Commit graph

1888 commits

Author SHA1 Message Date
Paul Crowley
b64933a502 Be even more C++. Switch on a warning.
Remove lots of "extern C" and "ifdef __cplusplus" which are no longer
needed now all of vold is C++. Also turn on the cert-err58-cpp warning
we once had to disable.

Bug: 67041047
Test: compiles, boots
Change-Id: I8c6f9dd486f2409e0deed7bb648d959677465b21
2017-10-31 08:40:23 -07:00
Jeff Sharkey
2048a2865c Test that plaintext can't be read from disk for encrypted files.
Bug: 36029169
Test: tested by hand on Taimen
Change-Id: I5717a8630bb2c8d8fe5c343d519c4e59862ecbdf
2017-10-27 15:14:56 -07:00
Paul Crowley
2d64b91823 Improve VDC's logging on failure.
Also refactor.
Bug: 36029169
Test: ensure that a command fails, check logs for failure.

Change-Id: I1dece2982f762f4522e17d45b5f04af104b95861
2017-10-27 13:37:24 -07:00
Paul Crowley
26a53888a4 When we forget a volume, forget per-volume key
Protect all per-volume-per-user keys with a per-volume key, which is
forgotten when the volume is forgotten. This means that the user's key
is securely lost even when their storage is encrypted at forgetting
time.

Bug: 25861755
Test: create a volume, forget it, check logs and filesystem.
Change-Id: I8df77bc91bbfa2258e082ddd54d6160dbf39b378
2017-10-26 12:19:09 -07:00
Paul Crowley
c6433a299d Forget keys when we forget the volume.
Bug: 25861755
Test: create a volume, forget it, check logs and filesystem.
Change-Id: I0ab662969c51703cb046d57b72330e0f14447ef3
2017-10-26 12:19:03 -07:00
Paul Crowley
ff19b05e8e Fix errors on non-keymaster keys
If it's not a keymaster key, don't try to invalidate or delete the key
blob.

Bug: 25861755
Test: Create and forget a volume, check logs and files.
Change-Id: If8bfb1a9ab41e6c7e46bc311eb296242e56d264f
2017-10-26 11:38:14 -07:00
TreeHugger Robot
6d9afa8d49 Merge "Create subdirectories in misc_ce/misc_de for storaged" 2017-10-25 20:34:49 +00:00
Jin Qian
f39614449d Create subdirectories in misc_ce/misc_de for storaged
Test: Boot device, check directories created
Bug: 63740245
Change-Id: Ie3f593e2cceb99ea7e86614d6b0d7b34f8c7034c
2017-10-24 17:26:44 -07:00
Paul Crowley
3aa914d4a9 Give SD cards their own keys and modes.
When we set up encryption on real volumes - not just /data - we should
give them their own keys, so that these keys can be deleted when the
volume is forgotten. Also, we must choose the encryption modes
differently, since ICE encryption which works on /data may not work on
such volumes.

Bug: 25861755
Test: boot device, add SD card, check modes.
Change-Id: I354cd651757c3566dba046ae99d324833ad9b0e5
2017-10-24 15:27:04 -07:00
Paul Crowley
82b41ff837 Convert vold_prepare_subdirs to C++
Minimize overhead in boot by replacing shell script invoked multiple
times with a C++ program invoked once.

Bug: 67901036
Test: create user, run adb shell ls -laZ /data/misc_ce/10; delete user
    and check logs.
Change-Id: I886cfd6505cca1f5b5902f2071e13f48e612214d
2017-10-24 15:26:58 -07:00
Jeff Sharkey
3ce18256a1 Pass both partition GUID and filesystem UUID.
FDE keys are indexed using the partition GUID, while FBE keys will be
indexed using the filesystem UUID, so pass both of those identifiers
along when forgetting a volume.

