Change init sequence to support file level encryption

File level encryption must get the key between mounting userdata and
calling post_fs_data when the directories are created. This requires
access to keymaster, which in turn is found from a system property.

Split property loaded into system and data, and load in right order.

Bug: 22233063
Change-Id: I8a6c40d44e17de386417a443c9dfc3b4e7fe59a5

1 files changed, 8 insertions, 4 deletions

diff --git a/rootdir/init.rc b/rootdir/init.rc
index 3353c64..b25a371 100644
--- a/rootdir/init.rc
+++ b/rootdir/init.rc
@@ -181,8 +181,8 @@ on property:sys.boot_from_charger_mode=1
     trigger late-init
 
 # Load properties from /system/ + /factory after fs mount.
-on load_all_props_action
-    load_all_props
+on load_system_props_action
+    load_system_props
     start logd
     start logd-reinit
 
@@ -195,12 +195,16 @@ on late-init
     trigger early-fs
     trigger fs
     trigger post-fs
-    trigger post-fs-data
 
     # Load properties from /system/ + /factory after fs mount. Place
     # this in another action so that the load will be scheduled after the prior
     # issued fs triggers have completed.
-    trigger load_all_props_action
+    trigger load_system_props_action
+
+    # Now we can mount /data. File encryption requires keymaster to decrypt
+    # /data, which in turn can only be loaded when system properties are present
+    trigger post-fs-data
+    trigger load_persist_props
 
     # Remove a file to wake up anything waiting for firmware.
     trigger firmware_mounts_complete