patches: Bliss GSI v11.4 Release
Signed-off-by: Jackeagle <jackeagle102@gmail.com>
Change-Id: I372e872292ed19dde130635da2882309751f59dd
diff --git a/patches/frameworks/av/0001-FIH-devices-Fix-Earpiece-audio-output.patch b/patches/frameworks/av/0001-FIH-devices-Fix-Earpiece-audio-output.patch
deleted file mode 100644
index 469972e..0000000
--- a/patches/frameworks/av/0001-FIH-devices-Fix-Earpiece-audio-output.patch
+++ /dev/null
@@ -1,78 +0,0 @@
-From bbfa6e68621509f98286a857d1c843157906b104 Mon Sep 17 00:00:00 2001
-From: Pierre-Hugues Husson <phh@phh.me>
-Date: Tue, 24 Apr 2018 00:14:28 +0200
-Subject: [PATCH 1/4] FIH devices: Fix "Earpiece" audio output
-
-On some FIH devices (confirmed on Razer, and probably on Aquos SS2),
-Earpiece is not listed in attachedDevices, and devicePort's profile
-mentions it is AUDIO_CHANNEL_IN_MONO, instead of AUDIO_CHANNEL_OUT_MONO.
-
-Detect such cases (output device, but got only AUDIO_CHANNEL_IN_MONO),
-and fix both channelMasks and attachedDevices
-
-Change-Id: I4a88ba6d34d0fcd346eeea2ca903772f0271040a
----
- .../managerdefinitions/src/Serializer.cpp | 25 ++++++++++++++++---
- 1 file changed, 22 insertions(+), 3 deletions(-)
-
-diff --git a/services/audiopolicy/common/managerdefinitions/src/Serializer.cpp b/services/audiopolicy/common/managerdefinitions/src/Serializer.cpp
-index a2531131d5..380e2f82bc 100644
---- a/services/audiopolicy/common/managerdefinitions/src/Serializer.cpp
-+++ b/services/audiopolicy/common/managerdefinitions/src/Serializer.cpp
-@@ -191,16 +191,25 @@ const char AudioProfileTraits::Attributes::name[] = "name";
- const char AudioProfileTraits::Attributes::samplingRates[] = "samplingRates";
- const char AudioProfileTraits::Attributes::format[] = "format";
- const char AudioProfileTraits::Attributes::channelMasks[] = "channelMasks";
-+static bool fixedEarpieceChannels = false;
-
- status_t AudioProfileTraits::deserialize(_xmlDoc */*doc*/, const _xmlNode *root, PtrElement &profile,
-- PtrSerializingCtx /*serializingContext*/)
-+ PtrSerializingCtx serializingContext)
- {
-+ bool isOutput = serializingContext != nullptr;
- string samplingRates = getXmlAttribute(root, Attributes::samplingRates);
- string format = getXmlAttribute(root, Attributes::format);
- string channels = getXmlAttribute(root, Attributes::channelMasks);
-+ ChannelTraits::Collection channelsMask = channelMasksFromString(channels, ",");
-+
-+ //Some Foxconn devices have wrong earpiece channel mask, leading to no channel mask
-+ if(channelsMask.size() == 1 && channelsMask[0] == AUDIO_CHANNEL_IN_MONO && isOutput) {
-+ fixedEarpieceChannels = true;
-+ channelsMask = channelMasksFromString("AUDIO_CHANNEL_OUT_MONO", ",");
-+ }
-
- profile = new Element(formatFromString(format, gDynamicFormat),
-- channelMasksFromString(channels, ","),
-+ channelsMask,
- samplingRatesFromString(samplingRates, ","));
-
- profile->setDynamicFormat(profile->getFormat() == gDynamicFormat);
-@@ -326,7 +335,10 @@ status_t DevicePortTraits::deserialize(_xmlDoc *doc, const _xmlNode *root, PtrEl
- }
-
- AudioProfileTraits::Collection profiles;
-- deserializeCollection<AudioProfileTraits>(doc, root, profiles, NULL);
-+ if(audio_is_output_devices(type))
-+ deserializeCollection<AudioProfileTraits>(doc, root, profiles, (PtrSerializingCtx)1);
-+ else
-+ deserializeCollection<AudioProfileTraits>(doc, root, profiles, NULL);
- if (profiles.isEmpty()) {
- sp <AudioProfile> dynamicProfile = new AudioProfile(gDynamicFormat,
- ChannelsVector(), SampleRateVector());
-@@ -491,6 +503,13 @@ status_t ModuleTraits::deserialize(xmlDocPtr doc, const xmlNode *root, PtrElemen
- }
- children = children->next;
- }
-+ if(fixedEarpieceChannels) {
-+ sp<DeviceDescriptor> device =
-+ module->getDeclaredDevices().getDeviceFromTagName(String8("Earpiece"));
-+ if(device != 0)
-+ ctx->addAvailableDevice(device);
-+ fixedEarpieceChannels = false;
-+ }
- return NO_ERROR;
- }
-
---
-2.17.1
-
diff --git a/patches/frameworks/av/0002-Fix-WiFi-Display-on-Huawei-devices-EMUI-8.0.patch b/patches/frameworks/av/0001-Fix-WiFi-Display-on-Huawei-devices-EMUI-8.0.patch
similarity index 86%
rename from patches/frameworks/av/0002-Fix-WiFi-Display-on-Huawei-devices-EMUI-8.0.patch
rename to patches/frameworks/av/0001-Fix-WiFi-Display-on-Huawei-devices-EMUI-8.0.patch
index 45141ae..7956f31 100644
--- a/patches/frameworks/av/0002-Fix-WiFi-Display-on-Huawei-devices-EMUI-8.0.patch
+++ b/patches/frameworks/av/0001-Fix-WiFi-Display-on-Huawei-devices-EMUI-8.0.patch
@@ -1,7 +1,7 @@
-From f4a99cd7019aeb212011c6245069964291fadc21 Mon Sep 17 00:00:00 2001
+From b9e258cfe892a47a55d8055896c4ce1729188674 Mon Sep 17 00:00:00 2001
From: Alexander Pohl <pohl199885@gmail.com>
Date: Fri, 15 Jun 2018 19:58:07 +0200
-Subject: [PATCH 2/4] Fix WiFi-Display on Huawei devices (EMUI 8.0)
+Subject: [PATCH 1/3] Fix WiFi-Display on Huawei devices (EMUI 8.0)
Huaweis media stack doesn't handle intra-refresh-mode, so skip the error instead.
@@ -11,7 +11,7 @@
1 file changed, 2 insertions(+), 3 deletions(-)
diff --git a/media/libstagefright/ACodec.cpp b/media/libstagefright/ACodec.cpp
-index 8949daecd3..fbee52b8e7 100644
+index 8949daecd..fbee52b8e 100644
--- a/media/libstagefright/ACodec.cpp
+++ b/media/libstagefright/ACodec.cpp
@@ -4279,9 +4279,8 @@ status_t ACodec::setupAVCEncoderParameters(const sp<AMessage> &msg) {
diff --git a/patches/frameworks/av/0003-Kirin-Remove-lock-to-prevent-self-lock.patch b/patches/frameworks/av/0002-Kirin-Remove-lock-to-prevent-self-lock.patch
similarity index 87%
rename from patches/frameworks/av/0003-Kirin-Remove-lock-to-prevent-self-lock.patch
rename to patches/frameworks/av/0002-Kirin-Remove-lock-to-prevent-self-lock.patch
index 5b71dd1..145f960 100644
--- a/patches/frameworks/av/0003-Kirin-Remove-lock-to-prevent-self-lock.patch
+++ b/patches/frameworks/av/0002-Kirin-Remove-lock-to-prevent-self-lock.patch
@@ -1,7 +1,7 @@
-From e49a2aaf5937eceff7ab9e220a4840296db766bd Mon Sep 17 00:00:00 2001
+From 3d3c5c2cf4a520aff26537e81f054632629891af Mon Sep 17 00:00:00 2001
From: Pierre-Hugues Husson <phh@phh.me>
Date: Sun, 19 Aug 2018 22:59:06 +0200
-Subject: [PATCH 3/4] ::Kirin:: Remove lock to prevent self-lock
+Subject: [PATCH 2/3] Kirin:: Remove lock to prevent self-lock
With Huawei Camera HAL, we get the following call order:
cameraserver CameraService::enumerateProviders (*)
@@ -17,7 +17,7 @@
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/services/camera/libcameraservice/CameraService.cpp b/services/camera/libcameraservice/CameraService.cpp
-index fb740053e8..b62d22080b 100644
+index 5d3167e4a..1f9e1e28f 100644
--- a/services/camera/libcameraservice/CameraService.cpp
+++ b/services/camera/libcameraservice/CameraService.cpp
@@ -233,7 +233,7 @@ void CameraService::onNewProviderRegistered() {
diff --git a/patches/frameworks/av/0004-We-might-not-have-a-mFlashlight-at-this-state-but-th.patch b/patches/frameworks/av/0003-We-might-not-have-a-mFlashlight-at-this-state-but-th.patch
similarity index 83%
rename from patches/frameworks/av/0004-We-might-not-have-a-mFlashlight-at-this-state-but-th.patch
rename to patches/frameworks/av/0003-We-might-not-have-a-mFlashlight-at-this-state-but-th.patch
index b7b1488..5b7c6a8 100644
--- a/patches/frameworks/av/0004-We-might-not-have-a-mFlashlight-at-this-state-but-th.patch
+++ b/patches/frameworks/av/0003-We-might-not-have-a-mFlashlight-at-this-state-but-th.patch
@@ -1,7 +1,7 @@
-From e5c496ab9a64a05809a7149b047c8160395aff2b Mon Sep 17 00:00:00 2001
+From 04f8398627aee21e86629ca26e22736f76c9eeab Mon Sep 17 00:00:00 2001
From: Pierre-Hugues Husson <phh@phh.me>
Date: Sun, 19 Aug 2018 23:05:26 +0200
-Subject: [PATCH 4/4] We might not have a mFlashlight at this state, but that's
+Subject: [PATCH 3/3] We might not have a mFlashlight at this state, but that's
ok
---
@@ -9,7 +9,7 @@
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/services/camera/libcameraservice/CameraService.cpp b/services/camera/libcameraservice/CameraService.cpp
-index b62d22080b..0f2c4cac70 100644
+index 1f9e1e28f..93a0f55e9 100644
--- a/services/camera/libcameraservice/CameraService.cpp
+++ b/services/camera/libcameraservice/CameraService.cpp
@@ -258,7 +258,7 @@ void CameraService::addStates(const String8 id) {
diff --git a/patches/frameworks/base/0001-Fix-backlight-control-on-Galaxy-S9.patch b/patches/frameworks/base/0001-Fix-backlight-control-on-Galaxy-S9.patch
index 3825bd9..f02d4a2 100644
--- a/patches/frameworks/base/0001-Fix-backlight-control-on-Galaxy-S9.patch
+++ b/patches/frameworks/base/0001-Fix-backlight-control-on-Galaxy-S9.patch
@@ -1,7 +1,7 @@
-From 91eb4080d604b196ba0f3099a5e3d22b94950b8f Mon Sep 17 00:00:00 2001
+From f9a5090f9f8f3ec31526c985420bc8cd26addcb1 Mon Sep 17 00:00:00 2001
From: Pierre-Hugues Husson <phh@phh.me>
Date: Sat, 24 Mar 2018 08:01:48 +0100
-Subject: [PATCH 01/24] Fix backlight control on Galaxy S9(+)
+Subject: [PATCH 01/25] Fix backlight control on Galaxy S9(+)
---
.../core/java/com/android/server/lights/LightsService.java | 7 +++++++
diff --git a/patches/frameworks/base/0002-Relax-requirement-for-visible-flag-to-sdcards.patch b/patches/frameworks/base/0002-Relax-requirement-for-visible-flag-to-sdcards.patch
index 18fe613..e26b9d0 100644
--- a/patches/frameworks/base/0002-Relax-requirement-for-visible-flag-to-sdcards.patch
+++ b/patches/frameworks/base/0002-Relax-requirement-for-visible-flag-to-sdcards.patch
@@ -1,7 +1,7 @@
-From d1d4caf3c5d8860f45688965664d8a985a645e57 Mon Sep 17 00:00:00 2001
+From 17c51e635f8277cb2d06b6412474300033895a08 Mon Sep 17 00:00:00 2001
From: Pierre-Hugues Husson <phh@phh.me>
Date: Tue, 28 Nov 2017 18:28:04 +0100
-Subject: [PATCH 02/24] Relax requirement for visible flag to sdcards
+Subject: [PATCH 02/25] Relax requirement for visible flag to sdcards
The vast majority of sdcard readers are stable enough to be declared by
the API. (I see no counter-example)
@@ -13,10 +13,10 @@
1 file changed, 2 insertions(+), 1 deletion(-)
diff --git a/services/core/java/com/android/server/StorageManagerService.java b/services/core/java/com/android/server/StorageManagerService.java
-index a35357f2864..14ca559c306 100644
+index 028f378adb5..e70e12c25da 100644
--- a/services/core/java/com/android/server/StorageManagerService.java
+++ b/services/core/java/com/android/server/StorageManagerService.java
-@@ -1178,7 +1178,8 @@ class StorageManagerService extends IStorageManager.Stub
+@@ -1180,7 +1180,8 @@ class StorageManagerService extends IStorageManager.Stub
// Adoptable public disks are visible to apps, since they meet
// public API requirement of being in a stable location.
diff --git a/patches/frameworks/base/0003-Also-scan-system-overlay.patch b/patches/frameworks/base/0003-Also-scan-system-overlay.patch
index cb2dc20..33aa676 100644
--- a/patches/frameworks/base/0003-Also-scan-system-overlay.patch
+++ b/patches/frameworks/base/0003-Also-scan-system-overlay.patch
@@ -1,7 +1,7 @@
-From 71b335142aee451ecad3beb9dd99735a82591405 Mon Sep 17 00:00:00 2001
+From ab7bb8be561808abfaeb8a8db7e1ae201501790b Mon Sep 17 00:00:00 2001
From: Pierre-Hugues Husson <phh@phh.me>
Date: Tue, 1 May 2018 17:47:36 +0200
-Subject: [PATCH 03/24] Also scan /system/overlay
+Subject: [PATCH 03/25] Also scan /system/overlay
Change-Id: Ib0223560606b80cdaaa986b159b34b4db0154589
---
diff --git a/patches/frameworks/base/0004-Don-t-crash-if-there-is-IR-HAL-is-not-declared.patch b/patches/frameworks/base/0004-Don-t-crash-if-there-is-IR-HAL-is-not-declared.patch
index 39db573..d010f96 100644
--- a/patches/frameworks/base/0004-Don-t-crash-if-there-is-IR-HAL-is-not-declared.patch
+++ b/patches/frameworks/base/0004-Don-t-crash-if-there-is-IR-HAL-is-not-declared.patch
@@ -1,7 +1,7 @@
-From d16ee43a647ba52a8a535806ec74476b6177555e Mon Sep 17 00:00:00 2001
+From 3f2487f1dbb5367ad9d865a010d6f69172eb8854 Mon Sep 17 00:00:00 2001
From: Pierre-Hugues Husson <phh@phh.me>
Date: Thu, 17 May 2018 20:28:35 +0200
-Subject: [PATCH 04/24] Don't crash if there is IR HAL is not declared
+Subject: [PATCH 04/25] Don't crash if there is IR HAL is not declared
---
services/core/java/com/android/server/ConsumerIrService.java | 2 --
diff --git a/patches/frameworks/base/0005-Fix-62.patch b/patches/frameworks/base/0005-Fix-62.patch
index 9b107f8..6a4ff28 100644
--- a/patches/frameworks/base/0005-Fix-62.patch
+++ b/patches/frameworks/base/0005-Fix-62.patch
@@ -1,7 +1,7 @@
-From b4de2fb9ed6fcb74afe27f1ec142404a6b5d4a9a Mon Sep 17 00:00:00 2001
+From b484c0c764e80069dd5ae018224b9f9ccaa11df9 Mon Sep 17 00:00:00 2001
From: Pierre-Hugues Husson <phh@phh.me>
Date: Wed, 30 May 2018 14:05:30 +0200
-Subject: [PATCH 05/24] Fix(?) #62
+Subject: [PATCH 05/25] Fix(?) #62
---
.../src/com/android/keyguard/KeyguardUpdateMonitor.java | 5 ++++-
diff --git a/patches/frameworks/base/0006-S9-brightness-override-only-for-screen.patch b/patches/frameworks/base/0006-S9-brightness-override-only-for-screen.patch
index f321bb0..cfca180 100644
--- a/patches/frameworks/base/0006-S9-brightness-override-only-for-screen.patch
+++ b/patches/frameworks/base/0006-S9-brightness-override-only-for-screen.patch
@@ -1,7 +1,7 @@
-From a7ee8a4b4ad97efbf40abbb5431520c8d47f9512 Mon Sep 17 00:00:00 2001
+From 545fab20b927a3be5afe6f904bfefd1766c525ae Mon Sep 17 00:00:00 2001
From: Pierre-Hugues Husson <pierre-hugues.husson@softathome.com>
Date: Thu, 7 Jun 2018 13:36:51 +0200
-Subject: [PATCH 06/24] S9 brightness override only for screen
+Subject: [PATCH 06/25] S9 brightness override only for screen
---
.../com/android/server/lights/LightsService.java | 12 +++++++-----
diff --git a/patches/frameworks/base/0007-WIP-Fix-OP6-brightness.patch b/patches/frameworks/base/0007-Fix-OP6-brightness.patch
similarity index 92%
rename from patches/frameworks/base/0007-WIP-Fix-OP6-brightness.patch
rename to patches/frameworks/base/0007-Fix-OP6-brightness.patch
index 595281c..fe1bdbb 100644
--- a/patches/frameworks/base/0007-WIP-Fix-OP6-brightness.patch
+++ b/patches/frameworks/base/0007-Fix-OP6-brightness.patch
@@ -1,7 +1,7 @@
-From 12e3da8a0a0aaffcf27b5e3551d2a264245f2804 Mon Sep 17 00:00:00 2001
+From f09dc9d1a33c385613760d900a150db9267e390e Mon Sep 17 00:00:00 2001
From: Pierre-Hugues Husson <pierre-hugues.husson@softathome.com>
Date: Thu, 7 Jun 2018 13:42:02 +0200
-Subject: [PATCH 07/24] [WIP] Fix OP6 brightness
+Subject: [PATCH 07/25] Fix OP6 brightness
---
.../com/android/server/lights/LightsService.java | 12 ++++++++++++
diff --git a/patches/frameworks/base/0008-Try-to-make-brightness-more-generic-using-property-s.patch b/patches/frameworks/base/0008-Try-to-make-brightness-more-generic-using-property-s.patch
index 09a7453..5187b49 100644
--- a/patches/frameworks/base/0008-Try-to-make-brightness-more-generic-using-property-s.patch
+++ b/patches/frameworks/base/0008-Try-to-make-brightness-more-generic-using-property-s.patch
@@ -1,7 +1,7 @@
-From ff7a83182f1055bf26101f411fce378bbc9ef674 Mon Sep 17 00:00:00 2001
+From 461c98c0cfd89c924b5ed46056c54160a7ea3fc1 Mon Sep 17 00:00:00 2001
From: Pierre-Hugues Husson <phh@phh.me>
Date: Sun, 10 Jun 2018 22:54:55 +0200
-Subject: [PATCH 08/24] Try to make brightness more generic using property set
+Subject: [PATCH 08/25] Try to make brightness more generic using property set
by rw-system
---
diff --git a/patches/frameworks/base/0009-property-matching-RROs-allow-to-prefix-the-value-wit.patch b/patches/frameworks/base/0009-property-matching-RROs-allow-to-prefix-the-value-wit.patch
index a9d2b36..722962b 100644
--- a/patches/frameworks/base/0009-property-matching-RROs-allow-to-prefix-the-value-wit.patch
+++ b/patches/frameworks/base/0009-property-matching-RROs-allow-to-prefix-the-value-wit.patch
@@ -1,7 +1,7 @@
-From 602f7828e34cbc4363a337f3babba30a3496e2e4 Mon Sep 17 00:00:00 2001
+From 57da873551c017e071ba5d70f51f003aaa444b0e Mon Sep 17 00:00:00 2001
From: Pierre-Hugues Husson <phh@phh.me>
Date: Tue, 12 Jun 2018 22:55:32 +0200
-Subject: [PATCH 09/24] property-matching RROs: allow to prefix the value with
+Subject: [PATCH 09/25] property-matching RROs: allow to prefix the value with
+ to do glob match instead of exact match
---
diff --git a/patches/frameworks/base/0010-Fix-typo-on-fnmatch-return-value-check.patch b/patches/frameworks/base/0010-Fix-typo-on-fnmatch-return-value-check.patch
index 7988733..1d5a254 100644
--- a/patches/frameworks/base/0010-Fix-typo-on-fnmatch-return-value-check.patch
+++ b/patches/frameworks/base/0010-Fix-typo-on-fnmatch-return-value-check.patch
@@ -1,7 +1,7 @@
-From e7da57411443c24b20a73085c10d0cf32872e94a Mon Sep 17 00:00:00 2001
+From 271ad5d5ef56eedeeaa0469de9baf8a1f5c37a31 Mon Sep 17 00:00:00 2001
From: Song Fuchang <song.fc@gmail.com>
Date: Sun, 17 Jun 2018 22:39:37 +0800
-Subject: [PATCH 10/24] Fix typo on fnmatch return value check
+Subject: [PATCH 10/25] Fix typo on fnmatch return value check
---
cmds/idmap/scan.cpp | 2 +-
diff --git a/patches/frameworks/base/0011-Add-Qualcomm-starlte.patch b/patches/frameworks/base/0011-Add-Qualcomm-starlte.patch
index 3e6e3f2..476d5cf 100644
--- a/patches/frameworks/base/0011-Add-Qualcomm-starlte.patch
+++ b/patches/frameworks/base/0011-Add-Qualcomm-starlte.patch
@@ -1,7 +1,7 @@
-From 462337890f4e88da2ddb4c9f7927930b790aa889 Mon Sep 17 00:00:00 2001
+From bfcd1087ebff86e5058d26036e72cf7d76a6db37 Mon Sep 17 00:00:00 2001
From: Pierre-Hugues Husson <phh@phh.me>
Date: Mon, 25 Jun 2018 22:43:32 +0200
-Subject: [PATCH 11/24] Add Qualcomm starlte
+Subject: [PATCH 11/25] Add Qualcomm starlte
---
.../core/java/com/android/server/lights/LightsService.java | 4 +++-
diff --git a/patches/frameworks/base/0012-Galaxy-S9-remaining-of-HAL-onEnroll-is-actually-a-pe.patch b/patches/frameworks/base/0012-remaining-of-HAL-onEnroll-is-actually-a-percent-of-p.patch
similarity index 88%
rename from patches/frameworks/base/0012-Galaxy-S9-remaining-of-HAL-onEnroll-is-actually-a-pe.patch
rename to patches/frameworks/base/0012-remaining-of-HAL-onEnroll-is-actually-a-percent-of-p.patch
index 87e7baf..86a5779 100644
--- a/patches/frameworks/base/0012-Galaxy-S9-remaining-of-HAL-onEnroll-is-actually-a-pe.patch
+++ b/patches/frameworks/base/0012-remaining-of-HAL-onEnroll-is-actually-a-percent-of-p.patch
@@ -1,8 +1,8 @@
-From 934c4c7816086915410546c4737a1961b0e90ed7 Mon Sep 17 00:00:00 2001
+From f8037b63c7cc7a83ce0da9b7df1e4178fb60eada Mon Sep 17 00:00:00 2001
From: Pierre-Hugues Husson <phh@phh.me>
Date: Mon, 2 Jul 2018 23:36:39 +0200
-Subject: [PATCH 12/24] [Galaxy S9] "remaining" of HAL onEnroll is actually a
- percent of progress
+Subject: [PATCH 12/25] "remaining" of HAL onEnroll is actually a percent of
+ progress
---
.../com/android/server/fingerprint/FingerprintService.java | 6 +++++-
diff --git a/patches/frameworks/base/0013-Show-APN-Settings-for-CDMA-carriers.patch b/patches/frameworks/base/0013-Show-APN-Settings-for-CDMA-carriers.patch
index 7ee2e03..c7cbfe7 100644
--- a/patches/frameworks/base/0013-Show-APN-Settings-for-CDMA-carriers.patch
