Jaemin Ryu [Fri, 14 Dec 2018 01:26:37 +0000 (10:26 +0900)]
Update engine state only if cryto device is properly created
Change-Id: I1d3c9d11932afa22a2b7ea2dc101eba36ec39cf7
Signed-off-by: Jaemin Ryu <jm77.ryu@samsung.com>
Jaemin Ryu [Wed, 5 Dec 2018 06:52:15 +0000 (15:52 +0900)]
Add support for CSC mode decryption
Change-Id: I3e3f44338a510e6ef4dcf71e4905bda2930934a3
Signed-off-by: Jaemin Ryu <jm77.ryu@samsung.com>
seolheui, kim [Wed, 28 Nov 2018 05:15:40 +0000 (14:15 +0900)]
Fix upgrade script to support fota
Change-Id: I1a10059cd366c6bd1093bf80f8730b9331c7ea69
Signed-off-by: seolheui, kim <s414.kim@samsung.com>
seolheui, kim [Mon, 29 Oct 2018 07:11:22 +0000 (16:11 +0900)]
Add upgrade scripts
- To initialize unsupported vconf values, when the platform upgrade from 3.0 to 4.0
Change-Id: Ie7c434a4ff13efa8eefa913b3d7d438415d3103f
Signed-off-by: seolheui, kim <s414.kim@samsung.com>
seolheui, kim [Mon, 8 Oct 2018 07:24:46 +0000 (16:24 +0900)]
Add NotSupported status for synchronization with 3.0
Change-Id: Ibc8b55a135b25b74c75c4506a8129b732d299848
Signed-off-by: seolheui, kim <s414.kim@samsung.com>
seolheui, kim [Thu, 4 Oct 2018 07:40:04 +0000 (16:40 +0900)]
For permanent lock of display power on encryption
Change-Id: Ifb4cd48de0fb2da25d78e5717c117dc22fd6dee8
Signed-off-by: seolheui, kim <s414.kim@samsung.com>
seolheui, kim [Thu, 13 Sep 2018 08:09:15 +0000 (17:09 +0900)]
Fix to set state of encryption process
Change-Id: Iebb2101fe7a41ba54b745c9b417d2297b5831e99
Signed-off-by: seolheui, kim <s414.kim@samsung.com>
seolheui, kim [Tue, 11 Sep 2018 10:09:15 +0000 (19:09 +0900)]
Fix to stop user session
Change-Id: I3ac1317b762978372ce7857a8aa45df83f49d4fc
Signed-off-by: seolheui, kim <s414.kim@samsung.com>
seolheui, kim [Thu, 30 Aug 2018 01:20:14 +0000 (10:20 +0900)]
Optimize JobWatch for systemd
Change-Id: Iaf10d01f97e4bec52963b098b56ed37d23709228
Signed-off-by: seolheui, kim <s414.kim@samsung.com>
seolheui, kim [Fri, 31 Aug 2018 07:42:14 +0000 (16:42 +0900)]
Add time out to JobWatch
Change-Id: Idfac8fcb7bf1e5da993a5382bf68e2a392f052e3
Signed-off-by: seolheui, kim <s414.kim@samsung.com>
seolheui, kim [Fri, 31 Aug 2018 08:12:01 +0000 (17:12 +0900)]
Fix invalid exception handling
Change-Id: I66dca4e1c879a1043f8c771ee8334df2cb8f1a8c
Signed-off-by: seolheui, kim <s414.kim@samsung.com>
seolheui, kim [Tue, 28 Aug 2018 09:00:48 +0000 (18:00 +0900)]
Add preprocessUnits list to stop user session first
Change-Id: I8ab93c13bd416e2bb11d5c09e4ee3b390ab974c6
Signed-off-by: seolheui, kim <s414.kim@samsung.com>
seolheui, kim [Tue, 28 Aug 2018 07:17:08 +0000 (16:17 +0900)]
Remove stopKnownSystemdUnits()
Change-Id: I77c23c92aa021dd54f60e442843c7ef1403390ca
Signed-off-by: seolheui, kim <s414.kim@samsung.com>
seolheui, kim [Fri, 13 Jul 2018 10:59:24 +0000 (19:59 +0900)]
Add ode_internal_encryption_is_mounted() API.
