tequilaOS/platform_system_vold
2
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity
5143 commits 1 branch 0 tags 9.7 MiB
Commit graph

5143 commits

This branch
This branch
All branches
Author SHA1 Message Date
Paul Crowley
b0519d0d1e [automerger skipped] Merge "Revert^2 "Detect factory reset and deleteAllKeys"" into sc-dev am: 1566a5bf00 -s ours am: 068fbe2ea9 -s ours am: 82daf3dcad -s ours 
am skip reason: skipped by user paulcrowley

Original change: https://googleplex-android-review.googlesource.com/c/platform/system/vold/+/15547746

Change-Id: I3fae550d5a025f92cccf1c3761c7f57d4db62b92
 2021-08-13 21:33:58 +00:00
Paul Crowley
74547c3e55 [automerger skipped] Merge "Revert^2 "Detect factory reset and deleteAllKeys"" into sc-dev am: 1566a5bf00 am: eae11551bd -s ours am: 23ba1a1b0d -s ours 
am skip reason: skipped by user paulcrowley

Original change: https://googleplex-android-review.googlesource.com/c/platform/system/vold/+/15547746

Change-Id: Ie2385b765cce35fd39b6d48f499fa444d2eb1855
 2021-08-13 21:33:41 +00:00
Shawn Willden
d3c5dcbfc3 [automerger skipped] Merge "Revert "Detect factory reset and deleteAllKeys"" into sc-dev am: 90c818d9ee -s ours am: e4190a395a -s ours am: 22922e708e -s ours 
am skip reason: Merged-In I9c5c547140e8b1bbffb9c1d215f75251f0f1354e with SHA-1 1e6a5f5106 is already in history. Merged-In was found from reverted change.

Original change: https://googleplex-android-review.googlesource.com/c/platform/system/vold/+/15536478

Change-Id: Ia1c0995c739da147be4cf1951146d5d4a9ca097c
 2021-08-13 21:30:23 +00:00
Paul Crowley
82daf3dcad [automerger skipped] Merge "Revert^2 "Detect factory reset and deleteAllKeys"" into sc-dev am: 1566a5bf00 -s ours am: 068fbe2ea9 -s ours 
am skip reason: skipped by user paulcrowley

Original change: https://googleplex-android-review.googlesource.com/c/platform/system/vold/+/15547746

Change-Id: I04b3bfa639a8838f17ddb0cc642cb78c1baf186f
 2021-08-13 21:30:12 +00:00
Paul Crowley
23ba1a1b0d [automerger skipped] Merge "Revert^2 "Detect factory reset and deleteAllKeys"" into sc-dev am: 1566a5bf00 am: eae11551bd -s ours 
am skip reason: skipped by user paulcrowley

Original change: https://googleplex-android-review.googlesource.com/c/platform/system/vold/+/15547746

Change-Id: I941ac01cb256a82ab9222f2bc66484713911aa9c
 2021-08-13 21:29:58 +00:00
Shawn Willden
215eb9f302 [automerger skipped] Merge "Revert "Detect factory reset and deleteAllKeys"" into sc-dev am: 90c818d9ee am: fb0d651988 -s ours am: 95b5da6fd4 -s ours 
am skip reason: Merged-In I9c5c547140e8b1bbffb9c1d215f75251f0f1354e with SHA-1 1e6a5f5106 is already in history. Merged-In was found from reverted change.

Original change: https://googleplex-android-review.googlesource.com/c/platform/system/vold/+/15536478

Change-Id: I4323b20355333d2edf7652b356bf25cc0d366b91
 2021-08-13 21:28:07 +00:00
Paul Crowley
068fbe2ea9 [automerger skipped] Merge "Revert^2 "Detect factory reset and deleteAllKeys"" into sc-dev am: 1566a5bf00 -s ours 
am skip reason: skipped by user paulcrowley

Original change: https://googleplex-android-review.googlesource.com/c/platform/system/vold/+/15547746

