| 86af3557e3dc0f6e4fa2c0d56f840eb4247f9f4f |
|
24-Jun-2015 |
Shawn Willden <swillden@google.com> |
Add purpose to vold-generated keymaster1 keys.
Also remove the app ID and additional padding and digest options.
Bug: 22009890
Change-Id: Ibff9bbd0e0c11d651d11fac85d4ac907588f1cd2
/system/vold/cryptfs.c
|
| 0417060e8ebfd28171fd0aaef8f4e42d9ddd482e |
|
18-Jun-2015 |
Shawn Willden <swillden@google.com> |
Use correct error code for rate limiting.
Note that this CL depends on cl 712195, which must be submitted first.
Bug: 21607106
Change-Id: Iafc42d1c8a1145a31ea252b33b404044f92ec62b
/system/vold/cryptfs.c
|
| da6e899f4e1429add2ef023e0cc6b0fcca42c945 |
|
03-Jun-2015 |
Shawn Willden <swillden@google.com> |
Add keymaster1 support to vold.
Bug: 21607106
Change-Id: I498141b90888d4f0652912413b04519f61886935
/system/vold/cryptfs.c
|
| b1ef4665e8df4abf0f3f134bf3090415fc834606 |
|
11-Jun-2015 |
Paul Lawrence <paullawrence@google.com> |
Improve boot time by 0.1s by reducing a polling sleep interval
Bug: 21516860
Change-Id: I9e28f4d9cc20ec2a7d9e325c02ef85f0ad9b3d60
/system/vold/cryptfs.c
|
| 3bd36d5e5f14dff4dadba88eb27664e495d0e16e |
|
09-Jun-2015 |
Paul Lawrence <paullawrence@google.com> |
Remove hex encoding and password adjusting now that patterns are '1' based
Bug: 21606650
Change-Id: I3486ad394d563135c5171a1d4785f7a27eeea3ae
/system/vold/cryptfs.c
|
| 86c942a2537701a90b88768eab4648c0650dfad1 |
|
06-May-2015 |
Paul Lawrence <paullawrence@google.com> |
DO NOT MERGE Delete password as per block encryption
(cherry-picked from commit 00f4aade5c172534c16070540d1c6c26d0a78c84)
Bug: 18151196
Change-Id: Iee0f932c61ff4a309dc2861725b24bf976adb4c7
/system/vold/cryptfs.c
|
| 2f32cda63bf5c86db880d36029a27c8597fb5e3c |
|
05-May-2015 |
Paul Lawrence <paullawrence@google.com> |
DO NOT MERGE Retry unmounts in ext4 encryption
(cherry-picked from commit 29b54aab8ee2d08e2129832364f9b719dd17fa4e)
Bug: 18151196
Change-Id: I52ca23b2ce3adcff44bd003d4a12243a0bd6ac34
/system/vold/cryptfs.c
|
| 368d79459e8d30474dd5cbc414623c1e2f78ee98 |
|
15-Apr-2015 |
Paul Lawrence <paullawrence@google.com> |
DO NOT MERGE Enable properties in ext4enc
(cherry-picked from 4e7274551c93e1c064648409f52ca430da647050)
Enables OwnerInfo and pattern suppression
Bug: 18151196
Change-Id: I46144e16cb00319deeb5492ab82c67f5dd43d6d3
/system/vold/cryptfs.c
|
| c78c71b1717613a5be921bbb8ac63c007d4af86a |
|
15-Apr-2015 |
Paul Lawrence <paullawrence@google.com> |
DO NOT MERGE Check password is correct by checking hash
(cherry-picked from commit 3ca21e227a2e1ed01138a29f450917290a9d1e6e)
Handle failures gracefully
Change-Id: Ifb6da8c11a86c50fb11964c18cc1be1326461f78
/system/vold/cryptfs.c
|
| 731a7a242df6cc3441ac82b4f9521546fac5ac2d |
|
29-Apr-2015 |
Paul Lawrence <paullawrence@google.com> |
DO NOT MERGE Securely encrypt the master key
(cherry-picked from commit 707fd6c7cccc31c0ab0ec1a6ac8b6077c632fc35)
Move all key management into vold
Reuse vold's existing key management through the crypto footer
to manage the device wide keys.
Use ro.crypto.type flag to determine crypto type, which prevents
any issues when running in block encrypted mode, as well as speeding
up boot in block or no encryption.
This is one of four changes to enable this functionality:
https://android-review.googlesource.com/#/c/148586/
https://android-review.googlesource.com/#/c/148604/
https://android-review.googlesource.com/#/c/148606/
https://android-review.googlesource.com/#/c/148607/
Bug: 18151196
Change-Id: I3c68691717a61b5e1df76423ca0c02baff0dab98
/system/vold/cryptfs.c
|
| ce6a913aeac7db94a41362c63bab74092767bb3e |
|
09-Apr-2015 |
Jeff Sharkey <jsharkey@android.com> |
Exclusive exec() path, format after partition.
Sadly setexeccon() is process global, so we need to carefully ensure
that all exec() are mutually exclusive to avoid transitioning into
unwanted domains. Also, because we have several threads floating
around, we need to guard all our FDs with O_CLOEXEC.
Format all newly created volumes immediately after partitioning,
but silence all events emitted from those volumes to prevent the
framework from getting all excited. Unify all notify events under a
single codepath to make them easy to silence.
Sent SIGINT before escalating to SIGTERM when unmounting.
Bug: 19993667
Change-Id: Idc6c806afc7919a004a93e2240b42884f6b52d6b
/system/vold/cryptfs.c
|
| 9c48498f4529f623650c56d03e63324c8d813032 |
|
31-Mar-2015 |
Jeff Sharkey <jsharkey@android.com> |
Support for private (adopted) volumes.
This adds support for private volumes which is just a filesystem
wrapped in a dm-crypt layer. For now we're using the exact same
configuration as internal encryption (aes-cbc-essiv:sha256), but we
don't store any key material on the removable media. Instead, we
store the key on internal storage, and use the GPT partition GUID
to identify which key should be used.
This means that private external storage is effectively as secure as
the internal storage of the device. That is, if the internal storage
is encrypted, then our external storage key is also encrypted.
When partitioning disks, we now support a "private" mode which has
a PrivateVolume partition, and a currently unused 16MB metadata
partition reserved for future use. It also supports a "mixed" mode
which creates both a PublicVolume and PrivateVolume on the same
disk. Mixed mode is currently experimental.
For now, just add ext4 support to PrivateVolume; we'll look at f2fs
in a future change. Add VolumeBase lifecycle for setting up crypto
mappings, and extract blkid logic into shared method. Sprinkle some
more "static" around the cryptfs code to improve invariants.
Bug: 19993667
Change-Id: Ibd1df6250735b706959a1eb9d9f7219ea85912a0
/system/vold/cryptfs.c
|
| 36801cccf27152c9eca5aab6ba3527221525110f |
|
14-Mar-2015 |
Jeff Sharkey <jsharkey@android.com> |
Progress towards dynamic storage support.
Wire up new Disk and VolumeBase objects and events to start replacing
older DirectVolume code. Use filesystem UUID as visible PublicVolume
name to be more deterministic.
When starting, create DiskSource instances based on fstab, and watch
for kernel devices to appear. Turn matching devices into Disk
objects, scan for partitions, and create any relevant VolumeBase
objects. Broadcast all of these events towards userspace so the
framework can decide what to mount.
Keep track of the primary VolumeBase, and update the new per-user
/storage/self/primary symlink for all started users.
Provide a reset command that framework uses to start from a known
state when runtime is restarted. When vold is unexpectedly killed,
try recovering by unmounting everything under /mnt and /storage
before moving forward.
Remove UMS sharing support for now, since no current devices support
it; MTP is the recommended solution going forward because it offers
better multi-user support.
Switch killProcessesWithOpenFiles() to directly take signal. Fix
one SOCK_CLOEXEC bug, but SELinux says there are more lurking.
Bug: 19993667
Change-Id: I2dad1303aa4667ec14c52f774e2a28b3c1c1ff6d
/system/vold/cryptfs.c
|
| 2a8c10965a8a9e17fb290ac5acba2daf936ff1bb |
|
30-Mar-2015 |
Elliott Hughes <enh@google.com> |
am 8a0fde27: am e9623fed: Merge "Fixed type mismatch for ioctl(BLKGETSIZE)"
* commit '8a0fde272be430f66b2e5db6236aa732d2ba6efc':
Fixed type mismatch for ioctl(BLKGETSIZE)
|
| 14eab550e8a4f28889cc9ffbb92ddff8f18c4f03 |
|
04-Feb-2015 |
Hiroaki Miyazawa <hiroaki.miyazawa@sonymobile.com> |
Fixed type mismatch for ioctl(BLKGETSIZE)
ioctl(BLKGETSIZE) expects unsigned long
(8 bytes on 64 bit environment).
This is fixing fails in android.os.storage.StorageManagerIntegrationTest
(in FrameworkCoreTests).
To verify, install FrameworksCoreTests.apk and do:
adb shell am instrument -r -w -e class android.os.storage.\
StorageManagerIntegrationTest#testMountSingleEncryptedObb \
com.android.frameworks.coretests/android.test.InstrumentationTestRunner
Change-Id: Ib6d5c7490c02521c93f107c35ad0aac49f6a3f1a
/system/vold/cryptfs.c
|
| 8175a0b65d4bbe29eb1b44c183b3668125825c0b |
|
05-Mar-2015 |
Paul Lawrence <paullawrence@google.com> |
Adding e4crypt support
Redirect all crypto calls to e4crypt equivalents if file level encryption
detected. Note this change implements only the ones needed for minimal
functionality.
Requires matching change:
https://googleplex-android-review.git.corp.google.com/#/c/642778/
Change-Id: I622d1a91704de4b3ab655486e6d38cd6718e6016
/system/vold/cryptfs.c
|
| 05335c344d73411439774dfa548c633020e158e1 |
|
05-Mar-2015 |
Paul Lawrence <paullawrence@google.com> |
Adding e4crypt support
Redirect all crypto calls to e4crypt equivalents if file level encryption
detected. Note this change implements only the ones needed for minimal
functionality.
Requires matching change:
https://googleplex-android-review.git.corp.google.com/#/c/642778/
Change-Id: I622d1a91704de4b3ab655486e6d38cd6718e6016
/system/vold/cryptfs.c
|
| 47bc0ffaddacc3514d12db1b8b8bb4b10eae13ea |
|
27-Feb-2015 |
Shawn Willden <swillden@google.com> |
am 5054f7ee: Merge "Rename keymaster_device_t to keymaster0_device_t."
* commit '5054f7ee4fa6e747eb8d08f60ec91ba6a9363878':
Rename keymaster_device_t to keymaster0_device_t.
|
| 8af33350cdd461891e77684fcc5374edd5497140 |
|
24-Feb-2015 |
Shawn Willden <swillden@google.com> |
Rename keymaster_device_t to keymaster0_device_t.
This is to accomodate the new keymaster1_device_t, which has an entirely
different interface.
Soon I'll provide a libkeymaster which provides a unified (and nicer)
interface for dealing with both v0 and v1 keymaster implementations
using a v1 keymaster API. For now this change is just so that vold will
build and run.
