X-Git-Url: http://review.tizen.org/git/?a=blobdiff_plain;f=server%2Finternal-encryption.cpp;h=ae410c574b333e0d2bfcb7c97446b403cd45f6b7;hb=77b2f360ee6b9eb35bbf2418ed818c4e981fded1;hp=e9e40e99ec0fe4f115a23b3eb642239abf476bef;hpb=f8a0e1ef6c7597ec58761588092dac54ff75be7a;p=platform%2Fcore%2Fsecurity%2Fode.git diff --git a/server/internal-encryption.cpp b/server/internal-encryption.cpp index e9e40e9..ae410c5 100644 --- a/server/internal-encryption.cpp +++ b/server/internal-encryption.cpp @@ -14,11 +14,14 @@ * limitations under the License */ #include +#include +#include #include #include #include #include +#include #include #include @@ -26,9 +29,9 @@ #include #include #include -#include #include "vconf.h" +#include "logger.h" #include "progress-bar.h" #include "engine/encryption/dmcrypt-engine.h" #include "key-manager/key-manager.h" @@ -36,8 +39,9 @@ #include "rmi/internal-encryption.h" #define INTERNAL_ENGINE DMCryptEngine -#define INTERNAL_DEV "/dev/mmcblk0p25" -#define INTERNAL_PATH "/opt/usr" +#define INTERNAL_DEV_PATH "/dev/disk/by-partlabel" +#define INTERNAL_DEV_NAME "USER" +#define INTERNAL_PATH "/opt/usr" #define INTERNAL_STATE_VCONF_KEY VCONFKEY_ODE_CRYPTO_STATE #define INTERNAL_OPTION_ONLY_USED_REGION_VCONF_KEY VCONFKEY_ODE_FAST_ENCRYPTION @@ -61,107 +65,35 @@ namespace { std::unique_ptr engine; KeyManager::data mountKey; -void stopSystemdUserSessions() { - std::vector userSessionServices; - dbus::Connection& systemDBus = dbus::Connection::getSystem(); - dbus::VariantIterator iter; - - systemDBus.methodcall("org.freedesktop.systemd1", - "/org/freedesktop/systemd1", - "org.freedesktop.systemd1.Manager", - "ListUnits", - -1, "(a(ssssssouso))", "") - .get("(a(ssssssouso))", &iter); - - while (1) { - unsigned int dataUint; - char *dataStr[9]; - int ret; - - ret = iter.get("(ssssssouso)", dataStr, dataStr + 1, dataStr + 2, - dataStr + 3, dataStr + 4, dataStr + 5, - dataStr + 6, &dataUint, dataStr + 7, - dataStr + 8); - - if (!ret) { - break; - } - - std::string service(dataStr[0]); - if (service.compare(0, 5, "user@") == 0) { - userSessionServices.push_back(service); - } - } - - for (const std::string& service : userSessionServices) { - INFO("Stop service - " + service); - systemDBus.methodcall("org.freedesktop.systemd1", - "/org/freedesktop/systemd1", - "org.freedesktop.systemd1.Manager", - "StopUnit", - -1, "", "(ss)", service.c_str(), "flush"); - } +void stopDependedSystemdServices() +{ + runtime::File fileToTouch("/tmp/.ode-umount-internal"); + try { + fileToTouch.remove(); + } catch(runtime::Exception &e) {} + fileToTouch.create(O_WRONLY); sleep(1); } -void stopDependedSystemdServices() +void killDependedProcesses() { - dbus::Connection& systemDBus = dbus::Connection::getSystem(); - std::set servicesToStop; - - for (pid_t pid : runtime::FileUser::getList(INTERNAL_PATH, true)) { - try { - char *service; - systemDBus.methodcall("org.freedesktop.systemd1", - "/org/freedesktop/systemd1", - "org.freedesktop.systemd1.Manager", - "GetUnitByPID", - -1, "(o)", "(u)", (unsigned int)pid) - .get("(o)", &service); - servicesToStop.insert(service); - } catch (runtime::Exception &e) { - INFO("Close process - " + std::to_string(pid)); - ::kill(pid, SIGKILL); + INFO(SINK, "killDependedProcesses"); + for (pid_t pid : runtime::FileUser::getList(INTERNAL_PATH, true)) { + INFO(SINK, "Close process - " + std::to_string(pid)); + int ret = ::kill(pid, SIGKILL); + if (ret != 0) { + ERROR(SINK, "Failed to kill process " + std::to_string(pid)); } - } - - for (const std::string& service : servicesToStop) { - INFO("Close service - " + service); - systemDBus.methodcall("org.freedesktop.systemd1", - service, - "org.freedesktop.systemd1.Unit", - "Stop", - -1, "", "(s)", "flush"); - } + } } void showProgressUI(const std::string type) { - ::tzplatform_set_user(::tzplatform_getuid(TZ_SYS_DEFAULT_USER)); - std::string defaultUserHome(::tzplatform_getenv(TZ_USER_HOME)); - ::tzplatform_reset_user(); - + runtime::File fileToTouch("/tmp/.ode-progress-internal@" + type); try { - runtime::File shareDirectory("/opt/home/root/share"); - if (!shareDirectory.exists()) { - shareDirectory.makeDirectory(true); - } - - runtime::File elmConfigDir(shareDirectory.getPath() + "/.elementary"); - if (!elmConfigDir.exists()) { - runtime::File defaultElmConfigDir(defaultUserHome + "/share/.elementary"); - defaultElmConfigDir.copyTo(shareDirectory.getPath()); - } - } catch (runtime::Exception &e) { - ERROR("Failed to set up elm configuration"); - } - - std::vector args = { - "ode", "progress", type, "Internal" - }; - - runtime::Process proc("/usr/bin/ode", args); - proc.execute(); + fileToTouch.remove(); + } catch(runtime::Exception &e) {} + fileToTouch.create(O_WRONLY); } unsigned int getOptions() @@ -210,8 +142,28 @@ InternalEncryption::InternalEncryption(ODEControlContext& ctx) : context.createNotification("InternalEncryption::mount"); + std::string source = INTERNAL_DEV_PATH "/" INTERNAL_DEV_NAME; + try { + runtime::DirectoryIterator iter(INTERNAL_DEV_PATH), end; + + while (iter != end) { + const std::string& path = (*iter).getPath(); + std::string name = path.substr(path.rfind('/') + 1); + std::string upper; + upper.reserve(name.size()); + for (char c : name) { + upper += std::toupper(c); + } + if (upper == INTERNAL_DEV_NAME) { + source = path; + break; + } + ++iter; + } + } catch (runtime::Exception &e) {} + engine.reset(new INTERNAL_ENGINE( - INTERNAL_DEV, INTERNAL_PATH, + source, INTERNAL_PATH, ProgressBar([](int v) { ::vconf_set_str(VCONFKEY_ODE_ENCRYPT_PROGRESS, std::to_string(v).c_str()); @@ -243,7 +195,7 @@ int InternalEncryption::mount() } if (engine->isMounted()) { - INFO("Already mounted"); + INFO(SINK, "Already mounted"); return 0; } @@ -252,6 +204,9 @@ int InternalEncryption::mount() context.notify("InternalEncryption::mount"); + runtime::File("/tmp/.lazy_mount").create(O_WRONLY); + runtime::File("/tmp/.unlock_mnt").create(O_WRONLY); + return 0; } @@ -262,13 +217,14 @@ int InternalEncryption::umount() } if (!engine->isMounted()) { - INFO("Already umounted"); + INFO(SINK, "Already umounted"); return 0; } - INFO("Close all processes using internal storage..."); + INFO(SINK, "Close all processes that use internal storage..."); stopDependedSystemdServices(); - INFO("Umount internal storage..."); + killDependedProcesses(); + INFO(SINK, "Umount internal storage..."); engine->umount(); return 0; @@ -290,32 +246,32 @@ int InternalEncryption::encrypt(const std::string& password, unsigned int option KeyManager::data MasterKey = keyManager.getMasterKey(pwData); auto encryptWorker = [MasterKey, options, this]() { try { - INFO("Close all user sessions..."); - stopSystemdUserSessions(); - INFO("Close all processes using internal storage..."); + INFO(SINK, "Close all processes that use internal storage..."); stopDependedSystemdServices(); - INFO("Umount internal storage..."); + killDependedProcesses(); + INFO(SINK, "Umount internal storage..."); while (::umount(INTERNAL_PATH) == -1) { if (errno != EBUSY) { throw runtime::Exception("Umount error - " + std::to_string(errno)); } - stopDependedSystemdServices(); + killDependedProcesses(); } showProgressUI("Encrypting"); - INFO("Encryption started..."); + INFO(SINK, "Encryption started..."); engine->encrypt(MasterKey, options); setOptions(options & getSupportedOptions()); - INFO("Sync disk..."); + INFO(SINK, "Sync disk..."); sync(); - INFO("Encryption completed"); + INFO(SINK, "Encryption completed"); ::vconf_set_str(INTERNAL_STATE_VCONF_KEY, "encrypted"); + context.notify("InternalEncryption::mount"); ::reboot(RB_AUTOBOOT); } catch (runtime::Exception &e) { ::vconf_set_str(INTERNAL_STATE_VCONF_KEY, "error_partially_encrypted"); - ERROR("Encryption failed - " + std::string(e.what())); + ERROR(SINK, "Encryption failed - " + std::string(e.what())); } }; @@ -341,33 +297,32 @@ int InternalEncryption::decrypt(const std::string& password) KeyManager::data MasterKey = keyManager.getMasterKey(pwData); auto decryptWorker = [MasterKey, this]() { try { - INFO("Close all user sessions..."); - stopSystemdUserSessions(); - INFO("Close all processes using internal storage..."); + INFO(SINK, "Umount internal storage..."); stopDependedSystemdServices(); - INFO("Umount internal storage..."); + killDependedProcesses(); + INFO(SINK, "Umount internal storage..."); while (1) { try { engine->umount(); break; } catch (runtime::Exception& e) { - stopDependedSystemdServices(); + killDependedProcesses(); } } showProgressUI("Decrypting"); - INFO("Decryption started..."); + INFO(SINK, "Decryption started..."); engine->decrypt(MasterKey, getOptions()); - INFO("Sync disk..."); + INFO(SINK, "Sync disk..."); sync(); - INFO("Decryption completed"); + INFO(SINK, "Decryption completed"); ::vconf_set_str(INTERNAL_STATE_VCONF_KEY, "unencrypted"); ::reboot(RB_AUTOBOOT); } catch (runtime::Exception &e) { ::vconf_set_str(INTERNAL_STATE_VCONF_KEY, "error_partially_encrypted"); - ERROR("Decryption failed - " + std::string(e.what())); + ERROR(SINK, "Decryption failed - " + std::string(e.what())); } }; @@ -386,7 +341,7 @@ int InternalEncryption::recovery() //TODO runtime::Process proc(PROG_FACTORY_RESET, wipeCommand); if (proc.execute() == -1) { - ERROR("Failed to launch factory-reset"); + ERROR(SINK, "Failed to launch factory-reset"); return -2; }