Commit graph

4393 commits

Author SHA1 Message Date
Jeff Vander Stoep
2c347c75c1 OWNERS: add alan and jeff, alphabetize
Test: n/a
Change-Id: I3b9f18906b72d0a3aed712f6c6990180294d0d2b
2020-12-10 13:08:28 +01:00
Alan Stokes
1dafff79e1 Enable improved user separation by default.
This is already on for all Pixel devices with no problems observed.

If this causes issues with a specific device (e.g. vendor apps being
unable to access their data) it can be temporarily disabled by adding

PRODUCT_PROPERTY_OVERRIDES += ro.vold.level_from_user=0

to the device.mk file. Please file a bug if that happens.

Bug: 141677108
Test: presubmits
Change-Id: Ic9da534f1a5f4c9e3bd62ea5c09a3b11ebcb33e7
Merged-In: Ic9da534f1a5f4c9e3bd62ea5c09a3b11ebcb33e7
(cherry picked from commit 763393644a)
2020-12-10 09:54:06 +00:00
Ricky Wai
bbfb6ea1ac Check if storage app data and obb directories exist in vold
As storage is not mounted in system server, we use vold
to check if storage app data and obb directories exist instead.

We add a method in vold so it only creates app data and obb dirs
if dirs do not exist to speed up app starting time.

Bug: 160336374
Test: Data and obb directories are created when a new app is started
Change-Id: I1bd784d9c9e05463f71433fc782ac4e0c831cbf1
2020-12-03 15:38:03 +00:00
Treehugger Robot
f1238ff370 Merge "Follow vdc naming convention: earlyBootEnded" am: e8838a862d am: 12eb9de463
Original change: https://android-review.googlesource.com/c/platform/system/vold/+/1512480

Change-Id: Ibb7a80f05f3bb7c2f13a666bafc8d323db46825b
2020-12-02 08:57:03 +00:00
Treehugger Robot
12eb9de463 Merge "Follow vdc naming convention: earlyBootEnded" am: e8838a862d
Original change: https://android-review.googlesource.com/c/platform/system/vold/+/1512480

Change-Id: I7df00e8936fd2185541645594a9633317632fe99
2020-12-02 08:20:27 +00:00
Treehugger Robot
e8838a862d Merge "Follow vdc naming convention: earlyBootEnded" 2020-12-02 07:49:38 +00:00
Paul Crowley
ed06b3eabe Follow vdc naming convention: earlyBootEnded
vdc commands use camelCase, not kebab-case.

Test: EarlyBootKeyTest.CannotCreateEarlyBootKeys
Change-Id: I7be4d3008a731829e5d5e025216cb2ade238a530
2020-12-01 14:36:06 -08:00
Xin Li
bc9378c6f7 [automerger skipped] Skip rvc-qpr-dev-plus-aosp-without-vendor@6881855 am: 2d717e91f1 -s ours
am skip reason: Change-Id I51672944372d24483679d6f81df4e80869d3fd99 with SHA-1 3c11d4611a is in history

Original change: https://googleplex-android-review.googlesource.com/c/platform/system/vold/+/13114243

Change-Id: If77798f54d5570e882b6ddc8f7a4a3789f9998da
2020-11-24 03:44:30 +00:00
Xin Li
2d717e91f1 Skip rvc-qpr-dev-plus-aosp-without-vendor@6881855
Bug: 172690556
Merged-In: I51672944372d24483679d6f81df4e80869d3fd99
Change-Id: Ib64d7c9c68de9058bae79d0de9f9c59341d207c3
2020-11-23 16:26:04 -08:00
Martijn Coenen
eeff2fd76a [automerger skipped] Convert to lower fs path for createObb(). am: 772008dbca -s ours
am skip reason: Change-Id I98222bf844a6b7d8ec0d9873eddc71f61aa68c90 with SHA-1 d6a612ac20 is in history

Original change: https://googleplex-android-review.googlesource.com/c/platform/system/vold/+/13092479

Change-Id: I21651924e7b7f946aefb5e30a6d1fe17024b8e96
2020-11-20 11:20:58 +00:00
Martijn Coenen
772008dbca Convert to lower fs path for createObb().
Since /storage/emulated/userId isn't accessible for users != userId,
and vold should anyway try to avoid accessing the FUSE filesystem itself.

