Merge "Allow fiemap_writer_test to run in arbitrary directories."
diff --git a/adb/adb.h b/adb/adb.h
index 9209997..3a8cb7b 100644
--- a/adb/adb.h
+++ b/adb/adb.h
@@ -153,7 +153,7 @@
#endif
#if !ADB_HOST
-unique_fd execute_binder_command(std::string_view command);
+unique_fd execute_abb_command(std::string_view command);
#endif
#if !ADB_HOST
diff --git a/adb/client/file_sync_client.cpp b/adb/client/file_sync_client.cpp
index b8827ef..7e470e1 100644
--- a/adb/client/file_sync_client.cpp
+++ b/adb/client/file_sync_client.cpp
@@ -681,9 +681,7 @@
if (sync) {
struct stat st;
if (sync_lstat(sc, rpath, &st)) {
- // For links, we cannot update the atime/mtime.
- if ((S_ISREG(mode & st.st_mode) && st.st_mtime == static_cast<time_t>(mtime)) ||
- (S_ISLNK(mode & st.st_mode) && st.st_mtime >= static_cast<time_t>(mtime))) {
+ if (st.st_mtime == static_cast<time_t>(mtime)) {
sc.RecordFilesSkipped(1);
return true;
}
@@ -921,12 +919,8 @@
for (copyinfo& ci : file_list) {
struct stat st;
if (sc.FinishStat(&st)) {
- if (st.st_size == static_cast<off_t>(ci.size)) {
- // For links, we cannot update the atime/mtime.
- if ((S_ISREG(ci.mode & st.st_mode) && st.st_mtime == ci.time) ||
- (S_ISLNK(ci.mode & st.st_mode) && st.st_mtime >= ci.time)) {
- ci.skip = true;
- }
+ if (st.st_size == static_cast<off_t>(ci.size) && st.st_mtime == ci.time) {
+ ci.skip = true;
}
}
}
diff --git a/adb/daemon/abb.cpp b/adb/daemon/abb.cpp
index d949dd1..4ffa6bb 100644
--- a/adb/daemon/abb.cpp
+++ b/adb/daemon/abb.cpp
@@ -85,7 +85,19 @@
break;
}
- unique_fd result = StartCommandInProcess(std::move(data), &execCmd);
+ std::string_view name = data;
+ auto protocol = SubprocessProtocol::kShell;
+ if (name.starts_with("abb:")) {
+ name.remove_prefix(strlen("abb:"));
+ protocol = SubprocessProtocol::kShell;
+ } else if (name.starts_with("abb_exec:")) {
+ name.remove_prefix(strlen("abb_exec:"));
+ protocol = SubprocessProtocol::kNone;
+ } else {
+ LOG(FATAL) << "Unknown command prefix for abb: " << data;
+ }
+
+ unique_fd result = StartCommandInProcess(std::string(name), &execCmd, protocol);
if (android::base::SendFileDescriptors(fd, "", 1, result.get()) != 1) {
PLOG(ERROR) << "Failed to send an inprocess fd for command: " << data;
break;
diff --git a/adb/daemon/abb_service.cpp b/adb/daemon/abb_service.cpp
index d32bf52..a435279 100644
--- a/adb/daemon/abb_service.cpp
+++ b/adb/daemon/abb_service.cpp
@@ -86,6 +86,6 @@
} // namespace
-unique_fd execute_binder_command(std::string_view command) {
+unique_fd execute_abb_command(std::string_view command) {
return abbp->sendCommand(command);
}
diff --git a/adb/daemon/file_sync_service.cpp b/adb/daemon/file_sync_service.cpp
index 9e1760d..70deb31 100644
--- a/adb/daemon/file_sync_service.cpp
+++ b/adb/daemon/file_sync_service.cpp
@@ -27,6 +27,7 @@
#include <string.h>
#include <sys/mount.h>
#include <sys/stat.h>
+#include <sys/time.h>
#include <sys/types.h>
#include <unistd.h>
#include <utime.h>
@@ -242,10 +243,10 @@
return SendSyncFail(fd, StringPrintf("%s: %s", reason.c_str(), strerror(errno)));
}
-static bool handle_send_file(int s, const char* path, uid_t uid, gid_t gid, uint64_t capabilities,
- mode_t mode, std::vector<char>& buffer, bool do_unlink) {
+static bool handle_send_file(int s, const char* path, uint32_t* timestamp, uid_t uid, gid_t gid,
+ uint64_t capabilities, mode_t mode, std::vector<char>& buffer,
+ bool do_unlink) {
syncmsg msg;
- unsigned int timestamp = 0;
__android_log_security_bswrite(SEC_TAG_ADB_SEND_FILE, path);
@@ -291,7 +292,7 @@
if (msg.data.id != ID_DATA) {
if (msg.data.id == ID_DONE) {
- timestamp = msg.data.size;
+ *timestamp = msg.data.size;
break;
}
SendSyncFail(s, "invalid data message");
@@ -316,11 +317,6 @@
goto fail;
}
- utimbuf u;
- u.actime = timestamp;
- u.modtime = timestamp;
- utime(path, &u);
-
msg.status.id = ID_OKAY;
msg.status.msglen = 0;
return WriteFdExactly(s, &msg.status, sizeof(msg.status));
@@ -360,9 +356,12 @@
}
#if defined(_WIN32)
-extern bool handle_send_link(int s, const std::string& path, std::vector<char>& buffer) __attribute__((error("no symlinks on Windows")));
+extern bool handle_send_link(int s, const std::string& path,
+ uint32_t* timestamp, std::vector<char>& buffer)
+ __attribute__((error("no symlinks on Windows")));
#else
-static bool handle_send_link(int s, const std::string& path, std::vector<char>& buffer) {
+static bool handle_send_link(int s, const std::string& path, uint32_t* timestamp,
+ std::vector<char>& buffer) {
syncmsg msg;
if (!ReadFdExactly(s, &msg.data, sizeof(msg.data))) return false;
@@ -399,6 +398,7 @@
if (!ReadFdExactly(s, &msg.data, sizeof(msg.data))) return false;
if (msg.data.id == ID_DONE) {
+ *timestamp = msg.data.size;
msg.status.id = ID_OKAY;
msg.status.msglen = 0;
if (!WriteFdExactly(s, &msg.status, sizeof(msg.status))) return false;
@@ -448,24 +448,40 @@
adb_unlink(path.c_str());
}
+ bool result;
+ uint32_t timestamp;
if (S_ISLNK(mode)) {
- return handle_send_link(s, path.c_str(), buffer);
+ result = handle_send_link(s, path.c_str(), ×tamp, buffer);
+ } else {
+ // Copy user permission bits to "group" and "other" permissions.
+ mode &= 0777;
+ mode |= ((mode >> 3) & 0070);
+ mode |= ((mode >> 3) & 0007);
+
+ uid_t uid = -1;
+ gid_t gid = -1;
+ uint64_t capabilities = 0;
+ if (should_use_fs_config(path)) {
+ unsigned int broken_api_hack = mode;
+ fs_config(path.c_str(), 0, nullptr, &uid, &gid, &broken_api_hack, &capabilities);
+ mode = broken_api_hack;
+ }
+
+ result = handle_send_file(s, path.c_str(), ×tamp, uid, gid, capabilities, mode, buffer,
+ do_unlink);
}
- // Copy user permission bits to "group" and "other" permissions.
- mode &= 0777;
- mode |= ((mode >> 3) & 0070);
- mode |= ((mode >> 3) & 0007);
-
- uid_t uid = -1;
- gid_t gid = -1;
- uint64_t capabilities = 0;
- if (should_use_fs_config(path)) {
- unsigned int broken_api_hack = mode;
- fs_config(path.c_str(), 0, nullptr, &uid, &gid, &broken_api_hack, &capabilities);
- mode = broken_api_hack;
+ if (!result) {
+ return false;
}
- return handle_send_file(s, path.c_str(), uid, gid, capabilities, mode, buffer, do_unlink);
+
+ struct timeval tv[2];
+ tv[0].tv_sec = timestamp;
+ tv[0].tv_usec = 0;
+ tv[1].tv_sec = timestamp;
+ tv[1].tv_usec = 0;
+ lutimes(path.c_str(), tv);
+ return true;
}
static bool do_recv(int s, const char* path, std::vector<char>& buffer) {
diff --git a/adb/daemon/restart_service.cpp b/adb/daemon/restart_service.cpp
index 6803d93..16d2627 100644
--- a/adb/daemon/restart_service.cpp
+++ b/adb/daemon/restart_service.cpp
@@ -20,6 +20,7 @@
#include <unistd.h>
+#include <android-base/logging.h>
#include <android-base/properties.h>
#include <android-base/stringprintf.h>
#include <log/log_properties.h>
@@ -37,6 +38,7 @@
return;
}
+ LOG(INFO) << "adbd restarting as root";
android::base::SetProperty("service.adb.root", "1");
WriteFdExactly(fd.get(), "restarting adbd as root\n");
}
@@ -46,6 +48,8 @@
WriteFdExactly(fd.get(), "adbd not running as root\n");
return;
}
+
+ LOG(INFO) << "adbd restarting as nonroot";
android::base::SetProperty("service.adb.root", "0");
WriteFdExactly(fd.get(), "restarting adbd as non root\n");
}
@@ -56,11 +60,13 @@
return;
}
+ LOG(INFO) << "adbd restarting in TCP mode (port = " << port << ")";
android::base::SetProperty("service.adb.tcp.port", android::base::StringPrintf("%d", port));
WriteFdFmt(fd.get(), "restarting in TCP mode port: %d\n", port);
}
void restart_usb_service(unique_fd fd) {
+ LOG(INFO) << "adbd restarting in USB mode";
android::base::SetProperty("service.adb.tcp.port", "0");
WriteFdExactly(fd.get(), "restarting in USB mode\n");
}
diff --git a/adb/daemon/services.cpp b/adb/daemon/services.cpp
index d1f0345..362a987 100644
--- a/adb/daemon/services.cpp
+++ b/adb/daemon/services.cpp
@@ -244,9 +244,8 @@
unique_fd daemon_service_to_fd(std::string_view name, atransport* transport) {
#if defined(__ANDROID__) && !defined(__ANDROID_RECOVERY__)
- if (name.starts_with("abb:")) {
- name.remove_prefix(strlen("abb:"));
- return execute_binder_command(name);
+ if (name.starts_with("abb:") || name.starts_with("abb_exec:")) {
+ return execute_abb_command(name);
}
#endif
diff --git a/adb/daemon/shell_service.cpp b/adb/daemon/shell_service.cpp
index 0794bcd..e9d9c63 100644
--- a/adb/daemon/shell_service.cpp
+++ b/adb/daemon/shell_service.cpp
@@ -170,6 +170,8 @@
// Opens the file at |pts_name|.
int OpenPtyChildFd(const char* pts_name, unique_fd* error_sfd);
+ bool ConnectProtocolEndpoints(std::string* _Nonnull error);
+
static void ThreadHandler(void* userdata);
void PassDataStreams();
void WaitForExit();
@@ -383,42 +385,9 @@
}
D("subprocess parent: exec completed");
- if (protocol_ == SubprocessProtocol::kNone) {
- // No protocol: all streams pass through the stdinout FD and hook
- // directly into the local socket for raw data transfer.
- local_socket_sfd_.reset(stdinout_sfd_.release());
- } else {
- // Shell protocol: create another socketpair to intercept data.
- if (!CreateSocketpair(&protocol_sfd_, &local_socket_sfd_)) {
- *error = android::base::StringPrintf(
- "failed to create socketpair to intercept data: %s", strerror(errno));
- kill(pid_, SIGKILL);
- return false;
- }
- D("protocol FD = %d", protocol_sfd_.get());
-
- input_ = std::make_unique<ShellProtocol>(protocol_sfd_);
- output_ = std::make_unique<ShellProtocol>(protocol_sfd_);
- if (!input_ || !output_) {
- *error = "failed to allocate shell protocol objects";
- kill(pid_, SIGKILL);
- return false;
- }
-
- // Don't let reads/writes to the subprocess block our thread. This isn't
- // likely but could happen under unusual circumstances, such as if we
- // write a ton of data to stdin but the subprocess never reads it and
- // the pipe fills up.
- for (int fd : {stdinout_sfd_.get(), stderr_sfd_.get()}) {
- if (fd >= 0) {
- if (!set_file_block_mode(fd, false)) {
- *error = android::base::StringPrintf(
- "failed to set non-blocking mode for fd %d", fd);
- kill(pid_, SIGKILL);
- return false;
- }
- }
- }
+ if (!ConnectProtocolEndpoints(error)) {
+ kill(pid_, SIGKILL);
+ return false;
}
D("subprocess parent: completed");
@@ -429,7 +398,6 @@
unique_fd child_stdinout_sfd, child_stderr_sfd;
CHECK(type_ == SubprocessType::kRaw);
- CHECK(protocol_ == SubprocessProtocol::kShell);
__android_log_security_bswrite(SEC_TAG_ADB_SHELL_CMD, command_.c_str());
@@ -448,34 +416,9 @@
D("execinprocess: stdin/stdout FD = %d, stderr FD = %d", stdinout_sfd_.get(),
stderr_sfd_.get());
- // Required for shell protocol: create another socketpair to intercept data.
- if (!CreateSocketpair(&protocol_sfd_, &local_socket_sfd_)) {
- *error = android::base::StringPrintf("failed to create socketpair to intercept data: %s",
- strerror(errno));
+ if (!ConnectProtocolEndpoints(error)) {
return false;
}
- D("protocol FD = %d", protocol_sfd_.get());
-
- input_ = std::make_unique<ShellProtocol>(protocol_sfd_);
- output_ = std::make_unique<ShellProtocol>(protocol_sfd_);
- if (!input_ || !output_) {
- *error = "failed to allocate shell protocol objects";
- return false;
- }
-
- // Don't let reads/writes to the subprocess block our thread. This isn't
- // likely but could happen under unusual circumstances, such as if we
- // write a ton of data to stdin but the subprocess never reads it and
- // the pipe fills up.
- for (int fd : {stdinout_sfd_.get(), stderr_sfd_.get()}) {
- if (fd >= 0) {
- if (!set_file_block_mode(fd, false)) {
- *error = android::base::StringPrintf("failed to set non-blocking mode for fd %d",
- fd);
- return false;
- }
- }
- }
std::thread([inout_sfd = std::move(child_stdinout_sfd), err_sfd = std::move(child_stderr_sfd),
command = std::move(command),
@@ -486,6 +429,45 @@
return true;
}
+bool Subprocess::ConnectProtocolEndpoints(std::string* _Nonnull error) {
+ if (protocol_ == SubprocessProtocol::kNone) {
+ // No protocol: all streams pass through the stdinout FD and hook
+ // directly into the local socket for raw data transfer.
