Commit graph

3263 commits

Author SHA1 Message Date
Jaegeuk Kim
7f4a71c2ff Merge changes from topic "fscompression"
* changes:
  vold: clean up configuration set
  vold: support F2FS compression
2020-04-14 15:54:18 +00:00
Jaegeuk Kim
c52f6724ed vold: clean up configuration set
This patch introduces a structure to manipulate many configuration flags.

Signed-off-by: Jaegeuk Kim <jaegeuk@google.com>
Change-Id: Ib15d2b6e251741160d2febe695132a37f9dde23c
2020-04-13 13:14:14 -07:00
Treehugger Robot
0e9fbe4a3e Merge "Send earlyBootEnded notice to all Keymasters" 2020-04-09 22:07:40 +00:00
Shawn Willden
28eddbd2ef Send earlyBootEnded notice to all Keymasters
Vold incorrectly sends the earlyBootEnded signal only to the Keymaster
instance used for device encryption, but all of them need it.

Bug: 152932559
Test: VtsHalKeymasterV4_1TargetTest
Merged-In: Id8f01a1dc7d2398395f369c3ea74656a82888829
Change-Id: Id8f01a1dc7d2398395f369c3ea74656a82888829
2020-04-09 15:22:43 -06:00
Paul Crowley
479588c68e Merge "Choose options format using property" 2020-04-07 03:23:57 +00:00
Paul Crowley
f56d553bab Choose options format using property
To make it easier to support disk formats created using old versions
of dm-default-key with new kernels, choose the disk format to use
based on options_format_version and first_api_version properties
instead of checking the version number of the kernel module.

Bug: 150761030
Test: crosshatch and cuttlefish boot normally; cuttlefish
    fails with "default-key: Not enough arguments" as expected when
    option is set to 1
Change-Id: Ib51071b7c316ce074de72439741087b18335048c
2020-04-06 08:45:32 -07:00
Jaegeuk Kim
f64d30aa82 vold: support F2FS compression
Bug: 134580167
Change-Id: Iadd001dc5ce0f91a4337f5b27ea8cc54f9760b0d
Signed-off-by: Jaegeuk Kim <jaegeuk@google.com>
2020-04-03 14:02:14 -07:00
Yurii Zubrytskyi
29ee196fb5 Merge "[vold] update with incfs_ndk.h" 2020-04-03 17:25:05 +00:00
Songchun Fan
27819332a8 [vold] update with incfs_ndk.h
BUG: 150470163
Test: atest PackageManagerShellCommandIncrementalTest
Change-Id: I5166c49cf48f353dab35e385571ada517cb751ac
Merged-In: I5166c49cf48f353dab35e385571ada517cb751ac
2020-04-01 16:27:37 -07:00
Yurii Zubrytskyi
10a372f1d2 Merge changes from topic "merge-incremental-vold"
* changes:
  [vold] Add argument verification to IncFS methods
  Expose new IncFS interface through Vold
2020-03-26 07:23:11 +00:00
Yurii Zubrytskyi
9e7482ece1 [vold] Add argument verification to IncFS methods
+ Get rid of an extra string copy in path validation function

Bug: 152349257
Test: atest vold_tests
Change-Id: I03a8cab0dd6abd7d5c9dcbbc2acb651e818e6cd8
Merged-In: I03a8cab0dd6abd7d5c9dcbbc2acb651e818e6cd8
2020-03-25 17:21:49 -07:00
Yurii Zubrytskyi
d05bcc8070 Expose new IncFS interface through Vold
CL is a part of multi-repository topic and will be merged
to AOSP

Bug: 146080380
Test: manual

Change-Id: I09b33a34ff1ac7f6e415b7bd090c22e7df24d72d
Merged-In: I09b33a34ff1ac7f6e415b7bd090c22e7df24d72d
2020-03-24 14:26:27 -07:00
Nikita Ioffe
eaa3443ad8 Merge "fskeyring & userspace reboot: support CE keys" 2020-03-11 16:10:35 +00:00
Nikita Ioffe
1c6731c649 fskeyring & userspace reboot: support CE keys
During userspace reboot /data might be unmounted & remounted, meaning
that CE keys stored in fs-level keyring will be lost. In order to be
able to restore them, when installing new key to fs-level keyring, it's
also added to session-level keyring with type "fscrypt-provisioning".

