Gitiles
Code Review Sign In
review.shift-gmbh.com / SHIFTPHONES / android_system_vold / f56d553babc368e557fe90513e78a5ba06626b0d^! / . / MetadataCrypt.cpp
commitf56d553babc368e557fe90513e78a5ba06626b0d[log] [tgz]
authorPaul Crowley <paulcrowley@google.com>Sun Mar 22 08:02:06 2020 -0700
committerPaul Crowley <paulcrowley@google.com>Mon Apr 06 08:45:32 2020 -0700
treed7c572630261aa8ab4ffaa349a43553d61072d0c
parent10a372f1d20ea59cb73a41d423b99040c56c091b [diff] [blame]
Choose options format using property

To make it easier to support disk formats created using old versions
of dm-default-key with new kernels, choose the disk format to use
based on options_format_version and first_api_version properties
instead of checking the version number of the kernel module.

Bug: 150761030
Test: crosshatch and cuttlefish boot normally; cuttlefish
    fails with "default-key: Not enough arguments" as expected when
    option is set to 1
Change-Id: Ib51071b7c316ce074de72439741087b18335048c

diff --git a/MetadataCrypt.cpp b/MetadataCrypt.cpp
index 8227e74..7b2219b 100644
--- a/MetadataCrypt.cpp
+++ b/MetadataCrypt.cpp

@@ -58,7 +58,7 @@
 // Parsed from metadata options
 struct CryptoOptions {
     struct CryptoType cipher = invalid_crypto_type;
-    bool is_legacy = false;
+    bool use_legacy_options_format = false;
     bool set_dun = true;  // Non-legacy driver always sets DUN
     bool use_hw_wrapped_key = false;
 };
@@ -211,7 +211,7 @@
 
     auto target = std::make_unique<DmTargetDefaultKey>(0, *nr_sec, options.cipher.get_kernel_name(),
                                                        hex_key, blk_device, 0);
-    if (options.is_legacy) target->SetIsLegacy();
+    if (options.use_legacy_options_format) target->SetUseLegacyOptionsFormat();
     if (options.set_dun) target->SetSetDun();
     if (options.use_hw_wrapped_key) target->SetWrappedKeyV0();
 
@@ -287,25 +287,30 @@
         return false;
     }
 
-    bool is_legacy;
-    if (!DmTargetDefaultKey::IsLegacy(&is_legacy)) return false;
+    constexpr unsigned int pre_gki_level = 29;
+    unsigned int options_format_version = android::base::GetUintProperty<unsigned int>(
+            "ro.crypto.dm_default_key.options_format.version",
+            (GetFirstApiLevel() <= pre_gki_level ? 1 : 2));
 
     CryptoOptions options;
-    if (is_legacy) {
+    if (options_format_version == 1) {
         if (!data_rec->metadata_encryption.empty()) {
             LOG(ERROR) << "metadata_encryption options cannot be set in legacy mode";
             return false;
         }
         options.cipher = legacy_aes_256_xts;
-        options.is_legacy = true;
+        options.use_legacy_options_format = true;
         options.set_dun = android::base::GetBoolProperty("ro.crypto.set_dun", false);
         if (!options.set_dun && data_rec->fs_mgr_flags.checkpoint_blk) {
             LOG(ERROR)
                     << "Block checkpoints and metadata encryption require ro.crypto.set_dun option";
             return false;
         }
-    } else {
+    } else if (options_format_version == 2) {
         if (!parse_options(data_rec->metadata_encryption, &options)) return false;
+    } else {
+        LOG(ERROR) << "Unknown options_format_version: " << options_format_version;
+        return false;
     }
 
     auto gen = needs_encrypt ? makeGen(options) : neverGen();