tequilaOS/platform_system_vold
2
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity

clang-format many files.

Browse source 
Test: Format-only changes; treehugger suffices.
Change-Id: I23cde3f0bbcac13bef555d13514e922c79d5ad48
This commit is contained in:
Paul Crowley 2018-09-18 13:30:21 -07:00
parent 1251ef0bcf
commit 14c8c0765a
54 changed files with 1539 additions and 1698 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

2
Benchmark.cpp
View file

@ -28,8 +28,8 @@
#include <thread>
#include <sys/time.h>
#include <sys/resource.h>
#include <sys/time.h>
#include <unistd.h>
using android::base::ReadFileToString;

2
Benchmark.h
View file

@ -24,8 +24,10 @@
namespace android {
namespace vold {
// clang-format off
void Benchmark(const std::string& path,
const android::sp<android::os::IVoldTaskListener>& listener);
// clang-format on
} // namespace vold
} // namespace android

20
Devmapper.cpp
View file

@ -16,23 +16,22 @@
#define ATRACE_TAG ATRACE_TAG_PACKAGE_MANAGER
#include <errno.h>
#include <fcntl.h>
#include <stdio.h>
#include <stdlib.h>
#include <fcntl.h>
#include <unistd.h>
#include <errno.h>
#include <string.h>
#include <stdlib.h>
#include <unistd.h>
#include <sys/types.h>
#include <sys/ioctl.h>
#include <sys/stat.h>
#include <sys/types.h>
#include <linux/kdev_t.h>
#include <android-base/logging.h>
#include <android-base/strings.h>
#include <android-base/stringprintf.h>
#include <android-base/strings.h>
#include <utils/Trace.h>
#include "Devmapper.h"
@ -43,8 +42,7 @@ using android::base::StringPrintf;
static const char* kVoldPrefix = "vold:";
void Devmapper::ioctlInit(struct dm_ioctl *io, size_t dataSize,
const char *name, unsigned flags) {
void Devmapper::ioctlInit(struct dm_ioctl* io, size_t dataSize, const char* name, unsigned flags) {
memset(io, 0, dataSize);
io->data_size = dataSize;
io->data_start = sizeof(struct dm_ioctl);
@ -54,8 +52,7 @@ void Devmapper::ioctlInit(struct dm_ioctl *io, size_t dataSize,
io->flags = flags;
if (name) {
size_t ret = strlcpy(io->name, name, sizeof(io->name));
if (ret >= sizeof(io->name))
abort();
if (ret >= sizeof(io->name)) abort();
}
}
@ -266,8 +263,7 @@ int Devmapper::destroyAll() {
return 0;
}
void *Devmapper::_align(void *ptr, unsigned int a)
{
void* Devmapper::_align(void* ptr, unsigned int a) {
unsigned long agn = --a;
return (void*)(((unsigned long)ptr + agn) & ~agn);

5
Devmapper.h
View file

@ -17,8 +17,8 @@
#ifndef _DEVMAPPER_H
#define _DEVMAPPER_H
#include <unistd.h>
#include <linux/dm-ioctl.h>
#include <unistd.h>
class Devmapper {
public:
@ -29,8 +29,7 @@ public:
private:
static void* _align(void* ptr, unsigned int a);
static void ioctlInit(struct dm_ioctl *io, size_t data_size,
const char *name, unsigned flags);
static void ioctlInit(struct dm_ioctl* io, size_t data_size, const char* name, unsigned flags);
};
#endif

80
EncryptInplace.cpp
View file

@ -16,16 +16,16 @@
#include "EncryptInplace.h"
#include <stdio.h>
#include <stdint.h>
#include <inttypes.h>
#include <time.h>
#include <sys/types.h>
#include <sys/stat.h>
#include <fcntl.h>
#include <ext4_utils/ext4.h>
#include <ext4_utils/ext4_utils.h>
#include <f2fs_sparseblock.h>
#include <fcntl.h>
#include <inttypes.h>
#include <stdint.h>
#include <stdio.h>
#include <sys/stat.h>
#include <sys/types.h>
#include <time.h>
#include <algorithm>
@ -36,13 +36,11 @@
#include "cryptfs.h"
// FIXME horrible cut-and-paste code
static inline int unix_read(int fd, void* buff, int len)
{
static inline int unix_read(int fd, void* buff, int len) {
return TEMP_FAILURE_RETRY(read(fd, buff, len));
}
static inline int unix_write(int fd, const void* buff, int len)
{
static inline int unix_write(int fd, const void* buff, int len) {
return TEMP_FAILURE_RETRY(write(fd, buff, len));
}
@ -57,8 +55,7 @@ static inline int unix_write(int fd, const void* buff, int len)
#define BLOCKS_AT_A_TIME 1024
#endif
struct encryptGroupsData
{
struct encryptGroupsData {
int realfd;
int cryptofd;
off64_t numblocks;
@ -76,8 +73,7 @@ struct encryptGroupsData
bool set_progress_properties;
};
static void update_progress(struct encryptGroupsData* data, int is_used)
{
static void update_progress(struct encryptGroupsData* data, int is_used) {
data->blocks_already_done++;
if (is_used) {
@ -104,16 +100,14 @@ static void update_progress(struct encryptGroupsData* data, int is_used)
LOG(WARNING) << "Error getting time";
} else {
double elapsed_time = difftime(time_now.tv_sec, data->time_started);
off64_t remaining_blocks = data->tot_used_blocks
- data->used_blocks_already_done;
int remaining_time = (int)(elapsed_time * remaining_blocks
/ data->used_blocks_already_done);
off64_t remaining_blocks = data->tot_used_blocks - data->used_blocks_already_done;
int remaining_time =
(int)(elapsed_time * remaining_blocks / data->used_blocks_already_done);
// Change time only if not yet set, lower, or a lot higher for
// best user experience
if (data->remaining_time == -1
|| remaining_time < data->remaining_time
|| remaining_time > data->remaining_time + 60) {
if (data->remaining_time == -1 || remaining_time < data->remaining_time ||
remaining_time > data->remaining_time + 60) {
char buf[8];
snprintf(buf, sizeof(buf), "%d", remaining_time);
android::base::SetProperty("vold.encrypt_time_remaining", buf);
@ -123,8 +117,7 @@ static void update_progress(struct encryptGroupsData* data, int is_used)
}
}
static void log_progress(struct encryptGroupsData const* data, bool completed)
{
static void log_progress(struct encryptGroupsData const* data, bool completed) {
// Precondition - if completed data = 0 else data != 0
// Track progress so we can skip logging blocks
@ -147,8 +140,7 @@ static void log_progress(struct encryptGroupsData const* data, bool completed)
}
}
static int flush_outstanding_data(struct encryptGroupsData* data)
{
static int flush_outstanding_data(struct encryptGroupsData* data) {
if (data->count == 0) {
return 0;
}
@ -169,13 +161,12 @@ static int flush_outstanding_data(struct encryptGroupsData* data)
}
data->count = 0;
data->last_written_sector = (data->offset + data->count)
/ info.block_size * CRYPT_SECTOR_SIZE - 1;
data->last_written_sector =
(data->offset + data->count) / info.block_size * CRYPT_SECTOR_SIZE - 1;
return 0;
}
static int encrypt_groups(struct encryptGroupsData* data)
{
static int encrypt_groups(struct encryptGroupsData* data) {
unsigned int i;
u8* block_bitmap = 0;
unsigned int block;
@ -198,11 +189,9 @@ static int encrypt_groups(struct encryptGroupsData* data)
LOG(INFO) << "Encrypting group " << i;
u32 first_block = aux_info.first_data_block + i * info.blocks_per_group;
u32 block_count = std::min(info.blocks_per_group,
(u32)(aux_info.len_blocks - first_block));
u32 block_count = std::min(info.blocks_per_group, (u32)(aux_info.len_blocks - first_block));
off64_t offset = (u64)info.block_size
* aux_info.bg_desc[i].bg_block_bitmap;
off64_t offset = (u64)info.block_size * aux_info.bg_desc[i].bg_block_bitmap;
ret = pread64(data->realfd, block_bitmap, info.block_size, offset);
if (ret != (int)info.block_size) {
@ -215,8 +204,9 @@ static int encrypt_groups(struct encryptGroupsData* data)
data->count = 0;
for (block = 0; block < block_count; block++) {
int used = (aux_info.bg_desc[i].bg_flags & EXT4_BG_BLOCK_UNINIT) ?
0 : bitmap_get_bit(block_bitmap, block);
int used = (aux_info.bg_desc[i].bg_flags & EXT4_BG_BLOCK_UNINIT)
? 0
: bitmap_get_bit(block_bitmap, block);
update_progress(data, used);
if (used) {
if (data->count == 0) {
@ -232,8 +222,8 @@ static int encrypt_groups(struct encryptGroupsData* data)
offset += info.block_size;
/* Write data if we are aligned or buffer size reached */
if (offset % (info.block_size * BLOCKS_AT_A_TIME) == 0
|| data->count == BLOCKS_AT_A_TIME) {
if (offset % (info.block_size * BLOCKS_AT_A_TIME) == 0 ||
data->count == BLOCKS_AT_A_TIME) {
if (flush_outstanding_data(data)) {
goto errout;
}
@ -345,8 +335,7 @@ errout:
return rc;
}
static void log_progress_f2fs(u64 block, bool completed)
{
static void log_progress_f2fs(u64 block, bool completed) {
// Precondition - if completed data = 0 else data != 0
// Track progress so we can skip logging blocks
@ -369,8 +358,7 @@ static void log_progress_f2fs(u64 block, bool completed)
}
}
static int encrypt_one_block_f2fs(u64 pos, void *data)
{
static int encrypt_one_block_f2fs(u64 pos, void* data) {
struct encryptGroupsData* priv_dat = (struct encryptGroupsData*)data;
priv_dat->blocks_already_done = pos - 1;
@ -424,8 +412,7 @@ static int cryptfs_enable_inplace_f2fs(char* crypto_blkdev, char* real_blkdev, o
}
f2fs_info = generate_f2fs_info(data.realfd);
if (!f2fs_info)
goto errout;
if (!f2fs_info) goto errout;
data.numblocks = size / CRYPT_SECTORS_PER_BUFSIZE;
data.tot_numblocks = tot_size / CRYPT_SECTORS_PER_BUFSIZE;
@ -626,9 +613,8 @@ int cryptfs_enable_inplace(char* crypto_blkdev, char* real_blkdev, off64_t size,
LOG(DEBUG) << "cryptfs_enable_inplace_full()=" << rc_full;
/* Hack for b/17898962, the following is the symptom... */
if (rc_ext4 == ENABLE_INPLACE_ERR_DEV
&& rc_f2fs == ENABLE_INPLACE_ERR_DEV
&& rc_full == ENABLE_INPLACE_ERR_DEV) {
if (rc_ext4 == ENABLE_INPLACE_ERR_DEV && rc_f2fs == ENABLE_INPLACE_ERR_DEV &&
rc_full == ENABLE_INPLACE_ERR_DEV) {
LOG(DEBUG) << "ENABLE_INPLACE_ERR_DEV";
return ENABLE_INPLACE_ERR_DEV;
}

26
Ext4Crypt.cpp
View file

@ -31,12 +31,12 @@
#include <dirent.h>
#include <errno.h>
#include <fcntl.h>
#include <unistd.h>
#include <limits.h>
#include <selinux/android.h>
#include <sys/mount.h>
#include <sys/stat.h>
#include <sys/types.h>
#include <unistd.h>
#include <private/android_filesystem_config.h>
@ -93,7 +93,7 @@ std::map<userid_t, std::string> s_ce_key_raw_refs;
// TODO abolish this map, per b/26948053
std::map<userid_t, KeyBuffer> s_ce_keys;
}
} // namespace
static bool e4crypt_is_emulated() {
return property_get_bool("persist.sys.emulate_fbe", false);
@ -145,8 +145,7 @@ static std::string get_ce_key_current_path(const std::string& directory_path) {
}
static bool get_ce_key_new_path(const std::string& directory_path,
const std::vector<std::string>& paths,
std::string *ce_key_path) {
const std::vector<std::string>& paths, std::string* ce_key_path) {
if (paths.empty()) {
*ce_key_path = get_ce_key_current_path(directory_path);
return true;
@ -242,12 +241,14 @@ static bool create_and_install_user_keys(userid_t user_id, bool create_ephemeral
auto const paths = get_ce_key_paths(directory_path);
std::string ce_key_path;
if (!get_ce_key_new_path(directory_path, paths, &ce_key_path)) return false;
if (!android::vold::storeKeyAtomically(ce_key_path, user_key_temp,
kEmptyAuthentication, ce_key)) return false;
if (!android::vold::storeKeyAtomically(ce_key_path, user_key_temp, kEmptyAuthentication,
ce_key))
return false;
fixate_user_ce_key(directory_path, ce_key_path, paths);
// Write DE key second; once this is written, all is good.
if (!android::vold::storeKeyAtomically(get_de_key_path(user_id), user_key_temp,
kEmptyAuthentication, de_key)) return false;
kEmptyAuthentication, de_key))
return false;
}
std::string de_raw_ref;
if (!android::vold::installKey(de_key, &de_raw_ref)) return false;
@ -440,8 +441,8 @@ bool e4crypt_destroy_user_key(userid_t user_id) {
bool success = true;
std::string raw_ref;
success &= evict_ce_key(user_id);
success &= lookup_key_ref(s_de_key_raw_refs, user_id, &raw_ref)
&& android::vold::evictKey(raw_ref);
success &=
lookup_key_ref(s_de_key_raw_refs, user_id, &raw_ref) && android::vold::evictKey(raw_ref);
s_de_key_raw_refs.erase(user_id);
auto it = s_ephemeral_users.find(user_id);
if (it != s_ephemeral_users.end()) {
@ -556,8 +557,8 @@ bool e4crypt_add_user_key_auth(userid_t user_id, int serial, const std::string&
std::string token, secret;
if (!parse_hex(token_hex, &token)) return false;
if (!parse_hex(secret_hex, &secret)) return false;
auto auth = secret.empty() ? kEmptyAuthentication
: android::vold::KeyAuthentication(token, secret);
auto auth =
secret.empty() ? kEmptyAuthentication : android::vold::KeyAuthentication(token, secret);
auto it = s_ce_keys.find(user_id);
if (it == s_ce_keys.end()) {
LOG(ERROR) << "Key not loaded into memory, can't change for user " << user_id;
@ -670,7 +671,8 @@ bool e4crypt_prepare_user_storage(const std::string& volume_uuid, userid_t user_
if (!prepare_dir(system_legacy_path, 0700, AID_SYSTEM, AID_SYSTEM)) return false;
#if MANAGE_MISC_DIRS
if (!prepare_dir(misc_legacy_path, 0750, multiuser_get_uid(user_id, AID_SYSTEM),
multiuser_get_uid(user_id, AID_EVERYBODY))) return false;
multiuser_get_uid(user_id, AID_EVERYBODY)))
return false;
#endif
if (!prepare_dir(profiles_de_path, 0771, AID_SYSTEM, AID_SYSTEM)) return false;

