Gitiles
Code Review Sign In
review.shift-gmbh.com / SHIFTPHONES / android_system_vold / f0550af103f90b3eac0429ea225524619a4d4731^! / . / FsCrypt.cpp
commitf0550af103f90b3eac0429ea225524619a4d4731[log] [tgz]
authorNikita Ioffe <ioffe@google.com>Thu Feb 27 18:21:55 2020 +0000
committerNikita Ioffe <ioffe@google.com>Wed Mar 04 12:18:53 2020 +0000
tree855da5c0815a2438781e669bac5163f12dda513f
parent3a0fd35b62da06a22e10772e680ae33828ce51e0 [diff] [blame]
fskeyring & userspace reboot: support DE keys

During userspace reboot /data might be unmounted, which means that if
device supports filesystem keyring, DE keys will be lost and are needed
to be re-installed.

Test: adb shell setprop sys.init.userdata_remount.force_umount 1
Test: adb shell svc power reboot userspace
Test: atest CtsUserspaceRebootHostSideTestCases
Bug: 143970043
Change-Id: I153caa1d7c373b3c906a34f1184c681e52854a9d
Merged-In: I153caa1d7c373b3c906a34f1184c681e52854a9d
(cherry picked from commit 1eaea5a6a21a2eb9ec0debb69a8718861e13b4d7)

diff --git a/FsCrypt.cpp b/FsCrypt.cpp
index e31163f..a84756f 100644
--- a/FsCrypt.cpp
+++ b/FsCrypt.cpp

@@ -83,8 +83,6 @@
 const std::string systemwide_volume_key_dir =
     std::string() + DATA_MNT_POINT + "/misc/vold/volume_keys";
 
-bool s_systemwide_keys_initialized = false;
-
 // Some users are ephemeral, don't try to wipe their keys from disk
 std::set<userid_t> s_ephemeral_users;
 
@@ -359,15 +357,17 @@
             continue;
         }
         userid_t user_id = std::stoi(entry->d_name);
-        if (s_de_policies.count(user_id) == 0) {
-            auto key_path = de_dir + "/" + entry->d_name;
-            KeyBuffer de_key;
-            if (!retrieveKey(key_path, kEmptyAuthentication, &de_key)) return false;
-            EncryptionPolicy de_policy;
-            if (!install_storage_key(DATA_MNT_POINT, options, de_key, &de_policy)) return false;
-            s_de_policies[user_id] = de_policy;
-            LOG(DEBUG) << "Installed de key for user " << user_id;
+        auto key_path = de_dir + "/" + entry->d_name;
+        KeyBuffer de_key;
+        if (!retrieveKey(key_path, kEmptyAuthentication, &de_key)) return false;
+        EncryptionPolicy de_policy;
+        if (!install_storage_key(DATA_MNT_POINT, options, de_key, &de_policy)) return false;
+        auto ret = s_de_policies.insert({user_id, de_policy});
+        if (!ret.second && ret.first->second != de_policy) {
+            LOG(ERROR) << "DE policy for user" << user_id << " changed";
+            return false;
         }
+        LOG(DEBUG) << "Installed de key for user " << user_id;
     }
     // fscrypt:TODO: go through all DE directories, ensure that all user dirs have the
     // correct policy set on them, and that no rogue ones exist.
@@ -377,10 +377,6 @@
 bool fscrypt_initialize_systemwide_keys() {
     LOG(INFO) << "fscrypt_initialize_systemwide_keys";
 
-    if (s_systemwide_keys_initialized) {
-        LOG(INFO) << "Already initialized";
-        return true;
-    }
     EncryptionOptions options;
     if (!get_data_file_encryption_options(&options)) return false;
 
@@ -414,7 +410,6 @@
     LOG(INFO) << "Wrote per boot key reference to:" << per_boot_ref_filename;
 
     if (!android::vold::FsyncDirectory(device_key_dir)) return false;
-    s_systemwide_keys_initialized = true;
     return true;
 }