This is used by LockSettingsService to delete sensitive credential files.
Bug: 34600579
Test: manual - change device lock under synthetic password, verify
old data on disk is erased.
Change-Id: I5e11b559ad8818bd2ad2b321d67d21477aab7555
Merged-In: I5e11b559ad8818bd2ad2b321d67d21477aab7555
Was depending on this transitively from MQDescriptor.h
Test: links
Bug: 37791060
Change-Id: I9b52bbe9ac6c3a54fdb6e352e90eba50914633d4
(cherry picked from commit 25e8b4b4f6)
This reverts commit 8ad0bef7b5.
Bug: 37231161
Test: Boot device with FBE enabled. ls /storage/emulated/0/Android
Unlock device. ls /storage/emulated/0/Android
1st will not be found. Second should be found.
Change-Id: I92c7ad0adaa7bd357e10661a47cc667ac0ff84b4
Merged-In: I92c7ad0adaa7bd357e10661a47cc667ac0ff84b4
The keyname binded to keyring return a wrong string when there are binary char larger than 127,
the sign extension will introduce unexpect FFFFFF string to the keyname.
Bug: 36975893
Test: local build
Change-Id: Iba2f6ef95aeacd08c8d6c72b71e7b92e956ec3fc
Signed-off-by: Ai, Ting A <ting.a.ai@intel.com>
This reverts commit 6abe6831b5.
Bringing this back temporarily for the same issue on sdcardfs.
Will remove once the kernel issue is resolved.
Change-Id: Ia29ea4fddb7777012a2eea9259f9ac856773fe01
Bug: 37231161
Test: Boot device with FBE enabled. ls /storage/emulated/0/Android
Unlock device. ls /storage/emulated/0/Android
1st will not be found. Second should be found.
Select whichever is real dir instead of symbolic link from either /data/data
or /data/user/0. This is to minimize path walking overhead in kernel.
This works together with Change 369787
Test: Manual test
Change-Id: I338518673fc22ccbfed6ddd6be196931fce18525
Signed-off-by: cjbao <cathy.bao@intel.com>
Unlinking keys rather than revoking them avoids bugs in certain kernel
versions without having to hack around the problem with an arbitrary 20
second delay, which is not guaranteed to be sufficient and has caused
full device hangs like in b/35988361.
Furthermore, in the context of filesystem encryption, unlinking is not
currently supposed to be any less secure than revoking. There was a
case where revoking (but not unlinking) keys will cause the filesystem
to deny access to files that were previously opened with that key.
However, this was a means of _access control_, which encryption is not
intended to be used for. Instead, file permissions and/or SELinux
should be used to enforce access control, while filesystem encryption
should be used to protect data at rest independently from access
control. This misfeature has also been removed upstream (and backported
to 4.4-stable and 4.9-stable) because it caused CVE-2017-7374.
Eventually we'd really like to make the kernel support proper revocation
of filesystem encryption keys, i.e. fully clearing all key material and
plaintext and safely waiting for any affected filesystem operations or
writeback to complete. But for now this functionality does not exist.
('sync && echo 3 > /proc/sys/vm/drop_caches' can be useful, but it's not
good enough.)
Bug: 35988361
Change-Id: Ib44effe5368cdce380ae129dc4e6c6fde6cb2719
(cherry picked from commit fd7ba5e4c6)
init reads files in /data/property/ but it is not ready to read when
trigger_load_persist_props is triggered by vold.decrypt.
Bug: 29332975
Change-Id: I14beac8714ff2f722d8b11f666bc7ca693ccd46e
(cherry picked from commit e2ef0c0da4)
Otherwise we potentially waste minutes of the users time copying
data that will never fit.
Also fix bug around storage calculation. It's confusing, but f_bsize
is not the value you're looking for; the real block size is f_frsize.
Test: builds, boots
Bug: 27590986, 36840579
Change-Id: I77c63e259356824cc75a3adcf3f4af567efdc7aa
Init is no longer calling vdc with logwrapper, so it must take care of
logging to kmsg directly.
Bug: 36278706
Test: observe logging in kmsg on boot and stderr on normal usage
(cherry picked from commit f71511ac41)
Change-Id: Ieb643918f11bdde4f99ec7f3ec083efbb326e809
Init is no longer calling vdc with logwrapper, so it must take care of
logging to kmsg directly.
Test: observe logging in kmsg on boot and stderr on normal usage
Change-Id: Ie3e59da433bd154f121ce103dea0c59eb0bab069
Also remove some unnecessary SELinux logic when creating image files
for loop devices.
Test: builds, boots, common operations work
Bug: 34903607
Change-Id: I68dfa022ecc39f56c175e786694e0de35b954ca0
It's extremely difficult to test storage related logic on devices
that don't have physical SD card slots. So to support better
debugging and testing, add a new "virtual disk" feature which mounts
a 512MB file through loop device.
It relies on the kernel having the "loop.max_part" value set to
something other than 0 via the boot command line, since that allows
all the existing partition logic to fall into place.
Bug: 34903607
Test: builds, boots, virtual disk works
Change-Id: I04c5b33e37319d867542985a56b7999a9b7cf35d
Elliott Hughes
Treehugger Robot
Rubin Xu
Tom Cherry
Steven Moreland
Daniel Rosenberg
Yong Yao
cjbao
Eric Biggers
Seigo Nonaka
Jeff Sharkey
Jeff Sharkey
Shawn Willden
Keun-young Park