From 0098201dc3cd2845f5cf1ac579d8fa0ce85e89d3 Mon Sep 17 00:00:00 2001
From: Mohammad Samiul Islam <samiul@google.com>
Date: Mon, 14 Sep 2020 17:48:43 +0100
Subject: [PATCH] Activate encryption for /data/app-staging folder

Without enabling the encryption on this folder, we will not be able to
rename files from this folder to /data/app folder, since /data/app
folder is encrypted. Trying to rename files between unencrypted folder
to encrypted folder throws EXDEV error.

Turning on encryption for /data/app-staging has the following concerns:

1. Turning on the encryption will erase all of its content. But this is fine
since during OTA we fail all staged sessions anyway.
2. We need to create hardlinks from /data/app-staging to
/data/apex/active. This is also fine since we will be creating link from
encrypted folder (/data/app-staging) to non-encrypted folder and this
does not throw EXDEV error.

Bug: 163037460
Test: atest StagedInstallTest
Change-Id: Ie78f6df0c0e08de54a39c5e406957ad0a56b7727
---
 rootdir/init.rc | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/rootdir/init.rc b/rootdir/init.rc
index 91f2c5766..c847ba578 100644
--- a/rootdir/init.rc
+++ b/rootdir/init.rc
@@ -567,7 +567,7 @@ on post-fs-data
     mkdir /data/apex/backup 0700 root system
     mkdir /data/apex/hashtree 0700 root system
     mkdir /data/apex/sessions 0700 root system
-    mkdir /data/app-staging 0750 system system encryption=None
+    mkdir /data/app-staging 0750 system system encryption=DeleteIfNecessary
     start apexd
 
     # Avoid predictable entropy pool. Carry over entropy from previous boot.