Change-Id: I5c54282c12d1c4b8b22ed4929b6e6c724a94ede4
/system/vold/cryptfs.c
|
| d1fd8468d018291698de17bacb23fc7ba1d900d8 |
|
24-Feb-2015 |
Shawn Willden <swillden@google.com> |
Rename keymaster_device_t to keymaster0_device_t.
This is to accomodate the new keymaster1_device_t, which has an entirely
different interface.
Soon I'll provide a libkeymaster which provides a unified (and nicer)
interface for dealing with both v0 and v1 keymaster implementations
using a v1 keymaster API. For now this change is just so that vold will
build and run.
Change-Id: I5c54282c12d1c4b8b22ed4929b6e6c724a94ede4
/system/vold/cryptfs.c
|
| 933216c8861b6b3f0e65cd27812ce2e3c26721c4 |
|
11-Feb-2015 |
JP Abgrall <jpa@google.com> |
crytpfs: fix clobbering of crypto info on keymaster failure
Changing the device lock (even from swipe to none) will cause the
master key to be re-encrypted.
If at that point keymaster fails (e.g. due to an incompatible keymaster update)
cryptfs will write back the now-incomplete crypto metadata.
Upon next reboot, userdata can't be decrypted.
Now we don't bother writing on keymaster failure.
Bug: 19301883
Change-Id: I2b9a1278f8b4d333ac8d567e17e2263005e99409
/system/vold/cryptfs.c
|
| d32b75e6dc329fc8b15d0ae48cf932f091ed6299 |
|
09-Feb-2015 |
Elliott Hughes <enh@google.com> |
am 33b6de4b: am d55d8dac: Merge "prevent ioctl_init() to write outside buffer"
* commit '33b6de4b94e018b3cb621db5eabcb3a4f18bdd3d':
prevent ioctl_init() to write outside buffer
|
| a655b9a39fb99cd0c4152a563004634e3766c00c |
|
09-Feb-2015 |
Paul Lawrence <paullawrence@google.com> |
am 38394c7d: am 223fd1ca: Revert "Make encryption configurable"
* commit '38394c7d2d6d5bd8c7467155587a78b912e2b7ab':
Revert "Make encryption configurable"
|
| 33b6de4b94e018b3cb621db5eabcb3a4f18bdd3d |
|
07-Feb-2015 |
Elliott Hughes <enh@google.com> |
am d55d8dac: Merge "prevent ioctl_init() to write outside buffer"
* commit 'd55d8dac45dc60cb2cc9e599d3e89532db0cfc39':
prevent ioctl_init() to write outside buffer
|
| d55d8dac45dc60cb2cc9e599d3e89532db0cfc39 |
|
07-Feb-2015 |
Elliott Hughes <enh@google.com> |
Merge "prevent ioctl_init() to write outside buffer"
|
| 38394c7d2d6d5bd8c7467155587a78b912e2b7ab |
|
07-Feb-2015 |
Paul Lawrence <paullawrence@google.com> |
am 223fd1ca: Revert "Make encryption configurable"
* commit '223fd1cad8d627dc36e11da8cdd342c1a810d226':
Revert "Make encryption configurable"
|
| 223fd1cad8d627dc36e11da8cdd342c1a810d226 |
|
06-Feb-2015 |
Paul Lawrence <paullawrence@google.com> |
Revert "Make encryption configurable"
This reverts commit 6a69cfc411c086f15d59b7dc105763af16620414.
The original fix seems to have led to boot failures in QA. Rather than
risk shipping, revert the change. Bug 18764230 reopened.
Requires change
https://googleplex-android-review.git.corp.google.com/#/c/629950/
Bug: 19278390
Bug: 19199624
Change-Id: Ia858c4db0abb917f9364ec8048f59ca4fb48e233
/system/vold/cryptfs.c
|
| 5e6b9141c11ebfd809acb69c7c672c6612334359 |
|
05-Feb-2015 |
Marek Pola <marek.pola@sonymobile.com> |
prevent ioctl_init() to write outside buffer
The strncpy operation does not write a 0 termination
if the name is larger than the target buffer.
Ensure that zero termination is always written using
safe strlcpy function.
Change-Id: Idb68cdff7cd1a860c1dfac7494fa99f3d382cb91
/system/vold/cryptfs.c
|
| efb4c6d79aa8809dc510826fd25e8109676021cb |
|
05-Feb-2015 |
Elliott Hughes <enh@google.com> |
am 71f8d86f: am f805a8b3: Merge "Change lseek to lseek64"
* commit '71f8d86fdfc2c11f2d4176eabb98812bf41792e7':
Change lseek to lseek64
|
| 71f8d86fdfc2c11f2d4176eabb98812bf41792e7 |
|
05-Feb-2015 |
Elliott Hughes <enh@google.com> |
am f805a8b3: Merge "Change lseek to lseek64"
* commit 'f805a8b3a917b163c789f1ad4b272560f98eb6f1':
Change lseek to lseek64
|
| 394cd68fcdd11271a9b71f6c83acaf5b347cb7b1 |
|
05-Feb-2015 |
Elliott Hughes <enh@google.com> |
am e22b21af: am ebc83b3e: Merge "Fix memory leak in upgrade_crypt_ftr"
* commit 'e22b21af3a4d7729c23f559add26bc4f78cbaab1':
Fix memory leak in upgrade_crypt_ftr
|
| e22b21af3a4d7729c23f559add26bc4f78cbaab1 |
|
05-Feb-2015 |
Elliott Hughes <enh@google.com> |
am ebc83b3e: Merge "Fix memory leak in upgrade_crypt_ftr"
* commit 'ebc83b3e8ef6d0dbab84bec88e0231c7911e5378':
Fix memory leak in upgrade_crypt_ftr
|
| f805a8b3a917b163c789f1ad4b272560f98eb6f1 |
|
05-Feb-2015 |
Elliott Hughes <enh@google.com> |
Merge "Change lseek to lseek64"
|
| ebc83b3e8ef6d0dbab84bec88e0231c7911e5378 |
|
05-Feb-2015 |
Elliott Hughes <enh@google.com> |
Merge "Fix memory leak in upgrade_crypt_ftr"
|
| 96dbee7bd6c64c0d38b4e390e12851e02b674b87 |
|
20-Jan-2015 |
Björn Landström <bjorn.landstrom.x@sonymobile.com> |
Change lseek to lseek64
Using lseek on 64-bit offset parameter caused failure
to write persistent data in crypto footer.
Changed calls to use lseek64 instead.
Change-Id: I4e4c397a6d36201b8b08be3017e17c9fac3b34e4
/system/vold/cryptfs.c
|
| 91064633ff3e5dd0a8a7d0c065cd82ba06b04ace |
|
05-Feb-2015 |
Henrik Baard <henrik.baard@sonymobile.com> |
Fix memory leak in upgrade_crypt_ftr
The structure crypt_persist_data was allocated,
but never freed.
Added free of allocated memory in normal and
error case.
Change-Id: I9aaa067e6f6501e8ce007f8659004b5dbcf2b246
/system/vold/cryptfs.c
|
| db3730c454ef706dffee9bde0f9bf54e95ab06f8 |
|
03-Feb-2015 |
Paul Lawrence <paullawrence@google.com> |
Remove kdfs that were only used internally in LMP
Bug: 17439091
Change-Id: I55f92984c8234362597be3976a10626a0ed8763f
/system/vold/cryptfs.c
|
| c19cb9c8329781dad649f37e6bc3f0f120cb2afc |
|
21-Jan-2015 |
Paul Lawrence <paullawrence@google.com> |
Make encryption configurable
Add maybeenabledefaultencryption function, that encrypts based
on the encryption flag and appropriate environment variable
Bug: 18764230
Change-Id: Id9a1967d09a7ae63a51240c0a5f3c41505af0e9a
/system/vold/cryptfs.c
|
| 4a36ca003873991c99fbd2b41c87c9409c053d71 |
|
26-Jan-2015 |
Paul Lawrence <paullawrence@google.com> |
am 6a69cfc4: Make encryption configurable
* commit '6a69cfc411c086f15d59b7dc105763af16620414':
Make encryption configurable
|
| ba5834dcea382a71326289c8d1293e0e95f1dfec |
|
23-Jan-2015 |
Kenny Root <kroot@google.com> |
am 26970299: Merge "Remove superfluous OpenSSL include paths."
* commit '269702997153cdf92c65cfee277c76afed44e9e5':
Remove superfluous OpenSSL include paths.
|
| 41405bb3e5cdde0782bfcf7065b88ce1bb253c3c |
|
23-Jan-2015 |
Adam Langley <agl@google.com> |
Remove superfluous OpenSSL include paths.
The libcrypto and libssl modules (and their respective static and host
versions) use LOCAL_EXPORT_C_INCLUDE_DIRS thus just including the module
is sufficient.
Additionally, cryptfs.h was including an OpenSSL header just to get the
length of a SHA-256 hash. Rather than force all users of this header to
also depend on libcrypto, it's easier just to define that value in the
header file.
Change-Id: I3e3e0db906a212e1093944b298e4a8ff2e2fb07d
/system/vold/cryptfs.c
|
| 6a69cfc411c086f15d59b7dc105763af16620414 |
|
21-Jan-2015 |
Paul Lawrence <paullawrence@google.com> |
Make encryption configurable
Add maybeenabledefaultencryption function, that encrypts based
on the encryption flag and appropriate environment variable
Bug: 18764230
Change-Id: Id9a1967d09a7ae63a51240c0a5f3c41505af0e9a
/system/vold/cryptfs.c
|
| da91b1915c44a66932f7eef23b4c0ecbdee0b794 |
|
19-Dec-2014 |
Brian Carlstrom <bdc@google.com> |
Remove unused local variable to fix the build
Change-Id: Ic0a77a754b649d360d07eaa9e6a93274e7eaf0a8
/system/vold/cryptfs.c
|
| 210caabdb51943ec46532fb13bd3df8b983897e7 |
|
18-Dec-2014 |
Dan Albert <danalbert@google.com> |
resolved conflicts for merge of 88aba541 to lmp-mr1-dev-plus-aosp
Change-Id: Ie5ef819dd8168cb6a73f84a881a92c116705fffc
|
| c07fa3fa5ada60b5f0b13d84f7a9893e2c331549 |
|
18-Dec-2014 |
Dan Albert <danalbert@google.com> |
Fix alignment of buffer used for dm_ioctl.
Since the dm_ioctl struct was being allocated on the stack as a large
character array, it was getting character alignment rather than the
proper alignment for the struct. GCC had been getting away with this
so far, but it's undefined behavior that clang managed to expose.
Bug: 18736778
Change-Id: Ied275dfad7fcc41d712b2d02c8a185f499221f57
/system/vold/cryptfs.c
|
| 6c78e7d7724a431dbdb2b0a5bb8cd2b07424cbe5 |
|
18-Dec-2014 |
Tim Murray <timmurray@google.com> |
resolved conflicts for merge of 4be36106 to lmp-mr1-dev-plus-aosp
Change-Id: If504710a618d8c3adf85297d5fd2909558ed57a3
|
| 8439dc9fd569794b1a31f67cf43d9212de33eecc |
|
15-Dec-2014 |
Tim Murray <timmurray@google.com> |
Make vold compile with -Werror -Wall.
