decrypt: AOSP 10 requires the use of fscrypt
fscrypt aosp doc: https://source.android.com/security/encryption/file-based
kernel fscrypt doc: https://www.kernel.org/doc/html/v4.18/filesystems/fscrypt.html
This commit implements the ability for TWRP to use fscrypt to decrypt
files on the fscrypt implementation. It has been implemented mostly
in a new successor library to e4crypt called libtwrpfscrypt. Most of the
code was ported from AOSP vold.
Notable updates include:
- updated policy storage by libtar
- lookup of fbe policies by libtwrpfscrypt
- threaded keystore operations
Big thanks to Dees_Troy for the initial trailblazing
of encryption in TWRP.
Change-Id: I69cd2eba3693a9914e00213d4943229635d0cdae
diff --git a/partitions.hpp b/partitions.hpp
index cfe6970..79197ed 100755
--- a/partitions.hpp
+++ b/partitions.hpp
@@ -26,6 +26,7 @@
#include "exclude.hpp"
#include "tw_atomic.hpp"
#include "progresstracking.hpp"
+#include "fscrypt_policy.h"
#define MAX_FSTAB_LINE_LENGTH 2048
@@ -185,10 +186,10 @@
private:
bool Process_Fstab_Line(const char *fstab_line, bool Display_Error, std::map<string, Flags_Map> *twrp_flags, bool Sar_Detect); // Processes a fstab line
void Setup_Data_Partition(bool Display_Error); // Setup data partition after fstab processed
+ void Set_FBE_Status(); // Set FBE status of partition
void Setup_Cache_Partition(bool Display_Error); // Setup cache partition after fstab processed
bool Find_Wildcard_Block_Devices(const string& Device); // Searches for and finds wildcard block devices
void Find_Actual_Block_Device(); // Determines the correct block device and stores it in Actual_Block_Device
-
void Apply_TW_Flag(const unsigned flag, const char* str, const bool val); // Apply custom twrp fstab flags
void Process_TW_Flags(char *flags, bool Display_Error, int fstab_ver); // Process custom twrp fstab flags
void Process_FS_Flags(const char *str); // Process standard fstab fs flags
@@ -212,6 +213,7 @@
bool Wipe_NTFS(); // Uses mkntfs to wipe
bool Wipe_Data_Without_Wiping_Media(); // Uses rm -rf to wipe but does not wipe /data/media
bool Wipe_Data_Without_Wiping_Media_Func(const string& parent); // Uses rm -rf to wipe but does not wipe /data/media
+ bool Recreate_AB_Cache_Dir(const fscrypt_encryption_policy &policy); // Recreate AB_CACHE_DIR after wipe
void Wipe_Crypto_Key(); // Wipe crypto key from either footer or block device
bool Backup_Tar(PartitionSettings *part_settings, pid_t *tar_fork_pid); // Backs up using tar for file systems
bool Backup_Image(PartitionSettings *part_settings); // Backs up using raw read/write for emmc memory types
@@ -279,7 +281,6 @@
string Mount_Options; // File system options from recovery.fstab
unsigned long Format_Block_Size; // Block size for formatting
bool Ignore_Blkid; // Ignore blkid results due to superblocks lying to us on certain devices / partitions
- bool Retain_Layout_Version; // Retains the .layout_version file during a wipe (needed on devices like Sony Xperia T where /data and /data/media are separate partitions)
bool Can_Flash_Img; // Indicates if this partition can have images flashed to it via the GUI
bool Mount_Read_Only; // Only mount this partition as read-only
bool Is_Adopted_Storage; // Indicates that this partition is for adopted storage (android_expand)
@@ -312,6 +313,7 @@
public:
int Process_Fstab(string Fstab_Filename, bool Display_Error, bool Sar_Detect); // Parses the fstab and populates the partitions
int Write_Fstab(); // Creates /etc/fstab file that's used by the command line for mount commands
+ void Decrypt_Data(); // Decrypt Data if enabled
void Output_Partition_Logging(); // Outputs partition information to the log
void Output_Partition(TWPartition* Part); // Outputs partition details to the log
int Mount_By_Path(string Path, bool Display_Error); // Mounts partition based on path (e.g. /system)
@@ -390,6 +392,7 @@
std::string Get_Super_Partition(); // Get Super Partition block device path
void Setup_Super_Devices(); // Setup logical dm devices on super partition
bool Get_Super_Status(); // Return whether device has a super partition
+ void Setup_Super_Partition(); // Setup the super partition for backup and restore
private:
void Setup_Settings_Storage_Partition(TWPartition* Part); // Sets up settings storage