Loading fs_mgr/fs_mgr.c +1 −11 Original line number Original line Diff line number Diff line Loading @@ -31,7 +31,7 @@ #include <dirent.h> #include <dirent.h> #include <ext4.h> #include <ext4.h> #include <ext4_sb.h> #include <ext4_sb.h> #include <ext4_crypt.h> #include <ext4_crypt_init_extensions.h> #include <linux/loop.h> #include <linux/loop.h> #include <private/android_filesystem_config.h> #include <private/android_filesystem_config.h> Loading Loading @@ -483,16 +483,6 @@ static int handle_encryptable(struct fstab *fstab, const struct fstab_rec* rec) return FS_MGR_MNTALL_FAIL; return FS_MGR_MNTALL_FAIL; } } // Link it to the normal place so ext4_crypt functions work normally strlcat(tmp_mnt, "/unencrypted", sizeof(tmp_mnt)); char link_path[PATH_MAX]; strlcpy(link_path, rec->mount_point, sizeof(link_path)); strlcat(link_path, "/unencrypted", sizeof(link_path)); if (symlink(tmp_mnt, link_path)) { ERROR("Error creating symlink to unencrypted directory\n"); return FS_MGR_MNTALL_FAIL; } return FS_MGR_MNTALL_DEV_NON_DEFAULT_FILE_ENCRYPTED; return FS_MGR_MNTALL_DEV_NON_DEFAULT_FILE_ENCRYPTED; } } Loading init/builtins.cpp +26 −32 Original line number Original line Diff line number Diff line Loading @@ -29,7 +29,7 @@ #include <sys/wait.h> #include <sys/wait.h> #include <unistd.h> #include <unistd.h> #include <linux/loop.h> #include <linux/loop.h> #include <ext4_crypt.h> #include <ext4_crypt_init_extensions.h> #include <selinux/selinux.h> #include <selinux/selinux.h> #include <selinux/label.h> #include <selinux/label.h> Loading Loading @@ -385,18 +385,6 @@ static int wipe_data_via_recovery() while (1) { pause(); } // never reached while (1) { pause(); } // never reached } } /* * Callback to make a directory from the ext4 code */ static int do_mount_alls_make_dir(const char* dir) { if (make_dir(dir, 0700) && errno != EEXIST) { return -1; } return 0; } /* /* * This function might request a reboot, in which case it will * This function might request a reboot, in which case it will * not return. * not return. Loading Loading @@ -452,6 +440,7 @@ int do_mount_all(int nargs, char **args) property_set("vold.decrypt", "trigger_encryption"); property_set("vold.decrypt", "trigger_encryption"); } else if (ret == FS_MGR_MNTALL_DEV_MIGHT_BE_ENCRYPTED) { } else if (ret == FS_MGR_MNTALL_DEV_MIGHT_BE_ENCRYPTED) { property_set("ro.crypto.state", "encrypted"); property_set("ro.crypto.state", "encrypted"); property_set("ro.crypto.type", "block"); property_set("vold.decrypt", "trigger_default_encryption"); property_set("vold.decrypt", "trigger_default_encryption"); } else if (ret == FS_MGR_MNTALL_DEV_NOT_ENCRYPTED) { } else if (ret == FS_MGR_MNTALL_DEV_NOT_ENCRYPTED) { property_set("ro.crypto.state", "unencrypted"); property_set("ro.crypto.state", "unencrypted"); Loading @@ -465,26 +454,11 @@ int do_mount_all(int nargs, char **args) ret = wipe_data_via_recovery(); ret = wipe_data_via_recovery(); /* If reboot worked, there is no return. */ /* If reboot worked, there is no return. */ } else if (ret == FS_MGR_MNTALL_DEV_DEFAULT_FILE_ENCRYPTED) { } else if (ret == FS_MGR_MNTALL_DEV_DEFAULT_FILE_ENCRYPTED) { // We have to create the key files here. Only init can call make_dir, // and we can't do it from fs_mgr as then fs_mgr would depend on // make_dir creating a circular dependency. fstab = fs_mgr_read_fstab(args[1]); for (int i = 0; i < fstab->num_entries; ++i) { if (fs_mgr_is_file_encrypted(&fstab->recs[i])) { if (e4crypt_create_device_key(fstab->recs[i].mount_point, do_mount_alls_make_dir)) { ERROR("Could not create device key on %s" " - continue unencrypted\n", fstab->recs[i].mount_point); } } } fs_mgr_free_fstab(fstab); if (e4crypt_install_keyring()) { if (e4crypt_install_keyring()) { return -1; return -1; } } property_set("ro.crypto.state", "encrypted"); property_set("ro.crypto.state", "encrypted"); property_set("ro.crypto.type", "file"); // Although encrypted, we have device key, so we do not need to // Although encrypted, we have device key, so we do not need to // do anything different from the nonencrypted case. // do anything different from the nonencrypted case. Loading @@ -494,6 +468,7 @@ int do_mount_all(int nargs, char **args) return -1; return -1; } } property_set("ro.crypto.state", "encrypted"); property_set("ro.crypto.state", "encrypted"); property_set("ro.crypto.type", "file"); property_set("vold.decrypt", "trigger_restart_min_framework"); property_set("vold.decrypt", "trigger_restart_min_framework"); } else