vold: cryptfs: Retry encryption after killing processes using /data
Currently, if a non-framework process or service is using /data, unmounting will fail as nothing will kill it. Instead of rebooting on unmount failure, we now kill all processes using /data, then try one more time. Bug: 11291208 Change-Id: I6c5276c78aa55965914ace96e1db74dc80fca3c1
This commit is contained in:
parent
0291262a68
commit
502dc74153
3 changed files with 18 additions and 8 deletions
|
@ -549,7 +549,12 @@ int CommandListener::CryptfsCmd::runCommand(SocketClient *cli,
|
|||
return 0;
|
||||
}
|
||||
dumpArgs(argc, argv, 3);
|
||||
rc = cryptfs_enable(argv[2], argv[3]);
|
||||
rc = cryptfs_enable(argv[2], argv[3], /*allow_reboot*/false);
|
||||
if (rc) {
|
||||
Process::killProcessesWithOpenFiles(DATA_MNT_POINT, 2);
|
||||
rc = cryptfs_enable(argv[2], argv[3], true);
|
||||
}
|
||||
|
||||
} else if (!strcmp(argv[1], "changepw")) {
|
||||
if (argc != 3) {
|
||||
cli->sendMsg(ResponseCode::CommandSyntaxError, "Usage: cryptfs changepw <newpasswd>", false);
|
||||
|
|
15
cryptfs.c
15
cryptfs.c
|
@ -51,7 +51,6 @@
|
|||
#include "crypto_scrypt.h"
|
||||
|
||||
#define DM_CRYPT_BUF_SIZE 4096
|
||||
#define DATA_MNT_POINT "/data"
|
||||
|
||||
#define HASH_COUNT 2000
|
||||
#define KEY_LEN_BYTES 16
|
||||
|
@ -1576,7 +1575,7 @@ static inline int should_encrypt(struct volume_info *volume)
|
|||
(VOL_ENCRYPTABLE | VOL_NONREMOVABLE);
|
||||
}
|
||||
|
||||
int cryptfs_enable(char *howarg, char *passwd)
|
||||
int cryptfs_enable(char *howarg, char *passwd, int allow_reboot)
|
||||
{
|
||||
int how = 0;
|
||||
char crypto_blkdev[MAXPATHLEN], real_blkdev[MAXPATHLEN], sd_crypto_blkdev[MAXPATHLEN];
|
||||
|
@ -1597,7 +1596,7 @@ int cryptfs_enable(char *howarg, char *passwd)
|
|||
off64_t cur_encryption_done=0, tot_encryption_size=0;
|
||||
|
||||
property_get("ro.crypto.state", encrypted_state, "");
|
||||
if (strcmp(encrypted_state, "unencrypted")) {
|
||||
if (!strcmp(encrypted_state, "encrypted")) {
|
||||
SLOGE("Device is already running encrypted, aborting");
|
||||
goto error_unencrypted;
|
||||
}
|
||||
|
@ -1703,7 +1702,11 @@ int cryptfs_enable(char *howarg, char *passwd)
|
|||
|
||||
/* Now unmount the /data partition. */
|
||||
if (wait_and_unmount(DATA_MNT_POINT)) {
|
||||
goto error_shutting_down;
|
||||
if (allow_reboot) {
|
||||
goto error_shutting_down;
|
||||
} else {
|
||||
goto error_unencrypted;
|
||||
}
|
||||
}
|
||||
|
||||
/* Do extra work for a better UX when doing the long inplace encryption */
|
||||
|
@ -1757,7 +1760,7 @@ int cryptfs_enable(char *howarg, char *passwd)
|
|||
/* Make an encrypted master key */
|
||||
if (create_encrypted_random_key(passwd, crypt_ftr.master_key, crypt_ftr.salt, &crypt_ftr)) {
|
||||
SLOGE("Cannot create encrypted master key\n");
|
||||
goto error_unencrypted;
|
||||
goto error_shutting_down;
|
||||
}
|
||||
|
||||
/* Write the key to the end of the partition */
|
||||
|
@ -1829,7 +1832,7 @@ int cryptfs_enable(char *howarg, char *passwd)
|
|||
} else {
|
||||
/* Shouldn't happen */
|
||||
SLOGE("cryptfs_enable: internal error, unknown option\n");
|
||||
goto error_unencrypted;
|
||||
goto error_shutting_down;
|
||||
}
|
||||
|
||||
/* Undo the dm-crypt mapping whether we succeed or not */
|
||||
|
|
|
@ -132,6 +132,8 @@ struct volume_info {
|
|||
#define VOL_PRIMARY 0x4
|
||||
#define VOL_PROVIDES_ASEC 0x8
|
||||
|
||||
#define DATA_MNT_POINT "/data"
|
||||
|
||||
#ifdef __cplusplus
|
||||
extern "C" {
|
||||
#endif
|
||||
|
@ -142,7 +144,7 @@ extern "C" {
|
|||
int cryptfs_check_passwd(char *pw);
|
||||
int cryptfs_verify_passwd(char *newpw);
|
||||
int cryptfs_restart(void);
|
||||
int cryptfs_enable(char *flag, char *passwd);
|
||||
int cryptfs_enable(char *flag, char *passwd, int allow_reboot);
|
||||
int cryptfs_changepw(char *newpw);
|
||||
int cryptfs_setup_volume(const char *label, int major, int minor,
|
||||
char *crypto_dev_path, unsigned int max_pathlen,
|
||||
|
|
Loading…
Reference in a new issue