Merge changes Icdff584e,I71fd98e6,If1e9e3ad,I05bc4dc9 am: 017e95fa6a
am: 078a507c43
Original change: https://android-review.googlesource.com/c/platform/system/vold/+/1887522 Change-Id: I6e2144b19a38d838595729b932d7bd3a9110b87e
This commit is contained in:
commit
54dd37692a
7 changed files with 0 additions and 137 deletions
|
@ -41,7 +41,6 @@ cc_defaults {
|
||||||
"libfec_rs",
|
"libfec_rs",
|
||||||
"libfs_avb",
|
"libfs_avb",
|
||||||
"libfs_mgr",
|
"libfs_mgr",
|
||||||
"libscrypt_static",
|
|
||||||
"libsquashfs_utils",
|
"libsquashfs_utils",
|
||||||
"libvold_binder",
|
"libvold_binder",
|
||||||
],
|
],
|
||||||
|
@ -130,7 +129,6 @@ cc_library_static {
|
||||||
"NetlinkHandler.cpp",
|
"NetlinkHandler.cpp",
|
||||||
"NetlinkManager.cpp",
|
"NetlinkManager.cpp",
|
||||||
"Process.cpp",
|
"Process.cpp",
|
||||||
"ScryptParameters.cpp",
|
|
||||||
"Utils.cpp",
|
"Utils.cpp",
|
||||||
"VoldNativeService.cpp",
|
"VoldNativeService.cpp",
|
||||||
"VoldNativeServiceValidation.cpp",
|
"VoldNativeServiceValidation.cpp",
|
||||||
|
@ -235,7 +233,6 @@ cc_binary {
|
||||||
static_libs: [
|
static_libs: [
|
||||||
"libvold_binder",
|
"libvold_binder",
|
||||||
],
|
],
|
||||||
init_rc: ["vdc.rc"],
|
|
||||||
}
|
}
|
||||||
|
|
||||||
cc_binary {
|
cc_binary {
|
||||||
|
|
|
@ -18,7 +18,6 @@
|
||||||
|
|
||||||
#include "Checkpoint.h"
|
#include "Checkpoint.h"
|
||||||
#include "Keystore.h"
|
#include "Keystore.h"
|
||||||
#include "ScryptParameters.h"
|
|
||||||
#include "Utils.h"
|
#include "Utils.h"
|
||||||
|
|
||||||
#include <algorithm>
|
#include <algorithm>
|
||||||
|
@ -45,11 +44,6 @@
|
||||||
|
|
||||||
#include <cutils/properties.h>
|
#include <cutils/properties.h>
|
||||||
|
|
||||||
extern "C" {
|
|
||||||
|
|
||||||
#include "crypto_scrypt.h"
|
|
||||||
}
|
|
||||||
|
|
||||||
namespace android {
|
namespace android {
|
||||||
namespace vold {
|
namespace vold {
|
||||||
|
|
||||||
|
|
|
@ -1,51 +0,0 @@
|
||||||
/*
|
|
||||||
* Copyright (C) 2016 The Android Open Source Project
|
|
||||||
*
|
|
||||||
* Licensed under the Apache License, Version 2.0 (the "License");
|
|
||||||
* you may not use this file except in compliance with the License.
|
|
||||||
* You may obtain a copy of the License at
|
|
||||||
*
|
|
||||||
* http://www.apache.org/licenses/LICENSE-2.0
|
|
||||||
*
|
|
||||||
* Unless required by applicable law or agreed to in writing, software
|
|
||||||
* distributed under the License is distributed on an "AS IS" BASIS,
|
|
||||||
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
|
||||||
* See the License for the specific language governing permissions and
|
|
||||||
* limitations under the License.
