1 //
2 // Copyright (C) 2015 The Android Open Source Project
3 //
4 // Licensed under the Apache License, Version 2.0 (the "License");
5 // you may not use this file except in compliance with the License.
6 // You may obtain a copy of the License at
7 //
8 // http://www.apache.org/licenses/LICENSE-2.0
9 //
10 // Unless required by applicable law or agreed to in writing, software
11 // distributed under the License is distributed on an "AS IS" BASIS,
12 // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13 // See the License for the specific language governing permissions and
14 // limitations under the License.
15 //
16
17 #include "attestation/server/database_impl.h"
18
19 #include <fcntl.h>
20 #include <sys/stat.h>
21 #include <sys/types.h>
22 #include <unistd.h>
23
24 #include <string>
25
26 #include <base/files/file_path.h>
27 #include <base/files/file_util.h>
28 #include <base/files/important_file_writer.h>
29 #include <base/logging.h>
30 #include <base/stl_util.h>
31 #include <brillo/secure_blob.h>
32
33 using base::FilePath;
34
35 namespace {
36
37 const char kDatabasePath[] =
38 "/mnt/stateful_partition/unencrypted/preserve/attestation.epb";
39 const mode_t kDatabasePermissions = 0600;
40
41 // A base::FilePathWatcher::Callback that just relays to |callback|.
FileWatcherCallback(const base::Closure & callback,const FilePath &,bool)42 void FileWatcherCallback(const base::Closure& callback, const FilePath&, bool) {
43 callback.Run();
44 }
45
46 } // namespace
47
48 namespace attestation {
49
DatabaseImpl(CryptoUtility * crypto)50 DatabaseImpl::DatabaseImpl(CryptoUtility* crypto)
51 : io_(this), crypto_(crypto) {}
52
~DatabaseImpl()53 DatabaseImpl::~DatabaseImpl() {
54 brillo::SecureMemset(string_as_array(&database_key_), 0,
55 database_key_.size());
56 }
57
Initialize()58 void DatabaseImpl::Initialize() {
59 // Start thread-checking now.
60 thread_checker_.DetachFromThread();
61 DCHECK(thread_checker_.CalledOnValidThread());
62 io_->Watch(base::Bind(base::IgnoreResult(&DatabaseImpl::Reload),
63 base::Unretained(this)));
64 if (!Reload()) {
65 LOG(WARNING) << "Creating new attestation database.";
66 }
67 }
68
GetProtobuf() const69 const AttestationDatabase& DatabaseImpl::GetProtobuf() const {
70 DCHECK(thread_checker_.CalledOnValidThread());
71 return protobuf_;
72 }
73
GetMutableProtobuf()74 AttestationDatabase* DatabaseImpl::GetMutableProtobuf() {
75 DCHECK(thread_checker_.CalledOnValidThread());
76 return &protobuf_;
77 }
78
SaveChanges()79 bool DatabaseImpl::SaveChanges() {
80 DCHECK(thread_checker_.CalledOnValidThread());
81 std::string buffer;
82 if (!EncryptProtobuf(&buffer)) {
83 return false;
84 }
85 return io_->Write(buffer);
86 }
87
Reload()88 bool DatabaseImpl::Reload() {
89 DCHECK(thread_checker_.CalledOnValidThread());
90 LOG(INFO) << "Loading attestation database.";
91 std::string buffer;
92 if (!io_->Read(&buffer)) {
93 return false;
94 }
95 return DecryptProtobuf(buffer);
96 }
97
Read(std::string * data)98 bool DatabaseImpl::Read(std::string* data) {
99 const int kMask = base::FILE_PERMISSION_OTHERS_MASK;
100 FilePath path(kDatabasePath);
101 int permissions = 0;
102 if (base::GetPosixFilePermissions(path, &permissions) &&
103 (permissions & kMask) != 0) {
104 LOG(WARNING) << "Attempting to fix permissions on attestation database.";
105 base::SetPosixFilePermissions(path, permissions & ~kMask);
106 }
107 if (!base::ReadFileToString(path, data)) {
108 PLOG(ERROR) << "Failed to read attestation database";
109 return false;
110 }
111 return true;
112 }
113
Write(const std::string & data)114 bool DatabaseImpl::Write(const std::string& data) {
115 FilePath file_path(kDatabasePath);
116 if (!base::CreateDirectory(file_path.DirName())) {
117 LOG(ERROR) << "Cannot create directory: " << file_path.DirName().value();
118 return false;
119 }
120 if (!base::ImportantFileWriter::WriteFileAtomically(file_path, data)) {
121 LOG(ERROR) << "Failed to write file: " << file_path.value();
122 return false;
123 }
124 if (!base::SetPosixFilePermissions(file_path, kDatabasePermissions)) {
125 LOG(ERROR) << "Failed to set permissions for file: " << file_path.value();
126 return false;
127 }
128 // Sync the parent directory.
