openharmony/startup_init
1
0
Fork 0
mirror of https://gitee.com/openharmony/startup_init synced 2024-12-14 06:28:44 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity

!933 fscrypt: add file crypto implementation

Browse Source 
Merge pull request !933 from qilongzhang/dev_0713
This commit is contained in:
openharmony_ci 2022-08-01 07:38:03 +00:00 committed by Gitee
commit e8a8502c9d
No known key found for this signature in database
GPG Key ID: 173E9B9CA92EEF8F
12 changed files with 131 additions and 56 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

62
interfaces/innerkits/fs_manager/fstab.c
View File

@ -42,6 +42,8 @@ struct MountFlags {
unsigned long flags;
};
static char *g_fscryptPolicy = NULL;
static unsigned int ConvertFlags(char *flagBuffer)
{
static struct FsManagerFlags fsFlags[] = {
@ -384,7 +386,60 @@ static unsigned long ParseDefaultMountFlag(const char *str)
return flags;
}
unsigned long GetMountFlags(char *mountFlag, char *fsSpecificData, size_t fsSpecificDataSize)
static bool IsFscryptOption(const char *option)
{
BEGET_LOGI("IsFscryptOption start");
if (!option) {
return false;
}
char *fscryptPre = "fscrypt=";
if (strncmp(option, fscryptPre, strlen(fscryptPre)) == 0) {
return true;
}
return false;
}
static void StoreFscryptPolicy(const char *option)
{
if (option == NULL) {
return;
}
if (g_fscryptPolicy != NULL) {
BEGET_LOGW("StoreFscryptPolicy:inited policy is not empty");
free(g_fscryptPolicy);
}
g_fscryptPolicy = strdup(option);
if (g_fscryptPolicy == NULL) {
BEGET_LOGE("StoreFscryptPolicy:no memory");
return;
}
BEGET_LOGI("StoreFscryptPolicy:store fscrypt policy, %s", option);
}
int LoadFscryptPolicy(char *buf, size_t size)
{
BEGET_LOGI("LoadFscryptPolicy start");
if (buf == NULL || g_fscryptPolicy == NULL) {
BEGET_LOGE("LoadFscryptPolicy:buf or fscrypt policy is empty");
return -ENOMEM;
}
if (size <= 0) {
BEGET_LOGE("LoadFscryptPloicy:size is invalid");
return -EINVAL;
}
if (strcpy_s(buf, size, g_fscryptPolicy) != 0) {
BEGET_LOGE("loadFscryptPolicy:strcmp failed, error = %d", errno);
return -EFAULT;
}
free(g_fscryptPolicy);
g_fscryptPolicy = NULL;
BEGET_LOGI("LoadFscryptPolicy success");
return 0;
}
unsigned long GetMountFlags(char *mountFlag, char *fsSpecificData, size_t fsSpecificDataSize,
const char *mountPoint)
{
unsigned long flags = 0;
BEGET_CHECK_RETURN_VALUE(mountFlag != NULL && fsSpecificData != NULL, 0);
@ -408,6 +463,11 @@ unsigned long GetMountFlags(char *mountFlag, char *fsSpecificData, size_t fsSpec
if (IsDefaultMountFlags(p)) {
flags |= ParseDefaultMountFlag(p);
} else {
if (IsFscryptOption(p) &&
!strncmp(mountPoint, "/data", strlen("/data"))) {
StoreFscryptPolicy(p + strlen("fscrypt="));
continue;
}
if (strncat_s(fsSpecificData, fsSpecificDataSize - 1, p, strlen(p)) != EOK) {
BEGET_LOGW("Failed to append mount flag \" %s \", ignore it.", p);
continue;

3
interfaces/innerkits/fs_manager/fstab_mount.c
View File

@ -293,7 +293,8 @@ int MountOneItem(FstabItem *item)
unsigned long mountFlags;
char fsSpecificData[FS_MANAGER_BUFFER_SIZE] = {0};
mountFlags = GetMountFlags(item->mountOptions, fsSpecificData, sizeof(fsSpecificData));
mountFlags = GetMountFlags(item->mountOptions, fsSpecificData, sizeof(fsSpecificData),
item->mountPoint);
if (!IsSupportedFilesystem(item->fsType)) {
BEGET_LOGE("Unsupported file system \" %s \"", item->fsType);
return 0;

