Commit graph

87 commits

Author SHA1 Message Date
Jiyong Park
973e05938d Remove ndk_platform backend. Use the ndk backend.
The ndk_platform backend will soon be deprecated because the ndk backend
can serve the same purpose. This is to eliminate the confusion about
having two variants (ndk and ndk_platform) for the same 'ndk' backend.

Bug: 161456198
Test: m
Change-Id: I87554ce86da0f862568c5aa84a21e6613655eb25
2021-07-27 12:21:11 +09:00
Sean Keys
8452f41d4a Add command for setting the key binding seed
The seed value is passed to vold early in startup so that the
key-encryption keys are bound to the seed. This is useful for systems
like auto, in which the Android device may not require credentials to
use. In that case, the device should be bound to the rest of the system
(the car, in the case of auto) to guard against theft.

Test: manual
Change-Id: I2e16387b0752a30ef226b5ddf32ebf955aa9610a
2021-07-13 23:41:50 +00:00
Paul Crowley
604abdd0cb Remove wait_for_keymaster and all references
No longer needed now init listens for property changes on a
separate thread.

Bug: 186580823
Test: Cuttlefish boots successfully
Change-Id: I7dd1f85a73df6c2160ef8778703709e90309b9b4
2021-06-15 15:54:51 -07:00
Eric Biggers
d86a8abec7 Replace most references to Keymaster with Keystore
Now that vold uses Keystore2 rather than the Keymaster HAL directly, and
also the new version of Keymaster is called "KeyMint" instead, replace
most of the references to Keymaster in vold with Keystore.

(I decided not to include the "2" in most places, as it seemed
unnecessarily precise in most places, and it would be something that
might need to keep being updated.  Only Keystore.{cpp,h} really need to
care about the version number.)

I didn't rename many things in cryptfs.cpp, as that file will be going
away soon anyway.  I also left "wait_for_keymaster" and "vdc keymaster
earlyBootEnded" as-is for now, as those are referenced outside vold.

Bug: 183669495
Change-Id: I92cd648fae09f8c9769f7cf34dbf6c6e956be4e8
2021-06-15 12:07:15 -07:00
Satya Tangirala
e8de4ffd73 Make vold use keystore2 instead of keymaster
Make vold use keystore2 for all its operations instead of directly using
keymaster. This way, we won't have any clients that bypass keystore2,
and we'll no longer need to reserve a keymaster operation for vold.

Note that we now hardcode "SecurityLevel::TRUSTED_ENVIRONMENT" (TEE)
when talking to Keystore2 since Keystore2 only allows TEE and STRONGBOX.
Keystore2 presents any SOFTWARE implementation as a TEE to callers when
no "real" TEE is present. As far as storage encryption is concerned,
there's no advantage to using a STRONGBOX when a "real" TEE is present,
and a STRONGBOX can't be present if a "real" TEE isn't, so asking
Keystore2 for a TEE is the best we can do in any situation.

The difference in behaviour only really affects the full disk encryption
code in cryptfs.cpp, which used to explicitly check that the keymaster
device is a "real" TEE (as opposed to a SOFTWARE implementation) before
using it (it can no longer do so since Keystore2 doesn't provide a way
to do this).

A little code history digging (7c49ab0a0b in particular) shows that
cryptfs.cpp cared about two things when using a keymaster.
 - 1) that the keys generated by the keymaster were "standalone" keys -
      i.e. that the keymaster could operate on those keys without
      requiring /data or any other service to be available.
 - 2) that the keymaster was a non-SOFTWARE implementation so that things
      would still work in case a "real" TEE keymaster was ever somehow
      added to the device after first boot.

Today, all "real" TEE keymasters always generate "standalone" keys, and
a TEE has been required in Android devices since at least Android N. The
only two exceptions are Goldfish and ARC++, which have SOFTWARE
keymasters, but both those keymasters also generate "standalone" keys.

We're also no longer worried about possibly adding a "real" TEE KM to
either of those devices after first boot. So there's no longer a reason
cryptfs.cpp can't use the SOFTWARE keymaster on those devices.

There's also already an upgrade path in place (see
test_mount_encrypted_fs() in cryptfs.cpp) to upgrade the kdf that's
being used once a TEE keymaster is added to the device. So it's safe for
cryptfs.cpp to ask for a TEE keymaster from Keystore2 and use it
blindly, without checking whether or not it's a "real" TEE, which is why
Keymaster::isSecure() just returns true now. A future patch will remove
that function and simplify its callers.

