Age | Commit message (Collapse) | Author |
|
This CL is created as a best effort to migrate test targets to the new Android ownership model.
It is based on historical data from repository history and insights from git blame.
Given the nature of this effort, there may be instances of incorrect attribution. If you find incorrect or unnecessary
attribution in this CL, please create a new CL to fix that.
For detailed guidelines and further information on the migration please refer to the link below,
go/new-android-ownership-model
Bug: 304529413
Test: N/A
Change-Id: I4d1f107d18f767c06f88da57c1bd7dad2b1230a1
|
|
Now that bionic's copy of linux/fscrypt.h has been updated to Linux 6.7,
it's no longer necessary for libfscrypt to have its own definition of
struct fscrypt_policy_v2. This addresses a TODO in the code.
Bug: 299136786
Test: atest libfscrypt_unit_test
Change-Id: Ie8d5860774576ebdad956d72e0db88ae4186d5eb
|
|
Add a new flag "dusize_4k" that can be specified in the fileencryption
option in the fstab and in the ro.crypto.volume.options system property.
This flag causes the data unit size of the fscrypt policy to be set to
4K if that's not already the filesystem's default. This takes advantage
of the ability to specify a sub-block data unit size that was recently
added to the kernel.
The use case for this is to allow inline encryption hardware that only
supports a data unit size of 4K to be used when the userdata filesystem
uses a 16K filesystem block size. A 16K filesystem block size is needed
on f2fs when the system page size is 16K. Note that currently there is
no known use case for data unit sizes other than 4K or the filesystem
block size, so for now we keep things simple and just handle "dusize_4k"
specifically. We could allow other dusize_* values in the future.
This new flag will be added to the documentation at
https://source.android.com/docs/security/features/encryption/file-based#enabling-fbe-on-internal-storage
Bug: 299136786
Test: atest libfscrypt_unit_test
Change-Id: I0a6c889e05b9ded39cfe726e6dea6285ee85f129
|
|
Since https://r.android.com/1108894 ("Move fscrypt_init_extensions into
system/core"), libfscrypt does not need to link to libkeyutils. Remove
it from shared_libs.
Bug: 311736104
Test: build
Change-Id: I431956f355d2354b1a0f307f54de8730526845e7
|
|
Bug: 233652475
Test: atest libfscrypt_unit_test
Change-Id: I20a7422c5429bf29e07571381f722239744b5537
|
|
The HCTR2 definition is no longer needed since the 6.0 kernel headers
were pulled into Android in change
I282de83f23b432bef58214108a93700bdadddf0f
Bug: 233652475
Test: Ensured that code still compiles and CTS test still passes
Change-Id: I331128a2f8f20a39d41a984902732d19511b8d1e
|
|
HCTR2 is a wide-block encryption mode intended to solve a pre-existing
cryptographic weakness due to IV reuse in filename encryption.
Bug: 233652475
Change-Id: Ibae5611db5b5dc99942de45110d29fd4d42fd17e
Test: Boot using an Android kernel with HCTR2 support and verify that
"fscrypt : AES-256-HCTR2" appears in the kernel log.
Signed-off-by: Nathan Huckleberry <nhuck@google.com>
|
|
Now that emulated FBE is no longer supported, there is no longer any
distinction between native FBE and emulated FBE. There is just FBE.
Referring to FBE as "fscrypt" is also poor practice, as fscrypt (the
Linux kernel support for filesystem-level encryption) is just one part
of FBE, the Android feature.
Therefore, rename fscrypt_is_native() to IsFbeEnabled().
Bug: 232458753
Change-Id: I6e004b0116d3aee491da553b178c33af0cba2ac6
|
|
This is needed to link libfs_mgr into snapuserd.
