From 3aa4dc7f64b5948c29121240a2b7b5eda2806231 Mon Sep 17 00:00:00 2001 From: Will Shiu Date: Wed, 29 Jul 2020 17:03:17 +0800 Subject: [PATCH 1/3] EncryptInPlace: ensure that backup superblocks get encrypted Block groups with EXT4_BG_BLOCK_UNINIT still have backup superblocks (and backup block group descriptors). Fix EncryptInPlace to encrypt these backup superblocks rather than leave them unencrypted. Previously leaving the backup superblocks unencrypted didn't cause any problems, but due to system/core commit 72abd7b246f7 ("Try to recover corrupted ext4 /data with backup superblock") it is causing problems. Bug: 162479411 Bug: 161871210 Merged-In: Ic090bf4e88193b289b04c5254ddf661ef40b037e Change-Id: Ic090bf4e88193b289b04c5254ddf661ef40b037e --- EncryptInplace.cpp | 13 ++++++++++--- 1 file changed, 10 insertions(+), 3 deletions(-) diff --git a/EncryptInplace.cpp b/EncryptInplace.cpp index 9d304da..b1bd11d 100644 --- a/EncryptInplace.cpp +++ b/EncryptInplace.cpp @@ -205,9 +205,16 @@ static int encrypt_groups(struct encryptGroupsData* data) { data->count = 0; for (block = 0; block < block_count; block++) { - int used = (aux_info.bg_desc[i].bg_flags & EXT4_BG_BLOCK_UNINIT) - ? 0 - : bitmap_get_bit(block_bitmap, block); + int used; + + if (aux_info.bg_desc[i].bg_flags & EXT4_BG_BLOCK_UNINIT) { + // In block groups with an uninitialized block bitmap, we only + // need to encrypt the backup superblock (if one is present). + used = (ext4_bg_has_super_block(i) && block < 1 + aux_info.bg_desc_blocks); + } else { + used = bitmap_get_bit(block_bitmap, block); + } + update_progress(data, used); if (used) { if (data->count == 0) { From 44b2f954be74b4565b76a89bd9342157cb976f53 Mon Sep 17 00:00:00 2001 From: Jeongik Cha Date: Fri, 14 Aug 2020 23:51:36 +0900 Subject: [PATCH 2/3] Add '-unstable' to solve ODR violation The interface which is imported by an unstable interface is 'unstable' as well. Until now, the ODR violation checker in aidl has omitted an interface imported, but it will be checked, accordingly, fix the current problem Bug: 146436251 Test: m nothing Change-Id: Id3c4bbc9149ba7c3e0a0d728026f02f60cb17424 --- Android.bp | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Android.bp b/Android.bp index 593dd27..4852fe4 100644 --- a/Android.bp +++ b/Android.bp @@ -89,7 +89,7 @@ cc_library_static { export_aidl_headers: true, }, whole_static_libs: [ - "libincremental_aidl-cpp", + "libincremental_aidl-unstable-cpp", ], } From 083221f5cfeff39ddd1fcf8fec251bf833721248 Mon Sep 17 00:00:00 2001 From: Daniel Rosenberg Date: Wed, 12 Aug 2020 18:31:43 -0700 Subject: [PATCH 3/3] Set media folder +F for adopted storage as well We previously only set +F for /data/media, but adopted storage needs this as well. Instead we add support for adding attrs to PrepareDir. Bug: 163453310 Test: sm set-virtual-disk true follow UI setup and confirm +F on /mnt/expand/*/media Change-Id: I08f13b57a4de3538e88b38eb95b0ac115a5a5ce8 Merged-In: I08f13b57a4de3538e88b38eb95b0ac115a5a5ce8 --- Utils.cpp | 30 +++++++++++++++++++++++++++++- Utils.h | 3 ++- model/PrivateVolume.cpp | 5 ++++- 3 files changed, 35 insertions(+), 3 deletions(-) diff --git a/Utils.cpp b/Utils.cpp index a9b7440..17921e8 100644 --- a/Utils.cpp +++ b/Utils.cpp @@ -416,7 +416,32 @@ int PrepareAppDirFromRoot(const std::string& path, const std::string& root, int return OK; } -status_t PrepareDir(const std::string& path, mode_t mode, uid_t uid, gid_t gid) { +int SetAttrs(const std::string& path, unsigned int attrs) { + unsigned long flags; + android::base::unique_fd fd( + TEMP_FAILURE_RETRY(open(path.c_str(), O_RDONLY | O_NONBLOCK | O_CLOEXEC))); + + if (fd == -1) { + PLOG(ERROR) << "Failed to open " << path; + return -1; + } + + if (ioctl(fd, FS_IOC_GETFLAGS, (void*)&flags)) { + PLOG(ERROR) << "Failed to get flags for " << path; + return -1; + } + + if ((flags & attrs) == attrs) return 0; + flags |= attrs; + if (ioctl(fd, FS_IOC_SETFLAGS, (void*)&flags)) { + PLOG(ERROR) << "Failed to set flags for " << path << "(0x" << std::hex << attrs << ")"; + return -1; + } + return 0; +} + +status_t PrepareDir(const std::string& path, mode_t mode, uid_t uid, gid_t gid, + unsigned int attrs) { std::lock_guard lock(kSecurityLock); const char* cpath = path.c_str(); @@ -434,6 +459,9 @@ status_t PrepareDir(const std::string& path, mode_t mode, uid_t uid, gid_t gid) freecon(secontext); } + if (res) return -errno; + if (attrs) res = SetAttrs(path, attrs); + if (res == 0) { return OK; } else { diff --git a/Utils.h b/Utils.h index 04cbac4..5351450 100644 --- a/Utils.h +++ b/Utils.h @@ -67,7 +67,8 @@ int PrepareAppDirFromRoot(const std::string& path, const std::string& root, int bool fixupExisting); /* fs_prepare_dir wrapper that creates with SELinux context */ -status_t PrepareDir(const std::string& path, mode_t mode, uid_t uid, gid_t gid); +status_t PrepareDir(const std::string& path, mode_t mode, uid_t uid, gid_t gid, + unsigned int attrs = 0); /* Really unmounts the path, killing active processes along the way */ status_t ForceUnmount(const std::string& path); diff --git a/model/PrivateVolume.cpp b/model/PrivateVolume.cpp index 39a946c..1875b7b 100644 --- a/model/PrivateVolume.cpp +++ b/model/PrivateVolume.cpp @@ -166,11 +166,14 @@ status_t PrivateVolume::doMount() { RestoreconRecursive(mPath); + int attrs = 0; + if (!IsSdcardfsUsed()) attrs = FS_CASEFOLD_FL; + // Verify that common directories are ready to roll if (PrepareDir(mPath + "/app", 0771, AID_SYSTEM, AID_SYSTEM) || PrepareDir(mPath + "/user", 0711, AID_SYSTEM, AID_SYSTEM) || PrepareDir(mPath + "/user_de", 0711, AID_SYSTEM, AID_SYSTEM) || - PrepareDir(mPath + "/media", 0770, AID_MEDIA_RW, AID_MEDIA_RW) || + PrepareDir(mPath + "/media", 0770, AID_MEDIA_RW, AID_MEDIA_RW, attrs) || PrepareDir(mPath + "/media/0", 0770, AID_MEDIA_RW, AID_MEDIA_RW) || PrepareDir(mPath + "/local", 0751, AID_ROOT, AID_ROOT) || PrepareDir(mPath + "/local/tmp", 0771, AID_SHELL, AID_SHELL)) {