OSDN Git Service
Treehugger Robot [Wed, 20 May 2020 06:32:43 +0000 (06:32 +0000)]
Merge "Handle virtio in private fs mapping"
Alistair Delva [Tue, 19 May 2020 22:49:26 +0000 (15:49 -0700)]
Handle virtio in private fs mapping
When the vold core decides if a device is SD or USB, it checks for MMC
or virtio, however when the filesystem type is decided, it does not
check for virtio, only MMC. This causes virtio SD cards to be formatted
with ext4 unconditionally.
This fix is independently correct, but it incidentally gets adopted
storage working on cuttlefish (and Android Emulator) because f2fs can
support fscrypt and casefolding at the same time; ext4 currently cannot.
Bug:
156286088
Change-Id: I0b41670d5f76b2506dad437917c2276f8e0aaccf
Merged-In: I0b41670d5f76b2506dad437917c2276f8e0aaccf
Treehugger Robot [Sat, 16 May 2020 04:51:28 +0000 (04:51 +0000)]
Merge "Expand virtio_block check to other virtual devices"
Alistair Delva [Thu, 14 May 2020 23:35:03 +0000 (16:35 -0700)]
Expand virtio_block check to other virtual devices
The Android Emulator isn't the only virtual device the virtio-block
detection code is useful for, and those platforms might not set any
discriminating properties to indicate that they are virtual.
Rework the virtio-block major detection to use /proc/devices instead
of hardcoding the assumption that any virtual platform can have
virtio-block at any experimental major; the new code permits only the
exact experimental major assigned to virtio-block.
The new code runs everywhere, but it will only run once and could be
expanded later to detect dynamic or experimental majors.
Bug:
156286088
Change-Id: Ieae805d08fddd0124a397636f04d99194a9ef7e5
Merged-In: Ieae805d08fddd0124a397636f04d99194a9ef7e5
Treehugger Robot [Tue, 12 May 2020 12:30:16 +0000 (12:30 +0000)]
Merge "Revert "ARC++ swap for AppFuseUtil""
Satoshi Niwa [Fri, 8 May 2020 04:50:34 +0000 (04:50 +0000)]
Revert "ARC++ swap for AppFuseUtil"
This reverts commit
dcbd4fcad2b90a6e9376bfe2593ab941966db346.
Reason for revert: ARC is migrating to ARCVM on R, which doesn't use AppFuse any more.
Change-Id: Ifd0bf92a79c0ff25d782bea44dd593f9502f1959
Treehugger Robot [Wed, 6 May 2020 17:02:43 +0000 (17:02 +0000)]
Merge "Acknowledge the 'nofail' fs_mgr flag and skip the expected failure."
P.Adarsh Reddy [Thu, 16 Apr 2020 16:16:08 +0000 (21:46 +0530)]
Acknowledge the 'nofail' fs_mgr flag and skip the expected failure.
fs_mgr supports 'nofail' flag, which is used if we do not want to
error-out incase the mounting/setup fails for a partition tagged with
nofail flag in fstab.
Recently added code in vold misses this handling, i.e. it aborts even
for a nofail partition upon encountering an expected failure.
Test: Add a non-existing logical partition fstab entry with 'nofail'
flag. Init's first stage mount acks this and doesn't crash.
Vold aborts (as it doesn't handle it), and device doesn't boot.
With this change, device boots up.
Change-Id: I2b1904a9c648c31bcc05b2e7e77480db236ff66e
Treehugger Robot [Thu, 23 Apr 2020 22:15:38 +0000 (22:15 +0000)]
Merge "vold: fix missing has.adoptable"
Jaegeuk Kim [Thu, 23 Apr 2020 20:43:12 +0000 (13:43 -0700)]
vold: fix missing has.adoptable
This patch fixes missing entry in the below commit.
