tequilaOS/platform_system_vold
2
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity
5566 commits 1 branch 0 tags 9.7 MiB
Commit graph

5566 commits

This branch
This branch
All branches
Author SHA1 Message Date
Oleg Lyovin
667de184ed Fix unhandled exception when FUSE disabled 
When running on kernel without FUSE, fs::directory_iterator
throws exception since /sys/fs/fuse/connections is missing.

This patch uses non-throwing fs::directory_iterator
and adds explicit error check.

Test: vold doesn't fail with FUSE disabled
Signed-off-by: Oleg Lyovin <ovlevin@sberdevices.ru>
Change-Id: I51b68363edf75033fcec3ce5623f419d5a68c991
 2022-11-08 18:49:18 +03:00
Eric Biggers
b0a170136c Merge "Stop using the "stretching" file" 2022-10-13 19:46:32 +00:00
Eric Biggers
f187f05110 Stop using the "stretching" file 
As a small optimization and code simplification, stop reading and
writing the "stretching" file alongside each stored key.  vold never
does key stretching anymore.

There was one special case in the code where if the stretching file
existed and contained "nopassword", then the secret was ignored.
However, this didn't seem to be of any use, especially since it didn't
cause Keystore to be used, so it did *not* allow a key stored with no
secret to be read if a secret was unexpectedly provided.

Bug: 232452368
Bug: 251131631
Bug: 251147505
Change-Id: I5a7cbba7492526e51c451f222b9413d9fae6bce5
 2022-10-13 04:11:27 +00:00
Eric Biggers
7cc31eb7b0 Merge "Don't use a secdiscardable file for keys encrypted by SP" 2022-10-10 16:26:26 +00:00
Eric Biggers
08f4bdfe98 Don't use a secdiscardable file for keys encrypted by SP 
Storage keys that are encrypted by the user's synthetic password don't
need to be securely deletable by vold, since secure deletion is already
implemented at a higher level: the synthetic password protectors managed
by LockSettingsService.  Therefore, remove the use of the secdiscardable
file by vold in this case to improve performance.

Bug: 232452368
Bug: 251131631
Bug: 251147505
Change-Id: I847d6cd3b289dbeb1ca2760d6e261a78c179cad0
 2022-10-07 16:26:29 +00:00
Eric Biggers
03ad91c3c2 Merge "cryptfs: Update the size of dm-crypt device according to sector size" 2022-09-29 16:26:44 +00:00
Hongyu Jin
8eeb028338 cryptfs: Update the size of dm-crypt device according to sector size 
The legacy method for metadata encryption on adoptable storage failed
when the size of the block device isn't a multiple of the crypto sector size.

Update the size of dm-crypt device according to sector size
before construct dm_target.

Bug: 248582018
Change-Id: I5c78889bdfedca7f7b0704500fc313d7a48d5a3b
Signed-off-by: Hongyu Jin <hongyu.jin@unisoc.com>
 2022-09-28 17:44:44 +08:00
Xin Li
3f658163ee Merge "DO NOT MERGE - Merge Android 13" 2022-08-16 19:11:38 +00:00
Elliott Hughes
dd7cfa9e15 Merge "Switch to C23's memset_explicit()." 2022-08-16 15:27:20 +00:00
Trevor Radcliffe
bdba7cdaa3 Merge "Point directly to generated c sysprop_library" 2022-08-16 15:09:25 +00:00
Xin Li
302f60e5f3 DO NOT MERGE - Merge Android 13 
Bug: 242648940
Merged-In: I648a1af9e16787dfcfeefa2b2f2e4a72cac2c6a6
Change-Id: I137ddfb8ebd31457540743ad05a794a3526c6bf6
 2022-08-15 22:06:36 -07:00
Elliott Hughes
78c33f3f5e Switch to C23's memset_explicit(). 
Test: treehugger
Change-Id: Ib6ef45cedaf95fa251d0b03de0f14701f910d063
 2022-08-15 23:10:28 +00:00
Trevor Radcliffe
c6644f9b07 Point directly to generated c sysprop_library 
Bug: 226199990
Test: m
Change-Id: Ic24c608eae89b4f2cb6248e14090a3016d542407
 2022-08-12 18:26:10 +00:00
Treehugger Robot
30491f5575 Merge "KeyStorage: don't request rollback resistance for wrapped storage keys" am: ca648a0217 
Original change: https://android-review.googlesource.com/c/platform/system/vold/+/2168846

