Commit graph

3511 commits

Author SHA1 Message Date
TreeHugger Robot
60d7c823ee Merge "Prefer f2fs for virtual (private) storage volumes." into rvc-dev 2020-03-31 11:00:31 +00:00
David Anderson
87bf96a60e [automerger skipped] Block and wait for /dev/block/loop<N> to appear in case it was created asynchronously. am: 5ba8aeaa80 -s ours
am skip reason: Change-Id Id8616804bba622226ca21b8eff0d3eb577b4b7e0 with SHA-1 1dd5c4f787 is in history

Change-Id: Iaffd50d7b736066cfa429edf28b3f18fb956715d
2020-03-30 09:00:04 +00:00
Songchun Fan
01c4e91c09 [vold] update with incfs_ndk.h
BUG: 150470163
Test: atest PackageManagerShellCommandIncrementalTest
Change-Id: I5166c49cf48f353dab35e385571ada517cb751ac
2020-03-27 17:07:06 -07:00
David Anderson
5ba8aeaa80 Block and wait for /dev/block/loop<N> to appear in case it was created asynchronously.
Bug: 134711825
Bug: 149462396
Test: StorageManagerTest
Change-Id: Id8616804bba622226ca21b8eff0d3eb577b4b7e0
Merged-In: Id8616804bba622226ca21b8eff0d3eb577b4b7e0
2020-03-27 20:16:44 +00:00
Yurii Zubrytskyi
131365a3e5 [vold] Add argument verification to IncFS methods
+ Get rid of an extra string copy in path validation function

Bug: 152349257
Test: atest vold_tests
Change-Id: I03a8cab0dd6abd7d5c9dcbbc2acb651e818e6cd8
2020-03-25 14:33:24 -07:00
Martijn Coenen
81872e826c Merge "Bind mount Android/data and Android/obb individually." into rvc-dev 2020-03-24 08:31:44 +00:00
TreeHugger Robot
fe6253e3a2 Merge "Add quota / casefold options to f2fs if needed." into rvc-dev 2020-03-20 14:35:07 +00:00
Martijn Coenen
449a7d8ae0 Bind mount Android/data and Android/obb individually.
Because we want all other paths (in particular Android/media) to go
through FUSE.

Also use scope_guard to make unwinding some failures easier.

Bug: 151272568
Test: atest AdoptableHostTest
Change-Id: Ib487b9071b5b212c7bb12ce54f80c96d98acaef5
2020-03-20 13:24:41 +01:00
Zim
b6488f3f04 Fix vold wedge when unmounting Android/
In EmulatedVolume#doMount, if some operations fail, we call
EmulatedVolume#doUnmount.

During this unmount we try to unmount Android/ causing a FUSE_LOOKUP
on the FUSE mount. If the FUSE mount is not up, this can hang.

Now we introduce a new state to prevent unmounting Android/ if it
wasn't mounted.

Test: atest AdoptableHostTest
Bug: 151685786
Change-Id: I6246d3910c352034d2a4fb09ad9c1e7fd91cba5e
2020-03-17 16:14:56 +00:00
Ricky Wai
6b12257702 Make storage dirs remount fork() safe
Also, use the pids provided by system server to remount all existing
processes, so we don't need to do the heavy and unreliable scanning in
/proc anymore.

Bug: 149548518
Test: atest AdoptableHostTest
Change-Id: Ifb5b79a3bc5438f36e0d61ec8aec96bdbc60ca13
2020-03-12 18:16:27 +00:00
Martijn Coenen
6c695ef1d9 Prefer f2fs for virtual (private) storage volumes.
Since ext4 currently doesn't have the required kernel patches in place
on cuttlefish.

Bug: 150935323
Test: sm set-virtual-disk true
      sm partition disk:7,xyz private
      inspect mount output
Change-Id: Ief5bd9ace9d39bdfbae8d3857044a2143801f6be
2020-03-11 15:36:14 +01:00
Martijn Coenen
2f1c983240 Add quota / casefold options to f2fs if needed.
These were only added for ext4.

Bug: 150935323
Test: when creating a private f2fs volume, things work as expected.
Change-Id: I11ee04bfddecb6c95e223e66c9bf532c425e6fac
2020-03-11 15:36:14 +01:00
TreeHugger Robot
cbd458bb35 Merge "Only set quota project ID inheritance on app-private dirs." into rvc-dev 2020-03-11 12:54:58 +00:00
Nikita Ioffe
58d89a355a Merge "fskeyring & userspace reboot: support CE keys" into rvc-dev 2020-03-11 11:43:30 +00:00
Martijn Coenen
9171fcc984 Only set quota project ID inheritance on app-private dirs.
Previously every directory on external storage had project ID quota
inheritance enabled; this means that if any new file/directory is
created under such a directory, it will inherit the project ID from the
parent. We use a default project ID of 1000 for generic directories, and
application-specific project IDs for app-specific directories.