Then when init_user0 is called during userspace reboot, vold will try to
load CE keys from the session-level keyring back into fs-level keyring
for all the users that were unlocked before the reboot.

If for any user vold fails to install the key, init_user0 will fail and
fallback to hard reboot will be triggered.

Test: set a pin pattern
Test: adb shell setprop sys.init.userdata_remount.force_umount 1
Test: adb shell svc power reboot userspace
Test: atest CtsUserspaceRebootHostSideTestCases
Bug: 143970043
Change-Id: I37603dc136c7ededc7b0381e4d730cb0ffd912b4
Merged-In: I37603dc136c7ededc7b0381e4d730cb0ffd912b4
(cherry picked from commit 1ee35cf002)
2020-03-11 11:46:46 +00:00
Paul Crowley
3b3a13a81a Merge "Use the blk_device supplied by vdc encryptFstab" 2020-03-05 15:59:18 +00:00
Automerger Merge Worker
ac589ee784 Merge "fskeyring & userspace reboot: support DE keys" am: 3b719ed32e
Change-Id: I23ff1535eacf875561c6fef250b431fe17b6dc14
2020-03-04 15:19:40 +00:00
Nikita Ioffe
3b719ed32e Merge "fskeyring & userspace reboot: support DE keys" 2020-03-04 15:02:23 +00:00
Nikita Ioffe
f0550af103 fskeyring & userspace reboot: support DE keys
During userspace reboot /data might be unmounted, which means that if
device supports filesystem keyring, DE keys will be lost and are needed
to be re-installed.

Test: adb shell setprop sys.init.userdata_remount.force_umount 1
Test: adb shell svc power reboot userspace
Test: atest CtsUserspaceRebootHostSideTestCases
Bug: 143970043
Change-Id: I153caa1d7c373b3c906a34f1184c681e52854a9d
Merged-In: I153caa1d7c373b3c906a34f1184c681e52854a9d
(cherry picked from commit 1eaea5a6a2)
2020-03-04 12:18:53 +00:00
Automerger Merge Worker
20f9f29d53 Merge "umount /data/user/0 before umount /data" am: 3a0fd35b62
Change-Id: Ibb3aa685585e8dab22f504a7f862cad5e551ca96
2020-03-04 04:53:16 +00:00
Treehugger Robot
3a0fd35b62 Merge "umount /data/user/0 before umount /data" 2020-03-04 04:34:46 +00:00
Hyangseok Chae
3cf3233bac umount /data/user/0 before umount /data
FDE device has shut down and restart the framework.
But restart is not triggered due to umount fail.
umount /data fail with "device is busy"
It is because bind mount /data/data to /data/user/0

We need umount /data/user/0 before umount /data

Bug: 148004718
Test: Flash GSI and check boot with FDE and FBE device.
Change-Id: I919f9e31a9d2d745b297a7ab99b399aa9b293b39
2020-03-04 02:27:50 +00:00
Paul Crowley
48aa90cd6b Use the blk_device supplied by vdc encryptFstab
fs_mgr may put other dm devices on top of the raw disk, such as for
checkpointing, and it hands metadata encryption the uppermost device in
vdc. That's what should be encrypted, not the raw disk.

Bug: 150354860
Test: Treehugger
Change-Id: I279f087b1b7aded40c5a62281154851ce970ba70
2020-03-02 13:52:22 -08:00
Automerger Merge Worker
c63694c6e1 Merge "Use optional for nullable types" am: deb7085453
Change-Id: Iea4d8e042d65e2ed1befa6dc18c822f2982c41ab
2020-02-27 03:22:54 +00:00
Jooyung Han
deb7085453 Merge "Use optional for nullable types" 2020-02-27 03:06:14 +00:00
Jooyung Han
d75a10ac6f Use optional for nullable types
AIDL generates optional<T> for nullable T types for C++, which is more
efficient and idomatic and easy to use.

