GitLab

Bug: 27452459
Change-Id: I89e813755da0946de4effd827799681df7e12d82

The formatting here is inconsistent with Android house style; use
clang-format to bring it back into line.

Change-Id: Id1fe6ff54e9b668ca88c3fc021ae0a5bdd1327eb

Google/Android C++ style requires that arguments passed in for writing
should be pointers, not references, so that it's visible in the caller
that they'll be written to.

Bug: 27566014
Change-Id: I5cd55906cc4b2f61c8b97b223786be0b3ce28862

A bug meant that the auth token wasn't being used; it turns out that
in order to use it we need to do things slightly differently.

Bug: 27496553
Change-Id: I0f0ab77fed31b92a79eba4acf488cb098691b4be

- catch errors in looking for the keyring
- static_assert to prevent a buffer overrun
- remove obsolete, misleading comment
- dial down priority of some log messages
- explain why we ignore some errors
- idiomatic C++11

Bug: 27552432
Change-Id: Ic3ee05b41eae45e7c6b571a459b326a483663526

Currently, vold only supports MMC (for SD cards) and SCSI (for USB
drives) devices. It does not recognize any device whose major number is
not one of those used by MMC and SCSI. Unfortunately, virtio-blk is one
such device. It is used by the new Android emulator (a.k.a. qemu2,
featuring the "ranchu" virtual board) for SD card emulation.

In order to make this virtio-blk based SD card device appear in Android
and appear as an SD card (rather than a USB drive), changes have to be
made to both vold (wherever the device major number is checked) and
ranchu's storage configuration. This CL implements former.

This is a stop-gap solution for emulator in nyc.
A longer term solution in-tune with upstream kernel is in the pipes.

Updated from aosp/master version.

BUG:27431753

Change-Id: I5014edec73be7c5b565d91542464c82cbe58992c
Signed-off-by: Yu Ning <yu.ning@intel.com>
(cherry picked from commit 5b1d1c7dfa13b4dca75213581dc8351b841b76c8)

Bug: 27440526
Change-Id: I818450252dcd39f21948fc2e70856659eba5f50f

Bug: 27444691
Change-Id: I0d30e8883fe655c90cda47ab167a878764ea0802

This is a special profile folder where apps will leave profile markers
for the dex files they load and don't own. System server will read the
markers and decide if the apks should be fully compiled instead of
profile guide compiled.

Bug: 27334750
Bug: 26080105
Change-Id: Ib18f20cf78a8dbfc465610ec6ceec52699c5420a

Bug: 26719109
Bug: 26563023
Change-Id: I4737b7f73df74b2b787a62db2e231f136115b359

Bug: 26948053
Change-Id: I8c117bfe5e85e73af72b6ecafea39924f3561c7c

Bug: 27056334
Change-Id: Ifa7f776c21c439f89dad7836175fbd045e1c603e

Bug: 27061863
Change-Id: Id998bb4534f657079e95718ef52af3f23100fb10

Change-Id: Ib3592b598ee07bc71a6f9507570bf4623c1cdd6a

Change-Id: I4d6156332cfc847e25e7c8863fd6a50fa325fb87

Also fix a PLOG that should be a LOG.

Change-Id: Ic5ae288c37b6e236172f9e38349c2d0d530bfd4d

Bug: 27075797
Change-Id: I835d17d02ea50a88ef0a5322a30e04f3d0237019

Change-Id: Ic51f375e500cd61bda926e3b039126a840ed89f0

Added a new call change_user_key which changes the way that disk
encryption keys are protected; a key can now be protected with a
combination of an auth token and a secret which is a hashed password.
Both of these are passed to unlock_user_key.

This change introduces a security bug, b/26948053, which must be fixed
before we ship.

Bug: 22950892
Change-Id: Iac1e45bb6f86f2af5c472c70a0fe3228b02115bf

Add new misc directories to list of paths that we lock/unlock in
emulation mode.  When booting a device without native-FBE and without
emulation, make sure we "unlock" any emulated settings on user 0;
MountService handles this for secondary users later during boot.

Bug: 27069522
Change-Id: I15c7cf00a7231ce99b2e4e11a25106d7b87e70cc

Give callers the option of preparing CE and/or DE storage.  The
framework will only prepare CE storage after the CE keys have been
unlocked for that user.

When init is calling enablecrypto, kick off the work in a thread so
that we can make other calls back into vold without causing
deadlock.  Leaves blocking call intact for framework callers.

Clean up 'vdc' tool to send useful transaction numbers, and
actually watch for the matching result to come back.  This fixes
race conditions when there are multiple 'vdc' callers.

Also add other system and misc directories to match spec.

Bug: 25796509
Change-Id: Ie4f853db6e387916b845d2b5fb92925d743b063d

BUG=26147865

Change-Id: I1812c46d0f80eaea9a9a3fa944bc4d0126ae8ba1

Change-Id: I5728f03dbde6621e410efcda1d93054915793407

New style logging
Remove set/get field from e4crypt
Save keys to temp file then rename

See https://googleplex-android-review.git.corp.google.com/#/c/858922/

Change-Id: I454c3f78489b491ffc1230a70dce64935e4e0f8a

Change-Id: I420f548115c1b55e62b193c60d569fdda518af1a

Change-Id: Ie179cb09f9f24382afd0fe0f3aa2a1ad943a7f5d

BUG=26148108

Change-Id: I2297fd227a4c607054e0403e73bd9c857f580a1c

Change-Id: I69f36f560334b11b099f2eb15999603dd2469d4f

am: 6f69ee09

* commit '6f69ee09':
  cryptfs: run e2fsck/fsck.f2fs in fsck domain

e2fsck and fsck.f2fs must run in the fsck domain. Add call to
setexeccon() to tell selinux to run in the fsck domain on exec.

Addresses:
avc: denied { execute_no_trans } for path="/system/bin/e2fsck" dev="mmcblk0p41" ino=241 scontext=u:r:vold:s0 tcontext=u:object_r:fsck_exec:s0 tclass=file

Bug: 26872236
Change-Id: Ib2a583aeefc667f8aa67532e0ac0ff9619b65461

FBE devices need a factory reset after this change.

Bug: 26704408
Change-Id: I150b82a13a4a007d9a8997ef6a676e96576356b2

Mainly a refactor, but with a substantive change: Keys are created in
a temporary location, then moved to their final destination, for
atomicity.

Bug: 26704408
Change-Id: I0b2dc70d6bfa1f8a65536dd05b73c4b36a4699cf