tequilaOS/platform_system_vold
2
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity

Merge "Change to use new WaitForProperty API"

Browse source
This commit is contained in:
TreeHugger Robot 2017-02-25 08:17:59 +00:00 committed by Android (Google) Code Review
commit 64a11b177c
6 changed files with 49 additions and 53 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

2
Android.mk
View file

@ -17,7 +17,7 @@ common_src_files := \
CheckBattery.cpp \ CheckBattery.cpp \
Ext4Crypt.cpp \ Ext4Crypt.cpp \
VoldUtil.c \ VoldUtil.c \
cryptfs.c \ cryptfs.cpp \
Disk.cpp \ Disk.cpp \
VolumeBase.cpp \ VolumeBase.cpp \
PublicVolume.cpp \ PublicVolume.cpp \

2
KeyStorage.cpp
View file

@ -175,7 +175,7 @@ static KeymasterOperation begin(Keymaster& keymaster, const std::string& dir,
if (opHandle) { if (opHandle) {
return opHandle; return opHandle;
} }
if (opHandle.error() != ErrorCode::KEY_REQUIRES_UPGRADE) return opHandle; if (opHandle.errorCode() != ErrorCode::KEY_REQUIRES_UPGRADE) return opHandle;
LOG(DEBUG) << "Upgrading key: " << dir; LOG(DEBUG) << "Upgrading key: " << dir;
std::string newKey; std::string newKey;
if (!keymaster.upgradeKey(kmKey, keyParams, &newKey)) return KeymasterOperation(); if (!keymaster.upgradeKey(kmKey, keyParams, &newKey)) return KeymasterOperation();

10
Keymaster.cpp
View file

@ -278,25 +278,25 @@ int keymaster_sign_object_for_cryptfs_scrypt(const uint8_t* key_blob,
while (true) { while (true) {
op = dev.begin(KeyPurpose::SIGN, key, paramBuilder, &outParams); op = dev.begin(KeyPurpose::SIGN, key, paramBuilder, &outParams);
if (op.error() == ErrorCode::KEY_RATE_LIMIT_EXCEEDED) { if (op.errorCode() == ErrorCode::KEY_RATE_LIMIT_EXCEEDED) {
sleep(ratelimit); sleep(ratelimit);
continue; continue;
} else break; } else break;
} }
if (op.error() != ErrorCode::OK) { if (op.errorCode() != ErrorCode::OK) {
LOG(ERROR) << "Error starting keymaster signature transaction: " << int32_t(op.error()); LOG(ERROR) << "Error starting keymaster signature transaction: " << int32_t(op.errorCode());
return -1; return -1;
} }
if (!op.updateCompletely(input, &output)) { if (!op.updateCompletely(input, &output)) {
LOG(ERROR) << "Error sending data to keymaster signature transaction: " LOG(ERROR) << "Error sending data to keymaster signature transaction: "
<< uint32_t(op.error()); << uint32_t(op.errorCode());
return -1; return -1;
} }
if (!op.finish(&output)) { if (!op.finish(&output)) {
LOG(ERROR) << "Error finalizing keymaster signature transaction: " << int32_t(op.error()); LOG(ERROR) << "Error finalizing keymaster signature transaction: " << int32_t(op.errorCode());
return -1; return -1;
} }

2
Keymaster.h
View file

@ -47,7 +47,7 @@ class KeymasterOperation {
// Is this instance valid? This is false if creation fails, and becomes // Is this instance valid? This is false if creation fails, and becomes
// false on finish or if an update fails. // false on finish or if an update fails.
explicit operator bool() { return mError == ErrorCode::OK; } explicit operator bool() { return mError == ErrorCode::OK; }
ErrorCode error() { return mError; } ErrorCode errorCode() { return mError; }
// Call "update" repeatedly until all of the input is consumed, and // Call "update" repeatedly until all of the input is consumed, and
// concatenate the output. Return true on success. // concatenate the output. Return true on success.
bool updateCompletely(const std::string& input, std::string* output); bool updateCompletely(const std::string& input, std::string* output);