Change-Id: Ib9daf1c3d27f913c99eddf09c29a45a9387fbca9
 2021-08-13 13:50:16 +00:00
Paul Crowley
466e30dffe Merge "Revert^2 "Detect factory reset and deleteAllKeys"" into sc-dev am: 1566a5bf00 am: eae11551bd 
Original change: https://googleplex-android-review.googlesource.com/c/platform/system/vold/+/15547746

Change-Id: I5a25f5527538b36dc376bc1a56170411705e7afa
 2021-08-13 03:01:43 +00:00
Paul Crowley
eae11551bd Merge "Revert^2 "Detect factory reset and deleteAllKeys"" into sc-dev am: 1566a5bf00 
Original change: https://googleplex-android-review.googlesource.com/c/platform/system/vold/+/15547746

Change-Id: I89bdf3d65c2461f882d39089e64961537888955b
 2021-08-13 02:46:44 +00:00
Paul Crowley
1566a5bf00 Merge "Revert^2 "Detect factory reset and deleteAllKeys"" into sc-dev 2021-08-13 02:33:43 +00:00
Paul Crowley
d31f36d334 Revert^2 "Detect factory reset and deleteAllKeys" 
Revert submission 15536724-revert-15521094-vold-deleteAllKeys-GDJSMLXRVZ

Reason for revert: Underlying KM problem fixed
Reverted Changes:
I8e2621bef:Revert "Detect factory reset and deleteAllKeys"
I546b980bb:Revert "Add deleteAllKeys to IKeystoreMaintenance"...
I1ed68dd9e:Revert "Allow vold to deleteAllKeys in Keystore"

Bug: 187105270
Test: booted Cuttlefish twice
Merged-In: 1e6a5f5106
Change-Id: Id641444b4ebba951aa8c5474ed60844cfaae1e20
 2021-08-13 01:44:46 +00:00
Shawn Willden
22922e708e [automerger skipped] Merge "Revert "Detect factory reset and deleteAllKeys"" into sc-dev am: 90c818d9ee -s ours am: e4190a395a -s ours 
am skip reason: Merged-In I9c5c547140e8b1bbffb9c1d215f75251f0f1354e with SHA-1 1e6a5f5106 is already in history. Merged-In was found from reverted change.

Original change: https://googleplex-android-review.googlesource.com/c/platform/system/vold/+/15536478

Change-Id: If244cf6c5bb06335d07781d1e02e4c3d52fb319f
 2021-08-12 01:57:45 +00:00
Shawn Willden
95b5da6fd4 [automerger skipped] Merge "Revert "Detect factory reset and deleteAllKeys"" into sc-dev am: 90c818d9ee am: fb0d651988 -s ours 
am skip reason: Merged-In I9c5c547140e8b1bbffb9c1d215f75251f0f1354e with SHA-1 1e6a5f5106 is already in history. Merged-In was found from reverted change.

Reverted change: https://googleplex-android-review.googlesource.com/c/platform/system/vold/+/15517876

Original change: https://googleplex-android-review.googlesource.com/c/platform/system/vold/+/15536478

Change-Id: I2a63cf3373bf1e02062429dff5695b4e50083ecd
 2021-08-12 01:57:08 +00:00
Shawn Willden
426ec8ad34 Merge "Revert "Detect factory reset and deleteAllKeys"" into sc-dev am: 90c818d9ee am: fb0d651988 
Original change: https://googleplex-android-review.googlesource.com/c/platform/system/vold/+/15536478

Change-Id: Ib8b347507793c00f6f2c585c7cadf4bdbdb0961c
 2021-08-12 01:57:03 +00:00
Shawn Willden
fb0d651988 Merge "Revert "Detect factory reset and deleteAllKeys"" into sc-dev am: 90c818d9ee 
Original change: https://googleplex-android-review.googlesource.com/c/platform/system/vold/+/15536478

Change-Id: Ie0847281b708c9eb06d54a7078fd6476e65a4099
 2021-08-12 01:33:01 +00:00
Shawn Willden
e4190a395a [automerger skipped] Merge "Revert "Detect factory reset and deleteAllKeys"" into sc-dev am: 90c818d9ee -s ours 
am skip reason: Merged-In I9c5c547140e8b1bbffb9c1d215f75251f0f1354e with SHA-1 1e6a5f5106 is already in history. Merged-In was found from reverted change.

