Commit graph

95 commits

Author SHA1 Message Date
Alex Buynytskyy
fb9001b917 Additional operation check when enabling read logs. am: 605a44fe93
Change-Id: Ie068daae873a7796873e4170cd18617d8161916f
2020-04-04 04:08:57 +00:00
Alex Buynytskyy
605a44fe93 Additional operation check when enabling read logs.
Vold now does not check caller's permission, but only accepts
transactions from system_server. And it's up to system server to do the
right thing and check permissions/appops.

Bug: b/152633648
Test: atest PackageManagerShellCommandTest PackageManagerShellCommandIncrementalTest
Test: adb shell appops set 1000 GET_USAGE_STATS deny
Change-Id: Id56c1673b135b72b3ec86e572aa4bcca3afc19ab
2020-04-03 18:42:04 -07:00
Alex Buynytskyy
31e2a7c5c5 Merge "Checking LOADER_USAGE_STATS before enabling read logs." into rvc-dev am: 6ce90ced12
Change-Id: I9b04f7a6201cf148c310dc7c1598c40076839f64
2020-04-02 00:48:17 +00:00
Alex Buynytskyy
91e0bf4998 Checking LOADER_USAGE_STATS before enabling read logs.
Bug: b/152633648
Test: atest PackageManagerShellCommandTest PackageManagerShellCommandIncrementalTest
Change-Id: I29bf16d06a013566c8dd08e64be2a23ad805e37d
2020-03-31 16:28:30 -07:00
Songchun Fan
48dd647aa7 [vold] update with incfs_ndk.h am: 01c4e91c09
Change-Id: I3c917640ee14bdafeb012ca1ff59cab6c399d8a9
2020-03-29 17:15:03 +00:00
Songchun Fan
01c4e91c09 [vold] update with incfs_ndk.h
BUG: 150470163
Test: atest PackageManagerShellCommandIncrementalTest
Change-Id: I5166c49cf48f353dab35e385571ada517cb751ac
2020-03-27 17:07:06 -07:00
Yurii Zubrytskyi
ae78344623 [vold] Add argument verification to IncFS methods am: 131365a3e5
Change-Id: I8a19bea4ca9c8f30f754cf7d43feba432152e204
2020-03-26 04:25:24 +00:00
Yurii Zubrytskyi
131365a3e5 [vold] Add argument verification to IncFS methods
+ Get rid of an extra string copy in path validation function

Bug: 152349257
Test: atest vold_tests
Change-Id: I03a8cab0dd6abd7d5c9dcbbc2acb651e818e6cd8
2020-03-25 14:33:24 -07:00
Automerger Merge Worker
fdacc8d462 Make storage dirs remount fork() safe am: 6b12257702
Change-Id: I589afb12062914cc3da9ff8f7c8dd43014ac6ce9
2020-03-16 15:56:09 +00:00
Ricky Wai
6b12257702 Make storage dirs remount fork() safe
Also, use the pids provided by system server to remount all existing
processes, so we don't need to do the heavy and unreliable scanning in
/proc anymore.

Bug: 149548518
Test: atest AdoptableHostTest
Change-Id: Ifb5b79a3bc5438f36e0d61ec8aec96bdbc60ca13
2020-03-12 18:16:27 +00:00
Jooyung Han
4fcb707ecd Use optional for nullable types
AIDL generates optional<T> for nullable T types for C++, which is more
efficient and idomatic and easy to use.

Bug: 144773267
Test: build/flash/boot
Merged-In: I98549c8614c9152d5d45e2f1f33f2f3c31a9bbbf
Change-Id: I98549c8614c9152d5d45e2f1f33f2f3c31a9bbbf
(cherry picked from commit 3ce0ee5363)

Exempt-From-Owner-Approval: CP from master
2020-02-26 03:58:22 +00:00
Martijn Coenen
816f4d94f6 Add fixupAppDir() API.
This can be used to fixup application directories in case they have been
created by some other entity besides vold; the main use case for this
API right now is OBB directories, which can be created by installers
outside of vold; on devices without sdcardfs, such directories and the
files contained therein are not setup correctly. This API will make sure
everything is setup the way it needs to be setup.

