f3dc4203dd
When the kernel supports the new fscrypt key management ioctls, use them instead of add_key() and keyctl_unlink(). This will be needed in order to support v2 encryption policies, since v2 encryption policies only support the new ioctls. The new ioctls have other advantages too. For example, FS_IOC_REMOVE_ENCRYPTION_KEY automatically evicts exactly the necessary kernel objects, so the drop_caches sysctl is no longer needed. This makes evicting keys faster and more reliable. FS_IOC_REMOVE_ENCRYPTION_KEY also detects if any files are still open and therefore couldn't be "locked", whereas this went undetected before. Therefore, to start out this patch adds support for using the new ioctls for v1 encryption policies, i.e. on existing devices. (Originally based on a patch by Satya Tangirala <satyat@google.com>) Bug: 140500828 Test: tested that a device using v1 policies continues to work, both with and without an updated kernel. See If64028d8580584b2c33c614cabd5d6b93657f608 for more details. Also checked via the log that the filesystem-level keyring is in fact used when supported. Change-Id: I296ef78138578a3fd773797ac0cd46af1296b959
44 lines
1.5 KiB
C++
44 lines
1.5 KiB
C++
/*
|
|
* Copyright (C) 2016 The Android Open Source Project
|
|
*
|
|
* Licensed under the Apache License, Version 2.0 (the "License");
|
|
* you may not use this file except in compliance with the License.
|
|
* You may obtain a copy of the License at
|
|
*
|
|
* http://www.apache.org/licenses/LICENSE-2.0
|
|
*
|
|
* Unless required by applicable law or agreed to in writing, software
|
|
* distributed under the License is distributed on an "AS IS" BASIS,
|
|
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
|
* See the License for the specific language governing permissions and
|
|
* limitations under the License.
|
|
*/
|
|
|
|
#ifndef ANDROID_VOLD_KEYUTIL_H
|
|
#define ANDROID_VOLD_KEYUTIL_H
|
|
|
|
#include "KeyBuffer.h"
|
|
#include "KeyStorage.h"
|
|
|
|
#include <memory>
|
|
#include <string>
|
|
|
|
namespace android {
|
|
namespace vold {
|
|
|
|
bool randomKey(KeyBuffer* key);
|
|
|
|
bool isFsKeyringSupported(void);
|
|
|
|
bool installKey(const KeyBuffer& key, const std::string& mountpoint, std::string* raw_ref);
|
|
bool evictKey(const std::string& mountpoint, const std::string& raw_ref);
|
|
bool retrieveAndInstallKey(bool create_if_absent, const KeyAuthentication& key_authentication,
|
|
const std::string& key_path, const std::string& tmp_path,
|
|
const std::string& volume_uuid, std::string* key_ref);
|
|
bool retrieveKey(bool create_if_absent, const std::string& key_path, const std::string& tmp_path,
|
|
KeyBuffer* key, bool keepOld = true);
|
|
|
|
} // namespace vold
|
|
} // namespace android
|
|
|
|
#endif
|