2 * Copyright (c) 2015 Samsung Electronics Co., Ltd All Rights Reserved
4 * Licensed under the Apache License, Version 2.0 (the "License");
5 * you may not use this file except in compliance with the License.
6 * You may obtain a copy of the License at
8 * http://www.apache.org/licenses/LICENSE-2.0
10 * Unless required by applicable law or agreed to in writing, software
11 * distributed under the License is distributed on an "AS IS" BASIS,
12 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13 * See the License for the specific language governing permissions and
14 * limitations under the License
17 #include <sys/mount.h>
18 #include <sys/reboot.h>
20 #include <klay/filesystem.h>
21 #include <klay/dbus/connection.h>
22 #include <klay/audit/logger.h>
24 #include "engine/dmcrypt-engine.h"
25 #include "key-manager/key-manager.h"
27 #include "rmi/internal-encryption.h"
29 #define INTERNAL_STORAGE_PATH "/opt/usr"
35 KeyManager keyManager(INTERNAL_STORAGE_PATH);
36 DMCryptEngine engine("/dev/mmcblk0p25", INTERNAL_STORAGE_PATH);
38 std::vector<std::string> dependedSystemdServices = {
41 "mtp-responder.service",
44 void stopDependedSystemdServices()
46 std::vector<std::string> servicesToStop(dependedSystemdServices);
47 dbus::Connection& systemDBus = dbus::Connection::getSystem();
48 dbus::VariantIterator iter;
50 systemDBus.methodcall("org.freedesktop.systemd1",
51 "/org/freedesktop/systemd1",
52 "org.freedesktop.systemd1.Manager",
54 -1, "(a(ssssssouso))", "")
55 .get("(a(ssssssouso))", &iter);
58 unsigned int dataUint;
62 ret = iter.get("(ssssssouso)", dataStr, dataStr + 1, dataStr + 2,
63 dataStr + 3, dataStr + 4, dataStr + 5,
64 dataStr + 6, &dataUint, dataStr + 7,
71 std::string service(dataStr[0]);
72 if (service.compare(0, 5, "user@") == 0) {
73 servicesToStop.push_back(service);
78 //TODO : get other services that are using INTERNAL_STORAGE_PATH
80 for (const std::string& service : servicesToStop) {
81 INFO("Stop service - " + service);
82 systemDBus.methodcall("org.freedesktop.systemd1",
83 "/org/freedesktop/systemd1",
84 "org.freedesktop.systemd1.Manager",
86 -1, "", "(ss)", service.c_str(), "flush");
92 InternalEncryption::InternalEncryption(ODEControlContext& ctx) :
95 context.registerParametricMethod(this, "", (int)(InternalEncryption::mount)(std::string));
96 context.registerNonparametricMethod(this, "", (int)(InternalEncryption::umount));
97 context.registerParametricMethod(this, "", (int)(InternalEncryption::encrypt)(std::string));
98 context.registerParametricMethod(this, "", (int)(InternalEncryption::decrypt)(std::string));
99 context.registerParametricMethod(this, "", (int)(InternalEncryption::changePassword)(std::string, std::string));
100 context.registerNonparametricMethod(this, "", (int)(InternalEncryption::getState));
103 InternalEncryption::~InternalEncryption()
107 int InternalEncryption::mount(const std::string& password)
109 bool isVerified = false;
110 KeyManager::data pwData(password.begin(), password.end());
113 isVerified = keyManager.verifyPassword(pwData);
114 } catch (runtime::Exception& e) {}
120 engine.mount(keyManager.getDEK(pwData));
124 int InternalEncryption::umount()
126 INFO("Close all processes using internal storage...");
127 stopDependedSystemdServices();
128 INFO("Umount internal storage...");
134 int InternalEncryption::encrypt(const std::string& password)
136 KeyManager::data pwData(password.begin(), password.end());
138 if (keyManager.isInitialized()) {
139 bool isVerified = false;
141 isVerified = keyManager.verifyPassword(pwData);
142 } catch (runtime::Exception& e) {}
148 keyManager.initPassword(pwData);
151 KeyManager::data DEK = keyManager.getDEK(pwData);
152 auto encryptWorker = [DEK, this]() {
153 INFO("Close all processes using internal storage...");
154 stopDependedSystemdServices();
155 INFO("Umount internal storage...");
156 while (::umount(INTERNAL_STORAGE_PATH) == -1) {
157 if (errno != EBUSY) {
161 INFO("Encryption started...");
163 INFO("Sync disk...");
165 INFO("Encryption completed");
166 ::reboot(RB_AUTOBOOT);
169 std::thread asyncWork(encryptWorker);
175 int InternalEncryption::decrypt(const std::string& password)
177 bool isVerified = false;
178 KeyManager::data pwData(password.begin(), password.end());
181 isVerified = keyManager.verifyPassword(pwData);
182 } catch (runtime::Exception& e) {}
188 KeyManager::data DEK = keyManager.getDEK(pwData);
189 auto decryptWorker = [DEK, this]() {
190 INFO("Close all processes using internal storage...");
191 stopDependedSystemdServices();
192 INFO("Umount internal storage...");
195 } catch (runtime::Exception& e) {}
196 INFO("Decryption started...");
198 INFO("Sync disk...");
200 INFO("Decryption completed");
201 ::reboot(RB_AUTOBOOT);
204 std::thread asyncWork(decryptWorker);
207 keyManager.clearPassword();
212 int InternalEncryption::changePassword(const std::string& oldPassword,
213 const std::string& newPassword)
215 KeyManager::data oldPwData(oldPassword.begin(), oldPassword.end());
216 KeyManager::data newPwData(newPassword.begin(), oldPassword.end());
218 bool isVerified = false;
220 isVerified = keyManager.verifyPassword(newPwData);
221 } catch (runtime::Exception& e) {}
227 keyManager.changePassword(oldPwData, newPwData);
231 int InternalEncryption::getState()