86af3557e3dc0f6e4fa2c0d56f840eb4247f9f4f |
|
24-Jun-2015 |
Shawn Willden <swillden@google.com> |
Add purpose to vold-generated keymaster1 keys. Also remove the app ID and additional padding and digest options. Bug: 22009890 Change-Id: Ibff9bbd0e0c11d651d11fac85d4ac907588f1cd2
/system/vold/cryptfs.c
|
0417060e8ebfd28171fd0aaef8f4e42d9ddd482e |
|
18-Jun-2015 |
Shawn Willden <swillden@google.com> |
Use correct error code for rate limiting. Note that this CL depends on cl 712195, which must be submitted first. Bug: 21607106 Change-Id: Iafc42d1c8a1145a31ea252b33b404044f92ec62b
/system/vold/cryptfs.c
|
da6e899f4e1429add2ef023e0cc6b0fcca42c945 |
|
03-Jun-2015 |
Shawn Willden <swillden@google.com> |
Add keymaster1 support to vold. Bug: 21607106 Change-Id: I498141b90888d4f0652912413b04519f61886935
/system/vold/cryptfs.c
|
b1ef4665e8df4abf0f3f134bf3090415fc834606 |
|
11-Jun-2015 |
Paul Lawrence <paullawrence@google.com> |
Improve boot time by 0.1s by reducing a polling sleep interval Bug: 21516860 Change-Id: I9e28f4d9cc20ec2a7d9e325c02ef85f0ad9b3d60
/system/vold/cryptfs.c
|
3bd36d5e5f14dff4dadba88eb27664e495d0e16e |
|
09-Jun-2015 |
Paul Lawrence <paullawrence@google.com> |
Remove hex encoding and password adjusting now that patterns are '1' based Bug: 21606650 Change-Id: I3486ad394d563135c5171a1d4785f7a27eeea3ae
/system/vold/cryptfs.c
|
86c942a2537701a90b88768eab4648c0650dfad1 |
|
06-May-2015 |
Paul Lawrence <paullawrence@google.com> |
DO NOT MERGE Delete password as per block encryption (cherry-picked from commit 00f4aade5c172534c16070540d1c6c26d0a78c84) Bug: 18151196 Change-Id: Iee0f932c61ff4a309dc2861725b24bf976adb4c7
/system/vold/cryptfs.c
|
2f32cda63bf5c86db880d36029a27c8597fb5e3c |
|
05-May-2015 |
Paul Lawrence <paullawrence@google.com> |
DO NOT MERGE Retry unmounts in ext4 encryption (cherry-picked from commit 29b54aab8ee2d08e2129832364f9b719dd17fa4e) Bug: 18151196 Change-Id: I52ca23b2ce3adcff44bd003d4a12243a0bd6ac34
/system/vold/cryptfs.c
|
368d79459e8d30474dd5cbc414623c1e2f78ee98 |
|
15-Apr-2015 |
Paul Lawrence <paullawrence@google.com> |
DO NOT MERGE Enable properties in ext4enc (cherry-picked from 4e7274551c93e1c064648409f52ca430da647050) Enables OwnerInfo and pattern suppression Bug: 18151196 Change-Id: I46144e16cb00319deeb5492ab82c67f5dd43d6d3
/system/vold/cryptfs.c
|
c78c71b1717613a5be921bbb8ac63c007d4af86a |
|
15-Apr-2015 |
Paul Lawrence <paullawrence@google.com> |
DO NOT MERGE Check password is correct by checking hash (cherry-picked from commit 3ca21e227a2e1ed01138a29f450917290a9d1e6e) Handle failures gracefully Change-Id: Ifb6da8c11a86c50fb11964c18cc1be1326461f78
/system/vold/cryptfs.c
|
731a7a242df6cc3441ac82b4f9521546fac5ac2d |
|
29-Apr-2015 |
Paul Lawrence <paullawrence@google.com> |
DO NOT MERGE Securely encrypt the master key (cherry-picked from commit 707fd6c7cccc31c0ab0ec1a6ac8b6077c632fc35) Move all key management into vold Reuse vold's existing key management through the crypto footer to manage the device wide keys. Use ro.crypto.type flag to determine crypto type, which prevents any issues when running in block encrypted mode, as well as speeding up boot in block or no encryption. This is one of four changes to enable this functionality: https://android-review.googlesource.com/#/c/148586/ https://android-review.googlesource.com/#/c/148604/ https://android-review.googlesource.com/#/c/148606/ https://android-review.googlesource.com/#/c/148607/ Bug: 18151196 Change-Id: I3c68691717a61b5e1df76423ca0c02baff0dab98
/system/vold/cryptfs.c
|
ce6a913aeac7db94a41362c63bab74092767bb3e |
|
09-Apr-2015 |
Jeff Sharkey <jsharkey@android.com> |
Exclusive exec() path, format after partition. Sadly setexeccon() is process global, so we need to carefully ensure that all exec() are mutually exclusive to avoid transitioning into unwanted domains. Also, because we have several threads floating around, we need to guard all our FDs with O_CLOEXEC. Format all newly created volumes immediately after partitioning, but silence all events emitted from those volumes to prevent the framework from getting all excited. Unify all notify events under a single codepath to make them easy to silence. Sent SIGINT before escalating to SIGTERM when unmounting. Bug: 19993667 Change-Id: Idc6c806afc7919a004a93e2240b42884f6b52d6b
/system/vold/cryptfs.c
|
9c48498f4529f623650c56d03e63324c8d813032 |
|
31-Mar-2015 |
Jeff Sharkey <jsharkey@android.com> |
Support for private (adopted) volumes. This adds support for private volumes which is just a filesystem wrapped in a dm-crypt layer. For now we're using the exact same configuration as internal encryption (aes-cbc-essiv:sha256), but we don't store any key material on the removable media. Instead, we store the key on internal storage, and use the GPT partition GUID to identify which key should be used. This means that private external storage is effectively as secure as the internal storage of the device. That is, if the internal storage is encrypted, then our external storage key is also encrypted. When partitioning disks, we now support a "private" mode which has a PrivateVolume partition, and a currently unused 16MB metadata partition reserved for future use. It also supports a "mixed" mode which creates both a PublicVolume and PrivateVolume on the same disk. Mixed mode is currently experimental. For now, just add ext4 support to PrivateVolume; we'll look at f2fs in a future change. Add VolumeBase lifecycle for setting up crypto mappings, and extract blkid logic into shared method. Sprinkle some more "static" around the cryptfs code to improve invariants. Bug: 19993667 Change-Id: Ibd1df6250735b706959a1eb9d9f7219ea85912a0
/system/vold/cryptfs.c
|
36801cccf27152c9eca5aab6ba3527221525110f |
|
14-Mar-2015 |
Jeff Sharkey <jsharkey@android.com> |
Progress towards dynamic storage support. Wire up new Disk and VolumeBase objects and events to start replacing older DirectVolume code. Use filesystem UUID as visible PublicVolume name to be more deterministic. When starting, create DiskSource instances based on fstab, and watch for kernel devices to appear. Turn matching devices into Disk objects, scan for partitions, and create any relevant VolumeBase objects. Broadcast all of these events towards userspace so the framework can decide what to mount. Keep track of the primary VolumeBase, and update the new per-user /storage/self/primary symlink for all started users. Provide a reset command that framework uses to start from a known state when runtime is restarted. When vold is unexpectedly killed, try recovering by unmounting everything under /mnt and /storage before moving forward. Remove UMS sharing support for now, since no current devices support it; MTP is the recommended solution going forward because it offers better multi-user support. Switch killProcessesWithOpenFiles() to directly take signal. Fix one SOCK_CLOEXEC bug, but SELinux says there are more lurking. Bug: 19993667 Change-Id: I2dad1303aa4667ec14c52f774e2a28b3c1c1ff6d
/system/vold/cryptfs.c
|
2a8c10965a8a9e17fb290ac5acba2daf936ff1bb |
|
30-Mar-2015 |
Elliott Hughes <enh@google.com> |
am 8a0fde27: am e9623fed: Merge "Fixed type mismatch for ioctl(BLKGETSIZE)" * commit '8a0fde272be430f66b2e5db6236aa732d2ba6efc': Fixed type mismatch for ioctl(BLKGETSIZE)
|
14eab550e8a4f28889cc9ffbb92ddff8f18c4f03 |
|
04-Feb-2015 |
Hiroaki Miyazawa <hiroaki.miyazawa@sonymobile.com> |
Fixed type mismatch for ioctl(BLKGETSIZE) ioctl(BLKGETSIZE) expects unsigned long (8 bytes on 64 bit environment). This is fixing fails in android.os.storage.StorageManagerIntegrationTest (in FrameworkCoreTests). To verify, install FrameworksCoreTests.apk and do: adb shell am instrument -r -w -e class android.os.storage.\ StorageManagerIntegrationTest#testMountSingleEncryptedObb \ com.android.frameworks.coretests/android.test.InstrumentationTestRunner Change-Id: Ib6d5c7490c02521c93f107c35ad0aac49f6a3f1a
/system/vold/cryptfs.c
|
8175a0b65d4bbe29eb1b44c183b3668125825c0b |
|
05-Mar-2015 |
Paul Lawrence <paullawrence@google.com> |
Adding e4crypt support Redirect all crypto calls to e4crypt equivalents if file level encryption detected. Note this change implements only the ones needed for minimal functionality. Requires matching change: https://googleplex-android-review.git.corp.google.com/#/c/642778/ Change-Id: I622d1a91704de4b3ab655486e6d38cd6718e6016
/system/vold/cryptfs.c
|
05335c344d73411439774dfa548c633020e158e1 |
|
05-Mar-2015 |
Paul Lawrence <paullawrence@google.com> |
Adding e4crypt support Redirect all crypto calls to e4crypt equivalents if file level encryption detected. Note this change implements only the ones needed for minimal functionality. Requires matching change: https://googleplex-android-review.git.corp.google.com/#/c/642778/ Change-Id: I622d1a91704de4b3ab655486e6d38cd6718e6016
/system/vold/cryptfs.c
|
47bc0ffaddacc3514d12db1b8b8bb4b10eae13ea |
|
27-Feb-2015 |
Shawn Willden <swillden@google.com> |
am 5054f7ee: Merge "Rename keymaster_device_t to keymaster0_device_t." * commit '5054f7ee4fa6e747eb8d08f60ec91ba6a9363878': Rename keymaster_device_t to keymaster0_device_t.
