OSDN Git Service
Nick Kralevich [Sat, 30 Mar 2019 01:27:57 +0000 (01:27 +0000)]
Merge "vold: add android-* to tidy_checks"
Nick Kralevich [Sat, 30 Mar 2019 01:27:38 +0000 (01:27 +0000)]
Merge "vold: cleanups for O_CLOEXEC tidy checks."
Treehugger Robot [Fri, 29 Mar 2019 23:09:52 +0000 (23:09 +0000)]
Merge "Fix checkpoint on Taimen"
Nick Kralevich [Fri, 29 Mar 2019 23:07:58 +0000 (16:07 -0700)]
vold: add android-* to tidy_checks
Bug:
129350825
Test: compiles and boots
Change-Id: If5a6267cc56bfc0ba73602bfa520035197b4fb90
Nick Kralevich [Fri, 29 Mar 2019 23:03:51 +0000 (16:03 -0700)]
vold: cleanups for O_CLOEXEC tidy checks.
Bug:
129350825
Test: compiles and boots
Change-Id: I83a484ca15df1b757b670008f15af5504bc94df1
Paul Lawrence [Fri, 29 Mar 2019 20:06:34 +0000 (13:06 -0700)]
Fix checkpoint on Taimen
Bug:
129494872
Test: VtsKernelCheckpointTest runs and passes
Change-Id: Ib2de866db7c847d569789d1aa6cdbad7c3ee7ff4
Treehugger Robot [Fri, 29 Mar 2019 03:52:46 +0000 (03:52 +0000)]
Merge "Fix bogus error checking on unique_fd"
Bernie Innocenti [Thu, 28 Mar 2019 06:24:30 +0000 (15:24 +0900)]
Fix bogus error checking on unique_fd
The expression "!fd" calls the implicit conversion to int, but comparing
the raw fd against 0 does not work, since open() and other POSIX calls
returning a file descriptor use -1 to signal an error.
Test: m vold
Change-Id: I0847c276f39cb9dd09c7ffb96951276113418fc8
Daniel Rosenberg [Wed, 27 Mar 2019 02:34:24 +0000 (02:34 +0000)]
Merge "Switch Checkpoint health sleep time to ms."
Daniel Rosenberg [Wed, 27 Mar 2019 02:01:48 +0000 (02:01 +0000)]
Merge "Fixed min_free_bytes prop name and usleep time default"
Suren Baghdasaryan [Wed, 27 Mar 2019 01:31:15 +0000 (01:31 +0000)]
Merge "Convert ifstream usage into fopen() to prevent fd leaks into child processes"
Daniel Rosenberg [Tue, 26 Mar 2019 21:42:14 +0000 (14:42 -0700)]
Switch Checkpoint health sleep time to ms.
This changes the property from microsecond to milliseconds, as we don't
need that sort of precision here. Also switches from using ulseep, which
has been removed from POSIX, to nanosleep.
Test: Builds, Boots, Times
Change-Id: Iefbaf8489ba05d8d688542fd7d4305efb980e701
Satoshi Futenma [Mon, 25 Mar 2019 14:13:36 +0000 (23:13 +0900)]
Fixed min_free_bytes prop name and usleep time default
Test: check build
Bug:
129299864
Change-Id: Iab6a01d15185dd19604cd8d3d7ea4efc2b020e34
Suren Baghdasaryan [Tue, 26 Mar 2019 17:00:05 +0000 (10:00 -0700)]
Convert ifstream usage into fopen() to prevent fd leaks into child processes
std::ifstream does not use O_CLOEXEC flag when opening files. This leads
to file descriptors being inherited by child processes. In the case of vold
this results in leaking FDs to less privileged children with no permission
for these files which occasionally leads to SELinux denials.
Bug:
129298168
Change-Id: Id2731782a25d65c9a7cbf25dc441f3e7a17609c1
Signed-off-by: Suren Baghdasaryan <surenb@google.com>
Treehugger Robot [Fri, 22 Mar 2019 13:05:35 +0000 (13:05 +0000)]
Merge "Remove excess logging in secdiscard"
Daniel Rosenberg [Thu, 21 Mar 2019 21:01:08 +0000 (21:01 +0000)]
Merge changes I977cc03b,I7b621476,Ib57f4461
* changes:
Add health check to checkpointing
Change abortChanges to take a message and bool
Make needsCheckpoint cover whole session
Daniel Rosenberg [Wed, 21 Nov 2018 03:03:11 +0000 (19:03 -0800)]
Add health check to checkpointing
Take action if we are running out of checkpoint space.
