Merge "Pass volume key as a KeyBuffer" am: 334a684557
am: 4d37b4f980
am: aebcc399ea
Change-Id: I7f410a56f2c301557657f9357494bcf97c7cf92d
This commit is contained in:
commit
395edfede5
5 changed files with 19 additions and 15 deletions
11
cryptfs.cpp
11
cryptfs.cpp
|
@ -71,6 +71,7 @@ extern "C" {
|
|||
using android::base::ParseUint;
|
||||
using android::base::StringPrintf;
|
||||
using android::fs_mgr::GetEntryForMountPoint;
|
||||
using android::vold::KeyBuffer;
|
||||
using namespace android::dm;
|
||||
using namespace std::chrono_literals;
|
||||
|
||||
|
@ -1910,8 +1911,13 @@ errout:
|
|||
* as any metadata is been stored in a separate, small partition. We
|
||||
* assume it must be using our same crypt type and keysize.
|
||||
*/
|
||||
int cryptfs_setup_ext_volume(const char* label, const char* real_blkdev, const unsigned char* key,
|
||||
int cryptfs_setup_ext_volume(const char* label, const char* real_blkdev, const KeyBuffer& key,
|
||||
std::string* out_crypto_blkdev) {
|
||||
if (key.size() != cryptfs_get_keysize()) {
|
||||
SLOGE("Raw keysize %zu does not match crypt keysize %" PRIu32, key.size(),
|
||||
cryptfs_get_keysize());
|
||||
return -1;
|
||||
}
|
||||
uint64_t nr_sec = 0;
|
||||
if (android::vold::GetBlockDev512Sectors(real_blkdev, &nr_sec) != android::OK) {
|
||||
SLOGE("Failed to get size of %s: %s", real_blkdev, strerror(errno));
|
||||
|
@ -1929,7 +1935,8 @@ int cryptfs_setup_ext_volume(const char* label, const char* real_blkdev, const u
|
|||
android::base::GetBoolProperty("ro.crypto.allow_encrypt_override", false))
|
||||
flags |= CREATE_CRYPTO_BLK_DEV_FLAGS_ALLOW_ENCRYPT_OVERRIDE;
|
||||
|
||||
return create_crypto_blk_dev(&ext_crypt_ftr, key, real_blkdev, out_crypto_blkdev, label, flags);
|
||||
return create_crypto_blk_dev(&ext_crypt_ftr, reinterpret_cast<const unsigned char*>(key.data()),
|
||||
real_blkdev, out_crypto_blkdev, label, flags);
|
||||
}
|
||||
|
||||
/*
|
||||
|
|
|
@ -25,6 +25,8 @@
|
|||
|
||||
#include <cutils/properties.h>
|
||||
|
||||
#include "KeyBuffer.h"
|
||||
|
||||
#define CRYPT_FOOTER_OFFSET 0x4000
|
||||
|
||||
/* Return values for cryptfs_crypto_complete */
|
||||
|
@ -62,8 +64,8 @@ int cryptfs_restart(void);
|
|||
int cryptfs_enable(int type, const char* passwd, int no_ui);
|
||||
int cryptfs_changepw(int type, const char* newpw);
|
||||
int cryptfs_enable_default(int no_ui);
|
||||
int cryptfs_setup_ext_volume(const char* label, const char* real_blkdev, const unsigned char* key,
|
||||
std::string* out_crypto_blkdev);
|
||||
int cryptfs_setup_ext_volume(const char* label, const char* real_blkdev,
|
||||
const android::vold::KeyBuffer& key, std::string* out_crypto_blkdev);
|
||||
int cryptfs_revert_ext_volume(const char* label);
|
||||
int cryptfs_getfield(const char* fieldname, char* value, int len);
|
||||
int cryptfs_setfield(const char* fieldname, const char* value);
|
||||
|
|
|
@ -227,7 +227,8 @@ void Disk::createPrivateVolume(dev_t device, const std::string& partGuid) {
|
|||
|
||||
LOG(DEBUG) << "Found key for GUID " << normalizedGuid;
|
||||
|
||||
auto vol = std::shared_ptr<VolumeBase>(new PrivateVolume(device, keyRaw));
|
||||
auto keyBuffer = KeyBuffer(keyRaw.begin(), keyRaw.end());
|
||||
auto vol = std::shared_ptr<VolumeBase>(new PrivateVolume(device, keyBuffer));
|
||||
if (mJustPartitioned) {
|
||||
LOG(DEBUG) << "Device just partitioned; silently formatting";
|
||||
vol->setSilent(true);
|
||||
|
|
|
@ -43,7 +43,7 @@ namespace vold {
|
|||
|
||||
static const unsigned int kMajorBlockMmc = 179;
|
||||
|
||||
PrivateVolume::PrivateVolume(dev_t device, const std::string& keyRaw)
|
||||
PrivateVolume::PrivateVolume(dev_t device, const KeyBuffer& keyRaw)
|
||||
: VolumeBase(Type::kPrivate), mRawDevice(device), mKeyRaw(keyRaw) {
|
||||
setId(StringPrintf("private:%u,%u", major(device), minor(device)));
|
||||
mRawDevPath = StringPrintf("/dev/block/vold/%s", getId().c_str());
|
||||
|
@ -64,19 +64,13 @@ status_t PrivateVolume::doCreate() {
|
|||
if (CreateDeviceNode(mRawDevPath, mRawDevice)) {
|
||||
return -EIO;
|
||||
}
|
||||
if (mKeyRaw.size() != cryptfs_get_keysize()) {
|
||||
PLOG(ERROR) << getId() << " Raw keysize " << mKeyRaw.size()
|
||||
<< " does not match crypt keysize " << cryptfs_get_keysize();
|
||||
return -EIO;
|
||||
}
|
||||
|
||||
// Recover from stale vold by tearing down any old mappings
|
||||
cryptfs_revert_ext_volume(getId().c_str());
|
||||
|
||||
// TODO: figure out better SELinux labels for private volumes
|
||||
|
||||
unsigned char* key = (unsigned char*)mKeyRaw.data();
|
||||
int res = cryptfs_setup_ext_volume(getId().c_str(), mRawDevPath.c_str(), key, &mDmDevPath);
|
||||
int res = cryptfs_setup_ext_volume(getId().c_str(), mRawDevPath.c_str(), mKeyRaw, &mDmDevPath);
|
||||
if (res != 0) {
|
||||
PLOG(ERROR) << getId() << " failed to setup cryptfs";
|
||||
return -EIO;
|
||||
|
|
|
@ -37,7 +37,7 @@ namespace vold {
|
|||
*/
|
||||
class PrivateVolume : public VolumeBase {
|
||||
public:
|
||||
PrivateVolume(dev_t device, const std::string& keyRaw);
|
||||
PrivateVolume(dev_t device, const KeyBuffer& keyRaw);
|
||||
virtual ~PrivateVolume();
|
||||
const std::string& getFsType() const { return mFsType; };
|
||||
const std::string& getRawDevPath() const { return mRawDevPath; };
|
||||
|
@ -65,7 +65,7 @@ class PrivateVolume : public VolumeBase {
|
|||
std::string mPath;
|
||||
|
||||
/* Encryption key as raw bytes */
|
||||
std::string mKeyRaw;
|
||||
KeyBuffer mKeyRaw;
|
||||
|
||||
/* Filesystem type */
|
||||
std::string mFsType;
|
||||
|
|
Loading…
Reference in a new issue