Cross Reference: /frameworks/base/core/java/android/os/storage/IMountService.java

History log of /frameworks/base/core/java/android/os/storage/IMountService.java
Revision	Date	Author	Comments (<<< Hide modified files) (Show modified files >>>)
cc70155f3bf18341296aaa2163bd2e7df6997b11	17-May-2016	Paul Crowley <paulcrowley@google.com>	Two phases to set the password for disk encryption Revert "Revert "Two phases to set the password for disk encryption"" This reverts commit a1eb750e75ff7c7ef7698deed4442449c33334c8. Bug: 28154455 Bug: 28694324 Change-Id: I8106bfba28da401b9fd38349c6a9fa9a24f54712 /frameworks/base/core/java/android/os/storage/IMountService.java
a1eb750e75ff7c7ef7698deed4442449c33334c8	10-May-2016	Paul Crowley <paulcrowley@google.com>	Revert "Two phases to set the password for disk encryption" This reverts commit 17e5dce5112fece2d2b9cd070c2f96bf65108e40. Bug: 28694324 Change-Id: I6d89bc26cb429b195c9bcf640666c495617257b7 /frameworks/base/core/java/android/os/storage/IMountService.java
17e5dce5112fece2d2b9cd070c2f96bf65108e40	22-Apr-2016	Paul Crowley <paulcrowley@google.com>	Two phases to set the password for disk encryption In one phase, we make the new password work, and in the second we make it the only one which works ("fixation"). This means that we can set the password in Gatekeeper between these two phases, and a crash doesn't break things. Unlocking a user automatically fixates the presented credential. Bug: 28154455 Change-Id: I18812f9ce753486ce4e33b4fe2cca392b006b39c /frameworks/base/core/java/android/os/storage/IMountService.java
fcf1e55821b694df3b8434f40aa3b6d3c3e7ea50	15-Apr-2016	Jeff Sharkey <jsharkey@android.com>	Consistent creation/destruction of user data. Preparing and destroying users currently needs to be split across installd, system_server, and vold, since no single party has all the required SELinux permissions. When preparing user directories on a storage device, always enforce the serial number and destroy data if we run into a mismatch. When deleting a user, write the updated user list first before we start destroying data. Also start reconciling users on internal storage at boot, so we can recover from stale data left behind from partially destroyed users. Check both CE and DE user directories when reconciling user storage on a newly mounted storage device. Bug: 27896918 Change-Id: I4536c82b0196e2720628c4f73fccb742c233350b /frameworks/base/core/java/android/os/storage/IMountService.java
20be5d62471d520eed3a52d90c11944464a71c07	26-Feb-2016	Paul Lawrence <paullawrence@google.com>	Add API to IMountService to get encryption state Bug: 18002358 Change-Id: If7d9c9a5ed38ac37849fcf638ec10c76d2f419a1 /frameworks/base/core/java/android/os/storage/IMountService.java
faeb3eb0ba190e6d6cfe2b82ce20af587848de57	08-Feb-2016	Paul Crowley <paulcrowley@google.com>	Password security for FBE disk encryption keys Add the means to protect FBE keys with a combination of an auth token from Gatekeeper, and a hash of the password. Both of these must be passed to unlock_user_key. Keys are created unprotected, and change_user_key changes the way they are protected. Bug: 22950892 Change-Id: Ie13bc6f82059ce941b0e664a5b60355e52b45f30 /frameworks/base/core/java/android/os/storage/IMountService.java
47f7108c1270a9e81d9560b6b0570c659bb93a71	02-Feb-2016	Jeff Sharkey <jsharkey@android.com>	Prepare user storage just before using it. Wire up preparing of user-specific app storage to existing user lifecycle hooks. This way we're sure the storage is ready to roll just before we start reconciling app data directories. This also has the nice property that we only prepare storage when we know that keys are unlocked. Bug: 25796509 Change-Id: Ic7df9ddbcfb1e20649d11b6cf68d424e3c365ee1 /frameworks/base/core/java/android/os/storage/IMountService.java
c4dd021322d38ea32ac49930e904b6d08ce6490c	18-Nov-2015	Lenka Trochtova <ltrochtova@google.com>	Introduce ephemeral users. BUG: 24883058 Change-Id: I2e1d6aa184142c2a3dc0415c0cd407573453cf41 /frameworks/base/core/java/android/os/storage/IMountService.java
ba51235ef5c598d845b77fcf14491329493da34f	13-Nov-2015	Jeff Sharkey <jsharkey@android.com>	More file-based encryption work. Add new "am unlock-user" command so we can trigger changes from the command line. Move FBE check to static method so it can safely be called early during boot before the mount service is ready. Move FBE emulation to persisted system property, and start reading/writing that value. Change default permission grants to ignore current encryption-aware flags, since many of the target apps aren't crypto aware. Always prepare package data directories, which is how we create the new "user_de" paths during boot. Bug: 22358539 Change-Id: I6f58ea2d34b3a466d3775d614f8a13de92272621 /frameworks/base/core/java/android/os/storage/IMountService.java