+ local_socket_sfd_.reset(stdinout_sfd_.release());
+ } else {
+ // Required for shell protocol: create another socketpair to intercept data.
+ if (!CreateSocketpair(&protocol_sfd_, &local_socket_sfd_)) {
+ *error = android::base::StringPrintf(
+ "failed to create socketpair to intercept data: %s", strerror(errno));
+ return false;
+ }
+ D("protocol FD = %d", protocol_sfd_.get());
+
+ input_ = std::make_unique<ShellProtocol>(protocol_sfd_);
+ output_ = std::make_unique<ShellProtocol>(protocol_sfd_);
+ if (!input_ || !output_) {
+ *error = "failed to allocate shell protocol objects";
+ return false;
+ }
+
+ // Don't let reads/writes to the subprocess block our thread. This isn't
+ // likely but could happen under unusual circumstances, such as if we
+ // write a ton of data to stdin but the subprocess never reads it and
+ // the pipe fills up.
+ for (int fd : {stdinout_sfd_.get(), stderr_sfd_.get()}) {
+ if (fd >= 0) {
+ if (!set_file_block_mode(fd, false)) {
+ *error = android::base::StringPrintf(
+ "failed to set non-blocking mode for fd %d", fd);
+ return false;
+ }
+ }
+ }
+ }
+
+ return true;
+}
+
bool Subprocess::StartThread(std::unique_ptr<Subprocess> subprocess, std::string* error) {
Subprocess* raw = subprocess.release();
std::thread(ThreadHandler, raw).detach();
@@ -863,12 +845,11 @@
return local_socket;
}
-unique_fd StartCommandInProcess(std::string name, Command command) {
+unique_fd StartCommandInProcess(std::string name, Command command, SubprocessProtocol protocol) {
LOG(INFO) << "StartCommandInProcess(" << dump_hex(name.data(), name.size()) << ")";
constexpr auto terminal_type = "";
constexpr auto type = SubprocessType::kRaw;
- constexpr auto protocol = SubprocessProtocol::kShell;
constexpr auto make_pty_raw = false;
auto subprocess = std::make_unique<Subprocess>(std::move(name), terminal_type, type, protocol,
diff --git a/adb/daemon/shell_service.h b/adb/daemon/shell_service.h
index fc66377..3abd958 100644
--- a/adb/daemon/shell_service.h
+++ b/adb/daemon/shell_service.h
@@ -49,7 +49,7 @@
//
// Returns an open FD connected to the thread or -1 on failure.
using Command = int(std::string_view args, int in, int out, int err);
-unique_fd StartCommandInProcess(std::string name, Command command);
+unique_fd StartCommandInProcess(std::string name, Command command, SubprocessProtocol protocol);
// Create a pipe containing the error.
unique_fd ReportError(SubprocessProtocol protocol, const std::string& message);
diff --git a/adb/daemon/usb.cpp b/adb/daemon/usb.cpp
index f0e2861..69d1c31 100644
--- a/adb/daemon/usb.cpp
+++ b/adb/daemon/usb.cpp
@@ -628,9 +628,10 @@
}
void usb_init() {
- if (!android::base::GetBoolProperty("persist.adb.nonblocking_ffs", false)) {
- usb_init_legacy();
- } else {
+ bool use_nonblocking = android::base::GetBoolProperty("persist.adb.nonblocking_ffs", true);
+ if (use_nonblocking) {
std::thread(usb_ffs_open_thread).detach();
+ } else {
+ usb_init_legacy();
}
}
diff --git a/adb/test_adb.py b/adb/test_adb.py
index 14e5071..8272722 100755
--- a/adb/test_adb.py
+++ b/adb/test_adb.py
@@ -416,6 +416,7 @@
output.strip(),
"already connected to {}".format(serial).encode("utf8"))
+ @unittest.skip("Currently failing b/123247844")
def test_reconnect(self):
"""Ensure that a disconnected device reconnects."""
diff --git a/adb/transport.cpp b/adb/transport.cpp
index 90f94ee..0b4e084 100644
--- a/adb/transport.cpp
+++ b/adb/transport.cpp
@@ -71,6 +71,8 @@
const char* const kFeatureApex = "apex";
const char* const kFeatureFixedPushMkdir = "fixed_push_mkdir";
const char* const kFeatureAbb = "abb";
+const char* const kFeatureFixedPushSymlinkTimestamp = "fixed_push_symlink_timestamp";
+const char* const kFeatureAbbExec = "abb_exec";
namespace {
@@ -1005,8 +1007,14 @@
const FeatureSet& supported_features() {
// Local static allocation to avoid global non-POD variables.
static const FeatureSet* features = new FeatureSet{
- kFeatureShell2, kFeatureCmd, kFeatureStat2,
- kFeatureFixedPushMkdir, kFeatureApex, kFeatureAbb,
+ kFeatureShell2,
+ kFeatureCmd,
+ kFeatureStat2,
+ kFeatureFixedPushMkdir,
+ kFeatureApex,
+ kFeatureAbb,
+ kFeatureFixedPushSymlinkTimestamp,
+ kFeatureAbbExec,
// Increment ADB_SERVER_VERSION when adding a feature that adbd needs
// to know about. Otherwise, the client can be stuck running an old
// version of the server even after upgrading their copy of adb.
diff --git a/adb/transport.h b/adb/transport.h
index 065c81f..a0174b8 100644
--- a/adb/transport.h
+++ b/adb/transport.h
@@ -67,6 +67,8 @@
extern const char* const kFeatureFixedPushMkdir;
// adbd supports android binder bridge (abb).
extern const char* const kFeatureAbb;
+// adbd properly updates symlink timestamps on push.
+extern const char* const kFeatureFixedPushSymlinkTimestamp;
TransportId NextTransportId();
diff --git a/base/cmsg.cpp b/base/cmsg.cpp
index 1879d44..42866f8 100644
--- a/base/cmsg.cpp
+++ b/base/cmsg.cpp
@@ -16,9 +16,8 @@
#include <android-base/cmsg.h>
-#include <alloca.h>
#include <errno.h>
-#include <malloc.h>
+#include <fcntl.h>
#include <stdlib.h>
#include <sys/socket.h>
#include <sys/user.h>
@@ -47,7 +46,8 @@
.msg_iov = &iov,
.msg_iovlen = 1,
.msg_control = cmsg_buf,
- .msg_controllen = cmsg_space,
+ // We can't cast to the actual type of the field, because it's different across platforms.
+ .msg_controllen = static_cast<unsigned int>(cmsg_space),
.msg_flags = 0,
};
@@ -61,7 +61,13 @@
cmsg_fds[i] = fds[i];
}
- return TEMP_FAILURE_RETRY(sendmsg(sockfd, &msg, MSG_NOSIGNAL));
+#if defined(__linux__)
+ int flags = MSG_NOSIGNAL;
+#else
+ int flags = 0;
+#endif
+
+ return TEMP_FAILURE_RETRY(sendmsg(sockfd, &msg, flags));
}
ssize_t ReceiveFileDescriptorVector(int sockfd, void* data, size_t len, size_t max_fds,
@@ -82,12 +88,18 @@
.msg_iov = &iov,
.msg_iovlen = 1,
.msg_control = cmsg_buf,
- .msg_controllen = cmsg_space,
+ // We can't cast to the actual type of the field, because it's different across platforms.
+ .msg_controllen = static_cast<unsigned int>(cmsg_space),
.msg_flags = 0,
};
- ssize_t rc = TEMP_FAILURE_RETRY(
- recvmsg(sockfd, &msg, MSG_TRUNC | MSG_CTRUNC | MSG_CMSG_CLOEXEC | MSG_NOSIGNAL));
+ int flags = MSG_TRUNC | MSG_CTRUNC;
+#if defined(__linux__)
+ flags |= MSG_CMSG_CLOEXEC | MSG_NOSIGNAL;
+#endif
+
+ ssize_t rc = TEMP_FAILURE_RETRY(recvmsg(sockfd, &msg, flags));
+
if (rc == -1) {
return -1;
}
@@ -112,11 +124,17 @@
}
// There isn't a macro that does the inverse of CMSG_LEN, so hack around it ourselves, with
- // some static asserts to ensure that CMSG_LEN behaves as we expect.
- static_assert(CMSG_LEN(0) + 1 * sizeof(int) == CMSG_LEN(1 * sizeof(int)));
- static_assert(CMSG_LEN(0) + 2 * sizeof(int) == CMSG_LEN(2 * sizeof(int)));
- static_assert(CMSG_LEN(0) + 3 * sizeof(int) == CMSG_LEN(3 * sizeof(int)));
- static_assert(CMSG_LEN(0) + 4 * sizeof(int) == CMSG_LEN(4 * sizeof(int)));
+ // some asserts to ensure that CMSG_LEN behaves as we expect.
+#if defined(__linux__)
+#define CMSG_ASSERT static_assert
+#else
+// CMSG_LEN is somehow not constexpr on darwin.
+#define CMSG_ASSERT CHECK
+#endif
+ CMSG_ASSERT(CMSG_LEN(0) + 1 * sizeof(int) == CMSG_LEN(1 * sizeof(int)));
+ CMSG_ASSERT(CMSG_LEN(0) + 2 * sizeof(int) == CMSG_LEN(2 * sizeof(int)));
+ CMSG_ASSERT(CMSG_LEN(0) + 3 * sizeof(int) == CMSG_LEN(3 * sizeof(int)));
+ CMSG_ASSERT(CMSG_LEN(0) + 4 * sizeof(int) == CMSG_LEN(4 * sizeof(int)));
if (cmsg->cmsg_len % sizeof(int) != 0) {
LOG(FATAL) << "cmsg_len(" << cmsg->cmsg_len << ") not aligned to sizeof(int)";
@@ -127,6 +145,10 @@
int* cmsg_fds = reinterpret_cast<int*>(CMSG_DATA(cmsg));
size_t cmsg_fdcount = static_cast<size_t>(cmsg->cmsg_len - CMSG_LEN(0)) / sizeof(int);
for (size_t i = 0; i < cmsg_fdcount; ++i) {
+#if !defined(__linux__)
+ // Linux uses MSG_CMSG_CLOEXEC instead of doing this manually.
+ fcntl(cmsg_fds[i], F_SETFD, FD_CLOEXEC);
+#endif
received_fds.emplace_back(cmsg_fds[i]);
}
}
diff --git a/debuggerd/Android.bp b/debuggerd/Android.bp
index 76c5ade..0cf3378 100644
--- a/debuggerd/Android.bp
+++ b/debuggerd/Android.bp
@@ -218,13 +218,11 @@
"liblog",
"libminijail",
"libnativehelper",
+ "libunwindstack",
],
static_libs: [
"libdebuggerd",
- "libdexfile_external", // libunwindstack dependency
- "libdexfile_support", // libunwindstack dependency
- "libunwindstack",
],
local_include_dirs: [
diff --git a/fs_mgr/fs_mgr.cpp b/fs_mgr/fs_mgr.cpp
index b69e773..0c904c4 100644
--- a/fs_mgr/fs_mgr.cpp
+++ b/fs_mgr/fs_mgr.cpp
@@ -1098,9 +1098,7 @@
}
} else if ((current_entry.fs_mgr_flags.verify)) {
int rc = fs_mgr_setup_verity(¤t_entry, true);
- if (__android_log_is_debuggable() &&
- (rc == FS_MGR_SETUP_VERITY_DISABLED ||
- rc == FS_MGR_SETUP_VERITY_SKIPPED)) {
+ if (rc == FS_MGR_SETUP_VERITY_DISABLED || rc == FS_MGR_SETUP_VERITY_SKIPPED) {
LINFO << "Verity disabled";
} else if (rc != FS_MGR_SETUP_VERITY_SUCCESS) {
LERROR << "Could not set up verified partition, skipping!";
@@ -1331,9 +1329,7 @@
}
} else if (fstab_entry.fs_mgr_flags.verify) {
int rc = fs_mgr_setup_verity(&fstab_entry, true);
- if (__android_log_is_debuggable() &&
- (rc == FS_MGR_SETUP_VERITY_DISABLED ||
- rc == FS_MGR_SETUP_VERITY_SKIPPED)) {
+ if (rc == FS_MGR_SETUP_VERITY_DISABLED || rc == FS_MGR_SETUP_VERITY_SKIPPED) {
LINFO << "Verity disabled";
} else if (rc != FS_MGR_SETUP_VERITY_SUCCESS) {
LERROR << "Could not set up verified partition, skipping!";
diff --git a/fs_mgr/fs_mgr_fstab.cpp b/fs_mgr/fs_mgr_fstab.cpp
index 4659add..82d9144 100644
--- a/fs_mgr/fs_mgr_fstab.cpp
+++ b/fs_mgr/fs_mgr_fstab.cpp
@@ -607,10 +607,14 @@
return userdata;
}
-void EraseFstabEntry(Fstab* fstab, const std::string& mount_point) {
+bool EraseFstabEntry(Fstab* fstab, const std::string& mount_point) {
auto iter = std::remove_if(fstab->begin(), fstab->end(),
[&](const auto& entry) { return entry.mount_point == mount_point; });
- fstab->erase(iter, fstab->end());
+ if (iter != fstab->end()) {
+ fstab->erase(iter, fstab->end());
+ return true;
+ }
+ return false;
}
void TransformFstabForGsi(Fstab* fstab) {
@@ -628,11 +632,13 @@
userdata = BuildGsiUserdataFstabEntry();
}
- EraseFstabEntry(fstab, "/system");
- EraseFstabEntry(fstab, "/data");
+ if (EraseFstabEntry(fstab, "/system")) {
+ fstab->emplace_back(BuildGsiSystemFstabEntry());
+ }
- fstab->emplace_back(BuildGsiSystemFstabEntry());
- fstab->emplace_back(userdata);
+ if (EraseFstabEntry(fstab, "/data")) {
+ fstab->emplace_back(userdata);
+ }
}
} // namespace
diff --git a/fs_mgr/fs_mgr_overlayfs.cpp b/fs_mgr/fs_mgr_overlayfs.cpp
index 9364b2d..3d5062c 100644
--- a/fs_mgr/fs_mgr_overlayfs.cpp
+++ b/fs_mgr/fs_mgr_overlayfs.cpp
@@ -157,7 +157,12 @@
fs_mgr_update_logical_partition(entry);
}
auto save_errno = errno;
+ errno = 0;
auto has_shared_blocks = fs_mgr_has_shared_blocks(entry->mount_point, entry->blk_device);
+ // special case for first stage init for system as root (taimen)
+ if (!has_shared_blocks && (errno == ENOENT) && (entry->blk_device == "/dev/root")) {
+ has_shared_blocks = true;
+ }
errno = save_errno;
return has_shared_blocks;
}
diff --git a/fs_mgr/libfiemap_writer/fiemap_writer.cpp b/fs_mgr/libfiemap_writer/fiemap_writer.cpp
index b9b75f8..5b8a9c2 100644
--- a/fs_mgr/libfiemap_writer/fiemap_writer.cpp
+++ b/fs_mgr/libfiemap_writer/fiemap_writer.cpp
@@ -225,7 +225,7 @@
// don't come back unwritten. Return from this function with the kernel file offset set to 0.
