Add force_encrypt flag to fstab to force encryption on appropriate devices

forceencrypt= will encrypt the drive at boot if it is not encrypted. This change will not have an impact until we set this flag in appropirate fstabs. Bug: 11985952 Change-Id: I6c65eda7f109e4936aa160da50f871703aefb351
author: Paul Lawrence <paullawrence@google.com> 2014-04-04 09:34:19 -0700
committer: Paul Lawrence <paullawrence@google.com> 2014-04-04 11:07:27 -0700
commit: 2e5ae0a4f90ad7a2a1aa9382abb97d9450209c50 (patch)
tree: d0d18cb44fcd1da719fcde555ecdec2722609175
parent: 7962e4acc735c7083ea060661b847e818d0a79a7 (diff)
download: system_core-2e5ae0a4f90ad7a2a1aa9382abb97d9450209c50.zip
system_core-2e5ae0a4f90ad7a2a1aa9382abb97d9450209c50.tar.gz
system_core-2e5ae0a4f90ad7a2a1aa9382abb97d9450209c50.tar.bz2
3 files changed, 12 insertions, 31 deletions
diff --git a/fs_mgr/fs_mgr.c b/fs_mgr/fs_mgr.c
index c91033a..ee3cbf9 100644
--- a/fs_mgr/fs_mgr.c
+++ b/fs_mgr/fs_mgr.c
@@ -54,32 +54,6 @@
 
 #define ARRAY_SIZE(a) (sizeof(a) / sizeof(*(a)))
 
-/**
- * TODO - Remove to enable always on encryption for all devices
- * This limits the machines on which this feature is enabled
- * Remove call from fs_mgr_mount_all as well
- */
-static const char* serial_numbers[] = {
-  "039b83b8437e9637",
-  0
-};
-
-static int serial_matches()
-{
-    char tmp[PROP_VALUE_MAX];
-    *tmp = 0;
-    __system_property_get("ro.serialno", tmp);
-
-    const char** i;
-    for (i = serial_numbers; *i; ++i) {
-        if (!strcmp(*i, tmp)) {
-            return 1;
-        }
-    }
-
-    return 0;
-}
-
 /*
  * gettime() - returns the time in seconds of the system's monotonic clock or
  * zero on error.
@@ -291,8 +265,8 @@ int fs_mgr_mount_all(struct fstab *fstab)
 
         if (!mret) {
             /* If this is encryptable, need to trigger encryption */
-            if ((fstab->recs[i].fs_mgr_flags & MF_CRYPT)) {
-                if (serial_matches() && umount(fstab->recs[i].mount_point) == 0) {
+            if ((fstab->recs[i].fs_mgr_flags & MF_FORCECRYPT)) {
+                if (umount(fstab->recs[i].mount_point) == 0) {
                     if (!encryptable) {
                         encryptable = 2;
                     } else {
@@ -314,7 +288,7 @@ int fs_mgr_mount_all(struct fstab *fstab)
         mount_errno = errno;
         /* mount(2) returned an error, check if it's encryptable and deal with it */
         if (mount_errno != EBUSY && mount_errno != EACCES &&
-            (fstab->recs[i].fs_mgr_flags & MF_CRYPT) &&
+            (fstab->recs[i].fs_mgr_flags & (MF_CRYPT | MF_FORCECRYPT)) &&
             !partition_wiped(fstab->recs[i].blk_device)) {
             /* Need to mount a tmpfs at this mountpoint for now, and set
              * properties that vold will query later for decrypting
@@ -556,7 +530,7 @@ int fs_mgr_get_crypt_info(struct fstab *fstab, char *key_loc, char *real_blk_dev
         if (fstab->recs[i].fs_mgr_flags & MF_VOLDMANAGED) {
             continue;
         }
-        if (!(fstab->recs[i].fs_mgr_flags & MF_CRYPT)) {
+        if (!(fstab->recs[i].fs_mgr_flags & (MF_CRYPT | MF_FORCECRYPT))) {
             continue;
         }
 
diff --git a/fs_mgr/fs_mgr_fstab.c b/fs_mgr/fs_mgr_fstab.c
index 6145771..8557bcf 100644
--- a/fs_mgr/fs_mgr_fstab.c
+++ b/fs_mgr/fs_mgr_fstab.c
@@ -59,6 +59,7 @@ static struct flag_list fs_mgr_flags[] = {
     { "wait",        MF_WAIT },
     { "check",       MF_CHECK },
     { "encryptable=",MF_CRYPT },
+    { "forceencrypt=",MF_FORCECRYPT },
     { "nonremovable",MF_NONREMOVABLE },
     { "voldmanaged=",MF_VOLDMANAGED},
     { "length=",     MF_LENGTH },
@@ -106,6 +107,11 @@ static int parse_flags(char *flags, struct flag_list *fl,
                      * location of the keys.  Get it and return it.
                      */
                     flag_vals->key_loc = strdup(strchr(p, '=') + 1);
+                } else if ((fl[i].flag == MF_FORCECRYPT) && flag_vals) {
+                    /* The forceencrypt flag is followed by an = and the
+                     * location of the keys.  Get it and return it.
+                     */
+                    flag_vals->key_loc = strdup(strchr(p, '=') + 1);
                 } else if ((fl[i].flag == MF_LENGTH) && flag_vals) {
                     /* The length flag is followed by an = and the
                      * size of the partition.  Get it and return it.
@@ -394,7 +400,7 @@ int fs_mgr_is_nonremovable(struct fstab_rec *fstab)
 
 int fs_mgr_is_encryptable(struct fstab_rec *fstab)
 {
-    return fstab->fs_mgr_flags & MF_CRYPT;
+    return fstab->fs_mgr_flags & (MF_CRYPT | MF_FORCECRYPT);
 }
 
 int fs_mgr_is_noemulatedsd(struct fstab_rec *fstab)
diff --git a/fs_mgr/fs_mgr_priv.h b/fs_mgr/fs_mgr_priv.h
index 59ffd78..6bb568a 100644
--- a/fs_mgr/fs_mgr_priv.h
+++ b/fs_mgr/fs_mgr_priv.h
@@ -72,6 +72,7 @@
 #define MF_SWAPPRIO     0x80
 #define MF_ZRAMSIZE     0x100
 #define MF_VERIFY       0x200
+#define MF_FORCECRYPT   0x400
 /*
  * There is no emulated sdcard daemon running on /data/media on this device,
  * so treat the physical SD card as the only external storage device,
author	Paul Lawrence <paullawrence@google.com>	2014-04-04 09:34:19 -0700
committer	Paul Lawrence <paullawrence@google.com>	2014-04-04 11:07:27 -0700
commit	2e5ae0a4f90ad7a2a1aa9382abb97d9450209c50 (patch)
tree	d0d18cb44fcd1da719fcde555ecdec2722609175
parent	7962e4acc735c7083ea060661b847e818d0a79a7 (diff)
download	system_core-2e5ae0a4f90ad7a2a1aa9382abb97d9450209c50.zip system_core-2e5ae0a4f90ad7a2a1aa9382abb97d9450209c50.tar.gz system_core-2e5ae0a4f90ad7a2a1aa9382abb97d9450209c50.tar.bz2