Commit graph

155 commits

Author SHA1 Message Date
Eric Biggers
8c1659e271 Make the CE key always be encrypted by the synthetic password
When generating a CE key, don't persist it immediately with
kEmptyAuthentication.  Instead, cache it in memory and persist it later
when the secret to protect it with is given.  This is needed to make it
so that the CE key is always encrypted by the user's synthetic password
while it is stored on-disk.  See the corresponding system_server changes
for more information about this design change and its motivation.

As part of this, simplify vold's Binder interface by replacing the three
methods addUserKeyAuth(), clearUserKeyAuth(), and
fixateNewestUserKeyAuth() with a single method setUserKeyProtection().
setUserKeyProtection() handles persisting the key for a new user or
re-encrypting the default-encrypted key for an existing unsecured user.

Bug: 232452368
Ignore-AOSP-First: This depends on frameworks/base changes that can only
                   be submitted to internal master, due to conflicts.
Test: see Ia753ea21bbaca8ef7a90c03fe73b66c896b1536e
Change-Id: Id36ba8ee343ccb6de7ec892c3f600abd636f6ce5
2022-09-06 21:30:36 +00:00
Daeho Jeong
37cf9d79ab Introduce target dirty segment ratio tunable parameter
We introduce a new parameter of target dirty segment ratio,
which can be used to set a target dirty / (dirty + free) segments
ratio. For example, if we set this as 80%, GC sleep time will be
calculated to achieve this ratio in a GC period.

Test: check smart idle maint log of StorageManagerService
Signed-off-by: Daeho Jeong <daehojeong@google.com>
Change-Id: I73f2bcf4bdb810164c174bd0d2518b15d577d5d5
2022-07-04 21:23:46 +00:00
Daeho Jeong
3fd33ece35 Make minimum gc sleep time tunnable
Test: check smart idle maint log of StorageManagerService
Signed-off-by: Daeho Jeong <daehojeong@google.com>
Change-Id: I5a70e4ec2ca895551b6446a9dfd4bb5003a3fbd0
2022-06-23 16:20:45 -07:00
Jaegeuk Kim
f6151b434c Support zoned device with dm-default-key
Note that, encrypt_inplace cannot support zoned device, since it
doesn't support in-place updates. And, dm-default-key will have
a different key.

Bug: 172378121
Signed-off-by: Jaegeuk Kim <jaegeuk@google.com>
Change-Id: I34cb1e747e0f3faa07c5a4bfeded11fb789a033c
2022-06-07 18:43:54 -07:00
Daeho Jeong
c0de6d8184 Merge changes from topic "change_period"
* changes:
  vold: remove overprovision area from free segments
  vold: do not set gc sleep time with zero dirty segments
  vold: add gc period in setGCUrgentPace
2022-03-25 22:26:12 +00:00
Eric Biggers
b3ea454002 Remove FDE methods from binder interface
Now that none of these methods are used anymore, we can remove them.
Also remove the related constants.

Bug: 208476087
Change-Id: I1f56c8e05fb3fba09aab4bf5f8609b0f552b8999
2022-03-21 05:11:21 +00:00
Daeho Jeong
7c788fc3e9 vold: add gc period in setGCUrgentPace
To make gc period changable, added a new gcPeriod parameter to
setGCUrgentPace.

Test: adb shell device_config put storage_native_boot smart_idle_maint_period 10
Bug: 202283480
Bug: 181079477
Signed-off-by: Daeho Jeong <daehojeong@google.com>
Change-Id: I4e44a80ea5b51d9a7cde69d25e129dd0673b271f
2022-03-18 12:56:17 -07:00
Eric Biggers
90a305232e Remove HardwareAuthToken parameters from binder interface
These are no longer used.

Test: atest com.android.server.locksettings
Bug: 184723544
Change-Id: I6160d30deb138a5366532de84cbf6f02cbc69b8c
(cherry picked from commit 5bb9faab49)
Merged-In: I6160d30deb138a5366532de84cbf6f02cbc69b8c
2022-03-15 01:26:08 +00:00
Eric Biggers
7e79a43a72 Remove broken code for mounting encrypted OBB files
Mounting encrypted OBB files has never worked reliably across devices,
partly due to its reliance on Twofish encryption support in the kernel.
This is because Twofish support (CONFIG_CRYPTO_TWOFISH) has never been
required or even recommended for Android.  It has never been enabled in
GKI, but even before GKI it wasn't required or recommended.  Moreover,
this is now the only Android feature that still uses dm-crypt
(CONFIG_DM_CRYPT), and some devices don't have that enabled either.

