This is temporary. Keystore is in the process of being upgraded to use
the new Keymaster 4.0 HAL, and I want to leave vold alone, using
Keymaster 3.0 for the moment. This CL just copies relevant bits of
keystore support utilities into vold, so it can stop depending on the
copies from keystore.
After the keystore update is complete, vold will be changed either to
use Keymaster 4.0 or -- more likely -- to use keystore rather than
talking to Keymaster directly. At that point the files added by this CL
will be deleted.
Test: Device boots and successfully decrypts /data
Change-Id: I73f6d4cc4c5e20d89d7ac37d29d025bf279f9e12
A typical storage device finishes the benchmark in under 10 seconds,
but some extremely slow devices can take minutes, resulting in a
confusing UX that looks like we've frozen. Even worse, we keep
churning through all that I/O even though we know the device will
blow past our user-warning threshold.
So periodically check if we've timed out, and also use that to report
progress up into the Settings UI.
Test: manual
Bug: 62201209, 65639764, 67055204
Change-Id: I321397bcff230976f034cede0947d4a5a1f3e8a7
Remove lots of "extern C" and "ifdef __cplusplus" which are no longer
needed now all of vold is C++. Also turn on the cert-err58-cpp warning
we once had to disable.
Bug: 67041047
Test: compiles, boots
Change-Id: I8c6f9dd486f2409e0deed7bb648d959677465b21
Protect all per-volume-per-user keys with a per-volume key, which is
forgotten when the volume is forgotten. This means that the user's key
is securely lost even when their storage is encrypted at forgetting
time.
Bug: 25861755
Test: create a volume, forget it, check logs and filesystem.
Change-Id: I8df77bc91bbfa2258e082ddd54d6160dbf39b378
If it's not a keymaster key, don't try to invalidate or delete the key
blob.
Bug: 25861755
Test: Create and forget a volume, check logs and files.
Change-Id: If8bfb1a9ab41e6c7e46bc311eb296242e56d264f
When we set up encryption on real volumes - not just /data - we should
give them their own keys, so that these keys can be deleted when the
volume is forgotten. Also, we must choose the encryption modes
differently, since ICE encryption which works on /data may not work on
such volumes.
Bug: 25861755
Test: boot device, add SD card, check modes.
Change-Id: I354cd651757c3566dba046ae99d324833ad9b0e5
Minimize overhead in boot by replacing shell script invoked multiple
times with a C++ program invoked once.
Bug: 67901036
Test: create user, run adb shell ls -laZ /data/misc_ce/10; delete user
and check logs.
Change-Id: I886cfd6505cca1f5b5902f2071e13f48e612214d
FDE keys are indexed using the partition GUID, while FBE keys will be
indexed using the filesystem UUID, so pass both of those identifiers
along when forgetting a volume.
Test: cts-tradefed run commandAndExit cts-dev -m CtsAppSecurityHostTestCases -t android.appsecurity.cts.AdoptableHostTest
Bug: 25861755
Change-Id: I6e239d5ba67a01c9a848d705f6167da00f975924
Prevents selinux denials for folders in /proc that do not have the
default /proc label.
Bug: 68146208
Test: no selinux denials for vold attempting to read proc_asound dir.
Merged-In: I7cdd3bbe8e687e078372012773e9a34a5c76e0f8
Change-Id: I7cdd3bbe8e687e078372012773e9a34a5c76e0f8
Prevents selinux denials for folders in /proc that do not have the
default /proc label.
Bug: 68146208
Test: no selinux denials for vold attempting to read proc_asound dir.
Change-Id: I7cdd3bbe8e687e078372012773e9a34a5c76e0f8
I want to use Utils in another executable, so breaking this link.
Bug: 25861755
Test: compiles (and boots, though that doesn't exercise changed code)
Change-Id: I6bb447453bb370fefb7f2f3aceb459428bdee6a7
Used to protect process-level SELinux changes from racing with each
other between multiple threads.
Test: builds, boots
Bug: 67041047
Change-Id: I242afed3c3eb7fba282f1f6b3bdb2d957417c7e8
Make the main thread do something useful instead of sitting around
twiddling its thumbs.
Test: builds, boots
Bug: 67041047
Change-Id: I88f7f4fe151ae2b81f80aa575530c12b56ba4d75
We heavily leverage sgdisk, which already has a bunch of logic to
optimally align partitions. We've been using it for the adoptable
storage GPT tables, and now we also use it for MBR tables.
Test: cts-tradefed run commandAndExit cts-dev --abi armeabi-v7a -m CtsAppSecurityHostTestCases -t android.appsecurity.cts.AdoptableHostTest
Bug: 63735902
Change-Id: I846a8c96930ec2c6ab12e54dc2d464b17f7c54a9
These are the same rules used by system/core/. We'll apply it to
existing code in a future CL.
Test: none
Bug: 67041047
Change-Id: I407581a9ba155aea87ac87f231f5269f7c444a2e
We've been allocating task objects without freeing them, oops. We
don't really need full classes for these tasks, so move them to
blocking methods, and invoke them from a detached thread.
Remove FIDTRIM support, which isn't meaningful on UFS-based flash
devices. Modern devices require FBE/FDE which gives us better
protection against trimmed data lingering around.
Rename "Trim" to more generic "IdleMaint", since it'll soon extend
to include custom F2FS optimization logic.
Check for shady ".." when validating paths.
Test: cts-tradefed run commandAndExit cts-dev -m CtsOsTestCases -t android.os.storage.cts.StorageManagerTest
Test: cts-tradefed run commandAndExit cts-dev --abi armeabi-v7a -m CtsAppSecurityHostTestCases -t android.appsecurity.cts.AdoptableHostTest
Bug: 67041047
Change-Id: I4fb194c5d5ef13f413c02acedfbaaf79c567582b
Moves away from crufty char* operations to std::string utility
methods, including android::base methods for splitting/parsing.
Rewrite of how Process handles scanning procfs for filesystem
references; now uses fts(3) for more sane traversal.
Replace sscanf() with new FindValue() method, also has unit tests.
Remove some unused methods. Switch almost everyone over to using
modern logging library.
Test: cts-tradefed run commandAndExit cts-dev -m CtsOsTestCases -t android.os.storage.cts.StorageManagerTest
Test: cts-tradefed run commandAndExit cts-dev --abi armeabi-v7a -m CtsAppSecurityHostTestCases -t android.appsecurity.cts.AdoptableHostTest
Bug: 67041047
Change-Id: I70dc512f21459d1e25b187f24289002b2c7bc7af
Use vold_prepare_subdirs since only it has the privilege needed.
Bug: 25861755
Test: Boot device, create user, create files, remove user, observe logs
Change-Id: I90fb2517ccd177c9b009001e7a2b00f537152f8c
