init reads files in /data/property/ but it is not ready to read when
trigger_load_persist_props is triggered by vold.decrypt.
Bug: 29332975
Change-Id: I14beac8714ff2f722d8b11f666bc7ca693ccd46e
(cherry picked from commit e2ef0c0da4)
TARGET_HW_DISK_ENCRYPTION and TARGET_CRYPTFS_HW_PATH build flags
and related code in cryptfs.c are removed since it doesn't match
the driver in current tree.
To enable HW encryption, the driver needs to be hidlized.
Bug: 34268168
Test: compile
Change-Id: I507a0e2908b3c407c565e44873b82c94a8305de6
We are investigating replacing make_ext4fs with the upstream tool mke2fs.
See b/23686092 for more informations.
To mitigate the trouble that may arise if the new tool behave differently
compared to the old one, there will be a transition period where both mke2fs
and make_ext4fs will be supported.
This patch does 3 things:
- add the necessary code to use mke2fs to format an ext4 partition;
- add a dependency to the binary used by vold.
Test: m -j32 with TARGET_USES_MKE2FS={,false,true}
TARGET_USERIMAGES_USE_EXT4={,true}
Change-Id: I89222642fe1d11a035155c8224b84b2e3719938b
The old way (using triggers) starts defaultcrypto twice because
queue_property_triggers_action retriggers the action.
Bug: 27452459
Change-Id: I715d5441f8ae0b820b680f6a75f51694c4420992
Give callers the option of preparing CE and/or DE storage. The
framework will only prepare CE storage after the CE keys have been
unlocked for that user.
When init is calling enablecrypto, kick off the work in a thread so
that we can make other calls back into vold without causing
deadlock. Leaves blocking call intact for framework callers.
Clean up 'vdc' tool to send useful transaction numbers, and
actually watch for the matching result to come back. This fixes
race conditions when there are multiple 'vdc' callers.
Also add other system and misc directories to match spec.
Bug: 25796509
Change-Id: Ie4f853db6e387916b845d2b5fb92925d743b063d
e2fsck and fsck.f2fs must run in the fsck domain. Add call to
setexeccon() to tell selinux to run in the fsck domain on exec.
Addresses:
avc: denied { execute_no_trans } for path="/system/bin/e2fsck" dev="mmcblk0p41" ino=241 scontext=u:r:vold:s0 tcontext=u:object_r:fsck_exec:s0 tclass=file
Bug: 26872236
Change-Id: Ib2a583aeefc667f8aa67532e0ac0ff9619b65461
am: 9b5db9bcbe
* commit '9b5db9bcbe333b677ca18d2c1c398c8751cd0fd2':
cryptfs: Skip to encrtypt unused blocks into a block group which uninitialize block bitmap .
Change encryption to happen after a reboot, not before. This
removes the problem whereby if data cannot be unmounted, we cannot
encrypt.
Bug: 25426629
Change-Id: I25d610204234ed8254330d001eb965e6e87a2fe9
The function PKCS5_PBKDF2_HMAC_SHA1 can fail for a number of reasons and
thus its return value should be checked and handled.
Change-Id: I0f0d8f74b58940a34df16b88434a085760822075
This set of changes adds the screen that offers this conversion,
and the plumbing so the option is only available on suitable
devices.
It does not implement the conversion mechanism.
Change-Id: I801199c37b03436045d40bf8840a8746daf94d27
Sadly setexeccon() is process global, so we need to carefully ensure
that all exec() are mutually exclusive to avoid transitioning into
unwanted domains. Also, because we have several threads floating
around, we need to guard all our FDs with O_CLOEXEC.
Format all newly created volumes immediately after partitioning,
but silence all events emitted from those volumes to prevent the
framework from getting all excited. Unify all notify events under a
single codepath to make them easy to silence.
Sent SIGINT before escalating to SIGTERM when unmounting.
Bug: 19993667
Change-Id: Idc6c806afc7919a004a93e2240b42884f6b52d6b
This adds support for private volumes which is just a filesystem
wrapped in a dm-crypt layer. For now we're using the exact same
configuration as internal encryption (aes-cbc-essiv:sha256), but we
don't store any key material on the removable media. Instead, we
store the key on internal storage, and use the GPT partition GUID
to identify which key should be used.
This means that private external storage is effectively as secure as
the internal storage of the device. That is, if the internal storage
is encrypted, then our external storage key is also encrypted.
When partitioning disks, we now support a "private" mode which has
a PrivateVolume partition, and a currently unused 16MB metadata
partition reserved for future use. It also supports a "mixed" mode
which creates both a PublicVolume and PrivateVolume on the same
disk. Mixed mode is currently experimental.
For now, just add ext4 support to PrivateVolume; we'll look at f2fs
in a future change. Add VolumeBase lifecycle for setting up crypto
mappings, and extract blkid logic into shared method. Sprinkle some
more "static" around the cryptfs code to improve invariants.
Bug: 19993667
Change-Id: Ibd1df6250735b706959a1eb9d9f7219ea85912a0
Wire up new Disk and VolumeBase objects and events to start replacing
older DirectVolume code. Use filesystem UUID as visible PublicVolume
name to be more deterministic.
When starting, create DiskSource instances based on fstab, and watch
for kernel devices to appear. Turn matching devices into Disk
objects, scan for partitions, and create any relevant VolumeBase
objects. Broadcast all of these events towards userspace so the
framework can decide what to mount.
Keep track of the primary VolumeBase, and update the new per-user
/storage/self/primary symlink for all started users.
Provide a reset command that framework uses to start from a known
state when runtime is restarted. When vold is unexpectedly killed,
try recovering by unmounting everything under /mnt and /storage
before moving forward.
Remove UMS sharing support for now, since no current devices support
it; MTP is the recommended solution going forward because it offers
better multi-user support.
Switch killProcessesWithOpenFiles() to directly take signal. Fix
one SOCK_CLOEXEC bug, but SELinux says there are more lurking.
Bug: 19993667
Change-Id: I2dad1303aa4667ec14c52f774e2a28b3c1c1ff6d
ioctl(BLKGETSIZE) expects unsigned long
(8 bytes on 64 bit environment).
This is fixing fails in android.os.storage.StorageManagerIntegrationTest
(in FrameworkCoreTests).
To verify, install FrameworksCoreTests.apk and do:
adb shell am instrument -r -w -e class android.os.storage.\
StorageManagerIntegrationTest#testMountSingleEncryptedObb \
com.android.frameworks.coretests/android.test.InstrumentationTestRunner
Change-Id: Ib6d5c7490c02521c93f107c35ad0aac49f6a3f1a
Redirect all crypto calls to e4crypt equivalents if file level encryption
detected. Note this change implements only the ones needed for minimal
functionality.
Requires matching change:
https://googleplex-android-review.git.corp.google.com/#/c/642778/
Change-Id: I622d1a91704de4b3ab655486e6d38cd6718e6016
Redirect all crypto calls to e4crypt equivalents if file level encryption
detected. Note this change implements only the ones needed for minimal
functionality.
Requires matching change:
https://googleplex-android-review.git.corp.google.com/#/c/642778/
Change-Id: I622d1a91704de4b3ab655486e6d38cd6718e6016
