Commit graph

3147 commits

Author SHA1 Message Date
Treehugger Robot
8cfb530357 Merge "vold: Support Storage keys for FBE" 2020-02-12 23:32:29 +00:00
Barani Muthukumaran
3dfb094cb2 vold: Support Storage keys for FBE
To prevent keys from being compromised if an attacker
acquires read access to kernel memory, some inline
encryption hardware supports protecting the keys in
hardware without software having access to or the
ability to set the plaintext keys.  Instead, software
only sees "wrapped keys", which may differ on every boot.

'wrappedkey_v0' fileencryption flag is used to denote
that the device supports inline encryption hardware that
supports this feature. On such devices keymaster is used
to generate keys with STORAGE_KEY tag and export a
per-boot ephemerally wrapped storage key to install it in
the kernel.

The wrapped key framework in the linux kernel ensures the
wrapped key is provided to the inline encryption hardware
where it is unwrapped and the file contents key is derived
to encrypt contents without revealing the plaintext key in
the clear.

Test: FBE validation with Fscrypt v2 + inline crypt + wrapped
key changes kernel.

Bug: 147733587

Change-Id: I1f0de61b56534ec1df9baef075acb74bacd00758
2020-02-12 14:26:26 -08:00
Treehugger Robot
68b9fb10ae Merge "Have vold inform keymaster that early boot ended" 2020-02-12 04:07:43 +00:00
Treehugger Robot
6c5f302a90 Merge "Update vold to use KM4.1" 2020-02-12 00:56:18 +00:00
Shawn Willden
2b1ff5aaab Have vold inform keymaster that early boot ended
Just before mounting partition(s) not verified by verified boot, vold
should notify keymaster that early boot has ended so it won't allow
EARLY_BOOT_ONLY keys to be created or used.

Test: VtsHalKeymasterV4_1TargetTest
Change-Id: I74ffec8d5b33f01e62f845a8fc824b3a3cad50f3
Merged-In: I74ffec8d5b33f01e62f845a8fc824b3a3cad50f3
2020-02-11 15:51:04 -07:00
Shawn Willden
35f0f22c9b Update vold to use KM4.1
This CL updates vold to use the Keymaster 4.1 interface, but does not
yet call any of the new methods.

Test: Boot the device
Change-Id: I4574a2f6eead3b71d1e89488b496b734694620c7
Merged-In: I4574a2f6eead3b71d1e89488b496b734694620c7
2020-02-11 15:51:04 -07:00
Paul Crowley
80731b0975 Merge "Use std::string to return crypto device, not char *" 2020-02-11 00:37:26 +00:00
Treehugger Robot
98c501d28e Merge "Refactor: make cryptfs.h smaller" 2020-02-08 01:34:29 +00:00
Paul Crowley
81796e9dce Use std::string to return crypto device, not char *
Bug: 147814592
Test: can create private volume on Cuttlefish
Change-Id: Ic2bca81c0f0319e1b988e9204a2f4e91af57d157
2020-02-07 11:27:49 -08:00
Paul Crowley
73be12dcd5 Refactor: make cryptfs.h smaller
Move most of it into cryptfs.cpp, and include cryptfs.h in fewer files.

Bug: 147814592
Test: Treehugger
Change-Id: Ia3592d73e7abc1f07a60538e0978a3033bdea7de
2020-02-07 11:16:12 -08:00
Treehugger Robot
f60e947438 Merge changes from topics "dm-default-key-v2", "metadata_cipher"
* changes:
  Set metadata cipher in fstab
  Add support for v2 of dm-default-key
2020-02-01 16:12:30 +00:00
Paul Crowley
a7463139cd Merge "Rename key_dir to metadata_key_dir and refactor" 2020-01-31 21:49:13 +00:00
Paul Crowley
84e84c5f33 Set metadata cipher in fstab
Bug: 147814592
Test: Cuttlefish can use adiantum
Change-Id: I6805ae4acff4dd1ff7cecff9153dbf29e0274165
2020-01-30 17:20:27 -08:00
Paul Crowley
92a14b6b16 Add support for v2 of dm-default-key
Version 2 of dm-default-key has an extra parameter and always sets the
DUN.

