Commit graph

310 commits

Author SHA1 Message Date
Sudheer Shanka
51a38dada7 Update shared sandbox directory structure.
Sandboxes for apps with sharedUserIds will live
at Android/shared:sharedUserId/ instead of
Android/shared/sharedUserId/.

Bug: 117573457
Test: manual
Change-Id: I7ab920814b501b9cdd4c58fefe81c53162b318f3
2018-10-20 21:00:13 -07:00
Sudheer Shanka
b792c3a210 Merge "Delete package sandbox data when it is uninstalled." 2018-10-10 21:00:04 +00:00
Sudheer Shanka
fa6a174a05 Delete package sandbox data when it is uninstalled.
Bug: 111890351
Test: manual
Change-Id: I989d507f3352959e824b161a94c0eaad6eed9bba
2018-10-09 11:12:52 -07:00
Sudheer Shanka
9acc6d4398 Check isolated_storage is enabled before cleaning up sandboxes.
Also, clear packages state stored for the user being stopped.

Bug: 117329171
Bug: 111890351
Test: manual
Change-Id: Ida48fcec851830dbb756e329c20c322c631ad264
2018-10-06 19:03:02 -07:00
Mark Salyzyn
c4405e9c17 Protect /mnt/scratch from stale umount on userdebug
On userdebug protect /mnt/scratch. On user builds ensure that
/mnt/scratch is considered a stale mount so it can not be used.
vold runs before ro.debuggable is set, so this must be a compile
time decision.

Minor technical debt cleanup associated with using android::base.

Test: compile
Bug: 109821005
Change-Id: I8efdbedfe850dd24daecf03a37aea61de47edc7d
Merged-In: I8efdbedfe850dd24daecf03a37aea61de47edc7d
2018-10-02 18:00:49 +00:00
Mark Salyzyn
86e81e7183 Protect /mnt/scratch from stale umount on userdebug
On userdebug protect /mnt/scratch. On user builds ensure that
/mnt/scratch is considered a stale mount so it can not be used.
vold runs before ro.debuggable is set, so this must be a compile
time decision.

Minor technical debt cleanup associated with using android::base.

Test: compile
Bug: 109821005
Change-Id: I8efdbedfe850dd24daecf03a37aea61de47edc7d
2018-10-01 10:49:23 -07:00
Sudheer Shanka
1fa13825fc Merge "Remove unmount_tree in VolumeManager." am: 9931db7e59 am: 96707825f2
am: 65eac7fc1a

Change-Id: I40174a2504b376ebce6962f23ce1e06b7d2c1666
2018-09-28 20:13:09 -07:00
Sudheer Shanka
99d304ac60 Remove unmount_tree in VolumeManager.
This is not needed anymore since everything else is updated
to use android::vold::UnmountTree.

Bug: 111890351
Test: manual
Change-Id: Idb574469763fa3438fbfc40d6da786d87ac63c38
2018-09-28 13:38:39 -07:00
Sudheer Shanka
40ab6742a7 Bind mount pkg specific dirs in the zygote child namespaces.
- Also update vold to create sandboxes for secondary storage devices.
- Since bind mounts are created in the process specific namespaces, we
  don't need /mnt/storage anymore which we were using it to prevent
  some bind mounts from propagating onto /mnt/runtime/write.
- Create bind mounts for {media,obb} dirs similar to data dir in
  per process namespace.
- Also fix a bug where we are not passing correct packages to vold when
  a new user starts.

Bug: 111890351
Test: manual
Change-Id: I7849efc4fbf3c654606fa30de7ab2de0236d766f
2018-09-27 15:50:26 -07:00
Sudheer Shanka
144e7cc25a Merge "Add unmountTree to utils." am: a64572431e am: f5b24f1015
am: e9c88c4c6c

Change-Id: Iae8f7c972272807f87b2ce9c4ba536cf6458d3cb
2018-09-27 13:35:28 -07:00
Sudheer Shanka
89ddf99119 Add unmountTree to utils.
Bug: 111890351
Test: builds without any errors
Change-Id: I62a94c9e8d101756b686b402774f08a1d71cf875
2018-09-27 10:29:02 -07:00
Jeff Sharkey
dac54dce51 Merge "Update vold to log only debug or higher level messages." am: 9bd07d8760 am: 92c182e4c7
am: 3c5f603158

Change-Id: I2209a3208a26ae649b4d5dc1aa18d30b6a61afcb
2018-09-24 10:34:26 -07:00
Sudheer Shanka
4b6ca4ea65 Update vold to log only debug or higher level messages.
This will allow adding lots of verbose logs which can be enabled
only during local testing/debugging. Update the existing verbose
level logs to debug level since we want those to be logged by
default.

Test: manual
Change-Id: Ib05e2b6efa71308458d49affb6ed81d3975b28ab
2018-09-21 11:16:51 -07:00
Paul Crowley
8915d62847 clang-format the rest of the files
Apply clang-format to fix the remaining files not fixed by
change I23cde3f0bbcac13bef555d13514e922c79d5ad48

Test: Format-only changes; treehugger suffices.
Change-Id: I1bfd5c8d68d298596875d5edae26cdfe27c03489
Merged-In: I1bfd5c8d68d298596875d5edae26cdfe27c03489
2018-09-20 06:27:22 -07:00
Paul Crowley
edf7a4eb95 clang-format the rest of the files
Apply clang-format to fix the remaining files not fixed by
change I23cde3f0bbcac13bef555d13514e922c79d5ad48

Test: Format-only changes; treehugger suffices.
Change-Id: I1bfd5c8d68d298596875d5edae26cdfe27c03489
2018-09-19 19:45:27 -07:00
Sudheer Shanka
c756209b89 Create sandboxes for newly installed apps.
Bug: 111890351
Test: manual
Change-Id: I1b7f5bd25e04f9f4a61d0d4f64bbbb0ca6157fa5
2018-08-24 12:35:56 -07:00
Sudheer Shanka
3a7ee5c2ae Use /mnt/storage for bind mounting package sandboxes.
Create a new slave bind mount at /mnt/storage and use this for
creating package sandboxes. This will help prevent package
specific data directories from getting duplicated and also make
handling bind mounts for packages with sharedUserIds easier.

Bug: 111890351
Test: manual
Change-Id: I0f590cc99a379d93f6db85bf56e8d274e3ea7488
2018-08-23 21:40:07 -07:00
Sudheer Shanka
5cc0d564c8 Merge "Update sandbox structure for apps with sharedUserIds." 2018-08-07 19:09:06 +00:00
Sudheer Shanka
f768c271a3 Update sandbox structure for apps with sharedUserIds.
For apps with sharedUserIds, sandbox/shared:<shared-user-id> is
currently used as sandbox root. Given that <shared-user-id> can
be upto 255 characters, adding "shared:" might tip over the
filename limit on ext4 filesystems. So, instead use
sandbox/shared/<shared-user-id> as the sandbox root.

Bug: 111890351
Test: manual
Change-Id: Iba437b3eed59f9eb3094a823e8bf2a5a58410fd7
2018-08-07 10:47:38 -07:00
Sudheer Shanka
a695f25518 Keep /sdcard working for shell process when isolated storage is enabled.
This is same as what we are doing as of P, symlinking
"/mnt/user/<user-id>/primary" to primary volume path.

Bug: 111890351
Test: manual
Change-Id: I3bc538401bf56fd6243ce7eca424cc4c9b585974
2018-08-03 18:17:03 -07:00
Sudheer Shanka
53947a3662 Update vold to prepare package sandboxes for primary volume.
Vold is updated to create package specific sandboxes for primary
volume and mount them at
"/mnt/user/<user-id>/package/<package-name>/<primary-label>".
This will later be mounted at /storage when a new process starts.

