Gitiles
Code Review Sign In
review.shift-gmbh.com / SHIFTPHONES / android_system_vold / ae4f85d2ff11079bd79650a61745a89fa695ed4a / . / VoldNativeService.cpp
blob: c82eb927943dc81f4fa9e888fdd748ebdd5dba60 [file] [log] [blame]
Jeff Sharkey068c6be2017-09-06 13:47:40 -0600[diff] [blame]1/*
2 * Copyright (C) 2017 The Android Open Source Project
3 *
4 * Licensed under the Apache License, Version 2.0 (the "License");
5 * you may not use this file except in compliance with the License.
6 * You may obtain a copy of the License at
7 *
8 * http://www.apache.org/licenses/LICENSE-2.0
9 *
10 * Unless required by applicable law or agreed to in writing, software
11 * distributed under the License is distributed on an "AS IS" BASIS,
12 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13 * See the License for the specific language governing permissions and
14 * limitations under the License.
15 */
16
Jeff Sharkey67b8c492017-09-21 17:08:43 -0600[diff] [blame]17#define ATRACE_TAG ATRACE_TAG_PACKAGE_MANAGER
18
Jeff Sharkey068c6be2017-09-06 13:47:40 -0600[diff] [blame]19#include "VoldNativeService.h"
20#include "VolumeManager.h"
Jeff Sharkey52f7a912017-09-15 12:57:44 -0600[diff] [blame]21#include "BenchmarkTask.h"
Jeff Sharkey9462bdd2017-09-07 15:27:28 -0600[diff] [blame]22#include "MoveTask.h"
Jeff Sharkey83b559c2017-09-12 16:30:52 -0600[diff] [blame]23#include "Process.h"
Jeff Sharkey11c2d382017-09-11 10:32:01 -0600[diff] [blame]24#include "TrimTask.h"
Jeff Sharkey068c6be2017-09-06 13:47:40 -0600[diff] [blame]25
Jeff Sharkey83b559c2017-09-12 16:30:52 -0600[diff] [blame]26#include "cryptfs.h"
27#include "Ext4Crypt.h"
28#include "MetadataCrypt.h"
29
Jeff Sharkey068c6be2017-09-06 13:47:40 -0600[diff] [blame]30#include <fstream>
31
32#include <android-base/logging.h>
33#include <android-base/stringprintf.h>
34#include <android-base/strings.h>
Paul Crowley3b71fc52017-10-09 10:55:21 -0700[diff] [blame]35#include <ext4_utils/ext4_crypt.h>
Jeff Sharkey11c2d382017-09-11 10:32:01 -0600[diff] [blame]36#include <fs_mgr.h>
Jeff Sharkey068c6be2017-09-06 13:47:40 -0600[diff] [blame]37#include <private/android_filesystem_config.h>
Jeff Sharkey67b8c492017-09-21 17:08:43 -0600[diff] [blame]38#include <utils/Trace.h>
Jeff Sharkey068c6be2017-09-06 13:47:40 -0600[diff] [blame]39
Jeff Sharkey068c6be2017-09-06 13:47:40 -0600[diff] [blame]40using android::base::StringPrintf;
41using std::endl;
42
43namespace android {
44namespace vold {
45
46namespace {
47
48constexpr const char* kDump = "android.permission.DUMP";
49
50static binder::Status ok() {
51 return binder::Status::ok();
52}
53
54static binder::Status exception(uint32_t code, const std::string& msg) {
55 return binder::Status::fromExceptionCode(code, String8(msg.c_str()));
56}
57
Jeff Sharkey9462bdd2017-09-07 15:27:28 -0600[diff] [blame]58static binder::Status error(const std::string& msg) {
59 PLOG(ERROR) << msg;
60 return binder::Status::fromServiceSpecificError(errno, String8(msg.c_str()));
61}
62
Jeff Sharkey83b559c2017-09-12 16:30:52 -0600[diff] [blame]63static binder::Status translate(int status) {
Jeff Sharkey9462bdd2017-09-07 15:27:28 -0600[diff] [blame]64 if (status == 0) {
65 return binder::Status::ok();
66 } else {
Jeff Sharkey11c2d382017-09-11 10:32:01 -0600[diff] [blame]67 return binder::Status::fromServiceSpecificError(status);
Jeff Sharkey9462bdd2017-09-07 15:27:28 -0600[diff] [blame]68 }
69}
70
Jeff Sharkey83b559c2017-09-12 16:30:52 -0600[diff] [blame]71static binder::Status translateBool(bool status) {
72 if (status) {
73 return binder::Status::ok();
74 } else {
75 return binder::Status::fromServiceSpecificError(status);
