| f8d604caf3f9bf0aed9ef070c40933a94016232b |
|
27-Apr-2017 |
Rubin Xu <rubinxu@google.com> |
Add secdiscard command for secure deletion of files
This is used by LockSettingsService to delete sensitive credential files.
Bug: 34600579
Test: manual - change device lock under synthetic password, verify
old data on disk is erased.
Change-Id: I5e11b559ad8818bd2ad2b321d67d21477aab7555
Merged-In: I5e11b559ad8818bd2ad2b321d67d21477aab7555
/system/vold/Ext4Crypt.cpp
|
| c40996e71915fe86775bf79cea405dc7d558f792 |
|
30-Apr-2017 |
TreeHugger Robot <treehugger-gerrit@google.com> |
Merge "Revert "Revert "Stop dropping caches now we have kernel fix""" into oc-dev
|
| c6bf7c7544b2ea057aba3f2a41652bad0d165e16 |
|
28-Apr-2017 |
Daniel Rosenberg <drosen@google.com> |
Revert "Revert "Stop dropping caches now we have kernel fix""
This reverts commit 8ad0bef7b5b1b6e1ba3afe441d2dcc9a06e782a7.
Bug: 37231161
Test: Boot device with FBE enabled. ls /storage/emulated/0/Android
Unlock device. ls /storage/emulated/0/Android
1st will not be found. Second should be found.
Change-Id: I92c7ad0adaa7bd357e10661a47cc667ac0ff84b4
Merged-In: I92c7ad0adaa7bd357e10661a47cc667ac0ff84b4
/system/vold/Ext4Crypt.cpp
|
| 392c4dbdc1a0220f35d5c34d5c61f8a8197d175f |
|
05-Apr-2017 |
Yong Yao <yong.yao@intel.com> |
Fix keyname generation issue
The keyname binded to keyring return a wrong string when there are binary char larger than 127,
the sign extension will introduce unexpect FFFFFF string to the keyname.
Bug: 36975893
Test: local build
Change-Id: Iba2f6ef95aeacd08c8d6c72b71e7b92e956ec3fc
Signed-off-by: Ai, Ting A <ting.a.ai@intel.com>
/system/vold/Ext4Crypt.cpp
|
| 8ad0bef7b5b1b6e1ba3afe441d2dcc9a06e782a7 |
|
20-Apr-2017 |
Daniel Rosenberg <drosen@google.com> |
Revert "Stop dropping caches now we have kernel fix"
This reverts commit 6abe6831b59a56145cdd28445cd46fa3c79ecb92.
Bringing this back temporarily for the same issue on sdcardfs.
Will remove once the kernel issue is resolved.
Change-Id: Ia29ea4fddb7777012a2eea9259f9ac856773fe01
Bug: 37231161
Test: Boot device with FBE enabled. ls /storage/emulated/0/Android
Unlock device. ls /storage/emulated/0/Android
1st will not be found. Second should be found.
/system/vold/Ext4Crypt.cpp
|
| fa4039b1620987d82f119576cbdfaf503cd4e2b5 |
|
04-Apr-2017 |
Eric Biggers <ebiggers@google.com> |
vold: unlink ext4 encryption keys rather than revoking them
Unlinking keys rather than revoking them avoids bugs in certain kernel
versions without having to hack around the problem with an arbitrary 20
second delay, which is not guaranteed to be sufficient and has caused
full device hangs like in b/35988361.
Furthermore, in the context of filesystem encryption, unlinking is not
currently supposed to be any less secure than revoking. There was a
case where revoking (but not unlinking) keys will cause the filesystem
to deny access to files that were previously opened with that key.
However, this was a means of _access control_, which encryption is not
intended to be used for. Instead, file permissions and/or SELinux
should be used to enforce access control, while filesystem encryption
should be used to protect data at rest independently from access
control. This misfeature has also been removed upstream (and backported
to 4.4-stable and 4.9-stable) because it caused CVE-2017-7374.
Eventually we'd really like to make the kernel support proper revocation
of filesystem encryption keys, i.e. fully clearing all key material and
plaintext and safely waiting for any affected filesystem operations or
writeback to complete. But for now this functionality does not exist.
('sync && echo 3 > /proc/sys/vm/drop_caches' can be useful, but it's not
good enough.)
Bug: 35988361
Change-Id: Ib44effe5368cdce380ae129dc4e6c6fde6cb2719
(cherry picked from commit fd7ba5e4c61691d8a45bc729b7659940a984bab0)
/system/vold/Ext4Crypt.cpp
|
| 4c4958d706d779daec0852bb254c2766396be71f |
|
07-Mar-2017 |
Calin Juravle <calin@google.com> |
Merge "Vold: Clean up code related to foreign dex use" am: 61a7d1a815 am: aaa95fbdfe
am: 0a8d4511c8
Change-Id: I3a84eca8a285bed3ec42c8744db8974e0109fb65
|
| 3a68f141927a8a473b1e7aca11fb1b20ddda77b3 |
|
04-Mar-2017 |
Calin Juravle <calin@google.com> |
Vold: Clean up code related to foreign dex use
We simplified the way we track whether or not a dex file is used by
other apps. DexManger in the framework keeps track of the data and we
no longer need file markers on disk.
Test: device boots, foreign dex markers are not created anymore
Bug: 32871170
Change-Id: Id0360205b019be92049f36eab4339f4736e974f4
/system/vold/Ext4Crypt.cpp
|
| b45caafbccbb743c8b01a5287188969883dec377 |
|
02-Feb-2017 |
Eric Biggers <ebiggers@google.com> |
vold: allow specifying HEH filenames encryption
Make the vold changes needed to support specifying aes-256-heh filenames
encryption. The previous mode, aes-256-cts, remains supported as well.
