openkylin
/
platform_system_core
mirror of https://gitee.com/openkylin/platform_system_core.git
9
0
Fork 0
Code Issues Projects Releases Wiki Activity

Merge "init: use libfscrypt for file-based encryption setup"

This commit is contained in:
Eric Biggers 2018-10-29 17:19:39 +00:00 committed by Gerrit Code Review
parent 959aea7eae f05da4a4be
commit 82c6ba74e2
4 changed files with 14 additions and 13 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
fs_mgr/fs_mgr.cpp
View File

@ -50,7 +50,6 @@
#include <cutils/partition_utils.h>
#include <cutils/properties.h>
#include <ext4_utils/ext4.h>
#include <ext4_utils/ext4_crypt_init_extensions.h>
#include <ext4_utils/ext4_sb.h>
#include <ext4_utils/ext4_utils.h>
#include <ext4_utils/wipe.h>

1
init/Android.bp
View File

@ -74,6 +74,7 @@ cc_defaults {
"libdl",
"libext4_utils",
"libfs_mgr",
"libfscrypt",
"libhidl-gen-utils",
"libkeyutils",
"liblog",

1
init/Android.mk
View File

@ -73,6 +73,7 @@ LOCAL_STATIC_LIBRARIES := \
libsquashfs_utils \
liblogwrap \
libext4_utils \
libfscrypt \
libseccomp_policy \
libcrypto_utils \
libsparse \

24
init/builtins.cpp
View File

@ -50,9 +50,9 @@
#include <android-base/unique_fd.h>
#include <bootloader_message/bootloader_message.h>
#include <cutils/android_reboot.h>
#include <ext4_utils/ext4_crypt.h>
#include <ext4_utils/ext4_crypt_init_extensions.h>
#include <fs_mgr.h>
#include <fscrypt/fscrypt.h>
#include <fscrypt/fscrypt_init_extensions.h>
#include <selinux/android.h>
#include <selinux/label.h>
#include <selinux/selinux.h>
@ -307,8 +307,8 @@ static Result<Success> do_mkdir(const BuiltinArguments& args) {
}
}
if (e4crypt_is_native()) {
if (e4crypt_set_directory_policy(args[1].c_str())) {
if (fscrypt_is_native()) {
if (fscrypt_set_directory_policy(args[1].c_str())) {
return reboot_into_recovery(
{"--prompt_and_wipe_data", "--reason=set_policy_failed:"s + args[1]});
}
@ -517,8 +517,8 @@ static Result<Success> queue_fs_event(int code) {
return reboot_into_recovery(options);
/* If reboot worked, there is no return. */
} else if (code == FS_MGR_MNTALL_DEV_FILE_ENCRYPTED) {
if (e4crypt_install_keyring()) {
return Error() << "e4crypt_install_keyring() failed";
if (fscrypt_install_keyring()) {
return Error() << "fscrypt_install_keyring() failed";
}
property_set("ro.crypto.state", "encrypted");
property_set("ro.crypto.type", "file");
@ -528,8 +528,8 @@ static Result<Success> queue_fs_event(int code) {
ActionManager::GetInstance().QueueEventTrigger("nonencrypted");
return Success();
} else if (code == FS_MGR_MNTALL_DEV_IS_METADATA_ENCRYPTED) {
if (e4crypt_install_keyring()) {
return Error() << "e4crypt_install_keyring() failed";
if (fscrypt_install_keyring()) {
return Error() << "fscrypt_install_keyring() failed";
}
property_set("ro.crypto.state", "encrypted");
property_set("ro.crypto.type", "file");
@ -539,8 +539,8 @@ static Result<Success> queue_fs_event(int code) {
ActionManager::GetInstance().QueueEventTrigger("nonencrypted");
return Success();
} else if (code == FS_MGR_MNTALL_DEV_NEEDS_METADATA_ENCRYPTION) {
if (e4crypt_install_keyring()) {
return Error() << "e4crypt_install_keyring() failed";
if (fscrypt_install_keyring()) {
return Error() << "fscrypt_install_keyring() failed";
}
property_set("ro.crypto.state", "encrypted");
property_set("ro.crypto.type", "file");
@ -1016,7 +1016,7 @@ static Result<Success> ExecWithRebootOnFailure(const std::string& reboot_reason,
}
service->AddReapCallback([reboot_reason](const siginfo_t& siginfo) {
if (siginfo.si_code != CLD_EXITED || siginfo.si_status != 0) {
if (e4crypt_is_native()) {
if (fscrypt_is_native()) {
LOG(ERROR) << "Rebooting into recovery, reason: " << reboot_reason;
if (auto result = reboot_into_recovery(
{"--prompt_and_wipe_data", "--reason="s + reboot_reason});
@ -1038,7 +1038,7 @@ static Result<Success> ExecWithRebootOnFailure(const std::string& reboot_reason,
static Result<Success> do_installkey(const BuiltinArguments& args) {
if (!is_file_crypto()) return Success();
auto unencrypted_dir = args[1] + e4crypt_unencrypted_folder;
auto unencrypted_dir = args[1] + fscrypt_unencrypted_folder;
if (!make_dir(unencrypted_dir, 0700) && errno != EEXIST) {
return ErrnoError() << "Failed to create " << unencrypted_dir;
}