Merge "Grant "disk_reserved" GID to critical services."
diff --git a/VoldNativeService.cpp b/VoldNativeService.cpp
index 9d8b990..f7637fd 100644
--- a/VoldNativeService.cpp
+++ b/VoldNativeService.cpp
@@ -554,22 +554,12 @@
int32_t encryptionFlags) {
bool noUi = (encryptionFlags & VoldNativeService::ENCRYPTION_FLAG_NO_UI) != 0;
- std::string how;
- if ((encryptionFlags & VoldNativeService::ENCRYPTION_FLAG_IN_PLACE) != 0) {
- how = "inplace";
- } else if ((encryptionFlags & VoldNativeService::ENCRYPTION_FLAG_WIPE) != 0) {
- how = "wipe";
- } else {
- LOG(ERROR) << "Missing encryption flag";
- return -1;
- }
-
for (int tries = 0; tries < 2; ++tries) {
int rc;
if (passwordType == VoldNativeService::PASSWORD_TYPE_DEFAULT) {
- rc = cryptfs_enable_default(how.c_str(), noUi);
+ rc = cryptfs_enable_default(noUi);
} else {
- rc = cryptfs_enable(how.c_str(), passwordType, password.c_str(), noUi);
+ rc = cryptfs_enable(passwordType, password.c_str(), noUi);
}
if (rc == 0) {
@@ -591,9 +581,6 @@
if (passwordType != PASSWORD_TYPE_DEFAULT) {
return error("Unexpected password type");
}
- if (encryptionFlags != (ENCRYPTION_FLAG_IN_PLACE | ENCRYPTION_FLAG_NO_UI)) {
- return error("Unexpected flags");
- }
return translateBool(e4crypt_enable_crypto());
}
diff --git a/binder/android/os/IVold.aidl b/binder/android/os/IVold.aidl
index d073be2..9facaf7 100644
--- a/binder/android/os/IVold.aidl
+++ b/binder/android/os/IVold.aidl
@@ -94,8 +94,6 @@
void secdiscard(@utf8InCpp String path);
- const int ENCRYPTION_FLAG_WIPE = 1;
- const int ENCRYPTION_FLAG_IN_PLACE = 2;
const int ENCRYPTION_FLAG_NO_UI = 4;
const int ENCRYPTION_STATE_NONE = 1;
diff --git a/cryptfs.cpp b/cryptfs.cpp
index af7fda3..427772c 100644
--- a/cryptfs.cpp
+++ b/cryptfs.cpp
@@ -1925,73 +1925,6 @@
return 0;
}
-static int cryptfs_enable_wipe(char *crypto_blkdev, off64_t size, int type)
-{
- const char *args[10];
- char size_str[32]; /* Must be large enough to hold a %lld and null byte */
- int num_args;
- int status;
- int tmp;
- int rc = -1;
-
- if (type == EXT4_FS) {
- args[0] = "/system/bin/mke2fs";
- args[1] = "-M";
- args[2] = "/data";
- args[3] = "-b";
- args[4] = "4096";
- args[5] = "-t";
- args[6] = "ext4";
- args[7] = crypto_blkdev;
- snprintf(size_str, sizeof(size_str), "%" PRId64, size / (4096 / 512));
- args[8] = size_str;
- num_args = 9;
- SLOGI("Making empty filesystem with command %s %s %s %s %s %s\n",
- args[0], args[1], args[2], args[3], args[4], args[5]);
- } else if (type == F2FS_FS) {
- args[0] = "/system/bin/make_f2fs";
- args[1] = "-f";
- args[2] = "-d1";
- args[3] = "-O";
- args[4] = "encrypt";
- args[5] = "-O";
- args[6] = "quota";
- args[7] = crypto_blkdev;
- snprintf(size_str, sizeof(size_str), "%" PRId64, size);
- args[8] = size_str;
- num_args = 9;
- SLOGI("Making empty filesystem with command %s %s %s %s %s %s %s %s %s\n",
- args[0], args[1], args[2], args[3], args[4], args[5],
- args[6], args[7], args[8]);
- } else {
- SLOGE("cryptfs_enable_wipe(): unknown filesystem type %d\n", type);
- return -1;
- }
-
