vold: add gc period in setGCUrgentPace am: 7c788fc3e9
Original change: https://android-review.googlesource.com/c/platform/system/vold/+/2032446
Change-Id: I691c355f6eb91f83af0b4bbdade10bd67ceb62a3
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
diff --git a/FsCrypt.cpp b/FsCrypt.cpp
index be68222..42df78b 100644
--- a/FsCrypt.cpp
+++ b/FsCrypt.cpp
@@ -470,6 +470,8 @@
return true;
}
+bool fscrypt_init_user0_done;
+
bool fscrypt_init_user0() {
LOG(DEBUG) << "fscrypt_init_user0";
if (fscrypt_is_native()) {
@@ -504,6 +506,7 @@
if (!try_reload_ce_keys()) return false;
}
+ fscrypt_init_user0_done = true;
return true;
}
@@ -764,7 +767,7 @@
// unlock directories when not in emulation mode, to bring devices
// back into a known-good state.
if (!emulated_unlock(android::vold::BuildDataSystemCePath(user_id), 0771) ||
- !emulated_unlock(android::vold::BuildDataMiscCePath(user_id), 01771) ||
+ !emulated_unlock(android::vold::BuildDataMiscCePath("", user_id), 01771) ||
!emulated_unlock(android::vold::BuildDataMediaCePath("", user_id), 0770) ||
!emulated_unlock(android::vold::BuildDataUserCePath("", user_id), 0771)) {
LOG(ERROR) << "Failed to unlock user " << user_id;
@@ -782,7 +785,7 @@
} else if (fscrypt_is_emulated()) {
// When in emulation mode, we just use chmod
if (!emulated_lock(android::vold::BuildDataSystemCePath(user_id)) ||
- !emulated_lock(android::vold::BuildDataMiscCePath(user_id)) ||
+ !emulated_lock(android::vold::BuildDataMiscCePath("", user_id)) ||
!emulated_lock(android::vold::BuildDataMediaCePath("", user_id)) ||
!emulated_lock(android::vold::BuildDataUserCePath("", user_id))) {
LOG(ERROR) << "Failed to lock user " << user_id;
@@ -817,7 +820,7 @@
// DE_n key
auto system_de_path = android::vold::BuildDataSystemDePath(user_id);
- auto misc_de_path = android::vold::BuildDataMiscDePath(user_id);
+ auto misc_de_path = android::vold::BuildDataMiscDePath(volume_uuid, user_id);
auto vendor_de_path = android::vold::BuildDataVendorDePath(user_id);
auto user_de_path = android::vold::BuildDataUserDePath(volume_uuid, user_id);
@@ -831,9 +834,10 @@
if (!prepare_dir(profiles_de_path, 0771, AID_SYSTEM, AID_SYSTEM)) return false;
if (!prepare_dir(system_de_path, 0770, AID_SYSTEM, AID_SYSTEM)) return false;
- if (!prepare_dir(misc_de_path, 01771, AID_SYSTEM, AID_MISC)) return false;
if (!prepare_dir(vendor_de_path, 0771, AID_ROOT, AID_ROOT)) return false;
}
+
+ if (!prepare_dir(misc_de_path, 01771, AID_SYSTEM, AID_MISC)) return false;
if (!prepare_dir(user_de_path, 0771, AID_SYSTEM, AID_SYSTEM)) return false;
if (fscrypt_is_native()) {
@@ -841,11 +845,14 @@
if (volume_uuid.empty()) {
if (!lookup_policy(s_de_policies, user_id, &de_policy)) return false;
if (!EnsurePolicy(de_policy, system_de_path)) return false;
- if (!EnsurePolicy(de_policy, misc_de_path)) return false;
if (!EnsurePolicy(de_policy, vendor_de_path)) return false;
} else {
- if (!read_or_create_volkey(misc_de_path, volume_uuid, &de_policy)) return false;
+ auto misc_de_empty_volume_path = android::vold::BuildDataMiscDePath("", user_id);
+ if (!read_or_create_volkey(misc_de_empty_volume_path, volume_uuid, &de_policy)) {
+ return false;
+ }
}
+ if (!EnsurePolicy(de_policy, misc_de_path)) return false;
if (!EnsurePolicy(de_policy, user_de_path)) return false;
