Commit graph

2411 commits

Author SHA1 Message Date
Daniel Rosenberg
8b9a5b344e Remove waitpid on UnMount
Since we no longer have the Fuse Daemon, we won't ever
need to stop the daemon when unmounting.

Bug: 33808187
Test: Run "adb shell ps | grep -w Z"
          The sdcard daemon should not be listed.
Change-Id: I6bb9341785b711d81553393f7c3b56115c435236
2018-03-13 02:58:03 +00:00
android-build-team Robot
9bada39292 Snap for 4638586 from eb850f93ab to pi-release
Change-Id: I274cd3a5ea9cfd7961216f690798d7b34d9a6300
2018-03-07 08:26:00 +00:00
Rubin Xu
ea0514ee95 Remove secdiscard IPC call
am: eb850f93ab

Change-Id: If4f758f34519cd7bf328a431dc9b14af5e475eed
2018-03-06 23:07:19 +00:00
Rubin Xu
eb850f93ab Remove secdiscard IPC call
No longer used by the framework, hence removing.

Bug: 62140539
Test: builds
Change-Id: I17b9818ea6121d84223a502949186cf679a83a90
2018-03-05 13:55:23 +00:00
android-build-team Robot
17eb03abe1 Snap for 4632767 from de787a847a to pi-release
Change-Id: I93bc46c2703d4146eaa6363750ceb8af3df29d76
2018-03-04 08:23:11 +00:00
Risan
de787a847a Remove libarcmounter dependency in Vold
Due to rerouting ArcBridge call through System Server, Vold doesn't need
to depend on ArcBridge-related C++ library anymore.

Bug: 64500663
Test: Compiled.
Change-Id: Ic93cbc8cec8496784960d5093fb7b12d43574ced
2018-03-01 11:19:51 +09:00
android-build-team Robot
f53cb1f378 Snap for 4620899 from e283f998c6 to pi-release
Change-Id: I608dbf55e50bc2e2c3bf3342904f8e8a5ef38a07
2018-02-25 08:21:23 +00:00
TreeHugger Robot
e283f998c6 Merge "Use unique_ptr<DIR> to safely release resources." 2018-02-25 02:45:33 +00:00
Jeff Sharkey
e50314d52b Trim whitespace from sysfs values.
Test: builds, boots
Bug: 72740079
Change-Id: If364927ea762c7dee99bff5dc307e3b9b5355c2b
2018-02-24 18:23:37 -07:00
Jeff Sharkey
5540b4406c Use unique_ptr<DIR> to safely release resources.
Test: builds, boots
Bug: 66995913
Change-Id: Ib580501fc979b63295b180250581dc7527de76b2
2018-02-24 18:09:22 -07:00
TreeHugger Robot
8c26c46059 Merge "Add ArcService AIDL in Vold" 2018-02-23 20:52:22 +00:00
Risan
ea2d2bb46c Add ArcService AIDL in Vold
This is needed to allow ARC++ Vold to interact with ArcBridgeService
through SystemServer.

Bug: 64500663
Test: Compiled, tested on device + cts in master-arc-dev (ag/3488659)
Change-Id: I3b05b0f456ec99be9163877a2d83cdbf2bb94991
2018-02-23 18:23:35 +00:00
Jaegeuk Kim
af705674fd Merge "vold: Idle-maint issues discards fully" 2018-02-23 03:39:10 +00:00
Jaegeuk Kim
a6aae2f5a5 vold: Idle-maint issues discards fully
Change-Id: Ib20a55e8761aa740b530803f029ecb36256fe9aa
Signed-off-by: Jaegeuk Kim <jaegeuk@google.com>
2018-02-22 19:06:24 -08:00
android-build-team Robot
dbbea4e105 Snap for 4613997 from 38723f23ff to pi-release
Change-Id: I84b7a24a7b8a68399efb4e6733aac0f607c69edb
2018-02-21 08:22:35 +00:00
android-build-team Robot
11b7858f31 Snap for 4610834 from 17510259cc to pi-release
Change-Id: I412e4df32d70072c67973346724954800c66145f
2018-02-18 08:21:37 +00:00
Greg Kaiser
38723f23ff cryptfs: Optionally get crypto type as a property
Instead of hardcoding to "aes-cbc-essiv:sha256" with a 16 byte
key, we introduce a new property, "ro.crypto.fde_algorithm",
to allow the use of different crypto types.  The only other
method we currently support is "speck128-xts-plain64" with
a 32 byte key, although new crypto types are easily added.

