isa/make_ext4fs
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Remove unused files

Browse Source 
Signed-off-by: Jo-Philipp Wich <jow@openwrt.org>
This commit is contained in:
Jo-Philipp Wich 2015-04-04 23:08:24 +02:00
parent 2964e1c736
commit fe3bfde910
12 changed files with 0 additions and 1421 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

154
Android.mk
View File

@ -1,154 +0,0 @@
# Copyright 2010 The Android Open Source Project
LOCAL_PATH:= $(call my-dir)
libext4_utils_src_files := \
make_ext4fs.c \
ext4fixup.c \
ext4_utils.c \
allocate.c \
contents.c \
extent.c \
indirect.c \
uuid.c \
sha1.c \
wipe.c \
crc16.c \
ext4_sb.c
#
# -- All host/targets including windows
#
include $(CLEAR_VARS)
LOCAL_SRC_FILES := $(libext4_utils_src_files)
LOCAL_MODULE := libext4_utils_host
LOCAL_STATIC_LIBRARIES := \
libsparse_host \
libz
ifneq ($(HOST_OS),windows)
LOCAL_STATIC_LIBRARIES += libselinux
endif
include $(BUILD_HOST_STATIC_LIBRARY)
include $(CLEAR_VARS)
LOCAL_SRC_FILES := make_ext4fs_main.c canned_fs_config.c
LOCAL_MODULE := make_ext4fs
LOCAL_STATIC_LIBRARIES += \
libcutils \
libext4_utils_host \
libsparse_host \
libz
ifeq ($(HOST_OS),windows)
LOCAL_LDLIBS += -lws2_32
else
LOCAL_STATIC_LIBRARIES += libselinux
LOCAL_CFLAGS := -DHOST
endif
include $(BUILD_HOST_EXECUTABLE)
#
# -- All host/targets excluding windows
#
libext4_utils_src_files += \
ext4_crypt.cpp \
e4crypt_static.c \
unencrypted_properties.cpp
ifneq ($(HOST_OS),windows)
include $(CLEAR_VARS)
LOCAL_SRC_FILES := $(libext4_utils_src_files)
LOCAL_MODULE := libext4_utils
LOCAL_C_INCLUDES += system/core/logwrapper/include
LOCAL_SHARED_LIBRARIES := \
libcutils \
libselinux \
libsparse \
libz
include $(BUILD_SHARED_LIBRARY)
include $(CLEAR_VARS)
LOCAL_SRC_FILES := $(libext4_utils_src_files) \
ext4_crypt_init_extensions.cpp
LOCAL_MODULE := libext4_utils_static
LOCAL_STATIC_LIBRARIES := \
libsparse_static
include $(BUILD_STATIC_LIBRARY)
include $(CLEAR_VARS)
LOCAL_SRC_FILES := make_ext4fs_main.c canned_fs_config.c
LOCAL_MODULE := make_ext4fs
LOCAL_SHARED_LIBRARIES := \
libcutils \
libext4_utils \
libselinux \
libz
include $(BUILD_EXECUTABLE)
include $(CLEAR_VARS)
LOCAL_SRC_FILES := ext2simg.c
LOCAL_MODULE := ext2simg
LOCAL_SHARED_LIBRARIES += \
libext4_utils \
libselinux \
libsparse \
libz
include $(BUILD_EXECUTABLE)
include $(CLEAR_VARS)
LOCAL_SRC_FILES := ext2simg.c
LOCAL_MODULE := ext2simg
LOCAL_STATIC_LIBRARIES += \
libext4_utils_host \
libselinux \
libsparse_host \
libz
include $(BUILD_HOST_EXECUTABLE)
include $(CLEAR_VARS)
LOCAL_SRC_FILES := setup_fs.c
LOCAL_MODULE := setup_fs
LOCAL_SHARED_LIBRARIES += libcutils
include $(BUILD_EXECUTABLE)
include $(CLEAR_VARS)
LOCAL_SRC_FILES := ext4fixup_main.c
LOCAL_MODULE := ext4fixup
LOCAL_SHARED_LIBRARIES += \
libext4_utils \
libsparse \
libz
include $(BUILD_EXECUTABLE)
include $(CLEAR_VARS)
LOCAL_SRC_FILES := ext4fixup_main.c
LOCAL_MODULE := ext4fixup
LOCAL_STATIC_LIBRARIES += \
libext4_utils_host \
libsparse_host \
libz
include $(BUILD_HOST_EXECUTABLE)
include $(CLEAR_VARS)
LOCAL_MODULE := mkuserimg.sh
LOCAL_SRC_FILES := mkuserimg.sh
LOCAL_MODULE_CLASS := EXECUTABLES
# We don't need any additional suffix.
LOCAL_MODULE_SUFFIX :=
LOCAL_BUILT_MODULE_STEM := $(notdir $(LOCAL_SRC_FILES))
LOCAL_IS_HOST_MODULE := true
include $(BUILD_PREBUILT)
endif

