OSDN Git Service
Paul Crowley [Wed, 11 Aug 2021 22:16:58 +0000 (22:16 +0000)]
Detect factory reset and deleteAllKeys am:
0f74bd4811 am:
e00101c162
Original change: https://googleplex-android-review.googlesource.com/c/platform/system/vold/+/
15517876
Change-Id: I69599c6df94b66215fafe025bd6f8373ac44fbf7
Paul Crowley [Wed, 11 Aug 2021 22:01:51 +0000 (22:01 +0000)]
Detect factory reset and deleteAllKeys am:
0f74bd4811
Original change: https://googleplex-android-review.googlesource.com/c/platform/system/vold/+/
15517876
Change-Id: I3ac68496357b62e0887b41780299166d01d8fe29
Paul Crowley [Fri, 6 Aug 2021 22:16:10 +0000 (15:16 -0700)]
Detect factory reset and deleteAllKeys
Where metadata encryption is enabled, if there is no metadata encryption
key present and we are generating one anew, then there has been a
factory reset, and this is the first key to be generated. We then call
deleteAllKeys to ensure data from before the factory reset is securely
deleted.
This shouldn't really be necessary; the factory reset call itself
should be doing this. However there are currently three factory reset
paths (settings, recovery, fastboot -w) and it is not clear that all
three are doing this correctly on all devices. Obviously an attacker
can prevent this code from being run by running a version of the OS
that does not include this change; however, if the bootloader is
locked, then keys will be version bound such that they will only work
on locked devices with a sufficiently recent version of the OS. If
every sufficiently recent signed version of the OS includes this change
the attack is defeated.
Bug:
187105270
Test: booted Cuttlefish twice, checked logs
Ignore-AOSP-First: no merge path to this branch from AOSP.
Merged-In: I9c5c547140e8b1bbffb9c1d215f75251f0f1354e
Change-Id: I9c5c547140e8b1bbffb9c1d215f75251f0f1354e
Sean Keys [Wed, 7 Jul 2021 22:38:04 +0000 (22:38 +0000)]
Add command for setting the key binding seed
The seed value is passed to vold early in startup so that the
key-encryption keys are bound to the seed. This is useful for systems
like auto, in which the Android device may not require credentials to
use. In that case, the device should be bound to the rest of the system
(the car, in the case of auto) to guard against theft.
cherry-pick: aosp/
1757970
Test: manual
Bug:
157501579
Change-Id: I2e16387b0752a30ef226b5ddf32ebf955aa9610a
Merged-In: I2e16387b0752a30ef226b5ddf32ebf955aa9610a
Eric Biggers [Fri, 25 Jun 2021 21:07:46 +0000 (21:07 +0000)]
Ignore too-early earlyBootEnded on FDE devices am:
2ddc1338d7
Original change: https://googleplex-android-review.googlesource.com/c/platform/system/vold/+/
15109082
Change-Id: I23c01e02082020de396bc34b2846def0bb9c14d4
Eric Biggers [Thu, 24 Jun 2021 18:13:24 +0000 (11:13 -0700)]
Ignore too-early earlyBootEnded on FDE devices
Don't call IKeystoreMaintenance::earlyBootEnded() too early on FDE
devices, so that keystore2 doesn't have to be restarted.
Bug:
192090857
Test: Tested FDE on Cuttlefish, both first and non-first boots.
Verified via log that earlyBootEnded is now called only when it
should be, and that keystore2 no longer has to be restarted.
Change-Id: I03f816db194a8276ad19ca99b3c8894e8a5fed23
(cherry picked from commit
4859e0ca0f7fc5da217e8b388da76ece41dd726e)
Merged-In: I03f816db194a8276ad19ca99b3c8894e8a5fed23
Wale Ogunwale [Thu, 13 May 2021 22:17:21 +0000 (22:17 +0000)]
Revert "Change mounting storage data and obb flag to on by default"
Revert "Change mounting storage data and obb flag to on by default"
Revert "Remove storage app data isolation checking in CTS"
Revert submission
14325408-enable_storage_iso_2
Reason for revert: b/
187939590
Reverted Changes:
I6391b7381:Change mounting storage data and obb flag to on by...
Ic2f3d1be2:Remove storage app data isolation checking in CTS
Iffa8339b1:Change mounting storage data and obb flag to on by...
Bug:
187939590
Bug:
148049767
Change-Id: I8ef3e6fe0210bdf58e1292605ac1cc33a2eaafea
Satya Tangirala [Thu, 13 May 2021 22:58:51 +0000 (22:58 +0000)]
Merge "Fix bug with deferred commits for key upgrades in temporary directories" am:
54ebfb5806 am:
38c07b96a1 am:
a387eda4d4
Original change: https://android-review.googlesource.com/c/platform/system/vold/+/
1706645
Change-Id: I25a94c70abac50c65c1d04215bd58995e73f72ff
Satya Tangirala [Thu, 13 May 2021 22:42:09 +0000 (22:42 +0000)]
Merge "Fix bug with deferred commits for key upgrades in temporary directories" am:
54ebfb5806 am:
38c07b96a1
Original change: https://android-review.googlesource.com/c/platform/system/vold/+/
1706645
Change-Id: If03725290c7a6307255212471d682933360d2d9c
Satya Tangirala [Thu, 13 May 2021 22:26:53 +0000 (22:26 +0000)]
Merge "Fix bug with deferred commits for key upgrades in temporary directories" am:
54ebfb5806
Original change: https://android-review.googlesource.com/c/platform/system/vold/+/
1706645
Change-Id: I441e7684b9e35d168ef034456311e95c01e8b18b
Satya Tangirala [Thu, 13 May 2021 21:59:41 +0000 (21:59 +0000)]
Merge "Fix bug with deferred commits for key upgrades in temporary directories"
Satya Tangirala [Thu, 13 May 2021 07:43:03 +0000 (00:43 -0700)]
Fix bug with deferred commits for key upgrades in temporary directories
storeKeyAtomically() stores keys in a temp directory before renaming
that directory to the real target directory. However when the key is
stored in the temporary directory, the Keymaster storage key might get
upgraded, and it's possible that the temp directory is scheduled for a
deferred commit. storeKeyAtomically() renames that temp directory, but
doesn't update the list of directories marked for deferred commit.
