1417e23fa8c8c8f9dd77a19e60c47b46d5454000dMattias Nissler/* 2417e23fa8c8c8f9dd77a19e60c47b46d5454000dMattias Nissler * Copyright (C) 2016 The Android Open Source Project 3417e23fa8c8c8f9dd77a19e60c47b46d5454000dMattias Nissler * 4417e23fa8c8c8f9dd77a19e60c47b46d5454000dMattias Nissler * Licensed under the Apache License, Version 2.0 (the "License"); 5417e23fa8c8c8f9dd77a19e60c47b46d5454000dMattias Nissler * you may not use this file except in compliance with the License. 6417e23fa8c8c8f9dd77a19e60c47b46d5454000dMattias Nissler * You may obtain a copy of the License at 7417e23fa8c8c8f9dd77a19e60c47b46d5454000dMattias Nissler * 8417e23fa8c8c8f9dd77a19e60c47b46d5454000dMattias Nissler * http://www.apache.org/licenses/LICENSE-2.0 9417e23fa8c8c8f9dd77a19e60c47b46d5454000dMattias Nissler * 10417e23fa8c8c8f9dd77a19e60c47b46d5454000dMattias Nissler * Unless required by applicable law or agreed to in writing, software 11417e23fa8c8c8f9dd77a19e60c47b46d5454000dMattias Nissler * distributed under the License is distributed on an "AS IS" BASIS, 12417e23fa8c8c8f9dd77a19e60c47b46d5454000dMattias Nissler * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13417e23fa8c8c8f9dd77a19e60c47b46d5454000dMattias Nissler * See the License for the specific language governing permissions and 14417e23fa8c8c8f9dd77a19e60c47b46d5454000dMattias Nissler * limitations under the License. 15417e23fa8c8c8f9dd77a19e60c47b46d5454000dMattias Nissler */ 16417e23fa8c8c8f9dd77a19e60c47b46d5454000dMattias Nissler 17417e23fa8c8c8f9dd77a19e60c47b46d5454000dMattias Nissler#include <nvram/core/storage.h> 18417e23fa8c8c8f9dd77a19e60c47b46d5454000dMattias Nissler 19417e23fa8c8c8f9dd77a19e60c47b46d5454000dMattias Nissler#include <errno.h> 20417e23fa8c8c8f9dd77a19e60c47b46d5454000dMattias Nissler#include <fcntl.h> 21417e23fa8c8c8f9dd77a19e60c47b46d5454000dMattias Nissler#include <stdio.h> 22417e23fa8c8c8f9dd77a19e60c47b46d5454000dMattias Nissler#include <sys/stat.h> 23417e23fa8c8c8f9dd77a19e60c47b46d5454000dMattias Nissler#include <sys/types.h> 24417e23fa8c8c8f9dd77a19e60c47b46d5454000dMattias Nissler#include <unistd.h> 25417e23fa8c8c8f9dd77a19e60c47b46d5454000dMattias Nissler 26417e23fa8c8c8f9dd77a19e60c47b46d5454000dMattias Nissler#include <android-base/file.h> 27417e23fa8c8c8f9dd77a19e60c47b46d5454000dMattias Nissler#include <android-base/logging.h> 28417e23fa8c8c8f9dd77a19e60c47b46d5454000dMattias Nissler#include <android-base/unique_fd.h> 29417e23fa8c8c8f9dd77a19e60c47b46d5454000dMattias Nissler 30417e23fa8c8c8f9dd77a19e60c47b46d5454000dMattias Nissler#include <nvram/core/logger.h> 31417e23fa8c8c8f9dd77a19e60c47b46d5454000dMattias Nissler 32417e23fa8c8c8f9dd77a19e60c47b46d5454000dMattias Nissler// An NVRAM storage layer implementation backed by the file system. 