blob: 310610c713fb3f1effe6fc6a04403277a436d909 [file] [log] [blame]
Jeff Sharkey068c6be2017-09-06 13:47:40 -06001/*
2 * Copyright (C) 2017 The Android Open Source Project
3 *
4 * Licensed under the Apache License, Version 2.0 (the "License");
5 * you may not use this file except in compliance with the License.
6 * You may obtain a copy of the License at
7 *
8 * http://www.apache.org/licenses/LICENSE-2.0
9 *
10 * Unless required by applicable law or agreed to in writing, software
11 * distributed under the License is distributed on an "AS IS" BASIS,
12 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13 * See the License for the specific language governing permissions and
14 * limitations under the License.
15 */
16
17#include "VoldNativeService.h"
18#include "VolumeManager.h"
Jeff Sharkey52f7a912017-09-15 12:57:44 -060019#include "BenchmarkTask.h"
Jeff Sharkey9462bdd2017-09-07 15:27:28 -060020#include "MoveTask.h"
Jeff Sharkey83b559c2017-09-12 16:30:52 -060021#include "Process.h"
Jeff Sharkey11c2d382017-09-11 10:32:01 -060022#include "TrimTask.h"
Jeff Sharkey068c6be2017-09-06 13:47:40 -060023
Jeff Sharkey83b559c2017-09-12 16:30:52 -060024#include "cryptfs.h"
25#include "Ext4Crypt.h"
26#include "MetadataCrypt.h"
27
Jeff Sharkey068c6be2017-09-06 13:47:40 -060028#include <fstream>
29
30#include <android-base/logging.h>
31#include <android-base/stringprintf.h>
32#include <android-base/strings.h>
Jeff Sharkey11c2d382017-09-11 10:32:01 -060033#include <fs_mgr.h>
Jeff Sharkey068c6be2017-09-06 13:47:40 -060034#include <private/android_filesystem_config.h>
35
36#ifndef LOG_TAG
37#define LOG_TAG "vold"
38#endif
39
40using android::base::StringPrintf;
41using std::endl;
42
43namespace android {
44namespace vold {
45
46namespace {
47
48constexpr const char* kDump = "android.permission.DUMP";
49
50static binder::Status ok() {
51 return binder::Status::ok();
52}
53
54static binder::Status exception(uint32_t code, const std::string& msg) {
55 return binder::Status::fromExceptionCode(code, String8(msg.c_str()));
56}
57
Jeff Sharkey9462bdd2017-09-07 15:27:28 -060058static binder::Status error(const std::string& msg) {
59 PLOG(ERROR) << msg;
60 return binder::Status::fromServiceSpecificError(errno, String8(msg.c_str()));
61}
62
Jeff Sharkey83b559c2017-09-12 16:30:52 -060063static binder::Status translate(int status) {
Jeff Sharkey9462bdd2017-09-07 15:27:28 -060064 if (status == 0) {
65 return binder::Status::ok();
66 } else {
Jeff Sharkey11c2d382017-09-11 10:32:01 -060067 return binder::Status::fromServiceSpecificError(status);
Jeff Sharkey9462bdd2017-09-07 15:27:28 -060068 }
69}
70
Jeff Sharkey83b559c2017-09-12 16:30:52 -060071static binder::Status translateBool(bool status) {
72 if (status) {
73 return binder::Status::ok();
74 } else {
75 return binder::Status::fromServiceSpecificError(status);
76 }
77}
78
Jeff Sharkey068c6be2017-09-06 13:47:40 -060079binder::Status checkPermission(const char* permission) {
80 pid_t pid;
81 uid_t uid;
82
83 if (checkCallingPermission(String16(permission), reinterpret_cast<int32_t*>(&pid),
84 reinterpret_cast<int32_t*>(&uid))) {
85 return ok();
86 } else {
87 return exception(binder::Status::EX_SECURITY,
88 StringPrintf("UID %d / PID %d lacks permission %s", uid, pid, permission));
