| Commit message (Collapse) | Author | Age | Files | Lines |
... | |
| |\ \ \ |
|
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | | |
Add support for dm-verity modes and storing persistent state in
a location specified by the following properties:
ro.verity.state.location
ro.verity.state.offset
If these properties do not exist, dm-verity is always loaded in
EIO mode. If the properties do exist, but the location does not
have valid state data, dm-verity is loaded in RESTART mode. The
mode is updated to LOGGING if a dm-verity triggered restart has
occurred.
Change-Id: Ibb82953594d234f81ad21c40f524190b88e4ac8f
|
|\ \ \ \ \
| |/ / / /
| | | | |
| | | | |
| | | | | |
* commit 'fbb3f8ca499b04c82437155f87c8666cad607c6b':
Set underlying block device RO when enabling verity
|
| |/ / /
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
Currently, when verity is set up on a block device, the underlying
device is still accessible directly. Change the existing function
fs_set_blk_ro visible to other fs_mgr modules, change the behavior
to match the comment above the function definition, and call it to
disable write access to the block device when setting up verity.
Bug: 18609347
Change-Id: I7884175df15f9161174788d74d20a08e4cd472ca
|
|\ \ \ \
| |/ / /
|/| | | |
|
| |\ \ \
| | |/ /
| | | |
| | | |
| | | | |
* commit '317b4024a2a46b8c57abfa08f2a649df13572bd3':
Revert "Make encryption configurable"
|
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
This reverts commit bda6272446454886339841a62daaa1b66c07ad60.
The original fix seems to have led to boot failures in QA. Rather than
risk shipping, revert the change. Bug 18764230 reopened.
Requires change
https://googleplex-android-review.git.corp.google.com/#/c/629764/
Bug: 19278390
Bug: 19199624
Change-Id: I8b6ab585666f2b0f585ffb2a5f61ac2e3462e06e
|
| |\ \ \
| | | | |
| | | | |
| | | | |
| | | | | |
* commit '17b5b3520094de679c9e43a872c02d15758c83b8':
fs_mgr: error check umount calls / add retry logic
|
| |\ \ \ \
| | | |/ /
| | |/| |
| | | | |
| | | | | |
* commit 'bda6272446454886339841a62daaa1b66c07ad60':
Make encryption configurable
|
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | | |
Delay mounting encryptable but unencrypted volumes until we can
check the ro.vold.forceencrypt flag, then optionally encrypt.
Requires matching vold change from
https://googleplex-android-review.git.corp.google.com/#/c/615309/
Bug: 18764230
Change-Id: If22008be8de6a4f3216b349f81ace49be1730314
|
| |\ \ \ \
| | | | | |
| | | | | |
| | | | | |
| | | | | | |
* commit '4e0bdd1034ffcf55f4ebcbd547cf4aad59c05f03':
fs_mgr: Support filesystem labels in fstab
|
| |\ \ \ \ \
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | | |
* commit '4083ed7dff6e1dd8e20bec04f9451061951394f5':
Revert "fs_mgr: Support filesystem labels in fstab"
|
| |\ \ \ \ \ \
| | | | | | | |
| | | | | | | |
| | | | | | | |
| | | | | | | | |
* commit 'f9e2339553f70aebdd170e96ab9332b28c3851b4':
fs_mgr: Support filesystem labels in fstab
|
| |\ \ \ \ \ \ \
| | | |_|_|/ / /
| | |/| | | | |
| | | | | | | |
| | | | | | | |
| | | | | | | |
| | | | | | | | |
partition" into lmp-mr1-dev
* commit 'f2bd3fdd190fc1234913febfe254f8bcc4e675da':
Provide a way to select force encryption from vendor partition
|
| | | |_|_|_|/
| | |/| | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | | |
This allows a vendor to force encryption on devices via a vendor
partition flag:
ro.vold.forceencryption 1
Bug: 18764230
Change-Id: Id0049ce64e34e4f6f96e593aadd70c277ac131c8
|
| |\ \ \ \ \ \
| | | | | | | |
| | | | | | | |
| | | | | | | |
| | | | | | | | |
* commit 'a97c10755442e3800c0b1011d986d554ce2096db':
Fix Nick's nits
|
| |\ \ \ \ \ \ \
| | | | | | | | |
| | | | | | | | |
| | | | | | | | |
| | | | | | | | | |
* commit '294e610f886eeb839d16172bb5b98559a6a7434d':
Fix verity on system partitions larger than 2G
|
| |\ \ \ \ \ \ \ \
| | | | | | | | | |
| | | | | | | | | |
| | | | | | | | | | |
Change-Id: I6efd0d4a0ece0b065d02796916355ad5ae8b4eea
|
| |\ \ \ \ \ \ \ \ \
| | | |_|_|/ / / / /
| | |/| | | | | | |
| | | | | | | | | |
| | | | | | | | | | |
* commit '72f0d92c722447e0c87cfe765516a7352db3d51a':
DO NOT MERGE: Do not mount devices with invalid verity metadata
|
| | | | | | | | | |
| | | | | | | | | |
| | | | | | | | | |
| | | | | | | | | |
| | | | | | | | | |
| | | | | | | | | |
| | | | | | | | | |
| | | | | | | | | |
| | | | | | | | | |
| | | | | | | | | |
| | | | | | | | | |
| | | | | | | | | |
| | | | | | | | | |
| | | | | | | | | | |
The return value of read_verity_metadata is propagated to caller
even if the verity metadata is invalid, provided that it can be
read from the device. This results in devices with invalid verity
metadata signatures to be mounted normally, which is not desirable.
