// // Copyright (C) 2015 The Android Open Source Project // // Licensed under the Apache License, Version 2.0 (the "License"); // you may not use this file except in compliance with the License. // You may obtain a copy of the License at // // http://www.apache.org/licenses/LICENSE-2.0 // // Unless required by applicable law or agreed to in writing, software // distributed under the License is distributed on an "AS IS" BASIS, // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. // See the License for the specific language governing permissions and // limitations under the License. // #include "attestation/server/database_impl.h" #include <fcntl.h> #include <sys/stat.h> #include <sys/types.h> #include <unistd.h> #include <string> #include <base/files/file_path.h> #include <base/files/file_util.h> #include <base/files/important_file_writer.h> #include <base/logging.h> #include <base/stl_util.h> #include <brillo/secure_blob.h> using base::FilePath; namespace { const char kDatabasePath[] = "/mnt/stateful_partition/unencrypted/preserve/attestation.epb"; const mode_t kDatabasePermissions = 0600; // A base::FilePathWatcher::Callback that just relays to |callback|. void FileWatcherCallback(const base::Closure& callback, const FilePath&, bool) { callback.Run(); } } // namespace namespace attestation { DatabaseImpl::DatabaseImpl(CryptoUtility* crypto) : io_(this), crypto_(crypto) { } DatabaseImpl::~DatabaseImpl() { brillo::SecureMemset(string_as_array(&database_key_), 0, database_key_.size()); } void DatabaseImpl::Initialize() { // Start thread-checking now. thread_checker_.DetachFromThread(); DCHECK(thread_checker_.CalledOnValidThread()); io_->Watch(base::Bind(base::IgnoreResult(&DatabaseImpl::Reload), base::Unretained(this))); if (!Reload()) { LOG(WARNING) << "Creating new attestation database."; } } const AttestationDatabase& DatabaseImpl::GetProtobuf() const { DCHECK(thread_checker_.CalledOnValidThread()); return protobuf_; } AttestationDatabase* DatabaseImpl::GetMutableProtobuf() { DCHECK(thread_checker_.CalledOnValidThread()); return &protobuf_; } bool DatabaseImpl::SaveChanges() { DCHECK(thread_checker_.CalledOnValidThread()); std::string buffer; if (!EncryptProtobuf(&buffer)) { return false; } return io_->Write(buffer); } bool DatabaseImpl::Reload() { DCHECK(thread_checker_.CalledOnValidThread()); LOG(INFO) << "Loading attestation database."; std::string buffer; if (!io_->Read(&buffer)) { return false; } return DecryptProtobuf(buffer); } bool DatabaseImpl::Read(std::string* data) { const int kMask = base::FILE_PERMISSION_OTHERS_MASK; FilePath path(kDatabasePath); int permissions = 0; if (base::GetPosixFilePermissions(path, &permissions) && (permissions & kMask) != 0) { LOG(WARNING) << "Attempting to fix permissions on attestation database."; base::SetPosixFilePermissions(path, permissions & ~kMask); } if (!base::ReadFileToString(path, data)) { PLOG(ERROR) << "Failed to read attestation database"; return false; } return true; } bool DatabaseImpl::Write(const std::string& data) { FilePath file_path(kDatabasePath); if (!base::CreateDirectory(file_path.DirName())) { LOG(ERROR) << "Cannot create directory: " << file_path.DirName().value(); return false; } if (!base::ImportantFileWriter::WriteFileAtomically(file_path, data)) { LOG(ERROR) << "Failed to write file: " << file_path.value(); return false; } if (!base::SetPosixFilePermissions(file_path, kDatabasePermissions)) { LOG(ERROR) << "Failed to set permissions for file: " << file_path.value(); return false; } // Sync the parent directory. std::string dir_name = file_path.DirName().value(); int dir_fd = HANDLE_EINTR(open(dir_name.c_str(), O_RDONLY|O_DIRECTORY)); if (dir_fd < 0) { PLOG(WARNING) << "Could not open " << dir_name << " for syncing"; return false; } // POSIX specifies EINTR as a possible return value of fsync(). int result = HANDLE_EINTR(fsync(dir_fd)); if (result < 0) { PLOG(WARNING) << "Failed to sync " << dir_name; close(dir_fd); return false; } // close() may not be retried on error. result = IGNORE_EINTR(close(dir_fd)); if (result < 0) { PLOG(WARNING) << "Failed to close after sync " << dir_name; return false; } return true; } void DatabaseImpl::Watch(const base::Closure& callback) { if (!file_watcher_) { file_watcher_.reset(new base::FilePathWatcher()); file_watcher_->Watch(FilePath(kDatabasePath), false, base::Bind(&FileWatcherCallback, callback)); } } bool DatabaseImpl::EncryptProtobuf(std::string* encrypted_output) { std::string serial_proto; if (!protobuf_.SerializeToString(&serial_proto)) { LOG(ERROR) << "Failed to serialize db."; return false; } if (database_key_.empty() || sealed_database_key_.empty()) { if (!crypto_->CreateSealedKey(&database_key_, &sealed_database_key_)) { LOG(ERROR) << "Failed to generate database key."; return false; } } if (!crypto_->EncryptData(serial_proto, database_key_, sealed_database_key_, encrypted_output)) { LOG(ERROR) << "Attestation: Failed to encrypt database."; return false; } return true; } bool DatabaseImpl::DecryptProtobuf(const std::string& encrypted_input) { if (!crypto_->UnsealKey(encrypted_input, &database_key_, &sealed_database_key_)) { LOG(ERROR) << "Attestation: Could not unseal decryption key."; return false; } std::string serial_proto; if (!crypto_->DecryptData(encrypted_input, database_key_, &serial_proto)) { LOG(ERROR) << "Attestation: Failed to decrypt database."; return false; } if (!protobuf_.ParseFromString(serial_proto)) { // Previously the DB was encrypted with CryptoLib::AesEncrypt which appends // a SHA-1. This can be safely ignored. const size_t kLegacyJunkSize = 20; if (serial_proto.size() < kLegacyJunkSize || !protobuf_.ParseFromArray(serial_proto.data(), serial_proto.length() - kLegacyJunkSize)) { LOG(ERROR) << "Failed to parse database."; return false; } } return true; } } // namespace attestation