-Wno-missing-field-initializers is used as well, but that is an
overzealous warning from initializing structs with {0} and not a
real warning.
bug 18736778 and 16868177
Change-Id: Iffde89cd7200d9a11193e1614f1819f9fcace30a
/system/vold/cryptfs.c
|
| 6322302a5a6f8848097031e7acda44dba88c7ea2 |
|
02-Dec-2014 |
Paul Lawrence <paullawrence@google.com> |
am acfdc30e: Merge "Fix error in clocks leading to devices staying unlocked" into lmp-mr1-dev
* commit 'acfdc30e3793512de4b9a5e15da69533735dd8be':
Fix error in clocks leading to devices staying unlocked
|
| 82b451dacb4d12c3eee3fc2bde9d0f54e234c168 |
|
02-Dec-2014 |
Paul Lawrence <paullawrence@google.com> |
am d44a8f59: Merge "Fix encrypt-and-wipe" into lmp-mr1-dev
* commit 'd44a8f59a7518b87a3fe4174c78dfb9727e63f89':
Fix encrypt-and-wipe
|
| acfdc30e3793512de4b9a5e15da69533735dd8be |
|
02-Dec-2014 |
Paul Lawrence <paullawrence@google.com> |
Merge "Fix error in clocks leading to devices staying unlocked" into lmp-mr1-dev
|
| ef2b5bea6b72331568036788c6fcaadf63f1f178 |
|
11-Nov-2014 |
Paul Lawrence <paullawrence@google.com> |
Fix error in clocks leading to devices staying unlocked
Use BOOTTIME consistently!
Bug: 18246810
Change-Id: I630bf39f72ab69f971d2f772e8d4545ffe467b82
/system/vold/cryptfs.c
|
| b1eb7a06ee24078efb3a7efaa32c1561b92f4cb8 |
|
25-Nov-2014 |
Paul Lawrence <paullawrence@google.com> |
Fix encrypt-and-wipe
encrypt-and-wipe was broken when checks were added that encryption succeeded
which assumed a 'normal' full encrypt traversing the device.
encrypt-and-wipe doesn't traverse, it just lays down a file system over
the encrypted device, so in this mode do not check the amount encrypted -
it will always be 0.
Bug: 18511900
Change-Id: Icb1d7e0cdb67abd2eac0ab3cbfc1a88912768f9d
/system/vold/cryptfs.c
|
| c9c51717923315edf1d14bdeb3e06036107a3be0 |
|
21-Nov-2014 |
Iliyan Malchev <malchev@google.com> |
am bb7d9afe: fall back to dm-crypt if device already encrypted
* commit 'bb7d9afea9479eabbc98133d3d968225a1e1019e':
fall back to dm-crypt if device already encrypted
|
| b7d35115dccc49275c48cc4665c146997b0168eb |
|
21-Nov-2014 |
Iliyan Malchev <malchev@google.com> |
resolved conflicts for merge of 87701e27 to lmp-mr1-dev-plus-aosp
Change-Id: Ie873baff626fe786515497f2e81aa9db2329168d
|
| bb7d9afea9479eabbc98133d3d968225a1e1019e |
|
21-Nov-2014 |
Iliyan Malchev <malchev@google.com> |
fall back to dm-crypt if device already encrypted
Devices already encrypted with aes-cbc-essiv:sha256 will continue to be
decrypted in software, until a factory data reset. New devices that
implement CONFIG_HW_DISK_ENCRYPTION will switch to aes-xts.
b/17475056 Enable hardware crypto for userdata encryption
Change-Id: I62d1583bdaf7ff06b87e386e758fa3b18c719bca
Signed-off-by: Iliyan Malchev <malchev@google.com>
/system/vold/cryptfs.c
|
| 87701e2755f039d6ea8c1510dcddf468ee947a62 |
|
18-Sep-2014 |
Ajay Dudani <adudani@codeaurora.org> |
Adding support of dm-req-crypt
Currently Android provides disk encryption support using dm-crypt
which is based on bios. dm-crypt uses 512 bytes packet size for
crypto operations. While 512 bytes size packet is ok for SW based
disk encryption, it is inefficient for HW based crypto engines.
dm-req-crypt is similar to dm-crypt except it uses block requests
rathe bios for crypto operations. block requests when unpacked
carries data upto 512KB. Hence, HW based crypto engine can be used
more efficiently.
Also move create disk encryption key before framework start as
HW based disk encryption creates key in secure side. Key creation
can take sometime to create the key securely. If framework is
started before creating the key, it is possible that framework
requests service from secure side. Secure side can serve mostly one
request at a time. Secure side may reject framework request if key
creation request is still going on. This may cause problem in the
system
b/17475056 Enable hardware crypto for userdata encryption
Change-Id: I5480ab72a37c02532218a18faaba598a824589fd
Signed-off-by: Iliyan Malchev <malchev@google.com>
/system/vold/cryptfs.c
|
| b4be7416f89b895f3f5e9a2e13ef2a98fab57b0e |
|
05-Nov-2014 |
Shawn Willden <swillden@google.com> |
Modify vold to check for hardware keymaster.
automerge: 7c49ab0
* commit '7c49ab0a0b3c1ee9b24a4b0b1a2c0a8c86acea41':
Modify vold to check for hardware keymaster.
|
| 7c49ab0a0b3c1ee9b24a4b0b1a2c0a8c86acea41 |
|
30-Oct-2014 |
Shawn Willden <swillden@google.com> |
Modify vold to check for hardware keymaster.
vold should only use hardware keymaster implementations to protect the
disk encryption key, because there's little value in using the software
implementation. More importantly, if we allow vold to use softkeymaster
in the absence of a HW keymaster and (somehow) a HW keymaster is added
to a device, the HW version will be loaded, and will be unable to use
the softkeymaster key found in the crypto footer, forcing a factory
reset.
This CL will not break devices without HW keymaster, because
softkeymaster currently reports its keys as non-standalone (which isn't
correct). After this CL is in, I will fix softkeymaster.
Bug: 17362157
Change-Id: I98b169e7a59ff7d44b72069b87743463ec823ea2
/system/vold/cryptfs.c
|
| 84f2515008539e82a6f6ad3c882d914da140ab13 |
|
30-Oct-2014 |
Rubin Xu <rubinxu@google.com> |
Merge "Make persistent field in cryptofs support longer values." into lmp-mr1-dev
automerge: 13c3a90
* commit '13c3a90b586d272b391bd0e2795717db75a4d853':
Make persistent field in cryptofs support longer values.
|
| 85c01f95c7a3c009e79867fe36181cc0793a0440 |
|
13-Oct-2014 |
Rubin Xu <rubinxu@google.com> |
Make persistent field in cryptofs support longer values.
Store long field values in multiple underlying fixed-length entries
and concatenate them together when reading back.
Bug: 17556485
Change-Id: I2f8033d18c208993fa1b010712be0dad5d8b646b
/system/vold/cryptfs.c
|
| 9b5a381241ff503ba05f5622927633b8527dadf5 |
|
17-Oct-2014 |
JP Abgrall <jpa@google.com> |
cryptfs: [HACK] reboot if the crypto block dev failed to open
automerge: 512f0d5
* commit '512f0d52ac5f85b327872e085d9fe6f02517eadf':
cryptfs: [HACK] reboot if the crypto block dev failed to open
|
| 4c9b4d8c978433b4810c0449d4f376dbf7e74ab9 |
|
16-Oct-2014 |
JP Abgrall <jpa@google.com> |
am 7776871d: cryptfs: extra debugging around crypto blockdev dm-... errors.
* commit '7776871d82050bac3e6bb307a68caef973305516':
cryptfs: extra debugging around crypto blockdev dm-... errors.
|
| 512f0d52ac5f85b327872e085d9fe6f02517eadf |
|
11-Oct-2014 |
JP Abgrall <jpa@google.com> |
cryptfs: [HACK] reboot if the crypto block dev failed to open
There are cases where the /dev/block/dm-0 fails to open.
This leads to the device not completing the boot up sequence.
Currently, the only way out is to reboot.
Bug: 17898962
Change-Id: If4583ebb1ef1ebdbaf680d69b876459aaec2f4ce
(cherry picked from commit 7fc1de8a44307d6c51826ab90f804702e08d1e6d)
/system/vold/cryptfs.c
|
| ca42022cf0c955c63b178330d6b72ce86915fb7c |
|
13-Oct-2014 |
JP Abgrall <jpa@google.com> |
am 7fc1de8a: cryptfs: [HACK] reboot if the crypto block dev failed to open
* commit '7fc1de8a44307d6c51826ab90f804702e08d1e6d':
cryptfs: [HACK] reboot if the crypto block dev failed to open
|
| 03279172e9c27bbad3a9bd1ffa2436a36b5b8ec7 |
|
13-Oct-2014 |
JP Abgrall <jpa@google.com> |
am 3334c6a1: cryptfs: extra debugging around crypto blockdev dm-... errors.
* commit '3334c6a1ae38b2c7886fc9c0a69467e586af8635':
cryptfs: extra debugging around crypto blockdev dm-... errors.
|
| 7fc1de8a44307d6c51826ab90f804702e08d1e6d |
|
11-Oct-2014 |
JP Abgrall <jpa@google.com> |
cryptfs: [HACK] reboot if the crypto block dev failed to open
There are cases where the /dev/block/dm-0 fails to open.
This leads to the device not completing the boot up sequence.
Currently, the only way out is to reboot.
Bug: 17898962
Change-Id: If4583ebb1ef1ebdbaf680d69b876459aaec2f4ce
/system/vold/cryptfs.c
|
| 3334c6a1ae38b2c7886fc9c0a69467e586af8635 |
|
11-Oct-2014 |
JP Abgrall <jpa@google.com> |
cryptfs: extra debugging around crypto blockdev dm-... errors.
Some times the /dev/block/dm-0 fails to open after it has been setup.
Log why.
Bug: 17576594
Bug: 17942270
Change-Id: If0bbfe22d84137f2029bacb10873832038f0d36c
/system/vold/cryptfs.c
|
| 7776871d82050bac3e6bb307a68caef973305516 |
|
11-Oct-2014 |
JP Abgrall <jpa@google.com> |
cryptfs: extra debugging around crypto blockdev dm-... errors.
Some times the /dev/block/dm-0 fails to open after it has been setup.
Log why.
Bug: 17576594
Bug: 17942270
Change-Id: If0bbfe22d84137f2029bacb10873832038f0d36c
/system/vold/cryptfs.c
|
| 2e83bfa43d8b92476027a59ac06faf5fc4a279bd |
|
07-Oct-2014 |
Paul Lawrence <paullawrence@google.com> |
am fc615041: Remove possibility of zero chars from passwords
* commit 'fc61504166d4377a1f83211c236ca11260da1261':
Remove possibility of zero chars from passwords
|
| fd2180a97289732520328c69150419763ced48c1 |
|
07-Oct-2014 |
Paul Lawrence <paullawrence@google.com> |
am fc615041: Remove possibility of zero chars from passwords
* commit 'fc61504166d4377a1f83211c236ca11260da1261':
Remove possibility of zero chars from passwords
|
| fc61504166d4377a1f83211c236ca11260da1261 |
|
05-Oct-2014 |
Paul Lawrence <paullawrence@google.com> |
Remove possibility of zero chars from passwords
scrypt pads the password with zeros. Our patterns use 0 to represent
the top left dot. So patterns that end there are equivalent to ones
that end one short.
After much thought, the best solution is to change the way we
represent patterns in keyguard. This, however, is a big change.
