1 /* 2 * Copyright (C) 2015-2016 The Android Open Source Project 3 * 4 * Licensed under the Apache License, Version 2.0 (the "License"); 5 * you may not use this file except in compliance with the License. 6 * You may obtain a copy of the License at 7 * 8 * http://www.apache.org/licenses/LICENSE-2.0 9 * 10 * Unless required by applicable law or agreed to in writing, software 11 * distributed under the License is distributed on an "AS IS" BASIS, 12 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 * See the License for the specific language governing permissions and 14 * limitations under the License. 15 */ 16 17 #pragma once 18 19 #include <stdint.h> 20 21 /* 22 * Storage port names 23 * 24 * @STORAGE_CLIENT_NSP_PORT: Port used by clients that require persistence 25 * but DO NOT require rollback detection. Tamper 26 * detection is provided by authenticated 27 * encryption. Use TDP instead if possible. 28 * @STORAGE_CLIENT_TD_PORT: Port used by clients that require tamper and 29 * rollback detection. 30 * @STORAGE_CLIENT_TDP_PORT: Port used by clients that require tamper and 31 * rollback detection. Data will be preserved 32 * during a normal device wipe. 33 * @STORAGE_CLIENT_TDEA_PORT: Port used by clients that require storage before 34 * the non-secure os has booted. 35 * @STORAGE_CLIENT_TP_PORT: Port used by clients that require tamper proof 36 * storage. Note that non-secure code can prevent 37 read and write operations from succeeding, but 38 it cannot modify on-disk data. 39 * @STORAGE_DISK_PROXY_PORT: Port used by non-secure proxy server 40 */ 41 #define STORAGE_CLIENT_NSP_PORT "com.android.trusty.storage.client.nsp" 42 #define STORAGE_CLIENT_TD_PORT "com.android.trusty.storage.client.td" 43 #define STORAGE_CLIENT_TDP_PORT "com.android.trusty.storage.client.tdp" 44 #define STORAGE_CLIENT_TDEA_PORT "com.android.trusty.storage.client.tdea" 45 #define STORAGE_CLIENT_TP_PORT "com.android.trusty.storage.client.tp" 46 #define STORAGE_DISK_PROXY_PORT "com.android.trusty.storage.proxy" 47 48 enum storage_cmd { 49 STORAGE_REQ_SHIFT = 1, 50 STORAGE_RESP_BIT = 1, 51 52 STORAGE_RESP_MSG_ERR = STORAGE_RESP_BIT, 53 54 STORAGE_FILE_DELETE = 1 << STORAGE_REQ_SHIFT, 55 STORAGE_FILE_OPEN = 2 << STORAGE_REQ_SHIFT, 56 STORAGE_FILE_CLOSE = 3 << STORAGE_REQ_SHIFT, 57 STORAGE_FILE_READ = 4 << STORAGE_REQ_SHIFT, 58 STORAGE_FILE_WRITE = 5 << STORAGE_REQ_SHIFT, 59 STORAGE_FILE_GET_SIZE = 6 << STORAGE_REQ_SHIFT, 60 STORAGE_FILE_SET_SIZE = 7 << STORAGE_REQ_SHIFT, 61 62 STORAGE_RPMB_SEND = 8 << STORAGE_REQ_SHIFT, 63 64 /* transaction support */ 65 STORAGE_END_TRANSACTION = 9 << STORAGE_REQ_SHIFT, 66 67 STORAGE_FILE_MOVE = 10 << STORAGE_REQ_SHIFT, 68 STORAGE_FILE_LIST = 11 << STORAGE_REQ_SHIFT, 69 STORAGE_FILE_GET_MAX_SIZE = 12 << STORAGE_REQ_SHIFT, 70 }; 71 72 /** 73 * enum storage_err - error codes for storage protocol 74 * @STORAGE_NO_ERROR: all OK 75 * @STORAGE_ERR_GENERIC: unknown error. Can occur when there's an 76 * internal server error, e.g. the server runs out 77 * of memory or is in a bad state. 78 * @STORAGE_ERR_NOT_VALID: input not valid. May occur if the arguments 79 * passed into the command are not valid, for 80 * example if the file handle passed in is not a 81 * valid one. 82 * @STORAGE_ERR_UNIMPLEMENTED: the command passed in is not recognized 83 * @STORAGE_ERR_ACCESS: the file is not accessible in the requested mode 84 * @STORAGE_ERR_NOT_FOUND: the file was not found 85 * @STORAGE_ERR_EXIST the file exists when it shouldn't as in with 86 * OPEN_CREATE | OPEN_EXCLUSIVE. 