Gitiles
Code Review Sign In
review.shift-gmbh.com / SHIFTPHONES / android_system_vold / a1c405a8f2778d655776244916df9f8d2fca3838^1..a1c405a8f2778d655776244916df9f8d2fca3838 / .
commita1c405a8f2778d655776244916df9f8d2fca3838[log] [tgz]
authorPaul Crowley <paulcrowley@google.com>Mon Sep 16 23:20:15 2019 -0700
committerandroid-build-merger <android-build-merger@google.com>Mon Sep 16 23:20:15 2019 -0700
tree9d34d34dd4e1f9ddaefe1d38f8321ded4a9e3682
parent31858e2e722e657fcf0d98326ef11fa30667c7f8 [diff]
parentd678142ac694ab753bc8dfa22b3682c3cace1b3e [diff]
Merge "Create a per-boot key on each boot" am: dab5ddf663 am: 6db7fa72a5 am: 03336816a7
am: d678142ac6

Change-Id: I7ab21b901ac8fd8a746f7190a340c518e099a48a

diff --git a/FsCrypt.cpp b/FsCrypt.cpp
index 3028b60..8d78473 100644
--- a/FsCrypt.cpp
+++ b/FsCrypt.cpp

@@ -84,7 +84,7 @@
 const std::string systemwide_volume_key_dir =
     std::string() + DATA_MNT_POINT + "/misc/vold/volume_keys";
 
-bool s_global_de_initialized = false;
+bool s_systemwide_keys_initialized = false;
 
 // Some users are ephemeral, don't try to wipe their keys from disk
 std::set<userid_t> s_ephemeral_users;
@@ -335,10 +335,10 @@
     return true;
 }
 
-bool fscrypt_initialize_global_de() {
-    LOG(INFO) << "fscrypt_initialize_global_de";
+bool fscrypt_initialize_systemwide_keys() {
+    LOG(INFO) << "fscrypt_initialize_systemwide_keys";
 
-    if (s_global_de_initialized) {
+    if (s_systemwide_keys_initialized) {
         LOG(INFO) << "Already initialized";
         return true;
     }
@@ -355,11 +355,18 @@
 
     std::string ref_filename = std::string("/data") + fscrypt_key_ref;
     if (!android::vold::writeStringToFile(device_ref.key_raw_ref, ref_filename)) return false;
-
     LOG(INFO) << "Wrote system DE key reference to:" << ref_filename;
 
+    KeyBuffer per_boot_key;
+    if (!android::vold::randomKey(&per_boot_key)) return false;
+    std::string per_boot_raw_ref;
+    if (!android::vold::installKey(per_boot_key, &per_boot_raw_ref)) return false;
+    std::string per_boot_ref_filename = std::string("/data") + fscrypt_key_per_boot_ref;
+    if (!android::vold::writeStringToFile(per_boot_raw_ref, per_boot_ref_filename)) return false;
+    LOG(INFO) << "Wrote per boot key reference to:" << per_boot_ref_filename;
+
     if (!android::vold::FsyncDirectory(device_key_dir)) return false;
-    s_global_de_initialized = true;
+    s_systemwide_keys_initialized = true;
     return true;
 }
 

diff --git a/FsCrypt.h b/FsCrypt.h
index 16e2f9a..03ec2e1 100644
--- a/FsCrypt.h
+++ b/FsCrypt.h

@@ -18,7 +18,7 @@
 
 #include <cutils/multiuser.h>
 
-bool fscrypt_initialize_global_de();
+bool fscrypt_initialize_systemwide_keys();
 
 bool fscrypt_init_user0();
 bool fscrypt_vold_create_user_key(userid_t user_id, int serial, bool ephemeral);

diff --git a/VoldNativeService.cpp b/VoldNativeService.cpp
index 9b223c7..0095070 100644
--- a/VoldNativeService.cpp
+++ b/VoldNativeService.cpp

@@ -700,7 +700,7 @@
     ENFORCE_UID(AID_SYSTEM);
     ACQUIRE_CRYPT_LOCK;
 
-    return translateBool(fscrypt_initialize_global_de());
+    return translateBool(fscrypt_initialize_systemwide_keys());
 }
 
 binder::Status VoldNativeService::mountDefaultEncrypted() {