Commit graph

31 commits

Author SHA1 Message Date
Eric Biggers
c7c4f5a902 Check for SELinux labelling errors
It's essential that files created by vold get the correct SELinux
labels, so make sure to check for errors when setting them.

ENOENT (no label defined) is expected on some files such as
/mnt/appfuse/*, so allow ENOENT but log a DEBUG message.

This will help debug b/269567270.  This is not a fix for b/269567270.

Bug: 269567270
Test: Created user and checked SELinux labels of user's directories
Test: atest CtsBlobStoreHostTestCases
Change-Id: Ife005bdd896952653943c57336deb33456f7c5d8
2023-03-01 22:11:29 +00:00
Austin Delgado
b0f997deae Revert "Strictly check for SELinux labelling errors"
This reverts commit 2ef4e85448.

Reason for revert: b/271157681

Change-Id: I7224fd68027e2e9824694171547b8b2c808f9923
2023-02-28 21:58:08 +00:00
Eric Biggers
2ef4e85448 Strictly check for SELinux labelling errors
It's essential that files created by vold get the correct SELinux
labels, so make sure to check for errors when setting them.

This will help debug b/269567270.  This is not a fix for b/269567270.

Bug: 269567270
Test: Created user and checked SELinux labels of user's directories
Change-Id: I99e4d530a00f9401532c9cb0990df254b7a12a80
2023-02-27 21:01:25 +00:00
Eric Biggers
629c63414e Fix logspam when user removed before CE storage prepared
Due to frameworks/base commit 5c65b1ee1023 ("Don't prepare CE storage on
user creation") (http://ag/20241697), removing a user immediately after
creating it causes the user's directories to be destroyed before CE
storage was prepared.

Functionally this works fine; however, it causes some error messages to
be spammed to the log because 'vold_prepare_subdirs destroy' doesn't
like that /data/misc_ce/$userId and /data/vendor_ce/$userId don't exist.
vold_prepare_subdirs logs two error messages itself, but it also exits
with a failure status, which bubbles up and causes a Slog.wtf with a
stack trace in StorageManagerService.

Fix this by making rmrf_contents() simply return true if the directory
doesn't exist.

Bug: 232452368
Test: 'pm create-user 10 && pm remove-user 10' and check logcat
Change-Id: I867a915f4b25e1a5f0603fbd84680b673ff5eb96
2023-02-24 22:38:06 +00:00
Mohammad Samiul Islam
b459591fd1 Create misc_ce and misc_de directories on /mnt/expand
We want to store sdk data on the same volume as app data. Since sdk data
is stored in misc_ce and misc_de directory, we need to ensure they exist
on adopted storage mounted at /mnt/expand/<volume-uuid>.

This CL creates `/mnt/expand/<volume-uuid>/misc_{ce,de}` directories
when disk is mouted and then when user storage is prepared, the sdk root
directory is created.

By having these directories, we can now move the sdk data to other
volume when app data is moved.

Bug: b/222034645
Test: atest SdkSandboxStorageHostTest (see ag/17120883)
Ignore-AOSP-First: End to end test added which exists in internal branch
    only. Will cherry-pick this CL to aosp standalone once it is safely
    merged to internal branch.
Change-Id: I0e73d9ce105abec4b77c378cde58aa7365258f01
2022-03-08 10:37:31 +00:00
Nikita Ioffe
bad7cd0fd7 Rename SupplementalProcess to SdkSandbox
Ignore-AOSP-First: code not in AOSP yet
Bug: 220320098
Test: presubmit
Change-Id: I727342675f6817d4dced431b4ef57e909c02eb5a
2022-02-21 19:03:26 +00:00
Samiul Islam
0cf90d7ca0 Create root directory for supplemental data during user creation
In order to store supplemental data for apps, we want to create a root
directory at location `/data/misc_ce/<user-id>/supplmental` and
`/data/misc_de/<user-id>supplemental`. These directories will then host
supplemental data for each app based on package name, e.g,
`/data/misc_ce/0/supplemental/<app-name>`.

Since these are sub-directories of misc directory, vold should prepare
them for consistency.

Bug: 217543371
Test: atest SupplementalProcessStorageHostTest
Test: see ag/16681989
Ignore-AOSP-First: Feature is being developed in internal branch
Change-Id: I66ef7a7241c9f82cecedaeb6c9a91f127668300a
2022-02-14 11:04:47 +00:00
Tianjie
b2ee9e0771 Delete the checkin directory with the wrong context
http://aosp/1845900 creates the directory with the wrong permission
and context. And when we attempt to fix it in http://aosp/1860276, the
device would fail to boot if the device is already on the bad build.

As a temporarily fix, already delete that checkin directory in vold. And
we can revert the deletion when the droidfood daily polulation gets out
of the bad state.

