1 /*
2 * Copyright (C) 2017 The Android Open Source Project
3 *
4 * Licensed under the Apache License, Version 2.0 (the "License");
5 * you may not use this file except in compliance with the License.
6 * You may obtain a copy of the License at
7 *
8 * http://www.apache.org/licenses/LICENSE-2.0
9 *
10 * Unless required by applicable law or agreed to in writing, software
11 * distributed under the License is distributed on an "AS IS" BASIS,
12 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13 * See the License for the specific language governing permissions and
14 * limitations under the License.
15 */
16
17 #define ATRACE_TAG ATRACE_TAG_PACKAGE_MANAGER
18
19 #include "VoldNativeService.h"
20
21 #include <android-base/logging.h>
22 #include <android-base/stringprintf.h>
23 #include <android-base/strings.h>
24 #include <fs_mgr.h>
25 #include <fscrypt/fscrypt.h>
26 #include <private/android_filesystem_config.h>
27 #include <utils/Trace.h>
28
29 #include <sys/vfs.h>
30 #include <fstream>
31 #include <thread>
32
33 #include "Benchmark.h"
34 #include "Checkpoint.h"
35 #include "FsCrypt.h"
36 #include "IdleMaint.h"
37 #include "KeyStorage.h"
38 #include "Keymaster.h"
39 #include "MetadataCrypt.h"
40 #include "MoveStorage.h"
41 #include "Process.h"
42 #include "VoldNativeServiceValidation.h"
43 #include "VoldUtil.h"
44 #include "VolumeManager.h"
45 #include "cryptfs.h"
46 #include "incfs.h"
47
48 using android::base::StringPrintf;
49 using std::endl;
50 using namespace std::literals;
51
52 namespace android {
53 namespace vold {
54
55 namespace {
56
57 constexpr const char* kDump = "android.permission.DUMP";
58 constexpr auto kIncFsReadNoTimeoutMs = 100;
59
error(const std::string & msg)60 static binder::Status error(const std::string& msg) {
61 PLOG(ERROR) << msg;
62 return binder::Status::fromServiceSpecificError(errno, String8(msg.c_str()));
63 }
64
translate(int status)65 static binder::Status translate(int status) {
66 if (status == 0) {
67 return binder::Status::ok();
68 } else {
69 return binder::Status::fromServiceSpecificError(status);
70 }
71 }
72
translateBool(bool status)73 static binder::Status translateBool(bool status) {
74 if (status) {
75 return binder::Status::ok();
76 } else {
77 return binder::Status::fromServiceSpecificError(status);
78 }
79 }
80
81 #define ENFORCE_SYSTEM_OR_ROOT \
82 { \
83 binder::Status status = CheckUidOrRoot(AID_SYSTEM); \
84 if (!status.isOk()) { \
85 return status; \
86 } \
87 }
88
89 #define CHECK_ARGUMENT_ID(id) \
90 { \
91 binder::Status status = CheckArgumentId((id)); \
92 if (!status.isOk()) { \
93 return status; \
94 } \
95 }
96
97 #define CHECK_ARGUMENT_PATH(path) \
98 { \
99 binder::Status status = CheckArgumentPath((path)); \
100 if (!status.isOk()) { \
101 return status; \
102 } \
103 }
104
105 #define CHECK_ARGUMENT_HEX(hex) \
106 { \
107 binder::Status status = CheckArgumentHex((hex)); \
108 if (!status.isOk()) { \
109 return status; \
110 } \
111 }
112
113 #define ACQUIRE_LOCK \
114 std::lock_guard<std::mutex> lock(VolumeManager::Instance()->getLock()); \
115 ATRACE_CALL();
116
117 #define ACQUIRE_CRYPT_LOCK \
118 std::lock_guard<std::mutex> lock(VolumeManager::Instance()->getCryptLock()); \
119 ATRACE_CALL();
120
121 } // namespace
122
start()123 status_t VoldNativeService::start() {
124 IPCThreadState::self()->disableBackgroundScheduling(true);
125 status_t ret = BinderService<VoldNativeService>::publish();
126 if (ret != android::OK) {
127 return ret;
128 }
129 sp<ProcessState> ps(ProcessState::self());
130 ps->startThreadPool();
131 ps->giveThreadPoolName();
132 return android::OK;
133 }
134
dump(int fd,const Vector<String16> &)135 status_t VoldNativeService::dump(int fd, const Vector<String16>& /* args */) {
136 auto out = std::fstream(StringPrintf("/proc/self/fd/%d", fd));
137 const binder::Status dump_permission = CheckPermission(kDump);
138 if (!dump_permission.isOk()) {
139 out << dump_permission.toString8() << endl;
140 return PERMISSION_DENIED;
141 }
142
143 ACQUIRE_LOCK;
144 out << "vold is happy!" << endl;
145 return NO_ERROR;
146 }
147
setListener(const android::sp<android::os::IVoldListener> & listener)148 binder::Status VoldNativeService::setListener(
149 const android::sp<android::os::IVoldListener>& listener) {
150 ENFORCE_SYSTEM_OR_ROOT;
151 ACQUIRE_LOCK;
152
153 VolumeManager::Instance()->setListener(listener);
154 return Ok();
155 }
156
monitor()157 binder::Status VoldNativeService::monitor() {
158 ENFORCE_SYSTEM_OR_ROOT;
159
160 // Simply acquire/release each lock for watchdog
161 { ACQUIRE_LOCK; }
162 { ACQUIRE_CRYPT_LOCK; }
163
164 return Ok();
165 }
166
reset()167 binder::Status VoldNativeService::reset() {
168 ENFORCE_SYSTEM_OR_ROOT;
169 ACQUIRE_LOCK;
170
171 return translate(VolumeManager::Instance()->reset());
172 }
173
shutdown()174 binder::Status VoldNativeService::shutdown() {
175 ENFORCE_SYSTEM_OR_ROOT;
176 ACQUIRE_LOCK;
177
178 return translate(VolumeManager::Instance()->shutdown());
179 }
180
abortFuse()181 binder::Status VoldNativeService::abortFuse() {
182 ENFORCE_SYSTEM_OR_ROOT;
183 // if acquire lock, maybe lead to a deadlock if lock is held by a
184 // thread that is blocked on a FUSE operation.
