Merge "Rename key_dir to metadata_key_dir and refactor" am: a7463139cd am: 8cf1eda025 am: 48c403b820
Change-Id: I4df8daf1210a31b4ae0e32ee8c04f8f7acdc827b
diff --git a/MetadataCrypt.cpp b/MetadataCrypt.cpp
index c621823..b7c7dff 100644
--- a/MetadataCrypt.cpp
+++ b/MetadataCrypt.cpp
@@ -106,19 +106,19 @@
}
static bool read_key(const FstabEntry& data_rec, bool create_if_absent, KeyBuffer* key) {
- if (data_rec.key_dir.empty()) {
- LOG(ERROR) << "Failed to get key_dir";
+ if (data_rec.metadata_key_dir.empty()) {
+ LOG(ERROR) << "Failed to get metadata_key_dir";
return false;
}
- std::string key_dir = data_rec.key_dir;
+ std::string metadata_key_dir = data_rec.metadata_key_dir;
std::string sKey;
- auto dir = key_dir + "/key";
- LOG(DEBUG) << "key_dir/key: " << dir;
+ auto dir = metadata_key_dir + "/key";
+ LOG(DEBUG) << "metadata_key_dir/key: " << dir;
if (fs_mkdirs(dir.c_str(), 0700)) {
PLOG(ERROR) << "Creating directories: " << dir;
return false;
}
- auto temp = key_dir + "/tmp";
+ auto temp = metadata_key_dir + "/tmp";
auto newKeyPath = dir + "/" + kFn_keymaster_key_blob_upgraded;
/* If we have a leftover upgraded key, delete it.
* We either failed an update and must return to the old key,
@@ -153,10 +153,10 @@
return true;
}
-static bool create_crypto_blk_dev(const std::string& dm_name, uint64_t nr_sec,
- const std::string& real_blkdev, const KeyBuffer& key,
- std::string* crypto_blkdev, bool set_dun) {
- auto& dm = DeviceMapper::Instance();
+static bool create_crypto_blk_dev(const std::string& dm_name, const FstabEntry* data_rec,
+ const KeyBuffer& key, std::string* crypto_blkdev) {
+ uint64_t nr_sec;
+ if (!get_number_of_sectors(data_rec->blk_device, &nr_sec)) return false;
KeyBuffer hex_key_buffer;
if (android::vold::StrToHex(key, hex_key_buffer) != android::OK) {
@@ -165,15 +165,23 @@
}
std::string hex_key(hex_key_buffer.data(), hex_key_buffer.size());
- DmTable table;
- table.Emplace<DmTargetDefaultKey>(0, nr_sec, "AES-256-XTS", hex_key, real_blkdev, 0, set_dun);
+ bool set_dun = android::base::GetBoolProperty("ro.crypto.set_dun", false);
+ if (!set_dun && data_rec->fs_mgr_flags.checkpoint_blk) {
+ LOG(ERROR) << "Block checkpoints and metadata encryption require ro.crypto.set_dun option";
+ return false;
+ }
+ DmTable table;
+ table.Emplace<DmTargetDefaultKey>(0, nr_sec, "AES-256-XTS", hex_key, data_rec->blk_device, 0,
+ set_dun);
+
+ auto& dm = DeviceMapper::Instance();
for (int i = 0;; i++) {
if (dm.CreateDevice(dm_name, table)) {
break;
}
if (i + 1 >= TABLE_LOAD_RETRIES) {
- LOG(ERROR) << "Could not create default-key device " << dm_name;
+ PLOG(ERROR) << "Could not create default-key device " << dm_name;
return false;
}
PLOG(INFO) << "Could not create default-key device, retrying";
@@ -198,25 +206,24 @@
auto data_rec = GetEntryForMountPoint(&fstab_default, mount_point);
if (!data_rec) {
- LOG(ERROR) << "Failed to get data_rec";
+ LOG(ERROR) << "Failed to get data_rec for " << mount_point;
+ return false;
+ }
+ if (blk_device != data_rec->blk_device) {
+ LOG(ERROR) << "blk_device " << blk_device << " does not match fstab entry "
+ << data_rec->blk_device << " for " << mount_point;
return false;
}
KeyBuffer key;
if (!read_key(*data_rec, needs_encrypt, &key)) return false;
- uint64_t nr_sec;
- if (!get_number_of_sectors(data_rec->blk_device, &nr_sec)) return false;
- bool set_dun = android::base::GetBoolProperty("ro.crypto.set_dun", false);
- if (!set_dun && data_rec->fs_mgr_flags.checkpoint_blk) {
- LOG(ERROR) << "Block checkpoints and metadata encryption require setdun option!";
- return false;
- }
std::string crypto_blkdev;
- if (!create_crypto_blk_dev(kDmNameUserdata, nr_sec, blk_device, key, &crypto_blkdev, set_dun))
- return false;
+ if (!create_crypto_blk_dev(kDmNameUserdata, data_rec, key, &crypto_blkdev)) return false;
// FIXME handle the corrupt case
if (needs_encrypt) {
+ uint64_t nr_sec;
+ if (!get_number_of_sectors(data_rec->blk_device, &nr_sec)) return false;
LOG(INFO) << "Beginning inplace encryption, nr_sec: " << nr_sec;
off64_t size_already_done = 0;
auto rc = cryptfs_enable_inplace(crypto_blkdev.data(), blk_device.data(), nr_sec,