Paul Lawrence
45f10533f8
Revert "Revert "Encrypt phone even if pattern or no keyguard""
...
Don't block based on keyguard type, and pass type to encryption function.
Requires:
https://googleplex-android-review.git.corp.google.com/#/c/444201/
or encryption will no longer work.
This reverts commit efec3f2927
.
Change-Id: I431589a56eb11118027e0a5a84f55e973b1084aa
10 years ago
Paul Lawrence
efec3f2927
Revert "Encrypt phone even if pattern or no keyguard"
...
This reverts commit 5cc86c5741
.
Without two more commits, this will break encryption. I'll re-commit when the other two pass code review.
Change-Id: I71720d065c16cf0f7f534e74ffe883f1e113c477
10 years ago
Paul Lawrence
5cc86c5741
Encrypt phone even if pattern or no keyguard
...
Add option to enablecrypto to take type, allowing us to set type
when encrypting.
Bug: 13749169
Change-Id: If22fcfa93f1ebd1a5bd3b0077bb3bd8ae71fe819
10 years ago
Paul Lawrence
0798707334
Merge "Fix setfield/getfield"
10 years ago
Paul Lawrence
cc215381dd
Merge "Store password in vold"
10 years ago
Paul Lawrence
87999173dd
Don't corrupt ssd when encrypting and power fails
...
Stop encryption when battery is low, mark position, and continue on reboot.
Note - support for multiple encrypted volumes removed as no devices seem
to exist with an fstab that uses this feature. If you want support for such
a device, contact me and we will re-add it with appropriate testing.
Bug: 13284213
Change-Id: I1f7178e4f7dd8ea816cbc03ab5c4f6543e98acaa
10 years ago
Paul Lawrence
399317ede4
Store password in vold
...
If we are not to double prompt, we need to pass the password from
CryptKeeper to KeyStore. Since the entire framework is taken down
and restarted, we must store the password in a secure system daemon.
There seems no better way than holding it in vold.
Change-Id: Ia60f2f051fc3f87c4b6468465f17b655f43f97de
10 years ago
Paul Lawrence
8561b5c9f5
Fix setfield/getfield
...
Check for versions >= feature version, not equal
Bug: 13526708
Change-Id: Ie07f6334e6b7c5ca0d7f83ba00827a508e2c2963
10 years ago
JP Abgrall
a821d50bd4
am 470f0b3f: Merge "Avoid segv by checking argc in "storage user <mountpoint>""
...
* commit '470f0b3ff46493b4a46b3599db33a29e94615d30':
Avoid segv by checking argc in "storage user <mountpoint>"
10 years ago
Mohamad Ayyash
f8e9569507
Merge "vold: Add a new mountall command."
10 years ago
JP Abgrall
df7382e477
am a29997ae: am 470f0b3f: Merge "Avoid segv by checking argc in "storage user <mountpoint>""
...
* commit 'a29997ae260d3d7cf41c40d9c7ba42b761b12d30':
Avoid segv by checking argc in "storage user <mountpoint>"
10 years ago
Mohamad Ayyash
7929aa73d0
vold: Add a new mountall command.
...
This enables running "vdc mountall" in filesystem recovery tests where a partition is first unmounted then corrupted, and then finally verified that it's properly recovered and remounted successfully (i.e. running e2fsck..etc.).
Change-Id: I9385180afaef70f9cc6b2920d2a3c6ff13203b4e
10 years ago
JP Abgrall
a29997ae26
am 470f0b3f: Merge "Avoid segv by checking argc in "storage user <mountpoint>""
...
* commit '470f0b3ff46493b4a46b3599db33a29e94615d30':
Avoid segv by checking argc in "storage user <mountpoint>"
10 years ago
JP Abgrall
470f0b3ff4
Merge "Avoid segv by checking argc in "storage user <mountpoint>""
10 years ago
JP Abgrall
edf7adf21e
Avoid segv by checking argc in "storage user <mountpoint>"
...
Change-Id: Iffd67746e2e273c4c3f87741e5f13aa511ccb557
Signed-off-by: JP Abgrall <jpa@google.com>
10 years ago
Nick Kralevich
15c3e01e05
am 3c0d02aa: Merge "Convert all selinux_android_restorecon and _setfilecon calls to new API."
...
* commit '3c0d02aa03118713e6e770b54d1c530ff866f156':
Convert all selinux_android_restorecon and _setfilecon calls to new API.
10 years ago
Mark Salyzyn
3d9b98cc83
am 1dc1fb4a: Merge "vold: suppress unused argument warning messages"
...
