Change /data to tmpfs
For security reason, we will use tmpfs for /data. It should contain only
small, temporary files for now.
vold is removed as it's redundant now. MicrodroidTestCase's boot marker
is also updated because logd reinit won't happen if vold is removed.
Bug: 185767624
Test: atest MicrodroidHostTestCases
Change-Id: I3f60d5dfad2519b6d593a3f514bb50c50019b526
diff --git a/microdroid/Android.bp b/microdroid/Android.bp
index 8ccced7..b878b3e 100644
--- a/microdroid/Android.bp
+++ b/microdroid/Android.bp
@@ -57,8 +57,6 @@
"logd",
"run-as",
"secilc",
- "mke2fs",
- "e2fsdroid",
// "com.android.adbd" requires these,
"libadbd_auth",
@@ -69,15 +67,11 @@
"apexd",
"debuggerd",
- "e2fsck",
"keystore2",
"linker",
"linkerconfig",
"servicemanager",
"tombstoned",
- "tune2fs",
- "vdc",
- "vold",
"wait_for_keymaster",
"cgroups.json",
"public.libraries.android.txt",
@@ -218,8 +212,7 @@
cmdline: microdroid_boot_cmdline +
"pci=noacpi " +
"androidboot.boot_devices=pci0000:00/0000:00:01.0," + // os
- "pci0000:00/0000:00:03.0," + // payload
- "pci0000:00/0000:00:04.0", // userdata
+ "pci0000:00/0000:00:03.0", // payload
},
},
dtb_prebuilt: "dummy_dtb.img",
@@ -404,11 +397,6 @@
}
prebuilt_etc {
- name: "microdroid_cdisk_userdata.json",
- src: "microdroid_cdisk_userdata.json",
-}
-
-prebuilt_etc {
name: "microdroid_payload.json",
src: "microdroid_payload.json",
}
diff --git a/microdroid/README.md b/microdroid/README.md
index 489791a..6b9f4b1 100644
--- a/microdroid/README.md
+++ b/microdroid/README.md
@@ -105,16 +105,6 @@
{
"image": "/data/local/tmp/microdroid/payload.img",
"writable": false
- },
- {
- "partitions": [
- {
- "label": "userdata",
- "path": "/data/local/tmp/microdroid/userdata.img",
- "writable": true
- }
- ],
- "writable": true
}
]
}
@@ -129,7 +119,6 @@
$ adb root
$ adb shell 'mkdir /data/local/tmp/microdroid'
$ adb shell 'dd if=/dev/zero of=/data/local/tmp/microdroid/misc.img bs=4k count=256'
-$ adb shell 'dd if=/dev/zero of=/data/local/tmp/microdroid/userdata.img bs=1 count=0 seek=4G'
$ adb shell 'cd /data/local/tmp/microdroid; /apex/com.android.virt/bin/mk_payload /apex/com.android.virt/etc/microdroid_payload.json payload.img'
$ adb shell 'chmod go+r /data/local/tmp/microdroid/payload*'
$ adb push microdroid.json /data/local/tmp/microdroid/microdroid.json
diff --git a/microdroid/fstab.microdroid b/microdroid/fstab.microdroid
index fd8d395..129718e 100644
--- a/microdroid/fstab.microdroid
+++ b/microdroid/fstab.microdroid
@@ -1,4 +1,2 @@
system /system ext4 noatime,ro,errors=panic wait,first_stage_mount,logical
vendor /vendor ext4 noatime,ro,errors=panic wait,first_stage_mount,logical
-
-/dev/block/by-name/userdata /data ext4 noatime,nosuid,nodev,errors=panic latemount,wait,check,formattable,fileencryption=aes-256-xts
diff --git a/microdroid/init.rc b/microdroid/init.rc
index 074e118..2385d8f 100644
--- a/microdroid/init.rc
+++ b/microdroid/init.rc
@@ -99,9 +99,6 @@
trigger early-boot
trigger boot
-on early-fs
- start vold
-
on post-fs
# Once everything is setup, no need to modify /.
# The bind+remount combination allows this to work in containers.
@@ -114,7 +111,8 @@
exec_start wait_for_keymaster
- mount_all /vendor/etc/fstab.microdroid --late
+ # TODO(b/185767624): change the hard-coded size?
+ mount tmpfs tmpfs /data noatime nosuid nodev rw size=128M
on post-fs-data
mark_post_data
@@ -126,25 +124,22 @@
# We restorecon /data in case the userdata partition has been reset.
restorecon /data
- # Make sure we have the device encryption key.
- installkey /data
-
- mkdir /data/vendor 0771 root root encryption=Require
- mkdir /data/vendor_ce 0771 root root encryption=None
- mkdir /data/vendor_de 0771 root root encryption=None
+ mkdir /data/vendor 0771 root root
+ mkdir /data/vendor_ce 0771 root root
+ mkdir /data/vendor_de 0771 root root
mkdir /data/vendor/hardware 0771 root root
# Start tombstoned early to be able to store tombstones.
# microdroid doesn't have anr, but tombstoned requires it
- mkdir /data/anr 0775 system system encryption=Require
- mkdir /data/tombstones 0771 system system encryption=Require
+ mkdir /data/anr 0775 system system
+ mkdir /data/tombstones 0771 system system
mkdir /data/vendor/tombstones 0771 root root
start tombstoned
# set up keystore directory structure first so that we can end early boot
# and start apexd
- mkdir /data/misc 01771 system misc encryption=Require
+ mkdir /data/misc 01771 system misc
mkdir /data/misc/keystore 0700 keystore keystore
# work around b/183668221
restorecon /data/misc /data/misc/keystore
@@ -155,15 +150,9 @@
# to leave room for earlier levels.
setprop keystore.boot_level 30
- # Now that /data is mounted and we have created /data/misc/keystore,
- # we can tell keystore to stop allowing use of early-boot keys,
- # and access its database for the first time to support creation and
- # use of MAX_BOOT_LEVEL keys.
- exec - system system -- /system/bin/vdc keymaster earlyBootEnded
-
# For security reasons, /data/local/tmp should always be empty.
# Do not place files or directories in /data/local/tmp
- mkdir /data/local 0751 root root encryption=Require
+ mkdir /data/local 0751 root root
mkdir /data/local/tmp 0771 shell shell
service ueventd /system/bin/ueventd
@@ -189,6 +178,3 @@
on property:sys.boot_completed=1
start logd-auditctl
-
-on property:vold.decrypt=trigger_post_fs_data
- trigger post-fs-data
diff --git a/microdroid/microdroid_cdisk_userdata.json b/microdroid/microdroid_cdisk_userdata.json
deleted file mode 100644
index 04af3f2..0000000
--- a/microdroid/microdroid_cdisk_userdata.json
+++ /dev/null
@@ -1,9 +0,0 @@
-{
- "partitions": [
- {
- "label": "userdata",
- "path": "userdata.img",
- "writable": true
- }
- ]
-}