Gitiles
Code Review Sign In
gerrit.omnirom.org / android_system_core / 806d10be2336f32cdca16c2540cbf3d548f2fec7^! / . / rootdir / init.rc
commit806d10be2336f32cdca16c2540cbf3d548f2fec7[log] [tgz]
authorPaul Lawrence <paullawrence@google.com>Tue Apr 28 22:07:10 2015 +0000
committerPaul Lawrence <paullawrence@google.com>Tue Apr 28 15:34:10 2015 -0700
treefc0acc251c6c5f9f4405ee77ffdf6ff271dd8cad
parentf0d24737354819738adc40bf47a006e56652d27a [diff] [blame]
Securely encrypt the master key

Move all key management into vold
Reuse vold's existing key management through the crypto footer
to manage the device wide keys.

Use ro.crypto.type flag to determine crypto type, which prevents
any issues when running in block encrypted mode, as well as speeding
up boot in block or no encryption.

This is one of four changes to enable this functionality:
  https://android-review.googlesource.com/#/c/148586/
  https://android-review.googlesource.com/#/c/148604/
  https://android-review.googlesource.com/#/c/148606/
  https://android-review.googlesource.com/#/c/148607/

Bug: 18151196

Change-Id: I6a8a18f43ae837e330e2785bd26c2c306ae1816b

diff --git a/rootdir/init.rc b/rootdir/init.rc
index c00c590..3709b82 100644
--- a/rootdir/init.rc
+++ b/rootdir/init.rc

@@ -220,14 +220,17 @@
     mkdir /cache/lost+found 0770 root root
 
 on post-fs-data
-    installkey /data
-
     # We chown/chmod /data again so because mount is run as root + defaults
     chown system system /data
     chmod 0771 /data
     # We restorecon /data in case the userdata partition has been reset.
     restorecon /data
 
+    # Make sure we have the device encryption key
+    start logd
+    start vold
+    installkey /data
+
     # Start bootcharting as soon as possible after the data partition is
     # mounted to collect more data.
     mkdir /data/bootchart 0755 shell shell
@@ -449,7 +452,6 @@
     class_start main
 
 on property:vold.decrypt=trigger_restart_framework
-    installkey /data
     class_start main
     class_start late_start