file-footer.cpp
secure-erase.cpp
progress-bar.cpp
- progress-vconf-backend.cpp
block-device.cpp
kernel-keyring.cpp
internal-encryption.cpp
*/
#include <iomanip>
+#include <unistd.h>
+#include <sys/vfs.h>
+#include <sys/mount.h>
+
#include <klay/error.h>
#include <klay/exception.h>
#include <klay/filesystem.h>
#include <vector>
#include <string>
-#include <sys/mount.h>
-#include <sys/syscall.h>
-#include <sys/vfs.h>
-#include <sys/types.h>
-#include <sys/stat.h>
-#include <sys/ioctl.h>
-#include <fcntl.h>
-#include <unistd.h>
-#include <utime.h>
#include "../progress-bar.h"
#include <klay/file-user.h>
#include <klay/filesystem.h>
#include <klay/audit/logger.h>
+#include <klay/dbus/variant.h>
+#include <klay/dbus/connection.h>
+#include "vconf.h"
#include "launchpad.h"
#include "app-bundle.h"
+#include "progress-bar.h"
#include "engine/ecryptfs-engine.h"
#include "key-manager/key-manager.h"
-#include <klay/dbus/variant.h>
-#include <klay/dbus/connection.h>
#include "rmi/external-encryption.h"
-#include "progress-bar.h"
-#include "progress-vconf-backend.h"
-#define EXTERNAL_STORAGE_PATH "/opt/media/SDCardA1"
-#define DEFAULT_USER "owner"
+#define EXTERNAL_ENGINE EcryptfsEngine
+#define EXTERNAL_PATH "/opt/media/SDCardA1"
#define EXTERNAL_STATE_VCONF_KEY VCONFKEY_SDE_CRYPTO_STATE
#define EXTERNAL_OPTION_ONLY_NEW_FILE_VCONF_KEY VCONFKEY_SDE_ENCRYPT_NEWFILE
#define EXTERNAL_OPTION_EXCEPT_FOR_MEDIA_FILE_VCONF_KEY VCONFKEY_SDE_EXCLUDE_MEDIAFILE
namespace {
-VConfBackend vconfBackend(VCONFKEY_SDE_ENCRYPT_PROGRESS);
-ProgressBar progressBar(std::bind(&VConfBackend::update, &vconfBackend, std::placeholders::_1));
-
-EcryptfsEngine engine(EXTERNAL_STORAGE_PATH, EXTERNAL_STORAGE_PATH, progressBar);
+std::unique_ptr<EXTERNAL_ENGINE> engine;
void killDependedApplications()
{
- for (pid_t pid : runtime::FileUser::getList(EXTERNAL_STORAGE_PATH, true)) {
+ for (pid_t pid : runtime::FileUser::getList(EXTERNAL_PATH, true)) {
INFO("Close process - " + std::to_string(pid));
::kill(pid, SIGKILL);
}
context.expose(this, "", (int)(ExternalEncryption::getState)());
context.expose(this, "", (unsigned int)(ExternalEncryption::getSupportedOptions)());
+ engine.reset(new EXTERNAL_ENGINE(
+ EXTERNAL_PATH, EXTERNAL_PATH,
+ ProgressBar([](int v) {
+ ::vconf_set_str(VCONFKEY_SDE_ENCRYPT_PROGRESS,
+ std::to_string(v).c_str());
+ })
+ ));
+
externalAddEventReceiver();
}
}
KeyManager::data data(password.begin(), password.end());
- KeyManager keyManager(engine.getKeyMeta());
+ KeyManager keyManager(engine->getKeyMeta());
if (!keyManager.verifyPassword(data)) {
return -2;
}
- engine.mount(keyManager.getMasterKey(data), getOptions());
+ engine->mount(keyManager.getMasterKey(data), getOptions());
return 0;
}
INFO("Close all applications using external storage...");
killDependedApplications();
INFO("Umount external storage...");
- engine.umount();
+ engine->umount();
return 0;
}
}
KeyManager::data pwData(password.begin(), password.end());
- KeyManager keyManager(engine.getKeyMeta());
+ KeyManager keyManager(engine->getKeyMeta());
if (!keyManager.verifyPassword(pwData)) {
return -2;
killDependedApplications();
INFO("Encryption started...");
::vconf_set_str(EXTERNAL_STATE_VCONF_KEY, "error_partially_encrypted");
- engine.encrypt(MasterKey, options);
+ engine->encrypt(MasterKey, options);
setOptions(options & getSupportedOptions());
INFO("Sync disk...");
sync();
}
KeyManager::data pwData(password.begin(), password.end());
- KeyManager keyManager(engine.getKeyMeta());
+ KeyManager keyManager(engine->getKeyMeta());
if (!keyManager.verifyPassword(pwData)) {
return -2;
INFO("Umount external storage...");
while (1) {
