From: Simon Sickle Date: Sat, 25 Nov 2017 02:38:21 +0000 (-0600) Subject: Add script from @jcadduono for encryption X-Git-Url: https://git.stricted.de/?a=commitdiff_plain;h=d6bc9531f56e65ba1220c7c6da1be3ccd87c4c86;p=GitHub%2Fmoto-9609%2Ftwrp_device_motorola_troika.git Add script from @jcadduono for encryption https://github.com/TeamWin/android_device_oneplus_oneplus3/blob/android-6.0/recovery/root/sbin/setup_decrypt Signed-off-by: Simon Sickle --- diff --git a/recovery/root/init.recovery.qcom.rc b/recovery/root/init.recovery.qcom.rc index 8a5092e..95c4e76 100644 --- a/recovery/root/init.recovery.qcom.rc +++ b/recovery/root/init.recovery.qcom.rc @@ -25,21 +25,37 @@ # ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. # -on fs - wait /dev/block/platform/soc/1da4000.ufshc - symlink /dev/block/platform/soc/1da4000.ufshc /dev/block/bootdevice +# encryption support +on init chmod 0660 /dev/qseecom chown system drmrpc /dev/qseecom chmod 0664 /dev/ion chown system system /dev/ion + +on early-fs + start setup-decrypt + +on fs + wait /dev/block/platform/soc/1da4000.ufshc + symlink /dev/block/platform/soc/1da4000.ufshc /dev/block/bootdevice install_keyring -# Separate copy needed to use /sbin/linker64 instead of /system/bin/linker64 -service sbinqseecomd /sbin/qseecomd +on property:ro.crypto.state=encrypted + start qseecomd + +# use decryption libraries from /system if available +service setup-decrypt /sbin/setup_decrypt + oneshot + disabled + user root + group root + seclabel u:r:recovery:s0 + +# use decryption libraries from /system if available +service setup-decrypt /sbin/setup_decrypt + oneshot disabled user root group root seclabel u:r:recovery:s0 -on boot - start sbinqseecomd diff --git a/recovery/root/sbin/setup_decrypt b/recovery/root/sbin/setup_decrypt new file mode 100644 index 0000000..4c0329e --- /dev/null +++ b/recovery/root/sbin/setup_decrypt @@ -0,0 +1,89 @@ +#!/sbin/sh + +log() { + echo "$*" + (echo "setup_decrypt: $*" > /dev/kmsg) 2> /dev/null +} + +abort() { + log "Error: $*" + setprop ro.crypto.using_system_libs 0 + exit 1 +} + +restart_crypto() { + crypto_state=$(getprop ro.crypto.state) + qsee_state=$(getprop init.svc.qseecomd) + + [ "$qsee_state" = "running" ] && { + log "Stopping qseecomd" + stop qseecomd + } + [ "$crypto_state" = "encrypted" ] && { + log "Starting qseecomd" + start qseecomd + } +} + +mountpoint -q /system || { + mkdir -p /system + log "Mounting /system read-only" + mount -t ext4 -o ro /dev/block/bootdevice/by-name/system /system +} +mountpoint -q /system || abort "Could not mount /system for crypto libs!" + +bin=/system/bin +lib=/system/vendor/lib64 +hw=$lib/hw + +ready=true + +for f in \ + "$bin/qseecomd" \ + "$hw/keystore.msm8998.so" \ + "$lib/libQSEEComAPI.so" \ + "$lib/libdiag.so" \ + "$lib/libdrmfs.so" \ + "$lib/libdrmtime.so" \ + "$lib/librpmb.so" \ + "$lib/libssd.so" \ + "$lib/libtime_genoff.so" +do + [ -f "$f" ] && continue + + log "Could not find crypto file: $f" + ready=false +done + +$ready || abort "Missing one or more decryption libraries!" + +mkdir -p /vendor/lib64/hw/ + +log "Copying decryption libraries from /system" +cp -f \ + "$bin/qseecomd" \ + "$hw/keystore.msm8998.so" \ + "$lib/libQSEEComAPI.so" \ + "$lib/libdiag.so" \ + "$lib/libdrmfs.so" \ + "$lib/libdrmtime.so" \ + "$lib/librpmb.so" \ + "$lib/libssd.so" \ + "$lib/libtime_genoff.so" \ + /sbin/ + +cp -f "$hw/keystore.msm8998.so" /vendor/lib64/hw/ +cp -f "$lib/libQSEEComAPI.so" /vendor/lib64/ + +chmod 0750 /sbin/qseecomd + +# we have to link qseecomd to /sbin/linker64 because /system is unmounted when it starts +sed -i "s|/system/bin/linker|///////sbin/linker|" /sbin/qseecomd + +setprop ro.crypto.using_system_libs 1 + +log "Using system decryption libraries!" + +restart_crypto + +exit 0