Commit graph

6 commits

Author SHA1 Message Date
Eric Biggers
fb486660ca Increase early boot logging to kernel log
Make vold log warnings and errors to the kernel log until both
init_user0 has run and /data is mounted.  Previously it only logged
errors, and not warnings, to the kernel log until /data is mounted.

This is helpful to diagnose failures of init_user0, since adb still
isn't started by that point.

Also, error messages can be misleading without seeing related warning
messages, e.g. the following which is expected on many devices:

    E vold    : keystore2 Keystore generateKey returned service specific error: -67
    W vold    : Failed to generate rollback-resistant key.  This is
                expected if keystore doesn't support rollback
                resistance.  Falling back to non-rollback-resistant key.

Therefore, increase the log level to WARNING and above.

Test: Intentionally broke fscrypt_init_user0(), then verified that the
      error and warning messages appear in the kernel log on Cuttlefish.
Bug: 205314634
Bug: 222540970
Change-Id: Ia751f7c88cbf28caf81e891a518953cc0cee911e
2022-03-22 00:33:52 +00:00
Eric Biggers
18ba15223c vold: add getUnlockedUsers() method to Binder interface
This is needed so that system_server can remind itself about which users
have their storage unlocked, if system_server is restarted due to a
userspace reboot (soft restart).

Bug: 146206679
Test: see I482ed8017f7bbc8f7d4fd5a2c0f58629317ce4ed
Change-Id: I02f0494d827094bd41bcfe5f63c24e204b728595
(cherry picked from commit 1799debfd6)
2021-04-13 10:53:00 -07:00
Satya Tangirala
e13617100d Remove HardwareAuthToken support from vold::Keymaster
HardwareAuthTokens are no longer used by vold since Android P. So remove
the auth token parameter from vold. This patch doesn't remove the token
from IVold.aidl, and the methods in VoldNativeService.cpp return an
error if a non-empty auth token is passed to them.

Bug: 181910578
Test: cuttlefish and bramble boot with patch
Change-Id: I1a9f54e10f9efdda9973906afd0a5de5a699ada5
2021-04-07 02:05:35 -07:00
Barani Muthukumaran
b1927c2a0a vold: Do not cache CE keys in vold
CE keys were cached in vold to support untrusted reset
by a device admin, this is now supported by Locksettingservice
using synthetic password. This change requires a secret to be
provided to retrieve the CE key and re-wrap without the secret
when user removes the credential.

Test: Set credential, remove credential, swipe to none
and vice-versa.
Bug: 26948053
Merged-In: I4cb1c035a472477e70c1ff5bf0b2c3fcfad495e5
Change-Id: I4cb1c035a472477e70c1ff5bf0b2c3fcfad495e5
2020-01-24 00:20:22 +00:00
Paul Crowley
c8a3ef3f3c Create a per-boot key on each boot
Bug: 140882488
Test: Booted twice, checked logs to ensure encryption
    is different each time, adb created files in directory.
Change-Id: I74077bf8f727dab726c25f512ed7406a74cbe0bf
2019-09-13 15:46:48 -07:00
Eric Biggers
a701c458ca vold: rename from "ext4 encryption" to fscrypt
We support file-based encryption on both ext4 and f2fs now, and the
kernel API is the same.  So rename things appropriately in vold:

    e4crypt => fscrypt
    ext4enc => fscrypt
    Ext4Crypt => FsCrypt
    EXT4_* => FS_*
    ext4_encryption_key => fscrypt_key

Additionally, the common functions shared by 'vold' and 'init' are now
in libfscrypt rather than ext4_utils.  So update vold to link to
libfscrypt and include the renamed headers.

Note: there's a chance of 'fscrypt' being confused with the dm-crypt
based encryption code in vold which is called 'cryptfs'.  However,
fscrypt is the name used in the kernel for ext4/f2fs/ubifs encryption,
and it's preferable to use the same name in userspace.

Test: built, booted device with f2fs encryption
Change-Id: I2a46a49f30d9c0b73d6f6fe09e4a4904d4138ff6
2018-10-25 17:12:32 -07:00
Renamed from Ext4Crypt.h (Browse further)