Configurable via ro.sys properties.
ro.sys.cp_usleeptime = Time to sleep between checks
ro.sys.cp_min_free_bytes = Min free space to act on
ro.sys.cp_commit_on_full = action to take. Either commits or reboots to
continue attempt without checkpoint, or retry
and eventually abort OTA
Test: Trigger a checkpoint and fill the disk.
Bug:
119769392
Change-Id: I977cc03b7aef9320d661c8a0d716f8a1ef0be347
Daniel Rosenberg [Thu, 21 Mar 2019 00:02:47 +0000 (17:02 -0700)]
Change abortChanges to take a message and bool
abortChanges will attempt to pass a reboot message, and will only reboot
if the device is currently checkpointing. Additionally, it can opt to
attempt to prevent future attempts. This only works for non-bootloader
controlled updates. Failures are ignored, as it will always reboot the
device. In the unlikely event of such a failure, the device will
continue to retry as though you did not ask to prevent future attempts.
Test: vdc checkpoint abortChanges abort_retry_test 1
vdc checkpoint abortChanges abort_noretry_test 0
Change-Id: I7b6214765a1faaf4fd193c73331696b53ae572d2
Daniel Rosenberg [Tue, 19 Mar 2019 21:02:59 +0000 (14:02 -0700)]
Make needsCheckpoint cover whole session
This makes needCheckpoint return true when the device will or is using
checkpointing.
Test: vdc checkpoint startCheckpoint 1
reboot
vdc checkpoint needsCheckpoint
should return 1 before and after data mounts, and 0 once the
checkpoint has been committed
Change-Id: Ib57f4461d837f41a8110ed318168165a684d913a
Rubin Xu [Thu, 21 Mar 2019 18:13:40 +0000 (18:13 +0000)]
Remove excess logging in secdiscard
Remove all debug logs to reduce logspam a bit.
Bug:
64349233
Test: manual
Change-Id: I234fae7b9fb719b09af27985736f43f085dad301
Paul Crowley [Tue, 19 Mar 2019 19:13:56 +0000 (19:13 +0000)]
Merge "Shell no longer globs, so glob in pushBackContents"
Treehugger Robot [Mon, 18 Mar 2019 22:56:47 +0000 (22:56 +0000)]
Merge "Add vdc checkpoint supportsBlockCheckpoint"
Paul Lawrence [Mon, 18 Mar 2019 20:36:40 +0000 (13:36 -0700)]
Add vdc checkpoint supportsBlockCheckpoint
Also add vdc checkpoint supportsFileCheckpoint
This is to allow tests to be specific to supported checkpoint mode.
Test: Built on Taimen and Crosshatch, made sure both new functions work
as expected
Change-Id: I0eab7453b13c0a2e31840ef9ad24a692cec55b00
Paul Crowley [Mon, 18 Mar 2019 17:26:47 +0000 (10:26 -0700)]
Shell no longer globs, so glob in pushBackContents
Bug:
113246065
Bug:
123057215
Test: As described in b/
113246065 comment 1
Change-Id: Id766773ed4abe80a9fc1d5305f099aedfe8eed90
Chris Fries [Thu, 14 Mar 2019 15:19:20 +0000 (15:19 +0000)]
Merge "Fsync directories before delete key"
Woody Lin [Mon, 11 Mar 2019 12:58:20 +0000 (20:58 +0800)]
Fsync directories before delete key
The boot failure symptom is reproduced on Walleye devices. System boots
up after taking OTA and try to upgrade key, but keymaster returns "failed
to ugprade key". Device reboots to recovery mode because of the failure,
and finally trapped in bootloader screen. Possible scenario is:
(After taking OTA)
vold sends old key and op=UPGRADE to keymaster
keymaster creates and saves new key to RPMB, responses new key to vold
vold saves new key as temp key
vold renames temp key to main key -------------- (1) -- still in cache
vold sends old key and op=DELETE_KEY to keymaster
keymaster removes old key from RPMB ------------ (2) -- write directly to RPMB
==> SYSTEM INTERRUPTED BY CRASH OR SOMETHING; ALL CACHE LOST.
