Commit graph

65 commits

Author SHA1 Message Date
Martijn Coenen
6f5802e160 Use sdcardfs for pass-through mounts.
The pass-through mount is used by MediaProvider to access external
storage. Previously, it was the raw filesystem (eg ext4/f2fs); the
problem with that is that the permissions on that filesystem don't allow
MediaProvider to access all the files it needs to - in particular
directories under Android/

To solve this problem, we can have the pass-through mount sit on top of
sdcardfs instead of the raw filesystem. This means we need to mount
sdcardfs even in case we're using FUSE, but we already needed to do this
anyway for other performance reasons.

Bug: 135341433
Test: atest AdoptableHostTest
Change-Id: I893d5e5076c5096d2d55212f643c9a857242e964
2019-12-10 16:49:16 +01:00
Martijn Coenen
adcc845231 Get rid of confusing FUSE variables and comments.
Long before scoped storage, FUSE was used to create several views of the
filesystem; this was later replaced by sdcardfs, yet the code still
references FUSE in variables and log messages. Fix those up to avoid
confusion with the "new FUSE".

Bug: 135341433
Test: atest AdoptableHostTest
Change-Id: I2966c5f95d6f38df36a20cdfdd0b95b3051f3f1e
2019-12-09 16:52:15 +01:00
Martijn Coenen
10b122b4e9 Don't LOG() after fork() and before exec().
LOG() can hang, because another vold thread may have been holding
a libc lock at the time we forked. Simply moving the log line to
before the fork().

Bug: 135341433
Test: atest AdoptableHostTest
Change-Id: I6063eb33f35c835a226bc1e56de97ace426747ff
2019-12-04 15:50:29 +01:00
Zim
5048b4b2bc Add mount callback
Mounting a FUSE path needs two steps:
1. Mounting the filesystem
2. Starting the FUSE session in the FUSE daemon

The second part requires retriving an fd from (1) and the mount paths
and passing it to the FUSE daemon.

Previously, we'd return from the Vold mount call and mark the volume
as mounted while we scramble to do (2). This means there's a time
period where the Volume is marked as MOUNTED but not actually ready
and any IO access on the paths will hang forever. This could also be
misleading when interpreting bug reports.

Now, we block the Vold mount call until the FUSE session is started

Test: atest AdoptableHostTest
Bug: 144275217

Change-Id: I45238a31df71286f67ef1c65c711d0085d72e97f
2019-11-22 17:06:04 +01:00
Zim
2d45d9b420 Fix emulated volumes not created for secondary users
Ifabaa12368e5a591fbcdce4ee71c83ff35fdac6b introduced individual
emulated volumes for each Android user. The change however didn't
create the volumes for the secondary users on user start in vold
without the persist.sys.fuse flag

Now we always create the volumes but only mount sdcardfs volumes
for user 0 because the sdcardfs mount paths do not change with for
different users unlike the FUSE mount paths.

Bug: 144473552
Test: atest AdoptableHostTest
Test: Start a guest user in Settings and launch chrome browser in that
user, verify that chrome does not crash

Change-Id: I89f3591d0197d86267f0e3934f496273e2f9fd7e
2019-11-14 16:28:33 +00:00
Zim
a438b24368 Fix multi-user and multi-storage with FUSE
Up until now, the FUSE mount logic has made two assumptions:
1. The primary external volume is an emulated volume on /data/media
2. Only the primary user is running, as user zero

These assumptions are fixed by the following changes
creating an EmulatedVolume per Android user and changing the
VolumeBase id format to append the user to the id, so
s/emulated/emulated-0/. This allows us mount separate volumes per user

Some additional refactorings to re-use/clean up code.

