diff options
author | Eric Biggers <ebiggers@google.com> | 2020-08-10 11:19:06 -0700 |
---|---|---|
committer | Eric Biggers <ebiggers@google.com> | 2020-08-10 11:43:11 -0700 |
commit | 1cb56293ed4297d18000a646336b7edbc0975fd0 (patch) | |
tree | 29f4981af32f8c89d948e311156df26015cbff49 /libfscrypt | |
parent | 274bec3dc70f1b356ad360e08ff8c38f22b7003a (diff) | |
download | extras-1cb56293ed4297d18000a646336b7edbc0975fd0.tar.gz |
libfscrypt: use __ANDROID_API_Q__ instead of pre_gki_level
The name "pre_gki_level" is causing some confusion because not all
devices launching with Android R are subject to the GKI requirement.
(See b/161563110#comment11.) E.g., devices that use a 4.14-based kernel
are exempt from GKI. However, the encryption requirements still apply.
Just use __ANDROID_API_Q__ directly instead.
No change in behavior.
Change-Id: I25a214ed46a68970f410327a480288ef1961af10
Diffstat (limited to 'libfscrypt')
-rw-r--r-- | libfscrypt/fscrypt.cpp | 7 |
1 files changed, 3 insertions, 4 deletions
diff --git a/libfscrypt/fscrypt.cpp b/libfscrypt/fscrypt.cpp index a52ed90c..7126b5ce 100644 --- a/libfscrypt/fscrypt.cpp +++ b/libfscrypt/fscrypt.cpp @@ -203,9 +203,7 @@ bool ParseOptionsForApiLevel(unsigned int first_api_level, const std::string& op } } // Default to v2 after Q - constexpr unsigned int pre_gki_level = 29; - auto is_gki = first_api_level > pre_gki_level; - options->version = is_gki ? 2 : 1; + options->version = first_api_level > __ANDROID_API_Q__ ? 2 : 1; options->flags = 0; options->use_hw_wrapped_key = false; if (parts.size() > 2 && !parts[2].empty()) { @@ -234,7 +232,8 @@ bool ParseOptionsForApiLevel(unsigned int first_api_level, const std::string& op // For everything else, use 16-byte padding. This is more secure (it helps // hide the length of filenames), and it makes the inputs evenly divisible // into cipher blocks which is more efficient for encryption and decryption. - if (!is_gki && options->version == 1 && options->filenames_mode == FSCRYPT_MODE_AES_256_CTS) { + if (first_api_level <= __ANDROID_API_Q__ && options->version == 1 && + options->filenames_mode == FSCRYPT_MODE_AES_256_CTS) { options->flags |= FSCRYPT_POLICY_FLAGS_PAD_4; } else { options->flags |= FSCRYPT_POLICY_FLAGS_PAD_16; |