OSDN Git Service
Suren Baghdasaryan [Wed, 27 Mar 2019 01:48:13 +0000 (18:48 -0700)]
Merge "Convert ifstream usage into fopen() to prevent fd leaks into child processes"
am:
93fb6083d4
Change-Id: I28dc4717f22207e310c5701a78c04214ffa4d52a
Suren Baghdasaryan [Wed, 27 Mar 2019 01:31:15 +0000 (01:31 +0000)]
Merge "Convert ifstream usage into fopen() to prevent fd leaks into child processes"
Suren Baghdasaryan [Tue, 26 Mar 2019 17:00:05 +0000 (10:00 -0700)]
Convert ifstream usage into fopen() to prevent fd leaks into child processes
std::ifstream does not use O_CLOEXEC flag when opening files. This leads
to file descriptors being inherited by child processes. In the case of vold
this results in leaking FDs to less privileged children with no permission
for these files which occasionally leads to SELinux denials.
Bug:
129298168
Change-Id: Id2731782a25d65c9a7cbf25dc441f3e7a17609c1
Signed-off-by: Suren Baghdasaryan <surenb@google.com>
Rubin Xu [Fri, 22 Mar 2019 13:17:06 +0000 (06:17 -0700)]
Merge "Remove excess logging in secdiscard"
am:
b640f4e337
Change-Id: Ic4509611efc55b0953ccca02fd7730740982728a
Treehugger Robot [Fri, 22 Mar 2019 13:05:35 +0000 (13:05 +0000)]
Merge "Remove excess logging in secdiscard"
Daniel Rosenberg [Thu, 21 Mar 2019 21:19:27 +0000 (14:19 -0700)]
Merge changes I977cc03b,I7b621476,Ib57f4461
am:
58551c0568
Change-Id: I0ecec87455c3c8daa53b00be941539998eea1cd2
Daniel Rosenberg [Thu, 21 Mar 2019 21:01:08 +0000 (21:01 +0000)]
Merge changes I977cc03b,I7b621476,Ib57f4461
* changes:
Add health check to checkpointing
Change abortChanges to take a message and bool
Make needsCheckpoint cover whole session
Daniel Rosenberg [Wed, 21 Nov 2018 03:03:11 +0000 (19:03 -0800)]
Add health check to checkpointing
Take action if we are running out of checkpoint space.
Configurable via ro.sys properties.
ro.sys.cp_usleeptime = Time to sleep between checks
ro.sys.cp_min_free_bytes = Min free space to act on
ro.sys.cp_commit_on_full = action to take. Either commits or reboots to
continue attempt without checkpoint, or retry
and eventually abort OTA
Test: Trigger a checkpoint and fill the disk.
Bug:
119769392
Change-Id: I977cc03b7aef9320d661c8a0d716f8a1ef0be347
Daniel Rosenberg [Thu, 21 Mar 2019 00:02:47 +0000 (17:02 -0700)]
Change abortChanges to take a message and bool
abortChanges will attempt to pass a reboot message, and will only reboot
if the device is currently checkpointing. Additionally, it can opt to
attempt to prevent future attempts. This only works for non-bootloader
controlled updates. Failures are ignored, as it will always reboot the
device. In the unlikely event of such a failure, the device will
continue to retry as though you did not ask to prevent future attempts.
Test: vdc checkpoint abortChanges abort_retry_test 1
vdc checkpoint abortChanges abort_noretry_test 0
Change-Id: I7b6214765a1faaf4fd193c73331696b53ae572d2
Daniel Rosenberg [Tue, 19 Mar 2019 21:02:59 +0000 (14:02 -0700)]
Make needsCheckpoint cover whole session
This makes needCheckpoint return true when the device will or is using
checkpointing.
Test: vdc checkpoint startCheckpoint 1
reboot
vdc checkpoint needsCheckpoint
should return 1 before and after data mounts, and 0 once the
checkpoint has been committed
Change-Id: Ib57f4461d837f41a8110ed318168165a684d913a
Rubin Xu [Thu, 21 Mar 2019 18:13:40 +0000 (18:13 +0000)]
Remove excess logging in secdiscard
Remove all debug logs to reduce logspam a bit.