30
FileDeviceUtils.cpp
View file

@ -16,15 +16,15 @@
#include "FileDeviceUtils.h"
#include <errno.h>
#include <fcntl.h>
#include <linux/fiemap.h>
#include <linux/fs.h>
#include <mntent.h>
#include <stdio.h>
#include <stdlib.h>
#include <errno.h>
#include <sys/types.h>
#include <sys/stat.h>
#include <fcntl.h>
#include <linux/fs.h>
#include <linux/fiemap.h>
#include <mntent.h>
#include <sys/types.h>
#include <android-base/file.h>
#include <android-base/logging.h>
@ -40,8 +40,7 @@ namespace android {
namespace vold {
// Given a file path, look for the corresponding block device in /proc/mount
std::string BlockDeviceForPath(const std::string &path)
{
std::string BlockDeviceForPath(const std::string& path) {
std::unique_ptr<FILE, int (*)(FILE*)> mnts(setmntent("/proc/mounts", "re"), endmntent);
if (!mnts) {
PLOG(ERROR) << "Unable to open /proc/mounts";
@ -52,9 +51,7 @@ std::string BlockDeviceForPath(const std::string &path)
struct mntent* mnt; // getmntent returns a thread local, so it's safe.
while ((mnt = getmntent(mnts.get())) != nullptr) {
auto l = strlen(mnt->mnt_dir);
if (l > best_length &&
path.size() > l &&
path[l] == '/' &&
if (l > best_length && path.size() > l && path[l] == '/' &&
path.compare(0, l, mnt->mnt_dir) == 0) {
result = mnt->mnt_fsname;
best_length = l;
@ -68,10 +65,8 @@ std::string BlockDeviceForPath(const std::string &path)
return result;
}
std::unique_ptr<struct fiemap> PathFiemap(const std::string &path, uint32_t extent_count)
{
android::base::unique_fd fd(TEMP_FAILURE_RETRY(open(
path.c_str(), O_RDONLY | O_CLOEXEC, 0)));
std::unique_ptr<struct fiemap> PathFiemap(const std::string& path, uint32_t extent_count) {
android::base::unique_fd fd(TEMP_FAILURE_RETRY(open(path.c_str(), O_RDONLY | O_CLOEXEC, 0)));
if (fd == -1) {
if (errno == ENOENT) {
PLOG(DEBUG) << "Unable to open " << path;
@ -99,8 +94,7 @@ std::unique_ptr<struct fiemap> PathFiemap(const std::string &path, uint32_t exte
namespace {
std::unique_ptr<struct fiemap> alloc_fiemap(uint32_t extent_count)
{
std::unique_ptr<struct fiemap> alloc_fiemap(uint32_t extent_count) {
size_t allocsize = offsetof(struct fiemap, fm_extents[extent_count]);
std::unique_ptr<struct fiemap> res(new (::operator new(allocsize)) struct fiemap);
memset(res.get(), 0, allocsize);
@ -112,4 +106,4 @@ std::unique_ptr<struct fiemap> alloc_fiemap(uint32_t extent_count)
return res;
}
}
} // namespace

2
FileDeviceUtils.h
View file

@ -17,8 +17,8 @@
#ifndef ANDROID_VOLD_FILEDEVICEUTILS_H
#define ANDROID_VOLD_FILEDEVICEUTILS_H
#include <string>
#include <linux/fiemap.h>
#include <string>
namespace android {
namespace vold {

29
IdleMaint.cpp
View file

@ -33,11 +33,11 @@
#include <private/android_filesystem_config.h>
#include <dirent.h>
#include <fcntl.h>
#include <sys/mount.h>
#include <sys/stat.h>
#include <sys/types.h>
#include <sys/wait.h>
#include <fcntl.h>
using android::base::Basename;
using android::base::ReadFileToString;
@ -80,8 +80,7 @@ static IdleMaintStats idle_maint_stat(IdleMaintStats::kStopped);
static std::condition_variable cv_abort, cv_stop;
static std::mutex cv_m;
static void addFromVolumeManager(std::list<std::string>* paths,
PathTypes path_type) {
static void addFromVolumeManager(std::list<std::string>* paths, PathTypes path_type) {
VolumeManager* vm = VolumeManager::Instance();
std::list<std::string> privateIds;
vm->listVolumes(VolumeBase::Type::kPrivate, privateIds);
@ -95,11 +94,9 @@ static void addFromVolumeManager(std::list<std::string>* paths,
const std::string& fs_type = vol->getFsType();
if (fs_type == "f2fs" && (Realpath(vol->getRawDmDevPath(), &gc_path) ||
Realpath(vol->getRawDevPath(), &gc_path))) {
paths->push_back(std::string("/sys/fs/") + fs_type +
"/" + Basename(gc_path));
paths->push_back(std::string("/sys/fs/") + fs_type + "/" + Basename(gc_path));
}
}
}
}
}
@ -138,10 +135,11 @@ static void addFromFstab(std::list<std::string>* paths, PathTypes path_type) {
} else if (path_type == PathTypes::kBlkDevice) {
std::string gc_path;
if (std::string(fstab->recs[i].fs_type) == "f2fs" &&
Realpath(android::vold::BlockDeviceForPath(
std::string(fstab->recs[i].mount_point) + "/"), &gc_path)) {
paths->push_back(std::string("/sys/fs/") + fstab->recs[i].fs_type +
"/" + Basename(gc_path));
Realpath(
android::vold::BlockDeviceForPath(std::string(fstab->recs[i].mount_point) + "/"),
&gc_path)) {
paths->push_back(std::string("/sys/fs/") + fstab->recs[i].fs_type + "/" +
Basename(gc_path));
}
}
@ -184,8 +182,8 @@ void Trim(const android::sp<android::os::IVoldTaskListener>& listener) {
}
} else {
nsecs_t time = systemTime(SYSTEM_TIME_BOOTTIME) - start;
LOG(INFO) << "Trimmed " << range.len << " bytes on " << path
<< " in " << nanoseconds_to_milliseconds(time) << "ms";
LOG(INFO) << "Trimmed " << range.len << " bytes on " << path << " in "
<< nanoseconds_to_milliseconds(time) << "ms";
extras.putLong(String16("bytes"), range.len);
extras.putLong(String16("time"), time);
if (listener) {
@ -230,8 +228,8 @@ static bool waitForGc(const std::list<std::string>& paths) {
}
lk.lock();
aborted = cv_abort.wait_for(lk, 10s, []{
return idle_maint_stat == IdleMaintStats::kAbort;});
aborted =
cv_abort.wait_for(lk, 10s, [] { return idle_maint_stat == IdleMaintStats::kAbort; });
lk.unlock();
}
@ -427,8 +425,7 @@ int AbortIdleMaint(const android::sp<android::os::IVoldTaskListener>& listener)
cv_abort.notify_one();
lk.lock();
LOG(DEBUG) << "aborting idle maintenance";
cv_stop.wait(lk, []{
return idle_maint_stat == IdleMaintStats::kStopped;});
cv_stop.wait(lk, [] { return idle_maint_stat == IdleMaintStats::kStopped; });
}
lk.unlock();

1
KeyBuffer.cpp
View file

@ -34,4 +34,3 @@ KeyBuffer operator+(KeyBuffer&& lhs, const char* rhs) {
} // namespace vold
} // namespace android

7
KeyBuffer.h
View file

@ -33,8 +33,7 @@ namespace vold {
#define OPTNONE __attribute__((optimize("O0")))
#endif // not __clang__
inline OPTNONE void* memset_s(void* s, int c, size_t n) {
if (!s)
return s;
if (!s) return s;
return memset(s, c, n);
}
#undef OPTNONE
@ -42,8 +41,7 @@ inline OPTNONE void* memset_s(void* s, int c, size_t n) {
// Allocator that delegates useful work to standard one but zeroes data before deallocating.
class ZeroingAllocator : public std::allocator<char> {
public:
void deallocate(pointer p, size_type n)
{
void deallocate(pointer p, size_type n) {
memset_s(p, 0, n);
std::allocator<char>::deallocate(p, n);
}
@ -60,4 +58,3 @@ KeyBuffer operator+(KeyBuffer&& lhs, const char* rhs);
} // namespace android
#endif

5
KeyStorage.cpp
View file

@ -568,7 +568,10 @@ bool destroyKey(const std::string& dir) {
success &= deleteKey(dir);
}
auto secdiscard_cmd = std::vector<std::string>{
kSecdiscardPath, "--", dir + "/" + kFn_encrypted_key, dir + "/" + kFn_secdiscardable,
kSecdiscardPath,
"--",
dir + "/" + kFn_encrypted_key,
dir + "/" + kFn_secdiscardable,
};
if (uses_km) {
secdiscard_cmd.emplace_back(dir + "/" + kFn_keymaster_key_blob);

14
KeyUtil.cpp
View file

@ -88,12 +88,7 @@ static bool fillKey(const KeyBuffer& key, ext4_encryption_key* ext4_key) {
return true;
}
static char const* const NAME_PREFIXES[] = {
"ext4",
"f2fs",
"fscrypt",
nullptr
};
static char const* const NAME_PREFIXES[] = {"ext4", "f2fs", "fscrypt", nullptr};
static std::string keyname(const std::string& prefix, const std::string& raw_ref) {
std::ostringstream o;
@ -185,8 +180,8 @@ bool retrieveAndInstallKey(bool create_if_absent, const KeyAuthentication& key_a
return true;
}
bool retrieveKey(bool create_if_absent, const std::string& key_path,
const std::string& tmp_path, KeyBuffer* key) {
bool retrieveKey(bool create_if_absent, const std::string& key_path, const std::string& tmp_path,
KeyBuffer* key) {
if (pathExists(key_path)) {
LOG(DEBUG) << "Key exists, using: " << key_path;
if (!retrieveKey(key_path, kEmptyAuthentication, key)) return false;
@ -197,8 +192,7 @@ bool retrieveKey(bool create_if_absent, const std::string& key_path,
}
LOG(INFO) << "Creating new key in " << key_path;
if (!randomKey(key)) return false;
if (!storeKeyAtomically(key_path, tmp_path,
kEmptyAuthentication, *key)) return false;
if (!storeKeyAtomically(key_path, tmp_path, kEmptyAuthentication, *key)) return false;
}
return true;
}

6
KeyUtil.h
View file

@ -20,8 +20,8 @@
#include "KeyBuffer.h"
#include "KeyStorage.h"
#include <string>
#include <memory>
#include <string>
namespace android {
namespace vold {
@ -32,8 +32,8 @@ bool evictKey(const std::string& raw_ref);
bool retrieveAndInstallKey(bool create_if_absent, const KeyAuthentication& key_authentication,
const std::string& key_path, const std::string& tmp_path,
std::string* key_ref);
bool retrieveKey(bool create_if_absent, const std::string& key_path,
const std::string& tmp_path, KeyBuffer* key);
bool retrieveKey(bool create_if_absent, const std::string& key_path, const std::string& tmp_path,
KeyBuffer* key);
} // namespace vold
} // namespace android

16
Loop.cpp
View file

@ -16,24 +16,24 @@
#define ATRACE_TAG ATRACE_TAG_PACKAGE_MANAGER
#include <dirent.h>
#include <errno.h>
#include <fcntl.h>
#include <stdio.h>
#include <stdlib.h>
#include <dirent.h>
#include <fcntl.h>
#include <unistd.h>
#include <errno.h>
#include <string.h>
#include <unistd.h>
#include <sys/mount.h>
#include <sys/types.h>
#include <sys/stat.h>
#include <sys/ioctl.h>
#include <sys/mount.h>
#include <sys/stat.h>
#include <sys/types.h>
#include <linux/kdev_t.h>
#include <android-base/logging.h>
#include <android-base/strings.h>
#include <android-base/stringprintf.h>
#include <android-base/strings.h>
#include <android-base/unique_fd.h>
#include <utils/Trace.h>

5
Loop.h
View file

@ -17,13 +17,14 @@
#ifndef _LOOP_H
#define _LOOP_H
#include <string>
#include <unistd.h>
#include <linux/loop.h>
#include <unistd.h>
#include <string>
class Loop {
public:
static const int LOOP_MAX = 4096;
public:
static int create(const std::string& file, std::string& out_device);
static int destroyByDevice(const char* loopDevice);

21
MetadataCrypt.cpp
View file

@ -14,13 +14,13 @@
* limitations under the License.
*/
#include "KeyBuffer.h"
#include "MetadataCrypt.h"
#include "KeyBuffer.h"
#include <algorithm>
#include <string>
#include <thread>
#include <vector>
#include <algorithm>
#include <fcntl.h>
#include <sys/ioctl.h>
@ -39,9 +39,9 @@
#include "EncryptInplace.h"
#include "KeyStorage.h"
#include "KeyUtil.h"
#include "secontext.h"
#include "Utils.h"
#include "VoldUtil.h"
#include "secontext.h"
#define DM_CRYPT_BUF_SIZE 4096
#define TABLE_LOAD_RETRIES 10
@ -100,8 +100,8 @@ static KeyBuffer default_key_params(const std::string& real_blkdev, const KeyBuf
}
static bool get_number_of_sectors(const std::string& real_blkdev, uint64_t* nr_sec) {
android::base::unique_fd dev_fd(TEMP_FAILURE_RETRY(open(
real_blkdev.c_str(), O_RDONLY | O_CLOEXEC, 0)));
android::base::unique_fd dev_fd(
TEMP_FAILURE_RETRY(open(real_blkdev.c_str(), O_RDONLY | O_CLOEXEC, 0)));
if (dev_fd == -1) {
PLOG(ERROR) << "Unable to open " << real_blkdev << " to measure size";
return false;
@ -117,8 +117,7 @@ static bool get_number_of_sectors(const std::string& real_blkdev, uint64_t *nr_s
return true;
}
static struct dm_ioctl* dm_ioctl_init(char *buffer, size_t buffer_size,
const std::string& dm_name) {
static struct dm_ioctl* dm_ioctl_init(char* buffer, size_t buffer_size, const std::string& dm_name) {
if (buffer_size < sizeof(dm_ioctl)) {
LOG(ERROR) << "dm_ioctl buffer too small";
return nullptr;
@ -139,8 +138,8 @@ static struct dm_ioctl* dm_ioctl_init(char *buffer, size_t buffer_size,
static bool create_crypto_blk_dev(const std::string& dm_name, uint64_t nr_sec,
const std::string& target_type, const KeyBuffer& crypt_params,
std::string* crypto_blkdev) {
android::base::unique_fd dm_fd(TEMP_FAILURE_RETRY(open(
"/dev/device-mapper", O_RDWR | O_CLOEXEC, 0)));
android::base::unique_fd dm_fd(
TEMP_FAILURE_RETRY(open("/dev/device-mapper", O_RDWR | O_CLOEXEC, 0)));
if (dm_fd == -1) {
PLOG(ERROR) << "Cannot open device-mapper";
return false;
@ -158,8 +157,8 @@ static bool create_crypto_blk_dev(const std::string& dm_name, uint64_t nr_sec,
PLOG(ERROR) << "Cannot retrieve dm-crypt device status " << dm_name;
return false;
}
*crypto_blkdev = std::string() + "/dev/block/dm-" + std::to_string(
(io->dev & 0xff) | ((io->dev >> 12) & 0xfff00));
*crypto_blkdev = std::string() + "/dev/block/dm-" +
std::to_string((io->dev & 0xff) | ((io->dev >> 12) & 0xfff00));
io = dm_ioctl_init(buffer, sizeof(buffer), dm_name);
size_t paramix = io->data_start + sizeof(struct dm_target_spec);

20
MoveStorage.cpp
View file

@ -29,7 +29,8 @@
#include <dirent.h>
#include <sys/wait.h>
#define CONSTRAIN(amount, low, high) ((amount) < (low) ? (low) : ((amount) > (high) ? (high) : (amount)))
#define CONSTRAIN(amount, low, high) \
((amount) < (low) ? (low) : ((amount) > (high) ? (high) : (amount)))
static const char* kPropBlockingExec = "persist.sys.blocking_exec";
@ -114,14 +115,17 @@ static status_t execRm(const std::string& path, int startProgress, int stepProgr
sleep(1);
uint64_t deltaFreeBytes = GetFreeBytes(path) - startFreeBytes;
notifyProgress(startProgress + CONSTRAIN((int)
((deltaFreeBytes * stepProgress) / expectedBytes), 0, stepProgress), listener);
notifyProgress(
startProgress +
CONSTRAIN((int)((deltaFreeBytes * stepProgress) / expectedBytes), 0, stepProgress),
listener);
}
return -1;
}
static status_t execCp(const std::string& fromPath, const std::string& toPath, int startProgress,
int stepProgress, const android::sp<android::os::IVoldTaskListener>& listener) {
int stepProgress,
const android::sp<android::os::IVoldTaskListener>& listener) {
notifyProgress(startProgress, listener);
uint64_t expectedBytes = GetTreeBytes(fromPath);
@ -165,8 +169,10 @@ static status_t execCp(const std::string& fromPath, const std::string& toPath, i
sleep(1);
uint64_t deltaFreeBytes = startFreeBytes - GetFreeBytes(toPath);
notifyProgress(startProgress + CONSTRAIN((int)
((deltaFreeBytes * stepProgress) / expectedBytes), 0, stepProgress), listener);
notifyProgress(
startProgress +
CONSTRAIN((int)((deltaFreeBytes * stepProgress) / expectedBytes), 0, stepProgress),
listener);
}
return -1;
}
@ -239,11 +245,13 @@ copy_fail:
// useful anyway.
execRm(toPath, 80, 1, listener);
fail:
// clang-format off
{
std::lock_guard<std::mutex> lock(VolumeManager::Instance()->getLock());
bringOnline(from);
bringOnline(to);
}
// clang-format on
notifyProgress(kMoveFailedInternalError, listener);
return -1;
}

