diff options
| -rw-r--r-- | Android.mk | 3 | ||||
| -rw-r--r-- | applypatch/Android.mk | 2 | ||||
| -rw-r--r-- | common.h | 2 | ||||
| -rw-r--r-- | encryptedfs_provisioning.c | 284 | ||||
| -rw-r--r-- | encryptedfs_provisioning.h | 51 | ||||
| -rw-r--r-- | etc/init.rc | 4 | ||||
| -rw-r--r-- | install.c | 2 | ||||
| -rw-r--r-- | recovery.c | 162 | ||||
| -rw-r--r-- | roots.c | 7 |
9 files changed, 507 insertions, 10 deletions
diff --git a/Android.mk b/Android.mk index 84421e717..b0fefbd90 100644 --- a/Android.mk +++ b/Android.mk @@ -12,7 +12,8 @@ LOCAL_SRC_FILES := \ install.c \ roots.c \ ui.c \ - verifier.c + verifier.c \ + encryptedfs_provisioning.c LOCAL_SRC_FILES += test_roots.c diff --git a/applypatch/Android.mk b/applypatch/Android.mk index bb024f669..e91e4bf88 100644 --- a/applypatch/Android.mk +++ b/applypatch/Android.mk @@ -14,6 +14,7 @@ ifneq ($(TARGET_SIMULATOR),true) +ifeq ($(TARGET_ARCH),arm) LOCAL_PATH := $(call my-dir) include $(CLEAR_VARS) @@ -58,4 +59,5 @@ LOCAL_STATIC_LIBRARIES += libz libbz include $(BUILD_HOST_EXECUTABLE) +endif # TARGET_ARCH == arm endif # !TARGET_SIMULATOR @@ -31,7 +31,7 @@ void ui_clear_key_queue(); // Write a message to the on-screen log shown with Alt-L (also to stderr). // The screen is small, and users may need to report these messages to support, // so keep the output short and not too cryptic. -void ui_print(const char *fmt, ...); +void ui_print(const char *fmt, ...) __attribute__((format(printf, 1, 2))); // Display some header text followed by a menu of items, which appears // at the top of the screen (in place of any scrolling ui_print() diff --git a/encryptedfs_provisioning.c b/encryptedfs_provisioning.c new file mode 100644 index 000000000..2bcfec161 --- /dev/null +++ b/encryptedfs_provisioning.c @@ -0,0 +1,284 @@ +/* + * Copyright (C) 2009 The Android Open Source Project + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +#include <stdio.h> +#include <stdlib.h> +#include <string.h> +#include <sys/mount.h> +#include <sys/stat.h> +#include <sys/types.h> +#include <unistd.h> + +#include "encryptedfs_provisioning.h" +#include "cutils/misc.h" +#include "cutils/properties.h" +#include "common.h" +#include "mtdutils/mtdutils.h" +#include "mtdutils/mounts.h" +#include "roots.h" + +const char* encrypted_fs_enabled_property = "persist.security.secfs.enabled"; +const char* encrypted_fs_property_dir = "/data/property/"; +const char* encrypted_fs_system_dir = "/data/system/"; +const char* encrypted_fs_key_file_name = "/data/fs_key.dat"; +const char* encrypted_fs_salt_file_name = "/data/hash_salt.dat"; +const char* encrypted_fs_hash_file_src_name = "/data/system/password.key"; +const char* encrypted_fs_hash_file_dst_name = "/data/hash.dat"; +const char* encrypted_fs_entropy_file_src_name = "/data/system/entropy.dat"; +const char* encrypted_fs_entropy_file_dst_name = "/data/ported_entropy.dat"; + +void get_property_file_name(char *buffer, const char *property_name) { + sprintf(buffer, "%s%s", encrypted_fs_property_dir, property_name); +} + +int get_binary_file_contents(char *buffer, int buf_size, const char *file_name, int *out_size) { + FILE *in_file; + int read_bytes; + + in_file = fopen(file_name, "r"); + if (in_file == NULL) { + LOGE("Secure FS: error accessing key