tequilaOS/platform_system_vold
2
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity

Merge "KeyUtil: use static local variable in isFsKeyringSupported()" am: 256b23b1c5 am: 350b5ae900

Browse source 
Original change: https://android-review.googlesource.com/c/platform/system/vold/+/1365220

Change-Id: Ia7fca6e61c58317002271c8338bb01a12e8223a5
This commit is contained in:
Eric Biggers 2020-07-17 01:50:24 +00:00 committed by Automerger Merge Worker
commit d0b2751e8f
1 changed files with 28 additions and 31 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

59
KeyUtil.cpp
View file

@ -63,40 +63,37 @@ bool generateStorageKey(const KeyGeneration& gen, KeyBuffer* key) {
} }
} }
static bool isFsKeyringSupportedImpl() {
android::base::unique_fd fd(open("/data", O_RDONLY | O_DIRECTORY | O_CLOEXEC));
// FS_IOC_ADD_ENCRYPTION_KEY with a NULL argument will fail with ENOTTY if
// the ioctl isn't supported. Otherwise it will fail with another error
// code such as EFAULT.
//
// Note that there's no need to check for FS_IOC_REMOVE_ENCRYPTION_KEY,
// since it's guaranteed to be available if FS_IOC_ADD_ENCRYPTION_KEY is.
// There's also no need to check for support on external volumes separately
// from /data, since either the kernel supports the ioctls on all
// fscrypt-capable filesystems or it doesn't.
errno = 0;
(void)ioctl(fd, FS_IOC_ADD_ENCRYPTION_KEY, NULL);
if (errno == ENOTTY) {
LOG(INFO) << "Kernel doesn't support FS_IOC_ADD_ENCRYPTION_KEY. Falling back to "
"session keyring";
return false;
}
if (errno != EFAULT) {
PLOG(WARNING) << "Unexpected error from FS_IOC_ADD_ENCRYPTION_KEY";
}
LOG(DEBUG) << "Detected support for FS_IOC_ADD_ENCRYPTION_KEY";
android::base::SetProperty("ro.crypto.uses_fs_ioc_add_encryption_key", "true");
return true;
}
// Return true if the kernel supports the ioctls to add/remove fscrypt keys // Return true if the kernel supports the ioctls to add/remove fscrypt keys
// directly to/from the filesystem. // directly to/from the filesystem.
bool isFsKeyringSupported(void) { bool isFsKeyringSupported(void) {
static bool initialized = false; static bool supported = isFsKeyringSupportedImpl();
static bool supported;
if (!initialized) {
android::base::unique_fd fd(open("/data", O_RDONLY | O_DIRECTORY | O_CLOEXEC));
// FS_IOC_ADD_ENCRYPTION_KEY with a NULL argument will fail with ENOTTY
// if the ioctl isn't supported. Otherwise it will fail with another
// error code such as EFAULT.
errno = 0;
(void)ioctl(fd, FS_IOC_ADD_ENCRYPTION_KEY, NULL);
if (errno == ENOTTY) {
LOG(INFO) << "Kernel doesn't support FS_IOC_ADD_ENCRYPTION_KEY. Falling back to "
"session keyring";
supported = false;
} else {
if (errno != EFAULT) {
PLOG(WARNING) << "Unexpected error from FS_IOC_ADD_ENCRYPTION_KEY";
}
LOG(DEBUG) << "Detected support for FS_IOC_ADD_ENCRYPTION_KEY";
supported = true;
android::base::SetProperty("ro.crypto.uses_fs_ioc_add_encryption_key", "true");
}
// There's no need to check for FS_IOC_REMOVE_ENCRYPTION_KEY, since it's
// guaranteed to be available if FS_IOC_ADD_ENCRYPTION_KEY is. There's
// also no need to check for support on external volumes separately from
// /data, since either the kernel supports the ioctls on all
// fscrypt-capable filesystems or it doesn't.
initialized = true;
}
return supported; return supported;
} }