOCK;
625
626 *_aidl_return = cryptfs_isConvertibleToFBE() != 0;
627 return ok();
628}
629
630binder::Status VoldNativeService::createUserKey(int32_t userId, int32_t userSerial,
631 bool ephemeral) {
632 ENFORCE_UID(AID_SYSTEM);
633 ACQUIRE_CRYPT_LOCK;
634
635 return translateBool(e4crypt_vold_create_user_key(userId, userSerial, ephemeral));
636}
637
638binder::Status VoldNativeService::destroyUserKey(int32_t userId) {
639 ENFORCE_UID(AID_SYSTEM);
640 ACQUIRE_CRYPT_LOCK;
641
642 return translateBool(e4crypt_destroy_user_key(userId));
643}
644
645binder::Status VoldNativeService::addUserKeyAuth(int32_t userId, int32_t userSerial,
646 const std::string& token, const std::string& secret) {
647 ENFORCE_UID(AID_SYSTEM);
648 ACQUIRE_CRYPT_LOCK;
649
650 return translateBool(e4crypt_add_user_key_auth(userId, userSerial, token.c_str(), secret.c_str()));
651}
652
653binder::Status VoldNativeService::fixateNewestUserKeyAuth(int32_t userId) {
654 ENFORCE_UID(AID_SYSTEM);
655 ACQUIRE_CRYPT_LOCK;
656
657 return translateBool(e4crypt_fixate_newest_user_key_auth(userId));
658}
659
660binder::Status VoldNativeService::unlockUserKey(int32_t userId, int32_t userSerial,
661 const std::string& token, const std::string& secret) {
662 ENFORCE_UID(AID_SYSTEM);
663 ACQUIRE_CRYPT_LOCK;
664
665 return translateBool(e4crypt_unlock_user_key(userId, userSerial, token.c_str(), secret.c_str()));
666}
667
668binder::Status VoldNativeService::lockUserKey(int32_t userId) {
669 ENFORCE_UID(AID_SYSTEM);
670 ACQUIRE_CRYPT_LOCK;
671
672 return translateBool(e4crypt_lock_user_key(userId));
673}
674
675binder::Status VoldNativeService::prepareUserStorage(const std::unique_ptr<std::string>& uuid,
676 int32_t userId, int32_t userSerial, int32_t flags) {
677 ENFORCE_UID(AID_SYSTEM);
678 ACQUIRE_CRYPT_LOCK;
679
680 const char* uuid_ = uuid ? uuid->c_str() : nullptr;
681 return translateBool(e4crypt_prepare_user_storage(uuid_, userId, userSerial, flags));
682}
683
684binder::Status VoldNativeService::destroyUserStorage(const std::unique_ptr<std::string>& uuid,
685 int32_t userId, int32_t flags) {
686 ENFORCE_UID(AID_SYSTEM);
687 ACQUIRE_CRYPT_LOCK;
688
689 const char* uuid_ = uuid ? uuid->c_str() : nullptr;
690 return translateBool(e4crypt_destroy_user_storage(uuid_, userId, flags));
691}
692
693binder::Status VoldNativeService::secdiscard(const std::string& path) {
694 ENFORCE_UID(AID_SYSTEM);
695 ACQUIRE_CRYPT_LOCK;
696
697 return translateBool(e4crypt_secdiscard(path.c_str()));
698}
699
Jeff Sharkey068c6be2017-09-06 13:47:40 -0600[diff] [blame]700} // namespace vold
701} // namespace android