vold: allow specifying HEH filenames encryption
Make the vold changes needed to support specifying aes-256-heh filenames
encryption. The previous mode, aes-256-cts, remains supported as well.
The file /data/unencrypted/mode is updated to have the syntax
contents_encryption_mode[:filenames_encryption_mode] instead of just
contents_encryption_mode. This is consistent with the new fstab syntax.
Bug: 34712722
Change-Id: Ibc236d0ec4fdeda4e4e301f45fb996317692cfa3
diff --git a/Ext4Crypt.cpp b/Ext4Crypt.cpp
index 682b34c..c0a1ebc 100644
--- a/Ext4Crypt.cpp
+++ b/Ext4Crypt.cpp
@@ -385,9 +385,14 @@
}
static bool ensure_policy(const std::string& raw_ref, const std::string& path) {
+ const char *contents_mode;
+ const char *filenames_mode;
+
+ cryptfs_get_file_encryption_modes(&contents_mode, &filenames_mode);
+
if (e4crypt_policy_ensure(path.c_str(),
raw_ref.data(), raw_ref.size(),
- cryptfs_get_file_encryption_mode()) != 0) {
+ contents_mode, filenames_mode) != 0) {
LOG(ERROR) << "Failed to set policy on: " << path;
return false;
}
@@ -446,9 +451,13 @@
return true;
}
+ const char *contents_mode;
+ const char *filenames_mode;
+ cryptfs_get_file_encryption_modes(&contents_mode, &filenames_mode);
+ std::string modestring = std::string(contents_mode) + ":" + filenames_mode;
+
std::string mode_filename = std::string("/data") + e4crypt_key_mode;
- std::string mode = cryptfs_get_file_encryption_mode();
- if (!android::base::WriteStringToFile(mode, mode_filename)) {
+ if (!android::base::WriteStringToFile(modestring, mode_filename)) {
PLOG(ERROR) << "Cannot save type";
return false;
}