1 /* 2 * Copyright (C) 2012 The Android Open Source Project 3 * 4 * Licensed under the Apache License, Version 2.0 (the "License"); 5 * you may not use this file except in compliance with the License. 6 * You may obtain a copy of the License at 7 * 8 * http://www.apache.org/licenses/LICENSE-2.0 9 * 10 * Unless required by applicable law or agreed to in writing, software 11 * distributed under the License is distributed on an "AS IS" BASIS, 12 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 * See the License for the specific language governing permissions and 14 * limitations under the License. 15 */ 16 17 #include <stdio.h> 18 #include <stdlib.h> 19 #include <string.h> 20 #include <unistd.h> 21 #include <fcntl.h> 22 #include <ctype.h> 23 #include <sys/mount.h> 24 #include <sys/stat.h> 25 #include <errno.h> 26 #include <sys/types.h> 27 #include <sys/wait.h> 28 #include <libgen.h> 29 #include <time.h> 30 #include <sys/swap.h> 31 #include <dirent.h> 32 #include <ext4.h> 33 #include <ext4_sb.h> 34 #include <ext4_crypt_init_extensions.h> 35 36 #include <linux/loop.h> 37 #include <private/android_filesystem_config.h> 38 #include <cutils/android_reboot.h> 39 #include <cutils/partition_utils.h> 40 #include <cutils/properties.h> 41 #include <logwrap/logwrap.h> 42 43 #include "mincrypt/rsa.h" 44 #include "mincrypt/sha.h" 45 #include "mincrypt/sha256.h" 46 47 #include "ext4_utils.h" 48 #include "wipe.h" 49 50 #include "fs_mgr_priv.h" 51 #include "fs_mgr_priv_verity.h" 52 53 #define KEY_LOC_PROP "ro.crypto.keyfile.userdata" 54 #define KEY_IN_FOOTER "footer" 55 56 #define E2FSCK_BIN "/system/bin/e2fsck" 57 #define F2FS_FSCK_BIN "/system/bin/fsck.f2fs" 58 #define MKSWAP_BIN "/system/bin/mkswap" 59 60 #define FSCK_LOG_FILE "/dev/fscklogs/log" 61 62 #define ZRAM_CONF_DEV "/sys/block/zram0/disksize" 63 64 #define ARRAY_SIZE(a) (sizeof(a) / sizeof(*(a))) 65 66 /* 67 * gettime() - returns the time in seconds of the system's monotonic clock or 68 * zero on error. 69 */ 70 static time_t gettime(void) 71 { 72 struct timespec ts; 73 int ret; 74 75 ret = clock_gettime(CLOCK_MONOTONIC, &ts); 76 if (ret < 0) { 77 ERROR("clock_gettime(CLOCK_MONOTONIC) failed: %s\n", strerror(errno)); 78 return 0; 79 } 80 81 return ts.tv_sec; 82 } 83 84 static int wait_for_file(const char *filename, int timeout) 85 { 86 struct stat info; 87 time_t timeout_time = gettime() + timeout; 88 int ret = -1; 89 90 while (gettime() < timeout_time && ((ret = stat(filename, &info)) < 0)) 91 usleep(10000); 92 93 return ret; 94 } 95 96 static void check_fs(char *blk_device, char *fs_type, char *target) 97 { 98 int status; 99 int ret; 100 long tmpmnt_flags = MS_NOATIME | MS_NOEXEC | MS_NOSUID; 101 char *tmpmnt_opts = "nomblk_io_submit,errors=remount-ro"; 102 char *e2fsck_argv[] = { 103 E2FSCK_BIN, 104 "-y", 105 blk_device 106 }; 107 108 /* Check for the types of filesystems we know how to check */ 109 if (!strcmp(fs_type, "ext2") || !strcmp(fs_type, "ext3") || !strcmp(fs_type, "ext4")) { 110 /* 111 * First try to mount and unmount the filesystem. We do this because 112 * the kernel is more efficient than e2fsck in running the journal and 113 * processing orphaned inodes, and on at least one device with a 114 * performance issue in the emmc firmware, it can take e2fsck 2.5 minutes 115 * to do what the kernel does in about a second. 