OSDN Git Service
Paul Crowley [Thu, 29 Mar 2018 23:23:58 +0000 (23:23 +0000)]
Gate use of allow_encrypt_override behind ro.crypto property
am:
385cb8c4d6
Change-Id: I91f057b853902b63028897640ba6bb8e3d13e223
Paul Crowley [Thu, 29 Mar 2018 20:27:23 +0000 (13:27 -0700)]
Gate use of allow_encrypt_override behind ro.crypto property
Test: use adb set-virtual-disk to create a virtual partition
Bug:
25861755
Change-Id: I6a227a083c82321c8d4d2d9188091a6f7f0451f0
Rubin Xu [Tue, 6 Mar 2018 23:07:19 +0000 (23:07 +0000)]
Remove secdiscard IPC call
am:
eb850f93ab
Change-Id: If4f758f34519cd7bf328a431dc9b14af5e475eed
Rubin Xu [Thu, 1 Mar 2018 16:48:27 +0000 (16:48 +0000)]
Remove secdiscard IPC call
No longer used by the framework, hence removing.
Bug:
62140539
Test: builds
Change-Id: I17b9818ea6121d84223a502949186cf679a83a90
Risan [Thu, 1 Mar 2018 02:19:51 +0000 (11:19 +0900)]
Remove libarcmounter dependency in Vold
Due to rerouting ArcBridge call through System Server, Vold doesn't need
to depend on ArcBridge-related C++ library anymore.
Bug:
64500663
Test: Compiled.
Change-Id: Ic93cbc8cec8496784960d5093fb7b12d43574ced
TreeHugger Robot [Sun, 25 Feb 2018 02:45:33 +0000 (02:45 +0000)]
Merge "Use unique_ptr<DIR> to safely release resources."
Jeff Sharkey [Sun, 25 Feb 2018 01:23:35 +0000 (18:23 -0700)]
Trim whitespace from sysfs values.
Test: builds, boots
Bug:
72740079
Change-Id: If364927ea762c7dee99bff5dc307e3b9b5355c2b
Jeff Sharkey [Sun, 25 Feb 2018 01:09:21 +0000 (18:09 -0700)]
Use unique_ptr<DIR> to safely release resources.
Test: builds, boots
Bug:
66995913
Change-Id: Ib580501fc979b63295b180250581dc7527de76b2
TreeHugger Robot [Fri, 23 Feb 2018 20:52:22 +0000 (20:52 +0000)]
Merge "Add ArcService AIDL in Vold"
Risan [Thu, 22 Feb 2018 23:12:37 +0000 (08:12 +0900)]
Add ArcService AIDL in Vold
This is needed to allow ARC++ Vold to interact with ArcBridgeService
through SystemServer.
Bug:
64500663
Test: Compiled, tested on device + cts in master-arc-dev (ag/
3488659)
Change-Id: I3b05b0f456ec99be9163877a2d83cdbf2bb94991
Jaegeuk Kim [Fri, 23 Feb 2018 03:39:10 +0000 (03:39 +0000)]
Merge "vold: Idle-maint issues discards fully"
Jaegeuk Kim [Sat, 17 Feb 2018 14:02:30 +0000 (06:02 -0800)]
vold: Idle-maint issues discards fully
Change-Id: Ib20a55e8761aa740b530803f029ecb36256fe9aa
Signed-off-by: Jaegeuk Kim <jaegeuk@google.com>
Greg Kaiser [Fri, 16 Feb 2018 21:35:35 +0000 (13:35 -0800)]
cryptfs: Optionally get crypto type as a property
Instead of hardcoding to "aes-cbc-essiv:sha256" with a 16 byte
key, we introduce a new property, "ro.crypto.fde_algorithm",
to allow the use of different crypto types. The only other
method we currently support is "speck128-xts-plain64" with
a 32 byte key, although new crypto types are easily added.
We intentionally derive things like the crypto name and the
keysize from the given property name. This means the code
must be changed for each new crypto type we want to support,
but that's worth it to remove the exploit vector of crypto
types with incorrect key sizes.
Due to previous refactoring CLs, this has minimal impact on
the current code other than changing what we return for
cryptfs_get_{keysize,crypto_name}.
Bug:
73079191
Test: Flashed onto a gobo device with the property set for SPECK, and confirmed via kernel debug output we were using SPECK on the device.
