Commit graph

29 commits

Author SHA1 Message Date
Rubin Xu
f8d604caf3 Add secdiscard command for secure deletion of files
This is used by LockSettingsService to delete sensitive credential files.

Bug: 34600579
Test: manual - change device lock under synthetic password, verify
      old data on disk is erased.

Change-Id: I5e11b559ad8818bd2ad2b321d67d21477aab7555
Merged-In: I5e11b559ad8818bd2ad2b321d67d21477aab7555
2017-05-16 13:29:24 +01:00
Paul Lawrence
3ae29e7740 Revert "Add fileencrypted=software/ice to fstab options"
This reverts commit 01f1bc7254.

Bug: 28905864
Change-Id: I489f5d073530438829038630af7af6b2a5cbdbbe
2016-05-23 15:05:51 -07:00
Paul Crowley
8fd77a05cc Two phases to set the password for disk encryption
am: a363036b44

* commit 'a363036b44f7f140aa9a943578f56abff5880a60':
  Two phases to set the password for disk encryption

Change-Id: Ia28823079d8c0bda220238339f28095b234a0ae5
2016-05-18 22:59:57 +00:00
Paul Crowley
a363036b44 Two phases to set the password for disk encryption
Revert "Revert "Two phases to set the password for disk encryption""

This reverts commit d402389290.

In addition, fix the bug in the original commit.

Bug: 28154455
Bug: 28694324
Change-Id: I885f1d73e739416347c135d79979941c2bbdbe62
2016-05-17 15:23:06 -07:00
Paul Lawrence
01f1bc7254 Add fileencrypted=software/ice to fstab options
Bug: 28616054
Change-Id: If3fddd62f069c7e3e8369a1db68e69c390059d63
2016-05-11 08:56:31 -07:00
Paul Crowley
d402389290 Revert "Two phases to set the password for disk encryption"
This reverts commit 92c5eeb467.

Bug: 28694324
Change-Id: Ibbbaff287f4dd28f4a13e122a3617987a8875a44
2016-05-10 20:36:43 +00:00
Paul Crowley
92c5eeb467 Two phases to set the password for disk encryption
In one phase, we make the new password work, and in the second we make
it the only one which works ("fixation"). This means that we can set
the password in Gatekeeper between these two phases, and a crash
doesn't break things. Unlocking a user automatically fixates the
presented credential.

Bug: 28154455
Change-Id: I54623c8652f0c9f72dd60388a7dc0ab2d48e81c7
2016-05-06 11:09:39 -07:00
Jeff Sharkey
be70c9ae22 Consistent creation/destruction of user data.
Preparing and destroying users currently needs to be split across
installd, system_server, and vold, since no single party has all the
required SELinux permissions.

Bug: 27896918, 25861755
Change-Id: Ieec14ccacfc7a3a5ab00df47ace7318feb900c38
2016-04-15 13:47:52 -06:00
Paul Crowley
df528a7011 Run clang-format over ext4crypt related code
The formatting here is inconsistent with Android house style; use
clang-format to bring it back into line.

Change-Id: Id1fe6ff54e9b668ca88c3fc021ae0a5bdd1327eb
2016-03-09 09:34:13 -08:00
Paul Crowley
76107cb3f4 Prefer bool returns to int throughout
Change-Id: Ib3592b598ee07bc71a6f9507570bf4623c1cdd6a
2016-02-09 10:11:42 +00:00
Paul Crowley
38132a1f66 Refactor now that global DE has been reworked
Change-Id: I4d6156332cfc847e25e7c8863fd6a50fa325fb87
2016-02-09 10:11:42 +00:00
Paul Crowley
0572080814 Password security for FBE disk encryption keys
Added a new call change_user_key which changes the way that disk
encryption keys are protected; a key can now be protected with a
combination of an auth token and a secret which is a hashed password.
Both of these are passed to unlock_user_key.

This change introduces a security bug, b/26948053, which must be fixed
before we ship.

Bug: 22950892
Change-Id: Iac1e45bb6f86f2af5c472c70a0fe3228b02115bf
2016-02-08 20:03:57 +00:00
Jeff Sharkey
47695b29af Allow callers to prepare CE/DE user storage.
Give callers the option of preparing CE and/or DE storage.  The
framework will only prepare CE storage after the CE keys have been
unlocked for that user.

When init is calling enablecrypto, kick off the work in a thread so
that we can make other calls back into vold without causing
deadlock.  Leaves blocking call intact for framework callers.

Clean up 'vdc' tool to send useful transaction numbers, and
actually watch for the matching result to come back.  This fixes
race conditions when there are multiple 'vdc' callers.

Also add other system and misc directories to match spec.

