diff --git a/Android.mk b/Android.mk deleted file mode 100644 index 9f56cca..0000000 --- a/Android.mk +++ /dev/null @@ -1,154 +0,0 @@ -# Copyright 2010 The Android Open Source Project - -LOCAL_PATH:= $(call my-dir) - -libext4_utils_src_files := \ - make_ext4fs.c \ - ext4fixup.c \ - ext4_utils.c \ - allocate.c \ - contents.c \ - extent.c \ - indirect.c \ - uuid.c \ - sha1.c \ - wipe.c \ - crc16.c \ - ext4_sb.c - -# -# -- All host/targets including windows -# - -include $(CLEAR_VARS) -LOCAL_SRC_FILES := $(libext4_utils_src_files) -LOCAL_MODULE := libext4_utils_host -LOCAL_STATIC_LIBRARIES := \ - libsparse_host \ - libz -ifneq ($(HOST_OS),windows) - LOCAL_STATIC_LIBRARIES += libselinux -endif -include $(BUILD_HOST_STATIC_LIBRARY) - - -include $(CLEAR_VARS) -LOCAL_SRC_FILES := make_ext4fs_main.c canned_fs_config.c -LOCAL_MODULE := make_ext4fs -LOCAL_STATIC_LIBRARIES += \ - libcutils \ - libext4_utils_host \ - libsparse_host \ - libz -ifeq ($(HOST_OS),windows) - LOCAL_LDLIBS += -lws2_32 -else - LOCAL_STATIC_LIBRARIES += libselinux - LOCAL_CFLAGS := -DHOST -endif -include $(BUILD_HOST_EXECUTABLE) - - -# -# -- All host/targets excluding windows -# - -libext4_utils_src_files += \ - ext4_crypt.cpp \ - e4crypt_static.c \ - unencrypted_properties.cpp - -ifneq ($(HOST_OS),windows) - -include $(CLEAR_VARS) -LOCAL_SRC_FILES := $(libext4_utils_src_files) -LOCAL_MODULE := libext4_utils -LOCAL_C_INCLUDES += system/core/logwrapper/include -LOCAL_SHARED_LIBRARIES := \ - libcutils \ - libselinux \ - libsparse \ - libz -include $(BUILD_SHARED_LIBRARY) - - -include $(CLEAR_VARS) -LOCAL_SRC_FILES := $(libext4_utils_src_files) \ - ext4_crypt_init_extensions.cpp -LOCAL_MODULE := libext4_utils_static -LOCAL_STATIC_LIBRARIES := \ - libsparse_static -include $(BUILD_STATIC_LIBRARY) - - -include $(CLEAR_VARS) -LOCAL_SRC_FILES := make_ext4fs_main.c canned_fs_config.c -LOCAL_MODULE := make_ext4fs -LOCAL_SHARED_LIBRARIES := \ - libcutils \ - libext4_utils \ - libselinux \ - libz -include $(BUILD_EXECUTABLE) - - -include $(CLEAR_VARS) -LOCAL_SRC_FILES := ext2simg.c -LOCAL_MODULE := ext2simg -LOCAL_SHARED_LIBRARIES += \ - libext4_utils \ - libselinux \ - libsparse \ - libz -include $(BUILD_EXECUTABLE) - - -include $(CLEAR_VARS) -LOCAL_SRC_FILES := ext2simg.c -LOCAL_MODULE := ext2simg -LOCAL_STATIC_LIBRARIES += \ - libext4_utils_host \ - libselinux \ - libsparse_host \ - libz -include $(BUILD_HOST_EXECUTABLE) - - -include $(CLEAR_VARS) -LOCAL_SRC_FILES := setup_fs.c -LOCAL_MODULE := setup_fs -LOCAL_SHARED_LIBRARIES += libcutils -include $(BUILD_EXECUTABLE) - - -include $(CLEAR_VARS) -LOCAL_SRC_FILES := ext4fixup_main.c -LOCAL_MODULE := ext4fixup -LOCAL_SHARED_LIBRARIES += \ - libext4_utils \ - libsparse \ - libz -include $(BUILD_EXECUTABLE) - - -include $(CLEAR_VARS) -LOCAL_SRC_FILES := ext4fixup_main.c -LOCAL_MODULE := ext4fixup -LOCAL_STATIC_LIBRARIES += \ - libext4_utils_host \ - libsparse_host \ - libz -include $(BUILD_HOST_EXECUTABLE) - - -include $(CLEAR_VARS) -LOCAL_MODULE := mkuserimg.sh -LOCAL_SRC_FILES := mkuserimg.sh -LOCAL_MODULE_CLASS := EXECUTABLES -# We don't need any additional suffix. -LOCAL_MODULE_SUFFIX := -LOCAL_BUILT_MODULE_STEM := $(notdir $(LOCAL_SRC_FILES)) -LOCAL_IS_HOST_MODULE := true -include $(BUILD_PREBUILT) - -endif diff --git a/e4crypt_static.c b/e4crypt_static.c deleted file mode 100644 index 1a62ce4..0000000 --- a/e4crypt_static.c +++ /dev/null @@ -1,147 +0,0 @@ -/* - * Copyright (c) 2015 Google, Inc. - */ - -#define TAG "ext4_utils" - -#include -#include -#include -#include - -#include -#include -#include - -#include - -#include "ext4_crypt.h" - -/* keyring keyctl commands */ -#define KEYCTL_SETPERM 5 /* set permissions for a key in a keyring */ -#define KEYCTL_UNLINK 9 /* unlink a key from a keyring */ -#define KEYCTL_SEARCH 10 /* search for a key in a keyring */ - -#define XATTR_NAME_ENCRYPTION_POLICY "encryption.policy" -#define EXT4_KEYREF_DELIMITER ((char)'.') - -/* Validate that all path items are available and accessible. */ -static int is_path_valid(const char *path) -{ - if (access(path, W_OK)) { - KLOG_ERROR(TAG, "Can't access %s: %s\n",strerror(errno), path); - return 