Therefore, it appears that this feature is unused.  That's perhaps not
surprising, considering that the documentation for OBBs
(https://developer.android.com/google/play/expansion-files) says that
they are deprecated, and also it explains OBBs as being app files that
are opaque to the platform; the ability of the platform to mount OBBs
that happen to be in a particular format is never mentioned.  That means
that OBB mounting is probably rarely used even with unencrypted OBBs.
Finally, the usefulness of OBBs having their own encryption layer (in
addition to what the platform already provides via FBE) is not clear
either, especially with such an unusual choice of cipher.

To avoid the confusion that is being caused by having the broken code
for mounting encrypted OBBs still sitting around, let's remove it.

Test: atest StorageManagerTest # on Cuttlefish
Test: atest StorageManagerIntegrationTest # on Cuttlefish
Bug: 216475849
Change-Id: Iaef32cce90f95ea745ba2b143f89e66f533f3479
2022-03-01 21:19:18 +00:00
Yurii Zubrytskyi
18eb877246 [vold] Check incremental paths before mounting
Vold was trusting system_server too much and allowed for pretty
much any path in mount()/bindMount() calls for incremental.
This CL adds validation to make sure it's only accessing own
directories. This includes enforcing no symlinks in the paths

Bug: 198657657
Bug: 216722132
Test: manual
Change-Id: I6035447f94ef44c4ae3294c3ae47de2d7210683a
Merged-In: I6035447f94ef44c4ae3294c3ae47de2d7210683a
2022-01-31 22:13:14 +00:00
Daeho Jeong
999fceb07c Add interfaces required by smart idle maintenance service
Added interfaces required by smart idle maintenance service in
StorageManagerService, whose goal is to determine when to trigger
filesystem defragmentation while keeping the best user experience
as long as possible, and avoiding hurting UFS lifetime.

Test: check smart idle maintenance log every hour
Bug: 202283480
Bug: 181079477
Signed-off-by: Daeho Jeong <daehojeong@google.com>
Change-Id: I012cfb9b01e5d21ec71700c3c52ac9c096cd1a90
2022-01-12 10:54:37 -08:00
Eric Biggers
72ca0cf3f9 Remove IgnoreEarlyBootEnded()
Now that FDE is no longer supported, this is no longer needed.

Bug: 191796797
Change-Id: I71fd98e66fd0998b78b8d56507cc62e1a112263a
2021-11-10 14:03:48 -08:00
Eric Biggers
0803ba0985 Remove most of FDE support
Since Android 10, new devices have been required to use FBE instead of
FDE.  Therefore, the FDE code is no longer needed.

Remove most of cryptfs.cpp.  A few parts of it need to be kept in order
to support the dm-crypt method of adoptable storage encryption.

Keep the FDE-specific binder methods stubbed out for now until their
callers can be removed.

Bug: 191796797
Change-Id: I90b1e4cacd2f3e5cce77a82a0af744fcc7da9400
2021-11-09 16:09:33 -08:00
Yurii Zubrytskyi
1d7acfddf7 Enable dynamic read logs buffer sizing for incfs
Default buffer size of 4 pages causes many missed log records
because of ring buffer overflows. This change adds a dynamic
sizing, up to 32 pages, that has shown to decrease dropped
records pretty much to nil

Fallback code automatically decreases the buffer size in case
of kernel memory fragmentation - some logs are still much
better than no logs at all

Bug: 203551890
Test: manual, adb install <Apk>; checked for fallback by
  increasing max size to 1024 pages
Change-Id: I0ea46c1ad2534b1dbb5faaead52afab88b66747b
2021-10-28 14:41:48 -07:00
Keun young Park
0bccae2070 Fix vold dump
- Original code of re-opening /proc/self/fd/fd does not work
  due to selinux violation.
- fd (=pipe) passed over binder should be used as it is.

