e2fsck and fsck.f2fs must run in the fsck domain. Add call to
setexeccon() to tell selinux to run in the fsck domain on exec.
Addresses:
avc: denied { execute_no_trans } for path="/system/bin/e2fsck" dev="mmcblk0p41" ino=241 scontext=u:r:vold:s0 tcontext=u:object_r:fsck_exec:s0 tclass=file
Bug: 26872236
Change-Id: Ib2a583aeefc667f8aa67532e0ac0ff9619b65461
Mainly a refactor, but with a substantive change: Keys are created in
a temporary location, then moved to their final destination, for
atomicity.
Bug: 26704408
Change-Id: I0b2dc70d6bfa1f8a65536dd05b73c4b36a4699cf
Our code for creating disk encryption keys doesn't work everywhere,
and it doesn't need to; only on platforms that support FBE. Don't
create them elsewhere.
Bug: 26842807
Change-Id: I686d0ffd7cb3adbddfce661c22ce18f66acb1aba
The key storage module didn't comply with Android coding standards
and had room for improvemnet in a few other ways, so have cleaned up.
Change-Id: I260ccff316423169cf887e538113b5ea400892f2
Instead of writing raw keys, encrypt the keys with keymaster. This
paves the way to protecting them with auth tokens and passwords later.
In addition, fold in the hash of a 16k file into their encryption, to
ensure secure deletion works properly.
Now even C++ier!
Bug: 22502684
Bug: 22950892
Change-Id: If70f139e342373533c42d5a298444b8438428322
As a precaution, we do the work of emulating an unlock even on devices
that aren't emulating FBE. However, we don't care if it fails, so
don't fail the calling command in that instance.
Bug: 26713622
Change-Id: I8c5fb4b9a130335ecbb9b8ea6367f1c59835c0f1
Major rework and refactor of FBE code to load the keys at the right
time and in a natural way. The old code was aimed at our goals for M,
with patches on top, and didn't quite work.
Bug: 22358539
Change-Id: I9bf7a0a86ee3f2abf0edbd5966f93efac2474c2c
am: 9b5db9bcbe
* commit '9b5db9bcbe333b677ca18d2c1c398c8751cd0fd2':
cryptfs: Skip to encrtypt unused blocks into a block group which uninitialize block bitmap .
Much nicer C++ style logging, but the main reason is to clean up
AutoCloseFD.h so I don't have to use cutils to use it.
Change-Id: I7a7f227508418046eecce6c89f813bd8854f448a
am: 1ae498e0d4
* commit '1ae498e0d4524aef6de2f1e3b639697ac24b29b2':
cryptfs: Skip to encrtypt unused blocks into a block group which uninitialize block bitmap .
After DocumentsProvider opens FD on app fuse, DocumentProvider passes it
to other applications. To allow other applications to use the FD on app
fuse, we need to specify allow_other mount option.
BUG=25756419
Change-Id: I3c729f90e5b822a7b1032bf80726cc234c0936b1
If storage is not visible to apps and no need to spin up FUSE, it also
should not make FUSE mount point directory.
Change-Id: I6ecd2e5bf56b5dcf0e11834880256b156a62a9a0
Signed-off-by: Qin Chao <chao.qin@intel.com>
Add the serial parameter to prepare_user_storage to avoid
confusion when parsing parameters and passing them around.
Change-Id: Id5516c248401ad50585aa8f6e8b1545a6cded549
When FBE emulation is enabled, lock/unlock the media directories that
store emulated SD card contents.
Change unlocking logic to always chmod directories back to known
state so that we can recover devices that have disabled FBE
emulation.
Bug: 26010607, 26027473
Change-Id: I6d4bff25d8ad7b948679290106f585f777f7a249
