OSDN Git Service
Jeff Sharkey [Wed, 29 Apr 2015 22:22:23 +0000 (15:22 -0700)]
Update primary symlinks after mounting.
Since otherwise we might have a stale path.
Bug:
19993667
Change-Id: I099e3dc0c5aa9ab6820cded4f2ae7fd6bf18ea40
Jeff Sharkey [Wed, 29 Apr 2015 15:57:18 +0000 (08:57 -0700)]
Property to enable debugging.
Bug:
19993667
Change-Id: Ie226e06edcb426caca2dbc97d2d5d60ae948c85e
Jeff Sharkey [Wed, 29 Apr 2015 04:17:43 +0000 (21:17 -0700)]
Scan failure still means we finished scan.
Bug:
19993667
Change-Id: If6a79391e34b652b2ba4e6df40a8e712f7a2e172
Elliott Hughes [Sat, 25 Apr 2015 17:24:04 +0000 (17:24 +0000)]
am
85c7c08e: am
d5aa67cc: Merge "Wait for completion of device mapping in mountObb"
* commit '
85c7c08e2511509a306c3a5b202ceda922f5f2b5':
Wait for completion of device mapping in mountObb
Elliott Hughes [Sat, 25 Apr 2015 17:02:47 +0000 (17:02 +0000)]
am
d5aa67cc: Merge "Wait for completion of device mapping in mountObb"
* commit '
d5aa67cc53bd10ba851179d634a7ed649958e5ee':
Wait for completion of device mapping in mountObb
Elliott Hughes [Sat, 25 Apr 2015 16:42:37 +0000 (16:42 +0000)]
Merge "Wait for completion of device mapping in mountObb"
yoshiyuki hama [Wed, 28 Jan 2015 07:37:23 +0000 (16:37 +0900)]
Wait for completion of device mapping in mountObb
The VolumeManager::mountObb() creates a mapping between
a loopback device and a dm device. However the device-mapper
carries it out asynchronously, so there is a possibility that
Vold accesses to the dm device which is being built. Added
waiting for completion of the mapping in that function, like
mountAsec().
To verify install FrameworksCoreTests.apk and do:
adb shell am instrument -r -w -e class android.os.storage.\
StorageManagerIntegrationTest#testMountTwoEncryptedObb \
com.android.frameworks.coretests/android.test.\
InstrumentationTestRunner
Change-Id: If42f4b7494bb2f8a8b72d106ad84b3e3bf91fd9b
Jeff Sharkey [Fri, 24 Apr 2015 23:00:03 +0000 (16:00 -0700)]
Migrate primary external storage.
When requested, kick off a thread that will migrate storage contents
between two locations. This is performed in several steps that
also interact with the framework:
1. Take old and new volumes offline during migration
2. Wipe new location clean (10% of progress)
3. Copy files from old to new (60% of progress)
4. Inform framework that move was successful so it can persist
5. Wipe old location clean (15% of progress)
Derives a hacky progress estimate by using a rough proxy of free
disk space changes while a cp/rm is taking place.
Add new internal path for direct access to volumes to bypass any
FUSE emulation overhead, and send it to framework. Remove mutex
around various exec calls since setexeccon() is already per-thread.
Bug:
19993667
Change-Id: Ibcb4f6fe0126d05b2365f316f53e71dc3e79a2b8
Jeff Sharkey [Tue, 21 Apr 2015 19:14:17 +0000 (12:14 -0700)]
Wider volume mutation lock, move force adoptable.
We eventually should move back to per-disk locks, but use a giant
lock to keep development rolling forward. Also move force adoptable
flag to framework since, since encrypted devices don't have persisted
properties loaded early during boot.
Bug:
19993667
Change-Id: Ifa3016ef41b038f8f71fc30bc81596cfd21dcd2a
Jeff Sharkey [Sun, 19 Apr 2015 22:55:42 +0000 (15:55 -0700)]
Handle *ALL* the SCSI disks!
Bug:
19993667
Change-Id: I47099c262686127f82dd376570d49cf0ad119842
Jeff Sharkey [Sun, 19 Apr 2015 21:57:55 +0000 (14:57 -0700)]
Notify when disk scan finished.
Bug:
19993667
Change-Id: I20dc183a35c11b5b4ba6139e690929b9c279b830
Jeff Sharkey [Sat, 18 Apr 2015 23:15:10 +0000 (16:15 -0700)]
Switch logging to system log, persistable prop.
Use system log for more durable log history. Also accept persistable
version of flag to force adoptability.
