From 4bebc6a04656ba1798b27d88e508b7b01c39f662 Mon Sep 17 00:00:00 2001 From: Paul Crowley Date: Thu, 10 Aug 2017 15:24:52 -0700 Subject: Try to encrypt /data/media/obb but ignore failures Bug: 64566063 Test: We test whether it's encrypted by trying to move a file from /data/unencrypted into it. Used this test to make sure directory was encrypted before change. Left file in directory, rebooted with change, tested that it was still unencrypted. Deleted all files in directory, rebooted again, tested that unencrypted files could no longer be moved into directory. Change-Id: I50df4949fb495ca8996c8a54e238af56a71f5df9 --- ext4_utils/ext4_crypt_init_extensions.cpp | 18 +++++++++++++++++- 1 file changed, 17 insertions(+), 1 deletion(-) diff --git a/ext4_utils/ext4_crypt_init_extensions.cpp b/ext4_utils/ext4_crypt_init_extensions.cpp index 2bf88012..35a1c219 100644 --- a/ext4_utils/ext4_crypt_init_extensions.cpp +++ b/ext4_utils/ext4_crypt_init_extensions.cpp @@ -41,6 +41,8 @@ static const std::string arbitrary_sequence_number = "42"; static const int vold_command_timeout_ms = 60 * 1000; +static int set_system_de_policy_on(char const* dir); + int e4crypt_install_keyring() { key_serial_t device_keyring = add_key("keyring", "e4crypt", 0, 0, @@ -58,11 +60,22 @@ int e4crypt_install_keyring() int e4crypt_set_directory_policy(const char* dir) { + if (!dir || strncmp(dir, "/data/", 6)) { + return 0; + } + + // Special-case /data/media/obb per b/64566063 + if (strcmp(dir, "/data/media/obb") == 0) { + // Try to set policy on this directory, but if it is non-empty this may fail. + set_system_de_policy_on(dir); + return 0; + } + // Only set policy on first level /data directories // To make this less restrictive, consider using a policy file. // However this is overkill for as long as the policy is simply // to apply a global policy to all /data folders created via makedir - if (!dir || strncmp(dir, "/data/", 6) || strchr(dir + 6, '/')) { + if (strchr(dir + 6, '/')) { return 0; } @@ -83,7 +96,10 @@ int e4crypt_set_directory_policy(const char* dir) return 0; } } + return set_system_de_policy_on(dir); +} +static int set_system_de_policy_on(char const* dir) { std::string ref_filename = std::string("/data") + e4crypt_key_ref; std::string policy; if (!android::base::ReadFileToString(ref_filename, &policy)) { -- cgit v1.2.3 From 36e33dd549f01a773b49d6307fc5c8925ef4d768 Mon Sep 17 00:00:00 2001 From: Pavlin Radoslavov Date: Wed, 23 Aug 2017 15:04:39 -0700 Subject: Add missing libdl dependencies Bug: 62815515 Test: lunch full-eng; make checkbuild Merged-In: Iad3cf98d7c9e659ee517caf352613334215ea397 Change-Id: Iad3cf98d7c9e659ee517caf352613334215ea397 (cherry picked from commit 63562198ec26233ab48b22ee0b436e731f52bba0) --- perfprofd/Android.bp | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/perfprofd/Android.bp b/perfprofd/Android.bp index 58926dc2..0842dc98 100644 --- a/perfprofd/Android.bp +++ b/perfprofd/Android.bp @@ -66,7 +66,7 @@ cc_binary { "libcutils" ], system_shared_libs: [ - "libc", + "libc", "libdl", ], cppflags: perfprofd_cppflags, -- cgit v1.2.3