diff options
author | Paul Lawrence <paullawrence@google.com> | 2014-02-03 13:27:49 -0800 |
---|---|---|
committer | Paul Lawrence <paullawrence@google.com> | 2014-03-24 15:00:53 -0700 |
commit | 166fa3de7060198252b43a4a9ddd841fb6d65cf7 (patch) | |
tree | 8835ae87de18f84267e858bae2583795c937fb38 /fs_mgr | |
parent | 347c8de285454af2d3cba3d9b43d3bf23b20babb (diff) | |
download | system_core-166fa3de7060198252b43a4a9ddd841fb6d65cf7.zip system_core-166fa3de7060198252b43a4a9ddd841fb6d65cf7.tar.gz system_core-166fa3de7060198252b43a4a9ddd841fb6d65cf7.tar.bz2 |
Auto-encrypt drive at startup
Modify fs_mgr to unmount encryptable drives after test mounting them and
then trigger an auto-encrypt via the init script
Needs matching vold changes from
https://googleplex-android-review.googlesource.com/#/c/414200/
Feature is limited to list of serial numbers with this change
Bug: 11985952
Change-Id: I84f85a258b6a7e9809467c9149249302e203c41b
Diffstat (limited to 'fs_mgr')
-rw-r--r-- | fs_mgr/fs_mgr.c | 48 |
1 files changed, 43 insertions, 5 deletions
diff --git a/fs_mgr/fs_mgr.c b/fs_mgr/fs_mgr.c index c4f27a0..9ac68cd 100644 --- a/fs_mgr/fs_mgr.c +++ b/fs_mgr/fs_mgr.c @@ -54,6 +54,32 @@ #define ARRAY_SIZE(a) (sizeof(a) / sizeof(*(a))) +/** + * TODO - Remove to enable always on encryption for all devices + * This limits the machines on which this feature is enabled + * Remove call from fs_mgr_mount_all as well + */ +static const char* serial_numbers[] = { + "039b83b8437e9637", + 0 +}; + +static int serial_matches() +{ + char tmp[PROP_VALUE_MAX]; + *tmp = 0; + __system_property_get("ro.serialno", tmp); + + const char** i; + for (i = serial_numbers; *i; ++i) { + if (!strcmp(*i, tmp)) { + return 1; + } + } + + return 0; +} + /* * gettime() - returns the time in seconds of the system's monotonic clock or * zero on error. @@ -254,6 +280,22 @@ int fs_mgr_mount_all(struct fstab *fstab) fstab->recs[i].fs_options); if (!mret) { + /* If this is encryptable, need to trigger encryption */ + if ((fstab->recs[i].fs_mgr_flags & MF_CRYPT)) { + if (serial_matches() && umount(fstab->recs[i].mount_point) == 0) { + if (!encryptable) { + encryptable = 2; + } else { + ERROR("Only one encryptable/encrypted partition supported"); + encryptable = 1; + } + } else { + INFO("Could not umount %s - allow continue unencrypted", + fstab->recs[i].mount_point); + continue; + } + } + /* Success! Go get the next one */ continue; } @@ -287,12 +329,8 @@ int fs_mgr_mount_all(struct fstab *fstab) if (error_count) { return -1; - } - - if (encryptable) { - return 1; } else { - return 0; + return encryptable; } } |