From b45caafbccbb743c8b01a5287188969883dec377 Mon Sep 17 00:00:00 2001
From: Eric Biggers <ebiggers@google.com>
Date: Thu, 2 Feb 2017 14:52:12 -0800
Subject: [PATCH] vold: allow specifying HEH filenames encryption

Make the vold changes needed to support specifying aes-256-heh filenames
encryption.  The previous mode, aes-256-cts, remains supported as well.

The file /data/unencrypted/mode is updated to have the syntax
contents_encryption_mode[:filenames_encryption_mode] instead of just
contents_encryption_mode.  This is consistent with the new fstab syntax.

Bug: 34712722
Change-Id: Ibc236d0ec4fdeda4e4e301f45fb996317692cfa3
---
 Ext4Crypt.cpp | 15 ++++++++++++---
 cryptfs.c     |  5 +++--
 cryptfs.h     |  3 ++-
 3 files changed, 17 insertions(+), 6 deletions(-)

diff --git a/Ext4Crypt.cpp b/Ext4Crypt.cpp
index 682b34c..c0a1ebc 100644
--- a/Ext4Crypt.cpp
+++ b/Ext4Crypt.cpp
@@ -385,9 +385,14 @@ static bool lookup_key_ref(const std::map<userid_t, std::string>& key_map, useri
 }
 
 static bool ensure_policy(const std::string& raw_ref, const std::string& path) {
+    const char *contents_mode;
+    const char *filenames_mode;
+
+    cryptfs_get_file_encryption_modes(&contents_mode, &filenames_mode);
+
     if (e4crypt_policy_ensure(path.c_str(),
                               raw_ref.data(), raw_ref.size(),
-                              cryptfs_get_file_encryption_mode()) != 0) {
+                              contents_mode, filenames_mode) != 0) {
         LOG(ERROR) << "Failed to set policy on: " << path;
         return false;
     }
@@ -446,9 +451,13 @@ bool e4crypt_initialize_global_de() {
         return true;
     }
 
+    const char *contents_mode;
+    const char *filenames_mode;
+    cryptfs_get_file_encryption_modes(&contents_mode, &filenames_mode);
+    std::string modestring = std::string(contents_mode) + ":" + filenames_mode;
+
     std::string mode_filename = std::string("/data") + e4crypt_key_mode;
-    std::string mode = cryptfs_get_file_encryption_mode();
-    if (!android::base::WriteStringToFile(mode, mode_filename)) {
+    if (!android::base::WriteStringToFile(modestring, mode_filename)) {
         PLOG(ERROR) << "Cannot save type";
         return false;
     }
diff --git a/cryptfs.c b/cryptfs.c
index e2606ec..41be686 100644
--- a/cryptfs.c
+++ b/cryptfs.c
@@ -3879,8 +3879,9 @@ int cryptfs_set_password(struct crypt_mnt_ftr* ftr, const char* password,
                               ftr);
 }
 
-const char* cryptfs_get_file_encryption_mode()
+void cryptfs_get_file_encryption_modes(const char **contents_mode_ret,
+                                       const char **filenames_mode_ret)
 {
     struct fstab_rec* rec = fs_mgr_get_entry_for_mount_point(fstab, DATA_MNT_POINT);
-    return fs_mgr_get_file_encryption_mode(rec);
+    fs_mgr_get_file_encryption_modes(rec, contents_mode_ret, filenames_mode_ret);
 }
diff --git a/cryptfs.h b/cryptfs.h
index bf158de..5c05001 100644
--- a/cryptfs.h
+++ b/cryptfs.h
@@ -252,7 +252,8 @@ extern "C" {
                              unsigned char* master_key);
   int cryptfs_set_password(struct crypt_mnt_ftr* ftr, const char* password,
                            const unsigned char* master_key);
-  const char* cryptfs_get_file_encryption_mode();
+  void cryptfs_get_file_encryption_modes(const char **contents_mode_ret,
+                                         const char **filenames_mode_ret);
 
 #ifdef __cplusplus
 }