OSDN Git Service
Jeff Sharkey [Fri, 1 Jun 2018 22:19:33 +0000 (15:19 -0700)]
Merge commit '
635193ab36302e5f65e99c7df2f256cfd37068c7' into am-
b7f1a67b-2024-4274-aa7d-
e88e8cceb407
am:
9a35ab6a4f
Change-Id: I273dc86e0b0580bef81e272a94043b269d7df402
Jeff Sharkey [Fri, 1 Jun 2018 22:03:06 +0000 (16:03 -0600)]
Merge commit '
635193ab36302e5f65e99c7df2f256cfd37068c7' into am-
b7f1a67b-2024-4274-aa7d-
e88e8cceb407
* commit '
635193ab36302e5f65e99c7df2f256cfd37068c7':
Require quotes when searching for blkid keys.
Bug:
80436257
Test: manual
Change-Id: I4cbae2d594edefa10e5e2c5236d17fe3d37818cd
Android Build Merger (Role) [Fri, 1 Jun 2018 21:46:12 +0000 (21:46 +0000)]
[automerger] Require quotes when searching for blkid keys. am:
ee5c7318d7 am:
98bb129cd3 am:
0c5a0d65c9 am:
7e51f8d0c4 am:
53fe89bbad am:
5716ee6d7a am:
4de0e883d0 am:
a7946bf9c6
Change-Id: I831bc503b1fdcf5a6a0c31ac0ded46d301c410ef
Android Build Merger (Role) [Fri, 1 Jun 2018 21:46:11 +0000 (21:46 +0000)]
[automerger] Require quotes when searching for blkid keys. am:
ee5c7318d7 am:
98bb129cd3 am:
0c5a0d65c9 am:
7e51f8d0c4 am:
53fe89bbad am:
5716ee6d7a am:
4de0e883d0
Change-Id: I66ce047987d59d1344cd46e14e07ae0d3cb4bf9a
Android Build Merger (Role) [Fri, 1 Jun 2018 21:46:09 +0000 (21:46 +0000)]
[automerger] Require quotes when searching for blkid keys. am:
ee5c7318d7 am:
98bb129cd3 am:
0c5a0d65c9 am:
7e51f8d0c4 am:
53fe89bbad am:
5716ee6d7a
Change-Id: Icf5c0c0a0c4f4aec605182111dcedf16f5a4ab95
Android Build Merger (Role) [Fri, 1 Jun 2018 21:46:08 +0000 (21:46 +0000)]
[automerger] Require quotes when searching for blkid keys. am:
ee5c7318d7 am:
98bb129cd3 am:
0c5a0d65c9 am:
7e51f8d0c4 am:
53fe89bbad
Change-Id: I87042d7d1d7b2cf9baeb3f28fd9ab31e5f97f62a
Android Build Merger (Role) [Fri, 1 Jun 2018 21:46:06 +0000 (21:46 +0000)]
[automerger] Require quotes when searching for blkid keys. am:
ee5c7318d7 am:
98bb129cd3 am:
0c5a0d65c9 am:
7e51f8d0c4
Change-Id: I5f21e49be9c536e51dbaadde0bd53545dc8cbaae
Android Build Merger (Role) [Fri, 1 Jun 2018 21:46:05 +0000 (21:46 +0000)]
[automerger] Require quotes when searching for blkid keys. am:
ee5c7318d7 am:
98bb129cd3 am:
0c5a0d65c9
Change-Id: I585336447c06e09b499ad2656b731105f1ebc4c4
Android Build Merger (Role) [Fri, 1 Jun 2018 21:46:04 +0000 (21:46 +0000)]
[automerger] Require quotes when searching for blkid keys. am:
ee5c7318d7 am:
98bb129cd3
Change-Id: I91516dfd0a046aa2763df3c09ef6e8570d7f1b55
Android Build Merger (Role) [Fri, 1 Jun 2018 21:46:02 +0000 (21:46 +0000)]
[automerger] Require quotes when searching for blkid keys. am:
ee5c7318d7
Change-Id: If8422cf170db4e05dbe4cf6c1ed4ebf8126b0c71
Jeff Sharkey [Fri, 1 Jun 2018 17:31:39 +0000 (11:31 -0600)]
Require quotes when searching for blkid keys.
In combination with a blkid change, this prevents the parsing logic
from getting confused by key names appearing inside values. (The
blkid change suppresses any quotes that appear inside values.)