76 }
77}
78
Jeff Sharkey068c6be2017-09-06 13:47:40 -0600[diff] [blame]79binder::Status checkPermission(const char* permission) {
80 pid_t pid;
81 uid_t uid;
82
83 if (checkCallingPermission(String16(permission), reinterpret_cast<int32_t*>(&pid),
84 reinterpret_cast<int32_t*>(&uid))) {
85 return ok();
86 } else {
87 return exception(binder::Status::EX_SECURITY,
88 StringPrintf("UID %d / PID %d lacks permission %s", uid, pid, permission));
89 }
90}
91
92binder::Status checkUid(uid_t expectedUid) {
93 uid_t uid = IPCThreadState::self()->getCallingUid();
94 if (uid == expectedUid || uid == AID_ROOT) {
95 return ok();
96 } else {
97 return exception(binder::Status::EX_SECURITY,
98 StringPrintf("UID %d is not expected UID %d", uid, expectedUid));
99 }
100}
101
Jeff Sharkeyec4fda22017-09-12 13:19:24 -0600[diff] [blame]102binder::Status checkArgumentId(const std::string& id) {
103 if (id.empty()) {
104 return exception(binder::Status::EX_ILLEGAL_ARGUMENT, "Missing ID");
105 }
106 for (const char& c : id) {
107 if (!std::isalnum(c) && c != ':' && c != ',') {
108 return exception(binder::Status::EX_ILLEGAL_ARGUMENT,
109 StringPrintf("ID %s is malformed", id.c_str()));
110 }
111 }
112 return ok();
113}
114
115binder::Status checkArgumentPath(const std::string& path) {
116 if (path.empty()) {
117 return exception(binder::Status::EX_ILLEGAL_ARGUMENT, "Missing path");
118 }
119 if (path[0] != '/') {
120 return exception(binder::Status::EX_ILLEGAL_ARGUMENT,
121 StringPrintf("Path %s is relative", path.c_str()));
122 }
123 for (const char& c : path) {
124 if (c == '\0' || c == '\n') {
125 return exception(binder::Status::EX_ILLEGAL_ARGUMENT,
126 StringPrintf("Path %s is malformed", path.c_str()));
127 }
128 }
129 return ok();
130}
131
132binder::Status checkArgumentHex(const std::string& hex) {
133 // Empty hex strings are allowed
134 for (const char& c : hex) {
135 if (!std::isxdigit(c) && c != ':' && c != '-') {
136 return exception(binder::Status::EX_ILLEGAL_ARGUMENT,
137 StringPrintf("Hex %s is malformed", hex.c_str()));
138 }
139 }
140 return ok();
141}
142
Jeff Sharkey068c6be2017-09-06 13:47:40 -0600[diff] [blame]143#define ENFORCE_UID(uid) { \
144 binder::Status status = checkUid((uid)); \
145 if (!status.isOk()) { \
146 return status; \
147 } \
148}
149
Jeff Sharkeyec4fda22017-09-12 13:19:24 -0600[diff] [blame]150#define CHECK_ARGUMENT_ID(id) { \
151 binder::Status status = checkArgumentId((id)); \
152 if (!status.isOk()) { \
153 return status; \
154 } \
155}
156
157#define CHECK_ARGUMENT_PATH(path) { \
158 binder::Status status = checkArgumentPath((path)); \
159 if (!status.isOk()) { \
160 return status; \
161 } \
162}
163
164#define CHECK_ARGUMENT_HEX(hex) { \
165 binder::Status status = checkArgumentHex((hex)); \
166 if (!status.isOk()) { \
167 return status; \
168 } \
169}
170
Jeff Sharkey83b559c2017-09-12 16:30:52 -0600[diff] [blame]171#define ACQUIRE_LOCK \
Jeff Sharkey67b8c492017-09-21 17:08:43 -0600[diff] [blame]172 std::lock_guard<std::mutex> lock(VolumeManager::Instance()->getLock()); \
173 ATRACE_CALL();
Jeff Sharkey83b559c2017-09-12 16:30:52 -0600[diff] [blame]174
175#define ACQUIRE_CRYPT_LOCK \
Jeff Sharkey67b8c492017-09-21 17:08:43 -0600[diff] [blame]176 std::lock_guard<std::mutex> lock(VolumeManager::Instance()->getCryptLock()); \
177 ATRACE_CALL();
Jeff Sharkey9462bdd2017-09-07 15:27:28 -0600[diff] [blame]178
Jeff Sharkey068c6be2017-09-06 13:47:40 -0600[diff] [blame]179} // namespace
180
181status_t VoldNativeService::start() {
182 IPCThreadState::self()->disableBackgroundScheduling(true);
