1 /*
2 * Copyright (C) 2016 The Android Open Source Project
3 *
4 * Licensed under the Apache License, Version 2.0 (the "License");
5 * you may not use this file except in compliance with the License.
6 * You may obtain a copy of the License at
7 *
8 * http://www.apache.org/licenses/LICENSE-2.0
9 *
10 * Unless required by applicable law or agreed to in writing, software
11 * distributed under the License is distributed on an "AS IS" BASIS,
12 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13 * See the License for the specific language governing permissions and
14 * limitations under the License.
15 */
16 #include <errno.h>
17 #include <getopt.h>
18 #include <stdbool.h>
19 #include <stdint.h>
20 #include <stdlib.h>
21 #include <string.h>
22 #include <sys/capability.h>
23 #include <sys/prctl.h>
24 #include <sys/stat.h>
25 #include <unistd.h>
26
27 #include <android/binder_process.h>
28 #include <cutils/android_filesystem_config.h>
29
30 #include "checkpoint_handling.h"
31 #include "ipc.h"
32 #include "log.h"
33 #include "rpmb.h"
34 #include "storage.h"
35 #include "watchdog.h"
36
37 #define REQ_BUFFER_SIZE 4096
38 static uint8_t req_buffer[REQ_BUFFER_SIZE + 1];
39
40 static const char* ss_data_root;
41 static const char* trusty_devname;
42 static const char* rpmb_devname;
43 static const char* ss_srv_name = STORAGE_DISK_PROXY_PORT;
44 static const char* max_file_size_from;
45
46 static enum dev_type dev_type = MMC_RPMB;
47
48 /* List head for storage mapping, elements added at init, and never removed */
49 static struct storage_mapping_node* storage_mapping_head;
50
parse_dev_type(const char * dev_type_name)51 static enum dev_type parse_dev_type(const char* dev_type_name) {
52 if (!strcmp(dev_type_name, "mmc")) {
53 return MMC_RPMB;
54 } else if (!strcmp(dev_type_name, "virt")) {
55 return VIRT_RPMB;
56 } else if (!strcmp(dev_type_name, "sock")) {
57 return SOCK_RPMB;
58 } else if (!strcmp(dev_type_name, "ufs")) {
59 return UFS_RPMB;
60 } else {
61 return UNKNOWN_RPMB;
62 }
63 }
64
parse_and_append_file_mapping(const char * file_mapping)65 static int parse_and_append_file_mapping(const char* file_mapping) {
66 if (file_mapping == NULL) {
67 ALOGE("Provided file mapping is null\n");
68 return -1;
69 }
70 char* file_mapping_dup = strdup(file_mapping);
71 if (file_mapping_dup == NULL) {
72 ALOGE("Couldn't duplicate string: %s\n", file_mapping);
73 return -1;
74 }
75 const char* file_name = strtok(file_mapping_dup, ":");
76 if (file_name == NULL) {
77 ALOGE("No file name found\n");
78 return -1;
79 }
80 const char* backing_storage = strtok(NULL, ":");
81 if (backing_storage == NULL) {
82 ALOGE("No backing storage found\n");
83 return -1;
84 }
85
86 struct storage_mapping_node* new_node = malloc(sizeof(struct storage_mapping_node));
87 if (new_node == NULL) {
88 ALOGE("Couldn't allocate additional storage_mapping_node\n");
89 return -1;
90 }
91 *new_node = (struct storage_mapping_node){.file_name = file_name,
92 .backing_storage = backing_storage,
93 .next = storage_mapping_head,
94 .fd = -1};
95 storage_mapping_head = new_node;
96 return 0;
97 }
98
99 static const char* _sopts = "hp:d:r:t:m:f:";
100 static const struct option _lopts[] = {{"help", no_argument, NULL, 'h'},
101 {"trusty_dev", required_argument, NULL, 'd'},
102 {"data_path", required_argument, NULL, 'p'},
103 {"rpmb_dev", required_argument, NULL, 'r'},
104 {"dev_type", required_argument, NULL, 't'},
105 {"max_file_size_from", required_argument, NULL, 'm'},
106 {"file_storage_mapping", required_argument, NULL, 'f'},
107 {0, 0, 0, 0}};
108
show_usage_and_exit(int code)109 static void show_usage_and_exit(int code) {
110 ALOGE("usage: storageproxyd -d <trusty_dev> -p <data_path> -r <rpmb_dev> -t <dev_type> [-m "
111 "<file>] [-f <file>:<mapping>]\n");
112 ALOGE("Available dev types: mmc, virt\n");
113 ALOGE("-f = Maps secure storage files like `0` and `persist/0`\n"
114 "to block devices. Storageproxyd will handle creating the\n"
115 "appropriate symlinks in the root datapath.\n");
116 ALOGE("-m = Specifies the max size constraint for file backed storages.\n"
117 "The constraint is chosen by giving a file, this allows for passing a\n"
118 "block device for which a max file size can be queried. File based\n"
119 "storages will be constrained to that size as well.\n");
120 exit(code);
121 }
122
handle_req(struct storage_msg * msg,const void * req,size_t req_len)123 static int handle_req(struct storage_msg* msg, const void* req, size_t req_len) {
124 int rc;
125
126 struct watcher* watcher = watch_start("request", msg);
127
128 if ((msg->flags & STORAGE_MSG_FLAG_POST_COMMIT) && msg->cmd != STORAGE_RPMB_SEND &&
129 msg->cmd != STORAGE_FILE_WRITE) {
130 /*
131 * handling post commit messages on commands other than rpmb and write
132 * operations are not implemented as there is no use case for this yet.
