2 * Copyright (C) 2017 The Android Open Source Project
4 * Licensed under the Apache License, Version 2.0 (the "License");
5 * you may not use this file except in compliance with the License.
6 * You may obtain a copy of the License at
8 * http://www.apache.org/licenses/LICENSE-2.0
10 * Unless required by applicable law or agreed to in writing, software
11 * distributed under the License is distributed on an "AS IS" BASIS,
12 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13 * See the License for the specific language governing permissions and
14 * limitations under the License.
17 #define ATRACE_TAG ATRACE_TAG_PACKAGE_MANAGER
19 #include "VoldNativeService.h"
20 #include "Benchmark.h"
21 #include "CheckEncryption.h"
22 #include "IdleMaint.h"
23 #include "MoveStorage.h"
25 #include "VolumeManager.h"
27 #include "Checkpoint.h"
29 #include "MetadataCrypt.h"
35 #include <android-base/logging.h>
36 #include <android-base/stringprintf.h>
37 #include <android-base/strings.h>
39 #include <fscrypt/fscrypt.h>
40 #include <private/android_filesystem_config.h>
41 #include <utils/Trace.h>
43 using android::base::StringPrintf;
51 constexpr const char* kDump = "android.permission.DUMP";
53 static binder::Status ok() {
54 return binder::Status::ok();
57 static binder::Status exception(uint32_t code, const std::string& msg) {
58 return binder::Status::fromExceptionCode(code, String8(msg.c_str()));
61 static binder::Status error(const std::string& msg) {
63 return binder::Status::fromServiceSpecificError(errno, String8(msg.c_str()));
66 static binder::Status translate(int status) {
68 return binder::Status::ok();
70 return binder::Status::fromServiceSpecificError(status);
74 static binder::Status translateBool(bool status) {
76 return binder::Status::ok();
78 return binder::Status::fromServiceSpecificError(status);
82 binder::Status checkPermission(const char* permission) {
86 if (checkCallingPermission(String16(permission), reinterpret_cast<int32_t*>(&pid),
87 reinterpret_cast<int32_t*>(&uid))) {
90 return exception(binder::Status::EX_SECURITY,
91 StringPrintf("UID %d / PID %d lacks permission %s", uid, pid, permission));
95 binder::Status checkUid(uid_t expectedUid) {
96 uid_t uid = IPCThreadState::self()->getCallingUid();
97 if (uid == expectedUid || uid == AID_ROOT) {
100 return exception(binder::Status::EX_SECURITY,
101 StringPrintf("UID %d is not expected UID %d", uid, expectedUid));
105 binder::Status checkArgumentId(const std::string& id) {
107 return exception(binder::Status::EX_ILLEGAL_ARGUMENT, "Missing ID");
109 for (const char& c : id) {
110 if (!std::isalnum(c) && c != ':' && c != ',') {
111 return exception(binder::Status::EX_ILLEGAL_ARGUMENT,
112 StringPrintf("ID %s is malformed", id.c_str()));
118 binder::Status checkArgumentPath(const std::string& path) {
120 return exception(binder::Status::EX_ILLEGAL_ARGUMENT, "Missing path");
122 if (path[0] != '/') {
123 return exception(binder::Status::EX_ILLEGAL_ARGUMENT,
124 StringPrintf("Path %s is relative", path.c_str()));
126 if ((path + '/').find("/../") != std::string::npos) {
