Commit graph

23 commits

Author SHA1 Message Date
Jeff Sharkey
ce6a913aea Exclusive exec() path, format after partition.
Sadly setexeccon() is process global, so we need to carefully ensure
that all exec() are mutually exclusive to avoid transitioning into
unwanted domains.  Also, because we have several threads floating
around, we need to guard all our FDs with O_CLOEXEC.

Format all newly created volumes immediately after partitioning,
but silence all events emitted from those volumes to prevent the
framework from getting all excited.  Unify all notify events under a
single codepath to make them easy to silence.

Sent SIGINT before escalating to SIGTERM when unmounting.

Bug: 19993667
Change-Id: Idc6c806afc7919a004a93e2240b42884f6b52d6b
2015-04-11 08:48:13 -07:00
Hiroaki Miyazawa
14eab550e8 Fixed type mismatch for ioctl(BLKGETSIZE)
ioctl(BLKGETSIZE) expects unsigned long
(8 bytes on 64 bit environment).

This is fixing fails in android.os.storage.StorageManagerIntegrationTest
(in FrameworkCoreTests).

To verify, install FrameworksCoreTests.apk and do:

adb shell am instrument -r -w -e class android.os.storage.\
StorageManagerIntegrationTest#testMountSingleEncryptedObb \
com.android.frameworks.coretests/android.test.InstrumentationTestRunner

Change-Id: Ib6d5c7490c02521c93f107c35ad0aac49f6a3f1a
2015-03-30 11:28:11 -07:00
Henrik Baard
2152266deb Change strncpy to strlcpy
Change all function calls to strncpy to strlcpy.

Change-Id: I2bbefb7829d715847c5b26f4b9f0faddbd4c89d0
2015-02-06 09:24:14 +01:00
Nick Kralevich
096dd2dd8c am ab083da0: Merge "Set SELinux contexts on device nodes created by vold."
* commit 'ab083da069a73f787a9304e155c0ab847c85377f':
  Set SELinux contexts on device nodes created by vold.
2014-10-18 23:09:09 +00:00
Stephen Smalley
684e662502 Set SELinux contexts on device nodes created by vold.
Extend vold to look up and set SELinux contexts on the
device nodes it creates for extra loop devices and for volumes.
Prior to this change, these device nodes simply inherited the type
of their parent directory /dev/block, i.e. block_device, and vold
therefore required create_file perms to block_device:blk_file.
With this change we can scope vold down to accessing specific
block device types.

This depends on change Id3bea28f5958086716cd3db055bea309b3b5fa5a
to allow vold to use setfscreatecon().

Change-Id: Ib9e8294abb1da94d92503947603ec12e802ff08c
Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>
2014-09-30 15:35:28 -04:00
Jeff Sharkey
43ed123d3f ASEC resize tweaking, allow read-write mounting.
Resize is no-op when sector count is unchanged; the caller can't
anticipate how vold does its sector calculations.

After resizing, we need to mount the container read-write, so allow
the caller to request "ro" or "rw" mode.

Handle ENOTSUP when trying to fallocate() on some filesystems

Bug: 16514385
Change-Id: I0d3a378280d4c36d14f8108ff428102283d583fa
2014-08-22 15:39:41 -07:00
Daniel Rosenberg
fcd34a0ddd Added support for ext4 ASEC resizing.
ASECs formatted as ext4 can now be resized using vdc asec resize.
Refactored some common code.
Requires resize2fs.

Change-Id: Ie78bb6015114a7bc4af42b16d1f299322ffc1e2a
Signed-off-by: Daniel Rosenberg <drosen@google.com>
2014-06-10 22:15:33 +00:00
Mark Salyzyn
5eecc449cc vold: suppress unused argument warning messages
(cherry picked from commit 3e971277db)

Change-Id: Ic1ab533f756fbd44b1f2e5ae12e2f5736ace7740
2014-02-12 14:27:51 -08:00
Mark Salyzyn
3e971277db vold: suppress unused argument warning messages
Change-Id: Ic1ab533f756fbd44b1f2e5ae12e2f5736ace7740
2014-02-12 20:18:28 +00:00
Kenny Root
344ca10856 Add in ext4 support for ASEC containers
Now forward locked applications will be in ASEC containers both internal
to the system and externally.

This change adds support for putting applications in ext4-based ASECs.