147
e4crypt_static.c
View File

@ -1,147 +0,0 @@
/*
* Copyright (c) 2015 Google, Inc.
*/
#define TAG "ext4_utils"
#include <dirent.h>
#include <errno.h>
#include <string.h>
#include <unistd.h>
#include <sys/xattr.h>
#include <sys/syscall.h>
#include <sys/stat.h>
#include <cutils/klog.h>
#include "ext4_crypt.h"
/* keyring keyctl commands */
#define KEYCTL_SETPERM 5 /* set permissions for a key in a keyring */
#define KEYCTL_UNLINK 9 /* unlink a key from a keyring */
#define KEYCTL_SEARCH 10 /* search for a key in a keyring */
#define XATTR_NAME_ENCRYPTION_POLICY "encryption.policy"
#define EXT4_KEYREF_DELIMITER ((char)'.')
/* Validate that all path items are available and accessible. */
static int is_path_valid(const char *path)
{
if (access(path, W_OK)) {
KLOG_ERROR(TAG, "Can't access %s: %s\n",strerror(errno), path);
return 0;
}
return 1;
}
/* Checks whether the policy provided is valid */
static int is_keyref_valid(const char *keyref)
{
char *period = 0;
size_t key_location_len = 0;
/* Key ref must have a key and location delimiter character. */
period = strchr(keyref, EXT4_KEYREF_DELIMITER);
if (!period) {
return 0;
}
/* period must be >= keyref. */
key_location_len = period - keyref;
if (strncmp(keyref, "@t", key_location_len) == 0 ||
strncmp(keyref, "@p", key_location_len) == 0 ||
strncmp(keyref, "@s", key_location_len) == 0 ||
strncmp(keyref, "@u", key_location_len) == 0 ||
strncmp(keyref, "@g", key_location_len) == 0 ||
strncmp(keyref, "@us", key_location_len) == 0)
return 1;
return 0;
}
static int is_dir_empty(const char *dirname)
{
int n = 0;
struct dirent *d;
DIR *dir;
dir = opendir(dirname);
while ((d = readdir(dir)) != NULL) {
if (strcmp(d->d_name, "lost+found") == 0) {
// Skip lost+found directory
} else if (++n > 2) {
break;
}
}
closedir(dir);
return n <= 2;
}
int do_policy_set(const char *directory, const char *policy)
{
struct stat st;
ssize_t ret;
if (!is_keyref_valid(policy)) {
KLOG_ERROR(TAG, "Policy has invalid format.\n");
return -EINVAL;
}
if (!is_path_valid(directory)) {
return -EINVAL;
}
stat(directory, &st);
if (!S_ISDIR(st.st_mode)) {
KLOG_ERROR(TAG, "Can only set policy on a directory (%s)\n", directory);
return -EINVAL;
}
if (!is_dir_empty(directory)) {
KLOG_ERROR(TAG, "Can only set policy on an empty directory (%s)\n", directory);
return -EINVAL;
}
ret = lsetxattr(directory, XATTR_NAME_ENCRYPTION_POLICY, policy,
strlen(policy), 0);
if (ret) {
KLOG_ERROR(TAG, "Failed to set encryption policy for %s: %s\n",
directory, strerror(errno));
return -EINVAL;
}
KLOG_INFO(TAG, "Encryption policy for %s is set to %s\n", directory, policy);
return 0;
}
static long keyctl(int cmd, ...)
{
va_list va;
unsigned long arg2, arg3, arg4, arg5;
va_start(va, cmd);
arg2 = va_arg(va, unsigned long);
arg3 = va_arg(va, unsigned long);
arg4 = va_arg(va, unsigned long);
arg5 = va_arg(va, unsigned long);
va_end(va);
return syscall(__NR_keyctl, cmd, arg2, arg3, arg4, arg5);
}
key_serial_t add_key(const char *type,
const char *description,
const void *payload,
size_t plen,
key_serial_t ringid)
{
return syscall(__NR_add_key, type, description, payload, plen, ringid);
}
long keyctl_setperm(key_serial_t id, int permissions)
{
return keyctl(KEYCTL_SETPERM, id, permissions);
}