Change-Id: I3da5818cd9e83a641151bb2c287484e59d693520
Signed-off-by: seolheui, kim <s414.kim@samsung.com>
Krzysztof Jackiewicz [Wed, 27 Jun 2018 09:08:57 +0000 (11:08 +0200)]
Support for migration from 3.0
There are products based on Tizen 3.0 using different encryption scheme and
footer format. To properly migrate their internal memory encryption key the
flag marking the beginning of an upgrade is left by ode-fota.
During the first device unlock(attempt to mount encrypted partition) after the
upgrade the flag presence is checked. The flag is removed but if it was
present, oded will try to use the product specific key storage plugin to load
the master key for internal encryption.
If it succeeds it will encrypt the master key using given password. Otherwise
it will fall back to normal operation, that is, decrypt the master key using
given password.
Any attempt to decrypt the master key using a password will result in removal
of the upgrade flag.
It is assumed that affected products verify the password prior to passing it to
ode_internal_encryption_set_mount_password().
For unaffected products that do not require the migration it's enough to remove
the flag or the master key stored for the purpose of the upgrade before calling
ode_internal_encryption_set_mount_password(). Note that it is advised to remove
the master key stored for the purpose of the upgrade as soon as possible after
the upgrade due to security reasons. Even if the flag and master key are
present, the encryption introduced in this commit won't break anything as long
as the password is correct.
Change-Id: I86c83366c432aa8ce1d4f25c9beeed98d4f672c3
seolheui kim [Mon, 2 Jul 2018 06:20:59 +0000 (15:20 +0900)]
Apply lazy-umount and kill processes to unmount user partition
Change-Id: If6164ea25259877a88604c935fb4488765584872
Signed-off-by: seolheui kim <s414.kim@samsung.com>
seolheui kim [Wed, 27 Jun 2018 07:01:20 +0000 (16:01 +0900)]
Add getDecodedPath for decoding unit name
Change-Id: I7a1d4afe615e4369d33c0f64755d7e80e23891cf
Signed-off-by: seolheui kim <s414.kim@samsung.com>
Jaemin Ryu [Mon, 9 Jul 2018 02:22:15 +0000 (11:22 +0900)]
Fix type mismatch in ode_internal_encryption_mount_ex
Change-Id: Id0356844f4307f5e5697210a26d61bf63779d071
Signed-off-by: Jaemin Ryu <jm77.ryu@samsung.com>
Jaemin Ryu [Fri, 6 Jul 2018 07:55:00 +0000 (16:55 +0900)]
Add ode_internal_encryption_mount_ex API
Change-Id: I66143553b9c0b23a3989abb679e8e67f3556c7aa
Signed-off-by: Jaemin Ryu <jm77.ryu@samsung.com>
seolheui kim [Fri, 6 Jul 2018 02:42:42 +0000 (11:42 +0900)]
Add ode-fota umount and fix DMCryptEngine::umount,mount
- fix DMCryptEngine::umount : ignore exception on umount /opt/usr/apps
- fix DMCryptEngine::mount : check if target mapper exists or not
Change-Id: Ibbbbce89eb269841a904a65b1dd601370e249443
Signed-off-by: seolheui kim <s414.kim@samsung.com>
seolheui kim [Thu, 5 Jul 2018 08:39:54 +0000 (17:39 +0900)]
Remove LaunchPad and AppBundle
- Remove launchpad and app-bundle to remove dependence on aul and bundle.
- Using launchpad is replaced with using ode-password service.
- ode-key-storage-plugin : need to dependency of capi-base-common by this change.
