Progress towards FBE and adoptable storage.
Offer to adopt storage devices on FBE devices, but keep it guarded
behind a system property for now, since we still need to work out key
storage details.
When migrating shared storage, leave user-specific /data/media
directories in place, since they already have the needed crypto
policies defined.
Enable journaling, quotas, and encrypt options when formatting
newly adopted devices. installd already gracefully handles older
partitions without quota enabled.
Test: cts-tradefed run commandAndExit cts-dev --abi armeabi-v7a -m CtsAppSecurityHostTestCases -t android.appsecurity.cts.AdoptableHostTest
Bug: 62290006, 36757864, 29117062, 37395736
Bug: 29923055, 25861755, 30230655, 37436961
Change-Id: Ibbeb6ec9db2394a279bbac221a2b20711d65494e
diff --git a/Disk.cpp b/Disk.cpp
index b424aba..9c22400 100644
--- a/Disk.cpp
+++ b/Disk.cpp
@@ -24,6 +24,7 @@
#include "Ext4Crypt.h"
#include <android-base/file.h>
+#include <android-base/properties.h>
#include <android-base/stringprintf.h>
#include <android-base/logging.h>
#include <diskconfig/diskconfig.h>
@@ -446,7 +447,8 @@
status_t Disk::partitionMixed(int8_t ratio) {
int res;
- if (e4crypt_is_native()) {
+ if (e4crypt_is_native()
+ && !android::base::GetBoolProperty("persist.sys.adoptable_fbe", false)) {
LOG(ERROR) << "Private volumes not yet supported on FBE devices";
return -EINVAL;
}
@@ -469,9 +471,14 @@
// We've had some success above, so generate both the private partition
// GUID and encryption key and persist them.
std::string partGuidRaw;
+ if (GenerateRandomUuid(partGuidRaw) != OK) {
+ LOG(ERROR) << "Failed to generate GUID";
+ return -EIO;
+ }
+
std::string keyRaw;
- if (ReadRandomBytes(16, partGuidRaw) || ReadRandomBytes(16, keyRaw)) {
- LOG(ERROR) << "Failed to generate GUID or key";
+ if (ReadRandomBytes(16, keyRaw) != OK) {
+ LOG(ERROR) << "Failed to generate key";
return -EIO;
}