Commit graph

120 commits

Author SHA1 Message Date
Paul Lawrence
beadcb6ec0 Revert "Securely encrypt the master key"
This reverts commit 7053e9cd5e.

Change-Id: I77ed4dbdff8643c80629d2126cb29f85c24c7b43
2015-04-28 19:16:46 +00:00
Paul Lawrence
74e85f1872 resolved conflicts for merge of 86138731 to mnc-dev-plus-aosp
Change-Id: I89203aa1665bb42f9a98fd8b94b933e8406dde02
2015-04-27 14:14:36 -07:00
Paul Lawrence
7053e9cd5e Securely encrypt the master key
Move all key management into vold
Reuse vold's existing key management through the crypto footer
to manage the device wide keys

This is one of four changes to enable this functionality:
  https://android-review.googlesource.com/#/c/144586/
  https://android-review.googlesource.com/#/c/144663/
  https://android-review.googlesource.com/#/c/144672/
  https://android-review.googlesource.com/#/c/144673/

Bug: 18151196
Change-Id: I9a162b90afe5f46a4ff15b3878e2ab503795425e
2015-04-27 20:08:38 +00:00
Jeff Sharkey
1d6fbcc389 Migrate primary external storage.
When requested, kick off a thread that will migrate storage contents
between two locations.  This is performed in several steps that
also interact with the framework:

1. Take old and new volumes offline during migration
2. Wipe new location clean (10% of progress)
3. Copy files from old to new (60% of progress)
4. Inform framework that move was successful so it can persist
5. Wipe old location clean (15% of progress)

Derives a hacky progress estimate by using a rough proxy of free
disk space changes while a cp/rm is taking place.

Add new internal path for direct access to volumes to bypass any
FUSE emulation overhead, and send it to framework.  Remove mutex
around various exec calls since setexeccon() is already per-thread.

Bug: 19993667
Change-Id: Ibcb4f6fe0126d05b2365f316f53e71dc3e79a2b8
2015-04-24 16:08:07 -07:00
Mohamad Ayyash
3896727376 am 959de99a: am f8c905e0: Merge "Add dependency on libsquashfs_utils due to fs_mgr dependency"
* commit '959de99af47dec9ed7a3499ce57e4097be399d7d':
  Add dependency on libsquashfs_utils due to fs_mgr dependency
2015-04-07 18:44:08 +00:00
Mohamad Ayyash
c489d7f4e7 Add dependency on libsquashfs_utils due to fs_mgr dependency
Change-Id: I894d18c2086a6532194f478853a9837eb4b6fc09
Signed-off-by: Mohamad Ayyash <mkayyash@google.com>
2015-04-06 18:22:35 -07:00
Jeff Sharkey
9f18fe7807 Remove unused code.
Bug: 19993667
Change-Id: I1f6519655c5a366eca25e2329e1bf95d81b3bf8c
2015-04-01 23:33:26 -07:00
Jeff Sharkey
9c48498f45 Support for private (adopted) volumes.
This adds support for private volumes which is just a filesystem
wrapped in a dm-crypt layer.  For now we're using the exact same
configuration as internal encryption (aes-cbc-essiv:sha256), but we
don't store any key material on the removable media.  Instead, we
store the key on internal storage, and use the GPT partition GUID
to identify which key should be used.

This means that private external storage is effectively as secure as
the internal storage of the device.  That is, if the internal storage
is encrypted, then our external storage key is also encrypted.

When partitioning disks, we now support a "private" mode which has
a PrivateVolume partition, and a currently unused 16MB metadata
partition reserved for future use.  It also supports a "mixed" mode
which creates both a PublicVolume and PrivateVolume on the same
disk.  Mixed mode is currently experimental.

For now, just add ext4 support to PrivateVolume; we'll look at f2fs
in a future change.  Add VolumeBase lifecycle for setting up crypto
mappings, and extract blkid logic into shared method.  Sprinkle some
more "static" around the cryptfs code to improve invariants.

