Blame - Ext4Crypt.cpp - SHIFTPHONES/android_system_vold

blob: 9dfcad8070857a50d001d34ae08c1060f2fcc03b [file] [log] [blame]

Jeff Sharkey	d2c96e7	2015-11-08 17:56:23 -0800	[diff] [blame]	1	/*
				2	* Copyright (C) 2015 The Android Open Source Project
				3	*
				4	* Licensed under the Apache License, Version 2.0 (the "License");
				5	* you may not use this file except in compliance with the License.
				6	* You may obtain a copy of the License at
				7	*
				8	* http://www.apache.org/licenses/LICENSE-2.0
				9	*
				10	* Unless required by applicable law or agreed to in writing, software
				11	* distributed under the License is distributed on an "AS IS" BASIS,
				12	* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
				13	* See the License for the specific language governing permissions and
				14	* limitations under the License.
				15	*/
				16
Paul Lawrence	731a7a2	2015-04-28 22:14:15 +0000	[diff] [blame]	17	#include "Ext4Crypt.h"
				18
Paul Crowley	1ef2558	2016-01-21 20:26:12 +0000	[diff] [blame]	19	#include "KeyStorage.h"
Jeff Sharkey	d2c96e7	2015-11-08 17:56:23 -0800	[diff] [blame]	20	#include "Utils.h"
				21
Paul Crowley	a363036	2016-05-17 14:17:56 -0700	[diff] [blame]	22	#include <algorithm>
Paul Lawrence	fd7db73	2015-04-10 07:48:51 -0700	[diff] [blame]	23	#include <iomanip>
Paul Lawrence	731a7a2	2015-04-28 22:14:15 +0000	[diff] [blame]	24	#include <map>
Paul Crowley	b1f3d24	2016-01-28 10:09:46 +0000	[diff] [blame]	25	#include <set>
Paul Lawrence	fd7db73	2015-04-10 07:48:51 -0700	[diff] [blame]	26	#include <sstream>
Paul Crowley	df528a7	2016-03-09 09:31:37 -0800	[diff] [blame]	27	#include <string>
Paul Lawrence	731a7a2	2015-04-28 22:14:15 +0000	[diff] [blame]	28
Paul Crowley	df528a7	2016-03-09 09:31:37 -0800	[diff] [blame]	29	#include <dirent.h>
				30	#include <errno.h>
				31	#include <fcntl.h>
Paul Crowley	a363036	2016-05-17 14:17:56 -0700	[diff] [blame]	32	#include <limits.h>
Paul Lawrence	fd7db73	2015-04-10 07:48:51 -0700	[diff] [blame]	33	#include <openssl/sha.h>
Jeff Sharkey	7a9dd95	2016-01-12 16:52:16 -0700	[diff] [blame]	34	#include <selinux/android.h>
Paul Crowley	df528a7	2016-03-09 09:31:37 -0800	[diff] [blame]	35	#include <stdio.h>
				36	#include <sys/mount.h>
				37	#include <sys/stat.h>
				38	#include <sys/types.h>
Paul Lawrence	731a7a2	2015-04-28 22:14:15 +0000	[diff] [blame]	39
Paul Crowley	480fcd2	2015-08-24 14:53:28 +0100	[diff] [blame]	40	#include <private/android_filesystem_config.h>
				41
Paul Lawrence	731a7a2	2015-04-28 22:14:15 +0000	[diff] [blame]	42	#include "cryptfs.h"
				43
Jeff Sharkey	7a9dd95	2016-01-12 16:52:16 -0700	[diff] [blame]	44	#define EMULATED_USES_SELINUX 0
Jeff Sharkey	be70c9a	2016-04-14 20:45:16 -0600	[diff] [blame]	45	#define MANAGE_MISC_DIRS 0
Jeff Sharkey	7a9dd95	2016-01-12 16:52:16 -0700	[diff] [blame]	46
Jeff Sharkey	d2c96e7	2015-11-08 17:56:23 -0800	[diff] [blame]	47	#include <cutils/fs.h>
Tao Bao	989fec2	2016-10-05 18:01:19 -0700	[diff] [blame]	48	#include <ext4_utils/ext4_crypt.h>
				49	#include <ext4_utils/key_control.h>
Jeff Sharkey	d2c96e7	2015-11-08 17:56:23 -0800	[diff] [blame]	50
Elliott Hughes	7e128fb	2015-12-04 15:50:53 -0800	[diff] [blame]	51	#include <android-base/file.h>
Elliott Hughes	6bf0547	2015-12-04 17:55:33 -0800	[diff] [blame]	52	#include <android-base/logging.h>
Elliott Hughes	7e128fb	2015-12-04 15:50:53 -0800	[diff] [blame]	53	#include <android-base/stringprintf.h>
Paul Lawrence	731a7a2	2015-04-28 22:14:15 +0000	[diff] [blame]	54
Jeff Sharkey	d2c96e7	2015-11-08 17:56:23 -0800	[diff] [blame]	55	using android::base::StringPrintf;
Paul Crowley	0572080	2016-02-08 15:55:41 +0000	[diff] [blame]	56	using android::vold::kEmptyAuthentication;
Jeff Sharkey	d2c96e7	2015-11-08 17:56:23 -0800	[diff] [blame]	57
Jeff Sharkey	47695b2	2016-02-01 17:02:29 -0700	[diff] [blame]	58	// NOTE: keep in sync with StorageManager
				59	static constexpr int FLAG_STORAGE_DE = 1 << 0;
				60	static constexpr int FLAG_STORAGE_CE = 1 << 1;
				61
Paul Lawrence	731a7a2	2015-04-28 22:14:15 +0000	[diff] [blame]	62	namespace {
Andrew Scull	7ec25c7	2016-10-31 10:28:25 +0000	[diff] [blame]	63
Paul Crowley	4d2d524	2016-04-27 10:25:12 -0700	[diff] [blame]	64	const std::string device_key_dir = std::string() + DATA_MNT_POINT + e4crypt_unencrypted_folder;
Paul Crowley	df528a7	2016-03-09 09:31:37 -0800	[diff] [blame]	65	const std::string device_key_path = device_key_dir + "/key";
				66	const std::string device_key_temp = device_key_dir + "/temp";
Paul Lawrence	5a06a64	2016-02-03 13:39:13 -0800	[diff] [blame]	67
Paul Crowley	df528a7	2016-03-09 09:31:37 -0800	[diff] [blame]	68	const std::string user_key_dir = std::string() + DATA_MNT_POINT + "/misc/vold/user_keys";
				69	const std::string user_key_temp = user_key_dir + "/temp";
Paul Crowley	285956f	2016-01-20 13:12:38 +0000	[diff] [blame]	70
Paul Crowley	df528a7	2016-03-09 09:31:37 -0800	[diff] [blame]	71	bool s_global_de_initialized = false;
Paul Lawrence	7b6b565	2016-02-02 11:14:59 -0800	[diff] [blame]	72
Paul Crowley	df528a7	2016-03-09 09:31:37 -0800	[diff] [blame]	73	// Some users are ephemeral, don't try to wipe their keys from disk
				74	std::set<userid_t> s_ephemeral_users;
Paul Lawrence	aec34df	2016-02-03 10:52:41 -0800	[diff] [blame]	75
Paul Crowley	df528a7	2016-03-09 09:31:37 -0800	[diff] [blame]	76	// Map user ids to key references
				77	std::map<userid_t, std::string> s_de_key_raw_refs;
				78	std::map<userid_t, std::string> s_ce_key_raw_refs;
Paul Crowley	99360d7	2016-10-19 14:00:24 -0700	[diff] [blame]	79	// TODO abolish this map, per b/26948053
Paul Crowley	df528a7	2016-03-09 09:31:37 -0800	[diff] [blame]	80	std::map<userid_t, std::string> s_ce_keys;
Paul Lawrence	731a7a2	2015-04-28 22:14:15 +0000	[diff] [blame]	81
Paul Crowley	df528a7	2016-03-09 09:31:37 -0800	[diff] [blame]	82	// ext4enc:TODO get this const from somewhere good
				83	const int EXT4_KEY_DESCRIPTOR_SIZE = 8;
Paul Lawrence	fd7db73	2015-04-10 07:48:51 -0700	[diff] [blame]	84
Paul Crowley	df528a7	2016-03-09 09:31:37 -0800	[diff] [blame]	85	// ext4enc:TODO Include structure from somewhere sensible
				86	// MUST be in sync with ext4_crypto.c in kernel
				87	constexpr int EXT4_ENCRYPTION_MODE_AES_256_XTS = 1;
				88	constexpr int EXT4_AES_256_XTS_KEY_SIZE = 64;
				89	constexpr int EXT4_MAX_KEY_SIZE = 64;
				90	struct ext4_encryption_key {
				91	uint32_t mode;
				92	char raw[EXT4_MAX_KEY_SIZE];
				93	uint32_t size;
				94	};
Paul Lawrence	731a7a2	2015-04-28 22:14:15 +0000	[diff] [blame]	95	}
				96
Paul Crowley	38132a1	2016-02-09 09:50:32 +0000	[diff] [blame]	97	static bool e4crypt_is_emulated() {
				98	return property_get_bool("persist.sys.emulate_fbe", false);
				99	}
				100
				101	static const char* escape_null(const char* value) {
				102	return (value == nullptr) ? "null" : value;
Paul Lawrence	731a7a2	2015-04-28 22:14:15 +0000	[diff] [blame]	103	}
				104
Paul Crowley	9336348	2015-07-07 15:17:22 +0100	[diff] [blame]	105	// Get raw keyref - used to make keyname and to pass to ioctl
Paul Crowley	df528a7	2016-03-09 09:31:37 -0800	[diff] [blame]	106	static std::string generate_key_ref(const char* key, int length) {
Paul Lawrence	fd7db73	2015-04-10 07:48:51 -0700	[diff] [blame]	107	SHA512_CTX c;
				108
				109	SHA512_Init(&c);
				110	SHA512_Update(&c, key, length);
Paul Crowley	285956f	2016-01-20 13:12:38 +0000	[diff] [blame]	111	unsigned char key_ref1[SHA512_DIGEST_LENGTH];