89 }
90}
91
92binder::Status checkUid(uid_t expectedUid) {
93 uid_t uid = IPCThreadState::self()->getCallingUid();
94 if (uid == expectedUid || uid == AID_ROOT) {
95 return ok();
96 } else {
97 return exception(binder::Status::EX_SECURITY,
98 StringPrintf("UID %d is not expected UID %d", uid, expectedUid));
99 }
100}
101
Jeff Sharkeyec4fda22017-09-12 13:19:24 -0600102binder::Status checkArgumentId(const std::string& id) {
103 if (id.empty()) {
104 return exception(binder::Status::EX_ILLEGAL_ARGUMENT, "Missing ID");
105 }
106 for (const char& c : id) {
107 if (!std::isalnum(c) && c != ':' && c != ',') {
108 return exception(binder::Status::EX_ILLEGAL_ARGUMENT,
109 StringPrintf("ID %s is malformed", id.c_str()));
110 }
111 }
112 return ok();
113}
114
115binder::Status checkArgumentPath(const std::string& path) {
116 if (path.empty()) {
117 return exception(binder::Status::EX_ILLEGAL_ARGUMENT, "Missing path");
118 }
119 if (path[0] != '/') {
120 return exception(binder::Status::EX_ILLEGAL_ARGUMENT,
121 StringPrintf("Path %s is relative", path.c_str()));
122 }
123 for (const char& c : path) {
124 if (c == '\0' || c == '\n') {
125 return exception(binder::Status::EX_ILLEGAL_ARGUMENT,
126 StringPrintf("Path %s is malformed", path.c_str()));
127 }
128 }
129 return ok();
130}
131
132binder::Status checkArgumentHex(const std::string& hex) {
133 // Empty hex strings are allowed
134 for (const char& c : hex) {
135 if (!std::isxdigit(c) && c != ':' && c != '-') {
136 return exception(binder::Status::EX_ILLEGAL_ARGUMENT,
137 StringPrintf("Hex %s is malformed", hex.c_str()));
138 }
139 }
140 return ok();
141}
142
Jeff Sharkey068c6be2017-09-06 13:47:40 -0600143#define ENFORCE_UID(uid) { \
144 binder::Status status = checkUid((uid)); \
145 if (!status.isOk()) { \
146 return status; \
147 } \
148}
149
Jeff Sharkeyec4fda22017-09-12 13:19:24 -0600150#define CHECK_ARGUMENT_ID(id) { \
151 binder::Status status = checkArgumentId((id)); \
152 if (!status.isOk()) { \
153 return status; \
154 } \
155}
156
157#define CHECK_ARGUMENT_PATH(path) { \
158 binder::Status status = checkArgumentPath((path)); \
159 if (!status.isOk()) { \
160 return status; \
161 } \
162}
163
164#define CHECK_ARGUMENT_HEX(hex) { \
165 binder::Status status = checkArgumentHex((hex)); \
166 if (!status.isOk()) { \
167 return status; \
168 } \
169}
170
Jeff Sharkey83b559c2017-09-12 16:30:52 -0600171#define ACQUIRE_LOCK \
172 std::lock_guard<std::mutex> lock(VolumeManager::Instance()->getLock());
173
174#define ACQUIRE_CRYPT_LOCK \
175 std::lock_guard<std::mutex> lock(VolumeManager::Instance()->getCryptLock());
Jeff Sharkey9462bdd2017-09-07 15:27:28 -0600176
Jeff Sharkey068c6be2017-09-06 13:47:40 -0600177} // namespace
178
179status_t VoldNativeService::start() {
180 IPCThreadState::self()->disableBackgroundScheduling(true);
181 status_t ret = BinderService<VoldNativeService>::publish();
182 if (ret != android::OK) {
183 return ret;
184 }
185 sp<ProcessState> ps(ProcessState::self());
186 ps->startThreadPool();
187 ps->giveThreadPoolName();
188 return android::OK;
189}
190
191status_t VoldNativeService::dump(int fd, const Vector<String16> & /* args */) {
192 auto out = std::fstream(StringPrintf("/proc/self/fd/%d", fd));