}
}
@@ -853,14 +860,13 @@
if (flags & android::os::IVold::STORAGE_FLAG_CE) {
// CE_n key
auto system_ce_path = android::vold::BuildDataSystemCePath(user_id);
- auto misc_ce_path = android::vold::BuildDataMiscCePath(user_id);
+ auto misc_ce_path = android::vold::BuildDataMiscCePath(volume_uuid, user_id);
auto vendor_ce_path = android::vold::BuildDataVendorCePath(user_id);
auto media_ce_path = android::vold::BuildDataMediaCePath(volume_uuid, user_id);
auto user_ce_path = android::vold::BuildDataUserCePath(volume_uuid, user_id);
if (volume_uuid.empty()) {
if (!prepare_dir(system_ce_path, 0770, AID_SYSTEM, AID_SYSTEM)) return false;
- if (!prepare_dir(misc_ce_path, 01771, AID_SYSTEM, AID_MISC)) return false;
if (!prepare_dir(vendor_ce_path, 0771, AID_ROOT, AID_ROOT)) return false;
}
if (!prepare_dir(media_ce_path, 02770, AID_MEDIA_RW, AID_MEDIA_RW)) return false;
@@ -873,6 +879,7 @@
return false;
}
+ if (!prepare_dir(misc_ce_path, 01771, AID_SYSTEM, AID_MISC)) return false;
if (!prepare_dir(user_ce_path, 0771, AID_SYSTEM, AID_SYSTEM)) return false;
if (fscrypt_is_native()) {
@@ -880,12 +887,15 @@
if (volume_uuid.empty()) {
if (!lookup_policy(s_ce_policies, user_id, &ce_policy)) return false;
if (!EnsurePolicy(ce_policy, system_ce_path)) return false;
- if (!EnsurePolicy(ce_policy, misc_ce_path)) return false;
if (!EnsurePolicy(ce_policy, vendor_ce_path)) return false;
} else {
- if (!read_or_create_volkey(misc_ce_path, volume_uuid, &ce_policy)) return false;
+ auto misc_ce_empty_volume_path = android::vold::BuildDataMiscCePath("", user_id);
+ if (!read_or_create_volkey(misc_ce_empty_volume_path, volume_uuid, &ce_policy)) {
+ return false;
+ }
}
if (!EnsurePolicy(ce_policy, media_ce_path)) return false;
+ if (!EnsurePolicy(ce_policy, misc_ce_path)) return false;
if (!EnsurePolicy(ce_policy, user_ce_path)) return false;
}
@@ -913,20 +923,21 @@
if (flags & android::os::IVold::STORAGE_FLAG_CE) {
// CE_n key
auto system_ce_path = android::vold::BuildDataSystemCePath(user_id);
- auto misc_ce_path = android::vold::BuildDataMiscCePath(user_id);
+ auto misc_ce_path = android::vold::BuildDataMiscCePath(volume_uuid, user_id);
auto vendor_ce_path = android::vold::BuildDataVendorCePath(user_id);
auto media_ce_path = android::vold::BuildDataMediaCePath(volume_uuid, user_id);
auto user_ce_path = android::vold::BuildDataUserCePath(volume_uuid, user_id);
res &= destroy_dir(media_ce_path);
+ res &= destroy_dir(misc_ce_path);
res &= destroy_dir(user_ce_path);
if (volume_uuid.empty()) {
res &= destroy_dir(system_ce_path);
- res &= destroy_dir(misc_ce_path);
res &= destroy_dir(vendor_ce_path);
} else {
if (fscrypt_is_native()) {
- res &= destroy_volkey(misc_ce_path, volume_uuid);
+ auto misc_ce_empty_volume_path = android::vold::BuildDataMiscCePath("", user_id);
+ res &= destroy_volkey(misc_ce_empty_volume_path, volume_uuid);
}
}
}
@@ -939,11 +950,12 @@
// DE_n key
auto system_de_path = android::vold::BuildDataSystemDePath(user_id);
- auto misc_de_path = android::vold::BuildDataMiscDePath(user_id);
+ auto misc_de_path = android::vold::BuildDataMiscDePath(volume_uuid, user_id);
auto vendor_de_path = android::vold::BuildDataVendorDePath(user_id);
auto user_de_path = android::vold::BuildDataUserDePath(volume_uuid, user_id);
