Loading fs_mgr/fs_mgr.c +81 −17 Original line number Diff line number Diff line Loading @@ -31,6 +31,7 @@ #include <dirent.h> #include <ext4.h> #include <ext4_sb.h> #include <ext4_crypt.h> #include <linux/loop.h> #include <private/android_filesystem_config.h> Loading Loading @@ -428,6 +429,73 @@ out: return ret; } // Check to see if a mountable volume has encryption requirements static int handle_encryptable(struct fstab *fstab, const struct fstab_rec* rec) { /* If this is block encryptable, need to trigger encryption */ if ( (rec->fs_mgr_flags & MF_FORCECRYPT) || (device_is_force_encrypted() && fs_mgr_is_encryptable(rec))) { if (umount(rec->mount_point) == 0) { return FS_MGR_MNTALL_DEV_NEEDS_ENCRYPTION; } else { WARNING("Could not umount %s (%s) - allow continue unencrypted\n", rec->mount_point, strerror(errno)); return FS_MGR_MNTALL_DEV_NOT_ENCRYPTED; } } // Deal with file level encryption if (rec->fs_mgr_flags & MF_FILEENCRYPTION) { // Default or not yet initialized encryption requires no more work here if (!e4crypt_non_default_key(rec->mount_point)) { INFO("%s is default file encrypted\n", rec->mount_point); return FS_MGR_MNTALL_DEV_DEFAULT_FILE_ENCRYPTED; } INFO("%s is non-default file encrypted\n", rec->mount_point); // Uses non-default key, so must unmount and set up temp file system if (umount(rec->mount_point)) { ERROR("Failed to umount %s - rebooting\n", rec->mount_point); return FS_MGR_MNTALL_FAIL; } if (fs_mgr_do_tmpfs_mount(rec->mount_point) != 0) { ERROR("Failed to mount a tmpfs at %s\n", rec->mount_point); return FS_MGR_MNTALL_FAIL; } // Mount data temporarily so we can access unencrypted dir char tmp_mnt[PATH_MAX]; strlcpy(tmp_mnt, rec->mount_point, sizeof(tmp_mnt)); strlcat(tmp_mnt, "/tmp_mnt", sizeof(tmp_mnt)); if (mkdir(tmp_mnt, 0700)) { ERROR("Failed to create temp mount point\n"); return FS_MGR_MNTALL_FAIL; } if (fs_mgr_do_mount(fstab, rec->mount_point, rec->blk_device, tmp_mnt)) { ERROR("Error temp mounting encrypted file system\n"); return FS_MGR_MNTALL_FAIL; } // Link it to the normal place so ext4_crypt functions work normally strlcat(tmp_mnt, "/unencrypted", sizeof(tmp_mnt)); char link_path[PATH_MAX]; strlcpy(link_path, rec->mount_point, sizeof(link_path)); strlcat(link_path, "/unencrypted", sizeof(link_path)); if (symlink(tmp_mnt, link_path)) { ERROR("Error creating symlink to unencrypted directory\n"); return FS_MGR_MNTALL_FAIL; } return FS_MGR_MNTALL_DEV_NON_DEFAULT_FILE_ENCRYPTED; } return FS_MGR_MNTALL_DEV_NOT_ENCRYPTED; } /* When multiple fstab records share the same mount_point, it will * try to mount each one in turn, and ignore any duplicates after a * first successful mount. Loading Loading @@ -490,25 +558,21 @@ int fs_mgr_mount_all(struct fstab *fstab) /* Deal with encryptability. */ if (!mret) { /* If this is encryptable, need to trigger encryption */ if ( (fstab->recs[attempted_idx].fs_mgr_flags & MF_FORCECRYPT) || (device_is_force_encrypted() && fs_mgr_is_encryptable(&fstab->recs[attempted_idx]))) { if (umount(fstab->recs[attempted_idx].mount_point) == 0) { if (encryptable == FS_MGR_MNTALL_DEV_NOT_ENCRYPTED) { ERROR("Will try to encrypt %s %s\n", fstab->recs[attempted_idx].mount_point, fstab->recs[attempted_idx].fs_type); encryptable = FS_MGR_MNTALL_DEV_NEEDS_ENCRYPTION; } else { ERROR("Only one encryptable/encrypted partition supported\n"); encryptable = FS_MGR_MNTALL_DEV_MIGHT_BE_ENCRYPTED; int status = handle_encryptable(fstab, &fstab->recs[attempted_idx]); if (status == FS_MGR_MNTALL_FAIL) { /* Fatal error - no point continuing */ return status; } } else { WARNING("Could not umount %s (%s) - allow continue unencrypted\n", fstab->recs[attempted_idx].mount_point, strerror(errno)); continue; if (status != FS_MGR_MNTALL_DEV_NOT_ENCRYPTED) { if (encryptable != FS_MGR_MNTALL_DEV_NOT_ENCRYPTED) { // Log and continue ERROR("Only one encryptable/encrypted partition supported\n"); } encryptable = status; } /* Success! Go get the next one */ continue; } Loading fs_mgr/fs_mgr_fstab.c +11 −5 Original line number Diff line number Diff line Loading @@ -61,6 +61,7 @@ static struct flag_list fs_mgr_flags[] = { { "check", MF_CHECK }, { "encryptable=",MF_CRYPT }, { "forceencrypt=",MF_FORCECRYPT }, { "fileencryption",MF_FILEENCRYPTION }, { "nonremovable",MF_NONREMOVABLE }, { "voldmanaged=",MF_VOLDMANAGED}, { "length=", MF_LENGTH }, Loading Loading @@ -418,27 +419,32 @@ struct fstab_rec *fs_mgr_get_entry_for_mount_point(struct fstab *fstab, const ch return fs_mgr_get_entry_for_mount_point_after(NULL, fstab, path); } int fs_mgr_is_voldmanaged(struct fstab_rec *fstab) int fs_mgr_is_voldmanaged(const struct fstab_rec *fstab) { return fstab->fs_mgr_flags & MF_VOLDMANAGED; } int fs_mgr_is_nonremovable(struct fstab_rec *fstab) int fs_mgr_is_nonremovable(const struct fstab_rec *fstab) { return fstab->fs_mgr_flags & MF_NONREMOVABLE; } int fs_mgr_is_verified(struct fstab_rec *fstab) int fs_mgr_is_verified(const struct fstab_rec *fstab) { return fstab->fs_mgr_flags & MF_VERIFY; } int fs_mgr_is_encryptable(struct fstab_rec *fstab) int fs_mgr_is_encryptable(const struct fstab_rec *fstab) { return fstab->fs_mgr_flags & (MF_CRYPT | MF_FORCECRYPT); } int fs_mgr_is_noemulatedsd(struct fstab_rec *fstab) int fs_mgr_is_file_encrypted(const struct fstab_rec *fstab) { return fstab->fs_mgr_flags & MF_FILEENCRYPTION; } int fs_mgr_is_noemulatedsd(const struct fstab_rec *fstab) { return fstab->fs_mgr_flags & MF_NOEMULATEDSD; } fs_mgr/fs_mgr_priv.h +1 −0 Original line number Diff line number Diff line Loading @@ -76,6 +76,7 @@ #define MF_FORCECRYPT 0x400 #define MF_NOEMULATEDSD 0x800 /* no emulated sdcard daemon, sd card is the only external storage */ #define MF_FILEENCRYPTION 0x2000 #define DM_BUF_SIZE 4096 Loading fs_mgr/include/fs_mgr.h +9 −5 Original line number Diff line number Diff line Loading @@ -74,10 +74,13 @@ typedef void (*fs_mgr_verity_state_callback)(struct fstab_rec *fstab, struct fstab *fs_mgr_read_fstab(const char *fstab_path); void fs_mgr_free_fstab(struct fstab *fstab); #define FS_MGR_MNTALL_DEV_NON_DEFAULT_FILE_ENCRYPTED 5 #define FS_MGR_MNTALL_DEV_DEFAULT_FILE_ENCRYPTED 4 #define FS_MGR_MNTALL_DEV_NEEDS_RECOVERY 3 #define FS_MGR_MNTALL_DEV_NEEDS_ENCRYPTION 2 #define FS_MGR_MNTALL_DEV_MIGHT_BE_ENCRYPTED 1 #define FS_MGR_MNTALL_DEV_NOT_ENCRYPTED 0 #define FS_MGR_MNTALL_FAIL -1 int fs_mgr_mount_all(struct fstab *fstab); #define FS_MGR_DOMNT_FAILED -1 Loading @@ -94,11 +97,12 @@ int fs_mgr_add_entry(struct fstab *fstab, const char *mount_point, const char *fs_type, const char *blk_device); struct fstab_rec *fs_mgr_get_entry_for_mount_point(struct fstab *fstab, const char *path); int fs_mgr_is_voldmanaged(struct fstab_rec *fstab); int fs_mgr_is_nonremovable(struct fstab_rec *fstab); int fs_mgr_is_verified(struct fstab_rec *fstab); int fs_mgr_is_encryptable(struct fstab_rec *fstab); int fs_mgr_is_noemulatedsd(struct fstab_rec *fstab); int fs_mgr_is_voldmanaged(const struct fstab_rec *fstab); int fs_mgr_is_nonremovable(const struct fstab_rec *fstab); int fs_mgr_is_verified(const struct fstab_rec *fstab); int fs_mgr_is_encryptable(const struct fstab_rec *fstab); int fs_mgr_is_file_encrypted(const struct fstab_rec *fstab); int fs_mgr_is_noemulatedsd(const struct fstab_rec *fstab); int fs_mgr_swapon_all(struct fstab *fstab); #ifdef __cplusplus } Loading init/Android.mk +5 −2 Original line number Diff line number Diff line Loading @@ -50,7 +50,7 @@ LOCAL_SRC_FILES:= \ watchdogd.cpp \ LOCAL_MODULE:= init LOCAL_C_INCLUDES += system/extras/ext4_utils LOCAL_FORCE_STATIC_EXECUTABLE := true LOCAL_MODULE_PATH := $(TARGET_ROOT_OUT) LOCAL_UNSTRIPPED_PATH := $(TARGET_ROOT_OUT_UNSTRIPPED) Loading @@ -61,11 +61,14 @@ LOCAL_STATIC_LIBRARIES := \ liblogwrap \ libcutils \ libbase \ libext4_utils_static \ libutils \ liblog \ libc \ libselinux \ libmincrypt \ libext4_utils_static libc++_static \ libdl # Create symlinks LOCAL_POST_INSTALL_CMD := $(hide) mkdir -p $(TARGET_ROOT_OUT)/sbin; \ Loading Loading
fs_mgr/fs_mgr.c +81 −17 Original line number Diff line number Diff line Loading @@ -31,6 +31,7 @@ #include <dirent.h> #include <ext4.h> #include <ext4_sb.h> #include <ext4_crypt.h> #include <linux/loop.h> #include <private/android_filesystem_config.h> Loading Loading @@ -428,6 +429,73 @@ out: return ret; } // Check to see if a mountable volume has encryption requirements static int handle_encryptable(struct fstab *fstab, const struct fstab_rec* rec) { /* If this is block encryptable, need to trigger encryption */ if ( (rec->fs_mgr_flags & MF_FORCECRYPT) || (device_is_force_encrypted() && fs_mgr_is_encryptable(rec))) { if (umount(rec->mount_point) == 0) { return FS_MGR_MNTALL_DEV_NEEDS_ENCRYPTION; } else { WARNING("Could not umount %s (%s) - allow continue unencrypted\n", rec->mount_point, strerror(errno)); return FS_MGR_MNTALL_DEV_NOT_ENCRYPTED; } } // Deal with file level encryption if (rec->fs_mgr_flags & MF_FILEENCRYPTION) { // Default or not yet initialized encryption requires no more work here if (!e4crypt_non_default_key(rec->mount_point)) { INFO("%s is default file encrypted\n", rec->mount_point); return FS_MGR_MNTALL_DEV_DEFAULT_FILE_ENCRYPTED; } INFO("%s is non-default file encrypted\n", rec->mount_point); // Uses non-default key, so must unmount and set up temp file system if (umount(rec->mount_point)) { ERROR("Failed to umount %s - rebooting\n", rec->mount_point); return FS_MGR_MNTALL_FAIL; } if (fs_mgr_do_tmpfs_mount(rec->mount_point) != 0) { ERROR("Failed to mount a tmpfs at %s\n", rec->mount_point); return FS_MGR_MNTALL_FAIL; } // Mount data