vold: use __ANDROID_API_Q__ instead of pre_gki_level

The name "pre_gki_level" is causing some confusion because not all
devices launching with Android R are subject to the GKI requirement.
(See b/161563110#comment11.)  E.g., devices that use a 4.14-based kernel
are exempt from GKI.  However, the encryption requirements still apply.

Just use __ANDROID_API_Q__ directly instead.

No change in behavior.

Change-Id: Id02ae1140845ac1ae7cf78be4e57fe34da028abf
This commit is contained in:
Eric Biggers 2020-08-10 10:55:56 -07:00
parent 213dbe30a1
commit 72d07130ac
3 changed files with 5 additions and 7 deletions

View file

@ -265,10 +265,9 @@ static bool get_volume_file_encryption_options(EncryptionOptions* options) {
// HEH as default was always a mistake. Use the libfscrypt default (CTS) // HEH as default was always a mistake. Use the libfscrypt default (CTS)
// for devices launching on versions above Android 10. // for devices launching on versions above Android 10.
auto first_api_level = GetFirstApiLevel(); auto first_api_level = GetFirstApiLevel();
constexpr uint64_t pre_gki_level = 29;
auto filenames_mode = auto filenames_mode =
android::base::GetProperty("ro.crypto.volume.filenames_mode", android::base::GetProperty("ro.crypto.volume.filenames_mode",
first_api_level > pre_gki_level ? "" : "aes-256-heh"); first_api_level > __ANDROID_API_Q__ ? "" : "aes-256-heh");
auto options_string = android::base::GetProperty("ro.crypto.volume.options", auto options_string = android::base::GetProperty("ro.crypto.volume.options",
contents_mode + ":" + filenames_mode); contents_mode + ":" + filenames_mode);
if (!ParseOptionsForApiLevel(first_api_level, options_string, options)) { if (!ParseOptionsForApiLevel(first_api_level, options_string, options)) {

View file

@ -283,10 +283,9 @@ bool fscrypt_mount_metadata_encrypted(const std::string& blk_device, const std::
return false; return false;
} }
constexpr unsigned int pre_gki_level = 29;
unsigned int options_format_version = android::base::GetUintProperty<unsigned int>( unsigned int options_format_version = android::base::GetUintProperty<unsigned int>(
"ro.crypto.dm_default_key.options_format.version", "ro.crypto.dm_default_key.options_format.version",
(GetFirstApiLevel() <= pre_gki_level ? 1 : 2)); (GetFirstApiLevel() <= __ANDROID_API_Q__ ? 1 : 2));
CryptoOptions options; CryptoOptions options;
if (options_format_version == 1) { if (options_format_version == 1) {

View file

@ -32,16 +32,16 @@ namespace vold {
enum class VolumeMethod { kFailed, kCrypt, kDefaultKey }; enum class VolumeMethod { kFailed, kCrypt, kDefaultKey };
static VolumeMethod lookup_volume_method() { static VolumeMethod lookup_volume_method() {
constexpr uint64_t pre_gki_level = 29;
auto first_api_level = auto first_api_level =
android::base::GetUintProperty<uint64_t>("ro.product.first_api_level", 0); android::base::GetUintProperty<uint64_t>("ro.product.first_api_level", 0);
auto method = android::base::GetProperty("ro.crypto.volume.metadata.method", "default"); auto method = android::base::GetProperty("ro.crypto.volume.metadata.method", "default");
if (method == "default") { if (method == "default") {
return first_api_level > pre_gki_level ? VolumeMethod::kDefaultKey : VolumeMethod::kCrypt; return first_api_level > __ANDROID_API_Q__ ? VolumeMethod::kDefaultKey
: VolumeMethod::kCrypt;
} else if (method == "dm-default-key") { } else if (method == "dm-default-key") {
return VolumeMethod::kDefaultKey; return VolumeMethod::kDefaultKey;
} else if (method == "dm-crypt") { } else if (method == "dm-crypt") {
if (first_api_level > pre_gki_level) { if (first_api_level > __ANDROID_API_Q__) {
LOG(ERROR) << "volume encryption method dm-crypt cannot be used, " LOG(ERROR) << "volume encryption method dm-crypt cannot be used, "
"ro.product.first_api_level = " "ro.product.first_api_level = "
<< first_api_level; << first_api_level;