1 /*
2 * Copyright (C) 2012 The Android Open Source Project
3 *
4 * Licensed under the Apache License, Version 2.0 (the "License");
5 * you may not use this file except in compliance with the License.
6 * You may obtain a copy of the License at
7 *
8 * http://www.apache.org/licenses/LICENSE-2.0
9 *
10 * Unless required by applicable law or agreed to in writing, software
11 * distributed under the License is distributed on an "AS IS" BASIS,
12 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13 * See the License for the specific language governing permissions and
14 * limitations under the License.
15 */
16
17 #include <stdio.h>
18 #include <stdlib.h>
19 #include <string.h>
20 #include <unistd.h>
21 #include <fcntl.h>
22 #include <ctype.h>
23 #include <sys/mount.h>
24 #include <sys/stat.h>
25 #include <errno.h>
26 #include <sys/types.h>
27 #include <sys/wait.h>
28 #include <libgen.h>
29 #include <time.h>
30 #include <sys/swap.h>
31 #include <dirent.h>
32 #include <ext4.h>
33 #include <ext4_sb.h>
34 #include <ext4_crypt_init_extensions.h>
35
36 #include <linux/loop.h>
37 #include <private/android_filesystem_config.h>
38 #include <cutils/android_reboot.h>
39 #include <cutils/partition_utils.h>
40 #include <cutils/properties.h>
41 #include <logwrap/logwrap.h>
42
43 #include "mincrypt/rsa.h"
44 #include "mincrypt/sha.h"
45 #include "mincrypt/sha256.h"
46
47 #include "ext4_utils.h"
48 #include "wipe.h"
49
50 #include "fs_mgr_priv.h"
51 #include "fs_mgr_priv_verity.h"
52
53 #define KEY_LOC_PROP "ro.crypto.keyfile.userdata"
54 #define KEY_IN_FOOTER "footer"
55
56 #define E2FSCK_BIN "/system/bin/e2fsck"
57 #define F2FS_FSCK_BIN "/system/bin/fsck.f2fs"
58 #define MKSWAP_BIN "/system/bin/mkswap"
59
60 #define FSCK_LOG_FILE "/dev/fscklogs/log"
61
62 #define ZRAM_CONF_DEV "/sys/block/zram0/disksize"
63
64 #define ARRAY_SIZE(a) (sizeof(a) / sizeof(*(a)))
65
66 /*
67 * gettime() - returns the time in seconds of the system's monotonic clock or
68 * zero on error.
69 */
gettime(void)70 static time_t gettime(void)
71 {
72 struct timespec ts;
73 int ret;
74
75 ret = clock_gettime(CLOCK_MONOTONIC, &ts);
76 if (ret < 0) {
77 ERROR("clock_gettime(CLOCK_MONOTONIC) failed: %s\n", strerror(errno));
78 return 0;
79 }
80
81 return ts.tv_sec;
82 }
83
wait_for_file(const char * filename,int timeout)84 static int wait_for_file(const char *filename, int timeout)
85 {
86 struct stat info;
87 time_t timeout_time = gettime() + timeout;
88 int ret = -1;
89
90 while (gettime() < timeout_time && ((ret = stat(filename, &info)) < 0))
91 usleep(10000);
92
93 return ret;
94 }
95
check_fs(char * blk_device,char * fs_type,char * target)96 static void check_fs(char *blk_device, char *fs_type, char *target)
97 {
98 int status;
99 int ret;
100 long tmpmnt_flags = MS_NOATIME | MS_NOEXEC | MS_NOSUID;
101 char *tmpmnt_opts = "nomblk_io_submit,errors=remount-ro";
102 char *e2fsck_argv[] = {
103 E2FSCK_BIN,
104 "-y",
105 blk_device
106 };
107
108 /* Check for the types of filesystems we know how to check */
109 if (!strcmp(fs_type, "ext2") || !strcmp(fs_type, "ext3") || !strcmp(fs_type, "ext4")) {
110 /*
111 * First try to mount and unmount the filesystem. We do this because
112 * the kernel is more efficient than e2fsck in running the journal and
113 * processing orphaned inodes, and on at least one device with a
114 * performance issue in the emmc firmware, it can take e2fsck 2.5 minutes
115 * to do what the kernel does in about a second.