This patch fixes this by removing the temp directory from the list and
adding the real target directory to that list instead.
This bug was found when trying to switch from using the guest keymint to
using the host remote keymint implementation on cuttlefish
(aosp/
1701925). The device triggers this bug (and boots to recovery)
when aosp/
1701925 is cherry-picked.
Co-Developed-By: Eric Biggers <ebiggers@google.com>
Test: Cuttlefish boots with and without aosp/
1701925
Change-Id: I3b6fd6ad32ed415da94423cca6f5a121c16472f2
Satya Tangirala [Wed, 12 May 2021 23:31:40 +0000 (23:31 +0000)]
Merge changes from topic "vold-keystore2-fixes" am:
98692ab9bb am:
545a13a568 am:
041bbff0bb
Original change: https://android-review.googlesource.com/c/platform/system/vold/+/
1705226
Change-Id: I160caec0094cf97c65cab0309d50c034016e0204
Satya Tangirala [Wed, 12 May 2021 23:07:33 +0000 (23:07 +0000)]
Merge changes from topic "vold-keystore2-fixes" am:
98692ab9bb am:
545a13a568
Original change: https://android-review.googlesource.com/c/platform/system/vold/+/
1705226
Change-Id: I5506a4ed4c7105d6102277b6fb659c3e39312197
Satya Tangirala [Wed, 12 May 2021 22:52:36 +0000 (22:52 +0000)]
Merge changes from topic "vold-keystore2-fixes" am:
98692ab9bb
Original change: https://android-review.googlesource.com/c/platform/system/vold/+/
1705226
Change-Id: I310d09e283e3d8804ba7154295d9b004e95cda98
Satya Tangirala [Wed, 12 May 2021 22:32:32 +0000 (22:32 +0000)]
Merge changes from topic "vold-keystore2-fixes"
* changes:
Remove unused constants and cleanup KeyStorage.cpp
Remove unused parameter "salt" from stretchSecret()
Use AServiceManager_waitForService() to connect to keystore2
Satya Tangirala [Wed, 12 May 2021 02:48:47 +0000 (19:48 -0700)]
Remove unused constants and cleanup KeyStorage.cpp
Now that the salt and hardware auth token related code has been removed,
we can remove the associated (and now unused) constants.
Also cleanup some comments and remove includes related to hardware auth
token support.
Bug:
181910578
Test: Cuttlefish boots.
Change-Id: I3733d5c6bbf6989adc165c554ee53faa2484f4b6
Satya Tangirala [Wed, 7 Apr 2021 21:30:25 +0000 (14:30 -0700)]
Remove unused parameter "salt" from stretchSecret()
stretchSecret() no longer uses the "salt" parameter, so remove it and
simplify callers
Bug:
181910578
Test: Cuttlefish boots.
Change-Id: Ic2d0742b22b98a66da37f435e274c9d385b8e188
Satya Tangirala [Mon, 12 Apr 2021 22:00:33 +0000 (15:00 -0700)]
Use AServiceManager_waitForService() to connect to keystore2
Vold currently uses AServiceManager_getService() to connect to
keystore2, which has an internal timeout of 5s. Since a lot of vold
keystore2 connection failures are fatal, we instead use
AServiceManager_waitForService(), which will wait efficiently for
keystore2 to start, instead of timing out after 5s.
Bug:
185934601
Test: Cuttlefish boots.
Change-Id: Ib4e977a997e020082382e0686f448d1aa72834ec
Songchun Fan [Tue, 11 May 2021 22:36:55 +0000 (22:36 +0000)]
Merge "[vold] pass along sysfs name in setOptions" into sc-dev
Treehugger Robot [Tue, 11 May 2021 21:04:06 +0000 (21:04 +0000)]
Merge "Show names of processes killed by KillProcessesWithOpenFiles()" am:
93dd933d85 am:
274804863c am:
c591e3d68f
Original change: https://android-review.googlesource.com/c/platform/system/vold/+/
1697789
Change-Id: I80cf3cf6b9d4e5e7f0ac32b0230cd9b6418cd047
Eric Biggers [Tue, 11 May 2021 21:04:02 +0000 (21:04 +0000)]
Merge "cryptfs: kill processes more quickly in wait_and_unmount()" am:
297b23837e am:
03e021ba56 am:
9d7718cf05
Original change: https://android-review.googlesource.com/c/platform/system/vold/+/
1702389
Change-Id: Ice91b35eda0f09cbb9d4a4e500a1e9984940b0f1
Treehugger Robot [Tue, 11 May 2021 21:02:19 +0000 (21:02 +0000)]
Merge "Show names of processes killed by KillProcessesWithOpenFiles()" am:
93dd933d85 am:
274804863c
Original change: https://android-review.googlesource.com/c/platform/system/vold/+/
1697789
Change-Id: I367b674134c4af229a6490c0c03bee93e3d46cdb
Treehugger Robot [Tue, 11 May 2021 20:39:27 +0000 (20:39 +0000)]
Merge "Show names of processes killed by KillProcessesWithOpenFiles()" am:
93dd933d85
Original change: https://android-review.googlesource.com/c/platform/system/vold/+/
1697789
Change-Id: Ifc538a3c7cee0df30b727b08333f2e037011656d
Eric Biggers [Tue, 11 May 2021 20:32:28 +0000 (20:32 +0000)]
Merge "cryptfs: kill processes more quickly in wait_and_unmount()" am:
297b23837e am:
03e021ba56
Original change: https://android-review.googlesource.com/c/platform/system/vold/+/
1702389
Change-Id: I56fa2f1b0a434c15e846319774028c435b905671
Treehugger Robot [Tue, 11 May 2021 20:24:49 +0000 (20:24 +0000)]
Merge "Show names of processes killed by KillProcessesWithOpenFiles()"
Eric Biggers [Tue, 11 May 2021 20:17:12 +0000 (20:17 +0000)]
Merge "cryptfs: kill processes more quickly in wait_and_unmount()" am:
297b23837e
Original change: https://android-review.googlesource.com/c/platform/system/vold/+/
1702389
Change-Id: I48bdc416c72646af7a6f87bad78e0b759e9f1080
Eric Biggers [Tue, 11 May 2021 20:00:14 +0000 (20:00 +0000)]
Merge "cryptfs: kill processes more quickly in wait_and_unmount()"
Eric Biggers [Tue, 11 May 2021 00:44:34 +0000 (17:44 -0700)]
cryptfs: kill processes more quickly in wait_and_unmount()
In wait_and_unmount(), kill the processes with open files after umount()
has been failing for 2 seconds rather than 17 seconds. This avoids a
long boot delay on devices that use FDE.
