Merge changes from topic "e4crypt_to_fscrypt"

* changes:
  vold: get the fscrypt kernel API declarations from linux/fs.h
  vold: rename from "ext4 encryption" to fscrypt
This commit is contained in:
Eric Biggers 2018-10-29 17:19:39 +00:00 committed by Gerrit Code Review
commit ddbd8325f5
12 changed files with 129 additions and 140 deletions

View file

@ -48,6 +48,7 @@ cc_defaults {
"libdiskconfig", "libdiskconfig",
"libext4_utils", "libext4_utils",
"libf2fs_sparseblock", "libf2fs_sparseblock",
"libfscrypt",
"libhardware", "libhardware",
"libhardware_legacy", "libhardware_legacy",
"libhidlbase", "libhidlbase",
@ -99,8 +100,8 @@ cc_library_static {
"Checkpoint.cpp", "Checkpoint.cpp",
"Devmapper.cpp", "Devmapper.cpp",
"EncryptInplace.cpp", "EncryptInplace.cpp",
"Ext4Crypt.cpp",
"FileDeviceUtils.cpp", "FileDeviceUtils.cpp",
"FsCrypt.cpp",
"IdleMaint.cpp", "IdleMaint.cpp",
"KeyBuffer.cpp", "KeyBuffer.cpp",
"KeyStorage.cpp", "KeyStorage.cpp",

