Gitiles
Code Review Sign In
gerrit-public.fairphone.software / platform / system / vold / d322c2a23b8b0ab5149f09a7cdfad87bbff7627d / . / secdiscard.cpp
blob: 921599331fc39eef0636a0f6523ee3e1967b64ec [file] [log] [blame]
Paul Crowley53af81c2015-05-19 17:31:39 +0100[diff] [blame]1/*
2 * Copyright (C) 2015 The Android Open Source Project
3 *
4 * Licensed under the Apache License, Version 2.0 (the "License");
5 * you may not use this file except in compliance with the License.
6 * You may obtain a copy of the License at
7 *
8 * http://www.apache.org/licenses/LICENSE-2.0
9 *
10 * Unless required by applicable law or agreed to in writing, software
11 * distributed under the License is distributed on an "AS IS" BASIS,
12 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13 * See the License for the specific language governing permissions and
14 * limitations under the License.
15 */
16
17#include <string>
Paul Crowley5ab73e92015-07-03 16:17:23 +0100[diff] [blame]18#include <vector>
Paul Crowley53af81c2015-05-19 17:31:39 +0100[diff] [blame]19
20#include <stdio.h>
21#include <stdlib.h>
Paul Crowley53af81c2015-05-19 17:31:39 +0100[diff] [blame]22#include <errno.h>
23#include <sys/types.h>
24#include <sys/stat.h>
25#include <fcntl.h>
26#include <linux/fs.h>
27#include <linux/fiemap.h>
Paul Crowley4432e732015-07-01 13:33:47 +0100[diff] [blame]28#include <mntent.h>
Paul Crowley53af81c2015-05-19 17:31:39 +0100[diff] [blame]29
30#define LOG_TAG "secdiscard"
31#include "cutils/log.h"
32
Paul Crowley4432e732015-07-01 13:33:47 +0100[diff] [blame]33#include <AutoCloseFD.h>
34
35namespace {
Paul Crowley5ab73e92015-07-03 16:17:23 +0100[diff] [blame]36
37struct Options {
38 std::vector<std::string> targets;
39 bool unlink{true};
40};
41
Paul Crowley53af81c2015-05-19 17:31:39 +0100[diff] [blame]42// Deliberately limit ourselves to wiping small files.
Paul Crowley4432e732015-07-01 13:33:47 +0100[diff] [blame]43constexpr uint64_t max_wipe_length = 4096;
Paul Crowley53af81c2015-05-19 17:31:39 +0100[diff] [blame]44
Paul Crowley5ab73e92015-07-03 16:17:23 +0100[diff] [blame]45bool read_command_line(int argc, const char * const argv[], Options &options);
Paul Crowley4432e732015-07-01 13:33:47 +0100[diff] [blame]46void usage(const char *progname);
47int secdiscard_path(const std::string &path);
48int path_device_range(const std::string &path, uint64_t range[2]);
49std::string block_device_for_path(const std::string &path);
Paul Crowley5ab73e92015-07-03 16:17:23 +0100[diff] [blame]50
Paul Crowley4432e732015-07-01 13:33:47 +0100[diff] [blame]51}
Paul Crowley53af81c2015-05-19 17:31:39 +0100[diff] [blame]52
Paul Crowley4432e732015-07-01 13:33:47 +0100[diff] [blame]53int main(int argc, const char * const argv[]) {
Paul Crowley5ab73e92015-07-03 16:17:23 +0100[diff] [blame]54 Options options;
55 if (!read_command_line(argc, argv, options)) {
Paul Crowley53af81c2015-05-19 17:31:39 +0100[diff] [blame]56 usage(argv[0]);
