-Wno-missing-field-initializers is used as well, but that is an
overzealous warning from initializing structs with {0} and not a
real warning.
bug 18736778 and 16868177
Change-Id: Iffde89cd7200d9a11193e1614f1819f9fcace30a
Extend vold to look up and set SELinux contexts on the
device nodes it creates for extra loop devices and for volumes.
Prior to this change, these device nodes simply inherited the type
of their parent directory /dev/block, i.e. block_device, and vold
therefore required create_file perms to block_device:blk_file.
With this change we can scope vold down to accessing specific
block device types.
This depends on change Id3bea28f5958086716cd3db055bea309b3b5fa5a
to allow vold to use setfscreatecon().
Change-Id: Ib9e8294abb1da94d92503947603ec12e802ff08c
Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>
When an SD card has no MBR it cannot be formatted
and then mounted by Android. This is because
the device node was incremented by one by mistake
when building the device path
Change-Id: I8533c6028151fe28246e74f89a294c1e58e79438
Signed-off-by: Bogdan George Stefan <bogdan.g.stefan@intel.com>
Replace MINOR(dev_t) and MAJOR(dev_t) with minor and major,
which cast to int.
Cast int to uintptr_t before casting to pointer
Change-Id: I59375518f15d27f400fcd4f8a8dfe5ebdd8350e6
When formatting SD card partitions, instead of assuming partition
minor device numbers start from 1, use (minor device number of
the disk device + 1) as the starting point.
Bug: 11352632
Change-Id: I69d37f57aec6b62fe2a055470f7525ec09dc3859
Signed-off-by: Blair Prescott <blairp@broadcom.com>
Signed-off-by: Pierre <pierre@broadcom.com>
When physical devices are unsafely removed, unmountAllAsecsInDir()
fails to find any ASECs, and leaves them all mounted, preventing the
rest of volume from going down.
Now we examine all ASEC containers, and remove when on external
storage, or when the storage media is no longer found.
Bug: 11175082
Change-Id: Iffa38ea43f7e5ad78b598374ebeb60a8727d99fd
Uses "blkid" tool to extract metadata from an inserted volume, and
reports it up to the framework. This needs to happen in vold, since
only the FUSE-wrapped volume is visible to userspace.
Remove autorun sanitization, since FUSE takes care of this now.
Bug: 11175082
Change-Id: Ie69b38011ad6011bfb50e40d4f35a29e02150c19
We now run an sdcard fuse daemon on top of a physical SD card.
Add support for that.
Bug: 10330128
Change-Id: I6a291f861ccb0f2911c07cc8f659e2cec4e6d76c
The new wipe option to the vold format command will invoke BLKDISCARD
on the partition before invoking newfs_msdos. This will be used whenever
a full wipe of the device is wanted, as this is more secure than just
doing newfs_msdos.
Bug: 9392982
Change-Id: Ie106f1b9cc70abc61206006d1821641c27c7ccae
The patch removes the following warnings:
system/vold/vdc.c: In function 'do_cmd':
system/vold/vdc.c:71:17: warning: comparison between signed and unsigned integer expressions [-Wsign-compare]
[...]
In file included from system/vold/Fat.cpp:34:0:
bionic/libc/kernel/common/linux/fs.h:109:0: warning: "MS_RMT_MASK" redefined [enabled by default]
In file included from system/vold/Fat.cpp:31:0:
bionic/libc/include/sys/mount.h:64:0: note: this is the location of the previous definition
[...]
Change-Id: I1e950dcec87f8bae0cec61a1611126b3abc0c90e
To support multi-user emulated storage, we mount rootfs as MS_SHARED,
which means we can't MS_MOVE existing mount points rooted in the
shared subtree. Initial staging is still able to MS_MOVE, since it's
rooted in a MS_PRIVATE tmpfs rooted at /mnt/secure.
This change fixes unmounting by operating in-place instead of trying
(and failing) to MS_MOVE back to staging.
Bug: 7127564
Change-Id: I4783db4319b61c0915da39361cbc7e8f4943d094
Now forward locked applications will be in ASEC containers both internal
to the system and externally.
This change adds support for putting applications in ext4-based ASECs.
Change-Id: I8d6765b72dd2606e429c067b47a2dbcaa8bef37d
Add the force_and_revert option to the unmount command which will force
the unmount, and revert a crypto mapping. This is used during factory
reset so that when the internal sdcard volume is formatted, it formats
the raw device, not the encrypted mapping.