Change-Id: I77397b7fe7b8d25db567e5b8ea9570fd98aca28c
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
 2022-08-01 23:44:19 +00:00
Treehugger Robot
ca648a0217 Merge "KeyStorage: don't request rollback resistance for wrapped storage keys" 2022-08-01 23:21:50 +00:00
Eric Biggers
2d30b890d2 KeyStorage: don't request rollback resistance for wrapped storage keys 
Hardware-wrapped inline encryption keys (a.k.a. "wrapped storage keys"
or "TAG_STORAGE_KEY keys") are being generated with rollback resistance
enabled, but are never deleted.  This leaks the space that KeyMint
implementations reserve for rollback-resistant keys, e.g. space in the
RPMB.  This is a problem especially for the per-boot key, as that gets
regenerated every time the device is rebooted.  After enough reboots,
KeyMint runs out of space for rollback-resistant keys.  This stops any
new or upgraded keys from being rollback-resistant, reducing security.

This bug affects all devices that use HW-wrapped inline encryption keys
for FBE (have "wrappedkey_v0" in the options for fileencryption in their
fstab), and whose KeyMint implementations support TAG_STORAGE_KEY in
combination with TAG_ROLLBACK_RESISTANCE.  But it's more of a problem on
devices that are rebooted frequently, as per the above.

Fix this bug by not requesting rollback resistance for HW-wrapped inline
encryption keys.  It was a mistake for these keys to ever be rollback-
resistant, as they are simply a stand-in for raw keys.  Secure deletion
instead has to happen higher up the stack, via the Keystore key that
encrypts these keys being deleted, or via the Keystore key and/or Weaver
slot needed to decrypt the user's synthetic password being deleted.

(It was also a mistake for HW-wrapped inline encryption keys to use
Keystore at all.  The revised design for them that I'm working on for
upstream Linux doesn't use Keystore.  But for now, Android uses Keystore
for them, and the fix is to not request rollback resistance.)

Bug: 240533602
Fixes: 3dfb094cb2 ("vold: Support Storage keys for FBE")
Change-Id: I648a1af9e16787dfcfeefa2b2f2e4a72cac2c6a6
 2022-07-28 18:48:46 +00:00
Treehugger Robot
77e4ab8031 Merge "Rename fuse_media.o to fuseMedia.o" am: cbdbc35ba0 
Original change: https://android-review.googlesource.com/c/platform/system/vold/+/2150775

Change-Id: If343000a8dd36de4584057eb4ac026e50a9ce538
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
 2022-07-22 16:45:56 +00:00
Treehugger Robot
cbdbc35ba0 Merge "Rename fuse_media.o to fuseMedia.o" 2022-07-22 16:33:09 +00:00
Daeho Jeong
69754352bb Merge "Introduce target dirty segment ratio tunable parameter" am: c3a7391c94 
Original change: https://android-review.googlesource.com/c/platform/system/vold/+/2135595

Change-Id: I42b8baffdfe9bea0d66d310952aa4c8403c36ad3
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
 2022-07-14 15:13:20 +00:00
Daeho Jeong
c3a7391c94 Merge "Introduce target dirty segment ratio tunable parameter" 2022-07-14 14:56:13 +00:00
Ken Chen
0093f6ae04 Rename fuse_media.o to fuseMedia.o 
Underscore character may cause bpf prog/map naming collision. For
example, x.o with map y_z and x_y.o with map z both result in x_y_z
prog/map name, which should be prevented during compile-time.

aosp/2147825 will prohibit underscore character in bpf source name
(source name derives the obj name). Existing bpf modules with underscore
characters in source name need to be updated accordingly.

Bug: 236706995
Test: build
Change-Id: Ie6ea47560b1d44de0a0d9d124e17616fee6b0922
 2022-07-12 05:38:39 +00:00
Daeho Jeong
fc5cdcf04a Merge "Make minimum gc sleep time tunnable" am: a5d927ba6a 
Original change: https://android-review.googlesource.com/c/platform/system/vold/+/2132536

Change-Id: I3fc545927eeed476f75e5a72b373d5f6e4a92829
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
 2022-07-07 19:01:06 +00:00
Daeho Jeong
a5d927ba6a Merge "Make minimum gc sleep time tunnable" 2022-07-07 18:39:46 +00:00
Daeho Jeong
37cf9d79ab Introduce target dirty segment ratio tunable parameter 
We introduce a new parameter of target dirty segment ratio,
which can be used to set a target dirty / (dirty + free) segments
ratio. For example, if we set this as 80%, GC sleep time will be
calculated to achieve this ratio in a GC period.