View file

@ -14,7 +14,7 @@
* limitations under the License. * limitations under the License.
*/ */
#include "Ext4Crypt.h" #include "FsCrypt.h"
#include "KeyStorage.h" #include "KeyStorage.h"
#include "KeyUtil.h" #include "KeyUtil.h"
@ -50,7 +50,7 @@
#include <cutils/fs.h> #include <cutils/fs.h>
#include <cutils/properties.h> #include <cutils/properties.h>
#include <ext4_utils/ext4_crypt.h> #include <fscrypt/fscrypt.h>
#include <keyutils.h> #include <keyutils.h>
#include <android-base/file.h> #include <android-base/file.h>
@ -71,7 +71,7 @@ struct PolicyKeyRef {
std::string key_raw_ref; std::string key_raw_ref;
}; };
const std::string device_key_dir = std::string() + DATA_MNT_POINT + e4crypt_unencrypted_folder; const std::string device_key_dir = std::string() + DATA_MNT_POINT + fscrypt_unencrypted_folder;
const std::string device_key_path = device_key_dir + "/key"; const std::string device_key_path = device_key_dir + "/key";
const std::string device_key_temp = device_key_dir + "/temp"; const std::string device_key_temp = device_key_dir + "/temp";
@ -95,7 +95,7 @@ std::map<userid_t, KeyBuffer> s_ce_keys;
} // namespace } // namespace
static bool e4crypt_is_emulated() { static bool fscrypt_is_emulated() {
return property_get_bool("persist.sys.emulate_fbe", false); return property_get_bool("persist.sys.emulate_fbe", false);
} }
@ -282,7 +282,7 @@ static void get_data_file_encryption_modes(PolicyKeyRef* key_ref) {
} }
static bool ensure_policy(const PolicyKeyRef& key_ref, const std::string& path) { static bool ensure_policy(const PolicyKeyRef& key_ref, const std::string& path) {
return e4crypt_policy_ensure(path.c_str(), key_ref.key_raw_ref.data(), return fscrypt_policy_ensure(path.c_str(), key_ref.key_raw_ref.data(),
key_ref.key_raw_ref.size(), key_ref.contents_mode.c_str(), key_ref.key_raw_ref.size(), key_ref.contents_mode.c_str(),
key_ref.filenames_mode.c_str()) == 0; key_ref.filenames_mode.c_str()) == 0;
} }
@ -326,13 +326,13 @@ static bool load_all_de_keys() {
LOG(DEBUG) << "Installed de key for user " << user_id; LOG(DEBUG) << "Installed de key for user " << user_id;
} }
} }
// ext4enc:TODO: go through all DE directories, ensure that all user dirs have the // fscrypt:TODO: go through all DE directories, ensure that all user dirs have the
// correct policy set on them, and that no rogue ones exist. // correct policy set on them, and that no rogue ones exist.
return true; return true;
} }
bool e4crypt_initialize_global_de() { bool fscrypt_initialize_global_de() {
LOG(INFO) << "e4crypt_initialize_global_de"; LOG(INFO) << "fscrypt_initialize_global_de";
if (s_global_de_initialized) { if (s_global_de_initialized) {
LOG(INFO) << "Already initialized"; LOG(INFO) << "Already initialized";
@ -346,13 +346,13 @@ bool e4crypt_initialize_global_de() {
get_data_file_encryption_modes(&device_ref); get_data_file_encryption_modes(&device_ref);
std::string modestring = device_ref.contents_mode + ":" + device_ref.filenames_mode; std::string modestring = device_ref.contents_mode + ":" + device_ref.filenames_mode;
std::string mode_filename = std::string("/data") + e4crypt_key_mode; std::string mode_filename = std::string("/data") + fscrypt_key_mode;
if (!android::base::WriteStringToFile(modestring, mode_filename)) { if (!android::base::WriteStringToFile(modestring, mode_filename)) {
PLOG(ERROR) << "Cannot save type"; PLOG(ERROR) << "Cannot save type";
return false; return false;
} }
std::string ref_filename = std::string("/data") + e4crypt_key_ref; std::string ref_filename = std::string("/data") + fscrypt_key_ref;
if (!android::base::WriteStringToFile(device_ref.key_raw_ref, ref_filename)) { if (!android::base::WriteStringToFile(device_ref.key_raw_ref, ref_filename)) {
PLOG(ERROR) << "Cannot save key reference to:" << ref_filename; PLOG(ERROR) << "Cannot save key reference to:" << ref_filename;
return false; return false;
@ -363,9 +363,9 @@ bool e4crypt_initialize_global_de() {
return true; return true;
} }
bool e4crypt_init_user0() { bool fscrypt_init_user0() {
LOG(DEBUG) << "e4crypt_init_user0"; LOG(DEBUG) << "fscrypt_init_user0";
if (e4crypt_is_native()) { if (fscrypt_is_native()) {
if (!prepare_dir(user_key_dir, 0700, AID_ROOT, AID_ROOT)) return false; if (!prepare_dir(user_key_dir, 0700, AID_ROOT, AID_ROOT)) return false;
if (!prepare_dir(user_key_dir + "/ce", 0700, AID_ROOT, AID_ROOT)) return false; if (!prepare_dir(user_key_dir + "/ce", 0700, AID_ROOT, AID_ROOT)) return false;
if (!prepare_dir(user_key_dir + "/de", 0700, AID_ROOT, AID_ROOT)) return false; if (!prepare_dir(user_key_dir + "/de", 0700, AID_ROOT, AID_ROOT)) return false;
@ -379,28 +379,28 @@ bool e4crypt_init_user0() {
// We can only safely prepare DE storage here, since CE keys are probably // We can only safely prepare DE storage here, since CE keys are probably
// entangled with user credentials. The framework will always prepare CE // entangled with user credentials. The framework will always prepare CE
// storage once CE keys are installed. // storage once CE keys are installed.
if (!e4crypt_prepare_user_storage("", 0, 0, android::os::IVold::STORAGE_FLAG_DE)) { if (!fscrypt_prepare_user_storage("", 0, 0, android::os::IVold::STORAGE_FLAG_DE)) {
LOG(ERROR) << "Failed to prepare user 0 storage"; LOG(ERROR) << "Failed to prepare user 0 storage";
return false; return false;
} }
// If this is a non-FBE device that recently left an emulated mode, // If this is a non-FBE device that recently left an emulated mode,
