From 253368a0726120efa57664cdd1d088af099a3d81 Mon Sep 17 00:00:00 2001 From: Ethan Yonker Date: Tue, 25 Nov 2014 15:00:52 -0600 Subject: Reduce libs needed for decrypt and clean up old decypt files Trim cryptfs.c to remove functions that TWRP does not use for decrypt and remove the need for libfs_mgr from cryptfs.c by passing some items to cryptfs.c from the partition manager. Add support for new fstab flags: encryptable and forceencrypt=/path/to/cryptokey For example: flags=forceencrypt=/dev/block/platform/sdhci-tegra.3/by-name/MD1 Note that "footer" is the default, so you do not need to set this flag on devices that use the footer for the crypto key. Also add mounttodecrypt if you need to mount a partition during the decrypt cycle for firmware of proprietary libs. Clean up decrypt and only support one version Android 5.0 lollipop decrypt should be backwards compatible with older versions so we will only support one version, 1.3 that came with 5.0 lollipop. Remove support for Samsung TouchWiz decrypt. It does not work with the latest versions of Samsung encryption anyway and it has not been updated to work with any AOSP decryption higher than 1.1 Change-Id: I2d9c6e31df50268c91ee642c2fa090f901d9d5c9 --- crypto/fs_mgr/Android.mk | 38 -- crypto/fs_mgr/fs_mgr.c | 948 ------------------------------------- crypto/fs_mgr/fs_mgr_main.c | 114 ----- crypto/fs_mgr/fs_mgr_priv.h | 85 ---- crypto/fs_mgr/fs_mgr_priv_verity.h | 17 - crypto/fs_mgr/fs_mgr_verity.c | 410 ---------------- crypto/fs_mgr/include/fs_mgr.h | 72 --- 7 files changed, 1684 deletions(-) delete mode 100644 crypto/fs_mgr/Android.mk delete mode 100644 crypto/fs_mgr/fs_mgr.c delete mode 100644 crypto/fs_mgr/fs_mgr_main.c delete mode 100644 crypto/fs_mgr/fs_mgr_priv.h delete mode 100644 crypto/fs_mgr/fs_mgr_priv_verity.h delete mode 100644 crypto/fs_mgr/fs_mgr_verity.c delete mode 100644 crypto/fs_mgr/include/fs_mgr.h (limited to 'crypto/fs_mgr') diff --git a/crypto/fs_mgr/Android.mk b/crypto/fs_mgr/Android.mk deleted file mode 100644 index 8dd9d4ca2..000000000 --- a/crypto/fs_mgr/Android.mk +++ /dev/null @@ -1,38 +0,0 @@ -# Copyright 2011 The Android Open Source Project -ifeq ($(TW_INCLUDE_JB_CRYPTO), true) -LOCAL_PATH:= $(call my-dir) -include $(CLEAR_VARS) - -LOCAL_SRC_FILES:= fs_mgr.c fs_mgr_verity.c - -LOCAL_C_INCLUDES := $(LOCAL_PATH)/include - -LOCAL_MODULE:= libfs_mgrtwrp -LOCAL_SHARED_LIBRARIES := libext4_utils -LOCAL_STATIC_LIBRARIES := liblogwraptwrp libmincrypttwrp -LOCAL_C_INCLUDES += \ - system/extras/ext4_utils \ - $(commands_recovery_local_path)/libmincrypt/includes -LOCAL_EXPORT_C_INCLUDE_DIRS := $(LOCAL_PATH)/include - -include $(BUILD_STATIC_LIBRARY) - - -include $(CLEAR_VARS) - -LOCAL_SRC_FILES:= fs_mgr_main.c - -LOCAL_C_INCLUDES := $(LOCAL_PATH)/include - -LOCAL_MODULE:= fs_mgrtwrp - -LOCAL_MODULE_TAGS := optional -LOCAL_FORCE_STATIC_EXECUTABLE := true -LOCAL_MODULE_PATH := $(TARGET_ROOT_OUT)/sbin -LOCAL_UNSTRIPPED_PATH := $(TARGET_ROOT_OUT_UNSTRIPPED) - -LOCAL_STATIC_LIBRARIES := libfs_mgrtwrp liblogwraptwrp libcutils liblog libc libmincrypttwrp libext4_utils_static - -include $(BUILD_EXECUTABLE) - -endif diff --git a/crypto/fs_mgr/fs_mgr.c b/crypto/fs_mgr/fs_mgr.c deleted file mode 100644 index 3aa9e6039..000000000 --- a/crypto/fs_mgr/fs_mgr.c +++ /dev/null @@ -1,948 +0,0 @@ -/* - * Copyright (C) 2012 The Android Open Source Project - * - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ - -#include -#include -#include -#include -#include -#include -#include -#include -#include -#include -#include -#include -#include -//#include -/* XXX These need to be obtained from kernel headers. See b/9336527 */ -#define SWAP_FLAG_PREFER 0x8000 -#define SWAP_FLAG_PRIO_MASK 0x7fff -#define SWAP_FLAG_PRIO_SHIFT 0 -#define SWAP_FLAG_DISCARD 0x10000 - -#include -#include -#include -#include -#include - -#include "mincrypt/rsa.h" -#include "mincrypt/sha.h" -#include "mincrypt/sha256.h" - -#include "fs_mgr_priv.h" -#include "fs_mgr_priv_verity.h" - -#define KEY_LOC_PROP "ro.crypto.keyfile.userdata" -#define KEY_IN_FOOTER "footer" - -#define E2FSCK_BIN "/system/bin/e2fsck" -#define MKSWAP_BIN "/system/bin/mkswap" - -#define FSCK_LOG_FILE "/dev/fscklogs/log" - -#define ZRAM_CONF_DEV "/sys/block/zram0/disksize" - -#define ARRAY_SIZE(a) (sizeof(a) / sizeof(*(a))) - -struct flag_list { - const char *name; - unsigned flag; -}; - -static struct flag_list mount_flags[] = { - { "noatime", MS_NOATIME }, - { "noexec", MS_NOEXEC }, - { "nosuid", MS_NOSUID }, - { "nodev", MS_NODEV }, - { "nodiratime", MS_NODIRATIME }, - { "ro", MS_RDONLY }, - { "rw", 0 }, - { "remount", MS_REMOUNT }, - { "bind", MS_BIND }, - { "rec", MS_REC }, - { "unbindable", MS_UNBINDABLE }, - { "private", MS_PRIVATE }, - { "slave", MS_SLAVE }, - { "shared", MS_SHARED }, - { "defaults", 0 }, - { 0, 0 }, -}; - -static struct flag_list fs_mgr_flags[] = { - { "wait", MF_WAIT }, - { "check", MF_CHECK }, - { "encryptable=",MF_CRYPT }, - { "nonremovable",MF_NONREMOVABLE }, - { "voldmanaged=",MF_VOLDMANAGED}, - { "length=", MF_LENGTH }, - { "recoveryonly",MF_RECOVERYONLY }, - { "swapprio=", MF_SWAPPRIO }, - { "zramsize=", MF_ZRAMSIZE }, - { "verify", MF_VERIFY }, - { "noemulatedsd", MF_NOEMULATEDSD }, - { "defaults", 0 }, - { 0, 