1 /*
2 * Copyright (C) 2014 The Android Open Source Project
3 *
4 * Licensed under the Apache License, Version 2.0 (the "License");
5 * you may not use this file except in compliance with the License.
6 * You may obtain a copy of the License at
7 *
8 * http://www.apache.org/licenses/LICENSE-2.0
9 *
10 * Unless required by applicable law or agreed to in writing, software
11 * distributed under the License is distributed on an "AS IS" BASIS,
12 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13 * See the License for the specific language governing permissions and
14 * limitations under the License.
15 */
16
17 // This program takes a file on an ext4 filesystem and produces a list
18 // of the blocks that file occupies, which enables the file contents
19 // to be read directly from the block device without mounting the
20 // filesystem.
21 //
22 // If the filesystem is using an encrypted block device, it will also
23 // read the file and rewrite it to the same blocks of the underlying
24 // (unencrypted) block device, so the file contents can be read
25 // without the need for the decryption key.
26 //
27 // The output of this program is a "block map" which looks like this:
28 //
29 // /dev/block/platform/msm_sdcc.1/by-name/userdata # block device
30 // 49652 4096 # file size in bytes, block size
31 // 3 # count of block ranges
32 // 1000 1008 # block range 0
33 // 2100 2102 # ... block range 1
34 // 30 33 # ... block range 2
35 //
36 // Each block range represents a half-open interval; the line "30 33"
37 // reprents the blocks [30, 31, 32].
38 //
39 // Recovery can take this block map file and retrieve the underlying
40 // file data to use as an update package.
41
42 /**
43 * In addition to the uncrypt work, uncrypt also takes care of setting and
44 * clearing the bootloader control block (BCB) at /misc partition.
45 *
46 * uncrypt is triggered as init services on demand. It uses socket to
47 * communicate with its caller (i.e. system_server). The socket is managed by
48 * init (i.e. created prior to the service starts, and destroyed when uncrypt
49 * exits).
50 *
51 * Below is the uncrypt protocol.
52 *
53 * a. caller b. init c. uncrypt
54 * --------------- ------------ --------------
55 * a1. ctl.start:
56 * setup-bcb /
57 * clear-bcb /
58 * uncrypt
59 *
60 * b2. create socket at
61 * /dev/socket/uncrypt
62 *
63 * c3. listen and accept
64 *
65 * a4. send a 4-byte int
66 * (message length)
67 * c5. receive message length
68 * a6. send message
69 * c7. receive message
70 * c8. <do the work; may send
71 * the progress>
72 * a9. <may handle progress>
73 * c10. <upon finishing>
74 * send "100" or "-1"
75 *
76 * a11. receive status code
77 * a12. send a 4-byte int to
78 * ack the receive of the
79 * final status code
80 * c13. receive and exit
81 *
82 * b14. destroy the socket
83 *
84 * Note that a12 and c13 are necessary to ensure a11 happens before the socket
85 * gets destroyed in b14.
86 */
87
88 #include <arpa/inet.h>
89 #include <errno.h>
90 #include <fcntl.h>
91 #include <inttypes.h>
92 #include <libgen.h>
93 #include <linux/fs.h>
94 #include <stdarg.h>
95 #include <stdio.h>
96 #include <stdlib.h>
97 #include <string.h>
98 #include <sys/mman.h>
99 #include <sys/socket.h>
100 #include <sys/stat.h>
101 #include <sys/types.h>
102 #include <unistd.h>
103
104 #include <algorithm>
105 #include <memory>
106 #include <vector>
107
108 #include <android-base/file.h>
109 #include <android-base/logging.h>
110 #include <android-base/properties.h>
111 #include <android-base/stringprintf.h>
112 #include <android-base/strings.h>
113 #include <android-base/unique_fd.h>
114 #include <bootloader_message/bootloader_message.h>
115 #include <cutils/android_reboot.h>
116 #include <cutils/sockets.h>
117 #include <fs_mgr.h>
118
119 #include "otautil/error_code.h"
120
121 static constexpr int WINDOW_SIZE = 5;
122 static constexpr int FIBMAP_RETRY_LIMIT = 3;
123
124 // uncrypt provides three services: SETUP_BCB, CLEAR_BCB and UNCRYPT.