9
NetlinkHandler.cpp
View file

@ -14,9 +14,9 @@
* limitations under the License.
*/
#include <errno.h>
#include <stdio.h>
#include <stdlib.h>
#include <errno.h>
#include <string.h>
#include <android-base/logging.h>
@ -25,12 +25,9 @@
#include "NetlinkHandler.h"
#include "VolumeManager.h"
NetlinkHandler::NetlinkHandler(int listenerSocket) :
NetlinkListener(listenerSocket) {
}
NetlinkHandler::NetlinkHandler(int listenerSocket) : NetlinkListener(listenerSocket) {}
NetlinkHandler::~NetlinkHandler() {
}
NetlinkHandler::~NetlinkHandler() {}
int NetlinkHandler::start() {
return this->startListener();

1
NetlinkHandler.h
View file

@ -20,7 +20,6 @@
#include <sysutils/NetlinkListener.h>
class NetlinkHandler : public NetlinkListener {
public:
explicit NetlinkHandler(int listenerSocket);
virtual ~NetlinkHandler();

15
NetlinkManager.cpp
View file

@ -14,12 +14,12 @@
* limitations under the License.
*/
#include <stdio.h>
#include <errno.h>
#include <stdio.h>
#include <string.h>
#include <sys/socket.h>
#include <sys/select.h>
#include <sys/socket.h>
#include <sys/time.h>
#include <sys/types.h>
#include <sys/un.h>
@ -28,14 +28,13 @@
#include <android-base/logging.h>
#include "NetlinkManager.h"
#include "NetlinkHandler.h"
#include "NetlinkManager.h"
NetlinkManager* NetlinkManager::sInstance = NULL;
NetlinkManager* NetlinkManager::Instance() {
if (!sInstance)
sInstance = new NetlinkManager();
if (!sInstance) sInstance = new NetlinkManager();
return sInstance;
}
@ -43,8 +42,7 @@ NetlinkManager::NetlinkManager() {
mBroadcaster = NULL;
}
NetlinkManager::~NetlinkManager() {
}
NetlinkManager::~NetlinkManager() {}
int NetlinkManager::start() {
struct sockaddr_nl nladdr;
@ -56,8 +54,7 @@ int NetlinkManager::start() {
nladdr.nl_pid = getpid();
nladdr.nl_groups = 0xffffffff;
if ((mSock = socket(PF_NETLINK, SOCK_DGRAM | SOCK_CLOEXEC,
NETLINK_KOBJECT_UEVENT)) < 0) {
if ((mSock = socket(PF_NETLINK, SOCK_DGRAM | SOCK_CLOEXEC, NETLINK_KOBJECT_UEVENT)) < 0) {
PLOG(ERROR) << "Unable to create uevent socket";
return -1;
}

2
NetlinkManager.h
View file

@ -17,8 +17,8 @@
#ifndef _NETLINKMANAGER_H
#define _NETLINKMANAGER_H
#include <sysutils/SocketListener.h>
#include <sysutils/NetlinkListener.h>
#include <sysutils/SocketListener.h>
class NetlinkHandler;

22
Process.cpp
View file

@ -14,28 +14,28 @@
* limitations under the License.
*/
#include <stdio.h>
#include <unistd.h>
#include <ctype.h>
#include <dirent.h>
#include <errno.h>
#include <string.h>
#include <fcntl.h>
#include <fts.h>
#include <dirent.h>
#include <ctype.h>
#include <pwd.h>
#include <stdlib.h>
#include <poll.h>
#include <sys/stat.h>
#include <pwd.h>
#include <signal.h>
#include <stdio.h>
#include <stdlib.h>
#include <string.h>
#include <sys/stat.h>
#include <unistd.h>
#include <fstream>
#include <unordered_set>
#include <android-base/file.h>
#include <android-base/parseint.h>
#include <android-base/strings.h>
#include <android-base/stringprintf.h>
#include <android-base/logging.h>
#include <android-base/parseint.h>
#include <android-base/stringprintf.h>
#include <android-base/strings.h>
#include "Process.h"

7
ScryptParameters.cpp
View file

@ -30,8 +30,7 @@ bool parse_scrypt_parameters(const char* paramstr, int *Nf, int *rf, int *pf) {
* colons (e.g., "12:8:1"). Scan the property to make sure it matches.
*/
for (i = 0, token = strtok_r(const_cast<char*>(paramstr), ":", &saveptr);
token != nullptr && i < 3;
i++, token = strtok_r(nullptr, ":", &saveptr)) {
token != nullptr && i < 3; i++, token = strtok_r(nullptr, ":", &saveptr)) {
char* endptr;
params[i] = strtol(token, &endptr, 10);
@ -45,6 +44,8 @@ bool parse_scrypt_parameters(const char* paramstr, int *Nf, int *rf, int *pf) {
if (token != nullptr) {
return false;
}
*Nf = params[0]; *rf = params[1]; *pf = params[2];
*Nf = params[0];
*rf = params[1];
*pf = params[2];
return true;
}

47
Utils.cpp
View file

@ -22,23 +22,23 @@
#include <android-base/file.h>
#include <android-base/logging.h>
#include <android-base/properties.h>
#include <android-base/strings.h>
#include <android-base/stringprintf.h>
#include <android-base/strings.h>
#include <cutils/fs.h>
#include <logwrap/logwrap.h>
#include <private/android_filesystem_config.h>
#include <mutex>
#include <dirent.h>
#include <fcntl.h>
#include <linux/fs.h>
#include <stdlib.h>
#include <sys/mount.h>
#include <sys/types.h>
#include <sys/stat.h>
#include <sys/sysmacros.h>
#include <sys/wait.h>
#include <sys/statvfs.h>
#include <sys/sysmacros.h>
#include <sys/types.h>
#include <sys/wait.h>
#include <mutex>
#ifndef UMOUNT_NOFOLLOW
#define UMOUNT_NOFOLLOW 0x00000008 /* Don't follow symlink on umount */
@ -81,8 +81,8 @@ status_t CreateDeviceNode(const std::string& path, dev_t dev) {
mode_t mode = 0660 | S_IFBLK;
if (mknod(cpath, mode, dev) < 0) {
if (errno != EEXIST) {
PLOG(ERROR) << "Failed to create device node for " << major(dev)
<< ":" << minor(dev) << " at " << path;
PLOG(ERROR) << "Failed to create device node for " << major(dev) << ":" << minor(dev)
<< " at " << path;
res = -errno;
}
}
@ -209,8 +209,8 @@ bool FindValue(const std::string& raw, const std::string& key, std::string* valu
return true;
}
static status_t readMetadata(const std::string& path, std::string* fsType,
std::string* fsUuid, std::string* fsLabel, bool untrusted) {
static status_t readMetadata(const std::string& path, std::string* fsType, std::string* fsUuid,
std::string* fsLabel, bool untrusted) {
fsType->clear();
fsUuid->clear();
fsLabel->clear();
@ -244,13 +244,13 @@ static status_t readMetadata(const std::string& path, std::string* fsType,
return OK;
}
status_t ReadMetadata(const std::string& path, std::string* fsType,
std::string* fsUuid, std::string* fsLabel) {
status_t ReadMetadata(const std::string& path, std::string* fsType, std::string* fsUuid,
std::string* fsLabel) {
return readMetadata(path, fsType, fsUuid, fsLabel, false);
}
status_t ReadMetadataUntrusted(const std::string& path, std::string* fsType,
std::string* fsUuid, std::string* fsLabel) {
status_t ReadMetadataUntrusted(const std::string& path, std::string* fsType, std::string* fsUuid,
std::string* fsLabel) {
return readMetadata(path, fsType, fsUuid, fsLabel, true);
}
@ -289,13 +289,12 @@ status_t ForkExecvp(const std::vector<std::string>& args, security_context_t con
return res;
}
status_t ForkExecvp(const std::vector<std::string>& args,
std::vector<std::string>& output) {
status_t ForkExecvp(const std::vector<std::string>& args, std::vector<std::string>& output) {
return ForkExecvp(args, output, nullptr);
}
status_t ForkExecvp(const std::vector<std::string>& args,
std::vector<std::string>& output, security_context_t context) {
status_t ForkExecvp(const std::vector<std::string>& args, std::vector<std::string>& output,
security_context_t context) {
std::lock_guard<std::mutex> lock(kSecurityLock);
std::string cmd;
for (size_t i = 0; i < args.size(); i++) {
@ -415,6 +414,7 @@ status_t HexToStr(const std::string& hex, std::string& str) {
for (size_t i = 0; i < hex.size(); i++) {
int val = 0;
switch (hex[i]) {
// clang-format off
case ' ': case '-': case ':': continue;
case 'f': case 'F': val = 15; break;
case 'e': case 'E': val = 14; break;
@ -433,6 +433,7 @@ status_t HexToStr(const std::string& hex, std::string& str) {
case '1': val = 1; break;
case '0': val = 0; break;
default: return -EINVAL;
// clang-format on
}
if (even) {
@ -523,10 +524,8 @@ int64_t calculate_dir_size(int dfd) {
/* always skip "." and ".." */
if (name[0] == '.') {
if (name[1] == 0)
continue;
if ((name[1] == '.') && (name[2] == 0))
continue;
if (name[1] == 0) continue;
if ((name[1] == '.') && (name[2] == 0)) continue;
}
subfd = openat(dfd, name, O_RDONLY | O_DIRECTORY | O_CLOEXEC);
@ -592,8 +591,7 @@ done:
}
static bool isValidFilename(const std::string& name) {
if (name.empty() || (name == ".") || (name == "..")
|| (name.find('/') != std::string::npos)) {
if (name.empty() || (name == ".") || (name == "..") || (name.find('/') != std::string::npos)) {
return false;
} else {
return true;
@ -713,8 +711,7 @@ bool Readlinkat(int dirfd, const std::string& path, std::string* result) {
while (true) {
ssize_t size = readlinkat(dirfd, path.c_str(), &buf[0], buf.size());
// Unrecoverable error?
if (size == -1)
return false;
if (size == -1) return false;
// It fit! (If size == buf.size(), it may have been truncated.)
if (static_cast<size_t>(size) < buf.size()) {
result->assign(&buf[0], size);

19
Utils.h
View file

@ -20,12 +20,12 @@
#include "KeyBuffer.h"
#include <android-base/macros.h>
#include <utils/Errors.h>
#include <cutils/multiuser.h>
#include <selinux/selinux.h>
#include <utils/Errors.h>
#include <vector>
#include <string>
#include <vector>
struct DIR;
@ -59,21 +59,20 @@ status_t BindMount(const std::string& source, const std::string& target);
bool FindValue(const std::string& raw, const std::string& key, std::string* value);
/* Reads filesystem metadata from device at path */
status_t ReadMetadata(const std::string& path, std::string* fsType,
std::string* fsUuid, std::string* fsLabel);
status_t ReadMetadata(const std::string& path, std::string* fsType, std::string* fsUuid,
std::string* fsLabel);
/* Reads filesystem metadata from untrusted device at path */
status_t ReadMetadataUntrusted(const std::string& path, std::string* fsType,
std::string* fsUuid, std::string* fsLabel);
status_t ReadMetadataUntrusted(const std::string& path, std::string* fsType, std::string* fsUuid,
std::string* fsLabel);
/* Returns either WEXITSTATUS() status, or a negative errno */
status_t ForkExecvp(const std::vector<std::string>& args);
status_t ForkExecvp(const std::vector<std::string>& args, security_context_t context);
status_t ForkExecvp(const std::vector<std::string>& args,
std::vector<std::string>& output);
status_t ForkExecvp(const std::vector<std::string>& args,
std::vector<std::string>& output, security_context_t context);
status_t ForkExecvp(const std::vector<std::string>& args, std::vector<std::string>& output);
status_t ForkExecvp(const std::vector<std::string>& args, std::vector<std::string>& output,
security_context_t context);
pid_t ForkExecvpAsync(const std::vector<std::string>& args);

2
VoldUtil.cpp
View file

@ -14,8 +14,8 @@
* limitations under the License.
*/
#include <sys/ioctl.h>
#include <linux/fs.h>
#include <sys/ioctl.h>
struct fstab* fstab_default;