Test: adb shell sm set-virtual-disk and partition disk operations work
even after setting up a work profile
Bug: 135341433

Change-Id: Ifabaa12368e5a591fbcdce4ee71c83ff35fdac6b
2019-11-11 20:24:49 +00:00
TreeHugger Robot
de735e608b Merge "Use snapshot value sys.fuse_snapshot instead of persist.sys.fuse" 2019-09-27 16:09:33 +00:00
shafik
5cf32b52a6 Use snapshot value sys.fuse_snapshot instead of persist.sys.fuse
This will allow us to receive values from server flags and store them in
persist.sys.fuse without risking flag consistency during a boot.

Test: manual - flip persist.sys.fuse both ways and make sure FuseDaemon
works as expected.
Bug: 140803239

Change-Id: I839a1973c98b4eda982226d20be48d1c08e7464a
2019-09-25 13:56:01 +01:00
Zim
981222f500 Bind mount lower filesystem during FUSE mount
When mounting a FUSE device on /mnt/user/<userid>/<vol>,
bind mount the correspoinding lower filesystem path to
/mnt/pass_through/<userid>/<vol>. At Zygote fork time, an
app with the right privilege will have the pass_through path
bind mounted into /storage instead of the /mnt/user path.

This provides such an app direct access to the lower filesystem
without going through FUSE.

Bug: 140064376
Test: mount(8) shows /mnt/pass_through/0/emulated is a bind
mount of the lower fs

Change-Id: I32c3cad64138910fcec9fb8f66b206706b5fd139
2019-09-24 10:39:13 +01:00
Nandana Dutt
23edfac445 Fix fdsan check
BUG: 140376618
Test: Downloaded a picture on Chrome (this would crash previously)
Change-Id: I7a750cde1131d19d140140dfaa0bd09131974fc0
2019-09-04 09:23:01 +01:00
Nandana Dutt
a914cc764e Use unique_fd
Also allow the state just before doMount() as a valid state for setting
fuse fd.
Test: manual
BUG:140173712

Change-Id: I012f8a83fef00e68f33010954fbc2ebc53cf8f1d
2019-08-29 15:25:13 +01:00
Zim
3623a212e3 Mount /dev/fuse on /mnt/user/<userid>/<volumeid>
Since system_server cannot mount devices by itself,
add a binder interface to vold that system_server
can call to initiate this mount when required.

BUG: 135341433
Test: manual
Test: atest --test-mapping packages/providers/MediaProvider
Test: ExternalStorageHostTest DownloadProviderTests

Change-Id: If4fd02a1f1a8d921a3f96783d8c73e085c5b7ca1
2019-08-28 10:49:27 +01:00
Sudheer Shanka
4112c12cb6 Remove storage sandboxes related code.
Bug: 131115422
Test: manual
Test: atest --test-mapping packages/providers/MediaProvider
Test: atest cts/hostsidetests/appsecurity/src/android/appsecurity/cts/ExternalStorageHostTest.java
Test: atest DownloadProviderTests
Test: atest cts/tests/app/src/android/app/cts/DownloadManagerTest.java
Test: atest cts/tests/app/DownloadManagerLegacyTest/src/android/app/cts/DownloadManagerLegacyTest.java
Test: atest cts/tests/app/DownloadManagerApi28Test/src/android/app/cts/DownloadManagerApi28Test.java
Change-Id: Ib3272a47a901ed106474039e72f123b11f5443ff
2019-05-07 10:47:03 -07:00
Sudheer Shanka
8cad97b48f Pass unshared_obb flag to sdcardfs setup.
Bug: 110960295
Test: atest cts/hostsidetests/appsecurity/src/android/appsecurity/cts/ExternalStorageHostTest.java
Change-Id: I945722849ce225ca701bba482c859f1a6567bb63
2019-03-05 14:43:14 -08:00
Jeff Sharkey
a6082500e4 Enable isolated storage by default.
We've been dogfooding the isolated storage feature for many months
on various internal groups, and we're ready to enable it globally.