133 */
134 ALOGE("cmd 0x%x: post commit option is not implemented\n", msg->cmd);
135 msg->result = STORAGE_ERR_UNIMPLEMENTED;
136 goto err_response;
137 }
138
139 if (msg->flags & STORAGE_MSG_FLAG_PRE_COMMIT) {
140 rc = storage_sync_checkpoint(watcher);
141 if (rc < 0) {
142 msg->result = STORAGE_ERR_SYNC_FAILURE;
143 goto err_response;
144 }
145 }
146
147 if (msg->flags & STORAGE_MSG_FLAG_PRE_COMMIT_CHECKPOINT) {
148 bool is_checkpoint_active = false;
149
150 rc = is_data_checkpoint_active(&is_checkpoint_active);
151 if (rc != 0) {
152 ALOGE("is_data_checkpoint_active failed in an unexpected way. Aborting.\n");
153 msg->result = STORAGE_ERR_GENERIC;
154 goto err_response;
155 } else if (is_checkpoint_active) {
156 ALOGE("Checkpoint in progress, dropping write ...\n");
157 msg->result = STORAGE_ERR_GENERIC;
158 goto err_response;
159 }
160 }
161
162 switch (msg->cmd) {
163 case STORAGE_FILE_DELETE:
164 rc = storage_file_delete(msg, req, req_len, watcher);
165 break;
166
167 case STORAGE_FILE_OPEN:
168 rc = storage_file_open(msg, req, req_len, watcher);
169 break;
170
171 case STORAGE_FILE_CLOSE:
172 rc = storage_file_close(msg, req, req_len, watcher);
173 break;
174
175 case STORAGE_FILE_WRITE:
176 rc = storage_file_write(msg, req, req_len, watcher);
177 break;
178
179 case STORAGE_FILE_READ:
180 rc = storage_file_read(msg, req, req_len, watcher);
181 break;
182
183 case STORAGE_FILE_GET_SIZE:
184 rc = storage_file_get_size(msg, req, req_len, watcher);
185 break;
186
187 case STORAGE_FILE_SET_SIZE:
188 rc = storage_file_set_size(msg, req, req_len, watcher);
189 break;
190
191 case STORAGE_FILE_GET_MAX_SIZE:
192 rc = storage_file_get_max_size(msg, req, req_len, watcher);
193 break;
194
195 case STORAGE_RPMB_SEND:
196 rc = rpmb_send(msg, req, req_len, watcher);
197 break;
198
199 default:
200 ALOGE("unhandled command 0x%x\n", msg->cmd);
201 msg->result = STORAGE_ERR_UNIMPLEMENTED;
202 goto err_response;
203 }
204
205 /* response was sent in handler */
206 goto finish;
207
208 err_response:
209 rc = ipc_respond(msg, NULL, 0);
210
211 finish:
212 watch_finish(watcher);
213 return rc;
214 }
215
proxy_loop(void)216 static int proxy_loop(void) {
217 ssize_t rc;
218 struct storage_msg msg;
219
220 /* enter main message handling loop */
221 while (true) {
222 /* get incoming message */
223 rc = ipc_get_msg(&msg, req_buffer, REQ_BUFFER_SIZE);
224 if (rc < 0) return rc;
225
226 /* handle request */
227 req_buffer[rc] = 0; /* force zero termination */
228 rc = handle_req(&msg, req_buffer, rc);
229 if (rc) return rc;
230 }
231
232 return 0;
233 }
234
parse_args(int argc,char * argv[])235 static void parse_args(int argc, char* argv[]) {
236 int opt;
237 int oidx = 0;
238 int rc = 0;
239
240 while ((opt = getopt_long(argc, argv, _sopts, _lopts, &oidx)) != -1) {
241 switch (opt) {
242 case 'd':
243 trusty_devname = strdup(optarg);
244 break;
245
246 case 'p':