Detailed explanation:
On FDE devices, vold needs to unmount the tmpfs /data in order to mount
the real, decrypted /data. On first boot, it also needs to unmount the
unencrypted /data in order to encrypt it in-place.
/data can't be unmounted if files are open inside it. In theory, init
is responsible for killing all processes with open files in /data, via
the property trigger "vold.decrypt=trigger_shutdown_framework".
However, years ago, commit
6e8440fd5072 ("cryptfs: kill processes with
open files on tmpfs /data") added a fallback where vold kills the
processes itself. Since then, in practice people have increasingly been
relying on this fallback, as services keep being added that use /data
but don't get stopped by trigger_shutdown_framework.
This is slowing down boot, as vold sleeps for 17 seconds before it
actually kills the processes.
The problematic services include services that are now started
explicitly in the post-fs-data trigger rather than implicitly as part of
a class (e.g., tombstoned), as well as services that now need to be
started as part of one of the early-boot classes like core or early_hal
but can still open files in /data later (e.g. keystore2 and credstore).
Another complication is that on default-encrypted devices (devices with
no PIN/pattern/password), trigger_shutdown_framework isn't run at all,
but rather it's expected that the relevant services simply weren't
started yet. This means that we can't fix the problem just by fixing
trigger_shutdown_framework to kill all the needed processes.
Therefore, given that the vold fallback is being relied on in practice,
and FDE won't be supported much longer anyway (so simple fixes are very
much preferable here), let's just change wait_and_unmount() in vold to
use more appropriate timeouts. Instead of waiting for 17 seconds before
killing processes, just wait for 2 seconds. Keep the total timeout of
20 seconds, but spend most of it retrying killing the processes, and
only if the unmount is still failing.
This avoids the long boot delays in practice.
Bug:
187231646
Bug:
186165644
Test: Tested FDE on Cuttlefish, and checked logcat to verify that the
boot delay is gone.
Change-Id: Id06a9615a87988c8336396c49ee914b35f8d585b
Songchun Fan [Mon, 10 May 2021 23:19:38 +0000 (16:19 -0700)]
[vold] pass along sysfs name in setOptions
Ignore-AOSP-First: Will cherry-pick to AOSP
BUG:
187308584
Test: atest CtsContentTestCases:android.content.pm.cts.PackageManagerShellCommandIncrementalTest#testInstallWithIdSigNoMissingPages
Change-Id: Iacfe6b735458051f2848b1b766c2b00198b397d9
Eric Biggers [Wed, 5 May 2021 19:11:33 +0000 (12:11 -0700)]
Show names of processes killed by KillProcessesWithOpenFiles()
Otherwise only the pids are shown, and it's hard to tell which
processes actually got killed.
Bug:
187231646
Change-Id: Icccf60d0ad4439d702f36ace31abe092df1c69c2
Xin Li [Sat, 8 May 2021 02:37:01 +0000 (02:37 +0000)]
[automerger skipped] Merge "DO NOT MERGE - Mark RQ2A.210105.001 as merged." am:
ef439c5367 -s ours am:
477eb9ac9c -s ours am:
4e3d21ca95 -s ours
am skip reason: subject contains skip directive
Original change: https://android-review.googlesource.com/c/platform/system/vold/+/
1699301
Change-Id: I4e3c7fc2fad871976660fa73053cfc3e5d8ea041
Xin Li [Sat, 8 May 2021 02:13:44 +0000 (02:13 +0000)]
[automerger skipped] Merge "DO NOT MERGE - Mark RQ2A.210105.001 as merged." am:
ef439c5367 -s ours am:
477eb9ac9c -s ours
am skip reason: Merged-In Ic37985f98e6cbfe4fa38b981d3332c4dfc40c5b8 with SHA-1
5f2a9fee66 is already in history
Original change: https://android-review.googlesource.com/c/platform/system/vold/+/
1699301
Change-Id: Ifbb2163da12fde662e0f36a992feb1991ef8e37c
Xin Li [Sat, 8 May 2021 01:48:49 +0000 (01:48 +0000)]
[automerger skipped] Merge "DO NOT MERGE - Mark RQ2A.210105.001 as merged." am:
ef439c5367 -s ours
am skip reason: Merged-In Ic37985f98e6cbfe4fa38b981d3332c4dfc40c5b8 with SHA-1
5f2a9fee66 is already in history
Original change: https://android-review.googlesource.com/c/platform/system/vold/+/
1699301
Change-Id: Icb4c65c9d0b4e9f1dfefb9d7bdf3e68a799e7fa2
Xin Li [Sat, 8 May 2021 01:28:13 +0000 (01:28 +0000)]
Merge "DO NOT MERGE - Mark RQ2A.210105.001 as merged."