185 // abort fuse doesn't need to access any state, so do not acquire lock
186
187 return translate(VolumeManager::Instance()->abortFuse());
188 }
189
onUserAdded(int32_t userId,int32_t userSerial)190 binder::Status VoldNativeService::onUserAdded(int32_t userId, int32_t userSerial) {
191 ENFORCE_SYSTEM_OR_ROOT;
192 ACQUIRE_LOCK;
193
194 return translate(VolumeManager::Instance()->onUserAdded(userId, userSerial));
195 }
196
onUserRemoved(int32_t userId)197 binder::Status VoldNativeService::onUserRemoved(int32_t userId) {
198 ENFORCE_SYSTEM_OR_ROOT;
199 ACQUIRE_LOCK;
200
201 return translate(VolumeManager::Instance()->onUserRemoved(userId));
202 }
203
onUserStarted(int32_t userId)204 binder::Status VoldNativeService::onUserStarted(int32_t userId) {
205 ENFORCE_SYSTEM_OR_ROOT;
206 ACQUIRE_LOCK;
207
208 return translate(VolumeManager::Instance()->onUserStarted(userId));
209 }
210
onUserStopped(int32_t userId)211 binder::Status VoldNativeService::onUserStopped(int32_t userId) {
212 ENFORCE_SYSTEM_OR_ROOT;
213 ACQUIRE_LOCK;
214
215 return translate(VolumeManager::Instance()->onUserStopped(userId));
216 }
217
addAppIds(const std::vector<std::string> & packageNames,const std::vector<int32_t> & appIds)218 binder::Status VoldNativeService::addAppIds(const std::vector<std::string>& packageNames,
219 const std::vector<int32_t>& appIds) {
220 return Ok();
221 }
222
addSandboxIds(const std::vector<int32_t> & appIds,const std::vector<std::string> & sandboxIds)223 binder::Status VoldNativeService::addSandboxIds(const std::vector<int32_t>& appIds,
224 const std::vector<std::string>& sandboxIds) {
225 return Ok();
226 }
227
onSecureKeyguardStateChanged(bool isShowing)228 binder::Status VoldNativeService::onSecureKeyguardStateChanged(bool isShowing) {
229 ENFORCE_SYSTEM_OR_ROOT;
230 ACQUIRE_LOCK;
231
232 return translate(VolumeManager::Instance()->onSecureKeyguardStateChanged(isShowing));
233 }
234
partition(const std::string & diskId,int32_t partitionType,int32_t ratio)235 binder::Status VoldNativeService::partition(const std::string& diskId, int32_t partitionType,
236 int32_t ratio) {
237 ENFORCE_SYSTEM_OR_ROOT;
238 CHECK_ARGUMENT_ID(diskId);
239 ACQUIRE_LOCK;
240
241 auto disk = VolumeManager::Instance()->findDisk(diskId);
242 if (disk == nullptr) {
243 return error("Failed to find disk " + diskId);
244 }
245 switch (partitionType) {
246 case PARTITION_TYPE_PUBLIC:
247 return translate(disk->partitionPublic());
248 case PARTITION_TYPE_PRIVATE:
249 return translate(disk->partitionPrivate());
250 case PARTITION_TYPE_MIXED:
251 return translate(disk->partitionMixed(ratio));
252 default:
253 return error("Unknown type " + std::to_string(partitionType));
254 }
255 }
256
forgetPartition(const std::string & partGuid,const std::string & fsUuid)257 binder::Status VoldNativeService::forgetPartition(const std::string& partGuid,
258 const std::string& fsUuid) {
259 ENFORCE_SYSTEM_OR_ROOT;
260 CHECK_ARGUMENT_HEX(partGuid);
261 CHECK_ARGUMENT_HEX(fsUuid);
262 ACQUIRE_LOCK;
263
264 return translate(VolumeManager::Instance()->forgetPartition(partGuid, fsUuid));
265 }
266
mount(const std::string & volId,int32_t mountFlags,int32_t mountUserId,const android::sp<android::os::IVoldMountCallback> & callback)267 binder::Status VoldNativeService::mount(
268 const std::string& volId, int32_t mountFlags, int32_t mountUserId,
269 const android::sp<android::os::IVoldMountCallback>& callback) {
270 ENFORCE_SYSTEM_OR_ROOT;
271 CHECK_ARGUMENT_ID(volId);
272 ACQUIRE_LOCK;
273
274 auto vol = VolumeManager::Instance()->findVolume(volId);
275 if (vol == nullptr) {
276 return error("Failed to find volume " + volId);
277 }
278
279 vol->setMountFlags(mountFlags);
280 vol->setMountUserId(mountUserId);
281
282 vol->setMountCallback(callback);
283 int res = vol->mount();
284 vol->setMountCallback(nullptr);
285
286 if (res != OK) {
287 return translate(res);
288 }
289
290 return translate(OK);
291 }
292
unmount(const std::string & volId)293 binder::Status VoldNativeService::unmount(const std::string& volId) {
294 ENFORCE_SYSTEM_OR_ROOT;
295 CHECK_ARGUMENT_ID(volId);
296 ACQUIRE_LOCK;
297
298 auto vol = VolumeManager::Instance()->findVolume(volId);
299 if (vol == nullptr) {
300 return error("Failed to find volume " + volId);
301 }
302 return translate(vol->unmount());
303 }
304
format(const std::string & volId,const std::string & fsType)305 binder::Status VoldNativeService::format(const std::string& volId, const std::string& fsType) {
306 ENFORCE_SYSTEM_OR_ROOT;
307 CHECK_ARGUMENT_ID(volId);
308 ACQUIRE_LOCK;
309
310 auto vol = VolumeManager::Instance()->findVolume(volId);
311 if (vol == nullptr) {
312 return error("Failed to find volume " + volId);
313 }
314 return translate(vol->format(fsType));
315 }
316
pathForVolId(const std::string & volId,std::string * path)317 static binder::Status pathForVolId(const std::string& volId, std::string* path) {
318 if (volId == "private" || volId == "null") {
319 *path = "/data";
320 } else {
321 auto vol = VolumeManager::Instance()->findVolume(volId);
322 if (vol == nullptr) {
323 return error("Failed to find volume " + volId);
324 }
325 if (vol->getType() != VolumeBase::Type::kPrivate) {
326 return error("Volume " + volId + " not private");