125 //
126 // SETUP_BCB and CLEAR_BCB services use socket communication and do not rely
127 // on /cache partitions. They will handle requests to reboot into recovery
128 // (for applying updates for non-A/B devices, or factory resets for all
129 // devices).
130 //
131 // UNCRYPT service still needs files on /cache partition (UNCRYPT_PATH_FILE
132 // and CACHE_BLOCK_MAP). It will be working (and needed) only for non-A/B
133 // devices, on which /cache partitions always exist.
134 static const std::string CACHE_BLOCK_MAP = "/cache/recovery/block.map";
135 static const std::string UNCRYPT_PATH_FILE = "/cache/recovery/uncrypt_file";
136 static const std::string UNCRYPT_STATUS = "/cache/recovery/uncrypt_status";
137 static const std::string UNCRYPT_SOCKET = "uncrypt";
138
139 static struct fstab* fstab = nullptr;
140
write_at_offset(unsigned char * buffer,size_t size,int wfd,off64_t offset)141 static int write_at_offset(unsigned char* buffer, size_t size, int wfd, off64_t offset) {
142 if (TEMP_FAILURE_RETRY(lseek64(wfd, offset, SEEK_SET)) == -1) {
143 PLOG(ERROR) << "error seeking to offset " << offset;
144 return -1;
145 }
146 if (!android::base::WriteFully(wfd, buffer, size)) {
147 PLOG(ERROR) << "error writing offset " << offset;
148 return -1;
149 }
150 return 0;
151 }
152
add_block_to_ranges(std::vector<int> & ranges,int new_block)153 static void add_block_to_ranges(std::vector<int>& ranges, int new_block) {
154 if (!ranges.empty() && new_block == ranges.back()) {
155 // If the new block comes immediately after the current range,
156 // all we have to do is extend the current range.
157 ++ranges.back();
158 } else {
159 // We need to start a new range.
160 ranges.push_back(new_block);
161 ranges.push_back(new_block + 1);
162 }
163 }
164
read_fstab()165 static struct fstab* read_fstab() {
166 fstab = fs_mgr_read_fstab_default();
167 if (!fstab) {
168 LOG(ERROR) << "failed to read default fstab";
169 return NULL;
170 }
171
172 return fstab;
173 }
174
find_block_device(const char * path,bool * encryptable,bool * encrypted,bool * f2fs_fs)175 static const char* find_block_device(const char* path, bool* encryptable, bool* encrypted, bool *f2fs_fs) {
176 // Look for a volume whose mount point is the prefix of path and
177 // return its block device. Set encrypted if it's currently
178 // encrypted.
179
180 // ensure f2fs_fs is set to 0 first.
181 if (f2fs_fs)
182 *f2fs_fs = false;
183 for (int i = 0; i < fstab->num_entries; ++i) {
184 struct fstab_rec* v = &fstab->recs[i];
185 if (!v->mount_point) {
186 continue;
187 }
188 int len = strlen(v->mount_point);
189 if (strncmp(path, v->mount_point, len) == 0 &&
190 (path[len] == '/' || path[len] == 0)) {
191 *encrypted = false;
192 *encryptable = false;
193 if (fs_mgr_is_encryptable(v) || fs_mgr_is_file_encrypted(v)) {
194 *encryptable = true;
195 if (android::base::GetProperty("ro.crypto.state", "") == "encrypted") {
196 *encrypted = true;
197 }
198 }
199 if (f2fs_fs && strcmp(v->fs_type, "f2fs") == 0)
200 *f2fs_fs = true;
201 return v->blk_device;
202 }
203 }
204
205 return NULL;
206 }
207
write_status_to_socket(int status,int socket)208 static bool write_status_to_socket(int status, int socket) {
209 // If socket equals -1, uncrypt is in debug mode without socket communication.
210 // Skip writing and return success.
