mirror of
https://github.com/Divested-Mobile/DivestOS-Build.git
synced 2025-01-02 19:31:01 -05:00
25cc717ec2
+ 16.0: some other misc hardening patches from GrapheneOS - always restrict access to Build.SERIAL - don't grant location permission to system browsers - fbe: pad filenames more + 16.0: Contacts: remove Privacy Policy and Terms of Service links
67 lines
3.0 KiB
Diff
67 lines
3.0 KiB
Diff
From d0715a364f5a6f366cbd3582b01d21a22a0a0ca2 Mon Sep 17 00:00:00 2001
|
|
From: Daniel Micay <danielmicay@gmail.com>
|
|
Date: Thu, 15 Dec 2016 17:22:41 -0500
|
|
Subject: [PATCH] ext4_crypt: pad filenames to 32 bytes, not 16 or 4
|
|
|
|
This is done in a way that's backwards compatible with old installations
|
|
by leaving them with the previous padding settings until factory reset.
|
|
---
|
|
ext4_utils/ext4_crypt.cpp | 23 +++++++++++++++++++++--
|
|
1 file changed, 21 insertions(+), 2 deletions(-)
|
|
|
|
diff --git a/ext4_utils/ext4_crypt.cpp b/ext4_utils/ext4_crypt.cpp
|
|
index 36fe11f7..c5d5fde2 100644
|
|
--- a/ext4_utils/ext4_crypt.cpp
|
|
+++ b/ext4_utils/ext4_crypt.cpp
|
|
@@ -133,7 +133,7 @@ static bool is_dir_empty(const char *dirname, bool *is_empty)
|
|
return true;
|
|
}
|
|
|
|
-static uint8_t e4crypt_get_policy_flags(int filenames_encryption_mode) {
|
|
+static uint8_t e4crypt_get_policy_flags_old(int filenames_encryption_mode) {
|
|
if (filenames_encryption_mode == EXT4_ENCRYPTION_MODE_AES_256_CTS) {
|
|
// Use legacy padding with our original filenames encryption mode.
|
|
return EXT4_POLICY_FLAGS_PAD_4;
|
|
@@ -145,6 +145,15 @@ static uint8_t e4crypt_get_policy_flags(int filenames_encryption_mode) {
|
|
return EXT4_POLICY_FLAGS_PAD_16;
|
|
}
|
|
|
|
+static uint8_t e4crypt_get_policy_flags(int filenames_encryption_mode) {
|
|
+ return EXT4_POLICY_FLAGS_PAD_32;
|
|
+}
|
|
+
|
|
+static bool e4crypt_policy_check(const char *directory, const char *policy,
|
|
+ size_t policy_length,
|
|
+ int contents_encryption_mode,
|
|
+ int filenames_encryption_mode);
|
|
+
|
|
static bool e4crypt_policy_set(const char *directory, const char *policy,
|
|
size_t policy_length,
|
|
int contents_encryption_mode,
|
|
@@ -163,6 +172,14 @@ static bool e4crypt_policy_set(const char *directory, const char *policy,
|
|
}
|
|
|
|
ext4_encryption_policy eep;
|
|
+ memset(&eep, 0, sizeof(ext4_encryption_policy));
|
|
+
|
|
+ if (ioctl(fd, EXT4_IOC_GET_ENCRYPTION_POLICY, &eep) == 0) {
|
|
+ close(fd);
|
|
+ return e4crypt_policy_check(directory, policy, policy_length,
|
|
+ contents_encryption_mode, filenames_encryption_mode);
|
|
+ }
|
|
+
|
|
eep.version = 0;
|
|
eep.contents_encryption_mode = contents_encryption_mode;
|
|
eep.filenames_encryption_mode = filenames_encryption_mode;
|
|
@@ -210,7 +227,9 @@ static bool e4crypt_policy_get(const char *directory, char *policy,
|
|
|| (eep.contents_encryption_mode != contents_encryption_mode)
|
|
|| (eep.filenames_encryption_mode != filenames_encryption_mode)
|
|
|| (eep.flags !=
|
|
- e4crypt_get_policy_flags(filenames_encryption_mode))) {
|
|
+ e4crypt_get_policy_flags(filenames_encryption_mode) &&
|
|
+ eep.flags !=
|
|
+ e4crypt_get_policy_flags_old(filenames_encryption_mode))) {
|
|
LOG(ERROR) << "Failed to find matching encryption policy for " << directory;
|
|
return false;
|
|
}
|