Commit graph

2591 commits

Author SHA1 Message Date
Tri Vo
798aa303da Merge "vold: use RAII wake locks" 2019-06-20 19:42:50 +00:00
Tri Vo
242130f3f8 vold: use RAII wake locks
Prevents wake lock leaks, e.g. b/133175847

Bug: 133175847
Test: boot blueline
Change-Id: I62fd1c6c3abbfd35aebe11343abd717a7cf4eef7
2019-06-18 15:34:12 -07:00
Treehugger Robot
6c704f736c Merge "Fail startCheckpoint if checkpoints not supported" 2019-06-14 23:30:49 +00:00
Xin Li
170b45c75f Merge "DO NOT MERGE - Merge pie-platform-release (PPRL.190605.003) into master" 2019-06-10 19:54:58 +00:00
The Android Open Source Project
1aebde23aa DO NOT MERGE - Merge pie-platform-release (PPRL.190605.003) into master
Bug: 134605042
Change-Id: Ie32488cf0d10e1a5622d24f604a7a5e84c56e79c
2019-06-10 09:32:29 -07:00
Daniel Rosenberg
44c18e1723 Merge "Fix include order"
am: 0a0b5b5f02

Change-Id: I002b546d733dd55ced79aeb118c6394ce973d609
2019-06-07 18:49:05 -07:00
Treehugger Robot
0a0b5b5f02 Merge "Fix include order" 2019-06-08 01:30:38 +00:00
Daniel Rosenberg
288fca9266 Merge "Defer deleteKey in KeyStorage in Checkpointing mode"
am: fc4ad04ffe

Change-Id: Ib4f127130bdf05fe092fec15d999e5d645441303
2019-06-07 16:00:50 -07:00
Treehugger Robot
fc4ad04ffe Merge "Defer deleteKey in KeyStorage in Checkpointing mode" 2019-06-07 22:48:00 +00:00
Xin Li
8941a145a0 Merge "Restore historical behavior with fsck_msdos (always accept fixes)."
am: a2518c7fe7

Change-Id: I91202edd2dbca6e8eb4c58fa25453da22045a062
2019-06-07 15:17:24 -07:00
Treehugger Robot
a2518c7fe7 Merge "Restore historical behavior with fsck_msdos (always accept fixes)." 2019-06-07 22:05:20 +00:00
Daniel Rosenberg
d2906b8b5f Fix include order
Change-Id: Id839cc52801f3d0fce2d46faecf813812613e431
Test: None
2019-06-07 14:18:40 -07:00
Daniel Rosenberg
a48730a0fd Defer deleteKey in KeyStorage in Checkpointing mode
Don't delete keys in checkpointing mode. Instead wait until the
checkpoint has been committed.

Bug: 134631661
Test: Flash A with a working build. Flash B with a broken build. Test
      that the device rolls back to A without getting sent to recovery.
Merged-In: Ie5fc2d098355e2d095c53e9a95a6a8c7ab7ed051
Change-Id: Ie5fc2d098355e2d095c53e9a95a6a8c7ab7ed051
2019-06-07 14:11:01 -07:00
TreeHugger Robot
b02c30cbf3 Merge "DO NOT MERGE - Skip pi-platform-release (PPRL.190605.003) into stage-aosp-master" into stage-aosp-master 2019-06-07 07:06:19 +00:00
Xin Li
3d3a9a7f1c Restore historical behavior with fsck_msdos (always accept fixes).
Bug: 133725065
Change-Id: I1d50a7e52fda34e59eb6f051c7fde115a6cd5255
2019-06-06 11:33:51 -07:00
Dan Willemsen
4be1fb5196 Merge "Match src paths with aidl package name"
am: 94f300295d

Change-Id: I0e7afb27913038f302e43a97091825a0689dc1b6
2019-06-05 20:36:52 -07:00
Treehugger Robot
94f300295d Merge "Match src paths with aidl package name" 2019-06-06 02:19:19 +00:00
Xin Li
3a6c897d05 DO NOT MERGE - Skip pi-platform-release (PPRL.190605.003) into stage-aosp-master
Bug: 134605042
Change-Id: I6b90349f94ffd8a05d5f04e8a6fb24018d93bedd
2019-06-05 15:43:40 -07:00
Dan Willemsen
87c7f882dd Match src paths with aidl package name
In order for the build system to track updates to the header files
during incremental builds, always specify the src files using the same
path as the package for C++ compilations.