Paul Lawrence	fd7db73	2015-04-10 07:48:51 -0700	[diff] [blame]	112	SHA512_Final(key_ref1, &c);
				113
				114	SHA512_Init(&c);
Paul Crowley	285956f	2016-01-20 13:12:38 +0000	[diff] [blame]	115	SHA512_Update(&c, key_ref1, SHA512_DIGEST_LENGTH);
				116	unsigned char key_ref2[SHA512_DIGEST_LENGTH];
Paul Lawrence	fd7db73	2015-04-10 07:48:51 -0700	[diff] [blame]	117	SHA512_Final(key_ref2, &c);
				118
Paul Crowley	d9b9295	2016-03-04 13:45:00 -0800	[diff] [blame]	119	static_assert(EXT4_KEY_DESCRIPTOR_SIZE <= SHA512_DIGEST_LENGTH,
Paul Crowley	df528a7	2016-03-09 09:31:37 -0800	[diff] [blame]	120	"Hash too short for descriptor");
Paul Lawrence	fd7db73	2015-04-10 07:48:51 -0700	[diff] [blame]	121	return std::string((char*)key_ref2, EXT4_KEY_DESCRIPTOR_SIZE);
				122	}
				123
Paul Crowley	df528a7	2016-03-09 09:31:37 -0800	[diff] [blame]	124	static bool fill_key(const std::string& key, ext4_encryption_key* ext4_key) {
Paul Crowley	2199069	2016-03-02 09:15:07 -0800	[diff] [blame]	125	if (key.size() != EXT4_AES_256_XTS_KEY_SIZE) {
				126	LOG(ERROR) << "Wrong size key " << key.size();
				127	return false;
				128	}
Paul Crowley	df528a7	2016-03-09 09:31:37 -0800	[diff] [blame]	129	static_assert(EXT4_AES_256_XTS_KEY_SIZE <= sizeof(ext4_key->raw), "Key too long!");
Paul Crowley	a051eb7	2016-03-08 16:08:32 -0800	[diff] [blame]	130	ext4_key->mode = EXT4_ENCRYPTION_MODE_AES_256_XTS;
				131	ext4_key->size = key.size();
				132	memset(ext4_key->raw, 0, sizeof(ext4_key->raw));
				133	memcpy(ext4_key->raw, key.data(), key.size());
Paul Crowley	2199069	2016-03-02 09:15:07 -0800	[diff] [blame]	134	return true;
Paul Crowley	9336348	2015-07-07 15:17:22 +0100	[diff] [blame]	135	}
Paul Lawrence	731a7a2	2015-04-28 22:14:15 +0000	[diff] [blame]	136
Paul Crowley	df528a7	2016-03-09 09:31:37 -0800	[diff] [blame]	137	static std::string keyname(const std::string& raw_ref) {
Paul Lawrence	fd7db73	2015-04-10 07:48:51 -0700	[diff] [blame]	138	std::ostringstream o;
Paul Crowley	9336348	2015-07-07 15:17:22 +0100	[diff] [blame]	139	o << "ext4:";
Paul Crowley	df528a7	2016-03-09 09:31:37 -0800	[diff] [blame]	140	for (auto i : raw_ref) {
Paul Crowley	d9b9295	2016-03-04 13:45:00 -0800	[diff] [blame]	141	o << std::hex << std::setw(2) << std::setfill('0') << (int)i;
Paul Lawrence	fd7db73	2015-04-10 07:48:51 -0700	[diff] [blame]	142	}
Paul Crowley	9336348	2015-07-07 15:17:22 +0100	[diff] [blame]	143	return o.str();
				144	}
Paul Lawrence	fd7db73	2015-04-10 07:48:51 -0700	[diff] [blame]	145
Paul Crowley	9336348	2015-07-07 15:17:22 +0100	[diff] [blame]	146	// Get the keyring we store all keys in
Paul Crowley	df528a7	2016-03-09 09:31:37 -0800	[diff] [blame]	147	static bool e4crypt_keyring(key_serial_t* device_keyring) {
Paul Crowley	a051eb7	2016-03-08 16:08:32 -0800	[diff] [blame]	148	*device_keyring = keyctl_search(KEY_SPEC_SESSION_KEYRING, "keyring", "e4crypt", 0);
				149	if (*device_keyring == -1) {
Paul Crowley	d9b9295	2016-03-04 13:45:00 -0800	[diff] [blame]	150	PLOG(ERROR) << "Unable to find device keyring";
				151	return false;
				152	}
				153	return true;
Paul Crowley	9336348	2015-07-07 15:17:22 +0100	[diff] [blame]	154	}
Paul Lawrence	731a7a2	2015-04-28 22:14:15 +0000	[diff] [blame]	155
Paul Crowley	b1f3d24	2016-01-28 10:09:46 +0000	[diff] [blame]	156	// Install password into global keyring
				157	// Return raw key reference for use in policy
Paul Crowley	df528a7	2016-03-09 09:31:37 -0800	[diff] [blame]	158	static bool install_key(const std::string& key, std::string* raw_ref) {
Paul Crowley	2199069	2016-03-02 09:15:07 -0800	[diff] [blame]	159	ext4_encryption_key ext4_key;
Paul Crowley	a051eb7	2016-03-08 16:08:32 -0800	[diff] [blame]	160	if (!fill_key(key, &ext4_key)) return false;
				161	*raw_ref = generate_key_ref(ext4_key.raw, ext4_key.size);
				162	auto ref = keyname(*raw_ref);
Paul Crowley	d9b9295	2016-03-04 13:45:00 -0800	[diff] [blame]	163	key_serial_t device_keyring;
Paul Crowley	a051eb7	2016-03-08 16:08:32 -0800	[diff] [blame]	164	if (!e4crypt_keyring(&device_keyring)) return false;
Paul Crowley	df528a7	2016-03-09 09:31:37 -0800	[diff] [blame]	165	key_serial_t key_id =
				166	add_key("logon", ref.c_str(), (void*)&ext4_key, sizeof(ext4_key), device_keyring);
Paul Lawrence	731a7a2	2015-04-28 22:14:15 +0000	[diff] [blame]	167	if (key_id == -1) {
Paul Crowley	285956f	2016-01-20 13:12:38 +0000	[diff] [blame]	168	PLOG(ERROR) << "Failed to insert key into keyring " << device_keyring;
Paul Crowley	b1f3d24	2016-01-28 10:09:46 +0000	[diff] [blame]	169	return false;
Paul Lawrence	731a7a2	2015-04-28 22:14:15 +0000	[diff] [blame]	170	}
Paul Crowley	df528a7	2016-03-09 09:31:37 -0800	[diff] [blame]	171	LOG(DEBUG) << "Added key " << key_id << " (" << ref << ") to keyring " << device_keyring
				172	<< " in process " << getpid();
Paul Lawrence	85e3d8c	2016-04-26 12:50:53 -0700	[diff] [blame]	173
Paul Crowley	b1f3d24	2016-01-28 10:09:46 +0000	[diff] [blame]	174	return true;
Paul Lawrence	731a7a2	2015-04-28 22:14:15 +0000	[diff] [blame]	175	}
				176
Paul Crowley	b92f83c	2016-02-01 14:10:43 +0000	[diff] [blame]	177	static std::string get_de_key_path(userid_t user_id) {
				178	return StringPrintf("%s/de/%d", user_key_dir.c_str(), user_id);
				179	}
				180
Paul Crowley	a363036	2016-05-17 14:17:56 -0700	[diff] [blame]	181	static std::string get_ce_key_directory_path(userid_t user_id) {
				182	return StringPrintf("%s/ce/%d", user_key_dir.c_str(), user_id);
				183	}
				184
				185	// Returns the keys newest first
				186	static std::vector<std::string> get_ce_key_paths(const std::string& directory_path) {
				187	auto dirp = std::unique_ptr<DIR, int ()(DIR)>(opendir(directory_path.c_str()), closedir);
				188	if (!dirp) {
				189	PLOG(ERROR) << "Unable to open ce key directory: " + directory_path;
				190	return std::vector<std::string>();
				191	}
				192	std::vector<std::string> result;
				193	for (;;) {
				194	errno = 0;
				195	auto const entry = readdir(dirp.get());
				196	if (!entry) {
				197	if (errno) {
				198	PLOG(ERROR) << "Unable to read ce key directory: " + directory_path;
				199	return std::vector<std::string>();
				200	}
				201	break;
				202	}
				203	if (entry->d_type != DT_DIR \|\| entry->d_name[0] != 'c') {
				204	LOG(DEBUG) << "Skipping non-key " << entry->d_name;
				205	continue;
				206	}
				207	result.emplace_back(directory_path + "/" + entry->d_name);
				208	}
				209	std::sort(result.begin(), result.end());
				210	std::reverse(result.begin(), result.end());
				211	return result;
				212	}
				213
				214	static std::string get_ce_key_current_path(const std::string& directory_path) {
				215	return directory_path + "/current";
				216	}
				217
				218	static bool get_ce_key_new_path(const std::string& directory_path,
				219	const std::vector<std::string>& paths,
				220	std::string *ce_key_path) {
				221	if (paths.empty()) {
				222	*ce_key_path = get_ce_key_current_path(directory_path);
				223	return true;
				224	}
				225	for (unsigned int i = 0; i < UINT_MAX; i++) {
				226	auto const candidate = StringPrintf("%s/cx%010u", directory_path.c_str(), i);
				227	if (paths[0] < candidate) {
				228	*ce_key_path = candidate;
				229	return true;
				230	}
				231	}
				232	return false;
				233	}
				234
				235	// Discard all keys but the named one; rename it to canonical name.