195
ext2simg.c
View File

@ -1,195 +0,0 @@
/*
* Copyright (C) 2010 The Android Open Source Project
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
#define _FILE_OFFSET_BITS 64
#define _LARGEFILE64_SOURCE 1
#include <sys/types.h>
#include <sys/stat.h>
#include <sys/types.h>
#include <sys/mman.h>
#include <fcntl.h>
#include <libgen.h>
#include <unistd.h>
#include <sparse/sparse.h>
#include "ext4_utils.h"
#include "make_ext4fs.h"
#include "allocate.h"
#if defined(__APPLE__) && defined(__MACH__)
#define off64_t off_t
#endif
#ifndef USE_MINGW /* O_BINARY is windows-specific flag */
#define O_BINARY 0
#endif
extern struct fs_info info;
static int verbose = 0;
static void usage(char *path)
{
fprintf(stderr, "%s [ options ] <image or block device> <output image>\n", path);
fprintf(stderr, "\n");
fprintf(stderr, " -c include CRC block\n");
fprintf(stderr, " -v verbose output\n");
fprintf(stderr, " -z gzip output\n");
fprintf(stderr, " -S don't use sparse output format\n");
}
static int build_sparse_ext(int fd, const char *filename)
{
unsigned int i;
unsigned int block;
int start_contiguous_block;
u8 *block_bitmap;
off64_t ret;
block_bitmap = malloc(info.block_size);
if (!block_bitmap)
critical_error("failed to allocate block bitmap");
if (aux_info.first_data_block > 0)
sparse_file_add_file(ext4_sparse_file, filename, 0,
info.block_size * aux_info.first_data_block, 0);
for (i = 0; i < aux_info.groups; i++) {
u32 first_block = aux_info.first_data_block + i * info.blocks_per_group;
u32 last_block = min(info.blocks_per_group, aux_info.len_blocks - first_block);
ret = lseek64(fd, (u64)info.block_size * aux_info.bg_desc[i].bg_block_bitmap,
SEEK_SET);
if (ret < 0)
critical_error_errno("failed to seek to block group bitmap %d", i);
ret = read(fd, block_bitmap, info.block_size);
if (ret < 0)
critical_error_errno("failed to read block group bitmap %d", i);
if (ret != (int)info.block_size)
critical_error("failed to read all of block group bitmap %d", i);
start_contiguous_block = -1;
for (block = 0; block < last_block; block++) {
if (start_contiguous_block >= 0) {
if (!bitmap_get_bit(block_bitmap, block)) {
u32 start_block = first_block + start_contiguous_block;
u32 len_blocks = block - start_contiguous_block;
sparse_file_add_file(ext4_sparse_file, filename,
(u64)info.block_size * start_block,
info.block_size * len_blocks, start_block);
start_contiguous_block = -1;
}
} else {
if (bitmap_get_bit(block_bitmap, block))
start_contiguous_block = block;
}
}
if (start_contiguous_block >= 0) {
u32 start_block = first_block + start_contiguous_block;
u32 len_blocks = last_block - start_contiguous_block;
sparse_file_add_file(ext4_sparse_file, filename,
(u64)info.block_size * start_block,
info.block_size * len_blocks, start_block);
}
}
return 0;
}
int main(int argc, char **argv)
{
int opt;
const char *in = NULL;
const char *out = NULL;
int gzip = 0;
int sparse = 1;
int infd, outfd;
int crc = 0;
while ((opt = getopt(argc, argv, "cvzS")) != -1) {
switch (opt) {
case 'c':
crc = 1;
break;
case 'v':
verbose = 1;
break;
case 'z':
gzip = 1;
break;
case 'S':
sparse = 0;
break;
}
}
if (optind >= argc) {
fprintf(stderr, "Expected image or block device after options\n");
usage(argv[0]);
exit(EXIT_FAILURE);
}
in = argv[optind++];
if (optind >= argc) {
fprintf(stderr, "Expected output image after input image\n");
usage(argv[0]);
exit(EXIT_FAILURE);
}
out = argv[optind++];
if (optind < argc) {
fprintf(stderr, "Unexpected argument: %s\n", argv[optind]);
usage(argv[0]);
exit(EXIT_FAILURE);
}
infd = open(in, O_RDONLY);
if (infd < 0)
critical_error_errno("failed to open input image");
read_ext(infd, verbose);
ext4_sparse_file = sparse_file_new(info.block_size, info.len);
build_sparse_ext(infd, in);
close(infd);
if (strcmp(out, "-")) {
outfd = open(out, O_WRONLY | O_CREAT | O_TRUNC | O_BINARY, 0644);
if (outfd < 0) {
error_errno("open");
return EXIT_FAILURE;
}
} else {
outfd = STDOUT_FILENO;
}
write_ext4_image(outfd, gzip, sparse, crc);
close(outfd);
sparse_file_destroy(ext4_sparse_file);
return 0;
}