Bug: 112114177
Test: treehugger
Change-Id: I9a2d638cbde46f67e2d5761f5b5113cc7e068ec5
2019-06-05 17:03:31 +00:00
android-build-team Robot
1571f66c29 Snap for 5524043 from a736dde3f4 to pi-platform-release
Change-Id: I9998fe9b732b39b669a06a30fa7a22847c6b65ee
2019-06-05 02:04:18 +00:00
David Anderson
f1fa57d602 Merge "Replace manual dm ioctls with libdm."
am: bc5818774c

Change-Id: Id7ebd240d7c3e16397fcdd044113b54700b11fd5
2019-05-21 17:13:45 -07:00
David Anderson
bc5818774c Merge "Replace manual dm ioctls with libdm." 2019-05-21 21:46:38 +00:00
Nick Kralevich
07d6eff5d5 Merge "FsCrypt.cpp: Do delayed restorecon on /data/vendor_ce"
am: 3b290ece1a

Change-Id: I7d25b2611fb9c8e84139e3a00ccd88a1cc145f3b
2019-05-15 12:25:11 -07:00
Treehugger Robot
3b290ece1a Merge "FsCrypt.cpp: Do delayed restorecon on /data/vendor_ce" 2019-05-15 19:06:04 +00:00
Paul Lawrence
c2a145ff33 Fail startCheckpoint if checkpoints not supported
Bug: 131815738
Test: vdc checkpoint startCheckpoint 2 succeeds on blueline
      It fails with a modified fstab with no checkpoint=fs flag

Change-Id: I6d55810a1f711a670f18fbd10d8779c15f4e3cba
2019-05-15 10:16:15 -07:00
Nick Kralevich
1bfc01e663 FsCrypt.cpp: Do delayed restorecon on /data/vendor_ce
When Android boots after file_contexts has changed, the boot process
walks the entire /data partition, updating any changed SELinux labels as
appropriate. However, credential encrypted ("ce") directories are
deliberately excluded from this early boot directory walk. Files within
ce directories have their filenames encrypted, and as a result, cannot
match the file_contexts entries. Only after the user has unlocked their
device are the unencrypted filenames available and a restorecon
appropriate.

Ensure that we do a post-unlock restorecon on /data/vendor_ce, like we
do for /data/system_ce and /data/misc_ce. This ensures the labels on
files within these directories are correct after the device has been
unlocked.

(cherrypicked from commit 6a3ef488e5)

Bug: 132349934
Test: See bug 132349934 comment #12 for test procedure
Change-Id: Ifcbef5fdfb236ec6dea418efa9d965db3a3b782f
2019-05-15 09:33:13 -07:00
David Anderson
b92247368a Replace manual dm ioctls with libdm.
This mostly 1:1 replaces manual ioctls to device-mapper with calls to
libdm. There were two exceptions:

(1) There is a very old table-load-retry loop to workaround issues with
    umount (b/7220345). This loop has been preserved, however, it now
    includes DM_DEV_CREATE as well as DM_TABLE_LOAD.
(2) There was some ancient code to set DM_DEV_GEOMETRY for obb
    dm-devices. This never did anything since geometry must be set after
    loading a table. When setting it before (as vold was doing), the
    subsequent DM_TABLE_LOAD will clear it.

Bug: 132206403
Test: FBE device boots
      FBE device w/ metadata encryption boots
      FDE device boots
      atest StorageManagerIntegrationTest
Change-Id: Ib6db6b47329f093ac7084edaf604eddace8b9ac6
2019-05-13 13:07:12 -07:00
Martijn Coenen
19e74b3d1f Merge "Stop using trigger_reset_main."
am: 91a6c016ec

Change-Id: Id4baa15b619a941c7059d19c59645a45b9060433
2019-05-06 23:57:12 -07:00
Martijn Coenen
91a6c016ec Merge "Stop using trigger_reset_main." 2019-05-07 06:41:01 +00:00
Martijn Coenen
aec7a0a165 Stop using trigger_reset_main.
This trigger was used on FDE devices to bring down the minimal
framework, and worked by shutting down the 'main' service class.

With APEX being introduced, we want to restart all services that were
started after the tmpfs /data was mounted, as those are the services
that haven't been able to use updated APEXes in the (real) /data.