// If the filesystem is f2fs, then we also PIN the file on disk to make sure the blocks
// aren't moved around.
- if (fallocate(file_fd, FALLOC_FL_ZERO_RANGE, 0, file_size)) {
+ if (fallocate64(file_fd, FALLOC_FL_ZERO_RANGE, 0, file_size)) {
PLOG(ERROR) << "Failed to allocate space for file: " << file_path << " size: " << file_size;
return false;
}
diff --git a/fs_mgr/libfs_avb/avb_util.cpp b/fs_mgr/libfs_avb/avb_util.cpp
index fa9080e..80fa5c4 100644
--- a/fs_mgr/libfs_avb/avb_util.cpp
+++ b/fs_mgr/libfs_avb/avb_util.cpp
@@ -34,6 +34,19 @@
namespace android {
namespace fs_mgr {
+std::string GetAvbPropertyDescriptor(const std::string& key,
+ const std::vector<VBMetaData>& vbmeta_images) {
+ size_t value_size;
+ for (const auto& vbmeta : vbmeta_images) {
+ const char* value = avb_property_lookup(vbmeta.data(), vbmeta.size(), key.data(),
+ key.size(), &value_size);
+ if (value != nullptr) {
+ return {value, value_size};
+ }
+ }
+ return "";
+}
+
// Constructs dm-verity arguments for sending DM_TABLE_LOAD ioctl to kernel.
// See the following link for more details:
// https://gitlab.com/cryptsetup/cryptsetup/wikis/DMVerity
diff --git a/fs_mgr/libfs_avb/avb_util.h b/fs_mgr/libfs_avb/avb_util.h
index 9babd88..5f413e3 100644
--- a/fs_mgr/libfs_avb/avb_util.h
+++ b/fs_mgr/libfs_avb/avb_util.h
@@ -37,6 +37,9 @@
: partition_name(chain_partition_name), public_key_blob(chain_public_key_blob) {}
};
+std::string GetAvbPropertyDescriptor(const std::string& key,
+ const std::vector<VBMetaData>& vbmeta_images);
+
// AvbHashtreeDescriptor to dm-verity table setup.
std::unique_ptr<FsAvbHashtreeDescriptor> GetHashtreeDescriptor(
const std::string& partition_name, const std::vector<VBMetaData>& vbmeta_images);
diff --git a/fs_mgr/libfs_avb/fs_avb.cpp b/fs_mgr/libfs_avb/fs_avb.cpp
index 938e149..02902f0 100644
--- a/fs_mgr/libfs_avb/fs_avb.cpp
+++ b/fs_mgr/libfs_avb/fs_avb.cpp
@@ -263,6 +263,69 @@
return avb_handle;
}
+AvbUniquePtr AvbHandle::LoadAndVerifyVbmeta(const FstabEntry& fstab_entry) {
+ if (fstab_entry.avb_key.empty()) {
+ LERROR << "avb_key=/path/to/key is missing for " << fstab_entry.mount_point;
+ return nullptr;
+ }
+
+ // Binds allow_verification_error and rollback_protection to device unlock state.
+ bool allow_verification_error = IsDeviceUnlocked();
+ bool rollback_protection = !allow_verification_error;
+
+ std::string expected_key_blob;
+ if (!ReadFileToString(fstab_entry.avb_key, &expected_key_blob)) {
+ if (!allow_verification_error) {
+ LERROR << "Failed to load avb_key: " << fstab_entry.avb_key
+ << " for mount point: " << fstab_entry.mount_point;
+ return nullptr;
+ }
+ LWARNING << "Allowing no expected key blob when verification error is permitted";
+ expected_key_blob.clear();
+ }
+
+ bool verification_disabled = false;
+ VBMetaVerifyResult verify_result = VBMetaVerifyResult::kError;
+ std::unique_ptr<VBMetaData> vbmeta = LoadAndVerifyVbmetaByPath(
+ fstab_entry.blk_device, "" /* partition_name, no need for a standalone path */,
+ expected_key_blob, allow_verification_error, rollback_protection,
+ false /* not is_chained_vbmeta */, nullptr /* out_public_key_data */,
+ &verification_disabled, &verify_result);
+
+ if (!vbmeta) {
+ LERROR << "Failed to load vbmeta: " << fstab_entry.blk_device;
+ return nullptr;
+ }
+
+ AvbUniquePtr avb_handle(new AvbHandle());
+ if (!avb_handle) {
+ LERROR << "Failed to allocate AvbHandle";
+ return nullptr;
+ }
+ avb_handle->vbmeta_images_.emplace_back(std::move(*vbmeta));
+
+ switch (verify_result) {
+ case VBMetaVerifyResult::kSuccess:
+ avb_handle->status_ = AvbHandleStatus::kSuccess;
+ break;
+ case VBMetaVerifyResult::kErrorVerification:
+ avb_handle->status_ = AvbHandleStatus::kVerificationError;
+ break;
+ default:
+ LERROR << "LoadAndVerifyVbmetaByPath failed, result: " << verify_result;
+ return nullptr;
+ }
+
+ if (verification_disabled) {
+ LINFO << "AVB verification disabled on: " << fstab_entry.mount_point;
+ avb_handle->status_ = AvbHandleStatus::kVerificationDisabled;
+ }
+
+ LINFO << "Returning avb_handle for '" << fstab_entry.mount_point
+ << "' with status: " << avb_handle->status_;
+ return avb_handle;
+}
+
AvbUniquePtr AvbHandle::LoadAndVerifyVbmeta() {
// Loads inline vbmeta images, starting from /vbmeta.
return LoadAndVerifyVbmeta("vbmeta", fs_mgr_get_slot_suffix(), fs_mgr_get_other_slot_suffix(),
@@ -358,52 +421,12 @@
AvbHashtreeResult AvbHandle::SetUpStandaloneAvbHashtree(FstabEntry* fstab_entry,
bool wait_for_verity_dev) {
- if (fstab_entry->avb_key.empty()) {
- LERROR << "avb_key=/path/to/key is missing for " << fstab_entry->mount_point;
+ auto avb_handle = LoadAndVerifyVbmeta(*fstab_entry);
+ if (!avb_handle) {
return AvbHashtreeResult::kFail;
}
- // Binds allow_verification_error and rollback_protection to device unlock state.
- bool allow_verification_error = IsDeviceUnlocked();
- bool rollback_protection = !allow_verification_error;
-
- std::string expected_key_blob;
- if (!ReadFileToString(fstab_entry->avb_key, &expected_key_blob)) {
- if (!allow_verification_error) {
- LERROR << "Failed to load avb_key: " << fstab_entry->avb_key
- << " for mount point: " << fstab_entry->mount_point;
- return AvbHashtreeResult::kFail;
- }
- LWARNING << "Allowing no expected key blob when verification error is permitted";
- expected_key_blob.clear();
- }
-
- bool verification_disabled = false;
- std::unique_ptr<VBMetaData> vbmeta = LoadAndVerifyVbmetaByPath(
- fstab_entry->blk_device, "" /* partition_name, no need for a standalone path */,
- expected_key_blob, allow_verification_error, rollback_protection,
- false /* not is_chained_vbmeta */, nullptr /* out_public_key_data */,
- &verification_disabled, nullptr /* out_verify_result */);
-
- if (!vbmeta) {
- LERROR << "Failed to load vbmeta: " << fstab_entry->blk_device;
- return AvbHashtreeResult::kFail;
- }
-
- if (verification_disabled) {
- LINFO << "AVB verification disabled on: " << fstab_entry->mount_point;
- return AvbHashtreeResult::kDisabled;
- }
-
- // Puts the vbmeta into a vector, for LoadAvbHashtreeToEnableVerity() to use.
- std::vector<VBMetaData> vbmeta_images;
- vbmeta_images.emplace_back(std::move(*vbmeta));
- if (!LoadAvbHashtreeToEnableVerity(fstab_entry, wait_for_verity_dev, vbmeta_images,
- fs_mgr_get_slot_suffix(), fs_mgr_get_other_slot_suffix())) {
- return AvbHashtreeResult::kFail;
- }
-
- return AvbHashtreeResult::kSuccess;
+ return avb_handle->SetUpAvbHashtree(fstab_entry, wait_for_verity_dev);
}
AvbHashtreeResult AvbHandle::SetUpAvbHashtree(FstabEntry* fstab_entry, bool wait_for_verity_dev) {
@@ -425,5 +448,19 @@
return AvbHashtreeResult::kSuccess;
}
+std::string AvbHandle::GetSecurityPatchLevel(const FstabEntry& fstab_entry) const {
+ if (vbmeta_images_.size() < 1) {
+ return "";
+ }
+ std::string avb_partition_name = DeriveAvbPartitionName(fstab_entry, fs_mgr_get_slot_suffix(),
+ fs_mgr_get_other_slot_suffix());
+ auto avb_prop_name = "com.android.build." + avb_partition_name + ".security_patch";
+ return GetAvbPropertyDescriptor(avb_prop_name, vbmeta_images_);
+}
+
+bool AvbHandle::IsDeviceUnlocked() {
+ return android::fs_mgr::IsDeviceUnlocked();
+}
+
} // namespace fs_mgr
} // namespace android
diff --git a/fs_mgr/libfs_avb/include/fs_avb/fs_avb.h b/fs_mgr/libfs_avb/include/fs_avb/fs_avb.h
index d026722..7127fa6 100644
--- a/fs_mgr/libfs_avb/include/fs_avb/fs_avb.h
+++ b/fs_mgr/libfs_avb/include/fs_avb/fs_avb.h
@@ -85,6 +85,8 @@
// TODO(bowgotsai): remove Open() and switch to LoadAndVerifyVbmeta().
static AvbUniquePtr Open(); // loads inline vbmeta, via libavb.
static AvbUniquePtr LoadAndVerifyVbmeta(); // loads inline vbmeta.
+ static AvbUniquePtr LoadAndVerifyVbmeta(
+ const FstabEntry& fstab_entry); // loads offline vbmeta.
static AvbUniquePtr LoadAndVerifyVbmeta( // loads offline vbmeta.
const std::string& partition_name, const std::string& ab_suffix,
const std::string& ab_other_suffix, const std::string& expected_public_key,
@@ -108,6 +110,10 @@
static AvbHashtreeResult SetUpStandaloneAvbHashtree(FstabEntry* fstab_entry,
bool wait_for_verity_dev = true);
+ static bool IsDeviceUnlocked();
+
+ std::string GetSecurityPatchLevel(const FstabEntry& fstab_entry) const;
+
const std::string& avb_version() const { return avb_version_; }
const VBMetaInfo& vbmeta_info() const { return vbmeta_info_; }
AvbHandleStatus status() const { return status_; }
diff --git a/fs_mgr/libfs_avb/tests/avb_util_test.cpp b/fs_mgr/libfs_avb/tests/avb_util_test.cpp
index 835410f..e4213b7 100644
--- a/fs_mgr/libfs_avb/tests/avb_util_test.cpp
+++ b/fs_mgr/libfs_avb/tests/avb_util_test.cpp
@@ -30,6 +30,7 @@
using android::fs_mgr::DeriveAvbPartitionName;
using android::fs_mgr::FstabEntry;
using android::fs_mgr::GetAvbFooter;
+using android::fs_mgr::GetAvbPropertyDescriptor;
using android::fs_mgr::GetChainPartitionInfo;
using android::fs_mgr::GetTotalSize;
using android::fs_mgr::LoadAndVerifyVbmetaByPartition;
@@ -268,6 +269,67 @@
EXPECT_EQ(nullptr, footer);
}
+TEST_F(AvbUtilTest, GetAvbPropertyDescriptor_Basic) {
+ // Makes a vbmeta.img with some properties.
+ GenerateVBMetaImage("vbmeta.img", "SHA256_RSA4096", 0, data_dir_.Append("testkey_rsa4096.pem"),
+ {}, /* include_descriptor_image_paths */
+ {}, /* chain_partitions */
+ "--prop foo:android "
+ "--prop bar:treble "
+ "--internal_release_string \"unit test\" ");
+ auto vbmeta = LoadVBMetaData("vbmeta.img");
+
+ // Puts the vbmeta into a vector, for GetAvbPropertyDescriptor to use.
+ std::vector<VBMetaData> vbmeta_images;
+ vbmeta_images.emplace_back(std::move(vbmeta));
+
+ EXPECT_EQ("android", GetAvbPropertyDescriptor("foo", vbmeta_images));
+ EXPECT_EQ("treble", GetAvbPropertyDescriptor("bar", vbmeta_images));
+ EXPECT_EQ("", GetAvbPropertyDescriptor("non-existent", vbmeta_images));
+}
+
+TEST_F(AvbUtilTest, GetAvbPropertyDescriptor_SecurityPatchLevel) {
+ // Generates a raw boot.img
+ const size_t boot_image_size = 5 * 1024 * 1024;
+ const size_t boot_partition_size = 10 * 1024 * 1024;
+ base::FilePath boot_path = GenerateImage("boot.img", boot_image_size);
+ // Adds AVB Hash Footer.
+ AddAvbFooter(boot_path, "hash", "boot", boot_partition_size, "SHA256_RSA2048", 10,
+ data_dir_.Append("testkey_rsa2048.pem"), "d00df00d",
+ "--internal_release_string \"unit test\"");
+
+ // Generates a raw system.img, use a smaller size to speed-up unit test.
+ const size_t system_image_size = 10 * 1024 * 1024;
+ const size_t system_partition_size = 15 * 1024 * 1024;
+ base::FilePath system_path = GenerateImage("system.img", system_image_size);
+ // Adds AVB Hashtree Footer.
+ AddAvbFooter(system_path, "hashtree", "system", system_partition_size, "SHA512_RSA4096", 20,
+ data_dir_.Append("testkey_rsa4096.pem"), "d00df00d",
+ "--prop com.android.build.system.security_patch:2019-04-05 "
+ "--internal_release_string \"unit test\"");
+
+ // Generates chain partition descriptors.
+ base::FilePath rsa4096_public_key =
+ ExtractPublicKeyAvb(data_dir_.Append("testkey_rsa4096.pem"));
+
+ // Makes a vbmeta.img including the 'system' chained descriptor.
+ GenerateVBMetaImage("vbmeta.img", "SHA256_RSA4096", 0, data_dir_.Append("testkey_rsa4096.pem"),
+ {boot_path}, /* include_descriptor_image_paths */
+ {{"system", 3, rsa4096_public_key}}, /* chain_partitions */
+ "--internal_release_string \"unit test\"");
+
+ auto vbmeta = LoadVBMetaData("vbmeta.img");
+ auto system_vbmeta = ExtractAndLoadVBMetaData(system_path, "system-vbmeta.img");
+
+ // Puts the vbmeta into a vector, for GetAvbPropertyDescriptor to use.
