Rename fscrypt_is_native() to IsFbeEnabled()

Now that emulated FBE is no longer supported, there is no longer any
distinction between native FBE and emulated FBE.  There is just FBE.

Referring to FBE as "fscrypt" is also poor practice, as fscrypt (the
Linux kernel support for filesystem-level encryption) is just one part
of FBE, the Android feature.

Therefore, rename fscrypt_is_native() to IsFbeEnabled().

Bug: 232458753
Change-Id: Idf4cb25d37bc3e81836fcc5a1d96f79ccfa443b7
This commit is contained in:
Eric Biggers 2022-06-15 18:52:18 +00:00
parent 7b04dba53e
commit a6957c0f7a
4 changed files with 17 additions and 17 deletions

View file

@ -324,7 +324,7 @@ static bool prepare_dir(const std::string& dir, mode_t mode, uid_t uid, gid_t gi
static bool prepare_dir_with_policy(const std::string& dir, mode_t mode, uid_t uid, gid_t gid, static bool prepare_dir_with_policy(const std::string& dir, mode_t mode, uid_t uid, gid_t gid,
const EncryptionPolicy& policy) { const EncryptionPolicy& policy) {
if (!prepare_dir(dir, mode, uid, gid)) return false; if (!prepare_dir(dir, mode, uid, gid)) return false;
if (fscrypt_is_native() && !EnsurePolicy(policy, dir)) return false; if (IsFbeEnabled() && !EnsurePolicy(policy, dir)) return false;
return true; return true;
} }
@ -533,7 +533,7 @@ bool fscrypt_init_user0_done;
bool fscrypt_init_user0() { bool fscrypt_init_user0() {
LOG(DEBUG) << "fscrypt_init_user0"; LOG(DEBUG) << "fscrypt_init_user0";
if (fscrypt_is_native()) { if (IsFbeEnabled()) {
if (!prepare_dir(user_key_dir, 0700, AID_ROOT, AID_ROOT)) return false; if (!prepare_dir(user_key_dir, 0700, AID_ROOT, AID_ROOT)) return false;
if (!prepare_dir(user_key_dir + "/ce", 0700, AID_ROOT, AID_ROOT)) return false; if (!prepare_dir(user_key_dir + "/ce", 0700, AID_ROOT, AID_ROOT)) return false;
if (!prepare_dir(user_key_dir + "/de", 0700, AID_ROOT, AID_ROOT)) return false; if (!prepare_dir(user_key_dir + "/de", 0700, AID_ROOT, AID_ROOT)) return false;
@ -560,7 +560,7 @@ bool fscrypt_init_user0() {
// In some scenarios (e.g. userspace reboot) we might unmount userdata // In some scenarios (e.g. userspace reboot) we might unmount userdata
// without doing a hard reboot. If CE keys were stored in fs keyring then // without doing a hard reboot. If CE keys were stored in fs keyring then
// they will be lost after unmount. Attempt to re-install them. // they will be lost after unmount. Attempt to re-install them.
if (fscrypt_is_native() && android::vold::isFsKeyringSupported()) { if (IsFbeEnabled() && android::vold::isFsKeyringSupported()) {
if (!try_reload_ce_keys()) return false; if (!try_reload_ce_keys()) return false;
} }
@ -570,7 +570,7 @@ bool fscrypt_init_user0() {
bool fscrypt_vold_create_user_key(userid_t user_id, int serial, bool ephemeral) { bool fscrypt_vold_create_user_key(userid_t user_id, int serial, bool ephemeral) {
LOG(DEBUG) << "fscrypt_vold_create_user_key for " << user_id << " serial " << serial; LOG(DEBUG) << "fscrypt_vold_create_user_key for " << user_id << " serial " << serial;
if (!fscrypt_is_native()) { if (!IsFbeEnabled()) {
return true; return true;
} }
// FIXME test for existence of key that is not loaded yet // FIXME test for existence of key that is not loaded yet
@ -621,7 +621,7 @@ static bool evict_ce_key(userid_t user_id) {
bool fscrypt_destroy_user_key(userid_t user_id) { bool fscrypt_destroy_user_key(userid_t user_id) {
LOG(DEBUG) << "fscrypt_destroy_user_key(" << user_id << ")"; LOG(DEBUG) << "fscrypt_destroy_user_key(" << user_id << ")";
if (!fscrypt_is_native()) { if (!IsFbeEnabled()) {
return true; return true;
} }
bool success = true; bool success = true;
@ -740,7 +740,7 @@ static bool fscrypt_rewrap_user_key(userid_t user_id, int serial,
bool fscrypt_add_user_key_auth(userid_t user_id, int serial, const std::string& secret_hex) { bool fscrypt_add_user_key_auth(userid_t user_id, int serial, const std::string& secret_hex) {
LOG(DEBUG) << "fscrypt_add_user_key_auth " << user_id << " serial=" << serial; LOG(DEBUG) << "fscrypt_add_user_key_auth " << user_id << " serial=" << serial;
if (!fscrypt_is_native()) return true; if (!IsFbeEnabled()) return true;
auto auth = authentication_from_hex(secret_hex); auto auth = authentication_from_hex(secret_hex);
if (!auth) return false; if (!auth) return false;
return fscrypt_rewrap_user_key(user_id, serial, kEmptyAuthentication, *auth); return fscrypt_rewrap_user_key(user_id, serial, kEmptyAuthentication, *auth);
@ -748,7 +748,7 @@ bool fscrypt_add_user_key_auth(userid_t user_id, int serial, const std::string&
bool fscrypt_clear_user_key_auth(userid_t user_id, int serial, const std::string& secret_hex) { bool fscrypt_clear_user_key_auth(userid_t user_id, int serial, const std::string& secret_hex) {
LOG(DEBUG) << "fscrypt_clear_user_key_auth " << user_id << " serial=" << serial; LOG(DEBUG) << "fscrypt_clear_user_key_auth " << user_id << " serial=" << serial;
if (!fscrypt_is_native()) return true; if (!IsFbeEnabled()) return true;
auto auth = authentication_from_hex(secret_hex); auto auth = authentication_from_hex(secret_hex);
