Commit graph

4911 commits

Author SHA1 Message Date
Xin Li
ad3c475452 [automerger skipped] Merge "Merge Android 12" am: 97e69c9529 -s ours
am skip reason: Merged-In I9d1b60b1bddeade81238cc971d38a5de76f748d5 with SHA-1 af91a5ec2d is already in history

Original change: https://android-review.googlesource.com/c/platform/system/vold/+/1848033

Change-Id: I463a0a99d587e9802c49a58fd36326dec26ddf31
2021-10-08 01:20:03 +00:00
Xin Li
97e69c9529 Merge "Merge Android 12" 2021-10-07 23:50:41 +00:00
Xin Li
0f3734a07e Merge Android 12
Bug: 202323961
Merged-In: I9d1b60b1bddeade81238cc971d38a5de76f748d5
Change-Id: Ic882ab8446d7c9012d344acdbb3911f6be7cd285
2021-10-06 22:55:15 +00:00
David Anderson
af91a5ec2d Merge "Pre-create userdata metadata encryption device." am: eb3182f040
Original change: https://android-review.googlesource.com/c/platform/system/vold/+/1833056

Change-Id: I9d1b60b1bddeade81238cc971d38a5de76f748d5
2021-09-27 20:16:47 +00:00
David Anderson
eb3182f040 Merge "Pre-create userdata metadata encryption device." 2021-09-27 20:01:24 +00:00
Howard Chen
9c2577b823 Merge "Make the deleteAllKey feature aware of the DSU mode" am: d718c8c577
Original change: https://android-review.googlesource.com/c/platform/system/vold/+/1826054

Change-Id: I55554e2a0545de6a747e44f5967534fe16d1341a
2021-09-22 04:22:35 +00:00
Howard Chen
d718c8c577 Merge "Make the deleteAllKey feature aware of the DSU mode" 2021-09-22 04:09:18 +00:00
David Anderson
156d9d2293 Pre-create userdata metadata encryption device.
CreateDevice() implicitly calls WaitForDevice(), which can impact boot
time if there are many uevents waiting to be processed. To alleviate
this, create an empty "userdata" device when vold starts (if metada
encryption is enabled). When it comes time to actually enable metadata
encryption, the device can be re-used and the subsequent Wait should be
much faster.

Bug: 198405417
Test: manual test; device boots
Change-Id: Iaacd10858272f17353475e25075ea1dda13f8fc4
2021-09-21 17:25:33 -07:00
Daniel Rosenberg
9788b022dd Merge "Fix the incorrect parameter quota when userdata is formatted with EXT4" am: 8bd25f8e74
Original change: https://android-review.googlesource.com/c/platform/system/vold/+/1825558

Change-Id: I258381abf0a516987abad5357165f8cc6daec4fd
2021-09-20 22:02:27 +00:00
Daniel Rosenberg
8bd25f8e74 Merge "Fix the incorrect parameter quota when userdata is formatted with EXT4" 2021-09-20 21:44:44 +00:00
Howard Chen
cbc1bdba59 Make the deleteAllKey feature aware of the DSU mode
Currently, the vold detects the factory reset by checking the
metadata encryption key. This logic is only valid when the
device is not in DSU mode.

Bug: 199222795
Test: run DSU installation on a Pixel device
Change-Id: Ib40bd44d2ef7c872eba177c9ccfefac8934a49e6
2021-09-15 01:59:59 +00:00
lin.gui
3101ac01ac Fix the incorrect parameter quota when userdata is formatted with EXT4
The userdata will be formatted by VOLD during bootup when the userdata
is not completed file system(EXT4 or F2FS).
For EXT4 on userdata and quota feature is enabled. the parameter quota
is incorrect in ext4::Format(). Change the parameter from
quotatype=prjquota to quotatype=usrquota:grpquota:prjquota.

Bug: 199802158
Test: run cts-on-gsi -m CtsAppSecurityHostTestCases -t
      android.appsecurity.cts.StorageHostTest

Change-Id: Ibff10e8e67b4e6ffabea97f534ff6551aed91963
2021-09-14 02:05:27 +00:00
Thiébaud Weksteen
cdbde55e7b Merge "Replace security_context_t type" am: 530329222f
Original change: https://android-review.googlesource.com/c/platform/system/vold/+/1824052

Change-Id: Ie3c20ee9187f349c308798ec370f7aa754fdfa85
2021-09-10 11:31:07 +00:00
Thiébaud Weksteen
530329222f Merge "Replace security_context_t type" 2021-09-10 11:17:18 +00:00
Thiébaud Weksteen
ae8550fd20 Replace security_context_t type
security_context_t has been marked as deprecated in libselinux from
version 3.2. Update to the `char*` type.

