In this change, the logic to get the list of apexes is replaced with
the query to apexservice, which is the source of truth. This dedups
the manual scanning of /apex for the apex list, which should be
internal to apexd. (Note how vold_prepare_subdirs filtered out
directories with "@" character).
This also makes vold_prepare_subdirs immune to the upcoming changes:
/apex directory containing only bootstrap APEXes in the bootstrap NS.
Until now, getting the list of apexes by scanning /apex was okay
because of the accidental fact that /apex directory has directories
for all the apexes, not only bootstrap apexes.
Bug: 293949266
Bug: 293546778
Test: CtsPackageSettingHostTestCases
Change-Id: I3fe373ca6f4c2281439bb2449845a1a14357131e
It's essential that files created by vold get the correct SELinux
labels, so make sure to check for errors when setting them.
ENOENT (no label defined) is expected on some files such as
/mnt/appfuse/*, so allow ENOENT but log a DEBUG message.
This will help debug b/269567270. This is not a fix for b/269567270.
Bug: 269567270
Test: Created user and checked SELinux labels of user's directories
Test: atest CtsBlobStoreHostTestCases
Change-Id: Ife005bdd896952653943c57336deb33456f7c5d8
It's essential that files created by vold get the correct SELinux
labels, so make sure to check for errors when setting them.
This will help debug b/269567270. This is not a fix for b/269567270.
Bug: 269567270
Test: Created user and checked SELinux labels of user's directories
Change-Id: I99e4d530a00f9401532c9cb0990df254b7a12a80
Due to frameworks/base commit 5c65b1ee1023 ("Don't prepare CE storage on
user creation") (http://ag/20241697), removing a user immediately after
creating it causes the user's directories to be destroyed before CE
storage was prepared.
Functionally this works fine; however, it causes some error messages to
be spammed to the log because 'vold_prepare_subdirs destroy' doesn't
like that /data/misc_ce/$userId and /data/vendor_ce/$userId don't exist.
vold_prepare_subdirs logs two error messages itself, but it also exits
with a failure status, which bubbles up and causes a Slog.wtf with a
stack trace in StorageManagerService.
Fix this by making rmrf_contents() simply return true if the directory
doesn't exist.
Bug: 232452368
Test: 'pm create-user 10 && pm remove-user 10' and check logcat
Change-Id: I867a915f4b25e1a5f0603fbd84680b673ff5eb96
We want to store sdk data on the same volume as app data. Since sdk data
is stored in misc_ce and misc_de directory, we need to ensure they exist
on adopted storage mounted at /mnt/expand/<volume-uuid>.
This CL creates `/mnt/expand/<volume-uuid>/misc_{ce,de}` directories
when disk is mouted and then when user storage is prepared, the sdk root
directory is created.
By having these directories, we can now move the sdk data to other
volume when app data is moved.
Bug: b/222034645
Test: atest SdkSandboxStorageHostTest (see ag/17120883)
Ignore-AOSP-First: End to end test added which exists in internal branch
only. Will cherry-pick this CL to aosp standalone once it is safely
merged to internal branch.
Change-Id: I0e73d9ce105abec4b77c378cde58aa7365258f01
In order to store supplemental data for apps, we want to create a root
directory at location `/data/misc_ce/<user-id>/supplmental` and
`/data/misc_de/<user-id>supplemental`. These directories will then host
supplemental data for each app based on package name, e.g,
`/data/misc_ce/0/supplemental/<app-name>`.
Since these are sub-directories of misc directory, vold should prepare
them for consistency.
Bug: 217543371
Test: atest SupplementalProcessStorageHostTest
Test: see ag/16681989
Ignore-AOSP-First: Feature is being developed in internal branch
Change-Id: I66ef7a7241c9f82cecedaeb6c9a91f127668300a
http://aosp/1845900 creates the directory with the wrong permission
and context. And when we attempt to fix it in http://aosp/1860276, the
device would fail to boot if the device is already on the bad build.
As a temporarily fix, already delete that checkin directory in vold. And
we can revert the deletion when the droidfood daily polulation gets out
of the bad state.
Bug: 203742483
Test: Update from TP1A.211016.001 and make sure the boot doesn't fail
Change-Id: Iec74528c1fe0e5876acc601e5cd008f99852d269
Gmscore runs in cache group, so set the own:group of the checkin
directory to system:cache to align with other use cases. Because we
want proper user separation when accessing the dir, also provide
user id to set the correct selinux mls_level.
Bug: 197636740
Test: check selinux label, make sure checkin can access the directory.
Change-Id: Id47a2a30a2f37c204ef72a81ac2aebe4ee3a37b0
We need some storage on the device to backup the token for checkin
services. So users won't lose the checkin tokens when they clear
the app's storage. If the device accidentally loses the
token without backup, it won't be able to checkin again until
factory reset.
Because we want the token to be user specific, put it under misc_ce
and let vold create the sub-directory.
Bug: 197636740
Test: boot device, check selinux label of the dir
Change-Id: I0e19dcb7f4feb98fd9d1013cfd84b56ff1325373
We want various per-user directories to have their SELinux MLS level
set to restrict access from other users, as an improvement to user
isolation.
We extend vold_prepare_subdirs to implement this if a flag is
set. vold itself then sets the flag based on a new property,
ro.vold.level_from_user. This is to allow testing of further
incremental work to ensure system apps correctly handle the new
restriction on different devices rather than causing immediate
breakage. Eventually this will go away and the restriction will apply
everywhere.
Bug: 141677108
Test: Manual, with and without propery set.
Change-Id: I8e2207bd94b487bdcc09fd4d80b031027dfea1e3
This gives x permission to all on the parent apex data directory
so that the data directories can be accessed by modules.
Bug: 147848983
Test: Build & flash, check permissions are correct
Change-Id: I1bbf480cbf9f9e758353237e333317516ad375ee
The apex data directories must be accessed by apexd in order for it to
perform snapshot and restore as part of the rollback process. As apexd
runs as root, this CL changes the apex data directories under misc_[ce|de]
to be owned by root.
Bug: 141148175
Test: Build and flash; check permissions are set correctly.
Change-Id: Icf2059cc9448364f834eef7892914a99883746a1
This creates apexrollback directories under /data/misc_[de|ce]/<user>
which will hold snapshots of DE_n and CE_n apex data directories
(i.e. it will hold backups of data from /data/misc_[de|ce]/<user>/apexdata
for particular apexes).
See go/apex-data-directories for details.
Bug: 141148175
Test: Built and flashed, checked directory was created.
Change-Id: I468060b20dee0c50033b5f014ce8716582d5e6bc
This creates an apexdata directory under /data/misc_de/<user> and
/data/misc_ce/<user>, and also creates a directory under that for
every APEX that is installed.
See go/apex-data-directories.
APEXes are discovered by scanning the /apex directory. It may be better
to delegate this process to a library, but it is proposed to defer that
change to a future CL.
Bug: 141148175
Test: Built and flashed, checked directories were created.
Change-Id: I95a060b4f42241c91da25a779e61a8f85ca1914c
Backup system service bookkeeping is being moved to per-user CE
directories to support multiple users participating in the service.
Accompanies SELinux changes at aosp/873133
Bug: 121197420
Test: 1) Boot device; check dirs created with correct label; run backup
successfully on system user
2) Create secondary user; check dirs created with correct label; run
backup successfully
Change-Id: I3a0fdbfcf18a3c242fc64fba0dd014160b50b2f0
These directories are managed by installd and used to store
snapshots of application data directories in order to roll them
back in the case of bad updates.
Bug: 112431924
Test: make, device boot & manual verification.
Change-Id: Ieaca697a45d013937327e0f16f36b9b1eaad6b22
Bug: 116528212
This reverts commit 8973e2d5d0.
Reason for revert: Will submit after selinux issues are resolved
Change-Id: Ie2df91b33be70629e8c08fdbcc6e7ad0faea13a9
This reverts commit 9dcf54929f.
Reason for revert: Device fails to boot after OTA.
Bug: 116528212
Bug: 119747564
Change-Id: I32bfbc2c2fd560f090e078426315111f241e76cf
This reverts commit a70d237a05.
Reason for revert: Submitting together or after SELinux policy is in place
Change-Id: I952f94df99496ced04adba1ec28d42be53202982
LOG(DEBUG) tries to print a string pointed by secontext.get() but
crashed if it was nullptr.
Bug: 111888637
Test: "make -j50" and ran emulator
Change-Id: Iac78f650e7f48781030dc610f7d35cd52c250802
Merged-In: Iac78f650e7f48781030dc610f7d35cd52c250802
Signed-off-by: Roman Kiryanov <rkir@google.com>
LOG(DEBUG) tries to print a string pointed by secontext.get() but
crashed if it was nullptr.
Bug: 111888637
Test: "make -j50" and ran emulator
Change-Id: Iac78f650e7f48781030dc610f7d35cd52c250802
Signed-off-by: Roman Kiryanov <rkir@google.com>
shipping API version:
For devices shipped before Android P nothing changes, data
is stored under /data/system/users/<user-id>/fpdata/...
Devices shipped from now on will instead store
fingerprint data under /data/vendor_de/<user-id>/fpdata.
Support for /data/vendor_de and /data/vendor_ce has been added to vold.
Bug: 36997597
Change-Id: I615e90d1c9ab08e768a8713968fa043598a0a526
Test: manually
Minimize overhead in boot by replacing shell script invoked multiple
times with a C++ program invoked once.
Bug: 67901036
Test: create user, run adb shell ls -laZ /data/misc_ce/10; delete user
and check logs.
Change-Id: I886cfd6505cca1f5b5902f2071e13f48e612214d