Test: check smart idle maint log of StorageManagerService
Signed-off-by: Daeho Jeong <daehojeong@google.com>
Change-Id: I73f2bcf4bdb810164c174bd0d2518b15d577d5d5
 2022-07-04 21:23:46 +00:00
Xin Li
f0521e8b09 Merge "Merge tm-dev-plus-aosp-without-vendor@8763363" into stage-aosp-master 2022-06-29 21:22:02 +00:00
Treehugger Robot
de2d1b6cc7 Merge "Convert vold to new BootControl client" am: 6083e0196b 
Original change: https://android-review.googlesource.com/c/platform/system/vold/+/2132797

Change-Id: I97d3bcacc85ba0295ccadd216a3db8cabf0cc3a2
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
 2022-06-29 18:38:33 +00:00
Treehugger Robot
6083e0196b Merge "Convert vold to new BootControl client" 2022-06-29 18:03:39 +00:00
Xin Li
b730112c98 Merge tm-dev-plus-aosp-without-vendor@8763363 
Bug: 236760014
Merged-In: Ieb371b7fdebfe938206a45547bb24dfbf2c2e7be
Change-Id: I521a37a205961186baeeebc82668055fe19c2091
 2022-06-27 23:40:18 +00:00
Daeho Jeong
3fd33ece35 Make minimum gc sleep time tunnable 
Test: check smart idle maint log of StorageManagerService
Signed-off-by: Daeho Jeong <daehojeong@google.com>
Change-Id: I5a70e4ec2ca895551b6446a9dfd4bb5003a3fbd0
 2022-06-23 16:20:45 -07:00
Kelvin Zhang
dec03ab380 Convert vold to new BootControl client 
Test: th
Bug: 227536004
Change-Id: Ia2f8b51d6d3175999b2434454f0ee4e14bde934e
 2022-06-22 15:14:55 -07:00
Eric Biggers
9d2e149521 Merge "Rename fscrypt_is_native() to IsFbeEnabled()" am: d99898496f am: e51736136a 
Original change: https://android-review.googlesource.com/c/platform/system/vold/+/2128492

Change-Id: Ic0ef4032bd5596c53f3c7c148928208f62b29300
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
 2022-06-22 19:07:49 +00:00
Eric Biggers
e51736136a Merge "Rename fscrypt_is_native() to IsFbeEnabled()" am: d99898496f 
Original change: https://android-review.googlesource.com/c/platform/system/vold/+/2128492

Change-Id: I9d329a1da16d949f0f73d69dd943547a3f849fcb
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
 2022-06-22 18:47:33 +00:00
Eric Biggers
d99898496f Merge "Rename fscrypt_is_native() to IsFbeEnabled()" 2022-06-22 18:24:38 +00:00
Daeho Jeong
7f6de29a04 Use sysfs control for storage device GC am: d96b2ac076 
Original change: https://googleplex-android-review.googlesource.com/c/platform/system/vold/+/18972074

Change-Id: I97bcf7e649090234866db71dd7454e2cd8af0b9e
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
 2022-06-21 21:32:45 +00:00
Daeho Jeong
d96b2ac076 Use sysfs control for storage device GC 
Sometimes, waiting for the HAL makes infinite calls to HAL and ending
up with power consuming issues. While tracking the root cause, we will
temporally turn off HAL for storage device GC.

Bug: 235470321
Test: run "sm idle-maint run"
Ignore-AOSP-First: This is a temporal fix for Android TM devices.
Signed-off-by: Daeho Jeong <daehojeong@google.com>
Change-Id: Ieb371b7fdebfe938206a45547bb24dfbf2c2e7be
 2022-06-17 23:31:35 +00:00
Eric Biggers
a6957c0f7a Rename fscrypt_is_native() to IsFbeEnabled() 
Now that emulated FBE is no longer supported, there is no longer any
distinction between native FBE and emulated FBE.  There is just FBE.

Referring to FBE as "fscrypt" is also poor practice, as fscrypt (the
Linux kernel support for filesystem-level encryption) is just one part
of FBE, the Android feature.

Therefore, rename fscrypt_is_native() to IsFbeEnabled().

