system_vold.git - system

	Commit message (Collapse)	Author	Age	Files	Lines
*	system: vold: Use ICE for UFS card	Gaurav Kashyap	2020-01-03	1	-7/+28
\| \| \| \| \| \| \| \| \| \| \|	Identify UFS Card while mounting during adoptable storage, and use ICE for encryption/decryption if it is the case as compared to software encryption being used for SD card. CRs-Fixed: 2491182 Change-Id: Iea7e34b06e3ceab8e292ac14d5115566382609ab
*	system: vold: Use wrapped key for metadata encryption	Neeraj Soni	2020-01-03	1	-0/+4
\| \| \| \| \| \| \| \| \|	Wrapped key feature is needed for better security of encryption keys and to ensure data integrity when crypto key cache is cleared during reset operation of storage/crypto hardware. CRs-Fixed: 2367150 Change-Id: I83d14861bf81e102151fa3417d84008c214a9ac0
*	Updates for migrated code upstream	Yifan Hong	2020-01-03	1	-2/+1
\| \| \| \| \| \| \| \|	FsCrypt: wrapped_key use C++ flags Use get_crypto_info instead of fs_mgr_* Test: builds and boots Change-Id: I9c6803fb228f4f62e67b05f24b849048216e2a63
*	vold: add support for clear key	Shivaprasad Hongal	2020-01-03	1	-1/+17
\| \| \| \| \| \| \| \|	Add support for clearing key in trustzone and ICE when a user is deleted. CRs-Fixed: 2334473 Change-Id: I5fd75aaa3b35145b744bed384dc3c842185ff267
*	vold: Use separate flag for wrappedkey	Shivaprasad Hongal	2020-01-03	1	-18/+2
\| \| \| \| \| \| \| \| \|	Use a separate fstab flag for wrappedkey support rather than file_contents_mode. CRs-Fixed: 2316112 Change-Id: I4972514cdfc8e17abf1fca777cae39fb7a2e19a8
*	vold: Wrapped key support for FBE	Shivaprasad Hongal	2020-01-03	1	-14/+150
\| \| \| \| \| \| \| \| \| \|	Changes to key management in vold such that no keys are present in the clear in HLOS. Using keymaster to generate and manage keys. CRs-Fixed: 2288316 Change-Id: Iaf5bf2eb60c60364f495e6d176e19b4848850028
*	Create a per-boot key on each boot	Paul Crowley	2019-09-17	1	-6/+13
\| \| \| \| \| \| \| \| \|	Bug: 140882488 Test: Booted twice, checked logs to ensure encryption is different each time, adb created files in directory. Cherry-Picked-From: c8a3ef3f3c501c7bc14a2078dde513765cdb56d7 Merged-In: I74077bf8f727dab726c25f512ed7406a74cbe0bf Change-Id: I74077bf8f727dab726c25f512ed7406a74cbe0bf
*	FsCrypt.cpp: Do delayed restorecon on /data/vendor_ce	Nick Kralevich	2019-05-14	1	-0/+1
\| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \|	When Android boots after file_contexts has changed, the boot process walks the entire /data partition, updating any changed SELinux labels as appropriate. However, credential encrypted ("ce") directories are deliberately excluded from this early boot directory walk. Files within ce directories have their filenames encrypted, and as a result, cannot match the file_contexts entries. Only after the user has unlocked their device are the unencrypted filenames available and a restorecon appropriate. Ensure that we do a post-unlock restorecon on /data/vendor_ce, like we do for /data/system_ce and /data/misc_ce. This ensures the labels on files within these directories are correct after the device has been unlocked. Bug: 132349934 Test: See bug 132349934 comment #12 for test procedure Change-Id: Ifcbef5fdfb236ec6dea418efa9d965db3a3b782f
*	vold: downgrade lookup_key_ref() failure message to DEBUG level	Eric Biggers	2019-04-02	1	-1/+1
\| \| \| \| \| \| \| \| \| \|	Now that lockUserKey() will be called for every user each time the framework is started, it's a normal case that the key being removed doesn't exist. So downgrade the log message about being unable to find a key from ERROR to DEBUG. Test: build and boot, message is now debug level. Change-Id: I2d1dce8dd8825b02982eab1c902aa10fe5b54b84
*	vold: fsync both file and directory after write keys	Tommy Chiu	2019-03-28	1	-10/+6
\| \| \| \| \| \| \| \| \| \| \|	Use vold version of writeStringToFile which fsync files, and manually fsync directories after initialize global DE Bug: 71810347 Test: Build pass and reboot stress test. Original boot failure symptom is NOT reproducible. Change-Id: I1ca8f8cf0ccfd01075a9c33f79042e58d99aea26
*	Move over to the C++ Fstab class	Tom Cherry	2019-01-31	1	-6/+7
\| \| \| \| \|	Test: build and boot Change-Id: Id3850c9c133f6644073a2439368501253a2a94a9
*	Fsync directories after creating files	Paul Crowley	2019-01-07	1	-16/+2
\| \| \| \| \| \| \|	Bug: 120248692 Test: adb shell locksettings set-pin 1111 && \ adb shell "echo b > /proc/sysrq-trigger" Change-Id: I53d252942c21365983b4f8b6e0948b1864f195c1
*	Add fsync for renaming user ce key path	Jie	2018-11-15	1	-0/+18
\| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \|	Device can't start up after the following steps: 1. set screen lock to PIN/Pattern/Password 2. set screen lock to Swipe/None 3. power down immediately after pressing "YES, REMOVE" 4. reboot failed log: Failed to read from /data/misc/vold/user_keys/ce/0/current/keymaster_key_blob root cause: flushing data failed because of power down issue: https://partnerissuetracker.corp.google.com/u/1/issues/119382750
*	vold: rename from "ext4 encryption" to fscrypt	Eric Biggers	2018-10-25	1	-0/+839
	We support file-based encryption on both ext4 and f2fs now, and the kernel API is the same. So rename things appropriately in vold: e4crypt => fscrypt ext4enc => fscrypt Ext4Crypt => FsCrypt EXT4_* => FS_* ext4_encryption_key => fscrypt_key Additionally, the common functions shared by 'vold' and 'init' are now in libfscrypt rather than ext4_utils. So update vold to link to libfscrypt and include the renamed headers. Note: there's a chance of 'fscrypt' being confused with the dm-crypt based encryption code in vold which is called 'cryptfs'. However, fscrypt is the name used in the kernel for ext4/f2fs/ubifs encryption, and it's preferable to use the same name in userspace. Test: built, booted device with f2fs encryption Change-Id: I2a46a49f30d9c0b73d6f6fe09e4a4904d4138ff6