Storage keys that are encrypted by the user's synthetic password don't
need to be securely deletable by vold, since secure deletion is already
implemented at a higher level: the synthetic password protectors managed
by LockSettingsService. Therefore, remove the use of the secdiscardable
file by vold in this case to improve performance.
Bug: 232452368
Bug: 251131631
Bug: 251147505
Change-Id: I847d6cd3b289dbeb1ca2760d6e261a78c179cad0
A new interface, F2FS_IOC_SEC_TRIM_FILE, has been added to F2FS
filesystem to send secure discard command to a specific file,
not to block device. We can use this interface for better discard
command handling on a file basis.
[how to use F2FS_IOC_SEC_TRIM_FILE]
start: start offset in byte (should be aligned with 4096)
len: length in byte (should be aligned with 4096, except designating EOF)
-1 also means till EOF.
flags: F2FS_TRIM_FILE_DISCARD - sending secure discard command. If the
device doesn't support it, send normal
discard.
F2FS_TRIM_FILE_ZEROOUT - overwrite zero data in the file.
Bug: 140759142
Test: execute "secdiscard -- <file_path>" and check the content of file
Signed-off-by: Daeho Jeong <daehojeong@google.com>
Change-Id: I6ee44a047d291274c9d70ae5e4ccccfc06a52f89
Don't make stale zero'ing IO in block device after unlink, since filesystem
can reuse the block addresses and issue some IOs. If block layer reordered
two IOs, filesystem will see zero data, which crashes filesystem consistency.
Bug: 136964285
Test: run cts -m CtsDevicePolicyManagerTestCases -t com.android.cts.devicepolicy.CrossProfileAppsHostSideTest
Change-Id: I43c13622d094cecda1c53468adc240002111d605
Signed-off-by: Jaegeuk Kim <jaegeuk@google.com>
This file should avoid F2FS GC, since it directly access block device based
on fibmap.
Bug: 111659036
Change-Id: I15aef8175c23ba4029eb580e2dba59c77cca8227
Signed-off-by: Jaegeuk Kim <jaegeuk@google.com>
Android has a standard way to do what AutoCloseFD.h does, so use that
instead. Refactor before work on the bug.
Bug: 36029169
Test: Deleted a user and checked that secdiscard logs looked good.
Change-Id: I5d8bedfb3fa1f032fd2bced88b1b561e4a8c2ff4
On a device where we can't BLKSECDISCARD sectors, we "overwrite" them
with zeroes. This changes the FTL to remap those sectors to new
locations. With this done, the old contents are accessible only given
a compromise of flash firmware or a die level attack.
Bug: 26021231
Change-Id: Ia065921389886fac1ba456c19c138187237c2561
Much nicer C++ style logging, but the main reason is to clean up
AutoCloseFD.h so I don't have to use cutils to use it.
Change-Id: I7a7f227508418046eecce6c89f813bd8854f448a