Bug: 181910578
Test: cuttlefish and bramble boot. Adding, switching between, stopping
      and removing users work.
Change-Id: Iaebfef082eca0da8a305043fafb6d85e5de14cf8
2021-04-08 00:16:01 +00:00
Songchun Fan
f77beb516b [vold] expose binder headers to dependent modules
This allows libincremental_aidl-cpp to be built via cc_library instead
of aidl_interface.

BUG: 181266844
Test: builds
Change-Id: I4f0bc82629c0df758467aa074274b30f9dc6718d
2021-02-25 15:32:16 -08:00
Bob Badour
8eb43ae497 [LSC] Add LOCAL_LICENSE_KINDS to system/vold
Added SPDX-license-identifier-Apache-2.0 to:
  Android.bp
  bench/inodeop_bench/Android.bp
  tests/Android.bp

Bug: 68860345
Bug: 151177513
Bug: 151953481

Test: m all

Exempt-From-Owner-Approval: janitorial work
Change-Id: I91823c7097d7bee39a363a0c0cc30de13e4d7539
2021-02-14 10:37:25 -08:00
Jeongik Cha
89253240ec Specify version for aidl_interface explicitly
Bug: 150578172
Test: m
Change-Id: Ie51caa503b6b1e5c29372b85d0357be292144126
2021-01-26 22:35:14 +09:00
Yifan Hong
3355ff7790 Merge changes from topic "health_storage_aidl"
* changes:
  Use AIDL HAL for Dev GC
  Refactor HIDL HAL Dev GC invocation
2021-01-20 19:45:16 +00:00
Risan
4ad2048001 Revert^4 "Customize StubVolume implementation for ARC"
This reverts commit 8ed81fd9ca.

Reason for revert: Let me try one last time more carefully. According to https://googleplex-android-review.git.corp.google.com/q/%2522customize+stubvolume%2522 - this CL will flow to aosp branches (without vendor images) and 2 branches with vendor images. I have submitted the vendor CL for both branches now (ag/13366009 and ag/13371672). This should not break anything now.

Change-Id: I69aacceabfb70053387a3c156b49e06be65fe6e4
2021-01-20 10:33:18 +00:00
Maurice Lam
8ed81fd9ca Revert "Revert "Revert "Customize StubVolume implementation for ARC"""
This reverts commit 3164c0a238.

Reason for revert: b/177917240

Change-Id: I69f541698a3068d59553d555846ba45d169fbbed
2021-01-19 19:03:56 +00:00
Risan
3164c0a238 Revert "Revert "Customize StubVolume implementation for ARC""
This reverts commit 0cf77b025d.

Reason for revert: The requird libarcvolume has been submitted to master (ag/13366009)

Change-Id: I86fada53aad2ec5faa497a9bcbce5435c35d040e
2021-01-19 02:24:38 +00:00
Mariia Sandrikova
0cf77b025d Revert "Customize StubVolume implementation for ARC"
This reverts commit b5d7cb0a52.

Reason for revert: Broken build b/177828900
Fix: 177829766

Change-Id: Ic2984da3b11bcf5597203b511943d3058ea9ea19
2021-01-18 15:28:41 +00:00
Risan
b5d7cb0a52 Customize StubVolume implementation for ARC
This allow ARC to customize StubVolume implementation in vendor
partition.

Bug: 132796154
Test: Customize the implementation of StubVolume and check on device.
Ignore-AOSP-First: Will cherry-pick to AOSP.
Change-Id: I626a7ed4113b6132bb456b3258ee4a93b4f8a72e
2021-01-18 08:31:58 +00:00
Yifan Hong
e1e494519e Use AIDL HAL for Dev GC
Test: run idle maint
Bug: 177470478

Change-Id: Iefddf8628e31f020b86ff56dfb4926c2c9a2a888
2021-01-15 18:27:57 -08:00
Yo Chiang
0af25a3a98 Add IVold::destroyDsuMetadataKey()
destroyDsuMetadataKey() / destroy_dsu_metadata_key() calls
android::gsi::GetDsuMetadataKeyDir() to query the DSU metadata
encryption key dir and destroy the key.
This releases the resource and allows consecutive DSU installations to
use the same key *directory*, but not the same key *blob*.