Bug:
64349233
Test: manual
Change-Id: I234fae7b9fb719b09af27985736f43f085dad301
Paul Crowley [Tue, 19 Mar 2019 19:31:37 +0000 (12:31 -0700)]
Merge "Shell no longer globs, so glob in pushBackContents"
am:
a41b7849d0
Change-Id: Iedd9a6d6834adc844e13e9ec596062032588fd53
Paul Crowley [Tue, 19 Mar 2019 19:13:56 +0000 (19:13 +0000)]
Merge "Shell no longer globs, so glob in pushBackContents"
Paul Lawrence [Mon, 18 Mar 2019 23:08:51 +0000 (16:08 -0700)]
Merge "Add vdc checkpoint supportsBlockCheckpoint"
am:
860c731158
Change-Id: I61a7059649e8dc0ff5096f3494d5e4b0f8f3b787
Treehugger Robot [Mon, 18 Mar 2019 22:56:47 +0000 (22:56 +0000)]
Merge "Add vdc checkpoint supportsBlockCheckpoint"
Paul Lawrence [Mon, 18 Mar 2019 20:36:40 +0000 (13:36 -0700)]
Add vdc checkpoint supportsBlockCheckpoint
Also add vdc checkpoint supportsFileCheckpoint
This is to allow tests to be specific to supported checkpoint mode.
Test: Built on Taimen and Crosshatch, made sure both new functions work
as expected
Change-Id: I0eab7453b13c0a2e31840ef9ad24a692cec55b00
Paul Crowley [Mon, 18 Mar 2019 17:26:47 +0000 (10:26 -0700)]
Shell no longer globs, so glob in pushBackContents
Bug:
113246065
Bug:
123057215
Test: As described in b/
113246065 comment 1
Change-Id: Id766773ed4abe80a9fc1d5305f099aedfe8eed90
Chris Fries [Thu, 14 Mar 2019 15:34:06 +0000 (08:34 -0700)]
Merge "Fsync directories before delete key"
am:
7573874d3f
Change-Id: I568638b5de3c58d868024f959f890094eb1bd501
Chris Fries [Thu, 14 Mar 2019 15:19:20 +0000 (15:19 +0000)]
Merge "Fsync directories before delete key"
Woody Lin [Mon, 11 Mar 2019 12:58:20 +0000 (20:58 +0800)]
Fsync directories before delete key
The boot failure symptom is reproduced on Walleye devices. System boots
up after taking OTA and try to upgrade key, but keymaster returns "failed
to ugprade key". Device reboots to recovery mode because of the failure,
and finally trapped in bootloader screen. Possible scenario is:
(After taking OTA)
vold sends old key and op=UPGRADE to keymaster
keymaster creates and saves new key to RPMB, responses new key to vold
vold saves new key as temp key
vold renames temp key to main key -------------- (1) -- still in cache
vold sends old key and op=DELETE_KEY to keymaster
keymaster removes old key from RPMB ------------ (2) -- write directly to RPMB
==> SYSTEM INTERRUPTED BY CRASH OR SOMETHING; ALL CACHE LOST.
==> System boots up, key in RPMB is deleted but key in storage is old key.
Solution: A Fsync is required between (1) and (2) to cover this case.
Detail analysis: b/
124279741#comment21
Bug:
112145641
Bug:
124279741
Test: Insert fault right after deleteKey in vold::begin (KeyStorage.cpp),
original boot failure symptom is NOT reproducible.
