Snap for 8414339 from 5891d7e486e3f2ba3fb74398cfce7ed082d5a85f to tm-qpr1-release
Change-Id: Iac3be0e624eb40bb06a6110304db68972e6619d2
diff --git a/Android.bp b/Android.bp
index 38abdb9..c113ed0 100644
--- a/Android.bp
+++ b/Android.bp
@@ -9,9 +9,7 @@
"-Wall",
"-Werror",
"-Wextra",
- "-Wno-missing-field-initializers",
"-Wno-unused-parameter",
- "-Wno-unused-variable",
],
clang: true,
diff --git a/EncryptInplace.cpp b/EncryptInplace.cpp
index 057b3ef..190bb83 100644
--- a/EncryptInplace.cpp
+++ b/EncryptInplace.cpp
@@ -20,13 +20,11 @@
#include <ext4_utils/ext4_utils.h>
#include <f2fs_sparseblock.h>
#include <fcntl.h>
-#include <time.h>
#include <algorithm>
#include <vector>
#include <android-base/logging.h>
-#include <android-base/properties.h>
#include <android-base/unique_fd.h>
enum EncryptInPlaceError {
@@ -43,7 +41,7 @@
class InPlaceEncrypter {
public:
bool EncryptInPlace(const std::string& crypto_blkdev, const std::string& real_blkdev,
- uint64_t nr_sec, bool set_progress_properties);
+ uint64_t nr_sec);
bool ProcessUsedBlock(uint64_t block_num);
private:
@@ -75,19 +73,14 @@
std::string real_blkdev_;
std::string crypto_blkdev_;
uint64_t nr_sec_;
- bool set_progress_properties_;
android::base::unique_fd realfd_;
android::base::unique_fd cryptofd_;
- time_t time_started_;
- int remaining_time_;
-
std::string fs_type_;
uint64_t blocks_done_;
uint64_t blocks_to_encrypt_;
unsigned int block_size_;
- unsigned int cur_pct_;
std::vector<uint8_t> io_buffer_;
uint64_t first_pending_block_;
@@ -108,7 +101,6 @@
blocks_done_ = 0;
blocks_to_encrypt_ = blocks_to_encrypt;
block_size_ = block_size;
- cur_pct_ = 0;
// Allocate the I/O buffer. kIOBufferSize should always be a multiple of
// the filesystem block size, but round it up just in case.
@@ -136,46 +128,6 @@
if (blocks_done_ >= blocks_next_msg)
LOG(DEBUG) << "Encrypted " << blocks_next_msg << " of " << blocks_to_encrypt_ << " blocks";
-
- if (!set_progress_properties_) return;
-
- uint64_t new_pct;
- if (done) {
- new_pct = 100;
- } else {
- new_pct = (blocks_done_ * 100) / std::max<uint64_t>(blocks_to_encrypt_, 1);
- new_pct = std::min<uint64_t>(new_pct, 99);
- }
- if (new_pct > cur_pct_) {
- cur_pct_ = new_pct;
- android::base::SetProperty("vold.encrypt_progress", std::to_string(new_pct));
- }
-
- if (cur_pct_ >= 5) {
- struct timespec time_now;
- if (clock_gettime(CLOCK_MONOTONIC, &time_now)) {
- PLOG(WARNING) << "Error getting time while updating encryption progress";
- } else {
- double elapsed_time = difftime(time_now.tv_sec, time_started_);
-
- uint64_t remaining_blocks = 0;
- if (blocks_done_ < blocks_to_encrypt_)
- remaining_blocks = blocks_to_encrypt_ - blocks_done_;
-
- int remaining_time = 0;
- if (blocks_done_ != 0)
- remaining_time = (int)(elapsed_time * remaining_blocks / blocks_done_);
-
- // Change time only if not yet set, lower, or a lot higher for
- // best user experience
- if (remaining_time_ == -1 || remaining_time < remaining_time_ ||
- remaining_time > remaining_time_ + 60) {
- remaining_time_ = remaining_time;
- android::base::SetProperty("vold.encrypt_time_remaining",
- std::to_string(remaining_time));
- }
- }
- }
}
bool InPlaceEncrypter::EncryptPendingData() {
@@ -313,14 +265,10 @@
}
bool InPlaceEncrypter::EncryptInPlace(const std::string& crypto_blkdev,
- const std::string& real_blkdev, uint64_t nr_sec,
- bool set_progress_properties) {
- struct timespec time_started = {0};
-
+ const std::string& real_blkdev, uint64_t nr_sec) {
real_blkdev_ = real_blkdev;
crypto_blkdev_ = crypto_blkdev;
nr_sec_ = nr_sec;
- set_progress_properties_ = set_progress_properties;
realfd_.reset(open64(real_blkdev.c_str(), O_RDONLY | O_CLOEXEC));
if (realfd_ < 0) {
@@ -334,13 +282,6 @@
return false;
}
- if (clock_gettime(CLOCK_MONOTONIC, &time_started)) {
- PLOG(WARNING) << "Error getting time at start of in-place encryption";
- // Note - continue anyway - we'll run with 0
- }
- time_started_ = time_started.tv_sec;
- remaining_time_ = -1;
-
bool success = DoEncryptInPlace();
if (success) success &= EncryptPendingData();
@@ -359,8 +300,11 @@
<< ") was incorrect; we actually encrypted " << blocks_done_
<< " blocks. Encryption progress was inaccurate";
}
- // Make sure vold.encrypt_progress gets set to 100.
+ // Ensure that the final progress message is printed, so the series of log
+ // messages ends with e.g. "Encrypted 50327 of 50327 blocks" rather than
+ // "Encrypted 50000 of 50327 blocks".
UpdateProgress(0, true);
+
LOG(INFO) << "Successfully encrypted " << DescribeFilesystem();
return true;
}
@@ -371,10 +315,10 @@
// sectors; however, if a filesystem is detected, then its size will be used
// instead, and only the in-use blocks of the filesystem will be encrypted.