|
|
||||||
*/
|
|
||||||
|
|
||||||
#include "ScryptParameters.h"
|
|
||||||
|
|
||||||
#include <stdlib.h>
|
|
||||||
#include <string.h>
|
|
||||||
|
|
||||||
bool parse_scrypt_parameters(const char* paramstr, int* Nf, int* rf, int* pf) {
|
|
||||||
int params[3] = {};
|
|
||||||
char* token;
|
|
||||||
char* saveptr;
|
|
||||||
int i;
|
|
||||||
|
|
||||||
/*
|
|
||||||
* The token we're looking for should be three integers separated by
|
|
||||||
* colons (e.g., "12:8:1"). Scan the property to make sure it matches.
|
|
||||||
*/
|
|
||||||
for (i = 0, token = strtok_r(const_cast<char*>(paramstr), ":", &saveptr);
|
|
||||||
token != nullptr && i < 3; i++, token = strtok_r(nullptr, ":", &saveptr)) {
|
|
||||||
char* endptr;
|
|
||||||
params[i] = strtol(token, &endptr, 10);
|
|
||||||
|
|
||||||
/*
|
|
||||||
* Check that there was a valid number and it's 8-bit.
|
|
||||||
*/
|
|
||||||
if ((*token == '\0') || (*endptr != '\0') || params[i] < 0 || params[i] > 255) {
|
|
||||||
return false;
|
|
||||||
}
|
|
||||||
}
|
|
||||||
if (token != nullptr) {
|
|
||||||
return false;
|
|
||||||
}
|
|
||||||
*Nf = params[0];
|
|
||||||
*rf = params[1];
|
|
||||||
*pf = params[2];
|
|
||||||
return true;
|
|
||||||
}
|
|
|
@ -1,28 +0,0 @@
|
||||||
/*
|
|
||||||
* Copyright (C) 2016 The Android Open Source Project
|
|
||||||
*
|
|
||||||
* Licensed under the Apache License, Version 2.0 (the "License");
|
|
||||||
* you may not use this file except in compliance with the License.
|
|
||||||
* You may obtain a copy of the License at
|
|
||||||
*
|
|
||||||
* http://www.apache.org/licenses/LICENSE-2.0
|
|
||||||
*
|
|
||||||
* Unless required by applicable law or agreed to in writing, software
|
|
||||||
* distributed under the License is distributed on an "AS IS" BASIS,
|
|
||||||
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
|
||||||
* See the License for the specific language governing permissions and
|
|
||||||
* limitations under the License.
|
|
||||||
*/
|
|
||||||
|
|
||||||
#ifndef ANDROID_VOLD_SCRYPT_PARAMETERS_H
|
|
||||||
#define ANDROID_VOLD_SCRYPT_PARAMETERS_H
|
|
||||||
|
|
||||||
#include <stdbool.h>
|
|
||||||
#include <sys/cdefs.h>
|
|
||||||
|
|
||||||
#define SCRYPT_PROP "ro.crypto.scrypt_params"
|
|
||||||
#define SCRYPT_DEFAULTS "15:3:1"
|
|
||||||
|
|
||||||
bool parse_scrypt_parameters(const char* paramstr, int* Nf, int* rf, int* pf);
|
|
||||||
|
|
||||||
#endif
|
|
|
@ -26,7 +26,6 @@
|
||||||
#include <utils/Trace.h>
|
#include <utils/Trace.h>
|
||||||
|
|
||||||
#include <stdio.h>
|
#include <stdio.h>
|
||||||
#include <sys/vfs.h>
|
|
||||||
#include <fstream>
|
#include <fstream>
|
||||||
#include <thread>
|
#include <thread>
|
||||||
|
|
||||||
|
@ -912,42 +911,10 @@ static void initializeIncFs() {
|
||||||
incfs::features();
|
incfs::features();
|
||||||
}
|
}
|
||||||
|
|
||||||
// This is missing from the kernel UAPI headers.
|
|
||||||
#define ST_RDONLY 0x0001
|
|
||||||
|
|
||||||
// FDE devices run the post-fs-data trigger (and hence also earlyBootEnded)
|
|
||||||
// multiple times, sometimes prior to the real /data being mounted. That causes
|
|
||||||
// keystore2 to try to open a file in /data, causing it to panic or have to be
|
|
||||||
// killed by vold later, causing problems (vold failing to connect to keystore2,
|
|
||||||
// or keystore2 operations erroring out later). As a workaround to keep FDE
|
|
||||||
// working, ignore these too-early calls to earlyBootEnded.