==> System boots up, key in RPMB is deleted but key in storage is old key.
Solution: A Fsync is required between (1) and (2) to cover this case.
Detail analysis: b/
124279741#comment21
Bug:
112145641
Bug:
124279741
Test: Insert fault right after deleteKey in vold::begin (KeyStorage.cpp),
original boot failure symptom is NOT reproducible.
Change-Id: Ib8c349d6d033f86b247f4b35b8354d97cf249d26
Treehugger Robot [Mon, 11 Mar 2019 23:16:31 +0000 (23:16 +0000)]
Merge "DO NOT MERGE - Skip PPRL.190305.001 into master"
The Android Open Source Project [Mon, 11 Mar 2019 21:57:55 +0000 (14:57 -0700)]
DO NOT MERGE - Skip PPRL.190305.001 into master
Bug:
127812889
Change-Id: I5bff7948e2fc254d0595329bd7a7262586de0c32
Treehugger Robot [Sat, 9 Mar 2019 01:33:40 +0000 (01:33 +0000)]
Merge "Don't unmount /storage for early native processes"
Treehugger Robot [Thu, 7 Mar 2019 23:56:21 +0000 (23:56 +0000)]
Merge changes I91cf0def,I47570e8e
* changes:
Make Checkpoint restore resume safe
Add vdc checkpoint restoreCheckpointPart
Daniel Rosenberg [Sat, 2 Mar 2019 06:01:22 +0000 (22:01 -0800)]
Make Checkpoint restore resume safe
This allows us to resume rolling back in the event of an unexpected
shutdown during the restore process. We save progress after we process
each log sector, and whenever restarting the current log sector would
result in invalid data.
Test: Run restore, interrupt it, and attempt to resume
Change-Id: I91cf0defb0d22fc5afdb9debc2963c956e9e171c
Daniel Rosenberg [Thu, 7 Mar 2019 01:45:17 +0000 (17:45 -0800)]
Add vdc checkpoint restoreCheckpointPart
Restores the first n entries of a checkpoint. Allows automated testing
of interrupted restores.
Test: vdc checkpoint restoreCheckpoint [device] [n]
Change-Id: I47570e8eba0bc3c6549a04a33600df05d393990b
Daniel Rosenberg [Thu, 7 Mar 2019 06:10:58 +0000 (06:10 +0000)]
Merge "Switch Checkpoint Restore code to c style File ops"
Daniel Rosenberg [Tue, 5 Mar 2019 05:46:31 +0000 (21:46 -0800)]
Switch Checkpoint Restore code to c style File ops
In preparation for restore code, we need to guarantee fsync happens.
Switch over to fd based operations to prepare for that.
Test: Successfully restores device over reboots
Change-Id: Ic9901779e8a4258bf8090d6a62fa9829e343fd39
Jiyong Park [Fri, 4 Jan 2019 04:35:25 +0000 (13:35 +0900)]
Don't unmount /storage for early native processes
Motivation:
Early processes launched before the runtime APEX - that hosts the bionic
libs - is activated can't use the bionic libs from the APEX, but from the
system partition (which we call the bootstrap bionic). Other processes
after the APEX activation should use the bionic libs from the APEX.
In order to let both types of processes to access the bionic libs via
the same standard paths /system/lib/{libc|libdl|libm}.so, some mount
namespace magic is used.
To be specific, when the device boots, the init initially bind-mounts
the bootstrap bionic libs to the standard paths with MS_PRIVATE. Early
processes are then executed with their own mount namespaces (via
unshare(CLONE_NEWNS)). After the runtime APEX is activated, init
bind-mounts the bionic libs in the APEX to the same standard paths.
Processes launched thereafter use the bionic libs from the APEX (which
can be updated.)
Important thing is that, since the propagation type of the mount points
(the standard paths) is 'private', the new bind-mount events for the
updated bionic libs should not affect the early processes. Otherwise,
they would experience sudden change of bionic libs at runtime. However,
other mount/unmounts events outside of the private mount points are
still shared across early/late processes as before. This is made possible
because the propagation type of / is 'shared' .
Problem:
vold uses the equality of the mount namespace to filter-out processes
that share the global mount namespace (the namespace of the init). However,
due to the aforementioned change, the early processes are not filtered
out because they have different mount namespaces. As a result,
umount2("/storage/") is executed on them and this unmount event
becomes visible to the global mount namespace (because as mentioned before /
is 'shared').
