Commit graph

21 commits

Author SHA1 Message Date
Jeff Sharkey
3472e52fc2 Move to modern utility methods from android::base.
Moves away from crufty char* operations to std::string utility
methods, including android::base methods for splitting/parsing.

Rewrite of how Process handles scanning procfs for filesystem
references; now uses fts(3) for more sane traversal.

Replace sscanf() with new FindValue() method, also has unit tests.

Remove some unused methods.  Switch almost everyone over to using
modern logging library.

Test: cts-tradefed run commandAndExit cts-dev -m CtsOsTestCases -t android.os.storage.cts.StorageManagerTest
Test: cts-tradefed run commandAndExit cts-dev --abi armeabi-v7a -m CtsAppSecurityHostTestCases -t android.appsecurity.cts.AdoptableHostTest
Bug: 67041047
Change-Id: I70dc512f21459d1e25b187f24289002b2c7bc7af
2017-10-17 12:40:51 -06:00
Jeff Sharkey
67b8c49530 Make Loop::destroyAll() smarter.
Instead of blindly looping across 4096 possible devices, use
readdir() to only look at valid devices.  This speeds up destroyAll()
from 40ms to 0.7ms.

Add tracing information in several places.

Test: external/chromium-trace/systrace.py -b 128768 sched freq am pm ss core_services binder_driver -a system_server,installd,vold
Bug: 65634729, 65737446
Change-Id: If581de47fb55850c0fcd6e25bf33ed246e1b079d
2017-09-21 17:11:07 -06:00
Jeff Sharkey
cbe69fc060 Destroy vold socket interface completely.
Long live Binder.

Test: yes
Bug: 13758960
Change-Id: If6be379b5a873f1b0c66dd1522b87413ad10fc46
2017-09-18 16:00:14 -06:00
Jeff Sharkey
11c2d380a7 Move even more vold commands over to Binder.
This moves fstrim, obb and appfuse commands over to the new Binder
interface.  This change also separates creating/destroying and
mounting/unmounting of OBB volumes, which means they finally flow
nicely into the modern VolumeInfo/VolumeBase design.

We now generate unique identifiers for all OBB volumes, instead of
using a shady MD5 hash.

Change all "loop" and "dm" devices to tag the kernel resources with
a vold-specific prefix so that we can clean them up if vold crashes;
there are new destroyAll() methods that handle this cleanup.

Move appfuse mounting/unmounting into VolumeManager so it can be
shared.  Move various model objects into a separate directory to
tidy things up.

Test: cts-tradefed run commandAndExit cts-dev -m CtsOsTestCases -t android.os.storage.cts.StorageManagerTest
Bug: 13758960
Change-Id: I7294e32b3fb6efe07cb3b77bd20166e70b66958f
2017-09-11 18:44:17 -06:00
Jeff Sharkey
32ebb739cb Enable clang-tidy for security sensitive domain.
Start with clang-analyzer-security* and cert-*, but disable two
specific errors:

-- cert-err34-c, which checks for atoi(); heavily triggered by
CommandListener, but will disappear when we move to Binder.
-- cert-err58-cpp, which checks for exceptions before main(); it's
a "Low" severity issue, and filed 36656327 to track cleanup.

Fix all other triggered errors along the way.

Test: builds, boots
Bug: 36655947
Change-Id: I1391693fb521ed39700e25ab6b16bc741293bb79
2017-03-27 17:14:52 -06:00
Mateusz Nowak
a4f48d0f44 vold: fix 64 bit ioctl error
Changing the num_sectors used in ioctl with BLKGETSIZE because
the kernel expects an unsigned long type and then changes 64 bits
with a 64 bits userspace. This overwrites what's located close to
the parameter location if any.

Change-Id: I78fd61a1084de2741f39b926aa436462518709a0
Signed-off-by: Mateusz Nowak <mateusz.nowak@intel.com>
Signed-off-by: Zhiquan Liu <zhiquan.liu@intel.com>
2015-10-21 11:16:19 +08:00
Jeff Sharkey
ce6a913aea Exclusive exec() path, format after partition.
Sadly setexeccon() is process global, so we need to carefully ensure
that all exec() are mutually exclusive to avoid transitioning into
unwanted domains.  Also, because we have several threads floating
around, we need to guard all our FDs with O_CLOEXEC.

Format all newly created volumes immediately after partitioning,
but silence all events emitted from those volumes to prevent the
framework from getting all excited.  Unify all notify events under a
single codepath to make them easy to silence.

Sent SIGINT before escalating to SIGTERM when unmounting.