Bug: 202999256
Test: $ adb shell su root dumpsys vold
Change-Id: I1fceba89f1b07228e1677c266f87e431e93f7cb5
2021-10-13 16:50:10 -07:00
Eric Biggers
9f749bcb19 Merge "Ignore too-early earlyBootEnded on FDE devices" am: a3bd31c170 am: 979429e6c3
Original change: https://android-review.googlesource.com/c/platform/system/vold/+/1747633

Change-Id: Iff37e24d06efedebf682c37b79fdc8ec868b0739
2021-06-25 20:11:40 +00:00
Eric Biggers
a3bd31c170 Merge "Ignore too-early earlyBootEnded on FDE devices" 2021-06-25 19:43:02 +00:00
Eric Biggers
4859e0ca0f Ignore too-early earlyBootEnded on FDE devices
Don't call IKeystoreMaintenance::earlyBootEnded() too early on FDE
devices, so that keystore2 doesn't have to be restarted.

Bug: 192090857
Test: Tested FDE on Cuttlefish, both first and non-first boots.
      Verified via log that earlyBootEnded is now called only when it
      should be, and that keystore2 no longer has to be restarted.
Change-Id: I03f816db194a8276ad19ca99b3c8894e8a5fed23
2021-06-25 12:40:21 -07:00
Eric Biggers
23638cfcb3 Merge "Replace most references to Keymaster with Keystore" am: ec78a94586 am: 087a2952db
Original change: https://android-review.googlesource.com/c/platform/system/vold/+/1737853

Change-Id: Ic1b3d004e7d999e934cf47f987899c4ab378c12e
2021-06-15 22:10:10 +00:00
Eric Biggers
d86a8abec7 Replace most references to Keymaster with Keystore
Now that vold uses Keystore2 rather than the Keymaster HAL directly, and
also the new version of Keymaster is called "KeyMint" instead, replace
most of the references to Keymaster in vold with Keystore.

(I decided not to include the "2" in most places, as it seemed
unnecessarily precise in most places, and it would be something that
might need to keep being updated.  Only Keystore.{cpp,h} really need to
care about the version number.)

I didn't rename many things in cryptfs.cpp, as that file will be going
away soon anyway.  I also left "wait_for_keymaster" and "vdc keymaster
earlyBootEnded" as-is for now, as those are referenced outside vold.

Bug: 183669495
Change-Id: I92cd648fae09f8c9769f7cf34dbf6c6e956be4e8
2021-06-15 12:07:15 -07:00
Songchun Fan
0e53c1cdb0 [vold] pass along sysfs name in setOptions
Ignore-AOSP-First: Will cherry-pick to AOSP

BUG: 187308584
Test: atest CtsContentTestCases:android.content.pm.cts.PackageManagerShellCommandIncrementalTest#testInstallWithIdSigNoMissingPages
Change-Id: Iacfe6b735458051f2848b1b766c2b00198b397d9
2021-05-10 16:22:40 -07:00
Songchun Fan
046e68abd6 [vold] pass sysfs_name to mount options
Ignore-AOSP-First: Will cherry-pick to AOSP

Test: manual
BUG: 184844615
Change-Id: I216210132f49f55098c0f2d1b8d4e571b22cfcc4
2021-04-29 08:35:43 -07:00
Eric Biggers
18ba15223c vold: add getUnlockedUsers() method to Binder interface
This is needed so that system_server can remind itself about which users
have their storage unlocked, if system_server is restarted due to a
userspace reboot (soft restart).

Bug: 146206679
Test: see I482ed8017f7bbc8f7d4fd5a2c0f58629317ce4ed
Change-Id: I02f0494d827094bd41bcfe5f63c24e204b728595
(cherry picked from commit 1799debfd6)
2021-04-13 10:53:00 -07:00
Eric Biggers
23d93638c5 Merge "vold: add getUnlockedUsers() method to Binder interface" into sc-dev 2021-04-13 17:52:02 +00:00
Eric Biggers
1799debfd6 vold: add getUnlockedUsers() method to Binder interface
This is needed so that system_server can remind itself about which users
have their storage unlocked, if system_server is restarted due to a
userspace reboot (soft restart).

Bug: 146206679
Test: see I482ed8017f7bbc8f7d4fd5a2c0f58629317ce4ed
Change-Id: I02f0494d827094bd41bcfe5f63c24e204b728595
2021-04-08 12:29:57 -07:00
Alex Buynytskyy
dcfeaa1d76 Adding an option to shorten the read timeout.
E.g. during installation to protect the system.

