mirror of
https://github.com/Divested-Mobile/DivestOS-Build.git
synced 2024-12-23 22:49:28 -05:00
529b47039c
- Functionality tested on mako and klte - In-place upgrade from 17.1 tested working on klte - Compile tested on bacon and klte - Recovery OTA key patch missing, unsure if still needed. - Deblobber needs support for removing vintf manifest paths from vendor Android.bp - Launcher needs more default_workspace grid variants (eg. 4x5)
36 lines
1.6 KiB
Diff
36 lines
1.6 KiB
Diff
From da1020cc2923c0a61a3dd55109aa342bd2097c1b Mon Sep 17 00:00:00 2001
|
|
From: Daniel Micay <danielmicay@gmail.com>
|
|
Date: Wed, 9 Sep 2020 01:53:11 -0400
|
|
Subject: [PATCH] pad filenames to 32 bytes instead of 16 or 4 bytes
|
|
|
|
This was adopted before the earliest stable release of GrapheneOS, so
|
|
backwards compatibility is not implemented anymore.
|
|
---
|
|
libfscrypt/fscrypt.cpp | 13 ++-----------
|
|
1 file changed, 2 insertions(+), 11 deletions(-)
|
|
|
|
diff --git a/libfscrypt/fscrypt.cpp b/libfscrypt/fscrypt.cpp
|
|
index a52ed90c..7852349f 100644
|
|
--- a/libfscrypt/fscrypt.cpp
|
|
+++ b/libfscrypt/fscrypt.cpp
|
|
@@ -228,17 +228,8 @@ bool ParseOptionsForApiLevel(unsigned int first_api_level, const std::string& op
|
|
}
|
|
}
|
|
|
|
- // In the original setting of v1 policies and AES-256-CTS we used 4-byte
|
|
- // padding of filenames, so retain that on old first_api_levels.
|
|
- //
|
|
- // For everything else, use 16-byte padding. This is more secure (it helps
|
|
- // hide the length of filenames), and it makes the inputs evenly divisible
|
|
- // into cipher blocks which is more efficient for encryption and decryption.
|
|
- if (!is_gki && options->version == 1 && options->filenames_mode == FSCRYPT_MODE_AES_256_CTS) {
|
|
- options->flags |= FSCRYPT_POLICY_FLAGS_PAD_4;
|
|
- } else {
|
|
- options->flags |= FSCRYPT_POLICY_FLAGS_PAD_16;
|
|
- }
|
|
+ // GrapheneOS has always used the maximum 32 byte padding.
|
|
+ options->flags |= FSCRYPT_POLICY_FLAGS_PAD_32;
|
|
|
|
// Use DIRECT_KEY for Adiantum, since it's much more efficient but just as
|
|
// secure since Android doesn't reuse the same master key for multiple
|