OSDN Git Service
Paul Lawrence [Tue, 25 Jun 2019 21:44:33 +0000 (14:44 -0700)]
Make ext4 userdata checkpoints work with metadata encryption
When both ext4 user data checkpoints and metadata encryption are
enabled, we are creating two stacked dm devices. This had not been
properly thought through or debugged.
Test: Enable metadata encryption on taimen (add
keydirectory=/metadata/vold/metadata_encryption to flags for userdata in
fstab.hardware)
Unfortunately metadata is not wiped by fastboot -w, so it is
necessary to rm metadata/vold -rf whenever you wipe data.
fastboot flashall -w works
fastboot reboot -w works
A normal boot works
Disable checkpoint commits with
setprop persist.vold.dont_commit_checkpoint 1
vdc checkpoint startCheckpoint 10
adb reboot
wait for device to fully boot then
adb reboot
Wait for device to fully boot then
adb logcat -d | grep Checkpoint shows the rollback in the logs
This tests encryption on top of checkpoints with commit, encryption
without checkpoints, and rollback, which seems to be the key cases.
Also ran same tests on unmodified Taimen and Blueline
Bug:
135905679
Merged-In: I8365a40298b752af4bb10d00d9ff58ce04beab1f
Change-Id: I8365a40298b752af4bb10d00d9ff58ce04beab1f
Paul Lawrence [Wed, 12 Jun 2019 19:03:01 +0000 (12:03 -0700)]
Add property to prevent commit for Vts test
Old approach (do not start class main) does not work because when
testings userdebug GSI on user system, adb does not start until the
framework starts.
Bug:
134126407
Test: Test passes with userdebug GSI on user Taimen
Change-Id: I20441964dbc7b6ad5b445fa17a1374c1282bbbd8
Daniel Rosenberg [Fri, 7 Jun 2019 03:38:38 +0000 (20:38 -0700)]
Defer deleteKey in KeyStorage in Checkpointing mode
Don't delete keys in checkpointing mode. Instead wait until the
checkpoint has been committed.
Bug:
134631661
Test: Flash A with a working build. Flash B with a broken build. Test
that the device rolls back to A without getting sent to recovery.
Change-Id: Ie5fc2d098355e2d095c53e9a95a6a8c7ab7ed051
Sudheer Shanka [Thu, 30 May 2019 23:40:20 +0000 (16:40 -0700)]
Support "full" mode when updating bind mounts of a process.
Bug:
133829348
Test: manual
Test: atest cts/hostsidetests/appsecurity/src/android/appsecurity/cts/ExternalStorageHostTest.java
Change-Id: I5f48ecbfe8cce243fa75a2e8447ce1d4676003ad
Nick Kralevich [Tue, 14 May 2019 16:30:29 +0000 (09:30 -0700)]
FsCrypt.cpp: Do delayed restorecon on /data/vendor_ce
When Android boots after file_contexts has changed, the boot process
walks the entire /data partition, updating any changed SELinux labels as
appropriate. However, credential encrypted ("ce") directories are
deliberately excluded from this early boot directory walk. Files within
ce directories have their filenames encrypted, and as a result, cannot
match the file_contexts entries. Only after the user has unlocked their
device are the unencrypted filenames available and a restorecon
appropriate.
Ensure that we do a post-unlock restorecon on /data/vendor_ce, like we
do for /data/system_ce and /data/misc_ce. This ensures the labels on
files within these directories are correct after the device has been
unlocked.
Bug:
132349934
Test: See bug
132349934 comment #12 for test procedure
Change-Id: Ifcbef5fdfb236ec6dea418efa9d965db3a3b782f
Sudheer Shanka [Mon, 29 Apr 2019 17:46:35 +0000 (10:46 -0700)]
Remove storage sandboxes related code.
Bug:
131115422
Test: manual
Test: atest --test-mapping packages/providers/MediaProvider
Test: atest cts/hostsidetests/appsecurity/src/android/appsecurity/cts/ExternalStorageHostTest.java
Test: atest DownloadProviderTests
Test: atest cts/tests/app/src/android/app/cts/DownloadManagerTest.java
Test: atest cts/tests/app/DownloadManagerLegacyTest/src/android/app/cts/DownloadManagerLegacyTest.java
Test: atest cts/tests/app/DownloadManagerApi28Test/src/android/app/cts/DownloadManagerApi28Test.java
Change-Id: Ib3272a47a901ed106474039e72f123b11f5443ff
Merged-In: Ib3272a47a901ed106474039e72f123b11f5443ff
Martijn Coenen [Wed, 1 May 2019 17:45:23 +0000 (17:45 +0000)]
Merge "Stop using trigger_reset_main." into qt-dev
Paul Crowley [Wed, 24 Apr 2019 00:04:35 +0000 (17:04 -0700)]
Create /data/vendor_ce/0/facedata in vold_prepare_subdirs
Bug:
131084614
Test: Modified sepolicy to match, ensured directory was created on
Crosshatch
Change-Id: I0978a630149158eb3b8f446abecb12e137e6fae5
Martijn Coenen [Wed, 24 Apr 2019 08:41:11 +0000 (10:41 +0200)]
Stop using trigger_reset_main.
