gugelfrei
/
android_system_vold
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Android 11.0.0 Release 32 (RQ2A.210305.006)

Browse Source 
-----BEGIN PGP SIGNATURE-----
 
 iF0EABECAB0WIQRDQNE1cO+UXoOBCWTorT+BmrEOeAUCYD1L1QAKCRDorT+BmrEO
 eOZXAJ9YOpOCJ5HId69wHNDnXgEilzku8gCghX80WXhAxV9C9qK/6nOegbE+w5w=
 =Bmd+
 -----END PGP SIGNATURE-----
gpgsig -----BEGIN PGP SIGNATURE-----
 
 iQIzBAABCAAdFiEEA2skEMxbPHNb/U7LbZVRKTMRJykFAmBDZdYACgkQbZVRKTMR
 JynYRhAAkpvht5PlZCPq4tAcl2ctUDzkGaibcAXp4KNkYsTdEyZTB/i5oSGN6P8e
 gXV+9dTZ5wStTe8jKpHHxsUSD9mAgQ476n9hvg1cAv1Y+6PcyX9N0Y8kCiDpZaam
 6Y0vrElwYzLk5PYiSUiFHdPoKP3GYRo3p6hmckVp7yttVRkZEQ4jMpHEzd8ChkEP
 rOfoZKEZleupYXvj6goVpRDz1gJb7ypgzhPXMzRYGWEM5F6QrP7m0QGqwliahs4j
 /Vp1cIChh+stU2gTsA2EyVWT7DN5ALVSTjWSgxvD/b8oen3G2Ld7Ervy9f4qMh3V
 poJerLRr6RcMZsGqEZXjI8ujGcFXhJhxbgiTfrtmbenQDbynZyp4+mhcvd9lwFFU
 1meD8Hh9o3cPeWsXAeIrcYwZPzNhfiFZF8YtWB+9M6GHAjrZ2AWX/UbH0EJUZ+f6
 f6fPrxixijHBsI1cNd1D3YlkmWy1DDPl5T+GhDwPL3BrLsRPwIfRY7lQKisKyEVh
 0j5NxARcV+WPzj6dABgVdkqFSVQ1vKBbpM8mvIKhaxqiRnLfvv+e6Ul4UM5YZBrB
 3064PoGaDCREEnxbrTBvAJoxlTgYGj3la0y/JomTjZDZVr2LVKgSTgnPm0BNqIBY
 OfR+buQ/Vosf50g7JyOML1I5XkYJfkGvEburaLuGlIqMxYmhGz0=
 =yyDH
 -----END PGP SIGNATURE-----

Merge tag 'android-11.0.0_r32' into staging/lineage-18.1_merge-android-11.0.0_r32

Android 11.0.0 Release 32 (RQ2A.210305.006)

* tag 'android-11.0.0_r32':
  Convert to lower fs path for createObb().
  KeyUtil: don't use keepOld=true for system DE and volume keys

Change-Id: Icf5ca6adfb016e80a2a3f9958d56e7900d70ef03
gugelfrei
Kevin F. Haggerty 3 years ago
parent d023c4b825 cbe6b1daa3
commit 748ecf7d7a
4 changed files with 57 additions and 9 deletions
Show Stats Download Patch File Download Diff File

12
FsCrypt.cpp
Unescape View File

@ -198,7 +198,7 @@ static bool read_and_fixate_user_ce_key(userid_t user_id,
auto const paths = get_ce_key_paths(directory_path);
for (auto const ce_key_path : paths) {
LOG(DEBUG) << "Trying user CE key " << ce_key_path;
if (retrieveKey(ce_key_path, auth, ce_key)) {
if (retrieveKey(ce_key_path, auth, ce_key, false)) {
LOG(DEBUG) << "Successfully retrieved key";
fixate_user_ce_key(directory_path, ce_key_path, paths);
return true;
@ -407,7 +407,7 @@ static bool load_all_de_keys() {
userid_t user_id = std::stoi(entry->d_name);
auto key_path = de_dir + "/" + entry->d_name;
KeyBuffer de_key;
if (!retrieveKey(key_path, kEmptyAuthentication, &de_key)) return false;
if (!retrieveKey(key_path, kEmptyAuthentication, &de_key, false)) return false;
EncryptionPolicy de_policy;
if (!install_storage_key(DATA_MNT_POINT, options, de_key, &de_policy)) return false;
auto ret = s_de_policies.insert({user_id, de_policy});
@ -441,7 +441,7 @@ bool fscrypt_initialize_systemwide_keys() {
KeyBuffer device_key;
if (!retrieveOrGenerateKey(device_key_path, device_key_temp, kEmptyAuthentication,
makeGen(options), &device_key))
makeGen(options), &device_key, false))
return false;
EncryptionPolicy device_policy;
@ -675,7 +675,7 @@ static bool read_or_create_volkey(const std::string& misc_path, const std::strin
EncryptionOptions options;
if (!get_volume_file_encryption_options(&options)) return false;
KeyBuffer key;
if (!retrieveOrGenerateKey(key_path, key_path + "_tmp", auth, makeGen(options), &key))
if (!retrieveOrGenerateKey(key_path, key_path + "_tmp", auth, makeGen(options), &key, false))
return false;
if (!install_storage_key(BuildDataPath(volume_uuid), options, key, policy)) return false;
return true;
@ -694,12 +694,12 @@ static bool fscrypt_rewrap_user_key(userid_t user_id, int serial,
auto const directory_path = get_ce_key_directory_path(user_id);
KeyBuffer ce_key;
std::string ce_key_current_path = get_ce_key_current_path(directory_path);
if (retrieveKey(ce_key_current_path, retrieve_auth, &ce_key)) {
if (retrieveKey(ce_key_current_path, retrieve_auth, &ce_key, false)) {
LOG(DEBUG) << "Successfully retrieved key";
// TODO(147732812): Remove this once Locksettingservice is fixed.
// Currently it calls fscrypt_clear_user_key_auth with a secret when lockscreen is
// changed from swipe to none or vice-versa
} else if (retrieveKey(ce_key_current_path, kEmptyAuthentication, &ce_key)) {
} else if (retrieveKey(ce_key_current_path, kEmptyAuthentication, &ce_key, false)) {
LOG(DEBUG) << "Successfully retrieved key with empty auth";
} else {
LOG(ERROR) << "Failed to retrieve key for user " << user_id;