|
8af33350cdd461891e77684fcc5374edd5497140 |
|
24-Feb-2015 |
Shawn Willden <swillden@google.com> |
Rename keymaster_device_t to keymaster0_device_t. This is to accomodate the new keymaster1_device_t, which has an entirely different interface. Soon I'll provide a libkeymaster which provides a unified (and nicer) interface for dealing with both v0 and v1 keymaster implementations using a v1 keymaster API. For now this change is just so that vold will build and run. Change-Id: I5c54282c12d1c4b8b22ed4929b6e6c724a94ede4
/system/vold/cryptfs.c
|
d1fd8468d018291698de17bacb23fc7ba1d900d8 |
|
24-Feb-2015 |
Shawn Willden <swillden@google.com> |
Rename keymaster_device_t to keymaster0_device_t. This is to accomodate the new keymaster1_device_t, which has an entirely different interface. Soon I'll provide a libkeymaster which provides a unified (and nicer) interface for dealing with both v0 and v1 keymaster implementations using a v1 keymaster API. For now this change is just so that vold will build and run. Change-Id: I5c54282c12d1c4b8b22ed4929b6e6c724a94ede4
/system/vold/cryptfs.c
|
933216c8861b6b3f0e65cd27812ce2e3c26721c4 |
|
11-Feb-2015 |
JP Abgrall <jpa@google.com> |
crytpfs: fix clobbering of crypto info on keymaster failure Changing the device lock (even from swipe to none) will cause the master key to be re-encrypted. If at that point keymaster fails (e.g. due to an incompatible keymaster update) cryptfs will write back the now-incomplete crypto metadata. Upon next reboot, userdata can't be decrypted. Now we don't bother writing on keymaster failure. Bug: 19301883 Change-Id: I2b9a1278f8b4d333ac8d567e17e2263005e99409
/system/vold/cryptfs.c
|
d32b75e6dc329fc8b15d0ae48cf932f091ed6299 |
|
09-Feb-2015 |
Elliott Hughes <enh@google.com> |
am 33b6de4b: am d55d8dac: Merge "prevent ioctl_init() to write outside buffer" * commit '33b6de4b94e018b3cb621db5eabcb3a4f18bdd3d': prevent ioctl_init() to write outside buffer
|
a655b9a39fb99cd0c4152a563004634e3766c00c |
|
09-Feb-2015 |
Paul Lawrence <paullawrence@google.com> |
am 38394c7d: am 223fd1ca: Revert "Make encryption configurable" * commit '38394c7d2d6d5bd8c7467155587a78b912e2b7ab': Revert "Make encryption configurable"
|
33b6de4b94e018b3cb621db5eabcb3a4f18bdd3d |
|
07-Feb-2015 |
Elliott Hughes <enh@google.com> |
am d55d8dac: Merge "prevent ioctl_init() to write outside buffer" * commit 'd55d8dac45dc60cb2cc9e599d3e89532db0cfc39': prevent ioctl_init() to write outside buffer
|
d55d8dac45dc60cb2cc9e599d3e89532db0cfc39 |
|
07-Feb-2015 |
Elliott Hughes <enh@google.com> |
Merge "prevent ioctl_init() to write outside buffer"
|
38394c7d2d6d5bd8c7467155587a78b912e2b7ab |
|
07-Feb-2015 |
Paul Lawrence <paullawrence@google.com> |
am 223fd1ca: Revert "Make encryption configurable" * commit '223fd1cad8d627dc36e11da8cdd342c1a810d226': Revert "Make encryption configurable"
|
223fd1cad8d627dc36e11da8cdd342c1a810d226 |
|
06-Feb-2015 |
Paul Lawrence <paullawrence@google.com> |
Revert "Make encryption configurable" This reverts commit 6a69cfc411c086f15d59b7dc105763af16620414. The original fix seems to have led to boot failures in QA. Rather than risk shipping, revert the change. Bug 18764230 reopened. Requires change https://googleplex-android-review.git.corp.google.com/#/c/629950/ Bug: 19278390 Bug: 19199624 Change-Id: Ia858c4db0abb917f9364ec8048f59ca4fb48e233
/system/vold/cryptfs.c
|
5e6b9141c11ebfd809acb69c7c672c6612334359 |
|
05-Feb-2015 |
Marek Pola <marek.pola@sonymobile.com> |
prevent ioctl_init() to write outside buffer The strncpy operation does not write a 0 termination if the name is larger than the target buffer. Ensure that zero termination is always written using safe strlcpy function. Change-Id: Idb68cdff7cd1a860c1dfac7494fa99f3d382cb91
/system/vold/cryptfs.c
|
efb4c6d79aa8809dc510826fd25e8109676021cb |
|
05-Feb-2015 |
Elliott Hughes <enh@google.com> |
am 71f8d86f: am f805a8b3: Merge "Change lseek to lseek64" * commit '71f8d86fdfc2c11f2d4176eabb98812bf41792e7': Change lseek to lseek64
|
71f8d86fdfc2c11f2d4176eabb98812bf41792e7 |
|
05-Feb-2015 |
Elliott Hughes <enh@google.com> |
am f805a8b3: Merge "Change lseek to lseek64" * commit 'f805a8b3a917b163c789f1ad4b272560f98eb6f1': Change lseek to lseek64
|
394cd68fcdd11271a9b71f6c83acaf5b347cb7b1 |
|
05-Feb-2015 |
Elliott Hughes <enh@google.com> |
am e22b21af: am ebc83b3e: Merge "Fix memory leak in upgrade_crypt_ftr" * commit 'e22b21af3a4d7729c23f559add26bc4f78cbaab1': Fix memory leak in upgrade_crypt_ftr
|
e22b21af3a4d7729c23f559add26bc4f78cbaab1 |
|
05-Feb-2015 |
Elliott Hughes <enh@google.com> |
am ebc83b3e: Merge "Fix memory leak in upgrade_crypt_ftr" * commit 'ebc83b3e8ef6d0dbab84bec88e0231c7911e5378': Fix memory leak in upgrade_crypt_ftr
|
f805a8b3a917b163c789f1ad4b272560f98eb6f1 |
|
05-Feb-2015 |
Elliott Hughes <enh@google.com> |
Merge "Change lseek to lseek64"
|
ebc83b3e8ef6d0dbab84bec88e0231c7911e5378 |
|
05-Feb-2015 |
Elliott Hughes <enh@google.com> |
Merge "Fix memory leak in upgrade_crypt_ftr"
|
96dbee7bd6c64c0d38b4e390e12851e02b674b87 |
|
20-Jan-2015 |
Björn Landström <bjorn.landstrom.x@sonymobile.com> |
Change lseek to lseek64 Using lseek on 64-bit offset parameter caused failure to write persistent data in crypto footer. Changed calls to use lseek64 instead. Change-Id: I4e4c397a6d36201b8b08be3017e17c9fac3b34e4
/system/vold/cryptfs.c
|
91064633ff3e5dd0a8a7d0c065cd82ba06b04ace |
|
05-Feb-2015 |
Henrik Baard <henrik.baard@sonymobile.com> |
Fix memory leak in upgrade_crypt_ftr The structure crypt_persist_data was allocated, but never freed. Added free of allocated memory in normal and error case. Change-Id: I9aaa067e6f6501e8ce007f8659004b5dbcf2b246
/system/vold/cryptfs.c
|
db3730c454ef706dffee9bde0f9bf54e95ab06f8 |
|
03-Feb-2015 |
Paul Lawrence <paullawrence@google.com> |
Remove kdfs that were only used internally in LMP Bug: 17439091 Change-Id: I55f92984c8234362597be3976a10626a0ed8763f
/system/vold/cryptfs.c
|
c19cb9c8329781dad649f37e6bc3f0f120cb2afc |
|
21-Jan-2015 |
Paul Lawrence <paullawrence@google.com> |
Make encryption configurable Add maybeenabledefaultencryption function, that encrypts based on the encryption flag and appropriate environment variable Bug: 18764230 Change-Id: Id9a1967d09a7ae63a51240c0a5f3c41505af0e9a
/system/vold/cryptfs.c
|
4a36ca003873991c99fbd2b41c87c9409c053d71 |
|
26-Jan-2015 |
Paul Lawrence <paullawrence@google.com> |
am 6a69cfc4: Make encryption configurable * commit '6a69cfc411c086f15d59b7dc105763af16620414': Make encryption configurable
|
ba5834dcea382a71326289c8d1293e0e95f1dfec |
|
23-Jan-2015 |
Kenny Root <kroot@google.com> |
am 26970299: Merge "Remove superfluous OpenSSL include paths." * commit '269702997153cdf92c65cfee277c76afed44e9e5': Remove superfluous OpenSSL include paths.