Fixes:
c52f6724edd6 ("vold: clean up configuration set")
Signed-off-by: Jaegeuk Kim <jaegeuk@google.com>
Change-Id: Ia39a427d4747b29a7af42633f34daab63204bbf9
Treehugger Robot [Tue, 21 Apr 2020 15:51:20 +0000 (15:51 +0000)]
Merge "Introduce ro.crypto.uses_fs_ioc_add_encryption_key property"
Nikita Ioffe [Mon, 20 Apr 2020 21:21:49 +0000 (22:21 +0100)]
Introduce ro.crypto.uses_fs_ioc_add_encryption_key property
Bug:
154327249
Test: adb shell getprop ro.crypto.uses_fs_ioc_add_encryption_key
Test: adb bugreport && checked content contains new property
Change-Id: I562df49deffdccdb2cfd657130fc05b24d40a6a6
Merged-In: I562df49deffdccdb2cfd657130fc05b24d40a6a6
(cherry picked from commit
78f806198f85ca37abb617235c89abaca7d1c19c)
Martijn Coenen [Thu, 16 Apr 2020 08:06:53 +0000 (08:06 +0000)]
Merge "Rename casefold/projectid properties."
Martijn Coenen [Wed, 15 Apr 2020 09:42:47 +0000 (11:42 +0200)]
Rename casefold/projectid properties.
According to property naming guidelines.
Bug:
152170470
Bug:
153525566
Test: N/A
Change-Id: Iaebff2a835288839a2faf0edbe0e47ceb96b4458
Jaegeuk Kim [Tue, 14 Apr 2020 15:54:18 +0000 (15:54 +0000)]
Merge changes from topic "fscompression"
* changes:
vold: clean up configuration set
vold: support F2FS compression
Jaegeuk Kim [Mon, 6 Apr 2020 22:58:41 +0000 (15:58 -0700)]
vold: clean up configuration set
This patch introduces a structure to manipulate many configuration flags.
Signed-off-by: Jaegeuk Kim <jaegeuk@google.com>
Change-Id: Ib15d2b6e251741160d2febe695132a37f9dde23c
Treehugger Robot [Thu, 9 Apr 2020 22:07:40 +0000 (22:07 +0000)]
Merge "Send earlyBootEnded notice to all Keymasters"
Shawn Willden [Wed, 1 Apr 2020 16:02:16 +0000 (10:02 -0600)]
Send earlyBootEnded notice to all Keymasters
Vold incorrectly sends the earlyBootEnded signal only to the Keymaster
instance used for device encryption, but all of them need it.
Bug:
152932559
Test: VtsHalKeymasterV4_1TargetTest
Merged-In: Id8f01a1dc7d2398395f369c3ea74656a82888829
Change-Id: Id8f01a1dc7d2398395f369c3ea74656a82888829
Paul Crowley [Tue, 7 Apr 2020 03:23:57 +0000 (03:23 +0000)]
Merge "Choose options format using property"
Paul Crowley [Sun, 22 Mar 2020 15:02:06 +0000 (08:02 -0700)]
Choose options format using property
To make it easier to support disk formats created using old versions
of dm-default-key with new kernels, choose the disk format to use
based on options_format_version and first_api_version properties
instead of checking the version number of the kernel module.
Bug:
150761030
Test: crosshatch and cuttlefish boot normally; cuttlefish
fails with "default-key: Not enough arguments" as expected when
option is set to 1
Change-Id: Ib51071b7c316ce074de72439741087b18335048c
Jaegeuk Kim [Tue, 14 Jan 2020 19:22:26 +0000 (11:22 -0800)]
vold: support F2FS compression
Bug:
134580167
Change-Id: Iadd001dc5ce0f91a4337f5b27ea8cc54f9760b0d
Signed-off-by: Jaegeuk Kim <jaegeuk@google.com>
Yurii Zubrytskyi [Fri, 3 Apr 2020 17:25:05 +0000 (17:25 +0000)]
Merge "[vold] update with incfs_ndk.h"
Songchun Fan [Wed, 4 Mar 2020 01:58:20 +0000 (17:58 -0800)]
[vold] update with incfs_ndk.h
BUG:
150470163
Test: atest PackageManagerShellCommandIncrementalTest
Change-Id: I5166c49cf48f353dab35e385571ada517cb751ac
Merged-In: I5166c49cf48f353dab35e385571ada517cb751ac
Yurii Zubrytskyi [Thu, 26 Mar 2020 07:23:11 +0000 (07:23 +0000)]
Merge changes from topic "merge-incremental-vold"
* changes:
[vold] Add argument verification to IncFS methods
Expose new IncFS interface through Vold
Yurii Zubrytskyi [Tue, 24 Mar 2020 23:23:51 +0000 (16:23 -0700)]
[vold] Add argument verification to IncFS methods
+ Get rid of an extra string copy in path validation function
Bug:
152349257
Test: atest vold_tests
Change-Id: I03a8cab0dd6abd7d5c9dcbbc2acb651e818e6cd8
Merged-In: I03a8cab0dd6abd7d5c9dcbbc2acb651e818e6cd8
Yurii Zubrytskyi [Fri, 10 Jan 2020 19:54:06 +0000 (11:54 -0800)]
Expose new IncFS interface through Vold
CL is a part of multi-repository topic and will be merged
to AOSP
Bug:
146080380
Test: manual
Change-Id: I09b33a34ff1ac7f6e415b7bd090c22e7df24d72d
Merged-In: I09b33a34ff1ac7f6e415b7bd090c22e7df24d72d
Nikita Ioffe [Wed, 11 Mar 2020 16:10:35 +0000 (16:10 +0000)]
Merge "fskeyring & userspace reboot: support CE keys"
Nikita Ioffe [Fri, 28 Feb 2020 19:50:31 +0000 (19:50 +0000)]
fskeyring & userspace reboot: support CE keys
During userspace reboot /data might be unmounted & remounted, meaning
that CE keys stored in fs-level keyring will be lost. In order to be
able to restore them, when installing new key to fs-level keyring, it's
also added to session-level keyring with type "fscrypt-provisioning".
Then when init_user0 is called during userspace reboot, vold will try to
load CE keys from the session-level keyring back into fs-level keyring
for all the users that were unlocked before the reboot.
If for any user vold fails to install the key, init_user0 will fail and
fallback to hard reboot will be triggered.
Test: set a pin pattern
Test: adb shell setprop sys.init.userdata_remount.force_umount 1
Test: adb shell svc power reboot userspace
Test: atest CtsUserspaceRebootHostSideTestCases
Bug:
143970043
Change-Id: I37603dc136c7ededc7b0381e4d730cb0ffd912b4
Merged-In: I37603dc136c7ededc7b0381e4d730cb0ffd912b4
(cherry picked from commit
1ee35cf002de9f6aaa6f33e67d882cdbbaa35cc2)
Paul Crowley [Thu, 5 Mar 2020 15:59:18 +0000 (15:59 +0000)]
Merge "Use the blk_device supplied by vdc encryptFstab"
Automerger Merge Worker [Wed, 4 Mar 2020 15:19:40 +0000 (15:19 +0000)]
Merge "fskeyring & userspace reboot: support DE keys" am:
3b719ed32e
Change-Id: I23ff1535eacf875561c6fef250b431fe17b6dc14
Nikita Ioffe [Wed, 4 Mar 2020 15:02:23 +0000 (15:02 +0000)]
Merge "fskeyring & userspace reboot: support DE keys"
Nikita Ioffe [Thu, 27 Feb 2020 18:21:55 +0000 (18:21 +0000)]
fskeyring & userspace reboot: support DE keys
During userspace reboot /data might be unmounted, which means that if
device supports filesystem keyring, DE keys will be lost and are needed
to be re-installed.
Test: adb shell setprop sys.init.userdata_remount.force_umount 1
Test: adb shell svc power reboot userspace
Test: atest CtsUserspaceRebootHostSideTestCases
Bug:
143970043
Change-Id: I153caa1d7c373b3c906a34f1184c681e52854a9d
Merged-In: I153caa1d7c373b3c906a34f1184c681e52854a9d
(cherry picked from commit
1eaea5a6a21a2eb9ec0debb69a8718861e13b4d7)
Automerger Merge Worker [Wed, 4 Mar 2020 04:53:16 +0000 (04:53 +0000)]
Merge "umount /data/user/0 before umount /data" am:
3a0fd35b62
Change-Id: Ibb3aa685585e8dab22f504a7f862cad5e551ca96
Treehugger Robot [Wed, 4 Mar 2020 04:34:46 +0000 (04:34 +0000)]
Merge "umount /data/user/0 before umount /data"
Hyangseok Chae [Thu, 27 Feb 2020 09:21:50 +0000 (18:21 +0900)]
umount /data/user/0 before umount /data
FDE device has shut down and restart the framework.
