Reconcile with gingerbread-release honeycomb-release
Change-Id: I70f4170b78ed5412a4addd3c603c8ff52c8cfa0d
diff --git a/DirectVolume.cpp b/DirectVolume.cpp
index 3191cc7..2ca0e72 100644
--- a/DirectVolume.cpp
+++ b/DirectVolume.cpp
@@ -186,6 +186,11 @@
part_num = 1;
}
+ if (part_num > MAX_PARTITIONS || part_num < 1) {
+ SLOGE("Invalid 'PARTN' value");
+ return;
+ }
+
if (part_num > mDiskNumParts) {
mDiskNumParts = part_num;
}
diff --git a/NetlinkManager.cpp b/NetlinkManager.cpp
index 36db0ff..29cd88e 100644
--- a/NetlinkManager.cpp
+++ b/NetlinkManager.cpp
@@ -50,6 +50,7 @@
int NetlinkManager::start() {
struct sockaddr_nl nladdr;
int sz = 64 * 1024;
+ int on = 1;
memset(&nladdr, 0, sizeof(nladdr));
nladdr.nl_family = AF_NETLINK;
@@ -63,7 +64,12 @@
}
if (setsockopt(mSock, SOL_SOCKET, SO_RCVBUFFORCE, &sz, sizeof(sz)) < 0) {
- SLOGE("Unable to set uevent socket options: %s", strerror(errno));
+ SLOGE("Unable to set uevent socket SO_RECBUFFORCE option: %s", strerror(errno));
+ return -1;
+ }
+
+ if (setsockopt(mSock, SOL_SOCKET, SO_PASSCRED, &on, sizeof(on)) < 0) {
+ SLOGE("Unable to set uevent socket SO_PASSCRED option: %s", strerror(errno));
return -1;
}
diff --git a/Volume.cpp b/Volume.cpp
index d67a6c4..ce41455 100644
--- a/Volume.cpp
+++ b/Volume.cpp
@@ -33,6 +33,8 @@
#include <diskconfig/diskconfig.h>
+#include <private/android_filesystem_config.h>
+
#define LOG_TAG "Vold"
#include <cutils/log.h>
@@ -280,6 +282,8 @@
dev_t deviceNodes[4];
int n, i, rc = 0;
char errmsg[255];
+ const char* externalStorage = getenv("EXTERNAL_STORAGE");
+ bool primaryStorage = externalStorage && !strcmp(getMountpoint(), externalStorage);
if (getState() == Volume::State_NoMedia) {
snprintf(errmsg, sizeof(errmsg),
@@ -336,8 +340,18 @@
* muck with it before exposing it to non priviledged users.
*/
errno = 0;
+ int gid;
+
+ if (primaryStorage) {
+ // Special case the primary SD card.
+ // For this we grant write access to the SDCARD_RW group.
+ gid = AID_SDCARD_RW;
+ } else {
+ // For secondary external storage we keep things locked up.
+ gid = AID_MEDIA_RW;
+ }
if (Fat::doMount(devicePath, "/mnt/secure/staging", false, false, false,
- 1000, 1015, 0702, true)) {
+ AID_SYSTEM, gid, 0702, true)) {
SLOGE("%s failed to mount via VFAT (%s)\n", devicePath, strerror(errno));
continue;
}
@@ -346,7 +360,8 @@
protectFromAutorunStupidity();
- if (createBindMounts()) {
+ // only create android_secure on primary storage
+ if (primaryStorage && createBindMounts()) {
SLOGE("Failed to create bindmounts (%s)", strerror(errno));
umount("/mnt/secure/staging");
setState(Volume::State_Idle);
diff --git a/cryptfs.c b/cryptfs.c
index f25fba7..68d2787 100644
--- a/cryptfs.c
+++ b/cryptfs.c
@@ -35,7 +35,7 @@
#include <openssl/evp.h>
#include <openssl/sha.h>
#include <errno.h>
-#include <sys/reboot.h>
+#include <cutils/android_reboot.h>
#include <ext4.h>
#include "cryptfs.h"
#define LOG_TAG "Cryptfs"
@@ -634,6 +634,7 @@
/* If that succeeded, then mount the decrypted filesystem */
mount(crypto_blkdev, DATA_MNT_POINT, fs_type, mnt_flags, fs_options);
+ property_set("vold.decrypt", "trigger_load_persist_props");
/* Create necessary paths on /data */
if (prep_data_fs()) {
return -1;
@@ -1038,9 +1039,7 @@
/* Initialize a crypt_mnt_ftr for the partition */
cryptfs_init_crypt_mnt_ftr(&crypt_ftr);
crypt_ftr.fs_size = nr_sec - (CRYPT_FOOTER_OFFSET / 512);
-#if 0 /* Disable till MR1, needs more testing */
crypt_ftr.flags |= CRYPT_ENCRYPTION_IN_PROGRESS;
-#endif
strcpy((char *)crypt_ftr.crypto_type_name, "aes-cbc-essiv:sha256");
/* Make an encrypted master key */
@@ -1071,15 +1070,12 @@
if (! rc) {
/* Success */
-#if 0 /* Disable till MR1, needs more testing */
/* Clear the encryption in progres flag in the footer */
crypt_ftr.flags &= ~CRYPT_ENCRYPTION_IN_PROGRESS;
put_crypt_ftr_and_key(real_blkdev, &crypt_ftr, 0, 0);
-#endif
sleep(2); /* Give the UI a change to show 100% progress */
- sync();
- reboot(LINUX_REBOOT_CMD_RESTART);
+ android_reboot(ANDROID_RB_RESTART, 0, 0);
} else {
property_set("vold.encrypt_progress", "error_partially_encrypted");
release_wake_lock(lockid);
@@ -1107,8 +1103,7 @@
* vold to restart the system.
*/
SLOGE("Error enabling encryption after framework is shutdown, no data changed, restarting system");
- sync();
- reboot(LINUX_REBOOT_CMD_RESTART);
+ android_reboot(ANDROID_RB_RESTART, 0, 0);
/* shouldn't get here */
property_set("vold.encrypt_progress", "error_shutting_down");