From a701c458ca6d36604f417f55e95c63493d1545d7 Mon Sep 17 00:00:00 2001 From: Eric Biggers Date: Tue, 23 Oct 2018 13:06:55 -0700 Subject: [PATCH] vold: rename from "ext4 encryption" to fscrypt We support file-based encryption on both ext4 and f2fs now, and the kernel API is the same. So rename things appropriately in vold: e4crypt => fscrypt ext4enc => fscrypt Ext4Crypt => FsCrypt EXT4_* => FS_* ext4_encryption_key => fscrypt_key Additionally, the common functions shared by 'vold' and 'init' are now in libfscrypt rather than ext4_utils. So update vold to link to libfscrypt and include the renamed headers. Note: there's a chance of 'fscrypt' being confused with the dm-crypt based encryption code in vold which is called 'cryptfs'. However, fscrypt is the name used in the kernel for ext4/f2fs/ubifs encryption, and it's preferable to use the same name in userspace. Test: built, booted device with f2fs encryption Change-Id: I2a46a49f30d9c0b73d6f6fe09e4a4904d4138ff6 --- Android.bp | 3 +- Ext4Crypt.cpp => FsCrypt.cpp | 96 ++++++++++++++++++------------------ Ext4Crypt.h => FsCrypt.h | 22 ++++----- KeyUtil.cpp | 58 ++++++++++------------ MetadataCrypt.cpp | 6 +-- MetadataCrypt.h | 2 +- VoldNativeService.cpp | 38 +++++++------- VolumeManager.cpp | 8 +-- cryptfs.cpp | 22 ++++----- fs/Ext4.cpp | 6 +-- fs/F2fs.cpp | 4 +- model/Disk.cpp | 4 +- 12 files changed, 133 insertions(+), 136 deletions(-) rename Ext4Crypt.cpp => FsCrypt.cpp (92%) rename Ext4Crypt.h => FsCrypt.h (61%) diff --git a/Android.bp b/Android.bp index af77cef..8f2ba34 100644 --- a/Android.bp +++ b/Android.bp @@ -48,6 +48,7 @@ cc_defaults { "libdiskconfig", "libext4_utils", "libf2fs_sparseblock", + "libfscrypt", "libhardware", "libhardware_legacy", "libhidlbase", @@ -99,8 +100,8 @@ cc_library_static { "Checkpoint.cpp", "Devmapper.cpp", "EncryptInplace.cpp", - "Ext4Crypt.cpp", "FileDeviceUtils.cpp", + "FsCrypt.cpp", "IdleMaint.cpp", "KeyBuffer.cpp", "KeyStorage.cpp", diff --git a/Ext4Crypt.cpp b/FsCrypt.cpp similarity index 92% rename from Ext4Crypt.cpp rename to FsCrypt.cpp index 21071d4..087b916 100644 --- a/Ext4Crypt.cpp +++ b/FsCrypt.cpp @@ -14,7 +14,7 @@ * limitations under the License. */ -#include "Ext4Crypt.h" +#include "FsCrypt.h" #include "KeyStorage.h" #include "KeyUtil.h" @@ -50,7 +50,7 @@ #include #include -#include +#include #include #include @@ -71,7 +71,7 @@ struct PolicyKeyRef { std::string key_raw_ref; }; -const std::string device_key_dir = std::string() + DATA_MNT_POINT + e4crypt_unencrypted_folder; +const std::string device_key_dir = std::string() + DATA_MNT_POINT + fscrypt_unencrypted_folder; const std::string device_key_path = device_key_dir + "/key"; const std::string device_key_temp = device_key_dir + "/temp"; @@ -95,7 +95,7 @@ std::map s_ce_keys; } // namespace -static bool e4crypt_is_emulated() { +static bool fscrypt_is_emulated() { return property_get_bool("persist.sys.emulate_fbe", false); } @@ -282,7 +282,7 @@ static void get_data_file_encryption_modes(PolicyKeyRef* key_ref) { } static bool ensure_policy(const PolicyKeyRef& key_ref, const std::string& path) { - return e4crypt_policy_ensure(path.c_str(), key_ref.key_raw_ref.data(), + return fscrypt_policy_ensure(path.c_str(), key_ref.key_raw_ref.data(), key_ref.key_raw_ref.size(), key_ref.contents_mode.c_str(), key_ref.filenames_mode.c_str()) == 0; } @@ -326,13 +326,13 @@ static bool load_all_de_keys() { LOG(DEBUG) << "Installed de key for user " << user_id; } } - // ext4enc:TODO: go through all DE directories, ensure that all user dirs have the + // fscrypt:TODO: go through all DE directories, ensure that all user dirs have the // correct policy set on them, and that no rogue ones exist. return true; } -bool e4crypt_initialize_global_de() { - LOG(INFO) << "e4crypt_initialize_global_de"; +bool fscrypt_initialize_global_de() { + LOG(INFO) << "fscrypt_initialize_global_de"; if (s_global_de_initialized) { LOG(INFO) << "Already