Bug: 111890351
Test: Manually verified that a package has access to "/sdcard" and
      "/storage/emulated/0", both of which are just the package specific
      sandboxes and the package doesn't have access to other sandboxes
      and can't see other package names.

Change-Id: I72dc8ae9eb2260a298159c5de18387dad2f9de48
2018-08-01 10:24:13 -07:00
Sudheer Shanka
62bbb2b1d2 Update vold to handle package info from StorageManagerService.
Bug: 111890351
Test: n/a
Change-Id: I098ad4bc15fae843909d97dad5d301a4e53d51bc
2018-08-01 01:23:15 -07:00
Sudheer Shanka
ebaad1c848 Update IVold interface to take packageNames when a user starts.
Bug: 111890351
Test: n/a
Change-Id: Ia24f15112f9a4ee4994688ff8fedf786cbf479b7
Exempt-From-Owner-Approval: This was approved as part of http://ag/4494673
2018-08-01 07:16:28 +00:00
Sudheer Shanka
d484aa9dad Add APIs for pushing package info to vold.
Bug: 111890351
Test: n/a
Change-Id: I3194a88a9ce612a2e4f2c7ea9e3392e0f8020fc1
2018-07-31 10:07:34 -07:00
Bowgo Tsai
3d4fb41f3d Merge "Do not unmount /mnt/product/* when vold starts"
am: 4a625453bf

Change-Id: Idd91865540106b5030f74b26037b61c00719ef28
2018-07-02 19:03:58 -07:00
Bowgo Tsai
c0cd37be9d Do not unmount /mnt/product/* when vold starts
Bug: 110808288
Test: Boot a device and checks /mnt/product/foo mounted in early mount
      isn't unmounted.

Change-Id: Ide411cd78565505bc72ed57e79f3d31b6392b27c
2018-06-29 13:35:43 +08:00
Tri Vo
e98adee732 Exclude /mnt/vendor from vold's ownership.
Addresses this selinux denial:
avc: denied { search } for name="vendor" dev="tmpfs" ino=11069
scontext=u:r:vold:s0 tcontext=u:object_r:mnt_vendor_file:s0 tclass=dir
permissive=0

Bug: 64905218
Test: fixes above denial.
Change-Id: I670b2148e65c7e0fcabd1e11f5bace0c4f4e18bd
Merged-In: I670b2148e65c7e0fcabd1e11f5bace0c4f4e18bd
(cherry picked from commit bca5cd78fe)
2018-06-29 12:22:01 +08:00
Tri Vo
bca5cd78fe Exclude /mnt/vendor from vold's ownership.
Addresses this selinux denial:
avc: denied { search } for name="vendor" dev="tmpfs" ino=11069
scontext=u:r:vold:s0 tcontext=u:object_r:mnt_vendor_file:s0 tclass=dir
permissive=0

Bug: 64905218
Test: fixes above denial.
Change-Id: I670b2148e65c7e0fcabd1e11f5bace0c4f4e18bd
2018-04-16 14:33:53 -07:00
Elliott Hughes
32a5b9aed3 StartsWith now allows std::string prefixes.
Bug: N/A
Test: builds
Change-Id: I2e24632e95f2bf929c2c000152c5c4076d53186e
2017-12-20 12:38:47 -08:00
Jeff Sharkey
401b260351 Delay touching disks when secure keyguard showing.
We've tried our best to protect against malicious storage devices
with limited SELinux domains, but let's be even more paranoid and
refuse to look at disks inserted while a secure keyguard is
showing.  We'll gladly scan them right away once the user confirms
their credentials.

Test: builds, boots, manual testing
Bug: 68054513
Change-Id: I37fd6c25bbd6631fa4ba3f84e19384d746a22498
2017-12-15 13:44:55 -07:00
Paul Crowley
b64933a502 Be even more C++. Switch on a warning.
Remove lots of "extern C" and "ifdef __cplusplus" which are no longer
needed now all of vold is C++. Also turn on the cert-err58-cpp warning
we once had to disable.

Bug: 67041047
Test: compiles, boots
Change-Id: I8c6f9dd486f2409e0deed7bb648d959677465b21
2017-10-31 08:40:23 -07:00
Paul Crowley
c6433a299d Forget keys when we forget the volume.
Bug: 25861755
Test: create a volume, forget it, check logs and filesystem.
Change-Id: I0ab662969c51703cb046d57b72330e0f14447ef3
2017-10-26 12:19:03 -07:00
Jeff Sharkey
3ce18256a1 Pass both partition GUID and filesystem UUID.
FDE keys are indexed using the partition GUID, while FBE keys will be
indexed using the filesystem UUID, so pass both of those identifiers
along when forgetting a volume.

Test: cts-tradefed run commandAndExit cts-dev -m CtsAppSecurityHostTestCases -t android.appsecurity.cts.AdoptableHostTest
Bug: 25861755
Change-Id: I6e239d5ba67a01c9a848d705f6167da00f975924
2017-10-24 12:19:47 -06:00
Jeff Vander Stoep
c923127e23 Merge "Check that dir name is a pid before attempting to read"
am: 6419445383

Change-Id: I8b7639934bcee660bcd84f83afae5cc2c17bae15
2017-10-24 17:19:58 +00:00
TreeHugger Robot
9fd7559813 Merge "Check that dir name is a pid before attempting to read" 2017-10-24 16:04:22 +00:00
Jeff Vander Stoep
a997db73d6 Check that dir name is a pid before attempting to read
Prevents selinux denials for folders in /proc that do not have the
default /proc label.

Bug: 68146208
Test: no selinux denials for vold attempting to read proc_asound dir.
Merged-In: I7cdd3bbe8e687e078372012773e9a34a5c76e0f8
Change-Id: I7cdd3bbe8e687e078372012773e9a34a5c76e0f8
2017-10-24 14:04:27 +00:00
Jeff Vander Stoep
5889083d71 Check that dir name is a pid before attempting to read
Prevents selinux denials for folders in /proc that do not have the
default /proc label.

Bug: 68146208
Test: no selinux denials for vold attempting to read proc_asound dir.
Change-Id: I7cdd3bbe8e687e078372012773e9a34a5c76e0f8
2017-10-24 07:03:01 -07:00
Paul Crowley
56292ef119 Undo Utils dependency on VolumeManager
I want to use Utils in another executable, so breaking this link.

Bug: 25861755
Test: compiles (and boots, though that doesn't exercise changed code)
Change-Id: I6bb447453bb370fefb7f2f3aceb459428bdee6a7
2017-10-20 10:05:36 -07:00
Jeff Sharkey
3472e52fc2 Move to modern utility methods from android::base.
Moves away from crufty char* operations to std::string utility
methods, including android::base methods for splitting/parsing.

Rewrite of how Process handles scanning procfs for filesystem
references; now uses fts(3) for more sane traversal.

Replace sscanf() with new FindValue() method, also has unit tests.

Remove some unused methods.  Switch almost everyone over to using
modern logging library.

Test: cts-tradefed run commandAndExit cts-dev -m CtsOsTestCases -t android.os.storage.cts.StorageManagerTest
Test: cts-tradefed run commandAndExit cts-dev --abi armeabi-v7a -m CtsAppSecurityHostTestCases -t android.appsecurity.cts.AdoptableHostTest
Bug: 67041047
Change-Id: I70dc512f21459d1e25b187f24289002b2c7bc7af
2017-10-17 12:40:51 -06:00
Jeff Sharkey
b21add1d79 Merge "Make Loop::destroyAll() smarter." 2017-09-22 01:10:49 +00:00
Jeff Sharkey
67b8c49530 Make Loop::destroyAll() smarter.
Instead of blindly looping across 4096 possible devices, use
readdir() to only look at valid devices.  This speeds up destroyAll()
from 40ms to 0.7ms.

