DO NOT MERGE - qt-qpr1-dev-plus-aosp-without-vendor@5915889 into stage-aosp-master
Bug: 142003500
Change-Id: Ib50f11f8f97ebd427da22b31e484777ef3210fe6
diff --git a/Android.bp b/Android.bp
index 55def04..b621f35 100644
--- a/Android.bp
+++ b/Android.bp
@@ -86,6 +86,7 @@
cc_library_headers {
name: "libvold_headers",
+ recovery_available: true,
export_include_dirs: ["."],
}
diff --git a/Checkpoint.cpp b/Checkpoint.cpp
index e5ef4a2..b2b648f 100644
--- a/Checkpoint.cpp
+++ b/Checkpoint.cpp
@@ -145,8 +145,10 @@
volatile bool isCheckpointing = false;
-// Protects isCheckpointing and code that makes decisions based on status of
-// isCheckpointing
+volatile bool needsCheckpointWasCalled = false;
+
+// Protects isCheckpointing, needsCheckpointWasCalled and code that makes decisions based on status
+// of isCheckpointing
std::mutex isCheckpointingLock;
}
@@ -263,16 +265,16 @@
}
bool cp_needsCheckpoint() {
+ std::lock_guard<std::mutex> lock(isCheckpointingLock);
+
// Make sure we only return true during boot. See b/138952436 for discussion
- static bool called_once = false;
- if (called_once) return isCheckpointing;
- called_once = true;
+ if (needsCheckpointWasCalled) return isCheckpointing;
+ needsCheckpointWasCalled = true;
bool ret;
std::string content;
sp<IBootControl> module = IBootControl::getService();
- std::lock_guard<std::mutex> lock(isCheckpointingLock);
if (isCheckpointing) return isCheckpointing;
if (module && module->isSlotMarkedSuccessful(module->getCurrentSlot()) == BoolResult::FALSE) {
@@ -342,6 +344,8 @@
} // namespace
Status cp_prepareCheckpoint() {
+ // Log to notify CTS - see b/137924328 for context
+ LOG(INFO) << "cp_prepareCheckpoint called";
std::lock_guard<std::mutex> lock(isCheckpointingLock);
if (!isCheckpointing) {
return Status::ok();
@@ -727,5 +731,10 @@
return Status::ok();
}
+void cp_resetCheckpoint() {
+ std::lock_guard<std::mutex> lock(isCheckpointingLock);
+ needsCheckpointWasCalled = false;
+}
+
} // namespace vold
} // namespace android
diff --git a/Checkpoint.h b/Checkpoint.h
index 63ead83..c1fb2b7 100644
--- a/Checkpoint.h
+++ b/Checkpoint.h
@@ -45,6 +45,7 @@
android::binder::Status cp_markBootAttempt();
+void cp_resetCheckpoint();
} // namespace vold
} // namespace android
diff --git a/FsCrypt.cpp b/FsCrypt.cpp
index 8d78473..c101ba8 100644
--- a/FsCrypt.cpp
+++ b/FsCrypt.cpp
@@ -57,6 +57,7 @@
#include <android-base/logging.h>
#include <android-base/properties.h>
#include <android-base/stringprintf.h>
+#include <android-base/strings.h>
#include <android-base/unique_fd.h>
using android::base::StringPrintf;
@@ -64,15 +65,10 @@
using android::vold::kEmptyAuthentication;
using android::vold::KeyBuffer;
using android::vold::writeStringToFile;
+using namespace android::fscrypt;
namespace {
-struct PolicyKeyRef {
- std::string contents_mode;
- std::string filenames_mode;
- std::string key_raw_ref;
-};
-
const std::string device_key_dir = std::string() + DATA_MNT_POINT + fscrypt_unencrypted_folder;
const std::string device_key_path = device_key_dir + "/key";
const std::string device_key_temp = device_key_dir + "/temp";
@@ -199,13 +195,54 @@
return false;
}
+// Retrieve the options to use for encryption policies on the /data filesystem.
+static void get_data_file_encryption_options(EncryptionOptions* options) {
+ auto entry = GetEntryForMountPoint(&fstab_default, DATA_MNT_POINT);
+ if (entry == nullptr) {
+ return;
+ }
+ if (!ParseOptions(entry->encryption_options, options)) {
+ LOG(ERROR) << "Unable to parse encryption options for " << DATA_MNT_POINT ": "
+ << entry->encryption_options;
+ return;
+ }
+}
+
+// Retrieve the version to use for encryption policies on the /data filesystem.
+static int get_data_file_policy_version(void) {
+ EncryptionOptions options;
+ get_data_file_encryption_options(&options);
+ return options.version;
+}
+
+// Retrieve the options to use for encryption policies on adoptable storage.
+static bool get_volume_file_encryption_options(EncryptionOptions* options) {
+ auto contents_mode =
+ android::base::GetProperty("ro.crypto.volume.contents_mode", "aes-256-xts");
+ auto filenames_mode =
+ android::base::GetProperty("ro.crypto.volume.filenames_mode", "aes-256-heh");
+ return ParseOptions(android::base::GetProperty("ro.crypto.volume.options",
+ contents_mode + ":" + filenames_mode + ":v1"),
+ options);
+}
+
+// Install a key for use by encrypted files on the /data filesystem.
+static bool install_data_key(const KeyBuffer& key, std::string* raw_ref) {
+ return android::vold::installKey(key, DATA_MNT_POINT, get_data_file_policy_version(), raw_ref);
+}
+
+// Evict a key for use by encrypted files on the /data filesystem.
