Merge "init: use libfscrypt for file-based encryption setup"
diff --git a/base/include/android-base/file.h b/base/include/android-base/file.h
index 8f9bf80..86d537d 100644
--- a/base/include/android-base/file.h
+++ b/base/include/android-base/file.h
@@ -20,6 +20,8 @@
#include <sys/types.h>
#include <string>
+#include "android-base/off64_t.h"
+
#if !defined(_WIN32) && !defined(O_BINARY)
/** Windows needs O_BINARY, but Unix never mangles line endings. */
#define O_BINARY 0
@@ -30,11 +32,6 @@
#define O_CLOEXEC O_NOINHERIT
#endif
-#if defined(__APPLE__)
-/** Mac OS has always had a 64-bit off_t, so it doesn't have off64_t. */
-typedef off_t off64_t;
-#endif
-
namespace android {
namespace base {
diff --git a/base/include/android-base/mapped_file.h b/base/include/android-base/mapped_file.h
index 667ba7e..80513b1 100644
--- a/base/include/android-base/mapped_file.h
+++ b/base/include/android-base/mapped_file.h
@@ -16,12 +16,8 @@
#pragma once
-#if __APPLE__
-/* Temporary Mac build fix for off64_t. TODO: refactor into `portability.h`. */
-#include "android-base/file.h"
-#endif
-
#include "android-base/macros.h"
+#include "android-base/off64_t.h"
#include <sys/types.h>
diff --git a/base/include/android-base/off64_t.h b/base/include/android-base/off64_t.h
new file mode 100644
index 0000000..e6b71b8
--- /dev/null
+++ b/base/include/android-base/off64_t.h
@@ -0,0 +1,22 @@
+/*
+ * Copyright (C) 2018 The Android Open Source Project
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+#pragma once
+
+#if defined(__APPLE__)
+/** Mac OS has always had a 64-bit off_t, so it doesn't have off64_t. */
+typedef off_t off64_t;
+#endif
diff --git a/fastboot/device/flashing.cpp b/fastboot/device/flashing.cpp
index 2347496..66b90bf 100644
--- a/fastboot/device/flashing.cpp
+++ b/fastboot/device/flashing.cpp
@@ -21,10 +21,15 @@
#include <algorithm>
#include <memory>
+#include <set>
+#include <string>
+#include <android-base/file.h>
#include <android-base/logging.h>
#include <android-base/strings.h>
#include <ext4_utils/ext4_utils.h>
+#include <fs_mgr_overlayfs.h>
+#include <fstab/fstab.h>
#include <liblp/builder.h>
#include <liblp/liblp.h>
#include <sparse/sparse.h>
@@ -32,13 +37,35 @@
#include "fastboot_device.h"
#include "utility.h"
+using namespace android::fs_mgr;
+using namespace std::literals;
+
namespace {
constexpr uint32_t SPARSE_HEADER_MAGIC = 0xed26ff3a;
-} // namespace
+void WipeOverlayfsForPartition(FastbootDevice* device, const std::string& partition_name) {
+ // May be called, in the case of sparse data, multiple times so cache/skip.
+ static std::set<std::string> wiped;
+ if (wiped.find(partition_name) != wiped.end()) return;
+ wiped.insert(partition_name);
+ // Following appears to have a first time 2% impact on flashing speeds.
-using namespace android::fs_mgr;
+ // Convert partition_name to a validated mount point and wipe.
