We are investigating replacing make_ext4fs with the upstream tool mke2fs.
See b/23686092 for more informations.
To mitigate the trouble that may arise if the new tool behave differently
compared to the old one, there will be a transition period where both mke2fs
and make_ext4fs will be supported.
This patch does 3 things:
- add the necessary code to use mke2fs to format an ext4 partition;
- add a dependency to the binary used by vold.
Test: m -j32 with TARGET_USES_MKE2FS={,false,true}
TARGET_USERIMAGES_USE_EXT4={,true}
Change-Id: I89222642fe1d11a035155c8224b84b2e3719938b
This replaces the libmincrypt dependency with libcrypto_utils, which
is needed due to libfec and fs_mgr switching to BoringSSL.
Change-Id: I4f6f4d8cc5e200679331a9bcdf2cc3bad1082dd6
Give callers the option of preparing CE and/or DE storage. The
framework will only prepare CE storage after the CE keys have been
unlocked for that user.
When init is calling enablecrypto, kick off the work in a thread so
that we can make other calls back into vold without causing
deadlock. Leaves blocking call intact for framework callers.
Clean up 'vdc' tool to send useful transaction numbers, and
actually watch for the matching result to come back. This fixes
race conditions when there are multiple 'vdc' callers.
Also add other system and misc directories to match spec.
Bug: 25796509
Change-Id: Ie4f853db6e387916b845d2b5fb92925d743b063d
e2fsck and fsck.f2fs must run in the fsck domain. Add call to
setexeccon() to tell selinux to run in the fsck domain on exec.
Addresses:
avc: denied { execute_no_trans } for path="/system/bin/e2fsck" dev="mmcblk0p41" ino=241 scontext=u:r:vold:s0 tcontext=u:object_r:fsck_exec:s0 tclass=file
Bug: 26872236
Change-Id: Ib2a583aeefc667f8aa67532e0ac0ff9619b65461
The key storage module didn't comply with Android coding standards
and had room for improvemnet in a few other ways, so have cleaned up.
Change-Id: I260ccff316423169cf887e538113b5ea400892f2
Instead of writing raw keys, encrypt the keys with keymaster. This
paves the way to protecting them with auth tokens and passwords later.
In addition, fold in the hash of a 16k file into their encryption, to
ensure secure deletion works properly.
Now even C++ier!
Bug: 22502684
Bug: 22950892
Change-Id: If70f139e342373533c42d5a298444b8438428322
Much nicer C++ style logging, but the main reason is to clean up
AutoCloseFD.h so I don't have to use cutils to use it.
Change-Id: I7a7f227508418046eecce6c89f813bd8854f448a
Refactor fstrim code to be encapsulated in unique task object, and
give it option of benchmarking when finished. Trimming now includes
both storage from fstab and adopted private volumes. Cleaner timing
stats are logged for each unique volume.
Add wakelock during ongoing async move tasks. Push disk sysfs path
to framework so it can parse any SD card registers as desired.
Bug: 21831325
Change-Id: I76577685f5cae4929c251ad314ffdaeb5eb1c8bf
When formatting volumes, pass along fsType string which can be "auto"
to let the volume select the best choice. For now, private volumes
assume that MMC devices (like SD cards) are best off using f2fs when
both kernel support and tools are present, otherwise fall back to
ext4. Use blkid when mounting to pick the right set of tools.
Move filesystem utility methods into namespaces and place in separate
directory to be more organized.
Bug: 20275581
Change-Id: Id5f82d8672dda2e9f68c35b075f28232b0b55ed4
In order to prevent this bug from happening, we must allow vold cryptfs
commands to complete while a long running mount is underway.
While waiting for vold to be changed to a binder interface, we will simply
create two listeners, one for cryptfs and one for everything else.
Bug: 19197175
Change-Id: If74142aa81abd58f718a9de6c9e387f6ea442754
Now that we're offering to store private app data on adopted storage
devices, the performance of those devices is much more important to
overall user experience.
To help set user expectations, this change offers to execute a
real-world benchmark on a storage device, returning a metric that can
be used to compare internal and external storage. The benchmark is
generated from the strace-instrumented storage access patterns of
typical apps.
A typical device completes the benchmark in under two seconds on
internal storage, a UHS-3 SD card is even faster (!), but a very slow
Class 4 SD card takes about 30 seconds to complete, giving us a clear
signal.
The measured benchmark numbers are logged along with information
about the storage device, such as manufacturer, model, etc. Card
serial numbers are scrubbed from output.
Bug: 21172095
Change-Id: I9b2713dafdfdfcf5d97bf1bc21841f39409a7e54
When requested, kick off a thread that will migrate storage contents
between two locations. This is performed in several steps that
also interact with the framework:
1. Take old and new volumes offline during migration
2. Wipe new location clean (10% of progress)
3. Copy files from old to new (60% of progress)
4. Inform framework that move was successful so it can persist
5. Wipe old location clean (15% of progress)
Derives a hacky progress estimate by using a rough proxy of free
disk space changes while a cp/rm is taking place.
Add new internal path for direct access to volumes to bypass any
FUSE emulation overhead, and send it to framework. Remove mutex
around various exec calls since setexeccon() is already per-thread.
Bug: 19993667
Change-Id: Ibcb4f6fe0126d05b2365f316f53e71dc3e79a2b8
This adds support for private volumes which is just a filesystem
wrapped in a dm-crypt layer. For now we're using the exact same
configuration as internal encryption (aes-cbc-essiv:sha256), but we
don't store any key material on the removable media. Instead, we
store the key on internal storage, and use the GPT partition GUID
to identify which key should be used.
This means that private external storage is effectively as secure as
the internal storage of the device. That is, if the internal storage
is encrypted, then our external storage key is also encrypted.
When partitioning disks, we now support a "private" mode which has
a PrivateVolume partition, and a currently unused 16MB metadata
partition reserved for future use. It also supports a "mixed" mode
which creates both a PublicVolume and PrivateVolume on the same
disk. Mixed mode is currently experimental.
For now, just add ext4 support to PrivateVolume; we'll look at f2fs
in a future change. Add VolumeBase lifecycle for setting up crypto
mappings, and extract blkid logic into shared method. Sprinkle some
more "static" around the cryptfs code to improve invariants.
Bug: 19993667
Change-Id: Ibd1df6250735b706959a1eb9d9f7219ea85912a0
This is the first in a series of changes that are designed to
introduce better support for dynamic block devices.
It starts by defining a new Volume object which represents a storage
endpoint that knows how to mount, unmount, and format itself. This
could be a filesystem directly on a partition, or it could be an
emulated FUSE filesystem, an ASEC, or an OBB.
These new volumes can be "stacked" so that unmounting a volume will
also unmount any volumes stacked above it. Volumes that provide
shared storage can also be asked to present themselves (through bind
mounts) into user-specific mount areas.
This change also adds a Disk class which is created based on block
kernel netlink events. Instead of waiting for partition events from
the kernel, it uses gptfdisk to read partition details and creates
the relevant Volume objects.
Change-Id: I0e8bc1f8f9dcb24405f5e795c0658998e22ae2f7
