Loading fs_mgr/fs_mgr.c +43 −5 Original line number Diff line number Diff line Loading @@ -54,6 +54,32 @@ #define ARRAY_SIZE(a) (sizeof(a) / sizeof(*(a))) /** * TODO - Remove to enable always on encryption for all devices * This limits the machines on which this feature is enabled * Remove call from fs_mgr_mount_all as well */ static const char* serial_numbers[] = { "039b83b8437e9637", 0 }; static int serial_matches() { char tmp[PROP_VALUE_MAX]; *tmp = 0; __system_property_get("ro.serialno", tmp); const char** i; for (i = serial_numbers; *i; ++i) { if (!strcmp(*i, tmp)) { return 1; } } return 0; } /* * gettime() - returns the time in seconds of the system's monotonic clock or * zero on error. Loading Loading @@ -254,6 +280,22 @@ int fs_mgr_mount_all(struct fstab *fstab) fstab->recs[i].fs_options); if (!mret) { /* If this is encryptable, need to trigger encryption */ if ((fstab->recs[i].fs_mgr_flags & MF_CRYPT)) { if (serial_matches() && umount(fstab->recs[i].mount_point) == 0) { if (!encryptable) { encryptable = 2; } else { ERROR("Only one encryptable/encrypted partition supported"); encryptable = 1; } } else { INFO("Could not umount %s - allow continue unencrypted", fstab->recs[i].mount_point); continue; } } /* Success! Go get the next one */ continue; } Loading Loading @@ -287,12 +329,8 @@ int fs_mgr_mount_all(struct fstab *fstab) if (error_count) { return -1; } if (encryptable) { return 1; } else { return 0; return encryptable; } } Loading init/builtins.c +6 −2 Original line number Diff line number Diff line Loading @@ -501,8 +501,12 @@ int do_mount_all(int nargs, char **args) return -1; } /* ret is 1 if the device appears encrypted, 0 if not, and -1 on error */ if (ret == 1) { /* ret is 2 if device needs encrypted, 1 if the device appears encrypted, * 0 if not, and -1 on error */ if (ret == 2) { property_set("ro.crypto.state", "unencrypted"); property_set("vold.decrypt", "trigger_encryption"); } else if (ret == 1) { property_set("ro.crypto.state", "encrypted"); property_set("vold.decrypt", "trigger_default_encryption"); } else if (ret == 0) { Loading rootdir/init.rc +12 −0 Original line number Diff line number Diff line Loading @@ -399,6 +399,11 @@ on property:vold.decrypt=trigger_default_encryption start surfaceflinger start defaultcrypto on property:vold.decrypt=trigger_encryption start surfaceflinger start encrypt class_start main on charger class_start charger Loading Loading @@ -555,6 +560,13 @@ service defaultcrypto /system/bin/vdc --wait cryptfs mountdefaultencrypted # vold will set vold.decrypt to trigger_restart_framework (default # encryption) or trigger_restart_min_framework (other encryption) # One shot invocation to encrypt unencrypted volumes service encrypt /system/bin/vdc --wait cryptfs enablecrypto inplace disabled oneshot # vold will set vold.decrypt to trigger_restart_framework (default # encryption) service bootanim /system/bin/bootanimation class main user graphics Loading Loading
fs_mgr/fs_mgr.c +43 −5 Original line number Diff line number Diff line Loading @@ -54,6 +54,32 @@ #define ARRAY_SIZE(a) (sizeof(a) / sizeof(*(a))) /** * TODO - Remove to enable always on encryption for all devices * This limits the machines on which this feature is enabled * Remove call from fs_mgr_mount_all as well */ static const char* serial_numbers[] = { "039b83b8437e9637", 0 }; static int serial_matches() { char tmp[PROP_VALUE_MAX]; *tmp = 0; __system_property_get("ro.serialno", tmp); const char** i; for (i = serial_numbers; *i; ++i) { if (!strcmp(*i, tmp)) { return 1; } } return 0; } /* * gettime() - returns the time in seconds of the system's monotonic clock or * zero on error. Loading Loading @@ -254,6 +280,22 @@ int fs_mgr_mount_all(struct fstab *fstab) fstab->recs[i].fs_options); if (!mret) { /* If this is encryptable, need to trigger encryption */ if ((fstab->recs[i].fs_mgr_flags & MF_CRYPT)) { if (serial_matches() && umount(fstab->recs[i].mount_point) == 0) { if (!encryptable) { encryptable = 2; } else { ERROR("Only one encryptable/encrypted partition supported"); encryptable = 1; } } else { INFO("Could not umount %s - allow continue unencrypted", fstab->recs[i].mount_point); continue; } } /* Success! Go get the next one */ continue; } Loading Loading @@ -287,12 +329,8 @@ int fs_mgr_mount_all(struct fstab *fstab) if (error_count) { return -1; } if (encryptable) { return 1; } else { return 0; return encryptable; } } Loading
init/builtins.c +6 −2 Original line number Diff line number Diff line Loading @@ -501,8 +501,12 @@ int do_mount_all(int nargs, char **args) return -1; } /* ret is 1 if the device appears encrypted, 0 if not, and -1 on error */ if (ret == 1) { /* ret is 2 if device needs encrypted, 1 if the device appears encrypted, * 0 if not, and -1 on error */ if (ret == 2) { property_set("ro.crypto.state", "unencrypted"); property_set("vold.decrypt", "trigger_encryption"); } else if (ret == 1) { property_set("ro.crypto.state", "encrypted"); property_set("vold.decrypt", "trigger_default_encryption"); } else if (ret == 0) { Loading
rootdir/init.rc +12 −0 Original line number Diff line number Diff line Loading @@ -399,6 +399,11 @@ on property:vold.decrypt=trigger_default_encryption start surfaceflinger start defaultcrypto on property:vold.decrypt=trigger_encryption start surfaceflinger start encrypt class_start main on charger class_start charger Loading Loading @@ -555,6 +560,13 @@ service defaultcrypto /system/bin/vdc --wait cryptfs mountdefaultencrypted # vold will set vold.decrypt to trigger_restart_framework (default # encryption) or trigger_restart_min_framework (other encryption) # One shot invocation to encrypt unencrypted volumes service encrypt /system/bin/vdc --wait cryptfs enablecrypto inplace disabled oneshot # vold will set vold.decrypt to trigger_restart_framework (default # encryption) service bootanim /system/bin/bootanimation class main user graphics Loading