+ std::unique_ptr<fstab, decltype(&fs_mgr_free_fstab)> fstab(fs_mgr_read_fstab_default(),
+ fs_mgr_free_fstab);
+ for (auto i = 0; i < fstab->num_entries; i++) {
+ const auto mount_point = fstab->recs[i].mount_point;
+ if (!mount_point) continue;
+ auto partition = android::base::Basename(mount_point);
+ if ("/"s == mount_point) partition = "system";
+ if ((partition + device->GetCurrentSlot()) == partition_name) {
+ fs_mgr_overlayfs_teardown(mount_point);
+ }
+ }
+}
+
+} // namespace
int FlashRawDataChunk(int fd, const char* data, size_t len) {
size_t ret = 0;
@@ -101,15 +128,11 @@
} else if (data.size() > get_block_device_size(handle.fd())) {
return -EOVERFLOW;
}
+ WipeOverlayfsForPartition(device, partition_name);
return FlashBlockDevice(handle.fd(), data);
}
-bool UpdateSuper(FastbootDevice* device, const std::string& partition_name, bool wipe) {
- std::optional<std::string> super = FindPhysicalPartition(partition_name);
- if (!super) {
- return device->WriteFail("Could not find partition: " + partition_name);
- }
-
+bool UpdateSuper(FastbootDevice* device, const std::string& super_name, bool wipe) {
std::vector<char> data = std::move(device->download_data());
if (data.empty()) {
return device->WriteFail("No data available");
@@ -125,47 +148,17 @@
// image.
std::string slot_suffix = device->GetCurrentSlot();
uint32_t slot_number = SlotNumberForSlotSuffix(slot_suffix);
- std::unique_ptr<LpMetadata> metadata = ReadMetadata(super->c_str(), slot_number);
- if (!metadata || wipe) {
- if (!FlashPartitionTable(super.value(), *new_metadata.get())) {
+ if (wipe || !ReadMetadata(super_name, slot_number)) {
+ if (!FlashPartitionTable(super_name, *new_metadata.get())) {
return device->WriteFail("Unable to flash new partition table");
}
return device->WriteOkay("Successfully flashed partition table");
}
- // There's a working super partition, and we don't want to wipe it - it may
- // may contain partitions created for the user. Instead, we create a zero-
- // sized partition for each entry in the new partition table. It is then
- // the host's responsibility to size it correctly via resize-logical-partition.
- std::unique_ptr<MetadataBuilder> builder = MetadataBuilder::New(*metadata.get());
- if (!builder) {
- return device->WriteFail("Unable to create a metadata builder");
- }
- for (const auto& partition : new_metadata->partitions) {
- std::string name = GetPartitionName(partition);
- if (builder->FindPartition(name)) {
- continue;
- }
- if (!builder->AddPartition(name, partition.attributes)) {
- return device->WriteFail("Unable to add partition: " + name);
- }
- }
-
- // The scratch partition may exist as temporary storage, created for
- // use by adb remount for overlayfs. If we're performing a flashall
- // operation then we want to start over with a clean slate, so we
- // remove the scratch partition until it is requested again.
- builder->RemovePartition("scratch");
-
- new_metadata = builder->Export();
- if (!new_metadata) {
- return device->WriteFail("Unable to export new partition table");
- }
-
// Write the new table to every metadata slot.
bool ok = true;
for (size_t i = 0; i < new_metadata->geometry.metadata_slot_count; i++) {
- ok &= UpdatePartitionTable(super.value(), *new_metadata.get(), i);
+ ok &= UpdatePartitionTable(super_name, *new_metadata.get(), i);
}
if (!ok) {
diff --git a/fastboot/device/flashing.h b/fastboot/device/flashing.h
index 89e20fc..b15f28b 100644
--- a/fastboot/device/flashing.h
+++ b/fastboot/device/flashing.h
@@ -22,4 +22,4 @@
class FastbootDevice;
int Flash(FastbootDevice* device, const std::string& partition_name);
-bool UpdateSuper(FastbootDevice* device, const std::string& partition_name, bool wipe);
