Commit graph

65 commits

Author SHA1 Message Date
Paul Crowley
82b41ff837 Convert vold_prepare_subdirs to C++
Minimize overhead in boot by replacing shell script invoked multiple
times with a C++ program invoked once.

Bug: 67901036
Test: create user, run adb shell ls -laZ /data/misc_ce/10; delete user
    and check logs.
Change-Id: I886cfd6505cca1f5b5902f2071e13f48e612214d
2017-10-24 15:26:58 -07:00
Paul Crowley
56292ef119 Undo Utils dependency on VolumeManager
I want to use Utils in another executable, so breaking this link.

Bug: 25861755
Test: compiles (and boots, though that doesn't exercise changed code)
Change-Id: I6bb447453bb370fefb7f2f3aceb459428bdee6a7
2017-10-20 10:05:36 -07:00
Jeff Sharkey
ae4f85d2ff Introduce lock for SELinux process-level changes.
Used to protect process-level SELinux changes from racing with each
other between multiple threads.

Test: builds, boots
Bug: 67041047
Change-Id: I242afed3c3eb7fba282f1f6b3bdb2d957417c7e8
2017-10-18 17:02:24 -06:00
Jeff Sharkey
3472e52fc2 Move to modern utility methods from android::base.
Moves away from crufty char* operations to std::string utility
methods, including android::base methods for splitting/parsing.

Rewrite of how Process handles scanning procfs for filesystem
references; now uses fts(3) for more sane traversal.

Replace sscanf() with new FindValue() method, also has unit tests.

Remove some unused methods.  Switch almost everyone over to using
modern logging library.

Test: cts-tradefed run commandAndExit cts-dev -m CtsOsTestCases -t android.os.storage.cts.StorageManagerTest
Test: cts-tradefed run commandAndExit cts-dev --abi armeabi-v7a -m CtsAppSecurityHostTestCases -t android.appsecurity.cts.AdoptableHostTest
Bug: 67041047
Change-Id: I70dc512f21459d1e25b187f24289002b2c7bc7af
2017-10-17 12:40:51 -06:00
Paul Crowley
3b71fc5100 Be more C++. volume UUID should always be std::string.
Test: boots
Bug: 67041047
Change-Id: I36d3944ae8de192703b9ee359900841b833fe3a1
2017-10-09 13:36:35 -07:00
Pavel Grafov
e2e2d308df Zero memory used for encryuption keys.
std::vector with custom zeroing allocator is used instead of
std::string for data that can contain encryption keys.

Bug: 64201177
Test: manually created a managed profile, changed it's credentials
Test: manually upgraded a phone with profile from O to MR1.
Change-Id: Ic31877049f69eba9f8ea64fd99acaaca5a01d3dd
2017-08-10 17:31:03 +01:00
Keun-young Park
612270b598 do not sleep if it is shutting down
am: 375ac25773

Change-Id: I576040b0068c27b9c7abd880e390841ce80f9906
2017-08-03 18:24:04 +00:00
Keun-young Park
375ac25773 do not sleep if it is shutting down
- Various sleep(5) for vold shutdown can increase shutdown time a lot.
- If it is shutting down, do not sleep at all. init will take care of
  active partitions if not unmounted.

bug: 64143519
Test: reboot and check logs from vold, check if "ShutdownThread: Shutdown wait timed out" happens.
Change-Id: I7cb91427ad2205fe23a054d255caf7ffdfd9f6c3
2017-08-02 17:45:48 -07:00
Jeff Sharkey
46bb69f49a Progress towards FBE and adoptable storage.
Offer to adopt storage devices on FBE devices, but keep it guarded
behind a system property for now, since we still need to work out key
storage details.

When migrating shared storage, leave user-specific /data/media
directories in place, since they already have the needed crypto
policies defined.

Enable journaling, quotas, and encrypt options when formatting
newly adopted devices.  installd already gracefully handles older
partitions without quota enabled.

