}
}
+int InternalEncryptionClient::prepareEncryption(unsigned int options)
+{
+ try {
+ return context->methodCall<int>("InternalEncryptionServer::prepareEncryption", options);
+ } catch (runtime::Exception& e) {
+ return error::Unknown;
+ }
+}
+
+int InternalEncryptionClient::prepareDecryption()
+{
+ try {
+ return context->methodCall<int>("InternalEncryptionServer::prepareDecryption");
+ } catch (runtime::Exception& e) {
+ return error::Unknown;
+ }
+}
+
int InternalEncryptionClient::encrypt(const std::string& password, unsigned int options)
{
try {
int umount();
int isMounted();
+ int prepareEncryption(unsigned int options);
+ int prepareDecryption();
+
int encrypt(const std::string& password, unsigned int options);
int decrypt(const std::string& password);
ODE_STATE_UNENCRYPTED = 0, /**< Device is not encrypted */
ODE_STATE_ENCRYPTED = 1, /**< Device is encrypted */
ODE_STATE_CORRUPTED = 2, /**< Device is corrupted because of encryption error */
+ ODE_STATE_PREPARED_ENCRYPTION = 3,
+ ODE_STATE_PREPARED_DECRYPTION = 4,
} ode_state_e;
/**
return toApiError(internal.umount());
}
+int ode_internal_encryption_prepare_encryption(unsigned int options)
+{
+ ClientContext client;
+ RET_ON_FAILURE(client.connect() == 0, ODE_ERROR_CONNECTION_REFUSED);
+ InternalEncryptionClient internal = client.createInterface<InternalEncryptionClient>();
+
+ return toApiError(internal.prepareEncryption(options));
+}
+
+int ode_internal_encryption_prepare_decryption()
+{
+ ClientContext client;
+ RET_ON_FAILURE(client.connect() == 0, ODE_ERROR_CONNECTION_REFUSED);
+ InternalEncryptionClient internal = client.createInterface<InternalEncryptionClient>();
+
+ return toApiError(internal.prepareDecryption());
+}
+
int ode_internal_encryption_encrypt(const char* password, unsigned int options)
{
RET_ON_FAILURE(password, ODE_ERROR_INVALID_PARAMETER);
ODE_API int ode_internal_encryption_umount();
/**
+ * @brief Prepare to encrypt internal storage
+ * @details Administrator can use this API to prepare encryption internal storage.
+ * @since_tizen 5.5
+ * @param[in] options Encryption options
+ * @return #ODE_ERROR_NONE on success, otherwise a negative value
+ * @retval #ODE_ERROR_NONE Successful
+ * @post ode_internal_encryption_encrypt() must be invoked after rebooting
+ * @see ode_internal_encryption_prepare_decryption()
+ */
+ODE_API int ode_internal_encryption_prepare_encryption(unsigned int options);
+
+/**
+ * @brief Prepare to decrypt internal storage
+ * @details Administrator can use this API to prepare decryption internal storage.
+ * @since_tizen 5.5
+ * @return #ODE_ERROR_NONE on success, otherwise a negative value
+ * @retval #ODE_ERROR_NONE Successful
+ * @post ode_internal_encryption_decrypt() must be invoked after rebooting
+ * @see ode_internal_encryption_prepare_encryption()
+ */
+ODE_API int ode_internal_encryption_prepare_decryption();
+
+/**
* @brief Encrypt internal storage by given password.
* @details Administrator can use this API to encrypt internal storage.
* @since_tizen 4.0
* @retval #ODE_ERROR_UNKNOWN Unknown error
* @pre The password must match with what is set by
* ode_internal_encryption_init_password().
+ * @pre The device must be prepared to encrypt by
+ * ode_internal_encryption_prepare_encryption()
* @see ode_internal_encryption_mount()
* @see ode_internal_encryption_decrypt()
* @see ode_internal_encryption_get_supported_options()
* @retval #ODE_ERROR_UNKNOWN Unknown error
* @pre The password must match with what is set by
* ode_internal_encryption_init_password().
