Commit graph

89 commits

Author SHA1 Message Date
Greg Kaiser
1452b27d4e cryptfs: Don't hardcode ascii buffer size
We're removing hardcoded buffer sizes in anticipation of allowing
different keysizes.  In this case, our buffer was sufficiently
large for all current cases.  But if we ever changed the
crypt_mnt_ftr struct to allow larger keys, this code will adjust
with the change.

Bug: 73079191
Test: Flashed an encrypted sailfish and it booted.
Change-Id: I261e729a77b351e287fbb55327564fe512a23d47
2018-02-09 16:11:38 -08:00
Greg Kaiser
f45a70c416 cryptfs: Don't hardcode ikey buffer size
We were hardcoding the size of the ikey buffer, but then had logic
which used KEY_LEN_BYTES and IV_LEN_BYTES to offset into the array
and describe the length of its contents.

In anticipation of allowing the keysize to be set via a property,
instead of at compile time, we change this code to make the relation
between the keysize and the buffer size explicit.

Bug: 73079191
Test: Flashed an encrypted sailfish and it booted.
Change-Id: I109a5dc812662220e53163bfb4b5e51bf5abf185
2018-02-09 15:01:13 -08:00
Greg Kaiser
b610e77fd2 cryptfs: Fix format string
Test: None
Change-Id: Id16acb4ed5e89e759b69ec2d2f2db54cc54f1959
2018-02-09 14:02:28 -08:00
Greg Kaiser
026072f81b cryptfs: Remove unused variable
We'll be allowing modifyable key sizes in the near future,
and want to remove this variable to reduce confusion with this
change.

Bug: 73079191
Test: None
Change-Id: I7047bb375553d8c46ff0724add697a5105ebc68c
2018-02-09 14:02:28 -08:00
Paul Crowley
0fd2626fc3 Add a mount with metadata encryption service
Don't use the FDE flow to support metadata encryption; just provide a
vold service which directly mounts the volume and use that.

Bug: 63927601
Test: Boot Taimen to SUW with and without metadata encryption.
Change-Id: Ifc6a012c02c0ea66893020ed1d0da4cba6914aed
2018-02-01 10:08:17 -08:00
TreeHugger Robot
a8b6225578 Merge "No double encryption on FDE+FBE SD cards" 2018-01-18 01:39:19 +00:00
Paul Lawrence
7ee87cfcbe Remove all references to FDE enable wipe
Bug: 64766105
Test: FBE boots, forceencrypt boots, set pattern, reboots, encryptable
      boots and can be encrypted
Change-Id: I8c6dc0acdc37c3a6f1bea28d5607ed8938a4eb0c
2017-12-22 11:17:15 -08:00
Paul Crowley
5afbc6276d No double encryption on FDE+FBE SD cards
On FBE systems, adoptable storage uses both file-based encryption (for
per-user protection) and full disk encryption (for metadata
protection). For performance/battery reasons, we don't want to encrypt
the same data twice; to that end, ensure that the
allow_encrypt_override flag is sent to dm_crypt.

Bug: 25861755
Test: see ag/3247969
Change-Id: Ib0c5891ab2d2ee9007e27a50254d29fc867d7bc5
2017-12-04 14:42:10 -08:00
Paul Crowley
6699e7b912 Merge "Key upgrading for FDE." am: 997e605563 am: 2b1b72d183
am: 78c9969299

Change-Id: I85740653a804707faca6becc77a16c3ce9990123
2017-11-27 21:05:35 +00:00
Paul Crowley
2b1b72d183 Merge "Key upgrading for FDE."
am: 997e605563

Change-Id: If2ca4a6bd3b7a2b36b6c092975bcfdde8e063a3e
2017-11-27 20:59:33 +00:00
Paul Crowley
73473337d8 Key upgrading for FDE.
Correctly handle a key upgrade error from keymaster by upgrading the
FDE RSA key and writing the new key blob to disk.

Bug: 69792304
Test: Roll back PLATFORM_SECURITY_PATCH a month, wipe and reboot, roll
      forwards again, check logs with and without this patch.
Change-Id: I220d2dd4e3d791f636e9bc5f063064cecbf1b88a
2017-11-27 10:34:18 -08:00
Xin Li
bf168f7dad Merge commit 'e2d1d99f1a98b02a28fe71f2a387a72b69d4b4a6' from
oc-mr1-dev-plus-aosp into stage-aosp-master

Change-Id: I4bdada4c933109f1cc60c61946fa30e174ca7583
2017-11-14 12:20:56 -08:00
Jaegeuk Kim
119a98ac1b Merge "cryptfs: support make_f2fs with quota" am: 7807866abe am: 4d1c7765c8
am: 5968445892

Change-Id: Id898a24124eeafdcc1abdaafc4864d795f6fd340
2017-11-14 03:33:35 +00:00
Jaegeuk Kim
5968445892 Merge "cryptfs: support make_f2fs with quota" am: 7807866abe
am: 4d1c7765c8