33417e23fa8c8c8f9dd77a19e60c47b46d5454000dMattias Nissler// 34417e23fa8c8c8f9dd77a19e60c47b46d5454000dMattias Nissler// NOTE: This does not meet the tamper evidence requirements for 35417e23fa8c8c8f9dd77a19e60c47b46d5454000dMattias Nissler// access-controlled NVRAM implementations, since the file system can't provide 36417e23fa8c8c8f9dd77a19e60c47b46d5454000dMattias Nissler// sufficient protection against tampering by attackers. 37417e23fa8c8c8f9dd77a19e60c47b46d5454000dMattias Nissler 38417e23fa8c8c8f9dd77a19e60c47b46d5454000dMattias Nisslernamespace { 39417e23fa8c8c8f9dd77a19e60c47b46d5454000dMattias Nissler 40417e23fa8c8c8f9dd77a19e60c47b46d5454000dMattias Nissler// Name of the storage object holding the header. 41417e23fa8c8c8f9dd77a19e60c47b46d5454000dMattias Nisslerconst char kHeaderFileName[] = "header"; 42417e23fa8c8c8f9dd77a19e60c47b46d5454000dMattias Nissler 43417e23fa8c8c8f9dd77a19e60c47b46d5454000dMattias Nissler// Pattern for space data storage object names. 44417e23fa8c8c8f9dd77a19e60c47b46d5454000dMattias Nisslerconst char kSpaceDataFileNamePattern[] = "space_%08x"; 45417e23fa8c8c8f9dd77a19e60c47b46d5454000dMattias Nissler 46417e23fa8c8c8f9dd77a19e60c47b46d5454000dMattias Nissler// Temporary file name used in write-rename atomic write operations. 47417e23fa8c8c8f9dd77a19e60c47b46d5454000dMattias Nisslerconst char kTempFileName[] = "temp"; 48417e23fa8c8c8f9dd77a19e60c47b46d5454000dMattias Nissler 49417e23fa8c8c8f9dd77a19e60c47b46d5454000dMattias Nissler// Maximum size of objects we're willing to read and write. 50417e23fa8c8c8f9dd77a19e60c47b46d5454000dMattias Nisslerconst off_t kMaxFileSize = 2048; 51417e23fa8c8c8f9dd77a19e60c47b46d5454000dMattias Nissler 52417e23fa8c8c8f9dd77a19e60c47b46d5454000dMattias Nissler// Buffer size for formatting names. 53417e23fa8c8c8f9dd77a19e60c47b46d5454000dMattias Nisslerusing NameBuffer = char[16]; 54417e23fa8c8c8f9dd77a19e60c47b46d5454000dMattias Nissler 55417e23fa8c8c8f9dd77a19e60c47b46d5454000dMattias Nissler// Global data directory descriptor. 56417e23fa8c8c8f9dd77a19e60c47b46d5454000dMattias Nisslerint g_data_dir_fd = -1; 57417e23fa8c8c8f9dd77a19e60c47b46d5454000dMattias Nissler 58417e23fa8c8c8f9dd77a19e60c47b46d5454000dMattias Nissler// Formats the storage object name for the given space index. 59417e23fa8c8c8f9dd77a19e60c47b46d5454000dMattias Nisslerbool FormatSpaceFileName(NameBuffer name, uint32_t index) { 60417e23fa8c8c8f9dd77a19e60c47b46d5454000dMattias Nissler int ret = 61417e23fa8c8c8f9dd77a19e60c47b46d5454000dMattias Nissler snprintf(name, sizeof(NameBuffer), kSpaceDataFileNamePattern, index); 62417e23fa8c8c8f9dd77a19e60c47b46d5454000dMattias Nissler return ret >= 0 && ret < static_cast<int>(sizeof(NameBuffer)); 63417e23fa8c8c8f9dd77a19e60c47b46d5454000dMattias Nissler}; 64417e23fa8c8c8f9dd77a19e60c47b46d5454000dMattias Nissler 65417e23fa8c8c8f9dd77a19e60c47b46d5454000dMattias Nisslernvram::storage::Status DeleteFile(const char* name) { 66417e23fa8c8c8f9dd77a19e60c47b46d5454000dMattias Nissler if (TEMP_FAILURE_RETRY(unlinkat(g_data_dir_fd, name, 0))) { 