116 * 117 * After mounting and unmounting the filesystem, run e2fsck, and if an 118 * error is recorded in the filesystem superblock, e2fsck will do a full 119 * check. Otherwise, it does nothing. If the kernel cannot mount the 120 * filesytsem due to an error, e2fsck is still run to do a full check 121 * fix the filesystem. 122 */ 123 errno = 0; 124 ret = mount(blk_device, target, fs_type, tmpmnt_flags, tmpmnt_opts); 125 INFO("%s(): mount(%s,%s,%s)=%d: %s\n", 126 __func__, blk_device, target, fs_type, ret, strerror(errno)); 127 if (!ret) { 128 int i; 129 for (i = 0; i < 5; i++) { 130 // Try to umount 5 times before continuing on. 131 // Should we try rebooting if all attempts fail? 132 int result = umount(target); 133 if (result == 0) { 134 INFO("%s(): unmount(%s) succeeded\n", __func__, target); 135 break; 136 } 137 ERROR("%s(): umount(%s)=%d: %s\n", __func__, target, result, strerror(errno)); 138 sleep(1); 139 } 140 } 141 142 /* 143 * Some system images do not have e2fsck for licensing reasons 144 * (e.g. recent SDK system images). Detect these and skip the check. 145 */ 146 if (access(E2FSCK_BIN, X_OK)) { 147 INFO("Not running %s on %s (executable not in system image)\n", 148 E2FSCK_BIN, blk_device); 149 } else { 150 INFO("Running %s on %s\n", E2FSCK_BIN, blk_device); 151 152 ret = android_fork_execvp_ext(ARRAY_SIZE(e2fsck_argv), e2fsck_argv, 153 &status, true, LOG_KLOG | LOG_FILE, 154 true, FSCK_LOG_FILE); 155 156 if (ret < 0) { 157 /* No need to check for error in fork, we can't really handle it now */ 158 ERROR("Failed trying to run %s\n", E2FSCK_BIN); 159 } 160 } 161 } else if (!strcmp(fs_type, "f2fs")) { 162 char *f2fs_fsck_argv[] = { 163 F2FS_FSCK_BIN, 164 "-f", 165 blk_device 166 }; 167 INFO("Running %s -f %s\n", F2FS_FSCK_BIN, blk_device); 168 169 ret = android_fork_execvp_ext(ARRAY_SIZE(f2fs_fsck_argv), f2fs_fsck_argv, 170 &status, true, LOG_KLOG | LOG_FILE, 171 true, FSCK_LOG_FILE); 172 if (ret < 0) { 173 /* No need to check for error in fork, we can't really handle it now */ 174 ERROR("Failed trying to run %s\n", F2FS_FSCK_BIN); 175 } 176 } 177 178 return; 179 } 180 181 static void remove_trailing_slashes(char *n) 182 { 183 int len; 184 185 len = strlen(n) - 1; 186 while ((*(n + len) == '/') && len) { 187 *(n + len) = '\0'; 188 len--; 189 } 190 } 191 192 /* 193 * Mark the given block device as read-only, using the BLKROSET ioctl. 194 * Return 0 on success, and -1 on error. 195 */ 196 int fs_mgr_set_blk_ro(const char *blockdev) 197 { 198 int fd; 199 int rc = -1; 200 int ON = 1; 201 202 fd = TEMP_FAILURE_RETRY(open(blockdev, O_RDONLY | O_CLOEXEC)); 203 if (fd < 0) { 204 // should never happen 205 return rc; 206 } 207 208 rc = ioctl(fd, BLKROSET, &ON); 209 close(fd); 210 211 return rc; 212 } 213 214 /* 215 * __mount(): wrapper around the mount() system call which also 216 * sets the underlying block device to read-only if the mount is read-only. 217 * See "man 2 mount" for return values. 