Change-Id: I9c9df61590344c5f62114dfbf679031b0c2ceb1f
Greg Kaiser [Fri, 16 Feb 2018 21:13:58 +0000 (13:13 -0800)]
cryptfs: Require ext disk crypt to match code
Our external partitions have no crypto header/footer, so we
only get the keysize and key. Our code has been implicitly
assuming that this keysize off of disk matches the crypto
type we have in our code (and thus matches the keysize our
code is using as well). We now make this assumption
explicit, and check for this and no longer allow external
code to pass a keysize in to cryptfs.
Bug:
73079191
Test: Compiled and tested in combination with other CLs.
Change-Id: I1a1996187e1aaad6f103982652b1bcdfd5be33ce
Greg Kaiser [Fri, 16 Feb 2018 21:01:36 +0000 (13:01 -0800)]
cryptfs: Use the crypt_mnt_ftr keysize
Our code has places where we were reading in the crypt_mnt_ftr
struct from disk, but then proceeding to use a hardcoded constant
for the keysize. We plan to allow crypto with different sized
keys in the future, so we want to just trust the keysize we get
off of disk.
While doing this, we reject any crypt_mnt_ftr we read from disk
which has a keysize in excess of MAX_KEY_LEN. This defends us
against buffer overflows in the case of corrupt disk data.
Bug:
73079191
Test: Compiled and tested in combination with other CLs.
Change-Id: Id6f192b905960e5508833e9cd3b4668d4754dc7e
Gao Xiang [Fri, 16 Feb 2018 01:42:39 +0000 (01:42 +0000)]
Merge "mFusePid should be cleared after waitpid successfully" am:
456483d193 am:
8be3be3167
am:
8fe7f3104b
Change-Id: I18199ce5f972f0a403728e34dec608a01fceb183
Gao Xiang [Fri, 16 Feb 2018 01:24:40 +0000 (01:24 +0000)]
Merge "mFusePid should be cleared after waitpid successfully" am:
456483d193
am:
8be3be3167
Change-Id: Ib55467c9719d5c578a51b0fc49b03dbc9bbe0870
Gao Xiang [Fri, 16 Feb 2018 01:04:45 +0000 (01:04 +0000)]
Merge "mFusePid should be cleared after waitpid successfully"
am:
456483d193
Change-Id: I61bf49cea396ebc8009a54740d7322249025acf0
Treehugger Robot [Thu, 15 Feb 2018 23:46:14 +0000 (23:46 +0000)]
Merge "mFusePid should be cleared after waitpid successfully"
Greg Kaiser [Thu, 15 Feb 2018 04:15:18 +0000 (20:15 -0800)]
cryptfs: Don't use bare integers for key size
Rather than use an integer and have a comment, we use a named
constant for sizing these master key buffers. This will help
avoid confusion when we switch to allowing different sized
master keys.
Bug:
73079191
Test: Build
Change-Id: Ifaffdd94d337bb2d5a178f818dfe00f9386ae03b
Greg Kaiser [Thu, 15 Feb 2018 04:05:54 +0000 (20:05 -0800)]
cryptfs: Clarify sizing of intermediate key
Some parts of the code were intermingling constants for the master
key and the intermediate key. That works at the moment because
these are the same size. But we'll be introducing logic allowing
different sized master keys, while keeping the intermediate the
same. To aid that introduction, we use separate constants for
the intermediate key.
Bug:
73079191
Test: Build
Change-Id: I22b1dbf18aff2f76229df1c898fc606d6c1af3ca
Greg Kaiser [Wed, 14 Feb 2018 19:26:12 +0000 (11:26 -0800)]
Revert "cryptfs: Don't hardcode ikey buffer size"
This reverts commit
f45a70c416e74437bfc10e7a1dab55746f3edf25.
Greg Kaiser [Wed, 14 Feb 2018 19:26:08 +0000 (11:26 -0800)]
Revert "cryptfs: Make decrypted key buffers large enough"
This reverts commit
4a35ef0a53d1f8041adc8bf49585e700bb7af803.
Greg Kaiser [Wed, 14 Feb 2018 19:26:00 +0000 (11:26 -0800)]
Revert "cryptfs: Optionally get crypt type from properties"
This reverts commit
291fec178925fe7cd724b3d345bfcfbb98d87f52.
Greg Kaiser [Sat, 10 Feb 2018 02:24:59 +0000 (18:24 -0800)]
cryptfs: Optionally get crypt type from properties
Instead of hardcoding to "aes-cbc-essiv:sha256", we introduce a
new property, "ro.crypto.crypt_type_name", to allow the use of
different crypt methods. The only other method we currently
support is "speck128-xts-plain64", although new methods are
easily added.