Change-Id: Ib8c349d6d033f86b247f4b35b8354d97cf249d26
The Android Open Source Project [Mon, 11 Mar 2019 23:55:26 +0000 (16:55 -0700)]
[automerger skipped] Merge "DO NOT MERGE - Skip PPRL.190305.001 into master"
am:
027fe9217c -s ours
am skip reason: subject contains skip directive
Change-Id: I2dc06015f2c873a8d9a62d743d97fc489937b644
The Android Open Source Project [Mon, 11 Mar 2019 23:54:31 +0000 (16:54 -0700)]
[automerger skipped] DO NOT MERGE - Skip PPRL.190305.001 into master
am:
37c6ce4fb0 -s ours
am skip reason: subject contains skip directive
Change-Id: I6fa5c1108107e07e1d6c77592eaa6269672fdd2b
Treehugger Robot [Mon, 11 Mar 2019 23:16:31 +0000 (23:16 +0000)]
Merge "DO NOT MERGE - Skip PPRL.190305.001 into master"
The Android Open Source Project [Mon, 11 Mar 2019 21:57:55 +0000 (14:57 -0700)]
DO NOT MERGE - Skip PPRL.190305.001 into master
Bug:
127812889
Change-Id: I5bff7948e2fc254d0595329bd7a7262586de0c32
Jiyong Park [Sat, 9 Mar 2019 01:55:15 +0000 (17:55 -0800)]
Merge "Don't unmount /storage for early native processes"
am:
ee9554b2d9
Change-Id: I985413323a86816b392bd00211c550aef93328ae
Treehugger Robot [Sat, 9 Mar 2019 01:33:40 +0000 (01:33 +0000)]
Merge "Don't unmount /storage for early native processes"
Daniel Rosenberg [Fri, 8 Mar 2019 02:43:46 +0000 (18:43 -0800)]
Merge changes I91cf0def,I47570e8e
am:
5f01cf3cac
Change-Id: If269c0d3134dc98683982a96224885503b2f8434
Treehugger Robot [Thu, 7 Mar 2019 23:56:21 +0000 (23:56 +0000)]
Merge changes I91cf0def,I47570e8e
* changes:
Make Checkpoint restore resume safe
Add vdc checkpoint restoreCheckpointPart
Daniel Rosenberg [Sat, 2 Mar 2019 06:01:22 +0000 (22:01 -0800)]
Make Checkpoint restore resume safe
This allows us to resume rolling back in the event of an unexpected
shutdown during the restore process. We save progress after we process
each log sector, and whenever restarting the current log sector would
result in invalid data.
Test: Run restore, interrupt it, and attempt to resume
Change-Id: I91cf0defb0d22fc5afdb9debc2963c956e9e171c
Daniel Rosenberg [Thu, 7 Mar 2019 01:45:17 +0000 (17:45 -0800)]
Add vdc checkpoint restoreCheckpointPart
Restores the first n entries of a checkpoint. Allows automated testing
of interrupted restores.
Test: vdc checkpoint restoreCheckpoint [device] [n]
Change-Id: I47570e8eba0bc3c6549a04a33600df05d393990b
Daniel Rosenberg [Thu, 7 Mar 2019 06:16:41 +0000 (22:16 -0800)]
Merge "Switch Checkpoint Restore code to c style File ops"
am:
bc1901f8af
Change-Id: I52f3551d5a86d7e2edbb116bec98e8d2a11535df
Daniel Rosenberg [Thu, 7 Mar 2019 06:10:58 +0000 (06:10 +0000)]
Merge "Switch Checkpoint Restore code to c style File ops"
Daniel Rosenberg [Tue, 5 Mar 2019 05:46:31 +0000 (21:46 -0800)]
Switch Checkpoint Restore code to c style File ops
In preparation for restore code, we need to guarantee fsync happens.
Switch over to fd based operations to prepare for that.
Test: Successfully restores device over reboots
Change-Id: Ic9901779e8a4258bf8090d6a62fa9829e343fd39
Jiyong Park [Fri, 4 Jan 2019 04:35:25 +0000 (13:35 +0900)]
Don't unmount /storage for early native processes
Motivation:
Early processes launched before the runtime APEX - that hosts the bionic
libs - is activated can't use the bionic libs from the APEX, but from the
system partition (which we call the bootstrap bionic). Other processes
after the APEX activation should use the bionic libs from the APEX.
In order to let both types of processes to access the bionic libs via
the same standard paths /system/lib/{libc|libdl|libm}.so, some mount
namespace magic is used.