Add tracing information in several places.

Test: external/chromium-trace/systrace.py -b 128768 sched freq am pm ss core_services binder_driver -a system_server,installd,vold
Bug: 65634729, 65737446
Change-Id: If581de47fb55850c0fcd6e25bf33ed246e1b079d
2017-09-21 17:11:07 -06:00
Jeff Sharkey
95440ebd97 Enable "cert-err34-c" tidy checks.
Now that we've moved to Binder, we only have a few lingering atoi()
usages that are cleaned up in this CL.

Rewrite match_multi_entry() entirely, with tests to verify both old
and new implementations.

Test: adb shell /data/nativetest/vold_tests/vold_tests
Bug: 36655947
Change-Id: Ib79dc1ddc2366db4d5b4e1a1e2ed9456a06a983e
2017-09-20 13:29:48 -06:00
Jeff Sharkey
cbe69fc060 Destroy vold socket interface completely.
Long live Binder.

Test: yes
Bug: 13758960
Change-Id: If6be379b5a873f1b0c66dd1522b87413ad10fc46
2017-09-18 16:00:14 -06:00
Jeff Sharkey
52f7a91934 Move long-running calls to async with listeners.
Now that we're using Binder, we can have callers provide explicit
listeners for every request instead of trying to squeeze them all
into unsolicited socket events.

Move benchmarking to be async to avoid blocking other commands for
up to several minutes.  Remove post-trim benchmarking flag, since
benchmarking now requires a separate callback.  Will bring back in
a future CL.

Test: cts-tradefed run commandAndExit cts-dev -m CtsAppSecurityHostTestCases -t android.appsecurity.cts.AdoptableHostTest
Test: adb shell sm fstrim
Bug: 62201209, 13758960
Change-Id: I0f2ebf1ac3b4252ecd6b44303f2887adfdb58e86
2017-09-15 14:18:00 -06:00
Jeff Sharkey
11c2d380a7 Move even more vold commands over to Binder.
This moves fstrim, obb and appfuse commands over to the new Binder
interface.  This change also separates creating/destroying and
mounting/unmounting of OBB volumes, which means they finally flow
nicely into the modern VolumeInfo/VolumeBase design.

We now generate unique identifiers for all OBB volumes, instead of
using a shady MD5 hash.

Change all "loop" and "dm" devices to tag the kernel resources with
a vold-specific prefix so that we can clean them up if vold crashes;
there are new destroyAll() methods that handle this cleanup.

Move appfuse mounting/unmounting into VolumeManager so it can be
shared.  Move various model objects into a separate directory to
tidy things up.

Test: cts-tradefed run commandAndExit cts-dev -m CtsOsTestCases -t android.os.storage.cts.StorageManagerTest
Bug: 13758960
Change-Id: I7294e32b3fb6efe07cb3b77bd20166e70b66958f
2017-09-11 18:44:17 -06:00
Jeff Sharkey
9462bdd512 Move "volume" commands over to Binder.
Keep the old socket-based commands intact for awhile so we can
rapidly disable this change using the ENABLE_BINDER feature flag.

Define constants in AIDL to keep Java and C++ in sync.

Test: cts-tradefed run commandAndExit cts-dev -m CtsAppSecurityHostTestCases -t android.appsecurity.cts.ExternalStorageHostTest
Test: cts-tradefed run commandAndExit cts-dev --abi armeabi-v7a -m CtsAppSecurityHostTestCases -t android.appsecurity.cts.AdoptableHostTest
Bug: 13758960
Change-Id: I0d6f82cbebe67f671b60949fd727409aeb1fdc0d
2017-09-07 15:27:30 -06:00
Keun-young Park
23b87ecf41 Merge "mInternalEmulated could be used after shutdown() called" am: 9b4a443bd6 am: 92052aa582
am: 1b6d8237f2

Change-Id: I71b1ec275e2850c1a8273ac5eebc7373a0729552
2017-08-17 22:21:40 +00:00
Keun-young Park
92052aa582 Merge "mInternalEmulated could be used after shutdown() called"
am: 9b4a443bd6

Change-Id: Ia1007988297c39f391b35ad51645556ceeaf0cc6
2017-08-17 22:13:40 +00:00
Gao Xiang
d263da8807 mInternalEmulated could be used after shutdown() called
It fixes the findvolume() / reset() use-after-free issue after
shutdown called to avoid vold crash.

Fixes: a5bbb5e3c1 ("make shutdown safe for double calls.")
Change-Id: I50f216141b20da08549080291091dc5690c00ffe
Signed-off-by: Gao Xiang <gaoxiang25@huawei.com>
2017-08-14 14:26:56 +08:00
Keun-young Park
375ac25773 do not sleep if it is shutting down
- Various sleep(5) for vold shutdown can increase shutdown time a lot.
- If it is shutting down, do not sleep at all. init will take care of
  active partitions if not unmounted.

bug: 64143519
Test: reboot and check logs from vold, check if "ShutdownThread: Shutdown wait timed out" happens.
Change-Id: I7cb91427ad2205fe23a054d255caf7ffdfd9f6c3
2017-08-02 17:45:48 -07:00
Elliott Hughes
e4775fdbca Merge "vold should #include <sys/sysmacros.h>" am: 398c0e8274 am: 208b464f72 am: fb3e85cf99
am: 048422d46e

Change-Id: I33406265fcf0c77a6289cb429aa6a2cc5e8f7146
2017-05-19 19:01:20 +00:00
Elliott Hughes
048422d46e Merge "vold should #include <sys/sysmacros.h>" am: 398c0e8274 am: 208b464f72
am: fb3e85cf99

Change-Id: I32ed2a66bb60ba1042737b4bbb0a2195a3fe8e6f
2017-05-19 18:38:38 +00:00
Elliott Hughes
0e08e84df0 vold should #include <sys/sysmacros.h>
Bug: https://github.com/android-ndk/ndk/issues/398
Test: builds
Change-Id: I7a1ca1701099886fb493cc5288d6ee867d5f520a
2017-05-18 09:08:24 -07:00
Jeff Sharkey
32ebb739cb Enable clang-tidy for security sensitive domain.
Start with clang-analyzer-security* and cert-*, but disable two
specific errors:

-- cert-err34-c, which checks for atoi(); heavily triggered by
CommandListener, but will disappear when we move to Binder.
-- cert-err58-cpp, which checks for exceptions before main(); it's
a "Low" severity issue, and filed 36656327 to track cleanup.

Fix all other triggered errors along the way.

Test: builds, boots
Bug: 36655947
Change-Id: I1391693fb521ed39700e25ab6b16bc741293bb79
2017-03-27 17:14:52 -06:00
Jeff Sharkey
fd3dc3c076 Spread around some O_CLOEXEC love.
Also remove some unnecessary SELinux logic when creating image files
for loop devices.

Test: builds, boots, common operations work
Bug: 34903607
Change-Id: I68dfa022ecc39f56c175e786694e0de35b954ca0
2017-03-27 11:13:36 -06:00
Jeff Sharkey
fa1c677c1a Add a new "virtual disk" feature.
It's extremely difficult to test storage related logic on devices
that don't have physical SD card slots.  So to support better
debugging and testing, add a new "virtual disk" feature which mounts
a 512MB file through loop device.

It relies on the kernel having the "loop.max_part" value set to
something other than 0 via the boot command line, since that allows
all the existing partition logic to fall into place.

