diff options
author | Paul Lawrence <paullawrence@google.com> | 2016-05-27 17:14:08 +0000 |
---|---|---|
committer | android-build-merger <android-build-merger@google.com> | 2016-05-27 17:14:08 +0000 |
commit | 045794dbf9aaa64d8fc3cee0f7a089fd4f1919c3 (patch) | |
tree | a404adff5a9dfc3e6e853a2596b653ed3d467a54 /ext4_utils | |
parent | c366aabe99fd5d1d05ad990e5ca1aa22297f3f80 (diff) | |
parent | c096c9c65ffd4485f137d1b90cffe280cf96fbc6 (diff) | |
download | extras-045794dbf9aaa64d8fc3cee0f7a089fd4f1919c3.tar.gz |
Get encryption mode for policy
am: c096c9c65f
* commit 'c096c9c65ffd4485f137d1b90cffe280cf96fbc6':
Get encryption mode for policy
Change-Id: I7171337c18dbee79ddcccc270c31b08acbb8ac93
Diffstat (limited to 'ext4_utils')
-rw-r--r-- | ext4_utils/ext4_crypt.cpp | 37 | ||||
-rw-r--r-- | ext4_utils/ext4_crypt.h | 5 | ||||
-rw-r--r-- | ext4_utils/ext4_crypt_init_extensions.cpp | 10 |
3 files changed, 41 insertions, 11 deletions
diff --git a/ext4_utils/ext4_crypt.cpp b/ext4_utils/ext4_crypt.cpp index be77b791..6e7b2d20 100644 --- a/ext4_utils/ext4_crypt.cpp +++ b/ext4_utils/ext4_crypt.cpp @@ -27,6 +27,7 @@ #include <sys/stat.h> #include <sys/types.h> +#include <android-base/file.h> #include <android-base/logging.h> #include <cutils/properties.h> @@ -48,6 +49,7 @@ struct ext4_encryption_policy { #define EXT4_ENCRYPTION_MODE_AES_256_XTS 1 #define EXT4_ENCRYPTION_MODE_AES_256_CTS 4 +#define EXT4_ENCRYPTION_MODE_PRIVATE 127 // ext4enc:TODO Get value from somewhere sensible #define EXT4_IOC_SET_ENCRYPTION_POLICY _IOR('f', 19, struct ext4_encryption_policy) @@ -99,7 +101,8 @@ static bool is_dir_empty(const char *dirname, bool *is_empty) return true; } -static bool e4crypt_policy_set(const char *directory, const char *policy, size_t policy_length) { +static bool e4crypt_policy_set(const char *directory, const char *policy, + size_t policy_length, int contents_encryption_mode) { if (policy_length != EXT4_KEY_DESCRIPTOR_SIZE) { LOG(ERROR) << "Policy wrong length: " << policy_length; return false; @@ -112,7 +115,7 @@ static bool e4crypt_policy_set(const char *directory, const char *policy, size_t ext4_encryption_policy eep; eep.version = 0; - eep.contents_encryption_mode = EXT4_ENCRYPTION_MODE_AES_256_XTS; + eep.contents_encryption_mode = contents_encryption_mode; eep.filenames_encryption_mode = EXT4_ENCRYPTION_MODE_AES_256_CTS; eep.flags = 0; memcpy(eep.master_key_descriptor, policy, EXT4_KEY_DESCRIPTOR_SIZE); @@ -129,7 +132,8 @@ static bool e4crypt_policy_set(const char *directory, const char *policy, size_t return true; } -static bool e4crypt_policy_get(const char *directory, char *policy, size_t policy_length) { +static bool e4crypt_policy_get(const char *directory, char *policy, + size_t policy_length, int contents_encryption_mode) { if (policy_length != EXT4_KEY_DESCRIPTOR_SIZE) { LOG(ERROR) << "Policy wrong length: " << policy_length; return false; @@ -151,7 +155,7 @@ static bool e4crypt_policy_get(const char *directory, char *policy, size_t polic close(fd); if ((eep.version != 0) - || (eep.contents_encryption_mode != EXT4_ENCRYPTION_MODE_AES_256_XTS) + || (eep.contents_encryption_mode != contents_encryption_mode) || (eep.filenames_encryption_mode != EXT4_ENCRYPTION_MODE_AES_256_CTS) || (eep.flags != 0)) { LOG(ERROR) << "Failed to find matching encryption policy for " << directory; @@ -162,13 +166,15 @@ static bool e4crypt_policy_get(const char *directory, char *policy, size_t polic return true; } -static bool e4crypt_policy_check(const char *directory, const char *policy, size_t policy_length) { +static bool e4crypt_policy_check(const char *directory, const char *policy, + size_t policy_length, int contents_encryption_mode) { if (policy_length != EXT4_KEY_DESCRIPTOR_SIZE) { LOG(ERROR) << "Policy wrong length: " << policy_length; return false; } char existing_policy[EXT4_KEY_DESCRIPTOR_SIZE]; - if (!e4crypt_policy_get(directory, existing_policy, EXT4_KEY_DESCRIPTOR_SIZE)) return false; + if (!e4crypt_policy_get(directory, existing_policy, EXT4_KEY_DESCRIPTOR_SIZE, + contents_encryption_mode)) return false; char existing_policy_hex[EXT4_KEY_DESCRIPTOR_SIZE_HEX]; policy_to_hex(existing_policy, existing_policy_hex); @@ -185,13 +191,26 @@ static bool e4crypt_policy_check(const char *directory, const char *policy, size return true; } -int e4crypt_policy_ensure(const char *directory, const char *policy, size_t policy_length) { +int e4crypt_policy_ensure(const char *directory, const char *policy, + size_t policy_length, const char* contents_encryption_mode) { + int mode = 0; + if (!strcmp(contents_encryption_mode, "software")) { + mode = EXT4_ENCRYPTION_MODE_AES_256_XTS; + } else if (!strcmp(contents_encryption_mode, "ice")) { + mode = EXT4_ENCRYPTION_MODE_PRIVATE; + } else { + LOG(ERROR) << "Invalid encryption mode"; + return -1; + } + bool is_empty; if (!is_dir_empty(directory, &is_empty)) return -1; if (is_empty) { - if (!e4crypt_policy_set(directory, policy, policy_length)) return -1; + if (!e4crypt_policy_set(directory, policy, policy_length, + mode)) return -1; } else { - if (!e4crypt_policy_check(directory, policy, policy_length)) return -1; + if (!e4crypt_policy_check(directory, policy, policy_length, + mode)) return -1; } return 0; } diff --git a/ext4_utils/ext4_crypt.h b/ext4_utils/ext4_crypt.h index ddc09a71..c306ce80 100644 --- a/ext4_utils/ext4_crypt.h +++ b/ext4_utils/ext4_crypt.h @@ -22,9 +22,12 @@ __BEGIN_DECLS bool e4crypt_is_native(); -int e4crypt_policy_ensure(const char *directory, const char* policy, size_t policy_length); +int e4crypt_policy_ensure(const char *directory, + const char* policy, size_t policy_length, + const char* contents_encryption_mode); static const char* e4crypt_unencrypted_folder = "/unencrypted"; static const char* e4crypt_key_ref = "/unencrypted/ref"; +static const char* e4crypt_key_mode = "/unencrypted/mode"; __END_DECLS diff --git a/ext4_utils/ext4_crypt_init_extensions.cpp b/ext4_utils/ext4_crypt_init_extensions.cpp index c6baea74..70b17507 100644 --- a/ext4_utils/ext4_crypt_init_extensions.cpp +++ b/ext4_utils/ext4_crypt_init_extensions.cpp @@ -141,8 +141,16 @@ int e4crypt_set_directory_policy(const char* dir) KLOG_ERROR(TAG, "Unable to read system policy to set on %s\n", dir); return -1; } + + auto type_filename = std::string("/data") + e4crypt_key_mode; + std::string contents_encryption_mode; + if (!android::base::ReadFileToString(type_filename, &contents_encryption_mode)) { + LOG(ERROR) << "Cannot read mode"; + } + KLOG_INFO(TAG, "Setting policy on %s\n", dir); - int result = e4crypt_policy_ensure(dir, policy.c_str(), policy.size()); + int result = e4crypt_policy_ensure(dir, policy.c_str(), policy.length(), + contents_encryption_mode.c_str()); if (result) { KLOG_ERROR(TAG, "Setting %02x%02x%02x%02x policy on %s failed!\n", policy[0], policy[1], policy[2], policy[3], dir); |