84
cryptfs.c → cryptfs.cpp
View file

@ -56,14 +56,16 @@
#include "ScryptParameters.h" #include "ScryptParameters.h"
#include "VolumeManager.h" #include "VolumeManager.h"
#include "VoldUtil.h" #include "VoldUtil.h"
#include "crypto_scrypt.h"
#include "Ext4Crypt.h" #include "Ext4Crypt.h"
#include "f2fs_sparseblock.h" #include "f2fs_sparseblock.h"
#include "CheckBattery.h" #include "CheckBattery.h"
#include "Process.h" #include "Process.h"
#include "Keymaster.h" #include "Keymaster.h"
#include "android-base/properties.h"
#include <bootloader_message/bootloader_message.h> #include <bootloader_message/bootloader_message.h>
extern "C" {
#include <crypto_scrypt.h>
}
#define UNUSED __attribute__((unused)) #define UNUSED __attribute__((unused))
@ -94,8 +96,6 @@
#define RETRY_MOUNT_ATTEMPTS 10 #define RETRY_MOUNT_ATTEMPTS 10
#define RETRY_MOUNT_DELAY_SECONDS 1 #define RETRY_MOUNT_DELAY_SECONDS 1
char *me = "cryptfs";
static unsigned char saved_master_key[KEY_LEN_BYTES]; static unsigned char saved_master_key[KEY_LEN_BYTES];
static char *saved_mount_point; static char *saved_mount_point;
static int master_key_saved = 0; static int master_key_saved = 0;
@ -162,7 +162,7 @@ static int keymaster_sign_object(struct crypt_mnt_ftr *ftr,
// object size. However, it's still broken (but not unusably // object size. However, it's still broken (but not unusably
// so) because we really should be using a proper deterministic // so) because we really should be using a proper deterministic
// RSA padding function, such as PKCS1. // RSA padding function, such as PKCS1.
memcpy(to_sign + 1, object, min(RSA_KEY_SIZE_BYTES - 1, object_size)); memcpy(to_sign + 1, object, std::min((size_t)RSA_KEY_SIZE_BYTES - 1, object_size));
SLOGI("Signing safely-padded object"); SLOGI("Signing safely-padded object");
break; break;
default: default:
@ -447,7 +447,7 @@ static void upgrade_crypt_ftr(int fd, struct crypt_mnt_ftr *crypt_ftr, off64_t o
SLOGW("upgrading crypto footer to 1.1"); SLOGW("upgrading crypto footer to 1.1");
pdata = malloc(CRYPT_PERSIST_DATA_SIZE); pdata = (crypt_persist_data *)malloc(CRYPT_PERSIST_DATA_SIZE);
if (pdata == NULL) { if (pdata == NULL) {
SLOGE("Cannot allocate persisent data\n"); SLOGE("Cannot allocate persisent data\n");
return; return;
@ -615,7 +615,7 @@ static int load_persistent_data(void)
/* If not encrypted, just allocate an empty table and initialize it */ /* If not encrypted, just allocate an empty table and initialize it */
property_get("ro.crypto.state", encrypted_state, ""); property_get("ro.crypto.state", encrypted_state, "");
if (strcmp(encrypted_state, "encrypted") ) { if (strcmp(encrypted_state, "encrypted") ) {
pdata = malloc(CRYPT_PERSIST_DATA_SIZE); pdata = (crypt_persist_data*)malloc(CRYPT_PERSIST_DATA_SIZE);
if (pdata) { if (pdata) {
init_empty_persist_data(pdata, CRYPT_PERSIST_DATA_SIZE); init_empty_persist_data(pdata, CRYPT_PERSIST_DATA_SIZE);
persist_data = pdata; persist_data = pdata;
@ -649,7 +649,7 @@ static int load_persistent_data(void)
return -1; return -1;
} }
pdata = malloc(crypt_ftr.persist_data_size); pdata = (crypt_persist_data*)malloc(crypt_ftr.persist_data_size);
if (pdata == NULL) { if (pdata == NULL) {
SLOGE("Cannot allocate memory for persistent data"); SLOGE("Cannot allocate memory for persistent data");