|
|
||||||
//
|
|
||||||
// This can be removed when support for FDE is removed.
|
|
||||||
static bool IgnoreEarlyBootEnded() {
|
|
||||||
// The statfs("/data") below should be sufficient by itself, but to be safe
|
|
||||||
// we also explicitly return false on FBE devices. (This really should be
|
|
||||||
// ro.crypto.type != "block" for "non-FDE devices", but on FDE devices this
|
|
||||||
// is sometimes called before ro.crypto.type gets set.)
|
|
||||||
if (fscrypt_is_native()) return false;
|
|
||||||
|
|
||||||
struct statfs buf;
|
|
||||||
if (statfs(DATA_MNT_POINT, &buf) != 0) {
|
|
||||||
PLOG(ERROR) << "statfs(\"/data\") failed";
|
|
||||||
return false;
|
|
||||||
}
|
|
||||||
if (buf.f_type == TMPFS_MAGIC || (buf.f_flags & ST_RDONLY)) {
|
|
||||||
LOG(INFO) << "Ignoring earlyBootEnded since real /data isn't mounted yet";
|
|
||||||
return true;
|
|
||||||
}
|
|
||||||
return false;
|
|
||||||
}
|
|
||||||
|
|
||||||
binder::Status VoldNativeService::earlyBootEnded() {
|
binder::Status VoldNativeService::earlyBootEnded() {
|
||||||
ENFORCE_SYSTEM_OR_ROOT;
|
ENFORCE_SYSTEM_OR_ROOT;
|
||||||
ACQUIRE_LOCK;
|
ACQUIRE_LOCK;
|
||||||
|
|
||||||
if (IgnoreEarlyBootEnded()) return Ok();
|
|
||||||
|
|
||||||
initializeIncFs();
|
initializeIncFs();
|
||||||
Keystore::earlyBootEnded();
|
Keystore::earlyBootEnded();
|
||||||
return Ok();
|
return Ok();
|
||||||
|
|
|
@ -22,10 +22,6 @@
|
||||||
#include "KeyBuffer.h"
|
#include "KeyBuffer.h"
|
||||||
#include "KeyUtil.h"
|
#include "KeyUtil.h"
|
||||||
|
|
||||||
// TODO(b/191796797): remove this once it is no longer referenced by system/core
|
|
||||||
// and bootable/recovery.
|
|
||||||
#define CRYPT_FOOTER_OFFSET 0x4000
|
|
||||||
|
|
||||||
int cryptfs_setup_ext_volume(const char* label, const char* real_blkdev,
|
int cryptfs_setup_ext_volume(const char* label, const char* real_blkdev,
|
||||||
const android::vold::KeyBuffer& key, std::string* out_crypto_blkdev);
|
const android::vold::KeyBuffer& key, std::string* out_crypto_blkdev);
|
||||||
const android::vold::KeyGeneration cryptfs_get_keygen();
|
const android::vold::KeyGeneration cryptfs_get_keygen();
|
||||||
|
|
12
vdc.rc
12
vdc.rc
|
@ -1,12 +0,0 @@
|
||||||
# One shot invocation to deal with encrypted volume.
|
|
||||||
on defaultcrypto
|
|
||||||
exec - root -- /system/bin/vdc --wait cryptfs mountdefaultencrypted
|
|
||||||
# vold will set vold.decrypt to trigger_restart_framework (default
|
|
||||||
# encryption) or trigger_restart_min_framework (other encryption)
|
|
||||||
|
|
||||||
# One shot invocation to encrypt unencrypted volumes
|
|
||||||
on encrypt
|
|
||||||
start surfaceflinger
|
|
||||||
exec - root -- /system/bin/vdc --wait cryptfs enablecrypto
|
|
||||||
# vold will set vold.decrypt to trigger_restart_framework (default
|
|
||||||
# encryption)
|
|
Loading…
Reference in a new issue