The android-4.14-stable and later kernels support the
FS_IOC_ADD_ENCRYPTION_KEY and FS_IOC_REMOVE_ENCRYPTION_KEY ioctls. This
has superseded the old way of adding fscrypt keys to the kernel, which
was to use the add_key() syscall to add keys to the "session" keyring.
On kernels that support the ioctls, Android doesn't use the obsolete
way. Since upgrading even just to Android 14 requires at minimum a
android-4.14-stable kernel (according to
https://source.android.com/docs/core/architecture/kernel/android-common#compatibility-matrix),
there is no need to support the obsolete way anymore.
Therefore, this commit removes the code from init that created a keyring
named "fscrypt" in the session keyring. It also removes the code that
created the session keyring itself, since the only reason that Android
even created a session keyring was just to hold the "fscrypt" keyring.
Flag: N/A for the following reasons:
- Removing obsolete code, which is fairly safe
- Very early code, so runtime flag cannot be used
- Even a build-time flag cannot be used, since init needs
recovery_available, which aconfig libraries do not support
Bug: 311736104
Test: Build and boot Cuttlefish
Change-Id: Id9a184c68cf16d5c4b1d889444cf637c95a91413
During userspace reboot FscryptInstallKeyring will be called again, this
CL will make it second call a no-op, which IMHO is better than having a
special logic in init to conditionally call FscryptInstallKeyring
depending on whenever it's normal boot, or userspace reboot.
Test: adb reboot userspace
Test: checked in kernel logs that new keyring is not created
Bug: 135984674
Change-Id: I4ad5aee6887b7318fb1cd02bf1c7be8da6ece599
FscryptSetDirectoryPolicy no longer tries to infer the action from the
filename. Well mostly; it still assumes top-level directories in /data
should be encrypted unless the mkdir arguments say otherwise, but
it warns.
Bug: 26641735
Test: boot, check log messages
Change-Id: Id6d2cea7fb856f17323897d85cf6190c981b443c
Support setting v2 encryption policies on init-created directories. The
policy version to set is gotten from a new field in
/data/unencrypted/mode, which is the file that's used to pass the
encryption options from vold to init.
Also don't bother falling back to defaults if fields are missing from
this file, since it's re-written on every boot by vold.
Bug: 140500999
Test: tested as series; see If64028d8580584b2c33c614cabd5d6b93657f608
Change-Id: Ia9c5d4b80199686799e3ac80de78a50ed3bdabf4
Bug: 140882488
Test: Booted twice, checked logs to ensure encryption
is different each time, adb created files in directory.
Change-Id: I44f746acd1040f7baa9123d4824ba39b194f287b
On every boot, there is a "duplicate" message logged at INFO level for
every system device-encrypted directory, e.g.:
1 1 I init : Setting policy on /data/app-private
1 1 I init : Encryption policy of /data/app-private set to 3a19970b1aa3abed modes 127/4
Or:
1 1 I init : Setting policy on /data/app-private
1 1 I init : Verified that /data/app-private has the encryption policy 3a19970b1aa3abed modes 127/4
(Before I51ee70706bc9ccb216ccefd7bdfbbfc57faae14d the second messages
were slightly different, but were similar and still at INFO level.)
The issue is that set_system_de_policy_on() prints its own log message,
then calls fscrypt_policy_ensure() which prints a message too; and the
second message is essentially a superset of the first.
Clean this up by removing the message from set_system_de_policy_on().
Test: Booted and checked the log.
Change-Id: I2786ba7e2dbb355f159ac9d8fe5ad1f0a4cdbfea