goto err; goto err;
@ -728,7 +728,7 @@ static int save_persistent_data(void)
return -1; return -1;
} }
pdata = malloc(crypt_ftr.persist_data_size); pdata = (crypt_persist_data*)malloc(crypt_ftr.persist_data_size);
if (pdata == NULL) { if (pdata == NULL) {
SLOGE("Cannot allocate persistant data"); SLOGE("Cannot allocate persistant data");
goto err; goto err;
@ -817,7 +817,7 @@ static void convert_key_to_hex_ascii(const unsigned char *master_key,
static int load_crypto_mapping_table(struct crypt_mnt_ftr *crypt_ftr, static int load_crypto_mapping_table(struct crypt_mnt_ftr *crypt_ftr,
const unsigned char *master_key, const char *real_blk_name, const unsigned char *master_key, const char *real_blk_name,
const char *name, int fd, const char *extra_params) { const char *name, int fd, const char *extra_params) {
_Alignas(struct dm_ioctl) char buffer[DM_CRYPT_BUF_SIZE]; alignas(struct dm_ioctl) char buffer[DM_CRYPT_BUF_SIZE];
struct dm_ioctl *io; struct dm_ioctl *io;
struct dm_target_spec *tgt; struct dm_target_spec *tgt;
char *crypt_params; char *crypt_params;
@ -906,7 +906,7 @@ static int create_crypto_blk_dev(struct crypt_mnt_ftr *crypt_ftr,
int err; int err;
int retval = -1; int retval = -1;
int version[3]; int version[3];
char *extra_params; const char *extra_params;
int load_count; int load_count;
if ((fd = open("/dev/device-mapper", O_RDWR|O_CLOEXEC)) < 0 ) { if ((fd = open("/dev/device-mapper", O_RDWR|O_CLOEXEC)) < 0 ) {
@ -968,7 +968,7 @@ errout:
return retval; return retval;
} }
static int delete_crypto_blk_dev(char *name) static int delete_crypto_blk_dev(const char *name)
{ {
int fd; int fd;
char buffer[DM_CRYPT_BUF_SIZE]; char buffer[DM_CRYPT_BUF_SIZE];
@ -1240,7 +1240,7 @@ static int decrypt_master_key(const char *passwd, unsigned char *decrypted_maste
return ret; return ret;
} }
static int create_encrypted_random_key(char *passwd, unsigned char *master_key, unsigned char *salt, static int create_encrypted_random_key(const char *passwd, unsigned char *master_key, unsigned char *salt,
struct crypt_mnt_ftr *crypt_ftr) { struct crypt_mnt_ftr *crypt_ftr) {
int fd; int fd;
unsigned char key_buf[KEY_LEN_BYTES]; unsigned char key_buf[KEY_LEN_BYTES];
@ -1301,7 +1301,6 @@ int wait_and_unmount(const char *mountpoint, bool kill)
return rc; return rc;
} }
#define DATA_PREP_TIMEOUT 1000
static int prep_data_fs(void) static int prep_data_fs(void)
{ {
int i; int i;
@ -1315,17 +1314,9 @@ static int prep_data_fs(void)
SLOGD("Just triggered post_fs_data\n"); SLOGD("Just triggered post_fs_data\n");
/* Wait a max of 50 seconds, hopefully it takes much less */ /* Wait a max of 50 seconds, hopefully it takes much less */
for (i=0; i<DATA_PREP_TIMEOUT; i++) { if (!android::base::WaitForProperty("vold.post_fs_data_done",
char p[PROPERTY_VALUE_MAX]; "1",
std::chrono::seconds(50))) {
property_get("vold.post_fs_data_done", p, "0");
if (*p == '1') {
break;
} else {
usleep(50000);
}
}
if (i == DATA_PREP_TIMEOUT) {
/* Ugh, we failed to prep /data in time. Bail. */ /* Ugh, we failed to prep /data in time. Bail. */
SLOGE("post_fs_data timed out!\n"); SLOGE("post_fs_data timed out!\n");
return -1; return -1;
@ -1515,7 +1506,7 @@ int cryptfs_restart(void)
