arc/data-snapshotd/dbus_adaptor.h - mirrors/cros/chromiumos/platform2 - Git at Google

 // Copyright 2020 The Chromium OS Authors. All rights reserved.
 // Use of this source code is governed by a BSD-style license that can be
 // found in the LICENSE file.

 #ifndef ARC_DATA_SNAPSHOTD_DBUS_ADAPTOR_H_
 #define ARC_DATA_SNAPSHOTD_DBUS_ADAPTOR_H_

 #include <memory>
 #include <string>
 #include <vector>

 #include <base/files/file_path.h>
 #include <base/memory/scoped_refptr.h>
 #include <brillo/dbus/async_event_sequencer.h>
 #include <brillo/dbus/dbus_object.h>
 #include <dbus/bus.h>

 #include "dbus_adaptors/org.chromium.ArcDataSnapshotd.h"

 namespace crypto {

 class RSAPrivateKey;

 }  // namespace crypto

 namespace cryptohome {

 class BootLockboxClient;

 }  // namespace cryptohome

 namespace arc {
 namespace data_snapshotd {

 // BootLockbox snapshot keys:
 extern const char kLastSnapshotPublicKey[];
 extern const char kPreviousSnapshotPublicKey[];
 // Android data directory name:
 extern const char kAndroidDataDirectory[];

 // Implements the "org.chromium.ArcDataSnapshotdInterface" D-Bus interface
 // exposed by the arc-data-snapshotd daemon (see constants for the API methods
 // at src/platform/system_api/dbus/arc-data-snapshotd/dbus-constants.h).
 class DBusAdaptor final : public org::chromium::ArcDataSnapshotdAdaptor,
                           public org::chromium::ArcDataSnapshotdInterface {
  public:
   DBusAdaptor();
   DBusAdaptor(const DBusAdaptor&) = delete;
   DBusAdaptor& operator=(const DBusAdaptor&) = delete;
   ~DBusAdaptor() override;

   static std::unique_ptr<DBusAdaptor> CreateForTesting(
       const base::FilePath& snapshot_directory,
       const base::FilePath& home_root_directory,
       std::unique_ptr<cryptohome::BootLockboxClient> boot_lockbox_client);

   // Registers the D-Bus object that the arc-data-snapshotd daemon exposes and
   // ties methods exposed by this object with the actual implementation.
   void RegisterAsync(const scoped_refptr<dbus::Bus>& bus,
                      brillo::dbus_utils::AsyncEventSequencer* sequencer);

   // Implementation of the "org.chromium.ArcDataSnapshotdInterface" D-Bus
   // interface:
   bool GenerateKeyPair() override;
   bool ClearSnapshot(bool last) override;
   bool TakeSnapshot(const std::string& account_id) override;
   void LoadSnapshot(const std::string& account_id,
                     bool* last,
                     bool* success) override;

   const base::FilePath& get_last_snapshot_directory() const {
     return last_snapshot_directory_;
   }
   const base::FilePath& get_previous_snapshot_directory() const {
     return previous_snapshot_directory_;
   }

   // Use this method only for testing.
   // Inode verification of snapshot directory is enabled in production by
   // default.
   // In production the integrity of the persisting snapshot directory is
   // verified, inode values should stay the same.
   //
   // Using this method, the inode verification for snapshot directories can be
   // disabled for testing. It is needed to ensure the integrity of snapshot
   // directories after copying it (inodes change).
   void set_inode_verification_enabled_for_testing(bool enabled) {
     inode_verification_enabled_ = enabled;
   }

  private:
   // Tries to load a snapshot stored in |snapshot_dir| to |android_data_dir|
   // and verify the snapshot by the public key digest stored in BootLockbox by
   // |boot_lockbox_key|.
   // Returns false in case of any error.
   bool TryToLoadSnapshot(const std::string& userhash,
                          const base::FilePath& snapshot_dir,
                          const base::FilePath& android_data_dir,
                          const std::string& boot_lockbox_key);
   DBusAdaptor(
       const base::FilePath& snapshot_directory,
       const base::FilePath& home_root_directory,
       std::unique_ptr<cryptohome::BootLockboxClient> boot_lockbox_client);

   // Manages the D-Bus interfaces exposed by the arc-data-snapshotd daemon.
   std::unique_ptr<brillo::dbus_utils::DBusObject> dbus_object_;

   // Snapshot directory paths:
   const base::FilePath last_snapshot_directory_;
   const base::FilePath previous_snapshot_directory_;
   // Home root directory.
   const base::FilePath home_root_directory_;

   // Manages the communication with BootLockbox.
   std::unique_ptr<cryptohome::BootLockboxClient> boot_lockbox_client_;
   // This private key is generated once GenerateKeyPair is called and used once
   // per snapshot in TakeSnapshot.
   std::unique_ptr<crypto::RSAPrivateKey> private_key_;
   // This public key info is generated along with a private key in
   // GenerateKeyPair. The key is valid only when |private_key_| is set.
   // Should be stored on disk once |private_key_| is disposed.
   std::vector<uint8_t> public_key_info_;
   // Inode verification of snapshot directories is enabled in production ny
   // default.
   bool inode_verification_enabled_ = true;
 };

 }  // namespace data_snapshotd
 }  // namespace arc

 #endif  // ARC_DATA_SNAPSHOTD_DBUS_ADAPTOR_H_
	// Copyright 2020 The Chromium OS Authors. All rights reserved.
	// Use of this source code is governed by a BSD-style license that can be
	// found in the LICENSE file.

