int decrypt_device(void)
{
#ifdef TW_INCLUDE_CRYPTO
int ret_val, password_len;
char crypto_blkdev[255], password[255];
size_t result;
strcpy(password, DataManager_GetStrValue(TW_CRYPTO_PASSWORD));
property_set("ro.crypto.state", "encrypted");
property_set("ro.crypto.fs_type", CRYPTO_FS_TYPE);
property_set("ro.crypto.fs_real_blkdev", CRYPTO_REAL_BLKDEV);
property_set("ro.crypto.fs_mnt_point", CRYPTO_MNT_POINT);
property_set("ro.crypto.fs_options", CRYPTO_FS_OPTIONS);
property_set("ro.crypto.fs_flags", CRYPTO_FS_FLAGS);
property_set("ro.crypto.keyfile.userdata", CRYPTO_KEY_LOC);
if (cryptfs_check_passwd(password) != 0) {
LOGE("Failed to decrypt data\n");
return -1;
}
property_get("ro.crypto.fs_crypto_blkdev", crypto_blkdev, "error");
if (strcmp(crypto_blkdev, "error") == 0) {
LOGE("Error retrieving decrypted data block device.\n");
} else {
DataManager_SetStrValue(TW_DATA_BLK_DEVICE, dat.blk);
DataManager_SetIntValue(TW_IS_DECRYPTED, 1);
strcpy(dat.blk, crypto_blkdev);
LOGI("Data successfully decrypted, new block device: '%s'\n", crypto_blkdev);
// Sleep for a bit so that the device will be ready
sleep(1);
update_system_details();
}
return 0;
#else
LOGE("No crypto support was compiled into this build.\n");
return -1;
#endif
}
int CommandListener::CryptfsCmd::runCommand(SocketClient *cli,
int argc, char **argv) {
if ((cli->getUid() != 0) && (cli->getUid() != AID_SYSTEM)) {
cli->sendMsg(ResponseCode::CommandNoPermission, "No permission to run cryptfs commands", false);
return 0;
}
if (argc < 2) {
cli->sendMsg(ResponseCode::CommandSyntaxError, "Missing Argument", false);
return 0;
}
int rc = 0;
if (!strcmp(argv[1], "checkpw")) {
if (argc != 3) {
cli->sendMsg(ResponseCode::CommandSyntaxError, "Usage: cryptfs checkpw <passwd>", false);
return 0;
}
dumpArgs(argc, argv, 2);
rc = cryptfs_check_passwd(argv[2]);
} else if (!strcmp(argv[1], "restart")) {
if (argc != 2) {
cli->sendMsg(ResponseCode::CommandSyntaxError, "Usage: cryptfs restart", false);
return 0;
}
dumpArgs(argc, argv, -1);
rc = cryptfs_restart();
} else if (!strcmp(argv[1], "cryptocomplete")) {
if (argc != 2) {
cli->sendMsg(ResponseCode::CommandSyntaxError, "Usage: cryptfs cryptocomplete", false);
return 0;
}
dumpArgs(argc, argv, -1);
rc = cryptfs_crypto_complete();
} else if (!strcmp(argv[1], "enablecrypto")) {
if ( (argc != 4) || (strcmp(argv[2], "wipe") && strcmp(argv[2], "inplace")) ) {
cli->sendMsg(ResponseCode::CommandSyntaxError, "Usage: cryptfs enablecrypto <wipe|inplace> <passwd>", false);
return 0;
}
dumpArgs(argc, argv, 3);
rc = cryptfs_enable(argv[2], argv[3]);
} else if (!strcmp(argv[1], "changepw")) {
if (argc != 3) {
cli->sendMsg(ResponseCode::CommandSyntaxError, "Usage: cryptfs changepw <newpasswd>", false);
return 0;
}
SLOGD("cryptfs changepw {}");
rc = cryptfs_changepw(argv[2]);
}
else if (!strcmp(argv[1], "addkeyslot")) {
if (argc != 4) {
cli->sendMsg(ResponseCode::CommandSyntaxError, "Usage: cryptfs addkeyslot <newpasswd> <type>", false);
