From 7c111e45292974e4d1b2988600b165197498bcdc Mon Sep 17 00:00:00 2001 From: Eric Biggers Date: Wed, 10 Nov 2021 13:25:47 -0800 Subject: [PATCH 1/4] Remove scrypt-related code This is no longer used. Bug: 191796797 Change-Id: I05bc4dc9c25c050ace49606981c4f4db3d76f401 --- Android.bp | 2 -- KeyStorage.cpp | 6 ------ ScryptParameters.cpp | 51 -------------------------------------------- ScryptParameters.h | 28 ------------------------ 4 files changed, 87 deletions(-) delete mode 100644 ScryptParameters.cpp delete mode 100644 ScryptParameters.h diff --git a/Android.bp b/Android.bp index 35f74bf..2b2d91c 100644 --- a/Android.bp +++ b/Android.bp @@ -41,7 +41,6 @@ cc_defaults { "libfec_rs", "libfs_avb", "libfs_mgr", - "libscrypt_static", "libsquashfs_utils", "libvold_binder", ], @@ -130,7 +129,6 @@ cc_library_static { "NetlinkHandler.cpp", "NetlinkManager.cpp", "Process.cpp", - "ScryptParameters.cpp", "Utils.cpp", "VoldNativeService.cpp", "VoldNativeServiceValidation.cpp", diff --git a/KeyStorage.cpp b/KeyStorage.cpp index 4b39aef..007ce66 100644 --- a/KeyStorage.cpp +++ b/KeyStorage.cpp @@ -18,7 +18,6 @@ #include "Checkpoint.h" #include "Keystore.h" -#include "ScryptParameters.h" #include "Utils.h" #include @@ -45,11 +44,6 @@ #include -extern "C" { - -#include "crypto_scrypt.h" -} - namespace android { namespace vold { diff --git a/ScryptParameters.cpp b/ScryptParameters.cpp deleted file mode 100644 index f5a964f..0000000 --- a/ScryptParameters.cpp +++ /dev/null @@ -1,51 +0,0 @@ -/* - * Copyright (C) 2016 The Android Open Source Project - * - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ - -#include "ScryptParameters.h" - -#include -#include - -bool parse_scrypt_parameters(const char* paramstr, int* Nf, int* rf, int* pf) { - int params[3] = {}; - char* token; - char* saveptr; - int i; - - /* - * The token we're looking for should be three integers separated by - * colons (e.g., "12:8:1"). Scan the property to make sure it matches. - */ - for (i = 0, token = strtok_r(const_cast(paramstr), ":", &saveptr); - token != nullptr && i < 3; i++, token = strtok_r(nullptr, ":", &saveptr)) { - char* endptr; - params[i] = strtol(token, &endptr, 10); - - /* - * Check that there was a valid number and it's 8-bit. - */ - if ((*token == '\0') || (*endptr != '\0') || params[i] < 0 || params[i] > 255) { - return false; - } - } - if (token != nullptr) { - return false; - } - *Nf = params[0]; - *rf = params[1]; - *pf = params[2]; - return true; -} diff --git a/ScryptParameters.h b/ScryptParameters.h deleted file mode 100644 index edb80cc..0000000 --- a/ScryptParameters.h +++ /dev/null @@ -1,28 +0,0 @@ -/* - * Copyright (C) 2016 The Android Open Source Project - * - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ - -#ifndef ANDROID_VOLD_SCRYPT_PARAMETERS_H -#define ANDROID_VOLD_SCRYPT_PARAMETERS_H - -#include -#include - -#define SCRYPT_PROP "ro.crypto.scrypt_params" -#define SCRYPT_DEFAULTS "15:3:1" - -bool parse_scrypt_parameters(const char* paramstr, int* Nf, int* rf, int* pf); - -#endif From 230d664e0844ccd07b05af037ac752e9fbcf7e6b Mon Sep 17 00:00:00 2001 From: Eric Biggers Date: Wed, 10 Nov 2021 13:50:47 -0800 Subject: [PATCH 2/4] Remove CRYPT_FOOTER_OFFSET This is no longer used. Bug: 191796797 Change-Id: If1e9e3ad255714c37a8c1f292823f181eab7a1ce --- cryptfs.h | 4 ---- 1 file changed, 4 deletions(-) diff --git a/cryptfs.h b/cryptfs.h index 1cae5b7..e166f49 100644 --- a/cryptfs.h +++ b/cryptfs.h @@ -22,10 +22,6 @@ #include "KeyBuffer.h" #include "KeyUtil.h" -// TODO(b/191796797): remove this once it is no longer referenced by system/core -// and bootable/recovery. -#define CRYPT_FOOTER_OFFSET 0x4000 - int