| Commit message (Collapse) | Author | Age | Files | Lines |
|
|
|
|
|
|
|
|
|
|
|
| |
Currently, the device doesn't mount verified partitions if the
verity table signature is invalid, which usually means it fails to
boot. This change instead sets up dm-verity with an invalid root
hash and triggers device-specific error handling to recover from
the corruption.
Bug: 24256506
Change-Id: I6d693306fa0e7459c5500b028e433df61ecea6fb
(cherry picked from commit 47caa5c386b436ba13de9f2ef356380f39afaf3f)
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
We need to have partition.*.verified properties even when bootloader
is managing dm-verity mode, because we may have failed to set up the
verified partition and need a property to indicate this.
This means we still need to run fs_mgr_update_verity_state and walk
through all the partitions to verify the device mapper status, just
without updating verity mode.
Bug: 22489805
Bug: 22507568
Change-Id: Iaf28185adb8b80e5452447e54e1f4e4417a34168
(cherry picked from commit 2f42554f18e2ba3d40b736ff9ff21e79953e86a5)
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Using a getenv('OUT') in such a deep down function is a wrong design
choice. Replacing with explicit parameter that may be NULL in case
device specific files can be accessed from /.
Since TARGET_COPY_OUT_SYSTEM may be defined to something different than
system we also ensure that we use a path relative to TARGET_OUT to
compute path to fs_config_* files.
Bug: 21989305
Bug: 22048934
Change-Id: Id91bc183b29beac7379d1117ad83bd3346e6897b
Signed-off-by: Thierry Strudel <tstrudel@google.com>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
If verity state is managed by bootloader, it will pass the verity
mode to the kernel in the androidboot.veritymode command line
parameter. Init copies the value to the ro.boot.veritymode property.
Check for ro.boot.veritymode in fs_mgr and use the value to set
dm-verity mode. If this property is not set, store verity state in
metadata as before, if a storage location is specified in fstab.
Bug: 21605676
Change-Id: Ife3c978c133248432c302583d3b70e179605fe42
(cherry picked from commit ac5c1224cfc959b96f7a34068a807db9aaab9358)
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
(chery-picked from commit 806d10be2336f32cdca16c2540cbf3d548f2fec7)
Move all key management into vold
Reuse vold's existing key management through the crypto footer
to manage the device wide keys.
Use ro.crypto.type flag to determine crypto type, which prevents
any issues when running in block encrypted mode, as well as speeding
up boot in block or no encryption.
This is one of four changes to enable this functionality:
https://android-review.googlesource.com/#/c/148586/
https://android-review.googlesource.com/#/c/148604/
https://android-review.googlesource.com/#/c/148606/
https://android-review.googlesource.com/#/c/148607/
Bug: 18151196
Change-Id: I6a8a18f43ae837e330e2785bd26c2c306ae1816b
|
|
|
|
|
|
| |
Bug: http://b/20501816
Change-Id: I1839b48ee4f891b8431ecb809e37a4566a5b3e50
(cherry picked from commit 47b0134ec2b5e8c8b5b5671cd4a3e41261275532)
|
|\
| |
| |
| |
| |
| |
| | |
be specified as percentage of total memory" into lmp-mr1-dev
* commit '2557cd21f0af31d6dafee24d649f83314d2896d4':
fs_mgr: allow for zramsize to be specified as percentage of total memory
|
| |\
| | |
| | |
| | |
| | |
| | |
| | | |
as percentage of total memory" into lmp-mr1-dev
* commit '8b4486294053ea96ac50d8c07d4fc23729ef7c52':
fs_mgr: allow for zramsize to be specified as percentage of total memory
|
| | |\
| | | |
| | | |
| | | | |
memory" into lmp-mr1-dev
|
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
If the zramsize entry has a % size at the end, as in the following example:
/dev/block/zram0 none swap defaults zramsize=25%
then we will set the value as that percentage of total RAM, as read by scanning
/proc/meminfo.
b/20760266 Seed common build allocated too much for zRAM-backed swap
Change-Id: I17c91d311ba99ae7adae112bfe1b38542ea69b80
Signed-off-by: Iliyan Malchev <malchev@google.com>
|
|\ \ \ \
| |/ / /
| | | |
| | | |
| | | |
| | | |
| | | | |
seen in shamu SELinux boot failures."