Bug: 112545973
Test: executed entire CTS suite using forrest
Change-Id: I612b6aba4f08dc0ac13f4f94b03c4bddd6de12df
2019-02-11 13:14:37 -07:00
Sudheer Shanka
5504901bf0 Create a new MOUNT_EXTERNAL_LEGACY storage mode.
Apps that are already installed on the device before isolated_storage
feature is enabled will be granted MOUNT_EXTERNAL_LEGACY mode. In this
mode, /mnt/runtime/write will be mounted at /storage giving them same
level of access as in P.

A new mount directory /mnt/runtime/full is also created which will be
used for mounting at /storage for apps started with MOUNT_EXTERNAL_FULL
mode. This will allow apps with WRITE_MEDIA_STORAGE permission to
read/write anywhere on the secondary devices without needing to bypass
sdcardfs.

Bug: 121277410
Test: manual
Test: atest android.appsecurity.cts.ExternalStorageHostTest
Change-Id: Icc1ff9da35545692daedef7173d7c89290dd2766
2019-01-18 18:48:55 -08:00
Sudheer Shanka
811de623a0 Merge "Create new mount directory /mnt/runtime/full." am: b9fae464fc am: f6c3c77f6c
am: dbd9c5ccbe

Change-Id: I90827fdccc294641db0cecaaa523140e9cb9d0fd
2019-01-18 17:46:05 -08:00
Sudheer Shanka
dd4bb17343 Create new mount directory /mnt/runtime/full.
This will be used for system internals to access
secondary volumes without having to bypass sdcardfs.

Bug: 121277410
Test: manual
Exempt-From-Owner-Approval: Got approval on internal master
Change-Id: I9b3e33f6c6e426e83469b8030b02d59c02183946
2019-01-18 23:48:45 +00:00
Greg Kaiser
ef9abab5ee vold: const-ify some of the API
We make some of the C++ member functions 'const', to reflect how
they (don't) affect the state of the class.

Test: TreeHugger
Change-Id: Iec1c2801bfe721e2741406ed1ac0ef95662840a6
Merged-In: Iec1c2801bfe721e2741406ed1ac0ef95662840a6
2018-12-20 10:38:15 -08:00
Greg Kaiser
2bc201e6bb vold: const-ify some of the API
We make some of the C++ member functions 'const', to reflect how
they (don't) affect the state of the class.

Test: TreeHugger
Change-Id: Iec1c2801bfe721e2741406ed1ac0ef95662840a6
2018-12-20 10:30:17 -08:00
Paul Crowley
4ba32a0e3c Merge "Refactor ForkExecvp to improve locking behaviour" am: 6aaedb0dca am: 12d8d6343b
am: 1369936cb4

Change-Id: If1bb4a4bc0670346caf1d3909062ab70b3afe521
2018-12-06 13:34:14 -08:00
Paul Crowley
de2d6201ab Refactor ForkExecvp to improve locking behaviour
Do our own fork/exec rather than using a library. This leads to
many improvements:

- unite the output recording path with the other path
- never concatenate arguments with spaces
- never use the shell
- move setexeccon after fork, so we don't need to take the lock
- general code refactor while we're there

My tests:
- Ensure Marlin device boots and vold_prepare_subdirs is called
successfully
- Try adb shell sm set-virtual-disk true, see that eg sgdisk output is
logged.

weilongping@huawei.com's tests:
- unlock a user's de and ce directory;
- connect to a OTG storage device or a sdcard and ensure the mount logic be successful

Bug: 26735063
Bug: 113796163
Test: details in commit
Change-Id: I0976413529d7cbeebf5b8649660a385f9b036f04
2018-12-06 09:37:02 -08:00
Risan
4d8ba07231 Merge "StubVolume as first class Volume in Vold" am: dcbce84fed am: 14955896e5
am: a294e197b4

Change-Id: Iaec41c8ffe6feaa59163987c914fa21edc7ae2cd
2018-11-13 12:13:23 -08:00
Risan
8c9f33242f StubVolume as first class Volume in Vold
StubVolume is a Volume that is maintained by external party such as the
ChromeOS processes in ARC++.

