AOSP10 TWRP Merge: fix conflicts and update libraries needed
This allows flame to boot TWRP. Still will need to work on
super partition for vendor and system access.
The plan will be to cherry-pick any updates to android-9.0
through gerrit.twrp.me to this branch as a WIP.
diff --git a/crypto/ext4crypt/Android.mk b/crypto/ext4crypt/Android.mk
old mode 100644
new mode 100755
index 0c6ef5b..c8283dd
--- a/crypto/ext4crypt/Android.mk
+++ b/crypto/ext4crypt/Android.mk
@@ -3,12 +3,18 @@
include $(CLEAR_VARS)
LOCAL_MODULE := libe4crypt
-LOCAL_MODULE_TAGS := eng optional
+LOCAL_MODULE_TAGS := optional
LOCAL_CFLAGS :=
LOCAL_SRC_FILES := Decrypt.cpp ScryptParameters.cpp Utils.cpp HashPassword.cpp ext4_crypt.cpp
LOCAL_SHARED_LIBRARIES := libselinux libc libc++ libext4_utils libbase libcrypto libcutils libkeymaster_messages libhardware libprotobuf-cpp-lite
LOCAL_STATIC_LIBRARIES := libscrypt_static
-LOCAL_C_INCLUDES := system/extras/ext4_utils system/extras/ext4_utils/include/ext4_utils external/scrypt/lib/crypto system/security/keystore hardware/libhardware/include/hardware system/security/softkeymaster/include/keymaster system/keymaster/include
+LOCAL_C_INCLUDES := system/extras/ext4_utils \
+ system/extras/ext4_utils/include/ext4_utils \
+ external/scrypt/lib/crypto \
+ system/security/keystore/include \
+ hardware/libhardware/include/hardware \
+ system/security/softkeymaster/include/keymaster \
+ system/keymaster/include
ifneq ($(wildcard hardware/libhardware/include/hardware/keymaster0.h),)
LOCAL_CFLAGS += -DTW_CRYPTO_HAVE_KEYMASTERX
@@ -17,6 +23,10 @@
ifeq ($(shell test $(PLATFORM_SDK_VERSION) -ge 26; echo $$?),0)
#8.0 or higher
LOCAL_CFLAGS += -DHAVE_GATEKEEPER1
+ ifeq ($(shell test $(PLATFORM_SDK_VERSION) -ge 29; echo $$?),0)
+ LOCAL_SHARED_LIBRARIES += android.hardware.confirmationui@1.0
+ # LOCAL_CFLAGS += -DUSE_
+ endif
LOCAL_SHARED_LIBRARIES += android.hardware.keymaster@3.0 libkeystore_binder libhidlbase libutils libbinder android.hardware.gatekeeper@1.0
ifeq ($(shell test $(PLATFORM_SDK_VERSION) -ge 28; echo $$?),0)
#9.0 rules
diff --git a/crypto/ext4crypt/Decrypt.cpp b/crypto/ext4crypt/Decrypt.cpp
old mode 100644
new mode 100755
index d8542dc..dcd390f
--- a/crypto/ext4crypt/Decrypt.cpp
+++ b/crypto/ext4crypt/Decrypt.cpp
@@ -52,10 +52,12 @@
#include <sys/types.h>
#include <fstream>
-#include <ext4_utils/ext4_crypt.h>
+#include "ext4_crypt.h"
#ifdef USE_KEYSTORAGE_4
-#include <android/security/IKeystoreService.h>
+#include <android/hardware/confirmationui/1.0/types.h>
+#include <android/security/BnConfirmationPromptCallback.h>
+#include <android/security/keystore/IKeystoreService.h>
#else
#include <keystore/IKeystoreService.h>
#include <keystore/authorization_set.h>
@@ -82,6 +84,10 @@
#include <android-base/file.h>
+#ifdef USE_KEYSTORAGE_4
+using android::security::keystore::IKeystoreService;
+#endif
+
// Store main DE raw ref / policy
extern std::string de_raw_ref;
extern std::map<userid_t, std::string> s_de_key_raw_refs;
@@ -551,7 +557,7 @@
// First get the keystore service
sp<IBinder> binder = getKeystoreBinderRetry();
#ifdef USE_KEYSTORAGE_4
- sp<security::IKeystoreService> service = interface_cast<security::IKeystoreService>(binder);
+ sp<IKeystoreService> service = interface_cast<IKeystoreService>(binder);
#else
sp<IKeystoreService> service = interface_cast<IKeystoreService>(binder);
#endif
diff --git a/crypto/ext4crypt/Keymaster.cpp b/crypto/ext4crypt/Keymaster.cpp
index ec80ab5..3c21aa2 100644
--- a/crypto/ext4crypt/Keymaster.cpp
