Commit graph

2294 commits

Author SHA1 Message Date
Greg Kaiser
8ae16db72a vold: Pass std::string by const reference
In a couple places, we change to pass a std::string argument
instead of by copy.

Test: TreeHugger
Change-Id: Ib179299a2322fcbab4e6d192051218823ad66a36
2018-12-20 10:38:31 -08:00
Greg Kaiser
ef9abab5ee vold: const-ify some of the API
We make some of the C++ member functions 'const', to reflect how
they (don't) affect the state of the class.

Test: TreeHugger
Change-Id: Iec1c2801bfe721e2741406ed1ac0ef95662840a6
Merged-In: Iec1c2801bfe721e2741406ed1ac0ef95662840a6
2018-12-20 10:38:15 -08:00
Treehugger Robot
03d3856c90 Merge changes from topic "checkpoint-enable"
* changes:
  Add Support for metadata key with rollback
  Add property for checkpointing
2018-12-15 04:39:51 +00:00
Daniel Rosenberg
690d6de5bf Add Support for metadata key with rollback
This adds the ability to upgrade a key and retain the
old one for rollback purposes. We delete the old key
if we boot successfully and delete the new key if we
do not.

Test: Enable checkpointing and test rolling back
      between two versions
Bug: 111020314

Change-Id: I19f31a1ac06a811c0644fc956e61b5ca84e7241a
2018-12-14 14:55:28 -08:00
Daniel Rosenberg
ffa1bb0370 Add property for checkpointing
We set a property when we commit a chackpoint to signal
to anyone who wants to do post commit cleanup.

Test: Boot to homescreen and check getprop for vold.checkpoint_committed
Bug: 111020314
Change-Id: Idf35e3abf9d24eb40c6926a30a8403064c05e10a
2018-12-14 14:55:16 -08:00
Greg Kaiser
7adca74263 Merge changes from topic "userspace_adiantum_support"
* changes:
  cryptfs: Allow setting dm-crypt sector size
  cryptfs: Add Adiantum support
2018-12-12 04:59:25 +00:00
Greg Kaiser
ab1e84ad5f cryptfs: Allow setting dm-crypt sector size
We add the property ro.crypto.fde_sector_size to allow devices
to pass the "sector_size:<size>" argument to dm-crypt in the kernel.
We also pass "iv_large_sectors" when setting the sector size.

Using 4096-byte sectors rather than the default of 512 improves
dm-crypt performance, especially when the Adiantum encryption mode
is used.

Bug: 112010205
Test: Run on a device
Change-Id: I144ec7088a0aad3430369dc7158370d7ff3ef5d2
2018-12-11 17:22:00 -08:00
Greg Kaiser
8cb4c9ff78 cryptfs: Add Adiantum support
Adiantum is a crypto method Android is supporting for devices
which don't have AES CPU instructions.  See the paper
"Adiantum: length-preserving encryption for entry-level processors"
(https://eprint.iacr.org/2018/720.pdf) for more details.

We add Adiantum to our list of supported crypto types.

Bug: 112010205
Test: Tested on a device
Change-Id: Ic190a9b90fc8bc077fdc7d60c9d5ae8d8f555025
2018-12-11 15:41:17 -08:00
Treehugger Robot
595172d1e6 Merge "DO NOT MERGE" 2018-12-10 17:20:41 +00:00
Treehugger Robot
b1166633b6 Merge "Check for errors in dup2" 2018-12-08 02:03:37 +00:00
Xin Li
e6ba0cc34a DO NOT MERGE
Merge pie-platform-release (PPRL.181205.001, history only) into master

Bug: 120502534
Change-Id: I087ef5ac78dc1c42448b7c8d50864a412afd3154
2018-12-07 16:14:54 -08:00
Paul Crowley
be857bfd9b Check for errors in dup2
Bug: 26735063
Test: adb shell sm partition disk:7,3 private && adb logcat -d
Change-Id: I3aa8d1f6183dd5e77f54f422482a54ea8197d768
2018-12-07 12:23:25 -08:00
Treehugger Robot
b46a2f7dea Merge "Fix signedness mismatch and integer underflow" 2018-12-07 11:05:17 +00:00
Paul Crowley
53b0d95903 Merge "Do lazy-unmount to /storage directly" 2018-12-07 06:35:48 +00:00
Treehugger Robot
a33b765ca0 Merge "Clean up use of pipe" 2018-12-07 00:10:45 +00:00
LongPing.WEI
4df104f335 Do lazy-unmount to /storage directly
From man 2 umount:
MNT_DETACH (since Linux 2.4.11)