Reverted change: https://googleplex-android-review.googlesource.com/c/platform/system/vold/+/15517876

Original change: https://googleplex-android-review.googlesource.com/c/platform/system/vold/+/15536478

Change-Id: I78039d08a9bc7d9a2d285744e6d64f4af6ac851a
 2021-08-12 01:31:31 +00:00
Shawn Willden
90c818d9ee Merge "Revert "Detect factory reset and deleteAllKeys"" into sc-dev 2021-08-12 01:17:13 +00:00
Shawn Willden
2bab97c368 Revert "Detect factory reset and deleteAllKeys" 
Revert "Add deleteAllKeys to IKeystoreMaintenance"

Revert "Enable deleteAllKeys from vold"

Revert "Allow vold to deleteAllKeys in Keystore"

Revert submission 15521094-vold-deleteAllKeys

Reason for revert: Causes infinite loop in Trusty KeyMint
Reverted Changes:
I9c5c54714:Detect factory reset and deleteAllKeys
I2fb0e94db:Allow vold to deleteAllKeys in Keystore
Id23f25c69:Add deleteAllKeys to IKeystoreMaintenance
Ife779307d:Enable deleteAllKeys from vold
I4312b9a11:Enable deleteAllKeys from vold

Bug: 187105270
Change-Id: I8e2621bef234d0a59be422b8d1d8d52a91378a5e
 2021-08-12 01:07:00 +00:00
TreeHugger Robot
e4abb07a18 Merge "Add ROLLBACK_RESISTANCE tag to key usage" into sc-dev am: 8f19fd90e3 am: 7c5c6d8b43 am: 7d81779ba3 
Original change: https://googleplex-android-review.googlesource.com/c/platform/system/vold/+/15534270

Change-Id: I053fd8861caff0aa3ad5bdd81624ee154dff2f76
 2021-08-11 23:49:37 +00:00
TreeHugger Robot
22330cef3f Merge "Add ROLLBACK_RESISTANCE tag to key usage" into sc-dev am: 8f19fd90e3 am: 7c5c6d8b43 am: a2a6fc14d2 
Original change: https://googleplex-android-review.googlesource.com/c/platform/system/vold/+/15534270

Change-Id: I48429274782ccb9597b9393ff3090ab7025f8a01
 2021-08-11 23:47:42 +00:00
TreeHugger Robot
4fc0a89b5a Merge "Add ROLLBACK_RESISTANCE tag to key usage" into sc-dev am: 8f19fd90e3 am: d7b96bc64f am: f7f01defb4 
Original change: https://googleplex-android-review.googlesource.com/c/platform/system/vold/+/15534270

Change-Id: I591c8c4a269688196f3b35f3f9590b5194fbdbf0
 2021-08-11 23:47:38 +00:00
TreeHugger Robot
a2a6fc14d2 Merge "Add ROLLBACK_RESISTANCE tag to key usage" into sc-dev am: 8f19fd90e3 am: 7c5c6d8b43 
Original change: https://googleplex-android-review.googlesource.com/c/platform/system/vold/+/15534270

Change-Id: I6ee2548ce8f7c854adc941b141c81dc3ed4ae652
 2021-08-11 23:33:15 +00:00
TreeHugger Robot
7d81779ba3 Merge "Add ROLLBACK_RESISTANCE tag to key usage" into sc-dev am: 8f19fd90e3 am: 7c5c6d8b43 
Original change: https://googleplex-android-review.googlesource.com/c/platform/system/vold/+/15534270

Change-Id: I712e82980a8f5383aa17f43066923dc29dfd8210
 2021-08-11 23:33:15 +00:00
TreeHugger Robot
f7f01defb4 Merge "Add ROLLBACK_RESISTANCE tag to key usage" into sc-dev am: 8f19fd90e3 am: d7b96bc64f 
Original change: https://googleplex-android-review.googlesource.com/c/platform/system/vold/+/15534270

