Commit graph

5001 commits

Author SHA1 Message Date
Ken Sumrall
71fac1e011 am d33d417e: Detect when encryption failed to complete
* commit 'd33d417e3a057fffad22c23f5f002177531db2a5':
  Detect when encryption failed to complete
2011-02-01 13:27:36 -08:00
The Android Automerger
999ff5ca61 merge in honeycomb-release history after reset to honeycomb 2011-02-01 10:12:18 -08:00
Ken Sumrall
d33d417e3a Detect when encryption failed to complete
For the case there encryption failes to complete because of a kernel
crash or the user power cycling the device, define a flag in the
crypto footer that says encryption is in progress.  Set it when starting
the actual encryption, and clear it when it successfully completes.

When the user is asked for the disk password, if the flag is set,
return a special error to the caller so the UI can know to tell the
user there is no valid data on the disk, and present a button to
wipe and reset the device.

Change-Id: I3723ec77f33437d94b3ac9ad5db0a5c950d11648
2011-02-01 00:49:13 -08:00
The Android Automerger
e16044bf34 merge in honeycomb-release history after reset to honeycomb 2011-01-31 17:24:38 -08:00
Ken Sumrall
3f0c0a28f3 am 5d4c68e4: Have vold grab a partial wakelock when encrypting
* commit '5d4c68e40700424b65a4331be75620706a0dd49c':
  Have vold grab a partial wakelock when encrypting
2011-01-30 19:44:27 -08:00
Ken Sumrall
5d4c68e407 Have vold grab a partial wakelock when encrypting
The Progress bar UI grabs a full wakelock when encrypting, but we've seen
a case where it looks like the progress bar UI crashes, and the wakelock is
lost, and then all hell breaks loose.  The enablecrypto command has a lot of
work to do, and it will take some time, so it should grab a wakelock to
ensure it can finish without being interrupted and put to sleep.

It grabs a partial wake lock, as it doesn't need the screen to be on to do
its work.  If the UI wants to keep it on, it should also grab a full wakelock,
which it does.  If the UI crashes, the screen may turn off, but the encryption
will keep going, and vold will reboot the device when it's done.

Change-Id: I51d3a72b8c77383044a3facb1604c1ee510733ae
2011-01-30 19:10:07 -08:00
The Android Automerger
1d3c186f88 merge in honeycomb-release history after reset to honeycomb 2011-01-30 13:37:48 -08:00
The Android Automerger
e30abd4fb2 merge in honeycomb-release history after reset to honeycomb 2011-01-30 09:59:01 -08:00
Ken Sumrall
7cb0f59b20 am 3f476690: Merge "Don\'t try to encrypt in place a filesystem that is too large and return proper errors" into honeycomb
* commit '3f476690eaef3b824255813ed335284ef9a90e91':
  Don't try to encrypt in place a filesystem that is too large and return proper errors
2011-01-29 20:50:03 -08:00
Ken Sumrall
3f476690ea Merge "Don't try to encrypt in place a filesystem that is too large and return proper errors" into honeycomb 2011-01-29 20:45:31 -08:00
Jason parks
939ec42d3c am 70a4b3fd: Change cryptfs changepw to only require a new password.
* commit '70a4b3fd7a84a84bbe6e9d6d4ca3ee2098259fd9':
  Change cryptfs changepw to only require a new password.
2011-01-29 12:06:28 -08:00
Ken Sumrall
3ed8236de1 Don't try to encrypt in place a filesystem that is too large and return proper errors
If the already existing filesystem encompasses the entire /data partition
and does not leave the last 16 Kbytes for the crypto footer, refuse to
do encrypt in place and return an error.  This is only an issue for folks
with early development systems trying to encrypt an old /data.  This should
not be seen in released devices.

Also, if there is an error, try to report back to the UI what the error was
so it can deal with it.

Change-Id: If66781a4fe03034c96c3dd12075240deb8663db0
2011-01-29 00:48:30 -08:00
The Android Automerger
ca279296da merge in honeycomb-release history after reset to honeycomb 2011-01-28 15:49:15 -08:00
Jason parks
70a4b3fd7a Change cryptfs changepw to only require a new password.
The master key is now stored unhashed in memory. This
is needed because certain operation like remote reseting
of passwords the old password is not avaliable.
The changepw interface has been changed to only take
the new password as the only argument. When this is
called we reencrypt the master key with the new password
and old salt.