				236	// No point in acting on errors in this; ignore them.
				237	static void fixate_user_ce_key(const std::string& directory_path, const std::string &to_fix,
				238	const std::vector<std::string>& paths) {
				239	for (auto const other_path: paths) {
				240	if (other_path != to_fix) {
				241	android::vold::destroyKey(other_path);
				242	}
				243	}
				244	auto const current_path = get_ce_key_current_path(directory_path);
				245	if (to_fix != current_path) {
				246	LOG(DEBUG) << "Renaming " << to_fix << " to " << current_path;
				247	if (rename(to_fix.c_str(), current_path.c_str()) != 0) {
				248	PLOG(WARNING) << "Unable to rename " << to_fix << " to " << current_path;
				249	}
				250	}
				251	}
				252
				253	static bool read_and_fixate_user_ce_key(userid_t user_id,
				254	const android::vold::KeyAuthentication& auth,
				255	std::string *ce_key) {
				256	auto const directory_path = get_ce_key_directory_path(user_id);
				257	auto const paths = get_ce_key_paths(directory_path);
				258	for (auto const ce_key_path: paths) {
				259	LOG(DEBUG) << "Trying user CE key " << ce_key_path;
				260	if (android::vold::retrieveKey(ce_key_path, auth, ce_key)) {
				261	LOG(DEBUG) << "Successfully retrieved key";
				262	fixate_user_ce_key(directory_path, ce_key_path, paths);
				263	return true;
				264	}
				265	}
				266	LOG(ERROR) << "Failed to find working ce key for user " << user_id;
				267	return false;
Paul Crowley	b33e887	2015-05-19 12:34:09 +0100	[diff] [blame]	268	}
				269
Paul Crowley	df528a7	2016-03-09 09:31:37 -0800	[diff] [blame]	270	static bool read_and_install_user_ce_key(userid_t user_id,
				271	const android::vold::KeyAuthentication& auth) {
Paul Crowley	b1f3d24	2016-01-28 10:09:46 +0000	[diff] [blame]	272	if (s_ce_key_raw_refs.count(user_id) != 0) return true;
Paul Crowley	0572080	2016-02-08 15:55:41 +0000	[diff] [blame]	273	std::string ce_key;
Paul Crowley	a363036	2016-05-17 14:17:56 -0700	[diff] [blame]	274	if (!read_and_fixate_user_ce_key(user_id, auth, &ce_key)) return false;
Paul Crowley	0572080	2016-02-08 15:55:41 +0000	[diff] [blame]	275	std::string ce_raw_ref;
Paul Crowley	a051eb7	2016-03-08 16:08:32 -0800	[diff] [blame]	276	if (!install_key(ce_key, &ce_raw_ref)) return false;
Paul Crowley	0572080	2016-02-08 15:55:41 +0000	[diff] [blame]	277	s_ce_keys[user_id] = ce_key;
				278	s_ce_key_raw_refs[user_id] = ce_raw_ref;
Paul Crowley	b1f3d24	2016-01-28 10:09:46 +0000	[diff] [blame]	279	LOG(DEBUG) << "Installed ce key for user " << user_id;
Paul Crowley	1ef2558	2016-01-21 20:26:12 +0000	[diff] [blame]	280	return true;
Paul Crowley	285956f	2016-01-20 13:12:38 +0000	[diff] [blame]	281	}
				282
Paul Crowley	df528a7	2016-03-09 09:31:37 -0800	[diff] [blame]	283	static bool prepare_dir(const std::string& dir, mode_t mode, uid_t uid, gid_t gid) {
Paul Crowley	b1f3d24	2016-01-28 10:09:46 +0000	[diff] [blame]	284	LOG(DEBUG) << "Preparing: " << dir;
Paul Crowley	13ffd8e	2016-01-27 14:30:22 +0000	[diff] [blame]	285	if (fs_prepare_dir(dir.c_str(), mode, uid, gid) != 0) {
				286	PLOG(ERROR) << "Failed to prepare " << dir;
Paul Crowley	285956f	2016-01-20 13:12:38 +0000	[diff] [blame]	287	return false;
				288	}
Paul Crowley	13ffd8e	2016-01-27 14:30:22 +0000	[diff] [blame]	289	return true;
				290	}
				291
Jeff Sharkey	be70c9a	2016-04-14 20:45:16 -0600	[diff] [blame]	292	static bool destroy_dir(const std::string& dir) {
				293	LOG(DEBUG) << "Destroying: " << dir;
				294	if (rmdir(dir.c_str()) != 0 && errno != ENOENT) {
				295	PLOG(ERROR) << "Failed to destroy " << dir;
				296	return false;
				297	}
				298	return true;
				299	}
				300
Paul Crowley	df528a7	2016-03-09 09:31:37 -0800	[diff] [blame]	301	static bool random_key(std::string* key) {
Paul Crowley	a051eb7	2016-03-08 16:08:32 -0800	[diff] [blame]	302	if (android::vold::ReadRandomBytes(EXT4_AES_256_XTS_KEY_SIZE, *key) != 0) {
Paul Crowley	1ef2558	2016-01-21 20:26:12 +0000	[diff] [blame]	303	// TODO status_t plays badly with PLOG, fix it.
				304	LOG(ERROR) << "Random read failed";
Paul Crowley	285956f	2016-01-20 13:12:38 +0000	[diff] [blame]	305	return false;
				306	}
Paul Crowley	b1f3d24	2016-01-28 10:09:46 +0000	[diff] [blame]	307	return true;
				308	}
				309
Paul Crowley	df528a7	2016-03-09 09:31:37 -0800	[diff] [blame]	310	static bool path_exists(const std::string& path) {
Paul Crowley	b1f3d24	2016-01-28 10:09:46 +0000	[diff] [blame]	311	return access(path.c_str(), F_OK) == 0;
				312	}
				313
				314	// NB this assumes that there is only one thread listening for crypt commands, because
				315	// it creates keys in a fixed location.
Paul Crowley	df528a7	2016-03-09 09:31:37 -0800	[diff] [blame]	316	static bool store_key(const std::string& key_path, const std::string& tmp_path,
				317	const android::vold::KeyAuthentication& auth, const std::string& key) {
Paul Crowley	b1f3d24	2016-01-28 10:09:46 +0000	[diff] [blame]	318	if (path_exists(key_path)) {
				319	LOG(ERROR) << "Already exists, cannot create key at: " << key_path;
				320	return false;
				321	}
Paul Crowley	38132a1	2016-02-09 09:50:32 +0000	[diff] [blame]	322	if (path_exists(tmp_path)) {
Paul Crowley	df528a7	2016-03-09 09:31:37 -0800	[diff] [blame]	323	android::vold::destroyKey(tmp_path); // May be partially created so ignore errors
Paul Crowley	b1f3d24	2016-01-28 10:09:46 +0000	[diff] [blame]	324	}
Paul Crowley	38132a1	2016-02-09 09:50:32 +0000	[diff] [blame]	325	if (!android::vold::storeKey(tmp_path, auth, key)) return false;
				326	if (rename(tmp_path.c_str(), key_path.c_str()) != 0) {
Paul Crowley	b1f3d24	2016-01-28 10:09:46 +0000	[diff] [blame]	327	PLOG(ERROR) << "Unable to move new key to location: " << key_path;
				328	return false;
Paul Crowley	95376d6	2015-05-06 15:04:43 +0100	[diff] [blame]	329	}
Paul Crowley	285956f	2016-01-20 13:12:38 +0000	[diff] [blame]	330	LOG(DEBUG) << "Created key " << key_path;
Paul Crowley	95376d6	2015-05-06 15:04:43 +0100	[diff] [blame]	331	return true;
				332	}
				333
Paul Crowley	b92f83c	2016-02-01 14:10:43 +0000	[diff] [blame]	334	static bool create_and_install_user_keys(userid_t user_id, bool create_ephemeral) {
				335	std::string de_key, ce_key;
Paul Crowley	a051eb7	2016-03-08 16:08:32 -0800	[diff] [blame]	336	if (!random_key(&de_key)) return false;
				337	if (!random_key(&ce_key)) return false;
Paul Crowley	b1f3d24	2016-01-28 10:09:46 +0000	[diff] [blame]	338	if (create_ephemeral) {
				339	// If the key should be created as ephemeral, don't store it.
