c096c9c65ffd4485f137d1b90cffe280cf96fbc6 |
|
24-May-2016 |
Paul Lawrence <paullawrence@google.com> |
Get encryption mode for policy Get encryption mode from the file saved out in vold Bug: 28905864 Change-Id: I472a5f3f5f348943a968373910de23ad1b20b138
/system/extras/ext4_utils/ext4_crypt_init_extensions.cpp
|
4818b73cf845e05c6b14afb07e38da0b6720865a |
|
24-May-2016 |
Paul Lawrence <paullawrence@google.com> |
Revert "Add fileencrypted=software/ice to fstab options" This reverts commit e8299d81a18d16b006019f37ec9d84921d5ff845. Bug: 28905864 Change-Id: I077f1ce7337c7ff42be67fb7acbb80ce5ee9b9ba
/system/extras/ext4_utils/ext4_crypt_init_extensions.cpp
|
e8299d81a18d16b006019f37ec9d84921d5ff845 |
|
05-May-2016 |
Paul Lawrence <paullawrence@google.com> |
Add fileencrypted=software/ice to fstab options Bug: 28616054 Change-Id: I34257870d388993d168f6541ef51ee2ce1067a7e
/system/extras/ext4_utils/ext4_crypt_init_extensions.cpp
|
8d53b9619ba913354ffdb23acf0108f7445bb8bc |
|
27-Apr-2016 |
Paul Crowley <paulcrowley@google.com> |
Fail with an error if we can't read the policy for encryption The absence of a policy reference in the unencrypted directory now causes e4crypt_set_directory_policy to fail with an error. Callers should call e4crypt_is_native (now moved into here) before calling this. Bug: 28318405 Change-Id: I209292aba3abad3b19105c9afe2b84e8b3dd6874
/system/extras/ext4_utils/ext4_crypt_init_extensions.cpp
|
8b11474652db4f2b7b5c979259619764842175b8 |
|
09-Feb-2016 |
Paul Lawrence <paullawrence@google.com> |
Encrypt /data/misc Now we have a workaround for 26989796 (we don't touch /data/misc/vold thanks to: https://googleplex-android-review.git.corp.google.com/#/c/862867 ) we can check this in and remove the need for a data wipe when we land the proper kernel fix for this issue (stop caching negative file lookups through a key change) Bug: 26989796 Change-Id: I83e6b8395b2c6a607b692dc9cf71183b13680071
/system/extras/ext4_utils/ext4_crypt_init_extensions.cpp
|
78efe41174950783e39782c71ff8382f851bb487 |
|
03-Feb-2016 |
Jeff Sharkey <jsharkey@android.com> |
Add methods to get and ensure encryption policy. The ensure call will either assign an encryption policy, or verify that an existing policy matches the expected value. Uses the new logging library so that customers can pivot logs into whatever location they want: vold into logcat and init into dmesg. Also add new directories that will have user-specific encryption policy set on them so we avoid setting the default policy. Bug: 25796509 Change-Id: Ia535630092822c80cde0939d8e46e6b47d9be2d8
/system/extras/ext4_utils/ext4_crypt_init_extensions.cpp
|
59ffd6d9c7dd3ddaa036956d89c3e4d416769bf6 |
|
04-Feb-2016 |
Paul Lawrence <paullawrence@google.com> |