// restore user data directories to known-good state. // restore user data directories to known-good state.
if (!e4crypt_is_native() && !e4crypt_is_emulated()) { if (!fscrypt_is_native() && !fscrypt_is_emulated()) {
e4crypt_unlock_user_key(0, 0, "!", "!"); fscrypt_unlock_user_key(0, 0, "!", "!");
} }
return true; return true;
} }
bool e4crypt_vold_create_user_key(userid_t user_id, int serial, bool ephemeral) { bool fscrypt_vold_create_user_key(userid_t user_id, int serial, bool ephemeral) {
LOG(DEBUG) << "e4crypt_vold_create_user_key for " << user_id << " serial " << serial; LOG(DEBUG) << "fscrypt_vold_create_user_key for " << user_id << " serial " << serial;
if (!e4crypt_is_native()) { if (!fscrypt_is_native()) {
return true; return true;
} }
// FIXME test for existence of key that is not loaded yet // FIXME test for existence of key that is not loaded yet
if (s_ce_key_raw_refs.count(user_id) != 0) { if (s_ce_key_raw_refs.count(user_id) != 0) {
LOG(ERROR) << "Already exists, can't e4crypt_vold_create_user_key for " << user_id LOG(ERROR) << "Already exists, can't fscrypt_vold_create_user_key for " << user_id
<< " serial " << serial; << " serial " << serial;
// FIXME should we fail the command? // FIXME should we fail the command?
return true; return true;
@ -433,9 +433,9 @@ static bool evict_ce_key(userid_t user_id) {
return success; return success;
} }
bool e4crypt_destroy_user_key(userid_t user_id) { bool fscrypt_destroy_user_key(userid_t user_id) {
LOG(DEBUG) << "e4crypt_destroy_user_key(" << user_id << ")"; LOG(DEBUG) << "fscrypt_destroy_user_key(" << user_id << ")";
if (!e4crypt_is_native()) { if (!fscrypt_is_native()) {
return true; return true;
} }
bool success = true; bool success = true;
@ -479,13 +479,13 @@ static bool emulated_unlock(const std::string& path, mode_t mode) {
if (chmod(path.c_str(), mode) != 0) { if (chmod(path.c_str(), mode) != 0) {
PLOG(ERROR) << "Failed to chmod " << path; PLOG(ERROR) << "Failed to chmod " << path;
// FIXME temporary workaround for b/26713622 // FIXME temporary workaround for b/26713622
if (e4crypt_is_emulated()) return false; if (fscrypt_is_emulated()) return false;
} }
#if EMULATED_USES_SELINUX #if EMULATED_USES_SELINUX
if (selinux_android_restorecon(path.c_str(), SELINUX_ANDROID_RESTORECON_FORCE) != 0) { if (selinux_android_restorecon(path.c_str(), SELINUX_ANDROID_RESTORECON_FORCE) != 0) {
PLOG(WARNING) << "Failed to restorecon " << path; PLOG(WARNING) << "Failed to restorecon " << path;
// FIXME temporary workaround for b/26713622 // FIXME temporary workaround for b/26713622
if (e4crypt_is_emulated()) return false; if (fscrypt_is_emulated()) return false;
} }
#endif #endif
return true; return true;
@ -548,11 +548,11 @@ static bool destroy_volkey(const std::string& misc_path, const std::string& volu
return android::vold::destroyKey(path); return android::vold::destroyKey(path);
} }
bool e4crypt_add_user_key_auth(userid_t user_id, int serial, const std::string& token_hex, bool fscrypt_add_user_key_auth(userid_t user_id, int serial, const std::string& token_hex,
const std::string& secret_hex) { const std::string& secret_hex) {
LOG(DEBUG) << "e4crypt_add_user_key_auth " << user_id << " serial=" << serial LOG(DEBUG) << "fscrypt_add_user_key_auth " << user_id << " serial=" << serial
<< " token_present=" << (token_hex != "!"); << " token_present=" << (token_hex != "!");
if (!e4crypt_is_native()) return true; if (!fscrypt_is_native()) return true;
if (s_ephemeral_users.count(user_id) != 0) return true; if (s_ephemeral_users.count(user_id) != 0) return true;
std::string token, secret; std::string token, secret;
if (!parse_hex(token_hex, &token)) return false; if (!parse_hex(token_hex, &token)) return false;
@ -573,9 +573,9 @@ bool e4crypt_add_user_key_auth(userid_t user_id, int serial, const std::string&
return true; return true;
} }
bool e4crypt_fixate_newest_user_key_auth(userid_t user_id) { bool fscrypt_fixate_newest_user_key_auth(userid_t user_id) {
LOG(DEBUG) << "e4crypt_fixate_newest_user_key_auth " << user_id; LOG(DEBUG) << "fscrypt_fixate_newest_user_key_auth " << user_id;
if (!e4crypt_is_native()) return true; if (!fscrypt_is_native()) return true;
if (s_ephemeral_users.count(user_id) != 0) return true; if (s_ephemeral_users.count(user_id) != 0) return true;
auto const directory_path = get_ce_key_directory_path(user_id); auto const directory_path = get_ce_key_directory_path(user_id);
auto const paths = get_ce_key_paths(directory_path); auto const paths = get_ce_key_paths(directory_path);
@ -588,11 +588,11 @@ bool e4crypt_fixate_newest_user_key_auth(userid_t user_id) {
} }
// TODO: rename to 'install' for consistency, and take flags to know which keys to install // TODO: rename to 'install' for consistency, and take flags to know which keys to install
bool e4crypt_unlock_user_key(userid_t user_id, int serial, const std::string& token_hex, bool fscrypt_unlock_user_key(userid_t user_id, int serial, const std::string& token_hex,
const std::string& secret_hex) { const std::string& secret_hex) {
LOG(DEBUG) << "e4crypt_unlock_user_key " << user_id << " serial=" << serial LOG(DEBUG) << "fscrypt_unlock_user_key " << user_id << " serial=" << serial
<< " token_present=" << (token_hex != "!"); << " token_present=" << (token_hex != "!");
if (e4crypt_is_native()) { if (fscrypt_is_native()) {
if (s_ce_key_raw_refs.count(user_id) != 0) { if (s_ce_key_raw_refs.count(user_id) != 0) {