Test: cts-tradefed run commandAndExit cts-dev -m CtsAppSecurityHostTestCases -t android.appsecurity.cts.AdoptableHostTest
Bug: 25861755
Change-Id: I6e239d5ba67a01c9a848d705f6167da00f975924
2017-10-24 12:19:47 -06:00
Jeff Sharkey
ac46172c79 Merge "Move vold to Android.bp." 2017-10-24 18:19:08 +00:00
Jeff Vander Stoep
236bae4ecc Merge "Check that dir name is a pid before attempting to read" am: 6419445383 am: c923127e23
am: fa8acb3220  -s ours

Change-Id: Id2abc9f0404c3107439e7cf2fb75bb6aeeb46c75
2017-10-24 17:38:30 +00:00
Jeff Vander Stoep
fa8acb3220 Merge "Check that dir name is a pid before attempting to read" am: 6419445383
am: c923127e23

Change-Id: Ie64df29420d9a6dac7bd5b1f47b4c6c9cda8f078
2017-10-24 17:24:58 +00:00
Jeff Vander Stoep
c923127e23 Merge "Check that dir name is a pid before attempting to read"
am: 6419445383

Change-Id: I8b7639934bcee660bcd84f83afae5cc2c17bae15
2017-10-24 17:19:58 +00:00
Treehugger Robot
6419445383 Merge "Check that dir name is a pid before attempting to read" 2017-10-24 17:15:03 +00:00
TreeHugger Robot
9fd7559813 Merge "Check that dir name is a pid before attempting to read" 2017-10-24 16:04:22 +00:00
Jeff Vander Stoep
a997db73d6 Check that dir name is a pid before attempting to read
Prevents selinux denials for folders in /proc that do not have the
default /proc label.

Bug: 68146208
Test: no selinux denials for vold attempting to read proc_asound dir.
Merged-In: I7cdd3bbe8e687e078372012773e9a34a5c76e0f8
Change-Id: I7cdd3bbe8e687e078372012773e9a34a5c76e0f8
2017-10-24 14:04:27 +00:00
Jeff Vander Stoep
5889083d71 Check that dir name is a pid before attempting to read
Prevents selinux denials for folders in /proc that do not have the
default /proc label.

Bug: 68146208
Test: no selinux denials for vold attempting to read proc_asound dir.
Change-Id: I7cdd3bbe8e687e078372012773e9a34a5c76e0f8
2017-10-24 07:03:01 -07:00
Jeff Sharkey
d16dc5089b Move vold to Android.bp.
Test: builds, boots
Bug: 67041047
Change-Id: Ife9118d274fc92d30b38d216f815741a060a04b7
2017-10-23 17:27:49 -06:00
TreeHugger Robot
947a57e76d Merge "Undo Utils dependency on VolumeManager" 2017-10-20 18:52:55 +00:00
Paul Crowley
56292ef119 Undo Utils dependency on VolumeManager
I want to use Utils in another executable, so breaking this link.

Bug: 25861755
Test: compiles (and boots, though that doesn't exercise changed code)
Change-Id: I6bb447453bb370fefb7f2f3aceb459428bdee6a7
2017-10-20 10:05:36 -07:00
Jeff Sharkey
f4304de64a Merge "Use sgdisk to create better-aligned MBR tables." 2017-10-20 16:04:57 +00:00
Chih-hung Hsieh
20a042e5ff Merge "Use -Werror in system/vold/tests" am: d6d0e91c62 am: 7718457dfc am: 2412d496c8
am: 192ebf8acb

Change-Id: I1c2346c160190e26e4023e2aa4c1091ebf7621ba
2017-10-19 23:49:12 +00:00
Chih-hung Hsieh
192ebf8acb Merge "Use -Werror in system/vold/tests" am: d6d0e91c62 am: 7718457dfc
am: 2412d496c8

Change-Id: Ibf15a38de8902c31fdb970d6aa2970c710480bbe
2017-10-19 23:34:51 +00:00
Chih-hung Hsieh
2412d496c8 Merge "Use -Werror in system/vold/tests" am: d6d0e91c62
am: 7718457dfc

