We've tried our best to protect against malicious storage devices
with limited SELinux domains, but let's be even more paranoid and
refuse to look at disks inserted while a secure keyguard is
showing. We'll gladly scan them right away once the user confirms
their credentials.
Test: builds, boots, manual testing
Bug: 68054513
Change-Id: I37fd6c25bbd6631fa4ba3f84e19384d746a22498
runIdleMaint is equivalent with:
1. echo 1 > /sys/fs/f2fs/sdX/gc_urgent
2. wait until /sys/fs/f2fs/sdX/dirty_segments
<= threshold or timeout
3. echo 0 > /sys/fs/f2fs/sdX/gc_urgent
4. fstrim
abortIdleMaint forces the wait loop above to exit and
skips fstrim. However, if fstrim is already running,
abortIdleMaint will just leave it run to completion.
Test: adb shell sm idle-maint [run|abort]
Bug: 67776637
Change-Id: I4adff8d9b6bbd63bce41368cea55dc9e9b117eb6
FDE keys are indexed using the partition GUID, while FBE keys will be
indexed using the filesystem UUID, so pass both of those identifiers
along when forgetting a volume.
Test: cts-tradefed run commandAndExit cts-dev -m CtsAppSecurityHostTestCases -t android.appsecurity.cts.AdoptableHostTest
Bug: 25861755
Change-Id: I6e239d5ba67a01c9a848d705f6167da00f975924
We've been allocating task objects without freeing them, oops. We
don't really need full classes for these tasks, so move them to
blocking methods, and invoke them from a detached thread.
Remove FIDTRIM support, which isn't meaningful on UFS-based flash
devices. Modern devices require FBE/FDE which gives us better
protection against trimmed data lingering around.
Rename "Trim" to more generic "IdleMaint", since it'll soon extend
to include custom F2FS optimization logic.
Check for shady ".." when validating paths.
Test: cts-tradefed run commandAndExit cts-dev -m CtsOsTestCases -t android.os.storage.cts.StorageManagerTest
Test: cts-tradefed run commandAndExit cts-dev --abi armeabi-v7a -m CtsAppSecurityHostTestCases -t android.appsecurity.cts.AdoptableHostTest
Bug: 67041047
Change-Id: I4fb194c5d5ef13f413c02acedfbaaf79c567582b
Moves away from crufty char* operations to std::string utility
methods, including android::base methods for splitting/parsing.
Rewrite of how Process handles scanning procfs for filesystem
references; now uses fts(3) for more sane traversal.
Replace sscanf() with new FindValue() method, also has unit tests.
Remove some unused methods. Switch almost everyone over to using
modern logging library.
Test: cts-tradefed run commandAndExit cts-dev -m CtsOsTestCases -t android.os.storage.cts.StorageManagerTest
Test: cts-tradefed run commandAndExit cts-dev --abi armeabi-v7a -m CtsAppSecurityHostTestCases -t android.appsecurity.cts.AdoptableHostTest
Bug: 67041047
Change-Id: I70dc512f21459d1e25b187f24289002b2c7bc7af
Instead of blindly looping across 4096 possible devices, use
readdir() to only look at valid devices. This speeds up destroyAll()
from 40ms to 0.7ms.
Add tracing information in several places.
Test: external/chromium-trace/systrace.py -b 128768 sched freq am pm ss core_services binder_driver -a system_server,installd,vold
Bug: 65634729, 65737446
Change-Id: If581de47fb55850c0fcd6e25bf33ed246e1b079d
Now that we're using Binder, we can have callers provide explicit
listeners for every request instead of trying to squeeze them all
into unsolicited socket events.
Move benchmarking to be async to avoid blocking other commands for
up to several minutes. Remove post-trim benchmarking flag, since
benchmarking now requires a separate callback. Will bring back in
a future CL.
Test: cts-tradefed run commandAndExit cts-dev -m CtsAppSecurityHostTestCases -t android.appsecurity.cts.AdoptableHostTest
Test: adb shell sm fstrim
Bug: 62201209, 13758960
Change-Id: I0f2ebf1ac3b4252ecd6b44303f2887adfdb58e86
Create IVoldListener and move most unsolicited vold events over to
this new interface. The remaining events will be routed through
method-specific listeners instead of a global one.
Move to upstream DISALLOW_COPY_AND_ASSIGN macro.
Test: cts-tradefed run commandAndExit cts-dev -m CtsAppSecurityHostTestCases -t android.appsecurity.cts.DirectBootHostTest
Test: cts-tradefed run commandAndExit cts-dev -m CtsAppSecurityHostTestCases -t android.appsecurity.cts.AdoptableHostTest
Test: cts-tradefed run commandAndExit cts-dev -m CtsOsTestCases -t android.os.storage.cts.StorageManagerTest
Bug: 13758960
Change-Id: Ib9293487db2d525a76b9b9c2e9ac18d98601c6cf
Prefix FDE related commands with "fde" to make it clear which devices
they apply to. This will also make it easier to remove once FDE
is fully deprecated in a future release.
To emulate the single-threaded nature of the old socket, introduce a
lock that is acquired for all encryption related methods.
Sprinkle some "const" around older files to make C++ happy.
Test: cts-tradefed run commandAndExit cts-dev -m CtsAppSecurityHostTestCases -t android.appsecurity.cts.DirectBootHostTest
Test: cts-tradefed run commandAndExit cts-dev -m CtsAppSecurityHostTestCases -t android.appsecurity.cts.AdoptableHostTest
Test: cts-tradefed run commandAndExit cts-dev -m CtsOsTestCases -t android.os.storage.cts.StorageManagerTest
Bug: 13758960
Change-Id: I0a6ec6e3660bbddc61424c344ff6ac6da953ccf0
This moves fstrim, obb and appfuse commands over to the new Binder
interface. This change also separates creating/destroying and
mounting/unmounting of OBB volumes, which means they finally flow
nicely into the modern VolumeInfo/VolumeBase design.
We now generate unique identifiers for all OBB volumes, instead of
using a shady MD5 hash.
Change all "loop" and "dm" devices to tag the kernel resources with
a vold-specific prefix so that we can clean them up if vold crashes;
there are new destroyAll() methods that handle this cleanup.
Move appfuse mounting/unmounting into VolumeManager so it can be
shared. Move various model objects into a separate directory to
tidy things up.
Test: cts-tradefed run commandAndExit cts-dev -m CtsOsTestCases -t android.os.storage.cts.StorageManagerTest
Bug: 13758960
Change-Id: I7294e32b3fb6efe07cb3b77bd20166e70b66958f
Keep the old socket-based commands intact for awhile so we can
rapidly disable this change using the ENABLE_BINDER feature flag.
Define constants in AIDL to keep Java and C++ in sync.
Test: cts-tradefed run commandAndExit cts-dev -m CtsAppSecurityHostTestCases -t android.appsecurity.cts.ExternalStorageHostTest
Test: cts-tradefed run commandAndExit cts-dev --abi armeabi-v7a -m CtsAppSecurityHostTestCases -t android.appsecurity.cts.AdoptableHostTest
Bug: 13758960
Change-Id: I0d6f82cbebe67f671b60949fd727409aeb1fdc0d
This change is the bare minimum needed to publish a new vold
Binder service and move the simple "reset" call over to go through
the new interface.
Test: builds, boots
Bug: 13758960
Change-Id: I5b70976653c69f92e1efc8d1f432b2038eb618a4