Change-Id: I5fe07b951738ab72deec80b271f7714929269a24
Signed-off-by: seolheui kim <s414.kim@samsung.com>
seolheui kim [Thu, 5 Jul 2018 09:11:23 +0000 (18:11 +0900)]
Add ode-fota input argument for mount path
Change-Id: If6249abe4c5bb79293b4b7fcd69fc9fc0644f99d
Signed-off-by: seolheui kim <s414.kim@samsung.com>
Jaemin Ryu [Wed, 4 Jul 2018 04:49:02 +0000 (13:49 +0900)]
Add metafile backup script for softreset
Change-Id: I3cb3398b1bebdc928235e81ecd9113ca7c666948
Signed-off-by: Jaemin Ryu <jm77.ryu@samsung.com>
Jaemin Ryu [Wed, 4 Jul 2018 01:15:04 +0000 (10:15 +0900)]
Use blkid to identify partition
Change-Id: I16f5681b21e87a65d77b642d14f102f71f8605b8
Signed-off-by: Jaemin Ryu <jm77.ryu@samsung.com>
Sungbae Yoo [Mon, 2 Jul 2018 02:29:51 +0000 (11:29 +0900)]
Change ode-fota to link static version of klay
Signed-off-by: Sungbae Yoo <sungbae.yoo@samsung.com>
Change-Id: Id3e46fe647549331f78cf7ecc1e8eacf2eaf4881
seolheui kim [Thu, 28 Jun 2018 08:53:18 +0000 (17:53 +0900)]
Remove the check empty token and add catch the exception
Change-Id: I2b1e66c4ad138d8d210c70e9e5801c34360e059d
Signed-off-by: seolheui kim <s414.kim@samsung.com>
seolheui kim [Thu, 28 Jun 2018 08:13:54 +0000 (17:13 +0900)]
Remove the check for empty token
Change-Id: Id707b50fd27e70c7a077bd2edc6625499df90c50
Signed-off-by: seolheui kim <s414.kim@samsung.com>
seolheui kim [Wed, 27 Jun 2018 08:59:41 +0000 (17:59 +0900)]
Modify the permission of token file
- fota is running as system_share user and group.
Change-Id: Ia79cdf471b0e82a0773e8af9f96dab6aa907095c
Signed-off-by: seolheui kim <s414.kim@samsung.com>
seolheui kim [Tue, 26 Jun 2018 06:29:16 +0000 (15:29 +0900)]
Add flag file to check ode progress for mount unit
- create & remove "/opt/etc/.odeprogress" file
- fix to use klay filesystem for flag files
Change-Id: Id0188a59468bc8a4aeb94f058cdf0bdec2916e66
Signed-off-by: seolheui kim <s414.kim@samsung.com>
seolheui kim [Fri, 22 Jun 2018 04:39:24 +0000 (13:39 +0900)]
Hot Fix for delay of unit stop
Change-Id: I7f436995cecfefe313d36549b308ddbf459abeb3
Signed-off-by: seolheui kim <s414.kim@samsung.com>
seolheui kim [Thu, 21 Jun 2018 10:54:02 +0000 (19:54 +0900)]
Hot Fix to internal storage decryption
Change-Id: I3c7dc2b114e892f2d1b2bcb31548fb0afa4d0051
Signed-off-by: seolheui kim <s414.kim@samsung.com>
seolheui kim [Tue, 12 Jun 2018 02:22:01 +0000 (11:22 +0900)]
Modify enum values for corrupted encryption
- combine State::CorruptedEncryption and State::CorruptedDecryption with State::Corrupted
to avoid build break since State::Corrupted is used in other packages.
