tequilaOS/platform_system_vold
2
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity

Support zoned device with dm-default-key

Browse source 
Note that, encrypt_inplace cannot support zoned device, since it
doesn't support in-place updates. And, dm-default-key will have
a different key.

Bug: 172378121
Signed-off-by: Jaegeuk Kim <jaegeuk@google.com>
Change-Id: I34cb1e747e0f3faa07c5a4bfeded11fb789a033c
This commit is contained in:
Jaegeuk Kim 2020-12-15 09:02:29 -08:00
parent 3712b8de01
commit f6151b434c
8 changed files with 58 additions and 21 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

35
MetadataCrypt.cpp
View file

@ -63,6 +63,7 @@ struct CryptoOptions {
}; };
static const std::string kDmNameUserdata = "userdata"; static const std::string kDmNameUserdata = "userdata";
static const std::string kDmNameUserdataZoned = "userdata_zoned";
// The first entry in this table is the default crypto type. // The first entry in this table is the default crypto type.
constexpr CryptoType supported_crypto_types[] = {aes_256_xts, adiantum}; constexpr CryptoType supported_crypto_types[] = {aes_256_xts, adiantum};
@ -238,10 +239,11 @@ static bool parse_options(const std::string& options_string, CryptoOptions* opti
bool fscrypt_mount_metadata_encrypted(const std::string& blk_device, const std::string& mount_point, bool fscrypt_mount_metadata_encrypted(const std::string& blk_device, const std::string& mount_point,
bool needs_encrypt, bool should_format, bool needs_encrypt, bool should_format,
const std::string& fs_type) { const std::string& fs_type, const std::string& zoned_device) {
LOG(DEBUG) << "fscrypt_mount_metadata_encrypted: " << mount_point LOG(DEBUG) << "fscrypt_mount_metadata_encrypted: " << mount_point
<< " encrypt: " << needs_encrypt << " format: " << should_format << " with " << " encrypt: " << needs_encrypt << " format: " << should_format << " with "
<< fs_type; << fs_type << " block device: " << blk_device
<< " and zoned device: " << zoned_device;
auto encrypted_state = android::base::GetProperty("ro.crypto.state", ""); auto encrypted_state = android::base::GetProperty("ro.crypto.state", "");
if (encrypted_state != "" && encrypted_state != "encrypted") { if (encrypted_state != "" && encrypted_state != "encrypted") {
LOG(ERROR) << "fscrypt_mount_metadata_encrypted got unexpected starting state: " LOG(ERROR) << "fscrypt_mount_metadata_encrypted got unexpected starting state: "
@ -280,9 +282,13 @@ bool fscrypt_mount_metadata_encrypted(const std::string& blk_device, const std::
return false; return false;
} }
auto default_metadata_key_dir = data_rec->metadata_key_dir;
if (!zoned_device.empty()) {
default_metadata_key_dir = default_metadata_key_dir + "/default";
}
auto gen = needs_encrypt ? makeGen(options) : neverGen(); auto gen = needs_encrypt ? makeGen(options) : neverGen();
KeyBuffer key; KeyBuffer key;
if (!read_key(data_rec->metadata_key_dir, gen, &key)) { if (!read_key(default_metadata_key_dir, gen, &key)) {
LOG(ERROR) << "read_key failed in mountFstab"; LOG(ERROR) << "read_key failed in mountFstab";
return false; return false;
} }
@ -295,6 +301,23 @@ bool fscrypt_mount_metadata_encrypted(const std::string& blk_device, const std::
return false; return false;
} }
// create dm-default-key for zoned device
std::string crypto_zoned_blkdev;
if (!zoned_device.empty()) {
auto zoned_metadata_key_dir = data_rec->metadata_key_dir + "/zoned";
if (!read_key(zoned_metadata_key_dir, gen, &key)) {
LOG(ERROR) << "read_key failed with zoned device: " << zoned_device;
return false;
}
if (!create_crypto_blk_dev(kDmNameUserdataZoned, zoned_device, key, options,
&crypto_zoned_blkdev, &nr_sec)) {
LOG(ERROR) << "fscrypt_mount_metadata_encrypted: failed with zoned device: "
<< zoned_device;
return false;
}
}
if (needs_encrypt) { if (needs_encrypt) {
if (should_format) { if (should_format) {
status_t error; status_t error;
@ -302,7 +325,7 @@ bool fscrypt_mount_metadata_encrypted(const std::string& blk_device, const std::
if (fs_type == "ext4") { if (fs_type == "ext4") {
error = ext4::Format(crypto_blkdev, 0, mount_point); error = ext4::Format(crypto_blkdev, 0, mount_point);
} else if (fs_type == "f2fs") { } else if (fs_type == "f2fs") {
error = f2fs::Format(crypto_blkdev); error = f2fs::Format(crypto_blkdev, crypto_zoned_blkdev);
} else { } else {
LOG(ERROR) << "Unknown filesystem type: " << fs_type; LOG(ERROR) << "Unknown filesystem type: " << fs_type;
return false; return false;
@ -314,6 +337,10 @@ bool fscrypt_mount_metadata_encrypted(const std::string& blk_device, const std::
} }
LOG(DEBUG) << "Format of " << crypto_blkdev << " for " << mount_point << " succeeded."; LOG(DEBUG) << "Format of " << crypto_blkdev << " for " << mount_point << " succeeded.";
} else { } else {
if (!zoned_device.empty()) {
LOG(ERROR) << "encrypt_inplace cannot support zoned device; should format it.";
return false;
}
if (!encrypt_inplace(crypto_blkdev, blk_device, nr_sec)) { if (!encrypt_inplace(crypto_blkdev, blk_device, nr_sec)) {
LOG(ERROR) << "encrypt_inplace failed in mountFstab"; LOG(ERROR) << "encrypt_inplace failed in mountFstab";
return false; return false;

