From b262d6864eea115b06edf1846ea862e48cd5398d Mon Sep 17 00:00:00 2001 From: Paul Lawrence Date: Thu, 29 Oct 2015 10:31:02 -0700 Subject: [PATCH] Add developer option to convert from FDE to FBE This set of changes adds the screen that offers this conversion, and the plumbing so the option is only available on suitable devices. It does not implement the conversion mechanism. Change-Id: Idbe5ef5d5fad197cc8187e1b288c57feef2c2c0b --- fs_mgr/fs_mgr.c | 4 +++- fs_mgr/fs_mgr_fstab.c | 13 ++++++++++++- fs_mgr/fs_mgr_priv.h | 1 + fs_mgr/include/fs_mgr.h | 1 + 4 files changed, 17 insertions(+), 2 deletions(-) diff --git a/fs_mgr/fs_mgr.c b/fs_mgr/fs_mgr.c index c47a58591..d754516ad 100644 --- a/fs_mgr/fs_mgr.c +++ b/fs_mgr/fs_mgr.c @@ -444,6 +444,7 @@ static int handle_encryptable(struct fstab *fstab, const struct fstab_rec* rec) { /* If this is block encryptable, need to trigger encryption */ if ( (rec->fs_mgr_flags & MF_FORCECRYPT) + || (rec->fs_mgr_flags & MF_FORCEFDEORFBE) || (device_is_force_encrypted() && fs_mgr_is_encryptable(rec))) { if (umount(rec->mount_point) == 0) { return FS_MGR_MNTALL_DEV_NEEDS_ENCRYPTION; @@ -881,7 +882,8 @@ int fs_mgr_get_crypt_info(struct fstab *fstab, char *key_loc, char *real_blk_dev if (fstab->recs[i].fs_mgr_flags & MF_VOLDMANAGED) { continue; } - if (!(fstab->recs[i].fs_mgr_flags & (MF_CRYPT | MF_FORCECRYPT))) { + if (!(fstab->recs[i].fs_mgr_flags + & (MF_CRYPT | MF_FORCECRYPT | MF_FORCEFDEORFBE))) { continue; } diff --git a/fs_mgr/fs_mgr_fstab.c b/fs_mgr/fs_mgr_fstab.c index cf35b3f42..c8c624d8f 100644 --- a/fs_mgr/fs_mgr_fstab.c +++ b/fs_mgr/fs_mgr_fstab.c @@ -64,6 +64,7 @@ static struct flag_list fs_mgr_flags[] = { { "encryptable=",MF_CRYPT }, { "forceencrypt=",MF_FORCECRYPT }, { "fileencryption",MF_FILEENCRYPTION }, + { "forcefdeorfbe=",MF_FORCEFDEORFBE }, { "nonremovable",MF_NONREMOVABLE }, { "voldmanaged=",MF_VOLDMANAGED}, { "length=", MF_LENGTH }, @@ -140,6 +141,11 @@ static int parse_flags(char *flags, struct flag_list *fl, * location of the keys. Get it and return it. */ flag_vals->key_loc = strdup(strchr(p, '=') + 1); + } else if ((fl[i].flag == MF_FORCEFDEORFBE) && flag_vals) { + /* The forcefdeorfbe flag is followed by an = and the + * location of the keys. Get it and return it. + */ + flag_vals->key_loc = strdup(strchr(p, '=') + 1); } else if ((fl[i].flag == MF_LENGTH) && flag_vals) { /* The length flag is followed by an = and the * size of the partition. Get it and return it. @@ -464,7 +470,7 @@ int fs_mgr_is_verified(const struct fstab_rec *fstab) int fs_mgr_is_encryptable(const struct fstab_rec *fstab) { - return fstab->fs_mgr_flags & (MF_CRYPT | MF_FORCECRYPT); + return fstab->fs_mgr_flags & (MF_CRYPT | MF_FORCECRYPT | MF_FORCEFDEORFBE); } int fs_mgr_is_file_encrypted(const struct fstab_rec *fstab) @@ -472,6 +478,11 @@ int fs_mgr_is_file_encrypted(const struct fstab_rec *fstab) return fstab->fs_mgr_flags & MF_FILEENCRYPTION; } +int fs_mgr_is_convertible_to_fbe(const struct fstab_rec *fstab) +{ + return fstab->fs_mgr_flags & MF_FORCEFDEORFBE; +} + int fs_mgr_is_noemulatedsd(const struct fstab_rec *fstab) { return fstab->fs_mgr_flags & MF_NOEMULATEDSD; diff --git a/fs_mgr/fs_mgr_priv.h b/fs_mgr/fs_mgr_priv.h index ba0e097b0..181b6cdf5 100644 --- a/fs_mgr/fs_mgr_priv.h +++ b/fs_mgr/fs_mgr_priv.h @@ -82,6 +82,7 @@ __BEGIN_DECLS #define MF_FILEENCRYPTION 0x2000 #define MF_FORMATTABLE 0x4000 #define MF_SLOTSELECT 0x8000 +#define MF_FORCEFDEORFBE 0x10000 #define DM_BUF_SIZE 4096 diff --git a/fs_mgr/include/fs_mgr.h b/fs_mgr/include/fs_mgr.h index 27fccf72e..eb0a7fc93 100644 --- a/fs_mgr/include/fs_mgr.h +++ b/fs_mgr/include/fs_mgr.h @@ -102,6 +102,7 @@ int fs_mgr_is_nonremovable(const struct fstab_rec *fstab); int fs_mgr_is_verified(const struct fstab_rec *fstab); int fs_mgr_is_encryptable(const struct fstab_rec *fstab); int fs_mgr_is_file_encrypted(const struct fstab_rec *fstab); +int fs_mgr_is_convertible_to_fbe(const struct fstab_rec *fstab); int fs_mgr_is_noemulatedsd(const struct fstab_rec *fstab); int fs_mgr_is_notrim(struct fstab_rec *fstab); int fs_mgr_is_formattable(struct fstab_rec *fstab);