Change-Id: I5bd4e1cf55d6000fe8e0e06cc1ad7f54d9032761
 2021-08-11 23:32:53 +00:00
TreeHugger Robot
7c5c6d8b43 Merge "Add ROLLBACK_RESISTANCE tag to key usage" into sc-dev am: 8f19fd90e3 
Original change: https://googleplex-android-review.googlesource.com/c/platform/system/vold/+/15534270

Change-Id: I91b9f7520cd4b039ff43f728c6eef6357efeed65
 2021-08-11 23:18:07 +00:00
TreeHugger Robot
d7b96bc64f Merge "Add ROLLBACK_RESISTANCE tag to key usage" into sc-dev am: 8f19fd90e3 
Original change: https://googleplex-android-review.googlesource.com/c/platform/system/vold/+/15534270

Change-Id: Ieaa3ce08c20df998a8141c77a7f771e40e1c6d0a
 2021-08-11 23:16:01 +00:00
TreeHugger Robot
8f19fd90e3 Merge "Add ROLLBACK_RESISTANCE tag to key usage" into sc-dev 2021-08-11 22:59:40 +00:00
Automerger Merge Worker
091b29d796 Merge "[automerger skipped] Detect factory reset and deleteAllKeys am: 0f74bd4811 am: e00101c162 -s ours am: f54a94de16 -s ours" into sc-v2-dev-plus-aosp 2021-08-11 22:31:06 +00:00
Paul Crowley
1371b057d7 [automerger skipped] Detect factory reset and deleteAllKeys am: 0f74bd4811 am: e00101c162 -s ours am: f54a94de16 -s ours 
am skip reason: Merged-In I9c5c547140e8b1bbffb9c1d215f75251f0f1354e with SHA-1 0f74bd4811 is already in history

Original change: https://googleplex-android-review.googlesource.com/c/platform/system/vold/+/15517876

Change-Id: Ic88a0c3a362cc246aff5935cc07ac8849bb8ced1
 2021-08-11 22:30:59 +00:00
Paul Crowley
3a1ebafbc2 [automerger skipped] Detect factory reset and deleteAllKeys am: 0f74bd4811 am: e00101c162 am: 62b8b5c7a5 -s ours 
am skip reason: Merged-In I9c5c547140e8b1bbffb9c1d215f75251f0f1354e with SHA-1 1e6a5f5106 is already in history

Original change: https://googleplex-android-review.googlesource.com/c/platform/system/vold/+/15517876

Change-Id: I2ff7002e03c294dd036d524d83f7d63b7728748f
 2021-08-11 22:30:57 +00:00
Paul Crowley
56dd59424c [automerger skipped] Detect factory reset and deleteAllKeys am: 0f74bd4811 -s ours am: 2160b23d14 -s ours am: 94a55ae9c0 -s ours 
am skip reason: Merged-In I9c5c547140e8b1bbffb9c1d215f75251f0f1354e with SHA-1 1e6a5f5106 is already in history

Original change: https://googleplex-android-review.googlesource.com/c/platform/system/vold/+/15517876

Change-Id: Id10d467a12d7948a7421de7f45262f4dcfb91804
 2021-08-11 22:30:39 +00:00
Paul Crowley
62b8b5c7a5 Detect factory reset and deleteAllKeys am: 0f74bd4811 am: e00101c162 
Original change: https://googleplex-android-review.googlesource.com/c/platform/system/vold/+/15517876

Change-Id: I69599c6df94b66215fafe025bd6f8373ac44fbf7
 2021-08-11 22:16:58 +00:00
Paul Crowley
f54a94de16 [automerger skipped] Detect factory reset and deleteAllKeys am: 0f74bd4811 am: e00101c162 -s ours 
am skip reason: Merged-In I9c5c547140e8b1bbffb9c1d215f75251f0f1354e with SHA-1 0f74bd4811 is already in history

Original change: https://googleplex-android-review.googlesource.com/c/platform/system/vold/+/15517876