Bug:
19993667
Change-Id: Icdf36799e26038e9a8e2bdaca276d97b22ba3941
Jeff Sharkey [Sat, 18 Apr 2015 00:35:20 +0000 (17:35 -0700)]
Volumes know parent disks; unsupported disks.
This is cleaner and more direct than the reverse of having the disk
publish child volume membership. Rename state constants to match
public API. Add state representing bad removal. Make it clear that
volume flags are related to mounting.
Send new unsupported disk event when we finish scanning an entire
disk and have no meaningful volumes.
Bug:
19993667
Change-Id: I08a91452ff561171a484d1da5745293ec893aec0
Jeff Sharkey [Wed, 15 Apr 2015 06:14:23 +0000 (23:14 -0700)]
Lock while partitioning.
Otherwise we get really excited and trip over ourselves while
partitions are still being created.
Bug:
19993667
Change-Id: I034e56b3063a71d73f9311a945c05ea2ae255f7d
Jeff Sharkey [Wed, 15 Apr 2015 05:22:34 +0000 (22:22 -0700)]
Don't be picky about zap status.
Bug:
19993667
Change-Id: Id125d9252bf7130516c0ec619d5f067fea24d560
Jeff Sharkey [Tue, 14 Apr 2015 23:45:18 +0000 (16:45 -0700)]
Fix destroy ordering bug; add debug flag.
Bug:
19993667
Change-Id: Ib15e79a94a185843dace35fea7daaea866120f87
Jeff Sharkey [Mon, 13 Apr 2015 04:50:32 +0000 (21:50 -0700)]
Remember to tear down ASEC bind mount.
Bug:
19993667
Change-Id: I17093f0f9abe8762e5ee4f38ce99f9024e419dfc
Jeff Sharkey [Sun, 12 Apr 2015 23:03:33 +0000 (16:03 -0700)]
Emulated volumes above private volumes.
When a private volume is mounted, create an emulated volume above it
hosted at the /media path on that device. That emulated volume is
automatically torn down when unmounting the private volume.
Add "removed" state for volume, which signals to framework that
media has left the building, send when the volume is destroyed.
Bug:
19993667
Change-Id: I1f82b51de578ac5cfcc5d7b9a6fb44f6f25c775c
Jeff Sharkey [Thu, 9 Apr 2015 04:07:21 +0000 (21:07 -0700)]
Exclusive exec() path, format after partition.
Sadly setexeccon() is process global, so we need to carefully ensure
that all exec() are mutually exclusive to avoid transitioning into
unwanted domains. Also, because we have several threads floating
around, we need to guard all our FDs with O_CLOEXEC.
Format all newly created volumes immediately after partitioning,
but silence all events emitted from those volumes to prevent the
framework from getting all excited. Unify all notify events under a
single codepath to make them easy to silence.
Sent SIGINT before escalating to SIGTERM when unmounting.
Bug:
19993667
Change-Id: Idc6c806afc7919a004a93e2240b42884f6b52d6b
Mohamad Ayyash [Tue, 7 Apr 2015 18:44:08 +0000 (18:44 +0000)]
am
959de99a: am
f8c905e0: Merge "Add dependency on libsquashfs_utils due to fs_mgr dependency"
* commit '
959de99af47dec9ed7a3499ce57e4097be399d7d':
Add dependency on libsquashfs_utils due to fs_mgr dependency
Mohamad Ayyash [Tue, 7 Apr 2015 18:13:19 +0000 (18:13 +0000)]
am
f8c905e0: Merge "Add dependency on libsquashfs_utils due to fs_mgr dependency"
* commit '
f8c905e043cbeb76bf0d88dff5b5676f4e00f71c':
Add dependency on libsquashfs_utils due to fs_mgr dependency
Mohamad Ayyash [Tue, 7 Apr 2015 18:00:52 +0000 (18:00 +0000)]
Merge "Add dependency on libsquashfs_utils due to fs_mgr dependency"
Mohamad Ayyash [Tue, 7 Apr 2015 01:15:53 +0000 (18:15 -0700)]
Add dependency on libsquashfs_utils due to fs_mgr dependency
Change-Id: I894d18c2086a6532194f478853a9837eb4b6fc09
Signed-off-by: Mohamad Ayyash <mkayyash@google.com>
Jeff Sharkey [Mon, 6 Apr 2015 21:08:45 +0000 (14:08 -0700)]
Updates for expanded storage.
Mount private volumes at /mnt/expand, which is where we have new
SELinux policy waiting for us. Also ensure that foundational
directories are ready when mounting.
Create local fs_prepare_dir() wrapper that sets SELinux context
based on path, avoiding the need for a later restorecon.