116 *
117 * After mounting and unmounting the filesystem, run e2fsck, and if an
118 * error is recorded in the filesystem superblock, e2fsck will do a full
119 * check. Otherwise, it does nothing. If the kernel cannot mount the
120 * filesytsem due to an error, e2fsck is still run to do a full check
121 * fix the filesystem.
122 */
123 errno = 0;
124 ret = mount(blk_device, target, fs_type, tmpmnt_flags, tmpmnt_opts);
125 INFO("%s(): mount(%s,%s,%s)=%d: %s\n",
126 __func__, blk_device, target, fs_type, ret, strerror(errno));
127 if (!ret) {
128 int i;
129 for (i = 0; i < 5; i++) {
130 // Try to umount 5 times before continuing on.
131 // Should we try rebooting if all attempts fail?
132 int result = umount(target);
133 if (result == 0) {
134 INFO("%s(): unmount(%s) succeeded\n", __func__, target);
135 break;
136 }
137 ERROR("%s(): umount(%s)=%d: %s\n", __func__, target, result, strerror(errno));
138 sleep(1);
139 }
140 }
141
142 /*
143 * Some system images do not have e2fsck for licensing reasons
144 * (e.g. recent SDK system images). Detect these and skip the check.
145 */
146 if (access(E2FSCK_BIN, X_OK)) {
147 INFO("Not running %s on %s (executable not in system image)\n",
148 E2FSCK_BIN, blk_device);
149 } else {
150 INFO("Running %s on %s\n", E2FSCK_BIN, blk_device);
151
152 ret = android_fork_execvp_ext(ARRAY_SIZE(e2fsck_argv), e2fsck_argv,
153 &status, true, LOG_KLOG | LOG_FILE,
154 true, FSCK_LOG_FILE);
155
156 if (ret < 0) {
157 /* No need to check for error in fork, we can't really handle it now */
158 ERROR("Failed trying to run %s\n", E2FSCK_BIN);
159 }
160 }
161 } else if (!strcmp(fs_type, "f2fs")) {
162 char *f2fs_fsck_argv[] = {
163 F2FS_FSCK_BIN,
164 "-f",
165 blk_device
166 };
167 INFO("Running %s -f %s\n", F2FS_FSCK_BIN, blk_device);
168
169 ret = android_fork_execvp_ext(ARRAY_SIZE(f2fs_fsck_argv), f2fs_fsck_argv,
170 &status, true, LOG_KLOG | LOG_FILE,
171 true, FSCK_LOG_FILE);
172 if (ret < 0) {
173 /* No need to check for error in fork, we can't really handle it now */
174 ERROR("Failed trying to run %s\n", F2FS_FSCK_BIN);
175 }
176 }
177
178 return;
179 }
180
remove_trailing_slashes(char * n)181 static void remove_trailing_slashes(char *n)
182 {
183 int len;
184
185 len = strlen(n) - 1;
186 while ((*(n + len) == '/') && len) {
187 *(n + len) = '\0';
188 len--;
189 }
190 }
191
192 /*
193 * Mark the given block device as read-only, using the BLKROSET ioctl.
194 * Return 0 on success, and -1 on error.
195 */
fs_mgr_set_blk_ro(const char * blockdev)196 int fs_mgr_set_blk_ro(const char *blockdev)
197 {
198 int fd;
199 int rc = -1;
200 int ON = 1;
201
202 fd = TEMP_FAILURE_RETRY(open(blockdev, O_RDONLY | O_CLOEXEC));
203 if (fd < 0) {
204 // should never happen
205 return rc;
206 }
207
208 rc = ioctl(fd, BLKROSET, &ON);
209 close(fd);
210
211 return rc;
212 }
213
214 /*
215 * __mount(): wrapper around the mount() system call which also
216 * sets the underlying block device to read-only if the mount is read-only.
217 * See "man 2 mount" for return values.
218 */
__mount(const char * source,const char * target,const struct fstab_rec * rec)219 static int __mount(const char *source, const char *target, const struct fstab_rec *rec)
220 {
221 unsigned long mountflags = rec->flags;
222 int ret;
223 int save_errno;
224
225 /* We need this because sometimes we have legacy symlinks
226 * that are lingering around and need cleaning up.