We intentionally derive things like the crypto name and the
keysize from the given property name.  This means the code
must be changed for each new crypto type we want to support,
but that's worth it to remove the exploit vector of crypto
types with incorrect key sizes.

Due to previous refactoring CLs, this has minimal impact on
the current code other than changing what we return for
cryptfs_get_{keysize,crypto_name}.

Bug: 73079191
Test: Flashed onto a gobo device with the property set for SPECK, and confirmed via kernel debug output we were using SPECK on the device.
Change-Id: I9c9df61590344c5f62114dfbf679031b0c2ceb1f
2018-02-16 15:24:20 -08:00
Greg Kaiser
57f9af6af4 cryptfs: Require ext disk crypt to match code
Our external partitions have no crypto header/footer, so we
only get the keysize and key.  Our code has been implicitly
assuming that this keysize off of disk matches the crypto
type we have in our code (and thus matches the keysize our
code is using as well).  We now make this assumption
explicit, and check for this and no longer allow external
code to pass a keysize in to cryptfs.

Bug: 73079191
Test: Compiled and tested in combination with other CLs.
Change-Id: I1a1996187e1aaad6f103982652b1bcdfd5be33ce
2018-02-16 15:23:56 -08:00
Greg Kaiser
59ad018d0b cryptfs: Use the crypt_mnt_ftr keysize
Our code has places where we were reading in the crypt_mnt_ftr
struct from disk, but then proceeding to use a hardcoded constant
for the keysize.  We plan to allow crypto with different sized
keys in the future, so we want to just trust the keysize we get
off of disk.

While doing this, we reject any crypt_mnt_ftr we read from disk
which has a keysize in excess of MAX_KEY_LEN.  This defends us
against buffer overflows in the case of corrupt disk data.

Bug: 73079191
Test: Compiled and tested in combination with other CLs.
Change-Id: Id6f192b905960e5508833e9cd3b4668d4754dc7e
2018-02-16 15:22:43 -08:00
Gao Xiang
17510259cc Merge "mFusePid should be cleared after waitpid successfully" am: 456483d193 am: 8be3be3167
am: 8fe7f3104b

Change-Id: I18199ce5f972f0a403728e34dec608a01fceb183
2018-02-16 01:42:39 +00:00
Gao Xiang
8fe7f3104b Merge "mFusePid should be cleared after waitpid successfully" am: 456483d193
am: 8be3be3167

Change-Id: Ib55467c9719d5c578a51b0fc49b03dbc9bbe0870
2018-02-16 01:24:40 +00:00
Gao Xiang
8be3be3167 Merge "mFusePid should be cleared after waitpid successfully"
am: 456483d193

Change-Id: I61bf49cea396ebc8009a54740d7322249025acf0
2018-02-16 01:04:45 +00:00
Treehugger Robot
456483d193 Merge "mFusePid should be cleared after waitpid successfully" 2018-02-15 23:46:14 +00:00
Greg Kaiser
00eda38635 cryptfs: Don't use bare integers for key size
Rather than use an integer and have a comment, we use a named
constant for sizing these master key buffers.  This will help
avoid confusion when we switch to allowing different sized
master keys.

Bug: 73079191
Test: Build
Change-Id: Ifaffdd94d337bb2d5a178f818dfe00f9386ae03b
2018-02-15 12:28:51 -08:00
Greg Kaiser
c0de9c7dba cryptfs: Clarify sizing of intermediate key
Some parts of the code were intermingling constants for the master
key and the intermediate key.  That works at the moment because
these are the same size.  But we'll be introducing logic allowing
different sized master keys, while keeping the intermediate the
same.  To aid that introduction, we use separate constants for
the intermediate key.

