Merge "Remove unused function UnmountTreeWithPrefix()" am: 536beac4bd am: 5fdc4c764d am: 6036321541
Original change: https://android-review.googlesource.com/c/platform/system/vold/+/2021355
Change-Id: I152aa95589c7bd1283c9449049ebaf0629eee769
diff --git a/FsCrypt.cpp b/FsCrypt.cpp
index be68222..49e7bd0 100644
--- a/FsCrypt.cpp
+++ b/FsCrypt.cpp
@@ -764,7 +764,7 @@
// unlock directories when not in emulation mode, to bring devices
// back into a known-good state.
if (!emulated_unlock(android::vold::BuildDataSystemCePath(user_id), 0771) ||
- !emulated_unlock(android::vold::BuildDataMiscCePath(user_id), 01771) ||
+ !emulated_unlock(android::vold::BuildDataMiscCePath("", user_id), 01771) ||
!emulated_unlock(android::vold::BuildDataMediaCePath("", user_id), 0770) ||
!emulated_unlock(android::vold::BuildDataUserCePath("", user_id), 0771)) {
LOG(ERROR) << "Failed to unlock user " << user_id;
@@ -782,7 +782,7 @@
} else if (fscrypt_is_emulated()) {
// When in emulation mode, we just use chmod
if (!emulated_lock(android::vold::BuildDataSystemCePath(user_id)) ||
- !emulated_lock(android::vold::BuildDataMiscCePath(user_id)) ||
+ !emulated_lock(android::vold::BuildDataMiscCePath("", user_id)) ||
!emulated_lock(android::vold::BuildDataMediaCePath("", user_id)) ||
!emulated_lock(android::vold::BuildDataUserCePath("", user_id))) {
LOG(ERROR) << "Failed to lock user " << user_id;
@@ -817,7 +817,7 @@
// DE_n key
auto system_de_path = android::vold::BuildDataSystemDePath(user_id);
- auto misc_de_path = android::vold::BuildDataMiscDePath(user_id);
+ auto misc_de_path = android::vold::BuildDataMiscDePath(volume_uuid, user_id);
auto vendor_de_path = android::vold::BuildDataVendorDePath(user_id);
auto user_de_path = android::vold::BuildDataUserDePath(volume_uuid, user_id);
@@ -831,9 +831,10 @@
if (!prepare_dir(profiles_de_path, 0771, AID_SYSTEM, AID_SYSTEM)) return false;
if (!prepare_dir(system_de_path, 0770, AID_SYSTEM, AID_SYSTEM)) return false;
- if (!prepare_dir(misc_de_path, 01771, AID_SYSTEM, AID_MISC)) return false;
if (!prepare_dir(vendor_de_path, 0771, AID_ROOT, AID_ROOT)) return false;
}
+
+ if (!prepare_dir(misc_de_path, 01771, AID_SYSTEM, AID_MISC)) return false;
if (!prepare_dir(user_de_path, 0771, AID_SYSTEM, AID_SYSTEM)) return false;
if (fscrypt_is_native()) {
@@ -841,11 +842,14 @@
if (volume_uuid.empty()) {
if (!lookup_policy(s_de_policies, user_id, &de_policy)) return false;
if (!EnsurePolicy(de_policy, system_de_path)) return false;
- if (!EnsurePolicy(de_policy, misc_de_path)) return false;
if (!EnsurePolicy(de_policy, vendor_de_path)) return false;
} else {
- if (!read_or_create_volkey(misc_de_path, volume_uuid, &de_policy)) return false;
+ auto misc_de_empty_volume_path = android::vold::BuildDataMiscDePath("", user_id);
+ if (!read_or_create_volkey(misc_de_empty_volume_path, volume_uuid, &de_policy)) {
+ return false;
+ }
}
+ if (!EnsurePolicy(de_policy, misc_de_path)) return false;
if (!EnsurePolicy(de_policy, user_de_path)) return false;
}
}
@@ -853,14 +857,13 @@
if (flags & android::os::IVold::STORAGE_FLAG_CE) {
// CE_n key
auto system_ce_path = android::vold::BuildDataSystemCePath(user_id);
