Commit graph

39 commits

Author SHA1 Message Date
Jeff Sharkey
9c48498f45 Support for private (adopted) volumes.
This adds support for private volumes which is just a filesystem
wrapped in a dm-crypt layer.  For now we're using the exact same
configuration as internal encryption (aes-cbc-essiv:sha256), but we
don't store any key material on the removable media.  Instead, we
store the key on internal storage, and use the GPT partition GUID
to identify which key should be used.

This means that private external storage is effectively as secure as
the internal storage of the device.  That is, if the internal storage
is encrypted, then our external storage key is also encrypted.

When partitioning disks, we now support a "private" mode which has
a PrivateVolume partition, and a currently unused 16MB metadata
partition reserved for future use.  It also supports a "mixed" mode
which creates both a PublicVolume and PrivateVolume on the same
disk.  Mixed mode is currently experimental.

For now, just add ext4 support to PrivateVolume; we'll look at f2fs
in a future change.  Add VolumeBase lifecycle for setting up crypto
mappings, and extract blkid logic into shared method.  Sprinkle some
more "static" around the cryptfs code to improve invariants.

Bug: 19993667
Change-Id: Ibd1df6250735b706959a1eb9d9f7219ea85912a0
2015-04-01 10:45:05 -07:00
Jeff Sharkey
36801cccf2 Progress towards dynamic storage support.
Wire up new Disk and VolumeBase objects and events to start replacing
older DirectVolume code.  Use filesystem UUID as visible PublicVolume
name to be more deterministic.

When starting, create DiskSource instances based on fstab, and watch
for kernel devices to appear.  Turn matching devices into Disk
objects, scan for partitions, and create any relevant VolumeBase
objects.  Broadcast all of these events towards userspace so the
framework can decide what to mount.

Keep track of the primary VolumeBase, and update the new per-user
/storage/self/primary symlink for all started users.

Provide a reset command that framework uses to start from a known
state when runtime is restarted.  When vold is unexpectedly killed,
try recovering by unmounting everything under /mnt and /storage
before moving forward.

Remove UMS sharing support for now, since no current devices support
it; MTP is the recommended solution going forward because it offers
better multi-user support.

Switch killProcessesWithOpenFiles() to directly take signal.  Fix
one SOCK_CLOEXEC bug, but SELinux says there are more lurking.

Bug: 19993667
Change-Id: I2dad1303aa4667ec14c52f774e2a28b3c1c1ff6d
2015-03-30 19:46:31 -07:00
Jeff Sharkey
43ed123d3f ASEC resize tweaking, allow read-write mounting.
Resize is no-op when sector count is unchanged; the caller can't
anticipate how vold does its sector calculations.

After resizing, we need to mount the container read-write, so allow
the caller to request "ro" or "rw" mode.

Handle ENOTSUP when trying to fallocate() on some filesystems

Bug: 16514385
Change-Id: I0d3a378280d4c36d14f8108ff428102283d583fa
2014-08-22 15:39:41 -07:00
JP Abgrall
40b64a6841 vold: support "volume list [broadcast]" command
Sometimes when an sdcard is already mounted,
some info like uuid and label are not re-broadcast to new listeners.
The extra argument to list allows late listeners to catch up by asking
volume list to broadcast that info again.

Bug: 16253597
Bug: 16306775
Change-Id: Ie7d0c1132c22d307a5b2a0e50075a3716138d00b
Signed-off-by: Benson Huang <benson.huang@mediatek.com>
(cherry picked from commit 85f4700f44170b772697e627b3075dcb9137e1b7)
2014-07-25 01:46:26 +00:00
Daniel Rosenberg
fcd34a0ddd Added support for ext4 ASEC resizing.
ASECs formatted as ext4 can now be resized using vdc asec resize.
Refactored some common code.
Requires resize2fs.

Change-Id: Ie78bb6015114a7bc4af42b16d1f299322ffc1e2a
Signed-off-by: Daniel Rosenberg <drosen@google.com>
2014-06-10 22:15:33 +00:00
Nick Kralevich
6696260965 Validate asec names.
Make sure asec names only contain alphanumeric, underscores,
dots, or dashes. Don't allow double dots.

Bug: 12504045
Change-Id: I3dd0350c79327dc91a5a10d5724d85d99814e769
2014-01-27 14:58:06 -08:00
Jeff Sharkey
71ebe154a5 Add mkdirs() command.
Apps without sdcard_r or sdcard_rw need to have someone create
package-specific directories on their behalf.  If apps have trouble
creating on their own, they now delegate through system to have
vold create the paths.

Requires that the requested path is actually managed by vold.

Bug: 10577808
Change-Id: I6835fc8f52240f9de07f89742a426a153e3ca32a
2013-09-20 14:29:59 -07:00
Ken Sumrall
9caab76c6b vold: Add an optional wipe paramter to the volume format command
The new wipe option to the vold format command will invoke BLKDISCARD
on the partition before invoking newfs_msdos.  This will be used whenever
a full wipe of the device is wanted, as this is more secure than just
doing newfs_msdos.