Change-Id: I74f21fe6a41d2585a05c6e0c47e80b9041bae588
2017-10-19 23:24:20 +00:00
Chih-hung Hsieh
7718457dfc Merge "Use -Werror in system/vold/tests"
am: d6d0e91c62

Change-Id: Idc41239ba5d67954dfb7d6e61e31768dafdd3599
2017-10-19 23:18:12 +00:00
Chih-hung Hsieh
d6d0e91c62 Merge "Use -Werror in system/vold/tests" 2017-10-19 22:33:52 +00:00
Chih-Hung Hsieh
8646da062a Use -Werror in system/vold/tests
* Comment out unused function.

Bug: 66996870
Test: build with WITH_TIDY=1
Change-Id: I7a23573af0d664a5f39f1cde3a22ac0001dac1ac
2017-10-19 11:51:20 -07:00
Chih-Hung Hsieh
27c0d952cb Use -Werror in system/vold/tests
Bug: 66996870
Test: build with WITH_TIDY=1
Change-Id: Ied1f6160124d10d81151d401ed4a0b089816abb3
2017-10-19 10:07:38 -07:00
Jeff Sharkey
4ddf576ca8 Merge "Introduce lock for SELinux process-level changes." 2017-10-19 15:02:53 +00:00
Jeff Sharkey
ab76449988 Merge "Use main thread for Binder transactions." 2017-10-19 15:02:52 +00:00
Jeff Sharkey
ae4f85d2ff Introduce lock for SELinux process-level changes.
Used to protect process-level SELinux changes from racing with each
other between multiple threads.

Test: builds, boots
Bug: 67041047
Change-Id: I242afed3c3eb7fba282f1f6b3bdb2d957417c7e8
2017-10-18 17:02:24 -06:00
Jeff Sharkey
93396c14a8 Use main thread for Binder transactions.
Make the main thread do something useful instead of sitting around
twiddling its thumbs.

Test: builds, boots
Bug: 67041047
Change-Id: I88f7f4fe151ae2b81f80aa575530c12b56ba4d75
2017-10-18 16:54:46 -06:00
TreeHugger Robot
130a7bf084 Merge "Get ourselves some clang-format." 2017-10-18 21:26:21 +00:00
Jeff Sharkey
68f1b8bdfb Use sgdisk to create better-aligned MBR tables.
We heavily leverage sgdisk, which already has a bunch of logic to
optimally align partitions.  We've been using it for the adoptable
storage GPT tables, and now we also use it for MBR tables.

Test: cts-tradefed run commandAndExit cts-dev --abi armeabi-v7a -m CtsAppSecurityHostTestCases -t android.appsecurity.cts.AdoptableHostTest
Bug: 63735902
Change-Id: I846a8c96930ec2c6ab12e54dc2d464b17f7c54a9
2017-10-18 14:09:54 -06:00
Jeff Sharkey
2c36966b1a Get ourselves some clang-format.
These are the same rules used by system/core/.  We'll apply it to
existing code in a future CL.

Test: none
Bug: 67041047
Change-Id: I407581a9ba155aea87ac87f231f5269f7c444a2e
2017-10-18 12:17:36 -06:00
Jeff Sharkey
01a0e7fa18 Fix task memory leaks; better path validation.
We've been allocating task objects without freeing them, oops.  We
don't really need full classes for these tasks, so move them to
blocking methods, and invoke them from a detached thread.

Remove FIDTRIM support, which isn't meaningful on UFS-based flash
devices.  Modern devices require FBE/FDE which gives us better
protection against trimmed data lingering around.

Rename "Trim" to more generic "IdleMaint", since it'll soon extend
to include custom F2FS optimization logic.

Check for shady ".." when validating paths.

