forceencrypt= will encrypt the drive at boot if it is not encrypted. This change
will not have an impact until we set this flag in appropirate fstabs.
Bug: 11985952
Change-Id: I6c65eda7f109e4936aa160da50f871703aefb351
This checks ro.debuggable to determine whether a device is in the
debuggable state or not, disabling verification if it is.
Eventually we'd like to narrow this down to only devices which
need to disable it, but we aren't there yet.
Change-Id: I06a329fe5449deab6bae595877dbb1f200850241
Modify fs_mgr to unmount encryptable drives after test mounting them and
then trigger an auto-encrypt via the init script
Needs matching vold changes from
https://googleplex-android-review.googlesource.com/#/c/414200/
Feature is limited to list of serial numbers with this change
Bug: 11985952
Change-Id: I84f85a258b6a7e9809467c9149249302e203c41b
* changes:
init: Add "partition.*.verified" properties to the property service.
fs_mgr: Set the 'partition.*.verified' property for verified partitions.
This modifies fs_mgr to set the partition.*.verified properties.
Each of these should be used as a weak indicator that a given partition
is verified. For instance, if the 'partition.system.verified' property
is set to '1', this could indicate that the system partition is verified
and therefore should not be modified by, e.g., adb sync.
Note that these properties can be mutated by the system, and so
should not be used as the basis for security decisions.
Change-Id: I27215a3d3628a1b1e184df9eaad90541b9d8b841
Since 38afe5f4ba
fs_mgr_mount_all() will try to behave more like "mount -a"
So prevent inaccessible or busy (already mounted) encryptable filesystems
from mounting tmpfs in their mount points.
Change-Id: I32e5b3e26f2138d1e4d9ef8ba01c1466f8051d39
These images do not have GPL-ed binaries like /system/bin/e2fsck so
avoid running the program when we detect that we're running inside
one of them.
Note that this does not affect other emulator-based build products
(e..g full-eng instead of sdk-eng), which do have the binaries.
BUG=13057123
Change-Id: Ia42f1d02a3845fbf4b2f9d95818f35d760711a12
Move fstab parsing into fs_mgr_fstab.c so that it compiles into a
separate compilation unit. uncrypt links against it but doesn't
need to pull in the rest of the dependencies on fs_mgr.c.
Change-Id: I6bffe1cd42720151533e958028259d1931aaa4bf
ext4_parse_sb now takes the struct fs_info to fill out to avoid
using the global info from external callers.
Change-Id: I0984ba01c0dbdd5b68b825817faf0c5cf5aa5510
This cleans up most of the size-related problems in system/core.
There are still a few changes needed for a clean 64-bit build,
but they look like they might require changes to things like the
fastboot protocol.
Change-Id: I1560425a289fa158e13e2e3173cc3e71976f92c0
While debugging a mount error, the dmesg output was less
than ideal. The error would be declared but why the mount
failed, and what options were passed was not present. This
patch ensures that the mount options and underlying
errno are printed.
Change-Id: I2b3a2c113149df878c0a8a10ef86fd9e4f909658
The build is broken.
system/core/fs_mgr/fs_mgr.c:824:77: error: expected '(' before 'unused'
const char *blk_device, long long length __attribute__(unused))
^
system/core/fs_mgr/fs_mgr.c: In function 'fs_mgr_add_entry':
system/core/fs_mgr/fs_mgr.c:824:56: warning: unused parameter 'length' [-Wunused-parameter]
const char *blk_device, long long length __attribute__(unused))
^
make: *** [out/target/product/generic_x86/obj/STATIC_LIBRARIES/libfs_mgr_intermediates/fs_mgr.o] Error 1
make: *** Waiting for unfinished jobs....
This reverts commit 21095d0cae.
Change-Id: I64f8c4d9c17c0e3bbf2eb427a2c0b81bbe66ec3a
target thumb C: libfs_mgr <= system/core/fs_mgr/fs_mgr.c
system/core/fs_mgr/fs_mgr.c: In function 'fs_mgr_add_entry':
system/core/fs_mgr/fs_mgr.c:828:56: warning: unused parameter 'length' [-Wunused-parameter]
const char *blk_device, long long length)
Change-Id: Ide1bfa120c4f8d8e2f643929cb84c1be065e3310
The log_target parameter of android_fork_execvp_ext() is now a
bit field, and multiple targets can be set to log to multiple
places at the same time.