Use UUID as directory name for public volumes. Wait a few seconds
before issuing first signal when force unmounting.
Bug:
19993667
Change-Id: If22595380faaae321705b06c87d877419620da48
Jeff Sharkey [Sun, 5 Apr 2015 04:38:59 +0000 (21:38 -0700)]
Add back "unmountable" volume state.
Also automatically unmount when format is requested.
Bug:
19993667
Change-Id: I2c81b7ccc9d69df61d7ae4df1e8224c02f260044
Jeff Sharkey [Thu, 2 Apr 2015 06:32:18 +0000 (23:32 -0700)]
Remove unused code.
Bug:
19993667
Change-Id: I1f6519655c5a366eca25e2329e1bf95d81b3bf8c
Jeff Sharkey [Thu, 2 Apr 2015 06:07:19 +0000 (23:07 -0700)]
Some CLOEXEC love.
Bug:
19993667
Change-Id: If8c0b346820f30c6a7dac495f935be17d677ffcc
Jeff Sharkey [Wed, 1 Apr 2015 18:54:32 +0000 (11:54 -0700)]
Different blkid and fsck execution domains.
vold works with two broad classes of block devices: untrusted devices
that come in from the wild, and trusted devices like PrivateVolume
which are encrypted.
When running blkid and fsck, we pick which SELinux execution domain
to use based on which class the device belongs to.
Bug:
19993667
Change-Id: I2695f028710a4863f0c3b2ed6da437f466401272
Jeff Sharkey [Tue, 31 Mar 2015 17:35:33 +0000 (10:35 -0700)]
Support for private (adopted) volumes.
This adds support for private volumes which is just a filesystem
wrapped in a dm-crypt layer. For now we're using the exact same
configuration as internal encryption (aes-cbc-essiv:sha256), but we
don't store any key material on the removable media. Instead, we
store the key on internal storage, and use the GPT partition GUID
to identify which key should be used.
This means that private external storage is effectively as secure as
the internal storage of the device. That is, if the internal storage
is encrypted, then our external storage key is also encrypted.
When partitioning disks, we now support a "private" mode which has
a PrivateVolume partition, and a currently unused 16MB metadata
partition reserved for future use. It also supports a "mixed" mode
which creates both a PublicVolume and PrivateVolume on the same
disk. Mixed mode is currently experimental.
For now, just add ext4 support to PrivateVolume; we'll look at f2fs
in a future change. Add VolumeBase lifecycle for setting up crypto
mappings, and extract blkid logic into shared method. Sprinkle some
more "static" around the cryptfs code to improve invariants.
Bug:
19993667
Change-Id: Ibd1df6250735b706959a1eb9d9f7219ea85912a0
Jeff Sharkey [Tue, 31 Mar 2015 04:22:07 +0000 (21:22 -0700)]
Fix 64 bit builds.
Change-Id: I4e30ecff3c29d0f8351c6f43de1c979c8c792fab
Jeff Sharkey [Fri, 13 Mar 2015 23:09:20 +0000 (16:09 -0700)]
Progress towards dynamic storage support.
Wire up new Disk and VolumeBase objects and events to start replacing
older DirectVolume code. Use filesystem UUID as visible PublicVolume
name to be more deterministic.
When starting, create DiskSource instances based on fstab, and watch
for kernel devices to appear. Turn matching devices into Disk
objects, scan for partitions, and create any relevant VolumeBase
objects. Broadcast all of these events towards userspace so the
framework can decide what to mount.
Keep track of the primary VolumeBase, and update the new per-user
/storage/self/primary symlink for all started users.
Provide a reset command that framework uses to start from a known
state when runtime is restarted. When vold is unexpectedly killed,
try recovering by unmounting everything under /mnt and /storage
before moving forward.
Remove UMS sharing support for now, since no current devices support
it; MTP is the recommended solution going forward because it offers
better multi-user support.
Switch killProcessesWithOpenFiles() to directly take signal. Fix
one SOCK_CLOEXEC bug, but SELinux says there are more lurking.