MediaProvider is responsible for updating the quota type in the generic
directories, as it scans all files there. However, there is a problem
with this approach: if you move a file to a directory with project ID
inheritance set, and the project ID of that file differs from the
project ID of the dir, that results in an EXDEV error, and requires a
copy instead. For example, if /sdcard/DCIM/test.jpg has a project ID of
1003 (for images), and you try to move it to /sdcard/Pictures/test.jpg,
that would require a copy, because the project ID of /sdcard/Pictures is
1000.

While this is not a very common scenario, it's still better to avoid it.
Luckily we can - since MediaProvider anyway scans all files, it will set
the project ID on individual files correctly - there's no need to
inherit them.

We then only need to inherit quota in application-specific directories,
since in those directories the app can create files itself, and those
need to be tagged correctly.

This change enables that, by removing quota inheritance setting from the
top-level directory, and instead doing it for app-specific directories
instead.

Bug: 151078664
Test: atest StorageHostTest
      atest com.android.tests.fused.host.FuseDaemonHostTest#testRenameAndReplaceFile
Change-Id: I38a057ec61cb627e39a3ff7ac58c7218dc251bdc
2020-03-11 11:51:45 +01:00
Nikita Ioffe
1ee35cf002 fskeyring & userspace reboot: support CE keys
During userspace reboot /data might be unmounted & remounted, meaning
that CE keys stored in fs-level keyring will be lost. In order to be
able to restore them, when installing new key to fs-level keyring, it's
also added to session-level keyring with type "fscrypt-provisioning".

Then when init_user0 is called during userspace reboot, vold will try to
load CE keys from the session-level keyring back into fs-level keyring
for all the users that were unlocked before the reboot.

If for any user vold fails to install the key, init_user0 will fail and
fallback to hard reboot will be triggered.

Test: set a pin pattern
Test: adb shell setprop sys.init.userdata_remount.force_umount 1
Test: adb shell svc power reboot userspace
Test: atest CtsUserspaceRebootHostSideTestCases
Bug: 143970043
Change-Id: I37603dc136c7ededc7b0381e4d730cb0ffd912b4
2020-03-07 01:19:42 +00:00
Paul Crowley
7de5377c89 Use the blk_device supplied by vdc encryptFstab
fs_mgr may put other dm devices on top of the raw disk, such as for
checkpointing, and it hands metadata encryption the uppermost device in
vdc. That's what should be encrypted, not the raw disk.

Bug: 150354860
Test: Treehugger
Merged-In: I279f087b1b7aded40c5a62281154851ce970ba70
Change-Id: I279f087b1b7aded40c5a62281154851ce970ba70
2020-03-05 12:57:40 -08:00
Hung-ying Tyan
16df3dc2b5 Merge "umount /data/user/0 before umount /data" into rvc-dev 2020-03-05 00:24:34 +00:00
Nikita Ioffe
e8c7f09834 Merge "fskeyring & userspace reboot: support DE keys" into rvc-dev 2020-03-04 12:13:55 +00:00
Hyangseok Chae
79b03ff9e6 umount /data/user/0 before umount /data
FDE device has shut down and restart the framework.
But restart is not triggered due to umount fail.
umount /data fail with "device is busy"
It is because bind mount /data/data to /data/user/0

We need umount /data/user/0 before umount /data

Bug: 148004718
Test: Flash GSI and check boot with FDE and FBE device.
Change-Id: I919f9e31a9d2d745b297a7ab99b399aa9b293b39
Merged-In: I919f9e31a9d2d745b297a7ab99b399aa9b293b39
(cherry picked from commit 3cf3233bac)
2020-03-04 14:33:08 +08:00
Ricky Wai
c1e33a3cc9 Add Android/data mounting along with obb mounting in vold
We should mount Android/data also, not only Android/obb.

Test: After flag is enabled, AdoptableHostTest still pass.
Bug: 148049767
Bug: 150584566
Change-Id: I26dc3756aa5843b85565495e9c2698130113f49a
Merged-In: I26dc3756aa5843b85565495e9c2698130113f49a
(cherry picked from commit d88e090098)
2020-03-02 10:58:44 +00:00
Nikita Ioffe
1eaea5a6a2 fskeyring & userspace reboot: support DE keys
During userspace reboot /data might be unmounted, which means that if
device supports filesystem keyring, DE keys will be lost and are needed
to be re-installed.

