OSDN > Finden Software > System > OS Verteilung > Live CD > Android-x86 > SCM > git > system-vold > Commit

Android-x86
Fork
external-gbm_gralloc
hardware-powerbtnd
hardware-intel-libva
manifest
device-generic-x86_64
device-generic-common
system-bt
hardware-intel-intel-driver
external-bluetooth-bluedroid
build
device-generic-x86
packages-apps-Camera2
device-viewsonic-viewpad10
packages-apps-Taskbar
packages-apps-Gallery2
system-media
hardware-intel-common-libva
external-vboxguest-linux-modules
system-netd
hardware-intel-common-vaapi
external-swiftshader
external-efibootmgr
device-generic-openthos
packages-apps-Settings
hardware-ril
packages-apps-CMFileManager
packages-apps-Eleven
external-toybox
external-drm_hwcomposer
hardware-libhardware_legacy
system-extras
hardware-libsensors
hardware-liblights
hardware-broadcom-libbt
packages-apps-TSCalibration2
system-core
packages-apps-Bluetooth
device-generic-firmware
device-generic-goldfish
external-s2tc
device-asus
device-amd
device-common
device-hp-tx2500
device-ibm-thinkpad
device-lenovo-s103t
device-tegatech-tegav2
external-srec
external-webkit
external-wpa_supplicant_6
packages-apps-AndroidTerm
packages-apps-FileManager
external-tslib
external-modules-rtl8723au
packages-inputmethods-PinyinIME
sdk
system-bluetooth
hardware-alsa_sound
device-asus-laptop
device-amd-persimmon
development
device-dell-sparta
device-vm-vm
hardware-wacom-input
libcore
packages-apps-Browser
packages-apps-Camera
prebuilt
device-motion-m1400
device-viliv-s5
packages-apps-Superuser
device-asus-eeepc
device-generic-goldfish-opengl
external-mplayer
external-wpa_supplicant
frameworks-policies-base
ndk
packages-apps-Calendar
packages-apps-ConnectBot
packages-apps-Contacts
packages-apps-DeskClock
packages-apps-LIME
packages-apps-Music
packages-providers-DownloadProvider
packages-wallpapers-Basic
packages-wallpapers-MagicSmoke
packages-wallpapers-MusicVisualization
packages-providers-ImProvider
packages-apps-AlarmClock
packages-apps-IM
packages-apps-Launcher
packages-apps-SoundRecorder
external-opencore
vendor-intel-houdini
vendor-samsung-q1u
external-dhcpcd
hardware-menlow-psb
hardware-menlow-ioport
push
external-eject
external-v86d
external-koush-Superuser
external-koush-Widgets
frameworks-native
external-libpciaccess
external-bluetooth-bluez
external-libtruezip
external-stagefright-plugins
external-ntfs-3g
external-parted
hardware-intel-hwcomposer
external-mesa
external-ffmpeg
external-llvm
external-libdrm
external-e2fsprogs
external-bluetooth-glib
hardware-broadcom-wlan
external-drm_gralloc
hardware-gps
external-busybox
kernel
external-alsa-lib
external-alsa-utils
system-vold
frameworks-base
frameworks-av
external-bluetooth-sbc
packages-apps-Trebuchet
dalvik
hardware-x86power
packages-services-Analytics
external-ppp
packages-apps-Launcher3
external-wpa_supplicant_8
hardware-intel-audio_media
hardware-intel-libsensors
hardware-libaudio
hardware-libcamera
external-googleanalytics
hardware-libhardware
hardware-interfaces
bootable-newinstaller
art
external-efivar
hardware-memtrack
system-connectivity-wificond
bionic
external-kernel-drivers
external-drm_framebuffer
external-exfat
external-openssh
external-wireless-tools
external-mksh
external-libffi
external-musl-libc
system-hardware-interfaces
external-minigbm
external-IA-Hardware-Composer
external-drmfb-composer
external-alsa-ucm-conf
external-libncurses
external-llvm-project
system-linkerconfig
Spenden