bool encrypt_inplace(const std::string& crypto_blkdev, const std::string& real_blkdev,
- uint64_t nr_sec, bool set_progress_properties) {
+ uint64_t nr_sec) {
LOG(DEBUG) << "encrypt_inplace(" << crypto_blkdev << ", " << real_blkdev << ", " << nr_sec
- << ", " << (set_progress_properties ? "true" : "false") << ")";
+ << ")";
InPlaceEncrypter encrypter;
- return encrypter.EncryptInPlace(crypto_blkdev, real_blkdev, nr_sec, set_progress_properties);
+ return encrypter.EncryptInPlace(crypto_blkdev, real_blkdev, nr_sec);
}
diff --git a/EncryptInplace.h b/EncryptInplace.h
index 480a47c..ef6f848 100644
--- a/EncryptInplace.h
+++ b/EncryptInplace.h
@@ -21,6 +21,6 @@
#include <string>
bool encrypt_inplace(const std::string& crypto_blkdev, const std::string& real_blkdev,
- uint64_t nr_sec, bool set_progress_properties);
+ uint64_t nr_sec);
#endif
diff --git a/FsCrypt.cpp b/FsCrypt.cpp
index be68222..42df78b 100644
--- a/FsCrypt.cpp
+++ b/FsCrypt.cpp
@@ -470,6 +470,8 @@
return true;
}
+bool fscrypt_init_user0_done;
+
bool fscrypt_init_user0() {
LOG(DEBUG) << "fscrypt_init_user0";
if (fscrypt_is_native()) {
@@ -504,6 +506,7 @@
if (!try_reload_ce_keys()) return false;
}
+ fscrypt_init_user0_done = true;
return true;
}
@@ -764,7 +767,7 @@
// unlock directories when not in emulation mode, to bring devices
// back into a known-good state.
if (!emulated_unlock(android::vold::BuildDataSystemCePath(user_id), 0771) ||
- !emulated_unlock(android::vold::BuildDataMiscCePath(user_id), 01771) ||
+ !emulated_unlock(android::vold::BuildDataMiscCePath("", user_id), 01771) ||
!emulated_unlock(android::vold::BuildDataMediaCePath("", user_id), 0770) ||
!emulated_unlock(android::vold::BuildDataUserCePath("", user_id), 0771)) {
LOG(ERROR) << "Failed to unlock user " << user_id;
@@ -782,7 +785,7 @@
} else if (fscrypt_is_emulated()) {
// When in emulation mode, we just use chmod
if (!emulated_lock(android::vold::BuildDataSystemCePath(user_id)) ||
- !emulated_lock(android::vold::BuildDataMiscCePath(user_id)) ||
+ !emulated_lock(android::vold::BuildDataMiscCePath("", user_id)) ||
!emulated_lock(android::vold::BuildDataMediaCePath("", user_id)) ||
!emulated_lock(android::vold::BuildDataUserCePath("", user_id))) {
LOG(ERROR) << "Failed to lock user " << user_id;
@@ -817,7 +820,7 @@
// DE_n key
auto system_de_path = android::vold::BuildDataSystemDePath(user_id);
- auto misc_de_path = android::vold::BuildDataMiscDePath(user_id);
+ auto misc_de_path = android::vold::BuildDataMiscDePath(volume_uuid, user_id);
auto vendor_de_path = android::vold::BuildDataVendorDePath(user_id);
auto user_de_path = android::vold::BuildDataUserDePath(volume_uuid, user_id);
@@ -831,9 +834,10 @@
if (!prepare_dir(profiles_de_path, 0771, AID_SYSTEM, AID_SYSTEM)) return false;
if (!prepare_dir(system_de_path, 0770, AID_SYSTEM, AID_SYSTEM)) return false;
- if (!prepare_dir(misc_de_path, 01771, AID_SYSTEM, AID_MISC)) return false;
if (!prepare_dir(vendor_de_path, 0771, AID_ROOT, AID_ROOT)) return false;
}
+
+ if (!prepare_dir(misc_de_path, 01771, AID_SYSTEM, AID_MISC)) return false;
if (!prepare_dir(user_de_path, 0771, AID_SYSTEM, AID_SYSTEM)) return false;
if (fscrypt_is_native()) {
@@ -841,11 +845,14 @@
if (volume_uuid.empty()) {
if (!lookup_policy(s_de_policies, user_id, &de_policy)) return false;
if (!EnsurePolicy(de_policy, system_de_path)) return false;
- if (!EnsurePolicy(de_policy, misc_de_path)) return false;
if (!EnsurePolicy(de_policy, vendor_de_path)) return false;
} else {
- if (!read_or_create_volkey(misc_de_path, volume_uuid, &de_policy)) return false;
+ auto misc_de_empty_volume_path = android::vold::BuildDataMiscDePath("", user_id);
+ if (!read_or_create_volkey(misc_de_empty_volume_path, volume_uuid, &de_policy)) {
+ return false;
+ }
}
+ if (!EnsurePolicy(de_policy, misc_de_path)) return false;
if (!EnsurePolicy(de_policy, user_de_path)) return false;
}
}
@@ -853,14 +860,13 @@
if (flags & android::os::IVold::STORAGE_FLAG_CE) {
// CE_n key
auto system_ce_path = android::vold::BuildDataSystemCePath(user_id);
- auto misc_ce_path = android::vold::BuildDataMiscCePath(user_id);
+ auto misc_ce_path = android::vold::BuildDataMiscCePath(volume_uuid, user_id);
auto vendor_ce_path = android::vold::BuildDataVendorCePath(user_id);
auto media_ce_path = android::vold::BuildDataMediaCePath(volume_uuid, user_id);
auto user_ce_path = android::vold::BuildDataUserCePath(volume_uuid, user_id);
if (volume_uuid.empty()) {
if (!prepare_dir(system_ce_path, 0770, AID_SYSTEM, AID_SYSTEM)) return false;
- if (!prepare_dir(misc_ce_path, 01771, AID_SYSTEM, AID_MISC)) return false;
if (!prepare_dir(vendor_ce_path, 0771, AID_ROOT, AID_ROOT)) return false;
}
if (!prepare_dir(media_ce_path, 02770, AID_MEDIA_RW, AID_MEDIA_RW)) return false;
@@ -873,6 +879,7 @@
return false;
}
+ if (!prepare_dir(misc_ce_path, 01771, AID_SYSTEM, AID_MISC)) return false;
if (!prepare_dir(user_ce_path, 0771, AID_SYSTEM, AID_SYSTEM)) return false;
if (fscrypt_is_native()) {
@@ -880,12 +887,15 @@
if (volume_uuid.empty()) {
if (!lookup_policy(s_ce_policies, user_id, &ce_policy)) return false;
if (!EnsurePolicy(ce_policy, system_ce_path)) return false;
- if (!EnsurePolicy(ce_policy, misc_ce_path)) return false;
if (!EnsurePolicy(ce_policy, vendor_ce_path)) return false;
} else {
- if (!read_or_create_volkey(misc_ce_path, volume_uuid, &ce_policy)) return false;
+ auto misc_ce_empty_volume_path = android::vold::BuildDataMiscCePath("", user_id);
+ if (!read_or_create_volkey(misc_ce_empty_volume_path, volume_uuid, &ce_policy)) {