- auto misc_ce_path = android::vold::BuildDataMiscCePath(user_id);
+ auto misc_ce_path = android::vold::BuildDataMiscCePath(volume_uuid, user_id);
auto vendor_ce_path = android::vold::BuildDataVendorCePath(user_id);
auto media_ce_path = android::vold::BuildDataMediaCePath(volume_uuid, user_id);
auto user_ce_path = android::vold::BuildDataUserCePath(volume_uuid, user_id);
if (volume_uuid.empty()) {
if (!prepare_dir(system_ce_path, 0770, AID_SYSTEM, AID_SYSTEM)) return false;
- if (!prepare_dir(misc_ce_path, 01771, AID_SYSTEM, AID_MISC)) return false;
if (!prepare_dir(vendor_ce_path, 0771, AID_ROOT, AID_ROOT)) return false;
}
if (!prepare_dir(media_ce_path, 02770, AID_MEDIA_RW, AID_MEDIA_RW)) return false;
@@ -873,6 +876,7 @@
return false;
}
+ if (!prepare_dir(misc_ce_path, 01771, AID_SYSTEM, AID_MISC)) return false;
if (!prepare_dir(user_ce_path, 0771, AID_SYSTEM, AID_SYSTEM)) return false;
if (fscrypt_is_native()) {
@@ -880,12 +884,15 @@
if (volume_uuid.empty()) {
if (!lookup_policy(s_ce_policies, user_id, &ce_policy)) return false;
if (!EnsurePolicy(ce_policy, system_ce_path)) return false;
- if (!EnsurePolicy(ce_policy, misc_ce_path)) return false;
if (!EnsurePolicy(ce_policy, vendor_ce_path)) return false;
} else {
- if (!read_or_create_volkey(misc_ce_path, volume_uuid, &ce_policy)) return false;
+ auto misc_ce_empty_volume_path = android::vold::BuildDataMiscCePath("", user_id);
+ if (!read_or_create_volkey(misc_ce_empty_volume_path, volume_uuid, &ce_policy)) {
+ return false;
+ }
}
if (!EnsurePolicy(ce_policy, media_ce_path)) return false;
+ if (!EnsurePolicy(ce_policy, misc_ce_path)) return false;
if (!EnsurePolicy(ce_policy, user_ce_path)) return false;
}
@@ -913,20 +920,21 @@
if (flags & android::os::IVold::STORAGE_FLAG_CE) {
// CE_n key
auto system_ce_path = android::vold::BuildDataSystemCePath(user_id);
- auto misc_ce_path = android::vold::BuildDataMiscCePath(user_id);
+ auto misc_ce_path = android::vold::BuildDataMiscCePath(volume_uuid, user_id);
auto vendor_ce_path = android::vold::BuildDataVendorCePath(user_id);
auto media_ce_path = android::vold::BuildDataMediaCePath(volume_uuid, user_id);
auto user_ce_path = android::vold::BuildDataUserCePath(volume_uuid, user_id);
res &= destroy_dir(media_ce_path);
+ res &= destroy_dir(misc_ce_path);
res &= destroy_dir(user_ce_path);
if (volume_uuid.empty()) {
res &= destroy_dir(system_ce_path);
- res &= destroy_dir(misc_ce_path);
res &= destroy_dir(vendor_ce_path);
} else {
if (fscrypt_is_native()) {
- res &= destroy_volkey(misc_ce_path, volume_uuid);
+ auto misc_ce_empty_volume_path = android::vold::BuildDataMiscCePath("", user_id);
+ res &= destroy_volkey(misc_ce_empty_volume_path, volume_uuid);
}
}
}
@@ -939,11 +947,12 @@
// DE_n key
auto system_de_path = android::vold::BuildDataSystemDePath(user_id);
- auto misc_de_path = android::vold::BuildDataMiscDePath(user_id);
+ auto misc_de_path = android::vold::BuildDataMiscDePath(volume_uuid, user_id);
auto vendor_de_path = android::vold::BuildDataVendorDePath(user_id);
auto user_de_path = android::vold::BuildDataUserDePath(volume_uuid, user_id);
