From eb241a1d6509d4281b053fbbdcd36dc33bad6b46 Mon Sep 17 00:00:00 2001 From: Paul Crowley Date: Tue, 18 Feb 2020 10:10:08 -0800 Subject: [PATCH] Make CTS not HEH the default post Q Making HEH the default was always a mistake and a giant foot-gun. Let's make life easier for people by making the default depend on first_api_level, so it's automatically set up right for new devices without breaking old ones. Also use v2 fscrypt keys instead of v1 post Q. Bug: 147107322 Test: Various Cuttlefish configurations Change-Id: I5432bdfd6fec6ed34e7f9ab7cdd32cdeb2a03472 --- FsCrypt.cpp | 15 ++++++++++----- 1 file changed, 10 insertions(+), 5 deletions(-) diff --git a/FsCrypt.cpp b/FsCrypt.cpp index a01ed5e..e31163f 100644 --- a/FsCrypt.cpp +++ b/FsCrypt.cpp @@ -231,13 +231,18 @@ static bool install_storage_key(const std::string& mountpoint, const EncryptionO // Retrieve the options to use for encryption policies on adoptable storage. static bool get_volume_file_encryption_options(EncryptionOptions* options) { - auto contents_mode = - android::base::GetProperty("ro.crypto.volume.contents_mode", "aes-256-xts"); + // If we give the empty string, libfscrypt will use the default (currently XTS) + auto contents_mode = android::base::GetProperty("ro.crypto.volume.contents_mode", ""); + // HEH as default was always a mistake. Use the libfscrypt default (CTS) + // for devices launching on versions above Android 10. + auto first_api_level = GetFirstApiLevel(); + constexpr uint64_t pre_gki_level = 29; auto filenames_mode = - android::base::GetProperty("ro.crypto.volume.filenames_mode", "aes-256-heh"); + android::base::GetProperty("ro.crypto.volume.filenames_mode", + first_api_level > pre_gki_level ? "" : "aes-256-heh"); auto options_string = android::base::GetProperty("ro.crypto.volume.options", - contents_mode + ":" + filenames_mode + ":v1"); - if (!ParseOptions(options_string, options)) { + contents_mode + ":" + filenames_mode); + if (!ParseOptionsForApiLevel(first_api_level, options_string, options)) { LOG(ERROR) << "Unable to parse volume encryption options: " << options_string; return false; }