Merge "Let vold format the encrypted partition"

This commit is contained in:
Jaegeuk Kim 2021-01-06 19:12:35 +00:00 committed by Gerrit Code Review
commit 9cecd65006
6 changed files with 44 additions and 13 deletions

View file

@ -41,6 +41,8 @@
#include "Keymaster.h"
#include "Utils.h"
#include "VoldUtil.h"
#include "fs/Ext4.h"
#include "fs/F2fs.h"
namespace android {
namespace vold {
@ -202,8 +204,11 @@ static bool parse_options(const std::string& options_string, CryptoOptions* opti
}
bool fscrypt_mount_metadata_encrypted(const std::string& blk_device, const std::string& mount_point,
bool needs_encrypt) {
LOG(DEBUG) << "fscrypt_mount_metadata_encrypted: " << mount_point << " " << needs_encrypt;
bool needs_encrypt, bool should_format,
const std::string& fs_type) {
LOG(DEBUG) << "fscrypt_mount_metadata_encrypted: " << mount_point
<< " encrypt: " << needs_encrypt << " format: " << should_format << " with "
<< fs_type;
auto encrypted_state = android::base::GetProperty("ro.crypto.state", "");
if (encrypted_state != "" && encrypted_state != "encrypted") {
LOG(DEBUG) << "fscrypt_enable_crypto got unexpected starting state: " << encrypted_state;
@ -250,8 +255,24 @@ bool fscrypt_mount_metadata_encrypted(const std::string& blk_device, const std::
if (!create_crypto_blk_dev(kDmNameUserdata, blk_device, key, options, &crypto_blkdev, &nr_sec))
return false;
// FIXME handle the corrupt case
if (needs_encrypt && !encrypt_inplace(crypto_blkdev, blk_device, nr_sec, false)) return false;
if (needs_encrypt) {
if (should_format) {
status_t error;
if (fs_type == "ext4") {
error = ext4::Format(crypto_blkdev, 0, mount_point);
} else if (fs_type == "f2fs") {
error = f2fs::Format(crypto_blkdev);
} else {
LOG(ERROR) << "Unknown filesystem type: " << fs_type;
return false;
}
LOG(DEBUG) << "Format (err=" << error << ") " << crypto_blkdev << " on " << mount_point;
if (error != 0) return false;
} else {
if (!encrypt_inplace(crypto_blkdev, blk_device, nr_sec, false)) return false;
}
}
LOG(DEBUG) << "Mounting metadata-encrypted filesystem:" << mount_point;
mount_via_fs_mgr(mount_point.c_str(), crypto_blkdev.c_str());

View file

@ -26,7 +26,8 @@ namespace android {
namespace vold {
bool fscrypt_mount_metadata_encrypted(const std::string& block_device,
const std::string& mount_point, bool needs_encrypt);
const std::string& mount_point, bool needs_encrypt,
bool should_format, const std::string& fs_type);
bool defaultkey_volume_keygen(KeyGeneration* gen);

View file

@ -681,15 +681,18 @@ binder::Status VoldNativeService::mountFstab(const std::string& blkDevice,
ENFORCE_SYSTEM_OR_ROOT;
ACQUIRE_LOCK;
return translateBool(fscrypt_mount_metadata_encrypted(blkDevice, mountPoint, false));
return translateBool(
fscrypt_mount_metadata_encrypted(blkDevice, mountPoint, false, false, "null"));
}
binder::Status VoldNativeService::encryptFstab(const std::string& blkDevice,
const std::string& mountPoint) {
const std::string& mountPoint, bool shouldFormat,
const std::string& fsType) {
ENFORCE_SYSTEM_OR_ROOT;
ACQUIRE_LOCK;
return translateBool(fscrypt_mount_metadata_encrypted(blkDevice, mountPoint, true));
return translateBool(
fscrypt_mount_metadata_encrypted(blkDevice, mountPoint, true, shouldFormat, fsType));
}
binder::Status VoldNativeService::createUserKey(int32_t userId, int32_t userSerial,

View file

@ -111,7 +111,8 @@ class VoldNativeService : public BinderService<VoldNativeService>, public os::Bn
binder::Status initUser0();
binder::Status isConvertibleToFbe(bool* _aidl_return);
binder::Status mountFstab(const std::string& blkDevice, const std::string& mountPoint);
binder::Status encryptFstab(const std::string& blkDevice, const std::string& mountPoint);
binder::Status encryptFstab(const std::string& blkDevice, const std::string& mountPoint,
bool shouldFormat, const std::string& fsType);
binder::Status createUserKey(int32_t userId, int32_t userSerial, bool ephemeral);
binder::Status destroyUserKey(int32_t userId);

View file

@ -88,7 +88,7 @@ interface IVold {
void initUser0();
boolean isConvertibleToFbe();
void mountFstab(@utf8InCpp String blkDevice, @utf8InCpp String mountPoint);
void encryptFstab(@utf8InCpp String blkDevice, @utf8InCpp String mountPoint);
void encryptFstab(@utf8InCpp String blkDevice, @utf8InCpp String mountPoint, boolean shouldFormat, @utf8InCpp String fsType);
void createUserKey(int userId, int userSerial, boolean ephemeral);
void destroyUserKey(int userId);

11
vdc.cpp
View file

@ -31,9 +31,10 @@
#include "android/os/IVold.h"
#include <android-base/logging.h>
#include <android-base/parsebool.h>
#include <android-base/parseint.h>
#include <android-base/strings.h>
#include <android-base/stringprintf.h>
#include <android-base/strings.h>
#include <binder/IServiceManager.h>
#include <binder/Status.h>
@ -107,8 +108,12 @@ int main(int argc, char** argv) {
checkStatus(args, vold->reset());
} else if (args[0] == "cryptfs" && args[1] == "mountFstab" && args.size() == 4) {
checkStatus(args, vold->mountFstab(args[2], args[3]));
} else if (args[0] == "cryptfs" && args[1] == "encryptFstab" && args.size() == 4) {
checkStatus(args, vold->encryptFstab(args[2], args[3]));
} else if (args[0] == "cryptfs" && args[1] == "encryptFstab" && args.size() == 6) {
auto shouldFormat = android::base::ParseBool(args[4]);
if (shouldFormat == android::base::ParseBoolResult::kError) exit(EINVAL);
checkStatus(args, vold->encryptFstab(args[2], args[3],
shouldFormat == android::base::ParseBoolResult::kTrue,
args[5]));
} else if (args[0] == "checkpoint" && args[1] == "supportsCheckpoint" && args.size() == 2) {
bool supported = false;
checkStatus(args, vold->supportsCheckpoint(&supported));