Bug: 193833730
Test: builds
Change-Id: I41aec802503f8c4bd0ddcf36140afdf02f68536e
|
|
Bug: 187196593
Test: boot
Change-Id: I3b4b8c4758d5e710d3c98dd138b0893a7b320601
|
|
Added SPDX-license-identifier-Apache-2.0 to:
alloc-stress/Android.bp
app-launcher/Android.bp
boot_control_copy/Android.bp
bootctl/Android.bp
boottime_tools/bootanalyze/stressfs/Android.bp
boottime_tools/bootio/Android.bp
brillo_config/Android.mk
checkpoint_gc/Android.bp
cppreopts/Android.bp
crypto-perf/Android.bp
ext4_utils/Android.bp
ext4_utils/Android.mk
f2fs_utils/Android.bp
ioblame/Android.bp
ioshark/Android.bp
iotop/Android.bp
kexec_tools/Android.bp
latencytop/Android.bp
libfec/Android.bp
libfec/test/Android.bp
libfscrypt/Android.bp
libfscrypt/tests/Android.bp
libjsonpb/parse/Android.bp
libjsonpb/verify/Android.bp
memory_replay/Android.bp
memtrack/Android.bp
mmap-perf/Android.bp
module_ndk_libs/libnativehelper/Android.bp
multinetwork/Android.bp
pagecache/Android.bp
partition_tools/Android.bp
partition_tools/aidl/Android.bp
perf2cfg/Android.bp
postinst/Android.bp
preopt2cachename/Android.bp
profcollectd/Android.bp
profcollectd/libprofcollectd/Android.bp
profcollectd/libprofcollectd/bindings/libflags/Android.bp
pssbench/Android.mk
puncture_fs/Android.bp
runconuid/Android.bp
sane_schedstat/Android.bp
showslab/Android.bp
simpleperf/Android.bp
simpleperf/runtest/Android.bp
simpleperf/scripts/inferno/Android.bp
simpleperf/simpleperf_app_runner/Android.bp
slideshow/Android.mk
sound/Android.bp
squashfs_utils/Android.bp
su/Android.mk
taskstats/Android.bp
tests/Android.bp
tests/audio/alsa/Android.bp
tests/binder/benchmarks/Android.bp
tests/bootloader/Android.mk
tests/cpueater/Android.bp
tests/crypto/Android.bp
tests/directiotest/Android.bp
tests/ext4/Android.mk
tests/framebuffer/Android.bp
tests/fstest/Android.bp
tests/icachetest/Android.bp
tests/iptables/qtaguid/Android.bp
tests/kernel.config/Android.mk
tests/lib/Android.bp
tests/lib/testUtil/Android.bp
tests/memeater/Android.mk
tests/pagingtest/Android.mk
tests/pftest/Android.bp
tests/schedtest/Android.bp
tests/storage/Android.bp
tests/suspend_stress/Android.bp
tests/tcp_nuke_addr/Android.bp
tests/timetest/Android.bp
tests/uevents/Android.bp
toolchain-extras/Android.bp
vbmeta_tools/Android.bp
verity/Android.bp
verity/fec/Android.bp
zram-perf/Android.bp
Added SPDX-license-identifier-Apache-2.0 SPDX-license-identifier-BSD to:
cpustats/Android.bp
Added SPDX-license-identifier-BSD to:
ANRdaemon/Android.bp
Bug: 68860345
Bug: 151177513
Bug: 151953481
Test: m all
Exempt-From-Owner-Approval: janitorial work
Change-Id: Ia559848af903a7b6746d9b12b7de8b83bc57f99d
|
|
This reverts commit 044d055c842a5750359ed71dfe50a6a4bf5f4cc3.
Reason for revert: Needs to run as multiple roots.
