Added a new call change_user_key which changes the way that disk
encryption keys are protected; a key can now be protected with a
combination of an auth token and a secret which is a hashed password.
Both of these are passed to unlock_user_key.
This change introduces a security bug, b/26948053, which must be fixed
before we ship.
Bug: 22950892
Change-Id: Iac1e45bb6f86f2af5c472c70a0fe3228b02115bf
Add new misc directories to list of paths that we lock/unlock in
emulation mode. When booting a device without native-FBE and without
emulation, make sure we "unlock" any emulated settings on user 0;
MountService handles this for secondary users later during boot.
Bug: 27069522
Change-Id: I15c7cf00a7231ce99b2e4e11a25106d7b87e70cc
Give callers the option of preparing CE and/or DE storage. The
framework will only prepare CE storage after the CE keys have been
unlocked for that user.
When init is calling enablecrypto, kick off the work in a thread so
that we can make other calls back into vold without causing
deadlock. Leaves blocking call intact for framework callers.
Clean up 'vdc' tool to send useful transaction numbers, and
actually watch for the matching result to come back. This fixes
race conditions when there are multiple 'vdc' callers.
Also add other system and misc directories to match spec.
Bug: 25796509
Change-Id: Ie4f853db6e387916b845d2b5fb92925d743b063d
e2fsck and fsck.f2fs must run in the fsck domain. Add call to
setexeccon() to tell selinux to run in the fsck domain on exec.
Addresses:
avc: denied { execute_no_trans } for path="/system/bin/e2fsck" dev="mmcblk0p41" ino=241 scontext=u:r:vold:s0 tcontext=u:object_r:fsck_exec:s0 tclass=file
Bug: 26872236
Change-Id: Ib2a583aeefc667f8aa67532e0ac0ff9619b65461
Mainly a refactor, but with a substantive change: Keys are created in
a temporary location, then moved to their final destination, for
atomicity.
Bug: 26704408
Change-Id: I0b2dc70d6bfa1f8a65536dd05b73c4b36a4699cf
Our code for creating disk encryption keys doesn't work everywhere,
and it doesn't need to; only on platforms that support FBE. Don't
create them elsewhere.
Bug: 26842807
Change-Id: I686d0ffd7cb3adbddfce661c22ce18f66acb1aba
The key storage module didn't comply with Android coding standards
and had room for improvemnet in a few other ways, so have cleaned up.
Change-Id: I260ccff316423169cf887e538113b5ea400892f2
Instead of writing raw keys, encrypt the keys with keymaster. This
paves the way to protecting them with auth tokens and passwords later.
In addition, fold in the hash of a 16k file into their encryption, to
ensure secure deletion works properly.
Now even C++ier!
Bug: 22502684
Bug: 22950892
Change-Id: If70f139e342373533c42d5a298444b8438428322
As a precaution, we do the work of emulating an unlock even on devices
that aren't emulating FBE. However, we don't care if it fails, so
don't fail the calling command in that instance.
Bug: 26713622
Change-Id: I8c5fb4b9a130335ecbb9b8ea6367f1c59835c0f1
Major rework and refactor of FBE code to load the keys at the right
time and in a natural way. The old code was aimed at our goals for M,
with patches on top, and didn't quite work.
Bug: 22358539
Change-Id: I9bf7a0a86ee3f2abf0edbd5966f93efac2474c2c
am: 9b5db9bcbe
* commit '9b5db9bcbe333b677ca18d2c1c398c8751cd0fd2':
cryptfs: Skip to encrtypt unused blocks into a block group which uninitialize block bitmap .
Much nicer C++ style logging, but the main reason is to clean up
AutoCloseFD.h so I don't have to use cutils to use it.
Change-Id: I7a7f227508418046eecce6c89f813bd8854f448a
am: 1ae498e0d4
* commit '1ae498e0d4524aef6de2f1e3b639697ac24b29b2':
cryptfs: Skip to encrtypt unused blocks into a block group which uninitialize block bitmap .
After DocumentsProvider opens FD on app fuse, DocumentProvider passes it
to other applications. To allow other applications to use the FD on app
fuse, we need to specify allow_other mount option.
BUG=25756419
Change-Id: I3c729f90e5b822a7b1032bf80726cc234c0936b1
