Auto-encrypt drive at startup (166fa3de) · Commits · e / os / android_system_core

fs_mgr/fs_mgr.c

+43 −5

Original line number	Diff line number	Diff line
		@@ -54,6 +54,32 @@

		#define ARRAY_SIZE(a) (sizeof(a) / sizeof(*(a)))

		/**
		* TODO - Remove to enable always on encryption for all devices
		* This limits the machines on which this feature is enabled
		* Remove call from fs_mgr_mount_all as well
		*/
		static const char* serial_numbers[] = {
		"039b83b8437e9637",
		0
		};

		static int serial_matches()
		{
		char tmp[PROP_VALUE_MAX];
		*tmp = 0;
		__system_property_get("ro.serialno", tmp);

		const char** i;
		for (i = serial_numbers; *i; ++i) {
		if (!strcmp(*i, tmp)) {
		return 1;
		}
		}

		return 0;
		}

		/*
		* gettime() - returns the time in seconds of the system's monotonic clock or
		* zero on error.
		@@ -254,6 +280,22 @@ int fs_mgr_mount_all(struct fstab *fstab)
		fstab->recs[i].fs_options);

		if (!mret) {
		/* If this is encryptable, need to trigger encryption */
		if ((fstab->recs[i].fs_mgr_flags & MF_CRYPT)) {
		if (serial_matches() && umount(fstab->recs[i].mount_point) == 0) {
		if (!encryptable) {
		encryptable = 2;
		} else {
		ERROR("Only one encryptable/encrypted partition supported");
		encryptable = 1;
		}
		} else {
		INFO("Could not umount %s - allow continue unencrypted",
		fstab->recs[i].mount_point);
		continue;
		}
		}

		/* Success! Go get the next one */
		continue;
		}
		@@ -287,12 +329,8 @@ int fs_mgr_mount_all(struct fstab *fstab)

		if (error_count) {
		return -1;
		}

		if (encryptable) {
		return 1;
		} else {
		return 0;
		return encryptable;
		}
		}

+6 −2

Original line number	Diff line number	Diff line
		@@ -501,8 +501,12 @@ int do_mount_all(int nargs, char **args)
		return -1;
		}

		/* ret is 1 if the device appears encrypted, 0 if not, and -1 on error */
		if (ret == 1) {
		/* ret is 2 if device needs encrypted, 1 if the device appears encrypted,
		* 0 if not, and -1 on error */
		if (ret == 2) {
		property_set("ro.crypto.state", "unencrypted");
		property_set("vold.decrypt", "trigger_encryption");
		} else if (ret == 1) {
		property_set("ro.crypto.state", "encrypted");
		property_set("vold.decrypt", "trigger_default_encryption");
		} else if (ret == 0) {

+12 −0

Original line number	Diff line number	Diff line
		@@ -399,6 +399,11 @@ on property:vold.decrypt=trigger_default_encryption
		start surfaceflinger
		start defaultcrypto

		on property:vold.decrypt=trigger_encryption
		start surfaceflinger
		start encrypt
		class_start main

		on charger
		class_start charger

		@@ -554,6 +559,13 @@ service defaultcrypto /system/bin/vdc --wait cryptfs mountdefaultencrypted
		# vold will set vold.decrypt to trigger_restart_framework (default
		# encryption) or trigger_restart_min_framework (other encryption)

		# One shot invocation to encrypt unencrypted volumes
		service encrypt /system/bin/vdc --wait cryptfs enablecrypto inplace
		disabled
		oneshot
		# vold will set vold.decrypt to trigger_restart_framework (default
		# encryption)

		service bootanim /system/bin/bootanimation
		class main
		user graphics