GitLab

Bug: 19993667
Change-Id: If8c0b346820f30c6a7dac495f935be17d677ffcc

vold works with two broad classes of block devices: untrusted devices
that come in from the wild, and trusted devices like PrivateVolume
which are encrypted.

When running blkid and fsck, we pick which SELinux execution domain
to use based on which class the device belongs to.

Bug: 19993667
Change-Id: I2695f028710a4863f0c3b2ed6da437f466401272

This adds support for private volumes which is just a filesystem
wrapped in a dm-crypt layer.  For now we're using the exact same
configuration as internal encryption (aes-cbc-essiv:sha256), but we
don't store any key material on the removable media.  Instead, we
store the key on internal storage, and use the GPT partition GUID
to identify which key should be used.

This means that private external storage is effectively as secure as
the internal storage of the device.  That is, if the internal storage
is encrypted, then our external storage key is also encrypted.

When partitioning disks, we now support a "private" mode which has
a PrivateVolume partition, and a currently unused 16MB metadata
partition reserved for future use.  It also supports a "mixed" mode
which creates both a PublicVolume and PrivateVolume on the same
disk.  Mixed mode is currently experimental.

For now, just add ext4 support to PrivateVolume; we'll look at f2fs
in a future change.  Add VolumeBase lifecycle for setting up crypto
mappings, and extract blkid logic into shared method.  Sprinkle some
more "static" around the cryptfs code to improve invariants.

Bug: 19993667
Change-Id: Ibd1df6250735b706959a1eb9d9f7219ea85912a0

Change-Id: I4e30ecff3c29d0f8351c6f43de1c979c8c792fab

Wire up new Disk and VolumeBase objects and events to start replacing
older DirectVolume code.  Use filesystem UUID as visible PublicVolume
name to be more deterministic.

When starting, create DiskSource instances based on fstab, and watch
for kernel devices to appear.  Turn matching devices into Disk
objects, scan for partitions, and create any relevant VolumeBase
objects.  Broadcast all of these events towards userspace so the
framework can decide what to mount.

Keep track of the primary VolumeBase, and update the new per-user
/storage/self/primary symlink for all started users.

Provide a reset command that framework uses to start from a known
state when runtime is restarted.  When vold is unexpectedly killed,
try recovering by unmounting everything under /mnt and /storage
before moving forward.

Remove UMS sharing support for now, since no current devices support
it; MTP is the recommended solution going forward because it offers
better multi-user support.

Switch killProcessesWithOpenFiles() to directly take signal.  Fix
one SOCK_CLOEXEC bug, but SELinux says there are more lurking.

Bug: 19993667
Change-Id: I2dad1303aa4667ec14c52f774e2a28b3c1c1ff6d

* commit '8a0fde27':
  Fixed type mismatch for ioctl(BLKGETSIZE)

* commit 'e9623fed':
  Fixed type mismatch for ioctl(BLKGETSIZE)

ioctl(BLKGETSIZE) expects unsigned long
(8 bytes on 64 bit environment).

This is fixing fails in android.os.storage.StorageManagerIntegrationTest
(in FrameworkCoreTests).

To verify, install FrameworksCoreTests.apk and do:

adb shell am instrument -r -w -e class android.os.storage.\
StorageManagerIntegrationTest#testMountSingleEncryptedObb \
com.android.frameworks.coretests/android.test.InstrumentationTestRunner

Change-Id: Ib6d5c7490c02521c93f107c35ad0aac49f6a3f1a

* commit '836e7860':
  Adding e4crypt support

* commit '8120c3d1':
  Adding e4crypt support

Redirect all crypto calls to e4crypt equivalents if file level encryption
detected. Note this change implements only the ones needed for minimal
functionality.

Requires matching change:
  https://googleplex-android-review.git.corp.google.com/#/c/642778/

Change-Id: I622d1a91704de4b3ab655486e6d38cd6718e6016

Redirect all crypto calls to e4crypt equivalents if file level encryption
detected. Note this change implements only the ones needed for minimal
functionality.

Requires matching change:
  https://googleplex-android-review.git.corp.google.com/#/c/642778/

Change-Id: I622d1a91704de4b3ab655486e6d38cd6718e6016

Now we skip mountpoints that are repeated.

