Support FBE. Android cannot boot this way though.

Author: vasishath

install_zip/Android.mk

@@ -17,9 +17,9 @@ ifeq ($(MR_ENCRYPTION),true)
 	multirom_extra_dep += trampoline_encmnt linker
 
 	multirom_cp_enc_libs := \
-		libcryptfslollipop.so libcrypto.so libc.so libcutils.so \
+		libcryptfslollipop.so libcrypto.so libext4_utils.so libsparse.so libext2_uuid.so libe4crypt.so libc.so libcutils.so \
 		libdl.so libhardware.so liblog.so libm.so libstdc++.so \
-		libc++.so
+		libc++.so libwifikeystorehal.so libsoftkeymasterdevice.so android.system.wifi.keystore@1.0.so android.hardware.weaver@1.0.so
 
 	ifeq ($(TARGET_HW_DISK_ENCRYPTION),true)
 		multirom_cp_enc_libs += \

lib/util.c

@@ -432,11 +432,13 @@ void clone_dir(DIR* d, char* dirpath, char* target, bool preserve_context, char*
             copy_dir_contents(dir, in, out, exclude_dir);
             continue;
         } else if (dp->d_type == DT_LNK) {
+            ERROR("copying link %s to %s\n", in, out);
             char target[256];
             readlink(in, target, sizeof(target));
             symlink(target, out);
             setattr(out, &a);
         } else if (dp->d_type == DT_REG) {
+            ERROR("copying file %s to %s\n", in, out);
             if (preserve_context) {
                 char* context = calloc(1, 50);
                 getfilecon(in, &context);

trampoline/Android.mk

@@ -12,7 +12,7 @@ LOCAL_MODULE_TAGS := optional
 
 LOCAL_MODULE_PATH := $(TARGET_ROOT_OUT)
 LOCAL_UNSTRIPPED_PATH := $(TARGET_ROOT_OUT_UNSTRIPPED)
-LOCAL_STATIC_LIBRARIES := libcutils libc libmultirom_static libbootimg libselinux
+LOCAL_STATIC_LIBRARIES := libcutils libc libmultirom_static libbootimg libselinux libext4_utils libkeyutils libbase liblog
 LOCAL_C_INCLUDES += system/extras/libbootimg/include
 LOCAL_FORCE_STATIC_EXECUTABLE := true
 

trampoline/encryption.c

@@ -32,16 +32,18 @@
 #include "../trampoline_encmnt/encmnt_defines.h"
 #include "../hooks.h"
 
+extern int e4crypt_install_keyring();
+
 static char encmnt_cmd_arg[64] = { 0 };
 static char *const encmnt_cmd[] = { "/mrom_enc/trampoline_encmnt", encmnt_cmd_arg, NULL };
 #ifdef MR_ENCRYPTION_FAKE_PROPERTIES
-static char *const encmnt_envp[] = { "LD_LIBRARY_PATH=/mrom_enc/", "LD_PRELOAD=/mrom_enc/libmultirom_fake_properties.so /mrom_enc/libmultirom_fake_propertywait.so", NULL };
+static char *const encmnt_envp[] = { "LD_CONFIG_FILE='/mrom_enc/ld.config.txt'", "LD_LIBRARY_PATH=/mrom_enc/", "LD_PRELOAD=/mrom_enc/libmultirom_fake_properties.so /mrom_enc/libmultirom_fake_propertywait.so", NULL };
 #else
-static char *const encmnt_envp[] = { "LD_LIBRARY_PATH=/mrom_enc/", NULL };
+static char *const encmnt_envp[] = { "LD_CONFIG_FILE='/mrom_enc/ld.config.txt'", "LD_LIBRARY_PATH=/mrom_enc/", NULL };
 #endif
 static int g_decrypted = 0;
 
-int encryption_before_mount(struct fstab *fstab)
+int encryption_before_mount(struct fstab *fstab, bool isFbe)
 {
     int exit_code = -1;
     char *output = NULL, *itr;
@@ -80,52 +82,70 @@ int encryption_before_mount(struct fstab *fstab)
 
     INFO("Running trampoline_encmnt\n");
 
-    strcpy(encmnt_cmd_arg, "decrypt");
+    if (isFbe) {
+        //rename("/realdata", "/data");
+        int err = mount("/realdata", "/data", NULL, MS_MOVE, NULL);
+        INFO("err %d %s\n", err, strerror(errno));
+        int ret = e4crypt_install_keyring();
+        strcpy(encmnt_cmd_arg, "decryptfbe");
+    } else {
+        strcpy(encmnt_cmd_arg, "decrypt");
+    }
     output = run_get_stdout_with_exit_with_env(encmnt_cmd, &exit_code, encmnt_envp);
-    if(exit_code != 0 || !output)
+    if(exit_code != 0 || (!isFbe && !output))
     {
         ERROR("Failed to run trampoline_encmnt, exit code %d: %s\n", exit_code, output);
         goto exit;
     }
 