				340	s_ephemeral_users.insert(user_id);
				341	} else {
Paul Crowley	a363036	2016-05-17 14:17:56 -0700	[diff] [blame]	342	auto const directory_path = get_ce_key_directory_path(user_id);
				343	if (!prepare_dir(directory_path, 0700, AID_ROOT, AID_ROOT)) return false;
				344	auto const paths = get_ce_key_paths(directory_path);
				345	std::string ce_key_path;
				346	if (!get_ce_key_new_path(directory_path, paths, &ce_key_path)) return false;
				347	if (!store_key(ce_key_path, user_key_temp,
				348	kEmptyAuthentication, ce_key)) return false;
				349	fixate_user_ce_key(directory_path, ce_key_path, paths);
				350	// Write DE key second; once this is written, all is good.
Paul Crowley	38132a1	2016-02-09 09:50:32 +0000	[diff] [blame]	351	if (!store_key(get_de_key_path(user_id), user_key_temp,
				352	kEmptyAuthentication, de_key)) return false;
Paul Crowley	95376d6	2015-05-06 15:04:43 +0100	[diff] [blame]	353	}
Paul Crowley	b92f83c	2016-02-01 14:10:43 +0000	[diff] [blame]	354	std::string de_raw_ref;
Paul Crowley	a051eb7	2016-03-08 16:08:32 -0800	[diff] [blame]	355	if (!install_key(de_key, &de_raw_ref)) return false;
Paul Crowley	b92f83c	2016-02-01 14:10:43 +0000	[diff] [blame]	356	s_de_key_raw_refs[user_id] = de_raw_ref;
Paul Crowley	b1f3d24	2016-01-28 10:09:46 +0000	[diff] [blame]	357	std::string ce_raw_ref;
Paul Crowley	a051eb7	2016-03-08 16:08:32 -0800	[diff] [blame]	358	if (!install_key(ce_key, &ce_raw_ref)) return false;
Paul Crowley	0572080	2016-02-08 15:55:41 +0000	[diff] [blame]	359	s_ce_keys[user_id] = ce_key;
Paul Crowley	b1f3d24	2016-01-28 10:09:46 +0000	[diff] [blame]	360	s_ce_key_raw_refs[user_id] = ce_raw_ref;
Paul Crowley	b92f83c	2016-02-01 14:10:43 +0000	[diff] [blame]	361	LOG(DEBUG) << "Created keys for user " << user_id;
Paul Crowley	b1f3d24	2016-01-28 10:09:46 +0000	[diff] [blame]	362	return true;
				363	}
				364
Paul Crowley	df528a7	2016-03-09 09:31:37 -0800	[diff] [blame]	365	static bool lookup_key_ref(const std::map<userid_t, std::string>& key_map, userid_t user_id,
				366	std::string* raw_ref) {
Paul Crowley	b1f3d24	2016-01-28 10:09:46 +0000	[diff] [blame]	367	auto refi = key_map.find(user_id);
				368	if (refi == key_map.end()) {
				369	LOG(ERROR) << "Cannot find key for " << user_id;
				370	return false;
				371	}
Paul Crowley	a051eb7	2016-03-08 16:08:32 -0800	[diff] [blame]	372	*raw_ref = refi->second;
Paul Crowley	b1f3d24	2016-01-28 10:09:46 +0000	[diff] [blame]	373	return true;
				374	}
				375
Paul Crowley	df528a7	2016-03-09 09:31:37 -0800	[diff] [blame]	376	static bool ensure_policy(const std::string& raw_ref, const std::string& path) {
Eric Biggers	b45caaf	2017-02-02 14:52:12 -0800	[diff] [blame]	377	const char *contents_mode;
				378	const char *filenames_mode;
				379
				380	cryptfs_get_file_encryption_modes(&contents_mode, &filenames_mode);
				381
Paul Lawrence	6e41059	2016-05-24 14:20:38 -0700	[diff] [blame]	382	if (e4crypt_policy_ensure(path.c_str(),
				383	raw_ref.data(), raw_ref.size(),
Eric Biggers	b45caaf	2017-02-02 14:52:12 -0800	[diff] [blame]	384	contents_mode, filenames_mode) != 0) {
Paul Crowley	b1f3d24	2016-01-28 10:09:46 +0000	[diff] [blame]	385	LOG(ERROR) << "Failed to set policy on: " << path;
				386	return false;
				387	}
				388	return true;
Paul Crowley	95376d6	2015-05-06 15:04:43 +0100	[diff] [blame]	389	}
Paul Crowley	b33e887	2015-05-19 12:34:09 +0100	[diff] [blame]	390
Paul Crowley	df528a7	2016-03-09 09:31:37 -0800	[diff] [blame]	391	static bool is_numeric(const char* name) {
				392	for (const char* p = name; *p != '\0'; p++) {
				393	if (!isdigit(*p)) return false;
Paul Crowley	b92f83c	2016-02-01 14:10:43 +0000	[diff] [blame]	394	}
				395	return true;
				396	}
				397
				398	static bool load_all_de_keys() {
				399	auto de_dir = user_key_dir + "/de";
Paul Crowley	df528a7	2016-03-09 09:31:37 -0800	[diff] [blame]	400	auto dirp = std::unique_ptr<DIR, int ()(DIR)>(opendir(de_dir.c_str()), closedir);
Paul Crowley	b92f83c	2016-02-01 14:10:43 +0000	[diff] [blame]	401	if (!dirp) {
				402	PLOG(ERROR) << "Unable to read de key directory";
				403	return false;
				404	}
				405	for (;;) {
				406	errno = 0;
				407	auto entry = readdir(dirp.get());
				408	if (!entry) {
				409	if (errno) {
				410	PLOG(ERROR) << "Unable to read de key directory";
				411	return false;
				412	}
				413	break;
				414	}
				415	if (entry->d_type != DT_DIR \|\| !is_numeric(entry->d_name)) {
				416	LOG(DEBUG) << "Skipping non-de-key " << entry->d_name;
				417	continue;
				418	}
				419	userid_t user_id = atoi(entry->d_name);
				420	if (s_de_key_raw_refs.count(user_id) == 0) {
Paul Crowley	0572080	2016-02-08 15:55:41 +0000	[diff] [blame]	421	auto key_path = de_dir + "/" + entry->d_name;
				422	std::string key;
Paul Crowley	a051eb7	2016-03-08 16:08:32 -0800	[diff] [blame]	423	if (!android::vold::retrieveKey(key_path, kEmptyAuthentication, &key)) return false;
Paul Crowley	b92f83c	2016-02-01 14:10:43 +0000	[diff] [blame]	424	std::string raw_ref;
Paul Crowley	a051eb7	2016-03-08 16:08:32 -0800	[diff] [blame]	425	if (!install_key(key, &raw_ref)) return false;
Paul Crowley	b92f83c	2016-02-01 14:10:43 +0000	[diff] [blame]	426	s_de_key_raw_refs[user_id] = raw_ref;
				427	LOG(DEBUG) << "Installed de key for user " << user_id;
				428	}
				429	}
				430	// ext4enc:TODO: go through all DE directories, ensure that all user dirs have the
				431	// correct policy set on them, and that no rogue ones exist.