211 if (socket == -1) {
212 return true;
213 }
214 int status_out = htonl(status);
215 return android::base::WriteFully(socket, &status_out, sizeof(int));
216 }
217
218 // Parse uncrypt_file to find the update package name.
find_uncrypt_package(const std::string & uncrypt_path_file,std::string * package_name)219 static bool find_uncrypt_package(const std::string& uncrypt_path_file, std::string* package_name) {
220 CHECK(package_name != nullptr);
221 std::string uncrypt_path;
222 if (!android::base::ReadFileToString(uncrypt_path_file, &uncrypt_path)) {
223 PLOG(ERROR) << "failed to open \"" << uncrypt_path_file << "\"";
224 return false;
225 }
226
227 // Remove the trailing '\n' if present.
228 *package_name = android::base::Trim(uncrypt_path);
229 return true;
230 }
231
retry_fibmap(const int fd,const char * name,int * block,const int head_block)232 static int retry_fibmap(const int fd, const char* name, int* block, const int head_block) {
233 CHECK(block != nullptr);
234 for (size_t i = 0; i < FIBMAP_RETRY_LIMIT; i++) {
235 if (fsync(fd) == -1) {
236 PLOG(ERROR) << "failed to fsync \"" << name << "\"";
237 return kUncryptFileSyncError;
238 }
239 if (ioctl(fd, FIBMAP, block) != 0) {
240 PLOG(ERROR) << "failed to find block " << head_block;
241 return kUncryptIoctlError;
242 }
243 if (*block != 0) {
244 return kUncryptNoError;
245 }
246 sleep(1);
247 }
248 LOG(ERROR) << "fibmap of " << head_block << "always returns 0";
249 return kUncryptIoctlError;
250 }
251
produce_block_map(const char * path,const char * map_file,const char * blk_dev,bool encrypted,bool f2fs_fs,int socket)252 static int produce_block_map(const char* path, const char* map_file, const char* blk_dev,
253 bool encrypted, bool f2fs_fs, int socket) {
254 std::string err;
255 if (!android::base::RemoveFileIfExists(map_file, &err)) {
256 LOG(ERROR) << "failed to remove the existing map file " << map_file << ": " << err;
257 return kUncryptFileRemoveError;
258 }
259 std::string tmp_map_file = std::string(map_file) + ".tmp";
260 android::base::unique_fd mapfd(open(tmp_map_file.c_str(),
261 O_WRONLY | O_CREAT, S_IRUSR | S_IWUSR));
262 if (mapfd == -1) {
263 PLOG(ERROR) << "failed to open " << tmp_map_file;
264 return kUncryptFileOpenError;
265 }
266
267 // Make sure we can write to the socket.
268 if (!write_status_to_socket(0, socket)) {
269 LOG(ERROR) << "failed to write to socket " << socket;
270 return kUncryptSocketWriteError;
271 }
272
273 struct stat sb;
274 if (stat(path, &sb) != 0) {
275 LOG(ERROR) << "failed to stat " << path;
276 return kUncryptFileStatError;
277 }
278
279 LOG(INFO) << " block size: " << sb.st_blksize << " bytes";
280
281 int blocks = ((sb.st_size-1) / sb.st_blksize) + 1;
282 LOG(INFO) << " file size: " << sb.st_size << " bytes, " << blocks << " blocks";
283
284 std::vector<int> ranges;
285
286 std::string s = android::base::StringPrintf("%s\n%" PRId64 " %" PRId64 "\n",
287 blk_dev, static_cast<int64_t>(sb.st_size),
288 static_cast<int64_t>(sb.st_blksize));
289 if (!android::base::WriteStringToFd(s, mapfd)) {
290 PLOG(ERROR) << "failed to write " << tmp_map_file;
291 return kUncryptWriteError;
292 }
293
294 std::vector<std::vector<unsigned char>> buffers;
295 if (encrypted) {
296 buffers.resize(WINDOW_SIZE, std::vector<unsigned char>(sb.st_blksize));
297 }
298 int head_block = 0;
299 int head = 0, tail = 0;
300
301 android::base::unique_fd fd(open(path, O_RDONLY));
302 if (fd == -1) {
303 PLOG(ERROR) << "failed to open " << path << " for reading";
304 return kUncryptFileOpenError;
305 }
306
307 android::base::unique_fd wfd;
308 if (encrypted) {
309 wfd.reset(open(blk_dev, O_WRONLY));
310 if (wfd == -1) {
311 PLOG(ERROR) << "failed to open " << blk_dev << " for writing";
312 return kUncryptBlockOpenError;
313 }
314 }
315
316 #ifndef F2FS_IOC_SET_DONTMOVE
317 #ifndef F2FS_IOCTL_MAGIC
318 #define F2FS_IOCTL_MAGIC 0xf5
319 #endif
320 #define F2FS_IOC_SET_DONTMOVE _IO(F2FS_IOCTL_MAGIC, 13)
321 #endif
322 if (f2fs_fs && ioctl(fd, F2FS_IOC_SET_DONTMOVE) < 0) {
323 PLOG(ERROR) << "Failed to set non-movable file for f2fs: " << path << " on " << blk_dev;
324 return kUncryptIoctlError;
325 }
326
327 off64_t pos = 0;
328 int last_progress = 0;
329 while (pos < sb.st_size) {
330 // Update the status file, progress must be between [0, 99].
