diff options
| author | AnilKumar Chimata <anilc@codeaurora.org> | 2018-02-11 17:11:24 +0530 |
|---|---|---|
| committer | mosimchah <mosimchah@gmail.com> | 2019-12-14 19:07:02 -0500 |
| commit | 0cea1f3eb128148fb192c6da2ab6547b91e8fbc4 (patch) | |
| tree | bcf0219b697ef79a080743e929e7365ad98755c3 /EncryptInplace.cpp | |
| parent | 23b71c927f28f27cb498e2ca6d436d34991411a7 (diff) | |
system: vold: Remove crypto block device creation
Crypto block device is not required for ICE based
HW FDE solution. This introduces additional delay
and is redundant since data is encrypted inline.
CRs-Fixed: 2210986
Change-Id: I67c044c35e92d2aa9413bc3448b6193f6b6a01d7
Diffstat (limited to 'EncryptInplace.cpp')
| -rw-r--r-- | EncryptInplace.cpp | 77 |
1 files changed, 77 insertions, 0 deletions
diff --git a/EncryptInplace.cpp b/EncryptInplace.cpp index 3755718..7a2ddbf 100644 --- a/EncryptInplace.cpp +++ b/EncryptInplace.cpp @@ -32,6 +32,9 @@ #include <android-base/logging.h> #include <android-base/properties.h> +#ifdef CONFIG_HW_DISK_ENCRYPTION +#include "cryptfs_hw.h" +#endif // HORRIBLE HACK, FIXME #include "cryptfs.h" @@ -273,6 +276,27 @@ static int cryptfs_enable_inplace_ext4(const char* crypto_blkdev, const char* re } LOG(DEBUG) << "Opening" << crypto_blkdev; +#if defined(CONFIG_HW_DISK_ENCRYPTION) && defined(CONFIG_HW_DISK_ENCRYPT_PERF) + if (is_ice_enabled()) + data.cryptofd = data.realfd; + else { + // Wait until the block device appears. Re-use the mount retry values since it is reasonable. + while ((data.cryptofd = open(crypto_blkdev, O_WRONLY|O_CLOEXEC)) < 0) { + if (--retries) { + PLOG(ERROR) << "Error opening crypto_blkdev " << crypto_blkdev + << " for ext4 inplace encrypt. err=" << errno + << "(" << strerror(errno) << "), retrying"; + sleep(RETRY_MOUNT_DELAY_SECONDS); + } else { + PLOG(ERROR) << "Error opening crypto_blkdev " << crypto_blkdev + << " for ext4 inplace encrypt. err=" << errno + << "(" << strerror(errno) << "), retrying"; + rc = ENABLE_INPLACE_ERR_DEV; + goto errout; + } + } + } +#else // Wait until the block device appears. Re-use the mount retry values since it is reasonable. while ((data.cryptofd = open(crypto_blkdev, O_WRONLY | O_CLOEXEC)) < 0) { if (--retries) { @@ -286,6 +310,7 @@ static int cryptfs_enable_inplace_ext4(const char* crypto_blkdev, const char* re goto errout; } } +#endif if (setjmp(setjmp_env)) { // NOLINT LOG(ERROR) << "Reading ext4 extent caused an exception"; @@ -331,7 +356,12 @@ static int cryptfs_enable_inplace_ext4(const char* crypto_blkdev, const char* re errout: close(data.realfd); +#if defined(CONFIG_HW_DISK_ENCRYPTION) && defined(CONFIG_HW_DISK_ENCRYPT_PERF) + if (!is_ice_enabled()) + close(data.cryptofd); +#else close(data.cryptofd); +#endif return rc; } @@ -405,12 +435,26 @@ static int cryptfs_enable_inplace_f2fs(const char* crypto_blkdev, const char* re PLOG(ERROR) << "Error opening real_blkdev " << real_blkdev << " for f2fs