67417e23fa8c8c8f9dd77a19e60c47b46d5454000dMattias Nissler if (errno == ENOENT) { 68417e23fa8c8c8f9dd77a19e60c47b46d5454000dMattias Nissler return nvram::storage::Status::kNotFound; 69417e23fa8c8c8f9dd77a19e60c47b46d5454000dMattias Nissler } 70417e23fa8c8c8f9dd77a19e60c47b46d5454000dMattias Nissler PLOG(ERROR) << "Failed to remove " << name; 71417e23fa8c8c8f9dd77a19e60c47b46d5454000dMattias Nissler return nvram::storage::Status::kStorageError; 72417e23fa8c8c8f9dd77a19e60c47b46d5454000dMattias Nissler } 73417e23fa8c8c8f9dd77a19e60c47b46d5454000dMattias Nissler 74417e23fa8c8c8f9dd77a19e60c47b46d5454000dMattias Nissler return nvram::storage::Status::kSuccess; 75417e23fa8c8c8f9dd77a19e60c47b46d5454000dMattias Nissler} 76417e23fa8c8c8f9dd77a19e60c47b46d5454000dMattias Nissler 77417e23fa8c8c8f9dd77a19e60c47b46d5454000dMattias Nissler// Loads the storage object identified by |name|. 78417e23fa8c8c8f9dd77a19e60c47b46d5454000dMattias Nisslernvram::storage::Status LoadFile(const char* name, nvram::Blob* blob) { 79417e23fa8c8c8f9dd77a19e60c47b46d5454000dMattias Nissler android::base::unique_fd data_file_fd( 80417e23fa8c8c8f9dd77a19e60c47b46d5454000dMattias Nissler TEMP_FAILURE_RETRY(openat(g_data_dir_fd, name, O_RDONLY))); 81417e23fa8c8c8f9dd77a19e60c47b46d5454000dMattias Nissler if (data_file_fd.get() < 0) { 82417e23fa8c8c8f9dd77a19e60c47b46d5454000dMattias Nissler if (errno == ENOENT) { 83417e23fa8c8c8f9dd77a19e60c47b46d5454000dMattias Nissler return nvram::storage::Status::kNotFound; 84417e23fa8c8c8f9dd77a19e60c47b46d5454000dMattias Nissler } 85417e23fa8c8c8f9dd77a19e60c47b46d5454000dMattias Nissler PLOG(ERROR) << "Failed to open " << name; 86417e23fa8c8c8f9dd77a19e60c47b46d5454000dMattias Nissler return nvram::storage::Status::kStorageError; 87417e23fa8c8c8f9dd77a19e60c47b46d5454000dMattias Nissler } 88417e23fa8c8c8f9dd77a19e60c47b46d5454000dMattias Nissler 89417e23fa8c8c8f9dd77a19e60c47b46d5454000dMattias Nissler struct stat data_file_stat; 90417e23fa8c8c8f9dd77a19e60c47b46d5454000dMattias Nissler if (TEMP_FAILURE_RETRY(fstat(data_file_fd.get(), &data_file_stat))) { 91417e23fa8c8c8f9dd77a19e60c47b46d5454000dMattias Nissler PLOG(ERROR) << "Failed to stat " << name; 92417e23fa8c8c8f9dd77a19e60c47b46d5454000dMattias Nissler return nvram::storage::Status::kStorageError; 93417e23fa8c8c8f9dd77a19e60c47b46d5454000dMattias Nissler } 94417e23fa8c8c8f9dd77a19e60c47b46d5454000dMattias Nissler 95417e23fa8c8c8f9dd77a19e60c47b46d5454000dMattias Nissler if (data_file_stat.st_size > kMaxFileSize) { 96417e23fa8c8c8f9dd77a19e60c47b46d5454000dMattias Nissler LOG(ERROR) << "Bad size for " << name << ":" << data_file_stat.st_size; 97417e23fa8c8c8f9dd77a19e60c47b46d5454000dMattias Nissler return nvram::storage::Status::kStorageError; 98417e23fa8c8c8f9dd77a19e60c47b46d5454000dMattias Nissler } 99417e23fa8c8c8f9dd77a19e60c47b46d5454000dMattias Nissler 100417e23fa8c8c8f9dd77a19e60c47b46d5454000dMattias Nissler if (!blob->Resize(data_file_stat.st_size)) { 