Bug: 146419093
Test: inspect OBB dir after install
Change-Id: I2e35b7ac2992dbb21cc950e53651ffc07cfca907
2020-02-19 12:11:34 +01:00
TreeHugger Robot
dd85fe2e5e Merge "Add disk for StubVolume" 2020-02-14 04:35:15 +00:00
Martijn Coenen
8a68a075a2 Remove appDirRoot argument from setupAppDir.
This is no longer needed, because vold can deduce this itself now.

Bug: 146419093
Test: builds
Change-Id: Ib4f4a4109919af683722a63b305b343ef5fe972d
2020-02-12 15:38:45 +01:00
Risan
82e90de23d Add disk for StubVolume
StubVolume is a volume type for ARC++ external storage. Named StubVolume
because it is managed from outside Android (not through Android kernel).

Previously, StubVolume is a diskless volume. However, as mentioned in
jsharkey@ email, a disk is needed for StubVolume to hold "kInternal"
(external storage type that is "external" from Android perspective,
but is "internal" to the device. For example shared directory from
ChromeOS to Android) and "kIndexable" (whether or not a disk should be
indexed by MediaStore).

The addition of disk means we could expose the createStubVolume API to
add a disk flags, which is also introduced in this CL.

Both kInternal and kIndexable will be introduced in separate CL.

Bug: 132796154
Test: Mount/unmount ARC++ removable device in ChromeOS.
Change-Id: I8b77fa1cf50ab38a2892272154dafdb78f079378
2020-02-12 07:42:40 +00:00
Automerger Merge Worker
cc733959f6 Merge "Refactor: make cryptfs.h smaller" am: 98c501d28e am: 645c2f40a0 am: ebbabdc8fb
Change-Id: If8c533aa196969adf38dcbf85673cebb39a79024
2020-02-08 02:27:49 +00:00
Paul Crowley
73be12dcd5 Refactor: make cryptfs.h smaller
Move most of it into cryptfs.cpp, and include cryptfs.h in fewer files.

Bug: 147814592
Test: Treehugger
Change-Id: Ia3592d73e7abc1f07a60538e0978a3033bdea7de
2020-02-07 11:16:12 -08:00
Yurii Zubrytskyi
3497cb5be5 Expose new IncFS interface through Vold
CL is a part of multi-repository topic and will be merged
to AOSP

Bug: 146080380
Test: manual

Change-Id: I09b33a34ff1ac7f6e415b7bd090c22e7df24d72d
2020-01-27 22:26:37 -08:00
Barani Muthukumaran
b1927c2a0a vold: Do not cache CE keys in vold
CE keys were cached in vold to support untrusted reset
by a device admin, this is now supported by Locksettingservice
using synthetic password. This change requires a secret to be
provided to retrieve the CE key and re-wrap without the secret
when user removes the credential.

Test: Set credential, remove credential, swipe to none
and vice-versa.
Bug: 26948053
Merged-In: I4cb1c035a472477e70c1ff5bf0b2c3fcfad495e5
Change-Id: I4cb1c035a472477e70c1ff5bf0b2c3fcfad495e5
2020-01-24 00:20:22 +00:00
Barani Muthukumaran
9ad51adeb9 vold: Do not cache CE keys in vold
CE keys were cached in vold to support untrusted reset
by a device admin, this is now supported by Locksettingservice
using synthetic password. This change requires a secret to be
provided to retrieve the CE key and re-wrap without the secret
when user removes the credential.

Test: Set credential, remove credential, swipe to none
and vice-versa.
Bug: 26948053
Change-Id: I4cb1c035a472477e70c1ff5bf0b2c3fcfad495e5
2020-01-16 12:16:25 -08:00
Martijn Coenen
13ff668775 Replace mkdirs() with setupAppDir().
vold historically offerred functionality to create directories on behalf
of others. This functionality was purely used to create app-specific
data/obb/media dirs. Make this more explicit by renaming the method to
indicate this.

Additionally, in the past, we never needed to care about the UID set on
these directories, because sdcardfs would take care of that for us
automatically. But with sdcardfs going away, we need to make sure the
UID of the app-specific directories is set correctly. Allow the caller
to pass this in as an argument.

