| Age | Commit message (Collapse) | Author |
|---|
|
As storage is not mounted in system server, we use vold
to check if storage app data and obb directories exist instead.
We add a method in vold so it only creates app data and obb dirs
if dirs do not exist to speed up app starting time.
Bug: 160336374
Test: Data and obb directories are created when a new app is started
Change-Id: I1bd784d9c9e05463f71433fc782ac4e0c831cbf1
|
|
|
|
vdc commands use camelCase, not kebab-case.
Test: EarlyBootKeyTest.CannotCreateEarlyBootKeys
Change-Id: I7be4d3008a731829e5d5e025216cb2ade238a530
|
|
|
|
|
|
Since /storage/emulated/userId isn't accessible for users != userId,
and vold should anyway try to avoid accessing the FUSE filesystem itself.
Bug: 172078780
Test: atest StorageManagerTest --user-type secondary_user
Change-Id: I98222bf844a6b7d8ec0d9873eddc71f61aa68c90
|
|
There've been reports of issues where, when a volume is ejected, the
MediaProvider process gets killed. This happens because the
MediaProvider has a file open on the volume (eg, during a scan). We do
abort the scan when the volume is ejected, however this could take some
time. So, we give MediaProvider a bit more time before getting killed,
by only looking for files open on the pass_through paths last. This
order anyway seems to make more sense - ideally we kill apps using
external storage before we unmount the pass_through path underlying it.
Bug: 171367622
Test: atets AdoptableHostTest
Change-Id: Ie8eacaa72a80ff8161ecf1e8c0243afcd890ee39
|
|
|
|
|
|
This allows us to determine the place where early boot ends from init.
It also allows fixing a bug where early boot wasn't ended previously on
devices without metadata encryption.
Bug: 168585635
Bug: 173005594
Test: inspect logs
Change-Id: I78775672a7d3c140e007235a10fb1d1bc816fcee
|
|
exfatprogs accepts 'y' for no interaction repair.
Change-Id: I2c436816a293a36fc9f0cd635cdb9ca3b5f88bfc
|
|
|
|
Remove the error-prone 'keepOld' parameter, and instead make begin()
(renamed to BeginKeymasterOp()) do all the key upgrade handling.
Don't handle /data and /metadata differently anymore. Previously, when
a checkpoint is active, key blob files were replaced on /data
immediately; only the actual Keymaster key deletion was delayed until
checkpoint commit. But it's easier to just delay the key blob file
replacement too, as we have to implement that for /metadata anyway.
Also be more vigilant about deleting any leftover upgraded keys.
Test: Tested on bramble using an OTA rvc-d1-release => master. In OTA
success case, verified via logcat that the keys were upgraded and
then were committed after the boot succeeded. In OTA failure
case, verified that the device still boots -- i.e., the old keys
weren't lost. Verified that in either case, no
keymaster_key_blob_upgraded files were left over. Finally, also
tried 'pm create-user' and 'pm remove-user' and verified via
logcat that the Keymaster keys still get deleted.
Change-Id: Ic9c3e63e0bcae0c608fc79050ca4a1676b3852ee
|
|
|
|
fsync() the cryptofd when done writing to it. Without this, any
remaining dirty pages in the crypto_blkdev's page cache (which there
might be a lot of, even as much as all the data that was written) won't
be flushed to disk until the cryptofd is closed, which ignores I/O
errors and is also after we already reported 100% completion.
There wasn't an fsync() in the original version either, so we've been
getting by without it, but it seems it should be there.
Change-Id: Idd1be3ae67ce96ecf3946b9efb9fc57414f5805a
|
|
* changes:
Refactor EncryptInplace.cpp
Correctly calculate tot_used_blocks on ext4 with uninit_bg
Fix memory leak of f2fs_info
Remove special handling for missing crypto_blkdev
Check return value of create_crypto_blk_dev()
Remove unused support for partial encryption
|
|
Refactor EncryptInplace.cpp to simplify and improve it a lot. This is
everything that didn't fit into prior commits, including:
- Share a lot more code between ext4, f2fs, and full encryption.
