It's essential that files created by vold get the correct SELinux
labels, so make sure to check for errors when setting them.
ENOENT (no label defined) is expected on some files such as
/mnt/appfuse/*, so allow ENOENT but log a DEBUG message.
This will help debug b/269567270. This is not a fix for b/269567270.
Bug: 269567270
Test: Created user and checked SELinux labels of user's directories
Test: atest CtsBlobStoreHostTestCases
Change-Id: Ife005bdd896952653943c57336deb33456f7c5d8
It's essential that files created by vold get the correct SELinux
labels, so make sure to check for errors when setting them.
This will help debug b/269567270. This is not a fix for b/269567270.
Bug: 269567270
Test: Created user and checked SELinux labels of user's directories
Change-Id: I99e4d530a00f9401532c9cb0990df254b7a12a80
This reverts commit 564f6c649a.
Reason for revert: Un-backporting.
Note: This is not a direct revert. We should keep the minor refactoring
in PublicVolume.cpp; no point making the code worse.
Test: Revert.
Change-Id: Ic03ed25ad15a2da974921542a20cd27224347f68
This CR, when paired with a functional NTFS implementation and the
corresponding SEPolicy updates, will allow NTFS USB drives to be mounted
on Android.
Bug: 254407246
Test: Extensive testing with an ADT-4 and NTFS USB drives.
Merged-In: If4197c4c588866c611cd6ba3483707d3cb0e0cf8
Change-Id: If4197c4c588866c611cd6ba3483707d3cb0e0cf8
Make vold log warnings and errors to the kernel log until both
init_user0 has run and /data is mounted. Previously it only logged
errors, and not warnings, to the kernel log until /data is mounted.
This is helpful to diagnose failures of init_user0, since adb still
isn't started by that point.
Also, error messages can be misleading without seeing related warning
messages, e.g. the following which is expected on many devices:
E vold : keystore2 Keystore generateKey returned service specific error: -67
W vold : Failed to generate rollback-resistant key. This is
expected if keystore doesn't support rollback
resistance. Falling back to non-rollback-resistant key.
Therefore, increase the log level to WARNING and above.
Test: Intentionally broke fscrypt_init_user0(), then verified that the
error and warning messages appear in the kernel log on Cuttlefish.
Bug: 205314634
Bug: 222540970
Change-Id: Ia751f7c88cbf28caf81e891a518953cc0cee911e
metadata_key_dir controls whether metadata encryption is enabled, not
metadata_encryption which is just the encryption options and can be
empty if the default options are sufficient.
Bug: 198405417
Fixes: 156d9d2293 ("Pre-create userdata metadata encryption device.")
Change-Id: I98ee253c7e5e738ee087ec07ed60f4a376ca7cee
This is needed to debug vold mounting errors before adb is up. It also
helps diagnose failures on devices that store dmesg persistently.
Tested by adding an error log with serial attached.
Bug: 205314634
Test: manual test
Change-Id: Ia095340c562e3f1f94bc44c5d13ad466a7a35345
CreateDevice() implicitly calls WaitForDevice(), which can impact boot
time if there are many uevents waiting to be processed. To alleviate
this, create an empty "userdata" device when vold starts (if metada
encryption is enabled). When it comes time to actually enable metadata
encryption, the device can be re-used and the subsequent Wait should be
much faster.
Bug: 198405417
Test: manual test; device boots
Change-Id: Iaacd10858272f17353475e25075ea1dda13f8fc4
fs_mgr supports 'nofail' flag, which is used if we do not want to
error-out incase the mounting/setup fails for a partition tagged with
nofail flag in fstab.
Recently added code in vold misses this handling, i.e. it aborts even
for a nofail partition upon encountering an expected failure.
Test: Add a non-existing logical partition fstab entry with 'nofail'
flag. Init's first stage mount acks this and doesn't crash.
Vold aborts (as it doesn't handle it), and device doesn't boot.
With this change, device boots up.
Change-Id: I2b1904a9c648c31bcc05b2e7e77480db236ff66e
This patch fixes missing entry in the below commit.
Fixes: c52f6724ed ("vold: clean up configuration set")
Signed-off-by: Jaegeuk Kim <jaegeuk@google.com>
Change-Id: Ia39a427d4747b29a7af42633f34daab63204bbf9
This patch introduces a structure to manipulate many configuration flags.
