Add force_encrypt flag to fstab to force encryption on appropriate devices
forceencrypt= will encrypt the drive at boot if it is not encrypted. This change
will not have an impact until we set this flag in appropirate fstabs.
Bug: 11985952
Change-Id: I6c65eda7f109e4936aa160da50f871703aefb351
diff --git a/fs_mgr/fs_mgr.c b/fs_mgr/fs_mgr.c
index c91033a..ee3cbf9 100644
--- a/fs_mgr/fs_mgr.c
+++ b/fs_mgr/fs_mgr.c
@@ -54,32 +54,6 @@
#define ARRAY_SIZE(a) (sizeof(a) / sizeof(*(a)))
-/**
- * TODO - Remove to enable always on encryption for all devices
- * This limits the machines on which this feature is enabled
- * Remove call from fs_mgr_mount_all as well
- */
-static const char* serial_numbers[] = {
- "039b83b8437e9637",
- 0
-};
-
-static int serial_matches()
-{
- char tmp[PROP_VALUE_MAX];
- *tmp = 0;
- __system_property_get("ro.serialno", tmp);
-
- const char** i;
- for (i = serial_numbers; *i; ++i) {
- if (!strcmp(*i, tmp)) {
- return 1;
- }
- }
-
- return 0;
-}
-
/*
* gettime() - returns the time in seconds of the system's monotonic clock or
* zero on error.
@@ -291,8 +265,8 @@
if (!mret) {
/* If this is encryptable, need to trigger encryption */
- if ((fstab->recs[i].fs_mgr_flags & MF_CRYPT)) {
- if (serial_matches() && umount(fstab->recs[i].mount_point) == 0) {
+ if ((fstab->recs[i].fs_mgr_flags & MF_FORCECRYPT)) {
+ if (umount(fstab->recs[i].mount_point) == 0) {
if (!encryptable) {
encryptable = 2;
} else {
@@ -314,7 +288,7 @@
mount_errno = errno;
/* mount(2) returned an error, check if it's encryptable and deal with it */
if (mount_errno != EBUSY && mount_errno != EACCES &&
- (fstab->recs[i].fs_mgr_flags & MF_CRYPT) &&
+ (fstab->recs[i].fs_mgr_flags & (MF_CRYPT | MF_FORCECRYPT)) &&
!partition_wiped(fstab->recs[i].blk_device)) {
/* Need to mount a tmpfs at this mountpoint for now, and set
* properties that vold will query later for decrypting
@@ -556,7 +530,7 @@
if (fstab->recs[i].fs_mgr_flags & MF_VOLDMANAGED) {
continue;
}
- if (!(fstab->recs[i].fs_mgr_flags & MF_CRYPT)) {
+ if (!(fstab->recs[i].fs_mgr_flags & (MF_CRYPT | MF_FORCECRYPT))) {
continue;
}
diff --git a/fs_mgr/fs_mgr_fstab.c b/fs_mgr/fs_mgr_fstab.c
index 6145771..8557bcf 100644
--- a/fs_mgr/fs_mgr_fstab.c
+++ b/fs_mgr/fs_mgr_fstab.c
@@ -59,6 +59,7 @@
{ "wait", MF_WAIT },
{ "check", MF_CHECK },
{ "encryptable=",MF_CRYPT },
+ { "forceencrypt=",MF_FORCECRYPT },
{ "nonremovable",MF_NONREMOVABLE },
{ "voldmanaged=",MF_VOLDMANAGED},
{ "length=", MF_LENGTH },
@@ -106,6 +107,11 @@
* location of the keys. Get it and return it.
*/
flag_vals->key_loc = strdup(strchr(p, '=') + 1);
+ } else if ((fl[i].flag == MF_FORCECRYPT) && flag_vals) {
+ /* The forceencrypt flag is followed by an = and the
+ * location of the keys. Get it and return it.
+ */
+ flag_vals->key_loc = strdup(strchr(p, '=') + 1);
} else if ((fl[i].flag == MF_LENGTH) && flag_vals) {
/* The length flag is followed by an = and the
* size of the partition. Get it and return it.
@@ -394,7 +400,7 @@
int fs_mgr_is_encryptable(struct fstab_rec *fstab)
{
- return fstab->fs_mgr_flags & MF_CRYPT;
+ return fstab->fs_mgr_flags & (MF_CRYPT | MF_FORCECRYPT);
}
int fs_mgr_is_noemulatedsd(struct fstab_rec *fstab)
diff --git a/fs_mgr/fs_mgr_priv.h b/fs_mgr/fs_mgr_priv.h
index 59ffd78..6bb568a 100644
--- a/fs_mgr/fs_mgr_priv.h
+++ b/fs_mgr/fs_mgr_priv.h
@@ -72,6 +72,7 @@
#define MF_SWAPPRIO 0x80
#define MF_ZRAMSIZE 0x100
#define MF_VERIFY 0x200
+#define MF_FORCECRYPT 0x400
/*
* There is no emulated sdcard daemon running on /data/media on this device,
* so treat the physical SD card as the only external storage device,