This change fixes the bug by changing the return value in case of
verification failure to FS_MGR_SETUP_VERITY_FAIL.
Bug: 15984840
Bug: 18120110
Change-Id: Ic29f37a23cb417c2538d60fb05de9dd310d50f4a
(cherry picked from commit c95e9da39660f278ace4b14d688dc6818d1a38bf)
|
| |\ \ \ \ \ \ \ \ \
| | |/ / / / / / / /
| | | | | | | | | |
| | | | | | | | | |
| | | | | | | | | | |
* commit '9573a13bbc015c555adff1e4e0fbef2a18963111':
DO NOT MERGE: Switch fs_mgr to use SHA-256 instead of SHA-1
|
| | | | | | | | | |
| | | | | | | | | |
| | | | | | | | | |
| | | | | | | | | |
| | | | | | | | | |
| | | | | | | | | |
| | | | | | | | | |
| | | | | | | | | |
| | | | | | | | | |
| | | | | | | | | |
| | | | | | | | | |
| | | | | | | | | |
| | | | | | | | | |
| | | | | | | | | |
| | | | | | | | | |
| | | | | | | | | |
| | | | | | | | | | |
Verity metadata signatures will be switched to SHA-256. Switch
fs_mgr signature verification to use the correct algorithm.
Needs matching changes from
https://googleplex-android-review.git.corp.google.com/#/c/579905/
https://googleplex-android-review.git.corp.google.com/#/c/583213/
https://googleplex-android-review.git.corp.google.com/#/c/583214/
https://googleplex-android-review.git.corp.google.com/#/c/583233/
Bug: 15984840
Bug: 18120110
Bug: 17917515
Change-Id: I8f90519bffa105a0eb7abeaad3aea1ffceb851e2
(cherry picked from commit a3465e250cfc3c00931735711e11ad61cf84d8b2)
|
| |\ \ \ \ \ \ \ \ \
| | |/ / / / / / / /
| | | | | | | | | |
| | | | | | | | | |
| | | | | | | | | |
| | | | | | | | | |
| | | | | | | | | | |
automerge: eb6036a
* commit 'eb6036ac6be82dcc6e110de22574972631c8f83e':
fs_mgr: let fsck.f2fs actually attempt a fix
|
| | | | | | | | | |
| | | | | | | | | |
| | | | | | | | | |
| | | | | | | | | |
| | | | | | | | | |
| | | | | | | | | |
| | | | | | | | | |
| | | | | | | | | |
| | | | | | | | | |
| | | | | | | | | | |
The newer fsck.f2fs (1.4.0++) has better fix support, so invoke it.
Requires http://ag/583949 f2fs-tools update.
Bug: 17640053
Bug: 18292088
Change-Id: I42370d92b232e0bdbf28cccf7035a15dbffeb268
Signed-off-by: JP Abgrall <jpa@google.com>
|
| |\ \ \ \ \ \ \ \ \
| | |/ / / / / / / /
| | | | | | | | | |
| | | | | | | | | |
| | | | | | | | | | |
* commit '4cafe2ff89b49329e0e880900195d8e061bd3750':
Fix verity on system partitions larger than 2G
|
| | | | | | | | | |
| | | | | | | | | |
| | | | | | | | | |
| | | | | | | | | |
| | | | | | | | | |
| | | | | | | | | |
| | | | | | | | | |
| | | | | | | | | |
| | | | | | | | | |
| | | | | | | | | |
| | | | | | | | | | |
If the system partition is larger than 2G, the device fails to read
verity metadata, because fseek accepts only a 32-bit signed offset.
Switch from fseek to lseek64 to allow seeking using a 64-bit offset,
which solves the problem. At the same time, move away from stdio in
the function.