387
cryptfs.cpp
View file

@ -80,12 +80,10 @@ extern "C" {
constexpr size_t INTERMEDIATE_KEY_LEN_BYTES = 16;
constexpr size_t INTERMEDIATE_IV_LEN_BYTES = 16;
constexpr size_t INTERMEDIATE_BUF_SIZE =
(INTERMEDIATE_KEY_LEN_BYTES + INTERMEDIATE_IV_LEN_BYTES);
constexpr size_t INTERMEDIATE_BUF_SIZE = (INTERMEDIATE_KEY_LEN_BYTES + INTERMEDIATE_IV_LEN_BYTES);
// SCRYPT_LEN is used by struct crypt_mnt_ftr for its intermediate key.
static_assert(INTERMEDIATE_BUF_SIZE == SCRYPT_LEN,
"Mismatch of intermediate key sizes");
static_assert(INTERMEDIATE_BUF_SIZE == SCRYPT_LEN, "Mismatch of intermediate key sizes");
#define KEY_IN_FOOTER "footer"
@ -118,22 +116,20 @@ static int master_key_saved = 0;
static struct crypt_persist_data* persist_data = NULL;
/* Should we use keymaster? */
static int keymaster_check_compatibility()
{
static int keymaster_check_compatibility() {
return keymaster_compatibility_cryptfs_scrypt();
}
/* Create a new keymaster key and store it in this footer */
static int keymaster_create_key(struct crypt_mnt_ftr *ftr)
{
static int keymaster_create_key(struct crypt_mnt_ftr* ftr) {
if (ftr->keymaster_blob_size) {
SLOGI("Already have key");
return 0;
}
int rc = keymaster_create_key_for_cryptfs_scrypt(RSA_KEY_SIZE, RSA_EXPONENT,
KEYMASTER_CRYPTFS_RATE_LIMIT, ftr->keymaster_blob, KEYMASTER_BLOB_SIZE,
&ftr->keymaster_blob_size);
int rc = keymaster_create_key_for_cryptfs_scrypt(
RSA_KEY_SIZE, RSA_EXPONENT, KEYMASTER_CRYPTFS_RATE_LIMIT, ftr->keymaster_blob,
KEYMASTER_BLOB_SIZE, &ftr->keymaster_blob_size);
if (rc) {
if (ftr->keymaster_blob_size > KEYMASTER_BLOB_SIZE) {
SLOGE("Keymaster key blob too large");
@ -146,12 +142,9 @@ static int keymaster_create_key(struct crypt_mnt_ftr *ftr)
}
/* This signs the given object using the keymaster key. */
static int keymaster_sign_object(struct crypt_mnt_ftr *ftr,
const unsigned char *object,
const size_t object_size,
unsigned char **signature,
size_t *signature_size)
{
static int keymaster_sign_object(struct crypt_mnt_ftr* ftr, const unsigned char* object,
const size_t object_size, unsigned char** signature,
size_t* signature_size) {
unsigned char to_sign[RSA_KEY_SIZE_BYTES];
size_t to_sign_size = sizeof(to_sign);
memset(to_sign, 0, RSA_KEY_SIZE_BYTES);
@ -231,8 +224,7 @@ static int password_expiry_time = 0;
static const int password_max_age_seconds = 60;
enum class RebootType { reboot, recovery, shutdown };
static void cryptfs_reboot(RebootType rt)
{
static void cryptfs_reboot(RebootType rt) {
switch (rt) {
case RebootType::reboot:
property_set(ANDROID_RB_PROPERTY, "reboot");
@ -253,8 +245,7 @@ static void cryptfs_reboot(RebootType rt)
return;
}
static void ioctl_init(struct dm_ioctl *io, size_t dataSize, const char *name, unsigned flags)
{
static void ioctl_init(struct dm_ioctl* io, size_t dataSize, const char* name, unsigned flags) {
memset(io, 0, dataSize);
io->data_size = dataSize;
io->data_start = sizeof(struct dm_ioctl);
@ -300,8 +291,7 @@ struct CryptoType {
const char* crypto_name;
uint32_t keysize;
constexpr CryptoType(const char *property, const char *crypto,
uint32_t ksize)
constexpr CryptoType(const char* property, const char* crypto, uint32_t ksize)
: property_name(property), crypto_name(crypto), keysize(ksize) {}
friend const CryptoType& get_crypto_type();
static const CryptoType& get_device_crypto_algorithm();
@ -325,13 +315,14 @@ constexpr CryptoType supported_crypto_types[] = {
// Add new CryptoTypes here. Order is not important.
};
// ---------- START COMPILE-TIME SANITY CHECK BLOCK -------------------------
// We confirm all supported_crypto_types have a small enough keysize and
// had both set_property_name() and set_crypto_name() called.
template <typename T, size_t N>
constexpr size_t array_length(T (&)[N]) { return N; }
constexpr size_t array_length(T (&)[N]) {
return N;
}
constexpr bool indexOutOfBoundsForCryptoTypes(size_t index) {
return (index >= array_length(supported_crypto_types));
@ -357,28 +348,24 @@ static_assert(validateSupportedCryptoTypes(0),
"incompletely constructed.");
// ---------- END COMPILE-TIME SANITY CHECK BLOCK -------------------------
// Don't call this directly, use get_crypto_type(), which caches this result.
const CryptoType& CryptoType::get_device_crypto_algorithm() {
constexpr char CRYPT_ALGO_PROP[] = "ro.crypto.fde_algorithm";
char paramstr[PROPERTY_VALUE_MAX];
property_get(CRYPT_ALGO_PROP, paramstr,
default_crypto_type.get_property_name());
property_get(CRYPT_ALGO_PROP, paramstr, default_crypto_type.get_property_name());
for (auto const& ctype : supported_crypto_types) {
if (strcmp(paramstr, ctype.get_property_name()) == 0) {
return ctype;
}
}
ALOGE("Invalid name (%s) for %s. Defaulting to %s\n", paramstr,
CRYPT_ALGO_PROP, default_crypto_type.get_property_name());
ALOGE("Invalid name (%s) for %s. Defaulting to %s\n", paramstr, CRYPT_ALGO_PROP,
default_crypto_type.get_property_name());
return default_crypto_type;
}
} // namespace
/**
* Gets the default device scrypt parameters for key derivation time tuning.
* The parameters should lead to about one second derivation time for the
@ -406,8 +393,7 @@ const char *cryptfs_get_crypto_name() {
return get_crypto_type().get_crypto_name();
}
static unsigned int get_fs_size(char *dev)
{
static unsigned int get_fs_size(char* dev) {
int fd, block_size;
struct ext4_super_block sb;
off64_t len;
@ -441,8 +427,7 @@ static unsigned int get_fs_size(char *dev)
return (unsigned int)(len / 512);
}
static int get_crypt_ftr_info(char **metadata_fname, off64_t *off)
{
static int get_crypt_ftr_info(char** metadata_fname, off64_t* off) {
static int cached_data = 0;
static off64_t cached_off = 0;
static char cached_metadata_fname[PROPERTY_VALUE_MAX] = "";
@ -495,8 +480,7 @@ static int get_crypt_ftr_info(char **metadata_fname, off64_t *off)
}
/* Set sha256 checksum in structure */
static void set_ftr_sha(struct crypt_mnt_ftr *crypt_ftr)
{
static void set_ftr_sha(struct crypt_mnt_ftr* crypt_ftr) {
SHA256_CTX c;
SHA256_Init(&c);
memset(crypt_ftr->sha256, 0, sizeof(crypt_ftr->sha256));
@ -507,8 +491,7 @@ static void set_ftr_sha(struct crypt_mnt_ftr *crypt_ftr)
/* key or salt can be NULL, in which case just skip writing that value. Useful to
* update the failed mount count but not change the key.
*/
static int put_crypt_ftr_and_key(struct crypt_mnt_ftr *crypt_ftr)
{
static int put_crypt_ftr_and_key(struct crypt_mnt_ftr* crypt_ftr) {
int fd;
unsigned int cnt;
/* starting_off is set to the SEEK_SET offset
@ -560,29 +543,24 @@ static int put_crypt_ftr_and_key(struct crypt_mnt_ftr *crypt_ftr)
errout:
close(fd);
return rc;
}
static bool check_ftr_sha(const struct crypt_mnt_ftr *crypt_ftr)
{
static bool check_ftr_sha(const struct crypt_mnt_ftr* crypt_ftr) {
struct crypt_mnt_ftr copy;
memcpy(&copy, crypt_ftr, sizeof(copy));
set_ftr_sha(&copy);
return memcmp(copy.sha256, crypt_ftr->sha256, sizeof(copy.sha256)) == 0;
}
static inline int unix_read(int fd, void* buff, int len)
{
static inline int unix_read(int fd, void* buff, int len) {
return TEMP_FAILURE_RETRY(read(fd, buff, len));
}
static inline int unix_write(int fd, const void* buff, int len)
{
static inline int unix_write(int fd, const void* buff, int len) {
return TEMP_FAILURE_RETRY(write(fd, buff, len));
}
static void init_empty_persist_data(struct crypt_persist_data *pdata, int len)
{
static void init_empty_persist_data(struct crypt_persist_data* pdata, int len) {
memset(pdata, 0, len);
pdata->persist_magic = PERSIST_DATA_MAGIC;
pdata->persist_valid_entries = 0;
@ -593,8 +571,7 @@ static void init_empty_persist_data(struct crypt_persist_data *pdata, int len)
* data, crypt_ftr is a pointer to the struct to be updated, and offset is the
* absolute offset to the start of the crypt_mnt_ftr on the passed in fd.
*/
static void upgrade_crypt_ftr(int fd, struct crypt_mnt_ftr *crypt_ftr, off64_t offset)
{
static void upgrade_crypt_ftr(int fd, struct crypt_mnt_ftr* crypt_ftr, off64_t offset) {
int orig_major = crypt_ftr->major_version;
int orig_minor = crypt_ftr->minor_version;
@ -657,9 +634,7 @@ static void upgrade_crypt_ftr(int fd, struct crypt_mnt_ftr *crypt_ftr, off64_t o
}
}
static int get_crypt_ftr_and_key(struct crypt_mnt_ftr *crypt_ftr)
{
static int get_crypt_ftr_and_key(struct crypt_mnt_ftr* crypt_ftr) {
int fd;
unsigned int cnt;
off64_t starting_off;
@ -714,9 +689,10 @@ static int get_crypt_ftr_and_key(struct crypt_mnt_ftr *crypt_ftr)
// AES-CBC key wrapping only works for multiples of 16 bytes.
if ((crypt_ftr->keysize == 0) || ((crypt_ftr->keysize % 16) != 0) ||
(crypt_ftr->keysize > MAX_KEY_LEN)) {
SLOGE("Invalid keysize (%u) for block device %s; Must be non-zero, "
"divisible by 16, and <= %d\n", crypt_ftr->keysize, fname,
MAX_KEY_LEN);
SLOGE(
"Invalid keysize (%u) for block device %s; Must be non-zero, "
"divisible by 16, and <= %d\n",
crypt_ftr->keysize, fname, MAX_KEY_LEN);
goto errout;
}
@ -740,8 +716,7 @@ errout:
return rc;
}
static int validate_persistent_data_storage(struct crypt_mnt_ftr *crypt_ftr)
{
static int validate_persistent_data_storage(struct crypt_mnt_ftr* crypt_ftr) {
if (crypt_ftr->persist_data_offset[0] + crypt_ftr->persist_data_size >
crypt_ftr->persist_data_offset[1]) {
SLOGE("Crypt_ftr persist data regions overlap");
@ -763,8 +738,7 @@ static int validate_persistent_data_storage(struct crypt_mnt_ftr *crypt_ftr)
return 0;
}
static int load_persistent_data(void)
{
static int load_persistent_data(void) {
struct crypt_mnt_ftr crypt_ftr;
struct crypt_persist_data* pdata = NULL;
char encrypted_state[PROPERTY_VALUE_MAX];
@ -779,7 +753,6 @@ static int load_persistent_data(void)
return 0;
}
/* If not encrypted, just allocate an empty table and initialize it */
property_get("ro.crypto.state", encrypted_state, "");
if (strcmp(encrypted_state, "encrypted")) {
@ -796,8 +769,8 @@ static int load_persistent_data(void)
return -1;
}
if ((crypt_ftr.major_version < 1)
|| (crypt_ftr.major_version == 1 && crypt_ftr.minor_version < 1)) {
if ((crypt_ftr.major_version < 1) ||
(crypt_ftr.major_version == 1 && crypt_ftr.minor_version < 1)) {
SLOGE("Crypt_ftr version doesn't support persistent data");
return -1;
}
@ -856,8 +829,7 @@ err:
return -1;
}
static int save_persistent_data(void)
{
static int save_persistent_data(void) {
struct crypt_mnt_ftr crypt_ftr;
struct crypt_persist_data* pdata;
char* fname;
@ -875,8 +847,8 @@ static int save_persistent_data(void)
return -1;
}
if ((crypt_ftr.major_version < 1)
|| (crypt_ftr.major_version == 1 && crypt_ftr.minor_version < 1)) {
if ((crypt_ftr.major_version < 1) ||
(crypt_ftr.major_version == 1 && crypt_ftr.minor_version < 1)) {
SLOGE("Crypt_ftr version doesn't support persistent data");
return -1;
}
@ -937,8 +909,7 @@ static int save_persistent_data(void)
}
fsync(fd);
memset(pdata, 0, crypt_ftr.persist_data_size);
if (unix_write(fd, pdata, crypt_ftr.persist_data_size) !=
(int) crypt_ftr.persist_data_size) {
if (unix_write(fd, pdata, crypt_ftr.persist_data_size) != (int)crypt_ftr.persist_data_size) {
SLOGE("Cannot write to erase previous persistent data");
goto err2;
}
@ -963,8 +934,8 @@ err:
/* Convert a binary key of specified length into an ascii hex string equivalent,
* without the leading 0x and with null termination
*/
static void convert_key_to_hex_ascii(const unsigned char *master_key,
unsigned int keysize, char *master_key_ascii) {
static void convert_key_to_hex_ascii(const unsigned char* master_key, unsigned int keysize,
char* master_key_ascii) {
unsigned int i, a;
unsigned char nibble;
@ -979,7 +950,6 @@ static void convert_key_to_hex_ascii(const unsigned char *master_key,
/* Add the null termination */
master_key_ascii[a] = '\0';
}
static int load_crypto_mapping_table(struct crypt_mnt_ftr* crypt_ftr,
@ -1013,10 +983,10 @@ static int load_crypto_mapping_table(struct crypt_mnt_ftr *crypt_ftr,
buff_offset = crypt_params - buffer;
SLOGI("Extra parameters for dm_crypt: %s\n", extra_params);
snprintf(crypt_params, sizeof(buffer) - buff_offset, "%s %s 0 %s 0 %s",
crypt_ftr->crypto_type_name, master_key_ascii, real_blk_name,
extra_params);
crypt_ftr->crypto_type_name, master_key_ascii, real_blk_name, extra_params);
crypt_params += strlen(crypt_params) + 1;
crypt_params = (char *) (((unsigned long)crypt_params + 7) & ~8); /* Align to an 8 byte boundary */
crypt_params =
(char*)(((unsigned long)crypt_params + 7) & ~8); /* Align to an 8 byte boundary */
tgt->next = crypt_params - buffer;
for (i = 0; i < TABLE_LOAD_RETRIES; i++) {
@ -1034,9 +1004,7 @@ static int load_crypto_mapping_table(struct crypt_mnt_ftr *crypt_ftr,
}
}
static int get_dm_crypt_version(int fd, const char *name, int *version)
{
static int get_dm_crypt_version(int fd, const char* name, int* version) {
char buffer[DM_CRYPT_BUF_SIZE];
struct dm_ioctl* io;
struct dm_target_versions* v;
@ -1148,8 +1116,7 @@ errout:
return retval;
}
static int delete_crypto_blk_dev(const char *name)
{
static int delete_crypto_blk_dev(const char* name) {
int fd;
char buffer[DM_CRYPT_BUF_SIZE];
struct dm_ioctl* io;
@ -1175,23 +1142,18 @@ errout:
close(fd); /* If fd is <0 from a failed open call, it's safe to just ignore the close error */
return retval;
}
static int pbkdf2(const char *passwd, const unsigned char *salt,
unsigned char *ikey, void *params UNUSED)
{
static int pbkdf2(const char* passwd, const unsigned char* salt, unsigned char* ikey,
void* params UNUSED) {
SLOGI("Using pbkdf2 for cryptfs KDF");
/* Turn the password into a key and IV that can decrypt the master key */
return PKCS5_PBKDF2_HMAC_SHA1(passwd, strlen(passwd), salt, SALT_LEN,
HASH_COUNT, INTERMEDIATE_BUF_SIZE,
ikey) != 1;
return PKCS5_PBKDF2_HMAC_SHA1(passwd, strlen(passwd), salt, SALT_LEN, HASH_COUNT,
INTERMEDIATE_BUF_SIZE, ikey) != 1;
}
static int scrypt(const char *passwd, const unsigned char *salt,
unsigned char *ikey, void *params)
{
static int scrypt(const char* passwd, const unsigned char* salt, unsigned char* ikey, void* params) {
SLOGI("Using scrypt for cryptfs KDF");
struct crypt_mnt_ftr* ftr = (struct crypt_mnt_ftr*)params;
@ -1201,16 +1163,14 @@ static int scrypt(const char *passwd, const unsigned char *salt,
int p = 1 << ftr->p_factor;
/* Turn the password into a key and IV that can decrypt the master key */
crypto_scrypt((const uint8_t*)passwd, strlen(passwd),
salt, SALT_LEN, N, r, p, ikey,
crypto_scrypt((const uint8_t*)passwd, strlen(passwd), salt, SALT_LEN, N, r, p, ikey,
INTERMEDIATE_BUF_SIZE);
return 0;
}
static int scrypt_keymaster(const char *passwd, const unsigned char *salt,
unsigned char *ikey, void *params)
{
static int scrypt_keymaster(const char* passwd, const unsigned char* salt, unsigned char* ikey,
void* params) {
SLOGI("Using scrypt with keymaster for cryptfs KDF");
int rc;
@ -1222,8 +1182,7 @@ static int scrypt_keymaster(const char *passwd, const unsigned char *salt,
int r = 1 << ftr->r_factor;
int p = 1 << ftr->p_factor;
rc = crypto_scrypt((const uint8_t*)passwd, strlen(passwd),
salt, SALT_LEN, N, r, p, ikey,
rc = crypto_scrypt((const uint8_t*)passwd, strlen(passwd), salt, SALT_LEN, N, r, p, ikey,
INTERMEDIATE_BUF_SIZE);
if (rc) {
@ -1231,14 +1190,13 @@ static int scrypt_keymaster(const char *passwd, const unsigned char *salt,
return -1;
}
if (keymaster_sign_object(ftr, ikey, INTERMEDIATE_BUF_SIZE,
&signature, &signature_size)) {
if (keymaster_sign_object(ftr, ikey, INTERMEDIATE_BUF_SIZE, &signature, &signature_size)) {
SLOGE("Signing failed");
return -1;
}
rc = crypto_scrypt(signature, signature_size, salt, SALT_LEN,
N, r, p, ikey, INTERMEDIATE_BUF_SIZE);
rc = crypto_scrypt(signature, signature_size, salt, SALT_LEN, N, r, p, ikey,
INTERMEDIATE_BUF_SIZE);
free(signature);
if (rc) {
@ -1251,9 +1209,7 @@ static int scrypt_keymaster(const char *passwd, const unsigned char *salt,
static int encrypt_master_key(const char* passwd, const unsigned char* salt,
const unsigned char* decrypted_master_key,
unsigned char *encrypted_master_key,
struct crypt_mnt_ftr *crypt_ftr)
{
unsigned char* encrypted_master_key, struct crypt_mnt_ftr* crypt_ftr) {
unsigned char ikey[INTERMEDIATE_BUF_SIZE] = {0};
EVP_CIPHER_CTX e_ctx;
int encrypted_len, final_len;
@ -1297,8 +1253,8 @@ static int encrypt_master_key(const char *passwd, const unsigned char *salt,
EVP_CIPHER_CTX_set_padding(&e_ctx, 0); /* Turn off padding as our data is block aligned */
/* Encrypt the master key */
if (! EVP_EncryptUpdate(&e_ctx, encrypted_master_key, &encrypted_len,
decrypted_master_key, crypt_ftr->keysize)) {
if (!EVP_EncryptUpdate(&e_ctx, encrypted_master_key, &encrypted_len, decrypted_master_key,
crypt_ftr->keysize)) {
SLOGE("EVP_EncryptUpdate failed\n");
return -1;
}
@ -1321,9 +1277,8 @@ static int encrypt_master_key(const char *passwd, const unsigned char *salt,
int r = 1 << crypt_ftr->r_factor;
int p = 1 << crypt_ftr->p_factor;
rc = crypto_scrypt(ikey, INTERMEDIATE_KEY_LEN_BYTES,
crypt_ftr->salt, sizeof(crypt_ftr->salt), N, r, p,
crypt_ftr->scrypted_intermediate_key,
rc = crypto_scrypt(ikey, INTERMEDIATE_KEY_LEN_BYTES, crypt_ftr->salt, sizeof(crypt_ftr->salt),
N, r, p, crypt_ftr->scrypted_intermediate_key,
sizeof(crypt_ftr->scrypted_intermediate_key));
if (rc) {
@ -1336,13 +1291,10 @@ static int encrypt_master_key(const char *passwd, const unsigned char *salt,
}
static int decrypt_master_key_aux(const char* passwd, unsigned char* salt,
const unsigned char *encrypted_master_key,
size_t keysize,
unsigned char *decrypted_master_key,
kdf_func kdf, void *kdf_params,
unsigned char** intermediate_key,
size_t* intermediate_key_size)
{
const unsigned char* encrypted_master_key, size_t keysize,
unsigned char* decrypted_master_key, kdf_func kdf,
void* kdf_params, unsigned char** intermediate_key,
size_t* intermediate_key_size) {
unsigned char ikey[INTERMEDIATE_BUF_SIZE] = {0};
EVP_CIPHER_CTX d_ctx;
int decrypted_len, final_len;
@ -1356,13 +1308,14 @@ static int decrypt_master_key_aux(const char *passwd, unsigned char *salt,
/* Initialize the decryption engine */
EVP_CIPHER_CTX_init(&d_ctx);
if (! EVP_DecryptInit_ex(&d_ctx, EVP_aes_128_cbc(), NULL, ikey, ikey+INTERMEDIATE_KEY_LEN_BYTES)) {
if (!EVP_DecryptInit_ex(&d_ctx, EVP_aes_128_cbc(), NULL, ikey,
ikey + INTERMEDIATE_KEY_LEN_BYTES)) {
return -1;
}
EVP_CIPHER_CTX_set_padding(&d_ctx, 0); /* Turn off padding as our data is block aligned */
/* Decrypt the master key */
if (! EVP_DecryptUpdate(&d_ctx, decrypted_master_key, &decrypted_len,
encrypted_master_key, keysize)) {
if (!EVP_DecryptUpdate(&d_ctx, decrypted_master_key, &decrypted_len, encrypted_master_key,
keysize)) {
return -1;
}
if (!EVP_DecryptFinal_ex(&d_ctx, decrypted_master_key + decrypted_len, &final_len)) {
@ -1387,8 +1340,7 @@ static int decrypt_master_key_aux(const char *passwd, unsigned char *salt,
return 0;
}
static void get_kdf_func(struct crypt_mnt_ftr *ftr, kdf_func *kdf, void** kdf_params)
{
static void get_kdf_func(struct crypt_mnt_ftr* ftr, kdf_func* kdf, void** kdf_params) {
if (ftr->kdf_type == KDF_SCRYPT_KEYMASTER) {
*kdf = scrypt_keymaster;
*kdf_params = ftr;
@ -1402,19 +1354,16 @@ static void get_kdf_func(struct crypt_mnt_ftr *ftr, kdf_func *kdf, void** kdf_pa
}
static int decrypt_master_key(const char* passwd, unsigned char* decrypted_master_key,
struct crypt_mnt_ftr *crypt_ftr,