+ std::vector<VBMetaData> vbmeta_images;
+ vbmeta_images.emplace_back(std::move(vbmeta));
+ vbmeta_images.emplace_back(std::move(system_vbmeta));
+
+ EXPECT_EQ("2019-04-05",
+ GetAvbPropertyDescriptor("com.android.build.system.security_patch", vbmeta_images));
+}
+
TEST_F(AvbUtilTest, GetVBMetaHeader) {
// Generates a raw boot.img
const size_t image_size = 5 * 1024 * 1024;
diff --git a/fs_mgr/libfs_avb/tests/fs_avb_device_test.cpp b/fs_mgr/libfs_avb/tests/fs_avb_device_test.cpp
index fc4eb5f..4631330 100644
--- a/fs_mgr/libfs_avb/tests/fs_avb_device_test.cpp
+++ b/fs_mgr/libfs_avb/tests/fs_avb_device_test.cpp
@@ -15,6 +15,7 @@
*/
#include <android-base/properties.h>
+#include <fs_avb/fs_avb.h>
#include <fs_avb/fs_avb_util.h>
#include <fstab/fstab.h>
#include <gtest/gtest.h>
@@ -22,6 +23,8 @@
#include <sys/types.h>
#include <unistd.h>
+using android::fs_mgr::AvbHandle;
+using android::fs_mgr::AvbHandleStatus;
using android::fs_mgr::Fstab;
using android::fs_mgr::FstabEntry;
using android::fs_mgr::VBMetaData;
@@ -31,7 +34,7 @@
// system vbmeta might not be at the end of /system when dynamic partition is
// enabled. Therefore, disable it by default.
-TEST(PublicFsAvbDeviceTest, DISABLED_LoadAndVerifyVbmeta_SystemVbmeta) {
+TEST(FsAvbUtilTest, DISABLED_LoadAndVerifyVbmeta_SystemVbmeta) {
Fstab fstab;
EXPECT_TRUE(ReadDefaultFstab(&fstab));
@@ -51,7 +54,7 @@
EXPECT_NE("", out_public_key_data);
}
-TEST(PublicFsAvbDeviceTest, GetHashtreeDescriptor_SystemOther) {
+TEST(FsAvbUtilTest, GetHashtreeDescriptor_SystemOther) {
// Non-A/B device doesn't have system_other partition.
if (fs_mgr_get_slot_suffix() == "") return;
@@ -90,4 +93,55 @@
EXPECT_NE(nullptr, hashtree_desc);
}
+TEST(AvbHandleTest, LoadAndVerifyVbmeta_SystemOther) {
+ // Non-A/B device doesn't have system_other partition.
+ if (fs_mgr_get_slot_suffix() == "") return;
+
+ // Skip running this test if system_other is a logical partition.
+ // Note that system_other is still a physical partition on "retrofit" devices.
+ if (android::base::GetBoolProperty("ro.boot.dynamic_partitions", false) &&
+ !android::base::GetBoolProperty("ro.boot.dynamic_partitions_retrofit", false)) {
+ return;
+ }
+
+ Fstab fstab;
+ EXPECT_TRUE(ReadFstabFromFile("/system/etc/fstab.postinstall", &fstab));
+
+ // It should have two lines in the fstab, the first for logical system_other,
+ // the other for physical system_other.
+ EXPECT_EQ(2UL, fstab.size());
+
+ // Use the 2nd fstab entry, which is for physical system_other partition.
+ FstabEntry* system_other_entry = &fstab[1];
+ // Assign the default key if it's not specified in the fstab.
+ if (system_other_entry->avb_key.empty()) {
+ system_other_entry->avb_key = "/system/etc/security/avb/system_other.avbpubkey";
+ }
+ auto avb_handle = AvbHandle::LoadAndVerifyVbmeta(*system_other_entry);
+ EXPECT_NE(nullptr, avb_handle) << "Failed to load system_other vbmeta. Try 'adb root'?";
+ EXPECT_EQ(AvbHandleStatus::kSuccess, avb_handle->status());
+}
+
+TEST(AvbHandleTest, GetSecurityPatchLevel) {
+ Fstab fstab;
+ EXPECT_TRUE(ReadDefaultFstab(&fstab));
+
+ auto avb_handle = AvbHandle::LoadAndVerifyVbmeta();
+ EXPECT_NE(nullptr, avb_handle) << "Failed to load inline vbmeta. Try 'adb root'?";
+ EXPECT_EQ(AvbHandleStatus::kSuccess, avb_handle->status());
+
+ // Gets security patch level with format: YYYY-MM-DD (e.g., 2019-04-05).
+ FstabEntry* system_entry = GetEntryForMountPoint(&fstab, "/system");
+ EXPECT_NE(nullptr, system_entry);
+ EXPECT_EQ(10UL, avb_handle->GetSecurityPatchLevel(*system_entry).length());
+
+ FstabEntry* vendor_entry = GetEntryForMountPoint(&fstab, "/vendor");
+ EXPECT_NE(nullptr, vendor_entry);
+ EXPECT_EQ(10UL, avb_handle->GetSecurityPatchLevel(*vendor_entry).length());
+
+ FstabEntry* product_entry = GetEntryForMountPoint(&fstab, "/product");
+ EXPECT_NE(nullptr, product_entry);
+ EXPECT_EQ(10UL, avb_handle->GetSecurityPatchLevel(*product_entry).length());
+}
+
} // namespace fs_avb_device_test
diff --git a/fs_mgr/tests/Android.bp b/fs_mgr/tests/Android.bp
index 59af924..19737fe 100644
--- a/fs_mgr/tests/Android.bp
+++ b/fs_mgr/tests/Android.bp
@@ -14,6 +14,7 @@
cc_test {
name: "fs_mgr_unit_test",
+ test_suites: ["device-tests"],
shared_libs: [
"libbase",
@@ -23,9 +24,6 @@
"libfs_mgr",
"libfstab",
],
- data: [
- "data/*",
- ],
srcs: [
"fs_mgr_test.cpp",
],
diff --git a/fs_mgr/tests/adb-remount-test.sh b/fs_mgr/tests/adb-remount-test.sh
index e4ff765..8a1b6d6 100755
--- a/fs_mgr/tests/adb-remount-test.sh
+++ b/fs_mgr/tests/adb-remount-test.sh
@@ -11,13 +11,14 @@
## USAGE
##
-USAGE="USAGE: `basename ${0}` [--help] [--serial <SerialNumber>] [--color]
+USAGE="USAGE: `basename ${0}` [--help] [--serial <SerialNumber>] [options]
adb remount tests
---help This help
---serial Specify device (must if multiple are present)
---color Dress output with highlighting colors
+--help This help
+--serial Specify device (must if multiple are present)
+--color Dress output with highlighting colors
+--print-time Report the test duration
Conditions:
- Must be a userdebug build.
@@ -45,6 +46,8 @@
BLUE="${ESCAPE}[35m"
NORMAL="${ESCAPE}[0m"
TMPDIR=${TMPDIR:-/tmp}
+print_time=false
+start_time=`date +%s`
##
## Helper Functions
@@ -250,11 +253,11 @@
Returns: true if device in root state" ]
adb_root() {
- [ `adb_sh echo '${USER}'` != root ] || return 0
+ [ root != "`adb_sh echo '${USER}' </dev/null`" ] || return 0
adb root >/dev/null </dev/null 2>/dev/null
sleep 2
adb_wait 2m &&
- [ `adb_sh echo '${USER}'` = root ]
+ [ root = "`adb_sh echo '${USER}' </dev/null`" ]
}
[ "USAGE: adb_unroot
@@ -263,11 +266,11 @@
Returns: true if device in un root state" ]
adb_unroot() {
- [ `adb_sh echo '${USER}'` = root ] || return 0
+ [ root = "`adb_sh echo '${USER}' </dev/null`" ] || return 0
adb unroot >/dev/null </dev/null 2>/dev/null
sleep 2
adb_wait 2m &&
- [ `adb_sh echo '${USER}'` != root ]
+ [ root != "`adb_sh echo '${USER}' </dev/null`" ]
}
[ "USAGE: fastboot_getvar var expected
@@ -312,6 +315,21 @@
true
}
+[ "USAGE: test_duration >/dev/stderr
+
+Prints the duration of the test
+
+Returns: reports duration" ]
+test_duration() {
+ if ${print_time}; then
+ echo "${BLUE}[ INFO ]${NORMAL} end `date`"
+ [ -n "${start_time}" ] || return
+ end_time=`date +%s`
+ diff_time=`expr ${end_time} - ${start_time}`
+ echo "${BLUE}[ INFO ]${NORMAL} duration `format_duration ${diff_time}`"
+ fi >&2
+}
+
[ "USAGE: die [-d|-t <epoch>] [message] >/dev/stderr
If -d, or -t <epoch> argument is supplied, dump logcat.
@@ -332,6 +350,7 @@
echo "${RED}[ FAILED ]${NORMAL} ${@}" >&2
cleanup
restore
+ test_duration
exit 1
}
@@ -424,7 +443,10 @@
## MAINLINE
##
-OPTIONS=`getopt --alternative --unquoted --longoptions help,serial:,colour,color,no-colour,no-color -- "?hs:" ${*}` ||
+OPTIONS=`getopt --alternative --unquoted \
+ --longoptions help,serial:,colour,color,no-colour,no-color \
+ --longoptions gtest_print_time,print-time \
+ -- "?hs:" ${*}` ||
( echo "${USAGE}" >&2 ; false ) ||
die "getopt failure"
set -- ${OPTIONS}
@@ -446,6 +468,9 @@
--no-color | --no-colour)
color=false
;;
+ --print-time | --gtest_print_time)
+ print_time=true
+ ;;
--)
shift
break
@@ -468,6 +493,10 @@
NORMAL=""
fi
+if ${print_time}; then
+ echo "${BLUE}[ INFO ]${NORMAL}" start `date` >&2
+fi
+
inFastboot && die "device in fastboot mode"
if ! inAdb; then
echo "${ORANGE}[ WARNING ]${NORMAL} device not in adb mode"
@@ -525,12 +554,12 @@
"2" = "`get_property partition.system.verified`" ]; then
restore() {
${overlayfs_supported} || return 0
- echo "${GREEN}[ INFO ]${NORMAL} restoring verity" >&2
inFastboot &&
fastboot reboot &&
adb_wait 2m
- adb_root &&
- adb enable-verity &&
+ inAdb &&
+ adb_root &&
+ adb enable-verity >/dev/null 2>/dev/null &&
adb_reboot &&
adb_wait 2m
}
@@ -609,7 +638,7 @@
D=`echo "${D}" | cut -s -d' ' -f1 | sort -u`
no_dedupe=true
for d in ${D}; do
- adb_sh tune2fs -l $d 2>&1 |
+ adb_sh tune2fs -l $d </dev/null 2>&1 |
grep "Filesystem features:.*shared_blocks" >/dev/null &&
no_dedupe=false
done
@@ -758,7 +787,7 @@
D=`echo "${D}" | cut -s -d' ' -f1 | sort -u`
bad_rw=false
for d in ${D}; do
- if adb_sh tune2fs -l $d 2>&1 |
+ if adb_sh tune2fs -l $d </dev/null 2>&1 |
grep "Filesystem features:.*shared_blocks" >/dev/null; then
bad_rw=true
else
@@ -1047,20 +1076,24 @@
adb_reboot &&
adb_wait 2m ||
die "lost device after reboot to ro state `usb_status`"
-adb_sh grep " /vendor .* rw," /proc/mounts >/dev/null &&
+adb_sh grep " /vendor .* rw," /proc/mounts >/dev/null </dev/null &&
die "/vendor is not read-only"
-adb_su mount -o rw,remount /vendor ||
+adb_su mount -o rw,remount /vendor </dev/null ||
die "remount command"
-adb_sh grep " /vendor .* rw," /proc/mounts >/dev/null ||
+adb_sh grep " /vendor .* rw," /proc/mounts >/dev/null </dev/null ||
die "/vendor is not read-write"
echo "${GREEN}[ OK ]${NORMAL} mount -o rw,remount command works" >&2
restore
err=${?}
+
restore() {
true
}
+
[ ${err} = 0 ] ||
die "failed to restore verity" >&2
echo "${GREEN}[ PASSED ]${NORMAL} adb remount" >&2
+
+test_duration
diff --git a/fs_mgr/tests/data/fstab.example b/fs_mgr/tests/data/fstab.example
deleted file mode 100644
index aebce32..0000000
--- a/fs_mgr/tests/data/fstab.example
+++ /dev/null
@@ -1,15 +0,0 @@
-# Android fstab file.
-
-#<src> <mnt_point> <type> <mnt_flags and options> <fs_mgr_flags>
-
-/dev/block/bootdevice/by-name/system / ext4 ro,barrier=1 wait,slotselect,avb
-/dev/block/bootdevice/by-name/metadata /metadata ext4 noatime,nosuid,nodev,discard wait,formattable
-/dev/block/bootdevice/by-name/userdata /data f2fs noatime,nosuid,nodev,discard,reserve_root=32768,resgid=1065,fsync_mode=nobarrier latemount,wait,check,fileencryption=ice,keydirectory=/metadata/vold/metadata_encryption,quota,formattable,sysfs_path=/sys/devices/platform/soc/1d84000.ufshc,reservedsize=128M
-/dev/block/bootdevice/by-name/misc /misc emmc defaults defaults
-/dev/block/bootdevice/by-name/modem /vendor/firmware_mnt vfat ro,shortname=lower,uid=1000,gid=1000,dmask=227,fmask=337,context=u:object_r:firmware_file:s0 wait,slotselect
-/devices/platform/soc/a600000.ssusb/a600000.dwc3* auto vfat defaults voldmanaged=usb:auto
-/dev/block/zram0 none swap defaults zramsize=1073741824,max_comp_streams=8
-/dev/block/zram0 none2 swap nodiratime,remount,bind zramsize=1073741824,max_comp_streams=8
-/dev/block/zram0 none3 swap unbindable,private,slave zramsize=1073741824,max_comp_streams=8
-/dev/block/zram0 none4 swap noexec,shared,rec zramsize=1073741824,max_comp_streams=8
-/dev/block/zram0 none5 swap rw zramsize=1073741824,max_comp_streams=8
diff --git a/fs_mgr/tests/fs_mgr_test.cpp b/fs_mgr/tests/fs_mgr_test.cpp
index 1815a38..6afc8d2 100644
--- a/fs_mgr/tests/fs_mgr_test.cpp
+++ b/fs_mgr/tests/fs_mgr_test.cpp
@@ -203,10 +203,32 @@
EXPECT_EQ(i, fstab.size());
}
-TEST(fs_mgr, ReadFstabFromFile_MountOptions) {
+// TODO(124837435): enable it later when it can pass TreeHugger.