+ return false;
+ }
}
if (!EnsurePolicy(ce_policy, media_ce_path)) return false;
+ if (!EnsurePolicy(ce_policy, misc_ce_path)) return false;
if (!EnsurePolicy(ce_policy, user_ce_path)) return false;
}
@@ -913,20 +923,21 @@
if (flags & android::os::IVold::STORAGE_FLAG_CE) {
// CE_n key
auto system_ce_path = android::vold::BuildDataSystemCePath(user_id);
- auto misc_ce_path = android::vold::BuildDataMiscCePath(user_id);
+ auto misc_ce_path = android::vold::BuildDataMiscCePath(volume_uuid, user_id);
auto vendor_ce_path = android::vold::BuildDataVendorCePath(user_id);
auto media_ce_path = android::vold::BuildDataMediaCePath(volume_uuid, user_id);
auto user_ce_path = android::vold::BuildDataUserCePath(volume_uuid, user_id);
res &= destroy_dir(media_ce_path);
+ res &= destroy_dir(misc_ce_path);
res &= destroy_dir(user_ce_path);
if (volume_uuid.empty()) {
res &= destroy_dir(system_ce_path);
- res &= destroy_dir(misc_ce_path);
res &= destroy_dir(vendor_ce_path);
} else {
if (fscrypt_is_native()) {
- res &= destroy_volkey(misc_ce_path, volume_uuid);
+ auto misc_ce_empty_volume_path = android::vold::BuildDataMiscCePath("", user_id);
+ res &= destroy_volkey(misc_ce_empty_volume_path, volume_uuid);
}
}
}
@@ -939,11 +950,12 @@
// DE_n key
auto system_de_path = android::vold::BuildDataSystemDePath(user_id);
- auto misc_de_path = android::vold::BuildDataMiscDePath(user_id);
+ auto misc_de_path = android::vold::BuildDataMiscDePath(volume_uuid, user_id);
auto vendor_de_path = android::vold::BuildDataVendorDePath(user_id);
auto user_de_path = android::vold::BuildDataUserDePath(volume_uuid, user_id);
res &= destroy_dir(user_de_path);
+ res &= destroy_dir(misc_de_path);
if (volume_uuid.empty()) {
res &= destroy_dir(system_legacy_path);
#if MANAGE_MISC_DIRS
@@ -951,11 +963,11 @@
#endif
res &= destroy_dir(profiles_de_path);
res &= destroy_dir(system_de_path);
- res &= destroy_dir(misc_de_path);
res &= destroy_dir(vendor_de_path);
} else {
if (fscrypt_is_native()) {
- res &= destroy_volkey(misc_de_path, volume_uuid);
+ auto misc_de_empty_volume_path = android::vold::BuildDataMiscDePath("", user_id);
+ res &= destroy_volkey(misc_de_empty_volume_path, volume_uuid);
}
}
}
diff --git a/FsCrypt.h b/FsCrypt.h
index 2946be5..e5af487 100644
--- a/FsCrypt.h
+++ b/FsCrypt.h
@@ -22,6 +22,7 @@
bool fscrypt_initialize_systemwide_keys();
bool fscrypt_init_user0();
+extern bool fscrypt_init_user0_done;
bool fscrypt_vold_create_user_key(userid_t user_id, int serial, bool ephemeral);
bool fscrypt_destroy_user_key(userid_t user_id);
bool fscrypt_add_user_key_auth(userid_t user_id, int serial, const std::string& secret);
diff --git a/IdleMaint.cpp b/IdleMaint.cpp
index 769d7a5..2bfe3d9 100644
--- a/IdleMaint.cpp
+++ b/IdleMaint.cpp
@@ -87,9 +87,9 @@
static const int DEVGC_TIMEOUT_SEC = 120;
static const int KBYTES_IN_SEGMENT = 2048;
static const int MIN_GC_URGENT_SLEEP_TIME = 500;
-static const int ONE_HOUR_IN_MS = 3600000;
+static const int ONE_MINUTE_IN_MS = 60000;
static const int GC_NORMAL_MODE = 0;
-static const int GC_URGENT_HIGH_MODE = 1;
+static const int GC_URGENT_MID_MODE = 3;
static int32_t previousSegmentWrite = 0;
@@ -531,9 +531,10 @@
}
void SetGCUrgentPace(int32_t neededSegments, int32_t minSegmentThreshold, float dirtyReclaimRate,
- float reclaimWeight) {
+ float reclaimWeight, int32_t gcPeriod) {
std::list<std::string> paths;
bool needGC = true;
+ int32_t sleepTime;
addFromFstab(&paths, PathTypes::kBlkDevice, true);
if (paths.empty()) {
@@ -546,7 +547,9 @@
std::string dirtySegmentsPath = f2fsSysfsPath + "/dirty_segments";
std::string gcSleepTimePath = f2fsSysfsPath + "/gc_urgent_sleep_time";
std::string gcUrgentModePath = f2fsSysfsPath + "/gc_urgent";
- std::string freeSegmentsStr, dirtySegmentsStr;
+ std::string ovpSegmentsPath = f2fsSysfsPath + "/ovp_segments";
+ std::string reservedBlocksPath = f2fsSysfsPath + "/reserved_blocks";
+ std::string freeSegmentsStr, dirtySegmentsStr, ovpSegmentsStr, reservedBlocksStr;
if (!ReadFileToString(freeSegmentsPath, &freeSegmentsStr)) {
PLOG(WARNING) << "Reading failed in " << freeSegmentsPath;
@@ -558,9 +561,21 @@
return;
}
+ if (!ReadFileToString(ovpSegmentsPath, &ovpSegmentsStr)) {
+ PLOG(WARNING) << "Reading failed in " << ovpSegmentsPath;
+ return;
+ }
+
+ if (!ReadFileToString(reservedBlocksPath, &reservedBlocksStr)) {
+ PLOG(WARNING) << "Reading failed in " << reservedBlocksPath;
+ return;
+ }
+
int32_t freeSegments = std::stoi(freeSegmentsStr);
int32_t dirtySegments = std::stoi(dirtySegmentsStr);
+ int32_t reservedBlocks = std::stoi(ovpSegmentsStr) + std::stoi(reservedBlocksStr);
+ freeSegments = freeSegments > reservedBlocks ? freeSegments - reservedBlocks : 0;
neededSegments *= reclaimWeight;
if (freeSegments >= neededSegments) {
LOG(INFO) << "Enough free segments: " << freeSegments
@@ -570,6 +585,18 @@
LOG(INFO) << "The sum of free segments: " << freeSegments
<< ", dirty segments: " << dirtySegments << " is under " << minSegmentThreshold;
needGC = false;
+ } else {
+ neededSegments -= freeSegments;
+ neededSegments = std::min(neededSegments, (int32_t)(dirtySegments * dirtyReclaimRate));
+ if (neededSegments == 0) {
+ LOG(INFO) << "Low dirty segments: " << dirtySegments;
+ needGC = false;
+ } else {
+ sleepTime = gcPeriod * ONE_MINUTE_IN_MS / neededSegments;
+ if (sleepTime < MIN_GC_URGENT_SLEEP_TIME) {
+ sleepTime = MIN_GC_URGENT_SLEEP_TIME;
+ }
+ }
}
if (!needGC) {
@@ -579,24 +606,12 @@
return;
}
- int32_t sleepTime;
-
- neededSegments -= freeSegments;