- tmp = android_fork_execvp(num_args, (char **)args, &status, false, true);
-
- if (tmp != 0) {
- SLOGE("Error creating empty filesystem on %s due to logwrap error\n", crypto_blkdev);
- } else {
- if (WIFEXITED(status)) {
- if (WEXITSTATUS(status)) {
- SLOGE("Error creating filesystem on %s, exit status %d ",
- crypto_blkdev, WEXITSTATUS(status));
- } else {
- SLOGD("Successfully created filesystem on %s\n", crypto_blkdev);
- rc = 0;
- }
- } else {
- SLOGE("Error creating filesystem on %s, did not exit normally\n", crypto_blkdev);
- }
- }
-
- return rc;
-}
-
-#define CRYPTO_ENABLE_WIPE 1
-#define CRYPTO_ENABLE_INPLACE 2
-
#define FRAMEWORK_BOOT_WAIT 60
static int cryptfs_SHA256_fileblock(const char* filename, __le8* buf)
@@ -2020,60 +1953,31 @@
return 0;
}
-static int get_fs_type(struct fstab_rec *rec)
-{
- if (!strcmp(rec->fs_type, "ext4")) {
- return EXT4_FS;
- } else if (!strcmp(rec->fs_type, "f2fs")) {
- return F2FS_FS;
- } else {
- return -1;
- }
-}
-
-static int cryptfs_enable_all_volumes(struct crypt_mnt_ftr *crypt_ftr, int how,
- char *crypto_blkdev, char *real_blkdev,
- int previously_encrypted_upto)
-{
+static int cryptfs_enable_all_volumes(struct crypt_mnt_ftr* crypt_ftr, char* crypto_blkdev,
+ char* real_blkdev, int previously_encrypted_upto) {
off64_t cur_encryption_done=0, tot_encryption_size=0;
int rc = -1;
/* The size of the userdata partition, and add in the vold volumes below */
tot_encryption_size = crypt_ftr->fs_size;
- if (how == CRYPTO_ENABLE_WIPE) {
- struct fstab_rec* rec = fs_mgr_get_entry_for_mount_point(fstab_default, DATA_MNT_POINT);
- int fs_type = get_fs_type(rec);
- if (fs_type < 0) {
- SLOGE("cryptfs_enable: unsupported fs type %s\n", rec->fs_type);
- return -1;
- }
- rc = cryptfs_enable_wipe(crypto_blkdev, crypt_ftr->fs_size, fs_type);
- } else if (how == CRYPTO_ENABLE_INPLACE) {
- rc = cryptfs_enable_inplace(crypto_blkdev, real_blkdev,
- crypt_ftr->fs_size, &cur_encryption_done,
- tot_encryption_size,
- previously_encrypted_upto);
+ rc = cryptfs_enable_inplace(crypto_blkdev, real_blkdev, crypt_ftr->fs_size, &cur_encryption_done,
+ tot_encryption_size, previously_encrypted_upto);
- if (rc == ENABLE_INPLACE_ERR_DEV) {
- /* Hack for b/17898962 */
- SLOGE("cryptfs_enable: crypto block dev failure. Must reboot...\n");
- cryptfs_reboot(RebootType::reboot);
- }
+ if (rc == ENABLE_INPLACE_ERR_DEV) {
+ /* Hack for b/17898962 */
+ SLOGE("cryptfs_enable: crypto block dev failure. Must reboot...\n");
+ cryptfs_reboot(RebootType::reboot);
+ }
- if (!rc) {
- crypt_ftr->encrypted_upto = cur_encryption_done;
- }
+ if (!rc) {
+ crypt_ftr->encrypted_upto = cur_encryption_done;
+ }
- if (!rc && crypt_ftr->encrypted_upto == crypt_ftr->fs_size) {
- /* The inplace routine never actually sets the progress to 100% due
- * to the round down nature of integer division, so set it here */
- property_set("vold.encrypt_progress", "100");
- }
- } else {
- /* Shouldn't happen */
- SLOGE("cryptfs_enable: internal error, unknown option\n");
- rc = -1;
+ if (!rc && crypt_ftr->encrypted_upto == crypt_ftr->fs_size) {
