4 files changed, 32 insertions, 8 deletions

diff --git a/ext4_utils/ext4_crypt_init_extensions.cpp b/ext4_utils/ext4_crypt_init_extensions.cpp
index aab7cbfc..64ec330c 100644
--- a/ext4_utils/ext4_crypt_init_extensions.cpp
+++ b/ext4_utils/ext4_crypt_init_extensions.cpp
@@ -37,7 +37,7 @@ static std::string vold_command(std::string const& command)
     }
 
     if (sock < 0) {
-        KLOG_INFO(TAG, "Cannot open vold, failing command\n");
+        KLOG_INFO(TAG, "Cannot open vold, failing command (%s)\n", strerror(errno));
         return "";
     }
 
@@ -55,7 +55,7 @@ static std::string vold_command(std::string const& command)
     // framework is down, so this is (mostly) OK.
     std::string actual_command = arbitrary_sequence_number + " " + command;
     if (write(sock, actual_command.c_str(), actual_command.size() + 1) < 0) {
-        KLOG_ERROR(TAG, "Cannot write command\n");
+        KLOG_ERROR(TAG, "Cannot write command (%s)\n", strerror(errno));
         return "";
     }
 
@@ -63,7 +63,7 @@ static std::string vold_command(std::string const& command)
 
     int rc = TEMP_FAILURE_RETRY(poll(&poll_sock, 1, vold_command_timeout_ms));
     if (rc < 0) {
-        KLOG_ERROR(TAG, "Error in poll %s\n", strerror(errno));
+        KLOG_ERROR(TAG, "Error in poll (%s)\n", strerror(errno));
         return "";
     }
 
@@ -104,7 +104,7 @@ int e4crypt_create_device_key(const char* dir,
 
     // Make sure folder exists. Use make_dir to set selinux permissions.
     if (ensure_dir_exists(UnencryptedProperties::GetPath(dir).c_str())) {
-        KLOG_ERROR(TAG, "Failed to create %s with error %s\n",
+        KLOG_ERROR(TAG, "Failed to create %s (%s)\n",
                    UnencryptedProperties::GetPath(dir).c_str(),
                    strerror(errno));
         return -1;
@@ -124,7 +124,7 @@ int e4crypt_install_keyring()
                                           KEY_SPEC_SESSION_KEYRING);
 
     if (device_keyring == -1) {
-        KLOG_ERROR(TAG, "Failed to create keyring\n");
+        KLOG_ERROR(TAG, "Failed to create keyring (%s)\n", strerror(errno));
         return -1;
     }
 
@@ -143,6 +143,12 @@ int e4crypt_set_directory_policy(const char* dir)
     if (!dir || strncmp(dir, "/data/", 6) || strchr(dir + 6, '/')) {
         return 0;
     }
+
+    // Don't encrypt lost+found - ext4 doesn't like it
+    if (!strcmp(dir, "/data/lost+found")) {
+        return 0;
+    }
+
     // ext4enc:TODO exclude /data/user with a horrible special case.
     if (!strcmp(dir, "/data/user")) {
         return 0;
@@ -158,10 +164,20 @@ int e4crypt_set_directory_policy(const char* dir)
     KLOG_INFO(TAG, "Setting policy on %s\n", dir);
     int result = do_policy_set(dir, policy.c_str(), policy.size());
     if (result) {
-        KLOG_ERROR(TAG, "Setting %s policy on %s failed!\n",
-                   policy.c_str(), dir);
+        KLOG_ERROR(TAG, "Setting %02x%02x%02x%02x policy on %s failed!\n",
+                   policy[0], policy[1], policy[2], policy[3], dir);
         return -1;
     }
 
     return 0;
 }
+
+int e4crypt_set_user_crypto_policies(const char* dir)
+{
+    auto command = std::string() + "cryptfs setusercryptopolicies " + dir;
+    auto result = vold_command(command);
+    // ext4enc:TODO proper error handling
+    KLOG_INFO(TAG, "setusercryptopolicies returned with result %s\n",
+              result.c_str());
+    return 0;
+}
diff --git a/ext4_utils/ext4_crypt_init_extensions.h b/ext4_utils/ext4_crypt_init_extensions.h
index 79311246..d02d181d 100644
--- a/ext4_utils/ext4_crypt_init_extensions.h
+++ b/ext4_utils/ext4_crypt_init_extensions.h
@@ -11,5 +11,6 @@ int e4crypt_create_device_key(const char* path,
 int e4crypt_set_directory_policy(const char* path);
 bool e4crypt_non_default_key(const char* path);
 int do_policy_set(const char *directory, const char *policy, int policy_length);
+int e4crypt_set_user_crypto_policies(const char* path);
 
 __END_DECLS
diff --git a/ext4_utils/key_control.cpp b/ext4_utils/key_control.cpp
index 3d775b7f..39bd1401 100644
--- a/ext4_utils/key_control.cpp
+++ b/ext4_utils/key_control.cpp
@@ -5,8 +5,8 @@
 #include <sys/syscall.h>
 
 /* keyring keyctl commands */
+#define KEYCTL_REVOKE         3 /* revoke a key */
 #define KEYCTL_SETPERM        5 /* set permissions for a key in a keyring */
-#define KEYCTL_UNLINK         9 /* unlink a key from a keyring */
 #define KEYCTL_SEARCH        10 /* search for a key in a keyring */
 
 static long keyctl(int cmd, ...)
@@ -32,6 +32,11 @@ key_serial_t add_key(const char *type,
     return syscall(__NR_add_key, type, description, payload, plen, ringid);
 }
 
+long keyctl_revoke(key_serial_t id)
+{
+    return keyctl(KEYCTL_REVOKE, id);
+}
+
 long keyctl_setperm(key_serial_t id, int permissions)
 {
     return keyctl(KEYCTL_SETPERM, id, permissions);
diff --git a/ext4_utils/key_control.h b/ext4_utils/key_control.h
index 8e6e32ba..bbf0acec 100644
--- a/ext4_utils/key_control.h
+++ b/ext4_utils/key_control.h
@@ -21,6 +21,8 @@ key_serial_t add_key(const char *type,
                      size_t plen,
                      key_serial_t ringid);
 
+long keyctl_revoke(key_serial_t id);
+
 long keyctl_setperm(key_serial_t id, int permissions);
 
 long keyctl_search(key_serial_t ringid, const char *type,