+static bool evict_data_key(const std::string& raw_ref) {
+ return android::vold::evictKey(DATA_MNT_POINT, raw_ref, get_data_file_policy_version());
+}
+
static bool read_and_install_user_ce_key(userid_t user_id,
const android::vold::KeyAuthentication& auth) {
if (s_ce_key_raw_refs.count(user_id) != 0) return true;
KeyBuffer ce_key;
if (!read_and_fixate_user_ce_key(user_id, auth, &ce_key)) return false;
std::string ce_raw_ref;
- if (!android::vold::installKey(ce_key, &ce_raw_ref)) return false;
+ if (!install_data_key(ce_key, &ce_raw_ref)) return false;
s_ce_keys[user_id] = std::move(ce_key);
s_ce_key_raw_refs[user_id] = ce_raw_ref;
LOG(DEBUG) << "Installed ce key for user " << user_id;
@@ -255,10 +292,10 @@
return false;
}
std::string de_raw_ref;
- if (!android::vold::installKey(de_key, &de_raw_ref)) return false;
+ if (!install_data_key(de_key, &de_raw_ref)) return false;
s_de_key_raw_refs[user_id] = de_raw_ref;
std::string ce_raw_ref;
- if (!android::vold::installKey(ce_key, &ce_raw_ref)) return false;
+ if (!install_data_key(ce_key, &ce_raw_ref)) return false;
s_ce_keys[user_id] = ce_key;
s_ce_key_raw_refs[user_id] = ce_raw_ref;
LOG(DEBUG) << "Created keys for user " << user_id;
@@ -276,21 +313,6 @@
return true;
}
-static void get_data_file_encryption_modes(PolicyKeyRef* key_ref) {
- auto entry = GetEntryForMountPoint(&fstab_default, DATA_MNT_POINT);
- if (entry == nullptr) {
- return;
- }
- key_ref->contents_mode = entry->file_contents_mode;
- key_ref->filenames_mode = entry->file_names_mode;
-}
-
-static bool ensure_policy(const PolicyKeyRef& key_ref, const std::string& path) {
- return fscrypt_policy_ensure(path.c_str(), key_ref.key_raw_ref.data(),
- key_ref.key_raw_ref.size(), key_ref.contents_mode.c_str(),
- key_ref.filenames_mode.c_str()) == 0;
-}
-
static bool is_numeric(const char* name) {
for (const char* p = name; *p != '\0'; p++) {
if (!isdigit(*p)) return false;
@@ -325,7 +347,7 @@
KeyBuffer key;
if (!android::vold::retrieveKey(key_path, kEmptyAuthentication, &key)) return false;
std::string raw_ref;
- if (!android::vold::installKey(key, &raw_ref)) return false;
+ if (!install_data_key(key, &raw_ref)) return false;
s_de_key_raw_refs[user_id] = raw_ref;
LOG(DEBUG) << "Installed de key for user " << user_id;
}
@@ -343,24 +365,30 @@
return true;
}
- PolicyKeyRef device_ref;
- if (!android::vold::retrieveAndInstallKey(true, kEmptyAuthentication, device_key_path,
- device_key_temp, &device_ref.key_raw_ref))
- return false;
- get_data_file_encryption_modes(&device_ref);
+ EncryptionPolicy device_policy;
+ get_data_file_encryption_options(&device_policy.options);
- std::string modestring = device_ref.contents_mode + ":" + device_ref.filenames_mode;
- std::string mode_filename = std::string("/data") + fscrypt_key_mode;
- if (!android::vold::writeStringToFile(modestring, mode_filename)) return false;
+ if (!android::vold::retrieveAndInstallKey(true, kEmptyAuthentication, device_key_path,
+ device_key_temp, "", device_policy.options.version,
+ &device_policy.key_raw_ref))
+ return false;
+
+ std::string options_string;
+ if (!OptionsToString(device_policy.options, &options_string)) {
+ LOG(ERROR) << "Unable to serialize options";
+ return false;
+ }
+ std::string options_filename = std::string("/data") + fscrypt_key_mode;
+ if (!android::vold::writeStringToFile(options_string, options_filename)) return false;
std::string ref_filename = std::string("/data") + fscrypt_key_ref;
- if (!android::vold::writeStringToFile(device_ref.key_raw_ref, ref_filename)) return false;
+ if (!android::vold::writeStringToFile(device_policy.key_raw_ref, ref_filename)) return false;
LOG(INFO) << "Wrote system DE key reference to:" << ref_filename;
KeyBuffer per_boot_key;
if (!android::vold::randomKey(&per_boot_key)) return false;
std::string per_boot_raw_ref;
- if (!android::vold::installKey(per_boot_key, &per_boot_raw_ref)) return false;
+ if (!install_data_key(per_boot_key, &per_boot_raw_ref)) return false;
std::string per_boot_ref_filename = std::string("/data") + fscrypt_key_per_boot_ref;
if (!android::vold::writeStringToFile(per_boot_raw_ref, per_boot_ref_filename)) return false;
LOG(INFO) << "Wrote per boot key reference to:" << per_boot_ref_filename;
@@ -419,15 +447,20 @@
}
// "Lock" all encrypted directories whose key has been removed. This is needed
-// because merely removing the keyring key doesn't affect inodes in the kernel's
-// inode cache whose per-file key was already set up. So to remove the per-file
-// keys and make the files "appear encrypted", these inodes must be evicted.
+// in the case where the keys are being put in the session keyring (rather in
+// the newer filesystem-level keyrings), because removing a key from the session
+// keyring doesn't affect inodes in the kernel's inode cache whose per-file key
+// was already set up. So to remove the per-file keys and make the files
+// "appear encrypted", these inodes must be evicted.
//
// To do this, sync() to clean all dirty inodes, then drop all reclaimable slab
// objects systemwide. This is overkill, but it's the best available method
// currently. Don't use drop_caches mode "3" because that also evicts pagecache
// for in-use files; all files relevant here are already closed and sync'ed.
-static void drop_caches() {
+static void drop_caches_if_needed() {
+ if (android::vold::isFsKeyringSupported()) {
+ return;
+ }
sync();
if (!writeStringToFile("2", "/proc/sys/vm/drop_caches")) {
PLOG(ERROR) << "Failed to drop caches during key eviction";
@@ -440,8 +473,8 @@
std::string raw_ref;
// If we haven't loaded the CE key, no need to evict it.
if (lookup_key_ref(s_ce_key_raw_refs, user_id, &raw_ref)) {
- success &= android::vold::evictKey(raw_ref);
- drop_caches();
+ success &= evict_data_key(raw_ref);
+ drop_caches_if_needed();
}
s_ce_key_raw_refs.erase(user_id);
return success;
@@ -455,8 +488,7 @@
bool success = true;
std::string raw_ref;
success &= evict_ce_key(user_id);
- success &=
- lookup_key_ref(s_de_key_raw_refs, user_id, &raw_ref) && android::vold::evictKey(raw_ref);
+ success &= lookup_key_ref(s_de_key_raw_refs, user_id, &raw_ref) && evict_data_key(raw_ref);
s_de_key_raw_refs.erase(user_id);
auto it = s_ephemeral_users.find(user_id);
if (it != s_ephemeral_users.end()) {
@@ -526,7 +558,7 @@
}
static bool read_or_create_volkey(const std::string& misc_path, const std::string& volume_uuid,
- PolicyKeyRef* key_ref) {
+ EncryptionPolicy* policy) {
auto secdiscardable_path = volume_secdiscardable_path(volume_uuid);
std::string secdiscardable_hash;
if (android::vold::pathExists(secdiscardable_path)) {
@@ -546,14 +578,12 @@
return false;
}
android::vold::KeyAuthentication auth("", secdiscardable_hash);
- if (!android::vold::retrieveAndInstallKey(true, auth, key_path, key_path + "_tmp",
- &key_ref->key_raw_ref))
- return false;
- key_ref->contents_mode =
- android::base::GetProperty("ro.crypto.volume.contents_mode", "aes-256-xts");
- key_ref->filenames_mode =