Bug: 147814592
Test: Cuttlefish boots with keydirectory flag
Test: Crosshatch formatted before this change boots after it
Change-Id: I59081e385324d2e34a5f252286a97938d6ffb79b
2020-01-30 17:20:27 -08:00
Paul Crowley
c9b92f0c17 Rename key_dir to metadata_key_dir and refactor
Bug: 147814592
Test: Crosshatch boots
Change-Id: I9fce0ea5da9c81c2e4e9cf97b75c1cba821adf9e
2020-01-30 16:02:37 -08:00
Paul Crowley
fda79ddd82 Merge "Refactor to use EncryptionPolicy everywhere we used to use raw_ref" 2020-01-29 00:18:44 +00:00
Paul Crowley
77df7f207d Refactor to use EncryptionPolicy everywhere we used to use raw_ref
Test: Boots, no bad log messages: Cuttlefish with v2 policies, Taimen
Bug: 147733587
Change-Id: Ice4acac3236b6b7d90e60a2f57b46814aa1949f5
2020-01-28 11:17:58 -08:00
Paul Crowley
432ca5af06 Merge "vold: Do not cache CE keys in vold" 2020-01-24 17:02:49 +00:00
Daniel Rosenberg
f66ed18972 Merge "Add support for casefolding and project quotas" 2020-01-24 02:11:30 +00:00
Barani Muthukumaran
b1927c2a0a vold: Do not cache CE keys in vold
CE keys were cached in vold to support untrusted reset
by a device admin, this is now supported by Locksettingservice
using synthetic password. This change requires a secret to be
provided to retrieve the CE key and re-wrap without the secret
when user removes the credential.

Test: Set credential, remove credential, swipe to none
and vice-versa.
Bug: 26948053
Merged-In: I4cb1c035a472477e70c1ff5bf0b2c3fcfad495e5
Change-Id: I4cb1c035a472477e70c1ff5bf0b2c3fcfad495e5
2020-01-24 00:20:22 +00:00
Treehugger Robot
aa038e2f4d Merge "Fixed a wrong AIDL import path" 2020-01-23 00:57:58 +00:00
Jiyong Park
50c3ab6ac1 Fixed a wrong AIDL import path
AIDL import path should point to a root directory where relative path to
an AIDL file encodes the fully qualified name of the type in the file.

Since libvold_binder imports types like
android.os.incremental.IncrementalFileSystemControlParcel which are
under frameworks/base/core/java, the import path should set to the path,
not to the sub directory that directly has the AIDL files.

Bug: 147918827
Test: m
Change-Id: Ic4941578813eced5a7eb59a0656c10b76e902515
2020-01-20 12:37:52 +09:00
Oli Lan
701a99834f Merge changes I1bbf480c,Icf2059cc
* changes:
  Allow search permission on apex data directories.
  Change ownership of apex data directories to root.
2020-01-17 17:20:36 +00:00
Oli Lan
e1b3f5cd2d Allow search permission on apex data directories.
This gives x permission to all on the parent apex data directory
so that the data directories can be accessed by modules.

Bug: 147848983
Test: Build & flash, check permissions are correct
Change-Id: I1bbf480cbf9f9e758353237e333317516ad375ee
2020-01-17 11:37:31 +00:00
Oli Lan
9cfc404c2d Change ownership of apex data directories to root.
The apex data directories must be accessed by apexd in order for it to
perform snapshot and restore as part of the rollback process. As apexd
runs as root, this CL changes the apex data directories under misc_[ce|de]
to be owned by root.

Bug: 141148175
Test: Build and flash; check permissions are set correctly.
Change-Id: Icf2059cc9448364f834eef7892914a99883746a1
2020-01-17 11:11:06 +00:00
Daniel Rosenberg
477f3e5f4a Add support for casefolding and project quotas
This enables ext4 casefolding and project quotas for adopted storage
cards.

Test: Enable virtual sdcard, adopt, check options on formatted disk
Bug: 138321217
Bug: 138322712
Change-Id: I99c09283cd78c30237cf18ad9ae9384ba0c05396
2020-01-14 18:11:56 -08:00
Treehugger Robot
6492a6abf6 Merge "Fix the overflow issue in Checkpoint" 2020-01-14 20:47:23 +00:00
Qilin Tan
5d0aaaf8e0 Fix the overflow issue in Checkpoint
When the partition is f2fs and the OS is 32bit, the data.f_bavail and
data.f_frsize are 32 bits in size. The product of them is also 32 bits
in size. If the available size of storage is greater than 4G, the
product may be greater than the unsigned long max value. If the product
is overflow and less than 100M. The UDC feature will be disabled.