This trigger was used on FDE devices to bring down the minimal
framework, and worked by shutting down the 'main' service class.
With APEX being introduced, we want to restart all services that were
started after the tmpfs /data was mounted, as those are the services
that haven't been able to use updated APEXes in the (real) /data.
In order to do this, we need to reset more classes; that in turn
made the 'shutdown_main' trigger pretty much similar to the
previously existing 'trigger_shutdown_framework' trigger; so instead
of keeping two duplicate triggers, use only the
'trigger_shutdown_framework' one.
Bug:
118485723
Test: Taimen configured as FDE boots, Taimen configured as FBE boots
Change-Id: I0d80ef2528bd70870b063a2c580cd00a03de9961
Sudheer Shanka [Thu, 18 Apr 2019 22:18:30 +0000 (15:18 -0700)]
Update remountUidLegacy to handle "full" mount mode.
Bug:
130791955
Test: manual
Change-Id: I078c2922d1d5a8d16bbb213201a3cad7b1bf4b86
Sudheer Shanka [Wed, 17 Apr 2019 22:07:47 +0000 (22:07 +0000)]
Merge "Allow sandboxed apps to access only package specific dirs." into qt-dev
Sandeep Patil [Mon, 15 Apr 2019 15:45:27 +0000 (08:45 -0700)]
Add visible logs about fstrim run for block based checkpoints
Bug:
120095226
Test: Tested by forcing /data/system/last-fstrim last modified time back
2 years & manually trigger checkpoint using 'vdc checkpoint startCheckpoint 1'
Change-Id: I0cb8b6a85ae787e1ba2cdd7998a46942ca69760f
Signed-off-by: Sandeep Patil <sspatil@google.com>
Sudheer Shanka [Fri, 12 Apr 2019 20:55:28 +0000 (13:55 -0700)]
Allow sandboxed apps to access only package specific dirs.
Bug:
130427780
Test: manual
Test: atest cts/hostsidetests/appsecurity/src/android/appsecurity/cts/ExternalStorageHostTest.java
Change-Id: I7afcea090306336c4033860084a2a436d2bb4740
Woody Lin [Wed, 10 Apr 2019 14:06:41 +0000 (07:06 -0700)]
[automerger skipped] Fsync directories before delete key
am:
a598e04a91 -s ours
am skip reason: change_id Ib8c349d6d033f86b247f4b35b8354d97cf249d26 with SHA1
37c82f5c0f is in history
Change-Id: Ifec2d700dbe6bbe55e65e6e07003d1e77fb3dbc2
Paul Crowley [Wed, 10 Apr 2019 14:06:31 +0000 (07:06 -0700)]
[automerger skipped] Fsync directories after creating files
am:
2e58acb412 -s ours
am skip reason: change_id I53d252942c21365983b4f8b6e0948b1864f195c1 with SHA1
621d9b9732 is in history
Change-Id: Icdb62b1d4e6e7ca7d18df1083020d61d9b215165
Narayan Kamath [Tue, 9 Apr 2019 17:45:32 +0000 (18:45 +0100)]
AppFuseUtil: Call ForceUnmount before PrepareDir.
We'd previously call ForceUnmount after the call to PrepareDir,
which would sometimes fail because the userspace counterpart of a
FUSE FS that was previously mounted at that mountpoint has gone
away. This is usually reproducible after a runtime restart.
