Commit graph

100 commits

Author SHA1 Message Date
Trevor Radcliffe
c6644f9b07 Point directly to generated c sysprop_library
Bug: 226199990
Test: m
Change-Id: Ic24c608eae89b4f2cb6248e14090a3016d542407
2022-08-12 18:26:10 +00:00
Ken Chen
0093f6ae04 Rename fuse_media.o to fuseMedia.o
Underscore character may cause bpf prog/map naming collision. For
example, x.o with map y_z and x_y.o with map z both result in x_y_z
prog/map name, which should be prevented during compile-time.

aosp/2147825 will prohibit underscore character in bpf source name
(source name derives the obj name). Existing bpf modules with underscore
characters in source name need to be updated accordingly.

Bug: 236706995
Test: build
Change-Id: Ie6ea47560b1d44de0a0d9d124e17616fee6b0922
2022-07-12 05:38:39 +00:00
Kelvin Zhang
dec03ab380 Convert vold to new BootControl client
Test: th
Bug: 227536004
Change-Id: Ia2f8b51d6d3175999b2434454f0ee4e14bde934e
2022-06-22 15:14:55 -07:00
Chih-Hung Hsieh
1ab55a5060 Use tidy_checks_as_errors not -warnings-as-errors
The flag -warnings-as-errors embedded in tidy_flags
is difficult to process and error-prone.
They should be replaced with the new tidy_checks_as_errors list.

Bug: 229801437
Test: make tidy-system-vold
Change-Id: I801e73dce5f08fe1ca5bc49de633706ad2cdf986
2022-04-27 15:54:25 -07:00
Alix
347786970f Deleted clang property in Android.bp files
Deleted deprecated clang property in Android.bp files using bpmodify.

Bug: 208980553
Test: treehugger
Change-Id: Ia20c730fefe4ebb2268780260f5756dcf687ccc5
2022-04-18 04:00:10 +00:00
Eric Biggers
4e152c1c1d Stop using -Wno-missing-field-initializers
There aren't actually any instances of this warning, so just stop
disabling this warning.

Change-Id: I3e810ab2b478851e0651e71b9fda109be70c3cc7
2022-03-10 20:19:46 +00:00
Eric Biggers
0d12fd668d Stop using -Wno-unused-variable
This is a useful warning, so remove two unused variables and stop
disabling this warning.

Change-Id: I3efe0b300ea139ea11d645dec6fb2613acc0e51b
2022-03-10 20:17:23 +00:00
Eric Biggers
7e79a43a72 Remove broken code for mounting encrypted OBB files
Mounting encrypted OBB files has never worked reliably across devices,
partly due to its reliance on Twofish encryption support in the kernel.
This is because Twofish support (CONFIG_CRYPTO_TWOFISH) has never been
required or even recommended for Android.  It has never been enabled in
GKI, but even before GKI it wasn't required or recommended.  Moreover,
this is now the only Android feature that still uses dm-crypt
(CONFIG_DM_CRYPT), and some devices don't have that enabled either.

Therefore, it appears that this feature is unused.  That's perhaps not
surprising, considering that the documentation for OBBs
(https://developer.android.com/google/play/expansion-files) says that
they are deprecated, and also it explains OBBs as being app files that
are opaque to the platform; the ability of the platform to mount OBBs
that happen to be in a particular format is never mentioned.  That means
that OBB mounting is probably rarely used even with unencrypted OBBs.
Finally, the usefulness of OBBs having their own encryption layer (in
addition to what the platform already provides via FBE) is not clear
either, especially with such an unusual choice of cipher.

To avoid the confusion that is being caused by having the broken code
for mounting encrypted OBBs still sitting around, let's remove it.

Test: atest StorageManagerTest # on Cuttlefish
Test: atest StorageManagerIntegrationTest # on Cuttlefish
Bug: 216475849
Change-Id: Iaef32cce90f95ea745ba2b143f89e66f533f3479
2022-03-01 21:19:18 +00:00
Treehugger Robot
b9f8c322c7 Merge "Depend on Keystore2 AIDL via default" 2021-12-07 18:08:13 +00:00
David Drysdale
4babbc78d5 Depend on Keystore2 AIDL via default
This allows for easier bumping of the KeyMint/Keystore2 version level.

At the moment this change should have no effect: the same dependency
is used, just reached via a default rather than explicitly.

However, when the Keystore2 version increases in the near future, using
this default should mean that no change is needed here: the default
definition will change to -V2 and this will be referenced here.

