1*6a54128fSAndroid Build Coastguard Worker#!/bin/bash 2*6a54128fSAndroid Build Coastguard Worker# 3*6a54128fSAndroid Build Coastguard Worker# This is the script that was used to create the image.gz in this directory. 4*6a54128fSAndroid Build Coastguard Worker# 5*6a54128fSAndroid Build Coastguard Worker# This requires a patched version of debugfs that understands the "fscrypt." 6*6a54128fSAndroid Build Coastguard Worker# xattr name prefix, so that the encryption xattrs can be manipulated. 7*6a54128fSAndroid Build Coastguard Worker 8*6a54128fSAndroid Build Coastguard Workerset -e -u 9*6a54128fSAndroid Build Coastguard Workerumask 0022 10*6a54128fSAndroid Build Coastguard Worker 11*6a54128fSAndroid Build Coastguard Workerdo_debugfs() { 12*6a54128fSAndroid Build Coastguard Worker umount mnt 13*6a54128fSAndroid Build Coastguard Worker debugfs -w "$@" image 14*6a54128fSAndroid Build Coastguard Worker mount image mnt 15*6a54128fSAndroid Build Coastguard Worker} 16*6a54128fSAndroid Build Coastguard Worker 17*6a54128fSAndroid Build Coastguard Workercreate_encrypted_file() { 18*6a54128fSAndroid Build Coastguard Worker local file=$1 19*6a54128fSAndroid Build Coastguard Worker local ino 20*6a54128fSAndroid Build Coastguard Worker 21*6a54128fSAndroid Build Coastguard Worker echo foo > "$file" 22*6a54128fSAndroid Build Coastguard Worker 23*6a54128fSAndroid Build Coastguard Worker # not needed, but makes image more compressible 24*6a54128fSAndroid Build Coastguard Worker ino=$(stat -c %i "$file") 25*6a54128fSAndroid Build Coastguard Worker do_debugfs -R "zap_block -f <$ino> 0" 26*6a54128fSAndroid Build Coastguard Worker} 27*6a54128fSAndroid Build Coastguard Worker 28*6a54128fSAndroid Build Coastguard Workerset_encryption_xattr() { 29*6a54128fSAndroid Build Coastguard Worker local file=$1 30*6a54128fSAndroid Build Coastguard Worker local value=$2 31*6a54128fSAndroid Build Coastguard Worker local ino 32*6a54128fSAndroid Build Coastguard Worker 33*6a54128fSAndroid Build Coastguard Worker ino=$(stat -c %i "$file") 34*6a54128fSAndroid Build Coastguard Worker do_debugfs -R "ea_set <$ino> fscrypt.c $value" 35*6a54128fSAndroid Build Coastguard Worker} 36*6a54128fSAndroid Build Coastguard Worker 37*6a54128fSAndroid Build Coastguard Workerrm_encryption_xattr() { 38*6a54128fSAndroid Build Coastguard Worker local file=$1 39*6a54128fSAndroid Build Coastguard Worker local ino 40*6a54128fSAndroid Build Coastguard Worker 41*6a54128fSAndroid Build Coastguard Worker ino=$(stat -c %i "$file") 42*6a54128fSAndroid Build Coastguard Worker do_debugfs -R "ea_rm <$ino> fscrypt.c" 43*6a54128fSAndroid Build Coastguard Worker} 44*6a54128fSAndroid Build Coastguard Worker 45*6a54128fSAndroid Build Coastguard Workerclear_encrypt_flag() { 46*6a54128fSAndroid Build Coastguard Worker local file=$1 47*6a54128fSAndroid Build Coastguard Worker local ino 48*6a54128fSAndroid Build Coastguard Worker 49*6a54128fSAndroid Build Coastguard Worker ino=$(stat -c %i "$file") 50*6a54128fSAndroid Build Coastguard Worker do_debugfs -R "set_inode_field <$ino> flags 0" 51*6a54128fSAndroid Build Coastguard Worker} 52*6a54128fSAndroid Build Coastguard Worker 53*6a54128fSAndroid Build Coastguard Workerclear_encryption() { 54*6a54128fSAndroid Build Coastguard Worker local file=$1 55*6a54128fSAndroid Build Coastguard Worker local ino 56*6a54128fSAndroid Build Coastguard Worker local is_symlink=false 57*6a54128fSAndroid Build Coastguard Worker 58*6a54128fSAndroid Build Coastguard Worker if [ -L "$file" ]; then 59*6a54128fSAndroid Build Coastguard Worker is_symlink=true 60*6a54128fSAndroid Build Coastguard Worker fi 61*6a54128fSAndroid Build Coastguard Worker ino=$(stat -c %i "$file") 62*6a54128fSAndroid Build Coastguard Worker 63*6a54128fSAndroid Build Coastguard Worker do_debugfs -R "ea_rm <$ino> fscrypt.c" 64*6a54128fSAndroid Build Coastguard Worker do_debugfs -R "set_inode_field <$ino> flags 0" 65*6a54128fSAndroid Build Coastguard Worker if $is_symlink; then 66*6a54128fSAndroid Build Coastguard Worker do_debugfs -R "set_inode_field <$ino> block[0] 0xAAAAAAAA" 67*6a54128fSAndroid Build Coastguard Worker do_debugfs -R "set_inode_field <$ino> block[1] 0" 68*6a54128fSAndroid Build Coastguard Worker do_debugfs -R "set_inode_field <$ino> size 4" 69*6a54128fSAndroid Build Coastguard Worker fi 70*6a54128fSAndroid Build Coastguard Worker} 71*6a54128fSAndroid Build Coastguard Worker 72*6a54128fSAndroid Build Coastguard Workermkdir -p mnt 73*6a54128fSAndroid Build Coastguard Workerumount mnt &> /dev/null || true 74*6a54128fSAndroid Build Coastguard Worker 75*6a54128fSAndroid Build Coastguard Workerdd if=/dev/zero of=image bs=4096 count=128 76*6a54128fSAndroid Build Coastguard Workermke2fs -O encrypt -b 4096 -N 128 image 77*6a54128fSAndroid Build Coastguard Workermount image mnt 78*6a54128fSAndroid Build Coastguard Worker 79*6a54128fSAndroid Build Coastguard Worker# Create an encrypted directory (ino 12) 80*6a54128fSAndroid Build Coastguard Workerdir=mnt/edir 81*6a54128fSAndroid Build Coastguard Workermkdir $dir 82*6a54128fSAndroid Build Coastguard Workerecho password | e4crypt add_key $dir 83*6a54128fSAndroid Build Coastguard Worker 84*6a54128fSAndroid Build Coastguard Worker# Control cases: valid encrypted regular file, dir, and symlink (ino 13-15) 85*6a54128fSAndroid Build Coastguard Workercreate_encrypted_file $dir/encrypted_file 86*6a54128fSAndroid Build Coastguard Workermkdir $dir/encrypted_dir 87*6a54128fSAndroid Build Coastguard Workerln -s target $dir/encrypted_symlink 88*6a54128fSAndroid Build Coastguard Worker 89*6a54128fSAndroid Build Coastguard Worker# Control case: file type that is never encrypted (ino 16) 90*6a54128fSAndroid Build Coastguard Workermkfifo $dir/fifo 91*6a54128fSAndroid Build Coastguard Worker 92*6a54128fSAndroid Build Coastguard Worker# Inodes with missing encryption xattr (ino 17-18). 93*6a54128fSAndroid Build Coastguard Worker# e2fsck should offer to clear the encrypt flag on these inodes. 94*6a54128fSAndroid Build Coastguard Worker 95*6a54128fSAndroid Build Coastguard Workercreate_encrypted_file $dir/missing_xattr_file 96*6a54128fSAndroid Build Coastguard Workerrm_encryption_xattr $dir/missing_xattr_file 97*6a54128fSAndroid Build Coastguard Worker 98*6a54128fSAndroid Build Coastguard Workermkdir $dir/missing_xattr_dir 99*6a54128fSAndroid Build Coastguard Workerrm_encryption_xattr $dir/missing_xattr_dir 100*6a54128fSAndroid Build Coastguard Worker 101*6a54128fSAndroid Build Coastguard Worker# Inodes with corrupt encryption xattr (ino 19-22). 102*6a54128fSAndroid Build Coastguard Worker# e2fsck should offer to clear these inodes. 103*6a54128fSAndroid Build Coastguard Worker 104*6a54128fSAndroid Build Coastguard Workercreate_encrypted_file $dir/corrupt_xattr_1 105*6a54128fSAndroid Build Coastguard Workerset_encryption_xattr $dir/corrupt_xattr_1 '\0' 106*6a54128fSAndroid Build Coastguard Worker 107*6a54128fSAndroid Build Coastguard Workercreate_encrypted_file $dir/corrupt_xattr_2 108*6a54128fSAndroid Build Coastguard Workerset_encryption_xattr $dir/corrupt_xattr_2 \ 109*6a54128fSAndroid Build Coastguard Worker '\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0' 110*6a54128fSAndroid Build Coastguard Worker 111*6a54128fSAndroid Build Coastguard Workercreate_encrypted_file $dir/corrupt_xattr_3 112*6a54128fSAndroid Build Coastguard Workerset_encryption_xattr $dir/corrupt_xattr_3 '\1' 113*6a54128fSAndroid Build Coastguard Worker 114*6a54128fSAndroid Build Coastguard Workercreate_encrypted_file $dir/corrupt_xattr_4 115*6a54128fSAndroid Build Coastguard Workerset_encryption_xattr $dir/corrupt_xattr_4 '\2' 116*6a54128fSAndroid Build Coastguard Worker 117*6a54128fSAndroid Build Coastguard Worker# Unencrypted inodes in encrypted directory (ino 23-25). 