Be more C++. volume UUID should always be std::string.

Test: boots
Bug: 67041047
Change-Id: I36d3944ae8de192703b9ee359900841b833fe3a1
This commit is contained in:
Paul Crowley 2017-10-09 10:55:21 -07:00
parent a7ca40bd70
commit 3b71fc5100
11 changed files with 69 additions and 74 deletions

View file

@ -91,8 +91,8 @@ static bool e4crypt_is_emulated() {
return property_get_bool("persist.sys.emulate_fbe", false);
}
static const char* escape_null(const char* value) {
return (value == nullptr) ? "null" : value;
static const char* escape_empty(const std::string& value) {
return value.empty() ? "null" : value.c_str();
}
static std::string get_de_key_path(userid_t user_id) {
@ -379,7 +379,7 @@ bool e4crypt_init_user0() {
// We can only safely prepare DE storage here, since CE keys are probably
// entangled with user credentials. The framework will always prepare CE
// storage once CE keys are installed.
if (!e4crypt_prepare_user_storage(nullptr, 0, 0, FLAG_STORAGE_DE)) {
if (!e4crypt_prepare_user_storage("", 0, 0, FLAG_STORAGE_DE)) {
LOG(ERROR) << "Failed to prepare user 0 storage";
return false;
}
@ -491,8 +491,8 @@ static bool emulated_unlock(const std::string& path, mode_t mode) {
return true;
}
static bool parse_hex(const char* hex, std::string* result) {
if (strcmp("!", hex) == 0) {
static bool parse_hex(const std::string& hex, std::string* result) {
if (hex == "!") {
*result = "";
return true;
}
@ -503,10 +503,10 @@ static bool parse_hex(const char* hex, std::string* result) {
return true;
}
bool e4crypt_add_user_key_auth(userid_t user_id, int serial, const char* token_hex,
const char* secret_hex) {
bool e4crypt_add_user_key_auth(userid_t user_id, int serial, const std::string& token_hex,
const std::string& secret_hex) {
LOG(DEBUG) << "e4crypt_add_user_key_auth " << user_id << " serial=" << serial
<< " token_present=" << (strcmp(token_hex, "!") != 0);
<< " token_present=" << (token_hex != "!");
if (!e4crypt_is_native()) return true;
if (s_ephemeral_users.count(user_id) != 0) return true;
std::string token, secret;
@ -543,10 +543,10 @@ bool e4crypt_fixate_newest_user_key_auth(userid_t user_id) {
}
// TODO: rename to 'install' for consistency, and take flags to know which keys to install
bool e4crypt_unlock_user_key(userid_t user_id, int serial, const char* token_hex,
const char* secret_hex) {
bool e4crypt_unlock_user_key(userid_t user_id, int serial, const std::string& token_hex,
const std::string& secret_hex) {
LOG(DEBUG) << "e4crypt_unlock_user_key " << user_id << " serial=" << serial
<< " token_present=" << (strcmp(token_hex, "!") != 0);
<< " token_present=" << (token_hex != "!");
if (e4crypt_is_native()) {
if (s_ce_key_raw_refs.count(user_id) != 0) {
LOG(WARNING) << "Tried to unlock already-unlocked key for user " << user_id;
@ -566,8 +566,8 @@ bool e4crypt_unlock_user_key(userid_t user_id, int serial, const char* token_hex
// back into a known-good state.
if (!emulated_unlock(android::vold::BuildDataSystemCePath(user_id), 0771) ||
!emulated_unlock(android::vold::BuildDataMiscCePath(user_id), 01771) ||
!emulated_unlock(android::vold::BuildDataMediaCePath(nullptr, user_id), 0770) ||
!emulated_unlock(android::vold::BuildDataUserCePath(nullptr, user_id), 0771)) {
!emulated_unlock(android::vold::BuildDataMediaCePath("", user_id), 0770) ||
!emulated_unlock(android::vold::BuildDataUserCePath("", user_id), 0771)) {
LOG(ERROR) << "Failed to unlock user " << user_id;
return false;
}
@ -584,8 +584,8 @@ bool e4crypt_lock_user_key(userid_t user_id) {
// When in emulation mode, we just use chmod
if (!emulated_lock(android::vold::BuildDataSystemCePath(user_id)) ||
!emulated_lock(android::vold::BuildDataMiscCePath(user_id)) ||
!emulated_lock(android::vold::BuildDataMediaCePath(nullptr, user_id)) ||
!emulated_lock(android::vold::BuildDataUserCePath(nullptr, user_id))) {
!emulated_lock(android::vold::BuildDataMediaCePath("", user_id)) ||
!emulated_lock(android::vold::BuildDataUserCePath("", user_id))) {
LOG(ERROR) << "Failed to lock user " << user_id;
