Ask the user before wiping if crypto policy fails.
If crypto policy fails, instruct recovery to prompt the user before
wiping all data.
Test: adb shell rmdir /data/ota && adb shell mkdir -p /data/ota/forcefail && adb reboot
Bug: 28693324
Change-Id: I4d09b35a20c513a76c9ba56fe826114449a9ad68
diff --git a/init/builtins.cpp b/init/builtins.cpp
index 812ac3c..8059166 100644
--- a/init/builtins.cpp
+++ b/init/builtins.cpp
@@ -38,6 +38,7 @@
#include <linux/loop.h>
#include <linux/module.h>
+#include <string>
#include <thread>
#include <selinux/android.h>
@@ -67,6 +68,8 @@
#include "signal_handler.h"
#include "util.h"
+using namespace std::literals::string_literals;
+
#define chmod DO_NOT_USE_CHMOD_USE_FCHMODAT_SYMLINK_NOFOLLOW
#define UNMOUNT_CHECK_TIMES 10
@@ -139,8 +142,7 @@
}
}
-static int wipe_data_via_recovery(const std::string& reason) {
- const std::vector<std::string> options = {"--wipe_data", std::string() + "--reason=" + reason};
+static int reboot_into_recovery(const std::vector<std::string>& options) {
std::string err;
if (!write_bootloader_message(options, &err)) {
LOG(ERROR) << "failed to set bootloader message: " << err;
@@ -338,7 +340,10 @@
if (e4crypt_is_native()) {
if (e4crypt_set_directory_policy(args[1].c_str())) {
- wipe_data_via_recovery(std::string() + "set_policy_failed:" + args[1]);
+ const std::vector<std::string> options = {
+ "--prompt_and_wipe_data",
+ "--reason=set_policy_failed:"s + args[1]};
+ reboot_into_recovery(options);
return -1;
}
}
@@ -559,7 +564,8 @@
} else if (code == FS_MGR_MNTALL_DEV_NEEDS_RECOVERY) {
/* Setup a wipe via recovery, and reboot into recovery */
PLOG(ERROR) << "fs_mgr_mount_all suggested recovery, so wiping data via recovery.";
- ret = wipe_data_via_recovery("fs_mgr_mount_all");
+ const std::vector<std::string> options = {"--wipe_data", "--reason=fs_mgr_mount_all" };
+ ret = reboot_into_recovery(options);
/* If reboot worked, there is no return. */
} else if (code == FS_MGR_MNTALL_DEV_FILE_ENCRYPTED) {
if (e4crypt_install_keyring()) {