From f8478b6b6142b2d1858949d8e3773e2f36e5ecd7 Mon Sep 17 00:00:00 2001 From: "github-actions[bot]" <41898282+github-actions[bot]@users.noreply.github.com> Date: Sun, 20 Oct 2024 21:50:32 +0100 Subject: [PATCH] feat: sync with latest sources of TrebleDroid --- ...et-system-override-ro.apex.updatable.patch | 2 +- ...eating-property-tree-if-there-is-a-c.patch | 2 +- ...tart-console-service-when-debuggable.patch | 2 +- ...into-recovery-rather-than-bootloader.patch | 2 +- ...allowed-sdcard-options-based-on-vndk.patch | 2 +- ...Set-dev-uinput-as-0666-to-fix-finger.patch | 2 +- ...t-Set-system-xbin-permissions-to-750.patch | 2 +- ...my-own-OTA-mechanism-going-over-data.patch | 2 +- ...Keep-allowing-encryptable-fstab-flag.patch | 2 +- ...lback-FDE-to-no-encryption-and-FDE-F.patch | 2 +- ...ide-adb-secure-props-so-we-dont-get-.patch | 2 +- ...0-kernels.-This-is-needed-because-on.patch | 2 +- ...chdogd-Support-pinging-two-watchdogs.patch | 2 +- ...d-offline-charger-fix-screen-off-3-3.patch | 2 +- ...n-legacy-devices-with-encryption-dis.patch | 2 +- ...are_mnt.-Moto-Razr-2019-look-for-fir.patch | 2 +- .../0017-Ignore-dm-verity-setup-issues.patch | 2 +- ...for-devices-without-cgroupv2-support.patch | 2 +- ...quota-on-old-devices-but-new-enough-.patch | 2 +- ...ies-custom-rc-action-prop-validation.patch | 2 +- ...rs-when-setting-fscrypt-directory.-S.patch | 2 +- ...sion-of-ro.logd.kernel.-We-do-want-l.patch | 2 +- ...p-capex-when-there-are-vendor-apexes.patch | 2 +- ...apex.updatable-actually-set-the-valu.patch | 2 +- ...0025-If-AVB-fails-ignore-disable-AVB.patch | 2 +- ...-no-longer-exist-we-ll-deal-with-it-.patch | 2 +- ...ve-session-keyring-workaround-for-ol.patch | 125 ++++++++ .../0001-Allow-deletion-of-symlink.patch | 2 +- ...o-create-facedata-shouldn-t-be-fatal.patch | 2 +- ...003-Don-t-unmount-rw-system.sh-binds.patch | 2 +- ...nted-with-exfat-kernel-fs-driver-or-.patch | 2 +- ...ery-voldmanaged-storage-is-adoptable.patch | 2 +- ...ve-session-keyring-workaround-for-ol.patch | 286 ++++++++++++++++++ 33 files changed, 442 insertions(+), 31 deletions(-) create mode 100644 patches/trebledroid/platform_system_core/0027-Revert-init-remove-session-keyring-workaround-for-ol.patch create mode 100644 patches/trebledroid/platform_system_vold/0006-Revert-vold-remove-session-keyring-workaround-for-ol.patch diff --git a/patches/trebledroid/platform_system_core/0001-Let-system-override-ro.apex.updatable.patch b/patches/trebledroid/platform_system_core/0001-Let-system-override-ro.apex.updatable.patch index 167a0b4c..b7e372be 100644 --- a/patches/trebledroid/platform_system_core/0001-Let-system-override-ro.apex.updatable.patch +++ b/patches/trebledroid/platform_system_core/0001-Let-system-override-ro.apex.updatable.patch @@ -1,7 +1,7 @@ From 04d510d50fab21cb274ba00d3be785c5122277bc Mon Sep 17 00:00:00 2001 From: Pierre-Hugues Husson Date: Wed, 23 Feb 2022 17:37:47 -0500 -Subject: [PATCH 01/26] Let system override ro.apex.updatable +Subject: [PATCH 01/27] Let system override ro.apex.updatable APEX are broken because of a kernel bug in Android 10 devices So we have system set ro.apex.updatable = false diff --git a/patches/trebledroid/platform_system_core/0002-Don-t-abandon-creating-property-tree-if-there-is-a-c.patch b/patches/trebledroid/platform_system_core/0002-Don-t-abandon-creating-property-tree-if-there-is-a-c.patch index 74c73cb4..0639eb83 100644 --- a/patches/trebledroid/platform_system_core/0002-Don-t-abandon-creating-property-tree-if-there-is-a-c.patch +++ b/patches/trebledroid/platform_system_core/0002-Don-t-abandon-creating-property-tree-if-there-is-a-c.patch @@ -1,7 +1,7 @@ From 7d97f7b2b89cce84d88aa386ee787bd3b43cec43 Mon Sep 17 00:00:00 2001 From: Pierre-Hugues Husson Date: Sun, 18 Oct 2020 18:14:47 +0200 -Subject: [PATCH 02/26] Don't abandon creating property tree if there is a +Subject: [PATCH 02/27] Don't abandon creating property tree if there is a conflict, and hope for the best Change-Id: I194c815fdd58bfb84aaf7db02b8f0d00b4db21e8 diff --git a/patches/trebledroid/platform_system_core/0003-init-Do-not-start-console-service-when-debuggable.patch b/patches/trebledroid/platform_system_core/0003-init-Do-not-start-console-service-when-debuggable.patch index f61cc126..10ebdfd4 100644 --- a/patches/trebledroid/platform_system_core/0003-init-Do-not-start-console-service-when-debuggable.patch +++ b/patches/trebledroid/platform_system_core/0003-init-Do-not-start-console-service-when-debuggable.patch @@ -1,7 +1,7 @@ From 1c9259a7e41e4e4b425673bd9ddc1e2669c05571 Mon Sep 17 00:00:00 2001 From: Isaac Chen Date: Wed, 23 Jun 2021 13:07:30 +0800 -Subject: [PATCH 03/26] init: Do not start console service when debuggable +Subject: [PATCH 03/27] init: Do not start console service when debuggable Google added a check for this in R, when it's running it will show a notification about that performance is impacted. diff --git a/patches/trebledroid/platform_system_core/0004-Panic-into-recovery-rather-than-bootloader.patch b/patches/trebledroid/platform_system_core/0004-Panic-into-recovery-rather-than-bootloader.patch index fe486be5..8a85cf01 100644 --- a/patches/trebledroid/platform_system_core/0004-Panic-into-recovery-rather-than-bootloader.patch +++ b/patches/trebledroid/platform_system_core/0004-Panic-into-recovery-rather-than-bootloader.patch @@ -1,7 +1,7 @@ From 587225dc48719b3b9e1d1327fd87445f3166de1e Mon Sep 17 00:00:00 2001 From: Pierre-Hugues Husson Date: Wed, 4 Sep 2019 21:11:48 +0200 -Subject: [PATCH 04/26] Panic into recovery rather than bootloader +Subject: [PATCH 04/27] Panic into recovery rather than bootloader Getting last_kmsg/pstore from bootloader isn't possible for other people than the OEM, but we have TWRP to access last_kmsg/pstore diff --git a/patches/trebledroid/platform_system_core/0005-Detect-allowed-sdcard-options-based-on-vndk.patch b/patches/trebledroid/platform_system_core/0005-Detect-allowed-sdcard-options-based-on-vndk.patch index 0f37e953..cbcc9caf 100644 --- a/patches/trebledroid/platform_system_core/0005-Detect-allowed-sdcard-options-based-on-vndk.patch +++ b/patches/trebledroid/platform_system_core/0005-Detect-allowed-sdcard-options-based-on-vndk.patch @@ -1,7 +1,7 @@ From ceb8ab56714c59a54305b077434cd542d236a2f3 Mon Sep 17 00:00:00 2001 From: Pierre-Hugues Husson Date: Tue, 14 Aug 2018 19:33:03 +0200 -Subject: [PATCH 05/26] Detect allowed sdcard options based on vndk +Subject: [PATCH 05/27] Detect allowed sdcard options based on vndk Some kernel crashes when using too recent sdcardfs options diff --git a/patches/trebledroid/platform_system_core/0006-Ugly-but-secure-Set-dev-uinput-as-0666-to-fix-finger.patch b/patches/trebledroid/platform_system_core/0006-Ugly-but-secure-Set-dev-uinput-as-0666-to-fix-finger.patch index ed484713..528082ef 100644 --- a/patches/trebledroid/platform_system_core/0006-Ugly-but-secure-Set-dev-uinput-as-0666-to-fix-finger.patch +++ b/patches/trebledroid/platform_system_core/0006-Ugly-but-secure-Set-dev-uinput-as-0666-to-fix-finger.patch @@ -1,7 +1,7 @@ From bd9ac352d7cbc086217ef4514197563152c9267b Mon Sep 17 00:00:00 2001 From: Pierre-Hugues Husson Date: Fri, 1 Nov 2019 18:22:13 +0100 -Subject: [PATCH 06/26] Ugly but secure: Set /dev/uinput as 0666 to fix +Subject: [PATCH 06/27] Ugly but secure: Set /dev/uinput as 0666 to fix fingerprint sensor on some devices cf https://github.com/phhusson/device_phh_treble/pull/122/commits/e000d69c286b6686777ea6f1867f379e30273e48 diff --git a/patches/trebledroid/platform_system_core/0007-Revert-Set-system-xbin-permissions-to-750.patch b/patches/trebledroid/platform_system_core/0007-Revert-Set-system-xbin-permissions-to-750.patch index 60669e5f..274e7379 100644 --- a/patches/trebledroid/platform_system_core/0007-Revert-Set-system-xbin-permissions-to-750.patch +++ b/patches/trebledroid/platform_system_core/0007-Revert-Set-system-xbin-permissions-to-750.patch @@ -1,7 +1,7 @@ From 8f69dfddeea5910dff831edb848e94895aeae58a Mon Sep 17 00:00:00 2001 From: Alberto Ponces Date: Tue, 1 Feb 2022 13:48:35 +0000 -Subject: [PATCH 07/26] Revert "Set /system/xbin permissions to 750." +Subject: [PATCH 07/27] Revert "Set /system/xbin permissions to 750." This reverts commit 42a1a126e554a8bca31d0afc832848b7b0fa1f4e. diff --git a/patches/trebledroid/platform_system_core/0008-Add-my-own-OTA-mechanism-going-over-data.patch b/patches/trebledroid/platform_system_core/0008-Add-my-own-OTA-mechanism-going-over-data.patch index 31fbcfc0..cab9765d 100644 --- a/patches/trebledroid/platform_system_core/0008-Add-my-own-OTA-mechanism-going-over-data.patch +++ b/patches/trebledroid/platform_system_core/0008-Add-my-own-OTA-mechanism-going-over-data.patch @@ -1,7 +1,7 @@ From 1c441f20e514ea4e9aef174fad2f07fe7687e128 Mon Sep 17 00:00:00 2001 From: Pierre-Hugues Husson Date: Sat, 22 Jan 2022 14:34:45 -0500 -Subject: [PATCH 08/26] Add my own OTA mechanism going over /data +Subject: [PATCH 08/27] Add my own OTA mechanism going over /data Change-Id: I9cacff2d761affa0376b4bb8ca63353a9d95b5de --- diff --git a/patches/trebledroid/platform_system_core/0009-fs_mgr-Keep-allowing-encryptable-fstab-flag.patch b/patches/trebledroid/platform_system_core/0009-fs_mgr-Keep-allowing-encryptable-fstab-flag.patch index 0139f0bf..0454e980 100644 --- a/patches/trebledroid/platform_system_core/0009-fs_mgr-Keep-allowing-encryptable-fstab-flag.patch +++ b/patches/trebledroid/platform_system_core/0009-fs_mgr-Keep-allowing-encryptable-fstab-flag.patch @@ -1,7 +1,7 @@ From c3504e11543607990e44c296eed4a10a071a1da2 Mon Sep 17 00:00:00 2001 From: Alberto Ponces Date: Mon, 3 Oct 2022 13:50:36 +0100 -Subject: [PATCH 09/26] fs_mgr: Keep allowing encryptable fstab flag +Subject: [PATCH 09/27] fs_mgr: Keep allowing encryptable fstab flag Some users still use "encryptable" flag while being unencrypted. Let them still boot their devices. diff --git a/patches/trebledroid/platform_system_core/0010-FDE-is-dead.-Fallback-FDE-to-no-encryption-and-FDE-F.patch b/patches/trebledroid/platform_system_core/0010-FDE-is-dead.-Fallback-FDE-to-no-encryption-and-FDE-F.patch index ade8fc3e..05940ac7 100644 --- a/patches/trebledroid/platform_system_core/0010-FDE-is-dead.-Fallback-FDE-to-no-encryption-and-FDE-F.patch +++ b/patches/trebledroid/platform_system_core/0010-FDE-is-dead.-Fallback-FDE-to-no-encryption-and-FDE-F.patch @@ -1,7 +1,7 @@ From f07969766294cc363519a053ed11b0e243d754ab Mon Sep 17 00:00:00 2001 From: Pierre-Hugues Husson Date: Thu, 10 Nov 2022 13:30:50 -0500 -Subject: [PATCH 10/26] FDE is dead. Fallback FDE to no encryption, and FDE+FBE +Subject: [PATCH 10/27] FDE is dead. Fallback FDE to no encryption, and FDE+FBE to FBE --- diff --git a/patches/trebledroid/platform_system_core/0011-Let-system-override-adb-secure-props-so-we-dont-get-.patch b/patches/trebledroid/platform_system_core/0011-Let-system-override-adb-secure-props-so-we-dont-get-.patch index 934a8218..edbec545 100644 --- a/patches/trebledroid/platform_system_core/0011-Let-system-override-adb-secure-props-so-we-dont-get-.patch +++ b/patches/trebledroid/platform_system_core/0011-Let-system-override-adb-secure-props-so-we-dont-get-.patch @@ -1,7 +1,7 @@ From ffdfd4b49e0b51d700cc7a32ad5e9427ea12f962 Mon Sep 17 00:00:00 2001 From: Pierre-Hugues Husson Date: Fri, 9 Dec 2022 13:57:10 -0500 -Subject: [PATCH 11/26] Let system override adb/secure props, so we dont get +Subject: [PATCH 11/27] Let system override adb/secure props, so we dont get stuck in ro.adb.secure=1 vendors --- diff --git a/patches/trebledroid/platform_system_core/0012-Allow-apex-on-5.0-kernels.