0; - } - - return 1; -} - -/* Checks whether the policy provided is valid */ -static int is_keyref_valid(const char *keyref) -{ - char *period = 0; - size_t key_location_len = 0; - - /* Key ref must have a key and location delimiter character. */ - period = strchr(keyref, EXT4_KEYREF_DELIMITER); - if (!period) { - return 0; - } - - /* period must be >= keyref. */ - key_location_len = period - keyref; - - if (strncmp(keyref, "@t", key_location_len) == 0 || - strncmp(keyref, "@p", key_location_len) == 0 || - strncmp(keyref, "@s", key_location_len) == 0 || - strncmp(keyref, "@u", key_location_len) == 0 || - strncmp(keyref, "@g", key_location_len) == 0 || - strncmp(keyref, "@us", key_location_len) == 0) - return 1; - - return 0; -} - -static int is_dir_empty(const char *dirname) -{ - int n = 0; - struct dirent *d; - DIR *dir; - - dir = opendir(dirname); - while ((d = readdir(dir)) != NULL) { - if (strcmp(d->d_name, "lost+found") == 0) { - // Skip lost+found directory - } else if (++n > 2) { - break; - } - } - closedir(dir); - return n <= 2; -} - -int do_policy_set(const char *directory, const char *policy) -{ - struct stat st; - ssize_t ret; - - if (!is_keyref_valid(policy)) { - KLOG_ERROR(TAG, "Policy has invalid format.\n"); - return -EINVAL; - } - - if (!is_path_valid(directory)) { - return -EINVAL; - } - - stat(directory, &st); - if (!S_ISDIR(st.st_mode)) { - KLOG_ERROR(TAG, "Can only set policy on a directory (%s)\n", directory); - return -EINVAL; - } - - if (!is_dir_empty(directory)) { - KLOG_ERROR(TAG, "Can only set policy on an empty directory (%s)\n", directory); - return -EINVAL; - } - - ret = lsetxattr(directory, XATTR_NAME_ENCRYPTION_POLICY, policy, - strlen(policy), 0); - - if (ret) { - KLOG_ERROR(TAG, "Failed to set encryption policy for %s: %s\n", - directory, strerror(errno)); - return -EINVAL; - } - - KLOG_INFO(TAG, "Encryption policy for %s is set to %s\n", directory, policy); - return 0; -} - -static long keyctl(int cmd, ...) -{ - va_list va; - unsigned long arg2, arg3, arg4, arg5; - - va_start(va, cmd); - arg2 = va_arg(va, unsigned long); - arg3 = va_arg(va, unsigned long); - arg4 = va_arg(va, unsigned long); - arg5 = va_arg(va, unsigned long); - va_end(va); - return syscall(__NR_keyctl, cmd, arg2, arg3, arg4, arg5); -} - -key_serial_t add_key(const char *type, - const char *description, - const void *payload, - size_t plen, - key_serial_t ringid) -{ - return syscall(__NR_add_key, type, description, payload, plen, ringid); -} - -long keyctl_setperm(key_serial_t id, int permissions) -{ - return keyctl(KEYCTL_SETPERM, id, permissions); -} diff --git a/ext2simg.c b/ext2simg.c deleted file mode 100644 index e5b36c4..0000000 --- a/ext2simg.c +++ /dev/null @@ -1,195 +0,0 @@ -/* - * Copyright (C) 2010 The Android Open Source Project - * - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ - -#define _FILE_OFFSET_BITS 64 -#define _LARGEFILE64_SOURCE 1 - -#include -#include -#include -#include -#include -#include -#include - -#include - -#include "ext4_utils.h" -#include "make_ext4fs.h" -#include "allocate.h" - -#if defined(__APPLE__) && defined(__MACH__) -#define off64_t off_t -#endif - -#ifndef USE_MINGW /* O_BINARY is windows-specific flag */ -#define O_BINARY 0 -#endif - -extern struct fs_info info; - -static int verbose = 0; - -static void usage(char *path) -{ - fprintf(stderr, "%s [ options ] \n", path); - fprintf(stderr, "\n"); - fprintf(stderr, " -c include CRC block\n"); - fprintf(stderr, " -v verbose output\n"); - fprintf(stderr, " -z gzip output\n"); - fprintf(stderr, " -S don't use sparse output format\n"); -} - -static int build_sparse_ext(int fd, const char *filename) -{ - unsigned int i; - unsigned int block; - int start_contiguous_block; - u8 *block_bitmap; - off64_t ret; - - block_bitmap = malloc(info.block_size); - if (!block_bitmap) - critical_error("failed to allocate block bitmap"); - - if (aux_info.first_data_block > 0) - sparse_file_add_file(ext4_sparse_file, filename, 0, - info.block_size * aux_info.first_data_block, 0); - - for (i = 0; i < aux_info.groups; i++) { - u32 first_block = aux_info.first_data_block + i * info.blocks_per_group; - u32 last_block = min(info.blocks_per_group, aux_info.len_blocks - first_block); - - ret = lseek64(fd, (u64)info.block_size * aux_info.bg_desc[i].bg_block_bitmap, - SEEK_SET); - if (ret < 0) - critical_error_errno("failed to seek to block group bitmap %d", i); - - ret = read(fd, block_bitmap, info.block_size); - if (ret < 0) - critical_error_errno("failed to read block group bitmap %d", i); - if (ret != (int)info.block_size) - critical_error("failed to read all of block group bitmap %d", i); - - start_contiguous_block = -1; - for (block = 0; block < last_block; block++) { - if (start_contiguous_block >= 0) { - if (!bitmap_get_bit(block_bitmap, block)) { - u32 start_block = first_block + start_contiguous_block; - u32 len_blocks = block - start_contiguous_block; - - sparse_file_add_file(ext4_sparse_file, filename, - (u64)info.block_size * start_block, - info.block_size * len_blocks, start_block); - start_contiguous_block = -1; - } - } else { - if (bitmap_get_bit(block_bitmap, block)) - start_contiguous_block = block; - } - } - - if (start_contiguous_block >= 0) { - u32 start_block = first_block + start_contiguous_block; - u32 len_blocks = last_block - start_contiguous_block; - sparse_file_add_file(ext4_sparse_file, filename, - (u64)info.block_size * start_block, - info.block_size * len_blocks, start_block); - } - } - - return 0; -} - -int main(int argc, char **argv) -{ - int opt; - const char *in = NULL; - const char *out = NULL; - int gzip = 0; - int sparse = 1; - int infd, outfd; - int crc = 0; - - while ((opt = getopt(argc, argv, "cvzS")) != -1) { - switch (opt) { - case 'c': - crc = 1; - break; - case 'v': - verbose = 1; - break; - case 'z': - gzip = 1; - break; - case 'S': - sparse = 0; - break; - } - } - - if (optind >= argc) { - fprintf(stderr, "Expected image or block device after options\n"); - usage(argv[0]); - exit(EXIT_FAILURE); - } - - in = argv[optind++]; - - if (optind >= argc) { - fprintf(stderr, "Expected output image after input image\n"); - usage(argv[0]); - exit(EXIT_FAILURE); - } - - out = argv[optind++]; - - if (optind < argc) { - fprintf(stderr, "Unexpected argument: %s\n", argv[optind]); - usage(argv[0]); - exit(EXIT_FAILURE); - } - - infd = open(in, O_RDONLY); - - if (infd < 0) - critical_error_errno("failed to open input image"); - - read_ext(infd, verbose); - - ext4_sparse_file = sparse_file_new(info.block_size, info.len); - - build_sparse_ext(infd, in); - - close(infd); - - if (strcmp(out, "-")) { - outfd = open(out, O_WRONLY | O_CREAT | O_TRUNC | O_BINARY, 0644); - if (outfd < 0) { - error_errno("open"); - return EXIT_FAILURE; - } - } else { - outfd = STDOUT_FILENO; - } - - write_ext4_image(outfd, gzip, sparse, crc); - close(outfd); - - sparse_file_destroy(ext4_sparse_file); - - return 0; -} diff --git a/ext4_crypt.cpp b/ext4_crypt.cpp deleted file mode 100644 index bb57332..0000000 --- a/ext4_crypt.cpp +++ /dev/null @@ -1,120 +0,0 @@ -#define TAG "ext4_utils" - -#include "ext4_crypt.h" - -#include -#include -#include - -#include -#include - -#include -#include - -#include "unencrypted_properties.h" - -namespace { - std::map s_password_store; -} - -bool e4crypt_non_default_key(const char* dir) -{ - int type = e4crypt_get_password_type(dir); - - // ext4enc:TODO Use consts, not 1 here - return type != -1 && type != 1; -} - -int e4crypt_get_password_type(const char* path) -{ - UnencryptedProperties props(path); - if (props.Get(properties::key).empty()) { - KLOG_INFO(TAG, "No master key, so not ext4enc\n"); - return -1; - } - - return props.Get(properties::type, 1); -} - -int e4crypt_change_password(const char* path, int crypt_type, - const char* password) -{ - // ext4enc:TODO Encrypt master key with password securely. Store hash of - // master key for validation - UnencryptedProperties props(path); - if ( props.Set(properties::password, password) - && props.Set(properties::type, crypt_type)) - return 0; - return -1; -} - -int e4crypt_crypto_complete(const char* path) -{ - KLOG_INFO(TAG, "ext4 crypto complete called on %s\n", path); - if (UnencryptedProperties(path).Get(properties::key).empty()) { - KLOG_INFO(TAG, "No master