Change-Id: I8d6765b72dd2606e429c067b47a2dbcaa8bef37d
2012-04-25 14:15:15 -07:00
Mike Lockwood
273d354919 am 2c9d8de7: Merge "Prevent buffer overflows."
* commit '2c9d8de79a0dd7f894c65777a197c86486aff96c':
  Prevent buffer overflows.
2011-06-29 06:42:33 -07:00
Peter Bohm
092aa1c585 Prevent buffer overflows.
To eliminate possible buffer overflows some strcpy,
sprintf and strcat have been changed to strlcpy,
snprintf and strlcat.

Change-Id: Ieb9d4b600c894946a6492f8629ff39f2fcc106d3
Signed-off-by: Oskar Andero <oskar.andero@sonyericsson.com>
2011-06-27 10:04:05 +02:00
Kenny Root
7c16502dbc Use LOOP_GET_STATUS64 for checking loop devices
To determine whether a loop device was available, we use an ioctl call
to LOOP_GET_STATUS, but this fails on devices with large storage
partitions with errno = EOVERFLOW. Instead use LOOP_GET_STATUS64 which
succeeds.

Bug: 3412121
Change-Id: Ica3cb48885d3555f2d27073c00e31fc51a08c730
2011-02-01 16:01:05 -08:00
Olivier Bailly
37dcda68d3 Add missing include headers for compilation on Intel target for Google TV.
Change-Id: I9f71b5e871671d1d64ad37f78a8944653409b8e1
2010-11-16 10:41:53 -08:00
Kenny Root
e17e91f63b Fix loop_info/loop_info64 impedance mismatch
LOOP_GET_STATUS64 isn't useful here since the data contained within
isn't actually checked, so stick with the regular LOOP_GET_STATUS here
to match the struct loop_info we're using.

Change-Id: I4f9ff06fa44d4ae3aed046d423054554f9cf450b
2010-07-16 16:28:49 -07:00
Kenny Root
508c0e1605 Additional Obb functionality
* Rename all functions dealing with OBB files to mention Obb

* Add 'path' and 'list' functionality to OBB commands

* Store hashed filename in loop's lo_crypt_name and keep lo_file_name
  for the real source filename. That way we can recover it later with an
  ioctl call.

Change-Id: I29e468265988bfb931d981532d86d7be7b3adfc8
2010-07-15 12:41:01 -07:00
San Mehat
97ac40e4e6 vold: Switch from LOG -> SLOG
Change-Id: I48ee8bd90b47f5845f069cdf4d1b8ba6ecdb1b39
Signed-off-by: San Mehat <san@google.com>
2010-03-25 08:02:28 -07:00
San Mehat
d9a4e35861 vold: Bugfixes & cleanups
- Fix issue where container-names > 64 bytes were getting truncated in the
    kernel. lo_name is only 64 bytes in length, so we now hash the container
    id via md5
  - Add 'dump' command to dump loop and devicemapper status
  - Add 'debug' command to enable more detailed logging at runtime
  - Log vold IPC arguments (minus encryption keys)
  - Fix premature return from Loop::lookupActive() and friends

Change-Id: I0e833261a445ce9dc1a8187e5501d27daba1ca76
Signed-off-by: San Mehat <san@google.com>
2010-03-13 16:42:19 -08:00
San Mehat
d31e380bd9 vold2: Don't allow containers < 1mb, and clean up some logging
Signed-off-by: San Mehat <san@google.com>
2010-02-18 11:48:49 -08:00
San Mehat
8b8f71b1d7 vold: Internally use sector counts for asec lengths
Signed-off-by: San Mehat <san@google.com>
2010-01-11 09:17:25 -08:00
San Mehat
b78a32c1d5 vold: Add encrypted ASEC support via devmapper
- Supports up to 4096 containers
- Keys are now implemented - specifying a key of 'none' means no encryption.
  Otherwise, the key must be a string of 32 characters

Signed-off-by: San Mehat <san@google.com>
2010-01-11 08:12:52 -08:00
San Mehat
8da6bcb006 vold: Increase max supported loop devices to 255
Signed-off-by: San Mehat <san@google.com>
2010-01-09 12:24:05 -08:00
San Mehat
a19b250bd2 vold2: Initial support for Android Secure External Caches
Signed-off-by: San Mehat <san@google.com>
2010-01-06 10:55:29 -08:00