return false;
}
@ -594,9 +594,9 @@ bool e4crypt_lock_user_key(userid_t user_id) {
return true;
}
bool e4crypt_prepare_user_storage(const char* volume_uuid, userid_t user_id, int serial,
bool e4crypt_prepare_user_storage(const std::string& volume_uuid, userid_t user_id, int serial,
int flags) {
LOG(DEBUG) << "e4crypt_prepare_user_storage for volume " << escape_null(volume_uuid)
LOG(DEBUG) << "e4crypt_prepare_user_storage for volume " << escape_empty(volume_uuid)
<< ", user " << user_id << ", serial " << serial << ", flags " << flags;
if (flags & FLAG_STORAGE_DE) {
@ -610,7 +610,7 @@ bool e4crypt_prepare_user_storage(const char* volume_uuid, userid_t user_id, int
auto misc_de_path = android::vold::BuildDataMiscDePath(user_id);
auto user_de_path = android::vold::BuildDataUserDePath(volume_uuid, user_id);
if (volume_uuid == nullptr) {
if (volume_uuid.empty()) {
if (!prepare_dir(system_legacy_path, 0700, AID_SYSTEM, AID_SYSTEM)) return false;
#if MANAGE_MISC_DIRS
if (!prepare_dir(misc_legacy_path, 0750, multiuser_get_uid(user_id, AID_SYSTEM),
@ -626,7 +626,7 @@ bool e4crypt_prepare_user_storage(const char* volume_uuid, userid_t user_id, int
if (e4crypt_is_native()) {
std::string de_raw_ref;
if (!lookup_key_ref(s_de_key_raw_refs, user_id, &de_raw_ref)) return false;
if (volume_uuid == nullptr) {
if (volume_uuid.empty()) {
if (!ensure_policy(de_raw_ref, system_de_path)) return false;
if (!ensure_policy(de_raw_ref, misc_de_path)) return false;
}
@ -641,7 +641,7 @@ bool e4crypt_prepare_user_storage(const char* volume_uuid, userid_t user_id, int
auto media_ce_path = android::vold::BuildDataMediaCePath(volume_uuid, user_id);
auto user_ce_path = android::vold::BuildDataUserCePath(volume_uuid, user_id);
if (volume_uuid == nullptr) {
if (volume_uuid.empty()) {
if (!prepare_dir(system_ce_path, 0770, AID_SYSTEM, AID_SYSTEM)) return false;
if (!prepare_dir(misc_ce_path, 01771, AID_SYSTEM, AID_MISC)) return false;
}
@ -651,7 +651,7 @@ bool e4crypt_prepare_user_storage(const char* volume_uuid, userid_t user_id, int
if (e4crypt_is_native()) {
std::string ce_raw_ref;
if (!lookup_key_ref(s_ce_key_raw_refs, user_id, &ce_raw_ref)) return false;
if (volume_uuid == nullptr) {
if (volume_uuid.empty()) {
if (!ensure_policy(ce_raw_ref, system_ce_path)) return false;
if (!ensure_policy(ce_raw_ref, misc_ce_path)) return false;
@ -669,8 +669,8 @@ bool e4crypt_prepare_user_storage(const char* volume_uuid, userid_t user_id, int
return true;
}
bool e4crypt_destroy_user_storage(const char* volume_uuid, userid_t user_id, int flags) {
LOG(DEBUG) << "e4crypt_destroy_user_storage for volume " << escape_null(volume_uuid)
bool e4crypt_destroy_user_storage(const std::string& volume_uuid, userid_t user_id, int flags) {
LOG(DEBUG) << "e4crypt_destroy_user_storage for volume " << escape_empty(volume_uuid)
<< ", user " << user_id << ", flags " << flags;
bool res = true;
@ -685,7 +685,7 @@ bool e4crypt_destroy_user_storage(const char* volume_uuid, userid_t user_id, int
auto misc_de_path = android::vold::BuildDataMiscDePath(user_id);
auto user_de_path = android::vold::BuildDataUserDePath(volume_uuid, user_id);
if (volume_uuid == nullptr) {
if (volume_uuid.empty()) {
res &= destroy_dir(system_legacy_path);
#if MANAGE_MISC_DIRS
res &= destroy_dir(misc_legacy_path);
@ -704,7 +704,7 @@ bool e4crypt_destroy_user_storage(const char* volume_uuid, userid_t user_id, int
auto media_ce_path = android::vold::BuildDataMediaCePath(volume_uuid, user_id);
auto user_ce_path = android::vold::BuildDataUserCePath(volume_uuid, user_id);
if (volume_uuid == nullptr) {
if (volume_uuid.empty()) {
res &= destroy_dir(system_ce_path);
res &= destroy_dir(misc_ce_path);
}
@ -715,6 +715,6 @@ bool e4crypt_destroy_user_storage(const char* volume_uuid, userid_t user_id, int
return res;
}
bool e4crypt_secdiscard(const char* path) {
return android::vold::runSecdiscardSingle(std::string(path));
bool e4crypt_secdiscard(const std::string& path) {
return android::vold::runSecdiscardSingle(path);
}

