commit 253368a0726120efa57664cdd1d088af099a3d81
author Ethan Yonker <dees_troy@teamw.in> Tue Nov 25 15:00:52 2014 -0600
committer Dees Troy <dees_troy@teamw.in> Thu Dec 04 17:30:16 2014 +0100
tree 56cf3b08cdf70d016a2411fba977f7cd143bc265
parent 1db013bf283c66e89b029cdcfabf27c70b095620

Reduce libs needed for decrypt and clean up old decypt files

Trim cryptfs.c to remove functions that TWRP does not use for
decrypt and remove the need for libfs_mgr from cryptfs.c by
passing some items to cryptfs.c from the partition manager.

Add support for new fstab flags:
encryptable and forceencrypt=/path/to/cryptokey
For example:
flags=forceencrypt=/dev/block/platform/sdhci-tegra.3/by-name/MD1
Note that "footer" is the default, so you do not need to set this
flag on devices that use the footer for the crypto key.
Also add mounttodecrypt if you need to mount a partition during
the decrypt cycle for firmware of proprietary libs.

Clean up decrypt and only support one version

Android 5.0 lollipop decrypt should be backwards compatible with
older versions so we will only support one version, 1.3 that came
with 5.0 lollipop.

Remove support for Samsung TouchWiz decrypt. It does not work with
the latest versions of Samsung encryption anyway and it has not
been updated to work with any AOSP decryption higher than 1.1

Change-Id: I2d9c6e31df50268c91ee642c2fa090f901d9d5c9

partitionmanager.cpp

diff --git a/partitionmanager.cpp b/partitionmanager.cpp
index c3b10ac..93caf20 100644
--- a/partitionmanager.cpp
+++ b/partitionmanager.cpp
@@ -49,13 +49,7 @@
 }
 
 #ifdef TW_INCLUDE_CRYPTO
-	#ifdef TW_INCLUDE_JB_CRYPTO
-		#include "crypto/jb/cryptfs.h"
-	#elif defined(TW_INCLUDE_L_CRYPTO)
-		#include "crypto/lollipop/cryptfs.h"
-	#else
-		#include "crypto/ics/cryptfs.h"
-	#endif
+	#include "crypto/lollipop/cryptfs.h"
 #endif
 
 extern bool datamedia;
@@ -139,7 +133,7 @@
 	if (settings_partition) {
 		Setup_Settings_Storage_Partition(settings_partition);
 	}
-#ifdef TW_INCLUDE_L_CRYPTO
+#ifdef TW_INCLUDE_CRYPTO
 	TWPartition* Decrypt_Data = Find_Partition_By_Path("/data");
 	if (Decrypt_Data && Decrypt_Data->Is_Encrypted && !Decrypt_Data->Is_Decrypted) {
 		int password_type = cryptfs_get_password_type();
@@ -261,6 +255,8 @@
 		printf("Ignore_Blkid ");
 	if (Part->Retain_Layout_Version)
 		printf("Retain_Layout_Version ");
+	if (Part->Mount_To_Decrypt)
+		printf("Mount_To_Decrypt ");
 	printf("\n");
 	if (!Part->SubPartition_Of.empty())
 		printf("   SubPartition_Of: %s\n", Part->SubPartition_Of.c_str());
@@ -274,6 +270,8 @@
 		printf("   Alternate_Block_Device: %s\n", Part->Alternate_Block_Device.c_str());
 	if (!Part->Decrypted_Block_Device.empty())
 		printf("   Decrypted_Block_Device: %s\n", Part->Decrypted_Block_Device.c_str());
+	if (!Part->Crypto_Key_Location.empty() && Part->Crypto_Key_Location != "footer")
+		printf("   Crypto_Key_Location: %s\n", Part->Crypto_Key_Location.c_str());
 	if (Part->Length != 0)
 		printf("   Length: %i\n", Part->Length);
 	if (!Part->Display_Name.empty())
@@ -1352,61 +1350,32 @@
 	int ret_val, password_len;
 	char crypto_blkdev[255], cPassword[255];
 	size_t result;
+	std::vector<TWPartition*>::iterator iter;
 
 	property_set("ro.crypto.state", "encrypted");
-#if defined(TW_INCLUDE_JB_CRYPTO) || defined(TW_INCLUDE_L_CRYPTO)
-	// No extra flags needed
-#else
-	property_set("ro.crypto.fs_type", CRYPTO_FS_TYPE);
-	property_set("ro.crypto.fs_real_blkdev", CRYPTO_REAL_BLKDEV);
-	property_set("ro.crypto.fs_mnt_point", CRYPTO_MNT_POINT);
-	property_set("ro.crypto.fs_options", CRYPTO_FS_OPTIONS);
-	property_set("ro.crypto.fs_flags", CRYPTO_FS_FLAGS);
-	property_set("ro.crypto.keyfile.userdata", CRYPTO_KEY_LOC);
 