Bug: 146419093
Test: atest FuseDaemonHostTest
Change-Id: Ibeb5fdc91b40d53583bc0960ee11c4d640549c34
2019-12-31 15:58:41 +01:00
Songchun Fan
0583015a57 Merge "[incremental] use vold to mount/unmount IncrementalFileSystem" am: 6bdfb77d8b am: a0945f468a
am: 1119bc8531

Change-Id: I772667d5c43cdf1ff37b156db9f47b61820433c7
2019-12-06 01:16:26 -08:00
Songchun Fan
ab55cecdc1 [incremental] use vold to mount/unmount IncrementalFileSystem
Let vold mount IncFs onto directories under data and open control files.

Test: builds
Change-Id: Ibd96aae254b4fefaf56c9d549c4672a987c46221
2019-12-04 14:01:22 -08:00
Zim
5048b4b2bc Add mount callback
Mounting a FUSE path needs two steps:
1. Mounting the filesystem
2. Starting the FUSE session in the FUSE daemon

The second part requires retriving an fd from (1) and the mount paths
and passing it to the FUSE daemon.

Previously, we'd return from the Vold mount call and mark the volume
as mounted while we scramble to do (2). This means there's a time
period where the Volume is marked as MOUNTED but not actually ready
and any IO access on the paths will hang forever. This could also be
misleading when interpreting bug reports.

Now, we block the Vold mount call until the FUSE session is started

Test: atest AdoptableHostTest
Bug: 144275217

Change-Id: I45238a31df71286f67ef1c65c711d0085d72e97f
2019-11-22 17:06:04 +01:00
Zim
a438b24368 Fix multi-user and multi-storage with FUSE
Up until now, the FUSE mount logic has made two assumptions:
1. The primary external volume is an emulated volume on /data/media
2. Only the primary user is running, as user zero

These assumptions are fixed by the following changes
creating an EmulatedVolume per Android user and changing the
VolumeBase id format to append the user to the id, so
s/emulated/emulated-0/. This allows us mount separate volumes per user

Some additional refactorings to re-use/clean up code.

Test: adb shell sm set-virtual-disk and partition disk operations work
even after setting up a work profile
Bug: 135341433

Change-Id: Ifabaa12368e5a591fbcdce4ee71c83ff35fdac6b
2019-11-11 20:24:49 +00:00
Nikita Ioffe
e1fd48999b Rename ENFORCE_UID to ENFORCE_SYSTEM_OR_ROOT
A little bit more self-explanatory name that explicitly says that root
is also allowed.

Test: builds
Change-Id: Ice20ffcba2a0994c599dbebace252138ffd827de
Merged-In: Ice20ffcba2a0994c599dbebace252138ffd827de
2019-10-26 15:51:17 +01:00
Nikita Ioffe
5d85bf3127 Rename ENFORCE_UID to ENFORCE_SYSTEM_OR_ROOT
A little bit more self-explanatory name that explicitly says that root
is also allowed.

Test: builds
Change-Id: Ice20ffcba2a0994c599dbebace252138ffd827de
2019-10-25 19:52:48 +01:00
Nikita Ioffe
7a04dfe86d Merge "vold: implement resetCheckpoint" am: 4eeebff8d5 am: e182b26d64 am: 3631ac59fd
am: 3ec81f1059

Change-Id: I00ce96ee4c6c6f729c5335a04aee08712ee4ae91
2019-10-18 15:37:54 -07:00
Nikita Ioffe
a5798fc115 vold: implement resetCheckpoint
It will be used by userspace reboot to reset checkpoint state, to make
sure that when /data is remounted, it will be remounted in checkpointing
if a checkpoint was requested beforee userspace reboot.

Test: /system/bin/vdc startCheckpoint 1
      /system/bin/vdc needsCheckpoint (returns 0)
      /system/bin/vdc resetCheckpoint
      /system/bin/vdc needsCheckpoint (returns 1)

Bug: 135984674
Change-Id: Ia29238686289b4eed93e2fb936a8b3d894b94dc9
2019-10-12 00:43:04 +01:00
Paul Crowley
a1c405a8f2 Merge "Create a per-boot key on each boot" am: dab5ddf663 am: 6db7fa72a5 am: 03336816a7
am: d678142ac6

Change-Id: I7ab21b901ac8fd8a746f7190a340c518e099a48a
2019-09-16 23:20:15 -07:00
Paul Crowley
c8a3ef3f3c Create a per-boot key on each boot
Bug: 140882488
Test: Booted twice, checked logs to ensure encryption
    is different each time, adb created files in directory.
Change-Id: I74077bf8f727dab726c25f512ed7406a74cbe0bf
2019-09-13 15:46:48 -07:00
Nandana Dutt
a914cc764e Use unique_fd
Also allow the state just before doMount() as a valid state for setting
fuse fd.
Test: manual
BUG:140173712

Change-Id: I012f8a83fef00e68f33010954fbc2ebc53cf8f1d
2019-08-29 15:25:13 +01:00
Zim
3623a212e3 Mount /dev/fuse on /mnt/user/<userid>/<volumeid>
Since system_server cannot mount devices by itself,
add a binder interface to vold that system_server
can call to initiate this mount when required.

