server/external-encryption.cpp

   1 /*
   2  *  Copyright (c) 2015 Samsung Electronics Co., Ltd All Rights Reserved
   3  *
   4  *  Licensed under the Apache License, Version 2.0 (the "License");
   5  *  you may not use this file except in compliance with the License.
   6  *  You may obtain a copy of the License at
   7  *
   8  *      http://www.apache.org/licenses/LICENSE-2.0
   9  *
  10  *  Unless required by applicable law or agreed to in writing, software
  11  *  distributed under the License is distributed on an "AS IS" BASIS,
  12  *  WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
  13  *  See the License for the specific language governing permissions and
  14  *  limitations under the License
  15  */
  16 #include <signal.h>
  17 #include <unistd.h>
  18 #include <sys/mount.h>
  19
  20 #include <tzplatform_config.h>
  21 #include <klay/file-user.h>
  22 #include <klay/filesystem.h>
  23 #include <klay/audit/logger.h>
  24
  25 #include "launchpad.h"
  26 #include "app-bundle.h"
  27 #include "engine/ecryptfs-engine.h"
  28 #include "key-manager/key-manager.h"
  29 #include <klay/dbus/variant.h>
  30 #include <klay/dbus/connection.h>
  31
  32 #include "rmi/external-encryption.h"
  33
  34 #define EXTERNAL_STORAGE_PATH   "/opt/media/SDCardA1"
  35 #define DEFAULT_USER "owner"
  36
  37 namespace ode {
  38
  39 namespace {
  40
  41 KeyManager keyManager(EXTERNAL_STORAGE_PATH);
  42 EcryptfsEngine engine(EXTERNAL_STORAGE_PATH, EXTERNAL_STORAGE_PATH);
  43
  44 void killDependedApplications()
  45 {
  46         for (pid_t pid : runtime::FileUser::getList(EXTERNAL_STORAGE_PATH, true)) {
  47                 INFO("Close process - " + std::to_string(pid));
  48                 ::kill(pid, SIGKILL);
  49         }
  50 }
  51
  52 void showProgressUI(const std::string type) {
  53         AppBundle bundle;
  54         bundle.add("mode", "progress");
  55         bundle.add("type", type);
  56         bundle.add("target", "SD card encryption");
  57
  58         Launchpad launchpad(::tzplatform_getuid(TZ_SYS_DEFAULT_USER));
  59         launchpad.launch("org.tizen.ode-gui", bundle);
  60 }
  61
  62 void externalCallback(dbus::Variant parameters)
  63 {
  64         INFO("SD Card State Changed");
  65         int intparams[6];
  66         char* strparams[7];
  67
  68         parameters.get("(issssssisibii)",
  69                      &intparams[0], // block type: 0 - scsi, 1 : mmc
  70                      &strparams[0], // devnode
  71                      &strparams[1], // syspath
  72                      &strparams[2], // usage
  73                      &strparams[3], // fs type
  74                      &strparams[4], // fs version
  75                      &strparams[5], // fs uuid enc
  76                      &intparams[1], // readonly: 0 - rw, 1 - ro
  77                      &strparams[6], // mount point
  78                      &intparams[2], // state: 0 - unmount, 1 - mount
  79                      &intparams[3], // primary: 0 - flase, 1 - true
  80                      &intparams[4], // flags: 1 - unmounted 2 - broken filesystem 4 - no filesystem 8 - not supported 16 - readonly
  81                      &intparams[5]); // strage id
  82         if(intparams[2] == 0) {
  83                 INFO("Unmounted!!!");
  84         }
  85         else {
  86                 INFO("Mounted!!!");
  87                 // TODO
  88                 // Password Popup
  89                 std::string pw = "tizen";
  90                 KeyManager::data pwData(pw.begin(), pw.end());
  91                 engine.mount(keyManager.getDEK(pwData));
  92         }
  93 }
  94
  95 void externalAddEventReceiver()
  96 {
  97         dbus::Connection &systemDBus = dbus::Connection::getSystem();
  98         dbus::Connection::SubscriptionId id;
  99
 100         id = systemDBus.subscribeSignal("",
 101                                                             "org.tizen.system.storage.BlockManager",
 102                                                             "DeviceChanged",
 103                                                             "/Org/Tizen/System/Storage/Block/Manager",
 104                                                             externalCallback);
 105         INFO("Event ID: " + std::to_string(id));
 106 }
 107
 108 void externalCheckMount()
 109 {
 110         INFO("EcryptfsEncrypt");
 111         if (!engine.isMountpointMounted(EXTERNAL_STORAGE_PATH)) {
 112                 INFO("SD Card not inserted!");
 113         }
 114         else {
 115                 INFO("SD Card inserted!");
 116                 if (engine.checkEncryptMetaData(ORIG_META_FILE_PATH) == 0) {
 117                         INFO("SD Card encrypted!");
 118                         if (engine.isEcryptfsMountpointMounted(EXTERNAL_STORAGE_PATH) == 0) {
 119                                 INFO("Already Ecryptfs Mounted");
 120                         }
 121                         else {
 122                                 std::string pw = "tizen";
 123                                 KeyManager::data pwData(pw.begin(), pw.end());
 124                                 engine.mount(keyManager.getDEK(pwData));
 125                         }
 126                 }