Bug:
128459728
Test: Loop (adb shell start; atest MediaStore_Images_MediaTest; adb shell stop;)
Change-Id: I38d3908487123614c338266f983afb04e3ed78d4
Eric Biggers [Wed, 3 Apr 2019 21:38:28 +0000 (21:38 +0000)]
Merge "vold: downgrade lookup_key_ref() failure message to DEBUG level"
Daniel Rosenberg [Tue, 2 Apr 2019 22:52:12 +0000 (15:52 -0700)]
Merge "Retry opening loop device" am:
c8f5cbb5b1 am:
de841f6d89
am:
dde25e9167
Change-Id: I14fc99509f8b5f83cc2dd0a035d1b127c581b027
Daniel Rosenberg [Tue, 2 Apr 2019 22:08:19 +0000 (15:08 -0700)]
Merge "Retry opening loop device" am:
c8f5cbb5b1
am:
de841f6d89
Change-Id: Ia0765900543f1778fbbe5d26dcadaff8364a89b5
Daniel Rosenberg [Tue, 2 Apr 2019 21:23:59 +0000 (14:23 -0700)]
Merge "Retry opening loop device"
am:
c8f5cbb5b1
Change-Id: I5657465fe50f61e3c45e7d13eb5953ef7771d5fa
Daniel Rosenberg [Tue, 2 Apr 2019 20:28:44 +0000 (20:28 +0000)]
Merge "Retry opening loop device"
Eric Biggers [Tue, 2 Apr 2019 17:38:15 +0000 (10:38 -0700)]
vold: downgrade lookup_key_ref() failure message to DEBUG level
Now that lockUserKey() will be called for every user each time the
framework is started, it's a normal case that the key being removed
doesn't exist. So downgrade the log message about being unable to find
a key from ERROR to DEBUG.
Test: build and boot, message is now debug level.
Change-Id: I2d1dce8dd8825b02982eab1c902aa10fe5b54b84
Daniel Rosenberg [Mon, 1 Apr 2019 23:09:28 +0000 (16:09 -0700)]
Retry opening loop device
If more than the default number of loop devices is in use, we may need
to wait for the device path to be available.
Bug:
128873591
Bug:
122059364
Test: Set up adopted virtual disk and check that it loads on boot
Change-Id: I201dcc32043664076f50b0d6f40de6e5e1a65342
Jaegeuk Kim [Mon, 1 Apr 2019 14:22:06 +0000 (07:22 -0700)]
Merge "idle-maint: don't need to change discard_granularity" am:
444a24558d am:
a970ff8448
am:
240ca70d8d
Change-Id: I249d4dd70c4f13d46d539a769e918613eea539b4
Jaegeuk Kim [Mon, 1 Apr 2019 14:17:59 +0000 (07:17 -0700)]
Merge "idle-maint: don't need to change discard_granularity" am:
444a24558d
am:
a970ff8448
Change-Id: I2be93b1bf2e1cd81b54ec9f197043ae8156003df
Jaegeuk Kim [Mon, 1 Apr 2019 14:13:28 +0000 (07:13 -0700)]
Merge "idle-maint: don't need to change discard_granularity"
am:
444a24558d
Change-Id: If0679363fb8563dedb43f8bd6266c74e4869d44f
Jaegeuk Kim [Mon, 1 Apr 2019 14:04:24 +0000 (14:04 +0000)]
Merge "idle-maint: don't need to change discard_granularity"
Nick Kralevich [Sat, 30 Mar 2019 01:35:22 +0000 (18:35 -0700)]
VolumeManager: more O_CLOEXEC changes
Test: compiles and boots
Bug:
129350825
Change-Id: Ie6a0e05f1814d744eb16863f749c939ab1e097e0
Nick Kralevich [Sat, 30 Mar 2019 01:46:25 +0000 (18:46 -0700)]
Merge "vold: add android-* to tidy_checks" am:
1820b9b3b9 am:
874b841223
am:
2215bd7a75
Change-Id: I4d1be96b9e7285aada712482c366a22451b6dacc
Nick Kralevich [Sat, 30 Mar 2019 01:46:07 +0000 (18:46 -0700)]
Merge "vold: cleanups for O_CLOEXEC tidy checks." am:
a59868d6de am:
5af0c75525
am:
4197c098df
Change-Id: Ibe3636abcfafab7854c7b0434095b6e91fadcacf
Nick Kralevich [Sat, 30 Mar 2019 01:42:20 +0000 (18:42 -0700)]
Merge "vold: add android-* to tidy_checks" am:
1820b9b3b9
am:
874b841223
Change-Id: Ica87cf75eadfff9a12c08204240e2d31b10f51a1
Nick Kralevich [Sat, 30 Mar 2019 01:42:05 +0000 (18:42 -0700)]
Merge "vold: cleanups for O_CLOEXEC tidy checks." am:
a59868d6de
am:
5af0c75525
Change-Id: I19cae40b342d339bf5752dfba304c37a0abecea8
Nick Kralevich [Sat, 30 Mar 2019 01:38:21 +0000 (18:38 -0700)]
Merge "vold: add android-* to tidy_checks"
am:
1820b9b3b9
Change-Id: I5b1c6926f050df8b24ee3d52b93080dab0745571
Nick Kralevich [Sat, 30 Mar 2019 01:38:04 +0000 (18:38 -0700)]
Merge "vold: cleanups for O_CLOEXEC tidy checks."
am:
a59868d6de
Change-Id: Ice4a6009beb2d41d381e461b00be93471b100778
Nick Kralevich [Sat, 30 Mar 2019 01:27:57 +0000 (01:27 +0000)]
Merge "vold: add android-* to tidy_checks"
Nick Kralevich [Sat, 30 Mar 2019 01:27:38 +0000 (01:27 +0000)]
Merge "vold: cleanups for O_CLOEXEC tidy checks."