Bug:
80436257
Test: manual
Change-Id: I9480ef6eb78254b812c671950875d0b8918a27c6
Keun-young Park [Thu, 3 Aug 2017 00:45:48 +0000 (17:45 -0700)]
do not sleep if it is shutting down
- Various sleep(5) for vold shutdown can increase shutdown time a lot.
- If it is shutting down, do not sleep at all. init will take care of
active partitions if not unmounted.
bug:
64143519
Test: reboot and check logs from vold, check if "ShutdownThread: Shutdown wait timed out" happens.
Change-Id: I7cb91427ad2205fe23a054d255caf7ffdfd9f6c3
Keun-young Park [Wed, 5 Jul 2017 18:58:32 +0000 (11:58 -0700)]
add vold to "shutdown critical"
bug:
37626581
Test: reboot and check last kmsg
(cherry picked from commit
41156c5035efb4aa5212963ac028b7889feda3f8)
Change-Id: I363dbbe58d2cb46b521ebdcea85c507679f27206
Elliott Hughes [Fri, 19 May 2017 19:01:20 +0000 (19:01 +0000)]
Merge "vold should #include <sys/sysmacros.h>" am:
398c0e8274 am:
208b464f72 am:
fb3e85cf99
am:
048422d46e
Change-Id: I33406265fcf0c77a6289cb429aa6a2cc5e8f7146
Elliott Hughes [Fri, 19 May 2017 18:38:38 +0000 (18:38 +0000)]
Merge "vold should #include <sys/sysmacros.h>" am:
398c0e8274 am:
208b464f72
am:
fb3e85cf99
Change-Id: I32ed2a66bb60ba1042737b4bbb0a2195a3fe8e6f
Elliott Hughes [Fri, 19 May 2017 18:36:39 +0000 (18:36 +0000)]
Merge "vold should #include <sys/sysmacros.h>" am:
398c0e8274
am:
208b464f72
Change-Id: I8d4a8069958bc4af67766fde101c322b2f189049
Elliott Hughes [Fri, 19 May 2017 18:34:45 +0000 (18:34 +0000)]
Merge "vold should #include <sys/sysmacros.h>"
am:
398c0e8274
Change-Id: Id72168cac260fedc3123e28402f737ee8be3f625
Treehugger Robot [Fri, 19 May 2017 18:30:44 +0000 (18:30 +0000)]
Merge "vold should #include <sys/sysmacros.h>"
Elliott Hughes [Thu, 18 May 2017 16:08:24 +0000 (09:08 -0700)]
vold should #include <sys/sysmacros.h>
Bug: https://github.com/android-ndk/ndk/issues/398
Test: builds
Change-Id: I7a1ca1701099886fb493cc5288d6ee867d5f520a
Rubin Xu [Tue, 16 May 2017 16:48:23 +0000 (16:48 +0000)]
Add secdiscard command for secure deletion of files am:
f8d604caf3
am:
f572398ae6 -s ours
Change-Id: Ic9960602cac03407caa8f63e4f0c9913640db5d2
Rubin Xu [Tue, 16 May 2017 16:35:19 +0000 (16:35 +0000)]
Add secdiscard command for secure deletion of files
am:
f8d604caf3
Change-Id: Ib9d71507b880ee8dc66880536c800212f523332d
Rubin Xu [Thu, 27 Apr 2017 19:43:10 +0000 (20:43 +0100)]
Add secdiscard command for secure deletion of files
This is used by LockSettingsService to delete sensitive credential files.
Bug:
34600579
Test: manual - change device lock under synthetic password, verify
old data on disk is erased.
Change-Id: I5e11b559ad8818bd2ad2b321d67d21477aab7555
Merged-In: I5e11b559ad8818bd2ad2b321d67d21477aab7555
Rubin Xu [Thu, 27 Apr 2017 19:43:10 +0000 (20:43 +0100)]
Add secdiscard command for secure deletion of files
This is used by LockSettingsService to delete sensitive credential files.
Bug:
34600579
Test: manual - change device lock under synthetic password, verify
old data on disk is erased.
