openharmony/startup_init
1
0
Fork 0
mirror of https://gitee.com/openharmony/startup_init synced 2024-12-19 00:47:24 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity

fscrypt:add implemetation of file crypto

Browse Source 
Signed-off-by: Qilong Zhang <zhangqilong3@huawei.com>
Change-Id: Ic24d31e2a58fc2f3832d7a48df182cb6bad118d9
This commit is contained in:
Qilong Zhang 2022-07-13 15:21:58 +08:00 committed by zhangqilong
parent 7675e2d8b7
commit a899ea1083
12 changed files with 114 additions and 56 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

46
interfaces/innerkits/fs_manager/fstab.c
View File

@ -42,6 +42,12 @@ struct MountFlags {
unsigned long flags; unsigned long flags;
}; };
#define POLICY_BUFFER (100)
static const char *g_fscryptPre = "fscrypt=";
static const char *g_mountPoint = "/data";
static char g_fscryptPolicy[POLICY_BUFFER] = { 0 };
static unsigned int ConvertFlags(char *flagBuffer) static unsigned int ConvertFlags(char *flagBuffer)
{ {
static struct FsManagerFlags fsFlags[] = { static struct FsManagerFlags fsFlags[] = {
@ -384,7 +390,40 @@ static unsigned long ParseDefaultMountFlag(const char *str)
return flags; return flags;
} }
unsigned long GetMountFlags(char *mountFlag, char *fsSpecificData, size_t fsSpecificDataSize) static bool IsFscryptOption(const char *option)
{
if (!option) {
return false;
}
if (strncmp(option, g_fscryptPre, strlen(g_fscryptPre)) == 0) {
return true;
}
return false;
}
static void StoreFscryptPolicy(const char *option)
{
if (!option) {
return;
}
if (strcpy_s(g_fscryptPolicy, POLICY_BUFFER - 1, option) != EOK) {
g_fscryptPolicy[0] = '\0';
BEGET_LOGE("StoreFscryptPolicy: copy policy failed");
return;
}
BEGET_LOGI("StoreFscryptPolicy:load fscrypt policy, %s", option);
}
const char *LoadFscryptPolicy(void)
{
if (strnlen(g_fscryptPolicy, POLICY_BUFFER - 1) == 0) {
return NULL;
}
return g_fscryptPolicy;
}
unsigned long GetMountFlags(char *mountFlag, char *fsSpecificData, size_t fsSpecificDataSize,
const char *mountPoint)
{ {
unsigned long flags = 0; unsigned long flags = 0;
BEGET_CHECK_RETURN_VALUE(mountFlag != NULL && fsSpecificData != NULL, 0); BEGET_CHECK_RETURN_VALUE(mountFlag != NULL && fsSpecificData != NULL, 0);
@ -408,6 +447,11 @@ unsigned long GetMountFlags(char *mountFlag, char *fsSpecificData, size_t fsSpec
if (IsDefaultMountFlags(p)) { if (IsDefaultMountFlags(p)) {
flags |= ParseDefaultMountFlag(p); flags |= ParseDefaultMountFlag(p);
} else { } else {
if (IsFscryptOption(p) &&
!strncmp(mountPoint, g_mountPoint, strlen(g_mountPoint))) {
StoreFscryptPolicy(p + strlen(g_fscryptPre));
continue;
}
if (strncat_s(fsSpecificData, fsSpecificDataSize - 1, p, strlen(p)) != EOK) { if (strncat_s(fsSpecificData, fsSpecificDataSize - 1, p, strlen(p)) != EOK) {
BEGET_LOGW("Failed to append mount flag \" %s \", ignore it.", p); BEGET_LOGW("Failed to append mount flag \" %s \", ignore it.", p);
continue; continue;

