Mount default encrypted devices at boot

If userdata is default encrypted, we should mount it at boot
to avoid bringing the framework up and then down unnecessarily.

Needs matching vold changes from
 https://googleplex-android-review.googlesource.com/#/c/412649/

Bug: 8769627
Change-Id: I4b8276befd832cd788e15c36edfbf8f0e18d7e6b

init/builtins.c

@@ -501,10 +501,10 @@ int do_mount_all(int nargs, char **args)
         return -1;
     }
 
-    /* ret is 1 if the device is encrypted, 0 if not, and -1 on error */
+    /* ret is 1 if the device appears encrypted, 0 if not, and -1 on error */
     if (ret == 1) {
         property_set("ro.crypto.state", "encrypted");
-        property_set("vold.decrypt", "1");
+        property_set("vold.decrypt", "trigger_default_encryption");
     } else if (ret == 0) {
         property_set("ro.crypto.state", "unencrypted");
         /* If fs_mgr determined this is an unencrypted device, then trigger

rootdir/init.rc

@@ -391,11 +391,15 @@ on boot
     setprop net.tcp.buffersize.evdo     4094,87380,262144,4096,16384,262144
 
     class_start core
-    class_start main
 
 on nonencrypted
+    class_start main
     class_start late_start
 
+on property:vold.decrypt=trigger_default_encryption
+    start surfaceflinger
+    start defaultcrypto
+
 on charger
     class_start charger
 
@@ -529,6 +533,13 @@ service media /system/bin/mediaserver
     group audio camera inet net_bt net_bt_admin net_bw_acct drmrpc mediadrm
     ioprio rt 4
 
+# One shot invocation to deal with encrypted volume.
+service defaultcrypto /system/bin/vdc --wait cryptfs mountdefaultencrypted
+    disabled
+    oneshot
+    # vold will set vold.decrypt to trigger_restart_framework (default
+    # encryption) or trigger_restart_min_framework (other encryption)
+
 service bootanim /system/bin/bootanimation
     class main
     user graphics