The file /data/unencrypted/mode is updated to have the syntax
contents_encryption_mode[:filenames_encryption_mode] instead of just
contents_encryption_mode. This is consistent with the new fstab syntax.
Bug: 34712722
Change-Id: Ibc236d0ec4fdeda4e4e301f45fb996317692cfa3
/system/vold/Ext4Crypt.cpp
|
| 7ec25c715f835c741d51a7ec0fd7b28220543364 |
|
31-Oct-2016 |
Andrew Scull <ascull@google.com> |
Evict CE keys on request or when a user is removed.
A work around for a kernel bug is needed to avoid the phone locking up
and turning into a hand warmer.
Test: com.android.cts.devicepolicy.ManagedProfileTest#testLockNowWithKeyEviction*
Bug: 31000719
Change-Id: Ia2121b3e3c22b10351296fa998892a91e601bb2c
/system/vold/Ext4Crypt.cpp
|
| 4f70554179273c1ec8ec4f502382334f584a4e40 |
|
28-Oct-2016 |
Paul Crowley <paulcrowley@google.com> |
Merge "Remove misleading comment (b/26948053)"
am: dbeebf56aa
Change-Id: I6e63f700ecd9cad50956cc2a1cc34b4f81b1a497
|
| 99360d76e548dcf4301669ad7763c90347615861 |
|
19-Oct-2016 |
Paul Crowley <paulcrowley@google.com> |
Remove misleading comment (b/26948053)
Vold is considered part of our trusted computing base, and
compromising vold is already identified as a complete device
compromise. While storing keys only in the kernel would be better, the
current setup does not introduce a security bug or worsen any security
control.
Bug: 26948053
Test: Comment-only change.
Change-Id: Ib5436f4386769ec44b74dc6b50fbcc0fed99b96b
/system/vold/Ext4Crypt.cpp
|
| 985d0805e7f04e45e02fcdce340ccd438ce76d0b |
|
11-Oct-2016 |
Tao Bao <tbao@google.com> |
Merge "Update the header path for ext4_utils." am: 6a18a6ddb5 am: 4759d1d637
am: e85d4467f5
Change-Id: I78ef6034fc2586383e70345bcd186875528c9ffc
|
| 989fec27690758ad1e6c521713f1a88c50c9c857 |
|
06-Oct-2016 |
Tao Bao <tbao@google.com> |
Update the header path for ext4_utils.
Test: mmma system/vold
Change-Id: I805b8874b05b8043390c2cd3c143cc469913c067
/system/vold/Ext4Crypt.cpp
|
| 25a713873c8f8d37f7ebbadfbf1ebfaf4bac106b |
|
26-Jul-2016 |
Paul Crowley <paulcrowley@google.com> |
Don't try to fixate CE keys for ephemeral users
Ephemeral users don't have keys stored on disk at all, so it's neither
necessary nor possible to manipulate the disk keys here.
Bug: 30038313
Change-Id: Idc7ec1bfe1e8a6ffa6cee2f284dbe378097b08da
/system/vold/Ext4Crypt.cpp
|
| ab0b56aef33f04f4d7a352d5790b2d9cd9e7d6d3 |
|
20-Jul-2016 |
Paul Crowley <paulcrowley@google.com> |
Don't fail if a key we want to delete is already deleted
This can happen when cleaning up stale users at boot time.
Bug: 30158800
Change-Id: I2733d8d525fc79b7f05eb2225b7e6e14c4da277f
/system/vold/Ext4Crypt.cpp
|
| abc253884fbd846c5a08122e16e7957cb9be738f |
|
20-Jul-2016 |
Paul Crowley <paulcrowley@google.com> |
Don't evict keys when we delete users
Work around a kernel bug that was causing lockups.
Bug: 30225438
Change-Id: Ia6eb60774037e692351af8eaed98b79596ea3635
/system/vold/Ext4Crypt.cpp
|
| d24aeda425196a7ab0a19c00bc9a4ced6383432b |
|
16-Jul-2016 |
Jeff Sharkey <jsharkey@android.com> |
Only restorecon CE storage after unlocked.
On FBE devices, the filenames inside credential-encrypted directories
are mangled until the key is installed. This means the initial
restorecon at boot needs to skip these directories until the keys
are installed.
This CL uses an existing facility to request that init run a
recursive restorecon over a given path, and it requests that
operation for the CE directories that would have been omitted by
the SKIPCE flag earlier during boot.
Bug: 30126557
Change-Id: I8c7abea27215075a091f615a7185a82a2f4a4a95
/system/vold/Ext4Crypt.cpp
|
| 6abe6831b59a56145cdd28445cd46fa3c79ecb92 |
|
22-Jun-2016 |
Paul Lawrence <paullawrence@google.com> |
Stop dropping caches now we have kernel fix
Only merge once
https://partner-android-review.googlesource.com/#/c/619829/1
has been merged into kernel.
Bug: 28779973
Change-Id: Icef78d1e4381e89e07797c36f6f650033d313557
/system/vold/Ext4Crypt.cpp
|
| 6e410597343716924ed4943d1eabd3dea614d325 |
|
24-May-2016 |
Paul Lawrence <paullawrence@google.com> |
Set encryption mode in mode file
Bug: 28905864
Change-Id: Ie2a5c3e029075d53a86ef3afb7fe364c16d8d52b
/system/vold/Ext4Crypt.cpp
|
| 3ae29e774038b423618a1618c0056108db77759e |
|
24-May-2016 |
Paul Lawrence <paullawrence@google.com> |
Revert "Add fileencrypted=software/ice to fstab options"
This reverts commit 01f1bc725475098e5ae07fd8f440abcd55b154c4.
