Gitiles
Code Review Sign In
gerrit-public.fairphone.software / platform / system / vold / f376a01cf6f74cb8c8f4845a57f5c9e3da4e86ce^! / . / MetadataCrypt.cpp
commitf376a01cf6f74cb8c8f4845a57f5c9e3da4e86ce[log] [tgz]
authorPaul Lawrence <paullawrence@google.com>Tue Jun 25 14:44:33 2019 -0700
committerP Adarsh Reddy <padarshr@codeaurora.org>Fri Jun 28 09:11:04 2019 +0000
tree0ea8ec0729bf44cf97ac95af030cb3d4b843dd4e
parent57b221f9b8f2d687eca01f7ee084ea99ae9756cc [diff] [blame]
Make ext4 userdata checkpoints work with metadata encryption

When both ext4 user data checkpoints and metadata encryption are
enabled, we are creating two stacked dm devices. This had not been
properly thought through or debugged.

Test: Enable metadata encryption on taimen (add
keydirectory=/metadata/vold/metadata_encryption to flags for userdata in
fstab.hardware)
    Unfortunately metadata is not wiped by fastboot -w, so it is
    necessary to rm metadata/vold -rf whenever you wipe data.
    fastboot flashall -w works
    fastboot reboot -w works
    A normal boot works
    Disable checkpoint commits with
    setprop persist.vold.dont_commit_checkpoint 1
    vdc checkpoint startCheckpoint 10
    adb reboot
    wait for device to fully boot then
    adb reboot
    Wait for device to fully boot then
    adb logcat -d | grep Checkpoint shows the rollback in the logs

    This tests encryption on top of checkpoints with commit, encryption
    without checkpoints, and rollback, which seems to be the key cases.

Bug: 135905679

CRs-Fixed: 2480921
Change-Id: I8365a40298b752af4bb10d00d9ff58ce04beab1f
(cherry picked from commit 236e5e800e18a0c1720ec1044a74c2700107c60c)

diff --git a/MetadataCrypt.cpp b/MetadataCrypt.cpp
index deb7194..35cf3e2 100644
--- a/MetadataCrypt.cpp
+++ b/MetadataCrypt.cpp

@@ -249,7 +249,8 @@
     return true;
 }
 
-bool fscrypt_mount_metadata_encrypted(const std::string& mount_point, bool needs_encrypt) {
+bool fscrypt_mount_metadata_encrypted(const std::string& blk_device, const std::string& mount_point,
+                                      bool needs_encrypt) {
     LOG(DEBUG) << "fscrypt_mount_metadata_encrypted: " << mount_point << " " << needs_encrypt;
     auto encrypted_state = android::base::GetProperty("ro.crypto.state", "");
     if (encrypted_state != "") {
@@ -268,13 +269,14 @@
     if (!get_number_of_sectors(data_rec->blk_device, &nr_sec)) return false;
     std::string crypto_blkdev;
     if (!create_crypto_blk_dev(kDmNameUserdata, nr_sec, DEFAULT_KEY_TARGET_TYPE,
-                               default_key_params(data_rec->blk_device, key), &crypto_blkdev))
+                               default_key_params(blk_device, key), &crypto_blkdev))
         return false;
+
     // FIXME handle the corrupt case
     if (needs_encrypt) {
         LOG(INFO) << "Beginning inplace encryption, nr_sec: " << nr_sec;
         off64_t size_already_done = 0;
-        auto rc = cryptfs_enable_inplace(crypto_blkdev.data(), data_rec->blk_device.data(), nr_sec,
+        auto rc = cryptfs_enable_inplace(crypto_blkdev.data(), blk_device.data(), nr_sec,
                                          &size_already_done, nr_sec, 0, false);
         if (rc != 0) {
             LOG(ERROR) << "Inplace crypto failed with code: " << rc;