Merge "adb: improve CHECKs."
diff --git a/adb/file_sync_service.cpp b/adb/file_sync_service.cpp
index 2acf661..3448ee0 100644
--- a/adb/file_sync_service.cpp
+++ b/adb/file_sync_service.cpp
@@ -283,25 +283,25 @@
// reading and throwing away ID_DATA packets until the other side notices
// that we've reported an error.
while (true) {
- if (!ReadFdExactly(s, &msg.data, sizeof(msg.data))) goto fail;
+ if (!ReadFdExactly(s, &msg.data, sizeof(msg.data))) break;
if (msg.data.id == ID_DONE) {
- goto abort;
+ break;
} else if (msg.data.id != ID_DATA) {
char id[5];
memcpy(id, &msg.data.id, sizeof(msg.data.id));
id[4] = '\0';
D("handle_send_fail received unexpected id '%s' during failure", id);
- goto abort;
+ break;
}
if (msg.data.size > buffer.size()) {
D("handle_send_fail received oversized packet of length '%u' during failure",
msg.data.size);
- goto abort;
+ break;
}
- if (!ReadFdExactly(s, &buffer[0], msg.data.size)) goto abort;
+ if (!ReadFdExactly(s, &buffer[0], msg.data.size)) break;
}
abort:
diff --git a/init/Android.bp b/init/Android.bp
index efa5a02..33dfe56 100644
--- a/init/Android.bp
+++ b/init/Android.bp
@@ -76,6 +76,7 @@
"security.cpp",
"selinux.cpp",
"service.cpp",
+ "rlimit_parser.cpp",
"tokenizer.cpp",
"uevent_listener.cpp",
"ueventd_parser.cpp",
@@ -163,6 +164,7 @@
"init_test.cpp",
"property_service_test.cpp",
"result_test.cpp",
+ "rlimit_parser_test.cpp",
"service_test.cpp",
"ueventd_test.cpp",
"util_test.cpp",
diff --git a/init/README.md b/init/README.md
index 0ea00fb..b681f21 100644
--- a/init/README.md
+++ b/init/README.md
@@ -216,6 +216,12 @@
http://man7.org/linux/man-pages/man7/capabilities.7.html for a list of Linux
capabilities.
+`setrlimit <resource> <cur> <max>`
+> This applies the given rlimit to the service. rlimits are inherited by child
+ processes, so this effectively applies the given rlimit to the process tree
+ started by this service.
+ It is parsed similarly to the setrlimit command specified below.
+
`seclabel <seclabel>`
> Change to 'seclabel' before exec'ing this service.
Primarily for use by services run from the rootfs, e.g. ueventd, adbd.
@@ -455,7 +461,11 @@
within _value_.
`setrlimit <resource> <cur> <max>`
-> Set the rlimit for a resource.
+> Set the rlimit for a resource. This applies to all processes launched after
+ the limit is set. It is intended to be set early in init and applied globally.
+ _resource_ is best specified using its text representation ('cpu', 'rtio', etc
+ or 'RLIM_CPU', 'RLIM_RTIO', etc). It also may be specified as the int value
+ that the resource enum corresponds to.
`start <service>`
> Start a service running if it is not already running.
diff --git a/init/builtins.cpp b/init/builtins.cpp
index 54ccf09..e2e3d93 100644
--- a/init/builtins.cpp
+++ b/init/builtins.cpp
@@ -63,6 +63,7 @@
#include "parser.h"
#include "property_service.h"
#include "reboot.h"
+#include "rlimit_parser.h"
#include "service.h"
#include "signal_handler.h"
#include "util.h"
@@ -563,20 +564,10 @@
}
static Result<Success> do_setrlimit(const std::vector<std::string>& args) {
- int resource;
- if (!android::base::ParseInt(args[1], &resource)) {
- return Error() << "unable to parse resource, " << args[1];
- }
+ auto rlimit = ParseRlimit(args);
+ if (!rlimit) return rlimit.error();
- struct rlimit limit;
- if (!android::base::ParseUint(args[2], &limit.rlim_cur)) {
- return Error() << "unable to parse rlim_cur, " << args[2];
- }
- if (!android::base::ParseUint(args[3], &limit.rlim_max)) {
- return Error() << "unable to parse rlim_max, " << args[3];
- }
-
- if (setrlimit(resource, &limit) == -1) {
+ if (setrlimit(rlimit->first, &rlimit->second) == -1) {
return ErrnoError() << "setrlimit failed";
}
return Success();
diff --git a/init/init.cpp b/init/init.cpp
index e1bd3a2..678f49f 100644
--- a/init/init.cpp
+++ b/init/init.cpp
@@ -177,7 +177,9 @@
auto restart_time = s->time_started() + 5s;
if (boot_clock::now() > restart_time) {
- s->Start();
+ if (auto result = s->Start(); !result) {
+ LOG(ERROR) << "Could not restart process '" << s->name() << "': " << result.error();
+ }
} else {
if (!next_process_restart_time || restart_time < *next_process_restart_time) {
next_process_restart_time = restart_time;
@@ -195,7 +197,9 @@
}
if (msg == "start") {
- svc->Start();
+ if (auto result = svc->Start(); !result) {
+ LOG(ERROR) << "Could not ctl.start service '" << name << "': " << result.error();
+ }
} else if (msg == "stop") {
svc->Stop();
} else if (msg == "restart") {
@@ -354,7 +358,7 @@
}
}
-static void install_reboot_signal_handlers() {
+static void InstallRebootSignalHandlers() {
// Instead of panic'ing the kernel as is the default behavior when init crashes,
// we prefer to reboot to bootloader on development builds, as this will prevent
// boot looping bad configurations and allow both developers and test farms to easily
@@ -362,7 +366,13 @@
struct sigaction action;
memset(&action, 0, sizeof(action));
sigfillset(&action.sa_mask);
- action.sa_handler = [](int) {
+ action.sa_handler = [](int signal) {
+ // These signal handlers are also caught for processes forked from init, however we do not
+ // want them to trigger reboot, so we directly call _exit() for children processes here.
