[t17] Support device encryption with default password

install_zip/prebuilt-installer/scripts/inject_boot.sh

@@ -6,5 +6,8 @@ if [ ! -e "$BOOT_DEV" ]; then
     return 1
 fi
 
-/tmp/multirom/trampoline --inject="$BOOT_DEV" --mrom_dir="/tmp_multirom" -f
+chmod 755 /tmp/multirom/trampoline
+chmod 755 /tmp/multirom/busybox
+chmod 755 /tmp/multirom/lz4
+/tmp/multirom/trampoline --inject="$BOOT_DEV" --mrom_dir="/tmp/multirom" -f
 return $?

lib/fstab.c

@@ -77,6 +77,9 @@ struct fstab *fstab_load(const char *path, int resolve_symlinks)
     char line[1024];
     int len, is_dev_on_line = 0;
     struct fstab_part *part = NULL;
+
+    t->path = strdup(path);
+
     while((p = fgets(line, sizeof(line), f)))
     {
         len = strlen(line);
@@ -204,6 +207,7 @@ int fstab_save(struct fstab *f, const char *path)
 void fstab_destroy(struct fstab *f)
 {
     list_clear(&f->parts, fstab_destroy_part);
+    free(f->path);
     free(f);
 }
 
@@ -415,3 +419,20 @@ void fstab_add_part_struct(struct fstab *f, struct fstab_part *p)
     list_add(&f->parts, p);
     ++f->count;
 }
+
+void fstab_update_device(struct fstab *f, const char *oldDev, const char *newDev)
+{
+    int i;
+    char *tmp = strdup(oldDev);
+
+    for(i = 0; i < f->count; ++i)
+    {
+        if(strcmp(f->parts[i]->device, tmp) == 0)
+        {
+            f->parts[i]->device = realloc(f->parts[i]->device, strlen(newDev)+1);
+            strcpy(f->parts[i]->device, newDev);
+        }
+    }
+
+    free(tmp);
+}

lib/fstab.h

@@ -34,6 +34,7 @@ struct fstab
 {
     int version;
     int count;
+    char *path;
     struct fstab_part **parts;
 };
 
@@ -51,6 +52,7 @@ int fstab_disable_parts(struct fstab *f, const char *path);
 void fstab_add_part(struct fstab *f, const char *dev, const char *path, const char *type, const char *options, const char *options2);
 void fstab_add_part_struct(struct fstab *f, struct fstab_part *p);
 struct fstab_part *fstab_clone_part(struct fstab_part *p);
+void fstab_update_device(struct fstab *f, const char *oldDev, const char *newDev);
 
 
 #endif

lib/inject.c

@@ -132,7 +132,7 @@ static int inject_rd(const char *path)
     int r = run_cmd(cmd);
     if(r != 0)
     {
-        ERROR("Failed to unpack ramdisk!\n");
+        ERROR("Failed to unpack ramdisk! %s\n", buff);
         goto fail;
     }
 

lib/util.c

@@ -375,6 +375,11 @@ char *run_get_stdout(char **cmd)
 }
 
 char *run_get_stdout_with_exit(char **cmd, int *exit_code)
+{
+    return run_get_stdout_with_exit_with_env(cmd, exit_code, NULL);
+}
+
+char *run_get_stdout_with_exit_with_env(char **cmd, int *exit_code, char *const *envp)
 {
    int fd[2];
    if(pipe(fd) < 0)
@@ -395,7 +400,7 @@ char *run_get_stdout_with_exit(char **cmd, int *exit_code)
         dup2(fd[1], 2);  // send stderr to the pipe
         close(fd[1]);
 
-        execv(cmd[0], cmd);
+        execvpe(cmd[0], cmd, envp);
         _exit(127);
     }
     else

lib/util.h

@@ -40,6 +40,7 @@ int remove_dir(const char *dir);
 int run_cmd(char **cmd);
 char *run_get_stdout(char **cmd);
 char *run_get_stdout_with_exit(char **cmd, int *exit_code);
+char *run_get_stdout_with_exit_with_env(char **cmd, int *exit_code, char *const *envp);
 char *readlink_recursive(const char *link);
 void stdio_to_null();
 char *parse_string(char *src);

multirom_ui_portrait.c

@@ -142,15 +142,12 @@ static void header_set_tab_selector_pos(multirom_theme_data *t, float pos)
     t->selected_tab_rect->w = dest_w;
 }
 