327 }
328 if (vol->getState() != VolumeBase::State::kMounted) {
329 return error("Volume " + volId + " not mounted");
330 }
331 *path = vol->getPath();
332 if (path->empty()) {
333 return error("Volume " + volId + " missing path");
334 }
335 }
336 return Ok();
337 }
338
benchmark(const std::string & volId,const android::sp<android::os::IVoldTaskListener> & listener)339 binder::Status VoldNativeService::benchmark(
340 const std::string& volId, const android::sp<android::os::IVoldTaskListener>& listener) {
341 ENFORCE_SYSTEM_OR_ROOT;
342 CHECK_ARGUMENT_ID(volId);
343 ACQUIRE_LOCK;
344
345 std::string path;
346 auto status = pathForVolId(volId, &path);
347 if (!status.isOk()) return status;
348
349 std::thread([=]() { android::vold::Benchmark(path, listener); }).detach();
350 return Ok();
351 }
352
moveStorage(const std::string & fromVolId,const std::string & toVolId,const android::sp<android::os::IVoldTaskListener> & listener)353 binder::Status VoldNativeService::moveStorage(
354 const std::string& fromVolId, const std::string& toVolId,
355 const android::sp<android::os::IVoldTaskListener>& listener) {
356 ENFORCE_SYSTEM_OR_ROOT;
357 CHECK_ARGUMENT_ID(fromVolId);
358 CHECK_ARGUMENT_ID(toVolId);
359 ACQUIRE_LOCK;
360
361 auto fromVol = VolumeManager::Instance()->findVolume(fromVolId);
362 auto toVol = VolumeManager::Instance()->findVolume(toVolId);
363 if (fromVol == nullptr) {
364 return error("Failed to find volume " + fromVolId);
365 } else if (toVol == nullptr) {
366 return error("Failed to find volume " + toVolId);
367 }
368
369 std::thread([=]() { android::vold::MoveStorage(fromVol, toVol, listener); }).detach();
370 return Ok();
371 }
372
remountUid(int32_t uid,int32_t remountMode)373 binder::Status VoldNativeService::remountUid(int32_t uid, int32_t remountMode) {
374 ENFORCE_SYSTEM_OR_ROOT;
375 ACQUIRE_LOCK;
376
377 return translate(VolumeManager::Instance()->remountUid(uid, remountMode));
378 }
379
remountAppStorageDirs(int uid,int pid,const std::vector<std::string> & packageNames)380 binder::Status VoldNativeService::remountAppStorageDirs(int uid, int pid,
381 const std::vector<std::string>& packageNames) {
382 ENFORCE_SYSTEM_OR_ROOT;
383 ACQUIRE_LOCK;
384
385 return translate(VolumeManager::Instance()->handleAppStorageDirs(uid, pid,
386 false /* doUnmount */, packageNames));
387 }
388
unmountAppStorageDirs(int uid,int pid,const std::vector<std::string> & packageNames)389 binder::Status VoldNativeService::unmountAppStorageDirs(int uid, int pid,
390 const std::vector<std::string>& packageNames) {
391 ENFORCE_SYSTEM_OR_ROOT;
392 ACQUIRE_LOCK;
393
394 return translate(VolumeManager::Instance()->handleAppStorageDirs(uid, pid,
395 true /* doUnmount */, packageNames));
396 }
397
setupAppDir(const std::string & path,int32_t appUid)398 binder::Status VoldNativeService::setupAppDir(const std::string& path, int32_t appUid) {
399 ENFORCE_SYSTEM_OR_ROOT;
400 CHECK_ARGUMENT_PATH(path);
401 ACQUIRE_LOCK;
402
403 return translate(VolumeManager::Instance()->setupAppDir(path, appUid));
404 }
405
ensureAppDirsCreated(const std::vector<std::string> & paths,int32_t appUid)406 binder::Status VoldNativeService::ensureAppDirsCreated(const std::vector<std::string>& paths,
407 int32_t appUid) {
408 ENFORCE_SYSTEM_OR_ROOT;
409 ACQUIRE_LOCK;
410
411 return translate(VolumeManager::Instance()->ensureAppDirsCreated(paths, appUid));
412 }
413
fixupAppDir(const std::string & path,int32_t appUid)414 binder::Status VoldNativeService::fixupAppDir(const std::string& path, int32_t appUid) {
415 ENFORCE_SYSTEM_OR_ROOT;
416 CHECK_ARGUMENT_PATH(path);
417 ACQUIRE_LOCK;
418
419 return translate(VolumeManager::Instance()->fixupAppDir(path, appUid));
420 }
421
createObb(const std::string & sourcePath,const std::string & sourceKey,int32_t ownerGid,std::string * _aidl_return)422 binder::Status VoldNativeService::createObb(const std::string& sourcePath,
423 const std::string& sourceKey, int32_t ownerGid,
424 std::string* _aidl_return) {
425 ENFORCE_SYSTEM_OR_ROOT;
426 CHECK_ARGUMENT_PATH(sourcePath);
427 CHECK_ARGUMENT_HEX(sourceKey);
428 ACQUIRE_LOCK;
429
430 return translate(
431 VolumeManager::Instance()->createObb(sourcePath, sourceKey, ownerGid, _aidl_return));
432 }
433
destroyObb(const std::string & volId)434 binder::Status VoldNativeService::destroyObb(const std::string& volId) {
435 ENFORCE_SYSTEM_OR_ROOT;
436 CHECK_ARGUMENT_ID(volId);
437 ACQUIRE_LOCK;
438
439 return translate(VolumeManager::Instance()->destroyObb(volId));
440 }
441
createStubVolume(const std::string & sourcePath,const std::string & mountPath,const std::string & fsType,const std::string & fsUuid,const std::string & fsLabel,int32_t flags,std::string * _aidl_return)442 binder::Status VoldNativeService::createStubVolume(const std::string& sourcePath,
443 const std::string& mountPath,
444 const std::string& fsType,
445 const std::string& fsUuid,
446 const std::string& fsLabel, int32_t flags,
447 std::string* _aidl_return) {
448 ENFORCE_SYSTEM_OR_ROOT;
449 CHECK_ARGUMENT_PATH(sourcePath);
450 CHECK_ARGUMENT_PATH(mountPath);
451 CHECK_ARGUMENT_HEX(fsUuid);
452 // Label limitation seems to be different between fs (including allowed characters), so checking
453 // is quite meaningless.
