diff options
author | Paul Lawrence <paullawrence@google.com> | 2016-05-24 04:57:23 -0700 |
---|---|---|
committer | Paul Lawrence <paullawrence@google.com> | 2016-05-27 09:39:00 -0700 |
commit | c096c9c65ffd4485f137d1b90cffe280cf96fbc6 (patch) | |
tree | 1a7ac826eef1a0b4a68cd098d882d80894fc664d | |
parent | 4818b73cf845e05c6b14afb07e38da0b6720865a (diff) | |
download | extras-c096c9c65ffd4485f137d1b90cffe280cf96fbc6.tar.gz |
Get encryption mode for policy
Get encryption mode from the file saved out in vold
Bug: 28905864
Change-Id: I472a5f3f5f348943a968373910de23ad1b20b138
-rw-r--r-- | ext4_utils/ext4_crypt.cpp | 37 | ||||
-rw-r--r-- | ext4_utils/ext4_crypt.h | 5 | ||||
-rw-r--r-- | ext4_utils/ext4_crypt_init_extensions.cpp | 10 |
3 files changed, 41 insertions, 11 deletions
diff --git a/ext4_utils/ext4_crypt.cpp b/ext4_utils/ext4_crypt.cpp index be77b791..6e7b2d20 100644 --- a/ext4_utils/ext4_crypt.cpp +++ b/ext4_utils/ext4_crypt.cpp @@ -27,6 +27,7 @@ #include <sys/stat.h> #include <sys/types.h> +#include <android-base/file.h> #include <android-base/logging.h> #include <cutils/properties.h> @@ -48,6 +49,7 @@ struct ext4_encryption_policy { #define EXT4_ENCRYPTION_MODE_AES_256_XTS 1 #define EXT4_ENCRYPTION_MODE_AES_256_CTS 4 +#define EXT4_ENCRYPTION_MODE_PRIVATE 127 // ext4enc:TODO Get value from somewhere sensible #define EXT4_IOC_SET_ENCRYPTION_POLICY _IOR('f', 19, struct ext4_encryption_policy) @@ -99,7 +101,8 @@ static bool is_dir_empty(const char *dirname, bool *is_empty) return true; } -static bool e4crypt_policy_set(const char *directory, const char *policy, size_t policy_length) { +static bool e4crypt_policy_set(const char *directory, const char *policy, + size_t policy_length, int contents_encryption_mode) { if (policy_length != EXT4_KEY_DESCRIPTOR_SIZE) { LOG(ERROR) << "Policy wrong length: " << policy_length; return false; @@ -112,7 +115,7 @@ static bool e4crypt_policy_set(const char *directory, const char *policy, size_t ext4_encryption_policy eep; eep.version = 0; - eep.contents_encryption_mode = EXT4_ENCRYPTION_MODE_AES_256_XTS; + eep.contents_encryption_mode = contents_encryption_mode; eep.filenames_encryption_mode = EXT4_ENCRYPTION_MODE_AES_256_CTS; eep.flags = 0; memcpy(eep.master_key_descriptor, policy, EXT4_KEY_DESCRIPTOR_SIZE); @@ -129,7 +132,8 @@ static bool e4crypt_policy_set(const char *directory, const char *policy, size_t return true; } -static bool e4crypt_policy_get(const char *directory, char *policy, size_t policy_length) { +static bool e4crypt_policy_get(const char *directory, char *policy, + size_t policy_length, int contents_encryption_mode) { if (policy_length != EXT4_KEY_DESCRIPTOR_SIZE) { LOG(ERROR) << "Policy wrong length: " << policy_length; return false; @@ -151,7 +155,7 @@ static bool e4crypt_policy_get(const char *directory, char *policy, size_t polic close(fd); if ((eep.version != 0) - || (eep.contents_encryption_mode != EXT4_ENCRYPTION_MODE_AES_256_XTS) + || (eep.contents_encryption_mode != contents_encryption_mode) || (eep.filenames_encryption_mode != EXT4_ENCRYPTION_MODE_AES_256_CTS) || (eep.flags != 0)) { LOG(ERROR) << "Failed to find matching encryption policy for " << directory; @@ -162,13 +166,15 @@ static bool e4crypt_policy_get(const char *directory, char *policy, size_t polic return true; } -static bool e4crypt_policy_check(const