Xin Li [Fri, 7 May 2021 21:32:31 +0000 (14:32 -0700)]
DO NOT MERGE - Mark RQ2A.210105.001 as merged.
Bug:
180401296
Merged-In: Ic37985f98e6cbfe4fa38b981d3332c4dfc40c5b8
Change-Id: Ic82b58f8975ae7b5410d87536342f83e827a7893
rickywai [Thu, 6 May 2021 09:11:49 +0000 (09:11 +0000)]
Merge "Always unmount data and obb directory that mounted" am:
ae11ab712f am:
270b1dabbc am:
61ae848c4d
Original change: https://android-review.googlesource.com/c/platform/system/vold/+/
1697365
Change-Id: Ief7e515c3e4ebe52fc9dbcfc781bbcd66c020f80
rickywai [Thu, 6 May 2021 08:40:40 +0000 (08:40 +0000)]
Merge "Always unmount data and obb directory that mounted" am:
ae11ab712f am:
270b1dabbc
Original change: https://android-review.googlesource.com/c/platform/system/vold/+/
1697365
Change-Id: I3d068df59d9ba0786437a32f1750d271f142581d
rickywai [Thu, 6 May 2021 08:25:13 +0000 (08:25 +0000)]
Merge "Always unmount data and obb directory that mounted" am:
ae11ab712f
Original change: https://android-review.googlesource.com/c/platform/system/vold/+/
1697365
Change-Id: I44aaffd7ecd95ec60af7559592d684460b32c5da
rickywai [Thu, 6 May 2021 08:09:05 +0000 (08:09 +0000)]
Merge "Always unmount data and obb directory that mounted"
Alan Stokes [Wed, 5 May 2021 15:04:04 +0000 (15:04 +0000)]
[automerger skipped] Merge "Only kill apps with storage app data isolation enabled" am:
b2678b6654 am:
53d7796ccd am:
dedb2c1a13 -s ours
am skip reason: Merged-In I45d9a63ed47cbc27aebb63357a43f51ad62275db with SHA-1
a58b535495 is already in history
Original change: https://android-review.googlesource.com/c/platform/system/vold/+/
1690874
Change-Id: I641a83e69e7b3ffc267997503cc741cb8a04f030
Alan Stokes [Wed, 5 May 2021 14:45:44 +0000 (14:45 +0000)]
Merge "Only kill apps with storage app data isolation enabled" am:
b2678b6654 am:
53d7796ccd
Original change: https://android-review.googlesource.com/c/platform/system/vold/+/
1690874
Change-Id: I807f10f18d56c8ff1ef36f6b5cad85f2ee911184
Ricky Wai [Wed, 5 May 2021 14:43:45 +0000 (14:43 +0000)]
Always unmount data and obb directory that mounted
Otherwise, when system removes user's volume, it will hang
as there are mounts (obb and data mounts) still remain mounted in system.
Bug:
187122943
Test: atest UserLifecycleTests#managedProfileUnlock_stopped, it's not blocked anymore
Change-Id: Ic37985f98e6cbfe4fa38b981d3332c4dfc40c5b8
Alan Stokes [Wed, 5 May 2021 14:30:21 +0000 (14:30 +0000)]
Merge "Only kill apps with storage app data isolation enabled" am:
b2678b6654
Original change: https://android-review.googlesource.com/c/platform/system/vold/+/
1690874
Change-Id: I063073d4419566c11207a147ac3260d4cee671a3
Alan Stokes [Wed, 5 May 2021 14:16:00 +0000 (14:16 +0000)]
Merge "Only kill apps with storage app data isolation enabled"
Eric Biggers [Tue, 4 May 2021 16:58:24 +0000 (16:58 +0000)]
Merge "Log error message if setting project quota ID fails" am:
7505efbd5d am:
44df16de69 am:
1768a47b25
Original change: https://android-review.googlesource.com/c/platform/system/vold/+/
1694189
Change-Id: If76a5f6341b8f21ed49e079e14bd67362fb35f7a
Eric Biggers [Tue, 4 May 2021 16:42:09 +0000 (16:42 +0000)]
Merge "Log error message if setting project quota ID fails" am:
7505efbd5d am:
44df16de69
Original change: https://android-review.googlesource.com/c/platform/system/vold/+/
1694189
Change-Id: Idc0cff5798358f977445ebe4f104ccf2fbb42cce
Eric Biggers [Tue, 4 May 2021 16:19:11 +0000 (16:19 +0000)]
Merge "Log error message if setting project quota ID fails" am:
7505efbd5d
Original change: https://android-review.googlesource.com/c/platform/system/vold/+/
1694189
Change-Id: I64ee98eb6505837197aa509a8b9e21a952739966
Eric Biggers [Tue, 4 May 2021 16:06:14 +0000 (16:06 +0000)]
Merge "Log error message if setting project quota ID fails"
Songchun Fan [Tue, 4 May 2021 00:14:40 +0000 (00:14 +0000)]
Merge "[vold] pass sysfs_name to mount options" into sc-dev
Eric Biggers [Mon, 3 May 2021 19:29:40 +0000 (12:29 -0700)]
Log error message if setting project quota ID fails
Otherwise, the only sign of what went wrong may be system_server
logging a "ServiceSpecificException".