Bug: 168571434
Test: 1. Install a DSU system.
  2. Boot the DSU system and reboot back to the host system.
  3. Wipe the DSU installation.
  4. DSU metadata key dir /metadata/vold/metadata_encryption/dsu/dsu is
     destroyed.
Change-Id: Ib851177315a5a266807f46ccfd446de1848232cf
2020-10-13 16:00:43 +08:00
Treehugger Robot
f7794b5dc1 Merge "Add '-unstable' to solve ODR violation" 2020-09-11 08:19:44 +00:00
Jeongik Cha
f8f374a381 Add '-unstable' to solve ODR violation
The interface which is imported by an unstable interface is 'unstable'
as well. Until now, the ODR violation checker in aidl has omitted an
interface imported, but it will be checked, accordingly, fix the current
problem

Bug: 146436251
Test: m nothing
Change-Id: Id3c4bbc9149ba7c3e0a0d728026f02f60cb17424
Merged-In: Id3c4bbc9149ba7c3e0a0d728026f02f60cb17424
Exempt-From-Owner-Approval: cp from internal
2020-09-11 06:49:21 +00:00
Treehugger Robot
dd8b695c61 Merge "vold: restore -D__ANDROID_DEBUGGABLE__" am: 5de675c93b am: bb92ff6591
Original change: https://android-review.googlesource.com/c/platform/system/vold/+/1365586

Change-Id: Id417587a550b0f4abf5a6a3e4b4535011b21f627
2020-07-17 19:02:45 +00:00
Mark Salyzyn
865086debe vold: restore -D__ANDROID_DEBUGGABLE__
Regression introduced by
commit 7ebcc2bcfd
("Revert "[Vold] Conditional dependency to ARC++ ObbVolume"")
errantly removed the product_variables support for
-D__ANDROID_DEBUGGABLE__ when built for userdebug builds.

Restore stanza.

Signed-off-by: Mark Salyzyn <salyzyn@google.com>
Bug: 161454607
Test: adb-remount-test no longer reports a problem
Change-Id: Ia7e55d1174fa7fac2d934d4aac06d15e8be388af
2020-07-17 08:20:00 -07:00
Eric Biggers
4cd238b900 Merge "vold: remove checkEncryption" am: 2d9777bfbf am: 15c0d3e5d0
Original change: https://android-review.googlesource.com/c/platform/system/vold/+/1363339

Change-Id: I23b9a01632b61a92896ae83e2152fa047dd85c48
2020-07-16 21:00:33 +00:00
Eric Biggers
2d9777bfbf Merge "vold: remove checkEncryption" 2020-07-16 20:30:35 +00:00
Treehugger Robot
9afa4c65d8 Merge "Revert "[Vold] Conditional dependency to ARC++ ObbVolume"" am: 6e6fc6b8d3 am: 11757842a3
Original change: https://android-review.googlesource.com/c/platform/system/vold/+/1320919

Change-Id: Iec0c1190443f1366a0f105bb3eba3967635ff544
2020-07-16 12:03:40 +00:00
Eric Biggers
b7a14053c3 vold: remove checkEncryption
The testing-only "checkEncryption" command has been replaced with
VtsKernelEncryptionTest [1].  In particular, the metadata encryption
documentation [2] no longer mentions checkEncryption but rather
recommends running VtsKernelEncryptionTest.  Also, checkEncryption
hasn't really been maintained, and it has some known bugs; it's unclear
that many people ever really used it.

So, just remove it.

[1] https://android.googlesource.com/platform/test/vts-testcase/kernel/+/refs/heads/master/encryption/
[2] https://source.android.com/security/encryption/metadata#tests

Bug: 155037012
Change-Id: I258829c60768fd11aafdf2faad956cecc1ae9826
2020-07-15 11:21:33 -07:00
Satoshi Niwa
7ebcc2bcfd Revert "[Vold] Conditional dependency to ARC++ ObbVolume"
This reverts commit aedae617fe.

Reason for revert: ArcObbVolume is not needed by ARCVM R and above.

Bug: 157885448
Test: trybot
Change-Id: I16395ac8b6902cedea263f51e306b297d719043f
2020-07-13 05:07:18 +00:00
Treehugger Robot
bcbd085191 Merge "Revert "ARC++ swap for AppFuseUtil"" am: b6e2c14ed1 am: 4cf8ddeed2
Change-Id: I8d91ba35477d526ff886ed32c7c1357134dfca4d
2020-05-12 13:00:16 +00:00
Treehugger Robot
b6e2c14ed1 Merge "Revert "ARC++ swap for AppFuseUtil"" 2020-05-12 12:30:16 +00:00
Satoshi Niwa
601e7bd4e2 Revert "ARC++ swap for AppFuseUtil"
This reverts commit dcbd4fcad2.