+++ b/patches/frameworks/base/0013-Show-APN-Settings-for-CDMA-carriers.patch
@@ -1,7 +1,7 @@
-From 39208bac6cdd94269f41f992d2597d050196e0c7 Mon Sep 17 00:00:00 2001
+From 904059578a613524a843eb82ec2d07a1ccb5accd Mon Sep 17 00:00:00 2001
From: Pierre-Hugues Husson <phh@phh.me>
Date: Mon, 6 Aug 2018 12:49:00 +0200
-Subject: [PATCH 13/24] Show APN Settings for CDMA carriers
+Subject: [PATCH 13/25] Show APN Settings for CDMA carriers
---
telephony/java/android/telephony/CarrierConfigManager.java | 2 +-
diff --git a/patches/frameworks/base/0014-Change-SignalStrentgh-to-change-behaviour-based-on-p.patch b/patches/frameworks/base/0014-Change-SignalStrentgh-to-change-behaviour-based-on-p.patch
index b13082f..e8bbe8e 100644
--- a/patches/frameworks/base/0014-Change-SignalStrentgh-to-change-behaviour-based-on-p.patch
+++ b/patches/frameworks/base/0014-Change-SignalStrentgh-to-change-behaviour-based-on-p.patch
@@ -1,7 +1,7 @@
-From baa43b505d69d7d5dadf13bdb25d97eac8145d5f Mon Sep 17 00:00:00 2001
+From 186b2739f4d701418d2e3a7ebac4a4ecea390226 Mon Sep 17 00:00:00 2001
From: Pierre-Hugues Husson <phh@phh.me>
Date: Mon, 6 Aug 2018 20:01:44 +0200
-Subject: [PATCH 14/24] Change SignalStrentgh to change behaviour based on
+Subject: [PATCH 14/25] Change SignalStrentgh to change behaviour based on
property
Change-Id: I940ed724047567ec5195ac93ea04574c3d92f70b
diff --git a/patches/frameworks/base/0015-idmap-Don-t-silently-ignore-RROs-with-same-priority.patch b/patches/frameworks/base/0015-idmap-Don-t-silently-ignore-RROs-with-same-priority.patch
index bd9750c..60bb4cd 100644
--- a/patches/frameworks/base/0015-idmap-Don-t-silently-ignore-RROs-with-same-priority.patch
+++ b/patches/frameworks/base/0015-idmap-Don-t-silently-ignore-RROs-with-same-priority.patch
@@ -1,7 +1,7 @@
-From a44e1c7060944b61680d635bba3f3cf6c6ec0fc3 Mon Sep 17 00:00:00 2001
+From 4372ec71710387a0f6e5b7c89ba70727bf7e4626 Mon Sep 17 00:00:00 2001
From: Pierre-Hugues Husson <phh@phh.me>
Date: Sun, 19 Aug 2018 10:51:06 +0200
-Subject: [PATCH 15/24] idmap: Don't silently ignore RROs with same priority
+Subject: [PATCH 15/25] idmap: Don't silently ignore RROs with same priority
Change-Id: I64a6899f1b30e0cd9e9a872b7ca83d831f038cbe
---
diff --git a/patches/frameworks/base/0016-Move-SysuiDarkThemeOverlay-to-system.patch b/patches/frameworks/base/0016-Move-SysuiDarkThemeOverlay-to-system.patch
index f1e1997..c87c554 100644
--- a/patches/frameworks/base/0016-Move-SysuiDarkThemeOverlay-to-system.patch
+++ b/patches/frameworks/base/0016-Move-SysuiDarkThemeOverlay-to-system.patch
@@ -1,7 +1,7 @@
-From 5e5f594514771d06e0a21d61b6a40dde00cff3a5 Mon Sep 17 00:00:00 2001
+From a9838c7837a6ea073e5123e1afaafd2255c3a2ab Mon Sep 17 00:00:00 2001
From: Pierre-Hugues Husson <phh@phh.me>
Date: Sun, 19 Aug 2018 10:57:21 +0200
-Subject: [PATCH 16/24] Move SysuiDarkThemeOverlay to /system
+Subject: [PATCH 16/25] Move SysuiDarkThemeOverlay to /system
Change-Id: I31b3edc5d1abcc1163a13e63c909fee9d27ff432
---
diff --git a/patches/frameworks/base/0019-It-is-okay-not-to-have-wifi-in-SystemUI-on-FDE-lock.patch b/patches/frameworks/base/0017-It-is-okay-not-to-have-wifi-in-SystemUI-on-FDE-lock.patch
similarity index 95%
rename from patches/frameworks/base/0019-It-is-okay-not-to-have-wifi-in-SystemUI-on-FDE-lock.patch
rename to patches/frameworks/base/0017-It-is-okay-not-to-have-wifi-in-SystemUI-on-FDE-lock.patch
index d915028..ede18bd 100644
--- a/patches/frameworks/base/0019-It-is-okay-not-to-have-wifi-in-SystemUI-on-FDE-lock.patch
+++ b/patches/frameworks/base/0017-It-is-okay-not-to-have-wifi-in-SystemUI-on-FDE-lock.patch
@@ -1,7 +1,7 @@
-From e32a7aee2baed63892967cdf00ff3934e0030613 Mon Sep 17 00:00:00 2001
+From 611e5b0b5c891e4ceff24ebc2c4939569e1c5bca Mon Sep 17 00:00:00 2001
From: Pierre-Hugues Husson <phh@phh.me>
Date: Mon, 20 Aug 2018 22:27:02 +0200
-Subject: [PATCH 19/24] It is okay not to have wifi in SystemUI (on FDE lock)
+Subject: [PATCH 17/25] It is okay not to have wifi in SystemUI (on FDE lock)
---
.../src/com/android/settingslib/wifi/WifiTracker.java | 2 +-
diff --git a/patches/frameworks/base/0017-Reintroduce-button-backlight-and-respective-inactivi.patch b/patches/frameworks/base/0017-Reintroduce-button-backlight-and-respective-inactivi.patch
deleted file mode 100644
index b973400..0000000
--- a/patches/frameworks/base/0017-Reintroduce-button-backlight-and-respective-inactivi.patch
+++ /dev/null
@@ -1,118 +0,0 @@
-From 06f853e0f4d05f28fa2d84a7b8744ba550d627dd Mon Sep 17 00:00:00 2001
-From: Ricardo Cerqueira <cyanogenmod@cerqueira.org>
-Date: Fri, 23 Nov 2012 14:23:16 +0000
-Subject: [PATCH 17/24] Reintroduce button-backlight (and respective inactivity
- timeout)
-
-The power manager rewrite from Change I1d7a52e98f0449f76d70bf421f6a7f245957d1d7
-completely removed support for control of the button backlights, which makes
-all capacitive buttons out there stay dark. The commit message in that change
-mentions it hasn't been implemented _yet_, so this fix should be temporary
-until upstream does their own implementation
-
-[RC: Updated to 5.0]
-
-Change-Id: I6094c446e0b8c23f57d30652a3cbd35dee5e821a
-Signed-off-by: Jackeagle <jackeagle102@gmail.com>
----
- .../server/display/DisplayPowerController.java | 11 +++++++++++
- .../android/server/power/PowerManagerService.java | 12 ++++++++++++
- 2 files changed, 23 insertions(+)
-
-diff --git a/services/core/java/com/android/server/display/DisplayPowerController.java b/services/core/java/com/android/server/display/DisplayPowerController.java
-index a09c426d7fa..4a727dc94a3 100644
---- a/services/core/java/com/android/server/display/DisplayPowerController.java
-+++ b/services/core/java/com/android/server/display/DisplayPowerController.java
-@@ -21,6 +21,7 @@ import com.android.internal.app.IBatteryStats;
- import com.android.server.LocalServices;
- import com.android.server.am.BatteryStatsService;
- import com.android.server.policy.WindowManagerPolicy;
-+import com.android.server.lights.LightsManager;
-
- import android.animation.Animator;
- import android.animation.ObjectAnimator;
-@@ -144,6 +145,9 @@ final class DisplayPowerController implements AutomaticBrightnessController.Call
- // Battery stats.
- private final IBatteryStats mBatteryStats;
-
-+ // The lights service.
-+ private final LightsManager mLights;
-+
- // The sensor manager.
- private final SensorManager mSensorManager;
-
-@@ -387,6 +391,7 @@ final class DisplayPowerController implements AutomaticBrightnessController.Call
- mCallbacks = callbacks;
-
- mBatteryStats = BatteryStatsService.getService();
-+ mLights = LocalServices.getService(LightsManager.class);
- mSensorManager = sensorManager;
- mWindowManagerPolicy = LocalServices.getService(WindowManagerPolicy.class);
- mBlanker = blanker;
-@@ -837,6 +842,12 @@ final class DisplayPowerController implements AutomaticBrightnessController.Call
- // Use zero brightness when screen is off.
- if (state == Display.STATE_OFF) {
- brightness = PowerManager.BRIGHTNESS_OFF;
-+ mLights.getLight(LightsManager.LIGHT_ID_BUTTONS).setBrightness(brightness);
-+ }
-+
-+ // Disable button lights when dozing
-+ if (state == Display.STATE_DOZE || state == Display.STATE_DOZE_SUSPEND) {
-+ mLights.getLight(LightsManager.LIGHT_ID_BUTTONS).setBrightness(PowerManager.BRIGHTNESS_OFF);
- }
-
- // Always use the VR brightness when in the VR state.
-diff --git a/services/core/java/com/android/server/power/PowerManagerService.java b/services/core/java/com/android/server/power/PowerManagerService.java
-index d39401ddecd..b32581046f5 100644
---- a/services/core/java/com/android/server/power/PowerManagerService.java
-+++ b/services/core/java/com/android/server/power/PowerManagerService.java
-@@ -230,6 +230,9 @@ public final class PowerManagerService extends SystemService
-
- private static final float PROXIMITY_NEAR_THRESHOLD = 5.0f;
-
-+ // Add button light timeout
-+ private static final int BUTTON_ON_DURATION = 5 * 1000;
-+
- private final Context mContext;
- private final ServiceThread mHandlerThread;
- private final PowerManagerHandler mHandler;
-@@ -250,6 +253,7 @@ public final class PowerManagerService extends SystemService
- private SettingsObserver mSettingsObserver;
- private DreamManagerInternal mDreamManager;
- private Light mAttentionLight;
-+ private Light mButtonsLight;
-
- private final Object mLock = LockGuard.installNewLock(LockGuard.INDEX_POWER);
-
-@@ -792,6 +796,7 @@ public final class PowerManagerService extends SystemService
-
- mLightsManager = getLocalService(LightsManager.class);
- mAttentionLight = mLightsManager.getLight(LightsManager.LIGHT_ID_ATTENTION);
-+ mButtonsLight = mLightsManager.getLight(LightsManager.LIGHT_ID_BUTTONS);
-
- // Initialize display power management.
- mDisplayManagerInternal.initPowerManagement(
-@@ -1997,6 +2002,7 @@ public final class PowerManagerService extends SystemService
- final long screenOffTimeout = getScreenOffTimeoutLocked(sleepTimeout);
- final long screenDimDuration = getScreenDimDurationLocked(screenOffTimeout);
- final boolean userInactiveOverride = mUserInactiveOverrideFromWindowManager;
-+ final int screenBrightness = mScreenBrightnessSettingDefault;
- final long nextProfileTimeout = getNextProfileTimeoutLocked(now);
-
- mUserActivitySummary = 0;
-@@ -2004,6 +2010,12 @@ public final class PowerManagerService extends SystemService
- nextTimeout = mLastUserActivityTime
- + screenOffTimeout - screenDimDuration;
- if (now < nextTimeout) {
-+ if (now > mLastUserActivityTime + BUTTON_ON_DURATION) {
-+ mButtonsLight.setBrightness(0);
-+ } else {
-+ mButtonsLight.setBrightness(screenBrightness);
-+ nextTimeout = now + BUTTON_ON_DURATION;
-+ }
- mUserActivitySummary = USER_ACTIVITY_SCREEN_BRIGHT;
- } else {
- nextTimeout = mLastUserActivityTime + screenOffTimeout;
---
-2.17.1
-
diff --git a/patches/frameworks/base/0020-Don-t-wake-IR-HAL-to-the-infinity-and-beyond.patch b/patches/frameworks/base/0018-Don-t-wake-IR-HAL-to-the-infinity-and-beyond.patch
similarity index 93%
rename from patches/frameworks/base/0020-Don-t-wake-IR-HAL-to-the-infinity-and-beyond.patch
rename to patches/frameworks/base/0018-Don-t-wake-IR-HAL-to-the-infinity-and-beyond.patch
index e56ab1a..9587c2b 100644
--- a/patches/frameworks/base/0020-Don-t-wake-IR-HAL-to-the-infinity-and-beyond.patch
+++ b/patches/frameworks/base/0018-Don-t-wake-IR-HAL-to-the-infinity-and-beyond.patch
@@ -1,7 +1,7 @@
-From 289ddb298f77979a6c11947f8a7401cc4ca752cf Mon Sep 17 00:00:00 2001
+From 719e0062eacfcd42108eb8256a775425fcc069b5 Mon Sep 17 00:00:00 2001
From: Pierre-Hugues Husson <phh@phh.me>
Date: Tue, 21 Aug 2018 22:24:02 +0200
-Subject: [PATCH 20/24] Don't wake IR HAL to the infinity and beyond
+Subject: [PATCH 18/25] Don't wake IR HAL to the infinity and beyond
Change-Id: Ic538ab35ec9eb3ede43a277414b00c51a2efaed1
Signed-off-by: Jackeagle <jackeagle102@gmail.com>
diff --git a/patches/frameworks/base/0018-power-Disable-keyboard-button-lights-while-dozing-dr.patch b/patches/frameworks/base/0018-power-Disable-keyboard-button-lights-while-dozing-dr.patch
deleted file mode 100644
index 4464dc4..0000000
--- a/patches/frameworks/base/0018-power-Disable-keyboard-button-lights-while-dozing-dr.patch
+++ /dev/null
@@ -1,31 +0,0 @@
-From 63233394738bb6292e2f7c1e463ea8ac22a1a3b8 Mon Sep 17 00:00:00 2001
-From: Steve Kondik <steve@cyngn.com>
-Date: Sat, 3 Jan 2015 05:13:26 -0800
-Subject: [PATCH 18/24] power: Disable keyboard/button lights while
- dozing/dreaming
-
- * With hardkeys and doze mode enabled, entering suspend results in
- an epic battle over the lights. It's a bad situation. Disable
- them when we're sleepy.
-
-Change-Id: I7f1fc35a1573717d1ea101a07c4171d6f66d1553
----
- .../core/java/com/android/server/power/PowerManagerService.java | 2 +-
- 1 file changed, 1 insertion(+), 1 deletion(-)
-
-diff --git a/services/core/java/com/android/server/power/PowerManagerService.java b/services/core/java/com/android/server/power/PowerManagerService.java
-index b32581046f5..1ac93c733f1 100644
---- a/services/core/java/com/android/server/power/PowerManagerService.java
-+++ b/services/core/java/com/android/server/power/PowerManagerService.java
-@@ -2006,7 +2006,7 @@ public final class PowerManagerService extends SystemService
- final long nextProfileTimeout = getNextProfileTimeoutLocked(now);
-
- mUserActivitySummary = 0;
-- if (mLastUserActivityTime >= mLastWakeTime) {
-+ if (mWakefulness == WAKEFULNESS_AWAKE && mLastUserActivityTime >= mLastWakeTime) {
- nextTimeout = mLastUserActivityTime
- + screenOffTimeout - screenDimDuration;
- if (now < nextTimeout) {
---
-2.17.1
-
diff --git a/patches/frameworks/base/0021-Switch-samsung-light-fingerprint-match-to-regexp-to-.patch b/patches/frameworks/base/0019-Switch-samsung-light-fingerprint-match-to-regexp-to-.patch
similarity index 90%
rename from patches/frameworks/base/0021-Switch-samsung-light-fingerprint-match-to-regexp-to-.patch
rename to patches/frameworks/base/0019-Switch-samsung-light-fingerprint-match-to-regexp-to-.patch
index 205daa2..7c1015a 100644
--- a/patches/frameworks/base/0021-Switch-samsung-light-fingerprint-match-to-regexp-to-.patch
+++ b/patches/frameworks/base/0019-Switch-samsung-light-fingerprint-match-to-regexp-to-.patch
@@ -1,7 +1,7 @@
-From 015d04e949b09a5687164d6187674e2f951d092f Mon Sep 17 00:00:00 2001
+From 1dd07f5d4a19be3fc5eabadfdf6c88114e4d9ebf Mon Sep 17 00:00:00 2001
From: Pierre-Hugues Husson <phh@phh.me>
Date: Thu, 23 Aug 2018 23:39:16 +0200
-Subject: [PATCH 21/24] Switch samsung light fingerprint match to regexp, to
+Subject: [PATCH 19/25] Switch samsung light fingerprint match to regexp, to
include Note9
---
diff --git a/patches/frameworks/base/0022-Add-a-property-toggle-to-enable-high-brightness-rang.patch b/patches/frameworks/base/0020-Add-a-property-toggle-to-enable-high-brightness-rang.patch
similarity index 91%
rename from patches/frameworks/base/0022-Add-a-property-toggle-to-enable-high-brightness-rang.patch
rename to patches/frameworks/base/0020-Add-a-property-toggle-to-enable-high-brightness-rang.patch
index 589f886..f1fcf25 100644
--- a/patches/frameworks/base/0022-Add-a-property-toggle-to-enable-high-brightness-rang.patch
+++ b/patches/frameworks/base/0020-Add-a-property-toggle-to-enable-high-brightness-rang.patch
@@ -1,7 +1,7 @@
-From 904c159a60f4b821cdcca0a55e156a4c9580d9e0 Mon Sep 17 00:00:00 2001
+From 65096e7a5ebb8883b59d26d70d2bce3330e6a562 Mon Sep 17 00:00:00 2001
From: Pierre-Hugues Husson <phh@phh.me>
Date: Mon, 27 Aug 2018 00:47:13 +0200
-Subject: [PATCH 22/24] Add a property toggle to enable high brightness range
+Subject: [PATCH 20/25] Add a property toggle to enable high brightness range
on samsung device
---
diff --git a/patches/frameworks/base/0023-Add-japanese-S9.patch b/patches/frameworks/base/0021-Add-japanese-S9.patch
similarity index 91%
rename from patches/frameworks/base/0023-Add-japanese-S9.patch
rename to patches/frameworks/base/0021-Add-japanese-S9.patch
index 10bf4f4..93f9a26 100644
--- a/patches/frameworks/base/0023-Add-japanese-S9.patch
+++ b/patches/frameworks/base/0021-Add-japanese-S9.patch
@@ -1,7 +1,7 @@
-From 9874b4e728292d2cea21ffd61ca830544f1cf153 Mon Sep 17 00:00:00 2001
+From 820bf9262ad8d008b9c6351ead03316cbd66b4c4 Mon Sep 17 00:00:00 2001
From: Pierre-Hugues Husson <phh@phh.me>
Date: Tue, 28 Aug 2018 20:39:26 +0200
-Subject: [PATCH 23/24] Add japanese S9
+Subject: [PATCH 21/25] Add japanese S9
---
.../core/java/com/android/server/lights/LightsService.java | 3 ++-
diff --git a/patches/frameworks/base/0024-Re-order-services-so-that-it-works-even-without-qtag.patch b/patches/frameworks/base/0022-Re-order-services-so-that-it-works-even-without-qtag.patch
similarity index 93%
rename from patches/frameworks/base/0024-Re-order-services-so-that-it-works-even-without-qtag.patch
rename to patches/frameworks/base/0022-Re-order-services-so-that-it-works-even-without-qtag.patch
index 1e54ef5..c78bd41 100644
--- a/patches/frameworks/base/0024-Re-order-services-so-that-it-works-even-without-qtag.patch
+++ b/patches/frameworks/base/0022-Re-order-services-so-that-it-works-even-without-qtag.patch
@@ -1,7 +1,7 @@
-From c14fdbff1137f5e03e9371eeedeea07bfad378de Mon Sep 17 00:00:00 2001
+From 6220a49bebdc8a404690704ece96aa0893272832 Mon Sep 17 00:00:00 2001
From: Pierre-Hugues Husson <phh@phh.me>
Date: Thu, 8 Nov 2018 23:04:03 +0100
-Subject: [PATCH 24/24] Re-order services so that it works even without qtaguid
+Subject: [PATCH 22/25] Re-order services so that it works even without qtaguid
---
.../com/android/server/net/NetworkPolicyManagerService.java | 6 +++---
diff --git a/patches/frameworks/base/0023-Revert-LockSettingsService-Support-for-separate-clea.patch b/patches/frameworks/base/0023-Revert-LockSettingsService-Support-for-separate-clea.patch
new file mode 100644
index 0000000..b7a792e
--- /dev/null
+++ b/patches/frameworks/base/0023-Revert-LockSettingsService-Support-for-separate-clea.patch
@@ -0,0 +1,87 @@
+From d695b3ddea63624a658650291d58dab437688e98 Mon Sep 17 00:00:00 2001
+From: Jackeagle <jackeagle102@gmail.com>
+Date: Wed, 19 Dec 2018 17:05:29 +0100
+Subject: [PATCH 23/25] Revert "LockSettingsService: Support for separate clear
+ key api"
+
+This reverts commit 32b8f829d566bfd3d89c9b3eb018f0fc4d408e2d.
+---
+ .../android/os/storage/IStorageManager.aidl | 1 -
+ .../android/server/StorageManagerService.java | 18 ------------------
+ .../locksettings/LockSettingsService.java | 14 +-------------
+ 3 files changed, 1 insertion(+), 32 deletions(-)
+
+diff --git a/core/java/android/os/storage/IStorageManager.aidl b/core/java/android/os/storage/IStorageManager.aidl
+index 49bc9e4d8d0..55a202fd3a6 100644
+--- a/core/java/android/os/storage/IStorageManager.aidl
++++ b/core/java/android/os/storage/IStorageManager.aidl
+@@ -187,5 +187,4 @@ interface IStorageManager {
+ void allocateBytes(String volumeUuid, long bytes, int flags, String callingPackage) = 78;
+ void runIdleMaintenance() = 79;
+ void abortIdleMaintenance() = 80;
+- void clearUserKeyAuth(int userId, int serialNumber, in byte[] token, in byte[] secret) = 81;
+ }
+diff --git a/services/core/java/com/android/server/StorageManagerService.java b/services/core/java/com/android/server/StorageManagerService.java
+index e70e12c25da..aa0e33e15df 100644
+--- a/services/core/java/com/android/server/StorageManagerService.java
++++ b/services/core/java/com/android/server/StorageManagerService.java
+@@ -2530,24 +2530,6 @@ class StorageManagerService extends IStorageManager.Stub
+ }
+ }
+
+- /*
+- * Clear disk encryption key bound to the associated token / secret pair. Removing the user
+- * binding of the Disk encryption key is done in two phases: first, this call will retrieve
+- * the disk encryption key using the provided token / secret pair and store it by
+- * encrypting it with a keymaster key not bound to the user, then fixateNewestUserKeyAuth
+- * is called to delete all other bindings of the disk encryption key.