Bug: 28905864
Change-Id: I489f5d073530438829038630af7af6b2a5cbdbbe
/system/vold/Ext4Crypt.cpp
|
| 8fd77a05ccccc86be7da7b2f61e6580f0f20eb42 |
|
19-May-2016 |
Paul Crowley <paulcrowley@google.com> |
Two phases to set the password for disk encryption
am: a363036b44
* commit 'a363036b44f7f140aa9a943578f56abff5880a60':
Two phases to set the password for disk encryption
Change-Id: Ia28823079d8c0bda220238339f28095b234a0ae5
|
| a363036b44f7f140aa9a943578f56abff5880a60 |
|
17-May-2016 |
Paul Crowley <paulcrowley@google.com> |
Two phases to set the password for disk encryption
Revert "Revert "Two phases to set the password for disk encryption""
This reverts commit d402389290eeef86be7eb9241e20fdd125d44eb1.
In addition, fix the bug in the original commit.
Bug: 28154455
Bug: 28694324
Change-Id: I885f1d73e739416347c135d79979941c2bbdbe62
/system/vold/Ext4Crypt.cpp
|
| 01f1bc725475098e5ae07fd8f440abcd55b154c4 |
|
05-May-2016 |
Paul Lawrence <paullawrence@google.com> |
Add fileencrypted=software/ice to fstab options
Bug: 28616054
Change-Id: If3fddd62f069c7e3e8369a1db68e69c390059d63
/system/vold/Ext4Crypt.cpp
|
| 44ddebaac0465a9a88b68ca04bbb69b576a0d067 |
|
11-May-2016 |
Paul Crowley <paulcrowley@google.com> |
Merge "e4crypt_is_native has been moved into system/extras." into nyc-dev
am: cfa03d4a4c
* commit 'cfa03d4a4c53acf41dca2c41a2efd00de06043bb':
e4crypt_is_native has been moved into system/extras.
Change-Id: I345475c44fb2d8812a25c9f2195c748cddc55bfe
|
| cfa03d4a4c53acf41dca2c41a2efd00de06043bb |
|
11-May-2016 |
Paul Crowley <paulcrowley@google.com> |
Merge "e4crypt_is_native has been moved into system/extras." into nyc-dev
|
| 26642bf7bf8f645f3d10fe0d36149d5f8b3b92fb |
|
10-May-2016 |
Paul Crowley <paulcrowley@google.com> |
Revert "Two phases to set the password for disk encryption"
am: d402389290
* commit 'd402389290eeef86be7eb9241e20fdd125d44eb1':
Revert "Two phases to set the password for disk encryption"
Change-Id: I53a3804fc7bff9c99840aeee36fc4b7ff8e46ac1
|
| d402389290eeef86be7eb9241e20fdd125d44eb1 |
|
10-May-2016 |
Paul Crowley <paulcrowley@google.com> |
Revert "Two phases to set the password for disk encryption"
This reverts commit 92c5eeb46779f0fa1c9e6db6b0d632d960cbb2e4.
Bug: 28694324
Change-Id: Ibbbaff287f4dd28f4a13e122a3617987a8875a44
/system/vold/Ext4Crypt.cpp
|
| 4d2d5244d68e907feb58167b3ee9b40288927247 |
|
27-Apr-2016 |
Paul Crowley <paulcrowley@google.com> |
e4crypt_is_native has been moved into system/extras.
Bug: 28318405
Change-Id: Id962764cf7fb5f58b769bf99aeb6d3d69cb66991
/system/vold/Ext4Crypt.cpp
|
| 4e44272c3d1e2f5c0040acefc3812781aeea1736 |
|
09-May-2016 |
Paul Crowley <paulcrowley@google.com> |
Two phases to set the password for disk encryption
am: 92c5eeb467
* commit '92c5eeb46779f0fa1c9e6db6b0d632d960cbb2e4':
Two phases to set the password for disk encryption
Change-Id: I82c1cfa2874ac4709e42f5c2047c832cbcaccb91
|
| 92c5eeb46779f0fa1c9e6db6b0d632d960cbb2e4 |
|
22-Apr-2016 |
Paul Crowley <paulcrowley@google.com> |
Two phases to set the password for disk encryption
In one phase, we make the new password work, and in the second we make
it the only one which works ("fixation"). This means that we can set
the password in Gatekeeper between these two phases, and a crash
doesn't break things. Unlocking a user automatically fixates the
presented credential.
Bug: 28154455
Change-Id: I54623c8652f0c9f72dd60388a7dc0ab2d48e81c7
/system/vold/Ext4Crypt.cpp
|
| 85e3d8cd50c540b1a4827bd179e3b8b609731e61 |
|
26-Apr-2016 |
Paul Lawrence <paullawrence@google.com> |
Drop caches after installing key policy to avoid cache clashes
Note that this is an ugly workaround for a kernel bug.
Bug: 28373400
Change-Id: Iec1ae53f4e18f06e41e8cf1fcc3ab03fc9848632
/system/vold/Ext4Crypt.cpp
|
| be70c9ae2251ac8f3bfbbe75146f8c533d64e01b |
|
15-Apr-2016 |
Jeff Sharkey <jsharkey@android.com> |
Consistent creation/destruction of user data.