Bug: 203742483
Test: Update from TP1A.211016.001 and make sure the boot doesn't fail
Change-Id: Iec74528c1fe0e5876acc601e5cd008f99852d269
2021-10-22 18:28:29 +00:00
Tianjie
62487c92ba Correct the permission of checkin dir
Gmscore runs in cache group, so set the own:group of the checkin
directory to system:cache to align with other use cases. Because we
want proper user separation when accessing the dir, also provide
user id to set the correct selinux mls_level.

Bug: 197636740
Test: check selinux label, make sure checkin can access the directory.
Change-Id: Id47a2a30a2f37c204ef72a81ac2aebe4ee3a37b0
2021-10-16 13:24:01 -07:00
Tianjie
570f0585b9 Create the checkin subdirectory under misc_ce
We need some storage on the device to backup the token for checkin
services. So users won't lose the checkin tokens when they clear
the app's storage. If the device accidentally loses the
token without backup, it won't be able to checkin again until
factory reset.

Because we want the token to be user specific, put it under misc_ce
and let vold create the sub-directory.

Bug: 197636740
Test: boot device, check selinux label of the dir
Change-Id: I0e19dcb7f4feb98fd9d1013cfd84b56ff1325373
2021-10-05 22:17:22 -07:00
Alan Stokes
e0b7f306c1 Remove ro.vold.level_from_user.
This is on everywhere, we no longer have any need for it.

Fix: 171462631
Test: Presubmits
Change-Id: I240361619acafeee6cac383037887e15a46c0c38
2021-01-05 09:49:24 +00:00
Alan Stokes
be3db7b7ae Enable vold to set level from user.
We want various per-user directories to have their SELinux MLS level
set to restrict access from other users, as an improvement to user
isolation.

We extend vold_prepare_subdirs to implement this if a flag is
set. vold itself then sets the flag based on a new property,
ro.vold.level_from_user. This is to allow testing of further
incremental work to ensure system apps correctly handle the new
restriction on different devices rather than causing immediate
breakage. Eventually this will go away and the restriction will apply
everywhere.

Bug: 141677108
Test: Manual, with and without propery set.
Change-Id: I8e2207bd94b487bdcc09fd4d80b031027dfea1e3
2020-10-02 14:49:25 +01:00
Oli Lan
e1b3f5cd2d Allow search permission on apex data directories.
This gives x permission to all on the parent apex data directory
so that the data directories can be accessed by modules.

Bug: 147848983
Test: Build & flash, check permissions are correct
Change-Id: I1bbf480cbf9f9e758353237e333317516ad375ee
2020-01-17 11:37:31 +00:00
Oli Lan
9cfc404c2d Change ownership of apex data directories to root.
The apex data directories must be accessed by apexd in order for it to
perform snapshot and restore as part of the rollback process. As apexd
runs as root, this CL changes the apex data directories under misc_[ce|de]
to be owned by root.

Bug: 141148175
Test: Build and flash; check permissions are set correctly.
Change-Id: Icf2059cc9448364f834eef7892914a99883746a1
2020-01-17 11:11:06 +00:00
Oli Lan
ac003c4955 Create directories for snapshots of DE_n and CE_n apex data.
This creates apexrollback directories under /data/misc_[de|ce]/<user>
which will hold snapshots of DE_n and CE_n apex data directories
(i.e. it will hold backups of data from /data/misc_[de|ce]/<user>/apexdata
for particular apexes).

See go/apex-data-directories for details.

Bug: 141148175
Test: Built and flashed, checked directory was created.
Change-Id: I468060b20dee0c50033b5f014ce8716582d5e6bc
2019-12-04 10:29:50 +00:00
Oli Lan
94457217cb Create DE_n and CE_n APEX data directories.
This creates an apexdata directory under /data/misc_de/<user> and
/data/misc_ce/<user>, and also creates a directory under that for
every APEX that is installed.

See go/apex-data-directories.

APEXes are discovered by scanning the /apex directory. It may be better
to delegate this process to a library, but it is proposed to defer that
change to a future CL.

Bug: 141148175
Test: Built and flashed, checked directories were created.
Change-Id: I95a060b4f42241c91da25a779e61a8f85ca1914c
2019-11-21 14:07:18 +00:00
Paul Crowley
b409ade4d7 Create /data/vendor_ce/0/facedata in vold_prepare_subdirs
Bug: 131084614
Test: Modified sepolicy to match, ensured directory was created on
    Crosshatch

Change-Id: I0978a630149158eb3b8f446abecb12e137e6fae5
2019-04-25 19:27:26 +00:00
Annie Meng
89fd2f0d39 Merge "Create subdirs in system_ce/ for multi-user backup" am: 625203444b am: 33a5634374
am: 2506860cfb

Change-Id: I116438108a176deb90eaf724ac8ddd66d597a129
2019-01-17 09:26:04 -08:00
Annie Meng
66176c55e9 Create subdirs in system_ce/ for multi-user backup
Backup system service bookkeeping is being moved to per-user CE
directories to support multiple users participating in the service.

