diff options
| author | Paul Crowley <paulcrowley@google.com> | 2018-05-16 13:41:01 -0700 |
|---|---|---|
| committer | Paul Crowley <paulcrowley@google.com> | 2018-05-17 12:41:39 -0700 |
| commit | c4547885620f75af5c75c4bd59c2e9b6d36f35e3 (patch) | |
| tree | 93674126550107e3356d9fb41fb1ca97eaaf0059 | |
| parent | 0db2d7b9dc463e4db33456b4944bb62d7281ba93 (diff) | |
| download | extras-c4547885620f75af5c75c4bd59c2e9b6d36f35e3.tar.gz | |
Recursively list directories that break encryption
If we're unable to set or change encryption policy because the
directory is not empty, log the contents that cause the problem
Bug: 78592001
Test: adb shell mkdir -p /data/media/10/foo, then create second user
Change-Id: I87cc46f09551728a7949659b21ae0401ae253e5e
| -rw-r--r-- | ext4_utils/Android.bp | 1 | ||||
| -rw-r--r-- | ext4_utils/ext4_crypt.cpp | 25 |
2 files changed, 26 insertions, 0 deletions
diff --git a/ext4_utils/Android.bp b/ext4_utils/Android.bp index 817cdff5..8530c91a 100644 --- a/ext4_utils/Android.bp +++ b/ext4_utils/Android.bp @@ -36,6 +36,7 @@ cc_library { shared_libs: [ "libbase", "libkeyutils", + "liblogwrap", "libselinux", ], diff --git a/ext4_utils/ext4_crypt.cpp b/ext4_utils/ext4_crypt.cpp index f392046a..bdf80b09 100644 --- a/ext4_utils/ext4_crypt.cpp +++ b/ext4_utils/ext4_crypt.cpp @@ -16,6 +16,8 @@ #include "ext4_utils/ext4_crypt.h" +#include <array> + #include <asm/ioctl.h> #include <dirent.h> #include <errno.h> @@ -29,6 +31,8 @@ #include <android-base/file.h> #include <android-base/logging.h> #include <cutils/properties.h> +#include <logwrap/logwrap.h> +#include <utils/misc.h> #define XATTR_NAME_ENCRYPTION_POLICY "encryption.policy" #define EXT4_KEYREF_DELIMITER ((char)'.') @@ -72,6 +76,25 @@ bool e4crypt_is_native() { return !strcmp(value, "file"); } +static void log_lslr(const char* dirname) { + std::array<const char*, 3> argv = {"ls", "-lR", dirname}; + int status = 0; + auto res = + android_fork_execvp(argv.size(), const_cast<char**>(argv.data()), &status, false, true); + if (res != 0) { + PLOG(ERROR) << "ls -lR " << dirname << "failed"; + return; + } + if (!WIFEXITED(status)) { + LOG(ERROR) << "ls -lR " << dirname << " did not exit normally, status: " << status; + return; + } + if (WEXITSTATUS(status) != 0) { + LOG(ERROR) << "ls -lR " << dirname << " returned failure: " << WEXITSTATUS(status); + return; + } +} + static void policy_to_hex(const char* policy, char* hex) { for (size_t i = 0, j = 0; i < EXT4_KEY_DESCRIPTOR_SIZE; i++) { hex[j++] = HEX_LOOKUP[(policy[i] & 0xF0) >> 4]; @@ -178,6 +201,7 @@ static bool e4crypt_policy_get(const char *directory, char *policy, if (ioctl(fd, EXT4_IOC_GET_ENCRYPTION_POLICY, &eep) != 0) { PLOG(ERROR) << "Failed to get encryption policy for " << directory; close(fd); + log_lslr(directory); return false; } close(fd); @@ -216,6 +240,7 @@ static bool e4crypt_policy_check(const char *directory, const char *policy, policy_to_hex(policy, policy_hex); LOG(ERROR) << "Found policy " << existing_policy_hex << " at " << directory << " which doesn't match expected value " << policy_hex; + log_lslr(directory); return false; } LOG(INFO) << "Found policy " << existing_policy_hex << " at " << directory |