193 const binder::Status dump_permission = checkPermission(kDump);
194 if (!dump_permission.isOk()) {
195 out << dump_permission.toString8() << endl;
196 return PERMISSION_DENIED;
197 }
198
Jeff Sharkey9462bdd2017-09-07 15:27:28 -0600199 ACQUIRE_LOCK;
Jeff Sharkey068c6be2017-09-06 13:47:40 -0600200 out << "vold is happy!" << endl;
201 out.flush();
Jeff Sharkey068c6be2017-09-06 13:47:40 -0600202 return NO_ERROR;
203}
204
Jeff Sharkey814e9d32017-09-13 11:49:44 -0600205binder::Status VoldNativeService::setListener(
206 const android::sp<android::os::IVoldListener>& listener) {
207 ENFORCE_UID(AID_SYSTEM);
208 ACQUIRE_LOCK;
209
210 VolumeManager::Instance()->setListener(listener);
211 return ok();
212}
213
Jeff Sharkeycbe69fc2017-09-15 16:50:28 -0600214binder::Status VoldNativeService::monitor() {
215 ENFORCE_UID(AID_SYSTEM);
216
217 // Simply acquire/release each lock for watchdog
218 {
219 ACQUIRE_LOCK;
220 }
221 {
222 ACQUIRE_CRYPT_LOCK;
223 }
224
225 return ok();
226}
227
Jeff Sharkey068c6be2017-09-06 13:47:40 -0600228binder::Status VoldNativeService::reset() {
229 ENFORCE_UID(AID_SYSTEM);
Jeff Sharkey9462bdd2017-09-07 15:27:28 -0600230 ACQUIRE_LOCK;
Jeff Sharkey068c6be2017-09-06 13:47:40 -0600231
Jeff Sharkey9462bdd2017-09-07 15:27:28 -0600232 return translate(VolumeManager::Instance()->reset());
233}
234
235binder::Status VoldNativeService::shutdown() {
236 ENFORCE_UID(AID_SYSTEM);
237 ACQUIRE_LOCK;
238
239 return translate(VolumeManager::Instance()->shutdown());
240}
241
Jeff Sharkey11c2d382017-09-11 10:32:01 -0600242binder::Status VoldNativeService::mountAll() {
Jeff Sharkey9462bdd2017-09-07 15:27:28 -0600243 ENFORCE_UID(AID_SYSTEM);
244 ACQUIRE_LOCK;
245
Jeff Sharkey11c2d382017-09-11 10:32:01 -0600246 struct fstab* fstab = fs_mgr_read_fstab_default();
247 int res = fs_mgr_mount_all(fstab, MOUNT_MODE_DEFAULT);
248 fs_mgr_free_fstab(fstab);
249 return translate(res);
Jeff Sharkey9462bdd2017-09-07 15:27:28 -0600250}
251
252binder::Status VoldNativeService::onUserAdded(int32_t userId, int32_t userSerial) {
253 ENFORCE_UID(AID_SYSTEM);
254 ACQUIRE_LOCK;
255
256 return translate(VolumeManager::Instance()->onUserAdded(userId, userSerial));
257}
258
259binder::Status VoldNativeService::onUserRemoved(int32_t userId) {
260 ENFORCE_UID(AID_SYSTEM);
261 ACQUIRE_LOCK;
262
263 return translate(VolumeManager::Instance()->onUserRemoved(userId));
264}
265
266binder::Status VoldNativeService::onUserStarted(int32_t userId) {
267 ENFORCE_UID(AID_SYSTEM);
268 ACQUIRE_LOCK;
269
270 return translate(VolumeManager::Instance()->onUserStarted(userId));
271}
272
273binder::Status VoldNativeService::onUserStopped(int32_t userId) {
274 ENFORCE_UID(AID_SYSTEM);
275 ACQUIRE_LOCK;
276
277 return translate(VolumeManager::Instance()->onUserStopped(userId));
278}
279
Jeff Sharkey11c2d382017-09-11 10:32:01 -0600280binder::Status VoldNativeService::partition(const std::string& diskId, int32_t partitionType,
281 int32_t ratio) {
Jeff Sharkey9462bdd2017-09-07 15:27:28 -0600282 ENFORCE_UID(AID_SYSTEM);
Jeff Sharkeyec4fda22017-09-12 13:19:24 -0600283 CHECK_ARGUMENT_ID(diskId);
Jeff Sharkey9462bdd2017-09-07 15:27:28 -0600284 ACQUIRE_LOCK;
285
286 auto disk = VolumeManager::Instance()->findDisk(diskId);
287 if (disk == nullptr) {