* commit '92f075aa08a2665ad03c80a0408667f8864f1ecd':
Improve bad error reporting seen in shamu SELinux boot failures.
|
| |\ \ \
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | | |
SELinux boot failures."
* commit '48ba758782bed8c50f450fd77c4b3284c3fa7316':
Improve bad error reporting seen in shamu SELinux boot failures.
|
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | | |
Explain why mount failed, and explicitly say that the umount fixed it.
Change-Id: I13b0927a36517f2fc9f9580945ba6ebefc4882df
|
|\ \ \ \ \
| |/ / / /
| | | | |
| | | | | |
Change-Id: I1d1f6b1cdbd7ee441682c4258a11fb3198ca7d94
|
| |\ \ \ \
| | |/ / /
| |/| / /
| | |/ / |
Change-Id: I24c60a2747931917a3ea09b953905ce0f4145280
|
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
Move fastboot's format logic into fs_mgr, to consolidate the knowledge
about how to do this (and when to wipe metadata).
Try to format these formattable paritions if they are wiped.
If formatting fails, we will fall out to let recovery mode handle it.
Bug: 20082763
Change-Id: I397cc197550e78d932e8a154fd234695c46dbe7b
|
|\ \ \ \
| |/ / /
| | | |
| | | |
| | | |
| | | |
| | | | |
Add support for squashfs"""
* commit 'd087e6f3ff0f928fb1ad7e47e488a3345ab8a555':
Revert "Revert "fs_mgr_verity: Add support for squashfs""
|
| | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
This reverts commit 7b97c7a3fa0f1bdae5b45a70f625ff48f9dab0c1.
Change-Id: Id47e70479fe9247b7936f2e54d4dbfbb4f63f635
|
|\ \ \ \
| |/ / /
| | | |
| | | |
| | | |
| | | |
| | | | |
support for squashfs""
* commit '0009bacfda1f6b6a7421c3d1d7a07cc8c88c2090':
Revert "fs_mgr_verity: Add support for squashfs"
|
| |\ \ \ |
|
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | | |
This reverts commit 807f47004f03653997edbe3c83d46350cb056cd4.
Change-Id: I2d7972c0828c842b44747dd08fbe44668f2a55db
|
|\ \ \ \ \
| |/ / / /
| | | | |
| | | | |
| | | | |
| | | | |
| | | | | |
squashfs"
* commit 'd411d14a07842563500cb8991f0f8a84fcb1cd8f':
fs_mgr_verity: Add support for squashfs
|
| |\ \ \ \
| | |/ / / |
|
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | | |
- Cleanup the code to get filesystem size in a block device
- Add support to reading size of squashfs in a block device
Change-Id: I3848a705ed4dc2fc9afad20331f0fdecfee545c5
Signed-off-by: Mohamad Ayyash <mkayyash@google.com>
|
|\ \ \ \ \
| |/ / / /
| | | | |
| | | | |
| | | | |
| | | | |
| | | | | |
verified partition is reflashed"
* commit '13e8af053b425b66199dc12b89c02236b517fac9':
Restore verity state when verified partition is reflashed
|
| |\ \ \ \ |
|
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | | |
Store verity state separately for each verified partition, and store
a hash of the last verity table signature for each partition. If the
signature changes, assume the partition has been reflashed and reset
verity state.
Bug: 20006638
Change-Id: I1c85fb816bfec1a54b1033c938bf1fdaf572f849
|
|\ \ \ \ \ \
| |/ / / / /
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | | |
verified property value"
* commit '93c4b6c85ac4350029e1a78c16663f61c777ac14':
Set verity mode as the verified property value
|
| |\ \ \ \ \
| | |/ / / /
| | | / / /
| | |/ / /
| |/| | | |
|
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | | |
Set the verity mode as the value for partition.%s.verified to make it
easier for userspace to determine in which mode dm-verity was started.
Change-Id: Icc635515f8a8ede941277aed196867351d8387cb
|
|\ \ \ \ \ |
|
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | | |
Fix build break caused by original change
This reverts commit 84b0bab58fcc7f225e9a17a15c531b0c2fc509c5.
