commit b45caafbccbb743c8b01a5287188969883dec377
author Eric Biggers <ebiggers@google.com> Thu Feb 02 14:52:12 2017 -0800
committer Eric Biggers <ebiggers@google.com> Tue Feb 07 20:53:45 2017 +0000
tree 886432ce8e9f0e524d9306472809e2c2d0827f36
parent cfc5202147a1f72a61415266f0d4097544ce8b89

vold: allow specifying HEH filenames encryption

Make the vold changes needed to support specifying aes-256-heh filenames
encryption.  The previous mode, aes-256-cts, remains supported as well.

The file /data/unencrypted/mode is updated to have the syntax
contents_encryption_mode[:filenames_encryption_mode] instead of just
contents_encryption_mode.  This is consistent with the new fstab syntax.

Bug: 34712722
Change-Id: Ibc236d0ec4fdeda4e4e301f45fb996317692cfa3

Ext4Crypt.cpp

diff --git a/Ext4Crypt.cpp b/Ext4Crypt.cpp
index 682b34c..c0a1ebc 100644
--- a/Ext4Crypt.cpp
+++ b/Ext4Crypt.cpp
@@ -385,9 +385,14 @@
 }
 
 static bool ensure_policy(const std::string& raw_ref, const std::string& path) {
+    const char *contents_mode;
+    const char *filenames_mode;
+
+    cryptfs_get_file_encryption_modes(&contents_mode, &filenames_mode);
+
     if (e4crypt_policy_ensure(path.c_str(),
                               raw_ref.data(), raw_ref.size(),
-                              cryptfs_get_file_encryption_mode()) != 0) {
+                              contents_mode, filenames_mode) != 0) {
         LOG(ERROR) << "Failed to set policy on: " << path;
         return false;
     }
@@ -446,9 +451,13 @@
         return true;
     }
 
+    const char *contents_mode;
+    const char *filenames_mode;
+    cryptfs_get_file_encryption_modes(&contents_mode, &filenames_mode);
+    std::string modestring = std::string(contents_mode) + ":" + filenames_mode;
+
     std::string mode_filename = std::string("/data") + e4crypt_key_mode;
-    std::string mode = cryptfs_get_file_encryption_mode();
-    if (!android::base::WriteStringToFile(mode, mode_filename)) {
+    if (!android::base::WriteStringToFile(modestring, mode_filename)) {
         PLOG(ERROR) << "Cannot save type";
         return false;
     }

cryptfs.c

diff --git a/cryptfs.c b/cryptfs.c
index e2606ec..41be686 100644
--- a/cryptfs.c
+++ b/cryptfs.c
@@ -3879,8 +3879,9 @@
                               ftr);
 }
 
-const char* cryptfs_get_file_encryption_mode()
+void cryptfs_get_file_encryption_modes(const char **contents_mode_ret,
+                                       const char **filenames_mode_ret)
 {
     struct fstab_rec* rec = fs_mgr_get_entry_for_mount_point(fstab, DATA_MNT_POINT);
-    return fs_mgr_get_file_encryption_mode(rec);
+    fs_mgr_get_file_encryption_modes(rec, contents_mode_ret, filenames_mode_ret);
 }

cryptfs.h

diff --git a/cryptfs.h b/cryptfs.h
index bf158de..5c05001 100644
--- a/cryptfs.h
+++ b/cryptfs.h
@@ -252,7 +252,8 @@
                              unsigned char* master_key);
   int cryptfs_set_password(struct crypt_mnt_ftr* ftr, const char* password,
                            const unsigned char* master_key);
-  const char* cryptfs_get_file_encryption_mode();
+  void cryptfs_get_file_encryption_modes(const char **contents_mode_ret,
+                                         const char **filenames_mode_ret);
 
 #ifdef __cplusplus
 }