system/vold: Update patches after pie-gsi merge
Signed-off-by: Jackeagle <jackeagle102@gmail.com>
diff --git a/patches/system/vold/0001-Don-t-set-reserved_disk-group-it-panics-old-inits.patch b/patches/system/vold/0001-Don-t-set-reserved_disk-group-it-panics-old-inits.patch
index d5fd0c2..61a4b30 100644
--- a/patches/system/vold/0001-Don-t-set-reserved_disk-group-it-panics-old-inits.patch
+++ b/patches/system/vold/0001-Don-t-set-reserved_disk-group-it-panics-old-inits.patch
@@ -1,7 +1,7 @@
-From 73a4350598cca23f83f1ae0e3153a63209aa7d44 Mon Sep 17 00:00:00 2001
+From b65b3f410be4f7a656d2ab78fb4c19db0bfa1588 Mon Sep 17 00:00:00 2001
From: Pierre-Hugues Husson <phh@phh.me>
Date: Tue, 14 Aug 2018 20:53:12 +0200
-Subject: [PATCH 1/4] Don't set reserved_disk group, it panics old inits
+Subject: [PATCH 1/8] Don't set reserved_disk group, it panics old inits
Conflicts:
vold.rc
@@ -21,5 +21,5 @@
shutdown critical
- group root reserved_disk
--
-2.17.1
+2.21.0
diff --git a/patches/system/vold/0002-Create-vendor_de.-This-is-done-by-init.rc-on-system-.patch b/patches/system/vold/0002-Create-vendor_de.-This-is-done-by-init.rc-on-system-.patch
index 1829d1e..f96c55c 100644
--- a/patches/system/vold/0002-Create-vendor_de.-This-is-done-by-init.rc-on-system-.patch
+++ b/patches/system/vold/0002-Create-vendor_de.-This-is-done-by-init.rc-on-system-.patch
@@ -1,7 +1,7 @@
-From f93afbee37f5fa6ac16d451ded9e475b76d0d127 Mon Sep 17 00:00:00 2001
+From a6daf6e1568773868ae40be990908ccbb790e982 Mon Sep 17 00:00:00 2001
From: Pierre-Hugues Husson <phh@phh.me>
Date: Tue, 14 Aug 2018 20:54:08 +0200
-Subject: [PATCH 2/4] Create vendor_de. This is done by /init.rc on
+Subject: [PATCH 2/8] Create vendor_de. This is done by /init.rc on
system-as-root device
---
@@ -22,5 +22,5 @@
if (!prepare_dir(system_legacy_path, 0700, AID_SYSTEM, AID_SYSTEM)) return false;
#if MANAGE_MISC_DIRS
--
-2.17.1
+2.21.0
diff --git a/patches/system/vold/0003-Support-Samsung-s-implementation-of-exfat-called-sdf.patch b/patches/system/vold/0003-Support-Samsung-s-implementation-of-exfat-called-sdf.patch
index 96d1d00..20b24fd 100644
--- a/patches/system/vold/0003-Support-Samsung-s-implementation-of-exfat-called-sdf.patch
+++ b/patches/system/vold/0003-Support-Samsung-s-implementation-of-exfat-called-sdf.patch
@@ -1,7 +1,7 @@
-From 3945b7da1af3b91d00543b15dd4d042db5bbae92 Mon Sep 17 00:00:00 2001
+From 020260847ca0544011f4dc608e0049ac45c8c817 Mon Sep 17 00:00:00 2001
From: Pierre-Hugues Husson <phh@phh.me>
Date: Mon, 20 Aug 2018 22:37:54 +0200
-Subject: [PATCH 3/4] Support Samsung's implementation of exfat, called sdfat
+Subject: [PATCH 3/8] Support Samsung's implementation of exfat, called sdfat
---
fs/Exfat.cpp | 9 ++++++---
@@ -40,5 +40,5 @@
}
--
-2.17.1
+2.21.0
diff --git a/patches/system/vold/0004-Also-create-vendor_ce-same-reason-as-vendor_de.patch b/patches/system/vold/0004-Also-create-vendor_ce-same-reason-as-vendor_de.patch
index 27c3c64..829e69d 100644
--- a/patches/system/vold/0004-Also-create-vendor_ce-same-reason-as-vendor_de.patch
+++ b/patches/system/vold/0004-Also-create-vendor_ce-same-reason-as-vendor_de.patch
@@ -1,7 +1,7 @@
-From b54608b7f7c3a16b03e1edd7cdabcb31f692c90b Mon Sep 17 00:00:00 2001
+From 10f180991872520925c9549830a73a176293c583 Mon Sep 17 00:00:00 2001
From: Pierre-Hugues Husson <phh@phh.me>