Paul Lawrence [Sat, 30 Mar 2019 00:58:01 +0000 (17:58 -0700)]
Merge "Fix checkpoint on Taimen" am:
3889f17ad1 am:
e2d9258979
am:
471325ad5a
Change-Id: I96523c193353d8d0f3cf775447b07c018ff810a8
Paul Lawrence [Sat, 30 Mar 2019 00:38:20 +0000 (17:38 -0700)]
Merge "Fix checkpoint on Taimen" am:
3889f17ad1
am:
e2d9258979
Change-Id: Id0768b2cb6aa645d528d21738456a72308936ace
Paul Lawrence [Sat, 30 Mar 2019 00:16:19 +0000 (17:16 -0700)]
Merge "Fix checkpoint on Taimen"
am:
3889f17ad1
Change-Id: I06af82f6534b26e595be3aa1d39588175920d0db
Treehugger Robot [Fri, 29 Mar 2019 23:09:52 +0000 (23:09 +0000)]
Merge "Fix checkpoint on Taimen"
Nick Kralevich [Fri, 29 Mar 2019 23:07:58 +0000 (16:07 -0700)]
vold: add android-* to tidy_checks
Bug:
129350825
Test: compiles and boots
Change-Id: If5a6267cc56bfc0ba73602bfa520035197b4fb90
Nick Kralevich [Fri, 29 Mar 2019 23:03:51 +0000 (16:03 -0700)]
vold: cleanups for O_CLOEXEC tidy checks.
Bug:
129350825
Test: compiles and boots
Change-Id: I83a484ca15df1b757b670008f15af5504bc94df1
Paul Lawrence [Fri, 29 Mar 2019 20:06:34 +0000 (13:06 -0700)]
Fix checkpoint on Taimen
Bug:
129494872
Test: VtsKernelCheckpointTest runs and passes
Change-Id: Ib2de866db7c847d569789d1aa6cdbad7c3ee7ff4
Bernie Innocenti [Fri, 29 Mar 2019 04:32:18 +0000 (21:32 -0700)]
Merge "Fix bogus error checking on unique_fd" am:
95587b085e am:
3e9b69bf77
am:
eb2be538c0
Change-Id: I7bf25301ca157fc7d508e03d32d037987a29ecf3
Bernie Innocenti [Fri, 29 Mar 2019 04:15:34 +0000 (21:15 -0700)]
Merge "Fix bogus error checking on unique_fd" am:
95587b085e
am:
3e9b69bf77
Change-Id: Id54116718b97057f978e1410a96bfb449999f832
Bernie Innocenti [Fri, 29 Mar 2019 04:09:18 +0000 (21:09 -0700)]
Merge "Fix bogus error checking on unique_fd"
am:
95587b085e
Change-Id: Ic11222fdc81a9a2e15546378f1bc5012107c50af
Treehugger Robot [Fri, 29 Mar 2019 03:52:46 +0000 (03:52 +0000)]
Merge "Fix bogus error checking on unique_fd"
Jaegeuk Kim [Thu, 28 Mar 2019 13:40:12 +0000 (06:40 -0700)]
idle-maint: don't need to change discard_granularity
F2FS changes proper configurations along with gc_urgent, so idle-maint doesn't
need to set this redundantly.
Change-Id: I4a71a5d877a3bb9636e2b65132ec806edc56a8fe
Signed-off-by: Jaegeuk Kim <jaegeuk@google.com>
TreeHugger Robot [Thu, 28 Mar 2019 08:44:30 +0000 (08:44 +0000)]
Merge "vold: fsync both file and directory after write keys"
TreeHugger Robot [Thu, 28 Mar 2019 08:44:12 +0000 (08:44 +0000)]
Merge "vold: Introduce android::vold::writeStringToFile"
Tommy Chiu [Tue, 26 Mar 2019 06:14:19 +0000 (14:14 +0800)]
vold: fsync both file and directory after write keys
Use vold version of writeStringToFile which fsync files, and
manually fsync directories after initialize global DE
Bug:
71810347
Test: Build pass and reboot stress test.
Original boot failure symptom is NOT reproducible.