227 */
228 struct stat info;
229 if (!lstat(target, &info))
230 if ((info.st_mode & S_IFMT) == S_IFLNK)
231 unlink(target);
232 mkdir(target, 0755);
233 ret = mount(source, target, rec->fs_type, mountflags, rec->fs_options);
234 save_errno = errno;
235 INFO("%s(source=%s,target=%s,type=%s)=%d\n", __func__, source, target, rec->fs_type, ret);
236 if ((ret == 0) && (mountflags & MS_RDONLY) != 0) {
237 fs_mgr_set_blk_ro(source);
238 }
239 errno = save_errno;
240 return ret;
241 }
242
fs_match(char * in1,char * in2)243 static int fs_match(char *in1, char *in2)
244 {
245 char *n1;
246 char *n2;
247 int ret;
248
249 n1 = strdup(in1);
250 n2 = strdup(in2);
251
252 remove_trailing_slashes(n1);
253 remove_trailing_slashes(n2);
254
255 ret = !strcmp(n1, n2);
256
257 free(n1);
258 free(n2);
259
260 return ret;
261 }
262
device_is_debuggable()263 static int device_is_debuggable() {
264 int ret = -1;
265 char value[PROP_VALUE_MAX];
266 ret = __system_property_get("ro.debuggable", value);
267 if (ret < 0)
268 return ret;
269 return strcmp(value, "1") ? 0 : 1;
270 }
271
device_is_secure()272 static int device_is_secure() {
273 int ret = -1;
274 char value[PROP_VALUE_MAX];
275 ret = __system_property_get("ro.secure", value);
276 /* If error, we want to fail secure */
277 if (ret < 0)
278 return 1;
279 return strcmp(value, "0") ? 1 : 0;
280 }
281
device_is_force_encrypted()282 static int device_is_force_encrypted() {
283 int ret = -1;
284 char value[PROP_VALUE_MAX];
285 ret = __system_property_get("ro.vold.forceencryption", value);
286 if (ret < 0)
287 return 0;
288 return strcmp(value, "1") ? 0 : 1;
289 }
290
291 /*
292 * Tries to mount any of the consecutive fstab entries that match
293 * the mountpoint of the one given by fstab->recs[start_idx].
294 *
295 * end_idx: On return, will be the last rec that was looked at.
296 * attempted_idx: On return, will indicate which fstab rec
297 * succeeded. In case of failure, it will be the start_idx.
298 * Returns
299 * -1 on failure with errno set to match the 1st mount failure.
300 * 0 on success.
301 */
mount_with_alternatives(struct fstab * fstab,int start_idx,int * end_idx,int * attempted_idx)302 static int mount_with_alternatives(struct fstab *fstab, int start_idx, int *end_idx, int *attempted_idx)
303 {
304 int i;
305 int mount_errno = 0;
306 int mounted = 0;
307
308 if (!end_idx || !attempted_idx || start_idx >= fstab->num_entries) {
309 errno = EINVAL;
310 if (end_idx) *end_idx = start_idx;
311 if (attempted_idx) *end_idx = start_idx;
312 return -1;
313 }
314
315 /* Hunt down an fstab entry for the same mount point that might succeed */
316 for (i = start_idx;
317 /* We required that fstab entries for the same mountpoint be consecutive */
318 i < fstab->num_entries && !strcmp(fstab->recs[start_idx].mount_point, fstab->recs[i].mount_point);
319 i++) {
320 /*
321 * Don't try to mount/encrypt the same mount point again.
322 * Deal with alternate entries for the same point which are required to be all following
323 * each other.
