tequilaOS/platform_system_vold
2
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity

Rename fscrypt_is_native() to IsFbeEnabled()

Browse source 
Now that emulated FBE is no longer supported, there is no longer any
distinction between native FBE and emulated FBE.  There is just FBE.

Referring to FBE as "fscrypt" is also poor practice, as fscrypt (the
Linux kernel support for filesystem-level encryption) is just one part
of FBE, the Android feature.

Therefore, rename fscrypt_is_native() to IsFbeEnabled().

Bug: 232458753
Change-Id: Idf4cb25d37bc3e81836fcc5a1d96f79ccfa443b7
This commit is contained in:
Eric Biggers 2022-06-15 18:52:18 +00:00
parent 7b04dba53e
commit a6957c0f7a
4 changed files with 17 additions and 17 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

28
FsCrypt.cpp
View file

@ -324,7 +324,7 @@ static bool prepare_dir(const std::string& dir, mode_t mode, uid_t uid, gid_t gi
static bool prepare_dir_with_policy(const std::string& dir, mode_t mode, uid_t uid, gid_t gid,
const EncryptionPolicy& policy) {
if (!prepare_dir(dir, mode, uid, gid)) return false;
if (fscrypt_is_native() && !EnsurePolicy(policy, dir)) return false;
if (IsFbeEnabled() && !EnsurePolicy(policy, dir)) return false;
return true;
}
@ -533,7 +533,7 @@ bool fscrypt_init_user0_done;
bool fscrypt_init_user0() {
LOG(DEBUG) << "fscrypt_init_user0";
if (fscrypt_is_native()) {
if (IsFbeEnabled()) {
if (!prepare_dir(user_key_dir, 0700, AID_ROOT, AID_ROOT)) return false;
if (!prepare_dir(user_key_dir + "/ce", 0700, AID_ROOT, AID_ROOT)) return false;
if (!prepare_dir(user_key_dir + "/de", 0700, AID_ROOT, AID_ROOT)) return false;
@ -560,7 +560,7 @@ bool fscrypt_init_user0() {
// In some scenarios (e.g. userspace reboot) we might unmount userdata
// without doing a hard reboot. If CE keys were stored in fs keyring then
// they will be lost after unmount. Attempt to re-install them.
if (fscrypt_is_native() && android::vold::isFsKeyringSupported()) {
if (IsFbeEnabled() && android::vold::isFsKeyringSupported()) {
if (!try_reload_ce_keys()) return false;
}
@ -570,7 +570,7 @@ bool fscrypt_init_user0() {
bool fscrypt_vold_create_user_key(userid_t user_id, int serial, bool ephemeral) {
LOG(DEBUG) << "fscrypt_vold_create_user_key for " << user_id << " serial " << serial;
if (!fscrypt_is_native()) {
if (!IsFbeEnabled()) {
return true;
}
// FIXME test for existence of key that is not loaded yet
@ -621,7 +621,7 @@ static bool evict_ce_key(userid_t user_id) {
bool fscrypt_destroy_user_key(userid_t user_id) {
LOG(DEBUG) << "fscrypt_destroy_user_key(" << user_id << ")";
if (!fscrypt_is_native()) {
if (!IsFbeEnabled()) {
return true;
}
bool success = true;
@ -740,7 +740,7 @@ static bool fscrypt_rewrap_user_key(userid_t user_id, int serial,
bool fscrypt_add_user_key_auth(userid_t user_id, int serial, const std::string& secret_hex) {
LOG(DEBUG) << "fscrypt_add_user_key_auth " << user_id << " serial=" << serial;
if (!fscrypt_is_native()) return true;
if (!IsFbeEnabled()) return true;
auto auth = authentication_from_hex(secret_hex);
if (!auth) return false;
return fscrypt_rewrap_user_key(user_id, serial, kEmptyAuthentication, *auth);
@ -748,7 +748,7 @@ bool fscrypt_add_user_key_auth(userid_t user_id, int serial, const std::string&
bool fscrypt_clear_user_key_auth(userid_t user_id, int serial, const std::string& secret_hex) {
LOG(DEBUG) << "fscrypt_clear_user_key_auth " << user_id << " serial=" << serial;
if (!fscrypt_is_native()) return true;
if (!IsFbeEnabled()) return true;
auto auth = authentication_from_hex(secret_hex);
if (!auth) return false;
return fscrypt_rewrap_user_key(user_id, serial, *auth, kEmptyAuthentication);
@ -756,7 +756,7 @@ bool fscrypt_clear_user_key_auth(userid_t user_id, int serial, const std::string
bool fscrypt_fixate_newest_user_key_auth(userid_t user_id) {
