| c096c9c65ffd4485f137d1b90cffe280cf96fbc6 |
|
24-May-2016 |
Paul Lawrence <paullawrence@google.com> |
Get encryption mode for policy
Get encryption mode from the file saved out in vold
Bug: 28905864
Change-Id: I472a5f3f5f348943a968373910de23ad1b20b138
/system/extras/ext4_utils/ext4_crypt_init_extensions.cpp
|
| 4818b73cf845e05c6b14afb07e38da0b6720865a |
|
24-May-2016 |
Paul Lawrence <paullawrence@google.com> |
Revert "Add fileencrypted=software/ice to fstab options"
This reverts commit e8299d81a18d16b006019f37ec9d84921d5ff845.
Bug: 28905864
Change-Id: I077f1ce7337c7ff42be67fb7acbb80ce5ee9b9ba
/system/extras/ext4_utils/ext4_crypt_init_extensions.cpp
|
| e8299d81a18d16b006019f37ec9d84921d5ff845 |
|
05-May-2016 |
Paul Lawrence <paullawrence@google.com> |
Add fileencrypted=software/ice to fstab options
Bug: 28616054
Change-Id: I34257870d388993d168f6541ef51ee2ce1067a7e
/system/extras/ext4_utils/ext4_crypt_init_extensions.cpp
|
| 8d53b9619ba913354ffdb23acf0108f7445bb8bc |
|
27-Apr-2016 |
Paul Crowley <paulcrowley@google.com> |
Fail with an error if we can't read the policy for encryption
The absence of a policy reference in the unencrypted directory now
causes e4crypt_set_directory_policy to fail with an error. Callers
should call e4crypt_is_native (now moved into here) before calling this.
Bug: 28318405
Change-Id: I209292aba3abad3b19105c9afe2b84e8b3dd6874
/system/extras/ext4_utils/ext4_crypt_init_extensions.cpp
|
| 8b11474652db4f2b7b5c979259619764842175b8 |
|
09-Feb-2016 |
Paul Lawrence <paullawrence@google.com> |
Encrypt /data/misc
Now we have a workaround for 26989796 (we don't touch /data/misc/vold
thanks to:
https://googleplex-android-review.git.corp.google.com/#/c/862867
) we can check this in and remove the need for a data wipe when we land
the proper kernel fix for this issue (stop caching negative file lookups
through a key change)
Bug: 26989796
Change-Id: I83e6b8395b2c6a607b692dc9cf71183b13680071
/system/extras/ext4_utils/ext4_crypt_init_extensions.cpp
|
| 78efe41174950783e39782c71ff8382f851bb487 |
|
03-Feb-2016 |
Jeff Sharkey <jsharkey@android.com> |
Add methods to get and ensure encryption policy.
The ensure call will either assign an encryption policy, or verify
that an existing policy matches the expected value. Uses the new
logging library so that customers can pivot logs into whatever
location they want: vold into logcat and init into dmesg.
Also add new directories that will have user-specific encryption
policy set on them so we avoid setting the default policy.
Bug: 25796509
Change-Id: Ia535630092822c80cde0939d8e46e6b47d9be2d8
/system/extras/ext4_utils/ext4_crypt_init_extensions.cpp
|
| 59ffd6d9c7dd3ddaa036956d89c3e4d416769bf6 |
|
04-Feb-2016 |
Paul Lawrence <paullawrence@google.com> |
Remove unencrypted properties
Change-Id: I59596be7c7df9151f4966a5051f06bcb087345dd
/system/extras/ext4_utils/ext4_crypt_init_extensions.cpp
|
| c04a424727e3f6b427da5e0666bb879ce7eef340 |
|
01-Feb-2016 |
Paul Crowley <paulcrowley@google.com> |
Merge "Give init the means to invoke "cryptfs init_user0""
|
| facc16251cd66bdd229c9429818d8f0b7daa8a02 |
|
01-Feb-2016 |
Paul Crowley <paulcrowley@google.com> |
Give init the means to invoke "cryptfs init_user0"
Init needs to initialize user 0 for FBE devices via a vdc command.