return cryptfs_restart_internal(1); return cryptfs_restart_internal(1);
} }
static int do_crypto_complete(char *mount_point) static int do_crypto_complete(const char *mount_point)
{ {
struct crypt_mnt_ftr crypt_ftr; struct crypt_mnt_ftr crypt_ftr;
char encrypted_state[PROPERTY_VALUE_MAX]; char encrypted_state[PROPERTY_VALUE_MAX];
@ -1572,7 +1563,7 @@ static int do_crypto_complete(char *mount_point)
} }
static int test_mount_encrypted_fs(struct crypt_mnt_ftr* crypt_ftr, static int test_mount_encrypted_fs(struct crypt_mnt_ftr* crypt_ftr,
char *passwd, char *mount_point, char *label) const char *passwd, const char *mount_point, const char *label)
{ {
/* Allocate enough space for a 256 bit key, but we may use less */ /* Allocate enough space for a 256 bit key, but we may use less */
unsigned char decrypted_master_key[32]; unsigned char decrypted_master_key[32];
@ -1585,6 +1576,9 @@ static int test_mount_encrypted_fs(struct crypt_mnt_ftr* crypt_ftr,
int upgrade = 0; int upgrade = 0;
unsigned char* intermediate_key = 0; unsigned char* intermediate_key = 0;
size_t intermediate_key_size = 0; size_t intermediate_key_size = 0;
int N = 1 << crypt_ftr->N_factor;
int r = 1 << crypt_ftr->r_factor;
int p = 1 << crypt_ftr->p_factor;
SLOGD("crypt_ftr->fs_size = %lld\n", crypt_ftr->fs_size); SLOGD("crypt_ftr->fs_size = %lld\n", crypt_ftr->fs_size);
orig_failed_decrypt_count = crypt_ftr->failed_decrypt_count; orig_failed_decrypt_count = crypt_ftr->failed_decrypt_count;
@ -1612,9 +1606,6 @@ static int test_mount_encrypted_fs(struct crypt_mnt_ftr* crypt_ftr,
/* Work out if the problem is the password or the data */ /* Work out if the problem is the password or the data */
unsigned char scrypted_intermediate_key[sizeof(crypt_ftr-> unsigned char scrypted_intermediate_key[sizeof(crypt_ftr->
scrypted_intermediate_key)]; scrypted_intermediate_key)];
int N = 1 << crypt_ftr->N_factor;
int r = 1 << crypt_ftr->r_factor;
int p = 1 << crypt_ftr->p_factor;
rc = crypto_scrypt(intermediate_key, intermediate_key_size, rc = crypto_scrypt(intermediate_key, intermediate_key_size,
crypt_ftr->salt, sizeof(crypt_ftr->salt), crypt_ftr->salt, sizeof(crypt_ftr->salt),
@ -1771,7 +1762,7 @@ int check_unmounted_and_get_ftr(struct crypt_mnt_ftr* crypt_ftr)
return 0; return 0;
} }
int cryptfs_check_passwd(char *passwd) int cryptfs_check_passwd(const char *passwd)
{ {
SLOGI("cryptfs_check_passwd"); SLOGI("cryptfs_check_passwd");
if (e4crypt_is_native()) { if (e4crypt_is_native()) {
@ -2125,13 +2116,13 @@ static int encrypt_groups(struct encryptGroupsData* data)
off64_t ret; off64_t ret;
int rc = -1; int rc = -1;
data->buffer = malloc(info.block_size * BLOCKS_AT_A_TIME); data->buffer = (char *)malloc(info.block_size * BLOCKS_AT_A_TIME);
if (!data->buffer) { if (!data->buffer) {
SLOGE("Failed to allocate crypto buffer"); SLOGE("Failed to allocate crypto buffer");
goto errout; goto errout;
} }
block_bitmap = malloc(info.block_size); block_bitmap = (u8 *)malloc(info.block_size);
if (!block_bitmap) { if (!block_bitmap) {
SLOGE("failed to allocate block bitmap"); SLOGE("failed to allocate block bitmap");
goto errout; goto errout;
@ -2141,8 +2132,8 @@ static int encrypt_groups(struct encryptGroupsData* data)