Change-Id: I5e11b559ad8818bd2ad2b321d67d21477aab7555
Elliott Hughes [Sat, 13 May 2017 00:48:26 +0000 (00:48 +0000)]
Merge "Switch to libkeyutils." am:
612eea6b4f am:
7a7df78819 am:
f727d05b83
am:
4e19ff7ab1
Change-Id: Iff35b18579b3f7e932d36ed2164fd49b7791f779
Elliott Hughes [Sat, 13 May 2017 00:44:18 +0000 (00:44 +0000)]
Merge "Switch to libkeyutils." am:
612eea6b4f am:
7a7df78819
am:
f727d05b83
Change-Id: I1b3e4e932e54b33dd582a849135822ace61c11d7
Elliott Hughes [Sat, 13 May 2017 00:34:10 +0000 (00:34 +0000)]
Merge "Switch to libkeyutils." am:
612eea6b4f
am:
7a7df78819
Change-Id: I05f95589668e93b36d5d5eed2c4ac21aff6f7e41
Elliott Hughes [Sat, 13 May 2017 00:32:13 +0000 (00:32 +0000)]
Merge "Switch to libkeyutils."
am:
612eea6b4f
Change-Id: Icb86bc1c341ec9366f382985522b6ec70e11b8ea
Elliott Hughes [Sat, 13 May 2017 00:28:25 +0000 (00:28 +0000)]
Merge "Switch to libkeyutils."
Elliott Hughes [Thu, 11 May 2017 17:38:14 +0000 (17:38 +0000)]
Merge "Switch to libkeyutils."
TreeHugger Robot [Thu, 11 May 2017 01:46:52 +0000 (01:46 +0000)]
Merge "Add CryptfsScryptHidlizationEquivalenceTest"
Elliott Hughes [Wed, 10 May 2017 00:01:04 +0000 (17:01 -0700)]
Switch to libkeyutils.
Bug: http://b/
37991155
Test: builds+boots
Change-Id: I33a3ba0d59ffd504093dc94517815c1196e95e2b
Elliott Hughes [Wed, 10 May 2017 00:01:04 +0000 (17:01 -0700)]
Switch to libkeyutils.
Bug: http://b/
37991155
Test: builds+boots
Change-Id: I33a3ba0d59ffd504093dc94517815c1196e95e2b
Tom Cherry [Thu, 4 May 2017 00:01:13 +0000 (00:01 +0000)]
Merge "BuildDataUserCePath always use dir instead of symbolic link" am:
fed8ab1d76 am:
7dc93304c8 am:
10211d2207
am:
3559234cd3
Change-Id: Ifc6196804b57bdf9d38a37d594281ef53623f0d3
Tom Cherry [Wed, 3 May 2017 23:54:25 +0000 (23:54 +0000)]
Merge "BuildDataUserCePath always use dir instead of symbolic link" am:
fed8ab1d76 am:
7dc93304c8
am:
10211d2207
Change-Id: I8ab5875455abaaa84cc777a96be23cbad314d3f7
Tom Cherry [Wed, 3 May 2017 23:51:53 +0000 (23:51 +0000)]
Merge "BuildDataUserCePath always use dir instead of symbolic link" am:
fed8ab1d76
am:
7dc93304c8
Change-Id: I025e83bc54bcda6e1a947301479bdd79d5a17e7b
Tom Cherry [Wed, 3 May 2017 23:46:52 +0000 (23:46 +0000)]
Merge "BuildDataUserCePath always use dir instead of symbolic link"
am:
fed8ab1d76
Change-Id: I98b7b11905f94c6576c268cfe950ed092b5e74d8
Tom Cherry [Wed, 3 May 2017 23:42:58 +0000 (23:42 +0000)]
Merge "BuildDataUserCePath always use dir instead of symbolic link"
Steven Moreland [Tue, 2 May 2017 19:26:43 +0000 (19:26 +0000)]
Keymaster: IWYU
am:
8264033678
Change-Id: Ia58e5508a19c4ba516a840e5f5287bfa1cb31bd1
Steven Moreland [Mon, 1 May 2017 19:45:32 +0000 (12:45 -0700)]
Keymaster: IWYU
Was depending on this transitively from MQDescriptor.h
Test: links
Bug:
37791060
Change-Id: I9b52bbe9ac6c3a54fdb6e352e90eba50914633d4
(cherry picked from commit
25e8b4b4f67f62a98c440f8323eaeb956d99f0cd)
Steven Moreland [Mon, 1 May 2017 19:45:32 +0000 (12:45 -0700)]
Keymaster: IWYU
Was depending on this transitively from MQDescriptor.h
Test: links
Bug:
37791060
Change-Id: I9b52bbe9ac6c3a54fdb6e352e90eba50914633d4
Daniel Rosenberg [Sun, 30 Apr 2017 12:00:35 +0000 (12:00 +0000)]
Merge "Revert "Revert "Stop dropping caches now we have kernel fix""" into oc-dev am:
c40996e719
am:
0066d41edd -s ours
Change-Id: Ic762430d6e04de38d0cc08846774d2e7604eaf41
Daniel Rosenberg [Sun, 30 Apr 2017 11:58:06 +0000 (11:58 +0000)]
Merge "Revert "Revert "Stop dropping caches now we have kernel fix""" into oc-dev
am:
c40996e719
Change-Id: If30418cbb9af2e9d81b944474483c8040845c12d
TreeHugger Robot [Sun, 30 Apr 2017 11:53:22 +0000 (11:53 +0000)]
Merge "Revert "Revert "Stop dropping caches now we have kernel fix""" into oc-dev
TreeHugger Robot [Sat, 29 Apr 2017 22:57:53 +0000 (22:57 +0000)]
Merge "Revert "Revert "Stop dropping caches now we have kernel fix"""
Guang Zhu [Sat, 29 Apr 2017 00:01:34 +0000 (00:01 +0000)]
Merge "Revert "Enable metadata encryption""
Guang Zhu [Fri, 28 Apr 2017 23:56:45 +0000 (23:56 +0000)]
Revert "Enable metadata encryption"
Bug:
37792477
This reverts commit
3963b2364561a7d732995d5b8fec42097f548caa.