331 int progress = static_cast<int>(100 * (double(pos) / double(sb.st_size)));
332 if (progress > last_progress) {
333 last_progress = progress;
334 write_status_to_socket(progress, socket);
335 }
336
337 if ((tail+1) % WINDOW_SIZE == head) {
338 // write out head buffer
339 int block = head_block;
340 if (ioctl(fd, FIBMAP, &block) != 0) {
341 PLOG(ERROR) << "failed to find block " << head_block;
342 return kUncryptIoctlError;
343 }
344
345 if (block == 0) {
346 LOG(ERROR) << "failed to find block " << head_block << ", retrying";
347 int error = retry_fibmap(fd, path, &block, head_block);
348 if (error != kUncryptNoError) {
349 return error;
350 }
351 }
352
353 add_block_to_ranges(ranges, block);
354 if (encrypted) {
355 if (write_at_offset(buffers[head].data(), sb.st_blksize, wfd,
356 static_cast<off64_t>(sb.st_blksize) * block) != 0) {
357 return kUncryptWriteError;
358 }
359 }
360 head = (head + 1) % WINDOW_SIZE;
361 ++head_block;
362 }
363
364 // read next block to tail
365 if (encrypted) {
366 size_t to_read = static_cast<size_t>(
367 std::min(static_cast<off64_t>(sb.st_blksize), sb.st_size - pos));
368 if (!android::base::ReadFully(fd, buffers[tail].data(), to_read)) {
369 PLOG(ERROR) << "failed to read " << path;
370 return kUncryptReadError;
371 }
372 pos += to_read;
373 } else {
374 // If we're not encrypting; we don't need to actually read
375 // anything, just skip pos forward as if we'd read a
376 // block.
377 pos += sb.st_blksize;
378 }
379 tail = (tail+1) % WINDOW_SIZE;
380 }
381
382 while (head != tail) {
383 // write out head buffer
384 int block = head_block;
385 if (ioctl(fd, FIBMAP, &block) != 0) {
386 PLOG(ERROR) << "failed to find block " << head_block;
387 return kUncryptIoctlError;
388 }
389
390 if (block == 0) {
391 LOG(ERROR) << "failed to find block " << head_block << ", retrying";
392 int error = retry_fibmap(fd, path, &block, head_block);
393 if (error != kUncryptNoError) {
394 return error;
395 }
396 }
397
398 add_block_to_ranges(ranges, block);
399 if (encrypted) {
400 if (write_at_offset(buffers[head].data(), sb.st_blksize, wfd,
401 static_cast<off64_t>(sb.st_blksize) * block) != 0) {
402 return kUncryptWriteError;
403 }
404 }
405 head = (head + 1) % WINDOW_SIZE;
406 ++head_block;
407 }
408
409 if (!android::base::WriteStringToFd(
410 android::base::StringPrintf("%zu\n", ranges.size() / 2), mapfd)) {
411 PLOG(ERROR) << "failed to write " << tmp_map_file;
412 return kUncryptWriteError;
413 }
414 for (size_t i = 0; i < ranges.size(); i += 2) {
415 if (!android::base::WriteStringToFd(
416 android::base::StringPrintf("%d %d\n", ranges[i], ranges[i+1]), mapfd)) {
417 PLOG(ERROR) << "failed to write " << tmp_map_file;
418 return kUncryptWriteError;
419 }
420 }
421
422 if (fsync(mapfd) == -1) {
423 PLOG(ERROR) << "failed to fsync \"" << tmp_map_file << "\"";
