Commit graph

6299 commits

Author SHA1 Message Date
Ellen Arteca
e76fb7a810 Merge "Revert^2 "Add @SensitiveData tag to IVold"" into main 2024-04-02 22:34:27 +00:00
Ellen Arteca
3785afbdd3 Revert^2 "Add @SensitiveData tag to IVold"
This reverts commit 697c6a5217.
It is reapplying the change in I0439f63fd4739bf5a6c957695cc9c3003ec89eb0.

Reason for revert: Undoing the revert (putting the change back in); after looking at the 
performance bug, it seems impossible it was caused by the addition of the `@SensitiveData` 
tag on IVold.
Performance bug: 331045735

Bug: 320392352
Test: launch_cvd -daemon

Change-Id: I522f63836155ea404260e89fd2f209738f37d5b3
2024-03-29 21:32:40 +00:00
Ellen Arteca
366ad7a6f1 Merge "Revert "Add @SensitiveData tag to IVold"" into main 2024-03-27 19:49:34 +00:00
Ellen Arteca
697c6a5217 Revert "Add @SensitiveData tag to IVold"
This reverts commit da1d160074.

Reason for revert: reverting while figuring out what is causing performance bug 331045735

Change-Id: Ib306e679e65c3a585304ad4c33304c549cbb240e
2024-03-27 05:30:39 +00:00
Ellen Arteca
bb525131bb Merge "Add @SensitiveData tag to IVold" into main 2024-03-22 21:21:15 +00:00
Ellen Arteca
da1d160074 Add @SensitiveData tag to IVold
Mitigate data leak across the Binder boundary to Vold, of secrets derived from the LSKF.
Specifically: the `String secret` argument to both `setCeStorageProtection` and `unlockCeStorage` is
a secret derived from the user's synthetic password.

This CL is part of an effort to wipe instances of the LSKF and
secrets derived from it, so they are not available in a RAMdump.

Bug: 320392352
Test: launch_cvd -daemon

Change-Id: I0439f63fd4739bf5a6c957695cc9c3003ec89eb0
2024-03-21 23:12:18 +00:00
Treehugger Robot
7ed876741c Merge "Revert "Reduce AppFuse max read size."" into main 2024-03-21 15:01:22 +00:00
Martijn Coenen
6bce91cd30 Revert "Reduce AppFuse max read size."
This reverts commit fb014fc6e8.

Reason for revert: b/325994066

Change-Id: Ia8bb76ac69713df8bd9df5501b3dde9a86a5fd99
2024-03-08 14:37:13 +00:00
Xin Li
300df5a5d8 Merge "Merge Android 14 QPR2 to AOSP main" into main 2024-03-07 06:10:52 +00:00
Xin Li
01c18abebc Merge Android 14 QPR2 to AOSP main
Bug: 319669529
Merged-In: Ib360884801c37c093d9836109f0b817987abd850
Change-Id: I29925f20f929ec0522ce12e58e8a05f44490ba88
2024-03-06 18:58:28 -08:00
Momoko Hattori
481c20da07 Merge "vold: Unmount StubVolume disks before unmounting EmulatedVolumes" into main am: 2f20c808c2
Original change: https://android-review.googlesource.com/c/platform/system/vold/+/2850049

Change-Id: Ib360884801c37c093d9836109f0b817987abd850
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
2024-03-05 09:34:11 +00:00
Momoko Hattori
2f20c808c2 Merge "vold: Unmount StubVolume disks before unmounting EmulatedVolumes" into main 2024-03-05 08:45:29 +00:00
Eric Biggers
37216f1084 Merge "Delete unused code conditional on MANAGE_MISC_DIRS" into main am: cc2f93829c
Original change: https://android-review.googlesource.com/c/platform/system/vold/+/2978556

Change-Id: If24e84ecff3eff052814ec5f275d464ab9ebf0e9
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
2024-02-28 00:31:41 +00:00
Eric Biggers
cc2f93829c Merge "Delete unused code conditional on MANAGE_MISC_DIRS" into main 2024-02-27 23:51:33 +00:00
Eric Biggers
d0e9a59885 Delete unused code conditional on MANAGE_MISC_DIRS
Since MANAGE_MISC_DIRS is hardcoded to 0, and it always has been, there
is no need to have it in the code.

Test: build
Change-Id: I30a73e67999841271e07dbc3eeb1b8568529a7c3
2024-02-27 03:00:34 +00:00
Momoko Hattori
b4e033ed4c vold: Unmount StubVolume disks before unmounting EmulatedVolumes
The current shutdown / reset logic in VolumeManager unmounts
EmulatedVolume first, and unmounts the other disks.