Bug: 110380403
Test: Tested on ARC++

Change-Id: I3198bd7283d5f60a524da3707dea7385ffec599d
2018-11-08 07:40:43 +00:00
Eric Biggers
b288bf0f44 vold: rename from "ext4 encryption" to fscrypt am: a701c458ca am: 10b70834a4
am: a51283d281

Change-Id: I346bca3f23cfe84d77e5de1e8ef601fb7debf620
2018-10-29 10:41:02 -07:00
Eric Biggers
a701c458ca vold: rename from "ext4 encryption" to fscrypt
We support file-based encryption on both ext4 and f2fs now, and the
kernel API is the same.  So rename things appropriately in vold:

    e4crypt => fscrypt
    ext4enc => fscrypt
    Ext4Crypt => FsCrypt
    EXT4_* => FS_*
    ext4_encryption_key => fscrypt_key

Additionally, the common functions shared by 'vold' and 'init' are now
in libfscrypt rather than ext4_utils.  So update vold to link to
libfscrypt and include the renamed headers.

Note: there's a chance of 'fscrypt' being confused with the dm-crypt
based encryption code in vold which is called 'cryptfs'.  However,
fscrypt is the name used in the kernel for ext4/f2fs/ubifs encryption,
and it's preferable to use the same name in userspace.

Test: built, booted device with f2fs encryption
Change-Id: I2a46a49f30d9c0b73d6f6fe09e4a4904d4138ff6
2018-10-25 17:12:32 -07:00
Sudheer Shanka
40ab6742a7 Bind mount pkg specific dirs in the zygote child namespaces.
- Also update vold to create sandboxes for secondary storage devices.
- Since bind mounts are created in the process specific namespaces, we
  don't need /mnt/storage anymore which we were using it to prevent
  some bind mounts from propagating onto /mnt/runtime/write.
- Create bind mounts for {media,obb} dirs similar to data dir in
  per process namespace.
- Also fix a bug where we are not passing correct packages to vold when
  a new user starts.

Bug: 111890351
Test: manual
Change-Id: I7849efc4fbf3c654606fa30de7ab2de0236d766f
2018-09-27 15:50:26 -07:00
Oleksiy Avramchenko
39f8497c52 Merge changes from topic "exfat-update" am: a2a227e382 am: 1fe4696cdd
am: b5b7a6f8c6

Change-Id: Iebcf9249acf4607ff6e24cc68d739e533024b267
2018-09-24 12:24:17 -07:00
Treehugger Robot
a2a227e382 Merge changes from topic "exfat-update"
* changes:
  Use exFAT for SDXC cards
  Add GetBlockDevSize, GetBlockDevSectors helpers
2018-09-24 18:52:56 +00:00
Jeff Sharkey
dac54dce51 Merge "Update vold to log only debug or higher level messages." am: 9bd07d8760 am: 92c182e4c7
am: 3c5f603158

Change-Id: I2209a3208a26ae649b4d5dc1aa18d30b6a61afcb
2018-09-24 10:34:26 -07:00
Oleksiy Avramchenko
4cff06d45f Use exFAT for SDXC cards
When both VFAT and exFAT are supported VFAT will only be used to
format card. Use exFAT for cards larger than 32GB per SDXC standard.

Test: build, manual, mount exFAT volume
Bug: 80202067
Change-Id: If504f9685256a669c5801a69d69d5a214ad27455
2018-09-24 14:28:24 +02:00
Oleksiy Avramchenko
625dc787c6 Add GetBlockDevSize, GetBlockDevSectors helpers
Helpers to get a block device size in bytes or 512 byte sectors,
using BLKGETSIZE64 and returning value of uint64_t type.

This also removes get_blkdev_size().