- android::base::GetProperty("ro.crypto.volume.filenames_mode", "aes-256-heh");
- return true;
+
+ if (!get_volume_file_encryption_options(&policy->options)) return false;
+
+ return android::vold::retrieveAndInstallKey(true, auth, key_path, key_path + "_tmp",
+ volume_uuid, policy->options.version,
+ &policy->key_raw_ref);
}
static bool destroy_volkey(const std::string& misc_path, const std::string& volume_uuid) {
@@ -698,17 +728,18 @@
if (!prepare_dir(user_de_path, 0771, AID_SYSTEM, AID_SYSTEM)) return false;
if (fscrypt_is_native()) {
- PolicyKeyRef de_ref;
+ EncryptionPolicy de_policy;
if (volume_uuid.empty()) {
- if (!lookup_key_ref(s_de_key_raw_refs, user_id, &de_ref.key_raw_ref)) return false;
- get_data_file_encryption_modes(&de_ref);
- if (!ensure_policy(de_ref, system_de_path)) return false;
- if (!ensure_policy(de_ref, misc_de_path)) return false;
- if (!ensure_policy(de_ref, vendor_de_path)) return false;
+ if (!lookup_key_ref(s_de_key_raw_refs, user_id, &de_policy.key_raw_ref))
+ return false;
+ get_data_file_encryption_options(&de_policy.options);
+ if (!EnsurePolicy(de_policy, system_de_path)) return false;
+ if (!EnsurePolicy(de_policy, misc_de_path)) return false;
+ if (!EnsurePolicy(de_policy, vendor_de_path)) return false;
} else {
- if (!read_or_create_volkey(misc_de_path, volume_uuid, &de_ref)) return false;
+ if (!read_or_create_volkey(misc_de_path, volume_uuid, &de_policy)) return false;
}
- if (!ensure_policy(de_ref, user_de_path)) return false;
+ if (!EnsurePolicy(de_policy, user_de_path)) return false;
}
}
@@ -729,19 +760,20 @@
if (!prepare_dir(user_ce_path, 0771, AID_SYSTEM, AID_SYSTEM)) return false;
if (fscrypt_is_native()) {
- PolicyKeyRef ce_ref;
+ EncryptionPolicy ce_policy;
if (volume_uuid.empty()) {
- if (!lookup_key_ref(s_ce_key_raw_refs, user_id, &ce_ref.key_raw_ref)) return false;
- get_data_file_encryption_modes(&ce_ref);
- if (!ensure_policy(ce_ref, system_ce_path)) return false;
- if (!ensure_policy(ce_ref, misc_ce_path)) return false;
- if (!ensure_policy(ce_ref, vendor_ce_path)) return false;
+ if (!lookup_key_ref(s_ce_key_raw_refs, user_id, &ce_policy.key_raw_ref))
+ return false;
+ get_data_file_encryption_options(&ce_policy.options);
+ if (!EnsurePolicy(ce_policy, system_ce_path)) return false;
+ if (!EnsurePolicy(ce_policy, misc_ce_path)) return false;
+ if (!EnsurePolicy(ce_policy, vendor_ce_path)) return false;
} else {
- if (!read_or_create_volkey(misc_ce_path, volume_uuid, &ce_ref)) return false;
+ if (!read_or_create_volkey(misc_ce_path, volume_uuid, &ce_policy)) return false;
}
- if (!ensure_policy(ce_ref, media_ce_path)) return false;
- if (!ensure_policy(ce_ref, user_ce_path)) return false;
+ if (!EnsurePolicy(ce_policy, media_ce_path)) return false;
+ if (!EnsurePolicy(ce_policy, user_ce_path)) return false;
}
if (volume_uuid.empty()) {
diff --git a/KeyUtil.cpp b/KeyUtil.cpp
index 12cae9b..f822377 100644
--- a/KeyUtil.cpp
+++ b/KeyUtil.cpp
@@ -16,12 +16,14 @@
#include "KeyUtil.h"
-#include <linux/fs.h>
#include <iomanip>
#include <sstream>
#include <string>
+#include <fcntl.h>
+#include <linux/fs.h>
#include <openssl/sha.h>
+#include <sys/ioctl.h>
#include <android-base/file.h>
#include <android-base/logging.h>
@@ -29,6 +31,7 @@
#include "KeyStorage.h"
#include "Utils.h"
+#include "fscrypt_uapi.h"
namespace android {
namespace vold {
@@ -45,6 +48,42 @@
return true;
}
+// Return true if the kernel supports the ioctls to add/remove fscrypt keys
+// directly to/from the filesystem.
+bool isFsKeyringSupported(void) {
+ static bool initialized = false;
+ static bool supported;
+
+ if (!initialized) {
+ android::base::unique_fd fd(open("/data", O_RDONLY | O_DIRECTORY | O_CLOEXEC));
+
+ // FS_IOC_ADD_ENCRYPTION_KEY with a NULL argument will fail with ENOTTY
+ // if the ioctl isn't supported. Otherwise it will fail with another
+ // error code such as EFAULT.
+ errno = 0;
+ (void)ioctl(fd, FS_IOC_ADD_ENCRYPTION_KEY, NULL);
+ if (errno == ENOTTY) {
+ LOG(INFO) << "Kernel doesn't support FS_IOC_ADD_ENCRYPTION_KEY. Falling back to "
+ "session keyring";
+ supported = false;
+ } else {
+ if (errno != EFAULT) {
+ PLOG(WARNING) << "Unexpected error from FS_IOC_ADD_ENCRYPTION_KEY";
+ }
+ LOG(DEBUG) << "Detected support for FS_IOC_ADD_ENCRYPTION_KEY";
+ supported = true;
+ }
+ // There's no need to check for FS_IOC_REMOVE_ENCRYPTION_KEY, since it's
+ // guaranteed to be available if FS_IOC_ADD_ENCRYPTION_KEY is. There's
+ // also no need to check for support on external volumes separately from
+ // /data, since either the kernel supports the ioctls on all
+ // fscrypt-capable filesystems or it doesn't.
+
+ initialized = true;
+ }
+ return supported;
+}
+
// Get raw keyref - used to make keyname and to pass to ioctl
static std::string generateKeyRef(const uint8_t* key, int length) {
SHA512_CTX c;
@@ -78,16 +117,20 @@
static char const* const NAME_PREFIXES[] = {"ext4", "f2fs", "fscrypt", nullptr};
-static std::string keyname(const std::string& prefix, const std::string& raw_ref) {
+static std::string keyrefstring(const std::string& raw_ref) {
std::ostringstream o;
- o << prefix << ":";
for (unsigned char i : raw_ref) {
o << std::hex << std::setw(2) << std::setfill('0') << (int)i;
}
return o.str();
}
-// Get the keyring we store all keys in
+static std::string buildLegacyKeyName(const std::string& prefix, const std::string& raw_ref) {
+ return prefix + ":" + keyrefstring(raw_ref);
+}
+
+// Get the ID of the keyring we store all fscrypt keys in when the kernel is too
+// old to support FS_IOC_ADD_ENCRYPTION_KEY and FS_IOC_REMOVE_ENCRYPTION_KEY.
static bool fscryptKeyring(key_serial_t* device_keyring) {
*device_keyring = keyctl_search(KEY_SPEC_SESSION_KEYRING, "keyring", "fscrypt", 0);
if (*device_keyring == -1) {
@@ -97,19 +140,17 @@
return true;
}
-// Install password into global keyring
-// Return raw key reference for use in policy
-bool installKey(const KeyBuffer& key, std::string* raw_ref) {
+// Add an encryption key to the legacy global session keyring.
+static bool installKeyLegacy(const KeyBuffer& key, const std::string& raw_ref) {
// Place fscrypt_key into automatically zeroing buffer.
KeyBuffer fsKeyBuffer(sizeof(fscrypt_key));
fscrypt_key& fs_key = *reinterpret_cast<fscrypt_key*>(fsKeyBuffer.data());
if (!fillKey(key, &fs_key)) return false;
- *raw_ref = generateKeyRef(fs_key.raw, fs_key.size);
key_serial_t device_keyring;
if (!fscryptKeyring(&device_keyring)) return false;
for (char const* const* name_prefix = NAME_PREFIXES; *name_prefix != nullptr; name_prefix++) {
- auto ref = keyname(*name_prefix, *raw_ref);
+ auto ref = buildLegacyKeyName(*name_prefix, raw_ref);
key_serial_t key_id =
add_key("logon", ref.c_str(), (void*)&fs_key, sizeof(fs_key), device_keyring);
if (key_id == -1) {
@@ -122,12 +163,110 @@
return true;
}
-bool evictKey(const std::string& raw_ref) {
+// Build a struct fscrypt_key_specifier for use in the key management ioctls.
