From 92da49db65ffbe0bff1771ecef87ad49e94a0626 Mon Sep 17 00:00:00 2001 From: Paul Lawrence Date: Wed, 25 Feb 2015 15:11:13 -0800 Subject: [HACK] Adding e4crypt support This is a dirty hack requiring a lot of clean up. Needed to allow other parts to make progress. Add e4crypt functions to libext4_utils Add e4crypt command line tool Change-Id: Iac5ae75e7f39cccc87701faf1f590e44f5209c0e --- ext4_utils/Android.mk | 15 +- ext4_utils/e4crypt_static.c | 146 +++++ ext4_utils/ext2fs/ext2_fs.h | 976 ++++++++++++++++++++++++++++++ ext4_utils/ext2fs/ext2_types.h | 199 ++++++ ext4_utils/ext4_crypt.cpp | 127 ++++ ext4_utils/ext4_crypt.h | 49 ++ ext4_utils/ext4_crypt_init_extensions.cpp | 282 +++++++++ 7 files changed, 1789 insertions(+), 5 deletions(-) create mode 100644 ext4_utils/e4crypt_static.c create mode 100644 ext4_utils/ext2fs/ext2_fs.h create mode 100644 ext4_utils/ext2fs/ext2_types.h create mode 100644 ext4_utils/ext4_crypt.cpp create mode 100644 ext4_utils/ext4_crypt.h create mode 100644 ext4_utils/ext4_crypt_init_extensions.cpp (limited to 'ext4_utils') diff --git a/ext4_utils/Android.mk b/ext4_utils/Android.mk index c5684f92..964f6668 100644 --- a/ext4_utils/Android.mk +++ b/ext4_utils/Android.mk @@ -52,23 +52,29 @@ include $(BUILD_HOST_EXECUTABLE) # -- All host/targets excluding windows # +libext4_utils_src_files += \ + ext4_crypt.cpp \ + e4crypt_static.c + ifneq ($(HOST_OS),windows) include $(CLEAR_VARS) LOCAL_SRC_FILES := $(libext4_utils_src_files) LOCAL_MODULE := libext4_utils +LOCAL_C_INCLUDES += system/core/logwrapper/include LOCAL_SHARED_LIBRARIES := \ libselinux \ libsparse \ - libz + libz \ + libcutils include $(BUILD_SHARED_LIBRARY) include $(CLEAR_VARS) -LOCAL_SRC_FILES := $(libext4_utils_src_files) +LOCAL_SRC_FILES := $(libext4_utils_src_files) \ + ext4_crypt_init_extensions.cpp LOCAL_MODULE := libext4_utils_static -LOCAL_STATIC_LIBRARIES += \ - libselinux \ +LOCAL_STATIC_LIBRARIES := \ libsparse_static include $(BUILD_STATIC_LIBRARY) @@ -143,4 +149,3 @@ LOCAL_IS_HOST_MODULE := true include $(BUILD_PREBUILT) endif - diff --git a/ext4_utils/e4crypt_static.c b/ext4_utils/e4crypt_static.c new file mode 100644 index 00000000..187a014f --- /dev/null +++ b/ext4_utils/e4crypt_static.c @@ -0,0 +1,146 @@ +/* + * Copyright (c) 2015 Google, Inc. + */ + +#include +#include +#include +#include + +#include +#include +#include + +// ext4enc:TODO Use include paths +#include "../../core/init/log.h" + +#include "ext4_crypt.h" + +/* keyring keyctl commands */ +#define KEYCTL_SETPERM 5 /* set permissions for a key in a keyring */ +#define KEYCTL_UNLINK 9 /* unlink a key from a keyring */ +#define KEYCTL_SEARCH 10 /* search for a key in a keyring */ + +#define XATTR_NAME_ENCRYPTION_POLICY "encryption.policy" +#define EXT4_KEYREF_DELIMITER ((char)'.') + +/* Validate that all path items are available and accessible. */ +static int is_path_valid(const char *path) +{ + if (access(path, W_OK)) { + ERROR("Can't access %s: %s\n",strerror(errno), path); + return 0; + } + + return 1; +} + +/* Checks whether the policy provided is valid */ +static int is_keyref_valid(const char *keyref) +{ + char *period = 0; + size_t key_location_len = 0; + + /* Key ref must have a key and location delimiter character. */ + period = strchr(keyref, EXT4_KEYREF_DELIMITER); + if (!period) { + return 0; + } + + /* period must be >= keyref. */ + key_location_len = period - keyref; + + if (strncmp(keyref, "@t", key_location_len) == 0 || + strncmp(keyref, "@p", key_location_len) == 0 || + strncmp(keyref, "@s", key_location_len) == 0 || + strncmp(keyref, "@u", key_location_len) == 0 || + strncmp(keyref, "@g", key_location_len) == 0 || + strncmp(keyref, "@us", key_location_len) == 0) + return 1; + + return 0; +} + +static int is_dir_empty(const char *dirname) +{ + int n = 0; + struct dirent *d; + DIR *dir; + + dir = opendir(dirname); + while ((d = readdir(dir)) != NULL) { + if (strcmp(d->d_name, "lost+found") == 0) { + // Skip lost+found directory + } else if (++n > 2) { + break; + } + } + closedir(dir); + return n <= 2; +} + +int do_policy_set(const char *directory, const char *policy) +{ + struct stat st; + ssize_t ret; + + if (!is_keyref_valid(policy)) { + ERROR("Policy has invalid format.\n"); + return -EINVAL; + } + + if (!is_path_valid(directory)) { + return -EINVAL; + } + + stat(directory, &st); + if (!S_ISDIR(st.st_mode)) { + ERROR("Can only set policy on a directory (%s)\n", directory); + return -EINVAL; + } + + if (!is_dir_empty(directory)) { + ERROR("Can only set policy on an empty directory (%s)\n", directory); + return -EINVAL; + } + + ret = lsetxattr(directory, XATTR_NAME_ENCRYPTION_POLICY, policy, + strlen(policy), 0); + + if (ret) { + ERROR("Failed to set encryption policy for %s: %s\n", + directory, strerror(errno)); + return -EINVAL; + } + + INFO("Encryption policy for %s is set to %s\n", directory, policy); + return 0; +} + +static long keyctl(int cmd, ...) +{ + va_list va; + unsigned long arg2, arg3, arg4, arg5; + + va_start(va, cmd); + arg2 = va_arg(va, unsigned long); + arg3 = va_arg(va, unsigned long); + arg4 = va_arg(va, unsigned long); + arg5 = va_arg(va, unsigned long); + va_end(va); + return syscall(__NR_keyctl, cmd, arg2, arg3, arg4, arg5); +} + +key_serial_t add_key(const char *type, + const char *description, + const void *payload, + size_t plen, + key_serial_t ringid) +{ + return syscall(__NR_add_key, type, description, payload, plen, ringid); +} + +long keyctl_setperm(key_serial_t id, int permissions) +{ + return keyctl(KEYCTL_SETPERM, id, permissions); +} diff --git a/ext4_utils/ext2fs/ext2_fs.h b/ext4_utils/ext2fs/ext2_fs.h new file mode 100644 index 00000000..6fdad890 --- /dev/null +++ b/ext4_utils/ext2fs/ext2_fs.h @@ -0,0 +1,976 @@ +/* + * linux/include/linux/ext2_fs.h + * + * Copyright (C) 1992, 1993, 1994, 1995 + * Remy Card (card@masi.ibp.fr) + * Laboratoire MASI - Institut Blaise Pascal + * Universite Pierre et Marie Curie (Paris VI) + * + * from + * + * linux/include/linux/minix_fs.h + * + * Copyright (C) 1991, 1992 Linus Torvalds + */ + +#ifndef _LINUX_EXT2_FS_H +#define _LINUX_EXT2_FS_H + +#include +#include /* Changed from linux/types.h */ + +/* + * The second extended filesystem constants/structures + */ + +/* + * Define EXT2FS_DEBUG to produce debug messages + */ +#undef EXT2FS_DEBUG + +/* + * Define EXT2_PREALLOCATE to preallocate data blocks for expanding files + */ +#define EXT2_PREALLOCATE +#define EXT2_DEFAULT_PREALLOC_BLOCKS 8 + +/* + * The second extended file system version + */ +#define EXT2FS_DATE "95/08/09" +#define EXT2FS_VERSION "0.5b" + +/* + * Special inode numbers + */ +#define EXT2_BAD_INO 1 /* Bad blocks inode */ +#define EXT2_ROOT_INO 2 /* Root inode */ +#define EXT4_USR_QUOTA_INO 3 /* User quota inode */ +#define EXT4_GRP_QUOTA_INO 4 /* Group quota inode */ +#define EXT2_BOOT_LOADER_INO 5 /* Boot loader inode */ +#define EXT2_UNDEL_DIR_INO 6 /* Undelete directory inode */ +#define EXT2_RESIZE_INO 7 /* Reserved group descriptors inode */ +#define EXT2_JOURNAL_INO 8 /* Journal inode */ +#define EXT2_EXCLUDE_INO 9 /* The "exclude" inode, for snapshots */ +#define EXT4_REPLICA_INO 10 /* Used by non-upstream feature */ + +/* First non-reserved inode for old ext2 filesystems */ +#define EXT2_GOOD_OLD_FIRST_INO 