9c48498f45
This adds support for private volumes which is just a filesystem wrapped in a dm-crypt layer. For now we're using the exact same configuration as internal encryption (aes-cbc-essiv:sha256), but we don't store any key material on the removable media. Instead, we store the key on internal storage, and use the GPT partition GUID to identify which key should be used. This means that private external storage is effectively as secure as the internal storage of the device. That is, if the internal storage is encrypted, then our external storage key is also encrypted. When partitioning disks, we now support a "private" mode which has a PrivateVolume partition, and a currently unused 16MB metadata partition reserved for future use. It also supports a "mixed" mode which creates both a PublicVolume and PrivateVolume on the same disk. Mixed mode is currently experimental. For now, just add ext4 support to PrivateVolume; we'll look at f2fs in a future change. Add VolumeBase lifecycle for setting up crypto mappings, and extract blkid logic into shared method. Sprinkle some more "static" around the cryptfs code to improve invariants. Bug: 19993667 Change-Id: Ibd1df6250735b706959a1eb9d9f7219ea85912a0
80 lines
2.2 KiB
C++
80 lines
2.2 KiB
C++
/*
|
|
* Copyright (C) 2015 The Android Open Source Project
|
|
*
|
|
* Licensed under the Apache License, Version 2.0 (the "License");
|
|
* you may not use this file except in compliance with the License.
|
|
* You may obtain a copy of the License at
|
|
*
|
|
* http://www.apache.org/licenses/LICENSE-2.0
|
|
*
|
|
* Unless required by applicable law or agreed to in writing, software
|
|
* distributed under the License is distributed on an "AS IS" BASIS,
|
|
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
|
* See the License for the specific language governing permissions and
|
|
* limitations under the License.
|
|
*/
|
|
|
|
#ifndef ANDROID_VOLD_PUBLIC_VOLUME_H
|
|
#define ANDROID_VOLD_PUBLIC_VOLUME_H
|
|
|
|
#include "VolumeBase.h"
|
|
|
|
#include <cutils/multiuser.h>
|
|
|
|
namespace android {
|
|
namespace vold {
|
|
|
|
/*
|
|
* Shared storage provided by public (vfat) partition.
|
|
*
|
|
* Knows how to mount itself and then spawn a FUSE daemon to synthesize
|
|
* permissions. AsecVolume and ObbVolume can be stacked above it.
|
|
*
|
|
* This volume is not inherently multi-user aware, so it has two possible
|
|
* modes of operation:
|
|
* 1. If primary storage for the device, it only binds itself to the
|
|
* owner user.
|
|
* 2. If secondary storage, it binds itself for all users, but masks
|
|
* away the Android directory for secondary users.
|
|
*/
|
|
class PublicVolume : public VolumeBase {
|
|
public:
|
|
explicit PublicVolume(dev_t device);
|
|
virtual ~PublicVolume();
|
|
|
|
protected:
|
|
status_t doCreate() override;
|
|
status_t doDestroy() override;
|
|
status_t doMount() override;
|
|
status_t doUnmount() override;
|
|
status_t doFormat() override;
|
|
|
|
status_t readMetadata();
|
|
status_t initAsecStage();
|
|
|
|
private:
|
|
/* Kernel device representing partition */
|
|
dev_t mDevice;
|
|
/* Block device path */
|
|
std::string mDevPath;
|
|
/* Mount point of raw partition */
|
|
std::string mRawPath;
|
|
/* Mount point of FUSE wrapper */
|
|
std::string mFusePath;
|
|
/* PID of FUSE wrapper */
|
|
pid_t mFusePid;
|
|
|
|
/* Filesystem type */
|
|
std::string mFsType;
|
|
/* Filesystem UUID */
|
|
std::string mFsUuid;
|
|
/* User-visible filesystem label */
|
|
std::string mFsLabel;
|
|
|
|
DISALLOW_COPY_AND_ASSIGN(PublicVolume);
|
|
};
|
|
|
|
} // namespace vold
|
|
} // namespace android
|
|
|
|
#endif
|