Preparing and destroying users currently needs to be split across
installd, system_server, and vold, since no single party has all the
required SELinux permissions.
Bug: 27896918, 25861755
Change-Id: Ieec14ccacfc7a3a5ab00df47ace7318feb900c38
/system/vold/Ext4Crypt.cpp
|
| 71ee662ec3f82db66f1a34579aff75cc27d4b205 |
|
25-Mar-2016 |
Paul Crowley <paulcrowley@google.com> |
Don't fail if the CE key isn't loaded in destroy_user_key
Users don't have to be unlocked to be deleted, so don't worry if we
don't have their key to evict.
Bug: 26847403
Bug: 27441228
Change-Id: Ifd93f620926630aa102a3bb4a5d2d45d34f9b75d
/system/vold/Ext4Crypt.cpp
|
| df528a7011b302c91579898c4a37361214ab05bb |
|
09-Mar-2016 |
Paul Crowley <paulcrowley@google.com> |
Run clang-format over ext4crypt related code
The formatting here is inconsistent with Android house style; use
clang-format to bring it back into line.
Change-Id: Id1fe6ff54e9b668ca88c3fc021ae0a5bdd1327eb
/system/vold/Ext4Crypt.cpp
|
| a051eb7a22b7cd97e66d2f22b64884f8ebc73952 |
|
09-Mar-2016 |
Paul Crowley <paulcrowley@google.com> |
Use pointers not references for out arguments
Google/Android C++ style requires that arguments passed in for writing
should be pointers, not references, so that it's visible in the caller
that they'll be written to.
Bug: 27566014
Change-Id: I5cd55906cc4b2f61c8b97b223786be0b3ce28862
/system/vold/Ext4Crypt.cpp
|
| d9b9295b8c2f17448f4eb3ea2c6f7d4a5c207c3f |
|
04-Mar-2016 |
Paul Crowley <paulcrowley@google.com> |
Fix memory leak in generate_key wrapper. Other fixes.
- catch errors in looking for the keyring
- static_assert to prevent a buffer overrun
- remove obsolete, misleading comment
- dial down priority of some log messages
- explain why we ignore some errors
- idiomatic C++11
Bug: 27552432
Change-Id: Ic3ee05b41eae45e7c6b571a459b326a483663526
/system/vold/Ext4Crypt.cpp
|
| ad8e26297b07f26376bd3125b11ae280304c22e8 |
|
02-Mar-2016 |
Paul Crowley <paulcrowley@google.com> |
Merge "Use a proper key length for the mode." into nyc-dev
|
| 2199069aca9df1064ced73fa5803bba524ab1f0d |
|
02-Mar-2016 |
Paul Crowley <paulcrowley@google.com> |
Use a proper key length for the mode.
Bug: 27440526
Change-Id: I818450252dcd39f21948fc2e70856659eba5f50f
/system/vold/Ext4Crypt.cpp
|
| d1ee944f0839d60b014722c7facbb4a66bd4f2c3 |
|
02-Mar-2016 |
Calin Juravle <calin@google.com> |
Prepare profile directories only for the internal storage
Bug: 27444691
Change-Id: I0d30e8883fe655c90cda47ab167a878764ea0802
/system/vold/Ext4Crypt.cpp
|
| 493f5aa16075eec6948f476b3fe0d29de063ee85 |
|
24-Feb-2016 |
Calin Juravle <calin@google.com> |
Create profile folder for foreign dex markers.
This is a special profile folder where apps will leave profile markers
for the dex files they load and don't own. System server will read the
markers and decide if the apks should be fully compiled instead of
profile guide compiled.
Bug: 27334750
Bug: 26080105
Change-Id: Ib18f20cf78a8dbfc465610ec6ceec52699c5420a
/system/vold/Ext4Crypt.cpp
|
| 79f55a461f1edf90b769824c6a69dcb520614d83 |
|
17-Feb-2016 |
Calin Juravle <calin@google.com> |
Prepare user profile folder
Bug: 26719109
Bug: 26563023
Change-Id: I4737b7f73df74b2b787a62db2e231f136115b359
/system/vold/Ext4Crypt.cpp
|
| ad2eb644132bde9f821e35dc18cbcfed5db3662b |
|
10-Feb-2016 |
Paul Crowley <paulcrowley@google.com> |
Log a warning if old creds passed to change_user_key don't work.
Bug: 26948053
Change-Id: I8c117bfe5e85e73af72b6ecafea39924f3561c7c
/system/vold/Ext4Crypt.cpp
|
| 63c18d3ba9179ee0e678564e12aa845d9a6c3ec8 |
|
10-Feb-2016 |
Paul Crowley <paulcrowley@google.com> |
Add scrypt-based password stretching.
Bug: 27056334
Change-Id: Ifa7f776c21c439f89dad7836175fbd045e1c603e
/system/vold/Ext4Crypt.cpp
|
| 76107cb3f4845b1a51a1a291c70ea3e12f9c14d0 |
|
09-Feb-2016 |
Paul Crowley <paulcrowley@google.com> |
Prefer bool returns to int throughout
Change-Id: Ib3592b598ee07bc71a6f9507570bf4623c1cdd6a
/system/vold/Ext4Crypt.cpp
|
| 38132a1f667412d6b08ae90cc64a011d76906cc0 |
|
09-Feb-2016 |
Paul Crowley <paulcrowley@google.com> |
Refactor now that global DE has been reworked
Change-Id: I4d6156332cfc847e25e7c8863fd6a50fa325fb87
/system/vold/Ext4Crypt.cpp
|
| 57eedbf8cbd21899a3395ce6f153cd0e05898f3b |
|
09-Feb-2016 |
Paul Crowley <paulcrowley@google.com> |
Fix some "false" returns to be "-1" where appropriate in e4crypt_enable
Also fix a PLOG that should be a LOG.