Remove unencrypted properties Change-Id: I59596be7c7df9151f4966a5051f06bcb087345dd
/system/extras/ext4_utils/ext4_crypt_init_extensions.cpp
|
c04a424727e3f6b427da5e0666bb879ce7eef340 |
|
01-Feb-2016 |
Paul Crowley <paulcrowley@google.com> |
Merge "Give init the means to invoke "cryptfs init_user0""
|
facc16251cd66bdd229c9429818d8f0b7daa8a02 |
|
01-Feb-2016 |
Paul Crowley <paulcrowley@google.com> |
Give init the means to invoke "cryptfs init_user0" Init needs to initialize user 0 for FBE devices via a vdc command. Bug: 26704408 Change-Id: Ide6d1fdcb55e87c22820310c6d1cf9640e77d25e
/system/extras/ext4_utils/ext4_crypt_init_extensions.cpp
|
e0b351bc2ccdd92068ba269c5346256f0b3ec49e |
|
28-Jan-2016 |
Paul Crowley <paulcrowley@google.com> |
Add support for per-user DE keys. Bug: 26704408 Change-Id: I41b2d0641cce8db9e6b98e6e2f0c635426b1d1e2
/system/extras/ext4_utils/ext4_crypt_init_extensions.cpp
|
f50af65122389079aeb4fa68819075768a530bb4 |
|
20-Jan-2016 |
Paul Crowley <paulcrowley@google.com> |
Remove no-longer-needed crypto init builtins Changes to the way FBE works to support lifecycles mean that these commands aren't needed any more. Bug: 22358539 Change-Id: I974f32c83c344403d5117bc02b7d67771123abaa
/system/extras/ext4_utils/ext4_crypt_init_extensions.cpp
|
e599e047ad60385d34f983561ac33e6fb33b3d13 |
|
19-Jan-2016 |
Paul Crowley <paulcrowley@google.com> |
Exclude several more directories in /data from encryption Several directories need to be unencrypted so that policy can be set on their subdirectories, so exclude them all from device-level encryption. This also excludes /data/misc, which must be encrypted for security. However a weird bug with a disappearing /data/misc/vold was blocking my development, so I included it here in order to make progress. See b/26673855 Bug: 22358539 Change-Id: Ied67264a42cc8f911c5ecb4acc5e2b650b8d06a7
/system/extras/ext4_utils/ext4_crypt_init_extensions.cpp
|
3045e27e894dd8a90faabc0177e080114b35af3b |
|
09-Dec-2015 |
Paul Lawrence <paullawrence@google.com> |
Add createuserkey Add createuserkey so we can create user0 key on first boot Change-Id: I211a5a483c416da08239341f85eaf6eb99dca797
/system/extras/ext4_utils/ext4_crypt_init_extensions.cpp
|
f939fe30e92270112946ec1ee57f24ab5a34def9 |
|
11-Nov-2015 |
Jeff Sharkey <jsharkey@android.com> |
Special-case for credential encrypted system dir. Bug: 22358539 Change-Id: I85a3b9df6047fb716ba4f82583d53687c51bf590
/system/extras/ext4_utils/ext4_crypt_init_extensions.cpp
|
883d7a7d08cae35d8a1479c4d5b40d2d8fa3ff5c |
|
12-Aug-2015 |
Dan Albert <danalbert@google.com> |
am 89a2254a: Merge "Add missing include." * commit '89a2254abae3f427aa85fb3a3afe9a27cdfad68d': Add missing include.