3
MetadataCrypt.h
View file

@ -28,7 +28,8 @@ namespace vold {
void defaultkey_precreate_dm_device(); void defaultkey_precreate_dm_device();
bool fscrypt_mount_metadata_encrypted(const std::string& block_device, bool fscrypt_mount_metadata_encrypted(const std::string& block_device,
const std::string& mount_point, bool needs_encrypt, const std::string& mount_point, bool needs_encrypt,
bool should_format, const std::string& fs_type); bool should_format, const std::string& fs_type,
const std::string& zoned_device);
bool defaultkey_volume_keygen(KeyGeneration* gen); bool defaultkey_volume_keygen(KeyGeneration* gen);

14
VoldNativeService.cpp
View file

@ -566,22 +566,24 @@ binder::Status VoldNativeService::initUser0() {
} }
binder::Status VoldNativeService::mountFstab(const std::string& blkDevice, binder::Status VoldNativeService::mountFstab(const std::string& blkDevice,
const std::string& mountPoint) { const std::string& mountPoint,
const std::string& zonedDevice) {
ENFORCE_SYSTEM_OR_ROOT; ENFORCE_SYSTEM_OR_ROOT;
ACQUIRE_LOCK; ACQUIRE_LOCK;
return translateBool( return translateBool(fscrypt_mount_metadata_encrypted(blkDevice, mountPoint, false, false,
fscrypt_mount_metadata_encrypted(blkDevice, mountPoint, false, false, "null")); "null", zonedDevice));
} }
binder::Status VoldNativeService::encryptFstab(const std::string& blkDevice, binder::Status VoldNativeService::encryptFstab(const std::string& blkDevice,
const std::string& mountPoint, bool shouldFormat, const std::string& mountPoint, bool shouldFormat,
const std::string& fsType) { const std::string& fsType,
const std::string& zonedDevice) {
ENFORCE_SYSTEM_OR_ROOT; ENFORCE_SYSTEM_OR_ROOT;
ACQUIRE_LOCK; ACQUIRE_LOCK;
return translateBool( return translateBool(fscrypt_mount_metadata_encrypted(blkDevice, mountPoint, true, shouldFormat,
fscrypt_mount_metadata_encrypted(blkDevice, mountPoint, true, shouldFormat, fsType)); fsType, zonedDevice));
} }
binder::Status VoldNativeService::setStorageBindingSeed(const std::vector<uint8_t>& seed) { binder::Status VoldNativeService::setStorageBindingSeed(const std::vector<uint8_t>& seed) {

6
VoldNativeService.h
View file

@ -103,9 +103,11 @@ class VoldNativeService : public BinderService<VoldNativeService>, public os::Bn
binder::Status fbeEnable(); binder::Status fbeEnable();
binder::Status initUser0(); binder::Status initUser0();
binder::Status mountFstab(const std::string& blkDevice, const std::string& mountPoint); binder::Status mountFstab(const std::string& blkDevice, const std::string& mountPoint,
const std::string& zonedDevice);
binder::Status encryptFstab(const std::string& blkDevice, const std::string& mountPoint, binder::Status encryptFstab(const std::string& blkDevice, const std::string& mountPoint,
bool shouldFormat, const std::string& fsType); bool shouldFormat, const std::string& fsType,
const std::string& zonedDevice);
binder::Status setStorageBindingSeed(const std::vector<uint8_t>& seed); binder::Status setStorageBindingSeed(const std::vector<uint8_t>& seed);

