vold: use __ANDROID_API_Q__ instead of pre_gki_level
The name "pre_gki_level" is causing some confusion because not all devices launching with Android R are subject to the GKI requirement. (See b/161563110#comment11.) E.g., devices that use a 4.14-based kernel are exempt from GKI. However, the encryption requirements still apply. Just use __ANDROID_API_Q__ directly instead. No change in behavior. Change-Id: Id02ae1140845ac1ae7cf78be4e57fe34da028abf
This commit is contained in:
parent
213dbe30a1
commit
72d07130ac
3 changed files with 5 additions and 7 deletions
|
@ -265,10 +265,9 @@ static bool get_volume_file_encryption_options(EncryptionOptions* options) {
|
||||||
// HEH as default was always a mistake. Use the libfscrypt default (CTS)
|
// HEH as default was always a mistake. Use the libfscrypt default (CTS)
|
||||||
// for devices launching on versions above Android 10.
|
// for devices launching on versions above Android 10.
|
||||||
auto first_api_level = GetFirstApiLevel();
|
auto first_api_level = GetFirstApiLevel();
|
||||||
constexpr uint64_t pre_gki_level = 29;
|
|
||||||
auto filenames_mode =
|
auto filenames_mode =
|
||||||
android::base::GetProperty("ro.crypto.volume.filenames_mode",
|
android::base::GetProperty("ro.crypto.volume.filenames_mode",
|
||||||
first_api_level > pre_gki_level ? "" : "aes-256-heh");
|
first_api_level > __ANDROID_API_Q__ ? "" : "aes-256-heh");
|
||||||
auto options_string = android::base::GetProperty("ro.crypto.volume.options",
|
auto options_string = android::base::GetProperty("ro.crypto.volume.options",
|
||||||
contents_mode + ":" + filenames_mode);
|
contents_mode + ":" + filenames_mode);
|
||||||
if (!ParseOptionsForApiLevel(first_api_level, options_string, options)) {
|
if (!ParseOptionsForApiLevel(first_api_level, options_string, options)) {
|
||||||
|
|
|
@ -283,10 +283,9 @@ bool fscrypt_mount_metadata_encrypted(const std::string& blk_device, const std::
|
||||||
return false;
|
return false;
|
||||||
}
|
}
|
||||||
|
|
||||||
constexpr unsigned int pre_gki_level = 29;
|
|
||||||
unsigned int options_format_version = android::base::GetUintProperty<unsigned int>(
|
unsigned int options_format_version = android::base::GetUintProperty<unsigned int>(
|
||||||
"ro.crypto.dm_default_key.options_format.version",
|
"ro.crypto.dm_default_key.options_format.version",
|
||||||
(GetFirstApiLevel() <= pre_gki_level ? 1 : 2));
|
(GetFirstApiLevel() <= __ANDROID_API_Q__ ? 1 : 2));
|
||||||
|
|
||||||
CryptoOptions options;
|
CryptoOptions options;
|
||||||
if (options_format_version == 1) {
|
if (options_format_version == 1) {
|
||||||
|
|
|
@ -32,16 +32,16 @@ namespace vold {
|
||||||
enum class VolumeMethod { kFailed, kCrypt, kDefaultKey };
|
enum class VolumeMethod { kFailed, kCrypt, kDefaultKey };
|
||||||
|
|
||||||
static VolumeMethod lookup_volume_method() {
|
static VolumeMethod lookup_volume_method() {
|
||||||
constexpr uint64_t pre_gki_level = 29;
|
|
||||||
auto first_api_level =
|
auto first_api_level =
|
||||||
android::base::GetUintProperty<uint64_t>("ro.product.first_api_level", 0);
|
android::base::GetUintProperty<uint64_t>("ro.product.first_api_level", 0);
|
||||||
auto method = android::base::GetProperty("ro.crypto.volume.metadata.method", "default");
|
auto method = android::base::GetProperty("ro.crypto.volume.metadata.method", "default");
|
||||||
if (method == "default") {
|
if (method == "default") {
|
||||||
return first_api_level > pre_gki_level ? VolumeMethod::kDefaultKey : VolumeMethod::kCrypt;
|
return first_api_level > __ANDROID_API_Q__ ? VolumeMethod::kDefaultKey
|
||||||
|
: VolumeMethod::kCrypt;
|
||||||
} else if (method == "dm-default-key") {
|
} else if (method == "dm-default-key") {
|
||||||
return VolumeMethod::kDefaultKey;
|
return VolumeMethod::kDefaultKey;
|
||||||
} else if (method == "dm-crypt") {
|
} else if (method == "dm-crypt") {
|
||||||
if (first_api_level > pre_gki_level) {
|
if (first_api_level > __ANDROID_API_Q__) {
|
||||||
LOG(ERROR) << "volume encryption method dm-crypt cannot be used, "
|
LOG(ERROR) << "volume encryption method dm-crypt cannot be used, "
|
||||||
"ro.product.first_api_level = "
|
"ro.product.first_api_level = "
|
||||||
<< first_api_level;
|
<< first_api_level;
|
||||||
|
|
Loading…
Reference in a new issue