218 */ 219 static int __mount(const char *source, const char *target, const struct fstab_rec *rec) 220 { 221 unsigned long mountflags = rec->flags; 222 int ret; 223 int save_errno; 224 225 /* We need this because sometimes we have legacy symlinks 226 * that are lingering around and need cleaning up. 227 */ 228 struct stat info; 229 if (!lstat(target, &info)) 230 if ((info.st_mode & S_IFMT) == S_IFLNK) 231 unlink(target); 232 mkdir(target, 0755); 233 ret = mount(source, target, rec->fs_type, mountflags, rec->fs_options); 234 save_errno = errno; 235 INFO("%s(source=%s,target=%s,type=%s)=%d\n", __func__, source, target, rec->fs_type, ret); 236 if ((ret == 0) && (mountflags & MS_RDONLY) != 0) { 237 fs_mgr_set_blk_ro(source); 238 } 239 errno = save_errno; 240 return ret; 241 } 242 243 static int fs_match(char *in1, char *in2) 244 { 245 char *n1; 246 char *n2; 247 int ret; 248 249 n1 = strdup(in1); 250 n2 = strdup(in2); 251 252 remove_trailing_slashes(n1); 253 remove_trailing_slashes(n2); 254 255 ret = !strcmp(n1, n2); 256 257 free(n1); 258 free(n2); 259 260 return ret; 261 } 262 263 static int device_is_debuggable() { 264 int ret = -1; 265 char value[PROP_VALUE_MAX]; 266 ret = __system_property_get("ro.debuggable", value); 267 if (ret < 0) 268 return ret; 269 return strcmp(value, "1") ? 0 : 1; 270 } 271 272 static int device_is_secure() { 273 int ret = -1; 274 char value[PROP_VALUE_MAX]; 275 ret = __system_property_get("ro.secure", value); 276 /* If error, we want to fail secure */ 277 if (ret < 0) 278 return 1; 279 return strcmp(value, "0") ? 1 : 0; 280 } 281 282 static int device_is_force_encrypted() { 283 int ret = -1; 284 char value[PROP_VALUE_MAX]; 285 ret = __system_property_get("ro.vold.forceencryption", value); 286 if (ret < 0) 287 return 0; 288 return strcmp(value, "1") ? 0 : 1; 289 } 290 291 /* 292 * Tries to mount any of the consecutive fstab entries that match 293 * the mountpoint of the one given by fstab->recs[start_idx]. 294 * 295 * end_idx: On return, will be the last rec that was looked at. 296 * attempted_idx: On return, will indicate which fstab rec 297 * succeeded. In case of failure, it will be the start_idx. 298 * Returns 299 * -1 on failure with errno set to match the 1st mount failure. 300 * 0 on success. 301 */ 302 static int mount_with_alternatives(struct fstab *fstab, int start_idx, int *end_idx, int *attempted_idx) 303 { 304 int i; 305 int mount_errno = 0; 306 int mounted = 0; 307 308 if (!end_idx || !attempted_idx || start_idx >= fstab->num_entries) { 309 errno = EINVAL; 310 if (end_idx) *end_idx = start_idx; 311 if (attempted_idx) *end_idx = start_idx; 312 return -1; 313 } 314 315 /* Hunt down an fstab entry for the same mount point that might succeed */ 316 for (i = start_idx; 317 /* We required that fstab entries for the same mountpoint be consecutive */ 318 i < fstab->num_entries && !strcmp(fstab->recs[start_idx].mount_point, fstab->recs[i].mount_point); 319 i++) { 320 /* 321 * Don't try to mount/encrypt the same mount point again. 322 * Deal with alternate entries for the same point which are required to be all following 323 * each other. 324 */ 325 if (mounted) { 326 ERROR("%s(): skipping fstab dup mountpoint=%s rec[%d].fs_type=%s already mounted as %s.\n", __func__, 327 fstab->recs[i].mount_point, i, fstab->recs[i].fs_type, fstab->recs[*attempted_idx].fs_type); 328 continue; 329 } 330 331 if (fstab->recs[i].fs_mgr_flags & MF_CHECK) { 332 check_fs(fstab->recs[i].blk_device, fstab->recs[i].fs_type, 333 fstab->recs[i].mount_point); 334 } 335 if (!