openkylin
/
platform_system_core
mirror of https://gitee.com/openkylin/platform_system_core.git
9
0
Fork 0
Code Issues Projects Releases Wiki Activity

fs_mgr: Don't parse encryption options, just keep string 

We now defer parsing encryption options to the fscrypt library. To avoid
adding a dependency, we simply record the options string in the fstab
and defer parsing until it's needed.

Bug: 143307095
Test: cuttlefish still boots
Change-Id: Ied13ea2f731c63b0524aed11db6983a86dab9fa1
This commit is contained in:
Paul Crowley 2019-10-24 23:33:12 -07:00
parent 9107e6f4f1
commit 4fa841350f
3 changed files with 11 additions and 197 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

68
fs_mgr/fs_mgr_fstab.cpp
View File

@ -99,71 +99,9 @@ bool ReadDtFile(const std::string& file_name, std::string* dt_value) {
return false;
}
const std::array<const char*, 3> kFileContentsEncryptionMode = {
"aes-256-xts",
"adiantum",
"ice",
};
const std::array<const char*, 3> kFileNamesEncryptionMode = {
"aes-256-cts",
"aes-256-heh",
"adiantum",
};
void ParseFileEncryption(const std::string& arg, FstabEntry* entry) {
// The fileencryption flag is followed by an = and 1 to 3 colon-separated fields:
//
// 1. Contents encryption mode
// 2. Filenames encryption mode (defaults to "aes-256-cts" or "adiantum"
// depending on the contents encryption mode)
// 3. Encryption policy version (defaults to "v1". Use "v2" on new devices.)
entry->fs_mgr_flags.file_encryption = true;
auto parts = Split(arg, ":");
if (parts.empty() || parts.size() > 3) {
LWARNING << "Warning: fileencryption= flag malformed: " << arg;
return;
}
// Alias for backwards compatibility.
if (parts[0] == "software") {
parts[0] = "aes-256-xts";
}
if (std::find(kFileContentsEncryptionMode.begin(), kFileContentsEncryptionMode.end(),
parts[0]) == kFileContentsEncryptionMode.end()) {
LWARNING << "fileencryption= flag malformed, file contents encryption mode not found: "
<< arg;
return;
}
entry->file_contents_mode = parts[0];
if (parts.size() >= 2) {
if (std::find(kFileNamesEncryptionMode.begin(), kFileNamesEncryptionMode.end(), parts[1]) ==
kFileNamesEncryptionMode.end()) {
LWARNING << "fileencryption= flag malformed, file names encryption mode not found: "
<< arg;
return;
}
entry->file_names_mode = parts[1];
} else if (entry->file_contents_mode == "adiantum") {
entry->file_names_mode = "adiantum";
} else {
entry->file_names_mode = "aes-256-cts";
}
if (parts.size() >= 3) {
if (!android::base::StartsWith(parts[2], 'v') ||
!android::base::ParseInt(&parts[2][1], &entry->file_policy_version)) {
LWARNING << "fileencryption= flag malformed, unknown options: " << arg;
return;
}
} else {
entry->file_policy_version = 1;
}
entry->encryption_options = arg;
}
bool SetMountFlag(const std::string& flag, FstabEntry* entry) {
@ -299,9 +237,7 @@ void ParseFsMgrFlags(const std::string& flags, FstabEntry* entry) {
// return it.
entry->fs_mgr_flags.force_fde_or_fbe = true;
entry->key_loc = arg;
entry->file_contents_mode = "aes-256-xts";
entry->file_names_mode = "aes-256-cts";
entry->file_policy_version = 1;
entry->encryption_options = "aes-256-xts:aes-256-cts";
} else if (StartsWith(flag, "max_comp_streams=")) {
if (!ParseInt(arg, &entry->max_comp_streams)) {
LWARNING << "Warning: max_comp_streams= flag malformed: " << arg;

4
fs_mgr/include_fstab/fstab/fstab.h
View File

@ -45,9 +45,7 @@ struct FstabEntry {
int max_comp_streams = 0;
off64_t zram_size = 0;
off64_t reserved_size = 0;
std::string file_contents_mode;
std::string file_names_mode;
int file_policy_version = 0;
std::string encryption_options;
off64_t erase_blk_size = 0;
off64_t logical_blk_size = 0;
std::string sysfs_path;