247 ss_data_root = strdup(optarg);
248 break;
249
250 case 'r':
251 rpmb_devname = strdup(optarg);
252 break;
253
254 case 't':
255 dev_type = parse_dev_type(optarg);
256 if (dev_type == UNKNOWN_RPMB) {
257 ALOGE("Unrecognized dev type: %s\n", optarg);
258 show_usage_and_exit(EXIT_FAILURE);
259 }
260 break;
261
262 case 'f':
263 rc = parse_and_append_file_mapping(optarg);
264 if (rc < 0) {
265 ALOGE("Failed to parse file mapping: %s\n", optarg);
266 show_usage_and_exit(EXIT_FAILURE);
267 }
268 break;
269
270 case 'm':
271 max_file_size_from = strdup(optarg);
272 break;
273
274 default:
275 ALOGE("unrecognized option (%c):\n", opt);
276 show_usage_and_exit(EXIT_FAILURE);
277 }
278 }
279
280 if (ss_data_root == NULL || trusty_devname == NULL || rpmb_devname == NULL) {
281 ALOGE("missing required argument(s)\n");
282 show_usage_and_exit(EXIT_FAILURE);
283 }
284
285 ALOGI("starting storageproxyd\n");
286 ALOGI("storage data root: %s\n", ss_data_root);
287 ALOGI("trusty dev: %s\n", trusty_devname);
288 ALOGI("rpmb dev: %s\n", rpmb_devname);
289 ALOGI("File Mappings: \n");
290 const struct storage_mapping_node* curr = storage_mapping_head;
291 for (; curr != NULL; curr = curr->next) {
292 ALOGI("\t%s -> %s\n", curr->file_name, curr->backing_storage);
293 }
294 ALOGI("max file size from: %s\n", max_file_size_from ? max_file_size_from : "(unset)");
295 }
296
main(int argc,char * argv[])297 int main(int argc, char* argv[]) {
298 int rc;
299
300 /*
301 * No access for group and other. We need execute access for user to create
302 * an accessible directory.
303 */
304 umask(S_IRWXG | S_IRWXO);
305
306 /* parse arguments */
307 parse_args(argc, argv);
308
309 /*
310 * Start binder threadpool. At least one extra binder thread is needed to
311 * connect to the wakelock service without relying on polling. If we poll on
312 * the main thread we end up pausing for at least 1s even if the service
313 * starts faster. We set the max thread count to 0 because startThreadPool
314 * "Starts one thread, PLUS those requested in setThreadPoolMaxThreadCount,
315 * PLUS those manually requested in joinThreadPool." We only need a single
316 * binder thread to receive notifications on.
317 */
318 ABinderProcess_setThreadPoolMaxThreadCount(0);
319 ABinderProcess_startThreadPool();
320
321 /* initialize secure storage directory */
322 rc = storage_init(ss_data_root, storage_mapping_head, max_file_size_from);
323 if (rc < 0) return EXIT_FAILURE;
324
325 /* open rpmb device */
326 rc = rpmb_open(rpmb_devname, dev_type);
327 if (rc < 0) return EXIT_FAILURE;
328
329 /* connect to Trusty secure storage server */
330 rc = ipc_connect(trusty_devname, ss_srv_name);
331 if (rc < 0) return EXIT_FAILURE;
332
333 /* enter main loop */
334 rc = proxy_loop();
335 ALOGE("exiting proxy loop with status (%d)\n", rc);
336
337 ipc_disconnect();
338 rpmb_close();
339
340 return (rc < 0) ? EXIT_FAILURE : EXIT_SUCCESS;
341 }
342