__mount(fstab->recs[i].blk_device, fstab->recs[i].mount_point, &fstab->recs[i])) { 336 *attempted_idx = i; 337 mounted = 1; 338 if (i != start_idx) { 339 ERROR("%s(): Mounted %s on %s with fs_type=%s instead of %s\n", __func__, 340 fstab->recs[i].blk_device, fstab->recs[i].mount_point, fstab->recs[i].fs_type, 341 fstab->recs[start_idx].fs_type); 342 } 343 } else { 344 /* back up errno for crypto decisions */ 345 mount_errno = errno; 346 } 347 } 348 349 /* Adjust i for the case where it was still withing the recs[] */ 350 if (i < fstab->num_entries) --i; 351 352 *end_idx = i; 353 if (!mounted) { 354 *attempted_idx = start_idx; 355 errno = mount_errno; 356 return -1; 357 } 358 return 0; 359 } 360 361 static int translate_ext_labels(struct fstab_rec *rec) 362 { 363 DIR *blockdir = NULL; 364 struct dirent *ent; 365 char *label; 366 size_t label_len; 367 int ret = -1; 368 369 if (strncmp(rec->blk_device, "LABEL=", 6)) 370 return 0; 371 372 label = rec->blk_device + 6; 373 label_len = strlen(label); 374 375 if (label_len > 16) { 376 ERROR("FS label is longer than allowed by filesystem\n"); 377 goto out; 378 } 379 380 381 blockdir = opendir("/dev/block"); 382 if (!blockdir) { 383 ERROR("couldn't open /dev/block\n"); 384 goto out; 385 } 386 387 while ((ent = readdir(blockdir))) { 388 int fd; 389 char super_buf[1024]; 390 struct ext4_super_block *sb; 391 392 if (ent->d_type != DT_BLK) 393 continue; 394 395 fd = openat(dirfd(blockdir), ent->d_name, O_RDONLY); 396 if (fd < 0) { 397 ERROR("Cannot open block device /dev/block/%s\n", ent->d_name); 398 goto out; 399 } 400 401 if (TEMP_FAILURE_RETRY(lseek(fd, 1024, SEEK_SET)) < 0 || 402 TEMP_FAILURE_RETRY(read(fd, super_buf, 1024)) != 1024) { 403 /* Probably a loopback device or something else without a readable 404 * superblock. 405 */ 406 close(fd); 407 continue; 408 } 409 410 sb = (struct ext4_super_block *)super_buf; 411 if (sb->s_magic != EXT4_SUPER_MAGIC) { 412 INFO("/dev/block/%s not ext{234}\n", ent->d_name); 413 continue; 414 } 415 416 if (!strncmp(label, sb->s_volume_name, label_len)) { 417 char *new_blk_device; 418 419 if (asprintf(&new_blk_device, "/dev/block/%s", ent->d_name) < 0) { 420 ERROR("Could not allocate block device string\n"); 421 goto out; 422 } 423 424 INFO("resolved label %s to %s\n", rec->blk_device, new_blk_device); 425 426 free(rec->blk_device); 427 rec->blk_device = new_blk_device; 428 ret = 0; 429 break; 430 } 431 } 432 433 out: 434 closedir(blockdir); 435 return ret; 436 } 437 438 // Check to see if a mountable volume has encryption requirements 439 static int handle_encryptable(struct fstab *fstab, const struct fstab_rec* rec) 440 { 441 /* If this is block encryptable, need to trigger encryption */ 442 if ( (rec->fs_mgr_flags & MF_FORCECRYPT) 443 || (device_is_force_encrypted() && fs_mgr_is_encryptable(rec))) { 444 if (umount(rec->mount_point) == 0) { 445 return FS_MGR_MNTALL_DEV_NEEDS_ENCRYPTION; 446 } else { 447 WARNING("Could not umount %s (%s) - allow continue unencrypted\n", 448 rec->mount_point, strerror(errno)); 449 return FS_MGR_MNTALL_DEV_NOT_ENCRYPTED; 450 } 451 } 452 453 // Deal