try {
- engine.umount();
+ engine->umount();
break;
} catch (runtime::Exception &e) {
killDependedApplications();
INFO("Decryption started...");
::vconf_set_str(EXTERNAL_STATE_VCONF_KEY, "error_partially_encrypted");
- engine.decrypt(MasterKey, getOptions());
+ engine->decrypt(MasterKey, getOptions());
INFO("Sync disk...");
sync();
INFO("Decryption completed");
int ExternalEncryption::isPasswordInitialized()
{
- if (engine.isKeyMetaSet()) {
+ if (engine->isKeyMetaSet()) {
return 1;
}
return 0;
KeyManager keyManager;
keyManager.initPassword(pwData);
- engine.setKeyMeta(keyManager.serialize());
+ engine->setKeyMeta(keyManager.serialize());
return 0;
}
int ExternalEncryption::cleanPassword(const std::string& password)
{
KeyManager::data pwData(password.begin(), password.end());
- KeyManager keyManager(engine.getKeyMeta());
+ KeyManager keyManager(engine->getKeyMeta());
if (!keyManager.verifyPassword(pwData)) {
return -2;
}
- engine.clearKeyMeta();
+ engine->clearKeyMeta();
return 0;
}
{
KeyManager::data oldPwData(oldPassword.begin(), oldPassword.end());
KeyManager::data newPwData(newPassword.begin(), newPassword.end());
- KeyManager keyManager(engine.getKeyMeta());
+ KeyManager keyManager(engine->getKeyMeta());
if (!keyManager.verifyPassword(oldPwData)) {
return -2;
}
keyManager.changePassword(oldPwData, newPwData);
- engine.setKeyMeta(keyManager.serialize());
+ engine->setKeyMeta(keyManager.serialize());
return 0;
}
int ExternalEncryption::verifyPassword(const std::string& password)
{
KeyManager::data pwData(password.begin(), password.end());
- KeyManager keyManager(engine.getKeyMeta());
+ KeyManager keyManager(engine->getKeyMeta());
if (keyManager.verifyPassword(pwData)) {
return 1;
unsigned int ExternalEncryption::getSupportedOptions()
{
- return engine.getSupportedOptions();
+ return engine->getSupportedOptions();
}
} // namespace ode
#include <klay/dbus/connection.h>
#include <klay/audit/logger.h>
+#include "vconf.h"
+#include "progress-bar.h"
#include "engine/dmcrypt-engine.h"
#include "key-manager/key-manager.h"
#include "rmi/internal-encryption.h"
-#define INTERNAL_STORAGE_PATH "/opt/usr"
-#define INTERNAL_STATE_VCONF_KEY VCONFKEY_ODE_CRYPTO_STATE
-#define INTERNAL_OPTION_ONLY_USED_REGION_VCONF_KEY VCONFKEY_ODE_FAST_ENCRYPTION
+#define INTERNAL_ENGINE DMCryptEngine
+#define INTERNAL_DEV "/dev/mmcblk0p25"
+#define INTERNAL_PATH "/opt/usr"
+#define INTERNAL_STATE_VCONF_KEY VCONFKEY_ODE_CRYPTO_STATE
+#define INTERNAL_OPTION_ONLY_USED_REGION_VCONF_KEY VCONFKEY_ODE_FAST_ENCRYPTION
#define PRIVILEGE_PLATFORM "http://tizen.org/privilege/internal/default/platform"
namespace {
-VConfBackend vconfBackend(VCONFKEY_ODE_ENCRYPT_PROGRESS);
-ProgressBar progressBar(std::bind(&VConfBackend::update, &vconfBackend, std::placeholders::_1));
-
-DMCryptEngine engine("/dev/mmcblk0p25", INTERNAL_STORAGE_PATH, progressBar);
+std::unique_ptr<INTERNAL_ENGINE> engine;
void stopDependedSystemdServices()
{
dbus::Connection& systemDBus = dbus::Connection::getSystem();
std::set<std::string> servicesToStop;
- for (pid_t pid : runtime::FileUser::getList(INTERNAL_STORAGE_PATH, true)) {
+ for (pid_t pid : runtime::FileUser::getList(INTERNAL_PATH, true)) {
try {
char *service;
systemDBus.methodcall("org.freedesktop.systemd1",
context.expose(this, PRIVILEGE_PLATFORM, (int)(InternalEncryption::verifyPassword)(std::string));
context.expose(this, "", (int)(InternalEncryption::getState)());
context.expose(this, "", (unsigned int)(InternalEncryption::getSupportedOptions)());
+
+ engine.reset(new INTERNAL_ENGINE(
+ INTERNAL_DEV, INTERNAL_PATH,
+ ProgressBar([](int v) {
+ ::vconf_set_str(VCONFKEY_ODE_ENCRYPT_PROGRESS,