+++ b/crypto/ext4crypt/Keymaster.cpp
@@ -130,14 +130,14 @@
auto error =
mDevice->update(mOpHandle, nullptr, &inputBlob, &inputConsumed, nullptr, &outputBlob);
if (error != KM_ERROR_OK) {
- LOG(ERROR) << "update failed, code " << error << "\n";
+ LOG(ERROR) << "update failed, code " << error;
mDevice = nullptr;
return false;
}
output->append(reinterpret_cast<const char*>(outputBlob.data), outputBlob.data_length);
free(const_cast<uint8_t*>(outputBlob.data));
if (inputConsumed > toRead) {
- LOG(ERROR) << "update reported too much input consumed\n";
+ LOG(ERROR) << "update reported too much input consumed";
mDevice = nullptr;
return false;
}
@@ -150,7 +150,7 @@
auto error = mDevice->finish(mOpHandle, nullptr, nullptr, nullptr, nullptr);
mDevice = nullptr;
if (error != KM_ERROR_OK) {
- LOG(ERROR) << "finish failed, code " << error << "\n";
+ LOG(ERROR) << "finish failed, code " << error;
return false;
}
return true;
@@ -161,7 +161,7 @@
auto error = mDevice->finish(mOpHandle, nullptr, nullptr, nullptr, &outputBlob);
mDevice = nullptr;
if (error != KM_ERROR_OK) {
- LOG(ERROR) << "finish failed, code " << error << "\n";
+ LOG(ERROR) << "finish failed, code " << error;
return false;
}
output->assign(reinterpret_cast<const char*>(outputBlob.data), outputBlob.data_length);
@@ -174,14 +174,14 @@
const hw_module_t* module;
int ret = hw_get_module_by_class(KEYSTORE_HARDWARE_MODULE_ID, NULL, &module);
if (ret != 0) {
- LOG(ERROR) << "hw_get_module_by_class returned " << ret << "\n";
+ LOG(ERROR) << "hw_get_module_by_class returned " << ret;
return;
}
if (module->module_api_version == KEYMASTER_MODULE_API_VERSION_1_0) {
keymaster1_device_t* device;
ret = keymaster1_open(module, &device);
if (ret != 0) {
- LOG(ERROR) << "keymaster1_open returned " << ret << "\n";
+ LOG(ERROR) << "keymaster1_open returned " << ret;
return;
}
mDevice = std::make_shared<Keymaster1Device>(device);
@@ -189,12 +189,12 @@
keymaster2_device_t* device;
ret = keymaster2_open(module, &device);
if (ret != 0) {
- LOG(ERROR) << "keymaster2_open returned " << ret << "\n";
+ LOG(ERROR) << "keymaster2_open returned " << ret;
return;
}
mDevice = std::make_shared<Keymaster2Device>(device);
} else {
- LOG(ERROR) << "module_api_version is " << module->module_api_version << "\n";
+ LOG(ERROR) << "module_api_version is " << module->module_api_version;
return;
}
}
@@ -203,7 +203,7 @@
keymaster_key_blob_t keyBlob;
auto error = mDevice->generate_key(&inParams, &keyBlob);
if (error != KM_ERROR_OK) {
- LOG(ERROR) << "generate_key failed, code " << error << "\n";
+ LOG(ERROR) << "generate_key failed, code " << error;
return false;
}
key->assign(reinterpret_cast<const char*>(keyBlob.key_material), keyBlob.key_material_size);
@@ -215,7 +215,7 @@
keymaster_key_blob_t keyBlob{reinterpret_cast<const uint8_t*>(key.data()), key.size()};
auto error = mDevice->delete_key(&keyBlob);
if (error != KM_ERROR_OK) {
- LOG(ERROR) << "delete_key failed, code " << error << "\n";
+ LOG(ERROR) << "delete_key failed, code " << error;
return false;
}
return true;
@@ -229,7 +229,7 @@
keymaster_key_param_set_t outParams_set;
auto error = mDevice->begin(purpose, &keyBlob, &inParams, &outParams_set, &mOpHandle);
if (error != KM_ERROR_OK) {
- LOG(ERROR) << "begin failed, code " << error << "\n";
+ LOG(ERROR) << "begin failed, code " << error;
return KeymasterOperation(nullptr, mOpHandle);
}
outParams->Clear();
@@ -244,7 +244,7 @@
keymaster_operation_handle_t mOpHandle;
auto error = mDevice->begin(purpose, &keyBlob, &inParams, nullptr, &mOpHandle);