Date: Mon, 20 Aug 2018 22:38:08 +0200
-Subject: [PATCH 4/4] Also create vendor_ce (same reason as vendor_de)
+Subject: [PATCH 4/8] Also create vendor_ce (same reason as vendor_de)
---
Ext4Crypt.cpp | 2 ++
@@ -21,5 +21,5 @@
if (!prepare_dir(system_ce_path, 0770, AID_SYSTEM, AID_SYSTEM)) return false;
if (!prepare_dir(misc_ce_path, 01771, AID_SYSTEM, AID_MISC)) return false;
--
-2.17.1
+2.21.0
diff --git a/patches/system/vold/0005-Revert-vold-Wrapped-key-support-for-FBE.patch b/patches/system/vold/0005-Revert-vold-Wrapped-key-support-for-FBE.patch
index 8aea5a8..8fda8a5 100644
--- a/patches/system/vold/0005-Revert-vold-Wrapped-key-support-for-FBE.patch
+++ b/patches/system/vold/0005-Revert-vold-Wrapped-key-support-for-FBE.patch
@@ -1,4 +1,4 @@
-From e053b4937154462cd42435631291f9d676c7d942 Mon Sep 17 00:00:00 2001
+From ae3379f770f270fd06e606c22aef55494300efae Mon Sep 17 00:00:00 2001
From: Jackeagle <jackeagle102@gmail.com>
Date: Wed, 19 Dec 2018 17:02:02 +0100
Subject: [PATCH 5/8] Revert "vold: Wrapped key support for FBE"
@@ -586,5 +586,5 @@
void unlockUserKey(int userId, int userSerial, @utf8InCpp String token, @utf8InCpp String secret);
--
-2.17.1
+2.21.0
diff --git a/patches/system/vold/0006-Revert-vold-Move-QCOM-HW-FDE-inclusion-under-Bliss-n.patch b/patches/system/vold/0006-Revert-vold-Move-QCOM-HW-FDE-inclusion-under-Bliss-n.patch
index cc759cf..9625e04 100644
--- a/patches/system/vold/0006-Revert-vold-Move-QCOM-HW-FDE-inclusion-under-Bliss-n.patch
+++ b/patches/system/vold/0006-Revert-vold-Move-QCOM-HW-FDE-inclusion-under-Bliss-n.patch
@@ -1,4 +1,4 @@
-From 1334b7632a1396645469b02ea1295a0f6570031f Mon Sep 17 00:00:00 2001
+From 2de3a9cce115381baf9c174289870659588614f0 Mon Sep 17 00:00:00 2001
From: Jackeagle <jackeagle102@gmail.com>
Date: Wed, 19 Dec 2018 17:02:10 +0100
Subject: [PATCH 6/8] Revert "vold: Move QCOM HW FDE inclusion under Bliss
@@ -50,5 +50,5 @@
},
init_rc: [
--
-2.17.1
+2.21.0
diff --git a/patches/system/vold/0007-Revert-system-vold-Remove-crypto-block-device-creati.patch b/patches/system/vold/0007-Revert-system-vold-Remove-crypto-block-device-creati.patch
index 37c747c..ab07868 100644
--- a/patches/system/vold/0007-Revert-system-vold-Remove-crypto-block-device-creati.patch
+++ b/patches/system/vold/0007-Revert-system-vold-Remove-crypto-block-device-creati.patch
@@ -1,4 +1,4 @@
-From 4c74a335da08da2afd858268b890972661452ac3 Mon Sep 17 00:00:00 2001
+From e9a0844ed2609aba7351c45bc5301437aeb1eb25 Mon Sep 17 00:00:00 2001
From: Jackeagle <jackeagle102@gmail.com>
Date: Wed, 19 Dec 2018 17:02:18 +0100
Subject: [PATCH 7/8] Revert "system: vold: Remove crypto block device
@@ -201,10 +201,10 @@
-#endif
#endif
diff --git a/cryptfs.cpp b/cryptfs.cpp
-index c14c1ad..3452fe3 100644
+index 6352de5..bea9b2f 100644
--- a/cryptfs.cpp
+++ b/cryptfs.cpp
-@@ -1758,9 +1758,6 @@ static void cryptfs_trigger_restart_min_framework()
+@@ -1816,9 +1816,6 @@ static void cryptfs_trigger_restart_min_framework()
static int cryptfs_restart_internal(int restart_main)
{
char crypto_blkdev[MAXPATHLEN];
@@ -214,7 +214,7 @@
int rc = -1;
static int restart_successful = 0;
-@@ -1808,24 +1805,6 @@ static int cryptfs_restart_internal(int restart_main)
+@@ -1866,24 +1863,6 @@ static int cryptfs_restart_internal(int restart_main)
* the tmpfs filesystem, and mount the real one.
