This reverts commit 5cc86c5741.
Without two more commits, this will break encryption. I'll re-commit when the other two pass code review.
Change-Id: I71720d065c16cf0f7f534e74ffe883f1e113c477
Stop encryption when battery is low, mark position, and continue on reboot.
Note - support for multiple encrypted volumes removed as no devices seem
to exist with an fstab that uses this feature. If you want support for such
a device, contact me and we will re-add it with appropriate testing.
Bug: 13284213
Change-Id: I1f7178e4f7dd8ea816cbc03ab5c4f6543e98acaa
If we are not to double prompt, we need to pass the password from
CryptKeeper to KeyStore. Since the entire framework is taken down
and restarted, we must store the password in a secure system daemon.
There seems no better way than holding it in vold.
Change-Id: Ia60f2f051fc3f87c4b6468465f17b655f43f97de
Add a call to vold that says if we decrypted the data partition. Reset the
flag so that it only returns true the first time.
Bug: 12990752
Change-Id: Ib00be87137c00fb8ad29205c85a3ea187764b702
Modify enablecrypto command to make the password optional. When it is
not there, default encrypt the device.
Remove a warning by making at least some parts of this file const-correct.
Bug: 11985952
Change-Id: Ie27da4c4072386d9d6519d97ff46c6dc4ed188dc
Store encryption type in crypto footer, and provide functions to
manipulate it. Add mount_default_encrypted command to vdc to allow
mounting of default encrypted volumes at boot time.
Bug: 8769627
Change-Id: Ie41848f258e128b48b579e09789abfa24c95e2b2
By setting ro.crypto.readonly to 1, cryptfs will mount an encrypted
filesystem that is normally mounted read-write as read-only instead.
To be used when recovery mounts /data.
Bug: 12188746
Change-Id: If3f3f9a3024f29ebc4ad721a48546a332cb92b6b
Prior to this, the Key derivation function would get
blindly updated even if the user entered the wrong password.
Now, we only attempt to upgrade the KDF if the pwd/key have
been verified (i.e. after a successful mount).
Bug: 11460197
Change-Id: I0469228cc9b87c47754e8ca3c7146651da177da5
Currently, if a non-framework process or service is using /data,
unmounting will fail as nothing will kill it.
Instead of rebooting on unmount failure, we now kill all processes
using /data, then try one more time.
Bug: 11291208
Change-Id: I6c5276c78aa55965914ace96e1db74dc80fca3c1
With the recent selinux changes imposed on vold, it no longer has
permission to run a shell, so invoking the filesystem formatting
commands with system(3) gives an error. So change to using
android_fork_execvp().
Bug: 10279958
Change-Id: Ifa18b28867618858ec7c5cfcc67935e377de38fb
scrypt is a sequential memory-hard key derivation algorithm that makes
it more difficult for adversaries to brute force passwords using
specialized equipment. See http://www.tarsnap.com/scrypt/scrypt.pdf for
more details of the algorithm.
This adds support for initializing disk encryption using scrypt and
upgrading from the previous PBKDF2 algorithm.
Change-Id: I1d26db4eb9d27fea7310be3e49c8e6219e6d2c3b
In order to make it easier to upgrade the crypto footer, extract some
constants to a header file instead. Then the header can control what the
current version is and the upgrade_crypto_ftr code should be the only
thing that needs to be updated.
Change-Id: I3ed5a7d3b640419cd8af91388d94a00de8cc09db
In the future, we'd like to have the ability to upgrade from any
supported version to any future version. Change the upgrade function
slightly to support this.
Change-Id: I3b20ccfff51c4c86f1e5e08690c263dc95ff5ce4
The new wipe option to the vold format command will invoke BLKDISCARD
on the partition before invoking newfs_msdos. This will be used whenever
a full wipe of the device is wanted, as this is more secure than just
doing newfs_msdos.
Bug: 9392982
Change-Id: Ie106f1b9cc70abc61206006d1821641c27c7ccae
The new selinux_reload_policy command can take a while to complete on
some systems. The reason is being investigated, and hopefully a fix can
be found to improve performance, but for now, increase the timeout that
vold waits for the post_fs_data section to complete when decrypting a
device on boot.
Also, emit a decent error message if the device times out.