res &= destroy_dir(user_de_path);
+ res &= destroy_dir(misc_de_path);
if (volume_uuid.empty()) {
res &= destroy_dir(system_legacy_path);
#if MANAGE_MISC_DIRS
@@ -951,11 +963,11 @@
#endif
res &= destroy_dir(profiles_de_path);
res &= destroy_dir(system_de_path);
- res &= destroy_dir(misc_de_path);
res &= destroy_dir(vendor_de_path);
} else {
if (fscrypt_is_native()) {
- res &= destroy_volkey(misc_de_path, volume_uuid);
+ auto misc_de_empty_volume_path = android::vold::BuildDataMiscDePath("", user_id);
+ res &= destroy_volkey(misc_de_empty_volume_path, volume_uuid);
}
}
}
diff --git a/FsCrypt.h b/FsCrypt.h
index 2946be5..e5af487 100644
--- a/FsCrypt.h
+++ b/FsCrypt.h
@@ -22,6 +22,7 @@
bool fscrypt_initialize_systemwide_keys();
bool fscrypt_init_user0();
+extern bool fscrypt_init_user0_done;
bool fscrypt_vold_create_user_key(userid_t user_id, int serial, bool ephemeral);
bool fscrypt_destroy_user_key(userid_t user_id);
bool fscrypt_add_user_key_auth(userid_t user_id, int serial, const std::string& secret);
diff --git a/Keystore.cpp b/Keystore.cpp
index a017d68..d993b0d 100644
--- a/Keystore.cpp
+++ b/Keystore.cpp
@@ -166,7 +166,13 @@
*key = std::string(ephemeral_key_response.ephemeralKey.begin(),
ephemeral_key_response.ephemeralKey.end());
- // TODO b/185811713 store the upgraded key blob if provided and delete the old key blob.
+ // vold intentionally ignores ephemeral_key_response.upgradedBlob, since the
+ // concept of "upgrading" doesn't make sense for TAG_STORAGE_KEY keys
+ // (hardware-wrapped inline encryption keys). These keys are only meant as
+ // a substitute for raw keys; they still go through vold's usual layer of
+ // key wrapping, which already handles version binding. So, vold just keeps
+ // using the original blobs for TAG_STORAGE_KEY keys. If KeyMint "upgrades"
+ // them anyway, then they'll just get re-upgraded before each use.
ret = true;
out:
diff --git a/MetadataCrypt.cpp b/MetadataCrypt.cpp
index bd3c0ef..5c9e644 100644
--- a/MetadataCrypt.cpp
+++ b/MetadataCrypt.cpp
@@ -261,7 +261,7 @@
CryptoOptions options;
if (options_format_version == 1) {
- if (!data_rec->metadata_encryption.empty()) {
+ if (!data_rec->metadata_encryption_options.empty()) {
LOG(ERROR) << "metadata_encryption options cannot be set in legacy mode";
return false;
}
@@ -274,7 +274,7 @@
return false;
}
} else if (options_format_version == 2) {
- if (!parse_options(data_rec->metadata_encryption, &options)) return false;
+ if (!parse_options(data_rec->metadata_encryption_options, &options)) return false;
} else {
LOG(ERROR) << "Unknown options_format_version: " << options_format_version;
return false;
diff --git a/TEST_MAPPING b/TEST_MAPPING
index 49b2d60..a535181 100644
--- a/TEST_MAPPING
+++ b/TEST_MAPPING
@@ -12,5 +12,19 @@
{
"name": "AdoptableHostTest"
}
+ ],
+ "hwasan-postsubmit": [
+ {
+ "name": "CtsScopedStorageCoreHostTest"
+ },
+ {
+ "name": "CtsScopedStorageHostTest"
+ },
+ {
+ "name": "CtsScopedStorageDeviceOnlyTest"
+ },
+ {
+ "name": "AdoptableHostTest"
+ }
]
}
diff --git a/Utils.cpp b/Utils.cpp
index 66e642f..ba6afd8 100644
--- a/Utils.cpp
+++ b/Utils.cpp
@@ -1120,14 +1120,6 @@
return StringPrintf("%s/misc/user/%u", BuildDataPath("").c_str(), userId);
}
