Merge changes Icdff584e,I71fd98e6,If1e9e3ad,I05bc4dc9 am: 017e95fa6a

Original change: https://android-review.googlesource.com/c/platform/system/vold/+/1887522

Change-Id: If1d52fea241fa0732f4e1964f616a6e0c57b7303

Android.bp

@@ -41,7 +41,6 @@ cc_defaults {
         "libfec_rs",
         "libfs_avb",
         "libfs_mgr",
-        "libscrypt_static",
         "libsquashfs_utils",
         "libvold_binder",
     ],
@@ -130,7 +129,6 @@ cc_library_static {
         "NetlinkHandler.cpp",
         "NetlinkManager.cpp",
         "Process.cpp",
-        "ScryptParameters.cpp",
         "Utils.cpp",
         "VoldNativeService.cpp",
         "VoldNativeServiceValidation.cpp",
@@ -235,7 +233,6 @@ cc_binary {
     static_libs: [
         "libvold_binder",
     ],
-    init_rc: ["vdc.rc"],
 }
 
 cc_binary {

KeyStorage.cpp

@@ -18,7 +18,6 @@
 
 #include "Checkpoint.h"
 #include "Keystore.h"
-#include "ScryptParameters.h"
 #include "Utils.h"
 
 #include <algorithm>
@@ -45,11 +44,6 @@
 
 #include <cutils/properties.h>
 
-extern "C" {
-
-#include "crypto_scrypt.h"
-}
-
 namespace android {
 namespace vold {
 

ScryptParameters.cpp

@@ -1,51 +0,0 @@
-/*
- * Copyright (C) 2016 The Android Open Source Project
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- *      http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-
-#include "ScryptParameters.h"
-
-#include <stdlib.h>
-#include <string.h>
-
-bool parse_scrypt_parameters(const char* paramstr, int* Nf, int* rf, int* pf) {
-    int params[3] = {};
-    char* token;
-    char* saveptr;
-    int i;
-
-    /*
-     * The token we're looking for should be three integers separated by
-     * colons (e.g., "12:8:1"). Scan the property to make sure it matches.
-     */
-    for (i = 0, token = strtok_r(const_cast<char*>(paramstr), ":", &saveptr);
-         token != nullptr && i < 3; i++, token = strtok_r(nullptr, ":", &saveptr)) {
-        char* endptr;
-        params[i] = strtol(token, &endptr, 10);
-
-        /*
-         * Check that there was a valid number and it's 8-bit.
-         */
-        if ((*token == '\0') || (*endptr != '\0') || params[i] < 0 || params[i] > 255) {
-            return false;
-        }
-    }
-    if (token != nullptr) {
-        return false;
-    }
-    *Nf = params[0];
-    *rf = params[1];
-    *pf = params[2];
-    return true;
-}

ScryptParameters.h

@@ -1,28 +0,0 @@
-/*
- * Copyright (C) 2016 The Android Open Source Project
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- *      http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-
-#ifndef ANDROID_VOLD_SCRYPT_PARAMETERS_H
-#define ANDROID_VOLD_SCRYPT_PARAMETERS_H
-
-#include <stdbool.h>
-#include <sys/cdefs.h>
-
-#define SCRYPT_PROP "ro.crypto.scrypt_params"
-#define SCRYPT_DEFAULTS "15:3:1"
-
-bool parse_scrypt_parameters(const char* paramstr, int* Nf, int* rf, int* pf);
-
-#endif

VoldNativeService.cpp

@@ -26,7 +26,6 @@
 #include <utils/Trace.h>
 
 #include <stdio.h>
-#include <sys/vfs.h>
 #include <fstream>
 #include <thread>
 
@@ -912,42 +911,10 @@ static void initializeIncFs() {
     incfs::features();
 }
 
-// This is missing from the kernel UAPI headers.
-#define ST_RDONLY 0x0001
-
-// FDE devices run the post-fs-data trigger (and hence also earlyBootEnded)
-// multiple times, sometimes prior to the real /data being mounted.  That causes
-// keystore2 to try to open a file in /data, causing it to panic or have to be
-// killed by vold later, causing problems (vold failing to connect to keystore2,
-// or keystore2 operations erroring out later).  As a workaround to keep FDE
-// working, ignore these too-early calls to earlyBootEnded.
-//
-// This can be removed when support for FDE is removed.
-static bool IgnoreEarlyBootEnded() {
-    // The statfs("/data") below should be sufficient by itself, but to be safe
-    // we also explicitly return false on FBE devices.  (This really should be
-    // ro.crypto.type != "block" for "non-FDE devices", but on FDE devices this
-    // is sometimes called before ro.crypto.type gets set.)
-    if (fscrypt_is_native()) return false;
-
-    struct statfs buf;
-    if (statfs(DATA_MNT_POINT, &buf) != 0) {
-        PLOG(ERROR) << "statfs(\"/data\") failed";
-        return false;
-    }
-    if (buf.f_type == TMPFS_MAGIC || (buf.f_flags & ST_RDONLY)) {
-        LOG(INFO) << "Ignoring earlyBootEnded since real /data isn't mounted yet";
-        return true;
-    }
-    return false;
-}
-
 binder::Status VoldNativeService::earlyBootEnded() {
     ENFORCE_SYSTEM_OR_ROOT;
     ACQUIRE_LOCK;
 
-    if (IgnoreEarlyBootEnded()) return Ok();
-
     initializeIncFs();
     Keystore::earlyBootEnded();
     return Ok();

cryptfs.h

@@ -22,10 +22,6 @@
 #include "KeyBuffer.h"
 #include "KeyUtil.h"
 
-// TODO(b/191796797): remove this once it is no longer referenced by system/core
-// and bootable/recovery.
-#define CRYPT_FOOTER_OFFSET 0x4000
-
 int cryptfs_setup_ext_volume(const char* label, const char* real_blkdev,
                              const android::vold::KeyBuffer& key, std::string* out_crypto_blkdev);
 const android::vold::KeyGeneration cryptfs_get_keygen();

vdc.rc

@@ -1,12 +0,0 @@
-# One shot invocation to deal with encrypted volume.
-on defaultcrypto
-    exec - root -- /system/bin/vdc --wait cryptfs mountdefaultencrypted
-    # vold will set vold.decrypt to trigger_restart_framework (default
-    # encryption) or trigger_restart_min_framework (other encryption)
-
-# One shot invocation to encrypt unencrypted volumes
-on encrypt
-    start surfaceflinger
-    exec - root -- /system/bin/vdc --wait cryptfs enablecrypto
-    # vold will set vold.decrypt to trigger_restart_framework (default
-    # encryption)