In order to do this, we need to reset more classes; that in turn
made the 'shutdown_main' trigger pretty much similar to the
previously existing 'trigger_shutdown_framework' trigger; so instead
of keeping two duplicate triggers, use only the
'trigger_shutdown_framework' one.

Bug: 118485723
Test: Taimen configured as FDE boots, Taimen configured as FBE boots
Change-Id: I0d80ef2528bd70870b063a2c580cd00a03de9961
2019-04-26 14:05:28 +02:00
Paul Lawrence
7d9a965419 Merge "Use correct Statuses from Checkpoint code"
am: 8d4164f92f

Change-Id: I35ffbb3bc89eb695aa86c45f4aa0a8633cfd11b9
2019-04-23 16:25:53 -07:00
Treehugger Robot
8d4164f92f Merge "Use correct Statuses from Checkpoint code" 2019-04-23 23:07:27 +00:00
Paul Lawrence
82b3505e2e Use correct Statuses from Checkpoint code
Bug: 130190815
Test: Added fake error to code and checked correct error was caught
Change-Id: If9ab9357f0f961607e15a4ba18d9d85bc9923019
2019-04-19 14:50:59 -07:00
xzj
a921b6795e Merge "fix data encryption fail when ENCRYPTION_FLAG_NO_UI is set"
am: c222ad20ee

Change-Id: I5ebb8825b40c3ce088607f8a4aa6d4fb506f6bd5
2019-04-19 14:15:15 -07:00
Treehugger Robot
c222ad20ee Merge "fix data encryption fail when ENCRYPTION_FLAG_NO_UI is set" 2019-04-19 20:27:44 +00:00
xzj
7e38a3a3c8 fix data encryption fail when ENCRYPTION_FLAG_NO_UI is set
cause: data partition not being umount before real encryption
Change-Id: If5cc084c182d96c6205359b76ee0c474f6a77a2e
2019-04-19 18:07:13 +00:00
Sandeep Patil
9389f389f5 Merge "Add visible logs about fstrim run for block based checkpoints"
am: 419528be57

Change-Id: I546d5cb3807cd217e9ab992ee517d4a3164566e5
2019-04-17 15:10:43 -07:00
Treehugger Robot
419528be57 Merge "Add visible logs about fstrim run for block based checkpoints" 2019-04-17 21:11:04 +00:00
Sandeep Patil
f8da61f26a Add visible logs about fstrim run for block based checkpoints
Bug: 120095226
Test: Tested by forcing /data/system/last-fstrim last modified time back
      2 years & manually trigger checkpoint using 'vdc checkpoint startCheckpoint 1'

Change-Id: I0cb8b6a85ae787e1ba2cdd7998a46942ca69760f
Merged-In: I0cb8b6a85ae787e1ba2cdd7998a46942ca69760f
Signed-off-by: Sandeep Patil <sspatil@google.com>
2019-04-17 12:55:58 -07:00
android-build-team Robot
a736dde3f4 Merge cherrypicks of [7077329, 7077440, 7077330, 7077468, 7076852, 7077469, 7077580, 7077581, 7077582, 7074025, 7077706, 7077707, 7077708, 7077388, 7077583, 7077584, 7077585, 7077726, 7077727, 7077331, 7077332, 7077459, 7077709, 7077710, 7077711, 7077712, 7077460, 7077461, 7077333, 7077334, 7077696] into pi-qpr3-release
Change-Id: Icfc00a7020e3f0589ff268071c8f6d18b6f2a445
2019-04-16 22:41:51 +00:00
Woody Lin
0496e3698f Fsync directories before delete key
The boot failure symptom is reproduced on Walleye devices. System boots
up after taking OTA and try to upgrade key, but keymaster returns "failed
to ugprade key". Device reboots to recovery mode because of the failure,
and finally trapped in bootloader screen. Possible scenario is:

(After taking OTA)
vold sends old key and op=UPGRADE to keymaster
keymaster creates and saves new key to RPMB, responses new key to vold
vold saves new key as temp key
vold renames temp key to main key -------------- (1) -- still in cache
vold sends old key and op=DELETE_KEY to keymaster
keymaster removes old key from RPMB ------------ (2) -- write directly to RPMB
==> SYSTEM INTERRUPTED BY CRASH OR SOMETHING; ALL CACHE LOST.
==> System boots up, key in RPMB is deleted but key in storage is old key.