Reason for revert: ARC is migrating to ARCVM on R, which doesn't use AppFuse any more.

Change-Id: Ifd0bf92a79c0ff25d782bea44dd593f9502f1959
2020-05-08 04:50:34 +00:00
Yurii Zubrytskyi
9e7482ece1 [vold] Add argument verification to IncFS methods
+ Get rid of an extra string copy in path validation function

Bug: 152349257
Test: atest vold_tests
Change-Id: I03a8cab0dd6abd7d5c9dcbbc2acb651e818e6cd8
Merged-In: I03a8cab0dd6abd7d5c9dcbbc2acb651e818e6cd8
2020-03-25 17:21:49 -07:00
Yurii Zubrytskyi
131365a3e5 [vold] Add argument verification to IncFS methods
+ Get rid of an extra string copy in path validation function

Bug: 152349257
Test: atest vold_tests
Change-Id: I03a8cab0dd6abd7d5c9dcbbc2acb651e818e6cd8
2020-03-25 14:33:24 -07:00
Automerger Merge Worker
7489ab6961 Merge changes from topics "metadata_wrapped_key_aosp", "volume_metadata" am: 36fd1ebfae am: 6891eb7e2d am: c14f46d114
Change-Id: I89f51bfaeb61c235aeccbe8a5a5a447ab14c46cb
2020-02-19 22:19:26 +00:00
Martijn Coenen
816f4d94f6 Add fixupAppDir() API.
This can be used to fixup application directories in case they have been
created by some other entity besides vold; the main use case for this
API right now is OBB directories, which can be created by installers
outside of vold; on devices without sdcardfs, such directories and the
files contained therein are not setup correctly. This API will make sure
everything is setup the way it needs to be setup.

Bug: 146419093
Test: inspect OBB dir after install
Change-Id: I2e35b7ac2992dbb21cc950e53651ffc07cfca907
2020-02-19 12:11:34 +01:00
Paul Crowley
886e572009 On newer devices, use dm-default-key to encrypt SD cards
The dm-crypt solution requires a kernel patch that won't be present in
the GKI kernel, while the new metadata encryption system in the GKI
kernel solves this problem in a much cleaner way.

Test: create private volume on Cuttlefish, setting property both ways.
Bug: 147814592
Change-Id: Ie02bd647c38d8101af2bbc47637f65845d312cea
2020-02-18 13:01:00 -08:00
Paul Crowley
85d1c77ff6 Merge changes Ic3993c1f,I06645bb4 am: ac34e9aa3e am: b62afed286 am: 54d05de798
Change-Id: Ib122e011bb7be162b76b94a31885863d2aff6d1e
2020-02-14 18:57:33 +00:00
Paul Crowley
220567c33a Generalize CryptoType infrastructure
More consistency between MetadataCrypt and cryptfs, and steps towards
supporting Adiantum properly in MetadataCrypt.

Test: create private volume on Cuttlefish
Bug: 147814592
Change-Id: Ic3993c1fde11b4f5a9e6cc8ee588a7d92241c6ab
2020-02-14 00:48:27 -08:00
Shawn Willden
35f0f22c9b Update vold to use KM4.1
This CL updates vold to use the Keymaster 4.1 interface, but does not
yet call any of the new methods.

Test: Boot the device
Change-Id: I4574a2f6eead3b71d1e89488b496b734694620c7
Merged-In: I4574a2f6eead3b71d1e89488b496b734694620c7
2020-02-11 15:51:04 -07:00
Automerger Merge Worker
cc64e0c9af Merge "Fixed a wrong AIDL import path" am: aa038e2f4d am: b35ead2c3a am: 3c78c789d6
Change-Id: Ifccc45bfaf67cc31f12902f56bcc50da238f8901
2020-01-23 03:53:23 +00:00
Shawn Willden
ae8f06fe1c Update vold to use KM4.1
This CL updates vold to use the Keymaster 4.1 interface, but does not
yet call any of the new methods.

Test: Boot the device
Change-Id: I4574a2f6eead3b71d1e89488b496b734694620c7
2020-01-21 06:58:19 -07:00
Jiyong Park
50c3ab6ac1 Fixed a wrong AIDL import path
AIDL import path should point to a root directory where relative path to
an AIDL file encodes the fully qualified name of the type in the file.

Since libvold_binder imports types like
android.os.incremental.IncrementalFileSystemControlParcel which are
under frameworks/base/core/java, the import path should set to the path,
not to the sub directory that directly has the AIDL files.