LOG(DEBUG) << "fscrypt_fixate_newest_user_key_auth " << user_id;
if (!fscrypt_is_native()) return true;
if (!IsFbeEnabled()) return true;
if (s_ephemeral_users.count(user_id) != 0) return true;
auto const directory_path = get_ce_key_directory_path(user_id);
auto const paths = get_ce_key_paths(directory_path);
@ -779,7 +779,7 @@ std::vector<int> fscrypt_get_unlocked_users() {
// TODO: rename to 'install' for consistency, and take flags to know which keys to install
bool fscrypt_unlock_user_key(userid_t user_id, int serial, const std::string& secret_hex) {
LOG(DEBUG) << "fscrypt_unlock_user_key " << user_id << " serial=" << serial;
if (fscrypt_is_native()) {
if (IsFbeEnabled()) {
if (s_ce_policies.count(user_id) != 0) {
LOG(WARNING) << "Tried to unlock already-unlocked key for user " << user_id;
return true;
@ -797,7 +797,7 @@ bool fscrypt_unlock_user_key(userid_t user_id, int serial, const std::string& se
// TODO: rename to 'evict' for consistency
bool fscrypt_lock_user_key(userid_t user_id) {
LOG(DEBUG) << "fscrypt_lock_user_key " << user_id;
if (fscrypt_is_native()) {
if (IsFbeEnabled()) {
return evict_ce_key(user_id);
}
return true;
@ -849,7 +849,7 @@ bool fscrypt_prepare_user_storage(const std::string& volume_uuid, userid_t user_
auto vendor_de_path = android::vold::BuildDataVendorDePath(user_id);
auto user_de_path = android::vold::BuildDataUserDePath(volume_uuid, user_id);
if (fscrypt_is_native()) {
if (IsFbeEnabled()) {
if (volume_uuid.empty()) {
if (!lookup_policy(s_de_policies, user_id, &de_policy)) {
LOG(ERROR) << "Cannot find DE policy for user " << user_id;
@ -893,7 +893,7 @@ bool fscrypt_prepare_user_storage(const std::string& volume_uuid, userid_t user_
auto media_ce_path = android::vold::BuildDataMediaCePath(volume_uuid, user_id);
auto user_ce_path = android::vold::BuildDataUserCePath(volume_uuid, user_id);
if (fscrypt_is_native()) {
if (IsFbeEnabled()) {
if (volume_uuid.empty()) {
if (!lookup_policy(s_ce_policies, user_id, &ce_policy)) {
LOG(ERROR) << "Cannot find CE policy for user " << user_id;
@ -964,7 +964,7 @@ bool fscrypt_destroy_user_storage(const std::string& volume_uuid, userid_t user_
res &= destroy_dir(system_ce_path);
res &= destroy_dir(vendor_ce_path);
} else {
if (fscrypt_is_native()) {
if (IsFbeEnabled()) {
auto misc_ce_empty_volume_path = android::vold::BuildDataMiscCePath("", user_id);
res &= destroy_volkey(misc_ce_empty_volume_path, volume_uuid);
}
@ -994,7 +994,7 @@ bool fscrypt_destroy_user_storage(const std::string& volume_uuid, userid_t user_
res &= destroy_dir(system_de_path);
res &= destroy_dir(vendor_de_path);
} else {
if (fscrypt_is_native()) {
if (IsFbeEnabled()) {
auto misc_de_empty_volume_path = android::vold::BuildDataMiscDePath("", user_id);
res &= destroy_volkey(misc_de_empty_volume_path, volume_uuid);
}

2
VolumeManager.cpp
View file

@ -358,7 +358,7 @@ int VolumeManager::forgetPartition(const std::string& partGuid, const std::strin
LOG(ERROR) << "Failed to unlink " << keyPath;
success = false;
}
if (fscrypt_is_native()) {
if (IsFbeEnabled()) {
if (!fscrypt_destroy_volume_keys(fsUuid)) {
success = false;
}

2
cryptfs.cpp
View file

@ -156,7 +156,7 @@ int cryptfs_setup_ext_volume(const char* label, const char* real_blkdev, const K
key_ascii, 0, real_blkdev, 0);
target->AllowDiscards();
if (fscrypt_is_native() &&
if (IsFbeEnabled() &&
android::base::GetBoolProperty("ro.crypto.allow_encrypt_override", false)) {
target->AllowEncryptOverride();
}

2
fs/Ext4.cpp
View file

@ -182,7 +182,7 @@ status_t Format(const std::string& source, unsigned long numSectors, const std::
if (android::base::GetBoolProperty("vold.has_quota", false)) {
options += ",quota";
}
if (fscrypt_is_native()) {
if (IsFbeEnabled()) {
options += ",encrypt";
}
if (needs_casefold) {