Having prepare_dir() and EnsurePolicy() be separate operations is
error-prone; it lengthens the window of time that files could
accidentally be created in new directories before they are encrypted,
and it makes it easier to accidentally never encrypt a directory.
To partially address this, add a function prepare_dir_with_policy() that
combines the two steps, and use it everywhere possible. This function
is now the only place in vold that calls EnsurePolicy().
As a follow-up change, we could go a bit further and make this helper
function create the directory under a temporary name and move it into
place already-encrypted. This change just focuses on getting the helper
function in place, without changing the behavior too much.
Change-Id: I98ab345df235120db6727f7dbe0da6a8b6ef2579
Prepare these directories during initUser0. This greatly shortens the
gap between the creation and encryption of /data/user/0, and this makes
it possible to remove init's write access to all directories containing
per-user encrypted directories.
Bug: 156305599
Change-Id: Ibf3d25356e8f0bca70da078c5d2428ae8615240e
There is no reason for this function to sometimes return the legacy
alias "/data/data" for /data/user/0. Just use /data/user/0 instead.
Bug: 156305599
Change-Id: I305a9463c1bf0a59495c34ef33430f92257c2f0d
Make vold explicitly set the appropriate fscreate SELinux context when
creating per-user subdirectories such as /data/user/$userId. This is
needed for these subdirectories to get the correct SELinux labels after
the sepolicy change https://r.android.com/2078213 changes their parent
directories to have different labels.
Note: the helper function being changed is also used for some other
directories, such as subdirectories of /data/misc/vold. But this is
fine since they still get the same labels as before.
Test: see https://r.android.com/2078213
Bug: 156305599
Change-Id: Id61c2d985144007059c563cec91b1355176e915c
Before doing anything else in fscrypt_prepare_user_storage(), error out
if adoptable storage is being prepared before internal storage. Without
this explicit check, making this mistake results in a sequence of weird
errors that is hard to trace back to the actual problem.
Bug: 231387956
Change-Id: Ib26cc1bd46ffa2578f6f0156dfacc5496dae3178
The flag -warnings-as-errors embedded in tidy_flags
is difficult to process and error-prone.
They should be replaced with the new tidy_checks_as_errors list.
Bug: 229801437
Test: make tidy-system-vold
Change-Id: I801e73dce5f08fe1ca5bc49de633706ad2cdf986
* changes:
vold: remove overprovision area from free segments
vold: do not set gc sleep time with zero dirty segments
vold: add gc period in setGCUrgentPace
overprovision space and reserved area should be subtracted when we
calculate free segments count in GC for data blocks.
Test: check Vold setGCUrgentPace log
Bug: 202283480
Bug: 181079477
Signed-off-by: Daeho Jeong <daehojeong@google.com>
Change-Id: I7b749588ff794ff0429e17a787d83bcc19af0ec1
It enables encrypt, proejct_quota, verity by default.
Bug: 225401790
Signed-off-by: Jaegeuk Kim <jaegeuk@google.com>
Change-Id: I6c6dc81b8e62b20b0107d40a9ed5b645cdafbda1
Make vold log warnings and errors to the kernel log until both
init_user0 has run and /data is mounted. Previously it only logged
errors, and not warnings, to the kernel log until /data is mounted.
This is helpful to diagnose failures of init_user0, since adb still
isn't started by that point.
Also, error messages can be misleading without seeing related warning
messages, e.g. the following which is expected on many devices:
E vold : keystore2 Keystore generateKey returned service specific error: -67
W vold : Failed to generate rollback-resistant key. This is
expected if keystore doesn't support rollback
resistance. Falling back to non-rollback-resistant key.
Therefore, increase the log level to WARNING and above.
Test: Intentionally broke fscrypt_init_user0(), then verified that the
error and warning messages appear in the kernel log on Cuttlefish.
Bug: 205314634
Bug: 222540970
Change-Id: Ia751f7c88cbf28caf81e891a518953cc0cee911e
Now that none of these methods are used anymore, we can remove them.
Also remove the related constants.
Bug: 208476087
Change-Id: I1f56c8e05fb3fba09aab4bf5f8609b0f552b8999
When there is not enough dirty segments to reclaim, we don't have to set
gc sleep time.
