Merge "Only kill apps with storage app data isolation enabled" into sc-dev
diff --git a/Keymaster.cpp b/Keymaster.cpp
index bb26b64..1d69dde 100644
--- a/Keymaster.cpp
+++ b/Keymaster.cpp
@@ -21,6 +21,7 @@
#include <aidl/android/hardware/security/keymint/SecurityLevel.h>
#include <aidl/android/security/maintenance/IKeystoreMaintenance.h>
#include <aidl/android/system/keystore2/Domain.h>
+#include <aidl/android/system/keystore2/EphemeralStorageKeyResponse.h>
#include <aidl/android/system/keystore2/KeyDescriptor.h>
// Keep these in sync with system/security/keystore2/src/keystore2_main.rs
@@ -81,14 +82,7 @@
ks2Operation = nullptr;
return false;
}
-
- if (!output) {
- LOG(ERROR) << "Keystore2 operation update didn't return output.";
- ks2Operation = nullptr;
- return false;
- }
-
- consumer((const char*)output->data(), output->size());
+ if (output) consumer((const char*)output->data(), output->size());
}
return true;
}
@@ -164,15 +158,19 @@
.nspace = VOLD_NAMESPACE,
};
storageKey.blob = std::make_optional<std::vector<uint8_t>>(kmKey.begin(), kmKey.end());
- std::vector<uint8_t> ephemeral_key;
- auto rc = securityLevel->convertStorageKeyToEphemeral(storageKey, &ephemeral_key);
+ ks2::EphemeralStorageKeyResponse ephemeral_key_response;
+ auto rc = securityLevel->convertStorageKeyToEphemeral(storageKey, &ephemeral_key_response);
if (logKeystore2ExceptionIfPresent(rc, "exportKey")) goto out;
- if (key) *key = std::string(ephemeral_key.begin(), ephemeral_key.end());
+ if (key)
+ *key = std::string(ephemeral_key_response.ephemeralKey.begin(),
+ ephemeral_key_response.ephemeralKey.end());
+
+ // TODO b/185811713 store the upgraded key blob if provided and delete the old key blob.
ret = true;
out:
- zeroize_vector(ephemeral_key);
+ zeroize_vector(ephemeral_key_response.ephemeralKey);
zeroize_vector(storageKey.blob.value());
return ret;
}
diff --git a/fs/F2fs.cpp b/fs/F2fs.cpp
index d6f3dab..f4a81ee 100644
--- a/fs/F2fs.cpp
+++ b/fs/F2fs.cpp
@@ -20,6 +20,7 @@
#include <android-base/logging.h>
#include <android-base/properties.h>
#include <android-base/stringprintf.h>
+#include <logwrap/logwrap.h>
#include <fscrypt/fscrypt.h>
#include <string>
@@ -71,45 +72,46 @@
}
status_t Format(const std::string& source) {
- std::vector<std::string> cmd;
- cmd.push_back(kMkfsPath);
+ std::vector<char const*> cmd;
+ cmd.emplace_back(kMkfsPath);
- cmd.push_back("-f");
- cmd.push_back("-d1");
+ cmd.emplace_back("-f");
+ cmd.emplace_back("-d1");
if (android::base::GetBoolProperty("vold.has_quota", false)) {
- cmd.push_back("-O");
- cmd.push_back("quota");
+ cmd.emplace_back("-O");
+ cmd.emplace_back("quota");
}
if (fscrypt_is_native()) {
- cmd.push_back("-O");
- cmd.push_back("encrypt");
+ cmd.emplace_back("-O");
+ cmd.emplace_back("encrypt");
}
if (android::base::GetBoolProperty("vold.has_compress", false)) {
- cmd.push_back("-O");
- cmd.push_back("compression");
- cmd.push_back("-O");
- cmd.push_back("extra_attr");
+ cmd.emplace_back("-O");
+ cmd.emplace_back("compression");
+ cmd.emplace_back("-O");
+ cmd.emplace_back("extra_attr");
}
- cmd.push_back("-O");
- cmd.push_back("verity");
+ cmd.emplace_back("-O");
+ cmd.emplace_back("verity");
const bool needs_casefold =
android::base::GetBoolProperty("external_storage.casefold.enabled", false);
const bool needs_projid =
android::base::GetBoolProperty("external_storage.projid.enabled", false);
if (needs_projid) {
- cmd.push_back("-O");
- cmd.push_back("project_quota,extra_attr");
+ cmd.emplace_back("-O");
+ cmd.emplace_back("project_quota,extra_attr");
}
if (needs_casefold) {
- cmd.push_back("-O");
- cmd.push_back("casefold");
- cmd.push_back("-C");
- cmd.push_back("utf8");
+ cmd.emplace_back("-O");
+ cmd.emplace_back("casefold");
+ cmd.emplace_back("-C");
+ cmd.emplace_back("utf8");
}
- cmd.push_back(source);
- return ForkExecvp(cmd);
+ cmd.emplace_back(source.c_str());
+ return logwrap_fork_execvp(cmd.size(), cmd.data(), nullptr, false, LOG_KLOG,
+ false, nullptr);
}
} // namespace f2fs
diff --git a/model/EmulatedVolume.cpp b/model/EmulatedVolume.cpp
index 09a75b5..cfb68ba 100644
--- a/model/EmulatedVolume.cpp
+++ b/model/EmulatedVolume.cpp
@@ -50,7 +50,7 @@
mLabel = "emulated";
mFuseMounted = false;
mUseSdcardFs = IsSdcardfsUsed();
- mAppDataIsolationEnabled = base::GetBoolProperty(kVoldAppDataIsolationEnabled, false);
+ mAppDataIsolationEnabled = base::GetBoolProperty(kVoldAppDataIsolationEnabled, true);
}
EmulatedVolume::EmulatedVolume(const std::string& rawPath, dev_t device, const std::string& fsUuid,
@@ -61,7 +61,7 @@
mLabel = fsUuid;
mFuseMounted = false;
mUseSdcardFs = IsSdcardfsUsed();
- mAppDataIsolationEnabled = base::GetBoolProperty(kVoldAppDataIsolationEnabled, false);
+ mAppDataIsolationEnabled = base::GetBoolProperty(kVoldAppDataIsolationEnabled, true);
}
EmulatedVolume::~EmulatedVolume() {}