Bug: 19993667
Change-Id: Idc6c806afc7919a004a93e2240b42884f6b52d6b
2015-04-11 08:48:13 -07:00
Tim Murray
8439dc9fd5 Make vold compile with -Werror -Wall.
-Wno-missing-field-initializers is used as well, but that is an
overzealous warning from initializing structs with {0} and not a
real warning.

bug 18736778 and 16868177

Change-Id: Iffde89cd7200d9a11193e1614f1819f9fcace30a
2014-12-18 00:21:21 +00:00
Daniel Rosenberg
fcd34a0ddd Added support for ext4 ASEC resizing.
ASECs formatted as ext4 can now be resized using vdc asec resize.
Refactored some common code.
Requires resize2fs.

Change-Id: Ie78bb6015114a7bc4af42b16d1f299322ffc1e2a
Signed-off-by: Daniel Rosenberg <drosen@google.com>
2014-06-10 22:15:33 +00:00
Chih-Wei Huang
7929deb206 Fix compiling warnings
The patch removes the following warnings:

system/vold/vdc.c: In function 'do_cmd':
system/vold/vdc.c:71:17: warning: comparison between signed and unsigned integer expressions [-Wsign-compare]
[...]

In file included from system/vold/Fat.cpp:34:0:
bionic/libc/kernel/common/linux/fs.h:109:0: warning: "MS_RMT_MASK" redefined [enabled by default]
In file included from system/vold/Fat.cpp:31:0:
bionic/libc/include/sys/mount.h:64:0: note: this is the location of the previous definition
[...]

Change-Id: I1e950dcec87f8bae0cec61a1611126b3abc0c90e
2013-02-10 23:34:36 +08:00
Mike Lockwood
273d354919 am 2c9d8de7: Merge "Prevent buffer overflows."
* commit '2c9d8de79a0dd7f894c65777a197c86486aff96c':
  Prevent buffer overflows.
2011-06-29 06:42:33 -07:00
Peter Bohm
092aa1c585 Prevent buffer overflows.
To eliminate possible buffer overflows some strcpy,
sprintf and strcat have been changed to strlcpy,
snprintf and strlcat.

Change-Id: Ieb9d4b600c894946a6492f8629ff39f2fcc106d3
Signed-off-by: Oskar Andero <oskar.andero@sonyericsson.com>
2011-06-27 10:04:05 +02:00
Olivier Bailly
37dcda68d3 Add missing include headers for compilation on Intel target for Google TV.
Change-Id: I9f71b5e871671d1d64ad37f78a8944653409b8e1
2010-11-16 10:41:53 -08:00
San Mehat
97ac40e4e6 vold: Switch from LOG -> SLOG
Change-Id: I48ee8bd90b47f5845f069cdf4d1b8ba6ecdb1b39
Signed-off-by: San Mehat <san@google.com>
2010-03-25 08:02:28 -07:00
San Mehat
d9a4e35861 vold: Bugfixes & cleanups
- Fix issue where container-names > 64 bytes were getting truncated in the
    kernel. lo_name is only 64 bytes in length, so we now hash the container
    id via md5
  - Add 'dump' command to dump loop and devicemapper status
  - Add 'debug' command to enable more detailed logging at runtime
  - Log vold IPC arguments (minus encryption keys)
  - Fix premature return from Loop::lookupActive() and friends

Change-Id: I0e833261a445ce9dc1a8187e5501d27daba1ca76
Signed-off-by: San Mehat <san@google.com>
2010-03-13 16:42:19 -08:00
San Mehat
fcf24fe62f vold: Add a versioned superblock to secure containers.
Add an un-encrypted superblock to the end of a secure container to
help identify the crypto cipher used. This is required in order to
provide some semblence of versioning, in case we have cause to
change the crypto type on an update - say for example switching
from software to hardware encryption, or from 128 -> a zillion
bit keys.

NOTE: This format is incompatible with previous secure containers.
After this change they will no longer be mountable.

Signed-off-by: San Mehat <san@google.com>
2010-03-03 12:40:34 -08:00
San Mehat
d31e380bd9 vold2: Don't allow containers < 1mb, and clean up some logging
Signed-off-by: San Mehat <san@google.com>
2010-02-18 11:48:49 -08:00
San Mehat
8c940ef7db vold: Fix devmapper/ptmx fd leak, and give asec unmount more time
Signed-off-by: San Mehat <san@google.com>
2010-02-13 18:59:48 -08:00
San Mehat
0586d54053 vold2: Fix issue with destroying / unmounting asec
Signed-off-by: San Mehat <san@google.com>
2010-01-12 15:38:59 -08:00
San Mehat
8b8f71b1d7 vold: Internally use sector counts for asec lengths
Signed-off-by: San Mehat <san@google.com>
2010-01-11 09:17:25 -08:00
San Mehat
b78a32c1d5 vold: Add encrypted ASEC support via devmapper
- Supports up to 4096 containers
- Keys are now implemented - specifying a key of 'none' means no encryption.
  Otherwise, the key must be a string of 32 characters

Signed-off-by: San Mehat <san@google.com>
2010-01-11 08:12:52 -08:00