Merge changes Ia095340c,I464edc6e am: 3d1a532efc am: 57ca48b788

Original change: https://android-review.googlesource.com/c/platform/system/vold/+/1883358 Change-Id: I34e28f326ac91743e1d752e4aed7172c4c76aa7e
2021-11-08 23:31:20 +00:00 · 2021-11-08 23:31:20 +00:00 · af6552a833
commit af6552a833
parent 6185ed675d 57ca48b788
4 changed files with 64 additions and 12 deletions
--- a/KeyStorage.cpp
+++ b/KeyStorage.cpp
@ -601,9 +601,15 @@ static bool storeKey(const std::string& dir, const KeyAuthentication& auth, cons
        if (!generateKeyStorageKey(keystore, appId, &ksKey)) return false;
        if (!writeStringToFile(ksKey, dir + "/" + kFn_keymaster_key_blob)) return false;
        km::AuthorizationSet keyParams = beginParams(appId);
-        if (!encryptWithKeystoreKey(keystore, dir, keyParams, key, &encryptedKey)) return false;
+        if (!encryptWithKeystoreKey(keystore, dir, keyParams, key, &encryptedKey)) {
+            LOG(ERROR) << "encryptWithKeystoreKey failed";
+            return false;
+        }
    } else {
-        if (!encryptWithoutKeystore(appId, key, &encryptedKey)) return false;
+        if (!encryptWithoutKeystore(appId, key, &encryptedKey)) {
+            LOG(ERROR) << "encryptWithoutKeystore failed";
+            return false;
+        }
    }
    if (!writeStringToFile(encryptedKey, dir + "/" + kFn_encrypted_key)) return false;
    if (!FsyncDirectory(dir)) return false;
@ -648,9 +654,15 @@ bool retrieveKey(const std::string& dir, const KeyAuthentication& auth, KeyBuffe
        Keystore keystore;
        if (!keystore) return false;
        km::AuthorizationSet keyParams = beginParams(appId);
-        if (!decryptWithKeystoreKey(keystore, dir, keyParams, encryptedMessage, key)) return false;
+        if (!decryptWithKeystoreKey(keystore, dir, keyParams, encryptedMessage, key)) {
+            LOG(ERROR) << "decryptWithKeystoreKey failed";
+            return false;
+        }
    } else {
-        if (!decryptWithoutKeystore(appId, encryptedMessage, key)) return false;
+        if (!decryptWithoutKeystore(appId, encryptedMessage, key)) {
+            LOG(ERROR) << "decryptWithoutKeystore failed";
+            return false;
+        }
    }
    return true;
 }
--- a/KeyUtil.cpp
+++ b/KeyUtil.cpp
@ -54,7 +54,10 @@ static bool randomKey(size_t size, KeyBuffer* key) {
 }

 bool generateStorageKey(const KeyGeneration& gen, KeyBuffer* key) {
-    if (!gen.allow_gen) return false;
+    if (!gen.allow_gen) {
+        LOG(ERROR) << "Generating storage key not allowed";
+        return false;
+    }
    if (gen.use_hw_wrapped_key) {
        if (gen.keysize != FSCRYPT_MAX_KEY_SIZE) {
            LOG(ERROR) << "Cannot generate a wrapped key " << gen.keysize << " bytes long";
--- a/MetadataCrypt.cpp
+++ b/MetadataCrypt.cpp
@ -245,7 +245,8 @@ bool fscrypt_mount_metadata_encrypted(const std::string& blk_device, const std::
               << fs_type;
    auto encrypted_state = android::base::GetProperty("ro.crypto.state", "");
    if (encrypted_state != "" && encrypted_state != "encrypted") {
-        LOG(DEBUG) << "fscrypt_enable_crypto got unexpected starting state: " << encrypted_state;
+        LOG(ERROR) << "fscrypt_mount_metadata_encrypted got unexpected starting state: "
+                   << encrypted_state;
        return false;
    }