Bug: 190808996
Test: m
Change-Id: I6f40e161251c79893d41e12c368715736578aacc
2021-09-10 10:54:19 +02:00
Keith Mok
d5f0a5751e Merge "Set a property if seed binding is enabled." am: cc63a93fd6
Original change: https://android-review.googlesource.com/c/platform/system/vold/+/1816736

Change-Id: I80fde534da01e49298c9e7b82617befa32959414
2021-09-02 00:18:47 +00:00
Keith Mok
cc63a93fd6 Merge "Set a property if seed binding is enabled." 2021-09-01 23:55:08 +00:00
Keith Mok
e8600253ac Set a property if seed binding is enabled.
For vehicle binding seed atest

Bug: 157501579
Test: atest vehicle-binding-seed-sh
Change-Id: Ie1dad1735193ce722ec036e38f826a6b90e94526
2021-09-01 22:06:10 +00:00
Xin Li
b9d97763d2 Merge sc-dev-plus-aosp-without-vendor@7634622
Merged-In: I78039d08a9bc7d9a2d285744e6d64f4af6ac851a
Change-Id: I958ef629f8ca43d6539ae90e037b846d9e0b44a3
2021-08-14 06:31:09 +00:00
Shawn Willden
e4190a395a [automerger skipped] Merge "Revert "Detect factory reset and deleteAllKeys"" into sc-dev am: 90c818d9ee -s ours
am skip reason: Merged-In I9c5c547140e8b1bbffb9c1d215f75251f0f1354e with SHA-1 1e6a5f5106 is already in history. Merged-In was found from reverted change.

Reverted change: https://googleplex-android-review.googlesource.com/c/platform/system/vold/+/15517876

Original change: https://googleplex-android-review.googlesource.com/c/platform/system/vold/+/15536478

Change-Id: I78039d08a9bc7d9a2d285744e6d64f4af6ac851a
2021-08-12 01:31:31 +00:00
Shawn Willden
90c818d9ee Merge "Revert "Detect factory reset and deleteAllKeys"" into sc-dev 2021-08-12 01:17:13 +00:00
Shawn Willden
2bab97c368 Revert "Detect factory reset and deleteAllKeys"
Revert "Add deleteAllKeys to IKeystoreMaintenance"

Revert "Enable deleteAllKeys from vold"

Revert "Allow vold to deleteAllKeys in Keystore"

Revert submission 15521094-vold-deleteAllKeys

Reason for revert: Causes infinite loop in Trusty KeyMint
Reverted Changes:
I9c5c54714:Detect factory reset and deleteAllKeys
I2fb0e94db:Allow vold to deleteAllKeys in Keystore
Id23f25c69:Add deleteAllKeys to IKeystoreMaintenance
Ife779307d:Enable deleteAllKeys from vold
I4312b9a11:Enable deleteAllKeys from vold

Bug: 187105270
Change-Id: I8e2621bef234d0a59be422b8d1d8d52a91378a5e
2021-08-12 01:07:00 +00:00
TreeHugger Robot
d7b96bc64f Merge "Add ROLLBACK_RESISTANCE tag to key usage" into sc-dev am: 8f19fd90e3
Original change: https://googleplex-android-review.googlesource.com/c/platform/system/vold/+/15534270

Change-Id: Ieaa3ce08c20df998a8141c77a7f771e40e1c6d0a
2021-08-11 23:16:01 +00:00
TreeHugger Robot
8f19fd90e3 Merge "Add ROLLBACK_RESISTANCE tag to key usage" into sc-dev 2021-08-11 22:59:40 +00:00
Paul Crowley
2160b23d14 [automerger skipped] Detect factory reset and deleteAllKeys am: 0f74bd4811 -s ours
am skip reason: Merged-In I9c5c547140e8b1bbffb9c1d215f75251f0f1354e with SHA-1 1e6a5f5106 is already in history

Original change: https://googleplex-android-review.googlesource.com/c/platform/system/vold/+/15517876

Change-Id: Idcba5a41ce50b3c043a8b80b74d90de0aef50f18
2021-08-11 22:00:38 +00:00
[6;7~
2601eb7f8c Add ROLLBACK_RESISTANCE tag to key usage
If KM is upgraded from a version that does not support rollback
resistance to one that does, we really want our upgraded keys to
include rollback resistance. By passing this tag in when we use the
keys, we ensure that the tag is passed into the upgradeKey request
whenever it is made, which some KM implementations can use to add
rollback resistance to our keys.