- neededSegments = std::min(neededSegments, (int32_t)(dirtySegments * dirtyReclaimRate));
- if (neededSegments == 0) {
- sleepTime = MIN_GC_URGENT_SLEEP_TIME;
- } else {
- sleepTime = ONE_HOUR_IN_MS / neededSegments;
- if (sleepTime < MIN_GC_URGENT_SLEEP_TIME) {
- sleepTime = MIN_GC_URGENT_SLEEP_TIME;
- }
- }
if (!WriteStringToFile(std::to_string(sleepTime), gcSleepTimePath)) {
PLOG(WARNING) << "Writing failed in " << gcSleepTimePath;
return;
}
- if (!WriteStringToFile(std::to_string(GC_URGENT_HIGH_MODE), gcUrgentModePath)) {
+ if (!WriteStringToFile(std::to_string(GC_URGENT_MID_MODE), gcUrgentModePath)) {
PLOG(WARNING) << "Writing failed in " << gcUrgentModePath;
return;
}
diff --git a/IdleMaint.h b/IdleMaint.h
index ae70b63..9a2af4a 100644
--- a/IdleMaint.h
+++ b/IdleMaint.h
@@ -27,7 +27,7 @@
int AbortIdleMaint(const android::sp<android::os::IVoldTaskListener>& listener);
int32_t GetStorageLifeTime();
void SetGCUrgentPace(int32_t neededSegments, int32_t minSegmentThreshold, float dirtyReclaimRate,
- float reclaimWeight);
+ float reclaimWeight, int32_t gcPeriod);
void RefreshLatestWrite();
int32_t GetWriteAmount();
diff --git a/Keystore.cpp b/Keystore.cpp
index a017d68..d993b0d 100644
--- a/Keystore.cpp
+++ b/Keystore.cpp
@@ -166,7 +166,13 @@
*key = std::string(ephemeral_key_response.ephemeralKey.begin(),
ephemeral_key_response.ephemeralKey.end());
- // TODO b/185811713 store the upgraded key blob if provided and delete the old key blob.
+ // vold intentionally ignores ephemeral_key_response.upgradedBlob, since the
+ // concept of "upgrading" doesn't make sense for TAG_STORAGE_KEY keys
+ // (hardware-wrapped inline encryption keys). These keys are only meant as
+ // a substitute for raw keys; they still go through vold's usual layer of
+ // key wrapping, which already handles version binding. So, vold just keeps
+ // using the original blobs for TAG_STORAGE_KEY keys. If KeyMint "upgrades"
+ // them anyway, then they'll just get re-upgraded before each use.
ret = true;
out:
diff --git a/MetadataCrypt.cpp b/MetadataCrypt.cpp
index 6550be4..5c9e644 100644
--- a/MetadataCrypt.cpp
+++ b/MetadataCrypt.cpp
@@ -261,7 +261,7 @@
CryptoOptions options;
if (options_format_version == 1) {
- if (!data_rec->metadata_encryption.empty()) {
+ if (!data_rec->metadata_encryption_options.empty()) {
LOG(ERROR) << "metadata_encryption options cannot be set in legacy mode";
return false;
}
@@ -274,7 +274,7 @@
return false;
}
} else if (options_format_version == 2) {
- if (!parse_options(data_rec->metadata_encryption, &options)) return false;
+ if (!parse_options(data_rec->metadata_encryption_options, &options)) return false;
} else {
LOG(ERROR) << "Unknown options_format_version: " << options_format_version;
return false;
@@ -314,7 +314,7 @@
}
LOG(DEBUG) << "Format of " << crypto_blkdev << " for " << mount_point << " succeeded.";
} else {
- if (!encrypt_inplace(crypto_blkdev, blk_device, nr_sec, false)) {
+ if (!encrypt_inplace(crypto_blkdev, blk_device, nr_sec)) {
LOG(ERROR) << "encrypt_inplace failed in mountFstab";
return false;
}
diff --git a/TEST_MAPPING b/TEST_MAPPING
index 49b2d60..a535181 100644
--- a/TEST_MAPPING
+++ b/TEST_MAPPING
@@ -12,5 +12,19 @@
{
"name": "AdoptableHostTest"
}
+ ],
+ "hwasan-postsubmit": [
+ {
+ "name": "CtsScopedStorageCoreHostTest"
+ },
+ {
+ "name": "CtsScopedStorageHostTest"
+ },
+ {
+ "name": "CtsScopedStorageDeviceOnlyTest"
+ },
+ {
+ "name": "AdoptableHostTest"
+ }
]
}
diff --git a/Utils.cpp b/Utils.cpp
index 864cbf8..e8049ed 100644
--- a/Utils.cpp
+++ b/Utils.cpp
@@ -1120,14 +1120,6 @@
return StringPrintf("%s/misc/user/%u", BuildDataPath("").c_str(), userId);
}
-std::string BuildDataMiscCePath(userid_t userId) {
- return StringPrintf("%s/misc_ce/%u", BuildDataPath("").c_str(), userId);
-}
-
-std::string BuildDataMiscDePath(userid_t userId) {
- return StringPrintf("%s/misc_de/%u", BuildDataPath("").c_str(), userId);
-}
-
// Keep in sync with installd (frameworks/native/cmds/installd/utils.h)
std::string BuildDataProfilesDePath(userid_t userId) {
return StringPrintf("%s/misc/profiles/cur/%u", BuildDataPath("").c_str(), userId);
@@ -1157,6 +1149,14 @@
return StringPrintf("%s/media/%u", data.c_str(), userId);
}
+std::string BuildDataMiscCePath(const std::string& volumeUuid, userid_t userId) {
+ return StringPrintf("%s/misc_ce/%u", BuildDataPath(volumeUuid).c_str(), userId);
+}
+
+std::string BuildDataMiscDePath(const std::string& volumeUuid, userid_t userId) {
+ return StringPrintf("%s/misc_de/%u", BuildDataPath(volumeUuid).c_str(), userId);
+}
+
std::string BuildDataUserCePath(const std::string& volumeUuid, userid_t userId) {
// TODO: unify with installd path generation logic
std::string data(BuildDataPath(volumeUuid));
@@ -1266,49 +1266,6 @@
return kMajorBlockVirtioBlk && major == kMajorBlockVirtioBlk;
}
-static status_t findMountPointsWithPrefix(const std::string& prefix,
- std::list<std::string>& mountPoints) {
- // Add a trailing slash if the client didn't provide one so that we don't match /foo/barbaz
- // when the prefix is /foo/bar
- std::string prefixWithSlash(prefix);
- if (prefix.back() != '/') {
- android::base::StringAppendF(&prefixWithSlash, "/");
- }
-
- std::unique_ptr<FILE, int (*)(FILE*)> mnts(setmntent("/proc/mounts", "re"), endmntent);
- if (!mnts) {
- PLOG(ERROR) << "Unable to open /proc/mounts";
- return -errno;
- }
-
- // Some volumes can be stacked on each other, so force unmount in
- // reverse order to give us the best chance of success.