Change-Id: I14ba9ee1c51dc35240a7151f7ddf545453555ced
Signed-off-by: seolheui kim <s414.kim@samsung.com>
Jaemin Ryu [Tue, 12 Jun 2018 01:22:07 +0000 (01:22 +0000)]
Merge "Change to require libcrypto instead of openssl" into tizen
seolheui kim [Mon, 11 Jun 2018 05:27:47 +0000 (14:27 +0900)]
Separate corrupted error and fix external recovery API
- separate corrupted error into "error_partially_encrypted" and "error_partially_decrypted"
- fix to expose the external recovery API and add it to cli tool
Change-Id: I601a83a6a72e22be5c44d13ff830896300c5e578
Signed-off-by: seolheui kim <s414.kim@samsung.com>
Sungbae Yoo [Mon, 11 Jun 2018 08:28:41 +0000 (17:28 +0900)]
Change to require libcrypto instead of openssl
This is for a fota issue that openssl can't be used in fota progress
Signed-off-by: Sungbae Yoo <sungbae.yoo@samsung.com>
Change-Id: If619d47f6c823b0560fb44cb7f5467fef5838d3e
seolheui kim [Fri, 8 Jun 2018 07:24:28 +0000 (16:24 +0900)]
Fix reboot dbus name
Change-Id: I4839ff93dcd5cd50ce0bf8c965c5917fee0cce53
Signed-off-by: seolheui kim <s414.kim@samsung.com>
seolheui kim [Fri, 8 Jun 2018 06:51:29 +0000 (15:51 +0900)]
fix reboot parameter to send dbus in recovery method
Change-Id: Ie0e898c2b4badebc776df40efbc9687f9b95bf4e
Signed-off-by: seolheui kim <s414.kim@samsung.com>
seolheui kim [Thu, 7 Jun 2018 12:53:33 +0000 (21:53 +0900)]
Fix recovery method for internal encryption
- add recovery method to expose to client
- fix logic of recovery
- add recovery command to ode-admin-cli
Change-Id: I6eb162a83bb2796fd597f3b118a788b304939a41
Signed-off-by: seolheui kim <s414.kim@samsung.com>
seolheui kim [Thu, 24 May 2018 05:19:10 +0000 (14:19 +0900)]
Fix showProgressUI service name
Change-Id: I8be450868943589c352d9741d4f4a20aed5ff6a4
Signed-off-by: seolheui kim <s414.kim@samsung.com>
seolheui kim [Wed, 9 May 2018 12:31:43 +0000 (21:31 +0900)]
Apply encryption progress UI service
Change-Id: Ibfe33fb459bf57a16a660bcabb9b9d34c878d7b0
Signed-off-by: seolheui kim <s414.kim@samsung.com>
seolheui kim [Tue, 24 Apr 2018 06:02:59 +0000 (15:02 +0900)]
Fix coverity issues
- fix to catch exceptions from division by zero
- fix to unchecked return values
- remove logically dead code and unused value
Change-Id: I9b9e9c88fd12034a7a737e871d9626b96a736407
Signed-off-by: seolheui kim <s414.kim@samsung.com>
seolheui kim [Wed, 4 Apr 2018 04:05:19 +0000 (13:05 +0900)]
oded : Add Partial RELRO for excutables
Change-Id: I221c074730ae30c2ea3c073c895d18620f841cef
Signed-off-by: seolheui kim <s414.kim@samsung.com>
Krzysztof Jackiewicz [Wed, 7 Feb 2018 09:44:20 +0000 (10:44 +0100)]
Release version 0.0.5
Change-Id: I1015edf4ed9a75f5d1ce55b4783e458a64c5ce8d
Krzysztof Jackiewicz [Thu, 1 Feb 2018 14:02:34 +0000 (15:02 +0100)]
Wait for unit to stop instead of sleeping
Oded asks systemd to stop certain units before unmounting /opt/usr but it
doesn't wait for confirmation. Instead it performs sleep(1).
This commit implements a mechanism that waits for unit stop confirmation from
systemd.
Change-Id: I50d4ca8d234221b8af457852548a5d9230f4ec2b
Krzysztof Jackiewicz [Wed, 31 Jan 2018 16:01:47 +0000 (17:01 +0100)]
Stop security-manager before unmounting /opt/usr
Security-manager creates mounts in a mount namespace that are invisible to
oded. Although /opt/usr is unmounted in oded's namespace it is still mounted
in the one used by SM. As a result device mapper can't use the device to
load the table.
This commit adds security-manager.service and socket to the list of known units
that have to be killed before unmounting /opt/usr. Socket is stopped to prevent
security-manager from being restarted. This is just a temporary solution. It
does not prevent other services from blocking ode by using mount namespaces.
Change-Id: I53584f17efc56fa39a503025d4f68010c3b3dbb3
Krzysztof Jackiewicz [Tue, 30 Jan 2018 12:26:24 +0000 (13:26 +0100)]
Improve internal memory unmounting
On some devices there are multiple mounts under /opt/usr. We have to unmount
all the others to unlock the /opt/usr unmounting.
With this commit ode will iterate over all matching entries and try to unmount
all of them. Some of them are unmounted externally and may disappear before the
call to umount() in ode causing EINVAL error. Ode will ignore it.