* commit '1dc1fb4adc71ea9cf26a5033513bd3a1474f79a1':
vold: suppress unused argument warning messages
10 years ago
Nick Kralevich
9aace96cd0
am 311edc8c: Merge "Add SELinux restorecon calls on ASEC containers."
...
* commit '311edc8cb2dd5c86bad49f9696333874b400f9c4':
Add SELinux restorecon calls on ASEC containers.
10 years ago
Colin Cross
4c20805a33
am 1d8e3ce8: Merge "vold: fix errors inside ALOGV"
...
* commit '1d8e3ce8da962e5ff98d36e75f6b02873fdddb70':
vold: fix errors inside ALOGV
10 years ago
Nick Kralevich
1d87676b82
am 706efb22: resolved conflicts for merge of 83755972
to klp-modular-dev-plus-aosp
...
* commit '706efb2254b68a6cd2441b519dd8445ca3df362d':
Add SELinux restorecon calls on ASEC containers.
10 years ago
Nick Kralevich
706efb2254
resolved conflicts for merge of 83755972
to klp-modular-dev-plus-aosp
...
Change-Id: I4bf4dd29a65f82f91738526b80d5b579c26f8bfe
10 years ago
Robert Craig
837559720b
Add SELinux restorecon calls on ASEC containers.
...
This will allow fine-grained labeling of the
contents of ASEC containers. Some of the contents
need to be world readable and thus should be
distinguishable in policy.
Signed-off-by: rpcraig <rpcraig@tycho.ncsc.mil>
(cherry picked from commit b9e3ba56cb
)
Change-Id: I4614af139991aa086ac14a06c70fe425888a16a1
10 years ago
Paul Lawrence
684dbdf316
Infrastructure to securely allow only one prompt at boot when encrypted
...
Add a call to vold that says if we decrypted the data partition. Reset the
flag so that it only returns true the first time.
Bug: 12990752
Change-Id: Ib00be87137c00fb8ad29205c85a3ea187764b702
11 years ago
Paul Lawrence
1348603357
Enable auto-encrypt drive at startup
...
Modify enablecrypto command to make the password optional. When it is
not there, default encrypt the device.
Remove a warning by making at least some parts of this file const-correct.
Bug: 11985952
Change-Id: Ie27da4c4072386d9d6519d97ff46c6dc4ed188dc
11 years ago
Paul Lawrence
931f15d050
Merge "Support default, pattern, pin and password encryption types"
11 years ago
Nick Kralevich
5773f9e6da
am 3214d1f5: am 3c0d02aa: Merge "Convert all selinux_android_restorecon and _setfilecon calls to new API."
...
* commit '3214d1f5a4dbece12e00f1c122e4c2e291715706':
Convert all selinux_android_restorecon and _setfilecon calls to new API.
11 years ago
Mark Salyzyn
2c1bbe0c44
am 49dd24c2: am 1dc1fb4a: Merge "vold: suppress unused argument warning messages"
...
* commit '49dd24c238e86c57e97f919af7fbf8ee3d79b737':
vold: suppress unused argument warning messages
11 years ago
Nick Kralevich
3214d1f5a4
am 3c0d02aa: Merge "Convert all selinux_android_restorecon and _setfilecon calls to new API."
...
* commit '3c0d02aa03118713e6e770b54d1c530ff866f156':
Convert all selinux_android_restorecon and _setfilecon calls to new API.
11 years ago
Mark Salyzyn
49dd24c238
am 1dc1fb4a: Merge "vold: suppress unused argument warning messages"
...
* commit '1dc1fb4adc71ea9cf26a5033513bd3a1474f79a1':
vold: suppress unused argument warning messages
11 years ago
Nick Kralevich
3c0d02aa03
Merge "Convert all selinux_android_restorecon and _setfilecon calls to new API."
11 years ago
Mark Salyzyn
1dc1fb4adc
Merge "vold: suppress unused argument warning messages"
11 years ago
Paul Lawrence
f4faa575c9
Support default, pattern, pin and password encryption types
...
Store encryption type in crypto footer, and provide functions to
manipulate it. Add mount_default_encrypted command to vdc to allow
mounting of default encrypted volumes at boot time.
Bug: 8769627
Change-Id: Ie41848f258e128b48b579e09789abfa24c95e2b2
11 years ago
Mark Salyzyn
5eecc449cc
vold: suppress unused argument warning messages
...
(cherry picked from commit 3e971277db
)
Change-Id: Ic1ab533f756fbd44b1f2e5ae12e2f5736ace7740
11 years ago
Mark Salyzyn
3e971277db
vold: suppress unused argument warning messages
...
Change-Id: Ic1ab533f756fbd44b1f2e5ae12e2f5736ace7740
11 years ago
Stephen Smalley
5093e6187d
Convert all selinux_android_restorecon and _setfilecon calls to new API.