127 return exception(binder::Status::EX_ILLEGAL_ARGUMENT,
128 StringPrintf("Path %s is shady", path.c_str()));
130 for (const char& c : path) {
131 if (c == '\0' || c == '\n') {
132 return exception(binder::Status::EX_ILLEGAL_ARGUMENT,
133 StringPrintf("Path %s is malformed", path.c_str()));
139 binder::Status checkArgumentHex(const std::string& hex) {
140 // Empty hex strings are allowed
141 for (const char& c : hex) {
142 if (!std::isxdigit(c) && c != ':' && c != '-') {
143 return exception(binder::Status::EX_ILLEGAL_ARGUMENT,
144 StringPrintf("Hex %s is malformed", hex.c_str()));
150 #define ENFORCE_UID(uid) \
152 binder::Status status = checkUid((uid)); \
153 if (!status.isOk()) { \
158 #define CHECK_ARGUMENT_ID(id) \
160 binder::Status status = checkArgumentId((id)); \
161 if (!status.isOk()) { \
166 #define CHECK_ARGUMENT_PATH(path) \
168 binder::Status status = checkArgumentPath((path)); \
169 if (!status.isOk()) { \
174 #define CHECK_ARGUMENT_HEX(hex) \
176 binder::Status status = checkArgumentHex((hex)); \
177 if (!status.isOk()) { \
182 #define ACQUIRE_LOCK \
183 std::lock_guard<std::mutex> lock(VolumeManager::Instance()->getLock()); \
186 #define ACQUIRE_CRYPT_LOCK \
187 std::lock_guard<std::mutex> lock(VolumeManager::Instance()->getCryptLock()); \
192 status_t VoldNativeService::start() {
193 IPCThreadState::self()->disableBackgroundScheduling(true);
194 status_t ret = BinderService<VoldNativeService>::publish();
195 if (ret != android::OK) {
198 sp<ProcessState> ps(ProcessState::self());
199 ps->startThreadPool();
200 ps->giveThreadPoolName();
204 status_t VoldNativeService::dump(int fd, const Vector<String16>& /* args */) {
205 auto out = std::fstream(StringPrintf("/proc/self/fd/%d", fd));
206 const binder::Status dump_permission = checkPermission(kDump);
207 if (!dump_permission.isOk()) {
208 out << dump_permission.toString8() << endl;
209 return PERMISSION_DENIED;
213 out << "vold is happy!" << endl;
218 binder::Status VoldNativeService::setListener(
219 const android::sp<android::os::IVoldListener>& listener) {
220 ENFORCE_UID(AID_SYSTEM);
223 VolumeManager::Instance()->setListener(listener);
227 binder::Status VoldNativeService::monitor() {
228 ENFORCE_UID(AID_SYSTEM);
230 // Simply acquire/release each lock for watchdog
232 { ACQUIRE_CRYPT_LOCK; }
237 binder::Status VoldNativeService::reset() {
238 ENFORCE_UID(AID_SYSTEM);
241 return translate(VolumeManager::Instance()->reset());
244 binder::Status VoldNativeService::shutdown() {
245 ENFORCE_UID(AID_SYSTEM);
248 return translate(VolumeManager::Instance()->shutdown());
251 binder::Status VoldNativeService::onUserAdded(int32_t userId, int32_t userSerial) {
252 ENFORCE_UID(AID_SYSTEM);
255 return translate(VolumeManager::Instance()->onUserAdded(userId, userSerial));
258 binder::Status VoldNativeService::onUserRemoved(int32_t userId) {
259 ENFORCE_UID(AID_SYSTEM);
262 return translate(VolumeManager::Instance()->onUserRemoved(userId));
265 binder::Status VoldNativeService::onUserStarted(int32_t userId) {
266 ENFORCE_UID(AID_SYSTEM);
