diff --git a/app/src/main/java/com/topjohnwu/magisk/core/Info.kt b/app/src/main/java/com/topjohnwu/magisk/core/Info.kt
index af51ff5e9..cc63bd2b8 100644
--- a/app/src/main/java/com/topjohnwu/magisk/core/Info.kt
+++ b/app/src/main/java/com/topjohnwu/magisk/core/Info.kt
@@ -29,9 +29,10 @@ object Info {
// Device state
@JvmStatic var isSAR = false
@JvmStatic var isAB = false
- @JvmStatic var isFBE = false
+ @JvmStatic val isFBE get() = crypto == "file"
@JvmStatic var ramdisk = false
@JvmStatic var hasGMS = true
+ @JvmStatic var crypto = ""
val isConnected by lazy {
ObservableBoolean(false).also { field ->
diff --git a/app/src/main/java/com/topjohnwu/magisk/core/utils/RootInit.kt b/app/src/main/java/com/topjohnwu/magisk/core/utils/RootInit.kt
index 2a44738a0..9dc776393 100644
--- a/app/src/main/java/com/topjohnwu/magisk/core/utils/RootInit.kt
+++ b/app/src/main/java/com/topjohnwu/magisk/core/utils/RootInit.kt
@@ -10,7 +10,6 @@ import com.topjohnwu.magisk.core.wrap
import com.topjohnwu.magisk.ktx.rawResource
import com.topjohnwu.superuser.Shell
import com.topjohnwu.superuser.ShellUtils
-import com.topjohnwu.superuser.io.SuFile
class RootInit : Shell.Initializer() {
@@ -20,8 +19,9 @@ class RootInit : Shell.Initializer() {
fun init(context: Context, shell: Shell): Boolean {
shell.newJob().apply {
+ add("export SDK_INT=${Build.VERSION.SDK_INT}")
if (Const.Version.atLeast_20_4()) {
- add("export MAGISKTMP=$(magisk --path)/.magisk")
+ add("export MAGISKTMP=\$(magisk --path)/.magisk")
} else {
add("export MAGISKTMP=/sbin/.magisk")
}
@@ -45,10 +45,7 @@ class RootInit : Shell.Initializer() {
Info.isSAR = getBool("SYSTEM_ROOT")
Info.ramdisk = getBool("RAMDISKEXIST")
Info.isAB = getBool("ISAB")
-
- // FBE does not exist pre 7.0
- if (Build.VERSION.SDK_INT >= 24)
- Info.isFBE = SuFile("/data/unencrypted").exists()
+ Info.crypto = getvar("CRYPTOTYPE")
// Default presets
Config.recovery = getBool("RECOVERYMODE")
diff --git a/app/src/main/res/layout/include_home_magisk.xml b/app/src/main/res/layout/include_home_magisk.xml
index 5f80e740c..9a8914e5f 100644
--- a/app/src/main/res/layout/include_home_magisk.xml
+++ b/app/src/main/res/layout/include_home_magisk.xml
@@ -121,7 +121,7 @@
@@ -136,6 +136,23 @@
+
+
+
+
+
+
+
+
+ android:text="Crypto" />
+ android:text="@{Info.crypto}"
+ tools:text="N/A" />
diff --git a/app/src/main/res/raw/manager.sh b/app/src/main/res/raw/manager.sh
index ec1193d3d..ee2c33a0f 100644
--- a/app/src/main/res/raw/manager.sh
+++ b/app/src/main/res/raw/manager.sh
@@ -48,7 +48,7 @@ restore_imgs() {
for name in dtb dtbo; do
[ -f $BACKUPDIR/${name}.img.gz ] || continue
- local IMAGE=`find_block $name$SLOT`
+ local IMAGE=$(find_block $name$SLOT)
[ -z $IMAGE ] && continue
flash_image $BACKUPDIR/${name}.img.gz $IMAGE
done
@@ -60,7 +60,7 @@ post_ota() {
cd $1
chmod 755 bootctl
./bootctl hal-info || return
- [ `./bootctl get-current-slot` -eq 0 ] && SLOT_NUM=1 || SLOT_NUM=0
+ [ $(./bootctl get-current-slot) -eq 0 ] && SLOT_NUM=1 || SLOT_NUM=0
./bootctl set-active-boot-slot $SLOT_NUM
cat << EOF > post-fs-data.d/post_ota.sh
${1}/bootctl mark-boot-successful