0 }, -}; - -struct fs_mgr_flag_values { - char *key_loc; - long long part_length; - char *label; - int partnum; - int swap_prio; - unsigned int zram_size; -}; - -/* - * gettime() - returns the time in seconds of the system's monotonic clock or - * zero on error. - */ -static time_t gettime(void) -{ - struct timespec ts; - int ret; - - ret = clock_gettime(CLOCK_MONOTONIC, &ts); - if (ret < 0) { - ERROR("clock_gettime(CLOCK_MONOTONIC) failed: %s\n", strerror(errno)); - return 0; - } - - return ts.tv_sec; -} - -static int wait_for_file(const char *filename, int timeout) -{ - struct stat info; - time_t timeout_time = gettime() + timeout; - int ret = -1; - - while (gettime() < timeout_time && ((ret = stat(filename, &info)) < 0)) - usleep(10000); - - return ret; -} - -static int parse_flags(char *flags, struct flag_list *fl, - struct fs_mgr_flag_values *flag_vals, - char *fs_options, int fs_options_len) -{ - int f = 0; - int i; - char *p; - char *savep; - - /* initialize flag values. If we find a relevant flag, we'll - * update the value */ - if (flag_vals) { - memset(flag_vals, 0, sizeof(*flag_vals)); - flag_vals->partnum = -1; - flag_vals->swap_prio = -1; /* negative means it wasn't specified. */ - } - - /* initialize fs_options to the null string */ - if (fs_options && (fs_options_len > 0)) { - fs_options[0] = '\0'; - } - - p = strtok_r(flags, ",", &savep); - while (p) { - /* Look for the flag "p" in the flag list "fl" - * If not found, the loop exits with fl[i].name being null. - */ - for (i = 0; fl[i].name; i++) { - if (!strncmp(p, fl[i].name, strlen(fl[i].name))) { - f |= fl[i].flag; - if ((fl[i].flag == MF_CRYPT) && flag_vals) { - /* The encryptable flag is followed by an = and the - * location of the keys. Get it and return it. - */ - flag_vals->key_loc = strdup(strchr(p, '=') + 1); - } else if ((fl[i].flag == MF_LENGTH) && flag_vals) { - /* The length flag is followed by an = and the - * size of the partition. Get it and return it. - */ - flag_vals->part_length = strtoll(strchr(p, '=') + 1, NULL, 0); - } else if ((fl[i].flag == MF_VOLDMANAGED) && flag_vals) { - /* The voldmanaged flag is followed by an = and the - * label, a colon and the partition number or the - * word "auto", e.g. - * voldmanaged=sdcard:3 - * Get and return them. - */ - char *label_start; - char *label_end; - char *part_start; - - label_start = strchr(p, '=') + 1; - label_end = strchr(p, ':'); - if (label_end) { - flag_vals->label = strndup(label_start, - (int) (label_end - label_start)); - part_start = strchr(p, ':') + 1; - if (!strcmp(part_start, "auto")) { - flag_vals->partnum = -1; - } else { - flag_vals->partnum = strtol(part_start, NULL, 0); - } - } else { - ERROR("Warning: voldmanaged= flag malformed\n"); - } - } else if ((fl[i].flag == MF_SWAPPRIO) && flag_vals) { - flag_vals->swap_prio = strtoll(strchr(p, '=') + 1, NULL, 0); - } else if ((fl[i].flag == MF_ZRAMSIZE) && flag_vals) { - flag_vals->zram_size = strtoll(strchr(p, '=') + 1, NULL, 0); - } - break; - } - } - - if (!fl[i].name) { - if (fs_options) { - /* It's not a known flag, so it must be a filesystem specific - * option. Add it to fs_options if it was passed in. - */ - strlcat(fs_options, p, fs_options_len); - strlcat(fs_options, ",", fs_options_len); - } else { - /* fs_options was not passed in, so if the flag is unknown - * it's an error. - */ - ERROR("Warning: unknown flag %s\n", p); - } - } - p = strtok_r(NULL, ",", &savep); - } - -out: - if (fs_options && fs_options[0]) { - /* remove the last trailing comma from the list of options */ - fs_options[strlen(fs_options) - 1] = '\0'; - } - - return f; -} - -/* Read a line of text till the next newline character. - * If no newline is found before the buffer is full, continue reading till a new line is seen, - * then return an empty buffer. This effectively ignores lines that are too long. - * On EOF, return null. - */ -static char *fs_getline(char *buf, int size, FILE *file) -{ - int cnt = 0; - int eof = 0; - int eol = 0; - int c; - - if (size < 1) { - return NULL; - } - - while (cnt < (size - 1)) { - c = getc(file); - if (c == EOF) { - eof = 1; - break; - } - - *(buf + cnt) = c; - cnt++; - - if (c == '\n') { - eol = 1; - break; - } - } - - /* Null terminate what we've read */ - *(buf + cnt) = '\0'; - - if (eof) { - if (cnt) { - return buf; - } else { - return NULL; - } - } else if (eol) { - return buf; - } else { - /* The line is too long. Read till a newline or EOF. - * If EOF, return null, if newline, return an empty buffer. - */ - while(1) { - c = getc(file); - if (c == EOF) { - return NULL; - } else if (c == '\n') { - *buf = '\0'; - return buf; - } - } - } -} - -struct fstab *fs_mgr_read_fstab(const char *fstab_path) -{ - FILE *fstab_file; - int cnt, entries; - int len; - char line[256]; - const char *delim = " \t"; - char *save_ptr, *p; - struct fstab *fstab; - struct fstab_rec *recs; - struct fs_mgr_flag_values flag_vals; -#define FS_OPTIONS_LEN 1024 - char tmp_fs_options[FS_OPTIONS_LEN]; - - fstab_file = fopen(fstab_path, "r"); - if (!fstab_file) { - ERROR("Cannot open file %s\n", fstab_path); - return 0; - } - - entries = 0; - while (fs_getline(line, sizeof(line), fstab_file)) { - /* if the last character is a newline, shorten the string by 1 