+- */
+- @Override
+- public void clearUserKeyAuth(int userId, int serialNumber, byte[] token, byte[] secret) {
+- enforcePermission(android.Manifest.permission.STORAGE_INTERNAL);
+-
+- try {
+- mVold.clearUserKeyAuth(userId, serialNumber, encodeBytes(token), encodeBytes(secret));
+- } catch (Exception e) {
+- Slog.wtf(TAG, e);
+- }
+- }
+-
+ /*
+ * Delete all disk encryption token/secret pairs except the most recently added one
+ */
+diff --git a/services/core/java/com/android/server/locksettings/LockSettingsService.java b/services/core/java/com/android/server/locksettings/LockSettingsService.java
+index 66cc1a3334d..f04a36d4f78 100644
+--- a/services/core/java/com/android/server/locksettings/LockSettingsService.java
++++ b/services/core/java/com/android/server/locksettings/LockSettingsService.java
+@@ -1564,18 +1564,6 @@ public class LockSettingsService extends ILockSettings.Stub {
+ addUserKeyAuth(userId, null, null);
+ }
+
+- private void clearUserKeyAuth(int userId, byte[] token, byte[] secret) throws RemoteException {
+- if (DEBUG) Slog.d(TAG, "clearUserKeyProtection user=" + userId);
+- final UserInfo userInfo = mUserManager.getUserInfo(userId);
+- final IStorageManager storageManager = mInjector.getStorageManager();
+- final long callingId = Binder.clearCallingIdentity();
+- try {
+- storageManager.clearUserKeyAuth(userId, userInfo.serialNumber, token, secret);
+- } finally {
+- Binder.restoreCallingIdentity(callingId);
+- }
+- }
+-
+ private static byte[] secretFromCredential(String credential) throws RemoteException {
+ try {
+ MessageDigest digest = MessageDigest.getInstance("SHA-512");
+@@ -2519,7 +2507,7 @@ public class LockSettingsService extends ILockSettings.Stub {
+ getGateKeeperService().clearSecureUserId(userId);
+ // Clear key from vold so ActivityManager can just unlock the user with empty secret
+ // during boot.
+- clearUserKeyAuth(userId, null, auth.deriveDiskEncryptionKey());
++ clearUserKeyProtection(userId);
+ fixateNewestUserKeyAuth(userId);
+ setKeystorePassword(null, userId);
+ }
+--
+2.17.1
+
diff --git a/patches/frameworks/base/0024-Revert-frameworks-base-Port-password-retention-featu.patch b/patches/frameworks/base/0024-Revert-frameworks-base-Port-password-retention-featu.patch
new file mode 100644
index 0000000..40f6359
--- /dev/null
+++ b/patches/frameworks/base/0024-Revert-frameworks-base-Port-password-retention-featu.patch
@@ -0,0 +1,193 @@
+From efa156dfffae3b3f3153b06ca27eff8a43e583c3 Mon Sep 17 00:00:00 2001
+From: Jackeagle <jackeagle102@gmail.com>
+Date: Wed, 19 Dec 2018 17:05:36 +0100
+Subject: [PATCH 24/25] Revert "frameworks: base: Port password retention
+ feature"
+
+This reverts commit 90fce44de1101a925c62fafda8d6e5b3c8663ad4.
+---
+ .../internal/widget/ILockSettings.aidl | 2 -
+ .../internal/widget/LockPatternUtils.java | 11 -----
+ .../keyguard/KeyguardAbsKeyInputView.java | 1 -
+ .../android/keyguard/KeyguardPatternView.java | 1 -
+ .../android/server/StorageManagerService.java | 17 +------
+ .../locksettings/LockSettingsService.java | 49 +------------------
+ 6 files changed, 2 insertions(+), 79 deletions(-)
+
+diff --git a/core/java/com/android/internal/widget/ILockSettings.aidl b/core/java/com/android/internal/widget/ILockSettings.aidl
+index f7fe87e6e9b..591f15fd567 100644
+--- a/core/java/com/android/internal/widget/ILockSettings.aidl
++++ b/core/java/com/android/internal/widget/ILockSettings.aidl
+@@ -79,6 +79,4 @@ interface ILockSettings {
+ in byte[] recoveryKeyBlob,
+ in List<WrappedApplicationKey> applicationKeys);
+ void closeSession(in String sessionId);
+- void sanitizePassword();
+- String getPassword();
+ }
+diff --git a/core/java/com/android/internal/widget/LockPatternUtils.java b/core/java/com/android/internal/widget/LockPatternUtils.java
+index ff8f3c8b716..7c339fb6d6b 100644
+--- a/core/java/com/android/internal/widget/LockPatternUtils.java
++++ b/core/java/com/android/internal/widget/LockPatternUtils.java
+@@ -732,17 +732,6 @@ public class LockPatternUtils {
+ onAfterChangingPassword(userId);
+ }
+
+- /**
+- * clears stored password.
+- */
+- public void sanitizePassword() {
+- try {
+- getLockSettings().sanitizePassword();
+- } catch (RemoteException re) {
+- Log.e(TAG, "Couldn't sanitize password" + re);
+- }
+- }
+-
+ private void updateCryptoUserInfo(int userId) {
+ if (userId != UserHandle.USER_SYSTEM) {
+ return;
+diff --git a/packages/SystemUI/src/com/android/keyguard/KeyguardAbsKeyInputView.java b/packages/SystemUI/src/com/android/keyguard/KeyguardAbsKeyInputView.java
+index c3119793eaf..48b41345675 100644
+--- a/packages/SystemUI/src/com/android/keyguard/KeyguardAbsKeyInputView.java
++++ b/packages/SystemUI/src/com/android/keyguard/KeyguardAbsKeyInputView.java
+@@ -187,7 +187,6 @@ public abstract class KeyguardAbsKeyInputView extends LinearLayout
+ boolean isValidPassword) {
+ boolean dismissKeyguard = KeyguardUpdateMonitor.getCurrentUser() == userId;
+ if (matched) {
+- mLockPatternUtils.sanitizePassword();
+ mCallback.reportUnlockAttempt(userId, true, 0);
+ if (dismissKeyguard) {
+ mDismissing = true;
+diff --git a/packages/SystemUI/src/com/android/keyguard/KeyguardPatternView.java b/packages/SystemUI/src/com/android/keyguard/KeyguardPatternView.java
+index 474de3ff345..f399667772d 100644
+--- a/packages/SystemUI/src/com/android/keyguard/KeyguardPatternView.java
++++ b/packages/SystemUI/src/com/android/keyguard/KeyguardPatternView.java
+@@ -306,7 +306,6 @@ public class KeyguardPatternView extends LinearLayout implements KeyguardSecurit
+ boolean isValidPattern) {
+ boolean dismissKeyguard = KeyguardUpdateMonitor.getCurrentUser() == userId;
+ if (matched) {
+- mLockPatternUtils.sanitizePassword();
+ mCallback.reportUnlockAttempt(userId, true, 0);
+ if (dismissKeyguard) {
+ mLockPatternView.setDisplayMode(LockPatternView.DisplayMode.Correct);
+diff --git a/services/core/java/com/android/server/StorageManagerService.java b/services/core/java/com/android/server/StorageManagerService.java
+index aa0e33e15df..478949bbba0 100644
+--- a/services/core/java/com/android/server/StorageManagerService.java
++++ b/services/core/java/com/android/server/StorageManagerService.java
+@@ -126,7 +126,6 @@ import com.android.internal.util.Preconditions;
+ import com.android.internal.widget.LockPatternUtils;
+ import com.android.server.pm.PackageManagerService;
+ import com.android.server.storage.AppFuseBridge;
+-import com.android.internal.widget.ILockSettings;
+
+ import libcore.io.IoUtils;
+ import libcore.util.EmptyArray;
+@@ -2321,22 +2320,8 @@ class StorageManagerService extends IStorageManager.Stub
+ Slog.i(TAG, "changing encryption password...");
+ }
+
+- ILockSettings lockSettings = ILockSettings.Stub.asInterface(
+- ServiceManager.getService("lock_settings"));
+- String currentPassword="default_password";
+ try {
+- currentPassword = lockSettings.getPassword();
+- } catch (Exception e) {
+- Slog.wtf(TAG, "Couldn't get password" + e);
+- }
+-
+- try {
+- mVold.fdeChangePassword(type, currentPassword, password);
+- try {
+- lockSettings.sanitizePassword();
+- } catch (Exception e) {
+- Slog.wtf(TAG, "Couldn't sanitize password" + e);
+- }
++ mVold.fdeChangePassword(type, password);
+ return 0;
+ } catch (Exception e) {
+ Slog.wtf(TAG, e);
+diff --git a/services/core/java/com/android/server/locksettings/LockSettingsService.java b/services/core/java/com/android/server/locksettings/LockSettingsService.java
+index f04a36d4f78..c6a871217eb 100644
+--- a/services/core/java/com/android/server/locksettings/LockSettingsService.java
++++ b/services/core/java/com/android/server/locksettings/LockSettingsService.java
+@@ -164,7 +164,6 @@ public class LockSettingsService extends ILockSettings.Stub {
+ // Order of holding lock: mSeparateChallengeLock -> mSpManager -> this
+ // Do not call into ActivityManager while holding mSpManager lock.
+ private final Object mSeparateChallengeLock = new Object();
+- private static final String DEFAULT_PASSWORD = "default_password";
+
+ private final DeviceProvisionedObserver mDeviceProvisionedObserver =
+ new DeviceProvisionedObserver();
+@@ -185,7 +184,6 @@ public class LockSettingsService extends ILockSettings.Stub {
+ private final SyntheticPasswordManager mSpManager;
+
+ private final KeyStore mKeyStore;
+- private static String mSavePassword = DEFAULT_PASSWORD;
+
+ private final RecoverableKeyStoreManager mRecoverableKeyStoreManager;
+
+@@ -1099,45 +1097,6 @@ public class LockSettingsService extends ILockSettings.Stub {
+ return mStorage.hasCredential(userId);
+ }
+
+- public void retainPassword(String password) {
+- if (LockPatternUtils.isDeviceEncryptionEnabled()) {
+- if (password != null)
+- mSavePassword = password;
+- else
+- mSavePassword = DEFAULT_PASSWORD;
+- }
+- }
+-
+- public void sanitizePassword() {
+- if (LockPatternUtils.isDeviceEncryptionEnabled()) {
+- mSavePassword = DEFAULT_PASSWORD;
+- }
+- }
+-
+- private boolean checkCryptKeeperPermissions() {
+- boolean permission_err = false;
+- try {
+- mContext.enforceCallingOrSelfPermission(
+- android.Manifest.permission.CRYPT_KEEPER,
+- "no permission to get the password");
+- } catch (SecurityException e) {
+- permission_err = true;
+- }
+- return permission_err;
+- }
+-
+- public String getPassword() {
+- /** if calling process does't have crypt keeper or admin permissions,
+- * throw the exception.
+- */
+- if (checkCryptKeeperPermissions())
+- mContext.enforceCallingOrSelfPermission(
+- android.Manifest.permission.MANAGE_DEVICE_ADMINS,
+- "no crypt_keeper or admin permission to get the password");
+-
+- return mSavePassword;
+- }
+-
+ private void setKeystorePassword(String password, int userHandle) {
+ final KeyStore ks = KeyStore.getInstance();
+ ks.onUserPasswordChanged(userHandle, password);
+@@ -1652,13 +1611,7 @@ public class LockSettingsService extends ILockSettings.Stub {
+ public VerifyCredentialResponse checkCredential(String credential, int type, int userId,
+ ICheckCredentialProgressCallback progressCallback) throws RemoteException {
+ checkPasswordReadPermission(userId);
+- VerifyCredentialResponse response = doVerifyCredential(credential, type,
+- false, 0, userId, progressCallback);
+- if ((response.getResponseCode() == VerifyCredentialResponse.RESPONSE_OK) &&
+- (userId == UserHandle.USER_OWNER)) {
+- retainPassword(credential);
+- }
+- return response;
++ return doVerifyCredential(credential, type, false, 0, userId, progressCallback);
+ }
+
+ @Override
+--
+2.17.1
+
diff --git a/patches/frameworks/base/0025-Revert-Use-fdeCheckPassword-error-code-to-indicate-p.patch b/patches/frameworks/base/0025-Revert-Use-fdeCheckPassword-error-code-to-indicate-p.patch
new file mode 100644
index 0000000..3772836
--- /dev/null
+++ b/patches/frameworks/base/0025-Revert-Use-fdeCheckPassword-error-code-to-indicate-p.patch
@@ -0,0 +1,36 @@
+From e7c4a836ed99addea828d5fb9a78db1c2dbfee46 Mon Sep 17 00:00:00 2001
+From: Jackeagle <jackeagle102@gmail.com>
+Date: Wed, 19 Dec 2018 17:05:44 +0100
+Subject: [PATCH 25/25] Revert "Use fdeCheckPassword error code to indicate pw
+ failure"
+
+This reverts commit 604396bf8dd83a2d4c210f8d029b871d9838af32.
+---
+ .../core/java/com/android/server/StorageManagerService.java | 4 ----
+ 1 file changed, 4 deletions(-)
+
+diff --git a/services/core/java/com/android/server/StorageManagerService.java b/services/core/java/com/android/server/StorageManagerService.java
+index 478949bbba0..14ca559c306 100644
+--- a/services/core/java/com/android/server/StorageManagerService.java
++++ b/services/core/java/com/android/server/StorageManagerService.java
+@@ -81,7 +81,6 @@ import android.os.Process;
+ import android.os.RemoteCallbackList;
+ import android.os.RemoteException;
+ import android.os.ServiceManager;
+-import android.os.ServiceSpecificException;
+ import android.os.SystemClock;
+ import android.os.SystemProperties;
+ import android.os.UserHandle;
+@@ -2262,9 +2261,6 @@ class StorageManagerService extends IStorageManager.Stub
+ }
+ }, DateUtils.SECOND_IN_MILLIS);
+ return 0;
+- } catch (ServiceSpecificException e) {
+- Slog.e(TAG, "fdeCheckPassword failed", e);
+- return e.errorCode;
+ } catch (Exception e) {
+ Slog.wtf(TAG, e);
+ return StorageManager.ENCRYPTION_STATE_ERROR_UNKNOWN;
+--
+2.17.1
+
diff --git a/patches/system/vold/0001-Don-t-set-reserved_disk-group-it-panics-old-inits.patch b/patches/system/vold/0001-Don-t-set-reserved_disk-group-it-panics-old-inits.patch
index 4557aaf..72841f7 100644
--- a/patches/system/vold/0001-Don-t-set-reserved_disk-group-it-panics-old-inits.patch
+++ b/patches/system/vold/0001-Don-t-set-reserved_disk-group-it-panics-old-inits.patch
@@ -1,7 +1,7 @@
-From 3651ff3f188d41e5e0be08f7488b9bcd129f44cd Mon Sep 17 00:00:00 2001
+From d4c643a08e4f931d507fa6ade7c0b739cc110d15 Mon Sep 17 00:00:00 2001
From: Pierre-Hugues Husson <phh@phh.me>
Date: Tue, 14 Aug 2018 20:53:12 +0200
-Subject: [PATCH 1/4] Don't set reserved_disk group, it panics old inits
+Subject: [PATCH 1/8] Don't set reserved_disk group, it panics old inits
Change-Id: I9fecd1e5187048e321af181921ecd7e37ca1eae9
Signed-off-by: Jackeagle <jackeagle102@gmail.com>
diff --git a/patches/system/vold/0002-Create-vendor_de.-This-is-done-by-init.rc-on-system-.patch b/patches/system/vold/0002-Create-vendor_de.-This-is-done-by-init.rc-on-system-.patch
index 56ccb5b..bcaec3b 100644
--- a/patches/system/vold/0002-Create-vendor_de.-This-is-done-by-init.rc-on-system-.patch
+++ b/patches/system/vold/0002-Create-vendor_de.-This-is-done-by-init.rc-on-system-.patch
@@ -1,7 +1,7 @@
-From 2cd6ffdbaf28cd0742842a88a26a4a63cfcee3b9 Mon Sep 17 00:00:00 2001
+From 5771cb8139323860f496a849d67502fc274da495 Mon Sep 17 00:00:00 2001
From: Pierre-Hugues Husson <phh@phh.me>
Date: Tue, 14 Aug 2018 20:54:08 +0200
-Subject: [PATCH 2/4] Create vendor_de. This is done by /init.rc on
+Subject: [PATCH 2/8] Create vendor_de. This is done by /init.rc on
system-as-root device
---
@@ -9,10 +9,10 @@
1 file changed, 2 insertions(+)
diff --git a/Ext4Crypt.cpp b/Ext4Crypt.cpp
-index 99a63b4..090532f 100644
+index 3a7b5d4..263648b 100644
--- a/Ext4Crypt.cpp
+++ b/Ext4Crypt.cpp
-@@ -667,6 +667,8 @@ bool e4crypt_prepare_user_storage(const std::string& volume_uuid, userid_t user_
+@@ -803,6 +803,8 @@ bool e4crypt_prepare_user_storage(const std::string& volume_uuid, userid_t user_
auto vendor_de_path = android::vold::BuildDataVendorDePath(user_id);
auto user_de_path = android::vold::BuildDataUserDePath(volume_uuid, user_id);
diff --git a/patches/system/vold/0003-Support-Samsung-s-implementation-of-exfat-called-sdf.patch b/patches/system/vold/0003-Support-Samsung-s-implementation-of-exfat-called-sdf.patch
index 832a558..04a2bd6 100644
--- a/patches/system/vold/0003-Support-Samsung-s-implementation-of-exfat-called-sdf.patch
+++ b/patches/system/vold/0003-Support-Samsung-s-implementation-of-exfat-called-sdf.patch
@@ -1,7 +1,7 @@
-From 911e22c549e196296db3f4474d84fdec6120b2a3 Mon Sep 17 00:00:00 2001
+From bd92087dd58bfc2b5c52688b3f7f325cde7eca55 Mon Sep 17 00:00:00 2001
From: Pierre-Hugues Husson <phh@phh.me>
Date: Mon, 20 Aug 2018 22:37:54 +0200
-Subject: [PATCH 3/4] Support Samsung's implementation of exfat, called sdfat
+Subject: [PATCH 3/8] Support Samsung's implementation of exfat, called sdfat
---
fs/Exfat.cpp | 9 ++++++---
diff --git a/patches/system/vold/0004-Also-create-vendor_ce-same-reason-as-vendor_de.patch b/patches/system/vold/0004-Also-create-vendor_ce-same-reason-as-vendor_de.patch
index 20aa274..d29a6a8 100644
--- a/patches/system/vold/0004-Also-create-vendor_ce-same-reason-as-vendor_de.patch
+++ b/patches/system/vold/0004-Also-create-vendor_ce-same-reason-as-vendor_de.patch
@@ -1,17 +1,17 @@
-From 8b59752bcc3b9ed2969e308673ec4469ccade60a Mon Sep 17 00:00:00 2001
+From 63c29054718759d24a43fadb8e3f68a409120502 Mon Sep 17 00:00:00 2001
From: Pierre-Hugues Husson <phh@phh.me>
Date: Mon, 20 Aug 2018 22:38:08 +0200
-Subject: [PATCH 4/4] Also create vendor_ce (same reason as vendor_de)
+Subject: [PATCH 4/8] Also create vendor_ce (same reason as vendor_de)
---
Ext4Crypt.cpp | 2 ++
1 file changed, 2 insertions(+)
diff --git a/Ext4Crypt.cpp b/Ext4Crypt.cpp
-index 090532f..6b60796 100644
+index 263648b..56650fe 100644
--- a/Ext4Crypt.cpp
+++ b/Ext4Crypt.cpp
-@@ -706,6 +706,8 @@ bool e4crypt_prepare_user_storage(const std::string& volume_uuid, userid_t user_
+@@ -842,6 +842,8 @@ bool e4crypt_prepare_user_storage(const std::string& volume_uuid, userid_t user_
auto media_ce_path = android::vold::BuildDataMediaCePath(volume_uuid, user_id);
auto user_ce_path = android::vold::BuildDataUserCePath(volume_uuid, user_id);
diff --git a/patches/system/vold/0005-Revert-vold-Wrapped-key-support-for-FBE.patch b/patches/system/vold/0005-Revert-vold-Wrapped-key-support-for-FBE.patch
new file mode 100644
index 0000000..8aea5a8
--- /dev/null
+++ b/patches/system/vold/0005-Revert-vold-Wrapped-key-support-for-FBE.patch
@@ -0,0 +1,590 @@
+From e053b4937154462cd42435631291f9d676c7d942 Mon Sep 17 00:00:00 2001
+From: Jackeagle <jackeagle102@gmail.com>
+Date: Wed, 19 Dec 2018 17:02:02 +0100
+Subject: [PATCH 5/8] Revert "vold: Wrapped key support for FBE"
+
+This reverts commit 659c9ec24095a9a6925157c83f961840f5df807d.
+---
+ Ext4Crypt.cpp | 164 +++--------------------------------
+ Ext4Crypt.h | 4 -
+ KeyStorage.cpp | 42 ---------
+ KeyStorage.h | 11 +--
+ KeyUtil.cpp | 31 +------
+ KeyUtil.h | 4 +-
+ Keymaster.cpp | 26 ------
+ Keymaster.h | 3 -
+ VoldNativeService.cpp | 8 --
+ VoldNativeService.h | 2 -
+ binder/android/os/IVold.aidl | 1 -
+ 11 files changed, 20 insertions(+), 276 deletions(-)
+
+diff --git a/Ext4Crypt.cpp b/Ext4Crypt.cpp
+index 56650fe..6b60796 100644
+--- a/Ext4Crypt.cpp
++++ b/Ext4Crypt.cpp
+@@ -16,7 +16,6 @@
+
+ #include "Ext4Crypt.h"
+
+-#include "Keymaster.h"
+ #include "KeyStorage.h"
+ #include "KeyUtil.h"
+ #include "Utils.h"
+@@ -63,8 +62,6 @@ using android::base::StringPrintf;
+ using android::base::WriteStringToFile;
+ using android::vold::kEmptyAuthentication;
+ using android::vold::KeyBuffer;
+-using android::vold::Keymaster;
+-using android::hardware::keymaster::V4_0::KeyFormat;
+
+ namespace {
+
+@@ -199,46 +196,12 @@ static bool read_and_fixate_user_ce_key(userid_t user_id,
+ return false;
+ }
+
+-static bool is_wrapped_key_supported_common(const std::string& mount_point) {
+- struct fstab_rec* rec = fs_mgr_get_entry_for_mount_point(fstab_default, mount_point);
+- char const* contents_mode = NULL;
+- char const* filenames_mode = NULL;
+-
+- fs_mgr_get_file_encryption_modes(rec, &contents_mode, &filenames_mode);
+- if (!contents_mode || !filenames_mode) {
+- LOG(ERROR) << "Couldn't read file or contents mode, returning false";
+- return false;
+- }
+-
+- if (strcmp(contents_mode, "ice_wrapped_key_supported") == 0)
+- return true;
+- else
+- return false;
+-}
+-
+-bool is_wrapped_key_supported() {
+- return is_wrapped_key_supported_common(DATA_MNT_POINT);
+-}
+-
+-bool is_wrapped_key_supported_external() {
+- return false;
+-}
+-
+ static bool read_and_install_user_ce_key(userid_t user_id,
+ const android::vold::KeyAuthentication& auth) {
+ if (s_ce_key_raw_refs.count(user_id) != 0) return true;
+ KeyBuffer ce_key;
+ if (!read_and_fixate_user_ce_key(user_id, auth, &ce_key)) return false;
+ std::string ce_raw_ref;
+-
+- if (is_wrapped_key_supported()) {
+- KeyBuffer ephemeral_wrapped_key;
+- if (!getEphemeralWrappedKey(KeyFormat::RAW, ce_key, &ephemeral_wrapped_key)) {
+- LOG(ERROR) << "Failed to export ce key";
+- return false;
+- }
+- ce_key = std::move(ephemeral_wrapped_key);
+- }
+ if (!android::vold::installKey(ce_key, &ce_raw_ref)) return false;
+ s_ce_keys[user_id] = std::move(ce_key);
+ s_ce_key_raw_refs[user_id] = ce_raw_ref;
+@@ -269,15 +232,8 @@ static bool destroy_dir(const std::string& dir) {
+ // it creates keys in a fixed location.
