Paul Crowley
5512c50c09
Merge "Add --no-unlink option to secdiscard for testing."
9 years ago
Jeff Sharkey
d2c96e7883
New granular encryption commands for framework.
...
We now have separate methods for key creation/destruction and
unlocking/locking. Key unlocking can pass through an opaque token,
but it's left empty for now.
Extend user storage setup to also create system_ce and user_de
paths. Bring over some path generation logic from installd.
Use strong type checking on user arguments.
Bug: 22358539
Change-Id: I00ba15c7b10dd682640b3f082feade4fb7cbbb5d
9 years ago
Paul Crowley
5ab73e945d
Add --no-unlink option to secdiscard for testing.
...
Also allow deletion of multiple files in one invocation.
Change-Id: I5011bf45f2d3b91964bc68fd8e61ec037e1de2ca
9 years ago
Paul Crowley
480fcd2750
Set uid/gid of newly created user dirs to system/system.
...
Bug: 23395513
Change-Id: I3d76b77339f995103c0aec09c6de77b3c8cdc0dd
9 years ago
Paul Crowley
9336348200
Evict the key before we delete it.
...
Change-Id: I9eef440a1f406c2c73c859f5ae7cee35f6a36ca4
9 years ago
Paul Crowley
cd307b7c63
Scrub the key from the disk with BLKSECDISCARD.
...
Bug: 19706593
(cherry-picked from commit 8d0cd7ffd903a753c6bb5c6f33987a7a66621cef)
Change-Id: Ieea73da233fe53767b5adcdb4d49f9bb00fedac1
9 years ago
Paul Crowley
b33e8873ea
Add "cryptfs deleteuserkey" command to vold.
...
Bug: 19706593
(cherry-picked from commit eebf44563b
)
Change-Id: I50dc4c39595c06bf0016d6a490130bbbc25de91b
9 years ago
Paul Crowley
95376d612c
Add vold commands for setting up per-user encrypted user
...
directories
Bug: 19704432
(cherry-picked from commit 75a5202d9f
)
Change-Id: I733e8745ec21f8e53c2cc6d8a98313275db7d897
9 years ago
Paul Crowley
f25a35a1c9
Break key installation into its own function so we can install
...
non-master keys.
Bug: 19704432
(cherry-picked from commit 1da96dc549
)
Change-Id: I762e8f6c927db3a337fa8ce6bd428262d9e05c7a
9 years ago
Paul Lawrence
86c942a253
DO NOT MERGE Delete password as per block encryption
...
(cherry-picked from commit 00f4aade5c
)
Bug: 18151196
Change-Id: Iee0f932c61ff4a309dc2861725b24bf976adb4c7
9 years ago
Paul Lawrence
0d9cd9e9cf
DO NOT MERGE Fix problem that reading/writing crypto footers wasn't identity
...
(cherry-picked from commit 75c922f49b
)
Bug: 18151196
Change-Id: Ideef6bcdbccf068a64ed3e042be50c4837a373f8
9 years ago
Paul Lawrence
2f32cda63b
DO NOT MERGE Retry unmounts in ext4 encryption
...
(cherry-picked from commit 29b54aab8e
)
Bug: 18151196
Change-Id: I52ca23b2ce3adcff44bd003d4a12243a0bd6ac34
9 years ago
Paul Lawrence
b7f0702ea6
DO NOT MERGE Use default key permissions for ext4enc
...
(cherry-picked from commit 1190a26f6d
)
As per discussion default permissions are the correct ones.
Note that since we use logon keys, they cannot be read outside
the kernel.
Note also that we limit who can read/write keys in selinux policy.
Bug: 18151196
Change-Id: Icc916f430a70eff22e6b74c20ec361c8f3789c1c
9 years ago
Paul Lawrence
a56d3134b0
DO NOT MERGE Simplify password checking logic
...
(cherry-picked from commit aaccfac344
)
Bug: 18151196
Change-Id: I07ffde534dee7d1032149cfcbaa1a61c5246d759
9 years ago
Paul Lawrence
368d79459e
DO NOT MERGE Enable properties in ext4enc
...
(cherry-picked from 4e7274551c
)
Enables OwnerInfo and pattern suppression
Bug: 18151196
Change-Id: I46144e16cb00319deeb5492ab82c67f5dd43d6d3
9 years ago
Paul Lawrence
c78c71b171
DO NOT MERGE Check password is correct by checking hash
...
(cherry-picked from commit 3ca21e227a
)
Handle failures gracefully
Change-Id: Ifb6da8c11a86c50fb11964c18cc1be1326461f78
9 years ago
Paul Lawrence
fd7db73243
DO NOT MERGE New ext4enc kernel switching from xattrs to ioctl
...
(cherrypicked from commit 5e7f004231
)
This is one of three changes to enable this functionality:
https://android-review.googlesource.com/#/c/146259/
https://android-review.googlesource.com/#/c/146264/
https://android-review.googlesource.com/#/c/146265/
Bug: 18151196
Change-Id: Iba5146b8be1e15050ae901e08b3aaa26d96dcf7e
9 years ago
Paul Lawrence
731a7a242d
DO NOT MERGE Securely encrypt the master key
...
(cherry-picked from commit 707fd6c7cc
)
Move all key management into vold
Reuse vold's existing key management through the crypto footer
to manage the device wide keys.
Use ro.crypto.type flag to determine crypto type, which prevents
any issues when running in block encrypted mode, as well as speeding
up boot in block or no encryption.
This is one of four changes to enable this functionality:
https://android-review.googlesource.com/#/c/148586/
https://android-review.googlesource.com/#/c/148604/
https://android-review.googlesource.com/#/c/148606/
https://android-review.googlesource.com/#/c/148607/
Bug: 18151196
Change-Id: I3c68691717a61b5e1df76423ca0c02baff0dab98
9 years ago