324 */
325 if (mounted) {
326 ERROR("%s(): skipping fstab dup mountpoint=%s rec[%d].fs_type=%s already mounted as %s.\n", __func__,
327 fstab->recs[i].mount_point, i, fstab->recs[i].fs_type, fstab->recs[*attempted_idx].fs_type);
328 continue;
329 }
330
331 if (fstab->recs[i].fs_mgr_flags & MF_CHECK) {
332 check_fs(fstab->recs[i].blk_device, fstab->recs[i].fs_type,
333 fstab->recs[i].mount_point);
334 }
335 if (!__mount(fstab->recs[i].blk_device, fstab->recs[i].mount_point, &fstab->recs[i])) {
336 *attempted_idx = i;
337 mounted = 1;
338 if (i != start_idx) {
339 ERROR("%s(): Mounted %s on %s with fs_type=%s instead of %s\n", __func__,
340 fstab->recs[i].blk_device, fstab->recs[i].mount_point, fstab->recs[i].fs_type,
341 fstab->recs[start_idx].fs_type);
342 }
343 } else {
344 /* back up errno for crypto decisions */
345 mount_errno = errno;
346 }
347 }
348
349 /* Adjust i for the case where it was still withing the recs[] */
350 if (i < fstab->num_entries) --i;
351
352 *end_idx = i;
353 if (!mounted) {
354 *attempted_idx = start_idx;
355 errno = mount_errno;
356 return -1;
357 }
358 return 0;
359 }
360
translate_ext_labels(struct fstab_rec * rec)361 static int translate_ext_labels(struct fstab_rec *rec)
362 {
363 DIR *blockdir = NULL;
364 struct dirent *ent;
365 char *label;
366 size_t label_len;
367 int ret = -1;
368
369 if (strncmp(rec->blk_device, "LABEL=", 6))
370 return 0;
371
372 label = rec->blk_device + 6;
373 label_len = strlen(label);
374
375 if (label_len > 16) {
376 ERROR("FS label is longer than allowed by filesystem\n");
377 goto out;
378 }
379
380
381 blockdir = opendir("/dev/block");
382 if (!blockdir) {
383 ERROR("couldn't open /dev/block\n");
384 goto out;
385 }
386
387 while ((ent = readdir(blockdir))) {
388 int fd;
389 char super_buf[1024];
390 struct ext4_super_block *sb;
391
392 if (ent->d_type != DT_BLK)
393 continue;
394
395 fd = openat(dirfd(blockdir), ent->d_name, O_RDONLY);
396 if (fd < 0) {
397 ERROR("Cannot open block device /dev/block/%s\n", ent->d_name);
398 goto out;
399 }
400
401 if (TEMP_FAILURE_RETRY(lseek(fd, 1024, SEEK_SET)) < 0 ||
402 TEMP_FAILURE_RETRY(read(fd, super_buf, 1024)) != 1024) {
403 /* Probably a loopback device or something else without a readable
404 * superblock.
405 */
406 close(fd);
407 continue;
408 }
409
410 sb = (struct ext4_super_block *)super_buf;
411 if (sb->s_magic != EXT4_SUPER_MAGIC) {
412 INFO("/dev/block/%s not ext{234}\n", ent->d_name);
413 continue;
414 }
415
416 if (!strncmp(label, sb->s_volume_name, label_len)) {
417 char *new_blk_device;
418
419 if (asprintf(&new_blk_device, "/dev/block/%s", ent->d_name) < 0) {
420 ERROR("Could not allocate block device string\n");
421 goto out;
422 }
423
424 INFO("resolved label %s to %s\n", rec->blk_device, new_blk_device);
425
426 free(rec->blk_device);
427 rec->blk_device = new_blk_device;
428 ret = 0;
429 break;
430 }
431 }
432
433 out:
434 closedir(blockdir);
435 return ret;
436 }
437
438 // Check to see if a mountable volume has encryption requirements
handle_encryptable(struct fstab * fstab,const struct fstab_rec * rec)439 static int handle_encryptable(struct fstab *fstab, const struct fstab_rec* rec)
440 {
441 /* If this is block encryptable, need to trigger encryption */
442 if ( (rec->fs_mgr_flags & MF_FORCECRYPT)
443 || (device_is_force_encrypted() && fs_mgr_is_encryptable(rec))) {
444 if (umount(rec->mount_point) == 0) {
445 return FS_MGR_MNTALL_DEV_NEEDS_ENCRYPTION;
446 } else {
447 WARNING("Could not umount %s (%s) - allow continue unencrypted\n",
448 rec->mount_point, strerror(errno));
449 return FS_MGR_MNTALL_DEV_NOT_ENCRYPTED;
450 }
451 }
452
453 // Deal with file level encryption
454 if (rec->fs_mgr_flags & MF_FILEENCRYPTION) {
455 // Default or not yet initialized encryption requires no more work here
456 if (!e4crypt_non_default_key(rec->mount_point)) {
457 INFO("%s is default file encrypted\n", rec->mount_point);
458 return FS_MGR_MNTALL_DEV_DEFAULT_FILE_ENCRYPTED;
459 }
460
461 INFO("%s is non-default file encrypted\n", rec->mount_point);
462
