+++ /dev/null
-# Copyright 2010 The Android Open Source Project
-
-LOCAL_PATH:= $(call my-dir)
-
-libext4_utils_src_files := \
- make_ext4fs.c \
- ext4fixup.c \
- ext4_utils.c \
- allocate.c \
- contents.c \
- extent.c \
- indirect.c \
- uuid.c \
- sha1.c \
- wipe.c \
- crc16.c \
- ext4_sb.c
-
-#
-# -- All host/targets including windows
-#
-
-include $(CLEAR_VARS)
-LOCAL_SRC_FILES := $(libext4_utils_src_files)
-LOCAL_MODULE := libext4_utils_host
-LOCAL_STATIC_LIBRARIES := \
- libsparse_host \
- libz
-ifneq ($(HOST_OS),windows)
- LOCAL_STATIC_LIBRARIES += libselinux
-endif
-include $(BUILD_HOST_STATIC_LIBRARY)
-
-
-include $(CLEAR_VARS)
-LOCAL_SRC_FILES := make_ext4fs_main.c canned_fs_config.c
-LOCAL_MODULE := make_ext4fs
-LOCAL_STATIC_LIBRARIES += \
- libcutils \
- libext4_utils_host \
- libsparse_host \
- libz
-ifeq ($(HOST_OS),windows)
- LOCAL_LDLIBS += -lws2_32
-else
- LOCAL_STATIC_LIBRARIES += libselinux
- LOCAL_CFLAGS := -DHOST
-endif
-include $(BUILD_HOST_EXECUTABLE)
-
-
-#
-# -- All host/targets excluding windows
-#
-
-libext4_utils_src_files += \
- ext4_crypt.cpp \
- e4crypt_static.c \
- unencrypted_properties.cpp
-
-ifneq ($(HOST_OS),windows)
-
-include $(CLEAR_VARS)
-LOCAL_SRC_FILES := $(libext4_utils_src_files)
-LOCAL_MODULE := libext4_utils
-LOCAL_C_INCLUDES += system/core/logwrapper/include
-LOCAL_SHARED_LIBRARIES := \
- libcutils \
- libselinux \
- libsparse \
- libz
-include $(BUILD_SHARED_LIBRARY)
-
-
-include $(CLEAR_VARS)
-LOCAL_SRC_FILES := $(libext4_utils_src_files) \
- ext4_crypt_init_extensions.cpp
-LOCAL_MODULE := libext4_utils_static
-LOCAL_STATIC_LIBRARIES := \
- libsparse_static
-include $(BUILD_STATIC_LIBRARY)
-
-
-include $(CLEAR_VARS)
-LOCAL_SRC_FILES := make_ext4fs_main.c canned_fs_config.c
-LOCAL_MODULE := make_ext4fs
-LOCAL_SHARED_LIBRARIES := \
- libcutils \
- libext4_utils \
- libselinux \
- libz
-include $(BUILD_EXECUTABLE)
-
-
-include $(CLEAR_VARS)
-LOCAL_SRC_FILES := ext2simg.c
-LOCAL_MODULE := ext2simg
-LOCAL_SHARED_LIBRARIES += \
- libext4_utils \
- libselinux \
- libsparse \
- libz
-include $(BUILD_EXECUTABLE)
-
-
-include $(CLEAR_VARS)
-LOCAL_SRC_FILES := ext2simg.c
-LOCAL_MODULE := ext2simg
-LOCAL_STATIC_LIBRARIES += \
- libext4_utils_host \
- libselinux \
- libsparse_host \
- libz
-include $(BUILD_HOST_EXECUTABLE)
-
-
-include $(CLEAR_VARS)
-LOCAL_SRC_FILES := setup_fs.c
-LOCAL_MODULE := setup_fs
-LOCAL_SHARED_LIBRARIES += libcutils
-include $(BUILD_EXECUTABLE)
-
-
-include $(CLEAR_VARS)
-LOCAL_SRC_FILES := ext4fixup_main.c
-LOCAL_MODULE := ext4fixup
-LOCAL_SHARED_LIBRARIES += \
- libext4_utils \
- libsparse \
- libz
-include $(BUILD_EXECUTABLE)
-
-
-include $(CLEAR_VARS)
-LOCAL_SRC_FILES := ext4fixup_main.c
-LOCAL_MODULE := ext4fixup
-LOCAL_STATIC_LIBRARIES += \
- libext4_utils_host \
- libsparse_host \
- libz
-include $(BUILD_HOST_EXECUTABLE)
-
-
-include $(CLEAR_VARS)
-LOCAL_MODULE := mkuserimg.sh
-LOCAL_SRC_FILES := mkuserimg.sh
-LOCAL_MODULE_CLASS := EXECUTABLES
-# We don't need any additional suffix.
-LOCAL_MODULE_SUFFIX :=
-LOCAL_BUILT_MODULE_STEM := $(notdir $(LOCAL_SRC_FILES))
-LOCAL_IS_HOST_MODULE := true
-include $(BUILD_PREBUILT)
-
-endif
+++ /dev/null
-/*
- * Copyright (c) 2015 Google, Inc.