Change-Id: I1ca8f8cf0ccfd01075a9c33f79042e58d99aea26
Bernie Innocenti [Thu, 28 Mar 2019 06:24:30 +0000 (15:24 +0900)]
Fix bogus error checking on unique_fd
The expression "!fd" calls the implicit conversion to int, but comparing
the raw fd against 0 does not work, since open() and other POSIX calls
returning a file descriptor use -1 to signal an error.
Test: m vold
Change-Id: I0847c276f39cb9dd09c7ffb96951276113418fc8
Daniel Rosenberg [Wed, 27 Mar 2019 02:53:51 +0000 (19:53 -0700)]
Merge "Switch Checkpoint health sleep time to ms." am:
32a8a47b07 am:
e6db7e0a23
am:
2cc8752935
Change-Id: I125122b44009e2cb11e7cf6c147c9a808a87b8a2
Daniel Rosenberg [Wed, 27 Mar 2019 02:49:51 +0000 (19:49 -0700)]
Merge "Switch Checkpoint health sleep time to ms." am:
32a8a47b07
am:
e6db7e0a23
Change-Id: If71daebf5bd2d91f5dfbadee4c7707c10b667648
Daniel Rosenberg [Wed, 27 Mar 2019 02:45:51 +0000 (19:45 -0700)]
Merge "Switch Checkpoint health sleep time to ms."
am:
32a8a47b07
Change-Id: If927a879f06faac4fde97dde41f2017010f7001c
Daniel Rosenberg [Wed, 27 Mar 2019 02:34:24 +0000 (02:34 +0000)]
Merge "Switch Checkpoint health sleep time to ms."
Daniel Rosenberg [Wed, 27 Mar 2019 02:26:30 +0000 (19:26 -0700)]
Merge "Fixed min_free_bytes prop name and usleep time default" am:
7522da3036 am:
23e15b78ad
am:
511073b610
Change-Id: Ic796c1d7f636bb5718eee599e25aed83784bd246
Daniel Rosenberg [Wed, 27 Mar 2019 02:22:27 +0000 (19:22 -0700)]
Merge "Fixed min_free_bytes prop name and usleep time default" am:
7522da3036
am:
23e15b78ad
Change-Id: I33e4655486ec05fbd9ea66e467aaa1dce440edf9
Daniel Rosenberg [Wed, 27 Mar 2019 02:18:18 +0000 (19:18 -0700)]
Merge "Fixed min_free_bytes prop name and usleep time default"
am:
7522da3036
Change-Id: I242863be8d2b0b9ff780670b340f8acbfdaad52e
Suren Baghdasaryan [Wed, 27 Mar 2019 02:07:20 +0000 (19:07 -0700)]
Merge "Convert ifstream usage into fopen() to prevent fd leaks into child processes" am:
93fb6083d4 am:
f1dec58b61
am:
1efcfc30b1
Change-Id: Iacc7caa16478c167462ca5645f5eabfa34381896
Daniel Rosenberg [Wed, 27 Mar 2019 02:01:48 +0000 (02:01 +0000)]
Merge "Fixed min_free_bytes prop name and usleep time default"
Suren Baghdasaryan [Wed, 27 Mar 2019 01:57:14 +0000 (18:57 -0700)]
Merge "Convert ifstream usage into fopen() to prevent fd leaks into child processes" am:
93fb6083d4
am:
f1dec58b61
Change-Id: Id7e8626129dbda0fdafcc86b087b67f71b5d3f8a
Suren Baghdasaryan [Wed, 27 Mar 2019 01:48:13 +0000 (18:48 -0700)]
Merge "Convert ifstream usage into fopen() to prevent fd leaks into child processes"
am:
93fb6083d4
Change-Id: I28dc4717f22207e310c5701a78c04214ffa4d52a
Suren Baghdasaryan [Wed, 27 Mar 2019 01:31:15 +0000 (01:31 +0000)]
Merge "Convert ifstream usage into fopen() to prevent fd leaks into child processes"
Daniel Rosenberg [Tue, 26 Mar 2019 21:42:14 +0000 (14:42 -0700)]
Switch Checkpoint health sleep time to ms.
This changes the property from microsecond to milliseconds, as we don't
need that sort of precision here. Also switches from using ulseep, which
has been removed from POSIX, to nanosleep.