Ignore-AOSP-First: this depends on changes to framework and/or incfs and does not make sense without them. We'll merge it at a single large scale merge later.

Bug: 160635296
Test: atest PackageManagerShellCommandTest PackageManagerShellCommandIncrementalTest IncrementalServiceTest PackageManagerServiceTest ChecksumsTest

Change-Id: I5851e1e9dbc8e8c2b331c407002cf7133bf6e35a
2021-04-08 09:58:15 +00:00
Satya Tangirala
dbbe0363bb Remove HardwareAuthToken support from vold::Keymaster am: e13617100d am: 695fadddf3 am: 57e480b3d5
Original change: https://android-review.googlesource.com/c/platform/system/vold/+/1640884

Change-Id: Ia1d707a541b18d29ad9643294f6868d48422fa78
2021-04-08 02:21:34 +00:00
Satya Tangirala
e13617100d Remove HardwareAuthToken support from vold::Keymaster
HardwareAuthTokens are no longer used by vold since Android P. So remove
the auth token parameter from vold. This patch doesn't remove the token
from IVold.aidl, and the methods in VoldNativeService.cpp return an
error if a non-empty auth token is passed to them.

Bug: 181910578
Test: cuttlefish and bramble boot with patch
Change-Id: I1a9f54e10f9efdda9973906afd0a5de5a699ada5
2021-04-07 02:05:35 -07:00
Martijn Coenen
bca322d931 Merge "vold: do not acquire lock when abort fuse" am: 717c1926fc am: d616d6e1ba am: c678a95db2
Original change: https://android-review.googlesource.com/c/platform/system/vold/+/1639945

Change-Id: I7c52c6ce39a37ce8fbc719fd8f242d2106e344bf
2021-03-19 09:44:14 +00:00
lijiazi
ffe7622d83 vold: do not acquire lock when abort fuse
reboot maybe cause a deadlock scenario:

1:init->vdc->vold for abort_fuse blocked on futex hold by another
vold binder_x

2:binder_x blocked in binder_ioctl_write_read wait a dead service's
response

3:dead service is exiting and schedule a deferred work for put files
in binder_vma_close, after put files is completed, the binder_x will
eventually wake up

4:kworker execute binder_deferred_work is blocked on fuse request:
crash> bt 1707
PID: 1707   TASK: ffffffe366175e80  CPU: 2   COMMAND: "kworker/2:4"
 #0 [ffffff801b8b3ac0] __switch_to at ffffff962ce88a60
 #1 [ffffff801b8b3b10] __schedule at ffffff962e2d3d30
 #2 [ffffff801b8b3b70] schedule at ffffff962e2d3ff4
 #3 [ffffff801b8b3bc0] __fuse_request_send at ffffff962d20e008
 #4 [ffffff801b8b3c00] fuse_request_send at ffffff962d20deac
 #5 [ffffff801b8b3c30] fuse_flush at ffffff962d217fa4
 #6 [ffffff801b8b3c80] filp_close at ffffff962d0bd7b4
 #7 [ffffff801b8b3cb0] put_files_struct at ffffff962d0e7658
 #8 [ffffff801b8b3d30] binder_deferred_func at ffffff962dc9e60c
 #9 [ffffff801b8b3d90] process_one_work at ffffff962cee761c
 #10 [ffffff801b8b3e00] worker_thread at ffffff962cee7a68
 #11 [ffffff801b8b3e60] kthread at ffffff962ceecc14
waiting for init abort_fuse

suggested by maco, do not acquire lock when abort fuse.

Test: reboot stress test

Change-Id: If6dd7f5e9c413a16ba047204c33d82d6ff41c4ae
Signed-off-by: lijiazi <lijiazi@xiaomi.com>
2021-03-17 10:11:18 +00:00
Treehugger Robot
f26b013a19 Merge "Obtain incfs features early in the booting sequence." am: 915f6227a7 am: a9838cc3d3 am: ef885d3deb
Original change: https://android-review.googlesource.com/c/platform/system/vold/+/1585413

MUST ONLY BE SUBMITTED BY AUTOMERGER

Change-Id: I1af24c06a0fa58f11a754bfc22b43f0a7837e12b
2021-02-13 10:16:50 +00:00
Alex Buynytskyy
b02e7b698e Obtain incfs features early in the booting sequence.
Has to be done before SystemConfig initialization to set correct
Incremental version feature.

