Adding e4crypt support
Redirect all crypto calls to e4crypt equivalents if file level encryption
detected. Note this change implements only the ones needed for minimal
functionality.
Requires matching change:
https://googleplex-android-review.git.corp.google.com/#/c/642778/
Change-Id: I622d1a91704de4b3ab655486e6d38cd6718e6016
diff --git a/cryptfs.c b/cryptfs.c
index 5786210..735232d 100644
--- a/cryptfs.c
+++ b/cryptfs.c
@@ -53,6 +53,7 @@
#include "VolumeManager.h"
#include "VoldUtil.h"
#include "crypto_scrypt.h"
+#include "ext4_crypt.h"
#include "ext4_utils.h"
#include "f2fs_sparseblock.h"
#include "CheckBattery.h"
@@ -1656,11 +1657,37 @@
int cryptfs_restart(void)
{
+ SLOGI("cryptfs_restart");
+ if (e4crypt_crypto_complete(DATA_MNT_POINT) == 0) {
+ struct fstab_rec* rec;
+ int rc;
+
+ if (e4crypt_restart(DATA_MNT_POINT)) {
+ SLOGE("Can't unmount e4crypt temp volume\n");
+ return -1;
+ }
+
+ rec = fs_mgr_get_entry_for_mount_point(fstab, DATA_MNT_POINT);
+ if (!rec) {
+ SLOGE("Can't get fstab record for %s\n", DATA_MNT_POINT);
+ return -1;
+ }
+
+ rc = fs_mgr_do_mount(fstab, DATA_MNT_POINT, rec->blk_device, 0);
+ if (rc) {
+ SLOGE("Can't mount %s\n", DATA_MNT_POINT);
+ return rc;
+ }
+
+ property_set("vold.decrypt", "trigger_restart_framework");
+ return 0;
+ }
+
/* Call internal implementation forcing a restart of main service group */
return cryptfs_restart_internal(1);
}
-static int do_crypto_complete(char *mount_point UNUSED)
+static int do_crypto_complete(char *mount_point)
{
struct crypt_mnt_ftr crypt_ftr;
char encrypted_state[PROPERTY_VALUE_MAX];
@@ -1672,6 +1699,10 @@
return CRYPTO_COMPLETE_NOT_ENCRYPTED;
}
+ if (e4crypt_crypto_complete(mount_point) == 0) {
+ return CRYPTO_COMPLETE_ENCRYPTED;
+ }
+
if (get_crypt_ftr_and_key(&crypt_ftr)) {
fs_mgr_get_crypt_info(fstab, key_loc, 0, sizeof(key_loc));
@@ -1994,6 +2025,11 @@
int cryptfs_check_passwd(char *passwd)
{
+ SLOGI("cryptfs_check_passwd");
+ if (e4crypt_crypto_complete(DATA_MNT_POINT) == 0) {
+ return e4crypt_check_passwd(DATA_MNT_POINT, passwd);
+ }
+
struct crypt_mnt_ftr crypt_ftr;
int rc;
@@ -3284,6 +3320,10 @@
int cryptfs_changepw(int crypt_type, const char *newpw)
{
+ if (e4crypt_crypto_complete(DATA_MNT_POINT) == 0) {
+ return e4crypt_change_password(DATA_MNT_POINT, crypt_type, newpw);
+ }
+
struct crypt_mnt_ftr crypt_ftr;
int rc;
@@ -3694,6 +3734,10 @@
*/
int cryptfs_get_password_type(void)
{
+ if (e4crypt_crypto_complete(DATA_MNT_POINT) == 0) {
+ return e4crypt_get_password_type(DATA_MNT_POINT);
+ }
+
struct crypt_mnt_ftr crypt_ftr;
if (get_crypt_ftr_and_key(&crypt_ftr)) {
@@ -3708,8 +3752,12 @@
return crypt_ftr.crypt_type;
}
-char* cryptfs_get_password()
+const char* cryptfs_get_password()
{
+ if (e4crypt_crypto_complete(DATA_MNT_POINT) == 0) {
+ return e4crypt_get_password(DATA_MNT_POINT);
+ }
+
struct timespec now;
clock_gettime(CLOCK_BOOTTIME, &now);
if (now.tv_sec < password_expiry_time) {