-std::string BuildDataMiscCePath(userid_t userId) {
- return StringPrintf("%s/misc_ce/%u", BuildDataPath("").c_str(), userId);
-}
-
-std::string BuildDataMiscDePath(userid_t userId) {
- return StringPrintf("%s/misc_de/%u", BuildDataPath("").c_str(), userId);
-}
-
// Keep in sync with installd (frameworks/native/cmds/installd/utils.h)
std::string BuildDataProfilesDePath(userid_t userId) {
return StringPrintf("%s/misc/profiles/cur/%u", BuildDataPath("").c_str(), userId);
@@ -1157,6 +1149,14 @@
return StringPrintf("%s/media/%u", data.c_str(), userId);
}
+std::string BuildDataMiscCePath(const std::string& volumeUuid, userid_t userId) {
+ return StringPrintf("%s/misc_ce/%u", BuildDataPath(volumeUuid).c_str(), userId);
+}
+
+std::string BuildDataMiscDePath(const std::string& volumeUuid, userid_t userId) {
+ return StringPrintf("%s/misc_de/%u", BuildDataPath(volumeUuid).c_str(), userId);
+}
+
std::string BuildDataUserCePath(const std::string& volumeUuid, userid_t userId) {
// TODO: unify with installd path generation logic
std::string data(BuildDataPath(volumeUuid));
diff --git a/Utils.h b/Utils.h
index 7733152..71eb5eb 100644
--- a/Utils.h
+++ b/Utils.h
@@ -150,14 +150,14 @@
std::string BuildDataSystemCePath(userid_t userid);
std::string BuildDataSystemDePath(userid_t userid);
std::string BuildDataMiscLegacyPath(userid_t userid);
-std::string BuildDataMiscCePath(userid_t userid);
-std::string BuildDataMiscDePath(userid_t userid);
std::string BuildDataProfilesDePath(userid_t userid);
std::string BuildDataVendorCePath(userid_t userid);
std::string BuildDataVendorDePath(userid_t userid);
std::string BuildDataPath(const std::string& volumeUuid);
std::string BuildDataMediaCePath(const std::string& volumeUuid, userid_t userid);
+std::string BuildDataMiscCePath(const std::string& volumeUuid, userid_t userid);
+std::string BuildDataMiscDePath(const std::string& volumeUuid, userid_t userid);
std::string BuildDataUserCePath(const std::string& volumeUuid, userid_t userid);
std::string BuildDataUserDePath(const std::string& volumeUuid, userid_t userid);
diff --git a/VoldNativeService.cpp b/VoldNativeService.cpp
index 71eaddc..8ba3aaf 100644
--- a/VoldNativeService.cpp
+++ b/VoldNativeService.cpp
@@ -551,110 +551,6 @@
return Ok();
}
-// TODO(b/191796797) remove this once caller is removed
-binder::Status VoldNativeService::fdeCheckPassword(const std::string& password) {
- ENFORCE_SYSTEM_OR_ROOT;
- ACQUIRE_CRYPT_LOCK;
-
- SLOGE("fdeCheckPassword is no longer supported");
- return translate(-1);
-}
-
-// TODO(b/191796797) remove this once caller is removed
-binder::Status VoldNativeService::fdeRestart() {
- ENFORCE_SYSTEM_OR_ROOT;
- ACQUIRE_CRYPT_LOCK;
-
- SLOGE("fdeRestart is no longer supported");
- return Ok();
-}
-
-// TODO(b/191796797) remove this once caller is removed
-#define CRYPTO_COMPLETE_NOT_ENCRYPTED 1
-binder::Status VoldNativeService::fdeComplete(int32_t* _aidl_return) {
- ENFORCE_SYSTEM_OR_ROOT;
- ACQUIRE_CRYPT_LOCK;
-
- SLOGE("fdeComplete is no longer supported");
- *_aidl_return = CRYPTO_COMPLETE_NOT_ENCRYPTED;
- return Ok();
-}
-
-// TODO(b/191796797) remove this once caller is removed
-binder::Status VoldNativeService::fdeEnable(int32_t passwordType, const std::string& password,
- int32_t encryptionFlags) {