In ARC (Android on ChromeOS), ChromeOS Downloads directory (exposed from
ChromeOS to Android as a disk having StubVolume) is bind-mounted to
/data/media/0/Download in the ARC-customized version of
StubVolume::doMount() (http://shortn/_lKaAhTLhY3), and the current
unmount order causes EmulatedVolume not to be cleanly unmounted. This
patch hence changes the order of the unmount of volumes to first unmount
StubVolume disks, then unmount the EmulatedVolumes, then unmount the
non-StubVolume disks.

Bug: 304369444
Test: On an Android phone, create a virtual public volume with the
  following commands on adb shell (taken from
  android.scopedstorage.cts.lib.TestUtils.createNewPublicVolume()):
  $ sm set-force-adoptable on
  $ sm set-virtual-disk true
  $ sm list-disks  # <- This returns the virtual disk name
  $ sm partition <virtual disk name> public
  Then, run `vdc volume reset` on lynx adb shell, observe logcat from
  vold and check that no error is observed.
Test: Run `vdc volume reset` on ARC adb shell, and confirm that:
  * Without this patch, the primary emulated volume fails to unmount
    with "Device or resource busy", followed by MyFiles volume unmount.
  * With this patch, MyFiles volume is unmounted before the primary
    emulated volume, and no error is observed.

Change-Id: I54f60e3320574ccf8d3589545ff77967fff14fc7
2024-02-22 18:07:18 +09:00
Treehugger Robot
f291279b12 Merge "Reduce AppFuse max read size." into main am: 527a52874e
Original change: https://android-review.googlesource.com/c/platform/system/vold/+/2859125

Change-Id: Ib3c5e4302d38e527d3c15e94b25991994ea9bdfc
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
2024-02-19 11:19:41 +00:00
Treehugger Robot
527a52874e Merge "Reduce AppFuse max read size." into main 2024-02-19 10:39:40 +00:00
David Anderson
3774a02e66 Merge "Add API to get remaining lifetime as a percentage." into main am: f75d8fc237
Original change: https://android-review.googlesource.com/c/platform/system/vold/+/2940229

Change-Id: Ifbecbd4442b970b87605b6c223e89efd11f5bcba
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
2024-02-01 05:27:53 +00:00
David Anderson
f75d8fc237 Merge "Add API to get remaining lifetime as a percentage." into main 2024-02-01 04:51:03 +00:00
David Anderson
0620564ecb Add API to get remaining lifetime as a percentage.
This differs slightly from the previous API, which exists for idle
maintenance, whereas this value is intended to be displayed to users.
First, it returns remaining lifetime, rather than used lifetime. Second,
it rounds up the returned value for usabilty purposes. This isn't an
issue on Pixel (which reports at 1% granularity), but devices which
report at 10% granularity should show 100% out-of-box, which is not
possible to distinguish in the old API.

Bug: 309886423
Test: StorageManager.getRemainingStorageLifetime
Change-Id: Ic5f6ec9969667302ba8bad95b2765e2cc740bed4
2024-01-31 22:50:18 +00:00
Xin Li
eb6960e364 Merge Android 24Q1 Release (ab/11220357)
Bug: 319669529
Merged-In: I8efef8efbc9f01e1177fbe3105513166ad90d22f
Change-Id: If7ebdccc494c7edb5b1603eb3154ca508e14dc33
2024-01-23 22:16:46 -08:00
Neil Fuller
bb1f4dcdbd Merge "Add time_offset=<UTC offset> to mount arguments" into main am: 5b711b10db
Original change: https://android-review.googlesource.com/c/platform/system/vold/+/2901301

Change-Id: I96fac82b8cbad9f471b0dbcb26ac6fbc54a51273
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
2024-01-19 18:01:13 +00:00
Neil Fuller
5b711b10db Merge "Add time_offset=<UTC offset> to mount arguments" into main 2024-01-19 17:26:00 +00:00
Neil Fuller
6eea031719 Add time_offset=<UTC offset> to mount arguments
Add time_offset=<UTC offset> to mount arguments for the vfat driver.

This is not being release flagged as it's a fix for a regression but is
a cosmetic fix that shouldn't affect anything besides reported file
timestamps.

