Commit graph

20 commits

Author SHA1 Message Date
Alan Stokes
be3db7b7ae Enable vold to set level from user.
We want various per-user directories to have their SELinux MLS level
set to restrict access from other users, as an improvement to user
isolation.

We extend vold_prepare_subdirs to implement this if a flag is
set. vold itself then sets the flag based on a new property,
ro.vold.level_from_user. This is to allow testing of further
incremental work to ensure system apps correctly handle the new
restriction on different devices rather than causing immediate
breakage. Eventually this will go away and the restriction will apply
everywhere.

Bug: 141677108
Test: Manual, with and without propery set.
Change-Id: I8e2207bd94b487bdcc09fd4d80b031027dfea1e3
2020-10-02 14:49:25 +01:00
Oli Lan
e1b3f5cd2d Allow search permission on apex data directories.
This gives x permission to all on the parent apex data directory
so that the data directories can be accessed by modules.

Bug: 147848983
Test: Build & flash, check permissions are correct
Change-Id: I1bbf480cbf9f9e758353237e333317516ad375ee
2020-01-17 11:37:31 +00:00
Oli Lan
9cfc404c2d Change ownership of apex data directories to root.
The apex data directories must be accessed by apexd in order for it to
perform snapshot and restore as part of the rollback process. As apexd
runs as root, this CL changes the apex data directories under misc_[ce|de]
to be owned by root.

Bug: 141148175
Test: Build and flash; check permissions are set correctly.
Change-Id: Icf2059cc9448364f834eef7892914a99883746a1
2020-01-17 11:11:06 +00:00
Oli Lan
ac003c4955 Create directories for snapshots of DE_n and CE_n apex data.
This creates apexrollback directories under /data/misc_[de|ce]/<user>
which will hold snapshots of DE_n and CE_n apex data directories
(i.e. it will hold backups of data from /data/misc_[de|ce]/<user>/apexdata
for particular apexes).

See go/apex-data-directories for details.

Bug: 141148175
Test: Built and flashed, checked directory was created.
Change-Id: I468060b20dee0c50033b5f014ce8716582d5e6bc
2019-12-04 10:29:50 +00:00
Oli Lan
94457217cb Create DE_n and CE_n APEX data directories.
This creates an apexdata directory under /data/misc_de/<user> and
/data/misc_ce/<user>, and also creates a directory under that for
every APEX that is installed.

See go/apex-data-directories.

APEXes are discovered by scanning the /apex directory. It may be better
to delegate this process to a library, but it is proposed to defer that
change to a future CL.

Bug: 141148175
Test: Built and flashed, checked directories were created.
Change-Id: I95a060b4f42241c91da25a779e61a8f85ca1914c
2019-11-21 14:07:18 +00:00
Paul Crowley
b409ade4d7 Create /data/vendor_ce/0/facedata in vold_prepare_subdirs
Bug: 131084614
Test: Modified sepolicy to match, ensured directory was created on
    Crosshatch

Change-Id: I0978a630149158eb3b8f446abecb12e137e6fae5
2019-04-25 19:27:26 +00:00
Annie Meng
89fd2f0d39 Merge "Create subdirs in system_ce/ for multi-user backup" am: 625203444b am: 33a5634374
am: 2506860cfb

Change-Id: I116438108a176deb90eaf724ac8ddd66d597a129
2019-01-17 09:26:04 -08:00
Annie Meng
66176c55e9 Create subdirs in system_ce/ for multi-user backup
Backup system service bookkeeping is being moved to per-user CE
directories to support multiple users participating in the service.

Accompanies SELinux changes at aosp/873133

Bug: 121197420
Test: 1) Boot device; check dirs created with correct label; run backup
successfully on system user
2) Create secondary user; check dirs created with correct label; run
backup successfully

Change-Id: I3a0fdbfcf18a3c242fc64fba0dd014160b50b2f0
2019-01-17 12:53:16 +00:00
Annie Meng
5b43da67fa Merge "vold_prepare_subdirs: prepare /data/misc_[ce|de]/rollback." am: 3cc1866454 am: 2cc1d4e458
am: 142afc926f

Change-Id: Iddeb8e2722162edcd5929a9e9684d3c7fcfcd0ba
2019-01-17 03:20:35 -08:00
Narayan Kamath
a232fd7fc8 vold_prepare_subdirs: prepare /data/misc_[ce|de]/rollback.
These directories are managed by installd and used to store
snapshots of application data directories in order to roll them
back in the case of bad updates.