87 * @STORAGE_ERR_TRANSACT returned by various operations to indicate that 88 * current transaction is in error state. Such 89 * state could be only cleared by sending 90 * STORAGE_END_TRANSACTION message. 91 * @STORAGE_ERR_SYNC_FAILURE indicates that the current operation failed to 92 * sync to disk. Only returned if 93 * STORAGE_MSG_FLAG_PRE_COMMIT or 94 * STORAGE_MSG_FLAG_POST_COMMIT was set for the 95 * request. 96 * @STORAGE_ERR_NOT_ALLOWED operation is not allowed in the current state 97 * @STORAGE_ERR_CORRUPTED requested operation touches a corrupted block 98 * and is not allowed 99 * @STORAGE_ERR_FS_REPAIRED filesystem has been repaired in a way that may 100 * affect the requested operation. The requested 101 * operation is not allowed without acknowledging 102 * the repaired state. Pass 103 * STORAGE_MSG_FLAGS_FS_REPAIRED_ACK if a repaired 104 * filesystem state is acceptable. 105 */ 106 enum storage_err { 107 STORAGE_NO_ERROR = 0, 108 STORAGE_ERR_GENERIC = 1, 109 STORAGE_ERR_NOT_VALID = 2, 110 STORAGE_ERR_UNIMPLEMENTED = 3, 111 STORAGE_ERR_ACCESS = 4, 112 STORAGE_ERR_NOT_FOUND = 5, 113 STORAGE_ERR_EXIST = 6, 114 STORAGE_ERR_TRANSACT = 7, 115 STORAGE_ERR_SYNC_FAILURE = 8, 116 STORAGE_ERR_NOT_ALLOWED = 9, 117 STORAGE_ERR_CORRUPTED = 10, 118 STORAGE_ERR_FS_REPAIRED = 11, 119 }; 120 121 /** 122 * storage_delete_flag - flags for controlling delete semantics 123 */ 124 #define STORAGE_FILE_DELETE_MASK (0U) 125 126 /** 127 * storage_file_move_flag - Flags to control 'move' semantics. 128 * @STORAGE_FILE_MOVE_CREATE: if the new file name does not exist, 129 * create it. 130 * @STORAGE_FILE_MOVE_CREATE_EXCLUSIVE: causes STORAGE_FILE_MOVE_CREATE to fail 131 * if the new file name already exists. 132 * Only meaningful if used in combination 133 * with STORAGE_FILE_MOVE_CREATE. 134 * @STORAGE_FILE_MOVE_OPEN_FILE: file is already open. 135 * @STORAGE_FILE_MOVE_MASK: mask for all move flags supported in 136 * current protocol. All other bits must be 137 * set to 0. 138 */ 139 #define STORAGE_FILE_MOVE_CREATE (1U << 0) 140 #define STORAGE_FILE_MOVE_CREATE_EXCLUSIVE (1U << 1) 141 #define STORAGE_FILE_MOVE_OPEN_FILE (1U << 2) 142 #define STORAGE_FILE_MOVE_MASK \ 143 (STORAGE_FILE_MOVE_CREATE | STORAGE_FILE_MOVE_CREATE_EXCLUSIVE | \ 144 STORAGE_FILE_MOVE_OPEN_FILE) 145 146 /** 147 * storage_file_flag - Flags to control 'open' semantics. 148 * @STORAGE_FILE_OPEN_CREATE: if this file does not exist, create it. 149 * @STORAGE_FILE_OPEN_CREATE_EXCLUSIVE: causes STORAGE_FILE_OPEN_CREATE to fail 150 * if the file already exists. Only 151 * meaningful if used in combination with 152 * STORAGE_FILE_OPEN_CREATE. 153 * @STORAGE_FILE_OPEN_TRUNCATE: if this file already exists, discard 154 * existing content and open it as a new 155 * file. No change in semantics if the file 156 * does not exist. 157 * @STORAGE_FILE_OPEN_MASK: mask for all open flags supported in 158 * current protocol. All other bits must be 159 * set to 0. 