|
41405bb3e5cdde0782bfcf7065b88ce1bb253c3c |
|
23-Jan-2015 |
Adam Langley <agl@google.com> |
Remove superfluous OpenSSL include paths. The libcrypto and libssl modules (and their respective static and host versions) use LOCAL_EXPORT_C_INCLUDE_DIRS thus just including the module is sufficient. Additionally, cryptfs.h was including an OpenSSL header just to get the length of a SHA-256 hash. Rather than force all users of this header to also depend on libcrypto, it's easier just to define that value in the header file. Change-Id: I3e3e0db906a212e1093944b298e4a8ff2e2fb07d
/system/vold/cryptfs.c
|
6a69cfc411c086f15d59b7dc105763af16620414 |
|
21-Jan-2015 |
Paul Lawrence <paullawrence@google.com> |
Make encryption configurable Add maybeenabledefaultencryption function, that encrypts based on the encryption flag and appropriate environment variable Bug: 18764230 Change-Id: Id9a1967d09a7ae63a51240c0a5f3c41505af0e9a
/system/vold/cryptfs.c
|
da91b1915c44a66932f7eef23b4c0ecbdee0b794 |
|
19-Dec-2014 |
Brian Carlstrom <bdc@google.com> |
Remove unused local variable to fix the build Change-Id: Ic0a77a754b649d360d07eaa9e6a93274e7eaf0a8
/system/vold/cryptfs.c
|
210caabdb51943ec46532fb13bd3df8b983897e7 |
|
18-Dec-2014 |
Dan Albert <danalbert@google.com> |
resolved conflicts for merge of 88aba541 to lmp-mr1-dev-plus-aosp Change-Id: Ie5ef819dd8168cb6a73f84a881a92c116705fffc
|
c07fa3fa5ada60b5f0b13d84f7a9893e2c331549 |
|
18-Dec-2014 |
Dan Albert <danalbert@google.com> |
Fix alignment of buffer used for dm_ioctl. Since the dm_ioctl struct was being allocated on the stack as a large character array, it was getting character alignment rather than the proper alignment for the struct. GCC had been getting away with this so far, but it's undefined behavior that clang managed to expose. Bug: 18736778 Change-Id: Ied275dfad7fcc41d712b2d02c8a185f499221f57
/system/vold/cryptfs.c
|
6c78e7d7724a431dbdb2b0a5bb8cd2b07424cbe5 |
|
18-Dec-2014 |
Tim Murray <timmurray@google.com> |
resolved conflicts for merge of 4be36106 to lmp-mr1-dev-plus-aosp Change-Id: If504710a618d8c3adf85297d5fd2909558ed57a3
|
8439dc9fd569794b1a31f67cf43d9212de33eecc |
|
15-Dec-2014 |
Tim Murray <timmurray@google.com> |
Make vold compile with -Werror -Wall. -Wno-missing-field-initializers is used as well, but that is an overzealous warning from initializing structs with {0} and not a real warning. bug 18736778 and 16868177 Change-Id: Iffde89cd7200d9a11193e1614f1819f9fcace30a
/system/vold/cryptfs.c
|
6322302a5a6f8848097031e7acda44dba88c7ea2 |
|
02-Dec-2014 |
Paul Lawrence <paullawrence@google.com> |
am acfdc30e: Merge "Fix error in clocks leading to devices staying unlocked" into lmp-mr1-dev * commit 'acfdc30e3793512de4b9a5e15da69533735dd8be': Fix error in clocks leading to devices staying unlocked
|
82b451dacb4d12c3eee3fc2bde9d0f54e234c168 |
|
02-Dec-2014 |
Paul Lawrence <paullawrence@google.com> |
am d44a8f59: Merge "Fix encrypt-and-wipe" into lmp-mr1-dev * commit 'd44a8f59a7518b87a3fe4174c78dfb9727e63f89': Fix encrypt-and-wipe
|
acfdc30e3793512de4b9a5e15da69533735dd8be |
|
02-Dec-2014 |
Paul Lawrence <paullawrence@google.com> |
Merge "Fix error in clocks leading to devices staying unlocked" into lmp-mr1-dev
|
ef2b5bea6b72331568036788c6fcaadf63f1f178 |
|
11-Nov-2014 |
Paul Lawrence <paullawrence@google.com> |
Fix error in clocks leading to devices staying unlocked Use BOOTTIME consistently! Bug: 18246810 Change-Id: I630bf39f72ab69f971d2f772e8d4545ffe467b82
/system/vold/cryptfs.c
|
b1eb7a06ee24078efb3a7efaa32c1561b92f4cb8 |
|
25-Nov-2014 |
Paul Lawrence <paullawrence@google.com> |
Fix encrypt-and-wipe encrypt-and-wipe was broken when checks were added that encryption succeeded which assumed a 'normal' full encrypt traversing the device. encrypt-and-wipe doesn't traverse, it just lays down a file system over the encrypted device, so in this mode do not check the amount encrypted - it will always be 0. Bug: 18511900 Change-Id: Icb1d7e0cdb67abd2eac0ab3cbfc1a88912768f9d
/system/vold/cryptfs.c
|
c9c51717923315edf1d14bdeb3e06036107a3be0 |
|
21-Nov-2014 |
Iliyan Malchev <malchev@google.com> |
am bb7d9afe: fall back to dm-crypt if device already encrypted * commit 'bb7d9afea9479eabbc98133d3d968225a1e1019e': fall back to dm-crypt if device already encrypted
|
b7d35115dccc49275c48cc4665c146997b0168eb |
|
21-Nov-2014 |
Iliyan Malchev <malchev@google.com> |
resolved conflicts for merge of 87701e27 to lmp-mr1-dev-plus-aosp Change-Id: Ie873baff626fe786515497f2e81aa9db2329168d
|
bb7d9afea9479eabbc98133d3d968225a1e1019e |
|
21-Nov-2014 |
Iliyan Malchev <malchev@google.com> |
fall back to dm-crypt if device already encrypted Devices already encrypted with aes-cbc-essiv:sha256 will continue to be decrypted in software, until a factory data reset. New devices that implement CONFIG_HW_DISK_ENCRYPTION will switch to aes-xts. b/17475056 Enable hardware crypto for userdata encryption Change-Id: I62d1583bdaf7ff06b87e386e758fa3b18c719bca Signed-off-by: Iliyan Malchev <malchev@google.com>
/system/vold/cryptfs.c
|
87701e2755f039d6ea8c1510dcddf468ee947a62 |
|
18-Sep-2014 |
Ajay Dudani <adudani@codeaurora.org> |
Adding support of dm-req-crypt Currently Android provides disk encryption support using dm-crypt which is based on bios. dm-crypt uses 512 bytes packet size for crypto operations. While 512 bytes size packet is ok for SW based disk encryption, it is inefficient for HW based crypto engines. dm-req-crypt is similar to dm-crypt except it uses block requests rathe bios for crypto operations. block requests when unpacked carries data upto 512KB. Hence, HW based crypto engine can be used more efficiently. Also move create disk encryption key before framework start as HW based disk encryption creates key in secure side. Key creation can take sometime to create the key securely. If framework is started before creating the key, it is possible that framework requests service from secure side. Secure side can serve mostly one request at a time. Secure side may reject framework request if key creation request is still going on. This may cause problem in the system b/17475056 Enable hardware crypto for userdata encryption Change-Id: I5480ab72a37c02532218a18faaba598a824589fd Signed-off-by: Iliyan Malchev <malchev@google.com>
/system/vold/cryptfs.c
|
b4be7416f89b895f3f5e9a2e13ef2a98fab57b0e |
|
05-Nov-2014 |
Shawn Willden <swillden@google.com> |
Modify vold to check for hardware keymaster. automerge: 7c49ab0 * commit '7c49ab0a0b3c1ee9b24a4b0b1a2c0a8c86acea41': Modify vold to check for hardware keymaster.
|
7c49ab0a0b3c1ee9b24a4b0b1a2c0a8c86acea41 |
|
30-Oct-2014 |
Shawn Willden <swillden@google.com> |
Modify vold to check for hardware keymaster. vold should only use hardware keymaster implementations to protect the disk encryption key, because there's little value in using the software implementation. More importantly, if we allow vold to use softkeymaster in the absence of a HW keymaster and (somehow) a HW keymaster is added to a device, the HW version will be loaded, and will be unable to use the softkeymaster key found in the crypto footer, forcing a factory reset. This CL will not break devices without HW keymaster, because softkeymaster currently reports its keys as non-standalone (which isn't correct). After this CL is in, I will fix softkeymaster. Bug: 17362157 Change-Id: I98b169e7a59ff7d44b72069b87743463ec823ea2
/system/vold/cryptfs.c
|
84f2515008539e82a6f6ad3c882d914da140ab13 |
|
30-Oct-2014 |
Rubin Xu <rubinxu@google.com> |
Merge "Make persistent field in cryptofs support longer values." into lmp-mr1-dev automerge: 13c3a90 * commit '13c3a90b586d272b391bd0e2795717db75a4d853': Make persistent field in cryptofs support longer values.
|
85c01f95c7a3c009e79867fe36181cc0793a0440 |
|
13-Oct-2014 |
Rubin Xu <rubinxu@google.com> |
Make persistent field in cryptofs support longer values. Store long field values in multiple underlying fixed-length entries and concatenate them together when reading back. Bug: 17556485 Change-Id: I2f8033d18c208993fa1b010712be0dad5d8b646b
/system/vold/cryptfs.c
|
9b5a381241ff503ba05f5622927633b8527dadf5 |
|
17-Oct-2014 |
JP Abgrall <jpa@google.com> |
cryptfs: [HACK] reboot if the crypto block dev failed to open automerge: 512f0d5 * commit '512f0d52ac5f85b327872e085d9fe6f02517eadf': cryptfs: [HACK] reboot if the crypto block dev failed to open
|
4c9b4d8c978433b4810c0449d4f376dbf7e74ab9 |
|
16-Oct-2014 |
JP Abgrall <jpa@google.com> |
am 7776871d: cryptfs: extra debugging around crypto blockdev dm-... errors. * commit '7776871d82050bac3e6bb307a68caef973305516': cryptfs: extra debugging around crypto blockdev dm-... errors.
|
512f0d52ac5f85b327872e085d9fe6f02517eadf |
|
11-Oct-2014 |
JP Abgrall <jpa@google.com> |
cryptfs: [HACK] reboot if the crypto block dev failed to open There are cases where the /dev/block/dm-0 fails to open. This leads to the device not completing the boot up sequence. Currently, the only way out is to reboot. Bug: 17898962 Change-Id: If4583ebb1ef1ebdbaf680d69b876459aaec2f4ce (cherry picked from commit 7fc1de8a44307d6c51826ab90f804702e08d1e6d)
/system/vold/cryptfs.c
|
ca42022cf0c955c63b178330d6b72ce86915fb7c |
|
13-Oct-2014 |
JP Abgrall <jpa@google.com> |
am 7fc1de8a: cryptfs: [HACK] reboot if the crypto block dev failed to open * commit '7fc1de8a44307d6c51826ab90f804702e08d1e6d': cryptfs: [HACK] reboot if the crypto block dev failed to open
|
03279172e9c27bbad3a9bd1ffa2436a36b5b8ec7 |
|
13-Oct-2014 |
JP Abgrall <jpa@google.com> |
am 3334c6a1: cryptfs: extra debugging around crypto blockdev dm-... errors. * commit '3334c6a1ae38b2c7886fc9c0a69467e586af8635': cryptfs: extra debugging around crypto blockdev dm-... errors.