+bool UpdateSuper(FastbootDevice* device, const std::string& super_name, bool wipe);
diff --git a/fastboot/fastboot.cpp b/fastboot/fastboot.cpp
index 81350fd..3c6b1b7 100644
--- a/fastboot/fastboot.cpp
+++ b/fastboot/fastboot.cpp
@@ -852,7 +852,7 @@
buf->image_size = sz;
}
- lseek64(fd, 0, SEEK_SET);
+ lseek(fd, 0, SEEK_SET);
int64_t limit = get_sparse_limit(sz);
if (limit) {
sparse_file** s = load_sparse_files(fd, limit);
@@ -1092,12 +1092,20 @@
}
}
+static bool is_logical(const std::string& partition) {
+ std::string value;
+ return fb->GetVar("is-logical:" + partition, &value) == fastboot::SUCCESS && value == "yes";
+}
+
static void do_flash(const char* pname, const char* fname) {
struct fastboot_buffer buf;
if (!load_buf(fname, &buf)) {
die("cannot load '%s': %s", fname, strerror(errno));
}
+ if (is_logical(pname)) {
+ fb->ResizePartition(pname, std::to_string(buf.image_size));
+ }
flash_buf(pname, &buf);
}
@@ -1140,11 +1148,6 @@
return fb->GetVar("partition-size:" + partition_name, &partition_size) == fastboot::SUCCESS;
}
-static bool is_logical(const std::string& partition) {
- std::string value;
- return fb->GetVar("is-logical:" + partition, &value) == fastboot::SUCCESS && value == "yes";
-}
-
static void reboot_to_userspace_fastboot() {
fb->RebootTo("fastboot");
diff --git a/fs_mgr/tests/adb-remount-test.sh b/fs_mgr/tests/adb-remount-test.sh
index d4ca574..5ef4794 100755
--- a/fs_mgr/tests/adb-remount-test.sh
+++ b/fs_mgr/tests/adb-remount-test.sh
@@ -251,8 +251,33 @@
B="`adb_cat /vendor/hello`" ||
die "re-read vendor hello after reboot"
check_eq "${A}" "${B}" vendor after reboot
+
+adb reboot-fastboot &&
+ fastboot flash vendor &&
+ fastboot reboot ||
+ die "fastbootd flash vendor"
+adb_wait &&
+ adb_root &&
+ adb_wait &&
+ adb_sh df -k </dev/null | head -1 &&
+ adb_sh df -k </dev/null | grep "^overlay " &&
+ adb_sh df -k </dev/null | grep "^overlay .* /system\$" >/dev/null ||
+ die "overlay system takeover after flash vendor"
+adb_sh df -k </dev/null | grep "^overlay .* /vendor\$" >/dev/null &&
+ die "overlay minus vendor takeover after flash vendor"
+B="`adb_cat /system/hello`" ||
+ die "re-read system hello after flash vendor"
+check_eq "${A}" "${B}" system after flash vendor
+adb_root &&
+ adb_wait ||
+ die "adb root"
+B="`adb_cat /vendor/hello`" &&
+ die "re-read vendor hello after flash vendor"
+check_eq "cat: /vendor/hello: No such file or directory" "${B}" vendor after flash vendor
+
adb remount &&
- adb_sh rm /system/hello /vendor/hello </dev/null ||
+ ( adb_sh rm /vendor/hello </dev/null 2>/dev/null || true ) &&
+ adb_sh rm /system/hello </dev/null ||
die "cleanup hello"
B="`adb_cat /system/hello`" &&
die "re-read system hello after rm"
diff --git a/init/action_parser.cpp b/init/action_parser.cpp
index 2d497b3..4f8bd16 100644
--- a/init/action_parser.cpp
+++ b/init/action_parser.cpp
@@ -40,6 +40,18 @@
return true;
}
+ static constexpr const char* kPartnerPrefixes[] = {
+ "init.svc.vendor.", "ro.vendor.", "persist.vendor.",
+ "vendor.", "init.svc.odm.", "ro.odm.",
+ "persist.odm.", "odm.", "ro.boot.",
+ };
+
+ for (const auto& prefix : kPartnerPrefixes) {
+ if (android::base::StartsWith(prop_name, prefix)) {
+ return true;
+ }
+ }
+
return CanReadProperty(subcontext->context(), prop_name);
}
diff --git a/init/parser.cpp b/init/parser.cpp
index fa0fd11..bbfbdc6 100644
--- a/init/parser.cpp
+++ b/init/parser.cpp
@@ -53,7 +53,12 @@
int section_start_line = -1;
std::vector<std::string> args;
+ // If we encounter a bad section start, there is no valid parser object to parse the subsequent
+ // sections, so we must suppress errors until the next valid section is found.