Bug: 19993667
Change-Id: Ibd1df6250735b706959a1eb9d9f7219ea85912a0
2015-04-01 10:45:05 -07:00
Dan Albert
ae9e890337 Update for libbase.
Change-Id: I23b1281a63031a7481ea7b33c9ddbdbe7d3d6174
2015-03-16 10:35:17 -07:00
Jeff Sharkey
deb2405737 Checkpoint of better dynamic device support.
This is the first in a series of changes that are designed to
introduce better support for dynamic block devices.

It starts by defining a new Volume object which represents a storage
endpoint that knows how to mount, unmount, and format itself.  This
could be a filesystem directly on a partition, or it could be an
emulated FUSE filesystem, an ASEC, or an OBB.

These new volumes can be "stacked" so that unmounting a volume will
also unmount any volumes stacked above it.  Volumes that provide
shared storage can also be asked to present themselves (through bind
mounts) into user-specific mount areas.

This change also adds a Disk class which is created based on block
kernel netlink events.  Instead of waiting for partition events from
the kernel, it uses gptfdisk to read partition details and creates
the relevant Volume objects.

Change-Id: I0e8bc1f8f9dcb24405f5e795c0658998e22ae2f7
2015-03-13 10:12:57 -07:00
Kenny Root
ba5834dcea am 26970299: Merge "Remove superfluous OpenSSL include paths."
* commit '269702997153cdf92c65cfee277c76afed44e9e5':
  Remove superfluous OpenSSL include paths.
2015-01-23 01:17:16 +00:00
Adam Langley
41405bb3e5 Remove superfluous OpenSSL include paths.
The libcrypto and libssl modules (and their respective static and host
versions) use LOCAL_EXPORT_C_INCLUDE_DIRS thus just including the module
is sufficient.

Additionally, cryptfs.h was including an OpenSSL header just to get the
length of a SHA-256 hash. Rather than force all users of this header to
also depend on libcrypto, it's easier just to define that value in the
header file.

Change-Id: I3e3e0db906a212e1093944b298e4a8ff2e2fb07d
2015-01-22 16:45:28 -08:00
Dan Albert
210caabdb5 resolved conflicts for merge of 88aba541 to lmp-mr1-dev-plus-aosp
Change-Id: Ie5ef819dd8168cb6a73f84a881a92c116705fffc
2014-12-18 14:08:43 -08:00
Dan Albert
c07fa3fa5a Fix alignment of buffer used for dm_ioctl.
Since the dm_ioctl struct was being allocated on the stack as a large
character array, it was getting character alignment rather than the
proper alignment for the struct. GCC had been getting away with this
so far, but it's undefined behavior that clang managed to expose.

Bug: 18736778
Change-Id: Ied275dfad7fcc41d712b2d02c8a185f499221f57
2014-12-18 10:24:23 -08:00
Tim Murray
6c78e7d772 resolved conflicts for merge of 4be36106 to lmp-mr1-dev-plus-aosp
Change-Id: If504710a618d8c3adf85297d5fd2909558ed57a3
2014-12-17 16:41:07 -08:00
Tim Murray
8439dc9fd5 Make vold compile with -Werror -Wall.
-Wno-missing-field-initializers is used as well, but that is an
overzealous warning from initializing structs with {0} and not a
real warning.

bug 18736778 and 16868177

Change-Id: Iffde89cd7200d9a11193e1614f1819f9fcace30a
2014-12-18 00:21:21 +00:00
Dan Albert
97f3d073ac am a20bb17e: Merge "Move vold to GCC."
* commit 'a20bb17e4c6095a77425418d7eb0c1ceb50d05f7':
  Move vold to GCC.
2014-12-13 02:17:32 +00:00
Dan Albert
084f0b3dd5 Move vold to GCC.
It looks like clang might have a miscompile that is causing SIGBUS in
`ioctl_init` when the device is encrypted. Move back to GCC until we
can sort this out.

Bug: 18736778
Change-Id: I21ae3b9d7d9ebff8679ecc1a828b7c59f27d0903
2014-12-12 17:47:16 -08:00
Iliyan Malchev
b7d35115dc resolved conflicts for merge of 87701e27 to lmp-mr1-dev-plus-aosp
Change-Id: Ie873baff626fe786515497f2e81aa9db2329168d
2014-11-21 00:52:40 -08:00
Ajay Dudani
87701e2755 Adding support of dm-req-crypt
Currently Android provides disk encryption support using dm-crypt
which is based on bios. dm-crypt uses 512 bytes packet size for
crypto operations. While 512 bytes size packet is ok for SW based
disk encryption, it is inefficient for HW based crypto engines.
dm-req-crypt is similar to dm-crypt except it uses block requests
rathe bios for crypto operations. block requests when unpacked
carries data upto 512KB. Hence, HW based crypto engine can be used
more efficiently.