Change-Id: Ic5ae288c37b6e236172f9e38349c2d0d530bfd4d
/system/vold/Ext4Crypt.cpp
|
| 695d9282862bac4fb4034ebb2d5b089b8ff9c4a3 |
|
09-Feb-2016 |
Jeff Sharkey <jsharkey@android.com> |
e4crypt_unlock_user_key no longer likes nullptr.
Bug: 27075797
Change-Id: I835d17d02ea50a88ef0a5322a30e04f3d0237019
/system/vold/Ext4Crypt.cpp
|
| f7a0d007d23ca924b6e85d609c787f05a503f285 |
|
08-Feb-2016 |
Paul Crowley <paulcrowley@google.com> |
Add new argument to unlock_user_key, fixing merge-caused error.
Change-Id: Ic51f375e500cd61bda926e3b039126a840ed89f0
/system/vold/Ext4Crypt.cpp
|
| 5c025bd9a54ac5f291005735f97bc66c0da98d01 |
|
08-Feb-2016 |
Paul Crowley <paulcrowley@google.com> |
Merge "Password security for FBE disk encryption keys" into nyc-dev
|
| 0572080814ea5f7456d9feea05f936c858178159 |
|
08-Feb-2016 |
Paul Crowley <paulcrowley@google.com> |
Password security for FBE disk encryption keys
Added a new call change_user_key which changes the way that disk
encryption keys are protected; a key can now be protected with a
combination of an auth token and a secret which is a hashed password.
Both of these are passed to unlock_user_key.
This change introduces a security bug, b/26948053, which must be fixed
before we ship.
Bug: 22950892
Change-Id: Iac1e45bb6f86f2af5c472c70a0fe3228b02115bf
/system/vold/Ext4Crypt.cpp
|
| 0754a45539de941e278c82898d83d26b6ba95b5e |
|
08-Feb-2016 |
Jeff Sharkey <jsharkey@android.com> |
Emulation fixes: mics dirs, recover after disable.
Add new misc directories to list of paths that we lock/unlock in
emulation mode. When booting a device without native-FBE and without
emulation, make sure we "unlock" any emulated settings on user 0;
MountService handles this for secondary users later during boot.
Bug: 27069522
Change-Id: I15c7cf00a7231ce99b2e4e11a25106d7b87e70cc
/system/vold/Ext4Crypt.cpp
|
| 47695b29af0467dd8e18f5534e3b62e39326d7e1 |
|
02-Feb-2016 |
Jeff Sharkey <jsharkey@android.com> |
Allow callers to prepare CE/DE user storage.
Give callers the option of preparing CE and/or DE storage. The
framework will only prepare CE storage after the CE keys have been
unlocked for that user.
When init is calling enablecrypto, kick off the work in a thread so
that we can make other calls back into vold without causing
deadlock. Leaves blocking call intact for framework callers.
Clean up 'vdc' tool to send useful transaction numbers, and
actually watch for the matching result to come back. This fixes
race conditions when there are multiple 'vdc' callers.
Also add other system and misc directories to match spec.
Bug: 25796509
Change-Id: Ie4f853db6e387916b845d2b5fb92925d743b063d
/system/vold/Ext4Crypt.cpp
|
| f10544df96652ebe457c93a91075da0b3bc6b550 |
|
04-Feb-2016 |
Paul Lawrence <paullawrence@google.com> |
Remove unencrypted_properties
Change-Id: I5728f03dbde6621e410efcda1d93054915793407
/system/vold/Ext4Crypt.cpp
|
| 5a06a6481bff8916bf366bf9e951ab5c6a405207 |
|
03-Feb-2016 |
Paul Lawrence <paullawrence@google.com> |
Fix minor issues with previous change
New style logging
Remove set/get field from e4crypt
Save keys to temp file then rename
See https://googleplex-android-review.git.corp.google.com/#/c/858922/
Change-Id: I454c3f78489b491ffc1230a70dce64935e4e0f8a
/system/vold/Ext4Crypt.cpp
|
| aec34dfb1d3988c1154534a24aacd950193f8f9f |
|
03-Feb-2016 |
Paul Lawrence <paullawrence@google.com> |
Use consistent method for device key
Change-Id: I420f548115c1b55e62b193c60d569fdda518af1a
/system/vold/Ext4Crypt.cpp
|
| 7b6b565fa0d3658be8dc021f1beee5024d54b8c0 |
|
02-Feb-2016 |
Paul Lawrence <paullawrence@google.com> |
Remove support for non-default root passwords in FBE
Change-Id: Ie179cb09f9f24382afd0fe0f3aa2a1ad943a7f5d
/system/vold/Ext4Crypt.cpp
|
| b92f83c0512bfb93e85d6cd8d6efd6681017664c |
|
01-Feb-2016 |
Paul Crowley <paulcrowley@google.com> |
Add support for per-user DE keys.
FBE devices need a factory reset after this change.
Bug: 26704408
Change-Id: I150b82a13a4a007d9a8997ef6a676e96576356b2
/system/vold/Ext4Crypt.cpp
|
| b1f3d242dd095b307a756fda2798e441e791e039 |
|
28-Jan-2016 |
Paul Crowley <paulcrowley@google.com> |
Refactor of Ext4Crypt.cpp in preparation for DE keys
Mainly a refactor, but with a substantive change: Keys are created in
a temporary location, then moved to their final destination, for
atomicity.
