Google Git
Sign in
chromium / chromiumos / platform / system_api / e86bc673db5c34560e86ce1ceac5b8029584149d^! / .
commite86bc673db5c34560e86ce1ceac5b8029584149d[log] [tgz]
authorKazuhiro Inaba <kinaba@chromium.org>Thu Mar 09 03:00:38 2017
committerchrome-bot <chrome-bot@chromium.org>Mon Mar 13 09:54:13 2017
tree2016b3642351996e9c5c00ca8c6831afb13a57eb
parentce814837221c4a4d385fd92094b7673bf4601c9f [diff]
cryptohome: Add a new flag and an error code for forcing new encryption.

New encryption scheme is required for running ARC for Android N,
so we want to force it, and in case of an error we navigate the user
to migration UI. Some other cases (including when the user chose
"do it later"), we are not forcing it. In addition, if for any reason
the migration step is aborted in the middle and the user tried to
re-login, we cannot let "do it later" and do need to force migration.
An additional error code for this state is also necessary.

This CL adds a flag and an error code for that purpose.
Actual code using them will follow later.

BUG=chromium:699436
TEST=manually checked log-in to new/existing accounts.

Change-Id: Ibf5e40815fb50f74badfc95808c9c401a0b35a05
Reviewed-on: https://chromium-review.googlesource.com/452097
Commit-Ready: Kazuhiro Inaba <kinaba@chromium.org>
Tested-by: Kazuhiro Inaba <kinaba@chromium.org>
Reviewed-by: Dan Erat <derat@chromium.org>
Reviewed-by: Ryo Hashimoto <hashimoto@chromium.org>

diff --git a/dbus/cryptohome/dbus-constants.h b/dbus/cryptohome/dbus-constants.h
index fcaa99b..76843f9 100644
--- a/dbus/cryptohome/dbus-constants.h
+++ b/dbus/cryptohome/dbus-constants.h

@@ -139,6 +139,10 @@
   MOUNT_ERROR_TPM_DEFEND_LOCK = 1 << 4,
   MOUNT_ERROR_USER_DOES_NOT_EXIST = 1 << 5,
   MOUNT_ERROR_TPM_NEEDS_REBOOT = 1 << 6,
+  // Encrypted in old method, need migration before mounting.
+  MOUNT_ERROR_OLD_ENCRYPTION = 1 << 7,
+  // Previous migration attempt was aborted in the middle. Must resume it first.
+  MOUNT_ERROR_PREVIOUS_MIGRATION_INCOMPLETE = 1 << 8,
   MOUNT_ERROR_RECREATED = 1 << 31,
 };
 }  // namespace cryptohome

diff --git a/dbus/cryptohome/rpc.proto b/dbus/cryptohome/rpc.proto
index bc3af68..ae4a0f0 100644
--- a/dbus/cryptohome/rpc.proto
+++ b/dbus/cryptohome/rpc.proto

@@ -57,6 +57,8 @@
   CRYPTOHOME_ERROR_FIRMWARE_MANAGEMENT_PARAMETERS_INVALID = 26;
   CRYPTOHOME_ERROR_FIRMWARE_MANAGEMENT_PARAMETERS_CANNOT_STORE = 27;
   CRYPTOHOME_ERROR_FIRMWARE_MANAGEMENT_PARAMETERS_CANNOT_REMOVE = 28;
+  CRYPTOHOME_ERROR_MOUNT_OLD_ENCRYPTION = 29;
+  CRYPTOHOME_ERROR_MOUNT_PREVIOUS_MIGRATION_INCOMPLETE = 30;
 }
 
 message AccountIdentifier {
@@ -86,6 +88,10 @@
   // Additionally, a failed AuthorizationRequest will be expected as
   // there will be no existing keys.
   optional CreateRequest create = 2;
+  // If set to true, and cryptohomed supports the new "dircrypto" encryption,
+  // forces to use the new encryption. That is, makes it an error to mount
+  // an existing home directory encrypted in the old way (ecryptfs).
+  optional bool force_dircrypto_if_available = 3;
 }
 
 // A BaseReply type is used for all cryptohomed responses. A shared base class