424 return kUncryptFileSyncError;
425 }
426 if (close(mapfd.release()) == -1) {
427 PLOG(ERROR) << "failed to close " << tmp_map_file;
428 return kUncryptFileCloseError;
429 }
430
431 if (encrypted) {
432 if (fsync(wfd) == -1) {
433 PLOG(ERROR) << "failed to fsync \"" << blk_dev << "\"";
434 return kUncryptFileSyncError;
435 }
436 if (close(wfd.release()) == -1) {
437 PLOG(ERROR) << "failed to close " << blk_dev;
438 return kUncryptFileCloseError;
439 }
440 }
441
442 if (rename(tmp_map_file.c_str(), map_file) == -1) {
443 PLOG(ERROR) << "failed to rename " << tmp_map_file << " to " << map_file;
444 return kUncryptFileRenameError;
445 }
446 // Sync dir to make rename() result written to disk.
447 std::string file_name = map_file;
448 std::string dir_name = dirname(&file_name[0]);
449 android::base::unique_fd dfd(open(dir_name.c_str(), O_RDONLY | O_DIRECTORY));
450 if (dfd == -1) {
451 PLOG(ERROR) << "failed to open dir " << dir_name;
452 return kUncryptFileOpenError;
453 }
454 if (fsync(dfd) == -1) {
455 PLOG(ERROR) << "failed to fsync " << dir_name;
456 return kUncryptFileSyncError;
457 }
458 if (close(dfd.release()) == -1) {
459 PLOG(ERROR) << "failed to close " << dir_name;
460 return kUncryptFileCloseError;
461 }
462 return 0;
463 }
464
uncrypt(const char * input_path,const char * map_file,const int socket)465 static int uncrypt(const char* input_path, const char* map_file, const int socket) {
466 LOG(INFO) << "update package is \"" << input_path << "\"";
467
468 // Turn the name of the file we're supposed to convert into an absolute path, so we can find
469 // what filesystem it's on.
470 char path[PATH_MAX+1];
471 if (realpath(input_path, path) == nullptr) {
472 PLOG(ERROR) << "failed to convert \"" << input_path << "\" to absolute path";
473 return kUncryptRealpathFindError;
474 }
475
476 bool encryptable;
477 bool encrypted;
478 bool f2fs_fs;
479 const char* blk_dev = find_block_device(path, &encryptable, &encrypted, &f2fs_fs);
480 if (blk_dev == nullptr) {
481 LOG(ERROR) << "failed to find block device for " << path;
482 return kUncryptBlockDeviceFindError;
483 }
484
485 // If the filesystem it's on isn't encrypted, we only produce the
486 // block map, we don't rewrite the file contents (it would be
487 // pointless to do so).
488 LOG(INFO) << "encryptable: " << (encryptable ? "yes" : "no");
489 LOG(INFO) << " encrypted: " << (encrypted ? "yes" : "no");
490
491 // Recovery supports installing packages from 3 paths: /cache,
492 // /data, and /sdcard. (On a particular device, other locations
493 // may work, but those are three we actually expect.)
494 //
495 // On /data we want to convert the file to a block map so that we
496 // can read the package without mounting the partition. On /cache
497 // and /sdcard we leave the file alone.
