| commit | e2c0c9de7b99ed5cd2349e0585284fd6a0ad768a | [log] [tgz] |
|---|---|---|
| author | Paul Lawrence <paullawrence@google.com> | Tue Apr 28 22:06:29 2015 +0000 |
| committer | Paul Lawrence <paullawrence@google.com> | Fri May 29 17:42:09 2015 +0000 |
| tree | 3082a7ef6120deebee7237451a9a90b0d7734f3b | |
| parent | 8dcf48c0e4c89261e00b547169d21bef25a84cec [diff] [blame] |
DO NOT MERGE Securely encrypt the master key (chery-picked from commit 13dec5fa5b860871afea47f85842706095e40527) Move all key management into vold Reuse vold's existing key management through the crypto footer to manage the device wide keys. Use ro.crypto.type flag to determine crypto type, which prevents any issues when running in block encrypted mode, as well as speeding up boot in block or no encryption. This is one of four changes to enable this functionality: https://android-review.googlesource.com/#/c/148586/ https://android-review.googlesource.com/#/c/148604/ https://android-review.googlesource.com/#/c/148606/ https://android-review.googlesource.com/#/c/148607/ Bug: 18151196 Change-Id: I3208b76147df9da83d34cf9034675b0689b6c3a5
diff --git a/init.te b/init.te index 9f624ba..89ddac7 100644 --- a/init.te +++ b/init.te
@@ -257,11 +257,7 @@ # linux keyring configuration allow init init:key { write search setattr }; -# Allow init to link temp fs to unencrypted data on userdata -allow init tmpfs:lnk_file { create read getattr relabelfrom }; - -# Allow init to manipulate /data/unencrypted -allow init unencrypted_data_file:{ file lnk_file } create_file_perms; +# Allow init to create /data/unencrypted allow init unencrypted_data_file:dir create_dir_perms; unix_socket_connect(init, vold, vold)