454 ACQUIRE_LOCK;
455
456 return translate(VolumeManager::Instance()->createStubVolume(
457 sourcePath, mountPath, fsType, fsUuid, fsLabel, flags, _aidl_return));
458 }
459
destroyStubVolume(const std::string & volId)460 binder::Status VoldNativeService::destroyStubVolume(const std::string& volId) {
461 ENFORCE_SYSTEM_OR_ROOT;
462 CHECK_ARGUMENT_ID(volId);
463 ACQUIRE_LOCK;
464
465 return translate(VolumeManager::Instance()->destroyStubVolume(volId));
466 }
467
fstrim(int32_t fstrimFlags,const android::sp<android::os::IVoldTaskListener> & listener)468 binder::Status VoldNativeService::fstrim(
469 int32_t fstrimFlags, const android::sp<android::os::IVoldTaskListener>& listener) {
470 ENFORCE_SYSTEM_OR_ROOT;
471 ACQUIRE_LOCK;
472
473 std::thread([=]() { android::vold::Trim(listener); }).detach();
474 return Ok();
475 }
476
runIdleMaint(const android::sp<android::os::IVoldTaskListener> & listener)477 binder::Status VoldNativeService::runIdleMaint(
478 const android::sp<android::os::IVoldTaskListener>& listener) {
479 ENFORCE_SYSTEM_OR_ROOT;
480 ACQUIRE_LOCK;
481
482 std::thread([=]() { android::vold::RunIdleMaint(listener); }).detach();
483 return Ok();
484 }
485
abortIdleMaint(const android::sp<android::os::IVoldTaskListener> & listener)486 binder::Status VoldNativeService::abortIdleMaint(
487 const android::sp<android::os::IVoldTaskListener>& listener) {
488 ENFORCE_SYSTEM_OR_ROOT;
489 ACQUIRE_LOCK;
490
491 std::thread([=]() { android::vold::AbortIdleMaint(listener); }).detach();
492 return Ok();
493 }
494
mountAppFuse(int32_t uid,int32_t mountId,android::base::unique_fd * _aidl_return)495 binder::Status VoldNativeService::mountAppFuse(int32_t uid, int32_t mountId,
496 android::base::unique_fd* _aidl_return) {
497 ENFORCE_SYSTEM_OR_ROOT;
498 ACQUIRE_LOCK;
499
500 return translate(VolumeManager::Instance()->mountAppFuse(uid, mountId, _aidl_return));
501 }
502
unmountAppFuse(int32_t uid,int32_t mountId)503 binder::Status VoldNativeService::unmountAppFuse(int32_t uid, int32_t mountId) {
504 ENFORCE_SYSTEM_OR_ROOT;
505 ACQUIRE_LOCK;
506
507 return translate(VolumeManager::Instance()->unmountAppFuse(uid, mountId));
508 }
509
openAppFuseFile(int32_t uid,int32_t mountId,int32_t fileId,int32_t flags,android::base::unique_fd * _aidl_return)510 binder::Status VoldNativeService::openAppFuseFile(int32_t uid, int32_t mountId, int32_t fileId,
511 int32_t flags,
512 android::base::unique_fd* _aidl_return) {
513 ENFORCE_SYSTEM_OR_ROOT;
514 ACQUIRE_LOCK;
515
516 int fd = VolumeManager::Instance()->openAppFuseFile(uid, mountId, fileId, flags);
517 if (fd == -1) {
518 return error("Failed to open AppFuse file for uid: " + std::to_string(uid) +
519 " mountId: " + std::to_string(mountId) + " fileId: " + std::to_string(fileId) +
520 " flags: " + std::to_string(flags));
521 }
522
523 *_aidl_return = android::base::unique_fd(fd);
524 return Ok();
525 }
526
fdeCheckPassword(const std::string & password)527 binder::Status VoldNativeService::fdeCheckPassword(const std::string& password) {
528 ENFORCE_SYSTEM_OR_ROOT;
529 ACQUIRE_CRYPT_LOCK;
530
531 return translate(cryptfs_check_passwd(password.c_str()));
532 }
533
fdeRestart()534 binder::Status VoldNativeService::fdeRestart() {
535 ENFORCE_SYSTEM_OR_ROOT;
536 ACQUIRE_CRYPT_LOCK;
537
538 // Spawn as thread so init can issue commands back to vold without
539 // causing deadlock, usually as a result of prep_data_fs.