initialized"; @@ -346,13 +346,13 @@ bool e4crypt_initialize_global_de() { get_data_file_encryption_modes(&device_ref); std::string modestring = device_ref.contents_mode + ":" + device_ref.filenames_mode; - std::string mode_filename = std::string("/data") + e4crypt_key_mode; + std::string mode_filename = std::string("/data") + fscrypt_key_mode; if (!android::base::WriteStringToFile(modestring, mode_filename)) { PLOG(ERROR) << "Cannot save type"; return false; } - std::string ref_filename = std::string("/data") + e4crypt_key_ref; + std::string ref_filename = std::string("/data") + fscrypt_key_ref; if (!android::base::WriteStringToFile(device_ref.key_raw_ref, ref_filename)) { PLOG(ERROR) << "Cannot save key reference to:" << ref_filename; return false; @@ -363,9 +363,9 @@ bool e4crypt_initialize_global_de() { return true; } -bool e4crypt_init_user0() { - LOG(DEBUG) << "e4crypt_init_user0"; - if (e4crypt_is_native()) { +bool fscrypt_init_user0() { + LOG(DEBUG) << "fscrypt_init_user0"; + if (fscrypt_is_native()) { if (!prepare_dir(user_key_dir, 0700, AID_ROOT, AID_ROOT)) return false; if (!prepare_dir(user_key_dir + "/ce", 0700, AID_ROOT, AID_ROOT)) return false; if (!prepare_dir(user_key_dir + "/de", 0700, AID_ROOT, AID_ROOT)) return false; @@ -379,28 +379,28 @@ bool e4crypt_init_user0() { // We can only safely prepare DE storage here, since CE keys are probably // entangled with user credentials. The framework will always prepare CE // storage once CE keys are installed. - if (!e4crypt_prepare_user_storage("", 0, 0, android::os::IVold::STORAGE_FLAG_DE)) { + if (!fscrypt_prepare_user_storage("", 0, 0, android::os::IVold::STORAGE_FLAG_DE)) { LOG(ERROR) << "Failed to prepare user 0 storage"; return false; } // If this is a non-FBE device that recently left an emulated mode, // restore user data directories to known-good state. - if (!e4crypt_is_native() && !e4crypt_is_emulated()) { - e4crypt_unlock_user_key(0, 0, "!", "!"); + if (!fscrypt_is_native() && !fscrypt_is_emulated()) { + fscrypt_unlock_user_key(0, 0, "!", "!"); } return true; } -bool e4crypt_vold_create_user_key(userid_t user_id, int serial, bool ephemeral) { - LOG(DEBUG) << "e4crypt_vold_create_user_key for " << user_id << " serial " << serial; - if (!e4crypt_is_native()) { +bool fscrypt_vold_create_user_key(userid_t user_id, int serial, bool ephemeral) { + LOG(DEBUG) << "fscrypt_vold_create_user_key for " << user_id << " serial " << serial; + if (!fscrypt_is_native()) { return true; } // FIXME test for existence of key that is not loaded yet if (s_ce_key_raw_refs.count(user_id) != 0) { - LOG(ERROR) << "Already exists, can't e4crypt_vold_create_user_key for " << user_id + LOG(ERROR) << "Already exists, can't fscrypt_vold_create_user_key for " << user_id << " serial " << serial; // FIXME should we fail the command? return true; @@ -433,9 +433,9 @@ static bool evict_ce_key(userid_t user_id) { return success; } -bool e4crypt_destroy_user_key(userid_t user_id) { - LOG(DEBUG) << "e4crypt_destroy_user_key(" << user_id << ")"; - if (!e4crypt_is_native()) { +bool fscrypt_destroy_user_key(userid_t user_id) { + LOG(DEBUG) << "fscrypt_destroy_user_key(" << user_id << ")"; + if (!fscrypt_is_native()) { return true; } bool success = true; @@ -479,13 +479,13 @@ static bool emulated_unlock(const std::string& path, mode_t mode) { if (chmod(path.c_str(), mode) != 0) { PLOG(ERROR) << "Failed to chmod " << path; // FIXME temporary workaround for b/26713622 - if (e4crypt_is_emulated()) return false; + if (fscrypt_is_emulated()) return false; } #if EMULATED_USES_SELINUX if (selinux_android_restorecon(path.c_str(), SELINUX_ANDROID_RESTORECON_FORCE) != 0) { PLOG(WARNING) << "Failed to restorecon " << path; // FIXME temporary workaround for b/26713622 - if (e4crypt_is_emulated()) return false; + if (fscrypt_is_emulated()) return false; } #endif return true; @@ -548,11 +548,11 @@ static bool destroy_volkey(const std::string& misc_path, const std::string& volu return android::vold::destroyKey(path); } -bool e4crypt_add_user_key_auth(userid_t user_id, int serial, const std::string& token_hex, +bool fscrypt_add_user_key_auth(userid_t user_id, int serial, const std::string& token_hex, const std::string& secret_hex) { - LOG(DEBUG) << "e4crypt_add_user_key_auth " << user_id << " serial=" << serial + LOG(DEBUG) << "fscrypt_add_user_key_auth " << user_id << " serial=" << serial << " token_present=" << (token_hex != "!"); - if (!e4crypt_is_native()) return true; + if (!fscrypt_is_native()) return true; if (s_ephemeral_users.count(user_id) != 0) return true; std::string token, secret; if (!parse_hex(token_hex, &token)) return false; @@ -573,9 +573,9 @@ bool e4crypt_add_user_key_auth(userid_t user_id, int serial, const std::string& return true; } -bool e4crypt_fixate_newest_user_key_auth(userid_t user_id) { - LOG(DEBUG) << "e4crypt_fixate_newest_user_key_auth " << user_id; - if (!e4crypt_is_native()) return true; +bool fscrypt_fixate_newest_user_key_auth(userid_t user_id) { + LOG(DEBUG) << "fscrypt_fixate_newest_user_key_auth " << user_id; + if (!fscrypt_is_native()) return true; if (s_ephemeral_users.count(user_id) != 0) return true; auto const directory_path = get_ce_key_directory_path(user_id); auto const paths = get_ce_key_paths(directory_path); @@ -588,11 +588,11 @@ bool e4crypt_fixate_newest_user_key_auth(userid_t user_id) { } // TODO: rename to 'install' for consistency, and take flags to know which keys to install -bool e4crypt_unlock_user_key(userid_t user_id, int serial, const std::string& token_hex, +bool fscrypt_unlock_user_key(userid_t user_id, int serial, const std::string& token_hex, const std::string& secret_hex) { - LOG(DEBUG) << "e4crypt_unlock_user_key " << user_id << " serial=" << serial + LOG(DEBUG) << "fscrypt_unlock_user_key " << user_id << " serial=" << serial << " token_present=" << (token_hex != "!"); - if (e4crypt_is_native()) { + if (fscrypt_is_native()) { if (s_ce_key_raw_refs.count(user_id) != 0) { LOG(WARNING) << "Tried to unlock already-unlocked key for user " << user_id; return true; @@ -621,11 +621,11 @@ bool e4crypt_unlock_user_key(userid_t user_id, int serial, const std::string& to } // TODO: rename to 'evict' for consistency -bool e4crypt_lock_user_key(userid_t user_id) { - LOG(DEBUG) << "e4crypt_lock_user_key " << user_id; - if (e4crypt_is_native()) { +bool fscrypt_lock_user_key(userid_t user_id) { + LOG(DEBUG) << "fscrypt_lock_user_key " << user_id; + if (fscrypt_is_native()) { return evict_ce_key(user_id); - } else if (e4crypt_is_emulated()) { + } else if (fscrypt_is_emulated()) { // When in emulation mode, we just use chmod if (!emulated_lock(android::vold::BuildDataSystemCePath(user_id)) || !emulated_lock(android::vold::BuildDataMiscCePath(user_id)) || @@ -650,9 +650,9 @@ static bool prepare_subdirs(const std::string& action, const std::string& volume return true; } -bool e4crypt_prepare_user_storage(const std::string& volume_uuid, userid_t user_id, int serial, +bool fscrypt_prepare_user_storage(const std::string& volume_uuid, userid_t user_id, int serial, int flags) { - LOG(DEBUG) << "e4crypt_prepare_user_storage for volume " << escape_empty(volume_uuid) + LOG(DEBUG) << "fscrypt_prepare_user_storage for volume " << escape_empty(volume_uuid) << ", user " << user_id << ", serial " << serial << ", flags " << flags; if (flags & android::os::IVold::STORAGE_FLAG_DE) { @@ -682,7 +682,7 @@ bool e4crypt_prepare_user_storage(const std::string& volume_uuid, userid_t user_ } if (!prepare_dir(user_de_path, 0771, AID_SYSTEM, AID_SYSTEM)) return false; - if (e4crypt_is_native()) { + if (fscrypt_is_native()) { PolicyKeyRef de_ref; if (volume_uuid.empty()) { if (!lookup_key_ref(s_de_key_raw_refs, user_id, &de_ref.key_raw_ref)) return false; @@ -713,7 +713,7 @@ bool e4crypt_prepare_user_storage(const