Change-Id: Ic2859085d504d98c16620f279ee4f820d0728248
 2021-08-11 22:16:44 +00:00
Paul Crowley
94a55ae9c0 [automerger skipped] Detect factory reset and deleteAllKeys am: 0f74bd4811 -s ours am: 2160b23d14 -s ours 
am skip reason: Merged-In I9c5c547140e8b1bbffb9c1d215f75251f0f1354e with SHA-1 1e6a5f5106 is already in history

Original change: https://googleplex-android-review.googlesource.com/c/platform/system/vold/+/15517876

Change-Id: Id349576b4c4bdb2c98961d45f24c21cdfac812f8
 2021-08-11 22:16:01 +00:00
Paul Crowley
e00101c162 Detect factory reset and deleteAllKeys am: 0f74bd4811 
Original change: https://googleplex-android-review.googlesource.com/c/platform/system/vold/+/15517876

Change-Id: I3ac68496357b62e0887b41780299166d01d8fe29
 2021-08-11 22:01:51 +00:00
Paul Crowley
2160b23d14 [automerger skipped] Detect factory reset and deleteAllKeys am: 0f74bd4811 -s ours 
am skip reason: Merged-In I9c5c547140e8b1bbffb9c1d215f75251f0f1354e with SHA-1 1e6a5f5106 is already in history

Original change: https://googleplex-android-review.googlesource.com/c/platform/system/vold/+/15517876

Change-Id: Idcba5a41ce50b3c043a8b80b74d90de0aef50f18
 2021-08-11 22:00:38 +00:00
[6;7~
2601eb7f8c Add ROLLBACK_RESISTANCE tag to key usage 
If KM is upgraded from a version that does not support rollback
resistance to one that does, we really want our upgraded keys to
include rollback resistance. By passing this tag in when we use the
keys, we ensure that the tag is passed into the upgradeKey request
whenever it is made, which some KM implementations can use to add
rollback resistance to our keys.

Bug: 187105270
Ignore-AOSP-First: no merge path to this branch from AOSP.
Test: Manual
Change-Id: I6154fe26a10b60cd686cc60dbc2e0a85c152f43b
 2021-08-11 14:22:41 -07:00
Paul Crowley
96ffa27dae Merge "Detect factory reset and deleteAllKeys" am: 407b2c2386 am: 85961f7a9c am: c248576dad am: 96b31a40b7 
Original change: https://android-review.googlesource.com/c/platform/system/vold/+/1789528

Change-Id: Ic83dd67c537d6c0aeedf42f2ff9d711b274a7047
 2021-08-11 18:39:27 +00:00
Paul Crowley
96b31a40b7 Merge "Detect factory reset and deleteAllKeys" am: 407b2c2386 am: 85961f7a9c am: c248576dad 
Original change: https://android-review.googlesource.com/c/platform/system/vold/+/1789528

Change-Id: I85671247354c4bbfb5b8d35cac3780331ac0bcf1
 2021-08-11 18:28:39 +00:00
Paul Crowley
c248576dad Merge "Detect factory reset and deleteAllKeys" am: 407b2c2386 am: 85961f7a9c 
Original change: https://android-review.googlesource.com/c/platform/system/vold/+/1789528

Change-Id: I7608e0cccc2c145f722e0fa85b922af9b1d2d8d6
 2021-08-11 18:13:25 +00:00
Paul Crowley
85961f7a9c Merge "Detect factory reset and deleteAllKeys" am: 407b2c2386 
Original change: https://android-review.googlesource.com/c/platform/system/vold/+/1789528

Change-Id: Ibc05df1c5ceede35fdca6d1e6a5abd67e70519f5
 2021-08-11 17:52:00 +00:00
Paul Crowley
0f74bd4811 Detect factory reset and deleteAllKeys 
Where metadata encryption is enabled, if there is no metadata encryption
key present and we are generating one anew, then there has been a
factory reset, and this is the first key to be generated. We then call
deleteAllKeys to ensure data from before the factory reset is securely
deleted.