Bug: 144773267
Test: build/flash/boot
Merged-In: I98549c8614c9152d5d45e2f1f33f2f3c31a9bbbf
Change-Id: I98549c8614c9152d5d45e2f1f33f2f3c31a9bbbf
(cherry picked from commit 0568fd287cfc0affc8e985f21da3793cdda286a3)
2020-02-20 17:32:21 +09:00
Automerger Merge Worker
17d85205bd Merge "Make CTS not HEH the default post Q" am: 39969f0288
Change-Id: I0cb0430214ab69656c6e7f3116194b63eb54672b
2020-02-19 23:20:59 +00:00
Treehugger Robot
39969f0288 Merge "Make CTS not HEH the default post Q" 2020-02-19 23:04:37 +00:00
Paul Crowley
eb241a1d65 Make CTS not HEH the default post Q
Making HEH the default was always a mistake and a giant foot-gun.
Let's make life easier for people by making the default depend on
first_api_level, so it's automatically set up right for new devices
without breaking old ones. Also use v2 fscrypt keys instead of v1 post
Q.

Bug: 147107322
Test: Various Cuttlefish configurations
Change-Id: I5432bdfd6fec6ed34e7f9ab7cdd32cdeb2a03472
2020-02-19 10:27:48 -08:00
Automerger Merge Worker
01759662fd Merge "Fix unaligned access to auth token user_id" am: 21a17b091e
Change-Id: If1b44823f6758c9428b5874b2629579f384399b7
2020-02-18 23:40:09 +00:00
Automerger Merge Worker
b6421644ec Merge "Remove unused code in VoldUtil.h" am: e19189bd7f
Change-Id: I52b8e04f85890a1a320c47a191bf1c0429e058a4
2020-02-18 23:40:04 +00:00
Automerger Merge Worker
6891eb7e2d Merge changes from topics "metadata_wrapped_key_aosp", "volume_metadata" am: 36fd1ebfae
Change-Id: Ieb478426e40feffcefd3a5e478e5e1c5d72539b7
2020-02-18 23:39:37 +00:00
Paul Crowley
21a17b091e Merge "Fix unaligned access to auth token user_id" 2020-02-18 23:18:46 +00:00
Paul Crowley
e19189bd7f Merge "Remove unused code in VoldUtil.h" 2020-02-18 23:18:30 +00:00
Paul Crowley
36fd1ebfae Merge changes from topics "metadata_wrapped_key_aosp", "volume_metadata"
* changes:
  On newer devices, use dm-default-key to encrypt SD cards
  vold: Wrapped key support for metadata encryption
  Refactor: make makeGen local
2020-02-18 23:17:07 +00:00
Paul Crowley
886e572009 On newer devices, use dm-default-key to encrypt SD cards
The dm-crypt solution requires a kernel patch that won't be present in
the GKI kernel, while the new metadata encryption system in the GKI
kernel solves this problem in a much cleaner way.

Test: create private volume on Cuttlefish, setting property both ways.
Bug: 147814592
Change-Id: Ie02bd647c38d8101af2bbc47637f65845d312cea
2020-02-18 13:01:00 -08:00
Barani Muthukumaran
312b7df621 vold: Wrapped key support for metadata encryption
metadata_encryption fstab option provides details on the cipher
and flags used for metadata encryption. wrappedkey_v0 is provided
to dm-default-key dm device when a wrapped key is used. The
inline encryption hardware unwraps the key and derives the
encryption key used to encrypt metadata without returning the key
in the clear to software.

