allow encrypted filesystems to be mounted readonly By setting ro.crypto.readonly to 1, cryptfs will mount an encrypted filesystem that is normally mounted read-write as read-only instead. To be used when recovery mounts /data. Bug: 12188746 Change-Id: If3f3f9a3024f29ebc4ad721a48546a332cb92b6b

commit: 6fd5771337fddc13bfd8b8030a0767a9f0c47f98 [log] [tgz]
author: Doug Zongker <dougz@android.com> Tue Dec 17 09:43:23 2013 -0800
committer: Doug Zongker <dougz@android.com> Tue Dec 17 09:43:23 2013 -0800
tree: 2316edd0472eaaa9e3ebc206a9980d7bfce2c0a5
parent: dbf5b6652c04fbb59999d3a77c2229b070c154f3 [diff] [blame]
diff --git a/cryptfs.c b/cryptfs.c
index e695fab..7641612 100644
--- a/cryptfs.c
+++ b/cryptfs.c

@@ -1125,6 +1125,17 @@
     }
 
     if (! (rc = wait_and_unmount(DATA_MNT_POINT)) ) {
+        /* If ro.crypto.readonly is set to 1, mount the decrypted
+         * filesystem readonly.  This is used when /data is mounted by
+         * recovery mode.
+         */
+        char ro_prop[PROPERTY_VALUE_MAX];
+        property_get("ro.crypto.readonly", ro_prop, "");
+        if (strlen(ro_prop) > 0 && atoi(ro_prop)) {
+            struct fstab_rec* rec = fs_mgr_get_entry_for_mount_point(fstab, DATA_MNT_POINT);
+            rec->flags |= MS_RDONLY;
+        }
+        
         /* If that succeeded, then mount the decrypted filesystem */
         fs_mgr_do_mount(fstab, DATA_MNT_POINT, crypto_blkdev, 0);
commit	6fd5771337fddc13bfd8b8030a0767a9f0c47f98	[log] [tgz]
author	Doug Zongker <dougz@android.com>	Tue Dec 17 09:43:23 2013 -0800
committer	Doug Zongker <dougz@android.com>	Tue Dec 17 09:43:23 2013 -0800
tree	2316edd0472eaaa9e3ebc206a9980d7bfce2c0a5
parent	dbf5b6652c04fbb59999d3a77c2229b070c154f3 [diff] [blame]