byte */ - len = strlen(line); - if (line[len - 1] == '\n') { - line[len - 1] = '\0'; - } - /* Skip any leading whitespace */ - p = line; - while (isspace(*p)) { - p++; - } - /* ignore comments or empty lines */ - if (*p == '#' || *p == '\0') - continue; - entries++; - } - - if (!entries) { - ERROR("No entries found in fstab\n"); - return 0; - } - - /* Allocate and init the fstab structure */ - fstab = calloc(1, sizeof(struct fstab)); - fstab->num_entries = entries; - fstab->fstab_filename = strdup(fstab_path); - fstab->recs = calloc(fstab->num_entries, sizeof(struct fstab_rec)); - - fseek(fstab_file, 0, SEEK_SET); - - cnt = 0; - while (fs_getline(line, sizeof(line), fstab_file)) { - /* if the last character is a newline, shorten the string by 1 byte */ - len = strlen(line); - if (line[len - 1] == '\n') { - line[len - 1] = '\0'; - } - - /* Skip any leading whitespace */ - p = line; - while (isspace(*p)) { - p++; - } - /* ignore comments or empty lines */ - if (*p == '#' || *p == '\0') - continue; - - /* If a non-comment entry is greater than the size we allocated, give an - * error and quit. This can happen in the unlikely case the file changes - * between the two reads. - */ - if (cnt >= entries) { - ERROR("Tried to process more entries than counted\n"); - break; - } - - if (!(p = strtok_r(line, delim, &save_ptr))) { - ERROR("Error parsing mount source\n"); - return 0; - } - fstab->recs[cnt].blk_device = strdup(p); - - if (!(p = strtok_r(NULL, delim, &save_ptr))) { - ERROR("Error parsing mount_point\n"); - return 0; - } - fstab->recs[cnt].mount_point = strdup(p); - - if (!(p = strtok_r(NULL, delim, &save_ptr))) { - ERROR("Error parsing fs_type\n"); - return 0; - } - fstab->recs[cnt].fs_type = strdup(p); - - if (!(p = strtok_r(NULL, delim, &save_ptr))) { - ERROR("Error parsing mount_flags\n"); - return 0; - } - tmp_fs_options[0] = '\0'; - fstab->recs[cnt].flags = parse_flags(p, mount_flags, NULL, - tmp_fs_options, FS_OPTIONS_LEN); - - /* fs_options are optional */ - if (tmp_fs_options[0]) { - fstab->recs[cnt].fs_options = strdup(tmp_fs_options); - } else { - fstab->recs[cnt].fs_options = NULL; - } - - if (!(p = strtok_r(NULL, delim, &save_ptr))) { - ERROR("Error parsing fs_mgr_options\n"); - return 0; - } - fstab->recs[cnt].fs_mgr_flags = parse_flags(p, fs_mgr_flags, - &flag_vals, NULL, 0); - fstab->recs[cnt].key_loc = flag_vals.key_loc; - fstab->recs[cnt].length = flag_vals.part_length; - fstab->recs[cnt].label = flag_vals.label; - fstab->recs[cnt].partnum = flag_vals.partnum; - fstab->recs[cnt].swap_prio = flag_vals.swap_prio; - fstab->recs[cnt].zram_size = flag_vals.zram_size; - cnt++; - } - fclose(fstab_file); - - return fstab; -} - -void fs_mgr_free_fstab(struct fstab *fstab) -{ - int i; - - if (!fstab) { - return; - } - - for (i = 0; i < fstab->num_entries; i++) { - /* Free the pointers return by strdup(3) */ - free(fstab->recs[i].blk_device); - free(fstab->recs[i].mount_point); - free(fstab->recs[i].fs_type); - free(fstab->recs[i].fs_options); - free(fstab->recs[i].key_loc); - free(fstab->recs[i].label); - i++; - } - - /* Free the fstab_recs array created by calloc(3) */ - free(fstab->recs); - - /* Free the fstab filename */ - free(fstab->fstab_filename); - - /* Free fstab */ - free(fstab); -} - -static void check_fs(char *blk_device, char *fs_type, char *target) -{ - int status; - int ret; - long tmpmnt_flags = MS_NOATIME | MS_NOEXEC | MS_NOSUID; - char *tmpmnt_opts = "nomblk_io_submit,errors=remount-ro"; - char *e2fsck_argv[] = { - E2FSCK_BIN, - "-y", - blk_device - }; - - /* Check for the types of filesystems we know how to check */ - if (!strcmp(fs_type, "ext2") || !strcmp(fs_type, "ext3") || !strcmp(fs_type, "ext4")) { - /* - * First try to mount and unmount the filesystem. We do this because - * the kernel is more efficient than e2fsck in running the journal and - * processing orphaned inodes, and on at least one device with a - * performance issue in the emmc firmware, it can take e2fsck 2.5 minutes - * to do what the kernel does in about a second. - * - * After mounting and unmounting the filesystem, run e2fsck, and if an - * error is recorded in the filesystem superblock, e2fsck will do a full - * check. Otherwise, it does nothing. If the kernel cannot mount the - * filesytsem due to an error, e2fsck is still run to do a full check - * fix the filesystem. - */ - ret = mount(blk_device, target, fs_type, tmpmnt_flags, tmpmnt_opts); - if (!ret) { - umount(target); - } - - INFO("Running %s on %s\n", E2FSCK_BIN, blk_device); - - ret = android_fork_execvp_ext(ARRAY_SIZE(e2fsck_argv), e2fsck_argv, - &status, true, LOG_KLOG | LOG_FILE, - true, FSCK_LOG_FILE); - - if (ret < 0) { - /* No need to check for error in fork, we can't really handle it now */ - ERROR("Failed trying to run %s\n", E2FSCK_BIN); - } - } - - return; -} - -static void remove_trailing_slashes(char *n) -{ - int len; - - len = strlen(n) - 1; - while ((*(n + len) == '/') && len) { - *(n + len) = '\0'; - len--; - } -} - -/* - * Mark the given block device as read-only, using the BLKROSET ioctl. - * Return 0 on success, and -1 on error. - */ -static void fs_set_blk_ro(const char *blockdev) -{ - int fd; - int ON = 1; - - fd = open(blockdev, O_RDONLY); - if (fd < 