with file level encryption 454 if (rec->fs_mgr_flags & MF_FILEENCRYPTION) { 455 // Default or not yet initialized encryption requires no more work here 456 if (!e4crypt_non_default_key(rec->mount_point)) { 457 INFO("%s is default file encrypted\n", rec->mount_point); 458 return FS_MGR_MNTALL_DEV_DEFAULT_FILE_ENCRYPTED; 459 } 460 461 INFO("%s is non-default file encrypted\n", rec->mount_point); 462 463 // Uses non-default key, so must unmount and set up temp file system 464 if (umount(rec->mount_point)) { 465 ERROR("Failed to umount %s - rebooting\n", rec->mount_point); 466 return FS_MGR_MNTALL_FAIL; 467 } 468 469 if (fs_mgr_do_tmpfs_mount(rec->mount_point) != 0) { 470 ERROR("Failed to mount a tmpfs at %s\n", rec->mount_point); 471 return FS_MGR_MNTALL_FAIL; 472 } 473 474 // Mount data temporarily so we can access unencrypted dir 475 char tmp_mnt[PATH_MAX]; 476 strlcpy(tmp_mnt, rec->mount_point, sizeof(tmp_mnt)); 477 strlcat(tmp_mnt, "/tmp_mnt", sizeof(tmp_mnt)); 478 if (mkdir(tmp_mnt, 0700)) { 479 ERROR("Failed to create temp mount point\n"); 480 return FS_MGR_MNTALL_FAIL; 481 } 482 483 if (fs_mgr_do_mount(fstab, rec->mount_point, 484 rec->blk_device, tmp_mnt)) { 485 ERROR("Error temp mounting encrypted file system\n"); 486 return FS_MGR_MNTALL_FAIL; 487 } 488 489 return FS_MGR_MNTALL_DEV_NON_DEFAULT_FILE_ENCRYPTED; 490 } 491 492 return FS_MGR_MNTALL_DEV_NOT_ENCRYPTED; 493 } 494 495 /* When multiple fstab records share the same mount_point, it will 496 * try to mount each one in turn, and ignore any duplicates after a 497 * first successful mount. 498 * Returns -1 on error, and FS_MGR_MNTALL_* otherwise. 499 */ 500 int fs_mgr_mount_all(struct fstab *fstab) 501 { 502 int i = 0; 503 int encryptable = FS_MGR_MNTALL_DEV_NOT_ENCRYPTED; 504 int error_count = 0; 505 int mret = -1; 506 int mount_errno = 0; 507 int attempted_idx = -1; 508 509 if (!fstab) { 510 return -1; 511 } 512 513 for (i = 0; i < fstab->num_entries; i++) { 514 /* Don't mount entries that are managed by vold */ 515 if (fstab->recs[i].fs_mgr_flags & (MF_VOLDMANAGED | MF_RECOVERYONLY)) { 516 continue; 517 } 518 519 /* Skip swap and raw partition entries such as boot, recovery, etc */ 520 if (!strcmp(fstab->recs[i].fs_type, "swap") || 521 !strcmp(fstab->recs[i].fs_type, "emmc") || 522 !strcmp(fstab->recs[i].fs_type, "mtd")) { 523 continue; 524 } 525 526 /* Translate LABEL= file system labels into block devices */ 527 if (!strcmp(fstab->recs[i].fs_type, "ext2") || 528 !strcmp(fstab->recs[i].fs_type, "ext3") || 529 !strcmp(fstab->recs[i].fs_type, "ext4")) { 530 int tret = translate_ext_labels(&fstab->recs[i]); 531 if (tret < 0) { 532 ERROR("Could not translate label to block device\n"); 533 continue; 534 } 535 } 536 537 if (fstab->recs[i].fs_mgr_flags & MF_WAIT) { 538 wait_for_file(fstab->recs[i].blk_device, WAIT_TIMEOUT); 539 } 540 541 if ((fstab->recs[i].fs_mgr_flags & MF_VERIFY) && device_is_secure()) { 542 int rc = fs_mgr_setup_verity(&fstab->recs[i]); 543 if (device_is_debuggable() && rc == FS_MGR_SETUP_VERITY_DISABLED) { 544 INFO("Verity disabled"); 545 } else if (rc != FS_MGR_SETUP_VERITY_SUCCESS) { 546 ERROR("Could not set up verified partition, skipping!