Commit graph

13 commits

Author SHA1 Message Date
Rubin Xu
eb850f93ab Remove secdiscard IPC call
No longer used by the framework, hence removing.

Bug: 62140539
Test: builds
Change-Id: I17b9818ea6121d84223a502949186cf679a83a90
2018-03-05 13:55:23 +00:00
Paul Crowley
0fd2626fc3 Add a mount with metadata encryption service
Don't use the FDE flow to support metadata encryption; just provide a
vold service which directly mounts the volume and use that.

Bug: 63927601
Test: Boot Taimen to SUW with and without metadata encryption.
Change-Id: Ifc6a012c02c0ea66893020ed1d0da4cba6914aed
2018-02-01 10:08:17 -08:00
Jeff Sharkey
401b260351 Delay touching disks when secure keyguard showing.
We've tried our best to protect against malicious storage devices
with limited SELinux domains, but let's be even more paranoid and
refuse to look at disks inserted while a secure keyguard is
showing.  We'll gladly scan them right away once the user confirms
their credentials.

Test: builds, boots, manual testing
Bug: 68054513
Change-Id: I37fd6c25bbd6631fa4ba3f84e19384d746a22498
2017-12-15 13:44:55 -07:00
Jin Qian
a370c14f75 Add functions to handle idle maintenance
runIdleMaint is equivalent with:

1. echo 1 > /sys/fs/f2fs/sdX/gc_urgent
2. wait until /sys/fs/f2fs/sdX/dirty_segments
     <= threshold or timeout
3. echo 0 > /sys/fs/f2fs/sdX/gc_urgent
4. fstrim

abortIdleMaint forces the wait loop above to exit and
skips fstrim. However, if fstrim is already running,
abortIdleMaint will just leave it run to completion.

Test: adb shell sm idle-maint [run|abort]
Bug: 67776637
Change-Id: I4adff8d9b6bbd63bce41368cea55dc9e9b117eb6
2017-11-14 15:12:30 -08:00
Jeff Sharkey
2048a2865c Test that plaintext can't be read from disk for encrypted files.
Bug: 36029169
Test: tested by hand on Taimen
Change-Id: I5717a8630bb2c8d8fe5c343d519c4e59862ecbdf
2017-10-27 15:14:56 -07:00
Jeff Sharkey
3ce18256a1 Pass both partition GUID and filesystem UUID.
FDE keys are indexed using the partition GUID, while FBE keys will be
indexed using the filesystem UUID, so pass both of those identifiers
along when forgetting a volume.

Test: cts-tradefed run commandAndExit cts-dev -m CtsAppSecurityHostTestCases -t android.appsecurity.cts.AdoptableHostTest
Bug: 25861755
Change-Id: I6e239d5ba67a01c9a848d705f6167da00f975924
2017-10-24 12:19:47 -06:00
Jeff Sharkey
cbe69fc060 Destroy vold socket interface completely.
Long live Binder.

Test: yes
Bug: 13758960
Change-Id: If6be379b5a873f1b0c66dd1522b87413ad10fc46
2017-09-18 16:00:14 -06:00
Jeff Sharkey
52f7a91934 Move long-running calls to async with listeners.
Now that we're using Binder, we can have callers provide explicit
listeners for every request instead of trying to squeeze them all
into unsolicited socket events.

Move benchmarking to be async to avoid blocking other commands for
up to several minutes.  Remove post-trim benchmarking flag, since
benchmarking now requires a separate callback.  Will bring back in
a future CL.

Test: cts-tradefed run commandAndExit cts-dev -m CtsAppSecurityHostTestCases -t android.appsecurity.cts.AdoptableHostTest
Test: adb shell sm fstrim
Bug: 62201209, 13758960
Change-Id: I0f2ebf1ac3b4252ecd6b44303f2887adfdb58e86
2017-09-15 14:18:00 -06:00
Jeff Sharkey
814e9d308e Move unsolicited vold events to Binder.
Create IVoldListener and move most unsolicited vold events over to
this new interface.  The remaining events will be routed through
method-specific listeners instead of a global one.

