From 2c821a8c0a4fbaa6c7061282e5fc8b5b53e9b45a Mon Sep 17 00:00:00 2001 From: nijel8 Date: Sat, 29 Dec 2018 04:56:41 -0500 Subject: vold_decrypt: Add android 9.0 support * build modified vdc_pie binary with 'checkpw' command support if building with Android 9.0 platform. That command and others we don't care about, are removed from Pie vdc. Our vdc_pie will run if system sdk version is > 27, otherwise system vdc is used. Code adapted from Android 9.0 system/vold/vdc. * include prebuilt vdc_pie(arm, arm64) binary if building with lower than Android 9.0 platform - vdc_pie cannot be build from source with those platforms without additional imports from Android 9.0 * skip vdc "getpwtype" command for Pie - vds communicates with vold directly, no need for connection retries first * add /system/bin/servicemanager to required services * mount per-devive additional partitions needed for decryption listed with device BoardConfig.mk TW_CRYPTO_SYSTEM_VOLD_MOUNT flag like(space separated): TW_CRYPTO_SYSTEM_VOLD_MOUNT := vendor cust odm * add function to backup crypto footer before running vdc commands and restore it after - on Xiaomi Mi Max 3 both Oreo and Pie stock roms vold alters cripto footer when decrypting data in recovery which causes system to ask for crypto password at next reboot although password stays unchanged. Crypto footer backup/restore added as workaround for systems whit ro.build.version.sdk > 25. Also to preserve crypto footer integrity decryption attempts are skipped if footer backup fails to ensure no data loss. Code adapted from https://gerrit.omnirom.org/#/c/android_bootable_recovery/+/31206/ Change-Id: I0a383f3843578fa55595cfea3b7c9c4431646a1a --- crypto/vold_decrypt/Android.mk | 40 ++++++++++++++++++++++++++++++++++++++++ 1 file changed, 40 insertions(+) (limited to 'crypto/vold_decrypt/Android.mk') diff --git a/crypto/vold_decrypt/Android.mk b/crypto/vold_decrypt/Android.mk index 19c2963c0..860e61f20 100644 --- a/crypto/vold_decrypt/Android.mk +++ b/crypto/vold_decrypt/Android.mk @@ -27,6 +27,12 @@ ifeq ($(TW_INCLUDE_CRYPTO), true) services := $(TW_CRYPTO_USE_SYSTEM_VOLD) endif + # Parse TW_CRYPTO_SYSTEM_VOLD_MOUNT + ifneq ($(TW_CRYPTO_SYSTEM_VOLD_MOUNT),) + # Per device additional partitions to mount + partitions := $(TW_CRYPTO_SYSTEM_VOLD_MOUNT) + endif + # List of .rc files for each additional service rc_files := $(foreach item,$(services),init.recovery.vold_decrypt.$(item).rc) @@ -86,6 +92,10 @@ ifeq ($(TW_INCLUDE_CRYPTO), true) endif endif + ifneq ($(partitions),) + LOCAL_CFLAGS += -DTW_CRYPTO_SYSTEM_VOLD_MOUNT='"$(partitions)"' + endif + ifeq ($(TW_CRYPTO_SYSTEM_VOLD_DEBUG),true) # Enabling strace will expose the password in the strace logs!! LOCAL_CFLAGS += -DTW_CRYPTO_SYSTEM_VOLD_DEBUG @@ -101,5 +111,35 @@ ifeq ($(TW_INCLUDE_CRYPTO), true) LOCAL_SHARED_LIBRARIES := libcutils include $(BUILD_STATIC_LIBRARY) + ifeq ($(shell test $(PLATFORM_SDK_VERSION) -ge 28; echo $$?),0) + include $(CLEAR_VARS) + LOCAL_MODULE := vdc_pie + LOCAL_SRC_FILES := vdc_pie.cpp + LOCAL_MODULE_TAGS := eng + LOCAL_MODULE_CLASS := RECOVERY_EXECUTABLES + LOCAL_MODULE_PATH := $(TARGET_RECOVERY_ROOT_OUT)/sbin + LOCAL_CLANG := true + LOCAL_TIDY := true + LOCAL_TIDY_FLAGS := -warnings-as-errors=clang-analyzer-security*,cert-* + LOCAL_TIDY_CHECKS := -*,cert-*,clang,-analyzer-security* + LOCAL_STATIC_LIBRARIES := libvold_binder + LOCAL_SHARED_LIBRARIES := libbase libcutils libutils libbinder + LOCAL_CFLAGS := -Wall + ifeq ($(TWRP_INCLUDE_LOGCAT), true) + LOCAL_CFLAGS += -DTWRP_INCLUDE_LOGCAT + endif + ifneq ($(TARGET_ARCH), arm64) + ifneq ($(TARGET_ARCH), x86_64) + LOCAL_LDFLAGS += -Wl,-dynamic-linker,/sbin/linker + else + LOCAL_LDFLAGS += -Wl,-dynamic-linker,/sbin/linker64 + endif + else + LOCAL_LDFLAGS += -Wl,-dynamic-linker,/sbin/linker64 + endif + + include $(BUILD_EXECUTABLE) + endif + endif endif -- cgit v1.2.3