|
7fc1de8a44307d6c51826ab90f804702e08d1e6d |
|
11-Oct-2014 |
JP Abgrall <jpa@google.com> |
cryptfs: [HACK] reboot if the crypto block dev failed to open There are cases where the /dev/block/dm-0 fails to open. This leads to the device not completing the boot up sequence. Currently, the only way out is to reboot. Bug: 17898962 Change-Id: If4583ebb1ef1ebdbaf680d69b876459aaec2f4ce
/system/vold/cryptfs.c
|
3334c6a1ae38b2c7886fc9c0a69467e586af8635 |
|
11-Oct-2014 |
JP Abgrall <jpa@google.com> |
cryptfs: extra debugging around crypto blockdev dm-... errors. Some times the /dev/block/dm-0 fails to open after it has been setup. Log why. Bug: 17576594 Bug: 17942270 Change-Id: If0bbfe22d84137f2029bacb10873832038f0d36c
/system/vold/cryptfs.c
|
7776871d82050bac3e6bb307a68caef973305516 |
|
11-Oct-2014 |
JP Abgrall <jpa@google.com> |
cryptfs: extra debugging around crypto blockdev dm-... errors. Some times the /dev/block/dm-0 fails to open after it has been setup. Log why. Bug: 17576594 Bug: 17942270 Change-Id: If0bbfe22d84137f2029bacb10873832038f0d36c
/system/vold/cryptfs.c
|
2e83bfa43d8b92476027a59ac06faf5fc4a279bd |
|
07-Oct-2014 |
Paul Lawrence <paullawrence@google.com> |
am fc615041: Remove possibility of zero chars from passwords * commit 'fc61504166d4377a1f83211c236ca11260da1261': Remove possibility of zero chars from passwords
|
fd2180a97289732520328c69150419763ced48c1 |
|
07-Oct-2014 |
Paul Lawrence <paullawrence@google.com> |
am fc615041: Remove possibility of zero chars from passwords * commit 'fc61504166d4377a1f83211c236ca11260da1261': Remove possibility of zero chars from passwords
|
fc61504166d4377a1f83211c236ca11260da1261 |
|
05-Oct-2014 |
Paul Lawrence <paullawrence@google.com> |
Remove possibility of zero chars from passwords scrypt pads the password with zeros. Our patterns use 0 to represent the top left dot. So patterns that end there are equivalent to ones that end one short. After much thought, the best solution is to change the way we represent patterns in keyguard. This, however, is a big change. The short term solution is to change the pattern representation in vold so that we are storing the correct thing. Later we will change keyguard to handle patterns correctly and remove quite a few hacks from vold (use of hex, this code). b/17840293 created to track this. Bug: 17751714 Change-Id: I30cdffb0f0db406d2e2b6c54d4153d120d975318
/system/vold/cryptfs.c
|
4465744614cf865d45c161504d907024ced13479 |
|
06-Oct-2014 |
Paul Lawrence <paullawrence@google.com> |
am 7639a6ab: Merge "Reset failed decryption count on successful decryptions" into lmp-dev * commit '7639a6ab60426bbfa57c750c1ff0b4016cad0294': Reset failed decryption count on successful decryptions
|
6bcac81e6a8db504dc32d89907f847b5a9118817 |
|
06-Oct-2014 |
Paul Lawrence <paullawrence@google.com> |
am 7639a6ab: Merge "Reset failed decryption count on successful decryptions" into lmp-dev * commit '7639a6ab60426bbfa57c750c1ff0b4016cad0294': Reset failed decryption count on successful decryptions
|
7639a6ab60426bbfa57c750c1ff0b4016cad0294 |
|
06-Oct-2014 |
Paul Lawrence <paullawrence@google.com> |
Merge "Reset failed decryption count on successful decryptions" into lmp-dev
|
72b8b82780c062f48350d743c5ee43ced369507d |
|
05-Oct-2014 |
Paul Lawrence <paullawrence@google.com> |
Reset failed decryption count on successful decryptions Bug: 17866359 Change-Id: I1af2ff1ac4f5243afba0cfa2f2d3a1d0b029091b
/system/vold/cryptfs.c
|
72498ed5c2657bb1b3a21435397b4a6bb266e995 |
|
03-Oct-2014 |
Greg Hackmann <ghackmann@google.com> |
am 6e8440fd: cryptfs: kill processes with open files on tmpfs /data * commit '6e8440fd5072a673dd861ffb531fc17b4673ad90': cryptfs: kill processes with open files on tmpfs /data
|
17fb62cebbe3e680a91d11c6c54216aed4198654 |
|
03-Oct-2014 |
Paul Lawrence <paullawrence@google.com> |
am 9c58a871: Use monotonic clock for cryptfs progress * commit '9c58a871f9fb356409d3b90734bf706d1463f041': Use monotonic clock for cryptfs progress
|
b69a5e44db9b7ecf39b9441115f3470554062157 |
|
03-Oct-2014 |
Greg Hackmann <ghackmann@google.com> |
am 6e8440fd: cryptfs: kill processes with open files on tmpfs /data * commit '6e8440fd5072a673dd861ffb531fc17b4673ad90': cryptfs: kill processes with open files on tmpfs /data
|
6e8440fd5072a673dd861ffb531fc17b4673ad90 |
|
03-Oct-2014 |
Greg Hackmann <ghackmann@google.com> |
cryptfs: kill processes with open files on tmpfs /data cryptfs will fail to remount /data at boot if any processes (e.g. dex2oat) have files open on the tmpfs /data partition. Since these files are about to be destroyed anyway, just kill the offending processes: first with SIGHUP and finally with SIGKILL. Also remove a stray i++ that effectively cut the number of retries in half. Bug: 17576594 Change-Id: I76fb90ce2e52846ffb9de706e52b7bde98b4186a Signed-off-by: Greg Hackmann <ghackmann@google.com>
/system/vold/cryptfs.c
|
f2eabef83f4a32de1d0670d053a4d6bac787cd4b |
|
30-Sep-2014 |
Paul Lawrence <paullawrence@google.com> |
am 9c58a871: Use monotonic clock for cryptfs progress * commit '9c58a871f9fb356409d3b90734bf706d1463f041': Use monotonic clock for cryptfs progress
|
9c58a871f9fb356409d3b90734bf706d1463f041 |
|
30-Sep-2014 |
Paul Lawrence <paullawrence@google.com> |
Use monotonic clock for cryptfs progress Otherwise we get strange results when the time changes. Worst effect is that the encryption takes a lot longer since we are calling the logging code far more frequently. Bug: 17625981 Change-Id: Ice29f28b3720e9e4a1ea28e45eeab574d1959ec1
/system/vold/cryptfs.c
|
fd8d08c22a33aa65e310274fb4fcc506c92f25f2 |
|
26-Sep-2014 |
Greg Hackmann <ghackmann@google.com> |
am 3574b085: Merge "cryptfs: log umount() failure reason" into lmp-dev * commit '3574b085f46a5b22ee660a9fd3ef727a20c106ee': cryptfs: log umount() failure reason
|
7103f41a17bcb5d6a3dc3bb4c58091c524e3240b |
|
26-Sep-2014 |
Greg Hackmann <ghackmann@google.com> |
am 46a3a79a: Merge "print information about opened files when failed unmount" into lmp-dev * commit '46a3a79a8f6b8b8eb66b1194a1a56b0ddcd4943b': print information about opened files when failed unmount
|
714526434cddcbebbd39cb615386b33954f233cf |
|
26-Sep-2014 |
Jeff Sharkey <jsharkey@android.com> |
am dd1a8040: Include reason when wiping data. * commit 'dd1a8040e8449cc0e8b861a23e0339a43d80593c': Include reason when wiping data.
|
e46f7122e002539cdfb1d83baac3652b88528455 |
|
25-Sep-2014 |
Greg Hackmann <ghackmann@google.com> |
am 3574b085: Merge "cryptfs: log umount() failure reason" into lmp-dev * commit '3574b085f46a5b22ee660a9fd3ef727a20c106ee': cryptfs: log umount() failure reason
|
e2a470f3980a824e8f5ba92fd8356336c7161463 |
|
25-Sep-2014 |
Greg Hackmann <ghackmann@google.com> |
am 46a3a79a: Merge "print information about opened files when failed unmount" into lmp-dev * commit '46a3a79a8f6b8b8eb66b1194a1a56b0ddcd4943b': print information about opened files when failed unmount
|
640aa86222c40553a2540c6cf9e840d13e750e30 |
|
25-Sep-2014 |
Jeff Sharkey <jsharkey@android.com> |
am dd1a8040: Include reason when wiping data. * commit 'dd1a8040e8449cc0e8b861a23e0339a43d80593c': Include reason when wiping data.
|
3574b085f46a5b22ee660a9fd3ef727a20c106ee |
|
25-Sep-2014 |
Greg Hackmann <ghackmann@google.com> |
Merge "cryptfs: log umount() failure reason" into lmp-dev
|
46a3a79a8f6b8b8eb66b1194a1a56b0ddcd4943b |
|
25-Sep-2014 |
Greg Hackmann <ghackmann@google.com> |
Merge "print information about opened files when failed unmount" into lmp-dev
|
955653ebff68e29f5aeab3f05fddc199474e4174 |
|
24-Sep-2014 |
Greg Hackmann <ghackmann@google.com> |
cryptfs: log umount() failure reason Bug: 17576594 Change-Id: I7320aa597210896b4db6e663e1b2cb0c24d96557 Signed-off-by: Greg Hackmann <ghackmann@google.com>
/system/vold/cryptfs.c
|
3f14fe45a3e7bc0d12ba26d20a36d355a10f623e |
|
22-Sep-2014 |
jessica_yu <jessica_yu@htc.com> |
print information about opened files when failed unmount Change-Id: I88ae719cdae490433390d624f75612a9f4f96677 Cryptfs : Enabling support for allow_discards in dmcrypt. Cryptfs : Password matches Cryptfs : test_mount_encrypted_fs(): Master key saved TrustyKeymaster: Creating device TrustyKeymaster: Device address: 0x7f8f416100 Cryptfs : keymaster version is 3 Cryptfs : Just asked init to shut down class main ServiceManager: service 'drm.drmManager' died ServiceManager: service 'media.audio_flinger' died ServiceManager: service 'media.player' died ServiceManager: service 'media.camera' died ServiceManager: service 'android.security.keystore' died Cryptfs : unmounting /data failed Bug: 17576594
/system/vold/cryptfs.c
|
dd1a8040e8449cc0e8b861a23e0339a43d80593c |
|
24-Sep-2014 |
Jeff Sharkey <jsharkey@android.com> |
Include reason when wiping data. This will help us track down who requested a data wipe. Bug: 17412160 Change-Id: I5ab39a4de03c973ed151d703d6462a172ee043fd
/system/vold/cryptfs.c
|
c48387ca4cccad9aaf24c7595afe43fca78ca798 |
|
23-Sep-2014 |
Paul Lawrence <paullawrence@google.com> |
am 3846be17: Reduce cryptfs logspam * commit '3846be17feba13150a5db22204622db6a762a0d8': Reduce cryptfs logspam
|
7df812dfaa6c82865efb0511f2da1adb601829b2 |
|
23-Sep-2014 |
Paul Lawrence <paullawrence@google.com> |
am 3846be17: Reduce cryptfs logspam * commit '3846be17feba13150a5db22204622db6a762a0d8': Reduce cryptfs logspam
|
3846be17feba13150a5db22204622db6a762a0d8 |
|
22-Sep-2014 |
Paul Lawrence <paullawrence@google.com> |
Reduce cryptfs logspam Bug: 17572886 Change-Id: I91302ccc284e0f908299852650db5bf645f2ff71
/system/vold/cryptfs.c
|
2f61b41e5de6b5791f118a212938f94d5d4f1897 |
|
20-Sep-2014 |
Alex Klyubin <klyubin@google.com> |
am 6efa9351: Merge "Don\'t use deprecated OpenSSL functions." * commit '6efa9351a257edc53ce07eb8c544ccf08efb64ae': Don't use deprecated OpenSSL functions.
|
b707d72a33c8e442cafb36f724245f1c9898fb36 |
|
20-Sep-2014 |
Alex Klyubin <klyubin@google.com> |
am 6efa9351: Merge "Don\'t use deprecated OpenSSL functions." * commit '6efa9351a257edc53ce07eb8c544ccf08efb64ae': Don't use deprecated OpenSSL functions.