Test: adb shell setprop sys.init.userdata_remount.force_umount 1
Test: adb shell svc power reboot userspace
Test: atest CtsUserspaceRebootHostSideTestCases
Bug: 143970043
Change-Id: I153caa1d7c373b3c906a34f1184c681e52854a9d
2020-02-27 21:42:08 +00:00
Martijn Coenen
6a4d95d08e Merge "Switch to new project ID constants." 2020-02-20 08:58:56 +00:00
Automerger Merge Worker
d80d53e31f Merge "Make CTS not HEH the default post Q" am: 39969f0288 am: 17d85205bd am: f0bea38daa
Change-Id: I3cf8f261ce7ecf41315ffddbf4964cf47bca1655
2020-02-20 00:22:25 +00:00
Martijn Coenen
aee40511ae Switch to new project ID constants.
Use new constants, instead of reusing previous sdcardfs values.

Bug: 146419093
Test: lsattr -pR
Change-Id: I7409d86cac5360e125e843cc79f3c5f41d74dd1e
2020-02-20 00:39:05 +01:00
Automerger Merge Worker
f0bea38daa Merge "Make CTS not HEH the default post Q" am: 39969f0288 am: 17d85205bd
Change-Id: I0c3114a77c37b30e542c45fc4d4d6ea592444b1a
2020-02-19 23:37:01 +00:00
Automerger Merge Worker
17d85205bd Merge "Make CTS not HEH the default post Q" am: 39969f0288
Change-Id: I0cb0430214ab69656c6e7f3116194b63eb54672b
2020-02-19 23:20:59 +00:00
Treehugger Robot
39969f0288 Merge "Make CTS not HEH the default post Q" 2020-02-19 23:04:37 +00:00
Automerger Merge Worker
970ea1cf68 Merge "Fix unaligned access to auth token user_id" am: 21a17b091e am: 01759662fd am: 7b9b164946
Change-Id: Ibe10561445571d7607ea93d7a988a9ab847e234a
2020-02-19 22:20:32 +00:00
Automerger Merge Worker
c45705672c Merge "Remove unused code in VoldUtil.h" am: e19189bd7f am: b6421644ec am: 923309aae2
Change-Id: I0ec249df609cbad7f80ac739545c6cf0199e6232
2020-02-19 22:19:46 +00:00
Automerger Merge Worker
7489ab6961 Merge changes from topics "metadata_wrapped_key_aosp", "volume_metadata" am: 36fd1ebfae am: 6891eb7e2d am: c14f46d114
Change-Id: I89f51bfaeb61c235aeccbe8a5a5a447ab14c46cb
2020-02-19 22:19:26 +00:00
Ricky Wai
879b9c0a59 Merge "Mount direct boot apps obb dir after fuse is ready." 2020-02-19 19:42:13 +00:00
Paul Crowley
eb241a1d65 Make CTS not HEH the default post Q
Making HEH the default was always a mistake and a giant foot-gun.
Let's make life easier for people by making the default depend on
first_api_level, so it's automatically set up right for new devices
without breaking old ones. Also use v2 fscrypt keys instead of v1 post
Q.

Bug: 147107322
Test: Various Cuttlefish configurations
Change-Id: I5432bdfd6fec6ed34e7f9ab7cdd32cdeb2a03472
2020-02-19 10:27:48 -08:00
Ricky Wai
07e64a4cea Mount direct boot apps obb dir after fuse is ready.
- Remove bind mounting Android/ code as we want to bind mount obb dir
for each process instead.
- Set property "vold.vold.fuse_running_users" as an array of user id
for which fuse is ready to use.
- After fuse is ready for a user, fork a background process in vold
to bind mount all direct boot apps for that user so its direct boot
apps obb dir will be mounted to lower fs for imporoved performance.

Bug: 148049767
Bug: 137890172
Test: After flag is enabled, AdoptableHostTest still pass.
Change-Id: I90079fbeed1c91f9780ca71e37b0012884680b7c
2020-02-19 16:45:07 +00:00
Martijn Coenen
816f4d94f6 Add fixupAppDir() API.
This can be used to fixup application directories in case they have been
created by some other entity besides vold; the main use case for this
API right now is OBB directories, which can be created by installers
outside of vold; on devices without sdcardfs, such directories and the
files contained therein are not setup correctly. This API will make sure
everything is setup the way it needs to be setup.