Bug:
19993667
Change-Id: I2dad1303aa4667ec14c52f774e2a28b3c1c1ff6d
Elliott Hughes [Mon, 30 Mar 2015 21:28:10 +0000 (21:28 +0000)]
am
8a0fde27: am
e9623fed: Merge "Fixed type mismatch for ioctl(BLKGETSIZE)"
* commit '
8a0fde272be430f66b2e5db6236aa732d2ba6efc':
Fixed type mismatch for ioctl(BLKGETSIZE)
Elliott Hughes [Mon, 30 Mar 2015 21:14:49 +0000 (21:14 +0000)]
am
e9623fed: Merge "Fixed type mismatch for ioctl(BLKGETSIZE)"
* commit '
e9623fede7a89d61952f983f0c0a294fc3563c9c':
Fixed type mismatch for ioctl(BLKGETSIZE)
Elliott Hughes [Mon, 30 Mar 2015 21:03:04 +0000 (21:03 +0000)]
Merge "Fixed type mismatch for ioctl(BLKGETSIZE)"
Hiroaki Miyazawa [Wed, 4 Feb 2015 04:29:15 +0000 (13:29 +0900)]
Fixed type mismatch for ioctl(BLKGETSIZE)
ioctl(BLKGETSIZE) expects unsigned long
(8 bytes on 64 bit environment).
This is fixing fails in android.os.storage.StorageManagerIntegrationTest
(in FrameworkCoreTests).
To verify, install FrameworksCoreTests.apk and do:
adb shell am instrument -r -w -e class android.os.storage.\
StorageManagerIntegrationTest#testMountSingleEncryptedObb \
com.android.frameworks.coretests/android.test.InstrumentationTestRunner
Change-Id: Ib6d5c7490c02521c93f107c35ad0aac49f6a3f1a
Paul Lawrence [Fri, 27 Mar 2015 23:31:44 +0000 (23:31 +0000)]
am
836e7860: am
8120c3d1: Merge "Adding e4crypt support"
* commit '
836e78608dcb16a490330e051416787df2ee14db':
Adding e4crypt support
Paul Lawrence [Fri, 27 Mar 2015 21:42:21 +0000 (21:42 +0000)]
am
8120c3d1: Merge "Adding e4crypt support"
* commit '
8120c3d1b2a8b4c6570c36bcdaf7c55392f5fa45':
Adding e4crypt support
Paul Lawrence [Fri, 27 Mar 2015 20:46:05 +0000 (20:46 +0000)]
Merge "Adding e4crypt support"
Paul Lawrence [Thu, 5 Mar 2015 17:46:23 +0000 (09:46 -0800)]
Adding e4crypt support
Redirect all crypto calls to e4crypt equivalents if file level encryption
detected. Note this change implements only the ones needed for minimal
functionality.
Requires matching change:
https://googleplex-android-review.git.corp.google.com/#/c/642778/
Change-Id: I622d1a91704de4b3ab655486e6d38cd6718e6016
Paul Lawrence [Thu, 5 Mar 2015 17:46:23 +0000 (09:46 -0800)]
Adding e4crypt support
Redirect all crypto calls to e4crypt equivalents if file level encryption
detected. Note this change implements only the ones needed for minimal
functionality.
Requires matching change:
https://googleplex-android-review.git.corp.google.com/#/c/642778/
Change-Id: I622d1a91704de4b3ab655486e6d38cd6718e6016
JP Abgrall [Mon, 16 Mar 2015 19:42:57 +0000 (12:42 -0700)]
fstrim: Don't double trim mountpoints with alternative fs types.
Now we skip mountpoints that are repeated.
Bug:
19744511
Change-Id: Iff1618274a07180e62a01c3e2479dc1d52baf267
Signed-off-by: JP Abgrall <jpa@google.com>
Dan Albert [Mon, 16 Mar 2015 17:35:17 +0000 (10:35 -0700)]
Update for libbase.
Change-Id: I23b1281a63031a7481ea7b33c9ddbdbe7d3d6174
Jeff Sharkey [Fri, 13 Mar 2015 20:47:50 +0000 (20:47 +0000)]
Merge "Follow NetlinkEvent refactoring."
Jeff Sharkey [Fri, 13 Mar 2015 20:40:50 +0000 (13:40 -0700)]
Follow NetlinkEvent refactoring.
Change-Id: I130b250a663cdfb379def24583523d0287ec31dd
Jeff Sharkey [Fri, 13 Mar 2015 18:05:07 +0000 (18:05 +0000)]
Merge "Checkpoint of better dynamic device support."
Jeff Sharkey [Tue, 3 Mar 2015 05:01:40 +0000 (21:01 -0800)]
Checkpoint of better dynamic device support.
This is the first in a series of changes that are designed to
introduce better support for dynamic block devices.
It starts by defining a new Volume object which represents a storage
endpoint that knows how to mount, unmount, and format itself. This
could be a filesystem directly on a partition, or it could be an
emulated FUSE filesystem, an ASEC, or an OBB.
These new volumes can be "stacked" so that unmounting a volume will
also unmount any volumes stacked above it. Volumes that provide
shared storage can also be asked to present themselves (through bind
mounts) into user-specific mount areas.