Test: TreeHugger
Change-Id: I7cec2cd8fac137e5ac7e95db06e738e94a3cc567
2021-12-01 09:56:48 +00:00
Paul Lawrence
5defbf9607 Add dependency for vold on fuse_media.o
Ensure fuse_media gets included in every build

Bug: 202785178
Test: /system/etc/bpf/fuse_media.o is present

Change-Id: Ic9f88a1905eca66f67b94ce75a04b9b26b6ca7ca
2021-11-16 19:49:44 +00:00
Eric Biggers
d89e239c56 Remove vdc.rc
Now that FDE is no longer supported, the "defaultcrypto" and "encrypt"
events are never triggered.  Therefore, the actions in vdc.rc aren't
needed anymore.

Bug: 191796797
Change-Id: Icdff584ec664b3e038f0accdc826437d261fed51
2021-11-10 14:03:48 -08:00
Eric Biggers
7c111e4529 Remove scrypt-related code
This is no longer used.

Bug: 191796797
Change-Id: I05bc4dc9c25c050ace49606981c4f4db3d76f401
2021-11-10 13:27:53 -08:00
Jiyong Park
973e05938d Remove ndk_platform backend. Use the ndk backend.
The ndk_platform backend will soon be deprecated because the ndk backend
can serve the same purpose. This is to eliminate the confusion about
having two variants (ndk and ndk_platform) for the same 'ndk' backend.

Bug: 161456198
Test: m
Change-Id: I87554ce86da0f862568c5aa84a21e6613655eb25
2021-07-27 12:21:11 +09:00
Sean Keys
8452f41d4a Add command for setting the key binding seed
The seed value is passed to vold early in startup so that the
key-encryption keys are bound to the seed. This is useful for systems
like auto, in which the Android device may not require credentials to
use. In that case, the device should be bound to the rest of the system
(the car, in the case of auto) to guard against theft.

Test: manual
Change-Id: I2e16387b0752a30ef226b5ddf32ebf955aa9610a
2021-07-13 23:41:50 +00:00
Paul Crowley
604abdd0cb Remove wait_for_keymaster and all references
No longer needed now init listens for property changes on a
separate thread.

Bug: 186580823
Test: Cuttlefish boots successfully
Change-Id: I7dd1f85a73df6c2160ef8778703709e90309b9b4
2021-06-15 15:54:51 -07:00
Eric Biggers
d86a8abec7 Replace most references to Keymaster with Keystore
Now that vold uses Keystore2 rather than the Keymaster HAL directly, and
also the new version of Keymaster is called "KeyMint" instead, replace
most of the references to Keymaster in vold with Keystore.

(I decided not to include the "2" in most places, as it seemed
unnecessarily precise in most places, and it would be something that
might need to keep being updated.  Only Keystore.{cpp,h} really need to
care about the version number.)

I didn't rename many things in cryptfs.cpp, as that file will be going
away soon anyway.  I also left "wait_for_keymaster" and "vdc keymaster
earlyBootEnded" as-is for now, as those are referenced outside vold.

Bug: 183669495
Change-Id: I92cd648fae09f8c9769f7cf34dbf6c6e956be4e8
2021-06-15 12:07:15 -07:00
Satya Tangirala
e8de4ffd73 Make vold use keystore2 instead of keymaster
Make vold use keystore2 for all its operations instead of directly using
keymaster. This way, we won't have any clients that bypass keystore2,
and we'll no longer need to reserve a keymaster operation for vold.

Note that we now hardcode "SecurityLevel::TRUSTED_ENVIRONMENT" (TEE)
when talking to Keystore2 since Keystore2 only allows TEE and STRONGBOX.
Keystore2 presents any SOFTWARE implementation as a TEE to callers when
no "real" TEE is present. As far as storage encryption is concerned,
there's no advantage to using a STRONGBOX when a "real" TEE is present,
and a STRONGBOX can't be present if a "real" TEE isn't, so asking
Keystore2 for a TEE is the best we can do in any situation.

The difference in behaviour only really affects the full disk encryption
code in cryptfs.cpp, which used to explicitly check that the keymaster
device is a "real" TEE (as opposed to a SOFTWARE implementation) before
using it (it can no longer do so since Keystore2 doesn't provide a way
to do this).

A little code history digging (7c49ab0a0b in particular) shows that
cryptfs.cpp cared about two things when using a keymaster.
 - 1) that the keys generated by the keymaster were "standalone" keys -
      i.e. that the keymaster could operate on those keys without
      requiring /data or any other service to be available.
 - 2) that the keymaster was a non-SOFTWARE implementation so that things
      would still work in case a "real" TEE keymaster was ever somehow
      added to the device after first boot.