But restart is not triggered due to umount fail.
umount /data fail with "device is busy"
It is because bind mount /data/data to /data/user/0
We need umount /data/user/0 before umount /data
Bug:
148004718
Test: Flash GSI and check boot with FDE and FBE device.
Change-Id: I919f9e31a9d2d745b297a7ab99b399aa9b293b39
Paul Crowley [Mon, 2 Mar 2020 20:57:58 +0000 (12:57 -0800)]
Use the blk_device supplied by vdc encryptFstab
fs_mgr may put other dm devices on top of the raw disk, such as for
checkpointing, and it hands metadata encryption the uppermost device in
vdc. That's what should be encrypted, not the raw disk.
Bug:
150354860
Test: Treehugger
Change-Id: I279f087b1b7aded40c5a62281154851ce970ba70
Automerger Merge Worker [Thu, 27 Feb 2020 03:22:54 +0000 (03:22 +0000)]
Merge "Use optional for nullable types" am:
deb7085453
Change-Id: Iea4d8e042d65e2ed1befa6dc18c822f2982c41ab
Jooyung Han [Thu, 27 Feb 2020 03:06:14 +0000 (03:06 +0000)]
Merge "Use optional for nullable types"
Jooyung Han [Thu, 23 Jan 2020 04:23:26 +0000 (13:23 +0900)]
Use optional for nullable types
AIDL generates optional<T> for nullable T types for C++, which is more
efficient and idomatic and easy to use.
Bug:
144773267
Test: build/flash/boot
Merged-In: I98549c8614c9152d5d45e2f1f33f2f3c31a9bbbf
Change-Id: I98549c8614c9152d5d45e2f1f33f2f3c31a9bbbf
(cherry picked from commit
0568fd287cfc0affc8e985f21da3793cdda286a3)
Automerger Merge Worker [Wed, 19 Feb 2020 23:20:59 +0000 (23:20 +0000)]
Merge "Make CTS not HEH the default post Q" am:
39969f0288
Change-Id: I0cb0430214ab69656c6e7f3116194b63eb54672b
Treehugger Robot [Wed, 19 Feb 2020 23:04:37 +0000 (23:04 +0000)]
Merge "Make CTS not HEH the default post Q"
Paul Crowley [Tue, 18 Feb 2020 18:10:08 +0000 (10:10 -0800)]
Make CTS not HEH the default post Q
Making HEH the default was always a mistake and a giant foot-gun.
Let's make life easier for people by making the default depend on
first_api_level, so it's automatically set up right for new devices
without breaking old ones. Also use v2 fscrypt keys instead of v1 post
Q.
Bug:
147107322
Test: Various Cuttlefish configurations
Change-Id: I5432bdfd6fec6ed34e7f9ab7cdd32cdeb2a03472
Automerger Merge Worker [Tue, 18 Feb 2020 23:40:09 +0000 (23:40 +0000)]
Merge "Fix unaligned access to auth token user_id" am:
21a17b091e
Change-Id: If1b44823f6758c9428b5874b2629579f384399b7
Automerger Merge Worker [Tue, 18 Feb 2020 23:40:04 +0000 (23:40 +0000)]
Merge "Remove unused code in VoldUtil.h" am:
e19189bd7f
Change-Id: I52b8e04f85890a1a320c47a191bf1c0429e058a4
Automerger Merge Worker [Tue, 18 Feb 2020 23:39:37 +0000 (23:39 +0000)]
Merge changes from topics "metadata_wrapped_key_aosp", "volume_metadata" am:
36fd1ebfae
Change-Id: Ieb478426e40feffcefd3a5e478e5e1c5d72539b7
Paul Crowley [Tue, 18 Feb 2020 23:18:46 +0000 (23:18 +0000)]
Merge "Fix unaligned access to auth token user_id"
Paul Crowley [Tue, 18 Feb 2020 23:18:30 +0000 (23:18 +0000)]
Merge "Remove unused code in VoldUtil.h"
Paul Crowley [Tue, 18 Feb 2020 23:17:07 +0000 (23:17 +0000)]
Merge changes from topics "metadata_wrapped_key_aosp", "volume_metadata"
* changes:
On newer devices, use dm-default-key to encrypt SD cards
vold: Wrapped key support for metadata encryption
Refactor: make makeGen local
Paul Crowley [Fri, 7 Feb 2020 20:51:56 +0000 (12:51 -0800)]
On newer devices, use dm-default-key to encrypt SD cards
The dm-crypt solution requires a kernel patch that won't be present in
the GKI kernel, while the new metadata encryption system in the GKI
kernel solves this problem in a much cleaner way.