Bug: 73079191
Test: Build
Change-Id: I22b1dbf18aff2f76229df1c898fc606d6c1af3ca
2018-02-15 12:27:23 -08:00
Greg Kaiser
b802078adc Revert "cryptfs: Don't hardcode ikey buffer size"
This reverts commit f45a70c416.
2018-02-14 11:26:12 -08:00
Greg Kaiser
2c92d7b6a1 Revert "cryptfs: Make decrypted key buffers large enough"
This reverts commit 4a35ef0a53.
2018-02-14 11:26:08 -08:00
Greg Kaiser
fa099611bf Revert "cryptfs: Optionally get crypt type from properties"
This reverts commit 291fec1789.
2018-02-14 11:26:00 -08:00
android-build-team Robot
eea7eff4e8 Snap for 4603395 from 291fec1789 to pi-release
Change-Id: Id4ddbb350bb56880864d84766353ddee741d8ffa
2018-02-14 08:24:27 +00:00
android-build-team Robot
aeeebdc495 Snap for 4600820 from 4a35ef0a53 to pi-release
Change-Id: Ib996011d37ddb728e1ce1f1e11d74745a85bb89a
2018-02-13 08:46:47 +00:00
Greg Kaiser
291fec1789 cryptfs: Optionally get crypt type from properties
Instead of hardcoding to "aes-cbc-essiv:sha256", we introduce a
new property, "ro.crypto.crypt_type_name", to allow the use of
different crypt methods.  The only other method we currently
support is "speck128-xts-plain64", although new methods are
easily added.

We intentionally derive things like the keysize from the given
crypt name, to reduce exploit vectors.  We also only accept
crypt names the code has whitelisted.

The biggest impact is replacing the hard-coded KEY_LEN_BYTES.
For compile-time buffers, we use the MAX_KEY_LEN to assure they
will be big enough for any crypt type.  For run-time sizing,
we use the value derived from our property.

Bug: 73079191
Test: On an encrypted gobo, booted successfully with (1) no property set, (2) proproperty set to invalid value (and confirmed we defaulted to aes), and (3) after wiping userdata, with property set to "speck128-xts-plain64", confirmed we were using SPECK.
Change-Id: Ic4e10840d6ee2a4d4df58582448e0f768e6f403f
2018-02-12 09:07:16 -08:00
android-build-team Robot
f789c65d0d Snap for 4598635 from 3e02df8d3c to pi-release
Change-Id: Ib38a74630da0771dbcf5a18f371030c68cf0a46e
2018-02-11 08:22:19 +00:00
Greg Kaiser
4a35ef0a53 cryptfs: Make decrypted key buffers large enough
Looking at the EVP_DecryptUpdate() documentation, we need a
buffer which isn't just the keysize, but also provides the
cipher block length minus one byte extra.  For EVP_aes_128_cbc(),
that block length is 16, but we use the maximum block length to
be safe for any future cipher change.

For two of our decrypted_master_key usages, the buffer was
already sufficiently sized.  But for one of our instances,
in cryptfs_enable_internal(), the buffer was previously
smaller than this.  So this CL represents a possible behavior
change if we were ever overrunning that buffer.

Bug: 73079191, 73176599
Test: Flashed an encrypted sailfish and it booted.

Change-Id: Ic5043340910dc7d625e6e5baedbca5bd4b2bfb03
2018-02-09 17:21:33 -08:00
Greg Kaiser
1452b27d4e cryptfs: Don't hardcode ascii buffer size
We're removing hardcoded buffer sizes in anticipation of allowing
different keysizes.  In this case, our buffer was sufficiently
large for all current cases.  But if we ever changed the
crypt_mnt_ftr struct to allow larger keys, this code will adjust
with the change.

Bug: 73079191
Test: Flashed an encrypted sailfish and it booted.
Change-Id: I261e729a77b351e287fbb55327564fe512a23d47
2018-02-09 16:11:38 -08:00
Greg Kaiser
f45a70c416 cryptfs: Don't hardcode ikey buffer size
We were hardcoding the size of the ikey buffer, but then had logic
which used KEY_LEN_BYTES and IV_LEN_BYTES to offset into the array
and describe the length of its contents.

In anticipation of allowing the keysize to be set via a property,
instead of at compile time, we change this code to make the relation
between the keysize and the buffer size explicit.

Bug: 73079191
Test: Flashed an encrypted sailfish and it booted.
Change-Id: I109a5dc812662220e53163bfb4b5e51bf5abf185
2018-02-09 15:01:13 -08:00
Greg Kaiser
b610e77fd2 cryptfs: Fix format string
Test: None
Change-Id: Id16acb4ed5e89e759b69ec2d2f2db54cc54f1959
2018-02-09 14:02:28 -08:00
Greg Kaiser
026072f81b cryptfs: Remove unused variable
We'll be allowing modifyable key sizes in the near future,
and want to remove this variable to reduce confusion with this
change.