				432	return true;
				433	}
				434
Paul Crowley	df528a7	2016-03-09 09:31:37 -0800	[diff] [blame]	435	bool e4crypt_initialize_global_de() {
Paul Crowley	38132a1	2016-02-09 09:50:32 +0000	[diff] [blame]	436	LOG(INFO) << "e4crypt_initialize_global_de";
Paul Lawrence	aec34df	2016-02-03 10:52:41 -0800	[diff] [blame]	437
Paul Crowley	38132a1	2016-02-09 09:50:32 +0000	[diff] [blame]	438	if (s_global_de_initialized) {
				439	LOG(INFO) << "Already initialized";
Paul Crowley	76107cb	2016-02-09 10:04:39 +0000	[diff] [blame]	440	return true;
Paul Lawrence	aec34df	2016-02-03 10:52:41 -0800	[diff] [blame]	441	}
				442
Eric Biggers	b45caaf	2017-02-02 14:52:12 -0800	[diff] [blame]	443	const char *contents_mode;
				444	const char *filenames_mode;
				445	cryptfs_get_file_encryption_modes(&contents_mode, &filenames_mode);
				446	std::string modestring = std::string(contents_mode) + ":" + filenames_mode;
				447
Paul Lawrence	6e41059	2016-05-24 14:20:38 -0700	[diff] [blame]	448	std::string mode_filename = std::string("/data") + e4crypt_key_mode;
Eric Biggers	b45caaf	2017-02-02 14:52:12 -0800	[diff] [blame]	449	if (!android::base::WriteStringToFile(modestring, mode_filename)) {
Paul Lawrence	6e41059	2016-05-24 14:20:38 -0700	[diff] [blame]	450	PLOG(ERROR) << "Cannot save type";
				451	return false;
				452	}
				453
Paul Lawrence	aec34df	2016-02-03 10:52:41 -0800	[diff] [blame]	454	std::string device_key;
Paul Crowley	38132a1	2016-02-09 09:50:32 +0000	[diff] [blame]	455	if (path_exists(device_key_path)) {
				456	if (!android::vold::retrieveKey(device_key_path,
Paul Crowley	a051eb7	2016-03-08 16:08:32 -0800	[diff] [blame]	457	kEmptyAuthentication, &device_key)) return false;
Paul Crowley	38132a1	2016-02-09 09:50:32 +0000	[diff] [blame]	458	} else {
Paul Lawrence	aec34df	2016-02-03 10:52:41 -0800	[diff] [blame]	459	LOG(INFO) << "Creating new key";
Paul Crowley	a051eb7	2016-03-08 16:08:32 -0800	[diff] [blame]	460	if (!random_key(&device_key)) return false;
Paul Crowley	38132a1	2016-02-09 09:50:32 +0000	[diff] [blame]	461	if (!store_key(device_key_path, device_key_temp,
Paul Crowley	76107cb	2016-02-09 10:04:39 +0000	[diff] [blame]	462	kEmptyAuthentication, device_key)) return false;
Paul Lawrence	aec34df	2016-02-03 10:52:41 -0800	[diff] [blame]	463	}
				464
				465	std::string device_key_ref;
Paul Crowley	a051eb7	2016-03-08 16:08:32 -0800	[diff] [blame]	466	if (!install_key(device_key, &device_key_ref)) {
Paul Lawrence	aec34df	2016-02-03 10:52:41 -0800	[diff] [blame]	467	LOG(ERROR) << "Failed to install device key";
Paul Crowley	76107cb	2016-02-09 10:04:39 +0000	[diff] [blame]	468	return false;
Paul Lawrence	aec34df	2016-02-03 10:52:41 -0800	[diff] [blame]	469	}
				470
Paul Lawrence	f10544d	2016-02-04 08:18:52 -0800	[diff] [blame]	471	std::string ref_filename = std::string("/data") + e4crypt_key_ref;
				472	if (!android::base::WriteStringToFile(device_key_ref, ref_filename)) {
				473	PLOG(ERROR) << "Cannot save key reference";
Paul Crowley	76107cb	2016-02-09 10:04:39 +0000	[diff] [blame]	474	return false;
Paul Lawrence	aec34df	2016-02-03 10:52:41 -0800	[diff] [blame]	475	}
				476
Paul Crowley	38132a1	2016-02-09 09:50:32 +0000	[diff] [blame]	477	s_global_de_initialized = true;
Paul Crowley	76107cb	2016-02-09 10:04:39 +0000	[diff] [blame]	478	return true;
Paul Lawrence	aec34df	2016-02-03 10:52:41 -0800	[diff] [blame]	479	}
				480
Paul Crowley	76107cb	2016-02-09 10:04:39 +0000	[diff] [blame]	481	bool e4crypt_init_user0() {
Paul Crowley	8fb12fd	2016-02-01 14:28:12 +0000	[diff] [blame]	482	LOG(DEBUG) << "e4crypt_init_user0";
				483	if (e4crypt_is_native()) {
Paul Crowley	76107cb	2016-02-09 10:04:39 +0000	[diff] [blame]	484	if (!prepare_dir(user_key_dir, 0700, AID_ROOT, AID_ROOT)) return false;
				485	if (!prepare_dir(user_key_dir + "/ce", 0700, AID_ROOT, AID_ROOT)) return false;
				486	if (!prepare_dir(user_key_dir + "/de", 0700, AID_ROOT, AID_ROOT)) return false;
Paul Crowley	a363036	2016-05-17 14:17:56 -0700	[diff] [blame]	487	if (!path_exists(get_de_key_path(0))) {
Paul Crowley	76107cb	2016-02-09 10:04:39 +0000	[diff] [blame]	488	if (!create_and_install_user_keys(0, false)) return false;
Paul Crowley	8fb12fd	2016-02-01 14:28:12 +0000	[diff] [blame]	489	}
Jeff Sharkey	47695b2	2016-02-01 17:02:29 -0700	[diff] [blame]	490	// TODO: switch to loading only DE_0 here once framework makes
				491	// explicit calls to install DE keys for secondary users
Paul Crowley	76107cb	2016-02-09 10:04:39 +0000	[diff] [blame]	492	if (!load_all_de_keys()) return false;
Paul Crowley	8fb12fd	2016-02-01 14:28:12 +0000	[diff] [blame]	493	}
Jeff Sharkey	47695b2	2016-02-01 17:02:29 -0700	[diff] [blame]	494	// We can only safely prepare DE storage here, since CE keys are probably
				495	// entangled with user credentials. The framework will always prepare CE
				496	// storage once CE keys are installed.
Paul Crowley	76107cb	2016-02-09 10:04:39 +0000	[diff] [blame]	497	if (!e4crypt_prepare_user_storage(nullptr, 0, 0, FLAG_STORAGE_DE)) {
Jeff Sharkey	47695b2	2016-02-01 17:02:29 -0700	[diff] [blame]	498	LOG(ERROR) << "Failed to prepare user 0 storage";
Paul Crowley	76107cb	2016-02-09 10:04:39 +0000	[diff] [blame]	499	return false;
Jeff Sharkey	47695b2	2016-02-01 17:02:29 -0700	[diff] [blame]	500	}
Jeff Sharkey	0754a45	2016-02-08 12:21:42 -0700	[diff] [blame]	501
				502	// If this is a non-FBE device that recently left an emulated mode,
				503	// restore user data directories to known-good state.
				504	if (!e4crypt_is_native() && !e4crypt_is_emulated()) {
Jeff Sharkey	695d928	2016-02-08 18:10:34 -0700	[diff] [blame]	505	e4crypt_unlock_user_key(0, 0, "!", "!");
Jeff Sharkey	0754a45	2016-02-08 12:21:42 -0700	[diff] [blame]	506	}
				507
Paul Crowley	76107cb	2016-02-09 10:04:39 +0000	[diff] [blame]	508	return true;
Paul Crowley	8fb12fd	2016-02-01 14:28:12 +0000	[diff] [blame]	509	}
				510
Paul Crowley	76107cb	2016-02-09 10:04:39 +0000	[diff] [blame]	511	bool e4crypt_vold_create_user_key(userid_t user_id, int serial, bool ephemeral) {
Paul Crowley	285956f	2016-01-20 13:12:38 +0000	[diff] [blame]	512	LOG(DEBUG) << "e4crypt_vold_create_user_key for " << user_id << " serial " << serial;
Paul Crowley	ea62e26	2016-01-28 12:23:53 +0000	[diff] [blame]	513	if (!e4crypt_is_native()) {
Paul Crowley	76107cb	2016-02-09 10:04:39 +0000	[diff] [blame]	514	return true;
Paul Crowley	ea62e26	2016-01-28 12:23:53 +0000	[diff] [blame]	515	}
Paul Crowley	b1f3d24	2016-01-28 10:09:46 +0000	[diff] [blame]	516	// FIXME test for existence of key that is not loaded yet
				517	if (s_ce_key_raw_refs.count(user_id) != 0) {
Paul Crowley	df528a7	2016-03-09 09:31:37 -0800	[diff] [blame]	518	LOG(ERROR) << "Already exists, can't e4crypt_vold_create_user_key for " << user_id
				519	<< " serial " << serial;
Paul Crowley	285956f	2016-01-20 13:12:38 +0000	[diff] [blame]	520	// FIXME should we fail the command?
Paul Crowley	76107cb	2016-02-09 10:04:39 +0000	[diff] [blame]	521	return true;
Jeff Sharkey	d2c96e7	2015-11-08 17:56:23 -0800	[diff] [blame]	522	}
Paul Crowley	b92f83c	2016-02-01 14:10:43 +0000	[diff] [blame]	523	if (!create_and_install_user_keys(user_id, ephemeral)) {
Paul Crowley	76107cb	2016-02-09 10:04:39 +0000	[diff] [blame]	524	return false;
Paul Crowley	285956f	2016-01-20 13:12:38 +0000	[diff] [blame]	525	}
Paul Crowley	76107cb	2016-02-09 10:04:39 +0000	[diff] [blame]	526	return true;
Jeff Sharkey	d2c96e7	2015-11-08 17:56:23 -0800	[diff] [blame]	527	}
				528
Eric Biggers	fa4039b	2017-04-03 15:48:09 -0700	[diff] [blame^]	529	static bool evict_key(const std::string &raw_ref) {
Andrew Scull	7ec25c7	2016-10-31 10:28:25 +0000	[diff] [blame]	530	auto ref = keyname(raw_ref);
				531	key_serial_t device_keyring;
Eric Biggers	fa4039b	2017-04-03 15:48:09 -0700	[diff] [blame^]	532	if (!e4crypt_keyring(&device_keyring)) return false;
Andrew Scull	7ec25c7	2016-10-31 10:28:25 +0000	[diff] [blame]	533	auto key_serial = keyctl_search(device_keyring, "logon", ref.c_str(), 0);
Andrew Scull	7ec25c7	2016-10-31 10:28:25 +0000	[diff] [blame]	534
Eric Biggers	fa4039b	2017-04-03 15:48:09 -0700	[diff] [blame^]	535	// Unlink the key from the keyring. Prefer unlinking to revoking or
				536	// invalidating, since unlinking is actually no less secure currently, and
				537	// it avoids bugs in certain kernel versions where the keyring key is
				538	// referenced from places it shouldn't be.