3
interfaces/innerkits/fs_manager/fstab_mount.c
View File

@ -293,7 +293,8 @@ int MountOneItem(FstabItem *item)
unsigned long mountFlags; unsigned long mountFlags;
char fsSpecificData[FS_MANAGER_BUFFER_SIZE] = {0}; char fsSpecificData[FS_MANAGER_BUFFER_SIZE] = {0};
mountFlags = GetMountFlags(item->mountOptions, fsSpecificData, sizeof(fsSpecificData)); mountFlags = GetMountFlags(item->mountOptions, fsSpecificData, sizeof(fsSpecificData),
item->mountPoint);
if (!IsSupportedFilesystem(item->fsType)) { if (!IsSupportedFilesystem(item->fsType)) {
BEGET_LOGE("Unsupported file system \" %s \"", item->fsType); BEGET_LOGE("Unsupported file system \" %s \"", item->fsType);
return 0; return 0;

6
interfaces/innerkits/include/fs_manager/fs_manager.h
View File

@ -70,9 +70,13 @@ MountStatus GetMountStatusForMountPoint(const char *mp);
int MountAllWithFstabFile(const char *fstabFile, bool required); int MountAllWithFstabFile(const char *fstabFile, bool required);
int MountAllWithFstab(const Fstab *fstab, bool required); int MountAllWithFstab(const Fstab *fstab, bool required);
int UmountAllWithFstabFile(const char *file); int UmountAllWithFstabFile(const char *file);
unsigned long GetMountFlags(char *mountFlag, char *fsSpecificFlags, size_t fsSpecificFlagSize); unsigned long GetMountFlags(char *mountFlag, char *fsSpecificFlags, size_t fsSpecificFlagSize,
const char *mountPoint);
int GetBlockDevicePath(const char *partName, char *path, int size); int GetBlockDevicePath(const char *partName, char *path, int size);
// Get fscrypt policy if exist
const char *LoadFscryptPolicy(void);
#ifdef __cplusplus #ifdef __cplusplus
#if __cplusplus #if __cplusplus
} }

5
services/etc/init.cfg
View File

@ -21,7 +21,8 @@
"load_persist_params ", "load_persist_params ",
"bootchart start", "bootchart start",
"chown access_token access_token /dev/access_token_id", "chown access_token access_token /dev/access_token_id",
"chmod 0666 /dev/access_token_id" "chmod 0666 /dev/access_token_id",
"start samgr"
] ]
}, { }, {
"name" : "init", "name" : "init",
@ -105,6 +106,7 @@
}, { }, {
"name" : "post-fs-data", "name" : "post-fs-data",
"cmds" : [ "cmds" : [
"init_global_key /data",
"mkdir /data/app 0711 root root", "mkdir /data/app 0711 root root",
"mkdir /data/app/el1 0711 root root", "mkdir /data/app/el1 0711 root root",
"mkdir /data/app/el1/bundle 0711 root root", "mkdir /data/app/el1/bundle 0711 root root",
@ -121,6 +123,7 @@
"mkdir /data/chipset/el1 0711 root root", "mkdir /data/chipset/el1 0711 root root",
"mkdir /data/chipset/el1/public 0711 root root", "mkdir /data/chipset/el1/public 0711 root root",
"mkdir /data/chipset/el2 0711 root root", "mkdir /data/chipset/el2 0711 root root",
"init_main_user ",
"mkdir /data/app/el1/0 0711 root root", "mkdir /data/app/el1/0 0711 root root",
"mkdir /data/app/el1/0/base 0711 root root", "mkdir /data/app/el1/0/base 0711 root root",
"mkdir /data/app/el1/0/database 0711 system system", "mkdir /data/app/el1/0/database 0711 system system",

2
services/init/include/init_cmds.h
View File

@ -81,7 +81,7 @@ const struct CmdTable *GetCmdByName(const char *name);
void ExecReboot(const char *value); void ExecReboot(const char *value);
char *BuildStringFromCmdArg(const struct CmdArgs *ctx, int startIndex); char *BuildStringFromCmdArg(const struct CmdArgs *ctx, int startIndex);
void ExecCmd(const struct CmdTable *cmd, const char *cmdContent); void ExecCmd(const struct CmdTable *cmd, const char *cmdContent);
int FileCryptEnable(char *fileCryptOption); int SetFileCryptPolicy(const char *dir);
void OpenHidebug(const char *name); void OpenHidebug(const char *name);
#ifdef __cplusplus #ifdef __cplusplus