This change also adds a Disk class which is created based on block
kernel netlink events. Instead of waiting for partition events from
the kernel, it uses gptfdisk to read partition details and creates
the relevant Volume objects.
Change-Id: I0e8bc1f8f9dcb24405f5e795c0658998e22ae2f7
JP Abgrall [Fri, 6 Mar 2015 01:30:20 +0000 (17:30 -0800)]
fstrim: don't trim mount points flagged as notrim
Bug:
19624276
Change-Id: I84eeb029114d6ba2a26a53d4155d123d8acd7502
Nick Kralevich [Thu, 5 Mar 2015 21:15:39 +0000 (21:15 +0000)]
am
58819cde: am
cdcffc0d: am
3393bb65: Merge "fstrim.c: use open(O_DIRECTORY) instead of stat"
* commit '
58819cde54c61776bf72e8b3369d240cd2dc5b4d':
fstrim.c: use open(O_DIRECTORY) instead of stat
Nick Kralevich [Thu, 5 Mar 2015 21:10:01 +0000 (21:10 +0000)]
am
cdcffc0d: am
3393bb65: Merge "fstrim.c: use open(O_DIRECTORY) instead of stat"
* commit '
cdcffc0d29da177399eb403df00e6693ce5e83bb':
fstrim.c: use open(O_DIRECTORY) instead of stat
Nick Kralevich [Thu, 5 Mar 2015 21:03:15 +0000 (21:03 +0000)]
am
3393bb65: Merge "fstrim.c: use open(O_DIRECTORY) instead of stat"
* commit '
3393bb650fd931e494a0280fc13717f36aea22fc':
fstrim.c: use open(O_DIRECTORY) instead of stat
Nick Kralevich [Thu, 5 Mar 2015 20:57:54 +0000 (20:57 +0000)]
Merge "fstrim.c: use open(O_DIRECTORY) instead of stat"
Nick Kralevich [Thu, 5 Mar 2015 20:50:23 +0000 (12:50 -0800)]
fstrim.c: use open(O_DIRECTORY) instead of stat
open(O_DIRECTORY) returns an error if the open attempt
is against anything other than a directory. This basically
duplicates the check that the stat() call was trying to do.
Eliminate the unnecessary stat() call and use O_DIRECTORY
instead.
Change-Id: I1821abbed325f29a7214fdc41ed27cd9e26817d0
Shawn Willden [Thu, 26 Feb 2015 23:55:44 +0000 (23:55 +0000)]
am
42c79333: am
47bc0ffa: am
5054f7ee: Merge "Rename keymaster_device_t to keymaster0_device_t."
* commit '
42c793333c7cfdb311e0abbe0dfeb64074c9f34f':
Rename keymaster_device_t to keymaster0_device_t.
Shawn Willden [Thu, 26 Feb 2015 23:44:34 +0000 (23:44 +0000)]
am
47bc0ffa: am
5054f7ee: Merge "Rename keymaster_device_t to keymaster0_device_t."
* commit '
47bc0ffaddacc3514d12db1b8b8bb4b10eae13ea':
Rename keymaster_device_t to keymaster0_device_t.
Shawn Willden [Thu, 26 Feb 2015 23:31:10 +0000 (23:31 +0000)]
am
5054f7ee: Merge "Rename keymaster_device_t to keymaster0_device_t."
* commit '
5054f7ee4fa6e747eb8d08f60ec91ba6a9363878':
Rename keymaster_device_t to keymaster0_device_t.
Shawn Willden [Thu, 26 Feb 2015 23:24:53 +0000 (23:24 +0000)]
Merge "Rename keymaster_device_t to keymaster0_device_t."
JP Abgrall [Thu, 26 Feb 2015 19:16:57 +0000 (19:16 +0000)]
am
af057b52: am
aac44855: am
c19c6738: Merge "vold: acquire wakelock on fstrim thread"
* commit '
af057b52ea152701d30591be5ea0b74473a5c466':
vold: acquire wakelock on fstrim thread
JP Abgrall [Thu, 26 Feb 2015 19:10:57 +0000 (19:10 +0000)]
am
aac44855: am
c19c6738: Merge "vold: acquire wakelock on fstrim thread"
* commit '
aac44855caf0f2f7f2e655fc06ce9782b9c80af7':
vold: acquire wakelock on fstrim thread
JP Abgrall [Thu, 26 Feb 2015 19:03:35 +0000 (19:03 +0000)]
am
c19c6738: Merge "vold: acquire wakelock on fstrim thread"
* commit '
c19c67388cca4bda7b2042f065a7dc596f72fee8':
vold: acquire wakelock on fstrim thread
JP Abgrall [Thu, 26 Feb 2015 18:56:15 +0000 (18:56 +0000)]
Merge "vold: acquire wakelock on fstrim thread"
Shawn Willden [Thu, 26 Feb 2015 18:48:10 +0000 (18:48 +0000)]
am
b87264fb: Rename keymaster_device_t to keymaster0_device_t.
