In order to make sure the crypto state and type is set
properly if the device is encrypted, move this check to
a function and call it in cases where the default password
is being used and in cases where it isn't. This will ensure that
an unencrypted device isn't set as encrypted by mistake.
Change-Id: I736f9cbee0e95d7390a09c8235b9914feddaceaf
BUG: prebuilt vendor blobs are being overriden by vendor partition, which causes failed to decrypt the device
TEST: after this patch vendor is no more overriding and decryption working as expected.
* Devices using the stock or the rom based libs then it needed to add the TW_USES_VENDOR_LIBS := true in the BoardConfig
Change-Id: I3cbc7fe6df2289081e9198941cfb65a1a7e0e6a3
Signed-off-by: Mohd Faraz <androiabledroid@gmail.com>
* Add CLI support using the command "twrp decrypt <PASSWORD> [USER ID]"
* Add GUI support using the menu Advanced --> Decrypt User
multiuser: Parse users only when Decrypt_DE runs successfully
multiuser: Warn when not all users are decrypted
Change-Id: Ia5e943b13c2d5ec5c34ae97661133c19ff471e6d
For the back-up menu, we can detail what the super partition includes by
aggregating one of BOARD_GOOGLE_DYNAMIC_PARTITIONS_PARTITION_LIST or
BOARD_QTI_DYNAMIC_PARTITIONS_PARTITION_LIST.
We comma-separate the list and capitalise the first letter of each
dynamic partition.
Change-Id: I663eaf4f28b4591293aae21c2dd11f615f625746
fastbootd is a userspace daemon that runs in the recovery
ramdisk. It allows writing single partitions to the super
partition via fastboot CLI. When TWRP sees the fastboot option
in the misc partition during startup, it will start with
the fastbootd page and fastbootd running. Otherwise it will
run recovery normally.
Change-Id: Id7b12d29ef21dbd5950dc884dd1cd788f25357f0
* Since some devices are unable to decrypt after processing of the fstab,
because of the partition details updation, and after intro of dynamic partitioning
here decryption process was going on after complete processing of the dynamic volumes.
* This patch fix these issue, it process the logical volumes at their time not after all processing fstabs.
This fixes the decryption issue.
Translate more partitions i.e., ODM, Product.
Added more partitions in unmount partitions.
Change-Id: I977c0cf0c40e5311f54a78c98f1fd89f71c6ac57
Signed-off-by: Mohd Faraz <androiabledroid@gmail.com>
for android-10
This will support updating the ramdisk to a different
compression format and co-exist with magisk.
We are also cleaning up and removing non android-10
api makefile actions.
We are also moving twrp repacking to its own class. We
check the new ramdisk format and if it's different
we have magisk compress using the new ramdisk format.
Change-Id: I770030aae7797e75817178b2f0fccd9f39dc23af
This patchset is now exlcuding /data/cache from backup, and removing it
from the wipe exclusion list to prevent errors on restore and wiping
/data.
This patchset changes the directory from /data/cache to /data/recovery for TWRP
to store logs and other file information. This will help with AB
devices that don't want recovery to mess with /data/cache.
This patchset will make ORS use /data/cache for AB devices.
Remove policy code because we don't need to set a policy for the
recovery directory.
Change-Id: I1d140276314fd34804a72297d6e25a52e58210a0
fscrypt aosp doc: https://source.android.com/security/encryption/file-based
kernel fscrypt doc: https://www.kernel.org/doc/html/v4.18/filesystems/fscrypt.html
This commit implements the ability for TWRP to use fscrypt to decrypt
files on the fscrypt implementation. It has been implemented mostly
in a new successor library to e4crypt called libtwrpfscrypt. Most of the
code was ported from AOSP vold.
Notable updates include:
- updated policy storage by libtar
- lookup of fbe policies by libtwrpfscrypt
- threaded keystore operations
Big thanks to Dees_Troy for the initial trailblazing
of encryption in TWRP.
Change-Id: I69cd2eba3693a9914e00213d4943229635d0cdae
Some of the partitions will not be unmount automatically. They shouldn't
be mounted by default.
