Merge "Pass volume key as a KeyBuffer" am: 334a684557 am: 4d37b4f980
Change-Id: Ia5a1a2f96ba406987c60cc8fa4d94bea33b68644
This commit is contained in:
Automerger Merge Worker
commit
aebcc399ea
5 changed files with 19 additions and 15 deletions
11
cryptfs.cpp
11
cryptfs.cpp
|
|
@ -71,6 +71,7 @@ extern "C" {
|
||||||
using android::base::ParseUint;
|
using android::base::ParseUint;
|
||||||
using android::base::StringPrintf;
|
using android::base::StringPrintf;
|
||||||
using android::fs_mgr::GetEntryForMountPoint;
|
using android::fs_mgr::GetEntryForMountPoint;
|
||||||
|
using android::vold::KeyBuffer;
|
||||||
using namespace android::dm;
|
using namespace android::dm;
|
||||||
using namespace std::chrono_literals;
|
using namespace std::chrono_literals;
|
||||||
|
|
||||||
|
|
@ -1910,8 +1911,13 @@ errout:
|
||||||
* as any metadata is been stored in a separate, small partition. We
|
* as any metadata is been stored in a separate, small partition. We
|
||||||
* assume it must be using our same crypt type and keysize.
|
* assume it must be using our same crypt type and keysize.
|
||||||
*/
|
*/
|
||||||
int cryptfs_setup_ext_volume(const char* label, const char* real_blkdev, const unsigned char* key,
|
int cryptfs_setup_ext_volume(const char* label, const char* real_blkdev, const KeyBuffer& key,
|
||||||
std::string* out_crypto_blkdev) {
|
std::string* out_crypto_blkdev) {
|
||||||
|
if (key.size() != cryptfs_get_keysize()) {
|
||||||
|
SLOGE("Raw keysize %zu does not match crypt keysize %" PRIu32, key.size(),
|
||||||
|
cryptfs_get_keysize());
|
||||||
|
return -1;
|
||||||
|
}
|
||||||
uint64_t nr_sec = 0;
|
uint64_t nr_sec = 0;
|
||||||
if (android::vold::GetBlockDev512Sectors(real_blkdev, &nr_sec) != android::OK) {
|
if (android::vold::GetBlockDev512Sectors(real_blkdev, &nr_sec) != android::OK) {
|
||||||
SLOGE("Failed to get size of %s: %s", real_blkdev, strerror(errno));
|
SLOGE("Failed to get size of %s: %s", real_blkdev, strerror(errno));
|
||||||
|
|
@ -1929,7 +1935,8 @@ int cryptfs_setup_ext_volume(const char* label, const char* real_blkdev, const u
|
||||||
android::base::GetBoolProperty("ro.crypto.allow_encrypt_override", false))
|
android::base::GetBoolProperty("ro.crypto.allow_encrypt_override", false))
|
||||||
flags |= CREATE_CRYPTO_BLK_DEV_FLAGS_ALLOW_ENCRYPT_OVERRIDE;
|
flags |= CREATE_CRYPTO_BLK_DEV_FLAGS_ALLOW_ENCRYPT_OVERRIDE;
|
||||||
|
|
||||||
return create_crypto_blk_dev(&ext_crypt_ftr, key, real_blkdev, out_crypto_blkdev, label, flags);
|
return create_crypto_blk_dev(&ext_crypt_ftr, reinterpret_cast<const unsigned char*>(key.data()),
|
||||||
|
real_blkdev, out_crypto_blkdev, label, flags);
|
||||||
}
|
}
|
||||||
|
|
||||||
/*
|
/*
|
||||||
|
|
|
||||||
|
|
@ -25,6 +25,8 @@
|
||||||
|
|
||||||
#include <cutils/properties.h>
|
#include <cutils/properties.h>
|
||||||
|
|
||||||
|
#include "KeyBuffer.h"
|
||||||
|
|
||||||
#define CRYPT_FOOTER_OFFSET 0x4000
|
#define CRYPT_FOOTER_OFFSET 0x4000
|
||||||
|
|
||||||
/* Return values for cryptfs_crypto_complete */
|
/* Return values for cryptfs_crypto_complete */
|
||||||
|
|
@ -62,8 +64,8 @@ int cryptfs_restart(void);
|
||||||
int cryptfs_enable(int type, const char* passwd, int no_ui);
|
int cryptfs_enable(int type, const char* passwd, int no_ui);
|
||||||
int cryptfs_changepw(int type, const char* newpw);
|
int cryptfs_changepw(int type, const char* newpw);
|
||||||
int cryptfs_enable_default(int no_ui);
|
int cryptfs_enable_default(int no_ui);
|
||||||
int cryptfs_setup_ext_volume(const char* label, const char* real_blkdev, const unsigned char* key,
|
int cryptfs_setup_ext_volume(const char* label, const char* real_blkdev,
|
||||||
std::string* out_crypto_blkdev);
|
const android::vold::KeyBuffer& key, std::string* out_crypto_blkdev);
|
||||||
int cryptfs_revert_ext_volume(const char* label);
|
int cryptfs_revert_ext_volume(const char* label);
|
||||||
int cryptfs_getfield(const char* fieldname, char* value, int len);
|
int cryptfs_getfield(const char* fieldname, char* value, int len);
|
||||||