-#ifdef CRYPTO_SD_FS_TYPE
-	property_set("ro.crypto.sd_fs_type", CRYPTO_SD_FS_TYPE);
-	property_set("ro.crypto.sd_fs_real_blkdev", CRYPTO_SD_REAL_BLKDEV);
-	property_set("ro.crypto.sd_fs_mnt_point", EXPAND(TW_INTERNAL_STORAGE_PATH));
-#endif
-
-	property_set("rw.km_fips_status", "ready");
-
-#endif
-
-	// some samsung devices store "footer" on efs partition
-	TWPartition *efs = Find_Partition_By_Path("/efs");
-	if(efs && !efs->Is_Mounted())
-		efs->Mount(false);
-	else
-		efs = 0;
-#ifdef TW_EXTERNAL_STORAGE_PATH
-#ifdef TW_INCLUDE_CRYPTO_SAMSUNG
-	TWPartition* sdcard = Find_Partition_By_Path(EXPAND(TW_EXTERNAL_STORAGE_PATH));
-	if (sdcard && sdcard->Mount(false)) {
-		property_set("ro.crypto.external_encrypted", "1");
-		property_set("ro.crypto.external_blkdev", sdcard->Actual_Block_Device.c_str());
-	} else {
-		property_set("ro.crypto.external_encrypted", "0");
+	// Mount any partitions that need to be mounted for decrypt
+	for (iter = Partitions.begin(); iter != Partitions.end(); iter++) {
+		if ((*iter)->Mount_To_Decrypt) {
+			(*iter)->Mount(true);
+		}
 	}
-#endif
-#endif
 
 	strcpy(cPassword, Password.c_str());
-#ifdef TW_INCLUDE_L_CRYPTO
-	Mount_By_Path("/vendor", false); // if exists, mount vendor partition as we may need some proprietary files
-	Mount_By_Path("/firmware", false); // if exists, mount firmware partition as we may need some proprietary files
-#endif
 	int pwret = cryptfs_check_passwd(cPassword);
 
+	// Unmount any partitions that were needed for decrypt
+	for (iter = Partitions.begin(); iter != Partitions.end(); iter++) {
+		if ((*iter)->Mount_To_Decrypt) {
+			(*iter)->UnMount(false);
+		}
+	}
+
 	if (pwret != 0) {
 		LOGERR("Failed to decrypt data.\n");
 		return -1;
 	}
 
-	if(efs)
-		efs->UnMount(false);
-
 	property_get("ro.crypto.fs_crypto_blkdev", crypto_blkdev, "error");
 	if (strcmp(crypto_blkdev, "error") == 0) {
 		LOGERR("Error retrieving decrypted data block device.\n");
@@ -1421,41 +1390,6 @@
 			dat->Current_File_System = dat->Fstab_File_System; // Needed if we're ignoring blkid because encrypted devices start out as emmc
 			gui_print("Data successfully decrypted, new block device: '%s'\n", crypto_blkdev);
 
-#ifdef CRYPTO_SD_FS_TYPE
-			char crypto_blkdev_sd[255];
-			property_get("ro.crypto.sd_fs_crypto_blkdev", crypto_blkdev_sd, "error");
-			if (strcmp(crypto_blkdev_sd, "error") == 0) {
-				LOGERR("Error retrieving decrypted data block device.\n");
-			} else if(TWPartition* emmc = Find_Partition_By_Path(EXPAND(TW_INTERNAL_STORAGE_PATH))){
-				emmc->Is_Decrypted = true;
-				emmc->Decrypted_Block_Device = crypto_blkdev_sd;
-				emmc->Setup_File_System(false);
-				gui_print("Internal SD successfully decrypted, new block device: '%s'\n", crypto_blkdev_sd);
-			}
-#endif //ifdef CRYPTO_SD_FS_TYPE
-#ifdef TW_EXTERNAL_STORAGE_PATH
-#ifdef TW_INCLUDE_CRYPTO_SAMSUNG
-			char is_external_decrypted[255];
-			property_get("ro.crypto.external_use_ecryptfs", is_external_decrypted, "0");
-			if (strcmp(is_external_decrypted, "1") == 0) {
-				sdcard->Is_Decrypted = true;
-				sdcard->EcryptFS_Password = Password;
-				sdcard->Decrypted_Block_Device = sdcard->Actual_Block_Device;
-				string MetaEcfsFile = EXPAND(TW_EXTERNAL_STORAGE_PATH);
-				MetaEcfsFile += "/.MetaEcfsFile";
-				if (!TWFunc::Path_Exists(MetaEcfsFile)) {
-					// External storage isn't actually encrypted so unmount and remount without ecryptfs
-					sdcard->UnMount(false);
-					sdcard->Mount(false);
-				}
-			} else {
-				LOGINFO("External storage '%s' is not encrypted.\n", sdcard->Mount_Point.c_str());
-				sdcard->Is_Decrypted = false;
-				sdcard->Decrypted_Block_Device = "";
-			}
-#endif
-#endif //ifdef TW_EXTERNAL_STORAGE_PATH
-
 			// Sleep for a bit so that the device will be ready
 			sleep(1);
 			if (dat->Has_Data_Media && dat->Mount(false) && TWFunc::Path_Exists("/data/media/0")) {