Bug: 112431924
Test: make, device boot & manual verification.

Change-Id: Ieaca697a45d013937327e0f16f36b9b1eaad6b22
2019-01-16 15:16:51 +00:00
Kevin Chyn
cdd4228eeb Revert "Revert "Revert "Revert "vold now prepares a subdirectory for face data.""""
Bug: 116528212

This reverts commit 8973e2d5d0.

Reason for revert: Will submit after selinux issues are resolved

Change-Id: Ie2df91b33be70629e8c08fdbcc6e7ad0faea13a9
2018-11-20 20:23:43 +00:00
Nick Kralevich
8973e2d5d0 Revert "Revert "Revert "vold now prepares a subdirectory for face data."""
This reverts commit 9dcf54929f.

Reason for revert: Device fails to boot after OTA.

Bug: 116528212
Bug: 119747564
Change-Id: I32bfbc2c2fd560f090e078426315111f241e76cf
2018-11-19 18:47:47 +00:00
Kevin Chyn
9dcf54929f Revert "Revert "vold now prepares a subdirectory for face data.""
This reverts commit a70d237a05.

Reason for revert: Submitting together or after SELinux policy is in place

Change-Id: I952f94df99496ced04adba1ec28d42be53202982
2018-11-15 23:08:14 +00:00
Kevin Chyn
a70d237a05 Revert "vold now prepares a subdirectory for face data."
This reverts commit 21b3b37af3.

Reason for revert: device not booting

Change-Id: Ia76b8454268d70dcd9d9f1ad0d291aaec63b3fd4
2018-11-15 22:46:35 +00:00
Zachary Iqbal
21b3b37af3 vold now prepares a subdirectory for face data.
Change-Id: I32ec05942aac03b95b2abe5d042833197d69706b
Fixes: 116528212
Test: Built and tested locally.
2018-11-08 22:10:05 -08:00
Roman Kiryanov
bda3032fcc Do not crash if secontext is nullptr
LOG(DEBUG) tries to print a string pointed by secontext.get() but
crashed if it was nullptr.

Bug: 111888637
Test: "make -j50" and ran emulator
Change-Id: Iac78f650e7f48781030dc610f7d35cd52c250802
Merged-In: Iac78f650e7f48781030dc610f7d35cd52c250802
Signed-off-by: Roman Kiryanov <rkir@google.com>
2018-09-17 16:15:33 -07:00
Roman Kiryanov
f101236657 Do not crash if secontext is nullptr
LOG(DEBUG) tries to print a string pointed by secontext.get() but
crashed if it was nullptr.

Bug: 111888637
Test: "make -j50" and ran emulator
Change-Id: Iac78f650e7f48781030dc610f7d35cd52c250802
Signed-off-by: Roman Kiryanov <rkir@google.com>
2018-07-26 13:41:14 -07:00
Andreas Huber
71cd43f434 Fingerprint data is now stored in one of two ways depending on the
shipping API version:

For devices shipped before Android P nothing changes, data
is stored under /data/system/users/<user-id>/fpdata/...

Devices shipped from now on will instead store
fingerprint data under /data/vendor_de/<user-id>/fpdata.

Support for /data/vendor_de and /data/vendor_ce has been added to vold.

Bug: 36997597
Change-Id: I615e90d1c9ab08e768a8713968fa043598a0a526
Test: manually
2018-01-23 14:34:55 -08:00
Jin Qian
f39614449d Create subdirectories in misc_ce/misc_de for storaged
Test: Boot device, check directories created
Bug: 63740245
Change-Id: Ie3f593e2cceb99ea7e86614d6b0d7b34f8c7034c
2017-10-24 17:26:44 -07:00
Paul Crowley
82b41ff837 Convert vold_prepare_subdirs to C++
Minimize overhead in boot by replacing shell script invoked multiple
times with a C++ program invoked once.

Bug: 67901036
Test: create user, run adb shell ls -laZ /data/misc_ce/10; delete user
    and check logs.
Change-Id: I886cfd6505cca1f5b5902f2071e13f48e612214d
2017-10-24 15:26:58 -07:00