+TEST(fs_mgr, DISABLED_ReadFstabFromFile_MountOptions) {
+ TemporaryFile tf;
+ ASSERT_TRUE(tf.fd != -1);
+ std::string fstab_contents = R"fs(
+source / ext4 ro,barrier=1 wait,slotselect,avb
+source /metadata ext4 noatime,nosuid,nodev,discard wait,formattable
+
+source /data f2fs noatime,nosuid,nodev,discard,reserve_root=32768,resgid=1065,fsync_mode=nobarrier latemount,wait,check,fileencryption=ice,keydirectory=/metadata/vold/metadata_encryption,quota,formattable,sysfs_path=/sys/devices/platform/soc/1d84000.ufshc,reservedsize=128M
+
+source /misc emmc defaults defaults
+
+source /vendor/firmware_mnt vfat ro,shortname=lower,uid=1000,gid=1000,dmask=227,fmask=337,context=u:object_r:firmware_file:s0 wait,slotselect
+
+source auto vfat defaults voldmanaged=usb:auto
+source none swap defaults zramsize=1073741824,max_comp_streams=8
+source none2 swap nodiratime,remount,bind zramsize=1073741824,max_comp_streams=8
+source none3 swap unbindable,private,slave zramsize=1073741824,max_comp_streams=8
+source none4 swap noexec,shared,rec zramsize=1073741824,max_comp_streams=8
+source none5 swap rw zramsize=1073741824,max_comp_streams=8
+)fs";
+ ASSERT_TRUE(android::base::WriteStringToFile(fstab_contents, tf.path));
+
Fstab fstab;
- std::string fstab_file = android::base::GetExecutableDirectory() + "/data/fstab.example";
- EXPECT_TRUE(ReadFstabFromFile(fstab_file, &fstab));
+ EXPECT_TRUE(ReadFstabFromFile(tf.path, &fstab));
+ ASSERT_EQ(11U, fstab.size());
EXPECT_EQ("/", fstab[0].mount_point);
EXPECT_EQ(static_cast<unsigned long>(MS_RDONLY), fstab[0].flags);
@@ -286,7 +308,8 @@
// clang-format on
}
-TEST(fs_mgr, ReadFstabFromFile_FsMgrFlags) {
+// TODO(124837435): enable it later when it can pass TreeHugger.
+TEST(fs_mgr, DISABLED_ReadFstabFromFile_FsMgrFlags) {
TemporaryFile tf;
ASSERT_TRUE(tf.fd != -1);
std::string fstab_contents = R"fs(
@@ -297,7 +320,7 @@
source none4 swap defaults checkpoint=fs
source none5 swap defaults defaults
)fs";
- ASSERT_TRUE(android::base::WriteStringToFd(fstab_contents, tf.fd));
+ ASSERT_TRUE(android::base::WriteStringToFile(fstab_contents, tf.path));
Fstab fstab;
EXPECT_TRUE(ReadFstabFromFile(tf.path, &fstab));
@@ -376,7 +399,7 @@
source none2 swap defaults forcefdeorfbe=
)fs";
- ASSERT_TRUE(android::base::WriteStringToFd(fstab_contents, tf.fd));
+ ASSERT_TRUE(android::base::WriteStringToFile(fstab_contents, tf.path));
Fstab fstab;
EXPECT_TRUE(ReadFstabFromFile(tf.path, &fstab));
@@ -456,7 +479,7 @@
std::string fstab_contents = R"fs(
source none0 swap defaults encryptable=/dir/key
)fs";
- ASSERT_TRUE(android::base::WriteStringToFd(fstab_contents, tf.fd));
+ ASSERT_TRUE(android::base::WriteStringToFile(fstab_contents, tf.path));
Fstab fstab;
EXPECT_TRUE(ReadFstabFromFile(tf.path, &fstab));
@@ -480,7 +503,7 @@
source none2 swap defaults voldmanaged=sdcard:3
source none3 swap defaults voldmanaged=sdcard:auto
)fs";
- ASSERT_TRUE(android::base::WriteStringToFd(fstab_contents, tf.fd));
+ ASSERT_TRUE(android::base::WriteStringToFile(fstab_contents, tf.path));
Fstab fstab;
EXPECT_TRUE(ReadFstabFromFile(tf.path, &fstab));
@@ -521,7 +544,7 @@
source none0 swap defaults length=blah
source none1 swap defaults length=123456
)fs";
- ASSERT_TRUE(android::base::WriteStringToFd(fstab_contents, tf.fd));
+ ASSERT_TRUE(android::base::WriteStringToFile(fstab_contents, tf.path));
Fstab fstab;
EXPECT_TRUE(ReadFstabFromFile(tf.path, &fstab));
@@ -547,7 +570,7 @@
source none0 swap defaults swapprio=blah
source none1 swap defaults swapprio=123456
)fs";
- ASSERT_TRUE(android::base::WriteStringToFd(fstab_contents, tf.fd));
+ ASSERT_TRUE(android::base::WriteStringToFile(fstab_contents, tf.path));
Fstab fstab;
EXPECT_TRUE(ReadFstabFromFile(tf.path, &fstab));
@@ -577,7 +600,7 @@
source none4 swap defaults zramsize=105%
source none5 swap defaults zramsize=%
)fs";
- ASSERT_TRUE(android::base::WriteStringToFd(fstab_contents, tf.fd));
+ ASSERT_TRUE(android::base::WriteStringToFile(fstab_contents, tf.path));
Fstab fstab;
EXPECT_TRUE(ReadFstabFromFile(tf.path, &fstab));
@@ -623,7 +646,7 @@
source none0 swap defaults verify=/dir/key
)fs";
- ASSERT_TRUE(android::base::WriteStringToFd(fstab_contents, tf.fd));
+ ASSERT_TRUE(android::base::WriteStringToFile(fstab_contents, tf.path));
Fstab fstab;
EXPECT_TRUE(ReadFstabFromFile(tf.path, &fstab));
@@ -646,7 +669,7 @@
source none0 swap defaults forceencrypt=/dir/key
)fs";
- ASSERT_TRUE(android::base::WriteStringToFd(fstab_contents, tf.fd));
+ ASSERT_TRUE(android::base::WriteStringToFile(fstab_contents, tf.path));
Fstab fstab;
EXPECT_TRUE(ReadFstabFromFile(tf.path, &fstab));
@@ -669,7 +692,7 @@
source none0 swap defaults forcefdeorfbe=/dir/key
)fs";
- ASSERT_TRUE(android::base::WriteStringToFd(fstab_contents, tf.fd));
+ ASSERT_TRUE(android::base::WriteStringToFile(fstab_contents, tf.path));
Fstab fstab;
EXPECT_TRUE(ReadFstabFromFile(tf.path, &fstab));
@@ -704,7 +727,7 @@
source none10 swap defaults fileencryption=ice:adiantum:
)fs";
- ASSERT_TRUE(android::base::WriteStringToFd(fstab_contents, tf.fd));
+ ASSERT_TRUE(android::base::WriteStringToFile(fstab_contents, tf.path));
Fstab fstab;
EXPECT_TRUE(ReadFstabFromFile(tf.path, &fstab));
@@ -787,7 +810,7 @@
source none0 swap defaults max_comp_streams=blah
source none1 swap defaults max_comp_streams=123456
)fs";
- ASSERT_TRUE(android::base::WriteStringToFd(fstab_contents, tf.fd));
+ ASSERT_TRUE(android::base::WriteStringToFile(fstab_contents, tf.path));
Fstab fstab;
EXPECT_TRUE(ReadFstabFromFile(tf.path, &fstab));
@@ -815,7 +838,7 @@
source none2 swap defaults reservedsize=1K
source none3 swap defaults reservedsize=2m
)fs";
- ASSERT_TRUE(android::base::WriteStringToFd(fstab_contents, tf.fd));
+ ASSERT_TRUE(android::base::WriteStringToFile(fstab_contents, tf.path));
Fstab fstab;
EXPECT_TRUE(ReadFstabFromFile(tf.path, &fstab));
@@ -853,7 +876,7 @@
source none2 swap defaults eraseblk=5000
source none3 swap defaults eraseblk=8192
)fs";
- ASSERT_TRUE(android::base::WriteStringToFd(fstab_contents, tf.fd));
+ ASSERT_TRUE(android::base::WriteStringToFile(fstab_contents, tf.path));
Fstab fstab;
EXPECT_TRUE(ReadFstabFromFile(tf.path, &fstab));
@@ -891,7 +914,7 @@
source none2 swap defaults logicalblk=5000
source none3 swap defaults logicalblk=8192
)fs";
- ASSERT_TRUE(android::base::WriteStringToFd(fstab_contents, tf.fd));
+ ASSERT_TRUE(android::base::WriteStringToFile(fstab_contents, tf.path));
Fstab fstab;
EXPECT_TRUE(ReadFstabFromFile(tf.path, &fstab));
@@ -927,7 +950,7 @@
source none0 swap defaults avb=vbmeta_partition
)fs";
- ASSERT_TRUE(android::base::WriteStringToFd(fstab_contents, tf.fd));
+ ASSERT_TRUE(android::base::WriteStringToFile(fstab_contents, tf.path));
Fstab fstab;
EXPECT_TRUE(ReadFstabFromFile(tf.path, &fstab));
@@ -950,7 +973,7 @@
source none0 swap defaults keydirectory=/dir/key
)fs";
- ASSERT_TRUE(android::base::WriteStringToFd(fstab_contents, tf.fd));
+ ASSERT_TRUE(android::base::WriteStringToFile(fstab_contents, tf.path));
Fstab fstab;
EXPECT_TRUE(ReadFstabFromFile(tf.path, &fstab));
@@ -972,7 +995,7 @@
source none0 swap defaults sysfs_path=/sys/device
)fs";
- ASSERT_TRUE(android::base::WriteStringToFd(fstab_contents, tf.fd));
+ ASSERT_TRUE(android::base::WriteStringToFile(fstab_contents, tf.path));
Fstab fstab;
EXPECT_TRUE(ReadFstabFromFile(tf.path, &fstab));
@@ -1002,7 +1025,7 @@
)fs";
- ASSERT_TRUE(android::base::WriteStringToFd(fstab_contents, tf.fd));
+ ASSERT_TRUE(android::base::WriteStringToFile(fstab_contents, tf.path));
Fstab fstab;
EXPECT_TRUE(ReadFstabFromFile(tf.path, &fstab));
diff --git a/init/first_stage_mount.cpp b/init/first_stage_mount.cpp
index 898e28e..6e55c11a 100644
--- a/init/first_stage_mount.cpp
+++ b/init/first_stage_mount.cpp
@@ -189,6 +189,29 @@
return true;
}
+static bool IsStandaloneImageRollback(const AvbHandle& builtin_vbmeta,
+ const AvbHandle& standalone_vbmeta,
+ const FstabEntry& fstab_entry) {
+ std::string old_spl = builtin_vbmeta.GetSecurityPatchLevel(fstab_entry);
+ std::string new_spl = standalone_vbmeta.GetSecurityPatchLevel(fstab_entry);
+
+ bool rollbacked = false;
+ if (old_spl.empty() || new_spl.empty() || new_spl < old_spl) {
+ rollbacked = true;
+ }
+
+ if (rollbacked) {
+ LOG(ERROR) << "Image rollback detected for " << fstab_entry.mount_point
+ << ", SPL switches from '" << old_spl << "' to '" << new_spl << "'";
+ if (AvbHandle::IsDeviceUnlocked()) {
+ LOG(INFO) << "Allowing rollbacked standalone image when the device is unlocked";
+ return false;
+ }
+ }
+
+ return rollbacked;
+}
+
// Class Definitions
// -----------------
FirstStageMount::FirstStageMount(Fstab fstab)
@@ -746,7 +769,15 @@
<< fstab_entry->mount_point;
return true; // Returns true to mount the partition directly.
} else {
- hashtree_result = AvbHandle::SetUpStandaloneAvbHashtree(
+ auto avb_standalone_handle = AvbHandle::LoadAndVerifyVbmeta(*fstab_entry);
+ if (!avb_standalone_handle) {
+ LOG(ERROR) << "Failed to load offline vbmeta for " << fstab_entry->mount_point;
+ return false;
+ }
+ if (IsStandaloneImageRollback(*avb_handle_, *avb_standalone_handle, *fstab_entry)) {
+ return false;
+ }
+ hashtree_result = avb_standalone_handle->SetUpAvbHashtree(
fstab_entry, false /* wait_for_verity_dev */);
}
} else {
diff --git a/init/init.cpp b/init/init.cpp
index a8924f2..bbef1a9 100644
--- a/init/init.cpp
+++ b/init/init.cpp
@@ -42,6 +42,7 @@
#include <fs_mgr_vendor_overlay.h>
#include <keyutils.h>
#include <libavb/libavb.h>
+#include <libgsi/libgsi.h>
#include <processgroup/processgroup.h>
#include <selinux/android.h>
@@ -695,6 +696,13 @@
// Nexus 9 boot time, so it's disabled by default.
if (false) DumpState();
+ // Make the GSI status available before scripts start running.
+ if (android::gsi::IsGsiRunning()) {
+ property_set("ro.gsid.image_running", "1");
+ } else {
+ property_set("ro.gsid.image_running", "0");
+ }
+
am.QueueBuiltinAction(SetupCgroupsAction, "SetupCgroups");
am.QueueEventTrigger("early-init");
diff --git a/init/property_service.cpp b/init/property_service.cpp
index 46e5e12..4bc857a 100644
--- a/init/property_service.cpp
+++ b/init/property_service.cpp
@@ -39,6 +39,7 @@
#define _REALLY_INCLUDE_SYS__SYSTEM_PROPERTIES_H_
#include <sys/_system_properties.h>
+#include <map>
#include <memory>
#include <queue>
#include <vector>
@@ -442,8 +443,8 @@
}
// This returns one of the enum of PROP_SUCCESS or PROP_ERROR*.
-uint32_t HandlePropertySet(const std::string& name, const std::string& value,
- const std::string& source_context, const ucred& cr, std::string* error) {
+uint32_t CheckPermissions(const std::string& name, const std::string& value,
+ const std::string& source_context, const ucred& cr, std::string* error) {
if (!IsLegalPropertyName(name)) {
*error = "Illegal property name";
return PROP_ERROR_INVALID_NAME;
@@ -456,7 +457,6 @@
return PROP_ERROR_HANDLE_CONTROL_MESSAGE;
}
- HandleControlMessage(name.c_str() + 4, value, cr.pid);
return PROP_SUCCESS;
}
@@ -475,6 +475,21 @@
return PROP_ERROR_INVALID_VALUE;
}
+ return PROP_SUCCESS;
+}
+
+// This returns one of the enum of PROP_SUCCESS or PROP_ERROR*.