Change-Id: I306cc61436e4c151a8396a6d26fefc32a9f93826
Krzysztof Jackiewicz [Thu, 1 Feb 2018 08:36:45 +0000 (09:36 +0100)]
Fix indentation of device mapper buffer description
Change-Id: I4b1303677b4418faa40d934a86eb945ee357d927
seolheui kim [Fri, 2 Feb 2018 06:38:10 +0000 (15:38 +0900)]
Fix gmainloop to run in main context.
To receive dbus signals subscribed in main context, replace gmainloop.
Change-Id: I05c08b61ae4165fcbd1a298d26d047af87631b11
Signed-off-by: seolheui kim <s414.kim@samsung.com>
Krzysztof Jackiewicz [Tue, 19 Dec 2017 15:34:24 +0000 (16:34 +0100)]
Release version 0.0.4
Change-Id: Ibaab7ad74ac3fb807472729fc109c4eb3fae5376
Krzysztof Jackiewicz [Tue, 19 Dec 2017 13:43:14 +0000 (14:43 +0100)]
Fix API functions' names
Change-Id: Ibae1919e0f0c490d762ee05f58f01138347f6a22
Krzysztof Jackiewicz [Thu, 30 Nov 2017 08:13:53 +0000 (09:13 +0100)]
Release version 0.0.3
Change-Id: Iec02d56812d5293312751762a05f620d3e30655a
Krzysztof Jackiewicz [Wed, 29 Nov 2017 15:18:46 +0000 (16:18 +0100)]
Remove unused dependencies
Change-Id: I0b0036424ccca0faa206302b964c6251c283e733
Krzysztof Jackiewicz [Fri, 24 Nov 2017 10:03:45 +0000 (11:03 +0100)]
Protect file footer from concurrent access
Add mutex synchronisation.
Can't use runtime::File locks because it's not possible to truncate a file
during writing without closing the descriptor (and unlocking the lock).
Derivation won't help either as the descriptor is private.
Change-Id: I5e22b21dca48b1b3d17ae6b2e4084c1029f84089
Krzysztof Jackiewicz [Fri, 17 Nov 2017 13:46:47 +0000 (14:46 +0100)]
Add upgrade related operations to ode-admin-cli
Change-Id: I6157f0071a84fbdf157545abcf20d8462d7d5e6a
Krzysztof Jackiewicz [Wed, 15 Nov 2017 09:08:59 +0000 (10:08 +0100)]
Add executable for mounting internal memory during FOTA
Change-Id: Idb5f1ed392d3cb0a110242de76acb44f8db8e07a
Krzysztof Jackiewicz [Mon, 27 Nov 2017 13:22:25 +0000 (14:22 +0100)]
Fix mount state check in internal encryption
Oded is keeping the mount state of internal memory in a variable. If oded is
restarted, the internal memory is mounted by ode-recovery (during FOTA) or
manaully via the command line oded may end up with invalid mount state. This
commit makes ode check the actual state of the dm mapping instead.
Change-Id: I2c564e8db858880840ea3dae6d9ebc1fb4f0a7c9
Krzysztof Jackiewicz [Tue, 14 Nov 2017 13:23:55 +0000 (14:23 +0100)]
Add device path getters
Device path getters allow switching from old internal/external key API to new
generic key API (keys.h).
If external and (possibly) internal encryption APIs are modified to accept
device path as an argument instead of using hardcoded value these getters will
become unnecessary.