Bug: 34903607
Test: builds, boots, virtual disk works
Change-Id: I04c5b33e37319d867542985a56b7999a9b7cf35d
2017-03-25 23:25:14 -06:00
Keun-young Park
3918ae6c76 Merge "make shutdown safe for double calls." am: 71fa1068de am: 2f93c657f4
am: 2a8605b9d1

Change-Id: Id1cd83d307e7791359bc6dfd96368f1138ff21d2
2017-03-15 02:56:40 +00:00
Keun-young Park
a5bbb5e3c1 make shutdown safe for double calls.
- In new shutdown sequence, volume shutdown is requested in two places:
  system_server and init.
- Make VolumeManager.shutdown safe for double calls.
  It crashed before this change.

bug: 36004738
Test: reboot and check last_kmsg for crash / vdc timeout
Change-Id: I296913959b2647b65d66553073f2032545beba57
2017-03-14 17:27:02 -07:00
Wei Wang
b7336860a6 Merge "Remove coldboot from vold" am: cc29c526d4 am: 9a2e29fe32 am: 78bf4cbb12
am: 787930f5b6

Change-Id: Id9b356819d22c23d79a576851580a1016f799ecb
2017-01-25 19:52:55 +00:00
Wei Wang
6b455c29be Remove coldboot from vold
coldboot is now taken care by ueventd, so removing the duplicate
logic to save boottime.
This CL also fixes a missing lock.


Bug: 33786699
Test: manual
Change-Id: I71270252f3153abc815d142b5da7a9cb85b94dac
2017-01-25 18:15:38 +00:00
Chih-hung Hsieh
0955770f88 Merge \\\\"Fix clang-tidy performance warnings in system/vold.\\\\" am: e24d4eef9b am: aa668f3d13 am: ed1c4cf456
am: 73a3576ef9

Change-Id: I7aa15c236ba857833b392e2eb5646f468761749a
2016-07-28 00:50:26 +00:00
Chih-Hung Hsieh
aa668f3d13 Merge \"Fix clang-tidy performance warnings in system/vold.\"
am: e24d4eef9b

Change-Id: I8e882391fb343a5dd8b5cd32b2e7c087219334dc
2016-07-27 23:17:57 +00:00
Chih-Hung Hsieh
11a2ce8da3 Fix clang-tidy performance warnings in system/vold.
* Use const reference type for for-loop index variables
  to avoid unnecessary copy.

Bug: 30413223
Change-Id: Id4d980ae8afec1374fc3be0b23f1c6a39bff86e0
Test: build with WITH_TIDY=1
2016-07-27 14:11:02 -07:00
Chih-Hung Hsieh
629a360ace Merge "Fix misc-macro-parentheses warnings." am: 0c0f9228cf am: 4ff367a593 am: 5dc0aa6e41
am: 6e8ebe8f76

* commit '6e8ebe8f763bfcea9b7420e9efa62e61e2260f58':
  Fix misc-macro-parentheses warnings.

Change-Id: I518c580eda89fbc9f987e8ac36001b57c29f7f01
2016-05-12 00:55:30 +00:00
Chih-Hung Hsieh
5dc0aa6e41 Merge "Fix misc-macro-parentheses warnings." am: 0c0f9228cf
am: 4ff367a593

* commit '4ff367a5934a906ba2008e530efca220deb96af7':
  Fix misc-macro-parentheses warnings.

Change-Id: I67d525e6f78b1d4e5854d40c30ad0bb96a3490dc
2016-05-11 23:03:58 +00:00
Chih-Hung Hsieh
cc5d580858 Fix misc-macro-parentheses warnings.
Add parentheses around macro arguments used beside binary operators.

Bug: 28705665
Change-Id: I0731cb8b22b3a9bdadac6414473d90e8398a8e89
2016-05-11 15:05:05 -07:00
Daniel Rosenberg
e4c291a1ee Fix resizeAsec to determine correct size
This fixes an eror where resizeAsec would attempt
to read from the superblock struct before initializing
it.

Bug: 28292918
Change-Id: Ic6804e97e7c83bcedfb682a187b8d5e0e1bc51f9
2016-04-20 14:16:19 -07:00
Hidehiko Abe
e6bd7850ff Merge "Split slave-bind mount into two." 2016-03-11 04:34:31 +00:00
Hidehiko Abe
674bed18bd Split slave-bind mount into two.
mount(2) does not work with MS_BIND | MS_SLAVE at a time.
Instead, this CL calls mount twice.

Change-Id: I072fd5377e35fff5ed3fa2798eea084d86fe2977
2016-03-09 16:42:10 +09:00
Yu Ning
942d4e830b Support emulator's virtio-blk based SD card
Currently, vold only supports MMC (for SD cards) and SCSI (for USB
drives) devices. It does not recognize any device whose major number is
not one of those used by MMC and SCSI. Unfortunately, virtio-blk is one
such device. It is used by the new Android emulator (a.k.a. qemu2,
featuring the "ranchu" virtual board) for SD card emulation.

In order to make this virtio-blk based SD card device appear in Android
and appear as an SD card (rather than a USB drive), changes have to be
made to both vold (wherever the device major number is checked) and
ranchu's storage configuration. This CL implements former.

This is a stop-gap solution for emulator in nyc.
A longer term solution in-tune with upstream kernel is in the pipes.

Updated from aosp/master version.

BUG:27431753

Change-Id: I5014edec73be7c5b565d91542464c82cbe58992c
Signed-off-by: Yu Ning <yu.ning@intel.com>
(cherry picked from commit 5b1d1c7dfa13b4dca75213581dc8351b841b76c8)
2016-03-08 12:19:41 -08:00
Daichi Hirono
10d34887b3 Mount appfuse in process namespace.
BUG=26148108

Change-Id: I2297fd227a4c607054e0403e73bd9c857f580a1c
2016-02-02 18:56:19 +09:00
Elliott Hughes
6bf0547ccc resolve merge conflicts of b7d5a47cec to master.
Change-Id: I0c5211a00d92d0ee796bb9c77d2e13675a2a3e8d
2015-12-04 17:55:33 -08:00
Jeff Sharkey
90cca664e1 Merge "Make sure path is not NULL to avoid fatal exception." am: e0e5bfeb3c am: de629f105e
am: 9e807ea6db

* commit '9e807ea6db2c3ea7203844cefb31b1afa06619c3':
  Make sure path is not NULL to avoid fatal exception.
2015-12-05 00:54:27 +00:00
Jeff Sharkey
20826a1574 Merge "vold: fix 64 bit ioctl error" am: 3e6c59dc16 am: bf6acf44a9
am: a619c191cc

* commit 'a619c191cc06c08fb19e1bdd486a41da65f6c0af':
  vold: fix 64 bit ioctl error
2015-12-05 00:54:22 +00:00
Elliott Hughes
7e128fbe21 Track rename from base/ to android-base/.
Change-Id: I3096cfa50afa395d8e9a8043ab69c1e390f86ccb
2015-12-04 15:50:53 -08:00
Jeff Sharkey
e0e5bfeb3c Merge "Make sure path is not NULL to avoid fatal exception." 2015-12-03 17:39:39 +00:00
Mateusz Nowak
a4f48d0f44 vold: fix 64 bit ioctl error
Changing the num_sectors used in ioctl with BLKGETSIZE because
the kernel expects an unsigned long type and then changes 64 bits
with a 64 bits userspace. This overwrites what's located close to
the parameter location if any.