9e8d9e250b4e3fe8e57072072ed84b5dea0a19d3	13-Nov-2015	Daichi Hirono <hirono@google.com>	Add a mehtod definition to StorageManager for appfuse. BUG=25091416 Change-Id: Id4d4a000daf89fab4917528fcd0d1270547fbfa4 /frameworks/base/core/java/android/os/storage/IMountService.java
f9fc6d6cc05595241bc7ced6d4cab97b45f9b901	09-Nov-2015	Jeff Sharkey <jsharkey@android.com>	More file-based encryption work. Add granular StorageManager APIs for key creation/destruction and unlocking/locking. Start passing through an opaque token as part of the unlock command, but leave it empty for now. We now have a separate "prepare" method that sanity checks that user directories are correctly setup. Define a handful of system properties used for marking devices that should be operating in FBE mode, and if they're emulating FBE. Wire a command to "sm", but persisting will come later. Start using new "encryptionAware" flag on apps previously marked with coreApp flag, which were apps running in the legacy CryptKeeper model. Small tweaks to handle non-encryptionAware voice interaction services. Switch PackageManager to consult StorageManager about the unlocked state of a user. Bug: 22358539 Change-Id: Ic2865f9b81c10ea39369c441422f7427a3c3c3d6 /frameworks/base/core/java/android/os/storage/IMountService.java
6bcc32504f3b9c40b33718599a6ff8186a9669f4	05-Nov-2015	Paul Lawrence <paullawrence@google.com>	Fix build Change-Id: I0ebff8e41c2aa5bec2466d075d9143a5a525e02d /frameworks/base/core/java/android/os/storage/IMountService.java
9548b380d98cf5fe2e3b0102e283e5e3b39a8968	05-Nov-2015	Paul Lawrence <paullawrence@google.com>	Merge "Add developer option to convert from FDE to FBE"
3806d9c562c4391dd523a18145a76c8e359061c3	29-Oct-2015	Paul Lawrence <paullawrence@google.com>	Add developer option to convert from FDE to FBE This set of changes adds the screen that offers this conversion, and the plumbing so the option is only available on suitable devices. It does not implement the conversion mechanism.Add conversion from FDE to FBE Change-Id: Idf7bc834f30b3d1b0473e0a53c985ef01dd0ad18 /frameworks/base/core/java/android/os/storage/IMountService.java
965da39942f9a8736f785f7c57a6c351a8c89d6b	28-Oct-2015	Clara Bayarri <clarabayarri@google.com>	Create a File Based Encryption check API Change-Id: Ibf41f98818ea801b9f690200c340be80c3b9bf31 /frameworks/base/core/java/android/os/storage/IMountService.java
4b76c496c6a47bc451ccbc024b94b271c5c69313	29-Jul-2015	Jeff Sharkey <jsharkey@google.com>	am 7412dfe9: am 3f6c3849: am 170235a3: am acfaa947: am b8040265: Merge "Give secondary users read-only physical cards." into mnc-dev * commit '7412dfe98daaf76377fc5d08e8b9bf994455b2a3': Give secondary users read-only physical cards.
acfaa947f45ce1ea8140c2dc52d5f750dbc0a94d	29-Jul-2015	Jeff Sharkey <jsharkey@google.com>	am b8040265: Merge "Give secondary users read-only physical cards." into mnc-dev * commit 'b8040265dd0d5a2a96e0850623647dad2f528db1': Give secondary users read-only physical cards.
4634987668eb7e1fa1434bddbde969ef43de6b40	28-Jul-2015	Jeff Sharkey <jsharkey@android.com>	Give secondary users read-only physical cards. Long ago, we mounted secondary physical cards as readable by all users on the device, which enabled the use-case of loading media on a card and viewing it from all users. More recently, we started giving write access to these secondary physical cards, but this created a one-directional channel for communication across user boundaries; something that CDD disallows. This change is designed to give us the best of both worlds: the package-specific directories are writable for the user that mounted the card, but access to those "Android" directories are blocked for all other users. Other users remain able to read content elsewhere on the card. Bug: 22787184 Change-Id: Ied8c98995fec1b7b50ff7d930550feabb4398582 /frameworks/base/core/java/android/os/storage/IMountService.java
fbb4a38c7cc8ddb313c588f8d29bfcda5c0609c2	14-Jul-2015	Ian Pedowitz <ijpedowitz@google.com>	resolved conflicts for merge of 30efac5a to master Change-Id: I0dad4cf10ed01cbf49e33f0c2ed1d6f8a1c893e0
d2c9d0d92c0d9c44d34b4f014fb3a434377d8518	14-Jul-2015	Paul Crowley <paulcrowley@google.com>	Revert "am 8ae629f6: am 63690fa5: am 140ff7a5: am bac3d093: Merge "Delete the user key when deleting a user." into mnc-dr-dev" This reverts commit c5da3fe1de36c231b8b1ac2aa07c2bf880af7b91, reversing changes made to d884b41331fa486d5e4b02df725e37a497b08cc9. /frameworks/base/core/java/android/os/storage/IMountService.java
c5da3fe1de36c231b8b1ac2aa07c2bf880af7b91	14-Jul-2015	Paul Crowley <paulcrowley@google.com>	am 8ae629f6: am 63690fa5: am 140ff7a5: am bac3d093: Merge "Delete the user key when deleting a user." into mnc-dr-dev * commit '8ae629f6cbda2ad55a1b6f3f508a04dc348ed796': Delete the user key when deleting a user.