+static bool buildKeySpecifier(fscrypt_key_specifier* spec, const std::string& raw_ref,
+ int policy_version) {
+ switch (policy_version) {
+ case 1:
+ if (raw_ref.size() != FSCRYPT_KEY_DESCRIPTOR_SIZE) {
+ LOG(ERROR) << "Invalid key specifier size for v1 encryption policy: "
+ << raw_ref.size();
+ return false;
+ }
+ spec->type = FSCRYPT_KEY_SPEC_TYPE_DESCRIPTOR;
+ memcpy(spec->u.descriptor, raw_ref.c_str(), FSCRYPT_KEY_DESCRIPTOR_SIZE);
+ return true;
+ case 2:
+ if (raw_ref.size() != FSCRYPT_KEY_IDENTIFIER_SIZE) {
+ LOG(ERROR) << "Invalid key specifier size for v2 encryption policy: "
+ << raw_ref.size();
+ return false;
+ }
+ spec->type = FSCRYPT_KEY_SPEC_TYPE_IDENTIFIER;
+ memcpy(spec->u.identifier, raw_ref.c_str(), FSCRYPT_KEY_IDENTIFIER_SIZE);
+ return true;
+ default:
+ LOG(ERROR) << "Invalid encryption policy version: " << policy_version;
+ return false;
+ }
+}
+
+// Install a file-based encryption key to the kernel, for use by encrypted files
+// on the specified filesystem using the specified encryption policy version.
+//
+// For v1 policies, we use FS_IOC_ADD_ENCRYPTION_KEY if the kernel supports it.
+// Otherwise we add the key to the legacy global session keyring.
+//
+// For v2 policies, we always use FS_IOC_ADD_ENCRYPTION_KEY; it's the only way
+// the kernel supports.
+//
+// Returns %true on success, %false on failure. On success also sets *raw_ref
+// to the raw key reference for use in the encryption policy.
+bool installKey(const KeyBuffer& key, const std::string& mountpoint, int policy_version,
+ std::string* raw_ref) {
+ // Put the fscrypt_add_key_arg in an automatically-zeroing buffer, since we
+ // have to copy the raw key into it.
+ KeyBuffer arg_buf(sizeof(struct fscrypt_add_key_arg) + key.size(), 0);
+ struct fscrypt_add_key_arg* arg = (struct fscrypt_add_key_arg*)arg_buf.data();
+
+ // Initialize the "key specifier", which is like a name for the key.
+ switch (policy_version) {
+ case 1:
+ // A key for a v1 policy is specified by an arbitrary 8-byte
+ // "descriptor", which must be provided by userspace. We use the
+ // first 8 bytes from the double SHA-512 of the key itself.
+ *raw_ref = generateKeyRef((const uint8_t*)key.data(), key.size());
+ if (!isFsKeyringSupported()) {
+ return installKeyLegacy(key, *raw_ref);
+ }
+ if (!buildKeySpecifier(&arg->key_spec, *raw_ref, policy_version)) {
+ return false;
+ }
+ break;
+ case 2:
+ // A key for a v2 policy is specified by an 16-byte "identifier",
+ // which is a cryptographic hash of the key itself which the kernel
+ // computes and returns. Any user-provided value is ignored; we
+ // just need to set the specifier type to indicate that we're adding
+ // this type of key.
+ arg->key_spec.type = FSCRYPT_KEY_SPEC_TYPE_IDENTIFIER;
+ break;
+ default:
+ LOG(ERROR) << "Invalid encryption policy version: " << policy_version;
+ return false;
+ }
+
+ // Provide the raw key.
+ arg->raw_size = key.size();
+ memcpy(arg->raw, key.data(), key.size());
+
+ android::base::unique_fd fd(open(mountpoint.c_str(), O_RDONLY | O_DIRECTORY | O_CLOEXEC));
+ if (fd == -1) {
+ PLOG(ERROR) << "Failed to open " << mountpoint << " to install key";
+ return false;
+ }
+
+ if (ioctl(fd, FS_IOC_ADD_ENCRYPTION_KEY, arg) != 0) {
+ PLOG(ERROR) << "Failed to install fscrypt key to " << mountpoint;
+ return false;
+ }
+
+ if (arg->key_spec.type == FSCRYPT_KEY_SPEC_TYPE_IDENTIFIER) {
+ // Retrieve the key identifier that the kernel computed.
+ *raw_ref = std::string((char*)arg->key_spec.u.identifier, FSCRYPT_KEY_IDENTIFIER_SIZE);
+ }
+ LOG(DEBUG) << "Installed fscrypt key with ref " << keyrefstring(*raw_ref) << " to "
+ << mountpoint;
+ return true;
+}
+
+// Remove an encryption key from the legacy global session keyring.
+static bool evictKeyLegacy(const std::string& raw_ref) {
key_serial_t device_keyring;
if (!fscryptKeyring(&device_keyring)) return false;
bool success = true;
for (char const* const* name_prefix = NAME_PREFIXES; *name_prefix != nullptr; name_prefix++) {
- auto ref = keyname(*name_prefix, raw_ref);
+ auto ref = buildLegacyKeyName(*name_prefix, raw_ref);
auto key_serial = keyctl_search(device_keyring, "logon", ref.c_str(), 0);
// Unlink the key from the keyring. Prefer unlinking to revoking or
@@ -144,8 +283,51 @@
return success;
}
+// Evict a file-based encryption key from the kernel.
+//
+// We use FS_IOC_REMOVE_ENCRYPTION_KEY if the kernel supports it. Otherwise we
+// remove the key from the legacy global session keyring.
+//
+// In the latter case, the caller is responsible for dropping caches.
+bool evictKey(const std::string& mountpoint, const std::string& raw_ref, int policy_version) {
+ if (policy_version == 1 && !isFsKeyringSupported()) {
+ return evictKeyLegacy(raw_ref);
+ }
+
+ android::base::unique_fd fd(open(mountpoint.c_str(), O_RDONLY | O_DIRECTORY | O_CLOEXEC));
+ if (fd == -1) {
+ PLOG(ERROR) << "Failed to open " << mountpoint << " to evict key";
+ return false;
+ }
+
+ struct fscrypt_remove_key_arg arg;
+ memset(&arg, 0, sizeof(arg));
+
+ if (!buildKeySpecifier(&arg.key_spec, raw_ref, policy_version)) {
+ return false;
+ }
+
+ std::string ref = keyrefstring(raw_ref);
+
+ if (ioctl(fd, FS_IOC_REMOVE_ENCRYPTION_KEY, &arg) != 0) {
+ PLOG(ERROR) << "Failed to evict fscrypt key with ref " << ref << " from " << mountpoint;
+ return false;
+ }
+
+ LOG(DEBUG) << "Evicted fscrypt key with ref " << ref << " from " << mountpoint;
+ if (arg.removal_status_flags & FSCRYPT_KEY_REMOVAL_STATUS_FLAG_OTHER_USERS) {
+ // Should never happen because keys are only added/removed as root.
