Commit graph

5563 commits

Author SHA1 Message Date
Xin Li
e23109dbf7 [automerger skipped] Merge "DO NOT MERGE - Merge Android 13" am: 3f658163ee -s ours
am skip reason: Merged-In I648a1af9e16787dfcfeefa2b2f2e4a72cac2c6a6 with SHA-1 2d30b890d2 is already in history

Original change: https://android-review.googlesource.com/c/platform/system/vold/+/2186984

Change-Id: Iabeb25ab39981b7977fc71f487b7d33bc6d1a65a
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
2022-08-16 23:37:43 +00:00
Xin Li
24dc4748aa [automerger skipped] DO NOT MERGE - Merge Android 13 am: 302f60e5f3 -s ours
am skip reason: Merged-In I648a1af9e16787dfcfeefa2b2f2e4a72cac2c6a6 with SHA-1 2d30b890d2 is already in history

Original change: https://android-review.googlesource.com/c/platform/system/vold/+/2186984

Change-Id: I3bae754efa80e9a9b8d8b91095c0576c0ff3f6a9
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
2022-08-16 23:37:17 +00:00
Elliott Hughes
6e9353e630 Merge "Switch to C23's memset_explicit()." am: dd7cfa9e15
Original change: https://android-review.googlesource.com/c/platform/system/vold/+/2184090

Change-Id: I8efda0a63bae994f8e2949de49ff46fd5b15abb7
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
2022-08-16 23:03:38 +00:00
Trevor Radcliffe
891e2f0730 Merge "Point directly to generated c sysprop_library" am: bdba7cdaa3
Original change: https://android-review.googlesource.com/c/platform/system/vold/+/2119958

Change-Id: I225b2a38726c4506c71a46e8c97ea0cba31e406b
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
2022-08-16 23:03:28 +00:00
Xin Li
3f658163ee Merge "DO NOT MERGE - Merge Android 13" 2022-08-16 19:11:38 +00:00
Elliott Hughes
dd7cfa9e15 Merge "Switch to C23's memset_explicit()." 2022-08-16 15:27:20 +00:00
Trevor Radcliffe
bdba7cdaa3 Merge "Point directly to generated c sysprop_library" 2022-08-16 15:09:25 +00:00
Xin Li
302f60e5f3 DO NOT MERGE - Merge Android 13
Bug: 242648940
Merged-In: I648a1af9e16787dfcfeefa2b2f2e4a72cac2c6a6
Change-Id: I137ddfb8ebd31457540743ad05a794a3526c6bf6
2022-08-15 22:06:36 -07:00
Elliott Hughes
78c33f3f5e Switch to C23's memset_explicit().
Test: treehugger
Change-Id: Ib6ef45cedaf95fa251d0b03de0f14701f910d063
2022-08-15 23:10:28 +00:00
Trevor Radcliffe
c6644f9b07 Point directly to generated c sysprop_library
Bug: 226199990
Test: m
Change-Id: Ic24c608eae89b4f2cb6248e14090a3016d542407
2022-08-12 18:26:10 +00:00
Treehugger Robot
30491f5575 Merge "KeyStorage: don't request rollback resistance for wrapped storage keys" am: ca648a0217
Original change: https://android-review.googlesource.com/c/platform/system/vold/+/2168846

Change-Id: I77397b7fe7b8d25db567e5b8ea9570fd98aca28c
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
2022-08-01 23:44:19 +00:00
Treehugger Robot
ca648a0217 Merge "KeyStorage: don't request rollback resistance for wrapped storage keys" 2022-08-01 23:21:50 +00:00
Eric Biggers
2d30b890d2 KeyStorage: don't request rollback resistance for wrapped storage keys
Hardware-wrapped inline encryption keys (a.k.a. "wrapped storage keys"
or "TAG_STORAGE_KEY keys") are being generated with rollback resistance
enabled, but are never deleted.  This leaks the space that KeyMint
implementations reserve for rollback-resistant keys, e.g. space in the
RPMB.  This is a problem especially for the per-boot key, as that gets
regenerated every time the device is rebooted.  After enough reboots,
KeyMint runs out of space for rollback-resistant keys.  This stops any
new or upgraded keys from being rollback-resistant, reducing security.

This bug affects all devices that use HW-wrapped inline encryption keys
for FBE (have "wrappedkey_v0" in the options for fileencryption in their
fstab), and whose KeyMint implementations support TAG_STORAGE_KEY in
combination with TAG_ROLLBACK_RESISTANCE.  But it's more of a problem on
devices that are rebooted frequently, as per the above.