Change-Id: I8e06e7eb19e0f634f52fbd8a1c6662f43e347dd5
|
|
Added SPDX-license-identifier-Apache-2.0 to:
boot_control_copy/Android.bp
bootctl/Android.bp
boottime_tools/bootanalyze/stressfs/Android.bp
boottime_tools/bootio/Android.bp
checkpoint_gc/Android.bp
cppreopts/Android.bp
crypto-perf/Android.bp
ext4_utils/Android.bp
ext4_utils/Android.mk
f2fs_utils/Android.bp
ioshark/Android.bp
iotop/Android.bp
kexec_tools/Android.bp
latencytop/Android.bp
libfec/Android.bp
libfec/test/Android.bp
libfscrypt/Android.bp
libfscrypt/tests/Android.bp
libjsonpb/parse/Android.bp
libjsonpb/verify/Android.bp
memory_replay/Android.bp
memtrack/Android.bp
mmap-perf/Android.bp
module_ndk_libs/libnativehelper/Android.bp
multinetwork/Android.bp
pagecache/Android.bp
partition_tools/Android.bp
perf2cfg/Android.bp
postinst/Android.bp
preopt2cachename/Android.bp
profcollectd/Android.bp
profcollectd/libprofcollectd/Android.bp
profcollectd/libprofcollectd/bindings/libflags/Android.bp
puncture_fs/Android.bp
runconuid/Android.bp
sane_schedstat/Android.bp
showslab/Android.bp
simpleperf/Android.bp
simpleperf/runtest/Android.bp
simpleperf/scripts/inferno/Android.bp
simpleperf/simpleperf_app_runner/Android.bp
slideshow/Android.mk
sound/Android.bp
squashfs_utils/Android.bp
su/Android.mk
taskstats/Android.bp
tests/Android.bp
tests/audio/alsa/Android.bp
tests/binder/benchmarks/Android.bp
tests/bootloader/Android.mk
tests/cpueater/Android.bp
tests/crypto/Android.bp
tests/directiotest/Android.bp
tests/ext4/Android.mk
tests/framebuffer/Android.bp
tests/fstest/Android.bp
tests/icachetest/Android.bp
tests/iptables/qtaguid/Android.bp
tests/kernel.config/Android.mk
tests/lib/Android.bp
tests/lib/testUtil/Android.bp
tests/memeater/Android.mk
tests/pagingtest/Android.mk
tests/pftest/Android.bp
tests/schedtest/Android.bp
tests/storage/Android.bp
tests/suspend_stress/Android.bp
tests/tcp_nuke_addr/Android.bp
tests/timetest/Android.bp
tests/uevents/Android.bp
toolchain-extras/Android.bp
vbmeta_tools/Android.bp
verity/Android.bp
verity/fec/Android.bp
Added SPDX-license-identifier-Apache-2.0 SPDX-license-identifier-BSD to:
cpustats/Android.bp
Added SPDX-license-identifier-Apache-2.0 SPDX-license-identifier-BSD
legacy_notice
to:
Android.bp
Added SPDX-license-identifier-BSD
to:
ANRdaemon/Android.bp
Added legacy_notice
to:
alloc-stress/Android.bp
app-launcher/Android.bp
brillo_config/Android.mk
ioblame/Android.bp
partition_tools/aidl/Android.bp
pssbench/Android.mk
zram-perf/Android.bp
Bug: 68860345
Bug: 151177513
Bug: 151953481
Test: m all
Exempt-From-Owner-Approval: janitorial work
Change-Id: Ie7c022a4d7f828a89d0cda663684a497af37006e
|
|
Format *.cpp according to the new .clang-format. The following command
was used to generate this change:
$ find . \( -name \*.cpp -o -name \*.h \) -exec clang-format \
--style=file -i {} \;
Test: mm
Bug: 171699326
Change-Id: Id7bc8b74fc6cb5156770210271abb86b0e156089
|
|
The name "pre_gki_level" is causing some confusion because not all
devices launching with Android R are subject to the GKI requirement.
(See b/161563110#comment11.) E.g., devices that use a 4.14-based kernel
are exempt from GKI. However, the encryption requirements still apply.
Just use __ANDROID_API_Q__ directly instead.
No change in behavior.
Change-Id: I25a214ed46a68970f410327a480288ef1961af10
|
|
Now that Bionic's copy of <linux/fscrypt.h> has been updated, there's no
need to define FSCRYPT_POLICY_FLAG_IV_INO_LBLK_32 locally.
Test: build
Change-Id: I472f3f75ec14f994685dd65b75ca5c3f271c0aa6
|
|
Bug: 144046242
Test: atest libfscrypt_unit_test
Test: Change fstab on Cuttlefish with patched kernel, check dir policy
Change-Id: I362f9a55fa28bb25afe992c8b0bae48546fc9ab0
|
|
Test: atest libfscrypt_unit_test
Bug: 143970043
Change-Id: Ibb8ee68513d4f04c1a64773768cc5ded9f7425ca
Merged-In: Ibb8ee68513d4f04c1a64773768cc5ded9f7425ca
(cherry picked from commit e6e61f778c409b08b2799c5281b5db74325bc801)
|
|
We'd like to change what the defaults are for fscrypt as we get new
and better things, but we don't want to break old devices. So we
arrange for the behavior to depend on the API version the device
launched with.
In addition, we can now supply a default if any of the three fields
are blank, meaning that clients like get_volume_file_encryption_options
don't have to separately specify defaults.
