diff options
| author | Paul Lawrence <paullawrence@google.com> | 2015-03-26 15:49:42 +0000 |
|---|---|---|
| committer | Paul Lawrence <paullawrence@google.com> | 2015-03-31 13:02:13 -0700 |
| commit | b8c9d273a07f3fc45780e763bb3f7f6266b8cab7 (patch) | |
| tree | 0f3f3070a9f3e447393e97116917348b1d9aa49d /init | |
| parent | 934102baf8fca57abf63df7f134e977e696722db (diff) | |
| download | system_core-b8c9d273a07f3fc45780e763bb3f7f6266b8cab7.tar.gz system_core-b8c9d273a07f3fc45780e763bb3f7f6266b8cab7.tar.bz2 system_core-b8c9d273a07f3fc45780e763bb3f7f6266b8cab7.zip | |
Revert "Revert "Adding e4crypt support""
Fix build break caused by original change
This reverts commit 84b0bab58fcc7f225e9a17a15c531b0c2fc509c5.
Change-Id: I99fbd7c3d1ed92db1f546033c8493bb71a327924
Diffstat (limited to 'init')
| -rw-r--r-- | init/Android.mk | 7 | ||||
| -rw-r--r-- | init/builtins.cpp | 54 | ||||
| -rw-r--r-- | init/init_parser.cpp | 1 | ||||
| -rw-r--r-- | init/keywords.h | 2 |
4 files changed, 61 insertions, 3 deletions
diff --git a/init/Android.mk b/init/Android.mk index cb4cb117f..dd867cbdf 100644 --- a/init/Android.mk +++ b/init/Android.mk @@ -47,7 +47,7 @@ LOCAL_SRC_FILES:= \ watchdogd.cpp \ LOCAL_MODULE:= init - +LOCAL_C_INCLUDES += system/extras/ext4_utils LOCAL_FORCE_STATIC_EXECUTABLE := true LOCAL_MODULE_PATH := $(TARGET_ROOT_OUT) LOCAL_UNSTRIPPED_PATH := $(TARGET_ROOT_OUT_UNSTRIPPED) @@ -58,11 +58,14 @@ LOCAL_STATIC_LIBRARIES := \ liblogwrap \ libcutils \ libbase \ + libext4_utils_static \ + libutils \ liblog \ libc \ libselinux \ libmincrypt \ - libext4_utils_static + libc++_static \ + libdl # Create symlinks LOCAL_POST_INSTALL_CMD := $(hide) mkdir -p $(TARGET_ROOT_OUT)/sbin; \ diff --git a/init/builtins.cpp b/init/builtins.cpp index 6daea3702..9d5b8a830 100644 --- a/init/builtins.cpp +++ b/init/builtins.cpp @@ -29,6 +29,7 @@ #include <sys/wait.h> #include <unistd.h> #include <linux/loop.h> +#include <ext4_crypt.h> #include <selinux/selinux.h> #include <selinux/label.h> @@ -302,7 +303,7 @@ int do_mkdir(int nargs, char **args) } } - return 0; + return e4crypt_set_directory_policy(args[1]); } static struct { @@ -446,6 +447,17 @@ static int wipe_data_via_recovery() while (1) { pause(); } // never reached } +/* + * Callback to make a directory from the ext4 code + */ +static int do_mount_alls_make_dir(const char* dir) +{ + if (make_dir(dir, 0700) && errno != EEXIST) { + return -1; + } + + return 0; +} /* * This function might request a reboot, in which case it will @@ -514,6 +526,37 @@ int do_mount_all(int nargs, char **args) ERROR("fs_mgr_mount_all suggested recovery, so wiping data via recovery.\n"); ret = wipe_data_via_recovery(); /* If reboot worked, there is no return. */ + } else if (ret == FS_MGR_MNTALL_DEV_DEFAULT_FILE_ENCRYPTED) { + // We have to create the key files here. Only init can call make_dir, + // and we can't do it from fs_mgr as then fs_mgr would depend on + // make_dir creating a circular dependency. + fstab = fs_mgr_read_fstab(args[1]); + for (int i = 0; i < fstab->num_entries; ++i) { + if (fs_mgr_is_file_encrypted(&fstab->recs[i])) { + if (e4crypt_create_device_key(fstab->recs[i].mount_point, + do_mount_alls_make_dir)) { + ERROR("Could not create device key on %s" + " - continue unencrypted\n", + fstab->recs[i].mount_point); + } + } + } + fs_mgr_free_fstab(fstab); + + if (e4crypt_install_keyring()) { + return -1; + } + property_set("ro.crypto.state", "encrypted"); + + // Although encrypted, we have device key, so we do not need to + // do anything different from the nonencrypted case. + action_for_each_trigger("nonencrypted", action_add_queue_tail); + } else if (ret == FS_MGR_MNTALL_DEV_NON_DEFAULT_FILE_ENCRYPTED) { + if (e4crypt_install_keyring()) { + return -1; + } + property_set("ro.crypto.state", "encrypted"); + property_set("vold.decrypt", "trigger_restart_min_framework"); } else if (ret > 0) { ERROR("fs_mgr_mount_all returned unexpected error %d\n", ret); } @@ -866,3 +909,12 @@ int do_wait(int nargs, char **args) } else return -1; } + +int do_installkey(int nargs, char **args) +{ + if (nargs == 2) { + return e4crypt_install_key(args[1]); + } + + return -1; +} diff --git a/init/init_parser.cpp b/init/init_parser.cpp index 294dc19e4..4e18e2078 100644 --- a/init/init_parser.cpp +++ b/init/init_parser.cpp @@ -153,6 +153,7 @@ static int lookup_keyword(const char *s) if (!strcmp(s, "fup")) return K_ifup; if (!strcmp(s, "nsmod")) return K_insmod; if (!strcmp(s, "mport")) return K_import; + if (!strcmp(s, "nstallkey")) return K_installkey; break; case 'k': if (!strcmp(s, "eycodes")) return K_keycodes; diff --git a/init/keywords.h b/init/keywords.h index 09f645b80..34cb2add9 100644 --- a/init/keywords.h +++ b/init/keywords.h @@ -11,6 +11,7 @@ int do_export(int nargs, char **args); int do_hostname(int nargs, char **args); int do_ifup(int nargs, char **args); int do_insmod(int nargs, char **args); +int do_installkey(int nargs, char **args); int do_mkdir(int nargs, char **args); int do_mount_all(int nargs, char **args); int do_mount(int nargs, char **args); @@ -61,6 +62,7 @@ enum { KEYWORD(hostname, COMMAND, 1, do_hostname) KEYWORD(ifup, COMMAND, 1, do_ifup) KEYWORD(insmod, COMMAND, 1, do_insmod) + KEYWORD(installkey, COMMAND, 1, do_installkey) KEYWORD(import, SECTION, 1, 0) KEYWORD(keycodes, OPTION, 0, 0) KEYWORD(mkdir, COMMAND, 1, do_mkdir) |