Fix this bug by not requesting rollback resistance for HW-wrapped inline
encryption keys.  It was a mistake for these keys to ever be rollback-
resistant, as they are simply a stand-in for raw keys.  Secure deletion
instead has to happen higher up the stack, via the Keystore key that
encrypts these keys being deleted, or via the Keystore key and/or Weaver
slot needed to decrypt the user's synthetic password being deleted.

(It was also a mistake for HW-wrapped inline encryption keys to use
Keystore at all.  The revised design for them that I'm working on for
upstream Linux doesn't use Keystore.  But for now, Android uses Keystore
for them, and the fix is to not request rollback resistance.)

Bug: 240533602
Fixes: 3dfb094cb2 ("vold: Support Storage keys for FBE")
Change-Id: I648a1af9e16787dfcfeefa2b2f2e4a72cac2c6a6
2022-07-28 18:48:46 +00:00
Treehugger Robot
77e4ab8031 Merge "Rename fuse_media.o to fuseMedia.o" am: cbdbc35ba0
Original change: https://android-review.googlesource.com/c/platform/system/vold/+/2150775

Change-Id: If343000a8dd36de4584057eb4ac026e50a9ce538
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
2022-07-22 16:45:56 +00:00
Treehugger Robot
cbdbc35ba0 Merge "Rename fuse_media.o to fuseMedia.o" 2022-07-22 16:33:09 +00:00
Daeho Jeong
69754352bb Merge "Introduce target dirty segment ratio tunable parameter" am: c3a7391c94
Original change: https://android-review.googlesource.com/c/platform/system/vold/+/2135595

Change-Id: I42b8baffdfe9bea0d66d310952aa4c8403c36ad3
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
2022-07-14 15:13:20 +00:00
Daeho Jeong
c3a7391c94 Merge "Introduce target dirty segment ratio tunable parameter" 2022-07-14 14:56:13 +00:00
Ken Chen
0093f6ae04 Rename fuse_media.o to fuseMedia.o
Underscore character may cause bpf prog/map naming collision. For
example, x.o with map y_z and x_y.o with map z both result in x_y_z
prog/map name, which should be prevented during compile-time.

aosp/2147825 will prohibit underscore character in bpf source name
(source name derives the obj name). Existing bpf modules with underscore
characters in source name need to be updated accordingly.

Bug: 236706995
Test: build
Change-Id: Ie6ea47560b1d44de0a0d9d124e17616fee6b0922
2022-07-12 05:38:39 +00:00
Daeho Jeong
fc5cdcf04a Merge "Make minimum gc sleep time tunnable" am: a5d927ba6a
Original change: https://android-review.googlesource.com/c/platform/system/vold/+/2132536

Change-Id: I3fc545927eeed476f75e5a72b373d5f6e4a92829
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
2022-07-07 19:01:06 +00:00
Daeho Jeong
a5d927ba6a Merge "Make minimum gc sleep time tunnable" 2022-07-07 18:39:46 +00:00
Daeho Jeong
37cf9d79ab Introduce target dirty segment ratio tunable parameter
We introduce a new parameter of target dirty segment ratio,
which can be used to set a target dirty / (dirty + free) segments
ratio. For example, if we set this as 80%, GC sleep time will be
calculated to achieve this ratio in a GC period.

Test: check smart idle maint log of StorageManagerService
Signed-off-by: Daeho Jeong <daehojeong@google.com>
Change-Id: I73f2bcf4bdb810164c174bd0d2518b15d577d5d5
2022-07-04 21:23:46 +00:00
Xin Li
f0521e8b09 Merge "Merge tm-dev-plus-aosp-without-vendor@8763363" into stage-aosp-master 2022-06-29 21:22:02 +00:00
Treehugger Robot
de2d1b6cc7 Merge "Convert vold to new BootControl client" am: 6083e0196b
Original change: https://android-review.googlesource.com/c/platform/system/vold/+/2132797