temporarily so we can access unencrypted dir char tmp_mnt[PATH_MAX]; strlcpy(tmp_mnt, rec->mount_point, sizeof(tmp_mnt)); strlcat(tmp_mnt, "/tmp_mnt", sizeof(tmp_mnt)); if (mkdir(tmp_mnt, 0700)) { ERROR("Failed to create temp mount point\n"); return FS_MGR_MNTALL_FAIL; } if (fs_mgr_do_mount(fstab, rec->mount_point, rec->blk_device, tmp_mnt)) { ERROR("Error temp mounting encrypted file system\n"); return FS_MGR_MNTALL_FAIL; } // Link it to the normal place so ext4_crypt functions work normally strlcat(tmp_mnt, "/unencrypted", sizeof(tmp_mnt)); char link_path[PATH_MAX]; strlcpy(link_path, rec->mount_point, sizeof(link_path)); strlcat(link_path, "/unencrypted", sizeof(link_path)); if (symlink(tmp_mnt, link_path)) { ERROR("Error creating symlink to unencrypted directory\n"); return FS_MGR_MNTALL_FAIL; } return FS_MGR_MNTALL_DEV_NON_DEFAULT_FILE_ENCRYPTED; } return FS_MGR_MNTALL_DEV_NOT_ENCRYPTED; } /* When multiple fstab records share the same mount_point, it will * try to mount each one in turn, and ignore any duplicates after a * first successful mount. Loading Loading @@ -490,25 +558,21 @@ int fs_mgr_mount_all(struct fstab *fstab) /* Deal with encryptability. */ if (!mret) { /* If this is encryptable, need to trigger encryption */ if ( (fstab->recs[attempted_idx].fs_mgr_flags & MF_FORCECRYPT) || (device_is_force_encrypted() && fs_mgr_is_encryptable(&fstab->recs[attempted_idx]))) { if (umount(fstab->recs[attempted_idx].mount_point) == 0) { if (encryptable == FS_MGR_MNTALL_DEV_NOT_ENCRYPTED) { ERROR("Will try to encrypt %s %s\n", fstab->recs[attempted_idx].mount_point, fstab->recs[attempted_idx].fs_type); encryptable = FS_MGR_MNTALL_DEV_NEEDS_ENCRYPTION; } else { ERROR("Only one encryptable/encrypted partition supported\n"); encryptable = FS_MGR_MNTALL_DEV_MIGHT_BE_ENCRYPTED; int status = handle_encryptable(fstab, &fstab->recs[attempted_idx]); if (status == FS_MGR_MNTALL_FAIL) { /* Fatal error - no point continuing */ return status; } } else { WARNING("Could not umount %s (%s) - allow continue unencrypted\n", fstab->recs[attempted_idx].mount_point, strerror(errno)); continue; if (status != FS_MGR_MNTALL_DEV_NOT_ENCRYPTED) { if (encryptable != FS_MGR_MNTALL_DEV_NOT_ENCRYPTED) { // Log and continue ERROR("Only one encryptable/encrypted partition supported\n"); } encryptable = status; } /* Success! Go get the next one */ continue; } Loading
fs_mgr/fs_mgr_fstab.c +11 −5 Original line number Diff line number Diff line Loading @@ -61,6 +61,7 @@ static struct flag_list fs_mgr_flags[] = { { "check", MF_CHECK }, { "encryptable=",MF_CRYPT }, { "forceencrypt=",MF_FORCECRYPT }, { "fileencryption",MF_FILEENCRYPTION }, { "nonremovable",MF_NONREMOVABLE }, { "voldmanaged=",MF_VOLDMANAGED}, { "length=", MF_LENGTH }, Loading Loading @@ -418,27 +419,32 @@ struct fstab_rec *fs_mgr_get_entry_for_mount_point(struct fstab *fstab, const ch return fs_mgr_get_entry_for_mount_point_after(NULL, fstab, path); } int fs_mgr_is_voldmanaged(struct fstab_rec *fstab) int fs_mgr_is_voldmanaged(const struct fstab_rec *fstab) { return fstab->fs_mgr_flags & MF_VOLDMANAGED; } int fs_mgr_is_nonremovable(struct fstab_rec *fstab) int fs_mgr_is_nonremovable(const