* commit '
b87264fb82818d5c64ccae454718845796953a88':
Rename keymaster_device_t to keymaster0_device_t.
Young-ho Cha [Fri, 20 Jun 2014 10:48:36 +0000 (19:48 +0900)]
vold: acquire wakelock on fstrim thread
If fstrim thread creation or detachment is failed, wakelock can be leaked.
So move wakelock acquire to do_fstrim_filesystems function
Change-Id: I4da3164343af83fae3e5b01700f43d1752661276
Signed-off-by: Young-ho Cha <ganadist@gmail.com>
Shawn Willden [Tue, 24 Feb 2015 16:51:34 +0000 (09:51 -0700)]
Rename keymaster_device_t to keymaster0_device_t.
This is to accomodate the new keymaster1_device_t, which has an entirely
different interface.
Soon I'll provide a libkeymaster which provides a unified (and nicer)
interface for dealing with both v0 and v1 keymaster implementations
using a v1 keymaster API. For now this change is just so that vold will
build and run.
Change-Id: I5c54282c12d1c4b8b22ed4929b6e6c724a94ede4
Shawn Willden [Tue, 24 Feb 2015 16:51:34 +0000 (09:51 -0700)]
Rename keymaster_device_t to keymaster0_device_t.
This is to accomodate the new keymaster1_device_t, which has an entirely
different interface.
Soon I'll provide a libkeymaster which provides a unified (and nicer)
interface for dealing with both v0 and v1 keymaster implementations
using a v1 keymaster API. For now this change is just so that vold will
build and run.
Change-Id: I5c54282c12d1c4b8b22ed4929b6e6c724a94ede4
Shawn Willden [Tue, 24 Feb 2015 16:51:34 +0000 (09:51 -0700)]
Rename keymaster_device_t to keymaster0_device_t.
This is to accomodate the new keymaster1_device_t, which has an entirely
different interface.
Soon I'll provide a libkeymaster which provides a unified (and nicer)
interface for dealing with both v0 and v1 keymaster implementations
using a v1 keymaster API. For now this change is just so that vold will
build and run.
Change-Id: I5c54282c12d1c4b8b22ed4929b6e6c724a94ede4
JP Abgrall [Wed, 11 Feb 2015 21:44:32 +0000 (13:44 -0800)]
crytpfs: fix clobbering of crypto info on keymaster failure
Changing the device lock (even from swipe to none) will cause the
master key to be re-encrypted.
If at that point keymaster fails (e.g. due to an incompatible keymaster update)
cryptfs will write back the now-incomplete crypto metadata.
Upon next reboot, userdata can't be decrypted.
Now we don't bother writing on keymaster failure.
Bug:
19301883
Change-Id: I2b9a1278f8b4d333ac8d567e17e2263005e99409
Elliott Hughes [Mon, 9 Feb 2015 04:15:13 +0000 (04:15 +0000)]
am
33b6de4b: am
d55d8dac: Merge "prevent ioctl_init() to write outside buffer"
* commit '
33b6de4b94e018b3cb621db5eabcb3a4f18bdd3d':
prevent ioctl_init() to write outside buffer
Elliott Hughes [Mon, 9 Feb 2015 04:15:13 +0000 (04:15 +0000)]
am
d773fc11: am
8c0a0db1: Merge "Change strncpy to strlcpy"
* commit '
d773fc118a30d3273888391ebf9f0ea5a916cd75':
Change strncpy to strlcpy
Paul Lawrence [Mon, 9 Feb 2015 04:14:28 +0000 (04:14 +0000)]
am
38394c7d: am
223fd1ca: Revert "Make encryption configurable"
* commit '
38394c7d2d6d5bd8c7467155587a78b912e2b7ab':
Revert "Make encryption configurable"
Elliott Hughes [Sat, 7 Feb 2015 07:38:37 +0000 (07:38 +0000)]
am
d55d8dac: Merge "prevent ioctl_init() to write outside buffer"
* commit '
d55d8dac45dc60cb2cc9e599d3e89532db0cfc39':
prevent ioctl_init() to write outside buffer
Elliott Hughes [Sat, 7 Feb 2015 07:38:37 +0000 (07:38 +0000)]
am
8c0a0db1: Merge "Change strncpy to strlcpy"
* commit '
8c0a0db1ad217f3238e31c291afa6b5e6a6fc98d':
Change strncpy to strlcpy
Elliott Hughes [Sat, 7 Feb 2015 07:29:43 +0000 (07:29 +0000)]
Merge "prevent ioctl_init() to write outside buffer"
Elliott Hughes [Sat, 7 Feb 2015 07:28:05 +0000 (07:28 +0000)]
Merge "Change strncpy to strlcpy"
Paul Lawrence [Sat, 7 Feb 2015 00:11:29 +0000 (00:11 +0000)]
am
223fd1ca: Revert "Make encryption configurable"
* commit '
223fd1cad8d627dc36e11da8cdd342c1a810d226':
Revert "Make encryption configurable"
Paul Lawrence [Fri, 6 Feb 2015 16:56:13 +0000 (16:56 +0000)]
Revert "Make encryption configurable"
This reverts commit
6a69cfc411c086f15d59b7dc105763af16620414.