if (!auth) return false; if (!auth) return false;
return fscrypt_rewrap_user_key(user_id, serial, *auth, kEmptyAuthentication); return fscrypt_rewrap_user_key(user_id, serial, *auth, kEmptyAuthentication);
@ -756,7 +756,7 @@ bool fscrypt_clear_user_key_auth(userid_t user_id, int serial, const std::string
bool fscrypt_fixate_newest_user_key_auth(userid_t user_id) { bool fscrypt_fixate_newest_user_key_auth(userid_t user_id) {
LOG(DEBUG) << "fscrypt_fixate_newest_user_key_auth " << user_id; LOG(DEBUG) << "fscrypt_fixate_newest_user_key_auth " << user_id;
if (!fscrypt_is_native()) return true; if (!IsFbeEnabled()) return true;
if (s_ephemeral_users.count(user_id) != 0) return true; if (s_ephemeral_users.count(user_id) != 0) return true;
auto const directory_path = get_ce_key_directory_path(user_id); auto const directory_path = get_ce_key_directory_path(user_id);
auto const paths = get_ce_key_paths(directory_path); auto const paths = get_ce_key_paths(directory_path);
@ -779,7 +779,7 @@ std::vector<int> fscrypt_get_unlocked_users() {
// TODO: rename to 'install' for consistency, and take flags to know which keys to install // TODO: rename to 'install' for consistency, and take flags to know which keys to install
bool fscrypt_unlock_user_key(userid_t user_id, int serial, const std::string& secret_hex) { bool fscrypt_unlock_user_key(userid_t user_id, int serial, const std::string& secret_hex) {
LOG(DEBUG) << "fscrypt_unlock_user_key " << user_id << " serial=" << serial; LOG(DEBUG) << "fscrypt_unlock_user_key " << user_id << " serial=" << serial;
if (fscrypt_is_native()) { if (IsFbeEnabled()) {
if (s_ce_policies.count(user_id) != 0) { if (s_ce_policies.count(user_id) != 0) {
LOG(WARNING) << "Tried to unlock already-unlocked key for user " << user_id; LOG(WARNING) << "Tried to unlock already-unlocked key for user " << user_id;
return true; return true;
@ -797,7 +797,7 @@ bool fscrypt_unlock_user_key(userid_t user_id, int serial, const std::string& se
// TODO: rename to 'evict' for consistency // TODO: rename to 'evict' for consistency
bool fscrypt_lock_user_key(userid_t user_id) { bool fscrypt_lock_user_key(userid_t user_id) {
LOG(DEBUG) << "fscrypt_lock_user_key " << user_id; LOG(DEBUG) << "fscrypt_lock_user_key " << user_id;
if (fscrypt_is_native()) { if (IsFbeEnabled()) {
return evict_ce_key(user_id); return evict_ce_key(user_id);
} }
return true; return true;
@ -849,7 +849,7 @@ bool fscrypt_prepare_user_storage(const std::string& volume_uuid, userid_t user_
auto vendor_de_path = android::vold::BuildDataVendorDePath(user_id); auto vendor_de_path = android::vold::BuildDataVendorDePath(user_id);
auto user_de_path = android::vold::BuildDataUserDePath(volume_uuid, user_id); auto user_de_path = android::vold::BuildDataUserDePath(volume_uuid, user_id);
if (fscrypt_is_native()) { if (IsFbeEnabled()) {
if (volume_uuid.empty()) { if (volume_uuid.empty()) {
if (!lookup_policy(s_de_policies, user_id, &de_policy)) { if (!lookup_policy(s_de_policies, user_id, &de_policy)) {
LOG(ERROR) << "Cannot find DE policy for user " << user_id; LOG(ERROR) << "Cannot find DE policy for user " << user_id;
@ -893,7 +893,7 @@ bool fscrypt_prepare_user_storage(const std::string& volume_uuid, userid_t user_
auto media_ce_path = android::vold::BuildDataMediaCePath(volume_uuid, user_id); auto media_ce_path = android::vold::BuildDataMediaCePath(volume_uuid, user_id);
auto user_ce_path = android::vold::BuildDataUserCePath(volume_uuid, user_id); auto user_ce_path = android::vold::BuildDataUserCePath(volume_uuid, user_id);
if (fscrypt_is_native()) { if (IsFbeEnabled()) {
if (volume_uuid.empty()) { if (volume_uuid.empty()) {
if (!lookup_policy(s_ce_policies, user_id, &ce_policy)) { if (!lookup_policy(s_ce_policies, user_id, &ce_policy)) {
LOG(ERROR) << "Cannot find CE policy for user " << user_id; LOG(ERROR) << "Cannot find CE policy for user " << user_id;
@ -964,7 +964,7 @@ bool fscrypt_destroy_user_storage(const std::string& volume_uuid, userid_t user_
res &= destroy_dir(system_ce_path); res &= destroy_dir(system_ce_path);
res &= destroy_dir(vendor_ce_path); res &= destroy_dir(vendor_ce_path);
} else { } else {
if (fscrypt_is_native()) { if (IsFbeEnabled()) {
auto misc_ce_empty_volume_path = android::vold::BuildDataMiscCePath("", user_id); auto misc_ce_empty_volume_path = android::vold::BuildDataMiscCePath("", user_id);
res &= destroy_volkey(misc_ce_empty_volume_path, volume_uuid); res &= destroy_volkey(misc_ce_empty_volume_path, volume_uuid);
} }
@ -994,7 +994,7 @@ bool fscrypt_destroy_user_storage(const std::string& volume_uuid, userid_t user_
res &= destroy_dir(system_de_path); res &= destroy_dir(system_de_path);
res &= destroy_dir(vendor_de_path); res &= destroy_dir(vendor_de_path);
} else { } else {
if (fscrypt_is_native()) { if (IsFbeEnabled()) {
auto misc_de_empty_volume_path = android::vold::BuildDataMiscDePath("", user_id); auto misc_de_empty_volume_path = android::vold::BuildDataMiscDePath("", user_id);
res &= destroy_volkey(misc_de_empty_volume_path, volume_uuid); res &= destroy_volkey(misc_de_empty_volume_path, volume_uuid);
} }

