diff options
Diffstat (limited to 'uncrypt')
| -rw-r--r-- | uncrypt/Android.mk | 12 | ||||
| -rw-r--r-- | uncrypt/uncrypt.cpp | 258 |
2 files changed, 156 insertions, 114 deletions
diff --git a/uncrypt/Android.mk b/uncrypt/Android.mk index debec7f95..56c3b4ccc 100644 --- a/uncrypt/Android.mk +++ b/uncrypt/Android.mk @@ -24,12 +24,14 @@ LOCAL_SRC_FILES := uncrypt.cpp LOCAL_MODULE_TAGS := optional LOCAL_C_INCLUDES := $(LOCAL_PATH)/.. - LOCAL_MODULE := uncrypt - -LOCAL_STATIC_LIBRARIES := libbootloader_message libbase \ - liblog libfs_mgr libcutils \ - +LOCAL_STATIC_LIBRARIES := \ + libbootloader_message \ + libbase \ + liblog \ + libfs_mgr \ + libcutils +LOCAL_CFLAGS := -Werror LOCAL_INIT_RC := uncrypt.rc include $(BUILD_EXECUTABLE) diff --git a/uncrypt/uncrypt.cpp b/uncrypt/uncrypt.cpp index 280568d23..ad3bdce7a 100644 --- a/uncrypt/uncrypt.cpp +++ b/uncrypt/uncrypt.cpp @@ -107,21 +107,19 @@ #include <android-base/file.h> #include <android-base/logging.h> +#include <android-base/properties.h> #include <android-base/stringprintf.h> #include <android-base/strings.h> +#include <android-base/unique_fd.h> #include <bootloader_message/bootloader_message.h> #include <cutils/android_reboot.h> -#include <cutils/properties.h> #include <cutils/sockets.h> #include <fs_mgr.h> -#define LOG_TAG "uncrypt" -#include <log/log.h> - #include "error_code.h" -#include "unique_fd.h" -#define WINDOW_SIZE 5 +static constexpr int WINDOW_SIZE = 5; +static constexpr int FIBMAP_RETRY_LIMIT = 3; // uncrypt provides three services: SETUP_BCB, CLEAR_BCB and UNCRYPT. // @@ -142,11 +140,11 @@ static struct fstab* fstab = nullptr; static int write_at_offset(unsigned char* buffer, size_t size, int wfd, off64_t offset) { if (TEMP_FAILURE_RETRY(lseek64(wfd, offset, SEEK_SET)) == -1) { - ALOGE("error seeking to offset %" PRId64 ": %s", offset, strerror(errno)); + PLOG(ERROR) << "error seeking to offset " << offset; return -1; } if (!android::base::WriteFully(wfd, buffer, size)) { - ALOGE("error writing offset %" PRId64 ": %s", offset, strerror(errno)); + PLOG(ERROR) << "error writing offset " << offset; return -1; } return 0; @@ -165,18 +163,9 @@ static void add_block_to_ranges(std::vector<int>& ranges, int new_block) { } static struct fstab* read_fstab() { - fstab = NULL; - - // The fstab path is always "/fstab.${ro.hardware}". - char fstab_path[PATH_MAX+1] = "/fstab."; - if (!property_get("ro.hardware", fstab_path+strlen(fstab_path), "")) { - ALOGE("failed to get ro.hardware"); - return NULL; - } - - fstab = fs_mgr_read_fstab(fstab_path); + fstab = fs_mgr_read_fstab_default(); if (!fstab) { - ALOGE("failed to read %s", fstab_path); + LOG(ERROR) << "failed to read default fstab"; return NULL; } @@ -199,9 +188,7 @@ static const char* find_block_device(const char* path, bool* encryptable, bool* *encryptable = false; if (fs_mgr_is_encryptable(v) || fs_mgr_is_file_encrypted(v)) { *encryptable = true; - char buffer[PROPERTY_VALUE_MAX+1]; - if (property_get("ro.crypto.state", buffer, "") && - strcmp(buffer, "encrypted") == 0) { + if (android::base::GetProperty("ro.crypto.state", "") == "encrypted") { *encrypted = true; } } @@ -213,6 +200,11 @@ static const char* find_block_device(const char* path, bool* encryptable, bool* } static bool write_status_to_socket(int status, int socket) { + // If socket equals -1, uncrypt is in debug mode without socket communication. + // Skip writing and return success. + if (socket == -1) { + return true; + } int status_out = htonl(status); return android::base::WriteFully(socket, &status_out, sizeof(int)); } @@ -222,7 +214,7 @@ static bool