Bug: 26704408
Change-Id: Ide6d1fdcb55e87c22820310c6d1cf9640e77d25e
/system/extras/ext4_utils/ext4_crypt_init_extensions.cpp
|
| e0b351bc2ccdd92068ba269c5346256f0b3ec49e |
|
28-Jan-2016 |
Paul Crowley <paulcrowley@google.com> |
Add support for per-user DE keys.
Bug: 26704408
Change-Id: I41b2d0641cce8db9e6b98e6e2f0c635426b1d1e2
/system/extras/ext4_utils/ext4_crypt_init_extensions.cpp
|
| f50af65122389079aeb4fa68819075768a530bb4 |
|
20-Jan-2016 |
Paul Crowley <paulcrowley@google.com> |
Remove no-longer-needed crypto init builtins
Changes to the way FBE works to support lifecycles mean that these
commands aren't needed any more.
Bug: 22358539
Change-Id: I974f32c83c344403d5117bc02b7d67771123abaa
/system/extras/ext4_utils/ext4_crypt_init_extensions.cpp
|
| e599e047ad60385d34f983561ac33e6fb33b3d13 |
|
19-Jan-2016 |
Paul Crowley <paulcrowley@google.com> |
Exclude several more directories in /data from encryption
Several directories need to be unencrypted so that policy can be set
on their subdirectories, so exclude them all from device-level
encryption.
This also excludes /data/misc, which must be encrypted for security.
However a weird bug with a disappearing /data/misc/vold was blocking
my development, so I included it here in order to make progress. See
b/26673855
Bug: 22358539
Change-Id: Ied67264a42cc8f911c5ecb4acc5e2b650b8d06a7
/system/extras/ext4_utils/ext4_crypt_init_extensions.cpp
|
| 3045e27e894dd8a90faabc0177e080114b35af3b |
|
09-Dec-2015 |
Paul Lawrence <paullawrence@google.com> |
Add createuserkey
Add createuserkey so we can create user0 key on first boot
Change-Id: I211a5a483c416da08239341f85eaf6eb99dca797
/system/extras/ext4_utils/ext4_crypt_init_extensions.cpp
|
| f939fe30e92270112946ec1ee57f24ab5a34def9 |
|
11-Nov-2015 |
Jeff Sharkey <jsharkey@android.com> |
Special-case for credential encrypted system dir.
Bug: 22358539
Change-Id: I85a3b9df6047fb716ba4f82583d53687c51bf590
/system/extras/ext4_utils/ext4_crypt_init_extensions.cpp
|
| 883d7a7d08cae35d8a1479c4d5b40d2d8fa3ff5c |
|
12-Aug-2015 |
Dan Albert <danalbert@google.com> |
am 89a2254a: Merge "Add missing include."
* commit '89a2254abae3f427aa85fb3a3afe9a27cdfad68d':
Add missing include.
|
| 019954add8af22d618ae3b68529a3f941a17f2bf |
|
12-Aug-2015 |
Dan Albert <danalbert@google.com> |
Add missing include.
Used to be transitively included by libc++.
Change-Id: I07497ccc9bbcf3370b065876d91aed760c5f6118
/system/extras/ext4_utils/ext4_crypt_init_extensions.cpp
|
| dd22cb338ad59a4766e9ee47936f1e10b386e128 |
|
16-Jul-2015 |
Paul Lawrence <paullawrence@google.com> |
Actually encrypt stuff
Fix really dumb error in checkin
https://googleplex-android-review.git.corp.google.com/#/c/728542
This did the opposite of what I want
Bug: 22502319
Change-Id: I502c9b62d127e6221bbc5ff1a209cb0312ec943f
/system/extras/ext4_utils/ext4_crypt_init_extensions.cpp
|
| 65df483af2efcb2ab9fd82ae53f9aeaa55f0cebd |
|
16-Jul-2015 |
Paul Lawrence <paullawrence@google.com> |
Don't encrypt lost+found
ext4 encryption doesn't like it, and the kernel crashes.
