Merge "init: allow services to have no capabilities set"
diff --git a/fs_mgr/fs_mgr_fstab.cpp b/fs_mgr/fs_mgr_fstab.cpp
index 9a8ad56..4d44fcf 100644
--- a/fs_mgr/fs_mgr_fstab.cpp
+++ b/fs_mgr/fs_mgr_fstab.cpp
@@ -176,6 +176,7 @@
void ParseFsMgrFlags(const std::string& flags, FstabEntry* entry) {
for (const auto& flag : Split(flags, ",")) {
+ if (flag.empty() || flag == "defaults") continue;
std::string arg;
if (auto equal_sign = flag.find('='); equal_sign != std::string::npos) {
arg = flag.substr(equal_sign + 1);
diff --git a/fs_mgr/fs_mgr_priv.h b/fs_mgr/fs_mgr_priv.h
index 83e5d7b..166c32b 100644
--- a/fs_mgr/fs_mgr_priv.h
+++ b/fs_mgr/fs_mgr_priv.h
@@ -14,8 +14,7 @@
* limitations under the License.
*/
-#ifndef __CORE_FS_MGR_PRIV_H
-#define __CORE_FS_MGR_PRIV_H
+#pragma once
#include <chrono>
#include <string>
@@ -85,53 +84,6 @@
*
*/
-// clang-format off
-#define MF_WAIT 0x1
-#define MF_CHECK 0x2
-#define MF_CRYPT 0x4
-#define MF_NONREMOVABLE 0x8
-#define MF_VOLDMANAGED 0x10
-#define MF_LENGTH 0x20
-#define MF_RECOVERYONLY 0x40
-#define MF_SWAPPRIO 0x80
-#define MF_ZRAMSIZE 0x100
-#define MF_VERIFY 0x200
-#define MF_FORCECRYPT 0x400
-#define MF_NOEMULATEDSD 0x800 /* no emulated sdcard daemon, sd card is the only
- external storage */
-#define MF_NOTRIM 0x1000
-#define MF_FILEENCRYPTION 0x2000
-#define MF_FORMATTABLE 0x4000
-#define MF_SLOTSELECT 0x8000
-#define MF_FORCEFDEORFBE 0x10000
-#define MF_LATEMOUNT 0x20000
-#define MF_NOFAIL 0x40000
-#define MF_VERIFYATBOOT 0x80000
-#define MF_MAX_COMP_STREAMS 0x100000
-#define MF_RESERVEDSIZE 0x200000
-#define MF_QUOTA 0x400000
-#define MF_ERASEBLKSIZE 0x800000
-#define MF_LOGICALBLKSIZE 0X1000000
-#define MF_AVB 0X2000000
-#define MF_KEYDIRECTORY 0X4000000
-#define MF_SYSFS 0X8000000
-#define MF_LOGICAL 0x10000000
-#define MF_CHECKPOINT_BLK 0x20000000
-#define MF_CHECKPOINT_FS 0x40000000
-#define MF_FIRST_STAGE_MOUNT \
- 0x80000000
-#define MF_SLOTSELECT_OTHER \
- 0x100000000
-#define MF_ZRAM_LOOPBACK_PATH \
- 0x200000000
-#define MF_ZRAM_LOOPBACK_SIZE \
- 0x400000000
-#define MF_ZRAM_BACKING_DEV_PATH \
- 0x800000000
-#define MF_FS_VERITY \
- 0x1000000000
-// clang-format on
-
#define DM_BUF_SIZE 4096
using namespace std::chrono_literals;
@@ -148,5 +100,3 @@
const std::string& get_android_dt_dir();
bool is_dt_compatible();
int load_verity_state(const android::fs_mgr::FstabEntry& entry, int* mode);
-
-#endif /* __CORE_FS_MGR_PRIV_H */
diff --git a/init/init.cpp b/init/init.cpp
index 5a3cc15..a8924f2 100644
--- a/init/init.cpp
+++ b/init/init.cpp
@@ -192,7 +192,8 @@
if (waiting_for_prop) {
if (wait_prop_name == name && wait_prop_value == value) {
- LOG(INFO) << "Wait for property took " << *waiting_for_prop;
+ LOG(INFO) << "Wait for property '" << wait_prop_name << "=" << wait_prop_value
+ << "' took " << *waiting_for_prop;
ResetWaitForProp();
}
}
diff --git a/libcutils/ashmem-dev.cpp b/libcutils/ashmem-dev.cpp
index 0cc4fc0..f65dc8b 100644
--- a/libcutils/ashmem-dev.cpp
+++ b/libcutils/ashmem-dev.cpp
@@ -23,6 +23,9 @@
*/
#define LOG_TAG "ashmem"
+#ifndef __ANDROID_VNDK__
+#include <dlfcn.h>
+#endif
#include <errno.h>
#include <fcntl.h>
#include <linux/ashmem.h>
@@ -45,13 +48,46 @@
*/
static pthread_mutex_t __ashmem_lock = PTHREAD_MUTEX_INITIALIZER;
+/*
+ * We use ashmemd to enforce that apps don't open /dev/ashmem directly. Vendor
+ * code can't access system aidl services per Treble requirements. So we limit
+ * ashmemd access to the system variant of libcutils.