Bug: 26704408
Change-Id: I0b2dc70d6bfa1f8a65536dd05b73c4b36a4699cf
/system/vold/Ext4Crypt.cpp
|
| 8fb12fd8359a9af7228e05a37cf0ef59f43d6991 |
|
01-Feb-2016 |
Paul Crowley <paulcrowley@google.com> |
Add init_user0 command.
Change-Id: Icf746ec1968a073fde707ecc788b648f5803fd38
/system/vold/Ext4Crypt.cpp
|
| ea62e26ad3cc3e6a522cb4a711f34848ba65385a |
|
28-Jan-2016 |
Paul Crowley <paulcrowley@google.com> |
Create disk encryption keys only when FBE enabled
Our code for creating disk encryption keys doesn't work everywhere,
and it doesn't need to; only on platforms that support FBE. Don't
create them elsewhere.
Bug: 26842807
Change-Id: I686d0ffd7cb3adbddfce661c22ce18f66acb1aba
/system/vold/Ext4Crypt.cpp
|
| 13ffd8ef7a02a1b4b4d9a74f45d4a5bb6b814313 |
|
27-Jan-2016 |
Paul Crowley <paulcrowley@google.com> |
Improvements to the key storage module
The key storage module didn't comply with Android coding standards
and had room for improvemnet in a few other ways, so have cleaned up.
Change-Id: I260ccff316423169cf887e538113b5ea400892f2
/system/vold/Ext4Crypt.cpp
|
| 1ef255816c50e462acc23383a9ff747c5f55c4ff |
|
21-Jan-2016 |
Paul Crowley <paulcrowley@google.com> |
Use a keymaster-based key storage module
Instead of writing raw keys, encrypt the keys with keymaster. This
paves the way to protecting them with auth tokens and passwords later.
In addition, fold in the hash of a 16k file into their encryption, to
ensure secure deletion works properly.
Now even C++ier!
Bug: 22502684
Bug: 22950892
Change-Id: If70f139e342373533c42d5a298444b8438428322
/system/vold/Ext4Crypt.cpp
|
| a042cb5761f4bf954645b404ae5bb0a0d5b583fd |
|
21-Jan-2016 |
Paul Crowley <paulcrowley@google.com> |
Don't fail on unlock if we're not even emulating FBE
As a precaution, we do the work of emulating an unlock even on devices
that aren't emulating FBE. However, we don't care if it fails, so
don't fail the calling command in that instance.
Bug: 26713622
Change-Id: I8c5fb4b9a130335ecbb9b8ea6367f1c59835c0f1
/system/vold/Ext4Crypt.cpp
|
| 285956fe11de221f850e5bf63b071bd8f53bfd10 |
|
20-Jan-2016 |
Paul Crowley <paulcrowley@google.com> |
Rework FBE crypto to match the N way of doing things
Major rework and refactor of FBE code to load the keys at the right
time and in a natural way. The old code was aimed at our goals for M,
with patches on top, and didn't quite work.
Bug: 22358539
Change-Id: I9bf7a0a86ee3f2abf0edbd5966f93efac2474c2c
/system/vold/Ext4Crypt.cpp
|
| 7a9dd95cbc969fa21dfe4c1bbcac3315e47d81a4 |
|
13-Jan-2016 |
Jeff Sharkey <jsharkey@android.com> |
Offer to enforce "locked" state using SELinux.
Bug: 26466827
Change-Id: Id5f05298c2cb5f3cf288df37ddf0a196ca49949b
/system/vold/Ext4Crypt.cpp
|
| d2d7bffd0c666bd3dc67364b36480e57a1913571 |
|
19-Dec-2015 |
Jeff Sharkey <jsharkey@android.com> |
Create /data/media directory for new users.
Otherwise later unlock commands will fail.
Bug: 26267450
Change-Id: I090ac3a3fd4ac6d49290906e21d88f1efcdec421
/system/vold/Ext4Crypt.cpp
|
| 9ad4369ce87cb445ea126a8a803e2b42c2c5ea2f |
|
11-Dec-2015 |
Lenka Trochtova <ltrochtova@google.com> |
Fix a bug in passing parameters to prepare_user_storage.
Add the serial parameter to prepare_user_storage to avoid
confusion when parsing parameters and passing them around.
Change-Id: Id5516c248401ad50585aa8f6e8b1545a6cded549
/system/vold/Ext4Crypt.cpp
|
| 27cbce9214f2861b800fe48f5649f557b03a289c |
|
10-Dec-2015 |
Paul Crowley <paulcrowley@google.com> |
Rename functions with a system/extras name collision.
Following around the call graph in code search is hard enough as it is!
Change-Id: I09d3513664423aafe0d99f9158acfbbb6c79b590
/system/vold/Ext4Crypt.cpp
|
| ff9097f560c53bcd91880a724c007afbff88d515 |
|
10-Dec-2015 |
Paul Lawrence <paullawrence@google.com> |
Fix create_user_key to take 3 params
Change-Id: Ied03e2ee404a1b4f386740213e6ab01f18ec09b9
/system/vold/Ext4Crypt.cpp
|
| 395039f0070abed5f6b3617786956ee3e62fe9b5 |
|
25-Nov-2015 |
Lenka Trochtova <ltrochtova@google.com> |
Introduce support for ephemeral users.