-    itr = output + strlen(output) - 1;
-    while(itr >= output && isspace(*itr))
-        *itr-- = 0;
-
-    if(strcmp(output, ENCMNT_BOOT_INTERNAL_OUTPUT) == 0)
-    {
-        INFO("trampoline_encmnt requested to boot internal ROM.\n");
-        res = ENC_RES_BOOT_INTERNAL;
-        goto exit;
+    if (!isFbe || exit_code != 0) {
+        itr = output + strlen(output) - 1;
+        while(itr >= output && isspace(*itr))
+            *itr-- = 0;
+
+        if(strcmp(output, ENCMNT_BOOT_INTERNAL_OUTPUT) == 0)
+        {
+            INFO("trampoline_encmnt requested to boot internal ROM.\n");
+            res = ENC_RES_BOOT_INTERNAL;
+            goto exit;
+        }
+
+        if(strcmp(output, ENCMNT_BOOT_RECOVERY_OUTPUT) == 0)
+        {
+            INFO("trampoline_encmnt requested to boot recovery.\n");
+            res = ENC_RES_BOOT_RECOVERY;
+            goto exit;
+        }
     }
 
-    if(strcmp(output, ENCMNT_BOOT_RECOVERY_OUTPUT) == 0)
-    {
-        INFO("trampoline_encmnt requested to boot recovery.\n");
-        res = ENC_RES_BOOT_RECOVERY;
-        goto exit;
-    }
+    if (!isFbe) {
 
-    if(!strstartswith(output, "/dev"))
-    {
-        ERROR("Invalid trampoline_encmnt output: %s\n", output);
-        goto exit;
-    }
+        if(!strstartswith(output, "/dev"))
+        {
+            ERROR("Invalid trampoline_encmnt output: %s\n", output);
+            goto exit;
+        }
 
-    g_decrypted = 1;
+        g_decrypted = 1;
 
-    struct fstab_part *datap = fstab_find_first_by_path(fstab, "/data");
-    if(!datap)
-    {
-        ERROR("Failed to find /data in fstab!\n");
-        goto exit;
-    }
+        struct fstab_part *datap = fstab_find_first_by_path(fstab, "/data");
+        if(!datap)
+        {
+            ERROR("Failed to find /data in fstab!\n");
+            goto exit;
+        }
 
-    INFO("Updating device %s to %s in fstab due to encryption.\n", datap->device, output);
-    fstab_update_device(fstab, datap->device, output);
+        INFO("Updating device %s to %s in fstab due to encryption.\n", datap->device, output);
+        fstab_update_device(fstab, datap->device, output);
+    }
 
     res = ENC_RES_OK;
 exit:
+    if (isFbe) {
+        //rename("/data", "/realdata");
+        mount("/data", "/realdata", NULL, MS_MOVE, NULL);
+        mkdir("/data", 0755);
+    }
     free(output);
     return res;
 }

trampoline/encryption.h

@@ -24,11 +24,11 @@
 #define ENC_RES_BOOT_RECOVERY 2
 
 #ifdef MR_ENCRYPTION
-int encryption_before_mount(struct fstab *fstab);
+int encryption_before_mount(struct fstab *fstab, bool isFbe);
 void encryption_destroy(void);
 int encryption_cleanup(void);
 #else
-int encryption_before_mount(struct fstab *fstab) { return ENC_RES_OK; }
+int encryption_before_mount(struct fstab *fstab, bool isFbe) { return ENC_RES_OK; }
 void encryption_destroy(void) { }
 int encryption_cleanup(void) { return 0; }
 #endif

trampoline/trampoline.cpp

@@ -241,8 +241,15 @@ static int try_mount_all_entries(struct fstab *fstab, struct fstab_part *first_d
         // su binaries on /data
         p_itr->mountflags &= ~(MS_NOSUID);
 
-        if(mount(p_itr->device, REALDATA, p_itr->type, p_itr->mountflags, p_itr->options) >= 0)
-            return 0;
+        if(mount(p_itr->device, REALDATA, p_itr->type, p_itr->mountflags, p_itr->options) >= 0) {
+            struct stat info;
+            if(stat("/realdata/unencrypted/key/version", &info) < 0) {
+                return 0;
+            } else {
+                INFO("File system is FBE encrypted");
+                return -2;
+            }
+        }
     }
     while((p_itr = fstab_find_next_by_path(fstab, "/data", p_itr)));
 