Bug: 25796509
Change-Id: Ie4f853db6e387916b845d2b5fb92925d743b063d
2016-02-05 13:03:52 -07:00
Paul Lawrence
5a06a6481b Fix minor issues with previous change
New style logging
Remove set/get field from e4crypt
Save keys to temp file then rename

See https://googleplex-android-review.git.corp.google.com/#/c/858922/

Change-Id: I454c3f78489b491ffc1230a70dce64935e4e0f8a
2016-02-03 13:39:13 -08:00
Paul Lawrence
7b6b565fa0 Remove support for non-default root passwords in FBE
Change-Id: Ie179cb09f9f24382afd0fe0f3aa2a1ad943a7f5d
2016-02-02 12:47:52 -08:00
Paul Crowley
8fb12fd835 Add init_user0 command.
Change-Id: Icf746ec1968a073fde707ecc788b648f5803fd38
2016-02-01 15:19:07 +00:00
Paul Crowley
285956fe11 Rework FBE crypto to match the N way of doing things
Major rework and refactor of FBE code to load the keys at the right
time and in a natural way. The old code was aimed at our goals for M,
with patches on top, and didn't quite work.

Bug: 22358539

Change-Id: I9bf7a0a86ee3f2abf0edbd5966f93efac2474c2c
2016-01-20 13:12:38 +00:00
Lenka Trochtova
9ad4369ce8 Fix a bug in passing parameters to prepare_user_storage.
Add the serial parameter to prepare_user_storage to avoid
confusion when parsing parameters and passing them around.

Change-Id: Id5516c248401ad50585aa8f6e8b1545a6cded549
2015-12-11 13:27:32 +01:00
Paul Crowley
27cbce9214 Rename functions with a system/extras name collision.
Following around the call graph in code search is hard enough as it is!

Change-Id: I09d3513664423aafe0d99f9158acfbbb6c79b590
2015-12-10 15:30:45 +00:00
Paul Lawrence
ff9097f560 Fix create_user_key to take 3 params
Change-Id: Ied03e2ee404a1b4f386740213e6ab01f18ec09b9
2015-12-09 15:45:41 -08:00
Lenka Trochtova
395039f007 Introduce support for ephemeral users.
BUG: 24883058

Change-Id: I77d4757f87214166e7c41c7eb0d06b1cd5f06b20
2015-12-08 11:10:59 +01:00
Jeff Sharkey
d2c96e7883 New granular encryption commands for framework.
We now have separate methods for key creation/destruction and
unlocking/locking.  Key unlocking can pass through an opaque token,
but it's left empty for now.

Extend user storage setup to also create system_ce and user_de
paths.  Bring over some path generation logic from installd.

Use strong type checking on user arguments.

Bug: 22358539
Change-Id: I00ba15c7b10dd682640b3f082feade4fb7cbbb5d
2015-11-10 15:57:14 -08:00
Paul Crowley
eebf44563b Add "cryptfs deleteuserkey" command to vold.
Bug: 19706593

Change-Id: I8c97f23316d1a122e24e7627a0422fa180504ba1
2015-06-03 15:00:25 +01:00
Paul Crowley
75a5202d9f Add vold commands for setting up per-user encrypted user
directories

Bug: 19704432
Change-Id: I15980eed8e4960ca270cf0f8db4e480a8c2ca832
2015-05-13 10:17:14 +01:00
Paul Lawrence
00f4aade5c Delete password as per block encryption
Bug: 18151196
Change-Id: Iee0f932c61ff4a309dc2861725b24bf976adb4c7
2015-05-06 13:56:16 -07:00
Paul Lawrence
4e7274551c Enable properties in ext4enc
Enables OwnerInfo and pattern suppression

Bug: 18151196

Change-Id: I46144e16cb00319deeb5492ab82c67f5dd43d6d3
2015-05-01 08:03:39 -07:00
Paul Lawrence
707fd6c7cc Securely encrypt the master key
Move all key management into vold
Reuse vold's existing key management through the crypto footer
to manage the device wide keys.

Use ro.crypto.type flag to determine crypto type, which prevents
any issues when running in block encrypted mode, as well as speeding
up boot in block or no encryption.

This is one of four changes to enable this functionality:
  https://android-review.googlesource.com/#/c/148586/
  https://android-review.googlesource.com/#/c/148604/
  https://android-review.googlesource.com/#/c/148606/
  https://android-review.googlesource.com/#/c/148607/

Bug: 18151196

Change-Id: I3c68691717a61b5e1df76423ca0c02baff0dab98
2015-04-28 22:41:58 +00:00
Paul Lawrence
beadcb6ec0 Revert "Securely encrypt the master key"
This reverts commit 7053e9cd5e.

Change-Id: I77ed4dbdff8643c80629d2126cb29f85c24c7b43
2015-04-28 19:16:46 +00:00
Paul Lawrence
7053e9cd5e Securely encrypt the master key
Move all key management into vold
Reuse vold's existing key management through the crypto footer
to manage the device wide keys

This is one of four changes to enable this functionality:
  https://android-review.googlesource.com/#/c/144586/
  https://android-review.googlesource.com/#/c/144663/
  https://android-review.googlesource.com/#/c/144672/
  https://android-review.googlesource.com/#/c/144673/

Bug: 18151196
Change-Id: I9a162b90afe5f46a4ff15b3878e2ab503795425e
2015-04-27 20:08:38 +00:00