57 return -1;
58 }
Paul Crowley5ab73e92015-07-03 16:17:23 +0100[diff] [blame]59 for (auto target: options.targets) {
60 SLOGD("Securely discarding '%s' unlink=%d", target.c_str(), options.unlink);
61 secdiscard_path(target);
62 if (options.unlink) {
63 if (unlink(target.c_str()) != 0 && errno != ENOENT) {
64 SLOGE("Unable to unlink %s: %s",
65 target.c_str(), strerror(errno));
66 }
67 }
68 SLOGD("Discarded %s", target.c_str());
Paul Crowley53af81c2015-05-19 17:31:39 +0100[diff] [blame]69 }
70 return 0;
71}
72
Paul Crowley4432e732015-07-01 13:33:47 +0100[diff] [blame]73namespace {
74
Paul Crowley5ab73e92015-07-03 16:17:23 +0100[diff] [blame]75bool read_command_line(int argc, const char * const argv[], Options &options) {
76 for (int i = 1; i < argc; i++) {
77 if (!strcmp("--no-unlink", argv[i])) {
78 options.unlink = false;
79 } else if (!strcmp("--", argv[i])) {
80 for (int j = i+1; j < argc; j++) {
81 if (argv[j][0] != '/') return false; // Must be absolute path
82 options.targets.emplace_back(argv[j]);
83 }
84 return options.targets.size() > 0;
85 } else {
86 return false; // Unknown option
87 }
88 }
89 return false; // "--" not found
90}
91
Paul Crowley4432e732015-07-01 13:33:47 +0100[diff] [blame]92void usage(const char *progname) {
Paul Crowley5ab73e92015-07-03 16:17:23 +0100[diff] [blame]93 fprintf(stderr, "Usage: %s [--no-unlink] -- <absolute path> ...\n", progname);
Paul Crowley53af81c2015-05-19 17:31:39 +0100[diff] [blame]94}
95
96// BLKSECDISCARD all content in "path", if it's small enough.
Paul Crowley4432e732015-07-01 13:33:47 +0100[diff] [blame]97int secdiscard_path(const std::string &path) {
Paul Crowley53af81c2015-05-19 17:31:39 +0100[diff] [blame]98 uint64_t range[2];
Paul Crowley4432e732015-07-01 13:33:47 +0100[diff] [blame]99 if (path_device_range(path, range) == -1) {
100 return -1;
Paul Crowley53af81c2015-05-19 17:31:39 +0100[diff] [blame]101 }
Paul Crowley4432e732015-07-01 13:33:47 +0100[diff] [blame]102 auto block_device = block_device_for_path(path);
103 if (block_device.empty()) {
104 return -1;
Paul Crowley53af81c2015-05-19 17:31:39 +0100[diff] [blame]105 }
Paul Crowley4432e732015-07-01 13:33:47 +0100[diff] [blame]106 AutoCloseFD fs_fd(block_device, O_RDWR | O_LARGEFILE);
107 if (!fs_fd) {
108 SLOGE("Failed to open device %s: %s", block_device.c_str(), strerror(errno));
109 return -1;
110 }
111 if (ioctl(fs_fd.get(), BLKSECDISCARD, range) == -1) {
Paul Crowley53af81c2015-05-19 17:31:39 +0100[diff] [blame]112 SLOGE("Unable to BLKSECDISCARD %s: %s", path.c_str(), strerror(errno));
Paul Crowley4432e732015-07-01 13:33:47 +0100[diff] [blame]113 return -1;
Paul Crowley53af81c2015-05-19 17:31:39 +0100[diff] [blame]114 }
Paul Crowley4432e732015-07-01 13:33:47 +0100[diff] [blame]115 return 0;
Paul Crowley53af81c2015-05-19 17:31:39 +0100[diff] [blame]116}
117
118// Find a short range that completely covers the file.
119// If there isn't one, return -1, otherwise 0.