res &= destroy_dir(user_de_path);
+ res &= destroy_dir(misc_de_path);
if (volume_uuid.empty()) {
res &= destroy_dir(system_legacy_path);
#if MANAGE_MISC_DIRS
@@ -951,11 +960,11 @@
#endif
res &= destroy_dir(profiles_de_path);
res &= destroy_dir(system_de_path);
- res &= destroy_dir(misc_de_path);
res &= destroy_dir(vendor_de_path);
} else {
if (fscrypt_is_native()) {
- res &= destroy_volkey(misc_de_path, volume_uuid);
+ auto misc_de_empty_volume_path = android::vold::BuildDataMiscDePath("", user_id);
+ res &= destroy_volkey(misc_de_empty_volume_path, volume_uuid);
}
}
}
diff --git a/Utils.cpp b/Utils.cpp
index 66e642f..ba6afd8 100644
--- a/Utils.cpp
+++ b/Utils.cpp
@@ -1120,14 +1120,6 @@
return StringPrintf("%s/misc/user/%u", BuildDataPath("").c_str(), userId);
}
-std::string BuildDataMiscCePath(userid_t userId) {
- return StringPrintf("%s/misc_ce/%u", BuildDataPath("").c_str(), userId);
-}
-
-std::string BuildDataMiscDePath(userid_t userId) {
- return StringPrintf("%s/misc_de/%u", BuildDataPath("").c_str(), userId);
-}
-
// Keep in sync with installd (frameworks/native/cmds/installd/utils.h)
std::string BuildDataProfilesDePath(userid_t userId) {
return StringPrintf("%s/misc/profiles/cur/%u", BuildDataPath("").c_str(), userId);
@@ -1157,6 +1149,14 @@
return StringPrintf("%s/media/%u", data.c_str(), userId);
}
+std::string BuildDataMiscCePath(const std::string& volumeUuid, userid_t userId) {
+ return StringPrintf("%s/misc_ce/%u", BuildDataPath(volumeUuid).c_str(), userId);
+}
+
+std::string BuildDataMiscDePath(const std::string& volumeUuid, userid_t userId) {
+ return StringPrintf("%s/misc_de/%u", BuildDataPath(volumeUuid).c_str(), userId);
+}
+
std::string BuildDataUserCePath(const std::string& volumeUuid, userid_t userId) {
// TODO: unify with installd path generation logic
std::string data(BuildDataPath(volumeUuid));
diff --git a/Utils.h b/Utils.h
index 72d7552..029b35d 100644
--- a/Utils.h
+++ b/Utils.h
@@ -150,14 +150,14 @@
std::string BuildDataSystemCePath(userid_t userid);
std::string BuildDataSystemDePath(userid_t userid);
std::string BuildDataMiscLegacyPath(userid_t userid);
-std::string BuildDataMiscCePath(userid_t userid);
-std::string BuildDataMiscDePath(userid_t userid);
std::string BuildDataProfilesDePath(userid_t userid);
std::string BuildDataVendorCePath(userid_t userid);
std::string BuildDataVendorDePath(userid_t userid);
std::string BuildDataPath(const std::string& volumeUuid);
std::string BuildDataMediaCePath(const std::string& volumeUuid, userid_t userid);
+std::string BuildDataMiscCePath(const std::string& volumeUuid, userid_t userid);
+std::string BuildDataMiscDePath(const std::string& volumeUuid, userid_t userid);
std::string BuildDataUserCePath(const std::string& volumeUuid, userid_t userid);
std::string BuildDataUserDePath(const std::string& volumeUuid, userid_t userid);
diff --git a/VoldNativeService.cpp b/VoldNativeService.cpp
index 576717c..f5fb908 100644
--- a/VoldNativeService.cpp
+++ b/VoldNativeService.cpp
@@ -728,36 +728,19 @@
return translateBool(fscrypt_destroy_user_key(userId));
}
-static bool token_empty(const std::string& token) {