Change-Id: I78fd61a1084de2741f39b926aa436462518709a0
Signed-off-by: Mateusz Nowak <mateusz.nowak@intel.com>
Signed-off-by: Zhiquan Liu <zhiquan.liu@intel.com>
2015-10-21 11:16:19 +08:00
Mateusz Nowak
6440379f1b Make sure path is not NULL to avoid fatal exception.
Change-Id: I75fd5d90cf0f75c28e75582fcae934afa4bf29c4
Signed-off-by: Mateusz Nowak <mateusz.nowak@intel.com>
Signed-off-by: Zhiquan Liu <zhiquan.liu@intel.com>
2015-10-21 11:15:39 +08:00
Jeff Sharkey
228f9509e1 am 47f0531e: am 4fc30636: am 1bd078fa: Protect runtime storage mount points.
* commit '47f0531ec9adf7a29873ccdb11a1ee7b11e76c80':
  Protect runtime storage mount points.
2015-08-06 21:45:56 +00:00
Jeff Sharkey
1bd078fa7b Protect runtime storage mount points.
We have a bunch of magic that mounts the correct view of storage
access based on the runtime permissions of an app, but we forgot to
protect the real underlying data sources; oops.

This series of changes just bumps the directory heirarchy one level
to give us /mnt/runtime which we can mask off as 0700 to prevent
people from jumping to the exposed internals.

Also add CTS tests to verify that we're protecting access to
internal mount points like this.

Bug: 22964288
Change-Id: I83f09f0423f4993e766273c50389dd29b1c50589
2015-08-06 11:45:50 -07:00
Jeff Sharkey
16b3ba4bd7 am 90db4d90: am 78003caf: am 32679a82: Create user directory on emulated storage.
* commit '90db4d909a95cb2a9c9143a4b116822dd6cf4707':
  Create user directory on emulated storage.
2015-07-24 04:05:26 +00:00
Jeff Sharkey
32679a82d9 Create user directory on emulated storage.
When mounting a primary external storage device that is multi-user
aware, ensure that the user-specific directory actually exists before
moving forward.

Bug: 22472026
Change-Id: I33c8eed261a9c0d5acedd5be6133ed9990679d08
2015-07-21 14:22:03 -07:00
Jeff Sharkey
5ceafb42ca Merge commit '3ff337db' into merge
Change-Id: I3c09d1f888da684b50d79a8e539f47c8bcf85646
2015-07-03 13:31:30 -07:00
Jeff Sharkey
c86ab6f538 Trim both internal and adopted private storage.
Refactor fstrim code to be encapsulated in unique task object, and
give it option of benchmarking when finished.  Trimming now includes
both storage from fstab and adopted private volumes.  Cleaner timing
stats are logged for each unique volume.

Add wakelock during ongoing async move tasks.  Push disk sysfs path
to framework so it can parse any SD card registers as desired.

Bug: 21831325
Change-Id: I76577685f5cae4929c251ad314ffdaeb5eb1c8bf
2015-07-01 15:53:51 -07:00
Jeff Sharkey
bf19f7e389 am 1458955f: am c7b5b570: Null-terminate readlink() result, full remount.
* commit '1458955fec0a4973b68795b334530578241532a8':
  Null-terminate readlink() result, full remount.
2015-07-01 00:40:00 +00:00
Jeff Sharkey
c7b5b570bd Null-terminate readlink() result, full remount.
In order to compare results from readlink() calls, we need to null
terminate the read value, otherwise we can end up doing an infinitely
recursive remount in the root namespace.

When remounting inside a namespace, unmount all existing mounts before
mounting the new storage into place.  This also means we need to mount
the user-specific symlinks back into place.

Skip spinning up the FUSE daemon when not visible, otherwise we get
stuck waiting for a daemon that never shows up.

Bug: 22192518, 22204412
Change-Id: Icc7db822354ab7ffc47c39cd0611f65edecc32e5
2015-06-30 15:54:17 -07:00
Jeff Sharkey
c36ffa0010 am 0deb385f: am 66270a21: Let\'s reinvent storage, yet again!
* commit '0deb385f85b4569d98ed9d1df96de1761b378c17':
  Let's reinvent storage, yet again!
2015-06-26 16:37:15 +00:00
Jeff Sharkey
66270a21df Let's reinvent storage, yet again!
Now that we're treating storage as a runtime permission, we need to
grant read/write access without killing the app.  This is really
tricky, since we had been using GIDs for access control, and they're
set in stone once Zygote drops privileges.

The only thing left that can change dynamically is the filesystem
itself, so let's do that.  This means changing the FUSE daemon to
present itself as three different views:

/mnt/runtime_default/foo - view for apps with no access
/mnt/runtime_read/foo - view for apps with read access
/mnt/runtime_write/foo - view for apps with write access

There is still a single location for all the backing files, and
filesystem permissions are derived the same way for each view, but
the file modes are masked off differently for each mountpoint.

During Zygote fork, it wires up the appropriate storage access into
an isolated mount namespace based on the current app permissions.  When
the app is granted permissions dynamically at runtime, the system
asks vold to jump into the existing mount namespace and bind mount
the newly granted access model into place.

Bug: 21858077
Change-Id: Iade538e4bc7af979fe20095f74416e8a0f165a4a
2015-06-25 22:40:08 -07:00
Jeff Sharkey
83434e3714 am b5e680ac: am bc40cc8f: Add method to forget private partition keys.
* commit 'b5e680ac377619286d4b8566a3b736fcf0ee7bb0':
  Add method to forget private partition keys.
2015-06-22 21:57:15 +00:00
Jeff Sharkey
bc40cc8f07 Add method to forget private partition keys.
Report both the disk and the partition GUID for private volumes to
userspace, and offer to forget the encryption key for a given
partition GUID.

Bug: 21782268
Change-Id: Ie77a3a58e47bf3563cdb3e4b0edfab1de4d0e6b4
2015-06-22 14:04:54 -07:00
Jeff Sharkey
7744be3ac7 am b75343ae: am 210228a0: Merge "Start tracking added users with serial numbers." into mnc-dev
* commit 'b75343ae9968326a7d93b3e8981fb3734a11b81d':
  Start tracking added users with serial numbers.
2015-06-10 17:21:01 +00:00
Jeff Sharkey
bd3038df74 Start tracking added users with serial numbers.
vold will eventually use the serial numbers to clean up stale user
directories when mounting private storage devices.

Bug: 20275572
Change-Id: Ia29cb5da23e969f3087bb5caa5dc8f4e88f07613
2015-06-10 09:42:01 -07:00
Paul Crowley
4716ee8af7 chmod a-x VolumeManager.cpp
Change-Id: Id4aa31efed1753d5c15446d8281f2decea28efca
2015-06-10 16:33:12 +01:00
Jeff Sharkey
d0640f6358 Add f2fs support for private volumes.
When formatting volumes, pass along fsType string which can be "auto"
to let the volume select the best choice.  For now, private volumes
assume that MMC devices (like SD cards) are best off using f2fs when
both kernel support and tools are present, otherwise fall back to
ext4.  Use blkid when mounting to pick the right set of tools.

Move filesystem utility methods into namespaces and place in separate
directory to be more organized.

Bug: 20275581
Change-Id: Id5f82d8672dda2e9f68c35b075f28232b0b55ed4
2015-06-08 20:21:25 -07:00
Jeff Sharkey
5a6bfca163 Initial pass at storage benchmarks.
Now that we're offering to store private app data on adopted storage
devices, the performance of those devices is much more important to
overall user experience.

To help set user expectations, this change offers to execute a
real-world benchmark on a storage device, returning a metric that can
be used to compare internal and external storage.  The benchmark is
generated from the strace-instrumented storage access patterns of
typical apps.

A typical device completes the benchmark in under two seconds on
internal storage, a UHS-3 SD card is even faster (!), but a very slow
Class 4 SD card takes about 30 seconds to complete, giving us a clear
signal.

The measured benchmark numbers are logged along with information
about the storage device, such as manufacturer, model, etc.  Card
serial numbers are scrubbed from output.

Bug: 21172095
Change-Id: I9b2713dafdfdfcf5d97bf1bc21841f39409a7e54
2015-05-15 10:48:11 -07:00
Jeff Sharkey
1bfb375f77 Update primary symlinks after mounting.
Since otherwise we might have a stale path.