Test: Builds, Boots, Times
Change-Id: Iefbaf8489ba05d8d688542fd7d4305efb980e701
Satoshi Futenma [Mon, 25 Mar 2019 14:13:36 +0000 (23:13 +0900)]
Fixed min_free_bytes prop name and usleep time default
Test: check build
Bug:
129299864
Change-Id: Iab6a01d15185dd19604cd8d3d7ea4efc2b020e34
Suren Baghdasaryan [Tue, 26 Mar 2019 17:00:05 +0000 (10:00 -0700)]
Convert ifstream usage into fopen() to prevent fd leaks into child processes
std::ifstream does not use O_CLOEXEC flag when opening files. This leads
to file descriptors being inherited by child processes. In the case of vold
this results in leaking FDs to less privileged children with no permission
for these files which occasionally leads to SELinux denials.
Bug:
129298168
Change-Id: Id2731782a25d65c9a7cbf25dc441f3e7a17609c1
Signed-off-by: Suren Baghdasaryan <surenb@google.com>
Tommy Chiu [Tue, 26 Mar 2019 09:18:09 +0000 (17:18 +0800)]
vold: Introduce android::vold::writeStringToFile
Remove static definition of writeStringToFile, and
move it from KeyStorage to Utils
Bug:
71810347
Change-Id: I38bfd27370ac2372e446dc699f518122e73c6877
Rubin Xu [Fri, 22 Mar 2019 13:27:47 +0000 (06:27 -0700)]
Merge "Remove excess logging in secdiscard" am:
b640f4e337 am:
2c1e98d69f
am:
b970f62913
Change-Id: Icce53ecc1e43945cd1298edbf3e70005340432d9
Rubin Xu [Fri, 22 Mar 2019 13:23:33 +0000 (06:23 -0700)]
Merge "Remove excess logging in secdiscard" am:
b640f4e337
am:
2c1e98d69f
Change-Id: I767847aa355adf893189e329b67c78a5145245e3
Rubin Xu [Fri, 22 Mar 2019 13:17:06 +0000 (06:17 -0700)]
Merge "Remove excess logging in secdiscard"
am:
b640f4e337
Change-Id: Ic4509611efc55b0953ccca02fd7730740982728a
Treehugger Robot [Fri, 22 Mar 2019 13:05:35 +0000 (13:05 +0000)]
Merge "Remove excess logging in secdiscard"
Daniel Rosenberg [Thu, 21 Mar 2019 21:28:39 +0000 (14:28 -0700)]
Merge changes I977cc03b,I7b621476,Ib57f4461 am:
58551c0568 am:
5da6d2a0f9
am:
6647c75d3c
Change-Id: Iecf990d139b98ba2788cb6ba82e6673c28bb08c2
Daniel Rosenberg [Thu, 21 Mar 2019 21:23:22 +0000 (14:23 -0700)]
Merge changes I977cc03b,I7b621476,Ib57f4461 am:
58551c0568
am:
5da6d2a0f9
Change-Id: I98125f4b3277601bf2795e76cb8b8b889e1725e4
Daniel Rosenberg [Thu, 21 Mar 2019 21:19:27 +0000 (14:19 -0700)]
Merge changes I977cc03b,I7b621476,Ib57f4461
am:
58551c0568
Change-Id: I0ecec87455c3c8daa53b00be941539998eea1cd2
Daniel Rosenberg [Thu, 21 Mar 2019 21:01:08 +0000 (21:01 +0000)]
Merge changes I977cc03b,I7b621476,Ib57f4461
* changes:
Add health check to checkpointing
Change abortChanges to take a message and bool
Make needsCheckpoint cover whole session
Daniel Rosenberg [Wed, 21 Nov 2018 03:03:11 +0000 (19:03 -0800)]
Add health check to checkpointing
Take action if we are running out of checkpoint space.
Configurable via ro.sys properties.
ro.sys.cp_usleeptime = Time to sleep between checks
ro.sys.cp_min_free_bytes = Min free space to act on
ro.sys.cp_commit_on_full = action to take. Either commits or reboots to
continue attempt without checkpoint, or retry
and eventually abort OTA
Test: Trigger a checkpoint and fill the disk.
Bug:
119769392
Change-Id: I977cc03b7aef9320d661c8a0d716f8a1ef0be347
Daniel Rosenberg [Thu, 21 Mar 2019 00:02:47 +0000 (17:02 -0700)]
Change abortChanges to take a message and bool
abortChanges will attempt to pass a reboot message, and will only reboot
if the device is currently checkpointing. Additionally, it can opt to
attempt to prevent future attempts. This only works for non-bootloader
controlled updates. Failures are ignored, as it will always reboot the
device. In the unlikely event of such a failure, the device will
continue to retry as though you did not ask to prevent future attempts.
