system: vold: Use ICE for UFS card
Identify UFS Card while mounting during adoptable
storage, and use ICE for encryption/decryption if
it is the case as compared to software encryption
being used for SD card.
CRs-Fixed: 2491182
Change-Id: Iea7e34b06e3ceab8e292ac14d5115566382609ab
diff --git a/FsCrypt.cpp b/FsCrypt.cpp
index 100d285..e5d2caa 100644
--- a/FsCrypt.cpp
+++ b/FsCrypt.cpp
@@ -21,6 +21,7 @@
#include "KeyUtil.h"
#include "Utils.h"
#include "VoldUtil.h"
+#include "model/Disk.h"
#include <algorithm>
#include <map>
@@ -202,11 +203,24 @@
return false;
}
+bool is_ice_supported_external(int flags) {
+ /*
+ * Logic can be changed when more card controllers start supporting ICE.
+ * Until then, checking only for UFS card.
+ */
+ if ((flags & android::vold::Disk::Flags::kUfsCard) ==
+ android::vold::Disk::Flags::kUfsCard)
+ return true;
+ return false;
+}
+
bool is_wrapped_key_supported() {
return GetEntryForMountPoint(&fstab_default, DATA_MNT_POINT)->fs_mgr_flags.wrapped_key;
}
-bool is_wrapped_key_supported_external() {
+bool is_wrapped_key_supported_external(int flags) {
+ if (is_ice_supported_external(flags))
+ return GetEntryForMountPoint(&fstab_default, DATA_MNT_POINT)->fs_mgr_flags.wrapped_key;
return false;
}
@@ -594,7 +608,7 @@
}
static bool read_or_create_volkey(const std::string& misc_path, const std::string& volume_uuid,
- PolicyKeyRef* key_ref) {
+ PolicyKeyRef* key_ref, int flags) {
auto secdiscardable_path = volume_secdiscardable_path(volume_uuid);
std::string secdiscardable_hash;
bool wrapped_key_supported = false;
@@ -615,13 +629,20 @@
return false;
}
android::vold::KeyAuthentication auth("", secdiscardable_hash);
- wrapped_key_supported = is_wrapped_key_supported_external();
+ wrapped_key_supported = is_wrapped_key_supported_external(flags);
if (!android::vold::retrieveAndInstallKey(true, auth, key_path, key_path + "_tmp",
&key_ref->key_raw_ref, wrapped_key_supported))
return false;
- key_ref->contents_mode =
- android::base::GetProperty("ro.crypto.volume.contents_mode", "aes-256-xts");
+
+ if (is_ice_supported_external(flags)) {
+ key_ref->contents_mode =
+ android::base::GetProperty("ro.crypto.volume.contents_mode", "ice");
+ } else {
+ key_ref->contents_mode =
+ android::base::GetProperty("ro.crypto.volume.contents_mode", "aes-256-xts");
+ }
+
key_ref->filenames_mode =
android::base::GetProperty("ro.crypto.volume.filenames_mode", "aes-256-heh");
return true;
@@ -831,7 +852,7 @@
if (!ensure_policy(de_ref, misc_de_path)) return false;
if (!ensure_policy(de_ref, vendor_de_path)) return false;
} else {
- if (!read_or_create_volkey(misc_de_path, volume_uuid, &de_ref)) return false;
+ if (!read_or_create_volkey(misc_de_path, volume_uuid, &de_ref, flags)) return false;
}
if (!ensure_policy(de_ref, user_de_path)) return false;
}
@@ -863,7 +884,7 @@
if (!ensure_policy(ce_ref, vendor_ce_path)) return false;
} else {
- if (!read_or_create_volkey(misc_ce_path, volume_uuid, &ce_ref)) return false;
+ if (!read_or_create_volkey(misc_ce_path, volume_uuid, &ce_ref, flags)) return false;
}
if (!ensure_policy(ce_ref, media_ce_path)) return false;
if (!ensure_policy(ce_ref, user_ce_path)) return false;