blob: da57328359cde6c566b2a4bf13af392269efbe6e [file] [log] [blame]
Jeff Sharkey068c6be2017-09-06 13:47:40 -06001/*
2 * Copyright (C) 2017 The Android Open Source Project
3 *
4 * Licensed under the Apache License, Version 2.0 (the "License");
5 * you may not use this file except in compliance with the License.
6 * You may obtain a copy of the License at
7 *
8 * http://www.apache.org/licenses/LICENSE-2.0
9 *
10 * Unless required by applicable law or agreed to in writing, software
11 * distributed under the License is distributed on an "AS IS" BASIS,
12 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13 * See the License for the specific language governing permissions and
14 * limitations under the License.
15 */
16
Jeff Sharkey67b8c492017-09-21 17:08:43 -060017#define ATRACE_TAG ATRACE_TAG_PACKAGE_MANAGER
18
Jeff Sharkey068c6be2017-09-06 13:47:40 -060019#include "VoldNativeService.h"
Paul Crowley73be12d2020-02-03 12:22:03 -080020
Songchun Fan01c4e912020-03-03 17:58:20 -080021#include <android-base/logging.h>
22#include <android-base/stringprintf.h>
23#include <android-base/strings.h>
24#include <fs_mgr.h>
25#include <fscrypt/fscrypt.h>
26#include <private/android_filesystem_config.h>
27#include <utils/Trace.h>
28
Eric Biggers4859e0c2021-06-24 11:13:24 -070029#include <sys/vfs.h>
Songchun Fan01c4e912020-03-03 17:58:20 -080030#include <fstream>
31#include <thread>
32
Jeff Sharkey01a0e7f2017-10-17 16:06:32 -060033#include "Benchmark.h"
Daniel Rosenberg4f684712018-08-28 01:58:49 -070034#include "Checkpoint.h"
Eric Biggersa701c452018-10-23 13:06:55 -070035#include "FsCrypt.h"
Paul Crowley73be12d2020-02-03 12:22:03 -080036#include "IdleMaint.h"
Seth Moore5a43d612021-01-19 17:51:51 +000037#include "KeyStorage.h"
Eric Biggersd86a8ab2021-06-15 11:34:00 -070038#include "Keystore.h"
Jeff Sharkey83b559c2017-09-12 16:30:52 -060039#include "MetadataCrypt.h"
Paul Crowley73be12d2020-02-03 12:22:03 -080040#include "MoveStorage.h"
41#include "Process.h"
Yurii Zubrytskyi131365a2020-03-24 23:49:02 -070042#include "VoldNativeServiceValidation.h"
Paul Crowley73be12d2020-02-03 12:22:03 -080043#include "VoldUtil.h"
44#include "VolumeManager.h"
Paul Crowleyedf7a4e2018-09-18 15:14:18 -070045#include "cryptfs.h"
Yurii Zubrytskyifc7b6692020-04-22 23:23:24 -070046#include "incfs.h"
Jeff Sharkey83b559c2017-09-12 16:30:52 -060047
Jeff Sharkey068c6be2017-09-06 13:47:40 -060048using android::base::StringPrintf;
49using std::endl;
Yurii Zubrytskyi131365a2020-03-24 23:49:02 -070050using namespace std::literals;
Jeff Sharkey068c6be2017-09-06 13:47:40 -060051
52namespace android {
53namespace vold {
54
55namespace {
56
57constexpr const char* kDump = "android.permission.DUMP";
58
Jeff Sharkey9462bdd2017-09-07 15:27:28 -060059static binder::Status error(const std::string& msg) {
60 PLOG(ERROR) << msg;
61 return binder::Status::fromServiceSpecificError(errno, String8(msg.c_str()));
62}
63
Jeff Sharkey83b559c2017-09-12 16:30:52 -060064static binder::Status translate(int status) {
Jeff Sharkey9462bdd2017-09-07 15:27:28 -060065 if (status == 0) {
66 return binder::Status::ok();
67 } else {
Jeff Sharkey11c2d382017-09-11 10:32:01 -060068 return binder::Status::fromServiceSpecificError(status);
Jeff Sharkey9462bdd2017-09-07 15:27:28 -060069 }
70}
71
Jeff Sharkey83b559c2017-09-12 16:30:52 -060072static binder::Status translateBool(bool status) {
73 if (status) {
74 return binder::Status::ok();
75 } else {
76 return binder::Status::fromServiceSpecificError(status);
77 }
78}
79
Nikita Ioffe5d85bf32019-10-23 17:19:13 +010080#define ENFORCE_SYSTEM_OR_ROOT \
81 { \
Yurii Zubrytskyi131365a2020-03-24 23:49:02 -070082 binder::Status status = CheckUidOrRoot(AID_SYSTEM); \
Nikita Ioffe5d85bf32019-10-23 17:19:13 +010083 if (!status.isOk()) { \
84 return status; \
85 } \
Paul Crowleyedf7a4e2018-09-18 15:14:18 -070086 }
Jeff Sharkey068c6be2017-09-06 13:47:40 -060087
Paul Crowleyedf7a4e2018-09-18 15:14:18 -070088#define CHECK_ARGUMENT_ID(id) \
89 { \
Yurii Zubrytskyi131365a2020-03-24 23:49:02 -070090 binder::Status status = CheckArgumentId((id)); \
Paul Crowleyedf7a4e2018-09-18 15:14:18 -070091 if (!status.isOk()) { \
92 return status; \
93 } \
94 }
Jeff Sharkeyec4fda22017-09-12 13:19:24 -060095
Paul Crowleyedf7a4e2018-09-18 15:14:18 -070096#define CHECK_ARGUMENT_PATH(path) \
97 { \
Yurii Zubrytskyi131365a2020-03-24 23:49:02 -070098 binder::Status status = CheckArgumentPath((path)); \
Paul Crowleyedf7a4e2018-09-18 15:14:18 -070099 if (!status.isOk()) { \
100 return status; \
101 } \
102 }
Jeff Sharkeyec4fda22017-09-12 13:19:24 -0600103
Paul Crowleyedf7a4e2018-09-18 15:14:18 -0700104#define CHECK_ARGUMENT_HEX(hex) \
105 { \
Yurii Zubrytskyi131365a2020-03-24 23:49:02 -0700106 binder::Status status = CheckArgumentHex((hex)); \
Paul Crowleyedf7a4e2018-09-18 15:14:18 -0700107 if (!status.isOk()) { \
108 return status; \
109 } \
110 }
Jeff Sharkeyec4fda22017-09-12 13:19:24 -0600111
Paul Crowleyedf7a4e2018-09-18 15:14:18 -0700112#define ACQUIRE_LOCK \
Jeff Sharkey67b8c492017-09-21 17:08:43 -0600113 std::lock_guard<std::mutex> lock(VolumeManager::Instance()->getLock()); \
114 ATRACE_CALL();
Jeff Sharkey83b559c2017-09-12 16:30:52 -0600115
Paul Crowleyedf7a4e2018-09-18 15:14:18 -0700116#define ACQUIRE_CRYPT_LOCK \
Jeff Sharkey67b8c492017-09-21 17:08:43 -0600117 std::lock_guard<std::mutex> lock(VolumeManager::Instance()->getCryptLock()); \
118 ATRACE_CALL();
Jeff Sharkey9462bdd2017-09-07 15:27:28 -0600119
Jeff Sharkey068c6be2017-09-06 13:47:40 -0600120} // namespace
121
122status_t VoldNativeService::start() {
123 IPCThreadState::self()->disableBackgroundScheduling(true);
124 status_t ret = BinderService<VoldNativeService>::publish();
125 if (ret != android::OK) {
126 return ret;
127 }
128 sp<ProcessState> ps(ProcessState::self());
129 ps->startThreadPool();
130 ps->giveThreadPoolName();
131 return android::OK;
132}
133
Paul Crowleyedf7a4e2018-09-18 15:14:18 -0700134status_t VoldNativeService::dump(int fd, const Vector<String16>& /* args */) {
Jeff Sharkey068c6be2017-09-06 13:47:40 -0600135 auto out = std::fstream(StringPrintf("/proc/self/fd/%d", fd));
Yurii Zubrytskyi131365a2020-03-24 23:49:02 -0700136 const binder::Status dump_permission = CheckPermission(kDump);
Jeff Sharkey068c6be2017-09-06 13:47:40 -0600137 if (!dump_permission.isOk()) {
138 out << dump_permission.toString8() << endl;
139 return PERMISSION_DENIED;
140 }
141
Jeff Sharkey9462bdd2017-09-07 15:27:28 -0600142 ACQUIRE_LOCK;
Jeff Sharkey068c6be2017-09-06 13:47:40 -0600143 out << "vold is happy!" << endl;
Jeff Sharkey068c6be2017-09-06 13:47:40 -0600144 return NO_ERROR;
145}
146
Jeff Sharkey814e9d32017-09-13 11:49:44 -0600147binder::Status VoldNativeService::setListener(
Songchun Fan01c4e912020-03-03 17:58:20 -0800148 const android::sp<android::os::IVoldListener>& listener) {
Nikita Ioffe5d85bf32019-10-23 17:19:13 +0100149 ENFORCE_SYSTEM_OR_ROOT;
Jeff Sharkey814e9d32017-09-13 11:49:44 -0600150 ACQUIRE_LOCK;
151
152 VolumeManager::Instance()->setListener(listener);
Yurii Zubrytskyi131365a2020-03-24 23:49:02 -0700153 return Ok();
Jeff Sharkey814e9d32017-09-13 11:49:44 -0600154}
155
Jeff Sharkeycbe69fc2017-09-15 16:50:28 -0600156binder::Status VoldNativeService::monitor() {
Nikita Ioffe5d85bf32019-10-23 17:19:13 +0100157 ENFORCE_SYSTEM_OR_ROOT;
Jeff Sharkeycbe69fc2017-09-15 16:50:28 -0600158
159 // Simply acquire/release each lock for watchdog
Paul Crowleyedf7a4e2018-09-18 15:14:18 -0700160 { ACQUIRE_LOCK; }
161 { ACQUIRE_CRYPT_LOCK; }
Jeff Sharkeycbe69fc2017-09-15 16:50:28 -0600162
Yurii Zubrytskyi131365a2020-03-24 23:49:02 -0700163 return Ok();
Jeff Sharkeycbe69fc2017-09-15 16:50:28 -0600164}
165
Jeff Sharkey068c6be2017-09-06 13:47:40 -0600166binder::Status VoldNativeService::reset() {
Nikita Ioffe5d85bf32019-10-23 17:19:13 +0100167 ENFORCE_SYSTEM_OR_ROOT;
Jeff Sharkey9462bdd2017-09-07 15:27:28 -0600168 ACQUIRE_LOCK;
Jeff Sharkey068c6be2017-09-06 13:47:40 -0600169
Jeff Sharkey9462bdd2017-09-07 15:27:28 -0600170 return translate(VolumeManager::Instance()->reset());
171}
172
173binder::Status VoldNativeService::shutdown() {
Nikita Ioffe5d85bf32019-10-23 17:19:13 +0100174 ENFORCE_SYSTEM_OR_ROOT;
Jeff Sharkey9462bdd2017-09-07 15:27:28 -0600175 ACQUIRE_LOCK;
176
177 return translate(VolumeManager::Instance()->shutdown());
178}
179
Martijn Coenen23c04452020-04-29 07:49:41 +0200180binder::Status VoldNativeService::abortFuse() {
181 ENFORCE_SYSTEM_OR_ROOT;
lijiaziffe76222021-03-17 16:51:16 +0800182 // if acquire lock, maybe lead to a deadlock if lock is held by a
183 // thread that is blocked on a FUSE operation.