d7be214ca469c593d8a59cf7404020f4ad1aaed9	14-Jul-2015	Ian Pedowitz <ijpedowitz@google.com>	resolved conflicts for merge of 8cee6587 to mnc-dr-dev Change-Id: I0b2ed52214bb097d7fd69434afd0c6c890b5afb3
6ee871e59812fea4525c50231f677c4bd10c74b8	10-Jul-2015	Svet Ganov <svetoslavganov@google.com>	Teach storage appops. For modern apps targeting M SDK and up the external storage state is deterined by granted permissions. For apps targeting older SDK the storage access is determined by app ops correspning to the storage permissions as the latter are always granted. When app ops change we do not remount as we kill the app process in both cases enabling and disabling an app op since legacy code is not prepared for dynamic behavior where an operation that failed may next succeed. Hence, we remount when we start the app. For modern apps we don't kill the app process on a permission grant, therefore we synchronously remount the app storage. bug:22104923 Change-Id: I601c19c764a74c2d15bea6630d0f5fdc52bf6a5a /frameworks/base/core/java/android/os/storage/IMountService.java
7ec733fad39ff9e439a67c9cf51b88bc84cdfda0	19-May-2015	Paul Crowley <paulcrowley@google.com>	Delete the user key when deleting a user. Bug: 19706593 (cherry-picked from commit 85e4e818d83dbc65b1e6e3ed9d39c656188acaec) Change-Id: Icc6d53a99558317b2ec154f931e481ad9fe64aa3 /frameworks/base/core/java/android/os/storage/IMountService.java
bcf48ed2262d655ebf59153dea645ca761b73db5	22-Apr-2015	Paul Crowley <paulcrowley@google.com>	Use mount service to create user dirs. Bug: 19704432 (cherry-picked from commit 9102f5d953fbde03e12f385b2225004edc43d202) Change-Id: I64a2c85beef115158feed3953deae32f692e750f /frameworks/base/core/java/android/os/storage/IMountService.java
aedb56fd18487d7a34b8ea9f09e4a717afa75a1e	26-Jun-2015	Jeff Sharkey <jsharkey@android.com>	Merge commit 'b02c73d5' into manualmerge Change-Id: I3ec37c9d45d685c2393087bdefa6ab512cc70062
9527b223a9d4a4d149bb005afc77148dbeeff785	25-Jun-2015	Jeff Sharkey <jsharkey@android.com>	Let's reinvent storage, yet again! Now that we're treating storage as a runtime permission, we need to grant read/write access without killing the app. This is really tricky, since we had been using GIDs for access control, and they're set in stone once Zygote drops privileges. The only thing left that can change dynamically is the filesystem itself, so let's do that. This means changing the FUSE daemon to present itself as three different views: /mnt/runtime_default/foo - view for apps with no access /mnt/runtime_read/foo - view for apps with read access /mnt/runtime_write/foo - view for apps with write access There is still a single location for all the backing files, and filesystem permissions are derived the same way for each view, but the file modes are masked off differently for each mountpoint. During Zygote fork, it wires up the appropriate storage access into an isolated mount namespace based on the current app permissions. When the app is granted permissions dynamically at runtime, the system asks vold to jump into the existing mount namespace and bind mount the newly granted access model into place. Bug: 21858077 Change-Id: I62fb25d126dd815aea699b33d580e3afb90f8fd2 /frameworks/base/core/java/android/os/storage/IMountService.java
85e4e818d83dbc65b1e6e3ed9d39c656188acaec	19-May-2015	Paul Crowley <paulcrowley@google.com>	Delete the user key when deleting a user. BUG=19706593 Change-Id: I36ec1b987f5a07450c6a564c74f124ec8d3403ad /frameworks/base/core/java/android/os/storage/IMountService.java
9102f5d953fbde03e12f385b2225004edc43d202	22-Apr-2015	Paul Crowley <paulcrowley@google.com>	Use mount service to create user dirs. Bug: 19704432 Change-Id: Iee037ca653482b0ee7bf59c7ba193c75411fe42f /frameworks/base/core/java/android/os/storage/IMountService.java
4c099d0c49c8366efd3c26854465b3ceef49b627	15-May-2015	Jeff Sharkey <jsharkey@android.com>	Command to change force adoptable state. Since user builds can't setprop, add an explicit "sm" verb to change the force adoptable state. Bug: 21191915 Change-Id: I719d9b18c1a98c97442a5ddb1cc5512e8e4d3d3f /frameworks/base/core/java/android/os/storage/IMountService.java
9756d75ec28844f5ca30fda786a117c1a0ee88da	15-May-2015	Jeff Sharkey <jsharkey@android.com>	Initial pass at storage benchmarks. Offer an interface for Settings to invoke benchmarks on various attached volumes. Bug: 21172095 Change-Id: I847ddc87c58285457d1324be87f70ce10507accb /frameworks/base/core/java/android/os/storage/IMountService.java