*/
@@ -239,7 +239,7 @@
property_get("ro.crypto.fs_crypto_blkdev", crypto_blkdev, "");
if (strlen(crypto_blkdev) == 0) {
SLOGE("fs_crypto_blkdev not set\n");
-@@ -1833,7 +1812,6 @@ static int cryptfs_restart_internal(int restart_main)
+@@ -1891,7 +1870,6 @@ static int cryptfs_restart_internal(int restart_main)
}
if (! (rc = wait_and_unmount(DATA_MNT_POINT, true)) ) {
@@ -247,7 +247,7 @@
/* If ro.crypto.readonly is set to 1, mount the decrypted
* filesystem readonly. This is used when /data is mounted by
* recovery mode.
-@@ -1857,26 +1835,15 @@ static int cryptfs_restart_internal(int restart_main)
+@@ -1915,26 +1893,15 @@ static int cryptfs_restart_internal(int restart_main)
SLOGE("Failed to setexeccon");
return -1;
}
@@ -274,7 +274,7 @@
if (--retries) {
sleep(RETRY_MOUNT_DELAY_SECONDS);
} else {
-@@ -1922,9 +1889,7 @@ static int cryptfs_restart_internal(int restart_main)
+@@ -1980,9 +1947,7 @@ static int cryptfs_restart_internal(int restart_main)
/* Give it a few moments to get started */
sleep(1);
@@ -284,7 +284,7 @@
if (rc == 0) {
restart_successful = 1;
-@@ -2026,14 +1991,12 @@ static int test_mount_hw_encrypted_fs(struct crypt_mnt_ftr* crypt_ftr,
+@@ -2084,14 +2049,12 @@ static int test_mount_hw_encrypted_fs(struct crypt_mnt_ftr* crypt_ftr,
}
else {
if (is_ice_enabled()) {
@@ -299,7 +299,7 @@
} else {
if (create_crypto_blk_dev(crypt_ftr, decrypted_master_key,
real_blkdev, crypto_blkdev, label, 0)) {
-@@ -2053,9 +2016,6 @@ static int test_mount_hw_encrypted_fs(struct crypt_mnt_ftr* crypt_ftr,
+@@ -2111,9 +2074,6 @@ static int test_mount_hw_encrypted_fs(struct crypt_mnt_ftr* crypt_ftr,
/* Save the name of the crypto block device
* so we can mount it when restarting the framework. */
@@ -309,7 +309,7 @@
property_set("ro.crypto.fs_crypto_blkdev", crypto_blkdev);
master_key_saved = 1;
}
-@@ -2813,12 +2773,8 @@ int cryptfs_enable_internal(int crypt_type, const char* passwd, int no_ui) {
+@@ -2871,12 +2831,8 @@ int cryptfs_enable_internal(int crypt_type, const char* passwd, int no_ui) {
decrypt_master_key(passwd, decrypted_master_key, &crypt_ftr, 0, 0);
#ifdef CONFIG_HW_DISK_ENCRYPTION
if (is_hw_disk_encryption((char*)crypt_ftr.crypto_type_name) && is_ice_enabled())
@@ -322,7 +322,7 @@
else
create_crypto_blk_dev(&crypt_ftr, decrypted_master_key, real_blkdev, crypto_blkdev,
CRYPTO_BLOCK_DEVICE, 0);
-@@ -2831,12 +2787,6 @@ int cryptfs_enable_internal(int crypt_type, const char* passwd, int no_ui) {
+@@ -2889,12 +2845,6 @@ int cryptfs_enable_internal(int crypt_type, const char* passwd, int no_ui) {
rc = 0;
if (previously_encrypted_upto) {
__le8 hash_first_block[SHA256_DIGEST_LENGTH];
@@ -335,7 +335,7 @@
rc = cryptfs_SHA256_fileblock(crypto_blkdev, hash_first_block);
if (!rc && memcmp(hash_first_block, crypt_ftr.hash_first_block,
-@@ -2846,23 +2796,11 @@ int cryptfs_enable_internal(int crypt_type, const char* passwd, int no_ui) {
+@@ -2904,23 +2854,11 @@ int cryptfs_enable_internal(int crypt_type, const char* passwd, int no_ui) {
}
}
@@ -359,7 +359,7 @@
/* Calculate checksum if we are not finished */
if (!rc && crypt_ftr.encrypted_upto != crypt_ftr.fs_size) {
rc = cryptfs_SHA256_fileblock(crypto_blkdev,