int cryptfs_setfield(const char* fieldname, const char* value);
|
int cryptfs_setfield(const char* fieldname, const char* value);
|
||||||
|
|
|
||||||
|
|
@ -216,7 +216,8 @@ void Disk::createPrivateVolume(dev_t device, const std::string& partGuid) {
|
||||||
|
|
||||||
LOG(DEBUG) << "Found key for GUID " << normalizedGuid;
|
LOG(DEBUG) << "Found key for GUID " << normalizedGuid;
|
||||||
|
|
||||||
auto vol = std::shared_ptr<VolumeBase>(new PrivateVolume(device, keyRaw));
|
auto keyBuffer = KeyBuffer(keyRaw.begin(), keyRaw.end());
|
||||||
|
auto vol = std::shared_ptr<VolumeBase>(new PrivateVolume(device, keyBuffer));
|
||||||
if (mJustPartitioned) {
|
if (mJustPartitioned) {
|
||||||
LOG(DEBUG) << "Device just partitioned; silently formatting";
|
LOG(DEBUG) << "Device just partitioned; silently formatting";
|
||||||
vol->setSilent(true);
|
vol->setSilent(true);
|
||||||
|
|
|
||||||
|
|
@ -43,7 +43,7 @@ namespace vold {
|
||||||
|
|
||||||
static const unsigned int kMajorBlockMmc = 179;
|
static const unsigned int kMajorBlockMmc = 179;
|
||||||
|
|
||||||
PrivateVolume::PrivateVolume(dev_t device, const std::string& keyRaw)
|
PrivateVolume::PrivateVolume(dev_t device, const KeyBuffer& keyRaw)
|
||||||
: VolumeBase(Type::kPrivate), mRawDevice(device), mKeyRaw(keyRaw) {
|
: VolumeBase(Type::kPrivate), mRawDevice(device), mKeyRaw(keyRaw) {
|
||||||
setId(StringPrintf("private:%u,%u", major(device), minor(device)));
|
setId(StringPrintf("private:%u,%u", major(device), minor(device)));
|
||||||
mRawDevPath = StringPrintf("/dev/block/vold/%s", getId().c_str());
|
mRawDevPath = StringPrintf("/dev/block/vold/%s", getId().c_str());
|
||||||
|
|
@ -64,19 +64,13 @@ status_t PrivateVolume::doCreate() {
|
||||||
if (CreateDeviceNode(mRawDevPath, mRawDevice)) {
|
if (CreateDeviceNode(mRawDevPath, mRawDevice)) {
|
||||||
return -EIO;
|
return -EIO;
|
||||||
}
|
}
|
||||||
if (mKeyRaw.size() != cryptfs_get_keysize()) {
|
|
||||||
PLOG(ERROR) << getId() << " Raw keysize " << mKeyRaw.size()
|
|
||||||
<< " does not match crypt keysize " << cryptfs_get_keysize();
|
|
||||||
return -EIO;
|
|
||||||
}
|
|
||||||
|
|
||||||
// Recover from stale vold by tearing down any old mappings
|
// Recover from stale vold by tearing down any old mappings
|
||||||
cryptfs_revert_ext_volume(getId().c_str());
|
cryptfs_revert_ext_volume(getId().c_str());
|
||||||
|
|
||||||
// TODO: figure out better SELinux labels for private volumes
|
// TODO: figure out better SELinux labels for private volumes
|
||||||
|
|
||||||
unsigned char* key = (unsigned char*)mKeyRaw.data();
|
int res = cryptfs_setup_ext_volume(getId().c_str(), mRawDevPath.c_str(), mKeyRaw, &mDmDevPath);
|
||||||
int res = cryptfs_setup_ext_volume(getId().c_str(), mRawDevPath.c_str(), key, &mDmDevPath);
|
|
||||||
if (res != 0) {
|
if (res != 0) {
|
||||||
PLOG(ERROR) << getId() << " failed to setup cryptfs";
|
PLOG(ERROR) << getId() << " failed to setup cryptfs";
|
||||||
return -EIO;
|
return -EIO;
|
||||||
|
|
|
||||||
|
|
@ -37,7 +37,7 @@ namespace vold {
|
||||||
*/
|
*/
|
||||||
class PrivateVolume : public VolumeBase {
|
class PrivateVolume : public VolumeBase {
|
||||||
public:
|
public:
|
||||||
PrivateVolume(dev_t device, const std::string& keyRaw);
|
PrivateVolume(dev_t device, const KeyBuffer& keyRaw);
|
||||||
virtual ~PrivateVolume();
|
virtual ~PrivateVolume();
|
||||||
const std::string& getFsType() const { return mFsType; };
|
const std::string& getFsType() const { return mFsType; };
|
||||||
const std::string& getRawDevPath() const { return mRawDevPath; };
|
const std::string& getRawDevPath() const { return mRawDevPath; };
|
||||||
|
|
@ -63,7 +63,7 @@ class PrivateVolume : public VolumeBase {
|
||||||
std::string mPath;
|
std::string mPath;
|
||||||
|
|
||||||
/* Encryption key as raw bytes */
|
/* Encryption key as raw bytes */
|
||||||
std::string mKeyRaw;
|
KeyBuffer mKeyRaw;
|
||||||
|
|
||||||
/* Filesystem type */
|
/* Filesystem type */
|
||||||
std::string mFsType;
|
std::string mFsType;
|
||||||
|
|
|
||||||
Loading…
Reference in a new issue