Change-Id: Ica0836d567049774eeaf41d7f75d5cd83045edfe
2017-11-14 03:03:10 +00:00
Jaegeuk Kim
8de9f065a4 cryptfs: support make_f2fs with quota
Change-Id: I699b457ca0282c02e0d0a399c146d4e54a403bf4
Signed-off-by: Jaegeuk Kim <jaegeuk@google.com>
2017-11-13 13:54:16 -08:00
Jaegeuk Kim
98651a235b cryptfs: call format_f2fs correctly with proper flags
Change-Id: Ia493e6f758ff5dd5dd41479193ab237d4306d464
Signed-off-by: Jaegeuk Kim <jaegeuk@google.com>
2017-11-13 13:16:45 -08:00
Paul Crowley
b64933a502 Be even more C++. Switch on a warning.
Remove lots of "extern C" and "ifdef __cplusplus" which are no longer
needed now all of vold is C++. Also turn on the cert-err58-cpp warning
we once had to disable.

Bug: 67041047
Test: compiles, boots
Change-Id: I8c6f9dd486f2409e0deed7bb648d959677465b21
2017-10-31 08:40:23 -07:00
Jeff Sharkey
3472e52fc2 Move to modern utility methods from android::base.
Moves away from crufty char* operations to std::string utility
methods, including android::base methods for splitting/parsing.

Rewrite of how Process handles scanning procfs for filesystem
references; now uses fts(3) for more sane traversal.

Replace sscanf() with new FindValue() method, also has unit tests.

Remove some unused methods.  Switch almost everyone over to using
modern logging library.

Test: cts-tradefed run commandAndExit cts-dev -m CtsOsTestCases -t android.os.storage.cts.StorageManagerTest
Test: cts-tradefed run commandAndExit cts-dev --abi armeabi-v7a -m CtsAppSecurityHostTestCases -t android.appsecurity.cts.AdoptableHostTest
Bug: 67041047
Change-Id: I70dc512f21459d1e25b187f24289002b2c7bc7af
2017-10-17 12:40:51 -06:00
Paul Crowley
3b71fc5100 Be more C++. volume UUID should always be std::string.
Test: boots
Bug: 67041047
Change-Id: I36d3944ae8de192703b9ee359900841b833fe3a1
2017-10-09 13:36:35 -07:00
Paul Crowley
a7ca40bd70 Remove dead code; move code out of cryptfs that doesn't belong.
Test: Marlin boots
Change-Id: I5c3fc21fef336b301981d6eff6f6ea242f30f66c
2017-10-06 14:29:33 -07:00
Paul Crowley
584610f325 Remove CheckBattery altogether
Test: changed Angler fstab to encryptable and encrypted.
Bug: 16868177
Change-Id: I17d36ea838d6d96f0752b2d6d03b1f9a781ed018
2017-10-03 21:38:15 -07:00
Paul Crowley
de90f76fe2 Remove CheckBattery altogether
am: a04014bf26

Change-Id: I7aefe1d6f4815a7f02671869fe940a3cdd13cd70
2017-10-03 22:08:31 +00:00
Paul Crowley
5385417922 Remove CheckBattery altogether
Test: changed Angler fstab to encryptable and encrypted.
Bug: 16868177
Change-Id: I17d36ea838d6d96f0752b2d6d03b1f9a781ed018
2017-10-03 11:53:36 -07:00
Paul Crowley
a04014bf26 Remove CheckBattery altogether
Test: changed Angler fstab to encryptable and encrypted.
Bug: 16868177
Change-Id: I17d36ea838d6d96f0752b2d6d03b1f9a781ed018
2017-10-03 10:45:23 -07:00
Paul Crowley
e2ee152e46 Refactor of use of fstab in advance of fix.
Test: Ensure device still boots.
Bug: 65737446
Change-Id: Ie466db9f5d8c77656cc525c0d49fe6a3cce154f1
2017-09-26 14:21:10 -07:00
Jeff Sharkey
95440ebd97 Enable "cert-err34-c" tidy checks.
Now that we've moved to Binder, we only have a few lingering atoi()
usages that are cleaned up in this CL.

Rewrite match_multi_entry() entirely, with tests to verify both old
and new implementations.

Test: adb shell /data/nativetest/vold_tests/vold_tests
Bug: 36655947
Change-Id: Ib79dc1ddc2366db4d5b4e1a1e2ed9456a06a983e
2017-09-20 13:29:48 -06:00
Jeff Sharkey
83b559ced4 Move all crypto commands over to Binder.
Prefix FDE related commands with "fde" to make it clear which devices
they apply to.  This will also make it easier to remove once FDE
is fully deprecated in a future release.