498 if (strncmp(path, "/data/", 6) == 0) {
499 LOG(INFO) << "writing block map " << map_file;
500 return produce_block_map(path, map_file, blk_dev, encrypted, f2fs_fs, socket);
501 }
502
503 return 0;
504 }
505
log_uncrypt_error_code(UncryptErrorCode error_code)506 static void log_uncrypt_error_code(UncryptErrorCode error_code) {
507 if (!android::base::WriteStringToFile(android::base::StringPrintf(
508 "uncrypt_error: %d\n", error_code), UNCRYPT_STATUS)) {
509 PLOG(WARNING) << "failed to write to " << UNCRYPT_STATUS;
510 }
511 }
512
uncrypt_wrapper(const char * input_path,const char * map_file,const int socket)513 static bool uncrypt_wrapper(const char* input_path, const char* map_file, const int socket) {
514 // Initialize the uncrypt error to kUncryptErrorPlaceholder.
515 log_uncrypt_error_code(kUncryptErrorPlaceholder);
516
517 std::string package;
518 if (input_path == nullptr) {
519 if (!find_uncrypt_package(UNCRYPT_PATH_FILE, &package)) {
520 write_status_to_socket(-1, socket);
521 // Overwrite the error message.
522 log_uncrypt_error_code(kUncryptPackageMissingError);
523 return false;
524 }
525 input_path = package.c_str();
526 }
527 CHECK(map_file != nullptr);
528
529 auto start = std::chrono::system_clock::now();
530 int status = uncrypt(input_path, map_file, socket);
531 std::chrono::duration<double> duration = std::chrono::system_clock::now() - start;
532 int count = static_cast<int>(duration.count());
533
534 std::string uncrypt_message = android::base::StringPrintf("uncrypt_time: %d\n", count);
535 if (status != 0) {
536 // Log the time cost and error code if uncrypt fails.
537 uncrypt_message += android::base::StringPrintf("uncrypt_error: %d\n", status);
538 if (!android::base::WriteStringToFile(uncrypt_message, UNCRYPT_STATUS)) {
539 PLOG(WARNING) << "failed to write to " << UNCRYPT_STATUS;
540 }
541
542 write_status_to_socket(-1, socket);
543 return false;
544 }
545
546 if (!android::base::WriteStringToFile(uncrypt_message, UNCRYPT_STATUS)) {
547 PLOG(WARNING) << "failed to write to " << UNCRYPT_STATUS;
548 }
549
550 write_status_to_socket(100, socket);
551
552 return true;
553 }
554
clear_bcb(const int socket)555 static bool clear_bcb(const int socket) {
556 std::string err;
557 if (!clear_bootloader_message(&err)) {
558 LOG(ERROR) << "failed to clear bootloader message: " << err;
559 write_status_to_socket(-1, socket);
560 return false;
561 }
562 write_status_to_socket(100, socket);
563 return true;
564 }
565
setup_bcb(const int socket)566 static bool setup_bcb(const int socket) {
567 // c5. receive message length
568 int length;
569 if (!android::base::ReadFully(socket, &length, 4)) {
570 PLOG(ERROR) << "failed to read the length";
571 return false;
572 }
573 length = ntohl(length);
574
575 // c7. receive message
576 std::string content;
577 content.resize(length);
578 if (!android::base::ReadFully(socket, &content[0], length)) {
579 PLOG(ERROR) << "failed to read the message";
580 return false;
581 }
582 LOG(INFO) << " received command: [" << content << "] (" << content.size() << ")";
583 std::vector<std::string> options = android::base::Split(content, "\n");
584 std::string wipe_package;
585 for (auto& option : options) {
586 if (android::base::StartsWith(option, "--wipe_package=")) {
587 std::string path = option.substr(strlen("--wipe_package="));
588 if (!android::base::ReadFileToString(path, &wipe_package)) {
589 PLOG(ERROR) << "failed to read " << path;
590 return false;
591 }
592 option = android::base::StringPrintf("--wipe_package_size=%zu", wipe_package.size());
593 }
594 }
595
596 // c8. setup the bcb command
597 std::string err;