There is also an overflow for std::strtoul when the variable content
is a very big number(more the unsigned long max value).

To avoid the overflow:
1. convert the variable data.f_bavvail to uint64_t and then compute the
multiplication.
2. use std::strtoull replace to std::strtoul.

Bug: 147118861
Change-Id: I60172ae4cb7c997e2ad4a36583be74736c25e565
2020-01-03 08:12:03 +00:00
Treehugger Robot
f9510e3262 Merge "Consistently use CLOCK_MONOTONIC for timing encryption" 2019-12-27 01:51:56 +00:00
Denis Hsu
1740effeaa Consistently use CLOCK_MONOTONIC for timing encryption
time_started in encryptGroupsData is set from and compared to
clock_gettime(CLOCK_MONOTONIC, ...) nearly everywhere: "Clock that
cannot be set and represents monotonic time since some unspecified
starting point". However in cryptfs_enable_inplace_f2fs() it is set
from a different clock, time(NULL), with the result that the setprop
calls that indicate progress are wrong and can be called much too
often. The fix is to make this function consistent with
cryptfs_enable_inplace_ext4.

Bug: 146877356
Change-Id: I2707180e5c5bf723a5a880f6a3aac47f2bb34ccd
2019-12-26 18:53:53 +00:00
Eric Biggers
180b1a7f89 Merge "Clean up providing key via old API" 2019-12-18 19:13:28 +00:00
Eric Biggers
506342fb37 Clean up providing key via old API
- Use FSCRYPT_MAX_KEY_SIZE from <linux/fscrypt.h> instead of manually
  defining FS_AES_256_XTS_KEY_SIZE.  These have the same numeric value
  (64), but the former is supposed to be used, and AES-256-XTS isn't
  necessarily the encryption algorithm that is being used anyway.

- Use the new name FSCRYPT_KEY_DESCRIPTOR_SIZE instead of the old name
  FS_KEY_DESCRIPTOR_SIZE.  These have the same numeric value (8).

- Don't try to handle sizeof(fscrypt_key::raw) > FSCRYPT_MAX_KEY_SIZE,
  as this simply isn't the case.

- Set fscrypt_key::mode to 0 rather than FS_ENCRYPTION_MODE_AES_256_XTS.
  This field has always been ignored by the kernel, and AES-256-XTS
  isn't necessarily the encryption algorithm that is being used anyway.

- Initialize the fields of fscrypt_key in order.

This is a cleanup only.

Test: booted hikey with fileencryption=aes-256-xts and a kernel that
      doesn't support the new fscrypt ioctls.
Bug: none
Change-Id: Ie2a7e9240aa479dfab2765c11db8a7124d20c643
2019-12-17 13:48:25 -08:00
Eric Biggers
1d3cd24c4e Merge "Use <linux/fscrypt.h> from Bionic" 2019-12-17 17:35:03 +00:00
Eric Biggers
3e9c996ab0 Use <linux/fscrypt.h> from Bionic
aosp/1184798 has updated the kernel headers to 5.4, so we no longer need
the file fscrypt_uapi.h.  In KeyUtil.cpp we also now don't need
<linux/fs.h>, but rather just the more specific <linux/fscrypt.h>.

Test: build
Bug: None
Change-Id: I56d17826eb7c3b95c74ce0435a4feae7f3cc325e
2019-12-16 16:19:44 -08:00
Nikita Ioffe
69199c70ec Merge "Allow fscrypt_mount_metadata_encrypted to be called more than once" 2019-12-11 18:40:21 +00:00
Tianjie Xu
3fc3d75eb0 Merge "Clear the warm_reset flag after boot is successful" 2019-12-10 18:28:26 +00:00
Oli Lan
3e1c0478b9 Merge changes from topics "createapexdirs", "createapexrollbackdirs"
* changes:
  Create directories for snapshots of DE_n and CE_n apex data.
  Create DE_n and CE_n APEX data directories.
2019-12-10 12:54:43 +00:00
Nikita Ioffe
f850e6e564 Allow fscrypt_mount_metadata_encrypted to be called more than once
In case of userspace reboot, this function will be called again to
remount userdata into checkpoint mode.