The short term solution is to change the pattern representation in vold
so that we are storing the correct thing. Later we will change keyguard
to handle patterns correctly and remove quite a few hacks from vold
(use of hex, this code). b/17840293 created to track this.
Bug: 17751714
Change-Id: I30cdffb0f0db406d2e2b6c54d4153d120d975318
/system/vold/cryptfs.c
|
| 4465744614cf865d45c161504d907024ced13479 |
|
06-Oct-2014 |
Paul Lawrence <paullawrence@google.com> |
am 7639a6ab: Merge "Reset failed decryption count on successful decryptions" into lmp-dev
* commit '7639a6ab60426bbfa57c750c1ff0b4016cad0294':
Reset failed decryption count on successful decryptions
|
| 6bcac81e6a8db504dc32d89907f847b5a9118817 |
|
06-Oct-2014 |
Paul Lawrence <paullawrence@google.com> |
am 7639a6ab: Merge "Reset failed decryption count on successful decryptions" into lmp-dev
* commit '7639a6ab60426bbfa57c750c1ff0b4016cad0294':
Reset failed decryption count on successful decryptions
|
| 7639a6ab60426bbfa57c750c1ff0b4016cad0294 |
|
06-Oct-2014 |
Paul Lawrence <paullawrence@google.com> |
Merge "Reset failed decryption count on successful decryptions" into lmp-dev
|
| 72b8b82780c062f48350d743c5ee43ced369507d |
|
05-Oct-2014 |
Paul Lawrence <paullawrence@google.com> |
Reset failed decryption count on successful decryptions
Bug: 17866359
Change-Id: I1af2ff1ac4f5243afba0cfa2f2d3a1d0b029091b
/system/vold/cryptfs.c
|
| 72498ed5c2657bb1b3a21435397b4a6bb266e995 |
|
03-Oct-2014 |
Greg Hackmann <ghackmann@google.com> |
am 6e8440fd: cryptfs: kill processes with open files on tmpfs /data
* commit '6e8440fd5072a673dd861ffb531fc17b4673ad90':
cryptfs: kill processes with open files on tmpfs /data
|
| 17fb62cebbe3e680a91d11c6c54216aed4198654 |
|
03-Oct-2014 |
Paul Lawrence <paullawrence@google.com> |
am 9c58a871: Use monotonic clock for cryptfs progress
* commit '9c58a871f9fb356409d3b90734bf706d1463f041':
Use monotonic clock for cryptfs progress
|
| b69a5e44db9b7ecf39b9441115f3470554062157 |
|
03-Oct-2014 |
Greg Hackmann <ghackmann@google.com> |
am 6e8440fd: cryptfs: kill processes with open files on tmpfs /data
* commit '6e8440fd5072a673dd861ffb531fc17b4673ad90':
cryptfs: kill processes with open files on tmpfs /data
|
| 6e8440fd5072a673dd861ffb531fc17b4673ad90 |
|
03-Oct-2014 |
Greg Hackmann <ghackmann@google.com> |
cryptfs: kill processes with open files on tmpfs /data
cryptfs will fail to remount /data at boot if any processes (e.g.
dex2oat) have files open on the tmpfs /data partition. Since these
files are about to be destroyed anyway, just kill the offending
processes: first with SIGHUP and finally with SIGKILL.
Also remove a stray i++ that effectively cut the number of retries in
half.
Bug: 17576594
Change-Id: I76fb90ce2e52846ffb9de706e52b7bde98b4186a
Signed-off-by: Greg Hackmann <ghackmann@google.com>
/system/vold/cryptfs.c
|
| f2eabef83f4a32de1d0670d053a4d6bac787cd4b |
|
30-Sep-2014 |
Paul Lawrence <paullawrence@google.com> |
am 9c58a871: Use monotonic clock for cryptfs progress
* commit '9c58a871f9fb356409d3b90734bf706d1463f041':
Use monotonic clock for cryptfs progress
|
| 9c58a871f9fb356409d3b90734bf706d1463f041 |
|
30-Sep-2014 |
Paul Lawrence <paullawrence@google.com> |
Use monotonic clock for cryptfs progress
Otherwise we get strange results when the time changes. Worst
effect is that the encryption takes a lot longer since we are
calling the logging code far more frequently.
Bug: 17625981
Change-Id: Ice29f28b3720e9e4a1ea28e45eeab574d1959ec1
/system/vold/cryptfs.c
|
| fd8d08c22a33aa65e310274fb4fcc506c92f25f2 |
|
26-Sep-2014 |
Greg Hackmann <ghackmann@google.com> |
am 3574b085: Merge "cryptfs: log umount() failure reason" into lmp-dev
* commit '3574b085f46a5b22ee660a9fd3ef727a20c106ee':
cryptfs: log umount() failure reason
|
| 7103f41a17bcb5d6a3dc3bb4c58091c524e3240b |
|
26-Sep-2014 |
Greg Hackmann <ghackmann@google.com> |
am 46a3a79a: Merge "print information about opened files when failed unmount" into lmp-dev
* commit '46a3a79a8f6b8b8eb66b1194a1a56b0ddcd4943b':
print information about opened files when failed unmount
|
| 714526434cddcbebbd39cb615386b33954f233cf |
|
26-Sep-2014 |
Jeff Sharkey <jsharkey@android.com> |
am dd1a8040: Include reason when wiping data.
* commit 'dd1a8040e8449cc0e8b861a23e0339a43d80593c':
Include reason when wiping data.
|
| e46f7122e002539cdfb1d83baac3652b88528455 |
|
25-Sep-2014 |
Greg Hackmann <ghackmann@google.com> |
am 3574b085: Merge "cryptfs: log umount() failure reason" into lmp-dev
* commit '3574b085f46a5b22ee660a9fd3ef727a20c106ee':
cryptfs: log umount() failure reason
|
| e2a470f3980a824e8f5ba92fd8356336c7161463 |
|
25-Sep-2014 |
Greg Hackmann <ghackmann@google.com> |
am 46a3a79a: Merge "print information about opened files when failed unmount" into lmp-dev
* commit '46a3a79a8f6b8b8eb66b1194a1a56b0ddcd4943b':
print information about opened files when failed unmount
|
| 640aa86222c40553a2540c6cf9e840d13e750e30 |
|
25-Sep-2014 |
Jeff Sharkey <jsharkey@android.com> |
am dd1a8040: Include reason when wiping data.
* commit 'dd1a8040e8449cc0e8b861a23e0339a43d80593c':
Include reason when wiping data.
|
| 3574b085f46a5b22ee660a9fd3ef727a20c106ee |
|
25-Sep-2014 |
Greg Hackmann <ghackmann@google.com> |
Merge "cryptfs: log umount() failure reason" into lmp-dev
|
| 46a3a79a8f6b8b8eb66b1194a1a56b0ddcd4943b |
|
25-Sep-2014 |
Greg Hackmann <ghackmann@google.com> |
Merge "print information about opened files when failed unmount" into lmp-dev
|
| 955653ebff68e29f5aeab3f05fddc199474e4174 |
|
24-Sep-2014 |
Greg Hackmann <ghackmann@google.com> |
cryptfs: log umount() failure reason
Bug: 17576594
Change-Id: I7320aa597210896b4db6e663e1b2cb0c24d96557
Signed-off-by: Greg Hackmann <ghackmann@google.com>
/system/vold/cryptfs.c
|
| 3f14fe45a3e7bc0d12ba26d20a36d355a10f623e |
|
22-Sep-2014 |
jessica_yu <jessica_yu@htc.com> |
print information about opened files when failed unmount
Change-Id: I88ae719cdae490433390d624f75612a9f4f96677
Cryptfs : Enabling support for allow_discards in dmcrypt.
Cryptfs : Password matches
Cryptfs : test_mount_encrypted_fs(): Master key saved
TrustyKeymaster: Creating device
TrustyKeymaster: Device address: 0x7f8f416100
Cryptfs : keymaster version is 3
Cryptfs : Just asked init to shut down class main
ServiceManager: service 'drm.drmManager' died
ServiceManager: service 'media.audio_flinger' died
ServiceManager: service 'media.player' died
ServiceManager: service 'media.camera' died
ServiceManager: service 'android.security.keystore' died
Cryptfs : unmounting /data failed
Bug: 17576594
/system/vold/cryptfs.c
|
| dd1a8040e8449cc0e8b861a23e0339a43d80593c |
|
24-Sep-2014 |
Jeff Sharkey <jsharkey@android.com> |
Include reason when wiping data.
This will help us track down who requested a data wipe.
Bug: 17412160
Change-Id: I5ab39a4de03c973ed151d703d6462a172ee043fd
/system/vold/cryptfs.c
|
| c48387ca4cccad9aaf24c7595afe43fca78ca798 |
|
23-Sep-2014 |
Paul Lawrence <paullawrence@google.com> |
am 3846be17: Reduce cryptfs logspam
* commit '3846be17feba13150a5db22204622db6a762a0d8':
Reduce cryptfs logspam
|
| 7df812dfaa6c82865efb0511f2da1adb601829b2 |
|
23-Sep-2014 |
Paul Lawrence <paullawrence@google.com> |
am 3846be17: Reduce cryptfs logspam
* commit '3846be17feba13150a5db22204622db6a762a0d8':
Reduce cryptfs logspam
|
| 3846be17feba13150a5db22204622db6a762a0d8 |
|
22-Sep-2014 |
Paul Lawrence <paullawrence@google.com> |
Reduce cryptfs logspam
Bug: 17572886
Change-Id: I91302ccc284e0f908299852650db5bf645f2ff71
/system/vold/cryptfs.c
|
| 2f61b41e5de6b5791f118a212938f94d5d4f1897 |
|
20-Sep-2014 |
Alex Klyubin <klyubin@google.com> |
am 6efa9351: Merge "Don\'t use deprecated OpenSSL functions."
* commit '6efa9351a257edc53ce07eb8c544ccf08efb64ae':
Don't use deprecated OpenSSL functions.
|
| b707d72a33c8e442cafb36f724245f1c9898fb36 |
|
20-Sep-2014 |
Alex Klyubin <klyubin@google.com> |
am 6efa9351: Merge "Don\'t use deprecated OpenSSL functions."
* commit '6efa9351a257edc53ce07eb8c544ccf08efb64ae':
Don't use deprecated OpenSSL functions.
|
| 8e3f4510a88871a2d489ca4cdf7b738d4229053d |
|
08-Sep-2014 |
Paul Lawrence <paullawrence@google.com> |
HACK: Retry/reboot when mount reports busy.
This is a hack because we don't know why mount() reports busy.
Requires dependent change in syste/core:
https://googleplex-android-review.git.corp.google.com/#/c/543125/
Bug: 17358530
Change-Id: I8d3078bc68f8c450adce2c3a4101b6a958f1c4a0
/system/vold/cryptfs.c
|
| e17a9c4ad3ebb4051853a4860b18973e1a01ce11 |
|
08-Sep-2014 |
Shawn Willden <swillden@google.com> |
Change cryptfs keymaster padding to ensure the high bit is never 1,
to ensure the padded message is never larger than the RSA public
modulus.