Signed-off-by: Jaegeuk Kim <jaegeuk@google.com>
Change-Id: Ib15d2b6e251741160d2febe695132a37f9dde23c
Move most of it into cryptfs.cpp, and include cryptfs.h in fewer files.
Bug: 147814592
Test: Treehugger
Change-Id: Ia3592d73e7abc1f07a60538e0978a3033bdea7de
getopt_long() assumes an all-zeroes 'struct option' at the end of the
array. Add it.
Fortunately this isn't causing problems in practice because vold is
always passed valid command line options...
Test: Running 'vold --foo' no longer segfaults.
Change-Id: I2cd3af501cc1aa11327a8062ec492be1d23defdf
When running a live GSI, userdata is a logical partition. If we don't
fix up the fstab we'll derive the underlying block device instead of
the device-mapper node for userdat_gsi, resulting in a corrupt data
partition for both images.
Bug: 123906417
Test: manual test
Change-Id: Ic0101f30504de26e725442da2da3888008c31b63
- Also update vold to create sandboxes for secondary storage devices.
- Since bind mounts are created in the process specific namespaces, we
don't need /mnt/storage anymore which we were using it to prevent
some bind mounts from propagating onto /mnt/runtime/write.
- Create bind mounts for {media,obb} dirs similar to data dir in
per process namespace.
- Also fix a bug where we are not passing correct packages to vold when
a new user starts.
Bug: 111890351
Test: manual
Change-Id: I7849efc4fbf3c654606fa30de7ab2de0236d766f
This will allow adding lots of verbose logs which can be enabled
only during local testing/debugging. Update the existing verbose
level logs to debug level since we want those to be logged by
default.
Test: manual
Change-Id: Ib05e2b6efa71308458d49affb6ed81d3975b28ab
Don't use the FDE flow to support metadata encryption; just provide a
vold service which directly mounts the volume and use that.
Bug: 63927601
Test: Boot Taimen to SUW with and without metadata encryption.
Change-Id: Ifc6a012c02c0ea66893020ed1d0da4cba6914aed
This is how we tell CTS if the device has reserved blocks set aside
for system critical services.
Test: builds, boots
Bug: 62024591
Change-Id: I7c8ec2294b246eed54668b5717df00e72f13887a
Make the main thread do something useful instead of sitting around
twiddling its thumbs.
Test: builds, boots
Bug: 67041047
Change-Id: I88f7f4fe151ae2b81f80aa575530c12b56ba4d75
Moves away from crufty char* operations to std::string utility
methods, including android::base methods for splitting/parsing.
Rewrite of how Process handles scanning procfs for filesystem
references; now uses fts(3) for more sane traversal.
Replace sscanf() with new FindValue() method, also has unit tests.
Remove some unused methods. Switch almost everyone over to using
modern logging library.
Test: cts-tradefed run commandAndExit cts-dev -m CtsOsTestCases -t android.os.storage.cts.StorageManagerTest
Test: cts-tradefed run commandAndExit cts-dev --abi armeabi-v7a -m CtsAppSecurityHostTestCases -t android.appsecurity.cts.AdoptableHostTest
Bug: 67041047
Change-Id: I70dc512f21459d1e25b187f24289002b2c7bc7af
Instead of blindly looping across 4096 possible devices, use
readdir() to only look at valid devices. This speeds up destroyAll()
from 40ms to 0.7ms.
Add tracing information in several places.
Test: external/chromium-trace/systrace.py -b 128768 sched freq am pm ss core_services binder_driver -a system_server,installd,vold
Bug: 65634729, 65737446
Change-Id: If581de47fb55850c0fcd6e25bf33ed246e1b079d
This moves fstrim, obb and appfuse commands over to the new Binder
interface. This change also separates creating/destroying and
mounting/unmounting of OBB volumes, which means they finally flow
nicely into the modern VolumeInfo/VolumeBase design.
We now generate unique identifiers for all OBB volumes, instead of
using a shady MD5 hash.
Change all "loop" and "dm" devices to tag the kernel resources with
a vold-specific prefix so that we can clean them up if vold crashes;
there are new destroyAll() methods that handle this cleanup.