Today, all "real" TEE keymasters always generate "standalone" keys, and
a TEE has been required in Android devices since at least Android N. The
only two exceptions are Goldfish and ARC++, which have SOFTWARE
keymasters, but both those keymasters also generate "standalone" keys.

We're also no longer worried about possibly adding a "real" TEE KM to
either of those devices after first boot. So there's no longer a reason
cryptfs.cpp can't use the SOFTWARE keymaster on those devices.

There's also already an upgrade path in place (see
test_mount_encrypted_fs() in cryptfs.cpp) to upgrade the kdf that's
being used once a TEE keymaster is added to the device. So it's safe for
cryptfs.cpp to ask for a TEE keymaster from Keystore2 and use it
blindly, without checking whether or not it's a "real" TEE, which is why
Keymaster::isSecure() just returns true now. A future patch will remove
that function and simplify its callers.

Bug: 181910578
Test: cuttlefish and bramble boot. Adding, switching between, stopping
      and removing users work.
Change-Id: Iaebfef082eca0da8a305043fafb6d85e5de14cf8
2021-04-08 00:16:01 +00:00
Songchun Fan
f77beb516b [vold] expose binder headers to dependent modules
This allows libincremental_aidl-cpp to be built via cc_library instead
of aidl_interface.

BUG: 181266844
Test: builds
Change-Id: I4f0bc82629c0df758467aa074274b30f9dc6718d
2021-02-25 15:32:16 -08:00
Bob Badour
8eb43ae497 [LSC] Add LOCAL_LICENSE_KINDS to system/vold
Added SPDX-license-identifier-Apache-2.0 to:
  Android.bp
  bench/inodeop_bench/Android.bp
  tests/Android.bp

Bug: 68860345
Bug: 151177513
Bug: 151953481

Test: m all

Exempt-From-Owner-Approval: janitorial work
Change-Id: I91823c7097d7bee39a363a0c0cc30de13e4d7539
2021-02-14 10:37:25 -08:00
Jeongik Cha
89253240ec Specify version for aidl_interface explicitly
Bug: 150578172
Test: m
Change-Id: Ie51caa503b6b1e5c29372b85d0357be292144126
2021-01-26 22:35:14 +09:00
Yifan Hong
3355ff7790 Merge changes from topic "health_storage_aidl"
* changes:
  Use AIDL HAL for Dev GC
  Refactor HIDL HAL Dev GC invocation
2021-01-20 19:45:16 +00:00
Risan
4ad2048001 Revert^4 "Customize StubVolume implementation for ARC"
This reverts commit 8ed81fd9ca.

Reason for revert: Let me try one last time more carefully. According to https://googleplex-android-review.git.corp.google.com/q/%2522customize+stubvolume%2522 - this CL will flow to aosp branches (without vendor images) and 2 branches with vendor images. I have submitted the vendor CL for both branches now (ag/13366009 and ag/13371672). This should not break anything now.

Change-Id: I69aacceabfb70053387a3c156b49e06be65fe6e4
2021-01-20 10:33:18 +00:00
Maurice Lam
8ed81fd9ca Revert "Revert "Revert "Customize StubVolume implementation for ARC"""
This reverts commit 3164c0a238.

Reason for revert: b/177917240

Change-Id: I69f541698a3068d59553d555846ba45d169fbbed
2021-01-19 19:03:56 +00:00
Risan
3164c0a238 Revert "Revert "Customize StubVolume implementation for ARC""
This reverts commit 0cf77b025d.

Reason for revert: The requird libarcvolume has been submitted to master (ag/13366009)

Change-Id: I86fada53aad2ec5faa497a9bcbce5435c35d040e
2021-01-19 02:24:38 +00:00
Mariia Sandrikova
0cf77b025d Revert "Customize StubVolume implementation for ARC"
This reverts commit b5d7cb0a52.

Reason for revert: Broken build b/177828900
Fix: 177829766

Change-Id: Ic2984da3b11bcf5597203b511943d3058ea9ea19
2021-01-18 15:28:41 +00:00
Risan
b5d7cb0a52 Customize StubVolume implementation for ARC
This allow ARC to customize StubVolume implementation in vendor
partition.

