Skip to content

GitLab

Switch branch/tag
  1. 06 Sep, 2016 1 commit
    • Wei Wang's avatar
      Update fs_mgr_mount_all function · 84c985e2
      Wei Wang authored 
      This is part of the change to support early/late fstab mounting in order
to support starting key services before /data mounting
fs_mgr_mount_all function updated with a parameter to support mounting mode
More information refer to init/readme.txt

(cherry picked from commit 1d6476c3c848ebc8fbdfa6945e1c3be447beb5a3)

Bug: 30118894
Change-Id: I5e925b900fd477f230a90514cc2b561c7a7e9f49
      84c985e2
  3. 31 Aug, 2016 1 commit
    • Jeff Sharkey's avatar
      DO NOT MERGE. Block adoptable storage when using FBE. · 84be704a
      Jeff Sharkey authored 
      For adoptable storage and FBE to coexist we need a new dm-biocrypt
kernel feature which isn't ready yet.  So for now, prevent devices
from being adopted on FBE devices.

Bug: 30770036
Change-Id: I47639209161ee403ce13ea9a60da235e97c3fc30
(cherry picked from commit 157175110948b3cf604e40420059aa5265039847)
      84be704a
  5. 25 Jul, 2016 1 commit
    • Paul Crowley's avatar
      Don't try to fixate CE keys for ephemeral users · 25a71387
      Paul Crowley authored 
      Ephemeral users don't have keys stored on disk at all, so it's neither
necessary nor possible to manipulate the disk keys here.

Bug: 30038313
Change-Id: Idc7ec1bfe1e8a6ffa6cee2f284dbe378097b08da
      25a71387
  7. 21 Jul, 2016 1 commit
  9. 19 Jul, 2016 1 commit
  11. 18 Jul, 2016 1 commit
    • Jeff Sharkey's avatar
      Only restorecon CE storage after unlocked. · d24aeda4
      Jeff Sharkey authored 
      On FBE devices, the filenames inside credential-encrypted directories
are mangled until the key is installed.  This means the initial
restorecon at boot needs to skip these directories until the keys
are installed.

This CL uses an existing facility to request that init run a
recursive restorecon over a given path, and it requests that
operation for the CE directories that would have been omitted by
the SKIPCE flag earlier during boot.

Bug: 30126557
Change-Id: I8c7abea27215075a091f615a7185a82a2f4a4a95
      d24aeda4
  13. 13 Jul, 2016 2 commits
  15. 12 Jul, 2016 2 commits
    • Paul Crowley's avatar
      Run secdiscard on encrypted key and key blob too · beb33a67
      Paul Crowley authored 
      Don't rely on cryptographic binding of secdiscard to key; securely
delete the other information needed to reconstruct the key too.

Bug: 26021231
Change-Id: If03d2c051b0ec2fdcb5c6f70bde7e3287424f216
      beb33a67
    • Paul Crowley's avatar
      Zero out blocks if BLKSECDISCARD fails · 2143ee8d
      Paul Crowley authored 
      On a device where we can't BLKSECDISCARD sectors, we "overwrite" them
with zeroes. This changes the FTL to remap those sectors to new
locations.  With this done, the old contents are accessible only given
a compromise of flash firmware or a die level attack.

Bug: 26021231
Change-Id: Ia065921389886fac1ba456c19c138187237c2561
      2143ee8d
  17. 06 Jul, 2016 3 commits
    • Henrik Baard's avatar
      Failing to "Migrate data" leaves target unusable · 77f156d9
      Henrik Baard authored 
      When "migrating" data failes due to insufficient space
at target location, the data copied so far is left in
target location, which in practice is now filled to the
brim.

If copy fails clean up the data copied so far since user
has the data in original location.

Bug: 26322200
Change-Id: Iab29a7f9e653e6857ee0e2723d151dfec81b14dd
      77f156d9
    • Henrik Baard's avatar
      Migrating data sometimes leaves emulated unmounted · 7f52bca4
      Henrik Baard authored 
      Sometimes migrating data fails to mount the target
volume after operation is finished.

MoveTask is running in its own thread, copying data
between external card and internal memory.

After copying the data the method "bringOnline" is
run. This method destroys and creates the volumes.

When VolumeBase::create() is run it will notify
MountService, who upon receiving this notification
will send a mount command to mount the new primary
storage.

This command will sometimes run before
setState(State::kUnmounted); is called on the newly
created volume. This will cause the mount command to
fail.

VoldConnector: SND -> {10 volume mount emulated 3 -1}
vold : emulated flags change requires state unmounted or unmountable
vold : emulated user change requires state unmounted or unmountable
vold : emulated mount requires state unmounted or unmountable

Lock bringOnline so no volume commands will be processed
until volumes are (re-)created and have correct state.

Bug: 26322200
Change-Id: I4aba85c226d904c42ae9edcdfec21619218939d6
      7f52bca4
    • Jeff Sharkey's avatar
      Fix copy/paste error in benchmark code. · f09a89a7
      Jeff Sharkey authored 
      This had minimal impact on the results, since 95% of the writes were
performed through pwrite(), but it's important to fix this for future
benchmark suites.

Bug: 29759783
Change-Id: Ic628aab98b9f9def78508cc722899afdefed84ae
      f09a89a7
  19. 29 Jun, 2016 1 commit
  21. 22 Jun, 2016 1 commit
  23. 27 May, 2016 1 commit
  25. 23 May, 2016 1 commit
  27. 18 May, 2016 1 commit
  29. 17 May, 2016 1 commit
  31. 11 May, 2016 1 commit
  33. 10 May, 2016 5 commits
  35. 09 May, 2016 1 commit
  37. 06 May, 2016 1 commit
    • Paul Crowley's avatar
      Two phases to set the password for disk encryption · 92c5eeb4
      Paul Crowley authored 
      In one phase, we make the new password work, and in the second we make
it the only one which works ("fixation"). This means that we can set
the password in Gatekeeper between these two phases, and a crash
doesn't break things. Unlocking a user automatically fixates the
presented credential.

Bug: 28154455
Change-Id: I54623c8652f0c9f72dd60388a7dc0ab2d48e81c7
      92c5eeb4
  39. 29 Apr, 2016 2 commits
  41. 27 Apr, 2016 2 commits
  43. 25 Apr, 2016 4 commits
  45. 19 Apr, 2016 3 commits
  47. 18 Apr, 2016 2 commits