Apps that are already installed on the device before isolated_storage
feature is enabled will be granted MOUNT_EXTERNAL_LEGACY mode. In this
mode, /mnt/runtime/write will be mounted at /storage giving them same
level of access as in P.
A new mount directory /mnt/runtime/full is also created which will be
used for mounting at /storage for apps started with MOUNT_EXTERNAL_FULL
mode. This will allow apps with WRITE_MEDIA_STORAGE permission to
read/write anywhere on the secondary devices without needing to bypass
sdcardfs.
Bug: 121277410
Test: manual
Test: atest android.appsecurity.cts.ExternalStorageHostTest
Change-Id: Icc1ff9da35545692daedef7173d7c89290dd2766
This will be used for system internals to access
secondary volumes without having to bypass sdcardfs.
Bug: 121277410
Test: manual
Exempt-From-Owner-Approval: Got approval on internal master
Change-Id: I9b3e33f6c6e426e83469b8030b02d59c02183946
StorageManager.hasIsolatedStorage() has already been updated to use
this, so most callers are already using this sys prop. Now, updating
remaining callers to use it as well.
Bug: 122559151
Test: manual
Change-Id: I6982a84b737a1d329f397b8182b7b7cdc5a8897f
Backup system service bookkeeping is being moved to per-user CE
directories to support multiple users participating in the service.
Accompanies SELinux changes at aosp/873133
Bug: 121197420
Test: 1) Boot device; check dirs created with correct label; run backup
successfully on system user
2) Create secondary user; check dirs created with correct label; run
backup successfully
Change-Id: I3a0fdbfcf18a3c242fc64fba0dd014160b50b2f0
Add a utility method to unmount all mountpoints
that start with a prefix.
Bug: 122905493
Test: manual
Change-Id: I11739e40e7849c1b4ca9e0b90c5c3f243691257a
These directories are managed by installd and used to store
snapshots of application data directories in order to roll them
back in the case of bad updates.
Bug: 112431924
Test: make, device boot & manual verification.
Change-Id: Ieaca697a45d013937327e0f16f36b9b1eaad6b22
We add the property ro.crypto.fde_sector_size to allow devices
to pass the "sector_size:<size>" argument to dm-crypt in the kernel.
We also pass "iv_large_sectors" when setting the sector size.
Using 4096-byte sectors rather than the default of 512 improves
dm-crypt performance, especially when the Adiantum encryption mode
is used.
Bug: 112010205
Test: Run on a device
Change-Id: I144ec7088a0aad3430369dc7158370d7ff3ef5d2
Merged-In: I144ec7088a0aad3430369dc7158370d7ff3ef5d2
(cherry picked from commit 88738e8b6f59e307a2120d352843759025588539)
Adiantum is a crypto method Android is supporting for devices
which don't have AES CPU instructions. See the paper
"Adiantum: length-preserving encryption for entry-level processors"
(https://eprint.iacr.org/2018/720.pdf) for more details.
We add Adiantum to our list of supported crypto types.
Bug: 112010205
Test: Tested on a device
Change-Id: Ic190a9b90fc8bc077fdc7d60c9d5ae8d8f555025
Merged-In: Ic190a9b90fc8bc077fdc7d60c9d5ae8d8f555025
(cherry picked from commit 18824ec6cc9cd0f16530de2e034a7fe5b8fd17be)