+ /* The inplace routine never actually sets the progress to 100% due
+ * to the round down nature of integer division, so set it here */
+ property_set("vold.encrypt_progress", "100");
}
return rc;
@@ -2084,10 +1988,7 @@
return vm->unmountAll();
}
-int cryptfs_enable_internal(const char *howarg, int crypt_type, const char *passwd,
- int no_ui)
-{
- int how = 0;
+int cryptfs_enable_internal(int crypt_type, const char* passwd, int no_ui) {
char crypto_blkdev[MAXPATHLEN], real_blkdev[MAXPATHLEN];
unsigned char decrypted_master_key[KEY_LEN_BYTES];
int rc=-1, i;
@@ -2102,17 +2003,7 @@
bool onlyCreateHeader = false;
int fd = -1;
- if (!strcmp(howarg, "wipe")) {
- how = CRYPTO_ENABLE_WIPE;
- } else if (! strcmp(howarg, "inplace")) {
- how = CRYPTO_ENABLE_INPLACE;
- } else {
- /* Shouldn't happen, as CommandListener vets the args */
- goto error_unencrypted;
- }
-
- if (how == CRYPTO_ENABLE_INPLACE
- && get_crypt_ftr_and_key(&crypt_ftr) == 0) {
+ if (get_crypt_ftr_and_key(&crypt_ftr) == 0) {
if (crypt_ftr.flags & CRYPT_ENCRYPTION_IN_PROGRESS) {
/* An encryption was underway and was interrupted */
previously_encrypted_upto = crypt_ftr.encrypted_upto;
@@ -2165,7 +2056,7 @@
close(fd);
/* If doing inplace encryption, make sure the orig fs doesn't include the crypto footer */
- if ((how == CRYPTO_ENABLE_INPLACE) && (!strcmp(key_loc, KEY_IN_FOOTER))) {
+ if (!strcmp(key_loc, KEY_IN_FOOTER)) {
unsigned int fs_size_sec, max_fs_size_sec;
fs_size_sec = get_fs_size(real_blkdev);
if (fs_size_sec == 0)
@@ -2212,7 +2103,7 @@
}
/* Do extra work for a better UX when doing the long inplace encryption */
- if (how == CRYPTO_ENABLE_INPLACE && !onlyCreateHeader) {
+ if (!onlyCreateHeader) {
/* Now that /data is unmounted, we need to mount a tmpfs
* /data, set a property saying we're doing inplace encryption,
* and restart the framework.
@@ -2299,7 +2190,7 @@
cryptfs_reboot(RebootType::reboot);
}
- if (how == CRYPTO_ENABLE_INPLACE && (!no_ui || rebootEncryption)) {
+ if (!no_ui || rebootEncryption) {
/* startup service classes main and late_start */
property_set("vold.decrypt", "trigger_restart_min_framework");
SLOGD("Just triggered restart_min_framework\n");
@@ -2329,14 +2220,12 @@
}
if (!rc) {
- rc = cryptfs_enable_all_volumes(&crypt_ftr, how,
- crypto_blkdev, real_blkdev,
+ rc = cryptfs_enable_all_volumes(&crypt_ftr, crypto_blkdev, real_blkdev,
previously_encrypted_upto);
}
/* Calculate checksum if we are not finished */
- if (!rc && how == CRYPTO_ENABLE_INPLACE
- && crypt_ftr.encrypted_upto != crypt_ftr.fs_size) {
+ if (!rc && crypt_ftr.encrypted_upto != crypt_ftr.fs_size) {
rc = cryptfs_SHA256_fileblock(crypto_blkdev,
crypt_ftr.hash_first_block);
if (rc) {
@@ -2352,8 +2241,7 @@
/* Success */
crypt_ftr.flags &= ~CRYPT_INCONSISTENT_STATE;
- if (how == CRYPTO_ENABLE_INPLACE
- && crypt_ftr.encrypted_upto != crypt_ftr.fs_size) {
+ if (crypt_ftr.encrypted_upto != crypt_ftr.fs_size) {
SLOGD("Encrypted up to sector %lld - will continue after reboot",
crypt_ftr.encrypted_upto);
crypt_ftr.flags |= CRYPT_ENCRYPTION_IN_PROGRESS;
