tequilaOS/platform_system_vold
2
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity

Add command for setting the key binding seed

Browse source 
The seed value is passed to vold early in startup so that the
key-encryption keys are bound to the seed. This is useful for systems
like auto, in which the Android device may not require credentials to
use. In that case, the device should be bound to the rest of the system
(the car, in the case of auto) to guard against theft.

Test: manual
Change-Id: I2e16387b0752a30ef226b5ddf32ebf955aa9610a
This commit is contained in:
Sean Keys 2021-07-07 22:38:04 +00:00 committed by Keith Mok
parent a3bd31c170
commit 8452f41d4a
2 changed files with 30 additions and 1 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

7
Android.bp
View file

@ -220,11 +220,16 @@ cc_binary {
name: "vdc", name: "vdc",
defaults: ["vold_default_flags"], defaults: ["vold_default_flags"],
srcs: ["vdc.cpp"], srcs: [
"vdc.cpp",
"Utils.cpp",
],
shared_libs: [ shared_libs: [
"libbase", "libbase",
"libbinder", "libbinder",
"libcutils", "libcutils",
"liblogwrap",
"libselinux",
"libutils", "libutils",
], ],
static_libs: [ static_libs: [

24
vdc.cpp
View file

@ -28,6 +28,7 @@
#include <sys/types.h> #include <sys/types.h>
#include <sys/un.h> #include <sys/un.h>
#include "Utils.h"
#include "android/os/IVold.h" #include "android/os/IVold.h"
#include <android-base/logging.h> #include <android-base/logging.h>
@ -37,6 +38,7 @@
#include <android-base/strings.h> #include <android-base/strings.h>
#include <binder/IServiceManager.h> #include <binder/IServiceManager.h>
#include <binder/Status.h> #include <binder/Status.h>
#include <utils/Errors.h>
#include <private/android_filesystem_config.h> #include <private/android_filesystem_config.h>
@ -64,6 +66,26 @@ static void checkStatus(std::vector<std::string>& cmd, android::binder::Status s
exit(ENOTTY); exit(ENOTTY);
} }
static void bindkeys(std::vector<std::string>& args, const android::sp<android::os::IVold>& vold) {
std::string raw_bytes;
const char* seed_value;
seed_value = getenv("SEED_VALUE");
if (seed_value == NULL) {
LOG(ERROR) << "Empty seed";
exit(EINVAL);
}
android::status_t status = android::vold::HexToStr(seed_value, raw_bytes);
if (status != android::OK) {
LOG(ERROR) << "Extraction of seed failed: " << status;
exit(status);
}
std::vector<uint8_t> seed{raw_bytes.begin(), raw_bytes.end()};
checkStatus(args, vold->setStorageBindingSeed(seed));
}
int main(int argc, char** argv) { int main(int argc, char** argv) {
setenv("ANDROID_LOG_TAGS", "*:v", 1); setenv("ANDROID_LOG_TAGS", "*:v", 1);
if (getppid() == 1) { if (getppid() == 1) {
@ -106,6 +128,8 @@ int main(int argc, char** argv) {
checkStatus(args, vold->shutdown()); checkStatus(args, vold->shutdown());
} else if (args[0] == "volume" && args[1] == "reset") { } else if (args[0] == "volume" && args[1] == "reset") {
checkStatus(args, vold->reset()); checkStatus(args, vold->reset());
} else if (args[0] == "cryptfs" && args[1] == "bindkeys") {
bindkeys(args, vold);
} else if (args[0] == "cryptfs" && args[1] == "mountFstab" && args.size() == 4) { } else if (args[0] == "cryptfs" && args[1] == "mountFstab" && args.size() == 4) {
checkStatus(args, vold->mountFstab(args[2], args[3])); checkStatus(args, vold->mountFstab(args[2], args[3]));
} else if (args[0] == "cryptfs" && args[1] == "encryptFstab" && args.size() == 6) { } else if (args[0] == "cryptfs" && args[1] == "encryptFstab" && args.size() == 6) {