Add decryption support

ref: https://github.com/nebrassy/device_oneplus_sm86xx-common-TWRP

BoardConfig.mk

@@ -24,6 +24,10 @@ BOARD_VENDORIMAGE_FILE_SYSTEM_TYPE := ext4
 BOARD_USERDATAIMAGE_FILE_SYSTEM_TYPE := f2fs
 TARGET_COPY_OUT_VENDOR := vendor
 
+# Encryption
+BOARD_USES_QCOM_FBE_DECRYPTION := true
+BOARD_USES_METADATA_PARTITION := true
+
 # Kernel
 BOARD_BOOTIMG_HEADER_VERSION := 4
 BOARD_EXCLUDE_KERNEL_FROM_RECOVERY_IMAGE := true
@@ -44,19 +48,23 @@ BOARD_ONEPLUS_DYNAMIC_PARTITIONS_SIZE := 15032385536
 
 # Recovery
 TARGET_RECOVERY_PIXEL_FORMAT := RGBX_8888
+TARGET_RECOVERY_QCOM_RTC_FIX := true
 
 # TWRP Configuration
 TW_THEME := portrait_hdpi
 TW_DEVICE_VERSION := -hraj9258
 TW_EXCLUDE_APEX := true
 TW_EXCLUDE_TWRPAPP := true
 TW_EXTRA_LANGUAGES := true
+TW_INCLUDE_CRYPTO := true
 TW_INCLUDE_NTFS_3G := true
 TW_INCLUDE_LIBRESETPROP := true
 TW_INCLUDE_RESETPROP := true
 TW_USE_SERIALNO_PROPERTY_FOR_DEVICE_ID := true
 TW_FRAMERATE := 144
 
+TW_LOAD_VENDOR_MODULES := "adsp_loader_dlkm.ko"
+
 # TWRP Debug Flags
 TWRP_EVENT_LOGGING := true
 TWRP_INCLUDE_LOGCAT := true

device.mk

@@ -24,9 +24,20 @@ PRODUCT_PACKAGES += \
     [email protected] \
     fastbootd
 
+# Recovery libs
+TARGET_RECOVERY_DEVICE_MODULES += \
+    libion 
+
+RECOVERY_LIBRARY_SOURCE_FILES += \
+    $(TARGET_OUT_SHARED_LIBRARIES)/libion.so
+
 # Platform 
 PLATFORM_VERSION := 99.87.36
 PLATFORM_SECURITY_PATCH := 2127-12-31
 PLATFORM_VERSION_LAST_STABLE := $(PLATFORM_VERSION)
 VENDOR_SECURITY_PATCH := $(PLATFORM_SECURITY_PATCH)
 BOOT_SECURITY_PATCH := $(PLATFORM_SECURITY_PATCH)
+
+PRODUCT_PACKAGES += \
+    qcom_decrypt \
+    qcom_decrypt_fbe

recovery/root/init.recovery.qcom.rc

@@ -25,6 +25,8 @@
 # ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
 #
 
+import /init.recovery.qcom_decrypt.rc
+
 on init
     write /sys/class/backlight/panel0-backlight/brightness 200
     setprop sys.usb.configfs 1
@@ -40,5 +42,19 @@ on fs
     wait /dev/block/platform/soc/${ro.boot.bootdevice}
     symlink /dev/block/platform/soc/${ro.boot.bootdevice} /dev/block/bootdevice
 
-on boot
+on property:twrp.modules.loaded=true
+    # Mount persist
+    mkdir /mnt/vendor/persist
+    mount ext4 /dev/block/bootdevice/by-name/persist /mnt/vendor/persist ro
+    # Mount firmware
+    mkdir /firmware
+    mount vfat /dev/block/bootdevice/by-name/modem${ro.boot.slot_suffix} /firmware ro
+    # Load ADSP firmware for PMIC
+    wait /sys/kernel/boot_adsp/boot
+    write /sys/kernel/boot_adsp/boot 1
+    wait /sys/class/power_supply/battery
     start health-hal-2-1
+    umount /firmware
+
+on property:twrp.all.users.decrypted=true
+    umount /mnt/vendor/persist

recovery/root/system/etc/vintf/manifest/manifest.xml → recovery/root/system/etc/vintf/manifest.xml

