From f39989a36d4724a4852e28b9dca3d372d3f7873d Mon Sep 17 00:00:00 2001 From: Doug Zongker Date: Wed, 11 Dec 2013 15:40:28 -0800 Subject: recovery: wipe encryption metadata along with data partition This assumes that the metadata is correctly defined in fstab. Which apparently some devices don't do. Bug: 8766487 Bug: 12112624 Change-Id: I1b14b9d4c888e9348527984be3dce04bdd9f4de0 --- roots.cpp | 27 ++++++++++++++++++++++++++- 1 file changed, 26 insertions(+), 1 deletion(-) (limited to 'roots.cpp') diff --git a/roots.cpp b/roots.cpp index 113dba1bd..47cea0bec 100644 --- a/roots.cpp +++ b/roots.cpp @@ -21,6 +21,7 @@ #include #include #include +#include #include #include "mtdutils/mtdutils.h" @@ -28,6 +29,10 @@ #include "roots.h" #include "common.h" #include "make_ext4fs.h" +extern "C" { +#include "wipe.h" +#include "cryptfs.h" +} static struct fstab *fstab = NULL; @@ -191,11 +196,31 @@ int format_volume(const char* volume) { } if (strcmp(v->fs_type, "ext4") == 0) { - int result = make_ext4fs(v->blk_device, v->length, volume, sehandle); + ssize_t length = 0; + if (v->length != 0) { + length = v->length; + } else if (v->key_loc != NULL && strcmp(v->key_loc, "footer") == 0) { + length = -CRYPT_FOOTER_OFFSET; + } + int result = make_ext4fs(v->blk_device, length, volume, sehandle); if (result != 0) { LOGE("format_volume: make_extf4fs failed on %s\n", v->blk_device); return -1; } + + // if there's a key_loc that looks like a path, it should be a + // block device for storing encryption metadata. wipe it too. + if (v->key_loc != NULL && v->key_loc[0] == '/') { + LOGI("wiping %s\n", v->key_loc); + int fd = open(v->key_loc, O_WRONLY | O_CREAT, 0644); + if (fd < 0) { + LOGE("format_volume: failed to open %s\n", v->key_loc); + return -1; + } + wipe_block_device(fd, get_file_size(fd)); + close(fd); + } + return 0; } -- cgit v1.2.3 From 99916f0496cfe37891d40f21a9a0e387620a8a60 Mon Sep 17 00:00:00 2001 From: Doug Zongker Date: Mon, 13 Jan 2014 14:16:58 -0800 Subject: do verification and extraction on memory, not files Changes minzip and recovery's file signature verification to work on memory regions, rather than files. For packages which are regular files, install.cpp now mmap()s them into memory and then passes the mapped memory to the verifier and to the minzip library. Support for files which are raw block maps (which will be used when we have packages written to encrypted data partitions) is present but largely untested so far. Bug: 12188746 Change-Id: I12cc3e809834745a489dd9d4ceb558cbccdc3f71 --- roots.cpp | 10 ++++++++-- 1 file changed, 8 insertions(+), 2 deletions(-) (limited to 'roots.cpp') diff --git a/roots.cpp b/roots.cpp index 47cea0bec..28004a79f 100644 --- a/roots.cpp +++ b/roots.cpp @@ -238,10 +238,16 @@ int setup_install_mounts() { if (strcmp(v->mount_point, "/tmp") == 0 || strcmp(v->mount_point, "/cache") == 0) { - if (ensure_path_mounted(v->mount_point) != 0) return -1; + if (ensure_path_mounted(v->mount_point) != 0) { + LOGE("failed to mount %s\n", v->mount_point); + return -1; + } } else { - if (ensure_path_unmounted(v->mount_point) != 0) return -1; + if (ensure_path_unmounted(v->mount_point) != 0) { + LOGE("failed to unmount %s\n", v->mount_point); + return -1; + } } } return 0; -- cgit v1.2.3 From 85ef47dd84f5bbf3fa5804f3f3a240ef736818e6 Mon Sep 17 00:00:00 2001 From: Sasha Levitskiy Date: Thu, 10 Apr 2014 17:11:34 -0700 Subject: Change filesystem add entry API call. Needs fs_mgr matching change from: Icf23e659265d71d5226d527c2b40cfbc132320ee Change-Id: I9adb470b04e4301989d128c9c3097b21b4dea431 