Also fix a formatting error in logs.
Bug: 22478103
Change-Id: Ia25f4b0c1c9eeb20e39b795c7827c5bd1a11cb6a
/system/extras/ext4_utils/ext4_crypt_init_extensions.cpp
|
| e92c682fb37a21a38406281f3038c5168fd26b3e |
|
28-May-2015 |
Paul Crowley <paulcrowley@google.com> |
Improve error logging.
Bug: 19704432
Change-Id: I697ec4ef879b522d073e5eacc49665479f082ae9
/system/extras/ext4_utils/ext4_crypt_init_extensions.cpp
|
| 45f1a1fd1f1cea461abea44de4b0696b6c45767f |
|
28-May-2015 |
Paul Crowley <paulcrowley@google.com> |
Add e4crypt_set_user_crypto_policies, calls vdc setusercryptopolicies
Bug: 19704432
(cherry picked from commit 09d3fdffad0ccbed36f0ece966e85aed23c626d7)
Change-Id: Ib7ef9365063ed69774169b22071f2a42d2f5ef21
/system/extras/ext4_utils/ext4_crypt_init_extensions.cpp
|
| 15e73f525c38d9ccdf8806a6227e83867b8e259b |
|
06-May-2015 |
Paul Crowley <paulcrowley@google.com> |
Don't apply default encryption to /data/user, it should get per-user
encryption.
Bug: 19704432
(cherry-picked from commit 0050336a0a19019a68374b9eef51e00d6b242f57)
Change-Id: I646f3408ccc06f580d62a2f90f7b895288585396
/system/extras/ext4_utils/ext4_crypt_init_extensions.cpp
|
| 2fa9e939581d944f0204291c53356d6b8c3a938f |
|
12-Jun-2015 |
Paul Lawrence <paullawrence@google.com> |
Retry polling to prevent failures
Change-Id: I182ee7f70c5a96bbcdb0fc9e35df67c45a937757
/system/extras/ext4_utils/ext4_crypt_init_extensions.cpp
|
| b411bcc138293db5e09c1f5af638115b3c7c18f8 |
|
03-Jun-2015 |
Paul Lawrence <paullawrence@google.com> |
Move crypt commands to a different listener in vold
In order to prevent this bug from happening, we must allow vold cryptfs
commands to complete while a long running mount is underway.
While waiting for vold to be changed to a binder interface, we will simply
create two listeners, one for cryptfs and one for everything else.
Bug: 19197175
Change-Id: Id87764ed68c169fc6b94ea4f4f7a51a7ec9c7564
/system/extras/ext4_utils/ext4_crypt_init_extensions.cpp
|
| af02e8aa9164f723a0c2a421a97c227c5adff4c2 |
|
01-May-2015 |
Paul Lawrence <paullawrence@google.com> |
DO NOT MERGE New faster file open kernel
(chery-picked from commit b01dc1c52ec0a4ec5e07a18ffb5b105a997cc329)
Bug: 18151196
Change-Id: Icdb3d9afa1db125102d01cd06f45dbc99ca78021
/system/extras/ext4_utils/ext4_crypt_init_extensions.cpp
|
| a47a1331f75433fe25e3f57ffdecea92f7e48425 |
|
05-May-2015 |
Paul Lawrence <paullawrence@google.com> |
DO NOT MERGE Use default key permissions for ext4enc
(cherry-picked from commit 478a01d6f2081f7807b99774d005fee373847f23)
As per discussion default permissions are the correct ones.
Note that since we use logon keys, they cannot be read outside
the kernel.
Note also that we limit who can read/write keys in selinux policy.