540 std::thread(&cryptfs_restart).detach();
541 return Ok();
542 }
543
fdeComplete(int32_t * _aidl_return)544 binder::Status VoldNativeService::fdeComplete(int32_t* _aidl_return) {
545 ENFORCE_SYSTEM_OR_ROOT;
546 ACQUIRE_CRYPT_LOCK;
547
548 *_aidl_return = cryptfs_crypto_complete();
549 return Ok();
550 }
551
fdeEnableInternal(int32_t passwordType,const std::string & password,int32_t encryptionFlags)552 static int fdeEnableInternal(int32_t passwordType, const std::string& password,
553 int32_t encryptionFlags) {
554 bool noUi = (encryptionFlags & VoldNativeService::ENCRYPTION_FLAG_NO_UI) != 0;
555
556 for (int tries = 0; tries < 2; ++tries) {
557 int rc;
558 if (passwordType == VoldNativeService::PASSWORD_TYPE_DEFAULT) {
559 rc = cryptfs_enable_default(noUi);
560 } else {
561 rc = cryptfs_enable(passwordType, password.c_str(), noUi);
562 }
563
564 if (rc == 0) {
565 return 0;
566 } else if (tries == 0) {
567 KillProcessesWithOpenFiles(DATA_MNT_POINT, SIGKILL);
568 }
569 }
570
571 return -1;
572 }
573
fdeEnable(int32_t passwordType,const std::string & password,int32_t encryptionFlags)574 binder::Status VoldNativeService::fdeEnable(int32_t passwordType, const std::string& password,
575 int32_t encryptionFlags) {
576 ENFORCE_SYSTEM_OR_ROOT;
577 ACQUIRE_CRYPT_LOCK;
578
579 LOG(DEBUG) << "fdeEnable(" << passwordType << ", *, " << encryptionFlags << ")";
580 if (fscrypt_is_native()) {
581 LOG(ERROR) << "fscrypt_is_native, fdeEnable invalid";
582 return error("fscrypt_is_native, fdeEnable invalid");
583 }
584 LOG(DEBUG) << "!fscrypt_is_native, spawning fdeEnableInternal";
585
586 // Spawn as thread so init can issue commands back to vold without
587 // causing deadlock, usually as a result of prep_data_fs.
588 std::thread(&fdeEnableInternal, passwordType, password, encryptionFlags).detach();
589 return Ok();
590 }
591
fdeChangePassword(int32_t passwordType,const std::string & password)592 binder::Status VoldNativeService::fdeChangePassword(int32_t passwordType,
593 const std::string& password) {
594 ENFORCE_SYSTEM_OR_ROOT;
595 ACQUIRE_CRYPT_LOCK;
596
597 return translate(cryptfs_changepw(passwordType, password.c_str()));
598 }
599
fdeVerifyPassword(const std::string & password)600 binder::Status VoldNativeService::fdeVerifyPassword(const std::string& password) {
601 ENFORCE_SYSTEM_OR_ROOT;
602 ACQUIRE_CRYPT_LOCK;
603
604 return translate(cryptfs_verify_passwd(password.c_str()));
605 }
606
fdeGetField(const std::string & key,std::string * _aidl_return)607 binder::Status VoldNativeService::fdeGetField(const std::string& key, std::string* _aidl_return) {
608 ENFORCE_SYSTEM_OR_ROOT;
609 ACQUIRE_CRYPT_LOCK;
610
611 char buf[PROPERTY_VALUE_MAX];
612 if (cryptfs_getfield(key.c_str(), buf, sizeof(buf)) != CRYPTO_GETFIELD_OK) {
613 return error(StringPrintf("Failed to read field %s", key.c_str()));
614 } else {
615 *_aidl_return = buf;
616 return Ok();
617 }
618 }
619
fdeSetField(const std::string & key,const std::string & value)620 binder::Status VoldNativeService::fdeSetField(const std::string& key, const std::string& value) {
621 ENFORCE_SYSTEM_OR_ROOT;
622 ACQUIRE_CRYPT_LOCK;
623
624 return translate(cryptfs_setfield(key.c_str(), value.c_str()));
625 }
626
fdeGetPasswordType(int32_t * _aidl_return)627 binder::Status VoldNativeService::fdeGetPasswordType(int32_t* _aidl_return) {
628 ENFORCE_SYSTEM_OR_ROOT;
629 ACQUIRE_CRYPT_LOCK;
630
631 *_aidl_return = cryptfs_get_password_type();
632 return Ok();
633 }
634
fdeGetPassword(std::string * _aidl_return)635 binder::Status VoldNativeService::fdeGetPassword(std::string* _aidl_return) {
636 ENFORCE_SYSTEM_OR_ROOT;
637 ACQUIRE_CRYPT_LOCK;
638
639 const char* res = cryptfs_get_password();
640 if (res != nullptr) {
641 *_aidl_return = res;
642 }
643 return Ok();
644 }
645
fdeClearPassword()646 binder::Status VoldNativeService::fdeClearPassword() {
647 ENFORCE_SYSTEM_OR_ROOT;
648 ACQUIRE_CRYPT_LOCK;
649
650 cryptfs_clear_password();
651 return Ok();
652 }
653
fbeEnable()654 binder::Status VoldNativeService::fbeEnable() {
655 ENFORCE_SYSTEM_OR_ROOT;
656 ACQUIRE_CRYPT_LOCK;
657
658 return translateBool(fscrypt_initialize_systemwide_keys());
659 }
660
mountDefaultEncrypted()661 binder::Status VoldNativeService::mountDefaultEncrypted() {
662 ENFORCE_SYSTEM_OR_ROOT;
663 ACQUIRE_CRYPT_LOCK;
664
665 if (!fscrypt_is_native()) {
666 // Spawn as thread so init can issue commands back to vold without
667 // causing deadlock, usually as a result of prep_data_fs.