- ENFORCE_SYSTEM_OR_ROOT;
- ACQUIRE_CRYPT_LOCK;
-
- SLOGE("fdeEnable is no longer supported");
- return translate(-1);
-}
-
-// TODO(b/191796797) remove this once caller is removed
-binder::Status VoldNativeService::fdeChangePassword(int32_t passwordType,
- const std::string& password) {
- ENFORCE_SYSTEM_OR_ROOT;
- ACQUIRE_CRYPT_LOCK;
-
- SLOGE("fdeChangePassword is no longer supported");
- return translate(-1);
-}
-
-// TODO(b/191796797) remove this once caller is removed
-binder::Status VoldNativeService::fdeVerifyPassword(const std::string& password) {
- ENFORCE_SYSTEM_OR_ROOT;
- ACQUIRE_CRYPT_LOCK;
-
- SLOGE("fdeVerifyPassword is no longer supported");
- return translate(-1);
-}
-
-// TODO(b/191796797) remove this once caller is removed
-binder::Status VoldNativeService::fdeGetField(const std::string& key, std::string* _aidl_return) {
- ENFORCE_SYSTEM_OR_ROOT;
- ACQUIRE_CRYPT_LOCK;
-
- SLOGE("fdeGetField is no longer supported");
- return translate(-1);
-}
-
-// TODO(b/191796797) remove this once caller is removed
-binder::Status VoldNativeService::fdeSetField(const std::string& key, const std::string& value) {
- ENFORCE_SYSTEM_OR_ROOT;
- ACQUIRE_CRYPT_LOCK;
-
- SLOGE("fdeSetField is no longer supported");
- return translate(-1);
-}
-
-// TODO(b/191796797) remove this once caller is removed
-binder::Status VoldNativeService::fdeGetPasswordType(int32_t* _aidl_return) {
- ENFORCE_SYSTEM_OR_ROOT;
- ACQUIRE_CRYPT_LOCK;
-
- SLOGE("fdeGetPasswordType is no longer supported");
- *_aidl_return = -1;
- return Ok();
-}
-
-// TODO(b/191796797) remove this once caller is removed
-binder::Status VoldNativeService::fdeGetPassword(std::string* _aidl_return) {
- ENFORCE_SYSTEM_OR_ROOT;
- ACQUIRE_CRYPT_LOCK;
-
- SLOGE("fdeGetPassword is no longer supported");
- return Ok();
-}
-
-// TODO(b/191796797) remove this once caller is removed
-binder::Status VoldNativeService::fdeClearPassword() {
- ENFORCE_SYSTEM_OR_ROOT;
- ACQUIRE_CRYPT_LOCK;
-
- SLOGE("fdeClearPassword is no longer supported");
- return Ok();
-}
-
binder::Status VoldNativeService::fbeEnable() {
ENFORCE_SYSTEM_OR_ROOT;
ACQUIRE_CRYPT_LOCK;
@@ -662,15 +558,6 @@
return translateBool(fscrypt_initialize_systemwide_keys());
}
-// TODO(b/191796797) remove this once caller is removed
-binder::Status VoldNativeService::mountDefaultEncrypted() {
- ENFORCE_SYSTEM_OR_ROOT;
- ACQUIRE_CRYPT_LOCK;
-
- SLOGE("mountDefaultEncrypted is no longer supported");
- return Ok();
-}
-
binder::Status VoldNativeService::initUser0() {
ENFORCE_SYSTEM_OR_ROOT;
ACQUIRE_CRYPT_LOCK;
@@ -678,16 +565,6 @@
return translateBool(fscrypt_init_user0());
}
-// TODO(b/191796797) remove this once caller is removed
-binder::Status VoldNativeService::isConvertibleToFbe(bool* _aidl_return) {
- ENFORCE_SYSTEM_OR_ROOT;
- ACQUIRE_CRYPT_LOCK;
-
- SLOGE("isConvertibleToFbe is no longer supported");
- *_aidl_return = false;
- return Ok();
-}
-
binder::Status VoldNativeService::mountFstab(const std::string& blkDevice,
const std::string& mountPoint) {
ENFORCE_SYSTEM_OR_ROOT;
diff --git a/VoldNativeService.h b/VoldNativeService.h
index 1a85296..423e8f9 100644
--- a/VoldNativeService.h
+++ b/VoldNativeService.h
@@ -100,24 +100,9 @@
binder::Status openAppFuseFile(int32_t uid, int32_t mountId, int32_t fileId, int32_t flags,