598 if (!write_bootloader_message(options, &err)) {
599 LOG(ERROR) << "failed to set bootloader message: " << err;
600 write_status_to_socket(-1, socket);
601 return false;
602 }
603 if (!wipe_package.empty() && !write_wipe_package(wipe_package, &err)) {
604 PLOG(ERROR) << "failed to set wipe package: " << err;
605 write_status_to_socket(-1, socket);
606 return false;
607 }
608 // c10. send "100" status
609 write_status_to_socket(100, socket);
610 return true;
611 }
612
usage(const char * exename)613 static void usage(const char* exename) {
614 fprintf(stderr, "Usage of %s:\n", exename);
615 fprintf(stderr, "%s [<package_path> <map_file>] Uncrypt ota package.\n", exename);
616 fprintf(stderr, "%s --clear-bcb Clear BCB data in misc partition.\n", exename);
617 fprintf(stderr, "%s --setup-bcb Setup BCB data by command file.\n", exename);
618 }
619
main(int argc,char ** argv)620 int main(int argc, char** argv) {
621 enum { UNCRYPT, SETUP_BCB, CLEAR_BCB, UNCRYPT_DEBUG } action;
622 const char* input_path = nullptr;
623 const char* map_file = CACHE_BLOCK_MAP.c_str();
624
625 if (argc == 2 && strcmp(argv[1], "--clear-bcb") == 0) {
626 action = CLEAR_BCB;
627 } else if (argc == 2 && strcmp(argv[1], "--setup-bcb") == 0) {
628 action = SETUP_BCB;
629 } else if (argc == 1) {
630 action = UNCRYPT;
631 } else if (argc == 3) {
632 input_path = argv[1];
633 map_file = argv[2];
634 action = UNCRYPT_DEBUG;
635 } else {
636 usage(argv[0]);
637 return 2;
638 }
639
640 if ((fstab = read_fstab()) == nullptr) {
641 log_uncrypt_error_code(kUncryptFstabReadError);
642 return 1;
643 }
644
645 if (action == UNCRYPT_DEBUG) {
646 LOG(INFO) << "uncrypt called in debug mode, skip socket communication";
647 bool success = uncrypt_wrapper(input_path, map_file, -1);
648 if (success) {
649 LOG(INFO) << "uncrypt succeeded";
650 } else{
651 LOG(INFO) << "uncrypt failed";
652 }
653 return success ? 0 : 1;
654 }
655
656 // c3. The socket is created by init when starting the service. uncrypt
657 // will use the socket to communicate with its caller.
658 android::base::unique_fd service_socket(android_get_control_socket(UNCRYPT_SOCKET.c_str()));
659 if (service_socket == -1) {
660 PLOG(ERROR) << "failed to open socket \"" << UNCRYPT_SOCKET << "\"";
661 log_uncrypt_error_code(kUncryptSocketOpenError);
662 return 1;
663 }
664 fcntl(service_socket, F_SETFD, FD_CLOEXEC);
665
666 if (listen(service_socket, 1) == -1) {
667 PLOG(ERROR) << "failed to listen on socket " << service_socket.get();
668 log_uncrypt_error_code(kUncryptSocketListenError);
669 return 1;
670 }
671
672 android::base::unique_fd socket_fd(accept4(service_socket, nullptr, nullptr, SOCK_CLOEXEC));
673 if (socket_fd == -1) {
674 PLOG(ERROR) << "failed to accept on socket " << service_socket.get();
675 log_uncrypt_error_code(kUncryptSocketAcceptError);
676 return 1;
677 }
678
679 bool success = false;
680 switch (action) {
681 case UNCRYPT:
682 success = uncrypt_wrapper(input_path, map_file, socket_fd);
683 break;
684 case SETUP_BCB:
685 success = setup_bcb(socket_fd);
686 break;
687 case CLEAR_BCB:
688 success = clear_bcb(socket_fd);
689 break;
690 default: // Should never happen.
691 LOG(ERROR) << "Invalid uncrypt action code: " << action;
692 return 1;
693 }
694
695 // c13. Read a 4-byte code from the client before uncrypt exits. This is to
696 // ensure the client to receive the last status code before the socket gets
697 // destroyed.
698 int code;
699 if (android::base::ReadFully(socket_fd, &code, 4)) {
700 LOG(INFO) << " received " << code << ", exiting now";
701 } else {
702 PLOG(ERROR) << "failed to read the code";
703 }
704 return success ? 0 : 1;
705 }
706