BUG: 135341433
Test: manual
Test: atest --test-mapping packages/providers/MediaProvider
Test: ExternalStorageHostTest DownloadProviderTests

Change-Id: If4fd02a1f1a8d921a3f96783d8c73e085c5b7ca1
2019-08-28 10:49:27 +01:00
Paul Lawrence
4ad86a9315 Merge "Make ext4 userdata checkpoints work with metadata encryption" am: 2c792e0720
am: 5f19ef31c8

Change-Id: I7da7077c70484cb5873b9316058bc73158c19ab6
2019-06-27 11:03:03 -07:00
Paul Lawrence
236e5e800e Make ext4 userdata checkpoints work with metadata encryption
When both ext4 user data checkpoints and metadata encryption are
enabled, we are creating two stacked dm devices. This had not been
properly thought through or debugged.

Test: Enable metadata encryption on taimen (add
keydirectory=/metadata/vold/metadata_encryption to flags for userdata in
fstab.hardware)
    Unfortunately metadata is not wiped by fastboot -w, so it is
    necessary to rm metadata/vold -rf whenever you wipe data.
    fastboot flashall -w works
    fastboot reboot -w works
    A normal boot works
    Disable checkpoint commits with
    setprop persist.vold.dont_commit_checkpoint 1
    vdc checkpoint startCheckpoint 10
    adb reboot
    wait for device to fully boot then
    adb reboot
    Wait for device to fully boot then
    adb logcat -d | grep Checkpoint shows the rollback in the logs

    This tests encryption on top of checkpoints with commit, encryption
    without checkpoints, and rollback, which seems to be the key cases.

Bug: 135905679
Change-Id: I8365a40298b752af4bb10d00d9ff58ce04beab1f
2019-06-26 15:19:24 -07:00
Sudheer Shanka
5fceb48da1 Remove storage sandboxes related code.
Bug: 131115422
Test: manual
Test: atest --test-mapping packages/providers/MediaProvider
Test: atest cts/hostsidetests/appsecurity/src/android/appsecurity/cts/ExternalStorageHostTest.java
Test: atest DownloadProviderTests
Test: atest cts/tests/app/src/android/app/cts/DownloadManagerTest.java
Test: atest cts/tests/app/DownloadManagerLegacyTest/src/android/app/cts/DownloadManagerLegacyTest.java
Test: atest cts/tests/app/DownloadManagerApi28Test/src/android/app/cts/DownloadManagerApi28Test.java
Change-Id: Ib3272a47a901ed106474039e72f123b11f5443ff
Merged-In: Ib3272a47a901ed106474039e72f123b11f5443ff
2019-05-09 17:48:04 -07:00
Daniel Rosenberg
149ed5fb3c Merge changes I977cc03b,I7b621476,Ib57f4461 am: 58551c0568 am: 5da6d2a0f9
am: 6647c75d3c

Change-Id: Iecf990d139b98ba2788cb6ba82e6673c28bb08c2
2019-03-21 14:28:39 -07:00
Daniel Rosenberg
a59e4396a4 Change abortChanges to take a message and bool
abortChanges will attempt to pass a reboot message, and will only reboot
if the device is currently checkpointing. Additionally, it can opt to
attempt to prevent future attempts. This only works for non-bootloader
controlled updates. Failures are ignored, as it will always reboot the
device. In the unlikely event of such a failure, the device will
continue to retry as though you did not ask to prevent future attempts.