Bug: 19993667
Change-Id: I099e3dc0c5aa9ab6820cded4f2ae7fd6bf18ea40
2015-04-29 17:22:22 -07:00
Elliott Hughes
c98d1f5883 am 85c7c08e: am d5aa67cc: Merge "Wait for completion of device mapping in mountObb"
* commit '85c7c08e2511509a306c3a5b202ceda922f5f2b5':
  Wait for completion of device mapping in mountObb
2015-04-25 17:24:04 +00:00
yoshiyuki hama
476a627e55 Wait for completion of device mapping in mountObb
The VolumeManager::mountObb() creates a mapping between
a loopback device and a dm device. However the device-mapper
carries it out asynchronously, so there is a possibility that
Vold accesses to the dm device which is being built. Added
waiting for completion of the mapping in that function, like
mountAsec().

To verify install FrameworksCoreTests.apk and do:

  adb shell am instrument -r -w -e class android.os.storage.\
  StorageManagerIntegrationTest#testMountTwoEncryptedObb \
  com.android.frameworks.coretests/android.test.\
  InstrumentationTestRunner

Change-Id: If42f4b7494bb2f8a8b72d106ad84b3e3bf91fd9b
2015-04-25 12:13:17 +02:00
Jeff Sharkey
c8e04c5a82 Wider volume mutation lock, move force adoptable.
We eventually should move back to per-disk locks, but use a giant
lock to keep development rolling forward.  Also move force adoptable
flag to framework since, since encrypted devices don't have persisted
properties loaded early during boot.

Bug: 19993667
Change-Id: Ifa3016ef41b038f8f71fc30bc81596cfd21dcd2a
2015-04-21 12:24:57 -07:00
Jeff Sharkey
f3ee200303 Handle *ALL* the SCSI disks!
Bug: 19993667
Change-Id: I47099c262686127f82dd376570d49cf0ad119842
2015-04-19 15:55:42 -07:00
Jeff Sharkey
f1b996df6f Volumes know parent disks; unsupported disks.
This is cleaner and more direct than the reverse of having the disk
publish child volume membership.  Rename state constants to match
public API.  Add state representing bad removal.  Make it clear that
volume flags are related to mounting.

Send new unsupported disk event when we finish scanning an entire
disk and have no meaningful volumes.

Bug: 19993667
Change-Id: I08a91452ff561171a484d1da5745293ec893aec0
2015-04-17 17:43:56 -07:00
Jeff Sharkey
7d9d011865 Lock while partitioning.
Otherwise we get really excited and trip over ourselves while
partitions are still being created.

Bug: 19993667
Change-Id: I034e56b3063a71d73f9311a945c05ea2ae255f7d
2015-04-14 23:14:23 -07:00
Jeff Sharkey
3161fb3702 Emulated volumes above private volumes.
When a private volume is mounted, create an emulated volume above it
hosted at the /media path on that device.  That emulated volume is
automatically torn down when unmounting the private volume.

Add "removed" state for volume, which signals to framework that
media has left the building, send when the volume is destroyed.

Bug: 19993667
Change-Id: I1f82b51de578ac5cfcc5d7b9a6fb44f6f25c775c
2015-04-12 16:03:40 -07:00
Jeff Sharkey
ce6a913aea Exclusive exec() path, format after partition.
Sadly setexeccon() is process global, so we need to carefully ensure
that all exec() are mutually exclusive to avoid transitioning into
unwanted domains.  Also, because we have several threads floating
around, we need to guard all our FDs with O_CLOEXEC.

Format all newly created volumes immediately after partitioning,
but silence all events emitted from those volumes to prevent the
framework from getting all excited.  Unify all notify events under a
single codepath to make them easy to silence.

Sent SIGINT before escalating to SIGTERM when unmounting.

Bug: 19993667
Change-Id: Idc6c806afc7919a004a93e2240b42884f6b52d6b
2015-04-11 08:48:13 -07:00
Jeff Sharkey
9f18fe7807 Remove unused code.
Bug: 19993667
Change-Id: I1f6519655c5a366eca25e2329e1bf95d81b3bf8c
2015-04-01 23:33:26 -07:00
Jeff Sharkey
9c48498f45 Support for private (adopted) volumes.
This adds support for private volumes which is just a filesystem
wrapped in a dm-crypt layer.  For now we're using the exact same
configuration as internal encryption (aes-cbc-essiv:sha256), but we
don't store any key material on the removable media.  Instead, we
store the key on internal storage, and use the GPT partition GUID
to identify which key should be used.

This means that private external storage is effectively as secure as
the internal storage of the device.  That is, if the internal storage
is encrypted, then our external storage key is also encrypted.

When partitioning disks, we now support a "private" mode which has
a PrivateVolume partition, and a currently unused 16MB metadata
partition reserved for future use.  It also supports a "mixed" mode
which creates both a PublicVolume and PrivateVolume on the same
disk.  Mixed mode is currently experimental.

For now, just add ext4 support to PrivateVolume; we'll look at f2fs
in a future change.  Add VolumeBase lifecycle for setting up crypto
mappings, and extract blkid logic into shared method.  Sprinkle some
more "static" around the cryptfs code to improve invariants.

Bug: 19993667
Change-Id: Ibd1df6250735b706959a1eb9d9f7219ea85912a0
2015-04-01 10:45:05 -07:00
Jeff Sharkey
36801cccf2 Progress towards dynamic storage support.
Wire up new Disk and VolumeBase objects and events to start replacing
older DirectVolume code.  Use filesystem UUID as visible PublicVolume
name to be more deterministic.

When starting, create DiskSource instances based on fstab, and watch
for kernel devices to appear.  Turn matching devices into Disk
objects, scan for partitions, and create any relevant VolumeBase
objects.  Broadcast all of these events towards userspace so the
framework can decide what to mount.

Keep track of the primary VolumeBase, and update the new per-user
/storage/self/primary symlink for all started users.

Provide a reset command that framework uses to start from a known
state when runtime is restarted.  When vold is unexpectedly killed,
try recovering by unmounting everything under /mnt and /storage
before moving forward.

Remove UMS sharing support for now, since no current devices support
it; MTP is the recommended solution going forward because it offers
better multi-user support.

Switch killProcessesWithOpenFiles() to directly take signal.  Fix
one SOCK_CLOEXEC bug, but SELinux says there are more lurking.

Bug: 19993667
Change-Id: I2dad1303aa4667ec14c52f774e2a28b3c1c1ff6d
2015-03-30 19:46:31 -07:00
Hiroaki Miyazawa
14eab550e8 Fixed type mismatch for ioctl(BLKGETSIZE)
ioctl(BLKGETSIZE) expects unsigned long
(8 bytes on 64 bit environment).

This is fixing fails in android.os.storage.StorageManagerIntegrationTest
(in FrameworkCoreTests).

To verify, install FrameworksCoreTests.apk and do:

adb shell am instrument -r -w -e class android.os.storage.\
StorageManagerIntegrationTest#testMountSingleEncryptedObb \
com.android.frameworks.coretests/android.test.InstrumentationTestRunner

Change-Id: Ib6d5c7490c02521c93f107c35ad0aac49f6a3f1a
2015-03-30 11:28:11 -07:00
Nick Kralevich
25e581a11c VolumeManager: don't use faccessat(AT_SYMLINK_NOFOLLOW)
Don't use faccessat(AT_SYMLINK_NOFOLLOW). In Android, AT_SYMLINK_NOFOLLOW
is ignored. In glibc, it returns counter intuitive results when a
symbolic link is encountered, returning true all the time even though
an open(O_NOFOLLOW) will eventually fail.