Right now we use the API level to choose between version 1 and version
2 being default, and as a further guard against anyone using the
deprecated FSCRYPT_POLICY_FLAGS_PAD_4 on new devices.
Bug: 147107322
Test: atest fscrypt
Test: Various Cuttlefish configurations
Change-Id: I43c94c1051c61d2b051355dcd428c44c279a3c75
|
|
Some inline encryption hardware supports protecting
file based encryption keys in hardware without software
having access to or ability to set plaintext keys.
New fileencryption fstab flag 'wrappedkey_v0' is added to
support these hardware. libfscrypt parses the flag and
adds the flag to EncryptionOptions allowing vold to determine
the status.
Test: FBE validation with Fscrypt v2 + inline crypt + wrapped
key changes kernel.
Bug: 147733587
Change-Id: I9fb2b2d6e510a5316976d7698e26a1aae1548ce6
|
|
aosp/1184798 has updated the kernel headers to android-mainline, so we
no longer need to manually declare the declarations for v2 policies, nor
do we need to manually declare FSCRYPT_POLICY_FLAG_IV_INO_LBLK_64.
Also replace the FS_* constants with their new FSCRYPT_* names. This
doesn't change the numerical values; it just changes the names.
Test: build and 'atest libfscrypt_unit_test'
Bug: None
Change-Id: I03ce177923bfa9e0fecbbdbf1718fbf1c17176d9
|
|
We need to test for this flag when deciding whether to set
stable_inodes.
Bug: 143307095
Test: Set inlinecrypt_optimized, check that stable_inodes is set
Change-Id: Ic3245466eccd88ed2784ff4b2a348ca65085e2a4
|
|
Bug: 143307095
Test: add flag in fstab, check policy logs
Change-Id: Ic80d348c2c7d56048e0e73d985f709e8d287cd9f
|
|
Bug: 143307095
Test: cuttlefish, policy=v1 -> flags=0, policy=v2 -> flags=2
Change-Id: I28f35a1e0ee474d07e2e2b591c84e9057ecb6acf
|
|
Bug: 143307095
Test: atest libfscrypt_unit_test
Change-Id: Ieb72dc88c227128ecadc44096a2266fe2af0d20b
|
|
Bug: 143307095
Test: use parser for fstab
Change-Id: Ia103a2e7947d03fb50a378472203363477d865e5
|
|
Bug: 143307095
Test: check logs
Change-Id: Ib8a91dc153919063bc3daf5075848a64a7e48cf8
|
|
Replace many-parameter C interface with a cleaner and more complete
C++ interface for passing around policies in a struct.
Bug: 143307095
Test: treehugger
Change-Id: I95aeaae211f7ad698854bcc66c6d25a0bcb24cfe
|
|
Update libfscrypt to support setting v2 encryption policies. For this,
the ioctl to use is still FS_IOC_SET_ENCRYPTION_POLICY; we just need to
pass it a slightly different structure.
v2 policies support the same encryption modes and flags as v1 policies,
but internally they use a more standard, secure, and flexible KDF. Due
to this, some future features will be supported by v2 policies only.
Other notes:
- Use 16 byte filenames padding for all v2 policies. There's no need to
use the legacy 4 bytes padding.
- Unlike v1 policies, setting a v2 policy requires CAP_FOWNER if the key
hasn't been installed. This isn't an issue for Android, however --
Android always installs the keys first, and even if it didn't,
policies are only set by init and vold, which have CAP_FOWNER.
Bug: 140500999
Test: tested as series; see If64028d8580584b2c33c614cabd5d6b93657f608
Change-Id: I325f75fd3e59d6f00a5c66938b99b127981183a5
|
|
Test: build
Change-Id: I60bd71671ef18b62f3d4152e3061133eafa935f8
|
|
Bug: 140882488
Test: Booted twice, checked logs to ensure encryption
is different each time, adb created files in directory.
Change-Id: I5c962edb316d160dd09c0df893912c6b257d7810
|
|
fscrypt_policy_ensure() sets an encryption policy if the directory is
empty, otherwise it verifies the existing encryption policy.
However, it's unnecessary to actually implement this logic in userspace,
because this is the behavior of the FS_IOC_SET_ENCRYPTION_POLICY ioctl
already. See the documentation:
https://www.kernel.org/doc/html/latest/filesystems/fscrypt.html#setting-an-encryption-policy
Therefore, just call FS_IOC_SET_ENCRYPTION_POLICY and handle errors
appropriately.