	#ifndef ARC_DATA_SNAPSHOTD_DBUS_ADAPTOR_H_
	#define ARC_DATA_SNAPSHOTD_DBUS_ADAPTOR_H_

	#include <memory>
	#include <string>
	#include <vector>

	#include <base/files/file_path.h>
	#include <base/memory/scoped_refptr.h>
	#include <brillo/dbus/async_event_sequencer.h>
	#include <brillo/dbus/dbus_object.h>
	#include <dbus/bus.h>

	#include "dbus_adaptors/org.chromium.ArcDataSnapshotd.h"

	namespace crypto {

	class RSAPrivateKey;

	} // namespace crypto

	namespace cryptohome {

	class BootLockboxClient;

	} // namespace cryptohome

	namespace arc {
	namespace data_snapshotd {

	// BootLockbox snapshot keys:
	extern const char kLastSnapshotPublicKey[];
	extern const char kPreviousSnapshotPublicKey[];
	// Android data directory name:
	extern const char kAndroidDataDirectory[];

	// Implements the "org.chromium.ArcDataSnapshotdInterface" D-Bus interface
	// exposed by the arc-data-snapshotd daemon (see constants for the API methods
	// at src/platform/system_api/dbus/arc-data-snapshotd/dbus-constants.h).
	class DBusAdaptor final : public org::chromium::ArcDataSnapshotdAdaptor,
	public org::chromium::ArcDataSnapshotdInterface {
	public:
	DBusAdaptor();
	DBusAdaptor(const DBusAdaptor&) = delete;
	DBusAdaptor& operator=(const DBusAdaptor&) = delete;
	~DBusAdaptor() override;

	static std::unique_ptr<DBusAdaptor> CreateForTesting(
	const base::FilePath& snapshot_directory,
	const base::FilePath& home_root_directory,
	std::unique_ptr<cryptohome::BootLockboxClient> boot_lockbox_client);

	// Registers the D-Bus object that the arc-data-snapshotd daemon exposes and
	// ties methods exposed by this object with the actual implementation.
	void RegisterAsync(const scoped_refptr<dbus::Bus>& bus,
	brillo::dbus_utils::AsyncEventSequencer* sequencer);

	// Implementation of the "org.chromium.ArcDataSnapshotdInterface" D-Bus
	// interface:
	bool GenerateKeyPair() override;
	bool ClearSnapshot(bool last) override;
	bool TakeSnapshot(const std::string& account_id) override;
	void LoadSnapshot(const std::string& account_id,
	bool* last,
	bool* success) override;

	const base::FilePath& get_last_snapshot_directory() const {
	return last_snapshot_directory_;
	}
	const base::FilePath& get_previous_snapshot_directory() const {
	return previous_snapshot_directory_;
	}

	// Use this method only for testing.
	// Inode verification of snapshot directory is enabled in production by
	// default.
	// In production the integrity of the persisting snapshot directory is
	// verified, inode values should stay the same.
	//
	// Using this method, the inode verification for snapshot directories can be
	// disabled for testing. It is needed to ensure the integrity of snapshot
	// directories after copying it (inodes change).
	void set_inode_verification_enabled_for_testing(bool enabled) {
	inode_verification_enabled_ = enabled;
	}

	private:
	// Tries to load a snapshot stored in \|snapshot_dir\| to \|android_data_dir\|
	// and verify the snapshot by the public key digest stored in BootLockbox by
	// \|boot_lockbox_key\|.
	// Returns false in case of any error.
	bool TryToLoadSnapshot(const std::string& userhash,
	const base::FilePath& snapshot_dir,
	const base::FilePath& android_data_dir,
	const std::string& boot_lockbox_key);
	DBusAdaptor(
	const base::FilePath& snapshot_directory,
	const base::FilePath& home_root_directory,
	std::unique_ptr<cryptohome::BootLockboxClient> boot_lockbox_client);

	// Manages the D-Bus interfaces exposed by the arc-data-snapshotd daemon.
	std::unique_ptr<brillo::dbus_utils::DBusObject> dbus_object_;

	// Snapshot directory paths:
	const base::FilePath last_snapshot_directory_;
	const base::FilePath previous_snapshot_directory_;
	// Home root directory.
	const base::FilePath home_root_directory_;

	// Manages the communication with BootLockbox.
	std::unique_ptr<cryptohome::BootLockboxClient> boot_lockbox_client_;
	// This private key is generated once GenerateKeyPair is called and used once
	// per snapshot in TakeSnapshot.
	std::unique_ptr<crypto::RSAPrivateKey> private_key_;
	// This public key info is generated along with a private key in
	// GenerateKeyPair. The key is valid only when \|private_key_\| is set.
	// Should be stored on disk once \|private_key_\| is disposed.
	std::vector<uint8_t> public_key_info_;
	// Inode verification of snapshot directories is enabled in production ny
	// default.
	bool inode_verification_enabled_ = true;
	};

	} // namespace data_snapshotd
	} // namespace arc

	#endif // ARC_DATA_SNAPSHOTD_DBUS_ADAPTOR_H_