Bug: 180010901
Test: atest PackageManagerShellCommandTest PackageManagerShellCommandIncrementalTest IncrementalServiceTest PackageManagerServiceTest ChecksumsTest
Change-Id: I262d1f06aecb481f37bf82005c85fed02c476510
2021-02-12 08:39:13 -08:00
Seth Moore
e6ed5c0b7d Merge "Add support for binding storage encryption to a seed" am: 6207c9cde4 am: 4c110af013 am: 0bdfada404
Original change: https://android-review.googlesource.com/c/platform/system/vold/+/1553317

MUST ONLY BE SUBMITTED BY AUTOMERGER

Change-Id: I496422108eedcb352d2fb45181ba4fc035c59e19
2021-01-27 04:19:46 +00:00
Seth Moore
5a43d61e66 Add support for binding storage encryption to a seed
With this change, vold exposes an API that may be used to bind key
storage encryption keys to a given seed value. The seed value passed to
vold must be consistent across reboots, or key storage keys will not be
derived consistently. The seed is expected to be set very early in boot,
prior to the use of any key storage encryption keys.

This feature is intended to be used for embedded applications such as
in autos, where the seed may be provided by some other component of the
system. In such systems, there is a default user that is automatically
signed in without a PIN or other credentials. By binding the file
encryption to a platform-provided seed, the default user's data gains
additional protection against removal of the Android embedded device
from the integrated system.

Bug: 157501579
Test: Set seed at startup via init.rc. Seed changes fail as expected.
Change-Id: I9b048ec5e045b84c45883724ace2356d4ef6244d
2021-01-26 21:30:19 +00:00
Yurii Zubrytskyi
a4b424ef64 Merge "IncFS: pass over the new .blocks_written IncFS control file" 2021-01-25 16:47:23 +00:00
Yurii Zubrytskyi
0c0f83902d IncFS: pass over the new .blocks_written IncFS control file
Bug: 170231230
Test: incremental and PackageManager unit tests
Ignore-AOSP-First: new IncFS API is an internal-first topic
Change-Id: I7fccaf367d4b98294e2e6da4460792514147d954
2021-01-19 10:30:14 -08:00
Ricky Wai
a2ca11e49b Add a method in vold to unmount app data and obb dir for testing
This new method will be used in new sm command.
Tests can use this so data and obb dirs are unmounted, and won't
be killed when volume is unmounted.

Bug: 148049767
Test: New sm command able to unmount app's data and obb dirs
Change-Id: Ifbc661ca510e996abd4b7ce1fb195aaa7afc37ad
2021-01-18 13:47:44 +00:00
Ricky Wai
e78c78c2e6 Remove persist.sys.fuse == false code paths
Since Android R, the FUSE prop is always on and FUSE-off is no longer
supported

Test: m
Bug: 160159282
Merged-In: Ic4414b850511fe3b4fc6df3f8b736d21335db820
Change-Id: I5a7643f9ca2f37cd7f264331df76b42df31988d5
2021-01-14 15:51:54 +00:00
Jaegeuk Kim
fe2ded08fc Merge "Let vold format the encrypted partition" am: 9cecd65006 am: d062817906 am: f25b1c1236
Original change: https://android-review.googlesource.com/c/platform/system/vold/+/1530599

MUST ONLY BE SUBMITTED BY AUTOMERGER

Change-Id: I7a9882527f09a4b54f0b2ccf81c9b9346f614218
2021-01-06 20:22:32 +00:00
Jaegeuk Kim
0c52c7125f Let vold format the encrypted partition
Bug: 172378121
Signed-off-by: Jaegeuk Kim <jaegeuk@google.com>
Change-Id: I03997eb4cbf25a80e36ea738c50e0adb7f4013dd
2020-12-22 11:28:50 -08:00
rickywai
52e1e46be5 Merge "Check if storage app data and obb directories exist in vold" am: 168893621b am: fac72e2ec8 am: 76e648d54a
Original change: https://android-review.googlesource.com/c/platform/system/vold/+/1515332

MUST ONLY BE SUBMITTED BY AUTOMERGER

Change-Id: I63ba5f93b53f4eba2850b8e1f3b8a74c3fd9814d
2020-12-14 14:59:49 +00:00
Ricky Wai
bbfb6ea1ac Check if storage app data and obb directories exist in vold
As storage is not mounted in system server, we use vold
to check if storage app data and obb directories exist instead.