+ std::to_string(v).c_str());
+ })
+ ));
}
InternalEncryption::~InternalEncryption()
}
KeyManager::data pwData(password.begin(), password.end());
- KeyManager keyManager(engine.getKeyMeta());
+ KeyManager keyManager(engine->getKeyMeta());
if (!keyManager.verifyPassword(pwData)) {
return -2;
}
- engine.mount(keyManager.getMasterKey(pwData), getOptions());
+ engine->mount(keyManager.getMasterKey(pwData), getOptions());
return 0;
}
INFO("Close all processes using internal storage...");
stopDependedSystemdServices();
INFO("Umount internal storage...");
- engine.umount();
+ engine->umount();
return 0;
}
}
KeyManager::data pwData(password.begin(), password.end());
- KeyManager keyManager(engine.getKeyMeta());
+ KeyManager keyManager(engine->getKeyMeta());
if (!keyManager.verifyPassword(pwData)) {
return -2;
INFO("Close all processes using internal storage...");
stopDependedSystemdServices();
INFO("Umount internal storage...");
- while (::umount(INTERNAL_STORAGE_PATH) == -1) {
+ while (::umount(INTERNAL_PATH) == -1) {
if (errno != EBUSY) {
throw runtime::Exception("Umount error - " + std::to_string(errno));
}
INFO("Encryption started...");
::vconf_set_str(INTERNAL_STATE_VCONF_KEY, "error_partially_encrypted");
- engine.encrypt(MasterKey, options);
+ engine->encrypt(MasterKey, options);
setOptions(options & getSupportedOptions());
INFO("Sync disk...");
sync();
}
KeyManager::data pwData(password.begin(), password.end());
- KeyManager keyManager(engine.getKeyMeta());
+ KeyManager keyManager(engine->getKeyMeta());
if (!keyManager.verifyPassword(pwData)) {
return -2;
INFO("Umount internal storage...");
while (1) {
try {
- engine.umount();
+ engine->umount();
break;
} catch (runtime::Exception& e) {
stopDependedSystemdServices();
INFO("Decryption started...");
::vconf_set_str(INTERNAL_STATE_VCONF_KEY, "error_partially_encrypted");
- engine.decrypt(MasterKey, getOptions());
+ engine->decrypt(MasterKey, getOptions());
INFO("Sync disk...");
sync();
INFO("Decryption completed");
int InternalEncryption::isPasswordInitialized()
{
- if (engine.isKeyMetaSet()) {
+ if (engine->isKeyMetaSet()) {
return 1;
}
return 0;
KeyManager keyManager;
keyManager.initPassword(pwData);
- engine.setKeyMeta(keyManager.serialize());
+ engine->setKeyMeta(keyManager.serialize());
return 0;
}
int InternalEncryption::cleanPassword(const std::string& password)
{
KeyManager::data pwData(password.begin(), password.end());
- KeyManager keyManager(engine.getKeyMeta());
+ KeyManager keyManager(engine->getKeyMeta());
if (!keyManager.verifyPassword(pwData)) {
return -2;
}
- engine.clearKeyMeta();
+ engine->clearKeyMeta();
return 0;
}
{
KeyManager::data oldPwData(oldPassword.begin(), oldPassword.end());
KeyManager::data newPwData(newPassword.begin(), newPassword.end());
- KeyManager keyManager(engine.getKeyMeta());
+ KeyManager keyManager(engine->getKeyMeta());
if (!keyManager.verifyPassword(oldPwData)) {
return -2;
}
keyManager.changePassword(oldPwData, newPwData);
- engine.setKeyMeta(keyManager.serialize());
+ engine->setKeyMeta(keyManager.serialize());
return 0;
}
int InternalEncryption::verifyPassword(const std::string& password)
{
KeyManager::data pwData(password.begin(), password.end());
- KeyManager keyManager(engine.getKeyMeta());
+ KeyManager keyManager(engine->getKeyMeta());
if (keyManager.verifyPassword(pwData)) {
return 1;
unsigned int InternalEncryption::getSupportedOptions()
{
- return engine.getSupportedOptions();
+ return engine->getSupportedOptions();
}
} // namespace ode
namespace ode {
-ProgressBar::ProgressBar(CALLBACK const &callback)
- : updater(callback), updateValue(0)
