f8d604caf3f9bf0aed9ef070c40933a94016232b |
|
27-Apr-2017 |
Rubin Xu <rubinxu@google.com> |
Add secdiscard command for secure deletion of files This is used by LockSettingsService to delete sensitive credential files. Bug: 34600579 Test: manual - change device lock under synthetic password, verify old data on disk is erased. Change-Id: I5e11b559ad8818bd2ad2b321d67d21477aab7555 Merged-In: I5e11b559ad8818bd2ad2b321d67d21477aab7555
/system/vold/Ext4Crypt.cpp
|
c40996e71915fe86775bf79cea405dc7d558f792 |
|
30-Apr-2017 |
TreeHugger Robot <treehugger-gerrit@google.com> |
Merge "Revert "Revert "Stop dropping caches now we have kernel fix""" into oc-dev
|
c6bf7c7544b2ea057aba3f2a41652bad0d165e16 |
|
28-Apr-2017 |
Daniel Rosenberg <drosen@google.com> |
Revert "Revert "Stop dropping caches now we have kernel fix"" This reverts commit 8ad0bef7b5b1b6e1ba3afe441d2dcc9a06e782a7. Bug: 37231161 Test: Boot device with FBE enabled. ls /storage/emulated/0/Android Unlock device. ls /storage/emulated/0/Android 1st will not be found. Second should be found. Change-Id: I92c7ad0adaa7bd357e10661a47cc667ac0ff84b4 Merged-In: I92c7ad0adaa7bd357e10661a47cc667ac0ff84b4
/system/vold/Ext4Crypt.cpp
|
392c4dbdc1a0220f35d5c34d5c61f8a8197d175f |
|
05-Apr-2017 |
Yong Yao <yong.yao@intel.com> |
Fix keyname generation issue The keyname binded to keyring return a wrong string when there are binary char larger than 127, the sign extension will introduce unexpect FFFFFF string to the keyname. Bug: 36975893 Test: local build Change-Id: Iba2f6ef95aeacd08c8d6c72b71e7b92e956ec3fc Signed-off-by: Ai, Ting A <ting.a.ai@intel.com>
/system/vold/Ext4Crypt.cpp
|
8ad0bef7b5b1b6e1ba3afe441d2dcc9a06e782a7 |
|
20-Apr-2017 |
Daniel Rosenberg <drosen@google.com> |
Revert "Stop dropping caches now we have kernel fix" This reverts commit 6abe6831b59a56145cdd28445cd46fa3c79ecb92. Bringing this back temporarily for the same issue on sdcardfs. Will remove once the kernel issue is resolved. Change-Id: Ia29ea4fddb7777012a2eea9259f9ac856773fe01 Bug: 37231161 Test: Boot device with FBE enabled. ls /storage/emulated/0/Android Unlock device. ls /storage/emulated/0/Android 1st will not be found. Second should be found.
/system/vold/Ext4Crypt.cpp
|
fa4039b1620987d82f119576cbdfaf503cd4e2b5 |
|
04-Apr-2017 |
Eric Biggers <ebiggers@google.com> |
vold: unlink ext4 encryption keys rather than revoking them Unlinking keys rather than revoking them avoids bugs in certain kernel versions without having to hack around the problem with an arbitrary 20 second delay, which is not guaranteed to be sufficient and has caused full device hangs like in b/35988361. Furthermore, in the context of filesystem encryption, unlinking is not currently supposed to be any less secure than revoking. There was a case where revoking (but not unlinking) keys will cause the filesystem to deny access to files that were previously opened with that key. However, this was a means of _access control_, which encryption is not intended to be used for. Instead, file permissions and/or SELinux should be used to enforce access control, while filesystem encryption should be used to protect data at rest independently from access control. This misfeature has also been removed upstream (and backported to 4.4-stable and 4.9-stable) because it caused CVE-2017-7374. Eventually we'd really like to make the kernel support proper revocation of filesystem encryption keys, i.e. fully clearing all key material and plaintext and safely waiting for any affected filesystem operations or writeback to complete. But for now this functionality does not exist. ('sync && echo 3 > /proc/sys/vm/drop_caches' can be useful, but it's not good enough.) Bug: 35988361 Change-Id: Ib44effe5368cdce380ae129dc4e6c6fde6cb2719 (cherry picked from commit fd7ba5e4c61691d8a45bc729b7659940a984bab0)
/system/vold/Ext4Crypt.cpp
|
4c4958d706d779daec0852bb254c2766396be71f |
|
07-Mar-2017 |
Calin Juravle <calin@google.com> |
Merge "Vold: Clean up code related to foreign dex use" am: 61a7d1a815 am: aaa95fbdfe am: 0a8d4511c8 Change-Id: I3a84eca8a285bed3ec42c8744db8974e0109fb65
|
3a68f141927a8a473b1e7aca11fb1b20ddda77b3 |
|
04-Mar-2017 |
Calin Juravle <calin@google.com> |