unsigned char** intermediate_key,
size_t* intermediate_key_size)
{
struct crypt_mnt_ftr* crypt_ftr, unsigned char** intermediate_key,
size_t* intermediate_key_size) {
kdf_func kdf;
void* kdf_params;
int ret;
get_kdf_func(crypt_ftr, &kdf, &kdf_params);
ret = decrypt_master_key_aux(passwd, crypt_ftr->salt, crypt_ftr->master_key,
crypt_ftr->keysize,
decrypted_master_key, kdf, kdf_params,
intermediate_key, intermediate_key_size);
ret = decrypt_master_key_aux(passwd, crypt_ftr->salt, crypt_ftr->master_key, crypt_ftr->keysize,
decrypted_master_key, kdf, kdf_params, intermediate_key,
intermediate_key_size);
if (ret != 0) {
SLOGW("failure decrypting master key");
}
@ -1422,8 +1371,8 @@ static int decrypt_master_key(const char *passwd, unsigned char *decrypted_maste
return ret;
}
static int create_encrypted_random_key(const char *passwd, unsigned char *master_key, unsigned char *salt,
struct crypt_mnt_ftr *crypt_ftr) {
static int create_encrypted_random_key(const char* passwd, unsigned char* master_key,
unsigned char* salt, struct crypt_mnt_ftr* crypt_ftr) {
int fd;
unsigned char key_buf[MAX_KEY_LEN];
@ -1437,8 +1386,7 @@ static int create_encrypted_random_key(const char *passwd, unsigned char *master
return encrypt_master_key(passwd, salt, key_buf, master_key, crypt_ftr);
}
int wait_and_unmount(const char *mountpoint, bool kill)
{
int wait_and_unmount(const char* mountpoint, bool kill) {
int i, err, rc;
#define WAIT_UNMOUNT_COUNT 20
@ -1483,8 +1431,7 @@ int wait_and_unmount(const char *mountpoint, bool kill)
return rc;
}
static void prep_data_fs(void)
{
static void prep_data_fs(void) {
// NOTE: post_fs_data results in init calling back around to vold, so all
// callers to this method must be async
@ -1494,17 +1441,14 @@ static void prep_data_fs(void)
SLOGD("Just triggered post_fs_data");
/* Wait a max of 50 seconds, hopefully it takes much less */
while (!android::base::WaitForProperty("vold.post_fs_data_done",
"1",
std::chrono::seconds(15))) {
while (!android::base::WaitForProperty("vold.post_fs_data_done", "1", std::chrono::seconds(15))) {
/* We timed out to prep /data in time. Continue wait. */
SLOGE("waited 15s for vold.post_fs_data_done, still waiting...");
}
SLOGD("post_fs_data done");
}
static void cryptfs_set_corrupt()
{
static void cryptfs_set_corrupt() {
// Mark the footer as bad
struct crypt_mnt_ftr crypt_ftr;
if (get_crypt_ftr_and_key(&crypt_ftr)) {
@ -1519,8 +1463,7 @@ static void cryptfs_set_corrupt()
}
}
static void cryptfs_trigger_restart_min_framework()
{
static void cryptfs_trigger_restart_min_framework() {
if (fs_mgr_do_tmpfs_mount(DATA_MNT_POINT)) {
SLOGE("Failed to mount tmpfs on data - panic");
return;
@ -1538,8 +1481,7 @@ static void cryptfs_trigger_restart_min_framework()
}
/* returns < 0 on failure */
static int cryptfs_restart_internal(int restart_main)
{
static int cryptfs_restart_internal(int restart_main) {
char crypto_blkdev[MAXPATHLEN];
int rc = -1;
static int restart_successful = 0;
@ -1620,15 +1562,12 @@ static int cryptfs_restart_internal(int restart_main)
SLOGE("Failed to setexeccon");
return -1;
}
while ((mount_rc = fs_mgr_do_mount(fstab_default, DATA_MNT_POINT,
crypto_blkdev, 0))
!= 0) {
while ((mount_rc = fs_mgr_do_mount(fstab_default, DATA_MNT_POINT, crypto_blkdev, 0)) != 0) {
if (mount_rc == FS_MGR_DOMNT_BUSY) {
/* TODO: invoke something similar to
Process::killProcessWithOpenFiles(DATA_MNT_POINT,
retries > RETRY_MOUNT_ATTEMPT/2 ? 1 : 2 ) */
SLOGI("Failed to mount %s because it is busy - waiting",
crypto_blkdev);
SLOGI("Failed to mount %s because it is busy - waiting", crypto_blkdev);
if (--retries) {
sleep(RETRY_MOUNT_DELAY_SECONDS);
} else {
@ -1671,8 +1610,7 @@ static int cryptfs_restart_internal(int restart_main)
return rc;
}
int cryptfs_restart(void)
{
int cryptfs_restart(void) {
SLOGI("cryptfs_restart");
if (e4crypt_is_native()) {
SLOGE("cryptfs_restart not valid for file encryption:");
@ -1683,8 +1621,7 @@ int cryptfs_restart(void)
return cryptfs_restart_internal(1);
}
static int do_crypto_complete(const char *mount_point)
{
static int do_crypto_complete(const char* mount_point) {
struct crypt_mnt_ftr crypt_ftr;
char encrypted_state[PROPERTY_VALUE_MAX];
char key_loc[PROPERTY_VALUE_MAX];
@ -1739,9 +1676,8 @@ static int do_crypto_complete(const char *mount_point)
return CRYPTO_COMPLETE_ENCRYPTED;
}
static int test_mount_encrypted_fs(struct crypt_mnt_ftr* crypt_ftr,
const char *passwd, const char *mount_point, const char *label)
{
static int test_mount_encrypted_fs(struct crypt_mnt_ftr* crypt_ftr, const char* passwd,
const char* mount_point, const char* label) {
unsigned char decrypted_master_key[MAX_KEY_LEN];
char crypto_blkdev[MAXPATHLEN];
char real_blkdev[MAXPATHLEN];
@ -1760,8 +1696,8 @@ static int test_mount_encrypted_fs(struct crypt_mnt_ftr* crypt_ftr,
orig_failed_decrypt_count = crypt_ftr->failed_decrypt_count;
if (!(crypt_ftr->flags & CRYPT_MNT_KEY_UNENCRYPTED)) {
if (decrypt_master_key(passwd, decrypted_master_key, crypt_ftr,
&intermediate_key, &intermediate_key_size)) {
if (decrypt_master_key(passwd, decrypted_master_key, crypt_ftr, &intermediate_key,
&intermediate_key_size)) {
SLOGE("Failed to decrypt master key\n");
rc = -1;
goto errout;
@ -1772,32 +1708,29 @@ static int test_mount_encrypted_fs(struct crypt_mnt_ftr* crypt_ftr,
// Create crypto block device - all (non fatal) code paths
// need it
if (create_crypto_blk_dev(crypt_ftr, decrypted_master_key, real_blkdev, crypto_blkdev, label, 0)) {
if (create_crypto_blk_dev(crypt_ftr, decrypted_master_key, real_blkdev, crypto_blkdev, label,
0)) {
SLOGE("Error creating decrypted block device\n");
rc = -1;
goto errout;
}
/* Work out if the problem is the password or the data */
unsigned char scrypted_intermediate_key[sizeof(crypt_ftr->
scrypted_intermediate_key)];
unsigned char scrypted_intermediate_key[sizeof(crypt_ftr->scrypted_intermediate_key)];
rc = crypto_scrypt(intermediate_key, intermediate_key_size,
crypt_ftr->salt, sizeof(crypt_ftr->salt),
N, r, p, scrypted_intermediate_key,
rc = crypto_scrypt(intermediate_key, intermediate_key_size, crypt_ftr->salt,
sizeof(crypt_ftr->salt), N, r, p, scrypted_intermediate_key,
sizeof(scrypted_intermediate_key));
// Does the key match the crypto footer?
if (rc == 0 && memcmp(scrypted_intermediate_key,
crypt_ftr->scrypted_intermediate_key,
if (rc == 0 && memcmp(scrypted_intermediate_key, crypt_ftr->scrypted_intermediate_key,
sizeof(scrypted_intermediate_key)) == 0) {
SLOGI("Password matches");
rc = 0;
} else {
/* Try mounting the file system anyway, just in case the problem's with
* the footer, not the key. */
snprintf(tmp_mount_point, sizeof(tmp_mount_point), "%s/tmp_mnt",
mount_point);
snprintf(tmp_mount_point, sizeof(tmp_mount_point), "%s/tmp_mnt", mount_point);
mkdir(tmp_mount_point, 0755);
if (fs_mgr_do_mount(fstab_default, DATA_MNT_POINT, crypto_blkdev, tmp_mount_point)) {
SLOGE("Error temp mounting decrypted block device\n");
@ -1856,7 +1789,8 @@ static int test_mount_encrypted_fs(struct crypt_mnt_ftr* crypt_ftr,
// since KDFs should never fail. You *must* fix the kdf before
// proceeding!
if (rc) {
SLOGW("Upgrade failed with error %d,"
SLOGW(
"Upgrade failed with error %d,"
" but continuing with previous state",
rc);
rc = 0;
@ -1880,8 +1814,8 @@ static int test_mount_encrypted_fs(struct crypt_mnt_ftr* crypt_ftr,
*
* out_crypto_blkdev must be MAXPATHLEN.
*/
int cryptfs_setup_ext_volume(const char* label, const char* real_blkdev,
const unsigned char* key, char* out_crypto_blkdev) {
int cryptfs_setup_ext_volume(const char* label, const char* real_blkdev, const unsigned char* key,
char* out_crypto_blkdev) {
int fd = open(real_blkdev, O_RDONLY | O_CLOEXEC);
if (fd == -1) {
SLOGE("Failed to open %s: %s", real_blkdev, strerror(errno));
@ -1919,17 +1853,16 @@ int cryptfs_revert_ext_volume(const char* label) {
return delete_crypto_blk_dev((char*)label);
}
int cryptfs_crypto_complete(void)
{
int cryptfs_crypto_complete(void) {
return do_crypto_complete("/data");
}
int check_unmounted_and_get_ftr(struct crypt_mnt_ftr* crypt_ftr)
{
int check_unmounted_and_get_ftr(struct crypt_mnt_ftr* crypt_ftr) {
char encrypted_state[PROPERTY_VALUE_MAX];
property_get("ro.crypto.state", encrypted_state, "");
if (master_key_saved || strcmp(encrypted_state, "encrypted")) {
SLOGE("encrypted fs already validated or not running with encryption,"
SLOGE(
"encrypted fs already validated or not running with encryption,"
" aborting");
return -1;
}
@ -1942,8 +1875,7 @@ int check_unmounted_and_get_ftr(struct crypt_mnt_ftr* crypt_ftr)
return 0;
}
int cryptfs_check_passwd(const char *passwd)
{
int cryptfs_check_passwd(const char* passwd) {
SLOGI("cryptfs_check_passwd");
if (e4crypt_is_native()) {
SLOGE("cryptfs_check_passwd not valid for file encryption");
@ -1959,8 +1891,7 @@ int cryptfs_check_passwd(const char *passwd)
return rc;
}
rc = test_mount_encrypted_fs(&crypt_ftr, passwd,
DATA_MNT_POINT, CRYPTO_BLOCK_DEVICE);
rc = test_mount_encrypted_fs(&crypt_ftr, passwd, DATA_MNT_POINT, CRYPTO_BLOCK_DEVICE);
if (rc) {
SLOGE("Password did not match");
return rc;
@ -1972,8 +1903,8 @@ int cryptfs_check_passwd(const char *passwd)
// First, we must delete the crypto block device that
// test_mount_encrypted_fs leaves behind as a side effect
delete_crypto_blk_dev(CRYPTO_BLOCK_DEVICE);
rc = test_mount_encrypted_fs(&crypt_ftr, DEFAULT_PASSWORD,
DATA_MNT_POINT, CRYPTO_BLOCK_DEVICE);
rc = test_mount_encrypted_fs(&crypt_ftr, DEFAULT_PASSWORD, DATA_MNT_POINT,
CRYPTO_BLOCK_DEVICE);
if (rc) {
SLOGE("Default password did not match on reboot encryption");
return rc;
@ -1999,8 +1930,7 @@ int cryptfs_check_passwd(const char *passwd)
return rc;
}
int cryptfs_verify_passwd(const char *passwd)
{
int cryptfs_verify_passwd(const char* passwd) {
struct crypt_mnt_ftr crypt_ftr;
unsigned char decrypted_master_key[MAX_KEY_LEN];
char encrypted_state[PROPERTY_VALUE_MAX];
@ -2050,8 +1980,7 @@ int cryptfs_verify_passwd(const char *passwd)
* Presumably, at a minimum, the caller will update the
* filesystem size and crypto_type_name after calling this function.
*/
static int cryptfs_init_crypt_mnt_ftr(struct crypt_mnt_ftr *ftr)
{
static int cryptfs_init_crypt_mnt_ftr(struct crypt_mnt_ftr* ftr) {
off64_t off;
memset(ftr, 0, sizeof(struct crypt_mnt_ftr));
@ -2080,8 +2009,7 @@ static int cryptfs_init_crypt_mnt_ftr(struct crypt_mnt_ftr *ftr)
ftr->persist_data_size = CRYPT_PERSIST_DATA_SIZE;
if (get_crypt_ftr_info(NULL, &off) == 0) {
ftr->persist_data_offset[0] = off + CRYPT_FOOTER_TO_PERSIST_OFFSET;
ftr->persist_data_offset[1] = off + CRYPT_FOOTER_TO_PERSIST_OFFSET +
ftr->persist_data_size;
ftr->persist_data_offset[1] = off + CRYPT_FOOTER_TO_PERSIST_OFFSET + ftr->persist_data_size;
}
return 0;
@ -2089,8 +2017,7 @@ static int cryptfs_init_crypt_mnt_ftr(struct crypt_mnt_ftr *ftr)
#define FRAMEWORK_BOOT_WAIT 60
static int cryptfs_SHA256_fileblock(const char* filename, __le8* buf)
{
static int cryptfs_SHA256_fileblock(const char* filename, __le8* buf) {
int fd = open(filename, O_RDONLY | O_CLOEXEC);
if (fd == -1) {
SLOGE("Error opening file %s", filename);
@ -2224,8 +2151,7 @@ int cryptfs_enable_internal(int crypt_type, const char* passwd, int no_ui) {
if (!strcmp(key_loc, KEY_IN_FOOTER)) {
unsigned int fs_size_sec, max_fs_size_sec;
fs_size_sec = get_fs_size(real_blkdev);
if (fs_size_sec == 0)
fs_size_sec = get_f2fs_filesystem_size_sec(real_blkdev);
if (fs_size_sec == 0) fs_size_sec = get_f2fs_filesystem_size_sec(real_blkdev);
max_fs_size_sec = nr_sec - (CRYPT_FOOTER_OFFSET / CRYPT_SECTOR_SIZE);
@ -2299,8 +2225,7 @@ int cryptfs_enable_internal(int crypt_type, const char* passwd, int no_ui) {
}
if (!strcmp(key_loc, KEY_IN_FOOTER)) {
crypt_ftr.fs_size = nr_sec
- (CRYPT_FOOTER_OFFSET / CRYPT_SECTOR_SIZE);
crypt_ftr.fs_size = nr_sec - (CRYPT_FOOTER_OFFSET / CRYPT_SECTOR_SIZE);
} else {
crypt_ftr.fs_size = nr_sec;
}
@ -2314,7 +2239,8 @@ int cryptfs_enable_internal(int crypt_type, const char* passwd, int no_ui) {
crypt_ftr.flags |= CRYPT_INCONSISTENT_STATE;
}
crypt_ftr.crypt_type = crypt_type;
strlcpy((char *)crypt_ftr.crypto_type_name, cryptfs_get_crypto_name(), MAX_CRYPTO_TYPE_NAME_LEN);
strlcpy((char*)crypt_ftr.crypto_type_name, cryptfs_get_crypto_name(),
MAX_CRYPTO_TYPE_NAME_LEN);
/* Make an encrypted master key */
if (create_encrypted_random_key(onlyCreateHeader ? DEFAULT_PASSWORD : passwd,
@ -2328,8 +2254,8 @@ int cryptfs_enable_internal(int crypt_type, const char* passwd, int no_ui) {
unsigned char fake_master_key[MAX_KEY_LEN];
unsigned char encrypted_fake_master_key[MAX_KEY_LEN];
memset(fake_master_key, 0, sizeof(fake_master_key));
encrypt_master_key(passwd, crypt_ftr.salt, fake_master_key,
encrypted_fake_master_key, &crypt_ftr);
encrypt_master_key(passwd, crypt_ftr.salt, fake_master_key, encrypted_fake_master_key,
&crypt_ftr);
}
/* Write the key to the end of the partition */
@ -2377,8 +2303,8 @@ int cryptfs_enable_internal(int crypt_type, const char* passwd, int no_ui) {
__le8 hash_first_block[SHA256_DIGEST_LENGTH];
rc = cryptfs_SHA256_fileblock(crypto_blkdev, hash_first_block);
if (!rc && memcmp(hash_first_block, crypt_ftr.hash_first_block,
sizeof(hash_first_block)) != 0) {
if (!rc &&
memcmp(hash_first_block, crypt_ftr.hash_first_block, sizeof(hash_first_block)) != 0) {
SLOGE("Checksums do not match - trigger wipe");
rc = -1;
}
@ -2391,8 +2317,7 @@ int cryptfs_enable_internal(int crypt_type, const char* passwd, int no_ui) {
/* Calculate checksum if we are not finished */
if (!rc && crypt_ftr.encrypted_upto != crypt_ftr.fs_size) {
rc = cryptfs_SHA256_fileblock(crypto_blkdev,
crypt_ftr.hash_first_block);
rc = cryptfs_SHA256_fileblock(crypto_blkdev, crypt_ftr.hash_first_block);
if (rc) {
SLOGE("Error calculating checksum for continuing encryption");
rc = -1;
@ -2450,8 +2375,7 @@ int cryptfs_enable_internal(int crypt_type, const char* passwd, int no_ui) {
SLOGE("encryption failed - rebooting into recovery to wipe data\n");
std::string err;
const std::vector<std::string> options = {
"--wipe_data\n--reason=cryptfs_enable_internal\n"
};
"--wipe_data\n--reason=cryptfs_enable_internal\n"};
if (!write_bootloader_message(options, &err)) {
SLOGE("could not write bootloader message: %s", err.c_str());
}
@ -2484,7 +2408,9 @@ error_shutting_down:
* but the framework is stopped and not restarted to show the error, so it's up to
* vold to restart the system.
*/
SLOGE("Error enabling encryption after framework is shutdown, no data changed, restarting system");
SLOGE(
"Error enabling encryption after framework is shutdown, no data changed, restarting "
"system");
cryptfs_reboot(RebootType::reboot);
/* shouldn't get here */
@ -2503,8 +2429,7 @@ int cryptfs_enable_default(int no_ui) {
return cryptfs_enable_internal(CRYPT_TYPE_DEFAULT, DEFAULT_PASSWORD, no_ui);
}
int cryptfs_changepw(int crypt_type, const char *newpw)
{
int cryptfs_changepw(int crypt_type, const char* newpw) {
if (e4crypt_is_native()) {
SLOGE("cryptfs_changepw not valid for file encryption");
return -1;
@ -2532,12 +2457,8 @@ int cryptfs_changepw(int crypt_type, const char *newpw)
crypt_ftr.crypt_type = crypt_type;
rc = encrypt_master_key(crypt_type == CRYPT_TYPE_DEFAULT ? DEFAULT_PASSWORD
: newpw,
crypt_ftr.salt,
saved_master_key,
crypt_ftr.master_key,
&crypt_ftr);
rc = encrypt_master_key(crypt_type == CRYPT_TYPE_DEFAULT ? DEFAULT_PASSWORD : newpw,
crypt_ftr.salt, saved_master_key, crypt_ftr.master_key, &crypt_ftr);
if (rc) {
SLOGE("Encrypt master key failed: %d", rc);
return -1;
@ -2565,14 +2486,13 @@ static unsigned int persist_get_max_entries(int encrypted) {
dsize = CRYPT_PERSIST_DATA_SIZE;
}
max_persistent_entries = (dsize - sizeof(struct crypt_persist_data)) /
sizeof(struct crypt_persist_entry);
max_persistent_entries =
(dsize - sizeof(struct crypt_persist_data)) / sizeof(struct crypt_persist_entry);
return max_persistent_entries;
}
static int persist_get_key(const char *fieldname, char *value)
{
static int persist_get_key(const char* fieldname, char* value) {
unsigned int i;
if (persist_data == NULL) {
@ -2589,8 +2509,7 @@ static int persist_get_key(const char *fieldname, char *value)
return -1;
}
static int persist_set_key(const char *fieldname, const char *value, int encrypted)
{
static int persist_set_key(const char* fieldname, const char* value, int encrypted) {
unsigned int i;
unsigned int num;
unsigned int max_persistent_entries;
@ -2655,8 +2574,7 @@ int match_multi_entry(const char *key, const char *field, unsigned index) {
* and PERSIST_DEL_KEY_ERROR_OTHER if error occurs.
*
*/
static int persist_del_keys(const char *fieldname, unsigned index)
{
static int persist_del_keys(const char* fieldname, unsigned index) {
unsigned int i;
unsigned int j;
unsigned int num;
@ -2687,8 +2605,7 @@ static int persist_del_keys(const char *fieldname, unsigned index)
}
}
static int persist_count_keys(const char *fieldname)
{
static int persist_count_keys(const char* fieldname) {
unsigned int i;
unsigned int count;
@ -2707,8 +2624,7 @@ static int persist_count_keys(const char *fieldname)
}
/* Return the value of the specified field. */
int cryptfs_getfield(const char *fieldname, char *value, int len)
{
int cryptfs_getfield(const char* fieldname, char* value, int len) {
if (e4crypt_is_native()) {
SLOGE("Cannot get field when file encrypted");
return -1;
@ -2773,8 +2689,7 @@ out:
}
/* Set the value of the specified field. */
int cryptfs_setfield(const char *fieldname, const char *value)
{
int cryptfs_setfield(const char* fieldname, const char* value) {
if (e4crypt_is_native()) {
SLOGE("Cannot set field when file encrypted");
return -1;
@ -2867,13 +2782,13 @@ out:
* On success trigger next init phase and return 0.
* Currently do not handle failure - see TODO below.
*/
int cryptfs_mount_default_encrypted(void)
{
int cryptfs_mount_default_encrypted(void) {
int crypt_type = cryptfs_get_password_type();
if (crypt_type < 0 || crypt_type > CRYPT_TYPE_MAX_TYPE) {
SLOGE("Bad crypt type - error");
} else if (crypt_type != CRYPT_TYPE_DEFAULT) {
SLOGD("Password is not default - "
SLOGD(
"Password is not default - "
"starting min framework to prompt");
property_set("vold.decrypt", "trigger_restart_min_framework");
return 0;
@ -2894,8 +2809,7 @@ int cryptfs_mount_default_encrypted(void)
/* Returns type of the password, default, pattern, pin or password.
*/
int cryptfs_get_password_type(void)
{
int cryptfs_get_password_type(void) {
if (e4crypt_is_native()) {
SLOGE("cryptfs_get_password_type not valid for file encryption");
return -1;
@ -2915,8 +2829,7 @@ int cryptfs_get_password_type(void)
return crypt_ftr.crypt_type;
}
const char* cryptfs_get_password()
{
const char* cryptfs_get_password() {
if (e4crypt_is_native()) {
SLOGE("cryptfs_get_password not valid for file encryption");
return 0;
@ -2932,8 +2845,7 @@ const char* cryptfs_get_password()
}
}
void cryptfs_clear_password()
{
void cryptfs_clear_password() {
if (password) {
size_t len = strlen(password);
memset(password, 0, len);
@ -2943,8 +2855,7 @@ void cryptfs_clear_password()
}
}
int cryptfs_isConvertibleToFBE()
{
int cryptfs_isConvertibleToFBE() {
struct fstab_rec* rec = fs_mgr_get_entry_for_mount_point(fstab_default, DATA_MNT_POINT);
return (rec && fs_mgr_is_convertible_to_fbe(rec)) ? 1 : 0;
}