if (ret > 0) { } else if (ret > 0) { ERROR("fs_mgr_mount_all returned unexpected error %d\n", ret); ERROR("fs_mgr_mount_all returned unexpected error %d\n", ret); Loading Loading @@ -840,11 +815,30 @@ int do_wait(int nargs, char **args) return -1; return -1; } } int do_installkey(int nargs, char **args) /* * Callback to make a directory from the ext4 code */ static int do_installkeys_ensure_dir_exists(const char* dir) { { if (nargs == 2) { if (make_dir(dir, 0700) && errno != EEXIST) { return e4crypt_install_key(args[1]); return -1; } return 0; } } int do_installkey(int nargs, char **args) { if (nargs != 2) { return -1; return -1; } } char prop_value[PROP_VALUE_MAX] = {0}; property_get("ro.crypto.type", prop_value); if (strcmp(prop_value, "file")) { return 0; } return e4crypt_create_device_key(args[1], do_installkeys_ensure_dir_exists); } rootdir/init.rc +5 −3 Original line number Original line Diff line number Diff line Loading @@ -220,14 +220,17 @@ on post-fs mkdir /cache/lost+found 0770 root root mkdir /cache/lost+found 0770 root root on post-fs-data on post-fs-data installkey /data # We chown/chmod /data again so because mount is run as root + defaults # We chown/chmod /data again so because mount is run as root + defaults chown system system /data chown system system /data chmod 0771 /data chmod 0771 /data # We restorecon /data in case the userdata partition has been reset. # We restorecon /data in case the userdata partition has been reset. restorecon /data restorecon /data # Make sure we have the device encryption key start logd start vold installkey /data # Start bootcharting as soon as possible after the data partition is # Start bootcharting as soon as possible after the data partition is # mounted to collect more data. # mounted to collect more data. mkdir /data/bootchart 0755 shell shell mkdir /data/bootchart 0755 shell shell Loading Loading @@ -449,7 +452,6 @@ on property:vold.decrypt=trigger_restart_min_framework class_start main class_start main on property:vold.decrypt=trigger_restart_framework on property:vold.decrypt=trigger_restart_framework installkey /data class_start main class_start main class_start late_start class_start late_start Loading Loading
fs_mgr/fs_mgr.c +1 −11 Original line number Original line Diff line number Diff line Loading @@ -31,7 +31,7 @@ #include <dirent.h> #include <dirent.h> #include <ext4.h> #include <ext4.h> #include <ext4_sb.h> #include <ext4_sb.h> #include <ext4_crypt.h> #include <ext4_crypt_init_extensions.h> #include <linux/loop.h> #include <linux/loop.h> #include <private/android_filesystem_config.h> #include <private/android_filesystem_config.h> Loading Loading @@ -483,16 +483,6 @@ static int handle_encryptable(struct fstab *fstab, const struct fstab_rec* rec) return FS_MGR_MNTALL_FAIL; return FS_MGR_MNTALL_FAIL; } } // Link it to the normal place so ext4_crypt functions work normally strlcat(tmp_mnt, "/unencrypted", sizeof(tmp_mnt)); char link_path[PATH_MAX]; strlcpy(link_path, rec->mount_point, sizeof(link_path)); strlcat(link_path, "/unencrypted", sizeof(link_path)); if (symlink(tmp_mnt, link_path)) { ERROR("Error creating symlink to unencrypted directory\n"); return FS_MGR_MNTALL_FAIL; } return FS_MGR_MNTALL_DEV_NON_DEFAULT_FILE_ENCRYPTED; return FS_MGR_MNTALL_DEV_NON_DEFAULT_FILE_ENCRYPTED; } } Loading
init/builtins.cpp +26 −32 Original line number Original line Diff line number Diff line Loading @@ -29,7 +29,7 @@ #include <sys/wait.h> #include <sys/wait.h> #include <unistd.h> #include <unistd.h> #include <linux/loop.h> #include <linux/loop.h> #include <ext4_crypt.h> #include <ext4_crypt_init_extensions.h> #include <selinux/selinux.h> #include <selinux/selinux.h> #include <selinux/label.h> #include <selinux/label.h> Loading Loading @@ -385,18 +385,6 @@ static int wipe_data_via_recovery() while (1) { pause(); } // never reached while (1) { pause(); } // never reached } } /* * Callback to make a directory from the ext4 code */ static int do_mount_alls_make_dir(const char* dir) { if (make_dir(dir, 0700) && errno != EEXIST) { return -1; } return 0; } /* /* * This function might request a reboot, in which case it will * This function might request a reboot, in which case it will * not return. * not return. Loading Loading @@ -452,6 +440,7 @@ int do_mount_all(int nargs, char **args) property_set("vold.decrypt", "trigger_encryption"); property_set("vold.decrypt", "trigger_encryption"); } else if (ret == FS_MGR_MNTALL_DEV_MIGHT_BE_ENCRYPTED) { } else if (ret == FS_MGR_MNTALL_DEV_MIGHT_BE_ENCRYPTED) { property_set("ro.crypto.state", "encrypted"); property_set("ro.crypto.state", "encrypted"); property_set("ro.crypto.type", "block"); property_set("vold.decrypt", "trigger_default_encryption"); property_set("vold.decrypt", "trigger_default_encryption"); } else if (ret == FS_MGR_MNTALL_DEV_NOT_ENCRYPTED) { } else if (ret == FS_MGR_MNTALL_DEV_NOT_ENCRYPTED) { property_set("ro.crypto.state", "unencrypted"); property_set("ro.crypto.state", "unencrypted"); Loading @@ -465,26 +454,11 @@ int do_mount_all(int nargs, char **args) ret = wipe_data_via_recovery(); ret = wipe_data_via_recovery(); /* If reboot worked, there is no return. */ /* If reboot worked, there is no return. */ } else if (ret == FS_MGR_MNTALL_DEV_DEFAULT_FILE_ENCRYPTED) { } else if (ret == FS_MGR_MNTALL_DEV_DEFAULT_FILE_ENCRYPTED) { // We have to create the key files here. Only init can call make_dir, // and we can't do it from fs_mgr as then fs_mgr would depend on // make_dir creating a circular dependency. fstab = fs_mgr_read_fstab(args[1]); for (int i = 0; i < fstab->num_entries; ++i) { if (fs_mgr_is_file_encrypted(&fstab->recs[i])) { if (e4crypt_create_device_key(fstab->recs[i].mount_point, do_mount_alls_make_dir)) { ERROR("Could not create device key on %s" " - continue unencrypted\n", fstab->recs[i].mount_point); } } } fs_mgr_free_fstab(fstab); if (e4crypt_install_keyring()) { if (e4crypt_install_keyring()) { return -1; return -1; } } property_set("ro.crypto.state", "encrypted"); property_set("ro.crypto.state", "encrypted"); property_set("ro.crypto.type", "file"); // Although encrypted, we have device key, so we do not need to // Although encrypted, we have device key, so we do not need to // do anything different from the nonencrypted case. // do anything different from the nonencrypted case. Loading @@ -494,6 +468,7 @@ int do_mount_all(int nargs, char **args) return -1; return -1; } } property_set("ro.crypto.state", "encrypted"); property_set("ro.crypto.state", "encrypted"); property_set("ro.crypto.type", "file"); property_set("vold.decrypt", "trigger_restart_min_framework"); property_set("vold.decrypt", "trigger_restart_min_framework"); } else if (ret > 0) { } else if (ret > 0) { ERROR("fs_mgr_mount_all returned unexpected error %d\n", ret); ERROR("fs_mgr_mount_all returned unexpected error %d\n", ret); Loading Loading @@ -840,11 +815,30 @@ int do_wait(int nargs, char **args) return -1; return -1; } } int do_installkey(int nargs, char **args) /* * Callback to make a directory from the ext4 code */ static int do_installkeys_ensure_dir_exists(const char* dir) { { if (nargs == 2) { if (make_dir(dir, 0700) && errno != EEXIST) { return e4crypt_install_key(args[1]); return -1; } return 0; } } int do_installkey(int nargs, char **args) { if (nargs != 2) { return -1; return -1; } } char prop_value[PROP_VALUE_MAX] = {0}; property_get("ro.crypto.type", prop_value); if (strcmp(prop_value, "file")) { return 0; } return e4crypt_create_device_key(args[1], do_installkeys_ensure_dir_exists); }
rootdir/init.rc +5 −3 Original line number Original line Diff line number Diff line Loading @@ -220,14 +220,17 @@ on post-fs mkdir /cache/lost+found 0770 root root mkdir /cache/lost+found 0770 root root on post-fs-data on post-fs-data installkey /data # We chown/chmod /data again so because mount is run as root + defaults # We chown/chmod /data again so because mount is run as root + defaults chown system system /data chown system system /data chmod 0771 /data chmod 0771 /data # We restorecon /data in case the userdata partition has been reset. # We restorecon /data in case the userdata partition has been reset. restorecon /data restorecon /data # Make sure we have the device encryption key start logd start vold installkey /data # Start bootcharting as soon as possible after the data partition is # Start bootcharting as soon as possible after the data partition is # mounted to collect more data. # mounted to collect more data. mkdir /data/bootchart 0755 shell shell mkdir /data/bootchart 0755 shell shell Loading Loading @@ -449,7 +452,6 @@ on property:vold.decrypt=trigger_restart_min_framework class_start main class_start main on property:vold.decrypt=trigger_restart_framework on property:vold.decrypt=trigger_restart_framework installkey /data class_start main class_start main class_start late_start class_start late_start Loading