Bug: 132796154
Test: Customize the implementation of StubVolume and check on device.
Ignore-AOSP-First: Will cherry-pick to AOSP.
Change-Id: I626a7ed4113b6132bb456b3258ee4a93b4f8a72e
2021-01-18 08:31:58 +00:00
Yifan Hong
e1e494519e Use AIDL HAL for Dev GC
Test: run idle maint
Bug: 177470478

Change-Id: Iefddf8628e31f020b86ff56dfb4926c2c9a2a888
2021-01-15 18:27:57 -08:00
Yo Chiang
0af25a3a98 Add IVold::destroyDsuMetadataKey()
destroyDsuMetadataKey() / destroy_dsu_metadata_key() calls
android::gsi::GetDsuMetadataKeyDir() to query the DSU metadata
encryption key dir and destroy the key.
This releases the resource and allows consecutive DSU installations to
use the same key *directory*, but not the same key *blob*.

Bug: 168571434
Test: 1. Install a DSU system.
  2. Boot the DSU system and reboot back to the host system.
  3. Wipe the DSU installation.
  4. DSU metadata key dir /metadata/vold/metadata_encryption/dsu/dsu is
     destroyed.
Change-Id: Ib851177315a5a266807f46ccfd446de1848232cf
2020-10-13 16:00:43 +08:00
Treehugger Robot
f7794b5dc1 Merge "Add '-unstable' to solve ODR violation" 2020-09-11 08:19:44 +00:00
Jeongik Cha
f8f374a381 Add '-unstable' to solve ODR violation
The interface which is imported by an unstable interface is 'unstable'
as well. Until now, the ODR violation checker in aidl has omitted an
interface imported, but it will be checked, accordingly, fix the current
problem

Bug: 146436251
Test: m nothing
Change-Id: Id3c4bbc9149ba7c3e0a0d728026f02f60cb17424
Merged-In: Id3c4bbc9149ba7c3e0a0d728026f02f60cb17424
Exempt-From-Owner-Approval: cp from internal
2020-09-11 06:49:21 +00:00
Treehugger Robot
dd8b695c61 Merge "vold: restore -D__ANDROID_DEBUGGABLE__" am: 5de675c93b am: bb92ff6591
Original change: https://android-review.googlesource.com/c/platform/system/vold/+/1365586

Change-Id: Id417587a550b0f4abf5a6a3e4b4535011b21f627
2020-07-17 19:02:45 +00:00
Mark Salyzyn
865086debe vold: restore -D__ANDROID_DEBUGGABLE__
Regression introduced by
commit 7ebcc2bcfd
("Revert "[Vold] Conditional dependency to ARC++ ObbVolume"")
errantly removed the product_variables support for
-D__ANDROID_DEBUGGABLE__ when built for userdebug builds.

Restore stanza.

Signed-off-by: Mark Salyzyn <salyzyn@google.com>
Bug: 161454607
Test: adb-remount-test no longer reports a problem
Change-Id: Ia7e55d1174fa7fac2d934d4aac06d15e8be388af
2020-07-17 08:20:00 -07:00
Eric Biggers
4cd238b900 Merge "vold: remove checkEncryption" am: 2d9777bfbf am: 15c0d3e5d0
Original change: https://android-review.googlesource.com/c/platform/system/vold/+/1363339

Change-Id: I23b9a01632b61a92896ae83e2152fa047dd85c48
2020-07-16 21:00:33 +00:00
Eric Biggers
2d9777bfbf Merge "vold: remove checkEncryption" 2020-07-16 20:30:35 +00:00
Treehugger Robot
9afa4c65d8 Merge "Revert "[Vold] Conditional dependency to ARC++ ObbVolume"" am: 6e6fc6b8d3 am: 11757842a3
Original change: https://android-review.googlesource.com/c/platform/system/vold/+/1320919

Change-Id: Iec0c1190443f1366a0f105bb3eba3967635ff544
2020-07-16 12:03:40 +00:00
Eric Biggers
b7a14053c3 vold: remove checkEncryption
The testing-only "checkEncryption" command has been replaced with
VtsKernelEncryptionTest [1].  In particular, the metadata encryption
documentation [2] no longer mentions checkEncryption but rather
recommends running VtsKernelEncryptionTest.  Also, checkEncryption
hasn't really been maintained, and it has some known bugs; it's unclear
that many people ever really used it.

So, just remove it.

[1] https://android.googlesource.com/platform/test/vts-testcase/kernel/+/refs/heads/master/encryption/
[2] https://source.android.com/security/encryption/metadata#tests

Bug: 155037012
Change-Id: I258829c60768fd11aafdf2faad956cecc1ae9826
2020-07-15 11:21:33 -07:00
Satoshi Niwa
7ebcc2bcfd Revert "[Vold] Conditional dependency to ARC++ ObbVolume"
This reverts commit aedae617fe.

Reason for revert: ArcObbVolume is not needed by ARCVM R and above.

