Refactor now that global DE has been reworked
Change-Id: I4d6156332cfc847e25e7c8863fd6a50fa325fb87
diff --git a/Ext4Crypt.cpp b/Ext4Crypt.cpp
index d4d49af..b18202d 100644
--- a/Ext4Crypt.cpp
+++ b/Ext4Crypt.cpp
@@ -61,33 +61,20 @@
static constexpr int FLAG_STORAGE_DE = 1 << 0;
static constexpr int FLAG_STORAGE_CE = 1 << 1;
-static bool e4crypt_is_native() {
- char value[PROPERTY_VALUE_MAX];
- property_get("ro.crypto.type", value, "none");
- return !strcmp(value, "file");
-}
-
-static bool e4crypt_is_emulated() {
- return property_get_bool("persist.sys.emulate_fbe", false);
-}
-
-static const char* escape_null(const char* value) {
- return (value == nullptr) ? "null" : value;
-}
-
namespace {
// Key length in bits
const int key_length = 128;
static_assert(key_length % 8 == 0,
"Key length must be multiple of 8 bits");
- const std::string device_key_leaf = "/unencrypted/key";
- const std::string device_key_temp = "/unencrypted/temp";
+ const std::string device_key_dir = std::string() + DATA_MNT_POINT + "/unencrypted";
+ const std::string device_key_path = device_key_dir + "/key";
+ const std::string device_key_temp = device_key_dir + "/temp";
const std::string user_key_dir = std::string() + DATA_MNT_POINT + "/misc/vold/user_keys";
const std::string user_key_temp = user_key_dir + "/temp";
- bool s_enabled = false;
+ bool s_global_de_initialized = false;
// Some users are ephemeral, don't try to wipe their keys from disk
std::set<userid_t> s_ephemeral_users;
@@ -114,9 +101,18 @@
}
// TODO replace with proper function to test for file encryption
-int e4crypt_crypto_complete(const char* path)
-{
- return e4crypt_is_native() ? 0 : -1;
+bool e4crypt_is_native() {
+ char value[PROPERTY_VALUE_MAX];
+ property_get("ro.crypto.type", value, "none");
+ return !strcmp(value, "file");
+}
+
+static bool e4crypt_is_emulated() {
+ return property_get_bool("persist.sys.emulate_fbe", false);
+}
+
+static const char* escape_null(const char* value) {
+ return (value == nullptr) ? "null" : value;
}
// Get raw keyref - used to make keyname and to pass to ioctl
@@ -238,17 +234,17 @@
// NB this assumes that there is only one thread listening for crypt commands, because
// it creates keys in a fixed location.
-static bool store_key(const std::string &key_path,
+static bool store_key(const std::string &key_path, const std::string &tmp_path,
const android::vold::KeyAuthentication &auth, const std::string &key) {
if (path_exists(key_path)) {
LOG(ERROR) << "Already exists, cannot create key at: " << key_path;
return false;
}
- if (path_exists(user_key_temp)) {
- android::vold::destroyKey(user_key_temp);
+ if (path_exists(tmp_path)) {
+ android::vold::destroyKey(tmp_path);
}
- if (!android::vold::storeKey(user_key_temp, auth, key)) return false;
- if (rename(user_key_temp.c_str(), key_path.c_str()) != 0) {
+ if (!android::vold::storeKey(tmp_path, auth, key)) return false;
+ if (rename(tmp_path.c_str(), key_path.c_str()) != 0) {
PLOG(ERROR) << "Unable to move new key to location: " << key_path;
return false;
}
@@ -264,10 +260,12 @@
// If the key should be created as ephemeral, don't store it.