Bug: 172078780
Test: atest StorageManagerTest --user-type secondary_user
Change-Id: I98222bf844a6b7d8ec0d9873eddc71f61aa68c90
Merged-In: I98222bf844a6b7d8ec0d9873eddc71f61aa68c90
2020-11-20 07:51:04 +00:00
Martijn Coenen
39f8373ce4 Merge "Convert to lower fs path for createObb()." am: c237cbc575 am: 00382980e5 am: 1e3addab7f
Original change: https://android-review.googlesource.com/c/platform/system/vold/+/1505371

Change-Id: Ifd130be166f40ef78f3122444a25daeb2f36799c
2020-11-19 18:39:29 +00:00
Martijn Coenen
7befe510e1 Merge "Unmount pass_through path last." am: 2fb2757c2d am: 5b5083b8a9 am: a385e43146
Original change: https://android-review.googlesource.com/c/platform/system/vold/+/1505131

Change-Id: I910198959e1998dd385e6a105f85fe8fe4ad5458
2020-11-19 18:39:19 +00:00
Martijn Coenen
1e3addab7f Merge "Convert to lower fs path for createObb()." am: c237cbc575 am: 00382980e5
Original change: https://android-review.googlesource.com/c/platform/system/vold/+/1505371

Change-Id: Ibc7a9e7c4a3772e741d4f096fde99ee92e9dd06e
2020-11-19 18:07:45 +00:00
Martijn Coenen
a385e43146 Merge "Unmount pass_through path last." am: 2fb2757c2d am: 5b5083b8a9
Original change: https://android-review.googlesource.com/c/platform/system/vold/+/1505131

Change-Id: Ia2b063f404b23f794642d25e3755aeca571430c4
2020-11-19 18:07:35 +00:00
Martijn Coenen
00382980e5 Merge "Convert to lower fs path for createObb()." am: c237cbc575
Original change: https://android-review.googlesource.com/c/platform/system/vold/+/1505371

Change-Id: Ib2cacb3602bc21c5e6d03e15337c188ae2f7bdd5
2020-11-19 17:48:44 +00:00
Martijn Coenen
5b5083b8a9 Merge "Unmount pass_through path last." am: 2fb2757c2d
Original change: https://android-review.googlesource.com/c/platform/system/vold/+/1505131

Change-Id: I16944515f12a656d9b6a2da23a04b7615c9e2f1a
2020-11-19 17:48:36 +00:00
Martijn Coenen
c237cbc575 Merge "Convert to lower fs path for createObb()." 2020-11-19 17:31:54 +00:00
Martijn Coenen
2fb2757c2d Merge "Unmount pass_through path last." 2020-11-19 17:31:45 +00:00
Martijn Coenen
d6a612ac20 Convert to lower fs path for createObb().
Since /storage/emulated/userId isn't accessible for users != userId,
and vold should anyway try to avoid accessing the FUSE filesystem itself.

Bug: 172078780
Test: atest StorageManagerTest --user-type secondary_user
Change-Id: I98222bf844a6b7d8ec0d9873eddc71f61aa68c90
2020-11-19 15:27:55 +00:00
Martijn Coenen
64b3bba52e Unmount pass_through path last.
There've been reports of issues where, when a volume is ejected, the
MediaProvider process gets killed. This happens because the
MediaProvider has a file open on the volume (eg, during a scan). We do
abort the scan when the volume is ejected, however this could take some
time. So, we give MediaProvider a bit more time before getting killed,
by only looking for files open on the pass_through paths last. This
order anyway seems to make more sense - ideally we kill apps using
external storage before we unmount the pass_through path underlying it.

