diff options
author | Paul Lawrence <paullawrence@google.com> | 2016-02-04 10:37:13 -0800 |
---|---|---|
committer | Paul Lawrence <paullawrence@google.com> | 2016-02-04 10:37:13 -0800 |
commit | 59ffd6d9c7dd3ddaa036956d89c3e4d416769bf6 (patch) | |
tree | 7e95831325d5923088776e8365fb2a813ab5443b | |
parent | 737bcfc0980573db6c83e270e5c20d92d3704dff (diff) | |
download | extras-59ffd6d9c7dd3ddaa036956d89c3e4d416769bf6.tar.gz |
Remove unencrypted properties
Change-Id: I59596be7c7df9151f4966a5051f06bcb087345dd
-rw-r--r-- | ext4_utils/Android.mk | 6 | ||||
-rw-r--r-- | ext4_utils/ext4_crypt.cpp | 2 | ||||
-rw-r--r-- | ext4_utils/ext4_crypt_init_extensions.cpp | 25 | ||||
-rw-r--r-- | ext4_utils/ext4_crypt_init_extensions.h | 3 | ||||
-rw-r--r-- | ext4_utils/unencrypted_properties.cpp | 99 | ||||
-rw-r--r-- | ext4_utils/unencrypted_properties.h | 74 |
6 files changed, 16 insertions, 193 deletions
diff --git a/ext4_utils/Android.mk b/ext4_utils/Android.mk index 15abf73c..3bfab5c4 100644 --- a/ext4_utils/Android.mk +++ b/ext4_utils/Android.mk @@ -55,8 +55,7 @@ include $(BUILD_HOST_EXECUTABLE) libext4_utils_src_files += \ key_control.cpp \ - ext4_crypt.cpp \ - unencrypted_properties.cpp + ext4_crypt.cpp ifneq ($(HOST_OS),windows) @@ -84,7 +83,8 @@ LOCAL_MODULE := libext4_utils_static LOCAL_CFLAGS += -fno-strict-aliasing LOCAL_STATIC_LIBRARIES := \ libsparse_static \ - libselinux + libselinux \ + libbase include $(BUILD_STATIC_LIBRARY) diff --git a/ext4_utils/ext4_crypt.cpp b/ext4_utils/ext4_crypt.cpp index 2ffbe8be..4000447a 100644 --- a/ext4_utils/ext4_crypt.cpp +++ b/ext4_utils/ext4_crypt.cpp @@ -19,8 +19,6 @@ #include <cutils/klog.h> -#include "unencrypted_properties.h" - #define XATTR_NAME_ENCRYPTION_POLICY "encryption.policy" #define EXT4_KEYREF_DELIMITER ((char)'.') diff --git a/ext4_utils/ext4_crypt_init_extensions.cpp b/ext4_utils/ext4_crypt_init_extensions.cpp index 3e0337ce..81ddf956 100644 --- a/ext4_utils/ext4_crypt_init_extensions.cpp +++ b/ext4_utils/ext4_crypt_init_extensions.cpp @@ -11,13 +11,14 @@ #include <sys/stat.h> #include <unistd.h> +#include <android-base/file.h> + #include <cutils/klog.h> #include <cutils/properties.h> #include <cutils/sockets.h> #include <poll.h> #include "key_control.h" -#include "unencrypted_properties.h" static const std::string arbitrary_sequence_number = "42"; static const int vold_command_timeout_ms = 60 * 1000; @@ -95,18 +96,11 @@ static std::string vold_command(std::string const& command) int e4crypt_create_device_key(const char* dir, int ensure_dir_exists(const char*)) { - // Already encrypted with password? If so bail - std::string temp_folder = std::string() + dir + "/tmp_mnt"; - DIR* temp_dir = opendir(temp_folder.c_str()); - if (temp_dir) { - closedir(temp_dir); - return 0; - } - // Make sure folder exists. Use make_dir to set selinux permissions. - if (ensure_dir_exists(UnencryptedProperties::GetPath(dir).c_str())) { + std::string unencrypted_dir = std::string(dir) + "/unencrypted"; + if (ensure_dir_exists(unencrypted_dir.c_str())) { KLOG_ERROR(TAG, "Failed to create %s (%s)\n", - UnencryptedProperties::GetPath(dir).c_str(), + unencrypted_dir.c_str(), strerror(errno)); return -1; } @@ -169,10 +163,11 @@ int e4crypt_set_directory_policy(const char* dir) return 0; } } - UnencryptedProperties props("/data"); - std::string policy = props.Get<std::string>(properties::ref); - if (policy.empty()) { - // ext4enc:TODO why is this OK? + + std::string ref_filename = std::string("/data") + e4crypt_key_ref; + std::string policy; + if (!android::base::ReadFileToString(ref_filename, &policy)) { + KLOG_INFO(TAG, "Not file encrypted so no policy for %s\n", dir); return 0; } diff --git a/ext4_utils/ext4_crypt_init_extensions.h b/ext4_utils/ext4_crypt_init_extensions.h index d7bf3b50..f5643561 100644 --- a/ext4_utils/ext4_crypt_init_extensions.h +++ b/ext4_utils/ext4_crypt_init_extensions.h @@ -13,4 +13,7 @@ int e4crypt_set_directory_policy(const char* path); int e4crypt_do_init_user0(); int do_policy_set(const char *directory, const char *policy, int policy_length); +static const char* e4crypt_unencrypted_folder = "/unencrypted"; +static const char* e4crypt_key_ref = "/unencrypted/ref"; + __END_DECLS diff --git a/ext4_utils/unencrypted_properties.cpp b/ext4_utils/unencrypted_properties.cpp deleted file mode 100644 index ed36e206..00000000 --- a/ext4_utils/unencrypted_properties.cpp +++ /dev/null @@ -1,99 +0,0 @@ -#include "unencrypted_properties.h" - -#include <sys/stat.h> -#include <dirent.h> - -namespace properties { - const char* key = "key"; - const char* ref = "ref"; - const char* props = "props"; - const char* is_default = "is_default"; -} - -namespace -{ - const char* unencrypted_folder = "unencrypted"; -} - -std::string UnencryptedProperties::GetPath(const char* device) -{ - return std::string() + device + "/" + unencrypted_folder; -} - -UnencryptedProperties::UnencryptedProperties(const char* device) - : folder_(GetPath(device)) -{ - DIR* dir = opendir(folder_.c_str()); - if (dir) { - closedir(dir); - } else { - folder_.clear(); - } -} - -UnencryptedProperties::UnencryptedProperties() -{ -} - -template<> std::string UnencryptedProperties::Get(const char* name, - std::string default_value) const -{ - if (!OK()) return default_value; - std::ifstream i(folder_ + "/" + name, std::ios::binary); - if (!i) { - return default_value; - } - - i.seekg(0, std::ios::end); - int length = i.tellg(); - i.seekg(0, std::ios::beg); - if (length == -1) { - return default_value; - } - - std::string s(length, 0); - i.read(&s[0], length); - if (!i) { - return default_value; - } - - return s; -} - -template<> bool UnencryptedProperties::Set(const char* name, std::string const& value) -{ - if (!OK()) return false; - std::ofstream o(folder_ + "/" + name, std::ios::binary); - o << value; - return !o.fail(); -} - -UnencryptedProperties UnencryptedProperties::GetChild(const char* name) const -{ - UnencryptedProperties up; - if (!OK()) return up; - - std::string directory(folder_ + "/" + name); - if (mkdir(directory.c_str(), 700) == -1 && errno != EEXIST) { - return up; - } - - up.folder_ = directory; - return up; -} - -bool UnencryptedProperties::Remove(const char* name) -{ - if (!OK()) return false; - if (remove((folder_ + "/" + name).c_str()) - && errno != ENOENT) { - return false; - } - - return true; -} - -bool UnencryptedProperties::OK() const -{ - return !folder_.empty(); -} diff --git a/ext4_utils/unencrypted_properties.h b/ext4_utils/unencrypted_properties.h deleted file mode 100644 index b2d1295f..00000000 --- a/ext4_utils/unencrypted_properties.h +++ /dev/null @@ -1,74 +0,0 @@ -#include <string> -#include <fstream> - -// key names for properties we use -namespace properties { - extern const char* key; - extern const char* ref; - extern const char* props; - extern const char* is_default; -} - -/** - * Class to store data on the unencrypted folder of a device. - * Note that the folder must exist before this class is constructed. - * All names must be valid single level (no '/') file or directory names - * Data is organized hierarchically so we can get a child folder - */ -class UnencryptedProperties -{ -public: - // Get path of folder. Must create before using any properties - // This is to allow proper setting of SELinux policy - static std::string GetPath(const char* device); - - // Opens properties folder on named device. - // If folder does not exist, OK will return false, all - // getters will return default properties and setters will fail. - UnencryptedProperties(const char* device); - - // Get named object. Return default if object does not exist or error. - template<typename t> t Get(const char* name, t default_value = t()) const; - - // Set named object. Return true if success, false otherwise - template<typename t> bool Set(const char* name, t const& value); - - // Get child properties - UnencryptedProperties GetChild(const char* name) const; - - // Remove named object - bool Remove(const char* name); - - // Does folder exist? - bool OK() const; - -private: - UnencryptedProperties(); - std::string folder_; -}; - - -template<typename t> t UnencryptedProperties::Get(const char* name, - t default_value) const -{ - if (!OK()) return default_value; - t value = default_value; - std::ifstream(folder_ + "/" + name) >> value; - return value; -} - -template<typename t> bool UnencryptedProperties::Set(const char* name, - t const& value) -{ - if (!OK()) return false; - std::ofstream o(folder_ + "/" + name); - o << value; - return !o.fail(); -} - -// Specialized getters/setters for strings -template<> std::string UnencryptedProperties::Get(const char* name, - std::string default_value) const; - -template<> bool UnencryptedProperties::Set(const char* name, - std::string const& value); |