LOG(WARNING) << "Tried to unlock already-unlocked key for user " << user_id; LOG(WARNING) << "Tried to unlock already-unlocked key for user " << user_id;
return true; return true;
@ -621,11 +621,11 @@ bool e4crypt_unlock_user_key(userid_t user_id, int serial, const std::string& to
} }
// TODO: rename to 'evict' for consistency // TODO: rename to 'evict' for consistency
bool e4crypt_lock_user_key(userid_t user_id) { bool fscrypt_lock_user_key(userid_t user_id) {
LOG(DEBUG) << "e4crypt_lock_user_key " << user_id; LOG(DEBUG) << "fscrypt_lock_user_key " << user_id;
if (e4crypt_is_native()) { if (fscrypt_is_native()) {
return evict_ce_key(user_id); return evict_ce_key(user_id);
} else if (e4crypt_is_emulated()) { } else if (fscrypt_is_emulated()) {
// When in emulation mode, we just use chmod // When in emulation mode, we just use chmod
if (!emulated_lock(android::vold::BuildDataSystemCePath(user_id)) || if (!emulated_lock(android::vold::BuildDataSystemCePath(user_id)) ||
!emulated_lock(android::vold::BuildDataMiscCePath(user_id)) || !emulated_lock(android::vold::BuildDataMiscCePath(user_id)) ||
@ -650,9 +650,9 @@ static bool prepare_subdirs(const std::string& action, const std::string& volume
return true; return true;
} }
bool e4crypt_prepare_user_storage(const std::string& volume_uuid, userid_t user_id, int serial, bool fscrypt_prepare_user_storage(const std::string& volume_uuid, userid_t user_id, int serial,
int flags) { int flags) {
LOG(DEBUG) << "e4crypt_prepare_user_storage for volume " << escape_empty(volume_uuid) LOG(DEBUG) << "fscrypt_prepare_user_storage for volume " << escape_empty(volume_uuid)
<< ", user " << user_id << ", serial " << serial << ", flags " << flags; << ", user " << user_id << ", serial " << serial << ", flags " << flags;
if (flags & android::os::IVold::STORAGE_FLAG_DE) { if (flags & android::os::IVold::STORAGE_FLAG_DE) {
@ -682,7 +682,7 @@ bool e4crypt_prepare_user_storage(const std::string& volume_uuid, userid_t user_
} }
if (!prepare_dir(user_de_path, 0771, AID_SYSTEM, AID_SYSTEM)) return false; if (!prepare_dir(user_de_path, 0771, AID_SYSTEM, AID_SYSTEM)) return false;
if (e4crypt_is_native()) { if (fscrypt_is_native()) {
PolicyKeyRef de_ref; PolicyKeyRef de_ref;
if (volume_uuid.empty()) { if (volume_uuid.empty()) {
if (!lookup_key_ref(s_de_key_raw_refs, user_id, &de_ref.key_raw_ref)) return false; if (!lookup_key_ref(s_de_key_raw_refs, user_id, &de_ref.key_raw_ref)) return false;
@ -713,7 +713,7 @@ bool e4crypt_prepare_user_storage(const std::string& volume_uuid, userid_t user_
if (!prepare_dir(media_ce_path, 0770, AID_MEDIA_RW, AID_MEDIA_RW)) return false; if (!prepare_dir(media_ce_path, 0770, AID_MEDIA_RW, AID_MEDIA_RW)) return false;
if (!prepare_dir(user_ce_path, 0771, AID_SYSTEM, AID_SYSTEM)) return false; if (!prepare_dir(user_ce_path, 0771, AID_SYSTEM, AID_SYSTEM)) return false;
if (e4crypt_is_native()) { if (fscrypt_is_native()) {
PolicyKeyRef ce_ref; PolicyKeyRef ce_ref;
if (volume_uuid.empty()) { if (volume_uuid.empty()) {
if (!lookup_key_ref(s_ce_key_raw_refs, user_id, &ce_ref.key_raw_ref)) return false; if (!lookup_key_ref(s_ce_key_raw_refs, user_id, &ce_ref.key_raw_ref)) return false;
@ -742,8 +742,8 @@ bool e4crypt_prepare_user_storage(const std::string& volume_uuid, userid_t user_
return true; return true;
} }
bool e4crypt_destroy_user_storage(const std::string& volume_uuid, userid_t user_id, int flags) { bool fscrypt_destroy_user_storage(const std::string& volume_uuid, userid_t user_id, int flags) {
LOG(DEBUG) << "e4crypt_destroy_user_storage for volume " << escape_empty(volume_uuid) LOG(DEBUG) << "fscrypt_destroy_user_storage for volume " << escape_empty(volume_uuid)
<< ", user " << user_id << ", flags " << flags; << ", user " << user_id << ", flags " << flags;
bool res = true; bool res = true;
@ -764,7 +764,7 @@ bool e4crypt_destroy_user_storage(const std::string& volume_uuid, userid_t user_
res &= destroy_dir(misc_ce_path); res &= destroy_dir(misc_ce_path);
res &= destroy_dir(vendor_ce_path); res &= destroy_dir(vendor_ce_path);
} else { } else {
if (e4crypt_is_native()) { if (fscrypt_is_native()) {
res &= destroy_volkey(misc_ce_path, volume_uuid); res &= destroy_volkey(misc_ce_path, volume_uuid);
} }
} }
@ -793,7 +793,7 @@ bool e4crypt_destroy_user_storage(const std::string& volume_uuid, userid_t user_
res &= destroy_dir(misc_de_path); res &= destroy_dir(misc_de_path);
res &= destroy_dir(vendor_de_path); res &= destroy_dir(vendor_de_path);
} else { } else {
if (e4crypt_is_native()) { if (fscrypt_is_native()) {
res &= destroy_volkey(misc_de_path, volume_uuid); res &= destroy_volkey(misc_de_path, volume_uuid);
} }
} }
@ -828,9 +828,9 @@ static bool destroy_volume_keys(const std::string& directory_path, const std::st
return res; return res;
} }
bool e4crypt_destroy_volume_keys(const std::string& volume_uuid) { bool fscrypt_destroy_volume_keys(const std::string& volume_uuid) {
bool res = true; bool res = true;
LOG(DEBUG) << "e4crypt_destroy_volume_keys for volume " << escape_empty(volume_uuid); LOG(DEBUG) << "fscrypt_destroy_volume_keys for volume " << escape_empty(volume_uuid);
auto secdiscardable_path = volume_secdiscardable_path(volume_uuid); auto secdiscardable_path = volume_secdiscardable_path(volume_uuid);
res &= android::vold::runSecdiscardSingle(secdiscardable_path); res &= android::vold::runSecdiscardSingle(secdiscardable_path);
res &= destroy_volume_keys("/data/misc_ce", volume_uuid); res &= destroy_volume_keys("/data/misc_ce", volume_uuid);

