gugelfrei
/
android_system_vold
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

system: vold: fix block disk encryption to work with metadata encryption

Browse Source 
Metadata encryption essentially encrypts userdata filesystem metadata
using Inline crypto engine based block disk encryption concept. New
Inline crypto engine based block disk encryption design do not create
crypto block device. When metadata encryption was enabled it needed
crypto block device to encrypt the metadata. So if metadata partition
is mounted on device block disk encryption did not work. Fix this by
checking whether crypto block device was created or not to switch
between two data encryption calls.

CRs-Fixed: 2389467
Change-Id: Ic46244ab08f31e71865636f1a2470f914ca88547
gugelfrei
Neeraj Soni 5 years ago committed by Michael Bestas
parent 30e6124057
commit 4b262c4739
1 changed files with 7 additions and 62 deletions
Show Stats Download Patch File Download Diff File

69
EncryptInplace.cpp
Unescape View File

@ -32,9 +32,6 @@
#include <android-base/logging.h>
#include <android-base/properties.h>
#ifdef CONFIG_HW_DISK_ENCRYPTION
#include "cryptfs_hw.h"
#endif
// HORRIBLE HACK, FIXME
#include "cryptfs.h"
@ -283,8 +280,7 @@ static int cryptfs_enable_inplace_ext4(const char* crypto_blkdev, const char* re
}
LOG(DEBUG) << "Opening" << crypto_blkdev;
#if defined(CONFIG_HW_DISK_ENCRYPTION) && defined(CONFIG_HW_DISK_ENCRYPT_PERF)
if (is_ice_enabled())
if (!strncmp(real_blkdev, crypto_blkdev, strlen(real_blkdev)))
data.cryptofd = data.realfd;
else {
// Wait until the block device appears. Re-use the mount retry values since it is reasonable.
@ -303,21 +299,6 @@ static int cryptfs_enable_inplace_ext4(const char* crypto_blkdev, const char* re
}
}
}
#else
// Wait until the block device appears. Re-use the mount retry values since it is reasonable.
while ((data.cryptofd = open(crypto_blkdev, O_WRONLY | O_CLOEXEC)) < 0) {
if (--retries) {
PLOG(ERROR) << "Error opening crypto_blkdev " << crypto_blkdev
<< " for ext4 inplace encrypt, retrying";
sleep(RETRY_MOUNT_DELAY_SECONDS);
} else {
PLOG(ERROR) << "Error opening crypto_blkdev " << crypto_blkdev
<< " for ext4 inplace encrypt";
rc = ENABLE_INPLACE_ERR_DEV;
goto errout;
}
}
#endif
if (setjmp(setjmp_env)) { // NOLINT
LOG(ERROR) << "Reading ext4 extent caused an exception";
@ -363,12 +344,8 @@ static int cryptfs_enable_inplace_ext4(const char* crypto_blkdev, const char* re
errout:
close(data.realfd);
#if defined(CONFIG_HW_DISK_ENCRYPTION) && defined(CONFIG_HW_DISK_ENCRYPT_PERF)
if (!is_ice_enabled())
if (!strncmp(real_blkdev, crypto_blkdev, strlen(real_blkdev)))
close(data.cryptofd);
#else
close(data.cryptofd);
#endif
return rc;
}
@ -444,8 +421,7 @@ static int cryptfs_enable_inplace_f2fs(const char* crypto_blkdev, const char* re
PLOG(ERROR) << "Error opening real_blkdev " << real_blkdev << " for f2fs inplace encrypt";
goto errout;
}
#if defined(CONFIG_HW_DISK_ENCRYPTION) && defined(CONFIG_HW_DISK_ENCRYPT_PERF)