Instead, stat the file and check to see if it's a regular file,
not a directory or symlink or some other weirdness.

In addition, fix a bug where isAsecInDirectory would return
true ("-1") if the asec directory didn't exist. It should return
false.

Bug: 18867827
Change-Id: I33d90e9095fad36ce0f83fde105b70f72e4eaef4
2015-02-06 08:55:08 -08:00
Yabin Cui
d1104f75a7 Use getmntent when accessing /proc/mounts.
Bug: 18887435
Change-Id: Ibcb446fac954d9c42ebdfc4b684e6f3503337ab4
2015-01-06 09:53:12 -08:00
Tim Murray
8439dc9fd5 Make vold compile with -Werror -Wall.
-Wno-missing-field-initializers is used as well, but that is an
overzealous warning from initializing structs with {0} and not a
real warning.

bug 18736778 and 16868177

Change-Id: Iffde89cd7200d9a11193e1614f1819f9fcace30a
2014-12-18 00:21:21 +00:00
Paul Lawrence
60dec16c50 Correctly remove asecs for full disk encryption
Previously this would fail if the framework wasn't stopped. The failure
would then stop full disk encryption. The fact that the unmount worked,
however, would then stop the second attempt from achieving anything.

Fix in line with current retry philosophy

We still need to figure out why Devmapper::destroy() fails at first.

Bug: 17301843
Change-Id: I405a36c832ccdebf2d904bef77f15eea174a6bfb
2014-09-02 18:25:26 +00:00
Jeff Sharkey
43ed123d3f ASEC resize tweaking, allow read-write mounting.
Resize is no-op when sector count is unchanged; the caller can't
anticipate how vold does its sector calculations.

After resizing, we need to mount the container read-write, so allow
the caller to request "ro" or "rw" mode.

Handle ENOTSUP when trying to fallocate() on some filesystems

Bug: 16514385
Change-Id: I0d3a378280d4c36d14f8108ff428102283d583fa
2014-08-22 15:39:41 -07:00
JP Abgrall
40b64a6841 vold: support "volume list [broadcast]" command
Sometimes when an sdcard is already mounted,
some info like uuid and label are not re-broadcast to new listeners.
The extra argument to list allows late listeners to catch up by asking
volume list to broadcast that info again.

Bug: 16253597
Bug: 16306775
Change-Id: Ie7d0c1132c22d307a5b2a0e50075a3716138d00b
Signed-off-by: Benson Huang <benson.huang@mediatek.com>
(cherry picked from commit 85f4700f44170b772697e627b3075dcb9137e1b7)
2014-07-25 01:46:26 +00:00
Daniel Rosenberg
e9196fecbb Increase asec image size for reflecting ext4 reserved clusters
From Shawn Heo's patch:

Ext4 introduced reserved clusters to prevent costly zeroout, or
unexpected ENOSPC. The size is 2% or 4096 clusters, whichever
is smaller (http://lwn.net/Articles/546473/).

So, we need to allocate additionally this amount of free space
to asecs when vold create asec images. This is required when
Android runs on Linux kernel 3.10 or later.

see: https://android-review.git.corp.google.com/#/c/96160

Change-Id: Iacff16b8cf0314493c355fa741bcfa519f744d6c
Signed-off-by: Daniel Rosenberg <drosen@google.com>
2014-06-11 00:50:53 +00:00
Daniel Rosenberg
fcd34a0ddd Added support for ext4 ASEC resizing.
ASECs formatted as ext4 can now be resized using vdc asec resize.
Refactored some common code.
Requires resize2fs.

Change-Id: Ie78bb6015114a7bc4af42b16d1f299322ffc1e2a
Signed-off-by: Daniel Rosenberg <drosen@google.com>
2014-06-10 22:15:33 +00:00
Daniel Rosenberg
6a74dcaa6e Fixed bugs with ASEC filesystem.
Changed ext4 to be 4kb aligned, and fat to be 32kb aligned.
Fixed issue that could potentially cause unencrypted ext4
ASECS to overwrite the ASEC super block when filled.

Change-Id: I890426c82ac9cbc65add85a8e3f5063504193c31
Signed-off-by: Daniel Rosenberg <drosen@google.com>
2014-05-28 23:23:47 +00:00
Cylen Yao
27cfee3fa4 avoid fs_mkdirs when SD card removed
Must limit vold calls to fs_mkdirs() only when the volume is mounted.
If NOT, it will trigger selinux warning as follows.
audit(1398835637.785:8): avc:  denied  { write } for  pid=137 comm="vold" name="sdcard0" dev="rootfs" ino=3191 scontext=u:r:vold:s0 tcontext=u:object_r:rootfs:s0 tclass=dir

Change-Id: I1113fc961cbdd8bbd2fcbf740c2f504628c8399d
Signed-off-by: Cylen Yao <cylen.yao@mediatek.com>
2014-05-14 20:42:13 -07:00
Nick Kralevich
3214d1f5a4 am 3c0d02aa: Merge "Convert all selinux_android_restorecon and _setfilecon calls to new API."
* commit '3c0d02aa03118713e6e770b54d1c530ff866f156':
  Convert all selinux_android_restorecon and _setfilecon calls to new API.
2014-02-12 23:19:02 +00:00
Stephen Smalley
5093e6187d Convert all selinux_android_restorecon and _setfilecon calls to new API.
libselinux selinux_android_restorecon API is changing to the more
general interface with flags and dropping the older variants.

Also get rid of the old, no longer used selinux_android_setfilecon API
and rename selinux_android_setfilecon2 to it as it is the only API in use.

Change-Id: I1e71ec398ccdc24cac4ec76f1b858d0f680f4925
Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>
2014-02-12 09:43:08 -05:00
Nick Kralevich
ca3593df3d am 311edc8c: Merge "Add SELinux restorecon calls on ASEC containers."
* commit '311edc8cb2dd5c86bad49f9696333874b400f9c4':
  Add SELinux restorecon calls on ASEC containers.
2014-02-11 17:20:39 +00:00
Nick Kralevich
311edc8cb2 Merge "Add SELinux restorecon calls on ASEC containers." 2014-02-11 17:13:46 +00:00
Colin Cross
e985c9ab10 am 1d8e3ce8: Merge "vold: fix errors inside ALOGV"
* commit '1d8e3ce8da962e5ff98d36e75f6b02873fdddb70':
  vold: fix errors inside ALOGV
2014-02-07 21:31:53 +00:00
Colin Cross
59846b654e vold: fix errors inside ALOGV
Fix errors exposed by adding compile-time checking to disabled ALOGVs.

Change-Id: I29bd6e9a7648ccca02e0e9a96b79ee0ea7b5cfc6
2014-02-06 20:34:29 -08:00
Robert Craig
b9e3ba56cb Add SELinux restorecon calls on ASEC containers.
This will allow fine-grained labeling of the
contents of ASEC containers. Some of the contents
need to be world readable and thus should be
distinguishable in policy.