+ static bool create_and_install_user_keys(userid_t user_id, bool create_ephemeral) {
+ KeyBuffer de_key, ce_key;
+-
+- if(is_wrapped_key_supported()) {
+- if (!generateWrappedKey(user_id, android::vold::KeyType::DE_USER, &de_key)) return false;
+- if (!generateWrappedKey(user_id, android::vold::KeyType::CE_USER, &ce_key)) return false;
+- } else {
+- if (!android::vold::randomKey(&de_key)) return false;
+- if (!android::vold::randomKey(&ce_key)) return false;
+- }
+-
++ if (!android::vold::randomKey(&de_key)) return false;
++ if (!android::vold::randomKey(&ce_key)) return false;
+ if (create_ephemeral) {
+ // If the key should be created as ephemeral, don't store it.
+ s_ephemeral_users.insert(user_id);
+@@ -294,36 +250,13 @@ static bool create_and_install_user_keys(userid_t user_id, bool create_ephemeral
+ if (!android::vold::storeKeyAtomically(get_de_key_path(user_id), user_key_temp,
+ kEmptyAuthentication, de_key)) return false;
+ }
+-
+- /* Install the DE keys */
+ std::string de_raw_ref;
+- std::string ce_raw_ref;
+-
+- if (is_wrapped_key_supported()) {
+- KeyBuffer ephemeral_wrapped_de_key;
+- KeyBuffer ephemeral_wrapped_ce_key;
+-
+- /* Export and install the DE keys */
+- if (!getEphemeralWrappedKey(KeyFormat::RAW, de_key, &ephemeral_wrapped_de_key)) {
+- LOG(ERROR) << "Failed to export de_key";
+- return false;
+- }
+- /* Export and install the CE keys */
+- if (!getEphemeralWrappedKey(KeyFormat::RAW, ce_key, &ephemeral_wrapped_ce_key)) {
+- LOG(ERROR) << "Failed to export de_key";
+- return false;
+- }
+-
+- de_key = std::move(ephemeral_wrapped_de_key);
+- ce_key = std::move(ephemeral_wrapped_ce_key);
+- }
+ if (!android::vold::installKey(de_key, &de_raw_ref)) return false;
+- if (!android::vold::installKey(ce_key, &ce_raw_ref)) return false;
+- s_ce_keys[user_id] = std::move(ce_key);
+-
+ s_de_key_raw_refs[user_id] = de_raw_ref;
++ std::string ce_raw_ref;
++ if (!android::vold::installKey(ce_key, &ce_raw_ref)) return false;
++ s_ce_keys[user_id] = ce_key;
+ s_ce_key_raw_refs[user_id] = ce_raw_ref;
+-
+ LOG(DEBUG) << "Created keys for user " << user_id;
+ return true;
+ }
+@@ -388,14 +321,6 @@ static bool load_all_de_keys() {
+ KeyBuffer key;
+ if (!android::vold::retrieveKey(key_path, kEmptyAuthentication, &key)) return false;
+ std::string raw_ref;
+- if (is_wrapped_key_supported()) {
+- KeyBuffer ephemeral_wrapped_key;
+- if (!getEphemeralWrappedKey(KeyFormat::RAW, key, &ephemeral_wrapped_key)) {
+- LOG(ERROR) << "Failed to export de_key in create_and_install_user_keys";
+- return false;
+- }
+- key = std::move(ephemeral_wrapped_key);
+- }
+ if (!android::vold::installKey(key, &raw_ref)) return false;
+ s_de_key_raw_refs[user_id] = raw_ref;
+ LOG(DEBUG) << "Installed de key for user " << user_id;
+@@ -408,7 +333,6 @@ static bool load_all_de_keys() {
+
+ bool e4crypt_initialize_global_de() {
+ LOG(INFO) << "e4crypt_initialize_global_de";
+- bool wrapped_key_supported = false;
+
+ if (s_global_de_initialized) {
+ LOG(INFO) << "Already initialized";
+@@ -416,11 +340,8 @@ bool e4crypt_initialize_global_de() {
+ }
+
+ PolicyKeyRef device_ref;
+- wrapped_key_supported = is_wrapped_key_supported();
+-
+- if (!android::vold::retrieveAndInstallKey(true, kEmptyAuthentication,
+- device_key_path, device_key_temp,
+- &device_ref.key_raw_ref, wrapped_key_supported))
++ if (!android::vold::retrieveAndInstallKey(true, kEmptyAuthentication, device_key_path,
++ device_key_temp, &device_ref.key_raw_ref))
+ return false;
+ get_data_file_encryption_modes(&device_ref);
+
+@@ -594,7 +515,6 @@ static bool read_or_create_volkey(const std::string& misc_path, const std::strin
+ PolicyKeyRef* key_ref) {
+ auto secdiscardable_path = volume_secdiscardable_path(volume_uuid);
+ std::string secdiscardable_hash;
+- bool wrapped_key_supported = false;
+ if (android::vold::pathExists(secdiscardable_path)) {
+ if (!android::vold::readSecdiscardable(secdiscardable_path, &secdiscardable_hash))
+ return false;
+@@ -612,10 +532,8 @@ static bool read_or_create_volkey(const std::string& misc_path, const std::strin
+ return false;
+ }
+ android::vold::KeyAuthentication auth("", secdiscardable_hash);
+- wrapped_key_supported = is_wrapped_key_supported_external();
+-
+ if (!android::vold::retrieveAndInstallKey(true, auth, key_path, key_path + "_tmp",
+- &key_ref->key_raw_ref, wrapped_key_supported))
++ &key_ref->key_raw_ref))
+ return false;
+ key_ref->contents_mode =
+ android::base::GetProperty("ro.crypto.volume.contents_mode", "aes-256-xts");
+@@ -641,74 +559,20 @@ bool e4crypt_add_user_key_auth(userid_t user_id, int serial, const std::string&
+ if (!parse_hex(secret_hex, &secret)) return false;
+ auto auth = secret.empty() ? kEmptyAuthentication
+ : android::vold::KeyAuthentication(token, secret);
++ auto it = s_ce_keys.find(user_id);
++ if (it == s_ce_keys.end()) {
++ LOG(ERROR) << "Key not loaded into memory, can't change for user " << user_id;
++ return false;
++ }
++ const auto &ce_key = it->second;
+ auto const directory_path = get_ce_key_directory_path(user_id);
+ auto const paths = get_ce_key_paths(directory_path);
+-
+- KeyBuffer ce_key;
+- if(is_wrapped_key_supported()) {
+- std::string ce_key_current_path = get_ce_key_current_path(directory_path);
+- if (android::vold::retrieveKey(ce_key_current_path, kEmptyAuthentication, &ce_key)) {
+- LOG(DEBUG) << "Successfully retrieved key";
+- } else {
+- if (android::vold::retrieveKey(ce_key_current_path, auth, &ce_key)) {
+- LOG(DEBUG) << "Successfully retrieved key";
+- }
+- }
+- } else {
+- auto it = s_ce_keys.find(user_id);
+- if (it == s_ce_keys.end()) {
+- LOG(ERROR) << "Key not loaded into memory, can't change for user " << user_id;
+- return false;
+- }
+- ce_key = it->second;
+- }
+-
+ std::string ce_key_path;
+ if (!get_ce_key_new_path(directory_path, paths, &ce_key_path)) return false;
+ if (!android::vold::storeKeyAtomically(ce_key_path, user_key_temp, auth, ce_key)) return false;
+ return true;
+ }
+
+-bool e4crypt_clear_user_key_auth(userid_t user_id, int serial, const std::string& token_hex,
+- const std::string& secret_hex) {
+- LOG(DEBUG) << "e4crypt_clear_user_key_auth " << user_id << " serial=" << serial
+- << " token_present=" << (token_hex != "!");
+- if (!e4crypt_is_native()) return true;
+- if (s_ephemeral_users.count(user_id) != 0) return true;
+- std::string token, secret;
+-
+- if (!parse_hex(token_hex, &token)) return false;
+- if (!parse_hex(secret_hex, &secret)) return false;
+-
+- if (is_wrapped_key_supported()) {
+- auto const directory_path = get_ce_key_directory_path(user_id);
+- auto const paths = get_ce_key_paths(directory_path);
+-
+- KeyBuffer ce_key;
+- std::string ce_key_current_path = get_ce_key_current_path(directory_path);
+-
+- auto auth = android::vold::KeyAuthentication(token, secret);
+- /* Retrieve key while removing a pin. A secret is needed */
+- if (android::vold::retrieveKey(ce_key_current_path, auth, &ce_key)) {
+- LOG(DEBUG) << "Successfully retrieved key";
+- } else {
+- /* Retrieve key when going None to swipe and vice versa when a
+- synthetic password is present */
+- if (android::vold::retrieveKey(ce_key_current_path, kEmptyAuthentication, &ce_key)) {
+- LOG(DEBUG) << "Successfully retrieved key";
+- }
+- }
+-
+- std::string ce_key_path;
+- if (!get_ce_key_new_path(directory_path, paths, &ce_key_path)) return false;
+- if (!android::vold::storeKeyAtomically(ce_key_path, user_key_temp, kEmptyAuthentication, ce_key))
+- return false;
+- } else {
+- if(!e4crypt_add_user_key_auth(user_id, serial, "!", "!")) return false;
+- }
+- return true;
+-}
+-
+ bool e4crypt_fixate_newest_user_key_auth(userid_t user_id) {
+ LOG(DEBUG) << "e4crypt_fixate_newest_user_key_auth " << user_id;
+ if (!e4crypt_is_native()) return true;
+diff --git a/Ext4Crypt.h b/Ext4Crypt.h
+index 5101bf6..a43a68a 100644
+--- a/Ext4Crypt.h
++++ b/Ext4Crypt.h
+@@ -25,8 +25,6 @@ bool e4crypt_vold_create_user_key(userid_t user_id, int serial, bool ephemeral);
+ bool e4crypt_destroy_user_key(userid_t user_id);
+ bool e4crypt_add_user_key_auth(userid_t user_id, int serial, const std::string& token,
+ const std::string& secret);
+-bool e4crypt_clear_user_key_auth(userid_t user_id, int serial, const std::string& token_hex,
+- const std::string& secret_hex);
+ bool e4crypt_fixate_newest_user_key_auth(userid_t user_id);
+
+ bool e4crypt_unlock_user_key(userid_t user_id, int serial, const std::string& token,
+@@ -38,5 +36,3 @@ bool e4crypt_prepare_user_storage(const std::string& volume_uuid, userid_t user_
+ bool e4crypt_destroy_user_storage(const std::string& volume_uuid, userid_t user_id, int flags);
+
+ bool e4crypt_destroy_volume_keys(const std::string& volume_uuid);
+-bool is_wrapped_key_supported();
+-bool is_wrapped_key_supported_external();
+diff --git a/KeyStorage.cpp b/KeyStorage.cpp
+index 69cd41c..0518930 100644
+--- a/KeyStorage.cpp
++++ b/KeyStorage.cpp
+@@ -61,7 +61,6 @@ static constexpr size_t SECDISCARDABLE_BYTES = 1 << 14;
+ static constexpr size_t STRETCHED_BYTES = 1 << 6;
+
+ static constexpr uint32_t AUTH_TIMEOUT = 30; // Seconds
+-constexpr int EXT4_AES_256_XTS_KEY_SIZE = 64;
+
+ static const char* kCurrentVersion = "1";
+ static const char* kRmPath = "/system/bin/rm";
+@@ -127,47 +126,6 @@ static bool generateKeymasterKey(Keymaster& keymaster, const KeyAuthentication&
+ return keymaster.generateKey(paramBuilder, key);
+ }
+
+-bool generateWrappedKey(userid_t user_id, KeyType key_type,
+- KeyBuffer* key) {
+- Keymaster keymaster;
+- if (!keymaster) return false;
+- *key = KeyBuffer(EXT4_AES_256_XTS_KEY_SIZE);
+- std::string key_temp;
+- auto paramBuilder = km::AuthorizationSetBuilder()
+- .AesEncryptionKey(AES_KEY_BYTES * 8)
+- .GcmModeMinMacLen(GCM_MAC_BYTES * 8)
+- .Authorization(km::TAG_USER_ID, user_id);
+- km::KeyParameter param1;
+- param1.tag = (km::Tag) (android::hardware::keymaster::V4_0::KM_TAG_FBE_ICE);
+- param1.f.boolValue = true;
+- paramBuilder.push_back(param1);
+-
+- km::KeyParameter param2;
+- if ((key_type == KeyType::DE_USER) || (key_type == KeyType::DE_SYS)) {
+- param2.tag = (km::Tag) (android::hardware::keymaster::V4_0::KM_TAG_KEY_TYPE);
+- param2.f.integer = 0;
+- } else if (key_type == KeyType::CE_USER) {
+- param2.tag = (km::Tag) (android::hardware::keymaster::V4_0::KM_TAG_KEY_TYPE);
+- param2.f.integer = 1;
+- }
+- paramBuilder.push_back(param2);
+-
+- if (!keymaster.generateKey(paramBuilder, &key_temp)) return false;
+- *key = KeyBuffer(key_temp.size());
+- memcpy(reinterpret_cast<void*>(key->data()), key_temp.c_str(), key->size());
+- return true;
+-}
+-
+-bool getEphemeralWrappedKey(km::KeyFormat format, KeyBuffer& kmKey, KeyBuffer* key) {
+- std::string key_temp;
+- Keymaster keymaster;
+- if (!keymaster) return false;
+- if (!keymaster.exportKey(format, kmKey, "!", "!", &key_temp)) return false;
+- *key = KeyBuffer(key_temp.size());
+- memcpy(reinterpret_cast<void*>(key->data()), key_temp.c_str(), key->size());
+- return true;
+-}
+-
+ static std::pair<km::AuthorizationSet, km::HardwareAuthToken> beginParams(
+ const KeyAuthentication& auth, const std::string& appId) {
+ auto paramBuilder = km::AuthorizationSetBuilder()
+diff --git a/KeyStorage.h b/KeyStorage.h
+index 0c2609e..786e5b4 100644
+--- a/KeyStorage.h
++++ b/KeyStorage.h
+@@ -17,9 +17,8 @@
+ #ifndef ANDROID_VOLD_KEYSTORAGE_H
+ #define ANDROID_VOLD_KEYSTORAGE_H
+
+-#include "Keymaster.h"
+ #include "KeyBuffer.h"
+-#include <ext4_utils/ext4_crypt.h>
++
+ #include <string>
+
+ namespace android {
+@@ -40,12 +39,6 @@ class KeyAuthentication {
+ const std::string secret;
+ };
+
+-enum class KeyType {
+- DE_SYS,
+- DE_USER,
+- CE_USER
+-};
+-
+ extern const KeyAuthentication kEmptyAuthentication;
+
+ // Checks if path "path" exists.
+@@ -74,8 +67,6 @@ bool retrieveKey(const std::string& dir, const KeyAuthentication& auth, KeyBuffe
+ bool destroyKey(const std::string& dir);
+
+ bool runSecdiscardSingle(const std::string& file);
+-bool generateWrappedKey(userid_t user_id, KeyType key_type, KeyBuffer* key);
+-bool getEphemeralWrappedKey(km::KeyFormat format, KeyBuffer& kmKey, KeyBuffer* key);
+ } // namespace vold
+ } // namespace android
+
+diff --git a/KeyUtil.cpp b/KeyUtil.cpp
+index e8c366f..9885440 100644
+--- a/KeyUtil.cpp
++++ b/KeyUtil.cpp
+@@ -27,13 +27,8 @@
+ #include <keyutils.h>
+
+ #include "KeyStorage.h"
+-#include "Ext4Crypt.h"
+ #include "Utils.h"
+
+-#define MAX_USER_ID 0xFFFFFFFF
+-
+-using android::hardware::keymaster::V4_0::KeyFormat;
+-using android::vold::KeyType;
+ namespace android {
+ namespace vold {
+
+@@ -127,14 +122,7 @@ bool installKey(const KeyBuffer& key, std::string* raw_ref) {
+ ext4_encryption_key &ext4_key = *reinterpret_cast<ext4_encryption_key*>(ext4KeyBuffer.data());
+
+ if (!fillKey(key, &ext4_key)) return false;
+- if (is_wrapped_key_supported()) {
+- /* When wrapped key is supported, only the first 32 bytes are
+- the same per boot. The second 32 bytes can change as the ephemeral
+- key is different. */
+- *raw_ref = generateKeyRef(ext4_key.raw, (ext4_key.size)/2);
+- } else {
+- *raw_ref = generateKeyRef(ext4_key.raw, ext4_key.size);
+- }
++ *raw_ref = generateKeyRef(ext4_key.raw, ext4_key.size);
+ key_serial_t device_keyring;
+ if (!e4cryptKeyring(&device_keyring)) return false;
+ for (char const* const* name_prefix = NAME_PREFIXES; *name_prefix != nullptr; name_prefix++) {
+@@ -175,7 +163,7 @@ bool evictKey(const std::string& raw_ref) {
+
+ bool retrieveAndInstallKey(bool create_if_absent, const KeyAuthentication& key_authentication,
+ const std::string& key_path, const std::string& tmp_path,
+- std::string* key_ref, bool wrapped_key_supported) {
++ std::string* key_ref) {
+ KeyBuffer key;
+ if (pathExists(key_path)) {
+ LOG(DEBUG) << "Key exists, using: " << key_path;
+@@ -186,23 +174,10 @@ bool retrieveAndInstallKey(bool create_if_absent, const KeyAuthentication& key_a
+ return false;
+ }
+ LOG(INFO) << "Creating new key in " << key_path;
+- if (wrapped_key_supported) {
+- if(!generateWrappedKey(MAX_USER_ID, KeyType::DE_SYS, &key)) return false;
+- } else {
+- if (!randomKey(&key)) return false;
+- }
++ if (!randomKey(&key)) return false;
+ if (!storeKeyAtomically(key_path, tmp_path, key_authentication, key)) return false;
+ }
+
+- if (wrapped_key_supported) {
+- KeyBuffer ephemeral_wrapped_key;
+- if (!getEphemeralWrappedKey(KeyFormat::RAW, key, &ephemeral_wrapped_key)) {
+- LOG(ERROR) << "Failed to export key in retrieveAndInstallKey";
+- return false;
+- }
+- key = std::move(ephemeral_wrapped_key);
+- }
+-
+ if (!installKey(key, key_ref)) {
+ LOG(ERROR) << "Failed to install key in " << key_path;
+ return false;
+diff --git a/KeyUtil.h b/KeyUtil.h
+index e73c065..a85eca1 100644
+--- a/KeyUtil.h
++++ b/KeyUtil.h
+@@ -19,7 +19,6 @@
+
+ #include "KeyBuffer.h"
+ #include "KeyStorage.h"
+-#include "Keymaster.h"
+
+ #include <string>
+ #include <memory>
+@@ -32,9 +31,10 @@ bool installKey(const KeyBuffer& key, std::string* raw_ref);
+ bool evictKey(const std::string& raw_ref);
+ bool retrieveAndInstallKey(bool create_if_absent, const KeyAuthentication& key_authentication,
+ const std::string& key_path, const std::string& tmp_path,
+- std::string* key_ref, bool wrapped_key_supported);
++ std::string* key_ref);
+ bool retrieveKey(bool create_if_absent, const std::string& key_path,
+ const std::string& tmp_path, KeyBuffer* key);
++
+ } // namespace vold
+ } // namespace android
+
+diff --git a/Keymaster.cpp b/Keymaster.cpp
+index ab39ef8..aad4387 100644
+--- a/Keymaster.cpp
++++ b/Keymaster.cpp
+@@ -138,32 +138,6 @@ bool Keymaster::generateKey(const km::AuthorizationSet& inParams, std::string* k
+ return true;
+ }
+
+-bool Keymaster::exportKey(km::KeyFormat format, KeyBuffer& kmKey, const std::string& clientId,
+- const std::string& appData, std::string* key) {
+- auto kmKeyBlob = km::support::blob2hidlVec(std::string(kmKey.data(), kmKey.size()));
+- auto emptyAssign = NULL;
+- auto kmClientId = (clientId == "!") ? emptyAssign: km::support::blob2hidlVec(clientId);
+- auto kmAppData = (appData == "!") ? emptyAssign: km::support::blob2hidlVec(appData);
+- km::ErrorCode km_error;
+- auto hidlCb = [&](km::ErrorCode ret, const hidl_vec<uint8_t>& exportedKeyBlob) {
+- km_error = ret;
+- if (km_error != km::ErrorCode::OK) return;
+- if(key)
+- key->assign(reinterpret_cast<const char*>(&exportedKeyBlob[0]),
+- exportedKeyBlob.size());
+- };
+- auto error = mDevice->exportKey(format, kmKeyBlob, kmClientId, kmAppData, hidlCb);
+- if (!error.isOk()) {
+- LOG(ERROR) << "export_key failed: " << error.description();
+- return false;
+- }
+- if (km_error != km::ErrorCode::OK) {
+- LOG(ERROR) << "export_key failed, code " << int32_t(km_error);
+- return false;
+- }
+- return true;
+-}
+-
+ bool Keymaster::deleteKey(const std::string& key) {
+ auto keyBlob = km::support::blob2hidlVec(key);
+ auto error = mDevice->deleteKey(keyBlob);
+diff --git a/Keymaster.h b/Keymaster.h
+index c0ec4d3..fabe0f4 100644
+--- a/Keymaster.h
++++ b/Keymaster.h
+@@ -102,9 +102,6 @@ class Keymaster {
+ explicit operator bool() { return mDevice.get() != nullptr; }
+ // Generate a key in the keymaster from the given params.
+ bool generateKey(const km::AuthorizationSet& inParams, std::string* key);
+- // Export a key from keymaster.
+- bool exportKey(km::KeyFormat format, KeyBuffer& kmKey, const std::string& clientId,
+- const std::string& appData, std::string* key);
+ // If the keymaster supports it, permanently delete a key.
+ bool deleteKey(const std::string& key);
+ // Replace stored key blob in response to KM_ERROR_KEY_REQUIRES_UPGRADE.