6
interfaces/innerkits/include/fs_manager/fs_manager.h
View File

@ -70,9 +70,13 @@ MountStatus GetMountStatusForMountPoint(const char *mp);
int MountAllWithFstabFile(const char *fstabFile, bool required);
int MountAllWithFstab(const Fstab *fstab, bool required);
int UmountAllWithFstabFile(const char *file);
unsigned long GetMountFlags(char *mountFlag, char *fsSpecificFlags, size_t fsSpecificFlagSize);
unsigned long GetMountFlags(char *mountFlag, char *fsSpecificFlags, size_t fsSpecificFlagSize,
const char *mountPoint);
int GetBlockDevicePath(const char *partName, char *path, int size);
// Get fscrypt policy if exist
int LoadFscryptPolicy(char *buf, size_t size);
#ifdef __cplusplus
#if __cplusplus
}

5
services/etc/init.cfg
View File

@ -21,7 +21,8 @@
"load_persist_params ",
"bootchart start",
"chown access_token access_token /dev/access_token_id",
"chmod 0666 /dev/access_token_id"
"chmod 0666 /dev/access_token_id",
"start samgr"
]
}, {
"name" : "init",
@ -105,6 +106,7 @@
}, {
"name" : "post-fs-data",
"cmds" : [
"init_global_key /data",
"mkdir /data/app 0711 root root",
"mkdir /data/app/el1 0711 root root",
"mkdir /data/app/el1/bundle 0711 root root",
@ -121,6 +123,7 @@
"mkdir /data/chipset/el1 0711 root root",
"mkdir /data/chipset/el1/public 0711 root root",
"mkdir /data/chipset/el2 0711 root root",
"init_main_user ",
"mkdir /data/app/el1/0 0711 root root",
"mkdir /data/app/el1/0/base 0711 root root",
"mkdir /data/app/el1/0/database 0711 system system",

2
services/init/include/init_cmds.h
View File

@ -81,7 +81,7 @@ const struct CmdTable *GetCmdByName(const char *name);
void ExecReboot(const char *value);
char *BuildStringFromCmdArg(const struct CmdArgs *ctx, int startIndex);
void ExecCmd(const struct CmdTable *cmd, const char *cmdContent);
int FileCryptEnable(char *fileCryptOption);
int SetFileCryptPolicy(const char *dir);
void OpenHidebug(const char *name);
#ifdef __cplusplus

29
services/init/init_common_cmds.c
View File

@ -41,8 +41,6 @@
#endif
#include "securec.h"
static char *g_fileCryptOptions = NULL;
static char *AddOneArg(const char *param, size_t paramLen)
{
int valueCount = 1;
@ -345,6 +343,11 @@ static void DoMkDir(const struct CmdArgs *ctx)
if (ret != 0) {
INIT_LOGE("Failed to change owner %s, err %d.", ctx->argv[0], errno);
}
ret = SetFileCryptPolicy(ctx->argv[0]);
if (ret != 0) {
INIT_LOGW("failed to set file fscrypt");
}
return;
}
@ -397,16 +400,6 @@ static int GetMountFlag(unsigned long *mountflag, const char *targetStr, const c
WaitForFile(source, WAIT_MAX_SECOND);
return 1;
}
const char *fileCryptPre = "filecrypt=";
size_t len = strlen(fileCryptPre);
if (strncmp(targetStr, fileCryptPre, len) == 0) {
size_t maxLen = strlen(targetStr) + 1;
g_fileCryptOptions = calloc(sizeof(char), maxLen);
INIT_ERROR_CHECK(g_fileCryptOptions != NULL, return 0, "Failed to alloc memory");
int ret = snprintf_s(g_fileCryptOptions, maxLen, maxLen - 1, "%s", targetStr + len);
INIT_ERROR_CHECK(ret >= 0, return 0, "Failed to snprintf");
return 1;
}
return 0;
}
@ -449,18 +442,6 @@ static void DoMount(const struct CmdArgs *ctx)
if (ret != 0) {
INIT_LOGE("Failed to mount for %s, err %d.", target, errno);
}
if ((g_fileCryptOptions != NULL) && (strncmp(target, "/data", strlen("/data")) == 0)) {
ret = FileCryptEnable(g_fileCryptOptions);
if (ret < 0) {
INIT_LOGE("File Crypt enabled failed");
free(g_fileCryptOptions);
g_fileCryptOptions = NULL;
return;
}
free(g_fileCryptOptions);
g_fileCryptOptions = NULL;
INIT_LOGI("File Crypt enabled success");
}
}
static int DoWriteWithMultiArgs(const struct CmdArgs *ctx, int fd)