118*6a54128fSAndroid Build Coastguard Worker# e2fsck should offer to clear these directory entries. 119*6a54128fSAndroid Build Coastguard Worker 120*6a54128fSAndroid Build Coastguard Workercreate_encrypted_file $dir/unencrypted_file 121*6a54128fSAndroid Build Coastguard Workerclear_encryption $dir/unencrypted_file 122*6a54128fSAndroid Build Coastguard Worker 123*6a54128fSAndroid Build Coastguard Workermkdir $dir/unencrypted_dir 124*6a54128fSAndroid Build Coastguard Workerclear_encryption $dir/unencrypted_dir 125*6a54128fSAndroid Build Coastguard Worker 126*6a54128fSAndroid Build Coastguard Workerln -s target $dir/unencrypted_symlink 127*6a54128fSAndroid Build Coastguard Workerclear_encryption $dir/unencrypted_symlink 128*6a54128fSAndroid Build Coastguard Worker 129*6a54128fSAndroid Build Coastguard Worker# Inodes with different encryption policy in encrypted directory (ino 26-29). 130*6a54128fSAndroid Build Coastguard Worker# e2fsck should offer to clear these directory entries. 131*6a54128fSAndroid Build Coastguard Worker 132*6a54128fSAndroid Build Coastguard Workerxattr='\1\1\4\0AAAAAAAABBBBBBBBBBBBBBBB' 133*6a54128fSAndroid Build Coastguard Worker 134*6a54128fSAndroid Build Coastguard Workercreate_encrypted_file $dir/inconsistent_file_1 135*6a54128fSAndroid Build Coastguard Workerset_encryption_xattr $dir/inconsistent_file_1 $xattr 136*6a54128fSAndroid Build Coastguard Worker 137*6a54128fSAndroid Build Coastguard Workermkdir $dir/inconsistent_dir 138*6a54128fSAndroid Build Coastguard Workerset_encryption_xattr $dir/inconsistent_dir $xattr 139*6a54128fSAndroid Build Coastguard Worker 140*6a54128fSAndroid Build Coastguard Workerln -s target $dir/inconsistent_symlink 141*6a54128fSAndroid Build Coastguard Workerset_encryption_xattr $dir/inconsistent_symlink $xattr 142*6a54128fSAndroid Build Coastguard Worker 143*6a54128fSAndroid Build Coastguard Workerxattr='\2\1\4\0\0\0\0\0AAAAAAAAAAAAAAAABBBBBBBBBBBBBBBB' 144*6a54128fSAndroid Build Coastguard Workercreate_encrypted_file $dir/inconsistent_file_2 145*6a54128fSAndroid Build Coastguard Workerset_encryption_xattr $dir/inconsistent_file_2 $xattr 146*6a54128fSAndroid Build Coastguard Worker 147*6a54128fSAndroid Build Coastguard Worker# Encrypted file and directory with valid v2 encryption policy (ino 30-31). 148*6a54128fSAndroid Build Coastguard Worker# e2fsck shouldn't change these. 149*6a54128fSAndroid Build Coastguard Workerdir2=mnt/edir2 150*6a54128fSAndroid Build Coastguard Workermkdir $dir2 151*6a54128fSAndroid Build Coastguard Workerecho password | e4crypt add_key $dir2 152*6a54128fSAndroid Build Coastguard Workerxattr='\2\1\4\0\0\0\0\0AAAAAAAAAAAAAAAABBBBBBBBBBBBBBBB' 153*6a54128fSAndroid Build Coastguard Workercreate_encrypted_file $dir2/file 154*6a54128fSAndroid Build Coastguard Workerset_encryption_xattr $dir2/file $xattr 155*6a54128fSAndroid Build Coastguard Workerset_encryption_xattr $dir2 $xattr 156*6a54128fSAndroid Build Coastguard Worker 157*6a54128fSAndroid Build Coastguard Worker# Encrypted file and directory with unrecognized encryption policy version 158*6a54128fSAndroid Build Coastguard Worker# (ino 32-33). e2fsck shouldn't change these. 159*6a54128fSAndroid Build Coastguard Workerdir3=mnt/edir3 160*6a54128fSAndroid Build Coastguard Workermkdir $dir3 161*6a54128fSAndroid Build Coastguard Workerecho password | e4crypt add_key $dir3 162*6a54128fSAndroid Build Coastguard Workerxattr='\3' 163*6a54128fSAndroid Build Coastguard Workercreate_encrypted_file $dir3/file 164*6a54128fSAndroid Build Coastguard Workerset_encryption_xattr $dir3/file $xattr 165*6a54128fSAndroid Build Coastguard Workerset_encryption_xattr $dir3 $xattr 166*6a54128fSAndroid Build Coastguard Worker 167*6a54128fSAndroid Build Coastguard Workerumount mnt 168*6a54128fSAndroid Build Coastguard Workerrmdir mnt 169*6a54128fSAndroid Build Coastguard Workergzip -9 -f image 170