diff options
-rw-r--r-- | libfscrypt/fscrypt_init_extensions.cpp | 19 | ||||
-rw-r--r-- | libfscrypt/include/fscrypt/fscrypt.h | 1 |
2 files changed, 15 insertions, 5 deletions
diff --git a/libfscrypt/fscrypt_init_extensions.cpp b/libfscrypt/fscrypt_init_extensions.cpp index 9781267c..2fd70e79 100644 --- a/libfscrypt/fscrypt_init_extensions.cpp +++ b/libfscrypt/fscrypt_init_extensions.cpp @@ -39,7 +39,7 @@ static const std::string arbitrary_sequence_number = "42"; -static int set_system_de_policy_on(char const* dir); +static int set_policy_on(char const* ref_basename, char const* dir); int fscrypt_install_keyring() { @@ -65,7 +65,7 @@ int fscrypt_set_directory_policy(const char* dir) // Special-case /data/media/obb per b/64566063 if (strcmp(dir, "/data/media/obb") == 0) { // Try to set policy on this directory, but if it is non-empty this may fail. - set_system_de_policy_on(dir); + set_policy_on(fscrypt_key_ref, dir); return 0; } @@ -97,11 +97,20 @@ int fscrypt_set_directory_policy(const char* dir) return 0; } } - return set_system_de_policy_on(dir); + std::vector<std::string> per_boot_directories = { + "per_boot", + }; + for (const auto& d : per_boot_directories) { + if ((prefix + d) == dir) { + LOG(INFO) << "Setting per_boot key on " << dir; + return set_policy_on(fscrypt_key_per_boot_ref, dir); + } + } + return set_policy_on(fscrypt_key_ref, dir); } -static int set_system_de_policy_on(char const* dir) { - std::string ref_filename = std::string("/data") + fscrypt_key_ref; +static int set_policy_on(char const* ref_basename, char const* dir) { + std::string ref_filename = std::string("/data") + ref_basename; std::string policy; if (!android::base::ReadFileToString(ref_filename, &policy)) { LOG(ERROR) << "Unable to read system policy to set on " << dir; diff --git a/libfscrypt/include/fscrypt/fscrypt.h b/libfscrypt/include/fscrypt/fscrypt.h index 8a68b935..ff82d47a 100644 --- a/libfscrypt/include/fscrypt/fscrypt.h +++ b/libfscrypt/include/fscrypt/fscrypt.h @@ -32,6 +32,7 @@ int fscrypt_policy_ensure(const char *directory, const char *policy, static const char* fscrypt_unencrypted_folder = "/unencrypted"; static const char* fscrypt_key_ref = "/unencrypted/ref"; +static const char* fscrypt_key_per_boot_ref = "/unencrypted/per_boot_ref"; static const char* fscrypt_key_mode = "/unencrypted/mode"; __END_DECLS |