commit 6a69cfc411c086f15d59b7dc105763af16620414
author Paul Lawrence <paullawrence@google.com> Wed Jan 21 09:58:26 2015 -0800
committer Paul Lawrence <paullawrence@google.com> Wed Jan 21 10:00:17 2015 -0800
tree 0699b0a1f6ee87886d011295de1594763338ca7b
parent acfdc30e3793512de4b9a5e15da69533735dd8be

Make encryption configurable

Add maybeenabledefaultencryption function, that encrypts based
on the encryption flag and appropriate environment variable

Bug: 18764230
Change-Id: Id9a1967d09a7ae63a51240c0a5f3c41505af0e9a

CommandListener.cpp

diff --git a/CommandListener.cpp b/CommandListener.cpp
index f135a01..226d064 100644
--- a/CommandListener.cpp
+++ b/CommandListener.cpp
@@ -619,6 +619,14 @@
                 Process::killProcessesWithOpenFiles(DATA_MNT_POINT, 2);
             }
         }
+    } else if (!strcmp(argv[1], "maybeenabledefaultcrypto")) {
+        if (argc != 2) {
+            cli->sendMsg(ResponseCode::CommandSyntaxError,
+                         "Usage: cryptfs maybeenabledefaultcrypto", false);
+            return 0;
+        }
+        dumpArgs(argc, argv, -1);
+        rc = cryptfs_maybe_enable_default_crypto();
     } else if (!strcmp(argv[1], "changepw")) {
         const char* syntax = "Usage: cryptfs changepw "
                              "default|password|pin|pattern [newpasswd]";

cryptfs.c

diff --git a/cryptfs.c b/cryptfs.c
index a424b69..2458149 100644
--- a/cryptfs.c
+++ b/cryptfs.c
@@ -3310,6 +3310,49 @@
                           DEFAULT_PASSWORD, allow_reboot);
 }
 
+static int device_is_force_encrypted() {
+    int ret = -1;
+    char value[PROP_VALUE_MAX];
+    ret = __system_property_get("ro.vold.forceencryption", value);
+    if (ret < 0)
+        return 0;
+    return strcmp(value, "1") ? 0 : 1;
+}
+
+int cryptfs_maybe_enable_default_crypto()
+{
+    // Enable default crypt if /forceencrypt or /encryptable and
+    // ro.vold.forceencrypt=1, else mount data and continue unencrypted
+    struct fstab_rec *fstab_rec = 0;
+    fstab_rec = fs_mgr_get_entry_for_mount_point(fstab, DATA_MNT_POINT);
+    if (!fstab_rec) {
+        SLOGE("Error getting fstab record");
+        return -1;
+    }
+
+    // See if we should encrypt?
+    if (      !fs_mgr_is_encryptable(fstab_rec)
+           || (!fs_mgr_is_force_encrypted(fstab_rec)
+               && !device_is_force_encrypted())) {
+        int rc = 0;
+
+        rc = fs_mgr_do_mount(fstab, DATA_MNT_POINT, fstab_rec->blk_device, 0);
+        property_set("vold.decrypt", "trigger_load_persist_props");
+
+        /* Create necessary paths on /data */
+        if (prep_data_fs()) {
+            return -1;
+        }
+
+        property_set("ro.crypto.state", "unencrypted");
+        property_set("vold.decrypt", "trigger_restart_framework");
+        SLOGD("Unencrypted - restart_framework\n");
+        return rc;
+    }
+
+    return cryptfs_enable_default("inplace", 0);
+}
+
 int cryptfs_changepw(int crypt_type, const char *newpw)
 {
     struct crypt_mnt_ftr crypt_ftr;

cryptfs.h

diff --git a/cryptfs.h b/cryptfs.h
index d873c26..eba864c 100644
--- a/cryptfs.h
+++ b/cryptfs.h
@@ -232,6 +232,7 @@
   int cryptfs_enable(char *flag, int type, char *passwd, int allow_reboot);
   int cryptfs_changepw(int type, const char *newpw);
   int cryptfs_enable_default(char *flag, int allow_reboot);
+  int cryptfs_maybe_enable_default_crypto();
   int cryptfs_setup_volume(const char *label, int major, int minor,
                            char *crypto_dev_path, unsigned int max_pathlen,
                            int *new_major, int *new_minor);