diff options
| author | Paul Lawrence <paullawrence@google.com> | 2015-01-21 09:57:01 -0800 |
|---|---|---|
| committer | Paul Lawrence <paullawrence@google.com> | 2015-01-28 11:41:53 -0800 |
| commit | 36d0eaecd7bd7970b91ac35d6753bf715097e3b9 (patch) | |
| tree | 5fc2626551d91d10f65796280403938541b9d894 | |
| parent | 2f7ee6b7dd36f3d5c55473b67dc2430c795402ce (diff) | |
| download | system_core-36d0eaecd7bd7970b91ac35d6753bf715097e3b9.tar.gz system_core-36d0eaecd7bd7970b91ac35d6753bf715097e3b9.tar.bz2 system_core-36d0eaecd7bd7970b91ac35d6753bf715097e3b9.zip | |
Make encryption configurable
Delay mounting encryptable but unencrypted volumes until we can
check the ro.vold.forceencrypt flag, then optionally encrypt.
Requires matching vold change from
https://googleplex-android-review.git.corp.google.com/#/c/615309/
Bug: 18764230
Change-Id: If22008be8de6a4f3216b349f81ace49be1730314
| -rw-r--r-- | fs_mgr/fs_mgr.c | 4 | ||||
| -rw-r--r-- | fs_mgr/fs_mgr_fstab.c | 5 | ||||
| -rw-r--r-- | fs_mgr/include/fs_mgr.h | 1 | ||||
| -rw-r--r-- | rootdir/init.rc | 2 |
4 files changed, 8 insertions, 4 deletions
diff --git a/fs_mgr/fs_mgr.c b/fs_mgr/fs_mgr.c index 8e3aa11c9..fa52d1601 100644 --- a/fs_mgr/fs_mgr.c +++ b/fs_mgr/fs_mgr.c @@ -477,9 +477,7 @@ int fs_mgr_mount_all(struct fstab *fstab) /* Deal with encryptability. */ if (!mret) { /* If this is encryptable, need to trigger encryption */ - if ( (fstab->recs[attempted_idx].fs_mgr_flags & MF_FORCECRYPT) - || (device_is_force_encrypted() - && fs_mgr_is_encryptable(&fstab->recs[attempted_idx]))) { + if (fs_mgr_is_encryptable(&fstab->recs[attempted_idx])) { if (umount(fstab->recs[attempted_idx].mount_point) == 0) { if (encryptable == FS_MGR_MNTALL_DEV_NOT_ENCRYPTED) { ERROR("Will try to encrypt %s %s\n", fstab->recs[attempted_idx].mount_point, diff --git a/fs_mgr/fs_mgr_fstab.c b/fs_mgr/fs_mgr_fstab.c index ab8f128ce..9d536bdac 100644 --- a/fs_mgr/fs_mgr_fstab.c +++ b/fs_mgr/fs_mgr_fstab.c @@ -428,6 +428,11 @@ int fs_mgr_is_encryptable(struct fstab_rec *fstab) return fstab->fs_mgr_flags & (MF_CRYPT | MF_FORCECRYPT); } +int fs_mgr_is_force_encrypted(struct fstab_rec *fstab) +{ + return fstab->fs_mgr_flags & MF_FORCECRYPT; +} + int fs_mgr_is_noemulatedsd(struct fstab_rec *fstab) { return fstab->fs_mgr_flags & MF_NOEMULATEDSD; diff --git a/fs_mgr/include/fs_mgr.h b/fs_mgr/include/fs_mgr.h index 5e2ff416a..5ec3b991c 100644 --- a/fs_mgr/include/fs_mgr.h +++ b/fs_mgr/include/fs_mgr.h @@ -83,6 +83,7 @@ int fs_mgr_is_voldmanaged(struct fstab_rec *fstab); int fs_mgr_is_nonremovable(struct fstab_rec *fstab); int fs_mgr_is_verified(struct fstab_rec *fstab); int fs_mgr_is_encryptable(struct fstab_rec *fstab); +int fs_mgr_is_force_encrypted(struct fstab_rec *fstab); int fs_mgr_is_noemulatedsd(struct fstab_rec *fstab); int fs_mgr_swapon_all(struct fstab *fstab); #ifdef __cplusplus diff --git a/rootdir/init.rc b/rootdir/init.rc index 642af09bc..dcdc6581b 100644 --- a/rootdir/init.rc +++ b/rootdir/init.rc @@ -581,7 +581,7 @@ service defaultcrypto /system/bin/vdc --wait cryptfs mountdefaultencrypted # encryption) or trigger_restart_min_framework (other encryption) # One shot invocation to encrypt unencrypted volumes -service encrypt /system/bin/vdc --wait cryptfs enablecrypto inplace default +service encrypt /system/bin/vdc --wait cryptfs maybeenabledefaultcrypto disabled oneshot # vold will set vold.decrypt to trigger_restart_framework (default |