Commit graph

1420 commits

Author SHA1 Message Date
Bill Yi
c191423cd5 Merge commit \'9b5db9bcbe333b677ca18d2c1c398c8751cd0fd2\' into HEAD
am: e7af39dc4b

* commit 'e7af39dc4b616f6a37c6ab691c48ad745f2a428b':
2016-02-17 20:46:47 +00:00
Bill Yi
e7af39dc4b Merge commit '9b5db9bcbe333b677ca18d2c1c398c8751cd0fd2' into HEAD 2016-02-17 09:51:20 -08:00
Dimitry Ivanov
708950bde8 Merge "Add missing liblog dependency"
am: 6e8a931d54  -s ours

* commit '6e8a931d54c4d67e39cf0a22bf496bd4ab9822f7':
  Add missing liblog dependency
2016-02-13 01:31:49 +00:00
Dimitry Ivanov
6e8a931d54 Merge "Add missing liblog dependency" 2016-02-13 00:37:27 +00:00
Dimitry Ivanov
01f86a521d Add missing liblog dependency
Bug: http://b/27171986
Change-Id: I03c5f9375ca46a81250ac00493a4f3f1eebf3156
2016-02-12 16:10:22 -08:00
Paul Crowley
ad2eb64413 Log a warning if old creds passed to change_user_key don't work.
Bug: 26948053
Change-Id: I8c117bfe5e85e73af72b6ecafea39924f3561c7c
2016-02-10 17:56:05 +00:00
Paul Crowley
63c18d3ba9 Add scrypt-based password stretching.
Bug: 27056334
Change-Id: Ifa7f776c21c439f89dad7836175fbd045e1c603e
2016-02-10 14:07:59 +00:00
Paul Lawrence
58e9c2a4aa Merge "Fix encryption on non-default devices" into nyc-dev 2016-02-09 19:32:44 +00:00
Paul Lawrence
42b2837cfa Fix encryption on non-default devices
Bug: 27061863
Change-Id: Id998bb4534f657079e95718ef52af3f23100fb10
2016-02-09 11:24:28 -08:00
Paul Crowley
76107cb3f4 Prefer bool returns to int throughout
Change-Id: Ib3592b598ee07bc71a6f9507570bf4623c1cdd6a
2016-02-09 10:11:42 +00:00
Paul Crowley
38132a1f66 Refactor now that global DE has been reworked
Change-Id: I4d6156332cfc847e25e7c8863fd6a50fa325fb87
2016-02-09 10:11:42 +00:00
Paul Crowley
57eedbf8cb Fix some "false" returns to be "-1" where appropriate in e4crypt_enable
Also fix a PLOG that should be a LOG.

Change-Id: Ic5ae288c37b6e236172f9e38349c2d0d530bfd4d
2016-02-09 10:11:42 +00:00
Jeff Sharkey
695d928286 e4crypt_unlock_user_key no longer likes nullptr.
Bug: 27075797
Change-Id: I835d17d02ea50a88ef0a5322a30e04f3d0237019
2016-02-08 18:10:34 -07:00
Paul Crowley
f7a0d007d2 Add new argument to unlock_user_key, fixing merge-caused error.
Change-Id: Ic51f375e500cd61bda926e3b039126a840ed89f0
2016-02-08 22:40:34 +00:00
Paul Crowley
5c025bd9a5 Merge "Password security for FBE disk encryption keys" into nyc-dev 2016-02-08 21:45:46 +00:00
Paul Crowley
0572080814 Password security for FBE disk encryption keys
Added a new call change_user_key which changes the way that disk
encryption keys are protected; a key can now be protected with a
combination of an auth token and a secret which is a hashed password.
Both of these are passed to unlock_user_key.

This change introduces a security bug, b/26948053, which must be fixed
before we ship.

Bug: 22950892
Change-Id: Iac1e45bb6f86f2af5c472c70a0fe3228b02115bf
2016-02-08 20:03:57 +00:00
Jeff Sharkey
0754a45539 Emulation fixes: mics dirs, recover after disable.
Add new misc directories to list of paths that we lock/unlock in
emulation mode.  When booting a device without native-FBE and without
emulation, make sure we "unlock" any emulated settings on user 0;
MountService handles this for secondary users later during boot.

Bug: 27069522
Change-Id: I15c7cf00a7231ce99b2e4e11a25106d7b87e70cc
2016-02-08 12:45:16 -07:00
Daichi Hirono
1ab7349e49 Merge "Add context mount option for appfuse." 2016-02-07 04:01:24 +00:00
Jeff Sharkey
47695b29af Allow callers to prepare CE/DE user storage.
Give callers the option of preparing CE and/or DE storage.  The
framework will only prepare CE storage after the CE keys have been
unlocked for that user.

When init is calling enablecrypto, kick off the work in a thread so
that we can make other calls back into vold without causing
deadlock.  Leaves blocking call intact for framework callers.