file."); + return ENCRYPTED_FS_ERROR; + } + + read_bytes = fread(buffer, 1, buf_size, in_file); + if (out_size == NULL) { + if (read_bytes != buf_size) { + // Error or unexpected data + fclose(in_file); + LOGE("Secure FS: error reading conmplete key."); + return ENCRYPTED_FS_ERROR; + } + } else { + *out_size = read_bytes; + } + fclose(in_file); + return ENCRYPTED_FS_OK; +} + +int set_binary_file_contents(char *buffer, int buf_size, const char *file_name) { + FILE *out_file; + int write_bytes; + + out_file = fopen(file_name, "w"); + if (out_file == NULL) { + LOGE("Secure FS: error setting up key file."); + return ENCRYPTED_FS_ERROR; + } + + write_bytes = fwrite(buffer, 1, buf_size, out_file); + if (write_bytes != buf_size) { + // Error or unexpected data + fclose(out_file); + LOGE("Secure FS: error reading conmplete key."); + return ENCRYPTED_FS_ERROR; + } + + fclose(out_file); + return ENCRYPTED_FS_OK; +} + +int get_text_file_contents(char *buffer, int buf_size, char *file_name) { + FILE *in_file; + char *read_data; + + in_file = fopen(file_name, "r"); + if (in_file == NULL) { + LOGE("Secure FS: error accessing properties."); + return ENCRYPTED_FS_ERROR; + } + + read_data = fgets(buffer, buf_size, in_file); + if (read_data == NULL) { + // Error or unexpected data + fclose(in_file); + LOGE("Secure FS: error accessing properties."); + return ENCRYPTED_FS_ERROR; + } + + fclose(in_file); + return ENCRYPTED_FS_OK; +} + +int set_text_file_contents(char *buffer, char *file_name) { + FILE *out_file; + int result; + + out_file = fopen(file_name, "w"); + if (out_file == NULL) { + LOGE("Secure FS: error setting up properties."); + return ENCRYPTED_FS_ERROR; + } + + result = fputs(buffer, out_file); + if (result != 0) { + // Error or unexpected data + fclose(out_file); + LOGE("Secure FS: error setting up properties."); + return ENCRYPTED_FS_ERROR; + } + + fflush(out_file); + fclose(out_file); + return ENCRYPTED_FS_OK; +} + +int read_encrypted_fs_boolean_property(const char *prop_name, int *value) { + char prop_file_name[PROPERTY_KEY_MAX + 32]; + char prop_value[PROPERTY_VALUE_MAX]; + int result; + + get_property_file_name(prop_file_name, prop_name); + result = get_text_file_contents(prop_value, PROPERTY_VALUE_MAX, prop_file_name); + + if (result < 0) { + return result; + } + + if (strncmp(prop_value, "1", 1) == 0) { + *value = 1; + } else if (strncmp(prop_value, "0", 1) == 0) { + *value = 0; + } else { + LOGE("Secure FS: error accessing properties."); + return ENCRYPTED_FS_ERROR; + } + + return ENCRYPTED_FS_OK; +} + +int write_encrypted_fs_boolean_property(const char *prop_name, int value) { + char prop_file_name[PROPERTY_KEY_MAX + 32]; + char prop_value[PROPERTY_VALUE_MAX]; + int result; + + get_property_file_name(prop_file_name, prop_name); + + // Create the directory if needed + mkdir(encrypted_fs_property_dir, 0755); + if (value == 1) { + result = set_text_file_contents("1", prop_file_name); + } else if (value == 0) { + result = set_text_file_contents("0", prop_file_name); + } else { + return ENCRYPTED_FS_ERROR; + } + if (result < 0) { + return result; + } + + return ENCRYPTED_FS_OK; +} + +int read_encrypted_fs_info(encrypted_fs_info *encrypted_fs_data) { + int result; + int value; + result = ensure_root_path_mounted("DATA:"); + if (result != 0) { + LOGE("Secure FS: error mounting userdata partition."); + return ENCRYPTED_FS_ERROR; + } + + // Read the pre-generated encrypted FS key, password hash and salt. + result = get_binary_file_contents(encrypted_fs_data->key, ENCRYPTED_FS_KEY_SIZE, + encrypted_fs_key_file_name, NULL); + if (result != 0) { + LOGE("Secure FS: error reading generated file system key."); + return ENCRYPTED_FS_ERROR; + } + + result = get_binary_file_contents(encrypted_fs_data->salt, ENCRYPTED_FS_SALT_SIZE, + encrypted_fs_salt_file_name, &(encrypted_fs_data->salt_length)); + if (result != 0) { + LOGE("Secure FS: error reading file system salt."); + return ENCRYPTED_FS_ERROR; + } + + result = get_binary_file_contents(encrypted_fs_data->hash, ENCRYPTED_FS_MAX_HASH_SIZE, + encrypted_fs_hash_file_src_name, &(encrypted_fs_data->hash_length)); + if (result != 0) { + LOGE("Secure FS: error reading password hash."); + return ENCRYPTED_FS_ERROR; + } + + result = get_binary_file_contents(encrypted_fs_data->entropy, ENTROPY_MAX_SIZE, + encrypted_fs_entropy_file_src_name, &(encrypted_fs_data->entropy_length)); + if (result != 0) { + LOGE("Secure FS: error reading ported entropy."); + return ENCRYPTED_FS_ERROR; + } + + result = ensure_root_path_unmounted("DATA:"); + if (result != 0) { + LOGE("Secure FS: error unmounting data partition."); + return ENCRYPTED_FS_ERROR; + } + + return ENCRYPTED_FS_OK; +} + +int restore_encrypted_fs_info(encrypted_fs_info *encrypted_fs_data) { + int result; + result = ensure_root_path_mounted("DATA:"); + if (result != 0) { + LOGE("Secure FS: error mounting userdata partition."); + return ENCRYPTED_FS_ERROR; + } + + // Write the pre-generated secure FS key, password hash and salt. + result = set_binary_file_contents(encrypted_fs_data->key, ENCRYPTED_FS_KEY_SIZE, + encrypted_fs_key_file_name); + if (result != 0) { + LOGE("Secure FS: error writing generated file system key."); + return ENCRYPTED_FS_ERROR; + } + + result = set_binary_file_contents(encrypted_fs_data->salt, encrypted_fs_data->salt_length, + encrypted_fs_salt_file_name); + if (result != 0) { + LOGE("Secure FS: error writing file system salt."); + return ENCRYPTED_FS_ERROR; + } + + result = set_binary_file_contents(encrypted_fs_data->hash, encrypted_fs_data->hash_length, + encrypted_fs_hash_file_dst_name); + if (result != 0) { + LOGE("Secure FS: error writing password hash."); + return ENCRYPTED_FS_ERROR; + } + + result = set_binary_file_contents(encrypted_fs_data->entropy, encrypted_fs_data->entropy_length, + encrypted_fs_entropy_file_dst_name); + if (result != 0) { + LOGE("Secure FS: error writing ported entropy."); + return ENCRYPTED_FS_ERROR; + } + + // Set the secure FS properties to their respective values + result = write_encrypted_fs_boolean_property(encrypted_fs_enabled_property, encrypted_fs_data->mode); + if (result != 0) { + return result; + } + + result = ensure_root_path_unmounted("DATA:"); + if (result != 0) { + LOGE("Secure FS: error unmounting data partition."); + return ENCRYPTED_FS_ERROR; + } + + return ENCRYPTED_FS_OK; +} + diff --git a/encryptedfs_provisioning.h b/encryptedfs_provisioning.h new file mode 100644 index 000000000..284605d20 --- /dev/null +++ b/encryptedfs_provisioning.h @@ -0,0 +1,51 @@ +/* + * Copyright (C) 2009 The Android Open Source Project + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +#include <stdio.h> + +#ifndef __ENCRYPTEDFS_PROVISIONING_H__ +#define __ENCRYPTEDFS_PROVISIONING_H__ + +#define MODE_ENCRYPTED_FS_DISABLED 0 +#define MODE_ENCRYPTED_FS_ENABLED 1 + +#define ENCRYPTED_FS_OK 0 +#define ENCRYPTED_FS_ERROR (-1) + +#define ENCRYPTED_FS_KEY_SIZE 16 +#define ENCRYPTED_FS_SALT_SIZE 16 +#define ENCRYPTED_FS_MAX_HASH_SIZE 128 +#define ENTROPY_MAX_SIZE 4096 + +struct encrypted_fs_info { + int mode; + char key[ENCRYPTED_FS_KEY_SIZE]; + char salt[ENCRYPTED_FS_SALT_SIZE]; + int salt_length; + char hash[ENCRYPTED_FS_MAX_HASH_SIZE]; + int hash_length; + char entropy[ENTROPY_MAX_SIZE]; + int entropy_length; +}; + +typedef struct encrypted_fs_info encrypted_fs_info; + +int read_encrypted_fs_info(encrypted_fs_info *secure_fs_data); + +int restore_encrypted_fs_info(encrypted_fs_info *secure_data); + +#endif /* __ENCRYPTEDFS_PROVISIONING_H__ */ + diff --git a/etc/init.rc b/etc/init.rc index 02c10a9bb..a675a4b0c 100644 --- a/etc/init.rc +++ b/etc/init.rc @@ -1,3 +1,5 @@ +on early-init + start ueventd on init export PATH /sbin @@ -21,6 +23,8 @@ on boot class_start default +service ueventd /sbin/ueventd + critical service recovery /sbin/recovery @@ -136,7 +136,7 @@ try_update_binary(const char *path, ZipArchive *zip) { } else if (strcmp(command, "ui_print") == 0) { char* str = strtok(NULL, "\n"); if (str) { - ui_print(str); + ui_print("%s", str); } else { ui_print("\n"); } diff --git a/recovery.c b/recovery.c index 087258fe8..04bf657d5 100644 --- a/recovery.c +++ b/recovery.c @@ -24,6 +24,7 @@ #include <stdlib.h> #include <string.h> #include <sys/reboot.h> +#include <sys/stat.h> #include <sys/types.h> #include <time.h> #include <unistd.h> @@ -36,12 +37,14 @@ #include "minzip/DirUtil.h" #include "roots.h" #include "recovery_ui.h" +#include "encryptedfs_provisioning.h" static const struct option OPTIONS[] = { { "send_intent", required_argument, NULL, 's' }, { "update_package", required_argument, NULL, 'u' }, { "wipe_data", no_argument, NULL, 'w' }, { "wipe_cache", no_argument, NULL, 'c' }, + { "set_encrypted_filesystems", required_argument, NULL, 'e' }, { NULL, 0, NULL, 0 }, }; @@ -50,6 +53,7 @@ static const char *INTENT_FILE = "CACHE:recovery/intent"; static const char *LOG_FILE = "CACHE:recovery/log"; static const char *SDCARD_PACKAGE_FILE = "SDCARD:update.zip"; static const char *TEMPORARY_LOG_FILE = "/tmp/recovery.log"; +static const char *SIDELOAD_TEMP_DIR = "TMP:sideload"; /* * The recovery tool communicates with the main system through /cache files. @@ -108,9 +112,9 @@ static const char *TEMPORARY_LOG_FILE = "/tmp/recovery.log"; * -- after this, rebooting will (try to) restart the main system -- * 9. main() calls reboot() to boot main system * - * ENCRYPTED FILE SYSTEMS ENABLE/DISABLE + * SECURE FILE SYSTEMS ENABLE/DISABLE * 1. user selects "enable encrypted file systems" - * 2. main system writes "--set_encrypted_filesystem=on|off" to + * 2. main system writes "--set_encrypted_filesystems=on|off" to * /cache/recovery/command * 3. main system reboots into recovery * 4. get_args() writes BCB with "boot-recovery" and @@ -297,6 +301,109 @@ erase_root(const char *root) { return