Also move create disk encryption key before framework start as
HW based disk encryption creates key in secure side. Key creation
can take sometime to create the key securely. If framework is
started before creating the key, it is possible that framework
requests service from secure side. Secure side can serve mostly one
request at a time. Secure side may reject framework request if key
creation request is still going on. This may cause problem in the
system

b/17475056 Enable hardware crypto for userdata encryption

Change-Id: I5480ab72a37c02532218a18faaba598a824589fd
Signed-off-by: Iliyan Malchev <malchev@google.com>
2014-11-21 08:17:32 +00:00
Dan Albert
89bcc638ab am 36859212: Merge "Move vold to libc++."
* commit '36859212614fd112e08dcf92065ee6db910769bb':
  Move vold to libc++.
2014-11-06 00:15:12 +00:00
Dan Albert
a05cb41300 am 460a93a6: Merge "Move vold to clang so ASAN_ALL works."
* commit '460a93a6d4d01bf0efa83acea0c84b4d43ab23c9':
  Move vold to clang so ASAN_ALL works.
2014-11-06 00:15:12 +00:00
Dan Albert
66d84da214 Move vold to libc++.
Bug: 15193147
Change-Id: Ib868f1ed8145ca5cbfdb4cd60ed0c47a6182ac62
2014-11-05 14:48:45 -08:00
Dan Albert
5325f56921 Move vold to clang so ASAN_ALL works.
ASAN_ALL uses ASAN for anything built with clang. Since some of vold's
dependencies use clang, they will have unresolved ASAN symbols unless
vold is also built with clang. There's no harm in just moving this
project to clang.

Change-Id: Ia6f412beb7bf092121bff2a5a980531636adcdb9
2014-10-21 11:02:33 -07:00
Dan Albert
b4ef84d704 resolved conflicts for merge of 2b2a0bec to lmp-dev-plus-aosp
Change-Id: I224499833777ef80d85c1199f475f5ed1568d053
2014-09-12 13:06:50 -07:00
Dan Albert
b2aaf3afa1 Remove makefile cruft.
Don't manually include stlport, and don't use private bionic headers.

Change-Id: I44dd212fdd5874e625890c548e9d7bf3a9c27912
2014-09-12 10:48:12 -07:00
Daniel Rosenberg
e82df164e8 Revert "Revert "cryptfs: Added support for f2fs fast encryption""
This reverts commit a70abc6009.

Change-Id: Ic41d1924638586cf9b2297f91ed5417f3b0303c6
2014-08-15 22:19:23 +00:00
Jim Miller
a70abc6009 Revert "cryptfs: Added support for f2fs fast encryption"
This reverts commit 74c01201de.

Change-Id: Ib397a2b5812179ee2e2b68de5d718077563adc1c
2014-08-15 02:00:45 +00:00
Daniel Rosenberg
74c01201de cryptfs: Added support for f2fs fast encryption
Bug: 15749466
Change-Id: I25452a05e1cbe90ac6603a89db9b720c7ab17e55
Signed-off-by: Daniel Rosenberg <drosen@google.com>
2014-08-15 00:12:06 +00:00
Paul Lawrence
69f4ebd81e Add keymaster support to cryptfs
Use keymaster to wrap the cryptfs keys.

Requires selinux change
  https://googleplex-android-review.git.corp.google.com/#/c/449411

Bug: 9467042
Change-Id: If25a01cb85ed193a271d61382de0560d85553b7e
2014-04-18 11:40:13 -07:00
Paul Lawrence
87999173dd Don't corrupt ssd when encrypting and power fails
Stop encryption when battery is low, mark position, and continue on reboot.

Note - support for multiple encrypted volumes removed as no devices seem
to exist with an fstab that uses this feature. If you want support for such
a device, contact me and we will re-add it with appropriate testing.