@@ -2361,30 +2249,29 @@
put_crypt_ftr_and_key(&crypt_ftr);
- if (how == CRYPTO_ENABLE_WIPE
- || crypt_ftr.encrypted_upto == crypt_ftr.fs_size) {
- char value[PROPERTY_VALUE_MAX];
- property_get("ro.crypto.state", value, "");
- if (!strcmp(value, "")) {
- /* default encryption - continue first boot sequence */
- property_set("ro.crypto.state", "encrypted");
- property_set("ro.crypto.type", "block");
- release_wake_lock(lockid);
- if (rebootEncryption && crypt_ftr.crypt_type != CRYPT_TYPE_DEFAULT) {
- // Bring up cryptkeeper that will check the password and set it
- property_set("vold.decrypt", "trigger_shutdown_framework");
- sleep(2);
- property_set("vold.encrypt_progress", "");
- cryptfs_trigger_restart_min_framework();
+ if (crypt_ftr.encrypted_upto == crypt_ftr.fs_size) {
+ char value[PROPERTY_VALUE_MAX];
+ property_get("ro.crypto.state", value, "");
+ if (!strcmp(value, "")) {
+ /* default encryption - continue first boot sequence */
+ property_set("ro.crypto.state", "encrypted");
+ property_set("ro.crypto.type", "block");
+ release_wake_lock(lockid);
+ if (rebootEncryption && crypt_ftr.crypt_type != CRYPT_TYPE_DEFAULT) {
+ // Bring up cryptkeeper that will check the password and set it
+ property_set("vold.decrypt", "trigger_shutdown_framework");
+ sleep(2);
+ property_set("vold.encrypt_progress", "");
+ cryptfs_trigger_restart_min_framework();
+ } else {
+ cryptfs_check_passwd(DEFAULT_PASSWORD);
+ cryptfs_restart_internal(1);
+ }
+ return 0;
} else {
- cryptfs_check_passwd(DEFAULT_PASSWORD);
- cryptfs_restart_internal(1);
+ sleep(2); /* Give the UI a chance to show 100% progress */
+ cryptfs_reboot(RebootType::reboot);
}
- return 0;
- } else {
- sleep(2); /* Give the UI a chance to show 100% progress */
- cryptfs_reboot(RebootType::reboot);
- }
} else {
sleep(2); /* Partially encrypted, ensure writes flushed to ssd */
cryptfs_reboot(RebootType::shutdown);
@@ -2443,15 +2330,12 @@
return -1;
}
-int cryptfs_enable(const char *howarg, int type, const char *passwd, int no_ui)
-{
- return cryptfs_enable_internal(howarg, type, passwd, no_ui);
+int cryptfs_enable(int type, const char* passwd, int no_ui) {
+ return cryptfs_enable_internal(type, passwd, no_ui);
}
-int cryptfs_enable_default(const char *howarg, int no_ui)
-{
- return cryptfs_enable_internal(howarg, CRYPT_TYPE_DEFAULT,
- DEFAULT_PASSWORD, no_ui);
+int cryptfs_enable_default(int no_ui) {
+ return cryptfs_enable_internal(CRYPT_TYPE_DEFAULT, DEFAULT_PASSWORD, no_ui);
}
int cryptfs_changepw(int crypt_type, const char *newpw)
diff --git a/cryptfs.h b/cryptfs.h
index 767270f..bf4b405 100644
--- a/cryptfs.h
+++ b/cryptfs.h
@@ -231,9 +231,9 @@
int cryptfs_check_passwd(const char* pw);
int cryptfs_verify_passwd(const char* pw);
int cryptfs_restart(void);
-int cryptfs_enable(const char* flag, int type, const char* passwd, int no_ui);
+int cryptfs_enable(int type, const char* passwd, int no_ui);
int cryptfs_changepw(int type, const char* newpw);
-int cryptfs_enable_default(const char* flag, int no_ui);
+int cryptfs_enable_default(int no_ui);