- Improve the log messages. Most importantly, don't spam the log with
huge numbers of messages, and don't log errors in expected cases.
Note: generate_f2fs_info() is still too noisy, but that's part of
"system/extras", not vold, so this change doesn't change that.
- When possible, do 32K reads/writes for f2fs and for full encryption,
not just for ext4. This might improve performance.
- Take advantage of C++ functionality.
- Be more careful about edge cases. E.g. if the calculation of the
number of blocks to encrypt was wrong, don't set vold.encrypt_progress
to > 99 until we're actually done.
The net change is over 200 lines removed.
Before-after comparison of log when enabling metadata encryption:
ext4 before:
I vold : Beginning inplace encryption, nr_sec: 16777216
D vold : cryptfs_enable_inplace(/dev/block/dm-8, /dev/block/by-name/userdata, 16777216, 0)
D vold : Opening/dev/block/by-name/userdata
D vold : Opening/dev/block/dm-8
I vold : Encrypting ext4 filesystem in place...
[omitted 6387 log messages]
I vold : Encrypted to sector 822084608
D vold : cryptfs_enable_inplace_ext4 success
I vold : Inplace encryption complete
ext4 after:
D vold : encrypt_inplace(/dev/block/dm-8, /dev/block/by-name/userdata, 16777216, false)
D vold : ext4 filesystem has 64 block groups
I vold : Encrypting ext4 filesystem on /dev/block/by-name/userdata in-place via /dev/block/dm-8
I vold : 50327 blocks (206 MB) of 2097152 blocks are in-use
D vold : Encrypted 10000 of 50327 blocks
D vold : Encrypted 20000 of 50327 blocks
D vold : Encrypted 30000 of 50327 blocks
D vold : Encrypted 40000 of 50327 blocks
D vold : Encrypted 50000 of 50327 blocks
D vold : Encrypted 50327 of 50327 blocks
I vold : Successfully encrypted ext4 filesystem on /dev/block/by-name/userdata
f2fs before:
I vold : Beginning inplace encryption, nr_sec: 16777216
D vold : cryptfs_enable_inplace(/dev/block/dm-8, /dev/block/by-name/userdata, 16777216, 0)
D vold : Opening/dev/block/by-name/userdata
D vold : Opening/dev/block/dm-8
E vold : Reading ext4 extent caused an exception
D vold : cryptfs_enable_inplace_ext4()=-1
[omitted logspam from f2fs_sparseblock]
I vold : Encrypting from block 0
I vold : Encrypted to block 15872
I vold : Encrypting from block 16384
I vold : Encrypted to block 16385
I vold : Encrypting from block 17408
I vold : Encrypted to block 17412
D vold : cryptfs_enable_inplace_f2fs success
I vold : Inplace encryption complete
f2fs after:
D vold : encrypt_inplace(/dev/block/dm-8, /dev/block/by-name/userdata, 16777216, false)
[omitted logspam from f2fs_sparseblock]
I vold : Encrypting f2fs filesystem on /dev/block/by-name/userdata in-place via /dev/block/dm-8
I vold : 15880 blocks (65 MB) of 2097152 blocks are in-use
D vold : Encrypted 10000 of 15880 blocks
D vold : Encrypted 15880 of 15880 blocks
I vold : Successfully encrypted f2fs filesystem on /dev/block/by-name/userdata
Test: Booted Cuttlefish with metadata encryption enabled and with the
userdata filesystem using (1) ext4, (2) f2fs, and (3) f2fs but
with EncryptInplace.cpp patched to not recognize the filesystem
and fall back to the "full" encryption case. Checked that the log
messages were as expected and that /data was mounted.
I've had no luck testing FDE yet; it doesn't work even without
these changes. Suggestions appreciated...
Change-Id: I08fc8465f7962abd698904b5466f3ed080d53953
|
|
The calculated number of blocks to encrypt is too high on ext4
filesystems that have the uninit_bg feature. This is because the
calculation assumes that all blocks not counted in bg_free_blocks_count
need to encrypted. But actually, uninitialized block groups have inode
blocks which vold doesn't encrypt since they are uninitialized, but they
are "allocated" and thus reduce bg_free_blocks_count.
