From b7a14053c366591fe8ff66d0497fc77f10e929a3 Mon Sep 17 00:00:00 2001 From: Eric Biggers Date: Wed, 15 Jul 2020 11:06:02 -0700 Subject: [PATCH] vold: remove checkEncryption The testing-only "checkEncryption" command has been replaced with VtsKernelEncryptionTest [1]. In particular, the metadata encryption documentation [2] no longer mentions checkEncryption but rather recommends running VtsKernelEncryptionTest. Also, checkEncryption hasn't really been maintained, and it has some known bugs; it's unclear that many people ever really used it. So, just remove it. [1] https://android.googlesource.com/platform/test/vts-testcase/kernel/+/refs/heads/master/encryption/ [2] https://source.android.com/security/encryption/metadata#tests Bug: 155037012 Change-Id: I258829c60768fd11aafdf2faad956cecc1ae9826 --- Android.bp | 1 - CheckEncryption.cpp | 149 ----------------------------------- CheckEncryption.h | 31 -------- VoldNativeService.cpp | 12 --- VoldNativeService.h | 1 - binder/android/os/IVold.aidl | 1 - vdc.cpp | 2 - 7 files changed, 197 deletions(-) delete mode 100644 CheckEncryption.cpp delete mode 100644 CheckEncryption.h diff --git a/Android.bp b/Android.bp index 0ffc8f9..b69dd5a 100644 --- a/Android.bp +++ b/Android.bp @@ -109,7 +109,6 @@ cc_library_static { srcs: [ "AppFuseUtil.cpp", "Benchmark.cpp", - "CheckEncryption.cpp", "Checkpoint.cpp", "CryptoType.cpp", "Devmapper.cpp", diff --git a/CheckEncryption.cpp b/CheckEncryption.cpp deleted file mode 100644 index ffa3698..0000000 --- a/CheckEncryption.cpp +++ /dev/null @@ -1,149 +0,0 @@ -/* - * Copyright (C) 2017 The Android Open Source Project - * - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ - -#include "CheckEncryption.h" -#include "FileDeviceUtils.h" -#include "Utils.h" -#include "VolumeManager.h" - -#include -#include -#include -#include -#include - -#include - -#include -#include -#include - -#include -#include -#include -#include -#include -#include - -#include -#include -#include - -using android::base::unique_fd; - -using android::base::ReadFileToString; -using android::base::WriteStringToFile; - -namespace android { -namespace vold { - -constexpr uint32_t max_extents = 32; -constexpr size_t bytecount = 8; -constexpr int repeats = 256; - -bool check_file(const std::string& needle) { - LOG(DEBUG) << "checkEncryption check_file: " << needle; - auto haystack = android::vold::BlockDeviceForPath(needle); - if (haystack.empty()) { - LOG(ERROR) << "Failed to find device for path: " << needle; - return false; - } - - std::string randombytes; - if (ReadRandomBytes(bytecount, randombytes) != 0) { - LOG(ERROR) << "Failed to read random bytes"; - return false; - } - std::string randomhex; - StrToHex(randombytes, randomhex); - std::ostringstream os; - for (int i = 0; i < repeats; i++) os << randomhex; - auto towrite = os.str(); - - if (access(needle.c_str(), F_OK) == 0) { - if (unlink(needle.c_str()) != 0) { - PLOG(ERROR) << "Failed to unlink " << needle; - return false; - } - } - LOG(DEBUG) << "Writing to " << needle; - if (!WriteStringToFile(towrite, needle)) { - PLOG(ERROR) << "Failed to write " << needle; - return false; - } - sync(); - - unique_fd haystack_fd(open(haystack.c_str(), O_RDONLY | O_CLOEXEC)); - if (haystack_fd.get() == -1) { - PLOG(ERROR) << "Failed to open " << haystack; - return false; - } - - auto fiemap = PathFiemap(needle, max_extents); - - std::string area; - for (uint32_t i = 0; i < fiemap->fm_mapped_extents; i++) { - auto xt = &(fiemap->fm_extents[i]); - LOG(DEBUG) << "Extent " << i << " at " << xt->fe_physical << " length " << xt->fe_length; - if (lseek64(haystack_fd.get(), xt->fe_physical, SEEK_SET) == -1) { - PLOG(ERROR) << "Failed lseek"; - return false; - } - auto toread = xt->fe_length; - while (toread > 0) { - char buf[BUFSIZ]; - size_t wlen = - static_cast(std::min(static_cast(sizeof(buf)), toread)); - auto l = read(haystack_fd.get(), buf, wlen); - if (l < 1) { - PLOG(ERROR) << "Failed