Perform a lazy unmount: make the mount point unavailable for new
accesses, immediately disconnect the filesystem and all filesystems
mounted below it from each other and from the mount table, and
actually perform the unmount when the mount point ceases to be busy.

So we don't need to unmount the filesystems under it one by one.

Bug: 113796163
Test: atest android.appsecurity.cts.PermissionsHostTest#testInteractiveGrant23
Change-Id: I6a0422466a9865ff6d17122505ca73d041de9d54
2018-12-06 15:56:05 -08:00
Rubin Xu
f83cc61c1f Fix signedness mismatch and integer underflow
persist_get_max_entries() is supposed to return an unsigned integer as the
maximum number of entries but it also wrongly returns "-1" as an error
condition. Also fix an issue where an unsigned subtraction in this routine
could lead to integer underflow.

Bug: 112731440
Test: manual
Change-Id: I9672e39bef2c12156dda7806a08c52044962c178
2018-12-06 14:17:48 -08:00
Paul Crowley
e6d7663889 Clean up use of pipe
Don't duplicate what's already in unique_fd.h
Also, code that tries to handle weird stdout condition won't work
because of cloexec; just don't try that.

My tests:
- Ensure Marlin device boots and vold_prepare_subdirs is called
successfully
- Try adb shell sm set-virtual-disk true, see that eg sgdisk output is
logged.

Bug: 26735063
Bug: 113796163
Test: details in commit
Change-Id: I5698ba0b4c8bd692a740a1bd445e677ad4815d11
2018-12-06 14:02:30 -08:00
Paul Crowley
6aaedb0dca Merge "Refactor ForkExecvp to improve locking behaviour" 2018-12-06 20:03:31 +00:00
Paul Crowley
de2d6201ab Refactor ForkExecvp to improve locking behaviour
Do our own fork/exec rather than using a library. This leads to
many improvements:

- unite the output recording path with the other path
- never concatenate arguments with spaces
- never use the shell
- move setexeccon after fork, so we don't need to take the lock
- general code refactor while we're there

My tests:
- Ensure Marlin device boots and vold_prepare_subdirs is called
successfully
- Try adb shell sm set-virtual-disk true, see that eg sgdisk output is
logged.

weilongping@huawei.com's tests:
- unlock a user's de and ce directory;
- connect to a OTG storage device or a sdcard and ensure the mount logic be successful

Bug: 26735063
Bug: 113796163
Test: details in commit
Change-Id: I0976413529d7cbeebf5b8649660a385f9b036f04
2018-12-06 09:37:02 -08:00
Xin Li
80647cf607 Merge "Merge pie-platform-release (PPRL.181105.017, history only) into master" 2018-12-04 22:09:27 +00:00
Bill Rassieur
d9aa87ecee Merge PQ1A.181205.006 from Pi-QPR1-Release into ToT for Pi-Platform release.\n\nBUG: 120448245
Change-Id: I65b3aa4e1ad1d95464f0b4cd1af211be4fb1ddbc
2018-12-04 17:00:13 +00:00
Andrey Kulikov
cac8b13023 Merge "Remove dependency on libparcelfiledescriptor" 2018-12-04 12:28:53 +00:00
Michael Wright
ad232d6f84 Remove dependency on libparcelfiledescriptor
This library doesn't actually exist outside of ARC specific branches,
so it will break any ARC product builds.