Bug: 73079191
Test: None
Change-Id: I7047bb375553d8c46ff0724add697a5105ebc68c
2018-02-09 14:02:28 -08:00
Shawn Willden
3e02df8d3c Prevent spurious call to keymaster abort().
During the analysis of b/72953784 it was noticed that vold was calling
keymaster abort() and failing, though vold was succeeding with its
keymaster operation.  This had nothing to do with the bug, but the
presence of the error appeared to implicate keymaster, and it's bad
form in any case.  This CL correctly clears the mDevice member during
a move, so the destructor will not attempt to call abort.

Test: Build & boot
Bug: 72953784
Change-Id: Ib0700f829e87f19b089396087085585ddd6b96a5
2018-02-07 15:07:04 -07:00
android-build-team Robot
1a6491a047 Snap for 4585119 from 0fd2626fc3 to pi-release
Change-Id: I30f48b47e54a2ee02fd3e2a1adab9ed3ff96c189
2018-02-05 08:20:26 +00:00
Paul Crowley
0fd2626fc3 Add a mount with metadata encryption service
Don't use the FDE flow to support metadata encryption; just provide a
vold service which directly mounts the volume and use that.

Bug: 63927601
Test: Boot Taimen to SUW with and without metadata encryption.
Change-Id: Ifc6a012c02c0ea66893020ed1d0da4cba6914aed
2018-02-01 10:08:17 -08:00
Paul Crowley
772cc85d71 Refactor logging in EncryptInplace.cpp
Done as part of work towards metadata encryption.

Bug: 63927601
Test: Boot Taimen to SUW

Change-Id: I0f5fda0e002944ab658756c7cfcb386c3658a446
2018-02-01 09:53:27 -08:00
gitbuildkicker
c893a54a40 merge in pi-release history after reset to master 2018-01-29 14:55:13 -08:00
gitbuildkicker
3ff1b92c6b merge in pi-release history after reset to master 2018-01-29 11:59:01 -08:00
android-build-team Robot
a22601f266 Snap for 4571561 from 353518194e to pi-release
Change-Id: I1d2503cb28183b042e6b46fccc51038246fb513a
2018-01-28 08:27:54 +00:00
Shawn Willden
353518194e Support Keymaster4
This CL changes vold from using a KM3 device directly to using the KM4
support wrapper from the KM4 support library, which supports both KM3
and KM4 devices (KM0, 1 and 2 devices are still supported as well,
because the default KM3 device is a wrapper that uses them).

In addition, I found myself getting confused about which "Keymaster"
types were locally-defined vold keymaster types and which were from
the KM4 HAL and support library, so I changd the approach to
referencing the latter, so all of them are qualified with the "km::"
namespace reference.

Test: Build & boot
Change-Id: I08ed5425641e7496f8597d5716cb3cd0cbd33a7f
2018-01-25 20:14:42 -07:00
Shawn Willden
785365b2f7 Clang-format Keymaster.{cpp|h} and KeyStorage.{cpp|h}
Test: Build & boot
Change-Id: I92bb107409f493770028cf6fd637d34af7644262
2018-01-25 20:09:46 -07:00
android-build-team Robot
0a15974b7b Snap for 4565898 from 71cd43f434 to pi-release
Change-Id: Iaeedc50d213b30d57c952a81fb2bcf10fdc325ac
2018-01-25 09:05:28 +00:00
Andreas Huber
71cd43f434 Fingerprint data is now stored in one of two ways depending on the
shipping API version:

For devices shipped before Android P nothing changes, data
is stored under /data/system/users/<user-id>/fpdata/...

Devices shipped from now on will instead store
fingerprint data under /data/vendor_de/<user-id>/fpdata.

Support for /data/vendor_de and /data/vendor_ce has been added to vold.

Bug: 36997597
Change-Id: I615e90d1c9ab08e768a8713968fa043598a0a526
Test: manually
2018-01-23 14:34:55 -08:00
gitbuildkicker
64f1f1b401 merge in pi-release history after reset to master 2018-01-23 14:20:33 -08:00
gitbuildkicker
7fcdb625a8 merge in pi-release history after reset to master 2018-01-23 12:15:13 -08:00