Commits · 92c5eeb46779f0fa1c9e6db6b0d632d960cbb2e4 · halo / system_vold

09 Mar, 2016 2 commits

Run clang-format over ext4crypt related code · df528a70

Paul Crowley authored 9 years ago

The formatting here is inconsistent with Android house style; use
clang-format to bring it back into line.

Change-Id: Id1fe6ff54e9b668ca88c3fc021ae0a5bdd1327eb

df528a70

Use pointers not references for out arguments · a051eb7a

Paul Crowley authored 9 years ago

Google/Android C++ style requires that arguments passed in for writing
should be pointers, not references, so that it's visible in the caller
that they'll be written to.

Bug: 27566014
Change-Id: I5cd55906cc4b2f61c8b97b223786be0b3ce28862

a051eb7a

08 Feb, 2016 1 commit

Password security for FBE disk encryption keys · 05720808

Paul Crowley authored 9 years ago

Added a new call change_user_key which changes the way that disk
encryption keys are protected; a key can now be protected with a
combination of an auth token and a secret which is a hashed password.
Both of these are passed to unlock_user_key.

This change introduces a security bug, b/26948053, which must be fixed
before we ship.

Bug: 22950892
Change-Id: Iac1e45bb6f86f2af5c472c70a0fe3228b02115bf

05720808

27 Jan, 2016 1 commit

Improvements to the key storage module · 13ffd8ef

Paul Crowley authored 9 years ago

The key storage module didn't comply with Android coding standards
and had room for improvemnet in a few other ways, so have cleaned up.

Change-Id: I260ccff316423169cf887e538113b5ea400892f2

13ffd8ef

26 Jan, 2016 1 commit

Use a keymaster-based key storage module · 1ef25581

Paul Crowley authored 9 years ago

Instead of writing raw keys, encrypt the keys with keymaster. This
paves the way to protecting them with auth tokens and passwords later.
In addition, fold in the hash of a 16k file into their encryption, to
ensure secure deletion works properly.

Now even C++ier!

Bug: 22502684
Bug: 22950892
Change-Id: If70f139e342373533c42d5a298444b8438428322

1ef25581

21 Oct, 2015 1 commit

vold: fix 64 bit ioctl error · a4f48d0f

Mateusz Nowak authored 9 years ago


Changing the num_sectors used in ioctl with BLKGETSIZE because
the kernel expects an unsigned long type and then changes 64 bits
with a 64 bits userspace. This overwrites what's located close to
the parameter location if any.

Change-Id: I78fd61a1084de2741f39b926aa436462518709a0
Signed-off-by: Mateusz Nowak <mateusz.nowak@intel.com>
Signed-off-by: Zhiquan Liu <zhiquan.liu@intel.com>

a4f48d0f

09 Jun, 2015 1 commit

Add f2fs support for private volumes. · d0640f63

Jeff Sharkey authored 10 years ago

When formatting volumes, pass along fsType string which can be "auto"
to let the volume select the best choice.  For now, private volumes
assume that MMC devices (like SD cards) are best off using f2fs when
both kernel support and tools are present, otherwise fall back to
ext4.  Use blkid when mounting to pick the right set of tools.

Move filesystem utility methods into namespaces and place in separate
directory to be more organized.

Bug: 20275581
Change-Id: Id5f82d8672dda2e9f68c35b075f28232b0b55ed4

d0640f63

01 Apr, 2015 1 commit

Support for private (adopted) volumes. · 9c48498f

Jeff Sharkey authored 10 years ago

This adds support for private volumes which is just a filesystem
wrapped in a dm-crypt layer.  For now we're using the exact same
configuration as internal encryption (aes-cbc-essiv:sha256), but we
don't store any key material on the removable media.  Instead, we
store the key on internal storage, and use the GPT partition GUID
to identify which key should be used.

This means that private external storage is effectively as secure as
the internal storage of the device.  That is, if the internal storage
is encrypted, then our external storage key is also encrypted.

When partitioning disks, we now support a "private" mode which has
a PrivateVolume partition, and a currently unused 16MB metadata
partition reserved for future use.  It also supports a "mixed" mode
which creates both a PublicVolume and PrivateVolume on the same
disk.  Mixed mode is currently experimental.

For now, just add ext4 support to PrivateVolume; we'll look at f2fs
in a future change.  Add VolumeBase lifecycle for setting up crypto
mappings, and extract blkid logic into shared method.  Sprinkle some
more "static" around the cryptfs code to improve invariants.

Bug: 19993667
Change-Id: Ibd1df6250735b706959a1eb9d9f7219ea85912a0

9c48498f

10 Jun, 2014 1 commit

Added support for ext4 ASEC resizing. · fcd34a0d

Daniel Rosenberg authored 11 years ago


ASECs formatted as ext4 can now be resized using vdc asec resize.
Refactored some common code.
Requires resize2fs.

Change-Id: Ie78bb6015114a7bc4af42b16d1f299322ffc1e2a
Signed-off-by: Daniel Rosenberg <drosen@google.com>

fcd34a0d

28 May, 2014 1 commit

Fixed bugs with ASEC filesystem. · 6a74dcaa

Daniel Rosenberg authored 11 years ago


Changed ext4 to be 4kb aligned, and fat to be 32kb aligned.
Fixed issue that could potentially cause unencrypted ext4
ASECS to overwrite the ASEC super block when filled.

Change-Id: I890426c82ac9cbc65add85a8e3f5063504193c31
Signed-off-by: Daniel Rosenberg <drosen@google.com>

6a74dcaa

21 Sep, 2012 1 commit

Extend vold support for creating ext4 images. · a54e13a3

rpcraig authored 12 years ago

Augment the Ext4::format function to take
a mountpoint parameter. This will then
be passed to make_ext4fs through the
-a option to allow proper security labeling.

Change-Id: Ic26703406a2c463c12e32c8103a0c75c727b7d29

a54e13a3

25 Apr, 2012 1 commit

Add in ext4 support for ASEC containers · 344ca108

Kenny Root authored 13 years ago

Now forward locked applications will be in ASEC containers both internal
to the system and externally.

This change adds support for putting applications in ext4-based ASECs.

Change-Id: I8d6765b72dd2606e429c067b47a2dbcaa8bef37d

344ca108

11 Oct, 2009 1 commit
- system: vold2: Initial skeleton for vold2. · f1b736bc
  San Mehat authored 15 years ago
```
  Let there be light.
Signed-off-by: San Mehat <san@android.com>
```
  f1b736bc