Test: None
Change-Id: Ic73f470c93ea7d3590dc2b273624988291612344
2018-12-04 12:22:47 +00:00
Xin Li
925b0cf764 Merge pie-platform-release (PPRL.181105.017, history only) into master
Bug: 118454372
Change-Id: Ibc7ddf231ff61272439b9a621490acaff27ce563
2018-12-03 15:33:24 -08:00
Treehugger Robot
e7a9d5fbbd Merge "ARC++ swap for AppFuseUtil" 2018-12-01 07:22:19 +00:00
Treehugger Robot
13755d81be Merge "Includes new static libfs_avb" 2018-11-30 06:59:38 +00:00
Treehugger Robot
7be8a7ee1d Merge "Extract AppFuse as a util" 2018-11-30 05:05:10 +00:00
Bowgo Tsai
549fd0e9ae Includes new static libfs_avb
Bug: 112103720
Test: boot crosshatch_mainline-userdebug
Change-Id: If33f6dbf7a31d57f61c0aca0296f2ff06c8b4a86
2018-11-29 22:17:24 +08:00
Bill Yi
e101e8712e Merge pi-qpr1-release PQ1A.181105.017.A1 to pi-platform-release
Change-Id: I090e55f0f34ff556118caaecbb21169580c66ab6
2018-11-28 18:35:05 -08:00
Treehugger Robot
396040ca2c Merge "Use setmntent with "e" option" 2018-11-28 17:49:17 +00:00
LongPing.WEI
4f04606811 Use setmntent with "e" option
Otherwise it will cause selinux warning in children processes sometimes

Change-Id: I41239c3f9779140622076c644a5f63051d00eaa8
2018-11-23 19:27:35 +08:00
Daniel Rosenberg
2a683d4ce6 Merge "Fix error reporting in cp_commitChanges" 2018-11-20 21:58:20 +00:00
Daniel Rosenberg
4b86df1426 Fix error reporting in cp_commitChanges
Only trys to commit if necessary, and reports errors
if commiting fails. RemoveFileIfExists returns true on
success.

Test: vdc checkpoint startCheckpoint, reboot, and then
      vdc checkpoint commitChanges
Bug: 111020314

Change-Id: Ie1b3e49beb3ca04f2881fcc595882c607368b477
2018-11-19 23:47:03 +00:00
Treehugger Robot
622585b11b Merge "Add fsync for renaming user ce key path" 2018-11-15 21:35:25 +00:00
Jie
b6698d56ac Add fsync for renaming user ce key path
Device can't start up after the following steps:
1. set screen lock to PIN/Pattern/Password
2. set screen lock to Swipe/None
3. power down immediately after pressing "YES, REMOVE"
4. reboot

failed log:
Failed to read from /data/misc/vold/user_keys/ce/0/current/keymaster_key_blob

root cause:
flushing data failed because of power down

issue:
https://partnerissuetracker.corp.google.com/u/1/issues/119382750
2018-11-15 06:25:37 +00:00
Risan
dcbd4fcad2 ARC++ swap for AppFuseUtil
Bug: 110379912
Test: Compiled.
Change-Id: Ib7910ba4df6c60d7125a07b07c62612ed4146ddb
Merged-In: Ib7910ba4df6c60d7125a07b07c62612ed4146ddb
2018-11-14 07:28:36 +00:00
Risan
ac02a4863f Extract AppFuse as a util
Bug: 110379912
Test: testOpenProxyFileDescriptor
Change-Id: I0429a498d7b54682efe9b05815f3470e8745609e
2018-11-14 07:28:06 +00:00
Treehugger Robot
b2455747a9 Merge "Change AppFuse mount location to vold namespace" 2018-11-14 07:27:38 +00:00
Risan
5f53cd3b79 Change AppFuse mount location to vold namespace
Previously, AppFuse is mounted in system_server's mount namespace. This
CL moves the mount location to vold namespace.

Bug: 110379912
Test: testOpenProxyFileDescriptor passes
Change-Id: Id93c26d5a98842c78f27850c83e15df619cec1ab
2018-11-13 22:46:23 +00:00
Treehugger Robot
dcbce84fed Merge "StubVolume as first class Volume in Vold" 2018-11-13 19:20:38 +00:00
Risan
8c9f33242f StubVolume as first class Volume in Vold
StubVolume is a Volume that is maintained by external party such as the
ChromeOS processes in ARC++.