463 // Uses non-default key, so must unmount and set up temp file system
464 if (umount(rec->mount_point)) {
465 ERROR("Failed to umount %s - rebooting\n", rec->mount_point);
466 return FS_MGR_MNTALL_FAIL;
467 }
468
469 if (fs_mgr_do_tmpfs_mount(rec->mount_point) != 0) {
470 ERROR("Failed to mount a tmpfs at %s\n", rec->mount_point);
471 return FS_MGR_MNTALL_FAIL;
472 }
473
474 // Mount data temporarily so we can access unencrypted dir
475 char tmp_mnt[PATH_MAX];
476 strlcpy(tmp_mnt, rec->mount_point, sizeof(tmp_mnt));
477 strlcat(tmp_mnt, "/tmp_mnt", sizeof(tmp_mnt));
478 if (mkdir(tmp_mnt, 0700)) {
479 ERROR("Failed to create temp mount point\n");
480 return FS_MGR_MNTALL_FAIL;
481 }
482
483 if (fs_mgr_do_mount(fstab, rec->mount_point,
484 rec->blk_device, tmp_mnt)) {
485 ERROR("Error temp mounting encrypted file system\n");
486 return FS_MGR_MNTALL_FAIL;
487 }
488
489 return FS_MGR_MNTALL_DEV_NON_DEFAULT_FILE_ENCRYPTED;
490 }
491
492 return FS_MGR_MNTALL_DEV_NOT_ENCRYPTED;
493 }
494
495 /* When multiple fstab records share the same mount_point, it will
496 * try to mount each one in turn, and ignore any duplicates after a
497 * first successful mount.
498 * Returns -1 on error, and FS_MGR_MNTALL_* otherwise.
499 */
fs_mgr_mount_all(struct fstab * fstab)500 int fs_mgr_mount_all(struct fstab *fstab)
501 {
502 int i = 0;
503 int encryptable = FS_MGR_MNTALL_DEV_NOT_ENCRYPTED;
504 int error_count = 0;
505 int mret = -1;
506 int mount_errno = 0;
507 int attempted_idx = -1;
508
509 if (!fstab) {
510 return -1;
511 }
512
513 for (i = 0; i < fstab->num_entries; i++) {
514 /* Don't mount entries that are managed by vold */
515 if (fstab->recs[i].fs_mgr_flags & (MF_VOLDMANAGED | MF_RECOVERYONLY)) {
516 continue;
517 }
518
519 /* Skip swap and raw partition entries such as boot, recovery, etc */
520 if (!strcmp(fstab->recs[i].fs_type, "swap") ||
521 !strcmp(fstab->recs[i].fs_type, "emmc") ||
522 !strcmp(fstab->recs[i].fs_type, "mtd")) {
523 continue;
524 }
525
526 /* Translate LABEL= file system labels into block devices */
527 if (!strcmp(fstab->recs[i].fs_type, "ext2") ||
528 !strcmp(fstab->recs[i].fs_type, "ext3") ||
529 !strcmp(fstab->recs[i].fs_type, "ext4")) {
530 int tret = translate_ext_labels(&fstab->recs[i]);
531 if (tret < 0) {
532 ERROR("Could not translate label to block device\n");
533 continue;
534 }
535 }
536
537 if (fstab->recs[i].fs_mgr_flags & MF_WAIT) {
538 wait_for_file(fstab->recs[i].blk_device, WAIT_TIMEOUT);
539 }
540
541 if ((fstab->recs[i].fs_mgr_flags & MF_VERIFY) && device_is_secure()) {
542 int rc = fs_mgr_setup_verity(&fstab->recs[i]);
543 if (device_is_debuggable() && rc == FS_MGR_SETUP_VERITY_DISABLED) {
544 INFO("Verity disabled");
545 } else if (rc != FS_MGR_SETUP_VERITY_SUCCESS) {
546 ERROR("Could not set up verified partition, skipping!\n");
547 continue;
548 }
549 }
550 int last_idx_inspected;
551 int top_idx = i;
552
553 mret = mount_with_alternatives(fstab, i, &last_idx_inspected, &attempted_idx);
554 i = last_idx_inspected;
555 mount_errno = errno;
556
557 /* Deal with encryptability. */
558 if (!mret) {
559 int status = handle_encryptable(fstab, &fstab->recs[attempted_idx]);
560
561 if (status == FS_MGR_MNTALL_FAIL) {
562 /* Fatal error - no point continuing */
563 return status;
564 }
565
566 if (status != FS_MGR_MNTALL_DEV_NOT_ENCRYPTED) {
567 if (encryptable != FS_MGR_MNTALL_DEV_NOT_ENCRYPTED) {
568 // Log and continue
569 ERROR("Only one encryptable/encrypted partition supported\n");
570 }
571 encryptable = status;
572 }
573
574 /* Success! Go get the next one */
575 continue;
576 }
577
578 /* mount(2) returned an error, handle the encryptable/formattable case */
579 bool wiped = partition_wiped(fstab->recs[top_idx].blk_device);
580 if (mret && mount_errno != EBUSY && mount_errno != EACCES &&
581 fs_mgr_is_formattable(&fstab->recs[top_idx]) && wiped) {
582 /* top_idx and attempted_idx point at the same partition, but sometimes
583 * at two different lines in the fstab. Use the top one for formatting
584 * as that is the preferred one.