find_uncrypt_package(const std::string& uncrypt_path_file, std::stri CHECK(package_name != nullptr); std::string uncrypt_path; if (!android::base::ReadFileToString(uncrypt_path_file, &uncrypt_path)) { - ALOGE("failed to open \"%s\": %s", uncrypt_path_file.c_str(), strerror(errno)); + PLOG(ERROR) << "failed to open \"" << uncrypt_path_file << "\""; return false; } @@ -231,43 +223,65 @@ static bool find_uncrypt_package(const std::string& uncrypt_path_file, std::stri return true; } +static int retry_fibmap(const int fd, const char* name, int* block, const int head_block) { + CHECK(block != nullptr); + for (size_t i = 0; i < FIBMAP_RETRY_LIMIT; i++) { + if (fsync(fd) == -1) { + PLOG(ERROR) << "failed to fsync \"" << name << "\""; + return kUncryptFileSyncError; + } + if (ioctl(fd, FIBMAP, block) != 0) { + PLOG(ERROR) << "failed to find block " << head_block; + return kUncryptIoctlError; + } + if (*block != 0) { + return kUncryptNoError; + } + sleep(1); + } + LOG(ERROR) << "fibmap of " << head_block << "always returns 0"; + return kUncryptIoctlError; +} + static int produce_block_map(const char* path, const char* map_file, const char* blk_dev, bool encrypted, int socket) { std::string err; if (!android::base::RemoveFileIfExists(map_file, &err)) { - ALOGE("failed to remove the existing map file %s: %s", map_file, err.c_str()); + LOG(ERROR) << "failed to remove the existing map file " << map_file << ": " << err; return kUncryptFileRemoveError; } std::string tmp_map_file = std::string(map_file) + ".tmp"; - unique_fd mapfd(open(tmp_map_file.c_str(), O_WRONLY | O_CREAT, S_IRUSR | S_IWUSR)); - if (!mapfd) { - ALOGE("failed to open %s: %s\n", tmp_map_file.c_str(), strerror(errno)); + android::base::unique_fd mapfd(open(tmp_map_file.c_str(), + O_WRONLY | O_CREAT, S_IRUSR | S_IWUSR)); + if (mapfd == -1) { + PLOG(ERROR) << "failed to open " << tmp_map_file; return kUncryptFileOpenError; } // Make sure we can write to the socket. if (!write_status_to_socket(0, socket)) { - ALOGE("failed to write to socket %d\n", socket); + LOG(ERROR) << "failed to write to socket " << socket; return kUncryptSocketWriteError; } struct stat sb; if (stat(path, &sb) != 0) { - ALOGE("failed to stat %s", path); + LOG(ERROR) << "failed to stat " << path; return kUncryptFileStatError; } - ALOGI(" block size: %ld bytes", static_cast<long>(sb.st_blksize)); + LOG(INFO) << " block size: " << sb.st_blksize << " bytes"; int blocks = ((sb.st_size-1) / sb.st_blksize) + 1; - ALOGI(" file size: %" PRId64 " bytes, %d blocks", sb.st_size, blocks); + LOG(INFO) << " file size: " << sb.st_size << " bytes, " << blocks << " blocks"; std::vector<int> ranges; - std::string s = android::base::StringPrintf("%s\n%" PRId64 " %ld\n", - blk_dev, sb.st_size, static_cast<long>(sb.st_blksize)); - if (!android::base::WriteStringToFd(s, mapfd.get())) { - ALOGE("failed to write %s: %s", tmp_map_file.c_str(), strerror(errno)); + std::string s = android::base::StringPrintf("%s\n%" PRId64 " %" PRId64 "\n", + blk_dev, static_cast<int64_t>(sb.st_size), + static_cast<int64_t>(sb.st_blksize)); + if (!android::base::WriteStringToFd(s, mapfd)) { + PLOG(ERROR) << "failed to write " << tmp_map_file; return kUncryptWriteError; } @@ -278,17 +292,17 @@ static int produce_block_map(const char* path, const char* map_file, const char* int head_block = 0; int head = 0, tail = 0; - unique_fd fd(open(path, O_RDONLY)); - if (!fd) { - ALOGE("failed to open %s for reading: %s", path, strerror(errno)); + android::base::unique_fd fd(open(path, O_RDONLY)); + if (fd == -1) { + PLOG(ERROR) << "failed to open " << path << " for reading"; return