269 return translate(VolumeManager::Instance()->onUserStarted(userId));
272 binder::Status VoldNativeService::onUserStopped(int32_t userId) {
273 ENFORCE_UID(AID_SYSTEM);
276 return translate(VolumeManager::Instance()->onUserStopped(userId));
279 binder::Status VoldNativeService::onSecureKeyguardStateChanged(bool isShowing) {
280 ENFORCE_UID(AID_SYSTEM);
283 return translate(VolumeManager::Instance()->onSecureKeyguardStateChanged(isShowing));
286 binder::Status VoldNativeService::partition(const std::string& diskId, int32_t partitionType,
288 ENFORCE_UID(AID_SYSTEM);
289 CHECK_ARGUMENT_ID(diskId);
292 auto disk = VolumeManager::Instance()->findDisk(diskId);
293 if (disk == nullptr) {
294 return error("Failed to find disk " + diskId);
296 switch (partitionType) {
297 case PARTITION_TYPE_PUBLIC:
298 return translate(disk->partitionPublic());
299 case PARTITION_TYPE_PRIVATE:
300 return translate(disk->partitionPrivate());
301 case PARTITION_TYPE_MIXED:
302 return translate(disk->partitionMixed(ratio));
304 return error("Unknown type " + std::to_string(partitionType));
308 binder::Status VoldNativeService::forgetPartition(const std::string& partGuid,
309 const std::string& fsUuid) {
310 ENFORCE_UID(AID_SYSTEM);
311 CHECK_ARGUMENT_HEX(partGuid);
312 CHECK_ARGUMENT_HEX(fsUuid);
315 return translate(VolumeManager::Instance()->forgetPartition(partGuid, fsUuid));
318 binder::Status VoldNativeService::mount(const std::string& volId, int32_t mountFlags,
319 int32_t mountUserId) {
320 ENFORCE_UID(AID_SYSTEM);
321 CHECK_ARGUMENT_ID(volId);
324 auto vol = VolumeManager::Instance()->findVolume(volId);
325 if (vol == nullptr) {
326 return error("Failed to find volume " + volId);
329 vol->setMountFlags(mountFlags);
330 vol->setMountUserId(mountUserId);
332 int res = vol->mount();
333 if ((mountFlags & MOUNT_FLAG_PRIMARY) != 0) {
334 VolumeManager::Instance()->setPrimary(vol);
336 return translate(res);
339 binder::Status VoldNativeService::unmount(const std::string& volId) {
340 ENFORCE_UID(AID_SYSTEM);
341 CHECK_ARGUMENT_ID(volId);
344 auto vol = VolumeManager::Instance()->findVolume(volId);
345 if (vol == nullptr) {
346 return error("Failed to find volume " + volId);
348 return translate(vol->unmount());
351 binder::Status VoldNativeService::format(const std::string& volId, const std::string& fsType) {
352 ENFORCE_UID(AID_SYSTEM);
353 CHECK_ARGUMENT_ID(volId);
356 auto vol = VolumeManager::Instance()->findVolume(volId);
357 if (vol == nullptr) {
358 return error("Failed to find volume " + volId);
360 return translate(vol->format(fsType));
363 static binder::Status pathForVolId(const std::string& volId, std::string* path) {
364 if (volId == "private" || volId == "null") {
367 auto vol = VolumeManager::Instance()->findVolume(volId);
368 if (vol == nullptr) {
369 return error("Failed to find volume " + volId);
371 if (vol->getType() != VolumeBase::Type::kPrivate) {
372 return error("Volume " + volId + " not private");
374 if (vol->getState() != VolumeBase::State::kMounted) {
375 return error("Volume " + volId + " not mounted");
