Gitiles
Code Review Sign In
gerrit.omnirom.org / android_system_core / 48c05a6d03c628b226bbd3a63fe563f89c254ffb^! / . / init / util.cpp
commit48c05a6d03c628b226bbd3a63fe563f89c254ffb[log] [tgz]
authorEric Biggers <ebiggers@google.com>Fri May 13 19:40:09 2022 +0000
committerEric Biggers <ebiggers@google.com>Mon May 16 19:06:22 2022 +0000
treeec8817446e3a7567c8123ac625ebbb7a26a63560
parent6cb5a36f4c59ed64cacfca7a6178f22ec0e5d71b [diff] [blame]
init: remove unneeded special cases from FscryptInferAction

All the individual directories being treated specially by
FscryptInferAction() already have an explicit encryption action in the
corresponding mkdir commands.  The explicit action is the source of
truth, so the special cases in FscryptInferAction() are unnecessary.

Also, some of these cases were outdated.  For example, /data/app-staging
was changed from encryption=None to encryption=DeleteIfNecessary at some
point, but FscryptInferAction() was not updated.  This is causing the
warning "Inferred action different from explicit one" to be logged.

Additional "Inferred action different from explicit one" warnings are
logged due to subdirectories of /data/apex being explicitly encrypted.

Change FscryptInferAction() to only do what it needs to do: check
whether the directory is a top-level directory of /data or not.  Remove
the above-mentioned warning which is not useful.

Bug: 232554803
Change-Id: If6611d64107a19d242892c92dfea095577e193e5

diff --git a/init/util.cpp b/init/util.cpp
index 20c1088..1801d17 100644
--- a/init/util.cpp
+++ b/init/util.cpp

@@ -61,6 +61,8 @@
 
 const std::string kDefaultAndroidDtDir("/proc/device-tree/firmware/android/");
 
+const std::string kDataDirPrefix("/data/");
+
 void (*trigger_shutdown)(const std::string& command) = nullptr;
 
 // DecodeUid() - decodes and returns the given string, which can be either the
@@ -476,53 +478,16 @@
     return result;
 }
 
-static FscryptAction FscryptInferAction(const std::string& dir) {
-    const std::string prefix = "/data/";
-
-    if (!android::base::StartsWith(dir, prefix)) {
-        return FscryptAction::kNone;
-    }
-
-    // Only set policy on first level /data directories
-    // To make this less restrictive, consider using a policy file.
-    // However this is overkill for as long as the policy is simply
-    // to apply a global policy to all /data folders created via makedir
-    if (dir.find_first_of('/', prefix.size()) != std::string::npos) {
-        return FscryptAction::kNone;
-    }
-
-    // Special case various directories that must not be encrypted,
-    // often because their subdirectories must be encrypted.
-    // This isn't a nice way to do this, see b/26641735
-    std::vector<std::string> directories_to_exclude = {
-            "lost+found", "system_ce", "system_de", "misc_ce",     "misc_de",
-            "vendor_ce",  "vendor_de", "media",     "data",        "user",
-            "user_de",    "apex",      "preloads",  "app-staging", "gsi",
-    };
-    for (const auto& d : directories_to_exclude) {
-        if ((prefix + d) == dir) {
-            return FscryptAction::kNone;
-        }
-    }
-    // Empty these directories if policy setting fails.
-    std::vector<std::string> wipe_on_failure = {
-            "rollback", "rollback-observer",  // b/139193659
-    };
-    for (const auto& d : wipe_on_failure) {
-        if ((prefix + d) == dir) {
-            return FscryptAction::kDeleteIfNecessary;
-        }
-    }
-    return FscryptAction::kRequire;
-}
-
 Result<MkdirOptions> ParseMkdir(const std::vector<std::string>& args) {
     std::string path = CleanDirPath(args[1]);
+    const bool is_toplevel_data_dir =
+            StartsWith(path, kDataDirPrefix) &&
+            path.find_first_of('/', kDataDirPrefix.size()) == std::string::npos;
+    FscryptAction fscrypt_action =
+            is_toplevel_data_dir ? FscryptAction::kRequire : FscryptAction::kNone;
     mode_t mode = 0755;
     Result<uid_t> uid = -1;
     Result<gid_t> gid = -1;
-    FscryptAction fscrypt_inferred_action = FscryptInferAction(path);
-    FscryptAction fscrypt_action = fscrypt_inferred_action;
     std::string ref_option = "ref";
     bool set_option_encryption = false;
     bool set_option_key = false;
@@ -587,8 +552,7 @@
     if (set_option_key && fscrypt_action == FscryptAction::kNone) {
         return Error() << "Key option set but encryption action is none";
     }
-    const std::string prefix = "/data/";
-    if (StartsWith(path, prefix) && path.find_first_of('/', prefix.size()) == std::string::npos) {
+    if (is_toplevel_data_dir) {
         if (!set_option_encryption) {
             LOG(WARNING) << "Top-level directory needs encryption action, eg mkdir " << path
                          << " <mode> <uid> <gid> encryption=Require";
@@ -597,11 +561,6 @@
             LOG(INFO) << "Not setting encryption policy on: " << path;
         }
     }
-    if (fscrypt_action != fscrypt_inferred_action) {
-        LOG(WARNING) << "Inferred action different from explicit one, expected "
-                     << static_cast<int>(fscrypt_inferred_action) << " but got "
-                     << static_cast<int>(fscrypt_action);
-    }
 
     return MkdirOptions{path, mode, *uid, *gid, fscrypt_action, ref_option};
 }