Test: create private volume on Cuttlefish, setting property both ways.
Bug:
147814592
Change-Id: Ie02bd647c38d8101af2bbc47637f65845d312cea
Barani Muthukumaran [Fri, 7 Feb 2020 06:56:27 +0000 (22:56 -0800)]
vold: Wrapped key support for metadata encryption
metadata_encryption fstab option provides details on the cipher
and flags used for metadata encryption. wrappedkey_v0 is provided
to dm-default-key dm device when a wrapped key is used. The
inline encryption hardware unwraps the key and derives the
encryption key used to encrypt metadata without returning the key
in the clear to software.
Bug:
147733587
Test: FBE with metadata encryption using wrapped keys.
Change-Id: Ibf69bdc12bb18d2f0aef8208e65f3a8dececfd2a
Paul Crowley [Fri, 7 Feb 2020 20:51:56 +0000 (12:51 -0800)]
Refactor: make makeGen local
No need for KeyUtil to know how to make a KeyGeneration, it's cleaner
if each module handles it separately. Also, create a CryptoOptions
structure to track metadata encryption options, and simplify legacy
cipher/option handling.
Test: Treehugger
Bug:
147814592
Change-Id: I740063882914097329ff72348d0c0855c26c7aab
Paul Crowley [Thu, 30 Aug 2018 22:25:19 +0000 (15:25 -0700)]
Fix unaligned access to auth token user_id
Bug:
65232288
Test: Set a pattern on cuttlefish, ensure we can unlock
Change-Id: I5ee09cf72ab7d3d636a25755134bfad6f88265f9
Paul Crowley [Fri, 7 Feb 2020 23:08:12 +0000 (15:08 -0800)]
Remove unused code in VoldUtil.h
Test: Treehugger
Change-Id: I87585852af49ee49d63e3b1cde579114f855118b
Paul Crowley [Sat, 15 Feb 2020 02:03:19 +0000 (02:03 +0000)]
Merge "Refactor key generation to handle both normal and metadata encryption." am:
8e0780cba2
Change-Id: I59510b64f6803f5e76fefa359abfcc9207420126
Paul Crowley [Sat, 15 Feb 2020 01:40:26 +0000 (01:40 +0000)]
Merge "Refactor key generation to handle both normal and metadata encryption."
Paul Crowley [Wed, 12 Feb 2020 19:04:05 +0000 (11:04 -0800)]
Refactor key generation to handle both normal and metadata encryption.
Bug:
147733587
Test: Treehugger
Change-Id: Iee176037dec2621c84da325c2627f988fcebbc8d
Merged-In: Iee176037dec2621c84da325c2627f988fcebbc8d
Paul Crowley [Fri, 14 Feb 2020 21:07:09 +0000 (21:07 +0000)]
Merge "Refactor MetadataCrypt.cpp to make create_crypto_blk_dev more general" am:
7566e467ab
Change-Id: Ib59c92bf516a171bfebc7c11be92502b37acf375
Paul Crowley [Fri, 14 Feb 2020 20:48:35 +0000 (20:48 +0000)]
Merge "Refactor MetadataCrypt.cpp to make create_crypto_blk_dev more general"
Paul Crowley [Fri, 14 Feb 2020 18:25:49 +0000 (18:25 +0000)]
Merge changes Ic3993c1f,I06645bb4 am:
ac34e9aa3e
Change-Id: I4e11f42f1f302f8a08f60756cf08356aac8652cd
Paul Crowley [Fri, 14 Feb 2020 18:17:56 +0000 (18:17 +0000)]
Merge changes Ic3993c1f,I06645bb4
* changes:
Generalize CryptoType infrastructure
Refactor CryptoType to use better names, and size_t not uint32_t
Paul Crowley [Fri, 14 Feb 2020 09:15:35 +0000 (01:15 -0800)]
Refactor MetadataCrypt.cpp to make create_crypto_blk_dev more general
Bug:
147814592
Test: Treehugger
Change-Id: I13c6f84d729f2953f78626493d6e6d34d578a013
Paul Crowley [Fri, 7 Feb 2020 20:45:20 +0000 (12:45 -0800)]
Generalize CryptoType infrastructure
More consistency between MetadataCrypt and cryptfs, and steps towards
supporting Adiantum properly in MetadataCrypt.