Change-Id: Iefee74214d664acd262edecbb4f981d633ff96ce
Signed-off-by: rpcraig <rpcraig@tycho.ncsc.mil>
2014-02-06 07:10:43 -05:00
Nick Kralevich
e8e1d80c64 am 4d5d99ce: am 7cf05b15: am 2f0a1d66: am 7f6932df: am 35ab6119: am 3e03bf8a: am fd2dcf90: am f4770dcf: am 0de7c611: Validate asec names.
* commit '4d5d99ce39b5edd0b78c47a93563aed6b3d56356':
  Validate asec names.
2014-01-28 14:11:06 +00:00
Nick Kralevich
4d5d99ce39 am 7cf05b15: am 2f0a1d66: am 7f6932df: am 35ab6119: am 3e03bf8a: am fd2dcf90: am f4770dcf: am 0de7c611: Validate asec names.
* commit '7cf05b15b76b91aa07182e86a730d7552b23130c':
  Validate asec names.
2014-01-28 14:06:00 +00:00
Nick Kralevich
7f6932df89 am 35ab6119: am 3e03bf8a: am fd2dcf90: am f4770dcf: am 0de7c611: Validate asec names.
* commit '35ab611925aea29fc4088b5c3de7c8c77d956b8b':
  Validate asec names.
2014-01-27 19:25:27 -08:00
Nick Kralevich
fd2dcf905a am f4770dcf: am 0de7c611: Validate asec names.
* commit 'f4770dcf6ffe2baba16cbb290aba16f735c51962':
  Validate asec names.
2014-01-27 19:17:13 -08:00
Nick Kralevich
0de7c61102 Validate asec names.
Make sure asec names only contain alphanumeric, underscores,
dots, or dashes. Don't allow double dots.

Bug: 12504045

(cherry picked from commit 6696260965)

Change-Id: Ia9d04f373aa95878b2e81584c4167dc2d4aa0c78
2014-01-27 15:21:17 -08:00
Colin Cross
346c5b20cb vold: fix warnings for 64-bit
Replace MINOR(dev_t) and MAJOR(dev_t) with minor and major,
which cast to int.
Cast int to uintptr_t before casting to pointer

Change-Id: I59375518f15d27f400fcd4f8a8dfe5ebdd8350e6
2014-01-24 10:42:27 -08:00
Jeff Sharkey
8c2c15b1c6 Clean up ASEC unmounting on physical storage.
When physical devices are unsafely removed, unmountAllAsecsInDir()
fails to find any ASECs, and leaves them all mounted, preventing the
rest of volume from going down.

Now we examine all ASEC containers, and remove when on external
storage, or when the storage media is no longer found.

Bug: 11175082
Change-Id: Iffa38ea43f7e5ad78b598374ebeb60a8727d99fd
2013-10-17 15:30:30 -07:00
Marco Nelissen
5ab02e787a DO NOT MERGE. Fix crash in vold
b/11239345

Change-Id: I46a8d6b38e3c093e20e1e5c4f01efc13d1960ad4
2013-10-16 10:52:29 -07:00
Jeff Sharkey
ba6ae8db13 Add support for more expressive SD card permissions
We now run an sdcard fuse daemon on top of a physical SD card.
Add support for that.

Bug: 10330128

Change-Id: I6a291f861ccb0f2911c07cc8f659e2cec4e6d76c
2013-10-08 10:13:04 -07:00
Jeff Sharkey
71ebe154a5 Add mkdirs() command.
Apps without sdcard_r or sdcard_rw need to have someone create
package-specific directories on their behalf.  If apps have trouble
creating on their own, they now delegate through system to have
vold create the paths.

Requires that the requested path is actually managed by vold.

Bug: 10577808
Change-Id: I6835fc8f52240f9de07f89742a426a153e3ca32a
2013-09-20 14:29:59 -07:00
Ken Sumrall
9caab76c6b vold: Add an optional wipe paramter to the volume format command
The new wipe option to the vold format command will invoke BLKDISCARD
on the partition before invoking newfs_msdos.  This will be used whenever
a full wipe of the device is wanted, as this is more secure than just
doing newfs_msdos.

Bug: 9392982
Change-Id: Ie106f1b9cc70abc61206006d1821641c27c7ccae
2013-06-12 18:42:02 -07:00
Elliott Hughes
29e55ef83d am edf4e179: Merge "Fix vold\'s use of readdir_r(3)."
* commit 'edf4e17940c6d3887e9009b23ffca5be8116fbe9':
  Fix vold's use of readdir_r(3).
2012-10-29 17:15:00 -07:00
Elliott Hughes
8c480f73ee Fix vold's use of readdir_r(3).
Change-Id: I805a1799755429dd1f6f3bdc2e6a02f483587b35
2012-10-26 16:57:19 -07:00
Nick Kralevich
2e0d70f98d am 678d556f: Merge "Add snprintf truncation and output error checks."
* commit '678d556f439cae504c343c15d77e9ec020a9385c':
  Add snprintf truncation and output error checks.
2012-10-19 11:09:59 -07:00
rpcraig
d1c226fce3 Add snprintf truncation and output error checks.
Change-Id: If7fc9bba4b6cd4b01d2c19e967105ffc57169e97
Signed-off-by: rpcraig <rpcraig@tycho.ncsc.mil>
2012-10-19 05:56:00 -04:00
Kenny Root
bb67b67cc7 am fd5b29be: Merge "Extend vold support for creating ext4 images."
* commit 'fd5b29be8c572058ed9ab0198f5603e96c585d3c':
  Extend vold support for creating ext4 images.
2012-10-17 12:58:57 -07:00
Kenny Root
fd5b29be8c Merge "Extend vold support for creating ext4 images." 2012-10-17 11:53:41 -07:00
Jeff Sharkey
6947904a76 Handle multi-user mountObb() requests.
Mount OBB containers using shared app GID, so that an app can read
the mount point across users.

Bug: 7212801
Change-Id: Ia1be52df9854c259b20728111f3a2c9facf4beaa
2012-09-25 16:14:57 -07:00
rpcraig
a54e13a3dc Extend vold support for creating ext4 images.
Augment the Ext4::format function to take
a mountpoint parameter. This will then
be passed to make_ext4fs through the
-a option to allow proper security labeling.

Change-Id: Ic26703406a2c463c12e32c8103a0c75c727b7d29
2012-09-21 15:44:55 -04:00
Kenny Root
eacf7e03d6 Only cleanup ASECs in external storage DO NOT MERGE
Any ASEC or OBB files were unmounted when USB storage was set to UMS
mode. This changes it so only ASEC files on external storage and OBB
files mounted from external storage are unmounted.

(Cherry-pick of 93ecb38dad)

Bug: 6948035
Change-Id: Ib60727bd360caa32173797ff5b4e1e21fcf20054
2012-08-13 09:49:55 -07:00
Kenny Root
93ecb38dad Only cleanup ASECs in external storage
Any ASEC or OBB files were unmounted when USB storage was set to UMS
mode. This changes it so only ASEC files on external storage and OBB
files mounted from external storage are unmounted.

Bug: 6948035
Change-Id: I91bc09ee5b792970b0eef895f6886f3ffad00e8f
2012-08-09 15:50:58 -07:00
Ken Sumrall
425524dba1 Unmount all asec apps before encrypting
Now that forward locked apps are stored on /data as asec image files
that are mounted, they need to be unmounted before /data can be unmounted
so it can be encrypted.

Change-Id: I7c87deb52aaed21c8ad8ce8aceb7c15c2338620a
2012-06-15 14:46:53 -07:00
Kenny Root
418367112c Merge "Sleep to wait for dm to create node" into jb-dev 2012-05-10 23:30:35 -07:00
Kenny Root
cdc2a1c835 Sleep to wait for dm to create node
There appears to be a race condition from when the device mapper is
asked to create a device and when it actually appears. When we moved
ASECs to use Ext4, mount started winning the race more often.

Just insert a sleep-retry loop here to counter-act this race. We should
ideally look at the uevent replies, but it takes a bit more effort to
separate them out.

Change-Id: Ie8a5b36b1c9a26f2320a178d37312059d03a1281
2012-05-10 17:27:30 -07:00
Kenny Root
1a673c868c Native library loading needs to read directory
When calling System.loadLibrary(), it needs to be able to read the
directory to load the file. We could probably fix that, but changing
permissions here is faster.

Bug: 6478606
Change-Id: I296b0805839da5a19950157f9a16755a4d258ca8
2012-05-10 16:47:24 -07:00