Solution: A Fsync is required between (1) and (2) to cover this case.

Detail analysis: b/124279741#comment21

Bug: 112145641
Bug: 124279741
Test: Insert fault right after deleteKey in vold::begin (KeyStorage.cpp),
      original boot failure symptom is NOT reproducible.
Change-Id: Ia042b23699c37c94758fb660aecec64d39f39738
Merged-In: Ib8c349d6d033f86b247f4b35b8354d97cf249d26
(cherry picked from commit a598e04a91)
2019-04-16 22:39:59 +00:00
Paul Crowley
4b9c47d70f Fsync directories after creating files
Bug: 112145641
Bug: 124279741
Bug: 120248692
Test: adb shell locksettings set-pin 1111 && \
    adb shell "echo b > /proc/sysrq-trigger"
Change-Id: I53d252942c21365983b4f8b6e0948b1864f195c1
Merged-In: I53d252942c21365983b4f8b6e0948b1864f195c1
(cherry picked from commit 2e58acb412)
2019-04-16 22:39:52 +00:00
Eric Biggers
a30a907c65 Merge "Don't drop as many caches when evicting CE key"
am: a057b27f2a

Change-Id: Ic98dbb34e6696de5ddcaeccb4ae0108cbe0a1921
2019-04-05 16:00:39 -07:00
Eric Biggers
a057b27f2a Merge "Don't drop as many caches when evicting CE key" 2019-04-05 21:04:22 +00:00
Eric Biggers
ce36868316 Don't drop as many caches when evicting CE key
When a user's CE key is removed, write "2" to /proc/sys/vm/drop_caches
rather than "3".  This avoids unnecessarily evicting the pagecache of
in-use inodes.  It's only necessary to evict the inodes of the relevant
encrypted files, and these are already sync'ed and no longer in-use.
For this mode "2" suffices, as this evicts "reclaimable slab objects",
including inodes; and evicting an inode implies evicting its pagecache.

This matches the recommendation I've made in the documentation for the
fscrypt kernel feature at
https://www.kernel.org/doc/html/latest/filesystems/fscrypt.html#online-attacks

Test: Sanity check that directories are still "locked" properly:
      Unlock device with PIN.  Then in adb shell: 'stop; start;
      sleep 10; ls /data/data/' still shows filenames in ciphertext form.
Change-Id: I1bdf3c420ebf63e98cc314498211061ea36f2942
2019-04-05 12:19:46 -07:00
Paul Crowley
e6c7dffaa8 Merge changes I40575081,I1ca8f8cf,I38bfd273
am: 1c6a56b27f

Change-Id: I8410e8cb691eb0b5e3e721b6b715eb30f28eef51
2019-04-05 12:15:24 -07:00
Paul Crowley
1c6a56b27f Merge changes I40575081,I1ca8f8cf,I38bfd273
* changes:
  clang-format Utils.cpp
  vold: fsync both file and directory after write keys
  vold: Introduce android::vold::writeStringToFile
2019-04-05 18:26:39 +00:00
Paul Crowley
747b421a22 clang-format Utils.cpp
Test: treehugger
Change-Id: I405750812ae037088492bfa7d8db6a8a56cb3425
2019-04-05 04:09:57 -07:00
Tommy Chiu
11621353f2 vold: fsync both file and directory after write keys
Use vold version of writeStringToFile which fsync files, and
manually fsync directories after initialize global DE

(cherry picked from commit a98464f688)

Bug: 71810347
Test: Build pass and reboot stress test.
      Original boot failure symptom is NOT reproducible.
Change-Id: I1ca8f8cf0ccfd01075a9c33f79042e58d99aea26
Merged-In: I1ca8f8cf0ccfd01075a9c33f79042e58d99aea26
2019-04-05 04:06:38 -07:00
Tommy Chiu
97466cb145 vold: Introduce android::vold::writeStringToFile
Remove static definition of writeStringToFile, and
move it from KeyStorage to Utils

(cherry picked from commit 0bd2d11692)

Bug: 71810347
Test: Build pass and reboot stress test.
Change-Id: I38bfd27370ac2372e446dc699f518122e73c6877
Merged-In: I38bfd27370ac2372e446dc699f518122e73c6877
2019-04-05 04:06:18 -07:00