Gitiles
Code Review Sign In
gerrit.twrp.me / android_bootable_recovery / e9afc3de0fe1df795cc2f8cfab489177252812be^! / . / crypto / ext4crypt / keystore_auth.cpp
commite9afc3de0fe1df795cc2f8cfab489177252812be[log] [tgz]
authorEthan Yonker <dees_troy@teamw.in>Thu Aug 30 15:16:27 2018 -0500
committerEthan Yonker <dees_troy@teamw.in>Fri Aug 31 10:37:08 2018 -0500
tree867698dc2670b97f821726b71043a232ad54c6ce
parent58f2132bc3954fc704787d477500a209eedb8e29 [diff] [blame]
Decrypt FBE on 9.0 (backwards compatible)

Building in 9.0 may require you to add a flag to your twrp fstab
with the fileencryption details like:
fileencryption=ice:aes-256-heh

Verify this against your device's stock fstab of course.

Change-Id: If9286f5d5787280814daca9fbc8f5191ff26a839

diff --git a/crypto/ext4crypt/keystore_auth.cpp b/crypto/ext4crypt/keystore_auth.cpp
index 7d6eb24..40d890f 100644
--- a/crypto/ext4crypt/keystore_auth.cpp
+++ b/crypto/ext4crypt/keystore_auth.cpp

@@ -26,14 +26,20 @@
 #include <stdio.h>
 #include <string>
 
+#ifdef USE_SECURITY_NAMESPACE
+#include <android/security/IKeystoreService.h>
+#else
 #include <keystore/IKeystoreService.h>
+#include <keystore/authorization_set.h>
+#endif
 #include <binder/IPCThreadState.h>
 #include <binder/IServiceManager.h>
 
 #include <keystore/keystore.h>
-#include <keystore/authorization_set.h>
 
+#ifndef LOG_TAG
 #define LOG_TAG "keystore_auth"
+#endif
 
 using namespace android;
 
@@ -49,7 +55,7 @@
 	unlink("/auth_token");
 }
 
-int main(int argc, char *argv[]) {
+int main() {
 	unlink("/auth_error");
 	FILE* auth_file = fopen("/auth_token", "rb");
 	if (auth_file == NULL) {
@@ -68,15 +74,26 @@
 	// First get the keystore service
 	sp<IServiceManager> sm = defaultServiceManager();
 	sp<IBinder> binder = sm->getService(String16("android.security.keystore"));
+#ifdef USE_SECURITY_NAMESPACE
+	sp<security::IKeystoreService> service = interface_cast<security::IKeystoreService>(binder);
+#else
 	sp<IKeystoreService> service = interface_cast<IKeystoreService>(binder);
+#endif
 	if (service == NULL) {
 		printf("error: could not connect to keystore service\n");
 		ALOGE("error: could not connect to keystore service\n");
 		create_error_file();
 		return -2;
 	}
+#ifdef USE_SECURITY_NAMESPACE
+	std::vector<uint8_t> auth_token_vector(&auth_token[0], (&auth_token[0]) + size);
+	int result = 0;
+	auto binder_result = service->addAuthToken(auth_token_vector, &result);
+	if (!binder_result.isOk() || !keystore::KeyStoreServiceReturnCode(result).isOk()) {
+#else
 	::keystore::KeyStoreServiceReturnCode auth_result = service->addAuthToken(auth_token, size);
 	if (!auth_result.isOk()) {
+#endif
 		// The keystore checks the uid of the calling process and will return a permission denied on this operation for user 0
 		printf("keystore error adding auth token\n");
 		ALOGE("keystore error adding auth token\n");