Test: cts-tradefed run commandAndExit cts-dev -m CtsOsTestCases -t android.os.storage.cts.StorageManagerTest
Test: cts-tradefed run commandAndExit cts-dev --abi armeabi-v7a -m CtsAppSecurityHostTestCases -t android.appsecurity.cts.AdoptableHostTest
Bug: 67041047
Change-Id: I4fb194c5d5ef13f413c02acedfbaaf79c567582b
2017-10-18 11:44:57 -06:00
TreeHugger Robot
a6f6285875 Merge "Move to modern utility methods from android::base." 2017-10-17 23:29:27 +00:00
Jeff Sharkey
3472e52fc2 Move to modern utility methods from android::base.
Moves away from crufty char* operations to std::string utility
methods, including android::base methods for splitting/parsing.

Rewrite of how Process handles scanning procfs for filesystem
references; now uses fts(3) for more sane traversal.

Replace sscanf() with new FindValue() method, also has unit tests.

Remove some unused methods.  Switch almost everyone over to using
modern logging library.

Test: cts-tradefed run commandAndExit cts-dev -m CtsOsTestCases -t android.os.storage.cts.StorageManagerTest
Test: cts-tradefed run commandAndExit cts-dev --abi armeabi-v7a -m CtsAppSecurityHostTestCases -t android.appsecurity.cts.AdoptableHostTest
Bug: 67041047
Change-Id: I70dc512f21459d1e25b187f24289002b2c7bc7af
2017-10-17 12:40:51 -06:00
Paul Crowley
06f762d577 Validate filesystem UUIDs in Binder calls.
Test: boots
Bug: 67041047
Change-Id: I7bb21186db8cd709a9adfc5f9d0dedb069b2cff3
2017-10-17 11:01:45 -07:00
Paul Crowley
8e55066845 Recursively delete subdirs when deleting
Use vold_prepare_subdirs since only it has the privilege needed.

Bug: 25861755
Test: Boot device, create user, create files, remove user, observe logs
Change-Id: I90fb2517ccd177c9b009001e7a2b00f537152f8c
2017-10-17 10:44:17 -07:00
Paul Crowley
1a9652613a Create subdirectories of misc_ce/misc_de when needed
Bug: 25861755
Test: Boot device, check directory exists as it should.
Change-Id: I413631452e8e0bdd869887091f8b077bd5f9297e
2017-10-16 11:36:32 -07:00
Paul Crowley
3b71fc5100 Be more C++. volume UUID should always be std::string.
Test: boots
Bug: 67041047
Change-Id: I36d3944ae8de192703b9ee359900841b833fe3a1
2017-10-09 13:36:35 -07:00
Paul Crowley
a7ca40bd70 Remove dead code; move code out of cryptfs that doesn't belong.
Test: Marlin boots
Change-Id: I5c3fc21fef336b301981d6eff6f6ea242f30f66c
2017-10-06 14:29:33 -07:00
Paul Crowley
6b756ce5e9 Don't re-prepare main storage when preparing SD card storage
Test: Boots correctly, logs show main storage no longer prepared when
SD card is.

Change-Id: I9a123436e7083d8331c7543fe77aa6587b28db9f
2017-10-05 14:07:09 -07:00
Paul Crowley
82e249ac7d Merge "Remove CheckBattery altogether" into stage-aosp-master am: db436c7999 am: 45aa0f6c51
am: e2d1d99f1a

Change-Id: I89ce2407bb3ac648789b8c583e82106c07523b64
2017-10-04 05:31:41 +00:00
Paul Crowley
e2d1d99f1a Merge "Remove CheckBattery altogether" into stage-aosp-master am: db436c7999
am: 45aa0f6c51

Change-Id: I91e0b067e313869417b8b18d9f65f8d0f2acc894
2017-10-04 05:29:30 +00:00
Paul Crowley
45aa0f6c51 Merge "Remove CheckBattery altogether" into stage-aosp-master
am: db436c7999

Change-Id: I65e49db994bbfe266772fa36ed97bee4e4468d5b
2017-10-04 05:27:10 +00:00
TreeHugger Robot
db436c7999 Merge "Remove CheckBattery altogether" into stage-aosp-master 2017-10-04 05:22:11 +00:00