Older make_ext4fs doesn't support enabling quotas, so switch everyone
over to using mke2fs for adoptable storage.
Remove UUID check so that we start setting ext4-crypto policies on
adoptable storage devices; a future change will handle the actual
key management.
Bug: 30230655, 36757864
Test: cts-tradefed run commandAndExit cts-dev --abi armeabi-v7a -m CtsAppSecurityHostTestCases -t android.appsecurity.cts.AdoptableHostTest
Change-Id: I021f85b1be8431044c239521c37be96534682746
We don't know which FS and kernel version is going to want these keys,
so put them in the kernel three times with all three possible prefixes.
Bug: 62900873
Test: Marlin set up before this change successfully boots after it.
Change-Id: I6ccfe0894551ba068de9bf5e23fe4fd1e10e36b1
Offer to adopt storage devices on FBE devices, but keep it guarded
behind a system property for now, since we still need to work out key
storage details.
When migrating shared storage, leave user-specific /data/media
directories in place, since they already have the needed crypto
policies defined.
Enable journaling, quotas, and encrypt options when formatting
newly adopted devices. installd already gracefully handles older
partitions without quota enabled.
Test: cts-tradefed run commandAndExit cts-dev --abi armeabi-v7a -m CtsAppSecurityHostTestCases -t android.appsecurity.cts.AdoptableHostTest
Bug: 62290006, 36757864, 29117062, 37395736
Bug: 29923055, 25861755, 30230655, 37436961
Change-Id: Ibbeb6ec9db2394a279bbac221a2b20711d65494e
We don't know which FS and kernel version is going to want these keys,
so put them in the kernel three times with all three possible prefixes.
Test: Marlin set up before this change successfully boots after it.
Change-Id: I6ccfe0894551ba068de9bf5e23fe4fd1e10e36b1
Android has a standard way to do what AutoCloseFD.h does, so use that
instead. Refactor before work on the bug.
Bug: 36029169
Test: Deleted a user and checked that secdiscard logs looked good.
Change-Id: I5d8bedfb3fa1f032fd2bced88b1b561e4a8c2ff4
We have android::base::WaitForProperty() that uses futexes to
efficiently wait for property value changes, so use that instead
polling.
Test: Boot bullhead
Change-Id: Id964eddbdbfd9b5ceac5ed83a8ed66b9e60008ca
* Owners are selected from top CL approvals or owners.
They will be suggested to review/approve future CLs.
* OWNERS files are recognized by the new find-owners plugin, see .md files in
https://gerrit.googlesource.com/plugins/find-owners/+/master/src/main/resources/Documentation/
Test: build/make/tools/checkowners.py -c -v OWNERS
Change-Id: I4d0431105b55e88be258800a7fd45a42deb9bb60
This code should not be timing out, since it has no graceful way to
recover.
Bug: 62308812
Test: marlin boot
Change-Id: I1284f9a34e83e6451622a702d2bee40b08877db2
This is used by LockSettingsService to delete sensitive credential files.
Bug: 34600579
Test: manual - change device lock under synthetic password, verify
old data on disk is erased.
Change-Id: I5e11b559ad8818bd2ad2b321d67d21477aab7555
Merged-In: I5e11b559ad8818bd2ad2b321d67d21477aab7555
This is used by LockSettingsService to delete sensitive credential files.
Bug: 34600579
Test: manual - change device lock under synthetic password, verify
old data on disk is erased.
Change-Id: I5e11b559ad8818bd2ad2b321d67d21477aab7555