+ LOG(ERROR) << "Unexpected case: key with ref " << ref << " is still added by other users!";
+ } else if (arg.removal_status_flags & FSCRYPT_KEY_REMOVAL_STATUS_FLAG_FILES_BUSY) {
+ LOG(ERROR) << "Files still open after removing key with ref " << ref
+ << ". These files were not locked!";
+ }
+ return true;
+}
+
bool retrieveAndInstallKey(bool create_if_absent, const KeyAuthentication& key_authentication,
const std::string& key_path, const std::string& tmp_path,
+ const std::string& volume_uuid, int policy_version,
std::string* key_ref) {
KeyBuffer key;
if (pathExists(key_path)) {
@@ -161,7 +343,7 @@
if (!storeKeyAtomically(key_path, tmp_path, key_authentication, key)) return false;
}
- if (!installKey(key, key_ref)) {
+ if (!installKey(key, BuildDataPath(volume_uuid), policy_version, key_ref)) {
LOG(ERROR) << "Failed to install key in " << key_path;
return false;
}
diff --git a/KeyUtil.h b/KeyUtil.h
index 7ee6725..f6799d9 100644
--- a/KeyUtil.h
+++ b/KeyUtil.h
@@ -27,10 +27,15 @@
namespace vold {
bool randomKey(KeyBuffer* key);
-bool installKey(const KeyBuffer& key, std::string* raw_ref);
-bool evictKey(const std::string& raw_ref);
+
+bool isFsKeyringSupported(void);
+
+bool installKey(const KeyBuffer& key, const std::string& mountpoint, int policy_version,
+ std::string* raw_ref);
+bool evictKey(const std::string& mountpoint, const std::string& raw_ref, int policy_version);
bool retrieveAndInstallKey(bool create_if_absent, const KeyAuthentication& key_authentication,
const std::string& key_path, const std::string& tmp_path,
+ const std::string& volume_uuid, int policy_version,
std::string* key_ref);
bool retrieveKey(bool create_if_absent, const std::string& key_path, const std::string& tmp_path,
KeyBuffer* key, bool keepOld = true);
diff --git a/VoldNativeService.cpp b/VoldNativeService.cpp
index 7f7f289..f17f59f 100644
--- a/VoldNativeService.cpp
+++ b/VoldNativeService.cpp
@@ -92,7 +92,7 @@
}
}
-binder::Status checkUid(uid_t expectedUid) {
+binder::Status checkUidOrRoot(uid_t expectedUid) {
uid_t uid = IPCThreadState::self()->getCallingUid();
if (uid == expectedUid || uid == AID_ROOT) {
return ok();
@@ -147,12 +147,12 @@
return ok();
}
-#define ENFORCE_UID(uid) \
- { \
- binder::Status status = checkUid((uid)); \
- if (!status.isOk()) { \
- return status; \
- } \
+#define ENFORCE_SYSTEM_OR_ROOT \
+ { \
+ binder::Status status = checkUidOrRoot(AID_SYSTEM); \
+ if (!status.isOk()) { \
+ return status; \
+ } \
}
#define CHECK_ARGUMENT_ID(id) \
@@ -217,7 +217,7 @@
binder::Status VoldNativeService::setListener(
const android::sp<android::os::IVoldListener>& listener) {
- ENFORCE_UID(AID_SYSTEM);
+ ENFORCE_SYSTEM_OR_ROOT;
ACQUIRE_LOCK;
VolumeManager::Instance()->setListener(listener);
@@ -225,7 +225,7 @@
}
binder::Status VoldNativeService::monitor() {
- ENFORCE_UID(AID_SYSTEM);
+ ENFORCE_SYSTEM_OR_ROOT;
// Simply acquire/release each lock for watchdog
{ ACQUIRE_LOCK; }
@@ -235,42 +235,42 @@
}
binder::Status VoldNativeService::reset() {
- ENFORCE_UID(AID_SYSTEM);
+ ENFORCE_SYSTEM_OR_ROOT;
ACQUIRE_LOCK;
return translate(VolumeManager::Instance()->reset());
}
binder::Status VoldNativeService::shutdown() {
- ENFORCE_UID(AID_SYSTEM);
+ ENFORCE_SYSTEM_OR_ROOT;
ACQUIRE_LOCK;
return translate(VolumeManager::Instance()->shutdown());
}
binder::Status VoldNativeService::onUserAdded(int32_t userId, int32_t userSerial) {
- ENFORCE_UID(AID_SYSTEM);
+ ENFORCE_SYSTEM_OR_ROOT;
ACQUIRE_LOCK;
return translate(VolumeManager::Instance()->onUserAdded(userId, userSerial));
}
binder::Status VoldNativeService::onUserRemoved(int32_t userId) {
- ENFORCE_UID(AID_SYSTEM);
+ ENFORCE_SYSTEM_OR_ROOT;
ACQUIRE_LOCK;
return translate(VolumeManager::Instance()->onUserRemoved(userId));
}
binder::Status VoldNativeService::onUserStarted(int32_t userId) {
- ENFORCE_UID(AID_SYSTEM);
+ ENFORCE_SYSTEM_OR_ROOT;
ACQUIRE_LOCK;
return translate(VolumeManager::Instance()->onUserStarted(userId));
}
binder::Status VoldNativeService::onUserStopped(int32_t userId) {
- ENFORCE_UID(AID_SYSTEM);
+ ENFORCE_SYSTEM_OR_ROOT;
ACQUIRE_LOCK;
return translate(VolumeManager::Instance()->onUserStopped(userId));
@@ -287,7 +287,7 @@
}
binder::Status VoldNativeService::onSecureKeyguardStateChanged(bool isShowing) {
- ENFORCE_UID(AID_SYSTEM);
+ ENFORCE_SYSTEM_OR_ROOT;
ACQUIRE_LOCK;
return translate(VolumeManager::Instance()->onSecureKeyguardStateChanged(isShowing));
@@ -295,7 +295,7 @@
binder::Status VoldNativeService::partition(const std::string& diskId, int32_t partitionType,
int32_t ratio) {
- ENFORCE_UID(AID_SYSTEM);
+ ENFORCE_SYSTEM_OR_ROOT;
CHECK_ARGUMENT_ID(diskId);
ACQUIRE_LOCK;
@@ -317,7 +317,7 @@
binder::Status VoldNativeService::forgetPartition(const std::string& partGuid,
const std::string& fsUuid) {
- ENFORCE_UID(AID_SYSTEM);
+ ENFORCE_SYSTEM_OR_ROOT;
CHECK_ARGUMENT_HEX(partGuid);
CHECK_ARGUMENT_HEX(fsUuid);
ACQUIRE_LOCK;
@@ -327,7 +327,7 @@
binder::Status VoldNativeService::mount(const std::string& volId, int32_t mountFlags,
int32_t mountUserId) {
- ENFORCE_UID(AID_SYSTEM);
+ ENFORCE_SYSTEM_OR_ROOT;
CHECK_ARGUMENT_ID(volId);
ACQUIRE_LOCK;
@@ -353,7 +353,7 @@
}
