From f6151b434ce259d79496242635654856797bc4c1 Mon Sep 17 00:00:00 2001 From: Jaegeuk Kim Date: Tue, 15 Dec 2020 09:02:29 -0800 Subject: [PATCH] Support zoned device with dm-default-key Note that, encrypt_inplace cannot support zoned device, since it doesn't support in-place updates. And, dm-default-key will have a different key. Bug: 172378121 Signed-off-by: Jaegeuk Kim Change-Id: I34cb1e747e0f3faa07c5a4bfeded11fb789a033c --- MetadataCrypt.cpp | 35 +++++++++++++++++++++++++++++++---- MetadataCrypt.h | 3 ++- VoldNativeService.cpp | 14 ++++++++------ VoldNativeService.h | 6 ++++-- binder/android/os/IVold.aidl | 4 ++-- fs/F2fs.cpp | 7 ++++++- fs/F2fs.h | 2 +- vdc.cpp | 8 ++++---- 8 files changed, 58 insertions(+), 21 deletions(-) diff --git a/MetadataCrypt.cpp b/MetadataCrypt.cpp index 5c9e644..4152e25 100644 --- a/MetadataCrypt.cpp +++ b/MetadataCrypt.cpp @@ -63,6 +63,7 @@ struct CryptoOptions { }; static const std::string kDmNameUserdata = "userdata"; +static const std::string kDmNameUserdataZoned = "userdata_zoned"; // The first entry in this table is the default crypto type. constexpr CryptoType supported_crypto_types[] = {aes_256_xts, adiantum}; @@ -238,10 +239,11 @@ static bool parse_options(const std::string& options_string, CryptoOptions* opti bool fscrypt_mount_metadata_encrypted(const std::string& blk_device, const std::string& mount_point, bool needs_encrypt, bool should_format, - const std::string& fs_type) { + const std::string& fs_type, const std::string& zoned_device) { LOG(DEBUG) << "fscrypt_mount_metadata_encrypted: " << mount_point << " encrypt: " << needs_encrypt << " format: " << should_format << " with " - << fs_type; + << fs_type << " block device: " << blk_device + << " and zoned device: " << zoned_device; auto encrypted_state = android::base::GetProperty("ro.crypto.state", ""); if (encrypted_state != "" && encrypted_state != "encrypted") { LOG(ERROR) << "fscrypt_mount_metadata_encrypted got unexpected starting state: " @@ -280,9 +282,13 @@ bool fscrypt_mount_metadata_encrypted(const std::string& blk_device, const std:: return false; } + auto default_metadata_key_dir = data_rec->metadata_key_dir; + if (!zoned_device.empty()) { + default_metadata_key_dir = default_metadata_key_dir + "/default"; + } auto gen = needs_encrypt ? makeGen(options) : neverGen(); KeyBuffer key; - if (!read_key(data_rec->metadata_key_dir, gen, &key)) { + if (!read_key(default_metadata_key_dir, gen, &key)) { LOG(ERROR) << "read_key failed in mountFstab"; return false; } @@ -295,6 +301,23 @@ bool fscrypt_mount_metadata_encrypted(const std::string& blk_device, const std:: return false; } + // create dm-default-key for zoned device + std::string crypto_zoned_blkdev; + if (!zoned_device.empty()) { + auto zoned_metadata_key_dir = data_rec->metadata_key_dir + "/zoned"; + + if (!read_key(zoned_metadata_key_dir, gen, &key)) { + LOG(ERROR) << "read_key failed with zoned device: " << zoned_device; + return false; + } + if (!create_crypto_blk_dev(kDmNameUserdataZoned, zoned_device, key, options, + &crypto_zoned_blkdev, &nr_sec)) { + LOG(ERROR) << "fscrypt_mount_metadata_encrypted: failed with zoned device: " + << zoned_device; + return false; + } + } + if (needs_encrypt) { if (should_format) { status_t error; @@ -302,7 +325,7 @@ bool fscrypt_mount_metadata_encrypted(const std::string& blk_device, const std:: if (fs_type == "ext4") { error = ext4::Format(crypto_blkdev, 0, mount_point); } else if (fs_type == "f2fs") { - error = f2fs::Format(crypto_blkdev); + error = f2fs::Format(crypto_blkdev, crypto_zoned_blkdev); } else { LOG(ERROR) << "Unknown filesystem type: " << fs_type; return false; @@ -314,6 +337,10 @@ bool fscrypt_mount_metadata_encrypted(const std::string& blk_device, const std:: } LOG(DEBUG) << "Format of " << crypto_blkdev << " for " << mount_point << " succeeded."; } else { + if (!zoned_device.empty()) { + LOG(ERROR) << "encrypt_inplace cannot support zoned device; should format it."; + return false; + } if (!encrypt_inplace(crypto_blkdev, blk_device, nr_sec)) { LOG(ERROR) << "encrypt_inplace failed in mountFstab"; return false; diff --git a/MetadataCrypt.h b/MetadataCrypt.h index 06131ad..f6d6b8e 100644 --- a/MetadataCrypt.h +++ b/MetadataCrypt.h @@ -28,7 +28,8 @@ namespace vold { void defaultkey_precreate_dm_device(); bool fscrypt_mount_metadata_encrypted(const std::string& block_device, const std::string& mount_point, bool needs_encrypt, - bool should_format, const std::string& fs_type); + bool should_format, const std::string& fs_type, + const std::string& zoned_device); bool defaultkey_volume_keygen(KeyGeneration* gen); diff --git a/VoldNativeService.cpp b/VoldNativeService.cpp index 8ba3aaf..51dab49 100644 --- a/VoldNativeService.cpp +++ b/VoldNativeService.cpp @@ -566,22 +566,24 @@ binder::Status VoldNativeService::initUser0() { } binder::Status VoldNativeService::mountFstab(const