GitLab

Add maybeenabledefaultencryption function, that encrypts based
on the encryption flag and appropriate environment variable

Bug: 18764230
Change-Id: Id9a1967d09a7ae63a51240c0a5f3c41505af0e9a

Requires framework change:
  https://googleplex-android-review.git.corp.google.com/#/c/585511/

Bug: 18260068
Change-Id: I95d3bb39404ede7128b8f5d61ce2423a5f09a9b8

Use BOOTTIME consistently!

Bug: 18246810
Change-Id: I630bf39f72ab69f971d2f772e8d4545ffe467b82

encrypt-and-wipe was broken when checks were added that encryption succeeded
which assumed a 'normal' full encrypt traversing the device.

encrypt-and-wipe doesn't traverse, it just lays down a file system over
the encrypted device, so in this mode do not check the amount encrypted -
it will always be 0.

Bug: 18511900
Change-Id: Icb1d7e0cdb67abd2eac0ab3cbfc1a88912768f9d

Devices already encrypted with aes-cbc-essiv:sha256 will continue to be
decrypted in software, until a factory data reset.  New devices that
implement CONFIG_HW_DISK_ENCRYPTION will switch to aes-xts.

b/17475056 Enable hardware crypto for userdata encryption

Change-Id: I62d1583bdaf7ff06b87e386e758fa3b18c719bca
Signed-off-by: Iliyan Malchev <malchev@google.com>

Currently Android provides disk encryption support using dm-crypt
which is based on bios. dm-crypt uses 512 bytes packet size for
crypto operations. While 512 bytes size packet is ok for SW based
disk encryption, it is inefficient for HW based crypto engines.
dm-req-crypt is similar to dm-crypt except it uses block requests
rathe bios for crypto operations. block requests when unpacked
carries data upto 512KB. Hence, HW based crypto engine can be used
more efficiently.

Also move create disk encryption key before framework start as
HW based disk encryption creates key in secure side. Key creation
can take sometime to create the key securely. If framework is
started before creating the key, it is possible that framework
requests service from secure side. Secure side can serve mostly one
request at a time. Secure side may reject framework request if key
creation request is still going on. This may cause problem in the
system

b/17475056 Enable hardware crypto for userdata encryption

Change-Id: I5480ab72a37c02532218a18faaba598a824589fd
Signed-off-by: Iliyan Malchev <malchev@google.com>

vold should only use hardware keymaster implementations to protect the
disk encryption key, because there's little value in using the software
implementation.  More importantly, if we allow vold to use softkeymaster
in the absence of a HW keymaster and (somehow) a HW keymaster is added
to a device, the HW version will be loaded, and will be unable to use
the softkeymaster key found in the crypto footer, forcing a factory
reset.

This CL will not break devices without HW keymaster, because
softkeymaster currently reports its keys as non-standalone (which isn't
correct).  After this CL is in, I will fix softkeymaster.

Bug: 17362157
Change-Id: I98b169e7a59ff7d44b72069b87743463ec823ea2

Store long field values in multiple underlying fixed-length entries
and concatenate them together when reading back.

Bug: 17556485
Change-Id: I2f8033d18c208993fa1b010712be0dad5d8b646b

* commit '512f0d52':
  cryptfs: [HACK] reboot if the crypto block dev failed to open

This change was already in lmp-mr1-dev

There are cases where the /dev/block/dm-0 fails to open.
This leads to the device not completing the boot up sequence.
Currently, the only way out is to reboot.

Bug: 17898962
Change-Id: If4583ebb1ef1ebdbaf680d69b876459aaec2f4ce
(cherry picked from commit 7fc1de8a)

There are cases where the /dev/block/dm-0 fails to open.
This leads to the device not completing the boot up sequence.
Currently, the only way out is to reboot.

Bug: 17898962
Change-Id: If4583ebb1ef1ebdbaf680d69b876459aaec2f4ce

Some times the /dev/block/dm-0 fails to open after it has been setup.
Log why.

Bug: 17576594
Bug: 17942270
Change-Id: If0bbfe22d84137f2029bacb10873832038f0d36c

Some times the /dev/block/dm-0 fails to open after it has been setup.
Log why.

Bug: 17576594
Bug: 17942270
Change-Id: If0bbfe22d84137f2029bacb10873832038f0d36c

scrypt pads the password with zeros. Our patterns use 0 to represent
the top left dot. So patterns that end there are equivalent to ones
that end one short.

After much thought, the best solution is to change the way we
represent patterns in keyguard. This, however, is a big change.

The short term solution is to change the pattern representation in vold
so that we are storing the correct thing. Later we will change keyguard
to handle patterns correctly and remove quite a few hacks from vold
(use of hex, this code). b/17840293 created to track this.

