coldboot is needed when device rebooted with USB device attched
so Vold netlink won't miss the information.
This CL added back coldboot and moved down so that it won't block
vold cl and ccl threads.
Bug: 36007238
Test: reboot marlin with flash drive attached and flash drive is recognized
Change-Id: Ie39f348e97a8500515e394e386541289a91b2425
We simplified the way we track whether or not a dex file is used by
other apps. DexManger in the framework keeps track of the data and we
no longer need file markers on disk.
Test: device boots, foreign dex markers are not created anymore
Bug: 32871170
Change-Id: Id0360205b019be92049f36eab4339f4736e974f4
Change to use WaitForProperty API to wait for vold.post_fs_data_done
Also change cryptfs to C++
Bug: 35425974
Test: mma, marlin/angler boot
Change-Id: Id821f2035788fcc91909f296c83c871c67571de3
The getService() and registerAsService() methods of interface objects
now have default parameters of "default" for the service name. HALs
will not have to use any service name unless they want to register
more than one service.
Test: marlin boots
Bug: 33844934
Change-Id: I7c68c8b9ab0101b2f10ca20b9971a5bd34377168
TARGET_HW_DISK_ENCRYPTION and TARGET_CRYPTFS_HW_PATH build flags
and related code in cryptfs.c are removed since it doesn't match
the driver in current tree.
To enable HW encryption, the driver needs to be hidlized.
Bug: 34268168
Test: compile
Change-Id: I507a0e2908b3c407c565e44873b82c94a8305de6
Disk encryption keys are derived using scrypt. If available, this is
done by means of keymaster. An RSA key is generated and password is
signed by that key. The signature is used as the key.
With the hidlization of the keymaster HAL, this code had to be ported.
This test checks the equivalence of the legacy implementation with
the new hildized one.
Test: run /data/nativetest/vold_cryptfs_scrypt_hidlization_equivalence_test/vold_cryptfs_scrypt_hidlization_equivalence_test
Bug: 35028230
Bug: 32020919
Change-Id: Iabf4686dbff5341791ba3a98d7c95c5058c234f9
Cryptfs uses keymaster for key derivation. Vold has a C++ abstraction
for Keymaster. However, cryptfs, being a pure C implementation, uses
its own abstraction of the keymaster HAL.
This patch expresses cryptfs' keymaster abstraction in terms of
vold's C++ Keymaster abstraction, consolidating the code base to a
single point where the actual keymaster HAL is beeing used.
Test: successfully upgrade bullhead/angler while using FDE and
having a PIN set
run vold_cryptfs_scrypt_hidlization_equivalence_test
Bug: 35028230
Bug: 32020919
Change-Id: Ic3b765720be0cf7899dda5005fa89347ffb59b9f
Keymaster but in-process crypto.
Bug: 33384925
Test: manual for now: patch KeyAuthentication.usesKeymaster() to always return true;
flash a FBE device, add a device PIN, reboot and verify PIN can unlock FBE.
Then clear device PIN, reboot and verify FBE is unlocked automatically.
In both cases, check there is no keymaster_key_blob in
/data/misc/vold/user_keys/ce/0/current/
Unit tests to be added.
Change-Id: Ia94e2b39d60bfd98c7a8347a5ba043eeab6928c5
Make the vold changes needed to support specifying aes-256-heh filenames
encryption. The previous mode, aes-256-cts, remains supported as well.
The file /data/unencrypted/mode is updated to have the syntax
contents_encryption_mode[:filenames_encryption_mode] instead of just
contents_encryption_mode. This is consistent with the new fstab syntax.
Bug: 34712722
Change-Id: Ibc236d0ec4fdeda4e4e301f45fb996317692cfa3
bullhead-userdebug with disk encryption enabled and with PIN prompt at
boot can no longer unlock/mount encrypted userdata partition at boot
after updating from bullhead-userdebug prior to the two commits being
reverted here.
This reverts commit 6b7fa1bf17.
This reverts commit bbe31ba776.
Test: Flash bullhead-userdebug build created prior to the above two
commits, enable disk (set PIN to 1234) with PIN required at
boot, reboot, confirm that PIN prompt accepts the PIN, confirm
that device fully boots up and appears operational. Flash build
with this commit without wiping userdata, confirm that PIN
prompt at boot accepts the PIN and device fully boots up and
appears operational.
Bug: 35028230
Change-Id: I1e9303e9d007c0c9a3021c874340156748dff5f5
Cryptfs uses keymaster for key derivation. Vold has a C++ abstraction
for Keymaster. However, cryptfs, being a pure C implementation, uses
its own abstraction of the keymaster HAL.
This patch expresses cryptfs' keymaster abstraction in terms of
vold's C++ Keymaster abstraction, consolidating the code base to a
single point where the actual keymaster HAL is beeing used.
Test: marlin device boots with FBE enabled
Change-Id: Ia51fed5508e06fd6c436cca193791e57e0ab99ea
This was already done internally a while ago, but for us to submit
clang FORTIFY, we need it here, as well.
Bug: 32073964
Test: Clang FORTIFY no longer complains about open calls here.
Change-Id: I72428ac4d3279ffc330ae5aa579960c26703053c
Merged-In: Iaed2538831b19ada26005bbef33cff28209c6512
coldboot is now taken care by ueventd, so removing the duplicate
logic to save boottime.
This CL also fixes a missing lock.
Bug: 33786699
Test: manual
Change-Id: I71270252f3153abc815d142b5da7a9cb85b94dac
The system server requests unmount for appfuse when all opened file on
appfuse are closed. However the kernel sometimes returns EBUSY for
umount2 if it's just after closing all FDs on the mount point. To avoid
the case, specify MNT_DETACH to unmount.
Bug: 33363856
Test: mount and unmount appfuse repeatedly and see if unmount succeed.
Change-Id: I802e1c048357cc445febf3b95341999463a0ec65
By setting property after listeners are initialized
we avoid deadlock between vold and init where
vold is waiting on property_service while init is blocked
(and therefore is not able to accept connections) on vdc
which is attempting to communicate with vold.
(This also speeds up boot by 250ms)
Test: Boot a device, check locks and make sure there is no timeout
on property_set(.)
Test: Successfully boot a device with new property service protocol.
Bug: http://b/34278978
Change-Id: I9547d2f19cb35aa452bf01fbff0eb4b32a4824a4
(cherry picked from commit c976e73bbd)