From 07f77ac64f3fb1bfe1bc4213f5add34b5bfb9dac Mon Sep 17 00:00:00 2001
From: Shivaprasad Hongal <shongal@codeaurora.org>
Date: Thu, 30 Aug 2018 14:20:44 -0700
Subject: cryptfs_hw: Add a workaround for metadata encryption

Add a workaround for is_ice_enabled to return 0 if the metadata
partition is present to support metadata encryption.

This is because HW FDE is a compile time flag and would go on to
encrypt the whole disk even for metadata encryption if this does
not return 0. Hence, checking for metadata partition.

Change-Id: I0b08aaf4fbe5b15acb3e8963e16e75b9ad515d09
Signed-off-by: Shivaprasad Hongal <shongal@codeaurora.org>
---
 cryptfs_hw.c | 14 ++++++++++++++
 1 file changed, 14 insertions(+)

diff --git a/cryptfs_hw.c b/cryptfs_hw.c
index 65618df..ebf9381 100644
--- a/cryptfs_hw.c
+++ b/cryptfs_hw.c
@@ -68,6 +68,8 @@
 
 #define CRYPTFS_HW_ALGO_MODE_AES_XTS 			0x3
 
+#define METADATA_PARTITION_NAME "/dev/block/bootdevice/by-name/metadata"
+
 enum cryptfs_hw_key_management_usage_type {
 	CRYPTFS_HW_KM_USAGE_DISK_ENCRYPTION		= 0x01,
 	CRYPTFS_HW_KM_USAGE_FILE_ENCRYPTION		= 0x02,
@@ -363,6 +365,18 @@ int is_ice_enabled(void)
   int storage_type = 0;
   int fd;
 
+  /*
+   * Since HW FDE is a compile time flag (due to QSSI requirements),
+   * this API conflicts with Metadata encryption even when ICE is
+   * enabled, as it encrypts the whole disk instead. Adding this
+   * workaround to return 0 if metadata partition is present.
+   */
+
+  if (access(METADATA_PARTITION_NAME, F_OK) == 0) {
+    SLOGI("Metadata partition, returning false");
+    return 0;
+  }
+
   if (property_get("ro.boot.bootdevice", prop_storage, "")) {
     if (strstr(prop_storage, "ufs")) {
       /* All UFS based devices has ICE in it. So we dont need
-- 
cgit v1.2.3