diff options
author | android-build-team Robot <android-build-team-robot@google.com> | 2019-10-28 15:33:42 +0000 |
---|---|---|
committer | android-build-team Robot <android-build-team-robot@google.com> | 2019-10-28 15:33:42 +0000 |
commit | 508690b456646f8b170430db9e058242c07db534 (patch) | |
tree | dae50f52f0feab27b99840bd90933bff782b5421 | |
parent | 732faaeb9405627b8777627f473fe04950f5fec6 (diff) | |
parent | 1b535e41fd6c1b666cf806aae782cf621b7782bc (diff) | |
download | vold-android10-d4-release.tar.gz |
Snap for 5970985 from 1b535e41fd6c1b666cf806aae782cf621b7782bc to qt-d4-releaseandroid-10.0.0_r45android-10.0.0_r44android-10.0.0_r43android-10.0.0_r42android10-d4-s1-releaseandroid10-d4-release
Change-Id: I93cc32d700fa5d6899dfc8dae941c19a19455b9f
-rw-r--r-- | Checkpoint.cpp | 7 | ||||
-rw-r--r-- | FsCrypt.cpp | 19 | ||||
-rw-r--r-- | FsCrypt.h | 2 | ||||
-rw-r--r-- | VoldNativeService.cpp | 2 |
4 files changed, 22 insertions, 8 deletions
diff --git a/Checkpoint.cpp b/Checkpoint.cpp index c8af08c2..3f688f8f 100644 --- a/Checkpoint.cpp +++ b/Checkpoint.cpp @@ -244,6 +244,11 @@ bool cp_needsRollback() { } bool cp_needsCheckpoint() { + // Make sure we only return true during boot. See b/138952436 for discussion + static bool called_once = false; + if (called_once) return isCheckpointing; + called_once = true; + bool ret; std::string content; sp<IBootControl> module = IBootControl::getService(); @@ -317,6 +322,8 @@ static void cp_healthDaemon(std::string mnt_pnt, std::string blk_device, bool is } // namespace Status cp_prepareCheckpoint() { + // Log to notify CTS - see b/137924328 for context + LOG(INFO) << "cp_prepareCheckpoint called"; if (!isCheckpointing) { return Status::ok(); } diff --git a/FsCrypt.cpp b/FsCrypt.cpp index 2a8e110b..07560e0b 100644 --- a/FsCrypt.cpp +++ b/FsCrypt.cpp @@ -84,7 +84,7 @@ const std::string prepare_subdirs_path = "/system/bin/vold_prepare_subdirs"; const std::string systemwide_volume_key_dir = std::string() + DATA_MNT_POINT + "/misc/vold/volume_keys"; -bool s_global_de_initialized = false; +bool s_systemwide_keys_initialized = false; // Some users are ephemeral, don't try to wipe their keys from disk std::set<userid_t> s_ephemeral_users; @@ -335,10 +335,10 @@ static bool load_all_de_keys() { return true; } -bool fscrypt_initialize_global_de() { - LOG(INFO) << "fscrypt_initialize_global_de"; +bool fscrypt_initialize_systemwide_keys() { + LOG(INFO) << "fscrypt_initialize_systemwide_keys"; - if (s_global_de_initialized) { + if (s_systemwide_keys_initialized) { LOG(INFO) << "Already initialized"; return true; } @@ -355,11 +355,18 @@ bool fscrypt_initialize_global_de() { std::string ref_filename = std::string("/data") + fscrypt_key_ref; if (!android::vold::writeStringToFile(device_ref.key_raw_ref, ref_filename)) return false; - LOG(INFO) << "Wrote system DE key reference to:" << ref_filename; + KeyBuffer per_boot_key; + if (!android::vold::randomKey(&per_boot_key)) return false; + std::string per_boot_raw_ref; + if (!android::vold::installKey(per_boot_key, &per_boot_raw_ref)) return false; + std::string per_boot_ref_filename = std::string("/data") + fscrypt_key_per_boot_ref; + if (!android::vold::writeStringToFile(per_boot_raw_ref, per_boot_ref_filename)) return false; + LOG(INFO) << "Wrote per boot key reference to:" << per_boot_ref_filename; + if (!android::vold::FsyncDirectory(device_key_dir)) return false; - s_global_de_initialized = true; + s_systemwide_keys_initialized = true; return true; } @@ -18,7 +18,7 @@ #include <cutils/multiuser.h> -bool fscrypt_initialize_global_de(); +bool fscrypt_initialize_systemwide_keys(); bool fscrypt_init_user0(); bool fscrypt_vold_create_user_key(userid_t user_id, int serial, bool ephemeral); diff --git a/VoldNativeService.cpp b/VoldNativeService.cpp index 1762b70f..7f7f2897 100644 --- a/VoldNativeService.cpp +++ b/VoldNativeService.cpp @@ -691,7 +691,7 @@ binder::Status VoldNativeService::fbeEnable() { ENFORCE_UID(AID_SYSTEM); ACQUIRE_CRYPT_LOCK; - return translateBool(fscrypt_initialize_global_de()); + return translateBool(fscrypt_initialize_systemwide_keys()); } binder::Status VoldNativeService::mountDefaultEncrypted() { |