diff options
author | android-build-team Robot <android-build-team-robot@google.com> | 2019-09-19 03:10:20 +0000 |
---|---|---|
committer | android-build-team Robot <android-build-team-robot@google.com> | 2019-09-19 03:10:20 +0000 |
commit | 801d95ca3b71ecf297ce940624f0556d44bc63a2 (patch) | |
tree | 7f576cde77f3f4fcd25c255fbb2d2f32a7c0c960 | |
parent | 080d1da14881c179585656464e4e35441d5b20b6 (diff) | |
parent | ef17b323e8be065ed9fbcd1ea863d72e63488fc0 (diff) | |
download | extras-801d95ca3b71ecf297ce940624f0556d44bc63a2.tar.gz |
Snap for 5885124 from ef17b323e8be065ed9fbcd1ea863d72e63488fc0 to qt-qpr1-releaseandroid-10.0.0_r29android-10.0.0_r28android-10.0.0_r27android-10.0.0_r26android-10.0.0_r25android-10.0.0_r24android-10.0.0_r23android-10.0.0_r22android-10.0.0_r21android-10.0.0_r20android-10.0.0_r19android-10.0.0_r18android-10.0.0_r16android-10.0.0_r15android10-qpr1-releaseandroid10-qpr1-d-releaseandroid10-qpr1-c-s1-releaseandroid10-qpr1-c-releaseandroid10-qpr1-b-s1-releaseandroid10-qpr1-b-release
Change-Id: I7cd78bea3bf10c61d2653ecc50c8741e96a5b6be
-rw-r--r-- | libfscrypt/fscrypt_init_extensions.cpp | 19 | ||||
-rw-r--r-- | libfscrypt/include/fscrypt/fscrypt.h | 1 |
2 files changed, 15 insertions, 5 deletions
diff --git a/libfscrypt/fscrypt_init_extensions.cpp b/libfscrypt/fscrypt_init_extensions.cpp index 9781267c..2fd70e79 100644 --- a/libfscrypt/fscrypt_init_extensions.cpp +++ b/libfscrypt/fscrypt_init_extensions.cpp @@ -39,7 +39,7 @@ static const std::string arbitrary_sequence_number = "42"; -static int set_system_de_policy_on(char const* dir); +static int set_policy_on(char const* ref_basename, char const* dir); int fscrypt_install_keyring() { @@ -65,7 +65,7 @@ int fscrypt_set_directory_policy(const char* dir) // Special-case /data/media/obb per b/64566063 if (strcmp(dir, "/data/media/obb") == 0) { // Try to set policy on this directory, but if it is non-empty this may fail. - set_system_de_policy_on(dir); + set_policy_on(fscrypt_key_ref, dir); return 0; } @@ -97,11 +97,20 @@ int fscrypt_set_directory_policy(const char* dir) return 0; } } - return set_system_de_policy_on(dir); + std::vector<std::string> per_boot_directories = { + "per_boot", + }; + for (const auto& d : per_boot_directories) { + if ((prefix + d) == dir) { + LOG(INFO) << "Setting per_boot key on " << dir; + return set_policy_on(fscrypt_key_per_boot_ref, dir); + } + } + return set_policy_on(fscrypt_key_ref, dir); } -static int set_system_de_policy_on(char const* dir) { - std::string ref_filename = std::string("/data") + fscrypt_key_ref; +static int set_policy_on(char const* ref_basename, char const* dir) { + std::string ref_filename = std::string("/data") + ref_basename; std::string policy; if (!android::base::ReadFileToString(ref_filename, &policy)) { LOG(ERROR) << "Unable to read system policy to set on " << dir; diff --git a/libfscrypt/include/fscrypt/fscrypt.h b/libfscrypt/include/fscrypt/fscrypt.h index 8a68b935..ff82d47a 100644 --- a/libfscrypt/include/fscrypt/fscrypt.h +++ b/libfscrypt/include/fscrypt/fscrypt.h @@ -32,6 +32,7 @@ int fscrypt_policy_ensure(const char *directory, const char *policy, static const char* fscrypt_unencrypted_folder = "/unencrypted"; static const char* fscrypt_key_ref = "/unencrypted/ref"; +static const char* fscrypt_key_per_boot_ref = "/unencrypted/per_boot_ref"; static const char* fscrypt_key_mode = "/unencrypted/mode"; __END_DECLS |