184 // abort fuse doesn't need to access any state, so do not acquire lock
Martijn Coenen23c04452020-04-29 07:49:41 +0200185
186 return translate(VolumeManager::Instance()->abortFuse());
187}
188
Jeff Sharkey9462bdd2017-09-07 15:27:28 -0600189binder::Status VoldNativeService::onUserAdded(int32_t userId, int32_t userSerial) {
Nikita Ioffe5d85bf32019-10-23 17:19:13 +0100190 ENFORCE_SYSTEM_OR_ROOT;
Jeff Sharkey9462bdd2017-09-07 15:27:28 -0600191 ACQUIRE_LOCK;
192
193 return translate(VolumeManager::Instance()->onUserAdded(userId, userSerial));
194}
195
196binder::Status VoldNativeService::onUserRemoved(int32_t userId) {
Nikita Ioffe5d85bf32019-10-23 17:19:13 +0100197 ENFORCE_SYSTEM_OR_ROOT;
Jeff Sharkey9462bdd2017-09-07 15:27:28 -0600198 ACQUIRE_LOCK;
199
200 return translate(VolumeManager::Instance()->onUserRemoved(userId));
201}
202
Sudheer Shanka5fceb482019-04-29 10:46:35 -0700203binder::Status VoldNativeService::onUserStarted(int32_t userId) {
Nikita Ioffe5d85bf32019-10-23 17:19:13 +0100204 ENFORCE_SYSTEM_OR_ROOT;
Jeff Sharkey9462bdd2017-09-07 15:27:28 -0600205 ACQUIRE_LOCK;
206
Sudheer Shanka5fceb482019-04-29 10:46:35 -0700207 return translate(VolumeManager::Instance()->onUserStarted(userId));
Jeff Sharkey9462bdd2017-09-07 15:27:28 -0600208}
209
210binder::Status VoldNativeService::onUserStopped(int32_t userId) {
Nikita Ioffe5d85bf32019-10-23 17:19:13 +0100211 ENFORCE_SYSTEM_OR_ROOT;
Jeff Sharkey9462bdd2017-09-07 15:27:28 -0600212 ACQUIRE_LOCK;
213
214 return translate(VolumeManager::Instance()->onUserStopped(userId));
215}
216
Sudheer Shankad484aa92018-07-31 10:07:34 -0700217binder::Status VoldNativeService::addAppIds(const std::vector<std::string>& packageNames,
Paul Crowleyedf7a4e2018-09-18 15:14:18 -0700218 const std::vector<int32_t>& appIds) {
Yurii Zubrytskyi131365a2020-03-24 23:49:02 -0700219 return Ok();
Sudheer Shankad484aa92018-07-31 10:07:34 -0700220}
221
Sudheer Shankad484aa92018-07-31 10:07:34 -0700222binder::Status VoldNativeService::addSandboxIds(const std::vector<int32_t>& appIds,
Paul Crowleyedf7a4e2018-09-18 15:14:18 -0700223 const std::vector<std::string>& sandboxIds) {
Yurii Zubrytskyi131365a2020-03-24 23:49:02 -0700224 return Ok();
Sudheer Shankad484aa92018-07-31 10:07:34 -0700225}
226
Jeff Sharkey401b2602017-12-14 22:15:20 -0700227binder::Status VoldNativeService::onSecureKeyguardStateChanged(bool isShowing) {
Nikita Ioffe5d85bf32019-10-23 17:19:13 +0100228 ENFORCE_SYSTEM_OR_ROOT;
Jeff Sharkey401b2602017-12-14 22:15:20 -0700229 ACQUIRE_LOCK;
230
231 return translate(VolumeManager::Instance()->onSecureKeyguardStateChanged(isShowing));
232}
233
Jeff Sharkey11c2d382017-09-11 10:32:01 -0600234binder::Status VoldNativeService::partition(const std::string& diskId, int32_t partitionType,
Paul Crowleyedf7a4e2018-09-18 15:14:18 -0700235 int32_t ratio) {
Nikita Ioffe5d85bf32019-10-23 17:19:13 +0100236 ENFORCE_SYSTEM_OR_ROOT;
Jeff Sharkeyec4fda22017-09-12 13:19:24 -0600237 CHECK_ARGUMENT_ID(diskId);
Jeff Sharkey9462bdd2017-09-07 15:27:28 -0600238 ACQUIRE_LOCK;
239
240 auto disk = VolumeManager::Instance()->findDisk(diskId);
241 if (disk == nullptr) {
242 return error("Failed to find disk " + diskId);
243 }
244 switch (partitionType) {
Paul Crowleyedf7a4e2018-09-18 15:14:18 -0700245 case PARTITION_TYPE_PUBLIC:
246 return translate(disk->partitionPublic());
247 case PARTITION_TYPE_PRIVATE:
248 return translate(disk->partitionPrivate());
249 case PARTITION_TYPE_MIXED:
250 return translate(disk->partitionMixed(ratio));
251 default:
252 return error("Unknown type " + std::to_string(partitionType));
Jeff Sharkey9462bdd2017-09-07 15:27:28 -0600253 }
254}
255
Jeff Sharkey3ce18252017-10-24 11:08:45 -0600256binder::Status VoldNativeService::forgetPartition(const std::string& partGuid,
Paul Crowleyedf7a4e2018-09-18 15:14:18 -0700257 const std::string& fsUuid) {
Nikita Ioffe5d85bf32019-10-23 17:19:13 +0100258 ENFORCE_SYSTEM_OR_ROOT;
Jeff Sharkeyec4fda22017-09-12 13:19:24 -0600259 CHECK_ARGUMENT_HEX(partGuid);
Jeff Sharkey3ce18252017-10-24 11:08:45 -0600260 CHECK_ARGUMENT_HEX(fsUuid);
Jeff Sharkey9462bdd2017-09-07 15:27:28 -0600261 ACQUIRE_LOCK;
262
Jeff Sharkey3ce18252017-10-24 11:08:45 -0600263 return translate(VolumeManager::Instance()->forgetPartition(partGuid, fsUuid));
Jeff Sharkey9462bdd2017-09-07 15:27:28 -0600264}
265
Zim5048b4b2019-11-19 09:16:03 +0000266binder::Status VoldNativeService::mount(
267 const std::string& volId, int32_t mountFlags, int32_t mountUserId,
268 const android::sp<android::os::IVoldMountCallback>& callback) {
Nikita Ioffe5d85bf32019-10-23 17:19:13 +0100269 ENFORCE_SYSTEM_OR_ROOT;
Jeff Sharkeyec4fda22017-09-12 13:19:24 -0600270 CHECK_ARGUMENT_ID(volId);
Jeff Sharkey9462bdd2017-09-07 15:27:28 -0600271 ACQUIRE_LOCK;
272
273 auto vol = VolumeManager::Instance()->findVolume(volId);
274 if (vol == nullptr) {
275 return error("Failed to find volume " + volId);
276 }
277
278 vol->setMountFlags(mountFlags);
279 vol->setMountUserId(mountUserId);
280
Zim5048b4b2019-11-19 09:16:03 +0000281 vol->setMountCallback(callback);
Jeff Sharkey9462bdd2017-09-07 15:27:28 -0600282 int res = vol->mount();
Zim5048b4b2019-11-19 09:16:03 +0000283 vol->setMountCallback(nullptr);
284
Sudheer Shanka40ab6742018-09-18 13:07:45 -0700285 if (res != OK) {
286 return translate(res);
Jeff Sharkey9462bdd2017-09-07 15:27:28 -0600287 }
Zim3623a212019-07-19 16:46:53 +0100288
Sudheer Shanka40ab6742018-09-18 13:07:45 -0700289 return translate(OK);
Jeff Sharkey9462bdd2017-09-07 15:27:28 -0600290}
291
292binder::Status VoldNativeService::unmount(const std::string& volId) {
Nikita Ioffe5d85bf32019-10-23 17:19:13 +0100293 ENFORCE_SYSTEM_OR_ROOT;
Jeff Sharkeyec4fda22017-09-12 13:19:24 -0600294 CHECK_ARGUMENT_ID(volId);
Jeff Sharkey9462bdd2017-09-07 15:27:28 -0600295 ACQUIRE_LOCK;
296
297 auto vol = VolumeManager::Instance()->findVolume(volId);
298 if (vol == nullptr) {
299 return error("Failed to find volume " + volId);
300 }
301 return translate(vol->unmount());
302}
303
304binder::Status VoldNativeService::format(const std::string& volId, const std::string& fsType) {
Nikita Ioffe5d85bf32019-10-23 17:19:13 +0100305 ENFORCE_SYSTEM_OR_ROOT;
Jeff Sharkeyec4fda22017-09-12 13:19:24 -0600306 CHECK_ARGUMENT_ID(volId);
Jeff Sharkey9462bdd2017-09-07 15:27:28 -0600307 ACQUIRE_LOCK;
308
309 auto vol = VolumeManager::Instance()->findVolume(volId);
310 if (vol == nullptr) {
311 return error("Failed to find volume " + volId);
312 }
313 return translate(vol->format(fsType));
314}
315
Jeff Sharkey2048a282017-06-15 09:59:43 -0600316static binder::Status pathForVolId(const std::string& volId, std::string* path) {
Jeff Sharkey52f7a912017-09-15 12:57:44 -0600317 if (volId == "private" || volId == "null") {
Jeff Sharkey2048a282017-06-15 09:59:43 -0600318 *path = "/data";