Vold: Clean up code related to foreign dex use We simplified the way we track whether or not a dex file is used by other apps. DexManger in the framework keeps track of the data and we no longer need file markers on disk. Test: device boots, foreign dex markers are not created anymore Bug: 32871170 Change-Id: Id0360205b019be92049f36eab4339f4736e974f4
/system/vold/Ext4Crypt.cpp
|
b45caafbccbb743c8b01a5287188969883dec377 |
|
02-Feb-2017 |
Eric Biggers <ebiggers@google.com> |
vold: allow specifying HEH filenames encryption Make the vold changes needed to support specifying aes-256-heh filenames encryption. The previous mode, aes-256-cts, remains supported as well. The file /data/unencrypted/mode is updated to have the syntax contents_encryption_mode[:filenames_encryption_mode] instead of just contents_encryption_mode. This is consistent with the new fstab syntax. Bug: 34712722 Change-Id: Ibc236d0ec4fdeda4e4e301f45fb996317692cfa3
/system/vold/Ext4Crypt.cpp
|
7ec25c715f835c741d51a7ec0fd7b28220543364 |
|
31-Oct-2016 |
Andrew Scull <ascull@google.com> |
Evict CE keys on request or when a user is removed. A work around for a kernel bug is needed to avoid the phone locking up and turning into a hand warmer. Test: com.android.cts.devicepolicy.ManagedProfileTest#testLockNowWithKeyEviction* Bug: 31000719 Change-Id: Ia2121b3e3c22b10351296fa998892a91e601bb2c
/system/vold/Ext4Crypt.cpp
|
4f70554179273c1ec8ec4f502382334f584a4e40 |
|
28-Oct-2016 |
Paul Crowley <paulcrowley@google.com> |
Merge "Remove misleading comment (b/26948053)" am: dbeebf56aa Change-Id: I6e63f700ecd9cad50956cc2a1cc34b4f81b1a497
|
99360d76e548dcf4301669ad7763c90347615861 |
|
19-Oct-2016 |
Paul Crowley <paulcrowley@google.com> |
Remove misleading comment (b/26948053) Vold is considered part of our trusted computing base, and compromising vold is already identified as a complete device compromise. While storing keys only in the kernel would be better, the current setup does not introduce a security bug or worsen any security control. Bug: 26948053 Test: Comment-only change. Change-Id: Ib5436f4386769ec44b74dc6b50fbcc0fed99b96b
/system/vold/Ext4Crypt.cpp
|
985d0805e7f04e45e02fcdce340ccd438ce76d0b |
|
11-Oct-2016 |
Tao Bao <tbao@google.com> |
Merge "Update the header path for ext4_utils." am: 6a18a6ddb5 am: 4759d1d637 am: e85d4467f5 Change-Id: I78ef6034fc2586383e70345bcd186875528c9ffc
|
989fec27690758ad1e6c521713f1a88c50c9c857 |
|
06-Oct-2016 |
Tao Bao <tbao@google.com> |
Update the header path for ext4_utils. Test: mmma system/vold Change-Id: I805b8874b05b8043390c2cd3c143cc469913c067
/system/vold/Ext4Crypt.cpp
|
25a713873c8f8d37f7ebbadfbf1ebfaf4bac106b |
|
26-Jul-2016 |
Paul Crowley <paulcrowley@google.com> |
Don't try to fixate CE keys for ephemeral users Ephemeral users don't have keys stored on disk at all, so it's neither necessary nor possible to manipulate the disk keys here. Bug: 30038313 Change-Id: Idc7ec1bfe1e8a6ffa6cee2f284dbe378097b08da
/system/vold/Ext4Crypt.cpp
|
ab0b56aef33f04f4d7a352d5790b2d9cd9e7d6d3 |
|
20-Jul-2016 |
Paul Crowley <paulcrowley@google.com> |
Don't fail if a key we want to delete is already deleted This can happen when cleaning up stale users at boot time. Bug: 30158800 Change-Id: I2733d8d525fc79b7f05eb2225b7e6e14c4da277f
/system/vold/Ext4Crypt.cpp
|
abc253884fbd846c5a08122e16e7957cb9be738f |
|
20-Jul-2016 |
Paul Crowley <paulcrowley@google.com> |
Don't evict keys when we delete users Work around a kernel bug that was causing lockups. Bug: 30225438 Change-Id: Ia6eb60774037e692351af8eaed98b79596ea3635
/system/vold/Ext4Crypt.cpp
|
d24aeda425196a7ab0a19c00bc9a4ced6383432b |
|
16-Jul-2016 |
Jeff Sharkey <jsharkey@android.com> |
Only restorecon CE storage after unlocked. On FBE devices, the filenames inside credential-encrypted directories are mangled until the key is installed. This means the initial restorecon at boot needs to skip these directories until the keys are installed. This CL uses an existing facility to request that init run a recursive restorecon over a given path, and it requests that operation for the CE directories that would have been omitted by the SKIPCE flag earlier during boot. Bug: 30126557 Change-Id: I8c7abea27215075a091f615a7185a82a2f4a4a95
/system/vold/Ext4Crypt.cpp
|
6abe6831b59a56145cdd28445cd46fa3c79ecb92 |