Bug: 3382129
Change-Id: I9a596b89013194605d6d7790067691aa0dc75e72
2011-01-28 10:17:44 -06:00
The Android Automerger
959a21c78d merge in honeycomb-release history after reset to honeycomb 2011-01-28 07:25:12 -08:00
The Android Automerger
de9d2237be merge in honeycomb-release history after reset to honeycomb 2011-01-27 07:26:10 -08:00
The Android Automerger
b16f6ab0f9 merge in honeycomb-release history after reset to honeycomb 2011-01-26 07:26:30 -08:00
The Android Automerger
ce99c90b54 merge in honeycomb-release history after reset to honeycomb 2011-01-25 07:26:39 -08:00
The Android Automerger
bb9acd5783 merge in honeycomb-release history after reset to honeycomb 2011-01-24 07:22:25 -08:00
The Android Automerger
d805ede34e merge in honeycomb-release history after reset to honeycomb 2011-01-23 07:22:03 -08:00
The Android Automerger
7c536b7d8b merge in honeycomb-release history after reset to honeycomb 2011-01-22 07:23:20 -08:00
Jason parks
ab593e8e50 Always return success if the command was run.
The caller will check the result code for success. This prevents a exception from being thrown when the result code needs to be propagated to the caller.

Change-Id: I471e8d6eb6f339c6f4e40f47adf60d20f6a70974
2011-01-21 16:11:02 -08:00
Jason parks
bc281ee931 am 0167cb15: Always return success if the command was run.
* commit '0167cb15935592deea9abbd6a8bbe904e27bd101':
  Always return success if the command was run.
2011-01-21 12:39:35 -08:00
Jason parks
0167cb1593 Always return success if the command was run.
The caller will check the result code for success. This prevents a exception from being thrown when the result code needs to be propagated to the caller.

Change-Id: I471e8d6eb6f339c6f4e40f47adf60d20f6a70974
2011-01-21 14:00:43 -06:00
Ken Sumrall
2137c849a0 am e8744070: Create and use a salt when calling pbkdf2 to encrypt/decrypt the master key.
* commit 'e87440703663f5ee326326f6438f3b00ea315623':
  Create and use a salt when calling pbkdf2 to encrypt/decrypt the master key.
2011-01-19 03:48:12 -08:00
Ken Sumrall
e113373708 am 0cc16638: Verify that it\'s OK to run the various cryptfs commands
* commit '0cc166385a7e1d3026bbcb62f094e419f779e872':
  Verify that it's OK to run the various cryptfs commands
2011-01-18 22:03:31 -08:00
Ken Sumrall
e874407036 Create and use a salt when calling pbkdf2 to encrypt/decrypt the master key.
In order to prevent rainbow table attacks on decrypting the master key,
create a 16 byte "salt" by reading /dev/urandom.  This is done right after
reading urandom to get the master key for the filesystem.  The salt is
stored 32 bytes after the end of the key (a padding added to help prevent
accidental overwriting of the salt) and the salt is fixed at 16 bytes long.

This change will make existing encrypted filesystems unusable.

Change-Id: I420549d064c61d38aea78eef4d86c88acb265ca3
2011-01-18 22:01:55 -08:00
Ken Sumrall
694bc70d42 am 7df84120: Don\'t wait for the framework to come up before starting to encrypt in place.
* commit '7df84120b25dca713f623528801385b00208c2aa':
  Don't wait for the framework to come up before starting to encrypt in place.
2011-01-18 21:53:23 -08:00
Ken Sumrall
0cc166385a Verify that it's OK to run the various cryptfs commands
Maintain and query some internal state to know if it's OK to run
the various cryptfs commands.  Do not allow enablecrypto to run if
the device is already encrypted.  Do no allow restart to run if
we have already run it before or if the password has not been
validated.  Do not allow checkpw to run if not encrypted, or it
has already validated the password.

This is an extra layer of safety on top of the checks up in the
UI code agains possible DoS attacks on the device.

Change-Id: I9afc8d42773020e82a512e6b637feede101d1362
2011-01-18 20:32:26 -08:00
Ken Sumrall
7df84120b2 Don't wait for the framework to come up before starting to encrypt in place.
Also, change the value that triggers the progress bar framework from
"startup" to "0" in the property vold.encrypt_progress.

Change-Id: I3890e66a95283ce2ceeca82f516859b083919b9e
2011-01-18 14:04:08 -08:00
Ken Sumrall
e23667fa00 am 57b63e61: Minor tweaks to logging for the cryptfs changepw command.
* commit '57b63e61cb41e377708a4fdf18ecc80eb1b2b521':
  Minor tweaks to logging for the cryptfs changepw command.
2011-01-18 08:47:29 -08:00
Ken Sumrall
57b63e61cb Minor tweaks to logging for the cryptfs changepw command.
Change-Id: I87ff9788a56de6d461002407bf6c3cd4c6f900ee
2011-01-17 18:29:19 -08:00
Ken Sumrall
934dfed05d am 8ddbe40a: Updates to cryptfs framework.
* commit '8ddbe40a8a8708dac7c472fa8c098c8f7b24534c':
  Updates to cryptfs framework.
2011-01-17 15:32:50 -08:00
Ken Sumrall
8ddbe40a8a Updates to cryptfs framework.
Update the enable inplace API to allow the UI to show a progress bar.
Add new command changepw (whichis currently not working)
Internal restructuring of code to support these two features.
Some minor cleanup of the code as well.