R/O
HTTP
SSH
HTTPS

system-vold: Commit

system/vold

Commit MetaInfo

Revision	b5ebd7d9c7fe8d2b4bc60d54f1f5ad70cac4e28e (tree)
Zeit	2019-06-28 02:42:25
Autor	Paul Lawrence <paullawrence@goog...>
Commiter	Paul Lawrence

Log Message

Make ext4 userdata checkpoints work with metadata encryption

When both ext4 user data checkpoints and metadata encryption are
enabled, we are creating two stacked dm devices. This had not been
properly thought through or debugged.

Test: Enable metadata encryption on taimen (add
keydirectory=/metadata/vold/metadata_encryption to flags for userdata in
fstab.hardware)

Unfortunately metadata is not wiped by fastboot -w, so it is
necessary to rm metadata/vold -rf whenever you wipe data.
fastboot flashall -w works
fastboot reboot -w works
A normal boot works
Disable checkpoint commits with
setprop persist.vold.dont_commit_checkpoint 1
vdc checkpoint startCheckpoint 10
adb reboot
wait for device to fully boot then
adb reboot
Wait for device to fully boot then
adb logcat -d | grep Checkpoint shows the rollback in the logs

This tests encryption on top of checkpoints with commit, encryption
without checkpoints, and rollback, which seems to be the key cases.

Also ran same tests on unmodified Taimen and Blueline

Bug: 135905679
Merged-In: I8365a40298b752af4bb10d00d9ff58ce04beab1f
Change-Id: I8365a40298b752af4bb10d00d9ff58ce04beab1f

Ändern Zusammenfassung

modified: Checkpoint.cpp (diff)
modified: EncryptInplace.cpp (diff)
modified: EncryptInplace.h (diff)
modified: MetadataCrypt.cpp (diff)
modified: MetadataCrypt.h (diff)
modified: VoldNativeService.cpp (diff)
modified: VoldNativeService.h (diff)
modified: binder/android/os/IVold.aidl (diff)
modified: vdc.cpp (diff)

Diff

--- a/Checkpoint.cpp

+++ b/Checkpoint.cpp

		@@ -62,14 +62,11 @@ namespace {
62	62	const std::string kMetadataCPFile = "/metadata/vold/checkpoint";
63	63
64	64	bool setBowState(std::string const& block_device, std::string const& state) {
65		- if (block_device.substr(0, 5) != "/dev/") {
66		- LOG(ERROR) << "Expected block device, got " << block_device;
67		- return false;
68		- }
	65	+ std::string bow_device = fs_mgr_find_bow_device(block_device);
	66	+ if (bow_device.empty()) return false;
69	67
70		- std::string state_filename = std::string("/sys/") + block_device.substr(5) + "/bow/state";
71		- if (!android::base::WriteStringToFile(state, state_filename)) {
72		- PLOG(ERROR) << "Failed to write to file " << state_filename;
	68	+ if (!android::base::WriteStringToFile(state, bow_device + "/bow/state")) {
	69	+ PLOG(ERROR) << "Failed to write to file " << bow_device + "/bow/state";
73	70	return false;
74	71	}
75	72

		@@ -279,7 +276,6 @@ const bool commit_on_full_default = true;
279	276
280	277	static void cp_healthDaemon(std::string mnt_pnt, std::string blk_device, bool is_fs_cp) {
281	278	struct statvfs data;
282		- uint64_t free_bytes = 0;
283	279	uint32_t msleeptime = GetUintProperty(kSleepTimeProp, msleeptime_default, max_msleeptime);
284	280	uint64_t min_free_bytes =
285	281	GetUintProperty(kMinFreeBytesProp, min_free_bytes_default, (uint64_t)-1);