11 + +/* + * The second extended file system magic number + */ +#define EXT2_SUPER_MAGIC 0xEF53 + +#ifdef __KERNEL__ +#define EXT2_SB(sb) (&((sb)->u.ext2_sb)) +#else +/* Assume that user mode programs are passing in an ext2fs superblock, not + * a kernel struct super_block. This will allow us to call the feature-test + * macros from user land. */ +#define EXT2_SB(sb) (sb) +#endif + +/* + * Maximal count of links to a file + */ +#define EXT2_LINK_MAX 65000 + +/* + * Macro-instructions used to manage several block sizes + */ +#define EXT2_MIN_BLOCK_LOG_SIZE 10 /* 1024 */ +#define EXT2_MAX_BLOCK_LOG_SIZE 16 /* 65536 */ +#define EXT2_MIN_BLOCK_SIZE (1 << EXT2_MIN_BLOCK_LOG_SIZE) +#define EXT2_MAX_BLOCK_SIZE (1 << EXT2_MAX_BLOCK_LOG_SIZE) +#ifdef __KERNEL__ +#define EXT2_BLOCK_SIZE(s) ((s)->s_blocksize) +#define EXT2_BLOCK_SIZE_BITS(s) ((s)->s_blocksize_bits) +#define EXT2_ADDR_PER_BLOCK_BITS(s) (EXT2_SB(s)->addr_per_block_bits) +#define EXT2_INODE_SIZE(s) (EXT2_SB(s)->s_inode_size) +#define EXT2_FIRST_INO(s) (EXT2_SB(s)->s_first_ino) +#else +#define EXT2_BLOCK_SIZE(s) (EXT2_MIN_BLOCK_SIZE << (s)->s_log_block_size) +#define EXT2_BLOCK_SIZE_BITS(s) ((s)->s_log_block_size + 10) +#define EXT2_INODE_SIZE(s) (((s)->s_rev_level == EXT2_GOOD_OLD_REV) ? \ + EXT2_GOOD_OLD_INODE_SIZE : (s)->s_inode_size) +#define EXT2_FIRST_INO(s) (((s)->s_rev_level == EXT2_GOOD_OLD_REV) ? \ + EXT2_GOOD_OLD_FIRST_INO : (s)->s_first_ino) +#endif +#define EXT2_ADDR_PER_BLOCK(s) (EXT2_BLOCK_SIZE(s) / sizeof(__u32)) + +/* + * Macro-instructions used to manage allocation clusters + */ +#define EXT2_MIN_CLUSTER_LOG_SIZE EXT2_MIN_BLOCK_LOG_SIZE +#define EXT2_MAX_CLUSTER_LOG_SIZE 29 /* 512MB */ +#define EXT2_MIN_CLUSTER_SIZE EXT2_MIN_BLOCK_SIZE +#define EXT2_MAX_CLUSTER_SIZE (1 << EXT2_MAX_CLUSTER_LOG_SIZE) +#define EXT2_CLUSTER_SIZE(s) (EXT2_MIN_BLOCK_SIZE << \ + (s)->s_log_cluster_size) +#define EXT2_CLUSTER_SIZE_BITS(s) ((s)->s_log_cluster_size + 10) + +/* + * Macro-instructions used to manage fragments + * + * Note: for backwards compatibility only, for the dump program. + * Ext2/3/4 will never support fragments.... + */ +#define EXT2_MIN_FRAG_SIZE EXT2_MIN_BLOCK_SIZE +#define EXT2_MAX_FRAG_SIZE EXT2_MAX_BLOCK_SIZE +#define EXT2_MIN_FRAG_LOG_SIZE EXT2_MIN_BLOCK_LOG_SIZE +#define EXT2_FRAG_SIZE(s) EXT2_BLOCK_SIZE(s) +#define EXT2_FRAGS_PER_BLOCK(s) 1 + +/* + * ACL structures + */ +struct ext2_acl_header /* Header of Access Control Lists */ +{ + __u32 aclh_size; + __u32 aclh_file_count; + __u32 aclh_acle_count; + __u32 aclh_first_acle; +}; + +struct ext2_acl_entry /* Access Control List Entry */ +{ + __u32 acle_size; + __u16 acle_perms; /* Access permissions */ + __u16 acle_type; /* Type of entry */ + __u16 acle_tag; /* User or group identity */ + __u16 acle_pad1; + __u32 acle_next; /* Pointer on next entry for the */ + /* same inode or on next free entry */ +}; + +/* + * Structure of a blocks group descriptor + */ +struct ext2_group_desc +{ + __u32 bg_block_bitmap; /* Blocks bitmap block */ + __u32 bg_inode_bitmap; /* Inodes bitmap block */ + __u32 bg_inode_table; /* Inodes table block */ + __u16 bg_free_blocks_count; /* Free blocks count */ + __u16 bg_free_inodes_count; /* Free inodes count */ + __u16 bg_used_dirs_count; /* Directories count */ + __u16 bg_flags; + __u32 bg_exclude_bitmap_lo; /* Exclude bitmap for snapshots */ + __u16 bg_block_bitmap_csum_lo;/* crc32c(s_uuid+grp_num+bitmap) LSB */ + __u16 bg_inode_bitmap_csum_lo;/* crc32c(s_uuid+grp_num+bitmap) LSB */ + __u16 bg_itable_unused; /* Unused inodes count */ + __u16 bg_checksum; /* crc16(s_uuid+group_num+group_desc)*/ +}; + +/* + * Structure of a blocks group descriptor + */ +struct ext4_group_desc +{ + __u32 bg_block_bitmap; /* Blocks bitmap block */ + __u32 bg_inode_bitmap; /* Inodes bitmap block */ + __u32 bg_inode_table; /* Inodes table block */ + __u16 bg_free_blocks_count; /* Free blocks count */ + __u16 bg_free_inodes_count; /* Free inodes count */ + __u16 bg_used_dirs_count; /* Directories count */ + __u16 bg_flags; /* EXT4_BG_flags (INODE_UNINIT, etc) */ + __u32 bg_exclude_bitmap_lo; /* Exclude bitmap for snapshots */ + __u16 bg_block_bitmap_csum_lo;/* crc32c(s_uuid+grp_num+bitmap) LSB */ + __u16 bg_inode_bitmap_csum_lo;/* crc32c(s_uuid+grp_num+bitmap) LSB */ + __u16 bg_itable_unused; /* Unused inodes count */ + __u16 bg_checksum; /* crc16(sb_uuid+group+desc) */ + __u32 bg_block_bitmap_hi; /* Blocks bitmap block MSB */ + __u32 bg_inode_bitmap_hi; /* Inodes bitmap block MSB */ + __u32 bg_inode_table_hi; /* Inodes table block MSB */ + __u16 bg_free_blocks_count_hi;/* Free blocks count MSB */ + __u16 bg_free_inodes_count_hi;/* Free inodes count MSB */ + __u16 bg_used_dirs_count_hi; /* Directories count MSB */ + __u16 bg_itable_unused_hi; /* Unused inodes count MSB */ + __u32 bg_exclude_bitmap_hi; /* Exclude bitmap block MSB */ + __u16 bg_block_bitmap_csum_hi;/* crc32c(s_uuid+grp_num+bitmap) MSB */ + __u16 bg_inode_bitmap_csum_hi;/* crc32c(s_uuid+grp_num+bitmap) MSB */ + __u32 bg_reserved; +}; + +#define EXT4_BG_INODE_BITMAP_CSUM_HI_END \ + (offsetof(struct ext4_group_desc, bg_inode_bitmap_csum_hi) + \ + sizeof(__u16)) +#define EXT4_BG_BLOCK_BITMAP_CSUM_HI_LOCATION \ + (offsetof(struct ext4_group_desc, bg_block_bitmap_csum_hi) + \ + sizeof(__u16)) + +#define EXT2_BG_INODE_UNINIT 0x0001 /* Inode table/bitmap not initialized */ +#define EXT2_BG_BLOCK_UNINIT 0x0002 /* Block bitmap not initialized */ +#define EXT2_BG_INODE_ZEROED 0x0004 /* On-disk itable initialized to zero */ + +/* + * Data structures used by the directory indexing feature + * + * Note: all of the multibyte integer fields are little endian. + */ + +/* + * Note: dx_root_info is laid out so that if it should somehow get + * overlaid by a dirent the two low bits of the hash version will be + * zero. Therefore, the hash version mod 4 should never be 0. + * Sincerely, the paranoia department. + */ +struct ext2_dx_root_info { + __u32 reserved_zero; + __u8 hash_version; /* 0 now, 1 at release */ + __u8 info_length; /* 8 */ + __u8 indirect_levels; + __u8 unused_flags; +}; + +#define EXT2_HASH_LEGACY 0 +#define EXT2_HASH_HALF_MD4 1 +#define EXT2_HASH_TEA 2 +#define EXT2_HASH_LEGACY_UNSIGNED 3 /* reserved for userspace lib */ +#define EXT2_HASH_HALF_MD4_UNSIGNED 4 /* reserved for userspace lib */ +#define EXT2_HASH_TEA_UNSIGNED 5 /* reserved for userspace lib */ + +#define EXT2_HASH_FLAG_INCOMPAT 0x1 + +struct ext2_dx_entry { + __le32 hash; + __le32 block; +}; + +struct ext2_dx_countlimit { + __le16 limit; + __le16 count; +}; + +/* + * This goes at the end of each htree block. + */ +struct ext2_dx_tail { + __le32 dt_reserved; + __le32 dt_checksum; /* crc32c(uuid+inum+dxblock) */ +}; + +/* + * Macro-instructions used to manage group descriptors + */ +#define EXT2_MIN_DESC_SIZE 32 +#define EXT2_MIN_DESC_SIZE_64BIT 64 +#define EXT2_MAX_DESC_SIZE EXT2_MIN_BLOCK_SIZE +#define EXT2_DESC_SIZE(s) \ + ((EXT2_SB(s)->s_feature_incompat & EXT4_FEATURE_INCOMPAT_64BIT) ? \ + (s)->s_desc_size : EXT2_MIN_DESC_SIZE) + +#define EXT2_BLOCKS_PER_GROUP(s) (EXT2_SB(s)->s_blocks_per_group) +#define EXT2_INODES_PER_GROUP(s) (EXT2_SB(s)->s_inodes_per_group) +#define EXT2_CLUSTERS_PER_GROUP(s) (EXT2_SB(s)->s_clusters_per_group) +#define