Merge "Create a per-boot key on each boot" am: dab5ddf663
am: 6db7fa72a5
am: 03336816a7
Change-Id: I79b13f2fa4c002d5242a5d498ec5db385b7199bd
This commit is contained in:
commit
d678142ac6
3 changed files with 15 additions and 8 deletions
19
FsCrypt.cpp
19
FsCrypt.cpp
|
@ -84,7 +84,7 @@ const std::string prepare_subdirs_path = "/system/bin/vold_prepare_subdirs";
|
||||||
const std::string systemwide_volume_key_dir =
|
const std::string systemwide_volume_key_dir =
|
||||||
std::string() + DATA_MNT_POINT + "/misc/vold/volume_keys";
|
std::string() + DATA_MNT_POINT + "/misc/vold/volume_keys";
|
||||||
|
|
||||||
bool s_global_de_initialized = false;
|
bool s_systemwide_keys_initialized = false;
|
||||||
|
|
||||||
// Some users are ephemeral, don't try to wipe their keys from disk
|
// Some users are ephemeral, don't try to wipe their keys from disk
|
||||||
std::set<userid_t> s_ephemeral_users;
|
std::set<userid_t> s_ephemeral_users;
|
||||||
|
@ -335,10 +335,10 @@ static bool load_all_de_keys() {
|
||||||
return true;
|
return true;
|
||||||
}
|
}
|
||||||
|
|
||||||
bool fscrypt_initialize_global_de() {
|
bool fscrypt_initialize_systemwide_keys() {
|
||||||
LOG(INFO) << "fscrypt_initialize_global_de";
|
LOG(INFO) << "fscrypt_initialize_systemwide_keys";
|
||||||
|
|
||||||
if (s_global_de_initialized) {
|
if (s_systemwide_keys_initialized) {
|
||||||
LOG(INFO) << "Already initialized";
|
LOG(INFO) << "Already initialized";
|
||||||
return true;
|
return true;
|
||||||
}
|
}
|
||||||
|
@ -355,11 +355,18 @@ bool fscrypt_initialize_global_de() {
|
||||||
|
|
||||||
std::string ref_filename = std::string("/data") + fscrypt_key_ref;
|
std::string ref_filename = std::string("/data") + fscrypt_key_ref;
|
||||||
if (!android::vold::writeStringToFile(device_ref.key_raw_ref, ref_filename)) return false;
|
if (!android::vold::writeStringToFile(device_ref.key_raw_ref, ref_filename)) return false;
|
||||||
|
|
||||||
LOG(INFO) << "Wrote system DE key reference to:" << ref_filename;
|
LOG(INFO) << "Wrote system DE key reference to:" << ref_filename;
|
||||||
|
|
||||||
|
KeyBuffer per_boot_key;
|
||||||
|
if (!android::vold::randomKey(&per_boot_key)) return false;
|
||||||
|
std::string per_boot_raw_ref;
|
||||||
|
if (!android::vold::installKey(per_boot_key, &per_boot_raw_ref)) return false;
|
||||||
|
std::string per_boot_ref_filename = std::string("/data") + fscrypt_key_per_boot_ref;
|
||||||
|
if (!android::vold::writeStringToFile(per_boot_raw_ref, per_boot_ref_filename)) return false;
|
||||||
|
LOG(INFO) << "Wrote per boot key reference to:" << per_boot_ref_filename;
|
||||||
|
|
||||||
if (!android::vold::FsyncDirectory(device_key_dir)) return false;
|
if (!android::vold::FsyncDirectory(device_key_dir)) return false;
|
||||||
s_global_de_initialized = true;
|
s_systemwide_keys_initialized = true;
|
||||||
return true;
|
return true;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
|
@ -18,7 +18,7 @@
|
||||||
|
|
||||||
#include <cutils/multiuser.h>
|
#include <cutils/multiuser.h>
|
||||||
|
|
||||||
bool fscrypt_initialize_global_de();
|
bool fscrypt_initialize_systemwide_keys();
|
||||||
|
|
||||||
bool fscrypt_init_user0();
|
bool fscrypt_init_user0();
|
||||||
bool fscrypt_vold_create_user_key(userid_t user_id, int serial, bool ephemeral);
|
bool fscrypt_vold_create_user_key(userid_t user_id, int serial, bool ephemeral);
|
||||||
|
|
|
@ -691,7 +691,7 @@ binder::Status VoldNativeService::fbeEnable() {
|
||||||
ENFORCE_UID(AID_SYSTEM);
|
ENFORCE_UID(AID_SYSTEM);
|
||||||
ACQUIRE_CRYPT_LOCK;
|
ACQUIRE_CRYPT_LOCK;
|
||||||
|
|
||||||
return translateBool(fscrypt_initialize_global_de());
|
return translateBool(fscrypt_initialize_systemwide_keys());
|
||||||
}
|
}
|
||||||
|
|
||||||
binder::Status VoldNativeService::mountDefaultEncrypted() {
|
binder::Status VoldNativeService::mountDefaultEncrypted() {
|
||||||
|
|
Loading…
Reference in a new issue