+ProgressBar::ProgressBar(UpdateFunc const &updater)
+ : updater(updater), updateValue(0)
{
}
void ProgressBar::update(int curCount, int totalCount, int unit)
{
- int percentage = ((curCount * 100) / totalCount) * unit;
-
- if (updateValue != percentage) {
- updateValue = percentage;
- updater(updateValue);
- }
+ update(((curCount * 100) / totalCount) * unit);
}
void ProgressBar::done(void)
#define __ODE_PROGRESS_BAR_H__
#include <functional>
-#include <vconf.h>
-
-#include "progress-vconf-backend.h"
namespace ode {
class ProgressBar {
public:
- typedef std::function<void(int)> CALLBACK;
+ typedef std::function<void(int)> UpdateFunc;
ProgressBar() = delete;
- ProgressBar(CALLBACK const &callback);
+ ProgressBar(UpdateFunc const &updater);
~ProgressBar();
void update(int value);
void done(void);
private:
- CALLBACK updater;
+ UpdateFunc updater;
int updateValue;
};
+++ /dev/null
-/*
- * Copyright (c) 2017 Samsung Electronics Co., Ltd All Rights Reserved
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License
- */
-#include "progress-vconf-backend.h"
-
-namespace ode {
-
-VConfBackend::VConfBackend(const std::string &k)
- : key(k)
-{
-}
-
-VConfBackend::~VConfBackend()
-{
-}
-
-void VConfBackend::update(int value)
-{
- // TODO
- int ret = 0;
- ret = ::vconf_set_str(key.c_str(), std::to_string(value).c_str());
- if (ret != 0) {
- /* [TBD] throw exception */
- }
-}
-#if 0
-const std::string VconfBackend::getProgress(void)
-{
- return ::vconf_get_str(key.c_str());
-}
-#endif
-
-} // namespace ode
+++ /dev/null
-/*
- * Copyright (c) 2017 Samsung Electronics Co., Ltd All Rights Reserved
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License
- */
-
-#ifndef __ODE_PROGRESS_VCONF_BACKEND_H__
-#define __ODE_PROGRESS_VCONF_BACKEND_H__
-
-#include <string>
-#include <vconf.h>
-
-namespace ode {
-
-class VConfBackend {
-public:
- VConfBackend() = delete;
- VConfBackend(const std::string &k);
- ~VConfBackend();
-
- void update(int value);
-
-private:
- std::string key;
-};
-
-} // namespace ode
-
-#endif //__ODE_PROGRESS_VCONF_BACKEND_H__
#include <klay/filesystem.h>
#include <klay/audit/logger.h>
-#include "rmi/secure-erase.h"
-#include "progress-bar.h"
-#include "progress-vconf-backend.h"
-#include "block-device.h"
#include "ext4-tool.h"
+#include "block-device.h"
+#include "progress-bar.h"
+#include "rmi/secure-erase.h"
#define PRIVILEGE_PLATFORM "http://tizen.org/privilege/internal/default/platform"
namespace ode {
namespace {
-VConfBackend vconfBackend(VCONFKEY_ODE_ERASE_PROGRESS);
-ProgressBar progressBar(std::bind(&VConfBackend::update, &vconfBackend, std::placeholders::_1));
+
+std::unique_ptr<ProgressBar> progressBar;
static int totalFileCount = 0;
static int erasedFileCount = 0;
{
context.expose(this, PRIVILEGE_PLATFORM, (int)(SecureErase::erase)(std::string));
context.expose(this, PRIVILEGE_PLATFORM, (int)(SecureErase::clean)(std::string));
+
+ progressBar.reset(new ProgressBar([](int v) {
+ ::vconf_set_str(VCONFKEY_ODE_ERASE_PROGRESS, std::to_string(v).c_str());
+ }));
}
SecureErase::~SecureErase()
for (unsigned int i = 0; i < totalBlock; i++) {
Block block(i * blockSize, blockSize);
blockDevice.discard(block);
- progressBar.update(i, totalBlock, 1);
+ progressBar->update(i, totalBlock, 1);
}
}
dropCachePage();
- progressBar.done();
+ progressBar->done();
} catch (runtime::Exception &e) {}
};
blockDevice.discard(block);
}
- progressBar.update(i, totalBlock, 1);
+ progressBar->update(i, totalBlock, 1);
}
dropCachePage();
- progressBar.done();
+ progressBar->done();
} catch (runtime::Exception &e) {}
};
}
if (totalFileCount == 1) {
- progressBar.update(i, extentBlockCount, 1);