+uint32_t HandlePropertySet(const std::string& name, const std::string& value,
+ const std::string& source_context, const ucred& cr, std::string* error) {
+ if (auto ret = CheckPermissions(name, value, source_context, cr, error); ret != PROP_SUCCESS) {
+ return ret;
+ }
+
+ if (StartsWith(name, "ctl.")) {
+ HandleControlMessage(name.c_str() + 4, value, cr.pid);
+ return PROP_SUCCESS;
+ }
+
// sys.powerctl is a special property that is used to make the device reboot. We want to log
// any process that sets this property to be able to accurately blame the cause of a shutdown.
if (name == "sys.powerctl") {
@@ -579,13 +594,15 @@
}
}
-static bool load_properties_from_file(const char *, const char *);
+static bool load_properties_from_file(const char*, const char*,
+ std::map<std::string, std::string>*);
/*
* Filter is used to decide which properties to load: NULL loads all keys,
* "ro.foo.*" is a prefix match, and "ro.foo.bar" is an exact match.
*/
-static void LoadProperties(char* data, const char* filter, const char* filename) {
+static void LoadProperties(char* data, const char* filter, const char* filename,
+ std::map<std::string, std::string>* properties) {
char *key, *value, *eol, *sol, *tmp, *fn;
size_t flen = 0;
@@ -624,7 +641,7 @@
while (isspace(*key)) key++;
}
- load_properties_from_file(fn, key);
+ load_properties_from_file(fn, key, properties);
} else {
value = strchr(key, '=');
@@ -651,12 +668,19 @@
continue;
}
- uint32_t result = 0;
ucred cr = {.pid = 1, .uid = 0, .gid = 0};
std::string error;
- result = HandlePropertySet(key, value, context, cr, &error);
- if (result != PROP_SUCCESS) {
- LOG(ERROR) << "Unable to set property '" << key << "' to '" << value
+ if (CheckPermissions(key, value, context, cr, &error) == PROP_SUCCESS) {
+ auto it = properties->find(key);
+ if (it == properties->end()) {
+ (*properties)[key] = value;
+ } else if (it->second != value) {
+ LOG(WARNING) << "Overriding previous 'ro.' property '" << key << "':'"
+ << it->second << "' with new value '" << value << "'";
+ it->second = value;
+ }
+ } else {
+ LOG(ERROR) << "Do not have permissions to set '" << key << "' to '" << value
<< "' in property file '" << filename << "': " << error;
}
}
@@ -665,7 +689,8 @@
// Filter is used to decide which properties to load: NULL loads all keys,
// "ro.foo.*" is a prefix match, and "ro.foo.bar" is an exact match.
-static bool load_properties_from_file(const char* filename, const char* filter) {
+static bool load_properties_from_file(const char* filename, const char* filter,
+ std::map<std::string, std::string>* properties) {
Timer t;
auto file_contents = ReadFile(filename);
if (!file_contents) {
@@ -675,7 +700,7 @@
}
file_contents->push_back('\n');
- LoadProperties(file_contents->data(), filter, filename);
+ LoadProperties(file_contents->data(), filter, filename, properties);
LOG(VERBOSE) << "(Loading properties from " << filename << " took " << t << ".)";
return true;
}
@@ -698,7 +723,15 @@
static void load_override_properties() {
if (ALLOW_LOCAL_PROP_OVERRIDE) {
- load_properties_from_file("/data/local.prop", NULL);
+ std::map<std::string, std::string> properties;
+ load_properties_from_file("/data/local.prop", nullptr, &properties);
+ for (const auto& [name, value] : properties) {
+ std::string error;
+ if (PropertySet(name, value, &error) != PROP_SUCCESS) {
+ LOG(ERROR) << "Could not set '" << name << "' to '" << value
+ << "' in /data/local.prop: " << error;
+ }
+ }
}
}
@@ -835,24 +868,33 @@
void property_load_boot_defaults() {
// TODO(b/117892318): merge prop.default and build.prop files into one
- // TODO(b/122864654): read the prop files from all partitions and then
- // resolve the duplication by their origin so that RO and non-RO properties
- // have a consistent overriding order.
- if (!load_properties_from_file("/system/etc/prop.default", NULL)) {
+ // We read the properties and their values into a map, in order to always allow properties
+ // loaded in the later property files to override the properties in loaded in the earlier
+ // property files, regardless of if they are "ro." properties or not.
+ std::map<std::string, std::string> properties;
+ if (!load_properties_from_file("/system/etc/prop.default", nullptr, &properties)) {
// Try recovery path
- if (!load_properties_from_file("/prop.default", NULL)) {
+ if (!load_properties_from_file("/prop.default", nullptr, &properties)) {
// Try legacy path
- load_properties_from_file("/default.prop", NULL);
+ load_properties_from_file("/default.prop", nullptr, &properties);
}
}
- load_properties_from_file("/product/build.prop", NULL);
- load_properties_from_file("/product_services/build.prop", NULL);
- load_properties_from_file("/odm/default.prop", NULL);
- load_properties_from_file("/vendor/default.prop", NULL);
- load_properties_from_file("/system/build.prop", NULL);
- load_properties_from_file("/odm/build.prop", NULL);
- load_properties_from_file("/vendor/build.prop", NULL);
- load_properties_from_file("/factory/factory.prop", "ro.*");
+ load_properties_from_file("/system/build.prop", nullptr, &properties);
+ load_properties_from_file("/vendor/default.prop", nullptr, &properties);
+ load_properties_from_file("/vendor/build.prop", nullptr, &properties);
+ load_properties_from_file("/odm/default.prop", nullptr, &properties);
+ load_properties_from_file("/odm/build.prop", nullptr, &properties);
+ load_properties_from_file("/product/build.prop", nullptr, &properties);
+ load_properties_from_file("/product_services/build.prop", nullptr, &properties);
+ load_properties_from_file("/factory/factory.prop", "ro.*", &properties);
+
+ for (const auto& [name, value] : properties) {
+ std::string error;
+ if (PropertySet(name, value, &error) != PROP_SUCCESS) {
+ LOG(ERROR) << "Could not set '" << name << "' to '" << value
+ << "' while loading .prop files" << error;
+ }
+ }
property_initialize_ro_product_props();
property_derive_build_fingerprint();
@@ -908,6 +950,13 @@
LoadPropertyInfoFromFile("/vendor/etc/selinux/nonplat_property_contexts",
&property_infos);
}
+ if (access("/product/etc/selinux/product_property_contexts", R_OK) != -1) {
+ LoadPropertyInfoFromFile("/product/etc/selinux/product_property_contexts",
+ &property_infos);
+ }
+ if (access("/odm/etc/selinux/odm_property_contexts", R_OK) != -1) {
+ LoadPropertyInfoFromFile("/odm/etc/selinux/odm_property_contexts", &property_infos);
+ }
} else {
if (!LoadPropertyInfoFromFile("/plat_property_contexts", &property_infos)) {
return;
@@ -916,6 +965,8 @@
// Fallback to nonplat_* if vendor_* doesn't exist.
LoadPropertyInfoFromFile("/nonplat_property_contexts", &property_infos);
}
+ LoadPropertyInfoFromFile("/product_property_contexts", &property_infos);
+ LoadPropertyInfoFromFile("/odm_property_contexts", &property_infos);
}
auto serialized_contexts = std::string();
diff --git a/libcutils/trace-dev.inc b/libcutils/trace-dev.inc
index c9580af..e3da77b 100644
--- a/libcutils/trace-dev.inc
+++ b/libcutils/trace-dev.inc
@@ -80,7 +80,7 @@
// Determine whether application-level tracing is enabled for this process.
static bool atrace_is_app_tracing_enabled()
{
- bool sys_debuggable = __android_log_is_debuggable();
+ bool sys_debuggable = property_get_bool("ro.debuggable", 0);
bool result = false;
if (sys_debuggable || atrace_is_debuggable) {
diff --git a/liblog/Android.bp b/liblog/Android.bp
index ea9977b..9b41ebe 100644
--- a/liblog/Android.bp
+++ b/liblog/Android.bp
@@ -101,6 +101,11 @@
header_libs: ["liblog_headers"],
export_header_lib_headers: ["liblog_headers"],
+ stubs: {
+ symbol_file: "liblog.map.txt",
+ versions: ["10000"],
+ },
+
cflags: [
"-Werror",
// This is what we want to do:
diff --git a/liblog/liblog.map.txt b/liblog/liblog.map.txt
index 191ef1b..ce4c53c 100644
--- a/liblog/liblog.map.txt
+++ b/liblog/liblog.map.txt
@@ -19,12 +19,12 @@
android_logger_get_log_readable_size; # vndk
android_logger_get_log_version; # vndk
android_logger_get_log_size; # vndk
- android_logger_list_alloc; # vndk
- android_logger_list_alloc_time; # vndk
- android_logger_list_free; # vndk
+ android_logger_list_alloc; # apex vndk
+ android_logger_list_alloc_time; # apex vndk
+ android_logger_list_free; # apex vndk
android_logger_list_open; # vndk
- android_logger_list_read; # vndk
- android_logger_open; # vndk
+ android_logger_list_read; # apex vndk
+ android_logger_open; # apex vndk
android_logger_set_log_size; # vndk
};
@@ -33,18 +33,18 @@
android_logger_get_prune_list; # vndk
android_logger_set_prune_list; # vndk
android_logger_get_statistics; # vndk
- __android_log_error_write; # vndk
+ __android_log_error_write; # apex vndk
__android_log_is_loggable;
- create_android_logger; #vndk
- android_log_destroy; #vndk
- android_log_write_list_begin; #vndk
- android_log_write_list_end; #vndk
- android_log_write_int32; #vndk
- android_log_write_int64; #vndk
- android_log_write_string8; #vndk
- android_log_write_string8_len; #vndk
- android_log_write_float32; #vndk
- android_log_write_list; #vndk
+ create_android_logger; # apex vndk
+ android_log_destroy; # apex vndk
+ android_log_write_list_begin; # apex vndk
+ android_log_write_list_end; # apex vndk
+ android_log_write_int32; # apex vndk
+ android_log_write_int64; # apex vndk
+ android_log_write_string8; # apex vndk
+ android_log_write_string8_len; # apex vndk
+ android_log_write_float32; # apex vndk
+ android_log_write_list; # apex vndk
};
@@ -56,19 +56,19 @@
LIBLOG_Q {
global:
+ __android_log_bswrite; # apex
+ __android_log_btwrite; # apex
+ __android_log_bwrite; # apex
+ __android_log_close; # apex
+ __android_log_security; # apex
android_log_reset; #vndk
android_log_parser_reset; #vndk
};
LIBLOG_PRIVATE {
global:
- __android_log_bswrite;
- __android_log_btwrite;
- __android_log_bwrite;
- __android_log_close;
__android_log_pmsg_file_read;
__android_log_pmsg_file_write;
- __android_log_security;
__android_log_security_bswrite;
__android_logger_get_buffer_size;
__android_logger_property_get_bool;
diff --git a/libnativeloader/Android.bp b/libnativeloader/Android.bp
index b806ae4..b9f0dbf 100644
--- a/libnativeloader/Android.bp
+++ b/libnativeloader/Android.bp
@@ -21,7 +21,6 @@
shared_libs: [
"libnativehelper",
"liblog",
- "libcutils",
"libnativebridge",
"libbase",
],
diff --git a/libnativeloader/native_loader.cpp b/libnativeloader/native_loader.cpp
index 09998f0..043f038 100644
--- a/libnativeloader/native_loader.cpp
+++ b/libnativeloader/native_loader.cpp
@@ -21,7 +21,6 @@
#ifdef __ANDROID__
#define LOG_TAG "libnativeloader"
#include "nativeloader/dlext_namespaces.h"
-#include "cutils/properties.h"
#include "log/log.h"
#endif
#include <dirent.h>
@@ -116,6 +115,8 @@
static constexpr const char* kVndkNamespaceName = "vndk";
+static constexpr const char* kDefaultNamespaceName = "default";
+static constexpr const char* kPlatformNamespaceName = "platform";
static constexpr const char* kRuntimeNamespaceName = "runtime";
// classloader-namespace is a linker namespace that is created for the loaded
@@ -144,9 +145,11 @@
#endif
static bool is_debuggable() {
- char debuggable[PROP_VALUE_MAX];
- property_get("ro.debuggable", debuggable, "0");
- return std::string(debuggable) == "1";
+ bool debuggable = false;
+#ifdef __BIONIC__
+ debuggable = android::base::GetBoolProperty("ro.debuggable", false);
+#endif
+ return debuggable;
}
static std::string vndk_version_str() {
@@ -271,8 +274,19 @@
NativeLoaderNamespace native_loader_ns;
if (!is_native_bridge) {
- android_namespace_t* android_parent_ns =
- parent_ns == nullptr ? nullptr : parent_ns->get_android_ns();
+ android_namespace_t* android_parent_ns;
+ if (parent_ns != nullptr) {
+ android_parent_ns = parent_ns->get_android_ns();
+ } else {
+ // Fall back to the platform namespace if no parent is found. It is
+ // called "default" for binaries in /system and "platform" for those in
+ // the Runtime APEX. Try "platform" first since "default" always exists.