Jeff Sharkey52f7a912017-09-15 12:57:44 -0600319 } else {
320 auto vol = VolumeManager::Instance()->findVolume(volId);
321 if (vol == nullptr) {
322 return error("Failed to find volume " + volId);
323 }
324 if (vol->getType() != VolumeBase::Type::kPrivate) {
325 return error("Volume " + volId + " not private");
326 }
327 if (vol->getState() != VolumeBase::State::kMounted) {
328 return error("Volume " + volId + " not mounted");
329 }
Jeff Sharkey2048a282017-06-15 09:59:43 -0600330 *path = vol->getPath();
331 if (path->empty()) {
332 return error("Volume " + volId + " missing path");
333 }
Jeff Sharkey52f7a912017-09-15 12:57:44 -0600334 }
Yurii Zubrytskyi131365a2020-03-24 23:49:02 -0700335 return Ok();
Jeff Sharkey2048a282017-06-15 09:59:43 -0600336}
Jeff Sharkey52f7a912017-09-15 12:57:44 -0600337
Jeff Sharkey2048a282017-06-15 09:59:43 -0600338binder::Status VoldNativeService::benchmark(
Songchun Fan01c4e912020-03-03 17:58:20 -0800339 const std::string& volId, const android::sp<android::os::IVoldTaskListener>& listener) {
Nikita Ioffe5d85bf32019-10-23 17:19:13 +0100340 ENFORCE_SYSTEM_OR_ROOT;
Jeff Sharkey2048a282017-06-15 09:59:43 -0600341 CHECK_ARGUMENT_ID(volId);
342 ACQUIRE_LOCK;
343
344 std::string path;
345 auto status = pathForVolId(volId, &path);
346 if (!status.isOk()) return status;
Jeff Sharkey52f7a912017-09-15 12:57:44 -0600347
Paul Crowleyedf7a4e2018-09-18 15:14:18 -0700348 std::thread([=]() { android::vold::Benchmark(path, listener); }).detach();
Yurii Zubrytskyi131365a2020-03-24 23:49:02 -0700349 return Ok();
Jeff Sharkey068c6be2017-09-06 13:47:40 -0600350}
351
Paul Crowleyedf7a4e2018-09-18 15:14:18 -0700352binder::Status VoldNativeService::moveStorage(
Songchun Fan01c4e912020-03-03 17:58:20 -0800353 const std::string& fromVolId, const std::string& toVolId,
354 const android::sp<android::os::IVoldTaskListener>& listener) {
Nikita Ioffe5d85bf32019-10-23 17:19:13 +0100355 ENFORCE_SYSTEM_OR_ROOT;
Jeff Sharkeyec4fda22017-09-12 13:19:24 -0600356 CHECK_ARGUMENT_ID(fromVolId);
357 CHECK_ARGUMENT_ID(toVolId);
Jeff Sharkey9462bdd2017-09-07 15:27:28 -0600358 ACQUIRE_LOCK;
359
360 auto fromVol = VolumeManager::Instance()->findVolume(fromVolId);
361 auto toVol = VolumeManager::Instance()->findVolume(toVolId);
362 if (fromVol == nullptr) {
363 return error("Failed to find volume " + fromVolId);
364 } else if (toVol == nullptr) {
365 return error("Failed to find volume " + toVolId);
366 }
Jeff Sharkey01a0e7f2017-10-17 16:06:32 -0600367
Paul Crowleyedf7a4e2018-09-18 15:14:18 -0700368 std::thread([=]() { android::vold::MoveStorage(fromVol, toVol, listener); }).detach();
Yurii Zubrytskyi131365a2020-03-24 23:49:02 -0700369 return Ok();
Jeff Sharkey9462bdd2017-09-07 15:27:28 -0600370}
371
372binder::Status VoldNativeService::remountUid(int32_t uid, int32_t remountMode) {
Nikita Ioffe5d85bf32019-10-23 17:19:13 +0100373 ENFORCE_SYSTEM_OR_ROOT;
Jeff Sharkey9462bdd2017-09-07 15:27:28 -0600374 ACQUIRE_LOCK;
375
Sudheer Shanka817b9112018-12-13 17:40:28 -0800376 return translate(VolumeManager::Instance()->remountUid(uid, remountMode));
Jeff Sharkey9462bdd2017-09-07 15:27:28 -0600377}
378
Ricky Wai6b122572020-02-28 16:30:47 +0000379binder::Status VoldNativeService::remountAppStorageDirs(int uid, int pid,
380 const std::vector<std::string>& packageNames) {
381 ENFORCE_SYSTEM_OR_ROOT;
382 ACQUIRE_LOCK;
383
Ricky Waia2ca11e2021-01-15 14:03:23 +0000384 return translate(VolumeManager::Instance()->handleAppStorageDirs(uid, pid,
385 false /* doUnmount */, packageNames));
386}
387
388binder::Status VoldNativeService::unmountAppStorageDirs(int uid, int pid,
389 const std::vector<std::string>& packageNames) {
390 ENFORCE_SYSTEM_OR_ROOT;
391 ACQUIRE_LOCK;
392
393 return translate(VolumeManager::Instance()->handleAppStorageDirs(uid, pid,
394 true /* doUnmount */, packageNames));
Ricky Wai6b122572020-02-28 16:30:47 +0000395}
396
Martijn Coenen8a68a072020-02-12 15:29:02 +0100397binder::Status VoldNativeService::setupAppDir(const std::string& path, int32_t appUid) {
Nikita Ioffe5d85bf32019-10-23 17:19:13 +0100398 ENFORCE_SYSTEM_OR_ROOT;
Jeff Sharkeyec4fda22017-09-12 13:19:24 -0600399 CHECK_ARGUMENT_PATH(path);
Jeff Sharkey9462bdd2017-09-07 15:27:28 -0600400 ACQUIRE_LOCK;
401
Martijn Coenen8a68a072020-02-12 15:29:02 +0100402 return translate(VolumeManager::Instance()->setupAppDir(path, appUid));
Jeff Sharkey9462bdd2017-09-07 15:27:28 -0600403}
404
Ricky Waibbfb6ea2020-12-03 15:32:52 +0000405binder::Status VoldNativeService::ensureAppDirsCreated(const std::vector<std::string>& paths,
406 int32_t appUid) {
407 ENFORCE_SYSTEM_OR_ROOT;
408 ACQUIRE_LOCK;
409
410 return translate(VolumeManager::Instance()->ensureAppDirsCreated(paths, appUid));
411}
412
Martijn Coenen816f4d92020-02-18 15:06:37 +0100413binder::Status VoldNativeService::fixupAppDir(const std::string& path, int32_t appUid) {
414 ENFORCE_SYSTEM_OR_ROOT;
415 CHECK_ARGUMENT_PATH(path);
416 ACQUIRE_LOCK;
417
418 return translate(VolumeManager::Instance()->fixupAppDir(path, appUid));
419}
420
Jeff Sharkey11c2d382017-09-11 10:32:01 -0600421binder::Status VoldNativeService::createObb(const std::string& sourcePath,
Paul Crowleyedf7a4e2018-09-18 15:14:18 -0700422 const std::string& sourceKey, int32_t ownerGid,
423 std::string* _aidl_return) {
Nikita Ioffe5d85bf32019-10-23 17:19:13 +0100424 ENFORCE_SYSTEM_OR_ROOT;
Jeff Sharkeyec4fda22017-09-12 13:19:24 -0600425 CHECK_ARGUMENT_PATH(sourcePath);
426 CHECK_ARGUMENT_HEX(sourceKey);
Jeff Sharkey11c2d382017-09-11 10:32:01 -0600427 ACQUIRE_LOCK;
428
429 return translate(
Songchun Fan01c4e912020-03-03 17:58:20 -0800430 VolumeManager::Instance()->createObb(sourcePath, sourceKey, ownerGid, _aidl_return));
Jeff Sharkey11c2d382017-09-11 10:32:01 -0600431}
432
433binder::Status VoldNativeService::destroyObb(const std::string& volId) {
Nikita Ioffe5d85bf32019-10-23 17:19:13 +0100434 ENFORCE_SYSTEM_OR_ROOT;
Jeff Sharkeyec4fda22017-09-12 13:19:24 -0600435 CHECK_ARGUMENT_ID(volId);
Jeff Sharkey11c2d382017-09-11 10:32:01 -0600436 ACQUIRE_LOCK;
437
438 return translate(VolumeManager::Instance()->destroyObb(volId));
439}
440
Risan82e90de2020-02-04 16:07:21 +0900441binder::Status VoldNativeService::createStubVolume(const std::string& sourcePath,
442 const std::string& mountPath,
443 const std::string& fsType,
444 const std::string& fsUuid,
445 const std::string& fsLabel, int32_t flags,
446 std::string* _aidl_return) {
Nikita Ioffe5d85bf32019-10-23 17:19:13 +0100447 ENFORCE_SYSTEM_OR_ROOT;
Risan8c9f3322018-10-29 08:52:56 +0900448 CHECK_ARGUMENT_PATH(sourcePath);
449 CHECK_ARGUMENT_PATH(mountPath);
450 CHECK_ARGUMENT_HEX(fsUuid);
451 // Label limitation seems to be different between fs (including allowed characters), so checking
452 // is quite meaningless.