Signed-off-by: Sasha Levitskiy --- roots.cpp | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'roots.cpp') diff --git a/roots.cpp b/roots.cpp index 113dba1bd..cfe133828 100644 --- a/roots.cpp +++ b/roots.cpp @@ -44,7 +44,7 @@ void load_volume_table() return; } - ret = fs_mgr_add_entry(fstab, "/tmp", "ramdisk", "ramdisk", 0); + ret = fs_mgr_add_entry(fstab, "/tmp", "ramdisk", "ramdisk"); if (ret < 0 ) { LOGE("failed to add /tmp entry to fstab\n"); fs_mgr_free_fstab(fstab); -- cgit v1.2.3 From 37aedb3fafcccd0da5bd9089987f05895c27492d Mon Sep 17 00:00:00 2001 From: JP Abgrall Date: Mon, 16 Jun 2014 19:07:39 -0700 Subject: Support F2FS for the data partition This adds F2FS support - for wiping a device - for the install "format" command. Note: crypto data in "footer" with a default/negative length is not supported, unlike with "ext4". Change-Id: I8d141a0d4d14df9fe84d3b131484e9696fcd8870 Signed-off-by: JP Abgrall --- roots.cpp | 62 +++++++++++++++++++++++++++++++++++++++++++++++++------------- 1 file changed, 49 insertions(+), 13 deletions(-) (limited to 'roots.cpp') diff --git a/roots.cpp b/roots.cpp index 66481a3b9..8f9901908 100644 --- a/roots.cpp +++ b/roots.cpp @@ -19,6 +19,7 @@ #include #include #include +#include #include #include #include @@ -151,6 +152,20 @@ int ensure_path_unmounted(const char* path) { return unmount_mounted_volume(mv); } +static int exec_cmd(const char* path, char* const argv[]) { + int status; + pid_t child; + if ((child = vfork()) == 0) { + execv(path, argv); + _exit(-1); + } + waitpid(child, &status, 0); + if (!WIFEXITED(status) || WEXITSTATUS(status) != 0) { + LOGE("%s failed with status %d\n", path, WEXITSTATUS(status)); + } + return WEXITSTATUS(status); +} + int format_volume(const char* volume) { Volume* v = volume_for_path(volume); if (v == NULL) { @@ -195,19 +210,7 @@ int format_volume(const char* volume) { return 0; } - if (strcmp(v->fs_type, "ext4") == 0) { - ssize_t length = 0; - if (v->length != 0) { - length = v->length; - } else if (v->key_loc != NULL && strcmp(v->key_loc, "footer") == 0) { - length = -CRYPT_FOOTER_OFFSET; - } - int result = make_ext4fs(v->blk_device, length, volume, sehandle); - if (result != 0) { - LOGE("format_volume: make_extf4fs failed on %s\n", v->blk_device); - return -1; - } - + if (strcmp(v->fs_type, "ext4") == 0 || strcmp(v->fs_type, "f2fs") == 0) { // if there's a key_loc that looks like a path, it should be a // block device for storing encryption metadata. wipe it too. if (v->key_loc != NULL && v->key_loc[0] == '/') { @@ -221,6 +224,39 @@ int format_volume(const char* volume) { close(fd); } + ssize_t length = 0; + if (v->length != 0) { + length = v->length; + } else if (v->key_loc != NULL && strcmp(v->key_loc, "footer") == 0) { + length = -CRYPT_FOOTER_OFFSET; + } + int result; + if (strcmp(v->fs_type, "ext4") == 0) { + result = make_ext4fs(v->blk_device, length, volume, sehandle); + } else { /* Has to be f2fs because we checked earlier. */ + if (v->key_loc != NULL && strcmp(v->key_loc, "footer") == 0 && length < 0) { + LOGE("format_volume: crypt footer + negative length (%lld) not supported on %s\n", v->fs_type, length); + return -1; + } + if (length < 0) { + LOGE("format_volume: negative length (%ld) not supported on %s\n", length, v->fs_type); + return -1; + } + char *num_sectors; + if (asprintf(&num_sectors, "%ld", length / 512) <= 0) { + LOGE("format_volume: failed to create %s command for %s\n", v->fs_type, v->blk_device); + return -1; + } + const char *f2fs_path = "/sbin/mkfs.f2fs"; + const