Test: cts-tradefed run commandAndExit cts-dev --abi armeabi-v7a -m CtsAppSecurityHostTestCases -t android.appsecurity.cts.AdoptableHostTest
Bug: 62290006, 36757864, 29117062, 37395736
Bug: 29923055, 25861755, 30230655, 37436961
Change-Id: Ibbeb6ec9db2394a279bbac221a2b20711d65494e
2017-06-26 09:53:10 -06:00
Tom Cherry
bd40570e25 Merge "Use WaitForProperty() to wait for restorecon" am: 963a205a1b am: 80ce34d6cb
am: dfd0492354

Change-Id: Id3b68e5b946fc1bf886f59e59fee3960a2899041
2017-06-16 06:01:26 +00:00
Tom Cherry
dfd0492354 Merge "Use WaitForProperty() to wait for restorecon" am: 963a205a1b
am: 80ce34d6cb

Change-Id: I4687810672b51db024f11ad7976562d510de9b81
2017-06-16 05:57:12 +00:00
Tom Cherry
d6127ef795 Use WaitForProperty() to wait for restorecon
We have android::base::WaitForProperty() that uses futexes to
efficiently wait for property value changes, so use that instead
polling.

Test: Boot bullhead
Change-Id: Id964eddbdbfd9b5ceac5ed83a8ed66b9e60008ca
2017-06-15 17:19:32 -07:00
Elliott Hughes
e4775fdbca Merge "vold should #include <sys/sysmacros.h>" am: 398c0e8274 am: 208b464f72 am: fb3e85cf99
am: 048422d46e

Change-Id: I33406265fcf0c77a6289cb429aa6a2cc5e8f7146
2017-05-19 19:01:20 +00:00
Elliott Hughes
048422d46e Merge "vold should #include <sys/sysmacros.h>" am: 398c0e8274 am: 208b464f72
am: fb3e85cf99

Change-Id: I32ed2a66bb60ba1042737b4bbb0a2195a3fe8e6f
2017-05-19 18:38:38 +00:00
Elliott Hughes
0e08e84df0 vold should #include <sys/sysmacros.h>
Bug: https://github.com/android-ndk/ndk/issues/398
Test: builds
Change-Id: I7a1ca1701099886fb493cc5288d6ee867d5f520a
2017-05-18 09:08:24 -07:00
Tom Cherry
805defa9b4 Merge "BuildDataUserCePath always use dir instead of symbolic link" am: fed8ab1d76 am: 7dc93304c8 am: 10211d2207
am: 3559234cd3

Change-Id: Ifc6196804b57bdf9d38a37d594281ef53623f0d3
2017-05-04 00:01:13 +00:00
Tom Cherry
3559234cd3 Merge "BuildDataUserCePath always use dir instead of symbolic link" am: fed8ab1d76 am: 7dc93304c8
am: 10211d2207

Change-Id: I8ab5875455abaaa84cc777a96be23cbad314d3f7
2017-05-03 23:54:25 +00:00
cjbao
eb50114a83 BuildDataUserCePath always use dir instead of symbolic link
Select whichever is real dir instead of symbolic link from either /data/data
or /data/user/0. This is to minimize path walking overhead in kernel.

This works together with Change 369787

Test: Manual test
Change-Id: I338518673fc22ccbfed6ddd6be196931fce18525
Signed-off-by: cjbao <cathy.bao@intel.com>
2017-04-18 19:57:54 +08:00
Jeff Sharkey
246779028f Merge "Abort migration early when not enough space." into oc-dev am: e6c142174c
am: a4c0a3b2ca

Change-Id: Ie50f0ae2dbf7eb1b868606b75d1ade808d34590b
2017-04-04 02:05:21 +00:00
Jeff Sharkey
a0220a5bd4 Abort migration early when not enough space.
Otherwise we potentially waste minutes of the users time copying
data that will never fit.

Also fix bug around storage calculation.  It's confusing, but f_bsize
is not the value you're looking for; the real block size is f_frsize.