Bug: 171367622
Test: atets AdoptableHostTest
Change-Id: Ie8eacaa72a80ff8161ecf1e8c0243afcd890ee39
2020-11-19 09:08:50 +01:00
Martijn Coenen
a108cd8816 Merge "Call earlyBootEnded from vdc." am: 17ebcf7f99 am: 87869c2b77 am: 7faba479e3
Original change: https://android-review.googlesource.com/c/platform/system/vold/+/1496221

Change-Id: I06b3c1a67507da6d1cafa39079bb495f6ce6b800
2020-11-18 09:07:12 +00:00
Martijn Coenen
7faba479e3 Merge "Call earlyBootEnded from vdc." am: 17ebcf7f99 am: 87869c2b77
Original change: https://android-review.googlesource.com/c/platform/system/vold/+/1496221

Change-Id: I6ba0e5570a7e0d378f78a1d152e1133371f980ea
2020-11-18 08:37:38 +00:00
Martijn Coenen
87869c2b77 Merge "Call earlyBootEnded from vdc." am: 17ebcf7f99
Original change: https://android-review.googlesource.com/c/platform/system/vold/+/1496221

Change-Id: Ib084a4c16c790e274232fd4056b3af4b0e39fff7
2020-11-18 08:09:07 +00:00
Martijn Coenen
17ebcf7f99 Merge "Call earlyBootEnded from vdc." 2020-11-18 07:51:31 +00:00
Eric Biggers
8a05b5e981 Merge "Switch to exfatprogs compatible fsck parameter" am: dfd36fe6b6 am: 79f6bce6ba am: 9d16d7310f
Original change: https://android-review.googlesource.com/c/platform/system/vold/+/1441937

Change-Id: I3ae9201729736095edbb29d869b7c8fe2e9308ca
2020-11-12 18:14:19 +00:00
Eric Biggers
9d16d7310f Merge "Switch to exfatprogs compatible fsck parameter" am: dfd36fe6b6 am: 79f6bce6ba
Original change: https://android-review.googlesource.com/c/platform/system/vold/+/1441937

Change-Id: I6a01df4dfd2d655b649b62a233c56d558042ff65
2020-11-12 18:00:53 +00:00
Eric Biggers
79f6bce6ba Merge "Switch to exfatprogs compatible fsck parameter" am: dfd36fe6b6
Original change: https://android-review.googlesource.com/c/platform/system/vold/+/1441937

Change-Id: Ibd14595638ab5daf7965043d64cc5c06dddd1b7c
2020-11-12 17:48:16 +00:00
Eric Biggers
dfd36fe6b6 Merge "Switch to exfatprogs compatible fsck parameter" 2020-11-12 17:33:16 +00:00
Martijn Coenen
eed957f6a4 Call earlyBootEnded from vdc.
This allows us to determine the place where early boot ends from init.
It also allows fixing a bug where early boot wasn't ended previously on
devices without metadata encryption.

Bug: 168585635
Bug: 173005594
Test: inspect logs
Change-Id: I78775672a7d3c140e007235a10fb1d1bc816fcee
2020-11-12 11:03:27 +01:00
LuK1337
b8e07b20ad Switch to exfatprogs compatible fsck parameter
exfatprogs accepts 'y' for no interaction repair.

Change-Id: I2c436816a293a36fc9f0cd635cdb9ca3b5f88bfc
2020-11-11 19:45:05 +01:00
Eric Biggers
3949e7d717 Merge "KeyStorage: rework key upgrade handling" am: d5de2f22b7 am: 689b4e7110 am: fff8a16d21
Original change: https://android-review.googlesource.com/c/platform/system/vold/+/1483694

Change-Id: I8ce7002ba015f39bd5b925c987056805e86f9d3b
2020-11-10 01:39:05 +00:00
Eric Biggers
fff8a16d21 Merge "KeyStorage: rework key upgrade handling" am: d5de2f22b7 am: 689b4e7110
Original change: https://android-review.googlesource.com/c/platform/system/vold/+/1483694