- */
-
-#define TAG "ext4_utils"
-
-#include <dirent.h>
-#include <errno.h>
-#include <string.h>
-#include <unistd.h>
-
-#include <sys/xattr.h>
-#include <sys/syscall.h>
-#include <sys/stat.h>
-
-#include <cutils/klog.h>
-
-#include "ext4_crypt.h"
-
-/* keyring keyctl commands */
-#define KEYCTL_SETPERM 5 /* set permissions for a key in a keyring */
-#define KEYCTL_UNLINK 9 /* unlink a key from a keyring */
-#define KEYCTL_SEARCH 10 /* search for a key in a keyring */
-
-#define XATTR_NAME_ENCRYPTION_POLICY "encryption.policy"
-#define EXT4_KEYREF_DELIMITER ((char)'.')
-
-/* Validate that all path items are available and accessible. */
-static int is_path_valid(const char *path)
-{
- if (access(path, W_OK)) {
- KLOG_ERROR(TAG, "Can't access %s: %s\n",strerror(errno), path);
- return 0;
- }
-
- return 1;
-}
-
-/* Checks whether the policy provided is valid */
-static int is_keyref_valid(const char *keyref)
-{
- char *period = 0;
- size_t key_location_len = 0;
-
- /* Key ref must have a key and location delimiter character. */
- period = strchr(keyref, EXT4_KEYREF_DELIMITER);
- if (!period) {
- return 0;
- }
-
- /* period must be >= keyref. */
- key_location_len = period - keyref;
-
- if (strncmp(keyref, "@t", key_location_len) == 0 ||
- strncmp(keyref, "@p", key_location_len) == 0 ||
- strncmp(keyref, "@s", key_location_len) == 0 ||
- strncmp(keyref, "@u", key_location_len) == 0 ||
- strncmp(keyref, "@g", key_location_len) == 0 ||
- strncmp(keyref, "@us", key_location_len) == 0)
- return 1;
-
- return 0;
-}
-
-static int is_dir_empty(const char *dirname)
-{
- int n = 0;
- struct dirent *d;
- DIR *dir;
-
- dir = opendir(dirname);
- while ((d = readdir(dir)) != NULL) {
- if (strcmp(d->d_name, "lost+found") == 0) {
- // Skip lost+found directory
- } else if (++n > 2) {
- break;
- }
- }
- closedir(dir);
- return n <= 2;
-}
-
-int do_policy_set(const char *directory, const char *policy)
-{
- struct stat st;
- ssize_t ret;
-
- if (!is_keyref_valid(policy)) {
- KLOG_ERROR(TAG, "Policy has invalid format.\n");
- return -EINVAL;
- }
-
- if (!is_path_valid(directory)) {
- return -EINVAL;
- }
-
- stat(directory, &st);
- if (!S_ISDIR(st.st_mode)) {
- KLOG_ERROR(TAG, "Can only set policy on a directory (%s)\n", directory);
- return -EINVAL;
- }
-
- if (!is_dir_empty(directory)) {
- KLOG_ERROR(TAG, "Can only set policy on an empty directory (%s)\n", directory);
- return -EINVAL;
- }
-
- ret = lsetxattr(directory, XATTR_NAME_ENCRYPTION_POLICY, policy,
- strlen(policy), 0);
-
- if (ret) {
- KLOG_ERROR(TAG, "Failed to set encryption policy for %s: %s\n",
- directory, strerror(errno));
- return -EINVAL;
- }
-
- KLOG_INFO(TAG, "Encryption policy for %s is set to %s\n", directory, policy);
- return 0;
-}
-
-static long keyctl(int cmd, ...)
-{
- va_list va;
- unsigned long arg2, arg3, arg4, arg5;
-
- va_start(va, cmd);
- arg2 = va_arg(va, unsigned long);
- arg3 = va_arg(va, unsigned long);
- arg4 = va_arg(va, unsigned long);
- arg5 = va_arg(va, unsigned long);
- va_end(va);
- return syscall(__NR_keyctl, cmd, arg2, arg3, arg4, arg5);
-}
-
-key_serial_t add_key(const char *type,
- const char *description,
- const void *payload,
- size_t plen,
- key_serial_t ringid)
-{
- return syscall(__NR_add_key, type, description, payload, plen, ringid);
-}
-
-long keyctl_setperm(key_serial_t id, int permissions)
-{
- return keyctl(KEYCTL_SETPERM, id, permissions);
-}
+++ /dev/null
-/*
- * Copyright (C) 2010 The Android Open Source Project
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-
-#define _FILE_OFFSET_BITS 64
-#define _LARGEFILE64_SOURCE 1
-
-#include <sys/types.h>
-#include <sys/stat.h>
-#include <sys/types.h>
-#include <sys/mman.h>
-#include <fcntl.h>
-#include <libgen.h>
-#include <unistd.h>
-
-#include <sparse/sparse.h>
-
-#include "ext4_utils.h"
-#include "make_ext4fs.h"
-#include "allocate.h"
-
-#if defined(__APPLE__) && defined(__MACH__)
-#define off64_t off_t
-#endif
-
-#ifndef USE_MINGW /* O_BINARY is windows-specific flag */
-#define O_BINARY 0
-#endif
-
-extern struct fs_info info;
-
-static int verbose = 0;
-
-static void usage(char *path)
-{
- fprintf(stderr, "%s [ options ] <image or block device> <output image>\n", path);
- fprintf(stderr, "\n");
- fprintf(stderr, " -c include CRC block\n");
- fprintf(stderr, " -v verbose output\n");
- fprintf(stderr, " -z gzip output\n");
- fprintf(stderr, " -S don't use sparse output format\n");
-}
-
-static int build_sparse_ext(int fd, const char *filename)
-{
- unsigned int i;
- unsigned int block;
- int start_contiguous_block;
- u8 *block_bitmap;
