Fail with an error if we can\'t read the policy for encryption
am: 8d53b9619b
* commit '8d53b9619ba913354ffdb23acf0108f7445bb8bc':
Fail with an error if we can't read the policy for encryption
Change-Id: I56e185bc0ee583d3a966e072dc34ed24af21ed39
diff --git a/ext4_utils/ext4_crypt.cpp b/ext4_utils/ext4_crypt.cpp
index 482c3e6..be77b79 100644
--- a/ext4_utils/ext4_crypt.cpp
+++ b/ext4_utils/ext4_crypt.cpp
@@ -1,5 +1,17 @@
/*
- * Copyright (c) 2015 Google, Inc.
+ * Copyright (C) 2015 The Android Open Source Project
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
*/
#include "ext4_crypt.h"
@@ -16,6 +28,7 @@
#include <sys/types.h>
#include <android-base/logging.h>
+#include <cutils/properties.h>
#define XATTR_NAME_ENCRYPTION_POLICY "encryption.policy"
#define EXT4_KEYREF_DELIMITER ((char)'.')
@@ -42,6 +55,12 @@
#define HEX_LOOKUP "0123456789abcdef"
+bool e4crypt_is_native() {
+ char value[PROPERTY_VALUE_MAX];
+ property_get("ro.crypto.type", value, "none");
+ return !strcmp(value, "file");
+}
+
static void policy_to_hex(const char* policy, char* hex) {
for (size_t i = 0, j = 0; i < EXT4_KEY_DESCRIPTOR_SIZE; i++) {
hex[j++] = HEX_LOOKUP[(policy[i] & 0xF0) >> 4];
diff --git a/ext4_utils/ext4_crypt.h b/ext4_utils/ext4_crypt.h
index 4b0c111..ddc09a7 100644
--- a/ext4_utils/ext4_crypt.h
+++ b/ext4_utils/ext4_crypt.h
@@ -20,6 +20,8 @@
__BEGIN_DECLS
+bool e4crypt_is_native();
+
int e4crypt_policy_ensure(const char *directory, const char* policy, size_t policy_length);
static const char* e4crypt_unencrypted_folder = "/unencrypted";
diff --git a/ext4_utils/ext4_crypt_init_extensions.cpp b/ext4_utils/ext4_crypt_init_extensions.cpp
index dc6e1dc..c6baea7 100644
--- a/ext4_utils/ext4_crypt_init_extensions.cpp
+++ b/ext4_utils/ext4_crypt_init_extensions.cpp
@@ -63,7 +63,7 @@
init_logging();
// Make sure folder exists. Use make_dir to set selinux permissions.
- std::string unencrypted_dir = std::string(dir) + "/unencrypted";
+ std::string unencrypted_dir = std::string(dir) + e4crypt_unencrypted_folder;
if (ensure_dir_exists(unencrypted_dir.c_str())) {
KLOG_ERROR(TAG, "Failed to create %s (%s)\n",
unencrypted_dir.c_str(),
@@ -138,10 +138,9 @@
std::string ref_filename = std::string("/data") + e4crypt_key_ref;
std::string policy;
if (!android::base::ReadFileToString(ref_filename, &policy)) {
- KLOG_INFO(TAG, "Not file encrypted so no policy for %s\n", dir);
- return 0;
+ KLOG_ERROR(TAG, "Unable to read system policy to set on %s\n", dir);
+ return -1;
}
-
KLOG_INFO(TAG, "Setting policy on %s\n", dir);
int result = e4crypt_policy_ensure(dir, policy.c_str(), policy.size());
if (result) {