Change-Id: I3b6bf5a9a4c3899aabe2c824d8498a06981daed8
Daniel Rosenberg [Fri, 28 Apr 2017 01:11:35 +0000 (01:11 +0000)]
Revert "Revert "Stop dropping caches now we have kernel fix""
This reverts commit
8ad0bef7b5b1b6e1ba3afe441d2dcc9a06e782a7.
Bug:
37231161
Test: Boot device with FBE enabled. ls /storage/emulated/0/Android
Unlock device. ls /storage/emulated/0/Android
1st will not be found. Second should be found.
Change-Id: I92c7ad0adaa7bd357e10661a47cc667ac0ff84b4
Merged-In: I92c7ad0adaa7bd357e10661a47cc667ac0ff84b4
Daniel Rosenberg [Fri, 28 Apr 2017 01:11:35 +0000 (01:11 +0000)]
Revert "Revert "Stop dropping caches now we have kernel fix""
This reverts commit
8ad0bef7b5b1b6e1ba3afe441d2dcc9a06e782a7.
Bug:
37231161
Test: Boot device with FBE enabled. ls /storage/emulated/0/Android
Unlock device. ls /storage/emulated/0/Android
1st will not be found. Second should be found.
Change-Id: I92c7ad0adaa7bd357e10661a47cc667ac0ff84b4
Nick Desaulniers [Fri, 28 Apr 2017 21:29:28 +0000 (21:29 +0000)]
Merge "Enable metadata encryption"
Paul Lawrence [Tue, 25 Apr 2017 16:26:56 +0000 (09:26 -0700)]
Enable metadata encryption
Bug:
26778031
Test: Boots, reboots, sector 0 of userdata encrypted
Make sure an FDE device, both default and password protected,
boots.
Make sure an FBE device without metadata encryption boots.
Change-Id: Ic44a32ce7e9b978e9c9e2dc112b26206741c838d
Yong Yao [Wed, 26 Apr 2017 21:36:03 +0000 (21:36 +0000)]
Fix keyname generation issue am:
392c4dbdc1
am:
b8bb4463e0 -s ours
Change-Id: I20283d6cc9576af54b0bfc9e2adaf0e1bfabcee7
Yong Yao [Wed, 26 Apr 2017 21:05:18 +0000 (21:05 +0000)]
Fix keyname generation issue
am:
392c4dbdc1
Change-Id: Iea048673c82dea1d5d9a13a10e1f70376955ca4b
Paul Crowley [Thu, 2 Jun 2016 18:04:27 +0000 (11:04 -0700)]
Add support for metadata encryption
Support encrypting metadata in /userdata using the dm-default-key
driver with a key in the /metadata partition.
Bug:
29189559
Test: Angler & Marlin build and boot
Change-Id: I716b117508d4bb4f6a4039293acb848cbc60f67b
Yong Yao [Wed, 5 Apr 2017 09:52:48 +0000 (05:52 -0400)]
Fix keyname generation issue
The keyname binded to keyring return a wrong string when there are binary char larger than 127,
the sign extension will introduce unexpect FFFFFF string to the keyname.
