Backup system service bookkeeping is being moved to per-user CE
directories to support multiple users participating in the service.
Accompanies SELinux changes at aosp/873133
Bug: 121197420
Test: 1) Boot device; check dirs created with correct label; run backup
successfully on system user
2) Create secondary user; check dirs created with correct label; run
backup successfully
Change-Id: I3a0fdbfcf18a3c242fc64fba0dd014160b50b2f0
Add a utility method to unmount all mountpoints
that start with a prefix.
Bug: 122905493
Test: manual
Change-Id: I11739e40e7849c1b4ca9e0b90c5c3f243691257a
These directories are managed by installd and used to store
snapshots of application data directories in order to roll them
back in the case of bad updates.
Bug: 112431924
Test: make, device boot & manual verification.
Change-Id: Ieaca697a45d013937327e0f16f36b9b1eaad6b22
We add the property ro.crypto.fde_sector_size to allow devices
to pass the "sector_size:<size>" argument to dm-crypt in the kernel.
We also pass "iv_large_sectors" when setting the sector size.
Using 4096-byte sectors rather than the default of 512 improves
dm-crypt performance, especially when the Adiantum encryption mode
is used.
Bug: 112010205
Test: Run on a device
Change-Id: I144ec7088a0aad3430369dc7158370d7ff3ef5d2
Merged-In: I144ec7088a0aad3430369dc7158370d7ff3ef5d2
(cherry picked from commit 88738e8b6f59e307a2120d352843759025588539)
Adiantum is a crypto method Android is supporting for devices
which don't have AES CPU instructions. See the paper
"Adiantum: length-preserving encryption for entry-level processors"
(https://eprint.iacr.org/2018/720.pdf) for more details.
We add Adiantum to our list of supported crypto types.
Bug: 112010205
Test: Tested on a device
Change-Id: Ic190a9b90fc8bc077fdc7d60c9d5ae8d8f555025
Merged-In: Ic190a9b90fc8bc077fdc7d60c9d5ae8d8f555025
(cherry picked from commit 18824ec6cc9cd0f16530de2e034a7fe5b8fd17be)
We do not know what happened if remove dm-crypt device is failed, so
the error status added is useful to debug failed ioctl.
Change-Id: I49be91b9087ef2a213a706dd6b2a07eb6dafe6e6
Signed-off-by: Yue Hu <zbestahu@gmail.com>
We rename our 'buf' in the inner scope to avoid confusion with
the 'buf' in the outer scope which is used immediately after
exiting the inner scope.
Test: TreeHugger
Change-Id: I1c50546e86c680e963eedcbda26138f8b43e55e9
We have a char buffer on the stack, which we then cast to a
struct, and then proceed to access elements in the struct.
This is not safe across all platforms, as some platforms
may require a certain alignment for members of the struct.
We fix this by assuring an appropriate alignment for our
char buffer.
We also use C++ casting, and rename our buffer to differenciate
it from the other 'buffer' variable in this function.
Test: TreeHugger
Change-Id: I8254cb6b8124e394bd805afd1ccca0faedb27ffa
* changes:
EncryptInplace: Rename variable
Checkpoint: Assure proper buffer alignment
vold: Pass std::string by const reference
vold: const-ify some of the API