Bug: 18151196
Change-Id: I15dc0de92643ae1472b0cde79c464fb3e1a1d453
/system/extras/ext4_utils/ext4_crypt_init_extensions.cpp
|
| db1d49c70eec489cf3d60a4ec70a8e7c0f3f2b76 |
|
10-Apr-2015 |
Paul Lawrence <paullawrence@google.com> |
DO NOT MERGE New ext4enc kernel switching from xattrs to ioctl
(cherry-picked from commit 9f53fb4abca1ee3af7b537c95445161db4b81f86)
This is one of three changes to enable this functionality:
https://android-review.googlesource.com/#/c/146259/
https://android-review.googlesource.com/#/c/146264/
https://android-review.googlesource.com/#/c/146265/
Bug: 18151196
Change-Id: I05b96f49b8848e82484a500e4536bdb4d2cdd635
/system/extras/ext4_utils/ext4_crypt_init_extensions.cpp
|
| bc2eb8c3fd621605ff1ccaed04a71e6685acc974 |
|
29-Apr-2015 |
Paul Lawrence <paullawrence@google.com> |
DO NOT MERGE Securely encrypt the master key
(cherry-picked from commit 377cd1957172c19ee21baa3d6bda0840f1ce020d)
Move all key management into vold
Reuse vold's existing key management through the crypto footer
to manage the device wide keys.
Use ro.crypto.type flag to determine crypto type, which prevents
any issues when running in block encrypted mode, as well as speeding
up boot in block or no encryption.
This is one of four changes to enable this functionality:
https://android-review.googlesource.com/#/c/148586/
https://android-review.googlesource.com/#/c/148604/
https://android-review.googlesource.com/#/c/148606/
https://android-review.googlesource.com/#/c/148607/
Bug: 18151196
Change-Id: I7a4ef3f3a937c45ff18f17c9ad1398293a8630f3
/system/extras/ext4_utils/ext4_crypt_init_extensions.cpp
|
| 0050336a0a19019a68374b9eef51e00d6b242f57 |
|
06-May-2015 |
Paul Crowley <paulcrowley@google.com> |
Don't apply default encryption to /data/user, it should get per-user
encryption.
Bug: 19704432
Change-Id: I4eb8b6a966c3923f5222dfc068d7a3aef2b23adb
/system/extras/ext4_utils/ext4_crypt_init_extensions.cpp
|
| 478a01d6f2081f7807b99774d005fee373847f23 |
|
05-May-2015 |
Paul Lawrence <paullawrence@google.com> |
Use default key permissions for ext4enc
As per discussion default permissions are the correct ones.
Note that since we use logon keys, they cannot be read outside
the kernel.
Note also that we limit who can read/write keys in selinux policy.
Bug: 18151196
Change-Id: I15dc0de92643ae1472b0cde79c464fb3e1a1d453
/system/extras/ext4_utils/ext4_crypt_init_extensions.cpp
|
| b01dc1c52ec0a4ec5e07a18ffb5b105a997cc329 |
|
01-May-2015 |
Paul Lawrence <paullawrence@google.com> |
New faster file open kernel
Bug: 18151196
Change-Id: Icdb3d9afa1db125102d01cd06f45dbc99ca78021
/system/extras/ext4_utils/ext4_crypt_init_extensions.cpp
|
| 9f53fb4abca1ee3af7b537c95445161db4b81f86 |
|
10-Apr-2015 |
Paul Lawrence <paullawrence@google.com> |
New ext4enc kernel switching from xattrs to ioctl
This is one of three changes to enable this functionality:
https://android-review.googlesource.com/#/c/146259/
https://android-review.googlesource.com/#/c/146264/
https://android-review.googlesource.com/#/c/146265/
Bug: 18151196
Change-Id: I05b96f49b8848e82484a500e4536bdb4d2cdd635
/system/extras/ext4_utils/ext4_crypt_init_extensions.cpp
|
| 377cd1957172c19ee21baa3d6bda0840f1ce020d |
|
29-Apr-2015 |
Paul Lawrence <paullawrence@google.com> |
Securely encrypt the master key
Move all key management into vold
Reuse vold's existing key management through the crypto footer
to manage the device wide keys.
Use ro.crypto.type flag to determine crypto type, which prevents
any issues when running in block encrypted mode, as well as speeding
up boot in block or no encryption.
