Now that we're offering to store private app data on adopted storage
devices, the performance of those devices is much more important to
overall user experience.
To help set user expectations, this change offers to execute a
real-world benchmark on a storage device, returning a metric that can
be used to compare internal and external storage. The benchmark is
generated from the strace-instrumented storage access patterns of
typical apps.
A typical device completes the benchmark in under two seconds on
internal storage, a UHS-3 SD card is even faster (!), but a very slow
Class 4 SD card takes about 30 seconds to complete, giving us a clear
signal.
The measured benchmark numbers are logged along with information
about the storage device, such as manufacturer, model, etc. Card
serial numbers are scrubbed from output.
Bug: 21172095
Change-Id: I9b2713dafdfdfcf5d97bf1bc21841f39409a7e54
When requested, kick off a thread that will migrate storage contents
between two locations. This is performed in several steps that
also interact with the framework:
1. Take old and new volumes offline during migration
2. Wipe new location clean (10% of progress)
3. Copy files from old to new (60% of progress)
4. Inform framework that move was successful so it can persist
5. Wipe old location clean (15% of progress)
Derives a hacky progress estimate by using a rough proxy of free
disk space changes while a cp/rm is taking place.
Add new internal path for direct access to volumes to bypass any
FUSE emulation overhead, and send it to framework. Remove mutex
around various exec calls since setexeccon() is already per-thread.
Bug: 19993667
Change-Id: Ibcb4f6fe0126d05b2365f316f53e71dc3e79a2b8
We eventually should move back to per-disk locks, but use a giant
lock to keep development rolling forward. Also move force adoptable
flag to framework since, since encrypted devices don't have persisted
properties loaded early during boot.
Bug: 19993667
Change-Id: Ifa3016ef41b038f8f71fc30bc81596cfd21dcd2a
This is cleaner and more direct than the reverse of having the disk
publish child volume membership. Rename state constants to match
public API. Add state representing bad removal. Make it clear that
volume flags are related to mounting.
Send new unsupported disk event when we finish scanning an entire
disk and have no meaningful volumes.
Bug: 19993667
Change-Id: I08a91452ff561171a484d1da5745293ec893aec0
Wire up new Disk and VolumeBase objects and events to start replacing
older DirectVolume code. Use filesystem UUID as visible PublicVolume
name to be more deterministic.
When starting, create DiskSource instances based on fstab, and watch
for kernel devices to appear. Turn matching devices into Disk
objects, scan for partitions, and create any relevant VolumeBase
objects. Broadcast all of these events towards userspace so the
framework can decide what to mount.
Keep track of the primary VolumeBase, and update the new per-user
/storage/self/primary symlink for all started users.
Provide a reset command that framework uses to start from a known
state when runtime is restarted. When vold is unexpectedly killed,
try recovering by unmounting everything under /mnt and /storage
before moving forward.
Remove UMS sharing support for now, since no current devices support
it; MTP is the recommended solution going forward because it offers
better multi-user support.
Switch killProcessesWithOpenFiles() to directly take signal. Fix
one SOCK_CLOEXEC bug, but SELinux says there are more lurking.
Bug: 19993667
Change-Id: I2dad1303aa4667ec14c52f774e2a28b3c1c1ff6d
Redirect all crypto calls to e4crypt equivalents if file level encryption
detected. Note this change implements only the ones needed for minimal
functionality.
Requires matching change:
https://googleplex-android-review.git.corp.google.com/#/c/642778/
Change-Id: I622d1a91704de4b3ab655486e6d38cd6718e6016
This reverts commit 6a69cfc411.
The original fix seems to have led to boot failures in QA. Rather than
risk shipping, revert the change. Bug 18764230 reopened.
Requires change
https://googleplex-android-review.git.corp.google.com/#/c/629950/
Bug: 19278390
Bug: 19199624
Change-Id: Ia858c4db0abb917f9364ec8048f59ca4fb48e233
Add maybeenabledefaultencryption function, that encrypts based
on the encryption flag and appropriate environment variable
Bug: 18764230
Change-Id: Id9a1967d09a7ae63a51240c0a5f3c41505af0e9a
-Wno-missing-field-initializers is used as well, but that is an
overzealous warning from initializing structs with {0} and not a
real warning.
bug 18736778 and 16868177
Change-Id: Iffde89cd7200d9a11193e1614f1819f9fcace30a
Store long field values in multiple underlying fixed-length entries
and concatenate them together when reading back.
Bug: 17556485
Change-Id: I2f8033d18c208993fa1b010712be0dad5d8b646b
Resize is no-op when sector count is unchanged; the caller can't
anticipate how vold does its sector calculations.
After resizing, we need to mount the container read-write, so allow
the caller to request "ro" or "rw" mode.