Test: Run smart idle maint with zero dirty segments
Bug: 202283480
Bug: 181079477
Signed-off-by: Daeho Jeong <daehojeong@google.com>
Change-Id: If6a9965ecb9b1a91bf5d0dd763d5fa0af63348e0
To make gc period changable, added a new gcPeriod parameter to
setGCUrgentPace.
Test: adb shell device_config put storage_native_boot smart_idle_maint_period 10
Bug: 202283480
Bug: 181079477
Signed-off-by: Daeho Jeong <daehojeong@google.com>
Change-Id: I4e44a80ea5b51d9a7cde69d25e129dd0673b271f
We want to store sdk data on the same volume as app data. Since sdk data
is stored in misc_ce and misc_de directory, we need to ensure they exist
on adopted storage mounted at /mnt/expand/<volume-uuid>.
This CL creates `/mnt/expand/<volume-uuid>/misc_{ce,de}` directories
when disk is mouted and then when user storage is prepared, the sdk root
directory is created.
By having these directories, we can now move the sdk data to other
volume when app data is moved.
Bug: b/222034645
Test: atest SdkSandboxStorageHostTest (see ag/17120883)
Ignore-AOSP-First: End to end test added which exists in internal branch
only. Will cherry-pick this CL to aosp standalone once it is safely
merged to internal branch.
Change-Id: I0e73d9ce105abec4b77c378cde58aa7365258f01
Merged-In: I0e73d9ce105abec4b77c378cde58aa7365258f01
(cherry picked from commit b459591fd1)
There have been two bugs where people use !metadata_encryption.empty()
to check whether metadata encryption is enabled. It should actually be
!metadata_key_dir.empty(), since 'metadata_encryption' is the encryption
options, which can be empty if the defaults are sufficient.
Rename the field in FstabEntry appropriately.
To avoid breaking fstab files, don't rename the flag in the fstab file
itself. So, now the fstab flags map to FstabEntry fields as follows:
keydirectory => metadata_key_dir
metadata_encryption => metadata_encryption_options
Change-Id: I3b5e28c273950bcf13bfd433aaaa49d1e92e177c
metadata_key_dir controls whether metadata encryption is enabled, not
metadata_encryption which is just the encryption options and can be
empty if the default options are sufficient.
Bug: 198405417
Fixes: 156d9d2293 ("Pre-create userdata metadata encryption device.")
Change-Id: I98ee253c7e5e738ee087ec07ed60f4a376ca7cee
The bug this TODO references has been closed, so replace the TODO with
an explanation of why the code is correct.
Bug: 185811713
Change-Id: I8f4230ab3e290f8ffa8ca25aaa188e8d7156cf8e
We need to reduce F2FS GC intensity for smart idle maintenance service
not to interfere with other I/O activities.
Test: check smart idle maintenance log every hour
Bug: 202283480
Bug: 181079477
Signed-off-by: Daeho Jeong <daehojeong@google.com>
Change-Id: Ideb1641a1539a23828bc8b00d9739c8128a984c0
These are no longer used.
Test: atest com.android.server.locksettings
Bug: 184723544
Change-Id: I6160d30deb138a5366532de84cbf6f02cbc69b8c
(cherry picked from commit 5bb9faab49)
Merged-In: I6160d30deb138a5366532de84cbf6f02cbc69b8c
ag/17002484 does not disable fuse-bpf as hoped when the device has once
booted with fuse-bpf enabled, since the persistent property persists
Change name of property as read to disable feature regardless of current
state
Bug: 221892618
Test: fuse-bpf is disabled even if persist.sys.fuse.bpf.enable is true
Change-Id: I423d05d24809b097d02ca5845ab16283edc953b0
Merged-In: I423d05d24809b097d02ca5845ab16283edc953b0
Remove the "enablecrypto" and "mountdefaultencrypted" commands, since
they aren't used anymore. These were specific to FDE, for which support
has been removed.
Bug: 208476087
Change-Id: I2045488034dca46a97e50c5124182375691d09f9
Now that FDE support has been removed, encrypt_inplace() is only used by
metadata encryption, which passes false for the set_progress_properties
parameter. Therefore, remove the set_progress_properties parameter and
the associated code to update the "vold.encrypt_inplace" and
"vold.encrypt_time_remaining" system properties.
Note that encrypt_inplace() still keeps track of its progress to some
extent, for the purpose of printing log messages; that hasn't changed.
Bug: 208476087
Change-Id: If695db1c4e23f568ff865bccc9fc1b98148815be