4
binder/android/os/IVold.aidl
View file

@ -79,8 +79,8 @@ interface IVold {
void fbeEnable(); void fbeEnable();
void initUser0(); void initUser0();
void mountFstab(@utf8InCpp String blkDevice, @utf8InCpp String mountPoint); void mountFstab(@utf8InCpp String blkDevice, @utf8InCpp String mountPoint, @utf8InCpp String zonedDevice);
void encryptFstab(@utf8InCpp String blkDevice, @utf8InCpp String mountPoint, boolean shouldFormat, @utf8InCpp String fsType); void encryptFstab(@utf8InCpp String blkDevice, @utf8InCpp String mountPoint, boolean shouldFormat, @utf8InCpp String fsType, @utf8InCpp String zonedDevice);
void setStorageBindingSeed(in byte[] seed); void setStorageBindingSeed(in byte[] seed);

7
fs/F2fs.cpp
View file

@ -71,7 +71,7 @@ status_t Mount(const std::string& source, const std::string& target) {
return res; return res;
} }
status_t Format(const std::string& source) { status_t Format(const std::string& source, const std::string& zoned_device) {
std::vector<char const*> cmd; std::vector<char const*> cmd;
cmd.emplace_back(kMkfsPath); cmd.emplace_back(kMkfsPath);
@ -96,6 +96,11 @@ status_t Format(const std::string& source) {
cmd.emplace_back("-C"); cmd.emplace_back("-C");
cmd.emplace_back("utf8"); cmd.emplace_back("utf8");
} }
if (!zoned_device.empty()) {
cmd.emplace_back("-c");
cmd.emplace_back(zoned_device.c_str());
cmd.emplace_back("-m");
}
cmd.emplace_back(source.c_str()); cmd.emplace_back(source.c_str());
return logwrap_fork_execvp(cmd.size(), cmd.data(), nullptr, false, LOG_KLOG, return logwrap_fork_execvp(cmd.size(), cmd.data(), nullptr, false, LOG_KLOG,
false, nullptr); false, nullptr);

2
fs/F2fs.h
View file

@ -29,7 +29,7 @@ bool IsSupported();
status_t Check(const std::string& source); status_t Check(const std::string& source);
status_t Mount(const std::string& source, const std::string& target); status_t Mount(const std::string& source, const std::string& target);
status_t Format(const std::string& source); status_t Format(const std::string& source, const std::string& zoned_device = "");
} // namespace f2fs } // namespace f2fs
} // namespace vold } // namespace vold

8
vdc.cpp
View file

@ -124,14 +124,14 @@ int main(int argc, char** argv) {
checkStatus(args, vold->reset()); checkStatus(args, vold->reset());
} else if (args[0] == "cryptfs" && args[1] == "bindkeys") { } else if (args[0] == "cryptfs" && args[1] == "bindkeys") {
bindkeys(args, vold); bindkeys(args, vold);
} else if (args[0] == "cryptfs" && args[1] == "mountFstab" && args.size() == 4) { } else if (args[0] == "cryptfs" && args[1] == "mountFstab" && args.size() == 5) {
checkStatus(args, vold->mountFstab(args[2], args[3])); checkStatus(args, vold->mountFstab(args[2], args[3], args[4]));
} else if (args[0] == "cryptfs" && args[1] == "encryptFstab" && args.size() == 6) { } else if (args[0] == "cryptfs" && args[1] == "encryptFstab" && args.size() == 7) {
auto shouldFormat = android::base::ParseBool(args[4]); auto shouldFormat = android::base::ParseBool(args[4]);
if (shouldFormat == android::base::ParseBoolResult::kError) exit(EINVAL); if (shouldFormat == android::base::ParseBoolResult::kError) exit(EINVAL);
checkStatus(args, vold->encryptFstab(args[2], args[3], checkStatus(args, vold->encryptFstab(args[2], args[3],
shouldFormat == android::base::ParseBoolResult::kTrue, shouldFormat == android::base::ParseBoolResult::kTrue,
args[5])); args[5], args[6]));
} else if (args[0] == "checkpoint" && args[1] == "supportsCheckpoint" && args.size() == 2) { } else if (args[0] == "checkpoint" && args[1] == "supportsCheckpoint" && args.size() == 2) {
bool supported = false; bool supported = false;
checkStatus(args, vold->supportsCheckpoint(&supported)); checkStatus(args, vold->supportsCheckpoint(&supported));