Changes for issue 246256335 in Android U stopped Android syncing the
current time zone UTC offset to the kernel because doing so is
discouraged. It is discouraged because the current offset alone is not
very useful - it tells the kernel nothing of DST or historic UTC
offsets. Converting to and from local times are are best left to
userspace where time zone rules information is available, and different
users can use different time zones.

However, because FAT32 is poorly designed WRT timestamps, the kernel
FAT32 driver, vfat, does use the kernel offset when available and when
it isn't given a fixed offset to use at volume mount time. This means
that Android devices after the change from issue 246256335 displayed
more obviously incorrect times.

This change adds the argument necessary to vold when mounting a FAT32
volume to set a fixed UTC offset to adjust FAT32 local times
to a UTC-like time ("UTC time" from now on). Userspace then uses the UTC
offset for that UTC time, calculated using TZDB rules, to convert back
to a local time. This is still prone to generating some incorrect times,
e.g. due to DST or other historic offset changes, or a user time zone
change on device after mounting the volume. FAT32 lacks the information
about "what was the UTC offset at file time X?" (unlike exFAT) AND the
vfat driver has no way to look up the time zone rules itself. This
change is a reasonable "better than nothing" change to address times
being obviously wrong after the change from issue 246256335, especially
when a user copies a file from a desktop computer to USB / sd card
storage and immediately plugs the device into an Android device. It does
this without reverting to kernel UTC offset syncing, which is flawed
(i.e. it would never work completely), discouraged, and more effort/code
to improve, e.g. because userspace would have to schedule alarms for
offset changes.

Testing:

1) Obtain a USB FAT32 formatted USB storage device that can be plugged into
   a pixel device, e.g. with an OTG USB adapter.
2) On a desktop computer, mount the device and write some files / note
   times associated with existing files. These times will already be
   adjusted by this OS to be "local time" based on its own logic, but if
   it's working correctly that time will be exactly the local time value
   stored in the FAT32 volume itself.
3) On a rooted Android device where you can use adb via Wifi (adb tcpip
   / adb connect), leaving the USB port free for external USB devices....
   a) $ adb root
   b) Insert the USB storage
   c) $ mount | grep 'fat'
   d) For the USB storage drive, observe the time_offset argument (or
   tz=UTC when time_offset == 0) reported (this would not be reported
   without this patch)
   e) ls -l /mnt/<mount location from (3c)>
   f) Confirm the local time displayed is as expected. e.g. the time
   should be the same as shown in (2), regardless of the device's time
   zone.
4) To observe the "fixed offset behavior" at mount time, alter the time
   zone setting on the device via Settings -> System -> Date & Time
   a) Repeat 3c-3e.
   b) The times shown will have changed by the difference between
   the original and new time zone chosen.
   c) Extract / re-insert the USB storage device.
   d) Repeat 3c-3e
   e) The times shown should match the times from (2) again
5) Confirm the write behavior:
   a) $ touch /mnt/<mount location from (3c)>/foobar
   b) $ ls -l /mnt/<mount location from (3c)>
   c) The time should match the device's displayed local time (status
   bar)
   d) Unmount the USB device and insert the USB device into a desktop computer
   e) Confirm the timestamp matches the Android device's local time when
   (5a) took place, e.g. using "ls -lT" on MacOS.

Testing was done with numerous zones with positive, negative and zero offsets.
Interesting zones like India (UTC+5:30), Kiribati (UTC+14), Wake Island
(UTC-11), the various fixed offset zones like Etc/GMT+12, Etc/GMT-14
were tried.

Note: Depending on the time zones being used on devices (Android and
desktop) and when the files were written / testing took place during the
year, you may see file times shifting by 1 hour from the "ls -l" step
depending on whether they were written in summer or winter time.  This
is because the userspace code for rendering times knows about DST but
the kernel driver is applying a fixed offset and does not.  This is
expected and illustrates the points at the top of this comment about
FAT32 integration never being perfect.
See https://www.google.com/search?q=fat32+dst for other examples.