EXT2_INODES_PER_BLOCK(s) (EXT2_BLOCK_SIZE(s)/EXT2_INODE_SIZE(s)) +/* limits imposed by 16-bit value gd_free_{blocks,inode}_count */ +#define EXT2_MAX_BLOCKS_PER_GROUP(s) ((((unsigned) 1 << 16) - 8) * \ + (EXT2_CLUSTER_SIZE(s) / \ + EXT2_BLOCK_SIZE(s))) +#define EXT2_MAX_CLUSTERS_PER_GROUP(s) (((unsigned) 1 << 16) - 8) +#define EXT2_MAX_INODES_PER_GROUP(s) (((unsigned) 1 << 16) - \ + EXT2_INODES_PER_BLOCK(s)) +#ifdef __KERNEL__ +#define EXT2_DESC_PER_BLOCK(s) (EXT2_SB(s)->s_desc_per_block) +#define EXT2_DESC_PER_BLOCK_BITS(s) (EXT2_SB(s)->s_desc_per_block_bits) +#else +#define EXT2_DESC_PER_BLOCK(s) (EXT2_BLOCK_SIZE(s) / EXT2_DESC_SIZE(s)) +#endif + +#define EXT2_GROUPS_TO_BLOCKS(s, g) ((blk64_t) EXT2_BLOCKS_PER_GROUP(s) * \ + (g)) +#define EXT2_GROUPS_TO_CLUSTERS(s, g) ((blk64_t) EXT2_CLUSTERS_PER_GROUP(s) * \ + (g)) + +/* + * Constants relative to the data blocks + */ +#define EXT2_NDIR_BLOCKS 12 +#define EXT2_IND_BLOCK EXT2_NDIR_BLOCKS +#define EXT2_DIND_BLOCK (EXT2_IND_BLOCK + 1) +#define EXT2_TIND_BLOCK (EXT2_DIND_BLOCK + 1) +#define EXT2_N_BLOCKS (EXT2_TIND_BLOCK + 1) + +/* + * Inode flags + */ +#define EXT2_SECRM_FL 0x00000001 /* Secure deletion */ +#define EXT2_UNRM_FL 0x00000002 /* Undelete */ +#define EXT2_COMPR_FL 0x00000004 /* Compress file */ +#define EXT2_SYNC_FL 0x00000008 /* Synchronous updates */ +#define EXT2_IMMUTABLE_FL 0x00000010 /* Immutable file */ +#define EXT2_APPEND_FL 0x00000020 /* writes to file may only append */ +#define EXT2_NODUMP_FL 0x00000040 /* do not dump file */ +#define EXT2_NOATIME_FL 0x00000080 /* do not update atime */ +/* Reserved for compression usage... */ +#define EXT2_DIRTY_FL 0x00000100 +#define EXT2_COMPRBLK_FL 0x00000200 /* One or more compressed clusters */ +#define EXT2_NOCOMPR_FL 0x00000400 /* Access raw compressed data */ + /* nb: was previously EXT2_ECOMPR_FL */ +#define EXT4_ENCRYPT_FL 0x00000800 /* encrypted inode */ +/* End compression flags --- maybe not all used */ +#define EXT2_BTREE_FL 0x00001000 /* btree format dir */ +#define EXT2_INDEX_FL 0x00001000 /* hash-indexed directory */ +#define EXT2_IMAGIC_FL 0x00002000 +#define EXT3_JOURNAL_DATA_FL 0x00004000 /* file data should be journaled */ +#define EXT2_NOTAIL_FL 0x00008000 /* file tail should not be merged */ +#define EXT2_DIRSYNC_FL 0x00010000 /* Synchronous directory modifications */ +#define EXT2_TOPDIR_FL 0x00020000 /* Top of directory hierarchies*/ +#define EXT4_HUGE_FILE_FL 0x00040000 /* Set to each huge file */ +#define EXT4_EXTENTS_FL 0x00080000 /* Inode uses extents */ +#define EXT4_EA_INODE_FL 0x00200000 /* Inode used for large EA */ +/* EXT4_EOFBLOCKS_FL 0x00400000 was here */ +#define FS_NOCOW_FL 0x00800000 /* Do not cow file */ +#define EXT4_SNAPFILE_FL 0x01000000 /* Inode is a snapshot */ +#define EXT4_SNAPFILE_DELETED_FL 0x04000000 /* Snapshot is being deleted */ +#define EXT4_SNAPFILE_SHRUNK_FL 0x08000000 /* Snapshot shrink has completed */ +#define EXT4_INLINE_DATA_FL 0x10000000 /* Inode has inline data */ +#define EXT2_RESERVED_FL 0x80000000 /* reserved for ext2 lib */ + +#define EXT2_FL_USER_VISIBLE 0x004BDFFF /* User visible flags */ +#define EXT2_FL_USER_MODIFIABLE 0x004B80FF /* User modifiable flags */ + +/* + * ioctl commands + */ + +/* Used for online resize */ +struct ext2_new_group_input { + __u32 group; /* Group number for this data */ + __u32 block_bitmap; /* Absolute block number of block bitmap */ + __u32 inode_bitmap; /* Absolute block number of inode bitmap */ + __u32 inode_table; /* Absolute block number of inode table start */ + __u32 blocks_count; /* Total number of blocks in this group */ + __u16 reserved_blocks; /* Number of reserved blocks in this group */ + __u16 unused; /* Number of reserved GDT blocks in group */ +}; + +struct ext4_new_group_input { + __u32 group; /* Group number for this data */ + __u64 block_bitmap; /* Absolute block number of block bitmap */ + __u64 inode_bitmap; /* Absolute block number of inode bitmap */ + __u64 inode_table; /* Absolute block number of inode table start */ + __u32 blocks_count; /* Total number of blocks in this group */ + __u16 reserved_blocks; /* Number of reserved blocks in this group */ + __u16 unused; +}; + +#ifdef __GNU__ /* Needed for the Hurd */ +#define _IOT_ext2_new_group_input _IOT (_IOTS(__u32), 5, _IOTS(__u16), 2, 0, 0) +#endif + +#define EXT2_IOC_GETFLAGS _IOR('f', 1, long) +#define EXT2_IOC_SETFLAGS _IOW('f', 2, long) +#define EXT2_IOC_GETVERSION _IOR('v', 1, long) +#define EXT2_IOC_SETVERSION _IOW('v', 2, long) +#define EXT2_IOC_GETVERSION_NEW _IOR('f', 3, long) +#define EXT2_IOC_SETVERSION_NEW _IOW('f', 4, long) +#define EXT2_IOC_GROUP_EXTEND _IOW('f', 7, unsigned long) +#define EXT2_IOC_GROUP_ADD _IOW('f', 8,struct ext2_new_group_input) +#define EXT4_IOC_GROUP_ADD _IOW('f', 8,struct ext4_new_group_input) +#define EXT4_IOC_RESIZE_FS _IOW('f', 16, __u64) + +/* + * Structure of an inode on the disk + */ +struct ext2_inode { + __u16 i_mode; /* File mode */ + __u16 i_uid; /* Low 16 bits of Owner Uid */ + __u32 i_size; /* Size in bytes */ + __u32 i_atime; /* Access time */ + __u32 i_ctime; /* Inode change time */ + __u32 i_mtime; /* Modification time */ + __u32 i_dtime; /* Deletion Time */ + __u16 i_gid; /* Low 16 bits of Group Id */ + __u16 i_links_count; /* Links count */ + __u32 i_blocks; /* Blocks count */ + __u32 i_flags; /* File flags */ + union { + struct { + __u32 l_i_version; /* was l_i_reserved1 */ + } linux1; + struct { + __u32 h_i_translator; + } hurd1; + } osd1; /* OS dependent 1 */ + __u32 i_block[EXT2_N_BLOCKS];/* Pointers to blocks */ + __u32 i_generation; /* File version (for NFS) */ + __u32 i_file_acl; /* File ACL */ + __u32 i_size_high; /* Formerly i_dir_acl, directory ACL */ + __u32 i_faddr; /* Fragment address */ + union { + struct { + __u16 l_i_blocks_hi; + __u16 l_i_file_acl_high; + __u16 l_i_uid_high; /* these 2 fields */ + __u16 l_i_gid_high; /* were reserved2[0] */ + __u16 l_i_checksum_lo; /* crc32c(uuid+inum+inode) */ + __u16 l_i_reserved; + } linux2; + struct { + __u8 h_i_frag; /* Fragment number */ + __u8 h_i_fsize; /* Fragment size */ + __u16 h_i_mode_high; + __u16 h_i_uid_high; + __u16 h_i_gid_high; + __u32 h_i_author; + } hurd2; + } osd2; /* OS dependent 2 */ +}; + +/* + * Permanent part of an large inode on the disk + */ +struct ext2_inode_large { + __u16 i_mode; /* File mode */ + __u16 i_uid; /* Low 16 bits of Owner Uid */ + __u32 i_size; /* Size in bytes */ + __u32 i_atime; /* Access time */ + __u32 i_ctime; /* Inode Change time */ + __u32 i_mtime; /* Modification time */ + __u32 i_dtime; /* Deletion Time */ + __u16 i_gid; /* Low 16 bits of Group Id */ + __u16 i_links_count; /* Links count */ + __u32 i_blocks; /* Blocks count */ + __u32 i_flags; /* File flags */ + union { + struct { + __u32 l_i_version; /* was l_i_reserved1 */ + } linux1; + struct { + __u32 h_i_translator; + } hurd1; + } osd1; /* OS dependent 1 */ + __u32 i_block[EXT2_N_BLOCKS];/* Pointers to blocks */ + __u32 i_generation; /* File version (for NFS) */ + __u32 i_file_acl; /* File ACL */ + __u32 i_size_high; /* Formerly i_dir_acl, directory ACL */ + __u32 i_faddr; /* Fragment address */ + union { + struct { + __u16 l_i_blocks_hi; + __u16 l_i_file_acl_high; + __u16 l_i_uid_high; /* these 2 fields */ + __u16 l_i_gid_high; /* were reserved2[0] */ + __u16 l_i_checksum_lo; /* crc32c(uuid+inum+inode) */ + __u16 l_i_reserved; + } linux2; + struct { + __u8 h_i_frag; /* Fragment number */ + __u8 h_i_fsize; /* Fragment size */ + __u16 h_i_mode_high; + __u16 h_i_uid_high; + __u16 h_i_gid_high; + __u32 h_i_author; + } hurd2; + } osd2; /* OS dependent 2 */ + __u16 i_extra_isize; + __u16 i_checksum_hi; /* crc32c(uuid+inum+inode) */ + __u32 i_ctime_extra; /* extra Change time (nsec << 2 | epoch) */ + __u32 i_mtime_extra; /* extra Modification time (nsec << 2 | epoch) */ + __u32 i_atime_extra; /* extra Access time (nsec << 2 | epoch) */ + __u32 i_crtime; /* File creation time */ + __u32 i_crtime_extra; /* extra File creation time (nsec << 2 | epoch)*/ + __u32 i_version_hi; /* high 32 bits for 64-bit version */ +}; + +#define EXT4_INODE_CSUM_HI_EXTRA_END \ + (offsetof(struct ext2_inode_large, i_checksum_hi) + sizeof(__u16) - \ + EXT2_GOOD_OLD_INODE_SIZE) + +#define i_dir_acl i_size_high + +#define i_checksum_lo osd2.linux2.l_i_checksum_lo + +#if defined(__KERNEL__) || defined(__linux__) +#define i_reserved1 osd1.linux1.l_i_reserved1 +#define i_frag osd2.linux2.l_i_frag +#define i_fsize osd2.linux2.l_i_fsize +#define i_uid_low i_uid +#define i_gid_low i_gid +#define i_uid_high osd2.linux2.l_i_uid_high +#define i_gid_high osd2.linux2.l_i_gid_high +#else +#if defined(__GNU__) + +#define i_translator osd1.hurd1.h_i_translator +#define i_frag osd2.hurd2.h_i_frag; +#define i_fsize osd2.hurd2.h_i_fsize; +#define i_uid_high osd2.hurd2.h_i_uid_high +#define i_gid_high osd2.hurd2.h_i_gid_high +#define i_author osd2.hurd2.h_i_author + +#endif /* __GNU__ */ +#endif /* defined(__KERNEL__) || defined(__linux__) */ + +#define inode_uid(inode) ((inode).i_uid | (inode).osd2.linux2.l_i_uid_high << 16) +#define inode_gid(inode) ((inode).i_gid | (inode).osd2.linux2.l_i_gid_high << 16) +#define ext2fs_set_i_uid_high(inode,x) ((inode).osd2.linux2.l_i_uid_high = (x)) +#define ext2fs_set_i_gid_high(inode,x) ((inode).osd2.linux2.l_i_gid_high = (x)) + +/* + * File system states + */ +#define EXT2_VALID_FS 0x0001 /* Unmounted cleanly */ +#define EXT2_ERROR_FS 0x0002 /* Errors detected */ +#define EXT3_ORPHAN_FS 0x0004 /* Orphans being recovered */ + +/* + * Misc. filesystem flags + */ +#define EXT2_FLAGS_SIGNED_HASH 0x0001 /* Signed dirhash in use */ +#define EXT2_FLAGS_UNSIGNED_HASH 0x0002 /* Unsigned dirhash in use */ +#define EXT2_FLAGS_TEST_FILESYS 0x0004 /* OK for use on development code */ +#define EXT2_FLAGS_IS_SNAPSHOT 0x0010 /* This is a snapshot image */ +#define EXT2_FLAGS_FIX_SNAPSHOT 0x0020 /* Snapshot inodes corrupted */ +#define EXT2_FLAGS_FIX_EXCLUDE 0x0040 /* Exclude bitmaps corrupted */ + +/* + * Mount flags + */ +#define EXT2_MOUNT_CHECK 0x0001 /* Do mount-time checks */ +#define EXT2_MOUNT_GRPID 0x0004 /* Create files with directory's group */ +#define EXT2_MOUNT_DEBUG 0x0008 /* Some debugging messages */ +#define EXT2_MOUNT_ERRORS_CONT 0x0010 /* Continue on errors */ +#define EXT2_MOUNT_ERRORS_RO 0x0020 /* Remount fs ro on errors */ +#define EXT2_MOUNT_ERRORS_PANIC 0x0040 /* Panic on errors */ +#define EXT2_MOUNT_MINIX_DF 0x0080 /* Mimics the Minix statfs */ +#define EXT2_MOUNT_NO_UID32 0x0200 /* Disable 32-bit UIDs */ + +#define clear_opt(o, opt) o &= ~EXT2_MOUNT_##opt +#define set_opt(o, opt) o |= EXT2_MOUNT_##opt +#define test_opt(sb, opt) (EXT2_SB(sb)->s_mount_opt & \ + EXT2_MOUNT_##opt) +/* + * Maximal mount counts between two filesystem checks + */ +#define EXT2_DFL_MAX_MNT_COUNT 20 /* Allow 20 mounts */ +#define EXT2_DFL_CHECKINTERVAL 0 /* Don't use interval check */ + +/* + * Behaviour when detecting errors + */ +#define EXT2_ERRORS_CONTINUE 1 /* Continue execution */ +#define EXT2_ERRORS_RO 2 /* Remount fs read-only */ +#define EXT2_ERRORS_PANIC 3 /* Panic */ +#define EXT2_ERRORS_DEFAULT EXT2_ERRORS_CONTINUE + +#if (__GNUC__ >= 4) +#define ext4_offsetof(TYPE,MEMBER) __builtin_offsetof(TYPE,MEMBER) +#else +#define ext4_offsetof(TYPE, MEMBER) ((size_t) &((TYPE *)0)->MEMBER) +#endif + +/* Metadata checksum algorithms */ +#define EXT2_CRC32C_CHKSUM 1 + +/* Encryption algorithms, key size and key reference len */ +#define EXT4_ENCRYPTION_MODE_INVALID 0 +#define EXT4_ENCRYPTION_MODE_AES_256_XTS 1 +#define EXT4_ENCRYPTION_MODE_AES_256_GCM 2 +#define EXT4_ENCRYPTION_MODE_AES_256_CBC 3 + +#define EXT4_AES_256_XTS_KEY_SIZE 64 +#define EXT4_AES_256_GCM_KEY_SIZE 32 +#define EXT4_AES_256_CBC_KEY_SIZE 32 +/* Used to wrap data encryption keys. */ +#define EXT4_AES_256_CTR_KEY_SIZE 32 +#define EXT4_MAX_KEY_SIZE 76 + +#define EXT4_KEYREF_LOGON_PREFIX "ext4-key:" +#define EXT4_KEYREF_LOGON_PREFIX_LEN 9 +#define EXT4_KEYREF_DERIVED_LEN 16 +#define EXT4_KEYREF_DERIVED_TOTAL_LEN (EXT4_KEYREF_LOGON_PREFIX_LEN +\ + EXT4_KEYREF_DERIVED_LEN) +#define EXT4_KEYREF_MIN_LEN 8 + +/* Password derivation constants */ +#define EXT4_DEFAULT_SALT_SIZE 8 +#define EXT4_DEFAULT_SALT "fd7ea91d4f9dc1b5" +#define EXT4_MAX_PASSWORD_LENGTH 64 +#define EXT4_PBKDF2_ITERATIONS 0xFFFF + +/* MUST be in sync with ext4_crypto.c in kernel. */ +struct ext4_encryption_key { + uint32_t mode; + char raw[EXT4_MAX_KEY_SIZE]; + uint32_t size; +}; + +/* + * Structure of the super block + */ +struct ext2_super_block { + __u32 s_inodes_count; /* Inodes count */ + __u32 s_blocks_count; /* Blocks count */ + __u32 s_r_blocks_count; /* Reserved blocks count */ + __u32 s_free_blocks_count; /* Free blocks count */ + __u32 s_free_inodes_count; /* Free inodes count */ + __u32 s_first_data_block; /* First Data Block */ + __u32 s_log_block_size; /* Block size */ + __u32 s_log_cluster_size; /* Allocation cluster size */ + __u32 s_blocks_per_group; /* # Blocks per group */ + __u32 s_clusters_per_group; /* # Fragments per group */ + __u32 s_inodes_per_group; /* # Inodes per group */ + __u32 s_mtime; /* Mount time */ + __u32 s_wtime; /* Write time */ + __u16 s_mnt_count; /* Mount count */ + __s16 s_max_mnt_count; /* Maximal mount count */ + __u16 s_magic; /* Magic signature */ + __u16 s_state; /* File system state */ + __u16 s_errors; /* Behaviour when detecting errors */ + __u16 s_minor_rev_level; /* minor revision level */ + __u32 s_lastcheck; /* time of last check */ + __u32 s_checkinterval; /* max. time between checks */ + __u32 s_creator_os; /* OS */ + __u32 s_rev_level; /* Revision level */ + __u16 s_def_resuid; /* Default uid for reserved blocks */ + __u16 s_def_resgid; /* Default gid for reserved blocks */ + /* + * These fields are for EXT2_DYNAMIC_REV superblocks only. + * + * Note: the difference between the compatible feature set and + * the incompatible feature set is that if there is a bit set + * in the incompatible feature set that the kernel doesn't + * know about, it should refuse to mount the filesystem. + * + * e2fsck's requirements are more strict; if it doesn't know + * about a feature in either the compatible or incompatible + * feature set, it must abort and not try to meddle with + * things it doesn't understand... + */ + __u32 s_first_ino; /* First non-reserved inode */ + __u16 s_inode_size; /* size of inode structure */ + __u16 s_block_group_nr; /* block group # of this superblock */ + __u32 s_feature_compat; /* compatible feature set */ + __u32 s_feature_incompat; /* incompatible feature set */ + __u32 