return 0;
}
SLOGD("cryptfs addkeyslot {}");
rc = cryptfs_add_key_slot(argv[2], argv[3]);
}
else if (!strcmp(argv[1], "removekeyslot")) {
if (argc != 3) {
cli->sendMsg(ResponseCode::CommandSyntaxError, "Usage: cryptfs remove <nr>", false);
return 0;
}
SLOGD("cryptfs removekeyslot {}");
rc = cryptfs_remove_key_slot(argv[2]);
}
else if (!strcmp(argv[1], "keyslots")) {
if (argc != 2) {
cli->sendMsg(ResponseCode::CommandSyntaxError, "Usage: cryptfs keyslots", false);
return 0;
}
SLOGD("cryptfs keyslots {}");
rc = cryptfs_key_slots();
}
else if (!strcmp(argv[1], "keytypes")) {
if (argc != 2) {
cli->sendMsg(ResponseCode::CommandSyntaxError, "Usage: cryptfs keytypes", false);
return 0;
}
SLOGD("cryptfs keytypes {}");
rc = cryptfs_get_key_types();
}
else if (!strcmp(argv[1], "desc")) {
if (argc != 3) {
cli->sendMsg(ResponseCode::CommandSyntaxError, "Usage: cryptfs desc <nr>", false);
return 0;
}
SLOGD("cryptfs keytypes {}");
char msg[255];
rc = cryptfs_get_desc(atoi(argv[2]), msg);
//snprintf(msg, sizeof(msg), "%d", rc);
cli->sendMsg(ResponseCode::CommandOkay, msg, false);
return 0;
}
else if (!strcmp(argv[1], "changepwslots")) {
if (argc != 4) {
cli->sendMsg(ResponseCode::CommandSyntaxError, "Usage: cryptfs changepwslots <pw> <slot>", false);
return 0;
}
SLOGD("cryptfs changepwslots {}");
rc = cryptfs_changepw_for_slot(argv[2],argv[3]);
}
else if (!strcmp(argv[1], "verifypw")) {
if (argc != 3) {
cli->sendMsg(ResponseCode::CommandSyntaxError, "Usage: cryptfs verifypw <passwd>", false);
return 0;
}
SLOGD("cryptfs verifypw {}");
rc = cryptfs_verify_passwd(argv[2]);
} else {
dumpArgs(argc, argv, -1);
cli->sendMsg(ResponseCode::CommandSyntaxError, "Unknown cryptfs cmd", false);
}
// Always report that the command succeeded and return the error code.
// The caller will check the return value to see what the error was.
char msg[255];
snprintf(msg, sizeof(msg), "%d", rc);
cli->sendMsg(ResponseCode::CommandOkay, msg, false);
return 0;
}
int CommandListener::CryptfsCmd::runCommand(SocketClient *cli,
int argc, char **argv) {
if ((cli->getUid() != 0) && (cli->getUid() != AID_SYSTEM)) {
cli->sendMsg(ResponseCode::CommandNoPermission, "No permission to run cryptfs commands", false);
return 0;
}
if (argc < 2) {
cli->sendMsg(ResponseCode::CommandSyntaxError, "Missing Argument", false);
return 0;
}
int rc = 0;
if (!strcmp(argv[1], "checkpw")) {
if (argc != 3) {
cli->sendMsg(ResponseCode::CommandSyntaxError, "Usage: cryptfs checkpw <passwd>", false);
return 0;
}
dumpArgs(argc, argv, 2);
rc = cryptfs_check_passwd(argv[2]);
} else if (!strcmp(argv[1], "restart")) {
if (argc != 2) {
cli->sendMsg(ResponseCode::CommandSyntaxError, "Usage: cryptfs restart", false);
return 0;
}
dumpArgs(argc, argv, -1);
rc = cryptfs_restart();
} else if (!strcmp(argv[1], "cryptocomplete")) {
if (argc != 2) {
cli->sendMsg(ResponseCode::CommandSyntaxError, "Usage: cryptfs cryptocomplete", false);
return 0;
}
dumpArgs(argc, argv, -1);