|
22-Jun-2016 |
Paul Lawrence <paullawrence@google.com> |
Stop dropping caches now we have kernel fix Only merge once https://partner-android-review.googlesource.com/#/c/619829/1 has been merged into kernel. Bug: 28779973 Change-Id: Icef78d1e4381e89e07797c36f6f650033d313557
/system/vold/Ext4Crypt.cpp
|
6e410597343716924ed4943d1eabd3dea614d325 |
|
24-May-2016 |
Paul Lawrence <paullawrence@google.com> |
Set encryption mode in mode file Bug: 28905864 Change-Id: Ie2a5c3e029075d53a86ef3afb7fe364c16d8d52b
/system/vold/Ext4Crypt.cpp
|
3ae29e774038b423618a1618c0056108db77759e |
|
24-May-2016 |
Paul Lawrence <paullawrence@google.com> |
Revert "Add fileencrypted=software/ice to fstab options" This reverts commit 01f1bc725475098e5ae07fd8f440abcd55b154c4. Bug: 28905864 Change-Id: I489f5d073530438829038630af7af6b2a5cbdbbe
/system/vold/Ext4Crypt.cpp
|
8fd77a05ccccc86be7da7b2f61e6580f0f20eb42 |
|
19-May-2016 |
Paul Crowley <paulcrowley@google.com> |
Two phases to set the password for disk encryption am: a363036b44 * commit 'a363036b44f7f140aa9a943578f56abff5880a60': Two phases to set the password for disk encryption Change-Id: Ia28823079d8c0bda220238339f28095b234a0ae5
|
a363036b44f7f140aa9a943578f56abff5880a60 |
|
17-May-2016 |
Paul Crowley <paulcrowley@google.com> |
Two phases to set the password for disk encryption Revert "Revert "Two phases to set the password for disk encryption"" This reverts commit d402389290eeef86be7eb9241e20fdd125d44eb1. In addition, fix the bug in the original commit. Bug: 28154455 Bug: 28694324 Change-Id: I885f1d73e739416347c135d79979941c2bbdbe62
/system/vold/Ext4Crypt.cpp
|
01f1bc725475098e5ae07fd8f440abcd55b154c4 |
|
05-May-2016 |
Paul Lawrence <paullawrence@google.com> |
Add fileencrypted=software/ice to fstab options Bug: 28616054 Change-Id: If3fddd62f069c7e3e8369a1db68e69c390059d63
/system/vold/Ext4Crypt.cpp
|
44ddebaac0465a9a88b68ca04bbb69b576a0d067 |
|
11-May-2016 |
Paul Crowley <paulcrowley@google.com> |
Merge "e4crypt_is_native has been moved into system/extras." into nyc-dev am: cfa03d4a4c * commit 'cfa03d4a4c53acf41dca2c41a2efd00de06043bb': e4crypt_is_native has been moved into system/extras. Change-Id: I345475c44fb2d8812a25c9f2195c748cddc55bfe
|
cfa03d4a4c53acf41dca2c41a2efd00de06043bb |
|
11-May-2016 |
Paul Crowley <paulcrowley@google.com> |
Merge "e4crypt_is_native has been moved into system/extras." into nyc-dev
|
26642bf7bf8f645f3d10fe0d36149d5f8b3b92fb |
|
10-May-2016 |
Paul Crowley <paulcrowley@google.com> |
Revert "Two phases to set the password for disk encryption" am: d402389290 * commit 'd402389290eeef86be7eb9241e20fdd125d44eb1': Revert "Two phases to set the password for disk encryption" Change-Id: I53a3804fc7bff9c99840aeee36fc4b7ff8e46ac1
|
d402389290eeef86be7eb9241e20fdd125d44eb1 |
|
10-May-2016 |
Paul Crowley <paulcrowley@google.com> |
Revert "Two phases to set the password for disk encryption" This reverts commit 92c5eeb46779f0fa1c9e6db6b0d632d960cbb2e4. Bug: 28694324 Change-Id: Ibbbaff287f4dd28f4a13e122a3617987a8875a44
/system/vold/Ext4Crypt.cpp
|
4d2d5244d68e907feb58167b3ee9b40288927247 |
|
27-Apr-2016 |
Paul Crowley <paulcrowley@google.com> |
e4crypt_is_native has been moved into system/extras. Bug: 28318405 Change-Id: Id962764cf7fb5f58b769bf99aeb6d3d69cb66991
/system/vold/Ext4Crypt.cpp
|
4e44272c3d1e2f5c0040acefc3812781aeea1736 |
|
09-May-2016 |
Paul Crowley <paulcrowley@google.com> |
Two phases to set the password for disk encryption am: 92c5eeb467 * commit '92c5eeb46779f0fa1c9e6db6b0d632d960cbb2e4': Two phases to set the password for disk encryption Change-Id: I82c1cfa2874ac4709e42f5c2047c832cbcaccb91
|
92c5eeb46779f0fa1c9e6db6b0d632d960cbb2e4 |
|
22-Apr-2016 |
Paul Crowley <paulcrowley@google.com> |
Two phases to set the password for disk encryption In one phase, we make the new password work, and in the second we make it the only one which works ("fixation"). This means that we can set the password in Gatekeeper between these two phases, and a crash doesn't break things. Unlocking a user automatically fixates the presented credential. Bug: 28154455 Change-Id: I54623c8652f0c9f72dd60388a7dc0ab2d48e81c7
/system/vold/Ext4Crypt.cpp
|
85e3d8cd50c540b1a4827bd179e3b8b609731e61 |
|
26-Apr-2016 |
Paul Lawrence <paullawrence@google.com> |