Change-Id: I78d288798a6cd267a7c6ee8d279d0d33a6813aab
Krzysztof Jackiewicz [Tue, 14 Nov 2017 15:09:48 +0000 (16:09 +0100)]
Add & implement master key storage API
Change-Id: Ifb2ae4bc6161de58bc0b46770a31948cc2780ae2
Krzysztof Jackiewicz [Mon, 13 Nov 2017 16:29:49 +0000 (17:29 +0100)]
Convert KeyGenerator class to a namespace
Change-Id: I5cc3aec04a731ec2b3212a187494dcbeae1ea468
Krzysztof Jackiewicz [Tue, 28 Nov 2017 15:13:12 +0000 (16:13 +0100)]
Properly handle errors related to key storage plugin
- Don't fail if an attempt to remove a non-existing token is made
- Don't fail if the plugin does not recognize the token used for key removal
- Ask the plugin to remove the key before overwriting the token
- Use error codes from ksp API
Change-Id: I9d6e60917b933506cd431d852f859f5c2a29b55f
Krzysztof Jackiewicz [Mon, 13 Nov 2017 16:29:49 +0000 (17:29 +0100)]
Use common typedef for binary data
Change-Id: I8a47b1f6fb3718608a2011e50b79b8e6f466414d
Krzysztof Jackiewicz [Mon, 27 Nov 2017 09:32:31 +0000 (10:32 +0100)]
Add dummy plugin
Change-Id: Id817932002f094c13dc605f86bf911367e854bd5
Krzysztof Jackiewicz [Thu, 9 Nov 2017 09:13:23 +0000 (10:13 +0100)]
Add framework for master key storage
- Add wrapper for dlopen + dlsym + dlclose.
- Add functions for master key management
Change-Id: I6d988320e90e21aad9066899d3bd8ea14b41034c
Krzysztof Jackiewicz [Tue, 28 Nov 2017 09:18:38 +0000 (10:18 +0100)]
Fix error handling in event callback API
Change-Id: If89e767a25c0936dfb485e5f2ba5cc58155d6030
Krzysztof Jackiewicz [Tue, 28 Nov 2017 09:11:31 +0000 (10:11 +0100)]
Fix segfault in ode-admin-cli
Change-Id: I67f3037dacc19e8582bf6277088e73b767c58dfc
Krzysztof Jackiewicz [Tue, 7 Nov 2017 16:08:07 +0000 (17:08 +0100)]
Master key storage plugin API
Change-Id: I81d8cc6376350df9797ebe11134a646b3614744c
Krzysztof Jackiewicz [Thu, 9 Nov 2017 09:44:48 +0000 (10:44 +0100)]
Use KeyServer for server side key managent
- server side uses KeyServer for key management
- refactor key management
- use empty key value in EncryptedKey::decrypt() to differentiate wrong
password from other errors
Change-Id: I7e2c4c0af794309d85ad1182f3ab2a67412a16af
Krzysztof Jackiewicz [Thu, 19 Oct 2017 15:17:39 +0000 (17:17 +0200)]
Key/password management API implementation
Change-Id: Ib74cc6e9212a948a043b483f08159024b642eb77
Krzysztof Jackiewicz [Fri, 10 Nov 2017 16:01:46 +0000 (17:01 +0100)]
Refactor error handling
- Move error translation to a separate file
- Use common error codes in all API
- Convert internal error enum to integers (klay does not support enum
serialization at the moment)
- Update documentation
Change-Id: I0bc49c2a4218e0f4e833bd404dfec50164ad1d1f
Lukasz Pawelczyk [Tue, 21 Nov 2017 13:26:32 +0000 (14:26 +0100)]
Fix mutex being unlocked by a different thread that locked it
Change-Id: I35a4a4a72eb8d14ac561c6a819c92f12979a9b15
Krzysztof Jackiewicz [Tue, 14 Nov 2017 13:33:42 +0000 (14:33 +0100)]
Refactor mtab related functions
Change-Id: I28ba2ddbe1ea5140e53368acff2946790a016896
Krzysztof Jackiewicz [Thu, 19 Oct 2017 06:48:29 +0000 (08:48 +0200)]
Generic API for device key & password management
Since ode is going to be socket activated it can't rely on dbus signals from
storaged anymore. Instead the device node has to be passed via API. This commit
adds a generic API for key/password management. The old functions dedicated for
key/password management in external and internal encryption will be deprecated.
