Commit graph

45 commits

Author SHA1 Message Date
Yurii Zubrytskyi
9e7482ece1 [vold] Add argument verification to IncFS methods
+ Get rid of an extra string copy in path validation function

Bug: 152349257
Test: atest vold_tests
Change-Id: I03a8cab0dd6abd7d5c9dcbbc2acb651e818e6cd8
Merged-In: I03a8cab0dd6abd7d5c9dcbbc2acb651e818e6cd8
2020-03-25 17:21:49 -07:00
Paul Crowley
886e572009 On newer devices, use dm-default-key to encrypt SD cards
The dm-crypt solution requires a kernel patch that won't be present in
the GKI kernel, while the new metadata encryption system in the GKI
kernel solves this problem in a much cleaner way.

Test: create private volume on Cuttlefish, setting property both ways.
Bug: 147814592
Change-Id: Ie02bd647c38d8101af2bbc47637f65845d312cea
2020-02-18 13:01:00 -08:00
Paul Crowley
220567c33a Generalize CryptoType infrastructure
More consistency between MetadataCrypt and cryptfs, and steps towards
supporting Adiantum properly in MetadataCrypt.

Test: create private volume on Cuttlefish
Bug: 147814592
Change-Id: Ic3993c1fde11b4f5a9e6cc8ee588a7d92241c6ab
2020-02-14 00:48:27 -08:00
Shawn Willden
35f0f22c9b Update vold to use KM4.1
This CL updates vold to use the Keymaster 4.1 interface, but does not
yet call any of the new methods.

Test: Boot the device
Change-Id: I4574a2f6eead3b71d1e89488b496b734694620c7
Merged-In: I4574a2f6eead3b71d1e89488b496b734694620c7
2020-02-11 15:51:04 -07:00
Jiyong Park
50c3ab6ac1 Fixed a wrong AIDL import path
AIDL import path should point to a root directory where relative path to
an AIDL file encodes the fully qualified name of the type in the file.

Since libvold_binder imports types like
android.os.incremental.IncrementalFileSystemControlParcel which are
under frameworks/base/core/java, the import path should set to the path,
not to the sub directory that directly has the AIDL files.

Bug: 147918827
Test: m
Change-Id: Ic4941578813eced5a7eb59a0656c10b76e902515
2020-01-20 12:37:52 +09:00
Songchun Fan
ab55cecdc1 [incremental] use vold to mount/unmount IncrementalFileSystem
Let vold mount IncFs onto directories under data and open control files.

Test: builds
Change-Id: Ibd96aae254b4fefaf56c9d549c4672a987c46221
2019-12-04 14:01:22 -08:00
Paul Crowley
8bf310b9f3 Remove libfscrypt now it's in libfs_mgr
Now that we include libfscrypt in libfs_mgr via whole_static_libs we
should not reference it directly.

Bug: 143307095
Test: treehugger
Change-Id: I4cd138b50131ec8ce7835d9604c89c99cae53212
2019-10-30 13:34:49 -07:00
Tao Bao
b1bbc7079c Mark libvold_headers as recovery_available.
recovery modules use <cryptfs.h> (in particular CRYPT_FOOTER_OFFSET).

Test: mmma bootable/recovery
Change-Id: I97b038476ccbeb0a5ac4a6cde86063325bdbb152
2019-10-02 10:50:53 -07:00
Steven Moreland
4496ef9d34 Remove libhwbinder/libhidltransport deps
Since these were combined into libhidlbase.

Bug: 135686713
Test: build only (libhwbinder/libhidltransport are empty)
Change-Id: I890b572d537d66ecb49effd8efc782279c52956e
2019-09-05 14:18:22 -07:00
David Anderson
10de69d7bb libdm now requires linking to libext2_uuid.
Bug: 135771280
Test: mm vold -j
Change-Id: Id71c71926841581d4d3bc4a66f4c06294df21028
2019-06-27 13:41:03 -07:00
Treehugger Robot
94f300295d Merge "Match src paths with aidl package name" 2019-06-06 02:19:19 +00:00
Dan Willemsen
87c7f882dd Match src paths with aidl package name
In order for the build system to track updates to the header files
during incremental builds, always specify the src files using the same
path as the package for C++ compilations.

Bug: 112114177
Test: treehugger
Change-Id: I9a2d638cbde46f67e2d5761f5b5113cc7e068ec5
2019-06-05 17:03:31 +00:00
David Anderson
b92247368a Replace manual dm ioctls with libdm.
This mostly 1:1 replaces manual ioctls to device-mapper with calls to
libdm. There were two exceptions:

(1) There is a very old table-load-retry loop to workaround issues with
    umount (b/7220345). This loop has been preserved, however, it now
    includes DM_DEV_CREATE as well as DM_TABLE_LOAD.
(2) There was some ancient code to set DM_DEV_GEOMETRY for obb
    dm-devices. This never did anything since geometry must be set after
    loading a table. When setting it before (as vold was doing), the
    subsequent DM_TABLE_LOAD will clear it.

