/*
 * Copyright (C) 2018 The Android Open Source Project
 *
 * Licensed under the Apache License, Version 2.0 (the "License");
 * you may not use this file except in compliance with the License.
 * You may obtain a copy of the License at
 *
 *      http://www.apache.org/licenses/LICENSE-2.0
 *
 * Unless required by applicable law or agreed to in writing, software
 * distributed under the License is distributed on an "AS IS" BASIS,
 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 * See the License for the specific language governing permissions and
 * limitations under the License.
 */

#define LOG_TAG "VerityUtils"

#include <android-base/unique_fd.h>
#include <errno.h>
#include <fcntl.h>
#include <linux/fs.h>
#include <linux/fsverity.h>
#include <linux/stat.h>
#include <nativehelper/JNIHelp.h>
#include <nativehelper/ScopedUtfChars.h>
#include <string.h>
#include <sys/ioctl.h>
#include <sys/stat.h>
#include <sys/types.h>
#include <utils/Log.h>

#include <type_traits>

#include "jni.h"

namespace android {

namespace {

int enableFsverityForFd(JNIEnv *env, jobject clazz, jint fd) {
    if (fd < 0) {
        return errno;
    }

    fsverity_enable_arg arg = {};
    arg.version = 1;
    arg.hash_algorithm = FS_VERITY_HASH_ALG_SHA256; // hardcoded in measureFsverity below
    arg.block_size = 4096;
    arg.salt_size = 0;
    arg.salt_ptr = reinterpret_cast<uintptr_t>(nullptr);

    if (ioctl(fd, FS_IOC_ENABLE_VERITY, &arg) < 0) {
        return errno;
    }
    return 0;
}

int enableFsverity(JNIEnv *env, jobject clazz, jstring filePath) {
    ScopedUtfChars path(env, filePath);
    if (path.c_str() == nullptr) {
        return EINVAL;
    }
    ::android::base::unique_fd rfd(open(path.c_str(), O_RDONLY | O_CLOEXEC));
    return enableFsverityForFd(env, clazz, rfd.get());
}

// Returns whether the file has fs-verity enabled.
// 0 if it is not present, 1 if is present, and -errno if there was an error.
int statxForFsverity(JNIEnv *env, jobject /* clazz */, jstring filePath) {
    ScopedUtfChars path(env, filePath);

    // There are two ways to check whether a file has fs-verity enabled: statx() and FS_IOC_GETFLAGS
    // (See https://www.kernel.org/doc/html/latest/filesystems/fsverity.html#statx and
    // https://www.kernel.org/doc/html/latest/filesystems/fsverity.html#fs-ioc-getflags.)
    // We try statx() first, since it doesn't require opening the file.

    struct statx out = {};
    if (statx(AT_FDCWD, path.c_str(), 0 /* flags */, STATX_ALL, &out) != 0) {
        return -errno;
    }

    if (out.stx_attributes_mask & STATX_ATTR_VERITY) {
        return (out.stx_attributes & STATX_ATTR_VERITY) != 0;
    }

    // The filesystem doesn't support STATX_ATTR_VERITY.  This normally means that it doesn't
    // support fs-verity, in which case we should simply return 0.  Unfortunately, virtio-fs is an
    // exception, since it doesn't support STATX_ATTR_VERITY but does support querying FS_VERITY_FL
    // via FS_IOC_GETFLAGS.  So we have to fall back to FS_IOC_GETFLAGS.  Note: despite being an
    // ioctl, FS_IOC_GETFLAGS doesn't require the "ioctl" SELinux permission but rather "getattr".

    ::android::base::unique_fd rfd(open(path.c_str(), O_RDONLY | O_CLOEXEC));
    if (rfd.get() < 0) {
        ALOGE("open failed at %s", path.c_str());
        return -errno;
    }

    unsigned int flags;
    if (ioctl(rfd.get(), FS_IOC_GETFLAGS, &flags) < 0) {
        if (errno == ENOTTY) {
            // If the filesystem supports neither STATX_ATTR_VERITY nor FS_IOC_GETFLAGS, then assume
            // that it doesn't support fs-verity.
            return 0;
        }
        ALOGE("ioctl(FS_IOC_GETFLAGS) failed at %s", path.c_str());
        return -errno;
    }

    return (flags & FS_VERITY_FL) != 0;
}

int measureFsverity(JNIEnv *env, jobject /* clazz */, jstring filePath, jbyteArray digest) {
    static constexpr auto kDigestSha256 = 32;
    using Storage = std::aligned_storage_t<sizeof(fsverity_digest) + kDigestSha256>;

    Storage bytes;
    fsverity_digest *data = reinterpret_cast<fsverity_digest *>(&bytes);
    data->digest_size = kDigestSha256; // the only input/output parameter

    ScopedUtfChars path(env, filePath);
    ::android::base::unique_fd rfd(open(path.c_str(), O_RDONLY | O_CLOEXEC));
    if (rfd.get() < 0) {
        return -errno;
    }
    if (::ioctl(rfd.get(), FS_IOC_MEASURE_VERITY, data) < 0) {
        return -errno;
    }

    if (data->digest_algorithm != FS_VERITY_HASH_ALG_SHA256) {
        return -EINVAL;
    }

    if (digest != nullptr && data->digest_size > 0) {
        auto digestSize = env->GetArrayLength(digest);
        if (data->digest_size > digestSize) {
            return -E2BIG;
        }
        env->SetByteArrayRegion(digest, 0, data->digest_size, (const jbyte *)data->digest);
    }

    return 0;
}
const JNINativeMethod sMethods[] = {
        {"enableFsverityNative", "(Ljava/lang/String;)I", (void *)enableFsverity},
        {"enableFsverityForFdNative", "(I)I", (void *)enableFsverityForFd},
        {"statxForFsverityNative", "(Ljava/lang/String;)I", (void *)statxForFsverity},
        {"measureFsverityNative", "(Ljava/lang/String;[B)I", (void *)measureFsverity},
};

} // namespace

int register_com_android_internal_security_VerityUtils(JNIEnv *env) {
    return jniRegisterNativeMethods(env, "com/android/internal/security/VerityUtils", sMethods,
                                    NELEM(sMethods));
}

} // namespace android