Commit graph

3943 commits

Author SHA1 Message Date
Eric Biggers
6b84039847 FsCrypt: silently skip "." and ".." when loading keys
Avoid logging useless messages like:

    D vold    : Skipping non-key .
    D vold    : Skipping non-key ..
    D vold    : Skipping non-de-key .
    D vold    : Skipping non-de-key ..

Change-Id: I8d2bd67d554605a5ab9faadd3730870dfe0881f6
2020-11-02 15:47:42 -08:00
Eric Biggers
7bcf427369 Utils: add IsDotOrDotDot() and use it in the appropriate places
Change-Id: I704522b26acfb3e7c423d9a14d69ede513b50482
2020-11-02 15:47:24 -08:00
Eric Biggers
4a969dba60 Merge "KeyUtil: don't use keepOld=true for system DE and volume keys" 2020-11-02 23:31:23 +00:00
Eric Biggers
c493903732 KeyUtil: don't use keepOld=true for system DE and volume keys
Commit 77df7f207d / http://aosp/1217657 ("Refactor to use
EncryptionPolicy everywhere we used to use raw_ref") unintentionally
made fscrypt_initialize_systemwide_keys() start specifying keepOld=true
(via default parameter value) when retrieving the system DE key, and
likewise for read_or_create_volkey() and volume keys.

As a result, if the associated Keymaster key needs to be upgraded, the
upgraded key blob gets written to "keymaster_key_blob_upgraded", but it
doesn't replace the original "keymaster_key_blob", nor is the original
key deleted from Keymaster.  This happens at every boot, eventually
resulting in the RPMB partition in Keymaster becoming full.

Only the metadata encryption key ever needs keepOld=true, since it's the
only key that isn't stored in /data, and the purpose of keepOld=true is
to allow a key that isn't stored in /data to be committed or rolled back
when a userdata checkpoint is committed or rolled back.

So, fix this bug by removing the default value of keepOld, and
specifying false everywhere except the metadata encryption key.

Note that when an affected device gets this fix, it will finally upgrade
its system DE key correctly.  However, this fix doesn't free up space in
Keymaster that was consumed by this bug.

Test: On bramble:
  - Flashed rvc-d1-dev build, with wiping userdata
  - Flashed a newer build, without wiping userdata
  - Log expectedly shows key upgrades:
        $ adb logcat | grep 'Upgrading key'
        D vold    : Upgrading key: /metadata/vold/metadata_encryption/key
        D vold    : Upgrading key: /data/unencrypted/key
        D vold    : Upgrading key: /data/misc/vold/user_keys/de/0
        D vold    : Upgrading key: /data/misc/vold/user_keys/ce/0/current
  - Rebooted
  - Log unexpectedly shows the system DE key being upgraded again:
        $ adb logcat | grep 'Upgrading key'
        D vold    : Upgrading key: /data/unencrypted/key
  - "keymaster_key_blob_upgraded" unexpectedly still exists:
        $ adb shell find /data /metadata -name keymaster_key_blob_upgraded
        /data/unencrypted/key/keymaster_key_blob_upgraded
  - Applied this fix and flashed, without wiping userdata
  - Log shows system DE key being upgraded (expected because due to the
    bug, the upgraded key didn't replace the original one before)
        $ adb logcat | grep 'Upgrading key'
        D vold    : Upgrading key: /data/unencrypted/key
  - "keymaster_key_blob_upgraded" expectedly no longer exists
        $ adb shell find /data /metadata -name keymaster_key_blob_upgraded
  - Rebooted
  - Log expectedly doesn't show any more key upgrades
        $ adb logcat | grep 'Upgrading key'
Bug: 171944521
Bug: 172019387
Change-Id: I42d3f5fbe32cb2ec229f4b614cfb271412a3ed29
2020-10-30 14:53:43 -07:00
Eric Biggers
569fb8365e Merge "Fix argument type for FS_IOC_GETFLAGS and FS_IOC_SETFLAGS" 2020-10-28 16:16:26 +00:00
Eric Biggers
f9d9ac29d0 Fix argument type for FS_IOC_GETFLAGS and FS_IOC_SETFLAGS
These ioctls take a pointer to an 'int' (or an 'unsigned int', it
doesn't matter), not an 'unsigned long'.  See 'man ioctl_iflags'.
Presumably it happened to work anyway because Android only runs on
little endian platforms.