183 status_t ret = BinderService<VoldNativeService>::publish();
184 if (ret != android::OK) {
185 return ret;
186 }
187 sp<ProcessState> ps(ProcessState::self());
188 ps->startThreadPool();
189 ps->giveThreadPoolName();
190 return android::OK;
191}
192
193status_t VoldNativeService::dump(int fd, const Vector<String16> & /* args */) {
194 auto out = std::fstream(StringPrintf("/proc/self/fd/%d", fd));
195 const binder::Status dump_permission = checkPermission(kDump);
196 if (!dump_permission.isOk()) {
197 out << dump_permission.toString8() << endl;
198 return PERMISSION_DENIED;
199 }
200
Jeff Sharkey9462bdd2017-09-07 15:27:28 -0600[diff] [blame]201 ACQUIRE_LOCK;
Jeff Sharkey068c6be2017-09-06 13:47:40 -0600[diff] [blame]202 out << "vold is happy!" << endl;
203 out.flush();
Jeff Sharkey068c6be2017-09-06 13:47:40 -0600[diff] [blame]204 return NO_ERROR;
205}
206
Jeff Sharkey814e9d32017-09-13 11:49:44 -0600[diff] [blame]207binder::Status VoldNativeService::setListener(
208 const android::sp<android::os::IVoldListener>& listener) {
209 ENFORCE_UID(AID_SYSTEM);
210 ACQUIRE_LOCK;
211
212 VolumeManager::Instance()->setListener(listener);
213 return ok();
214}
215
Jeff Sharkeycbe69fc2017-09-15 16:50:28 -0600[diff] [blame]216binder::Status VoldNativeService::monitor() {
217 ENFORCE_UID(AID_SYSTEM);
218
219 // Simply acquire/release each lock for watchdog
220 {
221 ACQUIRE_LOCK;
222 }
223 {
224 ACQUIRE_CRYPT_LOCK;
225 }
226
227 return ok();
228}
229
Jeff Sharkey068c6be2017-09-06 13:47:40 -0600[diff] [blame]230binder::Status VoldNativeService::reset() {
231 ENFORCE_UID(AID_SYSTEM);
Jeff Sharkey9462bdd2017-09-07 15:27:28 -0600[diff] [blame]232 ACQUIRE_LOCK;
Jeff Sharkey068c6be2017-09-06 13:47:40 -0600[diff] [blame]233
Jeff Sharkey9462bdd2017-09-07 15:27:28 -0600[diff] [blame]234 return translate(VolumeManager::Instance()->reset());
235}
236
237binder::Status VoldNativeService::shutdown() {
238 ENFORCE_UID(AID_SYSTEM);
239 ACQUIRE_LOCK;
240
241 return translate(VolumeManager::Instance()->shutdown());
242}
243
Jeff Sharkey11c2d382017-09-11 10:32:01 -0600[diff] [blame]244binder::Status VoldNativeService::mountAll() {
Jeff Sharkey9462bdd2017-09-07 15:27:28 -0600[diff] [blame]245 ENFORCE_UID(AID_SYSTEM);
246 ACQUIRE_LOCK;
247
Jeff Sharkey11c2d382017-09-11 10:32:01 -0600[diff] [blame]248 struct fstab* fstab = fs_mgr_read_fstab_default();
249 int res = fs_mgr_mount_all(fstab, MOUNT_MODE_DEFAULT);
250 fs_mgr_free_fstab(fstab);
251 return translate(res);
Jeff Sharkey9462bdd2017-09-07 15:27:28 -0600[diff] [blame]252}
253
254binder::Status VoldNativeService::onUserAdded(int32_t userId, int32_t userSerial) {
255 ENFORCE_UID(AID_SYSTEM);
256 ACQUIRE_LOCK;
257
258 return translate(VolumeManager::Instance()->onUserAdded(userId, userSerial));
259}
260
261binder::Status VoldNativeService::onUserRemoved(int32_t userId) {
262 ENFORCE_UID(AID_SYSTEM);
263 ACQUIRE_LOCK;
264
265 return translate(VolumeManager::Instance()->onUserRemoved(userId));
266}
267
268binder::Status VoldNativeService::onUserStarted(int32_t userId) {
269 ENFORCE_UID(AID_SYSTEM);
270 ACQUIRE_LOCK;
271
272 return translate(VolumeManager::Instance()->onUserStarted(userId));
273}
274
275binder::Status VoldNativeService::onUserStopped(int32_t userId) {
276 ENFORCE_UID(AID_SYSTEM);
277 ACQUIRE_LOCK;
278
279 return translate(VolumeManager::Instance()->onUserStopped(userId));
280}
281
Jeff Sharkey11c2d382017-09-11 10:32:01 -0600[diff] [blame]282binder::Status VoldNativeService::partition(const std::string& diskId, int32_t partitionType,
283 int32_t ratio) {
Jeff Sharkey9462bdd2017-09-07 15:27:28 -0600[diff] [blame]284 ENFORCE_UID(AID_SYSTEM);
