summaryrefslogtreecommitdiff
path: root/Utils.cpp
Commit message (Collapse)AuthorAgeFilesLines
...
* | Progress towards FBE and adoptable storage.Jeff Sharkey2017-06-261-0/+11
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Offer to adopt storage devices on FBE devices, but keep it guarded behind a system property for now, since we still need to work out key storage details. When migrating shared storage, leave user-specific /data/media directories in place, since they already have the needed crypto policies defined. Enable journaling, quotas, and encrypt options when formatting newly adopted devices. installd already gracefully handles older partitions without quota enabled. Test: cts-tradefed run commandAndExit cts-dev --abi armeabi-v7a -m CtsAppSecurityHostTestCases -t android.appsecurity.cts.AdoptableHostTest Bug: 62290006, 36757864, 29117062, 37395736 Bug: 29923055, 25861755, 30230655, 37436961 Change-Id: Ibbeb6ec9db2394a279bbac221a2b20711d65494e
* | Merge "Use WaitForProperty() to wait for restorecon" am: 963a205a1b am: ↵Tom Cherry2017-06-161-16/+9
|\ \ | |/ |/| | | | | | | | | | | 80ce34d6cb am: dfd0492354 Change-Id: Id3b68e5b946fc1bf886f59e59fee3960a2899041
| * Merge "Use WaitForProperty() to wait for restorecon" am: 963a205a1bTom Cherry2017-06-161-16/+9
| |\ | | | | | | | | | | | | | | | am: 80ce34d6cb Change-Id: I4687810672b51db024f11ad7976562d510de9b81
| | * Use WaitForProperty() to wait for restoreconTom Cherry2017-06-151-16/+9
| | | | | | | | | | | | | | | | | | | | | | | | | | | We have android::base::WaitForProperty() that uses futexes to efficiently wait for property value changes, so use that instead polling. Test: Boot bullhead Change-Id: Id964eddbdbfd9b5ceac5ed83a8ed66b9e60008ca
* | | Merge "vold should #include <sys/sysmacros.h>" am: 398c0e8274 am: 208b464f72 ↵Elliott Hughes2017-05-191-0/+1
|\| | | | | | | | | | | | | | | | | | | | | | | am: fb3e85cf99 am: 048422d46e Change-Id: I33406265fcf0c77a6289cb429aa6a2cc5e8f7146
| * | Merge "vold should #include <sys/sysmacros.h>" am: 398c0e8274 am: 208b464f72Elliott Hughes2017-05-191-0/+1
| |\| | | | | | | | | | | | | | | | am: fb3e85cf99 Change-Id: I32ed2a66bb60ba1042737b4bbb0a2195a3fe8e6f
| | * vold should #include <sys/sysmacros.h>Elliott Hughes2017-05-181-0/+1
| | | | | | | | | | | | | | | | | | Bug: https://github.com/android-ndk/ndk/issues/398 Test: builds Change-Id: I7a1ca1701099886fb493cc5288d6ee867d5f520a
* | | Merge "BuildDataUserCePath always use dir instead of symbolic link" am: ↵Tom Cherry2017-05-041-7/+7
|\| | | | | | | | | | | | | | | | | | | | | | | fed8ab1d76 am: 7dc93304c8 am: 10211d2207 am: 3559234cd3 Change-Id: Ifc6196804b57bdf9d38a37d594281ef53623f0d3
| * | Merge "BuildDataUserCePath always use dir instead of symbolic link" am: ↵Tom Cherry2017-05-031-7/+7
| |\| | | | | | | | | | | | | | | | | | | | | | fed8ab1d76 am: 7dc93304c8 am: 10211d2207 Change-Id: I8ab5875455abaaa84cc777a96be23cbad314d3f7
| | * BuildDataUserCePath always use dir instead of symbolic linkcjbao2017-04-181-7/+7
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Select whichever is real dir instead of symbolic link from either /data/data or /data/user/0. This is to minimize path walking overhead in kernel. This works together with Change 369787 Test: Manual test Change-Id: I338518673fc22ccbfed6ddd6be196931fce18525 Signed-off-by: cjbao <cathy.bao@intel.com>