Bug: 19744511
Change-Id: Iff1618274a07180e62a01c3e2479dc1d52baf267
Signed-off-by: JP Abgrall <jpa@google.com>

Change-Id: I23b1281a63031a7481ea7b33c9ddbdbe7d3d6174

Change-Id: I130b250a663cdfb379def24583523d0287ec31dd

This is the first in a series of changes that are designed to
introduce better support for dynamic block devices.

It starts by defining a new Volume object which represents a storage
endpoint that knows how to mount, unmount, and format itself.  This
could be a filesystem directly on a partition, or it could be an
emulated FUSE filesystem, an ASEC, or an OBB.

These new volumes can be "stacked" so that unmounting a volume will
also unmount any volumes stacked above it.  Volumes that provide
shared storage can also be asked to present themselves (through bind
mounts) into user-specific mount areas.

This change also adds a Disk class which is created based on block
kernel netlink events.  Instead of waiting for partition events from
the kernel, it uses gptfdisk to read partition details and creates
the relevant Volume objects.

Change-Id: I0e8bc1f8f9dcb24405f5e795c0658998e22ae2f7

Bug: 19624276
Change-Id: I84eeb029114d6ba2a26a53d4155d123d8acd7502

* commit '58819cde':
  fstrim.c: use open(O_DIRECTORY) instead of stat

* commit 'cdcffc0d':
  fstrim.c: use open(O_DIRECTORY) instead of stat

* commit '3393bb65':
  fstrim.c: use open(O_DIRECTORY) instead of stat

open(O_DIRECTORY) returns an error if the open attempt
is against anything other than a directory. This basically
duplicates the check that the stat() call was trying to do.
Eliminate the unnecessary stat() call and use O_DIRECTORY
instead.

Change-Id: I1821abbed325f29a7214fdc41ed27cd9e26817d0

* commit '42c79333':
  Rename keymaster_device_t to keymaster0_device_t.

* commit '47bc0ffa':
  Rename keymaster_device_t to keymaster0_device_t.

* commit '5054f7ee':
  Rename keymaster_device_t to keymaster0_device_t.

* commit 'af057b52':
  vold: acquire wakelock on fstrim thread

* commit 'aac44855':
  vold: acquire wakelock on fstrim thread

* commit 'c19c6738':
  vold: acquire wakelock on fstrim thread

* commit 'b87264fb':
  Rename keymaster_device_t to keymaster0_device_t.

If fstrim thread creation or detachment is failed, wakelock can be leaked.
So move wakelock acquire to do_fstrim_filesystems function

Change-Id: I4da3164343af83fae3e5b01700f43d1752661276
Signed-off-by: Young-ho Cha <ganadist@gmail.com>

This is to accomodate the new keymaster1_device_t, which has an entirely
different interface.

Soon I'll provide a libkeymaster which provides a unified (and nicer)
interface for dealing with both v0 and v1 keymaster implementations
using a v1 keymaster API.  For now this change is just so that vold will
build and run.

Change-Id: I5c54282c12d1c4b8b22ed4929b6e6c724a94ede4

This is to accomodate the new keymaster1_device_t, which has an entirely
different interface.

Soon I'll provide a libkeymaster which provides a unified (and nicer)
interface for dealing with both v0 and v1 keymaster implementations
using a v1 keymaster API.  For now this change is just so that vold will
build and run.

Change-Id: I5c54282c12d1c4b8b22ed4929b6e6c724a94ede4

This is to accomodate the new keymaster1_device_t, which has an entirely
different interface.

Soon I'll provide a libkeymaster which provides a unified (and nicer)
interface for dealing with both v0 and v1 keymaster implementations
using a v1 keymaster API.  For now this change is just so that vold will
build and run.

Change-Id: I5c54282c12d1c4b8b22ed4929b6e6c724a94ede4

Changing the device lock (even from swipe to none) will cause the
master key to be re-encrypted.
If at that point keymaster fails (e.g. due to an incompatible keymaster update)
cryptfs will write back the now-incomplete crypto metadata.
Upon next reboot, userdata can't be decrypted.

Now we don't bother writing on keymaster failure.

Bug: 19301883
Change-Id: I2b9a1278f8b4d333ac8d567e17e2263005e99409