0) { - // should never happen - return; - } - - ioctl(fd, BLKROSET, &ON); - close(fd); -} - -/* - * __mount(): wrapper around the mount() system call which also - * sets the underlying block device to read-only if the mount is read-only. - * See "man 2 mount" for return values. - */ -static int __mount(const char *source, const char *target, - const char *filesystemtype, unsigned long mountflags, - const void *data) -{ - int ret = mount(source, target, filesystemtype, mountflags, data); - - if ((ret == 0) && (mountflags & MS_RDONLY) != 0) { - fs_set_blk_ro(source); - } - - return ret; -} - -static int fs_match(char *in1, char *in2) -{ - char *n1; - char *n2; - int ret; - - n1 = strdup(in1); - n2 = strdup(in2); - - remove_trailing_slashes(n1); - remove_trailing_slashes(n2); - - ret = !strcmp(n1, n2); - - free(n1); - free(n2); - - return ret; -} - -int fs_mgr_mount_all(struct fstab *fstab) -{ - int i = 0; - int encrypted = 0; - int ret = -1; - int mret; - - if (!fstab) { - return ret; - } - - for (i = 0; i < fstab->num_entries; i++) { - /* Don't mount entries that are managed by vold */ - if (fstab->recs[i].fs_mgr_flags & (MF_VOLDMANAGED | MF_RECOVERYONLY)) { - continue; - } - - /* Skip swap and raw partition entries such as boot, recovery, etc */ - if (!strcmp(fstab->recs[i].fs_type, "swap") || - !strcmp(fstab->recs[i].fs_type, "emmc") || - !strcmp(fstab->recs[i].fs_type, "mtd")) { - continue; - } - - if (fstab->recs[i].fs_mgr_flags & MF_WAIT) { - wait_for_file(fstab->recs[i].blk_device, WAIT_TIMEOUT); - } - - if (fstab->recs[i].fs_mgr_flags & MF_CHECK) { - check_fs(fstab->recs[i].blk_device, fstab->recs[i].fs_type, - fstab->recs[i].mount_point); - } - - if (fstab->recs[i].fs_mgr_flags & MF_VERIFY) { - if (fs_mgr_setup_verity(&fstab->recs[i]) < 0) { - ERROR("Could not set up verified partition, skipping!"); - continue; - } - } - - mret = __mount(fstab->recs[i].blk_device, fstab->recs[i].mount_point, - fstab->recs[i].fs_type, fstab->recs[i].flags, - fstab->recs[i].fs_options); - - if (!mret) { - /* Success! Go get the next one */ - continue; - } - - /* mount(2) returned an error, check if it's encrypted and deal with it */ - if ((fstab->recs[i].fs_mgr_flags & MF_CRYPT) && - !partition_wiped(fstab->recs[i].blk_device)) { - /* Need to mount a tmpfs at this mountpoint for now, and set - * properties that vold will query later for decrypting - */ - if (mount("tmpfs", fstab->recs[i].mount_point, "tmpfs", - MS_NOATIME | MS_NOSUID | MS_NODEV, CRYPTO_TMPFS_OPTIONS) < 0) { - ERROR("Cannot mount tmpfs filesystem for encrypted fs at %s\n", - fstab->recs[i].mount_point); - goto out; - } - encrypted = 1; - } else { - ERROR("Cannot mount filesystem on %s at %s\n", - fstab->recs[i].blk_device, fstab->recs[i].mount_point); - goto out; - } - } - - if (encrypted) { - ret = 1; - } else { - ret = 0; - } - -out: - return ret; -} - -/* If tmp_mount_point is non-null, mount the filesystem there. This is for the - * tmp mount we do to check the user password - */ -int fs_mgr_do_mount(struct fstab *fstab, char *n_name, char *n_blk_device, - char *tmp_mount_point) -{ - int i = 0; - int ret = -1; - char *m; - - if (!fstab) { - return ret; - } - - for (i = 0; i < fstab->num_entries; i++) { - if (!fs_match(fstab->recs[i].mount_point, n_name)) { - continue; - } - - /* We found our match */ - /* If this swap or a raw partition, report an error */ - if (!strcmp(fstab->recs[i].fs_type, "swap") || - !strcmp(fstab->recs[i].fs_type, "emmc") || - !strcmp(fstab->recs[i].fs_type, "mtd")) { - ERROR("Cannot mount filesystem of type %s on %s\n", - fstab->recs[i].fs_type, n_blk_device); - goto out; - } - - /* First check the filesystem if requested */ - if (fstab->recs[i].fs_mgr_flags & MF_WAIT) { - wait_for_file(n_blk_device, WAIT_TIMEOUT); - } - - if (fstab->recs[i].fs_mgr_flags & MF_CHECK) { - check_fs(n_blk_device, fstab->recs[i].fs_type, - fstab->recs[i].mount_point); - } - - if (fstab->recs[i].fs_mgr_flags & MF_VERIFY) { - if (fs_mgr_setup_verity(&fstab->recs[i]) < 0) { - ERROR("Could not set up verified partition, skipping!"); - continue; - } - } - - /* Now mount it where requested */ - if (tmp_mount_point) { - m = tmp_mount_point; - } else { - m = fstab->recs[i].mount_point; - } - if (__mount(n_blk_device, m, fstab->recs[i].fs_type, - fstab->recs[i].flags, fstab->recs[i].fs_options)) { - ERROR("Cannot mount filesystem on %s at %s\n", - n_blk_device, m); - goto out; - } else { - ret = 0; - goto out; - } - } - - /* We didn't find a match, say so and return an error */ - ERROR("Cannot find mount point %s in fstab\n", fstab->recs[i].mount_point); - -out: - return ret; -} - -/* - * mount a tmpfs filesystem at the given point. - * return 0 on success, non-zero on failure. - */ -int fs_mgr_do_tmpfs_mount(char *n_name) -{ - int ret; - - ret = mount("tmpfs", n_name, "tmpfs", - MS_NOATIME | MS_NOSUID | MS_NODEV, CRYPTO_TMPFS_OPTIONS); - if (ret < 0) { - ERROR("Cannot mount tmpfs filesystem at %s\n", n_name); - return -1; - } - - /* Success */ - return 0; -} - -int fs_mgr_unmount_all(struct fstab *fstab) -{ - int i = 0; - int ret = 0; - - if (!fstab) { - return -1; - } - - while (fstab->recs[i].blk_device) { - if (umount(fstab->recs[i].mount_point)) { - ERROR("Cannot unmount filesystem at %s\n", fstab->recs[i].mount_point); - ret = -1; - } - i++; - } - - return ret; -} - -/* This must be called after mount_all, because the mkswap command needs to be - * available. - */ -int fs_mgr_swapon_all(struct fstab *fstab) -{ - int i = 0; - int flags = 0; - int err = 0; - int ret = 0; - int status; - char *mkswap_argv[2] = { - MKSWAP_BIN, - NULL - }; - - if (!fstab) { - return -1; - } - - for (i = 0; i < fstab->num_entries; i++) { - /* Skip non-swap entries */ - if (strcmp(fstab->recs[i].fs_type, "swap")) { - continue; - } - - if (fstab->recs[i].zram_size > 0) { - /* A zram_size was specified, so we need to configure the - * device. There is no point in having multiple zram devices - * on a system (all the memory comes from the same pool) so - * we can assume the device number is 0. - */ - FILE *zram_fp; - - zram_fp = fopen(ZRAM_CONF_DEV, "r+"); - if (zram_fp == NULL) { - ERROR("Unable to open zram conf device " ZRAM_CONF_DEV); - ret = -1; - continue; - } - fprintf(zram_fp, "%d\n", fstab->recs[i].zram_size); - fclose(zram_fp); - } - - if (fstab->recs[i].fs_mgr_flags & MF_WAIT) { - wait_for_file(fstab->recs[i].blk_device, WAIT_TIMEOUT); - } - - /* Initialize the swap area */ - mkswap_argv[1] = fstab->recs[i].blk_device; - err = android_fork_execvp_ext(ARRAY_SIZE(mkswap_argv), mkswap_argv, - &status, true, LOG_KLOG, false, NULL); - if (err) { - ERROR("mkswap failed for %s\n", fstab->recs[i].blk_device); - ret = -1; - continue; - } - - /* If -1, then no priority was specified in fstab, so don't set - * SWAP_FLAG_PREFER or encode the priority */ - if (fstab->recs[i].swap_prio >= 0) { - flags = (fstab->recs[i].swap_prio << SWAP_FLAG_PRIO_SHIFT) & - SWAP_FLAG_PRIO_MASK; - flags |= SWAP_FLAG_PREFER; - } else { - flags = 0; - } - // requires sys/swap.h which is not available in older trees - // this entire function does not appear to be used for decrypt - err = -1; //swapon(fstab->recs[i].blk_device, flags); - if (err) { - ERROR("swapon failed for %s\n", fstab->recs[i].blk_device); - ret = -1; - } - } - - return ret; -} - -/* - * key_loc must be at least PROPERTY_VALUE_MAX bytes long - * - * real_blk_device must be at least PROPERTY_VALUE_MAX bytes long - */ -int fs_mgr_get_crypt_info(struct fstab *fstab, char *key_loc, char *real_blk_device, int size) -{ - int i = 0; - - if (!fstab) { - return -1; - } - /* Initialize return values to null strings */ - if (key_loc) { - *key_loc = '\0'; - } - if (real_blk_device) { - *real_blk_device = '\0'; - } - - /* Look for the encryptable partition to find the data */ - for (i = 0; i < fstab->num_entries; i++) { - /* Don't deal with vold managed enryptable partitions here */ - if (fstab->recs[i].fs_mgr_flags & MF_VOLDMANAGED) { - continue; - } - if (!(fstab->recs[i].fs_mgr_flags & MF_CRYPT)) { - continue; - } - - /* We found a match */ - if (key_loc) { - strlcpy(key_loc, fstab->recs[i].key_loc, size); - } - if (real_blk_device) { - strlcpy(real_blk_device, fstab->recs[i].blk_device, size); - } - break; - } - - return 0; -} - -/* Add an entry to the fstab, and return 0 on success or -1 on error */ -int fs_mgr_add_entry(struct fstab *fstab, - const char *mount_point, const char *fs_type, - const char *blk_device, long long length) -{ - struct fstab_rec *new_fstab_recs; - int n = fstab->num_entries; - - new_fstab_recs = (struct fstab_rec *) - realloc(fstab->recs, sizeof(struct fstab_rec) * (n + 1)); - - if (!new_fstab_recs) { - return -1; - } - - /* A new entry was added, so initialize it */ - memset(&new_fstab_recs[n], 0, sizeof(struct fstab_rec)); - new_fstab_recs[n].mount_point = strdup(mount_point); - new_fstab_recs[n].fs_type = strdup(fs_type); - new_fstab_recs[n].blk_device = strdup(blk_device); - new_fstab_recs[n].length = 0; - - /* Update the fstab struct */ - fstab->recs = new_fstab_recs; - fstab->num_entries++; - - return 0; -} - -struct fstab_rec *fs_mgr_get_entry_for_mount_point(struct fstab *fstab, const char *path) -{ - int i; - - if (!fstab) { - return NULL; - } - - for (i = 0; i < fstab->num_entries; i++) { - int len = strlen(fstab->recs[i].mount_point); - if (strncmp(path, fstab->recs[i].mount_point, len) == 0 && - (path[len] == '\0' || path[len] == '/')) { - return &fstab->recs[i]; - } - } - - return NULL; -} - -int fs_mgr_is_voldmanaged(struct fstab_rec *fstab) -{ - return fstab->fs_mgr_flags & MF_VOLDMANAGED; -} - -int fs_mgr_is_nonremovable(struct fstab_rec *fstab) -{ - return fstab->fs_mgr_flags & MF_NONREMOVABLE; -} - -int fs_mgr_is_encryptable(struct fstab_rec *fstab) -{ - return fstab->fs_mgr_flags & MF_CRYPT; -} - -int fs_mgr_is_noemulatedsd(struct fstab_rec *fstab) -{ - return fstab->fs_mgr_flags & MF_NOEMULATEDSD; -} diff --git a/crypto/fs_mgr/fs_mgr_main.c b/crypto/fs_mgr/fs_mgr_main.c deleted file mode 100644 index 4bde4a1da..000000000 --- a/crypto/fs_mgr/fs_mgr_main.c +++ /dev/null @@ -1,114 +0,0 @@ -/* - * Copyright (C) 2012 The Android Open Source Project - * - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ - -#include -#include -#include -#include -#include "fs_mgr_priv.h" - -char *me = ""; - -static void usage(void) -{ - ERROR("%s: usage: %s <-a | -n mnt_point blk_dev | -u> \n", me, me); - exit(1); -} - -/* Parse the command line. If an error is encountered, print an error message - * and exit the program, do not return to the caller. - * Return the number of argv[] entries consumed. - */ -static void parse_options(int argc, char *argv[], int *a_flag, int *u_flag, int *n_flag, - char **n_name, char **n_blk_dev) -{ - me = basename(strdup(argv[0])); - - if (argc <= 1) { - usage(); - } - - if (!strcmp(argv[1], "-a")) { - if (argc != 3) { - usage(); - } - *a_flag = 1; - } - if (!strcmp(argv[1], "-n")) { - if (argc != 5) { - usage(); - } - *n_flag = 1; - *n_name = argv[2]; - *n_blk_dev = argv[3]; - } - if (!strcmp(argv[1], "-u")) { - if (argc != 3) { - usage(); - } - *u_flag = 1; - } - - /* If no flag is specified, it's an error */ - if (!