@@ -103,36 +103,61 @@ check_boot_ramdisk() {
# Create boolean ISAB
[ -z $SLOT ] && ISAB=false || ISAB=true
- # If we are running as recovery mode, then we do not have ramdisk in boot
- $RECOVERYMODE && return 1
+ # If we are running as recovery mode, then we do not have ramdisk
+ [ "$RECOVERYMODE" = "true" ] && return 1
# If we are A/B, then we must have ramdisk
$ISAB && return 0
- # If we are using legacy SAR, but not AB, we do not have ramdisk in boot
+ # If we are using legacy SAR, but not A/B, assume we do not have ramdisk
if grep ' / ' /proc/mounts | grep -q '/dev/root'; then
- # Override recovery mode to true
- RECOVERYMODE=true
+ # Override recovery mode to true if not set
+ [ -z $RECOVERYMODE ] && RECOVERYMODE=true
return 1
fi
return 0
}
+check_encryption() {
+ if $ISENCRYPTED; then
+ if [ $SDK_INT -lt 24 ]; then
+ CRYPTOTYPE="block"
+ elif [ -d /data/unencrypted ]; then
+ CRYPTOTYPE="file"
+ else
+ # First see what the system tells us
+ CRYPTOTYPE=$(getprop ro.crypto.type)
+ if [ -z $CRYPTOTYPE ]; then
+ # If not mounting through device mapper, we are FBE
+ if grep ' /data ' /proc/mounts | grep -qv 'dm-'; then
+ CRYPTOTYPE="file"
+ else
+ # We are either FDE or metadata encryption (which is also FBE)
+ grep -q ' /metadata ' /proc/mounts && CRYPTOTYPE="file" || CRYPTOTYPE="block"
+ fi
+ fi
+ fi
+ else
+ CRYPTOTYPE="N/A"
+ fi
+}
+
##########################
# Non-root util_functions
##########################
mount_partitions() {
- [ "`getprop ro.build.ab_update`" = "true" ] && SLOT=`getprop ro.boot.slot_suffix`
+ [ "$(getprop ro.build.ab_update)" = "true" ] && SLOT=$(getprop ro.boot.slot_suffix)
# Check whether non rootfs root dir exists
grep ' / ' /proc/mounts | grep -qv 'rootfs' && SYSTEM_ROOT=true || SYSTEM_ROOT=false
}
get_flags() {
- $SYSTEM_ROOT && KEEPVERITY=true || KEEPVERITY=false
- [ "`getprop ro.crypto.state`" = "encrypted" ] && KEEPFORCEENCRYPT=true || KEEPFORCEENCRYPT=false
- RECOVERYMODE=false
+ KEEPVERITY=$SYSTEM_ROOT
+ [ "$(getprop ro.crypto.state)" = "encrypted" ] && ISENCRYPTED=true || ISENCRYPTED=false
+ KEEPFORCEENCRYPT=$ISENCRYPTED
+ # Do NOT preset RECOVERYMODE here
}
run_migrations() { return; }
@@ -150,4 +175,7 @@ mm_init() {
run_migrations
SHA1=$(grep_prop SHA1 $MAGISKTMP/config)
check_boot_ramdisk && RAMDISKEXIST=true || RAMDISKEXIST=false
+ check_encryption
+ # Make sure RECOVERYMODE has value
+ [ -z $RECOVERYMODE ] && RECOVERYMODE=false
}
diff --git a/scripts/util_functions.sh b/scripts/util_functions.sh
index da131b2a0..504f97335 100644
--- a/scripts/util_functions.sh
+++ b/scripts/util_functions.sh
@@ -364,10 +364,11 @@ get_flags() {
fi
fi
if [ -z $KEEPFORCEENCRYPT ]; then
- grep ' /data ' /proc/mounts | grep -q 'dm-' && FDE=true || FDE=false
- [ -d /data/unencrypted ] && FBE=true || FBE=false
+ ISENCRYPTED=false
+ grep ' /data ' /proc/mounts | grep -q 'dm-' && ISENCRYPTED=true
+ [ -d /data/unencrypted ] && ISENCRYPTED=true
# No data access means unable to decrypt in recovery
- if $FDE || $FBE || ! $DATA; then
+ if $ISENCRYPTED || ! $DATA; then
KEEPFORCEENCRYPT=true
ui_print "- Encrypted data, keep forceencrypt"
else