|
019954add8af22d618ae3b68529a3f941a17f2bf |
|
12-Aug-2015 |
Dan Albert <danalbert@google.com> |
Add missing include. Used to be transitively included by libc++. Change-Id: I07497ccc9bbcf3370b065876d91aed760c5f6118
/system/extras/ext4_utils/ext4_crypt_init_extensions.cpp
|
dd22cb338ad59a4766e9ee47936f1e10b386e128 |
|
16-Jul-2015 |
Paul Lawrence <paullawrence@google.com> |
Actually encrypt stuff Fix really dumb error in checkin https://googleplex-android-review.git.corp.google.com/#/c/728542 This did the opposite of what I want Bug: 22502319 Change-Id: I502c9b62d127e6221bbc5ff1a209cb0312ec943f
/system/extras/ext4_utils/ext4_crypt_init_extensions.cpp
|
65df483af2efcb2ab9fd82ae53f9aeaa55f0cebd |
|
16-Jul-2015 |
Paul Lawrence <paullawrence@google.com> |
Don't encrypt lost+found ext4 encryption doesn't like it, and the kernel crashes. Also fix a formatting error in logs. Bug: 22478103 Change-Id: Ia25f4b0c1c9eeb20e39b795c7827c5bd1a11cb6a
/system/extras/ext4_utils/ext4_crypt_init_extensions.cpp
|
e92c682fb37a21a38406281f3038c5168fd26b3e |
|
28-May-2015 |
Paul Crowley <paulcrowley@google.com> |
Improve error logging. Bug: 19704432 Change-Id: I697ec4ef879b522d073e5eacc49665479f082ae9
/system/extras/ext4_utils/ext4_crypt_init_extensions.cpp
|
45f1a1fd1f1cea461abea44de4b0696b6c45767f |
|
28-May-2015 |
Paul Crowley <paulcrowley@google.com> |
Add e4crypt_set_user_crypto_policies, calls vdc setusercryptopolicies Bug: 19704432 (cherry picked from commit 09d3fdffad0ccbed36f0ece966e85aed23c626d7) Change-Id: Ib7ef9365063ed69774169b22071f2a42d2f5ef21
/system/extras/ext4_utils/ext4_crypt_init_extensions.cpp
|
15e73f525c38d9ccdf8806a6227e83867b8e259b |
|
06-May-2015 |
Paul Crowley <paulcrowley@google.com> |
Don't apply default encryption to /data/user, it should get per-user encryption. Bug: 19704432 (cherry-picked from commit 0050336a0a19019a68374b9eef51e00d6b242f57) Change-Id: I646f3408ccc06f580d62a2f90f7b895288585396
/system/extras/ext4_utils/ext4_crypt_init_extensions.cpp
|
2fa9e939581d944f0204291c53356d6b8c3a938f |
|
12-Jun-2015 |
Paul Lawrence <paullawrence@google.com> |
Retry polling to prevent failures Change-Id: I182ee7f70c5a96bbcdb0fc9e35df67c45a937757
/system/extras/ext4_utils/ext4_crypt_init_extensions.cpp
|
b411bcc138293db5e09c1f5af638115b3c7c18f8 |
|
03-Jun-2015 |
Paul Lawrence <paullawrence@google.com> |
Move crypt commands to a different listener in vold In order to prevent this bug from happening, we must allow vold cryptfs commands to complete while a long running mount is underway. While waiting for vold to be changed to a binder interface, we will simply create two listeners, one for cryptfs and one for everything else. Bug: 19197175 Change-Id: Id87764ed68c169fc6b94ea4f4f7a51a7ec9c7564
/system/extras/ext4_utils/ext4_crypt_init_extensions.cpp
|
af02e8aa9164f723a0c2a421a97c227c5adff4c2 |
|
01-May-2015 |
Paul Lawrence <paullawrence@google.com> |
DO NOT MERGE New faster file open kernel (chery-picked from commit b01dc1c52ec0a4ec5e07a18ffb5b105a997cc329) Bug: 18151196 Change-Id: Icdb3d9afa1db125102d01cd06f45dbc99ca78021
/system/extras/ext4_utils/ext4_crypt_init_extensions.cpp
|
a47a1331f75433fe25e3f57ffdecea92f7e48425 |
|
05-May-2015 |
Paul Lawrence <paullawrence@google.com> |
DO NOT MERGE Use default key permissions for ext4enc (cherry-picked from commit 478a01d6f2081f7807b99774d005fee373847f23) As per discussion default permissions are the correct ones. Note that since we use logon keys, they cannot be read outside the kernel. Note also that we limit who can read/write keys in selinux policy. Bug: 18151196 Change-Id: I15dc0de92643ae1472b0cde79c464fb3e1a1d453