s_feature_ro_compat; /* readonly-compatible feature set */ + __u8 s_uuid[16]; /* 128-bit uuid for volume */ + char s_volume_name[16]; /* volume name */ + char s_last_mounted[64]; /* directory where last mounted */ + __u32 s_algorithm_usage_bitmap; /* For compression */ + /* + * Performance hints. Directory preallocation should only + * happen if the EXT2_FEATURE_COMPAT_DIR_PREALLOC flag is on. + */ + __u8 s_prealloc_blocks; /* Nr of blocks to try to preallocate*/ + __u8 s_prealloc_dir_blocks; /* Nr to preallocate for dirs */ + __u16 s_reserved_gdt_blocks; /* Per group table for online growth */ + /* + * Journaling support valid if EXT2_FEATURE_COMPAT_HAS_JOURNAL set. + */ + __u8 s_journal_uuid[16]; /* uuid of journal superblock */ + __u32 s_journal_inum; /* inode number of journal file */ + __u32 s_journal_dev; /* device number of journal file */ + __u32 s_last_orphan; /* start of list of inodes to delete */ + __u32 s_hash_seed[4]; /* HTREE hash seed */ + __u8 s_def_hash_version; /* Default hash version to use */ + __u8 s_jnl_backup_type; /* Default type of journal backup */ + __u16 s_desc_size; /* Group desc. size: INCOMPAT_64BIT */ + __u32 s_default_mount_opts; + __u32 s_first_meta_bg; /* First metablock group */ + __u32 s_mkfs_time; /* When the filesystem was created */ + __u32 s_jnl_blocks[17]; /* Backup of the journal inode */ + __u32 s_blocks_count_hi; /* Blocks count high 32bits */ + __u32 s_r_blocks_count_hi; /* Reserved blocks count high 32 bits*/ + __u32 s_free_blocks_hi; /* Free blocks count */ + __u16 s_min_extra_isize; /* All inodes have at least # bytes */ + __u16 s_want_extra_isize; /* New inodes should reserve # bytes */ + __u32 s_flags; /* Miscellaneous flags */ + __u16 s_raid_stride; /* RAID stride */ + __u16 s_mmp_update_interval; /* # seconds to wait in MMP checking */ + __u64 s_mmp_block; /* Block for multi-mount protection */ + __u32 s_raid_stripe_width; /* blocks on all data disks (N*stride)*/ + __u8 s_log_groups_per_flex; /* FLEX_BG group size */ + __u8 s_checksum_type; /* metadata checksum algorithm */ + __u16 s_reserved_pad; /* Padding to next 32bits */ + __u64 s_kbytes_written; /* nr of lifetime kilobytes written */ + __u32 s_snapshot_inum; /* Inode number of active snapshot */ + __u32 s_snapshot_id; /* sequential ID of active snapshot */ + __u64 s_snapshot_r_blocks_count; /* reserved blocks for active + snapshot's future use */ + __u32 s_snapshot_list; /* inode number of the head of the on-disk snapshot list */ +#define EXT4_S_ERR_START ext4_offsetof(struct ext2_super_block, s_error_count) + __u32 s_error_count; /* number of fs errors */ + __u32 s_first_error_time; /* first time an error happened */ + __u32 s_first_error_ino; /* inode involved in first error */ + __u64 s_first_error_block; /* block involved of first error */ + __u8 s_first_error_func[32]; /* function where the error happened */ + __u32 s_first_error_line; /* line number where error happened */ + __u32 s_last_error_time; /* most recent time of an error */ + __u32 s_last_error_ino; /* inode involved in last error */ + __u32 s_last_error_line; /* line number where error happened */ + __u64 s_last_error_block; /* block involved of last error */ + __u8 s_last_error_func[32]; /* function where the error happened */ +#define EXT4_S_ERR_END ext4_offsetof(struct ext2_super_block, s_mount_opts) + __u8 s_mount_opts[64]; + __u32 s_usr_quota_inum; /* inode number of user quota file */ + __u32 s_grp_quota_inum; /* inode number of group quota file */ + __u32 s_overhead_blocks; /* overhead blocks/clusters in fs */ + __u32 s_backup_bgs[2]; /* If sparse_super2 enabled */ + __u8 s_encrypt_algos[4]; /* Encryption algorithms in use */ + __u32 s_reserved[105]; /* Padding to the end of the block */ + __u32 s_checksum; /* crc32c(superblock) */ +}; + +#define EXT4_S_ERR_LEN (EXT4_S_ERR_END - EXT4_S_ERR_START) + +/* + * Codes for operating systems + */ +#define EXT2_OS_LINUX 0 +#define EXT2_OS_HURD 1 +#define EXT2_OBSO_OS_MASIX 2 +#define EXT2_OS_FREEBSD 3 +#define EXT2_OS_LITES 4 + +/* + * Revision levels + */ +#define EXT2_GOOD_OLD_REV 0 /* The good old (original) format */ +#define EXT2_DYNAMIC_REV 1 /* V2 format w/ dynamic inode sizes */ + +#define EXT2_CURRENT_REV EXT2_GOOD_OLD_REV +#define EXT2_MAX_SUPP_REV EXT2_DYNAMIC_REV + +#define EXT2_GOOD_OLD_INODE_SIZE 128 + +/* + * Journal inode backup types + */ +#define EXT3_JNL_BACKUP_BLOCKS 1 + +/* + * Feature set definitions + */ + +#define EXT2_HAS_COMPAT_FEATURE(sb,mask) \ + ( EXT2_SB(sb)->s_feature_compat & (mask) ) +#define EXT2_HAS_RO_COMPAT_FEATURE(sb,mask) \ + ( EXT2_SB(sb)->s_feature_ro_compat & (mask) ) +#define EXT2_HAS_INCOMPAT_FEATURE(sb,mask) \ + ( EXT2_SB(sb)->s_feature_incompat & (mask) ) + +#define EXT2_FEATURE_COMPAT_DIR_PREALLOC 0x0001 +#define EXT2_FEATURE_COMPAT_IMAGIC_INODES 0x0002 +#define EXT3_FEATURE_COMPAT_HAS_JOURNAL 0x0004 +#define EXT2_FEATURE_COMPAT_EXT_ATTR 0x0008 +#define EXT2_FEATURE_COMPAT_RESIZE_INODE 0x0010 +#define EXT2_FEATURE_COMPAT_DIR_INDEX 0x0020 +#define EXT2_FEATURE_COMPAT_LAZY_BG 0x0040 +/* #define EXT2_FEATURE_COMPAT_EXCLUDE_INODE 0x0080 not used, legacy */ +#define EXT2_FEATURE_COMPAT_EXCLUDE_BITMAP 0x0100 +#define EXT4_FEATURE_COMPAT_SPARSE_SUPER2 0x0200 + + +#define EXT2_FEATURE_RO_COMPAT_SPARSE_SUPER 0x0001 +#define EXT2_FEATURE_RO_COMPAT_LARGE_FILE 0x0002 +/* #define EXT2_FEATURE_RO_COMPAT_BTREE_DIR 0x0004 not used */ +#define EXT4_FEATURE_RO_COMPAT_HUGE_FILE 0x0008 +#define EXT4_FEATURE_RO_COMPAT_GDT_CSUM 0x0010 +#define EXT4_FEATURE_RO_COMPAT_DIR_NLINK 0x0020 +#define EXT4_FEATURE_RO_COMPAT_EXTRA_ISIZE 0x0040 +#define EXT4_FEATURE_RO_COMPAT_HAS_SNAPSHOT 0x0080 +#define EXT4_FEATURE_RO_COMPAT_QUOTA 0x0100 +#define EXT4_FEATURE_RO_COMPAT_BIGALLOC 0x0200 +/* + * METADATA_CSUM implies GDT_CSUM. When METADATA_CSUM is set, group + * descriptor checksums use the same algorithm as all other data + * structures' checksums. + */ +#define EXT4_FEATURE_RO_COMPAT_METADATA_CSUM 0x0400 +#define EXT4_FEATURE_RO_COMPAT_REPLICA 0x0800 + +#define EXT2_FEATURE_INCOMPAT_COMPRESSION 0x0001 +#define EXT2_FEATURE_INCOMPAT_FILETYPE 0x0002 +#define EXT3_FEATURE_INCOMPAT_RECOVER 0x0004 /* Needs recovery */ +#define EXT3_FEATURE_INCOMPAT_JOURNAL_DEV 0x0008 /* Journal device */ +#define EXT2_FEATURE_INCOMPAT_META_BG 0x0010 +#define EXT3_FEATURE_INCOMPAT_EXTENTS 0x0040 +#define EXT4_FEATURE_INCOMPAT_64BIT 0x0080 +#define EXT4_FEATURE_INCOMPAT_MMP 0x0100 +#define EXT4_FEATURE_INCOMPAT_FLEX_BG 0x0200 +#define EXT4_FEATURE_INCOMPAT_EA_INODE 0x0400 +#define EXT4_FEATURE_INCOMPAT_DIRDATA 0x1000 +/* 0x2000 was EXT4_FEATURE_INCOMPAT_BG_USE_META_CSUM but this was never used */ +#define EXT4_FEATURE_INCOMPAT_LARGEDIR 0x4000 /* >2GB or 3-lvl htree */ +#define EXT4_FEATURE_INCOMPAT_INLINE_DATA 0x8000 /* data in inode */ +#define EXT4_FEATURE_INCOMPAT_ENCRYPT 0x10000 + +#define EXT2_FEATURE_COMPAT_SUPP 0 +#define EXT2_FEATURE_INCOMPAT_SUPP (EXT2_FEATURE_INCOMPAT_FILETYPE| \ + EXT4_FEATURE_INCOMPAT_MMP | \ + EXT4_FEATURE_INCOMPAT_ENCRYPT) +#define EXT2_FEATURE_RO_COMPAT_SUPP (EXT2_FEATURE_RO_COMPAT_SPARSE_SUPER| \ + EXT2_FEATURE_RO_COMPAT_LARGE_FILE| \ + EXT4_FEATURE_RO_COMPAT_DIR_NLINK| \ + EXT2_FEATURE_RO_COMPAT_BTREE_DIR) + +/* + * Default values for user and/or group using reserved blocks + */ +#define EXT2_DEF_RESUID 0 +#define EXT2_DEF_RESGID 0 + +/* + * Default mount options + */ +#define EXT2_DEFM_DEBUG 0x0001 +#define EXT2_DEFM_BSDGROUPS 0x0002 +#define EXT2_DEFM_XATTR_USER 0x0004 +#define EXT2_DEFM_ACL 0x0008 +#define EXT2_DEFM_UID16 0x0010 +#define EXT3_DEFM_JMODE 0x0060 +#define EXT3_DEFM_JMODE_DATA 0x0020 +#define EXT3_DEFM_JMODE_ORDERED 0x0040 +#define EXT3_DEFM_JMODE_WBACK 0x0060 +#define EXT4_DEFM_NOBARRIER 0x0100 +#define EXT4_DEFM_BLOCK_VALIDITY 0x0200 +#define EXT4_DEFM_DISCARD 0x0400 +#define EXT4_DEFM_NODELALLOC 0x0800 + +/* + * Structure of a directory entry + */ +#define EXT2_NAME_LEN 255 + +struct ext2_dir_entry { + __u32 inode; /* Inode number */ + __u16 rec_len; /* Directory entry length */ + __u16 name_len; /* Name length */ + char name[EXT2_NAME_LEN]; /* File name */ +}; + +/* + * The new version of the directory entry. Since EXT2 structures are + * stored in intel byte order, and the name_len field could never be + * bigger than 255 chars, it's safe to reclaim the extra byte for the + * file_type field. + * + * This structure is deprecated due to endianity issues. Please use struct + * ext2_dir_entry and accessor functions + * ext2fs_dirent_name_len + * ext2fs_dirent_set_name_len + * ext2fs_dirent_file_type + * ext2fs_dirent_set_file_type + * to get and set name_len and file_type fields. + */ +struct ext2_dir_entry_2 { + __u32 inode; /* Inode number */ + __u16 rec_len; /* Directory entry length */ + __u8 name_len; /* Name length */ + __u8 file_type; + char name[EXT2_NAME_LEN]; /* File name */ +}; + +/* + * This is a bogus directory entry at the end of each leaf block that + * records checksums. + */ +struct ext2_dir_entry_tail { + __u32 det_reserved_zero1; /* Pretend to be unused */ + __u16 det_rec_len; /* 12 */ + __u16 det_reserved_name_len; /* 0xDE00, fake namelen/filetype */ + __u32 det_checksum; /* crc32c(uuid+inode+dirent) */ +}; + +/* + * Ext2 directory file types. Only the low 3 bits are used. The + * other bits are reserved for now. + */ +#define EXT2_FT_UNKNOWN 0 +#define EXT2_FT_REG_FILE 1 +#define EXT2_FT_DIR 2 +#define EXT2_FT_CHRDEV 3 +#define EXT2_FT_BLKDEV 4 +#define EXT2_FT_FIFO 5 +#define EXT2_FT_SOCK 6 +#define EXT2_FT_SYMLINK 7 + +#define EXT2_FT_MAX 8 + +/* + * Annoyingly, e2fsprogs always swab16s ext2_dir_entry.name_len, so we + * have to build ext2_dir_entry_tail with that assumption too. This + * constant helps to build the dir_entry_tail to look like it has an + * "invalid" file type. + */ +#define EXT2_DIR_NAME_LEN_CSUM 0xDE00 + +/* + * EXT2_DIR_PAD defines the directory entries boundaries + * + * NOTE: It must be a multiple of 4 + */ +#define EXT2_DIR_ENTRY_HEADER_LEN 8 +#define EXT2_DIR_PAD 4 +#define EXT2_DIR_ROUND (EXT2_DIR_PAD - 1) +#define EXT2_DIR_REC_LEN(name_len) (((name_len) + \ + EXT2_DIR_ENTRY_HEADER_LEN + \ + EXT2_DIR_ROUND) & \ + ~EXT2_DIR_ROUND) + +/* + * This structure is used for multiple mount protection. It is written + * into the block number saved in the s_mmp_block field in the superblock. + * Programs that check MMP should assume that if SEQ_FSCK (or any unknown + * code above SEQ_MAX) is present then it is NOT safe to use the filesystem, + * regardless of how old the timestamp is. + * + * The timestamp in the MMP structure will be updated by e2fsck at some + * arbitary intervals (start of passes, after every few groups of inodes + * in pass1 and pass1b). There is no guarantee that e2fsck is updating + * the MMP block in a timely manner, and the updates it does are purely + * for the convenience of the sysadmin and not for automatic validation. + * + * Note: Only the mmp_seq value is used to determine whether the MMP block + * is being updated. The mmp_time, mmp_nodename, and mmp_bdevname + * fields are only for informational purposes for the administrator, + * due to clock skew between nodes and hostname HA service takeover. + */ +#define EXT4_MMP_MAGIC 0x004D4D50U /* ASCII for MMP */ +#define EXT4_MMP_SEQ_CLEAN 0xFF4D4D50U /* mmp_seq value for clean unmount */ +#define EXT4_MMP_SEQ_FSCK 0xE24D4D50U /* mmp_seq value when being fscked */ +#define EXT4_MMP_SEQ_MAX 0xE24D4D4FU /* maximum valid mmp_seq value */ + +/* Not endian-annotated; it's swapped at read/write time */ +struct mmp_struct { + __u32 mmp_magic; /* Magic number for MMP */ + __u32 mmp_seq; /* Sequence no. updated periodically */ + __u64 mmp_time; /* Time last updated */ + char mmp_nodename[64]; /* Node which last updated MMP block */ + char mmp_bdevname[32]; /* Bdev which last updated MMP block */ + __u16 mmp_check_interval; /* Changed mmp_check_interval */ + __u16 mmp_pad1; + __u32 mmp_pad2[226]; + __u32 mmp_checksum; /* crc32c(uuid+mmp_block) */ +}; + +/* + * Default interval for MMP update in seconds. + */ +#define EXT4_MMP_UPDATE_INTERVAL 5 + +/* + * Maximum interval for MMP update in seconds. + */ +#define EXT4_MMP_MAX_UPDATE_INTERVAL 300 + +/* + * Minimum interval for MMP checking in seconds. + */ +#define EXT4_MMP_MIN_CHECK_INTERVAL 5 + +/* + * Minimum size of inline data. + */ +#define EXT4_MIN_INLINE_DATA_SIZE ((sizeof(__u32) * EXT2_N_BLOCKS)) + +/* + * Size of a parent inode in inline data directory. + */ +#define EXT4_INLINE_DATA_DOTDOT_SIZE (4) + +#endif /* _LINUX_EXT2_FS_H */ diff --git a/ext4_utils/ext2fs/ext2_types.h b/ext4_utils/ext2fs/ext2_types.h new file mode 100644 index 00000000..2b6cca64 --- /dev/null +++ b/ext4_utils/ext2fs/ext2_types.h @@ -0,0 +1,199 @@ +/* + * If linux/types.h is already been included, assume it has defined + * everything we need. (cross fingers) Other header files may have + * also defined the types that we need. + */ +#if (!defined(_LINUX_TYPES_H) && !defined(_BLKID_TYPES_H) && \ + !defined(_EXT2_TYPES_H)) +#define _EXT2_TYPES_H + +#define __S8_TYPEDEF __signed__ char +#define __U8_TYPEDEF unsigned char +#define __S16_TYPEDEF __signed__ short +#define __U16_TYPEDEF unsigned short +#define __S32_TYPEDEF __signed__ int +#define __U32_TYPEDEF unsigned int +#define __S64_TYPEDEF __signed__ long long +#define __U64_TYPEDEF unsigned long long + +#ifndef HAVE___U8 +#define HAVE___U8 +#ifdef __U8_TYPEDEF +typedef __U8_TYPEDEF __u8; +#else +typedef unsigned char __u8; +#endif +#endif /* HAVE___U8 */ + +#ifndef HAVE___S8 +#define HAVE___S8 +#ifdef __S8_TYPEDEF +typedef __S8_TYPEDEF __s8; +#else +typedef signed char __s8; +#endif +#endif /* HAVE___S8 */ + +#ifndef HAVE___U16 +#define HAVE___U16 +#ifdef __U16_TYPEDEF +typedef __U16_TYPEDEF __u16; +#else +#if (4 == 2) +typedef unsigned int __u16; +#else +#if (2 == 2) +typedef unsigned short __u16; +#else +#undef HAVE___U16 + ?==error: undefined 16 bit type +#endif /* SIZEOF_SHORT == 2 */ +#endif /* SIZEOF_INT == 2 */ +#endif /* __U16_TYPEDEF */ +#endif /* HAVE___U16 */ + +#ifndef HAVE___S16 +#define HAVE___S16 +#ifdef __S16_TYPEDEF +typedef __S16_TYPEDEF __s16; +#else +#if (4 == 2) +typedef int __s16; +#else +#if (2 == 2) +typedef short __s16; +#else +#undef HAVE___S16 + ?==error: undefined 16 bit type +#endif /* SIZEOF_SHORT == 2 */ +#endif /* SIZEOF_INT == 2 */ +#endif /* __S16_TYPEDEF */ +#endif /* HAVE___S16 */ + +#ifndef HAVE___U32 +#define HAVE___U32 +#ifdef __U32_TYPEDEF +typedef __U32_TYPEDEF __u32; +#else +#if (4 == 4) +typedef unsigned int __u32; +#else +#if (8 == 4) +typedef unsigned long __u32; +#else +#if (2 == 4) +typedef unsigned short __u32; +#else +#undef HAVE___U32 + ?