This is part of the change to support early/late fstab mounting in order
to support starting key services before /data mounting
fs_mgr_mount_all function updated with a parameter to support mounting mode
More information refer to init/readme.txt
(cherry picked from commit 1d6476c3c8)
Bug: 30118894
Change-Id: I5e925b900fd477f230a90514cc2b561c7a7e9f49
This is part of the change to support early/late fstab mounting in order
to support starting key services before /data mounting
fs_mgr_mount_all function updated with a parameter to support mounting mode
More information refer to init/readme.txt
(cherry picked from commit 1d6476c3c8)
Bug: 30118894
Change-Id: I5e925b900fd477f230a90514cc2b561c7a7e9f49
For adoptable storage and FBE to coexist we need a new dm-biocrypt
kernel feature which isn't ready yet. So for now, prevent devices
from being adopted on FBE devices.
Bug: 30770036
Change-Id: I47639209161ee403ce13ea9a60da235e97c3fc30
(cherry picked from commit 1571751109)
This is part of the change to support early/late fstab mounting in order
to support starting key services before /data mounting
fs_mgr_mount_all function updated with a parameter to support mounting mode
More information refer to init/readme.txt
Bug: 30118894
Change-Id: I5e925b900fd477f230a90514cc2b561c7a7e9f49
For adoptable storage and FBE to coexist we need a new dm-biocrypt
kernel feature which isn't ready yet. So for now, prevent devices
from being adopted on FBE devices.
Bug: 30770036
Change-Id: I47639209161ee403ce13ea9a60da235e97c3fc30
The default non-blocking mode doesn't log stdout/err from the
commands exec'ed during a move.
Bug: 29923055
Change-Id: I9de3fe9bfcfa3c1d39a32ecc89dd765202460376
* Use const reference type for for-loop index variables
to avoid unnecessary copy.
Bug: 30413223
Change-Id: Id4d980ae8afec1374fc3be0b23f1c6a39bff86e0
Test: build with WITH_TIDY=1
Ephemeral users don't have keys stored on disk at all, so it's neither
necessary nor possible to manipulate the disk keys here.
Bug: 30038313
Change-Id: Idc7ec1bfe1e8a6ffa6cee2f284dbe378097b08da
Also add matching cleanup to EVP_EncryptInit_ex for symmetry (though I'm not
convinced it actually leaks memory)
Change-Id: Icf72dd9e0295d8b6ea55909266a43e684b16420f
On FBE devices, the filenames inside credential-encrypted directories
are mangled until the key is installed. This means the initial
restorecon at boot needs to skip these directories until the keys
are installed.
This CL uses an existing facility to request that init run a
recursive restorecon over a given path, and it requests that
operation for the CE directories that would have been omitted by
the SKIPCE flag earlier during boot.
Bug: 30126557
Change-Id: I8c7abea27215075a091f615a7185a82a2f4a4a95
Don't rely on cryptographic binding of secdiscard to key; securely
delete the other information needed to reconstruct the key too.
Bug: 26021231
Change-Id: If03d2c051b0ec2fdcb5c6f70bde7e3287424f216
On a device where we can't BLKSECDISCARD sectors, we "overwrite" them
with zeroes. This changes the FTL to remap those sectors to new
locations. With this done, the old contents are accessible only given
a compromise of flash firmware or a die level attack.
Bug: 26021231
Change-Id: Ia065921389886fac1ba456c19c138187237c2561