Change-Id: I11461fc9ce66965bea6cd0b6bb2ff48bcf607b97
2011-01-17 15:26:29 -08:00
Ken Sumrall
3b3b89e07c am 6864b7ec: Change the cryptfs command to separate out checking the password and restarting
* commit '6864b7ec94a57b73c300457955d86dc604aeddf5':
  Change the cryptfs command to separate out checking the password and restarting
2011-01-17 14:45:11 -08:00
Ken Sumrall
6864b7ec94 Change the cryptfs command to separate out checking the password and restarting
In order to make the animations and the UI look right, we need to change
the cryptfs checkpw command to return a status if the password was
correct or not, and not have it automatically restart if it's correct.

There is a new command restart that will restart the framework with the
encrypted filesystem.

Change-Id: Ia8ae00d7ed8667699aa58d05ad8ba953cca9316e
2011-01-14 15:20:02 -08:00
Ken Sumrall
eed82c368b am 2eaf7138: Cleanup a few issues with the cryptfs code.
* commit '2eaf7138528d30c331d83ab8346a97e66b5499e2':
  Cleanup a few issues with the cryptfs code.
2011-01-14 14:30:52 -08:00
Ken Sumrall
2eaf713852 Cleanup a few issues with the cryptfs code.
Now that the framework shuts down quickly, remove the 30
second sleep when enabling crypto.  Also, stop spewing
the secret master key to the disk in the system log!

Change-Id: Icb3f9456ababe3dff8de52cbbae92da0e9e5dd2f
2011-01-14 14:23:26 -08:00
Wink Saville
5fb760a63c Revert "Change constructor to match new definition of the superclass"
This reverts commit 499806cd60.
2011-01-09 12:18:21 -08:00
Stan Chesnutt
499806cd60 Change constructor to match new definition of the superclass
Change-Id: I3526b1920817c2a28ac3e84c1ea278932a9ec895
2010-12-26 22:17:48 -08:00
Ken Sumrall
8f869aa1bc Support for encrypting /data on Stingray.
There are still a few hacks and performance issues related
to shutting down the framework in this code, but it is
functional and tested.  Without the UI changes, it requires
cryptic adb shell commands to enable, which I shall not
utter here.

Change-Id: I0b8f90afd707e17fbdb0373d156236946633cf8b
2010-12-18 18:35:56 -08:00
Mike Lockwood
3c9a73f643 Stifle "Ignoring unknown switch" logging
Change-Id: I9770ab880f379e2f7f6a93d3c84990edec60a116
Signed-off-by: Mike Lockwood <lockwood@android.com>
2010-12-10 15:07:14 -08:00
Jean-Baptiste Queru
905ed1fbd3 am c1d80272: am 08da5c1f: Merge "vold: replace strsep by strtok_r"
* commit 'c1d80272b117cf837de93fadd8d456d89a203e2f':
  vold: replace strsep by strtok_r
2010-11-19 17:26:47 -08:00
Jean-Baptiste Queru
c1d80272b1 am 08da5c1f: Merge "vold: replace strsep by strtok_r"
* commit '08da5c1f17afefe3c9f4f4d4456c5757dede62e1':
  vold: replace strsep by strtok_r
2010-11-19 17:24:49 -08:00
Jean-Baptiste Queru
08da5c1f17 Merge "vold: replace strsep by strtok_r" 2010-11-19 17:20:39 -08:00
Jinho You
74ca25a716 vold: replace strsep by strtok_r
It permits more white spaces between words in vold.fstab.

Change-Id: I38250c3dcc860643e4f102e980fe844693a1451a
2010-11-19 17:01:48 -08:00
Jean-Baptiste Queru
2996451f77 am 1206e872: resolved conflicts for merge of 09f774b7 to gingerbread-plus-aosp
* commit '1206e872ce74aab253c39c3547bfaadc5e1f6011':
  vold: fix an offset one bug that makes partition 4 unusable
  vold: set state back to idle on formatting error
2010-11-19 10:25:51 -08:00
Jean-Baptiste Queru
1206e872ce resolved conflicts for merge of 09f774b7 to gingerbread-plus-aosp
Change-Id: I103db47198ad09783aa6539cde271df0fdb9c594
2010-11-19 10:20:37 -08:00
Jean-Baptiste Queru
09f774b7d3 Merge changes Ic8e18e61,I62c78eb8
* changes:
  vold: fix an offset one bug that makes partition 4 unusable
  vold: set state back to idle on formatting error
2010-11-17 18:24:33 -08:00
Chih-Wei Huang
def8f31683 vold: fix an offset one bug that makes partition 4 unusable
Change-Id: Ic8e18e6191ad7ee33162e36060b57a6802cf0883
2010-11-17 18:53:09 +08:00