453 ACQUIRE_LOCK;
454
Risan82e90de2020-02-04 16:07:21 +0900455 return translate(VolumeManager::Instance()->createStubVolume(
456 sourcePath, mountPath, fsType, fsUuid, fsLabel, flags, _aidl_return));
Risan8c9f3322018-10-29 08:52:56 +0900457}
458
459binder::Status VoldNativeService::destroyStubVolume(const std::string& volId) {
Nikita Ioffe5d85bf32019-10-23 17:19:13 +0100460 ENFORCE_SYSTEM_OR_ROOT;
Risan8c9f3322018-10-29 08:52:56 +0900461 CHECK_ARGUMENT_ID(volId);
462 ACQUIRE_LOCK;
463
464 return translate(VolumeManager::Instance()->destroyStubVolume(volId));
465}
466
Paul Crowleyedf7a4e2018-09-18 15:14:18 -0700467binder::Status VoldNativeService::fstrim(
Songchun Fan01c4e912020-03-03 17:58:20 -0800468 int32_t fstrimFlags, const android::sp<android::os::IVoldTaskListener>& listener) {
Nikita Ioffe5d85bf32019-10-23 17:19:13 +0100469 ENFORCE_SYSTEM_OR_ROOT;
Jeff Sharkey11c2d382017-09-11 10:32:01 -0600470 ACQUIRE_LOCK;
471
Paul Crowleyedf7a4e2018-09-18 15:14:18 -0700472 std::thread([=]() { android::vold::Trim(listener); }).detach();
Yurii Zubrytskyi131365a2020-03-24 23:49:02 -0700473 return Ok();
Jeff Sharkey11c2d382017-09-11 10:32:01 -0600474}
475
Jin Qiana370c142017-10-17 15:41:45 -0700476binder::Status VoldNativeService::runIdleMaint(
Songchun Fan01c4e912020-03-03 17:58:20 -0800477 const android::sp<android::os::IVoldTaskListener>& listener) {
Nikita Ioffe5d85bf32019-10-23 17:19:13 +0100478 ENFORCE_SYSTEM_OR_ROOT;
Jin Qiana370c142017-10-17 15:41:45 -0700479 ACQUIRE_LOCK;
480
Paul Crowleyedf7a4e2018-09-18 15:14:18 -0700481 std::thread([=]() { android::vold::RunIdleMaint(listener); }).detach();
Yurii Zubrytskyi131365a2020-03-24 23:49:02 -0700482 return Ok();
Jin Qiana370c142017-10-17 15:41:45 -0700483}
484
485binder::Status VoldNativeService::abortIdleMaint(
Songchun Fan01c4e912020-03-03 17:58:20 -0800486 const android::sp<android::os::IVoldTaskListener>& listener) {
Nikita Ioffe5d85bf32019-10-23 17:19:13 +0100487 ENFORCE_SYSTEM_OR_ROOT;
Jin Qiana370c142017-10-17 15:41:45 -0700488 ACQUIRE_LOCK;
489
Paul Crowleyedf7a4e2018-09-18 15:14:18 -0700490 std::thread([=]() { android::vold::AbortIdleMaint(listener); }).detach();
Yurii Zubrytskyi131365a2020-03-24 23:49:02 -0700491 return Ok();
Jin Qiana370c142017-10-17 15:41:45 -0700492}
493
Risan8f6198d2018-10-26 20:56:45 -0600494binder::Status VoldNativeService::mountAppFuse(int32_t uid, int32_t mountId,
Paul Crowleyedf7a4e2018-09-18 15:14:18 -0700495 android::base::unique_fd* _aidl_return) {
Nikita Ioffe5d85bf32019-10-23 17:19:13 +0100496 ENFORCE_SYSTEM_OR_ROOT;
Jeff Sharkey11c2d382017-09-11 10:32:01 -0600497 ACQUIRE_LOCK;
498
Risan8f6198d2018-10-26 20:56:45 -0600499 return translate(VolumeManager::Instance()->mountAppFuse(uid, mountId, _aidl_return));
Jeff Sharkey11c2d382017-09-11 10:32:01 -0600500}
501
Risan8f6198d2018-10-26 20:56:45 -0600502binder::Status VoldNativeService::unmountAppFuse(int32_t uid, int32_t mountId) {
Nikita Ioffe5d85bf32019-10-23 17:19:13 +0100503 ENFORCE_SYSTEM_OR_ROOT;
Jeff Sharkey11c2d382017-09-11 10:32:01 -0600504 ACQUIRE_LOCK;
505
Risan8f6198d2018-10-26 20:56:45 -0600506 return translate(VolumeManager::Instance()->unmountAppFuse(uid, mountId));
507}
508
509binder::Status VoldNativeService::openAppFuseFile(int32_t uid, int32_t mountId, int32_t fileId,
510 int32_t flags,
511 android::base::unique_fd* _aidl_return) {
Nikita Ioffe5d85bf32019-10-23 17:19:13 +0100512 ENFORCE_SYSTEM_OR_ROOT;
Risan8f6198d2018-10-26 20:56:45 -0600513 ACQUIRE_LOCK;
514
515 int fd = VolumeManager::Instance()->openAppFuseFile(uid, mountId, fileId, flags);
516 if (fd == -1) {
517 return error("Failed to open AppFuse file for uid: " + std::to_string(uid) +
518 " mountId: " + std::to_string(mountId) + " fileId: " + std::to_string(fileId) +
519 " flags: " + std::to_string(flags));
520 }
521
522 *_aidl_return = android::base::unique_fd(fd);
Yurii Zubrytskyi131365a2020-03-24 23:49:02 -0700523 return Ok();
Jeff Sharkey11c2d382017-09-11 10:32:01 -0600524}
525
Jeff Sharkey83b559c2017-09-12 16:30:52 -0600526binder::Status VoldNativeService::fdeCheckPassword(const std::string& password) {
Nikita Ioffe5d85bf32019-10-23 17:19:13 +0100527 ENFORCE_SYSTEM_OR_ROOT;
Jeff Sharkey83b559c2017-09-12 16:30:52 -0600528 ACQUIRE_CRYPT_LOCK;
529
530 return translate(cryptfs_check_passwd(password.c_str()));
531}
532
533binder::Status VoldNativeService::fdeRestart() {
Nikita Ioffe5d85bf32019-10-23 17:19:13 +0100534 ENFORCE_SYSTEM_OR_ROOT;
Jeff Sharkey83b559c2017-09-12 16:30:52 -0600535 ACQUIRE_CRYPT_LOCK;
536
537 // Spawn as thread so init can issue commands back to vold without
538 // causing deadlock, usually as a result of prep_data_fs.
