Skip to content

GitLab

Switch branch/tag
  1. 01 Sep, 2011 1 commit
    • Ken Sumrall's avatar
      Add the ability to revert a crypto mapping when unmounting a volume · 0b8b5971
      Ken Sumrall authored 
      Add the force_and_revert option to the unmount command which will force
the unmount, and revert a crypto mapping.  This is used during factory
reset so that when the internal sdcard volume is formatted, it formats
the raw device, not the encrypted mapping.

Change-Id: I36b6ff9bb54863b121de635472a303bf4a2334a9
      0b8b5971
  3. 27 Jun, 2011 1 commit
  5. 07 Jun, 2011 1 commit
  7. 01 Feb, 2011 1 commit
    • Ken Sumrall's avatar
      Improve detection of incomplete encryption · 7f7dbaa2
      Ken Sumrall authored 
      Bug 3384231 is punted to MR1, but the code to set the flag is already
in the tree, so this CL does 3 things:

1.  Comments out the lines that set the flag
2.  Removes the change to the checkpw that was added in the last change.
3.  Implements a new command to check the flag (which no one is calling
    yet and the flag won't be set anyhow).

When MR1 comes, it will be a simple matter to enable the flag setting
code and start testing it.

The fear is a false positive detection of incomplete encryption could
cause people to be prompted to wipe their data when MR1 comes out and
the flag is checked.  Not setting this for first release, and testing
this more before MR1, will give us confidence that the code will not
detect false positives of encryption failure.

Change-Id: I6dfba11646e291fe5867e8375b71a53c815f3968
      7f7dbaa2
  9. 28 Jan, 2011 1 commit
    • Jason parks's avatar
      Change cryptfs changepw to only require a new password. · 70a4b3fd
      Jason parks authored 
      The master key is now stored unhashed in memory. This
is needed because certain operation like remote reseting
of passwords the old password is not avaliable.
The changepw interface has been changed to only take
the new password as the only argument. When this is
called we reencrypt the master key with the new password
and old salt.

Bug: 3382129
Change-Id: I9a596b89013194605d6d7790067691aa0dc75e72
      70a4b3fd
  11. 22 Jan, 2011 1 commit
    • Jason parks's avatar
      Always return success if the command was run. · ab593e8e
      Jason parks authored 
      The caller will check the result code for success. This prevents a exception from being thrown when the result code needs to be propagated to the caller.

Change-Id: I471e8d6eb6f339c6f4e40f47adf60d20f6a70974
      ab593e8e
  13. 21 Jan, 2011 1 commit
    • Jason parks's avatar
      Always return success if the command was run. · 0167cb15
      Jason parks authored 
      The caller will check the result code for success. This prevents a exception from being thrown when the result code needs to be propagated to the caller.

Change-Id: I471e8d6eb6f339c6f4e40f47adf60d20f6a70974
      0167cb15
  15. 18 Jan, 2011 1 commit
  17. 17 Jan, 2011 1 commit
    • Ken Sumrall's avatar
      Updates to cryptfs framework. · 8ddbe40a
      Ken Sumrall authored 
      Update the enable inplace API to allow the UI to show a progress bar.
Add new command changepw (whichis currently not working)
Internal restructuring of code to support these two features.
Some minor cleanup of the code as well.

Change-Id: I11461fc9ce66965bea6cd0b6bb2ff48bcf607b97
      8ddbe40a
  19. 14 Jan, 2011 1 commit
    • Ken Sumrall's avatar
      Change the cryptfs command to separate out checking the password and restarting · 6864b7ec
      Ken Sumrall authored 
      In order to make the animations and the UI look right, we need to change
the cryptfs checkpw command to return a status if the password was
correct or not, and not have it automatically restart if it's correct.

There is a new command restart that will restart the framework with the
encrypted filesystem.

Change-Id: Ia8ae00d7ed8667699aa58d05ad8ba953cca9316e
      6864b7ec
  21. 19 Dec, 2010 1 commit
    • Ken Sumrall's avatar
      Support for encrypting /data on Stingray. · 8f869aa1
      Ken Sumrall authored 
      There are still a few hacks and performance issues related
to shutting down the framework in this code, but it is
functional and tested.  Without the UI changes, it requires
cryptic adb shell commands to enable, which I shall not
utter here.