SLOGI("Encrypting group %d", i); SLOGI("Encrypting group %d", i);
u32 first_block = aux_info.first_data_block + i * info.blocks_per_group; u32 first_block = aux_info.first_data_block + i * info.blocks_per_group;
u32 block_count = min(info.blocks_per_group, u32 block_count = std::min(info.blocks_per_group,
aux_info.len_blocks - first_block); (u32)(aux_info.len_blocks - first_block));
off64_t offset = (u64)info.block_size off64_t offset = (u64)info.block_size
* aux_info.bg_desc[i].bg_block_bitmap; * aux_info.bg_desc[i].bg_block_bitmap;
@ -2214,6 +2205,8 @@ static int cryptfs_enable_inplace_ext4(char *crypto_blkdev,
u32 i; u32 i;
struct encryptGroupsData data; struct encryptGroupsData data;
int rc; // Can't initialize without causing warning -Wclobbered int rc; // Can't initialize without causing warning -Wclobbered
struct timespec time_started = {0};
int retries = RETRY_MOUNT_ATTEMPTS;
if (previously_encrypted_upto > *size_already_done) { if (previously_encrypted_upto > *size_already_done) {
SLOGD("Not fast encrypting since resuming part way through"); SLOGD("Not fast encrypting since resuming part way through");
@ -2232,7 +2225,6 @@ static int cryptfs_enable_inplace_ext4(char *crypto_blkdev,
} }
// Wait until the block device appears. Re-use the mount retry values since it is reasonable. // Wait until the block device appears. Re-use the mount retry values since it is reasonable.
int retries = RETRY_MOUNT_ATTEMPTS;
while ((data.cryptofd = open(crypto_blkdev, O_WRONLY|O_CLOEXEC)) < 0) { while ((data.cryptofd = open(crypto_blkdev, O_WRONLY|O_CLOEXEC)) < 0) {
if (--retries) { if (--retries) {
SLOGE("Error opening crypto_blkdev %s for ext4 inplace encrypt. err=%d(%s), retrying\n", SLOGE("Error opening crypto_blkdev %s for ext4 inplace encrypt. err=%d(%s), retrying\n",
@ -2272,7 +2264,6 @@ static int cryptfs_enable_inplace_ext4(char *crypto_blkdev,
data.one_pct = data.tot_used_blocks / 100; data.one_pct = data.tot_used_blocks / 100;
data.cur_pct = 0; data.cur_pct = 0;
struct timespec time_started = {0};
if (clock_gettime(CLOCK_MONOTONIC, &time_started)) { if (clock_gettime(CLOCK_MONOTONIC, &time_started)) {
SLOGW("Error getting time at start"); SLOGW("Error getting time at start");
// Note - continue anyway - we'll run with 0 // Note - continue anyway - we'll run with 0
@ -2390,7 +2381,7 @@ static int cryptfs_enable_inplace_f2fs(char *crypto_blkdev,
data.time_started = time(NULL); data.time_started = time(NULL);
data.remaining_time = -1; data.remaining_time = -1;
data.buffer = malloc(f2fs_info->block_size); data.buffer = (char *)malloc(f2fs_info->block_size);
if (!data.buffer) { if (!data.buffer) {
SLOGE("Failed to allocate crypto buffer"); SLOGE("Failed to allocate crypto buffer");
goto errout; goto errout;
@ -2686,7 +2677,7 @@ static int cryptfs_enable_all_volumes(struct crypt_mnt_ftr *crypt_ftr, int how,
return rc; return rc;
} }
int cryptfs_enable_internal(char *howarg, int crypt_type, char *passwd, int cryptfs_enable_internal(char *howarg, int crypt_type, const char *passwd,
int no_ui) int no_ui)
{ {
int how = 0; int how = 0;
@ -2701,6 +2692,8 @@ int cryptfs_enable_internal(char *howarg, int crypt_type, char *passwd,
int num_vols; int num_vols;
off64_t previously_encrypted_upto = 0; off64_t previously_encrypted_upto = 0;