Clean up 'vdc' tool to send useful transaction numbers, and
actually watch for the matching result to come back.  This fixes
race conditions when there are multiple 'vdc' callers.

Also add other system and misc directories to match spec.

Bug: 25796509
Change-Id: Ie4f853db6e387916b845d2b5fb92925d743b063d
2016-02-05 13:03:52 -07:00
Daichi Hirono
1c419e000e Add context mount option for appfuse.
BUG=26147865

Change-Id: I1812c46d0f80eaea9a9a3fa944bc4d0126ae8ba1
2016-02-05 16:09:24 +09:00
Paul Lawrence
f10544df96 Remove unencrypted_properties
Change-Id: I5728f03dbde6621e410efcda1d93054915793407
2016-02-04 12:48:41 -08:00
Paul Lawrence
5a06a6481b Fix minor issues with previous change
New style logging
Remove set/get field from e4crypt
Save keys to temp file then rename

See https://googleplex-android-review.git.corp.google.com/#/c/858922/

Change-Id: I454c3f78489b491ffc1230a70dce64935e4e0f8a
2016-02-03 13:39:13 -08:00
Paul Lawrence
aec34dfb1d Use consistent method for device key
Change-Id: I420f548115c1b55e62b193c60d569fdda518af1a
2016-02-03 10:52:41 -08:00
Paul Lawrence
7b6b565fa0 Remove support for non-default root passwords in FBE
Change-Id: Ie179cb09f9f24382afd0fe0f3aa2a1ad943a7f5d
2016-02-02 12:47:52 -08:00
Daichi Hirono
dac436f1fe Merge "Mount appfuse in process namespace." 2016-02-02 10:14:29 +00:00
Daichi Hirono
10d34887b3 Mount appfuse in process namespace.
BUG=26148108

Change-Id: I2297fd227a4c607054e0403e73bd9c857f580a1c
2016-02-02 18:56:19 +09:00
Jeff Vander Stoep
75fc83bac8 resolve merge conflicts of 2b6f9ce823 to master.
Change-Id: I69f36f560334b11b099f2eb15999603dd2469d4f
2016-02-01 15:24:58 -08:00
Jeffrey Vander Stoep
2b6f9ce823 Merge "cryptfs: run e2fsck/fsck.f2fs in fsck domain"
am: 6f69ee094c

* commit '6f69ee094cabcd052a4742089fcae8e92cf7f924':
  cryptfs: run e2fsck/fsck.f2fs in fsck domain
2016-02-01 23:10:31 +00:00
Jeffrey Vander Stoep
6f69ee094c Merge "cryptfs: run e2fsck/fsck.f2fs in fsck domain" 2016-02-01 23:05:55 +00:00
Jeff Vander Stoep
df72575862 cryptfs: run e2fsck/fsck.f2fs in fsck domain
e2fsck and fsck.f2fs must run in the fsck domain. Add call to
setexeccon() to tell selinux to run in the fsck domain on exec.

Addresses:
avc: denied { execute_no_trans } for path="/system/bin/e2fsck" dev="mmcblk0p41" ino=241 scontext=u:r:vold:s0 tcontext=u:object_r:fsck_exec:s0 tclass=file

Bug: 26872236
Change-Id: Ib2a583aeefc667f8aa67532e0ac0ff9619b65461
2016-02-01 12:59:59 -08:00
Paul Crowley
b92f83c051 Add support for per-user DE keys.
FBE devices need a factory reset after this change.

Bug: 26704408
Change-Id: I150b82a13a4a007d9a8997ef6a676e96576356b2
2016-02-01 17:17:41 +00:00
Paul Crowley
b1f3d242dd Refactor of Ext4Crypt.cpp in preparation for DE keys
Mainly a refactor, but with a substantive change: Keys are created in
a temporary location, then moved to their final destination, for
atomicity.

Bug: 26704408
Change-Id: I0b2dc70d6bfa1f8a65536dd05b73c4b36a4699cf
2016-02-01 17:06:49 +00:00
Paul Crowley
8fb12fd835 Add init_user0 command.
Change-Id: Icf746ec1968a073fde707ecc788b648f5803fd38
2016-02-01 15:19:07 +00:00
Paul Crowley
ea62e26ad3 Create disk encryption keys only when FBE enabled
Our code for creating disk encryption keys doesn't work everywhere,
and it doesn't need to; only on platforms that support FBE. Don't
create them elsewhere.

Bug: 26842807
Change-Id: I686d0ffd7cb3adbddfce661c22ce18f66acb1aba
2016-01-28 12:23:53 +00:00
Paul Crowley
13ffd8ef7a Improvements to the key storage module
The key storage module didn't comply with Android coding standards
and had room for improvemnet in a few other ways, so have cleaned up.

