diff options
author | Victor Hsieh <victorhsieh@google.com> | 2023-03-17 17:11:43 +0000 |
---|---|---|
committer | Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com> | 2023-03-17 17:11:43 +0000 |
commit | 1c70a17fb0ac99e0106b926e3d84dda385452d39 (patch) | |
tree | d294c129a3092b719935c64110f8b0e9a20e129c | |
parent | fa5a72fe9884a0dfba57a1c68b4b655c51299b54 (diff) | |
parent | 232cdde7e42dee08bd2d2667493926bc3b084e60 (diff) | |
download | security-1c70a17fb0ac99e0106b926e3d84dda385452d39.tar.gz |
Merge "Consolidate fs-verity wrapper in libfsverity_rs" am: 93302519d4 am: 6df71858ac am: 232cdde7e4
Original change: https://android-review.googlesource.com/c/platform/system/security/+/2492595
Change-Id: I34f1d6321246ac61ca3866a3be57d9c9bf3162ed
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
-rw-r--r-- | fsverity/libfsverity_rs/Android.bp | 17 | ||||
-rw-r--r-- | fsverity/libfsverity_rs/lib.rs | 68 | ||||
-rw-r--r-- | fsverity/libfsverity_rs/sys.rs | 58 |
3 files changed, 143 insertions, 0 deletions
diff --git a/fsverity/libfsverity_rs/Android.bp b/fsverity/libfsverity_rs/Android.bp new file mode 100644 index 00000000..91b12486 --- /dev/null +++ b/fsverity/libfsverity_rs/Android.bp @@ -0,0 +1,17 @@ +package { + default_applicable_licenses: ["Android-Apache-2.0"], +} + +rust_library { + name: "libfsverity_rs", + crate_name: "fsverity", + srcs: ["lib.rs"], + edition: "2021", + rustlibs: [ + "libnix", + ], + apex_available: [ + "com.android.compos", + "com.android.virt", + ], +} diff --git a/fsverity/libfsverity_rs/lib.rs b/fsverity/libfsverity_rs/lib.rs new file mode 100644 index 00000000..473b2d5c --- /dev/null +++ b/fsverity/libfsverity_rs/lib.rs @@ -0,0 +1,68 @@ +/* + * Copyright (C) 2023 The Android Open Source Project + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +//! A wrapper library to use fs-verity + +mod sys; + +use crate::sys::*; +use std::io; +use std::os::fd::AsRawFd; +use std::os::unix::io::BorrowedFd; + +fn read_metadata(fd: i32, metadata_type: u64, offset: u64, buf: &mut [u8]) -> io::Result<usize> { + let mut arg = fsverity_read_metadata_arg { + metadata_type, + offset, + length: buf.len() as u64, + buf_ptr: buf.as_mut_ptr() as u64, + __reserved: 0, + }; + // SAFETY: the ioctl doesn't change the sematics in the current process + Ok(unsafe { read_verity_metadata(fd, &mut arg) }? as usize) +} + +/// Read the raw Merkle tree from the fd, if it exists. The API semantics is similar to a regular +/// pread(2), and may not return full requested buffer. +pub fn read_merkle_tree(fd: i32, offset: u64, buf: &mut [u8]) -> io::Result<usize> { + read_metadata(fd, FS_VERITY_METADATA_TYPE_MERKLE_TREE, offset, buf) +} + +/// Read the fs-verity signature from the fd (if exists). The returned signature should be complete. +pub fn read_signature(fd: i32, buf: &mut [u8]) -> io::Result<usize> { + read_metadata(fd, FS_VERITY_METADATA_TYPE_SIGNATURE, 0 /* offset */, buf) +} + +/// Enable fs-verity to the `fd`, with sha256 hash algorithm and 4KB block size. +pub fn enable(fd: BorrowedFd) -> io::Result<()> { + let arg = fsverity_enable_arg { + version: 1, + hash_algorithm: FS_VERITY_HASH_ALG_SHA256, + block_size: 4096, + salt_size: 0, + salt_ptr: 0, + sig_size: 0, + __reserved1: 0, + sig_ptr: 0, + __reserved2: [0; 11], + }; + // SAFETY: the ioctl doesn't change the sematics in the current process + if unsafe { enable_verity(fd.as_raw_fd(), &arg) } == Ok(0) { + Ok(()) + } else { + Err(io::Error::last_os_error()) + } +} diff --git a/fsverity/libfsverity_rs/sys.rs b/fsverity/libfsverity_rs/sys.rs new file mode 100644 index 00000000..8ce0836d --- /dev/null +++ b/fsverity/libfsverity_rs/sys.rs @@ -0,0 +1,58 @@ +/* + * Copyright (C) 2023 The Android Open Source Project + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +//! Stable API definition copied from uapi/linux/fsverity.h + +use nix::{ioctl_readwrite, ioctl_write_ptr}; + +const FS_IOCTL_MAGIC: u8 = b'f'; +const FS_IOC_ENABLE_VERITY: u8 = 133; +const FS_IOCTL_READ_VERITY_METADATA: u8 = 135; + +pub const FS_VERITY_HASH_ALG_SHA256: u32 = 1; +pub const FS_VERITY_METADATA_TYPE_MERKLE_TREE: u64 = 1; +pub const FS_VERITY_METADATA_TYPE_SIGNATURE: u64 = 3; + +#[repr(C)] +pub struct fsverity_read_metadata_arg { + pub metadata_type: u64, + pub offset: u64, + pub length: u64, + pub buf_ptr: u64, + pub __reserved: u64, +} + +ioctl_readwrite!( + read_verity_metadata, + FS_IOCTL_MAGIC, + FS_IOCTL_READ_VERITY_METADATA, + fsverity_read_metadata_arg +); + +#[repr(C)] +pub struct fsverity_enable_arg { + pub version: u32, + pub hash_algorithm: u32, + pub block_size: u32, + pub salt_size: u32, + pub salt_ptr: u64, + pub sig_size: u32, + pub __reserved1: u32, + pub sig_ptr: u64, + pub __reserved2: [u64; 11], +} + +ioctl_write_ptr!(enable_verity, FS_IOCTL_MAGIC, FS_IOC_ENABLE_VERITY, fsverity_enable_arg); |