120
ext4_crypt.cpp
View File

@ -1,120 +0,0 @@
#define TAG "ext4_utils"
#include "ext4_crypt.h"
#include <string>
#include <fstream>
#include <map>
#include <errno.h>
#include <sys/mount.h>
#include <cutils/klog.h>
#include <cutils/properties.h>
#include "unencrypted_properties.h"
namespace {
std::map<std::string, std::string> s_password_store;
}
bool e4crypt_non_default_key(const char* dir)
{
int type = e4crypt_get_password_type(dir);
// ext4enc:TODO Use consts, not 1 here
return type != -1 && type != 1;
}
int e4crypt_get_password_type(const char* path)
{
UnencryptedProperties props(path);
if (props.Get<std::string>(properties::key).empty()) {
KLOG_INFO(TAG, "No master key, so not ext4enc\n");
return -1;
}
return props.Get<int>(properties::type, 1);
}
int e4crypt_change_password(const char* path, int crypt_type,
const char* password)
{
// ext4enc:TODO Encrypt master key with password securely. Store hash of
// master key for validation
UnencryptedProperties props(path);
if ( props.Set(properties::password, password)
&& props.Set(properties::type, crypt_type))
return 0;
return -1;
}
int e4crypt_crypto_complete(const char* path)
{
KLOG_INFO(TAG, "ext4 crypto complete called on %s\n", path);
if (UnencryptedProperties(path).Get<std::string>(properties::key).empty()) {
KLOG_INFO(TAG, "No master key, so not ext4enc\n");
return -1;
}
return 0;
}
int e4crypt_check_passwd(const char* path, const char* password)
{
UnencryptedProperties props(path);
if (props.Get<std::string>(properties::key).empty()) {
KLOG_INFO(TAG, "No master key, so not ext4enc\n");
return -1;
}
auto actual_password = props.Get<std::string>(properties::password);
if (actual_password == password) {
s_password_store[path] = password;
return 0;
} else {
return -1;
}
}
int e4crypt_restart(const char* path)
{
int rc = 0;
KLOG_INFO(TAG, "ext4 restart called on %s\n", path);
property_set("vold.decrypt", "trigger_reset_main");
KLOG_INFO(TAG, "Just asked init to shut down class main\n");
sleep(2);
std::string tmp_path = std::string() + path + "/tmp_mnt";
// ext4enc:TODO add retry logic
rc = umount(tmp_path.c_str());
if (rc) {
KLOG_ERROR(TAG, "umount %s failed with rc %d, msg %s\n",
tmp_path.c_str(), rc, strerror(errno));
return rc;
}
// ext4enc:TODO add retry logic
rc = umount(path);
if (rc) {
KLOG_ERROR(TAG, "umount %s failed with rc %d, msg %s\n",
path, rc, strerror(errno));
return rc;
}
return 0;
}
const char* e4crypt_get_password(const char* path)
{
// ext4enc:TODO scrub password after timeout
auto i = s_password_store.find(path);
if (i == s_password_store.end()) {
return 0;
} else {
return i->second.c_str();
}
}

50
ext4_crypt.h
View File

@ -1,50 +0,0 @@
#include <stdbool.h>
#include <sys/cdefs.h>
#include <sys/types.h>
__BEGIN_DECLS
// These functions assume they are being called from init
// They will not operate properly outside of init
int e4crypt_install_keyring();
int e4crypt_install_key(const char* dir);
int e4crypt_create_device_key(const char* dir,
int ensure_dir_exists(const char* dir));
// General functions
bool e4crypt_non_default_key(const char* dir);
int e4crypt_set_directory_policy(const char* dir);
int e4crypt_main(int argc, char* argv[]);
int e4crypt_change_password(const char* path, int crypt_type,
const char* password);
int e4crypt_get_password_type(const char* path);
int e4crypt_crypto_complete(const char* dir);
int e4crypt_check_passwd(const char* dir, const char* password);
const char* e4crypt_get_password(const char* dir);
int e4crypt_restart(const char* dir);
// Key functions. ext4enc:TODO Move to own file
// ext4enc:TODO - get these keyring standard definitions from proper system file
// keyring serial number type
typedef int32_t key_serial_t;
// special process keyring shortcut IDs
#define KEY_SPEC_THREAD_KEYRING -1 // key ID for thread-specific keyring
#define KEY_SPEC_PROCESS_KEYRING -2 // key ID for process-specific keyring
#define KEY_SPEC_SESSION_KEYRING -3 // key ID for session-specific keyring
#define KEY_SPEC_USER_KEYRING -4 // key ID for UID-specific keyring
#define KEY_SPEC_USER_SESSION_KEYRING -5 // key ID for UID-session keyring
#define KEY_SPEC_GROUP_KEYRING -6 // key ID for GID-specific keyring
key_serial_t add_key(const char *type,
const char *description,
const void *payload,
size_t plen,
key_serial_t ringid);
long keyctl_setperm(key_serial_t id, int permissions);
// Set policy on directory
int do_policy_set(const char *directory, const char *policy);
__END_DECLS