kUncryptFileOpenError; } - unique_fd wfd(-1); + android::base::unique_fd wfd; if (encrypted) { - wfd = open(blk_dev, O_WRONLY); - if (!wfd) { - ALOGE("failed to open fd for writing: %s", strerror(errno)); + wfd.reset(open(blk_dev, O_WRONLY)); + if (wfd == -1) { + PLOG(ERROR) << "failed to open " << blk_dev << " for writing"; return kUncryptBlockOpenError; } } @@ -306,14 +320,23 @@ static int produce_block_map(const char* path, const char* map_file, const char* if ((tail+1) % WINDOW_SIZE == head) { // write out head buffer int block = head_block; - if (ioctl(fd.get(), FIBMAP, &block) != 0) { - ALOGE("failed to find block %d", head_block); + if (ioctl(fd, FIBMAP, &block) != 0) { + PLOG(ERROR) << "failed to find block " << head_block; return kUncryptIoctlError; } + + if (block == 0) { + LOG(ERROR) << "failed to find block " << head_block << ", retrying"; + int error = retry_fibmap(fd, path, &block, head_block); + if (error != kUncryptNoError) { + return error; + } + } + add_block_to_ranges(ranges, block); if (encrypted) { - if (write_at_offset(buffers[head].data(), sb.st_blksize, wfd.get(), - static_cast<off64_t>(sb.st_blksize) * block) != 0) { + if (write_at_offset(buffers[head].data(), sb.st_blksize, wfd, + static_cast<off64_t>(sb.st_blksize) * block) != 0) { return kUncryptWriteError; } } @@ -325,8 +348,8 @@ static int produce_block_map(const char* path, const char* map_file, const char* if (encrypted) { size_t to_read = static_cast<size_t>( std::min(static_cast<off64_t>(sb.st_blksize), sb.st_size - pos)); - if (!android::base::ReadFully(fd.get(), buffers[tail].data(), to_read)) { - ALOGE("failed to read: %s", strerror(errno)); + if (!android::base::ReadFully(fd, buffers[tail].data(), to_read)) { + PLOG(ERROR) << "failed to read " << path; return kUncryptReadError; } pos += to_read; @@ -342,14 +365,23 @@ static int produce_block_map(const char* path, const char* map_file, const char* while (head != tail) { // write out head buffer int block = head_block; - if (ioctl(fd.get(), FIBMAP, &block) != 0) { - ALOGE("failed to find block %d", head_block); + if (ioctl(fd, FIBMAP, &block) != 0) { + PLOG(ERROR) << "failed to find block " << head_block; return kUncryptIoctlError; } + + if (block == 0) { + LOG(ERROR) << "failed to find block " << head_block << ", retrying"; + int error = retry_fibmap(fd, path, &block, head_block); + if (error != kUncryptNoError) { + return error; + } + } + add_block_to_ranges(ranges, block); if (encrypted) { - if (write_at_offset(buffers[head].data(), sb.st_blksize, wfd.get(), - static_cast<off64_t>(sb.st_blksize) * block) != 0) { + if (write_at_offset(buffers[head].data(), sb.st_blksize, wfd, + static_cast<off64_t>(sb.st_blksize) * block) != 0) { return kUncryptWriteError; } } @@ -358,72 +390,69 @@ static int produce_block_map(const char* path, const char* map_file, const char* } if (!android::base::WriteStringToFd( - android::base::StringPrintf("%zu\n", ranges.size() / 2), mapfd.get())) { - ALOGE("failed to write %s: %s", tmp_map_file.c_str(), strerror(errno)); + android::base::StringPrintf("%zu\n", ranges.size() / 2), mapfd)) { + PLOG(ERROR) << "failed to write " << tmp_map_file; return kUncryptWriteError; } for (size_t i = 0; i < ranges.size(); i += 2) { if (!android::base::WriteStringToFd( - android::base::StringPrintf("%d %d\n", ranges[i], ranges[i+1]), mapfd.get())) { - ALOGE("failed to write %s: %s", tmp_map_file.c_str(), strerror(errno)); + android::base::StringPrintf("%d %d\n", ranges[i], ranges[i+1]), mapfd)) { + PLOG(ERROR) << "failed to write " << tmp_map_file; return kUncryptWriteError; } } - if (fsync(mapfd.get()) == -1) { - ALOGE("failed to fsync \"%s\": %s", tmp_map_file.c_str(), strerror(errno)); + if (fsync(mapfd) == -1) { + PLOG(ERROR) << "failed to fsync \"" << tmp_map_file << "\""; return kUncryptFileSyncError; } - if (close(mapfd.get()) == -1) { - ALOGE("failed to close %s: %s", tmp_map_file.c_str(), strerror(errno)); + if (close(mapfd.release()) == -1) { + PLOG(ERROR) << "failed to close " << tmp_map_file; return kUncryptFileCloseError; } - mapfd = -1; if (encrypted) { - if (fsync(wfd.get()) == -1) { - ALOGE("failed to fsync \"%s\": %s", blk_dev, strerror(errno)); + if (fsync(wfd) == -1) { + PLOG(ERROR) << "failed to fsync \"" << blk_dev << "\""; return kUncryptFileSyncError; } - if (close(wfd.get()) == -1) { - ALOGE("failed to close %s: %s", blk_dev, strerror(errno)); + if (close(wfd.release()) == -1) { + PLOG(ERROR) << "failed to close " << blk_dev; return kUncryptFileCloseError; } - wfd = -1; } if (rename(tmp_map_file.c_str(), map_file) == -1) { - ALOGE("failed to rename %s to %s: %s", tmp_map_file.c_str(), map_file, strerror(errno)); + PLOG(ERROR) << "failed to rename " << tmp_map_file << " to " << map_file; return kUncryptFileRenameError; } // Sync dir to make rename() result written to disk. std::string file_name = map_file; std::string dir_name = dirname(&file_name[0]); - unique_fd dfd(open(dir_name.c_str(), O_RDONLY | O_DIRECTORY)); - if (!dfd) { - ALOGE("failed to open dir %s: %s", dir_name.c_str(), strerror(errno)); + android::base::unique_fd dfd(open(dir_name.c_str(), O_RDONLY | O_DIRECTORY)); + if (dfd == -1) { + PLOG(ERROR) << "failed to open dir " << dir_name; return kUncryptFileOpenError; } - if (fsync(dfd.get()) == -1) { - ALOGE("failed to fsync %s: %s", dir_name.c_str(), strerror(errno)); + if (fsync(dfd) == -1) { + PLOG(ERROR) << "failed to fsync " << dir_name; return kUncryptFileSyncError; } - if (close(dfd.get()) == -1) { - ALOGE("failed to close %s: %s", dir_name.c_str(), strerror(errno)); + if (close(dfd.release()) == -1) { + PLOG(ERROR) << "failed to close " << dir_name; return kUncryptFileCloseError; } - dfd = -1; return 0; } static int uncrypt(const char* input_path, const char* map_file, const int socket) { - ALOGI("update package is \"%s\"", input_path); + LOG(INFO) << "update package is \"" << input_path << "\""; // Turn the name of the file we're supposed to convert into an // absolute path, so we can find what filesystem it's on. char path[PATH_MAX+1]; if (realpath(input_path, path) == NULL) { - ALOGE("failed to convert \"%s\" to absolute path: %s", input_path, strerror(errno)); + PLOG(ERROR) << "failed to convert \"" << input_path << "\" to absolute path"; return 1; } @@ -431,15 +460,15 @@ static int uncrypt(const char* input_path, const char* map_file, const int socke bool encrypted; const char* blk_dev = find_block_device(path, &encryptable, &encrypted); if (blk_dev == NULL) { - ALOGE("failed to find block device for %s", path); + LOG(ERROR) << "failed to find block device for " << path; return 1; } // If the filesystem it's on isn't encrypted, we only produce the // block map, we don't rewrite the file contents (it would be // pointless to do so). - ALOGI("encryptable: %s", encryptable ? "yes" : "no"); - ALOGI(" encrypted: %s", encrypted ? "yes" : "no"); + LOG(INFO) << "encryptable: " << (encryptable ? "yes" : "no"); + LOG(INFO) << " encrypted: " << (encrypted ? "yes" : "no"); // Recovery supports installing packages from 3 paths: /cache, // /data, and /sdcard. (On a particular device, other locations @@ -449,7 +478,7 @@ static int uncrypt(const char* input_path, const char* map_file, const