7d2af54a98358e9dea96f879ebd1ea915263522b	13-May-2015	Jeff Sharkey <jsharkey@android.com>	New "sm" shell tool to call StorageManager. Surface basic StorageManager commands through shell tool, like simple listing of disks and volumes, and commands like mounting and partitioning. The output is designed to be parsed by host-side testing tools, instead of relying on fragile dumpsys parsing. Bug: 19993667 Change-Id: I993e92ecf57996678965945f0ae648b392a77ea2 /frameworks/base/core/java/android/os/storage/IMountService.java
b36586a7c9b7718f33961406537e27bbd9b16211	27-Apr-2015	Jeff Sharkey <jsharkey@android.com>	Split some VolumeInfo state into VolumeRecord. VolumeRecord is a historical record of a volume that we've seen in the past. It's now surfaced outside the framework for SystemUI to drive the notifications that bug users to reinsert missing private volumes. Show progress notifications for both storage and package movement operations. Notify when an empty disk is inserted (no usable volumes) which launches into the normal format flow. Add API to forget volumes. Bug: 20275424, 20275424 Change-Id: I75602c17fdcd4d1f1f62324e1a08c4a33093eefa /frameworks/base/core/java/android/os/storage/IMountService.java
275e3e43f2fba72fa99001cafa2a70e5478fc545	25-Apr-2015	Jeff Sharkey <jsharkey@android.com>	Migrate primary external storage. Wire up through MountService to call down into vold. Watch for unsolicited events that report progress, including special value "82" that signals that copy has finished. We use this value to persist the volumeUuid in case of unexpected reboot, since it indicates the new volume is ready. Wire progress updates through existing callback pipeline. Update the volume mounting code to match against the persisted UUID when selecting the primary external storage. Bug: 19993667 Change-Id: Id46957610fb43517bbfbc368f29b7d430664590d /frameworks/base/core/java/android/os/storage/IMountService.java
620b32b316fd4f1bab4eef55ec8802d14a55e7dd	24-Apr-2015	Jeff Sharkey <jsharkey@android.com>	Package and storage movement callbacks. Since package and primary storage movement can take quite awhile, we want to have SystemUI surface progress and allow the Settings app to be torn down while the movement proceeds in the background. Movement requests now return a unique ID that identifies an ongoing operation, and interested parties can observe ongoing progress and final status. Internally, progress and status are overloaded so the values 0-100 are progress, and any values outside that range are terminal status. Add explicit constants for special-cased volume UUIDs, and change the APIs to accept VolumeInfo to reduce confusion. Internally the UUID value "null" means internal storage, and "primary_physical" means the current primary physical volume. These values are used for both package and primary storage movement destinations. Persist the current primary storage location in MountService metadata, since it can be moved over time. Surface disk scanned events with separate volume count so we can determine when it's partitioned successfully. Also send broadcast to support TvSettings launching into adoption flow. Bug: 19993667 Change-Id: Ic8a4034033c3cb3262023dba4a642efc6795af10 /frameworks/base/core/java/android/os/storage/IMountService.java
d95d3bfb2b28a4f21f3fdcd740160c9a61eb0363	15-Apr-2015	Jeff Sharkey <jsharkey@android.com>	Persist nickname and flags for volumes. StorageManager now offers to persist a nickname and user flags for active volumes. This metadata is kept around and spliced into any future VolumeInfo when the same UUID is present. Current user flags indicate "initialized" and "snoozed" states to control how notifications are shown. Notify listeners when metadata changes, and kick public notification after a volume is initialized. Make unique PendingIntents when multiple volumes are active. Beginnings of plumbing to ask for missing volumes. Offer explicit accessors for VolumeInfo and DiskInfo to give better path to documentation and deprecation. Bug: 19993667 Change-Id: I3d8b68be83f43ba992d21d51cad5b775776d681c /frameworks/base/core/java/android/os/storage/IMountService.java
7151a9a887051542c6da9f380376f3b306184e5c	05-Apr-2015	Jeff Sharkey <jsharkey@android.com>	Storage methods using IDs, update listeners. Add StorageManager methods that work with Disk and Volume IDs instead of paths which can change over time. For example, a freshly formatted volume has a different UUID and mount point, even though it's the same volume. Update StorageEventListener to be all one-way calls to avoid blocking while dispatching events. Add new listener method for Volume-level state changes. The existing state method will remain focused on the per-user state reflected by StorageVolume. Switch listeners over to using the more robust RemoteCallbackList pattern under the hood. Change external ASEC scanning logic in PackageManagerService to be driven by listener events, instead of explicit MountService calls. Bug: 19993667 Change-Id: I57c505de260ff1762a78d70d15f1892f40229210 /frameworks/base/core/java/android/os/storage/IMountService.java