Bug: 147918827
Test: m
Change-Id: Ic4941578813eced5a7eb59a0656c10b76e902515
2020-01-20 12:37:52 +09:00
Songchun Fan
0583015a57 Merge "[incremental] use vold to mount/unmount IncrementalFileSystem" am: 6bdfb77d8b am: a0945f468a
am: 1119bc8531

Change-Id: I772667d5c43cdf1ff37b156db9f47b61820433c7
2019-12-06 01:16:26 -08:00
Songchun Fan
ab55cecdc1 [incremental] use vold to mount/unmount IncrementalFileSystem
Let vold mount IncFs onto directories under data and open control files.

Test: builds
Change-Id: Ibd96aae254b4fefaf56c9d549c4672a987c46221
2019-12-04 14:01:22 -08:00
Narayan Kamath
02efdf55d2 VolumeManager: limit the scope of remountUid post fork.
We want to be sure we're not allocating memory, holding locks
or otherwise preventing the child process from making progress.

This is a temporary fix of limited scope. In the medium term, it
would be preferable to exec a binary that performs this work for us
as soon as we fork.

Test: manual
Bug: 141678467

Change-Id: I57dbd9b3c887aa27e2dd609abf0ad43c66f4ef2a
2019-11-27 12:48:35 +00:00
Zim
5048b4b2bc Add mount callback
Mounting a FUSE path needs two steps:
1. Mounting the filesystem
2. Starting the FUSE session in the FUSE daemon

The second part requires retriving an fd from (1) and the mount paths
and passing it to the FUSE daemon.

Previously, we'd return from the Vold mount call and mark the volume
as mounted while we scramble to do (2). This means there's a time
period where the Volume is marked as MOUNTED but not actually ready
and any IO access on the paths will hang forever. This could also be
misleading when interpreting bug reports.

Now, we block the Vold mount call until the FUSE session is started

Test: atest AdoptableHostTest
Bug: 144275217

Change-Id: I45238a31df71286f67ef1c65c711d0085d72e97f
2019-11-22 17:06:04 +01:00
Paul Crowley
7ee93a66bb Merge "Remove libfscrypt now it's in libfs_mgr" am: 43f8298bdd am: ce187e7fd6
am: ff5ad94627

Change-Id: Ibeaec1d3fd09893706cd927ff715f5f76d516749
2019-10-30 20:44:43 -07:00
Paul Crowley
8bf310b9f3 Remove libfscrypt now it's in libfs_mgr
Now that we include libfscrypt in libfs_mgr via whole_static_libs we
should not reference it directly.

Bug: 143307095
Test: treehugger
Change-Id: I4cd138b50131ec8ce7835d9604c89c99cae53212
2019-10-30 13:34:49 -07:00
Tao Bao
8679d9e0e9 Merge "Mark libvold_headers as recovery_available." am: 4a13731f08 am: 51143b3555 am: 4ac5065a5d
am: 0ad2c38fc3

Change-Id: Icbaa1be2e9ad4c43e3a18f021fa01a247b21be83
2019-10-03 17:35:35 -07:00
Tao Bao
b1bbc7079c Mark libvold_headers as recovery_available.
recovery modules use <cryptfs.h> (in particular CRYPT_FOOTER_OFFSET).

Test: mmma bootable/recovery
Change-Id: I97b038476ccbeb0a5ac4a6cde86063325bdbb152
2019-10-02 10:50:53 -07:00
Steven Moreland
cbf87ff82c Merge "Remove libhwbinder/libhidltransport deps" am: 88a19b6fe1 am: e3b772e0f7 am: 149f8d0754
am: caeeec6490

Change-Id: Iad05e6116469acd0a2e019c577e5ab05ef6c99bd
2019-09-06 16:28:35 -07:00
Steven Moreland
4496ef9d34 Remove libhwbinder/libhidltransport deps
Since these were combined into libhidlbase.

Bug: 135686713
Test: build only (libhwbinder/libhidltransport are empty)
Change-Id: I890b572d537d66ecb49effd8efc782279c52956e
2019-09-05 14:18:22 -07:00
David Anderson
7cd6ceb835 Merge "libdm now requires linking to libext2_uuid." am: 9e821da9fe am: e91c2686e9 am: d26cb98c4d
am: 0be952d362

Change-Id: Icaa2f68ea5857df5dda76ebeb0ade0bbc9d26ccc
2019-07-12 17:34:58 -07:00