9
services/init/lite/init_cmds.c
View File

@ -108,11 +108,6 @@ static void DoLoadCfg(const struct CmdArgs *ctx)
(void)fclose(fp);
}
int FileCryptEnable(char *fileCryptOption)
{
return 0;
}
static const struct CmdTable g_cmdTable[] = {
{ "exec ", 1, 10, DoExec },
{ "loadcfg ", 1, 1, DoLoadCfg },
@ -133,4 +128,8 @@ void PluginExecCmdByCmdIndex(int index, const char *cmdContent)
const char *PluginGetCmdIndex(const char *cmdStr, int *index)
{
return NULL;
}
int SetFileCryptPolicy(const char *dir)
{
return 0;
}

9
services/init/standard/BUILD.gn
View File

@ -24,6 +24,9 @@ init_common_sources = [
"../main.c",
]
FSCRYPT_PATH =
"//foundation/filemanagement/storage_service/services/storage_daemon"
import("//build/ohos.gni")
import("//build/ohos/native_stub/native_stub.gni")
@ -51,7 +54,10 @@ ohos_executable("init") {
sources += modulemgr_sources
sources += init_common_sources
include_dirs = [ "//base/startup/init/services/init/include" ]
include_dirs = [
"//base/startup/init/services/init/include",
"${FSCRYPT_PATH}/include/libfscrypt",
]
deps = [
"//base/startup/init/interfaces/innerkits/control_fd:libcontrolfd",
@ -76,6 +82,7 @@ ohos_executable("init") {
deps += [ "//base/startup/init/interfaces/innerkits/init_module_engine:libinit_stub_versionscript" ]
deps += [ "//base/startup/init/interfaces/innerkits/init_module_engine:init_module_engine_sources" ]
deps += [ "//base/startup/init/services/modules:static_modules" ]
deps += [ "${FSCRYPT_PATH}/libfscrypt:libfscryptutils_static" ]
cflags = []

