From 6b756ce5e9546ddbd6eb575e1d88af2faf160ab1 Mon Sep 17 00:00:00 2001
From: Paul Crowley <paulcrowley@google.com>
Date: Thu, 5 Oct 2017 14:07:09 -0700
Subject: [PATCH] Don't re-prepare main storage when preparing SD card storage

Test: Boots correctly, logs show main storage no longer prepared when
SD card is.

Change-Id: I9a123436e7083d8331c7543fe77aa6587b28db9f
---
 Ext4Crypt.cpp | 44 ++++++++++++++++++++++++++------------------
 1 file changed, 26 insertions(+), 18 deletions(-)

diff --git a/Ext4Crypt.cpp b/Ext4Crypt.cpp
index 3ac6428..a6c589c 100644
--- a/Ext4Crypt.cpp
+++ b/Ext4Crypt.cpp
@@ -601,22 +601,26 @@ bool e4crypt_prepare_user_storage(const char* volume_uuid, userid_t user_id, int
         auto misc_de_path = android::vold::BuildDataMiscDePath(user_id);
         auto user_de_path = android::vold::BuildDataUserDePath(volume_uuid, user_id);
 
-        if (!prepare_dir(system_legacy_path, 0700, AID_SYSTEM, AID_SYSTEM)) return false;
+        if (volume_uuid == nullptr) {
+            if (!prepare_dir(system_legacy_path, 0700, AID_SYSTEM, AID_SYSTEM)) return false;
 #if MANAGE_MISC_DIRS
-        if (!prepare_dir(misc_legacy_path, 0750, multiuser_get_uid(user_id, AID_SYSTEM),
-                multiuser_get_uid(user_id, AID_EVERYBODY))) return false;
+            if (!prepare_dir(misc_legacy_path, 0750, multiuser_get_uid(user_id, AID_SYSTEM),
+                    multiuser_get_uid(user_id, AID_EVERYBODY))) return false;
 #endif
-        if (!prepare_dir(profiles_de_path, 0771, AID_SYSTEM, AID_SYSTEM)) return false;
+            if (!prepare_dir(profiles_de_path, 0771, AID_SYSTEM, AID_SYSTEM)) return false;
 
-        if (!prepare_dir(system_de_path, 0770, AID_SYSTEM, AID_SYSTEM)) return false;
-        if (!prepare_dir(misc_de_path, 01771, AID_SYSTEM, AID_MISC)) return false;
+            if (!prepare_dir(system_de_path, 0770, AID_SYSTEM, AID_SYSTEM)) return false;
+            if (!prepare_dir(misc_de_path, 01771, AID_SYSTEM, AID_MISC)) return false;
+        }
         if (!prepare_dir(user_de_path, 0771, AID_SYSTEM, AID_SYSTEM)) return false;
 
         if (e4crypt_is_native()) {
             std::string de_raw_ref;
             if (!lookup_key_ref(s_de_key_raw_refs, user_id, &de_raw_ref)) return false;
-            if (!ensure_policy(de_raw_ref, system_de_path)) return false;
-            if (!ensure_policy(de_raw_ref, misc_de_path)) return false;
+            if (volume_uuid == nullptr) {
+                if (!ensure_policy(de_raw_ref, system_de_path)) return false;
+                if (!ensure_policy(de_raw_ref, misc_de_path)) return false;
+            }
             if (!ensure_policy(de_raw_ref, user_de_path)) return false;
         }
     }
@@ -628,24 +632,28 @@ bool e4crypt_prepare_user_storage(const char* volume_uuid, userid_t user_id, int
         auto media_ce_path = android::vold::BuildDataMediaCePath(volume_uuid, user_id);
         auto user_ce_path = android::vold::BuildDataUserCePath(volume_uuid, user_id);
 
-        if (!prepare_dir(system_ce_path, 0770, AID_SYSTEM, AID_SYSTEM)) return false;
-        if (!prepare_dir(misc_ce_path, 01771, AID_SYSTEM, AID_MISC)) return false;
+        if (volume_uuid == nullptr) {
+            if (!prepare_dir(system_ce_path, 0770, AID_SYSTEM, AID_SYSTEM)) return false;
+            if (!prepare_dir(misc_ce_path, 01771, AID_SYSTEM, AID_MISC)) return false;
+        }
         if (!prepare_dir(media_ce_path, 0770, AID_MEDIA_RW, AID_MEDIA_RW)) return false;
         if (!prepare_dir(user_ce_path, 0771, AID_SYSTEM, AID_SYSTEM)) return false;
 
         if (e4crypt_is_native()) {
             std::string ce_raw_ref;
             if (!lookup_key_ref(s_ce_key_raw_refs, user_id, &ce_raw_ref)) return false;
-            if (!ensure_policy(ce_raw_ref, system_ce_path)) return false;
-            if (!ensure_policy(ce_raw_ref, misc_ce_path)) return false;
+            if (volume_uuid == nullptr) {
+                if (!ensure_policy(ce_raw_ref, system_ce_path)) return false;
+                if (!ensure_policy(ce_raw_ref, misc_ce_path)) return false;
+
+                // Now that credentials have been installed, we can run restorecon
+                // over these paths
+                // NOTE: these paths need to be kept in sync with libselinux
+                android::vold::RestoreconRecursive(system_ce_path);
+                android::vold::RestoreconRecursive(misc_ce_path);
+            }
             if (!ensure_policy(ce_raw_ref, media_ce_path)) return false;
             if (!ensure_policy(ce_raw_ref, user_ce_path)) return false;
-
-            // Now that credentials have been installed, we can run restorecon
-            // over these paths
-            // NOTE: these paths need to be kept in sync with libselinux
-            android::vold::RestoreconRecursive(system_ce_path);
-            android::vold::RestoreconRecursive(misc_ce_path);
         }
     }