29
services/init/init_common_cmds.c
View File

@ -41,8 +41,6 @@
#endif #endif
#include "securec.h" #include "securec.h"
static char *g_fileCryptOptions = NULL;
static char *AddOneArg(const char *param, size_t paramLen) static char *AddOneArg(const char *param, size_t paramLen)
{ {
int valueCount = 1; int valueCount = 1;
@ -345,6 +343,11 @@ static void DoMkDir(const struct CmdArgs *ctx)
if (ret != 0) { if (ret != 0) {
INIT_LOGE("Failed to change owner %s, err %d.", ctx->argv[0], errno); INIT_LOGE("Failed to change owner %s, err %d.", ctx->argv[0], errno);
} }
ret = SetFileCryptPolicy(ctx->argv[0]);
if (ret != 0) {
INIT_LOGW("failed to set file fscrypt");
}
return; return;
} }
@ -397,16 +400,6 @@ static int GetMountFlag(unsigned long *mountflag, const char *targetStr, const c
WaitForFile(source, WAIT_MAX_SECOND); WaitForFile(source, WAIT_MAX_SECOND);
return 1; return 1;
} }
const char *fileCryptPre = "filecrypt=";
size_t len = strlen(fileCryptPre);
if (strncmp(targetStr, fileCryptPre, len) == 0) {
size_t maxLen = strlen(targetStr) + 1;
g_fileCryptOptions = calloc(sizeof(char), maxLen);
INIT_ERROR_CHECK(g_fileCryptOptions != NULL, return 0, "Failed to alloc memory");
int ret = snprintf_s(g_fileCryptOptions, maxLen, maxLen - 1, "%s", targetStr + len);
INIT_ERROR_CHECK(ret >= 0, return 0, "Failed to snprintf");
return 1;
}
return 0; return 0;
} }
@ -449,18 +442,6 @@ static void DoMount(const struct CmdArgs *ctx)
if (ret != 0) { if (ret != 0) {
INIT_LOGE("Failed to mount for %s, err %d.", target, errno); INIT_LOGE("Failed to mount for %s, err %d.", target, errno);
} }
if ((g_fileCryptOptions != NULL) && (strncmp(target, "/data", strlen("/data")) == 0)) {
ret = FileCryptEnable(g_fileCryptOptions);
if (ret < 0) {
INIT_LOGE("File Crypt enabled failed");
free(g_fileCryptOptions);
g_fileCryptOptions = NULL;
return;
}
free(g_fileCryptOptions);
g_fileCryptOptions = NULL;
INIT_LOGI("File Crypt enabled success");
}
} }
static int DoWriteWithMultiArgs(const struct CmdArgs *ctx, int fd) static int DoWriteWithMultiArgs(const struct CmdArgs *ctx, int fd)

9
services/init/lite/init_cmds.c
View File

@ -108,11 +108,6 @@ static void DoLoadCfg(const struct CmdArgs *ctx)
(void)fclose(fp); (void)fclose(fp);
} }
int FileCryptEnable(char *fileCryptOption)
{
return 0;
}
static const struct CmdTable g_cmdTable[] = { static const struct CmdTable g_cmdTable[] = {
{ "exec ", 1, 10, DoExec }, { "exec ", 1, 10, DoExec },
{ "loadcfg ", 1, 1, DoLoadCfg }, { "loadcfg ", 1, 1, DoLoadCfg },
@ -133,4 +128,8 @@ void PluginExecCmdByCmdIndex(int index, const char *cmdContent)
const char *PluginGetCmdIndex(const char *cmdStr, int *index) const char *PluginGetCmdIndex(const char *cmdStr, int *index)
{ {
return NULL; return NULL;
}
int SetFileCryptPolicy(const char *dir)
{
return 0;
} }