288 return error("Failed to find disk " + diskId);
289 }
290 switch (partitionType) {
291 case PARTITION_TYPE_PUBLIC: return translate(disk->partitionPublic());
292 case PARTITION_TYPE_PRIVATE: return translate(disk->partitionPrivate());
293 case PARTITION_TYPE_MIXED: return translate(disk->partitionMixed(ratio));
294 default: return error("Unknown type " + std::to_string(partitionType));
295 }
296}
297
298binder::Status VoldNativeService::forgetPartition(const std::string& partGuid) {
299 ENFORCE_UID(AID_SYSTEM);
Jeff Sharkeyec4fda22017-09-12 13:19:24 -0600300 CHECK_ARGUMENT_HEX(partGuid);
Jeff Sharkey9462bdd2017-09-07 15:27:28 -0600301 ACQUIRE_LOCK;
302
303 return translate(VolumeManager::Instance()->forgetPartition(partGuid));
304}
305
Jeff Sharkey11c2d382017-09-11 10:32:01 -0600306binder::Status VoldNativeService::mount(const std::string& volId, int32_t mountFlags,
307 int32_t mountUserId) {
Jeff Sharkey9462bdd2017-09-07 15:27:28 -0600308 ENFORCE_UID(AID_SYSTEM);
Jeff Sharkeyec4fda22017-09-12 13:19:24 -0600309 CHECK_ARGUMENT_ID(volId);
Jeff Sharkey9462bdd2017-09-07 15:27:28 -0600310 ACQUIRE_LOCK;
311
312 auto vol = VolumeManager::Instance()->findVolume(volId);
313 if (vol == nullptr) {
314 return error("Failed to find volume " + volId);
315 }
316
317 vol->setMountFlags(mountFlags);
318 vol->setMountUserId(mountUserId);
319
320 int res = vol->mount();
Jeff Sharkey83b559c2017-09-12 16:30:52 -0600321 if ((mountFlags & MOUNT_FLAG_PRIMARY) != 0) {
Jeff Sharkey9462bdd2017-09-07 15:27:28 -0600322 VolumeManager::Instance()->setPrimary(vol);
323 }
324 return translate(res);
325}
326
327binder::Status VoldNativeService::unmount(const std::string& volId) {
328 ENFORCE_UID(AID_SYSTEM);
Jeff Sharkeyec4fda22017-09-12 13:19:24 -0600329 CHECK_ARGUMENT_ID(volId);
Jeff Sharkey9462bdd2017-09-07 15:27:28 -0600330 ACQUIRE_LOCK;
331
332 auto vol = VolumeManager::Instance()->findVolume(volId);
333 if (vol == nullptr) {
334 return error("Failed to find volume " + volId);
335 }
336 return translate(vol->unmount());
337}
338
339binder::Status VoldNativeService::format(const std::string& volId, const std::string& fsType) {
340 ENFORCE_UID(AID_SYSTEM);
Jeff Sharkeyec4fda22017-09-12 13:19:24 -0600341 CHECK_ARGUMENT_ID(volId);
Jeff Sharkey9462bdd2017-09-07 15:27:28 -0600342 ACQUIRE_LOCK;
343
344 auto vol = VolumeManager::Instance()->findVolume(volId);
345 if (vol == nullptr) {
346 return error("Failed to find volume " + volId);
347 }
348 return translate(vol->format(fsType));
349}
350
Jeff Sharkey52f7a912017-09-15 12:57:44 -0600351binder::Status VoldNativeService::benchmark(const std::string& volId,
352 const android::sp<android::os::IVoldTaskListener>& listener) {
Jeff Sharkey9462bdd2017-09-07 15:27:28 -0600353 ENFORCE_UID(AID_SYSTEM);
Jeff Sharkeyec4fda22017-09-12 13:19:24 -0600354 CHECK_ARGUMENT_ID(volId);
Jeff Sharkey9462bdd2017-09-07 15:27:28 -0600355 ACQUIRE_LOCK;
356
Jeff Sharkey52f7a912017-09-15 12:57:44 -0600357 std::string path;
358 if (volId == "private" || volId == "null") {
359 path = "/data";
360 } else {
361 auto vol = VolumeManager::Instance()->findVolume(volId);
362 if (vol == nullptr) {
363 return error("Failed to find volume " + volId);
364 }
365 if (vol->getType() != VolumeBase::Type::kPrivate) {