Bug: 146419093
Test: inspect OBB dir after install
Change-Id: I2e35b7ac2992dbb21cc950e53651ffc07cfca907
2020-02-19 12:11:34 +01:00
Automerger Merge Worker
7b9b164946 Merge "Fix unaligned access to auth token user_id" am: 21a17b091e am: 01759662fd
Change-Id: I224885ade242636a9806574c164f34494a8f377f
2020-02-19 00:06:04 +00:00
Automerger Merge Worker
923309aae2 Merge "Remove unused code in VoldUtil.h" am: e19189bd7f am: b6421644ec
Change-Id: If68c55c8e6f3db5e00e08f958845ceab8cf36f4e
2020-02-19 00:05:34 +00:00
Automerger Merge Worker
c14f46d114 Merge changes from topics "metadata_wrapped_key_aosp", "volume_metadata" am: 36fd1ebfae am: 6891eb7e2d
Change-Id: I39904b704f983124afd8ff62cd3b863fd600e6a2
2020-02-19 00:05:22 +00:00
Automerger Merge Worker
01759662fd Merge "Fix unaligned access to auth token user_id" am: 21a17b091e
Change-Id: If1b44823f6758c9428b5874b2629579f384399b7
2020-02-18 23:40:09 +00:00
Automerger Merge Worker
b6421644ec Merge "Remove unused code in VoldUtil.h" am: e19189bd7f
Change-Id: I52b8e04f85890a1a320c47a191bf1c0429e058a4
2020-02-18 23:40:04 +00:00
Automerger Merge Worker
6891eb7e2d Merge changes from topics "metadata_wrapped_key_aosp", "volume_metadata" am: 36fd1ebfae
Change-Id: Ieb478426e40feffcefd3a5e478e5e1c5d72539b7
2020-02-18 23:39:37 +00:00
Paul Crowley
21a17b091e Merge "Fix unaligned access to auth token user_id" 2020-02-18 23:18:46 +00:00
Paul Crowley
e19189bd7f Merge "Remove unused code in VoldUtil.h" 2020-02-18 23:18:30 +00:00
Paul Crowley
36fd1ebfae Merge changes from topics "metadata_wrapped_key_aosp", "volume_metadata"
* changes:
  On newer devices, use dm-default-key to encrypt SD cards
  vold: Wrapped key support for metadata encryption
  Refactor: make makeGen local
2020-02-18 23:17:07 +00:00
Paul Crowley
886e572009 On newer devices, use dm-default-key to encrypt SD cards
The dm-crypt solution requires a kernel patch that won't be present in
the GKI kernel, while the new metadata encryption system in the GKI
kernel solves this problem in a much cleaner way.

Test: create private volume on Cuttlefish, setting property both ways.
Bug: 147814592
Change-Id: Ie02bd647c38d8101af2bbc47637f65845d312cea
2020-02-18 13:01:00 -08:00
Barani Muthukumaran
312b7df621 vold: Wrapped key support for metadata encryption
metadata_encryption fstab option provides details on the cipher
and flags used for metadata encryption. wrappedkey_v0 is provided
to dm-default-key dm device when a wrapped key is used. The
inline encryption hardware unwraps the key and derives the
encryption key used to encrypt metadata without returning the key
in the clear to software.

Bug: 147733587
Test: FBE with metadata encryption using wrapped keys.
Change-Id: Ibf69bdc12bb18d2f0aef8208e65f3a8dececfd2a
2020-02-18 12:51:06 -08:00
Paul Crowley
249c2fb4aa Refactor: make makeGen local
No need for KeyUtil to know how to make a KeyGeneration, it's cleaner
if each module handles it separately. Also, create a CryptoOptions
structure to track metadata encryption options, and simplify legacy
cipher/option handling.

Test: Treehugger
Bug: 147814592
Change-Id: I740063882914097329ff72348d0c0855c26c7aab
2020-02-18 12:49:36 -08:00
Paul Crowley
d281de75ad Fix unaligned access to auth token user_id
Bug: 65232288
Test: Set a pattern on cuttlefish, ensure we can unlock
Change-Id: I5ee09cf72ab7d3d636a25755134bfad6f88265f9
2020-02-18 11:00:15 -08:00
Paul Crowley
2ae96731ac Remove unused code in VoldUtil.h
Test: Treehugger
Change-Id: I87585852af49ee49d63e3b1cde579114f855118b
2020-02-18 10:48:16 -08:00
Martijn Coenen
442bb83828 Set a default ACL on the top-level OBB directory.
Since installers can create directories in Android/obb, make sure those
directories end up with the correct ACL bits as well.

Bug: 146419093
Test: inspect filesystem manually
Change-Id: I211e921197560a40599938463f3171a0ff92d9aa
2020-02-18 15:24:26 +01:00