diff options
Diffstat (limited to 'ext4_utils')
-rw-r--r-- | ext4_utils/ext4_crypt_init_extensions.cpp | 30 | ||||
-rw-r--r-- | ext4_utils/ext4_crypt_init_extensions.h | 1 | ||||
-rw-r--r-- | ext4_utils/key_control.cpp | 7 | ||||
-rw-r--r-- | ext4_utils/key_control.h | 2 |
4 files changed, 32 insertions, 8 deletions
diff --git a/ext4_utils/ext4_crypt_init_extensions.cpp b/ext4_utils/ext4_crypt_init_extensions.cpp index aab7cbfc..64ec330c 100644 --- a/ext4_utils/ext4_crypt_init_extensions.cpp +++ b/ext4_utils/ext4_crypt_init_extensions.cpp @@ -37,7 +37,7 @@ static std::string vold_command(std::string const& command) } if (sock < 0) { - KLOG_INFO(TAG, "Cannot open vold, failing command\n"); + KLOG_INFO(TAG, "Cannot open vold, failing command (%s)\n", strerror(errno)); return ""; } @@ -55,7 +55,7 @@ static std::string vold_command(std::string const& command) // framework is down, so this is (mostly) OK. std::string actual_command = arbitrary_sequence_number + " " + command; if (write(sock, actual_command.c_str(), actual_command.size() + 1) < 0) { - KLOG_ERROR(TAG, "Cannot write command\n"); + KLOG_ERROR(TAG, "Cannot write command (%s)\n", strerror(errno)); return ""; } @@ -63,7 +63,7 @@ static std::string vold_command(std::string const& command) int rc = TEMP_FAILURE_RETRY(poll(&poll_sock, 1, vold_command_timeout_ms)); if (rc < 0) { - KLOG_ERROR(TAG, "Error in poll %s\n", strerror(errno)); + KLOG_ERROR(TAG, "Error in poll (%s)\n", strerror(errno)); return ""; } @@ -104,7 +104,7 @@ int e4crypt_create_device_key(const char* dir, // Make sure folder exists. Use make_dir to set selinux permissions. if (ensure_dir_exists(UnencryptedProperties::GetPath(dir).c_str())) { - KLOG_ERROR(TAG, "Failed to create %s with error %s\n", + KLOG_ERROR(TAG, "Failed to create %s (%s)\n", UnencryptedProperties::GetPath(dir).c_str(), strerror(errno)); return -1; @@ -124,7 +124,7 @@ int e4crypt_install_keyring() KEY_SPEC_SESSION_KEYRING); if (device_keyring == -1) { - KLOG_ERROR(TAG, "Failed to create keyring\n"); + KLOG_ERROR(TAG, "Failed to create keyring (%s)\n", strerror(errno)); return -1; } @@ -143,6 +143,12 @@ int e4crypt_set_directory_policy(const char* dir) if (!dir || strncmp(dir, "/data/", 6) || strchr(dir + 6, '/')) { return 0; } + + // Don't encrypt lost+found - ext4 doesn't like it + if (!strcmp(dir, "/data/lost+found")) { + return 0; + } + // ext4enc:TODO exclude /data/user with a horrible special case. if (!strcmp(dir, "/data/user")) { return 0; @@ -158,10 +164,20 @@ int e4crypt_set_directory_policy(const char* dir) KLOG_INFO(TAG, "Setting policy on %s\n", dir); int result = do_policy_set(dir, policy.c_str(), policy.size()); if (result) { - KLOG_ERROR(TAG, "Setting %s policy on %s failed!\n", - policy.c_str(), dir); + KLOG_ERROR(TAG, "Setting %02x%02x%02x%02x policy on %s failed!\n", + policy[0], policy[1], policy[2], policy[3], dir); return -1; } return 0; } + +int e4crypt_set_user_crypto_policies(const char* dir) +{ + auto command = std::string() + "cryptfs setusercryptopolicies " + dir; + auto result = vold_command(command); + // ext4enc:TODO proper error handling + KLOG_INFO(TAG, "setusercryptopolicies returned with result %s\n", + result.c_str()); + return 0; +} diff --git a/ext4_utils/ext4_crypt_init_extensions.h b/ext4_utils/ext4_crypt_init_extensions.h index 79311246..d02d181d 100644 --- a/ext4_utils/ext4_crypt_init_extensions.h +++ b/ext4_utils/ext4_crypt_init_extensions.h @@ -11,5 +11,6 @@ int e4crypt_create_device_key(const char* path, int e4crypt_set_directory_policy(const char* path); bool e4crypt_non_default_key(const char* path); int do_policy_set(const char *directory, const char *policy, int policy_length); +int e4crypt_set_user_crypto_policies(const char* path); __END_DECLS diff --git a/ext4_utils/key_control.cpp b/ext4_utils/key_control.cpp index 3d775b7f..39bd1401 100644 --- a/ext4_utils/key_control.cpp +++ b/ext4_utils/key_control.cpp @@ -5,8 +5,8 @@ #include <sys/syscall.h> /* keyring keyctl commands */ +#define KEYCTL_REVOKE 3 /* revoke a key */ #define KEYCTL_SETPERM 5 /* set permissions for a key in a keyring */ -#define KEYCTL_UNLINK 9 /* unlink a key from a keyring */ #define KEYCTL_SEARCH 10 /* search for a key in a keyring */ static long keyctl(int cmd, ...) @@ -32,6 +32,11 @@ key_serial_t add_key(const char *type, return syscall(__NR_add_key, type, description, payload, plen, ringid); } +long keyctl_revoke(key_serial_t id) +{ + return keyctl(KEYCTL_REVOKE, id); +} + long keyctl_setperm(key_serial_t id, int permissions) { return keyctl(KEYCTL_SETPERM, id, permissions); diff --git a/ext4_utils/key_control.h b/ext4_utils/key_control.h index 8e6e32ba..bbf0acec 100644 --- a/ext4_utils/key_control.h +++ b/ext4_utils/key_control.h @@ -21,6 +21,8 @@ key_serial_t add_key(const char *type, size_t plen, key_serial_t ringid); +long keyctl_revoke(key_serial_t id); + long keyctl_setperm(key_serial_t id, int permissions); long keyctl_search(key_serial_t ringid, const char *type, |