Test: build, manual, mount exFAT volume
Bug: 80202067
Change-Id: Ib07e8ac6ef7ff49de0ed570d1fa202e8b558b80c
2018-09-24 14:25:24 +02:00
Sudheer Shanka
4b6ca4ea65 Update vold to log only debug or higher level messages.
This will allow adding lots of verbose logs which can be enabled
only during local testing/debugging. Update the existing verbose
level logs to debug level since we want those to be logged by
default.

Test: manual
Change-Id: Ib05e2b6efa71308458d49affb6ed81d3975b28ab
2018-09-21 11:16:51 -07:00
Paul Crowley
8915d62847 clang-format the rest of the files
Apply clang-format to fix the remaining files not fixed by
change I23cde3f0bbcac13bef555d13514e922c79d5ad48

Test: Format-only changes; treehugger suffices.
Change-Id: I1bfd5c8d68d298596875d5edae26cdfe27c03489
Merged-In: I1bfd5c8d68d298596875d5edae26cdfe27c03489
2018-09-20 06:27:22 -07:00
Paul Crowley
edf7a4eb95 clang-format the rest of the files
Apply clang-format to fix the remaining files not fixed by
change I23cde3f0bbcac13bef555d13514e922c79d5ad48

Test: Format-only changes; treehugger suffices.
Change-Id: I1bfd5c8d68d298596875d5edae26cdfe27c03489
2018-09-19 19:45:27 -07:00
Paul Crowley
b2efa615db Merge "clang-format many files." am: a676df01e2 am: 957b9544dd
am: 8b2b67bc1e

Change-Id: Iad04e9517cd01e2ea13281b31e7b13ae75414d7e
2018-09-19 17:43:43 -07:00
Paul Crowley
14c8c0765a clang-format many files.
Test: Format-only changes; treehugger suffices.
Change-Id: I23cde3f0bbcac13bef555d13514e922c79d5ad48
2018-09-18 15:41:22 -07:00
Jaegeuk Kim
1251ef0bcf vold: metadata encryption: ensure F2FS GC targets correct device.
This fixes F2FS GC failure in idle-maint.

Bug: 111953875
Change-Id: I1d10802121d5641cf9ba780fee249affd2cf6ffe
Merged-In: I1d10802121d5641cf9ba780fee249affd2cf6ffe
Test: Tested by hand
Signed-off-by: Jaegeuk Kim <jaegeuk@google.com>
2018-09-18 13:14:34 -07:00
Sudheer Shanka
53947a3662 Update vold to prepare package sandboxes for primary volume.
Vold is updated to create package specific sandboxes for primary
volume and mount them at
"/mnt/user/<user-id>/package/<package-name>/<primary-label>".
This will later be mounted at /storage when a new process starts.

Bug: 111890351
Test: Manually verified that a package has access to "/sdcard" and
      "/storage/emulated/0", both of which are just the package specific
      sandboxes and the package doesn't have access to other sandboxes
      and can't see other package names.

Change-Id: I72dc8ae9eb2260a298159c5de18387dad2f9de48
2018-08-01 10:24:13 -07:00
Jaegeuk Kim
fe69ce34e6 vold: meta encryption: fix /dev/block/by-name/userdata to dm-3
am: 31e962fe19

Change-Id: Ib7324e29b7384bc7c1c847ce62af5230fa8a0081
2018-07-30 13:22:02 -07:00
Jaegeuk Kim
31e962fe19 vold: meta encryption: fix /dev/block/by-name/userdata to dm-3
This fixes F2FS GC failure in idle-maint.
07-28 18:25:54.838   603 11187 D vold    : idle maintenance started
07-28 18:25:54.846   603 11187 D vold    : Start GC on /sys/fs/f2fs/sda21
07-28 18:25:54.847   603 11187 W vold    : Set discard gralunarity failed on/sys/fs/f2fs/sda21: No such file or directory
07-28 18:25:54.847   603 11187 W vold    : Start GC failed on /sys/fs/f2fs/sda21: No such file or directory

