Paul Crowley
8fb12fd835
Add init_user0 command.
...
Change-Id: Icf746ec1968a073fde707ecc788b648f5803fd38
2016-02-01 15:19:07 +00:00
Paul Crowley
ea62e26ad3
Create disk encryption keys only when FBE enabled
...
Our code for creating disk encryption keys doesn't work everywhere,
and it doesn't need to; only on platforms that support FBE. Don't
create them elsewhere.
Bug: 26842807
Change-Id: I686d0ffd7cb3adbddfce661c22ce18f66acb1aba
2016-01-28 12:23:53 +00:00
Paul Crowley
13ffd8ef7a
Improvements to the key storage module
...
The key storage module didn't comply with Android coding standards
and had room for improvemnet in a few other ways, so have cleaned up.
Change-Id: I260ccff316423169cf887e538113b5ea400892f2
2016-01-27 15:54:35 +00:00
Paul Crowley
c5fdb4b8d3
Merge "Use a keymaster-based key storage module"
2016-01-27 10:19:54 +00:00
Paul Crowley
1ef255816c
Use a keymaster-based key storage module
...
Instead of writing raw keys, encrypt the keys with keymaster. This
paves the way to protecting them with auth tokens and passwords later.
In addition, fold in the hash of a 16k file into their encryption, to
ensure secure deletion works properly.
Now even C++ier!
Bug: 22502684
Bug: 22950892
Change-Id: If70f139e342373533c42d5a298444b8438428322
2016-01-26 18:24:03 +00:00
Narayan Kamath
ea243a3015
Unmount emulated filesystems before killing the fuse process.
...
Avoid ENOTCONN for file system operations.
bug: 26645585
bug: 26070583
Change-Id: I19b00db37ef7ba85a2cae16c7c4204826653f559
2016-01-26 10:05:15 +00:00
Paul Crowley
a042cb5761
Don't fail on unlock if we're not even emulating FBE
...
As a precaution, we do the work of emulating an unlock even on devices
that aren't emulating FBE. However, we don't care if it fails, so
don't fail the calling command in that instance.
Bug: 26713622
Change-Id: I8c5fb4b9a130335ecbb9b8ea6367f1c59835c0f1
2016-01-21 17:26:11 +00:00
Paul Crowley
285956fe11
Rework FBE crypto to match the N way of doing things
...
Major rework and refactor of FBE code to load the keys at the right
time and in a natural way. The old code was aimed at our goals for M,
with patches on top, and didn't quite work.
Bug: 22358539
Change-Id: I9bf7a0a86ee3f2abf0edbd5966f93efac2474c2c
2016-01-20 13:12:38 +00:00
Jeff Sharkey
7a9dd95cbc
Offer to enforce "locked" state using SELinux.
...
Bug: 26466827
Change-Id: Id5f05298c2cb5f3cf288df37ddf0a196ca49949b
2016-01-15 14:07:12 -07:00
Daichi Hirono
b025f3efc0
Merge "Add allow_other mount option for appfuse."
2016-01-14 07:23:17 +00:00
Paul Lawrence
b0f4a229e5
Merge "cryptfs: Skip to encrtypt unused blocks into a block group which uninitialize block bitmap ." am: 1ae498e0d4
...
am: 9b5db9bcbe
2016-01-12 22:21:21 +00:00
Paul Crowley
8bb8fcfb4f
Use android-base logging not cutils in secdiscard
...
Much nicer C++ style logging, but the main reason is to clean up
AutoCloseFD.h so I don't have to use cutils to use it.
Change-Id: I7a7f227508418046eecce6c89f813bd8854f448a
2016-01-12 10:03:05 +00:00
Paul Lawrence
9b5db9bcbe
Merge "cryptfs: Skip to encrtypt unused blocks into a block group which uninitialize block bitmap ."
...
am: 1ae498e0d4
2016-01-11 20:31:03 +00:00
Paul Lawrence
1ae498e0d4
Merge "cryptfs: Skip to encrtypt unused blocks into a block group which uninitialize block bitmap ."
2016-01-11 20:25:32 +00:00
Daichi Hirono
089ab074e8
Add allow_other mount option for appfuse.