 127                 else {
 128                         INFO("SD Card not encrypted!");
 129                 }
 130         }
 131 }
 132
 133 }
 134
 135 ExternalEncryption::ExternalEncryption(ODEControlContext& ctx) :
 136         context(ctx)
 137 {
 138         context.registerParametricMethod(this, "", (int)(ExternalEncryption::mount)(std::string));
 139         context.registerNonparametricMethod(this, "", (int)(ExternalEncryption::umount));
 140         context.registerParametricMethod(this, "", (int)(ExternalEncryption::encrypt)(std::string));
 141         context.registerParametricMethod(this, "", (int)(ExternalEncryption::decrypt)(std::string));
 142         context.registerParametricMethod(this, "", (int)(ExternalEncryption::changePassword)(std::string, std::string));
 143         context.registerNonparametricMethod(this, "", (int)(ExternalEncryption::getState));
 144
 145         externalAddEventReceiver();
 146         externalCheckMount();
 147 }
 148
 149
 150 ExternalEncryption::~ExternalEncryption()
 151 {
 152 }
 153
 154 int ExternalEncryption::mount(const std::string& password)
 155 {
 156         bool isVerified = false;
 157         KeyManager::data pwData(password.begin(), password.end());
 158
 159         try {
 160                 isVerified = keyManager.verifyPassword(pwData);
 161         } catch (runtime::Exception& e) {}
 162
 163         if (!isVerified) {
 164                 return -1;
 165         }
 166
 167         engine.mount(keyManager.getDEK(pwData));
 168         return 0;
 169 }
 170
 171 int ExternalEncryption::umount()
 172 {
 173         INFO("Close all applications using external storage...");
 174         killDependedApplications();
 175         INFO("Umount internal storage...");
 176         engine.umount();
 177
 178         return 0;
 179 }
 180
 181 int ExternalEncryption::encrypt(const std::string& password)
 182 {
 183         KeyManager::data pwData(password.begin(), password.end());
 184
 185         if (keyManager.isInitialized()) {
 186                 bool isVerified = false;
 187                 try {
 188                         isVerified = keyManager.verifyPassword(pwData);
 189                 } catch (runtime::Exception& e) {}
 190
 191                 if (!isVerified) {
 192                         return -2;
 193                 }
 194         } else {
 195                 keyManager.initPassword(pwData);
 196         }
 197
 198         KeyManager::data DEK = keyManager.getDEK(pwData);
 199         auto encryptWorker = [DEK, this]() {
 200                 showProgressUI("Encrypting");
 201
 202                 INFO("Close all applications using external storage...");
 203                 killDependedApplications();
 204                 INFO("Encryption started...");
 205                 engine.encrypt(DEK);
 206                 INFO("Sync disk...");
 207                 sync();
 208                 INFO("Encryption completed");
 209         };
 210
 211         std::thread asyncWork(encryptWorker);
 212         asyncWork.detach();
 213
 214         return 0;
 215 }
 216
 217 int ExternalEncryption::decrypt(const std::string& password)
 218 {
 219         bool isVerified = false;
 220         KeyManager::data pwData(password.begin(), password.end());
 221
 222         try {
 223                 isVerified = keyManager.verifyPassword(pwData);
 224         } catch (runtime::Exception& e) {}
 225
 226         if (!isVerified) {
 227                 return -1;
 228         }
 229
 230         KeyManager::data DEK = keyManager.getDEK(pwData);
 231         auto decryptWorker = [DEK, this]() {
 232                 showProgressUI("Decrypting");
 233
 234                 INFO("Close all applications using external storage...");
 235                 killDependedApplications();
 236                 INFO("Umount internal storage...");
 237                 try {
 238                         engine.umount();
 239                 } catch (runtime::Exception& e) {}
 240
 241                 INFO("Decryption started...");
 242                 engine.decrypt(DEK);
 243                 INFO("Sync disk...");
 244                 sync();
 245                 INFO("Decryption completed");
 246         };
 247
 248         std::thread asyncWork(decryptWorker);
 249         asyncWork.detach();
 250
 251         keyManager.clearPassword();
 252
 253         return 0;
 254 }
 255
 256 int ExternalEncryption::changePassword(const std::string& oldPassword,
 257                                                                                 const std::string& newPassword)
 258 {
 259         KeyManager::data oldPwData(oldPassword.begin(), oldPassword.end());
 260         KeyManager::data newPwData(newPassword.begin(), oldPassword.end());
 261
 262         bool isVerified = false;
 263         try {
 264                 isVerified = keyManager.verifyPassword(newPwData);
 265         } catch (runtime::Exception& e) {}
 266
 267         if (!isVerified) {
 268                 return -1;
 269         }
 270
 271         keyManager.changePassword(oldPwData, newPwData);
 272         return 0;
 273 }
 274
 275 int ExternalEncryption::getState()
 276 {
 277         //TODO
 278         return 0;
 279 }
 280
 281 } // namespace ode