If there is a "/" in the fstab, can only be there on system as root.
This drops the troubling and annoying log message:
[libfs_mgr]Could not find verity device for mount point: /: No such device or address
Test: manual
Bug: 109821005
Change-Id: I6bbfc0af63e1526e52a1c6365241dbc1d5ee7c6a
We ran into an issue with an fd leaking due to missing both CLO_EXEC
and fclose() in related code, so let's make sure we're safe here too.
Test: boot
Change-Id: Ief893c936859815c78fa6d7e06cb88ad34aadbac
If a device has logical partitions but does not use a partition called
"super", we will need this to be configurable. Note that the "slot"
argument is currently unused, but will be necessary for update_engine if
there are A and B super partitions.
Bug: 116608795
Test: super partition works
Change-Id: Ieb548a158faeb423f3561230f26d582325efbc6b
By telling us that the target or source is missing for ENOENT, we
can triage whether it is a build/configuration problem or a driver
problem. Two engineers spend more than a few hours investigating
a build problem rationalizing adding this instrumentation.
Test: compile
Bug: 109821005
Change-Id: I1ecc6230ebee128c0963d6020787230c1e2fb8c1
Add an fstab argument for fs_mgr_overlayfs_mount_all so that it can
leverage the locally and timely acquired fstab entries. Affects all
callers, adb and init.
Test: manual
Bug: 109821005
Bug: 115751838
Change-Id: I96e2045d88525a6ce39bef63327a0fcf0704e9bc
Adds support for partitions with checkpointing enabled. If the
checkpoint= fs_mgr flag is set, and the system has checkpointing on,
the partition will be mounted in checkpointing mode.
Test: Use vdc checkpoint commands, the checkpoint=fs fs_mgr flag
in the fstab, and a kernel containing the f2fs checkpoint
changes. https://lkml.org/lkml/2018/8/21/22
Change-Id: I3ea8da932de06fcfd2eed06b8640a8b1df837f1f
Note that in addition to waiting for the path to appear, we must also
wait for it to be unlinked. Otherwise, we could accidentally access an
older device when opening and closing the same partition twice in a row.
Bug: 114198005
Test: fastboot flashall works
Change-Id: Iddffc34e1ac8aa066c28e7b1a92b09b6dfd7945c
With verity disabled, fs_mgr_update_verity_state spews some confusing
error messages from device-mapper. This change checks whether a device
exists and logs an explicit error.
Bug: N/A
Test: AVB properties are set correctly on AVB device
Messages are logged correctly with AVB disabled
Change-Id: If490c18cfec2d63ad784972c13ceef63d9aa3e4c
After fs_mgr_mount_all has added the resources, let
fs_mgr_overlayfs_mount_all to read-only mount overlayfs over the
possible system partitions.
Test: compile
Bug: 109821005
Bug: 110985612
Change-Id: I7101a04c57de1a26283b1523636d07fa8e19ffc7
By changing to a std:function from a plain function pointer as an
argument to fs_mgr_update_verity_state(), a lambda with captured
objects can be executed providing thread safety.
Test: compile and boot
Bug: 109821005
Change-Id: I2699a08cc2c5216625dcbf84eeac0c460f4ae36a
This change introduces a new GetTableStatus method on DeviceMapper,
which returns a vector of information about each target in a device's
table. Some target types (such as verity) can also return additional
information as a string.
Support for this call has also been added to the "dmctl" tool via a
"table" command. Examples:
$ dmctl create blah zero 0 8000 linear 8000 1000 /dev/block/sdd1 0
$ dmctl table blah
Targets in the device-mapper table for blah:
0-8000: zero
8000-9000: linear
For verity:
sailfish:/ # dmctl table system
Targets in the device-mapper table for system:
0-4128792: android-verity, V
Bug: 110035986
Test: libdm_test gtest; AVB1 device still boots
Change-Id: Iaf13450d3b32e2264c7c399a8af8d6bade260592
This adds an API to fs_mgr for reading dm-linear tables out of device trees
and issuing device-mapper ioctls. The device tree code will be
implemented separately. The dm-linear structures in fs_mgr are organized
assuming we may want to pull them from sources other than DT (for
example, text files, binary blobs, or something hardcoded for testing).
File systems which are mounted from these logical partitions have
specific fstab requirements. The block device must be a partition name,
and if Verified Boot is used, that name must match the vbmeta partition name.
Second, the entry must have the "logical" fs_mgr flag. Example fstab
entry:
vendor /vendor ext4 ro wait,logical
Example fstab entry in device tree:
vendor {
compatible = "android,fstab";
dev = "vendor";
type = "ext4";
mnt_flags = "ro";
fs_mgr_flags = "wait,slotselect,avb,logical";
};
Bug: 78914864
Test: N/A
Change-Id: I4d8878ea8858f26310119616cadc3ee0dd08566c
Remove "verity" from device-mapper helper functions so it's clear they can be
re-used for non-verity targets.