-#include "lib/keyboard.h"
 static void tab_rom_init(multirom_theme_data *t, tab_data_roms *d, int tab_type)
 {
     d->list->x = LISTVIEW_MARGIN;
     d->list->y = HEADER_HEIGHT+LISTVIEW_MARGIN;
     d->list->w = fb_width - LISTVIEW_MARGIN;
     d->list->h = fb_height - d->list->y - LISTVIEW_MARGIN;
-
-    keyboard_create(0, (fb_height/3)*2, fb_width, fb_height/3);
 }
 
 static void tab_misc_init(multirom_theme_data *t, tab_data_misc *d, int color_scheme)

trampoline/Android.mk

@@ -36,7 +36,8 @@ endif
 endif
 
 ifeq ($(MR_ENCRYPTION),true)
-LOCAL_CFLAGS += -DMR_ENCRYPTION
+    LOCAL_CFLAGS += -DMR_ENCRYPTION
+    LOCAL_SRC_FILES += encryption.c
 endif
 
 include $(BUILD_EXECUTABLE)

trampoline/devices.c

@@ -56,6 +56,12 @@
 #define UEVENT_ERR(x...)
 #endif
 
+#if 0
+#define DEBUG(x...) INFO(x)
+#else
+#define DEBUG(x...)
+#endif
+
 #define SYSFS_PREFIX    "/sys"
 #define FIRMWARE_DIR1   "/etc/firmware"
 #define FIRMWARE_DIR2   "/vendor/firmware"
@@ -95,7 +101,7 @@ static void init_single_path(const char *path)
     int fd, dfd;
     DIR *d;
 
-    INFO("Initializing device %s", path);
+    DEBUG("Initializing device %s", path);
     d = opendir(path);
     if(!d)
     {
@@ -283,7 +289,7 @@ void fixup_sys_perms(const char *upath)
             return;
 
         sprintf(buf,"/sys%s/%s", upath, dp->attr);
-        INFO("fixup %s %d %d 0%o\n", buf, dp->uid, dp->gid, dp->perm);
+        DEBUG("fixup %s %d %d 0%o\n", buf, dp->uid, dp->gid, dp->perm);
         chown(buf, dp->uid, dp->gid);
         chmod(buf, dp->perm);
     }
@@ -405,7 +411,7 @@ static void add_platform_device(const char *path)
             return;
     }
 
-    INFO("adding platform device %s (%s)\n", name, path);
+    DEBUG("adding platform device %s (%s)\n", name, path);
 
     bus = calloc(1, sizeof(struct platform_node));
     bus->path = strdup(path);
@@ -444,7 +450,7 @@ static void remove_platform_device(const char *path)
     list_for_each_reverse(node, &platform_names) {
         bus = node_to_item(node, struct platform_node, list);
         if (!strcmp(path, bus->path)) {
-            INFO("removing platform device %s\n", bus->name);
+            DEBUG("removing platform device %s\n", bus->name);
             free(bus->path);
             list_remove(node);
             free(bus);
@@ -602,7 +608,7 @@ static char **parse_platform_block_device(struct uevent *uevent)
         return NULL;
     memset(links, 0, sizeof(char *) * 4);
 
-    INFO("found platform device %s\n", device);
+    DEBUG("found platform device %s\n", device);
 
     snprintf(link_path, sizeof(link_path), "/dev/block/platform/%s", device);
 
@@ -872,7 +878,7 @@ static void process_firmware_event(struct uevent *uevent)
     int l, loading_fd, data_fd, fw_fd;
     int booting = is_booting();
 