- return token.size() == 0 || token == "!";
-}
-
binder::Status VoldNativeService::addUserKeyAuth(int32_t userId, int32_t userSerial,
- const std::string& token,
const std::string& secret) {
ENFORCE_SYSTEM_OR_ROOT;
ACQUIRE_CRYPT_LOCK;
- if (!token_empty(token)) {
- LOG(ERROR) << "Vold doesn't use auth tokens, but non-empty token passed to addUserKeyAuth.";
- return binder::Status::fromServiceSpecificError(-EINVAL);
- }
-
return translateBool(fscrypt_add_user_key_auth(userId, userSerial, secret));
}
binder::Status VoldNativeService::clearUserKeyAuth(int32_t userId, int32_t userSerial,
- const std::string& token,
const std::string& secret) {
ENFORCE_SYSTEM_OR_ROOT;
ACQUIRE_CRYPT_LOCK;
- if (!token_empty(token)) {
- LOG(ERROR)
- << "Vold doesn't use auth tokens, but non-empty token passed to clearUserKeyAuth.";
- return binder::Status::fromServiceSpecificError(-EINVAL);
- }
-
return translateBool(fscrypt_clear_user_key_auth(userId, userSerial, secret));
}
@@ -777,16 +760,10 @@
}
binder::Status VoldNativeService::unlockUserKey(int32_t userId, int32_t userSerial,
- const std::string& token,
const std::string& secret) {
ENFORCE_SYSTEM_OR_ROOT;
ACQUIRE_CRYPT_LOCK;
- if (!token_empty(token)) {
- LOG(ERROR) << "Vold doesn't use auth tokens, but non-empty token passed to unlockUserKey.";
- return binder::Status::fromServiceSpecificError(-EINVAL);
- }
-
return translateBool(fscrypt_unlock_user_key(userId, userSerial, secret));
}
diff --git a/VoldNativeService.h b/VoldNativeService.h
index 58301f5..88fc9e7 100644
--- a/VoldNativeService.h
+++ b/VoldNativeService.h
@@ -127,15 +127,12 @@
binder::Status createUserKey(int32_t userId, int32_t userSerial, bool ephemeral);
binder::Status destroyUserKey(int32_t userId);
- binder::Status addUserKeyAuth(int32_t userId, int32_t userSerial, const std::string& token,
- const std::string& secret);
- binder::Status clearUserKeyAuth(int32_t userId, int32_t userSerial, const std::string& token,
- const std::string& secret);
+ binder::Status addUserKeyAuth(int32_t userId, int32_t userSerial, const std::string& secret);
+ binder::Status clearUserKeyAuth(int32_t userId, int32_t userSerial, const std::string& secret);
binder::Status fixateNewestUserKeyAuth(int32_t userId);
binder::Status getUnlockedUsers(std::vector<int>* _aidl_return);
- binder::Status unlockUserKey(int32_t userId, int32_t userSerial, const std::string& token,
- const std::string& secret);
+ binder::Status unlockUserKey(int32_t userId, int32_t userSerial, const std::string& secret);
binder::Status lockUserKey(int32_t userId);
binder::Status prepareUserStorage(const std::optional<std::string>& uuid, int32_t userId,
diff --git a/binder/android/os/IVold.aidl b/binder/android/os/IVold.aidl
index cec0593..aee75f5 100644
--- a/binder/android/os/IVold.aidl
+++ b/binder/android/os/IVold.aidl
@@ -100,15 +100,12 @@
void createUserKey(int userId, int userSerial, boolean ephemeral);
void destroyUserKey(int userId);
- void addUserKeyAuth(int userId, int userSerial, @utf8InCpp String token,
- @utf8InCpp String secret);
- void clearUserKeyAuth(int userId, int userSerial, @utf8InCpp String token,
