From 253368a0726120efa57664cdd1d088af099a3d81 Mon Sep 17 00:00:00 2001 From: Ethan Yonker Date: Tue, 25 Nov 2014 15:00:52 -0600 Subject: Reduce libs needed for decrypt and clean up old decypt files Trim cryptfs.c to remove functions that TWRP does not use for decrypt and remove the need for libfs_mgr from cryptfs.c by passing some items to cryptfs.c from the partition manager. Add support for new fstab flags: encryptable and forceencrypt=/path/to/cryptokey For example: flags=forceencrypt=/dev/block/platform/sdhci-tegra.3/by-name/MD1 Note that "footer" is the default, so you do not need to set this flag on devices that use the footer for the crypto key. Also add mounttodecrypt if you need to mount a partition during the decrypt cycle for firmware of proprietary libs. Clean up decrypt and only support one version Android 5.0 lollipop decrypt should be backwards compatible with older versions so we will only support one version, 1.3 that came with 5.0 lollipop. Remove support for Samsung TouchWiz decrypt. It does not work with the latest versions of Samsung encryption anyway and it has not been updated to work with any AOSP decryption higher than 1.1 Change-Id: I2d9c6e31df50268c91ee642c2fa090f901d9d5c9 --- partitionmanager.cpp | 104 ++++++++++----------------------------------------- 1 file changed, 19 insertions(+), 85 deletions(-) (limited to 'partitionmanager.cpp') diff --git a/partitionmanager.cpp b/partitionmanager.cpp index c3b10ac58..93caf20ac 100644 --- a/partitionmanager.cpp +++ b/partitionmanager.cpp @@ -49,13 +49,7 @@ extern "C" { } #ifdef TW_INCLUDE_CRYPTO - #ifdef TW_INCLUDE_JB_CRYPTO - #include "crypto/jb/cryptfs.h" - #elif defined(TW_INCLUDE_L_CRYPTO) - #include "crypto/lollipop/cryptfs.h" - #else - #include "crypto/ics/cryptfs.h" - #endif + #include "crypto/lollipop/cryptfs.h" #endif extern bool datamedia; @@ -139,7 +133,7 @@ int TWPartitionManager::Process_Fstab(string Fstab_Filename, bool Display_Error) if (settings_partition) { Setup_Settings_Storage_Partition(settings_partition); } -#ifdef TW_INCLUDE_L_CRYPTO +#ifdef TW_INCLUDE_CRYPTO TWPartition* Decrypt_Data = Find_Partition_By_Path("/data"); if (Decrypt_Data && Decrypt_Data->Is_Encrypted && !Decrypt_Data->Is_Decrypted) { int password_type = cryptfs_get_password_type(); @@ -261,6 +255,8 @@ void TWPartitionManager::Output_Partition(TWPartition* Part) { printf("Ignore_Blkid "); if (Part->Retain_Layout_Version) printf("Retain_Layout_Version "); + if (Part->Mount_To_Decrypt) + printf("Mount_To_Decrypt "); printf("\n"); if (!Part->SubPartition_Of.empty()) printf(" SubPartition_Of: %s\n", Part->SubPartition_Of.c_str()); @@ -274,6 +270,8 @@ void TWPartitionManager::Output_Partition(TWPartition* Part) { printf(" Alternate_Block_Device: %s\n", Part->Alternate_Block_Device.c_str()); if (!Part->Decrypted_Block_Device.empty()) printf(" Decrypted_Block_Device: %s\n", Part->Decrypted_Block_Device.c_str()); + if (!Part->Crypto_Key_Location.empty() && Part->Crypto_Key_Location != "footer") + printf(" Crypto_Key_Location: %s\n", Part->Crypto_Key_Location.c_str()); if (Part->Length != 0) printf(" Length: %i\n", Part->Length); if (!Part->Display_Name.empty()) @@ -1352,61 +1350,32 @@ int TWPartitionManager::Decrypt_Device(string Password) { int ret_val, password_len; char crypto_blkdev[255], cPassword[255]; size_t result; + std::vector::iterator iter; property_set("ro.crypto.state", "encrypted"); -#if defined(TW_INCLUDE_JB_CRYPTO) || defined(TW_INCLUDE_L_CRYPTO) - // No extra flags needed -#else - property_set("ro.crypto.fs_type", CRYPTO_FS_TYPE); - property_set("ro.crypto.fs_real_blkdev", CRYPTO_REAL_BLKDEV); - property_set("ro.crypto.fs_mnt_point", CRYPTO_MNT_POINT); - property_set("ro.crypto.fs_options", CRYPTO_FS_OPTIONS); - property_set("ro.crypto.fs_flags", CRYPTO_FS_FLAGS); - property_set("ro.crypto.keyfile.userdata", CRYPTO_KEY_LOC); - -#ifdef