* | | Merge "Abort migration early when not enough space." into oc-dev am: e6c142174cJeff Sharkey2017-04-041-1/+1
|\| | | | | | | | | | | | | | | | | am: a4c0a3b2ca Change-Id: Ie50f0ae2dbf7eb1b868606b75d1ade808d34590b
| * | Abort migration early when not enough space.Jeff Sharkey2017-04-031-1/+1
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Otherwise we potentially waste minutes of the users time copying data that will never fit. Also fix bug around storage calculation. It's confusing, but f_bsize is not the value you're looking for; the real block size is f_frsize. Test: builds, boots Bug: 27590986, 36840579 Change-Id: I77c63e259356824cc75a3adcf3f4af567efdc7aa
* | | Enable clang-tidy for security sensitive domain.Jeff Sharkey2017-03-271-1/+1
|/ / | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Start with clang-analyzer-security* and cert-*, but disable two specific errors: -- cert-err34-c, which checks for atoi(); heavily triggered by CommandListener, but will disappear when we move to Binder. -- cert-err58-cpp, which checks for exceptions before main(); it's a "Low" severity issue, and filed 36656327 to track cleanup. Fix all other triggered errors along the way. Test: builds, boots Bug: 36655947 Change-Id: I1391693fb521ed39700e25ab6b16bc741293bb79
* / Spread around some O_CLOEXEC love.Jeff Sharkey2017-03-271-16/+2
|/ | | | | | | | | Also remove some unnecessary SELinux logic when creating image files for loop devices. Test: builds, boots, common operations work Bug: 34903607 Change-Id: I68dfa022ecc39f56c175e786694e0de35b954ca0
* vold: replacing fs_mgr_read_fstab() with fs_mgr_read_fstab_default()Bowgo Tsai2017-03-091-6/+0
| | | | | | | | | | The original default /fstab.{ro.hardware} might be moved to /vendor/etc/. or /odm/etc/. Use the new API to get the default fstab instead of using the hard-coded /fstab.{ro.hardware}. Bug: 35811655 Test: boot marlin with /vendor/etc/fstab.marlin Change-Id: I92d6aefe6ff3433b7d1a671358d990bb7b1f2150
* Vold: Clean up code related to foreign dex useCalin Juravle2017-03-031-5/+0
| | | | | | | | | | | We simplified the way we track whether or not a dex file is used by other apps. DexManger in the framework keeps track of the data and we no longer need file markers on disk. Test: device boots, foreign dex markers are not created anymore Bug: 32871170 Change-Id: Id0360205b019be92049f36eab4339f4736e974f4
* Merge \\\"Fix clang-tidy performance warnings in system/vold.\\\" am: ↵Chih-Hung Hsieh2016-07-281-1/+1
|\ | | | | | | | | | | | | | | e24d4eef9b am: aa668f3d13 am: ed1c4cf456 Change-Id: I345cfce27a2b20048953d85bb2dd39adc34190d8
| * Merge \"Fix clang-tidy performance warnings in system/vold.\"Chih-Hung Hsieh2016-07-271-1/+1
| |\ | | | | | | | | | | | | | | | am: e24d4eef9b Change-Id: I8e882391fb343a5dd8b5cd32b2e7c087219334dc
| | * Fix clang-tidy performance warnings in system/vold.Chih-Hung Hsieh2016-07-271-1/+1
| | | | | | | | | | | | | | | | | | | | | | | | | | | * Use const reference type for for-loop index variables to avoid unnecessary copy. Bug: 30413223 Change-Id: Id4d980ae8afec1374fc3be0b23f1c6a39bff86e0 Test: build with WITH_TIDY=1
| * | Consistent creation/destruction of user data.Jeff Sharkey2016-04-181-2/+10
| |\ \ | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | am: be70c9a * commit 'be70c9ae2251ac8f3bfbbe75146f8c533d64e01b': Consistent creation/destruction of user data. Change-Id: Iddb906f6df0587faf95198446c376b2e8d550bec
