This will be used for system internals to access
secondary volumes without having to bypass sdcardfs.
Bug: 121277410
Test: manual
Exempt-From-Owner-Approval: Got approval on internal master
Change-Id: I9b3e33f6c6e426e83469b8030b02d59c02183946
Backup system service bookkeeping is being moved to per-user CE
directories to support multiple users participating in the service.
Accompanies SELinux changes at aosp/873133
Bug: 121197420
Test: 1) Boot device; check dirs created with correct label; run backup
successfully on system user
2) Create secondary user; check dirs created with correct label; run
backup successfully
Change-Id: I3a0fdbfcf18a3c242fc64fba0dd014160b50b2f0
Add a utility method to unmount all mountpoints
that start with a prefix.
Bug: 122905493
Test: manual
Change-Id: I11739e40e7849c1b4ca9e0b90c5c3f243691257a
These directories are managed by installd and used to store
snapshots of application data directories in order to roll them
back in the case of bad updates.
Bug: 112431924
Test: make, device boot & manual verification.
Change-Id: Ieaca697a45d013937327e0f16f36b9b1eaad6b22
We add the property ro.crypto.fde_sector_size to allow devices
to pass the "sector_size:<size>" argument to dm-crypt in the kernel.
We also pass "iv_large_sectors" when setting the sector size.
Using 4096-byte sectors rather than the default of 512 improves
dm-crypt performance, especially when the Adiantum encryption mode
is used.
Bug: 112010205
Test: Run on a device
Change-Id: I144ec7088a0aad3430369dc7158370d7ff3ef5d2
Merged-In: I144ec7088a0aad3430369dc7158370d7ff3ef5d2
(cherry picked from commit 88738e8b6f59e307a2120d352843759025588539)
Adiantum is a crypto method Android is supporting for devices
which don't have AES CPU instructions. See the paper
"Adiantum: length-preserving encryption for entry-level processors"
(https://eprint.iacr.org/2018/720.pdf) for more details.
We add Adiantum to our list of supported crypto types.
Bug: 112010205
Test: Tested on a device
Change-Id: Ic190a9b90fc8bc077fdc7d60c9d5ae8d8f555025
Merged-In: Ic190a9b90fc8bc077fdc7d60c9d5ae8d8f555025
(cherry picked from commit 18824ec6cc9cd0f16530de2e034a7fe5b8fd17be)
We do not know what happened if remove dm-crypt device is failed, so
the error status added is useful to debug failed ioctl.
Change-Id: I49be91b9087ef2a213a706dd6b2a07eb6dafe6e6
Signed-off-by: Yue Hu <zbestahu@gmail.com>
* changes:
EncryptInplace: Rename variable
Checkpoint: Assure proper buffer alignment
vold: Pass std::string by const reference
vold: const-ify some of the API
We rename our 'buf' in the inner scope to avoid confusion with
the 'buf' in the outer scope which is used immediately after
exiting the inner scope.
Test: TreeHugger
Change-Id: I1c50546e86c680e963eedcbda26138f8b43e55e9
We have a char buffer on the stack, which we then cast to a
struct, and then proceed to access elements in the struct.
This is not safe across all platforms, as some platforms
may require a certain alignment for members of the struct.
We fix this by assuring an appropriate alignment for our
char buffer.
We also use C++ casting, and rename our buffer to differenciate
it from the other 'buffer' variable in this function.
Test: TreeHugger
Change-Id: I8254cb6b8124e394bd805afd1ccca0faedb27ffa
We make some of the C++ member functions 'const', to reflect how
they (don't) affect the state of the class.
Test: TreeHugger
Change-Id: Iec1c2801bfe721e2741406ed1ac0ef95662840a6
Merged-In: Iec1c2801bfe721e2741406ed1ac0ef95662840a6
This adds the ability to upgrade a key and retain the
old one for rollback purposes. We delete the old key
if we boot successfully and delete the new key if we
do not.
Test: Enable checkpointing and test rolling back
between two versions
Bug: 111020314
Change-Id: I19f31a1ac06a811c0644fc956e61b5ca84e7241a
We set a property when we commit a chackpoint to signal
to anyone who wants to do post commit cleanup.
Test: Boot to homescreen and check getprop for vold.checkpoint_committed
Bug: 111020314
Change-Id: Idf35e3abf9d24eb40c6926a30a8403064c05e10a
We add the property ro.crypto.fde_sector_size to allow devices
to pass the "sector_size:<size>" argument to dm-crypt in the kernel.
We also pass "iv_large_sectors" when setting the sector size.
Using 4096-byte sectors rather than the default of 512 improves
dm-crypt performance, especially when the Adiantum encryption mode
is used.
Bug: 112010205
Test: Run on a device
Change-Id: I144ec7088a0aad3430369dc7158370d7ff3ef5d2
Adiantum is a crypto method Android is supporting for devices
which don't have AES CPU instructions. See the paper
"Adiantum: length-preserving encryption for entry-level processors"
(https://eprint.iacr.org/2018/720.pdf) for more details.
We add Adiantum to our list of supported crypto types.
Bug: 112010205
Test: Tested on a device
Change-Id: Ic190a9b90fc8bc077fdc7d60c9d5ae8d8f555025