Bug: 146419093
Bug: 163453310
Change-Id: I73099dafd4ee8d497c0a754149271871a37454f6
Signed-off-by: Eric Biggers <ebiggers@google.com>
2020-10-28 04:48:09 +00:00
Yo Chiang
cb581cc8de Merge "Add IVold::destroyDsuMetadataKey()" 2020-10-26 05:27:36 +00:00
Treehugger Robot
739ca2c298 Merge "Set media folder +F for adopted storage as well" 2020-10-21 22:04:11 +00:00
Daniel Rosenberg
cc874804dd Set media folder +F for adopted storage as well
We previously only set +F for /data/media, but adopted storage needs
this as well. Instead we add support for adding attrs to PrepareDir.

Bug: 163453310
Test: sm set-virtual-disk true
      follow UI setup and confirm +F on /mnt/expand/*/media
Change-Id: I08f13b57a4de3538e88b38eb95b0ac115a5a5ce8
Merged-In: I08f13b57a4de3538e88b38eb95b0ac115a5a5ce8
2020-10-20 18:55:54 -07:00
Eric Biggers
4f5e9c196f Merge "vold: Generate storage key without rollback resistance" 2020-10-20 23:17:22 +00:00
Gaurav Kashyap
75736a8811 vold: Generate storage key without rollback resistance
Generate a storage key without rollback_resistance when device doesnt
support the corresponding tag.

Bug: 168527558

Change-Id: Iaf27c64dba627a31c9cbd9178458bf6785d00251
2020-10-20 16:19:33 +00:00
Eric Biggers
8671044a64 Merge changes Idc575106,Id6457a2b am: 3e0e53dbe5
Original change: https://android-review.googlesource.com/c/platform/system/vold/+/1462712

Change-Id: If01239e184cd19de660fa158d599c9826ea0cf71
2020-10-19 16:26:21 +00:00
Eric Biggers
5a1e03f705 Merge "MetadataCrypt: remove unnecessary retry loop" am: 80fdc5a4e3
Original change: https://android-review.googlesource.com/c/platform/system/vold/+/1462708

Change-Id: Id26dbda854480c74d07fcec87f1d045325bf625a
2020-10-19 16:26:15 +00:00
Eric Biggers
4d0d21e69d Merge "Silence useless LOOP_GET_STATUS64 warnings" am: 6f70c92aee
Original change: https://android-review.googlesource.com/c/platform/system/vold/+/1462709

Change-Id: I75d169008b857848c314598cac4d87f27d6919b1
2020-10-19 16:26:06 +00:00
Eric Biggers
3e0e53dbe5 Merge changes Idc575106,Id6457a2b
* changes:
  IdleMaint: skip swap space, bind mounts, and virtual filesystems
  IdleMaint: use fstab_default from VoldUtil
2020-10-19 16:08:02 +00:00
Eric Biggers
80fdc5a4e3 Merge "MetadataCrypt: remove unnecessary retry loop" 2020-10-19 16:05:53 +00:00
Eric Biggers
6f70c92aee Merge "Silence useless LOOP_GET_STATUS64 warnings" 2020-10-19 16:05:17 +00:00
Eric Biggers
9a3dc8c709 IdleMaint: skip swap space, bind mounts, and virtual filesystems
When the idle maintenance task runs on Cuttlefish, there are several
warnings printed to logcat after the expected messages:

    D vold    : Starting trim of /data
    I vold    : Trimmed 0 bytes on /data in 36ms
    D vold    : Starting trim of /cache
    I vold    : Trimmed 58662912 bytes on /cache in 0ms
    D vold    : Starting trim of /metadata
    I vold    : Trimmed 7725056 bytes on /metadata in 12ms
    D vold    : Starting trim of none
    W vold    : Failed to open none: No such file or directory
    D vold    : Starting trim of /sdcard
    W vold    : Failed to open /sdcard: Not a directory
    D vold    : Starting trim of /mnt/vendor/shared
    W vold    : Trim failed on /mnt/vendor/shared: Inappropriate ioctl for device

This is because vold gathers the filesystems to trim from the fstab, but
it fails to exclude some entries that aren't appropriate to trim:

    /dev/block/zram0 none swap defaults zramsize=75%
    /tmp /sdcard none defaults,bind recoveryonly
    shared /mnt/vendor/shared virtiofs nosuid,nodev,noatime nofail

These should be excluded because they are swap space, a bind mount, and
a virtual filesystem respectively.