key, so not ext4enc\n"); - return -1; - } - - return 0; -} - -int e4crypt_check_passwd(const char* path, const char* password) -{ - UnencryptedProperties props(path); - if (props.Get(properties::key).empty()) { - KLOG_INFO(TAG, "No master key, so not ext4enc\n"); - return -1; - } - - auto actual_password = props.Get(properties::password); - - if (actual_password == password) { - s_password_store[path] = password; - return 0; - } else { - return -1; - } -} - -int e4crypt_restart(const char* path) -{ - int rc = 0; - - KLOG_INFO(TAG, "ext4 restart called on %s\n", path); - property_set("vold.decrypt", "trigger_reset_main"); - KLOG_INFO(TAG, "Just asked init to shut down class main\n"); - sleep(2); - - std::string tmp_path = std::string() + path + "/tmp_mnt"; - - // ext4enc:TODO add retry logic - rc = umount(tmp_path.c_str()); - if (rc) { - KLOG_ERROR(TAG, "umount %s failed with rc %d, msg %s\n", - tmp_path.c_str(), rc, strerror(errno)); - return rc; - } - - // ext4enc:TODO add retry logic - rc = umount(path); - if (rc) { - KLOG_ERROR(TAG, "umount %s failed with rc %d, msg %s\n", - path, rc, strerror(errno)); - return rc; - } - - return 0; -} - -const char* e4crypt_get_password(const char* path) -{ - // ext4enc:TODO scrub password after timeout - auto i = s_password_store.find(path); - if (i == s_password_store.end()) { - return 0; - } else { - return i->second.c_str(); - } -} diff --git a/ext4_crypt.h b/ext4_crypt.h deleted file mode 100644 index cc69273..0000000 --- a/ext4_crypt.h +++ /dev/null @@ -1,50 +0,0 @@ -#include -#include -#include - -__BEGIN_DECLS -// These functions assume they are being called from init -// They will not operate properly outside of init -int e4crypt_install_keyring(); -int e4crypt_install_key(const char* dir); -int e4crypt_create_device_key(const char* dir, - int ensure_dir_exists(const char* dir)); - -// General functions -bool e4crypt_non_default_key(const char* dir); -int e4crypt_set_directory_policy(const char* dir); -int e4crypt_main(int argc, char* argv[]); -int e4crypt_change_password(const char* path, int crypt_type, - const char* password); -int e4crypt_get_password_type(const char* path); -int e4crypt_crypto_complete(const char* dir); -int e4crypt_check_passwd(const char* dir, const char* password); -const char* e4crypt_get_password(const char* dir); -int e4crypt_restart(const char* dir); - -// Key functions. ext4enc:TODO Move to own file - -// ext4enc:TODO - get these keyring standard definitions from proper system file -// keyring serial number type -typedef int32_t key_serial_t; - -// special process keyring shortcut IDs -#define KEY_SPEC_THREAD_KEYRING -1 // key ID for thread-specific keyring -#define KEY_SPEC_PROCESS_KEYRING -2 // key ID for process-specific keyring -#define KEY_SPEC_SESSION_KEYRING -3 // key ID for session-specific keyring -#define KEY_SPEC_USER_KEYRING -4 // key ID for UID-specific keyring -#define KEY_SPEC_USER_SESSION_KEYRING -5 // key ID for UID-session keyring -#define KEY_SPEC_GROUP_KEYRING -6 // key ID for GID-specific keyring - -key_serial_t add_key(const char *type, - const char *description, - const void *payload, - size_t plen, - key_serial_t ringid); - -long keyctl_setperm(key_serial_t id, int permissions); - -// Set policy on directory -int do_policy_set(const char *directory, const char *policy); - -__END_DECLS diff --git a/ext4_crypt_init_extensions.cpp b/ext4_crypt_init_extensions.cpp deleted file mode 100644 index 1585911..0000000 --- a/ext4_crypt_init_extensions.cpp +++ /dev/null @@ -1,269 +0,0 @@ -#define TAG "ext4_utils" - -#include "ext4_crypt.h" - -#include -#include -#include -#include - -#include -#include -#include - -#include -#include -#include - -#include "unencrypted_properties.h" - -// ext4enc:TODO Include structure from somewhere sensible -// MUST be in sync with ext4_crypto.c in kernel -#define EXT4_MAX_KEY_SIZE 76 -struct ext4_encryption_key { - uint32_t mode; - char raw[EXT4_MAX_KEY_SIZE]; - uint32_t size; -}; - -static const std::string keyring = "@s"; -static const std::string arbitrary_sequence_number = "42"; - -static key_serial_t device_keyring = -1; - -static std::string