Therefore, add a helper function num_base_meta_blocks_in_group() which
returns the number of blocks to encrypt in an uninitialized block group.
Use it both for the encryption and for calculating 'tot_used_blocks'.
Also compute 'tot_used_blocks' additively rather than subtractively, as
this is easier to understand.
Test: see I08fc8465f7962abd698904b5466f3ed080d53953
Change-Id: I4d2cb40291da67dd1bafd61289ccb9e6343bfda3
|
|
'struct f2fs_info' from system/extras/f2fs_utils is supposed to be
freed using free_f2fs_info(), not just free().
Test: see I08fc8465f7962abd698904b5466f3ed080d53953
Change-Id: If6e75e5c604b40be24538b156a37cc76f4f0d4f7
|
|
This logic is no longer necessary, since the code that creates the
crypto_blkdev (create_crypto_blk_dev() in MetadataCrypt.cpp or in
cryptfs.cpp) now waits for the block device to appear before continuing.
It's also worth noting that the retry loop was only present for ext4,
not for f2fs, yet most Android devices are using f2fs these days.
Test: see I08fc8465f7962abd698904b5466f3ed080d53953
Change-Id: I173ca6cc187a810e008990dfa22aede58632db25
|
|
cryptfs_enable_internal() forgot to check the return value of
create_crypto_blk_dev(), so it was continuing to
cryptfs_enable_inplace() when creating the dm-crypt device failed, which
doesn't make sense.
Test: see I08fc8465f7962abd698904b5466f3ed080d53953
Change-Id: If9f20069d0f084150aa887a350f7c0c31a6d80f2
|
|
Commit 87999173dd79 ("Don't corrupt ssd when encrypting and power
fails") added a lot of code to handle pausing in-place conversion from
unencrypted => FDE when the battery was low, and resuming it later.
It was eventually decided that this wasn't needed, and commit
7e17e2d22678 ("Don't worry about battery levels when encrypting")
removed the checks for low battery.
This made the partial encryption code unused. So remove it.
Note that this was cluttering up the metadata encryption code too, since
EncryptInplace.cpp is now shared by both FDE and metadata encryption.
Bug: 16868177
Test: see I08fc8465f7962abd698904b5466f3ed080d53953
Change-Id: Ibd2eb08a2aa15938097abcb8a67b5a813c4d76c7
|
|
* changes:
FsCrypt: silently skip "." and ".." when loading keys
Utils: add IsDotOrDotDot() and use it in the appropriate places
|
|
Avoid logging useless messages like:
D vold : Skipping non-key .
D vold : Skipping non-key ..
D vold : Skipping non-de-key .
D vold : Skipping non-de-key ..
Change-Id: I8d2bd67d554605a5ab9faadd3730870dfe0881f6
|
|
Change-Id: I704522b26acfb3e7c423d9a14d69ede513b50482
|
|
|
|
Commit 77df7f207dce / http://aosp/1217657 ("Refactor to use
EncryptionPolicy everywhere we used to use raw_ref") unintentionally
made fscrypt_initialize_systemwide_keys() start specifying keepOld=true
(via default parameter value) when retrieving the system DE key, and
likewise for read_or_create_volkey() and volume keys.
As a result, if the associated Keymaster key needs to be upgraded, the
upgraded key blob gets written to "keymaster_key_blob_upgraded", but it
doesn't replace the original "keymaster_key_blob", nor is the original
key deleted from Keymaster. This happens at every boot, eventually
resulting in the RPMB partition in Keymaster becoming full.
Only the metadata encryption key ever needs keepOld=true, since it's the
only key that isn't stored in /data, and the purpose of keepOld=true is
to allow a key that isn't stored in /data to be committed or rolled back
when a userdata checkpoint is committed or rolled back.
So, fix this bug by removing the default value of keepOld, and
specifying false everywhere except the metadata encryption key.