* | \ \ Only restorecon CE storage after unlocked.Jeff Sharkey2016-07-181-0/+21
|\ \ \ \ | | | | | | | | | | | | | | | | | | | | | | | | | am: d24aeda425 Change-Id: Ia4151dc87769bb4c4b7bee1bb0a09933c74f3d6c
| * | | | Only restorecon CE storage after unlocked.Jeff Sharkey2016-07-181-0/+21
| | |/ / | |/| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | On FBE devices, the filenames inside credential-encrypted directories are mangled until the key is installed. This means the initial restorecon at boot needs to skip these directories until the keys are installed. This CL uses an existing facility to request that init run a recursive restorecon over a given path, and it requests that operation for the CE directories that would have been omitted by the SKIPCE flag earlier during boot. Bug: 30126557 Change-Id: I8c7abea27215075a091f615a7185a82a2f4a4a95
* | | | Consistent creation/destruction of user data. am: be70c9aJeff Sharkey2016-04-181-2/+10
|\| | | | |/ / |/| | | | | | | | | | | | | | | | | | | | am: 30b0a1f * commit '30b0a1fcdd2c7a60c104ffcd3dca4c9c2c1e682b': Consistent creation/destruction of user data. Change-Id: I72e91bbf15eaf91c72a61a26baf2e6908934958a
| * | Consistent creation/destruction of user data.Jeff Sharkey2016-04-151-2/+10
| | | | | | | | | | | | | | | | | | | | | | | | | | | Preparing and destroying users currently needs to be split across installd, system_server, and vold, since no single party has all the required SELinux permissions. Bug: 27896918, 25861755 Change-Id: Ieec14ccacfc7a3a5ab00df47ace7318feb900c38
* | | Merge "Address const issues in preparation for libcxx rebase." am: a4f7dadDan Austin2016-04-121-1/+1
|\ \ \ | |/ / |/| / | |/ | | | | | | | | | | am: 3cc69fa * commit '3cc69faa6797ae0cfe43f4243d564fbe14f4cfe4': Address const issues in preparation for libcxx rebase. Change-Id: I58f814d71e5d5c067ade613d0bf8a88911d53424
| * Address const issues in preparation for libcxx rebase.Dan Austin2016-03-281-1/+1
| | | | | | | | Change-Id: I5199c1eb4e874fd354beefa1232707949483e88d
* | Support emulator's virtio-blk based SD cardYu Ning2016-03-081-0/+4
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Currently, vold only supports MMC (for SD cards) and SCSI (for USB drives) devices. It does not recognize any device whose major number is not one of those used by MMC and SCSI. Unfortunately, virtio-blk is one such device. It is used by the new Android emulator (a.k.a. qemu2, featuring the "ranchu" virtual board) for SD card emulation. In order to make this virtio-blk based SD card device appear in Android and appear as an SD card (rather than a USB drive), changes have to be made to both vold (wherever the device major number is checked) and ranchu's storage configuration. This CL implements former. This is a stop-gap solution for emulator in nyc. A longer term solution in-tune with upstream kernel is in the pipes. Updated from aosp/master version. BUG:27431753 Change-Id: I5014edec73be7c5b565d91542464c82cbe58992c Signed-off-by: Yu Ning <yu.ning@intel.com> (cherry picked from commit 5b1d1c7dfa13b4dca75213581dc8351b841b76c8)
* | Create profile folder for foreign dex markers.Calin Juravle2016-02-251-0/+5
| | | | | | | | | | | | | | | | | | | | | | This is a special profile folder where apps will leave profile markers for the dex files they load and don't own. System server will read the markers and decide if the apks should be fully compiled instead of profile guide compiled. Bug: 27334750 Bug: 26080105 Change-Id: Ib18f20cf78a8dbfc465610ec6ceec52699c5420a