Solution:
Fiter-out the early processes by skipping a native (non-Java) process
whose UID is < AID_APP. The former condition is because all early
processes are native ones; i.e., zygote is started after the runtime
APEX is activated. The latter condition is to not filter-out native
processes created locally by apps.
Bug:
120266448
Test: m; device boots
Change-Id: I054deedc4af8421854cf35be84e14995523a259a
Paul Lawrence [Fri, 1 Mar 2019 21:19:27 +0000 (21:19 +0000)]
Merge "Make restore validation fast by using a map"
Paul Lawrence [Tue, 22 Jan 2019 22:31:43 +0000 (14:31 -0800)]
Make restore validation fast by using a map
Test: Successfully restores device over reboots
Change-Id: I4f1c5bbe6c07697a925a1a4efb92aefd15b61332
Treehugger Robot [Wed, 20 Feb 2019 12:09:31 +0000 (12:09 +0000)]
Merge "Do not trim unless we are actually checkpointing"
Paul Lawrence [Tue, 19 Feb 2019 22:18:54 +0000 (14:18 -0800)]
Do not trim unless we are actually checkpointing
I'm not convinced this explains the full regression, but it's a
worthwhile fix anyway.
Bug:
124774357
Test: Booted in checkpoint mode and non checkpoint mode
Change-Id: I6e0e1e59e27bd127feac218fff7d88bb3570b530
David Anderson [Thu, 14 Feb 2019 20:27:05 +0000 (20:27 +0000)]
Merge "Enable metadata encryption for userdata_gsi."
David Anderson [Wed, 6 Feb 2019 01:32:05 +0000 (17:32 -0800)]
Enable metadata encryption for userdata_gsi.
When running a live GSI, userdata is a logical partition. If we don't
fix up the fstab we'll derive the underlying block device instead of
the device-mapper node for userdat_gsi, resulting in a corrupt data
partition for both images.
Bug:
123906417
Test: manual test
Change-Id: Ic0101f30504de26e725442da2da3888008c31b63
android-build-team Robot [Sat, 9 Feb 2019 02:36:27 +0000 (02:36 +0000)]
Snap for
5180536 from
2ab3b948d787852b2b34c4c7fe623c35ae214ae3 to pi-platform-release
Change-Id: Idc5557adef8d2cbc60a594ab3ea1aa3669140926
Treehugger Robot [Fri, 8 Feb 2019 21:55:29 +0000 (21:55 +0000)]
Merge "Support header versioning in dm-bow"
Treehugger Robot [Fri, 8 Feb 2019 21:16:58 +0000 (21:16 +0000)]
Merge "Suport variable blocksizes in dm-bow restore"
Paul Lawrence [Fri, 18 Jan 2019 18:28:34 +0000 (10:28 -0800)]
Support header versioning in dm-bow
Test: Make sure still boots, restores
Change-Id: I903f58cb22472dbbbbb4c27ed1d88ed1f7c7dc5d
Paul Lawrence [Thu, 10 Jan 2019 21:06:07 +0000 (13:06 -0800)]
Suport variable blocksizes in dm-bow restore
Test: Test that restore still works
Change-Id: I7259e3efd1cd0ee13c74336a7e53158b6bceed57
Daniel Rosenberg [Fri, 8 Feb 2019 01:40:54 +0000 (01:40 +0000)]
Merge "Mark A/B Boot success before committing checkpoint"
Treehugger Robot [Wed, 6 Feb 2019 03:19:32 +0000 (03:19 +0000)]
Merge "Fix search for values in blkId output"
Paul Crowley [Tue, 5 Feb 2019 23:33:34 +0000 (15:33 -0800)]
Fix search for values in blkId output
Bug:
122497152
Test: atest tests/Utils_test.cpp
Test: adb shell sm partition disk:7,32 private ; adb logcat -d
Change-Id: Ic7d32bdbc0c55ce1d21f7f9e74c6a6fb3dcf332a
Daniel Rosenberg [Wed, 23 Jan 2019 23:16:04 +0000 (15:16 -0800)]
Mark A/B Boot success before committing checkpoint
This marks the slot as successful within commitChanges, increasing the
available roll back window significantly.