585 */
586 ERROR("%s(): %s is wiped and %s %s is formattable. Format it.\n", __func__,
587 fstab->recs[top_idx].blk_device, fstab->recs[top_idx].mount_point,
588 fstab->recs[top_idx].fs_type);
589 if (fs_mgr_is_encryptable(&fstab->recs[top_idx]) &&
590 strcmp(fstab->recs[top_idx].key_loc, KEY_IN_FOOTER)) {
591 int fd = open(fstab->recs[top_idx].key_loc, O_WRONLY, 0644);
592 if (fd >= 0) {
593 INFO("%s(): also wipe %s\n", __func__, fstab->recs[top_idx].key_loc);
594 wipe_block_device(fd, get_file_size(fd));
595 close(fd);
596 } else {
597 ERROR("%s(): %s wouldn't open (%s)\n", __func__,
598 fstab->recs[top_idx].key_loc, strerror(errno));
599 }
600 }
601 if (fs_mgr_do_format(&fstab->recs[top_idx]) == 0) {
602 /* Let's replay the mount actions. */
603 i = top_idx - 1;
604 continue;
605 }
606 }
607 if (mret && mount_errno != EBUSY && mount_errno != EACCES &&
608 fs_mgr_is_encryptable(&fstab->recs[attempted_idx])) {
609 if (wiped) {
610 ERROR("%s(): %s is wiped and %s %s is encryptable. Suggest recovery...\n", __func__,
611 fstab->recs[attempted_idx].blk_device, fstab->recs[attempted_idx].mount_point,
612 fstab->recs[attempted_idx].fs_type);
613 encryptable = FS_MGR_MNTALL_DEV_NEEDS_RECOVERY;
614 continue;
615 } else {
616 /* Need to mount a tmpfs at this mountpoint for now, and set
617 * properties that vold will query later for decrypting
618 */
619 ERROR("%s(): possibly an encryptable blkdev %s for mount %s type %s )\n", __func__,
620 fstab->recs[attempted_idx].blk_device, fstab->recs[attempted_idx].mount_point,
621 fstab->recs[attempted_idx].fs_type);
622 if (fs_mgr_do_tmpfs_mount(fstab->recs[attempted_idx].mount_point) < 0) {
623 ++error_count;
624 continue;
625 }
626 }
627 encryptable = FS_MGR_MNTALL_DEV_MIGHT_BE_ENCRYPTED;
628 } else {
629 ERROR("Failed to mount an un-encryptable or wiped partition on"
630 "%s at %s options: %s error: %s\n",
631 fstab->recs[attempted_idx].blk_device, fstab->recs[attempted_idx].mount_point,
632 fstab->recs[attempted_idx].fs_options, strerror(mount_errno));
633 ++error_count;
634 continue;
635 }
636 }
637
638 if (error_count) {
639 return -1;
640 } else {
641 return encryptable;
642 }
643 }
644
645 /* If tmp_mount_point is non-null, mount the filesystem there. This is for the
646 * tmp mount we do to check the user password
647 * If multiple fstab entries are to be mounted on "n_name", it will try to mount each one
648 * in turn, and stop on 1st success, or no more match.
