Gitiles
Code Review Sign In
review.shift-gmbh.com / SHIFTPHONES / android_system_vold / 0fd2626fc3457e4013a9949190c45aa5fb00c5d3^! / . / VoldNativeService.cpp
commit0fd2626fc3457e4013a9949190c45aa5fb00c5d3[log] [tgz]
authorPaul Crowley <paulcrowley@google.com>Tue Jan 30 09:48:19 2018 -0800
committerPaul Crowley <paulcrowley@google.com>Thu Feb 01 10:08:17 2018 -0800
treefadf3aed43f4fecb94ca1fc48cceebbe5b5eba8d
parent772cc85d712dd36e1a328bf6d2518103e1763f07 [diff] [blame]
Add a mount with metadata encryption service

Don't use the FDE flow to support metadata encryption; just provide a
vold service which directly mounts the volume and use that.

Bug: 63927601
Test: Boot Taimen to SUW with and without metadata encryption.
Change-Id: Ifc6a012c02c0ea66893020ed1d0da4cba6914aed

diff --git a/VoldNativeService.cpp b/VoldNativeService.cpp
index f7637fd..f4961ce 100644
--- a/VoldNativeService.cpp
+++ b/VoldNativeService.cpp

@@ -247,16 +247,6 @@
     return translate(VolumeManager::Instance()->shutdown());
 }
 
-binder::Status VoldNativeService::mountAll() {
-    ENFORCE_UID(AID_SYSTEM);
-    ACQUIRE_LOCK;
-
-    struct fstab* fstab = fs_mgr_read_fstab_default();
-    int res = fs_mgr_mount_all(fstab, MOUNT_MODE_DEFAULT);
-    fs_mgr_free_fstab(fstab);
-    return translate(res);
-}
-
 binder::Status VoldNativeService::onUserAdded(int32_t userId, int32_t userSerial) {
     ENFORCE_UID(AID_SYSTEM);
     ACQUIRE_LOCK;
@@ -577,12 +567,12 @@
     ENFORCE_UID(AID_SYSTEM);
     ACQUIRE_CRYPT_LOCK;
 
+    LOG(DEBUG) << "fdeEnable(" << passwordType << ", *, " << encryptionFlags << ")";
     if (e4crypt_is_native()) {
-        if (passwordType != PASSWORD_TYPE_DEFAULT) {
-            return error("Unexpected password type");
-        }
-        return translateBool(e4crypt_enable_crypto());
+        LOG(ERROR) << "e4crypt_is_native, fdeEnable invalid";
+        return error("e4crypt_is_native, fdeEnable invalid");
     }
+    LOG(DEBUG) << "!e4crypt_is_native, spawning fdeEnableInternal";
 
     // Spawn as thread so init can issue commands back to vold without
     // causing deadlock, usually as a result of prep_data_fs.
@@ -665,14 +655,12 @@
     ENFORCE_UID(AID_SYSTEM);
     ACQUIRE_CRYPT_LOCK;
 
-    if (e4crypt_is_native()) {
-        return translateBool(e4crypt_mount_metadata_encrypted());
-    } else {
+    if (!e4crypt_is_native()) {
         // Spawn as thread so init can issue commands back to vold without
         // causing deadlock, usually as a result of prep_data_fs.
         std::thread(&cryptfs_mount_default_encrypted).detach();
-        return ok();
     }
+    return ok();
 }
 
 binder::Status VoldNativeService::initUser0() {
@@ -690,6 +678,20 @@
     return ok();
 }
 
+binder::Status VoldNativeService::mountFstab(const std::string& mountPoint) {
+    ENFORCE_UID(AID_SYSTEM);
+    ACQUIRE_LOCK;
+
+    return translateBool(e4crypt_mount_metadata_encrypted(mountPoint, false));
+}
+
+binder::Status VoldNativeService::encryptFstab(const std::string& mountPoint) {
+    ENFORCE_UID(AID_SYSTEM);
+    ACQUIRE_LOCK;
+
+    return translateBool(e4crypt_mount_metadata_encrypted(mountPoint, true));
+}
+
 binder::Status VoldNativeService::createUserKey(int32_t userId, int32_t userSerial,
         bool ephemeral) {
     ENFORCE_UID(AID_SYSTEM);