-@@ -2874,12 +2812,7 @@ int cryptfs_enable_internal(int crypt_type, const char* passwd, int no_ui) {
+@@ -2932,12 +2870,7 @@ int cryptfs_enable_internal(int crypt_type, const char* passwd, int no_ui) {
}
/* Undo the dm-crypt mapping whether we succeed or not */
@@ -373,5 +373,5 @@
if (! rc) {
/* Success */
--
-2.17.1
+2.21.0
diff --git a/patches/system/vold/0008-Revert-vold-Add-Hardware-FDE-feature.patch b/patches/system/vold/0008-Revert-vold-Add-Hardware-FDE-feature.patch
index 7c33769..3368eac 100644
--- a/patches/system/vold/0008-Revert-vold-Add-Hardware-FDE-feature.patch
+++ b/patches/system/vold/0008-Revert-vold-Add-Hardware-FDE-feature.patch
@@ -1,17 +1,20 @@
-From fb99aa2057ddf1c6477777bc02aa4c0d54513a0c Mon Sep 17 00:00:00 2001
+From 3df1faeb7e70914cddefb4fb6ecd27bb989c4cc5 Mon Sep 17 00:00:00 2001
From: Jackeagle <jackeagle102@gmail.com>
-Date: Wed, 19 Dec 2018 17:02:25 +0100
+Date: Mon, 6 May 2019 19:57:11 +0200
Subject: [PATCH 8/8] Revert "vold: Add Hardware FDE feature"
This reverts commit 3585008ea98f4a1caf69d10c32a02e1169eeb248.
+
+Change-Id: I808cd01881cd9c968e9a631adccdbaf22501e650
+Signed-off-by: Jackeagle <jackeagle102@gmail.com>
---
Android.bp | 8 -
VoldNativeService.cpp | 4 +-
VoldNativeService.h | 2 +-
binder/android/os/IVold.aidl | 2 +-
- cryptfs.cpp | 637 +++--------------------------------
+ cryptfs.cpp | 638 +++--------------------------------
cryptfs.h | 10 +-
- 6 files changed, 49 insertions(+), 614 deletions(-)
+ 6 files changed, 50 insertions(+), 614 deletions(-)
diff --git a/Android.bp b/Android.bp
index ffb139e..48dfaaf 100644
@@ -84,12 +87,12 @@
@utf8InCpp String fdeGetField(@utf8InCpp String key);
void fdeSetField(@utf8InCpp String key, @utf8InCpp String value);
diff --git a/cryptfs.cpp b/cryptfs.cpp
-index 3452fe3..5a061bb 100644
+index bea9b2f..7aee819 100644
--- a/cryptfs.cpp
+++ b/cryptfs.cpp
-@@ -63,9 +63,6 @@
- #include "Keymaster.h"
+@@ -66,9 +66,6 @@
#include "android-base/properties.h"
+ #include "android-base/stringprintf.h"
#include <bootloader_message/bootloader_message.h>
-#ifdef CONFIG_HW_DISK_ENCRYPTION
-#include <cryptfs_hw.h>
@@ -97,7 +100,7 @@
extern "C" {
#include <crypto_scrypt.h>
}
-@@ -87,7 +84,6 @@ static_assert(INTERMEDIATE_BUF_SIZE == SCRYPT_LEN,
+@@ -94,7 +91,6 @@ static_assert(INTERMEDIATE_BUF_SIZE == SCRYPT_LEN,
#define KEY_IN_FOOTER "footer"
@@ -105,7 +108,7 @@
#define DEFAULT_PASSWORD "default_password"
#define CRYPTO_BLOCK_DEVICE "userdata"
-@@ -103,7 +99,6 @@ static_assert(INTERMEDIATE_BUF_SIZE == SCRYPT_LEN,
+@@ -110,7 +106,6 @@ static_assert(INTERMEDIATE_BUF_SIZE == SCRYPT_LEN,
#define RSA_KEY_SIZE_BYTES (RSA_KEY_SIZE / 8)
#define RSA_EXPONENT 0x10001
#define KEYMASTER_CRYPTFS_RATE_LIMIT 1 // Maximum one try per second
@@ -113,7 +116,7 @@
#define RETRY_MOUNT_ATTEMPTS 10
#define RETRY_MOUNT_DELAY_SECONDS 1
-@@ -117,151 +112,6 @@ static char *saved_mount_point;
+@@ -124,151 +119,6 @@ static char *saved_mount_point;
static int master_key_saved = 0;
static struct crypt_persist_data *persist_data = NULL;
@@ -265,7 +268,7 @@
/* Should we use keymaster? */
static int keymaster_check_compatibility()
{