We intentionally derive things like the keysize from the given
crypt name, to reduce exploit vectors. We also only accept
crypt names the code has whitelisted.
The biggest impact is replacing the hard-coded KEY_LEN_BYTES.
For compile-time buffers, we use the MAX_KEY_LEN to assure they
will be big enough for any crypt type. For run-time sizing,
we use the value derived from our property.
Bug:
73079191
Test: On an encrypted gobo, booted successfully with (1) no property set, (2) proproperty set to invalid value (and confirmed we defaulted to aes), and (3) after wiping userdata, with property set to "speck128-xts-plain64", confirmed we were using SPECK.
Change-Id: Ic4e10840d6ee2a4d4df58582448e0f768e6f403f
Greg Kaiser [Sat, 10 Feb 2018 01:01:06 +0000 (17:01 -0800)]
cryptfs: Make decrypted key buffers large enough
Looking at the EVP_DecryptUpdate() documentation, we need a
buffer which isn't just the keysize, but also provides the
cipher block length minus one byte extra. For EVP_aes_128_cbc(),
that block length is 16, but we use the maximum block length to
be safe for any future cipher change.
For two of our decrypted_master_key usages, the buffer was
already sufficiently sized. But for one of our instances,
in cryptfs_enable_internal(), the buffer was previously
smaller than this. So this CL represents a possible behavior
change if we were ever overrunning that buffer.
Bug:
73079191,
73176599
Test: Flashed an encrypted sailfish and it booted.
Change-Id: Ic5043340910dc7d625e6e5baedbca5bd4b2bfb03
Greg Kaiser [Sat, 10 Feb 2018 00:11:38 +0000 (16:11 -0800)]
cryptfs: Don't hardcode ascii buffer size
We're removing hardcoded buffer sizes in anticipation of allowing
different keysizes. In this case, our buffer was sufficiently
large for all current cases. But if we ever changed the
crypt_mnt_ftr struct to allow larger keys, this code will adjust
with the change.
Bug:
73079191
Test: Flashed an encrypted sailfish and it booted.
Change-Id: I261e729a77b351e287fbb55327564fe512a23d47
Greg Kaiser [Fri, 9 Feb 2018 21:41:12 +0000 (13:41 -0800)]
cryptfs: Don't hardcode ikey buffer size
We were hardcoding the size of the ikey buffer, but then had logic
which used KEY_LEN_BYTES and IV_LEN_BYTES to offset into the array
and describe the length of its contents.
In anticipation of allowing the keysize to be set via a property,
instead of at compile time, we change this code to make the relation
between the keysize and the buffer size explicit.
Bug:
73079191
Test: Flashed an encrypted sailfish and it booted.
Change-Id: I109a5dc812662220e53163bfb4b5e51bf5abf185
Greg Kaiser [Fri, 9 Feb 2018 17:19:54 +0000 (09:19 -0800)]
cryptfs: Fix format string
Test: None
Change-Id: Id16acb4ed5e89e759b69ec2d2f2db54cc54f1959
Greg Kaiser [Fri, 9 Feb 2018 17:15:50 +0000 (09:15 -0800)]
cryptfs: Remove unused variable
We'll be allowing modifyable key sizes in the near future,
and want to remove this variable to reduce confusion with this
change.
Bug:
73079191
Test: None
Change-Id: I7047bb375553d8c46ff0724add697a5105ebc68c
Shawn Willden [Wed, 7 Feb 2018 22:06:06 +0000 (15:06 -0700)]
Prevent spurious call to keymaster abort().
During the analysis of b/
72953784 it was noticed that vold was calling
keymaster abort() and failing, though vold was succeeding with its
keymaster operation. This had nothing to do with the bug, but the
presence of the error appeared to implicate keymaster, and it's bad
form in any case. This CL correctly clears the mDevice member during
a move, so the destructor will not attempt to call abort.
Test: Build & boot
Bug:
72953784
Change-Id: Ib0700f829e87f19b089396087085585ddd6b96a5
Paul Crowley [Tue, 30 Jan 2018 17:48:19 +0000 (09:48 -0800)]
Add a mount with metadata encryption service
Don't use the FDE flow to support metadata encryption; just provide a
vold service which directly mounts the volume and use that.
Bug:
63927601
Test: Boot Taimen to SUW with and without metadata encryption.