s_ephemeral_users.insert(user_id);
} else {
- if (!store_key(get_de_key_path(user_id), kEmptyAuthentication, de_key)) return false;
+ if (!store_key(get_de_key_path(user_id), user_key_temp,
+ kEmptyAuthentication, de_key)) return false;
if (!prepare_dir(user_key_dir + "/ce/" + std::to_string(user_id),
0700, AID_ROOT, AID_ROOT)) return false;
- if (!store_key(get_ce_key_path(user_id), kEmptyAuthentication, ce_key)) return false;
+ if (!store_key(get_ce_key_path(user_id), user_key_temp,
+ kEmptyAuthentication, ce_key)) return false;
}
std::string de_raw_ref;
if (!install_key(de_key, de_raw_ref)) return false;
@@ -344,34 +342,24 @@
return true;
}
-int e4crypt_enable(const char* path)
+int e4crypt_initialize_global_de()
{
- LOG(INFO) << "e4crypt_enable";
+ LOG(INFO) << "e4crypt_initialize_global_de";
- if (s_enabled) {
- LOG(INFO) << "Already enabled";
+ if (s_global_de_initialized) {
+ LOG(INFO) << "Already initialized";
return 0;
}
std::string device_key;
- std::string device_key_path = std::string(path) + device_key_leaf;
- if (!android::vold::retrieveKey(device_key_path, kEmptyAuthentication, device_key)) {
+ if (path_exists(device_key_path)) {
+ if (!android::vold::retrieveKey(device_key_path,
+ kEmptyAuthentication, device_key)) return -1;
+ } else {
LOG(INFO) << "Creating new key";
- if (!random_key(device_key)) {
- return -1;
- }
-
- std::string key_temp = std::string(path) + device_key_temp;
- if (path_exists(key_temp)) {
- android::vold::destroyKey(key_temp);
- }
-
- if (!android::vold::storeKey(key_temp, kEmptyAuthentication, device_key)) return -1;
- if (rename(key_temp.c_str(), device_key_path.c_str()) != 0) {
- PLOG(ERROR) << "Unable to move new key to location: "
- << device_key_path;
- return -1;
- }
+ if (!random_key(device_key)) return -1;
+ if (!store_key(device_key_path, device_key_temp,
+ kEmptyAuthentication, device_key)) return -1;
}
std::string device_key_ref;
@@ -386,7 +374,7 @@
return -1;
}
- s_enabled = true;
+ s_global_de_initialized = true;
return 0;
}
@@ -543,7 +531,7 @@
auto ce_key = it->second;
auto ce_key_path = get_ce_key_path(user_id);
android::vold::destroyKey(ce_key_path);
- if (!store_key(ce_key_path, auth, ce_key)) return -1;
+ if (!store_key(ce_key_path, user_key_temp, auth, ce_key)) return -1;
return 0;
}
@@ -612,7 +600,7 @@
if (!prepare_dir(misc_de_path, 01771, AID_SYSTEM, AID_MISC)) return -1;
if (!prepare_dir(user_de_path, 0771, AID_SYSTEM, AID_SYSTEM)) return -1;
- if (e4crypt_crypto_complete(DATA_MNT_POINT) == 0) {
+ if (e4crypt_is_native()) {
std::string de_raw_ref;
if (!lookup_key_ref(s_de_key_raw_refs, user_id, de_raw_ref)) return -1;
if (!ensure_policy(de_raw_ref, system_de_path)) return -1;
@@ -632,7 +620,7 @@
if (!prepare_dir(media_ce_path, 0770, AID_MEDIA_RW, AID_MEDIA_RW)) return -1;
if (!prepare_dir(user_ce_path, 0771, AID_SYSTEM, AID_SYSTEM)) return -1;
- if (e4crypt_crypto_complete(DATA_MNT_POINT) == 0) {
+ if (e4crypt_is_native()) {
std::string ce_raw_ref;
if (!lookup_key_ref(s_ce_key_raw_refs, user_id, ce_raw_ref)) return -1;
if (!ensure_policy(ce_raw_ref, system_ce_path)) return -1;
diff --git a/Ext4Crypt.h b/Ext4Crypt.h
index 80838c8..c69fb28 100644
--- a/Ext4Crypt.h
+++ b/Ext4Crypt.h
@@ -14,7 +14,7 @@
* limitations under the License.