				539	if (keyctl_unlink(key_serial, device_keyring) != 0) {
				540	PLOG(ERROR) << "Failed to unlink key with serial " << key_serial << " ref " << ref;
				541	return false;
				542	}
				543	LOG(DEBUG) << "Unlinked key with serial " << key_serial << " ref " << ref;
				544	return true;
Andrew Scull	7ec25c7	2016-10-31 10:28:25 +0000	[diff] [blame]	545	}
				546
				547	static bool evict_ce_key(userid_t user_id) {
				548	s_ce_keys.erase(user_id);
				549	bool success = true;
				550	std::string raw_ref;
				551	// If we haven't loaded the CE key, no need to evict it.
				552	if (lookup_key_ref(s_ce_key_raw_refs, user_id, &raw_ref)) {
				553	success &= evict_key(raw_ref);
				554	}
				555	s_ce_key_raw_refs.erase(user_id);
				556	return success;
				557	}
				558
Paul Crowley	76107cb	2016-02-09 10:04:39 +0000	[diff] [blame]	559	bool e4crypt_destroy_user_key(userid_t user_id) {
Paul Crowley	1ef2558	2016-01-21 20:26:12 +0000	[diff] [blame]	560	LOG(DEBUG) << "e4crypt_destroy_user_key(" << user_id << ")";
Paul Crowley	ea62e26	2016-01-28 12:23:53 +0000	[diff] [blame]	561	if (!e4crypt_is_native()) {
Paul Crowley	76107cb	2016-02-09 10:04:39 +0000	[diff] [blame]	562	return true;
Paul Crowley	ea62e26	2016-01-28 12:23:53 +0000	[diff] [blame]	563	}
Paul Crowley	b1f3d24	2016-01-28 10:09:46 +0000	[diff] [blame]	564	bool success = true;
				565	std::string raw_ref;
Andrew Scull	7ec25c7	2016-10-31 10:28:25 +0000	[diff] [blame]	566	success &= evict_ce_key(user_id);
				567	success &= lookup_key_ref(s_de_key_raw_refs, user_id, &raw_ref) && evict_key(raw_ref);
Paul Crowley	0572080	2016-02-08 15:55:41 +0000	[diff] [blame]	568	s_de_key_raw_refs.erase(user_id);
Paul Crowley	b1f3d24	2016-01-28 10:09:46 +0000	[diff] [blame]	569	auto it = s_ephemeral_users.find(user_id);
				570	if (it != s_ephemeral_users.end()) {
				571	s_ephemeral_users.erase(it);
Paul Crowley	1ef2558	2016-01-21 20:26:12 +0000	[diff] [blame]	572	} else {
Paul Crowley	a363036	2016-05-17 14:17:56 -0700	[diff] [blame]	573	for (auto const path: get_ce_key_paths(get_ce_key_directory_path(user_id))) {
				574	success &= android::vold::destroyKey(path);
				575	}
Paul Crowley	ab0b56a	2016-07-19 15:29:53 -0700	[diff] [blame]	576	auto de_key_path = get_de_key_path(user_id);
				577	if (path_exists(de_key_path)) {
				578	success &= android::vold::destroyKey(de_key_path);
				579	} else {
				580	LOG(INFO) << "Not present so not erasing: " << de_key_path;
				581	}
Lenka Trochtova	395039f	2015-11-25 10:13:03 +0100	[diff] [blame]	582	}
Paul Crowley	76107cb	2016-02-09 10:04:39 +0000	[diff] [blame]	583	return success;
Paul Crowley	b33e887	2015-05-19 12:34:09 +0100	[diff] [blame]	584	}
Jeff Sharkey	d2c96e7	2015-11-08 17:56:23 -0800	[diff] [blame]	585
Paul Crowley	76107cb	2016-02-09 10:04:39 +0000	[diff] [blame]	586	static bool emulated_lock(const std::string& path) {
Jeff Sharkey	7a9dd95	2016-01-12 16:52:16 -0700	[diff] [blame]	587	if (chmod(path.c_str(), 0000) != 0) {
				588	PLOG(ERROR) << "Failed to chmod " << path;
Paul Crowley	76107cb	2016-02-09 10:04:39 +0000	[diff] [blame]	589	return false;
Jeff Sharkey	7a9dd95	2016-01-12 16:52:16 -0700	[diff] [blame]	590	}
				591	#if EMULATED_USES_SELINUX
				592	if (setfilecon(path.c_str(), "u:object_r:storage_stub_file:s0") != 0) {
				593	PLOG(WARNING) << "Failed to setfilecon " << path;
Paul Crowley	76107cb	2016-02-09 10:04:39 +0000	[diff] [blame]	594	return false;
Jeff Sharkey	7a9dd95	2016-01-12 16:52:16 -0700	[diff] [blame]	595	}
				596	#endif
Paul Crowley	76107cb	2016-02-09 10:04:39 +0000	[diff] [blame]	597	return true;
Jeff Sharkey	7a9dd95	2016-01-12 16:52:16 -0700	[diff] [blame]	598	}
				599
Paul Crowley	76107cb	2016-02-09 10:04:39 +0000	[diff] [blame]	600	static bool emulated_unlock(const std::string& path, mode_t mode) {
Jeff Sharkey	7a9dd95	2016-01-12 16:52:16 -0700	[diff] [blame]	601	if (chmod(path.c_str(), mode) != 0) {
				602	PLOG(ERROR) << "Failed to chmod " << path;
Paul Crowley	a042cb5	2016-01-21 17:24:49 +0000	[diff] [blame]	603	// FIXME temporary workaround for b/26713622
Paul Crowley	76107cb	2016-02-09 10:04:39 +0000	[diff] [blame]	604	if (e4crypt_is_emulated()) return false;
Jeff Sharkey	7a9dd95	2016-01-12 16:52:16 -0700	[diff] [blame]	605	}
				606	#if EMULATED_USES_SELINUX
				607	if (selinux_android_restorecon(path.c_str(), SELINUX_ANDROID_RESTORECON_FORCE) != 0) {
				608	PLOG(WARNING) << "Failed to restorecon " << path;
Paul Crowley	a042cb5	2016-01-21 17:24:49 +0000	[diff] [blame]	609	// FIXME temporary workaround for b/26713622
Paul Crowley	76107cb	2016-02-09 10:04:39 +0000	[diff] [blame]	610	if (e4crypt_is_emulated()) return false;
Jeff Sharkey	7a9dd95	2016-01-12 16:52:16 -0700	[diff] [blame]	611	}
				612	#endif
Paul Crowley	76107cb	2016-02-09 10:04:39 +0000	[diff] [blame]	613	return true;
Jeff Sharkey	7a9dd95	2016-01-12 16:52:16 -0700	[diff] [blame]	614	}
				615
Paul Crowley	df528a7	2016-03-09 09:31:37 -0800	[diff] [blame]	616	static bool parse_hex(const char* hex, std::string* result) {
Paul Crowley	0572080	2016-02-08 15:55:41 +0000	[diff] [blame]	617	if (strcmp("!", hex) == 0) {
Paul Crowley	a051eb7	2016-03-08 16:08:32 -0800	[diff] [blame]	618	*result = "";
Paul Crowley	0572080	2016-02-08 15:55:41 +0000	[diff] [blame]	619	return true;
				620	}
Paul Crowley	a051eb7	2016-03-08 16:08:32 -0800	[diff] [blame]	621	if (android::vold::HexToStr(hex, *result) != 0) {
Paul Crowley	df528a7	2016-03-09 09:31:37 -0800	[diff] [blame]	622	LOG(ERROR) << "Invalid FBE hex string"; // Don't log the string for security reasons
Paul Crowley	0572080	2016-02-08 15:55:41 +0000	[diff] [blame]	623	return false;
				624	}
				625	return true;
				626	}
				627
Paul Crowley	a363036	2016-05-17 14:17:56 -0700	[diff] [blame]	628	bool e4crypt_add_user_key_auth(userid_t user_id, int serial, const char* token_hex,
				629	const char* secret_hex) {
				630	LOG(DEBUG) << "e4crypt_add_user_key_auth " << user_id << " serial=" << serial
Paul Crowley	df528a7	2016-03-09 09:31:37 -0800	[diff] [blame]	631	<< " token_present=" << (strcmp(token_hex, "!") != 0);
Paul Crowley	76107cb	2016-02-09 10:04:39 +0000	[diff] [blame]	632	if (!e4crypt_is_native()) return true;
				633	if (s_ephemeral_users.count(user_id) != 0) return true;
Paul Crowley	a363036	2016-05-17 14:17:56 -0700	[diff] [blame]	634	std::string token, secret;
Paul Crowley	a051eb7	2016-03-08 16:08:32 -0800	[diff] [blame]	635	if (!parse_hex(token_hex, &token)) return false;
Paul Crowley	a363036	2016-05-17 14:17:56 -0700	[diff] [blame]	636	if (!parse_hex(secret_hex, &secret)) return false;
				637	auto auth = secret.empty() ? kEmptyAuthentication
				638	: android::vold::KeyAuthentication(token, secret);
Paul Crowley	0572080	2016-02-08 15:55:41 +0000	[diff] [blame]	639	auto it = s_ce_keys.find(user_id);
				640	if (it == s_ce_keys.end()) {
				641	LOG(ERROR) << "Key not loaded into memory, can't change for user " << user_id;
Paul Crowley	76107cb	2016-02-09 10:04:39 +0000	[diff] [blame]	642	return false;
