Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Commit 36d0eaec authored by Paul Lawrence's avatar Paul Lawrence
Browse files

Make encryption configurable 

Delay mounting encryptable but unencrypted volumes until we can
check the ro.vold.forceencrypt flag, then optionally encrypt.

Requires matching vold change from
    https://googleplex-android-review.git.corp.google.com/#/c/615309/

Bug: 18764230
Change-Id: If22008be8de6a4f3216b349f81ace49be1730314
parent 2f7ee6b7

fs_mgr/fs_mgr.c

+1 −3
Original line number Diff line number Diff line
@@ -477,9 +477,7 @@ int fs_mgr_mount_all(struct fstab *fstab) 
        /* Deal with encryptability. */

        if (!mret) {

            /* If this is encryptable, need to trigger encryption */

            if (   (fstab->recs[attempted_idx].fs_mgr_flags & MF_FORCECRYPT)

                || (device_is_force_encrypted()

                    && fs_mgr_is_encryptable(&fstab->recs[attempted_idx]))) {

          if (fs_mgr_is_encryptable(&fstab->recs[attempted_idx])) {

                if (umount(fstab->recs[attempted_idx].mount_point) == 0) {

                    if (encryptable == FS_MGR_MNTALL_DEV_NOT_ENCRYPTED) {

                        ERROR("Will try to encrypt %s %s\n", fstab->recs[attempted_idx].mount_point,

fs_mgr/fs_mgr_fstab.c

+5 −0
Original line number Diff line number Diff line
@@ -428,6 +428,11 @@ int fs_mgr_is_encryptable(struct fstab_rec *fstab) 
    return fstab->fs_mgr_flags & (MF_CRYPT | MF_FORCECRYPT);

}



int fs_mgr_is_force_encrypted(struct fstab_rec *fstab)

{

    return fstab->fs_mgr_flags & MF_FORCECRYPT;

}



int fs_mgr_is_noemulatedsd(struct fstab_rec *fstab)

{

    return fstab->fs_mgr_flags & MF_NOEMULATEDSD;

fs_mgr/include/fs_mgr.h

+1 −0
Original line number Diff line number Diff line
@@ -83,6 +83,7 @@ int fs_mgr_is_voldmanaged(struct fstab_rec *fstab); 
int fs_mgr_is_nonremovable(struct fstab_rec *fstab);

int fs_mgr_is_verified(struct fstab_rec *fstab);

int fs_mgr_is_encryptable(struct fstab_rec *fstab);

int fs_mgr_is_force_encrypted(struct fstab_rec *fstab);

int fs_mgr_is_noemulatedsd(struct fstab_rec *fstab);

int fs_mgr_swapon_all(struct fstab *fstab);

#ifdef __cplusplus

rootdir/init.rc

+1 −1
Original line number Diff line number Diff line
@@ -581,7 +581,7 @@ service defaultcrypto /system/bin/vdc --wait cryptfs mountdefaultencrypted 
    # encryption) or trigger_restart_min_framework (other encryption)



# One shot invocation to encrypt unencrypted volumes

service encrypt /system/bin/vdc --wait cryptfs enablecrypto inplace default

service encrypt /system/bin/vdc --wait cryptfs maybeenabledefaultcrypto

    disabled

    oneshot

    # vold will set vold.decrypt to trigger_restart_framework (default