int socke // can read the package without mounting the partition. On /cache // and /sdcard we leave the file alone. if (strncmp(path, "/data/", 6) == 0) { - ALOGI("writing block map %s", map_file); + LOG(INFO) << "writing block map " << map_file; return produce_block_map(path, map_file, blk_dev, encrypted, socket); } @@ -459,7 +488,7 @@ static int uncrypt(const char* input_path, const char* map_file, const int socke static void log_uncrypt_error_code(UncryptErrorCode error_code) { if (!android::base::WriteStringToFile(android::base::StringPrintf( "uncrypt_error: %d\n", error_code), UNCRYPT_STATUS)) { - ALOGW("failed to write to %s: %s", UNCRYPT_STATUS.c_str(), strerror(errno)); + PLOG(WARNING) << "failed to write to " << UNCRYPT_STATUS; } } @@ -489,7 +518,7 @@ static bool uncrypt_wrapper(const char* input_path, const char* map_file, const // Log the time cost and error code if uncrypt fails. uncrypt_message += android::base::StringPrintf("uncrypt_error: %d\n", status); if (!android::base::WriteStringToFile(uncrypt_message, UNCRYPT_STATUS)) { - ALOGW("failed to write to %s: %s", UNCRYPT_STATUS.c_str(), strerror(errno)); + PLOG(WARNING) << "failed to write to " << UNCRYPT_STATUS; } write_status_to_socket(-1, socket); @@ -497,7 +526,7 @@ static bool uncrypt_wrapper(const char* input_path, const char* map_file, const } if (!android::base::WriteStringToFile(uncrypt_message, UNCRYPT_STATUS)) { - ALOGW("failed to write to %s: %s", UNCRYPT_STATUS.c_str(), strerror(errno)); + PLOG(WARNING) << "failed to write to " << UNCRYPT_STATUS; } write_status_to_socket(100, socket); @@ -508,7 +537,7 @@ static bool uncrypt_wrapper(const char* input_path, const char* map_file, const static bool clear_bcb(const int socket) { std::string err; if (!clear_bootloader_message(&err)) { - ALOGE("failed to clear bootloader message: %s", err.c_str()); + LOG(ERROR) << "failed to clear bootloader message: " << err; write_status_to_socket(-1, socket); return false; } @@ -520,7 +549,7 @@ static bool setup_bcb(const int socket) { // c5. receive message length int length; if (!android::base::ReadFully(socket, &length, 4)) { - ALOGE("failed to read the length: %s", strerror(errno)); + PLOG(ERROR) << "failed to read the length"; return false; } length = ntohl(length); @@ -529,17 +558,17 @@ static bool setup_bcb(const int socket) { std::string content; content.resize(length); if (!android::base::ReadFully(socket, &content[0], length)) { - ALOGE("failed to read the length: %s", strerror(errno)); + PLOG(ERROR) << "failed to read the message"; return false; } - ALOGI(" received command: [%s] (%zu)", content.c_str(), content.size()); + LOG(INFO) << " received command: [" << content << "] (" << content.size() << ")"; std::vector<std::string> options = android::base::Split(content, "\n"); std::string wipe_package; for (auto& option : options) { if (android::base::StartsWith(option, "--wipe_package=")) { std::string path = option.substr(strlen("--wipe_package=")); if (!android::base::ReadFileToString(path, &wipe_package)) { - ALOGE("failed to read %s: %s", path.c_str(), strerror(errno)); + PLOG(ERROR) << "failed to read " << path; return false; } option = android::base::StringPrintf("--wipe_package_size=%zu", wipe_package.size()); @@ -549,12 +578,12 @@ static bool setup_bcb(const int socket) { // c8. setup the bcb command std::string err; if (!write_bootloader_message(options, &err)) { - ALOGE("failed to set bootloader message: %s", err.c_str()); + LOG(ERROR) << "failed to set bootloader message: " << err; write_status_to_socket(-1, socket); return false; } if (!wipe_package.empty() && !write_wipe_package(wipe_package, &err)) { - ALOGE("failed to set wipe package: %s", err.c_str()); + PLOG(ERROR) << "failed to set wipe package: " << err; write_status_to_socket(-1, socket); return false; } @@ -571,7 +600,7 @@ static void usage(const char* exename) { } int main(int argc, char** argv) { - enum { UNCRYPT, SETUP_BCB, CLEAR_BCB } action; + enum { UNCRYPT, SETUP_BCB, CLEAR_BCB, UNCRYPT_DEBUG } action; const char* input_path = nullptr; const char* map_file = CACHE_BLOCK_MAP.c_str(); @@ -584,7 +613,7 @@ int main(int argc, char** argv) { } else if (argc == 3) { input_path = argv[1]; map_file = argv[2]; - action = UNCRYPT; + action = UNCRYPT_DEBUG; } else { usage(argv[0]); return 2; @@ -595,25 +624,36 @@ int main(int argc, char** argv) { return 1; } + if (action == UNCRYPT_DEBUG) { + LOG(INFO) << "uncrypt called in debug mode, skip socket communication"; + bool success = uncrypt_wrapper(input_path, map_file, -1); + if (success) { + LOG(INFO) << "uncrypt succeeded"; + } else{ + LOG(INFO) << "uncrypt failed"; + } + return success ? 0 : 1; + } + // c3. The socket is created by init when starting the service. uncrypt // will use the socket to communicate with its caller. - unique_fd service_socket(android_get_control_socket(UNCRYPT_SOCKET.c_str())); - if (!service_socket) { - ALOGE("failed to open socket \"%s\": %s", UNCRYPT_SOCKET.c_str(), strerror(errno)); + android::base::unique_fd service_socket(android_get_control_socket(UNCRYPT_SOCKET.c_str())); + if (service_socket == -1) { + PLOG(ERROR) << "failed to open socket \"" << UNCRYPT_SOCKET << "\""; log_uncrypt_error_code(kUncryptSocketOpenError); return 1; } - fcntl(service_socket.get(), F_SETFD, FD_CLOEXEC); + fcntl(service_socket, F_SETFD, FD_CLOEXEC); - if (listen(service_socket.get(), 1) == -1) { - ALOGE("failed to listen on socket %d: %s", service_socket.get(), strerror(errno)); + if (listen(service_socket, 1) == -1) { + PLOG(ERROR) << "failed to listen on socket " << service_socket.get(); log_uncrypt_error_code(kUncryptSocketListenError); return 1; } - unique_fd socket_fd(accept4(service_socket.get(), nullptr, nullptr, SOCK_CLOEXEC)); - if (!socket_fd) { - ALOGE("failed to accept on socket %d: %s", service_socket.get(), strerror(errno)); + android::base::unique_fd socket_fd(accept4(service_socket, nullptr, nullptr, SOCK_CLOEXEC)); + if (socket_fd == -1) { + PLOG(ERROR) << "failed to accept on socket " << service_socket.get(); log_uncrypt_error_code(kUncryptSocketAcceptError); return 1; } @@ -621,16 +661,16 @@ int main(int argc, char** argv) { bool success = false; switch (action) { case UNCRYPT: - success = uncrypt_wrapper(input_path, map_file, socket_fd.get()); + success = uncrypt_wrapper(input_path, map_file, socket_fd); break; case SETUP_BCB: - success = setup_bcb(socket_fd.get()); + success = setup_bcb(socket_fd); break; case CLEAR_BCB: - success = clear_bcb(socket_fd.get()); + success = clear_bcb(socket_fd); break; default: // Should never happen. - ALOGE("Invalid uncrypt action code: %d", action); + LOG(ERROR) << "Invalid uncrypt action code: " << action; return 1; } @@ -638,10 +678,10 @@ int main(int argc, char** argv) { // ensure the client to receive the last status code before the socket gets // destroyed. int code; - if (android::base::ReadFully(socket_fd.get(), &code, 4)) { - ALOGI(" received %d, exiting now", code); + if (android::base::ReadFully(socket_fd, &code, 4)) { + LOG(INFO) << " received " << code << ", exiting now"; } else { - ALOGE("failed to read the code: %s", strerror(errno)); + PLOG(ERROR) << "failed to read the code"; } return success ? 0 : 1; } |