Add maybeenabledefaultencryption function, that encrypts based
on the encryption flag and appropriate environment variable
Bug: 18764230
Change-Id: Id9a1967d09a7ae63a51240c0a5f3c41505af0e9a
-Wno-missing-field-initializers is used as well, but that is an
overzealous warning from initializing structs with {0} and not a
real warning.
bug 18736778 and 16868177
Change-Id: Iffde89cd7200d9a11193e1614f1819f9fcace30a
Store long field values in multiple underlying fixed-length entries
and concatenate them together when reading back.
Bug: 17556485
Change-Id: I2f8033d18c208993fa1b010712be0dad5d8b646b
Resize is no-op when sector count is unchanged; the caller can't
anticipate how vold does its sector calculations.
After resizing, we need to mount the container read-write, so allow
the caller to request "ro" or "rw" mode.
Handle ENOTSUP when trying to fallocate() on some filesystems
Bug: 16514385
Change-Id: I0d3a378280d4c36d14f8108ff428102283d583fa
This adds an "fstrim dodtrim" command which will attempt to use
the FIDTRIM ioctl() if FIDTRIM is defined in the uapi/linux/fs.h.
If not, it will fail with EINVAL.
If no FIDTRIM is defined, it does not affect the "fstrim dotrim".
Change-Id: Icbfd621abb592b170db06f749e5eedfd1175f723
Sometimes when an sdcard is already mounted,
some info like uuid and label are not re-broadcast to new listeners.
The extra argument to list allows late listeners to catch up by asking
volume list to broadcast that info again.
Bug: 16253597
Bug: 16306775
Change-Id: Ie7d0c1132c22d307a5b2a0e50075a3716138d00b
Signed-off-by: Benson Huang <benson.huang@mediatek.com>
(cherry picked from commit 85f4700f44170b772697e627b3075dcb9137e1b7)
ASECs formatted as ext4 can now be resized using vdc asec resize.
Refactored some common code.
Requires resize2fs.
Change-Id: Ie78bb6015114a7bc4af42b16d1f299322ffc1e2a
Signed-off-by: Daniel Rosenberg <drosen@google.com>
This reverts commit 5cc86c5741.
Without two more commits, this will break encryption. I'll re-commit when the other two pass code review.
Change-Id: I71720d065c16cf0f7f534e74ffe883f1e113c477
If we are not to double prompt, we need to pass the password from
CryptKeeper to KeyStore. Since the entire framework is taken down
and restarted, we must store the password in a secure system daemon.
There seems no better way than holding it in vold.
Change-Id: Ia60f2f051fc3f87c4b6468465f17b655f43f97de
This enables running "vdc mountall" in filesystem recovery tests where a partition is first unmounted then corrupted, and then finally verified that it's properly recovered and remounted successfully (i.e. running e2fsck..etc.).
Change-Id: I9385180afaef70f9cc6b2920d2a3c6ff13203b4e
Add a call to vold that says if we decrypted the data partition. Reset the
flag so that it only returns true the first time.
Bug: 12990752
Change-Id: Ib00be87137c00fb8ad29205c85a3ea187764b702
Modify enablecrypto command to make the password optional. When it is
not there, default encrypt the device.
Remove a warning by making at least some parts of this file const-correct.
Bug: 11985952
Change-Id: Ie27da4c4072386d9d6519d97ff46c6dc4ed188dc
Store encryption type in crypto footer, and provide functions to
manipulate it. Add mount_default_encrypted command to vdc to allow
mounting of default encrypted volumes at boot time.
Bug: 8769627
Change-Id: Ie41848f258e128b48b579e09789abfa24c95e2b2
Currently, if a non-framework process or service is using /data,
unmounting will fail as nothing will kill it.
Instead of rebooting on unmount failure, we now kill all processes
using /data, then try one more time.
Bug: 11291208
Change-Id: I6c5276c78aa55965914ace96e1db74dc80fca3c1
Apps without sdcard_r or sdcard_rw need to have someone create
package-specific directories on their behalf. If apps have trouble
creating on their own, they now delegate through system to have
vold create the paths.
Requires that the requested path is actually managed by vold.
Bug: 10577808
Change-Id: I6835fc8f52240f9de07f89742a426a153e3ca32a
The new wipe option to the vold format command will invoke BLKDISCARD
on the partition before invoking newfs_msdos. This will be used whenever
a full wipe of the device is wanted, as this is more secure than just
doing newfs_msdos.
Bug: 9392982
Change-Id: Ie106f1b9cc70abc61206006d1821641c27c7ccae
In order to display the correct language, timezone, airplane
mode and other settings on the decrypt screen, a copy of those
settings needs to be stored unencrypted so the framework can
query them. This adds support to vold to store up to 32
property like key/value pairs that are not encrypted.
Change-Id: Id5c936d2c57d46ed5cff9325d92ba1e8d2ec8972
The fstrim subsystem implements the dotrim command, which goes
through all the writable filesystems on the device, and invokes
the FITRIM ioctl() on them. This marks all the unused blocks on
the underlying flash device as unused, so the device performs better.
Change-Id: I5fc8c2f60e0bc823f162d0f89580fb288ecb2160
Mount OBB containers using shared app GID, so that an app can read
the mount point across users.