Change-Id: I36b6ff9bb54863b121de635472a303bf4a2334a9
Works around a race condition between the vold and MountService uevent handlers
Change-Id: I71c92f2e9b92e1fefc192da166a91d81bc60e242
Signed-off-by: Mike Lockwood <lockwood@android.com>
Add support for keeping the keys in a separate file on another partition,
for devices with no space reserved for a footer after the userdata filesystem.
Add support for encrypting the volumes managed by vold, if they meet certain
criteria, namely being marked as nonremovable and encryptable in vold.fstab.
A bit of trickiness is required to keep vold happy.
Change-Id: Idf0611f74b56c1026c45742ca82e0c26e58828fe
* commit '1206e872ce74aab253c39c3547bfaadc5e1f6011':
vold: fix an offset one bug that makes partition 4 unusable
vold: set state back to idle on formatting error
On formatting error due to some reasons, the state is left at
Formatting, therefore the user is unable to mount the sdcard
again. The patch sets the state to Idle no matter formatting
error or not.
Change-Id: I62c78eb8299cc397ee5cc442890f8b3dbf09425c
Fix formatting partitions beyond the first partition.
Do not try to initialize the MBR when formatting only a single partition.
Change-Id: Ifbbd279b1c288b7b1b884a1a89248e3086ed735f
Signed-off-by: Mike Lockwood <lockwood@android.com>
Only share a single partition via UMS if a specific partition
is specified in vold.fstab (rather than "auto")
Do not fail to reformat if MBR cannot be found.
Change-Id: I544ca2ee325c308af656ab9f4732c788a964c156
Signed-off-by: Mike Lockwood <lockwood@android.com>
This allows us to place shared libraries in these containers which may
only be loaded if they are executable.
Change-Id: I78fa9ab6d5c58ec8b98c40004da72aebc0aade2a
* Rename all functions dealing with OBB files to mention Obb
* Add 'path' and 'list' functionality to OBB commands
* Store hashed filename in loop's lo_crypt_name and keep lo_file_name
for the real source filename. That way we can recover it later with an
ioctl call.
Change-Id: I29e468265988bfb931d981532d86d7be7b3adfc8
Allow the mounting of OBB filesystem images if they're encrypted with
twofish and in FAT filesystem format.
Change-Id: I54804e598f46b1f3a784ffe517ebd9d7626de7aa
- Fix issue where container-names > 64 bytes were getting truncated in the
kernel. lo_name is only 64 bytes in length, so we now hash the container
id via md5
- Add 'dump' command to dump loop and devicemapper status
- Add 'debug' command to enable more detailed logging at runtime
- Log vold IPC arguments (minus encryption keys)
- Fix premature return from Loop::lookupActive() and friends
Change-Id: I0e833261a445ce9dc1a8187e5501d27daba1ca76
Signed-off-by: San Mehat <san@google.com>
Also handles an issue where NPARTS=0 on a disk change uevent
Change-Id: I77c56f177dc65df91468bbd7d5fe1889db414d7a
Signed-off-by: San Mehat <san@google.com>
Add an un-encrypted superblock to the end of a secure container to
help identify the crypto cipher used. This is required in order to
provide some semblence of versioning, in case we have cause to
change the crypto type on an update - say for example switching
from software to hardware encryption, or from 128 -> a zillion
bit keys.
NOTE: This format is incompatible with previous secure containers.
After this change they will no longer be mountable.
Signed-off-by: San Mehat <san@google.com>
In order to protect the '/android_secure' directory on VFAT removable media
from being mucked with by 3rd party applications on the device, we hide the
directory with a read-only, zero-sized tmpfs mounted on-top. A reference to the
hidden directory is kept by a bind-mount which is mounted at a location which
only root can access.
Staging consists of:
1. Mount checked media at a secure location (/mnt/secure/staging)
2. Ensure /android_secure exists on the media, (creating if it doesnt)
3. Bind-mount /mnt/secure/staging/android_secure -> /mnt/secure/asec
(where only root can access it)
4. Mount an RDONLY zero-sized tmpfs over /mnt/secure/staging/android_secure
5. Atomically move /mnt/secure/staging to the publicly accessable storage
directory (/mnt/sdcard)
Signed-off-by: San Mehat <san@google.com>
Yabin Cui
Tim Murray
Stephen Smalley
Bogdan George Stefan
Mark Salyzyn
Colin Cross
Jeff Sharkey
Blair Prescott
Ken Sumrall
Chih-Wei Huang
Kenny Root
Joseph Lehrer
Mike Lockwood
Jean-Baptiste Queru
Olivier Bailly
San Mehat
San Mehat