Gitiles
Code Review Sign In
gerrit-public.fairphone.software / platform / frameworks / base / 142c0178cc0688b7038b401124b68c0b966c993f / . / services / core / jni / com_android_server_security_VerityUtils.cpp
blob: 0d888dc4171974ec74184f01895b4e43d54f668b [file] [log] [blame]
Victor Hsieh38c55032018-09-26 12:44:53 -0700[diff] [blame]1/*
2 * Copyright (C) 2018 The Android Open Source Project
3 *
4 * Licensed under the Apache License, Version 2.0 (the "License");
5 * you may not use this file except in compliance with the License.
6 * You may obtain a copy of the License at
7 *
8 * http://www.apache.org/licenses/LICENSE-2.0
9 *
10 * Unless required by applicable law or agreed to in writing, software
11 * distributed under the License is distributed on an "AS IS" BASIS,
12 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13 * See the License for the specific language governing permissions and
14 * limitations under the License.
15 */
16
17#define LOG_TAG "VerityUtils"
18
19#include <nativehelper/JNIHelp.h>
20#include "jni.h"
21#include <utils/Log.h>
22
Victor Hsiehfcff8dd2018-12-14 15:59:03 -0800[diff] [blame]23#include <errno.h>
24#include <fcntl.h>
Victor Hsieh38c55032018-09-26 12:44:53 -0700[diff] [blame]25#include <string.h>
Victor Hsiehfcff8dd2018-12-14 15:59:03 -0800[diff] [blame]26#include <sys/ioctl.h>
27#include <sys/stat.h>
28#include <sys/types.h>
29
30#include <android-base/unique_fd.h>
Victor Hsieh38c55032018-09-26 12:44:53 -0700[diff] [blame]31
Victor Hsieh142c0172019-01-25 12:40:46 -0800[diff] [blame^]32// TODO(112037636): Always include once fsverity.h is upstreamed.
33#if __has_include(<linux/fsverity.h>)
Victor Hsieh38c55032018-09-26 12:44:53 -0700[diff] [blame]34#include <linux/fsverity.h>
Victor Hsiehfcff8dd2018-12-14 15:59:03 -0800[diff] [blame]35const int kSha256Bytes = 32;
Victor Hsieh38c55032018-09-26 12:44:53 -0700[diff] [blame]36#endif
37
38namespace android {
39
40namespace {
41
42class JavaByteArrayHolder {
43 public:
44 static JavaByteArrayHolder* newArray(JNIEnv* env, jsize size) {
45 return new JavaByteArrayHolder(env, size);
46 }
47
48 jbyte* getRaw() {
49 return mElements;
50 }
51
52 jbyteArray release() {
53 mEnv->ReleaseByteArrayElements(mBytes, mElements, 0);
54 mElements = nullptr;
55 return mBytes;
56 }
57
58 private:
59 JavaByteArrayHolder(JNIEnv* env, jsize size) {
60 mEnv = env;
61 mBytes = mEnv->NewByteArray(size);
62 mElements = mEnv->GetByteArrayElements(mBytes, nullptr);
63 memset(mElements, 0, size);
64 }
65
66 virtual ~JavaByteArrayHolder() {
67 LOG_ALWAYS_FATAL_IF(mElements == nullptr, "Elements are not released");
68 }
69
70 JNIEnv* mEnv;
71 jbyteArray mBytes;
72 jbyte* mElements;
73};
74
Victor Hsiehaa6cb132018-11-08 11:16:21 -0800[diff] [blame]75int enableFsverity(JNIEnv* env, jobject /* clazz */, jstring filePath) {
Victor Hsieh142c0172019-01-25 12:40:46 -0800[diff] [blame^]76#if __has_include(<linux/fsverity.h>)
Victor Hsiehaa6cb132018-11-08 11:16:21 -0800[diff] [blame]77 const char* path = env->GetStringUTFChars(filePath, nullptr);
78 ::android::base::unique_fd rfd(open(path, O_RDONLY | O_CLOEXEC));
79 if (rfd.get() < 0) {
80 return errno;
81 }
82 if (ioctl(rfd.get(), FS_IOC_ENABLE_VERITY, nullptr) < 0) {