This is one of four changes to enable this functionality:
https://android-review.googlesource.com/#/c/148586/
https://android-review.googlesource.com/#/c/148604/
https://android-review.googlesource.com/#/c/148606/
https://android-review.googlesource.com/#/c/148607/
Bug: 18151196
Change-Id: I7a4ef3f3a937c45ff18f17c9ad1398293a8630f3
/system/extras/ext4_utils/ext4_crypt_init_extensions.cpp
|
| ea2ec8875c9b024613d3ec5270bca6247c06d6bd |
|
28-Apr-2015 |
Paul Lawrence <paullawrence@google.com> |
Revert "Securely encrypt the master key"
This reverts commit af2359fdc4a45fcf482d1a316bae1fff226c425b.
Change-Id: Icd4d04adf5c0728357caa6eb225b9a08fd0ad552
/system/extras/ext4_utils/ext4_crypt_init_extensions.cpp
|
| af2359fdc4a45fcf482d1a316bae1fff226c425b |
|
31-Mar-2015 |
Paul Lawrence <paullawrence@google.com> |
Securely encrypt the master key
Move functionality from init into vold so we can use
vold to manage key encryption
This is one of four changes to enable this functionality:
https://android-review.googlesource.com/#/c/144586/
https://android-review.googlesource.com/#/c/144663/
https://android-review.googlesource.com/#/c/144672/
https://android-review.googlesource.com/#/c/144673/
Bug: 18151196
Change-Id: I4a1c79d27f0d225a9ce4ac21653279919f75c991
/system/extras/ext4_utils/ext4_crypt_init_extensions.cpp
|
| 36d056c52e78565747786e9870c3c0a9fbf80612 |
|
09-Apr-2015 |
Paul Crowley <paulcrowley@google.com> |
select(2) is bad, always use poll(2). Also remove unnecessary loop.
Change-Id: I18cb8d75945413e35dc904bc95362d9b579cb336
/system/extras/ext4_utils/ext4_crypt_init_extensions.cpp
|
| d059fdd4ef24d9e23d21a218c098c0376c880a5e |
|
04-Apr-2015 |
Elliott Hughes <enh@google.com> |
Fix missing '\n's in kernel logging.
Change-Id: I3a127b2d50012fec2f91fd302bbc611e47e04aff
/system/extras/ext4_utils/ext4_crypt_init_extensions.cpp
|
| 61980269c14ae78a9ca893a56df67cf475cdfafd |
|
16-Mar-2015 |
Paul Lawrence <paullawrence@google.com> |
ext4_utils: Abstracting ext4 encryption property system
Change-Id: Iddca42328e9249eb09eb68e6d5339a02cfebecd0
/system/extras/ext4_utils/ext4_crypt_init_extensions.cpp
|
| f9768752cbf6ebac97214a021dc288c7b6592f1e |
|
30-Mar-2015 |
Paul Lawrence <paullawrence@google.com> |
Clean up includes
Remove two system files
Remove a circular include dependency by using a callback function
Change-Id: I159357b3a0ad06d0a7ebf45feb82989bcc1b303a
/system/extras/ext4_utils/ext4_crypt_init_extensions.cpp
|
| ee29686943f6c40489b7e3009cc8c87cdde79abf |
|
28-Mar-2015 |
Elliott Hughes <enh@google.com> |
Don't #include "../".
If you have to use a relative path (especially one out of the current
git project), you probably shouldn't be using those headers...
(cherrypick of 0c58a04b5567b84a13269835d9365a045d85b95e.)
Change-Id: Ifef6945cf1e884a4aa7f8f5532f1de660a22dafc
/system/extras/ext4_utils/ext4_crypt_init_extensions.cpp
|
| 92da49db65ffbe0bff1771ecef87ad49e94a0626 |
|
26-Feb-2015 |
Paul Lawrence <paullawrence@google.com> |
[HACK] Adding e4crypt support
This is a dirty hack requiring a lot of clean up.
Needed to allow other parts to make progress.
Add e4crypt functions to libext4_utils
Add e4crypt command line tool
Change-Id: Iac5ae75e7f39cccc87701faf1f590e44f5209c0e
/system/extras/ext4_utils/ext4_crypt_init_extensions.cpp
|