binder::Status VoldNativeService::unmount(const std::string& volId) {
- ENFORCE_UID(AID_SYSTEM);
+ ENFORCE_SYSTEM_OR_ROOT;
CHECK_ARGUMENT_ID(volId);
ACQUIRE_LOCK;
@@ -365,7 +365,7 @@
}
binder::Status VoldNativeService::format(const std::string& volId, const std::string& fsType) {
- ENFORCE_UID(AID_SYSTEM);
+ ENFORCE_SYSTEM_OR_ROOT;
CHECK_ARGUMENT_ID(volId);
ACQUIRE_LOCK;
@@ -400,7 +400,7 @@
binder::Status VoldNativeService::benchmark(
const std::string& volId, const android::sp<android::os::IVoldTaskListener>& listener) {
- ENFORCE_UID(AID_SYSTEM);
+ ENFORCE_SYSTEM_OR_ROOT;
CHECK_ARGUMENT_ID(volId);
ACQUIRE_LOCK;
@@ -413,7 +413,7 @@
}
binder::Status VoldNativeService::checkEncryption(const std::string& volId) {
- ENFORCE_UID(AID_SYSTEM);
+ ENFORCE_SYSTEM_OR_ROOT;
CHECK_ARGUMENT_ID(volId);
ACQUIRE_LOCK;
@@ -426,7 +426,7 @@
binder::Status VoldNativeService::moveStorage(
const std::string& fromVolId, const std::string& toVolId,
const android::sp<android::os::IVoldTaskListener>& listener) {
- ENFORCE_UID(AID_SYSTEM);
+ ENFORCE_SYSTEM_OR_ROOT;
CHECK_ARGUMENT_ID(fromVolId);
CHECK_ARGUMENT_ID(toVolId);
ACQUIRE_LOCK;
@@ -444,14 +444,14 @@
}
binder::Status VoldNativeService::remountUid(int32_t uid, int32_t remountMode) {
- ENFORCE_UID(AID_SYSTEM);
+ ENFORCE_SYSTEM_OR_ROOT;
ACQUIRE_LOCK;
return translate(VolumeManager::Instance()->remountUid(uid, remountMode));
}
binder::Status VoldNativeService::mkdirs(const std::string& path) {
- ENFORCE_UID(AID_SYSTEM);
+ ENFORCE_SYSTEM_OR_ROOT;
CHECK_ARGUMENT_PATH(path);
ACQUIRE_LOCK;
@@ -461,7 +461,7 @@
binder::Status VoldNativeService::createObb(const std::string& sourcePath,
const std::string& sourceKey, int32_t ownerGid,
std::string* _aidl_return) {
- ENFORCE_UID(AID_SYSTEM);
+ ENFORCE_SYSTEM_OR_ROOT;
CHECK_ARGUMENT_PATH(sourcePath);
CHECK_ARGUMENT_HEX(sourceKey);
ACQUIRE_LOCK;
@@ -471,7 +471,7 @@
}
binder::Status VoldNativeService::destroyObb(const std::string& volId) {
- ENFORCE_UID(AID_SYSTEM);
+ ENFORCE_SYSTEM_OR_ROOT;
CHECK_ARGUMENT_ID(volId);
ACQUIRE_LOCK;
@@ -481,7 +481,7 @@
binder::Status VoldNativeService::createStubVolume(
const std::string& sourcePath, const std::string& mountPath, const std::string& fsType,
const std::string& fsUuid, const std::string& fsLabel, std::string* _aidl_return) {
- ENFORCE_UID(AID_SYSTEM);
+ ENFORCE_SYSTEM_OR_ROOT;
CHECK_ARGUMENT_PATH(sourcePath);
CHECK_ARGUMENT_PATH(mountPath);
CHECK_ARGUMENT_HEX(fsUuid);
@@ -494,7 +494,7 @@
}
binder::Status VoldNativeService::destroyStubVolume(const std::string& volId) {
- ENFORCE_UID(AID_SYSTEM);
+ ENFORCE_SYSTEM_OR_ROOT;
CHECK_ARGUMENT_ID(volId);
ACQUIRE_LOCK;
@@ -503,7 +503,7 @@
binder::Status VoldNativeService::fstrim(
int32_t fstrimFlags, const android::sp<android::os::IVoldTaskListener>& listener) {
- ENFORCE_UID(AID_SYSTEM);
+ ENFORCE_SYSTEM_OR_ROOT;
ACQUIRE_LOCK;
std::thread([=]() { android::vold::Trim(listener); }).detach();
@@ -512,7 +512,7 @@
binder::Status VoldNativeService::runIdleMaint(
const android::sp<android::os::IVoldTaskListener>& listener) {
- ENFORCE_UID(AID_SYSTEM);
+ ENFORCE_SYSTEM_OR_ROOT;
ACQUIRE_LOCK;
std::thread([=]() { android::vold::RunIdleMaint(listener); }).detach();
@@ -521,7 +521,7 @@
binder::Status VoldNativeService::abortIdleMaint(
const android::sp<android::os::IVoldTaskListener>& listener) {
- ENFORCE_UID(AID_SYSTEM);
+ ENFORCE_SYSTEM_OR_ROOT;
ACQUIRE_LOCK;
std::thread([=]() { android::vold::AbortIdleMaint(listener); }).detach();
@@ -530,14 +530,14 @@
binder::Status VoldNativeService::mountAppFuse(int32_t uid, int32_t mountId,
android::base::unique_fd* _aidl_return) {
- ENFORCE_UID(AID_SYSTEM);
+ ENFORCE_SYSTEM_OR_ROOT;
ACQUIRE_LOCK;
return translate(VolumeManager::Instance()->mountAppFuse(uid, mountId, _aidl_return));
}
binder::Status VoldNativeService::unmountAppFuse(int32_t uid, int32_t mountId) {
- ENFORCE_UID(AID_SYSTEM);
+ ENFORCE_SYSTEM_OR_ROOT;
ACQUIRE_LOCK;
return translate(VolumeManager::Instance()->unmountAppFuse(uid, mountId));
@@ -546,7 +546,7 @@
binder::Status VoldNativeService::openAppFuseFile(int32_t uid, int32_t mountId, int32_t fileId,
int32_t flags,
android::base::unique_fd* _aidl_return) {
- ENFORCE_UID(AID_SYSTEM);
+ ENFORCE_SYSTEM_OR_ROOT;
ACQUIRE_LOCK;
int fd = VolumeManager::Instance()->openAppFuseFile(uid, mountId, fileId, flags);
@@ -561,14 +561,14 @@
}
binder::Status VoldNativeService::fdeCheckPassword(const std::string& password) {
- ENFORCE_UID(AID_SYSTEM);
+ ENFORCE_SYSTEM_OR_ROOT;
ACQUIRE_CRYPT_LOCK;
return translate(cryptfs_check_passwd(password.c_str()));
}
binder::Status VoldNativeService::fdeRestart() {
- ENFORCE_UID(AID_SYSTEM);
+ ENFORCE_SYSTEM_OR_ROOT;
ACQUIRE_CRYPT_LOCK;
// Spawn as thread so init can issue commands back to vold without
@@ -578,7 +578,7 @@
}
binder::Status VoldNativeService::fdeComplete(int32_t* _aidl_return) {
- ENFORCE_UID(AID_SYSTEM);
+ ENFORCE_SYSTEM_OR_ROOT;
ACQUIRE_CRYPT_LOCK;
*_aidl_return = cryptfs_crypto_complete();
@@ -609,7 +609,7 @@
binder::Status VoldNativeService::fdeEnable(int32_t passwordType, const std::string& password,
int32_t encryptionFlags) {
- ENFORCE_UID(AID_SYSTEM);
+ ENFORCE_SYSTEM_OR_ROOT;
ACQUIRE_CRYPT_LOCK;