Bug: 13284213
Change-Id: I1f7178e4f7dd8ea816cbc03ab5c4f6543e98acaa
2014-03-21 18:30:26 +00:00
Nick Kralevich
4ff7225154 am ca3593df: am 311edc8c: Merge "Add SELinux restorecon calls on ASEC containers."
* commit 'ca3593df3d48cb4b51acf89e6df4872b922fd51d':
  Add SELinux restorecon calls on ASEC containers.
2014-02-11 17:28:57 +00:00
Robert Craig
b9e3ba56cb Add SELinux restorecon calls on ASEC containers.
This will allow fine-grained labeling of the
contents of ASEC containers. Some of the contents
need to be world readable and thus should be
distinguishable in policy.

Change-Id: Iefee74214d664acd262edecbb4f981d633ff96ce
Signed-off-by: rpcraig <rpcraig@tycho.ncsc.mil>
2014-02-06 07:10:43 -05:00
Colin Cross
699bfa411e am 8328e815: Merge "vold: remove from include path"
* commit '8328e8150f4e7b785785754f2d44794e7bab3577':
  vold: remove $(KERNEL_HEADERS) from include path
2014-01-23 23:43:38 +00:00
Colin Cross
23b571bb57 vold: remove $(KERNEL_HEADERS) from include path
The kernel headers are already in the include path, and manually
adding them again will break on a multiarch build, where the
kernel headers may be different for each arch.

Change-Id: Ifb11fa7bdff6b317c44258968244313b7039a9e1
2014-01-23 00:03:17 -08:00
Jeff Sharkey
0368cd4355 am f4a8c0b9: am 10939ac7: Merge "Extract UUID and label from inserted volumes." into klp-dev
* commit 'f4a8c0b9f646cd9fa51fe3746bc8a00bb987124b':
  Extract UUID and label from inserted volumes.
2013-10-17 18:59:02 -07:00
Jeff Sharkey
0de365fc0a Extract UUID and label from inserted volumes.
Uses "blkid" tool to extract metadata from an inserted volume, and
reports it up to the framework.  This needs to happen in vold, since
only the FUSE-wrapped volume is visible to userspace.

Remove autorun sanitization, since FUSE takes care of this now.

Bug: 11175082
Change-Id: Ie69b38011ad6011bfb50e40d4f35a29e02150c19
2013-10-17 09:51:19 -07:00
Nick Kralevich
20bab9ffdc vold: Remove obsolete xwarp support.
This code appears to be unused. Delete it.

This is essentially a revert of 2350c44ff3.

Change-Id: I20a525bb49f6ee8fec8c1ec22e01ad47d0c72960
2013-09-17 13:21:03 -07:00
Ken Sumrall
5cf759a9c5 Use a shared library when building vold
A quick fix to a broken build resulted in using a static library
to build vold when a shared library was available.  This fixes
that.

Bug: 10332978
Change-Id: I31c2b4a87c7b37647e71f7f3c93b0d64dd52da44
2013-08-14 20:15:17 -07:00
Geremy Condra
c49f0f2f90 Add libext4 and libmincrypt to vold.
This accomodates verity changes, which now utilize these libraries.

Change-Id: I1ff8c012e972e245cf3e4bc3a02bef0989165d75
2013-08-07 13:13:24 -07:00
Kenny Root
c4c70f15bb Change key derivation to scrypt
scrypt is a sequential memory-hard key derivation algorithm that makes
it more difficult for adversaries to brute force passwords using
specialized equipment. See http://www.tarsnap.com/scrypt/scrypt.pdf for
more details of the algorithm.

This adds support for initializing disk encryption using scrypt and
upgrading from the previous PBKDF2 algorithm.

Change-Id: I1d26db4eb9d27fea7310be3e49c8e6219e6d2c3b
2013-06-24 09:40:54 -07:00
Ken Sumrall
9caab76c6b vold: Add an optional wipe paramter to the volume format command
The new wipe option to the vold format command will invoke BLKDISCARD
on the partition before invoking newfs_msdos.  This will be used whenever
a full wipe of the device is wanted, as this is more secure than just
doing newfs_msdos.