101417e23fa8c8c8f9dd77a19e60c47b46d5454000dMattias Nissler LOG(ERROR) << "Failed to allocate read buffer for " << name; 102417e23fa8c8c8f9dd77a19e60c47b46d5454000dMattias Nissler return nvram::storage::Status::kStorageError; 103417e23fa8c8c8f9dd77a19e60c47b46d5454000dMattias Nissler } 104417e23fa8c8c8f9dd77a19e60c47b46d5454000dMattias Nissler 105417e23fa8c8c8f9dd77a19e60c47b46d5454000dMattias Nissler if (!android::base::ReadFully(data_file_fd.get(), blob->data(), 106417e23fa8c8c8f9dd77a19e60c47b46d5454000dMattias Nissler blob->size())) { 107417e23fa8c8c8f9dd77a19e60c47b46d5454000dMattias Nissler PLOG(ERROR) << "Failed to read " << name; 108417e23fa8c8c8f9dd77a19e60c47b46d5454000dMattias Nissler return nvram::storage::Status::kStorageError; 109417e23fa8c8c8f9dd77a19e60c47b46d5454000dMattias Nissler } 110417e23fa8c8c8f9dd77a19e60c47b46d5454000dMattias Nissler 111417e23fa8c8c8f9dd77a19e60c47b46d5454000dMattias Nissler return nvram::storage::Status::kSuccess; 112417e23fa8c8c8f9dd77a19e60c47b46d5454000dMattias Nissler} 113417e23fa8c8c8f9dd77a19e60c47b46d5454000dMattias Nissler 114417e23fa8c8c8f9dd77a19e60c47b46d5454000dMattias Nissler// Writes blob to the storage object indicated by |name|. 115417e23fa8c8c8f9dd77a19e60c47b46d5454000dMattias Nisslernvram::storage::Status StoreFile(const char* name, const nvram::Blob& blob) { 116417e23fa8c8c8f9dd77a19e60c47b46d5454000dMattias Nissler android::base::unique_fd data_file_fd(TEMP_FAILURE_RETRY( 117417e23fa8c8c8f9dd77a19e60c47b46d5454000dMattias Nissler openat(g_data_dir_fd, kTempFileName, O_WRONLY | O_CREAT | O_TRUNC, 118417e23fa8c8c8f9dd77a19e60c47b46d5454000dMattias Nissler S_IRUSR | S_IWUSR))); 119417e23fa8c8c8f9dd77a19e60c47b46d5454000dMattias Nissler if (data_file_fd.get() < 0) { 120417e23fa8c8c8f9dd77a19e60c47b46d5454000dMattias Nissler if (errno == ENOENT) { 121417e23fa8c8c8f9dd77a19e60c47b46d5454000dMattias Nissler return nvram::storage::Status::kNotFound; 122417e23fa8c8c8f9dd77a19e60c47b46d5454000dMattias Nissler } 123417e23fa8c8c8f9dd77a19e60c47b46d5454000dMattias Nissler PLOG(ERROR) << "Failed to open " << kTempFileName; 124417e23fa8c8c8f9dd77a19e60c47b46d5454000dMattias Nissler return nvram::storage::Status::kStorageError; 125417e23fa8c8c8f9dd77a19e60c47b46d5454000dMattias Nissler } 126417e23fa8c8c8f9dd77a19e60c47b46d5454000dMattias Nissler 127417e23fa8c8c8f9dd77a19e60c47b46d5454000dMattias Nissler if (!android::base::WriteFully(data_file_fd.get(), blob.data(), 128417e23fa8c8c8f9dd77a19e60c47b46d5454000dMattias Nissler blob.size())) { 129417e23fa8c8c8f9dd77a19e60c47b46d5454000dMattias Nissler PLOG(ERROR) << "Failed to write " << kTempFileName; 130417e23fa8c8c8f9dd77a19e60c47b46d5454000dMattias Nissler DeleteFile(kTempFileName); 131417e23fa8c8c8f9dd77a19e60c47b46d5454000dMattias Nissler return nvram::storage::Status::kStorageError; 132417e23fa8c8c8f9dd77a19e60c47b46d5454000dMattias Nissler } 