if (error != KM_ERROR_OK) {
- LOG(ERROR) << "begin failed, code " << error << "\n";
+ LOG(ERROR) << "begin failed, code " << error;
return KeymasterOperation(nullptr, mOpHandle);
}
return KeymasterOperation(mDevice, mOpHandle);
diff --git a/crypto/ext4crypt/Keymaster3.cpp b/crypto/ext4crypt/Keymaster3.cpp
index f8774f2..7862044 100644
--- a/crypto/ext4crypt/Keymaster3.cpp
+++ b/crypto/ext4crypt/Keymaster3.cpp
@@ -56,17 +56,17 @@
auto inputBlob = blob2hidlVec(reinterpret_cast<const uint8_t*>(&*it), toRead);
auto error = mDevice->update(mOpHandle, hidl_vec<KeyParameter>(), inputBlob, hidlCB);
if (!error.isOk()) {
- LOG(ERROR) << "update failed: " << error.description() << "\n";
+ LOG(ERROR) << "update failed: " << error.description();
mDevice = nullptr;
return false;
}
if (km_error != ErrorCode::OK) {
- LOG(ERROR) << "update failed, code " << int32_t(km_error) << "\n";
+ LOG(ERROR) << "update failed, code " << int32_t(km_error);
mDevice = nullptr;
return false;
}
if (inputConsumed > toRead) {
- LOG(ERROR) << "update reported too much input consumed\n";
+ LOG(ERROR) << "update reported too much input consumed";
mDevice = nullptr;
return false;
}
@@ -88,11 +88,11 @@
hidl_vec<uint8_t>(), hidlCb);
mDevice = nullptr;
if (!error.isOk()) {
- LOG(ERROR) << "finish failed: " << error.description() << "\n";
+ LOG(ERROR) << "finish failed: " << error.description();
return false;
}
if (km_error != ErrorCode::OK) {
- LOG(ERROR) << "finish failed, code " << int32_t(km_error) << "\n";
+ LOG(ERROR) << "finish failed, code " << int32_t(km_error);
return false;
}
return true;
@@ -114,27 +114,27 @@
auto error = mDevice->generateKey(inParams.hidl_data(), hidlCb);
if (!error.isOk()) {
- LOG(ERROR) << "generate_key failed: " << error.description() << "\n";
+ LOG(ERROR) << "generate_key failed: " << error.description();
return false;
}
if (km_error != ErrorCode::OK) {
- LOG(ERROR) << "generate_key failed, code " << int32_t(km_error) << "\n";
+ LOG(ERROR) << "generate_key failed, code " << int32_t(km_error);
return false;
}
return true;
}*/
bool Keymaster::deleteKey(const std::string& key) {
- LOG(ERROR) << "NOT deleting key in TWRP\n";
+ LOG(ERROR) << "NOT deleting key in TWRP";
return false;
/*auto keyBlob = blob2hidlVec(key);
auto error = mDevice->deleteKey(keyBlob);
if (!error.isOk()) {
- LOG(ERROR) << "delete_key failed: " << error.description() << "\n";
+ LOG(ERROR) << "delete_key failed: " << error.description();
return false;
}
if (ErrorCode(error) != ErrorCode::OK) {
- LOG(ERROR) << "delete_key failed, code " << uint32_t(ErrorCode(error)) << "\n";
+ LOG(ERROR) << "delete_key failed, code " << uint32_t(ErrorCode(error));
return false;
}
return true;*/
@@ -153,11 +153,11 @@
};
auto error = mDevice->upgradeKey(oldKeyBlob, inParams.hidl_data(), hidlCb);
if (!error.isOk()) {
- LOG(ERROR) << "upgrade_key failed: " << error.description() << "\n";
+ LOG(ERROR) << "upgrade_key failed: " << error.description();
return false;
}
if (km_error != ErrorCode::OK) {
- LOG(ERROR) << "upgrade_key failed, code " << int32_t(km_error) << "\n";
+ LOG(ERROR) << "upgrade_key failed, code " << int32_t(km_error);
return false;
}
return true;
@@ -181,11 +181,11 @@
auto error = mDevice->begin(purpose, keyBlob, inParams.hidl_data(), hidlCb);
if (!error.isOk()) {
- LOG(ERROR) << "begin failed: " << error.description() << "\n";
+ LOG(ERROR) << "begin failed: " << error.description();
return KeymasterOperation(ErrorCode::UNKNOWN_ERROR);
}
if (km_error != ErrorCode::OK) {