Bug: 319417938
Bug: 315058275
Bug: 246256335
Test: See above
Change-Id: Ic7ce159d88db5d5cf5894bcc26ea60bd7c44917d
2024-01-19 16:51:20 +00:00
Treehugger Robot
1e1940d434 Merge "Don't use std::allocator::pointer" into main am: 55af483b78
Original change: https://android-review.googlesource.com/c/platform/system/vold/+/2901505

Change-Id: I110e19f98b191da52c353e979dfa4e00da270d7f
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
2024-01-11 21:55:22 +00:00
Treehugger Robot
55af483b78 Merge "Don't use std::allocator::pointer" into main 2024-01-11 21:22:05 +00:00
Tomasz Wasilczyk
786b395266 Don't use std::allocator::pointer
It's removed in C++20

Bug: 175635923
Test: m MODULES-IN-system-vold
Change-Id: Ief2875bfd3e2d2e5023ad4c0bb754a616fd42419
2024-01-10 00:01:58 +00:00
Eric Biggers
d7b3c40507 Merge "Remove userSerial param from vold methods that don't use it" into main am: 7730a4944f
Original change: https://android-review.googlesource.com/c/platform/system/vold/+/2871777

Change-Id: I7ed86185213bec08b4e626df05b356c4fc1358f8
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
2024-01-05 20:29:48 +00:00
Eric Biggers
7730a4944f Merge "Remove userSerial param from vold methods that don't use it" into main 2024-01-05 19:09:29 +00:00
Eric Biggers
a5a468c431 Remove userSerial param from vold methods that don't use it
createUserStorageKeys(), unlockCeStorage(), and prepareUserStorage()
have a user serial number parameter, but they don't actually do anything
with it except log it.  Remove this unnecessary parameter.

Bug: 316035110
Test: presubmit
Flag: N/A, mechanical refactoring
Change-Id: I73ebae1afb2bdb7ca856b40b34ce806fdda718fe
2024-01-04 22:39:43 +00:00
Eric Biggers
987629c024 Merge "vold: remove session keyring workaround for old kernels" into main am: 69c4d769ed
Original change: https://android-review.googlesource.com/c/platform/system/vold/+/2834717

Change-Id: I7efb8ff4d350d02611956e6c118e164dfc50e9ca
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
2024-01-04 18:46:59 +00:00
Eric Biggers
69c4d769ed Merge "vold: remove session keyring workaround for old kernels" into main 2024-01-04 18:21:23 +00:00
Eric Biggers
0e87a83cba vold: remove session keyring workaround for old kernels
The android-4.14-stable and later kernels support the
FS_IOC_ADD_ENCRYPTION_KEY and FS_IOC_REMOVE_ENCRYPTION_KEY ioctls.  This
has superseded the old way of adding fscrypt keys to the kernel, which
was to use the add_key() syscall to add keys to the "session" keyring.
On kernels that support the ioctls, Android doesn't use the obsolete
way.  Since upgrading even just to Android 14 requires at minimum a
android-4.14-stable kernel (according to
https://source.android.com/docs/core/architecture/kernel/android-common#compatibility-matrix),
there is no need to support the obsolete way anymore.

Therefore, this commit removes the code that added and removed keys
to/from the session keyring.  Now the ioctls are used unconditionally.

Flag: N/A for the following reasons:
      - Removing obsolete code, which is fairly safe
      - Very early code, so runtime flag cannot be used
      - This topic also removes code from init, which cannot use aconfig
        libraries because they do not support recovery_available

Bug: 311736104
Test: Build and boot Cuttlefish
Change-Id: I0d9abbda77b1ac838ea6f014dbe22ab032c0e5ae
2023-12-05 19:39:33 +00:00
Hyeeun Jun
fb014fc6e8 Reduce AppFuse max read size.
Since the max read size of FUSE is 128KB in default, the socket header
of the appfuse epollcontroller is allocated in order 4 (64KB).  When
memory environment is in insufficient situation that has a lot of
fragment, order 4 size memory allication is impossible, so more than
several tens of seconds could take to allocate the socket header.

To prevent the issue, limit the fuse read size to 64KB, so that the
memory allocation order of the socket header is changed to order 2.

Bug: 312503249
Test: atest AppFusePerfTest
Change-Id: I7020801b7539d980515885396916f8be1f1008e9
2023-12-05 08:11:21 +00:00
Daniel Rosenberg
8b9e01f70a Merge "Add support for 16k F2FS" into main am: 1dd20644dc am: 057ea22258 am: caceb0aae1
Original change: https://android-review.googlesource.com/c/platform/system/vold/+/2836451

Change-Id: Ibb1fa146dc5c9fef81fb25bceedc7b116836ab6e
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
2023-12-01 23:43:43 +00:00
Daniel Rosenberg
72035b3638 Merge "Add support for 16k F2FS" into main am: 1dd20644dc am: a6fcafe382 am: 2213944986
Original change: https://android-review.googlesource.com/c/platform/system/vold/+/2836451