format_root_device(root); } +static char* +copy_sideloaded_package(const char* original_root_path) { + if (ensure_root_path_mounted(original_root_path) != 0) { + LOGE("Can't mount %s\n", original_root_path); + return NULL; + } + + char original_path[PATH_MAX] = ""; + if (translate_root_path(original_root_path, original_path, + sizeof(original_path)) == NULL) { + LOGE("Bad path %s\n", original_root_path); + return NULL; + } + + if (ensure_root_path_mounted(SIDELOAD_TEMP_DIR) != 0) { + LOGE("Can't mount %s\n", SIDELOAD_TEMP_DIR); + return NULL; + } + + char copy_path[PATH_MAX] = ""; + if (translate_root_path(SIDELOAD_TEMP_DIR, copy_path, + sizeof(copy_path)) == NULL) { + LOGE("Bad path %s\n", SIDELOAD_TEMP_DIR); + return NULL; + } + + if (mkdir(copy_path, 0700) != 0) { + if (errno != EEXIST) { + LOGE("Can't mkdir %s (%s)\n", SIDELOAD_TEMP_DIR, strerror(errno)); + return NULL; + } + } + + struct stat st; + if (stat(copy_path, &st) != 0) { + LOGE("failed to stat %s (%s)\n", copy_path, strerror(errno)); + return NULL; + } + if (!S_ISDIR(st.st_mode)) { + LOGE("%s isn't a directory\n", copy_path); + return NULL; + } + if ((st.st_mode & 0777) != 0700) { + LOGE("%s has perms %o\n", copy_path, st.st_mode); + return NULL; + } + if (st.st_uid != 0) { + LOGE("%s owned by %lu; not root\n", copy_path, st.st_uid); + return NULL; + } + + strcat(copy_path, "/package.zip"); + + char* buffer = malloc(BUFSIZ); + if (buffer == NULL) { + LOGE("Failed to allocate buffer\n"); + return NULL; + } + + size_t read; + FILE* fin = fopen(original_path, "rb"); + if (fin == NULL) { + LOGE("Failed to open %s (%s)\n", original_path, strerror(errno)); + return NULL; + } + FILE* fout = fopen(copy_path, "wb"); + if (fout == NULL) { + LOGE("Failed to open %s (%s)\n", copy_path, strerror(errno)); + return NULL; + } + + while ((read = fread(buffer, 1, BUFSIZ, fin)) > 0) { + if (fwrite(buffer, 1, read, fout) != read) { + LOGE("Short write of %s (%s)\n", copy_path, strerror(errno)); + return NULL; + } + } + + free(buffer); + + if (fclose(fout) != 0) { + LOGE("Failed to close %s (%s)\n", copy_path, strerror(errno)); + return NULL; + } + + if (fclose(fin) != 0) { + LOGE("Failed to close %s (%s)\n", original_path, strerror(errno)); + return NULL; + } + + // "adb push" is happy to overwrite read-only files when it's + // running as root, but we'll try anyway. + if (chmod(copy_path, 0400) != 0) { + LOGE("Failed to chmod %s (%s)\n", copy_path, strerror(errno)); + return NULL; + } + + char* copy_root_path = malloc(strlen(SIDELOAD_TEMP_DIR) + 20); + strcpy(copy_root_path, SIDELOAD_TEMP_DIR); + strcat(copy_root_path, "/package.zip"); + return copy_root_path; +} + static char** prepend_title(char** headers) { char* title[] = { "Android system recovery <" @@ -433,8 +540,13 @@ prompt_and_wait() { case ITEM_APPLY_SDCARD: ui_print("\n-- Install from sdcard...\n"); - set_sdcard_update_bootloader_message(); - int status = install_package(SDCARD_PACKAGE_FILE); + int status = INSTALL_CORRUPT; + char* copy = copy_sideloaded_package(SDCARD_PACKAGE_FILE); + if (copy != NULL) { + set_sdcard_update_bootloader_message(); + status = install_package(copy); + free(copy); + } if (status != INSTALL_SUCCESS) { ui_set_background(BACKGROUND_ICON_ERROR); ui_print("Installation aborted.