		@@ -290,16 +286,17 @@ static void cp_healthDaemon(std::string mnt_pnt, std::string blk_device, bool is
290	286	msleeptime %= 1000;
291	287	req.tv_nsec = msleeptime * 1000000;
292	288	while (isCheckpointing) {
	289	+ uint64_t free_bytes = 0;
293	290	if (is_fs_cp) {
294	291	statvfs(mnt_pnt.c_str(), &data);
295	292	free_bytes = data.f_bavail * data.f_frsize;
296	293	} else {
297		- int ret;
298		- std::string size_filename = std::string("/sys/") + blk_device.substr(5) + "/bow/free";
299		- std::string content;
300		- ret = android::base::ReadFileToString(size_filename, &content);
301		- if (ret) {
302		- free_bytes = std::strtoul(content.c_str(), NULL, 10);
	294	+ std::string bow_device = fs_mgr_find_bow_device(blk_device);
	295	+ if (!bow_device.empty()) {
	296	+ std::string content;
	297	+ if (android::base::ReadFileToString(bow_device + "/bow/free", &content)) {
	298	+ free_bytes = std::strtoul(content.c_str(), NULL, 10);
	299	+ }
303	300	}
304	301	}
305	302	if (free_bytes < min_free_bytes) {

--- a/EncryptInplace.cpp

+++ b/EncryptInplace.cpp

		@@ -62,7 +62,8 @@ struct encryptGroupsData {
62	62	off64_t one_pct, cur_pct, new_pct;
63	63	off64_t blocks_already_done, tot_numblocks;
64	64	off64_t used_blocks_already_done, tot_used_blocks;
65		- char real_blkdev, crypto_blkdev;
	65	+ const char* real_blkdev;
	66	+ const char* crypto_blkdev;
66	67	int count;
67	68	off64_t offset;
68	69	char* buffer;

		@@ -244,8 +245,8 @@ errout:
244	245	return rc;
245	246	}
246	247
247		-static int cryptfs_enable_inplace_ext4(char* crypto_blkdev, char* real_blkdev, off64_t size,
248		- off64_t* size_already_done, off64_t tot_size,
	248	+static int cryptfs_enable_inplace_ext4(const char* crypto_blkdev, const char* real_blkdev,
	249	+ off64_t size, off64_t* size_already_done, off64_t tot_size,
249	250	off64_t previously_encrypted_upto,
250	251	bool set_progress_properties) {
251	252	u32 i;

		@@ -383,8 +384,8 @@ static int encrypt_one_block_f2fs(u64 pos, void* data) {
383	384	return 0;
384	385	}
385	386
386		-static int cryptfs_enable_inplace_f2fs(char* crypto_blkdev, char* real_blkdev, off64_t size,
387		- off64_t* size_already_done, off64_t tot_size,
	387	+static int cryptfs_enable_inplace_f2fs(const char* crypto_blkdev, const char* real_blkdev,
	388	+ off64_t size, off64_t* size_already_done, off64_t tot_size,
388	389	off64_t previously_encrypted_upto,
389	390	bool set_progress_properties) {
390	391	struct encryptGroupsData data;

		@@ -457,8 +458,8 @@ errout:
457	458	return rc;
458	459	}
459	460
460		-static int cryptfs_enable_inplace_full(char* crypto_blkdev, char* real_blkdev, off64_t size,
461		- off64_t* size_already_done, off64_t tot_size,
	461	+static int cryptfs_enable_inplace_full(const char* crypto_blkdev, const char* real_blkdev,
	462	+ off64_t size, off64_t* size_already_done, off64_t tot_size,
462	463	off64_t previously_encrypted_upto,
463	464	bool set_progress_properties) {
464	465	int realfd, cryptofd;

		@@ -570,7 +571,7 @@ errout:
570	571	}
571	572
572	573	/* returns on of the ENABLE_INPLACE_* return codes */
573		-int cryptfs_enable_inplace(char* crypto_blkdev, char* real_blkdev, off64_t size,
	574	+int cryptfs_enable_inplace(const char* crypto_blkdev, const char* real_blkdev, off64_t size,
574	575	off64_t* size_already_done, off64_t tot_size,
575	576	off64_t previously_encrypted_upto, bool set_progress_properties) {
576	577	int rc_ext4, rc_f2fs, rc_full;

