init: use libfscrypt for file-based encryption setup

The file-based encryption setup code is being refactored into its own library because it applies to both ext4 and f2fs, not just ext4. Update init to use the new location. For fs_mgr, just remove the include of ext4_crypt_init_extensions.h since it was unneeded. Test: built, booted device with f2fs encryption Change-Id: I392a763e3349f001bdbc09eb9ca975aa3451fd68
2018-10-23 13:10:33 -07:00 · 2018-10-23 13:10:33 -07:00 · f05da4a4be
parent dd85c74655
commit f05da4a4be
4 changed files with 14 additions and 13 deletions
--- a/fs_mgr/fs_mgr.cpp
+++ b/fs_mgr/fs_mgr.cpp
@ -50,7 +50,6 @@
 #include <cutils/partition_utils.h>
 #include <cutils/properties.h>
 #include <ext4_utils/ext4.h>
-#include <ext4_utils/ext4_crypt_init_extensions.h>
 #include <ext4_utils/ext4_sb.h>
 #include <ext4_utils/ext4_utils.h>
 #include <ext4_utils/wipe.h>
--- a/init/Android.bp
+++ b/init/Android.bp
@ -74,6 +74,7 @@ cc_defaults {
        "libdl",
        "libext4_utils",
        "libfs_mgr",
+        "libfscrypt",
        "libhidl-gen-utils",
        "libkeyutils",
        "liblog",
--- a/init/Android.mk
+++ b/init/Android.mk
@ -73,6 +73,7 @@ LOCAL_STATIC_LIBRARIES := \
    libsquashfs_utils \
    liblogwrap \
    libext4_utils \
+    libfscrypt \
    libseccomp_policy \
    libcrypto_utils \
    libsparse \
--- a/init/builtins.cpp
+++ b/init/builtins.cpp
@ -50,9 +50,9 @@
 #include <android-base/unique_fd.h>
 #include <bootloader_message/bootloader_message.h>
 #include <cutils/android_reboot.h>
-#include <ext4_utils/ext4_crypt.h>
-#include <ext4_utils/ext4_crypt_init_extensions.h>
 #include <fs_mgr.h>
+#include <fscrypt/fscrypt.h>
+#include <fscrypt/fscrypt_init_extensions.h>
 #include <selinux/android.h>
 #include <selinux/label.h>
 #include <selinux/selinux.h>
@ -307,8 +307,8 @@ static Result<Success> do_mkdir(const BuiltinArguments& args) {
        }
    }

-    if (e4crypt_is_native()) {
-        if (e4crypt_set_directory_policy(args[1].c_str())) {
+    if (fscrypt_is_native()) {
+        if (fscrypt_set_directory_policy(args[1].c_str())) {
            return reboot_into_recovery(
                {"--prompt_and_wipe_data", "--reason=set_policy_failed:"s + args[1]});
        }
@ -517,8 +517,8 @@ static Result<Success> queue_fs_event(int code) {
        return reboot_into_recovery(options);
        /* If reboot worked, there is no return. */
    } else if (code == FS_MGR_MNTALL_DEV_FILE_ENCRYPTED) {
-        if (e4crypt_install_keyring()) {
-            return Error() << "e4crypt_install_keyring() failed";
+        if (fscrypt_install_keyring()) {
+            return Error() << "fscrypt_install_keyring() failed";
        }
        property_set("ro.crypto.state", "encrypted");
        property_set("ro.crypto.type", "file");
@ -528,8 +528,8 @@ static Result<Success> queue_fs_event(int code) {
        ActionManager::GetInstance().QueueEventTrigger("nonencrypted");
        return Success();
    } else if (code == FS_MGR_MNTALL_DEV_IS_METADATA_ENCRYPTED) {
-        if (e4crypt_install_keyring()) {
-            return Error() << "e4crypt_install_keyring() failed";
+        if (fscrypt_install_keyring()) {
+            return Error() << "fscrypt_install_keyring() failed";
        }
        property_set("ro.crypto.state", "encrypted");
        property_set("ro.crypto.type", "file");
@ -539,8 +539,8 @@ static Result<Success> queue_fs_event(int code) {
        ActionManager::GetInstance().QueueEventTrigger("nonencrypted");
        return Success();
    } else if (code == FS_MGR_MNTALL_DEV_NEEDS_METADATA_ENCRYPTION) {
-        if (e4crypt_install_keyring()) {
-            return Error() << "e4crypt_install_keyring() failed";
+        if (fscrypt_install_keyring()) {
+            return Error() << "fscrypt_install_keyring() failed";
        }
        property_set("ro.crypto.state", "encrypted");
        property_set("ro.crypto.type", "file");
@ -1016,7 +1016,7 @@ static Result<Success> ExecWithRebootOnFailure(const std::string& reboot_reason,
    }
    service->AddReapCallback([reboot_reason](const siginfo_t& siginfo) {
        if (siginfo.si_code != CLD_EXITED || siginfo.si_status != 0) {
-            if (e4crypt_is_native()) {
+            if (fscrypt_is_native()) {
                LOG(ERROR) << "Rebooting into recovery, reason: " << reboot_reason;
                if (auto result = reboot_into_recovery(
                            {"--prompt_and_wipe_data", "--reason="s + reboot_reason});
@ -1038,7 +1038,7 @@ static Result<Success> ExecWithRebootOnFailure(const std::string& reboot_reason,
 static Result<Success> do_installkey(const BuiltinArguments& args) {
    if (!is_file_crypto()) return Success();

-    auto unencrypted_dir = args[1] + e4crypt_unencrypted_folder;
+    auto unencrypted_dir = args[1] + fscrypt_unencrypted_folder;
    if (!make_dir(unencrypted_dir, 0700) && errno != EEXIST) {
        return ErrnoError() << "Failed to create " << unencrypted_dir;
    }