- off64_t ret;
-
- block_bitmap = malloc(info.block_size);
- if (!block_bitmap)
- critical_error("failed to allocate block bitmap");
-
- if (aux_info.first_data_block > 0)
- sparse_file_add_file(ext4_sparse_file, filename, 0,
- info.block_size * aux_info.first_data_block, 0);
-
- for (i = 0; i < aux_info.groups; i++) {
- u32 first_block = aux_info.first_data_block + i * info.blocks_per_group;
- u32 last_block = min(info.blocks_per_group, aux_info.len_blocks - first_block);
-
- ret = lseek64(fd, (u64)info.block_size * aux_info.bg_desc[i].bg_block_bitmap,
- SEEK_SET);
- if (ret < 0)
- critical_error_errno("failed to seek to block group bitmap %d", i);
-
- ret = read(fd, block_bitmap, info.block_size);
- if (ret < 0)
- critical_error_errno("failed to read block group bitmap %d", i);
- if (ret != (int)info.block_size)
- critical_error("failed to read all of block group bitmap %d", i);
-
- start_contiguous_block = -1;
- for (block = 0; block < last_block; block++) {
- if (start_contiguous_block >= 0) {
- if (!bitmap_get_bit(block_bitmap, block)) {
- u32 start_block = first_block + start_contiguous_block;
- u32 len_blocks = block - start_contiguous_block;
-
- sparse_file_add_file(ext4_sparse_file, filename,
- (u64)info.block_size * start_block,
- info.block_size * len_blocks, start_block);
- start_contiguous_block = -1;
- }
- } else {
- if (bitmap_get_bit(block_bitmap, block))
- start_contiguous_block = block;
- }
- }
-
- if (start_contiguous_block >= 0) {
- u32 start_block = first_block + start_contiguous_block;
- u32 len_blocks = last_block - start_contiguous_block;
- sparse_file_add_file(ext4_sparse_file, filename,
- (u64)info.block_size * start_block,
- info.block_size * len_blocks, start_block);
- }
- }
-
- return 0;
-}
-
-int main(int argc, char **argv)
-{
- int opt;
- const char *in = NULL;
- const char *out = NULL;
- int gzip = 0;
- int sparse = 1;
- int infd, outfd;
- int crc = 0;
-
- while ((opt = getopt(argc, argv, "cvzS")) != -1) {
- switch (opt) {
- case 'c':
- crc = 1;
- break;
- case 'v':
- verbose = 1;
- break;
- case 'z':
- gzip = 1;
- break;
- case 'S':
- sparse = 0;
- break;
- }
- }
-
- if (optind >= argc) {
- fprintf(stderr, "Expected image or block device after options\n");
- usage(argv[0]);
- exit(EXIT_FAILURE);
- }
-
- in = argv[optind++];
-
- if (optind >= argc) {
- fprintf(stderr, "Expected output image after input image\n");
- usage(argv[0]);
- exit(EXIT_FAILURE);
- }
-
- out = argv[optind++];
-
- if (optind < argc) {
- fprintf(stderr, "Unexpected argument: %s\n", argv[optind]);
- usage(argv[0]);
- exit(EXIT_FAILURE);
- }
-
- infd = open(in, O_RDONLY);
-
- if (infd < 0)
- critical_error_errno("failed to open input image");
-
- read_ext(infd, verbose);
-
- ext4_sparse_file = sparse_file_new(info.block_size, info.len);
-
- build_sparse_ext(infd, in);
-
- close(infd);
-
- if (strcmp(out, "-")) {
- outfd = open(out, O_WRONLY | O_CREAT | O_TRUNC | O_BINARY, 0644);
- if (outfd < 0) {
- error_errno("open");
- return EXIT_FAILURE;
- }
- } else {
- outfd = STDOUT_FILENO;
- }
-
- write_ext4_image(outfd, gzip, sparse, crc);
- close(outfd);
-
- sparse_file_destroy(ext4_sparse_file);
-
- return 0;
-}
+++ /dev/null
-#define TAG "ext4_utils"
-
-#include "ext4_crypt.h"
-
-#include <string>
-#include <fstream>
-#include <map>
-
-#include <errno.h>
-#include <sys/mount.h>
-
-#include <cutils/klog.h>
-#include <cutils/properties.h>
-
-#include "unencrypted_properties.h"
-
-namespace {
- std::map<std::string, std::string> s_password_store;
-}
-
-bool e4crypt_non_default_key(const char* dir)
-{
- int type = e4crypt_get_password_type(dir);
-
- // ext4enc:TODO Use consts, not 1 here
- return type != -1 && type != 1;
-}
-
-int e4crypt_get_password_type(const char* path)
-{
- UnencryptedProperties props(path);
- if (props.Get<std::string>(properties::key).empty()) {
- KLOG_INFO(TAG, "No master key, so not ext4enc\n");
- return -1;
- }
-
- return props.Get<int>(properties::type, 1);
-}
-
-int e4crypt_change_password(const char* path, int crypt_type,
- const char* password)
-{
- // ext4enc:TODO Encrypt master key with password securely. Store hash of
- // master key for validation
- UnencryptedProperties props(path);
- if ( props.Set(properties::password, password)
- && props.Set(properties::type, crypt_type))
- return 0;
- return -1;
-}
-
-int e4crypt_crypto_complete(const char* path)
-{
- KLOG_INFO(TAG, "ext4 crypto complete called on %s\n", path);
- if (UnencryptedProperties(path).Get<std::string>(properties::key).empty()) {
- KLOG_INFO(TAG, "No master key, so not ext4enc\n");
- return -1;
