/**
* Encrypt Android user data
*
* @param user Android user id
* @param password Android user password
*
* @return 0 on success, negative value on error
*/
int android_encrypt_user_data(int user, char *password)
{
char data_path[MAX_PATH_LENGTH], media_path[MAX_PATH_LENGTH], buf[10];
off_t size = 0, total_size = 0;
int ret = -1;
LOGI("Encrypt user data for %d", user);
android_stop_services();
sleep(5);
memset(data_path, 0, sizeof(data_path));
sprintf(data_path, "%s%d", ANDROID_USER_DATA_PATH, user);
memset(media_path, 0, sizeof(media_path));
sprintf(media_path, "%s%d", ANDROID_VIRTUAL_SDCARD_PATH, user);
ret = get_dir_size(data_path, &size);
if (ret < 0) {
LOGE("Unable to get dir size for %s", data_path);
return ret;
}
total_size += size;
ret = get_dir_size(media_path, &size);
if (ret < 0) {
LOGE("Unable to get dir size for %s", media_path);
return ret;
}
total_size += size;
memset(buf, 0, sizeof(buf));
snprintf(buf, sizeof(buf), "%llu", total_size);
property_set("efs.encrypt.size", buf);
if (user == PRIMARY_USER) {
property_set("crypto.primary_user", "encrypting");
}
ret = EFS_create(data_path, password);
if (ret < 0) {
LOGE("Unable to create efs storage %s", data_path);
return ret;
}
ret = EFS_create(media_path, password);
if (ret < 0) {
LOGE("Unable to create efs storage %s", media_path);
return ret;
}
if (user == PRIMARY_USER) {
android_reboot(ANDROID_RB_RESTART, 0, 0);
}
ret = android_unlock_user_data(user, password);
if (ret < 0) {
LOGE("Unable to unlock user data %d", user);
return ret;
}
android_start_services();
return 0;
}
int EncryptedFileStorageCmd::runCommand(SocketClient *cli, int argc, char **argv) {
int rc = 0;
if ((cli->getUid() != 0) && (cli->getUid() != AID_SYSTEM)) {
cli->sendMsg(ResponseCode::CommandNoPermission, "No permission to run EFS commands", false);
return 0;
}
if (argc < 3) {
cli->sendMsg(ResponseCode::CommandSyntaxError, "Missing Argument", false);
return 0;
}
if (!strcmp(argv[1], "create")) {
if (argc != 4) {
cli->sendMsg(ResponseCode::CommandSyntaxError, "Usage: efs create <storage_path> <passwd>", false);
return 0;
}
rc = EFS_create(argv[2],argv[3]);
} else if (!strcmp(argv[1], "unlock")) {
if (argc != 4) {
cli->sendMsg(ResponseCode::CommandSyntaxError, "Usage: efs unlock <storage_path> <passwd>", false);
return 0;
}
rc = EFS_unlock(argv[2], argv[3]);
} else if (!strcmp(argv[1], "lock")) {
if (argc != 3) {
cli->sendMsg(ResponseCode::CommandSyntaxError, "Usage: efs lock <storage_path>", false);
return 0;
}
rc = EFS_lock(argv[2]);
} else if (!strcmp(argv[1], "change_passwd")) {
if (argc != 5) {
cli->sendMsg(ResponseCode::CommandSyntaxError, "Usage: efs change_passwd <storage_path> <old_passwd> <new_passwd>", false);
return 0;
}
rc = EFS_change_password(argv[2],argv[3],argv[4]);
} else if (!strcmp(argv[1], "remove")) {
if (argc != 3) {
cli->sendMsg(ResponseCode::CommandSyntaxError, "Usage: efs remove <storage_path>", false);
return 0;
}
rc = EFS_remove(argv[2]);
} else if (!strcmp(argv[1], "recover")) {
if (argc != 4) {
cli->sendMsg(ResponseCode::CommandSyntaxError, "Usage: efs recover <storage_path> <password>", false);
return 0;
}
rc = EFS_recover_data_and_remove(argv[2], argv[3]);
} else if (!strcmp(argv[1], "stat")) {
if (argc != 3) {
cli->sendMsg(ResponseCode::CommandSyntaxError, "Usage: efs stat <storage_path>", false);
return 0;
}
rc = EFS_get_status(argv[2]);
} else if (!strcmp(argv[1], "get_progress")) {
if (argc != 3) {
cli->sendMsg(ResponseCode::CommandSyntaxError, "Usage: efs get_progress <storage_path>", false);
return 0;
}
rc = EFS_get_progress(argv[2]);
} else if (!strcmp(argv[1], "encrypt_user_data")) {
if (argc != 4) {
cli->sendMsg(ResponseCode::CommandSyntaxError, "Usage: efs encrypt_user_data <userId> <password>", false);
return 0;
}
rc = android_encrypt_user_data(atoi(argv[2]), argv[3]);
} else if (!strcmp(argv[1], "unlock_user_data")) {
if (argc != 4) {
cli->sendMsg(ResponseCode::CommandSyntaxError, "Usage: efs unlock_user_data <userId> <password>", false);
return 0;
}
rc = android_unlock_user_data(atoi(argv[2]), argv[3]);
} else if (!strcmp(argv[1], "lock_user_data")) {
if (argc != 3) {
cli->sendMsg(ResponseCode::CommandSyntaxError, "Usage: efs lock_user_data <userId>", false);
return 0;
}
rc = android_lock_user_data(atoi(argv[2]));
} else if (!strcmp(argv[1], "change_user_data_passwd")) {
if (argc != 5) {
cli->sendMsg(ResponseCode::CommandSyntaxError, "Usage: efs change_user_data_passwd <userId> <old_passwd> <new_passwd>", false);
return 0;
}
rc = android_change_user_data_password(atoi(argv[2]),argv[3],argv[4]);
} else if (!strcmp(argv[1], "decrypt_user_data")) {
if (argc != 4) {
cli->sendMsg(ResponseCode::CommandSyntaxError, "Usage: efs decrypt_user_data <userId> <password>", false);
return 0;
}
rc = android_decrypt_user_data(atoi(argv[2]), argv[3]);
} else if (!strcmp(argv[1], "remove_user_encrypted_data")) {
if (argc != 3) {
cli->sendMsg(ResponseCode::CommandSyntaxError, "Usage: efs remove_user_encrypted_data <userId>", false);
return 0;
}
rc = android_remove_user_encrypted_data(atoi(argv[2]));
} else if (!strcmp(argv[1], "user_stat")) {
if (argc != 3) {
cli->sendMsg(ResponseCode::CommandSyntaxError, "Usage: efs user_stat <userId>", false);
return 0;
}
rc = android_get_encrypted_user_status(atoi(argv[2]));
}
else {
cli->sendMsg(ResponseCode::CommandSyntaxError, "Unknown efs-tools cmd", false);
}
// Always report that the command succeeded and return the error code.
// The caller will check the return value to see what the error was.
char msg[255];
snprintf(msg, sizeof(msg), "%d", rc);
cli->sendMsg(ResponseCode::CommandOkay, msg, false);
return 0;
}