37
cryptfs.h
View file

@ -51,29 +51,36 @@
/* definitions of flags in the structure below */
#define CRYPT_MNT_KEY_UNENCRYPTED 0x1 /* The key for the partition is not encrypted. */
#define CRYPT_ENCRYPTION_IN_PROGRESS 0x2 /* Encryption partially completed,
#define CRYPT_ENCRYPTION_IN_PROGRESS \
0x2 /* Encryption partially completed, \
encrypted_upto valid*/
#define CRYPT_INCONSISTENT_STATE 0x4 /* Set when starting encryption, clear when
exit cleanly, either through success or
#define CRYPT_INCONSISTENT_STATE \
0x4 /* Set when starting encryption, clear when \
exit cleanly, either through success or \
correctly marked partial encryption */
#define CRYPT_DATA_CORRUPT 0x8 /* Set when encryption is fine, but the
#define CRYPT_DATA_CORRUPT \
0x8 /* Set when encryption is fine, but the \
underlying volume is corrupt */
#define CRYPT_FORCE_ENCRYPTION 0x10 /* Set when it is time to encrypt this
volume on boot. Everything in this
structure is set up correctly as
though device is encrypted except
that the master key is encrypted with the
#define CRYPT_FORCE_ENCRYPTION \
0x10 /* Set when it is time to encrypt this \
volume on boot. Everything in this \
structure is set up correctly as \
though device is encrypted except \
that the master key is encrypted with the \
default password. */
#define CRYPT_FORCE_COMPLETE 0x20 /* Set when the above encryption cycle is
complete. On next cryptkeeper entry, match
the password. If it matches fix the master
#define CRYPT_FORCE_COMPLETE \
0x20 /* Set when the above encryption cycle is \
complete. On next cryptkeeper entry, match \
the password. If it matches fix the master \
key and remove this flag. */
/* Allowed values for type in the structure below */
#define CRYPT_TYPE_PASSWORD 0 /* master_key is encrypted with a password
* Must be zero to be compatible with pre-L
#define CRYPT_TYPE_PASSWORD \
0 /* master_key is encrypted with a password \
* Must be zero to be compatible with pre-L \
* devices where type is always password.*/
#define CRYPT_TYPE_DEFAULT 1 /* master_key is encrypted with default
#define CRYPT_TYPE_DEFAULT \
1 /* master_key is encrypted with default \
* password */
#define CRYPT_TYPE_PATTERN 2 /* master_key is encrypted with a pattern */
#define CRYPT_TYPE_PIN 3 /* master_key is encrypted with a pin */

29
fs/Ext4.cpp
View file

@ -14,23 +14,20 @@
* limitations under the License.
*/
#include <stdio.h>
#include <stdlib.h>
#include <fcntl.h>
#include <unistd.h>
#include <errno.h>
#include <string.h>
#include <dirent.h>
#include <errno.h>
#include <fcntl.h>
#include <vector>
#include <stdio.h>
#include <stdlib.h>
#include <string.h>
#include <unistd.h>
#include <string>
#include <vector>
#include <sys/types.h>
#include <sys/stat.h>
#include <sys/types.h>
#include <sys/mman.h>
#include <sys/mount.h>
#include <sys/stat.h>
#include <sys/types.h>
#include <sys/wait.h>
#include <linux/kdev_t.h>
@ -59,9 +56,8 @@ static const char* kMkfsPath = "/system/bin/mke2fs";
static const char* kFsckPath = "/system/bin/e2fsck";
bool IsSupported() {
return access(kMkfsPath, X_OK) == 0
&& access(kFsckPath, X_OK) == 0
&& IsFilesystemSupported("ext4");
return access(kMkfsPath, X_OK) == 0 && access(kFsckPath, X_OK) == 0 &&
IsFilesystemSupported("ext4");
}
status_t Check(const std::string& source, const std::string& target) {
@ -127,8 +123,8 @@ status_t Check(const std::string& source, const std::string& target) {
return 0;
}
status_t Mount(const std::string& source, const std::string& target, bool ro,
bool remount, bool executable) {
status_t Mount(const std::string& source, const std::string& target, bool ro, bool remount,
bool executable) {
int rc;
unsigned long flags;
@ -162,8 +158,7 @@ status_t Resize(const std::string& source, unsigned long numSectors) {
return ForkExecvp(cmd);
}
status_t Format(const std::string& source, unsigned long numSectors,
const std::string& target) {
status_t Format(const std::string& source, unsigned long numSectors, const std::string& target) {
std::vector<std::string> cmd;
cmd.push_back(kMkfsPath);

7
fs/Ext4.h
View file

@ -28,10 +28,9 @@ namespace ext4 {
bool IsSupported();
status_t Check(const std::string& source, const std::string& target);
status_t Mount(const std::string& source, const std::string& target, bool ro,
bool remount, bool executable);
status_t Format(const std::string& source, unsigned long numSectors,
const std::string& target);
status_t Mount(const std::string& source, const std::string& target, bool ro, bool remount,
bool executable);
status_t Format(const std::string& source, unsigned long numSectors, const std::string& target);
status_t Resize(const std::string& source, unsigned long numSectors);
} // namespace ext4

7
fs/F2fs.cpp
View file

@ -22,8 +22,8 @@
#include <android-base/stringprintf.h>
#include <ext4_utils/ext4_crypt.h>
#include <vector>
#include <string>
#include <vector>
#include <sys/mount.h>
@ -37,9 +37,8 @@ static const char* kMkfsPath = "/system/bin/make_f2fs";
static const char* kFsckPath = "/system/bin/fsck.f2fs";
bool IsSupported() {
return access(kMkfsPath, X_OK) == 0
&& access(kFsckPath, X_OK) == 0
&& IsFilesystemSupported("f2fs");
return access(kMkfsPath, X_OK) == 0 && access(kFsckPath, X_OK) == 0 &&
IsFilesystemSupported("f2fs");
}
status_t Check(const std::string& source) {

