Support zoned device with dm-default-key
Note that, encrypt_inplace cannot support zoned device, since it
doesn't support in-place updates. And, dm-default-key will have
a different key.
Bug: 172378121
Signed-off-by: Jaegeuk Kim <jaegeuk@google.com>
Change-Id: I34cb1e747e0f3faa07c5a4bfeded11fb789a033c
diff --git a/MetadataCrypt.cpp b/MetadataCrypt.cpp
index 5c9e644..4152e25 100644
--- a/MetadataCrypt.cpp
+++ b/MetadataCrypt.cpp
@@ -63,6 +63,7 @@
};
static const std::string kDmNameUserdata = "userdata";
+static const std::string kDmNameUserdataZoned = "userdata_zoned";
// The first entry in this table is the default crypto type.
constexpr CryptoType supported_crypto_types[] = {aes_256_xts, adiantum};
@@ -238,10 +239,11 @@
bool fscrypt_mount_metadata_encrypted(const std::string& blk_device, const std::string& mount_point,
bool needs_encrypt, bool should_format,
- const std::string& fs_type) {
+ const std::string& fs_type, const std::string& zoned_device) {
LOG(DEBUG) << "fscrypt_mount_metadata_encrypted: " << mount_point
<< " encrypt: " << needs_encrypt << " format: " << should_format << " with "
- << fs_type;
+ << fs_type << " block device: " << blk_device
+ << " and zoned device: " << zoned_device;
auto encrypted_state = android::base::GetProperty("ro.crypto.state", "");
if (encrypted_state != "" && encrypted_state != "encrypted") {
LOG(ERROR) << "fscrypt_mount_metadata_encrypted got unexpected starting state: "
@@ -280,9 +282,13 @@
return false;
}
+ auto default_metadata_key_dir = data_rec->metadata_key_dir;
+ if (!zoned_device.empty()) {
+ default_metadata_key_dir = default_metadata_key_dir + "/default";
+ }
auto gen = needs_encrypt ? makeGen(options) : neverGen();
KeyBuffer key;
- if (!read_key(data_rec->metadata_key_dir, gen, &key)) {
+ if (!read_key(default_metadata_key_dir, gen, &key)) {
LOG(ERROR) << "read_key failed in mountFstab";
return false;
}
@@ -295,6 +301,23 @@
return false;
}
+ // create dm-default-key for zoned device
+ std::string crypto_zoned_blkdev;
+ if (!zoned_device.empty()) {
+ auto zoned_metadata_key_dir = data_rec->metadata_key_dir + "/zoned";
+
+ if (!read_key(zoned_metadata_key_dir, gen, &key)) {
+ LOG(ERROR) << "read_key failed with zoned device: " << zoned_device;
+ return false;
+ }
+ if (!create_crypto_blk_dev(kDmNameUserdataZoned, zoned_device, key, options,
+ &crypto_zoned_blkdev, &nr_sec)) {
+ LOG(ERROR) << "fscrypt_mount_metadata_encrypted: failed with zoned device: "
+ << zoned_device;
+ return false;
+ }
+ }
+
if (needs_encrypt) {
if (should_format) {
status_t error;
@@ -302,7 +325,7 @@
if (fs_type == "ext4") {
error = ext4::Format(crypto_blkdev, 0, mount_point);
} else if (fs_type == "f2fs") {
- error = f2fs::Format(crypto_blkdev);
+ error = f2fs::Format(crypto_blkdev, crypto_zoned_blkdev);
} else {
LOG(ERROR) << "Unknown filesystem type: " << fs_type;
return false;
@@ -314,6 +337,10 @@
}
LOG(DEBUG) << "Format of " << crypto_blkdev << " for " << mount_point << " succeeded.";
} else {
+ if (!zoned_device.empty()) {
+ LOG(ERROR) << "encrypt_inplace cannot support zoned device; should format it.";
+ return false;
+ }
if (!encrypt_inplace(crypto_blkdev, blk_device, nr_sec)) {
LOG(ERROR) << "encrypt_inplace failed in mountFstab";
return false;
diff --git a/MetadataCrypt.h b/MetadataCrypt.h
index 06131ad..f6d6b8e 100644
--- a/MetadataCrypt.h
+++ b/MetadataCrypt.h
@@ -28,7 +28,8 @@
void defaultkey_precreate_dm_device();
bool fscrypt_mount_metadata_encrypted(const std::string& block_device,
const std::string& mount_point, bool needs_encrypt,
- bool should_format, const std::string& fs_type);
+ bool should_format, const std::string& fs_type,
+ const std::string& zoned_device);
bool defaultkey_volume_keygen(KeyGeneration* gen);
diff --git a/VoldNativeService.cpp b/VoldNativeService.cpp
index 8ba3aaf..51dab49 100644
--- a/VoldNativeService.cpp
+++ b/VoldNativeService.cpp
@@ -566,22 +566,24 @@
}
binder::Status VoldNativeService::mountFstab(const std::string& blkDevice,
- const std::string& mountPoint) {
+ const std::string& mountPoint,
+ const std::string& zonedDevice) {
ENFORCE_SYSTEM_OR_ROOT;
ACQUIRE_LOCK;
- return translateBool(
- fscrypt_mount_metadata_encrypted(blkDevice, mountPoint, false, false, "null"));
+ return translateBool(fscrypt_mount_metadata_encrypted(blkDevice, mountPoint, false, false,
+ "null", zonedDevice));
}
binder::Status VoldNativeService::encryptFstab(const std::string& blkDevice,
const std::string& mountPoint, bool shouldFormat,
- const std::string& fsType) {
+ const std::string& fsType,
+ const std::string& zonedDevice) {
ENFORCE_SYSTEM_OR_ROOT;
ACQUIRE_LOCK;
- return translateBool(
- fscrypt_mount_metadata_encrypted(blkDevice, mountPoint, true, shouldFormat, fsType));
+ return translateBool(fscrypt_mount_metadata_encrypted(blkDevice, mountPoint, true, shouldFormat,
+ fsType, zonedDevice));
}
binder::Status VoldNativeService::setStorageBindingSeed(const std::vector<uint8_t>& seed) {
diff --git a/VoldNativeService.h b/VoldNativeService.h
index 423e8f9..4feeada 100644
--- a/VoldNativeService.h
+++ b/VoldNativeService.h
@@ -103,9 +103,11 @@
binder::Status fbeEnable();
binder::Status initUser0();
- binder::Status mountFstab(const std::string& blkDevice, const std::string& mountPoint);
+ binder::Status mountFstab(const std::string& blkDevice, const std::string& mountPoint,
+ const std::string& zonedDevice);
binder::Status encryptFstab(const std::string& blkDevice, const std::string& mountPoint,
- bool shouldFormat, const std::string& fsType);
+ bool shouldFormat, const std::string& fsType,
+ const std::string& zonedDevice);
binder::Status setStorageBindingSeed(const std::vector<uint8_t>& seed);
diff --git a/binder/android/os/IVold.aidl b/binder/android/os/IVold.aidl
index d77c7da..a946797 100644
--- a/binder/android/os/IVold.aidl
+++ b/binder/android/os/IVold.aidl
@@ -79,8 +79,8 @@
void fbeEnable();
void initUser0();
- void mountFstab(@utf8InCpp String blkDevice, @utf8InCpp String mountPoint);
- void encryptFstab(@utf8InCpp String blkDevice, @utf8InCpp String mountPoint, boolean shouldFormat, @utf8InCpp String fsType);
+ void mountFstab(@utf8InCpp String blkDevice, @utf8InCpp String mountPoint, @utf8InCpp String zonedDevice);
+ void encryptFstab(@utf8InCpp String blkDevice, @utf8InCpp String mountPoint, boolean shouldFormat, @utf8InCpp String fsType, @utf8InCpp String zonedDevice);
void setStorageBindingSeed(in byte[] seed);
diff --git a/fs/F2fs.cpp b/fs/F2fs.cpp
index 55b0823..23363e3 100644
--- a/fs/F2fs.cpp
+++ b/fs/F2fs.cpp
@@ -71,7 +71,7 @@
return res;
}
-status_t Format(const std::string& source) {
+status_t Format(const std::string& source, const std::string& zoned_device) {
std::vector<char const*> cmd;
cmd.emplace_back(kMkfsPath);
@@ -96,6 +96,11 @@
cmd.emplace_back("-C");
cmd.emplace_back("utf8");
}
+ if (!zoned_device.empty()) {
+ cmd.emplace_back("-c");
+ cmd.emplace_back(zoned_device.c_str());
+ cmd.emplace_back("-m");
+ }
cmd.emplace_back(source.c_str());
return logwrap_fork_execvp(cmd.size(), cmd.data(), nullptr, false, LOG_KLOG,
false, nullptr);
diff --git a/fs/F2fs.h b/fs/F2fs.h
index f710212..cdad581 100644
--- a/fs/F2fs.h
+++ b/fs/F2fs.h
@@ -29,7 +29,7 @@
status_t Check(const std::string& source);
status_t Mount(const std::string& source, const std::string& target);
-status_t Format(const std::string& source);
+status_t Format(const std::string& source, const std::string& zoned_device = "");
} // namespace f2fs
} // namespace vold
diff --git a/vdc.cpp b/vdc.cpp
index 740e246..b63abbb 100644
--- a/vdc.cpp
+++ b/vdc.cpp
@@ -124,14 +124,14 @@
checkStatus(args, vold->reset());
} else if (args[0] == "cryptfs" && args[1] == "bindkeys") {
bindkeys(args, vold);
- } else if (args[0] == "cryptfs" && args[1] == "mountFstab" && args.size() == 4) {
- checkStatus(args, vold->mountFstab(args[2], args[3]));
- } else if (args[0] == "cryptfs" && args[1] == "encryptFstab" && args.size() == 6) {
+ } else if (args[0] == "cryptfs" && args[1] == "mountFstab" && args.size() == 5) {
+ checkStatus(args, vold->mountFstab(args[2], args[3], args[4]));
+ } else if (args[0] == "cryptfs" && args[1] == "encryptFstab" && args.size() == 7) {
auto shouldFormat = android::base::ParseBool(args[4]);
if (shouldFormat == android::base::ParseBoolResult::kError) exit(EINVAL);
checkStatus(args, vold->encryptFstab(args[2], args[3],
shouldFormat == android::base::ParseBoolResult::kTrue,
- args[5]));
+ args[5], args[6]));
} else if (args[0] == "checkpoint" && args[1] == "supportsCheckpoint" && args.size() == 2) {
bool supported = false;
checkStatus(args, vold->supportsCheckpoint(&supported));