View file

@ -18,21 +18,21 @@
#include <cutils/multiuser.h> #include <cutils/multiuser.h>
bool e4crypt_initialize_global_de(); bool fscrypt_initialize_global_de();
bool e4crypt_init_user0(); bool fscrypt_init_user0();
bool e4crypt_vold_create_user_key(userid_t user_id, int serial, bool ephemeral); bool fscrypt_vold_create_user_key(userid_t user_id, int serial, bool ephemeral);
bool e4crypt_destroy_user_key(userid_t user_id); bool fscrypt_destroy_user_key(userid_t user_id);
bool e4crypt_add_user_key_auth(userid_t user_id, int serial, const std::string& token, bool fscrypt_add_user_key_auth(userid_t user_id, int serial, const std::string& token,
const std::string& secret); const std::string& secret);
bool e4crypt_fixate_newest_user_key_auth(userid_t user_id); bool fscrypt_fixate_newest_user_key_auth(userid_t user_id);
bool e4crypt_unlock_user_key(userid_t user_id, int serial, const std::string& token, bool fscrypt_unlock_user_key(userid_t user_id, int serial, const std::string& token,
const std::string& secret); const std::string& secret);
bool e4crypt_lock_user_key(userid_t user_id); bool fscrypt_lock_user_key(userid_t user_id);
bool e4crypt_prepare_user_storage(const std::string& volume_uuid, userid_t user_id, int serial, bool fscrypt_prepare_user_storage(const std::string& volume_uuid, userid_t user_id, int serial,
int flags); int flags);
bool e4crypt_destroy_user_storage(const std::string& volume_uuid, userid_t user_id, int flags); bool fscrypt_destroy_user_storage(const std::string& volume_uuid, userid_t user_id, int flags);
bool e4crypt_destroy_volume_keys(const std::string& volume_uuid); bool fscrypt_destroy_volume_keys(const std::string& volume_uuid);