Bug:
36975893
Test: local build
Change-Id: Iba2f6ef95aeacd08c8d6c72b71e7b92e956ec3fc
Signed-off-by: Ai, Ting A <ting.a.ai@intel.com>
Paul Crowley [Thu, 2 Jun 2016 18:01:19 +0000 (11:01 -0700)]
Refactor to lay the groundwork for metadata encryption
Bug:
26778031
Test: Angler, Marlin build and boot
Change-Id: Ic136dfe6195a650f7db76d3489f36da6a1929dc5
Daniel Rosenberg [Thu, 20 Apr 2017 22:42:17 +0000 (22:42 +0000)]
Revert "Stop dropping caches now we have kernel fix" am:
8ad0bef7b5
am:
e531126b40
Change-Id: I797d2c4615a94aca88640da11342f4053b15bb11
Daniel Rosenberg [Thu, 20 Apr 2017 22:39:16 +0000 (22:39 +0000)]
Revert "Stop dropping caches now we have kernel fix"
am:
8ad0bef7b5
Change-Id: I318b956c38175abada5a2423b8d920b299883030
Daniel Rosenberg [Thu, 20 Apr 2017 19:29:37 +0000 (12:29 -0700)]
Revert "Stop dropping caches now we have kernel fix"
This reverts commit
6abe6831b59a56145cdd28445cd46fa3c79ecb92.
Bringing this back temporarily for the same issue on sdcardfs.
Will remove once the kernel issue is resolved.
Change-Id: Ia29ea4fddb7777012a2eea9259f9ac856773fe01
Bug:
37231161
Test: Boot device with FBE enabled. ls /storage/emulated/0/Android
Unlock device. ls /storage/emulated/0/Android
1st will not be found. Second should be found.
cjbao [Tue, 11 Apr 2017 16:09:00 +0000 (00:09 +0800)]
BuildDataUserCePath always use dir instead of symbolic link
Select whichever is real dir instead of symbolic link from either /data/data
or /data/user/0. This is to minimize path walking overhead in kernel.
This works together with Change 369787
Test: Manual test
Change-Id: I338518673fc22ccbfed6ddd6be196931fce18525
Signed-off-by: cjbao <cathy.bao@intel.com>
Eric Biggers [Wed, 5 Apr 2017 00:33:50 +0000 (00:33 +0000)]
vold: unlink ext4 encryption keys rather than revoking them am:
fa4039b162
am:
9f71aa0ebc
Change-Id: Ie6688e99e6cf4bbc8f524ea4fdfbc389002cbde5
Eric Biggers [Wed, 5 Apr 2017 00:31:49 +0000 (00:31 +0000)]
vold: unlink ext4 encryption keys rather than revoking them
am:
fa4039b162
Change-Id: I118ef8b85620f721370e5d26be2d3ef3c2679a8d
Seigo Nonaka [Wed, 5 Apr 2017 00:02:05 +0000 (00:02 +0000)]
Merge "Prepare necessary data directory before loading persistent properties." am:
399bd0866c am:
e1f216cc4d am:
cbe1f6b1e4
am:
faec65d7c3
Change-Id: Ie8e0bcc05bdf83351b3bfb73309c1b00eb511e30
Seigo Nonaka [Wed, 5 Apr 2017 00:00:05 +0000 (00:00 +0000)]
Merge "Prepare necessary data directory before loading persistent properties." am:
399bd0866c am:
e1f216cc4d
am:
cbe1f6b1e4
Change-Id: I864e4151a0b7e1551892d9199883e8783941f7a8
Seigo Nonaka [Tue, 4 Apr 2017 23:52:12 +0000 (23:52 +0000)]
Merge "Prepare necessary data directory before loading persistent properties." am:
399bd0866c
am:
e1f216cc4d
Change-Id: I69153c12ca16fcb8381972c70ac7e3e25c050d42
Seigo Nonaka [Tue, 4 Apr 2017 23:46:15 +0000 (23:46 +0000)]
Merge "Prepare necessary data directory before loading persistent properties."
am:
399bd0866c
Change-Id: I4a675722c79bc74bcfc106365a1f056c9b338cc4
Treehugger Robot [Tue, 4 Apr 2017 23:34:23 +0000 (23:34 +0000)]
Merge "Prepare necessary data directory before loading persistent properties."
Eric Biggers [Mon, 3 Apr 2017 22:48:09 +0000 (15:48 -0700)]
vold: unlink ext4 encryption keys rather than revoking them
Unlinking keys rather than revoking them avoids bugs in certain kernel
versions without having to hack around the problem with an arbitrary 20
second delay, which is not guaranteed to be sufficient and has caused
full device hangs like in b/
35988361.