@ -282,12 +283,18 @@ bool fscrypt_mount_metadata_encrypted(const std::string& blk_device, const std::

    auto gen = needs_encrypt ? makeGen(options) : neverGen();
    KeyBuffer key;
-    if (!read_key(data_rec->metadata_key_dir, gen, &key)) return false;
+    if (!read_key(data_rec->metadata_key_dir, gen, &key)) {
+        LOG(ERROR) << "read_key failed in mountFstab";
+        return false;
+    }

    std::string crypto_blkdev;
    uint64_t nr_sec;
-    if (!create_crypto_blk_dev(kDmNameUserdata, blk_device, key, options, &crypto_blkdev, &nr_sec))
+    if (!create_crypto_blk_dev(kDmNameUserdata, blk_device, key, options, &crypto_blkdev,
+                               &nr_sec)) {
+        LOG(ERROR) << "create_crypto_blk_dev failed in mountFstab";
        return false;
+    }

    if (needs_encrypt) {
        if (should_format) {
@ -301,10 +308,17 @@ bool fscrypt_mount_metadata_encrypted(const std::string& blk_device, const std::
                LOG(ERROR) << "Unknown filesystem type: " << fs_type;
                return false;
            }
-            LOG(DEBUG) << "Format (err=" << error << ") " << crypto_blkdev << " on " << mount_point;
-            if (error != 0) return false;
+            if (error != 0) {
+                LOG(ERROR) << "Format of " << crypto_blkdev << " for " << mount_point
+                           << " failed (err=" << error << ").";
+                return false;
+            }
+            LOG(DEBUG) << "Format of " << crypto_blkdev << " for " << mount_point << " succeeded.";
        } else {
-            if (!encrypt_inplace(crypto_blkdev, blk_device, nr_sec, false)) return false;
+            if (!encrypt_inplace(crypto_blkdev, blk_device, nr_sec, false)) {
+                LOG(ERROR) << "encrypt_inplace failed in mountFstab";
+                return false;
+            }
        }
    }

--- a/main.cpp
+++ b/main.cpp
@ -52,8 +52,11 @@ typedef struct vold_configs {
 static int process_config(VolumeManager* vm, VoldConfigs* configs);
 static void coldboot(const char* path);
 static void parse_args(int argc, char** argv);
+static void VoldLogger(android::base::LogId log_buffer_id, android::base::LogSeverity severity,
+                       const char* tag, const char* file, unsigned int line, const char* message);

 struct selabel_handle* sehandle;
+android::base::LogdLogger logd_logger(android::base::SYSTEM);

 using android::base::StringPrintf;
 using android::fs_mgr::ReadDefaultFstab;
@ -61,7 +64,7 @@ using android::fs_mgr::ReadDefaultFstab;
 int main(int argc, char** argv) {
    atrace_set_tracing_enabled(false);
    setenv("ANDROID_LOG_TAGS", "*:d", 1);  // Do not submit with verbose logs enabled
-    android::base::InitLogging(argv, android::base::LogdLogger(android::base::SYSTEM));
+    android::base::InitLogging(argv, &VoldLogger);

    LOG(INFO) << "Vold 3.0 (the awakening) firing up";

@ -278,3 +281,23 @@ static int process_config(VolumeManager* vm, VoldConfigs* configs) {
    }
    return 0;
 }
+
+static void VoldLogger(android::base::LogId log_buffer_id, android::base::LogSeverity severity,
+                       const char* tag, const char* file, unsigned int line, const char* message) {
+    logd_logger(log_buffer_id, severity, tag, file, line, message);
+
+    if (severity >= android::base::ERROR) {
+        static bool is_data_mounted = false;
+
+        // When /data fails to mount, we don't have adb to get logcat. So until /data is
+        // mounted we log errors to the kernel. This allows us to get failures via serial logs
+        // and via last dmesg/"fastboot oem dmesg" on devices that support it.
+        //
+        // As a very quick-and-dirty test for /data, we check whether /data/misc/vold exists.
+        if (is_data_mounted || access("/data/misc/vold", F_OK) == 0) {
+            is_data_mounted = true;
+            return;
+        }
+        android::base::KernelLogger(log_buffer_id, severity, tag, file, line, message);
+    }
+}