Change-Id: I0b8f90afd707e17fbdb0373d156236946633cf8b
      8f869aa1
  23. 16 Nov, 2010 1 commit
  25. 15 Jul, 2010 1 commit
    • Kenny Root's avatar
      Additional Obb functionality · 508c0e16
      Kenny Root authored 
      * Rename all functions dealing with OBB files to mention Obb

* Add 'path' and 'list' functionality to OBB commands

* Store hashed filename in loop's lo_crypt_name and keep lo_file_name
  for the real source filename. That way we can recover it later with an
  ioctl call.

Change-Id: I29e468265988bfb931d981532d86d7be7b3adfc8
      508c0e16
  27. 07 Jul, 2010 1 commit
    • Kenny Root's avatar
      Add image mounting commands for OBB files · fb7c4d5a
      Kenny Root authored 
      Allow the mounting of OBB filesystem images if they're encrypted with
twofish and in FAT filesystem format.

Change-Id: I54804e598f46b1f3a784ffe517ebd9d7626de7aa
      fb7c4d5a
  29. 25 Mar, 2010 1 commit
  31. 23 Mar, 2010 1 commit
  33. 17 Mar, 2010 1 commit
  35. 14 Mar, 2010 2 commits
    • San Mehat's avatar
      vold: Fix argument validation for volume commands · 57df7bf3
      San Mehat authored 
      
Change-Id: I74aa63ff9f9bc32bd871e6c53ab50b6baf79e650
Signed-off-by: default avatarSan Mehat <san@google.com>
      57df7bf3
    • San Mehat's avatar
      vold: Bugfixes & cleanups · d9a4e358
      San Mehat authored 
      
  - Fix issue where container-names > 64 bytes were getting truncated in the
    kernel. lo_name is only 64 bytes in length, so we now hash the container
    id via md5
  - Add 'dump' command to dump loop and devicemapper status
  - Add 'debug' command to enable more detailed logging at runtime
  - Log vold IPC arguments (minus encryption keys)
  - Fix premature return from Loop::lookupActive() and friends

Change-Id: I0e833261a445ce9dc1a8187e5501d27daba1ca76
Signed-off-by: default avatarSan Mehat <san@google.com>
      d9a4e358
  37. 02 Mar, 2010 1 commit
  39. 20 Feb, 2010 1 commit
    • San Mehat's avatar
      vold: Stage the mounting of media to hide the ASEC imagefile directory · 3bb6020e
      San Mehat authored 
      
  In order to protect the '/android_secure' directory on VFAT removable media
from being mucked with by 3rd party applications on the device, we hide the
directory with a read-only, zero-sized tmpfs mounted on-top. A reference to the
hidden directory is kept by a bind-mount which is mounted at a location which
only root can access.

Staging consists of:
  1. Mount checked media at a secure location (/mnt/secure/staging)
  2. Ensure /android_secure exists on the media, (creating if it doesnt)
  3. Bind-mount /mnt/secure/staging/android_secure -> /mnt/secure/asec
     (where only root can access it)
  4. Mount an RDONLY zero-sized tmpfs over /mnt/secure/staging/android_secure
  5. Atomically move /mnt/secure/staging to the publicly accessable storage
     directory (/mnt/sdcard)
Signed-off-by: default avatarSan Mehat <san@google.com>
      3bb6020e
  41. 18 Feb, 2010 2 commits
  43. 17 Feb, 2010 1 commit
  45. 04 Feb, 2010 1 commit
    • San Mehat's avatar
      vold: Fix a few bugs · b9aed74b
      San Mehat authored 
      
 - share command was taking wrong arguments
 - shared command was returning two termination codes
 - Force FAT32 cluster size to 4k when formatting
Signed-off-by: default avatarSan Mehat <san@google.com>
      b9aed74b
  47. 03 Feb, 2010 1 commit
  49. 02 Feb, 2010 1 commit
  51. 23 Jan, 2010 1 commit
  53. 18 Jan, 2010 1 commit
  55. 11 Jan, 2010 3 commits
  57. 06 Jan, 2010 1 commit
  59. 19 Dec, 2009 1 commit
  61. 12 Oct, 2009 1 commit
  63. 11 Oct, 2009 1 commit