View file

@ -16,6 +16,7 @@
#include "KeyUtil.h" #include "KeyUtil.h"
#include <linux/fs.h>
#include <iomanip> #include <iomanip>
#include <sstream> #include <sstream>
#include <string> #include <string>
@ -32,22 +33,10 @@
namespace android { namespace android {
namespace vold { namespace vold {
// ext4enc:TODO get this const from somewhere good constexpr int FS_AES_256_XTS_KEY_SIZE = 64;
const int EXT4_KEY_DESCRIPTOR_SIZE = 8;
// ext4enc:TODO Include structure from somewhere sensible
// MUST be in sync with ext4_crypto.c in kernel
constexpr int EXT4_ENCRYPTION_MODE_AES_256_XTS = 1;
constexpr int EXT4_AES_256_XTS_KEY_SIZE = 64;
constexpr int EXT4_MAX_KEY_SIZE = 64;
struct ext4_encryption_key {
uint32_t mode;
char raw[EXT4_MAX_KEY_SIZE];
uint32_t size;
};
bool randomKey(KeyBuffer* key) { bool randomKey(KeyBuffer* key) {
*key = KeyBuffer(EXT4_AES_256_XTS_KEY_SIZE); *key = KeyBuffer(FS_AES_256_XTS_KEY_SIZE);
if (ReadRandomBytes(key->size(), key->data()) != 0) { if (ReadRandomBytes(key->size(), key->data()) != 0) {
// TODO status_t plays badly with PLOG, fix it. // TODO status_t plays badly with PLOG, fix it.
LOG(ERROR) << "Random read failed"; LOG(ERROR) << "Random read failed";
@ -57,7 +46,7 @@ bool randomKey(KeyBuffer* key) {
} }
// Get raw keyref - used to make keyname and to pass to ioctl // Get raw keyref - used to make keyname and to pass to ioctl
static std::string generateKeyRef(const char* key, int length) { static std::string generateKeyRef(const uint8_t* key, int length) {
SHA512_CTX c; SHA512_CTX c;
SHA512_Init(&c); SHA512_Init(&c);
@ -70,21 +59,20 @@ static std::string generateKeyRef(const char* key, int length) {
unsigned char key_ref2[SHA512_DIGEST_LENGTH]; unsigned char key_ref2[SHA512_DIGEST_LENGTH];
SHA512_Final(key_ref2, &c); SHA512_Final(key_ref2, &c);
static_assert(EXT4_KEY_DESCRIPTOR_SIZE <= SHA512_DIGEST_LENGTH, static_assert(FS_KEY_DESCRIPTOR_SIZE <= SHA512_DIGEST_LENGTH, "Hash too short for descriptor");
"Hash too short for descriptor"); return std::string((char*)key_ref2, FS_KEY_DESCRIPTOR_SIZE);
return std::string((char*)key_ref2, EXT4_KEY_DESCRIPTOR_SIZE);
} }
static bool fillKey(const KeyBuffer& key, ext4_encryption_key* ext4_key) { static bool fillKey(const KeyBuffer& key, fscrypt_key* fs_key) {
if (key.size() != EXT4_AES_256_XTS_KEY_SIZE) { if (key.size() != FS_AES_256_XTS_KEY_SIZE) {
LOG(ERROR) << "Wrong size key " << key.size(); LOG(ERROR) << "Wrong size key " << key.size();
return false; return false;
} }
static_assert(EXT4_AES_256_XTS_KEY_SIZE <= sizeof(ext4_key->raw), "Key too long!"); static_assert(FS_AES_256_XTS_KEY_SIZE <= sizeof(fs_key->raw), "Key too long!");
ext4_key->mode = EXT4_ENCRYPTION_MODE_AES_256_XTS; fs_key->mode = FS_ENCRYPTION_MODE_AES_256_XTS;
ext4_key->size = key.size(); fs_key->size = key.size();
memset(ext4_key->raw, 0, sizeof(ext4_key->raw)); memset(fs_key->raw, 0, sizeof(fs_key->raw));
memcpy(ext4_key->raw, key.data(), key.size()); memcpy(fs_key->raw, key.data(), key.size());
return true; return true;
} }
@ -100,8 +88,8 @@ static std::string keyname(const std::string& prefix, const std::string& raw_ref
} }
// Get the keyring we store all keys in // Get the keyring we store all keys in
static bool e4cryptKeyring(key_serial_t* device_keyring) { static bool fscryptKeyring(key_serial_t* device_keyring) {
*device_keyring = keyctl_search(KEY_SPEC_SESSION_KEYRING, "keyring", "e4crypt", 0); *device_keyring = keyctl_search(KEY_SPEC_SESSION_KEYRING, "keyring", "fscrypt", 0);
if (*device_keyring == -1) { if (*device_keyring == -1) {
PLOG(ERROR) << "Unable to find device keyring"; PLOG(ERROR) << "Unable to find device keyring";
return false; return false;
@ -112,18 +100,18 @@ static bool e4cryptKeyring(key_serial_t* device_keyring) {
// Install password into global keyring // Install password into global keyring
// Return raw key reference for use in policy // Return raw key reference for use in policy
bool installKey(const KeyBuffer& key, std::string* raw_ref) { bool installKey(const KeyBuffer& key, std::string* raw_ref) {
// Place ext4_encryption_key into automatically zeroing buffer. // Place fscrypt_key into automatically zeroing buffer.
KeyBuffer ext4KeyBuffer(sizeof(ext4_encryption_key)); KeyBuffer fsKeyBuffer(sizeof(fscrypt_key));
ext4_encryption_key& ext4_key = *reinterpret_cast<ext4_encryption_key*>(ext4KeyBuffer.data()); fscrypt_key& fs_key = *reinterpret_cast<fscrypt_key*>(fsKeyBuffer.data());
if (!fillKey(key, &ext4_key)) return false; if (!fillKey(key, &fs_key)) return false;
*raw_ref = generateKeyRef(ext4_key.raw, ext4_key.size); *raw_ref = generateKeyRef(fs_key.raw, fs_key.size);
key_serial_t device_keyring; key_serial_t device_keyring;
if (!e4cryptKeyring(&device_keyring)) return false; if (!fscryptKeyring(&device_keyring)) return false;
for (char const* const* name_prefix = NAME_PREFIXES; *name_prefix != nullptr; name_prefix++) { for (char const* const* name_prefix = NAME_PREFIXES; *name_prefix != nullptr; name_prefix++) {
auto ref = keyname(*name_prefix, *raw_ref); auto ref = keyname(*name_prefix, *raw_ref);
key_serial_t key_id = key_serial_t key_id =
add_key("logon", ref.c_str(), (void*)&ext4_key, sizeof(ext4_key), device_keyring); add_key("logon", ref.c_str(), (void*)&fs_key, sizeof(fs_key), device_keyring);
if (key_id == -1) { if (key_id == -1) {
PLOG(ERROR) << "Failed to insert key into keyring " << device_keyring; PLOG(ERROR) << "Failed to insert key into keyring " << device_keyring;
return false; return false;
@ -136,7 +124,7 @@ bool installKey(const KeyBuffer& key, std::string* raw_ref) {
bool evictKey(const std::string& raw_ref) { bool evictKey(const std::string& raw_ref) {
key_serial_t device_keyring; key_serial_t device_keyring;
if (!e4cryptKeyring(&device_keyring)) return false; if (!fscryptKeyring(&device_keyring)) return false;
bool success = true; bool success = true;
for (char const* const* name_prefix = NAME_PREFIXES; *name_prefix != nullptr; name_prefix++) { for (char const* const* name_prefix = NAME_PREFIXES; *name_prefix != nullptr; name_prefix++) {
auto ref = keyname(*name_prefix, raw_ref); auto ref = keyname(*name_prefix, raw_ref);

View file

@ -194,11 +194,11 @@ static bool create_crypto_blk_dev(const std::string& dm_name, uint64_t nr_sec,
return true; return true;
} }
bool e4crypt_mount_metadata_encrypted(const std::string& mount_point, bool needs_encrypt) { bool fscrypt_mount_metadata_encrypted(const std::string& mount_point, bool needs_encrypt) {
LOG(DEBUG) << "e4crypt_mount_metadata_encrypted: " << mount_point << " " << needs_encrypt; LOG(DEBUG) << "fscrypt_mount_metadata_encrypted: " << mount_point << " " << needs_encrypt;
auto encrypted_state = android::base::GetProperty("ro.crypto.state", ""); auto encrypted_state = android::base::GetProperty("ro.crypto.state", "");
if (encrypted_state != "") { if (encrypted_state != "") {
LOG(DEBUG) << "e4crypt_enable_crypto got unexpected starting state: " << encrypted_state; LOG(DEBUG) << "fscrypt_enable_crypto got unexpected starting state: " << encrypted_state;
return false; return false;
} }
auto data_rec = fs_mgr_get_entry_for_mount_point(fstab_default, mount_point); auto data_rec = fs_mgr_get_entry_for_mount_point(fstab_default, mount_point);

View file

@ -19,6 +19,6 @@
#include <string> #include <string>
bool e4crypt_mount_metadata_encrypted(const std::string& mount_point, bool needs_encrypt); bool fscrypt_mount_metadata_encrypted(const std::string& mount_point, bool needs_encrypt);
#endif #endif