649 */
fs_mgr_do_mount(struct fstab * fstab,char * n_name,char * n_blk_device,char * tmp_mount_point)650 int fs_mgr_do_mount(struct fstab *fstab, char *n_name, char *n_blk_device,
651 char *tmp_mount_point)
652 {
653 int i = 0;
654 int ret = FS_MGR_DOMNT_FAILED;
655 int mount_errors = 0;
656 int first_mount_errno = 0;
657 char *m;
658
659 if (!fstab) {
660 return ret;
661 }
662
663 for (i = 0; i < fstab->num_entries; i++) {
664 if (!fs_match(fstab->recs[i].mount_point, n_name)) {
665 continue;
666 }
667
668 /* We found our match */
669 /* If this swap or a raw partition, report an error */
670 if (!strcmp(fstab->recs[i].fs_type, "swap") ||
671 !strcmp(fstab->recs[i].fs_type, "emmc") ||
672 !strcmp(fstab->recs[i].fs_type, "mtd")) {
673 ERROR("Cannot mount filesystem of type %s on %s\n",
674 fstab->recs[i].fs_type, n_blk_device);
675 goto out;
676 }
677
678 /* First check the filesystem if requested */
679 if (fstab->recs[i].fs_mgr_flags & MF_WAIT) {
680 wait_for_file(n_blk_device, WAIT_TIMEOUT);
681 }
682
683 if (fstab->recs[i].fs_mgr_flags & MF_CHECK) {
684 check_fs(n_blk_device, fstab->recs[i].fs_type,
685 fstab->recs[i].mount_point);
686 }
687
688 if ((fstab->recs[i].fs_mgr_flags & MF_VERIFY) && device_is_secure()) {
689 int rc = fs_mgr_setup_verity(&fstab->recs[i]);
690 if (device_is_debuggable() && rc == FS_MGR_SETUP_VERITY_DISABLED) {
691 INFO("Verity disabled");
692 } else if (rc != FS_MGR_SETUP_VERITY_SUCCESS) {
693 ERROR("Could not set up verified partition, skipping!\n");
694 continue;
695 }
696 }
697
698 /* Now mount it where requested */
699 if (tmp_mount_point) {
700 m = tmp_mount_point;
701 } else {
702 m = fstab->recs[i].mount_point;
703 }
704 if (__mount(n_blk_device, m, &fstab->recs[i])) {
705 if (!first_mount_errno) first_mount_errno = errno;
706 mount_errors++;
707 continue;
708 } else {
709 ret = 0;
710 goto out;
711 }
712 }
713 if (mount_errors) {
714 ERROR("Cannot mount filesystem on %s at %s. error: %s\n",
715 n_blk_device, m, strerror(first_mount_errno));
716 if (first_mount_errno == EBUSY) {
717 ret = FS_MGR_DOMNT_BUSY;
718 } else {
719 ret = FS_MGR_DOMNT_FAILED;
720 }
721 } else {
722 /* We didn't find a match, say so and return an error */
723 ERROR("Cannot find mount point %s in fstab\n", fstab->recs[i].mount_point);
724 }
725
726 out:
727 return ret;
728 }
729
730 /*
731 * mount a tmpfs filesystem at the given point.
732 * return 0 on success, non-zero on failure.
733 */
fs_mgr_do_tmpfs_mount(char * n_name)734 int fs_mgr_do_tmpfs_mount(char *n_name)
735 {
736 int ret;
737
738 ret = mount("tmpfs", n_name, "tmpfs",
739 MS_NOATIME | MS_NOSUID | MS_NODEV, CRYPTO_TMPFS_OPTIONS);
740 if (ret < 0) {
741 ERROR("Cannot mount tmpfs filesystem at %s\n", n_name);
742 return -1;
743 }
744
745 /* Success */
746 return 0;
747 }
748
fs_mgr_unmount_all(struct fstab * fstab)749 int fs_mgr_unmount_all(struct fstab *fstab)
750 {
751 int i = 0;
752 int ret = 0;
753
754 if (!fstab) {
755 return -1;
756 }
757
758 while (fstab->recs[i].blk_device) {
759 if (umount(fstab->recs[i].mount_point)) {
760 ERROR("Cannot unmount filesystem at %s\n", fstab->recs[i].mount_point);
761 ret = -1;
762 }
763 i++;
764 }
765
766 return ret;
767 }
768
769 /* This must be called after mount_all, because the mkswap command needs to be
770 * available.