160 */ 161 #define STORAGE_FILE_OPEN_CREATE (1U << 0) 162 #define STORAGE_FILE_OPEN_CREATE_EXCLUSIVE (1U << 1) 163 #define STORAGE_FILE_OPEN_TRUNCATE (1U << 2) 164 #define STORAGE_FILE_OPEN_MASK \ 165 (STORAGE_FILE_OPEN_CREATE | STORAGE_FILE_OPEN_TRUNCATE | \ 166 STORAGE_FILE_OPEN_CREATE_EXCLUSIVE) 167 168 /** 169 * storage_file_list - Flags to control 'list' semantics. 170 * @STORAGE_FILE_LIST_START: Start listing files. 171 * @STORAGE_FILE_LIST_END: All files have already been listed. 172 * @STORAGE_FILE_LIST_COMMITTED: File is committed and not removed by 173 * current transaction. 174 * @STORAGE_FILE_LIST_ADDED: File will be added by current 175 * transaction. 176 * @STORAGE_FILE_LIST_REMOVED: File will be removed by current 177 * transaction. 178 * @STORAGE_FILE_LIST_STATE_MASK: mask for list flags used to indicate 179 * file state. 180 * @STORAGE_FILE_LIST_MASK: mask for all list flags supported in 181 * current protocol. All other bits must be 182 * set to 0. 183 */ 184 enum storage_file_list_flag { 185 STORAGE_FILE_LIST_START = 0, 186 STORAGE_FILE_LIST_END = 1, 187 STORAGE_FILE_LIST_COMMITTED = 2, 188 STORAGE_FILE_LIST_ADDED = 3, 189 STORAGE_FILE_LIST_REMOVED = 4, 190 STORAGE_FILE_LIST_STATE_MASK = 7, 191 STORAGE_FILE_LIST_MASK = STORAGE_FILE_LIST_STATE_MASK, 192 }; 193 194 /** 195 * enum storage_msg_flag - protocol-level flags in struct storage_msg 196 * @STORAGE_MSG_FLAG_BATCH: if set, command belongs to a batch 197 * transaction. No response will be sent by 198 * the server until it receives a command 199 * with this flag unset, at which point a 200 * cumulative result for all messages sent 201 * with STORAGE_MSG_FLAG_BATCH will be 202 * sent. This is only supported by the 203 * non-secure disk proxy server. 204 * @STORAGE_MSG_FLAG_PRE_COMMIT: if set, indicates that server need to 205 * commit pending changes before processing 206 * this message. 207 * @STORAGE_MSG_FLAG_POST_COMMIT: if set, indicates that server need to 208 * commit pending changes after processing 209 * this message. 210 * @STORAGE_MSG_FLAG_TRANSACT_COMPLETE: if set, indicates that server need to 211 * commit current transaction after 212 * processing this message. It is an alias 213 * for STORAGE_MSG_FLAG_POST_COMMIT. 214 * @STORAGE_MSG_FLAG_PRE_COMMIT_CHECKPOINT: if set, indicates that server needs 215 * to ensure that there is not a 216 * pending checkpoint for the 217 * underlying userdata filesystem 218 * before processing this message. 219 * @STORAGE_MSG_FLAG_TRANSACT_CHECKPOINT: if set, update the current 220 * checkpoint to the new state of 221 * files modified by this 222 * transaction. Only valid along with 223 * @STORAGE_MSG_FLAG_TRANSACT_COMPLETE, 224 * and only allowed when provisiong is 225 * allowed by the system state service. 226 * @STORAGE_MSG_FLAG_FS_REPAIRED_ACK: acknowledge that an error in the 227 * file system may have been repaired, 228 * and therefore rollback may have 229 * occurred. Do not use this flag 230 * unless accessing files where partial 231 * rollback of file system state is 232 * acceptable. 233 */ 234 enum storage_msg_flag { 235 STORAGE_MSG_FLAG_BATCH = 0x1, 236 STORAGE_MSG_FLAG_PRE_COMMIT = 0x2, 237 STORAGE_MSG_FLAG_POST_COMMIT = 0x4, 238 STORAGE_MSG_FLAG_TRANSACT_COMPLETE = STORAGE_MSG_FLAG_POST_COMMIT, 239 STORAGE_MSG_FLAG_PRE_COMMIT_CHECKPOINT = 0x8, 240 STORAGE_MSG_FLAG_TRANSACT_CHECKPOINT = 0x10, 241 STORAGE_MSG_FLAG_FS_REPAIRED_ACK = 0x20, 242 }; 243 244 /* 245 * The following declarations are the message-specific contents of 246 * the 'payload' element inside struct storage_msg. 247 */ 248 249 /** 250 * struct storage_file_delete_req - request format for STORAGE_FILE_DELETE 251 * @flags: currently unused, must be set to 0. 