From ee620e7882dc4d9737212986618d3dd80577e64d Mon Sep 17 00:00:00 2001 From: Paul Lawrence Date: Mon, 1 May 2017 15:19:09 +0000 Subject: [PATCH] Enable metadata encryption Bug: 26778031 Test: Boots, reboots, sector 0 of userdata encrypted Change-Id: I741f177056e1493fa5bf3e37353ca177e91d6b54 --- BoardConfig.mk | 2 +- init.hardware.rc | 7 +++---- sepolicy/file_contexts | 4 ++++ 3 files changed, 8 insertions(+), 5 deletions(-) diff --git a/BoardConfig.mk b/BoardConfig.mk index 52735e20..8d3d1c7d 100644 --- a/BoardConfig.mk +++ b/BoardConfig.mk @@ -66,7 +66,7 @@ TARGET_COPY_OUT_VENDOR := vendor # Install odex files into the other system image BOARD_USES_SYSTEM_OTHER_ODEX := true -BOARD_ROOT_EXTRA_FOLDERS := persist firmware +BOARD_ROOT_EXTRA_FOLDERS := persist firmware metadata BOARD_SEPOLICY_DIRS += device/google/wahoo/sepolicy diff --git a/init.hardware.rc b/init.hardware.rc index 1af2c56d..73d6ddd1 100644 --- a/init.hardware.rc +++ b/init.hardware.rc @@ -203,6 +203,9 @@ on post-fs-data # will fail restart qseecomd + # Set indication (checked by vold) that we have finished this action + setprop vold.post_fs_data_done 1 + # zygote need to be started after otapreopt which will be done on post-fs-data on zygote-start # zygote is started in common init.rc @@ -315,10 +318,6 @@ on zygote-start mkdir /data/nfc/param 0770 nfc nfc mkdir /data/vendor/nfc 0770 nfc nfc - - # Set indication (checked by vold) that we have finished this action - setprop vold.post_fs_data_done 1 - on early-boot # wait for devices wait_for_prop sys.qcom.devup 1 diff --git a/sepolicy/file_contexts b/sepolicy/file_contexts index 7ff03f77..375f5a70 100644 --- a/sepolicy/file_contexts +++ b/sepolicy/file_contexts @@ -280,3 +280,7 @@ /persist/data(/.*)? u:object_r:persist_data_file:s0 /persist/display(/.*)? u:object_r:persist_display_file:s0 /persist/sensors(/.*)? u:object_r:persist_sensors_file:s0 + +/metadata u:object_r:rootfs:s0 +/metadata/.* u:object_r:vold_data_file:s0 +