83 return errno;
84 }
85 return 0;
86#else
87 LOG_ALWAYS_FATAL("fs-verity is used while not enabled");
88 return ENOSYS;
Victor Hsieh142c0172019-01-25 12:40:46 -0800[diff] [blame^]89#endif
Victor Hsiehaa6cb132018-11-08 11:16:21 -0800[diff] [blame]90}
91
Victor Hsiehfcff8dd2018-12-14 15:59:03 -0800[diff] [blame]92int measureFsverity(JNIEnv* env, jobject /* clazz */, jstring filePath) {
Victor Hsieh142c0172019-01-25 12:40:46 -0800[diff] [blame^]93#if __has_include(<linux/fsverity.h>)
Victor Hsiehfcff8dd2018-12-14 15:59:03 -0800[diff] [blame]94 auto raii = JavaByteArrayHolder::newArray(env, sizeof(fsverity_digest) + kSha256Bytes);
95 fsverity_digest* data = reinterpret_cast<fsverity_digest*>(raii->getRaw());
96 data->digest_size = kSha256Bytes; // the only input/output parameter
97
98 const char* path = env->GetStringUTFChars(filePath, nullptr);
Victor Hsiehaa6cb132018-11-08 11:16:21 -0800[diff] [blame]99 ::android::base::unique_fd rfd(open(path, O_RDONLY | O_CLOEXEC));
100 if (rfd.get() < 0) {
101 return errno;
102 }
Victor Hsiehfcff8dd2018-12-14 15:59:03 -0800[diff] [blame]103 if (ioctl(rfd.get(), FS_IOC_MEASURE_VERITY, data) < 0) {
104 return errno;
105 }
106 return 0;
107#else
108 LOG_ALWAYS_FATAL("fs-verity is used while not enabled");
Victor Hsiehaa6cb132018-11-08 11:16:21 -0800[diff] [blame]109 return ENOSYS;
Victor Hsieh142c0172019-01-25 12:40:46 -0800[diff] [blame^]110#endif
Victor Hsiehfcff8dd2018-12-14 15:59:03 -0800[diff] [blame]111}
112
Victor Hsieheef29312018-10-29 16:25:34 -0700[diff] [blame]113jbyteArray constructFsveritySignedData(JNIEnv* env, jobject /* clazz */, jbyteArray digest) {
Victor Hsieh142c0172019-01-25 12:40:46 -0800[diff] [blame^]114#if __has_include(<linux/fsverity.h>)
Victor Hsieheef29312018-10-29 16:25:34 -0700[diff] [blame]115 auto raii = JavaByteArrayHolder::newArray(env, sizeof(fsverity_digest_disk) + kSha256Bytes);
116 fsverity_digest_disk* data = reinterpret_cast<fsverity_digest_disk*>(raii->getRaw());
117
118 data->digest_algorithm = FS_VERITY_ALG_SHA256;
119 data->digest_size = kSha256Bytes;
120 if (env->GetArrayLength(digest) != kSha256Bytes) {
121 jniThrowExceptionFmt(env, "java/lang/IllegalArgumentException", "Invalid hash size of %d",
122 env->GetArrayLength(digest));
123 return 0;
124 }
125 const jbyte* src = env->GetByteArrayElements(digest, nullptr);
126 memcpy(data->digest, src, kSha256Bytes);
127
128 return raii->release();
129#else
130 LOG_ALWAYS_FATAL("fs-verity is used while not enabled");
131 return 0;
Victor Hsieh142c0172019-01-25 12:40:46 -0800[diff] [blame^]132#endif
Victor Hsieheef29312018-10-29 16:25:34 -0700[diff] [blame]133}
134
135
Victor Hsieh38c55032018-09-26 12:44:53 -0700[diff] [blame]136jbyteArray constructFsverityDescriptor(JNIEnv* env, jobject /* clazz */, jlong fileSize) {
Victor Hsieh142c0172019-01-25 12:40:46 -0800[diff] [blame^]137#if __has_include(<linux/fsverity.h>)
Victor Hsieh38c55032018-09-26 12:44:53 -0700[diff] [blame]138 auto raii = JavaByteArrayHolder::newArray(env, sizeof(fsverity_descriptor));
139 fsverity_descriptor* desc = reinterpret_cast<fsverity_descriptor*>(raii->getRaw());
140
141 memcpy(desc->magic, FS_VERITY_MAGIC, sizeof(desc->magic));
142 desc->major_version = 1;