\n"); @@ -468,7 +580,10 @@ main(int argc, char **argv) { int previous_runs = 0; const char *send_intent = NULL; const char *update_package = NULL; + const char *encrypted_fs_mode = NULL; int wipe_data = 0, wipe_cache = 0; + int toggle_secure_fs = 0; + encrypted_fs_info encrypted_fs_data; int arg; while ((arg = getopt_long(argc, argv, "", OPTIONS, NULL)) != -1) { @@ -478,6 +593,7 @@ main(int argc, char **argv) { case 'u': update_package = optarg; break; case 'w': wipe_data = wipe_cache = 1; break; case 'c': wipe_cache = 1; break; + case 'e': encrypted_fs_mode = optarg; toggle_secure_fs = 1; break; case '?': LOGE("Invalid command argument\n"); continue; @@ -497,7 +613,43 @@ main(int argc, char **argv) { int status = INSTALL_SUCCESS; - if (update_package != NULL) { + if (toggle_secure_fs) { + if (strcmp(encrypted_fs_mode,"on") == 0) { + encrypted_fs_data.mode = MODE_ENCRYPTED_FS_ENABLED; + ui_print("Enabling Encrypted FS.\n"); + } else if (strcmp(encrypted_fs_mode,"off") == 0) { + encrypted_fs_data.mode = MODE_ENCRYPTED_FS_DISABLED; + ui_print("Disabling Encrypted FS.\n"); + } else { + ui_print("Error: invalid Encrypted FS setting.\n"); + status = INSTALL_ERROR; + } + + // Recovery strategy: if the data partition is damaged, disable encrypted file systems. + // This preventsthe device recycling endlessly in recovery mode. + if ((encrypted_fs_data.mode == MODE_ENCRYPTED_FS_ENABLED) && + (read_encrypted_fs_info(&encrypted_fs_data))) { + ui_print("Encrypted FS change aborted, resetting to disabled state.\n"); + encrypted_fs_data.mode = MODE_ENCRYPTED_FS_DISABLED; + } + + if (status != INSTALL_ERROR) { + if (erase_root("DATA:")) { + ui_print("Data wipe failed.\n"); + status = INSTALL_ERROR; + } else if (erase_root("CACHE:")) { + ui_print("Cache wipe failed.\n"); + status = INSTALL_ERROR; + } else if ((encrypted_fs_data.mode == MODE_ENCRYPTED_FS_ENABLED) && + (restore_encrypted_fs_info(&encrypted_fs_data))) { + ui_print("Encrypted FS change aborted.\n"); + status = INSTALL_ERROR; + } else { + ui_print("Successfully updated Encrypted FS.\n"); + status = INSTALL_SUCCESS; + } + } + } else if (update_package != NULL) { status = install_package(update_package); if (status != INSTALL_SUCCESS) ui_print("Installation aborted.\n"); } else if (wipe_data) { @@ -42,6 +42,7 @@ xxx may just want to use enums static const char g_mtd_device[] = "@\0g_mtd_device"; static const char g_raw[] = "@\0g_raw"; static const char g_package_file[] = "@\0g_package_file"; +static const char g_ramdisk[] = "@\0g_ramdisk"; static RootInfo g_roots[] = { { "BOOT:", g_mtd_device, NULL, "boot", NULL, g_raw }, @@ -53,7 +54,7 @@ static RootInfo g_roots[] = { { "SDCARD:", "/dev/block/mmcblk0p1", "/dev/block/mmcblk0", NULL, "/sdcard", "vfat" }, { "SYSTEM:", g_mtd_device, NULL, "system", "/system", "yaffs2" }, { "MBM:", g_mtd_device, NULL, "mbm", NULL, g_raw }, - { "TMP:", NULL, NULL, NULL, "/tmp", NULL }, + { "TMP:", NULL, NULL, NULL, "/tmp", g_ramdisk }, }; #define NUM_ROOTS (sizeof(g_roots) / sizeof(g_roots[0])) @@ -180,7 +181,9 @@ internal_root_mounted(const RootInfo *info) if (info->mount_point == NULL) { return -1; } -//xxx if TMP: (or similar) just say "yes" + if (info->filesystem == g_ramdisk) { + return 0; + } /* See if this root is already mounted. */ |