2 * Copyright (c) 2015 Samsung Electronics Co., Ltd All Rights Reserved
4 * Licensed under the Apache License, Version 2.0 (the "License");
5 * you may not use this file except in compliance with the License.
6 * You may obtain a copy of the License at
8 * http://www.apache.org/licenses/LICENSE-2.0
10 * Unless required by applicable law or agreed to in writing, software
11 * distributed under the License is distributed on an "AS IS" BASIS,
12 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13 * See the License for the specific language governing permissions and
14 * limitations under the License
21 #include <sys/mount.h>
24 #include <tzplatform_config.h>
26 #include <klay/file-user.h>
27 #include <klay/filesystem.h>
28 #include <klay/audit/logger.h>
29 #include <klay/dbus/variant.h>
30 #include <klay/dbus/connection.h>
33 #include "launchpad.h"
34 #include "app-bundle.h"
35 #include "progress-bar.h"
36 #include "engine/ecryptfs-engine.h"
37 #include "key-manager/key-manager.h"
39 #include "rmi/external-encryption.h"
41 #define EXTERNAL_ENGINE EcryptfsEngine
42 #define EXTERNAL_PATH "/opt/media/SDCardA1"
43 #define EXTERNAL_STATE_VCONF_KEY VCONFKEY_SDE_CRYPTO_STATE
44 #define EXTERNAL_OPTION_ONLY_NEW_FILE_VCONF_KEY VCONFKEY_SDE_ENCRYPT_NEWFILE
45 #define EXTERNAL_OPTION_EXCEPT_FOR_MEDIA_FILE_VCONF_KEY VCONFKEY_SDE_EXCLUDE_MEDIAFILE
47 #define PRIVILEGE_PLATFORM "http://tizen.org/privilege/internal/default/platform"
53 std::unique_ptr<EXTERNAL_ENGINE> engine;
55 void killDependedApplications()
57 for (pid_t pid : runtime::FileUser::getList(EXTERNAL_PATH, true)) {
58 INFO("Close process - " + std::to_string(pid));
63 void externalCallback(dbus::Variant parameters)
68 parameters.get("(issssssisibii)",
69 &intparams[0], // block type: 0 - scsi, 1 : mmc
70 &strparams[0], // devnode
71 &strparams[1], // syspath
72 &strparams[2], // usage
73 &strparams[3], // fs type
74 &strparams[4], // fs version
75 &strparams[5], // fs uuid enc
76 &intparams[1], // readonly: 0 - rw, 1 - ro
77 &strparams[6], // mount point
78 &intparams[2], // state: 0 - unmount, 1 - mount
79 &intparams[3], // primary: 0 - flase, 1 - true
80 &intparams[4], // flags: 1 - unmounted 2 - broken filesystem 4 - no filesystem 8 - not supported 16 - readonly
81 &intparams[5]); // strage id
83 if(intparams[2] == 0) {
87 char *value = ::vconf_get_str(EXTERNAL_STATE_VCONF_KEY);
89 std::string valueStr(value);
91 if (valueStr == "encrypted") {
93 INFO("Launch SD card password popup");
95 bundle.add("viewtype", "SD_CARD_PASSWORD");
97 Launchpad launchpad(::tzplatform_getuid(TZ_SYS_DEFAULT_USER));
98 launchpad.launch("org.tizen.ode", bundle);
99 } catch (runtime::Exception &e) {
100 ERROR("Failed to launch SD card password popup");
107 void externalAddEventReceiver()
109 dbus::Connection &systemDBus = dbus::Connection::getSystem();
111 systemDBus.subscribeSignal("",
112 "/Org/Tizen/System/Storage/Block/Manager",
113 "org.tizen.system.storage.BlockManager",
118 unsigned int getOptions()
120 unsigned int result = 0;
124 ::vconf_get_bool(EXTERNAL_OPTION_EXCEPT_FOR_MEDIA_FILE_VCONF_KEY, &value);
126 result |= ExternalEncryption::Option::OnlyNewFile;
130 ::vconf_get_bool(EXTERNAL_OPTION_ONLY_NEW_FILE_VCONF_KEY, &value);
132 result |= ExternalEncryption::Option::ExceptForMediaFile;
138 void setOptions(unsigned int options)
142 if (options & ExternalEncryption::Option::OnlyNewFile) {
147 ::vconf_set_bool(EXTERNAL_OPTION_EXCEPT_FOR_MEDIA_FILE_VCONF_KEY, value);
149 if (options & ExternalEncryption::Option::ExceptForMediaFile) {
154 ::vconf_set_bool(EXTERNAL_OPTION_ONLY_NEW_FILE_VCONF_KEY, value);
159 ExternalEncryption::ExternalEncryption(ODEControlContext &ctx) :
162 context.expose(this, PRIVILEGE_PLATFORM, (int)(ExternalEncryption::mount)(std::string));
163 context.expose(this, PRIVILEGE_PLATFORM, (int)(ExternalEncryption::umount)());
164 context.expose(this, PRIVILEGE_PLATFORM, (int)(ExternalEncryption::encrypt)(std::string, unsigned int));
165 context.expose(this, PRIVILEGE_PLATFORM, (int)(ExternalEncryption::decrypt)(std::string));
166 context.expose(this, "", (int)(ExternalEncryption::isPasswordInitialized)());
167 context.expose(this, PRIVILEGE_PLATFORM, (int)(ExternalEncryption::initPassword)(std::string));
168 context.expose(this, PRIVILEGE_PLATFORM, (int)(ExternalEncryption::cleanPassword)(std::string));
169 context.expose(this, PRIVILEGE_PLATFORM, (int)(ExternalEncryption::changePassword)(std::string, std::string));
170 context.expose(this, PRIVILEGE_PLATFORM, (int)(ExternalEncryption::verifyPassword)(std::string));
171 context.expose(this, "", (int)(ExternalEncryption::getState)());