539 std::thread(&cryptfs_restart).detach();
Yurii Zubrytskyi131365a2020-03-24 23:49:02 -0700540 return Ok();
Jeff Sharkey83b559c2017-09-12 16:30:52 -0600541}
542
543binder::Status VoldNativeService::fdeComplete(int32_t* _aidl_return) {
Nikita Ioffe5d85bf32019-10-23 17:19:13 +0100544 ENFORCE_SYSTEM_OR_ROOT;
Jeff Sharkey83b559c2017-09-12 16:30:52 -0600545 ACQUIRE_CRYPT_LOCK;
546
547 *_aidl_return = cryptfs_crypto_complete();
Yurii Zubrytskyi131365a2020-03-24 23:49:02 -0700548 return Ok();
Jeff Sharkey83b559c2017-09-12 16:30:52 -0600549}
550
551static int fdeEnableInternal(int32_t passwordType, const std::string& password,
Paul Crowleyedf7a4e2018-09-18 15:14:18 -0700552 int32_t encryptionFlags) {
Jeff Sharkey83b559c2017-09-12 16:30:52 -0600553 bool noUi = (encryptionFlags & VoldNativeService::ENCRYPTION_FLAG_NO_UI) != 0;
554
Jeff Sharkey83b559c2017-09-12 16:30:52 -0600555 for (int tries = 0; tries < 2; ++tries) {
556 int rc;
557 if (passwordType == VoldNativeService::PASSWORD_TYPE_DEFAULT) {
Paul Lawrence7ee87cf2017-12-22 10:12:06 -0800558 rc = cryptfs_enable_default(noUi);
Jeff Sharkey83b559c2017-09-12 16:30:52 -0600559 } else {
Paul Lawrence7ee87cf2017-12-22 10:12:06 -0800560 rc = cryptfs_enable(passwordType, password.c_str(), noUi);
Jeff Sharkey83b559c2017-09-12 16:30:52 -0600561 }
562
563 if (rc == 0) {
564 return 0;
565 } else if (tries == 0) {
Jeff Sharkey3472e522017-10-06 18:02:53 -0600566 KillProcessesWithOpenFiles(DATA_MNT_POINT, SIGKILL);
Jeff Sharkey83b559c2017-09-12 16:30:52 -0600567 }
568 }
569
570 return -1;
571}
572
Paul Crowleyedf7a4e2018-09-18 15:14:18 -0700573binder::Status VoldNativeService::fdeEnable(int32_t passwordType, const std::string& password,
574 int32_t encryptionFlags) {
Nikita Ioffe5d85bf32019-10-23 17:19:13 +0100575 ENFORCE_SYSTEM_OR_ROOT;
Jeff Sharkey83b559c2017-09-12 16:30:52 -0600576 ACQUIRE_CRYPT_LOCK;
577
Paul Crowley0fd26262018-01-30 09:48:19 -0800578 LOG(DEBUG) << "fdeEnable(" << passwordType << ", *, " << encryptionFlags << ")";
Eric Biggersa701c452018-10-23 13:06:55 -0700579 if (fscrypt_is_native()) {
580 LOG(ERROR) << "fscrypt_is_native, fdeEnable invalid";
581 return error("fscrypt_is_native, fdeEnable invalid");
Jeff Sharkey83b559c2017-09-12 16:30:52 -0600582 }
Eric Biggersa701c452018-10-23 13:06:55 -0700583 LOG(DEBUG) << "!fscrypt_is_native, spawning fdeEnableInternal";
Jeff Sharkey83b559c2017-09-12 16:30:52 -0600584
585 // Spawn as thread so init can issue commands back to vold without
586 // causing deadlock, usually as a result of prep_data_fs.
587 std::thread(&fdeEnableInternal, passwordType, password, encryptionFlags).detach();
Yurii Zubrytskyi131365a2020-03-24 23:49:02 -0700588 return Ok();
Jeff Sharkey83b559c2017-09-12 16:30:52 -0600589}
590
591binder::Status VoldNativeService::fdeChangePassword(int32_t passwordType,
Paul Crowleyedf7a4e2018-09-18 15:14:18 -0700592 const std::string& password) {
Nikita Ioffe5d85bf32019-10-23 17:19:13 +0100593 ENFORCE_SYSTEM_OR_ROOT;
Jeff Sharkey83b559c2017-09-12 16:30:52 -0600594 ACQUIRE_CRYPT_LOCK;
595
596 return translate(cryptfs_changepw(passwordType, password.c_str()));
597}
598
599binder::Status VoldNativeService::fdeVerifyPassword(const std::string& password) {
Nikita Ioffe5d85bf32019-10-23 17:19:13 +0100600 ENFORCE_SYSTEM_OR_ROOT;
Jeff Sharkey83b559c2017-09-12 16:30:52 -0600601 ACQUIRE_CRYPT_LOCK;
602
603 return translate(cryptfs_verify_passwd(password.c_str()));
604}
605
Paul Crowleyedf7a4e2018-09-18 15:14:18 -0700606binder::Status VoldNativeService::fdeGetField(const std::string& key, std::string* _aidl_return) {
Nikita Ioffe5d85bf32019-10-23 17:19:13 +0100607 ENFORCE_SYSTEM_OR_ROOT;
Jeff Sharkey83b559c2017-09-12 16:30:52 -0600608 ACQUIRE_CRYPT_LOCK;
609
610 char buf[PROPERTY_VALUE_MAX];
611 if (cryptfs_getfield(key.c_str(), buf, sizeof(buf)) != CRYPTO_GETFIELD_OK) {
612 return error(StringPrintf("Failed to read field %s", key.c_str()));
613 } else {
614 *_aidl_return = buf;
Yurii Zubrytskyi131365a2020-03-24 23:49:02 -0700615 return Ok();
Jeff Sharkey83b559c2017-09-12 16:30:52 -0600616 }
617}
618
Paul Crowleyedf7a4e2018-09-18 15:14:18 -0700619binder::Status VoldNativeService::fdeSetField(const std::string& key, const std::string& value) {
Nikita Ioffe5d85bf32019-10-23 17:19:13 +0100620 ENFORCE_SYSTEM_OR_ROOT;
Jeff Sharkey83b559c2017-09-12 16:30:52 -0600621 ACQUIRE_CRYPT_LOCK;
622
623 return translate(cryptfs_setfield(key.c_str(), value.c_str()));
624}
625
626binder::Status VoldNativeService::fdeGetPasswordType(int32_t* _aidl_return) {
Nikita Ioffe5d85bf32019-10-23 17:19:13 +0100627 ENFORCE_SYSTEM_OR_ROOT;
Jeff Sharkey83b559c2017-09-12 16:30:52 -0600628 ACQUIRE_CRYPT_LOCK;
629
630 *_aidl_return = cryptfs_get_password_type();
Yurii Zubrytskyi131365a2020-03-24 23:49:02 -0700631 return Ok();
Jeff Sharkey83b559c2017-09-12 16:30:52 -0600632}
633
634binder::Status VoldNativeService::fdeGetPassword(std::string* _aidl_return) {
Nikita Ioffe5d85bf32019-10-23 17:19:13 +0100635 ENFORCE_SYSTEM_OR_ROOT;
Jeff Sharkey83b559c2017-09-12 16:30:52 -0600636 ACQUIRE_CRYPT_LOCK;
637
638 const char* res = cryptfs_get_password();
639 if (res != nullptr) {
640 *_aidl_return = res;
641 }
Yurii Zubrytskyi131365a2020-03-24 23:49:02 -0700642 return Ok();
Jeff Sharkey83b559c2017-09-12 16:30:52 -0600643}
644
645binder::Status VoldNativeService::fdeClearPassword() {
Nikita Ioffe5d85bf32019-10-23 17:19:13 +0100646 ENFORCE_SYSTEM_OR_ROOT;
Jeff Sharkey83b559c2017-09-12 16:30:52 -0600647 ACQUIRE_CRYPT_LOCK;
648
649 cryptfs_clear_password();
Yurii Zubrytskyi131365a2020-03-24 23:49:02 -0700650 return Ok();
Jeff Sharkey83b559c2017-09-12 16:30:52 -0600651}
652
653binder::Status VoldNativeService::fbeEnable() {
Nikita Ioffe5d85bf32019-10-23 17:19:13 +0100654 ENFORCE_SYSTEM_OR_ROOT;
Jeff Sharkey83b559c2017-09-12 16:30:52 -0600655 ACQUIRE_CRYPT_LOCK;
656
Paul Crowleyc8a3ef32019-09-11 15:00:08 -0700657 return translateBool(fscrypt_initialize_systemwide_keys());
Jeff Sharkey83b559c2017-09-12 16:30:52 -0600658}
659
660binder::Status VoldNativeService::mountDefaultEncrypted() {
Nikita Ioffe5d85bf32019-10-23 17:19:13 +0100661 ENFORCE_SYSTEM_OR_ROOT;
Jeff Sharkey83b559c2017-09-12 16:30:52 -0600662 ACQUIRE_CRYPT_LOCK;
663
Eric Biggersa701c452018-10-23 13:06:55 -0700664 if (!fscrypt_is_native()) {
Jeff Sharkey83b559c2017-09-12 16:30:52 -0600665 // Spawn as thread so init can issue commands back to vold without
666 // causing deadlock, usually as a result of prep_data_fs.