9
services/init/standard/BUILD.gn
View File

@ -24,6 +24,9 @@ init_common_sources = [
"../main.c", "../main.c",
] ]
FSCRYPT_PATH =
"//foundation/filemanagement/storage_service/services/storage_daemon"
import("//build/ohos.gni") import("//build/ohos.gni")
import("//build/ohos/native_stub/native_stub.gni") import("//build/ohos/native_stub/native_stub.gni")
@ -51,7 +54,10 @@ ohos_executable("init") {
sources += modulemgr_sources sources += modulemgr_sources
sources += init_common_sources sources += init_common_sources
include_dirs = [ "//base/startup/init/services/init/include" ] include_dirs = [
"//base/startup/init/services/init/include",
"${FSCRYPT_PATH}/include/libfscrypt",
]
deps = [ deps = [
"//base/startup/init/interfaces/innerkits/control_fd:libcontrolfd", "//base/startup/init/interfaces/innerkits/control_fd:libcontrolfd",
@ -76,6 +82,7 @@ ohos_executable("init") {
deps += [ "//base/startup/init/interfaces/innerkits/init_module_engine:libinit_stub_versionscript" ] deps += [ "//base/startup/init/interfaces/innerkits/init_module_engine:libinit_stub_versionscript" ]
deps += [ "//base/startup/init/interfaces/innerkits/init_module_engine:init_module_engine_sources" ] deps += [ "//base/startup/init/interfaces/innerkits/init_module_engine:init_module_engine_sources" ]
deps += [ "//base/startup/init/services/modules:static_modules" ] deps += [ "//base/startup/init/services/modules:static_modules" ]
deps += [ "${FSCRYPT_PATH}/libfscrypt:libfscryptutils_static" ]
cflags = [] cflags = []

52
services/init/standard/init_cmds.c
View File

@ -44,8 +44,8 @@
#ifdef WITH_SELINUX #ifdef WITH_SELINUX
#include <policycoreutils.h> #include <policycoreutils.h>
#endif #endif
#include "fscrypt_utils.h"
static const char *g_fscryptPolicyKey = "fscrypt.policy.config";
int GetParamValue(const char *symValue, unsigned int symLen, char *paramValue, unsigned int paramLen) int GetParamValue(const char *symValue, unsigned int symLen, char *paramValue, unsigned int paramLen)
{ {
@ -412,6 +412,18 @@ static void DoTimerStop(const struct CmdArgs *ctx)
ServiceStopTimer(service); ServiceStopTimer(service);
} }
static bool InitFscryptPolicy(void)
{
const char *policy = LoadFscryptPolicy();
if (!policy) {
return false;
}
if (SetFscryptSysparam(policy) == 0) {
return true;
}
return false;
}
static void DoInitGlobalKey(const struct CmdArgs *ctx) static void DoInitGlobalKey(const struct CmdArgs *ctx)
{ {
INIT_LOGI("DoInitGlobalKey: start"); INIT_LOGI("DoInitGlobalKey: start");
@ -424,6 +436,12 @@ static void DoInitGlobalKey(const struct CmdArgs *ctx)
INIT_LOGE("DoInitGlobalKey: not data partitation"); INIT_LOGE("DoInitGlobalKey: not data partitation");
return; return;
} }
if (!InitFscryptPolicy()) {
INIT_LOGE("DoInitGlobalKey: init policy failed");
return;
}
char * const argv[] = { char * const argv[] = {
"/system/bin/sdc", "/system/bin/sdc",
"filecrypt", "filecrypt",
@ -442,6 +460,11 @@ static void DoInitMainUser(const struct CmdArgs *ctx)
INIT_LOGE("DoInitMainUser: para invalid"); INIT_LOGE("DoInitMainUser: para invalid");
return; return;
} }
if (LoadFscryptPolicy() == NULL) {
INIT_LOGI("DoInitMainUser: file crypto is not enabled");
return;
}
char * const argv[] = { char * const argv[] = {
"/system/bin/sdc", "/system/bin/sdc",
"filecrypt", "filecrypt",
@ -453,23 +476,6 @@ static void DoInitMainUser(const struct CmdArgs *ctx)
INIT_LOGI("DoInitMainUser: end, ret = %d", ret); INIT_LOGI("DoInitMainUser: end, ret = %d", ret);
} }
int FileCryptEnable(char *fileCryptOption)
{
INIT_LOGI("FileCryptEnable: start");
if (fileCryptOption == NULL) {
INIT_LOGE("FileCryptEnable:option null");
return -EINVAL;
}
int ret = SystemWriteParam(g_fscryptPolicyKey, fileCryptOption);
if (ret != 0) {
INIT_LOGE("FileCryptEnable:set fscrypt config failed");
return ret;
}
INIT_LOGI("FileCryptEnable:set fscrypt config success, policy:%s", fileCryptOption);
return ret;
}
static void DoMkswap(const struct CmdArgs *ctx) static void DoMkswap(const struct CmdArgs *ctx)
{ {
INIT_LOGI("DoMkswap: start"); INIT_LOGI("DoMkswap: start");
@ -595,3 +601,13 @@ void OpenHidebug(const char *name)
} while (0); } while (0);
#endif #endif
} }
int SetFileCryptPolicy(const char *dir)
{
INIT_LOGI("SetFileCryptPolicy:start:%s", dir);
if (dir == NULL) {
INIT_LOGE("SetFileCryptPolicy:dir is null");
return -EINVAL;
}
return FscryptPolicyEnable(dir);
}