Change-Id: I67dc8c73d5362b1bf5600fe612148f0ccc918179
2020-11-10 01:25:31 +00:00
Eric Biggers
689b4e7110 Merge "KeyStorage: rework key upgrade handling" am: d5de2f22b7
Original change: https://android-review.googlesource.com/c/platform/system/vold/+/1483694

Change-Id: Ib6c052565b3fe79eeb928daa564a7431f89aed22
2020-11-10 01:11:13 +00:00
Eric Biggers
d5de2f22b7 Merge "KeyStorage: rework key upgrade handling" 2020-11-10 00:39:24 +00:00
Eric Biggers
f74373b177 KeyStorage: rework key upgrade handling
Remove the error-prone 'keepOld' parameter, and instead make begin()
(renamed to BeginKeymasterOp()) do all the key upgrade handling.

Don't handle /data and /metadata differently anymore.  Previously, when
a checkpoint is active, key blob files were replaced on /data
immediately; only the actual Keymaster key deletion was delayed until
checkpoint commit.  But it's easier to just delay the key blob file
replacement too, as we have to implement that for /metadata anyway.

Also be more vigilant about deleting any leftover upgraded keys.

Test: Tested on bramble using an OTA rvc-d1-release => master.  In OTA
      success case, verified via logcat that the keys were upgraded and
      then were committed after the boot succeeded.  In OTA failure
      case, verified that the device still boots -- i.e., the old keys
      weren't lost.  Verified that in either case, no
      keymaster_key_blob_upgraded files were left over.  Finally, also
      tried 'pm create-user' and 'pm remove-user' and verified via
      logcat that the Keymaster keys still get deleted.
Change-Id: Ic9c3e63e0bcae0c608fc79050ca4a1676b3852ee
2020-11-05 19:58:26 -08:00
Eric Biggers
c1c68dede3 Merge "EncryptInplace: fsync cryptofd before reporting success" am: e244a15f34 am: 22f226245a am: 420868767f
Original change: https://android-review.googlesource.com/c/platform/system/vold/+/1488376

Change-Id: If74875c79d3f4c68895d35f2138e42ec9f355afc
2020-11-05 19:50:13 +00:00
Eric Biggers
420868767f Merge "EncryptInplace: fsync cryptofd before reporting success" am: e244a15f34 am: 22f226245a
Original change: https://android-review.googlesource.com/c/platform/system/vold/+/1488376

Change-Id: I8e7152cce18b1ed8b5f1265c08e2abb403deef9c
2020-11-05 19:23:28 +00:00
Eric Biggers
22f226245a Merge "EncryptInplace: fsync cryptofd before reporting success" am: e244a15f34
Original change: https://android-review.googlesource.com/c/platform/system/vold/+/1488376

Change-Id: I10ff2f5cccf00fbd3cbac93059ce7f069911e9c4
2020-11-05 19:09:37 +00:00
Eric Biggers
e244a15f34 Merge "EncryptInplace: fsync cryptofd before reporting success" 2020-11-05 18:51:13 +00:00
Eric Biggers
e4bf57a6d3 [automerger skipped] KeyUtil: don't use keepOld=true for system DE and volume keys am: 2c9d6d6675 -s ours
am skip reason: Change-Id I42d3f5fbe32cb2ec229f4b614cfb271412a3ed29 with SHA-1 c493903732 is in history

Original change: https://googleplex-android-review.googlesource.com/c/platform/system/vold/+/12971598

Change-Id: Ieb69946c8c2a6640b7af58561d872b50022d4f5b
2020-11-05 17:50:20 +00:00
Eric Biggers
1ba8865fec EncryptInplace: fsync cryptofd before reporting success
fsync() the cryptofd when done writing to it.  Without this, any
remaining dirty pages in the crypto_blkdev's page cache (which there
might be a lot of, even as much as all the data that was written) won't
be flushed to disk until the cryptofd is closed, which ignores I/O
errors and is also after we already reported 100% completion.

There wasn't an fsync() in the original version either, so we've been
getting by without it, but it seems it should be there.