Bugs:
DM_DEV_REMOVE failed for [product]: Device or resource busy
Cannot unmap product before removing group qti_dynamic_partitions.
script aborted: assert failed: update_dynamic_partitions(package_extract_file("dynamic_partitions_op_list"))
assert failed: update_dynamic_partitions(package_extract_file("dynamic_partitions_op_list"))error: 25
Updater process ended with ERROR: 7
Change-Id: I7cbd5c29456ca2731b94a69bbf9ad77058cef09c
This patch uses the loop device to mount files under
/sbin/ from /system/apex in order for the device to
use libraries or other files store inside these files.
Each apex file is mounted over a loop device into a
directory correpsonding to the apex filename under
/sbin/.
Once apex mounting is completed, TWRP will set a
property twrp.apex.loaded to true so that init
can use them as a LD_LIBARY_PATH source.
Change-Id: I69f14a969123ac9cf1afc85b6cf76836cb092fb2
Change-Id: Ica6a7d8e479bcaec8bec4483b5e8d2b45ee105fb
We are now requiring fstab v2 for android-10+ trees. You can
specify twrp flags using /etc/twrp.flags to label and
annotate partitions.
This patchset uses fs_mgr to load the super partition and build
device mapper blocks off vendor and system depending on the slot
in use. These are mapped to partitions in TWRP and allowed to
be mounted read-only. The super partition is also mapped into a
TWRP partition in order to backup the entire partition. You cannot
backup individual device mapper blocks due to the device can only
be read-only. Therefore you cannot write back to the device mapper.
Change-Id: Icc1d895dcf96ad5ba03989c9bf759419d83673a3
This reverts commit 0b25b1d79b.
Reason for revert: Changes need to be made to libtwrpfscrypt to include this patchset. Will cherry-pick this patch later and make necessary modifications.
Change-Id: I7601d7b820129709b05d9b4368573b6f1048de02
* Add CLI support using the command "twrp decrypt <PASSWORD> [USER ID]"
* Add GUI support using the menu Advanced --> Decrypt User
Change-Id: Id2681bc2b1012a0571417f7a6e0b980b1b25c61c
(cherry picked from commit 5a79f67a1b1bd1bcadeca0a4896a871646652534)
This commit is used to directly use the wrapped key
decryption when the "wrappedkey" flag is set in the
fstab.
Change-Id: I74310c3bbec378ee684a8f6d0395a9776dd22abf
(cherry picked from commit 1db943295de9728e364bf0e75bfe9f1a98d413a1)
This reverts commit 8a411c8d25.
* Always use "/system" to interact with the frontend and replace it
with the detected path before taking actions.
* Don't replace the pretty display name and backup name set during
processing fstab after wipe. This improves UX and ensures that the
system backup is always named system.ext4.win despite the actual
mount point is /system_root so TWRP is able to recover either SAR or
non-SAR backups.
Change-Id: Ie2594d2678d0c75ce25c0d1087d47b035b3f10e9
This will detect whether SAR is present in the currently installed
OS and set the property ro.twrp.sar accordingly.
After setting the property it will call the bootscript
/sbin/sarsetup.sh (if present) to give device maintainers the
option to do setup operations depending on SAR-status, such
as modifiyng the fstab.
If no system is detected and AB_OTA_UPDATER is defined or built with
Android 10 and upwards, it will fallback to using SAR, otherwise it
will use ro.build.system_root_image as basis for deciding whether SAR
is required or not.
The property ro.twrp.sar will also be used by
TWPartitionManager::Get_Android_Root_Path()
This allows maintaining a single TWRP-build for devices switching
to SAR for Android 10.
The default behavior (when no system is installed)
is determined by the build-flags AB_OTA_UPDATER and
BOARD_BUILD_SYSTEM_ROOT_IMAGE
Change-Id: I2a48c6c81a6ea6fad6e452c06bfbe4d9da0f1e5c
ANDROID_ROOT environment variable is also used by other Android
components thus it should ALWAYS be /system in order not to break other
tools. On the other hand, AOSP does have a system property to indicate
system-as-root, just make use of it.