* | Prepare user profile folderCalin Juravle2016-02-191-0/+5
| | | | | | | | | | | | Bug: 26719109 Bug: 26563023 Change-Id: I4737b7f73df74b2b787a62db2e231f136115b359
* | Allow callers to prepare CE/DE user storage.Jeff Sharkey2016-02-051-3/+13
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Give callers the option of preparing CE and/or DE storage. The framework will only prepare CE storage after the CE keys have been unlocked for that user. When init is calling enablecrypto, kick off the work in a thread so that we can make other calls back into vold without causing deadlock. Leaves blocking call intact for framework callers. Clean up 'vdc' tool to send useful transaction numbers, and actually watch for the matching result to come back. This fixes race conditions when there are multiple 'vdc' callers. Also add other system and misc directories to match spec. Bug: 25796509 Change-Id: Ie4f853db6e387916b845d2b5fb92925d743b063d
* | Mount appfuse in process namespace.Daichi Hirono2016-02-021-0/+26
| | | | | | | | | | | | BUG=26148108 Change-Id: I2297fd227a4c607054e0403e73bd9c857f580a1c
* | Emulate media encryption, always chmod to unlock.Jeff Sharkey2015-12-071-0/+6
| | | | | | | | | | | | | | | | | | | | | | | | When FBE emulation is enabled, lock/unlock the media directories that store emulated SD card contents. Change unlocking logic to always chmod directories back to known state so that we can recover devices that have disabled FBE emulation. Bug: 26010607, 26027473 Change-Id: I6d4bff25d8ad7b948679290106f585f777f7a249
* | resolve merge conflicts of b7d5a47cec to master.Elliott Hughes2015-12-041-3/+3
|\| | | | | | | Change-Id: I0c5211a00d92d0ee796bb9c77d2e13675a2a3e8d
| * Merge "Track rename from base/ to android-base/."Elliott Hughes2015-12-041-3/+3
| |\ | | | | | | | | | | | | | | | | | | am: 20a8fa98f6 * commit '20a8fa98f6b858999b623272a182843259e1044c': Track rename from base/ to android-base/.
| | * Track rename from base/ to android-base/.Elliott Hughes2015-12-041-3/+3
| | | | | | | | | | | | Change-Id: I3096cfa50afa395d8e9a8043ab69c1e390f86ccb
| * | Merge commit 'aebfa6e7eee173b8e02f869c3a25cfe2a5fffb9b' into HEADBill Yi2015-11-031-10/+32
| |\ \ | | |/ | |/|
* | | New granular encryption commands for framework.Jeff Sharkey2015-11-101-0/+45
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | We now have separate methods for key creation/destruction and unlocking/locking. Key unlocking can pass through an opaque token, but it's left empty for now. Extend user storage setup to also create system_ce and user_de paths. Bring over some path generation logic from installd. Use strong type checking on user arguments. Bug: 22358539 Change-Id: I00ba15c7b10dd682640b3f082feade4fb7cbbb5d
* | | Merge "Fix ioctl parameter" am: 0eaad8ce8cElliott Hughes2015-10-291-1/+1
|\| | | |/ |/| | | | | | | | | am: 5cd32f73d8 * commit '5cd32f73d8b5e6db60d397d102e5b1b193a76c77': Fix ioctl parameter
| * Fix ioctl parametercaozhiyuan2015-10-291-1/+1
| | | | | | | | Change-Id: I922c8ae77056db81bc5152346299a07a34c527d2
* | Kill apps using storage through bind mounts.Jeff Sharkey2015-10-211-10/+32
|\ \ | |/ |/| | | | | | | | | am: 89f74fbf25 * commit '89f74fbf2529d708534c041d2b711af0f1feff9f': Kill apps using storage through bind mounts.
