Merge "Use std::string to return crypto device, not char *"

This commit is contained in:
Paul Crowley 2020-02-11 00:37:26 +00:00 committed by Gerrit Code Review
commit 80731b0975
3 changed files with 21 additions and 24 deletions

View file

@ -1164,8 +1164,8 @@ static int add_sector_size_param(DmTargetCrypt* target, struct crypt_mnt_ftr* ft
}
static int create_crypto_blk_dev(struct crypt_mnt_ftr* crypt_ftr, const unsigned char* master_key,
const char* real_blk_name, char* crypto_blk_name, const char* name,
uint32_t flags) {
const char* real_blk_name, std::string* crypto_blk_name,
const char* name, uint32_t flags) {
auto& dm = DeviceMapper::Instance();
// We need two ASCII characters to represent each byte, and need space for
@ -1205,15 +1205,13 @@ static int create_crypto_blk_dev(struct crypt_mnt_ftr* crypt_ftr, const unsigned
SLOGI("Took %d tries to load dmcrypt table.\n", load_count);
}
std::string path;
if (!dm.GetDmDevicePathByName(name, &path)) {
if (!dm.GetDmDevicePathByName(name, crypto_blk_name)) {
SLOGE("Cannot determine dm-crypt path for %s.\n", name);
return -1;
}
snprintf(crypto_blk_name, MAXPATHLEN, "%s", path.c_str());
/* Ensure the dm device has been created before returning. */
if (android::vold::WaitForFile(crypto_blk_name, 1s) < 0) {
if (android::vold::WaitForFile(crypto_blk_name->c_str(), 1s) < 0) {
// WaitForFile generates a suitable log message
return -1;
}
@ -1778,7 +1776,7 @@ static int do_crypto_complete(const char* mount_point) {
static int test_mount_encrypted_fs(struct crypt_mnt_ftr* crypt_ftr, const char* passwd,
const char* mount_point, const char* label) {
unsigned char decrypted_master_key[MAX_KEY_LEN];
char crypto_blkdev[MAXPATHLEN];
std::string crypto_blkdev;
std::string real_blkdev;
char tmp_mount_point[64];
unsigned int orig_failed_decrypt_count;
@ -1807,7 +1805,7 @@ static int test_mount_encrypted_fs(struct crypt_mnt_ftr* crypt_ftr, const char*
// Create crypto block device - all (non fatal) code paths
// need it
if (create_crypto_blk_dev(crypt_ftr, decrypted_master_key, real_blkdev.c_str(), crypto_blkdev,
if (create_crypto_blk_dev(crypt_ftr, decrypted_master_key, real_blkdev.c_str(), &crypto_blkdev,
label, 0)) {
SLOGE("Error creating decrypted block device\n");
rc = -1;
@ -1831,7 +1829,8 @@ static int test_mount_encrypted_fs(struct crypt_mnt_ftr* crypt_ftr, const char*
* the footer, not the key. */
snprintf(tmp_mount_point, sizeof(tmp_mount_point), "%s/tmp_mnt", mount_point);
mkdir(tmp_mount_point, 0755);
if (fs_mgr_do_mount(&fstab_default, DATA_MNT_POINT, crypto_blkdev, tmp_mount_point)) {
if (fs_mgr_do_mount(&fstab_default, DATA_MNT_POINT,
const_cast<char*>(crypto_blkdev.c_str()), tmp_mount_point)) {
SLOGE("Error temp mounting decrypted block device\n");
delete_crypto_blk_dev(label);
@ -1853,7 +1852,7 @@ static int test_mount_encrypted_fs(struct crypt_mnt_ftr* crypt_ftr, const char*
/* Save the name of the crypto block device
* so we can mount it when restarting the framework. */
property_set("ro.crypto.fs_crypto_blkdev", crypto_blkdev);
property_set("ro.crypto.fs_crypto_blkdev", crypto_blkdev.c_str());
/* Also save a the master key so we can reencrypted the key
* the key when we want to change the password on it. */
@ -1910,11 +1909,9 @@ errout:
* storage volume. The incoming partition has no crypto header/footer,
* as any metadata is been stored in a separate, small partition. We
* assume it must be using our same crypt type and keysize.
*
* out_crypto_blkdev must be MAXPATHLEN.
*/
int cryptfs_setup_ext_volume(const char* label, const char* real_blkdev, const unsigned char* key,
char* out_crypto_blkdev) {
std::string* out_crypto_blkdev) {
uint64_t nr_sec = 0;
if (android::vold::GetBlockDev512Sectors(real_blkdev, &nr_sec) != android::OK) {
SLOGE("Failed to get size of %s: %s", real_blkdev, strerror(errno));
@ -2132,8 +2129,8 @@ static int cryptfs_SHA256_fileblock(const char* filename, __le8* buf) {
return 0;
}
static int cryptfs_enable_all_volumes(struct crypt_mnt_ftr* crypt_ftr, char* crypto_blkdev,
char* real_blkdev, int previously_encrypted_upto) {
static int cryptfs_enable_all_volumes(struct crypt_mnt_ftr* crypt_ftr, const char* crypto_blkdev,
const char* real_blkdev, int previously_encrypted_upto) {
off64_t cur_encryption_done = 0, tot_encryption_size = 0;
int rc = -1;
@ -2168,7 +2165,7 @@ static int vold_unmountAll(void) {
}
int cryptfs_enable_internal(int crypt_type, const char* passwd, int no_ui) {
char crypto_blkdev[MAXPATHLEN];
std::string crypto_blkdev;
std::string real_blkdev;
unsigned char decrypted_master_key[MAX_KEY_LEN];
int rc = -1, i;
@ -2377,14 +2374,14 @@ int cryptfs_enable_internal(int crypt_type, const char* passwd, int no_ui) {
}
decrypt_master_key(passwd, decrypted_master_key, &crypt_ftr, 0, 0);
create_crypto_blk_dev(&crypt_ftr, decrypted_master_key, real_blkdev.c_str(), crypto_blkdev,
create_crypto_blk_dev(&crypt_ftr, decrypted_master_key, real_blkdev.c_str(), &crypto_blkdev,
CRYPTO_BLOCK_DEVICE, 0);
/* If we are continuing, check checksums match */
rc = 0;
if (previously_encrypted_upto) {
__le8 hash_first_block[SHA256_DIGEST_LENGTH];
rc = cryptfs_SHA256_fileblock(crypto_blkdev, hash_first_block);
rc = cryptfs_SHA256_fileblock(crypto_blkdev.c_str(), hash_first_block);
if (!rc &&
memcmp(hash_first_block, crypt_ftr.hash_first_block, sizeof(hash_first_block)) != 0) {
@ -2394,13 +2391,13 @@ int cryptfs_enable_internal(int crypt_type, const char* passwd, int no_ui) {
}
if (!rc) {
rc = cryptfs_enable_all_volumes(&crypt_ftr, crypto_blkdev, real_blkdev.data(),
rc = cryptfs_enable_all_volumes(&crypt_ftr, crypto_blkdev.c_str(), real_blkdev.data(),
previously_encrypted_upto);
}
/* Calculate checksum if we are not finished */
if (!rc && crypt_ftr.encrypted_upto != crypt_ftr.fs_size) {
rc = cryptfs_SHA256_fileblock(crypto_blkdev, crypt_ftr.hash_first_block);
rc = cryptfs_SHA256_fileblock(crypto_blkdev.c_str(), crypt_ftr.hash_first_block);
if (rc) {
SLOGE("Error calculating checksum for continuing encryption");
rc = -1;