Test: create private volume on Cuttlefish
Bug:
147814592
Change-Id: Ic3993c1fde11b4f5a9e6cc8ee588a7d92241c6ab
Paul Crowley [Wed, 12 Feb 2020 00:21:54 +0000 (16:21 -0800)]
Refactor CryptoType to use better names, and size_t not uint32_t
Test: treehugger
Bug:
147814592
Change-Id: I06645bb4941794797beebf05b817c4ac52e09cd7
Automerger Merge Worker [Thu, 13 Feb 2020 18:43:57 +0000 (18:43 +0000)]
Merge "Use DM layer directly to manage private DM volumes" am:
dd12ea5bd2
Change-Id: Ifb77dd72e810e758ac3a6105e13f7ea4341dca36
Paul Crowley [Thu, 13 Feb 2020 18:35:26 +0000 (18:35 +0000)]
Merge "Use DM layer directly to manage private DM volumes"
Automerger Merge Worker [Thu, 13 Feb 2020 05:17:07 +0000 (05:17 +0000)]
Merge "Pass volume key as a KeyBuffer" am:
334a684557
Change-Id: I017400aa3ef988435914ef2770b20bd78a0c1c10
Treehugger Robot [Thu, 13 Feb 2020 05:10:31 +0000 (05:10 +0000)]
Merge "Pass volume key as a KeyBuffer"
Automerger Merge Worker [Wed, 12 Feb 2020 23:37:24 +0000 (23:37 +0000)]
Merge "vold: Support Storage keys for FBE" am:
8cfb530357
Change-Id: I933a31eefe57b8b06513ca3e7a2ee874a1b680a1
Treehugger Robot [Wed, 12 Feb 2020 23:32:29 +0000 (23:32 +0000)]
Merge "vold: Support Storage keys for FBE"
Paul Crowley [Fri, 7 Feb 2020 20:15:56 +0000 (12:15 -0800)]
Use DM layer directly to manage private DM volumes
Abolish cryptfs_revert_ext_volume, handle in caller. This allows us to
use DeleteDeviceIfExists, avoiding a spurious error message.
Test: create private volume on Cuttlefish, eject, check logs
Bug:
147814592
Change-Id: I836d8bd11b29e32da0863aaa75144543bb9cab9c
Paul Crowley [Fri, 7 Feb 2020 19:49:09 +0000 (11:49 -0800)]
Pass volume key as a KeyBuffer
Not for security, but for consistency with the way we handle other
keys, and to move the length check to where it belongs.
Test: create private volume on Cuttlefish
Bug:
147814592
Change-Id: I10fc4896183d050ce25ff174faf78f525cf62930
Barani Muthukumaran [Mon, 3 Feb 2020 21:06:45 +0000 (13:06 -0800)]
vold: Support Storage keys for FBE
To prevent keys from being compromised if an attacker
acquires read access to kernel memory, some inline
encryption hardware supports protecting the keys in
hardware without software having access to or the
ability to set the plaintext keys. Instead, software
only sees "wrapped keys", which may differ on every boot.
'wrappedkey_v0' fileencryption flag is used to denote
that the device supports inline encryption hardware that
supports this feature. On such devices keymaster is used
to generate keys with STORAGE_KEY tag and export a
per-boot ephemerally wrapped storage key to install it in
the kernel.
The wrapped key framework in the linux kernel ensures the
wrapped key is provided to the inline encryption hardware
where it is unwrapped and the file contents key is derived
to encrypt contents without revealing the plaintext key in
the clear.
