Skip to content

GitLab

Switch branch/tag
  1. 01 Feb, 2016 7 commits
  3. 28 Jan, 2016 1 commit
    • Paul Crowley's avatar
      Create disk encryption keys only when FBE enabled · ea62e26a
      Paul Crowley authored 
      Our code for creating disk encryption keys doesn't work everywhere,
and it doesn't need to; only on platforms that support FBE. Don't
create them elsewhere.

Bug: 26842807
Change-Id: I686d0ffd7cb3adbddfce661c22ce18f66acb1aba
      ea62e26a
  5. 27 Jan, 2016 2 commits
  7. 26 Jan, 2016 2 commits
    • Paul Crowley's avatar
      Use a keymaster-based key storage module · 1ef25581
      Paul Crowley authored 
      Instead of writing raw keys, encrypt the keys with keymaster. This
paves the way to protecting them with auth tokens and passwords later.
In addition, fold in the hash of a 16k file into their encryption, to
ensure secure deletion works properly.

Now even C++ier!

Bug: 22502684
Bug: 22950892
Change-Id: If70f139e342373533c42d5a298444b8438428322
      1ef25581
    • Narayan Kamath's avatar
      Unmount emulated filesystems before killing the fuse process. · ea243a30
      Narayan Kamath authored 
      Avoid ENOTCONN for file system operations.

bug: 26645585
bug: 26070583
Change-Id: I19b00db37ef7ba85a2cae16c7c4204826653f559
      ea243a30
  9. 21 Jan, 2016 1 commit
    • Paul Crowley's avatar
      Don't fail on unlock if we're not even emulating FBE · a042cb57
      Paul Crowley authored 
      As a precaution, we do the work of emulating an unlock even on devices
that aren't emulating FBE. However, we don't care if it fails, so
don't fail the calling command in that instance.

Bug: 26713622
Change-Id: I8c5fb4b9a130335ecbb9b8ea6367f1c59835c0f1
      a042cb57
  11. 20 Jan, 2016 1 commit
    • Paul Crowley's avatar
      Rework FBE crypto to match the N way of doing things · 285956fe
      Paul Crowley authored 
      Major rework and refactor of FBE code to load the keys at the right
time and in a natural way. The old code was aimed at our goals for M,
with patches on top, and didn't quite work.

Bug: 22358539

Change-Id: I9bf7a0a86ee3f2abf0edbd5966f93efac2474c2c
      285956fe
  13. 15 Jan, 2016 1 commit
  15. 14 Jan, 2016 1 commit
  17. 12 Jan, 2016 2 commits
  19. 11 Jan, 2016 2 commits
  21. 07 Jan, 2016 1 commit
    • Daichi Hirono's avatar
      Add allow_other mount option for appfuse. · 089ab074
      Daichi Hirono authored 
      After DocumentsProvider opens FD on app fuse, DocumentProvider passes it
to other applications. To allow other applications to use the FD on app
fuse, we need to specify allow_other mount option.

BUG=25756419

Change-Id: I3c729f90e5b822a7b1032bf80726cc234c0936b1
      089ab074
  23. 06 Jan, 2016 1 commit
  25. 22 Dec, 2015 1 commit
  27. 19 Dec, 2015 1 commit
  29. 17 Dec, 2015 1 commit
  31. 16 Dec, 2015 2 commits
  33. 15 Dec, 2015 1 commit
  35. 14 Dec, 2015 1 commit
  37. 11 Dec, 2015 3 commits
  39. 10 Dec, 2015 3 commits
  41. 09 Dec, 2015 2 commits
  43. 08 Dec, 2015 2 commits
    • Lenka Trochtova's avatar
      Introduce support for ephemeral users. · 395039f0
      Lenka Trochtova authored 
      BUG: 24883058

Change-Id: I77d4757f87214166e7c41c7eb0d06b1cd5f06b20
      395039f0
    • Jeff Sharkey's avatar
      Emulate media encryption, always chmod to unlock. · fc505c3f
      Jeff Sharkey authored 
      When FBE emulation is enabled, lock/unlock the media directories that
store emulated SD card contents.

Change unlocking logic to always chmod directories back to known
state so that we can recover devices that have disabled FBE
emulation.

Bug: 26010607, 26027473
Change-Id: I6d4bff25d8ad7b948679290106f585f777f7a249
      fc505c3f
  45. 05 Dec, 2015 1 commit