- struct mntent* mnt; // getmntent returns a thread local, so it's safe.
- while ((mnt = getmntent(mnts.get())) != nullptr) {
- auto mountPoint = std::string(mnt->mnt_dir) + "/";
- if (android::base::StartsWith(mountPoint, prefixWithSlash)) {
- mountPoints.push_front(mountPoint);
- }
- }
- return OK;
-}
-
-// Unmount all mountpoints that start with prefix. prefix itself doesn't need to be a mountpoint.
-status_t UnmountTreeWithPrefix(const std::string& prefix) {
- std::list<std::string> toUnmount;
- status_t result = findMountPointsWithPrefix(prefix, toUnmount);
- if (result < 0) {
- return result;
- }
- for (const auto& path : toUnmount) {
- if (umount2(path.c_str(), MNT_DETACH)) {
- PLOG(ERROR) << "Failed to unmount " << path;
- result = -errno;
- }
- }
- return result;
-}
-
status_t UnmountTree(const std::string& mountPoint) {
if (TEMP_FAILURE_RETRY(umount2(mountPoint.c_str(), MNT_DETACH)) < 0 && errno != EINVAL &&
errno != ENOENT) {
@@ -1808,5 +1765,15 @@
return {std::move(fd), std::move(linkPath)};
}
+bool IsFuseBpfEnabled() {
+ std::string bpf_override = android::base::GetProperty("persist.sys.fuse.bpf.override", "");
+ if (bpf_override == "true") {
+ return true;
+ } else if (bpf_override == "false") {
+ return false;
+ }
+ return base::GetBoolProperty("ro.fuse.bpf.enabled", false);
+}
+
} // namespace vold
} // namespace android
diff --git a/Utils.h b/Utils.h
index 2d54639..429669b 100644
--- a/Utils.h
+++ b/Utils.h
@@ -37,7 +37,6 @@
static const char* kVoldAppDataIsolationEnabled = "persist.sys.vold_app_data_isolation_enabled";
static const char* kExternalStorageSdcardfs = "external_storage.sdcardfs.enabled";
-static const char* kFuseBpfEnabled = "persist.sys.fuse.bpf.enable";
static constexpr std::chrono::seconds kUntrustedFsckSleepTime(45);
@@ -150,14 +149,14 @@
std::string BuildDataSystemCePath(userid_t userid);
std::string BuildDataSystemDePath(userid_t userid);
std::string BuildDataMiscLegacyPath(userid_t userid);
-std::string BuildDataMiscCePath(userid_t userid);
-std::string BuildDataMiscDePath(userid_t userid);
std::string BuildDataProfilesDePath(userid_t userid);
std::string BuildDataVendorCePath(userid_t userid);
std::string BuildDataVendorDePath(userid_t userid);
std::string BuildDataPath(const std::string& volumeUuid);
std::string BuildDataMediaCePath(const std::string& volumeUuid, userid_t userid);
+std::string BuildDataMiscCePath(const std::string& volumeUuid, userid_t userid);
+std::string BuildDataMiscDePath(const std::string& volumeUuid, userid_t userid);
std::string BuildDataUserCePath(const std::string& volumeUuid, userid_t userid);
std::string BuildDataUserDePath(const std::string& volumeUuid, userid_t userid);
@@ -175,7 +174,6 @@
// Handles dynamic major assignment for virtio-block
bool IsVirtioBlkDevice(unsigned int major);
-status_t UnmountTreeWithPrefix(const std::string& prefix);
status_t UnmountTree(const std::string& mountPoint);
bool IsDotOrDotDot(const struct dirent& ent);
@@ -207,6 +205,8 @@
status_t PrepareAndroidDirs(const std::string& volumeRoot);
+bool IsFuseBpfEnabled();
+
// Open a given directory as an FD, and return that and the corresponding procfs virtual
// symlink path that can be used in any API that accepts a path string. Path stays valid until
// the directory FD is closed.
diff --git a/VoldNativeService.cpp b/VoldNativeService.cpp
index f5fb908..8ba3aaf 100644
--- a/VoldNativeService.cpp
+++ b/VoldNativeService.cpp
@@ -494,11 +494,12 @@
binder::Status VoldNativeService::setGCUrgentPace(int32_t neededSegments,
int32_t minSegmentThreshold,
- float dirtyReclaimRate, float reclaimWeight) {
+ float dirtyReclaimRate, float reclaimWeight,
+ int32_t gcPeriod) {
ENFORCE_SYSTEM_OR_ROOT;
ACQUIRE_LOCK;
- SetGCUrgentPace(neededSegments, minSegmentThreshold, dirtyReclaimRate, reclaimWeight);
+ SetGCUrgentPace(neededSegments, minSegmentThreshold, dirtyReclaimRate, reclaimWeight, gcPeriod);
return Ok();
}
@@ -550,110 +551,6 @@
return Ok();
}
-// TODO(b/191796797) remove this once caller is removed
-binder::Status VoldNativeService::fdeCheckPassword(const std::string& password) {
- ENFORCE_SYSTEM_OR_ROOT;
- ACQUIRE_CRYPT_LOCK;
-
- SLOGE("fdeCheckPassword is no longer supported");
- return translate(-1);
-}
-
-// TODO(b/191796797) remove this once caller is removed
-binder::Status VoldNativeService::fdeRestart() {
- ENFORCE_SYSTEM_OR_ROOT;
- ACQUIRE_CRYPT_LOCK;
-
- SLOGE("fdeRestart is no longer supported");
- return Ok();
-}
-
-// TODO(b/191796797) remove this once caller is removed
-#define CRYPTO_COMPLETE_NOT_ENCRYPTED 1
-binder::Status VoldNativeService::fdeComplete(int32_t* _aidl_return) {
- ENFORCE_SYSTEM_OR_ROOT;
- ACQUIRE_CRYPT_LOCK;
-
- SLOGE("fdeComplete is no longer supported");
- *_aidl_return = CRYPTO_COMPLETE_NOT_ENCRYPTED;
- return Ok();
-}
-
-// TODO(b/191796797) remove this once caller is removed
-binder::Status VoldNativeService::fdeEnable(int32_t passwordType, const std::string& password,
- int32_t encryptionFlags) {
- ENFORCE_SYSTEM_OR_ROOT;
- ACQUIRE_CRYPT_LOCK;
-
- SLOGE("fdeEnable is no longer supported");
- return translate(-1);
-}
-
-// TODO(b/191796797) remove this once caller is removed
-binder::Status VoldNativeService::fdeChangePassword(int32_t passwordType,
- const std::string& password) {