Change-Id: Ifc6a012c02c0ea66893020ed1d0da4cba6914aed
Paul Crowley [Thu, 1 Feb 2018 17:53:27 +0000 (09:53 -0800)]
Refactor logging in EncryptInplace.cpp
Done as part of work towards metadata encryption.
Bug:
63927601
Test: Boot Taimen to SUW
Change-Id: I0f5fda0e002944ab658756c7cfcb386c3658a446
Shawn Willden [Mon, 22 Jan 2018 16:08:32 +0000 (09:08 -0700)]
Support Keymaster4
This CL changes vold from using a KM3 device directly to using the KM4
support wrapper from the KM4 support library, which supports both KM3
and KM4 devices (KM0, 1 and 2 devices are still supported as well,
because the default KM3 device is a wrapper that uses them).
In addition, I found myself getting confused about which "Keymaster"
types were locally-defined vold keymaster types and which were from
the KM4 HAL and support library, so I changd the approach to
referencing the latter, so all of them are qualified with the "km::"
namespace reference.
Test: Build & boot
Change-Id: I08ed5425641e7496f8597d5716cb3cd0cbd33a7f
Shawn Willden [Sat, 20 Jan 2018 16:37:36 +0000 (09:37 -0700)]
Clang-format Key{cpp|h} and KeyStorage.{cpp|h}
Test: Build & boot
Change-Id: I92bb107409f493770028cf6fd637d34af7644262
Andreas Huber [Mon, 22 Jan 2018 19:25:29 +0000 (11:25 -0800)]
Fingerprint data is now stored in one of two ways depending on the
shipping API version:
For devices shipped before Android P nothing changes, data
is stored under /data/system/users/<user-id>/fpdata/...
Devices shipped from now on will instead store
fingerprint data under /data/vendor_de/<user-id>/fpdata.
Support for /data/vendor_de and /data/vendor_ce has been added to vold.
Bug:
36997597
Change-Id: I615e90d1c9ab08e768a8713968fa043598a0a526
Test: manually
Risan [Mon, 22 Jan 2018 02:04:25 +0000 (11:04 +0900)]
[VOLD] Add ARC++ ObbMount shared lib
Unfortunately, static library dependency is not transitive (even if the
dependency is a shared library). So I am wrapping the libarcobbvolume's
dependency as libarcmounter shared library.
Bug:
64500663
Test: Compile
Change-Id: I12be7a9d885c7c1c043185bd134e0148d420c6fd
Jeff Sharkey [Fri, 19 Jan 2018 01:55:18 +0000 (10:55 +0900)]
Add basic exFAT support.
Several partners have been requesting exFAT support. Android doesn't
natively support exFAT, but we're at least willing to try mounting an
exFAT filesystem if we detect the Linux kernel supports it, and if
helper binaries are present.
This CL is simple scaffolding, and it provides no actual
implementation of exFAT.
Test: builds, boots
Bug:
67822822
Change-Id: Id4f8ec3967b32de6e1c0e3c4b47fe6e43a6291ab
TreeHugger Robot [Thu, 18 Jan 2018 01:39:19 +0000 (01:39 +0000)]
Merge "No double encryption on FDE+FBE SD cards"
Jeff Sharkey [Sat, 13 Jan 2018 02:12:30 +0000 (02:12 +0000)]
Merge "Add "default_normal" support to vold."
Jeff Sharkey [Fri, 12 Jan 2018 20:51:43 +0000 (20:51 +0000)]
Merge "Remove FIDTRIM." am:
35829f3968 am:
c1d81682e1
am:
bf0ab0439c -s ours
Change-Id: I9ad9f730409747a0c8b724bdb81eb93802425309
Jeff Sharkey [Fri, 12 Jan 2018 20:48:45 +0000 (20:48 +0000)]
Merge "Remove FIDTRIM." am:
35829f3968
am:
c1d81682e1
Change-Id: Ic16dc5e6347a5cfbe444401b5374c7682db551e4
Jeff Sharkey [Fri, 12 Jan 2018 20:43:37 +0000 (20:43 +0000)]
Merge "Remove FIDTRIM."
am:
35829f3968
Change-Id: I02bb4438d08a34cf0f8e41a8a7fd2123c492be38
Jeff Sharkey [Fri, 12 Jan 2018 20:20:15 +0000 (20:20 +0000)]
Merge "Remove FIDTRIM."
Jeff Sharkey [Fri, 12 Jan 2018 17:42:13 +0000 (10:42 -0700)]
Remove FIDTRIM.
Remove FIDTRIM support, which isn't meaningful on UFS-based flash
devices. Modern devices require FBE/FDE which gives us better
protection against trimmed data lingering around.