Bug: 17358530
Change-Id: I4dc488399c4ecfa2d24cacb839a9087e65475947
/system/vold/cryptfs.c
|
| b2f682bda8443fb93ab67f19be84fd80d5ed2838 |
|
08-Sep-2014 |
Paul Lawrence <paullawrence@google.com> |
Fix Shamus bricked by encryption upgrade
Bug: 17358530
Change-Id: I95207b62131224a2ed7ae3b75621a09acd69ea79
/system/vold/cryptfs.c
|
| 889c4f1e36f69c1d5a9a92a6ba40d8a729d3f7b0 |
|
03-Sep-2014 |
Adam Langley <agl@google.com> |
Don't use deprecated OpenSSL functions.
This change simply switches from the deprecated
EVP_{En|De}crypt{Init|Final} to the newer, _ex versions of the same.
There is no difference in behaviour, save for calling
EVP_CIPHER_CTX_init, as the deprecated versions are just wrappers around
the _ex functions. See
https://git.openssl.org/gitweb/?p=openssl.git;a=blob;f=crypto/evp/evp_enc.c;h=f705967a40ab92cdf3c2ba8dd6bc19680d6157d6;hb=HEAD#l274
This change is required for the transition to BoringSSL, which removes
the deprecated functions.
Bug: 17409664
Change-Id: I35c6cc2d86d0c876a9edaff1e5571170fe393d87
Signed-off-by: Adam Langley <agl@google.com>
/system/vold/cryptfs.c
|
| 47ba10d6d53e0d2e54453fe62324afdfa8d6c78a |
|
04-Sep-2014 |
Shawn Willden <swillden@google.com> |
Pad object to proper size before signing.
Correct implementations of keymaster should reject using an n-bit
RSA key to sign less than n bits of data, because we specify that
keymaster should not perform padding.
Change-Id: Ibdff1bbfbee84fd5bdbfb3149a124dbbaa7827fc
/system/vold/cryptfs.c
|
| 74f29f1df7d12c0cc06e9d6685adf15e757d8eda |
|
29-Aug-2014 |
Paul Lawrence <paullawrence@google.com> |
Don't test mount when we can use the crypto footer to test the password
Note that this also changes the boot sequence, and moves the test for corrupted
data to cryptfs_restart_internal.
Bug: 17213613
Change-Id: I0f86e8fe3d482e2d1373bd0f4d0d861e63ad8904
/system/vold/cryptfs.c
|
| 00786076cd6a3a32a42f95b4813ea807321b3fda |
|
25-Aug-2014 |
Paul Lawrence <paullawrence@google.com> |
Merge "Don't reboot after default encrypting" into lmp-dev
|
| 715775046c79f04d8975da53efcfbd1b70abe699 |
|
13-Aug-2014 |
Paul Lawrence <paullawrence@google.com> |
Show correct remaining time
In field reports, sometimes the remaining time gets stuck for many
minutes. This has to be caused by a spurious low reading early on which
cannot be overridded because of old logic.
Solution: allow time to increase but only by large amounts (avoid time
jittering up and down).
Bug: 16973374
Change-Id: I49d23ae8c54ded416cbedf383a3c03b33dc02e1c
/system/vold/cryptfs.c
|
| b6672e135ac7a5a1d5b1d277cf678096c57dd7dd |
|
15-Aug-2014 |
Paul Lawrence <paullawrence@google.com> |
Don't reboot after default encrypting
Instead trigger normal default encryption mount
Requires matching change to system/core: https://googleplex-android-review.git.corp.google.com/#/c/527286/
Bug: 17041092
Change-Id: Ifcf023386e08325db7dce61395fbb056f7d9815b
/system/vold/cryptfs.c
|
| e82df164e8128ec9df0072c4a4f3d92e79a0f5f4 |
|
16-Aug-2014 |
Daniel Rosenberg <drosen@google.com> |
Revert "Revert "cryptfs: Added support for f2fs fast encryption""
This reverts commit a70abc60091aed3c3eaf8bc8e1766e233c1c3a2f.
Change-Id: Ic41d1924638586cf9b2297f91ed5417f3b0303c6
/system/vold/cryptfs.c
|
| a70abc60091aed3c3eaf8bc8e1766e233c1c3a2f |
|
15-Aug-2014 |
Jim Miller <jaggies@google.com> |
Revert "cryptfs: Added support for f2fs fast encryption"
This reverts commit 74c01201dec12b5de43ba0f20a2f38e835cd00af.
Change-Id: Ib397a2b5812179ee2e2b68de5d718077563adc1c
/system/vold/cryptfs.c
|
| 74c01201dec12b5de43ba0f20a2f38e835cd00af |
|
13-Aug-2014 |
Daniel Rosenberg <drosen@google.com> |
cryptfs: Added support for f2fs fast encryption
Bug: 15749466
Change-Id: I25452a05e1cbe90ac6603a89db9b720c7ab17e55
Signed-off-by: Daniel Rosenberg <drosen@google.com>
/system/vold/cryptfs.c
|
| d0c7b17070d4321fef096873b4890794024a5f63 |
|
08-Aug-2014 |
Paul Lawrence <paullawrence@google.com> |
Wipe userdata when password is good but it won't mount
Store salted scrypt of intermediate key in crypto header
When mount fails, check if matches, and if it does return error
code prompting a wipe
Bug: 11477689
Change-Id: I3dcf9e0c64f2a01c8ba8eaf58df82cbe717d421b
/system/vold/cryptfs.c
|
| 6bfed20c77184d00d948130d88d86db7ddd8a3f1 |
|
28-Jul-2014 |
Paul Lawrence <paullawrence@google.com> |
When encryption fails, reboot into recovery
Set flag on starting encryption to say it failed, and only clear
when we get into a recoverable state (partially or fully encrypted.)
Go to recovery on seeing this flag on boot
Bug: 16552363
Change-Id: I7e452b653edf3a087ecfaba8f81f41765a1c8daf
/system/vold/cryptfs.c
|
| 231bdba012fd7e6d545d8ba67b32e49a66ec52e0 |
|
26-Jun-2014 |
Elliott Hughes <enh@google.com> |
Fix an accidental PRId64 to PRIx64.
Change-Id: Ic5313289d826bac74c3466b33f1f167a8f0955ad
/system/vold/cryptfs.c
|
| cb33f5741cd37c93f7f1888a3dcbabdfab1524a9 |
|
26-Jun-2014 |
Elliott Hughes <enh@google.com> |
resolved conflicts for merge of afa60cee to master
Change-Id: I1568def8839bed4d4d2dadbd97194d5603edc627
|
| 7373716c6d65ca328de11c994c60f698a9ef6290 |
|
26-Jun-2014 |
Elliott Hughes <enh@google.com> |
Fix vold %lld to PRId64.
Change-Id: I6eb9f21fff124b8b22f4fae2ac74c2b41d93b384
/system/vold/cryptfs.c
|
| 62c7af38f2f30b3f152460a8f716fe43e4acad7b |
|
16-Jun-2014 |
JP Abgrall <jpa@google.com> |
cryptfs: makefs F2FS if the partition type is F2FS.
When a crypto is enabled with a wipe flag (obsolete?),
it will correctly handle the fstab's choice for the fs type.
Remove the dead code for FAT_FS which was un-invocable.
Change-Id: I8d141a0d4d14df9fe84d3b131484e9696fcd8870
Signed-off-by: JP Abgrall <jpa@google.com>
/system/vold/cryptfs.c
|
| 73d7a02dc6e18b4c0a6f29e8f89b432c1b6cc808 |
|
09-Jun-2014 |
Paul Lawrence <paullawrence@google.com> |
On low power turn off rather than rebooting to allow device to charge
The code was using encrypted_upto == 0 as an indicator that encryption
has succeeded. This meant that if no encryption happened, we would reboot
continually.
We now set encrypted_upto to fs_size when encryption is complete.
Also don't start to encrypt unless we are at 10% power. Stop when we
get to 5% power. This should lead to partial encryptions only very
rarely.
Bug: 15513202
Change-Id: I6214d78579d1fbbe2f63ee8862473d86a89d29b3
/system/vold/cryptfs.c
|
| a96d9c9b3861506003930d4dbdc669173bf9a50e |
|
04-Jun-2014 |
Paul Lawrence <paullawrence@google.com> |
Calculate time to go while encrypting
@bug 15159008
Change-Id: I6a96eeab180dceb0613202ba5d252036a0d5376f
/system/vold/cryptfs.c
|
| 58c58cf7ef922ef019ce78ce1c418a7643c39518 |
|
04-Jun-2014 |
Paul Lawrence <paullawrence@google.com> |
Show correct percentage when encrypting used blocks only
Bug: 12975202
Change-Id: I7e4adfa2c4951055bbb2c11986a7784f465f586f
/system/vold/cryptfs.c
|
| 8c008397141bf9a7d619eb2c53452bf3e397da39 |
|
06-May-2014 |
Paul Lawrence <paullawrence@google.com> |
Fix encryption on Nakasi
We need to make sure we don't try to read the flags on keymaster
version 2 or below, or we get random junk.
Requires
https://googleplex-android-review.git.corp.google.com/#/c/460689/
Bug: 14384714
Change-Id: I5a4ede1bec0347b8319cedaae6535201c122cf48
/system/vold/cryptfs.c
|
| 69f4ebd81e22f91a4571763842b5960d95d2758d |
|
14-Apr-2014 |
Paul Lawrence <paullawrence@google.com> |
Add keymaster support to cryptfs
Use keymaster to wrap the cryptfs keys.
Requires selinux change
https://googleplex-android-review.git.corp.google.com/#/c/449411
Bug: 9467042
Change-Id: If25a01cb85ed193a271d61382de0560d85553b7e
/system/vold/cryptfs.c
|
| 45f10533f8cb2e2ec8dc9803739870cbfafffebd |
|
04-Apr-2014 |
Paul Lawrence <paullawrence@google.com> |
Revert "Revert "Encrypt phone even if pattern or no keyguard""
Don't block based on keyguard type, and pass type to encryption function.
Requires:
https://googleplex-android-review.git.corp.google.com/#/c/444201/
or encryption will no longer work.
This reverts commit efec3f2927c45979db2b78e7a6228d08aafb5e42.
Change-Id: I431589a56eb11118027e0a5a84f55e973b1084aa
/system/vold/cryptfs.c
|
| efec3f2927c45979db2b78e7a6228d08aafb5e42 |
|
03-Apr-2014 |
Paul Lawrence <paullawrence@google.com> |
Revert "Encrypt phone even if pattern or no keyguard"
This reverts commit 5cc86c57416eccb70dcc949d68587f08726f96fa.
Without two more commits, this will break encryption. I'll re-commit when the other two pass code review.
Change-Id: I71720d065c16cf0f7f534e74ffe883f1e113c477
/system/vold/cryptfs.c
|
| 5cc86c57416eccb70dcc949d68587f08726f96fa |
|
02-Apr-2014 |
Paul Lawrence <paullawrence@google.com> |
Encrypt phone even if pattern or no keyguard
Add option to enablecrypto to take type, allowing us to set type
when encrypting.
Bug: 13749169
Change-Id: If22fcfa93f1ebd1a5bd3b0077bb3bd8ae71fe819
/system/vold/cryptfs.c
|
| 07987073341e7f49d49b287e265f7dee4ae3081c |
|
24-Mar-2014 |
Paul Lawrence <paullawrence@google.com> |
Merge "Fix setfield/getfield"
|
| cc215381dd5003b1d6c6b32c1745f8c06fb8a499 |
|
21-Mar-2014 |
Paul Lawrence <paullawrence@google.com> |
Merge "Store password in vold"
|
| 87999173dd79dbcbd8cb97f5476007e867aaeeba |
|
20-Feb-2014 |
Paul Lawrence <paullawrence@google.com> |
Don't corrupt ssd when encrypting and power fails
Stop encryption when battery is low, mark position, and continue on reboot.