- }
-
- return 0;
-}
-
-int e4crypt_check_passwd(const char* path, const char* password)
-{
- UnencryptedProperties props(path);
- if (props.Get<std::string>(properties::key).empty()) {
- KLOG_INFO(TAG, "No master key, so not ext4enc\n");
- return -1;
- }
-
- auto actual_password = props.Get<std::string>(properties::password);
-
- if (actual_password == password) {
- s_password_store[path] = password;
- return 0;
- } else {
- return -1;
- }
-}
-
-int e4crypt_restart(const char* path)
-{
- int rc = 0;
-
- KLOG_INFO(TAG, "ext4 restart called on %s\n", path);
- property_set("vold.decrypt", "trigger_reset_main");
- KLOG_INFO(TAG, "Just asked init to shut down class main\n");
- sleep(2);
-
- std::string tmp_path = std::string() + path + "/tmp_mnt";
-
- // ext4enc:TODO add retry logic
- rc = umount(tmp_path.c_str());
- if (rc) {
- KLOG_ERROR(TAG, "umount %s failed with rc %d, msg %s\n",
- tmp_path.c_str(), rc, strerror(errno));
- return rc;
- }
-
- // ext4enc:TODO add retry logic
- rc = umount(path);
- if (rc) {
- KLOG_ERROR(TAG, "umount %s failed with rc %d, msg %s\n",
- path, rc, strerror(errno));
- return rc;
- }
-
- return 0;
-}
-
-const char* e4crypt_get_password(const char* path)
-{
- // ext4enc:TODO scrub password after timeout
- auto i = s_password_store.find(path);
- if (i == s_password_store.end()) {
- return 0;
- } else {
- return i->second.c_str();
- }
-}
+++ /dev/null
-#include <stdbool.h>
-#include <sys/cdefs.h>
-#include <sys/types.h>
-
-__BEGIN_DECLS
-// These functions assume they are being called from init
-// They will not operate properly outside of init
-int e4crypt_install_keyring();
-int e4crypt_install_key(const char* dir);
-int e4crypt_create_device_key(const char* dir,
- int ensure_dir_exists(const char* dir));
-
-// General functions
-bool e4crypt_non_default_key(const char* dir);
-int e4crypt_set_directory_policy(const char* dir);
-int e4crypt_main(int argc, char* argv[]);
-int e4crypt_change_password(const char* path, int crypt_type,
- const char* password);
-int e4crypt_get_password_type(const char* path);
-int e4crypt_crypto_complete(const char* dir);
-int e4crypt_check_passwd(const char* dir, const char* password);
-const char* e4crypt_get_password(const char* dir);
-int e4crypt_restart(const char* dir);
-
-// Key functions. ext4enc:TODO Move to own file
-
-// ext4enc:TODO - get these keyring standard definitions from proper system file
-// keyring serial number type
-typedef int32_t key_serial_t;
-
-// special process keyring shortcut IDs
-#define KEY_SPEC_THREAD_KEYRING -1 // key ID for thread-specific keyring
-#define KEY_SPEC_PROCESS_KEYRING -2 // key ID for process-specific keyring
-#define KEY_SPEC_SESSION_KEYRING -3 // key ID for session-specific keyring
-#define KEY_SPEC_USER_KEYRING -4 // key ID for UID-specific keyring
-#define KEY_SPEC_USER_SESSION_KEYRING -5 // key ID for UID-session keyring
-#define KEY_SPEC_GROUP_KEYRING -6 // key ID for GID-specific keyring
-
-key_serial_t add_key(const char *type,
- const char *description,
- const void *payload,
- size_t plen,
- key_serial_t ringid);
-
-long keyctl_setperm(key_serial_t id, int permissions);
-
-// Set policy on directory
-int do_policy_set(const char *directory, const char *policy);
-
-__END_DECLS
+++ /dev/null
-#define TAG "ext4_utils"
-
-#include "ext4_crypt.h"
-
-#include <string>
-#include <fstream>
-#include <iomanip>
-#include <sstream>
-
-#include <errno.h>
-#include <sys/mount.h>
-#include <sys/stat.h>
-
-#include <cutils/klog.h>
-#include <cutils/properties.h>
-#include <cutils/sockets.h>
-
-#include "unencrypted_properties.h"
-
-// ext4enc:TODO Include structure from somewhere sensible
-// MUST be in sync with ext4_crypto.c in kernel
-#define EXT4_MAX_KEY_SIZE 76
-struct ext4_encryption_key {
- uint32_t mode;
- char raw[EXT4_MAX_KEY_SIZE];
- uint32_t size;
-};
-
-static const std::string keyring = "@s";
-static const std::string arbitrary_sequence_number = "42";
-
-static key_serial_t device_keyring = -1;
-
-static std::string vold_command(std::string const& command)
-{
- KLOG_INFO(TAG, "Running command %s\n", command.c_str());
- int sock = socket_local_client("vold",
- ANDROID_SOCKET_NAMESPACE_RESERVED,
- SOCK_STREAM);
-
- if (sock < 0) {
- KLOG_INFO(TAG, "Cannot open vold, failing command\n");
- return "";
- }
-
- class CloseSocket
- {
- int sock_;
- public:
- CloseSocket(int sock) : sock_(sock) {}
- ~CloseSocket() { close(sock_); }
- };
-
- CloseSocket cs(sock);
-
- // Use arbitrary sequence number. This should only be used when the
- // framework is down, so this is (mostly) OK.
