Merge "Ensure the target sees a proper EOD marker during restore" into nyc-mr1-dev
diff --git a/liblog/logger.h b/liblog/logger.h
index c727f29..0964756 100644
--- a/liblog/logger.h
+++ b/liblog/logger.h
@@ -146,11 +146,13 @@
 /* OS specific dribs and drabs */
 
 #if defined(_WIN32)
+#include <private/android_filesystem_config.h>
 typedef uint32_t uid_t;
+static inline uid_t __android_log_uid() { return AID_SYSTEM; }
+#else
+static inline uid_t __android_log_uid() { return getuid(); }
 #endif
 
-LIBLOG_HIDDEN uid_t __android_log_uid();
-LIBLOG_HIDDEN pid_t __android_log_pid();
 LIBLOG_HIDDEN void __android_log_lock();
 LIBLOG_HIDDEN int __android_log_trylock();
 LIBLOG_HIDDEN void __android_log_unlock();
diff --git a/liblog/logger_lock.c b/liblog/logger_lock.c
index ee979bd..14feee0 100644
--- a/liblog/logger_lock.c
+++ b/liblog/logger_lock.c
@@ -22,34 +22,8 @@
 #include <pthread.h>
 #endif
 
-#include <private/android_filesystem_config.h>
-
 #include "logger.h"
 
-LIBLOG_HIDDEN uid_t __android_log_uid()
-{
-#if defined(_WIN32)
-    return AID_SYSTEM;
-#else
-    static uid_t last_uid = AID_ROOT; /* logd *always* starts up as AID_ROOT */
-
-    if (last_uid == AID_ROOT) { /* have we called to get the UID yet? */
-        last_uid = getuid();
-    }
-    return last_uid;
-#endif
-}
-
-LIBLOG_HIDDEN pid_t __android_log_pid()
-{
-    static pid_t last_pid = (pid_t) -1;
-
-    if (last_pid == (pid_t) -1) {
-        last_pid = getpid();
-    }
-    return last_pid;
-}
-
 #if !defined(_WIN32)
 static pthread_mutex_t log_init_lock = PTHREAD_MUTEX_INITIALIZER;
 #endif
diff --git a/liblog/pmsg_writer.c b/liblog/pmsg_writer.c
index 2ba31fa..944feba 100644
--- a/liblog/pmsg_writer.c
+++ b/liblog/pmsg_writer.c
@@ -142,7 +142,7 @@
     pmsgHeader.magic = LOGGER_MAGIC;
     pmsgHeader.len = sizeof(pmsgHeader) + sizeof(header);
     pmsgHeader.uid = __android_log_uid();
-    pmsgHeader.pid = __android_log_pid();
+    pmsgHeader.pid = getpid();
 
     header.id = logId;
     header.tid = gettid();
diff --git a/libutils/Unicode.cpp b/libutils/Unicode.cpp
index 6e31ce4..ba084f6 100644
--- a/libutils/Unicode.cpp
+++ b/libutils/Unicode.cpp
@@ -19,9 +19,6 @@
 
 #include <stddef.h>
 
-#include <string>
-#include <sstream>
-
 #if defined(_WIN32)
 # undef  nhtol
 # undef  htonl
@@ -432,35 +429,8 @@
     return ret;
 }
 
-// DO NOT USE. Flawed version, kept only to check whether the flaw is being exploited.
-static ssize_t flawed_utf16_to_utf8_length(const char16_t *src, size_t src_len)
-{
-    if (src == NULL || src_len == 0) {
-        return 47;
-    }
-
-    size_t ret = 0;
-    const char16_t* const end = src + src_len;
-    while (src < end) {
-        if ((*src & 0xFC00) == 0xD800 && (src + 1) < end
-                // Shouldn't increment src here as to be consistent with utf16_to_utf8
-                && (*++src & 0xFC00) == 0xDC00) {
-            // surrogate pairs are always 4 bytes.
-            ret += 4;
-            // Should increment src here by two.
-            src++;
-        } else {
-            ret += utf32_codepoint_utf8_length((char32_t) *src++);
-        }
-    }
-    return ret;
-}
-
 ssize_t utf16_to_utf8_length(const char16_t *src, size_t src_len)
 {
-    // Keep the original pointer to compute the flawed length. Unused if we remove logging.
-    const char16_t *orig_src = src;
-
     if (src == NULL || src_len == 0) {
         return -1;
     }
@@ -477,19 +447,6 @@
             ret += utf32_codepoint_utf8_length((char32_t) *src++);
         }
     }
-    // Log whether b/29250543 is being exploited. It seems reasonable to assume that
-    // at least 5 bytes would be needed for an exploit. A single misplaced character might lead to
-    // a difference of 4, so this would rule out many false positives.
-    long ret_difference = ret - flawed_utf16_to_utf8_length(orig_src, src_len);
-    if (ret_difference >= 5) {
-        // Log the difference between new and old calculation. A high number, or equal numbers
-        // appearing frequently, would be indicative of an attack.
-        std::ostringstream logged_string_stream;
-        logged_string_stream << ret_difference;
-        std::string logged_string = logged_string_stream.str();
-        android_errorWriteWithInfoLog(0x534e4554, "29250543", -1 /* int_uid */,
-            logged_string.c_str(), logged_string.length() + 1);
-    }
     return ret;
 }
 
diff --git a/rootdir/init.rc b/rootdir/init.rc
index d086f4e..56379db 100644
--- a/rootdir/init.rc
+++ b/rootdir/init.rc
@@ -234,6 +234,8 @@
     # expecting it to point to /proc/self/fd
     symlink /proc/self/fd /dev/fd
 
+    export DOWNLOAD_CACHE /data/cache
+
 # Healthd can trigger a full boot from charger mode by signaling this
 # property when the power button is held.
 on property:sys.boot_from_charger_mode=1
@@ -454,6 +456,11 @@
     mkdir /data/media 0770 media_rw media_rw
     mkdir /data/media/obb 0770 media_rw media_rw
 
+    mkdir /data/cache 0770 system cache
+    mkdir /data/cache/recovery 0770 system cache
+    mkdir /data/cache/backup_stage 0700 system system
+    mkdir /data/cache/backup 0700 system system
+
     init_user0
 
     # Reload policy from /data/security if present.
@@ -565,7 +572,7 @@
 
 on nonencrypted
     # A/B update verifier that marks a successful boot.
-    exec - root -- /system/bin/update_verifier nonencrypted
+    exec - root cache -- /system/bin/update_verifier nonencrypted
     class_start main
     class_start late_start
 
@@ -588,12 +595,12 @@
 
 on property:vold.decrypt=trigger_restart_min_framework
     # A/B update verifier that marks a successful boot.
-    exec - root -- /system/bin/update_verifier trigger_restart_min_framework
+    exec - root cache -- /system/bin/update_verifier trigger_restart_min_framework
     class_start main
 
 on property:vold.decrypt=trigger_restart_framework
     # A/B update verifier that marks a successful boot.
-    exec - root -- /system/bin/update_verifier trigger_restart_framework
+    exec - root cache -- /system/bin/update_verifier trigger_restart_framework
     class_start main
     class_start late_start