47
services/init/standard/init_cmds.c
View File

@ -44,8 +44,9 @@
#ifdef WITH_SELINUX
#include <policycoreutils.h>
#endif
#include "fscrypt_utils.h"
static const char *g_fscryptPolicyKey = "fscrypt.policy.config";
#define FSCRYPT_POLICY_BUF_SIZE (60)
int GetParamValue(const char *symValue, unsigned int symLen, char *paramValue, unsigned int paramLen)
{
@ -412,6 +413,18 @@ static void DoTimerStop(const struct CmdArgs *ctx)
ServiceStopTimer(service);
}
static bool InitFscryptPolicy(void)
{
char policy[FSCRYPT_POLICY_BUF_SIZE];
if (LoadFscryptPolicy(policy, FSCRYPT_POLICY_BUF_SIZE) != 0) {
return false;
}
if (SetFscryptSysparam(policy) == 0) {
return true;
}
return false;
}
static void DoInitGlobalKey(const struct CmdArgs *ctx)
{
INIT_LOGI("DoInitGlobalKey: start");
@ -424,6 +437,11 @@ static void DoInitGlobalKey(const struct CmdArgs *ctx)
INIT_LOGE("DoInitGlobalKey: not data partitation");
return;
}
if (!InitFscryptPolicy()) {
INIT_LOGI("DoInitGlobalKey:init fscrypt failed,not enable fscrypt");
return;
}
char * const argv[] = {
"/system/bin/sdc",
"filecrypt",
@ -442,6 +460,7 @@ static void DoInitMainUser(const struct CmdArgs *ctx)
INIT_LOGE("DoInitMainUser: para invalid");
return;
}
char * const argv[] = {
"/system/bin/sdc",
"filecrypt",
@ -453,23 +472,6 @@ static void DoInitMainUser(const struct CmdArgs *ctx)
INIT_LOGI("DoInitMainUser: end, ret = %d", ret);
}
int FileCryptEnable(char *fileCryptOption)
{
INIT_LOGI("FileCryptEnable: start");
if (fileCryptOption == NULL) {
INIT_LOGE("FileCryptEnable:option null");
return -EINVAL;
}
int ret = SystemWriteParam(g_fscryptPolicyKey, fileCryptOption);
if (ret != 0) {
INIT_LOGE("FileCryptEnable:set fscrypt config failed");
return ret;
}
INIT_LOGI("FileCryptEnable:set fscrypt config success, policy:%s", fileCryptOption);
return ret;
}
static void DoMkswap(const struct CmdArgs *ctx)
{
INIT_LOGI("DoMkswap: start");
@ -595,3 +597,12 @@ void OpenHidebug(const char *name)
} while (0);
#endif
}
int SetFileCryptPolicy(const char *dir)
{
if (dir == NULL) {
INIT_LOGE("SetFileCryptPolicy:dir is null");
return -EINVAL;
}
return FscryptPolicyEnable(dir);
}

11
test/unittest/BUILD.gn
View File

@ -30,6 +30,9 @@ config("utest_config") {
ldflags = [ "--coverage" ]
}
FSCRYPT_PATH =
"//foundation/filemanagement/storage_service/services/storage_daemon"
ohos_unittest("init_unittest") {
module_out_path = "startup/init"
sources = [
@ -105,6 +108,13 @@ ohos_unittest("init_unittest") {
"//base/startup/init/ueventd/ueventd_socket.c",
]
sources += [
"${FSCRYPT_PATH}/libfscrypt/src/fscrypt_control.c",
"${FSCRYPT_PATH}/libfscrypt/src/fscrypt_utils.c",
"${FSCRYPT_PATH}/libfscrypt/src/key_control.c",
"${FSCRYPT_PATH}/libfscrypt/src/sysparam_static.c",
]
if (defined(build_selinux) && build_selinux) {
sources += [ "//base/startup/init/services/param/adapter/param_selinux.c" ]
}
@ -198,6 +208,7 @@ ohos_unittest("init_unittest") {
"//base/security/access_token/interfaces/innerkits/nativetoken/include",
"//base/startup/init/interfaces/innerkits/sandbox/include",
"//base/startup/init/interfaces/innerkits/hals",
"${FSCRYPT_PATH}/include/libfscrypt",
]
deps = [

2
test/unittest/init/cmds_unittest.cpp
View File

@ -269,8 +269,6 @@ HWTEST_F(CmdsUnitTest, TestGetCmdLinesFromJson, TestSize.Level1)
}
HWTEST_F(CmdsUnitTest, TestInitCmdFunc, TestSize.Level1)
{
FileCryptEnable((char *)"test");
FileCryptEnable(nullptr);
int ret = GetBootModeFromMisc();
EXPECT_EQ(ret, 0);
}

2
test/unittest/innerkits/innerkits_unittest.cpp
View File

@ -112,7 +112,7 @@ HWTEST_F(InnerkitsUnitTest, GetMountFlags_unitest, TestSize.Level1)
}
const int bufferSize = 512;
char fsSpecificOptions[bufferSize] = {0};
unsigned long flags = GetMountFlags(item->mountOptions, fsSpecificOptions, bufferSize);
unsigned long flags = GetMountFlags(item->mountOptions, fsSpecificOptions, bufferSize, item->mountPoint);
EXPECT_EQ(flags, static_cast<unsigned long>(MS_NOSUID | MS_NODEV | MS_NOATIME));
ReleaseFstab(fstab);
fstab = nullptr;