diff options
| author | Paul Lawrence <paullawrence@google.com> | 2015-03-30 11:30:21 -0700 |
|---|---|---|
| committer | Paul Lawrence <paullawrence@google.com> | 2015-04-23 10:23:03 -0700 |
| commit | 4bf1887c787a025aad2fbafe382e556e85ac73b0 (patch) | |
| tree | df4b5d81b2e7ba676bf18a9c5f434a1971f93a4a /init/builtins.cpp | |
| parent | 653f9581bf32cc2532c2b1d442d7bb2bbf0c173e (diff) | |
Securely encrypt the master key
Remove unencrypted link since it is easier to manage directly
Move creation of key to vold
Start vold early so this is possible in a timely fashion
This is one of four changes to enable this functionality:
https://android-review.googlesource.com/#/c/144586/
https://android-review.googlesource.com/#/c/144663/
https://android-review.googlesource.com/#/c/144672/
https://android-review.googlesource.com/#/c/144673/
Bug: 18151196
Change-Id: Idb17d1f1a724c6ec509d181ae4427113e9d3b5e6
Diffstat (limited to 'init/builtins.cpp')
| -rw-r--r-- | init/builtins.cpp | 45 |
1 files changed, 15 insertions, 30 deletions
diff --git a/init/builtins.cpp b/init/builtins.cpp index 3bbaf8336..d0e56ec0c 100644 --- a/init/builtins.cpp +++ b/init/builtins.cpp @@ -29,7 +29,7 @@ #include <sys/wait.h> #include <unistd.h> #include <linux/loop.h> -#include <ext4_crypt.h> +#include <ext4_crypt_init_extensions.h> #include <selinux/selinux.h> #include <selinux/label.h> @@ -386,18 +386,6 @@ static int wipe_data_via_recovery() } /* - * Callback to make a directory from the ext4 code - */ -static int do_mount_alls_make_dir(const char* dir) -{ - if (make_dir(dir, 0700) && errno != EEXIST) { - return -1; - } - - return 0; -} - -/* * This function might request a reboot, in which case it will * not return. */ @@ -465,22 +453,6 @@ int do_mount_all(int nargs, char **args) ret = wipe_data_via_recovery(); /* If reboot worked, there is no return. */ } else if (ret == FS_MGR_MNTALL_DEV_DEFAULT_FILE_ENCRYPTED) { - // We have to create the key files here. Only init can call make_dir, - // and we can't do it from fs_mgr as then fs_mgr would depend on - // make_dir creating a circular dependency. - fstab = fs_mgr_read_fstab(args[1]); - for (int i = 0; i < fstab->num_entries; ++i) { - if (fs_mgr_is_file_encrypted(&fstab->recs[i])) { - if (e4crypt_create_device_key(fstab->recs[i].mount_point, - do_mount_alls_make_dir)) { - ERROR("Could not create device key on %s" - " - continue unencrypted\n", - fstab->recs[i].mount_point); - } - } - } - fs_mgr_free_fstab(fstab); - if (e4crypt_install_keyring()) { return -1; } @@ -849,10 +821,23 @@ int do_wait(int nargs, char **args) return -1; } +/* + * Callback to make a directory from the ext4 code + */ +static int do_installkeys_ensure_dir_exists(const char* dir) +{ + if (make_dir(dir, 0700) && errno != EEXIST) { + return -1; + } + + return 0; +} + int do_installkey(int nargs, char **args) { if (nargs == 2) { - return e4crypt_install_key(args[1]); + return e4crypt_create_device_key(args[1], + do_installkeys_ensure_dir_exists); } return -1; |