377 *path = vol->getPath();
379 return error("Volume " + volId + " missing path");
385 binder::Status VoldNativeService::benchmark(
386 const std::string& volId, const android::sp<android::os::IVoldTaskListener>& listener) {
387 ENFORCE_UID(AID_SYSTEM);
388 CHECK_ARGUMENT_ID(volId);
392 auto status = pathForVolId(volId, &path);
393 if (!status.isOk()) return status;
395 std::thread([=]() { android::vold::Benchmark(path, listener); }).detach();
399 binder::Status VoldNativeService::checkEncryption(const std::string& volId) {
400 ENFORCE_UID(AID_SYSTEM);
401 CHECK_ARGUMENT_ID(volId);
405 auto status = pathForVolId(volId, &path);
406 if (!status.isOk()) return status;
407 return translate(android::vold::CheckEncryption(path));
410 binder::Status VoldNativeService::moveStorage(
411 const std::string& fromVolId, const std::string& toVolId,
412 const android::sp<android::os::IVoldTaskListener>& listener) {
413 ENFORCE_UID(AID_SYSTEM);
414 CHECK_ARGUMENT_ID(fromVolId);
415 CHECK_ARGUMENT_ID(toVolId);
418 auto fromVol = VolumeManager::Instance()->findVolume(fromVolId);
419 auto toVol = VolumeManager::Instance()->findVolume(toVolId);
420 if (fromVol == nullptr) {
421 return error("Failed to find volume " + fromVolId);
422 } else if (toVol == nullptr) {
423 return error("Failed to find volume " + toVolId);
426 std::thread([=]() { android::vold::MoveStorage(fromVol, toVol, listener); }).detach();
430 binder::Status VoldNativeService::remountUid(int32_t uid, int32_t remountMode) {
431 ENFORCE_UID(AID_SYSTEM);
435 switch (remountMode) {
436 case REMOUNT_MODE_NONE:
439 case REMOUNT_MODE_DEFAULT:
442 case REMOUNT_MODE_READ:
445 case REMOUNT_MODE_WRITE:
449 return error("Unknown mode " + std::to_string(remountMode));
451 return translate(VolumeManager::Instance()->remountUid(uid, tmp));
454 binder::Status VoldNativeService::mkdirs(const std::string& path) {
455 ENFORCE_UID(AID_SYSTEM);
456 CHECK_ARGUMENT_PATH(path);
459 return translate(VolumeManager::Instance()->mkdirs(path));
462 binder::Status VoldNativeService::createObb(const std::string& sourcePath,
463 const std::string& sourceKey, int32_t ownerGid,
464 std::string* _aidl_return) {
465 ENFORCE_UID(AID_SYSTEM);
466 CHECK_ARGUMENT_PATH(sourcePath);
467 CHECK_ARGUMENT_HEX(sourceKey);
471 VolumeManager::Instance()->createObb(sourcePath, sourceKey, ownerGid, _aidl_return));
474 binder::Status VoldNativeService::destroyObb(const std::string& volId) {
475 ENFORCE_UID(AID_SYSTEM);
476 CHECK_ARGUMENT_ID(volId);
479 return translate(VolumeManager::Instance()->destroyObb(volId));
482 binder::Status VoldNativeService::createStubVolume(
483 const std::string& sourcePath, const std::string& mountPath, const std::string& fsType,
484 const std::string& fsUuid, const std::string& fsLabel, std::string* _aidl_return) {
485 ENFORCE_UID(AID_SYSTEM);
486 CHECK_ARGUMENT_PATH(sourcePath);
487 CHECK_ARGUMENT_PATH(mountPath);
488 CHECK_ARGUMENT_HEX(fsUuid);
489 // Label limitation seems to be different between fs (including allowed characters), so checking
490 // is quite meaningless.
