Gitiles
Code Review Sign In
gerrit-public.fairphone.software / fp2-dev / platform / system / extras / bc2eb8c3fd621605ff1ccaed04a71e6685acc974 / . / ext4_utils / ext4_crypt.cpp
blob: 7d3dc91e47ca74269695e024ee3563da0b5663b4 [file] [log] [blame]
Paul Lawrencebc2eb8c2015-04-28 22:13:04 +0000[diff] [blame^]1/*
2 * Copyright (c) 2015 Google, Inc.
3 */
4
Elliott Hughesee296862015-03-28 10:39:46 -0700[diff] [blame]5#define TAG "ext4_utils"
6
Paul Lawrencebc2eb8c2015-04-28 22:13:04 +0000[diff] [blame^]7#include "ext4_crypt_init_extensions.h"
Paul Lawrence92da49d2015-02-25 15:11:13 -0800[diff] [blame]8
Paul Lawrencebc2eb8c2015-04-28 22:13:04 +0000[diff] [blame^]9#include <dirent.h>
Paul Lawrence92da49d2015-02-25 15:11:13 -0800[diff] [blame]10#include <errno.h>
Paul Lawrencebc2eb8c2015-04-28 22:13:04 +0000[diff] [blame^]11#include <string.h>
12#include <unistd.h>
13
14#include <sys/xattr.h>
15#include <sys/syscall.h>
16#include <sys/stat.h>
Paul Lawrence92da49d2015-02-25 15:11:13 -0800[diff] [blame]17
Elliott Hughesee296862015-03-28 10:39:46 -0700[diff] [blame]18#include <cutils/klog.h>
Paul Lawrence92da49d2015-02-25 15:11:13 -0800[diff] [blame]19
Paul Lawrence61980262015-03-16 15:35:55 -0700[diff] [blame]20#include "unencrypted_properties.h"
Paul Lawrence92da49d2015-02-25 15:11:13 -0800[diff] [blame]21
Paul Lawrencebc2eb8c2015-04-28 22:13:04 +0000[diff] [blame^]22#define XATTR_NAME_ENCRYPTION_POLICY "encryption.policy"
23#define EXT4_KEYREF_DELIMITER ((char)'.')
24
25// ext4enc:TODO Include structure from somewhere sensible
26// MUST be in sync with ext4_crypto.c in kernel
27#define EXT4_MAX_KEY_SIZE 76
28struct ext4_encryption_key {
29 uint32_t mode;
30 char raw[EXT4_MAX_KEY_SIZE];
31 uint32_t size;
32};
33
34/* Validate that all path items are available and accessible. */
35static int is_path_valid(const char *path)
36{
37 if (access(path, W_OK)) {
38 KLOG_ERROR(TAG, "Can't access %s: %s\n",strerror(errno), path);
39 return 0;
40 }
41
42 return 1;
43}
44
45/* Checks whether the policy provided is valid */
46static int is_keyref_valid(const char *keyref)
47{
48 char *period = 0;
49 size_t key_location_len = 0;
50
51 /* Key ref must have a key and location delimiter character. */
52 period = strchr(keyref, EXT4_KEYREF_DELIMITER);
53 if (!period) {
54 return 0;
55 }
56
57 /* period must be >= keyref. */
58 key_location_len = period - keyref;
59
60 if (strncmp(keyref, "@t", key_location_len) == 0 ||
61 strncmp(keyref, "@p", key_location_len) == 0 ||
62 strncmp(keyref, "@s", key_location_len) == 0 ||
63 strncmp(keyref, "@u", key_location_len) == 0 ||
64 strncmp(keyref, "@g", key_location_len) == 0 ||
65 strncmp(keyref, "@us", key_location_len) == 0)
66 return 1;
67
68 return 0;
69}
70
71static int is_dir_empty(const char *dirname)
72{
73 int n = 0;
74 struct dirent *d;
75 DIR *dir;
76
77 dir = opendir(dirname);
78 while ((d = readdir(dir)) != NULL) {
79 if (strcmp(d->d_name, "lost+found") == 0) {
80 // Skip lost+found directory
81 } else if (++n > 2) {
82 break;
83 }
84 }
85 closedir(dir);
86 return n <= 2;
87}
88
89int do_policy_set(const char *directory, const char *policy)
90{
91 struct stat st;
92 ssize_t ret;
93
94 if (!is_keyref_valid(policy)) {
95 KLOG_ERROR(TAG, "Policy has invalid format.\n");
96 return -EINVAL;
97 }
98
99 if (!is_path_valid(directory)) {
100 return -EINVAL;
101 }
102
103 stat(directory, &st);
104 if (!S_ISDIR(st.st_mode)) {
105 KLOG_ERROR(TAG, "Can only set policy on a directory (%s)\n", directory);
106 return -EINVAL;
107 }
108
109 if (!is_dir_empty(directory)) {
110 KLOG_ERROR(TAG, "Can only set policy on an empty directory (%s)\n",
111 directory);
112 return -EINVAL;
113 }
114
115 ret = lsetxattr(directory, XATTR_NAME_ENCRYPTION_POLICY, policy,
116 strlen(policy), 0);
117
118 if (ret) {
119 KLOG_ERROR(TAG, "Failed to set encryption policy for %s: %s\n",
120 directory, strerror(errno));
121 return -EINVAL;
122 }
123
124 KLOG_INFO(TAG, "Encryption policy for %s is set to %s\n", directory, policy);
125 return 0;
Paul Lawrence61980262015-03-16 15:35:55 -0700[diff] [blame]126}
Paul Lawrence92da49d2015-02-25 15:11:13 -0800[diff] [blame]127
128bool e4crypt_non_default_key(const char* dir)
129{
Paul Lawrencebc2eb8c2015-04-28 22:13:04 +0000[diff] [blame^]130 UnencryptedProperties props(dir);
131 return props.Get<int>(properties::is_default, 1) != 1;
Paul Lawrence92da49d2015-02-25 15:11:13 -0800[diff] [blame]132}