Test: vdc checkpoint abortChanges abort_retry_test 1
      vdc checkpoint abortChanges abort_noretry_test 0

Change-Id: I7b6214765a1faaf4fd193c73331696b53ae572d2
2019-03-21 13:33:49 -07:00
Paul Lawrence
183f8cd213 Merge "Add vdc checkpoint supportsBlockCheckpoint" am: 860c731158 am: 4c5ce24e80
am: ca54294cf8

Change-Id: Ibee238347b863404670e972f41cebcb4986c8435
2019-03-18 16:47:37 -07:00
Paul Lawrence
c5c79c5679 Add vdc checkpoint supportsBlockCheckpoint
Also add vdc checkpoint supportsFileCheckpoint
This is to allow tests to be specific to supported checkpoint mode.

Test: Built on Taimen and Crosshatch, made sure both new functions work
as expected

Change-Id: I0eab7453b13c0a2e31840ef9ad24a692cec55b00
2019-03-18 13:40:00 -07:00
Daniel Rosenberg
dfe9605bf4 Merge changes I91cf0def,I47570e8e am: 5f01cf3cac am: 84ceaedb59
am: 738694469d

Change-Id: I3df9cd0523d2bfcdc716c855c8dca86aba09be9d
2019-03-07 20:07:29 -08:00
Daniel Rosenberg
dda598103d Add vdc checkpoint restoreCheckpointPart
Restores the first n entries of a checkpoint. Allows automated testing
of interrupted restores.

Test: vdc checkpoint restoreCheckpoint [device] [n]
Change-Id: I47570e8eba0bc3c6549a04a33600df05d393990b
2019-03-07 13:58:49 -08:00
Daniel Rosenberg
38a2899523 Merge "Add supportsCheckpoint" am: 9b2b8fd459 am: 908a4569e9
am: 4cd2102637

Change-Id: I73fea54d60f27468a46bca872ae2f21bdfcb67a1
2019-01-23 22:43:28 -08:00
Daniel Rosenberg
9b667fbe41 Add supportsCheckpoint
This returns true if any entries in the fstab have checkpoint=
set.

Test: Call vdc checkpoint supportsCheckpoint. Should return 1
      iff an fstab entry has checkpoint=fs or checkpoint=block set
Bug: 111020314

Change-Id: Ic79bc96ded4da6605f73992dcff542e7cb50d705
2019-01-22 17:58:03 -08:00
Sudheer Shanka
817b911ca4 Update process mount points when appop gets updated.
When an app is started, it's mountmode is dependent on
OP_REQUEST_INSTALL_PACKAGES. If user changes the appop grant of an app,
we need to update the mounts of any processes running in that app.

Bug: 121099965
Test: atest android.appsecurity.cts.ExternalStorageHostTest#testExternalStorageObbGifts
Change-Id: I87fee492891d33ccc9fc9e2548114f67d90cc759
2018-12-16 16:02:14 -08:00
Risan
8f6198d299 Change AppFuse mount location to vold namespace
Previously, AppFuse is mounted in system_server's mount namespace. This
CL moves the mount location to vold namespace.

Relanding this since it fails to be merged on ag/5521004 (blocked by
Presubmit, seems to be caused by temporary state) - this one now
passes presubmit without any changes.

Bug: 110379912
Test: testOpenProxyFileDescriptor passes
Change-Id: Id93c26d5a98842c78f27850c83e15df619cec1ab
2018-11-26 15:30:01 +00:00
Sudheer Shanka
105fd6ff0f Merge "Update shared sandbox prefix to "shared-"." 2018-11-14 18:02:00 +00:00
Sudheer Shanka
637457d502 Update shared sandbox prefix to "shared-".
":" is not allowed in filenames by vfat.

Bug: 119525489
Test: sm set-virtual-disk true

Change-Id: I22945f2b359b6523ed0a058ca4015dcfef7f7d0e
2018-11-13 17:49:26 -08:00
Risan
5f53cd3b79 Change AppFuse mount location to vold namespace
Previously, AppFuse is mounted in system_server's mount namespace. This
CL moves the mount location to vold namespace.

Bug: 110379912
Test: testOpenProxyFileDescriptor passes
Change-Id: Id93c26d5a98842c78f27850c83e15df619cec1ab
2018-11-13 22:46:23 +00:00
Risan
4d8ba07231 Merge "StubVolume as first class Volume in Vold" am: dcbce84fed am: 14955896e5
am: a294e197b4

Change-Id: Iaec41c8ffe6feaa59163987c914fa21edc7ae2cd
2018-11-13 12:13:23 -08:00