Change-Id: Idd1be3ae67ce96ecf3946b9efb9fc57414f5805a
2020-11-04 19:24:19 -08:00
Eric Biggers
0b705b5167 Merge changes from topic "encryptinplace-cleanup" am: 91e4f1dd76 am: ee175c954a am: 992e8dfdaa
Original change: https://android-review.googlesource.com/c/platform/system/vold/+/1467990

Change-Id: Ic3f7333839a1aceffff621ec8f592b744778cdef
2020-11-04 20:23:01 +00:00
Eric Biggers
992e8dfdaa Merge changes from topic "encryptinplace-cleanup" am: 91e4f1dd76 am: ee175c954a
Original change: https://android-review.googlesource.com/c/platform/system/vold/+/1467990

Change-Id: If0f5196b66387b3a195b10c1b48d030f7bb8eb5a
2020-11-04 19:53:11 +00:00
Eric Biggers
ee175c954a Merge changes from topic "encryptinplace-cleanup" am: 91e4f1dd76
Original change: https://android-review.googlesource.com/c/platform/system/vold/+/1467990

Change-Id: I50e47bd1cb102b9013542b0676258a79ac44b6b1
2020-11-04 19:15:05 +00:00
Eric Biggers
91e4f1dd76 Merge changes from topic "encryptinplace-cleanup"
* changes:
  Refactor EncryptInplace.cpp
  Correctly calculate tot_used_blocks on ext4 with uninit_bg
  Fix memory leak of f2fs_info
  Remove special handling for missing crypto_blkdev
  Check return value of create_crypto_blk_dev()
  Remove unused support for partial encryption
2020-11-04 18:47:05 +00:00
Eric Biggers
f038c5f5e1 Refactor EncryptInplace.cpp
Refactor EncryptInplace.cpp to simplify and improve it a lot.  This is
everything that didn't fit into prior commits, including:

- Share a lot more code between ext4, f2fs, and full encryption.

- Improve the log messages.  Most importantly, don't spam the log with
  huge numbers of messages, and don't log errors in expected cases.
  Note: generate_f2fs_info() is still too noisy, but that's part of
  "system/extras", not vold, so this change doesn't change that.

- When possible, do 32K reads/writes for f2fs and for full encryption,
  not just for ext4.  This might improve performance.

- Take advantage of C++ functionality.

- Be more careful about edge cases.  E.g. if the calculation of the
  number of blocks to encrypt was wrong, don't set vold.encrypt_progress
  to > 99 until we're actually done.

The net change is over 200 lines removed.

Before-after comparison of log when enabling metadata encryption:

ext4 before:
    I vold    : Beginning inplace encryption, nr_sec: 16777216
    D vold    : cryptfs_enable_inplace(/dev/block/dm-8, /dev/block/by-name/userdata, 16777216, 0)
    D vold    : Opening/dev/block/by-name/userdata
    D vold    : Opening/dev/block/dm-8
    I vold    : Encrypting ext4 filesystem in place...
    [omitted 6387 log messages]
    I vold    : Encrypted to sector 822084608
    D vold    : cryptfs_enable_inplace_ext4 success
    I vold    : Inplace encryption complete

ext4 after:
    D vold    : encrypt_inplace(/dev/block/dm-8, /dev/block/by-name/userdata, 16777216, false)
    D vold    : ext4 filesystem has 64 block groups
    I vold    : Encrypting ext4 filesystem on /dev/block/by-name/userdata in-place via /dev/block/dm-8
    I vold    : 50327 blocks (206 MB) of 2097152 blocks are in-use
    D vold    : Encrypted 10000 of 50327 blocks
    D vold    : Encrypted 20000 of 50327 blocks
    D vold    : Encrypted 30000 of 50327 blocks
    D vold    : Encrypted 40000 of 50327 blocks
    D vold    : Encrypted 50000 of 50327 blocks
    D vold    : Encrypted 50327 of 50327 blocks
    I vold    : Successfully encrypted ext4 filesystem on /dev/block/by-name/userdata

