static const std::string arbitrary_sequence_number = "42";
static const int vold_command_timeout_ms = 60 * 1000;
+static int set_system_de_policy_on(char const* dir);
+
int e4crypt_install_keyring()
{
key_serial_t device_keyring = add_key("keyring", "e4crypt", 0, 0,
int e4crypt_set_directory_policy(const char* dir)
{
+ if (!dir || strncmp(dir, "/data/", 6)) {
+ return 0;
+ }
+
+ // Special-case /data/media/obb per b/64566063
+ if (strcmp(dir, "/data/media/obb") == 0) {
+ // Try to set policy on this directory, but if it is non-empty this may fail.
+ set_system_de_policy_on(dir);
+ return 0;
+ }
+
// Only set policy on first level /data directories
// To make this less restrictive, consider using a policy file.
// However this is overkill for as long as the policy is simply
// to apply a global policy to all /data folders created via makedir
- if (!dir || strncmp(dir, "/data/", 6) || strchr(dir + 6, '/')) {
+ if (strchr(dir + 6, '/')) {
return 0;
}
return 0;
}
}
+ return set_system_de_policy_on(dir);
+}
+static int set_system_de_policy_on(char const* dir) {
std::string ref_filename = std::string("/data") + e4crypt_key_ref;
std::string policy;
if (!android::base::ReadFileToString(ref_filename, &policy)) {