136
fs_mgr/tests/fs_mgr_test.cpp
View File

@ -420,8 +420,7 @@ source none2 swap defaults forcefdeorfbe=
EXPECT_EQ(0, entry->max_comp_streams);
EXPECT_EQ(0, entry->zram_size);
EXPECT_EQ(0, entry->reserved_size);
EXPECT_EQ("", entry->file_contents_mode);
EXPECT_EQ("", entry->file_names_mode);
EXPECT_EQ("", entry->encryption_options);
EXPECT_EQ(0, entry->erase_blk_size);
EXPECT_EQ(0, entry->logical_blk_size);
EXPECT_EQ("", entry->sysfs_path);
@ -448,8 +447,7 @@ source none2 swap defaults forcefdeorfbe=
EXPECT_EQ(0, entry->max_comp_streams);
EXPECT_EQ(0, entry->zram_size);
EXPECT_EQ(0, entry->reserved_size);
EXPECT_EQ("", entry->file_contents_mode);
EXPECT_EQ("", entry->file_names_mode);
EXPECT_EQ("", entry->encryption_options);
EXPECT_EQ(0, entry->erase_blk_size);
EXPECT_EQ(0, entry->logical_blk_size);
EXPECT_EQ("", entry->sysfs_path);
@ -458,16 +456,14 @@ source none2 swap defaults forcefdeorfbe=
EXPECT_EQ("", entry->zram_backing_dev_path);
entry++;
// forcefdeorfbe sets file_contents_mode and file_names_mode by default, so test it separately.
// forcefdeorfbe has its own encryption_options defaults, so test it separately.
EXPECT_EQ("none2", entry->mount_point);
{
FstabEntry::FsMgrFlags flags = {};
flags.force_fde_or_fbe = true;
EXPECT_TRUE(CompareFlags(flags, entry->fs_mgr_flags));
}
EXPECT_EQ("aes-256-xts", entry->file_contents_mode);
EXPECT_EQ("aes-256-cts", entry->file_names_mode);
EXPECT_EQ(1, entry->file_policy_version);
EXPECT_EQ("aes-256-xts:aes-256-cts", entry->encryption_options);
EXPECT_EQ("", entry->key_loc);
}
@ -681,37 +677,21 @@ source none0 swap defaults forcefdeorfbe=/dir/key
EXPECT_TRUE(CompareFlags(flags, entry->fs_mgr_flags));
EXPECT_EQ("/dir/key", entry->key_loc);
EXPECT_EQ("aes-256-xts", entry->file_contents_mode);
EXPECT_EQ("aes-256-cts", entry->file_names_mode);
EXPECT_EQ(1, entry->file_policy_version);
EXPECT_EQ("aes-256-xts:aes-256-cts", entry->encryption_options);
}
TEST(fs_mgr, ReadFstabFromFile_FsMgrOptions_FileEncryption) {
TemporaryFile tf;
ASSERT_TRUE(tf.fd != -1);
std::string fstab_contents = R"fs(
source none0 swap defaults fileencryption=blah
source none1 swap defaults fileencryption=software
source none2 swap defaults fileencryption=aes-256-xts
source none3 swap defaults fileencryption=adiantum
source none4 swap defaults fileencryption=adiantum:aes-256-heh
source none5 swap defaults fileencryption=ice
source none6 swap defaults fileencryption=ice:blah
source none7 swap defaults fileencryption=ice:aes-256-cts
source none8 swap defaults fileencryption=ice:aes-256-heh
source none9 swap defaults fileencryption=ice:adiantum
source none10 swap defaults fileencryption=aes-256-xts:aes-256-cts:v1
source none11 swap defaults fileencryption=aes-256-xts:aes-256-cts:v2
source none12 swap defaults fileencryption=aes-256-xts:aes-256-cts:v2:
source none13 swap defaults fileencryption=aes-256-xts:aes-256-cts:blah
source none14 swap defaults fileencryption=aes-256-xts:aes-256-cts:vblah
source none0 swap defaults fileencryption=aes-256-xts:aes-256-cts:v1
)fs";
ASSERT_TRUE(android::base::WriteStringToFile(fstab_contents, tf.path));
Fstab fstab;
EXPECT_TRUE(ReadFstabFromFile(tf.path, &fstab));
ASSERT_EQ(15U, fstab.size());
ASSERT_EQ(1U, fstab.size());
FstabEntry::FsMgrFlags flags = {};
flags.file_encryption = true;
@ -719,107 +699,7 @@ source none14 swap defaults fileencryption=aes-256-xts:aes-256-cts:v
auto entry = fstab.begin();
EXPECT_EQ("none0", entry->mount_point);
EXPECT_TRUE(CompareFlags(flags, entry->fs_mgr_flags));
EXPECT_EQ("", entry->file_contents_mode);
EXPECT_EQ("", entry->file_names_mode);