143 desc->minor_version = 0;
144 desc->log_data_blocksize = 12;
145 desc->log_tree_blocksize = 12;
146 desc->data_algorithm = FS_VERITY_ALG_SHA256;
147 desc->tree_algorithm = FS_VERITY_ALG_SHA256;
148 desc->flags = 0;
149 desc->orig_file_size = fileSize;
150 desc->auth_ext_count = 1;
151
152 return raii->release();
153#else
154 LOG_ALWAYS_FATAL("fs-verity is used while not enabled");
155 return 0;
Victor Hsieh142c0172019-01-25 12:40:46 -0800[diff] [blame^]156#endif
Victor Hsieh38c55032018-09-26 12:44:53 -0700[diff] [blame]157}
158
159jbyteArray constructFsverityExtension(JNIEnv* env, jobject /* clazz */, jshort extensionId,
160 jint extensionDataSize) {
Victor Hsieh142c0172019-01-25 12:40:46 -0800[diff] [blame^]161#if __has_include(<linux/fsverity.h>)
Victor Hsieh38c55032018-09-26 12:44:53 -0700[diff] [blame]162 auto raii = JavaByteArrayHolder::newArray(env, sizeof(fsverity_extension));
163 fsverity_extension* ext = reinterpret_cast<fsverity_extension*>(raii->getRaw());
164
165 ext->length = sizeof(fsverity_extension) + extensionDataSize;
166 ext->type = extensionId;
167
168 return raii->release();
169#else
170 LOG_ALWAYS_FATAL("fs-verity is used while not enabled");
171 return 0;
Victor Hsieh142c0172019-01-25 12:40:46 -0800[diff] [blame^]172#endif
Victor Hsieh38c55032018-09-26 12:44:53 -0700[diff] [blame]173}
174
175jbyteArray constructFsverityFooter(JNIEnv* env, jobject /* clazz */,
176 jint offsetToDescriptorHead) {
Victor Hsieh142c0172019-01-25 12:40:46 -0800[diff] [blame^]177#if __has_include(<linux/fsverity.h>)
Victor Hsieh38c55032018-09-26 12:44:53 -0700[diff] [blame]178 auto raii = JavaByteArrayHolder::newArray(env, sizeof(fsverity_footer));
179 fsverity_footer* footer = reinterpret_cast<fsverity_footer*>(raii->getRaw());
180
181 footer->desc_reverse_offset = offsetToDescriptorHead + sizeof(fsverity_footer);
182 memcpy(footer->magic, FS_VERITY_MAGIC, sizeof(footer->magic));
183
184 return raii->release();
185#else
186 LOG_ALWAYS_FATAL("fs-verity is used while not enabled");
187 return 0;
Victor Hsieh142c0172019-01-25 12:40:46 -0800[diff] [blame^]188#endif
Victor Hsieh38c55032018-09-26 12:44:53 -0700[diff] [blame]189}
190
191const JNINativeMethod sMethods[] = {
Victor Hsiehaa6cb132018-11-08 11:16:21 -0800[diff] [blame]192 { "enableFsverityNative", "(Ljava/lang/String;)I", (void *)enableFsverity },
Victor Hsiehfcff8dd2018-12-14 15:59:03 -0800[diff] [blame]193 { "measureFsverityNative", "(Ljava/lang/String;)I", (void *)measureFsverity },
Victor Hsieheef29312018-10-29 16:25:34 -0700[diff] [blame]194 { "constructFsveritySignedDataNative", "([B)[B", (void *)constructFsveritySignedData },
Victor Hsieh38c55032018-09-26 12:44:53 -0700[diff] [blame]195 { "constructFsverityDescriptorNative", "(J)[B", (void *)constructFsverityDescriptor },
196 { "constructFsverityExtensionNative", "(SI)[B", (void *)constructFsverityExtension },
197 { "constructFsverityFooterNative", "(I)[B", (void *)constructFsverityFooter },
198};
199
200} // namespace
201
202int register_android_server_security_VerityUtils(JNIEnv* env) {
203 return jniRegisterNativeMethods(env,
204 "com/android/server/security/VerityUtils", sMethods, NELEM(sMethods));
205}
206
207} // namespace android