To be specific, when the device boots, the init initially bind-mounts
the bootstrap bionic libs to the standard paths with MS_PRIVATE. Early
processes are then executed with their own mount namespaces (via
unshare(CLONE_NEWNS)). After the runtime APEX is activated, init
bind-mounts the bionic libs in the APEX to the same standard paths.
Processes launched thereafter use the bionic libs from the APEX (which
can be updated.)
Important thing is that, since the propagation type of the mount points
(the standard paths) is 'private', the new bind-mount events for the
updated bionic libs should not affect the early processes. Otherwise,
they would experience sudden change of bionic libs at runtime. However,
other mount/unmounts events outside of the private mount points are
still shared across early/late processes as before. This is made possible
because the propagation type of / is 'shared' .
Problem:
vold uses the equality of the mount namespace to filter-out processes
that share the global mount namespace (the namespace of the init). However,
due to the aforementioned change, the early processes are not filtered
out because they have different mount namespaces. As a result,
umount2("/storage/") is executed on them and this unmount event
becomes visible to the global mount namespace (because as mentioned before /
is 'shared').
Solution:
Fiter-out the early processes by skipping a native (non-Java) process
whose UID is < AID_APP. The former condition is because all early
processes are native ones; i.e., zygote is started after the runtime
APEX is activated. The latter condition is to not filter-out native
processes created locally by apps.
Bug:
120266448
Test: m; device boots
Change-Id: I054deedc4af8421854cf35be84e14995523a259a
Paul Lawrence [Fri, 1 Mar 2019 21:35:24 +0000 (13:35 -0800)]
Merge "Make restore validation fast by using a map"
am:
decda14f02
Change-Id: I92c5bdf046ac7e6b2211021698990592fe5f3895
Paul Lawrence [Fri, 1 Mar 2019 21:19:27 +0000 (21:19 +0000)]
Merge "Make restore validation fast by using a map"
Paul Lawrence [Tue, 22 Jan 2019 22:31:43 +0000 (14:31 -0800)]
Make restore validation fast by using a map
Test: Successfully restores device over reboots
Change-Id: I4f1c5bbe6c07697a925a1a4efb92aefd15b61332
Xin Li [Thu, 21 Feb 2019 00:20:13 +0000 (16:20 -0800)]
DO NOT MERGE - Merge pi-dev@
5234907 into stage-aosp-master
Bug:
120848293
Change-Id: Ia3e46d3c5ca83da01e78e076d2810620812f5115
Paul Lawrence [Wed, 20 Feb 2019 12:22:43 +0000 (04:22 -0800)]
Merge "Do not trim unless we are actually checkpointing"
am:
2268c285a5
Change-Id: I031a25204269ea7d3d65349a3f281a3f1e07eadd
Treehugger Robot [Wed, 20 Feb 2019 12:09:31 +0000 (12:09 +0000)]
Merge "Do not trim unless we are actually checkpointing"
Paul Lawrence [Tue, 19 Feb 2019 22:18:54 +0000 (14:18 -0800)]
Do not trim unless we are actually checkpointing
I'm not convinced this explains the full regression, but it's a
worthwhile fix anyway.
Bug:
124774357
Test: Booted in checkpoint mode and non checkpoint mode
Change-Id: I6e0e1e59e27bd127feac218fff7d88bb3570b530
Xin Li [Thu, 14 Feb 2019 22:11:30 +0000 (22:11 +0000)]
Merge "DO NOT MERGE - Skip pi-platform-release (PPRL.190205.001) into stage-aosp-master" into stage-aosp-master
David Anderson [Thu, 14 Feb 2019 20:41:46 +0000 (12:41 -0800)]
Merge "Enable metadata encryption for userdata_gsi."
am:
99046b75c4
Change-Id: I90d530403f635427c7695e6a106526b51a7fc146
David Anderson [Thu, 14 Feb 2019 20:27:05 +0000 (20:27 +0000)]
Merge "Enable metadata encryption for userdata_gsi."
David Anderson [Wed, 6 Feb 2019 01:32:05 +0000 (17:32 -0800)]
Enable metadata encryption for userdata_gsi.