+ bool bad_section_found = false;
+
auto end_section = [&] {
+ bad_section_found = false;
if (section_parser == nullptr) return;
if (auto result = section_parser->EndSection(); !result) {
@@ -101,6 +106,7 @@
parse_error_count_++;
LOG(ERROR) << filename << ": " << state.line << ": " << result.error();
section_parser = nullptr;
+ bad_section_found = true;
}
} else if (section_parser) {
if (auto result = section_parser->ParseLineSection(std::move(args), state.line);
@@ -108,7 +114,7 @@
parse_error_count_++;
LOG(ERROR) << filename << ": " << state.line << ": " << result.error();
}
- } else {
+ } else if (!bad_section_found) {
parse_error_count_++;
LOG(ERROR) << filename << ": " << state.line
<< ": Invalid section keyword found";
diff --git a/libcutils/include/cutils/sockets.h b/libcutils/include/cutils/sockets.h
index b24468b..285f150 100644
--- a/libcutils/include/cutils/sockets.h
+++ b/libcutils/include/cutils/sockets.h
@@ -14,8 +14,7 @@
* limitations under the License.
*/
-#ifndef __CUTILS_SOCKETS_H
-#define __CUTILS_SOCKETS_H
+#pragma once
#include <errno.h>
#include <limits.h>
@@ -141,19 +140,6 @@
const cutils_socket_buffer_t* buffers,
size_t num_buffers);
-/*
- * socket_peer_is_trusted - Takes a socket which is presumed to be a
- * connected local socket (e.g. AF_LOCAL) and returns whether the peer
- * (the userid that owns the process on the other end of that socket)
- * is one of the two trusted userids, root or shell.
- *
- * Note: This only works as advertised on the Android OS and always
- * just returns true when called on other operating systems.
- */
-extern bool socket_peer_is_trusted(int fd);
-
#ifdef __cplusplus
}
#endif
-
-#endif /* __CUTILS_SOCKETS_H */
diff --git a/libcutils/sockets_unix.cpp b/libcutils/sockets_unix.cpp
index 0cb8a4d..2248817 100644
--- a/libcutils/sockets_unix.cpp
+++ b/libcutils/sockets_unix.cpp
@@ -32,34 +32,6 @@
#include "android_get_control_env.h"
-#if defined(__ANDROID__)
-/* For the socket trust (credentials) check */
-#include <private/android_filesystem_config.h>
-#define __android_unused
-#else
-#define __android_unused __attribute__((__unused__))
-#endif
-
-bool socket_peer_is_trusted(int fd __android_unused) {
-#if defined(__ANDROID__)
- ucred cr;
- socklen_t len = sizeof(cr);
- int n = getsockopt(fd, SOL_SOCKET, SO_PEERCRED, &cr, &len);
-
- if (n != 0) {
- ALOGE("could not get socket credentials: %s\n", strerror(errno));
- return false;
- }
-
- if ((cr.uid != AID_ROOT) && (cr.uid != AID_SHELL)) {
- ALOGE("untrusted userid on other end of socket: userid %d\n", cr.uid);
- return false;
- }
-#endif
-
- return true;
-}
-
int socket_close(int sock) {
return close(sock);
}
diff --git a/libziparchive/Android.bp b/libziparchive/Android.bp
index 608afb7..2095189 100644
--- a/libziparchive/Android.bp
+++ b/libziparchive/Android.bp
@@ -73,6 +73,7 @@
enabled: true,
},
double_loadable: true,
+ export_shared_lib_headers: ["libbase"],
defaults: [
"libziparchive_defaults",
diff --git a/libziparchive/include/ziparchive/zip_archive.h b/libziparchive/include/ziparchive/zip_archive.h
index 3952532..ab38dfd 100644
--- a/libziparchive/include/ziparchive/zip_archive.h
+++ b/libziparchive/include/ziparchive/zip_archive.h
@@ -25,6 +25,8 @@
#include <sys/cdefs.h>
#include <sys/types.h>
+#include "android-base/off64_t.h"
+
/* Zip compression methods we support */
enum {
kCompressStored = 0, // no compression
diff --git a/libziparchive/include/ziparchive/zip_archive_stream_entry.h b/libziparchive/include/ziparchive/zip_archive_stream_entry.h
index b4766f8..8c6ca79 100644
--- a/libziparchive/include/ziparchive/zip_archive_stream_entry.h
+++ b/libziparchive/include/ziparchive/zip_archive_stream_entry.h
@@ -15,12 +15,13 @@
*/
// Read-only stream access to Zip archives entries.