Note that when an affected device gets this fix, it will finally upgrade
its system DE key correctly. However, this fix doesn't free up space in
Keymaster that was consumed by this bug.
Test: On bramble:
- Flashed rvc-d1-dev build, with wiping userdata
- Flashed a newer build, without wiping userdata
- Log expectedly shows key upgrades:
$ adb logcat | grep 'Upgrading key'
D vold : Upgrading key: /metadata/vold/metadata_encryption/key
D vold : Upgrading key: /data/unencrypted/key
D vold : Upgrading key: /data/misc/vold/user_keys/de/0
D vold : Upgrading key: /data/misc/vold/user_keys/ce/0/current
- Rebooted
- Log unexpectedly shows the system DE key being upgraded again:
$ adb logcat | grep 'Upgrading key'
D vold : Upgrading key: /data/unencrypted/key
- "keymaster_key_blob_upgraded" unexpectedly still exists:
$ adb shell find /data /metadata -name keymaster_key_blob_upgraded
/data/unencrypted/key/keymaster_key_blob_upgraded
- Applied this fix and flashed, without wiping userdata
- Log shows system DE key being upgraded (expected because due to the
bug, the upgraded key didn't replace the original one before)
$ adb logcat | grep 'Upgrading key'
D vold : Upgrading key: /data/unencrypted/key
- "keymaster_key_blob_upgraded" expectedly no longer exists
$ adb shell find /data /metadata -name keymaster_key_blob_upgraded
- Rebooted
- Log expectedly doesn't show any more key upgrades
$ adb logcat | grep 'Upgrading key'
Bug: 171944521
Bug: 172019387
Change-Id: I42d3f5fbe32cb2ec229f4b614cfb271412a3ed29
|
|
|
|
These ioctls take a pointer to an 'int' (or an 'unsigned int', it
doesn't matter), not an 'unsigned long'. See 'man ioctl_iflags'.
Presumably it happened to work anyway because Android only runs on
little endian platforms.
Bug: 146419093
Bug: 163453310
Change-Id: I73099dafd4ee8d497c0a754149271871a37454f6
Signed-off-by: Eric Biggers <ebiggers@google.com>
|
|
|
|
|
|
We previously only set +F for /data/media, but adopted storage needs
this as well. Instead we add support for adding attrs to PrepareDir.
Bug: 163453310
Test: sm set-virtual-disk true
follow UI setup and confirm +F on /mnt/expand/*/media
Change-Id: I08f13b57a4de3538e88b38eb95b0ac115a5a5ce8
Merged-In: I08f13b57a4de3538e88b38eb95b0ac115a5a5ce8
|
|
|
|
Generate a storage key without rollback_resistance when device doesnt
support the corresponding tag.
Bug: 168527558
Change-Id: Iaf27c64dba627a31c9cbd9178458bf6785d00251
|
|
Original change: https://android-review.googlesource.com/c/platform/system/vold/+/1462712
Change-Id: If01239e184cd19de660fa158d599c9826ea0cf71
|
|
Original change: https://android-review.googlesource.com/c/platform/system/vold/+/1462708
Change-Id: Id26dbda854480c74d07fcec87f1d045325bf625a
|
|
Original change: https://android-review.googlesource.com/c/platform/system/vold/+/1462709
Change-Id: I75d169008b857848c314598cac4d87f27d6919b1
|
|
* changes:
IdleMaint: skip swap space, bind mounts, and virtual filesystems
IdleMaint: use fstab_default from VoldUtil
|
|
|
|
|
|
When the idle maintenance task runs on Cuttlefish, there are several
warnings printed to logcat after the expected messages:
D vold : Starting trim of /data
I vold : Trimmed 0 bytes on /data in 36ms
D vold : Starting trim of /cache
I vold : Trimmed 58662912 bytes on /cache in 0ms
D vold : Starting trim of /metadata
I vold : Trimmed 7725056 bytes on /metadata in 12ms
D vold : Starting trim of none
W vold : Failed to open none: No such file or directory
D vold : Starting trim of /sdcard
W vold : Failed to open /sdcard: Not a directory
D vold : Starting trim of /mnt/vendor/shared
W vold : Trim failed on /mnt/vendor/shared: Inappropriate ioctl for device
This is because vold gathers the filesystems to trim from the fstab, but
it fails to exclude some entries that aren't appropriate to trim:
/dev/block/zram0 none swap defaults zramsize=75%
/tmp /sdcard none defaults,bind recoveryonly
shared /mnt/vendor/shared virtiofs nosuid,nodev,noatime nofail
These should be excluded because they are swap space, a bind mount, and
a virtual filesystem respectively.