Change-Id: I260ccff316423169cf887e538113b5ea400892f2
2016-01-27 15:54:35 +00:00
Paul Crowley
c5fdb4b8d3 Merge "Use a keymaster-based key storage module" 2016-01-27 10:19:54 +00:00
Paul Crowley
1ef255816c Use a keymaster-based key storage module
Instead of writing raw keys, encrypt the keys with keymaster. This
paves the way to protecting them with auth tokens and passwords later.
In addition, fold in the hash of a 16k file into their encryption, to
ensure secure deletion works properly.

Now even C++ier!

Bug: 22502684
Bug: 22950892
Change-Id: If70f139e342373533c42d5a298444b8438428322
2016-01-26 18:24:03 +00:00
Narayan Kamath
ea243a3015 Unmount emulated filesystems before killing the fuse process.
Avoid ENOTCONN for file system operations.

bug: 26645585
bug: 26070583
Change-Id: I19b00db37ef7ba85a2cae16c7c4204826653f559
2016-01-26 10:05:15 +00:00
Paul Crowley
a042cb5761 Don't fail on unlock if we're not even emulating FBE
As a precaution, we do the work of emulating an unlock even on devices
that aren't emulating FBE. However, we don't care if it fails, so
don't fail the calling command in that instance.

Bug: 26713622
Change-Id: I8c5fb4b9a130335ecbb9b8ea6367f1c59835c0f1
2016-01-21 17:26:11 +00:00
Paul Crowley
285956fe11 Rework FBE crypto to match the N way of doing things
Major rework and refactor of FBE code to load the keys at the right
time and in a natural way. The old code was aimed at our goals for M,
with patches on top, and didn't quite work.

Bug: 22358539

Change-Id: I9bf7a0a86ee3f2abf0edbd5966f93efac2474c2c
2016-01-20 13:12:38 +00:00
Jeff Sharkey
7a9dd95cbc Offer to enforce "locked" state using SELinux.
Bug: 26466827
Change-Id: Id5f05298c2cb5f3cf288df37ddf0a196ca49949b
2016-01-15 14:07:12 -07:00
Daichi Hirono
b025f3efc0 Merge "Add allow_other mount option for appfuse." 2016-01-14 07:23:17 +00:00
Paul Lawrence
b0f4a229e5 Merge "cryptfs: Skip to encrtypt unused blocks into a block group which uninitialize block bitmap ." am: 1ae498e0d4
am: 9b5db9bcbe

* commit '9b5db9bcbe333b677ca18d2c1c398c8751cd0fd2':
  cryptfs: Skip to encrtypt unused blocks into a block group which uninitialize block bitmap .
2016-01-12 22:21:21 +00:00
Paul Crowley
8bb8fcfb4f Use android-base logging not cutils in secdiscard
Much nicer C++ style logging, but the main reason is to clean up
AutoCloseFD.h so I don't have to use cutils to use it.

Change-Id: I7a7f227508418046eecce6c89f813bd8854f448a
2016-01-12 10:03:05 +00:00
Paul Lawrence
9b5db9bcbe Merge "cryptfs: Skip to encrtypt unused blocks into a block group which uninitialize block bitmap ."
am: 1ae498e0d4

* commit '1ae498e0d4524aef6de2f1e3b639697ac24b29b2':
  cryptfs: Skip to encrtypt unused blocks into a block group which uninitialize block bitmap .
2016-01-11 20:31:03 +00:00
Paul Lawrence
1ae498e0d4 Merge "cryptfs: Skip to encrtypt unused blocks into a block group which uninitialize block bitmap ." 2016-01-11 20:25:32 +00:00
Daichi Hirono
089ab074e8 Add allow_other mount option for appfuse.
After DocumentsProvider opens FD on app fuse, DocumentProvider passes it
to other applications. To allow other applications to use the FD on app
fuse, we need to specify allow_other mount option.

BUG=25756419

Change-Id: I3c729f90e5b822a7b1032bf80726cc234c0936b1
2016-01-07 17:52:45 +09:00
liminghao
aa08e58e3a cryptfs: Skip to encrtypt unused blocks into a block group which uninitialize block bitmap .
Bug: 198288

Change-Id: Iaa1a14fd916ddec8dc1a4be18d49732ebcba6884
Signed-off-by: liminghao <liminghao@xiaomi.com>
2016-01-06 15:20:38 +08:00
Daichi Hirono
78b524ec46 Add unmount command to vold's AppFuse listener.
BUG=25756420

Change-Id: I75b41f135c172d400e57a72a2be0473546781475
2015-12-22 19:10:20 +09:00
Jeff Sharkey
d2d7bffd0c Create /data/media directory for new users.
Otherwise later unlock commands will fail.

Bug: 26267450
Change-Id: I090ac3a3fd4ac6d49290906e21d88f1efcdec421
2015-12-18 19:16:49 -07:00