...
libselinux selinux_android_restorecon API is changing to the more
general interface with flags and dropping the older variants.
Also get rid of the old, no longer used selinux_android_setfilecon API
and rename selinux_android_setfilecon2 to it as it is the only API in use.
Change-Id: I1e71ec398ccdc24cac4ec76f1b858d0f680f4925
Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>
11 years ago
Nick Kralevich
4ff7225154
am ca3593df: am 311edc8c: Merge "Add SELinux restorecon calls on ASEC containers."
...
* commit 'ca3593df3d48cb4b51acf89e6df4872b922fd51d':
Add SELinux restorecon calls on ASEC containers.
11 years ago
Nick Kralevich
ca3593df3d
am 311edc8c: Merge "Add SELinux restorecon calls on ASEC containers."
...
* commit '311edc8cb2dd5c86bad49f9696333874b400f9c4':
Add SELinux restorecon calls on ASEC containers.
11 years ago
Nick Kralevich
311edc8cb2
Merge "Add SELinux restorecon calls on ASEC containers."
11 years ago
Colin Cross
88948cd60c
am e985c9ab: am 1d8e3ce8: Merge "vold: fix errors inside ALOGV"
...
* commit 'e985c9ab10fed452b97138170b4d69288d076b06':
vold: fix errors inside ALOGV
11 years ago
Colin Cross
e985c9ab10
am 1d8e3ce8: Merge "vold: fix errors inside ALOGV"
...
* commit '1d8e3ce8da962e5ff98d36e75f6b02873fdddb70':
vold: fix errors inside ALOGV
11 years ago
Colin Cross
1d8e3ce8da
Merge "vold: fix errors inside ALOGV"
11 years ago
Colin Cross
59846b654e
vold: fix errors inside ALOGV
...
Fix errors exposed by adding compile-time checking to disabled ALOGVs.
Change-Id: I29bd6e9a7648ccca02e0e9a96b79ee0ea7b5cfc6
11 years ago
Robert Craig
b9e3ba56cb
Add SELinux restorecon calls on ASEC containers.
...
This will allow fine-grained labeling of the
contents of ASEC containers. Some of the contents
need to be world readable and thus should be
distinguishable in policy.
Change-Id: Iefee74214d664acd262edecbb4f981d633ff96ce
Signed-off-by: rpcraig <rpcraig@tycho.ncsc.mil>
11 years ago
Paul Lawrence
c938df25c8
Merge "Fast ext4 encryption"
11 years ago
Paul Lawrence
ae59fe6c19
Fast ext4 encryption
...
For ext4 filesystems, only encrypt blocks in use.
Needs matching ext4 utils changes from
https://googleplex-android-review.git.corp.google.com/#/c/409575
Bug: 11985952
Change-Id: I89df051c25105daf3f469cc980195202f8be6786
11 years ago
Nick Kralevich
ba3b0e8add
am e8e1d80c: am 4d5d99ce: am 7cf05b15: am 2f0a1d66: am 7f6932df: am 35ab6119: am 3e03bf8a: am fd2dcf90: am f4770dcf: am 0de7c611: Validate asec names.
...
* commit 'e8e1d80c64db85526a003e88c3dba36ff33dac74':
Validate asec names.
11 years ago
Nick Kralevich
e8e1d80c64
am 4d5d99ce: am 7cf05b15: am 2f0a1d66: am 7f6932df: am 35ab6119: am 3e03bf8a: am fd2dcf90: am f4770dcf: am 0de7c611: Validate asec names.
...
* commit '4d5d99ce39b5edd0b78c47a93563aed6b3d56356':
Validate asec names.
11 years ago
Nick Kralevich
4d5d99ce39
am 7cf05b15: am 2f0a1d66: am 7f6932df: am 35ab6119: am 3e03bf8a: am fd2dcf90: am f4770dcf: am 0de7c611: Validate asec names.
...
* commit '7cf05b15b76b91aa07182e86a730d7552b23130c':
Validate asec names.
11 years ago
Nick Kralevich
7cf05b15b7
am 2f0a1d66: am 7f6932df: am 35ab6119: am 3e03bf8a: am fd2dcf90: am f4770dcf: am 0de7c611: Validate asec names.
...
* commit '2f0a1d66585fb44f59d913d3417422486ef10225':
Validate asec names.
11 years ago
Nick Kralevich
2f0a1d6658
am 7f6932df: am 35ab6119: am 3e03bf8a: am fd2dcf90: am f4770dcf: am 0de7c611: Validate asec names.
...
* commit '7f6932df89756f796c3a1f04f748db39a0564561':
Validate asec names.
11 years ago