The new target LOG_FILE will log to a file specified by the new
parameter file_path.
Set LOG_FILE and log to a file in /dev (the only writable filesystem
avilable when e2fsck runs) when invoking e2fsck in fs_mgr.
Bug: 10021342
Change-Id: I63baf644cc8c3afccc8345df27a74203b44d0400
When reading the fstab config file fails, fstab memory is not freed.
When fstab structure is no longer needed, only half of it is freed.
Free fstab memory in all cases (error or when it is no longer needed).
Change-Id: Ib0758a5aaa69505285bf64143632986a2dbbdccb
Signed-off-by: Irina Tirdea <irina.tirdea@intel.com>
Since getline is included in bionic, fs_mgr can use this version instead of
the one defined internally by fs_getline.
Replace fs_getline with getline.
Change-Id: I49b53d639bd995f051256fb7573ff6ab45d9c36d
Signed-off-by: Irina Tirdea <irina.tirdea@intel.com>
This change adds a "verify" fs_mgr flag specifying that
the device in question should be verified.
Devices marked with this flag are expected to have a
footer immediately after their data containing all
the information needed to set up a verity instance.
Change-Id: I10101f2c3240228ee0932e3767fe35e673d2e720
When a filesystem is mounted read-only, make the underlying
block device read-only too. This helps prevent an attacker
who is able to change permissions on the files in /dev
(for example, symlink attack) from modifying the block device.
In particular, this change would have stopped the LG Thrill / Optimus
3D rooting exploit
(http://vulnfactory.org/blog/2012/02/26/rooting-the-lg-thrill-optimus-3d/)
as that exploit modified the raw block device corresponding to /system.
This change also makes UID=0 less powerful. Block devices cannot
be made writable again without CAP_SYS_ADMIN, so an escalation
to UID=0 by itself doesn't give full root access.
adb/mount: Prior to mounting something read-write, remove the
read-only restrictions on the underlying block device. This avoids
messing up developer workflows.
Change-Id: I135098a8fe06f327336f045aab0d48ed9de33807
A recent change to how libcutils is built requires liblog
to be explicitly included in the link list if it's needed.
Change-Id: I8547f5e65c488c8f6e314ccd4eb96606742272be
Currently, the output of e2fsck is not saved, and we have no insight
into how many errors e2fsck is finding and fixing. Using the new
abbreviated logging feature in liblogwrap, up to the first 100 lines,
and last 4K bytes of the output of e2fsck is captured by fs_mgr, and
added to the kernel log.
Usually, the filesystem will be clean, and this will only add a few
lines to the kernel log on boot, but when things go wrong, it should
save enough to indicate what the problem is, without potentially
filling the kernel log with only e2fsck output if the filesystem is
really corrupted.
Change-Id: I9c264798e6fe721c8f818b5ce15d0975027ddbdd
If a device has an ext4 partition that contains the radio
firmware, and that filesystem is not mounted in normal
operation, we need a flag to prevent mount_all from
mounting it, so the new flag recoveryonly was added.
Change-Id: I361800c494e751b04c4faf956870f15fd0d8fe20
In practice 5 seconds is too short to wait for a disk device node to
show up if the disk is USB; 20 seconds is a much more comfortable
window.
Change-Id: Iaf2c1f46b41a44fc1240d52d8498ca9cb639ea80
Signed-off-by: Andrew Boie <andrew.p.boie@intel.com>
fs_mgr defines its own version of getline and uses it
internally. This leads to a build error if getline is
also defined in bionic, since fs_mgr will see readline
as defined internally.
Rename getline in fs_mgr to a local name (fs_getline)
so that there will no longer be any conflicts.
This is needed it we want to add getline in bionic.
Change-Id: I3a32be71a645e122629802d98ff8f9ab9c419e86
Signed-off-by: Irina Tirdea <irina.tirdea@intel.com>
Mark Salyzyn