Bug: 232458753
Change-Id: Idf4cb25d37bc3e81836fcc5a1d96f79ccfa443b7
 2022-06-15 18:52:18 +00:00
Eric Biggers
a7c591bb75 Merge "Remove obsolete support for emulated FBE" am: 7b04dba53e am: 2e4373b415 
Original change: https://android-review.googlesource.com/c/platform/system/vold/+/2101774

Change-Id: I9595487eb191397c30a795989b2f3ede636b4b0b
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
 2022-06-09 19:52:48 +00:00
Eric Biggers
2e4373b415 Merge "Remove obsolete support for emulated FBE" am: 7b04dba53e 
Original change: https://android-review.googlesource.com/c/platform/system/vold/+/2101774

Change-Id: Ia4a90c62bf8e974aa51c19791668b6706d84d087
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
 2022-06-09 18:59:35 +00:00
Eric Biggers
7b04dba53e Merge "Remove obsolete support for emulated FBE" 2022-06-09 18:42:00 +00:00
Jaegeuk Kim
08c3cbdf93 Merge "Support zoned device with dm-default-key" am: bb97be3d82 am: 43c03c3fe7 
Original change: https://android-review.googlesource.com/c/platform/system/vold/+/2116417

Change-Id: Ib67668826bf1f6c89cde82bde67bb1e103395e0f
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
 2022-06-09 15:27:49 +00:00
Jaegeuk Kim
43c03c3fe7 Merge "Support zoned device with dm-default-key" am: bb97be3d82 
Original change: https://android-review.googlesource.com/c/platform/system/vold/+/2116417

Change-Id: I6d01a22e9e2b4770be90797e4f94199058de2144
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
 2022-06-09 15:09:58 +00:00
Jaegeuk Kim
bb97be3d82 Merge "Support zoned device with dm-default-key" 2022-06-09 14:53:25 +00:00
Jaegeuk Kim
f6151b434c Support zoned device with dm-default-key 
Note that, encrypt_inplace cannot support zoned device, since it
doesn't support in-place updates. And, dm-default-key will have
a different key.

Bug: 172378121
Signed-off-by: Jaegeuk Kim <jaegeuk@google.com>
Change-Id: I34cb1e747e0f3faa07c5a4bfeded11fb789a033c
 2022-06-07 18:43:54 -07:00
Daeho Jeong
019a2d5777 [automerger skipped] Merge "vold: fix the range of stopped state of idleMaint" into tm-dev am: baee102002 -s ours 
am skip reason: Merged-In I785c8aeebd8fcf58c34d9be9968d99634d0b420a with SHA-1 372b3510b5 is already in history

Original change: https://googleplex-android-review.googlesource.com/c/platform/system/vold/+/18473902

Change-Id: I427409239d386c4fba44ec7bcd87989e51e529a4
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
 2022-05-20 22:17:58 +00:00
Daeho Jeong
9c232cc152 [automerger skipped] vold: fix the range of stopped state of idleMaint am: 7667d64ab8 -s ours 
am skip reason: Merged-In I785c8aeebd8fcf58c34d9be9968d99634d0b420a with SHA-1 372b3510b5 is already in history

Original change: https://googleplex-android-review.googlesource.com/c/platform/system/vold/+/18473902

Change-Id: I2e2a4afa9fd769dffc6c39d0c69a13418d03ca6f
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
 2022-05-20 22:17:56 +00:00
Daeho Jeong
baee102002 Merge "vold: fix the range of stopped state of idleMaint" into tm-dev 2022-05-20 21:15:13 +00:00
Zimuzo Ezeozue
2b5038faa5 Merge "Abort FUSE as part of volume reset" am: 3712b8de01 am: 73383ddb7f 
Original change: https://android-review.googlesource.com/c/platform/system/vold/+/2101651

Change-Id: I96d9d16e7989a547b3c0bfa97317f3e6e136bfab
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
 2022-05-20 13:15:55 +00:00
Zimuzo Ezeozue
73383ddb7f Merge "Abort FUSE as part of volume reset" am: 3712b8de01 
Original change: https://android-review.googlesource.com/c/platform/system/vold/+/2101651

Change-Id: I7e4e62ee8b89168c03ab86071a8e7e109958906b
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
 2022-05-20 12:45:14 +00:00
Corina Grigoras
97c642cc99 Merge "Abort FUSE as part of volume reset" into tm-dev am: 05098fee39 
Original change: https://googleplex-android-review.googlesource.com/c/platform/system/vold/+/18492349

Change-Id: Ie48a761a1b173f66e3cddbae6f965148c7a18645
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
 2022-05-20 12:43:50 +00:00
Corina Grigoras
05098fee39 Merge "Abort FUSE as part of volume reset" into tm-dev 2022-05-20 09:59:53 +00:00