+diff --git a/VoldNativeService.cpp b/VoldNativeService.cpp
+index 6bd506a..6d6c6ec 100644
+--- a/VoldNativeService.cpp
++++ b/VoldNativeService.cpp
+@@ -715,14 +715,6 @@ binder::Status VoldNativeService::addUserKeyAuth(int32_t userId, int32_t userSer
+ return translateBool(e4crypt_add_user_key_auth(userId, userSerial, token, secret));
+ }
+
+-binder::Status VoldNativeService::clearUserKeyAuth(int32_t userId, int32_t userSerial,
+- const std::string& token, const std::string& secret) {
+- ENFORCE_UID(AID_SYSTEM);
+- ACQUIRE_CRYPT_LOCK;
+-
+- return translateBool(e4crypt_clear_user_key_auth(userId, userSerial, token, secret));
+-}
+-
+ binder::Status VoldNativeService::fixateNewestUserKeyAuth(int32_t userId) {
+ ENFORCE_UID(AID_SYSTEM);
+ ACQUIRE_CRYPT_LOCK;
+diff --git a/VoldNativeService.h b/VoldNativeService.h
+index 2403678..da8c660 100644
+--- a/VoldNativeService.h
++++ b/VoldNativeService.h
+@@ -103,8 +103,6 @@ public:
+
+ binder::Status addUserKeyAuth(int32_t userId, int32_t userSerial,
+ const std::string& token, const std::string& secret);
+- binder::Status clearUserKeyAuth(int32_t userId, int32_t userSerial,
+- const std::string& token, const std::string& secret);
+ binder::Status fixateNewestUserKeyAuth(int32_t userId);
+
+ binder::Status unlockUserKey(int32_t userId, int32_t userSerial,
+diff --git a/binder/android/os/IVold.aidl b/binder/android/os/IVold.aidl
+index 3a54390..9f5b21a 100644
+--- a/binder/android/os/IVold.aidl
++++ b/binder/android/os/IVold.aidl
+@@ -85,7 +85,6 @@ interface IVold {
+ void destroyUserKey(int userId);
+
+ void addUserKeyAuth(int userId, int userSerial, @utf8InCpp String token, @utf8InCpp String secret);
+- void clearUserKeyAuth(int userId, int userSerial, @utf8InCpp String token, @utf8InCpp String secret);
+ void fixateNewestUserKeyAuth(int userId);
+
+ void unlockUserKey(int userId, int userSerial, @utf8InCpp String token, @utf8InCpp String secret);
+--
+2.17.1
+
diff --git a/patches/system/vold/0006-Revert-vold-Move-QCOM-HW-FDE-inclusion-under-Bliss-n.patch b/patches/system/vold/0006-Revert-vold-Move-QCOM-HW-FDE-inclusion-under-Bliss-n.patch
new file mode 100644
index 0000000..cc759cf
--- /dev/null
+++ b/patches/system/vold/0006-Revert-vold-Move-QCOM-HW-FDE-inclusion-under-Bliss-n.patch
@@ -0,0 +1,54 @@
+From 1334b7632a1396645469b02ea1295a0f6570031f Mon Sep 17 00:00:00 2001
+From: Jackeagle <jackeagle102@gmail.com>
+Date: Wed, 19 Dec 2018 17:02:10 +0100
+Subject: [PATCH 6/8] Revert "vold: Move QCOM HW FDE inclusion under Bliss
+ namespace"
+
+This reverts commit 7e913d5ed26c4edbd7c3542143dfe118b0e4a3ea.
+---
+ Android.bp | 22 +++++++++-------------
+ 1 file changed, 9 insertions(+), 13 deletions(-)
+
+diff --git a/Android.bp b/Android.bp
+index 5c63498..416b493 100644
+--- a/Android.bp
++++ b/Android.bp
+@@ -140,15 +140,13 @@ cc_library_static {
+ "libarcobbvolume",
+ ],
+ },
+- bliss: {
+- device_support_hwfde: {
+- cflags: ["-DCONFIG_HW_DISK_ENCRYPTION"],
+- header_libs: ["libcryptfs_hw_headers"],
+- shared_libs: ["libcryptfs_hw"],
+- },
+- device_support_hwfde_perf: {
+- cflags: ["-DCONFIG_HW_DISK_ENCRYPT_PERF"],
+- },
++ device_support_hwfde: {
++ cflags: ["-DCONFIG_HW_DISK_ENCRYPTION"],
++ header_libs: ["libcryptfs_hw_headers"],
++ shared_libs: ["libcryptfs_hw"],
++ },
++ device_support_hwfde_perf: {
++ cflags: ["-DCONFIG_HW_DISK_ENCRYPT_PERF"],
+ },
+ },
+ }
+@@ -169,10 +167,8 @@ cc_binary {
+ "libarcobbvolume",
+ ],
+ },
+- bliss: {
+- device_support_hwfde: {
+- shared_libs: ["libcryptfs_hw"],
+- },
++ device_support_hwfde: {
++ shared_libs: ["libcryptfs_hw"],
+ },
+ },
+ init_rc: [
+--
+2.17.1
+
diff --git a/patches/system/vold/0007-Revert-system-vold-Remove-crypto-block-device-creati.patch b/patches/system/vold/0007-Revert-system-vold-Remove-crypto-block-device-creati.patch
new file mode 100644
index 0000000..37c747c
--- /dev/null
+++ b/patches/system/vold/0007-Revert-system-vold-Remove-crypto-block-device-creati.patch
@@ -0,0 +1,377 @@
+From 4c74a335da08da2afd858268b890972661452ac3 Mon Sep 17 00:00:00 2001
+From: Jackeagle <jackeagle102@gmail.com>
+Date: Wed, 19 Dec 2018 17:02:18 +0100
+Subject: [PATCH 7/8] Revert "system: vold: Remove crypto block device
+ creation"
+
+This reverts commit 4d404ad5154ce73bafa3820b72f2be397b79b628.
+---
+ Android.bp | 3 --
+ EncryptInplace.cpp | 77 ----------------------------------------------
+ VoldUtil.h | 3 --
+ cryptfs.cpp | 67 ----------------------------------------
+ 4 files changed, 150 deletions(-)
+
+diff --git a/Android.bp b/Android.bp
+index 416b493..ffb139e 100644
+--- a/Android.bp
++++ b/Android.bp
+@@ -145,9 +145,6 @@ cc_library_static {
+ header_libs: ["libcryptfs_hw_headers"],
+ shared_libs: ["libcryptfs_hw"],
+ },
+- device_support_hwfde_perf: {
+- cflags: ["-DCONFIG_HW_DISK_ENCRYPT_PERF"],
+- },
+ },
+ }
+
+diff --git a/EncryptInplace.cpp b/EncryptInplace.cpp
+index d46d23e..6462dbf 100644
+--- a/EncryptInplace.cpp
++++ b/EncryptInplace.cpp
+@@ -32,9 +32,6 @@
+ #include <android-base/logging.h>
+ #include <android-base/properties.h>
+
+-#ifdef CONFIG_HW_DISK_ENCRYPTION
+-#include "cryptfs_hw.h"
+-#endif
+ // HORRIBLE HACK, FIXME
+ #include "cryptfs.h"
+
+@@ -285,27 +282,6 @@ static int cryptfs_enable_inplace_ext4(char* crypto_blkdev, char* real_blkdev, o
+ }
+
+ LOG(DEBUG) << "Opening" << crypto_blkdev;
+-#if defined(CONFIG_HW_DISK_ENCRYPTION) && defined(CONFIG_HW_DISK_ENCRYPT_PERF)
+- if (is_ice_enabled())
+- data.cryptofd = data.realfd;
+- else {
+- // Wait until the block device appears. Re-use the mount retry values since it is reasonable.
+- while ((data.cryptofd = open(crypto_blkdev, O_WRONLY|O_CLOEXEC)) < 0) {
+- if (--retries) {
+- PLOG(ERROR) << "Error opening crypto_blkdev " << crypto_blkdev
+- << " for ext4 inplace encrypt. err=" << errno
+- << "(" << strerror(errno) << "), retrying";
+- sleep(RETRY_MOUNT_DELAY_SECONDS);
+- } else {
+- PLOG(ERROR) << "Error opening crypto_blkdev " << crypto_blkdev
+- << " for ext4 inplace encrypt. err=" << errno
+- << "(" << strerror(errno) << "), retrying";
+- rc = ENABLE_INPLACE_ERR_DEV;
+- goto errout;
+- }
+- }
+- }
+-#else
+ // Wait until the block device appears. Re-use the mount retry values since it is reasonable.
+ while ((data.cryptofd = open(crypto_blkdev, O_WRONLY|O_CLOEXEC)) < 0) {
+ if (--retries) {
+@@ -319,7 +295,6 @@ static int cryptfs_enable_inplace_ext4(char* crypto_blkdev, char* real_blkdev, o
+ goto errout;
+ }
+ }
+-#endif
+
+ if (setjmp(setjmp_env)) { // NOLINT
+ LOG(ERROR) << "Reading ext4 extent caused an exception";
+@@ -365,12 +340,7 @@ static int cryptfs_enable_inplace_ext4(char* crypto_blkdev, char* real_blkdev, o
+
+ errout:
+ close(data.realfd);
+-#if defined(CONFIG_HW_DISK_ENCRYPTION) && defined(CONFIG_HW_DISK_ENCRYPT_PERF)
+- if (!is_ice_enabled())
+- close(data.cryptofd);
+-#else
+ close(data.cryptofd);
+-#endif
+
+ return rc;
+ }
+@@ -446,26 +416,12 @@ static int cryptfs_enable_inplace_f2fs(char* crypto_blkdev, char* real_blkdev, o
+ PLOG(ERROR) << "Error opening real_blkdev " << real_blkdev << " for f2fs inplace encrypt";
+ goto errout;
+ }
+-#if defined(CONFIG_HW_DISK_ENCRYPTION) && defined(CONFIG_HW_DISK_ENCRYPT_PERF)
+- if (is_ice_enabled())
+- data.cryptofd = data.realfd;
+- else {
+- if ((data.cryptofd = open64(crypto_blkdev, O_WRONLY|O_CLOEXEC)) < 0) {
+- PLOG(ERROR) << "Error opening crypto_blkdev " << crypto_blkdev
+- << " for f2fs inplace encrypt. err=" << errno
+- << "(" << strerror(errno) << "), retrying";
+- rc = ENABLE_INPLACE_ERR_DEV;
+- goto errout;
+- }
+- }
+-#else
+ if ( (data.cryptofd = open64(crypto_blkdev, O_WRONLY|O_CLOEXEC)) < 0) {
+ PLOG(ERROR) << "Error opening crypto_blkdev " << crypto_blkdev
+ << " for f2fs inplace encrypt";
+ rc = ENABLE_INPLACE_ERR_DEV;
+ goto errout;
+ }
+-#endif
+
+ f2fs_info = generate_f2fs_info(data.realfd);
+ if (!f2fs_info)
+@@ -509,12 +465,7 @@ errout:
+ free(f2fs_info);
+ free(data.buffer);
+ close(data.realfd);
+-#if defined(CONFIG_HW_DISK_ENCRYPTION) && defined(CONFIG_HW_DISK_ENCRYPT_PERF)
+- if (!is_ice_enabled())
+- close(data.cryptofd);
+-#else
+ close(data.cryptofd);
+-#endif
+
+ return rc;
+ }
+@@ -535,25 +486,11 @@ static int cryptfs_enable_inplace_full(char* crypto_blkdev, char* real_blkdev, o
+ return ENABLE_INPLACE_ERR_OTHER;
+ }
+
+-#if defined(CONFIG_HW_DISK_ENCRYPTION) && defined(CONFIG_HW_DISK_ENCRYPT_PERF)
+- if (is_ice_enabled())
+- cryptofd = realfd;
+- else {
+- if ((cryptofd = open(crypto_blkdev, O_WRONLY|O_CLOEXEC)) < 0) {
+- PLOG(ERROR) << "Error opening crypto_blkdev " << crypto_blkdev
+- << " for inplace encrypt. err=" << errno
+- << "(" << strerror(errno) << "), retrying";
+- close(realfd);
+- return ENABLE_INPLACE_ERR_DEV;
+- }
+- }
+-#else
+ if ( (cryptofd = open(crypto_blkdev, O_WRONLY|O_CLOEXEC)) < 0) {
+ PLOG(ERROR) << "Error opening crypto_blkdev " << crypto_blkdev << " for inplace encrypt";
+ close(realfd);
+ return ENABLE_INPLACE_ERR_DEV;
+ }
+-#endif
+
+ /* This is pretty much a simple loop of reading 4K, and writing 4K.
+ * The size passed in is the number of 512 byte sectors in the filesystem.
+@@ -574,19 +511,10 @@ static int cryptfs_enable_inplace_full(char* crypto_blkdev, char* real_blkdev, o
+ goto errout;
+ }
+
+-#if defined(CONFIG_HW_DISK_ENCRYPTION) && defined(CONFIG_HW_DISK_ENCRYPT_PERF)
+- if (!is_ice_enabled()) {
+- if (lseek64(cryptofd, i * CRYPT_SECTOR_SIZE, SEEK_SET) < 0) {
+- PLOG(ERROR) << "Cannot seek to previously encrypted point on " << crypto_blkdev;
+- goto errout;
+- }
+- }
+-#else
+ if (lseek64(cryptofd, i * CRYPT_SECTOR_SIZE, SEEK_SET) < 0) {
+ PLOG(ERROR) << "Cannot seek to previously encrypted point on " << crypto_blkdev;
+ goto errout;
+ }
+-#endif
+
+ for (;i < size && i % CRYPT_SECTORS_PER_BUFSIZE != 0; ++i) {
+ if (unix_read(realfd, buf, CRYPT_SECTOR_SIZE) <= 0) {
+@@ -649,12 +577,7 @@ static int cryptfs_enable_inplace_full(char* crypto_blkdev, char* real_blkdev, o
+
+ errout:
+ close(realfd);
+-#if defined(CONFIG_HW_DISK_ENCRYPTION) && defined(CONFIG_HW_DISK_ENCRYPT_PERF)
+- if (!is_ice_enabled())
+- close(cryptofd);
+-#else
+ close(cryptofd);
+-#endif
+
+ return rc;
+ }
+diff --git a/VoldUtil.h b/VoldUtil.h
+index ac484d8..fd66672 100644
+--- a/VoldUtil.h
++++ b/VoldUtil.h
+@@ -26,7 +26,4 @@ extern struct fstab *fstab_default;
+
+ void get_blkdev_size(int fd, unsigned long* nr_sec);
+
+-#ifdef CONFIG_HW_DISK_ENCRYPT_PERF
+-void get_blkdev_start_sector(int fd, unsigned long* st_sec);
+-#endif
+ #endif
+diff --git a/cryptfs.cpp b/cryptfs.cpp
+index c14c1ad..3452fe3 100644
+--- a/cryptfs.cpp
++++ b/cryptfs.cpp
+@@ -1758,9 +1758,6 @@ static void cryptfs_trigger_restart_min_framework()
+ static int cryptfs_restart_internal(int restart_main)
+ {
+ char crypto_blkdev[MAXPATHLEN];
+-#ifdef CONFIG_HW_DISK_ENCRYPTION
+- char blkdev[MAXPATHLEN];
+-#endif
+ int rc = -1;
+ static int restart_successful = 0;
+
+@@ -1808,24 +1805,6 @@ static int cryptfs_restart_internal(int restart_main)
+ * the tmpfs filesystem, and mount the real one.
+ */
+
+-#if defined(CONFIG_HW_DISK_ENCRYPTION)
+-#if defined(CONFIG_HW_DISK_ENCRYPT_PERF)
+- if (is_ice_enabled()) {
+- fs_mgr_get_crypt_info(fstab_default, 0, blkdev, sizeof(blkdev));
+- if (set_ice_param(START_ENCDEC)) {
+- SLOGE("Failed to set ICE data");
+- return -1;
+- }
+- }
+-#else
+- property_get("ro.crypto.fs_crypto_blkdev", blkdev, "");
+- if (strlen(blkdev) == 0) {
+- SLOGE("fs_crypto_blkdev not set\n");
+- return -1;
+- }
+- if (!(rc = wait_and_unmount(DATA_MNT_POINT, true))) {
+-#endif
+-#else
+ property_get("ro.crypto.fs_crypto_blkdev", crypto_blkdev, "");
+ if (strlen(crypto_blkdev) == 0) {
+ SLOGE("fs_crypto_blkdev not set\n");
+@@ -1833,7 +1812,6 @@ static int cryptfs_restart_internal(int restart_main)
+ }
+
+ if (! (rc = wait_and_unmount(DATA_MNT_POINT, true)) ) {
+-#endif
+ /* If ro.crypto.readonly is set to 1, mount the decrypted
+ * filesystem readonly. This is used when /data is mounted by
+ * recovery mode.
+@@ -1857,26 +1835,15 @@ static int cryptfs_restart_internal(int restart_main)
+ SLOGE("Failed to setexeccon");
+ return -1;
+ }
+-#ifdef CONFIG_HW_DISK_ENCRYPTION
+- while ((mount_rc = fs_mgr_do_mount(fstab_default, DATA_MNT_POINT,
+- blkdev, 0))
+- != 0) {
+-#else
+ while ((mount_rc = fs_mgr_do_mount(fstab_default, DATA_MNT_POINT,
+ crypto_blkdev, 0))
+ != 0) {
+-#endif
+ if (mount_rc == FS_MGR_DOMNT_BUSY) {
+ /* TODO: invoke something similar to
+ Process::killProcessWithOpenFiles(DATA_MNT_POINT,
+ retries > RETRY_MOUNT_ATTEMPT/2 ? 1 : 2 ) */
+-#ifdef CONFIG_HW_DISK_ENCRYPTION
+- SLOGI("Failed to mount %s because it is busy - waiting",
+- blkdev);
+-#else
+ SLOGI("Failed to mount %s because it is busy - waiting",
+ crypto_blkdev);
+-#endif
+ if (--retries) {
+ sleep(RETRY_MOUNT_DELAY_SECONDS);
+ } else {
+@@ -1922,9 +1889,7 @@ static int cryptfs_restart_internal(int restart_main)
+
+ /* Give it a few moments to get started */
+ sleep(1);
+-#ifndef CONFIG_HW_DISK_ENCRYPT_PERF
+ }
+-#endif
+
+ if (rc == 0) {
+ restart_successful = 1;
+@@ -2026,14 +1991,12 @@ static int test_mount_hw_encrypted_fs(struct crypt_mnt_ftr* crypt_ftr,
+ }
+ else {
+ if (is_ice_enabled()) {
+-#ifndef CONFIG_HW_DISK_ENCRYPT_PERF
+ if (create_crypto_blk_dev(crypt_ftr, (unsigned char*)&key_index,
+ real_blkdev, crypto_blkdev, label, 0)) {
+ SLOGE("Error creating decrypted block device");
+ rc = -1;
+ goto errout;
+ }
+-#endif
+ } else {
+ if (create_crypto_blk_dev(crypt_ftr, decrypted_master_key,
+ real_blkdev, crypto_blkdev, label, 0)) {
+@@ -2053,9 +2016,6 @@ static int test_mount_hw_encrypted_fs(struct crypt_mnt_ftr* crypt_ftr,
+
+ /* Save the name of the crypto block device
+ * so we can mount it when restarting the framework. */
+-#ifdef CONFIG_HW_DISK_ENCRYPT_PERF
+- if (!is_ice_enabled())
+-#endif
+ property_set("ro.crypto.fs_crypto_blkdev", crypto_blkdev);
+ master_key_saved = 1;
+ }
+@@ -2813,12 +2773,8 @@ int cryptfs_enable_internal(int crypt_type, const char* passwd, int no_ui) {
+ decrypt_master_key(passwd, decrypted_master_key, &crypt_ftr, 0, 0);
+ #ifdef CONFIG_HW_DISK_ENCRYPTION
+ if (is_hw_disk_encryption((char*)crypt_ftr.crypto_type_name) && is_ice_enabled())
+-#ifdef CONFIG_HW_DISK_ENCRYPT_PERF
+- strlcpy(crypto_blkdev, real_blkdev, sizeof(crypto_blkdev));
+-#else
+ create_crypto_blk_dev(&crypt_ftr, (unsigned char*)&key_index, real_blkdev, crypto_blkdev,
+ CRYPTO_BLOCK_DEVICE, 0);
+-#endif
+ else
+ create_crypto_blk_dev(&crypt_ftr, decrypted_master_key, real_blkdev, crypto_blkdev,
+ CRYPTO_BLOCK_DEVICE, 0);
+@@ -2831,12 +2787,6 @@ int cryptfs_enable_internal(int crypt_type, const char* passwd, int no_ui) {
+ rc = 0;
+ if (previously_encrypted_upto) {
+ __le8 hash_first_block[SHA256_DIGEST_LENGTH];
+-#if defined(CONFIG_HW_DISK_ENCRYPTION) && defined(CONFIG_HW_DISK_ENCRYPT_PERF)
+- if (set_ice_param(START_ENCDEC)) {
+- SLOGE("Failed to set ICE data");
+- goto error_shutting_down;
+- }
+-#endif
+ rc = cryptfs_SHA256_fileblock(crypto_blkdev, hash_first_block);
+
+ if (!rc && memcmp(hash_first_block, crypt_ftr.hash_first_block,
+@@ -2846,23 +2796,11 @@ int cryptfs_enable_internal(int crypt_type, const char* passwd, int no_ui) {
+ }
+ }
+
+-#if defined(CONFIG_HW_DISK_ENCRYPTION) && defined(CONFIG_HW_DISK_ENCRYPT_PERF)
+- if (set_ice_param(START_ENC)) {
+- SLOGE("Failed to set ICE data");
+- goto error_shutting_down;
+- }
+-#endif
+ if (!rc) {
+ rc = cryptfs_enable_all_volumes(&crypt_ftr, crypto_blkdev, real_blkdev,
+ previously_encrypted_upto);
+ }
+
+-#if defined(CONFIG_HW_DISK_ENCRYPTION) && defined(CONFIG_HW_DISK_ENCRYPT_PERF)
+- if (set_ice_param(START_ENCDEC)) {
+- SLOGE("Failed to set ICE data");
+- goto error_shutting_down;
+- }
+-#endif
+ /* Calculate checksum if we are not finished */
+ if (!rc && crypt_ftr.encrypted_upto != crypt_ftr.fs_size) {
+ rc = cryptfs_SHA256_fileblock(crypto_blkdev,
+@@ -2874,12 +2812,7 @@ int cryptfs_enable_internal(int crypt_type, const char* passwd, int no_ui) {
+ }
+
+ /* Undo the dm-crypt mapping whether we succeed or not */
+-#if defined(CONFIG_HW_DISK_ENCRYPTION) && defined(CONFIG_HW_DISK_ENCRYPT_PERF)
+- if (!is_ice_enabled())
+- delete_crypto_blk_dev(CRYPTO_BLOCK_DEVICE);
+-#else
+ delete_crypto_blk_dev(CRYPTO_BLOCK_DEVICE);
+-#endif
+
+ if (! rc) {
+ /* Success */
+--
+2.17.1
+
diff --git a/patches/system/vold/0008-Revert-vold-Add-Hardware-FDE-feature.patch b/patches/system/vold/0008-Revert-vold-Add-Hardware-FDE-feature.patch
new file mode 100644
index 0000000..7c33769
--- /dev/null
+++ b/patches/system/vold/0008-Revert-vold-Add-Hardware-FDE-feature.patch
@@ -0,0 +1,1038 @@
+From fb99aa2057ddf1c6477777bc02aa4c0d54513a0c Mon Sep 17 00:00:00 2001
+From: Jackeagle <jackeagle102@gmail.com>
+Date: Wed, 19 Dec 2018 17:02:25 +0100
+Subject: [PATCH 8/8] Revert "vold: Add Hardware FDE feature"
+
+This reverts commit 3585008ea98f4a1caf69d10c32a02e1169eeb248.
