Get encryption mode for policy

Get encryption mode from the file saved out in vold Bug: 28905864 Change-Id: I472a5f3f5f348943a968373910de23ad1b20b138
author: Paul Lawrence <paullawrence@google.com> 2016-05-24 04:57:23 -0700
committer: Paul Lawrence <paullawrence@google.com> 2016-05-27 09:39:00 -0700
commit: c096c9c65ffd4485f137d1b90cffe280cf96fbc6 (patch)
tree: 1a7ac826eef1a0b4a68cd098d882d80894fc664d
parent: 4818b73cf845e05c6b14afb07e38da0b6720865a (diff)
download: extras-c096c9c65ffd4485f137d1b90cffe280cf96fbc6.tar.gz
3 files changed, 41 insertions, 11 deletions
diff --git a/ext4_utils/ext4_crypt.cpp b/ext4_utils/ext4_crypt.cpp
index be77b791..6e7b2d20 100644
--- a/ext4_utils/ext4_crypt.cpp
+++ b/ext4_utils/ext4_crypt.cpp
@@ -27,6 +27,7 @@
 #include <sys/stat.h>
 #include <sys/types.h>
 
+#include <android-base/file.h>
 #include <android-base/logging.h>
 #include <cutils/properties.h>
 
@@ -48,6 +49,7 @@ struct ext4_encryption_policy {
 
 #define EXT4_ENCRYPTION_MODE_AES_256_XTS    1
 #define EXT4_ENCRYPTION_MODE_AES_256_CTS    4
+#define EXT4_ENCRYPTION_MODE_PRIVATE        127
 
 // ext4enc:TODO Get value from somewhere sensible
 #define EXT4_IOC_SET_ENCRYPTION_POLICY _IOR('f', 19, struct ext4_encryption_policy)
@@ -99,7 +101,8 @@ static bool is_dir_empty(const char *dirname, bool *is_empty)
     return true;
 }
 
-static bool e4crypt_policy_set(const char *directory, const char *policy, size_t policy_length) {
+static bool e4crypt_policy_set(const char *directory, const char *policy,
+                               size_t policy_length, int contents_encryption_mode) {
     if (policy_length != EXT4_KEY_DESCRIPTOR_SIZE) {
         LOG(ERROR) << "Policy wrong length: " << policy_length;
         return false;
@@ -112,7 +115,7 @@ static bool e4crypt_policy_set(const char *directory, const char *policy, size_t
 
     ext4_encryption_policy eep;
     eep.version = 0;
-    eep.contents_encryption_mode = EXT4_ENCRYPTION_MODE_AES_256_XTS;
+    eep.contents_encryption_mode = contents_encryption_mode;
     eep.filenames_encryption_mode = EXT4_ENCRYPTION_MODE_AES_256_CTS;
     eep.flags = 0;
     memcpy(eep.master_key_descriptor, policy, EXT4_KEY_DESCRIPTOR_SIZE);
@@ -129,7 +132,8 @@ static bool e4crypt_policy_set(const char *directory, const char *policy, size_t
     return true;
 }
 
-static bool e4crypt_policy_get(const char *directory, char *policy, size_t policy_length) {
+static bool e4crypt_policy_get(const char *directory, char *policy,
+                               size_t policy_length, int contents_encryption_mode) {
     if (policy_length != EXT4_KEY_DESCRIPTOR_SIZE) {
         LOG(ERROR) << "Policy wrong length: " << policy_length;
         return false;
@@ -151,7 +155,7 @@ static bool e4crypt_policy_get(const char *directory, char *policy, size_t polic
     close(fd);
 
     if ((eep.version != 0)
-            || (eep.contents_encryption_mode != EXT4_ENCRYPTION_MODE_AES_256_XTS)
+            || (eep.contents_encryption_mode != contents_encryption_mode)
             || (eep.filenames_encryption_mode != EXT4_ENCRYPTION_MODE_AES_256_CTS)
             || (eep.flags != 0)) {
         LOG(ERROR) << "Failed to find matching encryption policy for " << directory;
@@ -162,13 +166,15 @@ static bool e4crypt_policy_get(const char *directory, char *policy, size_t polic
     return true;
 }
 
