Enable metadata encryption

Bug: 26778031
Test: Boots, reboots, sector 0 of userdata encrypted
      Make sure an FDE device, both default and password protected,
      boots.
      Make sure an FBE device without metadata encryption boots.
Change-Id: Ic44a32ce7e9b978e9c9e2dc112b26206741c838d
gugelfrei
Paul Lawrence 7 years ago
parent d5759811ff
commit 3963b23645

@ -212,34 +212,14 @@ static bool prep_data_fs(void)
// callers to this method must be async
/* Do the prep of the /data filesystem */
property_set("vold.post_fs_data_done", "0");
property_set("vold.decrypt", "trigger_post_fs_data");
LOG(DEBUG) << "Waiting for post_fs_data_done";
/* Wait a max of 50 seconds, hopefully it takes much less */
for (int i = 0; ; i++) {
char p[PROPERTY_VALUE_MAX];
property_get("vold.post_fs_data_done", p, "0");
if (*p == '1') {
LOG(INFO) << "Successful data prep";
return true;
}
if (i + 1 == DATA_PREP_TIMEOUT) {
LOG(ERROR) << "post_fs_data timed out";
return false;
}
usleep(50000);
}
property_set("vold.decrypt", "trigger_restart_framework");
return true;
}
static void async_kick_off() {
LOG(DEBUG) << "Asynchronously restarting framework";
sleep(2); // TODO: this mirrors cryptfs, but can it be made shorter?
property_set("vold.decrypt", "trigger_load_persist_props");
if (!prep_data_fs()) return;
/* startup service classes main and late_start */
property_set("vold.decrypt", "trigger_restart_framework");
}
bool e4crypt_mount_metadata_encrypted() {
@ -306,7 +286,6 @@ bool e4crypt_enable_crypto() {
property_set("ro.crypto.type", "file");
mount_via_fs_mgr(data_rec->mount_point, crypto_blkdev.c_str());
property_set("vold.decrypt", "trigger_reset_main");
std::thread(&async_kick_off).detach();
return true;
}

@ -2826,6 +2826,7 @@ int cryptfs_mount_default_encrypted(void)
} else if (crypt_type != CRYPT_TYPE_DEFAULT) {
SLOGD("Password is not default - "
"starting min framework to prompt");
property_set("vold.decrypt", "trigger_post_fs_data");
property_set("vold.decrypt", "trigger_restart_min_framework");
return 0;
} else if (cryptfs_check_passwd(DEFAULT_PASSWORD) == 0) {

@ -1,5 +1,6 @@
# One shot invocation to deal with encrypted volume.
on defaultcrypto
start vold
exec - root -- /system/bin/vdc --wait cryptfs mountdefaultencrypted
# vold will set vold.decrypt to trigger_restart_framework (default
# encryption) or trigger_restart_min_framework (other encryption)
@ -7,6 +8,7 @@ on defaultcrypto
# One shot invocation to encrypt unencrypted volumes
on encrypt
start surfaceflinger
start vold
exec - root -- /system/bin/vdc --wait cryptfs enablecrypto inplace default noui
# vold will set vold.decrypt to trigger_restart_framework (default
# encryption)

Loading…
Cancel
Save