BUG: 24883058
Change-Id: I77d4757f87214166e7c41c7eb0d06b1cd5f06b20
/system/vold/Ext4Crypt.cpp
|
| fc505c3ff6c1ba3a061e7e8b3f2236be90712a80 |
|
08-Dec-2015 |
Jeff Sharkey <jsharkey@android.com> |
Emulate media encryption, always chmod to unlock.
When FBE emulation is enabled, lock/unlock the media directories that
store emulated SD card contents.
Change unlocking logic to always chmod directories back to known
state so that we can recover devices that have disabled FBE
emulation.
Bug: 26010607, 26027473
Change-Id: I6d4bff25d8ad7b948679290106f585f777f7a249
/system/vold/Ext4Crypt.cpp
|
| 6bf0547ccce72233bd465178b919fa7f15e48b45 |
|
05-Dec-2015 |
Elliott Hughes <enh@google.com> |
resolve merge conflicts of b7d5a47cec to master.
Change-Id: I0c5211a00d92d0ee796bb9c77d2e13675a2a3e8d
|
| 7e128fbe212c64492afa98bfd6d7fab6f1956831 |
|
05-Dec-2015 |
Elliott Hughes <enh@google.com> |
Track rename from base/ to android-base/.
Change-Id: I3096cfa50afa395d8e9a8043ab69c1e390f86ccb
/system/vold/Ext4Crypt.cpp
|
| a597d0a4248dded627b2cf71ca5f9f3bcd12f033 |
|
30-Nov-2015 |
Jeff Sharkey <jsharkey@android.com> |
Use the right system property name.
Bug: 22358539
Change-Id: I0bf9719a2b54acbde80f3c911988724581447b0c
/system/vold/Ext4Crypt.cpp
|
| c79fb89a10ea9bc3b0f1f9c7caa809a705989479 |
|
13-Nov-2015 |
Jeff Sharkey <jsharkey@android.com> |
Switch to new FBE emulation property.
Also prepare CE/DE storage directories for owner user at boot.
Bug: 22358539
Change-Id: I76228952c990ebed83360c69ef36321b99114196
/system/vold/Ext4Crypt.cpp
|
| 5512c50c0982958b9737ebe339084038932530e5 |
|
16-Nov-2015 |
Paul Crowley <paulcrowley@google.com> |
Merge "Add --no-unlink option to secdiscard for testing."
|
| d2c96e788381a6c8dd87cbf9ecd7e8a6bc7337c2 |
|
09-Nov-2015 |
Jeff Sharkey <jsharkey@android.com> |
New granular encryption commands for framework.
We now have separate methods for key creation/destruction and
unlocking/locking. Key unlocking can pass through an opaque token,
but it's left empty for now.
Extend user storage setup to also create system_ce and user_de
paths. Bring over some path generation logic from installd.
Use strong type checking on user arguments.
Bug: 22358539
Change-Id: I00ba15c7b10dd682640b3f082feade4fb7cbbb5d
/system/vold/Ext4Crypt.cpp
|
| 5ab73e945d59472ed47ea2e0deee613c958d800c |
|
03-Jul-2015 |
Paul Crowley <paulcrowley@google.com> |
Add --no-unlink option to secdiscard for testing.
Also allow deletion of multiple files in one invocation.
Change-Id: I5011bf45f2d3b91964bc68fd8e61ec037e1de2ca
/system/vold/Ext4Crypt.cpp
|
| 480fcd2750c1d30f3397d1f3152519a11f60990b |
|
24-Aug-2015 |
Paul Crowley <paulcrowley@google.com> |
Set uid/gid of newly created user dirs to system/system.
Bug: 23395513
Change-Id: I3d76b77339f995103c0aec09c6de77b3c8cdc0dd
/system/vold/Ext4Crypt.cpp
|
| 9336348200758d067fed164368636521b4e58621 |
|
07-Jul-2015 |
Paul Crowley <paulcrowley@google.com> |
Evict the key before we delete it.
Change-Id: I9eef440a1f406c2c73c859f5ae7cee35f6a36ca4
/system/vold/Ext4Crypt.cpp
|
| cd307b7c6301593727892d1fa9bb92aadb5fdaca |
|
19-May-2015 |
Paul Crowley <paulcrowley@google.com> |
Scrub the key from the disk with BLKSECDISCARD.
Bug: 19706593
(cherry-picked from commit 8d0cd7ffd903a753c6bb5c6f33987a7a66621cef)
Change-Id: Ieea73da233fe53767b5adcdb4d49f9bb00fedac1
/system/vold/Ext4Crypt.cpp
|
| b33e8873ea78b92e536aa33f48130a91ca150f0c |
|
19-May-2015 |
Paul Crowley <paulcrowley@google.com> |
Add "cryptfs deleteuserkey" command to vold.
Bug: 19706593
(cherry-picked from commit eebf44563bf9c6f2795442e8d2bc886e4eb3bbbe)
Change-Id: I50dc4c39595c06bf0016d6a490130bbbc25de91b
/system/vold/Ext4Crypt.cpp
|
| 95376d612c91236c8cd751b9af02c9aa57f4870f |
|
06-May-2015 |
Paul Crowley <paulcrowley@google.com> |
Add vold commands for setting up per-user encrypted user
directories
Bug: 19704432
(cherry-picked from commit 75a5202d9f65747edabb1dd0ebd50a779d4142c2)
Change-Id: I733e8745ec21f8e53c2cc6d8a98313275db7d897
/system/vold/Ext4Crypt.cpp
|
| f25a35a1c98d4fac118ee9abe34d6bbf2d3a2201 |
|
06-May-2015 |
Paul Crowley <paulcrowley@google.com> |
Break key installation into its own function so we can install
non-master keys.