Note - support for multiple encrypted volumes removed as no devices seem
to exist with an fstab that uses this feature. If you want support for such
a device, contact me and we will re-add it with appropriate testing.
Bug: 13284213
Change-Id: I1f7178e4f7dd8ea816cbc03ab5c4f6543e98acaa
/system/vold/cryptfs.c
|
| 399317ede45340eebc035ba204b6201b6d62dd66 |
|
10-Mar-2014 |
Paul Lawrence <paullawrence@google.com> |
Store password in vold
If we are not to double prompt, we need to pass the password from
CryptKeeper to KeyStore. Since the entire framework is taken down
and restarted, we must store the password in a secure system daemon.
There seems no better way than holding it in vold.
Change-Id: Ia60f2f051fc3f87c4b6468465f17b655f43f97de
/system/vold/cryptfs.c
|
| 8561b5c9f5d2f9c5e3f8e2963bdffe9ff3706b04 |
|
17-Mar-2014 |
Paul Lawrence <paullawrence@google.com> |
Fix setfield/getfield
Check for versions >= feature version, not equal
Bug: 13526708
Change-Id: Ie07f6334e6b7c5ca0d7f83ba00827a508e2c2963
/system/vold/cryptfs.c
|
| 684dbdf316a02cf6a7694018f7c3a4bcd65142cc |
|
07-Feb-2014 |
Paul Lawrence <paullawrence@google.com> |
Infrastructure to securely allow only one prompt at boot when encrypted
Add a call to vold that says if we decrypted the data partition. Reset the
flag so that it only returns true the first time.
Bug: 12990752
Change-Id: Ib00be87137c00fb8ad29205c85a3ea187764b702
/system/vold/cryptfs.c
|
| 13486033575e6e4affccbb3dd201515d79f6f44b |
|
03-Feb-2014 |
Paul Lawrence <paullawrence@google.com> |
Enable auto-encrypt drive at startup
Modify enablecrypto command to make the password optional. When it is
not there, default encrypt the device.
Remove a warning by making at least some parts of this file const-correct.
Bug: 11985952
Change-Id: Ie27da4c4072386d9d6519d97ff46c6dc4ed188dc
/system/vold/cryptfs.c
|
| 931f15d050d268619c3c9103b080009435267d69 |
|
14-Feb-2014 |
Paul Lawrence <paullawrence@google.com> |
Merge "Support default, pattern, pin and password encryption types"
|
| 2c1bbe0c4445ac7327956599cd3eabe8eb692f9f |
|
13-Feb-2014 |
Mark Salyzyn <salyzyn@google.com> |
am 49dd24c2: am 1dc1fb4a: Merge "vold: suppress unused argument warning messages"
* commit '49dd24c238e86c57e97f919af7fbf8ee3d79b737':
vold: suppress unused argument warning messages
|
| f4faa575c9fc20a8a8e133d6098865b5ce3a7ed2 |
|
29-Jan-2014 |
Paul Lawrence <paullawrence@google.com> |
Support default, pattern, pin and password encryption types
Store encryption type in crypto footer, and provide functions to
manipulate it. Add mount_default_encrypted command to vdc to allow
mounting of default encrypted volumes at boot time.
Bug: 8769627
Change-Id: Ie41848f258e128b48b579e09789abfa24c95e2b2
/system/vold/cryptfs.c
|
| 5eecc449cc75771cc0c6eb0ad936117d16704b83 |
|
12-Feb-2014 |
Mark Salyzyn <salyzyn@google.com> |
vold: suppress unused argument warning messages
(cherry picked from commit 3e971277db0d87652af5622c989233e7159ab909)
Change-Id: Ic1ab533f756fbd44b1f2e5ae12e2f5736ace7740
/system/vold/cryptfs.c
|
| 3e971277db0d87652af5622c989233e7159ab909 |
|
21-Jan-2014 |
Mark Salyzyn <salyzyn@google.com> |
vold: suppress unused argument warning messages
Change-Id: Ic1ab533f756fbd44b1f2e5ae12e2f5736ace7740
/system/vold/cryptfs.c
|
| 88948cd60cb3ca05704621cdc89de70e0c20ef83 |
|
10-Feb-2014 |
Colin Cross <ccross@android.com> |
am e985c9ab: am 1d8e3ce8: Merge "vold: fix errors inside ALOGV"
* commit 'e985c9ab10fed452b97138170b4d69288d076b06':
vold: fix errors inside ALOGV
|
| 59846b654e8b4a22a1be11cd21d6c5b81375abd2 |
|
07-Feb-2014 |
Colin Cross <ccross@android.com> |
vold: fix errors inside ALOGV
Fix errors exposed by adding compile-time checking to disabled ALOGVs.
Change-Id: I29bd6e9a7648ccca02e0e9a96b79ee0ea7b5cfc6
/system/vold/cryptfs.c
|
| ae59fe6c1988af93c171e1b921a465c4fb1daabb |
|
21-Jan-2014 |
Paul Lawrence <paullawrence@google.com> |
Fast ext4 encryption
For ext4 filesystems, only encrypt blocks in use.
Needs matching ext4 utils changes from
https://googleplex-android-review.git.corp.google.com/#/c/409575
Bug: 11985952
Change-Id: I89df051c25105daf3f469cc980195202f8be6786
/system/vold/cryptfs.c
|
| 6fd5771337fddc13bfd8b8030a0767a9f0c47f98 |
|
17-Dec-2013 |
Doug Zongker <dougz@android.com> |
allow encrypted filesystems to be mounted readonly
By setting ro.crypto.readonly to 1, cryptfs will mount an encrypted
filesystem that is normally mounted read-write as read-only instead.
To be used when recovery mounts /data.
Bug: 12188746
Change-Id: If3f3f9a3024f29ebc4ad721a48546a332cb92b6b
/system/vold/cryptfs.c
|
| dbf5b6652c04fbb59999d3a77c2229b070c154f3 |
|
15-Nov-2013 |
JP Abgrall <jpa@google.com> |
am 46f8c2b9: am 7bdfa52d: vold: cryptfs: Don\'t update KDF without validating pwd/key.
* commit '46f8c2b954e11c2266871b8110b74bd6a11f3661':
vold: cryptfs: Don't update KDF without validating pwd/key.
|
| 7bdfa52d934465e2182e2f1c200c4d8581ad5da6 |
|
15-Nov-2013 |
JP Abgrall <jpa@google.com> |
vold: cryptfs: Don't update KDF without validating pwd/key.
Prior to this, the Key derivation function would get
blindly updated even if the user entered the wrong password.
Now, we only attempt to upgrade the KDF if the pwd/key have
been verified (i.e. after a successful mount).
Bug: 11460197
Change-Id: I0469228cc9b87c47754e8ca3c7146651da177da5
/system/vold/cryptfs.c
|
| 502dc74153397e56d5410f8a8250b5581643b9ef |
|
01-Nov-2013 |
JP Abgrall <jpa@google.com> |
vold: cryptfs: Retry encryption after killing processes using /data
Currently, if a non-framework process or service is using /data,
unmounting will fail as nothing will kill it.
Instead of rebooting on unmount failure, we now kill all processes
using /data, then try one more time.
Bug: 11291208
Change-Id: I6c5276c78aa55965914ace96e1db74dc80fca3c1
/system/vold/cryptfs.c
|
| e550f78a3ff5985ba21cac263629c957500ef4e4 |
|
20-Aug-2013 |
Ken Sumrall <ksumrall@android.com> |
Use android_fork_execvp() instead of system(3) to format filesystems
With the recent selinux changes imposed on vold, it no longer has
permission to run a shell, so invoking the filesystem formatting
commands with system(3) gives an error. So change to using
android_fork_execvp().
Bug: 10279958
Change-Id: Ifa18b28867618858ec7c5cfcc67935e377de38fb
/system/vold/cryptfs.c
|
| 2947e34e416d4075b8717ebcab6134b2d64a7142 |
|
15-Aug-2013 |
Kenny Root <kroot@google.com> |
Initialize iterator
Iterator wasn't initialized in scrypt parameter scanning.
Bug: 10330227
Change-Id: If41fc25d9f827106fa8329bdb5966b7d786fddcb
/system/vold/cryptfs.c
|
| 558830c38a2c0224781a6ed6ab9659fdc450c958 |
|
28-Jun-2013 |
Ken Sumrall <ksumrall@android.com> |
Merge "vold: Use the new method of rebooting by asking init to do it"
|
| adfba3626e76c1931649634275d241b226cd1b9a |
|
05-Jun-2013 |
Ken Sumrall <ksumrall@android.com> |
vold: Use the new method of rebooting by asking init to do it
Change-Id: I7fd5f1048c3cf43fa14597f079c929690cac367c
/system/vold/cryptfs.c
|
| c4c70f15bb8845b02f9ec1d624794757badd6933 |
|
14-Jun-2013 |
Kenny Root <kroot@google.com> |
Change key derivation to scrypt
scrypt is a sequential memory-hard key derivation algorithm that makes
it more difficult for adversaries to brute force passwords using
specialized equipment. See http://www.tarsnap.com/scrypt/scrypt.pdf for
more details of the algorithm.
This adds support for initializing disk encryption using scrypt and
upgrading from the previous PBKDF2 algorithm.
Change-Id: I1d26db4eb9d27fea7310be3e49c8e6219e6d2c3b
/system/vold/cryptfs.c
|
| c96a5f8edf65a8abe441d0cfd3ce227bdf1bf55f |
|
14-Jun-2013 |
Kenny Root <kroot@google.com> |
Extract some version constants to header
In order to make it easier to upgrade the crypto footer, extract some
constants to a header file instead. Then the header can control what the
current version is and the upgrade_crypto_ftr code should be the only
thing that needs to be updated.
Change-Id: I3ed5a7d3b640419cd8af91388d94a00de8cc09db
/system/vold/cryptfs.c
|
| 7434b3111b80d2b84ddf656b66b7bf6591de5ab6 |
|
14-Jun-2013 |
Kenny Root <kroot@google.com> |
Change upgrade code to allow multiple versions
In the future, we'd like to have the ability to upgrade from any
supported version to any future version. Change the upgrade function
slightly to support this.
Change-Id: I3b20ccfff51c4c86f1e5e08690c263dc95ff5ce4
/system/vold/cryptfs.c
|
| 9caab76c6b5aefdeeb1715a3695491ca793b8c18 |
|
12-Jun-2013 |
Ken Sumrall <ksumrall@android.com> |
vold: Add an optional wipe paramter to the volume format command
The new wipe option to the vold format command will invoke BLKDISCARD
on the partition before invoking newfs_msdos. This will be used whenever
a full wipe of the device is wanted, as this is more secure than just
doing newfs_msdos.
