Enable metadata encryption
Bug: 26778031
Test: Boots, reboots, sector 0 of userdata encrypted
Make sure an FDE device, both default and password protected,
boots.
Make sure an FBE device without metadata encryption boots.
Change-Id: Ic44a32ce7e9b978e9c9e2dc112b26206741c838d
diff --git a/MetadataCrypt.cpp b/MetadataCrypt.cpp
index b707549..91382da 100644
--- a/MetadataCrypt.cpp
+++ b/MetadataCrypt.cpp
@@ -212,34 +212,14 @@
// callers to this method must be async
/* Do the prep of the /data filesystem */
- property_set("vold.post_fs_data_done", "0");
property_set("vold.decrypt", "trigger_post_fs_data");
- LOG(DEBUG) << "Waiting for post_fs_data_done";
-
- /* Wait a max of 50 seconds, hopefully it takes much less */
- for (int i = 0; ; i++) {
- char p[PROPERTY_VALUE_MAX];
-
- property_get("vold.post_fs_data_done", p, "0");
- if (*p == '1') {
- LOG(INFO) << "Successful data prep";
- return true;
- }
- if (i + 1 == DATA_PREP_TIMEOUT) {
- LOG(ERROR) << "post_fs_data timed out";
- return false;
- }
- usleep(50000);
- }
+ property_set("vold.decrypt", "trigger_restart_framework");
+ return true;
}
static void async_kick_off() {
LOG(DEBUG) << "Asynchronously restarting framework";
- sleep(2); // TODO: this mirrors cryptfs, but can it be made shorter?
- property_set("vold.decrypt", "trigger_load_persist_props");
if (!prep_data_fs()) return;
- /* startup service classes main and late_start */
- property_set("vold.decrypt", "trigger_restart_framework");
}
bool e4crypt_mount_metadata_encrypted() {
@@ -306,7 +286,6 @@
property_set("ro.crypto.type", "file");
mount_via_fs_mgr(data_rec->mount_point, crypto_blkdev.c_str());
- property_set("vold.decrypt", "trigger_reset_main");
std::thread(&async_kick_off).detach();
return true;
}
diff --git a/cryptfs.cpp b/cryptfs.cpp
index 6319362..d5bfe6d 100644
--- a/cryptfs.cpp
+++ b/cryptfs.cpp
@@ -2826,6 +2826,7 @@
} else if (crypt_type != CRYPT_TYPE_DEFAULT) {
SLOGD("Password is not default - "
"starting min framework to prompt");
+ property_set("vold.decrypt", "trigger_post_fs_data");
property_set("vold.decrypt", "trigger_restart_min_framework");
return 0;
} else if (cryptfs_check_passwd(DEFAULT_PASSWORD) == 0) {
diff --git a/vdc.rc b/vdc.rc
index 4d51ced..9a95779 100644
--- a/vdc.rc
+++ b/vdc.rc
@@ -1,5 +1,6 @@
# One shot invocation to deal with encrypted volume.
on defaultcrypto
+ start vold
exec - root -- /system/bin/vdc --wait cryptfs mountdefaultencrypted
# vold will set vold.decrypt to trigger_restart_framework (default
# encryption) or trigger_restart_min_framework (other encryption)
@@ -7,6 +8,7 @@
# One shot invocation to encrypt unencrypted volumes
on encrypt
start surfaceflinger
+ start vold
exec - root -- /system/bin/vdc --wait cryptfs enablecrypto inplace default noui
# vold will set vold.decrypt to trigger_restart_framework (default
# encryption)