decrypt: AOSP 10 requires the use of fscrypt fscrypt aosp doc: https://source.android.com/security/encryption/file-based kernel fscrypt doc: https://www.kernel.org/doc/html/v4.18/filesystems/fscrypt.html This commit implements the ability for TWRP to use fscrypt to decrypt files on the fscrypt implementation. It has been implemented mostly in a new successor library to e4crypt called libtwrpfscrypt. Most of the code was ported from AOSP vold. Notable updates include: - updated policy storage by libtar - lookup of fbe policies by libtwrpfscrypt - threaded keystore operations Big thanks to Dees_Troy for the initial trailblazing of encryption in TWRP. Change-Id: I69cd2eba3693a9914e00213d4943229635d0cdae

commit: 7ba7500953cb70ff750a3c918d85d8f9be0ad7e2 [log] [tgz]
author: bigbiff <bigbiff@teamw.in> Sat Apr 11 20:47:09 2020 -0400
committer: mauronofrio <poronofrio@gmail.com> Mon Jun 22 12:17:22 2020 +0200
tree: 6936779bf7a9b5d8ae6904e02c6f3743ad452461
parent: f4c155378901d60481b41b4ff919ddfb28fd1dde [diff] [blame]
diff --git a/twrp.cpp b/twrp.cpp
index 1b97f0b..b5f922b 100755
--- a/twrp.cpp
+++ b/twrp.cpp

@@ -70,6 +70,31 @@
 	printf("%s=%s\n", key, name);
 }
 
+static void Decrypt_Page(bool SkipDecryption, bool datamedia) {
+	// Offer to decrypt if the device is encrypted
+	if (DataManager::GetIntValue(TW_IS_ENCRYPTED) != 0) {
+		if (SkipDecryption) {
+			LOGINFO("Skipping decryption\n");
+		} else {
+			LOGINFO("Is encrypted, do decrypt page first\n");
+			if (gui_startPage("decrypt", 1, 1) != 0) {
+				LOGERR("Failed to start decrypt GUI page.\n");
+			} else {
+				// Check for and load custom theme if present
+				TWFunc::check_selinux_support();
+				gui_loadCustomResources();
+			}
+		}
+	} else if (datamedia) {
+		TWFunc::check_selinux_support();
+		if (tw_get_default_metadata(DataManager::GetSettingsStoragePath().c_str()) != 0) {
+			LOGINFO("Failed to get default contexts and file mode for storage files.\n");
+		} else {
+			LOGINFO("Got default contexts and file mode for storage files.\n");
+		}
+	}
+}
+
 int main(int argc, char **argv) {
 	// Recovery needs to install world-readable files, so clear umask
 	// set by init
@@ -199,9 +224,19 @@
 		return -1;
 	}
 	PartitionManager.Output_Partition_Logging();
+#ifdef TW_INCLUDE_CRYPTO
+	DataManager::SetValue(TW_IS_ENCRYPTED, 1);
+#endif
 
-	if (PartitionManager.Get_Super_Status())
+	if (PartitionManager.Get_Super_Status()) {
 		PartitionManager.Setup_Super_Devices();
+		PartitionManager.Setup_Super_Partition();
+	} else {
+#ifdef TW_INCLUDE_CRYPTO
+		if (!PartitionManager.Get_Super_Status())
+			PartitionManager.Decrypt_Data();
+#endif
+	}
 
 	// Load up all the resources
 	gui_loadResources();
@@ -310,28 +345,8 @@
 	LOGINFO("Backup of TWRP ramdisk done.\n");
 #endif
 
-	// Offer to decrypt if the device is encrypted
-	if (DataManager::GetIntValue(TW_IS_ENCRYPTED) != 0) {
-		if (SkipDecryption) {
-			LOGINFO("Skipping decryption\n");
-		} else {
-			LOGINFO("Is encrypted, do decrypt page first\n");
-			if (gui_startPage("decrypt", 1, 1) != 0) {
-				LOGERR("Failed to start decrypt GUI page.\n");
-			} else {
-				// Check for and load custom theme if present
-				TWFunc::check_selinux_support();
-				gui_loadCustomResources();
-			}
-		}
-	} else if (datamedia) {
-		TWFunc::check_selinux_support();
-		if (tw_get_default_metadata(DataManager::GetSettingsStoragePath().c_str()) != 0) {
-			LOGINFO("Failed to get default contexts and file mode for storage files.\n");
-		} else {
-			LOGINFO("Got default contexts and file mode for storage files.\n");
-		}
-	}
+	if (!PartitionManager.Get_Super_Status())
+		Decrypt_Page(SkipDecryption, datamedia);
 
 	// Fixup the RTC clock on devices which require it
 	if (crash_counter == 0)
@@ -339,7 +354,9 @@
 
 	// Read the settings file
 	TWFunc::Update_Log_File();
-	DataManager::ReadSettingsFile();
+
+	if (!PartitionManager.Get_Super_Status())
+		DataManager::ReadSettingsFile();
 	PageManager::LoadLanguage(DataManager::GetStrValue("tw_language"));
 	GUIConsole::Translate_Now();
 
@@ -388,6 +405,11 @@
 				LOGERR("Unable to load apex images from %s\n", APEX_DIR);
 			}
 			property_set("twrp.apex.loaded", "true");
+#ifdef TW_INCLUDE_CRYPTO
+			PartitionManager.Decrypt_Data();
+			Decrypt_Page(SkipDecryption, datamedia);
+			DataManager::ReadSettingsFile();
+#endif
 		} else {
 			if ((DataManager::GetIntValue("tw_mount_system_ro") == 0 && sys->Check_Lifetime_Writes() == 0) || DataManager::GetIntValue("tw_mount_system_ro") == 2) {
 				if (DataManager::GetIntValue("tw_never_show_system_ro_page") == 0) {
@@ -410,6 +432,7 @@
 		}
 	}
 #endif
+
 	twrpAdbBuFifo *adb_bu_fifo = new twrpAdbBuFifo();
 	adb_bu_fifo->threadAdbBuFifo();
 
@@ -424,7 +447,8 @@
 	// Reboot
 	TWFunc::Update_Intent_File(Send_Intent);
 	delete adb_bu_fifo;
-	TWFunc::Update_Log_File();
+	if (!TWFunc::Is_Mount_Wiped("/data"))
+		TWFunc::Update_Log_File();
 	gui_msg(Msg("rebooting=Rebooting..."));
 	string Reboot_Arg;
 	DataManager::GetValue("tw_reboot_arg", Reboot_Arg);
commit	7ba7500953cb70ff750a3c918d85d8f9be0ad7e2	[log] [tgz]
author	bigbiff <bigbiff@teamw.in>	Sat Apr 11 20:47:09 2020 -0400
committer	mauronofrio <poronofrio@gmail.com>	Mon Jun 22 12:17:22 2020 +0200
tree	6936779bf7a9b5d8ae6904e02c6f3743ad452461
parent	f4c155378901d60481b41b4ff919ddfb28fd1dde [diff] [blame]