View file

@ -25,7 +25,7 @@
#include "VolumeManager.h" #include "VolumeManager.h"
#include "Checkpoint.h" #include "Checkpoint.h"
#include "Ext4Crypt.h" #include "FsCrypt.h"
#include "MetadataCrypt.h" #include "MetadataCrypt.h"
#include "cryptfs.h" #include "cryptfs.h"
@ -35,8 +35,8 @@
#include <android-base/logging.h> #include <android-base/logging.h>
#include <android-base/stringprintf.h> #include <android-base/stringprintf.h>
#include <android-base/strings.h> #include <android-base/strings.h>
#include <ext4_utils/ext4_crypt.h>
#include <fs_mgr.h> #include <fs_mgr.h>
#include <fscrypt/fscrypt.h>
#include <private/android_filesystem_config.h> #include <private/android_filesystem_config.h>
#include <utils/Trace.h> #include <utils/Trace.h>
@ -574,11 +574,11 @@ binder::Status VoldNativeService::fdeEnable(int32_t passwordType, const std::str
ACQUIRE_CRYPT_LOCK; ACQUIRE_CRYPT_LOCK;
LOG(DEBUG) << "fdeEnable(" << passwordType << ", *, " << encryptionFlags << ")"; LOG(DEBUG) << "fdeEnable(" << passwordType << ", *, " << encryptionFlags << ")";
if (e4crypt_is_native()) { if (fscrypt_is_native()) {
LOG(ERROR) << "e4crypt_is_native, fdeEnable invalid"; LOG(ERROR) << "fscrypt_is_native, fdeEnable invalid";
return error("e4crypt_is_native, fdeEnable invalid"); return error("fscrypt_is_native, fdeEnable invalid");
} }
LOG(DEBUG) << "!e4crypt_is_native, spawning fdeEnableInternal"; LOG(DEBUG) << "!fscrypt_is_native, spawning fdeEnableInternal";
// Spawn as thread so init can issue commands back to vold without // Spawn as thread so init can issue commands back to vold without
// causing deadlock, usually as a result of prep_data_fs. // causing deadlock, usually as a result of prep_data_fs.
@ -652,14 +652,14 @@ binder::Status VoldNativeService::fbeEnable() {
ENFORCE_UID(AID_SYSTEM); ENFORCE_UID(AID_SYSTEM);
ACQUIRE_CRYPT_LOCK; ACQUIRE_CRYPT_LOCK;
return translateBool(e4crypt_initialize_global_de()); return translateBool(fscrypt_initialize_global_de());
} }
binder::Status VoldNativeService::mountDefaultEncrypted() { binder::Status VoldNativeService::mountDefaultEncrypted() {
ENFORCE_UID(AID_SYSTEM); ENFORCE_UID(AID_SYSTEM);
ACQUIRE_CRYPT_LOCK; ACQUIRE_CRYPT_LOCK;
if (!e4crypt_is_native()) { if (!fscrypt_is_native()) {
// Spawn as thread so init can issue commands back to vold without // Spawn as thread so init can issue commands back to vold without
// causing deadlock, usually as a result of prep_data_fs. // causing deadlock, usually as a result of prep_data_fs.
std::thread(&cryptfs_mount_default_encrypted).detach(); std::thread(&cryptfs_mount_default_encrypted).detach();
@ -671,7 +671,7 @@ binder::Status VoldNativeService::initUser0() {
ENFORCE_UID(AID_SYSTEM); ENFORCE_UID(AID_SYSTEM);
ACQUIRE_CRYPT_LOCK; ACQUIRE_CRYPT_LOCK;
return translateBool(e4crypt_init_user0()); return translateBool(fscrypt_init_user0());
} }
binder::Status VoldNativeService::isConvertibleToFbe(bool* _aidl_return) { binder::Status VoldNativeService::isConvertibleToFbe(bool* _aidl_return) {
@ -686,28 +686,28 @@ binder::Status VoldNativeService::mountFstab(const std::string& mountPoint) {
ENFORCE_UID(AID_SYSTEM); ENFORCE_UID(AID_SYSTEM);
ACQUIRE_LOCK; ACQUIRE_LOCK;
return translateBool(e4crypt_mount_metadata_encrypted(mountPoint, false)); return translateBool(fscrypt_mount_metadata_encrypted(mountPoint, false));
} }
binder::Status VoldNativeService::encryptFstab(const std::string& mountPoint) { binder::Status VoldNativeService::encryptFstab(const std::string& mountPoint) {
ENFORCE_UID(AID_SYSTEM); ENFORCE_UID(AID_SYSTEM);
ACQUIRE_LOCK; ACQUIRE_LOCK;
return translateBool(e4crypt_mount_metadata_encrypted(mountPoint, true)); return translateBool(fscrypt_mount_metadata_encrypted(mountPoint, true));
} }
binder::Status VoldNativeService::createUserKey(int32_t userId, int32_t userSerial, bool ephemeral) { binder::Status VoldNativeService::createUserKey(int32_t userId, int32_t userSerial, bool ephemeral) {
ENFORCE_UID(AID_SYSTEM); ENFORCE_UID(AID_SYSTEM);
ACQUIRE_CRYPT_LOCK; ACQUIRE_CRYPT_LOCK;
return translateBool(e4crypt_vold_create_user_key(userId, userSerial, ephemeral)); return translateBool(fscrypt_vold_create_user_key(userId, userSerial, ephemeral));
} }
binder::Status VoldNativeService::destroyUserKey(int32_t userId) { binder::Status VoldNativeService::destroyUserKey(int32_t userId) {
ENFORCE_UID(AID_SYSTEM); ENFORCE_UID(AID_SYSTEM);
ACQUIRE_CRYPT_LOCK; ACQUIRE_CRYPT_LOCK;
return translateBool(e4crypt_destroy_user_key(userId)); return translateBool(fscrypt_destroy_user_key(userId));
} }
binder::Status VoldNativeService::addUserKeyAuth(int32_t userId, int32_t userSerial, binder::Status VoldNativeService::addUserKeyAuth(int32_t userId, int32_t userSerial,
@ -716,14 +716,14 @@ binder::Status VoldNativeService::addUserKeyAuth(int32_t userId, int32_t userSer
ENFORCE_UID(AID_SYSTEM); ENFORCE_UID(AID_SYSTEM);
ACQUIRE_CRYPT_LOCK; ACQUIRE_CRYPT_LOCK;
return translateBool(e4crypt_add_user_key_auth(userId, userSerial, token, secret)); return translateBool(fscrypt_add_user_key_auth(userId, userSerial, token, secret));
} }
binder::Status VoldNativeService::fixateNewestUserKeyAuth(int32_t userId) { binder::Status VoldNativeService::fixateNewestUserKeyAuth(int32_t userId) {
ENFORCE_UID(AID_SYSTEM); ENFORCE_UID(AID_SYSTEM);
ACQUIRE_CRYPT_LOCK; ACQUIRE_CRYPT_LOCK;
return translateBool(e4crypt_fixate_newest_user_key_auth(userId)); return translateBool(fscrypt_fixate_newest_user_key_auth(userId));
} }
binder::Status VoldNativeService::unlockUserKey(int32_t userId, int32_t userSerial, binder::Status VoldNativeService::unlockUserKey(int32_t userId, int32_t userSerial,
@ -732,14 +732,14 @@ binder::Status VoldNativeService::unlockUserKey(int32_t userId, int32_t userSeri
ENFORCE_UID(AID_SYSTEM); ENFORCE_UID(AID_SYSTEM);
ACQUIRE_CRYPT_LOCK; ACQUIRE_CRYPT_LOCK;
return translateBool(e4crypt_unlock_user_key(userId, userSerial, token, secret)); return translateBool(fscrypt_unlock_user_key(userId, userSerial, token, secret));
} }
binder::Status VoldNativeService::lockUserKey(int32_t userId) { binder::Status VoldNativeService::lockUserKey(int32_t userId) {
ENFORCE_UID(AID_SYSTEM); ENFORCE_UID(AID_SYSTEM);
ACQUIRE_CRYPT_LOCK; ACQUIRE_CRYPT_LOCK;
return translateBool(e4crypt_lock_user_key(userId)); return translateBool(fscrypt_lock_user_key(userId));
} }
binder::Status VoldNativeService::prepareUserStorage(const std::unique_ptr<std::string>& uuid, binder::Status VoldNativeService::prepareUserStorage(const std::unique_ptr<std::string>& uuid,
@ -751,7 +751,7 @@ binder::Status VoldNativeService::prepareUserStorage(const std::unique_ptr<std::
CHECK_ARGUMENT_HEX(uuid_); CHECK_ARGUMENT_HEX(uuid_);
ACQUIRE_CRYPT_LOCK; ACQUIRE_CRYPT_LOCK;
return translateBool(e4crypt_prepare_user_storage(uuid_, userId, userSerial, flags)); return translateBool(fscrypt_prepare_user_storage(uuid_, userId, userSerial, flags));
} }
binder::Status VoldNativeService::destroyUserStorage(const std::unique_ptr<std::string>& uuid, binder::Status VoldNativeService::destroyUserStorage(const std::unique_ptr<std::string>& uuid,
@ -762,7 +762,7 @@ binder::Status VoldNativeService::destroyUserStorage(const std::unique_ptr<std::
CHECK_ARGUMENT_HEX(uuid_); CHECK_ARGUMENT_HEX(uuid_);
ACQUIRE_CRYPT_LOCK; ACQUIRE_CRYPT_LOCK;
return translateBool(e4crypt_destroy_user_storage(uuid_, userId, flags)); return translateBool(fscrypt_destroy_user_storage(uuid_, userId, flags));
} }
binder::Status VoldNativeService::startCheckpoint(int32_t retry) { binder::Status VoldNativeService::startCheckpoint(int32_t retry) {