Bug: 17751714
Change-Id: I30cdffb0f0db406d2e2b6c54d4153d120d975318

Bug: 17866359
Change-Id: I1af2ff1ac4f5243afba0cfa2f2d3a1d0b029091b

cryptfs will fail to remount /data at boot if any processes (e.g.
dex2oat) have files open on the tmpfs /data partition.  Since these
files are about to be destroyed anyway, just kill the offending
processes: first with SIGHUP and finally with SIGKILL.

Also remove a stray i++ that effectively cut the number of retries in
half.

Bug: 17576594

Change-Id: I76fb90ce2e52846ffb9de706e52b7bde98b4186a
Signed-off-by: Greg Hackmann <ghackmann@google.com>

Otherwise we get strange results when the time changes. Worst
effect is that the encryption takes a lot longer since we are
calling the logging code far more frequently.

Bug: 17625981
Change-Id: Ice29f28b3720e9e4a1ea28e45eeab574d1959ec1

Bug: 17576594

Change-Id: I7320aa597210896b4db6e663e1b2cb0c24d96557
Signed-off-by: Greg Hackmann <ghackmann@google.com>

Change-Id: I88ae719cdae490433390d624f75612a9f4f96677

Cryptfs : Enabling support for allow_discards in dmcrypt.
Cryptfs : Password matches
Cryptfs : test_mount_encrypted_fs(): Master key saved
TrustyKeymaster: Creating device
TrustyKeymaster: Device address: 0x7f8f416100
Cryptfs : keymaster version is 3
Cryptfs : Just asked init to shut down class main
ServiceManager: service 'drm.drmManager' died
ServiceManager: service 'media.audio_flinger' died
ServiceManager: service 'media.player' died
ServiceManager: service 'media.camera' died
ServiceManager: service 'android.security.keystore' died
Cryptfs : unmounting /data failed

Bug: 17576594

This will help us track down who requested a data wipe.

Bug: 17412160
Change-Id: I5ab39a4de03c973ed151d703d6462a172ee043fd

Bug: 17572886
Change-Id: I91302ccc284e0f908299852650db5bf645f2ff71

This is a hack because we don't know why mount() reports busy.

Requires dependent change in syste/core:
  https://googleplex-android-review.git.corp.google.com/#/c/543125/

Bug: 17358530

Change-Id: I8d3078bc68f8c450adce2c3a4101b6a958f1c4a0

This is a deliberately minimalistic change. There is another
defect to remove all this code - removing some of it will (IMO)
simply confuse the issue.

Bug: 16868177
Bug: 17180951
Change-Id: I57d7a4fb3a881d62eb73419cd639a6e3ca567f91

to ensure the padded message is never larger than the RSA public
modulus.

Bug: 17358530

Change-Id: I4dc488399c4ecfa2d24cacb839a9087e65475947

Bug: 17358530
Change-Id: I95207b62131224a2ed7ae3b75621a09acd69ea79

Correct implementations of keymaster should reject using an n-bit
RSA key to sign less than n bits of data, because we specify that
keymaster should not perform padding.

Change-Id: Ibdff1bbfbee84fd5bdbfb3149a124dbbaa7827fc

Previously this would fail if the framework wasn't stopped. The failure
would then stop full disk encryption. The fact that the unmount worked,
however, would then stop the second attempt from achieving anything.

Fix in line with current retry philosophy

We still need to figure out why Devmapper::destroy() fails at first.

Bug: 17301843
Change-Id: I405a36c832ccdebf2d904bef77f15eea174a6bfb

Note that this also changes the boot sequence, and moves the test for corrupted
data to cryptfs_restart_internal.

Bug: 17213613
Change-Id: I0f86e8fe3d482e2d1373bd0f4d0d861e63ad8904

In field reports, sometimes the remaining time gets stuck for many
minutes. This has to be caused by a spurious low reading early on which
cannot be overridded because of old logic.

Solution: allow time to increase but only by large amounts (avoid time
jittering up and down).

Bug: 16973374
Change-Id: I49d23ae8c54ded416cbedf383a3c03b33dc02e1c

Resize is no-op when sector count is unchanged; the caller can't
anticipate how vold does its sector calculations.

After resizing, we need to mount the container read-write, so allow
the caller to request "ro" or "rw" mode.

Handle ENOTSUP when trying to fallocate() on some filesystems

Bug: 16514385
Change-Id: I0d3a378280d4c36d14f8108ff428102283d583fa

Instead trigger normal default encryption mount

Requires matching change to system/core: https://googleplex-android-review.git.corp.google.com/#/c/527286/

Bug: 17041092

Change-Id: Ifcf023386e08325db7dce61395fbb056f7d9815b

This reverts commit a70abc60.

Change-Id: Ic41d1924638586cf9b2297f91ed5417f3b0303c6