vold: Add Hardware FDE feature

Add HW FDE changes to new tip along with soong rules for
conditional compilation.

Following changes for HW FDE as well ported:
- Restart Android framework after HW FDE key has been created
- Add support of Inline Cryto Engine
- Use new HW FDE apis to update password
- vold: Tie HW FDE keys with Root of Trust(ROT)
- vold: Fix HW FDE OTA support on SW FDE encrypted device
- vold: Fix return value from get_keymaster_hw_fde_passwd()
- vold: Remove creation of new keymaster key for password update
- vold: Fix password update issue with HW FDE
- vold: hw_fde: fix OTA issues from L to M
- vold: Branch out SW and HW FDE paths to improve boot up time
- cryptfs: Use lower case alphabets for hex key during OTA upgrades
- vold: Improve device boot up time (Tune sleep calls)
- Retry mount if mount fails after setting HW FDE key
- cryptfs: Fix compilation error
- cryptfs: Fix mount failure when encryption triggered from settings
- cryptfs: fix issue that caused problems with forced HW encryption
- cryptfs: fix wrong password set by user during bootup.

CRs-Fixed: 2210986
Change-Id: I77279fc7e309ac94535123a2b2dbcb228bb47251

Author: AnilKumar Chimata

Android.bp

@@ -162,6 +162,11 @@ cc_library_static {
         debuggable: {
             cppflags: ["-D__ANDROID_DEBUGGABLE__"],
         },
+        device_support_hwfde: {
+            cflags: ["-DCONFIG_HW_DISK_ENCRYPTION"],
+            header_libs: ["libcryptfs_hw_headers"],
+            shared_libs: ["libcryptfs_hw"],
+        },
     },
     shared_libs: [
         "[email protected]",
@@ -215,6 +220,9 @@ cc_binary {
                 "libarcvolume",
             ],
         },
+        device_support_hwfde: {
+            shared_libs: ["libcryptfs_hw"],
+        }
 	},
 }
 

VoldNativeService.cpp

@@ -590,11 +590,12 @@ binder::Status VoldNativeService::fdeEnable(int32_t passwordType, const std::str
 }
 
 binder::Status VoldNativeService::fdeChangePassword(int32_t passwordType,
+                                                    const std::string& currentPassword,
                                                     const std::string& password) {
     ENFORCE_SYSTEM_OR_ROOT;
     ACQUIRE_CRYPT_LOCK;
 
-    return translate(cryptfs_changepw(passwordType, password.c_str()));
+    return translate(cryptfs_changepw(passwordType, currentPassword.c_str(), password.c_str()));
 }
 
 binder::Status VoldNativeService::fdeVerifyPassword(const std::string& password) {

VoldNativeService.h

@@ -99,7 +99,9 @@ class VoldNativeService : public BinderService<VoldNativeService>, public os::Bn
     binder::Status fdeComplete(int32_t* _aidl_return);
     binder::Status fdeEnable(int32_t passwordType, const std::string& password,
                              int32_t encryptionFlags);
-    binder::Status fdeChangePassword(int32_t passwordType, const std::string& password);
+    binder::Status fdeChangePassword(int32_t passwordType,
+                                     const std::string& currentPassword,
+                                     const std::string& password);
     binder::Status fdeVerifyPassword(const std::string& password);
     binder::Status fdeGetField(const std::string& key, std::string* _aidl_return);
     binder::Status fdeSetField(const std::string& key, const std::string& value);

binder/android/os/IVold.aidl

@@ -75,7 +75,7 @@ interface IVold {
     void fdeRestart();
     int fdeComplete();
     void fdeEnable(int passwordType, @utf8InCpp String password, int encryptionFlags);
-    void fdeChangePassword(int passwordType, @utf8InCpp String password);
+    void fdeChangePassword(int passwordType, @utf8InCpp String currentPassword, @utf8InCpp String password);
     void fdeVerifyPassword(@utf8InCpp String password);
     @utf8InCpp String fdeGetField(@utf8InCpp String key);
     void fdeSetField(@utf8InCpp String key, @utf8InCpp String value);