Bug:
187079978
Change-Id: I59b2ba2b0e679dfd1ec1fd8fff6790256fbfdf29
Ricky Wai [Fri, 30 Apr 2021 08:53:07 +0000 (09:53 +0100)]
Only kill apps with storage app data isolation enabled
Originally it kills all the apps with obb and data mounted.
Due to recent changes, all apps will have obb and data dirs mounted
in default root namespace. Hence all apps will be killed by
by KillProcessesWithMounts().
To fix this, we also check if the dir is mounted as tmpfs,
as the default namespace one is bind mounted to lowerfs,
which app data isolation is mounted as tmpfs, so we only
kill the process that have obb dir mounted as tmpfs.
Bug:
148049767
Test: Able to boot without warnings
Change-Id: I5f862ad6f64f5df739b68ea7c9815352bae3be5c
Merged-In: I45d9a63ed47cbc27aebb63357a43f51ad62275db
Ricky Wai [Fri, 30 Apr 2021 13:49:13 +0000 (13:49 +0000)]
Merge "Only kill apps with storage app data isolation enabled" into sc-dev
Ricky Wai [Thu, 29 Apr 2021 16:47:28 +0000 (17:47 +0100)]
Only kill apps with storage app data isolation enabled
Originally it kills all the apps with obb and data mounted.
Due to recent changes, all apps will have obb and data dirs mounted
in default root namespace. Hence all apps will be killed by
by KillProcessesWithMounts().
To fix this, we also check if the dir is mounted as tmpfs,
as the default namespace one is bind mounted to lowerfs,
which app data isolation is mounted as tmpfs, so we only
kill the process that have obb dir mounted as tmpfs.
Bug:
148049767
Test: Able to boot without warnings / errors
Ignore-AOSP-First: Merge it along with other CLs, will cherry-pick to
AOSP afterwards.
Change-Id: I45d9a63ed47cbc27aebb63357a43f51ad62275db
Ricky Wai [Tue, 23 Mar 2021 18:13:07 +0000 (18:13 +0000)]
Change mounting storage data and obb flag to on by default
Change mounting storage data and obb flag to on by default
Test: unbundled/launcher/nexus_unit_test_multi_device_platform
Test: atest android.appsecurity.cts.ExternalStorageHostTest
Test: atest AdoptableHostTest
Test: pass cts/cts_postsubmit_cf_stable-cloud-tf
Bug:
148049767
Ignore-AOSP-First: Merge it along with other CLs, will cherry-pick to
AOSP afterwards.
Change-Id: I6391b7381699b4ffdbf715b67938bc3f79a5210c
Songchun Fan [Tue, 27 Apr 2021 19:46:02 +0000 (12:46 -0700)]
[vold] pass sysfs_name to mount options
Ignore-AOSP-First: Will cherry-pick to AOSP
Test: manual
BUG:
184844615
Change-Id: I216210132f49f55098c0f2d1b8d4e571b22cfcc4
Treehugger Robot [Mon, 26 Apr 2021 20:27:50 +0000 (20:27 +0000)]
Merge "Fix cryptfs RSA signing with keystore2" am:
d2bb367549 am:
97455f85b0 am:
f04542fcac
Original change: https://android-review.googlesource.com/c/platform/system/vold/+/
1684055
Change-Id: I0762df0881f194acd1d1a13dc1eae54647ac02f6
Treehugger Robot [Mon, 26 Apr 2021 19:50:00 +0000 (19:50 +0000)]
Merge "Fix cryptfs RSA signing with keystore2" am:
d2bb367549 am:
97455f85b0
Original change: https://android-review.googlesource.com/c/platform/system/vold/+/
1684055
Change-Id: Ia25afd08bb0a0400d24343f37aeea4246f3ec1e8
Treehugger Robot [Mon, 26 Apr 2021 19:13:28 +0000 (19:13 +0000)]
Merge "Fix cryptfs RSA signing with keystore2" am:
d2bb367549
Original change: https://android-review.googlesource.com/c/platform/system/vold/+/
1684055
Change-Id: Ib91a29bf3d216c09ece619b9554c8f391efbe5fd
Treehugger Robot [Mon, 26 Apr 2021 18:51:13 +0000 (18:51 +0000)]
Merge "Fix cryptfs RSA signing with keystore2"
Hasini Gunasinghe [Fri, 23 Apr 2021 23:48:18 +0000 (23:48 +0000)]
Merge "Make vold use the updated keystore 2 API for storage keys." am:
68bdb45cf8 am:
0e9eb8ebca am:
d14ab5c35c
Original change: https://android-review.googlesource.com/c/platform/system/vold/+/
1681547
Change-Id: I26878bfc82857c05539c1a2705ddcb3fad0c3fb4
Hasini Gunasinghe [Fri, 23 Apr 2021 23:25:35 +0000 (23:25 +0000)]
Merge "Make vold use the updated keystore 2 API for storage keys." am:
68bdb45cf8 am:
0e9eb8ebca
Original change: https://android-review.googlesource.com/c/platform/system/vold/+/
1681547
Change-Id: I8ee13ffd60784cee2ffbe8ff640b30a0f7716f5f
Hasini Gunasinghe [Fri, 23 Apr 2021 23:03:46 +0000 (23:03 +0000)]
Merge "Make vold use the updated keystore 2 API for storage keys." am:
68bdb45cf8
Original change: https://android-review.googlesource.com/c/platform/system/vold/+/
1681547
Change-Id: Ib4156e85984c903cf521977e39522d013daf140c
Hasini Gunasinghe [Fri, 23 Apr 2021 22:39:04 +0000 (22:39 +0000)]
Merge "Make vold use the updated keystore 2 API for storage keys."