5
test/unittest/BUILD.gn
View File

@ -30,6 +30,9 @@ config("utest_config") {
ldflags = [ "--coverage" ] ldflags = [ "--coverage" ]
} }
FSCRYPT_PATH =
"//foundation/filemanagement/storage_service/services/storage_daemon"
ohos_unittest("init_unittest") { ohos_unittest("init_unittest") {
module_out_path = "startup/init" module_out_path = "startup/init"
sources = [ sources = [
@ -198,9 +201,11 @@ ohos_unittest("init_unittest") {
"//base/security/access_token/interfaces/innerkits/nativetoken/include", "//base/security/access_token/interfaces/innerkits/nativetoken/include",
"//base/startup/init/interfaces/innerkits/sandbox/include", "//base/startup/init/interfaces/innerkits/sandbox/include",
"//base/startup/init/interfaces/innerkits/hals", "//base/startup/init/interfaces/innerkits/hals",
"${FSCRYPT_PATH}/include/libfscrypt",
] ]
deps = [ deps = [
"${FSCRYPT_PATH}/libfscrypt:libfscryptutils_static",
"//base/customization/config_policy/frameworks/config_policy:configpolicy_util_for_init_static", "//base/customization/config_policy/frameworks/config_policy:configpolicy_util_for_init_static",
"//base/security/access_token/interfaces/innerkits/nativetoken:libnativetoken", "//base/security/access_token/interfaces/innerkits/nativetoken:libnativetoken",
"//base/security/access_token/interfaces/innerkits/token_setproc:libtoken_setproc", "//base/security/access_token/interfaces/innerkits/token_setproc:libtoken_setproc",

2
test/unittest/init/cmds_unittest.cpp
View File

@ -269,8 +269,6 @@ HWTEST_F(CmdsUnitTest, TestGetCmdLinesFromJson, TestSize.Level1)
} }
HWTEST_F(CmdsUnitTest, TestInitCmdFunc, TestSize.Level1) HWTEST_F(CmdsUnitTest, TestInitCmdFunc, TestSize.Level1)
{ {
FileCryptEnable((char *)"test");
FileCryptEnable(nullptr);
int ret = GetBootModeFromMisc(); int ret = GetBootModeFromMisc();
EXPECT_EQ(ret, 0); EXPECT_EQ(ret, 0);
} }

2
test/unittest/innerkits/innerkits_unittest.cpp
View File

@ -112,7 +112,7 @@ HWTEST_F(InnerkitsUnitTest, GetMountFlags_unitest, TestSize.Level1)
} }
const int bufferSize = 512; const int bufferSize = 512;
char fsSpecificOptions[bufferSize] = {0}; char fsSpecificOptions[bufferSize] = {0};
unsigned long flags = GetMountFlags(item->mountOptions, fsSpecificOptions, bufferSize); unsigned long flags = GetMountFlags(item->mountOptions, fsSpecificOptions, bufferSize, item->mountPoint);
EXPECT_EQ(flags, static_cast<unsigned long>(MS_NOSUID | MS_NODEV | MS_NOATIME)); EXPECT_EQ(flags, static_cast<unsigned long>(MS_NOSUID | MS_NODEV | MS_NOATIME));
ReleaseFstab(fstab); ReleaseFstab(fstab);
fstab = nullptr; fstab = nullptr;