269
ext4_crypt_init_extensions.cpp
View File

@ -1,269 +0,0 @@
#define TAG "ext4_utils"
#include "ext4_crypt.h"
#include <string>
#include <fstream>
#include <iomanip>
#include <sstream>
#include <errno.h>
#include <sys/mount.h>
#include <sys/stat.h>
#include <cutils/klog.h>
#include <cutils/properties.h>
#include <cutils/sockets.h>
#include "unencrypted_properties.h"
// ext4enc:TODO Include structure from somewhere sensible
// MUST be in sync with ext4_crypto.c in kernel
#define EXT4_MAX_KEY_SIZE 76
struct ext4_encryption_key {
uint32_t mode;
char raw[EXT4_MAX_KEY_SIZE];
uint32_t size;
};
static const std::string keyring = "@s";
static const std::string arbitrary_sequence_number = "42";
static key_serial_t device_keyring = -1;
static std::string vold_command(std::string const& command)
{
KLOG_INFO(TAG, "Running command %s\n", command.c_str());
int sock = socket_local_client("vold",
ANDROID_SOCKET_NAMESPACE_RESERVED,
SOCK_STREAM);
if (sock < 0) {
KLOG_INFO(TAG, "Cannot open vold, failing command\n");
return "";
}
class CloseSocket
{
int sock_;
public:
CloseSocket(int sock) : sock_(sock) {}
~CloseSocket() { close(sock_); }
};
CloseSocket cs(sock);
// Use arbitrary sequence number. This should only be used when the
// framework is down, so this is (mostly) OK.
std::string actual_command = arbitrary_sequence_number + " " + command;
if (write(sock, actual_command.c_str(), actual_command.size() + 1) < 0) {
KLOG_ERROR(TAG, "Cannot write command\n");
return "";
}
while (1) {
struct timeval to;
to.tv_sec = 10;
to.tv_usec = 0;
fd_set read_fds;
FD_ZERO(&read_fds);
FD_SET(sock, &read_fds);
int rc = select(sock + 1, &read_fds, NULL, NULL, &to);
if (rc < 0) {
KLOG_ERROR(TAG, "Error in select %s\n", strerror(errno));
return "";
} else if (!rc) {
KLOG_ERROR(TAG, "Timeout\n");
return "";
} else if (FD_ISSET(sock, &read_fds)) {
char buffer[4096];
memset(buffer, 0, sizeof(buffer));
rc = read(sock, buffer, sizeof(buffer));
if (rc <= 0) {
if (rc == 0) {
KLOG_ERROR(TAG, "Lost connection to Vold - did it crash?\n");
} else {
KLOG_ERROR(TAG, "Error reading data (%s)\n", strerror(errno));
}
return "";
}
// We don't truly know that this is the correct result. However,
// since this will only be used when the framework is down,
// it should be OK unless someone is running vdc at the same time.
// Worst case we force a reboot in the very rare synchronization
// error
return std::string(buffer, rc);
}
}
}
int e4crypt_create_device_key(const char* dir,
int ensure_dir_exists(const char*))
{
// Make sure folder exists. Use make_dir to set selinux permissions.
KLOG_INFO(TAG, "Creating test device key\n");
UnencryptedProperties props(dir);
if (ensure_dir_exists(props.GetPath().c_str())) {
KLOG_ERROR(TAG, "Failed to create %s with error %s\n",
props.GetPath().c_str(), strerror(errno));
return -1;
}
if (props.Get<std::string>(properties::key).empty()) {
// Create new key since it doesn't already exist
std::ifstream urandom("/dev/urandom", std::ifstream::binary);
if (!urandom) {
KLOG_ERROR(TAG, "Failed to open /dev/urandom\n");
return -1;
}
// ext4enc:TODO Don't hardcode 32
std::string key_material(32, '\0');
urandom.read(&key_material[0], key_material.length());
if (!urandom) {
KLOG_ERROR(TAG, "Failed to read random bytes\n");
return -1;
}
if (!props.Set(properties::key, key_material)) {
KLOG_ERROR(TAG, "Failed to write key material\n");
return -1;
}
}
if (!props.Remove(properties::ref)) {
KLOG_ERROR(TAG, "Failed to remove key ref\n");
return -1;
}
return 0;
}
int e4crypt_install_keyring()
{
device_keyring = add_key("keyring",
"e4crypt",
0,
0,
KEY_SPEC_SESSION_KEYRING);
if (device_keyring == -1) {
KLOG_ERROR(TAG, "Failed to create keyring\n");
return -1;
}
KLOG_INFO(TAG, "Keyring created wth id %d in process %d\n",
device_keyring, getpid());
// ext4enc:TODO set correct permissions
long result = keyctl_setperm(device_keyring, 0x3f3f3f3f);
if (result) {
KLOG_ERROR(TAG, "KEYCTL_SETPERM failed with error %ld\n", result);
return -1;
}
return 0;
}
int e4crypt_install_key(const char* dir)
{
UnencryptedProperties props(dir);
auto key = props.Get<std::string>(properties::key);
// Get password to decrypt as needed
if (e4crypt_non_default_key(dir)) {
std::string result = vold_command("cryptfs getpw");
// result is either
// 200 0 -1
// or
// 200 0 {{sensitive}} 0001020304
// where 0001020304 is hex encoding of password
std::istringstream i(result);
std::string bit;
i >> bit;
if (bit != "200") {
KLOG_ERROR(TAG, "Expecting 200\n");
return -1;
}
i >> bit;
if (bit != arbitrary_sequence_number) {
KLOG_ERROR(TAG, "Expecting %s\n", arbitrary_sequence_number.c_str());
return -1;
}
i >> bit;
if (bit != "{{sensitive}}") {
KLOG_INFO(TAG, "Not encrypted\n");
return -1;
}
i >> bit;
}
// Add key to keyring
ext4_encryption_key ext4_key = {0, {0}, 0};
if (key.length() > sizeof(ext4_key.raw)) {
KLOG_ERROR(TAG, "Key too long\n");
return -1;
}
ext4_key.mode = 0;
memcpy(ext4_key.raw, &key[0], key.length());
ext4_key.size = key.length();
// ext4enc:TODO Use better reference not 1234567890
key_serial_t key_id = add_key("logon", "ext4-key:1234567890",
(void*)&ext4_key, sizeof(ext4_key),
device_keyring);
if (key_id == -1) {
KLOG_ERROR(TAG, "Failed to insert key into keyring with error %s\n",
strerror(errno));
return -1;
}
KLOG_INFO(TAG, "Added key %d to keyring %d in process %d\n",
key_id, device_keyring, getpid());
// ext4enc:TODO set correct permissions
long result = keyctl_setperm(key_id, 0x3f3f3f3f);
if (result) {
KLOG_ERROR(TAG, "KEYCTL_SETPERM failed with error %ld\n", result);
return -1;
}
// Save reference to key so we can set policy later
if (!props.Set(properties::ref, "ext4-key:1234567890")) {
KLOG_ERROR(TAG, "Cannot save key reference\n");
return -1;
}
return 0;
}
int e4crypt_set_directory_policy(const char* dir)
{
// Only set policy on first level /data directories
// To make this less restrictive, consider using a policy file.
// However this is overkill for as long as the policy is simply
// to apply a global policy to all /data folders created via makedir
if (!dir || strncmp(dir, "/data/", 6) || strchr(dir + 6, '/')) {
return 0;
}
UnencryptedProperties props("/data");
std::string ref = props.Get<std::string>(properties::ref);
std::string policy = keyring + "." + ref;
KLOG_INFO(TAG, "Setting policy %s\n", policy.c_str());
int result = do_policy_set(dir, policy.c_str());
if (result) {
KLOG_ERROR(TAG, "Setting policy on %s failed!\n", dir);
return -1;
}
return 0;
}