Bug: 78914864
Test: AVB device still boots
Change-Id: Id8474b2c6e23e828eff563263ebb409031cde17e
DM_READONLY_FLAG should only be used when loading tables, and
DM_STATUS_TABLE_FLAG should only be used when querying a table's status. This
patch cleans up how we set flags to reflect when the kernel actually cares
about them.
Bug: 78914864
Test: AVB device still boots
Change-Id: I809d8c2ef2105849ebdd095bbe7f08f15ae63465
Don't use the FDE flow to support metadata encryption; just use the
vold service which directly mounts the volume.
Bug: 63927601
Test: Boot Taimen to SUW with and without metadata encryption.
Change-Id: Idf9c27a69872cd7a9e2fb76df09a91d8e5ef4896
If we're setting up the number of reserved blocks, we also want to
set our new AID_DISK_RESERVED as the GID that's allowed to use those
blocks.
Test: builds, boots
Bug: 62024591
Change-Id: Iaabfa7d63ad9ff0b9732e2b9996937607d622fe2
Previously there is no vboot 1.0 metadata for ENG builds. It relies on
is_device_secure() to query "ro.secure" and skip setting up dm-verity
if the value is 0 (meaning ENG build).
This change will be submitted together with other changes to add vboot
1.0 metadata for ENG builds with a "disable magic". The resulting
metadata will be the same as triggering an "adb disable-verity" on an
USERDEBUG image.
Bug: 63056044
Test: boot sailfish eng/userdebug builds
Change-Id: I35eef771e1b30bfc6d01b8ed76b40c942fe7b783
This is needed if they will ever handle ro. properties that have
values longer than 92 characters.
Bug: 23102347
Bug: 34954705
Test: read and write properties with value length > 92 characters
Change-Id: I44aa135c97ec010f12162c30f743387810ae2c5d
Because full disk encryption make surper block is not except contents. Only
judge the magic number can prevent most of encrypted surper block.
In particular, magic number plaintext may be equal ciphertext. In order to
avoid this situation, we add the judgment of adaptive situation of the
s_rev_level, s_log_block_size and EXT4_INODE_SIZE.
Test: 1. Config fstab,userdata add flags: forceencrypt=footer,reservedsize=128M
2. build a new target files, and flash all image.
3. Config encrypt userdata surperblock,set magic number is 0xEF53
4. reboot system and check log of fs_mgr.
Change-Id: I925584d58f17afabbb3aa91f8be2302518172bb2
Signed-off-by: katao <katao@xiaomi.com>
This change adds MS_NOEXEC to the list of flags used in
fs_mgr_do_tmpfs_mount().
Bug: 62419743
Test: aosp_bullhead-eng still boots
Change-Id: I3ee3bb825a59437eba48e3a5b898dd2e385a9ab7
Upstream kernels (v4.9+, v4.4.67+) have started to enforce that
encryption policies cannot be set on ext4 directories unless
EXT4_FEATURE_INCOMPAT_ENCRYPT is set in the filesystem superblock, as
was the original design. Since Android's userspace was not setting this
flag, it was not possible to use "file-based encryption" (FBE) on
devices whose kernels enforce this constraint. Fix this by updating
fs_mgr to set the flag if needed, similar to how it enables the quota
feature if needed.
Note that it would, eventually, be simpler to set this flag at mkfs
time. But that seems infeasible for now, given the many different ways
the userdata filesystem can be formatted --- including via 'fastboot',
which I believe is expected to still be compatible with old devices
whose kernel and/or e2fsprogs don't support the 'encrypt' flag.
Bug: 36231741
Change-Id: Ibafb9a7116fc853b62f8ee074a78499399f290a6
There were several duplications in the code that runs before a
filesystem is mounted. This made it difficult to start running tune2fs
to set the encryption feature flag. Refactor to deduplicate the logic,
and improve the log messages.
Bug: 36231741
Change-Id: I90846dad9c5ec85b3c5460615dec4cc19cb7e198
During mount operations, fs_mgr_wait_for_file() is invoked to
ensure the device file exists before starting to mount it. Adding
logs when the wait fails and also skip mounting as it won't be
successful. Also merge fs_mgr_test_access() and wait_for_file()
as fs_mgr_wait_for_file().
Test: Boot device and manually trigger the timeout issue
Test: Check and confirm whether timeout log info is inside ksmg.
Change-Id: Ide6d7fdca41e03e169e4400f91b7dea327985aaf
To boot with generic system.img for project Treble, we should allow no verity
metadata when the device is unlocked. The previous fix checks system property
"ro.boot.flash.locked" but it's unavailable during first stage mount.
This CL checks "androidboot.verifiedbootstate" in kernel command line instead.
Bug: 63268209
Test: boot sailfish without metadata on /vendor
Change-Id: Ifd1dbeb2a2f09cd06903ecdd59bc94b3905a3fbd
Need to know why the mount failed. clang_format adjustment.
Basically change LINFO to PINFO to cause the log message for the mount
report to be accompanied by a strerror(errno) message appended to the
end so that it is clear why the mount was rejected.
Test: manual
Bug: 63100799
Change-Id: Ic958299759befe5d5b11bdc95fea5d64cad86412
