Merge "Add force_encrypt flag to fstab to force encryption on appropriate devices" (8d176e6b) · Commits · e / os / android_system_core

fs_mgr/fs_mgr.c

+4 −30

Original line number	Diff line number	Diff line
		@@ -54,32 +54,6 @@

		#define ARRAY_SIZE(a) (sizeof(a) / sizeof(*(a)))

		/**
		* TODO - Remove to enable always on encryption for all devices
		* This limits the machines on which this feature is enabled
		* Remove call from fs_mgr_mount_all as well
		*/
		static const char* serial_numbers[] = {
		"039b83b8437e9637",
		0
		};

		static int serial_matches()
		{
		char tmp[PROP_VALUE_MAX];
		*tmp = 0;
		__system_property_get("ro.serialno", tmp);

		const char** i;
		for (i = serial_numbers; *i; ++i) {
		if (!strcmp(*i, tmp)) {
		return 1;
		}
		}

		return 0;
		}

		/*
		* gettime() - returns the time in seconds of the system's monotonic clock or
		* zero on error.
		@@ -291,8 +265,8 @@ int fs_mgr_mount_all(struct fstab *fstab)

		if (!mret) {
		/* If this is encryptable, need to trigger encryption */
		if ((fstab->recs[i].fs_mgr_flags & MF_CRYPT)) {
		if (serial_matches() && umount(fstab->recs[i].mount_point) == 0) {
		if ((fstab->recs[i].fs_mgr_flags & MF_FORCECRYPT)) {
		if (umount(fstab->recs[i].mount_point) == 0) {
		if (!encryptable) {
		encryptable = 2;
		} else {
		@@ -314,7 +288,7 @@ int fs_mgr_mount_all(struct fstab *fstab)
		mount_errno = errno;
		/* mount(2) returned an error, check if it's encryptable and deal with it */
		if (mount_errno != EBUSY && mount_errno != EACCES &&
		(fstab->recs[i].fs_mgr_flags & MF_CRYPT) &&
		(fstab->recs[i].fs_mgr_flags & (MF_CRYPT \| MF_FORCECRYPT)) &&
		!partition_wiped(fstab->recs[i].blk_device)) {
		/* Need to mount a tmpfs at this mountpoint for now, and set
		* properties that vold will query later for decrypting
		@@ -556,7 +530,7 @@ int fs_mgr_get_crypt_info(struct fstab fstab, char key_loc, char *real_blk_dev
		if (fstab->recs[i].fs_mgr_flags & MF_VOLDMANAGED) {
		continue;
		}
		if (!(fstab->recs[i].fs_mgr_flags & MF_CRYPT)) {
		if (!(fstab->recs[i].fs_mgr_flags & (MF_CRYPT \| MF_FORCECRYPT))) {
		continue;
		}

fs_mgr/fs_mgr_fstab.c

+7 −1

Original line number	Diff line number	Diff line
		@@ -59,6 +59,7 @@ static struct flag_list fs_mgr_flags[] = {
		{ "wait", MF_WAIT },
		{ "check", MF_CHECK },
		{ "encryptable=",MF_CRYPT },
		{ "forceencrypt=",MF_FORCECRYPT },
		{ "nonremovable",MF_NONREMOVABLE },
		{ "voldmanaged=",MF_VOLDMANAGED},
		{ "length=", MF_LENGTH },
		@@ -106,6 +107,11 @@ static int parse_flags(char flags, struct flag_list fl,
		* location of the keys. Get it and return it.
		*/
		flag_vals->key_loc = strdup(strchr(p, '=') + 1);
		} else if ((fl[i].flag == MF_FORCECRYPT) && flag_vals) {
		/* The forceencrypt flag is followed by an = and the
		* location of the keys. Get it and return it.
		*/
		flag_vals->key_loc = strdup(strchr(p, '=') + 1);
		} else if ((fl[i].flag == MF_LENGTH) && flag_vals) {
		/* The length flag is followed by an = and the
		* size of the partition. Get it and return it.
		@@ -394,7 +400,7 @@ int fs_mgr_is_nonremovable(struct fstab_rec *fstab)

		int fs_mgr_is_encryptable(struct fstab_rec *fstab)
		{
		return fstab->fs_mgr_flags & MF_CRYPT;
		return fstab->fs_mgr_flags & (MF_CRYPT \| MF_FORCECRYPT);
		}

		int fs_mgr_is_noemulatedsd(struct fstab_rec *fstab)

fs_mgr/fs_mgr_priv.h

+1 −0

Original line number	Diff line number	Diff line
		@@ -72,6 +72,7 @@
		#define MF_SWAPPRIO 0x80
		#define MF_ZRAMSIZE 0x100
		#define MF_VERIFY 0x200
		#define MF_FORCECRYPT 0x400
		/*
		* There is no emulated sdcard daemon running on /data/media on this device,
		* so treat the physical SD card as the only external storage device,