Drop caches after installing key policy to avoid cache clashes Note that this is an ugly workaround for a kernel bug. Bug: 28373400 Change-Id: Iec1ae53f4e18f06e41e8cf1fcc3ab03fc9848632
/system/vold/Ext4Crypt.cpp
|
be70c9ae2251ac8f3bfbbe75146f8c533d64e01b |
|
15-Apr-2016 |
Jeff Sharkey <jsharkey@android.com> |
Consistent creation/destruction of user data. Preparing and destroying users currently needs to be split across installd, system_server, and vold, since no single party has all the required SELinux permissions. Bug: 27896918, 25861755 Change-Id: Ieec14ccacfc7a3a5ab00df47ace7318feb900c38
/system/vold/Ext4Crypt.cpp
|
71ee662ec3f82db66f1a34579aff75cc27d4b205 |
|
25-Mar-2016 |
Paul Crowley <paulcrowley@google.com> |
Don't fail if the CE key isn't loaded in destroy_user_key Users don't have to be unlocked to be deleted, so don't worry if we don't have their key to evict. Bug: 26847403 Bug: 27441228 Change-Id: Ifd93f620926630aa102a3bb4a5d2d45d34f9b75d
/system/vold/Ext4Crypt.cpp
|
df528a7011b302c91579898c4a37361214ab05bb |
|
09-Mar-2016 |
Paul Crowley <paulcrowley@google.com> |
Run clang-format over ext4crypt related code The formatting here is inconsistent with Android house style; use clang-format to bring it back into line. Change-Id: Id1fe6ff54e9b668ca88c3fc021ae0a5bdd1327eb
/system/vold/Ext4Crypt.cpp
|
a051eb7a22b7cd97e66d2f22b64884f8ebc73952 |
|
09-Mar-2016 |
Paul Crowley <paulcrowley@google.com> |
Use pointers not references for out arguments Google/Android C++ style requires that arguments passed in for writing should be pointers, not references, so that it's visible in the caller that they'll be written to. Bug: 27566014 Change-Id: I5cd55906cc4b2f61c8b97b223786be0b3ce28862
/system/vold/Ext4Crypt.cpp
|
d9b9295b8c2f17448f4eb3ea2c6f7d4a5c207c3f |
|
04-Mar-2016 |
Paul Crowley <paulcrowley@google.com> |
Fix memory leak in generate_key wrapper. Other fixes. - catch errors in looking for the keyring - static_assert to prevent a buffer overrun - remove obsolete, misleading comment - dial down priority of some log messages - explain why we ignore some errors - idiomatic C++11 Bug: 27552432 Change-Id: Ic3ee05b41eae45e7c6b571a459b326a483663526
/system/vold/Ext4Crypt.cpp
|
ad8e26297b07f26376bd3125b11ae280304c22e8 |
|
02-Mar-2016 |
Paul Crowley <paulcrowley@google.com> |
Merge "Use a proper key length for the mode." into nyc-dev
|
2199069aca9df1064ced73fa5803bba524ab1f0d |
|
02-Mar-2016 |
Paul Crowley <paulcrowley@google.com> |
Use a proper key length for the mode. Bug: 27440526 Change-Id: I818450252dcd39f21948fc2e70856659eba5f50f
/system/vold/Ext4Crypt.cpp
|
d1ee944f0839d60b014722c7facbb4a66bd4f2c3 |
|
02-Mar-2016 |
Calin Juravle <calin@google.com> |
Prepare profile directories only for the internal storage Bug: 27444691 Change-Id: I0d30e8883fe655c90cda47ab167a878764ea0802
/system/vold/Ext4Crypt.cpp
|
493f5aa16075eec6948f476b3fe0d29de063ee85 |
|
24-Feb-2016 |
Calin Juravle <calin@google.com> |
Create profile folder for foreign dex markers. This is a special profile folder where apps will leave profile markers for the dex files they load and don't own. System server will read the markers and decide if the apks should be fully compiled instead of profile guide compiled. Bug: 27334750 Bug: 26080105 Change-Id: Ib18f20cf78a8dbfc465610ec6ceec52699c5420a
/system/vold/Ext4Crypt.cpp
|
79f55a461f1edf90b769824c6a69dcb520614d83 |
|
17-Feb-2016 |
Calin Juravle <calin@google.com> |
Prepare user profile folder Bug: 26719109 Bug: 26563023 Change-Id: I4737b7f73df74b2b787a62db2e231f136115b359
/system/vold/Ext4Crypt.cpp
|
ad2eb644132bde9f821e35dc18cbcfed5db3662b |
|
10-Feb-2016 |
Paul Crowley <paulcrowley@google.com> |
Log a warning if old creds passed to change_user_key don't work. Bug: 26948053 Change-Id: I8c117bfe5e85e73af72b6ecafea39924f3561c7c
/system/vold/Ext4Crypt.cpp
|
63c18d3ba9179ee0e678564e12aa845d9a6c3ec8 |
|
10-Feb-2016 |
Paul Crowley <paulcrowley@google.com> |
Add scrypt-based password stretching. Bug: 27056334 Change-Id: Ifa7f776c21c439f89dad7836175fbd045e1c603e
/system/vold/Ext4Crypt.cpp
|
76107cb3f4845b1a51a1a291c70ea3e12f9c14d0 |
|
09-Feb-2016 |
Paul Crowley <paulcrowley@google.com> |
Prefer bool returns to int throughout Change-Id: Ib3592b598ee07bc71a6f9507570bf4623c1cdd6a