+ * @pre The device must be prepared to decrypt by
+ * ode_internal_encryption_prepare_decryption()
* @see ode_internal_encryption_encrypt()
*/
ODE_API int ode_internal_encryption_decrypt(const char* password);
virtual int umount() = 0;
virtual int isMounted() = 0;
+ virtual int prepareEncryption(unsigned int options) = 0;
+ virtual int prepareDecryption() = 0;
+
virtual int encrypt(const std::string& password, unsigned int options) = 0;
virtual int decrypt(const std::string& password) = 0;
Unencrypted = 0,
Encrypted = 1,
Corrupted = 2,
+ PreparedEncryption = 3,
+ PreparedDecryption = 4,
};
virtual int getState() = 0;
server.expose(this, PRIVILEGE_PLATFORM, (int)(InternalEncryptionServer::mount)(std::vector<unsigned char>, unsigned int));
server.expose(this, PRIVILEGE_PLATFORM, (int)(InternalEncryptionServer::umount)());
server.expose(this, PRIVILEGE_PLATFORM, (int)(InternalEncryptionServer::isMounted)());
+ server.expose(this, PRIVILEGE_PLATFORM, (int)(InternalEncryptionServer::prepareEncryption)(unsigned int));
+ server.expose(this, PRIVILEGE_PLATFORM, (int)(InternalEncryptionServer::prepareDecryption)());
server.expose(this, PRIVILEGE_PLATFORM, (int)(InternalEncryptionServer::encrypt)(std::string, unsigned int));
server.expose(this, PRIVILEGE_PLATFORM, (int)(InternalEncryptionServer::decrypt)(std::string));
server.expose(this, "", (int)(InternalEncryptionServer::isPasswordInitialized)());
return error::None;
}
+int InternalEncryptionServer::prepareEncryption(unsigned int options)
+{
+ if (getState() != State::Unencrypted) {
+ ERROR(SINK, "Cannot encrypt, partition's state incorrect.");
+ return error::NoSuchDevice;
+ }
+
+ try {
+ runtime::File file("/opt/etc/.odeprogress");
+ file.create(MODE_0640);
+ } catch (runtime::Exception &e) {
+ ERROR(SINK, "Failed to create the flag file: " + std::string(e.what()));
+ return error::Unknown;
+ }
+
+ setOptions(options & getSupportedOptions());
+
+ ::vconf_set_str(VCONFKEY_ODE_CRYPTO_STATE, "prepared_encryption");
+ ::sync();
+ ::reboot(RB_AUTOBOOT);
+
+ return error::None;
+}
+
+int InternalEncryptionServer::prepareDecryption()
+{
+ if (getState() != State::Encrypted) {
+ ERROR(SINK, "Cannot decrypt, partition's state incorrect.");
+ return error::NoSuchDevice;
+ }
+
+ try {
+ runtime::File file("/opt/etc/.odeprogress");
+ file.create(MODE_0640);
+ } catch (runtime::Exception &e) {
+ ERROR(SINK, "Failed to create the flag file: " + std::string(e.what()));
+ return error::Unknown;
+ }
+
+ ::vconf_set_str(VCONFKEY_ODE_CRYPTO_STATE, "prepared_decryption");
+ ::sync();
+ ::reboot(RB_AUTOBOOT);
+
+ return error::None;
+}
+
int InternalEncryptionServer::encrypt(const std::string& password, unsigned int options)
{
if (getState() != State::Unencrypted) {
return State::Encrypted;
else if (valueStr == "unencrypted")
return State::Unencrypted;
+ else if (valueStr == "prepared_encryption")
+ return State::PreparedEncryption;
+ else if (valueStr == "prepared_decryption")
+ return State::PreparedDecryption;
else if (valueStr == "error_partially_encrypted" || valueStr == "error_partially_decrypted")
return State::Corrupted;
int umount();
int isMounted();
+ int prepareEncryption(unsigned int options);
+ int prepareDecryption();
+
int encrypt(const std::string& password, unsigned int options);
int decrypt(const std::string& password);
projects / platform / core / security / ode.git / commitdiff