Bug: 132206403
Test: FBE device boots
      FBE device w/ metadata encryption boots
      FDE device boots
      atest StorageManagerIntegrationTest
Change-Id: Ib6db6b47329f093ac7084edaf604eddace8b9ac6
2019-05-13 13:07:12 -07:00
Nick Kralevich
d78fb53378 vold: add android-* to tidy_checks
Bug: 129350825
Test: compiles and boots
Change-Id: If5a6267cc56bfc0ba73602bfa520035197b4fb90
2019-03-29 16:07:58 -07:00
Jiyong Park
8d21c924d7 Don't unmount /storage for early native processes
Motivation:

Early processes launched before the runtime APEX - that hosts the bionic
libs - is activated can't use the bionic libs from the APEX, but from the
system partition (which we call the bootstrap bionic). Other processes
after the APEX activation should use the bionic libs from the APEX.
In order to let both types of processes to access the bionic libs via
the same standard paths /system/lib/{libc|libdl|libm}.so, some mount
namespace magic is used.

To be specific, when the device boots, the init initially bind-mounts
the bootstrap bionic libs to the standard paths with MS_PRIVATE. Early
processes are then executed with their own mount namespaces (via
unshare(CLONE_NEWNS)). After the runtime APEX is activated, init
bind-mounts the bionic libs in the APEX to the same standard paths.
Processes launched thereafter use the bionic libs from the APEX (which
can be updated.)

Important thing is that, since the propagation type of the mount points
(the standard paths) is 'private', the new bind-mount events for the
updated bionic libs should not affect the early processes. Otherwise,
they would experience sudden change of bionic libs at runtime. However,
other mount/unmounts events outside of the private mount points are
still shared across early/late processes as before. This is made possible
because the propagation type of / is 'shared' .

Problem:

vold uses the equality of the mount namespace to filter-out processes
that share the global mount namespace (the namespace of the init). However,
due to the aforementioned change, the early processes are not filtered
out because they have different mount namespaces. As a result,
umount2("/storage/") is executed on them and this unmount event
becomes visible to the global mount namespace (because as mentioned before /
is 'shared').

Solution:

Fiter-out the early processes by skipping a native (non-Java) process
whose UID is < AID_APP. The former condition is because all early
processes are native ones; i.e., zygote is started after the runtime
APEX is activated. The latter condition is to not filter-out native
processes created locally by apps.

Bug: 120266448
Test: m; device boots

Change-Id: I054deedc4af8421854cf35be84e14995523a259a
2019-03-04 16:22:41 +09:00
LongPing Wei
7f3ab95b8d Remove secontext.h, secontext.cpp, hash.h
cryptfs.cpp and MetadataCrypt.cpp can use android::vold::sFsckContext directly.
hash.h is unuseful.

Test: make
Change-Id: I7acdac97d6ed1c9b2a5dc367fcea8aa2942192e8
2019-01-30 16:28:02 +08:00
Michael Wright
ad232d6f84 Remove dependency on libparcelfiledescriptor
This library doesn't actually exist outside of ARC specific branches,
so it will break any ARC product builds.

Test: None
Change-Id: Ic73f470c93ea7d3590dc2b273624988291612344
2018-12-04 12:22:47 +00:00
Treehugger Robot
e7a9d5fbbd Merge "ARC++ swap for AppFuseUtil" 2018-12-01 07:22:19 +00:00
Treehugger Robot
13755d81be Merge "Includes new static libfs_avb" 2018-11-30 06:59:38 +00:00
Bowgo Tsai
549fd0e9ae Includes new static libfs_avb
Bug: 112103720
Test: boot crosshatch_mainline-userdebug
Change-Id: If33f6dbf7a31d57f61c0aca0296f2ff06c8b4a86
2018-11-29 22:17:24 +08:00
Risan
dcbd4fcad2 ARC++ swap for AppFuseUtil
Bug: 110379912
Test: Compiled.
Change-Id: Ib7910ba4df6c60d7125a07b07c62612ed4146ddb
Merged-In: Ib7910ba4df6c60d7125a07b07c62612ed4146ddb
2018-11-14 07:28:36 +00:00
Risan
ac02a4863f Extract AppFuse as a util
Bug: 110379912
Test: testOpenProxyFileDescriptor
Change-Id: I0429a498d7b54682efe9b05815f3470e8745609e
2018-11-14 07:28:06 +00:00
Risan
8c9f33242f StubVolume as first class Volume in Vold
StubVolume is a Volume that is maintained by external party such as the
ChromeOS processes in ARC++.

