commit 0a423d994a0dbd05924ae6cff702b5d4d7dd43f0
author Paul Lawrence <paullawrence@google.com> Tue Apr 28 22:07:10 2015 +0000
committer Paul Lawrence <paullawrence@google.com> Fri May 29 17:39:16 2015 +0000
tree de7a20a355c1e1bb0c71fa8dc8d67a204d2c6bce
parent 0aab798312364971ad3d2052306f3c9a8aed6c57

DO NOT MERGE Securely encrypt the master key

(chery-picked from commit 806d10be2336f32cdca16c2540cbf3d548f2fec7)

Move all key management into vold
Reuse vold's existing key management through the crypto footer
to manage the device wide keys.

Use ro.crypto.type flag to determine crypto type, which prevents
any issues when running in block encrypted mode, as well as speeding
up boot in block or no encryption.

This is one of four changes to enable this functionality:
  https://android-review.googlesource.com/#/c/148586/
  https://android-review.googlesource.com/#/c/148604/
  https://android-review.googlesource.com/#/c/148606/
  https://android-review.googlesource.com/#/c/148607/

Bug: 18151196

Change-Id: I6a8a18f43ae837e330e2785bd26c2c306ae1816b

rootdir/init.rc

diff --git a/rootdir/init.rc b/rootdir/init.rc
index 6278cc7..a3cf6f1 100644
--- a/rootdir/init.rc
+++ b/rootdir/init.rc
@@ -223,8 +223,6 @@
     mkdir /cache/lost+found 0770 root root
 
 on post-fs-data
-    installkey /data
-
     # We chown/chmod /data again so because mount is run as root + defaults
     chown system system /data
     chmod 0771 /data
@@ -234,6 +232,11 @@
     # Emulated internal storage area
     mkdir /data/media 0770 media_rw media_rw
 
+    # Make sure we have the device encryption key
+    start logd
+    start vold
+    installkey /data
+
     # Start bootcharting as soon as possible after the data partition is
     # mounted to collect more data.
     mkdir /data/bootchart 0755 shell shell
@@ -457,7 +460,6 @@
     class_start main
 
 on property:vold.decrypt=trigger_restart_framework
-    installkey /data
     class_start main
     class_start late_start