tequilaOS/platform_system_core
2
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity

Add force_encrypt flag to fstab to force encryption on appropriate devices

Browse source 
forceencrypt= will encrypt the drive at boot if it is not encrypted. This change
will not have an impact until we set this flag in appropirate fstabs.

Bug: 11985952

Change-Id: I6c65eda7f109e4936aa160da50f871703aefb351
This commit is contained in:
Paul Lawrence 2014-04-04 09:34:19 -07:00
parent 7962e4acc7
commit 2e5ae0a4f9
3 changed files with 12 additions and 31 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

34
fs_mgr/fs_mgr.c
View file

@ -54,32 +54,6 @@
#define ARRAY_SIZE(a) (sizeof(a) / sizeof(*(a)))
/**
* TODO - Remove to enable always on encryption for all devices
* This limits the machines on which this feature is enabled
* Remove call from fs_mgr_mount_all as well
*/
static const char* serial_numbers[] = {
"039b83b8437e9637",
0
};
static int serial_matches()
{
char tmp[PROP_VALUE_MAX];
*tmp = 0;
__system_property_get("ro.serialno", tmp);
const char** i;
for (i = serial_numbers; *i; ++i) {
if (!strcmp(*i, tmp)) {
return 1;
}
}
return 0;
}
/*
* gettime() - returns the time in seconds of the system's monotonic clock or
* zero on error.
@ -291,8 +265,8 @@ int fs_mgr_mount_all(struct fstab *fstab)
if (!mret) {
/* If this is encryptable, need to trigger encryption */
if ((fstab->recs[i].fs_mgr_flags & MF_CRYPT)) {
if (serial_matches() && umount(fstab->recs[i].mount_point) == 0) {
if ((fstab->recs[i].fs_mgr_flags & MF_FORCECRYPT)) {
if (umount(fstab->recs[i].mount_point) == 0) {
if (!encryptable) {
encryptable = 2;
} else {
@ -314,7 +288,7 @@ int fs_mgr_mount_all(struct fstab *fstab)
mount_errno = errno;
/* mount(2) returned an error, check if it's encryptable and deal with it */
if (mount_errno != EBUSY && mount_errno != EACCES &&
(fstab->recs[i].fs_mgr_flags & MF_CRYPT) &&
(fstab->recs[i].fs_mgr_flags & (MF_CRYPT | MF_FORCECRYPT)) &&
!partition_wiped(fstab->recs[i].blk_device)) {
/* Need to mount a tmpfs at this mountpoint for now, and set
* properties that vold will query later for decrypting
@ -556,7 +530,7 @@ int fs_mgr_get_crypt_info(struct fstab *fstab, char *key_loc, char *real_blk_dev
if (fstab->recs[i].fs_mgr_flags & MF_VOLDMANAGED) {
continue;
}
if (!(fstab->recs[i].fs_mgr_flags & MF_CRYPT)) {
if (!(fstab->recs[i].fs_mgr_flags & (MF_CRYPT | MF_FORCECRYPT))) {
continue;
}

8
fs_mgr/fs_mgr_fstab.c
View file

@ -59,6 +59,7 @@ static struct flag_list fs_mgr_flags[] = {
{ "wait", MF_WAIT },
{ "check", MF_CHECK },
{ "encryptable=",MF_CRYPT },
{ "forceencrypt=",MF_FORCECRYPT },
{ "nonremovable",MF_NONREMOVABLE },
{ "voldmanaged=",MF_VOLDMANAGED},
{ "length=", MF_LENGTH },
@ -106,6 +107,11 @@ static int parse_flags(char *flags, struct flag_list *fl,
* location of the keys. Get it and return it.
*/
flag_vals->key_loc = strdup(strchr(p, '=') + 1);
} else if ((fl[i].flag == MF_FORCECRYPT) && flag_vals) {
/* The forceencrypt flag is followed by an = and the
* location of the keys. Get it and return it.
*/
flag_vals->key_loc = strdup(strchr(p, '=') + 1);
} else if ((fl[i].flag == MF_LENGTH) && flag_vals) {
/* The length flag is followed by an = and the
* size of the partition. Get it and return it.
@ -394,7 +400,7 @@ int fs_mgr_is_nonremovable(struct fstab_rec *fstab)
int fs_mgr_is_encryptable(struct fstab_rec *fstab)
{
return fstab->fs_mgr_flags & MF_CRYPT;
return fstab->fs_mgr_flags & (MF_CRYPT | MF_FORCECRYPT);
}
int fs_mgr_is_noemulatedsd(struct fstab_rec *fstab)

1
fs_mgr/fs_mgr_priv.h
View file

@ -72,6 +72,7 @@
#define MF_SWAPPRIO 0x80
#define MF_ZRAMSIZE 0x100
#define MF_VERIFY 0x200
#define MF_FORCECRYPT 0x400
/*
* There is no emulated sdcard daemon running on /data/media on this device,
* so treat the physical SD card as the only external storage device,