667 std::thread(&cryptfs_mount_default_encrypted).detach();
Jeff Sharkey83b559c2017-09-12 16:30:52 -0600668 }
Yurii Zubrytskyi131365a2020-03-24 23:49:02 -0700669 return Ok();
Jeff Sharkey83b559c2017-09-12 16:30:52 -0600670}
671
672binder::Status VoldNativeService::initUser0() {
Nikita Ioffe5d85bf32019-10-23 17:19:13 +0100673 ENFORCE_SYSTEM_OR_ROOT;
Jeff Sharkey83b559c2017-09-12 16:30:52 -0600674 ACQUIRE_CRYPT_LOCK;
675
Eric Biggersa701c452018-10-23 13:06:55 -0700676 return translateBool(fscrypt_init_user0());
Jeff Sharkey83b559c2017-09-12 16:30:52 -0600677}
678
679binder::Status VoldNativeService::isConvertibleToFbe(bool* _aidl_return) {
Nikita Ioffe5d85bf32019-10-23 17:19:13 +0100680 ENFORCE_SYSTEM_OR_ROOT;
Jeff Sharkey83b559c2017-09-12 16:30:52 -0600681 ACQUIRE_CRYPT_LOCK;
682
683 *_aidl_return = cryptfs_isConvertibleToFBE() != 0;
Yurii Zubrytskyi131365a2020-03-24 23:49:02 -0700684 return Ok();
Jeff Sharkey83b559c2017-09-12 16:30:52 -0600685}
686
Paul Lawrence236e5e82019-06-25 14:44:33 -0700687binder::Status VoldNativeService::mountFstab(const std::string& blkDevice,
688 const std::string& mountPoint) {
Nikita Ioffe5d85bf32019-10-23 17:19:13 +0100689 ENFORCE_SYSTEM_OR_ROOT;
Paul Crowley0fd26262018-01-30 09:48:19 -0800690 ACQUIRE_LOCK;
691
Jaegeuk Kim0c52c712020-12-15 09:00:49 -0800692 return translateBool(
693 fscrypt_mount_metadata_encrypted(blkDevice, mountPoint, false, false, "null"));
Paul Crowley0fd26262018-01-30 09:48:19 -0800694}
695
Paul Lawrence236e5e82019-06-25 14:44:33 -0700696binder::Status VoldNativeService::encryptFstab(const std::string& blkDevice,
Jaegeuk Kim0c52c712020-12-15 09:00:49 -0800697 const std::string& mountPoint, bool shouldFormat,
698 const std::string& fsType) {
Nikita Ioffe5d85bf32019-10-23 17:19:13 +0100699 ENFORCE_SYSTEM_OR_ROOT;
Paul Crowley0fd26262018-01-30 09:48:19 -0800700 ACQUIRE_LOCK;
701
Jaegeuk Kim0c52c712020-12-15 09:00:49 -0800702 return translateBool(
703 fscrypt_mount_metadata_encrypted(blkDevice, mountPoint, true, shouldFormat, fsType));
Paul Crowley0fd26262018-01-30 09:48:19 -0800704}
705
Seth Moore5a43d612021-01-19 17:51:51 +0000706binder::Status VoldNativeService::setStorageBindingSeed(const std::vector<uint8_t>& seed) {
707 ENFORCE_SYSTEM_OR_ROOT;
708 ACQUIRE_CRYPT_LOCK;
709
710 return translateBool(setKeyStorageBindingSeed(seed));
711}
712
Songchun Fan01c4e912020-03-03 17:58:20 -0800713binder::Status VoldNativeService::createUserKey(int32_t userId, int32_t userSerial,
714 bool ephemeral) {
Nikita Ioffe5d85bf32019-10-23 17:19:13 +0100715 ENFORCE_SYSTEM_OR_ROOT;
Jeff Sharkey83b559c2017-09-12 16:30:52 -0600716 ACQUIRE_CRYPT_LOCK;
717
Eric Biggersa701c452018-10-23 13:06:55 -0700718 return translateBool(fscrypt_vold_create_user_key(userId, userSerial, ephemeral));
Jeff Sharkey83b559c2017-09-12 16:30:52 -0600719}
720
721binder::Status VoldNativeService::destroyUserKey(int32_t userId) {
Nikita Ioffe5d85bf32019-10-23 17:19:13 +0100722 ENFORCE_SYSTEM_OR_ROOT;
Jeff Sharkey83b559c2017-09-12 16:30:52 -0600723 ACQUIRE_CRYPT_LOCK;
724
Eric Biggersa701c452018-10-23 13:06:55 -0700725 return translateBool(fscrypt_destroy_user_key(userId));
Jeff Sharkey83b559c2017-09-12 16:30:52 -0600726}
727
Satya Tangiralae1361712021-03-15 15:33:08 -0700728static bool token_empty(const std::string& token) {
729 return token.size() == 0 || token == "!";
730}
731
Jeff Sharkey83b559c2017-09-12 16:30:52 -0600732binder::Status VoldNativeService::addUserKeyAuth(int32_t userId, int32_t userSerial,
Paul Crowleyedf7a4e2018-09-18 15:14:18 -0700733 const std::string& token,
734 const std::string& secret) {
Nikita Ioffe5d85bf32019-10-23 17:19:13 +0100735 ENFORCE_SYSTEM_OR_ROOT;
Jeff Sharkey83b559c2017-09-12 16:30:52 -0600736 ACQUIRE_CRYPT_LOCK;
737
Satya Tangiralae1361712021-03-15 15:33:08 -0700738 if (!token_empty(token)) {
739 LOG(ERROR) << "Vold doesn't use auth tokens, but non-empty token passed to addUserKeyAuth.";
740 return binder::Status::fromServiceSpecificError(-EINVAL);
741 }
742
743 return translateBool(fscrypt_add_user_key_auth(userId, userSerial, secret));
Jeff Sharkey83b559c2017-09-12 16:30:52 -0600744}
745
Barani Muthukumaran9ad51ad2019-10-31 22:59:34 -0700746binder::Status VoldNativeService::clearUserKeyAuth(int32_t userId, int32_t userSerial,
747 const std::string& token,
748 const std::string& secret) {
749 ENFORCE_SYSTEM_OR_ROOT;
750 ACQUIRE_CRYPT_LOCK;
751
Satya Tangiralae1361712021-03-15 15:33:08 -0700752 if (!token_empty(token)) {
753 LOG(ERROR)
754 << "Vold doesn't use auth tokens, but non-empty token passed to clearUserKeyAuth.";
755 return binder::Status::fromServiceSpecificError(-EINVAL);
756 }
757
758 return translateBool(fscrypt_clear_user_key_auth(userId, userSerial, secret));
Barani Muthukumaran9ad51ad2019-10-31 22:59:34 -0700759}
760
Jeff Sharkey83b559c2017-09-12 16:30:52 -0600761binder::Status VoldNativeService::fixateNewestUserKeyAuth(int32_t userId) {
Nikita Ioffe5d85bf32019-10-23 17:19:13 +0100762 ENFORCE_SYSTEM_OR_ROOT;
Jeff Sharkey83b559c2017-09-12 16:30:52 -0600763 ACQUIRE_CRYPT_LOCK;
764
Eric Biggersa701c452018-10-23 13:06:55 -0700765 return translateBool(fscrypt_fixate_newest_user_key_auth(userId));
Jeff Sharkey83b559c2017-09-12 16:30:52 -0600766}
767
Eric Biggers18ba1522021-04-06 12:02:56 -0700768binder::Status VoldNativeService::getUnlockedUsers(std::vector<int>* _aidl_return) {
769 ENFORCE_SYSTEM_OR_ROOT;
770 ACQUIRE_CRYPT_LOCK;
771
772 *_aidl_return = fscrypt_get_unlocked_users();
773 return Ok();
774}
775
Jeff Sharkey83b559c2017-09-12 16:30:52 -0600776binder::Status VoldNativeService::unlockUserKey(int32_t userId, int32_t userSerial,
Paul Crowleyedf7a4e2018-09-18 15:14:18 -0700777 const std::string& token,
778 const std::string& secret) {
Nikita Ioffe5d85bf32019-10-23 17:19:13 +0100779 ENFORCE_SYSTEM_OR_ROOT;
Jeff Sharkey83b559c2017-09-12 16:30:52 -0600780 ACQUIRE_CRYPT_LOCK;
781
Satya Tangiralae1361712021-03-15 15:33:08 -0700782 if (!token_empty(token)) {
783 LOG(ERROR) << "Vold doesn't use auth tokens, but non-empty token passed to unlockUserKey.";
784 return binder::Status::fromServiceSpecificError(-EINVAL);
785 }
786
787 return translateBool(fscrypt_unlock_user_key(userId, userSerial, secret));
Jeff Sharkey83b559c2017-09-12 16:30:52 -0600788}
789
790binder::Status VoldNativeService::lockUserKey(int32_t userId) {
Nikita Ioffe5d85bf32019-10-23 17:19:13 +0100791 ENFORCE_SYSTEM_OR_ROOT;
Jeff Sharkey83b559c2017-09-12 16:30:52 -0600792 ACQUIRE_CRYPT_LOCK;
793
Eric Biggersa701c452018-10-23 13:06:55 -0700794 return translateBool(fscrypt_lock_user_key(userId));
Jeff Sharkey83b559c2017-09-12 16:30:52 -0600795}
796
Jooyung Han4fcb7072020-01-23 13:23:26 +0900797binder::Status VoldNativeService::prepareUserStorage(const std::optional<std::string>& uuid,
Paul Crowleyedf7a4e2018-09-18 15:14:18 -0700798 int32_t userId, int32_t userSerial,
799 int32_t flags) {
Nikita Ioffe5d85bf32019-10-23 17:19:13 +0100800 ENFORCE_SYSTEM_OR_ROOT;
Paul Crowley3b71fc52017-10-09 10:55:21 -0700801 std::string empty_string = "";
802 auto uuid_ = uuid ? *uuid : empty_string;
Paul Crowley06f762d2017-10-16 10:59:51 -0700803 CHECK_ARGUMENT_HEX(uuid_);
