GitLab

* commit '137858b4':
  Avoid array overrun. We can now mount the /sdcard partition on our boot sdcards

Change-Id: I108a0c32efb5add1fec41bfe76f041971801d48d

* commit '2c9d8de7':
  Prevent buffer overflows.

To eliminate possible buffer overflows some strcpy,
sprintf and strcat have been changed to strlcpy,
snprintf and strlcat.

Change-Id: Ieb9d4b600c894946a6492f8629ff39f2fcc106d3
Signed-off-by: Oskar Andero <oskar.andero@sonyericsson.com>

Orig-Change-Id: I6e9db8c55db49b4aa61dd40cd59495f55e5b3368
Signed-off-by: Bruce Beare <brucex.j.beare@intel.com>

* commit 'b20d54b2':
  fix double closing file descriptors

Change-Id: I243628b77a0b7b138785167ccb5520e1a9374a78

* commit '4e00f1fa':
  DO NOT MERGE Only create android_secure mountpoint on the primary external storage volume.
  DO NOT MERGE Mount secondary external storage writable by AID_MEDIA_RW rather than AID_SDCARD_RW

am 745ddcb2: DO NOT MERGE Only create android_secure mountpoint on the primary external storage volume.

* commit '745ddcb2':
  DO NOT MERGE Only create android_secure mountpoint on the primary external storage volume.

am f4cd1c6b: DO NOT MERGE Mount secondary external storage writable by AID_MEDIA_RW rather than AID_SDCARD_RW

* commit 'f4cd1c6b':
  DO NOT MERGE Mount secondary external storage writable by AID_MEDIA_RW rather than AID_SDCARD_RW

Change-Id: If2532ce8ca7d584f2442d830450313198234bd23
Signed-off-by: Mike Lockwood <lockwood@android.com>

Change-Id: Id9a6fa6705cf97b94d419e85b5d74413e79fc748
Signed-off-by: Mike Lockwood <lockwood@android.com>

Change-Id: If21d134e7d8333b8214603a2d43a3153ab8760cc
Signed-off-by: Mike Lockwood <lockwood@android.com>

Change-Id: Id65f76eacaec1787aa557f96447c5bc19b7b127f
Signed-off-by: Mike Lockwood <lockwood@android.com>

am 9cb6e501: Ignore change "Set SO_PASSCRED on the uevent socket." in favor of change in internal tree.

* commit '9cb6e501':
  Set SO_PASSCRED on the uevent socket. (needed for change I393c21da)

in internal tree.

Change-Id: Ibdf7cf1e1d0ba177d9de813baa6481ddd31d5d9c

Change-Id: I09a8a6d7c654869a40339adce181e6b981f10369

* commit '77992e71':
  vold: Enable the SO_PASSCRED socket option

Ensure that sender credentials are available when we
receive a netlink message.

This is a manual cherry-pick of
c51920c8

Change-Id: I98aff8733449617d35d20bff2fe77e9d3f22f57e

* commit 'b9aa1459':
  vold: Enable the SO_PASSCRED socket option

* commit 'c51920c8':
  vold: Enable the SO_PASSCRED socket option

Ensure that sender credentials are available when we
receive a netlink message.

Change-Id: I48411205a8fbc1ebd29834f64028662d80f15995

* commit 'aecf0e2a':
  add bounds checking for mPartMinors[]

* commit 'f3d3ce5e':
  add bounds checking for mPartMinors[]

Change-Id: I6d5b26756c8434d6396f3535252608ce61eabfd8

Fix for bug 3415286.  Trigger an action in init.rc to load the persistent
properties after /data has been decrypted and mounted.

Change-Id: I5fe3b481bcc6963113e830728c204b22ffc3b722

The new android_reboot() function is a nicer way to reboot.
It can optionally sync(2) and remount as read-only writable
filesystems.  This fixes bug 3350709.

Change-Id: I4618bd5e8cccdce08494a7ca3f40ef72b2875e68

Need to detect if the encryption process didn't finish successfully, and if
so, provide a way for the UI to detect that and give the user an option to
wipe the system clean.  Otherwise, the user is stuck in a reboot loop, and
they will need to do magic button presses to enter recovery and wipe the
device to get out of it.

Change-Id: I58253e1e523ee42bdd1a59aa7d8a9d20071bd18b

* commit '18ed5640':
  Use LOOP_GET_STATUS64 for checking loop devices

* commit '7f7dbaa2':
  Improve detection of incomplete encryption

To determine whether a loop device was available, we use an ioctl call
to LOOP_GET_STATUS, but this fails on devices with large storage
partitions with errno = EOVERFLOW. Instead use LOOP_GET_STATUS64 which
succeeds.

Bug: 3412121
Change-Id: Ica3cb48885d3555f2d27073c00e31fc51a08c730

Bug 3384231 is punted to MR1, but the code to set the flag is already
in the tree, so this CL does 3 things:

1.  Comments out the lines that set the flag
2.  Removes the change to the checkpw that was added in the last change.
3.  Implements a new command to check the flag (which no one is calling
    yet and the flag won't be set anyhow).

When MR1 comes, it will be a simple matter to enable the flag setting
code and start testing it.

The fear is a false positive detection of incomplete encryption could
cause people to be prompted to wipe their data when MR1 comes out and
the flag is checked.  Not setting this for first release, and testing
this more before MR1, will give us confidence that the code will not
detect false positives of encryption failure.

Change-Id: I6dfba11646e291fe5867e8375b71a53c815f3968

* commit 'd33d417e':
  Detect when encryption failed to complete

For the case there encryption failes to complete because of a kernel
crash or the user power cycling the device, define a flag in the
crypto footer that says encryption is in progress.  Set it when starting
the actual encryption, and clear it when it successfully completes.

When the user is asked for the disk password, if the flag is set,
return a special error to the caller so the UI can know to tell the
user there is no valid data on the disk, and present a button to
wipe and reset the device.

Change-Id: I3723ec77f33437d94b3ac9ad5db0a5c950d11648