std::string& volume_uuid, userid_t user_ if (!prepare_dir(media_ce_path, 0770, AID_MEDIA_RW, AID_MEDIA_RW)) return false; if (!prepare_dir(user_ce_path, 0771, AID_SYSTEM, AID_SYSTEM)) return false; - if (e4crypt_is_native()) { + if (fscrypt_is_native()) { PolicyKeyRef ce_ref; if (volume_uuid.empty()) { if (!lookup_key_ref(s_ce_key_raw_refs, user_id, &ce_ref.key_raw_ref)) return false; @@ -742,8 +742,8 @@ bool e4crypt_prepare_user_storage(const std::string& volume_uuid, userid_t user_ return true; } -bool e4crypt_destroy_user_storage(const std::string& volume_uuid, userid_t user_id, int flags) { - LOG(DEBUG) << "e4crypt_destroy_user_storage for volume " << escape_empty(volume_uuid) +bool fscrypt_destroy_user_storage(const std::string& volume_uuid, userid_t user_id, int flags) { + LOG(DEBUG) << "fscrypt_destroy_user_storage for volume " << escape_empty(volume_uuid) << ", user " << user_id << ", flags " << flags; bool res = true; @@ -764,7 +764,7 @@ bool e4crypt_destroy_user_storage(const std::string& volume_uuid, userid_t user_ res &= destroy_dir(misc_ce_path); res &= destroy_dir(vendor_ce_path); } else { - if (e4crypt_is_native()) { + if (fscrypt_is_native()) { res &= destroy_volkey(misc_ce_path, volume_uuid); } } @@ -793,7 +793,7 @@ bool e4crypt_destroy_user_storage(const std::string& volume_uuid, userid_t user_ res &= destroy_dir(misc_de_path); res &= destroy_dir(vendor_de_path); } else { - if (e4crypt_is_native()) { + if (fscrypt_is_native()) { res &= destroy_volkey(misc_de_path, volume_uuid); } } @@ -828,9 +828,9 @@ static bool destroy_volume_keys(const std::string& directory_path, const std::st return res; } -bool e4crypt_destroy_volume_keys(const std::string& volume_uuid) { +bool fscrypt_destroy_volume_keys(const std::string& volume_uuid) { bool res = true; - LOG(DEBUG) << "e4crypt_destroy_volume_keys for volume " << escape_empty(volume_uuid); + LOG(DEBUG) << "fscrypt_destroy_volume_keys for volume " << escape_empty(volume_uuid); auto secdiscardable_path = volume_secdiscardable_path(volume_uuid); res &= android::vold::runSecdiscardSingle(secdiscardable_path); res &= destroy_volume_keys("/data/misc_ce", volume_uuid); diff --git a/Ext4Crypt.h b/FsCrypt.h similarity index 61% rename from Ext4Crypt.h rename to FsCrypt.h index a43a68a..16e2f9a 100644 --- a/Ext4Crypt.h +++ b/FsCrypt.h @@ -18,21 +18,21 @@ #include -bool e4crypt_initialize_global_de(); +bool fscrypt_initialize_global_de(); -bool e4crypt_init_user0(); -bool e4crypt_vold_create_user_key(userid_t user_id, int serial, bool ephemeral); -bool e4crypt_destroy_user_key(userid_t user_id); -bool e4crypt_add_user_key_auth(userid_t user_id, int serial, const std::string& token, +bool fscrypt_init_user0(); +bool fscrypt_vold_create_user_key(userid_t user_id, int serial, bool ephemeral); +bool fscrypt_destroy_user_key(userid_t user_id); +bool fscrypt_add_user_key_auth(userid_t user_id, int serial, const std::string& token, const std::string& secret); -bool e4crypt_fixate_newest_user_key_auth(userid_t user_id); +bool fscrypt_fixate_newest_user_key_auth(userid_t user_id); -bool e4crypt_unlock_user_key(userid_t user_id, int serial, const std::string& token, +bool fscrypt_unlock_user_key(userid_t user_id, int serial, const std::string& token, const std::string& secret); -bool e4crypt_lock_user_key(userid_t user_id); +bool fscrypt_lock_user_key(userid_t user_id); -bool e4crypt_prepare_user_storage(const std::string& volume_uuid, userid_t user_id, int serial, +bool fscrypt_prepare_user_storage(const std::string& volume_uuid, userid_t user_id, int serial, int flags); -bool e4crypt_destroy_user_storage(const std::string& volume_uuid, userid_t user_id, int flags); +bool fscrypt_destroy_user_storage(const std::string& volume_uuid, userid_t user_id, int flags); -bool e4crypt_destroy_volume_keys(const std::string& volume_uuid); +bool fscrypt_destroy_volume_keys(const