When running a live GSI, userdata is a logical partition. If we don't
fix up the fstab we'll derive the underlying block device instead of
the device-mapper node for userdat_gsi, resulting in a corrupt data
partition for both images.
Bug:
123906417
Test: manual test
Change-Id: Ic0101f30504de26e725442da2da3888008c31b63
Xin Li [Wed, 13 Feb 2019 00:41:37 +0000 (16:41 -0800)]
DO NOT MERGE - Skip pi-platform-release (PPRL.190205.001) into stage-aosp-master
Bug:
124234733
Change-Id: I5f6bd6a42230b0c9e54dc6221cfa12f366585e40
android-build-team Robot [Sat, 9 Feb 2019 02:36:27 +0000 (02:36 +0000)]
Snap for
5180536 from
2ab3b948d787852b2b34c4c7fe623c35ae214ae3 to pi-platform-release
Change-Id: Idc5557adef8d2cbc60a594ab3ea1aa3669140926
Paul Lawrence [Fri, 8 Feb 2019 22:00:32 +0000 (14:00 -0800)]
Merge "Support header versioning in dm-bow"
am:
96336c716b
Change-Id: I8d71b57c51e2290c2633b286ea91a54a3ea0d582
Treehugger Robot [Fri, 8 Feb 2019 21:55:29 +0000 (21:55 +0000)]
Merge "Support header versioning in dm-bow"
Paul Lawrence [Fri, 8 Feb 2019 21:27:49 +0000 (13:27 -0800)]
Merge "Suport variable blocksizes in dm-bow restore"
am:
73c0028901
Change-Id: I42cf7db1bca5905e93546b1df78b8439c22ef198
Treehugger Robot [Fri, 8 Feb 2019 21:16:58 +0000 (21:16 +0000)]
Merge "Suport variable blocksizes in dm-bow restore"
Paul Lawrence [Fri, 18 Jan 2019 18:28:34 +0000 (10:28 -0800)]
Support header versioning in dm-bow
Test: Make sure still boots, restores
Change-Id: I903f58cb22472dbbbbb4c27ed1d88ed1f7c7dc5d
Paul Lawrence [Thu, 10 Jan 2019 21:06:07 +0000 (13:06 -0800)]
Suport variable blocksizes in dm-bow restore
Test: Test that restore still works
Change-Id: I7259e3efd1cd0ee13c74336a7e53158b6bceed57
Daniel Rosenberg [Fri, 8 Feb 2019 01:49:55 +0000 (17:49 -0800)]
Merge "Mark A/B Boot success before committing checkpoint"
am:
d6bbe746d7
Change-Id: I2876835681d42bade620081d508a7490d664c8aa
Daniel Rosenberg [Fri, 8 Feb 2019 01:40:54 +0000 (01:40 +0000)]
Merge "Mark A/B Boot success before committing checkpoint"
Paul Crowley [Wed, 6 Feb 2019 03:33:46 +0000 (19:33 -0800)]
Merge "Fix search for values in blkId output"
am:
0fbc5af676
Change-Id: Ica4be0ea315c0aa6a2d6289139a88a8fa944deac
Treehugger Robot [Wed, 6 Feb 2019 03:19:32 +0000 (03:19 +0000)]
Merge "Fix search for values in blkId output"
Paul Crowley [Tue, 5 Feb 2019 23:33:34 +0000 (15:33 -0800)]
Fix search for values in blkId output
Bug:
122497152
Test: atest tests/Utils_test.cpp
Test: adb shell sm partition disk:7,32 private ; adb logcat -d
Change-Id: Ic7d32bdbc0c55ce1d21f7f9e74c6a6fb3dcf332a
Daniel Rosenberg [Wed, 23 Jan 2019 23:16:04 +0000 (15:16 -0800)]
Mark A/B Boot success before committing checkpoint
This marks the slot as successful within commitChanges, increasing the
available roll back window significantly.
Test: When taking an update on a checkpoint enabled device, it
marks the slot as successful just before committing the
checkpoint. Visible in logs as call to vdc commitChanges,
followed by "Marked slot as booted succesfully."