Test: builds, boots
Bug: 27590986, 36840579
Change-Id: I77c63e259356824cc75a3adcf3f4af567efdc7aa
2017-04-03 17:13:06 -06:00
Jeff Sharkey
32ebb739cb Enable clang-tidy for security sensitive domain.
Start with clang-analyzer-security* and cert-*, but disable two
specific errors:

-- cert-err34-c, which checks for atoi(); heavily triggered by
CommandListener, but will disappear when we move to Binder.
-- cert-err58-cpp, which checks for exceptions before main(); it's
a "Low" severity issue, and filed 36656327 to track cleanup.

Fix all other triggered errors along the way.

Test: builds, boots
Bug: 36655947
Change-Id: I1391693fb521ed39700e25ab6b16bc741293bb79
2017-03-27 17:14:52 -06:00
Jeff Sharkey
fd3dc3c076 Spread around some O_CLOEXEC love.
Also remove some unnecessary SELinux logic when creating image files
for loop devices.

Test: builds, boots, common operations work
Bug: 34903607
Change-Id: I68dfa022ecc39f56c175e786694e0de35b954ca0
2017-03-27 11:13:36 -06:00
Bowgo Tsai
e8fb6c3000 vold: replacing fs_mgr_read_fstab() with fs_mgr_read_fstab_default()
The original default /fstab.{ro.hardware} might be moved to /vendor/etc/.
or /odm/etc/. Use the new API to get the default fstab instead of using
the hard-coded /fstab.{ro.hardware}.

Bug: 35811655
Test: boot marlin with /vendor/etc/fstab.marlin
Change-Id: I92d6aefe6ff3433b7d1a671358d990bb7b1f2150
2017-03-09 23:31:18 +08:00
Calin Juravle
3a68f14192 Vold: Clean up code related to foreign dex use
We simplified the way we track whether or not a dex file is used by
other apps. DexManger in the framework keeps track of the data and we
no longer need file markers on disk.

Test: device boots, foreign dex markers are not created anymore

Bug: 32871170
Change-Id: Id0360205b019be92049f36eab4339f4736e974f4
2017-03-03 18:24:21 -08:00
Chih-Hung Hsieh
73a3576ef9 Merge \\\"Fix clang-tidy performance warnings in system/vold.\\\" am: e24d4eef9b am: aa668f3d13
am: ed1c4cf456

Change-Id: I345cfce27a2b20048953d85bb2dd39adc34190d8
2016-07-28 00:30:43 +00:00
Chih-Hung Hsieh
aa668f3d13 Merge \"Fix clang-tidy performance warnings in system/vold.\"
am: e24d4eef9b

Change-Id: I8e882391fb343a5dd8b5cd32b2e7c087219334dc
2016-07-27 23:17:57 +00:00
Chih-Hung Hsieh
11a2ce8da3 Fix clang-tidy performance warnings in system/vold.
* Use const reference type for for-loop index variables
  to avoid unnecessary copy.

Bug: 30413223
Change-Id: Id4d980ae8afec1374fc3be0b23f1c6a39bff86e0
Test: build with WITH_TIDY=1
2016-07-27 14:11:02 -07:00
Jeff Sharkey
e30c22a65b Only restorecon CE storage after unlocked.
am: d24aeda425

Change-Id: Ia4151dc87769bb4c4b7bee1bb0a09933c74f3d6c
2016-07-18 16:06:34 +00:00
Jeff Sharkey
d24aeda425 Only restorecon CE storage after unlocked.
On FBE devices, the filenames inside credential-encrypted directories
are mangled until the key is installed.  This means the initial
restorecon at boot needs to skip these directories until the keys
are installed.

This CL uses an existing facility to request that init run a
recursive restorecon over a given path, and it requests that
operation for the CE directories that would have been omitted by
the SKIPCE flag earlier during boot.