-#ifndef LIBZIPARCHIVE_ZIPARCHIVESTREAMENTRY_H_
-#define LIBZIPARCHIVE_ZIPARCHIVESTREAMENTRY_H_
+#pragma once
+
+#include <ziparchive/zip_archive.h>
#include <vector>
-#include <ziparchive/zip_archive.h>
+#include "android-base/off64_t.h"
class ZipArchiveStreamEntry {
public:
@@ -43,5 +44,3 @@
off64_t offset_ = 0;
uint32_t crc32_ = 0u;
};
-
-#endif // LIBZIPARCHIVE_ZIPARCHIVESTREAMENTRY_H_
diff --git a/libziparchive/include/ziparchive/zip_writer.h b/libziparchive/include/ziparchive/zip_writer.h
index 6e4ca62..f6c8427 100644
--- a/libziparchive/include/ziparchive/zip_writer.h
+++ b/libziparchive/include/ziparchive/zip_writer.h
@@ -24,6 +24,7 @@
#include <vector>
#include "android-base/macros.h"
+#include "android-base/off64_t.h"
struct z_stream_s;
typedef struct z_stream_s z_stream;
diff --git a/libziparchive/zip_archive.cc b/libziparchive/zip_archive.cc
index 9d6d919..9eb7f2c 100644
--- a/libziparchive/zip_archive.cc
+++ b/libziparchive/zip_archive.cc
@@ -34,6 +34,10 @@
#include <memory>
#include <vector>
+#if defined(__APPLE__)
+#define lseek64 lseek
+#endif
+
#if defined(__BIONIC__)
#include <android/fdsan.h>
#endif
diff --git a/libziparchive/zip_archive_test.cc b/libziparchive/zip_archive_test.cc
index af9f4c8..0ea7d5d 100644
--- a/libziparchive/zip_archive_test.cc
+++ b/libziparchive/zip_archive_test.cc
@@ -348,7 +348,7 @@
// Read the file back to a buffer and make sure the contents are
// the same as the memory buffer we extracted directly to.
std::vector<uint8_t> file_contents(kAbUncompressedSize);
- ASSERT_EQ(0, lseek64(tmp_output_file.fd, 0, SEEK_SET));
+ ASSERT_EQ(0, lseek(tmp_output_file.fd, 0, SEEK_SET));
ASSERT_TRUE(android::base::ReadFully(tmp_output_file.fd, &file_contents[0], file_contents.size()));
ASSERT_EQ(file_contents, buffer);
@@ -392,7 +392,7 @@
// Assert that the first 8 bytes of the file haven't been clobbered.
uint8_t read_buffer[data_size];
- ASSERT_EQ(0, lseek64(tmp_file.fd, 0, SEEK_SET));
+ ASSERT_EQ(0, lseek(tmp_file.fd, 0, SEEK_SET));
ASSERT_TRUE(android::base::ReadFully(tmp_file.fd, read_buffer, data_size));
ASSERT_EQ(0, memcmp(read_buffer, data, data_size));
@@ -404,7 +404,7 @@
// Assert that the total length of the file is sane
ASSERT_EQ(static_cast<ssize_t>(data_size + kATxtContents.size()),
- lseek64(tmp_file.fd, 0, SEEK_END));
+ lseek(tmp_file.fd, 0, SEEK_END));
}
#if !defined(_WIN32)