+ */
+#ifndef __ANDROID_VNDK__
+using openFdType = int (*)();
+
+openFdType initOpenAshmemFd() {
+ openFdType openFd = nullptr;
+ void* handle = dlopen("libashmemd_client.so", RTLD_NOW);
+ if (!handle) {
+ ALOGE("Failed to dlopen() libashmemd_client.so: %s", dlerror());
+ return openFd;
+ }
+
+ openFd = reinterpret_cast<openFdType>(dlsym(handle, "openAshmemdFd"));
+ if (!openFd) {
+ ALOGE("Failed to dlsym() openAshmemdFd() function: %s", dlerror());
+ }
+ return openFd;
+}
+#endif
+
/* logistics of getting file descriptor for ashmem */
static int __ashmem_open_locked()
{
int ret;
struct stat st;
- int fd = TEMP_FAILURE_RETRY(open(ASHMEM_DEVICE, O_RDWR | O_CLOEXEC));
+ int fd = -1;
+#ifndef __ANDROID_VNDK__
+ static auto openFd = initOpenAshmemFd();
+ if (openFd) {
+ fd = openFd();
+ }
+#endif
+ if (fd < 0) {
+ fd = TEMP_FAILURE_RETRY(open(ASHMEM_DEVICE, O_RDWR | O_CLOEXEC));
+ }
if (fd < 0) {
return fd;
}
diff --git a/libprocessgroup/task_profiles.cpp b/libprocessgroup/task_profiles.cpp
index ec6cbbc..447852d 100644
--- a/libprocessgroup/task_profiles.cpp
+++ b/libprocessgroup/task_profiles.cpp
@@ -132,6 +132,7 @@
SetCgroupAction::SetCgroupAction(const CgroupController* c, const std::string& p)
: controller_(c), path_(p) {
+#ifdef CACHE_FILE_DESCRIPTORS
// cache file descriptor only if path is app independent
if (IsAppDependentPath(path_)) {
// file descriptor is not cached
@@ -155,6 +156,7 @@
}
fd_ = std::move(fd);
+#endif
}
bool SetCgroupAction::AddTidToCgroup(int tid, int fd) {
@@ -176,6 +178,7 @@
}
bool SetCgroupAction::ExecuteForProcess(uid_t uid, pid_t pid) const {
+#ifdef CACHE_FILE_DESCRIPTORS
if (fd_ >= 0) {
// fd is cached, reuse it
if (!AddTidToCgroup(pid, fd_)) {
@@ -203,9 +206,24 @@
}
return true;
+#else
+ std::string procs_path = controller_->GetProcsFilePath(path_.c_str(), uid, pid);
+ unique_fd tmp_fd(TEMP_FAILURE_RETRY(open(procs_path.c_str(), O_WRONLY | O_CLOEXEC)));
+ if (tmp_fd < 0) {
+ // no permissions to access the file, ignore
+ return true;
+ }
+ if (!AddTidToCgroup(pid, tmp_fd)) {
+ PLOG(ERROR) << "Failed to add task into cgroup";
+ return false;
+ }
+
+ return true;
+#endif
}
bool SetCgroupAction::ExecuteForTask(int tid) const {
+#ifdef CACHE_FILE_DESCRIPTORS
if (fd_ >= 0) {
// fd is cached, reuse it
if (!AddTidToCgroup(tid, fd_)) {
@@ -223,6 +241,20 @@
// application-dependent path can't be used with tid
PLOG(ERROR) << "Application profile can't be applied to a thread";
return false;
+#else
+ std::string tasks_path = controller_->GetTasksFilePath(path_.c_str());
+ unique_fd tmp_fd(TEMP_FAILURE_RETRY(open(tasks_path.c_str(), O_WRONLY | O_CLOEXEC)));
+ if (tmp_fd < 0) {
+ // no permissions to access the file, ignore
+ return true;
+ }
+ if (!AddTidToCgroup(tid, tmp_fd)) {
+ PLOG(ERROR) << "Failed to add task into cgroup";
+ return false;
+ }
+
+ return true;
+#endif
}
bool TaskProfile::ExecuteForProcess(uid_t uid, pid_t pid) const {
diff --git a/libprocessgroup/task_profiles.h b/libprocessgroup/task_profiles.h
index 83e74b2..b2e39f9 100644
--- a/libprocessgroup/task_profiles.h
+++ b/libprocessgroup/task_profiles.h
@@ -117,7 +117,9 @@
private:
const CgroupController* controller_;
std::string path_;
+#ifdef CACHE_FILE_DESCRIPTORS
android::base::unique_fd fd_;
+#endif
static bool IsAppDependentPath(const std::string& path);
static bool AddTidToCgroup(int tid, int fd);
diff --git a/rootdir/init.rc b/rootdir/init.rc
index c6e2116..59ed47a 100644
--- a/rootdir/init.rc
+++ b/rootdir/init.rc
@@ -531,6 +531,9 @@
mkdir /data/anr 0775 system system
mkdir /data/apex 0750 root system
+ mkdir /data/apex/active 0750 root system
+ mkdir /data/apex/backup 0700 root system
+ mkdir /data/apex/sessions 0700 root system
mkdir /data/staging 0750 system system
# NFC: create data/nfc for nv storage