Bug: 9392982
Change-Id: Ie106f1b9cc70abc61206006d1821641c27c7ccae
2013-06-12 18:42:02 -07:00
Kenny Root
93ecb38dad Only cleanup ASECs in external storage
Any ASEC or OBB files were unmounted when USB storage was set to UMS
mode. This changes it so only ASEC files on external storage and OBB
files mounted from external storage are unmounted.

Bug: 6948035
Change-Id: I91bc09ee5b792970b0eef895f6886f3ffad00e8f
2012-08-09 15:50:58 -07:00
Ken Sumrall
425524dba1 Unmount all asec apps before encrypting
Now that forward locked apps are stored on /data as asec image files
that are mounted, they need to be unmounted before /data can be unmounted
so it can be encrypted.

Change-Id: I7c87deb52aaed21c8ad8ce8aceb7c15c2338620a
2012-06-15 14:46:53 -07:00
Kenny Root
344ca10856 Add in ext4 support for ASEC containers
Now forward locked applications will be in ASEC containers both internal
to the system and externally.

This change adds support for putting applications in ext4-based ASECs.

Change-Id: I8d6765b72dd2606e429c067b47a2dbcaa8bef37d
2012-04-25 14:15:15 -07:00
Ken Sumrall
0b8b597193 Add the ability to revert a crypto mapping when unmounting a volume
Add the force_and_revert option to the unmount command which will force
the unmount, and revert a crypto mapping.  This is used during factory
reset so that when the internal sdcard volume is formatted, it formats
the raw device, not the encrypted mapping.

Change-Id: I36b6ff9bb54863b121de635472a303bf4a2334a9
2011-08-31 18:09:35 -07:00
Ken Sumrall
3b17005083 Prevent sharing or formatting of a vold managed volumes during encryption.
Mounting was already not allowed, but also unshare before starting
encryption, and don't allow sharing or formatting to be initiated
during encrytion.

Change-Id: Ida188d81f025739ba4dd90492b3e66088735991e
2011-07-11 15:38:57 -07:00
Dianne Hackborn
736910ca99 Add new vold call to get the path to an asec fs.
Change-Id: Ife15628ed6e2493c9e85a2ade6d59a194fdddde5
2011-06-27 13:37:28 -07:00
Mike Lockwood
6b715592ec Merge "Remove obsolete code for monitoring USB status" 2011-06-17 20:55:07 -07:00
Ken Sumrall
319b1043bb Don't abort the encryption process if an internal volume is present but unmounted.
It is not a failure if the SD card is not mounted.

Change-Id: If954f77c55ac124b9b7b39c89ffbafb4e5ea9e98
2011-06-14 14:01:55 -07:00
Mike Lockwood
a976656ff9 Remove obsolete code for monitoring USB status
Change-Id: I8ac8900b3135f03b7717540b825ff6df76f31c0b
Signed-off-by: Mike Lockwood <lockwood@android.com>
2011-06-07 08:34:08 -07:00
Ken Sumrall
29d8da8cef vold: allow to store key in a file on another partition
Add support for keeping the keys in a separate file on another partition,
for devices with no space reserved for a footer after the userdata filesystem.

Add support for encrypting the volumes managed by vold, if they meet certain
criteria, namely being marked as nonremovable and encryptable in vold.fstab.
A bit of trickiness is required to keep vold happy.

Change-Id: Idf0611f74b56c1026c45742ca82e0c26e58828fe
2011-06-02 16:30:14 -07:00
Mike Lockwood
a28056b382 Set VM dirty ratio to zero when UMS is active
Improves UI responsiveness when copying large amount of data to the device.

BUG: 3131847

Change-Id: I4aa5ade7e2cd7e5110c8f0f7ee43bdc57577e11d
Signed-off-by: Mike Lockwood <lockwood@google.com>
2010-10-28 15:21:24 -04:00
Kenny Root
cbacf78eff Track type of container mounted
OBB and ASEC are tracked in the same active container list, but when it
comes time to unmount everything, it was trying to unmount the OBBs
according to ASEC rules. This led to the OBB not being unmounted and the
volume unmount failing.

Change-Id: I12c1d4d387b8022185d552b63edd61a50b9c0fc3
2010-09-26 07:35:17 -07:00
Kenny Root
508c0e1605 Additional Obb functionality
* Rename all functions dealing with OBB files to mention Obb

* Add 'path' and 'list' functionality to OBB commands

* Store hashed filename in loop's lo_crypt_name and keep lo_file_name
  for the real source filename. That way we can recover it later with an
  ioctl call.