-This-is-needed-because-on.patch b/patches/trebledroid/platform_system_core/0012-Allow-apex-on-5.0-kernels.-This-is-needed-because-on.patch index b2f28b3a..4618258a 100644 --- a/patches/trebledroid/platform_system_core/0012-Allow-apex-on-5.0-kernels.-This-is-needed-because-on.patch +++ b/patches/trebledroid/platform_system_core/0012-Allow-apex-on-5.0-kernels.-This-is-needed-because-on.patch @@ -1,7 +1,7 @@ From 7e8cc69d9c74e90c4a3f02e7b2ded007b038416d Mon Sep 17 00:00:00 2001 From: Pierre-Hugues Husson Date: Fri, 28 Apr 2023 12:29:05 -0400 -Subject: [PATCH 12/26] Allow apex on > 5.0 kernels. This is needed because on +Subject: [PATCH 12/27] Allow apex on > 5.0 kernels. This is needed because on Pixels, camera HAL are exclusively in vendor apex Change-Id: I334cde4c5557b0ff70d550205c5bb727d4b5dbf5 diff --git a/patches/trebledroid/platform_system_core/0013-watchdogd-Support-pinging-two-watchdogs.patch b/patches/trebledroid/platform_system_core/0013-watchdogd-Support-pinging-two-watchdogs.patch index ab17ce21..7fe28787 100644 --- a/patches/trebledroid/platform_system_core/0013-watchdogd-Support-pinging-two-watchdogs.patch +++ b/patches/trebledroid/platform_system_core/0013-watchdogd-Support-pinging-two-watchdogs.patch @@ -1,7 +1,7 @@ From cb7881381bbd843508e94d68fb4ec46c78ffb110 Mon Sep 17 00:00:00 2001 From: Pierre-Hugues Husson Date: Sat, 27 May 2023 05:36:21 -0400 -Subject: [PATCH 13/26] watchdogd: Support pinging two watchdogs +Subject: [PATCH 13/27] watchdogd: Support pinging two watchdogs --- watchdogd/watchdogd.cpp | 33 +++++++++++++++++++++++++++++++++ diff --git a/patches/trebledroid/platform_system_core/0014-healthd-offline-charger-fix-screen-off-3-3.patch b/patches/trebledroid/platform_system_core/0014-healthd-offline-charger-fix-screen-off-3-3.patch index 8303d34b..aaeac128 100644 --- a/patches/trebledroid/platform_system_core/0014-healthd-offline-charger-fix-screen-off-3-3.patch +++ b/patches/trebledroid/platform_system_core/0014-healthd-offline-charger-fix-screen-off-3-3.patch @@ -1,7 +1,7 @@ From 4840ea349bb1e28a17c9946a7936aba02b9124fe Mon Sep 17 00:00:00 2001 From: Raphael Mounier Date: Sun, 21 May 2023 16:15:42 +0200 -Subject: [PATCH 14/26] healthd : offline charger fix screen off 3/3 +Subject: [PATCH 14/27] healthd : offline charger fix screen off 3/3 When the phone is charging, the animation never turns off on huawei phones (kernel 4.9). This patch allows you to turn it off by setting the brightness to 0. This problem may also exist on other phone models. diff --git a/patches/trebledroid/platform_system_core/0015-Disable-quotas-on-legacy-devices-with-encryption-dis.patch b/patches/trebledroid/platform_system_core/0015-Disable-quotas-on-legacy-devices-with-encryption-dis.patch index ad68d4d5..bd415b07 100644 --- a/patches/trebledroid/platform_system_core/0015-Disable-quotas-on-legacy-devices-with-encryption-dis.patch +++ b/patches/trebledroid/platform_system_core/0015-Disable-quotas-on-legacy-devices-with-encryption-dis.patch @@ -1,7 +1,7 @@ From b839afac5a5c9bc33628d88f939f2fc5687b158e Mon Sep 17 00:00:00 2001 From: Pierre-Hugues Husson Date: Tue, 6 Jun 2023 16:17:11 +0100 -Subject: [PATCH 15/26] Disable quotas on legacy devices with encryption +Subject: [PATCH 15/27] Disable quotas on legacy devices with encryption disabled Source: https://t.me/phhtreblebuilders/20521 and https://t.me/phhtreblebuilders/20546 diff --git a/patches/trebledroid/platform_system_core/0016-Add-vendor-firmware_mnt.-Moto-Razr-2019-look-for-fir.patch b/patches/trebledroid/platform_system_core/0016-Add-vendor-firmware_mnt.-Moto-Razr-2019-look-for-fir.patch index 44c1445e..32d33e93 100644 --- a/patches/trebledroid/platform_system_core/0016-Add-vendor-firmware_mnt.-Moto-Razr-2019-look-for-fir.patch +++ b/patches/trebledroid/platform_system_core/0016-Add-vendor-firmware_mnt.-Moto-Razr-2019-look-for-fir.patch @@ -1,7 +1,7 @@ From 2891daccac6415cd279c3ff4d79feacc931a66d4 Mon Sep 17 00:00:00 2001 From: Pierre-Hugues Husson Date: Tue, 11 Jul 2023 14:52:40 -0400 -Subject: [PATCH 16/26] Add /vendor/firmware_mnt. Moto Razr 2019 look for +Subject: [PATCH 16/27] Add /vendor/firmware_mnt. Moto Razr 2019 look for firmwares (modem, sensors, ...) there --- diff --git a/patches/trebledroid/platform_system_core/0017-Ignore-dm-verity-setup-issues.patch b/patches/trebledroid/platform_system_core/0017-Ignore-dm-verity-setup-issues.patch index 01c9c09b..a114389e 100644 --- a/patches/trebledroid/platform_system_core/0017-Ignore-dm-verity-setup-issues.patch +++ b/patches/trebledroid/platform_system_core/0017-Ignore-dm-verity-setup-issues.patch @@ -1,7 +1,7 @@ From 049c67eeba4f595d45a525a00215c44530b42540 Mon Sep 17 00:00:00 2001 From: Pierre-Hugues Husson Date: Fri, 6 Oct 2023 08:20:48 -0400 -Subject: [PATCH 17/26] Ignore dm-verity setup issues +Subject: [PATCH 17/27] Ignore dm-verity setup issues