Handle ENOTSUP when trying to fallocate() on some filesystems
Bug: 16514385
Change-Id: I0d3a378280d4c36d14f8108ff428102283d583fa
This adds an "fstrim dodtrim" command which will attempt to use
the FIDTRIM ioctl() if FIDTRIM is defined in the uapi/linux/fs.h.
If not, it will fail with EINVAL.
If no FIDTRIM is defined, it does not affect the "fstrim dotrim".
Change-Id: Icbfd621abb592b170db06f749e5eedfd1175f723
Sometimes when an sdcard is already mounted,
some info like uuid and label are not re-broadcast to new listeners.
The extra argument to list allows late listeners to catch up by asking
volume list to broadcast that info again.
Bug: 16253597
Bug: 16306775
Change-Id: Ie7d0c1132c22d307a5b2a0e50075a3716138d00b
Signed-off-by: Benson Huang <benson.huang@mediatek.com>
(cherry picked from commit 85f4700f44170b772697e627b3075dcb9137e1b7)
ASECs formatted as ext4 can now be resized using vdc asec resize.
Refactored some common code.
Requires resize2fs.
Change-Id: Ie78bb6015114a7bc4af42b16d1f299322ffc1e2a
Signed-off-by: Daniel Rosenberg <drosen@google.com>
This reverts commit 5cc86c5741.
Without two more commits, this will break encryption. I'll re-commit when the other two pass code review.
Change-Id: I71720d065c16cf0f7f534e74ffe883f1e113c477
If we are not to double prompt, we need to pass the password from
CryptKeeper to KeyStore. Since the entire framework is taken down
and restarted, we must store the password in a secure system daemon.
There seems no better way than holding it in vold.
Change-Id: Ia60f2f051fc3f87c4b6468465f17b655f43f97de
This enables running "vdc mountall" in filesystem recovery tests where a partition is first unmounted then corrupted, and then finally verified that it's properly recovered and remounted successfully (i.e. running e2fsck..etc.).
Change-Id: I9385180afaef70f9cc6b2920d2a3c6ff13203b4e
Add a call to vold that says if we decrypted the data partition. Reset the
flag so that it only returns true the first time.
Bug: 12990752
Change-Id: Ib00be87137c00fb8ad29205c85a3ea187764b702
Modify enablecrypto command to make the password optional. When it is
not there, default encrypt the device.
Remove a warning by making at least some parts of this file const-correct.
Bug: 11985952
Change-Id: Ie27da4c4072386d9d6519d97ff46c6dc4ed188dc
Store encryption type in crypto footer, and provide functions to
manipulate it. Add mount_default_encrypted command to vdc to allow
mounting of default encrypted volumes at boot time.
Bug: 8769627
Change-Id: Ie41848f258e128b48b579e09789abfa24c95e2b2
Currently, if a non-framework process or service is using /data,
unmounting will fail as nothing will kill it.
Instead of rebooting on unmount failure, we now kill all processes
using /data, then try one more time.
Bug: 11291208
Change-Id: I6c5276c78aa55965914ace96e1db74dc80fca3c1
Apps without sdcard_r or sdcard_rw need to have someone create
package-specific directories on their behalf. If apps have trouble
creating on their own, they now delegate through system to have
vold create the paths.
Requires that the requested path is actually managed by vold.
Bug: 10577808
Change-Id: I6835fc8f52240f9de07f89742a426a153e3ca32a
The new wipe option to the vold format command will invoke BLKDISCARD
on the partition before invoking newfs_msdos. This will be used whenever
a full wipe of the device is wanted, as this is more secure than just
doing newfs_msdos.
Bug: 9392982
Change-Id: Ie106f1b9cc70abc61206006d1821641c27c7ccae
In order to display the correct language, timezone, airplane
mode and other settings on the decrypt screen, a copy of those
settings needs to be stored unencrypted so the framework can
query them. This adds support to vold to store up to 32
property like key/value pairs that are not encrypted.
Change-Id: Id5c936d2c57d46ed5cff9325d92ba1e8d2ec8972
The fstrim subsystem implements the dotrim command, which goes
through all the writable filesystems on the device, and invokes
the FITRIM ioctl() on them. This marks all the unused blocks on
the underlying flash device as unused, so the device performs better.
Change-Id: I5fc8c2f60e0bc823f162d0f89580fb288ecb2160
Mount OBB containers using shared app GID, so that an app can read
the mount point across users.
Bug: 7212801
Change-Id: Ia1be52df9854c259b20728111f3a2c9facf4beaa
Now forward locked applications will be in ASEC containers both internal
to the system and externally.
This change adds support for putting applications in ext4-based ASECs.
Change-Id: I8d6765b72dd2606e429c067b47a2dbcaa8bef37d