Allow vold to use FS_IOC_GET_ENCRYPTION_KEY_STATUS

This ioctl can be used to avoid a race condition between key reinstallation and busy files clean up. Test: Trigger busy file clean-up and ensure that the ioctl succeeds Bug: 140762419 Change-Id: I153c2e7b2d5eb39e0f217c9ef8b9dceba2a5a487
2023-02-22 22:29:02 +00:00 · 2023-02-22 22:29:02 +00:00 · ffb9f8855a
commit ffb9f8855a
parent 923a51af57
2 changed files with 3 additions and 1 deletions
--- a/public/ioctl_defines
+++ b/public/ioctl_defines
@ -827,6 +827,7 @@ define(`FS_IOC_ENABLE_VERITY', `0x6685')
 define(`FS_IOC_FIEMAP', `0xc020660b')
 define(`FS_IOC_FSGETXATTR', `0x801c581f')
 define(`FS_IOC_FSSETXATTR', `0x401c5820')
+define(`FS_IOC_GET_ENCRYPTION_KEY_STATUS', `0xc080661a')
 define(`FS_IOC_GET_ENCRYPTION_POLICY', `0x400c6615')
 define(`FS_IOC_GET_ENCRYPTION_POLICY_EX', `0xc0096616')
 define(`FS_IOC_GET_ENCRYPTION_PWSALT', `0x40106614')
--- a/public/vold.te
+++ b/public/vold.te
@ -51,6 +51,7 @@ allowxperm vold data_file_type:dir ioctl {
  FS_IOC_SET_ENCRYPTION_POLICY
  FS_IOC_ADD_ENCRYPTION_KEY
  FS_IOC_REMOVE_ENCRYPTION_KEY
+  FS_IOC_GET_ENCRYPTION_KEY_STATUS
 };

 # Only vold and init should ever set file-based encryption policies.
@ -65,7 +66,7 @@ neverallowxperm {
 neverallowxperm {
  domain
  -vold
-} data_file_type:dir ioctl { FS_IOC_ADD_ENCRYPTION_KEY FS_IOC_REMOVE_ENCRYPTION_KEY };
+} data_file_type:dir ioctl { FS_IOC_ADD_ENCRYPTION_KEY FS_IOC_REMOVE_ENCRYPTION_KEY FS_IOC_GET_ENCRYPTION_KEY_STATUS };

 # Allow securely erasing crypto key files. F2FS_IOC_SEC_TRIM_FILE is
 # tried first. Otherwise, FS_IOC_FIEMAP is needed to get the