char* const f2fs_argv[] = {"mkfs.f2fs", "-t", "-d1", v->blk_device, num_sectors, NULL}; + + result = exec_cmd(f2fs_path, (char* const*)f2fs_argv); + free(num_sectors); + } + if (result != 0) { + LOGE("format_volume: make %s failed on %s with %d(%s)\n", v->fs_type, v->blk_device, result, strerror(errno)); + return -1; + } return 0; } -- cgit v1.2.3 From 78d458c3d279a24a60fda013026b7a5454d01a9b Mon Sep 17 00:00:00 2001 From: JP Abgrall Date: Mon, 4 Aug 2014 16:44:33 -0700 Subject: Fix length printing + formats Fix wrong argument order. Fix for 32 vs 64 bit. (reported by htc) Change-Id: Ie37a280bed2848199bcc075500e1326e371cd326 --- roots.cpp | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) (limited to 'roots.cpp') diff --git a/roots.cpp b/roots.cpp index 8f9901908..ee140160c 100644 --- a/roots.cpp +++ b/roots.cpp @@ -235,15 +235,15 @@ int format_volume(const char* volume) { result = make_ext4fs(v->blk_device, length, volume, sehandle); } else { /* Has to be f2fs because we checked earlier. */ if (v->key_loc != NULL && strcmp(v->key_loc, "footer") == 0 && length < 0) { - LOGE("format_volume: crypt footer + negative length (%lld) not supported on %s\n", v->fs_type, length); + LOGE("format_volume: crypt footer + negative length (%zd) not supported on %s\n", length, v->fs_type); return -1; } if (length < 0) { - LOGE("format_volume: negative length (%ld) not supported on %s\n", length, v->fs_type); + LOGE("format_volume: negative length (%zd) not supported on %s\n", length, v->fs_type); return -1; } char *num_sectors; - if (asprintf(&num_sectors, "%ld", length / 512) <= 0) { + if (asprintf(&num_sectors, "%zd", length / 512) <= 0) { LOGE("format_volume: failed to create %s command for %s\n", v->fs_type, v->blk_device); return -1; } -- cgit v1.2.3 From ee19387905650cab5da7dd97ada5502cd17ac93d Mon Sep 17 00:00:00 2001 From: Andres Morales Date: Tue, 5 Aug 2014 19:49:09 -0700 Subject: Erase PST partition if its marked to be erased. We need to wipe the challenges on this partition if OEM unlock is enabled, as this is a signal that the user has opted out of factory reset protection. go/factory-reset Bug: 16633064 Change-Id: Icb8f1433bf99ca57813f5b72d5a3dd15fa94a263 --- roots.cpp | 37 +++++++++++++++++++++++++++++++++++++ 1 file changed, 37 insertions(+) (limited to 'roots.cpp') diff --git a/roots.cpp b/roots.cpp index 8f9901908..61798f495 100644 --- a/roots.cpp +++ b/roots.cpp @@ -39,6 +39,8 @@ static struct fstab *fstab = NULL; extern struct selabel_handle *sehandle; +static const char* PERSISTENT_PATH = "/persistent"; + void load_volume_table() { int i; @@ -264,6 +266,41 @@ int format_volume(const char* volume) { return -1; } +int erase_persistent_partition() { + Volume *v = volume_for_path(PERSISTENT_PATH); + if (v == NULL) { + // most devices won't have /persistent, so this is not an error. + return 0; + } + + int fd = open(v->blk_device, O_RDWR); + uint64_t size = get_file_size(fd); + if (size == 0) { + LOGE("failed to stat size of /persistent\n"); + close(fd); + return -1; + } + + char oem_unlock_enabled; + lseek(fd, size - 1, SEEK_SET); + read(fd, &oem_unlock_enabled, 1); + + if (oem_unlock_enabled) { + if (wipe_block_device(fd, size)) { + LOGE("error wiping /persistent: %s\n", strerror(errno)); + close(fd); + return -1; + } + + lseek(fd, size - 1, SEEK_SET); + write(fd, &oem_unlock_enabled, 1); + } + + close(fd); + + return (int) oem_unlock_enabled; +} + int setup_install_mounts() { if (fstab == NULL) { LOGE("can't set up install mounts: no fstab loaded\n"); -- cgit v1.2.3