366 return error("Volume " + volId + " not private");
367 }
368 if (vol->getState() != VolumeBase::State::kMounted) {
369 return error("Volume " + volId + " not mounted");
370 }
371 path = vol->getPath();
372 }
373
374 if (path.empty()) {
375 return error("Volume " + volId + " missing path");
376 }
377
378 (new android::vold::BenchmarkTask(path, listener))->start();
Jeff Sharkey068c6be2017-09-06 13:47:40 -0600379 return ok();
380}
381
Jeff Sharkey11c2d382017-09-11 10:32:01 -0600382binder::Status VoldNativeService::moveStorage(const std::string& fromVolId,
Jeff Sharkey52f7a912017-09-15 12:57:44 -0600383 const std::string& toVolId, const android::sp<android::os::IVoldTaskListener>& listener) {
Jeff Sharkey9462bdd2017-09-07 15:27:28 -0600384 ENFORCE_UID(AID_SYSTEM);
Jeff Sharkeyec4fda22017-09-12 13:19:24 -0600385 CHECK_ARGUMENT_ID(fromVolId);
386 CHECK_ARGUMENT_ID(toVolId);
Jeff Sharkey9462bdd2017-09-07 15:27:28 -0600387 ACQUIRE_LOCK;
388
389 auto fromVol = VolumeManager::Instance()->findVolume(fromVolId);
390 auto toVol = VolumeManager::Instance()->findVolume(toVolId);
391 if (fromVol == nullptr) {
392 return error("Failed to find volume " + fromVolId);
393 } else if (toVol == nullptr) {
394 return error("Failed to find volume " + toVolId);
395 }
Jeff Sharkey52f7a912017-09-15 12:57:44 -0600396 (new android::vold::MoveTask(fromVol, toVol, listener))->start();
Jeff Sharkey9462bdd2017-09-07 15:27:28 -0600397 return ok();
398}
399
400binder::Status VoldNativeService::remountUid(int32_t uid, int32_t remountMode) {
401 ENFORCE_UID(AID_SYSTEM);
402 ACQUIRE_LOCK;
403
404 std::string tmp;
405 switch (remountMode) {
406 case REMOUNT_MODE_NONE: tmp = "none"; break;
407 case REMOUNT_MODE_DEFAULT: tmp = "default"; break;
408 case REMOUNT_MODE_READ: tmp = "read"; break;
409 case REMOUNT_MODE_WRITE: tmp = "write"; break;
410 default: return error("Unknown mode " + std::to_string(remountMode));
411 }
412 return translate(VolumeManager::Instance()->remountUid(uid, tmp));
413}
414
415binder::Status VoldNativeService::mkdirs(const std::string& path) {
416 ENFORCE_UID(AID_SYSTEM);
Jeff Sharkeyec4fda22017-09-12 13:19:24 -0600417 CHECK_ARGUMENT_PATH(path);
Jeff Sharkey9462bdd2017-09-07 15:27:28 -0600418 ACQUIRE_LOCK;
419
420 return translate(VolumeManager::Instance()->mkdirs(path.c_str()));
421}
422
Jeff Sharkey11c2d382017-09-11 10:32:01 -0600423binder::Status VoldNativeService::createObb(const std::string& sourcePath,
424 const std::string& sourceKey, int32_t ownerGid, std::string* _aidl_return) {
425 ENFORCE_UID(AID_SYSTEM);
Jeff Sharkeyec4fda22017-09-12 13:19:24 -0600426 CHECK_ARGUMENT_PATH(sourcePath);
427 CHECK_ARGUMENT_HEX(sourceKey);
Jeff Sharkey11c2d382017-09-11 10:32:01 -0600428 ACQUIRE_LOCK;
429
430 return translate(
431 VolumeManager::Instance()->createObb(sourcePath, sourceKey, ownerGid, _aidl_return));
432}
433
434binder::Status VoldNativeService::destroyObb(const std::string& volId) {
435 ENFORCE_UID(AID_SYSTEM);
Jeff Sharkeyec4fda22017-09-12 13:19:24 -0600436 CHECK_ARGUMENT_ID(volId);
Jeff Sharkey11c2d382017-09-11 10:32:01 -0600437 ACQUIRE_LOCK;
438
439 return translate(VolumeManager::Instance()->destroyObb(volId));
440}
441
Jeff Sharkey52f7a912017-09-15 12:57:44 -0600442binder::Status VoldNativeService::fstrim(int32_t fstrimFlags,