Change-Id: I97d3bcacc85ba0295ccadd216a3db8cabf0cc3a2
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
2022-06-29 18:38:33 +00:00
Treehugger Robot
6083e0196b Merge "Convert vold to new BootControl client" 2022-06-29 18:03:39 +00:00
Xin Li
b730112c98 Merge tm-dev-plus-aosp-without-vendor@8763363
Bug: 236760014
Merged-In: Ieb371b7fdebfe938206a45547bb24dfbf2c2e7be
Change-Id: I521a37a205961186baeeebc82668055fe19c2091
2022-06-27 23:40:18 +00:00
Daeho Jeong
3fd33ece35 Make minimum gc sleep time tunnable
Test: check smart idle maint log of StorageManagerService
Signed-off-by: Daeho Jeong <daehojeong@google.com>
Change-Id: I5a70e4ec2ca895551b6446a9dfd4bb5003a3fbd0
2022-06-23 16:20:45 -07:00
Kelvin Zhang
dec03ab380 Convert vold to new BootControl client
Test: th
Bug: 227536004
Change-Id: Ia2f8b51d6d3175999b2434454f0ee4e14bde934e
2022-06-22 15:14:55 -07:00
Eric Biggers
9d2e149521 Merge "Rename fscrypt_is_native() to IsFbeEnabled()" am: d99898496f am: e51736136a
Original change: https://android-review.googlesource.com/c/platform/system/vold/+/2128492

Change-Id: Ic0ef4032bd5596c53f3c7c148928208f62b29300
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
2022-06-22 19:07:49 +00:00
Eric Biggers
e51736136a Merge "Rename fscrypt_is_native() to IsFbeEnabled()" am: d99898496f
Original change: https://android-review.googlesource.com/c/platform/system/vold/+/2128492

Change-Id: I9d329a1da16d949f0f73d69dd943547a3f849fcb
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
2022-06-22 18:47:33 +00:00
Eric Biggers
d99898496f Merge "Rename fscrypt_is_native() to IsFbeEnabled()" 2022-06-22 18:24:38 +00:00
Daeho Jeong
7f6de29a04 Use sysfs control for storage device GC am: d96b2ac076
Original change: https://googleplex-android-review.googlesource.com/c/platform/system/vold/+/18972074

Change-Id: I97bcf7e649090234866db71dd7454e2cd8af0b9e
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
2022-06-21 21:32:45 +00:00
Daeho Jeong
d96b2ac076 Use sysfs control for storage device GC
Sometimes, waiting for the HAL makes infinite calls to HAL and ending
up with power consuming issues. While tracking the root cause, we will
temporally turn off HAL for storage device GC.

Bug: 235470321
Test: run "sm idle-maint run"
Ignore-AOSP-First: This is a temporal fix for Android TM devices.
Signed-off-by: Daeho Jeong <daehojeong@google.com>
Change-Id: Ieb371b7fdebfe938206a45547bb24dfbf2c2e7be
2022-06-17 23:31:35 +00:00
Eric Biggers
a6957c0f7a Rename fscrypt_is_native() to IsFbeEnabled()
Now that emulated FBE is no longer supported, there is no longer any
distinction between native FBE and emulated FBE.  There is just FBE.

Referring to FBE as "fscrypt" is also poor practice, as fscrypt (the
Linux kernel support for filesystem-level encryption) is just one part
of FBE, the Android feature.

Therefore, rename fscrypt_is_native() to IsFbeEnabled().

Bug: 232458753
Change-Id: Idf4cb25d37bc3e81836fcc5a1d96f79ccfa443b7
2022-06-15 18:52:18 +00:00
Eric Biggers
a7c591bb75 Merge "Remove obsolete support for emulated FBE" am: 7b04dba53e am: 2e4373b415
Original change: https://android-review.googlesource.com/c/platform/system/vold/+/2101774

Change-Id: I9595487eb191397c30a795989b2f3ede636b4b0b
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
2022-06-09 19:52:48 +00:00
Eric Biggers
2e4373b415 Merge "Remove obsolete support for emulated FBE" am: 7b04dba53e
Original change: https://android-review.googlesource.com/c/platform/system/vold/+/2101774

Change-Id: Ia4a90c62bf8e974aa51c19791668b6706d84d087
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
2022-06-09 18:59:35 +00:00
Eric Biggers
7b04dba53e Merge "Remove obsolete support for emulated FBE" 2022-06-09 18:42:00 +00:00
Jaegeuk Kim
08c3cbdf93 Merge "Support zoned device with dm-default-key" am: bb97be3d82 am: 43c03c3fe7
Original change: https://android-review.googlesource.com/c/platform/system/vold/+/2116417

Change-Id: Ib67668826bf1f6c89cde82bde67bb1e103395e0f
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
2022-06-09 15:27:49 +00:00
Jaegeuk Kim
43c03c3fe7 Merge "Support zoned device with dm-default-key" am: bb97be3d82
Original change: https://android-review.googlesource.com/c/platform/system/vold/+/2116417

Change-Id: I6d01a22e9e2b4770be90797e4f94199058de2144
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
2022-06-09 15:09:58 +00:00
Jaegeuk Kim
bb97be3d82 Merge "Support zoned device with dm-default-key" 2022-06-09 14:53:25 +00:00
Jaegeuk Kim
f6151b434c Support zoned device with dm-default-key
Note that, encrypt_inplace cannot support zoned device, since it
doesn't support in-place updates. And, dm-default-key will have
a different key.