-@@ -1150,36 +1000,16 @@ static int load_crypto_mapping_table(struct crypt_mnt_ftr *crypt_ftr,
+@@ -1161,40 +1011,21 @@ static int load_crypto_mapping_table(struct crypt_mnt_ftr *crypt_ftr,
tgt->status = 0;
tgt->sector_start = 0;
tgt->length = crypt_ftr->fs_size;
@@ -275,8 +278,12 @@
+ convert_key_to_hex_ascii(master_key, crypt_ftr->keysize, master_key_ascii);
+
buff_offset = crypt_params - buffer;
- SLOGI("Extra parameters for dm_crypt: %s\n", extra_params);
--
++
+ SLOGI(
+ "Creating crypto dev \"%s\"; cipher=%s, keysize=%u, real_dev=%s, len=%llu, params=\"%s\"\n",
+ name, crypt_ftr->crypto_type_name, crypt_ftr->keysize, real_blk_name, tgt->length * 512,
+ extra_params);
+-
-#ifdef CONFIG_HW_DISK_ENCRYPTION
- if(is_hw_disk_encryption((char*)crypt_ftr->crypto_type_name)) {
- strlcpy(tgt->target_type, "req-crypt",DM_MAX_TYPE_NAME);
@@ -298,6 +305,7 @@
-#else
- convert_key_to_hex_ascii(master_key, crypt_ftr->keysize, master_key_ascii);
- strlcpy(tgt->target_type, "crypt", DM_MAX_TYPE_NAME);
+
snprintf(crypt_params, sizeof(buffer) - buff_offset, "%s %s 0 %s 0 %s",
crypt_ftr->crypto_type_name, master_key_ascii, real_blk_name,
extra_params);
@@ -306,7 +314,7 @@
crypt_params += strlen(crypt_params) + 1;
crypt_params = (char *) (((unsigned long)crypt_params + 7) & ~8); /* Align to an 8 byte boundary */
tgt->next = crypt_params - buffer;
-@@ -1199,6 +1029,7 @@ static int load_crypto_mapping_table(struct crypt_mnt_ftr *crypt_ftr,
+@@ -1214,6 +1045,7 @@ static int load_crypto_mapping_table(struct crypt_mnt_ftr *crypt_ftr,
}
}
@@ -314,7 +322,7 @@
static int get_dm_crypt_version(int fd, const char *name, int *version)
{
char buffer[DM_CRYPT_BUF_SIZE];
-@@ -1218,11 +1049,7 @@ static int get_dm_crypt_version(int fd, const char *name, int *version)
+@@ -1233,11 +1065,7 @@ static int get_dm_crypt_version(int fd, const char *name, int *version)
*/
v = (struct dm_target_versions *) &buffer[sizeof(struct dm_ioctl)];
while (v->next) {
@@ -326,7 +334,7 @@
/* We found the crypt driver, return the version, and get out */
version[0] = v->version[0];
version[1] = v->version[1];
-@@ -1235,7 +1062,6 @@ static int get_dm_crypt_version(int fd, const char *name, int *version)
+@@ -1250,7 +1078,6 @@ static int get_dm_crypt_version(int fd, const char *name, int *version)
return -1;
}
@@ -334,15 +342,15 @@
static std::string extra_params_as_string(const std::vector<std::string>& extra_params_vec) {
if (extra_params_vec.empty()) return "";
std::string extra_params = std::to_string(extra_params_vec.size());
-@@ -1245,7 +1071,6 @@ static std::string extra_params_as_string(const std::vector<std::string>& extra_
+@@ -1260,7 +1087,6 @@ static std::string extra_params_as_string(const std::vector<std::string>& extra_
}
return extra_params;
}
-#endif
- static int create_crypto_blk_dev(struct crypt_mnt_ftr* crypt_ftr, const unsigned char* master_key,
- const char* real_blk_name, char* crypto_blk_name, const char* name,
-@@ -1258,13 +1083,7 @@ static int create_crypto_blk_dev(struct crypt_mnt_ftr* crypt_ftr, const unsigned
+ /*
+ * If the ro.crypto.fde_sector_size system property is set, append the
+@@ -1306,13 +1132,7 @@ static int create_crypto_blk_dev(struct crypt_mnt_ftr* crypt_ftr, const unsigned