struct fstab_rec *fstab) { return fstab->fs_mgr_flags & MF_NONREMOVABLE; } int fs_mgr_is_verified(struct fstab_rec *fstab) int fs_mgr_is_verified(const struct fstab_rec *fstab) { return fstab->fs_mgr_flags & MF_VERIFY; } int fs_mgr_is_encryptable(struct fstab_rec *fstab) int fs_mgr_is_encryptable(const struct fstab_rec *fstab) { return fstab->fs_mgr_flags & (MF_CRYPT | MF_FORCECRYPT); } int fs_mgr_is_noemulatedsd(struct fstab_rec *fstab) int fs_mgr_is_file_encrypted(const struct fstab_rec *fstab) { return fstab->fs_mgr_flags & MF_FILEENCRYPTION; } int fs_mgr_is_noemulatedsd(const struct fstab_rec *fstab) { return fstab->fs_mgr_flags & MF_NOEMULATEDSD; }
fs_mgr/fs_mgr_priv.h +1 −0 Original line number Diff line number Diff line Loading @@ -76,6 +76,7 @@ #define MF_FORCECRYPT 0x400 #define MF_NOEMULATEDSD 0x800 /* no emulated sdcard daemon, sd card is the only external storage */ #define MF_FILEENCRYPTION 0x2000 #define DM_BUF_SIZE 4096 Loading
fs_mgr/include/fs_mgr.h +9 −5 Original line number Diff line number Diff line Loading @@ -74,10 +74,13 @@ typedef void (*fs_mgr_verity_state_callback)(struct fstab_rec *fstab, struct fstab *fs_mgr_read_fstab(const char *fstab_path); void fs_mgr_free_fstab(struct fstab *fstab); #define FS_MGR_MNTALL_DEV_NON_DEFAULT_FILE_ENCRYPTED 5 #define FS_MGR_MNTALL_DEV_DEFAULT_FILE_ENCRYPTED 4 #define FS_MGR_MNTALL_DEV_NEEDS_RECOVERY 3 #define FS_MGR_MNTALL_DEV_NEEDS_ENCRYPTION 2 #define FS_MGR_MNTALL_DEV_MIGHT_BE_ENCRYPTED 1 #define FS_MGR_MNTALL_DEV_NOT_ENCRYPTED 0 #define FS_MGR_MNTALL_FAIL -1 int fs_mgr_mount_all(struct fstab *fstab); #define FS_MGR_DOMNT_FAILED -1 Loading @@ -94,11 +97,12 @@ int fs_mgr_add_entry(struct fstab *fstab, const char *mount_point, const char *fs_type, const char *blk_device); struct fstab_rec *fs_mgr_get_entry_for_mount_point(struct fstab *fstab, const char *path); int fs_mgr_is_voldmanaged(struct fstab_rec *fstab); int fs_mgr_is_nonremovable(struct fstab_rec *fstab); int fs_mgr_is_verified(struct fstab_rec *fstab); int fs_mgr_is_encryptable(struct fstab_rec *fstab); int fs_mgr_is_noemulatedsd(struct fstab_rec *fstab); int fs_mgr_is_voldmanaged(const struct fstab_rec *fstab); int fs_mgr_is_nonremovable(const struct fstab_rec *fstab); int fs_mgr_is_verified(const struct fstab_rec *fstab); int fs_mgr_is_encryptable(const struct fstab_rec *fstab); int fs_mgr_is_file_encrypted(const struct fstab_rec *fstab); int fs_mgr_is_noemulatedsd(const struct fstab_rec *fstab); int fs_mgr_swapon_all(struct fstab *fstab); #ifdef __cplusplus } Loading
init/Android.mk +5 −2 Original line number Diff line number Diff line Loading @@ -50,7 +50,7 @@ LOCAL_SRC_FILES:= \ watchdogd.cpp \ LOCAL_MODULE:= init LOCAL_C_INCLUDES += system/extras/ext4_utils LOCAL_FORCE_STATIC_EXECUTABLE := true LOCAL_MODULE_PATH := $(TARGET_ROOT_OUT) LOCAL_UNSTRIPPED_PATH := $(TARGET_ROOT_OUT_UNSTRIPPED) Loading @@ -61,11 +61,14 @@ LOCAL_STATIC_LIBRARIES := \ liblogwrap \ libcutils \ libbase \ libext4_utils_static \ libutils \ liblog \ libc \ libselinux \ libmincrypt \ libext4_utils_static libc++_static \ libdl # Create symlinks LOCAL_POST_INSTALL_CMD := $(hide) mkdir -p $(TARGET_ROOT_OUT)/sbin; \ Loading