std::string& volume_uuid); diff --git a/KeyUtil.cpp b/KeyUtil.cpp index 29ba699..252edeb 100644 --- a/KeyUtil.cpp +++ b/KeyUtil.cpp @@ -32,22 +32,19 @@ namespace android { namespace vold { -// ext4enc:TODO get this const from somewhere good -const int EXT4_KEY_DESCRIPTOR_SIZE = 8; - -// ext4enc:TODO Include structure from somewhere sensible -// MUST be in sync with ext4_crypto.c in kernel -constexpr int EXT4_ENCRYPTION_MODE_AES_256_XTS = 1; -constexpr int EXT4_AES_256_XTS_KEY_SIZE = 64; -constexpr int EXT4_MAX_KEY_SIZE = 64; -struct ext4_encryption_key { +// fscrypt:TODO get these definitions from +constexpr int FS_KEY_DESCRIPTOR_SIZE = 8; +constexpr int FS_ENCRYPTION_MODE_AES_256_XTS = 1; +constexpr int FS_AES_256_XTS_KEY_SIZE = 64; +constexpr int FS_MAX_KEY_SIZE = 64; +struct fscrypt_key { uint32_t mode; - char raw[EXT4_MAX_KEY_SIZE]; + char raw[FS_MAX_KEY_SIZE]; uint32_t size; }; bool randomKey(KeyBuffer* key) { - *key = KeyBuffer(EXT4_AES_256_XTS_KEY_SIZE); + *key = KeyBuffer(FS_AES_256_XTS_KEY_SIZE); if (ReadRandomBytes(key->size(), key->data()) != 0) { // TODO status_t plays badly with PLOG, fix it. LOG(ERROR) << "Random read failed"; @@ -70,21 +67,20 @@ static std::string generateKeyRef(const char* key, int length) { unsigned char key_ref2[SHA512_DIGEST_LENGTH]; SHA512_Final(key_ref2, &c); - static_assert(EXT4_KEY_DESCRIPTOR_SIZE <= SHA512_DIGEST_LENGTH, - "Hash too short for descriptor"); - return std::string((char*)key_ref2, EXT4_KEY_DESCRIPTOR_SIZE); + static_assert(FS_KEY_DESCRIPTOR_SIZE <= SHA512_DIGEST_LENGTH, "Hash too short for descriptor"); + return std::string((char*)key_ref2, FS_KEY_DESCRIPTOR_SIZE); } -static bool fillKey(const KeyBuffer& key, ext4_encryption_key* ext4_key) { - if (key.size() != EXT4_AES_256_XTS_KEY_SIZE) { +static bool fillKey(const KeyBuffer& key, fscrypt_key* fs_key) { + if (key.size() != FS_AES_256_XTS_KEY_SIZE) { LOG(ERROR) << "Wrong size key " << key.size(); return false; } - static_assert(EXT4_AES_256_XTS_KEY_SIZE <= sizeof(ext4_key->raw), "Key too long!"); - ext4_key->mode = EXT4_ENCRYPTION_MODE_AES_256_XTS; - ext4_key->size = key.size(); - memset(ext4_key->raw, 0, sizeof(ext4_key->raw)); - memcpy(ext4_key->raw, key.data(), key.size()); + static_assert(FS_AES_256_XTS_KEY_SIZE <= sizeof(fs_key->raw), "Key too long!"); + fs_key->mode = FS_ENCRYPTION_MODE_AES_256_XTS; + fs_key->size = key.size(); + memset(fs_key->raw, 0, sizeof(fs_key->raw)); + memcpy(fs_key->raw, key.data(), key.size()); return true; } @@ -100,8 +96,8 @@ static std::string keyname(const std::string& prefix, const std::string& raw_ref } // Get the keyring we store all keys in -static bool e4cryptKeyring(key_serial_t* device_keyring) { - *device_keyring = keyctl_search(KEY_SPEC_SESSION_KEYRING, "keyring", "e4crypt", 0); +static bool fscryptKeyring(key_serial_t* device_keyring) { + *device_keyring = keyctl_search(KEY_SPEC_SESSION_KEYRING, "keyring", "fscrypt", 0); if (*device_keyring == -1) { PLOG(ERROR) << "Unable to find device keyring"; return false; @@ -112,18 +108,18 @@ static bool e4cryptKeyring(key_serial_t* device_keyring) { // Install password into global keyring // Return raw key reference for use in policy bool installKey(const KeyBuffer& key, std::string* raw_ref) { - // Place ext4_encryption_key into automatically zeroing buffer. - KeyBuffer ext4KeyBuffer(sizeof(ext4_encryption_key)); - ext4_encryption_key& ext4_key = *reinterpret_cast(ext4KeyBuffer.data()); + // Place fscrypt_key into automatically zeroing buffer. + KeyBuffer fsKeyBuffer(sizeof(fscrypt_key)); + fscrypt_key& fs_key = *reinterpret_cast(fsKeyBuffer.data()); - if (!fillKey(key, &ext4_key)) return false; - *raw_ref = generateKeyRef(ext4_key.raw, ext4_key.size); + if (!fillKey(key, &fs_key)) return false; + *raw_ref = generateKeyRef(fs_key.raw, fs_key.size); key_serial_t device_keyring; - if (!e4cryptKeyring(&device_keyring)) return false; + if (!fscryptKeyring(&device_keyring)) return