Test: FBE validation with Fscrypt v2 + inline crypt + wrapped
key changes kernel.
Bug:
147733587
Change-Id: I1f0de61b56534ec1df9baef075acb74bacd00758
Automerger Merge Worker [Wed, 12 Feb 2020 04:25:19 +0000 (04:25 +0000)]
Merge "Have vold inform keymaster that early boot ended" am:
68b9fb10ae
Change-Id: Ic113eea7d3282084f1eae308ae1b6df931bd7a8c
Treehugger Robot [Wed, 12 Feb 2020 04:07:43 +0000 (04:07 +0000)]
Merge "Have vold inform keymaster that early boot ended"
Automerger Merge Worker [Wed, 12 Feb 2020 01:06:54 +0000 (01:06 +0000)]
Merge "Update vold to use KM4.1" am:
6c5f302a90
Change-Id: I5393adf2503586c87414a302fa24d381863bccbf
Treehugger Robot [Wed, 12 Feb 2020 00:56:18 +0000 (00:56 +0000)]
Merge "Update vold to use KM4.1"
Shawn Willden [Thu, 16 Jan 2020 21:08:36 +0000 (14:08 -0700)]
Have vold inform keymaster that early boot ended
Just before mounting partition(s) not verified by verified boot, vold
should notify keymaster that early boot has ended so it won't allow
EARLY_BOOT_ONLY keys to be created or used.
Test: VtsHalKeymasterV4_1TargetTest
Change-Id: I74ffec8d5b33f01e62f845a8fc824b3a3cad50f3
Merged-In: I74ffec8d5b33f01e62f845a8fc824b3a3cad50f3
Shawn Willden [Thu, 16 Jan 2020 20:21:42 +0000 (13:21 -0700)]
Update vold to use KM4.1
This CL updates vold to use the Keymaster 4.1 interface, but does not
yet call any of the new methods.
Test: Boot the device
Change-Id: I4574a2f6eead3b71d1e89488b496b734694620c7
Merged-In: I4574a2f6eead3b71d1e89488b496b734694620c7
Automerger Merge Worker [Tue, 11 Feb 2020 00:49:53 +0000 (00:49 +0000)]
Merge "Use std::string to return crypto device, not char *" am:
80731b0975
Change-Id: I4cdc6e59713a945f9fc7b6e9d8c765e78c44b9cb
Paul Crowley [Tue, 11 Feb 2020 00:37:26 +0000 (00:37 +0000)]
Merge "Use std::string to return crypto device, not char *"
Automerger Merge Worker [Sat, 8 Feb 2020 01:50:57 +0000 (01:50 +0000)]
Merge "Refactor: make cryptfs.h smaller" am:
98c501d28e
Change-Id: I85d5bacfc08245397cb4f8aa71406bfeed961c19
Treehugger Robot [Sat, 8 Feb 2020 01:34:29 +0000 (01:34 +0000)]
Merge "Refactor: make cryptfs.h smaller"
Paul Crowley [Fri, 7 Feb 2020 19:27:49 +0000 (11:27 -0800)]
Use std::string to return crypto device, not char *
Bug:
147814592
Test: can create private volume on Cuttlefish
Change-Id: Ic2bca81c0f0319e1b988e9204a2f4e91af57d157
Paul Crowley [Mon, 3 Feb 2020 20:22:03 +0000 (12:22 -0800)]
Refactor: make cryptfs.h smaller
Move most of it into cryptfs.cpp, and include cryptfs.h in fewer files.