== error: undefined 32 bit type +#endif /* SIZEOF_SHORT == 4 */ +#endif /* SIZEOF_LONG == 4 */ +#endif /* SIZEOF_INT == 4 */ +#endif /* __U32_TYPEDEF */ +#endif /* HAVE___U32 */ + +#ifndef HAVE___S32 +#define HAVE___S32 +#ifdef __S32_TYPEDEF +typedef __S32_TYPEDEF __s32; +#else +#if (4 == 4) +typedef int __s32; +#else +#if (8 == 4) +typedef long __s32; +#else +#if (2 == 4) +typedef short __s32; +#else +#undef HAVE___S32 + ?== error: undefined 32 bit type +#endif /* SIZEOF_SHORT == 4 */ +#endif /* SIZEOF_LONG == 4 */ +#endif /* SIZEOF_INT == 4 */ +#endif /* __S32_TYPEDEF */ +#endif /* HAVE___S32 */ + +#ifndef HAVE___U64 +#define HAVE___U64 +#ifdef __U64_TYPEDEF +typedef __U64_TYPEDEF __u64; +#else +#if (4 == 8) +typedef unsigned int __u64; +#else +#if (8 == 8) +typedef unsigned long long __u64; +#else +#if (8 == 8) +typedef unsigned long __u64; +#else +#undef HAVE___U64 + ?== error: undefined 64 bit type +#endif /* SIZEOF_LONG_LONG == 8 */ +#endif /* SIZEOF_LONG == 8 */ +#endif /* SIZEOF_INT == 8 */ +#endif /* __U64_TYPEDEF */ +#endif /* HAVE___U64 */ + +#ifndef HAVE___S64 +#define HAVE___S64 +#ifdef __S64_TYPEDEF +typedef __S64_TYPEDEF __s64; +#else +#if (4 == 8) +typedef int __s64; +#else +#if (8 == 8) +#if defined(__GNUC__) +typedef __signed__ long long __s64; +#else +typedef signed long long __s64; +#endif /* __GNUC__ */ +#else +#if (8 == 8) +typedef long __s64; +#else +#undef HAVE___S64 + ?== error: undefined 64 bit type +#endif /* SIZEOF_LONG_LONG == 8 */ +#endif /* SIZEOF_LONG == 8 */ +#endif /* SIZEOF_INT == 8 */ +#endif /* __S64_TYPEDEF */ +#endif /* HAVE___S64 */ + +#undef __S8_TYPEDEF +#undef __U8_TYPEDEF +#undef __S16_TYPEDEF +#undef __U16_TYPEDEF +#undef __S32_TYPEDEF +#undef __U32_TYPEDEF +#undef __S64_TYPEDEF +#undef __U64_TYPEDEF + +#endif /* _*_TYPES_H */ + +/* endian checking stuff */ +#ifndef EXT2_ENDIAN_H_ +#define EXT2_ENDIAN_H_ + +#ifdef __CHECKER__ +#define __bitwise __attribute__((bitwise)) +#define __force __attribute__((force)) +#else +#define __bitwise +#define __force +#endif + +typedef __u16 __bitwise __le16; +typedef __u32 __bitwise __le32; +typedef __u64 __bitwise __le64; +typedef __u16 __bitwise __be16; +typedef __u32 __bitwise __be32; +typedef __u64 __bitwise __be64; + +#endif /* EXT2_ENDIAN_H_ */ + +/* These defines are needed for the public ext2fs.h header file */ +#define HAVE_SYS_TYPES_H 1 +#undef WORDS_BIGENDIAN diff --git a/ext4_utils/ext4_crypt.cpp b/ext4_utils/ext4_crypt.cpp new file mode 100644 index 00000000..2a51f41a --- /dev/null +++ b/ext4_utils/ext4_crypt.cpp @@ -0,0 +1,127 @@ +#include "ext4_crypt.h" + +#include +#include +#include + +#include +#include +#include + +// ext4enc:TODO Use include paths +#include "../../core/init/log.h" + +// ext4enc::TODO remove this duplicated const +static const std::string unencrypted_path = "/unencrypted"; + +static std::map s_password_store; + +bool e4crypt_non_default_key(const char* dir) +{ + int type = e4crypt_get_password_type(dir); + return type != -1 && type != 1; +} + +int e4crypt_get_password_type(const char* path) +{ + auto full_path = std::string() + path + unencrypted_path; + if (!std::ifstream(full_path + "/key")) { + INFO("No master key, so not ext4enc\n"); + return -1; + } + + std::ifstream type(full_path + "/type"); + if (!type) { + INFO("No password type so default\n"); + return 1; // Default + } + + int value = 0; + type >> value; + INFO("Password type is %d\n", value); + return value; +} + +int e4crypt_change_password(const char* path, int crypt_type, + const char* password) +{ + // ext4enc:TODO Encrypt master key with password securely. Store hash of + // master key for validation + auto full_path = std::string() + path + unencrypted_path; + std::ofstream(full_path + "/password") << password; + std::ofstream(full_path + "/type") << crypt_type; + return 0; +} + +int e4crypt_crypto_complete(const char* path) +{ + INFO("ext4 crypto complete called on %s\n", path); + + auto full_path = std::string() + path + unencrypted_path; + if (!std::ifstream(full_path + "/key")) { + INFO("No master key, so not ext4enc\n"); + return -1; + } + + return 0; +} + +int e4crypt_check_passwd(const char* path, const char* password) +{ + auto full_path = std::string() + path + unencrypted_path; + if (!std::ifstream(full_path + "/key")) { + INFO("No master key, so not ext4enc\n"); + return -1; + } + + std::string actual_password; + std::ifstream(full_path + "/password") >> actual_password; + + if (actual_password == password) { + s_password_store[path] = password; + return 0; + } else { + return -1; + } +} + +int e4crypt_restart(const char* path) +{ + int rc = 0; + + INFO("ext4 restart called on %s\n", path); + property_set("vold.decrypt", "trigger_reset_main"); + INFO("Just asked init to shut down class main\n"); + sleep(2); + + std::string tmp_path = std::string() + path + "/tmp_mnt"; + + // ext4enc:TODO add retry logic + rc = umount(tmp_path.c_str()); + if (rc) { + ERROR("umount %s failed with rc %d, msg %s\n", + tmp_path.c_str(), rc, strerror(errno)); + return rc; + } + + // ext4enc:TODO add retry logic + rc = umount(path); + if (rc) { + ERROR("umount %s failed with rc %d, msg %s\n", + path, rc, strerror(errno)); + return rc; + } + + return 0; +} + +const char* e4crypt_get_password(const char* path) +{ + // ext4enc:TODO scrub password after timeout + auto i = s_password_store.find(path); + if (i == s_password_store.end()) { + return 0; + } else { + return i->second.c_str(); + } +} diff --git a/ext4_utils/ext4_crypt.h b/ext4_utils/ext4_crypt.h new file mode 100644 index 00000000..494e33c3 --- /dev/null +++ b/ext4_utils/ext4_crypt.h @@ -0,0 +1,49 @@ +#include +#include +#include + +__BEGIN_DECLS +// These functions assume they are being called from init +// They will not operate properly outside of init +int e4crypt_install_keyring(); +int e4crypt_install_key(const char* dir); +int e4crypt_create_device_key(const char* dir); + +// General functions +bool e4crypt_non_default_key(const char* dir); +int e4crypt_set_directory_policy(const char* dir); +int e4crypt_main(int argc, char* argv[]); +int e4crypt_change_password(const char* path, int crypt_type, + const char* password); +int e4crypt_get_password_type(const char* path); +int e4crypt_crypto_complete(const char* dir); +int e4crypt_check_passwd(const char* dir, const char* password); +const char* e4crypt_get_password(const char* dir); +int e4crypt_restart(const char* dir); + +// Key functions. ext4enc:TODO Move to own file + +// ext4enc:TODO - get these keyring standard definitions from proper system file +// keyring serial number type +typedef int32_t key_serial_t; + +// special process keyring shortcut IDs +#define KEY_SPEC_THREAD_KEYRING -1 // key ID for thread-specific keyring +#define KEY_SPEC_PROCESS_KEYRING -2 // key ID for process-specific keyring +#define KEY_SPEC_SESSION_KEYRING -3 // key ID for session-specific keyring +#define KEY_SPEC_USER_KEYRING -4 // key ID for UID-specific keyring +#define KEY_SPEC_USER_SESSION_KEYRING -5 // key ID for UID-session keyring +#define KEY_SPEC_GROUP_KEYRING -6 // key ID for GID-specific keyring + +key_serial_t add_key(const char *type, + const char *description, + const void *payload, + size_t plen, + key_serial_t ringid); + +long keyctl_setperm(key_serial_t id, int permissions); + +// Set policy on directory +int do_policy_set(const char *directory, const char *policy); + +__END_DECLS diff --git a/ext4_utils/ext4_crypt_init_extensions.cpp b/ext4_utils/ext4_crypt_init_extensions.cpp new file mode 100644 index 00000000..98da8f5c --- /dev/null +++ b/ext4_utils/ext4_crypt_init_extensions.cpp @@ -0,0 +1,282 @@ +#include "ext4_crypt.h" + +#include +#include +#include +#include + +#include + +#include +#include +#include +#include + +// ext4enc:TODO Use include paths +#include "../../core/init/log.h" +#include "../../core/init/util.h" + +#include "ext2fs/ext2_fs.h" + +static const std::string unencrypted_path = "/unencrypted"; +static const std::string keyring = "@s"; +static const std::string arbitrary_sequence_number = "42"; + +static key_serial_t device_keyring = -1; + +static std::string vold_command(std::string const& command) +{ + INFO("Running command %s\n", command.c_str()); + int sock = socket_local_client("vold", + ANDROID_SOCKET_NAMESPACE_RESERVED, + SOCK_STREAM); + + if (sock < 0) { + INFO("Cannot open vold, failing command\n"); + return ""; + } + + class CloseSocket + { + int sock_; + public: + CloseSocket(int sock) : sock_(sock) {} + ~CloseSocket() { close(sock_); } + }; + + CloseSocket cs(sock); + + // Use arbitrary sequence number. This should only be used when the + // framework is down, so this is (mostly) OK. + std::string actual_command = arbitrary_sequence_number + " " + command; + if (write(sock, actual_command.c_str(), actual_command.size() + 1) < 0) { + ERROR("Cannot write command\n"); + return ""; + } + + while (1) { + struct timeval to; + to.tv_sec = 10; + to.tv_usec = 0; + + fd_set read_fds; + FD_ZERO(&read_fds); + FD_SET(sock, &read_fds); + + int rc = select(sock + 1, &read_fds, NULL, NULL, &to); + if (rc < 0) { + ERROR("Error in select %s\n", strerror(errno)); + return ""; + } else if (!rc) { + ERROR("Timeout\n"); + return ""; + } else if (FD_ISSET(sock, &read_fds)) { + char buffer[4096]; + memset(buffer, 0, sizeof(buffer)); + rc = read(sock, buffer, sizeof(buffer)); + if (rc <= 0) { + if (rc == 0) { + ERROR("Lost connection to Vold - did it crash?\n"); + } else { + ERROR("Error reading data (%s)\n", strerror(errno)); + } + return ""; + } + + // We don't truly know that this is the correct result. However, + // since this will only be used when the framework is down, + // it should be OK unless someone is running vdc at the same time. + // Worst case we force a reboot in the very rare synchronization + // error + return std::string(buffer, rc); + } + } +} + +int e4crypt_create_device_key(const char* dir) +{ + // Make sure folder exists. Use make_dir to set selinux permissions. + INFO("Creating test device key\n"); + std::string path = std::string() + dir + unencrypted_path; + if (make_dir(path.c_str(), 0700) && errno != EEXIST) { + ERROR("Failed to create %s with error %s\n", + path.c_str(), strerror(errno)); + return -1; + } + + // Open key if it exists + std::string key_path = path + "/key"; + std::ifstream key(key_path.c_str(), std::ifstream::binary); + + if (!key.good()) { + // Create new key if it doesn't + std::ofstream new_key(key_path.c_str(), std::ofstream::binary); + if (!new_key) { + ERROR("Failed to open %s\n", key_path.c_str()); + return -1; + } + + std::ifstream urandom("/dev/urandom", std::ifstream::binary); + if (!urandom) { + ERROR("Failed to open /dev/urandom\n"); + return -1; + } + + char key_material[32]; + urandom.read(key_material, 32); + if (!urandom) { + ERROR("Failed to read random bytes\n"); + return -1; + } + + new_key.write(key_material, 32); + if (!new_key) { + ERROR("Failed to write key material"); + return -1; + } + } + + remove((std::string(dir) + "/ref").c_str()); + return 0; +} + +int e4crypt_install_keyring() +{ + device_keyring = add_key("keyring", + "e4crypt", + 0, + 0, + KEY_SPEC_SESSION_KEYRING); + + if (device_keyring == -1) { + ERROR("Failed to create keyring\n"); + return -1; + } + + INFO("Keyring created wth id %d in process %d\n", device_keyring, getpid()); + + // ext4enc:TODO set correct permissions + long result = keyctl_setperm(device_keyring, 0x3f3f3f3f); + if (result) { + ERROR("KEYCTL_SETPERM failed with error %ld\n", result); + return -1; + } + + return 0; +} + +int e4crypt_install_key(const char* dir) +{ + std::string path = std::string() + dir + unencrypted_path; + + // Open key if it exists + std::string key_path = path + "/key"; + std::ifstream key(key_path.c_str(), std::ifstream::binary); + if (!key.good()) { + ERROR("Failed to open key %s\n", key_path.c_str()); + return -1; + } + + char keyblob[256]; + key.read(keyblob, sizeof(keyblob)); + std::streamsize keyblob_size = key.gcount(); + if (keyblob_size <= 0) { + ERROR("Failed to read key data\n"); + return -1; + } + + // Get password to decrypt as needed + if (e4crypt_non_default_key(dir)) { + std::string result = vold_command("cryptfs getpw"); + // result is either + // 200 0 -1 + // or + // 200 0 {{sensitive}} 0001020304 + // where 0001020304 is hex encoding of password + std::istringstream i(result); + std::string bit; + i >> bit; + if (bit != "200") { + ERROR("Expecting 200\n"); + return -1; + } + + i >> bit; + if (bit != arbitrary_sequence_number) { + ERROR("Expecting %s\n", arbitrary_sequence_number.c_str()); + return -1; + } + + i >> bit; + if (bit != "{{sensitive}}") { + INFO("Not encrypted\n"); + return -1; + } + + i >> bit; + } + + // Add key to keyring + // ext4enc:TODO Include structure from somewhere sensible + // MUST be in sync with ext4_crypto.c in kernel + struct ext4_encryption_key { + uint32_t mode; + char raw[EXT4_MAX_KEY_SIZE]; + uint32_t size; + }; + + ext4_encryption_key ext4_key = {0, {0}, 0}; + memcpy(ext4_key.raw, keyblob, keyblob_size); + ext4_key.size = keyblob_size; + + // ext4enc:TODO Use better reference not 1234567890 + key_serial_t key_id = add_key("logon", "ext4-key:1234567890", + (void*)&ext4_key, sizeof(ext4_key), + device_keyring); + + if (key_id == -1) { + ERROR("Failed to insert key into keyring with error %s\n", + strerror(errno)); + return -1; + } + + INFO("Added key %d to keyring %d in process %d\n", + key_id, device_keyring, getpid()); + + // ext4enc:TODO set correct permissions + long result = keyctl_setperm(key_id, 0x3f3f3f3f); + if (result) { + ERROR("KEYCTL_SETPERM failed with error %ld\n", result); + return -1; + } + + // Save reference to key so we can set policy later + std::ofstream(path + "/ref") << "ext4-key:1234567890"; + return 0; +} + +int e4crypt_set_directory_policy(const char* dir) +{ + // Only set policy on first level /data directories + // ext4enc:TODO don't hard code /data/ + if (!dir || strncmp(dir, "/data/", 6) || strchr(dir + 6, '/')) { + return 0; + } + + std::ifstream ref_file("/data/unencrypted/ref"); + if (!ref_file) { + ERROR("Cannot open key reference file\n"); + return -1; + } + + std::string ref; + std::getline(ref_file, ref); + std::string policy = std::string() + keyring + "." + ref; + INFO("Setting poliy %s\n", policy.c_str()); + if (do_policy_set(dir, policy.c_str())) { + ERROR("Setting policy on %s failed!", dir); + return -1; + } + + return 0; +} -- cgit v1.2.3