Bug:
123260515
Change-Id: If71fcde57b3bdee2cfaabb590f123a2d00da3228
Daniel Rosenberg [Mon, 4 Feb 2019 23:25:00 +0000 (15:25 -0800)]
Merge "Use global default_fstab instead of re-reading"
am:
64f5e5bb38
Change-Id: Ief94647963db3c48f1aeb89e7d8ccd5f7cb63da7
Daniel Rosenberg [Mon, 4 Feb 2019 23:14:51 +0000 (23:14 +0000)]
Merge "Use global default_fstab instead of re-reading"
Daniel Rosenberg [Sat, 2 Feb 2019 03:25:47 +0000 (19:25 -0800)]
Use global default_fstab instead of re-reading
VoldUtils already has a pre-parsed fstab. Use it instead.
Test: Checkpoint functions continue to work
Change-Id: I96cbab467a7b809c92c4f6cdf7a06abca8c5aa5e
Tom Cherry [Fri, 1 Feb 2019 01:13:44 +0000 (17:13 -0800)]
Merge "Move over to the C++ Fstab class"
am:
b6d5cd20d7
Change-Id: Ia9c8b38cb014f30f0ca609bd71cfe1b0de9c27d3
Tom Cherry [Fri, 1 Feb 2019 01:02:50 +0000 (01:02 +0000)]
Merge "Move over to the C++ Fstab class"
Tom Cherry [Tue, 29 Jan 2019 22:34:01 +0000 (14:34 -0800)]
Move over to the C++ Fstab class
Test: build and boot
Change-Id: Id3850c9c133f6644073a2439368501253a2a94a9
LongPing Wei [Wed, 30 Jan 2019 16:40:38 +0000 (08:40 -0800)]
Merge "Remove secontext.h, secontext.cpp, hash.h"
am:
eb00112e09
Change-Id: Ie24ba4a5336a3a8537b43fa2996e53b0dbd85d74
Treehugger Robot [Wed, 30 Jan 2019 16:29:26 +0000 (16:29 +0000)]
Merge "Remove secontext.h, secontext.cpp, hash.h"
LongPing Wei [Wed, 30 Jan 2019 08:03:14 +0000 (16:03 +0800)]
Remove secontext.h, secontext.cpp, hash.h
cryptfs.cpp and MetadataCrypt.cpp can use android::vold::sFsckContext directly.
hash.h is unuseful.
Test: make
Change-Id: I7acdac97d6ed1c9b2a5dc367fcea8aa2942192e8
Eric Biggers [Tue, 29 Jan 2019 21:08:12 +0000 (13:08 -0800)]
Merge "cryptfs: improve logging of dm-crypt device creation"
am:
f028d279ae
Change-Id: I348e4a6ac62cdd8575e1cdd0602a73442459d0de
Eric Biggers [Tue, 29 Jan 2019 20:58:29 +0000 (20:58 +0000)]
Merge "cryptfs: improve logging of dm-crypt device creation"
Eric Biggers [Tue, 29 Jan 2019 18:42:28 +0000 (10:42 -0800)]
Merge "cryptfs: round down dm-crypt device size to crypto sector boundary"
am:
e7205eaa44
Change-Id: I4e1a75d8c34388c1b75ce4d9797f21530d01d1ac
Eric Biggers [Tue, 29 Jan 2019 18:30:55 +0000 (18:30 +0000)]
Merge "cryptfs: round down dm-crypt device size to crypto sector boundary"
Eric Biggers [Fri, 25 Jan 2019 20:11:25 +0000 (12:11 -0800)]
cryptfs: improve logging of dm-crypt device creation
Log the main configuration of the dm-crypt device -- the name, the
cipher, the keysize, the real device, and the length -- in addition to
the extra parameters which we were already logging.
(We can't simply log the actual string passed to the kernel, of course,
because that includes the key. So we choose the fields individually.)
Test: booted device configured to use FDE and checked the log message
Change-Id: Ia95de807c4fad68d93b7e7e73508a01e5139dc76
Eric Biggers [Fri, 25 Jan 2019 18:47:55 +0000 (10:47 -0800)]
cryptfs: round down dm-crypt device size to crypto sector boundary
This is needed to make adoptable storage volumes work with a 4K crypto
sector size when the block device size is not a multiple of 4K.