Bug: 110380403
Test: Tested on ARC++

Change-Id: I3198bd7283d5f60a524da3707dea7385ffec599d
2018-11-08 07:40:43 +00:00
Eric Biggers
a701c458ca vold: rename from "ext4 encryption" to fscrypt
We support file-based encryption on both ext4 and f2fs now, and the
kernel API is the same.  So rename things appropriately in vold:

    e4crypt => fscrypt
    ext4enc => fscrypt
    Ext4Crypt => FsCrypt
    EXT4_* => FS_*
    ext4_encryption_key => fscrypt_key

Additionally, the common functions shared by 'vold' and 'init' are now
in libfscrypt rather than ext4_utils.  So update vold to link to
libfscrypt and include the renamed headers.

Note: there's a chance of 'fscrypt' being confused with the dm-crypt
based encryption code in vold which is called 'cryptfs'.  However,
fscrypt is the name used in the kernel for ext4/f2fs/ubifs encryption,
and it's preferable to use the same name in userspace.

Test: built, booted device with f2fs encryption
Change-Id: I2a46a49f30d9c0b73d6f6fe09e4a4904d4138ff6
2018-10-25 17:12:32 -07:00
Daniel Rosenberg
d399249855 Add checkpointing support for A/B updates
This adds implicit rollback support during A/B style updates.
If you explicitly start a checkpoint with -1, needsRollback will
trigger if the update fails, and should be used if any additional
cleanup is needed that is not covered by A/B itself.

Test: All Checkpoint tests pass
Bug: 111020314
Change-Id: I88b4a1098c6bac4dc1438a54c8a8f59577a6c17b
2018-10-03 15:39:25 -07:00
Mark Salyzyn
c4405e9c17 Protect /mnt/scratch from stale umount on userdebug
On userdebug protect /mnt/scratch. On user builds ensure that
/mnt/scratch is considered a stale mount so it can not be used.
vold runs before ro.debuggable is set, so this must be a compile
time decision.

Minor technical debt cleanup associated with using android::base.

Test: compile
Bug: 109821005
Change-Id: I8efdbedfe850dd24daecf03a37aea61de47edc7d
Merged-In: I8efdbedfe850dd24daecf03a37aea61de47edc7d
2018-10-02 18:00:49 +00:00
Daniel Rosenberg
65f99c9e8b Add support for checkpointing
Checkpointing uses a combination of files on the meta partition
and the checkpoint= fs_mgr flag. Checkpointed partitions will
revert to their starting state on reboot unless checkpoint commit
is called.

Test: Run vdc commands, check file on metadata
Merged-In: Icba16578608a6cbf922472e9d4ae5b8cf5f016c6
Change-Id: Icba16578608a6cbf922472e9d4ae5b8cf5f016c6
2018-09-21 21:54:11 +00:00
Yifan Hong
91a68dfc98 health.filesystem HAL renamed to health.storage
Bug: 111655771
Test: compiles
Change-Id: Ibfcab4d116d735ba2f80a8b0ead314138a7ba23d
Merged-In: Ibfcab4d116d735ba2f80a8b0ead314138a7ba23d
2018-09-19 13:11:50 -07:00
Yifan Hong
024a1241a6 vold uses health filesystem HAL
to runDevGc(). This fixes a Treble violation.
Bug: 111655771
Test: manual

Change-Id: I53d6db6ffa99e43e281f8086442151692c1826ca
2018-09-17 10:06:57 -07:00
Wei Wang
f5b085c13a Add rc file for wait_for_keymaster
Similar to update_verifier, define higher prio and use exec_start for
this binary.

Bug: 79492334
Test: Reboot test
Change-Id: I8d3133cabcc8d4cee8bdead310f2c18d8d07e9dd
2018-05-15 16:15:21 -07:00
Paul Crowley
8f82879901 add wait_for_keymaster
Bug: 79228237
Test: boots with patch
Change-Id: I581bcd4c4dd92c5b7be70eb351ecba20225e1eee
2018-05-09 12:59:18 -07:00
Risan
de787a847a Remove libarcmounter dependency in Vold
Due to rerouting ArcBridge call through System Server, Vold doesn't need
to depend on ArcBridge-related C++ library anymore.

Bug: 64500663
Test: Compiled.
Change-Id: Ic93cbc8cec8496784960d5093fb7b12d43574ced
2018-03-01 11:19:51 +09:00
Risan
ea2d2bb46c Add ArcService AIDL in Vold
This is needed to allow ARC++ Vold to interact with ArcBridgeService
through SystemServer.