493 return translate(VolumeManager::Instance()->createStubVolume(sourcePath, mountPath, fsType,
494 fsUuid, fsLabel, _aidl_return));
497 binder::Status VoldNativeService::destroyStubVolume(const std::string& volId) {
498 ENFORCE_UID(AID_SYSTEM);
499 CHECK_ARGUMENT_ID(volId);
502 return translate(VolumeManager::Instance()->destroyStubVolume(volId));
505 binder::Status VoldNativeService::fstrim(
506 int32_t fstrimFlags, const android::sp<android::os::IVoldTaskListener>& listener) {
507 ENFORCE_UID(AID_SYSTEM);
510 std::thread([=]() { android::vold::Trim(listener); }).detach();
514 binder::Status VoldNativeService::runIdleMaint(
515 const android::sp<android::os::IVoldTaskListener>& listener) {
516 ENFORCE_UID(AID_SYSTEM);
519 std::thread([=]() { android::vold::RunIdleMaint(listener); }).detach();
523 binder::Status VoldNativeService::abortIdleMaint(
524 const android::sp<android::os::IVoldTaskListener>& listener) {
525 ENFORCE_UID(AID_SYSTEM);
528 std::thread([=]() { android::vold::AbortIdleMaint(listener); }).detach();
532 binder::Status VoldNativeService::mountAppFuse(int32_t uid, int32_t mountId,
533 android::base::unique_fd* _aidl_return) {
534 ENFORCE_UID(AID_SYSTEM);
537 return translate(VolumeManager::Instance()->mountAppFuse(uid, mountId, _aidl_return));
540 binder::Status VoldNativeService::unmountAppFuse(int32_t uid, int32_t mountId) {
541 ENFORCE_UID(AID_SYSTEM);
544 return translate(VolumeManager::Instance()->unmountAppFuse(uid, mountId));
547 binder::Status VoldNativeService::openAppFuseFile(int32_t uid, int32_t mountId, int32_t fileId,
549 android::base::unique_fd* _aidl_return) {
550 ENFORCE_UID(AID_SYSTEM);
553 int fd = VolumeManager::Instance()->openAppFuseFile(uid, mountId, fileId, flags);
555 return error("Failed to open AppFuse file for uid: " + std::to_string(uid) +
556 " mountId: " + std::to_string(mountId) + " fileId: " + std::to_string(fileId) +
557 " flags: " + std::to_string(flags));
560 *_aidl_return = android::base::unique_fd(fd);
564 binder::Status VoldNativeService::fdeCheckPassword(const std::string& password) {
565 ENFORCE_UID(AID_SYSTEM);
568 return translate(cryptfs_check_passwd(password.c_str()));
571 binder::Status VoldNativeService::fdeRestart() {
572 ENFORCE_UID(AID_SYSTEM);
575 // Spawn as thread so init can issue commands back to vold without
576 // causing deadlock, usually as a result of prep_data_fs.
577 std::thread(&cryptfs_restart).detach();
581 binder::Status VoldNativeService::fdeComplete(int32_t* _aidl_return) {
582 ENFORCE_UID(AID_SYSTEM);
585 *_aidl_return = cryptfs_crypto_complete();
589 static int fdeEnableInternal(int32_t passwordType, const std::string& password,
590 int32_t encryptionFlags) {
591 bool noUi = (encryptionFlags & VoldNativeService::ENCRYPTION_FLAG_NO_UI) != 0;
593 for (int tries = 0; tries < 2; ++tries) {
595 if (passwordType == VoldNativeService::PASSWORD_TYPE_DEFAULT) {
596 rc = cryptfs_enable_default(noUi);
598 rc = cryptfs_enable(passwordType, password.c_str(), noUi);
603 } else if (tries == 0) {
604 KillProcessesWithOpenFiles(DATA_MNT_POINT, SIGKILL);
611 binder::Status VoldNativeService::fdeEnable(int32_t passwordType, const std::string& password,
612 int32_t encryptionFlags) {
613 ENFORCE_UID(AID_SYSTEM);
616 LOG(DEBUG) << "fdeEnable(" << passwordType << ", *, " << encryptionFlags << ")";
617 if (fscrypt_is_native()) {
618 LOG(ERROR) << "fscrypt_is_native, fdeEnable invalid";
619 return error("fscrypt_is_native, fdeEnable invalid");
621 LOG(DEBUG) << "!fscrypt_is_native, spawning fdeEnableInternal";
623 // Spawn as thread so init can issue commands back to vold without
624 // causing deadlock, usually as a result of prep_data_fs.
