commit 5c025bd9a54ac5f291005735f97bc66c0da98d01
author Paul Crowley <paulcrowley@google.com> Mon Feb 08 21:45:46 2016 +0000
committer Android (Google) Code Review <android-gerrit@google.com> Mon Feb 08 21:45:46 2016 +0000
tree 1c55e53f72869510ac5c0161bb2fa1ece55bcf9a
parent 0754a45539de941e278c82898d83d26b6ba95b5e
parent 0572080814ea5f7456d9feea05f936c858178159

Merge "Password security for FBE disk encryption keys" into nyc-dev

Ext4Crypt.cpp

diff --git a/Ext4Crypt.cpp b/Ext4Crypt.cpp
index cae39fb..856a58b 100644
--- a/Ext4Crypt.cpp
+++ b/Ext4Crypt.cpp
@@ -418,6 +418,13 @@
         LOG(ERROR) << "Failed to prepare user 0 storage";
         return -1;
     }
+
+    // If this is a non-FBE device that recently left an emulated mode,
+    // restore user data directories to known-good state.
+    if (!e4crypt_is_native() && !e4crypt_is_emulated()) {
+        e4crypt_unlock_user_key(0, 0, nullptr);
+    }
+
     return 0;
 }
 
@@ -563,6 +570,7 @@
         // unlock directories when not in emulation mode, to bring devices
         // back into a known-good state.
         if (emulated_unlock(android::vold::BuildDataSystemCePath(user_id), 0771) ||
+                emulated_unlock(android::vold::BuildDataMiscCePath(user_id), 01771) ||
                 emulated_unlock(android::vold::BuildDataMediaPath(nullptr, user_id), 0770) ||
                 emulated_unlock(android::vold::BuildDataUserPath(nullptr, user_id), 0771)) {
             LOG(ERROR) << "Failed to unlock user " << user_id;
@@ -579,6 +587,7 @@
     } else if (e4crypt_is_emulated()) {
         // When in emulation mode, we just use chmod
         if (emulated_lock(android::vold::BuildDataSystemCePath(user_id)) ||
+                emulated_lock(android::vold::BuildDataMiscCePath(user_id)) ||
                 emulated_lock(android::vold::BuildDataMediaPath(nullptr, user_id)) ||
                 emulated_lock(android::vold::BuildDataUserPath(nullptr, user_id))) {
             PLOG(ERROR) << "Failed to lock user " << user_id;