Userspace reboot turned out to be a dead end and is no longer supported.
Therefore, remove the code from vold that handled keeping CE storage
unlocked past the userdata filesystem being unmounted and mounted.
This is a revert of commit 1c6731c649 (https://r.android.com/1254615)
with various conflicts resolved.
Bug: 292469129
Change-Id: If530edaf7c1566dd3bd8b1322f935f38a2e66beb
Merged-In: If530edaf7c1566dd3bd8b1322f935f38a2e66beb
(cherry picked from commit 2b97a88ba4)
Adoptable storage CE and DE keys were not being explicitly evicted,
resulting in the benefits of key eviction not being fully realized on
devices that use adoptable storage. Fix this by evicting the adoptable
storage keys when the corresponding internal storage keys are evicted:
- In lockUserKey, evict the CE keys for adoptable storage volumes, not
just the CE key for internal storage as was done before.
- In destroyUserKey, evict the user's CE and DE keys for adoptable
storage, not just the internal storage keys as was done before.
To make this possible, starting keeping track of the EncryptionPolicy of
each currently installed adoptable storage key.
(This CL is reworked from https://r.android.com/2660878,
original author Arnab Sen <arnabse@amazon.com>)
Test: On Cuttlefish with config_multiuserMaxRunningUsers changed to 1:
sm set-virtual-disk true
sm partition disk:7,416 private
pm create-user 10
am start-user 10
am stop-user 10
# Verified that this fails with "Required key not available".
touch /mnt/expand/f1ad173b-d6d9-4948-8eb7-ccdd7b053b22/misc_ce/10/foo.txt
am start-user 10
pm remove-user 10
# Checked for all the expected "Evicted fscrypt key" messages.
# 2 from when user was stopped, and 4 from when user was removed.
adb logcat | grep Evicted
Change-Id: I7f11a135d8550618cd96013f834cebd54be5ef84
Merged-In: I7f11a135d8550618cd96013f834cebd54be5ef84
(cherry picked from commit 68fd3689a1)
Erasing a key from s_new_ce_keys is equivalent to destroying it, so it
shouldn't be done when the key is merely being evicted.
This didn't matter in practice since eviction requests don't come in
before the key gets persisted, but fix this to avoid confusion.
Test: see I7f11a135d8550618cd96013f834cebd54be5ef84
Change-Id: I28412f243925b5a7242449b617fe9de9c90912b6
Merged-In: I28412f243925b5a7242449b617fe9de9c90912b6
(cherry picked from commit 3529302ede)
Everything in FsCrypt.cpp seems to run under VolumeManager::mCryptLock,
except for fscrypt_destroy_volume_keys() which uses mLock instead.
This was sort of okay because fscrypt_destroy_volume_keys() didn't
operate on any in-memory data structures. However, that is going to be
changed. Therefore, rework VoldNativeService::forgetPartition() to call
fscrypt_destroy_volume_keys() under mCryptLock.
Test: see I7f11a135d8550618cd96013f834cebd54be5ef84
Change-Id: Ia27a61faf2fdd546cdbddb2a3985c7c6696f6aa6
Merged-In: Ia27a61faf2fdd546cdbddb2a3985c7c6696f6aa6
(cherry picked from commit ce86e24d23)
No change in behavior, except for removing a redundant check of
's_ce_policies.count(user_id)' and removing an extra ERROR message.
Test: see I7f11a135d8550618cd96013f834cebd54be5ef84
Change-Id: If221e23991e8e04138ae7dbdafe8160b00893655
Merged-In: If221e23991e8e04138ae7dbdafe8160b00893655
(cherry picked from commit 92428b247f)
Generated corpus using binder2corpus tool from recordings
of vold transactions and using it with vold service fuzzer.
Test: m vold_native_service_fuzzer && adb sync data && adb shell /data/fuzz/arm64/vold_native_service_fuzzer/vold_native_service_fuzzer /data/fuzz/arm64/vold_native_service_fuzzer/vold_native_service_fuzzer_corpus -runs=1000
Bug: b/299138341
Change-Id: Ic9bc7a7971790fa19a04181b6f89a33a0088bdd8
Align units to a segment unit when adjusting free segment number.
Test: run the smart idle maint service.
Change-Id: I4fd74ac92adc4ae1a0ded4a7df75a690d829eb20
Signed-off-by: Daeho Jeong <daehojeong@google.com>
Public SdCard Volumes are mounted only for user 0
(foreground user). This gives ENONT if the cloned
user tries to access the files in SdCard with
paths like "/storage/AB02-G212/DCIM/"
This change adds SdCard Volume mnt under
/mnt/usr/<cloned-user>/ which allows cloned apps
access to SdCard via direct file paths.
Bug: 203395175
Test: Manual by building and flashing device.
Change-Id: I091c40d3cb19915145cd5af40d1e79d5a9ecfa02
We no longer support ro.apex.updatable=false case. Hence no need to read
it.
Bug: 297460439
Test: device boots
Change-Id: I9b71ea96052741073f092ca6abcfbe92a927128a
StorageStatsManager.getTotalBytes currently takes the size of /data and
rounds up to known probable sizes to guess the size of internal storage.