Paul Crowley	0572080	2016-02-08 15:55:41 +0000	[diff] [blame]	643	}
				644	auto ce_key = it->second;
Paul Crowley	a363036	2016-05-17 14:17:56 -0700	[diff] [blame]	645	auto const directory_path = get_ce_key_directory_path(user_id);
				646	auto const paths = get_ce_key_paths(directory_path);
				647	std::string ce_key_path;
				648	if (!get_ce_key_new_path(directory_path, paths, &ce_key_path)) return false;
				649	if (!store_key(ce_key_path, user_key_temp, auth, ce_key)) return false;
				650	return true;
				651	}
				652
				653	bool e4crypt_fixate_newest_user_key_auth(userid_t user_id) {
				654	LOG(DEBUG) << "e4crypt_fixate_newest_user_key_auth " << user_id;
				655	if (!e4crypt_is_native()) return true;
Paul Crowley	25a7138	2016-07-25 15:55:36 -0700	[diff] [blame]	656	if (s_ephemeral_users.count(user_id) != 0) return true;
Paul Crowley	a363036	2016-05-17 14:17:56 -0700	[diff] [blame]	657	auto const directory_path = get_ce_key_directory_path(user_id);
				658	auto const paths = get_ce_key_paths(directory_path);
				659	if (paths.empty()) {
				660	LOG(ERROR) << "No ce keys present, cannot fixate for user " << user_id;
				661	return false;
Paul Crowley	ad2eb64	2016-02-10 17:56:05 +0000	[diff] [blame]	662	}
Paul Crowley	a363036	2016-05-17 14:17:56 -0700	[diff] [blame]	663	fixate_user_ce_key(directory_path, paths[0], paths);
Paul Crowley	76107cb	2016-02-09 10:04:39 +0000	[diff] [blame]	664	return true;
Paul Crowley	0572080	2016-02-08 15:55:41 +0000	[diff] [blame]	665	}
				666
Jeff Sharkey	47695b2	2016-02-01 17:02:29 -0700	[diff] [blame]	667	// TODO: rename to 'install' for consistency, and take flags to know which keys to install
Paul Crowley	df528a7	2016-03-09 09:31:37 -0800	[diff] [blame]	668	bool e4crypt_unlock_user_key(userid_t user_id, int serial, const char* token_hex,
				669	const char* secret_hex) {
				670	LOG(DEBUG) << "e4crypt_unlock_user_key " << user_id << " serial=" << serial
				671	<< " token_present=" << (strcmp(token_hex, "!") != 0);
Jeff Sharkey	fc505c3	2015-12-07 17:27:01 -0700	[diff] [blame]	672	if (e4crypt_is_native()) {
Paul Crowley	0572080	2016-02-08 15:55:41 +0000	[diff] [blame]	673	if (s_ce_key_raw_refs.count(user_id) != 0) {
				674	LOG(WARNING) << "Tried to unlock already-unlocked key for user " << user_id;
Paul Crowley	76107cb	2016-02-09 10:04:39 +0000	[diff] [blame]	675	return true;
Paul Crowley	0572080	2016-02-08 15:55:41 +0000	[diff] [blame]	676	}
				677	std::string token, secret;
Paul Crowley	a051eb7	2016-03-08 16:08:32 -0800	[diff] [blame]	678	if (!parse_hex(token_hex, &token)) return false;
				679	if (!parse_hex(secret_hex, &secret)) return false;
Paul Crowley	0572080	2016-02-08 15:55:41 +0000	[diff] [blame]	680	android::vold::KeyAuthentication auth(token, secret);
				681	if (!read_and_install_user_ce_key(user_id, auth)) {
Paul Crowley	8fb12fd	2016-02-01 14:28:12 +0000	[diff] [blame]	682	LOG(ERROR) << "Couldn't read key for " << user_id;
Paul Crowley	76107cb	2016-02-09 10:04:39 +0000	[diff] [blame]	683	return false;
Jeff Sharkey	d2c96e7	2015-11-08 17:56:23 -0800	[diff] [blame]	684	}
Jeff Sharkey	fc505c3	2015-12-07 17:27:01 -0700	[diff] [blame]	685	} else {
				686	// When in emulation mode, we just use chmod. However, we also
				687	// unlock directories when not in emulation mode, to bring devices
				688	// back into a known-good state.
Paul Crowley	76107cb	2016-02-09 10:04:39 +0000	[diff] [blame]	689	if (!emulated_unlock(android::vold::BuildDataSystemCePath(user_id), 0771) \|\|
Paul Crowley	df528a7	2016-03-09 09:31:37 -0800	[diff] [blame]	690	!emulated_unlock(android::vold::BuildDataMiscCePath(user_id), 01771) \|\|
Jeff Sharkey	be70c9a	2016-04-14 20:45:16 -0600	[diff] [blame]	691	!emulated_unlock(android::vold::BuildDataMediaCePath(nullptr, user_id), 0770) \|\|
				692	!emulated_unlock(android::vold::BuildDataUserCePath(nullptr, user_id), 0771)) {
Jeff Sharkey	7a9dd95	2016-01-12 16:52:16 -0700	[diff] [blame]	693	LOG(ERROR) << "Failed to unlock user " << user_id;
Paul Crowley	76107cb	2016-02-09 10:04:39 +0000	[diff] [blame]	694	return false;
Jeff Sharkey	fc505c3	2015-12-07 17:27:01 -0700	[diff] [blame]	695	}
Jeff Sharkey	d2c96e7	2015-11-08 17:56:23 -0800	[diff] [blame]	696	}
Paul Crowley	76107cb	2016-02-09 10:04:39 +0000	[diff] [blame]	697	return true;
Jeff Sharkey	d2c96e7	2015-11-08 17:56:23 -0800	[diff] [blame]	698	}
				699
Jeff Sharkey	47695b2	2016-02-01 17:02:29 -0700	[diff] [blame]	700	// TODO: rename to 'evict' for consistency
Paul Crowley	76107cb	2016-02-09 10:04:39 +0000	[diff] [blame]	701	bool e4crypt_lock_user_key(userid_t user_id) {
Andrew Scull	7ec25c7	2016-10-31 10:28:25 +0000	[diff] [blame]	702	LOG(DEBUG) << "e4crypt_lock_user_key " << user_id;
Jeff Sharkey	fc505c3	2015-12-07 17:27:01 -0700	[diff] [blame]	703	if (e4crypt_is_native()) {
Andrew Scull	7ec25c7	2016-10-31 10:28:25 +0000	[diff] [blame]	704	return evict_ce_key(user_id);
Jeff Sharkey	fc505c3	2015-12-07 17:27:01 -0700	[diff] [blame]	705	} else if (e4crypt_is_emulated()) {
Jeff Sharkey	d2c96e7	2015-11-08 17:56:23 -0800	[diff] [blame]	706	// When in emulation mode, we just use chmod
Paul Crowley	76107cb	2016-02-09 10:04:39 +0000	[diff] [blame]	707	if (!emulated_lock(android::vold::BuildDataSystemCePath(user_id)) \|\|
Paul Crowley	df528a7	2016-03-09 09:31:37 -0800	[diff] [blame]	708	!emulated_lock(android::vold::BuildDataMiscCePath(user_id)) \|\|
Jeff Sharkey	be70c9a	2016-04-14 20:45:16 -0600	[diff] [blame]	709	!emulated_lock(android::vold::BuildDataMediaCePath(nullptr, user_id)) \|\|
				710	!emulated_lock(android::vold::BuildDataUserCePath(nullptr, user_id))) {
Paul Crowley	57eedbf	2016-02-09 09:30:23 +0000	[diff] [blame]	711	LOG(ERROR) << "Failed to lock user " << user_id;
Paul Crowley	76107cb	2016-02-09 10:04:39 +0000	[diff] [blame]	712	return false;
Jeff Sharkey	d2c96e7	2015-11-08 17:56:23 -0800	[diff] [blame]	713	}
Jeff Sharkey	d2c96e7	2015-11-08 17:56:23 -0800	[diff] [blame]	714	}
Jeff Sharkey	fc505c3	2015-12-07 17:27:01 -0700	[diff] [blame]	715
Paul Crowley	76107cb	2016-02-09 10:04:39 +0000	[diff] [blame]	716	return true;
Jeff Sharkey	d2c96e7	2015-11-08 17:56:23 -0800	[diff] [blame]	717	}
				718
Paul Crowley	df528a7	2016-03-09 09:31:37 -0800	[diff] [blame]	719	bool e4crypt_prepare_user_storage(const char* volume_uuid, userid_t user_id, int serial,
Jeff Sharkey	be70c9a	2016-04-14 20:45:16 -0600	[diff] [blame]	720	int flags) {
Jeff Sharkey	47695b2	2016-02-01 17:02:29 -0700	[diff] [blame]	721	LOG(DEBUG) << "e4crypt_prepare_user_storage for volume " << escape_null(volume_uuid)
Paul Crowley	df528a7	2016-03-09 09:31:37 -0800	[diff] [blame]	722	<< ", user " << user_id << ", serial " << serial << ", flags " << flags;
Jeff Sharkey	47695b2	2016-02-01 17:02:29 -0700	[diff] [blame]	723
				724	if (flags & FLAG_STORAGE_DE) {
Jeff Sharkey	be70c9a	2016-04-14 20:45:16 -0600	[diff] [blame]	725	// DE_sys key
				726	auto system_legacy_path = android::vold::BuildDataSystemLegacyPath(user_id);