68
ext4fixup_main.c
View File

@ -1,68 +0,0 @@
/*
* Copyright (C) 2010 The Android Open Source Project
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
#include <unistd.h>
#include <libgen.h>
#include <stdio.h>
#include <stdlib.h>
#include "ext4fixup.h"
static void usage(char *me)
{
fprintf(stderr, "%s: usage: %s [-vn] <image or block device>\n", me, me);
}
int main(int argc, char **argv)
{
int opt;
int verbose = 0;
int no_write = 0;
char *fsdev;
char *me;
int stop_phase = 0, stop_loc = 0, stop_count = 0;
me = basename(argv[0]);
while ((opt = getopt(argc, argv, "vnd:")) != -1) {
switch (opt) {
case 'v':
verbose = 1;
break;
case 'n':
no_write = 1;
break;
case 'd':
sscanf(optarg, "%d,%d,%d", &stop_phase, &stop_loc, &stop_count);
break;
}
}
if (optind >= argc) {
fprintf(stderr, "expected image or block device after options\n");
usage(me);
exit(EXIT_FAILURE);
}
fsdev = argv[optind++];
if (optind < argc) {
fprintf(stderr, "Unexpected argument: %s\n", argv[optind]);
usage(me);
exit(EXIT_FAILURE);
}
return ext4fixup_internal(fsdev, verbose, no_write, stop_phase, stop_loc, stop_count);
}

