Fail with an error if we can't read the policy for encryption

The absence of a policy reference in the unencrypted directory now
causes e4crypt_set_directory_policy to fail with an error. Callers
should call e4crypt_is_native (now moved into here) before calling this.

Bug: 28318405
Change-Id: I209292aba3abad3b19105c9afe2b84e8b3dd6874

3 files changed, 25 insertions, 5 deletions

diff --git a/ext4_utils/ext4_crypt.cpp b/ext4_utils/ext4_crypt.cpp
index 482c3e6b..be77b791 100644
--- a/ext4_utils/ext4_crypt.cpp
+++ b/ext4_utils/ext4_crypt.cpp
@@ -1,5 +1,17 @@
 /*
- * Copyright (c) 2015 Google, Inc.
+ * Copyright (C) 2015 The Android Open Source Project
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *      http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
  */
 
 #include "ext4_crypt.h"
@@ -16,6 +28,7 @@
 #include <sys/types.h>
 
 #include <android-base/logging.h>
+#include <cutils/properties.h>
 
 #define XATTR_NAME_ENCRYPTION_POLICY "encryption.policy"
 #define EXT4_KEYREF_DELIMITER ((char)'.')
@@ -42,6 +55,12 @@ struct ext4_encryption_policy {
 
 #define HEX_LOOKUP "0123456789abcdef"
 
+bool e4crypt_is_native() {
+    char value[PROPERTY_VALUE_MAX];
+    property_get("ro.crypto.type", value, "none");
+    return !strcmp(value, "file");
+}
+
 static void policy_to_hex(const char* policy, char* hex) {
     for (size_t i = 0, j = 0; i < EXT4_KEY_DESCRIPTOR_SIZE; i++) {
         hex[j++] = HEX_LOOKUP[(policy[i] & 0xF0) >> 4];
diff --git a/ext4_utils/ext4_crypt.h b/ext4_utils/ext4_crypt.h
index 4b0c1119..ddc09a71 100644
--- a/ext4_utils/ext4_crypt.h
+++ b/ext4_utils/ext4_crypt.h
@@ -20,6 +20,8 @@
 
 __BEGIN_DECLS
 
+bool e4crypt_is_native();
+
 int e4crypt_policy_ensure(const char *directory, const char* policy, size_t policy_length);
 
 static const char* e4crypt_unencrypted_folder = "/unencrypted";
diff --git a/ext4_utils/ext4_crypt_init_extensions.cpp b/ext4_utils/ext4_crypt_init_extensions.cpp
index dc6e1dc7..c6baea74 100644
--- a/ext4_utils/ext4_crypt_init_extensions.cpp
+++ b/ext4_utils/ext4_crypt_init_extensions.cpp
@@ -63,7 +63,7 @@ int e4crypt_create_device_key(const char* dir,
     init_logging();
 
     // Make sure folder exists. Use make_dir to set selinux permissions.
-    std::string unencrypted_dir = std::string(dir) + "/unencrypted";
+    std::string unencrypted_dir = std::string(dir) + e4crypt_unencrypted_folder;
     if (ensure_dir_exists(unencrypted_dir.c_str())) {
         KLOG_ERROR(TAG, "Failed to create %s (%s)\n",
                    unencrypted_dir.c_str(),
@@ -138,10 +138,9 @@ int e4crypt_set_directory_policy(const char* dir)
     std::string ref_filename = std::string("/data") + e4crypt_key_ref;
     std::string policy;
     if (!android::base::ReadFileToString(ref_filename, &policy)) {
-        KLOG_INFO(TAG, "Not file encrypted so no policy for %s\n", dir);
-        return 0;
+        KLOG_ERROR(TAG, "Unable to read system policy to set on %s\n", dir);
+        return -1;
     }
-
     KLOG_INFO(TAG, "Setting policy on %s\n", dir);
     int result = e4crypt_policy_ensure(dir, policy.c_str(), policy.size());
     if (result) {