|
8e3f4510a88871a2d489ca4cdf7b738d4229053d |
|
08-Sep-2014 |
Paul Lawrence <paullawrence@google.com> |
HACK: Retry/reboot when mount reports busy. This is a hack because we don't know why mount() reports busy. Requires dependent change in syste/core: https://googleplex-android-review.git.corp.google.com/#/c/543125/ Bug: 17358530 Change-Id: I8d3078bc68f8c450adce2c3a4101b6a958f1c4a0
/system/vold/cryptfs.c
|
e17a9c4ad3ebb4051853a4860b18973e1a01ce11 |
|
08-Sep-2014 |
Shawn Willden <swillden@google.com> |
Change cryptfs keymaster padding to ensure the high bit is never 1, to ensure the padded message is never larger than the RSA public modulus. Bug: 17358530 Change-Id: I4dc488399c4ecfa2d24cacb839a9087e65475947
/system/vold/cryptfs.c
|
b2f682bda8443fb93ab67f19be84fd80d5ed2838 |
|
08-Sep-2014 |
Paul Lawrence <paullawrence@google.com> |
Fix Shamus bricked by encryption upgrade Bug: 17358530 Change-Id: I95207b62131224a2ed7ae3b75621a09acd69ea79
/system/vold/cryptfs.c
|
889c4f1e36f69c1d5a9a92a6ba40d8a729d3f7b0 |
|
03-Sep-2014 |
Adam Langley <agl@google.com> |
Don't use deprecated OpenSSL functions. This change simply switches from the deprecated EVP_{En|De}crypt{Init|Final} to the newer, _ex versions of the same. There is no difference in behaviour, save for calling EVP_CIPHER_CTX_init, as the deprecated versions are just wrappers around the _ex functions. See https://git.openssl.org/gitweb/?p=openssl.git;a=blob;f=crypto/evp/evp_enc.c;h=f705967a40ab92cdf3c2ba8dd6bc19680d6157d6;hb=HEAD#l274 This change is required for the transition to BoringSSL, which removes the deprecated functions. Bug: 17409664 Change-Id: I35c6cc2d86d0c876a9edaff1e5571170fe393d87 Signed-off-by: Adam Langley <agl@google.com>
/system/vold/cryptfs.c
|
47ba10d6d53e0d2e54453fe62324afdfa8d6c78a |
|
04-Sep-2014 |
Shawn Willden <swillden@google.com> |
Pad object to proper size before signing. Correct implementations of keymaster should reject using an n-bit RSA key to sign less than n bits of data, because we specify that keymaster should not perform padding. Change-Id: Ibdff1bbfbee84fd5bdbfb3149a124dbbaa7827fc
/system/vold/cryptfs.c
|
74f29f1df7d12c0cc06e9d6685adf15e757d8eda |
|
29-Aug-2014 |
Paul Lawrence <paullawrence@google.com> |
Don't test mount when we can use the crypto footer to test the password Note that this also changes the boot sequence, and moves the test for corrupted data to cryptfs_restart_internal. Bug: 17213613 Change-Id: I0f86e8fe3d482e2d1373bd0f4d0d861e63ad8904
/system/vold/cryptfs.c
|
00786076cd6a3a32a42f95b4813ea807321b3fda |
|
25-Aug-2014 |
Paul Lawrence <paullawrence@google.com> |
Merge "Don't reboot after default encrypting" into lmp-dev
|
715775046c79f04d8975da53efcfbd1b70abe699 |
|
13-Aug-2014 |
Paul Lawrence <paullawrence@google.com> |
Show correct remaining time In field reports, sometimes the remaining time gets stuck for many minutes. This has to be caused by a spurious low reading early on which cannot be overridded because of old logic. Solution: allow time to increase but only by large amounts (avoid time jittering up and down). Bug: 16973374 Change-Id: I49d23ae8c54ded416cbedf383a3c03b33dc02e1c
/system/vold/cryptfs.c
|
b6672e135ac7a5a1d5b1d277cf678096c57dd7dd |
|
15-Aug-2014 |
Paul Lawrence <paullawrence@google.com> |
Don't reboot after default encrypting Instead trigger normal default encryption mount Requires matching change to system/core: https://googleplex-android-review.git.corp.google.com/#/c/527286/ Bug: 17041092 Change-Id: Ifcf023386e08325db7dce61395fbb056f7d9815b
/system/vold/cryptfs.c
|
e82df164e8128ec9df0072c4a4f3d92e79a0f5f4 |
|
16-Aug-2014 |
Daniel Rosenberg <drosen@google.com> |
Revert "Revert "cryptfs: Added support for f2fs fast encryption"" This reverts commit a70abc60091aed3c3eaf8bc8e1766e233c1c3a2f. Change-Id: Ic41d1924638586cf9b2297f91ed5417f3b0303c6
/system/vold/cryptfs.c
|
a70abc60091aed3c3eaf8bc8e1766e233c1c3a2f |
|
15-Aug-2014 |
Jim Miller <jaggies@google.com> |
Revert "cryptfs: Added support for f2fs fast encryption" This reverts commit 74c01201dec12b5de43ba0f20a2f38e835cd00af. Change-Id: Ib397a2b5812179ee2e2b68de5d718077563adc1c
/system/vold/cryptfs.c
|
74c01201dec12b5de43ba0f20a2f38e835cd00af |
|
13-Aug-2014 |
Daniel Rosenberg <drosen@google.com> |
cryptfs: Added support for f2fs fast encryption Bug: 15749466 Change-Id: I25452a05e1cbe90ac6603a89db9b720c7ab17e55 Signed-off-by: Daniel Rosenberg <drosen@google.com>
/system/vold/cryptfs.c
|
d0c7b17070d4321fef096873b4890794024a5f63 |
|
08-Aug-2014 |
Paul Lawrence <paullawrence@google.com> |
Wipe userdata when password is good but it won't mount Store salted scrypt of intermediate key in crypto header When mount fails, check if matches, and if it does return error code prompting a wipe Bug: 11477689 Change-Id: I3dcf9e0c64f2a01c8ba8eaf58df82cbe717d421b
/system/vold/cryptfs.c
|
6bfed20c77184d00d948130d88d86db7ddd8a3f1 |
|
28-Jul-2014 |
Paul Lawrence <paullawrence@google.com> |
When encryption fails, reboot into recovery Set flag on starting encryption to say it failed, and only clear when we get into a recoverable state (partially or fully encrypted.) Go to recovery on seeing this flag on boot Bug: 16552363 Change-Id: I7e452b653edf3a087ecfaba8f81f41765a1c8daf
/system/vold/cryptfs.c
|
231bdba012fd7e6d545d8ba67b32e49a66ec52e0 |
|
26-Jun-2014 |
Elliott Hughes <enh@google.com> |
Fix an accidental PRId64 to PRIx64. Change-Id: Ic5313289d826bac74c3466b33f1f167a8f0955ad
/system/vold/cryptfs.c
|
cb33f5741cd37c93f7f1888a3dcbabdfab1524a9 |
|
26-Jun-2014 |
Elliott Hughes <enh@google.com> |
resolved conflicts for merge of afa60cee to master Change-Id: I1568def8839bed4d4d2dadbd97194d5603edc627
|
7373716c6d65ca328de11c994c60f698a9ef6290 |
|
26-Jun-2014 |
Elliott Hughes <enh@google.com> |
Fix vold %lld to PRId64. Change-Id: I6eb9f21fff124b8b22f4fae2ac74c2b41d93b384
/system/vold/cryptfs.c
|
62c7af38f2f30b3f152460a8f716fe43e4acad7b |
|
16-Jun-2014 |
JP Abgrall <jpa@google.com> |
cryptfs: makefs F2FS if the partition type is F2FS. When a crypto is enabled with a wipe flag (obsolete?), it will correctly handle the fstab's choice for the fs type. Remove the dead code for FAT_FS which was un-invocable. Change-Id: I8d141a0d4d14df9fe84d3b131484e9696fcd8870 Signed-off-by: JP Abgrall <jpa@google.com>
/system/vold/cryptfs.c
|
73d7a02dc6e18b4c0a6f29e8f89b432c1b6cc808 |
|
09-Jun-2014 |
Paul Lawrence <paullawrence@google.com> |
On low power turn off rather than rebooting to allow device to charge The code was using encrypted_upto == 0 as an indicator that encryption has succeeded. This meant that if no encryption happened, we would reboot continually. We now set encrypted_upto to fs_size when encryption is complete. Also don't start to encrypt unless we are at 10% power. Stop when we get to 5% power. This should lead to partial encryptions only very rarely. Bug: 15513202 Change-Id: I6214d78579d1fbbe2f63ee8862473d86a89d29b3
/system/vold/cryptfs.c
|
a96d9c9b3861506003930d4dbdc669173bf9a50e |
|
04-Jun-2014 |
Paul Lawrence <paullawrence@google.com> |
Calculate time to go while encrypting @bug 15159008 Change-Id: I6a96eeab180dceb0613202ba5d252036a0d5376f
/system/vold/cryptfs.c
|
58c58cf7ef922ef019ce78ce1c418a7643c39518 |
|
04-Jun-2014 |
Paul Lawrence <paullawrence@google.com> |
Show correct percentage when encrypting used blocks only Bug: 12975202 Change-Id: I7e4adfa2c4951055bbb2c11986a7784f465f586f
/system/vold/cryptfs.c
|
8c008397141bf9a7d619eb2c53452bf3e397da39 |
|
06-May-2014 |
Paul Lawrence <paullawrence@google.com> |
Fix encryption on Nakasi We need to make sure we don't try to read the flags on keymaster version 2 or below, or we get random junk. Requires https://googleplex-android-review.git.corp.google.com/#/c/460689/ Bug: 14384714 Change-Id: I5a4ede1bec0347b8319cedaae6535201c122cf48
/system/vold/cryptfs.c
|
69f4ebd81e22f91a4571763842b5960d95d2758d |
|
14-Apr-2014 |
Paul Lawrence <paullawrence@google.com> |
Add keymaster support to cryptfs Use keymaster to wrap the cryptfs keys. Requires selinux change https://googleplex-android-review.git.corp.google.com/#/c/449411 Bug: 9467042 Change-Id: If25a01cb85ed193a271d61382de0560d85553b7e
/system/vold/cryptfs.c
|
45f10533f8cb2e2ec8dc9803739870cbfafffebd |
|
04-Apr-2014 |
Paul Lawrence <paullawrence@google.com> |
Revert "Revert "Encrypt phone even if pattern or no keyguard"" Don't block based on keyguard type, and pass type to encryption function. Requires: https://googleplex-android-review.git.corp.google.com/#/c/444201/ or encryption will no longer work. This reverts commit efec3f2927c45979db2b78e7a6228d08aafb5e42. Change-Id: I431589a56eb11118027e0a5a84f55e973b1084aa
/system/vold/cryptfs.c
|
efec3f2927c45979db2b78e7a6228d08aafb5e42 |
|
03-Apr-2014 |