Bug: 30126557
Change-Id: I8c7abea27215075a091f615a7185a82a2f4a4a95
2016-07-18 09:52:46 -06:00
Jeff Sharkey
0068f8e490 Consistent creation/destruction of user data. am: be70c9a
am: 30b0a1f

* commit '30b0a1fcdd2c7a60c104ffcd3dca4c9c2c1e682b':
  Consistent creation/destruction of user data.

Change-Id: I72e91bbf15eaf91c72a61a26baf2e6908934958a
2016-04-18 20:05:56 +00:00
Jeff Sharkey
c85be2fc40 Consistent creation/destruction of user data.
am: be70c9a

* commit 'be70c9ae2251ac8f3bfbbe75146f8c533d64e01b':
  Consistent creation/destruction of user data.

Change-Id: Iddb906f6df0587faf95198446c376b2e8d550bec
2016-04-18 19:59:50 +00:00
Jeff Sharkey
be70c9ae22 Consistent creation/destruction of user data.
Preparing and destroying users currently needs to be split across
installd, system_server, and vold, since no single party has all the
required SELinux permissions.

Bug: 27896918, 25861755
Change-Id: Ieec14ccacfc7a3a5ab00df47ace7318feb900c38
2016-04-15 13:47:52 -06:00
Dan Austin
8afff3bfe1 Merge "Address const issues in preparation for libcxx rebase." am: a4f7dad
am: 3cc69fa

* commit '3cc69faa6797ae0cfe43f4243d564fbe14f4cfe4':
  Address const issues in preparation for libcxx rebase.

Change-Id: I58f814d71e5d5c067ade613d0bf8a88911d53424
2016-04-12 22:35:50 +00:00
Dan Austin
49ab5f9e6d Address const issues in preparation for libcxx rebase.
Change-Id: I5199c1eb4e874fd354beefa1232707949483e88d
2016-03-28 13:24:48 -07:00
Yu Ning
942d4e830b Support emulator's virtio-blk based SD card
Currently, vold only supports MMC (for SD cards) and SCSI (for USB
drives) devices. It does not recognize any device whose major number is
not one of those used by MMC and SCSI. Unfortunately, virtio-blk is one
such device. It is used by the new Android emulator (a.k.a. qemu2,
featuring the "ranchu" virtual board) for SD card emulation.

In order to make this virtio-blk based SD card device appear in Android
and appear as an SD card (rather than a USB drive), changes have to be
made to both vold (wherever the device major number is checked) and
ranchu's storage configuration. This CL implements former.

This is a stop-gap solution for emulator in nyc.
A longer term solution in-tune with upstream kernel is in the pipes.

Updated from aosp/master version.

BUG:27431753

Change-Id: I5014edec73be7c5b565d91542464c82cbe58992c
Signed-off-by: Yu Ning <yu.ning@intel.com>
(cherry picked from commit 5b1d1c7dfa13b4dca75213581dc8351b841b76c8)
2016-03-08 12:19:41 -08:00
Calin Juravle
493f5aa160 Create profile folder for foreign dex markers.
This is a special profile folder where apps will leave profile markers
for the dex files they load and don't own. System server will read the
markers and decide if the apks should be fully compiled instead of
profile guide compiled.

Bug: 27334750
Bug: 26080105
Change-Id: Ib18f20cf78a8dbfc465610ec6ceec52699c5420a
2016-02-25 23:31:50 +00:00
Calin Juravle
79f55a461f Prepare user profile folder
Bug: 26719109
Bug: 26563023
Change-Id: I4737b7f73df74b2b787a62db2e231f136115b359
2016-02-19 13:43:02 +00:00
Jeff Sharkey
47695b29af Allow callers to prepare CE/DE user storage.
Give callers the option of preparing CE and/or DE storage.  The
framework will only prepare CE storage after the CE keys have been
unlocked for that user.

When init is calling enablecrypto, kick off the work in a thread so
that we can make other calls back into vold without causing
deadlock.  Leaves blocking call intact for framework callers.

Clean up 'vdc' tool to send useful transaction numbers, and
actually watch for the matching result to come back.  This fixes
race conditions when there are multiple 'vdc' callers.