Change-Id: I7fc58a78db7abd05fac9000910169c370f5de62d
* Like Xiaomi's some older devices uses cust as vendor and also mounts cust & vendor simultanously
* This patch will unmount all directories mounted to same block
Change-Id: Ic242e267a470b4d82098d847f74b807a461605c4
Signed-off-by: Mohd Faraz <androiabledroid@gmail.com>
(cherry picked from commit 77a31917f2)
* Like Xiaomi's some older devices uses cust as vendor and also mounts cust & vendor simultanously
* This patch will unmount all directories mounted to same block
Change-Id: Ic242e267a470b4d82098d847f74b807a461605c4
Signed-off-by: Mohd Faraz <androiabledroid@gmail.com>
This allows flame to boot TWRP. Still will need to work on
super partition for vendor and system access.
The plan will be to cherry-pick any updates to android-9.0
through gerrit.twrp.me to this branch as a WIP.
Set TW_INCLUDE_REPACKTOOLS := true
Must also have:
AB_OTA_UPDATER := true
Use magiskboot and provide GUI options to allow users to repack
their existing boot image to install TWRP (or kernels) so we can
stop having to provide installation zips for AB devices. There is
also an option to try to fix a recovery bootloop if the kernel
has been patched to always boot the ramdisk for root, etc.
You will need to pull the below repo into external/magisk-prebuilt
https://github.com/TeamWin/external_magisk-prebuilt
Change-Id: I74196cc6f095a7576d61886dc96cbc18deba9b04
not decrypted. This allows you to continue without error.
Also we should not set restore path for images in adb
backup.
Change-Id: Ia75a70377b8e1364fefc82ad41ccf74fa3b7a3c3
* For EXT2/3:
* Align mke2fs options with Android 9.0 fs_mgr_format.cpp.
* For EXT4:
* Note that make_ext4fs is still in use on Android 8.1 to workaround
a FDE encryption bug even though mke2fs has become the default
choice. The bug is fixed in Android 9.0+.
* For F2FS:
* Drop the broken "-r" option, it's never ported to O, explicitly
pass number of sectors instead.
* Keep all options aligned with Pie fs_mgr.
* Check existence before start wiping, as Wipe_EXT4 does.
* For all:
* Calculate block size at runtime, and reserve the space specified
via negative "length" option from fstab. Note that positive length
will be ignored.
* If the partition has crypto footer, and "length" is not specified
in fstab, automatically reverse CRYPT_FOOTER_OFFSET (16384).
* Remove the default crypto key location: footer, this is a bad
assumption since most partitions don't use encryption! We need to
know the real situation to decide whether to reserve crypto footer
on format.
* If the current action is "wipe" or "change filesystem", wipe crypto
footer or block device after mkfs if the partition is
unencrypted or undecrypted (e.g., wrong password).
* If the current action is "format data", unconditionally wipe crypto
footer or block device.
Change-Id: I7304a8ee703131ea4a08ab7c60334af28cac28b3
cryptfs.cpp based on CAF tag LA.UM.7.3.r1-05900-sdm845.0
Used CAF because AOSP no longer contains code for qcom's hardware
crypto.
Change-Id: I921cbe9bed70989f91449e23b5ac3ec1037b7b97
This update splits old MTP code and new MTP code from Google
into two trees, legacy and ffs. Depending on the SDK level,
the build system will select the correct version. The reason
for separating the versions out are due to older android trees
not supporting the updated MTP code from Google.
Most MTP code is from Google, with additions needed from
implementing the Java functions in C++ for TWRP and FFS.
We assume if you are in android-9.0 or above, your kernel
has support for FFS over MTP. Verify that your init.rc
is mounting the MTP FFS driver to the proper location.
Change-Id: I4b107b239bd9bc5699527f9c8c77d9079f264a7e
This patchset updates all the places we touch cache on AB devices
and non AB devices so that we can write to the appropriate
location. AB devices removed the cache partition and moved it to
/data/cache.