false; for (char const* const* name_prefix = NAME_PREFIXES; *name_prefix != nullptr; name_prefix++) { auto ref = keyname(*name_prefix, *raw_ref); key_serial_t key_id = - add_key("logon", ref.c_str(), (void*)&ext4_key, sizeof(ext4_key), device_keyring); + add_key("logon", ref.c_str(), (void*)&fs_key, sizeof(fs_key), device_keyring); if (key_id == -1) { PLOG(ERROR) << "Failed to insert key into keyring " << device_keyring; return false; @@ -136,7 +132,7 @@ bool installKey(const KeyBuffer& key, std::string* raw_ref) { bool evictKey(const std::string& raw_ref) { key_serial_t device_keyring; - if (!e4cryptKeyring(&device_keyring)) return false; + if (!fscryptKeyring(&device_keyring)) return false; bool success = true; for (char const* const* name_prefix = NAME_PREFIXES; *name_prefix != nullptr; name_prefix++) { auto ref = keyname(*name_prefix, raw_ref); diff --git a/MetadataCrypt.cpp b/MetadataCrypt.cpp index 0934563..e156424 100644 --- a/MetadataCrypt.cpp +++ b/MetadataCrypt.cpp @@ -194,11 +194,11 @@ static bool create_crypto_blk_dev(const std::string& dm_name, uint64_t nr_sec, return true; } -bool e4crypt_mount_metadata_encrypted(const std::string& mount_point, bool needs_encrypt) { - LOG(DEBUG) << "e4crypt_mount_metadata_encrypted: " << mount_point << " " << needs_encrypt; +bool fscrypt_mount_metadata_encrypted(const std::string& mount_point, bool needs_encrypt) { + LOG(DEBUG) << "fscrypt_mount_metadata_encrypted: " << mount_point << " " << needs_encrypt; auto encrypted_state = android::base::GetProperty("ro.crypto.state", ""); if (encrypted_state != "") { - LOG(DEBUG) << "e4crypt_enable_crypto got unexpected starting state: " << encrypted_state; + LOG(DEBUG) << "fscrypt_enable_crypto got unexpected starting state: " << encrypted_state; return false; } auto data_rec = fs_mgr_get_entry_for_mount_point(fstab_default, mount_point); diff --git a/MetadataCrypt.h b/MetadataCrypt.h index 841dc97..d82a43b 100644 --- a/MetadataCrypt.h +++ b/MetadataCrypt.h @@ -19,6 +19,6 @@ #include -bool e4crypt_mount_metadata_encrypted(const std::string& mount_point, bool needs_encrypt); +bool fscrypt_mount_metadata_encrypted(const std::string& mount_point, bool needs_encrypt); #endif diff --git a/VoldNativeService.cpp b/VoldNativeService.cpp index 9684e1a..5987849 100644 --- a/VoldNativeService.cpp +++ b/VoldNativeService.cpp @@ -25,7 +25,7 @@ #include "VolumeManager.h" #include "Checkpoint.h" -#include "Ext4Crypt.h" +#include "FsCrypt.h" #include "MetadataCrypt.h" #include "cryptfs.h" @@ -35,8 +35,8 @@ #include #include #include -#include #include +#include #include #include @@ -574,11 +574,11 @@ binder::Status VoldNativeService::fdeEnable(int32_t passwordType, const std::str ACQUIRE_CRYPT_LOCK; LOG(DEBUG) << "fdeEnable(" << passwordType << ", *, " << encryptionFlags << ")"; - if (e4crypt_is_native()) { - LOG(ERROR) << "e4crypt_is_native, fdeEnable invalid"; - return error("e4crypt_is_native, fdeEnable invalid"); + if (fscrypt_is_native()) { + LOG(ERROR) << "fscrypt_is_native, fdeEnable invalid"; + return error("fscrypt_is_native, fdeEnable invalid"); } - LOG(DEBUG) << "!e4crypt_is_native, spawning fdeEnableInternal"; + LOG(DEBUG) << "!fscrypt_is_native, spawning fdeEnableInternal"; // Spawn as thread so init can issue commands back to vold without // causing deadlock, usually as a result of prep_data_fs. @@ -652,14 +652,14 @@ binder::Status VoldNativeService::fbeEnable() { ENFORCE_UID(AID_SYSTEM); ACQUIRE_CRYPT_LOCK; - return translateBool(e4crypt_initialize_global_de()); + return translateBool(fscrypt_initialize_global_de()); } binder::Status VoldNativeService::mountDefaultEncrypted() { ENFORCE_UID(AID_SYSTEM); ACQUIRE_CRYPT_LOCK; - if (!e4crypt_is_native()) { + if (!fscrypt_is_native()) { // Spawn as thread so init can issue commands back to vold without // causing deadlock, usually as a result of