Accompanies SELinux changes at aosp/873133

Bug: 121197420
Test: 1) Boot device; check dirs created with correct label; run backup
successfully on system user
2) Create secondary user; check dirs created with correct label; run
backup successfully

Change-Id: I3a0fdbfcf18a3c242fc64fba0dd014160b50b2f0
2019-01-17 12:53:16 +00:00
Annie Meng
5b43da67fa Merge "vold_prepare_subdirs: prepare /data/misc_[ce|de]/rollback." am: 3cc1866454 am: 2cc1d4e458
am: 142afc926f

Change-Id: Iddeb8e2722162edcd5929a9e9684d3c7fcfcd0ba
2019-01-17 03:20:35 -08:00
Narayan Kamath
a232fd7fc8 vold_prepare_subdirs: prepare /data/misc_[ce|de]/rollback.
These directories are managed by installd and used to store
snapshots of application data directories in order to roll them
back in the case of bad updates.

Bug: 112431924
Test: make, device boot & manual verification.

Change-Id: Ieaca697a45d013937327e0f16f36b9b1eaad6b22
2019-01-16 15:16:51 +00:00
Kevin Chyn
cdd4228eeb Revert "Revert "Revert "Revert "vold now prepares a subdirectory for face data.""""
Bug: 116528212

This reverts commit 8973e2d5d0.

Reason for revert: Will submit after selinux issues are resolved

Change-Id: Ie2df91b33be70629e8c08fdbcc6e7ad0faea13a9
2018-11-20 20:23:43 +00:00
Nick Kralevich
8973e2d5d0 Revert "Revert "Revert "vold now prepares a subdirectory for face data."""
This reverts commit 9dcf54929f.

Reason for revert: Device fails to boot after OTA.

Bug: 116528212
Bug: 119747564
Change-Id: I32bfbc2c2fd560f090e078426315111f241e76cf
2018-11-19 18:47:47 +00:00
Kevin Chyn
9dcf54929f Revert "Revert "vold now prepares a subdirectory for face data.""
This reverts commit a70d237a05.

Reason for revert: Submitting together or after SELinux policy is in place

Change-Id: I952f94df99496ced04adba1ec28d42be53202982
2018-11-15 23:08:14 +00:00
Kevin Chyn
a70d237a05 Revert "vold now prepares a subdirectory for face data."
This reverts commit 21b3b37af3.

Reason for revert: device not booting

Change-Id: Ia76b8454268d70dcd9d9f1ad0d291aaec63b3fd4
2018-11-15 22:46:35 +00:00
Zachary Iqbal
21b3b37af3 vold now prepares a subdirectory for face data.
Change-Id: I32ec05942aac03b95b2abe5d042833197d69706b
Fixes: 116528212
Test: Built and tested locally.
2018-11-08 22:10:05 -08:00
Roman Kiryanov
bda3032fcc Do not crash if secontext is nullptr
LOG(DEBUG) tries to print a string pointed by secontext.get() but
crashed if it was nullptr.

Bug: 111888637
Test: "make -j50" and ran emulator
Change-Id: Iac78f650e7f48781030dc610f7d35cd52c250802
Merged-In: Iac78f650e7f48781030dc610f7d35cd52c250802
Signed-off-by: Roman Kiryanov <rkir@google.com>
2018-09-17 16:15:33 -07:00
Roman Kiryanov
f101236657 Do not crash if secontext is nullptr
LOG(DEBUG) tries to print a string pointed by secontext.get() but
crashed if it was nullptr.

Bug: 111888637
Test: "make -j50" and ran emulator
Change-Id: Iac78f650e7f48781030dc610f7d35cd52c250802
Signed-off-by: Roman Kiryanov <rkir@google.com>
2018-07-26 13:41:14 -07:00
Andreas Huber
71cd43f434 Fingerprint data is now stored in one of two ways depending on the
shipping API version:

For devices shipped before Android P nothing changes, data
is stored under /data/system/users/<user-id>/fpdata/...

Devices shipped from now on will instead store
fingerprint data under /data/vendor_de/<user-id>/fpdata.

Support for /data/vendor_de and /data/vendor_ce has been added to vold.

Bug: 36997597
Change-Id: I615e90d1c9ab08e768a8713968fa043598a0a526
Test: manually
2018-01-23 14:34:55 -08:00
Jin Qian
f39614449d Create subdirectories in misc_ce/misc_de for storaged
Test: Boot device, check directories created
Bug: 63740245
Change-Id: Ie3f593e2cceb99ea7e86614d6b0d7b34f8c7034c
2017-10-24 17:26:44 -07:00
Paul Crowley
82b41ff837 Convert vold_prepare_subdirs to C++
Minimize overhead in boot by replacing shell script invoked multiple
times with a C++ program invoked once.

Bug: 67901036
Test: create user, run adb shell ls -laZ /data/misc_ce/10; delete user
    and check logs.
Change-Id: I886cfd6505cca1f5b5902f2071e13f48e612214d
2017-10-24 15:26:58 -07:00