View file

@ -14,29 +14,29 @@
* limitations under the License.
*/
#include <string>
#include <stdbool.h>
#include <sys/cdefs.h>
#include <cutils/multiuser.h>
__BEGIN_DECLS
// General functions
bool e4crypt_is_native();
bool e4crypt_initialize_global_de();
bool e4crypt_init_user0();
bool e4crypt_vold_create_user_key(userid_t user_id, int serial, bool ephemeral);
bool e4crypt_destroy_user_key(userid_t user_id);
bool e4crypt_add_user_key_auth(userid_t user_id, int serial, const char* token,
const char* secret);
bool e4crypt_add_user_key_auth(userid_t user_id, int serial, const std::string& token,
const std::string& secret);
bool e4crypt_fixate_newest_user_key_auth(userid_t user_id);
bool e4crypt_unlock_user_key(userid_t user_id, int serial, const char* token, const char* secret);
bool e4crypt_unlock_user_key(userid_t user_id, int serial, const std::string& token,
const std::string& secret);
bool e4crypt_lock_user_key(userid_t user_id);
bool e4crypt_prepare_user_storage(const char* volume_uuid, userid_t user_id, int serial, int flags);
bool e4crypt_destroy_user_storage(const char* volume_uuid, userid_t user_id, int flags);
bool e4crypt_prepare_user_storage(const std::string& volume_uuid, userid_t user_id, int serial,
int flags);
bool e4crypt_destroy_user_storage(const std::string& volume_uuid, userid_t user_id, int flags);
bool e4crypt_secdiscard(const char* path);
__END_DECLS
bool e4crypt_secdiscard(const std::string& path);

View file

@ -17,8 +17,6 @@
#ifndef ANDROID_VOLD_KEYMASTER_H
#define ANDROID_VOLD_KEYMASTER_H
#ifdef __cplusplus
#include "KeyBuffer.h"
#include <memory>
@ -127,8 +125,7 @@ class Keymaster {
} // namespace vold
} // namespace android
#endif // __cplusplus
// FIXME no longer needed now cryptfs is in C++.
/*
* The following functions provide C bindings to keymaster services
@ -138,7 +135,6 @@ class Keymaster {
* The sign_object function signes an object with the given keymaster
* key.
*/
__BEGIN_DECLS
int keymaster_compatibility_cryptfs_scrypt();
int keymaster_create_key_for_cryptfs_scrypt(uint32_t rsa_key_size,
@ -156,6 +152,5 @@ int keymaster_sign_object_for_cryptfs_scrypt(const uint8_t* key_blob,
uint8_t** signature_buffer,
size_t* signature_buffer_size);
__END_DECLS
#endif

View file

@ -23,10 +23,6 @@
#define SCRYPT_PROP "ro.crypto.scrypt_params"
#define SCRYPT_DEFAULTS "15:3:1"
__BEGIN_DECLS
bool parse_scrypt_parameters(const char* paramstr, int *Nf, int *rf, int *pf);
__END_DECLS
#endif

