diff options
author | Ken Sumrall <ksumrall@android.com> | 2011-10-04 20:38:29 -0700 |
---|---|---|
committer | Ken Sumrall <ksumrall@android.com> | 2011-10-12 19:10:38 -0700 |
commit | 3ad9072a5d6f6bda32123b367545649364e3c11d (patch) | |
tree | aca223fe5d71e2a0f62c7a1d644571532fe3e0e8 /CommandListener.cpp | |
parent | 3be890f59c04f94537f2f66f1d2841ed591f1a6e (diff) | |
download | system_vold-3ad9072a5d6f6bda32123b367545649364e3c11d.zip system_vold-3ad9072a5d6f6bda32123b367545649364e3c11d.tar.gz system_vold-3ad9072a5d6f6bda32123b367545649364e3c11d.tar.bz2 |
Add the new verifypw command to vold/cryptfs
This vold command returns 0 if the given password matches the password
used to decrypt the device on boot. It returns 1 if they don't match,
and it returns -1 on an internal error, and -2 if the device is not encrypted.
Also check the uid of the sender of the command and only allow the root and
system users to issue cryptfs commands.
Change-Id: I5e5ae3b72a2d7814ae68c2d49aa9deb90fb1dac5
Diffstat (limited to 'CommandListener.cpp')
-rw-r--r-- | CommandListener.cpp | 13 |
1 files changed, 13 insertions, 0 deletions
diff --git a/CommandListener.cpp b/CommandListener.cpp index 3a83d2a..97ed2ce 100644 --- a/CommandListener.cpp +++ b/CommandListener.cpp @@ -28,6 +28,7 @@ #include <cutils/log.h> #include <sysutils/SocketClient.h> +#include <private/android_filesystem_config.h> #include "CommandListener.h" #include "VolumeManager.h" @@ -498,6 +499,11 @@ CommandListener::CryptfsCmd::CryptfsCmd() : int CommandListener::CryptfsCmd::runCommand(SocketClient *cli, int argc, char **argv) { + if ((cli->getUid() != 0) && (cli->getUid() != AID_SYSTEM)) { + cli->sendMsg(ResponseCode::CommandNoPermission, "No permission to run cryptfs commands", false); + return 0; + } + if (argc < 2) { cli->sendMsg(ResponseCode::CommandSyntaxError, "Missing Argument", false); return 0; @@ -540,6 +546,13 @@ int CommandListener::CryptfsCmd::runCommand(SocketClient *cli, } SLOGD("cryptfs changepw {}"); rc = cryptfs_changepw(argv[2]); + } else if (!strcmp(argv[1], "verifypw")) { + if (argc != 3) { + cli->sendMsg(ResponseCode::CommandSyntaxError, "Usage: cryptfs verifypw <passwd>", false); + return 0; + } + SLOGD("cryptfs verifypw {}"); + rc = cryptfs_verify_passwd(argv[2]); } else { dumpArgs(argc, argv, -1); cli->sendMsg(ResponseCode::CommandSyntaxError, "Unknown cryptfs cmd", false); |