vold_command(std::string const& command) -{ - KLOG_INFO(TAG, "Running command %s\n", command.c_str()); - int sock = socket_local_client("vold", - ANDROID_SOCKET_NAMESPACE_RESERVED, - SOCK_STREAM); - - if (sock < 0) { - KLOG_INFO(TAG, "Cannot open vold, failing command\n"); - return ""; - } - - class CloseSocket - { - int sock_; - public: - CloseSocket(int sock) : sock_(sock) {} - ~CloseSocket() { close(sock_); } - }; - - CloseSocket cs(sock); - - // Use arbitrary sequence number. This should only be used when the - // framework is down, so this is (mostly) OK. - std::string actual_command = arbitrary_sequence_number + " " + command; - if (write(sock, actual_command.c_str(), actual_command.size() + 1) < 0) { - KLOG_ERROR(TAG, "Cannot write command\n"); - return ""; - } - - while (1) { - struct timeval to; - to.tv_sec = 10; - to.tv_usec = 0; - - fd_set read_fds; - FD_ZERO(&read_fds); - FD_SET(sock, &read_fds); - - int rc = select(sock + 1, &read_fds, NULL, NULL, &to); - if (rc < 0) { - KLOG_ERROR(TAG, "Error in select %s\n", strerror(errno)); - return ""; - } else if (!rc) { - KLOG_ERROR(TAG, "Timeout\n"); - return ""; - } else if (FD_ISSET(sock, &read_fds)) { - char buffer[4096]; - memset(buffer, 0, sizeof(buffer)); - rc = read(sock, buffer, sizeof(buffer)); - if (rc <= 0) { - if (rc == 0) { - KLOG_ERROR(TAG, "Lost connection to Vold - did it crash?\n"); - } else { - KLOG_ERROR(TAG, "Error reading data (%s)\n", strerror(errno)); - } - return ""; - } - - // We don't truly know that this is the correct result. However, - // since this will only be used when the framework is down, - // it should be OK unless someone is running vdc at the same time. - // Worst case we force a reboot in the very rare synchronization - // error - return std::string(buffer, rc); - } - } -} - -int e4crypt_create_device_key(const char* dir, - int ensure_dir_exists(const char*)) -{ - // Make sure folder exists. Use make_dir to set selinux permissions. - KLOG_INFO(TAG, "Creating test device key\n"); - UnencryptedProperties props(dir); - if (ensure_dir_exists(props.GetPath().c_str())) { - KLOG_ERROR(TAG, "Failed to create %s with error %s\n", - props.GetPath().c_str(), strerror(errno)); - return -1; - } - - if (props.Get(properties::key).empty()) { - // Create new key since it doesn't already exist - std::ifstream urandom("/dev/urandom", std::ifstream::binary); - if (!urandom) { - KLOG_ERROR(TAG, "Failed to open /dev/urandom\n"); - return -1; - } - - // ext4enc:TODO Don't hardcode 32 - std::string key_material(32, '\0'); - urandom.read(&key_material[0], key_material.length()); - if (!urandom) { - KLOG_ERROR(TAG, "Failed to read random bytes\n"); - return -1; - } - - if (!props.Set(properties::key, key_material)) { - KLOG_ERROR(TAG, "Failed to write key material\n"); - return -1; - } - } - - if (!props.Remove(properties::ref)) { - KLOG_ERROR(TAG, "Failed to remove key ref\n"); - return -1; - } - - return 0; -} - -int e4crypt_install_keyring() -{ - device_keyring = add_key("keyring", - "e4crypt", - 0, - 0, - KEY_SPEC_SESSION_KEYRING); - - if (device_keyring == -1) { - KLOG_ERROR(TAG, "Failed to create keyring\n"); - return -1; - } - - KLOG_INFO(TAG, "Keyring created wth id %d in process %d\n", - device_keyring, getpid()); - - // ext4enc:TODO set correct permissions - long result = keyctl_setperm(device_keyring, 0x3f3f3f3f); - if (result) { - KLOG_ERROR(TAG, "KEYCTL_SETPERM failed with error %ld\n", result); - return -1; - } - - return 0; -} - -int e4crypt_install_key(const char* dir) -{ - UnencryptedProperties props(dir); - auto key = props.Get(properties::key); - - // Get password to decrypt as needed - if (e4crypt_non_default_key(dir)) { - std::string result = vold_command("cryptfs getpw"); - // result is either - // 200 0 -1 - // or - // 200 0 {{sensitive}} 0001020304 - // where 0001020304 is hex encoding of password - std::istringstream i(result); - std::string bit; - i >> bit; - if (bit != "200") { - KLOG_ERROR(TAG, "Expecting 200\n"); - return -1; - } - - i >> bit; - if (bit != arbitrary_sequence_number) { - KLOG_ERROR(TAG, "Expecting %s\n", arbitrary_sequence_number.c_str()); - return -1; - } - - i >> bit; - if (bit != "{{sensitive}}") { - KLOG_INFO(TAG, "Not encrypted\n"); - return -1; - } - - i >> bit; - } - - // Add key to keyring - ext4_encryption_key ext4_key = {0, {0}, 0}; - if (key.length() > sizeof(ext4_key.raw)) { - KLOG_ERROR(TAG, "Key too long\n"); - return -1; - } - - ext4_key.mode = 0; - memcpy(ext4_key.raw, &key[0], key.length()); - ext4_key.size = key.length(); - - // ext4enc:TODO Use better reference not 1234567890 - key_serial_t key_id = add_key("logon", "ext4-key:1234567890", - (void*)&ext4_key, sizeof(ext4_key), - device_keyring); - - if (key_id == -1) { - KLOG_ERROR(TAG, "Failed to insert key into keyring with error %s\n", - strerror(errno)); - return -1; - } - - KLOG_INFO(TAG, "Added key %d to keyring %d in process %d\n", - key_id, device_keyring, getpid()); - - // ext4enc:TODO set correct permissions - long result = keyctl_setperm(key_id, 0x3f3f3f3f); - if (result) { - KLOG_ERROR(TAG, "KEYCTL_SETPERM failed with error %ld\n", result); - return -1; - } - - // Save reference to key so we can set policy later - if (!props.Set(properties::ref, "ext4-key:1234567890")) { - KLOG_ERROR(TAG, "Cannot save key reference\n"); - return -1; - } - - return 0; -} - -int e4crypt_set_directory_policy(const char* dir) -{ - // Only set policy on first level /data directories - // To make this less restrictive, consider using a policy file. - // However this is overkill for as long as the policy is simply - // to apply a global policy to all /data folders created via makedir - if (!dir || strncmp(dir, "/data/", 6) || strchr(dir + 6, '/')) { - return 0; - } - - UnencryptedProperties props("/data"); - std::string ref = props.Get(properties::ref); - std::string policy = keyring + "." + ref; - KLOG_INFO(TAG, "Setting policy %s\n", policy.c_str()); - int result = do_policy_set(dir, policy.c_str()); - if (result) { - KLOG_ERROR(TAG, "Setting policy on %s failed!\n", dir); - return -1; - } - - return 0; -} diff --git a/ext4fixup_main.c b/ext4fixup_main.c deleted file mode 100644 index 47c7e65..0000000 --- a/ext4fixup_main.c +++ /dev/null @@ -1,68 +0,0 @@ -/* - * Copyright (C) 2010 The Android Open Source Project - * - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ - -#include -#include -#include -#include -#include "ext4fixup.h" - -static void usage(char *me) -{ - fprintf(stderr, "%s: usage: %s [-vn] \n", me, me); -} - -int main(int argc, char **argv) -{ - int opt; - int verbose = 0; - int no_write = 0; - char *fsdev; - char *me; - int stop_phase = 0, stop_loc = 0, stop_count = 0; - - me = basename(argv[0]); - - while ((opt = getopt(argc, argv, "vnd:")) != -1) { - switch (opt) { - case 'v': - verbose = 1; - break; - case 'n': - no_write = 1; - break; - case 'd': - sscanf(optarg, "%d,%d,%d", &stop_phase, &stop_loc, &stop_count); - break; - } - } - - if (optind >= argc) { - fprintf(stderr, "expected image or block device after options\n"); - usage(me); - exit(EXIT_FAILURE); - } - - fsdev = argv[optind++]; - - if (optind < argc) { - fprintf(stderr, "Unexpected argument: %s\n", argv[optind]); - usage(me); - exit(EXIT_FAILURE); - } - - return ext4fixup_internal(fsdev, verbose, no_write, stop_phase, stop_loc, stop_count); -} diff --git a/mkuserimg.sh b/mkuserimg.sh deleted file mode 100755 index 3a6006e..0000000 --- a/mkuserimg.sh +++ /dev/null @@ -1,106 +0,0 @@ -#!/bin/bash -# -# To call this script, make sure make_ext4fs is somewhere in PATH - -function usage() { -cat<] - [-T TIMESTAMP] [-C FS_CONFIG] [-B BLOCK_LIST_FILE] [-L LABEL] [FILE_CONTEXTS] -EOT -} - -ENABLE_SPARSE_IMAGE= -if [ "$1" = "-s" ]; then - ENABLE_SPARSE_IMAGE="-s" - shift -fi - -if [ $# -lt 5 ]; then - usage - exit 1 -fi - -SRC_DIR=$1 -if [ ! -d $SRC_DIR ]; then - echo "Can not find directory $SRC_DIR!" - exit 2 -fi - -OUTPUT_FILE=$2 -EXT_VARIANT=$3 -MOUNT_POINT=$4 -SIZE=$5 -shift; shift; shift; shift; shift - -JOURNAL_FLAGS= -if [ "$1" = "-j" ]; then - if [ "$2" = "0" ]; then - JOURNAL_FLAGS="-J" - else - JOURNAL_FLAGS="-j $2" - fi - shift; shift -fi - -TIMESTAMP=-1 -if [[ "$1" == "-T" ]]; then - TIMESTAMP=$2 - shift; shift -fi - -FS_CONFIG= -if [[ "$1" == "-C" ]]; then - FS_CONFIG=$2 - shift; shift -fi - -BLOCK_LIST= -if [[ "$1" == "-B" ]]; then - BLOCK_LIST=$2 - shift; shift -fi - -LABEL= -if [[ "$1" == "-L" ]]; then - LABEL=$2 - shift; shift -fi - -FC=$1 - -case $EXT_VARIANT in - ext4) ;; - *) echo "Only ext4 is supported!"; exit 3 ;; -esac - -if [ -z $MOUNT_POINT ]; then - echo "Mount point is required" - exit 2 -fi - -if [ -z $SIZE ]; then - echo "Need size of filesystem" - exit 2 -fi - -OPT="" -if [ -n "$FC" ]; then - OPT="$OPT -S $FC" -fi -if [ -n "$FS_CONFIG" ]; then - OPT="$OPT -C $FS_CONFIG" -fi -if [ -n "$BLOCK_LIST" ]; then - OPT="$OPT -B $BLOCK_LIST" -fi -if [ -n "$LABEL" ]; then - OPT="$OPT -L $LABEL" -fi - -MAKE_EXT4FS_CMD="make_ext4fs $ENABLE_SPARSE_IMAGE -T $TIMESTAMP $OPT -l $SIZE $JOURNAL_FLAGS -a $MOUNT_POINT $OUTPUT_FILE $SRC_DIR" -echo $MAKE_EXT4FS_CMD -$MAKE_EXT4FS_CMD -if [ $? -ne 0 ]; then - exit 4 -fi diff --git a/setup_fs.c b/setup_fs.c deleted file mode 100644 index 56c563f..0000000 --- a/setup_fs.c +++ /dev/null @@ -1,85 +0,0 @@ -#include -#include -#include -#include -#include -#include -#include -#include - -const char *mkfs = "/system/bin/make_ext4fs"; - -int setup_fs(const char *blockdev) -{ - char buf[256], path[128]; - pid_t child; - int status, n; - pid_t pid; - - /* we might be looking at an indirect reference */ - n = readlink(blockdev, path, sizeof(path) - 1); - if (n > 0) { - path[n] = 0; - if (!memcmp(path, "/dev/block/", 11)) - blockdev = path + 11; - } - - if (strchr(blockdev,'/')) { - fprintf(stderr,"not a block device name: %s\n", blockdev); - return 0; - } - - snprintf(buf, sizeof(buf), "/sys/fs/ext4/%s", blockdev); - if (access(buf, F_OK) == 0) { - fprintf(stderr,"device %s already has a filesystem\n", blockdev); - return 0; - } - snprintf(buf, sizeof(buf), "/dev/block/%s", blockdev); - - if (!partition_wiped(buf)) { - fprintf(stderr,"device %s not wiped, probably encrypted, not wiping\n", blockdev); - return 0; - } - - fprintf(stderr,"+++\n"); - - child = fork(); - if (child < 0) { - fprintf(stderr,"error: setup_fs: fork failed\n"); - return 0; - } - if (child == 0) { - execl(mkfs, mkfs, buf, NULL); - exit(-1); - } - - while ((pid=waitpid(-1, &status, 0)) != child) { - if (pid == -1) { - fprintf(stderr, "error: setup_fs: waitpid failed!\n"); - return 1; - } - } - - fprintf(stderr,"---\n"); - return 1; -} - - -int main(int argc, char **argv) -{ - int need_reboot = 0; - - while (argc > 1) { - if (strlen(argv[1]) < 128) - need_reboot |= setup_fs(argv[1]); - argv++; - argc--; - } - - if (need_reboot) { - fprintf(stderr,"REBOOT!\n"); - android_reboot(ANDROID_RB_RESTART, 0, 0); - exit(-1); - } - return 0; -} diff --git a/test_ext4fixup b/test_ext4fixup deleted file mode 100755 index a920a59..0000000 --- a/test_ext4fixup +++ /dev/null @@ -1,71 +0,0 @@ -#!/bin/bash - -typeset -i I ITERATIONS PHASE LOC COUNT MAXCOUNT - -ME=`basename $0` - -if [ "$#" -ne 3 ] -then - echo "$ME: Usage: $ME " >&2 - exit 1; -fi - -ITERATIONS="$1" -MAXCOUNT="$2" -ORIG_FS_IMAGE="$3" -FIXED_FS_IMAGE="/tmp/fixedfsimage.$$" -NEW_FS_IMAGE="/tmp/newfsimage.$$" - -if [ ! -f "$ORIG_FS_IMAGE" ] -then - echo "$ME: Filesystem image $NEW_FS_IMAGE does not exist" >&2 - exit 1 -fi - -trap "rm -f $NEW_FS_IMAGE $FIXED_FS_IMAGE" 0 1 2 3 15 - -rm -f "$NEW_FS_IMAGE" "$FIXED_FS_IMAGE" - -# Create the fixed image to compare against -cp "$ORIG_FS_IMAGE" "$FIXED_FS_IMAGE" -ext4fixup "$FIXED_FS_IMAGE" - -if [ "$?" -ne 0 ] -then - echo "$ME: ext4fixup failed!\n" - exit 1 -fi - -I=0 -while [ "$I" -lt "$ITERATIONS" ] -do - # There is also a phase 4, which is writing out the updated superblocks and - # block group descriptors. Test the with a separate script. - let PHASE="$RANDOM"%3 # 0 to 2 - let PHASE++ # 1 to 3 - let LOC="$RANDOM"%2 # 0 to 1 - let LOC++ # 1 to 2 - let COUNT="$RANDOM"%"$MAXCOUNT" - - # Make a copy of the original image to fixup - cp "$ORIG_FS_IMAGE" "$NEW_FS_IMAGE" - - # Run the fixup tool, but die partway through to see if we can recover - ext4fixup -d "$PHASE,$LOC,$COUNT" "$NEW_FS_IMAGE" 2>/dev/null - - # run it again without -d to have it finish the job - ext4fixup "$NEW_FS_IMAGE" - - if cmp "$FIXED_FS_IMAGE" "$NEW_FS_IMAGE" - then - : - else - echo "$ME: test failed with parameters $PHASE, $LOC, $COUNT" - exit 1 - fi - - rm -f "$NEW_FS_IMAGE" - - let I++ -done - diff --git a/unencrypted_properties.cpp b/unencrypted_properties.cpp deleted file mode 100644 index bef7c57..0000000 --- a/unencrypted_properties.cpp +++ /dev/null @@ -1,86 +0,0 @@ -#include "unencrypted_properties.h" - -#include - -namespace properties { - const char* key = "key"; - const char* ref = "ref"; - const char* type = "type"; - const char* password = "password"; -} - -namespace -{ - const char* unencrypted_folder = "unencrypted"; -} - -UnencryptedProperties::UnencryptedProperties(const char* device) - : folder_(std::string() + device + "/" + unencrypted_folder) -{ -} - -UnencryptedProperties::UnencryptedProperties() -{ -} - -template<> std::string UnencryptedProperties::Get(const char* name, - std::string default_value) -{ - if (!OK()) return default_value; - std::ifstream i(folder_ + "/" + name, std::ios::binary); - if (!i) { - return default_value; - } - - i.seekg(0, std::ios::end); - int length = i.tellg(); - i.seekg(0, std::ios::beg); - if (length == -1) { - return default_value; - } - - std::string s(length, 0); - i.read(&s[0], length); - if (!i) { - return default_value; - } - - return s; -} - -template<> bool UnencryptedProperties::Set(const char* name, std::string const& value) -{ - if (!OK()) return false; - std::ofstream o(folder_ + "/" + name, std::ios::binary); - o << value; - return !o.fail(); -} - -UnencryptedProperties UnencryptedProperties::GetChild(const char* name) -{ - UnencryptedProperties e4p; - if (!OK()) return e4p; - - std::string directory(folder_ + "/" + name); - if (mkdir(directory.c_str(), 700) == -1 && errno != EEXIST) { - return e4p; - } - - e4p.folder_ = directory; - return e4p; -} - -bool UnencryptedProperties::Remove(const char* name) -{ - if (remove((folder_ + "/" + name).c_str()) - && errno != ENOENT) { - return false; - } - - return true; -} - -bool UnencryptedProperties::OK() const -{ - return !folder_.empty(); -} diff --git a/unencrypted_properties.h b/unencrypted_properties.h deleted file mode 100644 index 80f41df..0000000 --- a/unencrypted_properties.h +++ /dev/null @@ -1,70 +0,0 @@ -#include -#include - -// key names for properties we use -namespace properties { - extern const char* key; - extern const char* ref; - extern const char* type; - extern const char* password; -} - -/** - * Class to store data on the unencrypted folder of a device. - * Note that the folder must exist before this class is constructed. - * All names must be valid single level (no '/') file or directory names - * Data is organized hierarchically so we can get a child folder - */ -class UnencryptedProperties -{ -public: - // Opens properties folder on named device. - // If folder does not exist, construction will succeed, but all - // getters will return default properties and setters will fail. - UnencryptedProperties(const char* device); - - // Get named object. Return default if object does not exist or error. - template t Get(const char* name, t default_value = t()); - - // Set named object. Return true if success, false otherwise - template bool Set(const char* name, t const& value); - - // Get child properties - UnencryptedProperties GetChild(const char* name); - - // Remove named object - bool Remove(const char* name); - - // Get path of folder - std::string const& GetPath() const {return folder_;} -private: - UnencryptedProperties(); - bool OK() const; - std::string folder_; -}; - - -template t UnencryptedProperties::Get(const char* name, - t default_value) -{ - if (!OK()) return default_value; - t value = default_value; - std::ifstream(folder_ + "/" + name) >> value; - return value; -} - -template bool UnencryptedProperties::Set(const char* name, - t const& value) -{ - if (!OK()) return false; - std::ofstream o(folder_ + "/" + name); - o << value; - return !o.fail(); -} - -// Specialized getters/setters for strings -template<> std::string UnencryptedProperties::Get(const char* name, - std::string default_value); - -template<> bool UnencryptedProperties::Set(const char* name, - std::string const& value);