diff options
author | android-build-team Robot <android-build-team-robot@google.com> | 2020-07-08 03:04:45 +0000 |
---|---|---|
committer | android-build-team Robot <android-build-team-robot@google.com> | 2020-07-08 03:04:45 +0000 |
commit | 1b9d0b582251931ef761325ce278f116fe726827 (patch) | |
tree | cb2762ef9c3a5db376fdccd9480c23e5c380148e | |
parent | 799b8046a91050ead36e2e9e04f73aa6a521736f (diff) | |
parent | 32de8f096284c67d90c8bb97cb7596d2b8256346 (diff) | |
download | vold-android11-mainline-release.tar.gz |
Snap for 6660892 from 32de8f096284c67d90c8bb97cb7596d2b8256346 to mainline-releaser_aml_301500702android-mainline-12.0.0_r55android-mainline-11.0.0_r9android-mainline-11.0.0_r8android-mainline-11.0.0_r7android-mainline-11.0.0_r6android-mainline-11.0.0_r5android-mainline-11.0.0_r45android-mainline-11.0.0_r4android-mainline-11.0.0_r33android-mainline-11.0.0_r3android-mainline-11.0.0_r29android-mainline-11.0.0_r2android-mainline-11.0.0_r19android-mainline-11.0.0_r10android-mainline-11.0.0_r1android11-mainline-sparse-2021-jan-releaseandroid11-mainline-sparse-2020-dec-releaseandroid11-mainline-release
Change-Id: I5319d9834ea60b242007dab7c3e220966eee264c
-rw-r--r-- | FsCrypt.cpp | 36 |
1 files changed, 36 insertions, 0 deletions
diff --git a/FsCrypt.cpp b/FsCrypt.cpp index 4d5cd335..e21524ac 100644 --- a/FsCrypt.cpp +++ b/FsCrypt.cpp @@ -52,6 +52,7 @@ #include <fscrypt/fscrypt.h> #include <keyutils.h> +#include <libdm/dm.h> #include <android-base/file.h> #include <android-base/logging.h> @@ -60,6 +61,9 @@ #include <android-base/strings.h> #include <android-base/unique_fd.h> +using android::base::Basename; +using android::base::Realpath; +using android::base::StartsWith; using android::base::StringPrintf; using android::fs_mgr::GetEntryForMountPoint; using android::vold::BuildDataPath; @@ -73,6 +77,7 @@ using android::vold::SetQuotaInherit; using android::vold::SetQuotaProjectId; using android::vold::writeStringToFile; using namespace android::fscrypt; +using namespace android::dm; namespace { @@ -203,6 +208,26 @@ static bool read_and_fixate_user_ce_key(userid_t user_id, return false; } +static bool IsEmmcStorage(const std::string& blk_device) { + // Handle symlinks. + std::string real_path; + if (!Realpath(blk_device, &real_path)) { + real_path = blk_device; + } + + // Handle logical volumes. + auto& dm = DeviceMapper::Instance(); + for (;;) { + auto parent = dm.GetParentBlockDeviceByPath(real_path); + if (!parent.has_value()) break; + real_path = *parent; + } + + // Now we should have the "real" block device. + LOG(DEBUG) << "IsEmmcStorage(): blk_device = " << blk_device << ", real_path=" << real_path; + return StartsWith(Basename(real_path), "mmcblk"); +} + // Retrieve the options to use for encryption policies on the /data filesystem. static bool get_data_file_encryption_options(EncryptionOptions* options) { auto entry = GetEntryForMountPoint(&fstab_default, DATA_MNT_POINT); @@ -215,6 +240,12 @@ static bool get_data_file_encryption_options(EncryptionOptions* options) { << entry->encryption_options; return false; } + if ((options->flags & FSCRYPT_POLICY_FLAG_IV_INO_LBLK_32) && + !IsEmmcStorage(entry->blk_device)) { + LOG(ERROR) << "The emmc_optimized encryption flag is only allowed on eMMC storage. Remove " + "this flag from the device's fstab"; + return false; + } return true; } @@ -248,6 +279,11 @@ static bool get_volume_file_encryption_options(EncryptionOptions* options) { LOG(ERROR) << "Unable to parse volume encryption options: " << options_string; return false; } + if (options->flags & FSCRYPT_POLICY_FLAG_IV_INO_LBLK_32) { + LOG(ERROR) << "The emmc_optimized encryption flag is only allowed on eMMC storage. Remove " + "this flag from ro.crypto.volume.options"; + return false; + } return true; } |