Bug:
67041047
Test: builds, boots
Change-Id: I38d7d6961edf2047592b87c74b2a0f5906fb54e2
Merged-In: I4fb194c5d5ef13f413c02acedfbaaf79c567582b
Jeff Sharkey [Tue, 9 Jan 2018 19:27:40 +0000 (19:27 +0000)]
Merge "Grant "disk_reserved" GID to critical services."
Jeff Sharkey [Tue, 9 Jan 2018 05:40:53 +0000 (05:40 +0000)]
Merge "Wire up reserved blocks presence for tests."
TreeHugger Robot [Mon, 8 Jan 2018 18:59:45 +0000 (18:59 +0000)]
Merge "Remove all references to FDE enable wipe"
Jeff Sharkey [Mon, 8 Jan 2018 18:48:07 +0000 (11:48 -0700)]
Add "default_normal" support to vold.
This new flag isolates each user on a multi-user device for security
reasons.
Test: cts-tradefed run commandAndExit cts-dev -m CtsAppSecurityHostTestCases -t android.appsecurity.cts.ExternalStorageHostTest#testSecondaryUsersInaccessible
Bug:
64672411
Change-Id: I3db8dde597a7715ca680779ac57957fb12a92f8e
Jeff Sharkey [Mon, 8 Jan 2018 17:43:00 +0000 (10:43 -0700)]
Wire up reserved blocks presence for tests.
This is how we tell CTS if the device has reserved blocks set aside
for system critical services.
Test: builds, boots
Bug:
62024591
Change-Id: I7c8ec2294b246eed54668b5717df00e72f13887a
Jeff Sharkey [Fri, 31 Mar 2017 23:19:57 +0000 (17:19 -0600)]
Grant "disk_reserved" GID to critical services.
This GID extends the ability to use reserved disk space, giving the
system a chance to be usable enough for the user to free up disk
space used by apps.
Test: builds, boots
Bug:
62024591
Change-Id: I8bc47911a71e1f399616caae83678e2914781c7e
Jeff Sharkey [Thu, 4 Jan 2018 23:46:34 +0000 (16:46 -0700)]
FBE devices now fully support adoptable storage.
We've finished all the underlying work to support adoptable storage
on FBE devices, so remove the code that was disabling it by default.
To aid debugging, support blocking move commands (so that we log
the stdout) via a system property, so we don't have to recompile
end user devices stuck in funky states.
Test: cts-tradefed run commandAndExit cts-dev -m CtsAppSecurityHostTestCases -t android.appsecurity.cts.AdoptableHostTest
Bug:
29923055,
25861755,
33252673,
37289651
Change-Id: I6b781de7e196a1a50ba543843aca0caf74c3e282
Paul Lawrence [Fri, 22 Dec 2017 18:12:06 +0000 (10:12 -0800)]
Remove all references to FDE enable wipe
Bug:
64766105
Test: FBE boots, forceencrypt boots, set pattern, reboots, encryptable
boots and can be encrypted
Change-Id: I8c6dc0acdc37c3a6f1bea28d5607ed8938a4eb0c
Elliott Hughes [Thu, 21 Dec 2017 15:55:34 +0000 (15:55 +0000)]
Merge "StartsWith now allows std::string prefixes."
TreeHugger Robot [Thu, 21 Dec 2017 00:52:38 +0000 (00:52 +0000)]
Merge "Break vold dependency on keystore utilities."
Elliott Hughes [Wed, 20 Dec 2017 20:38:47 +0000 (12:38 -0800)]
StartsWith now allows std::string prefixes.
Bug: N/A
Test: builds
Change-Id: I2e24632e95f2bf929c2c000152c5c4076d53186e
Jeff Sharkey [Fri, 15 Dec 2017 05:15:20 +0000 (22:15 -0700)]
Delay touching disks when secure keyguard showing.
We've tried our best to protect against malicious storage devices
with limited SELinux domains, but let's be even more paranoid and
refuse to look at disks inserted while a secure keyguard is
showing. We'll gladly scan them right away once the user confirms
their credentials.