Eric Biggers [Thu, 22 Apr 2021 23:36:58 +0000 (16:36 -0700)]
Fix cryptfs RSA signing with keystore2
Fix KeymasterOperation::updateCompletely() to not treat an empty output
as an error, since for RSA signing (used by cryptfs / FDE) it is
expected that the output from update() be empty. The output is instead
produced at the end by finish().
This is one of a set of changes that is needed to get FDE working again
so that devices that launched with FDE can be upgraded to Android 12.
Bug:
186165644
Change-Id: Icf120f8b9526d051d0ebe16bc8ad1edf712241e1
Jaegeuk Kim [Tue, 20 Apr 2021 23:20:48 +0000 (23:20 +0000)]
Merge "mkfs_f2fs: give the log in kernel" am:
177b9db866 am:
b79f93bea9 am:
52b6cc4a8a
Original change: https://android-review.googlesource.com/c/platform/system/vold/+/
1677035
Change-Id: Idc20fc59694a4fefb0118c9e18c948e3af8cd8fe
Jaegeuk Kim [Tue, 20 Apr 2021 22:54:45 +0000 (22:54 +0000)]
Merge "mkfs_f2fs: give the log in kernel" am:
177b9db866 am:
b79f93bea9
Original change: https://android-review.googlesource.com/c/platform/system/vold/+/
1677035
Change-Id: I10b8cf99a771b28e66a2c9a391b7c9d00281d492
Jaegeuk Kim [Tue, 20 Apr 2021 22:26:22 +0000 (22:26 +0000)]
Merge "mkfs_f2fs: give the log in kernel" am:
177b9db866
Original change: https://android-review.googlesource.com/c/platform/system/vold/+/
1677035
Change-Id: I55cce35d98afdf058854746e90c42be6c4f7d52c
Jaegeuk Kim [Tue, 20 Apr 2021 22:08:26 +0000 (22:08 +0000)]
Merge "mkfs_f2fs: give the log in kernel"
Janis Danisevskis [Tue, 20 Apr 2021 19:50:58 +0000 (12:50 -0700)]
Make vold use the updated keystore 2 API for storage keys.
This CL updates vold to use the updated storage key API that provides an
optional upgraded key blob. In this patch the upgraded key blob is not
yet stored by vold.
Bug:
185811713
Test: N/A
Change-Id: I39eeb20df0eb2b023479f3adebab264d29d00048
Jaegeuk Kim [Wed, 14 Apr 2021 19:02:41 +0000 (12:02 -0700)]
mkfs_f2fs: give the log in kernel
It's very useful to see the mkfs log in console to debug any issues.
Bug:
172378121
Signed-off-by: Jaegeuk Kim <jaegeuk@google.com>
Change-Id: Icdac3609860cf0bba3fa758cead885bd4960f2c0
Treehugger Robot [Thu, 15 Apr 2021 04:42:14 +0000 (04:42 +0000)]
Merge "vold: add getUnlockedUsers() method to Binder interface" am:
5e5819a761 am:
ffcb495f2c am:
b22fa25e7b
Original change: https://android-review.googlesource.com/c/platform/system/vold/+/
1674805
Change-Id: I46101eff7eaa690af8c3dc53442ba05d9a30bb8b
Treehugger Robot [Thu, 15 Apr 2021 03:52:14 +0000 (03:52 +0000)]
Merge "vold: add getUnlockedUsers() method to Binder interface" am:
5e5819a761 am:
ffcb495f2c
Original change: https://android-review.googlesource.com/c/platform/system/vold/+/
1674805
Change-Id: I6a28604fbf87bc8e299596eaed5261f2925676dd
Treehugger Robot [Thu, 15 Apr 2021 03:06:01 +0000 (03:06 +0000)]
Merge "vold: add getUnlockedUsers() method to Binder interface" am:
5e5819a761
Original change: https://android-review.googlesource.com/c/platform/system/vold/+/
1674805
Change-Id: I6b491e5939d3c878351bdfed3452e95ca8f19a89
Treehugger Robot [Thu, 15 Apr 2021 02:33:22 +0000 (02:33 +0000)]
Merge "vold: add getUnlockedUsers() method to Binder interface"
Eric Biggers [Tue, 6 Apr 2021 19:02:56 +0000 (12:02 -0700)]
vold: add getUnlockedUsers() method to Binder interface
This is needed so that system_server can remind itself about which users
have their storage unlocked, if system_server is restarted due to a
userspace reboot (soft restart).
Bug:
146206679
Test: see I482ed8017f7bbc8f7d4fd5a2c0f58629317ce4ed
Change-Id: I02f0494d827094bd41bcfe5f63c24e204b728595
(cherry picked from commit
1799debfd6561ca7348880bb59ad8c059f4891b0)
Eric Biggers [Tue, 13 Apr 2021 17:52:02 +0000 (17:52 +0000)]
Merge "vold: add getUnlockedUsers() method to Binder interface" into sc-dev
Eric Biggers [Tue, 6 Apr 2021 19:02:56 +0000 (12:02 -0700)]
vold: add getUnlockedUsers() method to Binder interface
This is needed so that system_server can remind itself about which users
have their storage unlocked, if system_server is restarted due to a
userspace reboot (soft restart).