37
fs/Vfat.cpp
View file

@ -14,24 +14,21 @@
* limitations under the License.
*/
#include <stdio.h>
#include <stdlib.h>
#include <fcntl.h>
#include <unistd.h>
#include <errno.h>
#include <string.h>
#include <dirent.h>
#include <errno.h>
#include <fcntl.h>
#include <stdio.h>
#include <stdlib.h>
#include <string.h>
#include <unistd.h>
#include <sys/types.h>
#include <sys/stat.h>
#include <sys/types.h>
#include <sys/mman.h>
#include <sys/mount.h>
#include <sys/wait.h>
#include <linux/fs.h>
#include <sys/ioctl.h>
#include <sys/mman.h>
#include <sys/mount.h>
#include <sys/stat.h>
#include <sys/types.h>
#include <sys/wait.h>
#include <linux/kdev_t.h>
@ -41,8 +38,8 @@
#include <logwrap/logwrap.h>
#include "Vfat.h"
#include "Utils.h"
#include "Vfat.h"
#include "VoldUtil.h"
using android::base::StringPrintf;
@ -55,9 +52,8 @@ static const char* kMkfsPath = "/system/bin/newfs_msdos";
static const char* kFsckPath = "/system/bin/fsck_msdos";
bool IsSupported() {
return access(kMkfsPath, X_OK) == 0
&& access(kFsckPath, X_OK) == 0
&& IsFilesystemSupported("vfat");
return access(kMkfsPath, X_OK) == 0 && access(kFsckPath, X_OK) == 0 &&
IsFilesystemSupported("vfat");
}
status_t Check(const std::string& source) {
@ -113,9 +109,8 @@ status_t Check(const std::string& source) {
return 0;
}
status_t Mount(const std::string& source, const std::string& target, bool ro,
bool remount, bool executable, int ownerUid, int ownerGid, int permMask,
bool createLost) {
status_t Mount(const std::string& source, const std::string& target, bool ro, bool remount,
bool executable, int ownerUid, int ownerGid, int permMask, bool createLost) {
int rc;
unsigned long flags;
@ -128,8 +123,8 @@ status_t Mount(const std::string& source, const std::string& target, bool ro,
flags |= (ro ? MS_RDONLY : 0);
flags |= (remount ? MS_REMOUNT : 0);
auto mountData = android::base::StringPrintf(
"utf8,uid=%d,gid=%d,fmask=%o,dmask=%o,shortname=mixed",
auto mountData =
android::base::StringPrintf("utf8,uid=%d,gid=%d,fmask=%o,dmask=%o,shortname=mixed",
ownerUid, ownerGid, permMask, permMask);
rc = mount(c_source, c_target, "vfat", flags, mountData.c_str());

5
fs/Vfat.h
View file

@ -28,9 +28,8 @@ namespace vfat {
bool IsSupported();
status_t Check(const std::string& source);
status_t Mount(const std::string& source, const std::string& target, bool ro,
bool remount, bool executable, int ownerUid, int ownerGid, int permMask,
bool createLost);
status_t Mount(const std::string& source, const std::string& target, bool ro, bool remount,
bool executable, int ownerUid, int ownerGid, int permMask, bool createLost);
status_t Format(const std::string& source, unsigned long numSectors);
} // namespace vfat

4
hash.h
View file

@ -58,9 +58,7 @@
#define CRAYFIX(X) (X)
#endif
static inline u_int32_t
cshift (u_int32_t x, unsigned int n)
{
static inline u_int32_t cshift(u_int32_t x, unsigned int n) {
x = CRAYFIX(x);
return CRAYFIX((x << n) | (x >> (32 - n)));
}

30
main.cpp
View file

@ -16,12 +16,12 @@
#define ATRACE_TAG ATRACE_TAG_PACKAGE_MANAGER
#include "model/Disk.h"
#include "VolumeManager.h"
#include "NetlinkManager.h"
#include "VoldNativeService.h"
#include "VoldUtil.h"
#include "VolumeManager.h"
#include "cryptfs.h"
#include "model/Disk.h"
#include "sehandle.h"
#include <android-base/logging.h>
@ -31,16 +31,16 @@
#include <hidl/HidlTransportSupport.h>
#include <utils/Trace.h>
#include <dirent.h>
#include <errno.h>
#include <fcntl.h>
#include <fs_mgr.h>
#include <getopt.h>
#include <stdio.h>
#include <stdlib.h>
#include <errno.h>
#include <string.h>
#include <sys/stat.h>
#include <sys/types.h>
#include <getopt.h>
#include <fcntl.h>
#include <dirent.h>
#include <fs_mgr.h>
static int process_config(VolumeManager* vm, bool* has_adoptable, bool* has_quota,
bool* has_reserved);
@ -60,7 +60,6 @@ int main(int argc, char** argv) {
ATRACE_BEGIN("main");
LOG(VERBOSE) << "Detected support for:"
<< (android::vold::IsFilesystemSupported("ext4") ? " ext4" : "")
<< (android::vold::IsFilesystemSupported("f2fs") ? " f2fs" : "")
@ -157,10 +156,12 @@ static void parse_args(int argc, char** argv) {
int c;
while ((c = getopt_long(argc, argv, "", opts, nullptr)) != -1) {
switch (c) {
// clang-format off
case 'b': android::vold::sBlkidContext = optarg; break;
case 'B': android::vold::sBlkidUntrustedContext = optarg; break;
case 'f': android::vold::sFsckContext = optarg; break;
case 'F': android::vold::sFsckUntrustedContext = optarg; break;
// clang-format on
}
}
@ -185,15 +186,12 @@ static void do_coldboot(DIR *d, int lvl) {
while ((de = readdir(d))) {
DIR* d2;
if (de->d_name[0] == '.')
continue;
if (de->d_name[0] == '.') continue;
if (de->d_type != DT_DIR && lvl > 0)
continue;
if (de->d_type != DT_DIR && lvl > 0) continue;
fd = openat(dfd, de->d_name, O_RDONLY | O_DIRECTORY | O_CLOEXEC);
if(fd < 0)
continue;
if (fd < 0) continue;
d2 = fdopendir(fd);
if (d2 == 0)
@ -251,8 +249,8 @@ static int process_config(VolumeManager* vm, bool* has_adoptable, bool* has_quot
flags |= android::vold::Disk::Flags::kAdoptable;
*has_adoptable = true;
}
if (fs_mgr_is_noemulatedsd(rec)
|| android::base::GetBoolProperty("vold.debug.default_primary", false)) {
if (fs_mgr_is_noemulatedsd(rec) ||
android::base::GetBoolProperty("vold.debug.default_primary", false)) {
flags |= android::vold::Disk::Flags::kDefaultPrimary;
}

63
model/Disk.cpp
View file

@ -15,36 +15,36 @@
*/
#include "Disk.h"
#include "PublicVolume.h"
#include "Ext4Crypt.h"
#include "PrivateVolume.h"
#include "PublicVolume.h"
#include "Utils.h"
#include "VolumeBase.h"
#include "VolumeManager.h"
#include "Ext4Crypt.h"
#include <android-base/file.h>
#include <android-base/logging.h>
#include <android-base/parseint.h>
#include <android-base/properties.h>
#include <android-base/stringprintf.h>
#include <android-base/strings.h>
#include <android-base/parseint.h>
#include <ext4_utils/ext4_crypt.h>
#include "cryptfs.h"
#include <vector>
#include <fcntl.h>
#include <inttypes.h>
#include <stdio.h>
#include <stdlib.h>
#include <sys/types.h>
#include <sys/mount.h>
#include <sys/stat.h>
#include <sys/sysmacros.h>
#include <sys/mount.h>
#include <sys/types.h>
#include <vector>
using android::base::ReadFileToString;
using android::base::WriteStringToFile;
using android::base::StringPrintf;
using android::base::WriteStringToFile;
namespace android {
namespace vold {
@ -112,20 +112,22 @@ static bool isVirtioBlkDevice(unsigned int major) {
* "ranchu", the device's sysfs path should end with "/block/vd[d-z]", etc.
* But just having a) and b) is enough for now.
*/
return IsRunningInEmulator() && major >= kMajorBlockExperimentalMin
&& major <= kMajorBlockExperimentalMax;
return IsRunningInEmulator() && major >= kMajorBlockExperimentalMin &&
major <= kMajorBlockExperimentalMax;
}
static bool isNvmeBlkDevice(unsigned int major, const std::string& sysPath) {
return sysPath.find("nvme") != std::string::npos
&& major >= kMajorBlockDynamicMin
&& major <= kMajorBlockDynamicMax;
return sysPath.find("nvme") != std::string::npos && major >= kMajorBlockDynamicMin &&
major <= kMajorBlockDynamicMax;
}
Disk::Disk(const std::string& eventPath, dev_t device,
const std::string& nickname, int flags) :
mDevice(device), mSize(-1), mNickname(nickname), mFlags(flags), mCreated(
false), mJustPartitioned(false) {
Disk::Disk(const std::string& eventPath, dev_t device, const std::string& nickname, int flags)
: mDevice(device),
mSize(-1),
mNickname(nickname),
mFlags(flags),
mCreated(false),
mJustPartitioned(false) {
mId = StringPrintf("disk:%u,%u", major(device), minor(device));
mEventPath = eventPath;
mSysPath = StringPrintf("/sys/%s", eventPath.c_str());
@ -255,10 +257,14 @@ status_t Disk::readMetadata() {
mLabel = "Virtual";
break;
}
case kMajorBlockScsiA: case kMajorBlockScsiB: case kMajorBlockScsiC: case kMajorBlockScsiD:
case kMajorBlockScsiE: case kMajorBlockScsiF: case kMajorBlockScsiG: case kMajorBlockScsiH:
case kMajorBlockScsiI: case kMajorBlockScsiJ: case kMajorBlockScsiK: case kMajorBlockScsiL:
case kMajorBlockScsiM: case kMajorBlockScsiN: case kMajorBlockScsiO: case kMajorBlockScsiP: {
// clang-format off
case kMajorBlockScsiA: case kMajorBlockScsiB: case kMajorBlockScsiC:
case kMajorBlockScsiD: case kMajorBlockScsiE: case kMajorBlockScsiF:
case kMajorBlockScsiG: case kMajorBlockScsiH: case kMajorBlockScsiI:
case kMajorBlockScsiJ: case kMajorBlockScsiK: case kMajorBlockScsiL:
case kMajorBlockScsiM: case kMajorBlockScsiN: case kMajorBlockScsiO:
case kMajorBlockScsiP: {
// clang-format on
std::string path(mSysPath + "/device/vendor");
std::string tmp;
if (!ReadFileToString(path, &tmp)) {
@ -286,10 +292,12 @@ status_t Disk::readMetadata() {
// matching whatever is silk-screened on the card. To reduce
// user confusion, this list doesn't contain white-label manfid.
switch (manfid) {
// clang-format off
case 0x000003: mLabel = "SanDisk"; break;
case 0x00001b: mLabel = "Samsung"; break;
case 0x000028: mLabel = "Lexar"; break;
case 0x000074: mLabel = "Transcend"; break;
// clang-format on
}
break;
}
@ -316,8 +324,7 @@ status_t Disk::readMetadata() {
}
auto listener = VolumeManager::Instance()->getListener();
if (listener) listener->onDiskMetadataChanged(getId(),
mSize, mLabel, mSysPath);
if (listener) listener->onDiskMetadataChanged(getId(), mSize, mLabel, mSysPath);
return OK;
}
@ -571,10 +578,14 @@ int Disk::getMaxMinors() {
}
return std::stoi(tmp);
}
case kMajorBlockScsiA: case kMajorBlockScsiB: case kMajorBlockScsiC: case kMajorBlockScsiD:
case kMajorBlockScsiE: case kMajorBlockScsiF: case kMajorBlockScsiG: case kMajorBlockScsiH:
case kMajorBlockScsiI: case kMajorBlockScsiJ: case kMajorBlockScsiK: case kMajorBlockScsiL:
case kMajorBlockScsiM: case kMajorBlockScsiN: case kMajorBlockScsiO: case kMajorBlockScsiP: {
// clang-format off
case kMajorBlockScsiA: case kMajorBlockScsiB: case kMajorBlockScsiC:
case kMajorBlockScsiD: case kMajorBlockScsiE: case kMajorBlockScsiF:
case kMajorBlockScsiG: case kMajorBlockScsiH: case kMajorBlockScsiI:
case kMajorBlockScsiJ: case kMajorBlockScsiK: case kMajorBlockScsiL:
case kMajorBlockScsiM: case kMajorBlockScsiN: case kMajorBlockScsiO:
case kMajorBlockScsiP: {
// clang-format on
// Per Documentation/devices.txt this is static
return 15;
}

22
model/ObbVolume.cpp
View file

@ -14,12 +14,12 @@
* limitations under the License.
*/
#include "fs/Vfat.h"
#include "ObbVolume.h"
#include "Devmapper.h"
#include "Loop.h"
#include "ObbVolume.h"
#include "Utils.h"
#include "VoldUtil.h"
#include "fs/Vfat.h"
#include <android-base/logging.h>
#include <android-base/stringprintf.h>
@ -31,8 +31,8 @@
#include <stdlib.h>
#include <sys/mount.h>
#include <sys/stat.h>
#include <sys/types.h>
#include <sys/sysmacros.h>
#include <sys/types.h>
#include <sys/wait.h>
using android::base::StringPrintf;
@ -42,15 +42,15 @@ namespace android {
namespace vold {
ObbVolume::ObbVolume(int id, const std::string& sourcePath, const std::string& sourceKey,
gid_t ownerGid) : VolumeBase(Type::kObb) {
gid_t ownerGid)
: VolumeBase(Type::kObb) {
setId(StringPrintf("obb:%d", id));
mSourcePath = sourcePath;
mSourceKey = sourceKey;
mOwnerGid = ownerGid;
}
ObbVolume::~ObbVolume() {
}
ObbVolume::~ObbVolume() {}
status_t ObbVolume::doCreate() {
if (Loop::create(mSourcePath, mLoopPath)) {
@ -75,8 +75,8 @@ status_t ObbVolume::doCreate() {
}
char tmp[PATH_MAX];
if (Devmapper::create(getId().c_str(), mLoopPath.c_str(), mSourceKey.c_str(), nr_sec,
tmp, PATH_MAX)) {
if (Devmapper::create(getId().c_str(), mLoopPath.c_str(), mSourceKey.c_str(), nr_sec, tmp,
PATH_MAX)) {
PLOG(ERROR) << getId() << " failed to create dm";
return -1;
}
@ -108,8 +108,10 @@ status_t ObbVolume::doMount() {
PLOG(ERROR) << getId() << " failed to create mount point";
return -1;
}
if (android::vold::vfat::Mount(mMountPath, path,
true, false, true, 0, mOwnerGid, 0227, false)) {
// clang-format off
if (android::vold::vfat::Mount(mMountPath, path, true, false, true,
0, mOwnerGid, 0227, false)) {
// clang-format on
PLOG(ERROR) << getId() << " failed to mount";
return -1;
}

3
model/ObbVolume.h
View file

@ -29,8 +29,7 @@ namespace vold {
*/
class ObbVolume : public VolumeBase {
public:
ObbVolume(int id, const std::string& sourcePath, const std::string& sourceKey,
gid_t ownerGid);
ObbVolume(int id, const std::string& sourcePath, const std::string& sourceKey, gid_t ownerGid);
virtual ~ObbVolume();
protected:

31
model/PrivateVolume.cpp
View file

@ -14,27 +14,27 @@
* limitations under the License.
*/
#include "fs/Ext4.h"
#include "fs/F2fs.h"
#include "PrivateVolume.h"
#include "EmulatedVolume.h"
#include "Utils.h"
#include "VolumeManager.h"
#include "cryptfs.h"
#include "fs/Ext4.h"
#include "fs/F2fs.h"
#include <android-base/stringprintf.h>
#include <android-base/logging.h>
#include <android-base/stringprintf.h>
#include <cutils/fs.h>
#include <private/android_filesystem_config.h>
#include <fcntl.h>
#include <stdlib.h>
#include <sys/mount.h>
#include <sys/stat.h>
#include <sys/types.h>
#include <sys/sysmacros.h>
#include <sys/wait.h>
#include <sys/param.h>
#include <sys/stat.h>
#include <sys/sysmacros.h>
#include <sys/types.h>
#include <sys/wait.h>
using android::base::StringPrintf;
@ -43,14 +43,13 @@ namespace vold {
static const unsigned int kMajorBlockMmc = 179;
PrivateVolume::PrivateVolume(dev_t device, const std::string& keyRaw) :
VolumeBase(Type::kPrivate), mRawDevice(device), mKeyRaw(keyRaw) {
PrivateVolume::PrivateVolume(dev_t device, const std::string& keyRaw)
: VolumeBase(Type::kPrivate), mRawDevice(device), mKeyRaw(keyRaw) {
setId(StringPrintf("private:%u,%u", major(device), minor(device)));
mRawDevPath = StringPrintf("/dev/block/vold/%s", getId().c_str());
}
PrivateVolume::~PrivateVolume() {
}
PrivateVolume::~PrivateVolume() {}
status_t PrivateVolume::readMetadata() {
status_t res = ReadMetadata(mDmDevPath, &mFsType, &mFsUuid, &mFsLabel);
@ -66,8 +65,8 @@ status_t PrivateVolume::doCreate() {
return -EIO;
}
if (mKeyRaw.size() != cryptfs_get_keysize()) {
PLOG(ERROR) << getId() << " Raw keysize " << mKeyRaw.size() <<
" does not match crypt keysize " << cryptfs_get_keysize();
PLOG(ERROR) << getId() << " Raw keysize " << mKeyRaw.size()
<< " does not match crypt keysize " << cryptfs_get_keysize();
return -EIO;
}
@ -78,8 +77,7 @@ status_t PrivateVolume::doCreate() {
unsigned char* key = (unsigned char*)mKeyRaw.data();
char crypto_blkdev[MAXPATHLEN];
int res = cryptfs_setup_ext_volume(getId().c_str(), mRawDevPath.c_str(),
key, crypto_blkdev);
int res = cryptfs_setup_ext_volume(getId().c_str(), mRawDevPath.c_str(), key, crypto_blkdev);
mDmDevPath = crypto_blkdev;
if (res != 0) {
PLOG(ERROR) << getId() << " failed to setup cryptfs";
@ -160,8 +158,7 @@ status_t PrivateVolume::doMount() {
// Create a new emulated volume stacked above us, it will automatically
// be destroyed during unmount
std::string mediaPath(mPath + "/media");
auto vol = std::shared_ptr<VolumeBase>(
new EmulatedVolume(mediaPath, mRawDevice, mFsUuid));
auto vol = std::shared_ptr<VolumeBase>(new EmulatedVolume(mediaPath, mRawDevice, mFsUuid));
addVolume(vol);
vol->create();

23
secdiscard.cpp
View file

@ -18,15 +18,15 @@
#include <string>
#include <vector>
#include <errno.h>
#include <fcntl.h>
#include <linux/fiemap.h>
#include <linux/fs.h>
#include <mntent.h>
#include <stdio.h>
#include <stdlib.h>
#include <errno.h>
#include <sys/types.h>
#include <sys/stat.h>
#include <fcntl.h>
#include <linux/fs.h>
#include <linux/fiemap.h>
#include <mntent.h>
#include <sys/types.h>
#include <android-base/logging.h>
#include <android-base/unique_fd.h>
@ -48,7 +48,7 @@ bool secdiscard_path(const std::string &path);
bool check_fiemap(const struct fiemap& fiemap, const std::string& path);
bool overwrite_with_zeros(int fd, off64_t start, off64_t length);
}
} // namespace
int main(int argc, const char* const argv[]) {
android::base::InitLogging(const_cast<char**>(argv));
@ -75,8 +75,7 @@ int main(int argc, const char * const argv[]) {
#define F2FS_IOC_SET_PIN_FILE _IOW(F2FS_IOCTL_MAGIC, 13, __u32)
#define F2FS_IOC_GET_PIN_FILE _IOR(F2FS_IOCTL_MAGIC, 14, __u32)
#endif
android::base::unique_fd fd(TEMP_FAILURE_RETRY(open(
target.c_str(), O_WRONLY, 0)));
android::base::unique_fd fd(TEMP_FAILURE_RETRY(open(target.c_str(), O_WRONLY, 0)));
if (fd == -1) {
LOG(ERROR) << "Secure discard open failed for: " << target;
return 0;
@ -133,8 +132,8 @@ bool secdiscard_path(const std::string &path) {
if (block_device.empty()) {
return false;
}
android::base::unique_fd fs_fd(TEMP_FAILURE_RETRY(open(
block_device.c_str(), O_RDWR | O_LARGEFILE | O_CLOEXEC, 0)));
android::base::unique_fd fs_fd(
TEMP_FAILURE_RETRY(open(block_device.c_str(), O_RDWR | O_LARGEFILE | O_CLOEXEC, 0)));
if (fs_fd == -1) {
PLOG(ERROR) << "Failed to open device " << block_device;
return false;
@ -188,4 +187,4 @@ bool overwrite_with_zeros(int fd, off64_t start, off64_t length) {
return true;
}
}
} // namespace

5
secontext.cpp
View file

@ -13,10 +13,9 @@
* See the License for the specific language governing permissions and
* limitations under the License.
*/
#include <Utils.h>
#include "secontext.h"
#include <Utils.h>
security_context_t secontextFsck()
{
security_context_t secontextFsck() {
return android::vold::sFsckContext;
}

100
tests/CryptfsScryptHidlizationEquivalence_test.cpp
View file

@ -18,13 +18,13 @@
#define LOG_TAG "scrypt_test"
#include <log/log.h>
#include <gtest/gtest.h>
#include <hardware/keymaster0.h>
#include <hardware/keymaster1.h>
#include <cstring>
#include <gtest/gtest.h>
#include "../cryptfs.h"
#include "../Keymaster.h"
#include "../cryptfs.h"
#ifdef CONFIG_HW_DISK_ENCRYPTION
#include "cryptfs_hw.h"
@ -51,8 +51,7 @@
#define KEYMASTER_CRYPTFS_RATE_LIMIT 1 // Maximum one try per second
static int keymaster_init(keymaster0_device_t** keymaster0_dev,
keymaster1_device_t **keymaster1_dev)
{
keymaster1_device_t** keymaster1_dev) {
int rc;
const hw_module_t* mod;
@ -76,8 +75,8 @@ static int keymaster_init(keymaster0_device_t **keymaster0_dev,
}
if (rc) {
ALOGE("could not open keymaster device in %s (%s)",
KEYSTORE_HARDWARE_MODULE_ID, strerror(-rc));
ALOGE("could not open keymaster device in %s (%s)", KEYSTORE_HARDWARE_MODULE_ID,
strerror(-rc));
goto err;
}
@ -90,8 +89,7 @@ err:
}
/* Should we use keymaster? */
static int keymaster_check_compatibility_old()
{
static int keymaster_check_compatibility_old() {
keymaster0_device_t* keymaster0_dev = 0;
keymaster1_device_t* keymaster1_dev = 0;
int rc = 0;
@ -114,8 +112,7 @@ static int keymaster_check_compatibility_old()
// TODO(swillden): Check to see if there's any reason to require v0.3. I think v0.1 and v0.2
// should work.
if (keymaster0_dev->common.module->module_api_version
< KEYMASTER_MODULE_API_VERSION_0_3) {
if (keymaster0_dev->common.module->module_api_version < KEYMASTER_MODULE_API_VERSION_0_3) {
rc = 0;
goto out;
}
@ -136,8 +133,7 @@ out:
}
/* Create a new keymaster key and store it in this footer */
static int keymaster_create_key_old(struct crypt_mnt_ftr *ftr)
{
static int keymaster_create_key_old(struct crypt_mnt_ftr* ftr) {
uint8_t* key = 0;
keymaster0_device_t* keymaster0_dev = 0;
keymaster1_device_t* keymaster1_dev = 0;
@ -179,9 +175,8 @@ static int keymaster_create_key_old(struct crypt_mnt_ftr *ftr)
};
keymaster_key_param_set_t param_set = {params, sizeof(params) / sizeof(*params)};
keymaster_key_blob_t key_blob;
keymaster_error_t error = keymaster1_dev->generate_key(keymaster1_dev, &param_set,
&key_blob,
NULL /* characteristics */);
keymaster_error_t error = keymaster1_dev->generate_key(
keymaster1_dev, &param_set, &key_blob, NULL /* characteristics */);
if (error != KM_ERROR_OK) {
SLOGE("Failed to generate keymaster1 key, error %d", error);
rc = -1;
@ -190,15 +185,13 @@ static int keymaster_create_key_old(struct crypt_mnt_ftr *ftr)
key = (uint8_t*)key_blob.key_material;
key_size = key_blob.key_material_size;
}
else if (keymaster0_dev) {
} else if (keymaster0_dev) {
keymaster_rsa_keygen_params_t params;
memset(&params, '\0', sizeof(params));
params.public_exponent = RSA_EXPONENT;
params.modulus_size = RSA_KEY_SIZE;
if (keymaster0_dev->generate_keypair(keymaster0_dev, TYPE_RSA, &params,
&key, &key_size)) {
if (keymaster0_dev->generate_keypair(keymaster0_dev, TYPE_RSA, &params, &key, &key_size)) {
SLOGE("Failed to generate keypair");
rc = -1;
goto out;
@ -219,21 +212,16 @@ static int keymaster_create_key_old(struct crypt_mnt_ftr *ftr)
ftr->keymaster_blob_size = key_size;
out:
if (keymaster0_dev)
keymaster0_close(keymaster0_dev);
if (keymaster1_dev)
keymaster1_close(keymaster1_dev);
if (keymaster0_dev) keymaster0_close(keymaster0_dev);
if (keymaster1_dev) keymaster1_close(keymaster1_dev);
free(key);
return rc;
}
/* This signs the given object using the keymaster key. */
static int keymaster_sign_object_old(struct crypt_mnt_ftr *ftr,
const unsigned char *object,
const size_t object_size,
unsigned char **signature,
size_t *signature_size)
{
static int keymaster_sign_object_old(struct crypt_mnt_ftr* ftr, const unsigned char* object,
const size_t object_size, unsigned char** signature,
size_t* signature_size) {
int rc = 0;
keymaster0_device_t* keymaster0_dev = 0;
keymaster1_device_t* keymaster1_dev = 0;
@ -284,13 +272,8 @@ static int keymaster_sign_object_old(struct crypt_mnt_ftr *ftr,
params.digest_type = DIGEST_NONE;
params.padding_type = PADDING_NONE;
rc = keymaster0_dev->sign_data(keymaster0_dev,
&params,
ftr->keymaster_blob,
ftr->keymaster_blob_size,
to_sign,
to_sign_size,
signature,
rc = keymaster0_dev->sign_data(keymaster0_dev, &params, ftr->keymaster_blob,
ftr->keymaster_blob_size, to_sign, to_sign_size, signature,
signature_size);
goto out;
} else if (keymaster1_dev) {
@ -301,15 +284,13 @@ static int keymaster_sign_object_old(struct crypt_mnt_ftr *ftr,
};
keymaster_key_param_set_t param_set = {params, sizeof(params) / sizeof(*params)};
keymaster_operation_handle_t op_handle;
keymaster_error_t error = keymaster1_dev->begin(keymaster1_dev, KM_PURPOSE_SIGN, &key,
&param_set, NULL /* out_params */,
&op_handle);
keymaster_error_t error = keymaster1_dev->begin(
keymaster1_dev, KM_PURPOSE_SIGN, &key, &param_set, NULL /* out_params */, &op_handle);
if (error == KM_ERROR_KEY_RATE_LIMIT_EXCEEDED) {
// Key usage has been rate-limited. Wait a bit and try again.
sleep(KEYMASTER_CRYPTFS_RATE_LIMIT);
error = keymaster1_dev->begin(keymaster1_dev, KM_PURPOSE_SIGN, &key,
&param_set, NULL /* out_params */,
&op_handle);
error = keymaster1_dev->begin(keymaster1_dev, KM_PURPOSE_SIGN, &key, &param_set,
NULL /* out_params */, &op_handle);
}
if (error != KM_ERROR_OK) {
SLOGE("Error starting keymaster signature transaction: %d", error);
@ -319,9 +300,8 @@ static int keymaster_sign_object_old(struct crypt_mnt_ftr *ftr,
keymaster_blob_t input = {to_sign, to_sign_size};
size_t input_consumed;
error = keymaster1_dev->update(keymaster1_dev, op_handle, NULL /* in_params */,
&input, &input_consumed, NULL /* out_params */,
NULL /* output */);
error = keymaster1_dev->update(keymaster1_dev, op_handle, NULL /* in_params */, &input,
&input_consumed, NULL /* out_params */, NULL /* output */);
if (error != KM_ERROR_OK) {
SLOGE("Error sending data to keymaster signature transaction: %d", error);
rc = -1;
@ -337,8 +317,7 @@ static int keymaster_sign_object_old(struct crypt_mnt_ftr *ftr,
keymaster_blob_t tmp_sig;
error = keymaster1_dev->finish(keymaster1_dev, op_handle, NULL /* in_params */,
NULL /* verify signature */, NULL /* out_params */,
&tmp_sig);
NULL /* verify signature */, NULL /* out_params */, &tmp_sig);
if (error != KM_ERROR_OK) {
SLOGE("Error finishing keymaster signature transaction: %d", error);
rc = -1;
@ -354,18 +333,14 @@ static int keymaster_sign_object_old(struct crypt_mnt_ftr *ftr,
}
out:
if (keymaster1_dev)
keymaster1_close(keymaster1_dev);
if (keymaster0_dev)
keymaster0_close(keymaster0_dev);
if (keymaster1_dev) keymaster1_close(keymaster1_dev);
if (keymaster0_dev) keymaster0_close(keymaster0_dev);
return rc;
}
/* Should we use keymaster? */
static int keymaster_check_compatibility_new()
{
static int keymaster_check_compatibility_new() {
return keymaster_compatibility_cryptfs_scrypt();
}
@ -394,12 +369,9 @@ static int keymaster_create_key_new(struct crypt_mnt_ftr *ftr)
#endif
/* This signs the given object using the keymaster key. */
static int keymaster_sign_object_new(struct crypt_mnt_ftr *ftr,
const unsigned char *object,
const size_t object_size,
unsigned char **signature,
size_t *signature_size)
{
static int keymaster_sign_object_new(struct crypt_mnt_ftr* ftr, const unsigned char* object,
const size_t object_size, unsigned char** signature,
size_t* signature_size) {
unsigned char to_sign[RSA_KEY_SIZE_BYTES];
size_t to_sign_size = sizeof(to_sign);
memset(to_sign, 0, RSA_KEY_SIZE_BYTES);
@ -444,11 +416,9 @@ namespace android {
class CryptFsTest : public testing::Test {
protected:
virtual void SetUp() {
}
virtual void SetUp() {}
virtual void TearDown() {
}
virtual void TearDown() {}
};
TEST_F(CryptFsTest, ScryptHidlizationEquivalenceTest) {
@ -477,4 +447,4 @@ TEST_F(CryptFsTest, ScryptHidlizationEquivalenceTest) {
free(sig2);
}
}
} // namespace android

7
tests/Utils_test.cpp
View file

@ -21,8 +21,7 @@
namespace android {
namespace vold {
class UtilsTest : public testing::Test {
};
class UtilsTest : public testing::Test {};
TEST_F(UtilsTest, FindValueTest) {
std::string tmp;
@ -40,5 +39,5 @@ TEST_F(UtilsTest, FindValueTest) {
ASSERT_EQ("BAZ", tmp);
}
}
}
} // namespace vold
} // namespace android

8
tests/cryptfs_test.cpp
View file

@ -22,11 +22,9 @@ namespace android {
class CryptfsTest : public testing::Test {
protected:
virtual void SetUp() {
}
virtual void SetUp() {}
virtual void TearDown() {
}
virtual void TearDown() {}
};
TEST_F(CryptfsTest, MatchMultiEntryTest) {
@ -51,4 +49,4 @@ TEST_F(CryptfsTest, MatchMultiEntryTest) {
ASSERT_EQ(0, match_multi_entry("foo_2", "bar", 0));
}
}
} // namespace android

11
vdc.cpp
View file

@ -14,15 +14,14 @@
* limitations under the License.
*/
#include <stdio.h>
#include <stdlib.h>
#include <unistd.h>
#include <string.h>
#include <signal.h>
#include <errno.h>
#include <fcntl.h>
#include <stdlib.h>
#include <poll.h>
#include <signal.h>
#include <stdio.h>
#include <stdlib.h>
#include <string.h>
#include <unistd.h>
#include <sys/select.h>
#include <sys/time.h>