-    INFO("firmware: loading '%s' for '%s'\n",
+    DEBUG("firmware: loading '%s' for '%s'\n",
          uevent->firmware, uevent->path);
 
     l = asprintf(&root, SYSFS_PREFIX"%s/", uevent->path);
@@ -916,16 +922,16 @@ try_loading_again:
                 booting = is_booting();
                 goto try_loading_again;
             }
-            INFO("firmware: could not open '%s' %d\n", uevent->firmware, errno);
+            ERROR("firmware: could not open '%s' %d\n", uevent->firmware, errno);
             write(loading_fd, "-1", 2);
             goto data_close_out;
         }
     }
 
     if(!load_firmware(fw_fd, loading_fd, data_fd))
-        INFO("firmware: copy success { '%s', '%s' }\n", root, uevent->firmware);
+        DEBUG("firmware: copy success { '%s', '%s' }\n", root, uevent->firmware);
     else
-        INFO("firmware: copy failure { '%s', '%s' }\n", root, uevent->firmware);
+        ERROR("firmware: copy failure { '%s', '%s' }\n", root, uevent->firmware);
 
     close(fw_fd);
 data_close_out:

trampoline/encryption.c

@@ -0,0 +1,98 @@
+/*
+ * This file is part of MultiROM.
+ *
+ * MultiROM is free software: you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation, either version 3 of the License, or
+ * (at your option) any later version.
+ *
+ * MultiROM is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with MultiROM.  If not, see <http://www.gnu.org/licenses/>.
+ */
+
+#include <stdlib.h>
+#include <unistd.h>
+#include <ctype.h>
+#include <stdio.h>
+
+#include "../lib/fstab.h"
+#include "../lib/util.h"
+#include "../lib/log.h"
+
+static char encmnt_cmd_arg[64] = { 0 };
+static char *const encmnt_cmd[] = { "/mrom_enc/trampoline_encmnt", encmnt_cmd_arg, NULL };
+static char *const encmnt_envp[] = { "LD_LIBRARY_PATH=/mrom_enc/", NULL };
+
+int encryption_before_mount(struct fstab *fstab)
+{
+    int exit_code = -1;
+    char *output = NULL, *itr;
+    int res = -1;
+
+    mkdir_recursive("/system/bin", 0755);
+    remove("/system/bin/linker");
+    symlink("/mrom_enc/linker", "/system/bin/linker");
+    chmod("/mrom_enc/linker", 0775);
+    chmod("/mrom_enc/trampoline_encmnt", 0775);
+
+    INFO("Running trampoline_encmnt");
+
+    strcpy(encmnt_cmd_arg, "decrypt");
+    output = run_get_stdout_with_exit_with_env(encmnt_cmd, &exit_code, encmnt_envp);
+    if(exit_code != 0 || !output)
+    {
+        ERROR("Failed to run trampoline_encmnt: %s", output);
+        goto exit;
+    }
+
+    itr = output + strlen(output) - 1;
+    while(itr >= output && isspace(*itr))
+        *itr-- = 0;
+
+    if(!strstartswith(output, "/dev"))
+    {
+        ERROR("Invalid trampoline_encmnt output: %s", output);
+        goto exit;
+    }
+
+    struct fstab_part *datap = fstab_find_first_by_path(fstab, "/data");
+    if(!datap)
+    {
+        ERROR("Failed to find /data in fstab!");
+        goto exit;
+    }
+
+    INFO("Updating device %s to %s in fstab due to encryption.", datap->device, output);
+    fstab_update_device(fstab, datap->device, output);
+    fstab_dump(fstab);
+
+    res = 0;
+exit:
+    free(output);
+    return res;
+}
+
+int encryption_destroy(void)
+{
+    int res = -1;
+    int exit_code = -1;
+    char *output = NULL;
+
+    strcpy(encmnt_cmd_arg, "remove");
+    output = run_get_stdout_with_exit_with_env(encmnt_cmd, &exit_code, encmnt_envp);
+    if(exit_code != 0)
+    {
+        ERROR("Failed to run trampoline_encmnt: %s", output);
+        goto exit;
+    }
+
+    res = 0;
+exit:
+    free(output);
+    return res;
+}

