summaryrefslogtreecommitdiffstats
path: root/crypto/vold_decrypt (unfollow)
Commit message (Collapse)AuthorFilesLines
2019-02-02vold_decrypt: Add android 9.0 supportnijel86-31/+362
* build modified vdc_pie binary with 'checkpw' command support if building with Android 9.0 platform. That command and others we don't care about, are removed from Pie vdc. Our vdc_pie will run if system sdk version is > 27, otherwise system vdc is used. Code adapted from Android 9.0 system/vold/vdc. * include prebuilt vdc_pie(arm, arm64) binary if building with lower than Android 9.0 platform - vdc_pie cannot be build from source with those platforms without additional imports from Android 9.0 * skip vdc "getpwtype" command for Pie - vds communicates with vold directly, no need for connection retries first * add /system/bin/servicemanager to required services * mount per-devive additional partitions needed for decryption listed with device BoardConfig.mk TW_CRYPTO_SYSTEM_VOLD_MOUNT flag like(space separated): TW_CRYPTO_SYSTEM_VOLD_MOUNT := vendor cust odm * add function to backup crypto footer before running vdc commands and restore it after - on Xiaomi Mi Max 3 both Oreo and Pie stock roms vold alters cripto footer when decrypting data in recovery which causes system to ask for crypto password at next reboot although password stays unchanged. Crypto footer backup/restore added as workaround for systems whit ro.build.version.sdk > 25. Also to preserve crypto footer integrity decryption attempts are skipped if footer backup fails to ensure no data loss. Code adapted from https://gerrit.omnirom.org/#/c/android_bootable_recovery/+/31206/ Change-Id: I0a383f3843578fa55595cfea3b7c9c4431646a1a
2018-12-25vold_decrypt: use ANDROID_ROOT for additional compatibilityCaptain Throwback1-10/+10
Rather than using hard-coded system, use ANDROID_ROOT environment variable to allow AB devices to mount system_root at a custom path. This allows the /system path to be bind mounted from $ANDROID_ROOT/system so that the vold_decrypt paths can remain unchanged. Change-Id: I9a7b13385e43f169f1df4c75b2a003fc6913952c
2018-05-25TWRP: vold_crypto: Allow custom strace pathnailyk-fr1-0/+6
* Allow custom definition of strace path with TW_ flags. * `TW_CRYPTO_SYSTEM_VOLD_DEBUG := true` will use default path: /sbin/strace. * `TW_CRYPTO_SYSTEM_VOLD_DEBUG := /system/xbin/strace` will use the provided `/system/xbin/strace` path. Change-Id: I5e12a10176d17a4f26487de0976a776d48c4142e Signed-off-by: nailyk-fr <nailyk_git@nailyk.fr>
2018-05-25vold_decrypt: Code cleanupnkk711-44/+71
* Separate stdout and stderr buffers: vdc's return codes get sent to stdout, but the possible presence of other error messages in the output buffer will cause a valid return from vdc not to be parsed properly, and subsequent decryption to fail due to "misunderstood" return code. eg on the U11+ (htc_ocm) libc will generate an error to stderr due to a missing property area resulting a proper connection to vold being incorrectly parsed, and breaking decryption. * Improve logging. Change-Id: I57987ebe4ee6754a78e79ca177506098f8301f8f
2017-11-28vold_decrypt: FDE Keymaster 3.0 supportnkk716-298/+901
* HTC U11 Oreo is using keymaster3 FDE encryption which requires the new services: 1- /system/bin/hwservicemanager 2- /vendor/bin/hw/android.hardware.keymaster@3.0-service 3- /vendor/bin/qseecomd (instead of /system/bin/qseecomd) So in addition to /vendor/lib and /vendor/lib64 also symlink /system/vendor/bin to /vendor/bin. * vold_decrypt services now have separate prefixes: 1- 'sys_' referring to /system/bin 2- 'ven_' referring to /vendor/bin * The additional (hwservicemanager, keymaster-3-0) and modified (qseecomd) .rc files have been updated in the vold_decrypt directory. Comments were added directly in the .rc files, please check them. * /etc/recovery.fstab needs to be temporarily moved since vold will use it if it finds the '/sbin/recovery' file (refer to fs_mgr for the fstab load code https://goo.gl/8KaZyf). Since fs_mgr cannot parse TWRP style fstab, we 'hide' it and attempt to create a symlink to /fstab.{ro.hardware}. Also remove shell dependencies, code cleanup, new error codes: * Critical sections of vold_decrypt should not rely on the external shell (and the available binaries) provided by TWFunc::Exec_Cmd. Doing so may lead to failures resulting from different shell provided binaries not working properly, especially since busybox can be inconsistent across different trees. In particular the following functions have been changed: * run_vdc() no longer uses daisy chained commands, instead it now forks and executes vdc directly including a 30 second built in timeout. * Symlink_Firmware_Files() no longer relies on the shell 'find' command to retrieve the list of firmware/vendor files and instead uses a built in function, Find_Firmware_Files(), which