- ENFORCE_SYSTEM_OR_ROOT;
- ACQUIRE_CRYPT_LOCK;
-
- SLOGE("fdeChangePassword is no longer supported");
- return translate(-1);
-}
-
-// TODO(b/191796797) remove this once caller is removed
-binder::Status VoldNativeService::fdeVerifyPassword(const std::string& password) {
- ENFORCE_SYSTEM_OR_ROOT;
- ACQUIRE_CRYPT_LOCK;
-
- SLOGE("fdeVerifyPassword is no longer supported");
- return translate(-1);
-}
-
-// TODO(b/191796797) remove this once caller is removed
-binder::Status VoldNativeService::fdeGetField(const std::string& key, std::string* _aidl_return) {
- ENFORCE_SYSTEM_OR_ROOT;
- ACQUIRE_CRYPT_LOCK;
-
- SLOGE("fdeGetField is no longer supported");
- return translate(-1);
-}
-
-// TODO(b/191796797) remove this once caller is removed
-binder::Status VoldNativeService::fdeSetField(const std::string& key, const std::string& value) {
- ENFORCE_SYSTEM_OR_ROOT;
- ACQUIRE_CRYPT_LOCK;
-
- SLOGE("fdeSetField is no longer supported");
- return translate(-1);
-}
-
-// TODO(b/191796797) remove this once caller is removed
-binder::Status VoldNativeService::fdeGetPasswordType(int32_t* _aidl_return) {
- ENFORCE_SYSTEM_OR_ROOT;
- ACQUIRE_CRYPT_LOCK;
-
- SLOGE("fdeGetPasswordType is no longer supported");
- *_aidl_return = -1;
- return Ok();
-}
-
-// TODO(b/191796797) remove this once caller is removed
-binder::Status VoldNativeService::fdeGetPassword(std::string* _aidl_return) {
- ENFORCE_SYSTEM_OR_ROOT;
- ACQUIRE_CRYPT_LOCK;
-
- SLOGE("fdeGetPassword is no longer supported");
- return Ok();
-}
-
-// TODO(b/191796797) remove this once caller is removed
-binder::Status VoldNativeService::fdeClearPassword() {
- ENFORCE_SYSTEM_OR_ROOT;
- ACQUIRE_CRYPT_LOCK;
-
- SLOGE("fdeClearPassword is no longer supported");
- return Ok();
-}
-
binder::Status VoldNativeService::fbeEnable() {
ENFORCE_SYSTEM_OR_ROOT;
ACQUIRE_CRYPT_LOCK;
@@ -661,15 +558,6 @@
return translateBool(fscrypt_initialize_systemwide_keys());
}
-// TODO(b/191796797) remove this once caller is removed
-binder::Status VoldNativeService::mountDefaultEncrypted() {
- ENFORCE_SYSTEM_OR_ROOT;
- ACQUIRE_CRYPT_LOCK;
-
- SLOGE("mountDefaultEncrypted is no longer supported");
- return Ok();
-}
-
binder::Status VoldNativeService::initUser0() {
ENFORCE_SYSTEM_OR_ROOT;
ACQUIRE_CRYPT_LOCK;
@@ -677,16 +565,6 @@
return translateBool(fscrypt_init_user0());
}
-// TODO(b/191796797) remove this once caller is removed
-binder::Status VoldNativeService::isConvertibleToFbe(bool* _aidl_return) {
- ENFORCE_SYSTEM_OR_ROOT;
- ACQUIRE_CRYPT_LOCK;
-
- SLOGE("isConvertibleToFbe is no longer supported");
- *_aidl_return = false;
- return Ok();
-}
-
binder::Status VoldNativeService::mountFstab(const std::string& blkDevice,
const std::string& mountPoint) {
ENFORCE_SYSTEM_OR_ROOT;
diff --git a/VoldNativeService.h b/VoldNativeService.h
index 88fc9e7..423e8f9 100644
--- a/VoldNativeService.h
+++ b/VoldNativeService.h
@@ -90,7 +90,7 @@
binder::Status abortIdleMaint(const android::sp<android::os::IVoldTaskListener>& listener);
binder::Status getStorageLifeTime(int32_t* _aidl_return);
binder::Status setGCUrgentPace(int32_t neededSegments, int32_t minSegmentThreshold,
- float dirtyReclaimRate, float reclaimWeight);
+ float dirtyReclaimRate, float reclaimWeight, int32_t gcPeriod);
binder::Status refreshLatestWrite();
binder::Status getWriteAmount(int32_t* _aidl_return);
@@ -100,24 +100,9 @@
binder::Status openAppFuseFile(int32_t uid, int32_t mountId, int32_t fileId, int32_t flags,
android::base::unique_fd* _aidl_return);
- binder::Status fdeCheckPassword(const std::string& password);
- binder::Status fdeRestart();
- binder::Status fdeComplete(int32_t* _aidl_return);
- binder::Status fdeEnable(int32_t passwordType, const std::string& password,
- int32_t encryptionFlags);
- binder::Status fdeChangePassword(int32_t passwordType, const std::string& password);
- binder::Status fdeVerifyPassword(const std::string& password);
- binder::Status fdeGetField(const std::string& key, std::string* _aidl_return);
- binder::Status fdeSetField(const std::string& key, const std::string& value);
- binder::Status fdeGetPasswordType(int32_t* _aidl_return);
- binder::Status fdeGetPassword(std::string* _aidl_return);
- binder::Status fdeClearPassword();
-
binder::Status fbeEnable();
- binder::Status mountDefaultEncrypted();
binder::Status initUser0();
- binder::Status isConvertibleToFbe(bool* _aidl_return);
binder::Status mountFstab(const std::string& blkDevice, const std::string& mountPoint);
binder::Status encryptFstab(const std::string& blkDevice, const std::string& mountPoint,
bool shouldFormat, const std::string& fsType);
diff --git a/VolumeManager.cpp b/VolumeManager.cpp
index bc51042..bc556ef 100644
--- a/VolumeManager.cpp
+++ b/VolumeManager.cpp
@@ -93,7 +93,6 @@
using android::vold::VoldNativeService;
using android::vold::VolumeBase;
-static const char* kPathUserMount = "/mnt/user";
static const char* kPathVirtualDisk = "/data/misc/vold/virtual_disk";
static const char* kPropVirtualDisk = "persist.sys.virtual_disk";
diff --git a/binder/android/os/IVold.aidl b/binder/android/os/IVold.aidl
index aee75f5..d77c7da 100644
--- a/binder/android/os/IVold.aidl
+++ b/binder/android/os/IVold.aidl
@@ -68,30 +68,17 @@
void abortIdleMaint(IVoldTaskListener listener);
int getStorageLifeTime();