It is fine to do this because the filesystem ends on a 4K boundary
anyway and doesn't use any partial block at the end.
Bug:
123375298
Test: booted device configured to use FDE with sector size 4k, ran
'sm set-virtual-disk true' and formatted the virtual SD card as
adoptable storage. Then did the same but with a temporary patch
that changed kSizeVirtualDisk to be misaligned
Change-Id: I95ee6d7dcaaa8989c674aea9988c09116e830b0c
Daniel Rosenberg [Fri, 25 Jan 2019 04:39:32 +0000 (20:39 -0800)]
Merge "Preserve options on remount in commitChanges"
am:
aaac873faf
Change-Id: Ie09902ef6111cf2aa57014cb97dcdcbe04ecaf86
Treehugger Robot [Fri, 25 Jan 2019 04:26:17 +0000 (04:26 +0000)]
Merge "Preserve options on remount in commitChanges"
Daniel Rosenberg [Fri, 25 Jan 2019 02:23:18 +0000 (18:23 -0800)]
Preserve options on remount in commitChanges
Copy the existing mount options when remounting f2fs for checkpointing
mode.
Bug:
123376509
Test: Boot with checkpointing, and ensure entries match fstab
Change-Id: If022d9872a44657b550ab892259230805716dc77
Daniel Rosenberg [Thu, 24 Jan 2019 06:30:20 +0000 (22:30 -0800)]
Merge "Add supportsCheckpoint"
am:
9b2b8fd459
Change-Id: I893b20737f20c0a21be2a4068fb8b49cdb54ed80
Treehugger Robot [Thu, 24 Jan 2019 06:14:44 +0000 (06:14 +0000)]
Merge "Add supportsCheckpoint"
Daniel Rosenberg [Wed, 23 Jan 2019 01:27:25 +0000 (17:27 -0800)]
Add supportsCheckpoint
This returns true if any entries in the fstab have checkpoint=
set.
Test: Call vdc checkpoint supportsCheckpoint. Should return 1
iff an fstab entry has checkpoint=fs or checkpoint=block set
Bug:
111020314
Change-Id: Ic79bc96ded4da6605f73992dcff542e7cb50d705
Eric Biggers [Tue, 22 Jan 2019 18:33:43 +0000 (10:33 -0800)]
Merge "cryptfs: check for errors in create_encrypted_random_key()"
am:
f156c40404
Change-Id: I67871c595dfeab96de3096e0bcf61c69261cb9cc
Eric Biggers [Tue, 22 Jan 2019 18:33:21 +0000 (10:33 -0800)]
Merge "Utils: correctly handle read() errors in ReadRandomBytes()"
am:
a2bd436594
Change-Id: If33693132dd4954135070c2681053a49f885ed0e
Eric Biggers [Tue, 22 Jan 2019 18:18:18 +0000 (18:18 +0000)]
Merge "cryptfs: check for errors in create_encrypted_random_key()"
Eric Biggers [Tue, 22 Jan 2019 18:14:49 +0000 (18:14 +0000)]
Merge "Utils: correctly handle read() errors in ReadRandomBytes()"
Sudheer Shanka [Sat, 19 Jan 2019 00:52:45 +0000 (16:52 -0800)]
Merge "Create new mount directory /mnt/runtime/full."
am:
b9fae464fc
Change-Id: I33a72f65d938bfb3132b6440e5cd1d9e791600c6
Sudheer Shanka [Sat, 19 Jan 2019 00:24:23 +0000 (00:24 +0000)]
Merge "Create new mount directory /mnt/runtime/full."
Sudheer Shanka [Thu, 17 Jan 2019 07:35:49 +0000 (23:35 -0800)]
Create new mount directory /mnt/runtime/full.
This will be used for system internals to access
secondary volumes without having to bypass sdcardfs.