252 * @name: the name of the file 253 */ 254 struct storage_file_delete_req { 255 uint32_t flags; 256 char name[0]; 257 }; 258 259 /** 260 * struct storage_file_move_req - request format for STORAGE_FILE_OPEN 261 * @flags: Any of storage_file_move_flag or'ed together. 262 * @handle: Handle for file to move, if @flags contains 263 * STORAGE_FILE_MOVE_OPEN_FILE. 264 * @old_name_len: Size of old file name in @old_new_name. 265 * @old_new_name: Old file name followed by new file name. Old file name, must 266 * match name of @handle. 267 */ 268 struct storage_file_move_req { 269 uint32_t flags; 270 uint32_t handle; 271 uint32_t old_name_len; 272 char old_new_name[0]; 273 }; 274 275 /** 276 * struct storage_file_open_req - request format for STORAGE_FILE_OPEN 277 * @flags: any of enum storage_file_flag or'ed together 278 * @name: the name of the file 279 */ 280 struct storage_file_open_req { 281 uint32_t flags; 282 char name[0]; 283 }; 284 285 /** 286 * struct storage_file_open_resp - response format for STORAGE_FILE_OPEN 287 * @handle: opaque handle to the opened file. Only present on success. 288 */ 289 struct storage_file_open_resp { 290 uint32_t handle; 291 }; 292 293 /** 294 * struct storage_file_close_req - request format for STORAGE_FILE_CLOSE 295 * @handle: the handle for the file to close 296 */ 297 struct storage_file_close_req { 298 uint32_t handle; 299 }; 300 301 /** 302 * struct storage_file_get_max_size_req - request format for 303 * STORAGE_FILE_GET_MAX_SIZE 304 * @handle: the handle for the file whose max size is requested 305 */ 306 struct storage_file_get_max_size_req { 307 uint32_t handle; 308 }; 309 310 /** 311 * struct storage_file_get_max_size_resp - response format for 312 * STORAGE_FILE_GET_MAX_SIZE 313 * @max_size: the maximum size of the file 314 */ 315 struct storage_file_get_max_size_resp { 316 uint64_t max_size; 317 }; 318 319 /** 320 * struct storage_file_read_req - request format for STORAGE_FILE_READ 321 * @handle: the handle for the file from which to read 322 * @size: the quantity of bytes to read from the file 323 * @offset: the offset in the file from whence to read 324 */ 325 struct storage_file_read_req { 326 uint32_t handle; 327 uint32_t size; 328 uint64_t offset; 329 }; 330 331 /** 332 * struct storage_file_read_resp - response format for STORAGE_FILE_READ 333 * @data: beginning of data retrieved from file 334 * 335 * This struct definition is only safe to use in C since empty structs have 336 * different sizes in C(0) and C++(1) which makes them unsafe to be used 337 * across languages 338 */ 339 #ifndef __cplusplus 340 struct storage_file_read_resp { 341 uint8_t data[0]; 342 }; 343 #endif 344 345 /** 346 * struct storage_file_write_req - request format for STORAGE_FILE_WRITE 347 * @handle: the handle for the file to write to 348 * @offset: the offset in the file from whence to write 349 * @__reserved: unused, must be set to 0. 350 * @data: beginning of the data to be written 351 */ 352 struct storage_file_write_req { 353 uint64_t offset; 354 uint32_t handle; 355 uint32_t __reserved; 356 uint8_t data[0]; 357 }; 358 359 /** 360 * struct storage_file_list_req - request format for STORAGE_FILE_LIST 361 * @max_count: Max number of files to return, or 0 for no limit. 