Paul Lawrence <paullawrence@google.com> |
Revert "Encrypt phone even if pattern or no keyguard" This reverts commit 5cc86c57416eccb70dcc949d68587f08726f96fa. Without two more commits, this will break encryption. I'll re-commit when the other two pass code review. Change-Id: I71720d065c16cf0f7f534e74ffe883f1e113c477
/system/vold/cryptfs.c
|
5cc86c57416eccb70dcc949d68587f08726f96fa |
|
02-Apr-2014 |
Paul Lawrence <paullawrence@google.com> |
Encrypt phone even if pattern or no keyguard Add option to enablecrypto to take type, allowing us to set type when encrypting. Bug: 13749169 Change-Id: If22fcfa93f1ebd1a5bd3b0077bb3bd8ae71fe819
/system/vold/cryptfs.c
|
07987073341e7f49d49b287e265f7dee4ae3081c |
|
24-Mar-2014 |
Paul Lawrence <paullawrence@google.com> |
Merge "Fix setfield/getfield"
|
cc215381dd5003b1d6c6b32c1745f8c06fb8a499 |
|
21-Mar-2014 |
Paul Lawrence <paullawrence@google.com> |
Merge "Store password in vold"
|
87999173dd79dbcbd8cb97f5476007e867aaeeba |
|
20-Feb-2014 |
Paul Lawrence <paullawrence@google.com> |
Don't corrupt ssd when encrypting and power fails Stop encryption when battery is low, mark position, and continue on reboot. Note - support for multiple encrypted volumes removed as no devices seem to exist with an fstab that uses this feature. If you want support for such a device, contact me and we will re-add it with appropriate testing. Bug: 13284213 Change-Id: I1f7178e4f7dd8ea816cbc03ab5c4f6543e98acaa
/system/vold/cryptfs.c
|
399317ede45340eebc035ba204b6201b6d62dd66 |
|
10-Mar-2014 |
Paul Lawrence <paullawrence@google.com> |
Store password in vold If we are not to double prompt, we need to pass the password from CryptKeeper to KeyStore. Since the entire framework is taken down and restarted, we must store the password in a secure system daemon. There seems no better way than holding it in vold. Change-Id: Ia60f2f051fc3f87c4b6468465f17b655f43f97de
/system/vold/cryptfs.c
|
8561b5c9f5d2f9c5e3f8e2963bdffe9ff3706b04 |
|
17-Mar-2014 |
Paul Lawrence <paullawrence@google.com> |
Fix setfield/getfield Check for versions >= feature version, not equal Bug: 13526708 Change-Id: Ie07f6334e6b7c5ca0d7f83ba00827a508e2c2963
/system/vold/cryptfs.c
|
684dbdf316a02cf6a7694018f7c3a4bcd65142cc |
|
07-Feb-2014 |
Paul Lawrence <paullawrence@google.com> |
Infrastructure to securely allow only one prompt at boot when encrypted Add a call to vold that says if we decrypted the data partition. Reset the flag so that it only returns true the first time. Bug: 12990752 Change-Id: Ib00be87137c00fb8ad29205c85a3ea187764b702
/system/vold/cryptfs.c
|
13486033575e6e4affccbb3dd201515d79f6f44b |
|
03-Feb-2014 |
Paul Lawrence <paullawrence@google.com> |
Enable auto-encrypt drive at startup Modify enablecrypto command to make the password optional. When it is not there, default encrypt the device. Remove a warning by making at least some parts of this file const-correct. Bug: 11985952 Change-Id: Ie27da4c4072386d9d6519d97ff46c6dc4ed188dc
/system/vold/cryptfs.c
|
931f15d050d268619c3c9103b080009435267d69 |
|
14-Feb-2014 |
Paul Lawrence <paullawrence@google.com> |
Merge "Support default, pattern, pin and password encryption types"
|
2c1bbe0c4445ac7327956599cd3eabe8eb692f9f |
|
13-Feb-2014 |
Mark Salyzyn <salyzyn@google.com> |
am 49dd24c2: am 1dc1fb4a: Merge "vold: suppress unused argument warning messages" * commit '49dd24c238e86c57e97f919af7fbf8ee3d79b737': vold: suppress unused argument warning messages
|
f4faa575c9fc20a8a8e133d6098865b5ce3a7ed2 |
|
29-Jan-2014 |
Paul Lawrence <paullawrence@google.com> |
Support default, pattern, pin and password encryption types Store encryption type in crypto footer, and provide functions to manipulate it. Add mount_default_encrypted command to vdc to allow mounting of default encrypted volumes at boot time. Bug: 8769627 Change-Id: Ie41848f258e128b48b579e09789abfa24c95e2b2
/system/vold/cryptfs.c
|
5eecc449cc75771cc0c6eb0ad936117d16704b83 |
|
12-Feb-2014 |
Mark Salyzyn <salyzyn@google.com> |
vold: suppress unused argument warning messages (cherry picked from commit 3e971277db0d87652af5622c989233e7159ab909) Change-Id: Ic1ab533f756fbd44b1f2e5ae12e2f5736ace7740
/system/vold/cryptfs.c
|
3e971277db0d87652af5622c989233e7159ab909 |
|
21-Jan-2014 |
Mark Salyzyn <salyzyn@google.com> |
vold: suppress unused argument warning messages Change-Id: Ic1ab533f756fbd44b1f2e5ae12e2f5736ace7740
/system/vold/cryptfs.c
|
88948cd60cb3ca05704621cdc89de70e0c20ef83 |
|
10-Feb-2014 |
Colin Cross <ccross@android.com> |
am e985c9ab: am 1d8e3ce8: Merge "vold: fix errors inside ALOGV" * commit 'e985c9ab10fed452b97138170b4d69288d076b06': vold: fix errors inside ALOGV
|
59846b654e8b4a22a1be11cd21d6c5b81375abd2 |
|
07-Feb-2014 |
Colin Cross <ccross@android.com> |
vold: fix errors inside ALOGV Fix errors exposed by adding compile-time checking to disabled ALOGVs. Change-Id: I29bd6e9a7648ccca02e0e9a96b79ee0ea7b5cfc6
/system/vold/cryptfs.c
|
ae59fe6c1988af93c171e1b921a465c4fb1daabb |
|
21-Jan-2014 |
Paul Lawrence <paullawrence@google.com> |
Fast ext4 encryption For ext4 filesystems, only encrypt blocks in use. Needs matching ext4 utils changes from https://googleplex-android-review.git.corp.google.com/#/c/409575 Bug: 11985952 Change-Id: I89df051c25105daf3f469cc980195202f8be6786
/system/vold/cryptfs.c
|
6fd5771337fddc13bfd8b8030a0767a9f0c47f98 |
|
17-Dec-2013 |
Doug Zongker <dougz@android.com> |
allow encrypted filesystems to be mounted readonly By setting ro.crypto.readonly to 1, cryptfs will mount an encrypted filesystem that is normally mounted read-write as read-only instead. To be used when recovery mounts /data. Bug: 12188746 Change-Id: If3f3f9a3024f29ebc4ad721a48546a332cb92b6b
/system/vold/cryptfs.c
|
dbf5b6652c04fbb59999d3a77c2229b070c154f3 |
|
15-Nov-2013 |
JP Abgrall <jpa@google.com> |
am 46f8c2b9: am 7bdfa52d: vold: cryptfs: Don\'t update KDF without validating pwd/key. * commit '46f8c2b954e11c2266871b8110b74bd6a11f3661': vold: cryptfs: Don't update KDF without validating pwd/key.
|
7bdfa52d934465e2182e2f1c200c4d8581ad5da6 |
|
15-Nov-2013 |
JP Abgrall <jpa@google.com> |
vold: cryptfs: Don't update KDF without validating pwd/key. Prior to this, the Key derivation function would get blindly updated even if the user entered the wrong password. Now, we only attempt to upgrade the KDF if the pwd/key have been verified (i.e. after a successful mount). Bug: 11460197 Change-Id: I0469228cc9b87c47754e8ca3c7146651da177da5
/system/vold/cryptfs.c
|
502dc74153397e56d5410f8a8250b5581643b9ef |
|
01-Nov-2013 |
JP Abgrall <jpa@google.com> |
vold: cryptfs: Retry encryption after killing processes using /data Currently, if a non-framework process or service is using /data, unmounting will fail as nothing will kill it. Instead of rebooting on unmount failure, we now kill all processes using /data, then try one more time. Bug: 11291208 Change-Id: I6c5276c78aa55965914ace96e1db74dc80fca3c1
/system/vold/cryptfs.c
|
e550f78a3ff5985ba21cac263629c957500ef4e4 |
|
20-Aug-2013 |
Ken Sumrall <ksumrall@android.com> |
Use android_fork_execvp() instead of system(3) to format filesystems With the recent selinux changes imposed on vold, it no longer has permission to run a shell, so invoking the filesystem formatting commands with system(3) gives an error. So change to using android_fork_execvp(). Bug: 10279958 Change-Id: Ifa18b28867618858ec7c5cfcc67935e377de38fb
/system/vold/cryptfs.c
|
2947e34e416d4075b8717ebcab6134b2d64a7142 |
|
15-Aug-2013 |
Kenny Root <kroot@google.com> |
Initialize iterator Iterator wasn't initialized in scrypt parameter scanning. Bug: 10330227 Change-Id: If41fc25d9f827106fa8329bdb5966b7d786fddcb
/system/vold/cryptfs.c
|
558830c38a2c0224781a6ed6ab9659fdc450c958 |
|
28-Jun-2013 |
Ken Sumrall <ksumrall@android.com> |
Merge "vold: Use the new method of rebooting by asking init to do it"
|
adfba3626e76c1931649634275d241b226cd1b9a |
|
05-Jun-2013 |
Ken Sumrall <ksumrall@android.com> |
vold: Use the new method of rebooting by asking init to do it Change-Id: I7fd5f1048c3cf43fa14597f079c929690cac367c
/system/vold/cryptfs.c
|
c4c70f15bb8845b02f9ec1d624794757badd6933 |
|
14-Jun-2013 |
Kenny Root <kroot@google.com> |
Change key derivation to scrypt scrypt is a sequential memory-hard key derivation algorithm that makes it more difficult for adversaries to brute force passwords using specialized equipment. See http://www.tarsnap.com/scrypt/scrypt.pdf for more details of the algorithm. This adds support for initializing disk encryption using scrypt and upgrading from the previous PBKDF2 algorithm. Change-Id: I1d26db4eb9d27fea7310be3e49c8e6219e6d2c3b
/system/vold/cryptfs.c
|
c96a5f8edf65a8abe441d0cfd3ce227bdf1bf55f |
|
14-Jun-2013 |
Kenny Root <kroot@google.com> |