bool rebootEncryption = false; bool rebootEncryption = false;
bool onlyCreateHeader = false;
int fd = -1;
if (!strcmp(howarg, "wipe")) { if (!strcmp(howarg, "wipe")) {
how = CRYPTO_ENABLE_WIPE; how = CRYPTO_ENABLE_WIPE;
@ -2751,7 +2744,7 @@ int cryptfs_enable_internal(char *howarg, int crypt_type, char *passwd,
fs_mgr_get_crypt_info(fstab, 0, real_blkdev, sizeof(real_blkdev)); fs_mgr_get_crypt_info(fstab, 0, real_blkdev, sizeof(real_blkdev));
/* Get the size of the real block device */ /* Get the size of the real block device */
int fd = open(real_blkdev, O_RDONLY|O_CLOEXEC); fd = open(real_blkdev, O_RDONLY|O_CLOEXEC);
if (fd == -1) { if (fd == -1) {
SLOGE("Cannot open block device %s\n", real_blkdev); SLOGE("Cannot open block device %s\n", real_blkdev);
goto error_unencrypted; goto error_unencrypted;
@ -2800,7 +2793,6 @@ int cryptfs_enable_internal(char *howarg, int crypt_type, char *passwd,
/* no_ui means we are being called from init, not settings. /* no_ui means we are being called from init, not settings.
Now we always reboot from settings, so !no_ui means reboot Now we always reboot from settings, so !no_ui means reboot
*/ */
bool onlyCreateHeader = false;
if (!no_ui) { if (!no_ui) {
/* Try fallback, which is to reboot and try there */ /* Try fallback, which is to reboot and try there */
onlyCreateHeader = true; onlyCreateHeader = true;
@ -2886,7 +2878,7 @@ int cryptfs_enable_internal(char *howarg, int crypt_type, char *passwd,
* If none, create a valid empty table and save that. * If none, create a valid empty table and save that.
*/ */
if (!persist_data) { if (!persist_data) {
pdata = malloc(CRYPT_PERSIST_DATA_SIZE); pdata = (crypt_persist_data *)malloc(CRYPT_PERSIST_DATA_SIZE);
if (pdata) { if (pdata) {
init_empty_persist_data(pdata, CRYPT_PERSIST_DATA_SIZE); init_empty_persist_data(pdata, CRYPT_PERSIST_DATA_SIZE);
persist_data = pdata; persist_data = pdata;
@ -2999,8 +2991,12 @@ int cryptfs_enable_internal(char *howarg, int crypt_type, char *passwd,
if (!strcmp(value, "1")) { if (!strcmp(value, "1")) {
/* wipe data if encryption failed */ /* wipe data if encryption failed */
SLOGE("encryption failed - rebooting into recovery to wipe data\n"); SLOGE("encryption failed - rebooting into recovery to wipe data\n");
if (!write_bootloader_message("--wipe_data\n--reason=cryptfs_enable_internal\n")) { std::string err;
SLOGE("could not write bootloader message\n"); const std::vector<std::string> options = {
"--wipe_data\n--reason=cryptfs_enable_internal\n"
};
if (!write_bootloader_message(options, &err)) {
SLOGE("could not write bootloader message: %s", err.c_str());
} }
cryptfs_reboot(recovery); cryptfs_reboot(recovery);
} else { } else {

2
cryptfs.h
View file

@ -228,7 +228,7 @@ extern "C" {
unsigned char *ikey, void *params); unsigned char *ikey, void *params);
int cryptfs_crypto_complete(void); int cryptfs_crypto_complete(void);
int cryptfs_check_passwd(char *pw); int cryptfs_check_passwd(const char *pw);
int cryptfs_verify_passwd(char *newpw); int cryptfs_verify_passwd(char *newpw);
int cryptfs_restart(void); int cryptfs_restart(void);
int cryptfs_enable(char *flag, int type, char *passwd, int no_ui); int cryptfs_enable(char *flag, int type, char *passwd, int no_ui);