Infrastructure to securely allow only one prompt at boot when encrypted
Add a call to vold that says if we decrypted the data partition. Reset the flag so that it only returns true the first time. Bug: 12990752 Change-Id: Ib00be87137c00fb8ad29205c85a3ea187764b702
This commit is contained in:
Paul Lawrence
parent
1348603357
commit
684dbdf316
3 changed files with 23 additions and 0 deletions
|
|
@ -646,6 +646,10 @@ int CommandListener::CryptfsCmd::runCommand(SocketClient *cli,
|
|||
cli->sendMsg(ResponseCode::OpFailedStorageNotFound, "Error", false);
|
||||
return 0;
|
||||
}
|
||||
} else if (!strcmp(argv[1], "justdecrypted")) {
|
||||
SLOGD("cryptfs justdecrypted");
|
||||
dumpArgs(argc, argv, -1);
|
||||
rc = cryptfs_just_decrypted();
|
||||
} else {
|
||||
dumpArgs(argc, argv, -1);
|
||||
cli->sendMsg(ResponseCode::CommandSyntaxError, "Unknown cryptfs cmd", false);
|
||||
|
|
|
|||
18
cryptfs.c
18
cryptfs.c
|
|
@ -79,6 +79,12 @@ static char *saved_mount_point;
|
|||
static int master_key_saved = 0;
|
||||
static struct crypt_persist_data *persist_data = NULL;
|
||||
|
||||
/* Set when userdata is successfully decrypted and mounted.
|
||||
* Reset whenever read (via cryptfs_just_decrypted)
|
||||
* (Read by keyguard to avoid a double prompt.)
|
||||
*/
|
||||
static int just_decrypted = 0;
|
||||
|
||||
extern struct fstab *fstab;
|
||||
|
||||
static void cryptfs_reboot(int recovery)
|
||||
|
|
@ -1464,6 +1470,11 @@ int cryptfs_check_passwd(char *passwd)
|
|||
|
||||
rc = test_mount_encrypted_fs(&crypt_ftr, passwd,
|
||||
DATA_MNT_POINT, "userdata");
|
||||
|
||||
if (rc == 0 && crypt_ftr.crypt_type != CRYPT_TYPE_DEFAULT) {
|
||||
just_decrypted = 1;
|
||||
}
|
||||
|
||||
return rc;
|
||||
}
|
||||
|
||||
|
|
@ -2481,3 +2492,10 @@ int cryptfs_get_password_type(void)
|
|||
|
||||
return crypt_ftr.crypt_type;
|
||||
}
|
||||
|
||||
int cryptfs_just_decrypted(void)
|
||||
{
|
||||
int rc = just_decrypted;
|
||||
just_decrypted = 0;
|
||||
return rc;
|
||||
}
|
||||
|
|
|
|||
|
|
@ -166,6 +166,7 @@ extern "C" {
|
|||
int cryptfs_setfield(char *fieldname, char *value);
|
||||
int cryptfs_mount_default_encrypted(void);
|
||||
int cryptfs_get_password_type(void);
|
||||
int cryptfs_just_decrypted(void);
|
||||
#ifdef __cplusplus
|
||||
}
|
||||
#endif
|
||||
|
|
|
|||
Loading…
Reference in a new issue