Change-Id: I2c63d6101ea7f55914ff6c5893e833b3b536d72a
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
2023-12-01 23:42:46 +00:00
Daniel Rosenberg
caceb0aae1 Merge "Add support for 16k F2FS" into main am: 1dd20644dc am: 057ea22258
Original change: https://android-review.googlesource.com/c/platform/system/vold/+/2836451

Change-Id: I2d0326a46081b3347ba549f8c48ab9c39c177008
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
2023-12-01 23:11:40 +00:00
Daniel Rosenberg
2213944986 Merge "Add support for 16k F2FS" into main am: 1dd20644dc am: a6fcafe382
Original change: https://android-review.googlesource.com/c/platform/system/vold/+/2836451

Change-Id: I860125d475e75f2bccc7fcb82fde10bc4627ac0f
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
2023-12-01 23:10:47 +00:00
Daniel Rosenberg
057ea22258 Merge "Add support for 16k F2FS" into main am: 1dd20644dc
Original change: https://android-review.googlesource.com/c/platform/system/vold/+/2836451

Change-Id: I8ffea2f471bfb36ceaffc3cb6fb143f7474d7d32
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
2023-12-01 22:47:58 +00:00
Daniel Rosenberg
a6fcafe382 Merge "Add support for 16k F2FS" into main am: 1dd20644dc
Original change: https://android-review.googlesource.com/c/platform/system/vold/+/2836451

Change-Id: I2be3d858550a9a24524db0bf1cafbe0b671b1da4
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
2023-12-01 22:36:30 +00:00
Daniel Rosenberg
1dd20644dc Merge "Add support for 16k F2FS" into main 2023-12-01 21:16:02 +00:00
Daniel Rosenberg
fb2bf902fd Add support for 16k F2FS
Currently F2FS block size must match page size, so this just does that.
If we support page size != block size for F2FS, this should be
revisited.

Bug: 279820706
Test: Boot 16K device
Change-Id: I6b3b367cdf76ccf5b2c5d309499027a5e7383a44
Signed-off-by: Daniel Rosenberg <drosen@google.com>
2023-12-01 01:07:22 +00:00
Jaegeuk Kim
a68eb936be Merge "Use logical path to handle different dm target per boot" into main am: c322b82524 am: 11ebdeb460 am: f62b79a22e
Original change: https://android-review.googlesource.com/c/platform/system/vold/+/2825095

Change-Id: Ie2a928693ec4acad601ca7525fcdbefc3d5a37b1
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
2023-11-15 03:15:01 +00:00
Jaegeuk Kim
23455ddc12 Merge "Use logical path to handle different dm target per boot" into main am: c322b82524 am: ffa86e0a00 am: bb2c2fa395
Original change: https://android-review.googlesource.com/c/platform/system/vold/+/2825095

Change-Id: I24d98bfc825bf5d86b24aa94bae7b9c9aeb7a676
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
2023-11-15 03:14:40 +00:00
Jaegeuk Kim
f62b79a22e Merge "Use logical path to handle different dm target per boot" into main am: c322b82524 am: 11ebdeb460
Original change: https://android-review.googlesource.com/c/platform/system/vold/+/2825095

Change-Id: Ide7bf8e06d5058a42b3f2517dd0360ad9df3de2f
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
2023-11-15 02:44:57 +00:00
Jaegeuk Kim
bb2c2fa395 Merge "Use logical path to handle different dm target per boot" into main am: c322b82524 am: ffa86e0a00
Original change: https://android-review.googlesource.com/c/platform/system/vold/+/2825095

Change-Id: I25e537ea42200708fa33831cc8ac94d0c476ac49
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
2023-11-15 02:42:59 +00:00
Jaegeuk Kim
ffa86e0a00 Merge "Use logical path to handle different dm target per boot" into main am: c322b82524
Original change: https://android-review.googlesource.com/c/platform/system/vold/+/2825095

Change-Id: I7ac7964c817d1004e8975f793feb280072b9c3a5
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
2023-11-15 02:11:58 +00:00
Jaegeuk Kim
11ebdeb460 Merge "Use logical path to handle different dm target per boot" into main am: c322b82524
Original change: https://android-review.googlesource.com/c/platform/system/vold/+/2825095

Change-Id: I11b390b157eeed8a851ee857c92c42b791c4e657
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
2023-11-15 02:11:50 +00:00
Jaegeuk Kim
c322b82524 Merge "Use logical path to handle different dm target per boot" into main 2023-11-15 01:38:42 +00:00