Test: builds, boots, manual testing
Bug:
68054513
Change-Id: I37fd6c25bbd6631fa4ba3f84e19384d746a22498
Chih-hung Hsieh [Mon, 11 Dec 2017 23:37:26 +0000 (23:37 +0000)]
Merge "Fix warning in system/vold/tests." am:
b96ed7e6e0 am:
447f1874b4
am:
c025ce8806 -s ours
Change-Id: I64cfa78cb57b5d813c34a0eb725a7dce802c7612
Chih-hung Hsieh [Mon, 11 Dec 2017 23:31:50 +0000 (23:31 +0000)]
Merge "Fix warning in system/vold/tests." am:
b96ed7e6e0
am:
447f1874b4
Change-Id: I9e5db0fe14e7701b20c27e0c2074fb23496f59aa
Chih-hung Hsieh [Mon, 11 Dec 2017 23:28:47 +0000 (23:28 +0000)]
Merge "Fix warning in system/vold/tests."
am:
b96ed7e6e0
Change-Id: I0d8dbf26cd9769307adc0a1ce0d4d02a8bff9382
Chih-hung Hsieh [Mon, 11 Dec 2017 23:22:58 +0000 (23:22 +0000)]
Merge "Fix warning in system/vold/tests."
Xin Li [Fri, 8 Dec 2017 04:27:44 +0000 (04:27 +0000)]
Merge "DO NOT MERGE: Merge Oreo MR1 into master" am:
56b0e8c1df -s ours am:
d0271a642a
am:
54018cc991 -s ours
Change-Id: Ic4cf2efd7603cb01d9bf11be0b0245a8b46a2ac3
Chih-Hung Hsieh [Thu, 7 Dec 2017 22:18:34 +0000 (14:18 -0800)]
Fix warning in system/vold/tests.
* Comment out unused function.
Bug:
66996870
Test: build with WITH_TIDY=1
Change-Id: I18db09be2ff8ef27f822876a6832ca5f08ce939f
Merged-In: I7a23573af0d664a5f39f1cde3a22ac0001dac1ac
Xin Li [Thu, 7 Dec 2017 22:05:05 +0000 (22:05 +0000)]
DO NOT MERGE: Merge Oreo MR1 into master am:
1843c887d4 -s ours am:
00a2c10b44
am:
81daada217 -s ours
Change-Id: I157feb353c48566849a001630ed505dc5911addd
Xin Li [Thu, 7 Dec 2017 19:40:44 +0000 (19:40 +0000)]
Merge "DO NOT MERGE: Merge Oreo MR1 into master" am:
56b0e8c1df -s ours
am:
d0271a642a
Change-Id: Ie7f861c8ba9eca256bfdd1546a3a67ae943cea4d
Xin Li [Thu, 7 Dec 2017 19:37:04 +0000 (19:37 +0000)]
Merge "DO NOT MERGE: Merge Oreo MR1 into master"
am:
56b0e8c1df -s ours
Change-Id: I632ac4d7b22928b78579ccd6e99a17c516f18809
Xin Li [Thu, 7 Dec 2017 07:26:09 +0000 (07:26 +0000)]
DO NOT MERGE: Merge Oreo MR1 into master am:
1843c887d4 -s ours
am:
00a2c10b44
Change-Id: I5d524667113fd31b78c2932d919d1c23b62caa5b
Xin Li [Thu, 7 Dec 2017 04:53:08 +0000 (04:53 +0000)]
DO NOT MERGE: Merge Oreo MR1 into master
am:
1843c887d4 -s ours
Change-Id: Ie3ef381ae67fa4e1761ff96e91fef55a959215d4
Gao Xiang [Thu, 7 Dec 2017 03:17:57 +0000 (11:17 +0800)]
mFusePid should be cleared after waitpid successfully
When waitpid is successful, we need to reset mFusePid
since mFusePid will be killed again unnecessarily
in doUnmount() if we don't reset mFusePid.
As a result, it will kill another unrelated process
in the case of pids wrap around.
Test: reboot
Fixes:
1d79d10 ("Check if sdcard daemon exited.")
Change-Id: Icb422d5c81621f9f6b9f4b1218e94b1d89172763
Signed-off-by: Gao Xiang <gaoxiang25@huawei.com>
Xin Li [Wed, 6 Dec 2017 23:18:28 +0000 (23:18 +0000)]
Merge "DO NOT MERGE: Merge Oreo MR1 into master"
Xin Li [Wed, 6 Dec 2017 19:52:23 +0000 (11:52 -0800)]
DO NOT MERGE: Merge Oreo MR1 into master
Exempt-From-Owner-Approval: Changes already landed internally
Change-Id: Ic7e2e2d1ef7bf17a9c81ea30d759fd9fe0a218c7
Paul Crowley [Mon, 27 Nov 2017 17:42:17 +0000 (09:42 -0800)]
No double encryption on FDE+FBE SD cards
On FBE systems, adoptable storage uses both file-based encryption (for
per-user protection) and full disk encryption (for metadata
protection). For performance/battery reasons, we don't want to encrypt
the same data twice; to that end, ensure that the
allow_encrypt_override flag is sent to dm_crypt.