Bug:
147814592
Test: Treehugger
Change-Id: Ia3592d73e7abc1f07a60538e0978a3033bdea7de
Automerger Merge Worker [Sat, 1 Feb 2020 16:19:45 +0000 (16:19 +0000)]
Merge changes from topics "dm-default-key-v2", "metadata_cipher" am:
f60e947438
Change-Id: I3e27ed3481542e5e6fe0db2c872d745151e50765
Treehugger Robot [Sat, 1 Feb 2020 16:12:30 +0000 (16:12 +0000)]
Merge changes from topics "dm-default-key-v2", "metadata_cipher"
* changes:
Set metadata cipher in fstab
Add support for v2 of dm-default-key
Automerger Merge Worker [Fri, 31 Jan 2020 21:59:05 +0000 (21:59 +0000)]
Merge "Rename key_dir to metadata_key_dir and refactor" am:
a7463139cd
Change-Id: I14535278f6e2b0ffe6c322a2e9bd7e2ae608105f
Paul Crowley [Fri, 31 Jan 2020 21:49:13 +0000 (21:49 +0000)]
Merge "Rename key_dir to metadata_key_dir and refactor"
Paul Crowley [Thu, 30 Jan 2020 00:09:19 +0000 (16:09 -0800)]
Set metadata cipher in fstab
Bug:
147814592
Test: Cuttlefish can use adiantum
Change-Id: I6805ae4acff4dd1ff7cecff9153dbf29e0274165
Paul Crowley [Tue, 28 Jan 2020 18:37:39 +0000 (10:37 -0800)]
Add support for v2 of dm-default-key
Version 2 of dm-default-key has an extra parameter and always sets the
DUN.
Bug:
147814592
Test: Cuttlefish boots with keydirectory flag
Test: Crosshatch formatted before this change boots after it
Change-Id: I59081e385324d2e34a5f252286a97938d6ffb79b
Paul Crowley [Thu, 30 Jan 2020 23:26:15 +0000 (15:26 -0800)]
Rename key_dir to metadata_key_dir and refactor
Bug:
147814592
Test: Crosshatch boots
Change-Id: I9fce0ea5da9c81c2e4e9cf97b75c1cba821adf9e
Paul Crowley [Wed, 29 Jan 2020 00:29:00 +0000 (16:29 -0800)]
Merge "Refactor to use EncryptionPolicy everywhere we used to use raw_ref"
am:
fda79ddd82
Change-Id: I0d1599b8a2baa141e1d08029f75e5e54f486cb14
Paul Crowley [Wed, 29 Jan 2020 00:18:44 +0000 (00:18 +0000)]
Merge "Refactor to use EncryptionPolicy everywhere we used to use raw_ref"
Paul Crowley [Thu, 23 Jan 2020 23:29:30 +0000 (15:29 -0800)]
Refactor to use EncryptionPolicy everywhere we used to use raw_ref
Test: Boots, no bad log messages: Cuttlefish with v2 policies, Taimen
Bug:
147733587
Change-Id: Ice4acac3236b6b7d90e60a2f57b46814aa1949f5
Automerger Merge Worker [Fri, 24 Jan 2020 17:16:28 +0000 (17:16 +0000)]
Merge "vold: Do not cache CE keys in vold" am:
432ca5af06
Change-Id: I2ca8cd6aec19e5f736d4a796ed882ce5d704ded9
Paul Crowley [Fri, 24 Jan 2020 17:02:49 +0000 (17:02 +0000)]
Merge "vold: Do not cache CE keys in vold"
Automerger Merge Worker [Fri, 24 Jan 2020 02:27:01 +0000 (02:27 +0000)]
Merge "Add support for casefolding and project quotas" am:
f66ed18972
Change-Id: I5cba75000bcdbbc3bd3c6778994fea09d135aa2b
Daniel Rosenberg [Fri, 24 Jan 2020 02:11:30 +0000 (02:11 +0000)]
Merge "Add support for casefolding and project quotas"
Barani Muthukumaran [Fri, 1 Nov 2019 05:59:34 +0000 (22:59 -0700)]
vold: Do not cache CE keys in vold
CE keys were cached in vold to support untrusted reset
by a device admin, this is now supported by Locksettingservice
using synthetic password. This change requires a secret to be
provided to retrieve the CE key and re-wrap without the secret
when user removes the credential.
Test: Set credential, remove credential, swipe to none
and vice-versa.
Bug:
26948053
Merged-In: I4cb1c035a472477e70c1ff5bf0b2c3fcfad495e5
Change-Id: I4cb1c035a472477e70c1ff5bf0b2c3fcfad495e5
Jiyong Park [Thu, 23 Jan 2020 03:27:04 +0000 (19:27 -0800)]
Merge "Fixed a wrong AIDL import path"
am:
aa038e2f4d
Change-Id: I8f3bf6b512ac1a0509ceb17cfa35efd0af6581b8