From a6957c0f7aa728ee57a01d7c58981c1b11515918 Mon Sep 17 00:00:00 2001 From: Eric Biggers Date: Wed, 15 Jun 2022 18:52:18 +0000 Subject: [PATCH] Rename fscrypt_is_native() to IsFbeEnabled() Now that emulated FBE is no longer supported, there is no longer any distinction between native FBE and emulated FBE. There is just FBE. Referring to FBE as "fscrypt" is also poor practice, as fscrypt (the Linux kernel support for filesystem-level encryption) is just one part of FBE, the Android feature. Therefore, rename fscrypt_is_native() to IsFbeEnabled(). Bug: 232458753 Change-Id: Idf4cb25d37bc3e81836fcc5a1d96f79ccfa443b7 --- FsCrypt.cpp | 28 ++++++++++++++-------------- VolumeManager.cpp | 2 +- cryptfs.cpp | 2 +- fs/Ext4.cpp | 2 +- 4 files changed, 17 insertions(+), 17 deletions(-) diff --git a/FsCrypt.cpp b/FsCrypt.cpp index 111c9aa..5bc55d0 100644 --- a/FsCrypt.cpp +++ b/FsCrypt.cpp @@ -324,7 +324,7 @@ static bool prepare_dir(const std::string& dir, mode_t mode, uid_t uid, gid_t gi static bool prepare_dir_with_policy(const std::string& dir, mode_t mode, uid_t uid, gid_t gid, const EncryptionPolicy& policy) { if (!prepare_dir(dir, mode, uid, gid)) return false; - if (fscrypt_is_native() && !EnsurePolicy(policy, dir)) return false; + if (IsFbeEnabled() && !EnsurePolicy(policy, dir)) return false; return true; } @@ -533,7 +533,7 @@ bool fscrypt_init_user0_done; bool fscrypt_init_user0() { LOG(DEBUG) << "fscrypt_init_user0"; - if (fscrypt_is_native()) { + if (IsFbeEnabled()) { if (!prepare_dir(user_key_dir, 0700, AID_ROOT, AID_ROOT)) return false; if (!prepare_dir(user_key_dir + "/ce", 0700, AID_ROOT, AID_ROOT)) return false; if (!prepare_dir(user_key_dir + "/de", 0700, AID_ROOT, AID_ROOT)) return false; @@ -560,7 +560,7 @@ bool fscrypt_init_user0() { // In some scenarios (e.g. userspace reboot) we might unmount userdata // without doing a hard reboot. If CE keys were stored in fs keyring then // they will be lost after unmount. Attempt to re-install them. - if (fscrypt_is_native() && android::vold::isFsKeyringSupported()) { + if (IsFbeEnabled() && android::vold::isFsKeyringSupported()) { if (!try_reload_ce_keys()) return false; } @@ -570,7 +570,7 @@ bool fscrypt_init_user0() { bool fscrypt_vold_create_user_key(userid_t user_id, int serial, bool ephemeral) { LOG(DEBUG) << "fscrypt_vold_create_user_key for " << user_id << " serial " << serial; - if (!fscrypt_is_native()) { + if (!IsFbeEnabled()) { return true; } // FIXME test for existence of key that is not loaded yet @@ -621,7 +621,7 @@ static bool evict_ce_key(userid_t user_id) { bool fscrypt_destroy_user_key(userid_t user_id) { LOG(DEBUG) << "fscrypt_destroy_user_key(" << user_id << ")"; - if (!fscrypt_is_native()) { + if (!IsFbeEnabled()) { return true; } bool success = true; @@ -740,7 +740,7 @@ static bool fscrypt_rewrap_user_key(userid_t user_id, int serial, bool fscrypt_add_user_key_auth(userid_t user_id, int serial, const std::string& secret_hex) { LOG(DEBUG) << "fscrypt_add_user_key_auth " << user_id << " serial=" << serial; - if (!fscrypt_is_native()) return true; + if (!IsFbeEnabled()) return true; auto auth = authentication_from_hex(secret_hex); if (!auth) return false; return fscrypt_rewrap_user_key(user_id, serial, kEmptyAuthentication, *auth); @@ -748,7 +748,7 @@ bool fscrypt_add_user_key_auth(userid_t user_id, int serial, const std::string& bool fscrypt_clear_user_key_auth(userid_t user_id, int serial, const std::string& secret_hex) { LOG(DEBUG) << "fscrypt_clear_user_key_auth " << user_id << " serial=" << serial; - if (!fscrypt_is_native()) return true; + if (!IsFbeEnabled()) return true; auto auth = authentication_from_hex(secret_hex); if (!auth) return false; return fscrypt_rewrap_user_key(user_id, serial, *auth, kEmptyAuthentication); @@ -756,7 +756,7 @@ bool fscrypt_clear_user_key_auth(userid_t user_id, int serial, const std::string bool fscrypt_fixate_newest_user_key_auth(userid_t user_id) { LOG(DEBUG) << "fscrypt_fixate_newest_user_key_auth " << user_id; - if (!fscrypt_is_native()) return true; + if (!IsFbeEnabled()) return true; if (s_ephemeral_users.count(user_id) != 0) return true; auto const directory_path = get_ce_key_directory_path(user_id); auto const paths = get_ce_key_paths(directory_path); @@ -779,7 +779,7 @@ std::vector fscrypt_get_unlocked_users() { // TODO: rename to 'install' for consistency, and take flags to know which keys to install bool fscrypt_unlock_user_key(userid_t user_id, int serial, const std::string& secret_hex) { LOG(DEBUG) << "fscrypt_unlock_user_key " << user_id << " serial=" << serial; - if (fscrypt_is_native()) { + if (IsFbeEnabled()) { if (s_ce_policies.count(user_id) != 0) { LOG(WARNING) << "Tried to unlock already-unlocked key for user " << user_id; return true; @@ -797,7 +797,7 @@ bool fscrypt_unlock_user_key(userid_t user_id, int serial, const std::string& se // TODO: rename to 'evict' for consistency bool fscrypt_lock_user_key(userid_t user_id) { LOG(DEBUG) << "fscrypt_lock_user_key " << user_id; - if (fscrypt_is_native()) { + if (IsFbeEnabled()) { return evict_ce_key(user_id); } return true; @@ -849,7 +849,7 @@ bool fscrypt_prepare_user_storage(const std::string& volume_uuid, userid_t user_ auto vendor_de_path = android::vold::BuildDataVendorDePath(user_id); auto user_de_path = android::vold::BuildDataUserDePath(volume_uuid, user_id); - if (fscrypt_is_native()) { + if (IsFbeEnabled()) { if (volume_uuid.empty()) { if (!lookup_policy(s_de_policies, user_id, &de_policy)) { LOG(ERROR) << "Cannot find DE policy for user " << user_id; @@ -893,7 +893,7 @@ bool fscrypt_prepare_user_storage(const std::string& volume_uuid, userid_t user_ auto media_ce_path = android::vold::BuildDataMediaCePath(volume_uuid, user_id); auto user_ce_path = android::vold::BuildDataUserCePath(volume_uuid, user_id); - if (fscrypt_is_native()) { + if (IsFbeEnabled()) { if (volume_uuid.empty()) { if (!lookup_policy(s_ce_policies, user_id, &ce_policy)) { LOG(ERROR) << "Cannot find CE policy for user " << user_id; @@ -964,7 +964,7 @@ bool fscrypt_destroy_user_storage(const std::string& volume_uuid, userid_t user_ res &= destroy_dir(system_ce_path); res &= destroy_dir(vendor_ce_path); } else { - if (fscrypt_is_native()) { + if (IsFbeEnabled()) { auto misc_ce_empty_volume_path = android::vold::BuildDataMiscCePath("", user_id); res &= destroy_volkey(misc_ce_empty_volume_path, volume_uuid); } @@ -994,7 +994,7 @@ bool fscrypt_destroy_user_storage(const std::string& volume_uuid, userid_t user_ res &= destroy_dir(system_de_path); res &= destroy_dir(vendor_de_path); } else { - if (fscrypt_is_native()) { + if (IsFbeEnabled()) { auto misc_de_empty_volume_path = android::vold::BuildDataMiscDePath("", user_id); res &= destroy_volkey(misc_de_empty_volume_path, volume_uuid); } diff --git a/VolumeManager.cpp b/VolumeManager.cpp index a7d39c1..5cef239 100644 --- a/VolumeManager.cpp +++ b/VolumeManager.cpp @@ -358,7 +358,7 @@ int VolumeManager::forgetPartition(const std::string& partGuid, const std::strin LOG(ERROR) << "Failed to unlink " << keyPath; success = false; } - if (fscrypt_is_native()) { + if (IsFbeEnabled()) { if (!fscrypt_destroy_volume_keys(fsUuid)) { success = false; } diff --git a/cryptfs.cpp b/cryptfs.cpp index ab8f3ec..5213c18 100644 --- a/cryptfs.cpp +++ b/cryptfs.cpp @@ -156,7 +156,7 @@ int cryptfs_setup_ext_volume(const char* label, const char* real_blkdev, const K key_ascii, 0, real_blkdev, 0); target->AllowDiscards(); - if (fscrypt_is_native() && + if (IsFbeEnabled() && android::base::GetBoolProperty("ro.crypto.allow_encrypt_override", false)) { target->AllowEncryptOverride(); } diff --git a/fs/Ext4.cpp b/fs/Ext4.cpp index 52f6772..293efc4 100644 --- a/fs/Ext4.cpp +++ b/fs/Ext4.cpp @@ -182,7 +182,7 @@ status_t Format(const std::string& source, unsigned long numSectors, const std:: if (android::base::GetBoolProperty("vold.has_quota", false)) { options += ",quota"; } - if (fscrypt_is_native()) { + if (IsFbeEnabled()) { options += ",encrypt"; } if (needs_casefold) {