668 std::thread(&cryptfs_mount_default_encrypted).detach();
669 }
670 return Ok();
671 }
672
initUser0()673 binder::Status VoldNativeService::initUser0() {
674 ENFORCE_SYSTEM_OR_ROOT;
675 ACQUIRE_CRYPT_LOCK;
676
677 return translateBool(fscrypt_init_user0());
678 }
679
isConvertibleToFbe(bool * _aidl_return)680 binder::Status VoldNativeService::isConvertibleToFbe(bool* _aidl_return) {
681 ENFORCE_SYSTEM_OR_ROOT;
682 ACQUIRE_CRYPT_LOCK;
683
684 *_aidl_return = cryptfs_isConvertibleToFBE() != 0;
685 return Ok();
686 }
687
mountFstab(const std::string & blkDevice,const std::string & mountPoint)688 binder::Status VoldNativeService::mountFstab(const std::string& blkDevice,
689 const std::string& mountPoint) {
690 ENFORCE_SYSTEM_OR_ROOT;
691 ACQUIRE_LOCK;
692
693 return translateBool(
694 fscrypt_mount_metadata_encrypted(blkDevice, mountPoint, false, false, "null"));
695 }
696
encryptFstab(const std::string & blkDevice,const std::string & mountPoint,bool shouldFormat,const std::string & fsType)697 binder::Status VoldNativeService::encryptFstab(const std::string& blkDevice,
698 const std::string& mountPoint, bool shouldFormat,
699 const std::string& fsType) {
700 ENFORCE_SYSTEM_OR_ROOT;
701 ACQUIRE_LOCK;
702
703 return translateBool(
704 fscrypt_mount_metadata_encrypted(blkDevice, mountPoint, true, shouldFormat, fsType));
705 }
706
setStorageBindingSeed(const std::vector<uint8_t> & seed)707 binder::Status VoldNativeService::setStorageBindingSeed(const std::vector<uint8_t>& seed) {
708 ENFORCE_SYSTEM_OR_ROOT;
709 ACQUIRE_CRYPT_LOCK;
710
711 return translateBool(setKeyStorageBindingSeed(seed));
712 }
713
createUserKey(int32_t userId,int32_t userSerial,bool ephemeral)714 binder::Status VoldNativeService::createUserKey(int32_t userId, int32_t userSerial,
715 bool ephemeral) {
716 ENFORCE_SYSTEM_OR_ROOT;
717 ACQUIRE_CRYPT_LOCK;
718
719 return translateBool(fscrypt_vold_create_user_key(userId, userSerial, ephemeral));
720 }
721
destroyUserKey(int32_t userId)722 binder::Status VoldNativeService::destroyUserKey(int32_t userId) {
723 ENFORCE_SYSTEM_OR_ROOT;
724 ACQUIRE_CRYPT_LOCK;
725
726 return translateBool(fscrypt_destroy_user_key(userId));
727 }
728
token_empty(const std::string & token)729 static bool token_empty(const std::string& token) {
730 return token.size() == 0 || token == "!";
731 }
732
addUserKeyAuth(int32_t userId,int32_t userSerial,const std::string & token,const std::string & secret)733 binder::Status VoldNativeService::addUserKeyAuth(int32_t userId, int32_t userSerial,
734 const std::string& token,
735 const std::string& secret) {
736 ENFORCE_SYSTEM_OR_ROOT;
737 ACQUIRE_CRYPT_LOCK;
738
739 if (!token_empty(token)) {
740 LOG(ERROR) << "Vold doesn't use auth tokens, but non-empty token passed to addUserKeyAuth.";
741 return binder::Status::fromServiceSpecificError(-EINVAL);
742 }
743
744 return translateBool(fscrypt_add_user_key_auth(userId, userSerial, secret));
745 }
746
clearUserKeyAuth(int32_t userId,int32_t userSerial,const std::string & token,const std::string & secret)747 binder::Status VoldNativeService::clearUserKeyAuth(int32_t userId, int32_t userSerial,
748 const std::string& token,
749 const std::string& secret) {
750 ENFORCE_SYSTEM_OR_ROOT;
751 ACQUIRE_CRYPT_LOCK;
752
753 if (!token_empty(token)) {
754 LOG(ERROR)
755 << "Vold doesn't use auth tokens, but non-empty token passed to clearUserKeyAuth.";
756 return binder::Status::fromServiceSpecificError(-EINVAL);
757 }
758
759 return translateBool(fscrypt_clear_user_key_auth(userId, userSerial, secret));
760 }
761
fixateNewestUserKeyAuth(int32_t userId)762 binder::Status VoldNativeService::fixateNewestUserKeyAuth(int32_t userId) {
763 ENFORCE_SYSTEM_OR_ROOT;
764 ACQUIRE_CRYPT_LOCK;
765
766 return translateBool(fscrypt_fixate_newest_user_key_auth(userId));
767 }
768
getUnlockedUsers(std::vector<int> * _aidl_return)769 binder::Status VoldNativeService::getUnlockedUsers(std::vector<int>* _aidl_return) {
770 ENFORCE_SYSTEM_OR_ROOT;
771 ACQUIRE_CRYPT_LOCK;
772
773 *_aidl_return = fscrypt_get_unlocked_users();
774 return Ok();
775 }
776
unlockUserKey(int32_t userId,int32_t userSerial,const std::string & token,const std::string & secret)777 binder::Status VoldNativeService::unlockUserKey(int32_t userId, int32_t userSerial,
778 const std::string& token,
779 const std::string& secret) {
780 ENFORCE_SYSTEM_OR_ROOT;
781 ACQUIRE_CRYPT_LOCK;
782
783 if (!token_empty(token)) {
784 LOG(ERROR) << "Vold doesn't use auth tokens, but non-empty token passed to unlockUserKey.";
785 return binder::Status::fromServiceSpecificError(-EINVAL);
786 }
787
788 return translateBool(fscrypt_unlock_user_key(userId, userSerial, secret));
789 }
790
lockUserKey(int32_t userId)791 binder::Status VoldNativeService::lockUserKey(int32_t userId) {
792 ENFORCE_SYSTEM_OR_ROOT;
793 ACQUIRE_CRYPT_LOCK;
794
795 return translateBool(fscrypt_lock_user_key(userId));
796 }
797
prepareUserStorage(const std::optional<std::string> & uuid,int32_t userId,int32_t userSerial,int32_t flags)798 binder::Status VoldNativeService::prepareUserStorage(const std::optional<std::string>& uuid,
799 int32_t userId, int32_t userSerial,
800 int32_t flags) {
801 ENFORCE_SYSTEM_OR_ROOT;