android::base::unique_fd* _aidl_return);
- binder::Status fdeCheckPassword(const std::string& password);
- binder::Status fdeRestart();
- binder::Status fdeComplete(int32_t* _aidl_return);
- binder::Status fdeEnable(int32_t passwordType, const std::string& password,
- int32_t encryptionFlags);
- binder::Status fdeChangePassword(int32_t passwordType, const std::string& password);
- binder::Status fdeVerifyPassword(const std::string& password);
- binder::Status fdeGetField(const std::string& key, std::string* _aidl_return);
- binder::Status fdeSetField(const std::string& key, const std::string& value);
- binder::Status fdeGetPasswordType(int32_t* _aidl_return);
- binder::Status fdeGetPassword(std::string* _aidl_return);
- binder::Status fdeClearPassword();
-
binder::Status fbeEnable();
- binder::Status mountDefaultEncrypted();
binder::Status initUser0();
- binder::Status isConvertibleToFbe(bool* _aidl_return);
binder::Status mountFstab(const std::string& blkDevice, const std::string& mountPoint);
binder::Status encryptFstab(const std::string& blkDevice, const std::string& mountPoint,
bool shouldFormat, const std::string& fsType);
diff --git a/binder/android/os/IVold.aidl b/binder/android/os/IVold.aidl
index 9508d91..d77c7da 100644
--- a/binder/android/os/IVold.aidl
+++ b/binder/android/os/IVold.aidl
@@ -76,23 +76,9 @@
FileDescriptor mountAppFuse(int uid, int mountId);
void unmountAppFuse(int uid, int mountId);
- void fdeCheckPassword(@utf8InCpp String password);
- void fdeRestart();
- int fdeComplete();
- void fdeEnable(int passwordType, @utf8InCpp String password, int encryptionFlags);
- void fdeChangePassword(int passwordType, @utf8InCpp String password);
- void fdeVerifyPassword(@utf8InCpp String password);
- @utf8InCpp String fdeGetField(@utf8InCpp String key);
- void fdeSetField(@utf8InCpp String key, @utf8InCpp String value);
- int fdeGetPasswordType();
- @utf8InCpp String fdeGetPassword();
- void fdeClearPassword();
-
void fbeEnable();
- void mountDefaultEncrypted();
void initUser0();
- boolean isConvertibleToFbe();
void mountFstab(@utf8InCpp String blkDevice, @utf8InCpp String mountPoint);
void encryptFstab(@utf8InCpp String blkDevice, @utf8InCpp String mountPoint, boolean shouldFormat, @utf8InCpp String fsType);
@@ -149,15 +135,6 @@
void destroyDsuMetadataKey(@utf8InCpp String dsuSlot);
- const int ENCRYPTION_FLAG_NO_UI = 4;
-
- const int ENCRYPTION_STATE_NONE = 1;
- const int ENCRYPTION_STATE_OK = 0;
- const int ENCRYPTION_STATE_ERROR_UNKNOWN = -1;
- const int ENCRYPTION_STATE_ERROR_INCOMPLETE = -2;
- const int ENCRYPTION_STATE_ERROR_INCONSISTENT = -3;
- const int ENCRYPTION_STATE_ERROR_CORRUPT = -4;
-
const int FSTRIM_FLAG_DEEP_TRIM = 1;
const int MOUNT_FLAG_PRIMARY = 1;
@@ -168,11 +145,6 @@
const int PARTITION_TYPE_PRIVATE = 1;
const int PARTITION_TYPE_MIXED = 2;
- const int PASSWORD_TYPE_PASSWORD = 0;
- const int PASSWORD_TYPE_DEFAULT = 1;
- const int PASSWORD_TYPE_PATTERN = 2;
- const int PASSWORD_TYPE_PIN = 3;
-
const int STORAGE_FLAG_DE = 1;
const int STORAGE_FLAG_CE = 2;
diff --git a/fs/Ext4.cpp b/fs/Ext4.cpp
index 77cec80..52f6772 100644
--- a/fs/Ext4.cpp
+++ b/fs/Ext4.cpp
@@ -171,7 +171,7 @@
bool needs_casefold =