...
After DocumentsProvider opens FD on app fuse, DocumentProvider passes it
to other applications. To allow other applications to use the FD on app
fuse, we need to specify allow_other mount option.
BUG=25756419
Change-Id: I3c729f90e5b822a7b1032bf80726cc234c0936b1
2016-01-07 17:52:45 +09:00
liminghao
aa08e58e3a
cryptfs: Skip to encrtypt unused blocks into a block group which uninitialize block bitmap .
...
Bug: 198288
Change-Id: Iaa1a14fd916ddec8dc1a4be18d49732ebcba6884
Signed-off-by: liminghao <liminghao@xiaomi.com>
2016-01-06 15:20:38 +08:00
Daichi Hirono
78b524ec46
Add unmount command to vold's AppFuse listener.
...
BUG=25756420
Change-Id: I75b41f135c172d400e57a72a2be0473546781475
2015-12-22 19:10:20 +09:00
Jeff Sharkey
d2d7bffd0c
Create /data/media directory for new users.
...
Otherwise later unlock commands will fail.
Bug: 26267450
Change-Id: I090ac3a3fd4ac6d49290906e21d88f1efcdec421
2015-12-18 19:16:49 -07:00
Jeff Sharkey
7eac12c2c6
Merge "Hide external storage from apps if it\'s not set as adoptable" am: f570ded508
...
am: 6a7d34bffd
2015-12-17 07:47:40 +00:00
Jeff Sharkey
6a7d34bffd
Merge "Hide external storage from apps if it\'s not set as adoptable"
...
am: f570ded508
2015-12-16 23:10:38 +00:00
Jeff Sharkey
f570ded508
Merge "Hide external storage from apps if it's not set as adoptable"
2015-12-16 22:19:11 +00:00
Qin Chao
e0074f142b
Hide external storage from apps if it's not set as adoptable
...
If storage is not visible to apps and no need to spin up FUSE, it also
should not make FUSE mount point directory.
Change-Id: I6ecd2e5bf56b5dcf0e11834880256b156a62a9a0
Signed-off-by: Qin Chao <chao.qin@intel.com>
2015-12-15 15:20:41 +08:00
Paul Crowley
415d3605e0
Avoid use of a macro when checking argument count.
...
Change-Id: Ia697de58b983233c78e9ef8eb93098d50dfda931
2015-12-14 15:52:19 +00:00
Lenka Trochtova
9ad4369ce8
Fix a bug in passing parameters to prepare_user_storage.
...
Add the serial parameter to prepare_user_storage to avoid
confusion when parsing parameters and passing them around.
Change-Id: Id5516c248401ad50585aa8f6e8b1545a6cded549
2015-12-11 13:27:32 +01:00
Daichi Hirono
47ef9bcad2
Mount FUSE for appfuse directories.
...
BUG=25755834
Change-Id: Icb59b5096239fd3611b614a0870d0ec910cee277
2015-12-11 17:18:31 +09:00
Daichi Hirono
37f09e0d8b
Merge "Send file descriptor of /dev/fuse from vold."
2015-12-11 06:16:13 +00:00
Paul Crowley
ee6b1642b1
Use Jeff's C++ style for finding the subcommand consistently.
...
Change-Id: I2c7333de680cf5d350894f5064e955969e804781
2015-12-10 16:51:53 +00:00
Paul Crowley
34b813eae6
Simplify test for right argc in cryptfs commands, and test more.
...
Change-Id: I23bb19a329b34ba4b81c57b815a2a0a4e8f27745
2015-12-10 16:33:40 +00:00
Paul Crowley
27cbce9214
Rename functions with a system/extras name collision.
...
Following around the call graph in code search is hard enough as it is!
Change-Id: I09d3513664423aafe0d99f9158acfbbb6c79b590
2015-12-10 15:30:45 +00:00
Paul Lawrence
ff9097f560
Fix create_user_key to take 3 params
...
Change-Id: Ied03e2ee404a1b4f386740213e6ab01f18ec09b9
2015-12-09 15:45:41 -08:00
Daichi Hirono
8575a350ff
Send file descriptor of /dev/fuse from vold.
