GitLab

Change-Id: I31f5cd6fb4ff55d7cfe213f66955e3dbcbdff101

The libcrypto and libssl modules (and their respective static and host
versions) use LOCAL_EXPORT_C_INCLUDE_DIRS thus just including the module
is sufficient.

Additionally, cryptfs.h was including an OpenSSL header just to get the
length of a SHA-256 hash. Rather than force all users of this header to
also depend on libcrypto, it's easier just to define that value in the
header file.

Change-Id: I3e3e0db906a212e1093944b298e4a8ff2e2fb07d

Bug: 18887435
Change-Id: Ibcb446fac954d9c42ebdfc4b684e6f3503337ab4

Change-Id: I53611cf8373daf638b0cc45b7b3d17e4d3e7247e

Since the dm_ioctl struct was being allocated on the stack as a large
character array, it was getting character alignment rather than the
proper alignment for the struct. GCC had been getting away with this
so far, but it's undefined behavior that clang managed to expose.

Bug: 18736778
Change-Id: Ied275dfad7fcc41d712b2d02c8a185f499221f57

-Wno-missing-field-initializers is used as well, but that is an
overzealous warning from initializing structs with {0} and not a
real warning.

bug 18736778 and 16868177

Change-Id: Iffde89cd7200d9a11193e1614f1819f9fcace30a

It looks like clang might have a miscompile that is causing SIGBUS in
`ioctl_init` when the device is encrypted. Move back to GCC until we
can sort this out.

Bug: 18736778
Change-Id: I21ae3b9d7d9ebff8679ecc1a828b7c59f27d0903

* commit '36859212':
  Move vold to libc++.

* commit '460a93a6':
  Move vold to clang so ASAN_ALL works.

Bug: 15193147
Change-Id: Ib868f1ed8145ca5cbfdb4cd60ed0c47a6182ac62

ASAN_ALL uses ASAN for anything built with clang. Since some of vold's
dependencies use clang, they will have unresolved ASAN symbols unless
vold is also built with clang. There's no harm in just moving this
project to clang.

Change-Id: Ia6f412beb7bf092121bff2a5a980531636adcdb9

* commit 'ab083da0':
  Set SELinux contexts on device nodes created by vold.

automerge: 512f0d52

* commit '512f0d52':
  cryptfs: [HACK] reboot if the crypto block dev failed to open

* commit '7776871d':
  cryptfs: extra debugging around crypto blockdev dm-... errors.

There are cases where the /dev/block/dm-0 fails to open.
This leads to the device not completing the boot up sequence.
Currently, the only way out is to reboot.

Bug: 17898962
Change-Id: If4583ebb1ef1ebdbaf680d69b876459aaec2f4ce
(cherry picked from commit 7fc1de8a)

Some times the /dev/block/dm-0 fails to open after it has been setup.
Log why.

Bug: 17576594
Bug: 17942270
Change-Id: If0bbfe22d84137f2029bacb10873832038f0d36c

* commit 'fc615041':
  Remove possibility of zero chars from passwords

scrypt pads the password with zeros. Our patterns use 0 to represent
the top left dot. So patterns that end there are equivalent to ones
that end one short.

After much thought, the best solution is to change the way we
represent patterns in keyguard. This, however, is a big change.

The short term solution is to change the pattern representation in vold
so that we are storing the correct thing. Later we will change keyguard
to handle patterns correctly and remove quite a few hacks from vold
(use of hex, this code). b/17840293 created to track this.

Bug: 17751714
Change-Id: I30cdffb0f0db406d2e2b6c54d4153d120d975318

* commit '7639a6ab':
  Reset failed decryption count on successful decryptions

Bug: 17866359
Change-Id: I1af2ff1ac4f5243afba0cfa2f2d3a1d0b029091b

* commit '6e8440fd':
  cryptfs: kill processes with open files on tmpfs /data

cryptfs will fail to remount /data at boot if any processes (e.g.
dex2oat) have files open on the tmpfs /data partition.  Since these
files are about to be destroyed anyway, just kill the offending
processes: first with SIGHUP and finally with SIGKILL.

Also remove a stray i++ that effectively cut the number of retries in
half.

Bug: 17576594

Change-Id: I76fb90ce2e52846ffb9de706e52b7bde98b4186a
Signed-off-by: Greg Hackmann <ghackmann@google.com>

Extend vold to look up and set SELinux contexts on the
device nodes it creates for extra loop devices and for volumes.
Prior to this change, these device nodes simply inherited the type
of their parent directory /dev/block, i.e. block_device, and vold
therefore required create_file perms to block_device:blk_file.
With this change we can scope vold down to accessing specific
block device types.

This depends on change Id3bea28f5958086716cd3db055bea309b3b5fa5a
to allow vold to use setfscreatecon().

Change-Id: Ib9e8294abb1da94d92503947603ec12e802ff08c
Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>

* commit '9c58a871':
  Use monotonic clock for cryptfs progress

Otherwise we get strange results when the time changes. Worst
effect is that the encryption takes a lot longer since we are
calling the logging code far more frequently.

Bug: 17625981
Change-Id: Ice29f28b3720e9e4a1ea28e45eeab574d1959ec1

* commit '3574b085':
  cryptfs: log umount() failure reason

* commit '46a3a79a':
  print information about opened files when failed unmount

* commit 'dd1a8040':
  Include reason when wiping data.