char *directory, const char *policy, size_t policy_length) { +static bool e4crypt_policy_check(const char *directory, const char *policy, + size_t policy_length, int contents_encryption_mode) { if (policy_length != EXT4_KEY_DESCRIPTOR_SIZE) { LOG(ERROR) << "Policy wrong length: " << policy_length; return false; } char existing_policy[EXT4_KEY_DESCRIPTOR_SIZE]; - if (!e4crypt_policy_get(directory, existing_policy, EXT4_KEY_DESCRIPTOR_SIZE)) return false; + if (!e4crypt_policy_get(directory, existing_policy, EXT4_KEY_DESCRIPTOR_SIZE, + contents_encryption_mode)) return false; char existing_policy_hex[EXT4_KEY_DESCRIPTOR_SIZE_HEX]; policy_to_hex(existing_policy, existing_policy_hex); @@ -185,13 +191,26 @@ static bool e4crypt_policy_check(const char *directory, const char *policy, size return true; } -int e4crypt_policy_ensure(const char *directory, const char *policy, size_t policy_length) { +int e4crypt_policy_ensure(const char *directory, const char *policy, + size_t policy_length, const char* contents_encryption_mode) { + int mode = 0; + if (!strcmp(contents_encryption_mode, "software")) { + mode = EXT4_ENCRYPTION_MODE_AES_256_XTS; + } else if (!strcmp(contents_encryption_mode, "ice")) { + mode = EXT4_ENCRYPTION_MODE_PRIVATE; + } else { + LOG(ERROR) << "Invalid encryption mode"; + return -1; + } + bool is_empty; if (!is_dir_empty(directory, &is_empty)) return -1; if (is_empty) { - if (!e4crypt_policy_set(directory, policy, policy_length)) return -1; + if (!e4crypt_policy_set(directory, policy, policy_length, + mode)) return -1; } else { - if (!e4crypt_policy_check(directory, policy, policy_length)) return -1; + if (!e4crypt_policy_check(directory, policy, policy_length, + mode)) return -1; } return 0; } diff --git a/ext4_utils/ext4_crypt.h b/ext4_utils/ext4_crypt.h index ddc09a71..c306ce80 100644 --- a/ext4_utils/ext4_crypt.h +++ b/ext4_utils/ext4_crypt.h @@ -22,9 +22,12 @@ __BEGIN_DECLS bool e4crypt_is_native(); -int e4crypt_policy_ensure(const char *directory, const char* policy, size_t policy_length); +int e4crypt_policy_ensure(const char *directory, + const char* policy, size_t policy_length, + const char* contents_encryption_mode); static const char* e4crypt_unencrypted_folder = "/unencrypted"; static const char* e4crypt_key_ref = "/unencrypted/ref"; +static const char* e4crypt_key_mode = "/unencrypted/mode"; __END_DECLS diff --git a/ext4_utils/ext4_crypt_init_extensions.cpp b/ext4_utils/ext4_crypt_init_extensions.cpp index c6baea74..70b17507 100644 --- a/ext4_utils/ext4_crypt_init_extensions.cpp +++ b/ext4_utils/ext4_crypt_init_extensions.cpp @@ -141,8 +141,16 @@ int e4crypt_set_directory_policy(const char* dir) KLOG_ERROR(TAG, "Unable to read system policy to set on %s\n", dir); return -1; } + + auto type_filename = std::string("/data") + e4crypt_key_mode; + std::string contents_encryption_mode; + if (!android::base::ReadFileToString(type_filename, &contents_encryption_mode)) { + LOG(ERROR) << "Cannot read mode"; + } + KLOG_INFO(TAG, "Setting policy on %s\n", dir); - int result = e4crypt_policy_ensure(dir, policy.c_str(), policy.size()); + int result = e4crypt_policy_ensure(dir, policy.c_str(), policy.length(), + contents_encryption_mode.c_str()); if (result) { KLOG_ERROR(TAG, "Setting %02x%02x%02x%02x policy on %s failed!\n", policy[0], policy[1], policy[2], policy[3], dir); |