Revert "init: remove session keyring workaround for old kernels" (2557334e) · Commits · e / os / android_system_core

init/Android.bp

+1 −0

+3 −0

Original line number	Diff line number	Diff line
		@@ -592,6 +592,9 @@ static Result<void> queue_fs_event(int code) {
		} else if (code == FS_MGR_MNTALL_DEV_FILE_ENCRYPTED \|\|
		code == FS_MGR_MNTALL_DEV_IS_METADATA_ENCRYPTED \|\|
		code == FS_MGR_MNTALL_DEV_NEEDS_METADATA_ENCRYPTION) {
		if (!FscryptInstallKeyring()) {
		return Error() << "FscryptInstallKeyring() failed";
		}
		SetProperty("ro.crypto.state", "encrypted");

		// Although encrypted, vold has already set the device up, so we do not need to

+16 −0

Original line number	Diff line number	Diff line
		@@ -34,12 +34,28 @@
		#include <cutils/properties.h>
		#include <cutils/sockets.h>
		#include <fscrypt/fscrypt.h>
		#include <keyutils.h>
		#include <logwrap/logwrap.h>

		#define TAG "fscrypt"

		using namespace android::fscrypt;

		bool FscryptInstallKeyring() {
		if (keyctl_search(KEY_SPEC_SESSION_KEYRING, "keyring", "fscrypt", 0) != -1) {
		LOG(INFO) << "Keyring is already created";
		return true;
		}
		key_serial_t device_keyring = add_key("keyring", "fscrypt", 0, 0, KEY_SPEC_SESSION_KEYRING);

		if (device_keyring == -1) {
		PLOG(ERROR) << "Failed to create keyring";
		return false;
		}
		LOG(INFO) << "Keyring created with id " << device_keyring << " in process " << getpid();
		return true;
		}

		// TODO(b/139378601): use a single central implementation of this.
		static void delete_dir_contents(const std::string& dir) {
		char* const paths[2] = {const_cast<char*>(dir.c_str()), nullptr};

+1 −0

Original line number	Diff line number	Diff line
		@@ -25,5 +25,6 @@ enum class FscryptAction {
		kDeleteIfNecessary,
		};

		bool FscryptInstallKeyring();
		bool FscryptSetDirectoryPolicy(const std::string& ref_basename, FscryptAction action,
		const std::string& dir);

+1 −0