443 const android::sp<android::os::IVoldTaskListener>& listener) {
Jeff Sharkey11c2d382017-09-11 10:32:01 -0600444 ENFORCE_UID(AID_SYSTEM);
445 ACQUIRE_LOCK;
446
Jeff Sharkey52f7a912017-09-15 12:57:44 -0600447 (new android::vold::TrimTask(fstrimFlags, listener))->start();
Jeff Sharkey11c2d382017-09-11 10:32:01 -0600448 return ok();
449}
450
451binder::Status VoldNativeService::mountAppFuse(int32_t uid, int32_t pid, int32_t mountId,
452 android::base::unique_fd* _aidl_return) {
453 ENFORCE_UID(AID_SYSTEM);
454 ACQUIRE_LOCK;
455
456 return translate(VolumeManager::Instance()->mountAppFuse(uid, pid, mountId, _aidl_return));
457}
458
459binder::Status VoldNativeService::unmountAppFuse(int32_t uid, int32_t pid, int32_t mountId) {
460 ENFORCE_UID(AID_SYSTEM);
461 ACQUIRE_LOCK;
462
463 return translate(VolumeManager::Instance()->unmountAppFuse(uid, pid, mountId));
464}
465
Jeff Sharkey83b559c2017-09-12 16:30:52 -0600466binder::Status VoldNativeService::fdeCheckPassword(const std::string& password) {
467 ENFORCE_UID(AID_SYSTEM);
468 ACQUIRE_CRYPT_LOCK;
469
470 return translate(cryptfs_check_passwd(password.c_str()));
471}
472
473binder::Status VoldNativeService::fdeRestart() {
474 ENFORCE_UID(AID_SYSTEM);
475 ACQUIRE_CRYPT_LOCK;
476
477 // Spawn as thread so init can issue commands back to vold without
478 // causing deadlock, usually as a result of prep_data_fs.
479 std::thread(&cryptfs_restart).detach();
480 return ok();
481}
482
483binder::Status VoldNativeService::fdeComplete(int32_t* _aidl_return) {
484 ENFORCE_UID(AID_SYSTEM);
485 ACQUIRE_CRYPT_LOCK;
486
487 *_aidl_return = cryptfs_crypto_complete();
488 return ok();
489}
490
491static int fdeEnableInternal(int32_t passwordType, const std::string& password,
492 int32_t encryptionFlags) {
493 bool noUi = (encryptionFlags & VoldNativeService::ENCRYPTION_FLAG_NO_UI) != 0;
494
495 std::string how;
496 if ((encryptionFlags & VoldNativeService::ENCRYPTION_FLAG_IN_PLACE) != 0) {
497 how = "inplace";
498 } else if ((encryptionFlags & VoldNativeService::ENCRYPTION_FLAG_WIPE) != 0) {
499 how = "wipe";
500 } else {
501 LOG(ERROR) << "Missing encryption flag";
502 return -1;
503 }
504
505 for (int tries = 0; tries < 2; ++tries) {
506 int rc;
507 if (passwordType == VoldNativeService::PASSWORD_TYPE_DEFAULT) {
508 rc = cryptfs_enable_default(how.c_str(), noUi);
509 } else {
510 rc = cryptfs_enable(how.c_str(), passwordType, password.c_str(), noUi);
511 }
512
513 if (rc == 0) {
514 return 0;
515 } else if (tries == 0) {
516 Process::killProcessesWithOpenFiles(DATA_MNT_POINT, SIGKILL);
517 }
518 }
519
520 return -1;
521}
522
523binder::Status VoldNativeService::fdeEnable(int32_t passwordType,
524 const std::string& password, int32_t encryptionFlags) {
525 ENFORCE_UID(AID_SYSTEM);
526 ACQUIRE_CRYPT_LOCK;
527
528 if (e4crypt_is_native()) {
529 if (passwordType != PASSWORD_TYPE_DEFAULT) {
530 return error("Unexpected password type");
531 }
532 if (encryptionFlags != (ENCRYPTION_FLAG_IN_PLACE | ENCRYPTION_FLAG_NO_UI)) {
533 return error("Unexpected flags");
534 }
535 return translateBool(e4crypt_enable_crypto());
536 }
537
538 // Spawn as thread so init can issue commands back to vold without
539 // causing deadlock, usually as a result of prep_data_fs.