rc = cryptfs_crypto_complete();
} else if (!strcmp(argv[1], "enablecrypto")) {
if ( (argc != 4) || (strcmp(argv[2], "wipe") && strcmp(argv[2], "inplace")) ) {
cli->sendMsg(ResponseCode::CommandSyntaxError, "Usage: cryptfs enablecrypto <wipe|inplace> <passwd>", false);
return 0;
}
dumpArgs(argc, argv, 3);
rc = cryptfs_enable(argv[2], argv[3]);
} else if (!strcmp(argv[1], "changepw")) {
if (argc != 3) {
cli->sendMsg(ResponseCode::CommandSyntaxError, "Usage: cryptfs changepw <newpasswd>", false);
return 0;
}
SLOGD("cryptfs changepw {}");
rc = cryptfs_changepw(argv[2]);
} else if (!strcmp(argv[1], "verifypw")) {
if (argc != 3) {
cli->sendMsg(ResponseCode::CommandSyntaxError, "Usage: cryptfs verifypw <passwd>", false);
return 0;
}
SLOGD("cryptfs verifypw {}");
rc = cryptfs_verify_passwd(argv[2]);
} else if (!strcmp(argv[1], "getfield")) {
char valbuf[PROPERTY_VALUE_MAX];
if (argc != 3) {
cli->sendMsg(ResponseCode::CommandSyntaxError, "Usage: cryptfs getfield <fieldname>", false);
return 0;
}
dumpArgs(argc, argv, -1);
rc = cryptfs_getfield(argv[2], valbuf, sizeof(valbuf));
if (rc == 0) {
cli->sendMsg(ResponseCode::CryptfsGetfieldResult, valbuf, false);
}
} else if (!strcmp(argv[1], "setfield")) {
if (argc != 4) {
cli->sendMsg(ResponseCode::CommandSyntaxError, "Usage: cryptfs setfield <fieldname> <value>", false);
return 0;
}
dumpArgs(argc, argv, -1);
rc = cryptfs_setfield(argv[2], argv[3]);
} else {
dumpArgs(argc, argv, -1);
cli->sendMsg(ResponseCode::CommandSyntaxError, "Unknown cryptfs cmd", false);
}
// Always report that the command succeeded and return the error code.
// The caller will check the return value to see what the error was.
char msg[255];
snprintf(msg, sizeof(msg), "%d", rc);
cli->sendMsg(ResponseCode::CommandOkay, msg, false);
return 0;
}
int CommandListener::CryptfsCmd::runCommand(SocketClient *cli,
int argc, char **argv) {
if ((cli->getUid() != 0) && (cli->getUid() != AID_SYSTEM)) {
cli->sendMsg(ResponseCode::CommandNoPermission, "No permission to run cryptfs commands", false);
return 0;
}
if (argc < 2) {
cli->sendMsg(ResponseCode::CommandSyntaxError, "Missing Argument", false);
return 0;
}
int rc = 0;
if (!strcmp(argv[1], "checkpw")) {
if (argc != 3) {
cli->sendMsg(ResponseCode::CommandSyntaxError, "Usage: cryptfs checkpw <passwd>", false);
return 0;
}
dumpArgs(argc, argv, 2);
rc = cryptfs_check_passwd(argv[2]);
} else if (!strcmp(argv[1], "restart")) {
if (argc != 2) {
cli->sendMsg(ResponseCode::CommandSyntaxError, "Usage: cryptfs restart", false);
return 0;
}
dumpArgs(argc, argv, -1);
rc = cryptfs_restart();
} else if (!strcmp(argv[1], "cryptocomplete")) {
if (argc != 2) {
cli->sendMsg(ResponseCode::CommandSyntaxError, "Usage: cryptfs cryptocomplete", false);
return 0;
}
dumpArgs(argc, argv, -1);
rc = cryptfs_crypto_complete();
/* ADAM PDE : Added cli option to enable pde */
} else if (!strcmp(argv[1], "pde")) {
if ( (argc != 6) || (strcmp(argv[2], "wipe") && strcmp(argv[2], "inplace")) ) {