106
mkuserimg.sh
View File

@ -1,106 +0,0 @@
#!/bin/bash
#
# To call this script, make sure make_ext4fs is somewhere in PATH
function usage() {
cat<<EOT
Usage:
mkuserimg.sh [-s] SRC_DIR OUTPUT_FILE EXT_VARIANT MOUNT_POINT SIZE [-j <journal_size>]
[-T TIMESTAMP] [-C FS_CONFIG] [-B BLOCK_LIST_FILE] [-L LABEL] [FILE_CONTEXTS]
EOT
}
ENABLE_SPARSE_IMAGE=
if [ "$1" = "-s" ]; then
ENABLE_SPARSE_IMAGE="-s"
shift
fi
if [ $# -lt 5 ]; then
usage
exit 1
fi
SRC_DIR=$1
if [ ! -d $SRC_DIR ]; then
echo "Can not find directory $SRC_DIR!"
exit 2
fi
OUTPUT_FILE=$2
EXT_VARIANT=$3
MOUNT_POINT=$4
SIZE=$5
shift; shift; shift; shift; shift
JOURNAL_FLAGS=
if [ "$1" = "-j" ]; then
if [ "$2" = "0" ]; then
JOURNAL_FLAGS="-J"
else
JOURNAL_FLAGS="-j $2"
fi
shift; shift
fi
TIMESTAMP=-1
if [[ "$1" == "-T" ]]; then
TIMESTAMP=$2
shift; shift
fi
FS_CONFIG=
if [[ "$1" == "-C" ]]; then
FS_CONFIG=$2
shift; shift
fi
BLOCK_LIST=
if [[ "$1" == "-B" ]]; then
BLOCK_LIST=$2
shift; shift
fi
LABEL=
if [[ "$1" == "-L" ]]; then
LABEL=$2
shift; shift
fi
FC=$1
case $EXT_VARIANT in
ext4) ;;
*) echo "Only ext4 is supported!"; exit 3 ;;
esac
if [ -z $MOUNT_POINT ]; then
echo "Mount point is required"
exit 2
fi
if [ -z $SIZE ]; then
echo "Need size of filesystem"
exit 2
fi
OPT=""
if [ -n "$FC" ]; then
OPT="$OPT -S $FC"
fi
if [ -n "$FS_CONFIG" ]; then
OPT="$OPT -C $FS_CONFIG"
fi
if [ -n "$BLOCK_LIST" ]; then
OPT="$OPT -B $BLOCK_LIST"
fi
if [ -n "$LABEL" ]; then
OPT="$OPT -L $LABEL"
fi
MAKE_EXT4FS_CMD="make_ext4fs $ENABLE_SPARSE_IMAGE -T $TIMESTAMP $OPT -l $SIZE $JOURNAL_FLAGS -a $MOUNT_POINT $OUTPUT_FILE $SRC_DIR"
echo $MAKE_EXT4FS_CMD
$MAKE_EXT4FS_CMD
if [ $? -ne 0 ]; then
exit 4
fi

85
setup_fs.c
View File

@ -1,85 +0,0 @@
#include <stdio.h>
#include <stdlib.h>
#include <string.h>
#include <unistd.h>
#include <sys/reboot.h>
#include <sys/wait.h>
#include <cutils/android_reboot.h>
#include <cutils/partition_utils.h>
const char *mkfs = "/system/bin/make_ext4fs";
int setup_fs(const char *blockdev)
{
char buf[256], path[128];
pid_t child;
int status, n;
pid_t pid;
/* we might be looking at an indirect reference */
n = readlink(blockdev, path, sizeof(path) - 1);
if (n > 0) {
path[n] = 0;
if (!memcmp(path, "/dev/block/", 11))
blockdev = path + 11;
}
if (strchr(blockdev,'/')) {
fprintf(stderr,"not a block device name: %s\n", blockdev);
return 0;
}
snprintf(buf, sizeof(buf), "/sys/fs/ext4/%s", blockdev);
if (access(buf, F_OK) == 0) {
fprintf(stderr,"device %s already has a filesystem\n", blockdev);
return 0;
}
snprintf(buf, sizeof(buf), "/dev/block/%s", blockdev);
if (!partition_wiped(buf)) {
fprintf(stderr,"device %s not wiped, probably encrypted, not wiping\n", blockdev);
return 0;
}
fprintf(stderr,"+++\n");
child = fork();
if (child < 0) {
fprintf(stderr,"error: setup_fs: fork failed\n");
return 0;
}
if (child == 0) {
execl(mkfs, mkfs, buf, NULL);
exit(-1);
}
while ((pid=waitpid(-1, &status, 0)) != child) {
if (pid == -1) {
fprintf(stderr, "error: setup_fs: waitpid failed!\n");
return 1;
}
}
fprintf(stderr,"---\n");
return 1;
}
int main(int argc, char **argv)
{
int need_reboot = 0;
while (argc > 1) {
if (strlen(argv[1]) < 128)
need_reboot |= setup_fs(argv[1]);
argv++;
argc--;
}
if (need_reboot) {
fprintf(stderr,"REBOOT!\n");
android_reboot(ANDROID_RB_RESTART, 0, 0);
exit(-1);
}
return 0;
}