/system/vold/Ext4Crypt.cpp
|
38132a1f667412d6b08ae90cc64a011d76906cc0 |
|
09-Feb-2016 |
Paul Crowley <paulcrowley@google.com> |
Refactor now that global DE has been reworked Change-Id: I4d6156332cfc847e25e7c8863fd6a50fa325fb87
/system/vold/Ext4Crypt.cpp
|
57eedbf8cbd21899a3395ce6f153cd0e05898f3b |
|
09-Feb-2016 |
Paul Crowley <paulcrowley@google.com> |
Fix some "false" returns to be "-1" where appropriate in e4crypt_enable Also fix a PLOG that should be a LOG. Change-Id: Ic5ae288c37b6e236172f9e38349c2d0d530bfd4d
/system/vold/Ext4Crypt.cpp
|
695d9282862bac4fb4034ebb2d5b089b8ff9c4a3 |
|
09-Feb-2016 |
Jeff Sharkey <jsharkey@android.com> |
e4crypt_unlock_user_key no longer likes nullptr. Bug: 27075797 Change-Id: I835d17d02ea50a88ef0a5322a30e04f3d0237019
/system/vold/Ext4Crypt.cpp
|
f7a0d007d23ca924b6e85d609c787f05a503f285 |
|
08-Feb-2016 |
Paul Crowley <paulcrowley@google.com> |
Add new argument to unlock_user_key, fixing merge-caused error. Change-Id: Ic51f375e500cd61bda926e3b039126a840ed89f0
/system/vold/Ext4Crypt.cpp
|
5c025bd9a54ac5f291005735f97bc66c0da98d01 |
|
08-Feb-2016 |
Paul Crowley <paulcrowley@google.com> |
Merge "Password security for FBE disk encryption keys" into nyc-dev
|
0572080814ea5f7456d9feea05f936c858178159 |
|
08-Feb-2016 |
Paul Crowley <paulcrowley@google.com> |
Password security for FBE disk encryption keys Added a new call change_user_key which changes the way that disk encryption keys are protected; a key can now be protected with a combination of an auth token and a secret which is a hashed password. Both of these are passed to unlock_user_key. This change introduces a security bug, b/26948053, which must be fixed before we ship. Bug: 22950892 Change-Id: Iac1e45bb6f86f2af5c472c70a0fe3228b02115bf
/system/vold/Ext4Crypt.cpp
|
0754a45539de941e278c82898d83d26b6ba95b5e |
|
08-Feb-2016 |
Jeff Sharkey <jsharkey@android.com> |
Emulation fixes: mics dirs, recover after disable. Add new misc directories to list of paths that we lock/unlock in emulation mode. When booting a device without native-FBE and without emulation, make sure we "unlock" any emulated settings on user 0; MountService handles this for secondary users later during boot. Bug: 27069522 Change-Id: I15c7cf00a7231ce99b2e4e11a25106d7b87e70cc
/system/vold/Ext4Crypt.cpp
|
47695b29af0467dd8e18f5534e3b62e39326d7e1 |
|
02-Feb-2016 |
Jeff Sharkey <jsharkey@android.com> |
Allow callers to prepare CE/DE user storage. Give callers the option of preparing CE and/or DE storage. The framework will only prepare CE storage after the CE keys have been unlocked for that user. When init is calling enablecrypto, kick off the work in a thread so that we can make other calls back into vold without causing deadlock. Leaves blocking call intact for framework callers. Clean up 'vdc' tool to send useful transaction numbers, and actually watch for the matching result to come back. This fixes race conditions when there are multiple 'vdc' callers. Also add other system and misc directories to match spec. Bug: 25796509 Change-Id: Ie4f853db6e387916b845d2b5fb92925d743b063d
/system/vold/Ext4Crypt.cpp
|
f10544df96652ebe457c93a91075da0b3bc6b550 |
|
04-Feb-2016 |
Paul Lawrence <paullawrence@google.com> |
Remove unencrypted_properties Change-Id: I5728f03dbde6621e410efcda1d93054915793407
/system/vold/Ext4Crypt.cpp
|
5a06a6481bff8916bf366bf9e951ab5c6a405207 |
|
03-Feb-2016 |
Paul Lawrence <paullawrence@google.com> |
Fix minor issues with previous change New style logging Remove set/get field from e4crypt Save keys to temp file then rename See https://googleplex-android-review.git.corp.google.com/#/c/858922/ Change-Id: I454c3f78489b491ffc1230a70dce64935e4e0f8a
/system/vold/Ext4Crypt.cpp
|
aec34dfb1d3988c1154534a24aacd950193f8f9f |
|
03-Feb-2016 |
Paul Lawrence <paullawrence@google.com> |
Use consistent method for device key Change-Id: I420f548115c1b55e62b193c60d569fdda518af1a
/system/vold/Ext4Crypt.cpp
|
7b6b565fa0d3658be8dc021f1beee5024d54b8c0 |
|
02-Feb-2016 |
Paul Lawrence <paullawrence@google.com> |
Remove support for non-default root passwords in FBE Change-Id: Ie179cb09f9f24382afd0fe0f3aa2a1ad943a7f5d
/system/vold/Ext4Crypt.cpp
|
b92f83c0512bfb93e85d6cd8d6efd6681017664c |
|
01-Feb-2016 |