1b8ef7e3165ff9aa52a4905dafc8d0f83e7403f9	04-Apr-2015	Jeff Sharkey <jsharkey@android.com>	Parcelable objects for Disk/Volume. Will eventually be used by SystemUI and/or Settings. Also fix SettingsProvider NPE. Bug: 19993667, 19909433 Change-Id: Ie326849ac5f43ee35f728d9cc0e332b72292db70 /frameworks/base/core/java/android/os/storage/IMountService.java
4887789e44cdb16b042a35e8ec03983213e88ac6	18-Mar-2015	Jeff Sharkey <jsharkey@android.com>	Progress towards dynamic storage support. Storage devices are no longer hard-coded, and instead bubble up from whatever Disk and VolumeBase that vold uncovered, turning into sibling Java objects in MountService. We now treat vold events as the source-of-truth for state, and synchronize our state by asking vold to "reset" whenever we reconnect. We've now moved to a model where all storage devices are mounted in the root mount namespace (user boundaries protected with GIDs), so we no longer need app-to-vold path translation. This also means that zygote only needs to bind mount the user-specific /mnt/user/n/ path onto /storage/self/ to make legacy paths like /sdcard work. This grealy simplifies a lot of system code. Many parts of the platform depend on a primary storage device always being present, so we hack together a stub StorageVolume when vold doesn't have a volume ready yet. StorageVolume isn't really a volume anymore; it's the user-specific view onto a volume, so MountService now filters and builds them based on the calling user. StorageVolume is now immutable, making it easier to reason about. Environment now builds all of its paths dynamically based on active volumes. Adds utility methods to turn int types and flags into user-readable strings for debugging purposes. Remove UMS sharing support for now, since no current devices support it; MTP is the recommended solution going forward because it offers better multi-user support. Simplify unmount logic, since vold will now gladly trigger EJECTING broadcast and kill stubborn processes. Bug: 19993667 Change-Id: I9842280e61974c91bae15d764e386969aedcd338 /frameworks/base/core/java/android/os/storage/IMountService.java
56e629322f0739a04c8ff48915226ecf36a13b44	22-Mar-2015	Jeff Sharkey <jsharkey@android.com>	Bring MountService into the SystemService world. Change-Id: I7f7db49ff373b199f7b81f184a7c62bee682af67 /frameworks/base/core/java/android/os/storage/IMountService.java
7265abe77a76f848a316640b5da106e882bdbc8a	21-Nov-2014	Christopher Tate <ctate@google.com>	Be increasingly aggressive about fstrim if it isn't being run The current heuristics depend on devices being alive at midnight+ in order to run periodic background fstrim operations. This unfortunately means that people who routinely turn their devices off overnight wind up with their devices never running fstrim, and this causes major performance and disk-life problems. We now backstop this very-friendly schedule with an increasingly aggressive one. If the device goes a defined time without a background fstrim, we then force the fstrim at the next reboot. Once the device hits the midnight+ idle fstrim request time, then we already aggressively attempt to fstrim at the first available moment thereafter, even if it's days/weeks later without a reboot. 'Available' here means charging + device idle. If the device never becomes idle then we can't do much without rendering an in-use device inoperable for some number of minutes -- but we have no evidence of devices ever failing to run fstrim due to this usage pattern. A new Settings.Global element (type 'long', called "fstrim_mandatory_interval") is the source of the backstop time. If this element is zero or negative, no mandatory boot-time fstrim will ever be performed. If the element is not supplied on a given device, the default backstop is 3 days. Adds a new string to display in the upgrading dialog when doing the fstrim. Note it is too late for this to be localized, but since this operation can take a long time it is probably better to have it show something even if not localized, rather than just sit there. Bug 18486922 Change-Id: I5b265ca0a65570fb8931251aa1ac37b530635a2c /frameworks/base/core/java/android/os/storage/IMountService.java
e2c88d39b2c5b33d55c42230db7899202625a96a	29-Aug-2014	Paul Lawrence <paullawrence@google.com>	Add constants so we can distinguish decryption failures Bug: 17213613 Change-Id: I6bc10a1ed0855f6946ea9eb2f8d2db00c1af327c /frameworks/base/core/java/android/os/storage/IMountService.java