Bug:
25861755
Test: see ag/
3247969
Change-Id: Ib0c5891ab2d2ee9007e27a50254d29fc867d7bc5
Colin Cross [Sat, 2 Dec 2017 23:20:42 +0000 (23:20 +0000)]
Merge "Export AIDL files as a filegroup for framework.jar"
Risan [Mon, 27 Nov 2017 09:01:35 +0000 (18:01 +0900)]
[Vold] Conditional dependency to ARC++ ObbVolume
Test: Compile
Change-Id: Ic6348f7816b28302d45c05a359548a5d034fde24
Bug:
64500663
Colin Cross [Sat, 25 Nov 2017 16:47:19 +0000 (08:47 -0800)]
Export AIDL files as a filegroup for framework.jar
Put AIDL files into a filegroup so they can be imported as sources
for framework.jar.
Bug:
69917341
Test: m checkbuild
Change-Id: I22e765ccf88832b1b192b42b2161898d9a6e5b2c
Pierre-Hugues Husson [Tue, 28 Nov 2017 19:19:36 +0000 (19:19 +0000)]
Merge "Workaround perdev_minors path change in Linux" am:
d3870c5167 am:
5687befd86
am:
77e194d0b9
Change-Id: If0c043e387629312121dc7d4556c112dc5800201
Pierre-Hugues Husson [Tue, 28 Nov 2017 19:03:30 +0000 (19:03 +0000)]
Merge "Workaround perdev_minors path change in Linux" am:
d3870c5167
am:
5687befd86
Change-Id: I65e584b3fb56aea64a466afb933d9085ab35117a
Pierre-Hugues Husson [Tue, 28 Nov 2017 18:59:56 +0000 (18:59 +0000)]
Merge "Workaround perdev_minors path change in Linux"
am:
d3870c5167
Change-Id: Ia7ec03a566f8c122dff05bcc3d996c05cf2b7771
Treehugger Robot [Tue, 28 Nov 2017 18:45:30 +0000 (18:45 +0000)]
Merge "Workaround perdev_minors path change in Linux"
Pierre-Hugues Husson [Tue, 28 Nov 2017 14:42:56 +0000 (15:42 +0100)]
Workaround perdev_minors path change in Linux
This upstream Linux change has been discussed at https://patchwork.kernel.org/patch/
8281851/
And included in AOSP in https://android-review.googlesource.com/c/kernel/common/+/202752
Some devices have been released without it, so we need this change to
have a working SDcard on those devices.
Change-Id: I323d85bd8381f82b75db09493ddc22f432cec548
Paul Crowley [Mon, 27 Nov 2017 21:05:35 +0000 (21:05 +0000)]
Merge "Key upgrading for FDE." am:
997e605563 am:
2b1b72d183
am:
78c9969299
Change-Id: I85740653a804707faca6becc77a16c3ce9990123
Paul Crowley [Mon, 27 Nov 2017 21:02:34 +0000 (21:02 +0000)]
Merge "Key upgrading for FDE." am:
997e605563
am:
2b1b72d183
Change-Id: I3c88a78565751c17f49c712d6015aad02cfca8f8
Paul Crowley [Mon, 27 Nov 2017 20:59:33 +0000 (20:59 +0000)]
Merge "Key upgrading for FDE."
am:
997e605563
Change-Id: If2ca4a6bd3b7a2b36b6c092975bcfdde8e063a3e
Treehugger Robot [Mon, 27 Nov 2017 20:55:51 +0000 (20:55 +0000)]
Merge "Key upgrading for FDE."
Paul Crowley [Tue, 21 Nov 2017 23:43:51 +0000 (15:43 -0800)]
Key upgrading for FDE.
Correctly handle a key upgrade error from keymaster by upgrading the
FDE RSA key and writing the new key blob to disk.
Bug:
69792304
Test: Roll back PLATFORM_SECURITY_PATCH a month, wipe and reboot, roll
forwards again, check logs with and without this patch.