Move appfuse mounting/unmounting into VolumeManager so it can be
shared. Move various model objects into a separate directory to
tidy things up.
Test: cts-tradefed run commandAndExit cts-dev -m CtsOsTestCases -t android.os.storage.cts.StorageManagerTest
Bug: 13758960
Change-Id: I7294e32b3fb6efe07cb3b77bd20166e70b66958f
This change is the bare minimum needed to publish a new vold
Binder service and move the simple "reset" call over to go through
the new interface.
Test: builds, boots
Bug: 13758960
Change-Id: I5b70976653c69f92e1efc8d1f432b2038eb618a4
Otherwise we might end up creating ext4 partitions that the device
can't mount.
Bug: 63763609
Test: builds, boots
Exempt-From-Owner-Approval: Bug 63673347
Change-Id: I5f6cf73f23a55bc0dea9480523f19049313c3dd1
Also remove some unnecessary SELinux logic when creating image files
for loop devices.
Test: builds, boots, common operations work
Bug: 34903607
Change-Id: I68dfa022ecc39f56c175e786694e0de35b954ca0
The original default /fstab.{ro.hardware} might be moved to /vendor/etc/.
or /odm/etc/. Use the new API to get the default fstab instead of using
the hard-coded /fstab.{ro.hardware}.
Bug: 35811655
Test: boot marlin with /vendor/etc/fstab.marlin
Change-Id: I92d6aefe6ff3433b7d1a671358d990bb7b1f2150
coldboot is needed when device rebooted with USB device attched
so Vold netlink won't miss the information.
This CL added back coldboot and moved down so that it won't block
vold cl and ccl threads.
Bug: 36007238
Test: reboot marlin with flash drive attached and flash drive is recognized
Change-Id: Ie39f348e97a8500515e394e386541289a91b2425
coldboot is now taken care by ueventd, so removing the duplicate
logic to save boottime.
This CL also fixes a missing lock.
Bug: 33786699
Test: manual
Change-Id: I71270252f3153abc815d142b5da7a9cb85b94dac
By setting property after listeners are initialized
we avoid deadlock between vold and init where
vold is waiting on property_service while init is blocked
(and therefore is not able to accept connections) on vdc
which is attempting to communicate with vold.
(This also speeds up boot by 250ms)
Test: Boot a device, check locks and make sure there is no timeout
on property_set(.)
Test: Successfully boot a device with new property service protocol.
Bug: http://b/34278978
Change-Id: I9547d2f19cb35aa452bf01fbff0eb4b32a4824a4
Major rework and refactor of FBE code to load the keys at the right
time and in a natural way. The old code was aimed at our goals for M,
with patches on top, and didn't quite work.
Bug: 22358539
Change-Id: I9bf7a0a86ee3f2abf0edbd5966f93efac2474c2c
Add the serial parameter to prepare_user_storage to avoid
confusion when parsing parameters and passing them around.
Change-Id: Id5516c248401ad50585aa8f6e8b1545a6cded549
Refactor fstrim code to be encapsulated in unique task object, and
give it option of benchmarking when finished. Trimming now includes
both storage from fstab and adopted private volumes. Cleaner timing
stats are logged for each unique volume.
Add wakelock during ongoing async move tasks. Push disk sysfs path
to framework so it can parse any SD card registers as desired.
Bug: 21831325
Change-Id: I76577685f5cae4929c251ad314ffdaeb5eb1c8bf
When formatting volumes, pass along fsType string which can be "auto"
to let the volume select the best choice. For now, private volumes
assume that MMC devices (like SD cards) are best off using f2fs when
both kernel support and tools are present, otherwise fall back to
ext4. Use blkid when mounting to pick the right set of tools.
Move filesystem utility methods into namespaces and place in separate
directory to be more organized.
Bug: 20275581
Change-Id: Id5f82d8672dda2e9f68c35b075f28232b0b55ed4
In order to prevent this bug from happening, we must allow vold cryptfs
commands to complete while a long running mount is underway.
While waiting for vold to be changed to a binder interface, we will simply
create two listeners, one for cryptfs and one for everything else.
Bug: 19197175
Change-Id: If74142aa81abd58f718a9de6c9e387f6ea442754