Furthermore, in the context of filesystem encryption, unlinking is not
currently supposed to be any less secure than revoking. There was a
case where revoking (but not unlinking) keys will cause the filesystem
to deny access to files that were previously opened with that key.
However, this was a means of _access control_, which encryption is not
intended to be used for. Instead, file permissions and/or SELinux
should be used to enforce access control, while filesystem encryption
should be used to protect data at rest independently from access
control. This misfeature has also been removed upstream (and backported
to 4.4-stable and 4.9-stable) because it caused CVE-2017-7374.
Eventually we'd really like to make the kernel support proper revocation
of filesystem encryption keys, i.e. fully clearing all key material and
plaintext and safely waiting for any affected filesystem operations or
writeback to complete. But for now this functionality does not exist.
('sync && echo 3 > /proc/sys/vm/drop_caches' can be useful, but it's not
good enough.)
Bug:
35988361
Change-Id: Ib44effe5368cdce380ae129dc4e6c6fde6cb2719
(cherry picked from commit
fd7ba5e4c61691d8a45bc729b7659940a984bab0)
Eric Biggers [Tue, 4 Apr 2017 22:16:50 +0000 (22:16 +0000)]
Merge "vold: unlink ext4 encryption keys rather than revoking them"
Seigo Nonaka [Mon, 20 Jun 2016 08:05:40 +0000 (17:05 +0900)]
Prepare necessary data directory before loading persistent properties.
init reads files in /data/property/ but it is not ready to read when
trigger_load_persist_props is triggered by vold.decrypt.
Bug:
29332975
Change-Id: I14beac8714ff2f722d8b11f666bc7ca693ccd46e
(cherry picked from commit
e2ef0c0da454a5b9224d340260e9ad5be46092fe)
Jeff Sharkey [Tue, 4 Apr 2017 02:05:21 +0000 (02:05 +0000)]
Merge "Abort migration early when not enough space." into oc-dev am:
e6c142174c
am:
a4c0a3b2ca
Change-Id: Ie50f0ae2dbf7eb1b868606b75d1ade808d34590b
Jeff Sharkey [Tue, 4 Apr 2017 01:58:25 +0000 (01:58 +0000)]
Merge "Abort migration early when not enough space." into oc-dev
am:
e6c142174c
Change-Id: I193b962b1288be22fb343c802ac3d2b464748f17
TreeHugger Robot [Tue, 4 Apr 2017 01:45:42 +0000 (01:45 +0000)]
Merge "Abort migration early when not enough space." into oc-dev
Jeff Sharkey [Mon, 3 Apr 2017 23:11:45 +0000 (17:11 -0600)]
Abort migration early when not enough space.
Otherwise we potentially waste minutes of the users time copying
data that will never fit.
Also fix bug around storage calculation. It's confusing, but f_bsize
is not the value you're looking for; the real block size is f_frsize.
Test: builds, boots
Bug:
27590986,
36840579
Change-Id: I77c63e259356824cc75a3adcf3f4af567efdc7aa
Eric Biggers [Mon, 3 Apr 2017 22:48:09 +0000 (15:48 -0700)]
vold: unlink ext4 encryption keys rather than revoking them
Unlinking keys rather than revoking them avoids bugs in certain kernel
versions without having to hack around the problem with an arbitrary 20
second delay, which is not guaranteed to be sufficient and has caused
full device hangs like in b/
35988361.
Furthermore, in the context of filesystem encryption, unlinking is not
currently supposed to be any less secure than revoking. There was a
case where revoking (but not unlinking) keys will cause the filesystem
to deny access to files that were previously opened with that key.
However, this was a means of _access control_, which encryption is not
intended to be used for. Instead, file permissions and/or SELinux
should be used to enforce access control, while filesystem encryption
should be used to protect data at rest independently from access
control. This misfeature has also been removed upstream (and backported
to 4.4-stable and 4.9-stable) because it caused CVE-2017-7374.
Eventually we'd really like to make the kernel support proper revocation
of filesystem encryption keys, i.e. fully clearing all key material and
plaintext and safely waiting for any affected filesystem operations or
writeback to complete. But for now this functionality does not exist.
('sync && echo 3 > /proc/sys/vm/drop_caches' can be useful, but it's not
good enough.)