EXPECT_EQ(0, entry->file_policy_version);
entry++;
EXPECT_EQ("none1", entry->mount_point);
EXPECT_TRUE(CompareFlags(flags, entry->fs_mgr_flags));
EXPECT_EQ("aes-256-xts", entry->file_contents_mode);
EXPECT_EQ("aes-256-cts", entry->file_names_mode);
EXPECT_EQ(1, entry->file_policy_version);
entry++;
EXPECT_EQ("none2", entry->mount_point);
EXPECT_TRUE(CompareFlags(flags, entry->fs_mgr_flags));
EXPECT_EQ("aes-256-xts", entry->file_contents_mode);
EXPECT_EQ("aes-256-cts", entry->file_names_mode);
EXPECT_EQ(1, entry->file_policy_version);
entry++;
EXPECT_EQ("none3", entry->mount_point);
EXPECT_TRUE(CompareFlags(flags, entry->fs_mgr_flags));
EXPECT_EQ("adiantum", entry->file_contents_mode);
EXPECT_EQ("adiantum", entry->file_names_mode);
EXPECT_EQ(1, entry->file_policy_version);
entry++;
EXPECT_EQ("none4", entry->mount_point);
EXPECT_TRUE(CompareFlags(flags, entry->fs_mgr_flags));
EXPECT_EQ("adiantum", entry->file_contents_mode);
EXPECT_EQ("aes-256-heh", entry->file_names_mode);
EXPECT_EQ(1, entry->file_policy_version);
entry++;
EXPECT_EQ("none5", entry->mount_point);
EXPECT_TRUE(CompareFlags(flags, entry->fs_mgr_flags));
EXPECT_EQ("ice", entry->file_contents_mode);
EXPECT_EQ("aes-256-cts", entry->file_names_mode);
EXPECT_EQ(1, entry->file_policy_version);
entry++;
EXPECT_EQ("none6", entry->mount_point);
EXPECT_TRUE(CompareFlags(flags, entry->fs_mgr_flags));
EXPECT_EQ("ice", entry->file_contents_mode);
EXPECT_EQ("", entry->file_names_mode);
EXPECT_EQ(0, entry->file_policy_version);
entry++;
EXPECT_EQ("none7", entry->mount_point);
EXPECT_TRUE(CompareFlags(flags, entry->fs_mgr_flags));
EXPECT_EQ("ice", entry->file_contents_mode);
EXPECT_EQ("aes-256-cts", entry->file_names_mode);
EXPECT_EQ(1, entry->file_policy_version);
entry++;
EXPECT_EQ("none8", entry->mount_point);
EXPECT_TRUE(CompareFlags(flags, entry->fs_mgr_flags));
EXPECT_EQ("ice", entry->file_contents_mode);
EXPECT_EQ("aes-256-heh", entry->file_names_mode);
EXPECT_EQ(1, entry->file_policy_version);
entry++;
EXPECT_EQ("none9", entry->mount_point);
EXPECT_TRUE(CompareFlags(flags, entry->fs_mgr_flags));
EXPECT_EQ("ice", entry->file_contents_mode);
EXPECT_EQ("adiantum", entry->file_names_mode);
EXPECT_EQ(1, entry->file_policy_version);
entry++;
EXPECT_EQ("none10", entry->mount_point);
EXPECT_TRUE(CompareFlags(flags, entry->fs_mgr_flags));
EXPECT_EQ("aes-256-xts", entry->file_contents_mode);
EXPECT_EQ("aes-256-cts", entry->file_names_mode);
EXPECT_EQ(1, entry->file_policy_version);
entry++;
EXPECT_EQ("none11", entry->mount_point);
EXPECT_TRUE(CompareFlags(flags, entry->fs_mgr_flags));
EXPECT_EQ("aes-256-xts", entry->file_contents_mode);
EXPECT_EQ("aes-256-cts", entry->file_names_mode);
EXPECT_EQ(2, entry->file_policy_version);
entry++;
EXPECT_EQ("none12", entry->mount_point);
EXPECT_TRUE(CompareFlags(flags, entry->fs_mgr_flags));
EXPECT_EQ("", entry->file_contents_mode);
EXPECT_EQ("", entry->file_names_mode);
EXPECT_EQ(0, entry->file_policy_version);
entry++;
EXPECT_EQ("none13", entry->mount_point);
EXPECT_TRUE(CompareFlags(flags, entry->fs_mgr_flags));
EXPECT_EQ("aes-256-xts", entry->file_contents_mode);
EXPECT_EQ("aes-256-cts", entry->file_names_mode);
EXPECT_EQ(0, entry->file_policy_version);
entry++;
EXPECT_EQ("none14", entry->mount_point);
EXPECT_TRUE(CompareFlags(flags, entry->fs_mgr_flags));
EXPECT_EQ("aes-256-xts", entry->file_contents_mode);
EXPECT_EQ("aes-256-cts", entry->file_names_mode);
EXPECT_EQ(0, entry->file_policy_version);
EXPECT_EQ("aes-256-xts:aes-256-cts:v1", entry->encryption_options);
}
TEST(fs_mgr, ReadFstabFromFile_FsMgrOptions_MaxCompStreams) {