Fix addFromFstab() to exclude the above cases.
Afterwards, the messages on Cuttlefish are:
D vold : Starting trim of /data
I vold : Trimmed 0 bytes on /data in 39ms
D vold : Starting trim of /cache
I vold : Trimmed 58662912 bytes on /cache in 0ms
D vold : Starting trim of /metadata
I vold : Trimmed 9822208 bytes on /metadata in 12ms
Change-Id: Idc575106fe6f81c737f684429d58dba4bd5478ad
|
|
vold already reads the default fstab into memory when starting up, and
the default fstab isn't allowed to change later. So in IdleMaint.cpp,
just use 'fstab_default' instead of reading it again.
This also has the advantage that fstab entries for "logical partitions"
now get a properly updated blk_device, which is needed in order to start
using blk_device to exclude virtual filesystems in addFromFstab().
Change-Id: Id6457a2b7972d01dde4bca0c5f2da86374d930af
|
|
When vold starts up, there are lots of warnings like:
W vold : Failed to LOOP_GET_STATUS64 /dev/block/loop30: No such device or address
W vold : Failed to LOOP_GET_STATUS64 /dev/block/loop29: No such device or address
W vold : Failed to LOOP_GET_STATUS64 /dev/block/loop28: No such device or address
vold is iterating through all loop devices and unbinding the file from
any vold-managed ones.
It's expected that not all loop devices have a file bound to them,
however. On these, LOOP_GET_STATUS64 fails with ENXIO.
Don't print a warning in such cases.
Change-Id: I91755259dc2c09b1869627259d1e59d5edd6f145
|
|
As per the discussion at http://aosp/1456266, the retry loop in
create_crypto_blk_dev() doesn't appear to be needed. Remove it.
For now don't bother removing the same retry loop in cryptfs.cpp, since
the FDE code isn't really being updated anymore and eventually will be
removed entirely.
Change-Id: Iba0b046f9cdd9723ea1a2ae70f4d4aed4355b97b
|
|
destroyDsuMetadataKey() / destroy_dsu_metadata_key() calls
android::gsi::GetDsuMetadataKeyDir() to query the DSU metadata
encryption key dir and destroy the key.
This releases the resource and allows consecutive DSU installations to
use the same key *directory*, but not the same key *blob*.
Bug: 168571434
Test: 1. Install a DSU system.
2. Boot the DSU system and reboot back to the host system.
3. Wipe the DSU installation.
4. DSU metadata key dir /metadata/vold/metadata_encryption/dsu/dsu is
destroyed.
Change-Id: Ib851177315a5a266807f46ccfd446de1848232cf
|
|
Original change: https://android-review.googlesource.com/c/platform/system/vold/+/1456266
Change-Id: Id232a623d6aa3beaa3fdb5b31c722e96da6d75c9
|
|
|
|
Using the regular CreateDevice() variant with getDmDeviceByName() has a
race-condition that is documented in libdm/dm.h; instead, use the
variant with a timeout, which guarantees that the block device exists
when it returns.
Test: atest AdoptableHostTest
Bug: 150935323
Change-Id: Ic06cad9af7c44e23359d95b262f68dba27ddfb3a
|
|
Merged-In: I876aaf6bba933c964a3573d8053cc60829b3a5fa
Change-Id: I4c8616d3c17e3b9818bde3299fcc79f5444a95f5
|
|
Original change: https://android-review.googlesource.com/c/platform/system/vold/+/1437215
Change-Id: I4e09204e7b0e2a0c3028ba38238bf65636144ad2
|