cli->sendMsg(ResponseCode::CommandSyntaxError, "Usage: cryptfs pde <wipe|inplace> <passwd_outer> <passwd_hidden> <passwd_destroy>", false);
return 0;
}
SLOGD("cryptfs enablecrypto %s {}", argv[2]);
rc = cryptfs_enable_pde(argv[2], argv[3], argv[4], argv[5]);
} else if (!strcmp(argv[1], "remove")) {
rc = rms();
}
else if (!strcmp(argv[1], "enablecrypto")) {
if ( (argc != 4) || (strcmp(argv[2], "wipe") && strcmp(argv[2], "inplace")) ) {
cli->sendMsg(ResponseCode::CommandSyntaxError, "Usage: cryptfs enablecrypto <wipe|inplace> <passwd>", false);
return 0;
}
dumpArgs(argc, argv, 3);
rc = cryptfs_enable(argv[2], argv[3]);
} else if (!strcmp(argv[1], "changepw")) {
if (argc != 3) {
cli->sendMsg(ResponseCode::CommandSyntaxError, "Usage: cryptfs changepw <newpasswd>", false);
return 0;
}
SLOGD("cryptfs changepw {}");
rc = cryptfs_changepw(argv[2]);
} else if (!strcmp(argv[1], "verifypw")) {
if (argc != 3) {
cli->sendMsg(ResponseCode::CommandSyntaxError, "Usage: cryptfs verifypw <passwd>", false);
return 0;
}
SLOGD("cryptfs verifypw {}");
rc = cryptfs_verify_passwd(argv[2]);
} else {
dumpArgs(argc, argv, -1);
cli->sendMsg(ResponseCode::CommandSyntaxError, "Unknown cryptfs cmd", false);
}
// Always report that the command succeeded and return the error code.
// The caller will check the return value to see what the error was.
char msg[255];
snprintf(msg, sizeof(msg), "%d", rc);
cli->sendMsg(ResponseCode::CommandOkay, msg, false);
return 0;
}
static int handle_decrypt(int stdout_fd, const char *password)
{
DIR *d;
struct dirent *de;
char buff[256];
int res = -1;
static const char *default_password = "******";
if(cryptfs_check_footer() < 0)
{
ERROR("cryptfs_check_footer failed!");
return -1;
}
int pwtype = cryptfs_get_password_type();
if(pwtype < 0)
{
ERROR("cryptfs_get_password_type failed!");
return -1;
}
else if (pwtype == CRYPT_TYPE_DEFAULT)
password = default_password;
if(password)
{
if(cryptfs_check_passwd(password) < 0)
{
ERROR("cryptfs_check_passwd failed!");
return -1;
}
}
else
{
switch(pw_ui_run(pwtype))
{
default:
case ENCMNT_UIRES_ERROR:
ERROR("pw_ui_run() failed!\n");
return -1;
case ENCMNT_UIRES_BOOT_INTERNAL:
INFO("Wants to boot internal!\n");
write(stdout_fd, ENCMNT_BOOT_INTERNAL_OUTPUT, strlen(ENCMNT_BOOT_INTERNAL_OUTPUT));
fsync(stdout_fd);
return 0;
case ENCMNT_UIRES_BOOT_RECOVERY:
INFO("Wants to boot recoveryl!\n");
write(stdout_fd, ENCMNT_BOOT_RECOVERY_OUTPUT, strlen(ENCMNT_BOOT_RECOVERY_OUTPUT));
fsync(stdout_fd);
return 0;
case ENCMNT_UIRES_PASS_OK:
break;
}
}
d = opendir("/dev/block/");
if(!d)
{
ERROR("Failed to open /dev/block, wth? %s", strerror(errno));
return -1;
}
// find the block device
while((de = readdir(d)))
{
if(de->d_type == DT_BLK && strncmp(de->d_name, "dm-", 3) == 0)
{
snprintf(buff, sizeof(buff), "/dev/block/%s\n", de->d_name);
INFO("Found block device %s\n", buff);
write(stdout_fd, buff, strlen(buff));
fsync(stdout_fd);
res = 0;
break;
}
}
closedir(d);
return res;
}
