New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Error opening CryFS volume on USB drive #281
Comments
According to the logs, DroidFS gets a permission denied error when trying to access |
Getting this error when trying to build the app to test potential fixes :(
|
Submitted a tiny PR to fix a build error I was having: #282 But now I'm having this and I'm not sure how to fix it. It's a long one so I've attached the full error as a .txt file. Edit: I see you recommend using NDK r23 in the build docs. Trying to force it to use that instead of r26. |
Did you create the CryFS volume with DroidFS or with the desktop cryfs program? What fixes are you trying? From your build logs, I see one error that should be fixed by us, but as a temporary workaround, using a previous NDK version may work. However, there's also:
Which is strange. Can you check that the archive file at |
DroidFS.
Nope.
Don't have anything specific in mind, just wanted to experiment with it. I thought maybe there's a tiny chance that just directly asking for permission to access the USB drive might work (even though this app accesses the USB through the filesystem and not as a block device, and the "All files access" permission is intended to also grant access to USB storage through the filesystem). |
Indeed, the sha256 of the file didn't match the expected hash. I re-downloaded it. Weird. |
Went ahead and spun this off into a new issue since it was polluting this one. |
Got some more details to share: I tried opening a CryFS volume off a USB drive on my Pixel's stock ROM just to make sure it wasn't a GrapheneOS issue. Still observed the same behavior. @hardcore-sushi Does it work on your phone? |
Unfortunately, I have no USB-OTG adapter to test with. The error seems to come from a symbolic link resolution. What's the filesystem of your USB drive? |
I tried both exFAT and FAT32. |
I think I fixed it! Basically Android throws a hissy fit when you try to call stat() on /mnt/media_rw. Calling stat() on anything below that, so long as you have the "all files" permission, is fine. It's being called because some code somewhere is calling I'm not sure where the proper place to fix this is, however. Not even sure where this function is called. I'd like to use a debugger to generate a stack trace but I don't know how to do that on Android. "ndk-gdb" seems to not be a thing anymore. For now, here's a minimal proof-of-concept patch that fixes the issue by simply hardcoding a return value of "no, this is not a symlink" any time symlink_status() is called on /mnt/media_rw. Basically just this: BOOST_FILESYSTEM_DECL
file_status symlink_status(path const& p, error_code* ec)
{
// ...
if (strcmp(p.c_str(), "/mnt/media_rw") == 0) {
const mode_t mode = (mode_t)0700;
return fs::file_status(fs::directory_file, static_cast< perms >(mode) & fs::perms_mask);
}
// ...
} To test the patch, just replace |
Apparently Android Studio has an integrated LLDB debugger for native code. But I tried loading the project with Android Studio and it doesn't seem to like it. When trying to build I get cryptic errors. |
Wow, very good job! I'll try to investigate this issue and find an appropriate fix. To get a backtrace, I remember having some success with boost stacktrace.
Could you try on a filesystem supporting symbolic links such as ext4 or F2FS? |
Here's my findings. The functions |
Android only supports FAT32 and exFAT for removable storage (despite using ext4 internally). Anyway, thanks for investigating this issue! It's a bit of a tricky situation I suppose. Ideally we could just intercept calls to stat() and make it function how it really should, as it doesn't make much sense that stat() on /mnt/media_rw isn't allowed in the first place, but I think the only way to do something like that would be to add a hardcoded check on every call and that may impact performance because stat() is not an uncommon call. Implementing a fix in a For now, I propose a simple patch to libcryfs which adds a check for /mnt/media_rw into --- BasedirMetadata.cpp.orig
+++ BasedirMetadata.cpp
@@ -45,6 +45,19 @@
}
string jsonPathForBasedir(const bf::path &basedir) {
+#ifdef __ANDROID__
+ // if basedir starts with /mnt/media_rw
+ if (basedir.string().rfind("/mnt/media_rw", 0) == 0) {
+ // Android returns permission denied when attempting to stat() /mnt/media_rw for some reason
+ // (even with "all files access") so checking if /mnt/media_rw is a symlink, as canonical()
+ // would, results in an error. Because we know /mnt/media_rw is not a symlink, and Android
+ // doesn't support removable storage filesystems that support symlinks, the canonical path
+ // for any path starting with /mnt/media_rw is equal to the absolute path after normalization
+ // (removal of "../" and "./" elements).
+ // See: https://github.com/hardcore-sushi/DroidFS/issues/281
+ return bf::absolute(basedir).lexically_normal().string() + ".filesystemId";
+ }
+#endif
return bf::canonical(basedir).string() + ".filesystemId";
}
If Android gains support for filesystems on removable storage that support symlinks in the future, as far as I can tell, the worst that could happen is, if a user manually provides a path with symlinks under /mnt/media_rw, then later specifies a different path that points to the same folder, DroidFS will not recognize it as the same path? I don't foresee that causing any problems... You could alternatively write your own implementation of I opened a PR: hardcore-sushi/libcryfs#1 Let me know which approach you want to go with. And thanks again for the troubleshooting help and for developing this awesome app! |
You are correct, but I'm afraid that |
Fixed upstream: cryfs/cryfs#473 I'll update libcryfs to include this patch. |
Awesome, thanks for the quick resolution! |
Feel free to close this issue whenever you want. You may want to leave it open until the next DroidFS release so users who are having this issue can find it. But it's up to you :) |
When I try to open a CryFS volume on a USB drive I get an error "Open failed, Unknown error code: 0". I attached the logcat and a screenshot of the error. gocryptfs volumes work fine.
droidfs_logcat.txt
If it makes any difference, I'm running GrapheneOS, but I enabled "exploit protection compatibility mode" for DroidFS so it shouldn't be running any differently than on stock Android.
The text was updated successfully, but these errors were encountered: