Don't call IKeystoreMaintenance::earlyBootEnded() too early on FDE
devices, so that keystore2 doesn't have to be restarted.
Bug: 192090857
Test: Tested FDE on Cuttlefish, both first and non-first boots.
Verified via log that earlyBootEnded is now called only when it
should be, and that keystore2 no longer has to be restarted.
Change-Id: I03f816db194a8276ad19ca99b3c8894e8a5fed23
writepid command usage to join a cgroup has been deprecated in favor
of a more flexible approach using task_profiles. This way cgroup path
is not hardcoded and cgroup changes can be easily made. Replace
writepid with task_profiles command to migrate between cgroups.
Bug: 191283136
Test: build and boot
Signed-off-by: Suren Baghdasaryan <surenb@google.com>
Change-Id: I9e89fc0f3dc1b4e970cf3a5982ed7f177d2c392c
No longer needed now init listens for property changes on a
separate thread.
Bug: 186580823
Test: Cuttlefish boots successfully
Change-Id: I7dd1f85a73df6c2160ef8778703709e90309b9b4
I thought it was OK to use "using" in a header file so long as it was
inside a "namespace" block, but it just imports symbols from one
namespace into another, so things that shouldn't work do.
Test: Treehugger
Change-Id: I4d43d35339636af7e95761cada7120b4db638c01
Now that vold uses Keystore2 rather than the Keymaster HAL directly, and
also the new version of Keymaster is called "KeyMint" instead, replace
most of the references to Keymaster in vold with Keystore.
(I decided not to include the "2" in most places, as it seemed
unnecessarily precise in most places, and it would be something that
might need to keep being updated. Only Keystore.{cpp,h} really need to
care about the version number.)
I didn't rename many things in cryptfs.cpp, as that file will be going
away soon anyway. I also left "wait_for_keymaster" and "vdc keymaster
earlyBootEnded" as-is for now, as those are referenced outside vold.
Bug: 183669495
Change-Id: I92cd648fae09f8c9769f7cf34dbf6c6e956be4e8
Add more log messages to make it easier to understand failures in
wait_and_unmount().
Bug: 189250652
Change-Id: I621f54f30bb01cd52c4f9a74dba2d46b4d1a8a9d
* changes:
Don't export storeKey(), and update comments
Always use RenameKeyDir() when moving/renaming key directories
Make RenameKeyDir() use IsSameFile()
storeKey() is no longer used outside KeyStorage.cpp, so make it a static
function. Also fix the documentation for storeKey() (e.g. it's no
longer safe to directly move/rename directories created by storeKey() --
one must use RenameKeyDir() instead).
No functional changes.
[ebiggers@ - cleaned up slightly from satyat@'s original change]
Bug: 190398249
Change-Id: I85918359e77bef414dfddfe5ded30fcde6514013
Make fixate_user_ce_key() use RenameKeyDir() to rename key directories
so that any deferred commits for these directories are also updated
appropriately.
This fixes a potential lost Keymaster key upgrade if a key were to be
re-wrapped while a user data checkpoint is pending. This isn't a huge
issue as the key will just get upgraded again, but this should be fixed.
[ebiggers@ - cleaned up slightly from satyat@'s original change]
Bug: 190398249
Change-Id: Ic6c5b4468d07ab335368e3d373916145d096af01
Comparing paths is error-prone (e.g. "/foo/bar" vs "/foo//bar"), so
entries in key_dirs_to_commit are compared using inode and device
number. However RenameKeyDir() breaks this rule and compares raw paths.
Avoid this quirk by finding the entry in the list to replace before
doing the rename.
This doesn't fix any known problem, as vold is fairly consistent with
its paths in practice; this is just a robustness improvement.
Bug: 190398249
Change-Id: I3ce2c0119cb2012ac9d12849570e56600bc23867
ensure_subdirectory_unmounted() was ignoring the return value from
umount(), so it wasn't possible to tell whether it succeeded or failed.
Make it log an error message on failure.
Also, there might be cases where ensure_subdirectory_unmounted() fails
initially but would succeed later, e.g. due to files in a subdirectory
mount being open and requiring processes to be killed. To make this
more robust, keep calling ensure_subdirectory_unmounted() before each
attempt of umount("/data").
I'm not sure whether this will actually fix bug 189250652, as it hasn't
been root-caused yet, but this might help.
Bug: 189250652
Change-Id: I979b12d3c6a88fe3335ff548b1f8a5db43683c4f
When a user is removed, vold is deleting the subdirectories of
/data/misc/vold/user_keys/ce/${user_id} but not that directory itself.
This is unexpected, as none of the user's directories should be left
around. Delete it too.
Bug: 188702840
Test: pm create-user foo
pm remove-user 10
stat /data/misc/vold/user_keys/ce/10 # no longer exists
Change-Id: Id4033a668fa6de1debb9ba6fdd1351c940bd35fc
Revert "Change mounting storage data and obb flag to on by default"
Revert "Remove storage app data isolation checking in CTS"
Revert submission 14325408-enable_storage_iso_2
Reason for revert: b/187939590
Reverted Changes:
I6391b7381:Change mounting storage data and obb flag to on by...
Ic2f3d1be2:Remove storage app data isolation checking in CTS
Iffa8339b1:Change mounting storage data and obb flag to on by...
Bug: 187939590
Bug: 148049767
Change-Id: I8ef3e6fe0210bdf58e1292605ac1cc33a2eaafea
storeKeyAtomically() stores keys in a temp directory before renaming
that directory to the real target directory. However when the key is
stored in the temporary directory, the Keymaster storage key might get
upgraded, and it's possible that the temp directory is scheduled for a
deferred commit. storeKeyAtomically() renames that temp directory, but
doesn't update the list of directories marked for deferred commit.
This patch fixes this by removing the temp directory from the list and
adding the real target directory to that list instead.
This bug was found when trying to switch from using the guest keymint to
using the host remote keymint implementation on cuttlefish
(aosp/1701925). The device triggers this bug (and boots to recovery)
when aosp/1701925 is cherry-picked.
Co-Developed-By: Eric Biggers <ebiggers@google.com>
Test: Cuttlefish boots with and without aosp/1701925
Change-Id: I3b6fd6ad32ed415da94423cca6f5a121c16472f2
