Add init_user0 command.

Change-Id: Icf746ec1968a073fde707ecc788b648f5803fd38
This commit is contained in:
Paul Crowley 2016-02-01 14:28:12 +00:00
parent ea62e26ad3
commit 8fb12fd835
3 changed files with 35 additions and 22 deletions

View file

@ -354,6 +354,10 @@ int CryptCommandListener::CryptfsCmd::runCommand(SocketClient *cli,
dumpArgs(argc, argv, -1);
rc = cryptfs_isConvertibleToFBE();
} else if (subcommand == "init_user0") {
if (!check_argc(cli, subcommand, argc, 2, "")) return 0;
return sendGenericOkFail(cli, e4crypt_init_user0());
} else if (subcommand == "create_user_key") {
if (!check_argc(cli, subcommand, argc, 5, "<user> <serial> <ephemeral>")) return 0;
return sendGenericOkFail(cli,

View file

@ -593,7 +593,6 @@ static bool create_user_key(userid_t user_id, bool create_ephemeral) {
// If the key should be created as ephemeral, store it in memory only.
s_ephemeral_user_keys[key_path] = key;
} else {
if (!prepare_dir(user_key_dir, 0700, AID_ROOT, AID_ROOT)) return false;
if (!prepare_dir(user_key_dir + "/user_" + std::to_string(user_id),
0700, AID_ROOT, AID_ROOT)) return false;
if (!android::vold::storeKey(key_path, key)) return false;
@ -613,6 +612,32 @@ static int e4crypt_set_user_policy(userid_t user_id, int serial, std::string& pa
return do_policy_set(path.c_str(), raw_ref.data(), raw_ref.size());
}
int e4crypt_init_user0() {
LOG(DEBUG) << "e4crypt_init_user0";
if (e4crypt_is_native()) {
if (!prepare_dir(user_key_dir, 0700, AID_ROOT, AID_ROOT)) return -1;
std::string user_key;
if (!read_user_key(0, user_key)) {
// FIXME if the key exists and we just failed to read it, this destroys it.
if (!create_user_key(0, false)) {
return -1;
}
if (!read_user_key(0, user_key)) {
LOG(ERROR) << "Couldn't read just-created key for user 0";
return -1;
}
}
auto raw_ref = e4crypt_install_key(user_key);
if (raw_ref.empty()) {
return -1;
}
s_key_raw_refs[0] = raw_ref;
}
// Ignore failures. FIXME this is horrid
e4crypt_prepare_user_storage(nullptr, 0, 0, false);
return 0;
}
int e4crypt_vold_create_user_key(userid_t user_id, int serial, bool ephemeral) {
LOG(DEBUG) << "e4crypt_vold_create_user_key for " << user_id << " serial " << serial;
if (!e4crypt_is_native()) {
@ -703,31 +728,14 @@ int e4crypt_unlock_user_key(userid_t user_id, int serial, const char* token) {
if (e4crypt_is_native()) {
std::string user_key;
if (!read_user_key(user_id, user_key)) {
// FIXME special case for user 0
if (user_id != 0) {
LOG(ERROR) << "Couldn't read key for " << user_id;
return -1;
}
// FIXME if the key exists and we just failed to read it, this destroys it.
if (!create_user_key(user_id, false)) {
return -1;
}
if (!read_user_key(user_id, user_key)) {
LOG(ERROR) << "Couldn't read just-created key for " << user_id;
return -1;
}
LOG(ERROR) << "Couldn't read key for " << user_id;
return -1;
}
auto raw_ref = e4crypt_install_key(user_key);
if (raw_ref.empty()) {
return -1;
}
s_key_raw_refs[serial] = raw_ref;
if (user_id == 0) {
// FIXME special case for user 0
// prepare their storage here
e4crypt_prepare_user_storage(nullptr, 0, 0, false);
}
return 0;
} else {
// When in emulation mode, we just use chmod. However, we also
// unlock directories when not in emulation mode, to bring devices
@ -739,7 +747,6 @@ int e4crypt_unlock_user_key(userid_t user_id, int serial, const char* token) {
return -1;
}
}
return 0;
}
@ -773,7 +780,8 @@ int e4crypt_prepare_user_storage(const char* volume_uuid,
auto user_ce_path = android::vold::BuildDataUserPath(volume_uuid, user_id);
auto user_de_path = android::vold::BuildDataUserDePath(volume_uuid, user_id);
if (!prepare_dir(system_ce_path, 0700, AID_SYSTEM, AID_SYSTEM)) return -1;
// FIXME: should this be 0770 or 0700?
if (!prepare_dir(system_ce_path, 0770, AID_SYSTEM, AID_SYSTEM)) return -1;
if (!prepare_dir(media_ce_path, 0770, AID_MEDIA_RW, AID_MEDIA_RW)) return -1;
if (!prepare_dir(user_ce_path, 0771, AID_SYSTEM, AID_SYSTEM)) return -1;
if (!prepare_dir(user_de_path, 0771, AID_SYSTEM, AID_SYSTEM)) return -1;

View file

@ -36,6 +36,7 @@ int e4crypt_get_field(const char* path, const char* fieldname,
int e4crypt_set_field(const char* path, const char* fieldname,
const char* value);
int e4crypt_init_user0();
int e4crypt_vold_create_user_key(userid_t user_id, int serial, bool ephemeral);
int e4crypt_destroy_user_key(userid_t user_id);