void setGCUrgentPace(int neededSegments, int minSegmentThreshold,
- float dirtyReclaimRate, float reclaimWeight);
+ float dirtyReclaimRate, float reclaimWeight,
+ int gcPeriod);
void refreshLatestWrite();
int getWriteAmount();
FileDescriptor mountAppFuse(int uid, int mountId);
void unmountAppFuse(int uid, int mountId);
- void fdeCheckPassword(@utf8InCpp String password);
- void fdeRestart();
- int fdeComplete();
- void fdeEnable(int passwordType, @utf8InCpp String password, int encryptionFlags);
- void fdeChangePassword(int passwordType, @utf8InCpp String password);
- void fdeVerifyPassword(@utf8InCpp String password);
- @utf8InCpp String fdeGetField(@utf8InCpp String key);
- void fdeSetField(@utf8InCpp String key, @utf8InCpp String value);
- int fdeGetPasswordType();
- @utf8InCpp String fdeGetPassword();
- void fdeClearPassword();
-
void fbeEnable();
- void mountDefaultEncrypted();
void initUser0();
- boolean isConvertibleToFbe();
void mountFstab(@utf8InCpp String blkDevice, @utf8InCpp String mountPoint);
void encryptFstab(@utf8InCpp String blkDevice, @utf8InCpp String mountPoint, boolean shouldFormat, @utf8InCpp String fsType);
@@ -148,15 +135,6 @@
void destroyDsuMetadataKey(@utf8InCpp String dsuSlot);
- const int ENCRYPTION_FLAG_NO_UI = 4;
-
- const int ENCRYPTION_STATE_NONE = 1;
- const int ENCRYPTION_STATE_OK = 0;
- const int ENCRYPTION_STATE_ERROR_UNKNOWN = -1;
- const int ENCRYPTION_STATE_ERROR_INCOMPLETE = -2;
- const int ENCRYPTION_STATE_ERROR_INCONSISTENT = -3;
- const int ENCRYPTION_STATE_ERROR_CORRUPT = -4;
-
const int FSTRIM_FLAG_DEEP_TRIM = 1;
const int MOUNT_FLAG_PRIMARY = 1;
@@ -167,11 +145,6 @@
const int PARTITION_TYPE_PRIVATE = 1;
const int PARTITION_TYPE_MIXED = 2;
- const int PASSWORD_TYPE_PASSWORD = 0;
- const int PASSWORD_TYPE_DEFAULT = 1;
- const int PASSWORD_TYPE_PATTERN = 2;
- const int PASSWORD_TYPE_PIN = 3;
-
const int STORAGE_FLAG_DE = 1;
const int STORAGE_FLAG_CE = 2;
diff --git a/fs/Ext4.cpp b/fs/Ext4.cpp
index 7a5f5da..52f6772 100644
--- a/fs/Ext4.cpp
+++ b/fs/Ext4.cpp
@@ -66,8 +66,6 @@
const char* c_source = source.c_str();
const char* c_target = target.c_str();
-
- int status;
int ret;
long tmpmnt_flags = MS_NOATIME | MS_NOEXEC | MS_NOSUID;
char* tmpmnt_opts = (char*)"nomblk_io_submit,errors=remount-ro";
@@ -173,7 +171,7 @@
bool needs_casefold =
android::base::GetBoolProperty("external_storage.casefold.enabled", false);
- bool needs_projid = android::base::GetBoolProperty("external_storage.projid.enabled", false);
+ bool needs_projid = true;
if (needs_projid) {
cmd.push_back("-I");
diff --git a/fs/F2fs.cpp b/fs/F2fs.cpp
index f4a81ee..55b0823 100644
--- a/fs/F2fs.cpp
+++ b/fs/F2fs.cpp
@@ -78,31 +78,18 @@
cmd.emplace_back("-f");
cmd.emplace_back("-d1");
- if (android::base::GetBoolProperty("vold.has_quota", false)) {
- cmd.emplace_back("-O");
- cmd.emplace_back("quota");
- }
- if (fscrypt_is_native()) {
- cmd.emplace_back("-O");
- cmd.emplace_back("encrypt");
- }
+ cmd.emplace_back("-g");
+ cmd.emplace_back("android");
+
if (android::base::GetBoolProperty("vold.has_compress", false)) {
cmd.emplace_back("-O");
cmd.emplace_back("compression");
cmd.emplace_back("-O");
cmd.emplace_back("extra_attr");
}
- cmd.emplace_back("-O");
- cmd.emplace_back("verity");
const bool needs_casefold =
android::base::GetBoolProperty("external_storage.casefold.enabled", false);
- const bool needs_projid =
- android::base::GetBoolProperty("external_storage.projid.enabled", false);
- if (needs_projid) {
- cmd.emplace_back("-O");
- cmd.emplace_back("project_quota,extra_attr");
- }
if (needs_casefold) {
cmd.emplace_back("-O");
cmd.emplace_back("casefold");
diff --git a/main.cpp b/main.cpp
index 978db66..b07ee68 100644
--- a/main.cpp
+++ b/main.cpp
@@ -16,6 +16,7 @@
#define ATRACE_TAG ATRACE_TAG_PACKAGE_MANAGER
+#include "FsCrypt.h"
#include "MetadataCrypt.h"
#include "NetlinkManager.h"
#include "VoldNativeService.h"
@@ -251,7 +252,7 @@
PLOG(FATAL) << "could not find logical partition " << entry.blk_device;
}
- if (entry.mount_point == "/data" && !entry.metadata_encryption.empty()) {
+ if (entry.mount_point == "/data" && !entry.metadata_key_dir.empty()) {
// Pre-populate userdata dm-devices since the uevents are asynchronous (b/198405417).
android::vold::defaultkey_precreate_dm_device();
}
@@ -286,18 +287,24 @@
const char* tag, const char* file, unsigned int line, const char* message) {
logd_logger(log_buffer_id, severity, tag, file, line, message);
- if (severity >= android::base::ERROR) {
- static bool is_data_mounted = false;
+ if (severity >= android::base::WARNING) {
+ static bool early_boot_done = false;
- // When /data fails to mount, we don't have adb to get logcat. So until /data is
- // mounted we log errors to the kernel. This allows us to get failures via serial logs
- // and via last dmesg/"fastboot oem dmesg" on devices that support it.
+ // If metadata encryption setup (fscrypt_mount_metadata_encrypted) or
+ // basic FBE setup (fscrypt_init_user0) fails, then the boot will fail
+ // before adb can be started, so logcat won't be available. To allow
+ // debugging these early boot failures, log early errors and warnings to
+ // the kernel log. This allows diagnosing failures via the serial log,
+ // or via last dmesg/"fastboot oem dmesg" on devices that support it.