Jeff Sharkeyec4fda22017-09-12 13:19:24 -0600[diff] [blame]285 CHECK_ARGUMENT_ID(diskId);
Jeff Sharkey9462bdd2017-09-07 15:27:28 -0600[diff] [blame]286 ACQUIRE_LOCK;
287
288 auto disk = VolumeManager::Instance()->findDisk(diskId);
289 if (disk == nullptr) {
290 return error("Failed to find disk " + diskId);
291 }
292 switch (partitionType) {
293 case PARTITION_TYPE_PUBLIC: return translate(disk->partitionPublic());
294 case PARTITION_TYPE_PRIVATE: return translate(disk->partitionPrivate());
295 case PARTITION_TYPE_MIXED: return translate(disk->partitionMixed(ratio));
296 default: return error("Unknown type " + std::to_string(partitionType));
297 }
298}
299
300binder::Status VoldNativeService::forgetPartition(const std::string& partGuid) {
301 ENFORCE_UID(AID_SYSTEM);
Jeff Sharkeyec4fda22017-09-12 13:19:24 -0600[diff] [blame]302 CHECK_ARGUMENT_HEX(partGuid);
Jeff Sharkey9462bdd2017-09-07 15:27:28 -0600[diff] [blame]303 ACQUIRE_LOCK;
304
305 return translate(VolumeManager::Instance()->forgetPartition(partGuid));
306}
307
Jeff Sharkey11c2d382017-09-11 10:32:01 -0600[diff] [blame]308binder::Status VoldNativeService::mount(const std::string& volId, int32_t mountFlags,
309 int32_t mountUserId) {
Jeff Sharkey9462bdd2017-09-07 15:27:28 -0600[diff] [blame]310 ENFORCE_UID(AID_SYSTEM);
Jeff Sharkeyec4fda22017-09-12 13:19:24 -0600[diff] [blame]311 CHECK_ARGUMENT_ID(volId);
Jeff Sharkey9462bdd2017-09-07 15:27:28 -0600[diff] [blame]312 ACQUIRE_LOCK;
313
314 auto vol = VolumeManager::Instance()->findVolume(volId);
315 if (vol == nullptr) {
316 return error("Failed to find volume " + volId);
317 }
318
319 vol->setMountFlags(mountFlags);
320 vol->setMountUserId(mountUserId);
321
322 int res = vol->mount();
Jeff Sharkey83b559c2017-09-12 16:30:52 -0600[diff] [blame]323 if ((mountFlags & MOUNT_FLAG_PRIMARY) != 0) {
Jeff Sharkey9462bdd2017-09-07 15:27:28 -0600[diff] [blame]324 VolumeManager::Instance()->setPrimary(vol);
325 }
326 return translate(res);
327}
328
329binder::Status VoldNativeService::unmount(const std::string& volId) {
330 ENFORCE_UID(AID_SYSTEM);
Jeff Sharkeyec4fda22017-09-12 13:19:24 -0600[diff] [blame]331 CHECK_ARGUMENT_ID(volId);
Jeff Sharkey9462bdd2017-09-07 15:27:28 -0600[diff] [blame]332 ACQUIRE_LOCK;
333
334 auto vol = VolumeManager::Instance()->findVolume(volId);
335 if (vol == nullptr) {
336 return error("Failed to find volume " + volId);
337 }
338 return translate(vol->unmount());
339}
340
341binder::Status VoldNativeService::format(const std::string& volId, const std::string& fsType) {
342 ENFORCE_UID(AID_SYSTEM);
Jeff Sharkeyec4fda22017-09-12 13:19:24 -0600[diff] [blame]343 CHECK_ARGUMENT_ID(volId);
Jeff Sharkey9462bdd2017-09-07 15:27:28 -0600[diff] [blame]344 ACQUIRE_LOCK;
345
346 auto vol = VolumeManager::Instance()->findVolume(volId);
347 if (vol == nullptr) {
348 return error("Failed to find volume " + volId);
349 }
350 return translate(vol->format(fsType));
351}
352
Jeff Sharkey52f7a912017-09-15 12:57:44 -0600[diff] [blame]353binder::Status VoldNativeService::benchmark(const std::string& volId,
354 const android::sp<android::os::IVoldTaskListener>& listener) {
Jeff Sharkey9462bdd2017-09-07 15:27:28 -0600[diff] [blame]355 ENFORCE_UID(AID_SYSTEM);
Jeff Sharkeyec4fda22017-09-12 13:19:24 -0600[diff] [blame]356 CHECK_ARGUMENT_ID(volId);
Jeff Sharkey9462bdd2017-09-07 15:27:28 -0600[diff] [blame]357 ACQUIRE_LOCK;
358
Jeff Sharkey52f7a912017-09-15 12:57:44 -0600[diff] [blame]359 std::string path;
360 if (volId == "private" || volId == "null") {
361 path = "/data";
362 } else {