Bug: 172378121
Signed-off-by: Jaegeuk Kim <jaegeuk@google.com>
Change-Id: I34cb1e747e0f3faa07c5a4bfeded11fb789a033c
2022-06-07 18:43:54 -07:00
Daeho Jeong
019a2d5777 [automerger skipped] Merge "vold: fix the range of stopped state of idleMaint" into tm-dev am: baee102002 -s ours
am skip reason: Merged-In I785c8aeebd8fcf58c34d9be9968d99634d0b420a with SHA-1 372b3510b5 is already in history

Original change: https://googleplex-android-review.googlesource.com/c/platform/system/vold/+/18473902

Change-Id: I427409239d386c4fba44ec7bcd87989e51e529a4
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
2022-05-20 22:17:58 +00:00
Daeho Jeong
9c232cc152 [automerger skipped] vold: fix the range of stopped state of idleMaint am: 7667d64ab8 -s ours
am skip reason: Merged-In I785c8aeebd8fcf58c34d9be9968d99634d0b420a with SHA-1 372b3510b5 is already in history

Original change: https://googleplex-android-review.googlesource.com/c/platform/system/vold/+/18473902

Change-Id: I2e2a4afa9fd769dffc6c39d0c69a13418d03ca6f
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
2022-05-20 22:17:56 +00:00
Daeho Jeong
baee102002 Merge "vold: fix the range of stopped state of idleMaint" into tm-dev 2022-05-20 21:15:13 +00:00
Zimuzo Ezeozue
2b5038faa5 Merge "Abort FUSE as part of volume reset" am: 3712b8de01 am: 73383ddb7f
Original change: https://android-review.googlesource.com/c/platform/system/vold/+/2101651

Change-Id: I96d9d16e7989a547b3c0bfa97317f3e6e136bfab
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
2022-05-20 13:15:55 +00:00
Zimuzo Ezeozue
73383ddb7f Merge "Abort FUSE as part of volume reset" am: 3712b8de01
Original change: https://android-review.googlesource.com/c/platform/system/vold/+/2101651

Change-Id: I7e4e62ee8b89168c03ab86071a8e7e109958906b
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
2022-05-20 12:45:14 +00:00
Corina Grigoras
97c642cc99 Merge "Abort FUSE as part of volume reset" into tm-dev am: 05098fee39
Original change: https://googleplex-android-review.googlesource.com/c/platform/system/vold/+/18492349

Change-Id: Ie48a761a1b173f66e3cddbae6f965148c7a18645
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
2022-05-20 12:43:50 +00:00
Corina Grigoras
05098fee39 Merge "Abort FUSE as part of volume reset" into tm-dev 2022-05-20 09:59:53 +00:00
Zimuzo Ezeozue
3712b8de01 Merge "Abort FUSE as part of volume reset" 2022-05-20 09:34:24 +00:00
Zim
817f224fb4 Abort FUSE as part of volume reset
This fixes a bug in Android T where MediaProvider leaked FUSE fds in
it's process preveventing it from dying after being killed. This
resulted in the MP in a zombie state.

Even though, this bug was more prevalent in Android T due to a change
in the Parcel lifecycle (see b/233216232), this bug could have always
occurred in theory.

This fix should be harmless since after volume reset, all FUSE volumes
should be unmounted and aborting the FUSE connections will either
no-op or actually prevent the FUSE daemon from getting wedged in a
zombie state.

Test: Manually trigger a FUSE fd leak in the MediaProvider, kill it
and verify that it is restarted without zombie.
Bug: 233216232
Bug: 231792374
Bug: 230445008
Change-Id: I9e559a48b9a72e6ecbc3a277a09ea5d34c9ec499
2022-05-20 09:33:12 +00:00
Eric Biggers
a405db560e Remove obsolete support for emulated FBE
Emulated FBE was a developer-mode feature intended to allow developers
to add Direct Boot support to apps before native FBE devices became
widely available.  Since all devices running the latest version of
Android now use native FBE (except for a couple edge cases not relevant
here, like in-development devices on which encryption hasn't been
enabled yet), and emulated FBE doesn't work on native FBE devices
anyway, there's no longer any need to carry the code for emulated FBE.

Bug: 232458753
Change-Id: Ia6824699b578aca3af340fe578e26d5a5dc82b16
2022-05-20 04:41:42 +00:00