/system/extras/ext4_utils/ext4_crypt_init_extensions.cpp
|
db1d49c70eec489cf3d60a4ec70a8e7c0f3f2b76 |
|
10-Apr-2015 |
Paul Lawrence <paullawrence@google.com> |
DO NOT MERGE New ext4enc kernel switching from xattrs to ioctl (cherry-picked from commit 9f53fb4abca1ee3af7b537c95445161db4b81f86) This is one of three changes to enable this functionality: https://android-review.googlesource.com/#/c/146259/ https://android-review.googlesource.com/#/c/146264/ https://android-review.googlesource.com/#/c/146265/ Bug: 18151196 Change-Id: I05b96f49b8848e82484a500e4536bdb4d2cdd635
/system/extras/ext4_utils/ext4_crypt_init_extensions.cpp
|
bc2eb8c3fd621605ff1ccaed04a71e6685acc974 |
|
29-Apr-2015 |
Paul Lawrence <paullawrence@google.com> |
DO NOT MERGE Securely encrypt the master key (cherry-picked from commit 377cd1957172c19ee21baa3d6bda0840f1ce020d) Move all key management into vold Reuse vold's existing key management through the crypto footer to manage the device wide keys. Use ro.crypto.type flag to determine crypto type, which prevents any issues when running in block encrypted mode, as well as speeding up boot in block or no encryption. This is one of four changes to enable this functionality: https://android-review.googlesource.com/#/c/148586/ https://android-review.googlesource.com/#/c/148604/ https://android-review.googlesource.com/#/c/148606/ https://android-review.googlesource.com/#/c/148607/ Bug: 18151196 Change-Id: I7a4ef3f3a937c45ff18f17c9ad1398293a8630f3
/system/extras/ext4_utils/ext4_crypt_init_extensions.cpp
|
0050336a0a19019a68374b9eef51e00d6b242f57 |
|
06-May-2015 |
Paul Crowley <paulcrowley@google.com> |
Don't apply default encryption to /data/user, it should get per-user encryption. Bug: 19704432 Change-Id: I4eb8b6a966c3923f5222dfc068d7a3aef2b23adb
/system/extras/ext4_utils/ext4_crypt_init_extensions.cpp
|
478a01d6f2081f7807b99774d005fee373847f23 |
|
05-May-2015 |
Paul Lawrence <paullawrence@google.com> |
Use default key permissions for ext4enc As per discussion default permissions are the correct ones. Note that since we use logon keys, they cannot be read outside the kernel. Note also that we limit who can read/write keys in selinux policy. Bug: 18151196 Change-Id: I15dc0de92643ae1472b0cde79c464fb3e1a1d453
/system/extras/ext4_utils/ext4_crypt_init_extensions.cpp
|
b01dc1c52ec0a4ec5e07a18ffb5b105a997cc329 |
|
01-May-2015 |
Paul Lawrence <paullawrence@google.com> |
New faster file open kernel Bug: 18151196 Change-Id: Icdb3d9afa1db125102d01cd06f45dbc99ca78021
/system/extras/ext4_utils/ext4_crypt_init_extensions.cpp
|
9f53fb4abca1ee3af7b537c95445161db4b81f86 |
|
10-Apr-2015 |
Paul Lawrence <paullawrence@google.com> |
New ext4enc kernel switching from xattrs to ioctl This is one of three changes to enable this functionality: https://android-review.googlesource.com/#/c/146259/ https://android-review.googlesource.com/#/c/146264/ https://android-review.googlesource.com/#/c/146265/ Bug: 18151196 Change-Id: I05b96f49b8848e82484a500e4536bdb4d2cdd635
/system/extras/ext4_utils/ext4_crypt_init_extensions.cpp
|
377cd1957172c19ee21baa3d6bda0840f1ce020d |
|
29-Apr-2015 |
Paul Lawrence <paullawrence@google.com> |