941a8ba1a6043cf84a7bf622e44a0b4f7abd0178	21-Aug-2014	Jeff Sharkey <jsharkey@android.com>	Installing splits into ASECs! Sessions can now zero-copy data directly into pre-allocated ASEC containers. Then at commit time, we compute the total size of the final app, including any inherited APKs and unpacked libraries, and resize the container in one step. This supports both brand new ASEC installs and inheriting from existing ASEC installs. To keep things simple, it currently requires copying any inherited ASEC contents, but this could be optimized in the future. Expose new vold resize command, and allow read-write mounting of ASEC containers. Move native library extraction into the installer flow, since it needs to happen before ASEC is sealed. Move multiArch flag into NativeLibraryHelper, instead of making everyone pass it around. Migrate size calculation to shared location. Separate "other" package name in public API, provide a path to a storage device when relevant, and add more docs. Bug: 16514385 Change-Id: I06c6ce588d312ee7e64cce02733895d640b88456 /frameworks/base/core/java/android/os/storage/IMountService.java
9502f990899ef576879048ec5147d403158ad89d	10-Apr-2014	Paul Lawrence <paullawrence@google.com>	Merge "Allow encryption when keyguard is set to pattern or no protection"
46791e752ca1eca35e6a882c47d7de7f4f66687c	03-Apr-2014	Paul Lawrence <paullawrence@google.com>	Allow encryption when keyguard is set to pattern or no protection Add type parameter to encryptStorage so we can set type when we encrypt Depends on https://googleplex-android-review.git.corp.google.com/#/c/444056/ Circular dependency on: https://googleplex-android-review.git.corp.google.com/#/c/444201/ Bug: 13749169 Change-Id: I52034ec25de35f12f1bbfdd1b0f8584923a0be2e /frameworks/base/core/java/android/os/storage/IMountService.java
e51dcf98a4ddb1340cffba88059ad89f0b90909a	18-Mar-2014	Paul Lawrence <paullawrence@google.com>	Save OwnerInfo so CryptKeeper can display at boot time Requires vold change from https://googleplex-android-review.git.corp.google.com/#/c/435164/ Bug: 13526708 Change-Id: I33153df9961832f72c3b8103bd5e1d3a17e77df3 /frameworks/base/core/java/android/os/storage/IMountService.java
945490c12e32b1c13b9097c00702558260b2011f	27-Mar-2014	Paul Lawrence <paullawrence@google.com>	Don't double prompt on booting encrypted device vold will store password securely until KeyGuard requests it and hands it on to KeyStore. This is a revision of https://googleplex-android-review.git.corp.google.com/#/c/418123/ which was reverted. It had two bugs in LockSettingsService.checkVoldPassword. 1) We were not checking password for null, which caused an exception 2) checkPattern/checkPassword return true if there is no saved pattern or password. This leads to situations where we get true returned even when the password doesn't match. Call the correct one based on what is there, not what vold thinks ought to be there. Bug: 12990752 Change-Id: I05315753387b1e508de5aa79b5a68ad7315791d4 /frameworks/base/core/java/android/os/storage/IMountService.java
6ee7d25010d4f23b44a151f3953225ba253de8af	26-Mar-2014	Paul Lawrence <paullawrence@google.com>	Revert "Don't prompt at boot if we already did that when decrypting" This reverts commit 493e3e7e6523fd94cc1acae3e45935a1227d58c3. Should fixes Bug: 13611885 Bug: 13656830 Change-Id: I117c988bb6679f44f8add4fcc18f45cb8238dfb4 /frameworks/base/core/java/android/os/storage/IMountService.java
493e3e7e6523fd94cc1acae3e45935a1227d58c3	06-Feb-2014	Paul Lawrence <paullawrence@google.com>	Don't prompt at boot if we already did that when decrypting vold will store password securely until KeyGuard requests it and hands it on to KeyStore. Needs matching vold changes from https://googleplex-android-review.git.corp.google.com/#/c/432050/ Bug: 12990752 Change-Id: I930ed8180cf0b8feb1e58db043d5fb6dff1bab20 /frameworks/base/core/java/android/os/storage/IMountService.java
8e39736f91a08961cf59c87075e61d9026833b50	28-Jan-2014	Paul Lawrence <paullawrence@google.com>	Support default, pattern, pin and password encryption types Java plumbing to expose methods to get/set encryption type in IMountService, and hooking up of those methods to the Settings app so the type is set correctly. Needs matching vold changes from https://googleplex-android-review.googlesource.com/#/c/412649/ Bug: 8769627 Change-Id: I70c0ed72d11f5ab6f0958a7f9c101b6822b13baa /frameworks/base/core/java/android/os/storage/IMountService.java