+ android_parent_ns = android_get_exported_namespace(kPlatformNamespaceName);
+ if (android_parent_ns == nullptr) {
+ android_parent_ns = android_get_exported_namespace(kDefaultNamespaceName);
+ }
+ }
+
android_namespace_t* ns = android_create_namespace(namespace_name,
nullptr,
library_path.c_str(),
@@ -321,8 +335,16 @@
native_loader_ns = NativeLoaderNamespace(ns);
} else {
- native_bridge_namespace_t* native_bridge_parent_namespace =
- parent_ns == nullptr ? nullptr : parent_ns->get_native_bridge_ns();
+ native_bridge_namespace_t* native_bridge_parent_namespace;
+ if (parent_ns != nullptr) {
+ native_bridge_parent_namespace = parent_ns->get_native_bridge_ns();
+ } else {
+ native_bridge_parent_namespace = NativeBridgeGetExportedNamespace(kPlatformNamespaceName);
+ if (native_bridge_parent_namespace == nullptr) {
+ native_bridge_parent_namespace = NativeBridgeGetExportedNamespace(kDefaultNamespaceName);
+ }
+ }
+
native_bridge_namespace_t* ns = NativeBridgeCreateNamespace(namespace_name,
nullptr,
library_path.c_str(),
diff --git a/libprocessgroup/processgroup.cpp b/libprocessgroup/processgroup.cpp
index e9dec12..8505e61 100644
--- a/libprocessgroup/processgroup.cpp
+++ b/libprocessgroup/processgroup.cpp
@@ -200,7 +200,7 @@
cgroups.push_back(path);
}
if (CgroupGetControllerPath("memory", &path)) {
- cgroups.push_back(path);
+ cgroups.push_back(path + "/apps");
}
for (std::string cgroup_root_path : cgroups) {
@@ -317,6 +317,7 @@
CgroupGetControllerPath("cpuacct", &cpuacct_path);
CgroupGetControllerPath("memory", &memory_path);
+ memory_path += "/apps";
const char* cgroup =
(!access(ConvertUidPidToPath(cpuacct_path.c_str(), uid, initialPid).c_str(), F_OK))
@@ -380,6 +381,7 @@
std::string cgroup;
if (isMemoryCgroupSupported() && (memControl || UsePerAppMemcg())) {
CgroupGetControllerPath("memory", &cgroup);
+ cgroup += "/apps";
} else {
CgroupGetControllerPath("cpuacct", &cgroup);
}
diff --git a/libprocessgroup/profiles/Android.bp b/libprocessgroup/profiles/Android.bp
new file mode 100644
index 0000000..15d0172
--- /dev/null
+++ b/libprocessgroup/profiles/Android.bp
@@ -0,0 +1,80 @@
+// Copyright (C) 2019 The Android Open Source Project
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+// http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+
+prebuilt_etc {
+ name: "cgroups.json",
+ src: "cgroups.json",
+}
+
+prebuilt_etc {
+ name: "cgroups.recovery.json",
+ filename: "cgroups.json",
+ recovery: true,
+ src: "cgroups.recovery.json",
+}
+
+prebuilt_etc {
+ name: "task_profiles.json",
+ src: "task_profiles.json",
+}
+
+cc_library_static {
+ name: "libprocessgroup_proto",
+ host_supported: true,
+ srcs: [
+ "cgroups.proto",
+ "task_profiles.proto",
+ ],
+ proto: {
+ type: "full",
+ export_proto_headers: true,
+ },
+ cflags: [
+ "-Wall",
+ "-Werror",
+ "-Wno-unused-parameter",
+ ],
+}
+
+cc_test_host {
+ name: "libprocessgroup_proto_test",
+ srcs: [
+ "test.cpp",
+ ],
+ static_libs: [
+ "libbase",
+ "libgmock",
+ "liblog",
+ "libjsoncpp",
+ "libjsonpbverify",
+ "libjsonpbparse",
+ "libprocessgroup_proto",
+ ],
+ shared_libs: [
+ "libprotobuf-cpp-full",
+ ],
+ cflags: [
+ "-Wall",
+ "-Werror",
+ "-Wno-unused-parameter",
+ ],
+ data: [
+ "cgroups.json",
+ "cgroups.recovery.json",
+ "task_profiles.json",
+ ],
+ test_suites: [
+ "general-tests",
+ ],
+}
diff --git a/libprocessgroup/profiles/TEST_MAPPING b/libprocessgroup/profiles/TEST_MAPPING
new file mode 100644
index 0000000..5ff4112
--- /dev/null
+++ b/libprocessgroup/profiles/TEST_MAPPING
@@ -0,0 +1,8 @@
+{
+ "presubmit": [
+ {
+ "name": "libprocessgroup_proto_test",
+ "host": true
+ }
+ ]
+}
diff --git a/rootdir/cgroups.json b/libprocessgroup/profiles/cgroups.json
similarity index 100%
rename from rootdir/cgroups.json
rename to libprocessgroup/profiles/cgroups.json
diff --git a/libprocessgroup/profiles/cgroups.proto b/libprocessgroup/profiles/cgroups.proto
new file mode 100644
index 0000000..f4070c5
--- /dev/null
+++ b/libprocessgroup/profiles/cgroups.proto
@@ -0,0 +1,42 @@
+/*
+ * Copyright (C) 2019 The Android Open Source Project
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+syntax = "proto3";
+
+package android.profiles;
+
+// Next: 3
+message Cgroups {
+ repeated Cgroup cgroups = 1 [json_name = "Cgroups"];
+ Cgroups2 cgroups2 = 2 [json_name = "Cgroups2"];
+}
+
+// Next: 6
+message Cgroup {
+ string controller = 1 [json_name = "Controller"];
+ string path = 2 [json_name = "Path"];
+ string mode = 3 [json_name = "Mode"];
+ string uid = 4 [json_name = "UID"];
+ string gid = 5 [json_name = "GID"];
+}
+
+// Next: 5
+message Cgroups2 {
+ string path = 1 [json_name = "Path"];
+ string mode = 2 [json_name = "Mode"];
+ string uid = 3 [json_name = "UID"];
+ string gid = 4 [json_name = "GID"];
+}
diff --git a/rootdir/cgroups.recovery.json b/libprocessgroup/profiles/cgroups.recovery.json
similarity index 100%
rename from rootdir/cgroups.recovery.json
rename to libprocessgroup/profiles/cgroups.recovery.json
diff --git a/rootdir/task_profiles.json b/libprocessgroup/profiles/task_profiles.json
similarity index 100%
rename from rootdir/task_profiles.json
rename to libprocessgroup/profiles/task_profiles.json
diff --git a/libprocessgroup/profiles/task_profiles.proto b/libprocessgroup/profiles/task_profiles.proto
new file mode 100644
index 0000000..578f0d3
--- /dev/null
+++ b/libprocessgroup/profiles/task_profiles.proto
@@ -0,0 +1,44 @@
+/*
+ * Copyright (C) 2019 The Android Open Source Project
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+syntax = "proto3";
+
+package android.profiles;
+
+// Next: 3
+message TaskProfiles {
+ repeated Attribute attributes = 1 [json_name = "Attributes"];
+ repeated Profile profiles = 2 [json_name = "Profiles"];
+}
+
+// Next: 4
+message Attribute {
+ string name = 1 [json_name = "Name"];
+ string controller = 2 [json_name = "Controller"];
+ string file = 3 [json_name = "File"];
+}
+
+// Next: 3
+message Profile {
+ string name = 1 [json_name = "Name"];
+ repeated Action actions = 2 [json_name = "Actions"];
+}
+
+// Next: 3
+message Action {
+ string name = 1 [json_name = "Name"];
+ map<string, string> params = 2 [json_name = "Params"];
+}
diff --git a/libprocessgroup/profiles/test.cpp b/libprocessgroup/profiles/test.cpp
new file mode 100644
index 0000000..8ba14d6
--- /dev/null
+++ b/libprocessgroup/profiles/test.cpp
@@ -0,0 +1,135 @@
+/*
+ * Copyright (C) 2019 The Android Open Source Project
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+#include <string>
+
+#include <android-base/file.h>
+#include <gmock/gmock.h>
+#include <jsonpb/json_schema_test.h>
+
+#include "cgroups.pb.h"
+#include "task_profiles.pb.h"
+
+using namespace ::android::jsonpb;
+using ::android::base::GetExecutableDirectory;
+using ::testing::MatchesRegex;
+
+namespace android {
+namespace profiles {
+
+template <typename T>
+JsonSchemaTestConfigFactory MakeTestParam(const std::string& path) {
+ return jsonpb::MakeTestParam<T>(GetExecutableDirectory() + path);
+}
+
+TEST(LibProcessgroupProto, EmptyMode) {
+ EXPECT_EQ(0, strtoul("", nullptr, 8))
+ << "Empty mode string cannot be silently converted to 0; this should not happen";
+}
+
+class CgroupsTest : public JsonSchemaTest {
+ public:
+ void SetUp() override {
+ JsonSchemaTest::SetUp();
+ cgroups_ = static_cast<Cgroups*>(message());
+ }
+ Cgroups* cgroups_;
+};
+
+TEST_P(CgroupsTest, CgroupRequiredFields) {
+ for (int i = 0; i < cgroups_->cgroups_size(); ++i) {
+ auto&& cgroup = cgroups_->cgroups(i);
+ EXPECT_FALSE(cgroup.controller().empty())
+ << "No controller name for cgroup #" << i << " in " << file_path_;
+ EXPECT_FALSE(cgroup.path().empty()) << "No path for cgroup #" << i << " in " << file_path_;
+ }
+}
+
+TEST_P(CgroupsTest, Cgroup2RequiredFields) {
+ if (cgroups_->has_cgroups2()) {
+ EXPECT_FALSE(cgroups_->cgroups2().path().empty())
+ << "No path for cgroup2 in " << file_path_;
+ }
+}
+
+// "Mode" field must be in the format of "0xxx".
+static constexpr const char* REGEX_MODE = "(0[0-7]{3})?";
+TEST_P(CgroupsTest, CgroupMode) {
+ for (int i = 0; i < cgroups_->cgroups_size(); ++i) {
+ EXPECT_THAT(cgroups_->cgroups(i).mode(), MatchesRegex(REGEX_MODE))
+ << "For cgroup controller #" << i << " in " << file_path_;
+ }
+}
+
+TEST_P(CgroupsTest, Cgroup2Mode) {
+ EXPECT_THAT(cgroups_->cgroups2().mode(), MatchesRegex(REGEX_MODE))
+ << "For cgroups2 in " << file_path_;
+}
+
+class TaskProfilesTest : public JsonSchemaTest {
+ public:
+ void SetUp() override {
+ JsonSchemaTest::SetUp();
+ task_profiles_ = static_cast<TaskProfiles*>(message());
+ }
+ TaskProfiles* task_profiles_;
+};
+
+TEST_P(TaskProfilesTest, AttributeRequiredFields) {
+ for (int i = 0; i < task_profiles_->attributes_size(); ++i) {
+ auto&& attribute = task_profiles_->attributes(i);
+ EXPECT_FALSE(attribute.name().empty())
+ << "No name for attribute #" << i << " in " << file_path_;
+ EXPECT_FALSE(attribute.controller().empty())
+ << "No controller for attribute #" << i << " in " << file_path_;
+ EXPECT_FALSE(attribute.file().empty())
+ << "No file for attribute #" << i << " in " << file_path_;
+ }
+}
+
+TEST_P(TaskProfilesTest, ProfileRequiredFields) {
+ for (int profile_idx = 0; profile_idx < task_profiles_->profiles_size(); ++profile_idx) {
+ auto&& profile = task_profiles_->profiles(profile_idx);
+ EXPECT_FALSE(profile.name().empty())
+ << "No name for profile #" << profile_idx << " in " << file_path_;
+ for (int action_idx = 0; action_idx < profile.actions_size(); ++action_idx) {
+ auto&& action = profile.actions(action_idx);
+ EXPECT_FALSE(action.name().empty())
+ << "No name for profiles[" << profile_idx << "].actions[" << action_idx
+ << "] in " << file_path_;
+ }
+ }
+}
+
+// Test suite instantiations
+
+INSTANTIATE_TEST_SUITE_P(, JsonSchemaTest,
+ ::testing::Values(MakeTestParam<Cgroups>("/cgroups.json"),
+ MakeTestParam<Cgroups>("/cgroups.recovery.json"),
+ MakeTestParam<TaskProfiles>("/task_profiles.json")));
+INSTANTIATE_TEST_SUITE_P(, CgroupsTest,
+ ::testing::Values(MakeTestParam<Cgroups>("/cgroups.json"),
+ MakeTestParam<Cgroups>("/cgroups.recovery.json")));
+INSTANTIATE_TEST_SUITE_P(, TaskProfilesTest,
+ ::testing::Values(MakeTestParam<TaskProfiles>("/task_profiles.json")));
+
+} // namespace profiles
+} // namespace android
+
+int main(int argc, char** argv) {
+ ::testing::InitGoogleTest(&argc, argv);
+ return RUN_ALL_TESTS();
+}
diff --git a/libunwindstack/Android.bp b/libunwindstack/Android.bp
index c90f5b2..a49fd9e 100644
--- a/libunwindstack/Android.bp
+++ b/libunwindstack/Android.bp
@@ -95,7 +95,6 @@
"DexFiles.cpp",
],
exclude_shared_libs: [
- "libdexfile_external",
"libdexfile_support",
],
},
@@ -106,7 +105,6 @@
"DexFiles.cpp",
],
exclude_shared_libs: [
- "libdexfile_external",
"libdexfile_support",
],
},
@@ -137,7 +135,6 @@
shared_libs: [
"libbase",
- "libdexfile_external",
"libdexfile_support",
"liblog",
"liblzma",
diff --git a/libziparchive/Android.bp b/libziparchive/Android.bp
index cbca1ce..9538bba 100644
--- a/libziparchive/Android.bp
+++ b/libziparchive/Android.bp
@@ -126,7 +126,6 @@
},
},
test_suites: ["device-tests"],
- test_config: "ziparchive-tests.xml", // TODO: Remove after b/117891984.
}
// Performance benchmarks.
diff --git a/libziparchive/ziparchive-tests.xml b/libziparchive/ziparchive-tests.xml
deleted file mode 100644
index 2be0a99..0000000
--- a/libziparchive/ziparchive-tests.xml
+++ /dev/null
@@ -1,30 +0,0 @@
-<?xml version="1.0" encoding="utf-8"?>
-<!-- Copyright (C) 2019 The Android Open Source Project
-
- Licensed under the Apache License, Version 2.0 (the "License");
- you may not use this file except in compliance with the License.
- You may obtain a copy of the License at
-
- http://www.apache.org/licenses/LICENSE-2.0
-
- Unless required by applicable law or agreed to in writing, software
- distributed under the License is distributed on an "AS IS" BASIS,
- WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- See the License for the specific language governing permissions and
- limitations under the License.