\n"); 547 continue; 548 } 549 } 550 int last_idx_inspected; 551 int top_idx = i; 552 553 mret = mount_with_alternatives(fstab, i, &last_idx_inspected, &attempted_idx); 554 i = last_idx_inspected; 555 mount_errno = errno; 556 557 /* Deal with encryptability. */ 558 if (!mret) { 559 int status = handle_encryptable(fstab, &fstab->recs[attempted_idx]); 560 561 if (status == FS_MGR_MNTALL_FAIL) { 562 /* Fatal error - no point continuing */ 563 return status; 564 } 565 566 if (status != FS_MGR_MNTALL_DEV_NOT_ENCRYPTED) { 567 if (encryptable != FS_MGR_MNTALL_DEV_NOT_ENCRYPTED) { 568 // Log and continue 569 ERROR("Only one encryptable/encrypted partition supported\n"); 570 } 571 encryptable = status; 572 } 573 574 /* Success! Go get the next one */ 575 continue; 576 } 577 578 /* mount(2) returned an error, handle the encryptable/formattable case */ 579 bool wiped = partition_wiped(fstab->recs[top_idx].blk_device); 580 if (mret && mount_errno != EBUSY && mount_errno != EACCES && 581 fs_mgr_is_formattable(&fstab->recs[top_idx]) && wiped) { 582 /* top_idx and attempted_idx point at the same partition, but sometimes 583 * at two different lines in the fstab. Use the top one for formatting 584 * as that is the preferred one. 585 */ 586 ERROR("%s(): %s is wiped and %s %s is formattable. Format it.\n", __func__, 587 fstab->recs[top_idx].blk_device, fstab->recs[top_idx].mount_point, 588 fstab->recs[top_idx].fs_type); 589 if (fs_mgr_is_encryptable(&fstab->recs[top_idx]) && 590 strcmp(fstab->recs[top_idx].key_loc, KEY_IN_FOOTER)) { 591 int fd = open(fstab->recs[top_idx].key_loc, O_WRONLY, 0644); 592 if (fd >= 0) { 593 INFO("%s(): also wipe %s\n", __func__, fstab->recs[top_idx].key_loc); 594 wipe_block_device(fd, get_file_size(fd)); 595 close(fd); 596 } else { 597 ERROR("%s(): %s wouldn't open (%s)\n", __func__, 598 fstab->recs[top_idx].key_loc, strerror(errno)); 599 } 600 } 601 if (fs_mgr_do_format(&fstab->recs[top_idx]) == 0) { 602 /* Let's replay the mount actions. */ 603 i = top_idx - 1; 604 continue; 605 } 606 } 607 if (mret && mount_errno != EBUSY && mount_errno != EACCES && 608 fs_mgr_is_encryptable(&fstab->recs[attempted_idx])) { 609 if (wiped) { 610 ERROR("%s(): %s is wiped and %s %s is encryptable. Suggest recovery...\n", __func__, 611 fstab->recs[attempted_idx].blk_device, fstab->recs[attempted_idx].mount_point, 612 fstab->recs[attempted_idx].fs_type); 613 encryptable = FS_MGR_MNTALL_DEV_NEEDS_RECOVERY; 614 continue; 615 } else { 616 /* Need to mount a tmpfs at this mountpoint for now, and set 617 * properties that vold will query later for decrypting 618 */ 619 ERROR("%s(): possibly an encryptable blkdev %s for mount %s type %s )\n", __func__, 620 fstab->recs[attempted_idx].blk_device, fstab->recs[attempted_idx].mount_point, 621 fstab->recs[attempted_idx].fs_type); 622 if (fs_mgr_do_tmpfs_mount(fstab->recs[attempted_idx].mount_point) < 0) { 623 ++error_count; 624 continue; 625 } 626 } 627 encryptable = FS_MGR_MNTALL_DEV_MIGHT_BE_ENCRYPTED; 628 } else { 629 ERROR("Failed to mount an un-encryptable or wiped partition on" 630 "%s at %s options: %s error: %s\n", 631 fstab->recs[attempted_idx].blk_device, fstab->recs[attempted_idx].mount_point, 632 fstab->recs[attempted_idx].fs_options, strerror(mount_errno)); 633 ++error_count; 634 continue; 635 } 636 } 637 638 if (error_count) { 639 return -1; 640 } else { 641 return encryptable; 642 } 643 } 644 645 /* If tmp_mount_point is non-null, mount the filesystem there. This is for the 646 * tmp mount we do to check the user password 647 * If multiple fstab entries are to be mounted on "n_name", it will try to mount each one 648 * in turn, and stop on 1st success, or no more match. 