--- a/EncryptInplace.h

+++ b/EncryptInplace.h

		@@ -24,7 +24,7 @@
24	24	#define RETRY_MOUNT_ATTEMPTS 10
25	25	#define RETRY_MOUNT_DELAY_SECONDS 1
26	26
27		-int cryptfs_enable_inplace(char* crypto_blkdev, char* real_blkdev, off64_t size,
	27	+int cryptfs_enable_inplace(const char* crypto_blkdev, const char* real_blkdev, off64_t size,
28	28	off64_t* size_already_done, off64_t tot_size,
29	29	off64_t previously_encrypted_upto, bool set_progress_properties);
30	30

--- a/MetadataCrypt.cpp

+++ b/MetadataCrypt.cpp

		@@ -249,7 +249,8 @@ static bool create_crypto_blk_dev(const std::string& dm_name, uint64_t nr_sec,
249	249	return true;
250	250	}
251	251
252		-bool fscrypt_mount_metadata_encrypted(const std::string& mount_point, bool needs_encrypt) {
	252	+bool fscrypt_mount_metadata_encrypted(const std::string& blk_device, const std::string& mount_point,
	253	+ bool needs_encrypt) {
253	254	LOG(DEBUG) << "fscrypt_mount_metadata_encrypted: " << mount_point << " " << needs_encrypt;
254	255	auto encrypted_state = android::base::GetProperty("ro.crypto.state", "");
255	256	if (encrypted_state != "") {

		@@ -268,13 +269,14 @@ bool fscrypt_mount_metadata_encrypted(const std::string& mount_point, bool needs
268	269	if (!get_number_of_sectors(data_rec->blk_device, &nr_sec)) return false;
269	270	std::string crypto_blkdev;
270	271	if (!create_crypto_blk_dev(kDmNameUserdata, nr_sec, DEFAULT_KEY_TARGET_TYPE,
271		- default_key_params(data_rec->blk_device, key), &crypto_blkdev))
	272	+ default_key_params(blk_device, key), &crypto_blkdev))
272	273	return false;
	274	+
273	275	// FIXME handle the corrupt case
274	276	if (needs_encrypt) {
275	277	LOG(INFO) << "Beginning inplace encryption, nr_sec: " << nr_sec;
276	278	off64_t size_already_done = 0;
277		- auto rc = cryptfs_enable_inplace(crypto_blkdev.data(), data_rec->blk_device.data(), nr_sec,
	279	+ auto rc = cryptfs_enable_inplace(crypto_blkdev.data(), blk_device.data(), nr_sec,
278	280	&size_already_done, nr_sec, 0, false);
279	281	if (rc != 0) {
280	282	LOG(ERROR) << "Inplace crypto failed with code: " << rc;

--- a/MetadataCrypt.h

+++ b/MetadataCrypt.h

		@@ -19,6 +19,7 @@
19	19
20	20	#include <string>
21	21
22		-bool fscrypt_mount_metadata_encrypted(const std::string& mount_point, bool needs_encrypt);
	22	+bool fscrypt_mount_metadata_encrypted(const std::string& block_device,
	23	+ const std::string& mount_point, bool needs_encrypt);
23	24
24	25	#endif

