Add the new verifypw command to vold/cryptfs

This vold command returns 0 if the given password matches the password
used to decrypt the device on boot.  It returns 1 if they don't match,
and it returns -1 on an internal error, and -2 if the device is not encrypted.

Also check the uid of the sender of the command and only allow the root and
system users to issue cryptfs commands.

Change-Id: I5e5ae3b72a2d7814ae68c2d49aa9deb90fb1dac5

1 files changed, 13 insertions, 0 deletions

diff --git a/CommandListener.cpp b/CommandListener.cpp
index 3a83d2a..97ed2ce 100644
--- a/CommandListener.cpp
+++ b/CommandListener.cpp
@@ -28,6 +28,7 @@
 #include <cutils/log.h>
 
 #include <sysutils/SocketClient.h>
+#include <private/android_filesystem_config.h>
 
 #include "CommandListener.h"
 #include "VolumeManager.h"
@@ -498,6 +499,11 @@ CommandListener::CryptfsCmd::CryptfsCmd() :
 
 int CommandListener::CryptfsCmd::runCommand(SocketClient *cli,
                                                       int argc, char **argv) {
+    if ((cli->getUid() != 0) && (cli->getUid() != AID_SYSTEM)) {
+        cli->sendMsg(ResponseCode::CommandNoPermission, "No permission to run cryptfs commands", false);
+        return 0;
+    }
+
     if (argc < 2) {
         cli->sendMsg(ResponseCode::CommandSyntaxError, "Missing Argument", false);
         return 0;
@@ -540,6 +546,13 @@ int CommandListener::CryptfsCmd::runCommand(SocketClient *cli,
         } 
         SLOGD("cryptfs changepw {}");
         rc = cryptfs_changepw(argv[2]);
+    } else if (!strcmp(argv[1], "verifypw")) {
+        if (argc != 3) {
+            cli->sendMsg(ResponseCode::CommandSyntaxError, "Usage: cryptfs verifypw <passwd>", false);
+            return 0;
+        }
+        SLOGD("cryptfs verifypw {}");
+        rc = cryptfs_verify_passwd(argv[2]);
     } else {
         dumpArgs(argc, argv, -1);
         cli->sendMsg(ResponseCode::CommandSyntaxError, "Unknown cryptfs cmd", false);