129 std::string dir_name = file_path.DirName().value();
130 int dir_fd = HANDLE_EINTR(open(dir_name.c_str(), O_RDONLY | O_DIRECTORY));
131 if (dir_fd < 0) {
132 PLOG(WARNING) << "Could not open " << dir_name << " for syncing";
133 return false;
134 }
135 // POSIX specifies EINTR as a possible return value of fsync().
136 int result = HANDLE_EINTR(fsync(dir_fd));
137 if (result < 0) {
138 PLOG(WARNING) << "Failed to sync " << dir_name;
139 close(dir_fd);
140 return false;
141 }
142 // close() may not be retried on error.
143 result = IGNORE_EINTR(close(dir_fd));
144 if (result < 0) {
145 PLOG(WARNING) << "Failed to close after sync " << dir_name;
146 return false;
147 }
148 return true;
149 }
150
Watch(const base::Closure & callback)151 void DatabaseImpl::Watch(const base::Closure& callback) {
152 if (!file_watcher_) {
153 file_watcher_.reset(new base::FilePathWatcher());
154 file_watcher_->Watch(FilePath(kDatabasePath), false,
155 base::Bind(&FileWatcherCallback, callback));
156 }
157 }
158
EncryptProtobuf(std::string * encrypted_output)159 bool DatabaseImpl::EncryptProtobuf(std::string* encrypted_output) {
160 std::string serial_proto;
161 if (!protobuf_.SerializeToString(&serial_proto)) {
162 LOG(ERROR) << "Failed to serialize db.";
163 return false;
164 }
165 if (database_key_.empty() || sealed_database_key_.empty()) {
166 if (!crypto_->CreateSealedKey(&database_key_, &sealed_database_key_)) {
167 LOG(ERROR) << "Failed to generate database key.";
168 return false;
169 }
170 }
171 if (!crypto_->EncryptData(serial_proto, database_key_, sealed_database_key_,
172 encrypted_output)) {
173 LOG(ERROR) << "Attestation: Failed to encrypt database.";
174 return false;
175 }
176 return true;
177 }
178
DecryptProtobuf(const std::string & encrypted_input)179 bool DatabaseImpl::DecryptProtobuf(const std::string& encrypted_input) {
180 if (!crypto_->UnsealKey(encrypted_input, &database_key_,
181 &sealed_database_key_)) {
182 LOG(ERROR) << "Attestation: Could not unseal decryption key.";
183 return false;
184 }
185 std::string serial_proto;
186 if (!crypto_->DecryptData(encrypted_input, database_key_, &serial_proto)) {
187 LOG(ERROR) << "Attestation: Failed to decrypt database.";
188 return false;
189 }
190 if (!protobuf_.ParseFromString(serial_proto)) {
191 // Previously the DB was encrypted with CryptoLib::AesEncrypt which appends
192 // a SHA-1. This can be safely ignored.
193 const size_t kLegacyJunkSize = 20;
194 if (serial_proto.size() < kLegacyJunkSize ||
195 !protobuf_.ParseFromArray(serial_proto.data(),
196 serial_proto.length() - kLegacyJunkSize)) {
197 LOG(ERROR) << "Failed to parse database.";
198 return false;
199 }
200 }
201 return true;
202 }
203
204 } // namespace attestation
205