Bug: 9392982
Change-Id: Ie106f1b9cc70abc61206006d1821641c27c7ccae
2013-06-12 18:42:02 -07:00
Ying Wang
741a1699b1 Add liblog
Bug: 8580410
Change-Id: I1a59b45c87cd901b3de52540ad7b670c42ffcbd5
2013-04-09 22:05:28 -07:00
Ken Sumrall
b87937cdea Vold: Add the fstrim subsystem to vold
The fstrim subsystem implements the dotrim command, which goes
through all the writable filesystems on the device, and invokes
the FITRIM ioctl() on them.  This marks all the unused blocks on
the underlying flash device as unused, so the device performs better.

Change-Id: I5fc8c2f60e0bc823f162d0f89580fb288ecb2160
2013-03-22 02:19:15 -07:00
Rom Lemarchand
2ba45aafc2 Replace custom logwrapper implementation with liblogwrap
Use liblogwrap to provide logwrapper functionality instead of
using vold's own implementation.

Change-Id: I76aac5aa72a1fdca043a63b86c6a9b54e7abec16
2013-01-30 12:15:47 -08:00
Ken Sumrall
f0679f0da4 Changes to encryption to work with the new filesystem manager
The new filesystem manager is in charge of mounting the block devices now,
removing much of the knowledge from init.<device>.rc.  This also let us
clean up some init code dealing with encryption, so this change updates
vold to work with that.  More cleanup is possible, but the main goal of the
filesystem manager was to enable e2fsck, not a full cleanup of encryption.

Change-Id: I00ea80a923d14770ed8fdd190e8840be195f8514
2012-04-27 16:44:22 -07:00
Kenny Root
344ca10856 Add in ext4 support for ASEC containers
Now forward locked applications will be in ASEC containers both internal
to the system and externally.

This change adds support for putting applications in ext4-based ASECs.

Change-Id: I8d6765b72dd2606e429c067b47a2dbcaa8bef37d
2012-04-25 14:15:15 -07:00
Nick Kralevich
9713ed4639 vold: add -Werror=format
Stop format string bugs from creeping into root level processes.

Change-Id: Ifa19ac0cacba76392040ab16cebe557b5b016706
2012-02-23 13:20:30 -08:00
Jeff Brown
ea89f53387 Remove the simulator target from all makefiles.
Bug: 5010576

Change-Id: I7e531101ae057fb059d7d56c99433c4d66e866dc
2011-07-11 22:12:37 -07:00
Ken Sumrall
5d4c68e407 Have vold grab a partial wakelock when encrypting
The Progress bar UI grabs a full wakelock when encrypting, but we've seen
a case where it looks like the progress bar UI crashes, and the wakelock is
lost, and then all hell breaks loose.  The enablecrypto command has a lot of
work to do, and it will take some time, so it should grab a wakelock to
ensure it can finish without being interrupted and put to sleep.

It grabs a partial wake lock, as it doesn't need the screen to be on to do
its work.  If the UI wants to keep it on, it should also grab a full wakelock,
which it does.  If the UI crashes, the screen may turn off, but the encryption
will keep going, and vold will reboot the device when it's done.

Change-Id: I51d3a72b8c77383044a3facb1604c1ee510733ae
2011-01-30 19:10:07 -08:00
Ken Sumrall
3ed8236de1 Don't try to encrypt in place a filesystem that is too large and return proper errors
If the already existing filesystem encompasses the entire /data partition
and does not leave the last 16 Kbytes for the crypto footer, refuse to
do encrypt in place and return an error.  This is only an issue for folks
with early development systems trying to encrypt an old /data.  This should
not be seen in released devices.

Also, if there is an error, try to report back to the UI what the error was
so it can deal with it.

Change-Id: If66781a4fe03034c96c3dd12075240deb8663db0
2011-01-29 00:48:30 -08:00
Ken Sumrall
8f869aa1bc Support for encrypting /data on Stingray.
There are still a few hacks and performance issues related
to shutting down the framework in this code, but it is
functional and tested.  Without the UI changes, it requires
cryptic adb shell commands to enable, which I shall not
utter here.

Change-Id: I0b8f90afd707e17fbdb0373d156236946633cf8b
2010-12-18 18:35:56 -08:00
Kenny Root
acc9e7dcca Change ASCII conversion for hash and add tests
Hash was printed using snprintf(), but we can just write yet another hex
conversion utility!