int cryptfs_setup_ext_volume(const char* label, const char* real_blkdev, const unsigned char* key,
int keysize, char* out_crypto_blkdev);
int cryptfs_revert_ext_volume(const char* label);
diff --git a/main.cpp b/main.cpp
index 01a2168..62ea6b7 100644
--- a/main.cpp
+++ b/main.cpp
@@ -41,7 +41,8 @@
#include <dirent.h>
#include <fs_mgr.h>
-static int process_config(VolumeManager *vm, bool* has_adoptable, bool* has_quota);
+static int process_config(VolumeManager* vm, bool* has_adoptable, bool* has_quota,
+ bool* has_reserved);
static void coldboot(const char *path);
static void parse_args(int argc, char** argv);
@@ -99,8 +100,9 @@
bool has_adoptable;
bool has_quota;
+ bool has_reserved;
- if (process_config(vm, &has_adoptable, &has_quota)) {
+ if (process_config(vm, &has_adoptable, &has_quota, &has_reserved)) {
PLOG(ERROR) << "Error reading configuration... continuing anyways";
}
@@ -122,6 +124,7 @@
// a deadlock between vold and init (see b/34278978 for details)
android::base::SetProperty("vold.has_adoptable", has_adoptable ? "1" : "0");
android::base::SetProperty("vold.has_quota", has_quota ? "1" : "0");
+ android::base::SetProperty("vold.has_reserved", has_reserved ? "1" : "0");
// Do coldboot here so it won't block booting,
// also the cold boot is needed in case we have flash drive
@@ -204,7 +207,8 @@
}
}
-static int process_config(VolumeManager *vm, bool* has_adoptable, bool* has_quota) {
+static int process_config(VolumeManager* vm, bool* has_adoptable, bool* has_quota,
+ bool* has_reserved) {
ATRACE_NAME("process_config");
fstab_default = fs_mgr_read_fstab_default();
@@ -216,11 +220,15 @@
/* Loop through entries looking for ones that vold manages */
*has_adoptable = false;
*has_quota = false;
+ *has_reserved = false;
for (int i = 0; i < fstab_default->num_entries; i++) {
auto rec = &fstab_default->recs[i];
if (fs_mgr_is_quota(rec)) {
*has_quota = true;
}
+ if (rec->reserved_size > 0) {
+ *has_reserved = true;
+ }
if (fs_mgr_is_voldmanaged(rec)) {
if (fs_mgr_is_nonremovable(rec)) {
diff --git a/vdc.cpp b/vdc.cpp
index 19eb379..5ae4cd9 100644
--- a/vdc.cpp
+++ b/vdc.cpp
@@ -93,8 +93,7 @@
checkStatus(vold->initUser0());
} else if (args[0] == "cryptfs" && args[1] == "enablecrypto") {
int passwordType = android::os::IVold::PASSWORD_TYPE_DEFAULT;
- int encryptionFlags = android::os::IVold::ENCRYPTION_FLAG_IN_PLACE
- | android::os::IVold::ENCRYPTION_FLAG_NO_UI;
+ int encryptionFlags = android::os::IVold::ENCRYPTION_FLAG_NO_UI;
checkStatus(vold->fdeEnable(passwordType, "", encryptionFlags));
} else if (args[0] == "cryptfs" && args[1] == "mountdefaultencrypted") {
checkStatus(vold->mountDefaultEncrypted());
diff --git a/vdc.rc b/vdc.rc
index 4d51ced..f2a8076 100644
--- a/vdc.rc
+++ b/vdc.rc
@@ -7,6 +7,6 @@
# One shot invocation to encrypt unencrypted volumes
on encrypt
start surfaceflinger
- exec - root -- /system/bin/vdc --wait cryptfs enablecrypto inplace default noui
+ exec - root -- /system/bin/vdc --wait cryptfs enablecrypto
# vold will set vold.decrypt to trigger_restart_framework (default
# encryption)