Bug: 17705619
Change-Id: I226320498dcb750ec6cde84411c7fe0774c9cab7
|
| |\ \ \ \ \ \ \ \ \
| | |/ / / / / / / /
| | | | | | | | | |
| | | | | | | | | |
| | | | | | | | | | |
* commit '97e487311b1cb780dfd3b0994917c72047d6188f':
Fix Nick's nits
|
| | | | | | | | | |
| | | | | | | | | |
| | | | | | | | | |
| | | | | | | | | | |
Change-Id: Ide7925e7ad328f0343d444d63ff72f1a26206d4c
|
| |\ \ \ \ \ \ \ \ \
| | |/ / / / / / / /
| | | | | | | | | |
| | | | | | | | | | |
Change-Id: I6b62347c3acfda7c2c954e719547021009d20c01
|
| | | | | | | | | |
| | | | | | | | | |
| | | | | | | | | |
| | | | | | | | | |
| | | | | | | | | |
| | | | | | | | | |
| | | | | | | | | |
| | | | | | | | | |
| | | | | | | | | | |
This reverts commit 152d2d4234ba89e0c20c4af13e291b6049a7bc33.
Fixed build error, and also fixed memory leak spotted from warning.
Bug: 17691572
Change-Id: I23b5ba537f7b557432041d4338b38b9be434e981
|
| |\ \ \ \ \ \ \ \ \
| | |/ / / / / / / /
| | | | | | | | | |
| | | | | | | | | | |
Change-Id: I9ff777a6309aab2b5b18323dd4ee7617cb1c3180
|
| | | | | | | | | |
| | | | | | | | | |
| | | | | | | | | |
| | | | | | | | | |
| | | | | | | | | |
| | | | | | | | | |
| | | | | | | | | |
| | | | | | | | | |
| | | | | | | | | |
| | | | | | | | | |
| | | | | | | | | |
| | | | | | | | | |
| | | | | | | | | |
| | | | | | | | | |
| | | | | | | | | |
| | | | | | | | | |
| | | | | | | | | |
| | | | | | | | | |
| | | | | | | | | | |
Build is broken.
system/core/fs_mgr/fs_mgr_verity.c: In function 'fs_mgr_setup_verity':
system/core/fs_mgr/fs_mgr_verity.c:103:20: error: 'verity_table_signature' may be used uninitialized in this function [-Werror=maybe-uninitialized]
if (!RSA_verify(key,
^
system/core/fs_mgr/fs_mgr_verity.c:374:11: note: 'verity_table_signature' was declared here
char *verity_table_signature;
^
cc1: all warnings being treated as errors
make: *** [out/target/product/minnow/obj/STATIC_LIBRARIES/libfs_mgr_intermediates/fs_mgr_verity.o] Error 1
make: *** Waiting for unfinished jobs....
This reverts commit d4cea0bc16d1ad96cc6d6177232d7b339785460c.
Change-Id: I6862cc79ef9d944a2472b6fb2e46dae514cea8ce
|
| |\ \ \ \ \ \ \ \ \
| | |/ / / / / / / /
| | | | | | | | | |
| | | | | | | | | | |
Change-Id: Icdc9306b460c116441aad21bfcf3ab549224a141
|
| | | | | | | | | |
| | | | | | | | | |
| | | | | | | | | |
| | | | | | | | | |
| | | | | | | | | |
| | | | | | | | | | |
Bug: 17691572
Change-Id: I58f588f318e7952d06a41325337d946d7c007e31
|
| |\ \ \ \ \ \ \ \ \
| | | | | | | | | | |
| | | | | | | | | | |
| | | | | | | | | | |
| | | | | | | | | | | |
* commit 'af191cd157f076ee5d99890711e2881a60d7770a':
fs_mgr: fix build breakage
|
| |_|_|_|_|_|_|_|_|/
|/| | | | | | | | |
| | | | | | | | | |
| | | | | | | | | |
| | | | | | | | | | |
Bug: 19340053
Change-Id: Id0d866e6195ed4752b4be6081eeb2aab8b1dbe9a
|
| | | | | | | | | |
| | | | | | | | | |
| | | | | | | | | |
| | | | | | | | | |
| | | | | | | | | |
| | | | | | | | | |
| | | | | | | | | |
| | | | | | | | | |
| | | | | | | | | |
| | | | | | | | | |
| | | | | | | | | |
| | | | | | | | | |
| | | | | | | | | |
| | | | | | | | | |
| | | | | | | | | |
| | | | | | | | | | |
Don't silently ignore umount errors. At a minimum, log them.
Add strerror(errno) to another umount call, to make sure we get
some actionable data.
check_fs: try 5 times umounting the filesystem. It appears that
the umount is failing, perhaps because some service is opening
the file on the device or other error. Try unmounting it multiple
times in case it's a transient problem and we can recover.