*/
-#include <stddef.h>
+#include <stdbool.h>
#include <sys/cdefs.h>
#include <cutils/multiuser.h>
@@ -22,8 +22,8 @@
__BEGIN_DECLS
// General functions
-int e4crypt_enable(const char* path);
-int e4crypt_crypto_complete(const char* path);
+bool e4crypt_is_native();
+int e4crypt_initialize_global_de();
int e4crypt_init_user0();
int e4crypt_vold_create_user_key(userid_t user_id, int serial, bool ephemeral);
diff --git a/cryptfs.c b/cryptfs.c
index bd5807f..65acb60 100644
--- a/cryptfs.c
+++ b/cryptfs.c
@@ -56,7 +56,6 @@
#include "VoldUtil.h"
#include "crypto_scrypt.h"
#include "Ext4Crypt.h"
-#include "ext4_crypt_init_extensions.h"
#include "ext4_utils.h"
#include "f2fs_sparseblock.h"
#include "CheckBattery.h"
@@ -1782,7 +1781,7 @@
int cryptfs_restart(void)
{
SLOGI("cryptfs_restart");
- if (e4crypt_crypto_complete(DATA_MNT_POINT) == 0) {
+ if (e4crypt_is_native()) {
SLOGE("cryptfs_restart not valid for file encryption:");
return -1;
}
@@ -1804,7 +1803,7 @@
}
// crypto_complete is full disk encrypted status
- if (e4crypt_crypto_complete(mount_point) == 0) {
+ if (e4crypt_is_native()) {
return CRYPTO_COMPLETE_NOT_ENCRYPTED;
}
@@ -2057,7 +2056,7 @@
int cryptfs_check_passwd(char *passwd)
{
SLOGI("cryptfs_check_passwd");
- if (e4crypt_crypto_complete(DATA_MNT_POINT) == 0) {
+ if (e4crypt_is_native()) {
SLOGE("cryptfs_check_passwd not valid for file encryption");
return -1;
}
@@ -3349,7 +3348,7 @@
int cryptfs_changepw(int crypt_type, const char *newpw)
{
- if (e4crypt_crypto_complete(DATA_MNT_POINT) == 0) {
+ if (e4crypt_is_native()) {
SLOGE("cryptfs_changepw not valid for file encryption");
return -1;
}
@@ -3575,7 +3574,7 @@
/* Return the value of the specified field. */
int cryptfs_getfield(const char *fieldname, char *value, int len)
{
- if (e4crypt_crypto_complete(DATA_MNT_POINT) == 0) {
+ if (e4crypt_is_native()) {
SLOGE("Cannot get field when file encrypted");
return -1;
}
@@ -3641,7 +3640,7 @@
/* Set the value of the specified field. */
int cryptfs_setfield(const char *fieldname, const char *value)
{
- if (e4crypt_crypto_complete(DATA_MNT_POINT) == 0) {
+ if (e4crypt_is_native()) {
SLOGE("Cannot set field when file encrypted");
return -1;
}
@@ -3768,7 +3767,7 @@
*/
int cryptfs_get_password_type(void)
{
- if (e4crypt_crypto_complete(DATA_MNT_POINT) == 0) {
+ if (e4crypt_is_native()) {
SLOGE("cryptfs_get_password_type not valid for file encryption");
return -1;
}
@@ -3789,7 +3788,7 @@
const char* cryptfs_get_password()
{
- if (e4crypt_crypto_complete(DATA_MNT_POINT) == 0) {
+ if (e4crypt_is_native()) {
SLOGE("cryptfs_get_password not valid for file encryption");
return 0;
}
@@ -3817,7 +3816,7 @@
int cryptfs_enable_file()
{
- return e4crypt_enable(DATA_MNT_POINT);
+ return e4crypt_initialize_global_de();
}
int cryptfs_isConvertibleToFBE()
diff --git a/main.cpp b/main.cpp
index 6d94818..9cbcf88 100644
--- a/main.cpp
+++ b/main.cpp
@@ -18,7 +18,6 @@
#include "VolumeManager.h"
#include "CommandListener.h"
#include "CryptCommandListener.h"
-#include "Ext4Crypt.h"
#include "NetlinkManager.h"
#include "cryptfs.h"
#include "sehandle.h"