649 */ 650 int fs_mgr_do_mount(struct fstab *fstab, char *n_name, char *n_blk_device, 651 char *tmp_mount_point) 652 { 653 int i = 0; 654 int ret = FS_MGR_DOMNT_FAILED; 655 int mount_errors = 0; 656 int first_mount_errno = 0; 657 char *m; 658 659 if (!fstab) { 660 return ret; 661 } 662 663 for (i = 0; i < fstab->num_entries; i++) { 664 if (!fs_match(fstab->recs[i].mount_point, n_name)) { 665 continue; 666 } 667 668 /* We found our match */ 669 /* If this swap or a raw partition, report an error */ 670 if (!strcmp(fstab->recs[i].fs_type, "swap") || 671 !strcmp(fstab->recs[i].fs_type, "emmc") || 672 !strcmp(fstab->recs[i].fs_type, "mtd")) { 673 ERROR("Cannot mount filesystem of type %s on %s\n", 674 fstab->recs[i].fs_type, n_blk_device); 675 goto out; 676 } 677 678 /* First check the filesystem if requested */ 679 if (fstab->recs[i].fs_mgr_flags & MF_WAIT) { 680 wait_for_file(n_blk_device, WAIT_TIMEOUT); 681 } 682 683 if (fstab->recs[i].fs_mgr_flags & MF_CHECK) { 684 check_fs(n_blk_device, fstab->recs[i].fs_type, 685 fstab->recs[i].mount_point); 686 } 687 688 if ((fstab->recs[i].fs_mgr_flags & MF_VERIFY) && device_is_secure()) { 689 int rc = fs_mgr_setup_verity(&fstab->recs[i]); 690 if (device_is_debuggable() && rc == FS_MGR_SETUP_VERITY_DISABLED) { 691 INFO("Verity disabled"); 692 } else if (rc != FS_MGR_SETUP_VERITY_SUCCESS) { 693 ERROR("Could not set up verified partition, skipping!\n"); 694 continue; 695 } 696 } 697 698 /* Now mount it where requested */ 699 if (tmp_mount_point) { 700 m = tmp_mount_point; 701 } else { 702 m = fstab->recs[i].mount_point; 703 } 704 if (__mount(n_blk_device, m, &fstab->recs[i])) { 705 if (!first_mount_errno) first_mount_errno = errno; 706 mount_errors++; 707 continue; 708 } else { 709 ret = 0; 710 goto out; 711 } 712 } 713 if (mount_errors) { 714 ERROR("Cannot mount filesystem on %s at %s. error: %s\n", 715 n_blk_device, m, strerror(first_mount_errno)); 716 if (first_mount_errno == EBUSY) { 717 ret = FS_MGR_DOMNT_BUSY; 718 } else { 719 ret = FS_MGR_DOMNT_FAILED; 720 } 721 } else { 722 /* We didn't find a match, say so and return an error */ 723 ERROR("Cannot find mount point %s in fstab\n", fstab->recs[i].mount_point); 724 } 725 726 out: 727 return ret; 728 } 729 730 /* 731 * mount a tmpfs filesystem at the given point. 732 * return 0 on success, non-zero on failure. 733 */ 734 int fs_mgr_do_tmpfs_mount(char *n_name) 735 { 736 int ret; 737 738 ret = mount("tmpfs", n_name, "tmpfs", 739 MS_NOATIME | MS_NOSUID | MS_NODEV, CRYPTO_TMPFS_OPTIONS); 740 if (ret < 0) { 741 ERROR("Cannot mount tmpfs filesystem at %s\n", n_name); 742 return -1; 743 } 744 745 /* Success */ 746 return 0; 747 } 748 749 int fs_mgr_unmount_all(struct fstab *fstab) 750 { 751 int i = 0; 752 int ret = 0; 753 754 if (!fstab) { 755 return -1; 756 } 757 758 while (fstab->recs[i].blk_device) { 759 if (umount(fstab->recs[i].mount_point)) { 760 ERROR("Cannot unmount filesystem at %s\n", fstab->recs[i].mount_point); 761 ret = -1; 762 } 763 i++; 764 } 765 766 return ret; 767 } 768 769 /* This must be called after mount_all, because the mkswap command needs to be 770 * available. 