Bug:
146206679
Test: see I482ed8017f7bbc8f7d4fd5a2c0f58629317ce4ed
Change-Id: I02f0494d827094bd41bcfe5f63c24e204b728595
Alex Buynytskyy [Thu, 1 Apr 2021 20:43:14 +0000 (13:43 -0700)]
Adding an option to shorten the read timeout.
E.g. during installation to protect the system.
Ignore-AOSP-First: this depends on changes to framework and/or incfs and does not make sense without them. We'll merge it at a single large scale merge later.
Bug:
160635296
Test: atest PackageManagerShellCommandTest PackageManagerShellCommandIncrementalTest IncrementalServiceTest PackageManagerServiceTest ChecksumsTest
Change-Id: I5851e1e9dbc8e8c2b331c407002cf7133bf6e35a
Satya Tangirala [Thu, 8 Apr 2021 02:21:37 +0000 (02:21 +0000)]
Merge changes from topic "vold-use-keystore2" am:
08873d0d7d am:
54460f0635 am:
10912a295f
Original change: https://android-review.googlesource.com/c/platform/system/vold/+/
1649730
Change-Id: I3f8ea815c5c3de2678c11815ddaf41776d470552
Satya Tangirala [Thu, 8 Apr 2021 02:21:36 +0000 (02:21 +0000)]
Make vold use keystore2 instead of keymaster am:
e8de4ffd73 am:
7a8ac746a2 am:
b79360f80c
Original change: https://android-review.googlesource.com/c/platform/system/vold/+/
1640885
Change-Id: I7445d17137f563c5cb3f6d8e62f4bb92da2c2fa1
Satya Tangirala [Thu, 8 Apr 2021 02:21:34 +0000 (02:21 +0000)]
Remove HardwareAuthToken support from vold::Keymaster am:
e13617100d am:
695fadddf3 am:
57e480b3d5
Original change: https://android-review.googlesource.com/c/platform/system/vold/+/
1640884
Change-Id: Ia1d707a541b18d29ad9643294f6868d48422fa78
Satya Tangirala [Thu, 8 Apr 2021 01:36:42 +0000 (01:36 +0000)]
Merge changes from topic "vold-use-keystore2" am:
08873d0d7d am:
54460f0635
Original change: https://android-review.googlesource.com/c/platform/system/vold/+/
1649730
Change-Id: I8a70c04881275aa5e3bf4cf629316870798df27a
Satya Tangirala [Thu, 8 Apr 2021 01:36:41 +0000 (01:36 +0000)]
Make vold use keystore2 instead of keymaster am:
e8de4ffd73 am:
7a8ac746a2
Original change: https://android-review.googlesource.com/c/platform/system/vold/+/
1640885
Change-Id: I7a45fdb9ed25c5543d0a9dda80106241f90e53db
Satya Tangirala [Thu, 8 Apr 2021 01:36:40 +0000 (01:36 +0000)]
Remove HardwareAuthToken support from vold::Keymaster am:
e13617100d am:
695fadddf3
Original change: https://android-review.googlesource.com/c/platform/system/vold/+/
1640884
Change-Id: I84747f3ea29f6b78f8f1a9bb11959a46ec8c3189
Satya Tangirala [Thu, 8 Apr 2021 00:52:41 +0000 (00:52 +0000)]
Merge changes from topic "vold-use-keystore2" am:
08873d0d7d
Original change: https://android-review.googlesource.com/c/platform/system/vold/+/
1649730
Change-Id: Ie7db671fc7e90fa86cf84773786ea6afaab37a7f
Satya Tangirala [Thu, 8 Apr 2021 00:52:40 +0000 (00:52 +0000)]
Make vold use keystore2 instead of keymaster am:
e8de4ffd73
Original change: https://android-review.googlesource.com/c/platform/system/vold/+/
1640885
Change-Id: I0a9b288902f5bb0f27d524dcf509ce461e4495fe
Satya Tangirala [Thu, 8 Apr 2021 00:52:35 +0000 (00:52 +0000)]
Remove HardwareAuthToken support from vold::Keymaster am:
e13617100d
Original change: https://android-review.googlesource.com/c/platform/system/vold/+/
1640884
Change-Id: Id8528a10d976e94e8bdb4e308d91107b1afdced6
Satya Tangirala [Thu, 8 Apr 2021 00:48:19 +0000 (00:48 +0000)]
Merge changes from topic "vold-use-keystore2"
* changes:
Remove Keymaster::isSecure() and simplify callers
Make vold use keystore2 instead of keymaster
Remove HardwareAuthToken support from vold::Keymaster
Satya Tangirala [Tue, 23 Mar 2021 06:29:15 +0000 (23:29 -0700)]
Remove Keymaster::isSecure() and simplify callers
Now that isSecure() always returns true, we can remove it and simplify
all the callers (i.e. cryptfs). Refer to the commit description for
Iaebfef082eca0da8a305043fafb6d85e5de14cf8 for why this function always
return true.
Bug:
181910578
Test: Cuttlefish and bramble boot
Change-Id: I185dd8180bd7842b05295263f0b1aa7205329a88
Satya Tangirala [Mon, 1 Mar 2021 06:32:07 +0000 (22:32 -0800)]
Make vold use keystore2 instead of keymaster
Make vold use keystore2 for all its operations instead of directly using
keymaster. This way, we won't have any clients that bypass keystore2,
and we'll no longer need to reserve a keymaster operation for vold.
Note that we now hardcode "SecurityLevel::TRUSTED_ENVIRONMENT" (TEE)
when talking to Keystore2 since Keystore2 only allows TEE and STRONGBOX.
Keystore2 presents any SOFTWARE implementation as a TEE to callers when
no "real" TEE is present. As far as storage encryption is concerned,
there's no advantage to using a STRONGBOX when a "real" TEE is present,
and a STRONGBOX can't be present if a "real" TEE isn't, so asking
Keystore2 for a TEE is the best we can do in any situation.
