Add ecryptfs key linking in the keyring of root user

Change-Id: Ie9eddecc8f6a274ff2e6e030730a49ad5f1dd773
Signed-off-by: Sungbae Yoo <sungbae.yoo@samsung.com>

diff --git a/server/external-encryption.cpp b/server/external-encryption.cpp
index 29c391a..ffaf61b 100644 (file)
--- a/server/external-encryption.cpp
+++ b/server/external-encryption.cpp
@@ -323,6 +323,14 @@ int ExternalEncryption::encrypt(const std::string &password, unsigned int option
                        sync();
                        INFO(SINK, "Encryption completed");
                        ::vconf_set_str(EXTERNAL_STATE_VCONF_KEY, "encrypted");
+
+                       //For smackfsroot, smackfsdef option without CAP_MAC_ADMIN
+                       runtime::File fileToTouch("/tmp/.ode-mount-external");
+                       try {
+                               fileToTouch.remove();
+                       } catch(runtime::Exception &e) {}
+                       fileToTouch.create(O_WRONLY);
+
                        context.notify("ExternalEncryption::mount");
                } catch (runtime::Exception &e) {
                        ::vconf_set_str(EXTERNAL_STATE_VCONF_KEY, "error_partially_encrypted");

diff --git a/tools/cli/ode-mount-external.sh b/tools/cli/ode-mount-external.sh
index d4e00f6..22ee220 100644 (file)
--- a/tools/cli/ode-mount-external.sh
+++ b/tools/cli/ode-mount-external.sh
@@ -5,6 +5,12 @@ STORAGE="/opt/media/SDCardA1"
 
 OPTION=`cat /proc/mounts | grep "${STORAGE} ${STORAGE} ecryptfs" | gawk '{print $4}'`
 
+KEY_DESC=`echo ${OPTION} | sed -e s/.*'ecryptfs_sig='// -e s/','.*//`
+KEY=`su security_fw -s /bin/keyctl search @u user ${KEY_DESC}`
+
+su security_fw -s /bin/keyctl setperm ${KEY} 0x3f111010
+keyctl link ${KEY} @u
+
 if [ -z ${OPTION} ]; then
        exit -1
 fi