363 auto vol = VolumeManager::Instance()->findVolume(volId);
364 if (vol == nullptr) {
365 return error("Failed to find volume " + volId);
366 }
367 if (vol->getType() != VolumeBase::Type::kPrivate) {
368 return error("Volume " + volId + " not private");
369 }
370 if (vol->getState() != VolumeBase::State::kMounted) {
371 return error("Volume " + volId + " not mounted");
372 }
373 path = vol->getPath();
374 }
375
376 if (path.empty()) {
377 return error("Volume " + volId + " missing path");
378 }
379
380 (new android::vold::BenchmarkTask(path, listener))->start();
Jeff Sharkey068c6be2017-09-06 13:47:40 -0600[diff] [blame]381 return ok();
382}
383
Jeff Sharkey11c2d382017-09-11 10:32:01 -0600[diff] [blame]384binder::Status VoldNativeService::moveStorage(const std::string& fromVolId,
Jeff Sharkey52f7a912017-09-15 12:57:44 -0600[diff] [blame]385 const std::string& toVolId, const android::sp<android::os::IVoldTaskListener>& listener) {
Jeff Sharkey9462bdd2017-09-07 15:27:28 -0600[diff] [blame]386 ENFORCE_UID(AID_SYSTEM);
Jeff Sharkeyec4fda22017-09-12 13:19:24 -0600[diff] [blame]387 CHECK_ARGUMENT_ID(fromVolId);
388 CHECK_ARGUMENT_ID(toVolId);
Jeff Sharkey9462bdd2017-09-07 15:27:28 -0600[diff] [blame]389 ACQUIRE_LOCK;
390
391 auto fromVol = VolumeManager::Instance()->findVolume(fromVolId);
392 auto toVol = VolumeManager::Instance()->findVolume(toVolId);
393 if (fromVol == nullptr) {
394 return error("Failed to find volume " + fromVolId);
395 } else if (toVol == nullptr) {
396 return error("Failed to find volume " + toVolId);
397 }
Jeff Sharkey52f7a912017-09-15 12:57:44 -0600[diff] [blame]398 (new android::vold::MoveTask(fromVol, toVol, listener))->start();
Jeff Sharkey9462bdd2017-09-07 15:27:28 -0600[diff] [blame]399 return ok();
400}
401
402binder::Status VoldNativeService::remountUid(int32_t uid, int32_t remountMode) {
403 ENFORCE_UID(AID_SYSTEM);
404 ACQUIRE_LOCK;
405
406 std::string tmp;
407 switch (remountMode) {
408 case REMOUNT_MODE_NONE: tmp = "none"; break;
409 case REMOUNT_MODE_DEFAULT: tmp = "default"; break;
410 case REMOUNT_MODE_READ: tmp = "read"; break;
411 case REMOUNT_MODE_WRITE: tmp = "write"; break;
412 default: return error("Unknown mode " + std::to_string(remountMode));
413 }
414 return translate(VolumeManager::Instance()->remountUid(uid, tmp));
415}
416
417binder::Status VoldNativeService::mkdirs(const std::string& path) {
418 ENFORCE_UID(AID_SYSTEM);
Jeff Sharkeyec4fda22017-09-12 13:19:24 -0600[diff] [blame]419 CHECK_ARGUMENT_PATH(path);
Jeff Sharkey9462bdd2017-09-07 15:27:28 -0600[diff] [blame]420 ACQUIRE_LOCK;
421
Jeff Sharkey3472e522017-10-06 18:02:53 -0600[diff] [blame]422 return translate(VolumeManager::Instance()->mkdirs(path));
Jeff Sharkey9462bdd2017-09-07 15:27:28 -0600[diff] [blame]423}
424
Jeff Sharkey11c2d382017-09-11 10:32:01 -0600[diff] [blame]425binder::Status VoldNativeService::createObb(const std::string& sourcePath,
426 const std::string& sourceKey, int32_t ownerGid, std::string* _aidl_return) {
427 ENFORCE_UID(AID_SYSTEM);
Jeff Sharkeyec4fda22017-09-12 13:19:24 -0600[diff] [blame]428 CHECK_ARGUMENT_PATH(sourcePath);
429 CHECK_ARGUMENT_HEX(sourceKey);
Jeff Sharkey11c2d382017-09-11 10:32:01 -0600[diff] [blame]430 ACQUIRE_LOCK;
431
432 return translate(
433 VolumeManager::Instance()->createObb(sourcePath, sourceKey, ownerGid, _aidl_return));
434}
435
436binder::Status VoldNativeService::destroyObb(const std::string& volId) {
437 ENFORCE_UID(AID_SYSTEM);
Jeff Sharkeyec4fda22017-09-12 13:19:24 -0600[diff] [blame]438 CHECK_ARGUMENT_ID(volId);
Jeff Sharkey11c2d382017-09-11 10:32:01 -0600[diff] [blame]439 ACQUIRE_LOCK;
440