- std::string actual_command = arbitrary_sequence_number + " " + command;
- if (write(sock, actual_command.c_str(), actual_command.size() + 1) < 0) {
- KLOG_ERROR(TAG, "Cannot write command\n");
- return "";
- }
-
- while (1) {
- struct timeval to;
- to.tv_sec = 10;
- to.tv_usec = 0;
-
- fd_set read_fds;
- FD_ZERO(&read_fds);
- FD_SET(sock, &read_fds);
-
- int rc = select(sock + 1, &read_fds, NULL, NULL, &to);
- if (rc < 0) {
- KLOG_ERROR(TAG, "Error in select %s\n", strerror(errno));
- return "";
- } else if (!rc) {
- KLOG_ERROR(TAG, "Timeout\n");
- return "";
- } else if (FD_ISSET(sock, &read_fds)) {
- char buffer[4096];
- memset(buffer, 0, sizeof(buffer));
- rc = read(sock, buffer, sizeof(buffer));
- if (rc <= 0) {
- if (rc == 0) {
- KLOG_ERROR(TAG, "Lost connection to Vold - did it crash?\n");
- } else {
- KLOG_ERROR(TAG, "Error reading data (%s)\n", strerror(errno));
- }
- return "";
- }
-
- // We don't truly know that this is the correct result. However,
- // since this will only be used when the framework is down,
- // it should be OK unless someone is running vdc at the same time.
- // Worst case we force a reboot in the very rare synchronization
- // error
- return std::string(buffer, rc);
- }
- }
-}
-
-int e4crypt_create_device_key(const char* dir,
- int ensure_dir_exists(const char*))
-{
- // Make sure folder exists. Use make_dir to set selinux permissions.
- KLOG_INFO(TAG, "Creating test device key\n");
- UnencryptedProperties props(dir);
- if (ensure_dir_exists(props.GetPath().c_str())) {
- KLOG_ERROR(TAG, "Failed to create %s with error %s\n",
- props.GetPath().c_str(), strerror(errno));
- return -1;
- }
-
- if (props.Get<std::string>(properties::key).empty()) {
- // Create new key since it doesn't already exist
- std::ifstream urandom("/dev/urandom", std::ifstream::binary);
- if (!urandom) {
- KLOG_ERROR(TAG, "Failed to open /dev/urandom\n");
- return -1;
- }
-
- // ext4enc:TODO Don't hardcode 32
- std::string key_material(32, '\0');
- urandom.read(&key_material[0], key_material.length());
- if (!urandom) {
- KLOG_ERROR(TAG, "Failed to read random bytes\n");
- return -1;
- }
-
- if (!props.Set(properties::key, key_material)) {
- KLOG_ERROR(TAG, "Failed to write key material\n");
- return -1;
- }
- }
-
- if (!props.Remove(properties::ref)) {
- KLOG_ERROR(TAG, "Failed to remove key ref\n");
- return -1;
- }
-
- return 0;
-}
-
-int e4crypt_install_keyring()
-{
- device_keyring = add_key("keyring",
- "e4crypt",
- 0,
- 0,
- KEY_SPEC_SESSION_KEYRING);
-
- if (device_keyring == -1) {
- KLOG_ERROR(TAG, "Failed to create keyring\n");
- return -1;
- }
-
- KLOG_INFO(TAG, "Keyring created wth id %d in process %d\n",
- device_keyring, getpid());
-
- // ext4enc:TODO set correct permissions
- long result = keyctl_setperm(device_keyring, 0x3f3f3f3f);
- if (result) {
- KLOG_ERROR(TAG, "KEYCTL_SETPERM failed with error %ld\n", result);
- return -1;
- }
-
- return 0;
-}
-
-int e4crypt_install_key(const char* dir)
-{
- UnencryptedProperties props(dir);
- auto key = props.Get<std::string>(properties::key);
-
- // Get password to decrypt as needed
- if (e4crypt_non_default_key(dir)) {
- std::string result = vold_command("cryptfs getpw");
- // result is either
- // 200 0 -1
- // or
- // 200 0 {{sensitive}} 0001020304
- // where 0001020304 is hex encoding of password
- std::istringstream i(result);
- std::string bit;
- i >> bit;
- if (bit != "200") {
- KLOG_ERROR(TAG, "Expecting 200\n");
- return -1;
- }
-
- i >> bit;
- if (bit != arbitrary_sequence_number) {
- KLOG_ERROR(TAG, "Expecting %s\n", arbitrary_sequence_number.c_str());
- return -1;
- }
-
- i >> bit;