(cherry picked from commit bbb4c85bdcc9a1bce315ed9d61a228bb1b992a1c)
Change-Id: If0ead0f2656b69f33f72c64b03a05784455a4143
|
|\ \ \ \ \ \
| |/ / / / /
|/| / / / /
| |/ / / /
| | | | | |
* commit '1c4cdf72a685fe2b913244991b79a81a0d1c2620':
Link libc++_static into fs_mgr.
|
| | | | |
| | | | |
| | | | |
| | | | | |
Change-Id: Ic2461d3a30dbd8a22f9800a33fac27c658340b21
|
| |/ / /
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
Fix build break caused by original change
This reverts commit 84b0bab58fcc7f225e9a17a15c531b0c2fc509c5.
Change-Id: I99fbd7c3d1ed92db1f546033c8493bb71a327924
|
|\ \ \ \
| |/ / /
| | | |
| | | |
| | | | |
* commit '825c2655b7bbd5f88d316a5a9b3a746c50282c24':
Fix build
|
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
Fix build breakage in aosp_fugu-userdebug_clang (linux) caused
by Id8711f7d51dc1e4e9a4d84f9951240f64528e69d
Change-Id: Icd04aeaf131be045cf5788846ae9832e6cbbb944
|
|\ \ \ \
| |/ / /
| | | |
| | | |
| | | |
| | | |
| | | | |
verity metadata"
* commit 'c28e2598af394834dbf6532f1cf252705fabd76b':
Use structured format for verity metadata
|
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
Specify the location of verity metadata in fstab, and use a
type-length-value format for the metadata that allows other
data to be stored in the same location in an extensible way.
Change-Id: Id8711f7d51dc1e4e9a4d84f9951240f64528e69d
|
| | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
This reverts commit 6095afc115fe3a4b7d151b4fcc164e00f9df9659.
Change-Id: Icedfe0036223d7f42eaaefc4a35ad0f2efb14e4e
|
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
Add file encryption flag to fstab.
If file encryption flag set in fstab, handle identically to block
encrypted volumes.
Requires matching change:
https://googleplex-android-review.git.corp.google.com/#/c/642778/
Change-Id: I28c236959f2d7d5f0dccc8ea45c325ea0cf871fc
|
|\ \ \ \
| |/ / /
| | | |
| | | |
| | | | |
* commit '54bac178ce0ee9d243bfbfc9c18dafbb14cd3f92':
Add init command to set verified properties
|
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
Add a command that updates dm-verity state and sets partition.%.verified
properties used by adb remount.
This is needed in init since fs_mgr cannot set properties:
I6a28cccb1ccce960841af20a4b20c32d424b5524
Change-Id: I0fdf5bc29c56690dcadff9d0eb216d3c68483538
|
|\ \ \ \
| |/ / /
| | | |
| | | |
| | | |
| | | |
| | | | |
through libfs_mgr"
* commit 'fcd14f13a1e05bc1958bfeaba95678b9bf4b121e':
Do not call libcutils property_set in init through libfs_mgr
|
| |\ \ \ |
|
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | | |
Both init and libcutils define a property_set function. The init
version sets the property directly while libcutils simply calls
__system_property_set, which sends a message to init to set the
property.
Since libfs_mgr is statically linked to libcutils, any calls to
property_set end up sending a message to init and waiting for a
response. When libfs_mgr is further statically linked to init,
this leads to init sending a message to itself when property_set
is called in fs_mgr.
Because send_prop_msg in bionic only waits for a response for
250ms, this does not cause a deadlock. However, using libcutils
to set a property in the init process is hardly a good idea.
This change removes the property_set call from fs_mgr_verity.c.
If this property is required later, it should be set elsewhere.
Change-Id: I6a28cccb1ccce960841af20a4b20c32d424b5524
|
|/ / / /
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
Some partitions don't need trimming.
Needs a vold:fstrim change
Bug: 19624276
Change-Id: I8df715bd18688d7921afa2f3743f7d2a68760699
|
|\ \ \ \
| |/ / /
| | | |
| | | |
| | | | |
* commit '291ce5b82d8a504be69132f1827e20041833c488':
Fs_mgr: Fix format code
|
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
Suggested printing for off_t is to cast to intmax_t and print that.
Follow-up to https://android-review.googlesource.com/133111.
Change-Id: Icff6844044c3d0fa6372c3f399453a526fd89954
|
|\ \ \ \
| |/ / /
| | | |
| | | |
| | | | |
* commit 'a88fb24ab43eec9710a0d4d15aedb6d4bc51a2ec':
Add fs_mgr support for dm-verity modes
|