362 * @flags: STORAGE_FILE_LIST_START or a copy of @flags last returned in 363 * storage_file_list_resp. 364 * @name: File name last returned in storage_file_list_resp, or empty 365 * if @flags is STORAGE_FILE_LIST_START. 366 */ 367 struct storage_file_list_req { 368 uint8_t max_count; 369 uint8_t flags; 370 char name[0]; 371 }; 372 373 /** 374 * struct storage_file_list_resp - response format for STORAGE_FILE_LIST 375 * @flags: Any of the flags in storage_file_list_flag. 376 * @name: File name (0 terminated). 377 * 378 * If @max_count in storage_file_list_req was not set to 1, then multiple 379 * storage_file_list_resp instances may be returned in a single response 380 * message. 381 */ 382 struct storage_file_list_resp { 383 uint8_t flags; 384 char name[0]; 385 }; 386 387 /** 388 * struct storage_file_get_size_req - request format for STORAGE_FILE_GET_SIZE 389 * @handle: handle for which the size is requested 390 */ 391 struct storage_file_get_size_req { 392 uint32_t handle; 393 }; 394 395 /** 396 * struct storage_file_get_size_resp - response format for STORAGE_FILE_GET_SIZE 397 * @size: the size of the file 398 */ 399 struct storage_file_get_size_resp { 400 uint64_t size; 401 }; 402 403 /** 404 * struct storage_file_set_size_req - request format for STORAGE_FILE_SET_SIZE 405 * @handle: the file handle 406 * @size: the desired size of the file 407 */ 408 struct storage_file_set_size_req { 409 uint64_t size; 410 uint32_t handle; 411 }; 412 413 /** 414 * struct storage_rpmb_send_req - request format for STORAGE_RPMB_SEND 415 * @reliable_write_size: size in bytes of reliable write region 416 * @write_size: size in bytes of write region 417 * @read_size: number of bytes to read for a read request 418 * @__reserved: unused, must be set to 0 419 * @payload: start of reliable write region, followed by 420 * write region. 421 * 422 * Only used in proxy<->server interface. 423 */ 424 struct storage_rpmb_send_req { 425 uint32_t reliable_write_size; 426 uint32_t write_size; 427 uint32_t read_size; 428 uint32_t __reserved; 429 uint8_t payload[0]; 430 }; 431 432 /** 433 * struct storage_rpmb_send_resp: response type for STORAGE_RPMB_SEND 434 * @data: the data frames frames retrieved from the MMC. 435 * 436 * This struct definition is only safe to use in C since empty structs have 437 * different sizes in C(0) and C++(1) which makes them unsafe to be used 438 * across languages 439 */ 440 #ifndef __cplusplus 441 struct storage_rpmb_send_resp { 442 uint8_t data[0]; 443 }; 444 #endif 445 446 /** 447 * struct storage_msg - generic req/resp format for all storage commands 448 * @cmd: one of enum storage_cmd 449 * @op_id: client chosen operation identifier for an instance 450 * of a command or atomic grouping of commands (transaction). 451 * @flags: one or many of enum storage_msg_flag or'ed together. 452 * @size: total size of the message including this header 453 * @result: one of enum storage_err 454 * @__reserved: unused, must be set to 0. 455 * @payload: beginning of command specific message format 456 */ 457 struct storage_msg { 458 uint32_t cmd; 459 uint32_t op_id; 460 uint32_t flags; 461 uint32_t size; 462 int32_t result; 463 uint32_t __reserved; 464 uint8_t payload[0]; 465 }; 466