Bug: 147733587
Test: FBE with metadata encryption using wrapped keys.
Change-Id: Ibf69bdc12bb18d2f0aef8208e65f3a8dececfd2a
2020-02-18 12:51:06 -08:00
Paul Crowley
249c2fb4aa Refactor: make makeGen local
No need for KeyUtil to know how to make a KeyGeneration, it's cleaner
if each module handles it separately. Also, create a CryptoOptions
structure to track metadata encryption options, and simplify legacy
cipher/option handling.

Test: Treehugger
Bug: 147814592
Change-Id: I740063882914097329ff72348d0c0855c26c7aab
2020-02-18 12:49:36 -08:00
Paul Crowley
d281de75ad Fix unaligned access to auth token user_id
Bug: 65232288
Test: Set a pattern on cuttlefish, ensure we can unlock
Change-Id: I5ee09cf72ab7d3d636a25755134bfad6f88265f9
2020-02-18 11:00:15 -08:00
Paul Crowley
2ae96731ac Remove unused code in VoldUtil.h
Test: Treehugger
Change-Id: I87585852af49ee49d63e3b1cde579114f855118b
2020-02-18 10:48:16 -08:00
Paul Crowley
79b853551d Merge "Refactor key generation to handle both normal and metadata encryption." am: 8e0780cba2
Change-Id: I59510b64f6803f5e76fefa359abfcc9207420126
2020-02-15 02:03:19 +00:00
Paul Crowley
8e0780cba2 Merge "Refactor key generation to handle both normal and metadata encryption." 2020-02-15 01:40:26 +00:00
Paul Crowley
4eac264727 Refactor key generation to handle both normal and metadata encryption.
Bug: 147733587
Test: Treehugger
Change-Id: Iee176037dec2621c84da325c2627f988fcebbc8d
Merged-In: Iee176037dec2621c84da325c2627f988fcebbc8d
2020-02-14 13:59:06 -08:00
Paul Crowley
b272b21a0a Merge "Refactor MetadataCrypt.cpp to make create_crypto_blk_dev more general" am: 7566e467ab
Change-Id: Ib59c92bf516a171bfebc7c11be92502b37acf375
2020-02-14 21:07:09 +00:00
Paul Crowley
7566e467ab Merge "Refactor MetadataCrypt.cpp to make create_crypto_blk_dev more general" 2020-02-14 20:48:35 +00:00
Paul Crowley
b62afed286 Merge changes Ic3993c1f,I06645bb4 am: ac34e9aa3e
Change-Id: I4e11f42f1f302f8a08f60756cf08356aac8652cd
2020-02-14 18:25:49 +00:00
Paul Crowley
ac34e9aa3e Merge changes Ic3993c1f,I06645bb4
* changes:
  Generalize CryptoType infrastructure
  Refactor CryptoType to use better names, and size_t not uint32_t
2020-02-14 18:17:56 +00:00
Paul Crowley
572c024853 Refactor MetadataCrypt.cpp to make create_crypto_blk_dev more general
Bug: 147814592
Test: Treehugger
Change-Id: I13c6f84d729f2953f78626493d6e6d34d578a013
2020-02-14 01:15:35 -08:00
Paul Crowley
220567c33a Generalize CryptoType infrastructure
More consistency between MetadataCrypt and cryptfs, and steps towards
supporting Adiantum properly in MetadataCrypt.

Test: create private volume on Cuttlefish
Bug: 147814592
Change-Id: Ic3993c1fde11b4f5a9e6cc8ee588a7d92241c6ab
2020-02-14 00:48:27 -08:00
Paul Crowley
a661fb659b Refactor CryptoType to use better names, and size_t not uint32_t
Test: treehugger
Bug: 147814592
Change-Id: I06645bb4941794797beebf05b817c4ac52e09cd7
2020-02-13 16:40:25 -08:00
Automerger Merge Worker
47aff8772d Merge "Use DM layer directly to manage private DM volumes" am: dd12ea5bd2
Change-Id: Ifb77dd72e810e758ac3a6105e13f7ea4341dca36
2020-02-13 18:43:57 +00:00