Change-Id: Ib44effe5368cdce380ae129dc4e6c6fde6cb2719
Tom Cherry [Mon, 3 Apr 2017 22:12:49 +0000 (22:12 +0000)]
vdc: use libbase logging and log directly to kmsg on boot am:
c61581e7d2
am:
bd7e8c55af
Change-Id: If48f19f21c29bac7de7a639e812a5729d9e3de5e
Tom Cherry [Mon, 3 Apr 2017 22:06:06 +0000 (22:06 +0000)]
vdc: use libbase logging and log directly to kmsg on boot
am:
c61581e7d2
Change-Id: I1a77a6f8f3c3325abf4d74d0feef1a6187c3f6b6
Tom Cherry [Wed, 29 Mar 2017 23:50:28 +0000 (16:50 -0700)]
vdc: use libbase logging and log directly to kmsg on boot
Init is no longer calling vdc with logwrapper, so it must take care of
logging to kmsg directly.
Bug:
36278706
Test: observe logging in kmsg on boot and stderr on normal usage
(cherry picked from commit
f71511ac4199f273744b8e0adf266c6e911918aa)
Change-Id: Ieb643918f11bdde4f99ec7f3ec083efbb326e809
Tom Cherry [Fri, 31 Mar 2017 16:55:22 +0000 (16:55 +0000)]
Merge "vdc: use libbase logging and log directly to kmsg on boot" am:
4f6c1ee19f am:
e3a8a60024 am:
83f1551ecb
am:
ce4af048ce
Change-Id: I641bd2510023bd256276250766f8642bdfe4f7db
Tom Cherry [Fri, 31 Mar 2017 16:47:44 +0000 (16:47 +0000)]
Merge "vdc: use libbase logging and log directly to kmsg on boot" am:
4f6c1ee19f am:
e3a8a60024
am:
83f1551ecb
Change-Id: Ib6c575bbfd010e71cac509bee343a7be563e730a
Tom Cherry [Fri, 31 Mar 2017 16:45:11 +0000 (16:45 +0000)]
Merge "vdc: use libbase logging and log directly to kmsg on boot" am:
4f6c1ee19f
am:
e3a8a60024
Change-Id: Ifae6798ca5d352c05cd78dce59087bf3a29eede8
Tom Cherry [Fri, 31 Mar 2017 16:43:12 +0000 (16:43 +0000)]
Merge "vdc: use libbase logging and log directly to kmsg on boot"
am:
4f6c1ee19f
Change-Id: Ib5c11abb027f5c91f448e0322a11ed93c4ce29e2
Tom Cherry [Fri, 31 Mar 2017 16:41:00 +0000 (16:41 +0000)]
Merge "vdc: use libbase logging and log directly to kmsg on boot"
Tom Cherry [Wed, 29 Mar 2017 23:50:28 +0000 (16:50 -0700)]
vdc: use libbase logging and log directly to kmsg on boot
Init is no longer calling vdc with logwrapper, so it must take care of
logging to kmsg directly.
Test: observe logging in kmsg on boot and stderr on normal usage
Change-Id: Ie3e59da433bd154f121ce103dea0c59eb0bab069
Jeff Sharkey [Mon, 27 Mar 2017 22:18:50 +0000 (16:18 -0600)]
Enable clang-tidy for security sensitive domain.
Start with clang-analyzer-security* and cert-*, but disable two
specific errors:
-- cert-err34-c, which checks for atoi(); heavily triggered by
CommandListener, but will disappear when we move to Binder.
-- cert-err58-cpp, which checks for exceptions before main(); it's
a "Low" severity issue, and filed
36656327 to track cleanup.
Fix all other triggered errors along the way.
Test: builds, boots
Bug:
36655947
Change-Id: I1391693fb521ed39700e25ab6b16bc741293bb79
Jeff Sharkey [Mon, 27 Mar 2017 16:49:21 +0000 (10:49 -0600)]
Spread around some O_CLOEXEC love.
Also remove some unnecessary SELinux logic when creating image files
for loop devices.
Test: builds, boots, common operations work
Bug:
34903607
Change-Id: I68dfa022ecc39f56c175e786694e0de35b954ca0
Jeff Sharkey [Mon, 27 Mar 2017 15:22:47 +0000 (15:22 +0000)]
Merge "Add a new "virtual disk" feature."
Jeff Sharkey [Sun, 26 Mar 2017 04:49:13 +0000 (22:49 -0600)]
Add a new "virtual disk" feature.
It's extremely difficult to test storage related logic on devices
that don't have physical SD card slots. So to support better
debugging and testing, add a new "virtual disk" feature which mounts
a 512MB file through loop device.
It relies on the kernel having the "loop.max_part" value set to
something other than 0 via the boot command line, since that allows
all the existing partition logic to fall into place.