Extract some version constants to header In order to make it easier to upgrade the crypto footer, extract some constants to a header file instead. Then the header can control what the current version is and the upgrade_crypto_ftr code should be the only thing that needs to be updated. Change-Id: I3ed5a7d3b640419cd8af91388d94a00de8cc09db
/system/vold/cryptfs.c
|
7434b3111b80d2b84ddf656b66b7bf6591de5ab6 |
|
14-Jun-2013 |
Kenny Root <kroot@google.com> |
Change upgrade code to allow multiple versions In the future, we'd like to have the ability to upgrade from any supported version to any future version. Change the upgrade function slightly to support this. Change-Id: I3b20ccfff51c4c86f1e5e08690c263dc95ff5ce4
/system/vold/cryptfs.c
|
9caab76c6b5aefdeeb1715a3695491ca793b8c18 |
|
12-Jun-2013 |
Ken Sumrall <ksumrall@android.com> |
vold: Add an optional wipe paramter to the volume format command The new wipe option to the vold format command will invoke BLKDISCARD on the partition before invoking newfs_msdos. This will be used whenever a full wipe of the device is wanted, as this is more secure than just doing newfs_msdos. Bug: 9392982 Change-Id: Ie106f1b9cc70abc61206006d1821641c27c7ccae
/system/vold/cryptfs.c
|
e88e1eb745814740f6178047cb3578320058e0d0 |
|
15-May-2013 |
Ken Sumrall <ksumrall@android.com> |
am c587269c: vold: Increase timeout due to selinux changes * commit 'c587269c5a34d4e7412ff42e53ed6312359a8505': vold: Increase timeout due to selinux changes
|
c587269c5a34d4e7412ff42e53ed6312359a8505 |
|
15-May-2013 |
Ken Sumrall <ksumrall@android.com> |
vold: Increase timeout due to selinux changes The new selinux_reload_policy command can take a while to complete on some systems. The reason is being investigated, and hopefully a fix can be found to improve performance, but for now, increase the timeout that vold waits for the post_fs_data section to complete when decrypting a device on boot. Also, emit a decent error message if the device times out. Bug: 8967715 Change-Id: Ifb01c983dffe095a9de752c17c467a1751e9ce99
/system/vold/cryptfs.c
|
707795ad392758b5f02f4655185afaa169c91dfe |
|
11-May-2013 |
Alex Klyubin <klyubin@google.com> |
Fix a typo in a comment Change-Id: Ibb9667d762189849ebcbefef4ba70ffd34cf885e
/system/vold/cryptfs.c
|
160b4d68ece15947057e31edde4e5608a010c695 |
|
22-Apr-2013 |
Ken Sumrall <ksumrall@android.com> |
vold: Add support for unencrypted persistent info In order to display the correct language, timezone, airplane mode and other settings on the decrypt screen, a copy of those settings needs to be stored unencrypted so the framework can query them. This adds support to vold to store up to 32 property like key/value pairs that are not encrypted. Change-Id: Id5c936d2c57d46ed5cff9325d92ba1e8d2ec8972
/system/vold/cryptfs.c
|
56ad03cae13524b32898dc4ccf01040ced5a53b4 |
|
13-Feb-2013 |
Ken Sumrall <ksumrall@android.com> |
vold: use unified fstab format Change vold to use the unified fstab. This includes both support for sdcards, and changes to the crypto code to work with some changes to the fs_mgr library api. Change-Id: Id5a8aa5b699afe151db6e31aa0d76105f9c95a80
/system/vold/cryptfs.c
|
db5e026058927347ccff8f170c8f160b28cbc75b |
|
06-Feb-2013 |
Ken Sumrall <ksumrall@android.com> |
Enable allow_discards if dm-crypt supports it dm-crypt version 1.11.0 and later supports the allow_discards option when setting up a crypto device. This passes discard requests from the filesytem to the underlying block device. This helps make flash based storage faster. So query the dm-crypt version, and pass the option if the version is 1.11.0 or greater. Change-Id: If30e9db5a2dbd6ea0281d91344e5b2c35e75131e
/system/vold/cryptfs.c
|
92736efab068bdbfeb1177544907b84511fb04e0 |
|
18-Oct-2012 |
Ken Sumrall <ksumrall@android.com> |
Another fix for encryption The previous problem of the framework not properly restarting after accepting the password to decrypt the storage is also a problem when restarting the framework to display the encryption progress screen. So like the previous hacky fix, add a sleep to wait a few moments before proceeding. Also, increase the sleep of the previous fix from 1 second to 2, as the problem was seen once more in testing. A proper fix has been designed and hopefully will work and be checked-in RSN. Change-Id: Icc2c072ce7f7ebcdea22cd7ff8cb2b87a627c578
/system/vold/cryptfs.c
|
9dedfd473dc59e0277004e5b917e4eced02c8af5 |
|
09-Oct-2012 |
Ken Sumrall <ksumrall@android.com> |
Fix encryption on certain devices There is a race in the encryption code that after it accepts the decryption password, it tells init to kill all the processes in class "main", then it mounts the decrypted filesystem, preps it, and restarts the framework. For an unknown reason on some devices, the new framework sometimes starts up before init has killed and reaped all the old processes. The proper fix is to make the killing of the old framework synchronous, so vold waits till all the processes have died. But with factory rom a few days away, the much more pragmatic solution of adding a sleep of 1 second after telling init to kill the old framework will suffice. Bug: 7271212 Change-Id: Ie971cd04abbc6f3f6500b4acd79d3b3b26d9561c
/system/vold/cryptfs.c
|
b77bc4696b19d9b1ef82810f8d5f671c963d1dc1 |
|
01-Oct-2012 |
Jeff Sharkey <jsharkey@android.com> |
Update environment variable for multi-user. Bug: 7260040 Change-Id: I96d821e11a3f0be32bfe92a4151f00f2b15d100e
/system/vold/cryptfs.c
|
e919efea94b178ed214ed2e78ef0d008727d62ab |
|
30-Sep-2012 |
Ken Sumrall <ksumrall@android.com> |
Workaround a kernel race when loading dmcrypt table The kernel seems to return from umount(2) sometimes before it has released the underlying block device. So until the kernel is fixed, try up to 10 times to load the crypto mapping table, waiting 500 ms between tries. bug: 7220345 Change-Id: Iad3bbef37cbe2e01613bb8a8c4886babdecb8328
/system/vold/cryptfs.c
|
7382f81fba895f1ac970ac2fad875f35836b8082 |
|
23-Aug-2012 |
Jeff Sharkey <jsharkey@android.com> |
Unmount external storage on multi-user devices. Bug: 7044670 Change-Id: If1f99968b0392cae9420d067c75bfc18d1067b2c
/system/vold/cryptfs.c
|
912d0b07555eb691f0320530c4e0f6ab85521e95 |
|
29-Jun-2012 |
Ken Sumrall <ksumrall@android.com> |
Merge "Fix a typo in cryptfs.c"
|
319369ac111aec79b42668477c998c36b5f3be06 |
|
28-Jun-2012 |
Ken Sumrall <ksumrall@android.com> |
Fix a typo in cryptfs.c Change-Id: If629fa996b135e432bc89da7518b0c1f02750b45
/system/vold/cryptfs.c
|
4684e58a8d1d502012c48295233e6663043cfb0b |
|
27-Jun-2012 |
Nick Kralevich <nnk@google.com> |
Add mode when open(O_CREAT) is used. When creating a new file using open(..., O_CREAT), it is an error to fail to specify a creation mode. If a mode is not specified, a random stack provided value is used as the "mode". This will become a compile error in a future Android change. Change-Id: I761708c001247d7a2faac2e286288b45bfecc6f7
/system/vold/cryptfs.c
|
425524dba1552ab3d2ad39e205e65d0a2af997f2 |
|
15-Jun-2012 |
Ken Sumrall <ksumrall@android.com> |
Unmount all asec apps before encrypting Now that forward locked apps are stored on /data as asec image files that are mounted, they need to be unmounted before /data can be unmounted so it can be encrypted. Change-Id: I7c87deb52aaed21c8ad8ce8aceb7c15c2338620a
/system/vold/cryptfs.c
|
e5032c42da3c33a854df0a24a7968b4ab54190b9 |
|
02-Apr-2012 |
Ken Sumrall <ksumrall@android.com> |
Changes to encryption to work with the new filesystem manager The new filesystem manager is in charge of mounting the block devices now, removing much of the knowledge from init.<device>.rc. This also let us clean up some init code dealing with encryption, so this change updates vold to work with that. More cleanup is possible, but the main goal of the filesystem manager was to enable e2fsck, not a full cleanup of encryption. Change-Id: I00ea80a923d14770ed8fdd190e8840be195f8514
/system/vold/cryptfs.c
|
f0679f0da4970f04e1cb03f4cb0fcde29e3e7098 |
|
02-Apr-2012 |
Ken Sumrall <ksumrall@android.com> |
Changes to encryption to work with the new filesystem manager The new filesystem manager is in charge of mounting the block devices now, removing much of the knowledge from init.<device>.rc. This also let us clean up some init code dealing with encryption, so this change updates vold to work with that. More cleanup is possible, but the main goal of the filesystem manager was to enable e2fsck, not a full cleanup of encryption. Change-Id: I00ea80a923d14770ed8fdd190e8840be195f8514
/system/vold/cryptfs.c
|
d02a47239c6a92a16530fd7101c53fd39eeae05c |
|
10-Mar-2012 |
Ken Sumrall <ksumrall@android.com> |
Merge "Fix to not return a bogus decryption error when a device is not encrypted."