Change-Id: I29e468265988bfb931d981532d86d7be7b3adfc8
2010-07-15 12:41:01 -07:00
Kenny Root
fb7c4d5a8a Add image mounting commands for OBB files
Allow the mounting of OBB filesystem images if they're encrypted with
twofish and in FAT filesystem format.

Change-Id: I54804e598f46b1f3a784ffe517ebd9d7626de7aa
2010-07-07 08:14:32 -07:00
Mike Lockwood
99635f6c28 Use new kernel notifications to determine if USB mass storage is available.
The usb_mass_storage switch no longer exists in our 2.6.35 kernel.
Instead we will consider mass storage to be available if both USB is connected
and the USB mass storage function is enable.

Change-Id: I730d1b3cb3cac664fc2abcdc36cd39856a08404a
Signed-off-by: Mike Lockwood <lockwood@android.com>
2010-06-28 08:57:00 -04:00
Kenny Root
acc9e7dcca Change ASCII conversion for hash and add tests
Hash was printed using snprintf(), but we can just write yet another hex
conversion utility!

Change-Id: I04f1992deaf5bf1b3e2751c8f07072f8ed6660e9
2010-06-20 22:03:10 -07:00
San Mehat
1a06edaf4d vold: Ensure we cleanup secure containers on card removal.
Fixes bug: http://b/issue?id=2567572

Note: The framework will still likely restart since the system_server
is holding references to assets on the card which are mmaped, but
at least now storage will be available when a new card is re-inserted.

Change-Id: I4e195c0c666426b93da47198fa826a6f58d855a9
Signed-off-by: San Mehat <san@google.com>
2010-04-15 12:59:15 -07:00
San Mehat
befd59c152 vold: remove some dead code
Change-Id: Iaeb5d3334ec22ed31da9734bb8d7cd17e6a40eaf
Signed-off-by: San Mehat <san@google.com>
2010-03-15 10:28:21 -07:00
San Mehat
d9a4e35861 vold: Bugfixes & cleanups
- Fix issue where container-names > 64 bytes were getting truncated in the
    kernel. lo_name is only 64 bytes in length, so we now hash the container
    id via md5
  - Add 'dump' command to dump loop and devicemapper status
  - Add 'debug' command to enable more detailed logging at runtime
  - Log vold IPC arguments (minus encryption keys)
  - Fix premature return from Loop::lookupActive() and friends

Change-Id: I0e833261a445ce9dc1a8187e5501d27daba1ca76
Signed-off-by: San Mehat <san@google.com>
2010-03-13 16:42:19 -08:00
San Mehat
4ba8948dc1 vold: Add 'force' option to anything that can cause an unmount
Signed-off-by: San Mehat <san@google.com>
2010-02-18 11:48:49 -08:00
San Mehat
eba65e9d43 vold: Bloat reduction
Signed-off-by: San Mehat <san@google.com>
2010-02-02 08:03:50 -08:00
San Mehat
048b0801fc vold: Add support for renaming secure containers
Signed-off-by: San Mehat <san@google.com>
2010-01-23 08:17:06 -08:00
San Mehat
88705166ab vold: Unmount secure containers when the underlying media is removed.
Signed-off-by: San Mehat <san@google.com>
2010-01-15 09:26:28 -08:00
San Mehat
8b8f71b1d7 vold: Internally use sector counts for asec lengths
Signed-off-by: San Mehat <san@google.com>
2010-01-11 09:17:25 -08:00
San Mehat
b78a32c1d5 vold: Add encrypted ASEC support via devmapper
- Supports up to 4096 containers
- Keys are now implemented - specifying a key of 'none' means no encryption.
  Otherwise, the key must be a string of 32 characters

Signed-off-by: San Mehat <san@google.com>
2010-01-11 08:12:52 -08:00
San Mehat
a19b250bd2 vold2: Initial support for Android Secure External Caches
Signed-off-by: San Mehat <san@google.com>
2010-01-06 10:55:29 -08:00
San Mehat
0cde53ce7b vold2: Manually bootstrap the ums switch since switch kernel uevents are broken
Signed-off-by: San Mehat <san@google.com>
2010-01-01 10:57:33 -08:00
San Mehat
a2677e4ad0 vold2: Get mounting/unmounting/formatting/sharing working
Signed-off-by: San Mehat <san@google.com>
2009-12-19 09:54:42 -08:00
San Mehat
49e2bce5b7 vold2: Wire up more of the mount function
Signed-off-by: San Mehat <san@android.com>
2009-10-12 16:29:01 -07:00
San Mehat
fd7f587512 vold2: Refactor the netlink event handling and better define how partitions/disks are handled
Signed-off-by: San Mehat <san@android.com>
2009-10-12 15:02:58 -07:00
San Mehat
f1b736bc56 system: vold2: Initial skeleton for vold2.
Let there be light.

Signed-off-by: San Mehat <san@android.com>
2009-10-10 17:57:51 -07:00