vold: allow specifying HEH filenames encryption

Make the vold changes needed to support specifying aes-256-heh filenames encryption. The previous mode, aes-256-cts, remains supported as well. The file /data/unencrypted/mode is updated to have the syntax contents_encryption_mode[:filenames_encryption_mode] instead of just contents_encryption_mode. This is consistent with the new fstab syntax. Bug: 34712722 Change-Id: Ibc236d0ec4fdeda4e4e301f45fb996317692cfa3
8 years ago · b45caafbcc
parent cfc5202147
commit b45caafbcc
3 changed files with 17 additions and 6 deletions
--- a/Ext4Crypt.cpp
+++ b/Ext4Crypt.cpp
@ -385,9 +385,14 @@ static bool lookup_key_ref(const std::map<userid_t, std::string>& key_map, useri
 }

 static bool ensure_policy(const std::string& raw_ref, const std::string& path) {
+    const char *contents_mode;
+    const char *filenames_mode;
+
+    cryptfs_get_file_encryption_modes(&contents_mode, &filenames_mode);
+
    if (e4crypt_policy_ensure(path.c_str(),
                              raw_ref.data(), raw_ref.size(),
-                              cryptfs_get_file_encryption_mode()) != 0) {
+                              contents_mode, filenames_mode) != 0) {
        LOG(ERROR) << "Failed to set policy on: " << path;
        return false;
    }
@ -446,9 +451,13 @@ bool e4crypt_initialize_global_de() {
        return true;
    }

+    const char *contents_mode;
+    const char *filenames_mode;
+    cryptfs_get_file_encryption_modes(&contents_mode, &filenames_mode);
+    std::string modestring = std::string(contents_mode) + ":" + filenames_mode;
+
    std::string mode_filename = std::string("/data") + e4crypt_key_mode;
-    std::string mode = cryptfs_get_file_encryption_mode();
-    if (!android::base::WriteStringToFile(mode, mode_filename)) {
+    if (!android::base::WriteStringToFile(modestring, mode_filename)) {
        PLOG(ERROR) << "Cannot save type";
        return false;
    }
--- a/cryptfs.c
+++ b/cryptfs.c
@ -3879,8 +3879,9 @@ int cryptfs_set_password(struct crypt_mnt_ftr* ftr, const char* password,
                              ftr);
 }

-const char* cryptfs_get_file_encryption_mode()
+void cryptfs_get_file_encryption_modes(const char **contents_mode_ret,
+                                       const char **filenames_mode_ret)
 {
    struct fstab_rec* rec = fs_mgr_get_entry_for_mount_point(fstab, DATA_MNT_POINT);
-    return fs_mgr_get_file_encryption_mode(rec);
+    fs_mgr_get_file_encryption_modes(rec, contents_mode_ret, filenames_mode_ret);
 }
--- a/cryptfs.h
+++ b/cryptfs.h
@ -252,7 +252,8 @@ extern "C" {
                             unsigned char* master_key);
  int cryptfs_set_password(struct crypt_mnt_ftr* ftr, const char* password,
                           const unsigned char* master_key);
-  const char* cryptfs_get_file_encryption_mode();
+  void cryptfs_get_file_encryption_modes(const char **contents_mode_ret,
+                                         const char **filenames_mode_ret);

 #ifdef __cplusplus
 }