133417e23fa8c8c8f9dd77a19e60c47b46d5454000dMattias Nissler 134417e23fa8c8c8f9dd77a19e60c47b46d5454000dMattias Nissler // Force the file contents to be written to disk. 135417e23fa8c8c8f9dd77a19e60c47b46d5454000dMattias Nissler if (TEMP_FAILURE_RETRY(fdatasync(data_file_fd.get()))) { 136417e23fa8c8c8f9dd77a19e60c47b46d5454000dMattias Nissler PLOG(ERROR) << "Failed to sync " << kTempFileName; 137417e23fa8c8c8f9dd77a19e60c47b46d5454000dMattias Nissler DeleteFile(kTempFileName); 138417e23fa8c8c8f9dd77a19e60c47b46d5454000dMattias Nissler return nvram::storage::Status::kStorageError; 139417e23fa8c8c8f9dd77a19e60c47b46d5454000dMattias Nissler } 140417e23fa8c8c8f9dd77a19e60c47b46d5454000dMattias Nissler 141321a30f654eb7f9ed731bd8ecccd603a073fe3f0Josh Gao data_file_fd.reset(); 142417e23fa8c8c8f9dd77a19e60c47b46d5454000dMattias Nissler 143417e23fa8c8c8f9dd77a19e60c47b46d5454000dMattias Nissler // Move the file into place. 144417e23fa8c8c8f9dd77a19e60c47b46d5454000dMattias Nissler if (TEMP_FAILURE_RETRY( 145417e23fa8c8c8f9dd77a19e60c47b46d5454000dMattias Nissler renameat(g_data_dir_fd, kTempFileName, g_data_dir_fd, name))) { 146417e23fa8c8c8f9dd77a19e60c47b46d5454000dMattias Nissler PLOG(ERROR) << "Failed to move " << kTempFileName << " to " << name; 147417e23fa8c8c8f9dd77a19e60c47b46d5454000dMattias Nissler DeleteFile(kTempFileName); 148417e23fa8c8c8f9dd77a19e60c47b46d5454000dMattias Nissler return nvram::storage::Status::kStorageError; 149417e23fa8c8c8f9dd77a19e60c47b46d5454000dMattias Nissler } 150417e23fa8c8c8f9dd77a19e60c47b46d5454000dMattias Nissler 151417e23fa8c8c8f9dd77a19e60c47b46d5454000dMattias Nissler // Force the directory meta data to be written to disk. 152417e23fa8c8c8f9dd77a19e60c47b46d5454000dMattias Nissler if (TEMP_FAILURE_RETRY(fsync(g_data_dir_fd))) { 153417e23fa8c8c8f9dd77a19e60c47b46d5454000dMattias Nissler PLOG(ERROR) << "Failed to sync data directory"; 154417e23fa8c8c8f9dd77a19e60c47b46d5454000dMattias Nissler return nvram::storage::Status::kStorageError; 155417e23fa8c8c8f9dd77a19e60c47b46d5454000dMattias Nissler } 156417e23fa8c8c8f9dd77a19e60c47b46d5454000dMattias Nissler 157417e23fa8c8c8f9dd77a19e60c47b46d5454000dMattias Nissler return nvram::storage::Status::kSuccess; 158417e23fa8c8c8f9dd77a19e60c47b46d5454000dMattias Nissler} 159417e23fa8c8c8f9dd77a19e60c47b46d5454000dMattias Nissler 160417e23fa8c8c8f9dd77a19e60c47b46d5454000dMattias Nissler} // namespace 161417e23fa8c8c8f9dd77a19e60c47b46d5454000dMattias Nissler 162417e23fa8c8c8f9dd77a19e60c47b46d5454000dMattias Nissler// Initializes the storage layer with the provided data directory descriptor. 