Bug: 187105270
Ignore-AOSP-First: no merge path to this branch from AOSP.
Test: Manual
Change-Id: I6154fe26a10b60cd686cc60dbc2e0a85c152f43b
2021-08-11 14:22:41 -07:00
Paul Crowley
c248576dad Merge "Detect factory reset and deleteAllKeys" am: 407b2c2386 am: 85961f7a9c
Original change: https://android-review.googlesource.com/c/platform/system/vold/+/1789528

Change-Id: I7608e0cccc2c145f722e0fa85b922af9b1d2d8d6
2021-08-11 18:13:25 +00:00
Paul Crowley
85961f7a9c Merge "Detect factory reset and deleteAllKeys" am: 407b2c2386
Original change: https://android-review.googlesource.com/c/platform/system/vold/+/1789528

Change-Id: Ibc05df1c5ceede35fdca6d1e6a5abd67e70519f5
2021-08-11 17:52:00 +00:00
Paul Crowley
0f74bd4811 Detect factory reset and deleteAllKeys
Where metadata encryption is enabled, if there is no metadata encryption
key present and we are generating one anew, then there has been a
factory reset, and this is the first key to be generated. We then call
deleteAllKeys to ensure data from before the factory reset is securely
deleted.

This shouldn't really be necessary; the factory reset call itself
should be doing this. However there are currently three factory reset
paths (settings, recovery, fastboot -w) and it is not clear that all
three are doing this correctly on all devices. Obviously an attacker
can prevent this code from being run by running a version of the OS
that does not include this change; however, if the bootloader is
locked, then keys will be version bound such that they will only work
on locked devices with a sufficiently recent version of the OS. If
every sufficiently recent signed version of the OS includes this change
the attack is defeated.

Bug: 187105270
Test: booted Cuttlefish twice, checked logs
Ignore-AOSP-First: no merge path to this branch from AOSP.
Merged-In: I9c5c547140e8b1bbffb9c1d215f75251f0f1354e
Change-Id: I9c5c547140e8b1bbffb9c1d215f75251f0f1354e
2021-08-11 10:43:58 -07:00
Paul Crowley
407b2c2386 Merge "Detect factory reset and deleteAllKeys" 2021-08-11 17:39:55 +00:00
Paul Crowley
1e6a5f5106 Detect factory reset and deleteAllKeys
Where metadata encryption is enabled, if there is no metadata encryption
key present and we are generating one anew, then there has been a
factory reset, and this is the first key to be generated. We then call
deleteAllKeys to ensure data from before the factory reset is securely
deleted.

This shouldn't really be necessary; the factory reset call itself
should be doing this. However there are currently three factory reset
paths (settings, recovery, fastboot -w) and it is not clear that all
three are doing this correctly on all devices. Obviously an attacker
can prevent this code from being run by running a version of the OS
that does not include this change; however, if the bootloader is
locked, then keys will be version bound such that they will only work
on locked devices with a sufficiently recent version of the OS. If
every sufficiently recent signed version of the OS includes this change
the attack is defeated.

Bug: 187105270
Test: booted Cuttlefish twice, checked logs
Change-Id: I9c5c547140e8b1bbffb9c1d215f75251f0f1354e
2021-08-11 10:29:59 -07:00
Treehugger Robot
ff366fab5f Merge "Remove ndk_platform backend. Use the ndk backend." am: 85705f6c86 am: e66b2b4015
Original change: https://android-review.googlesource.com/c/platform/system/vold/+/1778413

Change-Id: I3bf1a2b23581bb543ec1496bb60f5d8052076fce
2021-07-28 12:49:02 +00:00
Treehugger Robot
e66b2b4015 Merge "Remove ndk_platform backend. Use the ndk backend." am: 85705f6c86
Original change: https://android-review.googlesource.com/c/platform/system/vold/+/1778413

Change-Id: Ic80a30be678fd7427ee7239f8cdb758dfd483940
2021-07-28 12:35:52 +00:00
Treehugger Robot
85705f6c86 Merge "Remove ndk_platform backend. Use the ndk backend." 2021-07-28 12:26:13 +00:00
Nikita Ioffe
78c9cba6a5 Merge "Remove vold logs related to block devices" am: cbf82ffa29 am: 9bf8553f8d
Original change: https://android-review.googlesource.com/c/platform/system/vold/+/1779986

Change-Id: I0f5f606384ccebf21e618617a2dd7e12cc4db7b6
2021-07-28 11:26:30 +00:00
Nikita Ioffe
9bf8553f8d Merge "Remove vold logs related to block devices" am: cbf82ffa29
Original change: https://android-review.googlesource.com/c/platform/system/vold/+/1779986

Change-Id: I81accecbb47c158de761df31fe078aaa27332006
2021-07-28 11:15:08 +00:00
Nikita Ioffe
cbf82ffa29 Merge "Remove vold logs related to block devices" 2021-07-28 11:01:01 +00:00
Nikita Ioffe
b881fc4feb Remove vold logs related to block devices
Since every APEX requires at least one loop device, now most of the
block devices on a device are not managed by vold. This change removes
some log statements around block devices that vold is not aware of.

