Security minded hardening, let's not depend on reboot and restorecon.
Test: manual, make sure all sepolicy context are as expected before reboot
Bug: 109821005
Change-Id: I9d3419ce57be072daa55f704f75df7775fbaf5fb
This is an optimization to limit us to an optimal set of overlay
mounts. If an entry is identical or more specific (eg: /vendor is
less specific than /vendor/firmware_file), then no need to craft an
override for it.
We do the check in the setup and mount_all paths.
Test: confirm on devices with more specific mounts they do not get override
Bug: 109821005
Change-Id: If34775455fc7989903f70bc4f075c948db91ce37
With verity disabled, fs_mgr_update_verity_state spews some confusing
error messages from device-mapper. This change checks whether a device
exists and logs an explicit error.
Bug: N/A
Test: AVB properties are set correctly on AVB device
Messages are logged correctly with AVB disabled
Change-Id: If490c18cfec2d63ad784972c13ceef63d9aa3e4c
Failed to convert fstab entries from "/" to "/system" when setting
up directory tree. Introduce an internal fs_mgr_mount_point to
simplify conversion.
Test: manual
Bug: 109821005
Change-Id: Iadc1e967b92702cf01b6522f8f13b2cf3685f2af
This change enables reading metadata images from memory, for situations
where using file descriptors is not practical (such as fastbootd flash).
Bug: 78793464
Test: liblp_test gtest
Change-Id: I9ad08b0ddd4cbb96e87583237a90785e0f4befa4
This is in preparation for "fastboot flash super", where we want to
verify the validity of a super image before writing it. To do so, we
need to parse the image from the download buffer, and it is useful to do
this from memory rather than a file descriptor.
Bug: 78793464
Test: liblp_test gtest
Change-Id: I7fb1ef4fdf2e8f1d93aea38f75626157fcb4bfc1
Callers of ParseMetadata must manually copy geometry to the final
LpMetadata structure, which is error-prone. Instead, force callers to
pass geometry to ParseMetadata to ensure it is always propagated.
Bug: N/A
Test: liblp_test gtest
Change-Id: I5b24b9d94ab1857db600c40bf6d3c9d8aaa47368
Logical partition metadata has "slots" for AB purposes, but when
flashing or updating the partition table via fastboot, there is no
reason not to synchronize all copies of the metadata. It makes the state
of the super partition much more clear. It also makes the super
partition less likely to break on a slot change from the user, for
example if a "_b" partition is created before changing to the "b" slot.
Bug: 78793464
Test: liblp_test gtest
Change-Id: I3c44f0362f21f87d0bfc3a5c3394e26dc3dd38be
Add fs_mgr_has_shared_blocks in fs_mgr. Use it as a default decision
to utilize overlayfs if not overridden by the platform.
Test: compile
Bug: 109821005
Change-Id: Ifab22a4c9898966515e268349c24bb4c28a39368
If free space on the systems partition is less than 1%, then we may
use overlayfs to override the filesystem.
Test: manual
Bug: 109821005
Change-Id: I03eb9c7882cfd18db418a51e4964404f73f5ceb7
The interface to fsmgr is subpar and while we haven't had time to
revisit it, we absolutely do not want to expose this to vendors in a
way that would force us to keep this interface in the future.
Test: n/a
Change-Id: I970048aa2e45d7f7eca357d052141e90d6e01123
Fix a few areas that mismanage error return values, and can result in
confusing messaging from the adb commands.
Test: manual
Bug: 109821005
Change-Id: Ib00069c9605df453ac8f600c7906649deebfd626
Replace more complicated logic that determines that persistent
properties are now valid with a simple check of
ro.persistent_properties.ready.
Test: manual
Bug: 109821005
Change-Id: I3e43df8283cb97abbf5c0333e64db4ad11703798
libfs_mgr doesn't have direct dependencies on libfec_rs / libkeyutils /
libsquashfs_utils. They were only needed when libfec and libext4_utils
were statically linked into libfs_mgr.
Bug: 112494634
Test: `m -j installclean && m -j bootimage` with aosp_taimen-userdebug.
Check the installed files in recovery image.
Test: `mmma -j system/core/fs_mgr`
Change-Id: I4b12c2df344fabba4942b6db943cf43a031b591d
In user builds, we fix fs_mgr_overlayfs_{setup,teardown} to
properly set the optional 'change' boolean, if it was provided.
Test: TreeHugger
Change-Id: I91fc99d801f8fd782b21f0ecaecddfc7744f0c3e
After fs_mgr_mount_all has added the resources, let
fs_mgr_overlayfs_mount_all to read-only mount overlayfs over the
possible system partitions.