14
KeyStorage.h
Unescape View File

@ -61,8 +61,20 @@ bool storeKeyAtomically(const std::string& key_path, const std::string& tmp_path
const KeyAuthentication& auth, const KeyBuffer& key);
// Retrieve the key from the named directory.
//
// If the key is wrapped by a Keymaster key that requires an upgrade, then that
// Keymaster key is upgraded. If |keepOld| is false, then the upgraded
// Keymaster key replaces the original one. As part of this, the original is
// deleted from Keymaster; however, if a user data checkpoint is active, this
// part is delayed until the checkpoint is committed.
//
// If instead |keepOld| is true, then the upgraded key doesn't actually replace
// the original one. This is needed *only* if |dir| isn't located in /data and
// a user data checkpoint is active. In this case the caller must handle
// replacing the original key if the checkpoint is committed, and deleting the
// upgraded key if the checkpoint is rolled back.
bool retrieveKey(const std::string& dir, const KeyAuthentication& auth, KeyBuffer* key,
bool keepOld = false);
bool keepOld);
// Securely destroy the key stored in the named directory and delete the directory.
bool destroyKey(const std::string& dir);

4
KeyUtil.h
Unescape View File

@ -74,9 +74,11 @@ bool installKey(const std::string& mountpoint, const EncryptionOptions& options,
// responsible for dropping caches.
bool evictKey(const std::string& mountpoint, const EncryptionPolicy& policy);
// Retrieves the key from the named directory, or generates it if it doesn't
// exist. In most cases |keepOld| must be false; see retrieveKey() for details.
bool retrieveOrGenerateKey(const std::string& key_path, const std::string& tmp_path,
const KeyAuthentication& key_authentication, const KeyGeneration& gen,
KeyBuffer* key, bool keepOld = true);
KeyBuffer* key, bool keepOld);
// Re-installs a file-based encryption key of fscrypt-provisioning type from the
// global session keyring back into fs keyring of the mountpoint.

36
VolumeManager.cpp
Unescape View File

@ -1066,8 +1066,42 @@ int VolumeManager::createObb(const std::string& sourcePath, const std::string& s
int32_t ownerGid, std::string* outVolId) {
int id = mNextObbId++;
std::string lowerSourcePath;
// Convert to lower filesystem path
if (StartsWith(sourcePath, "/storage/")) {
auto filter_fn = [&](const VolumeBase& vol) {
if (vol.getState() != VolumeBase::State::kMounted) {
// The volume must be mounted
return false;
}
if ((vol.getMountFlags() & VolumeBase::MountFlags::kVisible) == 0) {
// and visible
return false;
}
if (vol.getInternalPath().empty()) {
return false;
}
if (!sourcePath.empty() && StartsWith(sourcePath, vol.getPath())) {
return true;
}
return false;
};
auto volume = findVolumeWithFilter(filter_fn);
if (volume == nullptr) {
LOG(ERROR) << "Failed to find mounted volume for " << sourcePath;
return -EINVAL;
} else {
lowerSourcePath =
volume->getInternalPath() + sourcePath.substr(volume->getPath().length());
}
} else {
lowerSourcePath = sourcePath;
}
auto vol = std::shared_ptr<android::vold::VolumeBase>(
new android::vold::ObbVolume(id, sourcePath, sourceKey, ownerGid));
new android::vold::ObbVolume(id, lowerSourcePath, sourceKey, ownerGid));
vol->create();
mObbVolumes.push_back(vol);

Write Preview
Loading…
Cancel
Save