Change-Id: I5ad5166c7a01bb9d3157ad8325d63724ac932432
Pawel Kowalski [Thu, 16 Nov 2017 09:07:44 +0000 (10:07 +0100)]
Fix ode-engine-unit-tests
Change-Id: If14ed39db1806d821303dc792a206db91107f93f
Lukasz Pawelczyk [Tue, 21 Nov 2017 12:08:01 +0000 (13:08 +0100)]
Fix cppcheck/svace warnings
Change-Id: I29b64165784c8162e8ae0fdc50d201856d6540fb
Krzysztof Jackiewicz [Mon, 23 Oct 2017 14:20:57 +0000 (16:20 +0200)]
Release version 0.0.2
Change-Id: I69701cf5fe44323e7e55f0811385f0da28dbe3b1
Krzysztof Jackiewicz [Mon, 16 Oct 2017 14:33:59 +0000 (16:33 +0200)]
Fix typo in API
Change-Id: I3cd49dfe7a19f3b9fa6ff92c34ad5a8302c53774
Krzysztof Jackiewicz [Mon, 23 Oct 2017 14:01:37 +0000 (16:01 +0200)]
Add support for synchronous LUKS API to ode-admin-cli
Change-Id: I86efa9e434b3726fb7947a4e81f048908a5b9ac3
Krzysztof Jackiewicz [Fri, 20 Oct 2017 09:09:20 +0000 (11:09 +0200)]
Synchronous API for LUKS
Change-Id: I30299af2cc523a5ee985fea87e331cf06f3bf96e
Krzysztof Jackiewicz [Mon, 16 Oct 2017 13:02:20 +0000 (15:02 +0200)]
Confirm password when formatting as LUKS
Change-Id: Ib6f9bf88a6adc2147a0ec10d9b9d4ffc7ad140f1
Krzysztof Jackiewicz [Mon, 16 Oct 2017 09:53:03 +0000 (11:53 +0200)]
Fix description of callback return codes
Return codes passed to the callback should not be included as @retval.
Moved to @note section.
Change-Id: Ie14ecc345835bf777a1f1de7844d0fde30cfb3de
Lukasz Pawelczyk [Thu, 12 Oct 2017 15:08:35 +0000 (17:08 +0200)]
Miscellaneous cleanups and cosmetics
Change-Id: Id13214285f62c0e84131e5c8f846c91904a99600
Lukasz Pawelczyk [Wed, 20 Sep 2017 12:05:02 +0000 (14:05 +0200)]
Log messages: unify and add missing
For Internal and External encryption.
Change-Id: I20bd74f06d90b07a2111ffa1a4bff5eff443b81d
Lukasz Pawelczyk [Thu, 14 Sep 2017 12:02:42 +0000 (14:02 +0200)]
*_set_mount_password() must be called before every *_mount()
Change-Id: Ie55ee30a386a1784bff301dc5602b48978095e24
Krzysztof Jackiewicz [Wed, 11 Oct 2017 08:15:58 +0000 (10:15 +0200)]
Remove extension encryption
It is replaced by LUKS API.
Change-Id: I6506eb55d8d90df39014a39c73bef404b3d7f585
Krzysztof Jackiewicz [Fri, 6 Oct 2017 12:16:27 +0000 (14:16 +0200)]
Support for luks API in ode-admin-cli
Allows synchronous formatting, opening and closing of LUKS device. It also
allows waiting for completion notification in a separate process.
Change-Id: I28b4c543bc2a3135bd8cde53fbf6e13181684ffd
Krzysztof Jackiewicz [Mon, 2 Oct 2017 08:43:39 +0000 (10:43 +0200)]
Luks API implementation
- Client part, RMI & Server part with callback notifications
- Extend ClientContext class to support custom notification
Change-Id: I6f049283925b2ae1934bba01ed22c21053b65555
Krzysztof Jackiewicz [Thu, 5 Oct 2017 14:26:49 +0000 (16:26 +0200)]
Set proper label for notification sockets
When a client registers for notification it receives a socket to wait on. The
socket descriptor is transferred using ancillary data. In such cases Smack
checks if Smack rules allow the process that is about to receive it to write to
socket's IPOUT (System::Privileged) and if socket IPIN is allowed to write the
process. CAP_MAC_OVERRIDE is ignored (this may be a bug in Smack). As a result
any process not having System::Privileged label (including ode-admin-cli and UI
apps) is not able to receive the notification socket.
By default notification sockets receive the server's label that is
System::Privileged. This patch sets the IPOUT socket label to '@' so that all
processes can write it and receive the notification socket.