View file

@ -585,54 +585,54 @@ std::string BuildKeyPath(const std::string& partGuid) {
}
std::string BuildDataSystemLegacyPath(userid_t userId) {
return StringPrintf("%s/system/users/%u", BuildDataPath(nullptr).c_str(), userId);
return StringPrintf("%s/system/users/%u", BuildDataPath("").c_str(), userId);
}
std::string BuildDataSystemCePath(userid_t userId) {
return StringPrintf("%s/system_ce/%u", BuildDataPath(nullptr).c_str(), userId);
return StringPrintf("%s/system_ce/%u", BuildDataPath("").c_str(), userId);
}
std::string BuildDataSystemDePath(userid_t userId) {
return StringPrintf("%s/system_de/%u", BuildDataPath(nullptr).c_str(), userId);
return StringPrintf("%s/system_de/%u", BuildDataPath("").c_str(), userId);
}
std::string BuildDataMiscLegacyPath(userid_t userId) {
return StringPrintf("%s/misc/user/%u", BuildDataPath(nullptr).c_str(), userId);
return StringPrintf("%s/misc/user/%u", BuildDataPath("").c_str(), userId);
}
std::string BuildDataMiscCePath(userid_t userId) {
return StringPrintf("%s/misc_ce/%u", BuildDataPath(nullptr).c_str(), userId);
return StringPrintf("%s/misc_ce/%u", BuildDataPath("").c_str(), userId);
}
std::string BuildDataMiscDePath(userid_t userId) {
return StringPrintf("%s/misc_de/%u", BuildDataPath(nullptr).c_str(), userId);
return StringPrintf("%s/misc_de/%u", BuildDataPath("").c_str(), userId);
}
// Keep in sync with installd (frameworks/native/cmds/installd/utils.h)
std::string BuildDataProfilesDePath(userid_t userId) {
return StringPrintf("%s/misc/profiles/cur/%u", BuildDataPath(nullptr).c_str(), userId);
return StringPrintf("%s/misc/profiles/cur/%u", BuildDataPath("").c_str(), userId);
}
std::string BuildDataPath(const char* volumeUuid) {
std::string BuildDataPath(const std::string& volumeUuid) {
// TODO: unify with installd path generation logic
if (volumeUuid == nullptr) {
if (volumeUuid.empty()) {
return "/data";
} else {
CHECK(isValidFilename(volumeUuid));
return StringPrintf("/mnt/expand/%s", volumeUuid);
return StringPrintf("/mnt/expand/%s", volumeUuid.c_str());
}
}
std::string BuildDataMediaCePath(const char* volumeUuid, userid_t userId) {
std::string BuildDataMediaCePath(const std::string& volumeUuid, userid_t userId) {
// TODO: unify with installd path generation logic
std::string data(BuildDataPath(volumeUuid));
return StringPrintf("%s/media/%u", data.c_str(), userId);
}
std::string BuildDataUserCePath(const char* volumeUuid, userid_t userId) {
std::string BuildDataUserCePath(const std::string& volumeUuid, userid_t userId) {
// TODO: unify with installd path generation logic
std::string data(BuildDataPath(volumeUuid));
if (volumeUuid == nullptr && userId == 0) {
if (volumeUuid.empty() && userId == 0) {
std::string legacy = StringPrintf("%s/data", data.c_str());
struct stat sb;
if (lstat(legacy.c_str(), &sb) == 0 && S_ISDIR(sb.st_mode)) {
@ -643,7 +643,7 @@ std::string BuildDataUserCePath(const char* volumeUuid, userid_t userId) {
return StringPrintf("%s/user/%u", data.c_str(), userId);
}
std::string BuildDataUserDePath(const char* volumeUuid, userid_t userId) {
std::string BuildDataUserDePath(const std::string& volumeUuid, userid_t userId) {
// TODO: unify with installd path generation logic
std::string data(BuildDataPath(volumeUuid));
return StringPrintf("%s/user_de/%u", data.c_str(), userId);