Bug: 7212801
Change-Id: Ia1be52df9854c259b20728111f3a2c9facf4beaa
Now forward locked applications will be in ASEC containers both internal
to the system and externally.
This change adds support for putting applications in ext4-based ASECs.
Change-Id: I8d6765b72dd2606e429c067b47a2dbcaa8bef37d
Support multiple commands on a single socket via command numbers.
NativeDaemonConnector has been changed, so we need to use it here
too.
bug:5864209
Change-Id: Ie06e966d50057d122a958377731c0385ea367b69
This vold command returns 0 if the given password matches the password
used to decrypt the device on boot. It returns 1 if they don't match,
and it returns -1 on an internal error, and -2 if the device is not encrypted.
Also check the uid of the sender of the command and only allow the root and
system users to issue cryptfs commands.
Change-Id: I5e5ae3b72a2d7814ae68c2d49aa9deb90fb1dac5
Add the force_and_revert option to the unmount command which will force
the unmount, and revert a crypto mapping. This is used during factory
reset so that when the internal sdcard volume is formatted, it formats
the raw device, not the encrypted mapping.
Change-Id: I36b6ff9bb54863b121de635472a303bf4a2334a9
Bug 3384231 is punted to MR1, but the code to set the flag is already
in the tree, so this CL does 3 things:
1. Comments out the lines that set the flag
2. Removes the change to the checkpw that was added in the last change.
3. Implements a new command to check the flag (which no one is calling
yet and the flag won't be set anyhow).
When MR1 comes, it will be a simple matter to enable the flag setting
code and start testing it.
The fear is a false positive detection of incomplete encryption could
cause people to be prompted to wipe their data when MR1 comes out and
the flag is checked. Not setting this for first release, and testing
this more before MR1, will give us confidence that the code will not
detect false positives of encryption failure.
Change-Id: I6dfba11646e291fe5867e8375b71a53c815f3968
The master key is now stored unhashed in memory. This
is needed because certain operation like remote reseting
of passwords the old password is not avaliable.
The changepw interface has been changed to only take
the new password as the only argument. When this is
called we reencrypt the master key with the new password
and old salt.
Bug: 3382129
Change-Id: I9a596b89013194605d6d7790067691aa0dc75e72
The caller will check the result code for success. This prevents a exception from being thrown when the result code needs to be propagated to the caller.
Change-Id: I471e8d6eb6f339c6f4e40f47adf60d20f6a70974
Update the enable inplace API to allow the UI to show a progress bar.
Add new command changepw (whichis currently not working)
Internal restructuring of code to support these two features.
Some minor cleanup of the code as well.
Change-Id: I11461fc9ce66965bea6cd0b6bb2ff48bcf607b97
In order to make the animations and the UI look right, we need to change
the cryptfs checkpw command to return a status if the password was
correct or not, and not have it automatically restart if it's correct.
There is a new command restart that will restart the framework with the
encrypted filesystem.
Change-Id: Ia8ae00d7ed8667699aa58d05ad8ba953cca9316e
There are still a few hacks and performance issues related
to shutting down the framework in this code, but it is
functional and tested. Without the UI changes, it requires
cryptic adb shell commands to enable, which I shall not
utter here.
Change-Id: I0b8f90afd707e17fbdb0373d156236946633cf8b
* Rename all functions dealing with OBB files to mention Obb
* Add 'path' and 'list' functionality to OBB commands
* Store hashed filename in loop's lo_crypt_name and keep lo_file_name
for the real source filename. That way we can recover it later with an
ioctl call.
Change-Id: I29e468265988bfb931d981532d86d7be7b3adfc8
Allow the mounting of OBB filesystem images if they're encrypted with
twofish and in FAT filesystem format.
Change-Id: I54804e598f46b1f3a784ffe517ebd9d7626de7aa
- Fix issue where container-names > 64 bytes were getting truncated in the
kernel. lo_name is only 64 bytes in length, so we now hash the container
id via md5
- Add 'dump' command to dump loop and devicemapper status
- Add 'debug' command to enable more detailed logging at runtime
- Log vold IPC arguments (minus encryption keys)
- Fix premature return from Loop::lookupActive() and friends
Change-Id: I0e833261a445ce9dc1a8187e5501d27daba1ca76
Signed-off-by: San Mehat <san@google.com>
In order to protect the '/android_secure' directory on VFAT removable media
from being mucked with by 3rd party applications on the device, we hide the
directory with a read-only, zero-sized tmpfs mounted on-top. A reference to the
hidden directory is kept by a bind-mount which is mounted at a location which
only root can access.
Staging consists of:
1. Mount checked media at a secure location (/mnt/secure/staging)
2. Ensure /android_secure exists on the media, (creating if it doesnt)
3. Bind-mount /mnt/secure/staging/android_secure -> /mnt/secure/asec
(where only root can access it)
4. Mount an RDONLY zero-sized tmpfs over /mnt/secure/staging/android_secure
5. Atomically move /mnt/secure/staging to the publicly accessable storage
directory (/mnt/sdcard)
Signed-off-by: San Mehat <san@google.com>
- share command was taking wrong arguments
- shared command was returning two termination codes
- Force FAT32 cluster size to 4k when formatting
Signed-off-by: San Mehat <san@google.com>