Fix addFromFstab() to exclude the above cases.

Afterwards, the messages on Cuttlefish are:

    D vold    : Starting trim of /data
    I vold    : Trimmed 0 bytes on /data in 39ms
    D vold    : Starting trim of /cache
    I vold    : Trimmed 58662912 bytes on /cache in 0ms
    D vold    : Starting trim of /metadata
    I vold    : Trimmed 9822208 bytes on /metadata in 12ms

Change-Id: Idc575106fe6f81c737f684429d58dba4bd5478ad
2020-10-15 16:56:16 -07:00
Eric Biggers
019d5163cc IdleMaint: use fstab_default from VoldUtil
vold already reads the default fstab into memory when starting up, and
the default fstab isn't allowed to change later.  So in IdleMaint.cpp,
just use 'fstab_default' instead of reading it again.

This also has the advantage that fstab entries for "logical partitions"
now get a properly updated blk_device, which is needed in order to start
using blk_device to exclude virtual filesystems in addFromFstab().

Change-Id: Id6457a2b7972d01dde4bca0c5f2da86374d930af
2020-10-15 16:54:38 -07:00
Eric Biggers
10724d93a1 Silence useless LOOP_GET_STATUS64 warnings
When vold starts up, there are lots of warnings like:

    W vold    : Failed to LOOP_GET_STATUS64 /dev/block/loop30: No such device or address
    W vold    : Failed to LOOP_GET_STATUS64 /dev/block/loop29: No such device or address
    W vold    : Failed to LOOP_GET_STATUS64 /dev/block/loop28: No such device or address

vold is iterating through all loop devices and unbinding the file from
any vold-managed ones.

It's expected that not all loop devices have a file bound to them,
however.  On these, LOOP_GET_STATUS64 fails with ENXIO.

Don't print a warning in such cases.

Change-Id: I91755259dc2c09b1869627259d1e59d5edd6f145
2020-10-15 15:26:27 -07:00
Eric Biggers
836b51bf26 MetadataCrypt: remove unnecessary retry loop
As per the discussion at http://aosp/1456266, the retry loop in
create_crypto_blk_dev() doesn't appear to be needed.  Remove it.

For now don't bother removing the same retry loop in cryptfs.cpp, since
the FDE code isn't really being updated anymore and eventually will be
removed entirely.

Change-Id: Iba0b046f9cdd9723ea1a2ae70f4d4aed4355b97b
2020-10-15 14:46:35 -07:00
Yo Chiang
0af25a3a98 Add IVold::destroyDsuMetadataKey()
destroyDsuMetadataKey() / destroy_dsu_metadata_key() calls
android::gsi::GetDsuMetadataKeyDir() to query the DSU metadata
encryption key dir and destroy the key.
This releases the resource and allows consecutive DSU installations to
use the same key *directory*, but not the same key *blob*.

Bug: 168571434
Test: 1. Install a DSU system.
  2. Boot the DSU system and reboot back to the host system.
  3. Wipe the DSU installation.
  4. DSU metadata key dir /metadata/vold/metadata_encryption/dsu/dsu is
     destroyed.
Change-Id: Ib851177315a5a266807f46ccfd446de1848232cf
2020-10-13 16:00:43 +08:00
Martijn Coenen
7da18c97ef Merge "Use dm.CreateDevice() with a timeout." am: e9023dc7bb
Original change: https://android-review.googlesource.com/c/platform/system/vold/+/1456266

Change-Id: Id232a623d6aa3beaa3fdb5b31c722e96da6d75c9
2020-10-12 18:46:02 +00:00
Martijn Coenen
e9023dc7bb Merge "Use dm.CreateDevice() with a timeout." 2020-10-12 18:07:39 +00:00
Martijn Coenen
e0c38eba26 Use dm.CreateDevice() with a timeout.
Using the regular CreateDevice() variant with getDmDeviceByName() has a
race-condition that is documented in libdm/dm.h; instead, use the
variant with a timeout, which guarantees that the block device exists
when it returns.