LOG(DEBUG) << "fdeEnable(" << passwordType << ", *, " << encryptionFlags << ")";
@@ -627,21 +627,21 @@
binder::Status VoldNativeService::fdeChangePassword(int32_t passwordType,
const std::string& password) {
- ENFORCE_UID(AID_SYSTEM);
+ ENFORCE_SYSTEM_OR_ROOT;
ACQUIRE_CRYPT_LOCK;
return translate(cryptfs_changepw(passwordType, password.c_str()));
}
binder::Status VoldNativeService::fdeVerifyPassword(const std::string& password) {
- ENFORCE_UID(AID_SYSTEM);
+ ENFORCE_SYSTEM_OR_ROOT;
ACQUIRE_CRYPT_LOCK;
return translate(cryptfs_verify_passwd(password.c_str()));
}
binder::Status VoldNativeService::fdeGetField(const std::string& key, std::string* _aidl_return) {
- ENFORCE_UID(AID_SYSTEM);
+ ENFORCE_SYSTEM_OR_ROOT;
ACQUIRE_CRYPT_LOCK;
char buf[PROPERTY_VALUE_MAX];
@@ -654,14 +654,14 @@
}
binder::Status VoldNativeService::fdeSetField(const std::string& key, const std::string& value) {
- ENFORCE_UID(AID_SYSTEM);
+ ENFORCE_SYSTEM_OR_ROOT;
ACQUIRE_CRYPT_LOCK;
return translate(cryptfs_setfield(key.c_str(), value.c_str()));
}
binder::Status VoldNativeService::fdeGetPasswordType(int32_t* _aidl_return) {
- ENFORCE_UID(AID_SYSTEM);
+ ENFORCE_SYSTEM_OR_ROOT;
ACQUIRE_CRYPT_LOCK;
*_aidl_return = cryptfs_get_password_type();
@@ -669,7 +669,7 @@
}
binder::Status VoldNativeService::fdeGetPassword(std::string* _aidl_return) {
- ENFORCE_UID(AID_SYSTEM);
+ ENFORCE_SYSTEM_OR_ROOT;
ACQUIRE_CRYPT_LOCK;
const char* res = cryptfs_get_password();
@@ -680,7 +680,7 @@
}
binder::Status VoldNativeService::fdeClearPassword() {
- ENFORCE_UID(AID_SYSTEM);
+ ENFORCE_SYSTEM_OR_ROOT;
ACQUIRE_CRYPT_LOCK;
cryptfs_clear_password();
@@ -688,14 +688,14 @@
}
binder::Status VoldNativeService::fbeEnable() {
- ENFORCE_UID(AID_SYSTEM);
+ ENFORCE_SYSTEM_OR_ROOT;
ACQUIRE_CRYPT_LOCK;
return translateBool(fscrypt_initialize_systemwide_keys());
}
binder::Status VoldNativeService::mountDefaultEncrypted() {
- ENFORCE_UID(AID_SYSTEM);
+ ENFORCE_SYSTEM_OR_ROOT;
ACQUIRE_CRYPT_LOCK;
if (!fscrypt_is_native()) {
@@ -707,14 +707,14 @@
}
binder::Status VoldNativeService::initUser0() {
- ENFORCE_UID(AID_SYSTEM);
+ ENFORCE_SYSTEM_OR_ROOT;
ACQUIRE_CRYPT_LOCK;
return translateBool(fscrypt_init_user0());
}
binder::Status VoldNativeService::isConvertibleToFbe(bool* _aidl_return) {
- ENFORCE_UID(AID_SYSTEM);
+ ENFORCE_SYSTEM_OR_ROOT;
ACQUIRE_CRYPT_LOCK;
*_aidl_return = cryptfs_isConvertibleToFBE() != 0;
@@ -723,7 +723,7 @@
binder::Status VoldNativeService::mountFstab(const std::string& blkDevice,
const std::string& mountPoint) {
- ENFORCE_UID(AID_SYSTEM);
+ ENFORCE_SYSTEM_OR_ROOT;
ACQUIRE_LOCK;
return translateBool(fscrypt_mount_metadata_encrypted(blkDevice, mountPoint, false));
@@ -731,21 +731,21 @@
binder::Status VoldNativeService::encryptFstab(const std::string& blkDevice,
const std::string& mountPoint) {
- ENFORCE_UID(AID_SYSTEM);
+ ENFORCE_SYSTEM_OR_ROOT;
ACQUIRE_LOCK;
return translateBool(fscrypt_mount_metadata_encrypted(blkDevice, mountPoint, true));
}
binder::Status VoldNativeService::createUserKey(int32_t userId, int32_t userSerial, bool ephemeral) {
- ENFORCE_UID(AID_SYSTEM);
+ ENFORCE_SYSTEM_OR_ROOT;
ACQUIRE_CRYPT_LOCK;
return translateBool(fscrypt_vold_create_user_key(userId, userSerial, ephemeral));
}
binder::Status VoldNativeService::destroyUserKey(int32_t userId) {
- ENFORCE_UID(AID_SYSTEM);
+ ENFORCE_SYSTEM_OR_ROOT;
ACQUIRE_CRYPT_LOCK;
return translateBool(fscrypt_destroy_user_key(userId));
@@ -754,14 +754,14 @@
binder::Status VoldNativeService::addUserKeyAuth(int32_t userId, int32_t userSerial,
const std::string& token,
const std::string& secret) {
- ENFORCE_UID(AID_SYSTEM);
+ ENFORCE_SYSTEM_OR_ROOT;
ACQUIRE_CRYPT_LOCK;
return translateBool(fscrypt_add_user_key_auth(userId, userSerial, token, secret));
}
binder::Status VoldNativeService::fixateNewestUserKeyAuth(int32_t userId) {
- ENFORCE_UID(AID_SYSTEM);
+ ENFORCE_SYSTEM_OR_ROOT;
ACQUIRE_CRYPT_LOCK;
return translateBool(fscrypt_fixate_newest_user_key_auth(userId));
@@ -770,14 +770,14 @@
binder::Status VoldNativeService::unlockUserKey(int32_t userId, int32_t userSerial,
const std::string& token,
const std::string& secret) {
- ENFORCE_UID(AID_SYSTEM);
+ ENFORCE_SYSTEM_OR_ROOT;
ACQUIRE_CRYPT_LOCK;
return translateBool(fscrypt_unlock_user_key(userId, userSerial, token, secret));
}
binder::Status VoldNativeService::lockUserKey(int32_t userId) {
- ENFORCE_UID(AID_SYSTEM);
+ ENFORCE_SYSTEM_OR_ROOT;
ACQUIRE_CRYPT_LOCK;
return translateBool(fscrypt_lock_user_key(userId));
@@ -786,7 +786,7 @@
binder::Status VoldNativeService::prepareUserStorage(const std::unique_ptr<std::string>& uuid,
int32_t userId, int32_t userSerial,
int32_t flags) {
- ENFORCE_UID(AID_SYSTEM);
+ ENFORCE_SYSTEM_OR_ROOT;
std::string empty_string = "";
auto uuid_ = uuid ? *uuid : empty_string;
CHECK_ARGUMENT_HEX(uuid_);
@@ -797,7 +797,7 @@
binder::Status VoldNativeService::destroyUserStorage(const std::unique_ptr<std::string>& uuid,
int32_t userId, int32_t flags) {
- ENFORCE_UID(AID_SYSTEM);
+ ENFORCE_SYSTEM_OR_ROOT;
std::string empty_string = "";
auto uuid_ = uuid ? *uuid : empty_string;
CHECK_ARGUMENT_HEX(uuid_);
@@ -819,14 +819,14 @@
}