On Amlogic STB Android 9 vendor, no boot device is setup (fstab doesn't use /dev/block/by-name but more direct mappings) diff --git a/patches/trebledroid/platform_system_core/0018-Fix-support-for-devices-without-cgroupv2-support.patch b/patches/trebledroid/platform_system_core/0018-Fix-support-for-devices-without-cgroupv2-support.patch index c83911fd..2cb691e3 100644 --- a/patches/trebledroid/platform_system_core/0018-Fix-support-for-devices-without-cgroupv2-support.patch +++ b/patches/trebledroid/platform_system_core/0018-Fix-support-for-devices-without-cgroupv2-support.patch @@ -1,7 +1,7 @@ From 6258ea72563efa5c199c02ef9604547153f93b19 Mon Sep 17 00:00:00 2001 From: Pierre-Hugues Husson Date: Wed, 26 Oct 2022 17:59:11 -0400 -Subject: [PATCH 18/26] Fix support for devices without cgroupv2 support +Subject: [PATCH 18/27] Fix support for devices without cgroupv2 support This is technically a revert of 1bd1746447. The warning inside the commit doesn't really apply to us, because the diff --git a/patches/trebledroid/platform_system_core/0019-Disable-project_quota-on-old-devices-but-new-enough-.patch b/patches/trebledroid/platform_system_core/0019-Disable-project_quota-on-old-devices-but-new-enough-.patch index ceeb1761..3dde2ff5 100644 --- a/patches/trebledroid/platform_system_core/0019-Disable-project_quota-on-old-devices-but-new-enough-.patch +++ b/patches/trebledroid/platform_system_core/0019-Disable-project_quota-on-old-devices-but-new-enough-.patch @@ -1,7 +1,7 @@ From 0f46ac7b95f776d33f03805d6c910932ee058c73 Mon Sep 17 00:00:00 2001 From: Pierre-Hugues Husson Date: Fri, 6 Oct 2023 19:01:27 -0400 -Subject: [PATCH 19/26] Disable project_quota on old devices but new enough to +Subject: [PATCH 19/27] Disable project_quota on old devices but new enough to have encryption (they do keep quota support) --- diff --git a/patches/trebledroid/platform_system_core/0020-fix-Nubia-6-series-custom-rc-action-prop-validation.patch b/patches/trebledroid/platform_system_core/0020-fix-Nubia-6-series-custom-rc-action-prop-validation.patch index a25e32dd..b73e979a 100644 --- a/patches/trebledroid/platform_system_core/0020-fix-Nubia-6-series-custom-rc-action-prop-validation.patch +++ b/patches/trebledroid/platform_system_core/0020-fix-Nubia-6-series-custom-rc-action-prop-validation.patch @@ -1,7 +1,7 @@ From c032fa6bf86acbd008e78cb16f3d9f5a5329a71e Mon Sep 17 00:00:00 2001 From: Huy Hoang <38396158+boydaihungst@users.noreply.github.com> Date: Thu, 19 Oct 2023 07:06:55 +0700 -Subject: [PATCH 20/26] fix: Nubia 6 series custom rc action prop validation +Subject: [PATCH 20/27] fix: Nubia 6 series custom rc action prop validation --- init/action_parser.cpp | 1 + diff --git a/patches/trebledroid/platform_system_core/0021-HACK-Ignore-errors-when-setting-fscrypt-directory.-S.patch b/patches/trebledroid/platform_system_core/0021-HACK-Ignore-errors-when-setting-fscrypt-directory.-S.patch index d14454b7..c7ad0827 100644 --- a/patches/trebledroid/platform_system_core/0021-HACK-Ignore-errors-when-setting-fscrypt-directory.-S.patch +++ b/patches/trebledroid/platform_system_core/0021-HACK-Ignore-errors-when-setting-fscrypt-directory.-S.patch @@ -1,7 +1,7 @@ From 5234783240fd4bd830d4c8d7d8dd736dc18fbc73 Mon Sep 17 00:00:00 2001 From: Pierre-Hugues Husson Date: Thu, 23 Nov 2023 11:05:20 -0500 -Subject: [PATCH 21/26] HACK: Ignore errors when setting fscrypt directory. +Subject: [PATCH 21/27] HACK: Ignore errors when setting fscrypt directory. Some devices fail to set it on first boot, but is happy later (?!?) --- diff --git a/patches/trebledroid/platform_system_core/0022-Keep-our-own-version-of-ro.logd.kernel.-We-do-want-l.patch b/patches/trebledroid/platform_system_core/0022-Keep-our-own-version-of-ro.logd.kernel.-We-do-want-l.patch index 234b509e..f858f834 100644 --- a/patches/trebledroid/platform_system_core/0022-Keep-our-own-version-of-ro.logd.kernel.-We-do-want-l.patch +++ b/patches/trebledroid/platform_system_core/0022-Keep-our-own-version-of-ro.logd.kernel.-We-do-want-l.patch @@ -1,7 +1,7 @@ From 085947955ecfc02462913aa8093c95909b3096b5 Mon Sep 17 00:00:00 2001 From: Pierre-Hugues Husson Date: Sat, 25 Nov 2023 09:51:14 -0500 -Subject: [PATCH 22/26] Keep our own version of ro.logd.kernel. We do want +Subject: [PATCH 22/27] Keep our own version of ro.logd.kernel. We do want logcat -b kernel, unlike what OEM set from their vendor --- diff --git a/patches/trebledroid/platform_system_core/0023-Keep-capex-when-there-are-vendor-apexes.patch b/patches/trebledroid/platform_system_core/0023-Keep-capex-when-there-are-vendor-apexes.patch index de26bfaa..b1a7af2e 100644 --- a/patches/trebledroid/platform_system_core/0023-Keep-capex-when-there-are-vendor-apexes.patch +++ b/patches/trebledroid/platform_system_core/0023-Keep-capex-when-there-are-vendor-apexes.patch @@ -1,7 +1,7 @@ From 5f15a6cb9f69eeb5f51605a904a7aa5f80c676da Mon Sep 17 00:00:00 2001 From: Pierre-Hugues Husson Date: Tue, 16 Jan 2024 10:30:57 -0500 -Subject: [PATCH 23/26] Keep capex when there are vendor apexes +Subject: [PATCH 23/27] Keep capex when there are vendor apexes When disabling APEX on Linux < 5, we might break some vendor APEXes For instance Pixel 4a on Linux 4.14. diff --git a/patches/trebledroid/platform_system_core/0024-When-setting-ro.apex.updatable-actually-set-the-valu.patch b/patches/trebledroid/platform_system_core/0024-When-setting-ro.apex.updatable-actually-set-the-valu.patch index afc31a70..18b5004c 100644 --- a/patches/trebledroid/platform_system_core/0024-When-setting-ro.apex.updatable-actually-set-the-valu.patch +++ b/patches/trebledroid/platform_system_core/0024-When-setting-ro.apex.updatable-actually-set-the-valu.patch @@ -1,7 +1,7 @@ From 739b1793ff18c7141e89d75746cd672091ac920c Mon Sep 17 00:00:00 2001 From: Pierre-Hugues Husson Date: Thu, 25 Jan 2024 15:20:10 -0500 -Subject: [PATCH 24/26] When setting ro.apex.updatable, actually set the value +Subject: [PATCH 24/27] When setting ro.apex.updatable, actually set the value Before this change, we were only changing the override, but on newest Android 14 vendor, they don't explicitly set ro.apex.updatable=true diff --git a/patches/trebledroid/platform_system_core/0025-If-AVB-fails-ignore-disable-AVB.patch b/patches/trebledroid/platform_system_core/0025-If-AVB-fails-ignore-disable-AVB.patch index 8aff3aa1..4a92f7d0 100644 --- a/patches/trebledroid/platform_system_core/0025-If-AVB-fails-ignore-disable-AVB.patch +++ b/patches/trebledroid/platform_system_core/0025-If-AVB-fails-ignore-disable-AVB.patch @@ -1,7 +1,7 @@ From 94ee2a807995e98b1f96441928e27db91a6d4843 Mon Sep 17 00:00:00 2001 From: Pierre-Hugues Husson Date: Sun, 31 Mar 2024 17:18:05 -0400 -Subject: [PATCH 25/26] If AVB fails, ignore/disable AVB +Subject: [PATCH 25/27] If AVB fails, ignore/disable AVB DO NOT INCLUDE THIS PATCH If you want to run GSIs on a locked bootloader diff --git a/patches/trebledroid/platform_system_core/0026-Flattened-apexes-no-longer-exist-we-ll-deal-with-it-.patch b/patches/trebledroid/platform_system_core/0026-Flattened-apexes-no-longer-exist-we-ll-deal-with-it-.patch index 5006d170..4553d852 100644 --- a/patches/trebledroid/platform_system_core/0026-Flattened-apexes-no-longer-exist-we-ll-deal-with-it-.patch +++ b/patches/trebledroid/platform_system_core/0026-Flattened-apexes-no-longer-exist-we-ll-deal-with-it-.patch @@ -1,7 +1,7 @@ From cb11a40f7fccba44d03101b900aa4ba658e2bdf3 Mon Sep 17 00:00:00 2001 From: Pierre-Hugues Husson Date: Tue, 2 Apr 2024 16:53:08 -0400 -Subject: [PATCH 26/26] Flattened apexes no longer exist, we'll deal with it +Subject: [PATCH 26/27] Flattened apexes no longer exist, we'll deal with it another way --- diff --git a/patches/trebledroid/platform_system_core/0027-Revert-init-remove-session-keyring-workaround-for-ol.patch b/patches/trebledroid/platform_system_core/0027-Revert-init-remove-session-keyring-workaround-for-ol.patch new file mode 100644 index 00000000..27e66b76 --- /dev/null +++ b/patches/trebledroid/platform_system_core/0027-Revert-init-remove-session-keyring-workaround-for-ol.patch @@ -0,0 +1,125 @@ +From 2166c5b3c22738cec0f838c69229cc7d7c8a3363 Mon Sep 17 00:00:00 2001 +From: Alberto Ponces +Date: Sun, 20 Oct 2024 21:15:08 +0100 +Subject: [PATCH 27/27] Revert "init: remove session keyring workaround for old + kernels" + +This reverts commit 5d7c35ce205f1b4afadd6a1725c0b5e03962a97c. +--- + init/Android.bp | 1 + + init/builtins.cpp | 3 +++ + init/fscrypt_init_extensions.cpp | 16 ++++++++++++++++ + init/fscrypt_init_extensions.h | 1 + + init/fuzzer/Android.bp | 1 + + init/init.cpp | 6 ++++++ + 6 files changed, 28 insertions(+) + +diff --git a/init/Android.bp b/init/Android.bp +index 57e5a681a..bad33d94f 100644 +--- a/init/Android.bp ++++ b/init/Android.bp +@@ -191,6 +191,7 @@ libinit_cc_defaults { + "libfs_mgr", + "libgsi", + "libhidl-gen-utils", ++ "libkeyutils", + "liblog", + "liblogwrap", + "liblp", +diff --git a/init/builtins.cpp b/init/builtins.cpp +index 3be6c7cb9..7558f4dff 100644 +--- a/init/builtins.cpp ++++ b/init/builtins.cpp +@@ -596,6 +596,9 @@ static Result queue_fs_event(int code) { + } else if (code == FS_MGR_MNTALL_DEV_FILE_ENCRYPTED || + code == FS_MGR_MNTALL_DEV_IS_METADATA_ENCRYPTED || + code == FS_MGR_MNTALL_DEV_NEEDS_METADATA_ENCRYPTION) { ++ if (!FscryptInstallKeyring()) { ++ return Error() << "FscryptInstallKeyring() failed"; ++ } + SetProperty("ro.crypto.state", "encrypted"); + + // Although encrypted, vold has already set the device up, so we do not need to +diff --git a/init/fscrypt_init_extensions.cpp b/init/fscrypt_init_extensions.cpp +index 6a561e54c..fbd818957 100644 +--- a/init/fscrypt_init_extensions.cpp ++++ b/init/fscrypt_init_extensions.cpp +@@ -34,12 +34,28 @@ + #include + #include + #include ++#include + #include + + #define TAG "fscrypt" + + using namespace android::fscrypt; + ++bool FscryptInstallKeyring() { ++ if (keyctl_search(KEY_SPEC_SESSION_KEYRING, "keyring", "fscrypt", 0) != -1) { ++ LOG(INFO) << "Keyring is already created"; ++ return true; ++ } ++ key_serial_t device_keyring = add_key("keyring", "fscrypt", 0, 0, KEY_SPEC_SESSION_KEYRING); ++ ++ if (device_keyring == -1) { ++ PLOG(ERROR) << "Failed to create keyring"; ++ return false; ++ } ++ LOG(INFO) << "Keyring created with id " << device_keyring << " in process " << getpid(); ++ return true; ++} ++ + // TODO(b/139378601): use a single central implementation of this. + static void delete_dir_contents(const std::string& dir) { + char* const paths[2] = {const_cast(dir.c_str()), nullptr}; +diff --git a/init/fscrypt_init_extensions.h b/init/fscrypt_init_extensions.h +index 5e0269a3b..d357bb2fd 100644 +--- a/init/fscrypt_init_extensions.h ++++ b/init/fscrypt_init_extensions.h +@@ -25,5 +25,6 @@ enum class FscryptAction { + kDeleteIfNecessary, + }; + ++bool FscryptInstallKeyring(); + bool FscryptSetDirectoryPolicy(const std::string& ref_basename, FscryptAction action, + const std::string& dir); +diff --git a/init/fuzzer/Android.bp b/init/fuzzer/Android.bp +index 5823932d2..65d280335 100644 +--- a/init/fuzzer/Android.bp ++++ b/init/fuzzer/Android.bp +@@ -31,6 +31,7 @@ cc_defaults { + "libbase", + "libfs_mgr", + "libhidl-gen-utils", ++ "libkeyutils", + "liblog", + "libprocessgroup", + "libselinux", +diff --git a/init/init.cpp b/init/init.cpp +index 19e909fcb..aeccd6696 100644 +--- a/init/init.cpp ++++ b/init/init.cpp +@@ -54,6 +54,7 @@ + #include + #include + #include ++#include + #include + #include + #include +@@ -970,6 +971,11 @@ int SecondStageMain(int argc, char** argv) { + << " to /proc/1/oom_score_adj: " << result.error(); + } + ++ // Set up a session keyring that all processes will have access to. It ++ // will hold things like FBE encryption keys. No process should override ++ // its session keyring. ++ keyctl_get_keyring_ID(KEY_SPEC_SESSION_KEYRING, 1); ++ + // Indicate that booting is in progress to background fw loaders, etc. + close(open("/dev/.booting", O_WRONLY | O_CREAT | O_CLOEXEC, 0000)); + +-- +2.34.1 + diff --git a/patches/trebledroid/platform_system_vold/0001-Allow-deletion-of-symlink.patch b/patches/trebledroid/platform_system_vold/0001-Allow-deletion-of-symlink.patch index 4ecc5a20..0502d1f5 100644 --- a/patches/trebledroid/platform_system_vold/0001-Allow-deletion-of-symlink.patch +++ b/patches/trebledroid/platform_system_vold/0001-Allow-deletion-of-symlink.patch @@ -1,7 +1,7 @@ From 6f200e13b6568e383dc4299cac1b9a379978bb51 Mon Sep 17 00:00:00 2001 From: Pierre-Hugues Husson Date: Sat, 17 Feb 2018 19:39:38 +0100 -Subject: [PATCH 1/5] Allow deletion of symlink +Subject: [PATCH 1/6] Allow deletion of symlink Change-Id: I9731895f88729072297f753088583aabbe6990f4 --- diff --git a/patches/trebledroid/platform_system_vold/0002-Failing-to-create-facedata-shouldn-t-be-fatal.patch b/patches/trebledroid/platform_system_vold/0002-Failing-to-create-facedata-shouldn-t-be-fatal.patch index e5207cb3..444db369 100644 --- a/patches/trebledroid/platform_system_vold/0002-Failing-to-create-facedata-shouldn-t-be-fatal.patch +++ b/patches/trebledroid/platform_system_vold/0002-Failing-to-create-facedata-shouldn-t-be-fatal.patch @@ -1,7 +1,7 @@ From 3f3d74d784836155f1f34ddbebea792dcd32d75d Mon Sep 17 00:00:00 2001 From: Pierre-Hugues Husson Date: Sat, 7 Mar 2020 14:49:09 +0100 -Subject: [PATCH 2/5] Failing to create facedata shouldn't be fatal +Subject: [PATCH 2/6] Failing to create facedata shouldn't be fatal Some Pie vendors create it on their own, so SELinux would deny that Also not all devices have face unlock anyway diff --git a/patches/trebledroid/platform_system_vold/0003-Don-t-unmount-rw-system.sh-binds.patch b/patches/trebledroid/platform_system_vold/0003-Don-t-unmount-rw-system.sh-binds.patch index 0fcafb8b..a7879fdd 100644 --- a/patches/trebledroid/platform_system_vold/0003-Don-t-unmount-rw-system.sh-binds.patch +++ b/patches/trebledroid/platform_system_vold/0003-Don-t-unmount-rw-system.sh-binds.patch @@ -1,7 +1,7 @@ From 63c86aab356c14412f1ac5a6b543ba6634e35aea Mon Sep 17 00:00:00 2001 From: Pierre-Hugues Husson Date: Mon, 29 Nov 2021 17:49:13 -0500 -Subject: [PATCH 3/5] Don't unmount rw-system.sh binds +Subject: [PATCH 3/6] Don't unmount rw-system.sh binds Change-Id: If9132c21defa8b09879b79a70794c5275d6852d0 --- diff --git a/patches/trebledroid/platform_system_vold/0004-Exfat-can-be-mounted-with-exfat-kernel-fs-driver-or-.patch b/patches/trebledroid/platform_system_vold/0004-Exfat-can-be-mounted-with-exfat-kernel-fs-driver-or-.patch index 557e5e79..b89cc861 100644 --- a/patches/trebledroid/platform_system_vold/0004-Exfat-can-be-mounted-with-exfat-kernel-fs-driver-or-.patch +++ b/patches/trebledroid/platform_system_vold/0004-Exfat-can-be-mounted-with-exfat-kernel-fs-driver-or-.patch @@ -1,7 +1,7 @@ From 14520a341145026b6ad5b6111a4ee80174708b2d Mon Sep 17 00:00:00 2001 From: Pierre-Hugues Husson Date: Tue, 18 Oct 2022 16:08:09 -0400 -Subject: [PATCH 4/5] Exfat can be mounted with "exfat" kernel fs driver, or +Subject: [PATCH 4/6] Exfat can be mounted with "exfat" kernel fs driver, or "sdfat" or "texfat" (Samsung and Sony variants) --- diff --git a/patches/trebledroid/platform_system_vold/0005-Every-voldmanaged-storage-is-adoptable.patch b/patches/trebledroid/platform_system_vold/0005-Every-voldmanaged-storage-is-adoptable.patch index 63b48345..03524320 100644 --- a/patches/trebledroid/platform_system_vold/0005-Every-voldmanaged-storage-is-adoptable.patch +++ b/patches/trebledroid/platform_system_vold/0005-Every-voldmanaged-storage-is-adoptable.patch @@ -1,7 +1,7 @@ From bd76176ef796a8a1b62ea184b99f9be017fb1f80 Mon Sep 17 00:00:00 2001 From: Pierre-Hugues Husson Date: Wed, 11 Mar 2020 14:02:35 +0100 -Subject: [PATCH 5/5] Every voldmanaged storage is adoptable +Subject: [PATCH 5/6] Every voldmanaged storage is adoptable --- main.cpp | 2 +- diff --git a/patches/trebledroid/platform_system_vold/0006-Revert-vold-remove-session-keyring-workaround-for-ol.patch b/patches/trebledroid/platform_system_vold/0006-Revert-vold-remove-session-keyring-workaround-for-ol.patch new file mode 100644 index 00000000..fef68294 --- /dev/null +++ b/patches/trebledroid/platform_system_vold/0006-Revert-vold-remove-session-keyring-workaround-for-ol.patch @@ -0,0 +1,286 @@ +From b0dcacebec5727ccf1954488a8f3da0266383e39 Mon Sep 17 00:00:00 2001 +From: Pierre-Hugues Husson +Date: Fri, 18 Oct 2024 17:26:04 -0400 +Subject: [PATCH 6/6] Revert "vold: remove session keyring workaround