163417e23fa8c8c8f9dd77a19e60c47b46d5454000dMattias Nisslervoid InitStorage(int data_dir_fd) { 164417e23fa8c8c8f9dd77a19e60c47b46d5454000dMattias Nissler g_data_dir_fd = data_dir_fd; 165417e23fa8c8c8f9dd77a19e60c47b46d5454000dMattias Nissler} 166417e23fa8c8c8f9dd77a19e60c47b46d5454000dMattias Nissler 167417e23fa8c8c8f9dd77a19e60c47b46d5454000dMattias Nisslernamespace nvram { 168417e23fa8c8c8f9dd77a19e60c47b46d5454000dMattias Nisslernamespace storage { 169417e23fa8c8c8f9dd77a19e60c47b46d5454000dMattias Nissler 170417e23fa8c8c8f9dd77a19e60c47b46d5454000dMattias NisslerStatus LoadHeader(Blob* blob) { 171417e23fa8c8c8f9dd77a19e60c47b46d5454000dMattias Nissler return LoadFile(kHeaderFileName, blob); 172417e23fa8c8c8f9dd77a19e60c47b46d5454000dMattias Nissler} 173417e23fa8c8c8f9dd77a19e60c47b46d5454000dMattias Nissler 174417e23fa8c8c8f9dd77a19e60c47b46d5454000dMattias NisslerStatus StoreHeader(const Blob& blob) { 175417e23fa8c8c8f9dd77a19e60c47b46d5454000dMattias Nissler return StoreFile(kHeaderFileName, blob); 176417e23fa8c8c8f9dd77a19e60c47b46d5454000dMattias Nissler} 177417e23fa8c8c8f9dd77a19e60c47b46d5454000dMattias Nissler 178417e23fa8c8c8f9dd77a19e60c47b46d5454000dMattias NisslerStatus LoadSpace(uint32_t index, Blob* blob) { 179417e23fa8c8c8f9dd77a19e60c47b46d5454000dMattias Nissler NameBuffer name; 180417e23fa8c8c8f9dd77a19e60c47b46d5454000dMattias Nissler if (!FormatSpaceFileName(name, index)) { 181417e23fa8c8c8f9dd77a19e60c47b46d5454000dMattias Nissler return Status::kStorageError; 182417e23fa8c8c8f9dd77a19e60c47b46d5454000dMattias Nissler } 183417e23fa8c8c8f9dd77a19e60c47b46d5454000dMattias Nissler return LoadFile(name, blob); 184417e23fa8c8c8f9dd77a19e60c47b46d5454000dMattias Nissler} 185417e23fa8c8c8f9dd77a19e60c47b46d5454000dMattias Nissler 186417e23fa8c8c8f9dd77a19e60c47b46d5454000dMattias NisslerStatus StoreSpace(uint32_t index, const Blob& blob) { 187417e23fa8c8c8f9dd77a19e60c47b46d5454000dMattias Nissler NameBuffer name; 188417e23fa8c8c8f9dd77a19e60c47b46d5454000dMattias Nissler if (!FormatSpaceFileName(name, index)) { 189417e23fa8c8c8f9dd77a19e60c47b46d5454000dMattias Nissler return Status::kStorageError; 190417e23fa8c8c8f9dd77a19e60c47b46d5454000dMattias Nissler } 191417e23fa8c8c8f9dd77a19e60c47b46d5454000dMattias Nissler return StoreFile(name, blob); 192417e23fa8c8c8f9dd77a19e60c47b46d5454000dMattias Nissler} 193417e23fa8c8c8f9dd77a19e60c47b46d5454000dMattias Nissler 194417e23fa8c8c8f9dd77a19e60c47b46d5454000dMattias NisslerStatus DeleteSpace(uint32_t index) { 195417e23fa8c8c8f9dd77a19e60c47b46d5454000dMattias Nissler NameBuffer name; 196417e23fa8c8c8f9dd77a19e60c47b46d5454000dMattias Nissler if (!FormatSpaceFileName(name, index)) { 197417e23fa8c8c8f9dd77a19e60c47b46d5454000dMattias Nissler return Status::kStorageError; 198417e23fa8c8c8f9dd77a19e60c47b46d5454000dMattias Nissler } 199417e23fa8c8c8f9dd77a19e60c47b46d5454000dMattias Nissler 200417e23fa8c8c8f9dd77a19e60c47b46d5454000dMattias Nissler return DeleteFile(name); 201417e23fa8c8c8f9dd77a19e60c47b46d5454000dMattias Nissler} 202417e23fa8c8c8f9dd77a19e60c47b46d5454000dMattias Nissler 203417e23fa8c8c8f9dd77a19e60c47b46d5454000dMattias Nissler} // namespace storage 204417e23fa8c8c8f9dd77a19e60c47b46d5454000dMattias Nissler} // namespace nvram 205