Merge "Ensure the target sees a proper EOD marker during restore" into nyc-mr1-dev
diff --git a/liblog/logger.h b/liblog/logger.h
index c727f29..0964756 100644
--- a/liblog/logger.h
+++ b/liblog/logger.h
@@ -146,11 +146,13 @@
/* OS specific dribs and drabs */
#if defined(_WIN32)
+#include <private/android_filesystem_config.h>
typedef uint32_t uid_t;
+static inline uid_t __android_log_uid() { return AID_SYSTEM; }
+#else
+static inline uid_t __android_log_uid() { return getuid(); }
#endif
-LIBLOG_HIDDEN uid_t __android_log_uid();
-LIBLOG_HIDDEN pid_t __android_log_pid();
LIBLOG_HIDDEN void __android_log_lock();
LIBLOG_HIDDEN int __android_log_trylock();
LIBLOG_HIDDEN void __android_log_unlock();
diff --git a/liblog/logger_lock.c b/liblog/logger_lock.c
index ee979bd..14feee0 100644
--- a/liblog/logger_lock.c
+++ b/liblog/logger_lock.c
@@ -22,34 +22,8 @@
#include <pthread.h>
#endif
-#include <private/android_filesystem_config.h>
-
#include "logger.h"
-LIBLOG_HIDDEN uid_t __android_log_uid()
-{
-#if defined(_WIN32)
- return AID_SYSTEM;
-#else
- static uid_t last_uid = AID_ROOT; /* logd *always* starts up as AID_ROOT */
-
- if (last_uid == AID_ROOT) { /* have we called to get the UID yet? */
- last_uid = getuid();
- }
- return last_uid;
-#endif
-}
-
-LIBLOG_HIDDEN pid_t __android_log_pid()
-{
- static pid_t last_pid = (pid_t) -1;
-
- if (last_pid == (pid_t) -1) {
- last_pid = getpid();
- }
- return last_pid;
-}
-
#if !defined(_WIN32)
static pthread_mutex_t log_init_lock = PTHREAD_MUTEX_INITIALIZER;
#endif
diff --git a/liblog/pmsg_writer.c b/liblog/pmsg_writer.c
index 2ba31fa..944feba 100644
--- a/liblog/pmsg_writer.c
+++ b/liblog/pmsg_writer.c
@@ -142,7 +142,7 @@
pmsgHeader.magic = LOGGER_MAGIC;
pmsgHeader.len = sizeof(pmsgHeader) + sizeof(header);
pmsgHeader.uid = __android_log_uid();
- pmsgHeader.pid = __android_log_pid();
+ pmsgHeader.pid = getpid();
header.id = logId;
header.tid = gettid();
diff --git a/libutils/Unicode.cpp b/libutils/Unicode.cpp
index 6e31ce4..ba084f6 100644
--- a/libutils/Unicode.cpp
+++ b/libutils/Unicode.cpp
@@ -19,9 +19,6 @@
#include <stddef.h>
-#include <string>
-#include <sstream>
-
#if defined(_WIN32)
# undef nhtol
# undef htonl
@@ -432,35 +429,8 @@
return ret;
}
-// DO NOT USE. Flawed version, kept only to check whether the flaw is being exploited.
-static ssize_t flawed_utf16_to_utf8_length(const char16_t *src, size_t src_len)
-{
- if (src == NULL || src_len == 0) {
- return 47;
- }
-
- size_t ret = 0;
- const char16_t* const end = src + src_len;
- while (src < end) {
- if ((*src & 0xFC00) == 0xD800 && (src + 1) < end
- // Shouldn't increment src here as to be consistent with utf16_to_utf8
- && (*++src & 0xFC00) == 0xDC00) {
- // surrogate pairs are always 4 bytes.
- ret += 4;
- // Should increment src here by two.
- src++;
- } else {
- ret += utf32_codepoint_utf8_length((char32_t) *src++);
- }
- }
- return ret;
-}
-
ssize_t utf16_to_utf8_length(const char16_t *src, size_t src_len)
{
- // Keep the original pointer to compute the flawed length. Unused if we remove logging.
- const char16_t *orig_src = src;
-
if (src == NULL || src_len == 0) {
return -1;
}
@@ -477,19 +447,6 @@
ret += utf32_codepoint_utf8_length((char32_t) *src++);
}
}
- // Log whether b/29250543 is being exploited. It seems reasonable to assume that
- // at least 5 bytes would be needed for an exploit. A single misplaced character might lead to
- // a difference of 4, so this would rule out many false positives.
- long ret_difference = ret - flawed_utf16_to_utf8_length(orig_src, src_len);
- if (ret_difference >= 5) {
- // Log the difference between new and old calculation. A high number, or equal numbers
- // appearing frequently, would be indicative of an attack.
- std::ostringstream logged_string_stream;
- logged_string_stream << ret_difference;
- std::string logged_string = logged_string_stream.str();
- android_errorWriteWithInfoLog(0x534e4554, "29250543", -1 /* int_uid */,
- logged_string.c_str(), logged_string.length() + 1);
- }
return ret;
}
diff --git a/rootdir/init.rc b/rootdir/init.rc
index d086f4e..56379db 100644
--- a/rootdir/init.rc
+++ b/rootdir/init.rc
@@ -234,6 +234,8 @@
# expecting it to point to /proc/self/fd
symlink /proc/self/fd /dev/fd
+ export DOWNLOAD_CACHE /data/cache
+
# Healthd can trigger a full boot from charger mode by signaling this
# property when the power button is held.
on property:sys.boot_from_charger_mode=1
@@ -454,6 +456,11 @@
mkdir /data/media 0770 media_rw media_rw
mkdir /data/media/obb 0770 media_rw media_rw
+ mkdir /data/cache 0770 system cache
+ mkdir /data/cache/recovery 0770 system cache
+ mkdir /data/cache/backup_stage 0700 system system
+ mkdir /data/cache/backup 0700 system system
+
init_user0
# Reload policy from /data/security if present.
@@ -565,7 +572,7 @@
on nonencrypted
# A/B update verifier that marks a successful boot.
- exec - root -- /system/bin/update_verifier nonencrypted
+ exec - root cache -- /system/bin/update_verifier nonencrypted
class_start main
class_start late_start
@@ -588,12 +595,12 @@
on property:vold.decrypt=trigger_restart_min_framework
# A/B update verifier that marks a successful boot.
- exec - root -- /system/bin/update_verifier trigger_restart_min_framework
+ exec - root cache -- /system/bin/update_verifier trigger_restart_min_framework
class_start main
on property:vold.decrypt=trigger_restart_framework
# A/B update verifier that marks a successful boot.
- exec - root -- /system/bin/update_verifier trigger_restart_framework
+ exec - root cache -- /system/bin/update_verifier trigger_restart_framework
class_start main
class_start late_start