Test: When taking an update on a checkpoint enabled device, it
marks the slot as successful just before committing the
checkpoint. Visible in logs as call to vdc commitChanges,
followed by "Marked slot as booted succesfully."
Bug:
123260515
Change-Id: If71fcde57b3bdee2cfaabb590f123a2d00da3228
Daniel Rosenberg [Mon, 4 Feb 2019 23:14:51 +0000 (23:14 +0000)]
Merge "Use global default_fstab instead of re-reading"
Daniel Rosenberg [Sat, 2 Feb 2019 03:25:47 +0000 (19:25 -0800)]
Use global default_fstab instead of re-reading
VoldUtils already has a pre-parsed fstab. Use it instead.
Test: Checkpoint functions continue to work
Change-Id: I96cbab467a7b809c92c4f6cdf7a06abca8c5aa5e
Tom Cherry [Fri, 1 Feb 2019 01:02:50 +0000 (01:02 +0000)]
Merge "Move over to the C++ Fstab class"
Tom Cherry [Tue, 29 Jan 2019 22:34:01 +0000 (14:34 -0800)]
Move over to the C++ Fstab class
Test: build and boot
Change-Id: Id3850c9c133f6644073a2439368501253a2a94a9
Treehugger Robot [Wed, 30 Jan 2019 16:29:26 +0000 (16:29 +0000)]
Merge "Remove secontext.h, secontext.cpp, hash.h"
LongPing Wei [Wed, 30 Jan 2019 08:03:14 +0000 (16:03 +0800)]
Remove secontext.h, secontext.cpp, hash.h
cryptfs.cpp and MetadataCrypt.cpp can use android::vold::sFsckContext directly.
hash.h is unuseful.
Test: make
Change-Id: I7acdac97d6ed1c9b2a5dc367fcea8aa2942192e8
Eric Biggers [Tue, 29 Jan 2019 20:58:29 +0000 (20:58 +0000)]
Merge "cryptfs: improve logging of dm-crypt device creation"
Eric Biggers [Tue, 29 Jan 2019 18:30:55 +0000 (18:30 +0000)]
Merge "cryptfs: round down dm-crypt device size to crypto sector boundary"
Eric Biggers [Fri, 25 Jan 2019 20:11:25 +0000 (12:11 -0800)]
cryptfs: improve logging of dm-crypt device creation
Log the main configuration of the dm-crypt device -- the name, the
cipher, the keysize, the real device, and the length -- in addition to
the extra parameters which we were already logging.
(We can't simply log the actual string passed to the kernel, of course,
because that includes the key. So we choose the fields individually.)
Test: booted device configured to use FDE and checked the log message
Change-Id: Ia95de807c4fad68d93b7e7e73508a01e5139dc76
Eric Biggers [Fri, 25 Jan 2019 18:47:55 +0000 (10:47 -0800)]
cryptfs: round down dm-crypt device size to crypto sector boundary
This is needed to make adoptable storage volumes work with a 4K crypto
sector size when the block device size is not a multiple of 4K.
It is fine to do this because the filesystem ends on a 4K boundary
anyway and doesn't use any partial block at the end.
Bug:
123375298
Test: booted device configured to use FDE with sector size 4k, ran
'sm set-virtual-disk true' and formatted the virtual SD card as
adoptable storage. Then did the same but with a temporary patch
that changed kSizeVirtualDisk to be misaligned
Change-Id: I95ee6d7dcaaa8989c674aea9988c09116e830b0c
Treehugger Robot [Fri, 25 Jan 2019 04:26:17 +0000 (04:26 +0000)]
Merge "Preserve options on remount in commitChanges"
Daniel Rosenberg [Fri, 25 Jan 2019 02:23:18 +0000 (18:23 -0800)]
Preserve options on remount in commitChanges
Copy the existing mount options when remounting f2fs for checkpointing
mode.
Bug:
123376509
Test: Boot with checkpointing, and ensure entries match fstab
Change-Id: If022d9872a44657b550ab892259230805716dc77
Treehugger Robot [Thu, 24 Jan 2019 06:14:44 +0000 (06:14 +0000)]
Merge "Add supportsCheckpoint"
Daniel Rosenberg [Wed, 23 Jan 2019 01:27:25 +0000 (17:27 -0800)]
Add supportsCheckpoint
This returns true if any entries in the fstab have checkpoint=
set.