prep_data_fs. std::thread(&cryptfs_mount_default_encrypted).detach(); @@ -671,7 +671,7 @@ binder::Status VoldNativeService::initUser0() { ENFORCE_UID(AID_SYSTEM); ACQUIRE_CRYPT_LOCK; - return translateBool(e4crypt_init_user0()); + return translateBool(fscrypt_init_user0()); } binder::Status VoldNativeService::isConvertibleToFbe(bool* _aidl_return) { @@ -686,28 +686,28 @@ binder::Status VoldNativeService::mountFstab(const std::string& mountPoint) { ENFORCE_UID(AID_SYSTEM); ACQUIRE_LOCK; - return translateBool(e4crypt_mount_metadata_encrypted(mountPoint, false)); + return translateBool(fscrypt_mount_metadata_encrypted(mountPoint, false)); } binder::Status VoldNativeService::encryptFstab(const std::string& mountPoint) { ENFORCE_UID(AID_SYSTEM); ACQUIRE_LOCK; - return translateBool(e4crypt_mount_metadata_encrypted(mountPoint, true)); + return translateBool(fscrypt_mount_metadata_encrypted(mountPoint, true)); } binder::Status VoldNativeService::createUserKey(int32_t userId, int32_t userSerial, bool ephemeral) { ENFORCE_UID(AID_SYSTEM); ACQUIRE_CRYPT_LOCK; - return translateBool(e4crypt_vold_create_user_key(userId, userSerial, ephemeral)); + return translateBool(fscrypt_vold_create_user_key(userId, userSerial, ephemeral)); } binder::Status VoldNativeService::destroyUserKey(int32_t userId) { ENFORCE_UID(AID_SYSTEM); ACQUIRE_CRYPT_LOCK; - return translateBool(e4crypt_destroy_user_key(userId)); + return translateBool(fscrypt_destroy_user_key(userId)); } binder::Status VoldNativeService::addUserKeyAuth(int32_t userId, int32_t userSerial, @@ -716,14 +716,14 @@ binder::Status VoldNativeService::addUserKeyAuth(int32_t userId, int32_t userSer ENFORCE_UID(AID_SYSTEM); ACQUIRE_CRYPT_LOCK; - return translateBool(e4crypt_add_user_key_auth(userId, userSerial, token, secret)); + return translateBool(fscrypt_add_user_key_auth(userId, userSerial, token, secret)); } binder::Status VoldNativeService::fixateNewestUserKeyAuth(int32_t userId) { ENFORCE_UID(AID_SYSTEM); ACQUIRE_CRYPT_LOCK; - return translateBool(e4crypt_fixate_newest_user_key_auth(userId)); + return translateBool(fscrypt_fixate_newest_user_key_auth(userId)); } binder::Status VoldNativeService::unlockUserKey(int32_t userId, int32_t userSerial, @@ -732,14 +732,14 @@ binder::Status VoldNativeService::unlockUserKey(int32_t userId, int32_t userSeri ENFORCE_UID(AID_SYSTEM); ACQUIRE_CRYPT_LOCK; - return translateBool(e4crypt_unlock_user_key(userId, userSerial, token, secret)); + return translateBool(fscrypt_unlock_user_key(userId, userSerial, token, secret)); } binder::Status VoldNativeService::lockUserKey(int32_t userId) { ENFORCE_UID(AID_SYSTEM); ACQUIRE_CRYPT_LOCK; - return translateBool(e4crypt_lock_user_key(userId)); + return translateBool(fscrypt_lock_user_key(userId)); } binder::Status VoldNativeService::prepareUserStorage(const std::unique_ptr& uuid, @@ -751,7 +751,7 @@ binder::Status VoldNativeService::prepareUserStorage(const std::unique_ptr& uuid, @@ -762,7 +762,7 @@ binder::Status VoldNativeService::destroyUserStorage(const std::unique_ptr -#include +#include #include "Devmapper.h" -#include "Ext4Crypt.h" +#include "FsCrypt.h" #include "Loop.h" #include "NetlinkManager.h" #include "Process.h" @@ -331,8 +331,8 @@ int VolumeManager::forgetPartition(const std::string& partGuid, const std::strin LOG(ERROR) << "Failed to unlink " << keyPath; success = false; } - if (e4crypt_is_native()) { - if (!e4crypt_destroy_volume_keys(fsUuid)) { + if (fscrypt_is_native()) { + if (!fscrypt_destroy_volume_keys(fsUuid)) { success = false; } } diff --git a/cryptfs.cpp b/cryptfs.cpp index 4a76fb7..6e449ac 100644 --- a/cryptfs.cpp +++ b/cryptfs.cpp @@ -26,7 +26,7 @@ #include "Checkpoint.h" #include "EncryptInplace.h" -#include "Ext4Crypt.h" +#include "FsCrypt.h" #include "Keymaster.h" #include "Process.h" #include "ScryptParameters.h" @@ -38,10 +38,10 @@ #include #include #include -#include #include #include #include +#include #include #include #include @@ -1606,7 +1606,7 @@ static int cryptfs_restart_internal(int restart_main) { int cryptfs_restart(void) { SLOGI("cryptfs_restart"); - if (e4crypt_is_native()) { + if (fscrypt_is_native()) { SLOGE("cryptfs_restart not valid for file encryption:"); return -1; } @@ -1627,7 +1627,7 @@ static int do_crypto_complete(const char* mount_point) { } // crypto_complete is full disk encrypted status - if (e4crypt_is_native()) { + if (fscrypt_is_native()) { return CRYPTO_COMPLETE_NOT_ENCRYPTED; } @@ -1823,7 +1823,7 @@ int cryptfs_setup_ext_volume(const char* label, const char* real_blkdev, const u strlcpy((char*)ext_crypt_ftr.crypto_type_name, cryptfs_get_crypto_name(), MAX_CRYPTO_TYPE_NAME_LEN); uint32_t flags = 0; - if (e4crypt_is_native() && + if (fscrypt_is_native() && android::base::GetBoolProperty("ro.crypto.allow_encrypt_override", false)) flags |= CREATE_CRYPTO_BLK_DEV_FLAGS_ALLOW_ENCRYPT_OVERRIDE; @@ -1862,7 +1862,7 @@ int check_unmounted_and_get_ftr(struct crypt_mnt_ftr* crypt_ftr) { int cryptfs_check_passwd(const char* passwd) { SLOGI("cryptfs_check_passwd"); - if (e4crypt_is_native()) { + if (fscrypt_is_native()) { SLOGE("cryptfs_check_passwd not valid for file encryption"); return -1; } @@ -2407,7 +2407,7 @@ int cryptfs_enable_default(int no_ui) { } int cryptfs_changepw(int crypt_type, const char* newpw) { - if (e4crypt_is_native()) { + if (fscrypt_is_native()) { SLOGE("cryptfs_changepw not valid for file encryption"); return -1; } @@ -2602,7 +2602,7 @@ static int persist_count_keys(const char* fieldname) { /* Return the value of the specified field. */ int cryptfs_getfield(const char* fieldname, char* value, int len) { - if (e4crypt_is_native()) { + if (fscrypt_is_native()) { SLOGE("Cannot get field when file encrypted"); return -1; } @@ -2667,7 +2667,7 @@ out: /* Set the value of the specified field. */ int cryptfs_setfield(const char* fieldname, const char* value) { - if (e4crypt_is_native()) { + if (fscrypt_is_native()) { SLOGE("Cannot set field when file encrypted"); return -1; } @@ -2787,7 +2787,7 @@ int cryptfs_mount_default_encrypted(void) { /* Returns type of the password, default, pattern, pin or password. */ int cryptfs_get_password_type(void) { - if (e4crypt_is_native()) { + if (fscrypt_is_native()) { SLOGE("cryptfs_get_password_type not valid for file encryption"); return -1; } @@ -2807,7 +2807,7 @@ int cryptfs_get_password_type(void) { } const char* cryptfs_get_password() { - if (e4crypt_is_native()) { + if (fscrypt_is_native()) { SLOGE("cryptfs_get_password not valid for file encryption"); return 0; } diff --git a/fs/Ext4.cpp b/fs/Ext4.cpp index 7ac4853..806cfd1 100644 --- a/fs/Ext4.cpp +++ b/fs/Ext4.cpp @@ -36,12 +36,12 @@ #include #include #include -#include +#include #include #include #include "Ext4.h" -#include "Ext4Crypt.h" +#include "FsCrypt.h" #include "Utils.h" #include "VoldUtil.h" @@ -175,7 +175,7 @@ status_t Format(const std::string& source, unsigned long numSectors, const std:: if (android::base::GetBoolProperty("vold.has_quota", false)) { options += ",quota"; } - if (e4crypt_is_native()) { + if (fscrypt_is_native()) { options += ",encrypt"; } diff --git a/fs/F2fs.cpp b/fs/F2fs.cpp index 9d72963..c6e0f52 100644 --- a/fs/F2fs.cpp +++ b/fs/F2fs.cpp @@ -20,7 +20,7 @@ #include #include #include -#include +#include #include #include @@ -81,7 +81,7 @@ status_t Format(const std::string& source) { cmd.push_back("-O"); cmd.push_back("quota"); } - if (e4crypt_is_native()) { + if (fscrypt_is_native()) { cmd.push_back("-O"); cmd.push_back("encrypt"); } diff --git a/model/Disk.cpp b/model/Disk.cpp index 2b6773d..3d25e4c 100644 --- a/model/Disk.cpp +++ b/model/Disk.cpp @@ -15,7 +15,7 @@ */ #include "Disk.h" -#include "Ext4Crypt.h" +#include "FsCrypt.h" #include "PrivateVolume.h" #include "PublicVolume.h" #include "Utils.h" @@ -28,7 +28,7 @@ #include #include #include -#include +#include #include "cryptfs.h"