Paul Crowley4432e732015-07-01 13:33:47 +0100[diff] [blame]120int path_device_range(const std::string &path, uint64_t range[2])
Paul Crowley53af81c2015-05-19 17:31:39 +0100[diff] [blame]121{
Paul Crowley4432e732015-07-01 13:33:47 +0100[diff] [blame]122 AutoCloseFD fd(path);
123 if (!fd) {
Paul Crowley53af81c2015-05-19 17:31:39 +0100[diff] [blame]124 if (errno == ENOENT) {
125 SLOGD("Unable to open %s: %s", path.c_str(), strerror(errno));
126 } else {
127 SLOGE("Unable to open %s: %s", path.c_str(), strerror(errno));
128 }
129 return -1;
130 }
131 alignas(struct fiemap) char fiemap_buffer[offsetof(struct fiemap, fm_extents[1])];
132 memset(fiemap_buffer, 0, sizeof(fiemap_buffer));
133 struct fiemap *fiemap = (struct fiemap *)fiemap_buffer;
134 fiemap->fm_start = 0;
135 fiemap->fm_length = UINT64_MAX;
136 fiemap->fm_flags = 0;
137 fiemap->fm_extent_count = 1;
138 fiemap->fm_mapped_extents = 0;
Paul Crowley4432e732015-07-01 13:33:47 +0100[diff] [blame]139 if (ioctl(fd.get(), FS_IOC_FIEMAP, fiemap) != 0) {
Paul Crowley53af81c2015-05-19 17:31:39 +0100[diff] [blame]140 SLOGE("Unable to FIEMAP %s: %s", path.c_str(), strerror(errno));
Paul Crowley53af81c2015-05-19 17:31:39 +0100[diff] [blame]141 return -1;
142 }
Paul Crowley53af81c2015-05-19 17:31:39 +0100[diff] [blame]143 if (fiemap->fm_mapped_extents != 1) {
144 SLOGE("Expecting one extent, got %d in %s", fiemap->fm_mapped_extents, path.c_str());
145 return -1;
146 }
147 struct fiemap_extent *extent = &fiemap->fm_extents[0];
148 if (!(extent->fe_flags & FIEMAP_EXTENT_LAST)) {
149 SLOGE("First extent was not the last in %s", path.c_str());
150 return -1;
151 }
152 if (extent->fe_flags &
153 (FIEMAP_EXTENT_UNKNOWN | FIEMAP_EXTENT_DELALLOC | FIEMAP_EXTENT_NOT_ALIGNED)) {
154 SLOGE("Extent has unexpected flags %ulx: %s", extent->fe_flags, path.c_str());
155 return -1;
156 }
Paul Crowley4432e732015-07-01 13:33:47 +0100[diff] [blame]157 if (extent->fe_length > max_wipe_length) {
Paul Crowley53af81c2015-05-19 17:31:39 +0100[diff] [blame]158 SLOGE("Extent too big, %llu bytes in %s", extent->fe_length, path.c_str());
159 return -1;
160 }
161 range[0] = extent->fe_physical;
162 range[1] = extent->fe_length;
163 return 0;
164}
165
Paul Crowley4432e732015-07-01 13:33:47 +0100[diff] [blame]166// Given a file path, look for the corresponding block device in /proc/mount
167std::string block_device_for_path(const std::string &path)
Paul Crowley53af81c2015-05-19 17:31:39 +0100[diff] [blame]168{
Paul Crowley4432e732015-07-01 13:33:47 +0100[diff] [blame]169 std::unique_ptr<FILE, int(*)(FILE*)> mnts(setmntent("/proc/mounts", "re"), endmntent);
170 if (!mnts) {
171 SLOGE("Unable to open /proc/mounts: %s", strerror(errno));
172 return "";
Paul Crowley53af81c2015-05-19 17:31:39 +0100[diff] [blame]173 }
Paul Crowley4432e732015-07-01 13:33:47 +0100[diff] [blame]174 std::string result;
175 size_t best_length = 0;
176 struct mntent *mnt; // getmntent returns a thread local, so it's safe.
177 while ((mnt = getmntent(mnts.get())) != nullptr) {
178 auto l = strlen(mnt->mnt_dir);
179 if (l > best_length &&
180 path.size() > l &&
181 path[l] == '/' &&
182 path.compare(0, l, mnt->mnt_dir) == 0) {
183 result = mnt->mnt_fsname;
184 best_length = l;
185 }
Paul Crowley53af81c2015-05-19 17:31:39 +0100[diff] [blame]186 }
Paul Crowley4432e732015-07-01 13:33:47 +0100[diff] [blame]187 if (result.empty()) {
188 SLOGE("Didn't find a mountpoint to match path %s", path.c_str());
189 return "";
Paul Crowley53af81c2015-05-19 17:31:39 +0100[diff] [blame]190 }
Paul Crowley4432e732015-07-01 13:33:47 +0100[diff] [blame]191 SLOGD("For path %s block device is %s", path.c_str(), result.c_str());
192 return result;
Paul Crowley53af81c2015-05-19 17:31:39 +0100[diff] [blame]193}
194
Paul Crowley53af81c2015-05-19 17:31:39 +0100[diff] [blame]195}