Change-Id: I485ec205a604f1f07ceb7700ae9c4e720fd55c3e
instead of hard-coded /system path
I updated most of the references I found,
but there might be more
For devices that have to mount system at /system_root,
this allows system to be bind mounted to /system
and detected properly by TWRP
Change-Id: I9f142fd8cec392f5b88e95476258dab9c21a9aac
Enable a property when mounting partitions required for decryption, and disable when they are unmounted.
This helps init scripts to react to such an event appropriately, for example by starting services critical for decryption that reside on said partitions.
Change-Id: Ib6fa1e5c903d9c800fb145d582ced6cc7e0ab5b9
* HTC U11 Oreo is using keymaster3 FDE encryption which requires
the new services:
1- /system/bin/hwservicemanager
2- /vendor/bin/hw/android.hardware.keymaster@3.0-service
3- /vendor/bin/qseecomd (instead of /system/bin/qseecomd)
So in addition to /vendor/lib and /vendor/lib64 also
symlink /system/vendor/bin to /vendor/bin.
* vold_decrypt services now have separate prefixes:
1- 'sys_' referring to /system/bin
2- 'ven_' referring to /vendor/bin
* The additional (hwservicemanager, keymaster-3-0) and modified
(qseecomd) .rc files have been updated in the vold_decrypt
directory.
Comments were added directly in the .rc files, please check
them.
* /etc/recovery.fstab needs to be temporarily moved since
vold will use it if it finds the '/sbin/recovery' file
(refer to fs_mgr for the fstab load code https://goo.gl/8KaZyf).
Since fs_mgr cannot parse TWRP style fstab, we 'hide' it
and attempt to create a symlink to /fstab.{ro.hardware}.
Also remove shell dependencies, code cleanup, new error codes:
* Critical sections of vold_decrypt should not rely on the external
shell (and the available binaries) provided by TWFunc::Exec_Cmd.
Doing so may lead to failures resulting from different shell
provided binaries not working properly, especially since busybox
can be inconsistent across different trees.
In particular the following functions have been changed:
* run_vdc() no longer uses daisy chained commands, instead
it now forks and executes vdc directly including a 30 second
built in timeout.
* Symlink_Firmware_Files() no longer relies on the shell 'find'
command to retrieve the list of firmware/vendor files and instead
uses a built in function, Find_Firmware_Files(), which traverses
the system partition to retrieve the list of files.
* The code has also been cleaned up a little for better consistency,
and vold_decrypt will now return various error codes for the
different failures, as defined in vold_decrypt.h, which allows the
gui_msg to be moved back to partitionmanager.cpp.
Notes regarding pre Android 8.0 builds:
* Service names in .rc files cannot exceed 16 characters (including
the prepended 'sys_' or 'ven_') in Android 7.1 and below, so a
service name such as 'sys_hwservicemanager' is out of the question
for 7.1 and below.
* hwservicemanager will check ACLs on 'hwservicemanager' and 'ITokenManager'
if they are even allowed to run, otherwise the interfaces will fail.
The policies have only been introduced in 8.0, and although it is possible
to manually add them to the 7.1 policies it's not recommended.
* Therefore the best course of action is to build in 8.0.
* SIDE NOTE: On the HTC U11 we are actually using omni-7.1 with some changes
in the device tree to support both Nougat and Oreo decryption, please
refer to:
1- https://gerrit.twrp.me/c/2756/ for the necessary sepolicy and
BoardConfig changes.
2- The Android.mk file for vold_decrypt was modified to truncate
greater than 16 character service names (as mentioned therein)
Other changes:
* TW_CRYPTO_SYSTEM_VOLD_DISABLE_TIMEOUT is now deprecated due to built-
in fork and timeout.
* Output_dmesg_to_recovery_log() is also deprecated so upon a failed
decryption the recovery.log will no longer append it, instead you can
just use 'adb shell dmesg' to check it. Nonetheless if a true debug
build is needed use the original TW_CRYPTO_SYSTEM_VOLD_DEBUG flag as
outlined in the original commit message (see below).
Usage info:
This is an update to the initial vold_decrypt, for more info refer to
71c6c50d0d
Change-Id: Id7129d125ae7f5dcba0779489825add718022ba3