- if (bit != "{{sensitive}}") {
- KLOG_INFO(TAG, "Not encrypted\n");
- return -1;
- }
-
- i >> bit;
- }
-
- // Add key to keyring
- ext4_encryption_key ext4_key = {0, {0}, 0};
- if (key.length() > sizeof(ext4_key.raw)) {
- KLOG_ERROR(TAG, "Key too long\n");
- return -1;
- }
-
- ext4_key.mode = 0;
- memcpy(ext4_key.raw, &key[0], key.length());
- ext4_key.size = key.length();
-
- // ext4enc:TODO Use better reference not 1234567890
- key_serial_t key_id = add_key("logon", "ext4-key:1234567890",
- (void*)&ext4_key, sizeof(ext4_key),
- device_keyring);
-
- if (key_id == -1) {
- KLOG_ERROR(TAG, "Failed to insert key into keyring with error %s\n",
- strerror(errno));
- return -1;
- }
-
- KLOG_INFO(TAG, "Added key %d to keyring %d in process %d\n",
- key_id, device_keyring, getpid());
-
- // ext4enc:TODO set correct permissions
- long result = keyctl_setperm(key_id, 0x3f3f3f3f);
- if (result) {
- KLOG_ERROR(TAG, "KEYCTL_SETPERM failed with error %ld\n", result);
- return -1;
- }
-
- // Save reference to key so we can set policy later
- if (!props.Set(properties::ref, "ext4-key:1234567890")) {
- KLOG_ERROR(TAG, "Cannot save key reference\n");
- return -1;
- }
-
- return 0;
-}
-
-int e4crypt_set_directory_policy(const char* dir)
-{
- // Only set policy on first level /data directories
- // To make this less restrictive, consider using a policy file.
- // However this is overkill for as long as the policy is simply
- // to apply a global policy to all /data folders created via makedir
- if (!dir || strncmp(dir, "/data/", 6) || strchr(dir + 6, '/')) {
- return 0;
- }
-
- UnencryptedProperties props("/data");
- std::string ref = props.Get<std::string>(properties::ref);
- std::string policy = keyring + "." + ref;
- KLOG_INFO(TAG, "Setting policy %s\n", policy.c_str());
- int result = do_policy_set(dir, policy.c_str());
- if (result) {
- KLOG_ERROR(TAG, "Setting policy on %s failed!\n", dir);
- return -1;
- }
-
- return 0;
-}
+++ /dev/null
-/*
- * Copyright (C) 2010 The Android Open Source Project
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-
-#include <unistd.h>
-#include <libgen.h>
-#include <stdio.h>
-#include <stdlib.h>
-#include "ext4fixup.h"
-
-static void usage(char *me)
-{
- fprintf(stderr, "%s: usage: %s [-vn] <image or block device>\n", me, me);
-}
-
-int main(int argc, char **argv)
-{
- int opt;
- int verbose = 0;
- int no_write = 0;
- char *fsdev;
- char *me;
- int stop_phase = 0, stop_loc = 0, stop_count = 0;
-
- me = basename(argv[0]);
-
- while ((opt = getopt(argc, argv, "vnd:")) != -1) {
- switch (opt) {
- case 'v':
- verbose = 1;
- break;
- case 'n':
- no_write = 1;
- break;
- case 'd':
- sscanf(optarg, "%d,%d,%d", &stop_phase, &stop_loc, &stop_count);
- break;
- }
- }
-
- if (optind >= argc) {
- fprintf(stderr, "expected image or block device after options\n");
- usage(me);
- exit(EXIT_FAILURE);
- }
-
- fsdev = argv[optind++];
-
- if (optind < argc) {
- fprintf(stderr, "Unexpected argument: %s\n", argv[optind]);
- usage(me);
- exit(EXIT_FAILURE);
- }
-
- return ext4fixup_internal(fsdev, verbose, no_write, stop_phase, stop_loc, stop_count);
-}
+++ /dev/null
-#!/bin/bash
-#
-# To call this script, make sure make_ext4fs is somewhere in PATH
-
-function usage() {
-cat<<EOT
-Usage:
-mkuserimg.sh [-s] SRC_DIR OUTPUT_FILE EXT_VARIANT MOUNT_POINT SIZE [-j <journal_size>]
- [-T TIMESTAMP] [-C FS_CONFIG] [-B BLOCK_LIST_FILE] [-L LABEL] [FILE_CONTEXTS]
-EOT
-}
-
-ENABLE_SPARSE_IMAGE=
-if [ "$1" = "-s" ]; then
- ENABLE_SPARSE_IMAGE="-s"
- shift
-fi
-
-if [ $# -lt 5 ]; then
- usage
- exit 1
-fi
-
-SRC_DIR=$1
-if [ ! -d $SRC_DIR ]; then
- echo "Can not find directory $SRC_DIR!"