Test: adb shell setprop sys.init.userdata_remount.force_umount_f2fs 1
Test: adb shell /system/bin/vdc checkpoint startCheckpoint 1
Test: adb reboot userspace
Test: adb shell dumpsys activity
Bug: 135984674
Bug: 143970043
Change-Id: I300b1960a6c4e95b13c43d806c4f3a9e4a612ac4
2019-12-09 21:19:11 +00:00
Songchun Fan
6bdfb77d8b Merge "[incremental] use vold to mount/unmount IncrementalFileSystem" 2019-12-06 06:45:37 +00:00
Songchun Fan
ab55cecdc1 [incremental] use vold to mount/unmount IncrementalFileSystem
Let vold mount IncFs onto directories under data and open control files.

Test: builds
Change-Id: Ibd96aae254b4fefaf56c9d549c4672a987c46221
2019-12-04 14:01:22 -08:00
Nikita Ioffe
d21a8a495d Merge "Add '/system/bin/vdc volume reset' command" 2019-12-04 19:22:50 +00:00
Oli Lan
ac003c4955 Create directories for snapshots of DE_n and CE_n apex data.
This creates apexrollback directories under /data/misc_[de|ce]/<user>
which will hold snapshots of DE_n and CE_n apex data directories
(i.e. it will hold backups of data from /data/misc_[de|ce]/<user>/apexdata
for particular apexes).

See go/apex-data-directories for details.

Bug: 141148175
Test: Built and flashed, checked directory was created.
Change-Id: I468060b20dee0c50033b5f014ce8716582d5e6bc
2019-12-04 10:29:50 +00:00
Nikita Ioffe
7596581e9f Add '/system/bin/vdc volume reset' command
It will be used during the userspace reboot to unmount all emulated
storages, which is a prerequisite to unmount+remount ext4 userdata into
checkpoint mode.

Test: adb shell /system/bin/vdc checkpoint startCheckpoint 1
Test: adb reboot userspace
Bug: 143970043
Bug: 135984674
Change-Id: I07491bc4be2f30debe21b764766c9def68548e16
2019-12-02 11:51:20 +00:00
Oli Lan
94457217cb Create DE_n and CE_n APEX data directories.
This creates an apexdata directory under /data/misc_de/<user> and
/data/misc_ce/<user>, and also creates a directory under that for
every APEX that is installed.

See go/apex-data-directories.

APEXes are discovered by scanning the /apex directory. It may be better
to delegate this process to a library, but it is proposed to defer that
change to a future CL.

Bug: 141148175
Test: Built and flashed, checked directories were created.
Change-Id: I95a060b4f42241c91da25a779e61a8f85ca1914c
2019-11-21 14:07:18 +00:00
Janis Danisevskis
9f5f518c19 Merge "Removed obsolete Test"
am: 6e3441a8ea

Change-Id: I392f1737c5dfa6e7aee78c7b1af1b016f6f102e9
2019-11-18 16:22:14 -08:00
Treehugger Robot
6e3441a8ea Merge "Removed obsolete Test" 2019-11-19 00:11:11 +00:00
Janis Danisevskis
8c4eb2c2c0 Removed obsolete Test
The HidlizationEquivalenceTest was used to make sure the same key is
computed by the scrypt algorithm regardless of whether the old
(<= KM2 HAL pre treble) or the new (>= KM3.0 treble) HAL was used.
Since the treble is now the default, and old HAL don't even exist on
new devices, we should call the migration a success and drop this test
altogether.

Test: Removed obsolete Code
Bug: 68197448
Change-Id: If10c79bafac4d0c8268675cbb8e1c4b46974aab5
2019-11-18 22:53:30 +00:00
Tianjie Xu
09de0ff8d6 Clear the warm_reset flag after boot is successful
The property is set to inform kernel to do a warm_reset on the next
reboot. This is useful to persist the logs to debug device boot
failures. After the slot has been marked as boot successful, we can drop
the warm_reset flag to avoid the performance overhead on the next
reboot.

Bug: 143489994
Test: check the property is set to 0 by vold
Change-Id: If7c922f40bcf9a6f7894af0a334ab23d88d40d17
2019-11-15 14:06:02 -08:00
Zimuzo Ezeozue
e8db702702 Merge "Add zezeozue to OWNERS"
am: f9972055f5

Change-Id: I45c211d810f1a15e0b5a1f4decc33a0eece8dafd
2019-11-15 08:25:56 -08:00
Zimuzo Ezeozue
f9972055f5 Merge "Add zezeozue to OWNERS" 2019-11-15 16:06:59 +00:00