Change-Id: I04f1992deaf5bf1b3e2751c8f07072f8ed6660e9
2010-06-20 22:03:10 -07:00
Kenny Root
7b18a7b36f vold: Convert to use OpenSSL MD5 API
Change-Id: I9b84370fa9a98464c211ebe8983be8dbe9dd7ccd
2010-03-15 14:39:40 -07:00
San Mehat
befd59c152 vold: remove some dead code
Change-Id: Iaeb5d3334ec22ed31da9734bb8d7cd17e6a40eaf
Signed-off-by: San Mehat <san@google.com>
2010-03-15 10:28:21 -07:00
San Mehat
d9a4e35861 vold: Bugfixes & cleanups
- Fix issue where container-names > 64 bytes were getting truncated in the
    kernel. lo_name is only 64 bytes in length, so we now hash the container
    id via md5
  - Add 'dump' command to dump loop and devicemapper status
  - Add 'debug' command to enable more detailed logging at runtime
  - Log vold IPC arguments (minus encryption keys)
  - Fix premature return from Loop::lookupActive() and friends

Change-Id: I0e833261a445ce9dc1a8187e5501d27daba1ca76
Signed-off-by: San Mehat <san@google.com>
2010-03-13 16:42:19 -08:00
San Mehat
2a5b8ce09b vold: Switch to using libdiskconfig for partition setup.
Also handles an issue where NPARTS=0 on a disk change uevent

Change-Id: I77c56f177dc65df91468bbd7d5fe1889db414d7a
Signed-off-by: San Mehat <san@google.com>
2010-03-10 15:18:41 -08:00
San Mehat
2350c44ff3 vold: Add support for xwarp
Signed-off-by: San Mehat <san@google.com>
2010-03-02 13:17:02 -08:00
San Mehat
8f2875b297 vold: Clean up asec command response and add support for 'StorageBusy'
Signed-off-by: San Mehat <san@google.com>
2010-02-18 11:48:50 -08:00
San Mehat
586536c60b vold: Refactor Processkiller and add command to return users of a mount point
Signed-off-by: San Mehat <san@google.com>
2010-02-16 17:12:00 -08:00
San Mehat
b78a32c1d5 vold: Add encrypted ASEC support via devmapper
- Supports up to 4096 containers
- Keys are now implemented - specifying a key of 'none' means no encryption.
  Otherwise, the key must be a string of 32 characters

Signed-off-by: San Mehat <san@google.com>
2010-01-11 08:12:52 -08:00
Doug Kwan
1bc9558895 Add missing library used by the main executable in linker options. Currently
the library is implicit added via inter-library dependency.
2010-01-07 13:54:17 -08:00
San Mehat
a19b250bd2 vold2: Initial support for Android Secure External Caches
Signed-off-by: San Mehat <san@google.com>
2010-01-06 10:55:29 -08:00
San Mehat
bf04185c88 vold2: Refactor FAT support into a separate class
Signed-off-by: San Mehat <san@google.com>
2010-01-04 10:09:16 -08:00
San Mehat
11f78c181e vold2: Don't build for simulator
Signed-off-by: San Mehat <san@google.com>
2010-01-03 08:59:37 -08:00
San Mehat
a1c2ca1c70 vold2: Enable in build
Signed-off-by: San Mehat <san@google.com>
2009-12-21 12:29:55 -08:00
San Mehat
a2677e4ad0 vold2: Get mounting/unmounting/formatting/sharing working
Signed-off-by: San Mehat <san@google.com>
2009-12-19 09:54:42 -08:00
San Mehat
49e2bce5b7 vold2: Wire up more of the mount function
Signed-off-by: San Mehat <san@android.com>
2009-10-12 16:29:01 -07:00
San Mehat
ae10b91044 vold2: Rename DeviceVolume -> DirectVolume
Signed-off-by: San Mehat <san@android.com>
2009-10-12 15:03:15 -07:00
San Mehat
f1b736bc56 system: vold2: Initial skeleton for vold2.
Let there be light.

Signed-off-by: San Mehat <san@android.com>
2009-10-10 17:57:51 -07:00