625 std::thread(&fdeEnableInternal, passwordType, password, encryptionFlags).detach();
629 binder::Status VoldNativeService::fdeChangePassword(int32_t passwordType,
630 const std::string& password) {
631 ENFORCE_UID(AID_SYSTEM);
634 return translate(cryptfs_changepw(passwordType, password.c_str()));
637 binder::Status VoldNativeService::fdeVerifyPassword(const std::string& password) {
638 ENFORCE_UID(AID_SYSTEM);
641 return translate(cryptfs_verify_passwd(password.c_str()));
644 binder::Status VoldNativeService::fdeGetField(const std::string& key, std::string* _aidl_return) {
645 ENFORCE_UID(AID_SYSTEM);
648 char buf[PROPERTY_VALUE_MAX];
649 if (cryptfs_getfield(key.c_str(), buf, sizeof(buf)) != CRYPTO_GETFIELD_OK) {
650 return error(StringPrintf("Failed to read field %s", key.c_str()));
657 binder::Status VoldNativeService::fdeSetField(const std::string& key, const std::string& value) {
658 ENFORCE_UID(AID_SYSTEM);
661 return translate(cryptfs_setfield(key.c_str(), value.c_str()));
664 binder::Status VoldNativeService::fdeGetPasswordType(int32_t* _aidl_return) {
665 ENFORCE_UID(AID_SYSTEM);
668 *_aidl_return = cryptfs_get_password_type();
672 binder::Status VoldNativeService::fdeGetPassword(std::string* _aidl_return) {
673 ENFORCE_UID(AID_SYSTEM);
676 const char* res = cryptfs_get_password();
677 if (res != nullptr) {
683 binder::Status VoldNativeService::fdeClearPassword() {
684 ENFORCE_UID(AID_SYSTEM);
687 cryptfs_clear_password();
691 binder::Status VoldNativeService::fbeEnable() {
692 ENFORCE_UID(AID_SYSTEM);
695 return translateBool(fscrypt_initialize_global_de());
698 binder::Status VoldNativeService::mountDefaultEncrypted() {
699 ENFORCE_UID(AID_SYSTEM);
702 if (!fscrypt_is_native()) {
703 // Spawn as thread so init can issue commands back to vold without
704 // causing deadlock, usually as a result of prep_data_fs.
705 std::thread(&cryptfs_mount_default_encrypted).detach();
710 binder::Status VoldNativeService::initUser0() {
711 ENFORCE_UID(AID_SYSTEM);
714 return translateBool(fscrypt_init_user0());
717 binder::Status VoldNativeService::isConvertibleToFbe(bool* _aidl_return) {
718 ENFORCE_UID(AID_SYSTEM);
721 *_aidl_return = cryptfs_isConvertibleToFBE() != 0;
725 binder::Status VoldNativeService::mountFstab(const std::string& mountPoint) {
726 ENFORCE_UID(AID_SYSTEM);
729 return translateBool(fscrypt_mount_metadata_encrypted(mountPoint, false));
732 binder::Status VoldNativeService::encryptFstab(const std::string& mountPoint) {
733 ENFORCE_UID(AID_SYSTEM);
736 return translateBool(fscrypt_mount_metadata_encrypted(mountPoint, true));
739 binder::Status VoldNativeService::createUserKey(int32_t userId, int32_t userSerial, bool ephemeral) {
740 ENFORCE_UID(AID_SYSTEM);
743 return translateBool(fscrypt_vold_create_user_key(userId, userSerial, ephemeral));
746 binder::Status VoldNativeService::destroyUserKey(int32_t userId) {
747 ENFORCE_UID(AID_SYSTEM);
750 return translateBool(fscrypt_destroy_user_key(userId));
753 binder::Status VoldNativeService::addUserKeyAuth(int32_t userId, int32_t userSerial,
754 const std::string& token,
755 const std::string& secret) {
756 ENFORCE_UID(AID_SYSTEM);
759 return translateBool(fscrypt_add_user_key_auth(userId, userSerial, token, secret));