Bug: 64500663
Test: Compiled, tested on device + cts in master-arc-dev (ag/3488659)
Change-Id: I3b05b0f456ec99be9163877a2d83cdbf2bb94991
2018-02-23 18:23:35 +00:00
Shawn Willden
353518194e Support Keymaster4
This CL changes vold from using a KM3 device directly to using the KM4
support wrapper from the KM4 support library, which supports both KM3
and KM4 devices (KM0, 1 and 2 devices are still supported as well,
because the default KM3 device is a wrapper that uses them).

In addition, I found myself getting confused about which "Keymaster"
types were locally-defined vold keymaster types and which were from
the KM4 HAL and support library, so I changd the approach to
referencing the latter, so all of them are qualified with the "km::"
namespace reference.

Test: Build & boot
Change-Id: I08ed5425641e7496f8597d5716cb3cd0cbd33a7f
2018-01-25 20:14:42 -07:00
Risan
9929e7db32 [VOLD] Add ARC++ ObbMount shared lib
Unfortunately, static library dependency is not transitive (even if the
dependency is a shared library). So I am wrapping the libarcobbvolume's
dependency as libarcmounter shared library.

Bug: 64500663
Test: Compile
Change-Id: I12be7a9d885c7c1c043185bd134e0148d420c6fd
2018-01-22 11:04:25 +09:00
Jeff Sharkey
37ba125205 Add basic exFAT support.
Several partners have been requesting exFAT support.  Android doesn't
natively support exFAT, but we're at least willing to try mounting an
exFAT filesystem if we detect the Linux kernel supports it, and if
helper binaries are present.

This CL is simple scaffolding, and it provides no actual
implementation of exFAT.

Test: builds, boots
Bug: 67822822
Change-Id: Id4f8ec3967b32de6e1c0e3c4b47fe6e43a6291ab
2018-01-19 11:58:43 +09:00
TreeHugger Robot
24224d10d0 Merge "Break vold dependency on keystore utilities." 2017-12-21 00:52:38 +00:00
Colin Cross
b8efb47a7c Merge "Export AIDL files as a filegroup for framework.jar" 2017-12-02 23:20:42 +00:00
Risan
aedae617fe [Vold] Conditional dependency to ARC++ ObbVolume
Test: Compile

Change-Id: Ic6348f7816b28302d45c05a359548a5d034fde24
Bug: 64500663
2017-11-30 04:24:41 +00:00
Colin Cross
a838863d77 Export AIDL files as a filegroup for framework.jar
Put AIDL files into a filegroup so they can be imported as sources
for framework.jar.

Bug: 69917341
Test: m checkbuild
Change-Id: I22e765ccf88832b1b192b42b2161898d9a6e5b2c
2017-11-29 19:07:22 +00:00
Shawn Willden
f452774030 Break vold dependency on keystore utilities.
This is temporary.  Keystore is in the process of being upgraded to use
the new Keymaster 4.0 HAL, and I want to leave vold alone, using
Keymaster 3.0 for the moment.  This CL just copies relevant bits of
keystore support utilities into vold, so it can stop depending on the
copies from keystore.

After the keystore update is complete, vold will be changed either to
use Keymaster 4.0 or -- more likely -- to use keystore rather than
talking to Keymaster directly.  At that point the files added by this CL
will be deleted.

Test: Device boots and successfully decrypts /data
Change-Id: I73f6d4cc4c5e20d89d7ac37d29d025bf279f9e12
2017-11-09 16:05:38 -07:00
Paul Crowley
b64933a502 Be even more C++. Switch on a warning.
Remove lots of "extern C" and "ifdef __cplusplus" which are no longer
needed now all of vold is C++. Also turn on the cert-err58-cpp warning
we once had to disable.

Bug: 67041047
Test: compiles, boots
Change-Id: I8c6f9dd486f2409e0deed7bb648d959677465b21
2017-10-31 08:40:23 -07:00
Jeff Sharkey
2048a2865c Test that plaintext can't be read from disk for encrypted files.
Bug: 36029169
Test: tested by hand on Taimen
Change-Id: I5717a8630bb2c8d8fe5c343d519c4e59862ecbdf
2017-10-27 15:14:56 -07:00
Paul Crowley
82b41ff837 Convert vold_prepare_subdirs to C++
Minimize overhead in boot by replacing shell script invoked multiple
times with a C++ program invoked once.

Bug: 67901036
Test: create user, run adb shell ls -laZ /data/misc_ce/10; delete user
    and check logs.
Change-Id: I886cfd6505cca1f5b5902f2071e13f48e612214d
2017-10-24 15:26:58 -07:00
Jeff Sharkey
d16dc5089b Move vold to Android.bp.
Test: builds, boots
Bug: 67041047
Change-Id: Ife9118d274fc92d30b38d216f815741a060a04b7
2017-10-23 17:27:49 -06:00