read"; - if (errno != EINTR) { - return false; - } - } - area.append(buf, l); - toread -= l; - } - } - - LOG(DEBUG) << "Searching " << area.size() << " bytes of " << needle; - LOG(DEBUG) << "First position of blob: " << area.find(randomhex); - return true; -} - -int CheckEncryption(const std::string& path) { - auto deNeedle(path); - deNeedle += "/misc"; - if (android::vold::PrepareDir(deNeedle, 01771, AID_SYSTEM, AID_MISC)) { - return -1; - } - deNeedle += "/vold"; - if (android::vold::PrepareDir(deNeedle, 0700, AID_ROOT, AID_ROOT)) { - return -1; - } - deNeedle += "/checkEncryption"; - - auto neNeedle(path); - neNeedle += "/unencrypted/checkEncryption"; - - check_file(deNeedle); - check_file(neNeedle); - - return 0; -} - -} // namespace vold -} // namespace android diff --git a/CheckEncryption.h b/CheckEncryption.h deleted file mode 100644 index 158d886..0000000 --- a/CheckEncryption.h +++ /dev/null @@ -1,31 +0,0 @@ -/* - * Copyright (C) 2017 The Android Open Source Project - * - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ - -#ifndef ANDROID_VOLD_CHECK_ENCRYPTION_H -#define ANDROID_VOLD_CHECK_ENCRYPTION_H - -#include - -namespace android { -namespace vold { - -/* Check encryption of private volume mounted at the given path */ -int CheckEncryption(const std::string& path); - -} // namespace vold -} // namespace android - -#endif diff --git a/VoldNativeService.cpp b/VoldNativeService.cpp index be8e67c..e345d2f 100644 --- a/VoldNativeService.cpp +++ b/VoldNativeService.cpp @@ -19,7 +19,6 @@ #include "VoldNativeService.h" #include "Benchmark.h" -#include "CheckEncryption.h" #include "Checkpoint.h" #include "FsCrypt.h" #include "IdleMaint.h" @@ -340,17 +339,6 @@ binder::Status VoldNativeService::benchmark( return Ok(); } -binder::Status VoldNativeService::checkEncryption(const std::string& volId) { - ENFORCE_SYSTEM_OR_ROOT; - CHECK_ARGUMENT_ID(volId); - ACQUIRE_LOCK; - - std::string path; - auto status = pathForVolId(volId, &path); - if (!status.isOk()) return status; - return translate(android::vold::CheckEncryption(path)); -} - binder::Status VoldNativeService::moveStorage( const std::string& fromVolId, const std::string& toVolId, const android::sp& listener) { diff --git a/VoldNativeService.h b/VoldNativeService.h index 7065b04..7ee093d 100644 --- a/VoldNativeService.h +++ b/VoldNativeService.h @@ -57,7 +57,6 @@ class VoldNativeService : public BinderService, public os::Bn binder::Status format(const std::string& volId, const std::string& fsType); binder::Status benchmark(const std::string& volId, const android::sp& listener); - binder::Status checkEncryption(const std::string& volId); binder::Status moveStorage(const std::string& fromVolId, const std::string& toVolId, const android::sp& listener); diff --git a/binder/android/os/IVold.aidl b/binder/android/os/IVold.aidl index 12c00e4..cde6952 100644 --- a/binder/android/os/IVold.aidl +++ b/binder/android/os/IVold.aidl @@ -45,7 +45,6 @@ interface IVold { void unmount(@utf8InCpp String volId); void format(@utf8InCpp String volId, @utf8InCpp String fsType); void benchmark(@utf8InCpp String volId, IVoldTaskListener listener); - void checkEncryption(@utf8InCpp String volId); void moveStorage(@utf8InCpp String fromVolId, @utf8InCpp String toVolId, IVoldTaskListener listener); diff --git a/vdc.cpp b/vdc.cpp index a6a3fb0..a0efe78 100644 --- a/vdc.cpp +++ b/vdc.cpp @@ -103,8 +103,6 @@ int main(int argc, char** argv) { checkStatus(args, vold->shutdown()); } else if (args[0] == "volume" && args[1] == "reset") { checkStatus(args, vold->reset()); - } else if (args[0] == "cryptfs" && args[1] == "checkEncryption" && args.size() == 3) { - checkStatus(args, vold->checkEncryption(args[2])); } else if (args[0] == "cryptfs" && args[1] == "mountFstab" && args.size() == 4) { checkStatus(args, vold->mountFstab(args[2], args[3])); } else if (args[0] == "cryptfs" && args[1] == "encryptFstab" && args.size() == 4) {