+---
+ Android.bp | 8 -
+ VoldNativeService.cpp | 4 +-
+ VoldNativeService.h | 2 +-
+ binder/android/os/IVold.aidl | 2 +-
+ cryptfs.cpp | 637 +++--------------------------------
+ cryptfs.h | 10 +-
+ 6 files changed, 49 insertions(+), 614 deletions(-)
+
+diff --git a/Android.bp b/Android.bp
+index ffb139e..48dfaaf 100644
+--- a/Android.bp
++++ b/Android.bp
+@@ -140,11 +140,6 @@ cc_library_static {
+ "libarcobbvolume",
+ ],
+ },
+- device_support_hwfde: {
+- cflags: ["-DCONFIG_HW_DISK_ENCRYPTION"],
+- header_libs: ["libcryptfs_hw_headers"],
+- shared_libs: ["libcryptfs_hw"],
+- },
+ },
+ }
+
+@@ -164,9 +159,6 @@ cc_binary {
+ "libarcobbvolume",
+ ],
+ },
+- device_support_hwfde: {
+- shared_libs: ["libcryptfs_hw"],
+- },
+ },
+ init_rc: [
+ "vold.rc",
+diff --git a/VoldNativeService.cpp b/VoldNativeService.cpp
+index 6d6c6ec..81523c6 100644
+--- a/VoldNativeService.cpp
++++ b/VoldNativeService.cpp
+@@ -581,11 +581,11 @@ binder::Status VoldNativeService::fdeEnable(int32_t passwordType,
+ }
+
+ binder::Status VoldNativeService::fdeChangePassword(int32_t passwordType,
+- const std::string& currentPassword, const std::string& password) {
++ const std::string& password) {
+ ENFORCE_UID(AID_SYSTEM);
+ ACQUIRE_CRYPT_LOCK;
+
+- return translate(cryptfs_changepw(passwordType, currentPassword.c_str(), password.c_str()));
++ return translate(cryptfs_changepw(passwordType, password.c_str()));
+ }
+
+ binder::Status VoldNativeService::fdeVerifyPassword(const std::string& password) {
+diff --git a/VoldNativeService.h b/VoldNativeService.h
+index da8c660..2e90101 100644
+--- a/VoldNativeService.h
++++ b/VoldNativeService.h
+@@ -82,7 +82,7 @@ public:
+ binder::Status fdeEnable(int32_t passwordType,
+ const std::string& password, int32_t encryptionFlags);
+ binder::Status fdeChangePassword(int32_t passwordType,
+- const std::string& currentPassword, const std::string& password);
++ const std::string& password);
+ binder::Status fdeVerifyPassword(const std::string& password);
+ binder::Status fdeGetField(const std::string& key, std::string* _aidl_return);
+ binder::Status fdeSetField(const std::string& key, const std::string& value);
+diff --git a/binder/android/os/IVold.aidl b/binder/android/os/IVold.aidl
+index 9f5b21a..f386889 100644
+--- a/binder/android/os/IVold.aidl
++++ b/binder/android/os/IVold.aidl
+@@ -65,7 +65,7 @@ interface IVold {
+ void fdeRestart();
+ int fdeComplete();
+ void fdeEnable(int passwordType, @utf8InCpp String password, int encryptionFlags);
+- void fdeChangePassword(int passwordType, @utf8InCpp String currentPassword, @utf8InCpp String password);
++ void fdeChangePassword(int passwordType, @utf8InCpp String password);
+ void fdeVerifyPassword(@utf8InCpp String password);
+ @utf8InCpp String fdeGetField(@utf8InCpp String key);
+ void fdeSetField(@utf8InCpp String key, @utf8InCpp String value);
+diff --git a/cryptfs.cpp b/cryptfs.cpp
+index 3452fe3..5a061bb 100644
+--- a/cryptfs.cpp
++++ b/cryptfs.cpp
+@@ -63,9 +63,6 @@
+ #include "Keymaster.h"
+ #include "android-base/properties.h"
+ #include <bootloader_message/bootloader_message.h>
+-#ifdef CONFIG_HW_DISK_ENCRYPTION
+-#include <cryptfs_hw.h>
+-#endif
+ extern "C" {
+ #include <crypto_scrypt.h>
+ }
+@@ -87,7 +84,6 @@ static_assert(INTERMEDIATE_BUF_SIZE == SCRYPT_LEN,
+
+ #define KEY_IN_FOOTER "footer"
+
+-#define DEFAULT_HEX_PASSWORD "64656661756c745f70617373776f7264"
+ #define DEFAULT_PASSWORD "default_password"
+
+ #define CRYPTO_BLOCK_DEVICE "userdata"
+@@ -103,7 +99,6 @@ static_assert(INTERMEDIATE_BUF_SIZE == SCRYPT_LEN,
+ #define RSA_KEY_SIZE_BYTES (RSA_KEY_SIZE / 8)
+ #define RSA_EXPONENT 0x10001
+ #define KEYMASTER_CRYPTFS_RATE_LIMIT 1 // Maximum one try per second
+-#define KEY_LEN_BYTES 16
+
+ #define RETRY_MOUNT_ATTEMPTS 10
+ #define RETRY_MOUNT_DELAY_SECONDS 1
+@@ -117,151 +112,6 @@ static char *saved_mount_point;
+ static int master_key_saved = 0;
+ static struct crypt_persist_data *persist_data = NULL;
+
+-static int previous_type;
+-
+-#ifdef CONFIG_HW_DISK_ENCRYPTION
+-static int scrypt_keymaster(const char *passwd, const unsigned char *salt,
+- unsigned char *ikey, void *params);
+-static void convert_key_to_hex_ascii(const unsigned char *master_key,
+- unsigned int keysize, char *master_key_ascii);
+-static int put_crypt_ftr_and_key(struct crypt_mnt_ftr *crypt_ftr);
+-static int test_mount_hw_encrypted_fs(struct crypt_mnt_ftr* crypt_ftr,
+- const char *passwd, const char *mount_point, const char *label);
+-int cryptfs_changepw_hw_fde(int crypt_type, const char *currentpw,
+- const char *newpw);
+-int cryptfs_check_passwd_hw(char *passwd);
+-int cryptfs_get_master_key(struct crypt_mnt_ftr* ftr, const char* password,
+- unsigned char* master_key);
+-
+-static void convert_key_to_hex_ascii_for_upgrade(const unsigned char *master_key,
+- unsigned int keysize, char *master_key_ascii)
+-{
+- unsigned int i, a;
+- unsigned char nibble;
+-
+- for (i = 0, a = 0; i < keysize; i++, a += 2) {
+- /* For each byte, write out two ascii hex digits */
+- nibble = (master_key[i] >> 4) & 0xf;
+- master_key_ascii[a] = nibble + (nibble > 9 ? 0x57 : 0x30);
+-
+- nibble = master_key[i] & 0xf;
+- master_key_ascii[a + 1] = nibble + (nibble > 9 ? 0x57 : 0x30);
+- }
+-
+- /* Add the null termination */
+- master_key_ascii[a] = '\0';
+-}
+-
+-static int get_keymaster_hw_fde_passwd(const char* passwd, unsigned char* newpw,
+- unsigned char* salt,
+- const struct crypt_mnt_ftr *ftr)
+-{
+- /* if newpw updated, return 0
+- * if newpw not updated return -1
+- */
+- int rc = -1;
+-
+- if (should_use_keymaster()) {
+- if (scrypt_keymaster(passwd, salt, newpw, (void*)ftr)) {
+- SLOGE("scrypt failed");
+- } else {
+- rc = 0;
+- }
+- }
+-
+- return rc;
+-}
+-
+-static int verify_hw_fde_passwd(const char *passwd, struct crypt_mnt_ftr* crypt_ftr)
+-{
+- unsigned char newpw[32] = {0};
+- int key_index;
+- if (get_keymaster_hw_fde_passwd(passwd, newpw, crypt_ftr->salt, crypt_ftr))
+- key_index = set_hw_device_encryption_key(passwd,
+- (char*) crypt_ftr->crypto_type_name);
+- else
+- key_index = set_hw_device_encryption_key((const char*)newpw,
+- (char*) crypt_ftr->crypto_type_name);
+- return key_index;
+-}
+-
+-static int verify_and_update_hw_fde_passwd(const char *passwd,
+- struct crypt_mnt_ftr* crypt_ftr)
+-{
+- char* new_passwd = NULL;
+- unsigned char newpw[32] = {0};
+- int key_index = -1;
+- int passwd_updated = -1;
+- int ascii_passwd_updated = (crypt_ftr->flags & CRYPT_ASCII_PASSWORD_UPDATED);
+-
+- key_index = verify_hw_fde_passwd(passwd, crypt_ftr);
+- if (key_index < 0) {
+- ++crypt_ftr->failed_decrypt_count;
+-
+- if (ascii_passwd_updated) {
+- SLOGI("Ascii password was updated");
+- } else {
+- /* Code in else part would execute only once:
+- * When device is upgraded from L->M release.
+- * Once upgraded, code flow should never come here.
+- * L release passed actual password in hex, so try with hex
+- * Each nible of passwd was encoded as a byte, so allocate memory
+- * twice of password len plus one more byte for null termination
+- */
+- if (crypt_ftr->crypt_type == CRYPT_TYPE_DEFAULT) {
+- new_passwd = (char*)malloc(strlen(DEFAULT_HEX_PASSWORD) + 1);
+- if (new_passwd == NULL) {
+- SLOGE("System out of memory. Password verification incomplete");
+- goto out;
+- }
+- strlcpy(new_passwd, DEFAULT_HEX_PASSWORD, strlen(DEFAULT_HEX_PASSWORD) + 1);
+- } else {
+- new_passwd = (char*)malloc(strlen(passwd) * 2 + 1);
+- if (new_passwd == NULL) {
+- SLOGE("System out of memory. Password verification incomplete");
+- goto out;
+- }
+- convert_key_to_hex_ascii_for_upgrade((const unsigned char*)passwd,
+- strlen(passwd), new_passwd);
+- }
+- key_index = set_hw_device_encryption_key((const char*)new_passwd,
+- (char*) crypt_ftr->crypto_type_name);
+- if (key_index >=0) {
+- crypt_ftr->failed_decrypt_count = 0;
+- SLOGI("Hex password verified...will try to update with Ascii value");
+- /* Before updating password, tie that with keymaster to tie with ROT */
+-
+- if (get_keymaster_hw_fde_passwd(passwd, newpw,
+- crypt_ftr->salt, crypt_ftr)) {
+- passwd_updated = update_hw_device_encryption_key(new_passwd,
+- passwd, (char*)crypt_ftr->crypto_type_name);
+- } else {
+- passwd_updated = update_hw_device_encryption_key(new_passwd,
+- (const char*)newpw, (char*)crypt_ftr->crypto_type_name);
+- }
+-
+- if (passwd_updated >= 0) {
+- crypt_ftr->flags |= CRYPT_ASCII_PASSWORD_UPDATED;
+- SLOGI("Ascii password recorded and updated");
+- } else {
+- SLOGI("Passwd verified, could not update...Will try next time");
+- }
+- } else {
+- ++crypt_ftr->failed_decrypt_count;
+- }
+- free(new_passwd);
+- }
+- } else {
+- if (!ascii_passwd_updated)
+- crypt_ftr->flags |= CRYPT_ASCII_PASSWORD_UPDATED;
+- }
+-out:
+- // update footer before leaving
+- put_crypt_ftr_and_key(crypt_ftr);
+- return key_index;
+-}
+-#endif
+-
+ /* Should we use keymaster? */
+ static int keymaster_check_compatibility()
+ {
+@@ -1150,36 +1000,16 @@ static int load_crypto_mapping_table(struct crypt_mnt_ftr *crypt_ftr,
+ tgt->status = 0;
+ tgt->sector_start = 0;
+ tgt->length = crypt_ftr->fs_size;
++ strlcpy(tgt->target_type, "crypt", DM_MAX_TYPE_NAME);
++
+ crypt_params = buffer + sizeof(struct dm_ioctl) + sizeof(struct dm_target_spec);
++ convert_key_to_hex_ascii(master_key, crypt_ftr->keysize, master_key_ascii);
++
+ buff_offset = crypt_params - buffer;
+ SLOGI("Extra parameters for dm_crypt: %s\n", extra_params);
+-
+-#ifdef CONFIG_HW_DISK_ENCRYPTION
+- if(is_hw_disk_encryption((char*)crypt_ftr->crypto_type_name)) {
+- strlcpy(tgt->target_type, "req-crypt",DM_MAX_TYPE_NAME);
+- if (is_ice_enabled())
+- convert_key_to_hex_ascii(master_key, sizeof(int), master_key_ascii);
+- else
+- convert_key_to_hex_ascii(master_key, crypt_ftr->keysize, master_key_ascii);
+- }
+- else {
+- convert_key_to_hex_ascii(master_key, crypt_ftr->keysize, master_key_ascii);
+- strlcpy(tgt->target_type, "crypt", DM_MAX_TYPE_NAME);
+- }
+- snprintf(crypt_params, sizeof(buffer) - buff_offset, "%s %s 0 %s 0 %s 0",
+- crypt_ftr->crypto_type_name, master_key_ascii,
+- real_blk_name, extra_params);
+-
+- SLOGI("target_type = %s", tgt->target_type);
+- SLOGI("real_blk_name = %s, extra_params = %s", real_blk_name, extra_params);
+-#else
+- convert_key_to_hex_ascii(master_key, crypt_ftr->keysize, master_key_ascii);
+- strlcpy(tgt->target_type, "crypt", DM_MAX_TYPE_NAME);
+ snprintf(crypt_params, sizeof(buffer) - buff_offset, "%s %s 0 %s 0 %s",
+ crypt_ftr->crypto_type_name, master_key_ascii, real_blk_name,
+ extra_params);
+-#endif
+-
+ crypt_params += strlen(crypt_params) + 1;
+ crypt_params = (char *) (((unsigned long)crypt_params + 7) & ~8); /* Align to an 8 byte boundary */
+ tgt->next = crypt_params - buffer;
+@@ -1199,6 +1029,7 @@ static int load_crypto_mapping_table(struct crypt_mnt_ftr *crypt_ftr,
+ }
+ }
+
++
+ static int get_dm_crypt_version(int fd, const char *name, int *version)
+ {
+ char buffer[DM_CRYPT_BUF_SIZE];
+@@ -1218,11 +1049,7 @@ static int get_dm_crypt_version(int fd, const char *name, int *version)
+ */
+ v = (struct dm_target_versions *) &buffer[sizeof(struct dm_ioctl)];
+ while (v->next) {
+-#ifdef CONFIG_HW_DISK_ENCRYPTION
+- if (! strcmp(v->name, "crypt") || ! strcmp(v->name, "req-crypt")) {
+-#else
+ if (! strcmp(v->name, "crypt")) {
+-#endif
+ /* We found the crypt driver, return the version, and get out */
+ version[0] = v->version[0];
+ version[1] = v->version[1];
+@@ -1235,7 +1062,6 @@ static int get_dm_crypt_version(int fd, const char *name, int *version)
+ return -1;
+ }
+
+-#ifndef CONFIG_HW_DISK_ENCRYPTION
+ static std::string extra_params_as_string(const std::vector<std::string>& extra_params_vec) {
+ if (extra_params_vec.empty()) return "";
+ std::string extra_params = std::to_string(extra_params_vec.size());
+@@ -1245,7 +1071,6 @@ static std::string extra_params_as_string(const std::vector<std::string>& extra_
+ }
+ return extra_params;
+ }
+-#endif
+
+ static int create_crypto_blk_dev(struct crypt_mnt_ftr* crypt_ftr, const unsigned char* master_key,
+ const char* real_blk_name, char* crypto_blk_name, const char* name,
+@@ -1258,13 +1083,7 @@ static int create_crypto_blk_dev(struct crypt_mnt_ftr* crypt_ftr, const unsigned
+ int retval = -1;
+ int version[3];
+ int load_count;
+-#ifdef CONFIG_HW_DISK_ENCRYPTION
+- char encrypted_state[PROPERTY_VALUE_MAX] = {0};
+- char progress[PROPERTY_VALUE_MAX] = {0};
+- const char *extra_params;
+-#else
+ std::vector<std::string> extra_params_vec;
+-#endif
+
+ if ((fd = open("/dev/device-mapper", O_RDWR | O_CLOEXEC)) < 0) {
+ SLOGE("Cannot open device-mapper\n");
+@@ -1289,45 +1108,6 @@ static int create_crypto_blk_dev(struct crypt_mnt_ftr* crypt_ftr, const unsigned
+ minor = (io->dev & 0xff) | ((io->dev >> 12) & 0xfff00);
+ snprintf(crypto_blk_name, MAXPATHLEN, "/dev/block/dm-%u", minor);
+
+-#ifdef CONFIG_HW_DISK_ENCRYPTION
+- if(is_hw_disk_encryption((char*)crypt_ftr->crypto_type_name)) {
+- /* Set fde_enabled if either FDE completed or in-progress */
+- property_get("ro.crypto.state", encrypted_state, ""); /* FDE completed */
+- property_get("vold.encrypt_progress", progress, ""); /* FDE in progress */
+- if (!strcmp(encrypted_state, "encrypted") || strcmp(progress, "")) {
+- if (is_ice_enabled()) {
+- if (flags & CREATE_CRYPTO_BLK_DEV_FLAGS_ALLOW_ENCRYPT_OVERRIDE)
+- extra_params = "fde_enabled ice allow_encrypt_override";
+- else
+- extra_params = "fde_enabled ice";
+- } else {
+- if (flags & CREATE_CRYPTO_BLK_DEV_FLAGS_ALLOW_ENCRYPT_OVERRIDE)
+- extra_params = "fde_enabled allow_encrypt_override";
+- else
+- extra_params = "fde_enabled";
+- }
+- } else {
+- if (flags & CREATE_CRYPTO_BLK_DEV_FLAGS_ALLOW_ENCRYPT_OVERRIDE)
+- extra_params = "fde_enabled allow_encrypt_override";
+- else
+- extra_params = "fde_enabled";
+- }
+- } else {
+- extra_params = "";
+- if (! get_dm_crypt_version(fd, name, version)) {
+- /* Support for allow_discards was added in version 1.11.0 */
+- if ((version[0] >= 2) || ((version[0] == 1) && (version[1] >= 11))) {
+- if (flags & CREATE_CRYPTO_BLK_DEV_FLAGS_ALLOW_ENCRYPT_OVERRIDE)
+- extra_params = "2 allow_discards allow_encrypt_override";
+- else
+- extra_params = "1 allow_discards";
+- SLOGI("Enabling support for allow_discards in dmcrypt.\n");
+- }
+- }
+- }
+- load_count = load_crypto_mapping_table(crypt_ftr, master_key, real_blk_name, name, fd,
+- extra_params);
+-#else
+ if (!get_dm_crypt_version(fd, name, version)) {
+ /* Support for allow_discards was added in version 1.11.0 */
+ if ((version[0] >= 2) || ((version[0] == 1) && (version[1] >= 11))) {
+@@ -1339,7 +1119,6 @@ static int create_crypto_blk_dev(struct crypt_mnt_ftr* crypt_ftr, const unsigned
+ }
+ load_count = load_crypto_mapping_table(crypt_ftr, master_key, real_blk_name, name, fd,
+ extra_params_as_string(extra_params_vec).c_str());
+-#endif
+ if (load_count < 0) {
+ SLOGE("Cannot load dm-crypt mapping table.\n");
+ goto errout;
+@@ -1468,8 +1247,7 @@ static int scrypt_keymaster(const char *passwd, const unsigned char *salt,
+ static int encrypt_master_key(const char *passwd, const unsigned char *salt,
+ const unsigned char *decrypted_master_key,
+ unsigned char *encrypted_master_key,
+- struct crypt_mnt_ftr *crypt_ftr,
+- bool create_keymaster_key)
++ struct crypt_mnt_ftr *crypt_ftr)
+ {
+ unsigned char ikey[INTERMEDIATE_BUF_SIZE] = { 0 };
+ EVP_CIPHER_CTX e_ctx;
+@@ -1481,7 +1259,7 @@ static int encrypt_master_key(const char *passwd, const unsigned char *salt,
+
+ switch (crypt_ftr->kdf_type) {
+ case KDF_SCRYPT_KEYMASTER:
+- if (create_keymaster_key && keymaster_create_key(crypt_ftr)) {
++ if (keymaster_create_key(crypt_ftr)) {
+ SLOGE("keymaster_create_key failed");
+ return -1;
+ }
+@@ -1651,13 +1429,13 @@ static int create_encrypted_random_key(const char *passwd, unsigned char *master
+ close(fd);
+
+ /* Now encrypt it with the password */
+- return encrypt_master_key(passwd, salt, key_buf, master_key, crypt_ftr, true);
++ return encrypt_master_key(passwd, salt, key_buf, master_key, crypt_ftr);
+ }
+
+ int wait_and_unmount(const char *mountpoint, bool kill)
+ {
+ int i, err, rc;
+-#define WAIT_UNMOUNT_COUNT 200
++#define WAIT_UNMOUNT_COUNT 20
+
+ /* Now umount the tmpfs filesystem */
+ for (i=0; i<WAIT_UNMOUNT_COUNT; i++) {
+@@ -1674,18 +1452,18 @@ int wait_and_unmount(const char *mountpoint, bool kill)
+
+ err = errno;
+
+- /* If allowed, be increasingly aggressive before the last 2 seconds */
++ /* If allowed, be increasingly aggressive before the last two retries */
+ if (kill) {
+- if (i == (WAIT_UNMOUNT_COUNT - 30)) {
++ if (i == (WAIT_UNMOUNT_COUNT - 3)) {
+ SLOGW("sending SIGHUP to processes with open files\n");
+ android::vold::KillProcessesWithOpenFiles(mountpoint, SIGTERM);
+- } else if (i == (WAIT_UNMOUNT_COUNT - 20)) {
++ } else if (i == (WAIT_UNMOUNT_COUNT - 2)) {
+ SLOGW("sending SIGKILL to processes with open files\n");
+ android::vold::KillProcessesWithOpenFiles(mountpoint, SIGKILL);
+ }
+ }
+
+- usleep(100000);
++ sleep(1);
+ }
+
+ if (i < WAIT_UNMOUNT_COUNT) {
+@@ -1852,17 +1630,6 @@ static int cryptfs_restart_internal(int restart_main)
+ cryptfs_reboot(RebootType::reboot);
+ }
+ } else {
+-#ifdef CONFIG_HW_DISK_ENCRYPTION
+- if (--retries) {
+- sleep(RETRY_MOUNT_DELAY_SECONDS);
+- } else {
+- SLOGE("Failed to mount decrypted data");
+- cryptfs_set_corrupt();
+- cryptfs_trigger_restart_min_framework();
+- SLOGI("Started framework to offer wipe");
+- return -1;
+- }
+-#else
+ SLOGE("Failed to mount decrypted data");
+ cryptfs_set_corrupt();
+ cryptfs_trigger_restart_min_framework();
+@@ -1871,7 +1638,6 @@ static int cryptfs_restart_internal(int restart_main)
+ SLOGE("Failed to setexeccon");
+ }
+ return -1;
+-#endif
+ }
+ }
+ if (setexeccon(NULL)) {
+@@ -1966,66 +1732,6 @@ static int do_crypto_complete(const char *mount_point)
+ return CRYPTO_COMPLETE_ENCRYPTED;
+ }
+
+-#ifdef CONFIG_HW_DISK_ENCRYPTION
+-static int test_mount_hw_encrypted_fs(struct crypt_mnt_ftr* crypt_ftr,
+- const char *passwd, const char *mount_point, const char *label)
+-{
+- /* Allocate enough space for a 256 bit key, but we may use less */
+- unsigned char decrypted_master_key[32];
+- char crypto_blkdev[MAXPATHLEN];
+- char real_blkdev[MAXPATHLEN];
+- unsigned int orig_failed_decrypt_count;
+- int rc = 0;
+-
+- SLOGD("crypt_ftr->fs_size = %lld\n", crypt_ftr->fs_size);
+- orig_failed_decrypt_count = crypt_ftr->failed_decrypt_count;
+-
+- fs_mgr_get_crypt_info(fstab_default, 0, real_blkdev, sizeof(real_blkdev));
+-
+- int key_index = 0;
+- if(is_hw_disk_encryption((char*)crypt_ftr->crypto_type_name)) {
+- key_index = verify_and_update_hw_fde_passwd(passwd, crypt_ftr);
+- if (key_index < 0) {
+- rc = crypt_ftr->failed_decrypt_count;
+- goto errout;
+- }
+- else {
+- if (is_ice_enabled()) {
+- if (create_crypto_blk_dev(crypt_ftr, (unsigned char*)&key_index,
+- real_blkdev, crypto_blkdev, label, 0)) {
+- SLOGE("Error creating decrypted block device");
+- rc = -1;
+- goto errout;
+- }
+- } else {
+- if (create_crypto_blk_dev(crypt_ftr, decrypted_master_key,
+- real_blkdev, crypto_blkdev, label, 0)) {
+- SLOGE("Error creating decrypted block device");
+- rc = -1;
+- goto errout;
+- }
+- }
+- }
+- }
+-
+- if (rc == 0) {
+- crypt_ftr->failed_decrypt_count = 0;
+- if (orig_failed_decrypt_count != 0) {
+- put_crypt_ftr_and_key(crypt_ftr);
+- }
+-
+- /* Save the name of the crypto block device
+- * so we can mount it when restarting the framework. */
+- property_set("ro.crypto.fs_crypto_blkdev", crypto_blkdev);
+- master_key_saved = 1;
+- }
+-
+- errout:
+- return rc;
+-}
+-#endif
+-
+-
+ static int test_mount_encrypted_fs(struct crypt_mnt_ftr* crypt_ftr,
+ const char *passwd, const char *mount_point, const char *label)
+ {
+@@ -2132,7 +1838,7 @@ static int test_mount_encrypted_fs(struct crypt_mnt_ftr* crypt_ftr,
+
+ if (upgrade) {
+ rc = encrypt_master_key(passwd, crypt_ftr->salt, saved_master_key,
+- crypt_ftr->master_key, crypt_ftr, true);
++ crypt_ftr->master_key, crypt_ftr);
+ if (!rc) {
+ rc = put_crypt_ftr_and_key(crypt_ftr);
+ }
+@@ -2229,66 +1935,6 @@ int check_unmounted_and_get_ftr(struct crypt_mnt_ftr* crypt_ftr)
+ return 0;
+ }
+
+-#ifdef CONFIG_HW_DISK_ENCRYPTION
+-int cryptfs_check_passwd_hw(const char* passwd)
+-{
+- struct crypt_mnt_ftr crypt_ftr;
+- int rc;
+- unsigned char master_key[KEY_LEN_BYTES];
+-
+- /* get key */
+- if (get_crypt_ftr_and_key(&crypt_ftr)) {
+- SLOGE("Error getting crypt footer and key");
+- return -1;
+- }
+-
+- /*
+- * in case of manual encryption (from GUI), the encryption is done with
+- * default password
+- */
+- if (crypt_ftr.flags & CRYPT_FORCE_COMPLETE) {
+- /* compare scrypted_intermediate_key with stored scrypted_intermediate_key
+- * which was created with actual password before reboot.