View file

@ -358,7 +358,7 @@ int VolumeManager::forgetPartition(const std::string& partGuid, const std::strin
LOG(ERROR) << "Failed to unlink " << keyPath; LOG(ERROR) << "Failed to unlink " << keyPath;
success = false; success = false;
} }
if (fscrypt_is_native()) { if (IsFbeEnabled()) {
if (!fscrypt_destroy_volume_keys(fsUuid)) { if (!fscrypt_destroy_volume_keys(fsUuid)) {
success = false; success = false;
} }

View file

@ -156,7 +156,7 @@ int cryptfs_setup_ext_volume(const char* label, const char* real_blkdev, const K
key_ascii, 0, real_blkdev, 0); key_ascii, 0, real_blkdev, 0);
target->AllowDiscards(); target->AllowDiscards();
if (fscrypt_is_native() && if (IsFbeEnabled() &&
android::base::GetBoolProperty("ro.crypto.allow_encrypt_override", false)) { android::base::GetBoolProperty("ro.crypto.allow_encrypt_override", false)) {
target->AllowEncryptOverride(); target->AllowEncryptOverride();
} }

View file

@ -182,7 +182,7 @@ status_t Format(const std::string& source, unsigned long numSectors, const std::
if (android::base::GetBoolProperty("vold.has_quota", false)) { if (android::base::GetBoolProperty("vold.has_quota", false)) {
options += ",quota"; options += ",quota";
} }
if (fscrypt_is_native()) { if (IsFbeEnabled()) {
options += ",encrypt"; options += ",encrypt";
} }
if (needs_casefold) { if (needs_casefold) {