Bug: 111953875
Change-Id: I1d10802121d5641cf9ba780fee249affd2cf6ffe
Signed-off-by: Jaegeuk Kim <jaegeuk@google.com>
2018-07-29 18:22:47 -07:00
Dmitry Shmidt
d6502365c7 Merge "vold: Add nvme disk support" am: 6054bc3ded
am: 3a920e3f6e

Change-Id: Ie4946e65924fffae8b810b54658b64e34a543fb4
2018-05-15 13:35:52 -07:00
Daniel Rosenberg
eea3792845 Merge "Remove waitpid on UnMount" am: f6dbba8846
am: 1584dc0d1d

Change-Id: I6c2562f6fc075e8be7db2986e461f2c2dd092650
2018-04-03 13:49:04 -07:00
Jeff Sharkey
e50314d52b Trim whitespace from sysfs values.
Test: builds, boots
Bug: 72740079
Change-Id: If364927ea762c7dee99bff5dc307e3b9b5355c2b
2018-02-24 18:23:37 -07:00
Greg Kaiser
57f9af6af4 cryptfs: Require ext disk crypt to match code
Our external partitions have no crypto header/footer, so we
only get the keysize and key.  Our code has been implicitly
assuming that this keysize off of disk matches the crypto
type we have in our code (and thus matches the keysize our
code is using as well).  We now make this assumption
explicit, and check for this and no longer allow external
code to pass a keysize in to cryptfs.

Bug: 73079191
Test: Compiled and tested in combination with other CLs.
Change-Id: I1a1996187e1aaad6f103982652b1bcdfd5be33ce
2018-02-16 15:23:56 -08:00
Gao Xiang
17510259cc Merge "mFusePid should be cleared after waitpid successfully" am: 456483d193 am: 8be3be3167
am: 8fe7f3104b

Change-Id: I18199ce5f972f0a403728e34dec608a01fceb183
2018-02-16 01:42:39 +00:00
Jeff Sharkey
37ba125205 Add basic exFAT support.
Several partners have been requesting exFAT support.  Android doesn't
natively support exFAT, but we're at least willing to try mounting an
exFAT filesystem if we detect the Linux kernel supports it, and if
helper binaries are present.

This CL is simple scaffolding, and it provides no actual
implementation of exFAT.

Test: builds, boots
Bug: 67822822
Change-Id: Id4f8ec3967b32de6e1c0e3c4b47fe6e43a6291ab
2018-01-19 11:58:43 +09:00
Jeff Sharkey
d7e5176043 Add "default_normal" support to vold.
This new flag isolates each user on a multi-user device for security
reasons.

Test: cts-tradefed run commandAndExit cts-dev -m CtsAppSecurityHostTestCases -t android.appsecurity.cts.ExternalStorageHostTest#testSecondaryUsersInaccessible
Bug: 64672411
Change-Id: I3db8dde597a7715ca680779ac57957fb12a92f8e
2018-01-08 11:48:13 -07:00
Jeff Sharkey
8c24ae7c47 FBE devices now fully support adoptable storage.
We've finished all the underlying work to support adoptable storage
on FBE devices, so remove the code that was disabling it by default.

To aid debugging, support blocking move commands (so that we log
the stdout) via a system property, so we don't have to recompile
end user devices stuck in funky states.

Test: cts-tradefed run commandAndExit cts-dev -m CtsAppSecurityHostTestCases -t android.appsecurity.cts.AdoptableHostTest
Bug: 29923055, 25861755, 33252673, 37289651
Change-Id: I6b781de7e196a1a50ba543843aca0caf74c3e282
2018-01-04 18:52:07 -07:00
Pierre-Hugues Husson
130a994f4f Merge "Workaround perdev_minors path change in Linux" am: d3870c5167 am: 5687befd86
am: 77e194d0b9

Change-Id: If0c043e387629312121dc7d4556c112dc5800201
2017-11-28 19:19:36 +00:00