Test: Call vdc checkpoint supportsCheckpoint. Should return 1
iff an fstab entry has checkpoint=fs or checkpoint=block set
Bug:
111020314
Change-Id: Ic79bc96ded4da6605f73992dcff542e7cb50d705
Eric Biggers [Tue, 22 Jan 2019 18:18:18 +0000 (18:18 +0000)]
Merge "cryptfs: check for errors in create_encrypted_random_key()"
Eric Biggers [Tue, 22 Jan 2019 18:14:49 +0000 (18:14 +0000)]
Merge "Utils: correctly handle read() errors in ReadRandomBytes()"
Sudheer Shanka [Sat, 19 Jan 2019 00:24:23 +0000 (00:24 +0000)]
Merge "Create new mount directory /mnt/runtime/full."
Sudheer Shanka [Thu, 17 Jan 2019 07:35:49 +0000 (23:35 -0800)]
Create new mount directory /mnt/runtime/full.
This will be used for system internals to access
secondary volumes without having to bypass sdcardfs.
Bug:
121277410
Test: manual
Exempt-From-Owner-Approval: Got approval on internal master
Change-Id: I9b3e33f6c6e426e83469b8030b02d59c02183946
Eric Biggers [Wed, 16 Jan 2019 21:05:34 +0000 (13:05 -0800)]
cryptfs: check for errors in create_encrypted_random_key()
When generating the key and salt we weren't checking for an error
opening or reading from /dev/urandom. Switch to the helper function
ReadRandomBytes() and start checking for errors.
Test: Booted device with FDE. As a extra sanity check I also
temporarily added log messages that dump the key and salt,
and I verified they still appear random.
Change-Id: I01ccee4f1f9910bf9508c8f02a918157393b0e68
Eric Biggers [Wed, 16 Jan 2019 21:05:34 +0000 (13:05 -0800)]
Utils: correctly handle read() errors in ReadRandomBytes()
read() returns -1 on error, so we need to use a signed type.
Test: Booted device with FDE
Change-Id: Ib44247c1cdfd38674a7439209e333823f2fb6cf8
Xin Li [Thu, 17 Jan 2019 21:19:43 +0000 (21:19 +0000)]
Merge "DO NOT MERGE - Skip pie-platform-release (PPRL.190105.001) in master"
Sudheer Shanka [Thu, 17 Jan 2019 18:04:27 +0000 (18:04 +0000)]
Merge "Add UnmountTreeWithPrefix util method."
Annie Meng [Thu, 17 Jan 2019 15:29:32 +0000 (15:29 +0000)]
Merge "Create subdirs in system_ce/ for multi-user backup"
Annie Meng [Wed, 16 Jan 2019 21:32:27 +0000 (21:32 +0000)]
Create subdirs in system_ce/ for multi-user backup
Backup system service bookkeeping is being moved to per-user CE
directories to support multiple users participating in the service.
Accompanies SELinux changes at aosp/873133
Bug:
121197420
Test: 1) Boot device; check dirs created with correct label; run backup
successfully on system user
2) Create secondary user; check dirs created with correct label; run
backup successfully
Change-Id: I3a0fdbfcf18a3c242fc64fba0dd014160b50b2f0
Annie Meng [Thu, 17 Jan 2019 11:01:00 +0000 (11:01 +0000)]
Merge "vold_prepare_subdirs: prepare /data/misc_[ce|de]/rollback."
Sudheer Shanka [Thu, 17 Jan 2019 07:04:07 +0000 (23:04 -0800)]
Add UnmountTreeWithPrefix util method.
Add a utility method to unmount all mountpoints
that start with a prefix.
Bug:
122905493
Test: manual
Change-Id: I11739e40e7849c1b4ca9e0b90c5c3f243691257a
Treehugger Robot [Thu, 17 Jan 2019 01:08:20 +0000 (01:08 +0000)]
Merge "Checkpoints: Support validation and roll forward on fail"
Paul Lawrence [Tue, 20 Nov 2018 22:07:59 +0000 (14:07 -0800)]
Checkpoints: Support validation and roll forward on fail
Test: Rolls backward, and if you hexedit a BOW page, rolls forward
Change-Id: If99a6c3a3bc3f615bd1445f5af14ea490a58e053
Narayan Kamath [Mon, 14 Jan 2019 10:03:07 +0000 (10:03 +0000)]
vold_prepare_subdirs: prepare /data/misc_[ce|de]/rollback.