+- */
+- rc = cryptfs_get_master_key(&crypt_ftr, passwd, master_key);
+- if (rc) {
+- SLOGE("password doesn't match");
+- rc = ++crypt_ftr.failed_decrypt_count;
+- put_crypt_ftr_and_key(&crypt_ftr);
+- return rc;
+- }
+-
+- rc = test_mount_hw_encrypted_fs(&crypt_ftr, DEFAULT_PASSWORD,
+- DATA_MNT_POINT, CRYPTO_BLOCK_DEVICE);
+-
+- if (rc) {
+- SLOGE("Default password did not match on reboot encryption");
+- return rc;
+- }
+-
+- crypt_ftr.flags &= ~CRYPT_FORCE_COMPLETE;
+- put_crypt_ftr_and_key(&crypt_ftr);
+- rc = cryptfs_changepw(crypt_ftr.crypt_type, DEFAULT_PASSWORD, passwd);
+- if (rc) {
+- SLOGE("Could not change password on reboot encryption");
+- return rc;
+- }
+- } else
+- rc = test_mount_hw_encrypted_fs(&crypt_ftr, passwd,
+- DATA_MNT_POINT, CRYPTO_BLOCK_DEVICE);
+-
+- if (crypt_ftr.crypt_type != CRYPT_TYPE_DEFAULT) {
+- cryptfs_clear_password();
+- password = strdup(passwd);
+- struct timespec now;
+- clock_gettime(CLOCK_BOOTTIME, &now);
+- password_expiry_time = now.tv_sec + password_max_age_seconds;
+- }
+-
+- return rc;
+-}
+-#endif
+-
+ int cryptfs_check_passwd(const char *passwd)
+ {
+ SLOGI("cryptfs_check_passwd");
+@@ -2306,14 +1952,8 @@ int cryptfs_check_passwd(const char *passwd)
+ return rc;
+ }
+
+-#ifdef CONFIG_HW_DISK_ENCRYPTION
+- if (is_hw_disk_encryption((char*)crypt_ftr.crypto_type_name))
+- return cryptfs_check_passwd_hw(passwd);
+-#endif
+-
+ rc = test_mount_encrypted_fs(&crypt_ftr, passwd,
+ DATA_MNT_POINT, CRYPTO_BLOCK_DEVICE);
+-
+ if (rc) {
+ SLOGE("Password did not match");
+ return rc;
+@@ -2334,7 +1974,7 @@ int cryptfs_check_passwd(const char *passwd)
+
+ crypt_ftr.flags &= ~CRYPT_FORCE_COMPLETE;
+ put_crypt_ftr_and_key(&crypt_ftr);
+- rc = cryptfs_changepw(crypt_ftr.crypt_type, DEFAULT_PASSWORD, passwd);
++ rc = cryptfs_changepw(crypt_ftr.crypt_type, passwd);
+ if (rc) {
+ SLOGE("Could not change password on reboot encryption");
+ return rc;
+@@ -2384,24 +2024,6 @@ int cryptfs_verify_passwd(const char *passwd)
+ /* If the device has no password, then just say the password is valid */
+ rc = 0;
+ } else {
+-#ifdef CONFIG_HW_DISK_ENCRYPTION
+- if(is_hw_disk_encryption((char*)crypt_ftr.crypto_type_name)) {
+- if (verify_hw_fde_passwd(passwd, &crypt_ftr) >= 0)
+- rc = 0;
+- else
+- rc = -1;
+- } else {
+- decrypt_master_key(passwd, decrypted_master_key, &crypt_ftr, 0, 0);
+- if (!memcmp(decrypted_master_key, saved_master_key, crypt_ftr.keysize)) {
+- /* They match, the password is correct */
+- rc = 0;
+- } else {
+- /* If incorrect, sleep for a bit to prevent dictionary attacks */
+- sleep(1);
+- rc = 1;
+- }
+- }
+-#else
+ decrypt_master_key(passwd, decrypted_master_key, &crypt_ftr, 0, 0);
+ if (!memcmp(decrypted_master_key, saved_master_key, crypt_ftr.keysize)) {
+ /* They match, the password is correct */
+@@ -2411,7 +2033,6 @@ int cryptfs_verify_passwd(const char *passwd)
+ sleep(1);
+ rc = 1;
+ }
+-#endif
+ }
+
+ return rc;
+@@ -2535,12 +2156,6 @@ int cryptfs_enable_internal(int crypt_type, const char* passwd, int no_ui) {
+ off64_t previously_encrypted_upto = 0;
+ bool rebootEncryption = false;
+ bool onlyCreateHeader = false;
+-#ifdef CONFIG_HW_DISK_ENCRYPTION
+- unsigned char newpw[32];
+- int key_index = 0;
+-#endif
+- int index = 0;
+-
+ int fd = -1;
+
+ if (get_crypt_ftr_and_key(&crypt_ftr) == 0) {
+@@ -2645,6 +2260,30 @@ int cryptfs_enable_internal(int crypt_type, const char* passwd, int no_ui) {
+ fclose(breadcrumb);
+ }
+
++ /* Do extra work for a better UX when doing the long inplace encryption */
++ if (!onlyCreateHeader) {
++ /* Now that /data is unmounted, we need to mount a tmpfs
++ * /data, set a property saying we're doing inplace encryption,
++ * and restart the framework.
++ */
++ if (fs_mgr_do_tmpfs_mount(DATA_MNT_POINT)) {
++ goto error_shutting_down;
++ }
++ /* Tells the framework that inplace encryption is starting */
++ property_set("vold.encrypt_progress", "0");
++
++ /* restart the framework. */
++ /* Create necessary paths on /data */
++ prep_data_fs();
++
++ /* Ugh, shutting down the framework is not synchronous, so until it
++ * can be fixed, this horrible hack will wait a moment for it all to
++ * shut down before proceeding. Without it, some devices cannot
++ * restart the graphics services.
++ */
++ sleep(2);
++ }
++
+ /* Start the actual work of making an encrypted filesystem */
+ /* Initialize a crypt_mnt_ftr for the partition */
+ if (previously_encrypted_upto == 0 && !rebootEncryption) {
+@@ -2668,11 +2307,7 @@ int cryptfs_enable_internal(int crypt_type, const char* passwd, int no_ui) {
+ crypt_ftr.flags |= CRYPT_INCONSISTENT_STATE;
+ }
+ crypt_ftr.crypt_type = crypt_type;
+-#ifdef CONFIG_HW_DISK_ENCRYPTION
+- strlcpy((char *)crypt_ftr.crypto_type_name, "aes-xts", MAX_CRYPTO_TYPE_NAME_LEN);
+-#else
+ strlcpy((char *)crypt_ftr.crypto_type_name, cryptfs_get_crypto_name(), MAX_CRYPTO_TYPE_NAME_LEN);
+-#endif
+
+ /* Make an encrypted master key */
+ if (create_encrypted_random_key(onlyCreateHeader ? DEFAULT_PASSWORD : passwd,
+@@ -2687,7 +2322,7 @@ int cryptfs_enable_internal(int crypt_type, const char* passwd, int no_ui) {
+ unsigned char encrypted_fake_master_key[MAX_KEY_LEN];
+ memset(fake_master_key, 0, sizeof(fake_master_key));
+ encrypt_master_key(passwd, crypt_ftr.salt, fake_master_key,
+- encrypted_fake_master_key, &crypt_ftr, true);
++ encrypted_fake_master_key, &crypt_ftr);
+ }
+
+ /* Write the key to the end of the partition */
+@@ -2708,57 +2343,12 @@ int cryptfs_enable_internal(int crypt_type, const char* passwd, int no_ui) {
+ }
+ }
+
+- /* When encryption triggered from settings, encryption starts after reboot.
+- So set the encryption key when the actual encryption starts.
+- */
+-#ifdef CONFIG_HW_DISK_ENCRYPTION
+- if (previously_encrypted_upto == 0) {
+- if (!rebootEncryption)
+- clear_hw_device_encryption_key();
+-
+- if (get_keymaster_hw_fde_passwd(
+- onlyCreateHeader ? DEFAULT_PASSWORD : passwd,
+- newpw, crypt_ftr.salt, &crypt_ftr))
+- key_index = set_hw_device_encryption_key(
+- onlyCreateHeader ? DEFAULT_PASSWORD : passwd,
+- (char*)crypt_ftr.crypto_type_name);
+- else
+- key_index = set_hw_device_encryption_key((const char*)newpw,
+- (char*) crypt_ftr.crypto_type_name);
+- if (key_index < 0)
+- goto error_shutting_down;
+-
+- crypt_ftr.flags |= CRYPT_ASCII_PASSWORD_UPDATED;
+- put_crypt_ftr_and_key(&crypt_ftr);
+- }
+-#endif
+-
+ if (onlyCreateHeader) {
+ sleep(2);
+ cryptfs_reboot(RebootType::reboot);
+- } else {
+- /* Do extra work for a better UX when doing the long inplace encryption */
+- /* Now that /data is unmounted, we need to mount a tmpfs
+- * /data, set a property saying we're doing inplace encryption,
+- * and restart the framework.
+- */
+- if (fs_mgr_do_tmpfs_mount(DATA_MNT_POINT)) {
+- goto error_shutting_down;
+- }
+- /* Tells the framework that inplace encryption is starting */
+- property_set("vold.encrypt_progress", "0");
+-
+- /* restart the framework. */
+- /* Create necessary paths on /data */
+- prep_data_fs();
+-
+- /* Ugh, shutting down the framework is not synchronous, so until it
+- * can be fixed, this horrible hack will wait a moment for it all to
+- * shut down before proceeding. Without it, some devices cannot
+- * restart the graphics services.
+- */
+- sleep(2);
++ }
+
++ if (!no_ui || rebootEncryption) {
+ /* startup service classes main and late_start */
+ property_set("vold.decrypt", "trigger_restart_min_framework");
+ SLOGD("Just triggered restart_min_framework\n");
+@@ -2771,17 +2361,8 @@ int cryptfs_enable_internal(int crypt_type, const char* passwd, int no_ui) {
+ }
+
+ decrypt_master_key(passwd, decrypted_master_key, &crypt_ftr, 0, 0);
+-#ifdef CONFIG_HW_DISK_ENCRYPTION
+- if (is_hw_disk_encryption((char*)crypt_ftr.crypto_type_name) && is_ice_enabled())
+- create_crypto_blk_dev(&crypt_ftr, (unsigned char*)&key_index, real_blkdev, crypto_blkdev,
+- CRYPTO_BLOCK_DEVICE, 0);
+- else
+- create_crypto_blk_dev(&crypt_ftr, decrypted_master_key, real_blkdev, crypto_blkdev,
+- CRYPTO_BLOCK_DEVICE, 0);
+-#else
+ create_crypto_blk_dev(&crypt_ftr, decrypted_master_key, real_blkdev, crypto_blkdev,
+ CRYPTO_BLOCK_DEVICE, 0);
+-#endif
+
+ /* If we are continuing, check checksums match */
+ rc = 0;
+@@ -2915,7 +2496,7 @@ int cryptfs_enable_default(int no_ui) {
+ return cryptfs_enable_internal(CRYPT_TYPE_DEFAULT, DEFAULT_PASSWORD, no_ui);
+ }
+
+-int cryptfs_changepw(int crypt_type, const char *currentpw, const char *newpw)
++int cryptfs_changepw(int crypt_type, const char *newpw)
+ {
+ if (e4crypt_is_native()) {
+ SLOGE("cryptfs_changepw not valid for file encryption");
+@@ -2942,28 +2523,6 @@ int cryptfs_changepw(int crypt_type, const char *currentpw, const char *newpw)
+ return -1;
+ }
+
+-#ifdef CONFIG_HW_DISK_ENCRYPTION
+- if(is_hw_disk_encryption((char*)crypt_ftr.crypto_type_name))
+- return cryptfs_changepw_hw_fde(crypt_type, currentpw, newpw);
+- else {
+- crypt_ftr.crypt_type = crypt_type;
+-
+- rc = encrypt_master_key(crypt_type == CRYPT_TYPE_DEFAULT ?
+- DEFAULT_PASSWORD : newpw,
+- crypt_ftr.salt,
+- saved_master_key,
+- crypt_ftr.master_key,
+- &crypt_ftr, false);
+- if (rc) {
+- SLOGE("Encrypt master key failed: %d", rc);
+- return -1;
+- }
+- /* save the key */
+- put_crypt_ftr_and_key(&crypt_ftr);
+-
+- return 0;
+- }
+-#else
+ crypt_ftr.crypt_type = crypt_type;
+
+ rc = encrypt_master_key(crypt_type == CRYPT_TYPE_DEFAULT ? DEFAULT_PASSWORD
+@@ -2971,7 +2530,7 @@ int cryptfs_changepw(int crypt_type, const char *currentpw, const char *newpw)
+ crypt_ftr.salt,
+ saved_master_key,
+ crypt_ftr.master_key,
+- &crypt_ftr, false);
++ &crypt_ftr);
+ if (rc) {
+ SLOGE("Encrypt master key failed: %d", rc);
+ return -1;
+@@ -2979,57 +2538,8 @@ int cryptfs_changepw(int crypt_type, const char *currentpw, const char *newpw)
+ /* save the key */
+ put_crypt_ftr_and_key(&crypt_ftr);
+
+- return 0;
+-#endif
+-}
+-
+-#ifdef CONFIG_HW_DISK_ENCRYPTION
+-int cryptfs_changepw_hw_fde(int crypt_type, const char *currentpw, const char *newpw)
+-{
+- struct crypt_mnt_ftr crypt_ftr;
+- int rc;
+- int previous_type;
+-
+- /* get key */
+- if (get_crypt_ftr_and_key(&crypt_ftr)) {
+- SLOGE("Error getting crypt footer and key");
+- return -1;
+- }
+-
+- previous_type = crypt_ftr.crypt_type;
+- int rc1;
+- unsigned char tmp_curpw[32] = {0};
+- rc1 = get_keymaster_hw_fde_passwd(crypt_ftr.crypt_type == CRYPT_TYPE_DEFAULT ?
+- DEFAULT_PASSWORD : currentpw, tmp_curpw,
+- crypt_ftr.salt, &crypt_ftr);
+-
+- crypt_ftr.crypt_type = crypt_type;
+-
+- int ret, rc2;
+- unsigned char tmp_newpw[32] = {0};
+-
+- rc2 = get_keymaster_hw_fde_passwd(crypt_type == CRYPT_TYPE_DEFAULT ?
+- DEFAULT_PASSWORD : newpw , tmp_newpw,
+- crypt_ftr.salt, &crypt_ftr);
+-
+- if (is_hw_disk_encryption((char*)crypt_ftr.crypto_type_name)) {
+- ret = update_hw_device_encryption_key(
+- rc1 ? (previous_type == CRYPT_TYPE_DEFAULT ? DEFAULT_PASSWORD : currentpw) : (const char*)tmp_curpw,
+- rc2 ? (crypt_type == CRYPT_TYPE_DEFAULT ? DEFAULT_PASSWORD : newpw): (const char*)tmp_newpw,
+- (char*)crypt_ftr.crypto_type_name);
+- if (ret) {
+- SLOGE("Error updating device encryption hardware key ret %d", ret);
+- return -1;
+- } else {
+- SLOGI("Encryption hardware key updated");
+- }
+- }
+-
+- /* save the key */
+- put_crypt_ftr_and_key(&crypt_ftr);
+ return 0;
+ }
+-#endif
+
+ static unsigned int persist_get_max_entries(int encrypted) {
+ struct crypt_mnt_ftr crypt_ftr;
+@@ -3432,62 +2942,3 @@ int cryptfs_isConvertibleToFBE()
+ struct fstab_rec* rec = fs_mgr_get_entry_for_mount_point(fstab_default, DATA_MNT_POINT);
+ return fs_mgr_is_convertible_to_fbe(rec) ? 1 : 0;
+ }
+-
+-int cryptfs_create_default_ftr(struct crypt_mnt_ftr* crypt_ftr, __attribute__((unused))int key_length)
+-{
+- if (cryptfs_init_crypt_mnt_ftr(crypt_ftr)) {
+- SLOGE("Failed to initialize crypt_ftr");
+- return -1;
+- }
+-
+- if (create_encrypted_random_key(DEFAULT_PASSWORD, crypt_ftr->master_key,
+- crypt_ftr->salt, crypt_ftr)) {
+- SLOGE("Cannot create encrypted master key\n");
+- return -1;
+- }
+-
+- //crypt_ftr->keysize = key_length / 8;
+- return 0;
+-}
+-
+-int cryptfs_get_master_key(struct crypt_mnt_ftr* ftr, const char* password,
+- unsigned char* master_key)
+-{
+- int rc;
+-
+- unsigned char* intermediate_key = 0;
+- size_t intermediate_key_size = 0;
+-
+- if (password == 0 || *password == 0) {
+- password = DEFAULT_PASSWORD;
+- }
+-
+- rc = decrypt_master_key(password, master_key, ftr, &intermediate_key,
+- &intermediate_key_size);
+-
+- if (rc) {
+- SLOGE("Can't calculate intermediate key");
+- return rc;
+- }
+-
+- int N = 1 << ftr->N_factor;
+- int r = 1 << ftr->r_factor;
+- int p = 1 << ftr->p_factor;
+-
+- unsigned char scrypted_intermediate_key[sizeof(ftr->scrypted_intermediate_key)];
+-
+- rc = crypto_scrypt(intermediate_key, intermediate_key_size,
+- ftr->salt, sizeof(ftr->salt), N, r, p,
+- scrypted_intermediate_key,
+- sizeof(scrypted_intermediate_key));
+-
+- free(intermediate_key);
+-
+- if (rc) {
+- SLOGE("Can't scrypt intermediate key");
+- return rc;
+- }
+-
+- return memcmp(scrypted_intermediate_key, ftr->scrypted_intermediate_key,
+- intermediate_key_size);
+-}
+diff --git a/cryptfs.h b/cryptfs.h
+index d8923db..d6c7dc5 100644
+--- a/cryptfs.h
++++ b/cryptfs.h
+@@ -66,14 +66,6 @@
+ complete. On next cryptkeeper entry, match
+ the password. If it matches fix the master
+ key and remove this flag. */
+-#ifdef CONFIG_HW_DISK_ENCRYPTION
+-/* This flag is used to transition from L->M upgrade. L release passed
+- * a byte for every nible of user password while M release is passing
+- * ascii value of user password.
+- * Random flag value is chosen so that it does not conflict with other use cases
+- */
+-#define CRYPT_ASCII_PASSWORD_UPDATED 0x1000
+-#endif
+
+ /* Allowed values for type in the structure below */
+ #define CRYPT_TYPE_PASSWORD 0 /* master_key is encrypted with a password
+@@ -241,7 +233,7 @@ int cryptfs_check_passwd(const char* pw);
+ int cryptfs_verify_passwd(const char* pw);
+ int cryptfs_restart(void);
+ int cryptfs_enable(int type, const char* passwd, int no_ui);
+-int cryptfs_changepw(int type, const char *currentpw, const char* newpw);
++int cryptfs_changepw(int type, const char* newpw);
+ int cryptfs_enable_default(int no_ui);
+ int cryptfs_setup_ext_volume(const char* label, const char* real_blkdev, const unsigned char* key,
+ char* out_crypto_blkdev);
+--
+2.17.1
+
diff --git a/patches/vendor/bliss/0001-Revert-verity_tool-Implement-status-getter.patch b/patches/vendor/bliss/0001-Revert-verity_tool-Implement-status-getter.patch
index d1e5211..311fea4 100644
--- a/patches/vendor/bliss/0001-Revert-verity_tool-Implement-status-getter.patch
+++ b/patches/vendor/bliss/0001-Revert-verity_tool-Implement-status-getter.patch
@@ -1,7 +1,7 @@
-From df7d12a93f9eae6b35debd5a39286962bf973fdd Mon Sep 17 00:00:00 2001
+From e3a80211bcc653deb72029d534e342c116d550f3 Mon Sep 17 00:00:00 2001
From: Jackeagle <jackeagle102@gmail.com>
Date: Mon, 3 Dec 2018 10:55:28 -0500
-Subject: [PATCH 1/9] Revert "verity_tool: Implement status getter"
+Subject: [PATCH 01/11] Revert "verity_tool: Implement status getter"
This reverts commit 385296fd334a854915d41ef556ce7bb981f66bb3.
