Add support for encrypted storage expansion
Capability to configure the encrypted storage size
Partition resizing to the required size upon boot
New unit tests to validate this functionality
Bug: 381067202
Test: atest MicrodroidTests
Change-Id: I6f5737ee601e7c511bdd316b180bf50e3d102ab1
diff --git a/guest/encryptedstore/src/main.rs b/guest/encryptedstore/src/main.rs
index dd4ee3b..8647003 100644
--- a/guest/encryptedstore/src/main.rs
+++ b/guest/encryptedstore/src/main.rs
@@ -30,7 +30,9 @@
use std::path::{Path, PathBuf};
use std::process::Command;
+const E2FSCK_BIN: &str = "/system/bin/e2fsck";
const MK2FS_BIN: &str = "/system/bin/mke2fs";
+const RESIZE2FS_BIN: &str = "/system/bin/resize2fs";
const UNFORMATTED_STORAGE_MAGIC: &str = "UNFORMATTED-STORAGE";
fn main() {
@@ -91,6 +93,8 @@
if needs_formatting {
info!("Freshly formatting the crypt device");
format_ext4(&crypt_device)?;
+ } else {
+ resize_fs(&crypt_device)?;
}
mount(&crypt_device, mountpoint)
.with_context(|| format!("Unable to mount {:?}", crypt_device))?;
@@ -174,6 +178,27 @@
Ok(())
}
+fn resize_fs(device: &Path) -> Result<()> {
+ // Check the partition
+ Command::new(E2FSCK_BIN)
+ .arg("-fvy")
+ .arg(device)
+ .status()
+ .context("failed to execute e2fsck")?;
+
+ // Resize the filesystem to the size of the device.
+ Command::new(RESIZE2FS_BIN).arg(device).status().context("failed to execute resize2fs")?;
+
+ // Finally check again if we were successful.
+ Command::new(E2FSCK_BIN)
+ .arg("-fvy")
+ .arg(device)
+ .status()
+ .context("failed to execute e2fsck")?;
+
+ Ok(())
+}
+
fn mount(source: &Path, mountpoint: &Path) -> Result<()> {
create_dir_all(mountpoint).with_context(|| format!("Failed to create {:?}", &mountpoint))?;
let mount_options = CString::new(
diff --git a/guest/microdroid_manager/src/main.rs b/guest/microdroid_manager/src/main.rs
index 57ad35d..d665c87 100644
--- a/guest/microdroid_manager/src/main.rs
+++ b/guest/microdroid_manager/src/main.rs
@@ -368,14 +368,6 @@
umount2("/microdroid_resources", MntFlags::MNT_DETACH)?;
}
- // Run encryptedstore binary to prepare the storage
- let encryptedstore_child = if Path::new(ENCRYPTEDSTORE_BACKING_DEVICE).exists() {
- info!("Preparing encryptedstore ...");
- Some(prepare_encryptedstore(&vm_secret).context("encryptedstore run")?)
- } else {
- None
- };
-
let mut zipfuse = Zipfuse::default();
// Before reading a file from the APK, start zipfuse
@@ -410,6 +402,19 @@
);
mount_extra_apks(&config, &mut zipfuse)?;
+ // Wait until apex config is done. (e.g. linker configuration for apexes)
+ wait_for_property_true(APEX_CONFIG_DONE_PROP).context("Failed waiting for apex config done")?;
+
+ // Run encryptedstore binary to prepare the storage
+ // Postpone initialization until apex mount completes to ensure e2fsck and resize2fs binaries
+ // are accessible.
+ let encryptedstore_child = if Path::new(ENCRYPTEDSTORE_BACKING_DEVICE).exists() {
+ info!("Preparing encryptedstore ...");
+ Some(prepare_encryptedstore(&vm_secret).context("encryptedstore run")?)
+ } else {
+ None
+ };
+
register_vm_payload_service(
allow_restricted_apis,
service.clone(),
@@ -425,9 +430,6 @@
.context("set microdroid_manager.export_tombstones.enabled")?;
}
- // Wait until apex config is done. (e.g. linker configuration for apexes)
- wait_for_property_true(APEX_CONFIG_DONE_PROP).context("Failed waiting for apex config done")?;
-
// Trigger init post-fs-data. This will start authfs if we wask it to.
if config.enable_authfs {
system_properties::write("microdroid_manager.authfs.enabled", "1")