- exit 2
-fi
-
-OUTPUT_FILE=$2
-EXT_VARIANT=$3
-MOUNT_POINT=$4
-SIZE=$5
-shift; shift; shift; shift; shift
-
-JOURNAL_FLAGS=
-if [ "$1" = "-j" ]; then
- if [ "$2" = "0" ]; then
- JOURNAL_FLAGS="-J"
- else
- JOURNAL_FLAGS="-j $2"
- fi
- shift; shift
-fi
-
-TIMESTAMP=-1
-if [[ "$1" == "-T" ]]; then
- TIMESTAMP=$2
- shift; shift
-fi
-
-FS_CONFIG=
-if [[ "$1" == "-C" ]]; then
- FS_CONFIG=$2
- shift; shift
-fi
-
-BLOCK_LIST=
-if [[ "$1" == "-B" ]]; then
- BLOCK_LIST=$2
- shift; shift
-fi
-
-LABEL=
-if [[ "$1" == "-L" ]]; then
- LABEL=$2
- shift; shift
-fi
-
-FC=$1
-
-case $EXT_VARIANT in
- ext4) ;;
- *) echo "Only ext4 is supported!"; exit 3 ;;
-esac
-
-if [ -z $MOUNT_POINT ]; then
- echo "Mount point is required"
- exit 2
-fi
-
-if [ -z $SIZE ]; then
- echo "Need size of filesystem"
- exit 2
-fi
-
-OPT=""
-if [ -n "$FC" ]; then
- OPT="$OPT -S $FC"
-fi
-if [ -n "$FS_CONFIG" ]; then
- OPT="$OPT -C $FS_CONFIG"
-fi
-if [ -n "$BLOCK_LIST" ]; then
- OPT="$OPT -B $BLOCK_LIST"
-fi
-if [ -n "$LABEL" ]; then
- OPT="$OPT -L $LABEL"
-fi
-
-MAKE_EXT4FS_CMD="make_ext4fs $ENABLE_SPARSE_IMAGE -T $TIMESTAMP $OPT -l $SIZE $JOURNAL_FLAGS -a $MOUNT_POINT $OUTPUT_FILE $SRC_DIR"
-echo $MAKE_EXT4FS_CMD
-$MAKE_EXT4FS_CMD
-if [ $? -ne 0 ]; then
- exit 4
-fi
+++ /dev/null
-#include <stdio.h>
-#include <stdlib.h>
-#include <string.h>
-#include <unistd.h>
-#include <sys/reboot.h>
-#include <sys/wait.h>
-#include <cutils/android_reboot.h>
-#include <cutils/partition_utils.h>
-
-const char *mkfs = "/system/bin/make_ext4fs";
-
-int setup_fs(const char *blockdev)
-{
- char buf[256], path[128];
- pid_t child;
- int status, n;
- pid_t pid;
-
- /* we might be looking at an indirect reference */
- n = readlink(blockdev, path, sizeof(path) - 1);
- if (n > 0) {
- path[n] = 0;
- if (!memcmp(path, "/dev/block/", 11))
- blockdev = path + 11;
- }
-
- if (strchr(blockdev,'/')) {
- fprintf(stderr,"not a block device name: %s\n", blockdev);
- return 0;
- }
-
- snprintf(buf, sizeof(buf), "/sys/fs/ext4/%s", blockdev);
- if (access(buf, F_OK) == 0) {
- fprintf(stderr,"device %s already has a filesystem\n", blockdev);
- return 0;
- }
- snprintf(buf, sizeof(buf), "/dev/block/%s", blockdev);
-
- if (!partition_wiped(buf)) {
- fprintf(stderr,"device %s not wiped, probably encrypted, not wiping\n", blockdev);
- return 0;
- }
-
- fprintf(stderr,"+++\n");
-
- child = fork();
- if (child < 0) {
- fprintf(stderr,"error: setup_fs: fork failed\n");
- return 0;
- }
- if (child == 0) {
- execl(mkfs, mkfs, buf, NULL);
- exit(-1);
- }
-
- while ((pid=waitpid(-1, &status, 0)) != child) {
- if (pid == -1) {
- fprintf(stderr, "error: setup_fs: waitpid failed!\n");
- return 1;
- }
- }
-
- fprintf(stderr,"---\n");
- return 1;
-}
-
-
-int main(int argc, char **argv)
-{
- int need_reboot = 0;
-
- while (argc > 1) {
- if (strlen(argv[1]) < 128)
- need_reboot |= setup_fs(argv[1]);
- argv++;
- argc--;
- }
-
- if (need_reboot) {
- fprintf(stderr,"REBOOT!\n");
- android_reboot(ANDROID_RB_RESTART, 0, 0);
- exit(-1);
- }
- return 0;
-}
+++ /dev/null
-#!/bin/bash
-
-typeset -i I ITERATIONS PHASE LOC COUNT MAXCOUNT
-
-ME=`basename $0`
-
-if [ "$#" -ne 3 ]
-then
- echo "$ME: Usage: $ME <iterations> <maxcount> <filesystem_image>" >&2
- exit 1;
-fi
-
-ITERATIONS="$1"
-MAXCOUNT="$2"
-ORIG_FS_IMAGE="$3"
-FIXED_FS_IMAGE="/tmp/fixedfsimage.$$"
-NEW_FS_IMAGE="/tmp/newfsimage.$$"
-
-if [ ! -f "$ORIG_FS_IMAGE" ]
-then
- echo "$ME: Filesystem image $NEW_FS_IMAGE does not exist" >&2
- exit 1
-fi
-
-trap "rm -f $NEW_FS_IMAGE $FIXED_FS_IMAGE" 0 1 2 3 15
-
-rm -f "$NEW_FS_IMAGE" "$FIXED_FS_IMAGE"
-
-# Create the fixed image to compare against
-cp "$ORIG_FS_IMAGE" "$FIXED_FS_IMAGE"
-ext4fixup "$FIXED_FS_IMAGE"
-
-if [ "$?" -ne 0 ]
-then
- echo "$ME: ext4fixup failed!\n"
- exit 1
-fi
-
-I=0
-while [ "$I" -lt "$ITERATIONS" ]
-do
- # There is also a phase 4, which is writing out the updated superblocks and
- # block group descriptors. Test the with a separate script.