These directories are managed by installd and used to store
snapshots of application data directories in order to roll them
back in the case of bad updates.
Bug:
112431924
Test: make, device boot & manual verification.
Change-Id: Ieaca697a45d013937327e0f16f36b9b1eaad6b22
Xin Li [Tue, 15 Jan 2019 18:19:51 +0000 (10:19 -0800)]
DO NOT MERGE - Skip pie-platform-release (PPRL.190105.001) in master
Bug:
122685541
Change-Id: I951a35cc32c6dc0a3b051099d687c89a5e38ebbb
Treehugger Robot [Mon, 7 Jan 2019 20:09:34 +0000 (20:09 +0000)]
Merge "Fsync directories after creating files"
Paul Crowley [Fri, 7 Dec 2018 23:36:09 +0000 (15:36 -0800)]
Fsync directories after creating files
Bug:
120248692
Test: adb shell locksettings set-pin 1111 && \
adb shell "echo b > /proc/sysrq-trigger"
Change-Id: I53d252942c21365983b4f8b6e0948b1864f195c1
Treehugger Robot [Mon, 7 Jan 2019 09:45:22 +0000 (09:45 +0000)]
Merge "cryptfs: Add error messages when remove dm-crypt device is failed"
android-build-team Robot [Thu, 3 Jan 2019 23:49:33 +0000 (23:49 +0000)]
Merge cherrypicks of [
5929407,
5929627,
5929597,
5929598] into pi-platform-release
Change-Id: I71193baac96d5936f6e3dd69a7ee37e70d85f898
Greg Kaiser [Tue, 11 Dec 2018 20:40:51 +0000 (12:40 -0800)]
cryptfs: Allow setting dm-crypt sector size
We add the property ro.crypto.fde_sector_size to allow devices
to pass the "sector_size:<size>" argument to dm-crypt in the kernel.
We also pass "iv_large_sectors" when setting the sector size.
Using 4096-byte sectors rather than the default of 512 improves
dm-crypt performance, especially when the Adiantum encryption mode
is used.
Bug:
112010205
Test: Run on a device
Change-Id: I144ec7088a0aad3430369dc7158370d7ff3ef5d2
Merged-In: I144ec7088a0aad3430369dc7158370d7ff3ef5d2
(cherry picked from commit
88738e8b6f59e307a2120d352843759025588539)
Greg Kaiser [Mon, 3 Dec 2018 19:23:19 +0000 (11:23 -0800)]
cryptfs: Add Adiantum support
Adiantum is a crypto method Android is supporting for devices
which don't have AES CPU instructions. See the paper
"Adiantum: length-preserving encryption for entry-level processors"
(https://eprint.iacr.org/2018/720.pdf) for more details.
We add Adiantum to our list of supported crypto types.
Bug:
112010205
Test: Tested on a device
Change-Id: Ic190a9b90fc8bc077fdc7d60c9d5ae8d8f555025
Merged-In: Ic190a9b90fc8bc077fdc7d60c9d5ae8d8f555025
(cherry picked from commit
18824ec6cc9cd0f16530de2e034a7fe5b8fd17be)
Yue Hu [Mon, 17 Dec 2018 09:09:55 +0000 (17:09 +0800)]
cryptfs: Add error messages when remove dm-crypt device is failed
We do not know what happened if remove dm-crypt device is failed, so
the error status added is useful to debug failed ioctl.
Change-Id: I49be91b9087ef2a213a706dd6b2a07eb6dafe6e6
Signed-off-by: Yue Hu <zbestahu@gmail.com>
Greg Kaiser [Fri, 21 Dec 2018 00:10:42 +0000 (00:10 +0000)]
Merge changes I1c50546e,I8254cb6b,Ib179299a,Iec1c2801
* changes:
EncryptInplace: Rename variable
Checkpoint: Assure proper buffer alignment
vold: Pass std::string by const reference
vold: const-ify some of the API
Greg Kaiser [Tue, 18 Dec 2018 20:34:07 +0000 (12:34 -0800)]
EncryptInplace: Rename variable
We rename our 'buf' in the inner scope to avoid confusion with
the 'buf' in the outer scope which is used immediately after
exiting the inner scope.