802 std::string empty_string = "";
803 auto uuid_ = uuid ? *uuid : empty_string;
804 CHECK_ARGUMENT_HEX(uuid_);
805
806 ACQUIRE_CRYPT_LOCK;
807 return translateBool(fscrypt_prepare_user_storage(uuid_, userId, userSerial, flags));
808 }
809
destroyUserStorage(const std::optional<std::string> & uuid,int32_t userId,int32_t flags)810 binder::Status VoldNativeService::destroyUserStorage(const std::optional<std::string>& uuid,
811 int32_t userId, int32_t flags) {
812 ENFORCE_SYSTEM_OR_ROOT;
813 std::string empty_string = "";
814 auto uuid_ = uuid ? *uuid : empty_string;
815 CHECK_ARGUMENT_HEX(uuid_);
816
817 ACQUIRE_CRYPT_LOCK;
818 return translateBool(fscrypt_destroy_user_storage(uuid_, userId, flags));
819 }
820
prepareSandboxForApp(const std::string & packageName,int32_t appId,const std::string & sandboxId,int32_t userId)821 binder::Status VoldNativeService::prepareSandboxForApp(const std::string& packageName,
822 int32_t appId, const std::string& sandboxId,
823 int32_t userId) {
824 return Ok();
825 }
826
destroySandboxForApp(const std::string & packageName,const std::string & sandboxId,int32_t userId)827 binder::Status VoldNativeService::destroySandboxForApp(const std::string& packageName,
828 const std::string& sandboxId,
829 int32_t userId) {
830 return Ok();
831 }
832
startCheckpoint(int32_t retry)833 binder::Status VoldNativeService::startCheckpoint(int32_t retry) {
834 ENFORCE_SYSTEM_OR_ROOT;
835 ACQUIRE_LOCK;
836
837 return cp_startCheckpoint(retry);
838 }
839
needsRollback(bool * _aidl_return)840 binder::Status VoldNativeService::needsRollback(bool* _aidl_return) {
841 ENFORCE_SYSTEM_OR_ROOT;
842 ACQUIRE_LOCK;
843
844 *_aidl_return = cp_needsRollback();
845 return Ok();
846 }
847
needsCheckpoint(bool * _aidl_return)848 binder::Status VoldNativeService::needsCheckpoint(bool* _aidl_return) {
849 ENFORCE_SYSTEM_OR_ROOT;
850 ACQUIRE_LOCK;
851
852 *_aidl_return = cp_needsCheckpoint();
853 return Ok();
854 }
855
isCheckpointing(bool * _aidl_return)856 binder::Status VoldNativeService::isCheckpointing(bool* _aidl_return) {
857 ENFORCE_SYSTEM_OR_ROOT;
858 ACQUIRE_LOCK;
859
860 *_aidl_return = cp_isCheckpointing();
861 return Ok();
862 }
863
commitChanges()864 binder::Status VoldNativeService::commitChanges() {
865 ENFORCE_SYSTEM_OR_ROOT;
866 ACQUIRE_LOCK;
867
868 return cp_commitChanges();
869 }
870
prepareCheckpoint()871 binder::Status VoldNativeService::prepareCheckpoint() {
872 ENFORCE_SYSTEM_OR_ROOT;
873 ACQUIRE_LOCK;
874
875 return cp_prepareCheckpoint();
876 }
877
restoreCheckpoint(const std::string & mountPoint)878 binder::Status VoldNativeService::restoreCheckpoint(const std::string& mountPoint) {
879 ENFORCE_SYSTEM_OR_ROOT;
880 CHECK_ARGUMENT_PATH(mountPoint);
881 ACQUIRE_LOCK;
882
883 return cp_restoreCheckpoint(mountPoint);
884 }
885
restoreCheckpointPart(const std::string & mountPoint,int count)886 binder::Status VoldNativeService::restoreCheckpointPart(const std::string& mountPoint, int count) {
887 ENFORCE_SYSTEM_OR_ROOT;
888 CHECK_ARGUMENT_PATH(mountPoint);
889 ACQUIRE_LOCK;
890
891 return cp_restoreCheckpoint(mountPoint, count);
892 }
893
markBootAttempt()894 binder::Status VoldNativeService::markBootAttempt() {
895 ENFORCE_SYSTEM_OR_ROOT;
896 ACQUIRE_LOCK;
897
898 return cp_markBootAttempt();
899 }
900
abortChanges(const std::string & message,bool retry)901 binder::Status VoldNativeService::abortChanges(const std::string& message, bool retry) {
902 ENFORCE_SYSTEM_OR_ROOT;
903 ACQUIRE_LOCK;
904
905 cp_abortChanges(message, retry);
906 return Ok();
907 }
908
supportsCheckpoint(bool * _aidl_return)909 binder::Status VoldNativeService::supportsCheckpoint(bool* _aidl_return) {
910 ENFORCE_SYSTEM_OR_ROOT;
911 ACQUIRE_LOCK;
912
913 return cp_supportsCheckpoint(*_aidl_return);
914 }
915
supportsBlockCheckpoint(bool * _aidl_return)916 binder::Status VoldNativeService::supportsBlockCheckpoint(bool* _aidl_return) {
917 ENFORCE_SYSTEM_OR_ROOT;
918 ACQUIRE_LOCK;
919
920 return cp_supportsBlockCheckpoint(*_aidl_return);
921 }
922
supportsFileCheckpoint(bool * _aidl_return)923 binder::Status VoldNativeService::supportsFileCheckpoint(bool* _aidl_return) {
924 ENFORCE_SYSTEM_OR_ROOT;
925 ACQUIRE_LOCK;
926
927 return cp_supportsFileCheckpoint(*_aidl_return);
928 }
929
resetCheckpoint()930 binder::Status VoldNativeService::resetCheckpoint() {
931 ENFORCE_SYSTEM_OR_ROOT;
932 ACQUIRE_LOCK;
933
934 cp_resetCheckpoint();
935 return Ok();
936 }
937
initializeIncFs()938 static void initializeIncFs() {
939 // Obtaining IncFS features triggers initialization of IncFS.
940 incfs::features();
941 }
942
943 // This is missing from the kernel UAPI headers.
944 #define ST_RDONLY 0x0001
945
946 // FDE devices run the post-fs-data trigger (and hence also earlyBootEnded)
947 // multiple times, sometimes prior to the real /data being mounted. That causes
948 // keystore2 to try to open a file in /data, causing it to panic or have to be
949 // killed by vold later, causing problems (vold failing to connect to keystore2,
950 // or keystore2 operations erroring out later). As a workaround to keep FDE
951 // working, ignore these too-early calls to earlyBootEnded.
952 //
953 // This can be removed when support for FDE is removed.