Test: compile
Bug: 109821005
Bug: 110985612
Change-Id: I7101a04c57de1a26283b1523636d07fa8e19ffc7
Logistics for adb remount on developer builds for readonly system
partitions using overlayfs to deal with not being able to remount
with read-write.
Conditions are that filesystem is squashfs, read-only, debug build,
kernel supports overlayfs. The default is a valid /cache/overlay/
directory, with .../<mount_point>/upper and .../<mount_point>/work,
associated with each system partition <mount_point>.
Will take the sepolicy of context of lowerdir as rootcontext= option.
Add fs_mgr_overlayfs_mount_all() to recurse through
fs_mgr_read_fstab_default(), and checking against /proc/mounts to
add any acceptable overlayfs mounts. The checking with /proc/mounts
makes sure we do not overlayfs overtop an overlayfs.
Add fs_mgr_overlayfs_setup(const char*, const char* bool*) and
fs_mgr_overlayfs_teardown(const char*, bool*) to respectively setup
or teardown the overlayfs support directories. Return value
includes success and optional supplied change booleans.
Test: compile
Bug: 109821005
Bug: 110985612
Change-Id: Ie9b4e9ca0f2bdd9275ac2e2e905431636948e131
This reverts commit 49c27c5cb2.
Remove the Speck encryption support. It was eventually
decided not to allow Speck in Android P, so this code
is no longer needed and wasn't used outside of testing.
Bug: 112009351
Test: Confirmed AES continues to work with FBE.
Change-Id: Ia5458143be5687fff8d541d8fa2c8ee24a369da4
If a logical partition is resized to 0 bytes, it will have no extents.
This is not allowed by device-mapper, but is useful for effectively
compacting partitions with "fastboot flashall". If all logical
partitions are resized to 0, then resized to their intended size, then
we will allocate extents more efficiently.
However, if a partition is left with a zero size (either intentionally
or not), this should not throw the device into a reboot loop due to
CreateLogicalPartitions failing. Instead we skip partitions with no
extents.
Bug: 78793464
Test: with fastbootd:
fastboot create-partition example 4096
fastboot resize-partition example 0
device reboots successfully
Change-Id: I572efa949176c8c3c493ef00438d8badd4d7cf4f
By default, logical partitions with the readonly flag are created with a
readonly device. This change allows callers of CreateLogicalPartition
to create writable devices so they can still be flashed.
Bug: 78793464
Test: fastboot flash product_services works with fastbootd
Change-Id: Ia8d2761a3067e3b62815acbf0b6fb7f033072ba2
When adding extents to partitions, if the previous extent and new extent
are contiguous, merge them together to avoid allocating unnecessary
device-mapper targets.
Bug: 79173901
Test: liblp_test gtest
Change-Id: I80087df9aea8141c5e16f8d4cdb3dd7da02aee8c
This logs when partition tables update, when partitions resize, and when
partitions are unmapped from device mapper.
Bug: N/A
Test: N/A
Change-Id: I1125332c79fccc3ebc556b3b48856901e2503c47
DM_TABLE_LOAD will reject dm-linear entries if their size is not a
multiple of the backing device's logical block size. For example, a
partition of 10GiB+512 bytes will fail to map in device-mapper if the
logical block size is 4096 bytes. To address this, this patch adds a
few changes to liblp:
The block size given to lpmake is now recorded in LpGeometryMetadata.
The block size must be a multiple of the sector size. In addition,
partiton sizes are now aligned to the block size, and the super
partition must have enough free space to allocate at least one block (in
addition to storing metadata).
GrowPartition now has multiple checks that the block-size invariant is not
violated, to ensure that no invalid partition tables will be created.
Bug: 79173901
Test: liblp_test gtest
Change-Id: I484aac1f9b90ebd92dc1c89ce1e09cd89bbb441e
The partition resize algorithm duplicates a lot of logic because it
handles the final free interval separately from other free intervals.
This is unnecessary and makes it harder to change the actual algorithm.
This change makes GrowPartition() treat the final free space region the
same as free gaps in between partitions. It does this by converting the
extent list into a gap list, and then adds a final gap for the remainder
of the free space. The resize function no longer has to treat the end of
the disk separately.
This patch does not change the way partitions are allocated, it is
purely a refactoring.
Bug: 79173901
Test: liblp_test gtest
Change-Id: I4780f20b23fe021eac62de874b061857712c04fe
This change is to assist with implementing the fastbootd "resize-partition"
command. The GrowPartition and ShrinkPartition functions are now
private.
Bug: 78793464
Test: N/A
Change-Id: Ic66a3052359e2558663272ff6e014704206b197e