cryptfs_setup_ext_volume(const char* label, const char* real_blkdev, const android::vold::KeyBuffer& key, std::string* out_crypto_blkdev); const android::vold::KeyGeneration cryptfs_get_keygen(); From 72ca0cf3f9d21237ffef3546b843f5268c0a7da6 Mon Sep 17 00:00:00 2001 From: Eric Biggers Date: Wed, 10 Nov 2021 13:52:14 -0800 Subject: [PATCH 3/4] Remove IgnoreEarlyBootEnded() Now that FDE is no longer supported, this is no longer needed. Bug: 191796797 Change-Id: I71fd98e66fd0998b78b8d56507cc62e1a112263a --- VoldNativeService.cpp | 33 --------------------------------- 1 file changed, 33 deletions(-) diff --git a/VoldNativeService.cpp b/VoldNativeService.cpp index 415e48d..8c9cc16 100644 --- a/VoldNativeService.cpp +++ b/VoldNativeService.cpp @@ -26,7 +26,6 @@ #include #include -#include #include #include @@ -912,42 +911,10 @@ static void initializeIncFs() { incfs::features(); } -// This is missing from the kernel UAPI headers. -#define ST_RDONLY 0x0001 - -// FDE devices run the post-fs-data trigger (and hence also earlyBootEnded) -// multiple times, sometimes prior to the real /data being mounted. That causes -// keystore2 to try to open a file in /data, causing it to panic or have to be -// killed by vold later, causing problems (vold failing to connect to keystore2, -// or keystore2 operations erroring out later). As a workaround to keep FDE -// working, ignore these too-early calls to earlyBootEnded. -// -// This can be removed when support for FDE is removed. -static bool IgnoreEarlyBootEnded() { - // The statfs("/data") below should be sufficient by itself, but to be safe - // we also explicitly return false on FBE devices. (This really should be - // ro.crypto.type != "block" for "non-FDE devices", but on FDE devices this - // is sometimes called before ro.crypto.type gets set.) - if (fscrypt_is_native()) return false; - - struct statfs buf; - if (statfs(DATA_MNT_POINT, &buf) != 0) { - PLOG(ERROR) << "statfs(\"/data\") failed"; - return false; - } - if (buf.f_type == TMPFS_MAGIC || (buf.f_flags & ST_RDONLY)) { - LOG(INFO) << "Ignoring earlyBootEnded since real /data isn't mounted yet"; - return true; - } - return false; -} - binder::Status VoldNativeService::earlyBootEnded() { ENFORCE_SYSTEM_OR_ROOT; ACQUIRE_LOCK; - if (IgnoreEarlyBootEnded()) return Ok(); - initializeIncFs(); Keystore::earlyBootEnded(); return Ok(); From d89e239c56100e485712e8fa885128b75ad9d9ad Mon Sep 17 00:00:00 2001 From: Eric Biggers Date: Wed, 10 Nov 2021 13:56:28 -0800 Subject: [PATCH 4/4] Remove vdc.rc Now that FDE is no longer supported, the "defaultcrypto" and "encrypt" events are never triggered. Therefore, the actions in vdc.rc aren't needed anymore. Bug: 191796797 Change-Id: Icdff584ec664b3e038f0accdc826437d261fed51 --- Android.bp | 1 - vdc.rc | 12 ------------ 2 files changed, 13 deletions(-) delete mode 100644 vdc.rc diff --git a/Android.bp b/Android.bp index 2b2d91c..4750d1a 100644 --- a/Android.bp +++ b/Android.bp @@ -233,7 +233,6 @@ cc_binary { static_libs: [ "libvold_binder", ], - init_rc: ["vdc.rc"], } cc_binary { diff --git a/vdc.rc b/vdc.rc deleted file mode 100644 index f2a8076..0000000 --- a/vdc.rc +++ /dev/null @@ -1,12 +0,0 @@ -# One shot invocation to deal with encrypted volume. -on defaultcrypto - exec - root -- /system/bin/vdc --wait cryptfs mountdefaultencrypted - # vold will set vold.decrypt to trigger_restart_framework (default - # encryption) or trigger_restart_min_framework (other encryption) - -# One shot invocation to encrypt unencrypted volumes -on encrypt - start surfaceflinger - exec - root -- /system/bin/vdc --wait cryptfs enablecrypto - # vold will set vold.decrypt to trigger_restart_framework (default - # encryption)