int retval = -1;
int version[3];
int load_count;
@@ -356,7 +364,7 @@
if ((fd = open("/dev/device-mapper", O_RDWR | O_CLOEXEC)) < 0) {
SLOGE("Cannot open device-mapper\n");
-@@ -1289,45 +1108,6 @@ static int create_crypto_blk_dev(struct crypt_mnt_ftr* crypt_ftr, const unsigned
+@@ -1337,45 +1157,6 @@ static int create_crypto_blk_dev(struct crypt_mnt_ftr* crypt_ftr, const unsigned
minor = (io->dev & 0xff) | ((io->dev >> 12) & 0xfff00);
snprintf(crypto_blk_name, MAXPATHLEN, "/dev/block/dm-%u", minor);
@@ -402,7 +410,7 @@
if (!get_dm_crypt_version(fd, name, version)) {
/* Support for allow_discards was added in version 1.11.0 */
if ((version[0] >= 2) || ((version[0] == 1) && (version[1] >= 11))) {
-@@ -1339,7 +1119,6 @@ static int create_crypto_blk_dev(struct crypt_mnt_ftr* crypt_ftr, const unsigned
+@@ -1391,7 +1172,6 @@ static int create_crypto_blk_dev(struct crypt_mnt_ftr* crypt_ftr, const unsigned
}
load_count = load_crypto_mapping_table(crypt_ftr, master_key, real_blk_name, name, fd,
extra_params_as_string(extra_params_vec).c_str());
@@ -410,7 +418,7 @@
if (load_count < 0) {
SLOGE("Cannot load dm-crypt mapping table.\n");
goto errout;
-@@ -1468,8 +1247,7 @@ static int scrypt_keymaster(const char *passwd, const unsigned char *salt,
+@@ -1526,8 +1306,7 @@ static int scrypt_keymaster(const char *passwd, const unsigned char *salt,
static int encrypt_master_key(const char *passwd, const unsigned char *salt,
const unsigned char *decrypted_master_key,
unsigned char *encrypted_master_key,
@@ -420,7 +428,7 @@
{
unsigned char ikey[INTERMEDIATE_BUF_SIZE] = { 0 };
EVP_CIPHER_CTX e_ctx;
-@@ -1481,7 +1259,7 @@ static int encrypt_master_key(const char *passwd, const unsigned char *salt,
+@@ -1539,7 +1318,7 @@ static int encrypt_master_key(const char *passwd, const unsigned char *salt,
switch (crypt_ftr->kdf_type) {
case KDF_SCRYPT_KEYMASTER:
@@ -429,7 +437,7 @@
SLOGE("keymaster_create_key failed");
return -1;
}
-@@ -1651,13 +1429,13 @@ static int create_encrypted_random_key(const char *passwd, unsigned char *master
+@@ -1709,13 +1488,13 @@ static int create_encrypted_random_key(const char *passwd, unsigned char *master
close(fd);
/* Now encrypt it with the password */
@@ -445,7 +453,7 @@
/* Now umount the tmpfs filesystem */
for (i=0; i<WAIT_UNMOUNT_COUNT; i++) {
-@@ -1674,18 +1452,18 @@ int wait_and_unmount(const char *mountpoint, bool kill)
+@@ -1732,18 +1511,18 @@ int wait_and_unmount(const char *mountpoint, bool kill)
err = errno;
@@ -468,7 +476,7 @@
}
if (i < WAIT_UNMOUNT_COUNT) {
-@@ -1852,17 +1630,6 @@ static int cryptfs_restart_internal(int restart_main)
+@@ -1910,17 +1689,6 @@ static int cryptfs_restart_internal(int restart_main)
cryptfs_reboot(RebootType::reboot);
}
} else {
@@ -486,7 +494,7 @@
SLOGE("Failed to mount decrypted data");
cryptfs_set_corrupt();
cryptfs_trigger_restart_min_framework();
-@@ -1871,7 +1638,6 @@ static int cryptfs_restart_internal(int restart_main)
+@@ -1929,7 +1697,6 @@ static int cryptfs_restart_internal(int restart_main)
SLOGE("Failed to setexeccon");
}
return -1;
@@ -494,7 +502,7 @@
}
}
if (setexeccon(NULL)) {