441 return translate(VolumeManager::Instance()->destroyObb(volId));
442}
443
Jeff Sharkey52f7a912017-09-15 12:57:44 -0600[diff] [blame]444binder::Status VoldNativeService::fstrim(int32_t fstrimFlags,
445 const android::sp<android::os::IVoldTaskListener>& listener) {
Jeff Sharkey11c2d382017-09-11 10:32:01 -0600[diff] [blame]446 ENFORCE_UID(AID_SYSTEM);
447 ACQUIRE_LOCK;
448
Jeff Sharkey52f7a912017-09-15 12:57:44 -0600[diff] [blame]449 (new android::vold::TrimTask(fstrimFlags, listener))->start();
Jeff Sharkey11c2d382017-09-11 10:32:01 -0600[diff] [blame]450 return ok();
451}
452
453binder::Status VoldNativeService::mountAppFuse(int32_t uid, int32_t pid, int32_t mountId,
454 android::base::unique_fd* _aidl_return) {
455 ENFORCE_UID(AID_SYSTEM);
456 ACQUIRE_LOCK;
457
458 return translate(VolumeManager::Instance()->mountAppFuse(uid, pid, mountId, _aidl_return));
459}
460
461binder::Status VoldNativeService::unmountAppFuse(int32_t uid, int32_t pid, int32_t mountId) {
462 ENFORCE_UID(AID_SYSTEM);
463 ACQUIRE_LOCK;
464
465 return translate(VolumeManager::Instance()->unmountAppFuse(uid, pid, mountId));
466}
467
Jeff Sharkey83b559c2017-09-12 16:30:52 -0600[diff] [blame]468binder::Status VoldNativeService::fdeCheckPassword(const std::string& password) {
469 ENFORCE_UID(AID_SYSTEM);
470 ACQUIRE_CRYPT_LOCK;
471
472 return translate(cryptfs_check_passwd(password.c_str()));
473}
474
475binder::Status VoldNativeService::fdeRestart() {
476 ENFORCE_UID(AID_SYSTEM);
477 ACQUIRE_CRYPT_LOCK;
478
479 // Spawn as thread so init can issue commands back to vold without
480 // causing deadlock, usually as a result of prep_data_fs.
481 std::thread(&cryptfs_restart).detach();
482 return ok();
483}
484
485binder::Status VoldNativeService::fdeComplete(int32_t* _aidl_return) {
486 ENFORCE_UID(AID_SYSTEM);
487 ACQUIRE_CRYPT_LOCK;
488
489 *_aidl_return = cryptfs_crypto_complete();
490 return ok();
491}
492
493static int fdeEnableInternal(int32_t passwordType, const std::string& password,
494 int32_t encryptionFlags) {
495 bool noUi = (encryptionFlags & VoldNativeService::ENCRYPTION_FLAG_NO_UI) != 0;
496
497 std::string how;
498 if ((encryptionFlags & VoldNativeService::ENCRYPTION_FLAG_IN_PLACE) != 0) {
499 how = "inplace";
500 } else if ((encryptionFlags & VoldNativeService::ENCRYPTION_FLAG_WIPE) != 0) {
501 how = "wipe";
502 } else {
503 LOG(ERROR) << "Missing encryption flag";
504 return -1;
505 }
506
507 for (int tries = 0; tries < 2; ++tries) {
508 int rc;
509 if (passwordType == VoldNativeService::PASSWORD_TYPE_DEFAULT) {
510 rc = cryptfs_enable_default(how.c_str(), noUi);
511 } else {
512 rc = cryptfs_enable(how.c_str(), passwordType, password.c_str(), noUi);
513 }
514
515 if (rc == 0) {
516 return 0;
517 } else if (tries == 0) {
Jeff Sharkey3472e522017-10-06 18:02:53 -0600[diff] [blame]518 KillProcessesWithOpenFiles(DATA_MNT_POINT, SIGKILL);
Jeff Sharkey83b559c2017-09-12 16:30:52 -0600[diff] [blame]519 }
520 }
521
522 return -1;
523}
524
525binder::Status VoldNativeService::fdeEnable(int32_t passwordType,
526 const std::string& password, int32_t encryptionFlags) {
527 ENFORCE_UID(AID_SYSTEM);
528 ACQUIRE_CRYPT_LOCK;
529
530 if (e4crypt_is_native()) {
531 if (passwordType != PASSWORD_TYPE_DEFAULT) {
532 return error("Unexpected password type");
533 }
534 if (encryptionFlags != (ENCRYPTION_FLAG_IN_PLACE | ENCRYPTION_FLAG_NO_UI)) {
535 return error("Unexpected flags");
536 }
537 return translateBool(e4crypt_enable_crypto());
538 }
539
540 // Spawn as thread so init can issue commands back to vold without
541 // causing deadlock, usually as a result of prep_data_fs.