Move to upstream DISALLOW_COPY_AND_ASSIGN macro.

Test: cts-tradefed run commandAndExit cts-dev -m CtsAppSecurityHostTestCases -t android.appsecurity.cts.DirectBootHostTest
Test: cts-tradefed run commandAndExit cts-dev -m CtsAppSecurityHostTestCases -t android.appsecurity.cts.AdoptableHostTest
Test: cts-tradefed run commandAndExit cts-dev -m CtsOsTestCases -t android.os.storage.cts.StorageManagerTest
Bug: 13758960
Change-Id: Ib9293487db2d525a76b9b9c2e9ac18d98601c6cf
2017-09-13 11:52:53 -06:00
Jeff Sharkey
83b559ced4 Move all crypto commands over to Binder.
Prefix FDE related commands with "fde" to make it clear which devices
they apply to.  This will also make it easier to remove once FDE
is fully deprecated in a future release.

To emulate the single-threaded nature of the old socket, introduce a
lock that is acquired for all encryption related methods.

Sprinkle some "const" around older files to make C++ happy.

Test: cts-tradefed run commandAndExit cts-dev -m CtsAppSecurityHostTestCases -t android.appsecurity.cts.DirectBootHostTest
Test: cts-tradefed run commandAndExit cts-dev -m CtsAppSecurityHostTestCases -t android.appsecurity.cts.AdoptableHostTest
Test: cts-tradefed run commandAndExit cts-dev -m CtsOsTestCases -t android.os.storage.cts.StorageManagerTest
Bug: 13758960
Change-Id: I0a6ec6e3660bbddc61424c344ff6ac6da953ccf0
2017-09-12 17:24:06 -06:00
Jeff Sharkey
11c2d380a7 Move even more vold commands over to Binder.
This moves fstrim, obb and appfuse commands over to the new Binder
interface.  This change also separates creating/destroying and
mounting/unmounting of OBB volumes, which means they finally flow
nicely into the modern VolumeInfo/VolumeBase design.

We now generate unique identifiers for all OBB volumes, instead of
using a shady MD5 hash.

Change all "loop" and "dm" devices to tag the kernel resources with
a vold-specific prefix so that we can clean them up if vold crashes;
there are new destroyAll() methods that handle this cleanup.

Move appfuse mounting/unmounting into VolumeManager so it can be
shared.  Move various model objects into a separate directory to
tidy things up.

Test: cts-tradefed run commandAndExit cts-dev -m CtsOsTestCases -t android.os.storage.cts.StorageManagerTest
Bug: 13758960
Change-Id: I7294e32b3fb6efe07cb3b77bd20166e70b66958f
2017-09-11 18:44:17 -06:00
Jeff Sharkey
9462bdd512 Move "volume" commands over to Binder.
Keep the old socket-based commands intact for awhile so we can
rapidly disable this change using the ENABLE_BINDER feature flag.

Define constants in AIDL to keep Java and C++ in sync.

Test: cts-tradefed run commandAndExit cts-dev -m CtsAppSecurityHostTestCases -t android.appsecurity.cts.ExternalStorageHostTest
Test: cts-tradefed run commandAndExit cts-dev --abi armeabi-v7a -m CtsAppSecurityHostTestCases -t android.appsecurity.cts.AdoptableHostTest
Bug: 13758960
Change-Id: I0d6f82cbebe67f671b60949fd727409aeb1fdc0d
2017-09-07 15:27:30 -06:00
Jeff Sharkey
068c6be622 Start paving the way for vold calls over Binder.
This change is the bare minimum needed to publish a new vold
Binder service and move the simple "reset" call over to go through
the new interface.

Test: builds, boots
Bug: 13758960
Change-Id: I5b70976653c69f92e1efc8d1f432b2038eb618a4
2017-09-06 14:06:06 -06:00