---
@@ -12,7 +12,7 @@
4 files changed, 6 insertions(+), 107 deletions(-)
diff --git a/config/BoardConfigBliss.mk b/config/BoardConfigBliss.mk
-index 032e0613..7ccae1d4 100644
+index 032e061..7ccae1d 100644
--- a/config/BoardConfigBliss.mk
+++ b/config/BoardConfigBliss.mk
@@ -9,8 +9,8 @@ ifeq ($(TARGET_HW_DISK_ENCRYPTION),true)
@@ -29,7 +29,7 @@
+include vendor/bliss/config/BoardConfigQcom.mk
+endif
diff --git a/verity_tool/include/verity_tool.h b/verity_tool/include/verity_tool.h
-index b81eda1a..25a6a7c2 100644
+index b81eda1..25a6a7c 100644
--- a/verity_tool/include/verity_tool.h
+++ b/verity_tool/include/verity_tool.h
@@ -18,14 +18,6 @@
@@ -62,7 +62,7 @@
* Return codes:
*
diff --git a/verity_tool/main.cpp b/verity_tool/main.cpp
-index befdafac..f5f026aa 100644
+index befdafa..f5f026a 100644
--- a/verity_tool/main.cpp
+++ b/verity_tool/main.cpp
@@ -24,23 +24,20 @@ static void print_usage() {
@@ -119,7 +119,7 @@
printf("Error occurred in set_verity_enable\n");
exit(EXIT_FAILURE);
diff --git a/verity_tool/verity_tool.cpp b/verity_tool/verity_tool.cpp
-index 48e95b67..9575c4c1 100644
+index 48e95b6..9575c4c 100644
--- a/verity_tool/verity_tool.cpp
+++ b/verity_tool/verity_tool.cpp
@@ -108,69 +108,6 @@ static std::string get_ab_suffix() {
diff --git a/patches/vendor/bliss/0002-Revert-kernel.mk-Support-kernels-that-use-LTO.patch b/patches/vendor/bliss/0002-Revert-kernel.mk-Support-kernels-that-use-LTO.patch
index 9abe521..467df33 100644
--- a/patches/vendor/bliss/0002-Revert-kernel.mk-Support-kernels-that-use-LTO.patch
+++ b/patches/vendor/bliss/0002-Revert-kernel.mk-Support-kernels-that-use-LTO.patch
@@ -1,7 +1,7 @@
-From e76039ca4444117dbb5c43a8d0b6dcd9c1712db4 Mon Sep 17 00:00:00 2001
+From 2d02dfed6fb59bff818960bca3eb8c7663ec41af Mon Sep 17 00:00:00 2001
From: Jackeagle <jackeagle102@gmail.com>
Date: Mon, 3 Dec 2018 10:55:46 -0500
-Subject: [PATCH 2/9] Revert "kernel.mk: Support kernels that use LTO"
+Subject: [PATCH 02/11] Revert "kernel.mk: Support kernels that use LTO"
This reverts commit 811524eef488f81295c876b669d8ec7a6cad9cea.
---
@@ -9,7 +9,7 @@
1 file changed, 15 insertions(+), 16 deletions(-)
diff --git a/build/tasks/kernel.mk b/build/tasks/kernel.mk
-index 54812a90..7a674ee9 100644
+index 54812a9..7a674ee 100644
--- a/build/tasks/kernel.mk
+++ b/build/tasks/kernel.mk
@@ -178,9 +178,8 @@ ifeq ($(TARGET_KERNEL_CLANG_COMPILE),true)
diff --git a/patches/vendor/bliss/0003-Revert-kernel-Remove-kernel-x-config.patch b/patches/vendor/bliss/0003-Revert-kernel-Remove-kernel-x-config.patch
index 3f639aa..942bf3b 100644
--- a/patches/vendor/bliss/0003-Revert-kernel-Remove-kernel-x-config.patch
+++ b/patches/vendor/bliss/0003-Revert-kernel-Remove-kernel-x-config.patch
@@ -1,7 +1,7 @@
-From 441c7f3ebaf200c234eebb18259dfa336ba33301 Mon Sep 17 00:00:00 2001
+From 4f058fbadbe7ae6ea770ca6f64e269c48de19edb Mon Sep 17 00:00:00 2001
From: Jackeagle <jackeagle102@gmail.com>
Date: Mon, 3 Dec 2018 10:55:52 -0500
-Subject: [PATCH 3/9] Revert "kernel: Remove kernel{x}config"
+Subject: [PATCH 03/11] Revert "kernel: Remove kernel{x}config"
This reverts commit 12c4070d98e0bb69869874d8fcaa22769a07d994.
---
@@ -9,7 +9,7 @@
1 file changed, 12 insertions(+), 1 deletion(-)
diff --git a/build/tasks/kernel.mk b/build/tasks/kernel.mk
-index 7a674ee9..61d63bcc 100644
+index 7a674ee..61d63bc 100644
--- a/build/tasks/kernel.mk
+++ b/build/tasks/kernel.mk
@@ -251,7 +251,18 @@ kerneltags: $(KERNEL_CONFIG)
diff --git a/patches/vendor/bliss/0004-Revert-kernel-Remove-deprecated-flag-errors.patch b/patches/vendor/bliss/0004-Revert-kernel-Remove-deprecated-flag-errors.patch
index 8e67c9e..315e603 100644
--- a/patches/vendor/bliss/0004-Revert-kernel-Remove-deprecated-flag-errors.patch
+++ b/patches/vendor/bliss/0004-Revert-kernel-Remove-deprecated-flag-errors.patch
@@ -1,7 +1,7 @@
-From 456d8976a21cbdce213b2e5a1113724c4a05d06f Mon Sep 17 00:00:00 2001
+From 7c41b7930164bfbf8b851d5ceb751c4ca22c4308 Mon Sep 17 00:00:00 2001
From: Jackeagle <jackeagle102@gmail.com>
Date: Mon, 3 Dec 2018 10:56:00 -0500
-Subject: [PATCH 4/9] Revert "kernel: Remove deprecated flag errors"
+Subject: [PATCH 04/11] Revert "kernel: Remove deprecated flag errors"
This reverts commit 31a4c13150d86dd3690fe4b79678f0578900591c.
---
@@ -9,7 +9,7 @@
1 file changed, 6 insertions(+)
diff --git a/build/tasks/kernel.mk b/build/tasks/kernel.mk
-index 61d63bcc..b42d86dc 100644
+index 61d63bc..b42d86d 100644
--- a/build/tasks/kernel.mk
+++ b/build/tasks/kernel.mk
@@ -77,6 +77,12 @@ KERNEL_DEFCONFIG_SRC := $(KERNEL_SRC)/arch/$(KERNEL_DEFCONFIG_ARCH)/configs/$(KE
diff --git a/patches/vendor/bliss/0005-Revert-vendor-bliss-Remove-kernel.mk-headers-generat.patch b/patches/vendor/bliss/0005-Revert-vendor-bliss-Remove-kernel.mk-headers-generat.patch
index 94d4016..6b7e9b3 100644
--- a/patches/vendor/bliss/0005-Revert-vendor-bliss-Remove-kernel.mk-headers-generat.patch
+++ b/patches/vendor/bliss/0005-Revert-vendor-bliss-Remove-kernel.mk-headers-generat.patch
@@ -1,7 +1,7 @@
-From 4a0c568b97efb930137b0f7f3a0d811df8973f5d Mon Sep 17 00:00:00 2001
+From d90fac6121821ac30cd915e4a36ff107d3709b54 Mon Sep 17 00:00:00 2001
From: Jackeagle <jackeagle102@gmail.com>
Date: Mon, 3 Dec 2018 10:56:07 -0500
-Subject: [PATCH 5/9] Revert "vendor/bliss: Remove kernel.mk headers
+Subject: [PATCH 05/11] Revert "vendor/bliss: Remove kernel.mk headers
generation"
This reverts commit 6a4c7c1258ffecc26324b034c9091373bf0272dd.
@@ -10,7 +10,7 @@
1 file changed, 50 insertions(+)
diff --git a/build/tasks/kernel.mk b/build/tasks/kernel.mk
-index b42d86dc..d0263d37 100644
+index b42d86d..d0263d3 100644
--- a/build/tasks/kernel.mk
+++ b/build/tasks/kernel.mk
@@ -151,6 +151,9 @@ endif
diff --git a/patches/vendor/bliss/0006-Revert-vendor-bliss-Add-techpack-audio-to-include-pa.patch b/patches/vendor/bliss/0006-Revert-vendor-bliss-Add-techpack-audio-to-include-pa.patch
index 9411c36..194636f 100644
--- a/patches/vendor/bliss/0006-Revert-vendor-bliss-Add-techpack-audio-to-include-pa.patch
+++ b/patches/vendor/bliss/0006-Revert-vendor-bliss-Add-techpack-audio-to-include-pa.patch
@@ -1,8 +1,8 @@
-From 6615bc99f58e93e2ba390b02885b52afb16fd3c0 Mon Sep 17 00:00:00 2001
+From 13226c228097836551fadec8d39fd7e0e63f83eb Mon Sep 17 00:00:00 2001
From: Jackeagle <jackeagle102@gmail.com>
Date: Mon, 3 Dec 2018 10:56:58 -0500
-Subject: [PATCH 6/9] Revert "vendor/bliss: Add techpack/audio to include path
- also"
+Subject: [PATCH 06/11] Revert "vendor/bliss: Add techpack/audio to include
+ path also"
This reverts commit 3f22fe9e171b1dd2697d3a5c76fab2d614837064.
---
@@ -10,7 +10,7 @@
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/build/soong/Android.bp b/build/soong/Android.bp
-index 057dea8c..3addbe36 100644
+index 057dea8..3addbe3 100644
--- a/build/soong/Android.bp
+++ b/build/soong/Android.bp
@@ -30,7 +30,7 @@ bliss_generator {
diff --git a/patches/vendor/bliss/0007-Revert-vendor-bliss-Dynamically-generate-kernel-head.patch b/patches/vendor/bliss/0007-Revert-vendor-bliss-Dynamically-generate-kernel-head.patch
index 4506a7e..987b0d8 100644
--- a/patches/vendor/bliss/0007-Revert-vendor-bliss-Dynamically-generate-kernel-head.patch
+++ b/patches/vendor/bliss/0007-Revert-vendor-bliss-Dynamically-generate-kernel-head.patch
@@ -1,8 +1,8 @@
-From fdad2906512d4c1319e55ded79f59820cb818670 Mon Sep 17 00:00:00 2001
+From d014ce1fe3553eeaeab69346b5a5b7fb4833ae4b Mon Sep 17 00:00:00 2001
From: Jackeagle <jackeagle102@gmail.com>
Date: Mon, 3 Dec 2018 10:57:02 -0500
-Subject: [PATCH 7/9] Revert "vendor/bliss: Dynamically generate kernel headers
- using bliss generator"
+Subject: [PATCH 07/11] Revert "vendor/bliss: Dynamically generate kernel
+ headers using bliss generator"
This reverts commit e0831af9a803dc2bdd1d203d93c3e3ce9b8e120a.
---
@@ -16,7 +16,7 @@
delete mode 100644 config/BoardConfigSoong.mk
diff --git a/build/soong/Android.bp b/build/soong/Android.bp
-index 3addbe36..45a4ab72 100644
+index 3addbe3..45a4ab7 100644
--- a/build/soong/Android.bp
+++ b/build/soong/Android.bp
@@ -18,28 +18,6 @@ bootstrap_go_package {
@@ -49,7 +49,7 @@
- vendor_available: true,
-}
diff --git a/build/soong/generator/generator.go b/build/soong/generator/generator.go
-index ffaece32..b14a19c5 100644
+index ffaece3..b14a19c 100644
--- a/build/soong/generator/generator.go
+++ b/build/soong/generator/generator.go
@@ -213,13 +213,10 @@ func (g *Module) GenerateAndroidBuildActions(ctx android.ModuleContext) {
@@ -77,7 +77,7 @@
switch name {
diff --git a/build/soong/generator/variables.go b/build/soong/generator/variables.go
deleted file mode 100644
-index 3e633ffb..00000000
+index 3e633ff..0000000
--- a/build/soong/generator/variables.go
+++ /dev/null
@@ -1,28 +0,0 @@
@@ -110,7 +110,7 @@
- return out
-}
diff --git a/config/BoardConfigBliss.mk b/config/BoardConfigBliss.mk
-index 7ccae1d4..e38938b0 100644
+index 7ccae1d..e38938b 100644
--- a/config/BoardConfigBliss.mk
+++ b/config/BoardConfigBliss.mk
@@ -9,7 +9,6 @@ ifeq ($(TARGET_HW_DISK_ENCRYPTION),true)
@@ -123,7 +123,7 @@
include vendor/bliss/config/BoardConfigQcom.mk
diff --git a/config/BoardConfigSoong.mk b/config/BoardConfigSoong.mk
deleted file mode 100644
-index 35d7893c..00000000
+index 35d7893..0000000
--- a/config/BoardConfigSoong.mk
+++ /dev/null
@@ -1,18 +0,0 @@
diff --git a/patches/vendor/bliss/0008-Revert-vendor-bliss-Add-soong-generator-module-type.patch b/patches/vendor/bliss/0008-Revert-vendor-bliss-Add-soong-generator-module-type.patch
index 86381d5..a0e65f1 100644
--- a/patches/vendor/bliss/0008-Revert-vendor-bliss-Add-soong-generator-module-type.patch
+++ b/patches/vendor/bliss/0008-Revert-vendor-bliss-Add-soong-generator-module-type.patch
@@ -1,7 +1,7 @@
-From dff7724ce0ebd95545d8eb5c69ea7dd4c21e1b80 Mon Sep 17 00:00:00 2001
+From 839d87c6504651a31c4933bc5582b2814d40a259 Mon Sep 17 00:00:00 2001
From: Jackeagle <jackeagle102@gmail.com>
Date: Mon, 3 Dec 2018 10:57:16 -0500
-Subject: [PATCH 8/9] Revert "vendor/bliss: Add soong generator module type"
+Subject: [PATCH 08/11] Revert "vendor/bliss: Add soong generator module type"
This reverts commit 0d2bcd429f2227c1efd59c2a7a4916f6f10c8af2.
---
@@ -11,7 +11,7 @@
delete mode 100644 build/soong/generator/generator.go
diff --git a/build/soong/Android.bp b/build/soong/Android.bp
-index 45a4ab72..2cb1afa0 100644
+index 45a4ab7..2cb1afa 100644
--- a/build/soong/Android.bp
+++ b/build/soong/Android.bp
@@ -5,19 +5,3 @@ bootstrap_go_package {
@@ -36,7 +36,7 @@
-}
diff --git a/build/soong/generator/generator.go b/build/soong/generator/generator.go
deleted file mode 100644
-index b14a19c5..00000000
+index b14a19c..0000000
--- a/build/soong/generator/generator.go
+++ /dev/null
@@ -1,307 +0,0 @@
diff --git a/patches/vendor/bliss/0009-Revert-vendor-bliss-Move-some-kernel-definitions-to-.patch b/patches/vendor/bliss/0009-Revert-vendor-bliss-Move-some-kernel-definitions-to-.patch
index 5923f20..f49e7b3 100644
--- a/patches/vendor/bliss/0009-Revert-vendor-bliss-Move-some-kernel-definitions-to-.patch
+++ b/patches/vendor/bliss/0009-Revert-vendor-bliss-Move-some-kernel-definitions-to-.patch
@@ -1,7 +1,7 @@
-From 1fe137b24228d2b6a06c3141e894a1988230811d Mon Sep 17 00:00:00 2001
+From ff711e07cb11ad87fd862240815c9fade43f9594 Mon Sep 17 00:00:00 2001
From: Jackeagle <jackeagle102@gmail.com>
Date: Mon, 3 Dec 2018 10:57:23 -0500
-Subject: [PATCH 9/9] Revert "vendor/bliss: Move some kernel definitions to
+Subject: [PATCH 09/11] Revert "vendor/bliss: Move some kernel definitions to
BoardConfigKernel"
This reverts commit 3a8423358f51b6616622c881e04d82ba2f603984.
@@ -13,7 +13,7 @@
delete mode 100644 config/BoardConfigKernel.mk
diff --git a/build/tasks/kernel.mk b/build/tasks/kernel.mk
-index d0263d37..6057b9f1 100644
+index d0263d3..6057b9f 100644
--- a/build/tasks/kernel.mk
+++ b/build/tasks/kernel.mk
@@ -1,5 +1,4 @@
@@ -267,7 +267,7 @@
--image $@ \
--partition_size $(BOARD_DTBOIMG_PARTITION_SIZE) \
diff --git a/config/BoardConfigBliss.mk b/config/BoardConfigBliss.mk
-index e38938b0..e6102f7a 100644
+index e38938b..e6102f7 100644
--- a/config/BoardConfigBliss.mk
+++ b/config/BoardConfigBliss.mk
@@ -8,8 +8,6 @@ ifeq ($(TARGET_HW_DISK_ENCRYPTION),true)
@@ -281,7 +281,7 @@
endif
diff --git a/config/BoardConfigKernel.mk b/config/BoardConfigKernel.mk
deleted file mode 100644
-index 74f3413b..00000000
+index 74f3413..0000000
--- a/config/BoardConfigKernel.mk
+++ /dev/null
@@ -1,111 +0,0 @@
diff --git a/patches/vendor/bliss/0010-Revert-soong_config-Add-flag-for-crypto-waiting-on-Q.patch b/patches/vendor/bliss/0010-Revert-soong_config-Add-flag-for-crypto-waiting-on-Q.patch
new file mode 100644
index 0000000..4326d0e
--- /dev/null
+++ b/patches/vendor/bliss/0010-Revert-soong_config-Add-flag-for-crypto-waiting-on-Q.patch
@@ -0,0 +1,47 @@
+From 02703201a3d2b228620fbbfcca4a44c53f821ffe Mon Sep 17 00:00:00 2001
+From: Jackeagle <jackeagle102@gmail.com>
+Date: Wed, 19 Dec 2018 17:06:59 +0100
+Subject: [PATCH 10/11] Revert "soong_config: Add flag for crypto waiting on
+ QSEE to start"
+
+This reverts commit 9ce6d1fa37b1bf4ac78f9fcd10302820f8161565.
+---
+ build/soong/android/variable.go | 4 ----
+ build/soong/soong_config.mk | 1 -
+ 2 files changed, 5 deletions(-)
+
+diff --git a/build/soong/android/variable.go b/build/soong/android/variable.go
+index 67452c7..0123521 100644
+--- a/build/soong/android/variable.go
++++ b/build/soong/android/variable.go
+@@ -36,9 +36,6 @@ type Product_variables struct {
+ Device_support_legacy_hwfde struct {
+ Cflags []string
+ }
+- Device_support_wait_for_qsee struct {
+- Cflags []string
+- }
+ }
+
+ type ProductVariables struct {
+@@ -54,5 +51,4 @@ type ProductVariables struct {
+ Device_support_hwfde *bool `json:",omitempty"`
+ Device_support_hwfde_perf *bool `json:",omitempty"`
+ Device_support_legacy_hwfde *bool `json:",omitempty"`
+- Device_support_wait_for_qsee *bool `json:",omitempty"`
+ }
+diff --git a/build/soong/soong_config.mk b/build/soong/soong_config.mk
+index 91e0b41..c31cb22 100644
+--- a/build/soong/soong_config.mk
++++ b/build/soong/soong_config.mk
+@@ -7,7 +7,6 @@ $(call add_json_str_omitempty, Additional_gralloc_10_usage_bits, $(TARGET_ADDITI
+ $(call add_json_bool, Device_support_hwfde, $(filter true,$(TARGET_HW_DISK_ENCRYPTION)))
+ $(call add_json_bool, Device_support_hwfde_perf, $(filter true,$(TARGET_HW_DISK_ENCRYPTION_PERF)))
+ $(call add_json_bool, Device_support_legacy_hwfde, $(filter true,$(TARGET_LEGACY_HW_DISK_ENCRYPTION)))
+-$(call add_json_bool, Device_support_wait_for_qsee, $(filter true,$(TARGET_KEYMASTER_WAIT_FOR_QSEE)))
+ $(call add_json_bool, Has_legacy_camera_hal1, $(filter true,$(TARGET_HAS_LEGACY_CAMERA_HAL1)))
+ $(call add_json_str, Specific_camera_parameter_library, $(TARGET_SPECIFIC_CAMERA_PARAMETER_LIBRARY))
+ $(call add_json_str_omitempty, Target_shim_libs, $(TARGET_LD_SHIM_LIBS))
+--
+2.17.1
+
diff --git a/patches/vendor/bliss/0011-Revert-soong_config-Add-flag-for-legacy-HW-FDE.patch b/patches/vendor/bliss/0011-Revert-soong_config-Add-flag-for-legacy-HW-FDE.patch
new file mode 100644
index 0000000..75168a6
--- /dev/null
+++ b/patches/vendor/bliss/0011-Revert-soong_config-Add-flag-for-legacy-HW-FDE.patch
@@ -0,0 +1,60 @@
+From e9a1c2d62bc123e66ac785f48b86334e33190fdf Mon Sep 17 00:00:00 2001
+From: Jackeagle <jackeagle102@gmail.com>
+Date: Wed, 19 Dec 2018 17:07:12 +0100
+Subject: [PATCH 11/11] Revert "soong_config: Add flag for legacy HW FDE"
+
+This reverts commit b9c76da9c82d09514aeaaf74a13ed6c5bc32dfcb.
+---
+ build/soong/android/variable.go | 16 +---------------
+ build/soong/soong_config.mk | 3 ---
+ 2 files changed, 1 insertion(+), 18 deletions(-)
+
+diff --git a/build/soong/android/variable.go b/build/soong/android/variable.go
+index 0123521..c11ec95 100644
+--- a/build/soong/android/variable.go
++++ b/build/soong/android/variable.go
+@@ -25,17 +25,6 @@ type Product_variables struct {
+ Target_process_sdk_version_override struct {
+ Cppflags []string
+ }
+- Device_support_hwfde struct {
+- Cflags []string
+- Header_libs []string
+- Shared_libs []string
+- }
+- Device_support_hwfde_perf struct {
+- Cflags []string
+- }
+- Device_support_legacy_hwfde struct {
+- Cflags []string
+- }
+ }
+
+ type ProductVariables struct {
+@@ -47,8 +36,5 @@ type ProductVariables struct {
+ Uses_nvidia_enhancements *bool `json:",omitempty"`
+ Uses_qcom_bsp_legacy *bool `json:",omitempty"`
+ Uses_qti_camera_device *bool `json:",omitempty"`
+- Target_process_sdk_version_override *string `json:",omitempty"`
+- Device_support_hwfde *bool `json:",omitempty"`
+- Device_support_hwfde_perf *bool `json:",omitempty"`
+- Device_support_legacy_hwfde *bool `json:",omitempty"`
++ Target_process_sdk_version_override *string `json:",omitempty"`
+ }
+diff --git a/build/soong/soong_config.mk b/build/soong/soong_config.mk
+index c31cb22..d4ea787 100644
+--- a/build/soong/soong_config.mk
++++ b/build/soong/soong_config.mk
+@@ -4,9 +4,6 @@ _contents := $(_contents) "Bliss":{$(newline)
+
+ # See build/core/soong_config.mk for the add_json_* functions you can use here.
+ $(call add_json_str_omitempty, Additional_gralloc_10_usage_bits, $(TARGET_ADDITIONAL_GRALLOC_10_USAGE_BITS))
+-$(call add_json_bool, Device_support_hwfde, $(filter true,$(TARGET_HW_DISK_ENCRYPTION)))
+-$(call add_json_bool, Device_support_hwfde_perf, $(filter true,$(TARGET_HW_DISK_ENCRYPTION_PERF)))
+-$(call add_json_bool, Device_support_legacy_hwfde, $(filter true,$(TARGET_LEGACY_HW_DISK_ENCRYPTION)))
+ $(call add_json_bool, Has_legacy_camera_hal1, $(filter true,$(TARGET_HAS_LEGACY_CAMERA_HAL1)))
+ $(call add_json_str, Specific_camera_parameter_library, $(TARGET_SPECIFIC_CAMERA_PARAMETER_LIBRARY))
+ $(call add_json_str_omitempty, Target_shim_libs, $(TARGET_LD_SHIM_LIBS))
+--
+2.17.1
+