if (is_ice_enabled())
if (!strncmp(real_blkdev, crypto_blkdev, strlen(real_blkdev)))
data.cryptofd = data.realfd;
else {
if ((data.cryptofd = open64(crypto_blkdev, O_WRONLY|O_CLOEXEC)) < 0) {
@ -456,14 +432,6 @@ static int cryptfs_enable_inplace_f2fs(const char* crypto_blkdev, const char* re
goto errout;
}
}
#else
if ((data.cryptofd = open64(crypto_blkdev, O_WRONLY | O_CLOEXEC)) < 0) {
PLOG(ERROR) << "Error opening crypto_blkdev " << crypto_blkdev
<< " for f2fs inplace encrypt";
rc = ENABLE_INPLACE_ERR_DEV;
goto errout;
}
#endif
f2fs_info = generate_f2fs_info(data.realfd);
if (!f2fs_info) goto errout;
@ -511,12 +479,8 @@ errout:
free(f2fs_info);
free(data.buffer);
close(data.realfd);
#if defined(CONFIG_HW_DISK_ENCRYPTION) && defined(CONFIG_HW_DISK_ENCRYPT_PERF)
if (!is_ice_enabled())
if (!strncmp(real_blkdev, crypto_blkdev, strlen(real_blkdev)))
close(data.cryptofd);
#else
close(data.cryptofd);
#endif
return rc;
}
@ -537,8 +501,7 @@ static int cryptfs_enable_inplace_full(const char* crypto_blkdev, const char* re
return ENABLE_INPLACE_ERR_OTHER;
}
#if defined(CONFIG_HW_DISK_ENCRYPTION) && defined(CONFIG_HW_DISK_ENCRYPT_PERF)
if (is_ice_enabled())
if (!strncmp(real_blkdev, crypto_blkdev, strlen(real_blkdev)))
cryptofd = realfd;
else {
if ((cryptofd = open(crypto_blkdev, O_WRONLY|O_CLOEXEC)) < 0) {
@ -549,13 +512,6 @@ static int cryptfs_enable_inplace_full(const char* crypto_blkdev, const char* re
return ENABLE_INPLACE_ERR_DEV;
}
}
#else
if ((cryptofd = open(crypto_blkdev, O_WRONLY | O_CLOEXEC)) < 0) {
PLOG(ERROR) << "Error opening crypto_blkdev " << crypto_blkdev << " for inplace encrypt";
close(realfd);
return ENABLE_INPLACE_ERR_DEV;
}
#endif
/* This is pretty much a simple loop of reading 4K, and writing 4K.
* The size passed in is the number of 512 byte sectors in the filesystem.
@ -576,19 +532,12 @@ static int cryptfs_enable_inplace_full(const char* crypto_blkdev, const char* re
goto errout;
}
#if defined(CONFIG_HW_DISK_ENCRYPTION) && defined(CONFIG_HW_DISK_ENCRYPT_PERF)
if (!is_ice_enabled()) {
if (!strncmp(real_blkdev, crypto_blkdev, strlen(real_blkdev))) {
if (lseek64(cryptofd, i * CRYPT_SECTOR_SIZE, SEEK_SET) < 0) {
PLOG(ERROR) << "Cannot seek to previously encrypted point on " << crypto_blkdev;
goto errout;
}
}
#else
if (lseek64(cryptofd, i * CRYPT_SECTOR_SIZE, SEEK_SET) < 0) {
PLOG(ERROR) << "Cannot seek to previously encrypted point on " << crypto_blkdev;
goto errout;
}
#endif
for (; i < size && i % CRYPT_SECTORS_PER_BUFSIZE != 0; ++i) {
if (unix_read(realfd, buf, CRYPT_SECTOR_SIZE) <= 0) {
@ -651,12 +600,8 @@ static int cryptfs_enable_inplace_full(const char* crypto_blkdev, const char* re
errout:
close(realfd);
#if defined(CONFIG_HW_DISK_ENCRYPTION) && defined(CONFIG_HW_DISK_ENCRYPT_PERF)
if (!is_ice_enabled())
if (!strncmp(real_blkdev, crypto_blkdev, strlen(real_blkdev)))
close(cryptofd);
#else
close(cryptofd);
#endif
return rc;
}

Write Preview
Loading…
Cancel
Save