android::base::GetBoolProperty("external_storage.casefold.enabled", false);
- bool needs_projid = android::base::GetBoolProperty("external_storage.projid.enabled", false);
+ bool needs_projid = true;
if (needs_projid) {
cmd.push_back("-I");
diff --git a/fs/F2fs.cpp b/fs/F2fs.cpp
index f4a81ee..55b0823 100644
--- a/fs/F2fs.cpp
+++ b/fs/F2fs.cpp
@@ -78,31 +78,18 @@
cmd.emplace_back("-f");
cmd.emplace_back("-d1");
- if (android::base::GetBoolProperty("vold.has_quota", false)) {
- cmd.emplace_back("-O");
- cmd.emplace_back("quota");
- }
- if (fscrypt_is_native()) {
- cmd.emplace_back("-O");
- cmd.emplace_back("encrypt");
- }
+ cmd.emplace_back("-g");
+ cmd.emplace_back("android");
+
if (android::base::GetBoolProperty("vold.has_compress", false)) {
cmd.emplace_back("-O");
cmd.emplace_back("compression");
cmd.emplace_back("-O");
cmd.emplace_back("extra_attr");
}
- cmd.emplace_back("-O");
- cmd.emplace_back("verity");
const bool needs_casefold =
android::base::GetBoolProperty("external_storage.casefold.enabled", false);
- const bool needs_projid =
- android::base::GetBoolProperty("external_storage.projid.enabled", false);
- if (needs_projid) {
- cmd.emplace_back("-O");
- cmd.emplace_back("project_quota,extra_attr");
- }
if (needs_casefold) {
cmd.emplace_back("-O");
cmd.emplace_back("casefold");
diff --git a/main.cpp b/main.cpp
index 978db66..b07ee68 100644
--- a/main.cpp
+++ b/main.cpp
@@ -16,6 +16,7 @@
#define ATRACE_TAG ATRACE_TAG_PACKAGE_MANAGER
+#include "FsCrypt.h"
#include "MetadataCrypt.h"
#include "NetlinkManager.h"
#include "VoldNativeService.h"
@@ -251,7 +252,7 @@
PLOG(FATAL) << "could not find logical partition " << entry.blk_device;
}
- if (entry.mount_point == "/data" && !entry.metadata_encryption.empty()) {
+ if (entry.mount_point == "/data" && !entry.metadata_key_dir.empty()) {
// Pre-populate userdata dm-devices since the uevents are asynchronous (b/198405417).
android::vold::defaultkey_precreate_dm_device();
}
@@ -286,18 +287,24 @@
const char* tag, const char* file, unsigned int line, const char* message) {
logd_logger(log_buffer_id, severity, tag, file, line, message);
- if (severity >= android::base::ERROR) {
- static bool is_data_mounted = false;
+ if (severity >= android::base::WARNING) {
+ static bool early_boot_done = false;
- // When /data fails to mount, we don't have adb to get logcat. So until /data is
- // mounted we log errors to the kernel. This allows us to get failures via serial logs
- // and via last dmesg/"fastboot oem dmesg" on devices that support it.
+ // If metadata encryption setup (fscrypt_mount_metadata_encrypted) or
+ // basic FBE setup (fscrypt_init_user0) fails, then the boot will fail
+ // before adb can be started, so logcat won't be available. To allow
+ // debugging these early boot failures, log early errors and warnings to
+ // the kernel log. This allows diagnosing failures via the serial log,
+ // or via last dmesg/"fastboot oem dmesg" on devices that support it.
//
- // As a very quick-and-dirty test for /data, we check whether /data/misc/vold exists.
- if (is_data_mounted || access("/data/misc/vold", F_OK) == 0) {
- is_data_mounted = true;
- return;
+ // As a very quick-and-dirty test for whether /data has been mounted,
+ // check whether /data/misc/vold exists.