The difference in behaviour only really affects the full disk encryption
code in cryptfs.cpp, which used to explicitly check that the keymaster
device is a "real" TEE (as opposed to a SOFTWARE implementation) before
using it (it can no longer do so since Keystore2 doesn't provide a way
to do this).
A little code history digging (
7c49ab0a0b in particular) shows that
cryptfs.cpp cared about two things when using a keymaster.
- 1) that the keys generated by the keymaster were "standalone" keys -
i.e. that the keymaster could operate on those keys without
requiring /data or any other service to be available.
- 2) that the keymaster was a non-SOFTWARE implementation so that things
would still work in case a "real" TEE keymaster was ever somehow
added to the device after first boot.
Today, all "real" TEE keymasters always generate "standalone" keys, and
a TEE has been required in Android devices since at least Android N. The
only two exceptions are Goldfish and ARC++, which have SOFTWARE
keymasters, but both those keymasters also generate "standalone" keys.
We're also no longer worried about possibly adding a "real" TEE KM to
either of those devices after first boot. So there's no longer a reason
cryptfs.cpp can't use the SOFTWARE keymaster on those devices.
There's also already an upgrade path in place (see
test_mount_encrypted_fs() in cryptfs.cpp) to upgrade the kdf that's
being used once a TEE keymaster is added to the device. So it's safe for
cryptfs.cpp to ask for a TEE keymaster from Keystore2 and use it
blindly, without checking whether or not it's a "real" TEE, which is why
Keymaster::isSecure() just returns true now. A future patch will remove
that function and simplify its callers.
Bug:
181910578
Test: cuttlefish and bramble boot. Adding, switching between, stopping
and removing users work.
Change-Id: Iaebfef082eca0da8a305043fafb6d85e5de14cf8
Satya Tangirala [Mon, 15 Mar 2021 22:33:08 +0000 (15:33 -0700)]
Remove HardwareAuthToken support from vold::Keymaster
HardwareAuthTokens are no longer used by vold since Android P. So remove
the auth token parameter from vold. This patch doesn't remove the token
from IVold.aidl, and the methods in VoldNativeService.cpp return an
error if a non-empty auth token is passed to them.
Bug:
181910578
Test: cuttlefish and bramble boot with patch
Change-Id: I1a9f54e10f9efdda9973906afd0a5de5a699ada5
Alan Stokes [Tue, 23 Mar 2021 19:14:47 +0000 (19:14 +0000)]
Merge "Vold will always bind mount obb and data dirs to lowerfs" am:
159a11f600 am:
fab8b2835b am:
00a48a7a99
Original change: https://android-review.googlesource.com/c/platform/system/vold/+/
1647187
Change-Id: I4e22134f7590e94e619361b7d7814b6b4b0585f8
Alan Stokes [Tue, 23 Mar 2021 18:52:12 +0000 (18:52 +0000)]
Merge "Vold will always bind mount obb and data dirs to lowerfs" am:
159a11f600 am:
fab8b2835b
Original change: https://android-review.googlesource.com/c/platform/system/vold/+/
1647187
Change-Id: I1cba8f70b47d325e7dd8ae005bff12db7a8f3b3f
Alan Stokes [Tue, 23 Mar 2021 18:12:19 +0000 (18:12 +0000)]
Merge "Vold will always bind mount obb and data dirs to lowerfs" am:
159a11f600
Original change: https://android-review.googlesource.com/c/platform/system/vold/+/
1647187
Change-Id: I23b628c92b76f84511f0c8fc87b7b8aa52eb20a6
Alan Stokes [Tue, 23 Mar 2021 17:25:18 +0000 (17:25 +0000)]
Merge "Vold will always bind mount obb and data dirs to lowerfs"
Ricky Wai [Fri, 19 Mar 2021 15:35:49 +0000 (15:35 +0000)]
Vold will always bind mount obb and data dirs to lowerfs
So shell / root will always access to them directly not via fuse.
And zygote will be unmount these directories to prevent them being
abused for leaking app visibility.
Also, /mnt/androidwritable is not very useful now as it's the same as
/mnt/installer, but we should make shell / root to access /mnt/androidwritable
later and /mnt/installer should only access obb but not data dir.
Bug:
182997439
Test: Able to boot without errors
Test: df on /sdcard/Android/data shows it's no on fuse.
Change-Id: I2ad10b1e80c135f637d37ddf502ee010f89f4946
Ricky Wai [Fri, 19 Mar 2021 16:03:55 +0000 (16:03 +0000)]
Merge "Revert "Change mounting storage data and obb to on by default"" into sc-dev
Ricky Wai [Fri, 19 Mar 2021 14:21:46 +0000 (14:21 +0000)]
Revert "Change mounting storage data and obb to on by default"
Revert "Change mounting storage data and obb to on by default"
Revert submission
13469849-turn_on_iso-sc-dev
Reason for revert: Failing existing CTS b/
182843583
Reverted Changes:
If819ee161:Change mounting storage data and obb to on by defa...
I46a095448:Change mounting storage data and obb to on by defa...
Change-Id: Ic5156df1cac3a5ecd661b5f3bfa0095b2b767d5d
Martijn Coenen [Fri, 19 Mar 2021 09:44:14 +0000 (09:44 +0000)]
Merge "vold: do not acquire lock when abort fuse" am:
717c1926fc am:
d616d6e1ba am:
c678a95db2
Original change: https://android-review.googlesource.com/c/platform/system/vold/+/
1639945
Change-Id: I7c52c6ce39a37ce8fbc719fd8f242d2106e344bf