Bug: 110380403
Test: Tested on ARC++

Change-Id: I3198bd7283d5f60a524da3707dea7385ffec599d
2018-11-08 07:40:43 +00:00
Treehugger Robot
b3001b9f28 Merge "Wait for dm device to be ready before format" 2018-11-05 22:53:27 +00:00
Paul Crowley
cfe3972f2d Wait for dm device to be ready before format
It can sometimes take a moment for the dm-device to appear after
creation, causing operations on it such as formatting to fail.
Ensure the device exists before create_crypto_blk_dev returns.

Test: adb sm set-virtual-disk true and format as adoptable.
Bug: 117586466
Change-Id: Id8f571b551f50fc759e78d917e4ac3080e926722
Merged-In: Id8f571b551f50fc759e78d917e4ac3080e926722
2018-11-05 13:59:08 -08:00
Eric Biggers
ddbd8325f5 Merge changes from topic "e4crypt_to_fscrypt"
* changes:
  vold: get the fscrypt kernel API declarations from linux/fs.h
  vold: rename from "ext4 encryption" to fscrypt
2018-10-29 17:19:39 +00:00
Eric Biggers
ba997ee583 vold: get the fscrypt kernel API declarations from linux/fs.h
bionic now has linux/fs.h from the 4.14 kernel, which has the fscrypt
kernel API declarations.  Replace the manual declarations in vold,
except for FS_AES_256_XTS_KEY_SIZE which is not available.

Test: built, booted device with f2fs encryption
Change-Id: I6a0e3117eaebe3baac7385421afce2169d46ad55
2018-10-25 17:12:32 -07:00
Eric Biggers
a701c458ca vold: rename from "ext4 encryption" to fscrypt
We support file-based encryption on both ext4 and f2fs now, and the
kernel API is the same.  So rename things appropriately in vold:

    e4crypt => fscrypt
    ext4enc => fscrypt
    Ext4Crypt => FsCrypt
    EXT4_* => FS_*
    ext4_encryption_key => fscrypt_key

Additionally, the common functions shared by 'vold' and 'init' are now
in libfscrypt rather than ext4_utils.  So update vold to link to
libfscrypt and include the renamed headers.

Note: there's a chance of 'fscrypt' being confused with the dm-crypt
based encryption code in vold which is called 'cryptfs'.  However,
fscrypt is the name used in the kernel for ext4/f2fs/ubifs encryption,
and it's preferable to use the same name in userspace.

Test: built, booted device with f2fs encryption
Change-Id: I2a46a49f30d9c0b73d6f6fe09e4a4904d4138ff6
2018-10-25 17:12:32 -07:00
Bill Yi
0016efbc44 Merge pie-platform-release to aosp-master - DO NOT MERGE
Change-Id: I112d144eac39f426e22d3a66e4fe298306010c13
2018-10-24 14:48:22 -07:00
android-build-team Robot
96ac6dd24d Merge cherrypicks of [5317808, 5317809, 5318498, 5317873, 5318338, 5318195, 5318499, 5317874, 5317875, 5317876, 5318243, 5318244, 5318537, 5318538, 5318539, 5318540, 5318541, 5318542, 5318543, 5318544, 5318545, 5318546, 5315210, 5317756, 5318557, 5318558, 5318559, 5318560, 5318561, 5318339, 5318547, 5318548, 5318549, 5318562, 5318563, 5318564, 5318565, 5318566, 5318172, 5318173, 5318174, 5318550, 5318401, 5318196, 5317889, 5318175, 5318176, 5318577, 5318578, 5318579, 5318580, 5318581, 5318503, 5318390, 5318505, 5318341, 5318551] into pi-qpr1-release
Change-Id: Ia6434abde93ea6328659f8f08c3d5dbe4e69291d
2018-10-20 00:21:03 +00:00
Rubin Xu
94b9956824 [DO NOT MERGE] Fix signedness mismatch and integer underflow
persist_get_max_entries() is supposed to return an unsigned integer as the
maximum number of entries but it also wrongly returns "-1" as an error
condition. Also fix an issue where an unsigned subtraction in this routine
could lead to integer underflow.

Bug: 112731440
Test: manual
Change-Id: I9672e39bef2c12156dda7806a08c52044962c178
(cherry picked from commit 19ef1ae99a)
2018-10-20 00:18:34 +00:00