@@ -261,6 +268,13 @@ static int try_mount_all_entries(struct fstab *fstab, struct fstab_part *first_d
         if(mount(first_data_p->device, REALDATA, fs_types[i], first_data_p->mountflags, fs_opts[i]) >= 0)
         {
             INFO("/realdata successfuly mounted with fs %s\n", fs_types[i]);
+            struct stat info;
+            if(stat("/realdata/unencrypted/key/version", &info) < 0) {
+                return 0;
+            } else {
+                INFO("File system is FBE encrypted\n");
+                return -2;
+            }
             return 0;
         }
     }
@@ -290,14 +304,15 @@ static int mount_and_run(struct fstab *fstab)
     mkdir(REALDATA, 0755);
     mkdir("/data", 0755);
 
-    if(try_mount_all_entries(fstab, datap) < 0)
+    int ret = try_mount_all_entries(fstab, datap);
+    if(ret < 0)
     {
 #ifndef MR_ENCRYPTION
         ERROR("Failed to mount /data with all possible filesystems!\n");
         return -1;
 #else
-        INFO("Failed to mount /data, trying encryption...\n");
-        switch(encryption_before_mount(fstab))
+        INFO("Failed to mount /realdata, trying encryption...\n");
+        switch(encryption_before_mount(fstab, ret == -2))
         {
             case ENC_RES_ERR:
                 ERROR("/data decryption failed!\n");
@@ -314,7 +329,7 @@ static int mount_and_run(struct fstab *fstab)
             default:
             case ENC_RES_OK:
             {
-                if(try_mount_all_entries(fstab, datap) < 0)
+                if(ret != -2 && try_mount_all_entries(fstab, datap) < 0)
                 {
                     ERROR("Failed to mount decrypted /data with all possible filesystems!\n");
                     return -1;
@@ -635,6 +650,7 @@ int main(int argc, char *argv[])
     mkdir("/dev/socket", 0755);
     mkdir("/proc", 0755);
     mkdir("/sys", 0755);
+    mkdir("/tmp", 0755);
 
     mount("tmpfs", "/dev", "tmpfs", MS_NOSUID, "mode=0755");
     mount("devpts", "/dev/pts", "devpts", 0, NULL);
@@ -691,6 +707,8 @@ int main(int argc, char *argv[])
     if (access("/fakefstab/", F_OK)) {
         DIR* dir = opendir("/proc/device-tree/firmware/android");
         copy_dir_contents(dir, "/proc/device-tree/firmware/android", "/fakefstab", NULL);
+        //remove("/fakefstab/fstab/system/mnt_point");
+        rmdir("/fakefstab/fstab/vendor");
     }
     umount("/proc");
     umount("/sys/fs/pstore");

trampoline_encmnt/Android.mk

@@ -5,8 +5,8 @@ LOCAL_MODULE:= trampoline_encmnt
 LOCAL_MODULE_TAGS := optional
 LOCAL_MODULE_PATH := $(TARGET_ROOT_OUT)
 LOCAL_UNSTRIPPED_PATH := $(TARGET_ROOT_OUT_UNSTRIPPED)
-LOCAL_SHARED_LIBRARIES := libcryptfslollipop libcutils
-LOCAL_STATIC_LIBRARIES := libmultirom_static
+LOCAL_SHARED_LIBRARIES := libcryptfslollipop libcutils libe4crypt
+LOCAL_STATIC_LIBRARIES := libmultirom_static libext4_utils
 
 LOCAL_ADDITIONAL_DEPENDENCIES += libstdc++
 
@@ -29,8 +29,9 @@ else
     $(error Failed to find path to TWRP, which is required to build MultiROM with encryption support)
 endif
 
-LOCAL_C_INCLUDES += $(multirom_local_path) $(mr_twrp_path) $(mr_twrp_path)/crypto/scrypt/lib/crypto external/openssl/include external/boringssl/include
+LOCAL_C_INCLUDES += $(multirom_local_path) $(mr_twrp_path) $(mr_twrp_path)/crypto/scrypt/lib/crypto $(mr_twrp_path)/crypto/ext4crypt external/openssl/include external/boringssl/include
 LOCAL_C_INCLUDES += system/extras/libbootimg/include
+LOCAL_C_INCLUDES += system/extras/ext4_utils/include/ext4_utils
 
 LOCAL_SRC_FILES := \
     encmnt.cpp \
@@ -49,8 +50,9 @@ ifeq ($(MR_ENCRYPTION_FAKE_PROPERTIES),true)
     LOCAL_MODULE := libmultirom_fake_properties
     LOCAL_MODULE_TAGS := optional
     LOCAL_C_INCLUDES += $(multirom_local_path)
+	LOCAL_C_INCLUDES += system/extras/libbootimg/include
 
-    LOCAL_SRC_FILES := fake_properties.c
+    LOCAL_SRC_FILES := fake_properties.c klog.c
     LOCAL_SHARED_LIBRARIES := liblog
 
     ifneq ($(MR_ENCRYPTION_FAKE_PROPERTIES_EXTRAS),)