View file

@ -103,10 +103,10 @@ std::string BuildDataMiscCePath(userid_t userid);
std::string BuildDataMiscDePath(userid_t userid);
std::string BuildDataProfilesDePath(userid_t userid);
std::string BuildDataPath(const char* volumeUuid);
std::string BuildDataMediaCePath(const char* volumeUuid, userid_t userid);
std::string BuildDataUserCePath(const char* volumeUuid, userid_t userid);
std::string BuildDataUserDePath(const char* volumeUuid, userid_t userid);
std::string BuildDataPath(const std::string& volumeUuid);
std::string BuildDataMediaCePath(const std::string& volumeUuid, userid_t userid);
std::string BuildDataUserCePath(const std::string& volumeUuid, userid_t userid);
std::string BuildDataUserDePath(const std::string& volumeUuid, userid_t userid);
dev_t GetDevice(const std::string& path);

View file

@ -32,6 +32,7 @@
#include <android-base/logging.h>
#include <android-base/stringprintf.h>
#include <android-base/strings.h>
#include <ext4_utils/ext4_crypt.h>
#include <fs_mgr.h>
#include <private/android_filesystem_config.h>
#include <utils/Trace.h>
@ -666,7 +667,7 @@ binder::Status VoldNativeService::addUserKeyAuth(int32_t userId, int32_t userSer
ENFORCE_UID(AID_SYSTEM);
ACQUIRE_CRYPT_LOCK;
return translateBool(e4crypt_add_user_key_auth(userId, userSerial, token.c_str(), secret.c_str()));
return translateBool(e4crypt_add_user_key_auth(userId, userSerial, token, secret));
}
binder::Status VoldNativeService::fixateNewestUserKeyAuth(int32_t userId) {
@ -681,7 +682,7 @@ binder::Status VoldNativeService::unlockUserKey(int32_t userId, int32_t userSeri
ENFORCE_UID(AID_SYSTEM);
ACQUIRE_CRYPT_LOCK;
return translateBool(e4crypt_unlock_user_key(userId, userSerial, token.c_str(), secret.c_str()));
return translateBool(e4crypt_unlock_user_key(userId, userSerial, token, secret));
}
binder::Status VoldNativeService::lockUserKey(int32_t userId) {
@ -696,7 +697,8 @@ binder::Status VoldNativeService::prepareUserStorage(const std::unique_ptr<std::
ENFORCE_UID(AID_SYSTEM);
ACQUIRE_CRYPT_LOCK;
const char* uuid_ = uuid ? uuid->c_str() : nullptr;
std::string empty_string = "";
auto uuid_ = uuid ? *uuid : empty_string;
return translateBool(e4crypt_prepare_user_storage(uuid_, userId, userSerial, flags));
}
@ -705,7 +707,8 @@ binder::Status VoldNativeService::destroyUserStorage(const std::unique_ptr<std::
ENFORCE_UID(AID_SYSTEM);
ACQUIRE_CRYPT_LOCK;
const char* uuid_ = uuid ? uuid->c_str() : nullptr;
std::string empty_string = "";
auto uuid_ = uuid ? *uuid : empty_string;
return translateBool(e4crypt_destroy_user_storage(uuid_, userId, flags));
}
@ -713,7 +716,7 @@ binder::Status VoldNativeService::secdiscard(const std::string& path) {
ENFORCE_UID(AID_SYSTEM);
ACQUIRE_CRYPT_LOCK;
return translateBool(e4crypt_secdiscard(path.c_str()));
return translateBool(e4crypt_secdiscard(path));
}
} // namespace vold

View file

@ -38,6 +38,7 @@
#include <openssl/evp.h>
#include <openssl/sha.h>
#include <errno.h>
#include <ext4_utils/ext4_crypt.h>
#include <ext4_utils/ext4_utils.h>
#include <linux/kdev_t.h>
#include <fs_mgr.h>

View file

@ -42,6 +42,7 @@
#include <android-base/stringprintf.h>
#include <cutils/log.h>
#include <cutils/properties.h>
#include <ext4_utils/ext4_crypt.h>
#include <logwrap/logwrap.h>
#include <selinux/selinux.h>

View file

@ -23,10 +23,11 @@
#include "Ext4Crypt.h"
#include <android-base/file.h>
#include <android-base/logging.h>
#include <android-base/properties.h>
#include <android-base/stringprintf.h>
#include <android-base/logging.h>
#include <diskconfig/diskconfig.h>
#include <ext4_utils/ext4_crypt.h>
#include <vector>
#include <fcntl.h>

View file

@ -18,8 +18,6 @@
#include <selinux/selinux.h>
__BEGIN_DECLS
security_context_t secontextFsck();
__END_DECLS
#endif