Paul Crowley <paulcrowley@google.com> |
Add support for per-user DE keys. FBE devices need a factory reset after this change. Bug: 26704408 Change-Id: I150b82a13a4a007d9a8997ef6a676e96576356b2
/system/vold/Ext4Crypt.cpp
|
b1f3d242dd095b307a756fda2798e441e791e039 |
|
28-Jan-2016 |
Paul Crowley <paulcrowley@google.com> |
Refactor of Ext4Crypt.cpp in preparation for DE keys Mainly a refactor, but with a substantive change: Keys are created in a temporary location, then moved to their final destination, for atomicity. Bug: 26704408 Change-Id: I0b2dc70d6bfa1f8a65536dd05b73c4b36a4699cf
/system/vold/Ext4Crypt.cpp
|
8fb12fd8359a9af7228e05a37cf0ef59f43d6991 |
|
01-Feb-2016 |
Paul Crowley <paulcrowley@google.com> |
Add init_user0 command. Change-Id: Icf746ec1968a073fde707ecc788b648f5803fd38
/system/vold/Ext4Crypt.cpp
|
ea62e26ad3cc3e6a522cb4a711f34848ba65385a |
|
28-Jan-2016 |
Paul Crowley <paulcrowley@google.com> |
Create disk encryption keys only when FBE enabled Our code for creating disk encryption keys doesn't work everywhere, and it doesn't need to; only on platforms that support FBE. Don't create them elsewhere. Bug: 26842807 Change-Id: I686d0ffd7cb3adbddfce661c22ce18f66acb1aba
/system/vold/Ext4Crypt.cpp
|
13ffd8ef7a02a1b4b4d9a74f45d4a5bb6b814313 |
|
27-Jan-2016 |
Paul Crowley <paulcrowley@google.com> |
Improvements to the key storage module The key storage module didn't comply with Android coding standards and had room for improvemnet in a few other ways, so have cleaned up. Change-Id: I260ccff316423169cf887e538113b5ea400892f2
/system/vold/Ext4Crypt.cpp
|
1ef255816c50e462acc23383a9ff747c5f55c4ff |
|
21-Jan-2016 |
Paul Crowley <paulcrowley@google.com> |
Use a keymaster-based key storage module Instead of writing raw keys, encrypt the keys with keymaster. This paves the way to protecting them with auth tokens and passwords later. In addition, fold in the hash of a 16k file into their encryption, to ensure secure deletion works properly. Now even C++ier! Bug: 22502684 Bug: 22950892 Change-Id: If70f139e342373533c42d5a298444b8438428322
/system/vold/Ext4Crypt.cpp
|
a042cb5761f4bf954645b404ae5bb0a0d5b583fd |
|
21-Jan-2016 |
Paul Crowley <paulcrowley@google.com> |
Don't fail on unlock if we're not even emulating FBE As a precaution, we do the work of emulating an unlock even on devices that aren't emulating FBE. However, we don't care if it fails, so don't fail the calling command in that instance. Bug: 26713622 Change-Id: I8c5fb4b9a130335ecbb9b8ea6367f1c59835c0f1
/system/vold/Ext4Crypt.cpp
|
285956fe11de221f850e5bf63b071bd8f53bfd10 |
|
20-Jan-2016 |
Paul Crowley <paulcrowley@google.com> |
Rework FBE crypto to match the N way of doing things Major rework and refactor of FBE code to load the keys at the right time and in a natural way. The old code was aimed at our goals for M, with patches on top, and didn't quite work. Bug: 22358539 Change-Id: I9bf7a0a86ee3f2abf0edbd5966f93efac2474c2c
/system/vold/Ext4Crypt.cpp
|
7a9dd95cbc969fa21dfe4c1bbcac3315e47d81a4 |
|
13-Jan-2016 |
Jeff Sharkey <jsharkey@android.com> |
Offer to enforce "locked" state using SELinux. Bug: 26466827 Change-Id: Id5f05298c2cb5f3cf288df37ddf0a196ca49949b
/system/vold/Ext4Crypt.cpp
|
d2d7bffd0c666bd3dc67364b36480e57a1913571 |
|
19-Dec-2015 |
Jeff Sharkey <jsharkey@android.com> |
Create /data/media directory for new users. Otherwise later unlock commands will fail. Bug: 26267450 Change-Id: I090ac3a3fd4ac6d49290906e21d88f1efcdec421
/system/vold/Ext4Crypt.cpp
|
9ad4369ce87cb445ea126a8a803e2b42c2c5ea2f |
|
11-Dec-2015 |
Lenka Trochtova <ltrochtova@google.com> |
Fix a bug in passing parameters to prepare_user_storage. Add the serial parameter to prepare_user_storage to avoid confusion when parsing parameters and passing them around. Change-Id: Id5516c248401ad50585aa8f6e8b1545a6cded549
/system/vold/Ext4Crypt.cpp
|
27cbce9214f2861b800fe48f5649f557b03a289c |
|
10-Dec-2015 |
Paul Crowley <paulcrowley@google.com> |
Rename functions with a system/extras name collision. Following around the call graph in code search is hard enough as it is! Change-Id: I09d3513664423aafe0d99f9158acfbbb6c79b590
/system/vold/Ext4Crypt.cpp
|
ff9097f560c53bcd91880a724c007afbff88d515 |
|
10-Dec-2015 |
Paul Lawrence <paullawrence@google.com> |
