Sadly setexeccon() is process global, so we need to carefully ensure
that all exec() are mutually exclusive to avoid transitioning into
unwanted domains. Also, because we have several threads floating
around, we need to guard all our FDs with O_CLOEXEC.
Format all newly created volumes immediately after partitioning,
but silence all events emitted from those volumes to prevent the
framework from getting all excited. Unify all notify events under a
single codepath to make them easy to silence.
Sent SIGINT before escalating to SIGTERM when unmounting.
Bug: 19993667
Change-Id: Idc6c806afc7919a004a93e2240b42884f6b52d6b
vold works with two broad classes of block devices: untrusted devices
that come in from the wild, and trusted devices like PrivateVolume
which are encrypted.
When running blkid and fsck, we pick which SELinux execution domain
to use based on which class the device belongs to.
Bug: 19993667
Change-Id: I2695f028710a4863f0c3b2ed6da437f466401272
This adds support for private volumes which is just a filesystem
wrapped in a dm-crypt layer. For now we're using the exact same
configuration as internal encryption (aes-cbc-essiv:sha256), but we
don't store any key material on the removable media. Instead, we
store the key on internal storage, and use the GPT partition GUID
to identify which key should be used.
This means that private external storage is effectively as secure as
the internal storage of the device. That is, if the internal storage
is encrypted, then our external storage key is also encrypted.
When partitioning disks, we now support a "private" mode which has
a PrivateVolume partition, and a currently unused 16MB metadata
partition reserved for future use. It also supports a "mixed" mode
which creates both a PublicVolume and PrivateVolume on the same
disk. Mixed mode is currently experimental.
For now, just add ext4 support to PrivateVolume; we'll look at f2fs
in a future change. Add VolumeBase lifecycle for setting up crypto
mappings, and extract blkid logic into shared method. Sprinkle some
more "static" around the cryptfs code to improve invariants.
Bug: 19993667
Change-Id: Ibd1df6250735b706959a1eb9d9f7219ea85912a0
-Wno-missing-field-initializers is used as well, but that is an
overzealous warning from initializing structs with {0} and not a
real warning.
bug 18736778 and 16868177
Change-Id: Iffde89cd7200d9a11193e1614f1819f9fcace30a
ASECs formatted as ext4 can now be resized using vdc asec resize.
Refactored some common code.
Requires resize2fs.
Change-Id: Ie78bb6015114a7bc4af42b16d1f299322ffc1e2a
Signed-off-by: Daniel Rosenberg <drosen@google.com>
Changed ext4 to be 4kb aligned, and fat to be 32kb aligned.
Fixed issue that could potentially cause unencrypted ext4
ASECS to overwrite the ASEC super block when filled.
Change-Id: I890426c82ac9cbc65add85a8e3f5063504193c31
Signed-off-by: Daniel Rosenberg <drosen@google.com>
The patch removes the following warnings:
system/vold/vdc.c: In function 'do_cmd':
system/vold/vdc.c:71:17: warning: comparison between signed and unsigned integer expressions [-Wsign-compare]
[...]
In file included from system/vold/Fat.cpp:34:0:
bionic/libc/kernel/common/linux/fs.h:109:0: warning: "MS_RMT_MASK" redefined [enabled by default]
In file included from system/vold/Fat.cpp:31:0:
bionic/libc/include/sys/mount.h:64:0: note: this is the location of the previous definition
[...]
Change-Id: I1e950dcec87f8bae0cec61a1611126b3abc0c90e
Augment the Ext4::format function to take
a mountpoint parameter. This will then
be passed to make_ext4fs through the
-a option to allow proper security labeling.
Change-Id: Ic26703406a2c463c12e32c8103a0c75c727b7d29
Now forward locked applications will be in ASEC containers both internal
to the system and externally.
This change adds support for putting applications in ext4-based ASECs.
Change-Id: I8d6765b72dd2606e429c067b47a2dbcaa8bef37d
Jeff Sharkey
Tim Murray
Daniel Rosenberg
Kenny Root
Chih-Wei Huang
Rom Lemarchand
rpcraig
Kenny Root