commit bcd23d3e0c05e9e3ccf315f136b431c793684389
author bigbiff <bigbiff@teamw.in> Wed Sep 22 18:22:13 2021 -0400
committer bigbiff <bigbiff@teamw.in> Mon Sep 27 20:18:37 2021 +0000
tree 7eb8c953f32772c23a13501d39df249187bc0789
parent aed1bdfe59fddd8ee59ff6bbfbcdabf89df808ff

wrappedkey: import fixes from lineage

 vold: Enable legacy support for wrapped key

Legacy wrapped key support was dropped while merging changes
to support multiple versions of dm-default key driver in kernel.
Fix this by calling legacy API to check wrapped key support for
metadata encryption.

CRs-Fixed: 2678344
Change-Id: I7d9efec09ddf7169cf0b1114b4e16b9fe38cad4b
Signed-off-by: Neeraj Soni <neersoni@codeaurora.org>

 system: vold: Use wrapped key for metadata encryption

Wrapped key feature is needed for better security of encryption keys and
to
ensure data integrity when crypto key cache is cleared during reset
operation
of storage/crypto hardware.

Original patch:
https://source.codeaurora.org/quic/la/platform/system/vold/commit/?h=LA.QSSI.11.0.r1-05600-qssi.0&id=c480f913e6abc2757c0d79afba5a3df1c4adc731
[Pig]: Clean up all deprecated codes that were removed during latter
merge.

CRs-Fixed: 2367150
Change-Id: I83d14861bf81e102151fa3417d84008c214a9ac0

 vold: Bring in more wrapped key changes

Change-Id: I44e81afaec78c567a0bf2eed30a79eb737e2a867

crypto/fscrypt/FsCrypt.cpp

diff --git a/crypto/fscrypt/FsCrypt.cpp b/crypto/fscrypt/FsCrypt.cpp
index 3f388d3..aa31fe1 100755
--- a/crypto/fscrypt/FsCrypt.cpp
+++ b/crypto/fscrypt/FsCrypt.cpp
@@ -247,6 +247,10 @@
                    << entry->encryption_options;
         return false;
     }
+    if (options->version == 1) {
+        options->use_hw_wrapped_key =
+            GetEntryForMountPoint(&fstab_default, DATA_MNT_POINT)->fs_mgr_flags.wrapped_key;
+    }
     if ((options->flags & FSCRYPT_POLICY_FLAG_IV_INO_LBLK_32) &&
         !IsEmmcStorage(entry->blk_device)) {
         LOG(ERROR) << "The emmc_optimized encryption flag is only allowed on eMMC storage.  Remove "
@@ -294,6 +298,14 @@
     return true;
 }
 
+bool is_metadata_wrapped_key_supported() {
+    if (!ReadDefaultFstab(&fstab_default)) {
+        PLOG(ERROR) << "Failed to open default fstab";
+        return false;
+    }
+    return GetEntryForMountPoint(&fstab_default, METADATA_MNT_POINT)->fs_mgr_flags.wrapped_key;
+}
+
 static bool read_and_install_user_ce_key(userid_t user_id,
                                          const ::KeyAuthentication& auth) {
     if (s_ce_policies.count(user_id) != 0) return true;