std::string& blkDevice, - const std::string& mountPoint) { + const std::string& mountPoint, + const std::string& zonedDevice) { ENFORCE_SYSTEM_OR_ROOT; ACQUIRE_LOCK; - return translateBool( - fscrypt_mount_metadata_encrypted(blkDevice, mountPoint, false, false, "null")); + return translateBool(fscrypt_mount_metadata_encrypted(blkDevice, mountPoint, false, false, + "null", zonedDevice)); } binder::Status VoldNativeService::encryptFstab(const std::string& blkDevice, const std::string& mountPoint, bool shouldFormat, - const std::string& fsType) { + const std::string& fsType, + const std::string& zonedDevice) { ENFORCE_SYSTEM_OR_ROOT; ACQUIRE_LOCK; - return translateBool( - fscrypt_mount_metadata_encrypted(blkDevice, mountPoint, true, shouldFormat, fsType)); + return translateBool(fscrypt_mount_metadata_encrypted(blkDevice, mountPoint, true, shouldFormat, + fsType, zonedDevice)); } binder::Status VoldNativeService::setStorageBindingSeed(const std::vector& seed) { diff --git a/VoldNativeService.h b/VoldNativeService.h index 423e8f9..4feeada 100644 --- a/VoldNativeService.h +++ b/VoldNativeService.h @@ -103,9 +103,11 @@ class VoldNativeService : public BinderService, public os::Bn binder::Status fbeEnable(); binder::Status initUser0(); - binder::Status mountFstab(const std::string& blkDevice, const std::string& mountPoint); + binder::Status mountFstab(const std::string& blkDevice, const std::string& mountPoint, + const std::string& zonedDevice); binder::Status encryptFstab(const std::string& blkDevice, const std::string& mountPoint, - bool shouldFormat, const std::string& fsType); + bool shouldFormat, const std::string& fsType, + const std::string& zonedDevice); binder::Status setStorageBindingSeed(const std::vector& seed); diff --git a/binder/android/os/IVold.aidl b/binder/android/os/IVold.aidl index d77c7da..a946797 100644 --- a/binder/android/os/IVold.aidl +++ b/binder/android/os/IVold.aidl @@ -79,8 +79,8 @@ interface IVold { void fbeEnable(); void initUser0(); - void mountFstab(@utf8InCpp String blkDevice, @utf8InCpp String mountPoint); - void encryptFstab(@utf8InCpp String blkDevice, @utf8InCpp String mountPoint, boolean shouldFormat, @utf8InCpp String fsType); + void mountFstab(@utf8InCpp String blkDevice, @utf8InCpp String mountPoint, @utf8InCpp String zonedDevice); + void encryptFstab(@utf8InCpp String blkDevice, @utf8InCpp String mountPoint, boolean shouldFormat, @utf8InCpp String fsType, @utf8InCpp String zonedDevice); void setStorageBindingSeed(in byte[] seed); diff --git a/fs/F2fs.cpp b/fs/F2fs.cpp index 55b0823..23363e3 100644 --- a/fs/F2fs.cpp +++ b/fs/F2fs.cpp @@ -71,7 +71,7 @@ status_t Mount(const std::string& source, const std::string& target) { return res; } -status_t Format(const std::string& source) { +status_t Format(const std::string& source, const std::string& zoned_device) { std::vector cmd; cmd.emplace_back(kMkfsPath); @@ -96,6 +96,11 @@ status_t Format(const std::string& source) { cmd.emplace_back("-C"); cmd.emplace_back("utf8"); } + if (!zoned_device.empty()) { + cmd.emplace_back("-c"); + cmd.emplace_back(zoned_device.c_str()); + cmd.emplace_back("-m"); + } cmd.emplace_back(source.c_str()); return logwrap_fork_execvp(cmd.size(), cmd.data(), nullptr, false, LOG_KLOG, false, nullptr); diff --git a/fs/F2fs.h b/fs/F2fs.h index f710212..cdad581 100644 --- a/fs/F2fs.h +++ b/fs/F2fs.h @@ -29,7 +29,7 @@ bool IsSupported(); status_t Check(const std::string& source); status_t Mount(const std::string& source, const std::string& target); -status_t Format(const std::string& source); +status_t Format(const std::string& source, const std::string& zoned_device = ""); } // namespace f2fs } // namespace vold diff --git a/vdc.cpp b/vdc.cpp index 740e246..b63abbb 100644 --- a/vdc.cpp +++ b/vdc.cpp @@ -124,14 +124,14 @@ int main(int argc, char** argv) { checkStatus(args, vold->reset()); } else if (args[0] == "cryptfs" && args[1] == "bindkeys") { bindkeys(args, vold); - } else if (args[0] == "cryptfs" && args[1] == "mountFstab" && args.size() == 4) { - checkStatus(args, vold->mountFstab(args[2], args[3])); - } else if (args[0] == "cryptfs" && args[1] == "encryptFstab" && args.size() == 6) { + } else if (args[0] == "cryptfs" && args[1] == "mountFstab" && args.size() == 5) { + checkStatus(args, vold->mountFstab(args[2], args[3], args[4])); + } else if (args[0] == "cryptfs" && args[1] == "encryptFstab" && args.size() == 7) { auto shouldFormat = android::base::ParseBool(args[4]); if (shouldFormat == android::base::ParseBoolResult::kError) exit(EINVAL); checkStatus(args, vold->encryptFstab(args[2], args[3], shouldFormat == android::base::ParseBoolResult::kTrue, - args[5])); + args[5], args[6])); } else if (args[0] == "checkpoint" && args[1] == "supportsCheckpoint" && args.size() == 2) { bool supported = false; checkStatus(args, vold->supportsCheckpoint(&supported));