This shouldn't really be necessary; the factory reset call itself
should be doing this. However there are currently three factory reset
paths (settings, recovery, fastboot -w) and it is not clear that all
three are doing this correctly on all devices. Obviously an attacker
can prevent this code from being run by running a version of the OS
that does not include this change; however, if the bootloader is
locked, then keys will be version bound such that they will only work
on locked devices with a sufficiently recent version of the OS. If
every sufficiently recent signed version of the OS includes this change
the attack is defeated.

Bug: 187105270
Test: booted Cuttlefish twice, checked logs
Ignore-AOSP-First: no merge path to this branch from AOSP.
Merged-In: I9c5c547140e8b1bbffb9c1d215f75251f0f1354e
Change-Id: I9c5c547140e8b1bbffb9c1d215f75251f0f1354e
 2021-08-11 10:43:58 -07:00
Paul Crowley
407b2c2386 Merge "Detect factory reset and deleteAllKeys" 2021-08-11 17:39:55 +00:00
Paul Crowley
1e6a5f5106 Detect factory reset and deleteAllKeys 
Where metadata encryption is enabled, if there is no metadata encryption
key present and we are generating one anew, then there has been a
factory reset, and this is the first key to be generated. We then call
deleteAllKeys to ensure data from before the factory reset is securely
deleted.

This shouldn't really be necessary; the factory reset call itself
should be doing this. However there are currently three factory reset
paths (settings, recovery, fastboot -w) and it is not clear that all
three are doing this correctly on all devices. Obviously an attacker
can prevent this code from being run by running a version of the OS
that does not include this change; however, if the bootloader is
locked, then keys will be version bound such that they will only work
on locked devices with a sufficiently recent version of the OS. If
every sufficiently recent signed version of the OS includes this change
the attack is defeated.

Bug: 187105270
Test: booted Cuttlefish twice, checked logs
Change-Id: I9c5c547140e8b1bbffb9c1d215f75251f0f1354e
 2021-08-11 10:29:59 -07:00
Treehugger Robot
474207368d Merge "Remove ndk_platform backend. Use the ndk backend." am: 85705f6c86 am: e66b2b4015 am: ff366fab5f 
Original change: https://android-review.googlesource.com/c/platform/system/vold/+/1778413

Change-Id: I07e599990842db87582c57f98dabaed556227cc9
 2021-07-28 13:00:50 +00:00
Treehugger Robot
ff366fab5f Merge "Remove ndk_platform backend. Use the ndk backend." am: 85705f6c86 am: e66b2b4015 
Original change: https://android-review.googlesource.com/c/platform/system/vold/+/1778413

Change-Id: I3bf1a2b23581bb543ec1496bb60f5d8052076fce
 2021-07-28 12:49:02 +00:00
Treehugger Robot
e66b2b4015 Merge "Remove ndk_platform backend. Use the ndk backend." am: 85705f6c86 
Original change: https://android-review.googlesource.com/c/platform/system/vold/+/1778413

Change-Id: Ic80a30be678fd7427ee7239f8cdb758dfd483940
 2021-07-28 12:35:52 +00:00
Treehugger Robot
85705f6c86 Merge "Remove ndk_platform backend. Use the ndk backend." 2021-07-28 12:26:13 +00:00
Nikita Ioffe
5f7169f837 Merge "Remove vold logs related to block devices" am: cbf82ffa29 am: 9bf8553f8d am: 78c9cba6a5 
Original change: https://android-review.googlesource.com/c/platform/system/vold/+/1779986

Change-Id: Icb801043c40ade324bbc7bcd78b31992d1e2bcda
 2021-07-28 11:38:48 +00:00
Nikita Ioffe
78c9cba6a5 Merge "Remove vold logs related to block devices" am: cbf82ffa29 am: 9bf8553f8d 
Original change: https://android-review.googlesource.com/c/platform/system/vold/+/1779986

Change-Id: I0f5f606384ccebf21e618617a2dd7e12cc4db7b6
 2021-07-28 11:26:30 +00:00