-@@ -1966,66 +1732,6 @@ static int do_crypto_complete(const char *mount_point)
+@@ -2024,66 +1791,6 @@ static int do_crypto_complete(const char *mount_point)
return CRYPTO_COMPLETE_ENCRYPTED;
}
@@ -561,7 +569,7 @@
static int test_mount_encrypted_fs(struct crypt_mnt_ftr* crypt_ftr,
const char *passwd, const char *mount_point, const char *label)
{
-@@ -2132,7 +1838,7 @@ static int test_mount_encrypted_fs(struct crypt_mnt_ftr* crypt_ftr,
+@@ -2190,7 +1897,7 @@ static int test_mount_encrypted_fs(struct crypt_mnt_ftr* crypt_ftr,
if (upgrade) {
rc = encrypt_master_key(passwd, crypt_ftr->salt, saved_master_key,
@@ -570,7 +578,7 @@
if (!rc) {
rc = put_crypt_ftr_and_key(crypt_ftr);
}
-@@ -2229,66 +1935,6 @@ int check_unmounted_and_get_ftr(struct crypt_mnt_ftr* crypt_ftr)
+@@ -2287,66 +1994,6 @@ int check_unmounted_and_get_ftr(struct crypt_mnt_ftr* crypt_ftr)
return 0;
}
@@ -637,7 +645,7 @@
int cryptfs_check_passwd(const char *passwd)
{
SLOGI("cryptfs_check_passwd");
-@@ -2306,14 +1952,8 @@ int cryptfs_check_passwd(const char *passwd)
+@@ -2364,14 +2011,8 @@ int cryptfs_check_passwd(const char *passwd)
return rc;
}
@@ -652,7 +660,7 @@
if (rc) {
SLOGE("Password did not match");
return rc;
-@@ -2334,7 +1974,7 @@ int cryptfs_check_passwd(const char *passwd)
+@@ -2392,7 +2033,7 @@ int cryptfs_check_passwd(const char *passwd)
crypt_ftr.flags &= ~CRYPT_FORCE_COMPLETE;
put_crypt_ftr_and_key(&crypt_ftr);
@@ -661,7 +669,7 @@
if (rc) {
SLOGE("Could not change password on reboot encryption");
return rc;
-@@ -2384,24 +2024,6 @@ int cryptfs_verify_passwd(const char *passwd)
+@@ -2442,24 +2083,6 @@ int cryptfs_verify_passwd(const char *passwd)
/* If the device has no password, then just say the password is valid */
rc = 0;
} else {
@@ -686,7 +694,7 @@
decrypt_master_key(passwd, decrypted_master_key, &crypt_ftr, 0, 0);
if (!memcmp(decrypted_master_key, saved_master_key, crypt_ftr.keysize)) {
/* They match, the password is correct */
-@@ -2411,7 +2033,6 @@ int cryptfs_verify_passwd(const char *passwd)
+@@ -2469,7 +2092,6 @@ int cryptfs_verify_passwd(const char *passwd)
sleep(1);
rc = 1;
}
@@ -694,7 +702,7 @@
}
return rc;
-@@ -2535,12 +2156,6 @@ int cryptfs_enable_internal(int crypt_type, const char* passwd, int no_ui) {
+@@ -2593,12 +2215,6 @@ int cryptfs_enable_internal(int crypt_type, const char* passwd, int no_ui) {
off64_t previously_encrypted_upto = 0;
bool rebootEncryption = false;
bool onlyCreateHeader = false;
@@ -707,7 +715,7 @@
int fd = -1;
if (get_crypt_ftr_and_key(&crypt_ftr) == 0) {
-@@ -2645,6 +2260,30 @@ int cryptfs_enable_internal(int crypt_type, const char* passwd, int no_ui) {
+@@ -2703,6 +2319,30 @@ int cryptfs_enable_internal(int crypt_type, const char* passwd, int no_ui) {
fclose(breadcrumb);
}
@@ -738,7 +746,7 @@
/* Start the actual work of making an encrypted filesystem */
/* Initialize a crypt_mnt_ftr for the partition */
if (previously_encrypted_upto == 0 && !rebootEncryption) {
-@@ -2668,11 +2307,7 @@ int cryptfs_enable_internal(int crypt_type, const char* passwd, int no_ui) {
+@@ -2726,11 +2366,7 @@ int cryptfs_enable_internal(int crypt_type, const char* passwd, int no_ui) {
crypt_ftr.flags |= CRYPT_INCONSISTENT_STATE;
