Must limit vold calls to fs_mkdirs() only when the volume is mounted.
If NOT, it will trigger selinux warning as follows.
audit(1398835637.785:8): avc: denied { write } for pid=137 comm="vold" name="sdcard0" dev="rootfs" ino=3191 scontext=u:r:vold:s0 tcontext=u:object_r:rootfs:s0 tclass=dir
Change-Id: I1113fc961cbdd8bbd2fcbf740c2f504628c8399d
Signed-off-by: Cylen Yao <cylen.yao@mediatek.com>
Switching the kernel to the new sysfs layout (unselecting
CONFIG_SYSFS_DEPRECATED) complicates VolD block device recognition.
The uevents are reporting full specific paths, such as:
/devices/pci0000:0e/0000:0e:18.0/mmc_host/mmc0/mmc0:1234/block/mmcblk0
Because the full device path may contain variable IDs (in this MMC
case "1234") using full path entries in fstab does not work. Android
supports partial matches but only as a prefix at the beginning of the
path.
This patch adds support for matching shell wildcard patterns via
fnmatch(). The prefix matching rule is preserved, but if it is
detected a warning is issued.
Change-Id: Ia0c5eddec06bd71bec6ce838be3b5345278e0bab
Author: Octavian Purdila <octavian.purdila@intel.com>
Signed-off-by: Radu Moisan <radu.moisan@intel.com>
Signed-off-by: Jim Bride <jim.bride@intel.com>
Reviewed-by: Bergeron, Michael <michael.bergeron@intel.com>
Tested-by: Uyyala, Sridhar <sridhar.uyyala@intel.com>
Reviewed-by: Leung, Daniel <daniel.leung@intel.com>
Reviewed-by: Uyyala, Sridhar <sridhar.uyyala@intel.com>
This reverts commit 5cc86c5741.
Without two more commits, this will break encryption. I'll re-commit when the other two pass code review.
Change-Id: I71720d065c16cf0f7f534e74ffe883f1e113c477
Stop encryption when battery is low, mark position, and continue on reboot.
Note - support for multiple encrypted volumes removed as no devices seem
to exist with an fstab that uses this feature. If you want support for such
a device, contact me and we will re-add it with appropriate testing.
Bug: 13284213
Change-Id: I1f7178e4f7dd8ea816cbc03ab5c4f6543e98acaa
If we are not to double prompt, we need to pass the password from
CryptKeeper to KeyStore. Since the entire framework is taken down
and restarted, we must store the password in a secure system daemon.
There seems no better way than holding it in vold.
Change-Id: Ia60f2f051fc3f87c4b6468465f17b655f43f97de
This enables running "vdc mountall" in filesystem recovery tests where a partition is first unmounted then corrupted, and then finally verified that it's properly recovered and remounted successfully (i.e. running e2fsck..etc.).
Change-Id: I9385180afaef70f9cc6b2920d2a3c6ff13203b4e
This will allow fine-grained labeling of the
contents of ASEC containers. Some of the contents
need to be world readable and thus should be
distinguishable in policy.
Signed-off-by: rpcraig <rpcraig@tycho.ncsc.mil>
(cherry picked from commit b9e3ba56cb)
Change-Id: I4614af139991aa086ac14a06c70fe425888a16a1
Add a call to vold that says if we decrypted the data partition. Reset the
flag so that it only returns true the first time.
Bug: 12990752
Change-Id: Ib00be87137c00fb8ad29205c85a3ea187764b702
Modify enablecrypto command to make the password optional. When it is
not there, default encrypt the device.
Remove a warning by making at least some parts of this file const-correct.
Bug: 11985952
Change-Id: Ie27da4c4072386d9d6519d97ff46c6dc4ed188dc