Skip to content

GitLab

Switch branch/tag
  1. 12 Apr, 2015 1 commit
    • Jeff Sharkey's avatar
      Emulated volumes above private volumes. · 3161fb37
      Jeff Sharkey authored 
      When a private volume is mounted, create an emulated volume above it
hosted at the /media path on that device.  That emulated volume is
automatically torn down when unmounting the private volume.

Add "removed" state for volume, which signals to framework that
media has left the building, send when the volume is destroyed.

Bug: 19993667
Change-Id: I1f82b51de578ac5cfcc5d7b9a6fb44f6f25c775c
      3161fb37
  3. 11 Apr, 2015 1 commit
    • Jeff Sharkey's avatar
      Exclusive exec() path, format after partition. · ce6a913a
      Jeff Sharkey authored 
      Sadly setexeccon() is process global, so we need to carefully ensure
that all exec() are mutually exclusive to avoid transitioning into
unwanted domains.  Also, because we have several threads floating
around, we need to guard all our FDs with O_CLOEXEC.

Format all newly created volumes immediately after partitioning,
but silence all events emitted from those volumes to prevent the
framework from getting all excited.  Unify all notify events under a
single codepath to make them easy to silence.

Sent SIGINT before escalating to SIGTERM when unmounting.

Bug: 19993667
Change-Id: Idc6c806afc7919a004a93e2240b42884f6b52d6b
      ce6a913a
  5. 07 Apr, 2015 1 commit
    • Jeff Sharkey's avatar
      Updates for expanded storage. · f0121c57
      Jeff Sharkey authored 
      Mount private volumes at /mnt/expand, which is where we have new
SELinux policy waiting for us.  Also ensure that foundational
directories are ready when mounting.

Create local fs_prepare_dir() wrapper that sets SELinux context
based on path, avoiding the need for a later restorecon.

Use UUID as directory name for public volumes.  Wait a few seconds
before issuing first signal when force unmounting.

Bug: 19993667
Change-Id: If22595380faaae321705b06c87d877419620da48
      f0121c57
  7. 01 Apr, 2015 1 commit
    • Jeff Sharkey's avatar
      Support for private (adopted) volumes. · 9c48498f
      Jeff Sharkey authored 
      This adds support for private volumes which is just a filesystem
wrapped in a dm-crypt layer.  For now we're using the exact same
configuration as internal encryption (aes-cbc-essiv:sha256), but we
don't store any key material on the removable media.  Instead, we
store the key on internal storage, and use the GPT partition GUID
to identify which key should be used.

This means that private external storage is effectively as secure as
the internal storage of the device.  That is, if the internal storage
is encrypted, then our external storage key is also encrypted.

When partitioning disks, we now support a "private" mode which has
a PrivateVolume partition, and a currently unused 16MB metadata
partition reserved for future use.  It also supports a "mixed" mode
which creates both a PublicVolume and PrivateVolume on the same
disk.  Mixed mode is currently experimental.

For now, just add ext4 support to PrivateVolume; we'll look at f2fs
in a future change.  Add VolumeBase lifecycle for setting up crypto
mappings, and extract blkid logic into shared method.  Sprinkle some
more "static" around the cryptfs code to improve invariants.

Bug: 19993667
Change-Id: Ibd1df6250735b706959a1eb9d9f7219ea85912a0
      9c48498f