f2fs before:
    I vold    : Beginning inplace encryption, nr_sec: 16777216
    D vold    : cryptfs_enable_inplace(/dev/block/dm-8, /dev/block/by-name/userdata, 16777216, 0)
    D vold    : Opening/dev/block/by-name/userdata
    D vold    : Opening/dev/block/dm-8
    E vold    : Reading ext4 extent caused an exception
    D vold    : cryptfs_enable_inplace_ext4()=-1
    [omitted logspam from f2fs_sparseblock]
    I vold    : Encrypting from block 0
    I vold    : Encrypted to block 15872
    I vold    : Encrypting from block 16384
    I vold    : Encrypted to block 16385
    I vold    : Encrypting from block 17408
    I vold    : Encrypted to block 17412
    D vold    : cryptfs_enable_inplace_f2fs success
    I vold    : Inplace encryption complete

f2fs after:
    D vold    : encrypt_inplace(/dev/block/dm-8, /dev/block/by-name/userdata, 16777216, false)
    [omitted logspam from f2fs_sparseblock]
    I vold    : Encrypting f2fs filesystem on /dev/block/by-name/userdata in-place via /dev/block/dm-8
    I vold    : 15880 blocks (65 MB) of 2097152 blocks are in-use
    D vold    : Encrypted 10000 of 15880 blocks
    D vold    : Encrypted 15880 of 15880 blocks
    I vold    : Successfully encrypted f2fs filesystem on /dev/block/by-name/userdata

Test: Booted Cuttlefish with metadata encryption enabled and with the
      userdata filesystem using (1) ext4, (2) f2fs, and (3) f2fs but
      with EncryptInplace.cpp patched to not recognize the filesystem
      and fall back to the "full" encryption case.  Checked that the log
      messages were as expected and that /data was mounted.

      I've had no luck testing FDE yet; it doesn't work even without
      these changes.  Suggestions appreciated...

Change-Id: I08fc8465f7962abd698904b5466f3ed080d53953
2020-11-03 14:16:32 -08:00
Eric Biggers
7e70d6939d Correctly calculate tot_used_blocks on ext4 with uninit_bg
The calculated number of blocks to encrypt is too high on ext4
filesystems that have the uninit_bg feature.  This is because the
calculation assumes that all blocks not counted in bg_free_blocks_count
need to encrypted.  But actually, uninitialized block groups have inode
blocks which vold doesn't encrypt since they are uninitialized, but they
are "allocated" and thus reduce bg_free_blocks_count.

Therefore, add a helper function num_base_meta_blocks_in_group() which
returns the number of blocks to encrypt in an uninitialized block group.
Use it both for the encryption and for calculating 'tot_used_blocks'.

Also compute 'tot_used_blocks' additively rather than subtractively, as
this is easier to understand.

Test: see I08fc8465f7962abd698904b5466f3ed080d53953
Change-Id: I4d2cb40291da67dd1bafd61289ccb9e6343bfda3
2020-11-03 14:11:01 -08:00
Eric Biggers
b3ba087d9c Fix memory leak of f2fs_info
'struct f2fs_info' from system/extras/f2fs_utils is supposed to be
freed using free_f2fs_info(), not just free().

Test: see I08fc8465f7962abd698904b5466f3ed080d53953
Change-Id: If6e75e5c604b40be24538b156a37cc76f4f0d4f7
2020-11-03 14:11:01 -08:00
Eric Biggers
69520d2d39 Remove special handling for missing crypto_blkdev
This logic is no longer necessary, since the code that creates the
crypto_blkdev (create_crypto_blk_dev() in MetadataCrypt.cpp or in
cryptfs.cpp) now waits for the block device to appear before continuing.

It's also worth noting that the retry loop was only present for ext4,
not for f2fs, yet most Android devices are using f2fs these days.

Test: see I08fc8465f7962abd698904b5466f3ed080d53953
Change-Id: I173ca6cc187a810e008990dfa22aede58632db25
2020-11-03 14:11:01 -08:00