--- a/VoldNativeService.cpp

+++ b/VoldNativeService.cpp

		@@ -721,18 +721,20 @@ binder::Status VoldNativeService::isConvertibleToFbe(bool* _aidl_return) {
721	721	return ok();
722	722	}
723	723
724		-binder::Status VoldNativeService::mountFstab(const std::string& mountPoint) {
	724	+binder::Status VoldNativeService::mountFstab(const std::string& blkDevice,
	725	+ const std::string& mountPoint) {
725	726	ENFORCE_UID(AID_SYSTEM);
726	727	ACQUIRE_LOCK;
727	728
728		- return translateBool(fscrypt_mount_metadata_encrypted(mountPoint, false));
	729	+ return translateBool(fscrypt_mount_metadata_encrypted(blkDevice, mountPoint, false));
729	730	}
730	731
731		-binder::Status VoldNativeService::encryptFstab(const std::string& mountPoint) {
	732	+binder::Status VoldNativeService::encryptFstab(const std::string& blkDevice,
	733	+ const std::string& mountPoint) {
732	734	ENFORCE_UID(AID_SYSTEM);
733	735	ACQUIRE_LOCK;
734	736
735		- return translateBool(fscrypt_mount_metadata_encrypted(mountPoint, true));
	737	+ return translateBool(fscrypt_mount_metadata_encrypted(blkDevice, mountPoint, true));
736	738	}
737	739
738	740	binder::Status VoldNativeService::createUserKey(int32_t userId, int32_t userSerial, bool ephemeral) {

--- a/VoldNativeService.h

+++ b/VoldNativeService.h

		@@ -104,8 +104,8 @@ class VoldNativeService : public BinderService<VoldNativeService>, public os::Bn
104	104	binder::Status mountDefaultEncrypted();
105	105	binder::Status initUser0();
106	106	binder::Status isConvertibleToFbe(bool* _aidl_return);
107		- binder::Status mountFstab(const std::string& mountPoint);
108		- binder::Status encryptFstab(const std::string& mountPoint);
	107	+ binder::Status mountFstab(const std::string& blkDevice, const std::string& mountPoint);
	108	+ binder::Status encryptFstab(const std::string& blkDevice, const std::string& mountPoint);
109	109
110	110	binder::Status createUserKey(int32_t userId, int32_t userSerial, bool ephemeral);
111	111	binder::Status destroyUserKey(int32_t userId);

--- a/binder/android/os/IVold.aidl

+++ b/binder/android/os/IVold.aidl

		@@ -81,8 +81,8 @@ interface IVold {
81	81	void mountDefaultEncrypted();
82	82	void initUser0();
83	83	boolean isConvertibleToFbe();
84		- void mountFstab(@utf8InCpp String mountPoint);
85		- void encryptFstab(@utf8InCpp String mountPoint);
	84	+ void mountFstab(@utf8InCpp String blkDevice, @utf8InCpp String mountPoint);
	85	+ void encryptFstab(@utf8InCpp String blkDevice, @utf8InCpp String mountPoint);
86	86
87	87	void createUserKey(int userId, int userSerial, boolean ephemeral);
88	88	void destroyUserKey(int userId);

--- a/vdc.cpp

+++ b/vdc.cpp

		@@ -101,10 +101,10 @@ int main(int argc, char** argv) {
101	101	checkStatus(vold->shutdown());
102	102	} else if (args[0] == "cryptfs" && args[1] == "checkEncryption" && args.size() == 3) {
103	103	checkStatus(vold->checkEncryption(args[2]));
104		- } else if (args[0] == "cryptfs" && args[1] == "mountFstab" && args.size() == 3) {
105		- checkStatus(vold->mountFstab(args[2]));
106		- } else if (args[0] == "cryptfs" && args[1] == "encryptFstab" && args.size() == 3) {
107		- checkStatus(vold->encryptFstab(args[2]));
	104	+ } else if (args[0] == "cryptfs" && args[1] == "mountFstab" && args.size() == 4) {
	105	+ checkStatus(vold->mountFstab(args[2], args[3]));
	106	+ } else if (args[0] == "cryptfs" && args[1] == "encryptFstab" && args.size() == 4) {
	107	+ checkStatus(vold->encryptFstab(args[2], args[3]));
108	108	} else if (args[0] == "checkpoint" && args[1] == "supportsCheckpoint" && args.size() == 2) {
109	109	bool supported = false;
110	110	checkStatus(vold->supportsCheckpoint(&supported));

Show on old repository browser