Change-Id: I473099f48e253c4bfe3cebee1a21857d9ea2b963
Krzysztof Jackiewicz [Fri, 29 Sep 2017 09:33:36 +0000 (11:33 +0200)]
Add luks API declaration
Extension encryption is supposed to become a wrapper over cryptsetup. New API
will do exactly that.
Change-Id: I97780fa3b1a59f405478d8bd1fb6eb6272416c33
Krzysztof Jackiewicz [Fri, 13 Oct 2017 15:05:51 +0000 (17:05 +0200)]
Fix logging on server side
Remove rebase leftover.
Change-Id: I423471ce5a5bf6cf41754681f7040bf191833d9b
Krzysztof Jackiewicz [Thu, 21 Sep 2017 12:16:35 +0000 (14:16 +0200)]
Refactor client and server side contexts
- Get rid of files and typedefs with identical names
- Simplify client & server side context
Change-Id: Ib6580b228fd6b9d8771eb81adc06d2b2fef2775b
Krzysztof Jackiewicz [Wed, 11 Oct 2017 08:16:52 +0000 (10:16 +0200)]
Add missing derivation in ExternalEncryptionClient
Change-Id: I3b264d0b7abebe57c5ad1a0ee40a86d80a6514ed
Lukasz Pawelczyk [Wed, 20 Sep 2017 12:33:44 +0000 (14:33 +0200)]
Catch external mount/umount error messages
Change-Id: I0d1917f20a5113734635766f4a83a9eb8896e80e
Lukasz Pawelczyk [Mon, 18 Sep 2017 13:42:16 +0000 (15:42 +0200)]
Make headers in RMI define pure virtual interfaces
- Define *Client and *Server variants as full classes with their own
headers inheriting from RMI interfaces.
Change-Id: I1aa479f1cdac86c63822d59589dd604ba5e2818f
s414kim [Wed, 20 Sep 2017 08:58:54 +0000 (17:58 +0900)]
Remove unnecessary code of secure-erase
- remove reading /dev/zero code.
- changed mtab parsing code to use getmntent().
Change-Id: Ieee126dae6e33577ad9bdbb645c948db088eef3e
Signed-off-by: s414kim <s414.kim@samsung.com>
s414kim [Fri, 22 Sep 2017 08:55:42 +0000 (17:55 +0900)]
Remove 'erase' API from secure-erase
Change-Id: I4d9d287fe3915e1d2a4fd8fc7a405af06139efd0
Signed-off-by: s414kim <s414.kim@samsung.com>
s414kim [Fri, 22 Sep 2017 05:03:03 +0000 (14:03 +0900)]
Remove exception of findDevPath for emulator
- Cause : the mount path doesn't exist on the emulator.
Change-Id: Ibc219808d2fb3a3951e5f77392ab8d86bf29fe42
Signed-off-by: s414kim <s414.kim@samsung.com>
s414kim [Fri, 15 Sep 2017 05:59:13 +0000 (14:59 +0900)]
Remove MD5 from key-generator
- delete MD5 method from key-generator
- replace 'MD5' to 'SHA256' which is used to get hash value
Change-Id: I788a38adbcc34d29061f85cc87f5fee1e1eea26b
Signed-off-by: s414kim <s414.kim@samsung.com>
s414kim [Wed, 30 Aug 2017 11:43:39 +0000 (20:43 +0900)]
Add default secure-erase engine
Change-Id: Ib7e8ff2fe11f41975d34affc47e85b1ee473bdd7
Signed-off-by: s414kim <s414.kim@samsung.com>
Lukasz Pawelczyk [Tue, 12 Sep 2017 12:13:55 +0000 (14:13 +0200)]
ExtensionEncryption: handle encrypted external sd while formatting
There will be two different things mounted as /opt/media/SDCardA1
while external sd card is encrypted and mounted. Handle this case.
TODO for the findKillAndUmount() usage is still valid, this is just an
immediate workaround for the issue.
Change-Id: If0209165401e9fb88895c417b127aad2fcb75828
Lukasz Pawelczyk [Tue, 12 Sep 2017 13:17:42 +0000 (15:17 +0200)]
Move 2 common utility functions to misc.cpp/misc.h
Change-Id: If29bea3be21bac1cd870bc44250d268b083908b4
projects / platform / core / security / ode.git / log