binder::Status VoldNativeService::startCheckpoint(int32_t retry) {
- ENFORCE_UID(AID_SYSTEM);
+ ENFORCE_SYSTEM_OR_ROOT;
ACQUIRE_LOCK;
return cp_startCheckpoint(retry);
}
binder::Status VoldNativeService::needsRollback(bool* _aidl_return) {
- ENFORCE_UID(AID_SYSTEM);
+ ENFORCE_SYSTEM_OR_ROOT;
ACQUIRE_LOCK;
*_aidl_return = cp_needsRollback();
@@ -834,7 +834,7 @@
}
binder::Status VoldNativeService::needsCheckpoint(bool* _aidl_return) {
- ENFORCE_UID(AID_SYSTEM);
+ ENFORCE_SYSTEM_OR_ROOT;
ACQUIRE_LOCK;
*_aidl_return = cp_needsCheckpoint();
@@ -842,21 +842,21 @@
}
binder::Status VoldNativeService::commitChanges() {
- ENFORCE_UID(AID_SYSTEM);
+ ENFORCE_SYSTEM_OR_ROOT;
ACQUIRE_LOCK;
return cp_commitChanges();
}
binder::Status VoldNativeService::prepareCheckpoint() {
- ENFORCE_UID(AID_SYSTEM);
+ ENFORCE_SYSTEM_OR_ROOT;
ACQUIRE_LOCK;
return cp_prepareCheckpoint();
}
binder::Status VoldNativeService::restoreCheckpoint(const std::string& mountPoint) {
- ENFORCE_UID(AID_SYSTEM);
+ ENFORCE_SYSTEM_OR_ROOT;
CHECK_ARGUMENT_PATH(mountPoint);
ACQUIRE_LOCK;
@@ -864,7 +864,7 @@
}
binder::Status VoldNativeService::restoreCheckpointPart(const std::string& mountPoint, int count) {
- ENFORCE_UID(AID_SYSTEM);
+ ENFORCE_SYSTEM_OR_ROOT;
CHECK_ARGUMENT_PATH(mountPoint);
ACQUIRE_LOCK;
@@ -872,14 +872,14 @@
}
binder::Status VoldNativeService::markBootAttempt() {
- ENFORCE_UID(AID_SYSTEM);
+ ENFORCE_SYSTEM_OR_ROOT;
ACQUIRE_LOCK;
return cp_markBootAttempt();
}
binder::Status VoldNativeService::abortChanges(const std::string& message, bool retry) {
- ENFORCE_UID(AID_SYSTEM);
+ ENFORCE_SYSTEM_OR_ROOT;
ACQUIRE_LOCK;
cp_abortChanges(message, retry);
@@ -887,25 +887,33 @@
}
binder::Status VoldNativeService::supportsCheckpoint(bool* _aidl_return) {
- ENFORCE_UID(AID_SYSTEM);
+ ENFORCE_SYSTEM_OR_ROOT;
ACQUIRE_LOCK;
return cp_supportsCheckpoint(*_aidl_return);
}
binder::Status VoldNativeService::supportsBlockCheckpoint(bool* _aidl_return) {
- ENFORCE_UID(AID_SYSTEM);
+ ENFORCE_SYSTEM_OR_ROOT;
ACQUIRE_LOCK;
return cp_supportsBlockCheckpoint(*_aidl_return);
}
binder::Status VoldNativeService::supportsFileCheckpoint(bool* _aidl_return) {
- ENFORCE_UID(AID_SYSTEM);
+ ENFORCE_SYSTEM_OR_ROOT;
ACQUIRE_LOCK;
return cp_supportsFileCheckpoint(*_aidl_return);
}
+binder::Status VoldNativeService::resetCheckpoint() {
+ ENFORCE_SYSTEM_OR_ROOT;
+ ACQUIRE_LOCK;
+
+ cp_resetCheckpoint();
+ return ok();
+}
+
} // namespace vold
} // namespace android
diff --git a/VoldNativeService.h b/VoldNativeService.h
index 07a0b9f..13137c5 100644
--- a/VoldNativeService.h
+++ b/VoldNativeService.h
@@ -140,6 +140,7 @@
binder::Status supportsCheckpoint(bool* _aidl_return);
binder::Status supportsBlockCheckpoint(bool* _aidl_return);
binder::Status supportsFileCheckpoint(bool* _aidl_return);
+ binder::Status resetCheckpoint();
};
} // namespace vold
diff --git a/binder/android/os/IVold.aidl b/binder/android/os/IVold.aidl
index 03fe258..8e5c53d 100644
--- a/binder/android/os/IVold.aidl
+++ b/binder/android/os/IVold.aidl
@@ -116,6 +116,7 @@
boolean supportsCheckpoint();
boolean supportsBlockCheckpoint();
boolean supportsFileCheckpoint();
+ void resetCheckpoint();
@utf8InCpp String createStubVolume(@utf8InCpp String sourcePath,
@utf8InCpp String mountPath, @utf8InCpp String fsType,
diff --git a/fscrypt_uapi.h b/fscrypt_uapi.h
new file mode 100644
index 0000000..3999036
--- /dev/null
+++ b/fscrypt_uapi.h
@@ -0,0 +1,48 @@
+#ifndef _UAPI_LINUX_FSCRYPT_H
+#define _UAPI_LINUX_FSCRYPT_H
+
+// Definitions for FS_IOC_ADD_ENCRYPTION_KEY and FS_IOC_REMOVE_ENCRYPTION_KEY
+
+// TODO: switch to <linux/fscrypt.h> once it's in Bionic
+
+#ifndef FS_IOC_ADD_ENCRYPTION_KEY
+
+#include <linux/types.h>
+
+#define FSCRYPT_KEY_DESCRIPTOR_SIZE 8
+#define FSCRYPT_KEY_IDENTIFIER_SIZE 16
+
+#define FSCRYPT_KEY_SPEC_TYPE_DESCRIPTOR 1
+#define FSCRYPT_KEY_SPEC_TYPE_IDENTIFIER 2
+
+struct fscrypt_key_specifier {
+ __u32 type;
+ __u32 __reserved;
+ union {
+ __u8 __reserved[32];
+ __u8 descriptor[FSCRYPT_KEY_DESCRIPTOR_SIZE];
+ __u8 identifier[FSCRYPT_KEY_IDENTIFIER_SIZE];
+ } u;
+};
+
+struct fscrypt_add_key_arg {
+ struct fscrypt_key_specifier key_spec;
+ __u32 raw_size;
+ __u32 __reserved[9];
+ __u8 raw[];
+};
+
+struct fscrypt_remove_key_arg {
+ struct fscrypt_key_specifier key_spec;
+#define FSCRYPT_KEY_REMOVAL_STATUS_FLAG_FILES_BUSY 0x00000001
+#define FSCRYPT_KEY_REMOVAL_STATUS_FLAG_OTHER_USERS 0x00000002
+ __u32 removal_status_flags;
+ __u32 __reserved[5];
+};
+
+#define FS_IOC_ADD_ENCRYPTION_KEY _IOWR('f', 23, struct fscrypt_add_key_arg)
+#define FS_IOC_REMOVE_ENCRYPTION_KEY _IOWR('f', 24, struct fscrypt_remove_key_arg)
+
+#endif /* FS_IOC_ADD_ENCRYPTION_KEY */
+
+#endif /* _UAPI_LINUX_FSCRYPT_H */
diff --git a/vdc.cpp b/vdc.cpp
index 839e70e..c1b7781 100644
--- a/vdc.cpp
+++ b/vdc.cpp
@@ -147,6 +147,8 @@
int retry;
if (!android::base::ParseInt(args[2], &retry)) exit(EINVAL);
checkStatus(args, vold->abortChanges(args[2], retry != 0));
+ } else if (args[0] == "checkpoint" && args[1] == "resetCheckpoint") {
+ checkStatus(args, vold->resetCheckpoint());
} else {
LOG(ERROR) << "Raw commands are no longer supported";
exit(EINVAL);