@@ -1,9 +1,10 @@
 <!--
     Input:
         system/libhidl/vintfdata/manifest.xml
-        device/qcom/pineapple/framework_manifest.xml
+        device/qcom/qssi_64/framework_manifest.xml
+        vendor/oplus/system/config/qcom/module_config/oplus_device_framework_manifest.xml
 -->
-<manifest version="7.0" type="framework">
+<manifest version="4.0" type="framework">
     <hal format="hidl" max-level="6">
         <name>android.frameworks.displayservice</name>
         <transport>hwbinder</transport>
@@ -42,10 +43,32 @@
         <name>netutils-wrapper</name>
         <version>1.0</version>
     </hal>
+    <hal format="aidl">
+        <name>vendor.oplus.hardware.commondcs</name>
+        <fqname>ICommonDcsAidlHalService/default</fqname>
+    </hal>
+    <hal format="aidl">
+        <name>vendor.oplus.hardware.oplusSensor</name>
+        <fqname>ISensorFeature/default</fqname>
+    </hal>
+    <hal format="aidl">
+        <name>vendor.oplus.hardware.osense.client</name>
+        <fqname>IOsenseAidlHalReporter/default</fqname>
+    </hal>
+    <hal format="aidl">
+        <name>vendor.oplus.hardware.urcc</name>
+        <fqname>IUrcc/default</fqname>
+    </hal>
+    <hal format="hidl">
+        <name>vendor.qti.hardware.qccsyshal</name>
+        <transport>hwbinder</transport>
+        <fqname>@1.2::IQccsyshal/qccsyshal</fqname>
+    </hal>
     <hal format="hidl">
-        <name>vendor.qti.hardware.radio.atcmdfwd</name>
+        <name>vendor.qti.hardware.systemhelper</name>
         <transport>hwbinder</transport>
-        <fqname>@1.0::IAtCmdFwd/AtCmdFwdService</fqname>
+        <fqname>@1.0::ISystemEvent/default</fqname>
+        <fqname>@1.0::ISystemResource/default</fqname>
     </hal>
     <system-sdk>
         <version>29</version>

recovery/root/vendor/etc/gpfspath_oem_config.xml

@@ -0,0 +1,61 @@
+<!--
+Copyright (c) 2017 Qualcomm Technologies, Inc.
+All Rights Reserved.
+Confidential and Proprietary - Qualcomm Technologies, Inc.
+-->
+
+<!--
+
+This file is configured by OEM to customize the path used by GP FS listener
+service to save files, and will be located in /vendor/etc on device
+
+"gp_data_path" and "gp_persist_path" are the /data and /persist partition
+path to save files, respectively.
+By default, "gp_data_path" is "/data/vendor/tzstorage/", and
+"gp_persist_path" is "/mnt/vendor/persist/data/".
+
+To replace with different paths, please also create folder in init.qcom.rc
+file and update SEAndroid policy.
+
+Take "/data/vendor/tzstorage/" as an example below,
+
+A) rootdir/etc/init.qcom.rc:
+# Create /data/vendor/tzstorage directory for SFS listener
+mkdir /data/vendor/tzstorage 0770 system system
+
+B) common/file.te:
+# SFS listener data file
+type data_tzstorage_file, file_type, data_file_type;
+
+C) common/file_contexts:
+/data/vendor/tzstorage(/.*)?       u:object_r:data_tzstorage_file:s0
+
+D) common/qseecomd.te:
+# Allow SFS to write to data partition
+allow tee data_tzstorage_file:dir create_dir_perms;
+allow tee data_tzstorage_file:file create_file_perms;
+
+"gp_whitelist_count" and "gp_whitelist_path"
+
+Some paths needs "/data/vendor/tzstorage" appended to it at the beginning
+as they do not have access/permissions on their own.
+Use gp_whitelist_count and gp_whitelist_paths entries to add more such paths.
+By default, we add "/data/system/users" and "/data/misc/qsee" for current use
+cases.
+
+To add an extra path, increment the count in gp_whitelist_count and add a new
+gp_whitelist_path entry. It is very critical that the count matches with the
+number of path entries.
+
+-->
+
+
+<sfs_path>
+    <gp_data_path> /data/vendor/tzstorage/ </gp_data_path>
+    <gp_persist_path> /mnt/vendor/persist/data/ </gp_persist_path>
+    <gp_whitelist_count> 4 </gp_whitelist_count>
+    <gp_whitelist_path> /data/system/users/ </gp_whitelist_path>
+    <gp_whitelist_path> /data/misc/qsee/ </gp_whitelist_path>
+    <gp_whitelist_path> /qwes </gp_whitelist_path>
+    <gp_whitelist_path> /qwes/licenses </gp_whitelist_path>
+</sfs_path>

recovery/root/vendor/etc/init/android.hardware.security.keymint-service-qti.rc

@@ -0,0 +1,13 @@
+# Copyright (c) 2021 Qualcomm Technologies, Inc.
+# All Rights Reserved.
+# Confidential and Proprietary - Qualcomm Technologies, Inc.
+
+on property:hwservicemanager.ready=true && property:vendor.sys.listeners.registered=true
+    start keymint-qti
+
+service keymint-qti /system/bin/android.hardware.security.keymint-service-qti
+    user root
+    group root
+    setenv LD_LIBRARY_PATH /vendor/lib64:/vendor/lib:/system/lib64:/system/lib:/sbin
+    disabled
+    seclabel u:r:recovery:s0