Bug:
121277410
Test: manual
Exempt-From-Owner-Approval: Got approval on internal master
Change-Id: I9b3e33f6c6e426e83469b8030b02d59c02183946
Eric Biggers [Wed, 16 Jan 2019 21:05:34 +0000 (13:05 -0800)]
cryptfs: check for errors in create_encrypted_random_key()
When generating the key and salt we weren't checking for an error
opening or reading from /dev/urandom. Switch to the helper function
ReadRandomBytes() and start checking for errors.
Test: Booted device with FDE. As a extra sanity check I also
temporarily added log messages that dump the key and salt,
and I verified they still appear random.
Change-Id: I01ccee4f1f9910bf9508c8f02a918157393b0e68
Eric Biggers [Wed, 16 Jan 2019 21:05:34 +0000 (13:05 -0800)]
Utils: correctly handle read() errors in ReadRandomBytes()
read() returns -1 on error, so we need to use a signed type.
Test: Booted device with FDE
Change-Id: Ib44247c1cdfd38674a7439209e333823f2fb6cf8
Xin Li [Thu, 17 Jan 2019 21:54:05 +0000 (13:54 -0800)]
[automerger skipped] Merge "DO NOT MERGE - Skip pie-platform-release (PPRL.190105.001) in master"
am:
9f7aa175a0 -s ours
am skip reason: subject contains skip directive
Change-Id: Ia43ba3dfaad4bc846241ac4dd57bd55e30a7bbad
Xin Li [Thu, 17 Jan 2019 21:19:43 +0000 (21:19 +0000)]
Merge "DO NOT MERGE - Skip pie-platform-release (PPRL.190105.001) in master"
Sudheer Shanka [Thu, 17 Jan 2019 18:26:46 +0000 (10:26 -0800)]
Merge "Add UnmountTreeWithPrefix util method."
am:
2e9aafb620
Change-Id: Ifc0d514634e700875aa70d0e24952fc24780cb4d
Sudheer Shanka [Thu, 17 Jan 2019 18:04:27 +0000 (18:04 +0000)]
Merge "Add UnmountTreeWithPrefix util method."
Annie Meng [Thu, 17 Jan 2019 17:10:57 +0000 (09:10 -0800)]
Merge "Create subdirs in system_ce/ for multi-user backup"
am:
625203444b
Change-Id: Ifb251a875ae2245254ff113c81cac8a9205daf17
Annie Meng [Thu, 17 Jan 2019 15:29:32 +0000 (15:29 +0000)]
Merge "Create subdirs in system_ce/ for multi-user backup"
Annie Meng [Wed, 16 Jan 2019 21:32:27 +0000 (21:32 +0000)]
Create subdirs in system_ce/ for multi-user backup
Backup system service bookkeeping is being moved to per-user CE
directories to support multiple users participating in the service.
Accompanies SELinux changes at aosp/873133
Bug:
121197420
Test: 1) Boot device; check dirs created with correct label; run backup
successfully on system user
2) Create secondary user; check dirs created with correct label; run
backup successfully
Change-Id: I3a0fdbfcf18a3c242fc64fba0dd014160b50b2f0
Annie Meng [Thu, 17 Jan 2019 11:09:20 +0000 (03:09 -0800)]
Merge "vold_prepare_subdirs: prepare /data/misc_[ce|de]/rollback."
am:
3cc1866454
Change-Id: I1fe5887b2d4a0c222e95e594562f368587e069c5
Annie Meng [Thu, 17 Jan 2019 11:01:00 +0000 (11:01 +0000)]
Merge "vold_prepare_subdirs: prepare /data/misc_[ce|de]/rollback."
Sudheer Shanka [Thu, 17 Jan 2019 07:04:07 +0000 (23:04 -0800)]
Add UnmountTreeWithPrefix util method.
Add a utility method to unmount all mountpoints
that start with a prefix.
Bug:
122905493
Test: manual
Change-Id: I11739e40e7849c1b4ca9e0b90c5c3f243691257a
Paul Lawrence [Thu, 17 Jan 2019 01:17:13 +0000 (17:17 -0800)]
Merge "Checkpoints: Support validation and roll forward on fail"
am:
9ff07121ff
Change-Id: Ica199c67c5083a5fdb9d08331ff6b2560625fa0e