From: Sungbae Yoo <sungbae.yoo@samsung.com>
Date: Fri, 25 Aug 2017 12:04:08 +0000 (+0900)
Subject: Add ecryptfs key linking in the keyring of root user
X-Git-Tag: submit/tizen/20170831.072417^0
X-Git-Url: http://review.tizen.org/git/?a=commitdiff_plain;h=e31cf4026e8538eccc86e7da987b06ac18787236;p=platform%2Fcore%2Fsecurity%2Fode.git

Add ecryptfs key linking in the keyring of root user

Change-Id: Ie9eddecc8f6a274ff2e6e030730a49ad5f1dd773
Signed-off-by: Sungbae Yoo <sungbae.yoo@samsung.com>
---

diff --git a/server/external-encryption.cpp b/server/external-encryption.cpp
index 29c391a..ffaf61b 100644
--- a/server/external-encryption.cpp
+++ b/server/external-encryption.cpp
@@ -323,6 +323,14 @@ int ExternalEncryption::encrypt(const std::string &password, unsigned int option
 			sync();
 			INFO(SINK, "Encryption completed");
 			::vconf_set_str(EXTERNAL_STATE_VCONF_KEY, "encrypted");
+
+			//For smackfsroot, smackfsdef option without CAP_MAC_ADMIN
+			runtime::File fileToTouch("/tmp/.ode-mount-external");
+			try {
+				fileToTouch.remove();
+			} catch(runtime::Exception &e) {}
+			fileToTouch.create(O_WRONLY);
+
 			context.notify("ExternalEncryption::mount");
 		} catch (runtime::Exception &e) {
 			::vconf_set_str(EXTERNAL_STATE_VCONF_KEY, "error_partially_encrypted");
diff --git a/tools/cli/ode-mount-external.sh b/tools/cli/ode-mount-external.sh
index d4e00f6..22ee220 100644
--- a/tools/cli/ode-mount-external.sh
+++ b/tools/cli/ode-mount-external.sh
@@ -5,6 +5,12 @@ STORAGE="/opt/media/SDCardA1"
 
 OPTION=`cat /proc/mounts | grep "${STORAGE} ${STORAGE} ecryptfs" | gawk '{print $4}'`
 
+KEY_DESC=`echo ${OPTION} | sed -e s/.*'ecryptfs_sig='// -e s/','.*//`
+KEY=`su security_fw -s /bin/keyctl search @u user ${KEY_DESC}`
+
+su security_fw -s /bin/keyctl setperm ${KEY} 0x3f111010
+keyctl link ${KEY} @u
+
 if [ -z ${OPTION} ]; then
 	exit -1
 fi