diff options
author | Paul Crowley <paulcrowley@google.com> | 2019-09-11 14:57:45 -0700 |
---|---|---|
committer | Paul Crowley <paulcrowley@google.com> | 2019-09-17 18:44:15 +0000 |
commit | ef17b323e8be065ed9fbcd1ea863d72e63488fc0 (patch) | |
tree | 7f576cde77f3f4fcd25c255fbb2d2f32a7c0c960 | |
parent | fd07f4b8a90ebca747ced73f73d4ecef35b2163d (diff) | |
download | extras-android10-mainline-media-release.tar.gz |
Add a per-boot-key policy reference, apply to per_bootandroid-mainline-10.0.0_r9android-mainline-10.0.0_r7android-mainline-10.0.0_r5android-mainline-10.0.0_r4android-mainline-10.0.0_r10android-10.0.0_r36android-10.0.0_r35android-10.0.0_r34android-10.0.0_r33android-10.0.0_r32android-10.0.0_r31android-10.0.0_r30android10-qpr2-s4-releaseandroid10-qpr2-s3-releaseandroid10-qpr2-s2-releaseandroid10-qpr2-s1-releaseandroid10-qpr2-releaseandroid10-qpr1-mainline-releaseandroid10-mainline-media-release
Includes changes picked from aosp/1119783
570d20d2ac875198416dff280b7a4b7adaacac81 in platform/system/core
Bug: 140882488
Test: Booted twice, checked logs to ensure encryption
is different each time, adb created files in directory.
Cherry-Picked-From: ab3085004e35cff9517fcedb03317f3f1ac84cf9
Merged-In: I5c962edb316d160dd09c0df893912c6b257d7810
Change-Id: I5c962edb316d160dd09c0df893912c6b257d7810
-rw-r--r-- | libfscrypt/fscrypt_init_extensions.cpp | 19 | ||||
-rw-r--r-- | libfscrypt/include/fscrypt/fscrypt.h | 1 |
2 files changed, 15 insertions, 5 deletions
diff --git a/libfscrypt/fscrypt_init_extensions.cpp b/libfscrypt/fscrypt_init_extensions.cpp index 9781267c..2fd70e79 100644 --- a/libfscrypt/fscrypt_init_extensions.cpp +++ b/libfscrypt/fscrypt_init_extensions.cpp @@ -39,7 +39,7 @@ static const std::string arbitrary_sequence_number = "42"; -static int set_system_de_policy_on(char const* dir); +static int set_policy_on(char const* ref_basename, char const* dir); int fscrypt_install_keyring() { @@ -65,7 +65,7 @@ int fscrypt_set_directory_policy(const char* dir) // Special-case /data/media/obb per b/64566063 if (strcmp(dir, "/data/media/obb") == 0) { // Try to set policy on this directory, but if it is non-empty this may fail. - set_system_de_policy_on(dir); + set_policy_on(fscrypt_key_ref, dir); return 0; } @@ -97,11 +97,20 @@ int fscrypt_set_directory_policy(const char* dir) return 0; } } - return set_system_de_policy_on(dir); + std::vector<std::string> per_boot_directories = { + "per_boot", + }; + for (const auto& d : per_boot_directories) { + if ((prefix + d) == dir) { + LOG(INFO) << "Setting per_boot key on " << dir; + return set_policy_on(fscrypt_key_per_boot_ref, dir); + } + } + return set_policy_on(fscrypt_key_ref, dir); } -static int set_system_de_policy_on(char const* dir) { - std::string ref_filename = std::string("/data") + fscrypt_key_ref; +static int set_policy_on(char const* ref_basename, char const* dir) { + std::string ref_filename = std::string("/data") + ref_basename; std::string policy; if (!android::base::ReadFileToString(ref_filename, &policy)) { LOG(ERROR) << "Unable to read system policy to set on " << dir; diff --git a/libfscrypt/include/fscrypt/fscrypt.h b/libfscrypt/include/fscrypt/fscrypt.h index 8a68b935..ff82d47a 100644 --- a/libfscrypt/include/fscrypt/fscrypt.h +++ b/libfscrypt/include/fscrypt/fscrypt.h @@ -32,6 +32,7 @@ int fscrypt_policy_ensure(const char *directory, const char *policy, static const char* fscrypt_unencrypted_folder = "/unencrypted"; static const char* fscrypt_key_ref = "/unencrypted/ref"; +static const char* fscrypt_key_per_boot_ref = "/unencrypted/per_boot_ref"; static const char* fscrypt_key_mode = "/unencrypted/mode"; __END_DECLS |