Test: atest AdoptableHostTest
Bug: 150935323
Change-Id: Ic06cad9af7c44e23359d95b262f68dba27ddfb3a
2020-10-12 16:59:50 +02:00
Xin Li
fd4abc5e72 Skip ab/6749736 in stage.
Merged-In: I876aaf6bba933c964a3573d8053cc60829b3a5fa
Change-Id: I4c8616d3c17e3b9818bde3299fcc79f5444a95f5
2020-10-08 17:24:08 -07:00
Alan Stokes
cfc66f28b1 Merge "Enable vold to set level from user." am: dd66de13ea
Original change: https://android-review.googlesource.com/c/platform/system/vold/+/1437215

Change-Id: I4e09204e7b0e2a0c3028ba38238bf65636144ad2
2020-10-05 08:38:49 +00:00
Alan Stokes
dd66de13ea Merge "Enable vold to set level from user." 2020-10-05 08:23:08 +00:00
Alan Stokes
be3db7b7ae Enable vold to set level from user.
We want various per-user directories to have their SELinux MLS level
set to restrict access from other users, as an improvement to user
isolation.

We extend vold_prepare_subdirs to implement this if a flag is
set. vold itself then sets the flag based on a new property,
ro.vold.level_from_user. This is to allow testing of further
incremental work to ensure system apps correctly handle the new
restriction on different devices rather than causing immediate
breakage. Eventually this will go away and the restriction will apply
everywhere.

Bug: 141677108
Test: Manual, with and without propery set.
Change-Id: I8e2207bd94b487bdcc09fd4d80b031027dfea1e3
2020-10-02 14:49:25 +01:00
Treehugger Robot
27a747b8ab Merge "vold: remove unused stop() methods" am: d70e2b4ea9
Original change: https://android-review.googlesource.com/c/platform/system/vold/+/1434595

Change-Id: Ifb529e76791d98c76c549bfb93c5abcf4096e685
2020-09-24 16:25:43 +00:00
Treehugger Robot
d70e2b4ea9 Merge "vold: remove unused stop() methods" 2020-09-24 16:06:58 +00:00
Eric Biggers
adba2fcc36 vold: remove unused stop() methods
NetlinkManager::stop() and VolumeManager::stop() are never called, so
remove them.

Change-Id: I868aa2ad24066d2830816984afcc10000cbabad1
2020-09-23 10:02:25 -07:00
Treehugger Robot
2cfe561129 Merge "bench: Add fail-fast error path to inodeop_bench" am: 5a99d3cfbb
Original change: https://android-review.googlesource.com/c/platform/system/vold/+/1429775

Change-Id: I6bd94ca9e8ec62660b716d319ae949cdc578f6a3
2020-09-21 10:07:55 +00:00
Treehugger Robot
5a99d3cfbb Merge "bench: Add fail-fast error path to inodeop_bench" 2020-09-21 09:44:03 +00:00
Stefano Duo
0014019b8c bench: Add fail-fast error path to inodeop_bench
If one of the repeated operations specified by a command fails, report
the error to the user and don't export its metric.

Test: Manual run on physical device
Bug: 165903680
Signed-off-by: Stefano Duo <stefanoduo@google.com>
Change-Id: I3a8caeb6d878b004d89e425bc166c8505fda938a
2020-09-18 15:50:04 +00:00
Treehugger Robot
c9548b9d9e Merge "vold: remove unused code for CONFIG_HW_DISK_ENCRYPTION" am: 4e6e7e6c70
Original change: https://android-review.googlesource.com/c/platform/system/vold/+/1427711

Change-Id: I0254ee7e493f98a78476f2e939884185b04d10c0
2020-09-16 02:04:55 +00:00
Treehugger Robot
4e6e7e6c70 Merge "vold: remove unused code for CONFIG_HW_DISK_ENCRYPTION" 2020-09-16 01:24:16 +00:00
Eric Biggers
b67708361f vold: remove unused code for CONFIG_HW_DISK_ENCRYPTION
Nothing defines CONFIG_HW_DISK_ENCRYPTION, so remove the unused code
that's conditional on it being defined.