Bug: 19199624
Bug: 19156134
Change-Id: I7213eb52d55116fb2419a36494d26d5e159981a7
|
| | | | | | | | | |
| | | | | | | | | |
| | | | | | | | | |
| | | | | | | | | |
| | | | | | | | | |
| | | | | | | | | |
| | | | | | | | | |
| | | | | | | | | |
| | | | | | | | | |
| | | | | | | | | |
| | | | | | | | | | |
Delay mounting encryptable but unencrypted volumes until we can
check the ro.vold.forceencrypt flag, then optionally encrypt.
Requires matching vold change from
https://googleplex-android-review.git.corp.google.com/#/c/615309/
Bug: 18764230
Change-Id: If22008be8de6a4f3216b349f81ace49be1730314
|
| |_|_|_|_|_|_|_|/
|/| | | | | | | |
| | | | | | | | |
| | | | | | | | |
| | | | | | | | |
| | | | | | | | |
| | | | | | | | |
| | | | | | | | |
| | | | | | | | |
| | | | | | | | | |
This allows a vendor to force encryption on devices via a vendor
partition flag:
ro.vold.forceencryption 1
Bug: 18764230
Change-Id: Id0049ce64e34e4f6f96e593aadd70c277ac131c8
|
| |_|_|_|_|_|_|/
|/| | | | | | |
| | | | | | | |
| | | | | | | |
| | | | | | | |
| | | | | | | |
| | | | | | | |
| | | | | | | |
| | | | | | | |
| | | | | | | |
| | | | | | | |
| | | | | | | |
| | | | | | | |
| | | | | | | | |
When mounting fstab entries it is practical to be able to specify
for example LABEL=data instead of a specific block device.
This is particularly important for the new Android Emulator code base,
which uses virtio block devices for the various partitions
(system,data,cache), because there is no defined ordering between the
way the filesystems are specified to the emulator and how they are
enumerated by the android kernel as /dev/vdX.
Change-Id: I7aef95f12e8f7b02ac2e33804ba7897fdcb9ad7f
Signed-off-by: Christoffer Dall <christoffer.dall@linaro.org>
|
|\ \ \ \ \ \ \ \
| |_|_|_|_|_|_|/
|/| | | | | | | |
|
| | | | | | | |
| | | | | | | |
| | | | | | | |
| | | | | | | |
| | | | | | | |
| | | | | | | | |
This reverts commit 69407ccb02a6b1b63f96657cd40a07c48e648cea.
Change-Id: I537a3b4257b7bc2a69f1f4d62b4e18e91f2dc713
|
|\ \ \ \ \ \ \ \
| |/ / / / / / /
| | | | | | | /
| |_|_|_|_|_|/
|/| | | | | | |
|
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | | |
When mounting fstab entries it is practical to be able to specify
for example LABEL=data instead of a specific block device.
This is particularly important for the new Android Emulator code base,
which uses virtio block devices for the various partitions
(system,data,cache), because there is no defined ordering between the
way the filesystems are specified to the emulator and how they are
enumerated by the android kernel as /dev/vdX.
Change-Id: I12c3db0ba6a515dc8e917e0349afd257888d3aef
Signed-off-by: Christoffer Dall <christoffer.dall@linaro.org>
|
| |_|_|_|_|/
|/| | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | | |
(cherry-pick of 97e487311b1cb780dfd3b0994917c72047d6188f.)
Change-Id: Ide7925e7ad328f0343d444d63ff72f1a26206d4c
|
| |_|_|_|/
|/| | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | | |
If the system partition is larger than 2G, the device fails to read
verity metadata, because fseek accepts only a 32-bit signed offset.
Switch from fseek to lseek64 to allow seeking using a 64-bit offset,
which solves the problem. At the same time, move away from stdio in
the function.
(cherry-pick of 4cafe2ff89b49329e0e880900195d8e061bd3750.)
Bug: 17705619
Change-Id: I226320498dcb750ec6cde84411c7fe0774c9cab7
|
|/ / / /
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
This reverts commit 152d2d4234ba89e0c20c4af13e291b6049a7bc33.
Fixed build error, and also fixed memory leak spotted from warning.
(cherry-pick of bbb36319119edde9377fb80015235893c30d2bc9.)
Bug: 17691572
Change-Id: I23b5ba537f7b557432041d4338b38b9be434e981
|
|\ \ \ \
| |/ / /
|/| / /
| |/ /
| | | |
* commit 'af191cd157f076ee5d99890711e2881a60d7770a':
fs_mgr: fix build breakage
|
| | |
| | |
| | |
| | |
| | |
| | | |
Some compilers are not as smart as other compilers
Change-Id: I9d93c73bdbd2dca37373d8a42a2ed510d0559274
|
|\ \ \
| | |/
| |/|
| | |
| | | |
* commit 'cf234dc7e081ac4063c3c5ddcdd4da40c82d51cb':
Preserve errno from fsmgr_do_mount
|