Also add other system and misc directories to match spec.

Bug: 25796509
Change-Id: Ie4f853db6e387916b845d2b5fb92925d743b063d
2016-02-05 13:03:52 -07:00
Daichi Hirono
10d34887b3 Mount appfuse in process namespace.
BUG=26148108

Change-Id: I2297fd227a4c607054e0403e73bd9c857f580a1c
2016-02-02 18:56:19 +09:00
Jeff Sharkey
fc505c3ff6 Emulate media encryption, always chmod to unlock.
When FBE emulation is enabled, lock/unlock the media directories that
store emulated SD card contents.

Change unlocking logic to always chmod directories back to known
state so that we can recover devices that have disabled FBE
emulation.

Bug: 26010607, 26027473
Change-Id: I6d4bff25d8ad7b948679290106f585f777f7a249
2015-12-07 17:35:58 -07:00
Elliott Hughes
6bf0547ccc resolve merge conflicts of b7d5a47cec to master.
Change-Id: I0c5211a00d92d0ee796bb9c77d2e13675a2a3e8d
2015-12-04 17:55:33 -08:00
Elliott Hughes
a9d5080109 Merge "Track rename from base/ to android-base/."
am: 20a8fa98f6

* commit '20a8fa98f6b858999b623272a182843259e1044c':
  Track rename from base/ to android-base/.
2015-12-04 17:39:41 -08:00
Elliott Hughes
7e128fbe21 Track rename from base/ to android-base/.
Change-Id: I3096cfa50afa395d8e9a8043ab69c1e390f86ccb
2015-12-04 15:50:53 -08:00
Jeff Sharkey
d2c96e7883 New granular encryption commands for framework.
We now have separate methods for key creation/destruction and
unlocking/locking.  Key unlocking can pass through an opaque token,
but it's left empty for now.

Extend user storage setup to also create system_ce and user_de
paths.  Bring over some path generation logic from installd.

Use strong type checking on user arguments.

Bug: 22358539
Change-Id: I00ba15c7b10dd682640b3f082feade4fb7cbbb5d
2015-11-10 15:57:14 -08:00
Bill Yi
abcf4c6fca Merge commit 'aebfa6e7eee173b8e02f869c3a25cfe2a5fffb9b' into HEAD 2015-11-03 14:30:42 -08:00
Elliott Hughes
8185d3d8ba Merge "Fix ioctl parameter" am: 0eaad8ce8c
am: 5cd32f73d8

* commit '5cd32f73d8b5e6db60d397d102e5b1b193a76c77':
  Fix ioctl parameter
2015-10-29 20:44:35 +00:00
caozhiyuan
9102b0b175 Fix ioctl parameter
Change-Id: I922c8ae77056db81bc5152346299a07a34c527d2
2015-10-29 08:48:20 +00:00
Jeff Sharkey
71ac649c1d Kill apps using storage through bind mounts.
am: 89f74fbf25

* commit '89f74fbf2529d708534c041d2b711af0f1feff9f':
  Kill apps using storage through bind mounts.
2015-10-21 23:08:56 +00:00
Jeff Sharkey
89f74fbf25 Kill apps using storage through bind mounts.
When unmounting an emulated volume, look for apps with open files
using the final published volume path.

Without this change, we were only looking at the internal paths
used for runtime permissions, which apps never use directly.  This
meant we'd always fail to unmount the volume if apps didn't respect
the EJECTING broadcast, and volume migration would end up wedged
until the device rebooted.

Bug: 24863778
Change-Id: Ibda484e66ab95744c304c344b226caa5b10b7e2e
2015-10-21 15:05:49 -07:00
Oleksiy Avramchenko
e76cf536a4 Promote free bytes calculation to 64 bits
The expression otherwise overflows for large devices.
It's fsblkcnt_t -> unsigned long, which is 32 bit on ARMv7.

Change-Id: I46c5e00558b7dbd6abd50fae4727396079044df2
2015-10-07 13:13:38 +02:00