The original fix seems to have led to boot failures in QA. Rather than
risk shipping, revert the change. Bug
18764230 reopened.
Requires change
https://googleplex-android-review.git.corp.google.com/#/c/629950/
Bug:
19278390
Bug:
19199624
Change-Id: Ia858c4db0abb917f9364ec8048f59ca4fb48e233
Nick Kralevich [Fri, 6 Feb 2015 17:26:25 +0000 (17:26 +0000)]
am
cf694550: am
d9f2082f: Merge "VolumeManager: don\'t use faccessat(AT_SYMLINK_NOFOLLOW)"
* commit '
cf694550b2ab718ddc28810b5a1ebe9cf5f46e7d':
VolumeManager: don't use faccessat(AT_SYMLINK_NOFOLLOW)
Nick Kralevich [Fri, 6 Feb 2015 17:20:23 +0000 (17:20 +0000)]
am
d9f2082f: Merge "VolumeManager: don\'t use faccessat(AT_SYMLINK_NOFOLLOW)"
* commit '
d9f2082fd798e77cc15735bc582507abb64c8ed4':
VolumeManager: don't use faccessat(AT_SYMLINK_NOFOLLOW)
Nick Kralevich [Fri, 6 Feb 2015 17:11:00 +0000 (17:11 +0000)]
Merge "VolumeManager: don't use faccessat(AT_SYMLINK_NOFOLLOW)"
Nick Kralevich [Fri, 6 Feb 2015 16:55:08 +0000 (08:55 -0800)]
VolumeManager: don't use faccessat(AT_SYMLINK_NOFOLLOW)
Don't use faccessat(AT_SYMLINK_NOFOLLOW). In Android, AT_SYMLINK_NOFOLLOW
is ignored. In glibc, it returns counter intuitive results when a
symbolic link is encountered, returning true all the time even though
an open(O_NOFOLLOW) will eventually fail.
Instead, stat the file and check to see if it's a regular file,
not a directory or symlink or some other weirdness.
In addition, fix a bug where isAsecInDirectory would return
true ("-1") if the asec directory didn't exist. It should return
false.
Bug:
18867827
Change-Id: I33d90e9095fad36ce0f83fde105b70f72e4eaef4
Henrik Baard [Fri, 6 Feb 2015 08:24:14 +0000 (09:24 +0100)]
Change strncpy to strlcpy
Change all function calls to strncpy to strlcpy.
Change-Id: I2bbefb7829d715847c5b26f4b9f0faddbd4c89d0
Marek Pola [Thu, 5 Feb 2015 13:22:34 +0000 (14:22 +0100)]
prevent ioctl_init() to write outside buffer
The strncpy operation does not write a 0 termination
if the name is larger than the target buffer.
Ensure that zero termination is always written using
safe strlcpy function.
