Mount default encrypted devices at boot
If userdata is default encrypted, we should mount it at boot
to avoid bringing the framework up and then down unnecessarily.
Needs matching vold changes from
https://googleplex-android-review.googlesource.com/#/c/412649/
Bug: 8769627
Change-Id: I4b8276befd832cd788e15c36edfbf8f0e18d7e6b
diff --git a/init/builtins.c b/init/builtins.c
index e2932d5..a168062 100644
--- a/init/builtins.c
+++ b/init/builtins.c
@@ -501,10 +501,10 @@
return -1;
}
- /* ret is 1 if the device is encrypted, 0 if not, and -1 on error */
+ /* ret is 1 if the device appears encrypted, 0 if not, and -1 on error */
if (ret == 1) {
property_set("ro.crypto.state", "encrypted");
- property_set("vold.decrypt", "1");
+ property_set("vold.decrypt", "trigger_default_encryption");
} else if (ret == 0) {
property_set("ro.crypto.state", "unencrypted");
/* If fs_mgr determined this is an unencrypted device, then trigger
diff --git a/rootdir/init.rc b/rootdir/init.rc
index 51246fb..e28af4d 100644
--- a/rootdir/init.rc
+++ b/rootdir/init.rc
@@ -391,11 +391,15 @@
setprop net.tcp.buffersize.evdo 4094,87380,262144,4096,16384,262144
class_start core
- class_start main
on nonencrypted
+ class_start main
class_start late_start
+on property:vold.decrypt=trigger_default_encryption
+ start surfaceflinger
+ start defaultcrypto
+
on charger
class_start charger
@@ -529,6 +533,13 @@
group audio camera inet net_bt net_bt_admin net_bw_acct drmrpc mediadrm
ioprio rt 4
+# One shot invocation to deal with encrypted volume.
+service defaultcrypto /system/bin/vdc --wait cryptfs mountdefaultencrypted
+ disabled
+ oneshot
+ # vold will set vold.decrypt to trigger_restart_framework (default
+ # encryption) or trigger_restart_min_framework (other encryption)
+
service bootanim /system/bin/bootanimation
class main
user graphics