+ progressBar->update(i, extentBlockCount, 1);
}
}
fileErase(next);
::remove(next.c_str());
erasedFileCount++;
- progressBar.update(erasedFileCount, totalFileCount, 1);
+ progressBar->update(erasedFileCount, totalFileCount, 1);
} else if (file.isDirectory()) {
directoryErase(next);
}
../server/key-manager/anti-forensics.cpp
../server/ext4-tool.cpp
../server/progress-bar.cpp
- ../server/progress-vconf-backend.cpp
)
ADD_EXECUTABLE(${PROJECT_NAME} ${TEST_SRC})
#include <klay/testbench.h>
#include <klay/process.h>
-#include "../server/progress-bar.h"
-#include "../server/progress-vconf-backend.h"
#include "../server/engine/dmcrypt-engine.cpp"
#define TEST_USERDATA_NAME "userdata"
// ode::DMCryptEngine gvTest("/dev/mmcblk0p25", "/opt/usr");
-ode::VConfBackend vconfBackend(VCONFKEY_ODE_ENCRYPT_PROGRESS);
-ode::ProgressBar progressBar(std::bind(&ode::VConfBackend::update, &vconfBackend, std::placeholders::_1));
+ode::ProgressBar progress([](int v) {});
}
TESTCASE(DMCryptGetPathTest)
{
try {
- ode::DMCryptEngine engine("/dev/mmcblk0p1", TEST_USERDATA_PATH, progressBar);
+ ode::DMCryptEngine engine("/dev/mmcblk0p1", TEST_USERDATA_PATH, progress);
if (engine.getSource() != "/dev/mmcblk0p1") {
throw runtime::Exception("Source doen't match");
}
const std::string keystring = "01020304050607080910111213141516";
const ode::DMCryptEngine::data key32bit(keystring.begin(), keystring.end());
- ode::DMCryptEngine engine(test_real_blkdev, test_real_mntpoint, progressBar);
+ ode::DMCryptEngine engine(test_real_blkdev, test_real_mntpoint, progress);
engine.encrypt(key32bit, OPTION_INCLUDE_UNUSED_REGION);
// check the encryption result of test_real_blkdev(/dev/loop0)
const std::string keystring = "01020304050607080910111213141516";
const ode::DMCryptEngine::data key32bit(keystring.begin(), keystring.end());
- ode::DMCryptEngine engine(test_real_blkdev, test_real_mntpoint, progressBar);
+ ode::DMCryptEngine engine(test_real_blkdev, test_real_mntpoint, progress);
engine.encrypt(key32bit, OPTION_INCLUDE_UNUSED_REGION);
engine.mount(key32bit, 0);
{
const std::string keystring = "01020304050607080910111213141516";
const ode::DMCryptEngine::data key32bit(keystring.begin(), keystring.end());
- ode::DMCryptEngine engine(test_real_blkdev, test_real_mntpoint, progressBar);
+ ode::DMCryptEngine engine(test_real_blkdev, test_real_mntpoint, progress);
engine.encrypt(key32bit, (~OPTION_INCLUDE_UNUSED_REGION)); // disable fast-encryption
engine.mount(key32bit, 0);
{
#include <klay/testbench.h>
#include "../server/engine/ecryptfs-engine.h"
-#include "../server/progress-bar.h"
-#include "../server/progress-vconf-backend.h"
#define TEST_PATH "/opt/usr"
TESTCASE(EcryptfsGetPathTest)
{
try {
- ode::VConfBackend vconfBackend(VCONFKEY_SDE_ENCRYPT_PROGRESS);
- ode::ProgressBar progressBar(std::bind(&ode::VConfBackend::update, &vconfBackend, std::placeholders::_1));
- ode::EcryptfsEngine engine("/dev/mmcblkp0", "/opt/usr", progressBar);
+ ode::ProgressBar progress([](int v) {});
+ ode::EcryptfsEngine engine("/dev/mmcblkp0", "/opt/usr", progress);
if (engine.getSource() != "/dev/mmcblkp0") {
throw runtime::Exception("Source doen't match");
}
TESTCASE(Ext4GetPathTest)
{
try {
- ode::VConfBackend vconfBackend(VCONFKEY_ODE_ENCRYPT_PROGRESS);
- ode::ProgressBar progressBar(std::bind(&ode::VConfBackend::update, &vconfBackend, std::placeholders::_1));
- ode::Ext4Engine engine("/dev/mmcblkp0", "/opt/usr", progressBar);
+ ode::ProgressBar progress([](int v) {});
+ ode::Ext4Engine engine("/dev/mmcblkp0", "/opt/usr", progress);
if (engine.getDestination() != "/dev/mmcblkp0") {
throw runtime::Exception("Source doen't match");
}