This is not always correct.
Instead, find the device /data is on and get the size of that device.
This should give a more accurate answer.
Bug: 295358118
Test: vdc volume getStorageSize returns storage size
Change-Id: I907892041b1ce2cd72092a9877ac34c12bf3f254
This reverts commit 78f806198f.
There is no code that reads this system property, logcat already shows
whether the FS keyring is being used, and all devices launching with
Android 11 and later are guaranteed to use the FS keyring anyway.
Bug: 154327249
Change-Id: Id906efedd89d5bcac5370fb141cdbf7848932d95
vold_prepare_subdirs should create apexdata directories for each APEX.
Previously, it gets the list by scanning /apex directory. However,
vold/vold_prepare_subdirs run in the bootstrap mount namespace, they can
see only bootstrap apexes in /apex. The reason why it worked was that
unintended side effects of how we managed /apex directory for both mount
namespace.
Instead, since apexdata directories are already populated by init in
/data/misc/apexdata, we can use that directory for the same purpose.
Bug: 295345486
Test: CtsPackageSettingHostTestCases
Change-Id: I453cd59f54ccbb140f73b5e8576b36fa49f9bc59
In this change, the logic to get the list of apexes is replaced with
the query to apexservice, which is the source of truth. This dedups
the manual scanning of /apex for the apex list, which should be
internal to apexd. (Note how vold_prepare_subdirs filtered out
directories with "@" character).
This also makes vold_prepare_subdirs immune to the upcoming changes:
/apex directory containing only bootstrap APEXes in the bootstrap NS.
Until now, getting the list of apexes by scanning /apex was okay
because of the accidental fact that /apex directory has directories
for all the apexes, not only bootstrap apexes.
Bug: 293949266
Bug: 293546778
Test: CtsPackageSettingHostTestCases
Change-Id: I3fe373ca6f4c2281439bb2449845a1a14357131e
Newer versions of libc++ check that an allocator can be rebound to the
same element type. We need to add a rebind member to ZeroingAllocator
to fix this compiler error:
prebuilts/clang/host/linux-x86/clang-r498229/include/c++/v1/vector:376:19: error: static assertion failed due to requirement 'is_same<android::vold::ZeroingAllocator, std::allocator<char>>::value': [allocator.requirements] states that rebinding an allocator to the same type should result in the original allocator
static_assert(is_same<allocator_type, __rebind_alloc<__alloc_traits, value_type> >::value,
^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
It likely doesn't matter in practice because this allocator is only
used with std::vector, which probably doesn't use allocator rebinding,
because it won't allocate an internal node type (e.g. unlike std::map,
std::list, etc).
Alternatively, ZeroingAllocator could be changed to a
ZeroingAllocator<T> that can zero arbitrary types, but it doesn't seem
necessary currently, and types other than char wouldn't be used.
Bug: b/175635923
Test: treehugger
Change-Id: I42e9d8f02a18637fc67e94cc1358d2ed733a7268
when the idlemaint run is working, if two or more idlemaint abort concurrency are working.
all idlemaint abort will hold the wakelock, until idlemaint run finished,
but it just nofity one idlemaint abort thread to stop and release the wakelock.
Remaining idlemaint abort threads will hold the wakelock until next idlemaint run to notify them.
Bug: 292383791
Test: see the issue Description
Change-Id: I5312be2e0e92c41483cab26e627a4ae562e5aed8
When a volume is ejected from a user but not removed from the device
and mounted again by calling StorageManager#mount, the volume is
mounted for the user from which it was last ejected. This causes the
path of the mounted volume to be inaccessible to the current user.
Whenever StorageManager#mount is called, check if the
VolumeInfo#mountUserId is same as the current userId maintained by
StorageManagerService, if it is not, change the mountUserId for the
Volume to the current userId known to StorageManagerService if it
is not the primary volume and the volume is visible.
This change also fixes a bug where the volumes are unmounted for the
wrong user which causes StorageSessionController go out of sync
which would cause errors during mounting the volumes again as it
maintains sessions per user. The bug also caused volume event
broadcasts to be sent to wrong user handles. To solve the issue
add an extra paramter in IVoldListener#onVolumeStateChanged for userId
which will update the copy which is used for informing
StorageSessionController and also for sending broadcasts.
Test: Perform the following steps:
1. Format SD Card as portable storage in system user.
2. Eject the SD Card from Storage Settings.
3. Switch to a non-system user
4. Mount the SD Card again.
5. Check that the Storage Summary is shown correctly instead
of 0B out of 0B.
Also, checked from the logs the volume state broadcasts are sent to
the correct user handles.
Change-Id: I60b8954cdaee4a54ea6a6299fe5ddda2006faf1c
Properly handle the exit status 1, which shows filesystem errors
corrected, returned by fsck.
Test: manually hot-plugs SD card and check logcat logs
Change-Id: Iacaa8b1d1a7b59931014c1ab6a4708ffc3cd0c06