540 std::thread(&fdeEnableInternal, passwordType, password, encryptionFlags).detach();
541 return ok();
542}
543
544binder::Status VoldNativeService::fdeChangePassword(int32_t passwordType,
545 const std::string& password) {
546 ENFORCE_UID(AID_SYSTEM);
547 ACQUIRE_CRYPT_LOCK;
548
549 return translate(cryptfs_changepw(passwordType, password.c_str()));
550}
551
552binder::Status VoldNativeService::fdeVerifyPassword(const std::string& password) {
553 ENFORCE_UID(AID_SYSTEM);
554 ACQUIRE_CRYPT_LOCK;
555
556 return translate(cryptfs_verify_passwd(password.c_str()));
557}
558
559binder::Status VoldNativeService::fdeGetField(const std::string& key,
560 std::string* _aidl_return) {
561 ENFORCE_UID(AID_SYSTEM);
562 ACQUIRE_CRYPT_LOCK;
563
564 char buf[PROPERTY_VALUE_MAX];
565 if (cryptfs_getfield(key.c_str(), buf, sizeof(buf)) != CRYPTO_GETFIELD_OK) {
566 return error(StringPrintf("Failed to read field %s", key.c_str()));
567 } else {
568 *_aidl_return = buf;
569 return ok();
570 }
571}
572
573binder::Status VoldNativeService::fdeSetField(const std::string& key,
574 const std::string& value) {
575 ENFORCE_UID(AID_SYSTEM);
576 ACQUIRE_CRYPT_LOCK;
577
578 return translate(cryptfs_setfield(key.c_str(), value.c_str()));
579}
580
581binder::Status VoldNativeService::fdeGetPasswordType(int32_t* _aidl_return) {
582 ENFORCE_UID(AID_SYSTEM);
583 ACQUIRE_CRYPT_LOCK;
584
585 *_aidl_return = cryptfs_get_password_type();
586 return ok();
587}
588
589binder::Status VoldNativeService::fdeGetPassword(std::string* _aidl_return) {
590 ENFORCE_UID(AID_SYSTEM);
591 ACQUIRE_CRYPT_LOCK;
592
593 const char* res = cryptfs_get_password();
594 if (res != nullptr) {
595 *_aidl_return = res;
596 }
597 return ok();
598}
599
600binder::Status VoldNativeService::fdeClearPassword() {
601 ENFORCE_UID(AID_SYSTEM);
602 ACQUIRE_CRYPT_LOCK;
603
604 cryptfs_clear_password();
605 return ok();
606}
607
608binder::Status VoldNativeService::fbeEnable() {
609 ENFORCE_UID(AID_SYSTEM);
610 ACQUIRE_CRYPT_LOCK;
611
612 return translateBool(e4crypt_initialize_global_de());
613}
614
615binder::Status VoldNativeService::mountDefaultEncrypted() {
616 ENFORCE_UID(AID_SYSTEM);
617 ACQUIRE_CRYPT_LOCK;
618
619 if (e4crypt_is_native()) {
620 return translateBool(e4crypt_mount_metadata_encrypted());
621 } else {
622 // Spawn as thread so init can issue commands back to vold without
623 // causing deadlock, usually as a result of prep_data_fs.