Test: vdc checkpoint abortChanges abort_retry_test 1
vdc checkpoint abortChanges abort_noretry_test 0
Change-Id: I7b6214765a1faaf4fd193c73331696b53ae572d2
Daniel Rosenberg [Tue, 19 Mar 2019 21:02:59 +0000 (14:02 -0700)]
Make needsCheckpoint cover whole session
This makes needCheckpoint return true when the device will or is using
checkpointing.
Test: vdc checkpoint startCheckpoint 1
reboot
vdc checkpoint needsCheckpoint
should return 1 before and after data mounts, and 0 once the
checkpoint has been committed
Change-Id: Ib57f4461d837f41a8110ed318168165a684d913a
Rubin Xu [Thu, 21 Mar 2019 18:13:40 +0000 (18:13 +0000)]
Remove excess logging in secdiscard
Remove all debug logs to reduce logspam a bit.
Bug:
64349233
Test: manual
Change-Id: I234fae7b9fb719b09af27985736f43f085dad301
Paul Crowley [Tue, 19 Mar 2019 19:39:54 +0000 (12:39 -0700)]
Merge "Shell no longer globs, so glob in pushBackContents" am:
a41b7849d0 am:
04017039b7
am:
612065e22b
Change-Id: I296bf6ce7d616e3615e2a39293b2b60c2ce85c4d
Paul Crowley [Tue, 19 Mar 2019 19:35:48 +0000 (12:35 -0700)]
Merge "Shell no longer globs, so glob in pushBackContents" am:
a41b7849d0
am:
04017039b7
Change-Id: Ifc9ef0e513dd3d7ed6d0b67ddbec236145196b18
Paul Crowley [Tue, 19 Mar 2019 19:31:37 +0000 (12:31 -0700)]
Merge "Shell no longer globs, so glob in pushBackContents"
am:
a41b7849d0
Change-Id: Iedd9a6d6834adc844e13e9ec596062032588fd53
Paul Crowley [Tue, 19 Mar 2019 19:13:56 +0000 (19:13 +0000)]
Merge "Shell no longer globs, so glob in pushBackContents"
Paul Lawrence [Mon, 18 Mar 2019 23:47:37 +0000 (16:47 -0700)]
Merge "Add vdc checkpoint supportsBlockCheckpoint" am:
860c731158 am:
4c5ce24e80
am:
ca54294cf8
Change-Id: Ibee238347b863404670e972f41cebcb4986c8435
Paul Lawrence [Mon, 18 Mar 2019 23:27:46 +0000 (16:27 -0700)]
Merge "Add vdc checkpoint supportsBlockCheckpoint" am:
860c731158
am:
4c5ce24e80
Change-Id: I60320da84c973841b4efd425e0cfc7cc81052fe6
Paul Lawrence [Mon, 18 Mar 2019 23:08:51 +0000 (16:08 -0700)]
Merge "Add vdc checkpoint supportsBlockCheckpoint"
am:
860c731158
Change-Id: I61a7059649e8dc0ff5096f3494d5e4b0f8f3b787
Treehugger Robot [Mon, 18 Mar 2019 22:56:47 +0000 (22:56 +0000)]
Merge "Add vdc checkpoint supportsBlockCheckpoint"
Paul Lawrence [Mon, 18 Mar 2019 20:36:40 +0000 (13:36 -0700)]
Add vdc checkpoint supportsBlockCheckpoint
Also add vdc checkpoint supportsFileCheckpoint
This is to allow tests to be specific to supported checkpoint mode.
Test: Built on Taimen and Crosshatch, made sure both new functions work
as expected
Change-Id: I0eab7453b13c0a2e31840ef9ad24a692cec55b00
Paul Crowley [Mon, 18 Mar 2019 17:26:47 +0000 (10:26 -0700)]
Shell no longer globs, so glob in pushBackContents
Bug:
113246065
Bug:
123057215
Test: As described in b/
113246065 comment 1
Change-Id: Id766773ed4abe80a9fc1d5305f099aedfe8eed90
Chris Fries [Thu, 14 Mar 2019 15:44:08 +0000 (08:44 -0700)]
Merge "Fsync directories before delete key" am:
7573874d3f am:
3a38070bbf
am:
08613423ee
Change-Id: I6007af911ba3fcafad590d33deea25a5c55b03c3
Chris Fries [Thu, 14 Mar 2019 15:40:08 +0000 (08:40 -0700)]
Merge "Fsync directories before delete key" am:
7573874d3f
am:
3a38070bbf
Change-Id: I568a6e8a39929b77ba76b021657e248a4e49e470
Chris Fries [Thu, 14 Mar 2019 15:34:06 +0000 (08:34 -0700)]
Merge "Fsync directories before delete key"
am:
7573874d3f
Change-Id: I568638b5de3c58d868024f959f890094eb1bd501
Woody Lin [Mon, 11 Mar 2019 12:58:20 +0000 (20:58 +0800)]
Fsync directories before delete key
The boot failure symptom is reproduced on Walleye devices. System boots
up after taking OTA and try to upgrade key, but keymaster returns "failed
to ugprade key". Device reboots to recovery mode because of the failure,
and finally trapped in bootloader screen. Possible scenario is:
(After taking OTA)
vold sends old key and op=UPGRADE to keymaster
keymaster creates and saves new key to RPMB, responses new key to vold
vold saves new key as temp key
vold renames temp key to main key -------------- (1) -- still in cache
vold sends old key and op=DELETE_KEY to keymaster
keymaster removes old key from RPMB ------------ (2) -- write directly to RPMB
==> SYSTEM INTERRUPTED BY CRASH OR SOMETHING; ALL CACHE LOST.