|
ee6d8c42f337ea1446a319df53f6d1a96afbd209 |
|
15-Feb-2012 |
Mike Lockwood <lockwood@google.com> |
Add support for wiping data immediately if crypt fails Needed for headless devices that need to recover with no user intervention Bug: 5556856 Change-Id: I0f85591df513a6893324fb057bde114ac1df044b Signed-off-by: Mike Lockwood <lockwood@google.com>
/system/vold/cryptfs.c
|
e1a458578474954ea38456aacedbaf2ddfd37988 |
|
15-Dec-2011 |
Ken Sumrall <ksumrall@android.com> |
Fix to not return a bogus decryption error when a device is not encrypted. If there is filesystem damage on a non-encrypted device, and /data is not mountable, and if the device stores the keys in a file on a different partition (like on Crespo) then, vold would return an error which caused the crypto UI to present an option to the user to wipe the device because it assumed encryption had failed. This fixes it to not do that. Change-Id: Ibff6299787b45768416dbc4052de7db3b140b808
/system/vold/cryptfs.c
|
3ad9072a5d6f6bda32123b367545649364e3c11d |
|
05-Oct-2011 |
Ken Sumrall <ksumrall@android.com> |
Add the new verifypw command to vold/cryptfs This vold command returns 0 if the given password matches the password used to decrypt the device on boot. It returns 1 if they don't match, and it returns -1 on an internal error, and -2 if the device is not encrypted. Also check the uid of the sender of the command and only allow the root and system users to issue cryptfs commands. Change-Id: I5e5ae3b72a2d7814ae68c2d49aa9deb90fb1dac5
/system/vold/cryptfs.c
|
3be890f59c04f94537f2f66f1d2841ed591f1a6e |
|
15-Sep-2011 |
Ken Sumrall <ksumrall@android.com> |
Fix cryptfs to work with a raw block device for key storage If a raw block is specified for key storage, do not try to force the size of the file to 16 Kbytes when writing the keys, and do not complain if the size is not 16 Kbytes when reading the keys. Only do them if the keyfile is a regular file. Change-Id: I4de1cb7c3614479d93289d4f2767ca6ce1bbbc73
/system/vold/cryptfs.c
|
0b8b59719357fb80c330442787f7d5b1e332263b |
|
01-Sep-2011 |
Ken Sumrall <ksumrall@android.com> |
Add the ability to revert a crypto mapping when unmounting a volume Add the force_and_revert option to the unmount command which will force the unmount, and revert a crypto mapping. This is used during factory reset so that when the internal sdcard volume is formatted, it formats the raw device, not the encrypted mapping. Change-Id: I36b6ff9bb54863b121de635472a303bf4a2334a9
/system/vold/cryptfs.c
|
3b17005083be230509480ea65ae67c237142fada |
|
12-Jul-2011 |
Ken Sumrall <ksumrall@android.com> |
Prevent sharing or formatting of a vold managed volumes during encryption. Mounting was already not allowed, but also unshare before starting encryption, and don't allow sharing or formatting to be initiated during encrytion. Change-Id: Ida188d81f025739ba4dd90492b3e66088735991e
/system/vold/cryptfs.c
|
128626fc5aa3bf12d1ae5981c7f84f63625e8972 |
|
29-Jun-2011 |
Ken Sumrall <ksumrall@android.com> |
Fix to display the proper percentage complete during encryption. Forgot to include the size of the userdata partition when computing the total size of vold managed volumes to encrypt. Change-Id: I237548439d4380b4225ffbc603fa972c3b1c5bae
/system/vold/cryptfs.c
|
319b1043bbbd410aa2d572d88b5936f26072d026 |
|
14-Jun-2011 |
Ken Sumrall <ksumrall@android.com> |
Don't abort the encryption process if an internal volume is present but unmounted. It is not a failure if the SD card is not mounted. Change-Id: If954f77c55ac124b9b7b39c89ffbafb4e5ea9e98
/system/vold/cryptfs.c
|
29d8da8cefa99e436c13295d4c9bad060ca18a6d |
|
19-May-2011 |
Ken Sumrall <ksumrall@android.com> |
vold: allow to store key in a file on another partition Add support for keeping the keys in a separate file on another partition, for devices with no space reserved for a footer after the userdata filesystem. Add support for encrypting the volumes managed by vold, if they meet certain criteria, namely being marked as nonremovable and encryptable in vold.fstab. A bit of trickiness is required to keep vold happy. Change-Id: Idf0611f74b56c1026c45742ca82e0c26e58828fe
/system/vold/cryptfs.c
|
ad2ac33460d6ee1436b68bab1f820e3b6d3efeb4 |
|
09-Mar-2011 |
Ken Sumrall <ksumrall@android.com> |
Load persistent properties after mounting an encrypted /data partition. Fix for bug 3415286. Trigger an action in init.rc to load the persistent properties after /data has been decrypted and mounted. Change-Id: I5fe3b481bcc6963113e830728c204b22ffc3b722
/system/vold/cryptfs.c
|
c290eaf6852c6318584926c5e39b27672638891f |
|
08-Mar-2011 |
Ken Sumrall <ksumrall@android.com> |
Teach vold to use the new android_reboot() function. The new android_reboot() function is a nicer way to reboot. It can optionally sync(2) and remount as read-only writable filesystems. This fixes bug 3350709. Change-Id: I4618bd5e8cccdce08494a7ca3f40ef72b2875e68
/system/vold/cryptfs.c
|
cd235da6fb36a5c7c90faf91e7d65a587f146f92 |
|
15-Feb-2011 |
Ken Sumrall <ksumrall@android.com> |
Enable detection of failed encryption process, for bug 3384231. Need to detect if the encryption process didn't finish successfully, and if so, provide a way for the UI to detect that and give the user an option to wipe the system clean. Otherwise, the user is stuck in a reboot loop, and they will need to do magic button presses to enter recovery and wipe the device to get out of it. Change-Id: I58253e1e523ee42bdd1a59aa7d8a9d20071bd18b
/system/vold/cryptfs.c
|
7f7dbaa2784c10fd2989fb303e5edfb8136d53dc |
|
02-Feb-2011 |
Ken Sumrall <ksumrall@android.com> |
Improve detection of incomplete encryption Bug 3384231 is punted to MR1, but the code to set the flag is already in the tree, so this CL does 3 things: 1. Comments out the lines that set the flag 2. Removes the change to the checkpw that was added in the last change. 3. Implements a new command to check the flag (which no one is calling yet and the flag won't be set anyhow). When MR1 comes, it will be a simple matter to enable the flag setting code and start testing it. The fear is a false positive detection of incomplete encryption could cause people to be prompted to wipe their data when MR1 comes out and the flag is checked. Not setting this for first release, and testing this more before MR1, will give us confidence that the code will not detect false positives of encryption failure. Change-Id: I6dfba11646e291fe5867e8375b71a53c815f3968
/system/vold/cryptfs.c
|
d33d417e3a057fffad22c23f5f002177531db2a5 |
|
01-Feb-2011 |
Ken Sumrall <ksumrall@android.com> |
Detect when encryption failed to complete For the case there encryption failes to complete because of a kernel crash or the user power cycling the device, define a flag in the crypto footer that says encryption is in progress. Set it when starting the actual encryption, and clear it when it successfully completes. When the user is asked for the disk password, if the flag is set, return a special error to the caller so the UI can know to tell the user there is no valid data on the disk, and present a button to wipe and reset the device. Change-Id: I3723ec77f33437d94b3ac9ad5db0a5c950d11648
/system/vold/cryptfs.c
|
5d4c68e40700424b65a4331be75620706a0dd49c |
|
31-Jan-2011 |
Ken Sumrall <ksumrall@android.com> |
Have vold grab a partial wakelock when encrypting The Progress bar UI grabs a full wakelock when encrypting, but we've seen a case where it looks like the progress bar UI crashes, and the wakelock is lost, and then all hell breaks loose. The enablecrypto command has a lot of work to do, and it will take some time, so it should grab a wakelock to ensure it can finish without being interrupted and put to sleep. It grabs a partial wake lock, as it doesn't need the screen to be on to do its work. If the UI wants to keep it on, it should also grab a full wakelock, which it does. If the UI crashes, the screen may turn off, but the encryption will keep going, and vold will reboot the device when it's done. Change-Id: I51d3a72b8c77383044a3facb1604c1ee510733ae
/system/vold/cryptfs.c
|
3f476690eaef3b824255813ed335284ef9a90e91 |
|
30-Jan-2011 |
Ken Sumrall <ksumrall@android.com> |
Merge "Don't try to encrypt in place a filesystem that is too large and return proper errors" into honeycomb
|
3ed8236de11a1be8b45d4c37b2208682f5e97c72 |
|
29-Jan-2011 |
Ken Sumrall <ksumrall@android.com> |
Don't try to encrypt in place a filesystem that is too large and return proper errors If the already existing filesystem encompasses the entire /data partition and does not leave the last 16 Kbytes for the crypto footer, refuse to do encrypt in place and return an error. This is only an issue for folks with early development systems trying to encrypt an old /data. This should not be seen in released devices. Also, if there is an error, try to report back to the UI what the error was so it can deal with it. Change-Id: If66781a4fe03034c96c3dd12075240deb8663db0
/system/vold/cryptfs.c
|
70a4b3fd7a84a84bbe6e9d6d4ca3ee2098259fd9 |
|
28-Jan-2011 |
Jason parks <jparks@google.com> |
Change cryptfs changepw to only require a new password. The master key is now stored unhashed in memory. This is needed because certain operation like remote reseting of passwords the old password is not avaliable. The changepw interface has been changed to only take the new password as the only argument. When this is called we reencrypt the master key with the new password and old salt. Bug: 3382129 Change-Id: I9a596b89013194605d6d7790067691aa0dc75e72
/system/vold/cryptfs.c
|
e87440703663f5ee326326f6438f3b00ea315623 |
|
19-Jan-2011 |
Ken Sumrall <ksumrall@android.com> |
Create and use a salt when calling pbkdf2 to encrypt/decrypt the master key. In order to prevent rainbow table attacks on decrypting the master key, create a 16 byte "salt" by reading /dev/urandom. This is done right after reading urandom to get the master key for the filesystem. The salt is stored 32 bytes after the end of the key (a padding added to help prevent accidental overwriting of the salt) and the salt is fixed at 16 bytes long. This change will make existing encrypted filesystems unusable. Change-Id: I420549d064c61d38aea78eef4d86c88acb265ca3
/system/vold/cryptfs.c
|
0cc166385a7e1d3026bbcb62f094e419f779e872 |
|
19-Jan-2011 |
Ken Sumrall <ksumrall@android.com> |
Verify that it's OK to run the various cryptfs commands Maintain and query some internal state to know if it's OK to run the various cryptfs commands. Do not allow enablecrypto to run if the device is already encrypted. Do no allow restart to run if we have already run it before or if the password has not been validated. Do not allow checkpw to run if not encrypted, or it has already validated the password. This is an extra layer of safety on top of the checks up in the UI code agains possible DoS attacks on the device. Change-Id: I9afc8d42773020e82a512e6b637feede101d1362
/system/vold/cryptfs.c
|
7df84120b25dca713f623528801385b00208c2aa |
|
18-Jan-2011 |
Ken Sumrall <ksumrall@android.com> |
Don't wait for the framework to come up before starting to encrypt in place. Also, change the value that triggers the progress bar framework from "startup" to "0" in the property vold.encrypt_progress. Change-Id: I3890e66a95283ce2ceeca82f516859b083919b9e
/system/vold/cryptfs.c
|
57b63e61cb41e377708a4fdf18ecc80eb1b2b521 |
|
18-Jan-2011 |
Ken Sumrall <ksumrall@android.com> |
Minor tweaks to logging for the cryptfs changepw command. Change-Id: I87ff9788a56de6d461002407bf6c3cd4c6f900ee
/system/vold/cryptfs.c
|
8ddbe40a8a8708dac7c472fa8c098c8f7b24534c |
|
18-Jan-2011 |
Ken Sumrall <ksumrall@android.com> |
Updates to cryptfs framework. Update the enable inplace API to allow the UI to show a progress bar. Add new command changepw (whichis currently not working) Internal restructuring of code to support these two features. Some minor cleanup of the code as well. Change-Id: I11461fc9ce66965bea6cd0b6bb2ff48bcf607b97
/system/vold/cryptfs.c
|
6864b7ec94a57b73c300457955d86dc604aeddf5 |
|
15-Jan-2011 |
Ken Sumrall <ksumrall@android.com> |
Change the cryptfs command to separate out checking the password and restarting In order to make the animations and the UI look right, we need to change the cryptfs checkpw command to return a status if the password was correct or not, and not have it automatically restart if it's correct. There is a new command restart that will restart the framework with the encrypted filesystem. Change-Id: Ia8ae00d7ed8667699aa58d05ad8ba953cca9316e
/system/vold/cryptfs.c
|
2eaf7138528d30c331d83ab8346a97e66b5499e2 |
|
14-Jan-2011 |
Ken Sumrall <ksumrall@android.com> |
Cleanup a few issues with the cryptfs code. Now that the framework shuts down quickly, remove the 30 second sleep when enabling crypto. Also, stop spewing the secret master key to the disk in the system log! Change-Id: Icb3f9456ababe3dff8de52cbbae92da0e9e5dd2f
/system/vold/cryptfs.c
|
8f869aa1bc685b505c58e97b4e11a9c7491a16f9 |
|
03-Dec-2010 |
Ken Sumrall <ksumrall@android.com> |
Support for encrypting /data on Stingray. There are still a few hacks and performance issues related to shutting down the framework in this code, but it is functional and tested. Without the UI changes, it requires cryptic adb shell commands to enable, which I shall not utter here. Change-Id: I0b8f90afd707e17fbdb0373d156236946633cf8b
/system/vold/cryptfs.c
|