IgnoreEarlyBootEnded()954 static bool IgnoreEarlyBootEnded() {
955 // The statfs("/data") below should be sufficient by itself, but to be safe
956 // we also explicitly return false on FBE devices. (This really should be
957 // ro.crypto.type != "block" for "non-FDE devices", but on FDE devices this
958 // is sometimes called before ro.crypto.type gets set.)
959 if (fscrypt_is_native()) return false;
960
961 struct statfs buf;
962 if (statfs(DATA_MNT_POINT, &buf) != 0) {
963 PLOG(ERROR) << "statfs(\"/data\") failed";
964 return false;
965 }
966 if (buf.f_type == TMPFS_MAGIC || (buf.f_flags & ST_RDONLY)) {
967 LOG(INFO) << "Ignoring earlyBootEnded since real /data isn't mounted yet";
968 return true;
969 }
970 return false;
971 }
972
earlyBootEnded()973 binder::Status VoldNativeService::earlyBootEnded() {
974 ENFORCE_SYSTEM_OR_ROOT;
975 ACQUIRE_LOCK;
976
977 if (IgnoreEarlyBootEnded()) return Ok();
978
979 initializeIncFs();
980 Keymaster::earlyBootEnded();
981 return Ok();
982 }
983
incFsEnabled(bool * _aidl_return)984 binder::Status VoldNativeService::incFsEnabled(bool* _aidl_return) {
985 ENFORCE_SYSTEM_OR_ROOT;
986
987 *_aidl_return = incfs::enabled();
988 return Ok();
989 }
990
mountIncFs(const std::string & backingPath,const std::string & targetDir,int32_t flags,const std::string & sysfsName,::android::os::incremental::IncrementalFileSystemControlParcel * _aidl_return)991 binder::Status VoldNativeService::mountIncFs(
992 const std::string& backingPath, const std::string& targetDir, int32_t flags,
993 const std::string& sysfsName,
994 ::android::os::incremental::IncrementalFileSystemControlParcel* _aidl_return) {
995 ENFORCE_SYSTEM_OR_ROOT;
996 CHECK_ARGUMENT_PATH(backingPath);
997 CHECK_ARGUMENT_PATH(targetDir);
998
999 auto control = incfs::mount(backingPath, targetDir,
1000 {.flags = IncFsMountFlags(flags),
1001 // Mount with read timeouts.
1002 .defaultReadTimeoutMs = INCFS_DEFAULT_READ_TIMEOUT_MS,
1003 // Mount with read logs disabled.
1004 .readLogBufferPages = 0,
1005 .sysfsName = sysfsName.c_str()});
1006 if (!control) {
1007 return translate(-errno);
1008 }
1009 auto fds = control.releaseFds();
1010 using android::base::unique_fd;
1011 _aidl_return->cmd.reset(unique_fd(fds[CMD].release()));
1012 _aidl_return->pendingReads.reset(unique_fd(fds[PENDING_READS].release()));
1013 _aidl_return->log.reset(unique_fd(fds[LOGS].release()));
1014 if (fds[BLOCKS_WRITTEN].ok()) {
1015 _aidl_return->blocksWritten.emplace(unique_fd(fds[BLOCKS_WRITTEN].release()));
1016 }
1017 return Ok();
1018 }
1019
unmountIncFs(const std::string & dir)1020 binder::Status VoldNativeService::unmountIncFs(const std::string& dir) {
1021 ENFORCE_SYSTEM_OR_ROOT;
1022 CHECK_ARGUMENT_PATH(dir);
1023
1024 return translate(incfs::unmount(dir));
1025 }
1026
setIncFsMountOptions(const::android::os::incremental::IncrementalFileSystemControlParcel & control,bool enableReadLogs,bool enableReadTimeouts,const std::string & sysfsName)1027 binder::Status VoldNativeService::setIncFsMountOptions(
1028 const ::android::os::incremental::IncrementalFileSystemControlParcel& control,
1029 bool enableReadLogs, bool enableReadTimeouts, const std::string& sysfsName) {
1030 ENFORCE_SYSTEM_OR_ROOT;
1031
1032 auto incfsControl =
1033 incfs::createControl(control.cmd.get(), control.pendingReads.get(), control.log.get(),
1034 control.blocksWritten ? control.blocksWritten->get() : -1);
1035 auto cleanupFunc = [](auto incfsControl) {
1036 for (auto& fd : incfsControl->releaseFds()) {
1037 (void)fd.release();
1038 }
1039 };
1040 auto cleanup =
1041 std::unique_ptr<incfs::Control, decltype(cleanupFunc)>(&incfsControl, cleanupFunc);
1042 if (auto error = incfs::setOptions(
1043 incfsControl,
1044 {.defaultReadTimeoutMs =
1045 enableReadTimeouts ? INCFS_DEFAULT_READ_TIMEOUT_MS : kIncFsReadNoTimeoutMs,
1046 .readLogBufferPages = enableReadLogs ? INCFS_DEFAULT_PAGE_READ_BUFFER_PAGES : 0,
1047 .sysfsName = sysfsName.c_str()});
1048 error < 0) {
1049 return binder::Status::fromServiceSpecificError(error);
1050 }
1051
1052 return Ok();
1053 }
1054
bindMount(const std::string & sourceDir,const std::string & targetDir)1055 binder::Status VoldNativeService::bindMount(const std::string& sourceDir,
1056 const std::string& targetDir) {
1057 ENFORCE_SYSTEM_OR_ROOT;
1058 CHECK_ARGUMENT_PATH(sourceDir);
1059 CHECK_ARGUMENT_PATH(targetDir);
1060
1061 return translate(incfs::bindMount(sourceDir, targetDir));
1062 }
1063
destroyDsuMetadataKey(const std::string & dsuSlot)1064 binder::Status VoldNativeService::destroyDsuMetadataKey(const std::string& dsuSlot) {
1065 ENFORCE_SYSTEM_OR_ROOT;
1066 ACQUIRE_LOCK;
1067
1068 return translateBool(destroy_dsu_metadata_key(dsuSlot));
1069 }
1070
1071 } // namespace vold
1072 } // namespace android
1073