//
- // As a very quick-and-dirty test for /data, we check whether /data/misc/vold exists.
- if (is_data_mounted || access("/data/misc/vold", F_OK) == 0) {
- is_data_mounted = true;
- return;
+ // As a very quick-and-dirty test for whether /data has been mounted,
+ // check whether /data/misc/vold exists.
+ if (!early_boot_done) {
+ if (access("/data/misc/vold", F_OK) == 0 && fscrypt_init_user0_done) {
+ early_boot_done = true;
+ return;
+ }
+ android::base::KernelLogger(log_buffer_id, severity, tag, file, line, message);
}
- android::base::KernelLogger(log_buffer_id, severity, tag, file, line, message);
}
}
diff --git a/model/EmulatedVolume.cpp b/model/EmulatedVolume.cpp
index 7c8a4e0..270d097 100644
--- a/model/EmulatedVolume.cpp
+++ b/model/EmulatedVolume.cpp
@@ -49,7 +49,7 @@
mRawPath = rawPath;
mLabel = "emulated";
mFuseMounted = false;
- mFuseBpfEnabled = base::GetBoolProperty(kFuseBpfEnabled, false);
+ mFuseBpfEnabled = IsFuseBpfEnabled();
mUseSdcardFs = IsSdcardfsUsed();
mAppDataIsolationEnabled = base::GetBoolProperty(kVoldAppDataIsolationEnabled, false);
}
@@ -61,7 +61,7 @@
mRawPath = rawPath;
mLabel = fsUuid;
mFuseMounted = false;
- mFuseBpfEnabled = base::GetBoolProperty(kFuseBpfEnabled, false);
+ mFuseBpfEnabled = IsFuseBpfEnabled();
mUseSdcardFs = IsSdcardfsUsed();
mAppDataIsolationEnabled = base::GetBoolProperty(kVoldAppDataIsolationEnabled, false);
}
diff --git a/model/PrivateVolume.cpp b/model/PrivateVolume.cpp
index 1875b7b..a692ea9 100644
--- a/model/PrivateVolume.cpp
+++ b/model/PrivateVolume.cpp
@@ -173,6 +173,8 @@
if (PrepareDir(mPath + "/app", 0771, AID_SYSTEM, AID_SYSTEM) ||
PrepareDir(mPath + "/user", 0711, AID_SYSTEM, AID_SYSTEM) ||
PrepareDir(mPath + "/user_de", 0711, AID_SYSTEM, AID_SYSTEM) ||
+ PrepareDir(mPath + "/misc_ce", 0711, AID_SYSTEM, AID_SYSTEM) ||
+ PrepareDir(mPath + "/misc_de", 0711, AID_SYSTEM, AID_SYSTEM) ||
PrepareDir(mPath + "/media", 0770, AID_MEDIA_RW, AID_MEDIA_RW, attrs) ||
PrepareDir(mPath + "/media/0", 0770, AID_MEDIA_RW, AID_MEDIA_RW) ||
PrepareDir(mPath + "/local", 0751, AID_ROOT, AID_ROOT) ||
diff --git a/vdc.cpp b/vdc.cpp
index 313ef55..740e246 100644
--- a/vdc.cpp
+++ b/vdc.cpp
@@ -116,12 +116,6 @@
checkStatus(args, vold->fbeEnable());
} else if (args[0] == "cryptfs" && args[1] == "init_user0") {
checkStatus(args, vold->initUser0());
- } else if (args[0] == "cryptfs" && args[1] == "enablecrypto") {
- int passwordType = android::os::IVold::PASSWORD_TYPE_DEFAULT;
- int encryptionFlags = android::os::IVold::ENCRYPTION_FLAG_NO_UI;
- checkStatus(args, vold->fdeEnable(passwordType, "", encryptionFlags));
- } else if (args[0] == "cryptfs" && args[1] == "mountdefaultencrypted") {
- checkStatus(args, vold->mountDefaultEncrypted());
} else if (args[0] == "volume" && args[1] == "abort_fuse") {
checkStatus(args, vold->abortFuse());
} else if (args[0] == "volume" && args[1] == "shutdown") {
diff --git a/vold_prepare_subdirs.cpp b/vold_prepare_subdirs.cpp
index 692c500..94d7f15 100644
--- a/vold_prepare_subdirs.cpp
+++ b/vold_prepare_subdirs.cpp
@@ -172,7 +172,7 @@
return false;
}
- auto misc_de_path = android::vold::BuildDataMiscDePath(user_id);
+ auto misc_de_path = android::vold::BuildDataMiscDePath(volume_uuid, user_id);
if (!prepare_dir_for_user(sehandle, 0771, AID_SYSTEM, AID_SYSTEM,
misc_de_path + "/sdksandbox", user_id)) {
return false;
@@ -208,7 +208,7 @@
return false;
}
- auto misc_ce_path = android::vold::BuildDataMiscCePath(user_id);
+ auto misc_ce_path = android::vold::BuildDataMiscCePath(volume_uuid, user_id);
if (!prepare_dir_for_user(sehandle, 0771, AID_SYSTEM, AID_SYSTEM,
misc_ce_path + "/sdksandbox", user_id)) {
return false;
@@ -256,18 +256,20 @@
static bool destroy_subdirs(const std::string& volume_uuid, int user_id, int flags) {
bool res = true;
- if (volume_uuid.empty()) {
- if (flags & android::os::IVold::STORAGE_FLAG_CE) {
- auto misc_ce_path = android::vold::BuildDataMiscCePath(user_id);
- res &= rmrf_contents(misc_ce_path);
+ if (flags & android::os::IVold::STORAGE_FLAG_CE) {
+ auto misc_ce_path = android::vold::BuildDataMiscCePath(volume_uuid, user_id);
+ res &= rmrf_contents(misc_ce_path);
+ if (volume_uuid.empty()) {
auto vendor_ce_path = android::vold::BuildDataVendorCePath(user_id);
res &= rmrf_contents(vendor_ce_path);
}
- if (flags & android::os::IVold::STORAGE_FLAG_DE) {
- auto misc_de_path = android::vold::BuildDataMiscDePath(user_id);
- res &= rmrf_contents(misc_de_path);
+ }
+ if (flags & android::os::IVold::STORAGE_FLAG_DE) {
+ auto misc_de_path = android::vold::BuildDataMiscDePath(volume_uuid, user_id);
+ res &= rmrf_contents(misc_de_path);
+ if (volume_uuid.empty()) {
auto vendor_de_path = android::vold::BuildDataVendorDePath(user_id);
res &= rmrf_contents(vendor_de_path);
}