2d8b4e801332e02d6aad615b85cc9dd056ef805c	18-Sep-2013	Jeff Sharkey <jsharkey@android.com>	Delegate mkdirs() to vold when lacking perms. Apps without sdcard_r or sdcard_rw are still able to write to their package-specific directory, but someone needs to first make that directory on their behalf. This change will delegate the mkdirs() call through to vold when an app fails to create directly. MountService validates that the path belongs to the calling user, and that it's actually on external storage, before passing to vold. Update Environment to make app-vs-vold paths clearer. Bug: 10577808 Change-Id: I43b4a77fd6d2b9af2a0d899790da8d9d89386776 /frameworks/base/core/java/android/os/storage/IMountService.java
4fbbda4cecb078bd3867f416b02cc75f5455284f	25-Sep-2012	Jeff Sharkey <jsharkey@android.com>	Handle multi-user mountObb() requests. Since emulated external storage paths differ based on execution context, carefully fix up paths for various use-cases: 1. When sending paths to DefaultContainerService, always scope OBB paths as belonging to USER_OWNER. 2. When sending paths to vold, always build emulated storage paths visible to root. 3. Always use the original untouched path when talking with apps. Mount OBB containers using shared app GID, so that an app can read the mount point across users. Handle legacy paths like "/sdcard" by resolving the canonical path before sending to MountService. Move tests to servicestests, and add tests for new path generation logic. Bug: 7212801 Change-Id: I078c52879cd08d9c8a52cc8c83ac7ced1e8035e7 /frameworks/base/core/java/android/os/storage/IMountService.java
b049e212ab7fe8967893c202efcb30fecfdb82fb	08-Sep-2012	Jeff Sharkey <jsharkey@android.com>	Include user identifier in external storage paths. When building external storage paths, always include user in path to enable cross-user paths and aid debugging. Each Zygote process continues to only have access to the appropriate user-specific emulated storage through bind mounts. A second set of mounts continue supporting legacy /sdcard-style paths. For example, a process running as owner has these mount points: /storage/emulated_legacy /storage/emulated_legacy/Android/obb /storage/emulated/0 /storage/emulated/obb Since Environment is created before Zygote forks, we need to update its internal paths after each process launches. Bug: 7131382 Change-Id: I6f8c6971f2a8edfb415c14cb4ed05ff97e587a21 /frameworks/base/core/java/android/os/storage/IMountService.java
51a573c76737733638c475f52e441c814e6645cc	17-May-2012	Kenny Root <kroot@google.com>	Wait for ASECs to be scanned before proceeding Move MountService up the list, then pause waiting for MountService to finish scanning ASECs before the services that require those packages to be ready. Additionally, don't automatically mark all ASEC apps as FLAG_EXTERNAL on reboot. This prevents AppWidgets and other things from being used with ASECs which are on internal storage. Bug: 6445613 Change-Id: I3e0b3e244fec966814d7a5ea93de5d337aea79bd /frameworks/base/core/java/android/os/storage/IMountService.java
6dceb88f1c7c42c6ab43834af2c993d599895d82	12-Apr-2012	Kenny Root <kroot@google.com>	Allow forward locked apps to be in ASECs We couldn't put forward-locked apps in ASEC containers before since we didn't have any permissioned filesystems. This adds the ability for forward-locked applications to be in ASEC containers. This means that forward locked applications will be able to be on the SD card now. This change also removes the old type of forward-locking that placed parts of apps in /data/app-private. Now all forward-locked applications will be in ASEC containers. Change-Id: I17ae0b0d65a4a965ef33c0ac2c47e990e55707ad /frameworks/base/core/java/android/os/storage/IMountService.java
32418be49e5b61c2e9281528cb8fb67939e301e8	10-Oct-2011	Christopher Tate <ctate@google.com>	Require device encryption password to perform adb backup/restore This supersedes any backup-password that the user might supply. Per design, the device encryption password is also always used to encrypt the backup archive. The CL introduces two new strings, used for prompting the user for their device encryption password rather than their settings-defined "backup password" when confirming a full backup or restore operation. Bug 5382487 Change-Id: I0b03881b45437c944eaf636b6209278e1bba7a9f /frameworks/base/core/java/android/os/storage/IMountService.java
13c7197da8a16f77f6398708a6314c80cb01e0d1	08-Sep-2011	Ben Komalo <benkomalo@google.com>	Revert encryption mapping for device wipes. External storage volumes that were emulated+encrypted needed to have their encryption mapping removed so that it doesn't try to encrypt the volume after formatting them. This just wires through an argument through vold, and assumes that vold will do the right thing even if there is no encryption mapping set. Bug: 5017638 Change-Id: I858fae3d12cb415bc34637f520f71220ad9daaad /frameworks/base/core/java/android/os/storage/IMountService.java
