libfscrypt: support setting v2 encryption policies
Update libfscrypt to support setting v2 encryption policies. For this,
the ioctl to use is still FS_IOC_SET_ENCRYPTION_POLICY; we just need to
pass it a slightly different structure.
v2 policies support the same encryption modes and flags as v1 policies,
but internally they use a more standard, secure, and flexible KDF. Due
to this, some future features will be supported by v2 policies only.
Other notes:
- Use 16 byte filenames padding for all v2 policies. There's no need to
use the legacy 4 bytes padding.
- Unlike v1 policies, setting a v2 policy requires CAP_FOWNER if the key
hasn't been installed. This isn't an issue for Android, however --
Android always installs the keys first, and even if it didn't,
policies are only set by init and vold, which have CAP_FOWNER.
Bug: 140500999
Test: tested as series; see If64028d8580584b2c33c614cabd5d6b93657f608
Change-Id: I325f75fd3e59d6f00a5c66938b99b127981183a5
2 files changed