commit 0c8a90693ab273a6c10624d65310fb9c37f0a5f0
author Eric Biggers <ebiggers@google.com> Mon Oct 07 19:09:44 2019 +0000
committer Gerrit Code Review <noreply-gerritcodereview@google.com> Mon Oct 07 19:09:44 2019 +0000
tree c4f33f2d1d0d81380e4e4a30ed74421c69254fbe
parent 8491445d63f2fe329512d99123e9292e70f65deb
parent 53c3a1171f99ed0e505312f0e0c626a672592d26

Merge changes from topic "fscrypt-key-mgmt-improvements"

* changes:
  Export vold ro.crypto.volume.flags property
  Allow vold to use new ioctls to add/remove fscrypt keys

public/ioctl_defines

diff --git a/public/ioctl_defines b/public/ioctl_defines
index 48fed86..15cf7d5 100644
--- a/public/ioctl_defines
+++ b/public/ioctl_defines
@@ -801,6 +801,7 @@
 define(`FS_IOC32_GETVERSION', `0x80047601')
 define(`FS_IOC32_SETFLAGS', `0x40046602')
 define(`FS_IOC32_SETVERSION', `0x40047602')
+define(`FS_IOC_ADD_ENCRYPTION_KEY', `0xc0506617')
 define(`FS_IOC_ENABLE_VERITY', `0x6685')
 define(`FS_IOC_FIEMAP', `0xc020660b')
 define(`FS_IOC_GET_ENCRYPTION_POLICY', `0x400c6615')
@@ -809,6 +810,7 @@
 define(`FS_IOC_GETFLAGS', `0x80086601')
 define(`FS_IOC_GETVERSION', `0x80087601')
 define(`FS_IOC_MEASURE_VERITY', `0x6686')
+define(`FS_IOC_REMOVE_ENCRYPTION_KEY', `0xc0406618')
 define(`FS_IOC_SET_ENCRYPTION_POLICY', `0x800c6613')
 define(`FS_IOC_SETFLAGS', `0x40086602')
 define(`FS_IOC_SETVERSION', `0x40087602')

public/property_contexts

diff --git a/public/property_contexts b/public/property_contexts
index 4418bbf..9526abc 100644
--- a/public/property_contexts
+++ b/public/property_contexts
@@ -116,6 +116,7 @@
 ro.crypto.set_dun u:object_r:exported2_vold_prop:s0 exact bool
 ro.crypto.volume.contents_mode u:object_r:exported2_vold_prop:s0 exact string
 ro.crypto.volume.filenames_mode u:object_r:exported2_vold_prop:s0 exact string
+ro.crypto.volume.flags u:object_r:exported2_vold_prop:s0 exact string
 ro.dalvik.vm.native.bridge u:object_r:exported_dalvik_prop:s0 exact string
 ro.enable_boot_charger_mode u:object_r:exported3_default_prop:s0 exact bool
 ro.gfx.driver.0 u:object_r:exported3_default_prop:s0 exact string

public/vold.te

diff --git a/public/vold.te b/public/vold.te
index 9568c48..9e68d65 100644
--- a/public/vold.te
+++ b/public/vold.te
@@ -43,12 +43,29 @@
 # allowxperm still requires the ioctl permission for the individual type
 allowxperm vold { fs_type file_type }:dir ioctl FITRIM;
 
-# Get encryption policy for dirs in /data
+# Get/set file-based encryption policies on dirs in /data and adoptable storage,
+# and add/remove file-based encryption keys.
 allowxperm vold data_file_type:dir ioctl {
   FS_IOC_GET_ENCRYPTION_POLICY
   FS_IOC_SET_ENCRYPTION_POLICY
+  FS_IOC_ADD_ENCRYPTION_KEY
+  FS_IOC_REMOVE_ENCRYPTION_KEY
 };
 
+# Only vold and init should ever set file-based encryption policies.
+neverallowxperm {
+  domain
+  -vold
+  -init
+  -vendor_init
+} data_file_type:dir ioctl { FS_IOC_SET_ENCRYPTION_POLICY };
+
+# Only vold should ever add/remove file-based encryption keys.
+neverallowxperm {
+  domain
+  -vold
+} data_file_type:dir ioctl { FS_IOC_ADD_ENCRYPTION_KEY FS_IOC_REMOVE_ENCRYPTION_KEY };
+
 # Find the location on the raw block device where the
 # crypto key is stored so it can be destroyed
 allowxperm vold vold_data_file:file ioctl {