Bug: 19704432
(cherry-picked from commit 1da96dc549b86a1c7ec02d7a808a9532cdcb5fe7)
Change-Id: I762e8f6c927db3a337fa8ce6bd428262d9e05c7a
/system/vold/Ext4Crypt.cpp
|
| 86c942a2537701a90b88768eab4648c0650dfad1 |
|
06-May-2015 |
Paul Lawrence <paullawrence@google.com> |
DO NOT MERGE Delete password as per block encryption
(cherry-picked from commit 00f4aade5c172534c16070540d1c6c26d0a78c84)
Bug: 18151196
Change-Id: Iee0f932c61ff4a309dc2861725b24bf976adb4c7
/system/vold/Ext4Crypt.cpp
|
| 0d9cd9e9cf39e1cdb06565de6c4e11ff244b2a3a |
|
06-May-2015 |
Paul Lawrence <paullawrence@google.com> |
DO NOT MERGE Fix problem that reading/writing crypto footers wasn't identity
(cherry-picked from commit 75c922f49b593f3203ee59c33d00ccb5b3b66ca8)
Bug: 18151196
Change-Id: Ideef6bcdbccf068a64ed3e042be50c4837a373f8
/system/vold/Ext4Crypt.cpp
|
| 2f32cda63bf5c86db880d36029a27c8597fb5e3c |
|
05-May-2015 |
Paul Lawrence <paullawrence@google.com> |
DO NOT MERGE Retry unmounts in ext4 encryption
(cherry-picked from commit 29b54aab8ee2d08e2129832364f9b719dd17fa4e)
Bug: 18151196
Change-Id: I52ca23b2ce3adcff44bd003d4a12243a0bd6ac34
/system/vold/Ext4Crypt.cpp
|
| b7f0702ea6cc32c58540d596016c2dabd8ba3541 |
|
05-May-2015 |
Paul Lawrence <paullawrence@google.com> |
DO NOT MERGE Use default key permissions for ext4enc
(cherry-picked from commit 1190a26f6d7dd34bf10ffc7b367b374d5e591146)
As per discussion default permissions are the correct ones.
Note that since we use logon keys, they cannot be read outside
the kernel.
Note also that we limit who can read/write keys in selinux policy.
Bug: 18151196
Change-Id: Icc916f430a70eff22e6b74c20ec361c8f3789c1c
/system/vold/Ext4Crypt.cpp
|
| a56d3134b03a3756a740aa909aa3d72643196842 |
|
05-May-2015 |
Paul Lawrence <paullawrence@google.com> |
DO NOT MERGE Simplify password checking logic
(cherry-picked from commit aaccfac3442ab48f5f94603c07427cc1bb00e12d)
Bug: 18151196
Change-Id: I07ffde534dee7d1032149cfcbaa1a61c5246d759
/system/vold/Ext4Crypt.cpp
|
| 368d79459e8d30474dd5cbc414623c1e2f78ee98 |
|
15-Apr-2015 |
Paul Lawrence <paullawrence@google.com> |
DO NOT MERGE Enable properties in ext4enc
(cherry-picked from 4e7274551c93e1c064648409f52ca430da647050)
Enables OwnerInfo and pattern suppression
Bug: 18151196
Change-Id: I46144e16cb00319deeb5492ab82c67f5dd43d6d3
/system/vold/Ext4Crypt.cpp
|
| c78c71b1717613a5be921bbb8ac63c007d4af86a |
|
15-Apr-2015 |
Paul Lawrence <paullawrence@google.com> |
DO NOT MERGE Check password is correct by checking hash
(cherry-picked from commit 3ca21e227a2e1ed01138a29f450917290a9d1e6e)
Handle failures gracefully
Change-Id: Ifb6da8c11a86c50fb11964c18cc1be1326461f78
/system/vold/Ext4Crypt.cpp
|
| fd7db732434eb41fda69a353053bcb7aab259529 |
|
10-Apr-2015 |
Paul Lawrence <paullawrence@google.com> |
DO NOT MERGE New ext4enc kernel switching from xattrs to ioctl
(cherrypicked from commit 5e7f0042318156ef39c1e4641613f3191ea85b4a)
This is one of three changes to enable this functionality:
https://android-review.googlesource.com/#/c/146259/
https://android-review.googlesource.com/#/c/146264/
https://android-review.googlesource.com/#/c/146265/
Bug: 18151196
Change-Id: Iba5146b8be1e15050ae901e08b3aaa26d96dcf7e
/system/vold/Ext4Crypt.cpp
|
| 731a7a242df6cc3441ac82b4f9521546fac5ac2d |
|
29-Apr-2015 |
Paul Lawrence <paullawrence@google.com> |
DO NOT MERGE Securely encrypt the master key
(cherry-picked from commit 707fd6c7cccc31c0ab0ec1a6ac8b6077c632fc35)
Move all key management into vold
Reuse vold's existing key management through the crypto footer
to manage the device wide keys.
Use ro.crypto.type flag to determine crypto type, which prevents
any issues when running in block encrypted mode, as well as speeding
up boot in block or no encryption.
This is one of four changes to enable this functionality:
https://android-review.googlesource.com/#/c/148586/
https://android-review.googlesource.com/#/c/148604/
https://android-review.googlesource.com/#/c/148606/
https://android-review.googlesource.com/#/c/148607/
Bug: 18151196
Change-Id: I3c68691717a61b5e1df76423ca0c02baff0dab98
/system/vold/Ext4Crypt.cpp
|