Test: TreeHugger
Change-Id: I1c50546e86c680e963eedcbda26138f8b43e55e9
Greg Kaiser [Tue, 18 Dec 2018 20:22:29 +0000 (12:22 -0800)]
Checkpoint: Assure proper buffer alignment
We have a char buffer on the stack, which we then cast to a
struct, and then proceed to access elements in the struct.
This is not safe across all platforms, as some platforms
may require a certain alignment for members of the struct.
We fix this by assuring an appropriate alignment for our
char buffer.
We also use C++ casting, and rename our buffer to differenciate
it from the other 'buffer' variable in this function.
Test: TreeHugger
Change-Id: I8254cb6b8124e394bd805afd1ccca0faedb27ffa
Greg Kaiser [Tue, 18 Dec 2018 19:10:31 +0000 (11:10 -0800)]
vold: Pass std::string by const reference
In a couple places, we change to pass a std::string argument
instead of by copy.
Test: TreeHugger
Change-Id: Ib179299a2322fcbab4e6d192051218823ad66a36
Greg Kaiser [Tue, 18 Dec 2018 16:42:08 +0000 (08:42 -0800)]
vold: const-ify some of the API
We make some of the C++ member functions 'const', to reflect how
they (don't) affect the state of the class.
Test: TreeHugger
Change-Id: Iec1c2801bfe721e2741406ed1ac0ef95662840a6
Merged-In: Iec1c2801bfe721e2741406ed1ac0ef95662840a6
Treehugger Robot [Sat, 15 Dec 2018 04:39:51 +0000 (04:39 +0000)]
Merge changes from topic "checkpoint-enable"
* changes:
Add Support for metadata key with rollback
Add property for checkpointing
Daniel Rosenberg [Fri, 14 Dec 2018 09:08:10 +0000 (01:08 -0800)]
Add Support for metadata key with rollback
This adds the ability to upgrade a key and retain the
old one for rollback purposes. We delete the old key
if we boot successfully and delete the new key if we
do not.
Test: Enable checkpointing and test rolling back
between two versions
Bug:
111020314
Change-Id: I19f31a1ac06a811c0644fc956e61b5ca84e7241a
Daniel Rosenberg [Fri, 14 Dec 2018 08:20:03 +0000 (00:20 -0800)]
Add property for checkpointing
We set a property when we commit a chackpoint to signal
to anyone who wants to do post commit cleanup.
Test: Boot to homescreen and check getprop for vold.checkpoint_committed
Bug:
111020314
Change-Id: Idf35e3abf9d24eb40c6926a30a8403064c05e10a
Greg Kaiser [Wed, 12 Dec 2018 04:59:25 +0000 (04:59 +0000)]
Merge changes from topic "userspace_adiantum_support"
* changes:
cryptfs: Allow setting dm-crypt sector size
cryptfs: Add Adiantum support
Greg Kaiser [Tue, 11 Dec 2018 20:40:51 +0000 (12:40 -0800)]
cryptfs: Allow setting dm-crypt sector size
We add the property ro.crypto.fde_sector_size to allow devices
to pass the "sector_size:<size>" argument to dm-crypt in the kernel.
We also pass "iv_large_sectors" when setting the sector size.
Using 4096-byte sectors rather than the default of 512 improves
dm-crypt performance, especially when the Adiantum encryption mode
is used.
Bug:
112010205
Test: Run on a device
Change-Id: I144ec7088a0aad3430369dc7158370d7ff3ef5d2
Greg Kaiser [Mon, 3 Dec 2018 19:23:19 +0000 (11:23 -0800)]
cryptfs: Add Adiantum support
Adiantum is a crypto method Android is supporting for devices
which don't have AES CPU instructions. See the paper
"Adiantum: length-preserving encryption for entry-level processors"
(https://eprint.iacr.org/2018/720.pdf) for more details.
We add Adiantum to our list of supported crypto types.
Bug:
112010205
Test: Tested on a device
Change-Id: Ic190a9b90fc8bc077fdc7d60c9d5ae8d8f555025
Treehugger Robot [Mon, 10 Dec 2018 17:20:41 +0000 (17:20 +0000)]
Merge "DO NOT MERGE"
Treehugger Robot [Sat, 8 Dec 2018 02:03:37 +0000 (02:03 +0000)]
Merge "Check for errors in dup2"