542 std::thread(&fdeEnableInternal, passwordType, password, encryptionFlags).detach();
543 return ok();
544}
545
546binder::Status VoldNativeService::fdeChangePassword(int32_t passwordType,
547 const std::string& password) {
548 ENFORCE_UID(AID_SYSTEM);
549 ACQUIRE_CRYPT_LOCK;
550
551 return translate(cryptfs_changepw(passwordType, password.c_str()));
552}
553
554binder::Status VoldNativeService::fdeVerifyPassword(const std::string& password) {
555 ENFORCE_UID(AID_SYSTEM);
556 ACQUIRE_CRYPT_LOCK;
557
558 return translate(cryptfs_verify_passwd(password.c_str()));
559}
560
561binder::Status VoldNativeService::fdeGetField(const std::string& key,
562 std::string* _aidl_return) {
563 ENFORCE_UID(AID_SYSTEM);
564 ACQUIRE_CRYPT_LOCK;
565
566 char buf[PROPERTY_VALUE_MAX];
567 if (cryptfs_getfield(key.c_str(), buf, sizeof(buf)) != CRYPTO_GETFIELD_OK) {
568 return error(StringPrintf("Failed to read field %s", key.c_str()));
569 } else {
570 *_aidl_return = buf;
571 return ok();
572 }
573}
574
575binder::Status VoldNativeService::fdeSetField(const std::string& key,
576 const std::string& value) {
577 ENFORCE_UID(AID_SYSTEM);
578 ACQUIRE_CRYPT_LOCK;
579
580 return translate(cryptfs_setfield(key.c_str(), value.c_str()));
581}
582
583binder::Status VoldNativeService::fdeGetPasswordType(int32_t* _aidl_return) {
584 ENFORCE_UID(AID_SYSTEM);
585 ACQUIRE_CRYPT_LOCK;
586
587 *_aidl_return = cryptfs_get_password_type();
588 return ok();
589}
590
591binder::Status VoldNativeService::fdeGetPassword(std::string* _aidl_return) {
592 ENFORCE_UID(AID_SYSTEM);
593 ACQUIRE_CRYPT_LOCK;
594
595 const char* res = cryptfs_get_password();
596 if (res != nullptr) {
597 *_aidl_return = res;
598 }
599 return ok();
600}
601
602binder::Status VoldNativeService::fdeClearPassword() {
603 ENFORCE_UID(AID_SYSTEM);
604 ACQUIRE_CRYPT_LOCK;
605
606 cryptfs_clear_password();
607 return ok();
608}
609
610binder::Status VoldNativeService::fbeEnable() {
611 ENFORCE_UID(AID_SYSTEM);
612 ACQUIRE_CRYPT_LOCK;
613
614 return translateBool(e4crypt_initialize_global_de());
615}
616
617binder::Status VoldNativeService::mountDefaultEncrypted() {
618 ENFORCE_UID(AID_SYSTEM);
619 ACQUIRE_CRYPT_LOCK;
620
621 if (e4crypt_is_native()) {
622 return translateBool(e4crypt_mount_metadata_encrypted());
623 } else {
624 // Spawn as thread so init can issue commands back to vold without
625 // causing deadlock, usually as a result of prep_data_fs.