Fix create_user_key to take 3 params Change-Id: Ied03e2ee404a1b4f386740213e6ab01f18ec09b9
/system/vold/Ext4Crypt.cpp
|
395039f0070abed5f6b3617786956ee3e62fe9b5 |
|
25-Nov-2015 |
Lenka Trochtova <ltrochtova@google.com> |
Introduce support for ephemeral users. BUG: 24883058 Change-Id: I77d4757f87214166e7c41c7eb0d06b1cd5f06b20
/system/vold/Ext4Crypt.cpp
|
fc505c3ff6c1ba3a061e7e8b3f2236be90712a80 |
|
08-Dec-2015 |
Jeff Sharkey <jsharkey@android.com> |
Emulate media encryption, always chmod to unlock. When FBE emulation is enabled, lock/unlock the media directories that store emulated SD card contents. Change unlocking logic to always chmod directories back to known state so that we can recover devices that have disabled FBE emulation. Bug: 26010607, 26027473 Change-Id: I6d4bff25d8ad7b948679290106f585f777f7a249
/system/vold/Ext4Crypt.cpp
|
6bf0547ccce72233bd465178b919fa7f15e48b45 |
|
05-Dec-2015 |
Elliott Hughes <enh@google.com> |
resolve merge conflicts of b7d5a47cec to master. Change-Id: I0c5211a00d92d0ee796bb9c77d2e13675a2a3e8d
|
7e128fbe212c64492afa98bfd6d7fab6f1956831 |
|
05-Dec-2015 |
Elliott Hughes <enh@google.com> |
Track rename from base/ to android-base/. Change-Id: I3096cfa50afa395d8e9a8043ab69c1e390f86ccb
/system/vold/Ext4Crypt.cpp
|
a597d0a4248dded627b2cf71ca5f9f3bcd12f033 |
|
30-Nov-2015 |
Jeff Sharkey <jsharkey@android.com> |
Use the right system property name. Bug: 22358539 Change-Id: I0bf9719a2b54acbde80f3c911988724581447b0c
/system/vold/Ext4Crypt.cpp
|
c79fb89a10ea9bc3b0f1f9c7caa809a705989479 |
|
13-Nov-2015 |
Jeff Sharkey <jsharkey@android.com> |
Switch to new FBE emulation property. Also prepare CE/DE storage directories for owner user at boot. Bug: 22358539 Change-Id: I76228952c990ebed83360c69ef36321b99114196
/system/vold/Ext4Crypt.cpp
|
5512c50c0982958b9737ebe339084038932530e5 |
|
16-Nov-2015 |
Paul Crowley <paulcrowley@google.com> |
Merge "Add --no-unlink option to secdiscard for testing."
|
d2c96e788381a6c8dd87cbf9ecd7e8a6bc7337c2 |
|
09-Nov-2015 |
Jeff Sharkey <jsharkey@android.com> |
New granular encryption commands for framework. We now have separate methods for key creation/destruction and unlocking/locking. Key unlocking can pass through an opaque token, but it's left empty for now. Extend user storage setup to also create system_ce and user_de paths. Bring over some path generation logic from installd. Use strong type checking on user arguments. Bug: 22358539 Change-Id: I00ba15c7b10dd682640b3f082feade4fb7cbbb5d
/system/vold/Ext4Crypt.cpp
|
5ab73e945d59472ed47ea2e0deee613c958d800c |
|
03-Jul-2015 |
Paul Crowley <paulcrowley@google.com> |
Add --no-unlink option to secdiscard for testing. Also allow deletion of multiple files in one invocation. Change-Id: I5011bf45f2d3b91964bc68fd8e61ec037e1de2ca
/system/vold/Ext4Crypt.cpp
|
480fcd2750c1d30f3397d1f3152519a11f60990b |
|
24-Aug-2015 |
Paul Crowley <paulcrowley@google.com> |
Set uid/gid of newly created user dirs to system/system. Bug: 23395513 Change-Id: I3d76b77339f995103c0aec09c6de77b3c8cdc0dd
/system/vold/Ext4Crypt.cpp
|
9336348200758d067fed164368636521b4e58621 |
|
07-Jul-2015 |
Paul Crowley <paulcrowley@google.com> |
Evict the key before we delete it. Change-Id: I9eef440a1f406c2c73c859f5ae7cee35f6a36ca4
/system/vold/Ext4Crypt.cpp
|
cd307b7c6301593727892d1fa9bb92aadb5fdaca |
|
19-May-2015 |
Paul Crowley <paulcrowley@google.com> |
Scrub the key from the disk with BLKSECDISCARD. Bug: 19706593 (cherry-picked from commit 8d0cd7ffd903a753c6bb5c6f33987a7a66621cef) Change-Id: Ieea73da233fe53767b5adcdb4d49f9bb00fedac1
/system/vold/Ext4Crypt.cpp
|
b33e8873ea78b92e536aa33f48130a91ca150f0c |
|
19-May-2015 |
Paul Crowley <paulcrowley@google.com> |
Add "cryptfs deleteuserkey" command to vold. Bug: 19706593 (cherry-picked from commit eebf44563bf9c6f2795442e8d2bc886e4eb3bbbe) Change-Id: I50dc4c39595c06bf0016d6a490130bbbc25de91b
/system/vold/Ext4Crypt.cpp
|
95376d612c91236c8cd751b9af02c9aa57f4870f |
|
06-May-2015 |
Paul Crowley <paulcrowley@google.com> |
Add vold commands for setting up per-user encrypted user directories Bug: 19704432 (cherry-picked from commit 75a5202d9f65747edabb1dd0ebd50a779d4142c2) Change-Id: I733e8745ec21f8e53c2cc6d8a98313275db7d897
/system/vold/Ext4Crypt.cpp
|