This makes the code shorter and less racy, and it also fixes the issue
where if files were created in the directory before an encryption policy
is set, the error message was confusing:
Failed to get encryption policy for $dir: No data available
Now it's:
Failed to set encryption policy of $dir to ...: Directory not empty
Test: booted after factory reset, checked log, rebooted, checked log
again.
Change-Id: I51ee70706bc9ccb216ccefd7bdfbbfc57faae14d
|
|
FS_ENCRYPTION_MODE_ADIANTUM and FS_POLICY_FLAG_DIRECT_KEY are in
Bionic's <linux/fs.h> now, so there's no need to define them in
libfscrypt anymore.
Test: compiled
Change-Id: I499a70a9f8fd3445098a1dd799b1aefe0fa374ce
|
|
Bug: 140027478
Test: treehugger
Change-Id: I296ce6d1272816c237e1ad213fbdef9f6fafb44f
|
|
/data/rollback and /data/rollback-observer used to be created
unencrypted by system-server. If they are unencrypted and have
content, force them to be encrypted by wiping their contents.
Bug: b/139193659
Test: Put content in these directories, then reboot and see it wiped.
Cherrypicked-from: 58a49c3ae59d250cc1db49ce5a2678bf19bb92c3
Change-Id: I0320eb645ebe86965928acbacc8ad01dae2d5ba5
Merged-In: I0320eb645ebe86965928acbacc8ad01dae2d5ba5
|
|
This is the only object in .bss in libfscrypt and it's unused, so it's
costing us 4KB for nothing. Remove it.
Bug: 138856262
Test: objdump -h libfscrypt.so. Check .bss is gone.
Change-Id: Iac5eff45e28453f09d380c10a1818eb53ed2fe48
|
|
Test: n/a
Bug: 126330086
Change-Id: I73367a60c23ca17d0557253bea25279c104e1e53
Merged-In: I73367a60c23ca17d0557253bea25279c104e1e53
|
|
On FBE devices without metadata encryption, GSI images must not be
encrypted, since they are written using normal write() calls rather than
going through device-mapper.
Bug: 126249541
Test: GSI works on FBE device without metadata encryption
Change-Id: Ie14be778eb4a7f18dd8ea33a044ba86f909f3cce
|
|
Bug: 122999313
Test: n/a
Change-Id: I4f9086ac5ded56e1a8ba4e97f449f502b88f7634
|
|
/data/staging contains downloaded APEX files, no user data.
Bug: 122884909
Test: WIP
Change-Id: Idc17cd8978a7c432a65eb1bb4775fa88e87d2b8f
|
|
There is no user data here, just preload data.
Test: make
Change-Id: I2bd65a15ace50c4d1dc4bc4c3f3d4294f77d2c18
|
|
Adiantum is a crypto method Android is supporting for devices
which don't have AES CPU instructions. See the paper
"Adiantum: length-preserving encryption for entry-level processors"
(https://eprint.iacr.org/2018/720.pdf) for more details.
We add Adiantum to our list of supported encryption modes.
Bug: 112010205
Test: Tested on a device
Change-Id: I405ed454be1a447b7405417a05ddfd92a912bcb7
|
|
Bug: 30413223
Test: make with WITH_TIDY=1 DEFAULT_GLOBAL_TIDY_CHECKS=-*,performance*
Change-Id: I94c2456e8ef958abcb0909871fb772dd67060dfc
|
|
bionic now has linux/fs.h from the 4.14 kernel, which has the fscrypt
kernel API declarations. Replace the manual declarations in libfscrypt,
except for the mode numbers which are not supported by the upstream
kernel.
Test: built, booted device with f2fs encryption
Change-Id: I6c663813828e3e0639d9be4298bff2bd4ec36c66
|
|
File-based encryption related code no longer belongs in ext4_utils, as
it is now used on both ext4 and f2fs, since both filesystems share the
same kernel API for encryption. Refactor it into its own library,
libfscrypt.
Note that the keyring is renamed from "e4crypt" to "fscrypt", which is
technically a user-visible change, but as far as I know nothing depends
on it other than vold which is being updated too.
Test: built, booted device with f2fs encryption
Change-Id: I3c302564262412a5d5e672bd213e7cfada5f49cc
|