Change-Id: Idb68cdff7cd1a860c1dfac7494fa99f3d382cb91
Elliott Hughes [Thu, 5 Feb 2015 20:35:09 +0000 (20:35 +0000)]
am
71f8d86f: am
f805a8b3: Merge "Change lseek to lseek64"
* commit '
71f8d86fdfc2c11f2d4176eabb98812bf41792e7':
Change lseek to lseek64
Elliott Hughes [Thu, 5 Feb 2015 20:26:52 +0000 (20:26 +0000)]
am
f805a8b3: Merge "Change lseek to lseek64"
* commit '
f805a8b3a917b163c789f1ad4b272560f98eb6f1':
Change lseek to lseek64
Elliott Hughes [Thu, 5 Feb 2015 20:16:03 +0000 (20:16 +0000)]
am
e22b21af: am
ebc83b3e: Merge "Fix memory leak in upgrade_crypt_ftr"
* commit '
e22b21af3a4d7729c23f559add26bc4f78cbaab1':
Fix memory leak in upgrade_crypt_ftr
Elliott Hughes [Thu, 5 Feb 2015 18:51:07 +0000 (18:51 +0000)]
am
ebc83b3e: Merge "Fix memory leak in upgrade_crypt_ftr"
* commit '
ebc83b3e8ef6d0dbab84bec88e0231c7911e5378':
Fix memory leak in upgrade_crypt_ftr
Elliott Hughes [Thu, 5 Feb 2015 17:36:01 +0000 (17:36 +0000)]
Merge "Change lseek to lseek64"
Elliott Hughes [Thu, 5 Feb 2015 17:08:58 +0000 (17:08 +0000)]
Merge "Fix memory leak in upgrade_crypt_ftr"
Björn Landström [Tue, 20 Jan 2015 11:43:56 +0000 (12:43 +0100)]
Change lseek to lseek64
Using lseek on 64-bit offset parameter caused failure
to write persistent data in crypto footer.
Changed calls to use lseek64 instead.
Change-Id: I4e4c397a6d36201b8b08be3017e17c9fac3b34e4
Henrik Baard [Thu, 5 Feb 2015 14:09:17 +0000 (15:09 +0100)]
Fix memory leak in upgrade_crypt_ftr
The structure crypt_persist_data was allocated,
but never freed.
Added free of allocated memory in normal and
error case.
Change-Id: I9aaa067e6f6501e8ce007f8659004b5dbcf2b246
Paul Lawrence [Tue, 3 Feb 2015 21:08:10 +0000 (13:08 -0800)]
Remove kdfs that were only used internally in LMP
Bug:
17439091
Change-Id: I55f92984c8234362597be3976a10626a0ed8763f
Paul Lawrence [Wed, 28 Jan 2015 21:21:30 +0000 (21:21 +0000)]
am
fcca3faa: Merge "Make encryption configurable"
* commit '
fcca3faad48fc37be78a7307ee94b1b55cb89f16':
Make encryption configurable
Paul Lawrence [Wed, 28 Jan 2015 21:14:19 +0000 (21:14 +0000)]
Merge "Make encryption configurable"
Elliott Hughes [Wed, 28 Jan 2015 20:14:17 +0000 (20:14 +0000)]
am
61c19efd: Merge "Add missing <string.h> include."
* commit '
61c19efd0b9015eb0a7350f8ec6b7e61ae5a75ab':
Add missing <string.h> include.
Elliott Hughes [Wed, 28 Jan 2015 20:04:02 +0000 (20:04 +0000)]
Merge "Add missing <string.h> include."
Elliott Hughes [Wed, 28 Jan 2015 19:47:21 +0000 (11:47 -0800)]
Add missing <string.h> include.
Change-Id: I31f5cd6fb4ff55d7cfe213f66955e3dbcbdff101
Paul Lawrence [Wed, 21 Jan 2015 17:58:26 +0000 (09:58 -0800)]
Make encryption configurable
Add maybeenabledefaultencryption function, that encrypts based
on the encryption flag and appropriate environment variable
Bug:
18764230
Change-Id: Id9a1967d09a7ae63a51240c0a5f3c41505af0e9a
Paul Lawrence [Mon, 26 Jan 2015 15:53:01 +0000 (15:53 +0000)]
am
6a69cfc4: Make encryption configurable
* commit '
6a69cfc411c086f15d59b7dc105763af16620414':
Make encryption configurable
Kenny Root [Fri, 23 Jan 2015 01:17:16 +0000 (01:17 +0000)]
am
26970299: Merge "Remove superfluous OpenSSL include paths."
* commit '
269702997153cdf92c65cfee277c76afed44e9e5':
Remove superfluous OpenSSL include paths.
Kenny Root [Fri, 23 Jan 2015 01:05:47 +0000 (01:05 +0000)]
Merge "Remove superfluous OpenSSL include paths."
Adam Langley [Fri, 23 Jan 2015 00:45:28 +0000 (16:45 -0800)]
Remove superfluous OpenSSL include paths.
The libcrypto and libssl modules (and their respective static and host
versions) use LOCAL_EXPORT_C_INCLUDE_DIRS thus just including the module
is sufficient.
Additionally, cryptfs.h was including an OpenSSL header just to get the
length of a SHA-256 hash. Rather than force all users of this header to
also depend on libcrypto, it's easier just to define that value in the
header file.
Change-Id: I3e3e0db906a212e1093944b298e4a8ff2e2fb07d