We add a method in vold so it only creates app data and obb dirs
if dirs do not exist to speed up app starting time.

Bug: 160336374
Test: Data and obb directories are created when a new app is started
Change-Id: I1bd784d9c9e05463f71433fc782ac4e0c831cbf1
2020-12-03 15:38:03 +00:00
Martijn Coenen
1c0bde3f55 Merge "Call earlyBootEnded from vdc." am: 17ebcf7f99 am: 87869c2b77 am: 7faba479e3 am: a108cd8816
Original change: https://android-review.googlesource.com/c/platform/system/vold/+/1496221

Change-Id: Ifd7684874471d3fe9ed144f98a63f8727a6435be
2020-11-18 09:23:10 +00:00
Martijn Coenen
eed957f6a4 Call earlyBootEnded from vdc.
This allows us to determine the place where early boot ends from init.
It also allows fixing a bug where early boot wasn't ended previously on
devices without metadata encryption.

Bug: 168585635
Bug: 173005594
Test: inspect logs
Change-Id: I78775672a7d3c140e007235a10fb1d1bc816fcee
2020-11-12 11:03:27 +01:00
Yo Chiang
cce4fdc8f1 Merge "Add IVold::destroyDsuMetadataKey()" am: cb581cc8de am: 3ae0c6737c am: 9502610f8e am: a182ca0ef1
Original change: https://android-review.googlesource.com/c/platform/system/vold/+/1452395

Change-Id: I3dd03f19011a5045425f665727b6c439d40c07df
2020-10-26 07:05:58 +00:00
Yo Chiang
0af25a3a98 Add IVold::destroyDsuMetadataKey()
destroyDsuMetadataKey() / destroy_dsu_metadata_key() calls
android::gsi::GetDsuMetadataKeyDir() to query the DSU metadata
encryption key dir and destroy the key.
This releases the resource and allows consecutive DSU installations to
use the same key *directory*, but not the same key *blob*.

Bug: 168571434
Test: 1. Install a DSU system.
  2. Boot the DSU system and reboot back to the host system.
  3. Wipe the DSU installation.
  4. DSU metadata key dir /metadata/vold/metadata_encryption/dsu/dsu is
     destroyed.
Change-Id: Ib851177315a5a266807f46ccfd446de1848232cf
2020-10-13 16:00:43 +08:00
Eric Biggers
c2c2189ed7 Merge "vold: remove checkEncryption" am: 2d9777bfbf am: 15c0d3e5d0 am: 4cd238b900 am: c36d0e23bb am: 02c65ccdc6
Original change: https://android-review.googlesource.com/c/platform/system/vold/+/1363339

Change-Id: Ifd363d28586b1d91092c2eb0f93b1e57ec965d79
2020-07-16 21:54:18 +00:00
Eric Biggers
4cd238b900 Merge "vold: remove checkEncryption" am: 2d9777bfbf am: 15c0d3e5d0
Original change: https://android-review.googlesource.com/c/platform/system/vold/+/1363339

Change-Id: I23b9a01632b61a92896ae83e2152fa047dd85c48
2020-07-16 21:00:33 +00:00
Eric Biggers
b7a14053c3 vold: remove checkEncryption
The testing-only "checkEncryption" command has been replaced with
VtsKernelEncryptionTest [1].  In particular, the metadata encryption
documentation [2] no longer mentions checkEncryption but rather
recommends running VtsKernelEncryptionTest.  Also, checkEncryption
hasn't really been maintained, and it has some known bugs; it's unclear
that many people ever really used it.

So, just remove it.

[1] https://android.googlesource.com/platform/test/vts-testcase/kernel/+/refs/heads/master/encryption/
[2] https://source.android.com/security/encryption/metadata#tests

Bug: 155037012
Change-Id: I258829c60768fd11aafdf2faad956cecc1ae9826
2020-07-15 11:21:33 -07:00
Zim
415d99dd20 Remove persist.sys.fuse == false code paths
Since Android R, the FUSE prop is always on and FUSE-off is no longer
supported

Test: m
Bug: 160159282
Change-Id: Ic4414b850511fe3b4fc6df3f8b736d21335db820
2020-06-30 21:59:46 +01:00