Bug: 9392982
Change-Id: Ie106f1b9cc70abc61206006d1821641c27c7ccae
/system/vold/cryptfs.c
|
| e88e1eb745814740f6178047cb3578320058e0d0 |
|
15-May-2013 |
Ken Sumrall <ksumrall@android.com> |
am c587269c: vold: Increase timeout due to selinux changes
* commit 'c587269c5a34d4e7412ff42e53ed6312359a8505':
vold: Increase timeout due to selinux changes
|
| c587269c5a34d4e7412ff42e53ed6312359a8505 |
|
15-May-2013 |
Ken Sumrall <ksumrall@android.com> |
vold: Increase timeout due to selinux changes
The new selinux_reload_policy command can take a while to complete on
some systems. The reason is being investigated, and hopefully a fix can
be found to improve performance, but for now, increase the timeout that
vold waits for the post_fs_data section to complete when decrypting a
device on boot.
Also, emit a decent error message if the device times out.
Bug: 8967715
Change-Id: Ifb01c983dffe095a9de752c17c467a1751e9ce99
/system/vold/cryptfs.c
|
| 707795ad392758b5f02f4655185afaa169c91dfe |
|
11-May-2013 |
Alex Klyubin <klyubin@google.com> |
Fix a typo in a comment
Change-Id: Ibb9667d762189849ebcbefef4ba70ffd34cf885e
/system/vold/cryptfs.c
|
| 160b4d68ece15947057e31edde4e5608a010c695 |
|
22-Apr-2013 |
Ken Sumrall <ksumrall@android.com> |
vold: Add support for unencrypted persistent info
In order to display the correct language, timezone, airplane
mode and other settings on the decrypt screen, a copy of those
settings needs to be stored unencrypted so the framework can
query them. This adds support to vold to store up to 32
property like key/value pairs that are not encrypted.
Change-Id: Id5c936d2c57d46ed5cff9325d92ba1e8d2ec8972
/system/vold/cryptfs.c
|
| 56ad03cae13524b32898dc4ccf01040ced5a53b4 |
|
13-Feb-2013 |
Ken Sumrall <ksumrall@android.com> |
vold: use unified fstab format
Change vold to use the unified fstab. This includes both
support for sdcards, and changes to the crypto code to work
with some changes to the fs_mgr library api.
Change-Id: Id5a8aa5b699afe151db6e31aa0d76105f9c95a80
/system/vold/cryptfs.c
|
| db5e026058927347ccff8f170c8f160b28cbc75b |
|
06-Feb-2013 |
Ken Sumrall <ksumrall@android.com> |
Enable allow_discards if dm-crypt supports it
dm-crypt version 1.11.0 and later supports the allow_discards option
when setting up a crypto device. This passes discard requests from
the filesytem to the underlying block device. This helps make flash
based storage faster. So query the dm-crypt version, and pass the
option if the version is 1.11.0 or greater.
Change-Id: If30e9db5a2dbd6ea0281d91344e5b2c35e75131e
/system/vold/cryptfs.c
|
| 92736efab068bdbfeb1177544907b84511fb04e0 |
|
18-Oct-2012 |
Ken Sumrall <ksumrall@android.com> |
Another fix for encryption
The previous problem of the framework not properly restarting after accepting
the password to decrypt the storage is also a problem when restarting the
framework to display the encryption progress screen. So like the previous
hacky fix, add a sleep to wait a few moments before proceeding. Also,
increase the sleep of the previous fix from 1 second to 2, as the problem
was seen once more in testing. A proper fix has been designed and hopefully
will work and be checked-in RSN.
Change-Id: Icc2c072ce7f7ebcdea22cd7ff8cb2b87a627c578
/system/vold/cryptfs.c
|
| 9dedfd473dc59e0277004e5b917e4eced02c8af5 |
|
09-Oct-2012 |
Ken Sumrall <ksumrall@android.com> |
Fix encryption on certain devices
There is a race in the encryption code that after it accepts the
decryption password, it tells init to kill all the processes in
class "main", then it mounts the decrypted filesystem, preps it,
and restarts the framework. For an unknown reason on some devices,
the new framework sometimes starts up before init has killed and
reaped all the old processes. The proper fix is to make the killing
of the old framework synchronous, so vold waits till all the
processes have died. But with factory rom a few days away, the
much more pragmatic solution of adding a sleep of 1 second after
telling init to kill the old framework will suffice.
Bug: 7271212
Change-Id: Ie971cd04abbc6f3f6500b4acd79d3b3b26d9561c
/system/vold/cryptfs.c
|
| b77bc4696b19d9b1ef82810f8d5f671c963d1dc1 |
|
01-Oct-2012 |
Jeff Sharkey <jsharkey@android.com> |
Update environment variable for multi-user.
Bug: 7260040
Change-Id: I96d821e11a3f0be32bfe92a4151f00f2b15d100e
/system/vold/cryptfs.c
|
| e919efea94b178ed214ed2e78ef0d008727d62ab |
|
30-Sep-2012 |
Ken Sumrall <ksumrall@android.com> |
Workaround a kernel race when loading dmcrypt table
The kernel seems to return from umount(2) sometimes before it has
released the underlying block device. So until the kernel is fixed,
try up to 10 times to load the crypto mapping table, waiting 500 ms
between tries.
bug: 7220345
Change-Id: Iad3bbef37cbe2e01613bb8a8c4886babdecb8328
/system/vold/cryptfs.c
|
| 7382f81fba895f1ac970ac2fad875f35836b8082 |
|
23-Aug-2012 |
Jeff Sharkey <jsharkey@android.com> |
Unmount external storage on multi-user devices.
Bug: 7044670
Change-Id: If1f99968b0392cae9420d067c75bfc18d1067b2c
/system/vold/cryptfs.c
|
| 912d0b07555eb691f0320530c4e0f6ab85521e95 |
|
29-Jun-2012 |
Ken Sumrall <ksumrall@android.com> |
Merge "Fix a typo in cryptfs.c"
|
| 319369ac111aec79b42668477c998c36b5f3be06 |
|
28-Jun-2012 |
Ken Sumrall <ksumrall@android.com> |
Fix a typo in cryptfs.c
Change-Id: If629fa996b135e432bc89da7518b0c1f02750b45
/system/vold/cryptfs.c
|
| 4684e58a8d1d502012c48295233e6663043cfb0b |
|
27-Jun-2012 |
Nick Kralevich <nnk@google.com> |
Add mode when open(O_CREAT) is used.
When creating a new file using open(..., O_CREAT), it is an error
to fail to specify a creation mode. If a mode is not specified, a
random stack provided value is used as the "mode".
This will become a compile error in a future Android change.
Change-Id: I761708c001247d7a2faac2e286288b45bfecc6f7
/system/vold/cryptfs.c
|
| 425524dba1552ab3d2ad39e205e65d0a2af997f2 |
|
15-Jun-2012 |
Ken Sumrall <ksumrall@android.com> |
Unmount all asec apps before encrypting
Now that forward locked apps are stored on /data as asec image files
that are mounted, they need to be unmounted before /data can be unmounted
so it can be encrypted.
Change-Id: I7c87deb52aaed21c8ad8ce8aceb7c15c2338620a
/system/vold/cryptfs.c
|
| e5032c42da3c33a854df0a24a7968b4ab54190b9 |
|
02-Apr-2012 |
Ken Sumrall <ksumrall@android.com> |
Changes to encryption to work with the new filesystem manager
The new filesystem manager is in charge of mounting the block devices now,
removing much of the knowledge from init.<device>.rc. This also let us
clean up some init code dealing with encryption, so this change updates
vold to work with that. More cleanup is possible, but the main goal of the
filesystem manager was to enable e2fsck, not a full cleanup of encryption.
Change-Id: I00ea80a923d14770ed8fdd190e8840be195f8514
/system/vold/cryptfs.c
|
| f0679f0da4970f04e1cb03f4cb0fcde29e3e7098 |
|
02-Apr-2012 |
Ken Sumrall <ksumrall@android.com> |
Changes to encryption to work with the new filesystem manager
The new filesystem manager is in charge of mounting the block devices now,
removing much of the knowledge from init.<device>.rc. This also let us
clean up some init code dealing with encryption, so this change updates
vold to work with that. More cleanup is possible, but the main goal of the
filesystem manager was to enable e2fsck, not a full cleanup of encryption.
Change-Id: I00ea80a923d14770ed8fdd190e8840be195f8514
/system/vold/cryptfs.c
|
| d02a47239c6a92a16530fd7101c53fd39eeae05c |
|
10-Mar-2012 |
Ken Sumrall <ksumrall@android.com> |
Merge "Fix to not return a bogus decryption error when a device is not encrypted."
|
| ee6d8c42f337ea1446a319df53f6d1a96afbd209 |
|
15-Feb-2012 |
Mike Lockwood <lockwood@google.com> |
Add support for wiping data immediately if crypt fails
Needed for headless devices that need to recover with no user intervention
Bug: 5556856
Change-Id: I0f85591df513a6893324fb057bde114ac1df044b
Signed-off-by: Mike Lockwood <lockwood@google.com>
/system/vold/cryptfs.c
|
| e1a458578474954ea38456aacedbaf2ddfd37988 |
|
15-Dec-2011 |
Ken Sumrall <ksumrall@android.com> |
Fix to not return a bogus decryption error when a device is not encrypted.
If there is filesystem damage on a non-encrypted device, and /data is not
mountable, and if the device stores the keys in a file on a different
partition (like on Crespo) then, vold would return an error which caused
the crypto UI to present an option to the user to wipe the device because
it assumed encryption had failed. This fixes it to not do that.
Change-Id: Ibff6299787b45768416dbc4052de7db3b140b808
/system/vold/cryptfs.c
|
| 3ad9072a5d6f6bda32123b367545649364e3c11d |
|
05-Oct-2011 |
Ken Sumrall <ksumrall@android.com> |
Add the new verifypw command to vold/cryptfs
This vold command returns 0 if the given password matches the password
used to decrypt the device on boot. It returns 1 if they don't match,
and it returns -1 on an internal error, and -2 if the device is not encrypted.
Also check the uid of the sender of the command and only allow the root and
system users to issue cryptfs commands.
Change-Id: I5e5ae3b72a2d7814ae68c2d49aa9deb90fb1dac5
/system/vold/cryptfs.c
|
| 3be890f59c04f94537f2f66f1d2841ed591f1a6e |
|
15-Sep-2011 |
Ken Sumrall <ksumrall@android.com> |
Fix cryptfs to work with a raw block device for key storage
If a raw block is specified for key storage, do not try to force the size
of the file to 16 Kbytes when writing the keys, and do not complain if
the size is not 16 Kbytes when reading the keys. Only do them if the
keyfile is a regular file.
Change-Id: I4de1cb7c3614479d93289d4f2767ca6ce1bbbc73
/system/vold/cryptfs.c
|
| 0b8b59719357fb80c330442787f7d5b1e332263b |
|
01-Sep-2011 |
Ken Sumrall <ksumrall@android.com> |
Add the ability to revert a crypto mapping when unmounting a volume
Add the force_and_revert option to the unmount command which will force
the unmount, and revert a crypto mapping. This is used during factory
reset so that when the internal sdcard volume is formatted, it formats
the raw device, not the encrypted mapping.
Change-Id: I36b6ff9bb54863b121de635472a303bf4a2334a9
/system/vold/cryptfs.c
|
| 3b17005083be230509480ea65ae67c237142fada |
|
12-Jul-2011 |
Ken Sumrall <ksumrall@android.com> |
Prevent sharing or formatting of a vold managed volumes during encryption.