Bug:
34903607
Test: builds, boots, virtual disk works
Change-Id: I04c5b33e37319d867542985a56b7999a9b7cf35d
Shawn Willden [Wed, 1 Mar 2017 13:44:15 +0000 (06:44 -0700)]
Add digest support and implementation name to getHardwareFeatures.
Test: Manual
Change-Id: I910dea4fab671436fe5eb2ab35a6ffaa86179b35
Keun-young Park [Wed, 15 Mar 2017 02:56:40 +0000 (02:56 +0000)]
Merge "make shutdown safe for double calls." am:
71fa1068de am:
2f93c657f4
am:
2a8605b9d1
Change-Id: Id1cd83d307e7791359bc6dfd96368f1138ff21d2
Keun-young Park [Wed, 15 Mar 2017 02:52:10 +0000 (02:52 +0000)]
Merge "make shutdown safe for double calls." am:
71fa1068de
am:
2f93c657f4
Change-Id: I78962b7272ef0c39a133db042f36684fc1324018
Keun-young Park [Wed, 15 Mar 2017 02:47:09 +0000 (02:47 +0000)]
Merge "make shutdown safe for double calls."
am:
71fa1068de
Change-Id: I161c96dc5a44890fffe8fcdf9e0f8fc874df29c0
Treehugger Robot [Wed, 15 Mar 2017 02:39:50 +0000 (02:39 +0000)]
Merge "make shutdown safe for double calls."
Keun-young Park [Tue, 14 Mar 2017 01:02:50 +0000 (18:02 -0700)]
make shutdown safe for double calls.
- In new shutdown sequence, volume shutdown is requested in two places:
system_server and init.
- Make VolumeManager.shutdown safe for double calls.
It crashed before this change.
bug:
36004738
Test: reboot and check last_kmsg for crash / vdc timeout
Change-Id: I296913959b2647b65d66553073f2032545beba57
Bowgo Tsai [Fri, 10 Mar 2017 03:17:52 +0000 (03:17 +0000)]
Merge "vold: replacing fs_mgr_read_fstab() with fs_mgr_read_fstab_default()" am:
92f21f5294 am:
f53cc1b04a
am:
b169603d95
Change-Id: Ic3ac2ccb853b43d9051d3703f19590cf97b3e689
Bowgo Tsai [Fri, 10 Mar 2017 02:15:05 +0000 (02:15 +0000)]
Merge "vold: replacing fs_mgr_read_fstab() with fs_mgr_read_fstab_default()" am:
92f21f5294
am:
f53cc1b04a
Change-Id: I05095049ec6f478c3b9b31bccd6c828cf52b7d7c
Bowgo Tsai [Fri, 10 Mar 2017 02:12:40 +0000 (02:12 +0000)]
Merge "vold: replacing fs_mgr_read_fstab() with fs_mgr_read_fstab_default()"
am:
92f21f5294
Change-Id: I830cc6be023737b9befc112fdf9b010996314ec9
Treehugger Robot [Fri, 10 Mar 2017 02:07:34 +0000 (02:07 +0000)]
Merge "vold: replacing fs_mgr_read_fstab() with fs_mgr_read_fstab_default()"
Bowgo Tsai [Thu, 9 Mar 2017 15:11:33 +0000 (23:11 +0800)]
vold: replacing fs_mgr_read_fstab() with fs_mgr_read_fstab_default()
The original default /fstab.{ro.hardware} might be moved to /vendor/etc/.
or /odm/etc/. Use the new API to get the default fstab instead of using
the hard-coded /fstab.{ro.hardware}.
Bug:
35811655
Test: boot marlin with /vendor/etc/fstab.marlin
Change-Id: I92d6aefe6ff3433b7d1a671358d990bb7b1f2150
Janis Danisevskis [Wed, 8 Mar 2017 19:02:30 +0000 (11:02 -0800)]
Fix missing error handling in keymaster comatibility check
The compatibility check assumes that the keymaster session was created
successfully which is a faulty assumption.
This patch adds propper error handling to the check.
Bug:
35576166
Change-Id: I0c70a0e53f488f8bd3164898722f490cd0573ce3
Wei Wang [Tue, 7 Mar 2017 20:30:10 +0000 (20:30 +0000)]
Merge "vold: add coldboot back and make sure it won't block booting" am:
b3715cf3af am:
5457b47f9e
am:
660006e7a4
Change-Id: I21e4ba746c99bd8c372d802f11f0bb3f36376553