771 */ 772 int fs_mgr_swapon_all(struct fstab *fstab) 773 { 774 int i = 0; 775 int flags = 0; 776 int err = 0; 777 int ret = 0; 778 int status; 779 char *mkswap_argv[2] = { 780 MKSWAP_BIN, 781 NULL 782 }; 783 784 if (!fstab) { 785 return -1; 786 } 787 788 for (i = 0; i < fstab->num_entries; i++) { 789 /* Skip non-swap entries */ 790 if (strcmp(fstab->recs[i].fs_type, "swap")) { 791 continue; 792 } 793 794 if (fstab->recs[i].zram_size > 0) { 795 /* A zram_size was specified, so we need to configure the 796 * device. There is no point in having multiple zram devices 797 * on a system (all the memory comes from the same pool) so 798 * we can assume the device number is 0. 799 */ 800 FILE *zram_fp; 801 802 zram_fp = fopen(ZRAM_CONF_DEV, "r+"); 803 if (zram_fp == NULL) { 804 ERROR("Unable to open zram conf device %s\n", ZRAM_CONF_DEV); 805 ret = -1; 806 continue; 807 } 808 fprintf(zram_fp, "%d\n", fstab->recs[i].zram_size); 809 fclose(zram_fp); 810 } 811 812 if (fstab->recs[i].fs_mgr_flags & MF_WAIT) { 813 wait_for_file(fstab->recs[i].blk_device, WAIT_TIMEOUT); 814 } 815 816 /* Initialize the swap area */ 817 mkswap_argv[1] = fstab->recs[i].blk_device; 818 err = android_fork_execvp_ext(ARRAY_SIZE(mkswap_argv), mkswap_argv, 819 &status, true, LOG_KLOG, false, NULL); 820 if (err) { 821 ERROR("mkswap failed for %s\n", fstab->recs[i].blk_device); 822 ret = -1; 823 continue; 824 } 825 826 /* If -1, then no priority was specified in fstab, so don't set 827 * SWAP_FLAG_PREFER or encode the priority */ 828 if (fstab->recs[i].swap_prio >= 0) { 829 flags = (fstab->recs[i].swap_prio << SWAP_FLAG_PRIO_SHIFT) & 830 SWAP_FLAG_PRIO_MASK; 831 flags |= SWAP_FLAG_PREFER; 832 } else { 833 flags = 0; 834 } 835 err = swapon(fstab->recs[i].blk_device, flags); 836 if (err) { 837 ERROR("swapon failed for %s\n", fstab->recs[i].blk_device); 838 ret = -1; 839 } 840 } 841 842 return ret; 843 } 844 845 /* 846 * key_loc must be at least PROPERTY_VALUE_MAX bytes long 847 * 848 * real_blk_device must be at least PROPERTY_VALUE_MAX bytes long 849 */ 850 int fs_mgr_get_crypt_info(struct fstab *fstab, char *key_loc, char *real_blk_device, int size) 851 { 852 int i = 0; 853 854 if (!fstab) { 855 return -1; 856 } 857 /* Initialize return values to null strings */ 858 if (key_loc) { 859 *key_loc = '\0'; 860 } 861 if (real_blk_device) { 862 *real_blk_device = '\0'; 863 } 864 865 /* Look for the encryptable partition to find the data */ 866 for (i = 0; i < fstab->num_entries; i++) { 867 /* Don't deal with vold managed enryptable partitions here */ 868 if (fstab->recs[i].fs_mgr_flags & MF_VOLDMANAGED) { 869 continue; 870 } 871 if (!(fstab->recs[i].fs_mgr_flags & (MF_CRYPT | MF_FORCECRYPT))) { 872 continue; 873 } 874 875 /* We found a match */ 876 if (key_loc) { 877 strlcpy(key_loc, fstab->recs[i].key_loc, size); 878 } 879 if (real_blk_device) { 880 strlcpy(real_blk_device, fstab->recs[i].blk_device, size); 881 } 882 break; 883 } 884 885 return 0; 886 } 887