| * Kill apps using storage through bind mounts.Jeff Sharkey2015-10-211-10/+32
| | | | | | | | | | | | | | | | | | | | | | | | | | | | When unmounting an emulated volume, look for apps with open files using the final published volume path. Without this change, we were only looking at the internal paths used for runtime permissions, which apps never use directly. This meant we'd always fail to unmount the volume if apps didn't respect the EJECTING broadcast, and volume migration would end up wedged until the device rebooted. Bug: 24863778 Change-Id: Ibda484e66ab95744c304c344b226caa5b10b7e2e
* | Promote free bytes calculation to 64 bitsOleksiy Avramchenko2015-10-071-1/+1
|/ | | | | | | The expression otherwise overflows for large devices. It's fsblkcnt_t -> unsigned long, which is 32 bit on ARMv7. Change-Id: I46c5e00558b7dbd6abd50fae4727396079044df2
* Request specific tags from blkid.Jeff Sharkey2015-08-121-0/+6
| | | | | | | | Otherwise blkid can emit tags like SEC_TYPE which mess with the value extraction code. Bug: 23069906 Change-Id: Id2a588ff43a538747d1e44cd8218c96ebd0192c2
* Trim both internal and adopted private storage.Jeff Sharkey2015-07-011-0/+7
| | | | | | | | | | | | | Refactor fstrim code to be encapsulated in unique task object, and give it option of benchmarking when finished. Trimming now includes both storage from fstab and adopted private volumes. Cleaner timing stats are logged for each unique volume. Add wakelock during ongoing async move tasks. Push disk sysfs path to framework so it can parse any SD card registers as desired. Bug: 21831325 Change-Id: I76577685f5cae4929c251ad314ffdaeb5eb1c8bf
* Let's reinvent storage, yet again!Jeff Sharkey2015-06-251-0/+10
| | | | | | | | | | | | | | | | | | | | | | | | | | | | Now that we're treating storage as a runtime permission, we need to grant read/write access without killing the app. This is really tricky, since we had been using GIDs for access control, and they're set in stone once Zygote drops privileges. The only thing left that can change dynamically is the filesystem itself, so let's do that. This means changing the FUSE daemon to present itself as three different views: /mnt/runtime_default/foo - view for apps with no access /mnt/runtime_read/foo - view for apps with read access /mnt/runtime_write/foo - view for apps with write access There is still a single location for all the backing files, and filesystem permissions are derived the same way for each view, but the file modes are masked off differently for each mountpoint. During Zygote fork, it wires up the appropriate storage access into an isolated mount namespace based on the current app permissions. When the app is granted permissions dynamically at runtime, the system asks vold to jump into the existing mount namespace and bind mount the newly granted access model into place. Bug: 21858077 Change-Id: Iade538e4bc7af979fe20095f74416e8a0f165a4a
* Add method to forget private partition keys.Jeff Sharkey2015-06-221-0/+13
| | | | | | | | | Report both the disk and the partition GUID for private volumes to userspace, and offer to forget the encryption key for a given partition GUID. Bug: 21782268 Change-Id: Ie77a3a58e47bf3563cdb3e4b0edfab1de4d0e6b4
* Add f2fs support for private volumes.Jeff Sharkey2015-06-081-0/+46
| | | | | | | | | | | | | | When formatting volumes, pass along fsType string which can be "auto" to let the volume select the best choice. For now, private volumes assume that MMC devices (like SD cards) are best off using f2fs when both kernel support and tools are present, otherwise fall back to ext4. Use blkid when mounting to pick the right set of tools. Move filesystem utility methods into namespaces and place in separate directory to be more organized. Bug: 20275581 Change-Id: Id5f82d8672dda2e9f68c35b075f28232b0b55ed4
* Don't use TEMP_FAILURE_RETRY on close in vold.Elliott Hughes2015-05-151-1/+1
| | | | | Bug: http://b/20501816 Change-Id: Ieecce9304539c250ed1728252b8c2c09d29afd7f
* Fix signed issue with hex conversion.Jeff Sharkey2015-04-291-1/+1
| | | | Change-Id: Ia11c689c373f41b2a63bc84151eb16f7c7b9d155
* Migrate primary external storage.Jeff Sharkey2015-04-241-28/+128
| | | | | | | | | | | | | | | | | | | | | | When requested, kick off a thread that will migrate storage contents between two locations. This is performed in several steps that also interact with the framework: 1. Take old and new volumes offline during migration 2. Wipe new location clean (10% of progress) 3. Copy files from old to new (60% of progress) 4. Inform framework that move was successful so it can persist 5. Wipe old location clean (15% of progress) Derives a hacky progress estimate by using a rough proxy of free disk space changes while a cp/rm is taking place. Add new internal path for direct access to volumes to bypass any FUSE emulation overhead, and send it to framework. Remove mutex around various exec calls since setexeccon() is already per-thread. Bug: 19993667 Change-Id: Ibcb4f6fe0126d05b2365f316f53e71dc3e79a2b8
generated by cgit v1.2.3 (git 2.25.1) at 2025-12-21 15:01:03 +0000