To emulate the single-threaded nature of the old socket, introduce a
lock that is acquired for all encryption related methods.

Sprinkle some "const" around older files to make C++ happy.

Test: cts-tradefed run commandAndExit cts-dev -m CtsAppSecurityHostTestCases -t android.appsecurity.cts.DirectBootHostTest
Test: cts-tradefed run commandAndExit cts-dev -m CtsAppSecurityHostTestCases -t android.appsecurity.cts.AdoptableHostTest
Test: cts-tradefed run commandAndExit cts-dev -m CtsOsTestCases -t android.os.storage.cts.StorageManagerTest
Bug: 13758960
Change-Id: I0a6ec6e3660bbddc61424c344ff6ac6da953ccf0
2017-09-12 17:24:06 -06:00
Josh Gao
e78efb7df4 Merge "Switch RebootType to an enum class." am: db725d3348 am: da54114d23 am: c01810be33
am: 41770aab2c

Change-Id: Ia5e279208a7ed804abc898520f13ceb2d19b77c3
2017-08-30 02:52:55 +00:00
Josh Gao
41770aab2c Merge "Switch RebootType to an enum class." am: db725d3348 am: da54114d23
am: c01810be33

Change-Id: Ie54bffd0befd917165debfd8d6eff8f9552d6949
2017-08-29 22:01:20 +00:00
Josh Gao
da54114d23 Merge "Switch RebootType to an enum class."
am: db725d3348

Change-Id: I72431dc56d20cf1acb2443ae3d67300a59e10ad3
2017-08-29 21:47:58 +00:00
Josh Gao
fec4437972 Switch RebootType to an enum class.
RebootType's shutdown enumerator collides with the shutdown socket
function, which causes problems when <sys/socket.h> gets included
transitively. Switch RebootType into an enum class, to namespace its
enumerators.

Test: treehugger
Change-Id: Ib5e8667df363acb28771430fd43000d381dc8620
2017-08-28 13:22:55 -07:00
Jin Qian
b678d7c3f7 cryptfs: remove reference to legacy make_ext4fs
Use upstream mke2fs tool to format ext4 filesystem.

Bug: 64395169
Change-Id: I383510f25a7c0935ddb280a14ef31fcbd143cba1
2017-08-16 11:01:14 -07:00
Jaegeuk Kim
ab48bc9dbd cryptfs: call format_f2fs correctly with proper flags
Change-Id: Ia493e6f758ff5dd5dd41479193ab237d4306d464
Signed-off-by: Jaegeuk Kim <jaegeuk@google.com>
2017-06-19 18:38:17 -07:00
Wei Wang
42e3810e13 Remove timout logic in waiting vold.post_fs_data_done
This code should not be timing out, since it has no graceful way to
recover.

Bug: 62308812
Test: marlin boot
Change-Id: I1284f9a34e83e6451622a702d2bee40b08877db2
2017-06-07 11:26:41 -07:00
Guang Zhu
5b6c6a2c4a Revert "Enable metadata encryption"
Bug: 37792477

This reverts commit 3963b23645.

Change-Id: I3b6bf5a9a4c3899aabe2c824d8498a06981daed8
2017-04-28 23:58:39 +00:00
Paul Lawrence
3963b23645 Enable metadata encryption
Bug: 26778031
Test: Boots, reboots, sector 0 of userdata encrypted
      Make sure an FDE device, both default and password protected,
      boots.
      Make sure an FBE device without metadata encryption boots.
Change-Id: Ic44a32ce7e9b978e9c9e2dc112b26206741c838d
2017-04-28 16:44:23 +00:00
Paul Crowley
f71ace310e Refactor to lay the groundwork for metadata encryption
Bug: 26778031
Test: Angler, Marlin build and boot
Change-Id: Ic136dfe6195a650f7db76d3489f36da6a1929dc5
2017-04-21 10:47:17 -07:00
Jeff Sharkey
32ebb739cb Enable clang-tidy for security sensitive domain.
Start with clang-analyzer-security* and cert-*, but disable two
specific errors:

-- cert-err34-c, which checks for atoi(); heavily triggered by
CommandListener, but will disappear when we move to Binder.
-- cert-err58-cpp, which checks for exceptions before main(); it's
a "Low" severity issue, and filed 36656327 to track cleanup.

Fix all other triggered errors along the way.

Test: builds, boots
Bug: 36655947
Change-Id: I1391693fb521ed39700e25ab6b16bc741293bb79
2017-03-27 17:14:52 -06:00
Wei Wang
4375f1be4c Change to use new WaitForProperty API
Change to use WaitForProperty API to wait for vold.post_fs_data_done
Also change cryptfs to C++

Bug: 35425974
Test: mma, marlin/angler boot

Change-Id: Id821f2035788fcc91909f296c83c871c67571de3
2017-02-24 17:47:53 -08:00
Renamed from cryptfs.c (Browse further)