}
crypt_ftr.crypt_type = crypt_type;
@@ -750,7 +758,7 @@
/* Make an encrypted master key */
if (create_encrypted_random_key(onlyCreateHeader ? DEFAULT_PASSWORD : passwd,
-@@ -2687,7 +2322,7 @@ int cryptfs_enable_internal(int crypt_type, const char* passwd, int no_ui) {
+@@ -2745,7 +2381,7 @@ int cryptfs_enable_internal(int crypt_type, const char* passwd, int no_ui) {
unsigned char encrypted_fake_master_key[MAX_KEY_LEN];
memset(fake_master_key, 0, sizeof(fake_master_key));
encrypt_master_key(passwd, crypt_ftr.salt, fake_master_key,
@@ -759,7 +767,7 @@
}
/* Write the key to the end of the partition */
-@@ -2708,57 +2343,12 @@ int cryptfs_enable_internal(int crypt_type, const char* passwd, int no_ui) {
+@@ -2766,57 +2402,12 @@ int cryptfs_enable_internal(int crypt_type, const char* passwd, int no_ui) {
}
}
@@ -819,7 +827,7 @@
/* startup service classes main and late_start */
property_set("vold.decrypt", "trigger_restart_min_framework");
SLOGD("Just triggered restart_min_framework\n");
-@@ -2771,17 +2361,8 @@ int cryptfs_enable_internal(int crypt_type, const char* passwd, int no_ui) {
+@@ -2829,17 +2420,8 @@ int cryptfs_enable_internal(int crypt_type, const char* passwd, int no_ui) {
}
decrypt_master_key(passwd, decrypted_master_key, &crypt_ftr, 0, 0);
@@ -837,7 +845,7 @@
/* If we are continuing, check checksums match */
rc = 0;
-@@ -2915,7 +2496,7 @@ int cryptfs_enable_default(int no_ui) {
+@@ -2973,7 +2555,7 @@ int cryptfs_enable_default(int no_ui) {
return cryptfs_enable_internal(CRYPT_TYPE_DEFAULT, DEFAULT_PASSWORD, no_ui);
}
@@ -846,7 +854,7 @@
{
if (e4crypt_is_native()) {
SLOGE("cryptfs_changepw not valid for file encryption");
-@@ -2942,28 +2523,6 @@ int cryptfs_changepw(int crypt_type, const char *currentpw, const char *newpw)
+@@ -3000,28 +2582,6 @@ int cryptfs_changepw(int crypt_type, const char *currentpw, const char *newpw)
return -1;
}
@@ -875,7 +883,7 @@
crypt_ftr.crypt_type = crypt_type;
rc = encrypt_master_key(crypt_type == CRYPT_TYPE_DEFAULT ? DEFAULT_PASSWORD
-@@ -2971,7 +2530,7 @@ int cryptfs_changepw(int crypt_type, const char *currentpw, const char *newpw)
+@@ -3029,7 +2589,7 @@ int cryptfs_changepw(int crypt_type, const char *currentpw, const char *newpw)
crypt_ftr.salt,
saved_master_key,
crypt_ftr.master_key,
@@ -884,7 +892,7 @@
if (rc) {
SLOGE("Encrypt master key failed: %d", rc);
return -1;
-@@ -2979,57 +2538,8 @@ int cryptfs_changepw(int crypt_type, const char *currentpw, const char *newpw)
+@@ -3037,57 +2597,8 @@ int cryptfs_changepw(int crypt_type, const char *currentpw, const char *newpw)
/* save the key */
put_crypt_ftr_and_key(&crypt_ftr);
@@ -942,7 +950,7 @@
static unsigned int persist_get_max_entries(int encrypted) {
struct crypt_mnt_ftr crypt_ftr;
-@@ -3432,62 +2942,3 @@ int cryptfs_isConvertibleToFBE()
+@@ -3489,62 +3000,3 @@ int cryptfs_isConvertibleToFBE()
struct fstab_rec* rec = fs_mgr_get_entry_for_mount_point(fstab_default, DATA_MNT_POINT);
return fs_mgr_is_convertible_to_fbe(rec) ? 1 : 0;
}
@@ -1034,5 +1042,5 @@
int cryptfs_setup_ext_volume(const char* label, const char* real_blkdev, const unsigned char* key,
char* out_crypto_blkdev);
--
-2.17.1
+2.21.0