Infrastructure to securely allow only one prompt at boot when encrypted
Add a call to vold that says if we decrypted the data partition. Reset the
flag so that it only returns true the first time.
Bug: 12990752
Change-Id: Ib00be87137c00fb8ad29205c85a3ea187764b702
diff --git a/cryptfs.c b/cryptfs.c
index 9c2b4bc..f8d14cf 100644
--- a/cryptfs.c
+++ b/cryptfs.c
@@ -79,6 +79,12 @@
static int master_key_saved = 0;
static struct crypt_persist_data *persist_data = NULL;
+/* Set when userdata is successfully decrypted and mounted.
+ * Reset whenever read (via cryptfs_just_decrypted)
+ * (Read by keyguard to avoid a double prompt.)
+ */
+static int just_decrypted = 0;
+
extern struct fstab *fstab;
static void cryptfs_reboot(int recovery)
@@ -1464,6 +1470,11 @@
rc = test_mount_encrypted_fs(&crypt_ftr, passwd,
DATA_MNT_POINT, "userdata");
+
+ if (rc == 0 && crypt_ftr.crypt_type != CRYPT_TYPE_DEFAULT) {
+ just_decrypted = 1;
+ }
+
return rc;
}
@@ -2481,3 +2492,10 @@
return crypt_ftr.crypt_type;
}
+
+int cryptfs_just_decrypted(void)
+{
+ int rc = just_decrypted;
+ just_decrypted = 0;
+ return rc;
+}