Securely encrypt the master key Move all key management into vold Reuse vold's existing key management through the crypto footer to manage the device wide keys. Use ro.crypto.type flag to determine crypto type, which prevents any issues when running in block encrypted mode, as well as speeding up boot in block or no encryption. This is one of four changes to enable this functionality: https://android-review.googlesource.com/#/c/148586/ https://android-review.googlesource.com/#/c/148604/ https://android-review.googlesource.com/#/c/148606/ https://android-review.googlesource.com/#/c/148607/ Bug: 18151196 Change-Id: I7a4ef3f3a937c45ff18f17c9ad1398293a8630f3
/system/extras/ext4_utils/ext4_crypt_init_extensions.cpp
|
ea2ec8875c9b024613d3ec5270bca6247c06d6bd |
|
28-Apr-2015 |
Paul Lawrence <paullawrence@google.com> |
Revert "Securely encrypt the master key" This reverts commit af2359fdc4a45fcf482d1a316bae1fff226c425b. Change-Id: Icd4d04adf5c0728357caa6eb225b9a08fd0ad552
/system/extras/ext4_utils/ext4_crypt_init_extensions.cpp
|
af2359fdc4a45fcf482d1a316bae1fff226c425b |
|
31-Mar-2015 |
Paul Lawrence <paullawrence@google.com> |
Securely encrypt the master key Move functionality from init into vold so we can use vold to manage key encryption This is one of four changes to enable this functionality: https://android-review.googlesource.com/#/c/144586/ https://android-review.googlesource.com/#/c/144663/ https://android-review.googlesource.com/#/c/144672/ https://android-review.googlesource.com/#/c/144673/ Bug: 18151196 Change-Id: I4a1c79d27f0d225a9ce4ac21653279919f75c991
/system/extras/ext4_utils/ext4_crypt_init_extensions.cpp
|
36d056c52e78565747786e9870c3c0a9fbf80612 |
|
09-Apr-2015 |
Paul Crowley <paulcrowley@google.com> |
select(2) is bad, always use poll(2). Also remove unnecessary loop. Change-Id: I18cb8d75945413e35dc904bc95362d9b579cb336
/system/extras/ext4_utils/ext4_crypt_init_extensions.cpp
|
d059fdd4ef24d9e23d21a218c098c0376c880a5e |
|
04-Apr-2015 |
Elliott Hughes <enh@google.com> |
Fix missing '\n's in kernel logging. Change-Id: I3a127b2d50012fec2f91fd302bbc611e47e04aff
/system/extras/ext4_utils/ext4_crypt_init_extensions.cpp
|
61980269c14ae78a9ca893a56df67cf475cdfafd |
|
16-Mar-2015 |
Paul Lawrence <paullawrence@google.com> |
ext4_utils: Abstracting ext4 encryption property system Change-Id: Iddca42328e9249eb09eb68e6d5339a02cfebecd0
/system/extras/ext4_utils/ext4_crypt_init_extensions.cpp
|
f9768752cbf6ebac97214a021dc288c7b6592f1e |
|
30-Mar-2015 |
Paul Lawrence <paullawrence@google.com> |
Clean up includes Remove two system files Remove a circular include dependency by using a callback function Change-Id: I159357b3a0ad06d0a7ebf45feb82989bcc1b303a
/system/extras/ext4_utils/ext4_crypt_init_extensions.cpp
|
ee29686943f6c40489b7e3009cc8c87cdde79abf |
|
28-Mar-2015 |
Elliott Hughes <enh@google.com> |
Don't #include "../". If you have to use a relative path (especially one out of the current git project), you probably shouldn't be using those headers... (cherrypick of 0c58a04b5567b84a13269835d9365a045d85b95e.) Change-Id: Ifef6945cf1e884a4aa7f8f5532f1de660a22dafc
/system/extras/ext4_utils/ext4_crypt_init_extensions.cpp
|
92da49db65ffbe0bff1771ecef87ad49e94a0626 |
|
26-Feb-2015 |
Paul Lawrence <paullawrence@google.com> |
[HACK] Adding e4crypt support This is a dirty hack requiring a lot of clean up. Needed to allow other parts to make progress. Add e4crypt functions to libext4_utils Add e4crypt command line tool Change-Id: Iac5ae75e7f39cccc87701faf1f590e44f5209c0e
/system/extras/ext4_utils/ext4_crypt_init_extensions.cpp
|