Change-Id: Ie435e138686eb4eac47d9aa762ae06f1645a117f
2020-09-15 11:57:30 -07:00
Daeho Jeong
58383d92c6 Merge "secdiscard: use F2FS_IOC_SEC_TRIM_FILE for secure discard" am: c5ff520a01
Original change: https://android-review.googlesource.com/c/platform/system/vold/+/1420895

Change-Id: I84cf17d8dd07c72a67beba46a814f51969a159ac
2020-09-15 00:13:38 +00:00
Daeho Jeong
c5ff520a01 Merge "secdiscard: use F2FS_IOC_SEC_TRIM_FILE for secure discard" 2020-09-14 23:50:17 +00:00
Daeho Jeong
d1b946ea9f secdiscard: use F2FS_IOC_SEC_TRIM_FILE for secure discard
A new interface, F2FS_IOC_SEC_TRIM_FILE, has been added to F2FS
filesystem to send secure discard command to a specific file,
not to block device. We can use this interface for better discard
command handling on a file basis.

[how to use F2FS_IOC_SEC_TRIM_FILE]
start: start offset in byte (should be aligned with 4096)
len: length in byte (should be aligned with 4096, except designating EOF)
     -1 also means till EOF.
flags: F2FS_TRIM_FILE_DISCARD - sending secure discard command. If the
                                device doesn't support it, send normal
                                discard.
       F2FS_TRIM_FILE_ZEROOUT - overwrite zero data in the file.

Bug: 140759142
Test: execute "secdiscard -- <file_path>" and check the content of file
Signed-off-by: Daeho Jeong <daehojeong@google.com>
Change-Id: I6ee44a047d291274c9d70ae5e4ccccfc06a52f89
2020-09-14 08:43:15 +09:00
Treehugger Robot
5724e15454 Merge "Add '-unstable' to solve ODR violation" am: f7794b5dc1
Original change: https://android-review.googlesource.com/c/platform/system/vold/+/1400407

Change-Id: I44aea35571e4dff7f9f1010325f51d0e98dc01f1
2020-09-11 08:40:46 +00:00
Treehugger Robot
f7794b5dc1 Merge "Add '-unstable' to solve ODR violation" 2020-09-11 08:19:44 +00:00
Jeongik Cha
f8f374a381 Add '-unstable' to solve ODR violation
The interface which is imported by an unstable interface is 'unstable'
as well. Until now, the ODR violation checker in aidl has omitted an
interface imported, but it will be checked, accordingly, fix the current
problem

Bug: 146436251
Test: m nothing
Change-Id: Id3c4bbc9149ba7c3e0a0d728026f02f60cb17424
Merged-In: Id3c4bbc9149ba7c3e0a0d728026f02f60cb17424
Exempt-From-Owner-Approval: cp from internal
2020-09-11 06:49:21 +00:00
Xin Li
789d1d0866 [automerger skipped] Merge "Merge Android R" am: 141c2027e2 -s ours
am skip reason: Change-Id I477d2dfba05718c829fdb2099248a8baba1125ab with SHA-1 8743ef4ea6 is in history

Original change: https://android-review.googlesource.com/c/platform/system/vold/+/1422563

Change-Id: I78dff452b759e863b082f44b76fb5ae9a83cb704
2020-09-11 00:40:18 +00:00
Xin Li
141c2027e2 Merge "Merge Android R" 2020-09-10 17:22:31 +00:00
Xin Li
1ef819d16a Merge Android R
Bug: 168057903
Merged-In: I477d2dfba05718c829fdb2099248a8baba1125ab
Change-Id: Ib60b99425dc79ca4c5b23772f32036f4e17ad11f
2020-09-09 20:21:28 -07:00
Treehugger Robot
8743ef4ea6 Merge "bench: Add inodeop_bench benchmark" am: e804806d79
Original change: https://android-review.googlesource.com/c/platform/system/vold/+/1421048

Change-Id: I477d2dfba05718c829fdb2099248a8baba1125ab
2020-09-09 13:34:41 +00:00
Treehugger Robot
e804806d79 Merge "bench: Add inodeop_bench benchmark" 2020-09-09 13:03:12 +00:00
Stefano Duo
046c854ae9 bench: Add inodeop_bench benchmark
Add new benchmark capable of generating specific inode operations
workloads. Currently, it supports create, delete, move, hardlink and
symlink.

Test: Manual run on cuttlefish and physical device
Bug: 165903680
Signed-off-by: Stefano Duo <stefanoduo@google.com>
Change-Id: Ia47f259b7ccea5fe1665b272c3cbc9ec1bf2eb56
2020-09-08 16:21:14 +00:00