624 std::thread(&cryptfs_mount_default_encrypted).detach();
625 return ok();
626 }
627}
628
629binder::Status VoldNativeService::initUser0() {
630 ENFORCE_UID(AID_SYSTEM);
631 ACQUIRE_CRYPT_LOCK;
632
633 return translateBool(e4crypt_init_user0());
634}
635
636binder::Status VoldNativeService::isConvertibleToFbe(bool* _aidl_return) {
637 ENFORCE_UID(AID_SYSTEM);
638 ACQUIRE_CRYPT_LOCK;
639
640 *_aidl_return = cryptfs_isConvertibleToFBE() != 0;
641 return ok();
642}
643
644binder::Status VoldNativeService::createUserKey(int32_t userId, int32_t userSerial,
645 bool ephemeral) {
646 ENFORCE_UID(AID_SYSTEM);
647 ACQUIRE_CRYPT_LOCK;
648
649 return translateBool(e4crypt_vold_create_user_key(userId, userSerial, ephemeral));
650}
651
652binder::Status VoldNativeService::destroyUserKey(int32_t userId) {
653 ENFORCE_UID(AID_SYSTEM);
654 ACQUIRE_CRYPT_LOCK;
655
656 return translateBool(e4crypt_destroy_user_key(userId));
657}
658
659binder::Status VoldNativeService::addUserKeyAuth(int32_t userId, int32_t userSerial,
660 const std::string& token, const std::string& secret) {
661 ENFORCE_UID(AID_SYSTEM);
662 ACQUIRE_CRYPT_LOCK;
663
664 return translateBool(e4crypt_add_user_key_auth(userId, userSerial, token.c_str(), secret.c_str()));
665}
666
667binder::Status VoldNativeService::fixateNewestUserKeyAuth(int32_t userId) {
668 ENFORCE_UID(AID_SYSTEM);
669 ACQUIRE_CRYPT_LOCK;
670
671 return translateBool(e4crypt_fixate_newest_user_key_auth(userId));
672}
673
674binder::Status VoldNativeService::unlockUserKey(int32_t userId, int32_t userSerial,
675 const std::string& token, const std::string& secret) {
676 ENFORCE_UID(AID_SYSTEM);
677 ACQUIRE_CRYPT_LOCK;
678
679 return translateBool(e4crypt_unlock_user_key(userId, userSerial, token.c_str(), secret.c_str()));
680}
681
682binder::Status VoldNativeService::lockUserKey(int32_t userId) {
683 ENFORCE_UID(AID_SYSTEM);
684 ACQUIRE_CRYPT_LOCK;
685
686 return translateBool(e4crypt_lock_user_key(userId));
687}
688
689binder::Status VoldNativeService::prepareUserStorage(const std::unique_ptr<std::string>& uuid,
690 int32_t userId, int32_t userSerial, int32_t flags) {
691 ENFORCE_UID(AID_SYSTEM);
692 ACQUIRE_CRYPT_LOCK;
693
694 const char* uuid_ = uuid ? uuid->c_str() : nullptr;
695 return translateBool(e4crypt_prepare_user_storage(uuid_, userId, userSerial, flags));
696}
697
698binder::Status VoldNativeService::destroyUserStorage(const std::unique_ptr<std::string>& uuid,
699 int32_t userId, int32_t flags) {
700 ENFORCE_UID(AID_SYSTEM);
701 ACQUIRE_CRYPT_LOCK;
702
703 const char* uuid_ = uuid ? uuid->c_str() : nullptr;
704 return translateBool(e4crypt_destroy_user_storage(uuid_, userId, flags));
705}
706
707binder::Status VoldNativeService::secdiscard(const std::string& path) {
708 ENFORCE_UID(AID_SYSTEM);
709 ACQUIRE_CRYPT_LOCK;
710
711 return translateBool(e4crypt_secdiscard(path.c_str()));
712}
713
Jeff Sharkey068c6be2017-09-06 13:47:40 -0600714} // namespace vold
715} // namespace android