CRYPTO_SD_FS_TYPE - property_set("ro.crypto.sd_fs_type", CRYPTO_SD_FS_TYPE); - property_set("ro.crypto.sd_fs_real_blkdev", CRYPTO_SD_REAL_BLKDEV); - property_set("ro.crypto.sd_fs_mnt_point", EXPAND(TW_INTERNAL_STORAGE_PATH)); -#endif - - property_set("rw.km_fips_status", "ready"); - -#endif - // some samsung devices store "footer" on efs partition - TWPartition *efs = Find_Partition_By_Path("/efs"); - if(efs && !efs->Is_Mounted()) - efs->Mount(false); - else - efs = 0; -#ifdef TW_EXTERNAL_STORAGE_PATH -#ifdef TW_INCLUDE_CRYPTO_SAMSUNG - TWPartition* sdcard = Find_Partition_By_Path(EXPAND(TW_EXTERNAL_STORAGE_PATH)); - if (sdcard && sdcard->Mount(false)) { - property_set("ro.crypto.external_encrypted", "1"); - property_set("ro.crypto.external_blkdev", sdcard->Actual_Block_Device.c_str()); - } else { - property_set("ro.crypto.external_encrypted", "0"); + // Mount any partitions that need to be mounted for decrypt + for (iter = Partitions.begin(); iter != Partitions.end(); iter++) { + if ((*iter)->Mount_To_Decrypt) { + (*iter)->Mount(true); + } } -#endif -#endif strcpy(cPassword, Password.c_str()); -#ifdef TW_INCLUDE_L_CRYPTO - Mount_By_Path("/vendor", false); // if exists, mount vendor partition as we may need some proprietary files - Mount_By_Path("/firmware", false); // if exists, mount firmware partition as we may need some proprietary files -#endif int pwret = cryptfs_check_passwd(cPassword); + // Unmount any partitions that were needed for decrypt + for (iter = Partitions.begin(); iter != Partitions.end(); iter++) { + if ((*iter)->Mount_To_Decrypt) { + (*iter)->UnMount(false); + } + } + if (pwret != 0) { LOGERR("Failed to decrypt data.\n"); return -1; } - if(efs) - efs->UnMount(false); - property_get("ro.crypto.fs_crypto_blkdev", crypto_blkdev, "error"); if (strcmp(crypto_blkdev, "error") == 0) { LOGERR("Error retrieving decrypted data block device.\n"); @@ -1421,41 +1390,6 @@ int TWPartitionManager::Decrypt_Device(string Password) { dat->Current_File_System = dat->Fstab_File_System; // Needed if we're ignoring blkid because encrypted devices start out as emmc gui_print("Data successfully decrypted, new block device: '%s'\n", crypto_blkdev); -#ifdef CRYPTO_SD_FS_TYPE - char crypto_blkdev_sd[255]; - property_get("ro.crypto.sd_fs_crypto_blkdev", crypto_blkdev_sd, "error"); - if (strcmp(crypto_blkdev_sd, "error") == 0) { - LOGERR("Error retrieving decrypted data block device.\n"); - } else if(TWPartition* emmc = Find_Partition_By_Path(EXPAND(TW_INTERNAL_STORAGE_PATH))){ - emmc->Is_Decrypted = true; - emmc->Decrypted_Block_Device = crypto_blkdev_sd; - emmc->Setup_File_System(false); - gui_print("Internal SD successfully decrypted, new block device: '%s'\n", crypto_blkdev_sd); - } -#endif //ifdef CRYPTO_SD_FS_TYPE -#ifdef TW_EXTERNAL_STORAGE_PATH -#ifdef TW_INCLUDE_CRYPTO_SAMSUNG - char is_external_decrypted[255]; - property_get("ro.crypto.external_use_ecryptfs", is_external_decrypted, "0"); - if (strcmp(is_external_decrypted, "1") == 0) { - sdcard->Is_Decrypted = true; - sdcard->EcryptFS_Password = Password; - sdcard->Decrypted_Block_Device = sdcard->Actual_Block_Device; - string MetaEcfsFile = EXPAND(TW_EXTERNAL_STORAGE_PATH); - MetaEcfsFile += "/.MetaEcfsFile"; - if (!TWFunc::Path_Exists(MetaEcfsFile)) { - // External storage isn't actually encrypted so unmount and remount without ecryptfs - sdcard->UnMount(false); - sdcard->Mount(false); - } - } else { - LOGINFO("External storage '%s' is not encrypted.\n", sdcard->Mount_Point.c_str()); - sdcard->Is_Decrypted = false; - sdcard->Decrypted_Block_Device = ""; - } -#endif -#endif //ifdef TW_EXTERNAL_STORAGE_PATH - // Sleep for a bit so that the device will be ready sleep(1); if (dat->Has_Data_Media && dat->Mount(false) && TWFunc::Path_Exists("/data/media/0")) { -- cgit v1.2.3