View file

@ -48,10 +48,10 @@
#include <private/android_filesystem_config.h> #include <private/android_filesystem_config.h>
#include <ext4_utils/ext4_crypt.h> #include <fscrypt/fscrypt.h>
#include "Devmapper.h" #include "Devmapper.h"
#include "Ext4Crypt.h" #include "FsCrypt.h"
#include "Loop.h" #include "Loop.h"
#include "NetlinkManager.h" #include "NetlinkManager.h"
#include "Process.h" #include "Process.h"
@ -331,8 +331,8 @@ int VolumeManager::forgetPartition(const std::string& partGuid, const std::strin
LOG(ERROR) << "Failed to unlink " << keyPath; LOG(ERROR) << "Failed to unlink " << keyPath;
success = false; success = false;
} }
if (e4crypt_is_native()) { if (fscrypt_is_native()) {
if (!e4crypt_destroy_volume_keys(fsUuid)) { if (!fscrypt_destroy_volume_keys(fsUuid)) {
success = false; success = false;
} }
} }

View file

@ -26,7 +26,7 @@
#include "Checkpoint.h" #include "Checkpoint.h"
#include "EncryptInplace.h" #include "EncryptInplace.h"
#include "Ext4Crypt.h" #include "FsCrypt.h"
#include "Keymaster.h" #include "Keymaster.h"
#include "Process.h" #include "Process.h"
#include "ScryptParameters.h" #include "ScryptParameters.h"
@ -38,10 +38,10 @@
#include <bootloader_message/bootloader_message.h> #include <bootloader_message/bootloader_message.h>
#include <cutils/android_reboot.h> #include <cutils/android_reboot.h>
#include <cutils/properties.h> #include <cutils/properties.h>
#include <ext4_utils/ext4_crypt.h>
#include <ext4_utils/ext4_utils.h> #include <ext4_utils/ext4_utils.h>
#include <f2fs_sparseblock.h> #include <f2fs_sparseblock.h>
#include <fs_mgr.h> #include <fs_mgr.h>
#include <fscrypt/fscrypt.h>
#include <hardware_legacy/power.h> #include <hardware_legacy/power.h>
#include <log/log.h> #include <log/log.h>
#include <logwrap/logwrap.h> #include <logwrap/logwrap.h>
@ -1606,7 +1606,7 @@ static int cryptfs_restart_internal(int restart_main) {
int cryptfs_restart(void) { int cryptfs_restart(void) {
SLOGI("cryptfs_restart"); SLOGI("cryptfs_restart");
if (e4crypt_is_native()) { if (fscrypt_is_native()) {
SLOGE("cryptfs_restart not valid for file encryption:"); SLOGE("cryptfs_restart not valid for file encryption:");
return -1; return -1;
} }
@ -1627,7 +1627,7 @@ static int do_crypto_complete(const char* mount_point) {
} }
// crypto_complete is full disk encrypted status // crypto_complete is full disk encrypted status
if (e4crypt_is_native()) { if (fscrypt_is_native()) {
return CRYPTO_COMPLETE_NOT_ENCRYPTED; return CRYPTO_COMPLETE_NOT_ENCRYPTED;
} }
@ -1823,7 +1823,7 @@ int cryptfs_setup_ext_volume(const char* label, const char* real_blkdev, const u
strlcpy((char*)ext_crypt_ftr.crypto_type_name, cryptfs_get_crypto_name(), strlcpy((char*)ext_crypt_ftr.crypto_type_name, cryptfs_get_crypto_name(),
MAX_CRYPTO_TYPE_NAME_LEN); MAX_CRYPTO_TYPE_NAME_LEN);
uint32_t flags = 0; uint32_t flags = 0;
if (e4crypt_is_native() && if (fscrypt_is_native() &&
android::base::GetBoolProperty("ro.crypto.allow_encrypt_override", false)) android::base::GetBoolProperty("ro.crypto.allow_encrypt_override", false))
flags |= CREATE_CRYPTO_BLK_DEV_FLAGS_ALLOW_ENCRYPT_OVERRIDE; flags |= CREATE_CRYPTO_BLK_DEV_FLAGS_ALLOW_ENCRYPT_OVERRIDE;
@ -1862,7 +1862,7 @@ int check_unmounted_and_get_ftr(struct crypt_mnt_ftr* crypt_ftr) {
int cryptfs_check_passwd(const char* passwd) { int cryptfs_check_passwd(const char* passwd) {
SLOGI("cryptfs_check_passwd"); SLOGI("cryptfs_check_passwd");
if (e4crypt_is_native()) { if (fscrypt_is_native()) {
SLOGE("cryptfs_check_passwd not valid for file encryption"); SLOGE("cryptfs_check_passwd not valid for file encryption");
return -1; return -1;
} }
@ -2407,7 +2407,7 @@ int cryptfs_enable_default(int no_ui) {
} }
int cryptfs_changepw(int crypt_type, const char* newpw) { int cryptfs_changepw(int crypt_type, const char* newpw) {
if (e4crypt_is_native()) { if (fscrypt_is_native()) {
SLOGE("cryptfs_changepw not valid for file encryption"); SLOGE("cryptfs_changepw not valid for file encryption");
return -1; return -1;
} }
@ -2602,7 +2602,7 @@ static int persist_count_keys(const char* fieldname) {
/* Return the value of the specified field. */ /* Return the value of the specified field. */
int cryptfs_getfield(const char* fieldname, char* value, int len) { int cryptfs_getfield(const char* fieldname, char* value, int len) {
if (e4crypt_is_native()) { if (fscrypt_is_native()) {
SLOGE("Cannot get field when file encrypted"); SLOGE("Cannot get field when file encrypted");
return -1; return -1;
} }
@ -2667,7 +2667,7 @@ out:
/* Set the value of the specified field. */ /* Set the value of the specified field. */
int cryptfs_setfield(const char* fieldname, const char* value) { int cryptfs_setfield(const char* fieldname, const char* value) {
if (e4crypt_is_native()) { if (fscrypt_is_native()) {
SLOGE("Cannot set field when file encrypted"); SLOGE("Cannot set field when file encrypted");
return -1; return -1;
} }
@ -2787,7 +2787,7 @@ int cryptfs_mount_default_encrypted(void) {
/* Returns type of the password, default, pattern, pin or password. /* Returns type of the password, default, pattern, pin or password.
*/ */
int cryptfs_get_password_type(void) { int cryptfs_get_password_type(void) {
if (e4crypt_is_native()) { if (fscrypt_is_native()) {
SLOGE("cryptfs_get_password_type not valid for file encryption"); SLOGE("cryptfs_get_password_type not valid for file encryption");
return -1; return -1;
} }
@ -2807,7 +2807,7 @@ int cryptfs_get_password_type(void) {
} }
const char* cryptfs_get_password() { const char* cryptfs_get_password() {
if (e4crypt_is_native()) { if (fscrypt_is_native()) {
SLOGE("cryptfs_get_password not valid for file encryption"); SLOGE("cryptfs_get_password not valid for file encryption");
return 0; return 0;
} }

View file

@ -36,12 +36,12 @@
#include <android-base/properties.h> #include <android-base/properties.h>
#include <android-base/stringprintf.h> #include <android-base/stringprintf.h>
#include <cutils/properties.h> #include <cutils/properties.h>
#include <ext4_utils/ext4_crypt.h> #include <fscrypt/fscrypt.h>
#include <logwrap/logwrap.h> #include <logwrap/logwrap.h>
#include <selinux/selinux.h> #include <selinux/selinux.h>
#include "Ext4.h" #include "Ext4.h"
#include "Ext4Crypt.h" #include "FsCrypt.h"
#include "Utils.h" #include "Utils.h"
#include "VoldUtil.h" #include "VoldUtil.h"
@ -175,7 +175,7 @@ status_t Format(const std::string& source, unsigned long numSectors, const std::
if (android::base::GetBoolProperty("vold.has_quota", false)) { if (android::base::GetBoolProperty("vold.has_quota", false)) {
options += ",quota"; options += ",quota";
} }
if (e4crypt_is_native()) { if (fscrypt_is_native()) {
options += ",encrypt"; options += ",encrypt";
} }

View file

@ -20,7 +20,7 @@
#include <android-base/logging.h> #include <android-base/logging.h>
#include <android-base/properties.h> #include <android-base/properties.h>
#include <android-base/stringprintf.h> #include <android-base/stringprintf.h>
#include <ext4_utils/ext4_crypt.h> #include <fscrypt/fscrypt.h>
#include <string> #include <string>
#include <vector> #include <vector>
@ -81,7 +81,7 @@ status_t Format(const std::string& source) {
cmd.push_back("-O"); cmd.push_back("-O");
cmd.push_back("quota"); cmd.push_back("quota");
} }
if (e4crypt_is_native()) { if (fscrypt_is_native()) {
cmd.push_back("-O"); cmd.push_back("-O");
cmd.push_back("encrypt"); cmd.push_back("encrypt");
} }

View file

@ -15,7 +15,7 @@
*/ */
#include "Disk.h" #include "Disk.h"
#include "Ext4Crypt.h" #include "FsCrypt.h"
#include "PrivateVolume.h" #include "PrivateVolume.h"
#include "PublicVolume.h" #include "PublicVolume.h"
#include "Utils.h" #include "Utils.h"
@ -28,7 +28,7 @@
#include <android-base/properties.h> #include <android-base/properties.h>
#include <android-base/stringprintf.h> #include <android-base/stringprintf.h>
#include <android-base/strings.h> #include <android-base/strings.h>
#include <ext4_utils/ext4_crypt.h> #include <fscrypt/fscrypt.h>
#include "cryptfs.h" #include "cryptfs.h"