762 binder::Status VoldNativeService::fixateNewestUserKeyAuth(int32_t userId) {
763 ENFORCE_UID(AID_SYSTEM);
766 return translateBool(fscrypt_fixate_newest_user_key_auth(userId));
769 binder::Status VoldNativeService::unlockUserKey(int32_t userId, int32_t userSerial,
770 const std::string& token,
771 const std::string& secret) {
772 ENFORCE_UID(AID_SYSTEM);
775 return translateBool(fscrypt_unlock_user_key(userId, userSerial, token, secret));
778 binder::Status VoldNativeService::lockUserKey(int32_t userId) {
779 ENFORCE_UID(AID_SYSTEM);
782 return translateBool(fscrypt_lock_user_key(userId));
785 binder::Status VoldNativeService::prepareUserStorage(const std::unique_ptr<std::string>& uuid,
786 int32_t userId, int32_t userSerial,
788 ENFORCE_UID(AID_SYSTEM);
789 std::string empty_string = "";
790 auto uuid_ = uuid ? *uuid : empty_string;
791 CHECK_ARGUMENT_HEX(uuid_);
794 return translateBool(fscrypt_prepare_user_storage(uuid_, userId, userSerial, flags));
797 binder::Status VoldNativeService::destroyUserStorage(const std::unique_ptr<std::string>& uuid,
798 int32_t userId, int32_t flags) {
799 ENFORCE_UID(AID_SYSTEM);
800 std::string empty_string = "";
801 auto uuid_ = uuid ? *uuid : empty_string;
802 CHECK_ARGUMENT_HEX(uuid_);
805 return translateBool(fscrypt_destroy_user_storage(uuid_, userId, flags));
808 binder::Status VoldNativeService::startCheckpoint(int32_t retry) {
809 ENFORCE_UID(AID_SYSTEM);
812 return cp_startCheckpoint(retry);
815 binder::Status VoldNativeService::needsRollback(bool* _aidl_return) {
816 ENFORCE_UID(AID_SYSTEM);
819 *_aidl_return = cp_needsRollback();
823 binder::Status VoldNativeService::needsCheckpoint(bool* _aidl_return) {
824 ENFORCE_UID(AID_SYSTEM);
827 *_aidl_return = cp_needsCheckpoint();
831 binder::Status VoldNativeService::commitChanges() {
832 ENFORCE_UID(AID_SYSTEM);
835 return cp_commitChanges();
838 binder::Status VoldNativeService::prepareCheckpoint() {
839 ENFORCE_UID(AID_SYSTEM);
842 return cp_prepareCheckpoint();
845 binder::Status VoldNativeService::restoreCheckpoint(const std::string& mountPoint) {
846 ENFORCE_UID(AID_SYSTEM);
847 CHECK_ARGUMENT_PATH(mountPoint);
850 return cp_restoreCheckpoint(mountPoint);
853 binder::Status VoldNativeService::restoreCheckpointPart(const std::string& mountPoint, int count) {
854 ENFORCE_UID(AID_SYSTEM);
855 CHECK_ARGUMENT_PATH(mountPoint);
858 return cp_restoreCheckpoint(mountPoint, count);
861 binder::Status VoldNativeService::markBootAttempt() {
862 ENFORCE_UID(AID_SYSTEM);
865 return cp_markBootAttempt();
868 binder::Status VoldNativeService::abortChanges(const std::string& message, bool retry) {
869 ENFORCE_UID(AID_SYSTEM);
872 cp_abortChanges(message, retry);
876 binder::Status VoldNativeService::supportsCheckpoint(bool* _aidl_return) {
877 ENFORCE_UID(AID_SYSTEM);
880 return cp_supportsCheckpoint(*_aidl_return);
883 binder::Status VoldNativeService::supportsBlockCheckpoint(bool* _aidl_return) {
884 ENFORCE_UID(AID_SYSTEM);
887 return cp_supportsBlockCheckpoint(*_aidl_return);
890 binder::Status VoldNativeService::supportsFileCheckpoint(bool* _aidl_return) {
891 ENFORCE_UID(AID_SYSTEM);
894 return cp_supportsFileCheckpoint(*_aidl_return);
898 } // namespace android