f25a35a1c98d4fac118ee9abe34d6bbf2d3a2201 |
|
06-May-2015 |
Paul Crowley <paulcrowley@google.com> |
Break key installation into its own function so we can install non-master keys. Bug: 19704432 (cherry-picked from commit 1da96dc549b86a1c7ec02d7a808a9532cdcb5fe7) Change-Id: I762e8f6c927db3a337fa8ce6bd428262d9e05c7a
/system/vold/Ext4Crypt.cpp
|
86c942a2537701a90b88768eab4648c0650dfad1 |
|
06-May-2015 |
Paul Lawrence <paullawrence@google.com> |
DO NOT MERGE Delete password as per block encryption (cherry-picked from commit 00f4aade5c172534c16070540d1c6c26d0a78c84) Bug: 18151196 Change-Id: Iee0f932c61ff4a309dc2861725b24bf976adb4c7
/system/vold/Ext4Crypt.cpp
|
0d9cd9e9cf39e1cdb06565de6c4e11ff244b2a3a |
|
06-May-2015 |
Paul Lawrence <paullawrence@google.com> |
DO NOT MERGE Fix problem that reading/writing crypto footers wasn't identity (cherry-picked from commit 75c922f49b593f3203ee59c33d00ccb5b3b66ca8) Bug: 18151196 Change-Id: Ideef6bcdbccf068a64ed3e042be50c4837a373f8
/system/vold/Ext4Crypt.cpp
|
2f32cda63bf5c86db880d36029a27c8597fb5e3c |
|
05-May-2015 |
Paul Lawrence <paullawrence@google.com> |
DO NOT MERGE Retry unmounts in ext4 encryption (cherry-picked from commit 29b54aab8ee2d08e2129832364f9b719dd17fa4e) Bug: 18151196 Change-Id: I52ca23b2ce3adcff44bd003d4a12243a0bd6ac34
/system/vold/Ext4Crypt.cpp
|
b7f0702ea6cc32c58540d596016c2dabd8ba3541 |
|
05-May-2015 |
Paul Lawrence <paullawrence@google.com> |
DO NOT MERGE Use default key permissions for ext4enc (cherry-picked from commit 1190a26f6d7dd34bf10ffc7b367b374d5e591146) As per discussion default permissions are the correct ones. Note that since we use logon keys, they cannot be read outside the kernel. Note also that we limit who can read/write keys in selinux policy. Bug: 18151196 Change-Id: Icc916f430a70eff22e6b74c20ec361c8f3789c1c
/system/vold/Ext4Crypt.cpp
|
a56d3134b03a3756a740aa909aa3d72643196842 |
|
05-May-2015 |
Paul Lawrence <paullawrence@google.com> |
DO NOT MERGE Simplify password checking logic (cherry-picked from commit aaccfac3442ab48f5f94603c07427cc1bb00e12d) Bug: 18151196 Change-Id: I07ffde534dee7d1032149cfcbaa1a61c5246d759
/system/vold/Ext4Crypt.cpp
|
368d79459e8d30474dd5cbc414623c1e2f78ee98 |
|
15-Apr-2015 |
Paul Lawrence <paullawrence@google.com> |
DO NOT MERGE Enable properties in ext4enc (cherry-picked from 4e7274551c93e1c064648409f52ca430da647050) Enables OwnerInfo and pattern suppression Bug: 18151196 Change-Id: I46144e16cb00319deeb5492ab82c67f5dd43d6d3
/system/vold/Ext4Crypt.cpp
|
c78c71b1717613a5be921bbb8ac63c007d4af86a |
|
15-Apr-2015 |
Paul Lawrence <paullawrence@google.com> |
DO NOT MERGE Check password is correct by checking hash (cherry-picked from commit 3ca21e227a2e1ed01138a29f450917290a9d1e6e) Handle failures gracefully Change-Id: Ifb6da8c11a86c50fb11964c18cc1be1326461f78
/system/vold/Ext4Crypt.cpp
|
fd7db732434eb41fda69a353053bcb7aab259529 |
|
10-Apr-2015 |
Paul Lawrence <paullawrence@google.com> |
DO NOT MERGE New ext4enc kernel switching from xattrs to ioctl (cherrypicked from commit 5e7f0042318156ef39c1e4641613f3191ea85b4a) This is one of three changes to enable this functionality: https://android-review.googlesource.com/#/c/146259/ https://android-review.googlesource.com/#/c/146264/ https://android-review.googlesource.com/#/c/146265/ Bug: 18151196 Change-Id: Iba5146b8be1e15050ae901e08b3aaa26d96dcf7e
/system/vold/Ext4Crypt.cpp
|
731a7a242df6cc3441ac82b4f9521546fac5ac2d |
|
29-Apr-2015 |
Paul Lawrence <paullawrence@google.com> |
DO NOT MERGE Securely encrypt the master key (cherry-picked from commit 707fd6c7cccc31c0ab0ec1a6ac8b6077c632fc35) Move all key management into vold Reuse vold's existing key management through the crypto footer to manage the device wide keys. Use ro.crypto.type flag to determine crypto type, which prevents any issues when running in block encrypted mode, as well as speeding up boot in block or no encryption. This is one of four changes to enable this functionality: https://android-review.googlesource.com/#/c/148586/ https://android-review.googlesource.com/#/c/148604/ https://android-review.googlesource.com/#/c/148606/ https://android-review.googlesource.com/#/c/148607/ Bug: 18151196 Change-Id: I3c68691717a61b5e1df76423ca0c02baff0dab98
/system/vold/Ext4Crypt.cpp
|