diff options
| author | Paul Lawrence <paullawrence@google.com> | 2015-03-05 09:46:23 -0800 |
|---|---|---|
| committer | Paul Lawrence <paullawrence@google.com> | 2015-03-27 13:38:41 -0700 |
| commit | 8175a0b65d4bbe29eb1b44c183b3668125825c0b (patch) | |
| tree | b437ea21cbf4350410b0f69c4506c76a8c271370 /cryptfs.c | |
| parent | cdcffc0d29da177399eb403df00e6693ce5e83bb (diff) | |
| download | android_system_vold-8175a0b65d4bbe29eb1b44c183b3668125825c0b.tar.gz android_system_vold-8175a0b65d4bbe29eb1b44c183b3668125825c0b.tar.bz2 android_system_vold-8175a0b65d4bbe29eb1b44c183b3668125825c0b.zip | |
Adding e4crypt support
Redirect all crypto calls to e4crypt equivalents if file level encryption
detected. Note this change implements only the ones needed for minimal
functionality.
Requires matching change:
https://googleplex-android-review.git.corp.google.com/#/c/642778/
Change-Id: I622d1a91704de4b3ab655486e6d38cd6718e6016
Diffstat (limited to 'cryptfs.c')
| -rw-r--r-- | cryptfs.c | 52 |
1 files changed, 50 insertions, 2 deletions
@@ -53,6 +53,7 @@ #include "VolumeManager.h" #include "VoldUtil.h" #include "crypto_scrypt.h" +#include "ext4_crypt.h" #include "ext4_utils.h" #include "f2fs_sparseblock.h" #include "CheckBattery.h" @@ -1674,11 +1675,37 @@ static int cryptfs_restart_internal(int restart_main) int cryptfs_restart(void) { + SLOGI("cryptfs_restart"); + if (e4crypt_crypto_complete(DATA_MNT_POINT) == 0) { + struct fstab_rec* rec; + int rc; + + if (e4crypt_restart(DATA_MNT_POINT)) { + SLOGE("Can't unmount e4crypt temp volume\n"); + return -1; + } + + rec = fs_mgr_get_entry_for_mount_point(fstab, DATA_MNT_POINT); + if (!rec) { + SLOGE("Can't get fstab record for %s\n", DATA_MNT_POINT); + return -1; + } + + rc = fs_mgr_do_mount(fstab, DATA_MNT_POINT, rec->blk_device, 0); + if (rc) { + SLOGE("Can't mount %s\n", DATA_MNT_POINT); + return rc; + } + + property_set("vold.decrypt", "trigger_restart_framework"); + return 0; + } + /* Call internal implementation forcing a restart of main service group */ return cryptfs_restart_internal(1); } -static int do_crypto_complete(char *mount_point UNUSED) +static int do_crypto_complete(char *mount_point) { struct crypt_mnt_ftr crypt_ftr; char encrypted_state[PROPERTY_VALUE_MAX]; @@ -1690,6 +1717,10 @@ static int do_crypto_complete(char *mount_point UNUSED) return CRYPTO_COMPLETE_NOT_ENCRYPTED; } + if (e4crypt_crypto_complete(mount_point) == 0) { + return CRYPTO_COMPLETE_ENCRYPTED; + } + if (get_crypt_ftr_and_key(&crypt_ftr)) { fs_mgr_get_crypt_info(fstab, key_loc, 0, sizeof(key_loc)); @@ -2012,6 +2043,11 @@ char* adjust_passwd(const char* passwd) int cryptfs_check_passwd(char *passwd) { + SLOGI("cryptfs_check_passwd"); + if (e4crypt_crypto_complete(DATA_MNT_POINT) == 0) { + return e4crypt_check_passwd(DATA_MNT_POINT, passwd); + } + struct crypt_mnt_ftr crypt_ftr; int rc; @@ -3302,6 +3338,10 @@ int cryptfs_enable_default(char *howarg, int allow_reboot) int cryptfs_changepw(int crypt_type, const char *newpw) { + if (e4crypt_crypto_complete(DATA_MNT_POINT) == 0) { + return e4crypt_change_password(DATA_MNT_POINT, crypt_type, newpw); + } + struct crypt_mnt_ftr crypt_ftr; /* This is only allowed after we've successfully decrypted the master key */ @@ -3709,6 +3749,10 @@ int cryptfs_mount_default_encrypted(void) */ int cryptfs_get_password_type(void) { + if (e4crypt_crypto_complete(DATA_MNT_POINT) == 0) { + return e4crypt_get_password_type(DATA_MNT_POINT); + } + struct crypt_mnt_ftr crypt_ftr; if (get_crypt_ftr_and_key(&crypt_ftr)) { @@ -3723,8 +3767,12 @@ int cryptfs_get_password_type(void) return crypt_ftr.crypt_type; } -char* cryptfs_get_password() +const char* cryptfs_get_password() { + if (e4crypt_crypto_complete(DATA_MNT_POINT) == 0) { + return e4crypt_get_password(DATA_MNT_POINT); + } + struct timespec now; clock_gettime(CLOCK_BOOTTIME, &now); if (now.tv_sec < password_expiry_time) { |