- LOG(ERROR) << "begin failed, code " << int32_t(km_error) << "\n";
+ LOG(ERROR) << "begin failed, code " << int32_t(km_error);
return KeymasterOperation(km_error);
}
return KeymasterOperation(mDevice, mOpHandle);
@@ -207,7 +207,7 @@
int keymaster_compatibility_cryptfs_scrypt() {
Keymaster dev;
if (!dev) {
- LOG(ERROR) << "Failed to initiate keymaster session\n";
+ LOG(ERROR) << "Failed to initiate keymaster session";
return -1;
}
return dev.isSecure();
@@ -224,11 +224,11 @@
Keymaster dev;
std::string key;
if (!dev) {
- LOG(ERROR) << "Failed to initiate keymaster session\n";
+ LOG(ERROR) << "Failed to initiate keymaster session";
return -1;
}
if (!key_buffer || !key_out_size) {
- LOG(ERROR) << __FILE__ << ":" << __LINE__ << ":Invalid argument\n";
+ LOG(ERROR) << __FILE__ << ":" << __LINE__ << ":Invalid argument";
return -1;
}
if (key_out_size) {
@@ -276,11 +276,11 @@
{
Keymaster dev;
if (!dev) {
- LOG(ERROR) << "Failed to initiate keymaster session\n";
+ LOG(ERROR) << "Failed to initiate keymaster session";
return -1;
}
if (!key_blob || !object || !signature_buffer || !signature_buffer_size) {
- LOG(ERROR) << __FILE__ << ":" << __LINE__ << ":Invalid argument\n";
+ LOG(ERROR) << __FILE__ << ":" << __LINE__ << ":Invalid argument";
return -1;
}
@@ -303,7 +303,7 @@
std::string newKey;
bool ret = dev.upgradeKey(key, paramBuilder, &newKey);
if(ret == false) {
- LOG(ERROR) << "Error upgradeKey: \n";
+ LOG(ERROR) << "Error upgradeKey: ";
return -1;
}
@@ -312,7 +312,7 @@
}
if (key_buffer_size < newKey.size()) {
- LOG(ERROR) << "key buffer size is too small\n";
+ LOG(ERROR) << "key buffer size is too small";
return -1;
}
@@ -322,24 +322,24 @@
}
if (op.errorCode() != ErrorCode::OK) {
- LOG(ERROR) << "Error starting keymaster signature transaction: " << int32_t(op.errorCode()) << "\n";
+ LOG(ERROR) << "Error starting keymaster signature transaction: " << int32_t(op.errorCode());
return -1;
}
if (!op.updateCompletely(input, &output)) {
LOG(ERROR) << "Error sending data to keymaster signature transaction: "
- << uint32_t(op.errorCode()) << "\n";
+ << uint32_t(op.errorCode());
return -1;
}
if (!op.finish(&output)) {
- LOG(ERROR) << "Error finalizing keymaster signature transaction: " << int32_t(op.errorCode()) << "\n";
+ LOG(ERROR) << "Error finalizing keymaster signature transaction: " << int32_t(op.errorCode());
return -1;
}
*signature_buffer = reinterpret_cast<uint8_t*>(malloc(output.size()));
if (*signature_buffer == nullptr) {
- LOG(ERROR) << "Error allocation buffer for keymaster signature\n";
+ LOG(ERROR) << "Error allocation buffer for keymaster signature";
return -1;
}
*signature_buffer_size = output.size();
diff --git a/crypto/ext4crypt/ext4_crypt.h b/crypto/ext4crypt/ext4_crypt.h
new file mode 100644
index 0000000..d410ccf
--- /dev/null
+++ b/crypto/ext4crypt/ext4_crypt.h
@@ -0,0 +1,39 @@
+/*
+ * Copyright (C) 2016 The Android Open Source Project
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+#ifndef _EXT4_CRYPT_H_
+#define _EXT4_CRYPT_H_
+
+#include <sys/cdefs.h>
+#include <stdbool.h>
+#include <cutils/multiuser.h>
+
+__BEGIN_DECLS
+
+bool e4crypt_is_native();
+
+int e4crypt_policy_ensure(const char *directory, const char *policy,
+ size_t policy_length,
+ const char *contents_encryption_mode,
+ const char *filenames_encryption_mode);
+
+static const char* e4crypt_unencrypted_folder = "/unencrypted";
+static const char* e4crypt_key_ref = "/unencrypted/ref";
+static const char* e4crypt_key_mode = "/unencrypted/mode";
+
+__END_DECLS
+
+#endif // _EXT4_CRYPT_H_