Paul Lawrence | bc2eb8c | 2015-04-28 22:13:04 +0000 | [diff] [blame^] | 1 | /* |
| 2 | * Copyright (c) 2015 Google, Inc. |
| 3 | */ |
| 4 | |
Elliott Hughes | ee29686 | 2015-03-28 10:39:46 -0700 | [diff] [blame] | 5 | #define TAG "ext4_utils" |
| 6 | |
Paul Lawrence | bc2eb8c | 2015-04-28 22:13:04 +0000 | [diff] [blame^] | 7 | #include "ext4_crypt_init_extensions.h" |
Paul Lawrence | 92da49d | 2015-02-25 15:11:13 -0800 | [diff] [blame] | 8 | |
Paul Lawrence | bc2eb8c | 2015-04-28 22:13:04 +0000 | [diff] [blame^] | 9 | #include <dirent.h> |
Paul Lawrence | 92da49d | 2015-02-25 15:11:13 -0800 | [diff] [blame] | 10 | #include <errno.h> |
Paul Lawrence | bc2eb8c | 2015-04-28 22:13:04 +0000 | [diff] [blame^] | 11 | #include <string.h> |
| 12 | #include <unistd.h> |
| 13 | |
| 14 | #include <sys/xattr.h> |
| 15 | #include <sys/syscall.h> |
| 16 | #include <sys/stat.h> |
Paul Lawrence | 92da49d | 2015-02-25 15:11:13 -0800 | [diff] [blame] | 17 | |
Elliott Hughes | ee29686 | 2015-03-28 10:39:46 -0700 | [diff] [blame] | 18 | #include <cutils/klog.h> |
Paul Lawrence | 92da49d | 2015-02-25 15:11:13 -0800 | [diff] [blame] | 19 | |
Paul Lawrence | 6198026 | 2015-03-16 15:35:55 -0700 | [diff] [blame] | 20 | #include "unencrypted_properties.h" |
Paul Lawrence | 92da49d | 2015-02-25 15:11:13 -0800 | [diff] [blame] | 21 | |
Paul Lawrence | bc2eb8c | 2015-04-28 22:13:04 +0000 | [diff] [blame^] | 22 | #define XATTR_NAME_ENCRYPTION_POLICY "encryption.policy" |
| 23 | #define EXT4_KEYREF_DELIMITER ((char)'.') |
| 24 | |
| 25 | // ext4enc:TODO Include structure from somewhere sensible |
| 26 | // MUST be in sync with ext4_crypto.c in kernel |
| 27 | #define EXT4_MAX_KEY_SIZE 76 |
| 28 | struct ext4_encryption_key { |
| 29 | uint32_t mode; |
| 30 | char raw[EXT4_MAX_KEY_SIZE]; |
| 31 | uint32_t size; |
| 32 | }; |
| 33 | |
| 34 | /* Validate that all path items are available and accessible. */ |
| 35 | static int is_path_valid(const char *path) |
| 36 | { |
| 37 | if (access(path, W_OK)) { |
| 38 | KLOG_ERROR(TAG, "Can't access %s: %s\n",strerror(errno), path); |
| 39 | return 0; |
| 40 | } |
| 41 | |
| 42 | return 1; |
| 43 | } |
| 44 | |
| 45 | /* Checks whether the policy provided is valid */ |
| 46 | static int is_keyref_valid(const char *keyref) |
| 47 | { |
| 48 | char *period = 0; |
| 49 | size_t key_location_len = 0; |
| 50 | |
| 51 | /* Key ref must have a key and location delimiter character. */ |
| 52 | period = strchr(keyref, EXT4_KEYREF_DELIMITER); |
| 53 | if (!period) { |
| 54 | return 0; |
| 55 | } |
| 56 | |
| 57 | /* period must be >= keyref. */ |
| 58 | key_location_len = period - keyref; |
| 59 | |
| 60 | if (strncmp(keyref, "@t", key_location_len) == 0 || |
| 61 | strncmp(keyref, "@p", key_location_len) == 0 || |
| 62 | strncmp(keyref, "@s", key_location_len) == 0 || |
| 63 | strncmp(keyref, "@u", key_location_len) == 0 || |
| 64 | strncmp(keyref, "@g", key_location_len) == 0 || |
| 65 | strncmp(keyref, "@us", key_location_len) == 0) |
| 66 | return 1; |
| 67 | |
| 68 | return 0; |
| 69 | } |
| 70 | |
| 71 | static int is_dir_empty(const char *dirname) |
| 72 | { |
| 73 | int n = 0; |
| 74 | struct dirent *d; |
| 75 | DIR *dir; |
| 76 | |
| 77 | dir = opendir(dirname); |
| 78 | while ((d = readdir(dir)) != NULL) { |
| 79 | if (strcmp(d->d_name, "lost+found") == 0) { |
| 80 | // Skip lost+found directory |
| 81 | } else if (++n > 2) { |
| 82 | break; |
| 83 | } |
| 84 | } |
| 85 | closedir(dir); |
| 86 | return n <= 2; |
| 87 | } |
| 88 | |
| 89 | int do_policy_set(const char *directory, const char *policy) |
| 90 | { |
| 91 | struct stat st; |
| 92 | ssize_t ret; |
| 93 | |
| 94 | if (!is_keyref_valid(policy)) { |
| 95 | KLOG_ERROR(TAG, "Policy has invalid format.\n"); |
| 96 | return -EINVAL; |
| 97 | } |
| 98 | |
| 99 | if (!is_path_valid(directory)) { |
| 100 | return -EINVAL; |
| 101 | } |
| 102 | |
| 103 | stat(directory, &st); |
| 104 | if (!S_ISDIR(st.st_mode)) { |
| 105 | KLOG_ERROR(TAG, "Can only set policy on a directory (%s)\n", directory); |
| 106 | return -EINVAL; |
| 107 | } |
| 108 | |
| 109 | if (!is_dir_empty(directory)) { |
| 110 | KLOG_ERROR(TAG, "Can only set policy on an empty directory (%s)\n", |
| 111 | directory); |
| 112 | return -EINVAL; |
| 113 | } |
| 114 | |
| 115 | ret = lsetxattr(directory, XATTR_NAME_ENCRYPTION_POLICY, policy, |
| 116 | strlen(policy), 0); |
| 117 | |
| 118 | if (ret) { |
| 119 | KLOG_ERROR(TAG, "Failed to set encryption policy for %s: %s\n", |
| 120 | directory, strerror(errno)); |
| 121 | return -EINVAL; |
| 122 | } |
| 123 | |
| 124 | KLOG_INFO(TAG, "Encryption policy for %s is set to %s\n", directory, policy); |
| 125 | return 0; |
Paul Lawrence | 6198026 | 2015-03-16 15:35:55 -0700 | [diff] [blame] | 126 | } |
Paul Lawrence | 92da49d | 2015-02-25 15:11:13 -0800 | [diff] [blame] | 127 | |
| 128 | bool e4crypt_non_default_key(const char* dir) |
| 129 | { |
Paul Lawrence | bc2eb8c | 2015-04-28 22:13:04 +0000 | [diff] [blame^] | 130 | UnencryptedProperties props(dir); |
| 131 | return props.Get<int>(properties::is_default, 1) != 1; |
Paul Lawrence | 92da49d | 2015-02-25 15:11:13 -0800 | [diff] [blame] | 132 | } |