172 context.expose(this, "", (unsigned int)(ExternalEncryption::getSupportedOptions)());
174 engine.reset(new EXTERNAL_ENGINE(
175 EXTERNAL_PATH, EXTERNAL_PATH,
176 ProgressBar([](int v) {
177 ::vconf_set_str(VCONFKEY_SDE_ENCRYPT_PROGRESS,
178 std::to_string(v).c_str());
182 externalAddEventReceiver();
185 ExternalEncryption::~ExternalEncryption()
189 int ExternalEncryption::mount(const std::string &password)
191 if (getState() != State::Encrypted) {
195 KeyManager::data data(password.begin(), password.end());
196 KeyManager keyManager(engine->getKeyMeta());
198 if (!keyManager.verifyPassword(data)) {
202 engine->mount(keyManager.getMasterKey(data), getOptions());
206 int ExternalEncryption::umount()
208 if (getState() != State::Encrypted) {
212 INFO("Close all applications using external storage...");
213 killDependedApplications();
214 INFO("Umount external storage...");
220 int ExternalEncryption::encrypt(const std::string &password, unsigned int options)
222 if (getState() != State::Unencrypted) {
226 KeyManager::data pwData(password.begin(), password.end());
227 KeyManager keyManager(engine->getKeyMeta());
229 if (!keyManager.verifyPassword(pwData)) {
233 KeyManager::data MasterKey = keyManager.getMasterKey(pwData);
234 auto encryptWorker = [MasterKey, options, this]() {
236 INFO("Close all applications using external storage...");
237 killDependedApplications();
238 INFO("Encryption started...");
239 ::vconf_set_str(EXTERNAL_STATE_VCONF_KEY, "error_partially_encrypted");
240 engine->encrypt(MasterKey, options);
241 setOptions(options & getSupportedOptions());
242 INFO("Sync disk...");
244 INFO("Encryption completed");
245 ::vconf_set_str(EXTERNAL_STATE_VCONF_KEY, "encrypted");
246 } catch (runtime::Exception &e) {
247 ERROR("Encryption failed - " + std::string(e.what()));
251 std::thread asyncWork(encryptWorker);
257 int ExternalEncryption::decrypt(const std::string &password)
259 if (getState() != State::Encrypted) {
263 KeyManager::data pwData(password.begin(), password.end());
264 KeyManager keyManager(engine->getKeyMeta());
266 if (!keyManager.verifyPassword(pwData)) {
270 KeyManager::data MasterKey = keyManager.getMasterKey(pwData);
271 auto decryptWorker = [MasterKey, this]() {
273 INFO("Close all applications using external storage...");
274 killDependedApplications();
275 INFO("Umount external storage...");
280 } catch (runtime::Exception &e) {
281 killDependedApplications();
285 INFO("Decryption started...");
286 ::vconf_set_str(EXTERNAL_STATE_VCONF_KEY, "error_partially_encrypted");
287 engine->decrypt(MasterKey, getOptions());
288 INFO("Sync disk...");
290 INFO("Decryption completed");
291 ::vconf_set_str(EXTERNAL_STATE_VCONF_KEY, "unencrypted");
292 } catch (runtime::Exception &e) {
293 ERROR("Decryption failed - " + std::string(e.what()));
297 std::thread asyncWork(decryptWorker);
303 int ExternalEncryption::isPasswordInitialized()
305 if (engine->isKeyMetaSet()) {
311 int ExternalEncryption::initPassword(const std::string& password)
313 KeyManager::data pwData(password.begin(), password.end());
314 KeyManager keyManager;
316 keyManager.initPassword(pwData);
317 engine->setKeyMeta(keyManager.serialize());
321 int ExternalEncryption::cleanPassword(const std::string& password)
323 KeyManager::data pwData(password.begin(), password.end());
324 KeyManager keyManager(engine->getKeyMeta());
326 if (!keyManager.verifyPassword(pwData)) {
330 engine->clearKeyMeta();
334 int ExternalEncryption::changePassword(const std::string &oldPassword,
335 const std::string &newPassword)
337 KeyManager::data oldPwData(oldPassword.begin(), oldPassword.end());
338 KeyManager::data newPwData(newPassword.begin(), newPassword.end());
339 KeyManager keyManager(engine->getKeyMeta());
341 if (!keyManager.verifyPassword(oldPwData)) {
345 keyManager.changePassword(oldPwData, newPwData);
346 engine->setKeyMeta(keyManager.serialize());
351 int ExternalEncryption::verifyPassword(const std::string& password)
353 KeyManager::data pwData(password.begin(), password.end());
354 KeyManager keyManager(engine->getKeyMeta());
356 if (keyManager.verifyPassword(pwData)) {
362 int ExternalEncryption::getState()
364 char *value = ::vconf_get_str(EXTERNAL_STATE_VCONF_KEY);
366 throw runtime::Exception("Failed to get vconf value");
369 std::string valueStr(value);
372 if (valueStr == "encrypted") {
373 return State::Encrypted;
374 } else if (valueStr == "unencrypted") {
375 return State::Unencrypted;
377 return State::Corrupted;
383 unsigned int ExternalEncryption::getSupportedOptions()
385 return engine->getSupportedOptions();