				727	auto misc_legacy_path = android::vold::BuildDataMiscLegacyPath(user_id);
				728	auto profiles_de_path = android::vold::BuildDataProfilesDePath(user_id);
Jeff Sharkey	be70c9a	2016-04-14 20:45:16 -0600	[diff] [blame]	729
				730	// DE_n key
Jeff Sharkey	47695b2	2016-02-01 17:02:29 -0700	[diff] [blame]	731	auto system_de_path = android::vold::BuildDataSystemDePath(user_id);
				732	auto misc_de_path = android::vold::BuildDataMiscDePath(user_id);
				733	auto user_de_path = android::vold::BuildDataUserDePath(volume_uuid, user_id);
				734
Jeff Sharkey	be70c9a	2016-04-14 20:45:16 -0600	[diff] [blame]	735	if (!prepare_dir(system_legacy_path, 0700, AID_SYSTEM, AID_SYSTEM)) return false;
				736	#if MANAGE_MISC_DIRS
				737	if (!prepare_dir(misc_legacy_path, 0750, multiuser_get_uid(user_id, AID_SYSTEM),
				738	multiuser_get_uid(user_id, AID_EVERYBODY))) return false;
				739	#endif
				740	if (!prepare_dir(profiles_de_path, 0771, AID_SYSTEM, AID_SYSTEM)) return false;
Jeff Sharkey	be70c9a	2016-04-14 20:45:16 -0600	[diff] [blame]	741
Paul Crowley	76107cb	2016-02-09 10:04:39 +0000	[diff] [blame]	742	if (!prepare_dir(system_de_path, 0770, AID_SYSTEM, AID_SYSTEM)) return false;
				743	if (!prepare_dir(misc_de_path, 01771, AID_SYSTEM, AID_MISC)) return false;
				744	if (!prepare_dir(user_de_path, 0771, AID_SYSTEM, AID_SYSTEM)) return false;
Calin Juravle	d1ee944	2016-03-02 18:36:50 +0000	[diff] [blame]	745
Jeff Sharkey	be70c9a	2016-04-14 20:45:16 -0600	[diff] [blame]	746	// For now, FBE is only supported on internal storage
				747	if (e4crypt_is_native() && volume_uuid == nullptr) {
Jeff Sharkey	47695b2	2016-02-01 17:02:29 -0700	[diff] [blame]	748	std::string de_raw_ref;
Paul Crowley	a051eb7	2016-03-08 16:08:32 -0800	[diff] [blame]	749	if (!lookup_key_ref(s_de_key_raw_refs, user_id, &de_raw_ref)) return false;
Paul Crowley	76107cb	2016-02-09 10:04:39 +0000	[diff] [blame]	750	if (!ensure_policy(de_raw_ref, system_de_path)) return false;
				751	if (!ensure_policy(de_raw_ref, misc_de_path)) return false;
				752	if (!ensure_policy(de_raw_ref, user_de_path)) return false;
Jeff Sharkey	47695b2	2016-02-01 17:02:29 -0700	[diff] [blame]	753	}
Paul Crowley	285956f	2016-01-20 13:12:38 +0000	[diff] [blame]	754	}
Jeff Sharkey	d2c96e7	2015-11-08 17:56:23 -0800	[diff] [blame]	755
Jeff Sharkey	47695b2	2016-02-01 17:02:29 -0700	[diff] [blame]	756	if (flags & FLAG_STORAGE_CE) {
Jeff Sharkey	be70c9a	2016-04-14 20:45:16 -0600	[diff] [blame]	757	// CE_n key
Jeff Sharkey	47695b2	2016-02-01 17:02:29 -0700	[diff] [blame]	758	auto system_ce_path = android::vold::BuildDataSystemCePath(user_id);
				759	auto misc_ce_path = android::vold::BuildDataMiscCePath(user_id);
Jeff Sharkey	be70c9a	2016-04-14 20:45:16 -0600	[diff] [blame]	760	auto media_ce_path = android::vold::BuildDataMediaCePath(volume_uuid, user_id);
				761	auto user_ce_path = android::vold::BuildDataUserCePath(volume_uuid, user_id);
Jeff Sharkey	d2c96e7	2015-11-08 17:56:23 -0800	[diff] [blame]	762
Paul Crowley	76107cb	2016-02-09 10:04:39 +0000	[diff] [blame]	763	if (!prepare_dir(system_ce_path, 0770, AID_SYSTEM, AID_SYSTEM)) return false;
				764	if (!prepare_dir(misc_ce_path, 01771, AID_SYSTEM, AID_MISC)) return false;
				765	if (!prepare_dir(media_ce_path, 0770, AID_MEDIA_RW, AID_MEDIA_RW)) return false;
				766	if (!prepare_dir(user_ce_path, 0771, AID_SYSTEM, AID_SYSTEM)) return false;
Jeff Sharkey	47695b2	2016-02-01 17:02:29 -0700	[diff] [blame]	767
Jeff Sharkey	be70c9a	2016-04-14 20:45:16 -0600	[diff] [blame]	768	// For now, FBE is only supported on internal storage
				769	if (e4crypt_is_native() && volume_uuid == nullptr) {
Jeff Sharkey	47695b2	2016-02-01 17:02:29 -0700	[diff] [blame]	770	std::string ce_raw_ref;
Paul Crowley	a051eb7	2016-03-08 16:08:32 -0800	[diff] [blame]	771	if (!lookup_key_ref(s_ce_key_raw_refs, user_id, &ce_raw_ref)) return false;
Paul Crowley	76107cb	2016-02-09 10:04:39 +0000	[diff] [blame]	772	if (!ensure_policy(ce_raw_ref, system_ce_path)) return false;
				773	if (!ensure_policy(ce_raw_ref, misc_ce_path)) return false;
				774	if (!ensure_policy(ce_raw_ref, media_ce_path)) return false;
				775	if (!ensure_policy(ce_raw_ref, user_ce_path)) return false;
Jeff Sharkey	d24aeda	2016-07-15 16:20:22 -0600	[diff] [blame]	776
				777	// Now that credentials have been installed, we can run restorecon
				778	// over these paths
				779	// NOTE: these paths need to be kept in sync with libselinux
				780	android::vold::RestoreconRecursive(system_ce_path);
				781	android::vold::RestoreconRecursive(misc_ce_path);
Jeff Sharkey	47695b2	2016-02-01 17:02:29 -0700	[diff] [blame]	782	}
Jeff Sharkey	d2c96e7	2015-11-08 17:56:23 -0800	[diff] [blame]	783	}
				784
Paul Crowley	76107cb	2016-02-09 10:04:39 +0000	[diff] [blame]	785	return true;
Jeff Sharkey	d2c96e7	2015-11-08 17:56:23 -0800	[diff] [blame]	786	}
Jeff Sharkey	be70c9a	2016-04-14 20:45:16 -0600	[diff] [blame]	787
				788	bool e4crypt_destroy_user_storage(const char* volume_uuid, userid_t user_id, int flags) {
				789	LOG(DEBUG) << "e4crypt_destroy_user_storage for volume " << escape_null(volume_uuid)
				790	<< ", user " << user_id << ", flags " << flags;
				791	bool res = true;
				792
				793	if (flags & FLAG_STORAGE_DE) {
				794	// DE_sys key
				795	auto system_legacy_path = android::vold::BuildDataSystemLegacyPath(user_id);
				796	auto misc_legacy_path = android::vold::BuildDataMiscLegacyPath(user_id);
				797	auto profiles_de_path = android::vold::BuildDataProfilesDePath(user_id);
Jeff Sharkey	be70c9a	2016-04-14 20:45:16 -0600	[diff] [blame]	798
				799	// DE_n key
				800	auto system_de_path = android::vold::BuildDataSystemDePath(user_id);
				801	auto misc_de_path = android::vold::BuildDataMiscDePath(user_id);
				802	auto user_de_path = android::vold::BuildDataUserDePath(volume_uuid, user_id);
				803
				804	if (volume_uuid == nullptr) {
				805	res &= destroy_dir(system_legacy_path);
				806	#if MANAGE_MISC_DIRS
				807	res &= destroy_dir(misc_legacy_path);
				808	#endif
				809	res &= destroy_dir(profiles_de_path);
Jeff Sharkey	be70c9a	2016-04-14 20:45:16 -0600	[diff] [blame]	810	res &= destroy_dir(system_de_path);
				811	res &= destroy_dir(misc_de_path);
				812	}
				813	res &= destroy_dir(user_de_path);
				814	}
				815
				816	if (flags & FLAG_STORAGE_CE) {
				817	// CE_n key
				818	auto system_ce_path = android::vold::BuildDataSystemCePath(user_id);
				819	auto misc_ce_path = android::vold::BuildDataMiscCePath(user_id);
				820	auto media_ce_path = android::vold::BuildDataMediaCePath(volume_uuid, user_id);
				821	auto user_ce_path = android::vold::BuildDataUserCePath(volume_uuid, user_id);
				822
				823	if (volume_uuid == nullptr) {
				824	res &= destroy_dir(system_ce_path);
				825	res &= destroy_dir(misc_ce_path);
				826	}
				827	res &= destroy_dir(media_ce_path);
				828	res &= destroy_dir(user_ce_path);
				829	}
				830
				831	return res;
				832	}