Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Commit 570d20d2 authored by Paul Crowley's avatar Paul Crowley
Browse files

Create /data/per_boot 

Bug: 140882488
Test: Booted twice, checked logs to ensure encryption
    is different each time, adb created files in directory.
Change-Id: I44f746acd1040f7baa9123d4824ba39b194f287b
parent a550e7f4

init/fscrypt_init_extensions.cpp

+15 −6
Original line number Diff line number Diff line
@@ -38,7 +38,7 @@ 


#define TAG "fscrypt"



static int set_system_de_policy_on(const std::string& dir);

static int set_policy_on(const std::string& ref_basename, const std::string& dir);



int fscrypt_install_keyring() {

    key_serial_t device_keyring = add_key("keyring", "fscrypt", 0, 0, KEY_SPEC_SESSION_KEYRING);
@@ -104,7 +104,7 @@ int fscrypt_set_directory_policy(const std::string& dir) { 
    // Special-case /data/media/obb per b/64566063

    if (dir == "/data/media/obb") {

        // Try to set policy on this directory, but if it is non-empty this may fail.

        set_system_de_policy_on(dir);

        set_policy_on(fscrypt_key_ref, dir);

        return 0;

    }
@@ -135,7 +135,16 @@ int fscrypt_set_directory_policy(const std::string& dir) { 
            return 0;

        }

    }

    int err = set_system_de_policy_on(dir);

    std::vector<std::string> per_boot_directories = {

            "per_boot",

    };

    for (const auto& d : per_boot_directories) {

        if ((prefix + d) == dir) {

            LOG(INFO) << "Setting per_boot key on " << dir;

            return set_policy_on(fscrypt_key_per_boot_ref, dir);

        }

    }

    int err = set_policy_on(fscrypt_key_ref, dir);

    if (err == 0) {

        return 0;

    }
@@ -147,15 +156,15 @@ int fscrypt_set_directory_policy(const std::string& dir) { 
        if ((prefix + d) == dir) {

            LOG(ERROR) << "Setting policy failed, deleting: " << dir;

            delete_dir_contents(dir);

            err = set_system_de_policy_on(dir);

            err = set_policy_on(fscrypt_key_ref, dir);

            break;

        }

    }

    return err;

}



static int set_system_de_policy_on(const std::string& dir) {

    std::string ref_filename = std::string("/data") + fscrypt_key_ref;

static int set_policy_on(const std::string& ref_basename, const std::string& dir) {

    std::string ref_filename = std::string("/data") + ref_basename;

    std::string policy;

    if (!android::base::ReadFileToString(ref_filename, &policy)) {

        LOG(ERROR) << "Unable to read system policy to set on " << dir;

rootdir/init.rc

+3 −0
Original line number Diff line number Diff line
@@ -852,6 +852,9 @@ on property:vold.decrypt=trigger_shutdown_framework 


on property:sys.boot_completed=1

    bootchart stop

    # Setup per_boot directory so other .rc could start to use it on boot_completed

    exec - system system -- /bin/rm -rf /data/per_boot

    mkdir /data/per_boot 0700 system system



# system server cannot write to /proc/sys files,

# and chown/chmod does not work for /proc/sys/ entries.