...
BUG=25755834
Change-Id: Ica8bd336baa74e117be008a6e7ee34e3ffac3769
2015-12-09 14:20:13 +09:00
Lenka Trochtova
395039f007
Introduce support for ephemeral users.
...
BUG: 24883058
Change-Id: I77d4757f87214166e7c41c7eb0d06b1cd5f06b20
2015-12-08 11:10:59 +01:00
Jeff Sharkey
fc505c3ff6
Emulate media encryption, always chmod to unlock.
...
When FBE emulation is enabled, lock/unlock the media directories that
store emulated SD card contents.
Change unlocking logic to always chmod directories back to known
state so that we can recover devices that have disabled FBE
emulation.
Bug: 26010607, 26027473
Change-Id: I6d4bff25d8ad7b948679290106f585f777f7a249
2015-12-07 17:35:58 -07:00
Elliott Hughes
6bf0547ccc
resolve merge conflicts of b7d5a47cec to master.
...
Change-Id: I0c5211a00d92d0ee796bb9c77d2e13675a2a3e8d
2015-12-04 17:55:33 -08:00
Elliott Hughes
b7d5a47cec
Merge "Track rename from base/ to android-base/." am: 20a8fa98f6
...
am: a9d5080109
2015-12-05 01:45:41 +00:00
Elliott Hughes
a9d5080109
Merge "Track rename from base/ to android-base/."
...
am: 20a8fa98f6
2015-12-04 17:39:41 -08:00
Elliott Hughes
20a8fa98f6
Merge "Track rename from base/ to android-base/."
2015-12-05 01:34:17 +00:00
Jeff Sharkey
51c6b9876a
Merge "Handle non-format partition in Vold" am: 385ca5d236 am: 63b7774894
...
am: 971ecb40ee
2015-12-05 00:54:30 +00:00
Jeff Sharkey
90cca664e1
Merge "Make sure path is not NULL to avoid fatal exception." am: e0e5bfeb3c am: de629f105e
...
am: 9e807ea6db
2015-12-05 00:54:27 +00:00
Jeff Sharkey
20826a1574
Merge "vold: fix 64 bit ioctl error" am: 3e6c59dc16 am: bf6acf44a9
...
am: a619c191cc
2015-12-05 00:54:22 +00:00
Elliott Hughes
7e128fbe21
Track rename from base/ to android-base/.
...
Change-Id: I3096cfa50afa395d8e9a8043ab69c1e390f86ccb
2015-12-04 15:50:53 -08:00
Jeff Sharkey
971ecb40ee
Merge "Handle non-format partition in Vold" am: 385ca5d236
...
am: 63b7774894
2015-12-03 17:46:23 +00:00
Jeff Sharkey
9e807ea6db
Merge "Make sure path is not NULL to avoid fatal exception." am: e0e5bfeb3c
...
am: de629f105e
2015-12-03 17:46:20 +00:00
Jeff Sharkey
63b7774894
Merge "Handle non-format partition in Vold"
...
am: 385ca5d236
2015-12-03 17:43:17 +00:00
Jeff Sharkey
de629f105e
Merge "Make sure path is not NULL to avoid fatal exception."
...
am: e0e5bfeb3c
2015-12-03 17:43:14 +00:00
Jeff Sharkey
385ca5d236
Merge "Handle non-format partition in Vold"
2015-12-03 17:40:21 +00:00
Jeff Sharkey
e0e5bfeb3c
Merge "Make sure path is not NULL to avoid fatal exception."
2015-12-03 17:39:39 +00:00
Jeff Sharkey
a619c191cc
Merge "vold: fix 64 bit ioctl error" am: 3e6c59dc16
...
am: bf6acf44a9
2015-12-03 17:01:37 +00:00
Jeff Sharkey
bf6acf44a9
Merge "vold: fix 64 bit ioctl error"
...
am: 3e6c59dc16
2015-12-03 16:57:37 +00:00
Jeff Sharkey
3e6c59dc16
Merge "vold: fix 64 bit ioctl error"
2015-12-03 16:56:13 +00:00