- let PHASE="$RANDOM"%3 # 0 to 2
- let PHASE++ # 1 to 3
- let LOC="$RANDOM"%2 # 0 to 1
- let LOC++ # 1 to 2
- let COUNT="$RANDOM"%"$MAXCOUNT"
-
- # Make a copy of the original image to fixup
- cp "$ORIG_FS_IMAGE" "$NEW_FS_IMAGE"
-
- # Run the fixup tool, but die partway through to see if we can recover
- ext4fixup -d "$PHASE,$LOC,$COUNT" "$NEW_FS_IMAGE" 2>/dev/null
-
- # run it again without -d to have it finish the job
- ext4fixup "$NEW_FS_IMAGE"
-
- if cmp "$FIXED_FS_IMAGE" "$NEW_FS_IMAGE"
- then
- :
- else
- echo "$ME: test failed with parameters $PHASE, $LOC, $COUNT"
- exit 1
- fi
-
- rm -f "$NEW_FS_IMAGE"
-
- let I++
-done
-
+++ /dev/null
-#include "unencrypted_properties.h"
-
-#include <sys/stat.h>
-
-namespace properties {
- const char* key = "key";
- const char* ref = "ref";
- const char* type = "type";
- const char* password = "password";
-}
-
-namespace
-{
- const char* unencrypted_folder = "unencrypted";
-}
-
-UnencryptedProperties::UnencryptedProperties(const char* device)
- : folder_(std::string() + device + "/" + unencrypted_folder)
-{
-}
-
-UnencryptedProperties::UnencryptedProperties()
-{
-}
-
-template<> std::string UnencryptedProperties::Get(const char* name,
- std::string default_value)
-{
- if (!OK()) return default_value;
- std::ifstream i(folder_ + "/" + name, std::ios::binary);
- if (!i) {
- return default_value;
- }
-
- i.seekg(0, std::ios::end);
- int length = i.tellg();
- i.seekg(0, std::ios::beg);
- if (length == -1) {
- return default_value;
- }
-
- std::string s(length, 0);
- i.read(&s[0], length);
- if (!i) {
- return default_value;
- }
-
- return s;
-}
-
-template<> bool UnencryptedProperties::Set(const char* name, std::string const& value)
-{
- if (!OK()) return false;
- std::ofstream o(folder_ + "/" + name, std::ios::binary);
- o << value;
- return !o.fail();
-}
-
-UnencryptedProperties UnencryptedProperties::GetChild(const char* name)
-{
- UnencryptedProperties e4p;
- if (!OK()) return e4p;
-
- std::string directory(folder_ + "/" + name);
- if (mkdir(directory.c_str(), 700) == -1 && errno != EEXIST) {
- return e4p;
- }
-
- e4p.folder_ = directory;
- return e4p;
-}
-
-bool UnencryptedProperties::Remove(const char* name)
-{
- if (remove((folder_ + "/" + name).c_str())
- && errno != ENOENT) {
- return false;
- }
-
- return true;
-}
-
-bool UnencryptedProperties::OK() const
-{
- return !folder_.empty();
-}
+++ /dev/null
-#include <string>
-#include <fstream>
-
-// key names for properties we use
-namespace properties {
- extern const char* key;
- extern const char* ref;
- extern const char* type;
- extern const char* password;
-}
-
-/**
- * Class to store data on the unencrypted folder of a device.
- * Note that the folder must exist before this class is constructed.
- * All names must be valid single level (no '/') file or directory names
- * Data is organized hierarchically so we can get a child folder
- */
-class UnencryptedProperties
-{
-public:
- // Opens properties folder on named device.
- // If folder does not exist, construction will succeed, but all
- // getters will return default properties and setters will fail.
- UnencryptedProperties(const char* device);
-
- // Get named object. Return default if object does not exist or error.
- template<typename t> t Get(const char* name, t default_value = t());
-
- // Set named object. Return true if success, false otherwise
- template<typename t> bool Set(const char* name, t const& value);
-
- // Get child properties
- UnencryptedProperties GetChild(const char* name);
-
- // Remove named object
- bool Remove(const char* name);
-
- // Get path of folder
- std::string const& GetPath() const {return folder_;}
-private:
- UnencryptedProperties();
- bool OK() const;
- std::string folder_;
-};
-
-
-template<typename t> t UnencryptedProperties::Get(const char* name,
- t default_value)
-{
- if (!OK()) return default_value;
- t value = default_value;
- std::ifstream(folder_ + "/" + name) >> value;
- return value;
-}
-
-template<typename t> bool UnencryptedProperties::Set(const char* name,
- t const& value)
-{
- if (!OK()) return false;
- std::ofstream o(folder_ + "/" + name);
- o << value;
- return !o.fail();
-}
-
-// Specialized getters/setters for strings
-template<> std::string UnencryptedProperties::Get(const char* name,
- std::string default_value);
-
-template<> bool UnencryptedProperties::Set(const char* name,
- std::string const& value);