==> System boots up, key in RPMB is deleted but key in storage is old key.
Solution: A Fsync is required between (1) and (2) to cover this case.
Detail analysis: b/
124279741#comment21
Bug:
112145641
Bug:
124279741
Test: Insert fault right after deleteKey in vold::begin (KeyStorage.cpp),
original boot failure symptom is NOT reproducible.
Change-Id: Ia042b23699c37c94758fb660aecec64d39f39738
Merged-In: Ib8c349d6d033f86b247f4b35b8354d97cf249d26
Paul Crowley [Fri, 7 Dec 2018 23:36:09 +0000 (15:36 -0800)]
Fsync directories after creating files
Bug:
112145641
Bug:
124279741
Bug:
120248692
Test: adb shell locksettings set-pin 1111 && \
adb shell "echo b > /proc/sysrq-trigger"
Change-Id: I53d252942c21365983b4f8b6e0948b1864f195c1
Merged-In: I53d252942c21365983b4f8b6e0948b1864f195c1
Chris Fries [Thu, 14 Mar 2019 15:19:20 +0000 (15:19 +0000)]
Merge "Fsync directories before delete key"
Woody Lin [Mon, 11 Mar 2019 12:58:20 +0000 (20:58 +0800)]
Fsync directories before delete key
The boot failure symptom is reproduced on Walleye devices. System boots
up after taking OTA and try to upgrade key, but keymaster returns "failed
to ugprade key". Device reboots to recovery mode because of the failure,
and finally trapped in bootloader screen. Possible scenario is:
(After taking OTA)
vold sends old key and op=UPGRADE to keymaster
keymaster creates and saves new key to RPMB, responses new key to vold
vold saves new key as temp key
vold renames temp key to main key -------------- (1) -- still in cache
vold sends old key and op=DELETE_KEY to keymaster
keymaster removes old key from RPMB ------------ (2) -- write directly to RPMB
==> SYSTEM INTERRUPTED BY CRASH OR SOMETHING; ALL CACHE LOST.
==> System boots up, key in RPMB is deleted but key in storage is old key.
Solution: A Fsync is required between (1) and (2) to cover this case.
Detail analysis: b/
124279741#comment21
Bug:
112145641
Bug:
124279741
Test: Insert fault right after deleteKey in vold::begin (KeyStorage.cpp),
original boot failure symptom is NOT reproducible.
Change-Id: Ib8c349d6d033f86b247f4b35b8354d97cf249d26
The Android Open Source Project [Tue, 12 Mar 2019 00:47:32 +0000 (17:47 -0700)]
[automerger skipped] Merge "DO NOT MERGE - Skip PPRL.190305.001 into master" am:
027fe9217c -s ours am:
e1d82ea744 -s ours
am:
1c4f1e80e0 -s ours
am skip reason: subject contains skip directive
Change-Id: I8a1dd28839de20a90acbef6e911f7135724eed3e
The Android Open Source Project [Tue, 12 Mar 2019 00:46:36 +0000 (17:46 -0700)]
[automerger skipped] DO NOT MERGE - Skip PPRL.190305.001 into master am:
37c6ce4fb0 -s ours am:
1a158c67a0 -s ours
am:
9c5a36769b -s ours
am skip reason: subject contains skip directive
Change-Id: I4106b7617a6cb26979eeaa66fe7c49209676a22b
The Android Open Source Project [Tue, 12 Mar 2019 00:14:30 +0000 (17:14 -0700)]
[automerger skipped] Merge "DO NOT MERGE - Skip PPRL.190305.001 into master" am:
027fe9217c -s ours
am:
e1d82ea744 -s ours
am skip reason: subject contains skip directive
Change-Id: Ia2810aced1e11dc131b010e4d45833eded34ae26