771 */
fs_mgr_swapon_all(struct fstab * fstab)772 int fs_mgr_swapon_all(struct fstab *fstab)
773 {
774 int i = 0;
775 int flags = 0;
776 int err = 0;
777 int ret = 0;
778 int status;
779 char *mkswap_argv[2] = {
780 MKSWAP_BIN,
781 NULL
782 };
783
784 if (!fstab) {
785 return -1;
786 }
787
788 for (i = 0; i < fstab->num_entries; i++) {
789 /* Skip non-swap entries */
790 if (strcmp(fstab->recs[i].fs_type, "swap")) {
791 continue;
792 }
793
794 if (fstab->recs[i].zram_size > 0) {
795 /* A zram_size was specified, so we need to configure the
796 * device. There is no point in having multiple zram devices
797 * on a system (all the memory comes from the same pool) so
798 * we can assume the device number is 0.
799 */
800 FILE *zram_fp;
801
802 zram_fp = fopen(ZRAM_CONF_DEV, "r+");
803 if (zram_fp == NULL) {
804 ERROR("Unable to open zram conf device %s\n", ZRAM_CONF_DEV);
805 ret = -1;
806 continue;
807 }
808 fprintf(zram_fp, "%d\n", fstab->recs[i].zram_size);
809 fclose(zram_fp);
810 }
811
812 if (fstab->recs[i].fs_mgr_flags & MF_WAIT) {
813 wait_for_file(fstab->recs[i].blk_device, WAIT_TIMEOUT);
814 }
815
816 /* Initialize the swap area */
817 mkswap_argv[1] = fstab->recs[i].blk_device;
818 err = android_fork_execvp_ext(ARRAY_SIZE(mkswap_argv), mkswap_argv,
819 &status, true, LOG_KLOG, false, NULL);
820 if (err) {
821 ERROR("mkswap failed for %s\n", fstab->recs[i].blk_device);
822 ret = -1;
823 continue;
824 }
825
826 /* If -1, then no priority was specified in fstab, so don't set
827 * SWAP_FLAG_PREFER or encode the priority */
828 if (fstab->recs[i].swap_prio >= 0) {
829 flags = (fstab->recs[i].swap_prio << SWAP_FLAG_PRIO_SHIFT) &
830 SWAP_FLAG_PRIO_MASK;
831 flags |= SWAP_FLAG_PREFER;
832 } else {
833 flags = 0;
834 }
835 err = swapon(fstab->recs[i].blk_device, flags);
836 if (err) {
837 ERROR("swapon failed for %s\n", fstab->recs[i].blk_device);
838 ret = -1;
839 }
840 }
841
842 return ret;
843 }
844
845 /*
846 * key_loc must be at least PROPERTY_VALUE_MAX bytes long
847 *
848 * real_blk_device must be at least PROPERTY_VALUE_MAX bytes long
849 */
fs_mgr_get_crypt_info(struct fstab * fstab,char * key_loc,char * real_blk_device,int size)850 int fs_mgr_get_crypt_info(struct fstab *fstab, char *key_loc, char *real_blk_device, int size)
851 {
852 int i = 0;
853
854 if (!fstab) {
855 return -1;
856 }
857 /* Initialize return values to null strings */
858 if (key_loc) {
859 *key_loc = '\0';
860 }
861 if (real_blk_device) {
862 *real_blk_device = '\0';
863 }
864
865 /* Look for the encryptable partition to find the data */
866 for (i = 0; i < fstab->num_entries; i++) {
867 /* Don't deal with vold managed enryptable partitions here */
868 if (fstab->recs[i].fs_mgr_flags & MF_VOLDMANAGED) {
869 continue;
870 }
871 if (!(fstab->recs[i].fs_mgr_flags & (MF_CRYPT | MF_FORCECRYPT))) {
872 continue;
873 }
874
875 /* We found a match */
876 if (key_loc) {
877 strlcpy(key_loc, fstab->recs[i].key_loc, size);
878 }
879 if (real_blk_device) {
880 strlcpy(real_blk_device, fstab->recs[i].blk_device, size);
881 }
882 break;
883 }
884
885 return 0;
886 }
887