--->
-<!-- Derived from auto-generated config. b/117891984 & b/124515549. -->
-<configuration description="Runs ziparchive-tests.">
- <option name="test-suite-tag" value="apct" />
- <option name="test-suite-tag" value="apct-native" />
- <target_preparer class="com.android.tradefed.targetprep.PushFilePreparer">
- <option name="cleanup" value="true" />
- <option name="push" value="ziparchive-tests->/data/local/tmp/ziparchive-tests/ziparchive-tests" />
- <option name="push" value="testdata->/data/local/tmp/ziparchive-tests/testdata" />
- </target_preparer>
-
- <test class="com.android.tradefed.testtype.GTest" >
- <option name="native-test-device-path" value="/data/local/tmp/ziparchive-tests" />
- <option name="module-name" value="ziparchive-tests" />
- </test>
-</configuration>
diff --git a/lmkd/lmkd.c b/lmkd/lmkd.c
index 562e578..98b3aa1 100644
--- a/lmkd/lmkd.c
+++ b/lmkd/lmkd.c
@@ -1694,16 +1694,6 @@
static unsigned long report_skip_count = 0;
if (!use_minfree_levels) {
- /* If pressure level is less than critical and enough free swap then ignore */
- if (level < VMPRESS_LEVEL_CRITICAL &&
- mi.field.free_swap > low_pressure_mem.max_nr_free_pages) {
- if (debug_process_killing) {
- ALOGI("Ignoring pressure since %" PRId64
- " swap pages are available ",
- mi.field.free_swap);
- }
- return;
- }
/* Free up enough memory to downgrate the memory pressure to low level */
if (mi.field.nr_free_pages >= low_pressure_mem.max_nr_free_pages) {
if (debug_process_killing) {
diff --git a/rootdir/Android.mk b/rootdir/Android.mk
index b5e5a71..8754fb5 100644
--- a/rootdir/Android.mk
+++ b/rootdir/Android.mk
@@ -44,6 +44,7 @@
# TODO(b/124106384): Clean up compat symlinks for ART binaries.
ART_BINARIES= \
+ dalvikvm \
dalvikvm32 \
dalvikvm64 \
dex2oat \
@@ -64,38 +65,6 @@
include $(BUILD_PREBUILT)
#######################################
-# cgroups.json
-include $(CLEAR_VARS)
-
-LOCAL_MODULE := cgroups.json
-LOCAL_SRC_FILES := $(LOCAL_MODULE)
-LOCAL_MODULE_CLASS := ETC
-LOCAL_MODULE_PATH := $(TARGET_OUT_ETC)
-
-include $(BUILD_PREBUILT)
-
-#######################################
-# cgroups.json for recovery
-include $(CLEAR_VARS)
-LOCAL_MODULE := cgroups.recovery.json
-LOCAL_SRC_FILES := $(LOCAL_MODULE)
-LOCAL_MODULE_CLASS := ETC
-LOCAL_MODULE_PATH := $(TARGET_RECOVERY_ROOT_OUT)/system/etc
-LOCAL_MODULE_STEM := cgroups.json
-include $(BUILD_PREBUILT)
-
-#######################################
-# task_profiles.json
-include $(CLEAR_VARS)
-
-LOCAL_MODULE := task_profiles.json
-LOCAL_SRC_FILES := $(LOCAL_MODULE)
-LOCAL_MODULE_CLASS := ETC
-LOCAL_MODULE_PATH := $(TARGET_OUT_ETC)
-
-include $(BUILD_PREBUILT)
-
-#######################################
# asan.options
ifneq ($(filter address,$(SANITIZE_TARGET)),)
diff --git a/rootdir/etc/ld.config.legacy.txt b/rootdir/etc/ld.config.legacy.txt
index 2d44bb6..0cde3f2 100644
--- a/rootdir/etc/ld.config.legacy.txt
+++ b/rootdir/etc/ld.config.legacy.txt
@@ -91,6 +91,8 @@
namespace.media.search.paths = /apex/com.android.media/${LIB}
namespace.media.asan.search.paths = /apex/com.android.media/${LIB}
+namespace.media.permitted.paths = /apex/com.android.media/${LIB}/extractors
+
namespace.media.links = default
namespace.media.link.default.shared_libs = %LLNDK_LIBRARIES%
namespace.media.link.default.shared_libs += libandroid.so
@@ -114,6 +116,7 @@
namespace.conscrypt.link.default.shared_libs = libc.so
namespace.conscrypt.link.default.shared_libs += libm.so
namespace.conscrypt.link.default.shared_libs += libdl.so
+namespace.conscrypt.link.default.shared_libs += liblog.so
###############################################################################
# "resolv" APEX namespace
@@ -130,6 +133,7 @@
namespace.resolv.link.default.shared_libs += libm.so
namespace.resolv.link.default.shared_libs += libdl.so
namespace.resolv.link.default.shared_libs += libbinder_ndk.so
+namespace.resolv.link.default.shared_libs += liblog.so
namespace.resolv.link.default.shared_libs += libvndksupport.so
###############################################################################
diff --git a/rootdir/etc/ld.config.txt b/rootdir/etc/ld.config.txt
index 44b7035..28703d2 100644
--- a/rootdir/etc/ld.config.txt
+++ b/rootdir/etc/ld.config.txt
@@ -169,6 +169,8 @@
namespace.media.search.paths = /apex/com.android.media/${LIB}
namespace.media.asan.search.paths = /apex/com.android.media/${LIB}
+namespace.media.permitted.paths = /apex/com.android.media/${LIB}/extractors
+
namespace.media.links = default
namespace.media.link.default.shared_libs = %LLNDK_LIBRARIES%
namespace.media.link.default.shared_libs += libandroid.so
@@ -192,6 +194,7 @@
namespace.conscrypt.link.default.shared_libs = libc.so
namespace.conscrypt.link.default.shared_libs += libm.so
namespace.conscrypt.link.default.shared_libs += libdl.so
+namespace.conscrypt.link.default.shared_libs += liblog.so
###############################################################################
# "resolv" APEX namespace
@@ -208,6 +211,7 @@
namespace.resolv.link.default.shared_libs += libm.so
namespace.resolv.link.default.shared_libs += libdl.so
namespace.resolv.link.default.shared_libs += libbinder_ndk.so
+namespace.resolv.link.default.shared_libs += liblog.so
namespace.resolv.link.default.shared_libs += libvndksupport.so
###############################################################################
@@ -485,7 +489,8 @@
namespace.system.link.runtime.shared_libs += libnativebridge.so
namespace.system.link.runtime.shared_libs += libnativehelper.so
namespace.system.link.runtime.shared_libs += libnativeloader.so
-
+# Workaround for b/124772622
+namespace.system.link.runtime.shared_libs += libandroidicu.so
###############################################################################
# Namespace config for native tests that need access to both system and vendor
@@ -550,6 +555,8 @@
namespace.media.search.paths = /apex/com.android.media/${LIB}
namespace.media.asan.search.paths = /apex/com.android.media/${LIB}
+namespace.media.permitted.paths = /apex/com.android.media/${LIB}/extractors
+
namespace.media.links = default
namespace.media.link.default.shared_libs = %LLNDK_LIBRARIES%
namespace.media.link.default.shared_libs += libandroid.so
@@ -573,6 +580,7 @@
namespace.conscrypt.link.default.shared_libs = libc.so
namespace.conscrypt.link.default.shared_libs += libm.so
namespace.conscrypt.link.default.shared_libs += libdl.so
+namespace.conscrypt.link.default.shared_libs += liblog.so
###############################################################################
# "resolv" APEX namespace
@@ -589,6 +597,7 @@
namespace.resolv.link.default.shared_libs += libm.so
namespace.resolv.link.default.shared_libs += libdl.so
namespace.resolv.link.default.shared_libs += libbinder_ndk.so
+namespace.resolv.link.default.shared_libs += liblog.so
###############################################################################
diff --git a/rootdir/etc/ld.config.vndk_lite.txt b/rootdir/etc/ld.config.vndk_lite.txt
index 92f287c..a5beb4e 100644
--- a/rootdir/etc/ld.config.vndk_lite.txt
+++ b/rootdir/etc/ld.config.vndk_lite.txt
@@ -20,6 +20,13 @@
dir.vendor = /data/benchmarktest/vendor
dir.vendor = /data/benchmarktest64/vendor
+dir.unrestricted = /data/nativetest/unrestricted
+dir.unrestricted = /data/nativetest64/unrestricted
+
+# TODO(b/123864775): Ensure tests are run from /data/nativetest{,64} or (if
+# necessary) the unrestricted subdirs above. Then clean this up.
+dir.unrestricted = /data/local/tmp
+
dir.system = /data/nativetest
dir.system = /data/nativetest64
dir.system = /data/benchmarktest
@@ -110,6 +117,8 @@
namespace.media.search.paths = /apex/com.android.media/${LIB}
namespace.media.asan.search.paths = /apex/com.android.media/${LIB}
+namespace.media.permitted.paths = /apex/com.android.media/${LIB}/extractors
+
namespace.media.links = default
namespace.media.link.default.shared_libs = %LLNDK_LIBRARIES%
namespace.media.link.default.shared_libs += libandroid.so
@@ -133,6 +142,7 @@
namespace.conscrypt.link.default.shared_libs = libc.so
namespace.conscrypt.link.default.shared_libs += libm.so
namespace.conscrypt.link.default.shared_libs += libdl.so
+namespace.conscrypt.link.default.shared_libs += liblog.so
###############################################################################
# "resolv" APEX namespace
@@ -149,6 +159,7 @@
namespace.resolv.link.default.shared_libs += libm.so
namespace.resolv.link.default.shared_libs += libdl.so
namespace.resolv.link.default.shared_libs += libbinder_ndk.so
+namespace.resolv.link.default.shared_libs += liblog.so
namespace.resolv.link.default.shared_libs += libvndksupport.so
###############################################################################
@@ -344,6 +355,8 @@
namespace.default.link.runtime.shared_libs += libnativebridge.so
namespace.default.link.runtime.shared_libs += libnativehelper.so
namespace.default.link.runtime.shared_libs += libnativeloader.so
+# Workaround for b/124772622
+namespace.default.link.runtime.shared_libs += libandroidicu.so
###############################################################################
# "runtime" APEX namespace
@@ -361,6 +374,111 @@
namespace.runtime.link.default.allow_all_shared_libs = true
###############################################################################
+# Namespace config for native tests that need access to both system and vendor
+# libraries. This replicates the default linker config (done by
+# init_default_namespace_no_config in bionic/linker/linker.cpp), except that it
+# includes the requisite namespace setup for APEXes.
+###############################################################################
+[unrestricted]
+additional.namespaces = runtime,media,conscrypt,resolv
+
+namespace.default.search.paths = /system/${LIB}
+namespace.default.search.paths += /odm/${LIB}
+namespace.default.search.paths += /vendor/${LIB}
+
+namespace.default.asan.search.paths = /data/asan/system/${LIB}
+namespace.default.asan.search.paths += /system/${LIB}
+namespace.default.asan.search.paths += /data/asan/odm/${LIB}
+namespace.default.asan.search.paths += /odm/${LIB}
+namespace.default.asan.search.paths += /data/asan/vendor/${LIB}
+namespace.default.asan.search.paths += /vendor/${LIB}
+
+# Keep in sync with ld.config.txt in the com.android.runtime APEX.
+namespace.default.links = runtime,resolv
+namespace.default.visible = true
+
+namespace.default.link.runtime.shared_libs = libart.so:libartd.so
+namespace.default.link.runtime.shared_libs += libdexfile_external.so
+namespace.default.link.runtime.shared_libs += libnativebridge.so
+namespace.default.link.runtime.shared_libs += libnativehelper.so
+namespace.default.link.runtime.shared_libs += libnativeloader.so
+namespace.default.link.runtime.shared_libs += libandroidicu.so
+
+# TODO(b/122876336): Remove libpac.so once it's migrated to Webview
+namespace.default.link.runtime.shared_libs += libpac.so
+
+namespace.default.link.resolv.shared_libs = libnetd_resolv.so
+
+###############################################################################
+# "runtime" APEX namespace
+#
+# This namespace exposes externally accessible libraries from the Runtime APEX.
+###############################################################################
+namespace.runtime.isolated = true
+namespace.runtime.visible = true
+
+# Keep in sync with ld.config.txt in the com.android.runtime APEX.
+namespace.runtime.search.paths = /apex/com.android.runtime/${LIB}
+namespace.runtime.asan.search.paths = /apex/com.android.runtime/${LIB}
+namespace.runtime.links = default
+# TODO(b/119867084): Restrict to Bionic dlopen dependencies and PALette library
+# when it exists.
+namespace.runtime.link.default.allow_all_shared_libs = true
+
+###############################################################################
+# "media" APEX namespace
+#
+# This namespace is for libraries within the media APEX.
+###############################################################################
+namespace.media.isolated = true
+namespace.media.visible = true
+
+namespace.media.search.paths = /apex/com.android.media/${LIB}
+namespace.media.asan.search.paths = /apex/com.android.media/${LIB}
+
+namespace.media.permitted.paths = /apex/com.android.media/${LIB}/extractors
+
+namespace.media.links = default
+namespace.media.link.default.shared_libs = %LLNDK_LIBRARIES%
+namespace.media.link.default.shared_libs += libandroid.so
+namespace.media.link.default.shared_libs += libbinder_ndk.so
+namespace.media.link.default.shared_libs += libmediametrics.so
+namespace.media.link.default.shared_libs += %SANITIZER_RUNTIME_LIBRARIES%
+
+###############################################################################
+# "conscrypt" APEX namespace
+#
+# This namespace is for libraries within the conscrypt APEX.
+###############################################################################
+namespace.conscrypt.isolated = true
+namespace.conscrypt.visible = true
+
+# Keep in sync with ld.config.txt in the com.android.runtime APEX.
+namespace.conscrypt.search.paths = /apex/com.android.conscrypt/${LIB}
+namespace.conscrypt.asan.search.paths = /apex/com.android.conscrypt/${LIB}
+namespace.conscrypt.links = runtime,default
+namespace.conscrypt.link.runtime.shared_libs = libjavacore.so
+namespace.conscrypt.link.default.shared_libs = libc.so
+namespace.conscrypt.link.default.shared_libs += libm.so
+namespace.conscrypt.link.default.shared_libs += libdl.so
+
+###############################################################################
+# "resolv" APEX namespace
+#
+# This namespace is for libraries within the resolv APEX.
+###############################################################################
+namespace.resolv.isolated = true
+namespace.resolv.visible = true
+
+namespace.resolv.search.paths = /apex/com.android.resolv/${LIB}
+namespace.resolv.asan.search.paths = /apex/com.android.resolv/${LIB}
+namespace.resolv.links = default
+namespace.resolv.link.default.shared_libs = libc.so
+namespace.resolv.link.default.shared_libs += libm.so
+namespace.resolv.link.default.shared_libs += libdl.so
+namespace.resolv.link.default.shared_libs += libbinder_ndk.so
+
+###############################################################################
# Namespace config for binaries under /postinstall.
# Only default namespace is defined and default has no directories
# other than /system/lib in the search paths. This is because linker calls
diff --git a/rootdir/init.rc b/rootdir/init.rc
index 8bd7c4c..1c84d15 100644
--- a/rootdir/init.rc
+++ b/rootdir/init.rc
@@ -577,9 +577,6 @@
# Set SELinux security contexts on upgrade or policy update.
restorecon --recursive --skip-ce /data
- # Check any timezone data in /data is newer than the copy in the runtime module, delete if not.
- exec - system system -- /system/bin/tzdatacheck /apex/com.android.runtime/etc/tz /data/misc/zoneinfo
-
# load fsverity keys
exec -- /system/bin/mini-keyctl -c /product/etc/security/cacerts_fsverity,/vendor/etc/security/cacerts_fsverity -k .fs-verity
@@ -591,6 +588,9 @@
setup_runtime_bionic
parse_apex_configs
+ # Check any timezone data in /data is newer than the copy in the runtime module, delete if not.
+ exec - system system -- /system/bin/tzdatacheck /apex/com.android.runtime/etc/tz /data/misc/zoneinfo
+
# If there is no post-fs-data action in the init.<device>.rc file, you
# must uncomment this line, otherwise encrypted filesystems
# won't work.