inplace encrypt"; goto errout; } +#if defined(CONFIG_HW_DISK_ENCRYPTION) && defined(CONFIG_HW_DISK_ENCRYPT_PERF) + if (is_ice_enabled()) + data.cryptofd = data.realfd; + else { + if ((data.cryptofd = open64(crypto_blkdev, O_WRONLY|O_CLOEXEC)) < 0) { + PLOG(ERROR) << "Error opening crypto_blkdev " << crypto_blkdev + << " for f2fs inplace encrypt. err=" << errno + << "(" << strerror(errno) << "), retrying"; + rc = ENABLE_INPLACE_ERR_DEV; + goto errout; + } + } +#else if ((data.cryptofd = open64(crypto_blkdev, O_WRONLY | O_CLOEXEC)) < 0) { PLOG(ERROR) << "Error opening crypto_blkdev " << crypto_blkdev << " for f2fs inplace encrypt"; rc = ENABLE_INPLACE_ERR_DEV; goto errout; } +#endif f2fs_info = generate_f2fs_info(data.realfd); if (!f2fs_info) goto errout; @@ -453,7 +497,12 @@ errout: free(f2fs_info); free(data.buffer); close(data.realfd); +#if defined(CONFIG_HW_DISK_ENCRYPTION) && defined(CONFIG_HW_DISK_ENCRYPT_PERF) + if (!is_ice_enabled()) + close(data.cryptofd); +#else close(data.cryptofd); +#endif return rc; } @@ -474,11 +523,25 @@ static int cryptfs_enable_inplace_full(const char* crypto_blkdev, const char* re return ENABLE_INPLACE_ERR_OTHER; } +#if defined(CONFIG_HW_DISK_ENCRYPTION) && defined(CONFIG_HW_DISK_ENCRYPT_PERF) + if (is_ice_enabled()) + cryptofd = realfd; + else { + if ((cryptofd = open(crypto_blkdev, O_WRONLY|O_CLOEXEC)) < 0) { + PLOG(ERROR) << "Error opening crypto_blkdev " << crypto_blkdev + << " for inplace encrypt. err=" << errno + << "(" << strerror(errno) << "), retrying"; + close(realfd); + return ENABLE_INPLACE_ERR_DEV; + } + } +#else if ((cryptofd = open(crypto_blkdev, O_WRONLY | O_CLOEXEC)) < 0) { PLOG(ERROR) << "Error opening crypto_blkdev " << crypto_blkdev << " for inplace encrypt"; close(realfd); return ENABLE_INPLACE_ERR_DEV; } +#endif /* This is pretty much a simple loop of reading 4K, and writing 4K. * The size passed in is the number of 512 byte sectors in the filesystem. @@ -499,10 +562,19 @@ static int cryptfs_enable_inplace_full(const char* crypto_blkdev, const char* re goto errout; } +#if defined(CONFIG_HW_DISK_ENCRYPTION) && defined(CONFIG_HW_DISK_ENCRYPT_PERF) + if (!is_ice_enabled()) { + if (lseek64(cryptofd, i * CRYPT_SECTOR_SIZE, SEEK_SET) < 0) { + PLOG(ERROR) << "Cannot seek to previously encrypted point on " << crypto_blkdev; + goto errout; + } + } +#else if (lseek64(cryptofd, i * CRYPT_SECTOR_SIZE, SEEK_SET) < 0) { PLOG(ERROR) << "Cannot seek to previously encrypted point on " << crypto_blkdev; goto errout; } +#endif for (; i < size && i % CRYPT_SECTORS_PER_BUFSIZE != 0; ++i) { if (unix_read(realfd, buf, CRYPT_SECTOR_SIZE) <= 0) { @@ -565,7 +637,12 @@ static int cryptfs_enable_inplace_full(const char* crypto_blkdev, const char* re errout: close(realfd); +#if defined(CONFIG_HW_DISK_ENCRYPTION) && defined(CONFIG_HW_DISK_ENCRYPT_PERF) + if (!is_ice_enabled()) + close(cryptofd); +#else close(cryptofd); +#endif return rc; } |