Mounting was already not allowed, but also unshare before starting
encryption, and don't allow sharing or formatting to be initiated
during encrytion.
Change-Id: Ida188d81f025739ba4dd90492b3e66088735991e
/system/vold/cryptfs.c
|
| 128626fc5aa3bf12d1ae5981c7f84f63625e8972 |
|
29-Jun-2011 |
Ken Sumrall <ksumrall@android.com> |
Fix to display the proper percentage complete during encryption.
Forgot to include the size of the userdata partition when computing
the total size of vold managed volumes to encrypt.
Change-Id: I237548439d4380b4225ffbc603fa972c3b1c5bae
/system/vold/cryptfs.c
|
| 319b1043bbbd410aa2d572d88b5936f26072d026 |
|
14-Jun-2011 |
Ken Sumrall <ksumrall@android.com> |
Don't abort the encryption process if an internal volume is present but unmounted.
It is not a failure if the SD card is not mounted.
Change-Id: If954f77c55ac124b9b7b39c89ffbafb4e5ea9e98
/system/vold/cryptfs.c
|
| 29d8da8cefa99e436c13295d4c9bad060ca18a6d |
|
19-May-2011 |
Ken Sumrall <ksumrall@android.com> |
vold: allow to store key in a file on another partition
Add support for keeping the keys in a separate file on another partition,
for devices with no space reserved for a footer after the userdata filesystem.
Add support for encrypting the volumes managed by vold, if they meet certain
criteria, namely being marked as nonremovable and encryptable in vold.fstab.
A bit of trickiness is required to keep vold happy.
Change-Id: Idf0611f74b56c1026c45742ca82e0c26e58828fe
/system/vold/cryptfs.c
|
| ad2ac33460d6ee1436b68bab1f820e3b6d3efeb4 |
|
09-Mar-2011 |
Ken Sumrall <ksumrall@android.com> |
Load persistent properties after mounting an encrypted /data partition.
Fix for bug 3415286. Trigger an action in init.rc to load the persistent
properties after /data has been decrypted and mounted.
Change-Id: I5fe3b481bcc6963113e830728c204b22ffc3b722
/system/vold/cryptfs.c
|
| c290eaf6852c6318584926c5e39b27672638891f |
|
08-Mar-2011 |
Ken Sumrall <ksumrall@android.com> |
Teach vold to use the new android_reboot() function.
The new android_reboot() function is a nicer way to reboot.
It can optionally sync(2) and remount as read-only writable
filesystems. This fixes bug 3350709.
Change-Id: I4618bd5e8cccdce08494a7ca3f40ef72b2875e68
/system/vold/cryptfs.c
|
| cd235da6fb36a5c7c90faf91e7d65a587f146f92 |
|
15-Feb-2011 |
Ken Sumrall <ksumrall@android.com> |
Enable detection of failed encryption process, for bug 3384231.
Need to detect if the encryption process didn't finish successfully, and if
so, provide a way for the UI to detect that and give the user an option to
wipe the system clean. Otherwise, the user is stuck in a reboot loop, and
they will need to do magic button presses to enter recovery and wipe the
device to get out of it.
Change-Id: I58253e1e523ee42bdd1a59aa7d8a9d20071bd18b
/system/vold/cryptfs.c
|
| 7f7dbaa2784c10fd2989fb303e5edfb8136d53dc |
|
02-Feb-2011 |
Ken Sumrall <ksumrall@android.com> |
Improve detection of incomplete encryption
Bug 3384231 is punted to MR1, but the code to set the flag is already
in the tree, so this CL does 3 things:
1. Comments out the lines that set the flag
2. Removes the change to the checkpw that was added in the last change.
3. Implements a new command to check the flag (which no one is calling
yet and the flag won't be set anyhow).
When MR1 comes, it will be a simple matter to enable the flag setting
code and start testing it.
The fear is a false positive detection of incomplete encryption could
cause people to be prompted to wipe their data when MR1 comes out and
the flag is checked. Not setting this for first release, and testing
this more before MR1, will give us confidence that the code will not
detect false positives of encryption failure.
Change-Id: I6dfba11646e291fe5867e8375b71a53c815f3968
/system/vold/cryptfs.c
|
| d33d417e3a057fffad22c23f5f002177531db2a5 |
|
01-Feb-2011 |
Ken Sumrall <ksumrall@android.com> |
Detect when encryption failed to complete
For the case there encryption failes to complete because of a kernel
crash or the user power cycling the device, define a flag in the
crypto footer that says encryption is in progress. Set it when starting
the actual encryption, and clear it when it successfully completes.
When the user is asked for the disk password, if the flag is set,
return a special error to the caller so the UI can know to tell the
user there is no valid data on the disk, and present a button to
wipe and reset the device.
Change-Id: I3723ec77f33437d94b3ac9ad5db0a5c950d11648
/system/vold/cryptfs.c
|
| 5d4c68e40700424b65a4331be75620706a0dd49c |
|
31-Jan-2011 |
Ken Sumrall <ksumrall@android.com> |
Have vold grab a partial wakelock when encrypting
The Progress bar UI grabs a full wakelock when encrypting, but we've seen
a case where it looks like the progress bar UI crashes, and the wakelock is
lost, and then all hell breaks loose. The enablecrypto command has a lot of
work to do, and it will take some time, so it should grab a wakelock to
ensure it can finish without being interrupted and put to sleep.
It grabs a partial wake lock, as it doesn't need the screen to be on to do
its work. If the UI wants to keep it on, it should also grab a full wakelock,
which it does. If the UI crashes, the screen may turn off, but the encryption
will keep going, and vold will reboot the device when it's done.
Change-Id: I51d3a72b8c77383044a3facb1604c1ee510733ae
/system/vold/cryptfs.c
|
| 3f476690eaef3b824255813ed335284ef9a90e91 |
|
30-Jan-2011 |
Ken Sumrall <ksumrall@android.com> |
Merge "Don't try to encrypt in place a filesystem that is too large and return proper errors" into honeycomb
|
| 3ed8236de11a1be8b45d4c37b2208682f5e97c72 |
|
29-Jan-2011 |
Ken Sumrall <ksumrall@android.com> |
Don't try to encrypt in place a filesystem that is too large and return proper errors
If the already existing filesystem encompasses the entire /data partition
and does not leave the last 16 Kbytes for the crypto footer, refuse to
do encrypt in place and return an error. This is only an issue for folks
with early development systems trying to encrypt an old /data. This should
not be seen in released devices.
Also, if there is an error, try to report back to the UI what the error was
so it can deal with it.
Change-Id: If66781a4fe03034c96c3dd12075240deb8663db0
/system/vold/cryptfs.c
|
| 70a4b3fd7a84a84bbe6e9d6d4ca3ee2098259fd9 |
|
28-Jan-2011 |
Jason parks <jparks@google.com> |
Change cryptfs changepw to only require a new password.
The master key is now stored unhashed in memory. This
is needed because certain operation like remote reseting
of passwords the old password is not avaliable.
The changepw interface has been changed to only take
the new password as the only argument. When this is
called we reencrypt the master key with the new password
and old salt.
Bug: 3382129
Change-Id: I9a596b89013194605d6d7790067691aa0dc75e72
/system/vold/cryptfs.c
|
| e87440703663f5ee326326f6438f3b00ea315623 |
|
19-Jan-2011 |
Ken Sumrall <ksumrall@android.com> |
Create and use a salt when calling pbkdf2 to encrypt/decrypt the master key.
In order to prevent rainbow table attacks on decrypting the master key,
create a 16 byte "salt" by reading /dev/urandom. This is done right after
reading urandom to get the master key for the filesystem. The salt is
stored 32 bytes after the end of the key (a padding added to help prevent
accidental overwriting of the salt) and the salt is fixed at 16 bytes long.
This change will make existing encrypted filesystems unusable.
Change-Id: I420549d064c61d38aea78eef4d86c88acb265ca3
/system/vold/cryptfs.c
|
| 0cc166385a7e1d3026bbcb62f094e419f779e872 |
|
19-Jan-2011 |
Ken Sumrall <ksumrall@android.com> |
Verify that it's OK to run the various cryptfs commands
Maintain and query some internal state to know if it's OK to run
the various cryptfs commands. Do not allow enablecrypto to run if
the device is already encrypted. Do no allow restart to run if
we have already run it before or if the password has not been
validated. Do not allow checkpw to run if not encrypted, or it
has already validated the password.
This is an extra layer of safety on top of the checks up in the
UI code agains possible DoS attacks on the device.
Change-Id: I9afc8d42773020e82a512e6b637feede101d1362
/system/vold/cryptfs.c
|
| 7df84120b25dca713f623528801385b00208c2aa |
|
18-Jan-2011 |
Ken Sumrall <ksumrall@android.com> |
Don't wait for the framework to come up before starting to encrypt in place.
Also, change the value that triggers the progress bar framework from
"startup" to "0" in the property vold.encrypt_progress.
Change-Id: I3890e66a95283ce2ceeca82f516859b083919b9e
/system/vold/cryptfs.c
|
| 57b63e61cb41e377708a4fdf18ecc80eb1b2b521 |
|
18-Jan-2011 |
Ken Sumrall <ksumrall@android.com> |
Minor tweaks to logging for the cryptfs changepw command.
Change-Id: I87ff9788a56de6d461002407bf6c3cd4c6f900ee
/system/vold/cryptfs.c
|
| 8ddbe40a8a8708dac7c472fa8c098c8f7b24534c |
|
18-Jan-2011 |
Ken Sumrall <ksumrall@android.com> |
Updates to cryptfs framework.
Update the enable inplace API to allow the UI to show a progress bar.
Add new command changepw (whichis currently not working)
Internal restructuring of code to support these two features.
Some minor cleanup of the code as well.
Change-Id: I11461fc9ce66965bea6cd0b6bb2ff48bcf607b97
/system/vold/cryptfs.c
|
| 6864b7ec94a57b73c300457955d86dc604aeddf5 |
|
15-Jan-2011 |
Ken Sumrall <ksumrall@android.com> |
Change the cryptfs command to separate out checking the password and restarting
In order to make the animations and the UI look right, we need to change
the cryptfs checkpw command to return a status if the password was
correct or not, and not have it automatically restart if it's correct.
There is a new command restart that will restart the framework with the
encrypted filesystem.
Change-Id: Ia8ae00d7ed8667699aa58d05ad8ba953cca9316e
/system/vold/cryptfs.c
|
| 2eaf7138528d30c331d83ab8346a97e66b5499e2 |
|
14-Jan-2011 |
Ken Sumrall <ksumrall@android.com> |
Cleanup a few issues with the cryptfs code.
Now that the framework shuts down quickly, remove the 30
second sleep when enabling crypto. Also, stop spewing
the secret master key to the disk in the system log!
Change-Id: Icb3f9456ababe3dff8de52cbbae92da0e9e5dd2f
/system/vold/cryptfs.c
|
| 8f869aa1bc685b505c58e97b4e11a9c7491a16f9 |
|
03-Dec-2010 |
Ken Sumrall <ksumrall@android.com> |
Support for encrypting /data on Stingray.
There are still a few hacks and performance issues related
to shutting down the framework in this code, but it is
functional and tested. Without the UI changes, it requires
cryptic adb shell commands to enable, which I shall not
utter here.
Change-Id: I0b8f90afd707e17fbdb0373d156236946633cf8b
/system/vold/cryptfs.c
|