am 6a69cfc4: Make encryption configurable

* commit '6a69cfc411c086f15d59b7dc105763af16620414':
  Make encryption configurable
This commit is contained in:
Paul Lawrence 2015-01-26 15:53:01 +00:00 committed by Android Git Automerger
commit 4a36ca0038
3 changed files with 52 additions and 0 deletions

View file

@ -619,6 +619,14 @@ int CommandListener::CryptfsCmd::runCommand(SocketClient *cli,
Process::killProcessesWithOpenFiles(DATA_MNT_POINT, 2);
}
}
} else if (!strcmp(argv[1], "maybeenabledefaultcrypto")) {
if (argc != 2) {
cli->sendMsg(ResponseCode::CommandSyntaxError,
"Usage: cryptfs maybeenabledefaultcrypto", false);
return 0;
}
dumpArgs(argc, argv, -1);
rc = cryptfs_maybe_enable_default_crypto();
} else if (!strcmp(argv[1], "changepw")) {
const char* syntax = "Usage: cryptfs changepw "
"default|password|pin|pattern [newpasswd]";

View file

@ -3298,6 +3298,49 @@ int cryptfs_enable_default(char *howarg, int allow_reboot)
DEFAULT_PASSWORD, allow_reboot);
}
static int device_is_force_encrypted() {
int ret = -1;
char value[PROP_VALUE_MAX];
ret = __system_property_get("ro.vold.forceencryption", value);
if (ret < 0)
return 0;
return strcmp(value, "1") ? 0 : 1;
}
int cryptfs_maybe_enable_default_crypto()
{
// Enable default crypt if /forceencrypt or /encryptable and
// ro.vold.forceencrypt=1, else mount data and continue unencrypted
struct fstab_rec *fstab_rec = 0;
fstab_rec = fs_mgr_get_entry_for_mount_point(fstab, DATA_MNT_POINT);
if (!fstab_rec) {
SLOGE("Error getting fstab record");
return -1;
}
// See if we should encrypt?
if ( !fs_mgr_is_encryptable(fstab_rec)
|| (!fs_mgr_is_force_encrypted(fstab_rec)
&& !device_is_force_encrypted())) {
int rc = 0;
rc = fs_mgr_do_mount(fstab, DATA_MNT_POINT, fstab_rec->blk_device, 0);
property_set("vold.decrypt", "trigger_load_persist_props");
/* Create necessary paths on /data */
if (prep_data_fs()) {
return -1;
}
property_set("ro.crypto.state", "unencrypted");
property_set("vold.decrypt", "trigger_restart_framework");
SLOGD("Unencrypted - restart_framework\n");
return rc;
}
return cryptfs_enable_default("inplace", 0);
}
int cryptfs_changepw(int crypt_type, const char *newpw)
{
struct crypt_mnt_ftr crypt_ftr;

View file

@ -235,6 +235,7 @@ extern "C" {
int cryptfs_enable(char *flag, int type, char *passwd, int allow_reboot);
int cryptfs_changepw(int type, const char *newpw);
int cryptfs_enable_default(char *flag, int allow_reboot);
int cryptfs_maybe_enable_default_crypto();
int cryptfs_setup_volume(const char *label, int major, int minor,
char *crypto_dev_path, unsigned int max_pathlen,
int *new_major, int *new_minor);