71
test_ext4fixup
View File

@ -1,71 +0,0 @@
#!/bin/bash
typeset -i I ITERATIONS PHASE LOC COUNT MAXCOUNT
ME=`basename $0`
if [ "$#" -ne 3 ]
then
echo "$ME: Usage: $ME <iterations> <maxcount> <filesystem_image>" >&2
exit 1;
fi
ITERATIONS="$1"
MAXCOUNT="$2"
ORIG_FS_IMAGE="$3"
FIXED_FS_IMAGE="/tmp/fixedfsimage.$$"
NEW_FS_IMAGE="/tmp/newfsimage.$$"
if [ ! -f "$ORIG_FS_IMAGE" ]
then
echo "$ME: Filesystem image $NEW_FS_IMAGE does not exist" >&2
exit 1
fi
trap "rm -f $NEW_FS_IMAGE $FIXED_FS_IMAGE" 0 1 2 3 15
rm -f "$NEW_FS_IMAGE" "$FIXED_FS_IMAGE"
# Create the fixed image to compare against
cp "$ORIG_FS_IMAGE" "$FIXED_FS_IMAGE"
ext4fixup "$FIXED_FS_IMAGE"
if [ "$?" -ne 0 ]
then
echo "$ME: ext4fixup failed!\n"
exit 1
fi
I=0
while [ "$I" -lt "$ITERATIONS" ]
do
# There is also a phase 4, which is writing out the updated superblocks and
# block group descriptors. Test the with a separate script.
let PHASE="$RANDOM"%3 # 0 to 2
let PHASE++ # 1 to 3
let LOC="$RANDOM"%2 # 0 to 1
let LOC++ # 1 to 2
let COUNT="$RANDOM"%"$MAXCOUNT"
# Make a copy of the original image to fixup
cp "$ORIG_FS_IMAGE" "$NEW_FS_IMAGE"
# Run the fixup tool, but die partway through to see if we can recover
ext4fixup -d "$PHASE,$LOC,$COUNT" "$NEW_FS_IMAGE" 2>/dev/null
# run it again without -d to have it finish the job
ext4fixup "$NEW_FS_IMAGE"
if cmp "$FIXED_FS_IMAGE" "$NEW_FS_IMAGE"
then
:
else
echo "$ME: test failed with parameters $PHASE, $LOC, $COUNT"
exit 1
fi
rm -f "$NEW_FS_IMAGE"
let I++
done

86
unencrypted_properties.cpp
View File

@ -1,86 +0,0 @@
#include "unencrypted_properties.h"
#include <sys/stat.h>
namespace properties {
const char* key = "key";
const char* ref = "ref";
const char* type = "type";
const char* password = "password";
}
namespace
{
const char* unencrypted_folder = "unencrypted";
}
UnencryptedProperties::UnencryptedProperties(const char* device)
: folder_(std::string() + device + "/" + unencrypted_folder)
{
}
UnencryptedProperties::UnencryptedProperties()
{
}
template<> std::string UnencryptedProperties::Get(const char* name,
std::string default_value)
{
if (!OK()) return default_value;
std::ifstream i(folder_ + "/" + name, std::ios::binary);
if (!i) {
return default_value;
}
i.seekg(0, std::ios::end);
int length = i.tellg();
i.seekg(0, std::ios::beg);
if (length == -1) {
return default_value;
}
std::string s(length, 0);
i.read(&s[0], length);
if (!i) {
return default_value;
}
return s;
}
template<> bool UnencryptedProperties::Set(const char* name, std::string const& value)
{
if (!OK()) return false;
std::ofstream o(folder_ + "/" + name, std::ios::binary);
o << value;
return !o.fail();
}
UnencryptedProperties UnencryptedProperties::GetChild(const char* name)
{
UnencryptedProperties e4p;
if (!OK()) return e4p;
std::string directory(folder_ + "/" + name);
if (mkdir(directory.c_str(), 700) == -1 && errno != EEXIST) {
return e4p;
}
e4p.folder_ = directory;
return e4p;
}
bool UnencryptedProperties::Remove(const char* name)
{
if (remove((folder_ + "/" + name).c_str())
&& errno != ENOENT) {
return false;
}
return true;
}
bool UnencryptedProperties::OK() const
{
return !folder_.empty();
}

70
unencrypted_properties.h
View File

@ -1,70 +0,0 @@
#include <string>
#include <fstream>
// key names for properties we use
namespace properties {
extern const char* key;
extern const char* ref;
extern const char* type;
extern const char* password;
}
/**
* Class to store data on the unencrypted folder of a device.
* Note that the folder must exist before this class is constructed.
* All names must be valid single level (no '/') file or directory names
* Data is organized hierarchically so we can get a child folder
*/
class UnencryptedProperties
{
public:
// Opens properties folder on named device.
// If folder does not exist, construction will succeed, but all
// getters will return default properties and setters will fail.
UnencryptedProperties(const char* device);
// Get named object. Return default if object does not exist or error.
template<typename t> t Get(const char* name, t default_value = t());
// Set named object. Return true if success, false otherwise
template<typename t> bool Set(const char* name, t const& value);
// Get child properties
UnencryptedProperties GetChild(const char* name);
// Remove named object
bool Remove(const char* name);
// Get path of folder
std::string const& GetPath() const {return folder_;}
private:
UnencryptedProperties();
bool OK() const;
std::string folder_;
};
template<typename t> t UnencryptedProperties::Get(const char* name,
t default_value)
{
if (!OK()) return default_value;
t value = default_value;
std::ifstream(folder_ + "/" + name) >> value;
return value;
}
template<typename t> bool UnencryptedProperties::Set(const char* name,
t const& value)
{
if (!OK()) return false;
std::ofstream o(folder_ + "/" + name);
o << value;
return !o.fail();
}
// Specialized getters/setters for strings
template<> std::string UnencryptedProperties::Get(const char* name,
std::string default_value);
template<> bool UnencryptedProperties::Set(const char* name,
std::string const& value);