Bug: 8967715
Change-Id: Ifb01c983dffe095a9de752c17c467a1751e9ce99
In order to display the correct language, timezone, airplane
mode and other settings on the decrypt screen, a copy of those
settings needs to be stored unencrypted so the framework can
query them. This adds support to vold to store up to 32
property like key/value pairs that are not encrypted.
Change-Id: Id5c936d2c57d46ed5cff9325d92ba1e8d2ec8972
Change vold to use the unified fstab. This includes both
support for sdcards, and changes to the crypto code to work
with some changes to the fs_mgr library api.
Change-Id: Id5a8aa5b699afe151db6e31aa0d76105f9c95a80
dm-crypt version 1.11.0 and later supports the allow_discards option
when setting up a crypto device. This passes discard requests from
the filesytem to the underlying block device. This helps make flash
based storage faster. So query the dm-crypt version, and pass the
option if the version is 1.11.0 or greater.
Change-Id: If30e9db5a2dbd6ea0281d91344e5b2c35e75131e
The previous problem of the framework not properly restarting after accepting
the password to decrypt the storage is also a problem when restarting the
framework to display the encryption progress screen. So like the previous
hacky fix, add a sleep to wait a few moments before proceeding. Also,
increase the sleep of the previous fix from 1 second to 2, as the problem
was seen once more in testing. A proper fix has been designed and hopefully
will work and be checked-in RSN.
Change-Id: Icc2c072ce7f7ebcdea22cd7ff8cb2b87a627c578
There is a race in the encryption code that after it accepts the
decryption password, it tells init to kill all the processes in
class "main", then it mounts the decrypted filesystem, preps it,
and restarts the framework. For an unknown reason on some devices,
the new framework sometimes starts up before init has killed and
reaped all the old processes. The proper fix is to make the killing
of the old framework synchronous, so vold waits till all the
processes have died. But with factory rom a few days away, the
much more pragmatic solution of adding a sleep of 1 second after
telling init to kill the old framework will suffice.
Bug: 7271212
Change-Id: Ie971cd04abbc6f3f6500b4acd79d3b3b26d9561c
The kernel seems to return from umount(2) sometimes before it has
released the underlying block device. So until the kernel is fixed,
try up to 10 times to load the crypto mapping table, waiting 500 ms
between tries.
bug: 7220345
Change-Id: Iad3bbef37cbe2e01613bb8a8c4886babdecb8328
When creating a new file using open(..., O_CREAT), it is an error
to fail to specify a creation mode. If a mode is not specified, a
random stack provided value is used as the "mode".
This will become a compile error in a future Android change.
Change-Id: I761708c001247d7a2faac2e286288b45bfecc6f7
Now that forward locked apps are stored on /data as asec image files
that are mounted, they need to be unmounted before /data can be unmounted
so it can be encrypted.
Change-Id: I7c87deb52aaed21c8ad8ce8aceb7c15c2338620a
The new filesystem manager is in charge of mounting the block devices now,
removing much of the knowledge from init.<device>.rc. This also let us
clean up some init code dealing with encryption, so this change updates
vold to work with that. More cleanup is possible, but the main goal of the
filesystem manager was to enable e2fsck, not a full cleanup of encryption.
Change-Id: I00ea80a923d14770ed8fdd190e8840be195f8514
The new filesystem manager is in charge of mounting the block devices now,
removing much of the knowledge from init.<device>.rc. This also let us
clean up some init code dealing with encryption, so this change updates
vold to work with that. More cleanup is possible, but the main goal of the
filesystem manager was to enable e2fsck, not a full cleanup of encryption.
Change-Id: I00ea80a923d14770ed8fdd190e8840be195f8514
Needed for headless devices that need to recover with no user intervention
Bug: 5556856
Change-Id: I0f85591df513a6893324fb057bde114ac1df044b
Signed-off-by: Mike Lockwood <lockwood@google.com>
If there is filesystem damage on a non-encrypted device, and /data is not
mountable, and if the device stores the keys in a file on a different
partition (like on Crespo) then, vold would return an error which caused
the crypto UI to present an option to the user to wipe the device because
it assumed encryption had failed. This fixes it to not do that.
Change-Id: Ibff6299787b45768416dbc4052de7db3b140b808