444eca232964dbf27d0c4d01447c1493f89186e0	02-Sep-2011	Ben Komalo <benkomalo@google.com>	Expose getting encryptstate through IMountService - this really just calls cryptfs cryptocomplete - needed so that UI logic can present a factory reset option if encryption screwed up Bug: 3384231 Change-Id: I553de87f0d03a65851030c9c5266e85866d30fa6 /frameworks/base/core/java/android/os/storage/IMountService.java
292f8bc9d1b790ab975a87a842c7fabc908b97e0	28-Jun-2011	Dianne Hackborn <hackbod@google.com>	Plumb information from the framework about asec container size. Change-Id: Ie0ec3cb6d463aefa341a8cbea80be790451ba5e3 /frameworks/base/core/java/android/os/storage/IMountService.java
2f6a3885533a52758c2cd4f81f6123a712be8ae6	10-May-2011	Mike Lockwood <lockwood@android.com>	StorageManager: Clean up and generalize storage configuration resources Replace config_emulateExternalStorage, config_externalStorageRemovable, config_externalStoragePaths, config_externalStorageDescriptions and config_mtpReserveSpaceMegabytes resources with an XML resource file to describe the external storages that are available. Add android.os.storage.StorageVolume class StorageManager.getVolumeList() now returns an array of StorageVolume Change-Id: I06ce1451ebf08b82f0ee825d56d59ebf72eacd3d Signed-off-by: Mike Lockwood <lockwood@android.com> /frameworks/base/core/java/android/os/storage/IMountService.java
d967f4664f40f9a4c5262a44b19df9bbdf457d8a	24-Mar-2011	Mike Lockwood <lockwood@android.com>	DO NOT MERGE StorageManager: Add getVolumeList() and getVolumeState() methods Change-Id: I43d5c1730b340f1288b58012234b38f801001b71 Signed-off-by: Mike Lockwood <lockwood@android.com> /frameworks/base/core/java/android/os/storage/IMountService.java
f7b3cd4efd40b7631f36ea014407a850f7dc637e	27-Jan-2011	Jason parks <jparks@google.com>	Update the encryption password when the device password is changed. * Added changeEncryptionPassword() to the MountService. * Update LockPatternUtils to call changeEncryptionPassword() when the password is changed. Note we only require the new password to change the encryption password. Bug: 3382129 Change-Id: I26a7e919e325e75e22fa4290da0a8b1b57b55a80 /frameworks/base/core/java/android/os/storage/IMountService.java
56aa5321fe6f00fa3662e6f46a4b2559aa34f63e	07-Jan-2011	Jason parks <jparks@google.com>	Add a method enable encryption. This is for testing and needs to be cleaned up. Change-Id: I29958f2a95c7773744e61bbd23a302b752614f87 /frameworks/base/core/java/android/os/storage/IMountService.java
5af0b916f850486cff4797355bf9e7dc3352fe00	29-Nov-2010	Jason parks <jparks@google.com>	Add decryption support to MountService. * Implement the decryptStorage() method on the Mount Service. This method makes the calls into vold to decrypt the encrypted volumes and mount them. Change-Id: I4f6e07a111cf0b36611d590debf9f6579c5ac5f7 /frameworks/base/core/java/android/os/storage/IMountService.java
0a9b54e88b9cbb30748b5f0b331aec3f3ef8d639	14-Oct-2010	Kenny Root <kroot@google.com>	resolved conflicts for merge of 8bb7a1df to master Change-Id: Ieec036f494a54eab74a27b954d1423bf981dd3f9
e1ff214e32ed5c546a7603b07b054908c4d93312	12-Oct-2010	Kenny Root <kroot@google.com>	Add API to check for emulated external storage When the storage is emulated, we don't want to install ASEC containers to it. This adds the API to check when the external storage is emulated and uses it to check whether or not to install packages to the external storage in an ASEC container. Bug: 3024387 Change-Id: Ia0318aca9e4938a4897deaada5603a4c7c1d0f48 /frameworks/base/core/java/android/os/storage/IMountService.java
af9d667ccf3e24058214cf4cc0a8aa8bc5100e3c	08-Oct-2010	Kenny Root <kroot@google.com>	OBB: rearrange to be entirely asynchronous Rearrange structure of MountService handling of OBBs to be entirely asynchronous so we don't rely on locking as much. We still need the locking to support dumpsys which has been improved to output all the data structures for OBBs. Added more tests to cover more of the error return codes. Oh and fix a logic inversion bug. Change-Id: I34f541192dbbb1903b24825889b8fa8f43e6e2a9 /frameworks/base/core/java/android/os/storage/IMountService.java
be857d42849eaaa554d4772dbba7755f8a0f3547	19-Aug-2010	Kenny Root <kroot@google.com>	Reorganize MountService IPC Remove auto-generated AIDL files and replace them with manually edited .java and .cpp/.h files so that binder calls can be made from either Java or C++. Update the makefiles to not attempt to generate the AIDL files and also remove the old auto-generated .java files. Put all the storage-related C++ things in libstorage so that we don't pollute other libraries. Change-Id: I82d1631295452709f12ff1270f36c3100e652806 /frameworks/base/core/java/android/os/storage/IMountService.java