diff options
Diffstat (limited to 'libfscrypt/fscrypt.cpp')
-rw-r--r-- | libfscrypt/fscrypt.cpp | 19 |
1 files changed, 11 insertions, 8 deletions
diff --git a/libfscrypt/fscrypt.cpp b/libfscrypt/fscrypt.cpp index a52ed90c..f6e97f11 100644 --- a/libfscrypt/fscrypt.cpp +++ b/libfscrypt/fscrypt.cpp @@ -98,7 +98,7 @@ static void log_ls(const char* dirname) { std::array<const char*, 3> argv = {"ls", "-laZ", dirname}; int status = 0; auto res = - logwrap_fork_execvp(argv.size(), argv.data(), &status, false, LOG_ALOG, false, nullptr); + logwrap_fork_execvp(argv.size(), argv.data(), &status, false, LOG_ALOG, false, nullptr); if (res != 0) { PLOG(ERROR) << argv[0] << " " << argv[1] << " " << argv[2] << "failed"; return; @@ -196,16 +196,14 @@ bool ParseOptionsForApiLevel(unsigned int first_api_level, const std::string& op } else { options->filenames_mode = FSCRYPT_MODE_AES_256_CTS; } - if (parts.size() > 1 && !parts[1].empty()){ + if (parts.size() > 1 && !parts[1].empty()) { if (!LookupModeByName(filenames_modes, parts[1], &options->filenames_mode)) { LOG(ERROR) << "Invalid file names encryption mode: " << parts[1]; return false; } } // Default to v2 after Q - constexpr unsigned int pre_gki_level = 29; - auto is_gki = first_api_level > pre_gki_level; - options->version = is_gki ? 2 : 1; + options->version = first_api_level > __ANDROID_API_Q__ ? 2 : 1; options->flags = 0; options->use_hw_wrapped_key = false; if (parts.size() > 2 && !parts[2].empty()) { @@ -234,7 +232,8 @@ bool ParseOptionsForApiLevel(unsigned int first_api_level, const std::string& op // For everything else, use 16-byte padding. This is more secure (it helps // hide the length of filenames), and it makes the inputs evenly divisible // into cipher blocks which is more efficient for encryption and decryption. - if (!is_gki && options->version == 1 && options->filenames_mode == FSCRYPT_MODE_AES_256_CTS) { + if (first_api_level <= __ANDROID_API_Q__ && options->version == 1 && + options->filenames_mode == FSCRYPT_MODE_AES_256_CTS) { options->flags |= FSCRYPT_POLICY_FLAGS_PAD_4; } else { options->flags |= FSCRYPT_POLICY_FLAGS_PAD_16; @@ -245,12 +244,16 @@ bool ParseOptionsForApiLevel(unsigned int first_api_level, const std::string& op // encryption modes. if (options->contents_mode == FSCRYPT_MODE_ADIANTUM) { if (options->filenames_mode != FSCRYPT_MODE_ADIANTUM) { - LOG(ERROR) << "Adiantum must be both contents and filenames mode or neither, invalid options: " << options_string; + LOG(ERROR) << "Adiantum must be both contents and filenames mode or neither, invalid " + "options: " + << options_string; return false; } options->flags |= FSCRYPT_POLICY_FLAG_DIRECT_KEY; } else if (options->filenames_mode == FSCRYPT_MODE_ADIANTUM) { - LOG(ERROR) << "Adiantum must be both contents and filenames mode or neither, invalid options: " << options_string; + LOG(ERROR) + << "Adiantum must be both contents and filenames mode or neither, invalid options: " + << options_string; return false; } |