626 std::thread(&cryptfs_mount_default_encrypted).detach();
627 return ok();
628 }
629}
630
631binder::Status VoldNativeService::initUser0() {
632 ENFORCE_UID(AID_SYSTEM);
633 ACQUIRE_CRYPT_LOCK;
634
635 return translateBool(e4crypt_init_user0());
636}
637
638binder::Status VoldNativeService::isConvertibleToFbe(bool* _aidl_return) {
639 ENFORCE_UID(AID_SYSTEM);
640 ACQUIRE_CRYPT_LOCK;
641
642 *_aidl_return = cryptfs_isConvertibleToFBE() != 0;
643 return ok();
644}
645
646binder::Status VoldNativeService::createUserKey(int32_t userId, int32_t userSerial,
647 bool ephemeral) {
648 ENFORCE_UID(AID_SYSTEM);
649 ACQUIRE_CRYPT_LOCK;
650
651 return translateBool(e4crypt_vold_create_user_key(userId, userSerial, ephemeral));
652}
653
654binder::Status VoldNativeService::destroyUserKey(int32_t userId) {
655 ENFORCE_UID(AID_SYSTEM);
656 ACQUIRE_CRYPT_LOCK;
657
658 return translateBool(e4crypt_destroy_user_key(userId));
659}
660
661binder::Status VoldNativeService::addUserKeyAuth(int32_t userId, int32_t userSerial,
662 const std::string& token, const std::string& secret) {
663 ENFORCE_UID(AID_SYSTEM);
664 ACQUIRE_CRYPT_LOCK;
665
Paul Crowley3b71fc52017-10-09 10:55:21 -0700[diff] [blame]666 return translateBool(e4crypt_add_user_key_auth(userId, userSerial, token, secret));
Jeff Sharkey83b559c2017-09-12 16:30:52 -0600[diff] [blame]667}
668
669binder::Status VoldNativeService::fixateNewestUserKeyAuth(int32_t userId) {
670 ENFORCE_UID(AID_SYSTEM);
671 ACQUIRE_CRYPT_LOCK;
672
673 return translateBool(e4crypt_fixate_newest_user_key_auth(userId));
674}
675
676binder::Status VoldNativeService::unlockUserKey(int32_t userId, int32_t userSerial,
677 const std::string& token, const std::string& secret) {
678 ENFORCE_UID(AID_SYSTEM);
679 ACQUIRE_CRYPT_LOCK;
680
Paul Crowley3b71fc52017-10-09 10:55:21 -0700[diff] [blame]681 return translateBool(e4crypt_unlock_user_key(userId, userSerial, token, secret));
Jeff Sharkey83b559c2017-09-12 16:30:52 -0600[diff] [blame]682}
683
684binder::Status VoldNativeService::lockUserKey(int32_t userId) {
685 ENFORCE_UID(AID_SYSTEM);
686 ACQUIRE_CRYPT_LOCK;
687
688 return translateBool(e4crypt_lock_user_key(userId));
689}
690
691binder::Status VoldNativeService::prepareUserStorage(const std::unique_ptr<std::string>& uuid,
692 int32_t userId, int32_t userSerial, int32_t flags) {
693 ENFORCE_UID(AID_SYSTEM);
Paul Crowley3b71fc52017-10-09 10:55:21 -0700[diff] [blame]694 std::string empty_string = "";
695 auto uuid_ = uuid ? *uuid : empty_string;
Paul Crowley06f762d2017-10-16 10:59:51 -0700[diff] [blame]696 CHECK_ARGUMENT_HEX(uuid_);
697
698 ACQUIRE_CRYPT_LOCK;
Jeff Sharkey83b559c2017-09-12 16:30:52 -0600[diff] [blame]699 return translateBool(e4crypt_prepare_user_storage(uuid_, userId, userSerial, flags));
700}
701
702binder::Status VoldNativeService::destroyUserStorage(const std::unique_ptr<std::string>& uuid,
703 int32_t userId, int32_t flags) {
704 ENFORCE_UID(AID_SYSTEM);
Paul Crowley3b71fc52017-10-09 10:55:21 -0700[diff] [blame]705 std::string empty_string = "";
706 auto uuid_ = uuid ? *uuid : empty_string;
Paul Crowley06f762d2017-10-16 10:59:51 -0700[diff] [blame]707 CHECK_ARGUMENT_HEX(uuid_);
708
709 ACQUIRE_CRYPT_LOCK;
Jeff Sharkey83b559c2017-09-12 16:30:52 -0600[diff] [blame]710 return translateBool(e4crypt_destroy_user_storage(uuid_, userId, flags));
711}
712
713binder::Status VoldNativeService::secdiscard(const std::string& path) {
714 ENFORCE_UID(AID_SYSTEM);
715 ACQUIRE_CRYPT_LOCK;
716
Paul Crowley3b71fc52017-10-09 10:55:21 -0700[diff] [blame]717 return translateBool(e4crypt_secdiscard(path));
Jeff Sharkey83b559c2017-09-12 16:30:52 -0600[diff] [blame]718}
719
Jeff Sharkey068c6be2017-09-06 13:47:40 -0600[diff] [blame]720} // namespace vold
721} // namespace android