traverses the system partition to retrieve the list of files. * The code has also been cleaned up a little for better consistency, and vold_decrypt will now return various error codes for the different failures, as defined in vold_decrypt.h, which allows the gui_msg to be moved back to partitionmanager.cpp. Notes regarding pre Android 8.0 builds: * Service names in .rc files cannot exceed 16 characters (including the prepended 'sys_' or 'ven_') in Android 7.1 and below, so a service name such as 'sys_hwservicemanager' is out of the question for 7.1 and below. * hwservicemanager will check ACLs on 'hwservicemanager' and 'ITokenManager' if they are even allowed to run, otherwise the interfaces will fail. The policies have only been introduced in 8.0, and although it is possible to manually add them to the 7.1 policies it's not recommended. * Therefore the best course of action is to build in 8.0. * SIDE NOTE: On the HTC U11 we are actually using omni-7.1 with some changes in the device tree to support both Nougat and Oreo decryption, please refer to: 1- https://gerrit.twrp.me/c/2756/ for the necessary sepolicy and BoardConfig changes. 2- The Android.mk file for vold_decrypt was modified to truncate greater than 16 character service names (as mentioned therein) Other changes: * TW_CRYPTO_SYSTEM_VOLD_DISABLE_TIMEOUT is now deprecated due to built- in fork and timeout. * Output_dmesg_to_recovery_log() is also deprecated so upon a failed decryption the recovery.log will no longer append it, instead you can just use 'adb shell dmesg' to check it. Nonetheless if a true debug build is needed use the original TW_CRYPTO_SYSTEM_VOLD_DEBUG flag as outlined in the original commit message (see below). Usage info: This is an update to the initial vold_decrypt, for more info refer to https://github.com/omnirom/android_bootable_recovery/commit/71c6c50d0da1f32dd18a749797e88de2358c5ba1 Change-Id: Id7129d125ae7f5dcba0779489825add718022ba3
2017-03-06vold_decrypt: Add back missing xml and get rid of compiler warningnkk711-5/+4
Change-Id: I883112e2618f560e96002e2076e2735cc20cfac3
2017-03-06crypto: Use system's vold for decryptionnkk715-0/+736
If TWRP crypto fails to decrypt partition, mount the system partition and use system's own vold to attempt decryption. This provides a fallback for proprietary OEM encryption as well as encryption methods which TWRP hasn't been updated for. Requirements in device tree: * fstab.{ro.hardware} in device/recovery/root The fstab does not need to be complete, but it does need the data partition and the encryption entries. * 'TW_CRYPTO_USE_SYSTEM_VOLD := true' in BoardConfig or * 'TW_CRYPTO_USE_SYSTEM_VOLD := <list of services>' Notes: * Setting the flag to 'true' will just use system's vdc+vold or * Setting the flag with additional services, will also start them prior to attempting vdc+vold decryption, eg: for qualcomm based devices you usually need 'TW_CRYPTO_USE_SYSTEM_VOLD := qseecomd' * For each service listed an additional import will be automatically added to the vold_decrypt.rc file in the form of init.recovery.vold_decrypt.{service}.rc You will need to add any not already existing .rc files in your device/recovery/root folder. * The service names specified in the vold_decrypt.{service}.rc files have to be named 'sys_{service}' eg: 'service sys_qseecomd /system/bin/qseecomd' * Any service already existing in TWRP as {service} or sbin{service} will be stopped and restarted as needed. * You can override the default init.recovery.vold_decrypt.rc file(s) by placing same named ones in your device/recovery/root folder. If you do, you'll need to manually add the needed imports. * If /vendor and /firmware folders are temporarily moved and symlinked to the folders and files in the system partition, the properties 'vold_decrypt.symlinked_vendor' and 'vold_decrypt.symlinked_firmware' will be set to 1. This allows for additional control in the .rc files for any extra actions (symlinks, cp files, etc) that may be needed for decryption by using: on property:vold_decrypt.symlinked_vendor=1 and/or on property:vold_decrypt.symlinked_firmware=1 triggers. Debug mode: 'TW_CRYPTO_SYSTEM_VOLD_DEBUG := true' in BoardConfig * Specifying this flag, will enable strace on init and vdc, which will create separate log files in /tmp for every process created, allowing for detailed analysis of which services and files are being accessed. * Note that enabling strace will expose the password in the logs!! * You need to manually add strace to your build. Thanks to @Captain_Throwback for co-authoring and testing. Tested successfully on HTC devices: M8 (KK through MM), M9 (MM and N), A9 (N), 10 (N), Bolt (N), Desire 626s (MM), U Ultra (N) HTC One X9 (MTK device) And by Nikolay Jeliazkov on: Xiaomi Mi Max Change-Id: I4d22ab55baf6a2a50adde2e4c1c510c142714227