View file

@ -17,6 +17,8 @@
#ifndef ANDROID_VOLD_CRYPTFS_H
#define ANDROID_VOLD_CRYPTFS_H
#include <string>
#include <linux/types.h>
#include <stdbool.h>
#include <stdint.h>
@ -61,7 +63,7 @@ int cryptfs_enable(int type, const char* passwd, int no_ui);
int cryptfs_changepw(int type, const char* newpw);
int cryptfs_enable_default(int no_ui);
int cryptfs_setup_ext_volume(const char* label, const char* real_blkdev, const unsigned char* key,
char* out_crypto_blkdev);
std::string* out_crypto_blkdev);
int cryptfs_revert_ext_volume(const char* label);
int cryptfs_getfield(const char* fieldname, char* value, int len);
int cryptfs_setfield(const char* fieldname, const char* value);

View file

@ -76,9 +76,7 @@ status_t PrivateVolume::doCreate() {
// TODO: figure out better SELinux labels for private volumes
unsigned char* key = (unsigned char*)mKeyRaw.data();
char crypto_blkdev[MAXPATHLEN];
int res = cryptfs_setup_ext_volume(getId().c_str(), mRawDevPath.c_str(), key, crypto_blkdev);
mDmDevPath = crypto_blkdev;
int res = cryptfs_setup_ext_volume(getId().c_str(), mRawDevPath.c_str(), key, &mDmDevPath);
if (res != 0) {
PLOG(ERROR) << getId() << " failed to setup cryptfs";
return -EIO;