Bug: 157885448
Test: trybot
Change-Id: I16395ac8b6902cedea263f51e306b297d719043f
2020-07-13 05:07:18 +00:00
Treehugger Robot
bcbd085191 Merge "Revert "ARC++ swap for AppFuseUtil"" am: b6e2c14ed1 am: 4cf8ddeed2
Change-Id: I8d91ba35477d526ff886ed32c7c1357134dfca4d
2020-05-12 13:00:16 +00:00
Treehugger Robot
b6e2c14ed1 Merge "Revert "ARC++ swap for AppFuseUtil"" 2020-05-12 12:30:16 +00:00
Satoshi Niwa
601e7bd4e2 Revert "ARC++ swap for AppFuseUtil"
This reverts commit dcbd4fcad2.

Reason for revert: ARC is migrating to ARCVM on R, which doesn't use AppFuse any more.

Change-Id: Ifd0bf92a79c0ff25d782bea44dd593f9502f1959
2020-05-08 04:50:34 +00:00
Yurii Zubrytskyi
9e7482ece1 [vold] Add argument verification to IncFS methods
+ Get rid of an extra string copy in path validation function

Bug: 152349257
Test: atest vold_tests
Change-Id: I03a8cab0dd6abd7d5c9dcbbc2acb651e818e6cd8
Merged-In: I03a8cab0dd6abd7d5c9dcbbc2acb651e818e6cd8
2020-03-25 17:21:49 -07:00
Yurii Zubrytskyi
131365a3e5 [vold] Add argument verification to IncFS methods
+ Get rid of an extra string copy in path validation function

Bug: 152349257
Test: atest vold_tests
Change-Id: I03a8cab0dd6abd7d5c9dcbbc2acb651e818e6cd8
2020-03-25 14:33:24 -07:00
Automerger Merge Worker
7489ab6961 Merge changes from topics "metadata_wrapped_key_aosp", "volume_metadata" am: 36fd1ebfae am: 6891eb7e2d am: c14f46d114
Change-Id: I89f51bfaeb61c235aeccbe8a5a5a447ab14c46cb
2020-02-19 22:19:26 +00:00
Martijn Coenen
816f4d94f6 Add fixupAppDir() API.
This can be used to fixup application directories in case they have been
created by some other entity besides vold; the main use case for this
API right now is OBB directories, which can be created by installers
outside of vold; on devices without sdcardfs, such directories and the
files contained therein are not setup correctly. This API will make sure
everything is setup the way it needs to be setup.

Bug: 146419093
Test: inspect OBB dir after install
Change-Id: I2e35b7ac2992dbb21cc950e53651ffc07cfca907
2020-02-19 12:11:34 +01:00
Paul Crowley
886e572009 On newer devices, use dm-default-key to encrypt SD cards
The dm-crypt solution requires a kernel patch that won't be present in
the GKI kernel, while the new metadata encryption system in the GKI
kernel solves this problem in a much cleaner way.

Test: create private volume on Cuttlefish, setting property both ways.
Bug: 147814592
Change-Id: Ie02bd647c38d8101af2bbc47637f65845d312cea
2020-02-18 13:01:00 -08:00
Paul Crowley
85d1c77ff6 Merge changes Ic3993c1f,I06645bb4 am: ac34e9aa3e am: b62afed286 am: 54d05de798
Change-Id: Ib122e011bb7be162b76b94a31885863d2aff6d1e
2020-02-14 18:57:33 +00:00
Paul Crowley
220567c33a Generalize CryptoType infrastructure
More consistency between MetadataCrypt and cryptfs, and steps towards
supporting Adiantum properly in MetadataCrypt.

Test: create private volume on Cuttlefish
Bug: 147814592
Change-Id: Ic3993c1fde11b4f5a9e6cc8ee588a7d92241c6ab
2020-02-14 00:48:27 -08:00
Shawn Willden
35f0f22c9b Update vold to use KM4.1
This CL updates vold to use the Keymaster 4.1 interface, but does not
yet call any of the new methods.

Test: Boot the device
Change-Id: I4574a2f6eead3b71d1e89488b496b734694620c7
Merged-In: I4574a2f6eead3b71d1e89488b496b734694620c7
2020-02-11 15:51:04 -07:00
Automerger Merge Worker
cc64e0c9af Merge "Fixed a wrong AIDL import path" am: aa038e2f4d am: b35ead2c3a am: 3c78c789d6
Change-Id: Ifccc45bfaf67cc31f12902f56bcc50da238f8901
2020-01-23 03:53:23 +00:00