trampoline/encryption.h

@@ -0,0 +1,29 @@
+/*
+ * This file is part of MultiROM.
+ *
+ * MultiROM is free software: you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation, either version 3 of the License, or
+ * (at your option) any later version.
+ *
+ * MultiROM is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with MultiROM.  If not, see <http://www.gnu.org/licenses/>.
+ */
+
+#ifndef ENCRYPTION_H
+#define ENCRYPTION_H
+
+#ifdef MR_ENCRYPTION
+int encryption_before_mount(struct fstab *fstab);
+int encryption_destroy(void);
+#else
+int encryption_before_mount(struct fstab *) { return 0; }
+int encryption_destroy(void) { return 0; }
+#endif
+
+#endif

trampoline/trampoline.c

@@ -33,6 +33,7 @@
 #include "../version.h"
 #include "adb.h"
 #include "../hooks.h"
+#include "encryption.h"
 
 #define EXEC_MASK (S_IRWXU | S_IRGRP | S_IXGRP | S_IROTH | S_IXOTH)
 #define REALDATA "/realdata"
@@ -124,11 +125,8 @@ static void mount_and_run(struct fstab *fstab)
 
     mkdir(REALDATA, 0755);
 
-    // REMOVE. DEBUGGING
-    while(1)
-    {
-        sleep(1);
-    }
+    if(encryption_before_mount(fstab) < 0)
+        ERROR("Decryption failed, trying to mount anyway - might be unencrypted device.");
 
     int mount_err = -1;
     struct fstab_part *p_itr = p;
@@ -185,9 +183,17 @@ static void mount_and_run(struct fstab *fstab)
         return;
     }
 
-    adb_init(path_multirom);
+    //adb_init(path_multirom);
     run_multirom();
     adb_quit();
+
+    return;
+fail:
+    // REMOVE. DEBUGGING
+    while(1)
+    {
+        sleep(1);
+    }
 }
 
 static int is_charger_mode(void)
@@ -290,6 +296,10 @@ int main(int argc, char *argv[])
     mount("sysfs", "/sys", "sysfs", 0, NULL);
 
     klog_init();
+    // output all messages to dmesg,
+    // but it is possible to filter out INFO messages
+    klog_set_level(6);
+
     mrom_set_log_tag("trampoline");
     ERROR("Running trampoline v%d\n", VERSION_TRAMPOLINE);
 
@@ -344,6 +354,7 @@ run_main_init:
         rmdir("/dev/socket");
         rmdir("/dev");
         rmdir(REALDATA);
+        encryption_destroy();
     }
 
     umount("/proc");

trampoline_encmnt/encmnt.c

@@ -61,7 +61,8 @@ exit:
 static void print_help(char *argv[]) {
     printf("Usage: %s COMMAND ARGUMENTS\n"
         "Available commands:\n"
-        "     decrypt PASSWORD - mount encrypted data partition to /realdata using PASSWORD\n"
+        "     decrypt PASSWORD - decrypt data using PASSWORD.\n"
+        "             Prints out dm block device path on success.\n"
         "     remove - unmounts encrypted data\n"
         "     pwtype - prints password type as integer\n",
         argv[0]);
@@ -171,6 +172,12 @@ int main(int argc, char *argv[])
     struct fstab_part *p;
     char *argument = NULL;
 
+    klog_init();
+
+    // output all messages to dmesg,
+    // but it is possible to filter out INFO messages
+    klog_set_level(6);
+
     mrom_set_log_tag("trampoline_encmnt");
     mrom_set_dir("/adb_sbin/");
 

trampoline_encmnt/pw_ui.c

@@ -45,7 +45,6 @@ int pw_ui_run(int pwtype)
 
     stop_input_thread();
 
-    fb_clear();
     fb_close();
     return -1;
 }

version.h

@@ -18,7 +18,7 @@
 #ifndef VERSION_H
 #define VERSION_H
     #define VERSION_MULTIROM 31
-    #define VERSION_TRAMPOLINE 16
+    #define VERSION_TRAMPOLINE 17
 
     // For device-specific fixes. Use letters, the version will then be like "12a"
     #define VERSION_DEV_FIX ""