804
805 ACQUIRE_CRYPT_LOCK;
Eric Biggersa701c452018-10-23 13:06:55 -0700806 return translateBool(fscrypt_prepare_user_storage(uuid_, userId, userSerial, flags));
Jeff Sharkey83b559c2017-09-12 16:30:52 -0600807}
808
Jooyung Han4fcb7072020-01-23 13:23:26 +0900809binder::Status VoldNativeService::destroyUserStorage(const std::optional<std::string>& uuid,
Paul Crowleyedf7a4e2018-09-18 15:14:18 -0700810 int32_t userId, int32_t flags) {
Nikita Ioffe5d85bf32019-10-23 17:19:13 +0100811 ENFORCE_SYSTEM_OR_ROOT;
Paul Crowley3b71fc52017-10-09 10:55:21 -0700812 std::string empty_string = "";
813 auto uuid_ = uuid ? *uuid : empty_string;
Paul Crowley06f762d2017-10-16 10:59:51 -0700814 CHECK_ARGUMENT_HEX(uuid_);
815
816 ACQUIRE_CRYPT_LOCK;
Eric Biggersa701c452018-10-23 13:06:55 -0700817 return translateBool(fscrypt_destroy_user_storage(uuid_, userId, flags));
Jeff Sharkey83b559c2017-09-12 16:30:52 -0600818}
819
Sudheer Shankafa6a1742018-10-04 16:26:22 -0700820binder::Status VoldNativeService::prepareSandboxForApp(const std::string& packageName,
821 int32_t appId, const std::string& sandboxId,
822 int32_t userId) {
Yurii Zubrytskyi131365a2020-03-24 23:49:02 -0700823 return Ok();
Sudheer Shankafa6a1742018-10-04 16:26:22 -0700824}
825
826binder::Status VoldNativeService::destroySandboxForApp(const std::string& packageName,
Sudheer Shanka69bc40f2018-10-25 11:06:55 -0700827 const std::string& sandboxId,
Sudheer Shankafa6a1742018-10-04 16:26:22 -0700828 int32_t userId) {
Yurii Zubrytskyi131365a2020-03-24 23:49:02 -0700829 return Ok();
Sudheer Shankac7562092018-08-24 10:20:56 -0700830}
831
Daniel Rosenberge334aab2018-10-10 18:52:04 -0700832binder::Status VoldNativeService::startCheckpoint(int32_t retry) {
Nikita Ioffe5d85bf32019-10-23 17:19:13 +0100833 ENFORCE_SYSTEM_OR_ROOT;
Daniel Rosenberg4f684712018-08-28 01:58:49 -0700834 ACQUIRE_LOCK;
835
Daniel Rosenberge334aab2018-10-10 18:52:04 -0700836 return cp_startCheckpoint(retry);
Daniel Rosenberg4f684712018-08-28 01:58:49 -0700837}
838
Daniel Rosenbergd3992492018-10-02 17:40:44 -0700839binder::Status VoldNativeService::needsRollback(bool* _aidl_return) {
Nikita Ioffe5d85bf32019-10-23 17:19:13 +0100840 ENFORCE_SYSTEM_OR_ROOT;
Daniel Rosenbergd3992492018-10-02 17:40:44 -0700841 ACQUIRE_LOCK;
842
843 *_aidl_return = cp_needsRollback();
Yurii Zubrytskyi131365a2020-03-24 23:49:02 -0700844 return Ok();
Daniel Rosenbergd3992492018-10-02 17:40:44 -0700845}
846
Daniel Rosenberg4f684712018-08-28 01:58:49 -0700847binder::Status VoldNativeService::needsCheckpoint(bool* _aidl_return) {
Nikita Ioffe5d85bf32019-10-23 17:19:13 +0100848 ENFORCE_SYSTEM_OR_ROOT;
Daniel Rosenberg4f684712018-08-28 01:58:49 -0700849 ACQUIRE_LOCK;
850
851 *_aidl_return = cp_needsCheckpoint();
Yurii Zubrytskyi131365a2020-03-24 23:49:02 -0700852 return Ok();
Daniel Rosenberg4f684712018-08-28 01:58:49 -0700853}
854
David Anderson23850d32020-06-10 23:51:17 -0700855binder::Status VoldNativeService::isCheckpointing(bool* _aidl_return) {
856 ENFORCE_SYSTEM_OR_ROOT;
857 ACQUIRE_LOCK;
858
859 *_aidl_return = cp_isCheckpointing();
860 return Ok();
861}
862
Daniel Rosenberge334aab2018-10-10 18:52:04 -0700863binder::Status VoldNativeService::commitChanges() {
Nikita Ioffe5d85bf32019-10-23 17:19:13 +0100864 ENFORCE_SYSTEM_OR_ROOT;
Daniel Rosenberg4f684712018-08-28 01:58:49 -0700865 ACQUIRE_LOCK;
866
Daniel Rosenberge334aab2018-10-10 18:52:04 -0700867 return cp_commitChanges();
Daniel Rosenberg4f684712018-08-28 01:58:49 -0700868}
869
Daniel Rosenberge334aab2018-10-10 18:52:04 -0700870binder::Status VoldNativeService::prepareCheckpoint() {
Nikita Ioffe5d85bf32019-10-23 17:19:13 +0100871 ENFORCE_SYSTEM_OR_ROOT;
Daniel Rosenberg4f684712018-08-28 01:58:49 -0700872 ACQUIRE_LOCK;
873
Daniel Rosenberge334aab2018-10-10 18:52:04 -0700874 return cp_prepareCheckpoint();
Daniel Rosenberg4f684712018-08-28 01:58:49 -0700875}
876
Daniel Rosenberge334aab2018-10-10 18:52:04 -0700877binder::Status VoldNativeService::restoreCheckpoint(const std::string& mountPoint) {
Nikita Ioffe5d85bf32019-10-23 17:19:13 +0100878 ENFORCE_SYSTEM_OR_ROOT;
Paul Lawrence1abb2fe2018-09-21 10:49:57 -0700879 CHECK_ARGUMENT_PATH(mountPoint);
880 ACQUIRE_LOCK;
881
Daniel Rosenberge334aab2018-10-10 18:52:04 -0700882 return cp_restoreCheckpoint(mountPoint);
Paul Lawrence1abb2fe2018-09-21 10:49:57 -0700883}
884
Daniel Rosenbergdda59812019-03-06 17:45:17 -0800885binder::Status VoldNativeService::restoreCheckpointPart(const std::string& mountPoint, int count) {
Nikita Ioffe5d85bf32019-10-23 17:19:13 +0100886 ENFORCE_SYSTEM_OR_ROOT;
Daniel Rosenbergdda59812019-03-06 17:45:17 -0800887 CHECK_ARGUMENT_PATH(mountPoint);
888 ACQUIRE_LOCK;
889
890 return cp_restoreCheckpoint(mountPoint, count);
891}
892
Daniel Rosenberge334aab2018-10-10 18:52:04 -0700893binder::Status VoldNativeService::markBootAttempt() {
Nikita Ioffe5d85bf32019-10-23 17:19:13 +0100894 ENFORCE_SYSTEM_OR_ROOT;
Daniel Rosenberg4f684712018-08-28 01:58:49 -0700895 ACQUIRE_LOCK;
896
Daniel Rosenberge334aab2018-10-10 18:52:04 -0700897 return cp_markBootAttempt();
Daniel Rosenberg4f684712018-08-28 01:58:49 -0700898}
899
Daniel Rosenberga59e4392019-03-20 17:02:47 -0700900binder::Status VoldNativeService::abortChanges(const std::string& message, bool retry) {
Nikita Ioffe5d85bf32019-10-23 17:19:13 +0100901 ENFORCE_SYSTEM_OR_ROOT;
Daniel Rosenberg4f684712018-08-28 01:58:49 -0700902 ACQUIRE_LOCK;
903
Daniel Rosenberga59e4392019-03-20 17:02:47 -0700904 cp_abortChanges(message, retry);
Yurii Zubrytskyi131365a2020-03-24 23:49:02 -0700905 return Ok();
Daniel Rosenberg4f684712018-08-28 01:58:49 -0700906}
907
Daniel Rosenberg9b667fb2019-01-22 17:27:25 -0800908binder::Status VoldNativeService::supportsCheckpoint(bool* _aidl_return) {
Nikita Ioffe5d85bf32019-10-23 17:19:13 +0100909 ENFORCE_SYSTEM_OR_ROOT;
Daniel Rosenberg9b667fb2019-01-22 17:27:25 -0800910 ACQUIRE_LOCK;
911
912 return cp_supportsCheckpoint(*_aidl_return);
913}
914
Paul Lawrencec5c79c52019-03-18 13:36:40 -0700915binder::Status VoldNativeService::supportsBlockCheckpoint(bool* _aidl_return) {
Nikita Ioffe5d85bf32019-10-23 17:19:13 +0100916 ENFORCE_SYSTEM_OR_ROOT;
Paul Lawrencec5c79c52019-03-18 13:36:40 -0700917 ACQUIRE_LOCK;
918
919 return cp_supportsBlockCheckpoint(*_aidl_return);
920}
921
922binder::Status VoldNativeService::supportsFileCheckpoint(bool* _aidl_return) {
Nikita Ioffe5d85bf32019-10-23 17:19:13 +0100923 ENFORCE_SYSTEM_OR_ROOT;
Paul Lawrencec5c79c52019-03-18 13:36:40 -0700924 ACQUIRE_LOCK;
925
926 return cp_supportsFileCheckpoint(*_aidl_return);
927}
928
Nikita Ioffea5798fc2019-10-11 16:38:21 +0100929binder::Status VoldNativeService::resetCheckpoint() {
Nikita Ioffe5d85bf32019-10-23 17:19:13 +0100930 ENFORCE_SYSTEM_OR_ROOT;
Nikita Ioffea5798fc2019-10-11 16:38:21 +0100931 ACQUIRE_LOCK;
932
933 cp_resetCheckpoint();
Yurii Zubrytskyi131365a2020-03-24 23:49:02 -0700934 return Ok();
Nikita Ioffea5798fc2019-10-11 16:38:21 +0100935}
936
Alex Buynytskyyb02e7b62021-02-11 19:09:10 -0800937static void initializeIncFs() {
938 // Obtaining IncFS features triggers initialization of IncFS.