Change-Id: I220d2dd4e3d791f636e9bc5f063064cecbf1b88a
TreeHugger Robot [Fri, 17 Nov 2017 08:03:32 +0000 (08:03 +0000)]
Merge "Vold: format f2fs partition"
TreeHugger Robot [Wed, 15 Nov 2017 18:47:21 +0000 (18:47 +0000)]
Merge "Add functions to handle idle maintenance"
Jaegeuk Kim [Tue, 14 Nov 2017 01:38:39 +0000 (17:38 -0800)]
Vold: format f2fs partition
This patch formats f2fs paritition with proper flags.
Change-Id: Ie5ded1f2ceb3869771b2eaf9bea3b0966cab18c5
Signed-off-by: Jaegeuk Kim <jaegeuk@google.com>
Xin Li [Wed, 15 Nov 2017 01:19:24 +0000 (01:19 +0000)]
Merge remote-tracking branch 'goog/stage-aosp-master' into HEAD
am:
c6d4d2a22d
Change-Id: I65288cb11d5b2a56bcf3e388f1bb4de6d3ee74dd
Xin Li [Wed, 15 Nov 2017 00:38:31 +0000 (16:38 -0800)]
Merge remote-tracking branch 'goog/stage-aosp-master' into HEAD
Change-Id: Id798fe06c18348b17befbca944afa25f7c514a80
Jin Qian [Tue, 17 Oct 2017 22:41:45 +0000 (15:41 -0700)]
Add functions to handle idle maintenance
runIdleMaint is equivalent with:
1. echo 1 > /sys/fs/f2fs/sdX/gc_urgent
2. wait until /sys/fs/f2fs/sdX/dirty_segments
<= threshold or timeout
3. echo 0 > /sys/fs/f2fs/sdX/gc_urgent
4. fstrim
abortIdleMaint forces the wait loop above to exit and
skips fstrim. However, if fstrim is already running,
abortIdleMaint will just leave it run to completion.
Test: adb shell sm idle-maint [run|abort]
Bug:
67776637
Change-Id: I4adff8d9b6bbd63bce41368cea55dc9e9b117eb6
Xin Li [Tue, 14 Nov 2017 20:20:56 +0000 (12:20 -0800)]
Merge commit '
e2d1d99f1a98b02a28fe71f2a387a72b69d4b4a6' from
oc-mr1-dev-plus-aosp into stage-aosp-master
Change-Id: I4bdada4c933109f1cc60c61946fa30e174ca7583
Jaegeuk Kim [Tue, 14 Nov 2017 03:33:35 +0000 (03:33 +0000)]
Merge "cryptfs: support make_f2fs with quota" am:
7807866abe am:
4d1c7765c8
am:
5968445892
Change-Id: Id898a24124eeafdcc1abdaafc4864d795f6fd340
Jaegeuk Kim [Tue, 14 Nov 2017 03:33:16 +0000 (03:33 +0000)]
Merge "cryptfs: call format_f2fs correctly with proper flags" am:
b9a1169eca am:
af285d98b8
am:
e15780494f
Change-Id: I5e08076759e8ba4d35c76d9da19e6607e5515958
Jaegeuk Kim [Tue, 14 Nov 2017 03:03:10 +0000 (03:03 +0000)]
Merge "cryptfs: support make_f2fs with quota" am:
7807866abe
am:
4d1c7765c8
Change-Id: Ica0836d567049774eeaf41d7f75d5cd83045edfe
Jaegeuk Kim [Tue, 14 Nov 2017 03:02:43 +0000 (03:02 +0000)]
Merge "cryptfs: call format_f2fs correctly with proper flags" am:
b9a1169eca
am:
af285d98b8
Change-Id: Ia40ec01d0685769d3af5cfeeb6a76673a07dd003
Jaegeuk Kim [Tue, 14 Nov 2017 01:10:34 +0000 (01:10 +0000)]
Merge "cryptfs: support make_f2fs with quota"
am:
7807866abe
Change-Id: I9b52d87df0a6ddc3c29b4bd5d302e300747ad4c1
Jaegeuk Kim [Tue, 14 Nov 2017 01:10:17 +0000 (01:10 +0000)]
Merge "cryptfs: call format_f2fs correctly with proper flags"
am:
b9a1169eca
Change-Id: I7ad4229ee514d80fc3280d8f468844a3b5eb9137
Treehugger Robot [Tue, 14 Nov 2017 01:06:37 +0000 (01:06 +0000)]
Merge "cryptfs: support make_f2fs with quota"
Jaegeuk Kim [Tue, 14 Nov 2017 01:06:27 +0000 (01:06 +0000)]
Merge "cryptfs: call format_f2fs correctly with proper flags"