for old + kernels" + +This reverts commit 0e87a83cbacd7ccb47873df1b555598f94e6a287. +--- + Android.bp | 1 + + FsCrypt.cpp | 24 +++++++++++ + KeyUtil.cpp | 115 ++++++++++++++++++++++++++++++++++++++++++++++++++++ + KeyUtil.h | 13 ++++++ + 4 files changed, 153 insertions(+) + +diff --git a/Android.bp b/Android.bp +index ba3267ca..ffa63af9 100644 +--- a/Android.bp ++++ b/Android.bp +@@ -62,6 +62,7 @@ cc_defaults { + "libincfs", + "libhidlbase", + "libkeymint_support", ++ "libkeyutils", + "liblog", + "liblogwrap", + "libselinux", +diff --git a/FsCrypt.cpp b/FsCrypt.cpp +index 758ec9dc..7baf5cc5 100644 +--- a/FsCrypt.cpp ++++ b/FsCrypt.cpp +@@ -48,6 +48,7 @@ + #include + + #include ++#include + #include + + #include +@@ -73,6 +74,7 @@ using android::vold::retrieveOrGenerateKey; + using android::vold::SetDefaultAcl; + using android::vold::SetQuotaInherit; + using android::vold::SetQuotaProjectId; ++using android::vold::writeStringToFile; + using namespace android::fscrypt; + using namespace android::dm; + +@@ -629,6 +631,27 @@ bool fscrypt_create_user_keys(userid_t user_id, bool ephemeral) { + return true; + } + ++// "Lock" all encrypted directories whose key has been removed. This is needed ++// in the case where the keys are being put in the session keyring (rather in ++// the newer filesystem-level keyrings), because removing a key from the session ++// keyring doesn't affect inodes in the kernel's inode cache whose per-file key ++// was already set up. So to remove the per-file keys and make the files ++// "appear encrypted", these inodes must be evicted. ++// ++// To do this, sync() to clean all dirty inodes, then drop all reclaimable slab ++// objects systemwide. This is overkill, but it's the best available method ++// currently. Don't use drop_caches mode "3" because that also evicts pagecache ++// for in-use files; all files relevant here are already closed and sync'ed. ++static void drop_caches_if_needed() { ++ if (android::vold::isFsKeyringSupported()) { ++ return; ++ } ++ sync(); ++ if (!writeStringToFile("2", "/proc/sys/vm/drop_caches")) { ++ PLOG(ERROR) << "Failed to drop caches during key eviction"; ++ } ++} ++ + // Evicts all the user's keys of one type from all volumes (internal and adoptable). + // This evicts either CE keys or DE keys, depending on which map is passed. + static bool evict_user_keys(std::map& policy_map, userid_t user_id) { +@@ -641,6 +664,7 @@ static bool evict_user_keys(std::map& policy_map, userid + success &= android::vold::evictKey(BuildDataPath(volume_uuid), policy); + } + policy_map.erase(it); ++ drop_caches_if_needed(); + } + return success; + } +diff --git a/KeyUtil.cpp b/KeyUtil.cpp +index bd2ccddd..9e8920d1 100644 +--- a/KeyUtil.cpp ++++ b/KeyUtil.cpp +@@ -28,6 +28,7 @@ + + #include + #include ++#include + + #include "KeyStorage.h" + #include "Utils.h" +@@ -74,6 +75,39 @@ bool generateStorageKey(const KeyGeneration& gen, KeyBuffer* key) { + } + } + ++static bool isFsKeyringSupportedImpl() { ++ android::base::unique_fd fd(open("/data", O_RDONLY | O_DIRECTORY | O_CLOEXEC)); ++ ++ // FS_IOC_ADD_ENCRYPTION_KEY with a NULL argument will fail with ENOTTY if ++ // the ioctl isn't supported. Otherwise it will fail with another error ++ // code such as EFAULT. ++ // ++ // Note that there's no need to check for FS_IOC_REMOVE_ENCRYPTION_KEY, ++ // since it's guaranteed to be available if FS_IOC_ADD_ENCRYPTION_KEY is. ++ // There's also no need to check for support on external volumes separately ++ // from /data, since either the kernel supports the ioctls on all ++ // fscrypt-capable filesystems or it doesn't. ++ errno = 0; ++ (void)ioctl(fd, FS_IOC_ADD_ENCRYPTION_KEY, NULL); ++ if (errno == ENOTTY) { ++ LOG(INFO) << "Kernel doesn't support FS_IOC_ADD_ENCRYPTION_KEY. Falling back to " ++ "session keyring"; ++ return false; ++ } ++ if (errno != EFAULT) { ++ PLOG(WARNING) << "Unexpected error from FS_IOC_ADD_ENCRYPTION_KEY"; ++ } ++ LOG(DEBUG) << "Detected support for FS_IOC_ADD_ENCRYPTION_KEY"; ++ return true; ++} ++ ++// Return true if the kernel supports the ioctls to add/remove fscrypt keys ++// directly to/from the filesystem. ++bool isFsKeyringSupported(void) { ++ static bool supported = isFsKeyringSupportedImpl(); ++ return supported; ++} ++ + // Get raw keyref - used to make keyname and to pass to ioctl + static std::string generateKeyRef(const uint8_t* key, int length) { + SHA512_CTX c; +@@ -93,6 +127,20 @@ static std::string generateKeyRef(const uint8_t* key, int length) { + return std::string((char*)key_ref2, FSCRYPT_KEY_DESCRIPTOR_SIZE); + } + ++static bool fillKey(const KeyBuffer& key, fscrypt_key* fs_key) { ++ if (key.size() != FSCRYPT_MAX_KEY_SIZE) { ++ LOG(ERROR) << "Wrong size key " << key.size(); ++ return false; ++ } ++ static_assert(FSCRYPT_MAX_KEY_SIZE == sizeof(fs_key->raw), "Mismatch of max key sizes"); ++ fs_key->mode = 0; // unused by kernel ++ memcpy(fs_key->raw, key.data(), key.size()); ++ fs_key->size = key.size(); ++ return true; ++} ++ ++static char const* const NAME_PREFIXES[] = {"ext4", "f2fs", "fscrypt", nullptr}; ++ + static std::string keyrefstring(const std::string& raw_ref) { + std::ostringstream o; + for (unsigned char i : raw_ref) { +@@ -101,6 +149,44 @@ static std::string keyrefstring(const std::string& raw_ref) { + return o.str(); + } + ++static std::string buildLegacyKeyName(const std::string& prefix, const std::string& raw_ref) { ++ return prefix + ":" + keyrefstring(raw_ref); ++} ++ ++// Get the ID of the keyring we store all fscrypt keys in when the kernel is too ++// old to support FS_IOC_ADD_ENCRYPTION_KEY and FS_IOC_REMOVE_ENCRYPTION_KEY. ++static bool fscryptKeyring(key_serial_t* device_keyring) { ++ *device_keyring = keyctl_search(KEY_SPEC_SESSION_KEYRING, "keyring", "fscrypt", 0); ++ if (*device_keyring == -1) { ++ PLOG(ERROR) << "Unable to find device keyring"; ++ return false; ++ } ++ return true; ++} ++ ++// Add an encryption key to the legacy global session keyring. ++static bool installKeyLegacy(const KeyBuffer& key, const std::string& raw_ref) { ++ // Place fscrypt_key into automatically zeroing buffer. ++ KeyBuffer fsKeyBuffer(sizeof(fscrypt_key)); ++ fscrypt_key& fs_key = *reinterpret_cast(fsKeyBuffer.data()); ++ ++ if (!fillKey(key, &fs_key)) return false; ++ key_serial_t device_keyring; ++ if (!fscryptKeyring(&device_keyring)) return false; ++ for (char const* const* name_prefix = NAME_PREFIXES; *name_prefix != nullptr; name_prefix++) { ++ auto ref = buildLegacyKeyName(*name_prefix, raw_ref); ++ key_serial_t key_id = ++ add_key("logon", ref.c_str(), (void*)&fs_key, sizeof(fs_key), device_keyring); ++ if (key_id == -1) { ++ PLOG(ERROR) << "Failed to insert key into keyring " << device_keyring; ++ return false; ++ } ++ LOG(DEBUG) << "Added key " << key_id << " (" << ref << ") to keyring " << device_keyring ++ << " in process " << getpid(); ++ } ++ return true; ++} ++ + // Build a struct fscrypt_key_specifier for use in the key management ioctls. + static bool buildKeySpecifier(fscrypt_key_specifier* spec, const EncryptionPolicy& policy) { + switch (policy.options.version) { +@@ -144,6 +230,9 @@ bool installKey(const std::string& mountpoint, const EncryptionOptions& options, + // "descriptor", which must be provided by userspace. We use the + // first 8 bytes from the double SHA-512 of the key itself. + policy->key_raw_ref = generateKeyRef((const uint8_t*)key.data(), key.size()); ++ if (!isFsKeyringSupported()) { ++ return installKeyLegacy(key, policy->key_raw_ref); ++ } + if (!buildKeySpecifier(&arg->key_spec, *policy)) { + return false; + } +@@ -187,6 +276,29 @@ bool installKey(const std::string& mountpoint, const EncryptionOptions& options, + return true; + } + ++// Remove an encryption key from the legacy global session keyring. ++static bool evictKeyLegacy(const std::string& raw_ref) { ++ key_serial_t device_keyring; ++ if (!fscryptKeyring(&device_keyring)) return false; ++ bool success = true; ++ for (char const* const* name_prefix = NAME_PREFIXES; *name_prefix != nullptr; name_prefix++) { ++ auto ref = buildLegacyKeyName(*name_prefix, raw_ref); ++ auto key_serial = keyctl_search(device_keyring, "logon", ref.c_str(), 0); ++ ++ // Unlink the key from the keyring. Prefer unlinking to revoking or ++ // invalidating, since unlinking is actually no less secure currently, and ++ // it avoids bugs in certain kernel versions where the keyring key is ++ // referenced from places it shouldn't be. ++ if (keyctl_unlink(key_serial, device_keyring) != 0) { ++ PLOG(ERROR) << "Failed to unlink key with serial " << key_serial << " ref " << ref; ++ success = false; ++ } else { ++ LOG(DEBUG) << "Unlinked key with serial " << key_serial << " ref " << ref; ++ } ++ } ++ return success; ++} ++ + static void waitForBusyFiles(const struct fscrypt_key_specifier key_spec, const std::string ref, + const std::string mountpoint) { + android::base::unique_fd fd(open(mountpoint.c_str(), O_RDONLY | O_DIRECTORY | O_CLOEXEC)); +@@ -247,6 +359,9 @@ static void waitForBusyFiles(const struct fscrypt_key_specifier key_spec, const + + bool evictKey(const std::string& mountpoint, const EncryptionPolicy& policy) { + const std::lock_guard lock(fscrypt_keyring_mutex); ++ if (policy.options.version == 1 && !isFsKeyringSupported()) { ++ return evictKeyLegacy(policy.key_raw_ref); ++ } + + android::base::unique_fd fd(open(mountpoint.c_str(), O_RDONLY | O_DIRECTORY | O_CLOEXEC)); + if (fd == -1) { +diff --git a/KeyUtil.h b/KeyUtil.h +index cc1a1f98..17a234e6 100644 +--- a/KeyUtil.h ++++ b/KeyUtil.h +@@ -43,15 +43,28 @@ bool generateStorageKey(const KeyGeneration& gen, KeyBuffer* key); + // be generated. + const KeyGeneration neverGen(); + ++bool isFsKeyringSupported(void); ++ + // Install a file-based encryption key to the kernel, for use by encrypted files + // on the specified filesystem using the specified encryption policy version. + // ++// For v1 policies, we use FS_IOC_ADD_ENCRYPTION_KEY if the kernel supports it. ++// Otherwise we add the key to the legacy global session keyring. ++// ++// For v2 policies, we always use FS_IOC_ADD_ENCRYPTION_KEY; it's the only way ++// the kernel supports. ++// + // Returns %true on success, %false on failure. On success also sets *policy + // to the EncryptionPolicy used to refer to this key. + bool installKey(const std::string& mountpoint, const android::fscrypt::EncryptionOptions& options, + const KeyBuffer& key, android::fscrypt::EncryptionPolicy* policy); + + // Evict a file-based encryption key from the kernel. ++// ++// We use FS_IOC_REMOVE_ENCRYPTION_KEY if the kernel supports it. Otherwise we ++// remove the key from the legacy global session keyring. ++// ++// In the latter case, the caller is responsible for dropping caches. + bool evictKey(const std::string& mountpoint, const android::fscrypt::EncryptionPolicy& policy); + + // Retrieves the key from the named directory, or generates it if it doesn't +-- +2.34.1 +