2 * Copyright (c) 2015 Samsung Electronics Co., Ltd All Rights Reserved
4 * Licensed under the Apache License, Version 2.0 (the "License");
5 * you may not use this file except in compliance with the License.
6 * You may obtain a copy of the License at
8 * http://www.apache.org/licenses/LICENSE-2.0
10 * Unless required by applicable law or agreed to in writing, software
11 * distributed under the License is distributed on an "AS IS" BASIS,
12 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13 * See the License for the specific language governing permissions and
14 * limitations under the License
20 #include <sys/mount.h>
21 #include <sys/reboot.h>
23 #include <klay/file-user.h>
24 #include <klay/filesystem.h>
25 #include <klay/dbus/connection.h>
26 #include <klay/audit/logger.h>
28 #include "engine/dmcrypt-engine.h"
29 #include "key-manager/key-manager.h"
31 #include "rmi/internal-encryption.h"
33 #define INTERNAL_STORAGE_PATH "/opt/usr"
39 KeyManager keyManager(INTERNAL_STORAGE_PATH);
40 DMCryptEngine engine("/dev/mmcblk0p25", INTERNAL_STORAGE_PATH);
42 void stopDependedSystemdServices()
44 dbus::Connection& systemDBus = dbus::Connection::getSystem();
45 std::set<std::string> servicesToStop;
47 for (pid_t pid : runtime::FileUser::getList(INTERNAL_STORAGE_PATH, true)) {
50 systemDBus.methodcall("org.freedesktop.systemd1",
51 "/org/freedesktop/systemd1",
52 "org.freedesktop.systemd1.Manager",
54 -1, "(o)", "(u)", (unsigned int)pid)
55 .get("(o)", &service);
56 servicesToStop.insert(service);
57 } catch (runtime::Exception &e) {
58 INFO("Close process - " + std::to_string(pid));
63 for (const std::string& service : servicesToStop) {
64 INFO("Close service - " + service);
65 systemDBus.methodcall("org.freedesktop.systemd1",
67 "org.freedesktop.systemd1.Unit",
69 -1, "", "(s)", "flush");
75 InternalEncryption::InternalEncryption(ODEControlContext& ctx) :
78 context.registerParametricMethod(this, "", (int)(InternalEncryption::mount)(std::string));
79 context.registerNonparametricMethod(this, "", (int)(InternalEncryption::umount));
80 context.registerParametricMethod(this, "", (int)(InternalEncryption::encrypt)(std::string));
81 context.registerParametricMethod(this, "", (int)(InternalEncryption::decrypt)(std::string));
82 context.registerParametricMethod(this, "", (int)(InternalEncryption::changePassword)(std::string, std::string));
83 context.registerNonparametricMethod(this, "", (int)(InternalEncryption::getState));
86 InternalEncryption::~InternalEncryption()
90 int InternalEncryption::mount(const std::string& password)
92 bool isVerified = false;
93 KeyManager::data pwData(password.begin(), password.end());
96 isVerified = keyManager.verifyPassword(pwData);
97 } catch (runtime::Exception& e) {}
103 engine.mount(keyManager.getDEK(pwData));
107 int InternalEncryption::umount()
109 INFO("Close all processes using internal storage...");
110 stopDependedSystemdServices();
111 INFO("Umount internal storage...");
117 int InternalEncryption::encrypt(const std::string& password)
119 KeyManager::data pwData(password.begin(), password.end());
121 if (keyManager.isInitialized()) {
122 bool isVerified = false;
124 isVerified = keyManager.verifyPassword(pwData);
125 } catch (runtime::Exception& e) {}
131 keyManager.initPassword(pwData);
134 KeyManager::data DEK = keyManager.getDEK(pwData);
135 auto encryptWorker = [DEK, this]() {
136 INFO("Close all processes using internal storage...");
137 stopDependedSystemdServices();
138 INFO("Umount internal storage...");
139 while (::umount(INTERNAL_STORAGE_PATH) == -1) {
140 if (errno != EBUSY) {
144 INFO("Encryption started...");
146 INFO("Sync disk...");
148 INFO("Encryption completed");
149 ::reboot(RB_AUTOBOOT);
152 std::thread asyncWork(encryptWorker);
158 int InternalEncryption::decrypt(const std::string& password)
160 bool isVerified = false;
161 KeyManager::data pwData(password.begin(), password.end());
164 isVerified = keyManager.verifyPassword(pwData);
165 } catch (runtime::Exception& e) {}
171 KeyManager::data DEK = keyManager.getDEK(pwData);
172 auto decryptWorker = [DEK, this]() {
173 INFO("Close all processes using internal storage...");
174 stopDependedSystemdServices();
175 INFO("Umount internal storage...");
178 } catch (runtime::Exception& e) {}
179 INFO("Decryption started...");
181 INFO("Sync disk...");
183 INFO("Decryption completed");
184 ::reboot(RB_AUTOBOOT);
187 std::thread asyncWork(decryptWorker);
190 keyManager.clearPassword();
195 int InternalEncryption::changePassword(const std::string& oldPassword,
196 const std::string& newPassword)
198 KeyManager::data oldPwData(oldPassword.begin(), oldPassword.end());
199 KeyManager::data newPwData(newPassword.begin(), oldPassword.end());
201 bool isVerified = false;
203 isVerified = keyManager.verifyPassword(newPwData);
204 } catch (runtime::Exception& e) {}
210 keyManager.changePassword(oldPwData, newPwData);
214 int InternalEncryption::getState()