939 incfs::features();
940}
941
Eric Biggers4859e0c2021-06-24 11:13:24 -0700942// This is missing from the kernel UAPI headers.
943#define ST_RDONLY 0x0001
944
945// FDE devices run the post-fs-data trigger (and hence also earlyBootEnded)
946// multiple times, sometimes prior to the real /data being mounted. That causes
947// keystore2 to try to open a file in /data, causing it to panic or have to be
948// killed by vold later, causing problems (vold failing to connect to keystore2,
949// or keystore2 operations erroring out later). As a workaround to keep FDE
950// working, ignore these too-early calls to earlyBootEnded.
951//
952// This can be removed when support for FDE is removed.
953static bool IgnoreEarlyBootEnded() {
954 // The statfs("/data") below should be sufficient by itself, but to be safe
955 // we also explicitly return false on FBE devices. (This really should be
956 // ro.crypto.type != "block" for "non-FDE devices", but on FDE devices this
957 // is sometimes called before ro.crypto.type gets set.)
958 if (fscrypt_is_native()) return false;
959
960 struct statfs buf;
961 if (statfs(DATA_MNT_POINT, &buf) != 0) {
962 PLOG(ERROR) << "statfs(\"/data\") failed";
963 return false;
964 }
965 if (buf.f_type == TMPFS_MAGIC || (buf.f_flags & ST_RDONLY)) {
966 LOG(INFO) << "Ignoring earlyBootEnded since real /data isn't mounted yet";
967 return true;
968 }
969 return false;
970}
971
Martijn Coeneneed957f2020-11-12 10:59:13 +0100972binder::Status VoldNativeService::earlyBootEnded() {
973 ENFORCE_SYSTEM_OR_ROOT;
974 ACQUIRE_LOCK;
975
Eric Biggers4859e0c2021-06-24 11:13:24 -0700976 if (IgnoreEarlyBootEnded()) return Ok();
977
Alex Buynytskyyb02e7b62021-02-11 19:09:10 -0800978 initializeIncFs();
Eric Biggersd86a8ab2021-06-15 11:34:00 -0700979 Keystore::earlyBootEnded();
Martijn Coeneneed957f2020-11-12 10:59:13 +0100980 return Ok();
981}
982
Yurii Zubrytskyi3497cb52020-01-10 11:54:06 -0800983binder::Status VoldNativeService::incFsEnabled(bool* _aidl_return) {
Yurii Zubrytskyi131365a2020-03-24 23:49:02 -0700984 ENFORCE_SYSTEM_OR_ROOT;
985
Yurii Zubrytskyifc7b6692020-04-22 23:23:24 -0700986 *_aidl_return = incfs::enabled();
Yurii Zubrytskyi131365a2020-03-24 23:49:02 -0700987 return Ok();
Songchun Fanab55cec2019-12-02 10:50:12 -0800988}
989
990binder::Status VoldNativeService::mountIncFs(
Yurii Zubrytskyi3497cb52020-01-10 11:54:06 -0800991 const std::string& backingPath, const std::string& targetDir, int32_t flags,
Songchun Fanab55cec2019-12-02 10:50:12 -0800992 ::android::os::incremental::IncrementalFileSystemControlParcel* _aidl_return) {
Yurii Zubrytskyi131365a2020-03-24 23:49:02 -0700993 ENFORCE_SYSTEM_OR_ROOT;
994 CHECK_ARGUMENT_PATH(backingPath);
995 CHECK_ARGUMENT_PATH(targetDir);
996
Yurii Zubrytskyifc7b6692020-04-22 23:23:24 -0700997 auto control = incfs::mount(backingPath, targetDir,
998 {.flags = IncFsMountFlags(flags),
999 .defaultReadTimeoutMs = INCFS_DEFAULT_READ_TIMEOUT_MS,
1000 // Mount with read logs disabled.
1001 .readLogBufferPages = 0});
1002 if (!control) {
1003 return translate(-errno);
Songchun Fanab55cec2019-12-02 10:50:12 -08001004 }
Yurii Zubrytskyifc7b6692020-04-22 23:23:24 -07001005 auto fds = control.releaseFds();
1006 using android::base::unique_fd;
1007 _aidl_return->cmd.reset(unique_fd(fds[CMD].release()));
1008 _aidl_return->pendingReads.reset(unique_fd(fds[PENDING_READS].release()));
1009 _aidl_return->log.reset(unique_fd(fds[LOGS].release()));
Yurii Zubrytskyi131365a2020-03-24 23:49:02 -07001010 return Ok();
Songchun Fanab55cec2019-12-02 10:50:12 -08001011}
1012
1013binder::Status VoldNativeService::unmountIncFs(const std::string& dir) {
Yurii Zubrytskyi131365a2020-03-24 23:49:02 -07001014 ENFORCE_SYSTEM_OR_ROOT;
1015 CHECK_ARGUMENT_PATH(dir);
1016
Yurii Zubrytskyifc7b6692020-04-22 23:23:24 -07001017 return translate(incfs::unmount(dir));
Songchun Fanab55cec2019-12-02 10:50:12 -08001018}
1019
Alex Buynytskyy91e0bf42020-03-31 14:46:25 -07001020binder::Status VoldNativeService::setIncFsMountOptions(
1021 const ::android::os::incremental::IncrementalFileSystemControlParcel& control,
1022 bool enableReadLogs) {
Alex Buynytskyy605a44f2020-04-02 15:21:47 -07001023 ENFORCE_SYSTEM_OR_ROOT;
Alex Buynytskyy91e0bf42020-03-31 14:46:25 -07001024
Yurii Zubrytskyifc7b6692020-04-22 23:23:24 -07001025 auto incfsControl =
1026 incfs::createControl(control.cmd.get(), control.pendingReads.get(), control.log.get());
1027 auto cleanupFunc = [](auto incfsControl) {
1028 for (auto& fd : incfsControl->releaseFds()) {
1029 (void)fd.release();
1030 }
1031 };
1032 auto cleanup =
1033 std::unique_ptr<incfs::Control, decltype(cleanupFunc)>(&incfsControl, cleanupFunc);
1034 if (auto error = incfs::setOptions(
Alex Buynytskyy91e0bf42020-03-31 14:46:25 -07001035 incfsControl,
1036 {.defaultReadTimeoutMs = INCFS_DEFAULT_READ_TIMEOUT_MS,
1037 .readLogBufferPages = enableReadLogs ? INCFS_DEFAULT_PAGE_READ_BUFFER_PAGES : 0});
1038 error < 0) {
Yurii Zubrytskyifc7b6692020-04-22 23:23:24 -07001039 return binder::Status::fromServiceSpecificError(error);
Alex Buynytskyy91e0bf42020-03-31 14:46:25 -07001040 }
Alex Buynytskyy91e0bf42020-03-31 14:46:25 -07001041
Yurii Zubrytskyifc7b6692020-04-22 23:23:24 -07001042 return Ok();
Alex Buynytskyy91e0bf42020-03-31 14:46:25 -07001043}
1044
Songchun Fanab55cec2019-12-02 10:50:12 -08001045binder::Status VoldNativeService::bindMount(const std::string& sourceDir,
1046 const std::string& targetDir) {
Yurii Zubrytskyi131365a2020-03-24 23:49:02 -07001047 ENFORCE_SYSTEM_OR_ROOT;
1048 CHECK_ARGUMENT_PATH(sourceDir);
1049 CHECK_ARGUMENT_PATH(targetDir);
1050
Yurii Zubrytskyifc7b6692020-04-22 23:23:24 -07001051 return translate(incfs::bindMount(sourceDir, targetDir));
Songchun Fanab55cec2019-12-02 10:50:12 -08001052}
1053
Yo Chiang0af25a32020-10-07 14:20:00 +08001054binder::Status VoldNativeService::destroyDsuMetadataKey(const std::string& dsuSlot) {
1055 ENFORCE_SYSTEM_OR_ROOT;
1056 ACQUIRE_LOCK;
1057
1058 return translateBool(destroy_dsu_metadata_key(dsuSlot));
1059}
1060
Jeff Sharkey068c6be2017-09-06 13:47:40 -06001061} // namespace vold
1062} // namespace android