+ if (!early_boot_done) {
+ if (access("/data/misc/vold", F_OK) == 0 && fscrypt_init_user0_done) {
+ early_boot_done = true;
+ return;
+ }
+ android::base::KernelLogger(log_buffer_id, severity, tag, file, line, message);
}
- android::base::KernelLogger(log_buffer_id, severity, tag, file, line, message);
}
}
diff --git a/model/PrivateVolume.cpp b/model/PrivateVolume.cpp
index 1875b7b..a692ea9 100644
--- a/model/PrivateVolume.cpp
+++ b/model/PrivateVolume.cpp
@@ -173,6 +173,8 @@
if (PrepareDir(mPath + "/app", 0771, AID_SYSTEM, AID_SYSTEM) ||
PrepareDir(mPath + "/user", 0711, AID_SYSTEM, AID_SYSTEM) ||
PrepareDir(mPath + "/user_de", 0711, AID_SYSTEM, AID_SYSTEM) ||
+ PrepareDir(mPath + "/misc_ce", 0711, AID_SYSTEM, AID_SYSTEM) ||
+ PrepareDir(mPath + "/misc_de", 0711, AID_SYSTEM, AID_SYSTEM) ||
PrepareDir(mPath + "/media", 0770, AID_MEDIA_RW, AID_MEDIA_RW, attrs) ||
PrepareDir(mPath + "/media/0", 0770, AID_MEDIA_RW, AID_MEDIA_RW) ||
PrepareDir(mPath + "/local", 0751, AID_ROOT, AID_ROOT) ||
diff --git a/vold_prepare_subdirs.cpp b/vold_prepare_subdirs.cpp
index 692c500..94d7f15 100644
--- a/vold_prepare_subdirs.cpp
+++ b/vold_prepare_subdirs.cpp
@@ -172,7 +172,7 @@
return false;
}
- auto misc_de_path = android::vold::BuildDataMiscDePath(user_id);
+ auto misc_de_path = android::vold::BuildDataMiscDePath(volume_uuid, user_id);
if (!prepare_dir_for_user(sehandle, 0771, AID_SYSTEM, AID_SYSTEM,
misc_de_path + "/sdksandbox", user_id)) {
return false;
@@ -208,7 +208,7 @@
return false;
}
- auto misc_ce_path = android::vold::BuildDataMiscCePath(user_id);
+ auto misc_ce_path = android::vold::BuildDataMiscCePath(volume_uuid, user_id);
if (!prepare_dir_for_user(sehandle, 0771, AID_SYSTEM, AID_SYSTEM,
misc_ce_path + "/sdksandbox", user_id)) {
return false;
@@ -256,18 +256,20 @@
static bool destroy_subdirs(const std::string& volume_uuid, int user_id, int flags) {
bool res = true;
- if (volume_uuid.empty()) {
- if (flags & android::os::IVold::STORAGE_FLAG_CE) {
- auto misc_ce_path = android::vold::BuildDataMiscCePath(user_id);
- res &= rmrf_contents(misc_ce_path);
+ if (flags & android::os::IVold::STORAGE_FLAG_CE) {
+ auto misc_ce_path = android::vold::BuildDataMiscCePath(volume_uuid, user_id);
+ res &= rmrf_contents(misc_ce_path);
+ if (volume_uuid.empty()) {
auto vendor_ce_path = android::vold::BuildDataVendorCePath(user_id);
res &= rmrf_contents(vendor_ce_path);
}
- if (flags & android::os::IVold::STORAGE_FLAG_DE) {
- auto misc_de_path = android::vold::BuildDataMiscDePath(user_id);
- res &= rmrf_contents(misc_de_path);
+ }
+ if (flags & android::os::IVold::STORAGE_FLAG_DE) {
+ auto misc_de_path = android::vold::BuildDataMiscDePath(volume_uuid, user_id);
+ res &= rmrf_contents(misc_de_path);
+ if (volume_uuid.empty()) {
auto vendor_de_path = android::vold::BuildDataVendorDePath(user_id);
res &= rmrf_contents(vendor_de_path);
}