Test: device boots
Test: adb logcat
Change-Id: I8efa22023c1f888e75f40178fac464af4457df3c
2021-07-28 02:58:57 +01:00
Jiyong Park
973e05938d Remove ndk_platform backend. Use the ndk backend.
The ndk_platform backend will soon be deprecated because the ndk backend
can serve the same purpose. This is to eliminate the confusion about
having two variants (ndk and ndk_platform) for the same 'ndk' backend.

Bug: 161456198
Test: m
Change-Id: I87554ce86da0f862568c5aa84a21e6613655eb25
2021-07-27 12:21:11 +09:00
Keith Mok
a3f7a54366 Merge "Add command for setting the key binding seed" am: 2d76731968 am: 7aec273c8d
Original change: https://android-review.googlesource.com/c/platform/system/vold/+/1757970

Change-Id: If53ae63a91b702e09297c1d916394aee99eee8d2
2021-07-15 21:35:55 +00:00
Keith Mok
7aec273c8d Merge "Add command for setting the key binding seed" am: 2d76731968
Original change: https://android-review.googlesource.com/c/platform/system/vold/+/1757970

Change-Id: I4fe8e883754c0c8322fb8223cdb64904da516972
2021-07-15 21:26:35 +00:00
Keith Mok
2d76731968 Merge "Add command for setting the key binding seed" 2021-07-15 20:47:42 +00:00
Sean Keys
8452f41d4a Add command for setting the key binding seed
The seed value is passed to vold early in startup so that the
key-encryption keys are bound to the seed. This is useful for systems
like auto, in which the Android device may not require credentials to
use. In that case, the device should be bound to the rest of the system
(the car, in the case of auto) to guard against theft.

Test: manual
Change-Id: I2e16387b0752a30ef226b5ddf32ebf955aa9610a
2021-07-13 23:41:50 +00:00
Eric Biggers
3746f5a475 [automerger skipped] Ignore too-early earlyBootEnded on FDE devices am: 2ddc1338d7 -s ours
am skip reason: Merged-In I03f816db194a8276ad19ca99b3c8894e8a5fed23 with SHA-1 4859e0ca0f is already in history

Original change: https://googleplex-android-review.googlesource.com/c/platform/system/vold/+/15109082

Change-Id: I0f1cde2384d1848bd4c5da8764dc5a350a56b1bd
2021-06-25 21:06:58 +00:00
Eric Biggers
9f749bcb19 Merge "Ignore too-early earlyBootEnded on FDE devices" am: a3bd31c170 am: 979429e6c3
Original change: https://android-review.googlesource.com/c/platform/system/vold/+/1747633

Change-Id: Iff37e24d06efedebf682c37b79fdc8ec868b0739
2021-06-25 20:11:40 +00:00
Eric Biggers
979429e6c3 Merge "Ignore too-early earlyBootEnded on FDE devices" am: a3bd31c170
Original change: https://android-review.googlesource.com/c/platform/system/vold/+/1747633

Change-Id: Ida62bd5cdab40ce459ba45d20a13c09545b4d938
2021-06-25 19:57:37 +00:00
Eric Biggers
2ddc1338d7 Ignore too-early earlyBootEnded on FDE devices
Don't call IKeystoreMaintenance::earlyBootEnded() too early on FDE
devices, so that keystore2 doesn't have to be restarted.

Bug: 192090857
Test: Tested FDE on Cuttlefish, both first and non-first boots.
      Verified via log that earlyBootEnded is now called only when it
      should be, and that keystore2 no longer has to be restarted.
Change-Id: I03f816db194a8276ad19ca99b3c8894e8a5fed23
(cherry picked from commit 4859e0ca0f)
Merged-In: I03f816db194a8276ad19ca99b3c8894e8a5fed23
2021-06-25 12:44:08 -07:00
Eric Biggers
a3bd31c170 Merge "Ignore too-early earlyBootEnded on FDE devices" 2021-06-25 19:43:02 +00:00
Eric Biggers
4859e0ca0f Ignore too-early earlyBootEnded on FDE devices
Don't call IKeystoreMaintenance::earlyBootEnded() too early on FDE
devices, so that keystore2 doesn't have to be restarted.

Bug: 192090857
Test: Tested FDE on Cuttlefish, both first and non-first boots.
      Verified via log that earlyBootEnded is now called only when it
      should be, and that keystore2 no longer has to be restarted.
Change-Id: I03f816db194a8276ad19ca99b3c8894e8a5fed23
2021-06-25 12:40:21 -07:00
Treehugger Robot
7bff55552f Merge "Replace writepid with task_profiles command for cgroup migration" am: 73a54f653b am: 545957abfe
Original change: https://android-review.googlesource.com/c/platform/system/vold/+/1740142

Change-Id: Iedea33f82eb260baa60fdb65bc6de3b849e0c579
2021-06-23 22:03:08 +00:00