From 13d5bb4badf59e22d9d983d104596da3ec4f2753 Mon Sep 17 00:00:00 2001
From: Paul Lawrence <paullawrence@google.com>
Date: Thu, 30 Jan 2014 10:43:52 -0800
Subject: [PATCH] Mount default encrypted devices at boot

If userdata is default encrypted, we should mount it at boot
to avoid bringing the framework up and then down unnecessarily.

Needs matching vold changes from
 https://googleplex-android-review.googlesource.com/#/c/412649/

Bug: 8769627
Change-Id: I4b8276befd832cd788e15c36edfbf8f0e18d7e6b
---
 init/builtins.c |  4 ++--
 rootdir/init.rc | 13 ++++++++++++-
 2 files changed, 14 insertions(+), 3 deletions(-)

diff --git a/init/builtins.c b/init/builtins.c
index e2932d5d9..a16806278 100644
--- a/init/builtins.c
+++ b/init/builtins.c
@@ -501,10 +501,10 @@ int do_mount_all(int nargs, char **args)
         return -1;
     }
 
-    /* ret is 1 if the device is encrypted, 0 if not, and -1 on error */
+    /* ret is 1 if the device appears encrypted, 0 if not, and -1 on error */
     if (ret == 1) {
         property_set("ro.crypto.state", "encrypted");
-        property_set("vold.decrypt", "1");
+        property_set("vold.decrypt", "trigger_default_encryption");
     } else if (ret == 0) {
         property_set("ro.crypto.state", "unencrypted");
         /* If fs_mgr determined this is an unencrypted device, then trigger
diff --git a/rootdir/init.rc b/rootdir/init.rc
index 51246fb48..e28af4dad 100644
--- a/rootdir/init.rc
+++ b/rootdir/init.rc
@@ -391,11 +391,15 @@ on boot
     setprop net.tcp.buffersize.evdo     4094,87380,262144,4096,16384,262144
 
     class_start core
-    class_start main
 
 on nonencrypted
+    class_start main
     class_start late_start
 
+on property:vold.decrypt=trigger_default_encryption
+    start surfaceflinger
+    start defaultcrypto
+
 on charger
     class_start charger
 
@@ -529,6 +533,13 @@ service media /system/bin/mediaserver
     group audio camera inet net_bt net_bt_admin net_bw_acct drmrpc mediadrm
     ioprio rt 4
 
+# One shot invocation to deal with encrypted volume.
+service defaultcrypto /system/bin/vdc --wait cryptfs mountdefaultencrypted
+    disabled
+    oneshot
+    # vold will set vold.decrypt to trigger_restart_framework (default
+    # encryption) or trigger_restart_min_framework (other encryption)
+
 service bootanim /system/bin/bootanimation
     class main
     user graphics