(*a_flag | *n_flag | *u_flag)) { - usage(); - } - - /* If more than one flag is specified, it's an error */ - if ((*a_flag + *n_flag + *u_flag) > 1) { - usage(); - } - - return; -} - -int main(int argc, char *argv[]) -{ - int a_flag=0; - int u_flag=0; - int n_flag=0; - char *n_name; - char *n_blk_dev; - char *fstab_file; - struct fstab *fstab; - - klog_init(); - klog_set_level(6); - - parse_options(argc, argv, &a_flag, &u_flag, &n_flag, &n_name, &n_blk_dev); - - /* The name of the fstab file is last, after the option */ - fstab_file = argv[argc - 1]; - - fstab = fs_mgr_read_fstab(fstab_file); - - if (a_flag) { - return fs_mgr_mount_all(fstab); - } else if (n_flag) { - return fs_mgr_do_mount(fstab, n_name, n_blk_dev, 0); - } else if (u_flag) { - return fs_mgr_unmount_all(fstab); - } else { - ERROR("%s: Internal error, unknown option\n", me); - exit(1); - } - - fs_mgr_free_fstab(fstab); - - /* Should not get here */ - exit(1); -} - diff --git a/crypto/fs_mgr/fs_mgr_priv.h b/crypto/fs_mgr/fs_mgr_priv.h deleted file mode 100644 index 59ffd785c..000000000 --- a/crypto/fs_mgr/fs_mgr_priv.h +++ /dev/null @@ -1,85 +0,0 @@ -/* - * Copyright (C) 2012 The Android Open Source Project - * - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ - -#ifndef __CORE_FS_MGR_PRIV_H -#define __CORE_FS_MGR_PRIV_H - -#include -#include - -#define INFO(x...) KLOG_INFO("fs_mgr", x) -#define ERROR(x...) KLOG_ERROR("fs_mgr", x) - -#define CRYPTO_TMPFS_OPTIONS "size=128m,mode=0771,uid=1000,gid=1000" - -#define WAIT_TIMEOUT 20 - -/* fstab has the following format: - * - * Any line starting with a # is a comment and ignored - * - * Any blank line is ignored - * - * All other lines must be in this format: - * - * - * is a comma separated list of flags that can be passed to the - * mount command. The list includes noatime, nosuid, nodev, nodiratime, - * ro, rw, remount, defaults. - * - * is a comma separated list of options accepted by the filesystem being - * mounted. It is passed directly to mount without being parsed - * - * is a comma separated list of flags that control the operation of - * the fs_mgr program. The list includes "wait", which will wait till - * the file exists, and "check", which requests that the fs_mgr - * run an fscheck program on the before mounting the filesystem. - * If check is specifed on a read-only filesystem, it is ignored. - * Also, "encryptable" means that filesystem can be encrypted. - * The "encryptable" flag _MUST_ be followed by a = and a string which - * is the location of the encryption keys. It can either be a path - * to a file or partition which contains the keys, or the word "footer" - * which means the keys are in the last 16 Kbytes of the partition - * containing the filesystem. - * - * When the fs_mgr is requested to mount all filesystems, it will first mount all the - * filesystems that do _NOT_ specify check (including filesystems that are read-only and - * specify check, because check is ignored in that case) and then it will check and mount - * filesystem marked with check. - * - */ - -#define MF_WAIT 0x1 -#define MF_CHECK 0x2 -#define MF_CRYPT 0x4 -#define MF_NONREMOVABLE 0x8 -#define MF_VOLDMANAGED 0x10 -#define MF_LENGTH 0x20 -#define MF_RECOVERYONLY 0x40 -#define MF_SWAPPRIO 0x80 -#define MF_ZRAMSIZE 0x100 -#define MF_VERIFY 0x200 -/* - * There is no emulated sdcard daemon running on /data/media on this device, - * so treat the physical SD card as the only external storage device, - * a la the Nexus One. - */ -#define MF_NOEMULATEDSD 0x400 - -#define DM_BUF_SIZE 4096 - -#endif /* __CORE_FS_MGR_PRIV_H */ - diff --git a/crypto/fs_mgr/fs_mgr_priv_verity.h b/crypto/fs_mgr/fs_mgr_priv_verity.h deleted file mode 100644 index 61937849a..000000000 --- a/crypto/fs_mgr/fs_mgr_priv_verity.h +++ /dev/null @@ -1,17 +0,0 @@ -/* - * Copyright (C) 2013 The Android Open Source Project - * - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ - -int fs_mgr_setup_verity(struct fstab_rec *fstab); \ No newline at end of file diff --git a/crypto/fs_mgr/fs_mgr_verity.c b/crypto/fs_mgr/fs_mgr_verity.c deleted file mode 100644 index 969eab2a0..000000000 --- a/crypto/fs_mgr/fs_mgr_verity.c +++ /dev/null @@ -1,410 +0,0 @@ -/* - * Copyright (C) 2013 The Android Open Source Project - * - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ - -#include -#include -#include -#include -#include -#include -#include -#include -#include -#include -#include -#include -#include - -#include -#include - -#include "mincrypt/rsa.h" -#include "mincrypt/sha.h" -#include "mincrypt/sha256.h" - -#include "ext4_utils.h" -#include "ext4.h" - -#include "fs_mgr_priv.h" -#include "fs_mgr_priv_verity.h" - -#define VERITY_METADATA_SIZE 32768 -#define VERITY_METADATA_MAGIC_NUMBER 0xb001b001 -#define VERITY_TABLE_RSA_KEY "/verity_key" - -extern struct fs_info info; - -static RSAPublicKey *load_key(char *path) -{ - FILE *f; - RSAPublicKey *key; - - key = malloc(sizeof(RSAPublicKey)); - if (!key) { - ERROR("Can't malloc key\n"); - return NULL; - } - - f = fopen(path, "r"); - if (!f) { - ERROR("Can't open '%s'\n", path); - free(key); - return NULL; - } - - if (!fread(key, sizeof(*key), 1, f)) { - ERROR("Could not read key!"); - fclose(f); - free(key); - return NULL; - } - - if (key->len != RSANUMWORDS) { - ERROR("Invalid key length %d\n", key->len); - fclose(f); - free(key); - return NULL; - } - - fclose(f); - return key; -} - -static int verify_table(char *signature, char *table, int table_length) -{ - int fd; - RSAPublicKey *key; - uint8_t hash_buf[SHA_DIGEST_SIZE]; - int retval = -1; - - // Hash the table - SHA_hash((uint8_t*)table, table_length, hash_buf); - - // Now get the public key from the keyfile - key = load_key(VERITY_TABLE_RSA_KEY); - if (!key) { - ERROR("Couldn't load verity keys"); - goto out; - } - - // verify the result - if (!RSA_verify(key, - (uint8_t*) signature, - RSANUMBYTES, - (uint8_t*) hash_buf, - SHA_DIGEST_SIZE)) { - ERROR("Couldn't verify table."); - goto out; - } - - retval = 0; - -out: - free(key); - return retval; -} - -static int get_target_device_size(char *blk_device, uint64_t *device_size) -{ - int data_device; - struct ext4_super_block sb; - - data_device = open(blk_device, O_RDONLY); - if (data_device < 0) { - ERROR("Error opening block device (%s)", strerror(errno)); - return -1; - } - - if (lseek64(data_device, 1024, SEEK_SET) < 0) { - ERROR("Error seeking to superblock"); - close(data_device); - return -1; - } - - if (read(data_device, &sb, sizeof(sb)) != sizeof(sb)) { - ERROR("Error reading superblock"); - close(data_device); - return -1; - } - - ext4_parse_sb(&sb); - *device_size = info.len; - - close(data_device); - return 0; -} - -static int read_verity_metadata(char *block_device, char **signature, char **table) -{ - unsigned magic_number; - unsigned table_length; - uint64_t device_length; - int protocol_version; - FILE *device; - int retval = -1; - - device = fopen(block_device, "r"); - if (!device) { - ERROR("Could not open block device %s (%s).\n", block_device, strerror(errno)); - goto out; - } - - // find the start of the verity metadata - if (get_target_device_size(block_device, &device_length) < 0) { - ERROR("Could not get target device size.\n"); - goto out; - } - if (fseek(device, device_length, SEEK_SET) < 0) { - ERROR("Could not seek to start of verity metadata block.\n"); - goto out; - } - - // check the magic number - if (!fread(&magic_number, sizeof(int), 1, device)) { - ERROR("Couldn't read magic number!\n"); - goto out; - } - if (magic_number != VERITY_METADATA_MAGIC_NUMBER) { - ERROR("Couldn't find verity metadata at offset %llu!\n", device_length); - goto out; - } - - // check the protocol version - if (!fread(&protocol_version, sizeof(int), 1, device)) { - ERROR("Couldn't read verity metadata protocol version!\n"); - goto out; - } - if (protocol_version != 0) { - ERROR("Got unknown verity metadata protocol version %d!\n", protocol_version); - goto out; - } - - // get the signature - *signature = (char*) malloc(RSANUMBYTES * sizeof(char)); - if (!*signature) { - ERROR("Couldn't allocate memory for signature!\n"); - goto out; - } - if (!fread(*signature, RSANUMBYTES, 1, device)) { - ERROR("Couldn't read signature from verity metadata!\n"); - free(*signature); - goto out; - } - - // get the size of the table - if (!fread(&table_length, sizeof(int), 1, device)) { - ERROR("Couldn't get the size of the verity table from metadata!\n"); - free(*signature); - goto out; - } - - // get the table + null terminator - table_length += 1; - *table = malloc(table_length); - if(!*table) { - ERROR("Couldn't allocate memory for verity table!\n"); - goto out; - } - if (!fgets(*table, table_length, device)) { - ERROR("Couldn't read the verity table from metadata!\n"); - free(*table); - free(*signature); - goto out; - } - - retval = 0; - -out: - if (device) - fclose(device); - return retval; -} - -static void verity_ioctl_init(struct dm_ioctl *io, char *name, unsigned flags) -{ - memset(io, 0, DM_BUF_SIZE); - io->data_size = DM_BUF_SIZE; - io->data_start = sizeof(struct dm_ioctl); - io->version[0] = 4; - io->version[1] = 0; - io->version[2] = 0; - io->flags = flags | DM_READONLY_FLAG; - if (name) { - strlcpy(io->name, name, sizeof(io->name)); - } -} - -static int create_verity_device(struct dm_ioctl *io, char *name, int fd) -{ - verity_ioctl_init(io, name, 1); - if (ioctl(fd, DM_DEV_CREATE, io)) { - ERROR("Error creating device mapping (%s)", strerror(errno)); - return -1; - } - return 0; -} - -static int get_verity_device_name(struct dm_ioctl *io, char *name, int fd, char **dev_name) -{ - verity_ioctl_init(io, name, 0); - if (ioctl(fd, DM_DEV_STATUS, io)) { - ERROR("Error fetching verity device number (%s)", strerror(errno)); - return -1; - } - int dev_num = (io->dev & 0xff) | ((io->dev >> 12) & 0xfff00); - if (asprintf(dev_name, "/dev/block/dm-%u", dev_num) < 0) { - ERROR("Error getting verity block device name (%s)", strerror(errno)); - return -1; - } - return 0; -} - -static int load_verity_table(struct dm_ioctl *io, char *name, char *blockdev, int fd, char *table) -{ - char *verity_params; - char *buffer = (char*) io; - uint64_t device_size = 0; - - if (get_target_device_size(blockdev, &device_size) < 0) { - return -1; - } - - verity_ioctl_init(io, name, DM_STATUS_TABLE_FLAG); - - struct dm_target_spec *tgt = (struct dm_target_spec *) &buffer[sizeof(struct dm_ioctl)]; - - // set tgt arguments here - io->target_count = 1; - tgt->status=0; - tgt->sector_start=0; - tgt->length=device_size/512; - strcpy(tgt->target_type, "verity"); - - // build the verity params here - verity_params = buffer + sizeof(struct dm_ioctl) + sizeof(struct dm_target_spec); - if (sprintf(verity_params, "%s", table) < 0) { - return -1; - } - - // set next target boundary - verity_params += strlen(verity_params) + 1; - verity_params = (char*) (((unsigned long)verity_params + 7) & ~8); - tgt->next = verity_params - buffer; - - // send the ioctl to load the verity table - if (ioctl(fd, DM_TABLE_LOAD, io)) { - ERROR("Error loading verity table (%s)", strerror(errno)); - return -1; - } - - return 0; -} - -static int resume_verity_table(struct dm_ioctl *io, char *name, int fd) -{ - verity_ioctl_init(io, name, 0); - if (ioctl(fd, DM_DEV_SUSPEND, io)) { - ERROR("Error activating verity device (%s)", strerror(errno)); - return -1; - } - return 0; -} - -static int test_access(char *device) { - int tries = 25; - while (tries--) { - if (!access(device, F_OK) || errno != ENOENT) { - return 0; - } - usleep(40 * 1000); - } - return -1; -} - -int fs_mgr_setup_verity(struct fstab_rec *fstab) { - - int retval = -1; - - char *verity_blk_name; - char *verity_table; - char *verity_table_signature; - - char buffer[DM_BUF_SIZE]; - struct dm_ioctl *io = (struct dm_ioctl *) buffer; - char *mount_point = basename(fstab->mount_point); - - // set the dm_ioctl flags - io->flags |= 1; - io->target_count = 1; - - // get the device mapper fd - int fd; - if ((fd = open("/dev/device-mapper", O_RDWR)) < 0) { - ERROR("Error opening device mapper (%s)", strerror(errno)); - return retval; - } - - // create the device - if (create_verity_device(io, mount_point, fd) < 0) { - ERROR("Couldn't create verity device!"); - goto out; - } - - // get the name of the device file - if (get_verity_device_name(io, mount_point, fd, &verity_blk_name) < 0) { - ERROR("Couldn't get verity device number!"); - goto out; - } - - // read the verity block at the end of the block device - if (read_verity_metadata(fstab->blk_device, - &verity_table_signature, - &verity_table) < 0) { - goto out; - } - - // verify the signature on the table - if (verify_table(verity_table_signature, - verity_table, - strlen(verity_table)) < 0) { - goto out; - } - - // load the verity mapping table - if (load_verity_table(io, mount_point, fstab->blk_device, fd, verity_table) < 0) { - goto out; - } - - // activate the device - if (resume_verity_table(io, mount_point, fd) < 0) { - goto out; - } - - // assign the new verity block device as the block device - free(fstab->blk_device); - fstab->blk_device = verity_blk_name; - - // make sure we've set everything up properly - if (test_access(fstab->blk_device) < 0) { - goto out; - } - - retval = 0; - -out: - close(fd); - return retval; -} diff --git a/crypto/fs_mgr/include/fs_mgr.h b/crypto/fs_mgr/include/fs_mgr.h deleted file mode 100644 index 0f90c32f1..000000000 --- a/crypto/fs_mgr/include/fs_mgr.h +++ /dev/null @@ -1,72 +0,0 @@ -/* - * Copyright (C) 2012 The Android Open Source Project - * - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ - -#ifndef __CORE_FS_MGR_H -#define __CORE_FS_MGR_H - -#include -#include - -#ifdef __cplusplus -extern "C" { -#endif - -struct fstab { - int num_entries; - struct fstab_rec *recs; - char *fstab_filename; -}; - -struct fstab_rec { - char *blk_device; - char *mount_point; - char *fs_type; - unsigned long flags; - char *fs_options; - int fs_mgr_flags; - char *key_loc; - char *verity_loc; - long long length; - char *label; - int partnum; - int swap_prio; - unsigned int zram_size; -}; - -struct fstab *fs_mgr_read_fstab(const char *fstab_path); -void fs_mgr_free_fstab(struct fstab *fstab); -int fs_mgr_mount_all(struct fstab *fstab); -int fs_mgr_do_mount(struct fstab *fstab, char *n_name, char *n_blk_device, - char *tmp_mount_point); -int fs_mgr_do_tmpfs_mount(char *n_name); -int fs_mgr_unmount_all(struct fstab *fstab); -int fs_mgr_get_crypt_info(struct fstab *fstab, char *key_loc, - char *real_blk_device, int size); -int fs_mgr_add_entry(struct fstab *fstab, - const char *mount_point, const char *fs_type, - const char *blk_device, long long length); -struct fstab_rec *fs_mgr_get_entry_for_mount_point(struct fstab *fstab, const char *path); -int fs_mgr_is_voldmanaged(struct fstab_rec *fstab); -int fs_mgr_is_nonremovable(struct fstab_rec *fstab); -int fs_mgr_is_encryptable(struct fstab_rec *fstab); -int fs_mgr_is_noemulatedsd(struct fstab_rec *fstab); -int fs_mgr_swapon_all(struct fstab *fstab); -#ifdef __cplusplus -} -#endif - -#endif /* __CORE_FS_MGR_H */ - -- cgit v1.2.3