FsCrypt update: support fscrypt policies v1 and v2
This patchset introduces support decryption for Android 11.
In this update we deprecate ext4crypt. To specify the
policy version to use, use TW_USE_FSCRYPT_POLICY := 1 or
TW_USE_FSCRYPT_POLICY := 2. By default policy version will
be set to 2 if this variable is omitted.
Change-Id: I62a29c1bef36c259ec4b11259f71be613d20a112
diff --git a/partition.cpp b/partition.cpp
index f21b6a3..cf5c881 100755
--- a/partition.cpp
+++ b/partition.cpp
@@ -48,9 +48,7 @@
#include "adbbu/libtwadbbu.hpp"
#ifdef TW_INCLUDE_CRYPTO
#include "crypto/fde/cryptfs.h"
- #ifdef TW_INCLUDE_FBE
- #include "crypto/ext4crypt/Decrypt.h"
- #endif
+ #include "Decrypt.h"
#else
#define CRYPT_FOOTER_OFFSET 0x4000
#endif
@@ -763,11 +761,13 @@
ExcludeAll(Mount_Point + "/misc/gatekeeper");
ExcludeAll(Mount_Point + "/misc/keystore");
ExcludeAll(Mount_Point + "/drm/kek.dat");
- ExcludeAll(Mount_Point + "/system_de/0/spblob"); // contains data needed to decrypt pixel 2
- ExcludeAll(Mount_Point + "/system/users/0/gatekeeper.password.key");
- ExcludeAll(Mount_Point + "/system/users/0/gatekeeper.pattern.key");
+ ExcludeAll(Mount_Point + "/system_de/0/spblob"); // contains data needed to decrypt synthetic password
+ // ExcludeAll(Mount_Point + "/system/users/0/gatekeeper.password.key");
+ // ExcludeAll(Mount_Point + "/system/users/0/gatekeeper.pattern.key");
ExcludeAll(Mount_Point + "/cache");
+ ExcludeAll(Mount_Point + "/system/users/0");
ExcludeAll(Mount_Point + "/per_boot"); // removed each boot by init
+
int retry_count = 3;
while (!Decrypt_DE() && --retry_count)
usleep(2000);
@@ -1018,6 +1018,7 @@
break;
case TWFLAG_KEYDIRECTORY:
Key_Directory = str;
+ LOGINFO("setting Key_Directory to: %s\n", Key_Directory.c_str());
break;
case TWFLAG_DM_USE_ORIGINAL_PATH:
Use_Original_Path = true;