-static bool e4crypt_policy_check(const char *directory, const char *policy, size_t policy_length) {
+static bool e4crypt_policy_check(const char *directory, const char *policy,
+                                 size_t policy_length, int contents_encryption_mode) {
     if (policy_length != EXT4_KEY_DESCRIPTOR_SIZE) {
         LOG(ERROR) << "Policy wrong length: " << policy_length;
         return false;
     }
     char existing_policy[EXT4_KEY_DESCRIPTOR_SIZE];
-    if (!e4crypt_policy_get(directory, existing_policy, EXT4_KEY_DESCRIPTOR_SIZE)) return false;
+    if (!e4crypt_policy_get(directory, existing_policy, EXT4_KEY_DESCRIPTOR_SIZE,
+                            contents_encryption_mode)) return false;
     char existing_policy_hex[EXT4_KEY_DESCRIPTOR_SIZE_HEX];
 
     policy_to_hex(existing_policy, existing_policy_hex);
@@ -185,13 +191,26 @@ static bool e4crypt_policy_check(const char *directory, const char *policy, size
     return true;
 }
 
-int e4crypt_policy_ensure(const char *directory, const char *policy, size_t policy_length) {
+int e4crypt_policy_ensure(const char *directory, const char *policy,
+                          size_t policy_length, const char* contents_encryption_mode) {
+    int mode = 0;
+    if (!strcmp(contents_encryption_mode, "software")) {
+        mode = EXT4_ENCRYPTION_MODE_AES_256_XTS;
+    } else if (!strcmp(contents_encryption_mode, "ice")) {
+        mode = EXT4_ENCRYPTION_MODE_PRIVATE;
+    } else {
+        LOG(ERROR) << "Invalid encryption mode";
+        return -1;
+    }
+
     bool is_empty;
     if (!is_dir_empty(directory, &is_empty)) return -1;
     if (is_empty) {
-        if (!e4crypt_policy_set(directory, policy, policy_length)) return -1;
+        if (!e4crypt_policy_set(directory, policy, policy_length,
+                                mode)) return -1;
     } else {
-        if (!e4crypt_policy_check(directory, policy, policy_length)) return -1;
+        if (!e4crypt_policy_check(directory, policy, policy_length,
+                                  mode)) return -1;
     }
     return 0;
 }
diff --git a/ext4_utils/ext4_crypt.h b/ext4_utils/ext4_crypt.h
index ddc09a71..c306ce80 100644
--- a/ext4_utils/ext4_crypt.h
+++ b/ext4_utils/ext4_crypt.h
@@ -22,9 +22,12 @@ __BEGIN_DECLS
 
 bool e4crypt_is_native();
 
-int e4crypt_policy_ensure(const char *directory, const char* policy, size_t policy_length);
+int e4crypt_policy_ensure(const char *directory,
+                          const char* policy, size_t policy_length,
+                          const char* contents_encryption_mode);
 
 static const char* e4crypt_unencrypted_folder = "/unencrypted";
 static const char* e4crypt_key_ref = "/unencrypted/ref";
+static const char* e4crypt_key_mode = "/unencrypted/mode";
 
 __END_DECLS
diff --git a/ext4_utils/ext4_crypt_init_extensions.cpp b/ext4_utils/ext4_crypt_init_extensions.cpp
index c6baea74..70b17507 100644
--- a/ext4_utils/ext4_crypt_init_extensions.cpp
+++ b/ext4_utils/ext4_crypt_init_extensions.cpp
@@ -141,8 +141,16 @@ int e4crypt_set_directory_policy(const char* dir)
         KLOG_ERROR(TAG, "Unable to read system policy to set on %s\n", dir);
         return -1;
     }
+
+    auto type_filename = std::string("/data") + e4crypt_key_mode;
+    std::string contents_encryption_mode;
+    if (!android::base::ReadFileToString(type_filename, &contents_encryption_mode)) {
+        LOG(ERROR) << "Cannot read mode";
+    }
+
     KLOG_INFO(TAG, "Setting policy on %s\n", dir);
-    int result = e4crypt_policy_ensure(dir, policy.c_str(), policy.size());
+    int result = e4crypt_policy_ensure(dir, policy.c_str(), policy.length(),
+                                       contents_encryption_mode.c_str());
     if (result) {
         KLOG_ERROR(TAG, "Setting %02x%02x%02x%02x policy on %s failed!\n",
                    policy[0], policy[1], policy[2], policy[3], dir);
author	Paul Lawrence <paullawrence@google.com>	2016-05-24 04:57:23 -0700
committer	Paul Lawrence <paullawrence@google.com>	2016-05-27 09:39:00 -0700
commit	c096c9c65ffd4485f137d1b90cffe280cf96fbc6 (patch)
tree	1a7ac826eef1a0b4a68cd098d882d80894fc664d
parent	4818b73cf845e05c6b14afb07e38da0b6720865a (diff)
download	extras-c096c9c65ffd4485f137d1b90cffe280cf96fbc6.tar.gz