- @utf8InCpp String secret);
+ void addUserKeyAuth(int userId, int userSerial, @utf8InCpp String secret);
+ void clearUserKeyAuth(int userId, int userSerial, @utf8InCpp String secret);
void fixateNewestUserKeyAuth(int userId);
int[] getUnlockedUsers();
- void unlockUserKey(int userId, int userSerial, @utf8InCpp String token,
- @utf8InCpp String secret);
+ void unlockUserKey(int userId, int userSerial, @utf8InCpp String secret);
void lockUserKey(int userId);
void prepareUserStorage(@nullable @utf8InCpp String uuid, int userId, int userSerial,
diff --git a/model/PrivateVolume.cpp b/model/PrivateVolume.cpp
index 1875b7b..a692ea9 100644
--- a/model/PrivateVolume.cpp
+++ b/model/PrivateVolume.cpp
@@ -173,6 +173,8 @@
if (PrepareDir(mPath + "/app", 0771, AID_SYSTEM, AID_SYSTEM) ||
PrepareDir(mPath + "/user", 0711, AID_SYSTEM, AID_SYSTEM) ||
PrepareDir(mPath + "/user_de", 0711, AID_SYSTEM, AID_SYSTEM) ||
+ PrepareDir(mPath + "/misc_ce", 0711, AID_SYSTEM, AID_SYSTEM) ||
+ PrepareDir(mPath + "/misc_de", 0711, AID_SYSTEM, AID_SYSTEM) ||
PrepareDir(mPath + "/media", 0770, AID_MEDIA_RW, AID_MEDIA_RW, attrs) ||
PrepareDir(mPath + "/media/0", 0770, AID_MEDIA_RW, AID_MEDIA_RW) ||
PrepareDir(mPath + "/local", 0751, AID_ROOT, AID_ROOT) ||
diff --git a/vold_prepare_subdirs.cpp b/vold_prepare_subdirs.cpp
index 692c500..94d7f15 100644
--- a/vold_prepare_subdirs.cpp
+++ b/vold_prepare_subdirs.cpp
@@ -172,7 +172,7 @@
return false;
}
- auto misc_de_path = android::vold::BuildDataMiscDePath(user_id);
+ auto misc_de_path = android::vold::BuildDataMiscDePath(volume_uuid, user_id);
if (!prepare_dir_for_user(sehandle, 0771, AID_SYSTEM, AID_SYSTEM,
misc_de_path + "/sdksandbox", user_id)) {
return false;
@@ -208,7 +208,7 @@
return false;
}
- auto misc_ce_path = android::vold::BuildDataMiscCePath(user_id);
+ auto misc_ce_path = android::vold::BuildDataMiscCePath(volume_uuid, user_id);
if (!prepare_dir_for_user(sehandle, 0771, AID_SYSTEM, AID_SYSTEM,
misc_ce_path + "/sdksandbox", user_id)) {
return false;
@@ -256,18 +256,20 @@
static bool destroy_subdirs(const std::string& volume_uuid, int user_id, int flags) {
bool res = true;
- if (volume_uuid.empty()) {
- if (flags & android::os::IVold::STORAGE_FLAG_CE) {
- auto misc_ce_path = android::vold::BuildDataMiscCePath(user_id);
- res &= rmrf_contents(misc_ce_path);
+ if (flags & android::os::IVold::STORAGE_FLAG_CE) {
+ auto misc_ce_path = android::vold::BuildDataMiscCePath(volume_uuid, user_id);
+ res &= rmrf_contents(misc_ce_path);
+ if (volume_uuid.empty()) {
auto vendor_ce_path = android::vold::BuildDataVendorCePath(user_id);
res &= rmrf_contents(vendor_ce_path);
}
- if (flags & android::os::IVold::STORAGE_FLAG_DE) {
- auto misc_de_path = android::vold::BuildDataMiscDePath(user_id);
- res &= rmrf_contents(misc_de_path);
+ }
+ if (flags & android::os::IVold::STORAGE_FLAG_DE) {
+ auto misc_de_path = android::vold::BuildDataMiscDePath(volume_uuid, user_id);
+ res &= rmrf_contents(misc_de_path);
+ if (volume_uuid.empty()) {
auto vendor_de_path = android::vold::BuildDataVendorDePath(user_id);
res &= rmrf_contents(vendor_de_path);
}