+ if (getpid() != 1) {
+ _exit(signal);
+ }
+
// Calling DoReboot() or LOG(FATAL) is not a good option as this is a signal handler.
// RebootSystem uses syscall() which isn't actually async-signal-safe, but our only option
// and probably good enough given this is already an error case and only enabled for
@@ -392,7 +402,7 @@
}
if (REBOOT_BOOTLOADER_ON_PANIC) {
- install_reboot_signal_handlers();
+ InstallRebootSignalHandlers();
}
bool is_first_stage = (getenv("INIT_SECOND_STAGE") == nullptr);
diff --git a/init/keychords.cpp b/init/keychords.cpp
index 2ef0ce7..e686ce1 100644
--- a/init/keychords.cpp
+++ b/init/keychords.cpp
@@ -81,8 +81,11 @@
if (adb_enabled == "running") {
Service* svc = ServiceList::GetInstance().FindService(id, &Service::keychord_id);
if (svc) {
- LOG(INFO) << "Starting service " << svc->name() << " from keychord " << id;
- svc->Start();
+ LOG(INFO) << "Starting service '" << svc->name() << "' from keychord " << id;
+ if (auto result = svc->Start(); !result) {
+ LOG(ERROR) << "Could not start service '" << svc->name() << "' from keychord " << id
+ << ": " << result.error();
+ }
} else {
LOG(ERROR) << "Service for keychord " << id << " not found";
}
diff --git a/init/log.cpp b/init/log.cpp
index 391bc1f..6198fc2 100644
--- a/init/log.cpp
+++ b/init/log.cpp
@@ -19,6 +19,7 @@
#include <fcntl.h>
#include <linux/audit.h>
#include <string.h>
+#include <unistd.h>
#include <android-base/logging.h>
#include <cutils/android_reboot.h>
@@ -29,7 +30,14 @@
namespace android {
namespace init {
-static void RebootAborter(const char* abort_message) {
+static void InitAborter(const char* abort_message) {
+ // When init forks, it continues to use this aborter for LOG(FATAL), but we want children to
+ // simply abort instead of trying to reboot the system.
+ if (getpid() != 1) {
+ android::base::DefaultAborter(abort_message);
+ return;
+ }
+
// DoReboot() does a lot to try to shutdown the system cleanly. If something happens to call
// LOG(FATAL) in the shutdown path, we want to catch this and immediately use the syscall to
// reboot instead of recursing here.
@@ -49,7 +57,7 @@
int fd = open("/sys/fs/selinux/null", O_RDWR);
if (fd == -1) {
int saved_errno = errno;
- android::base::InitLogging(argv, &android::base::KernelLogger, RebootAborter);
+ android::base::InitLogging(argv, &android::base::KernelLogger, InitAborter);
errno = saved_errno;
PLOG(FATAL) << "Couldn't open /sys/fs/selinux/null";
}
@@ -58,7 +66,7 @@
dup2(fd, 2);
if (fd > 2) close(fd);
- android::base::InitLogging(argv, &android::base::KernelLogger, RebootAborter);
+ android::base::InitLogging(argv, &android::base::KernelLogger, InitAborter);
}
int selinux_klog_callback(int type, const char *fmt, ...) {
diff --git a/init/reboot.cpp b/init/reboot.cpp
index 97a8ddd..891ca03 100644
--- a/init/reboot.cpp
+++ b/init/reboot.cpp
@@ -374,10 +374,17 @@
if (kill_after_apps.count(s->name())) {
s->SetShutdownCritical();
} else if (to_starts.count(s->name())) {
- s->Start();
+ if (auto result = s->Start(); !result) {
+ LOG(ERROR) << "Could not start shutdown 'to_start' service '" << s->name()
+ << "': " << result.error();
+ }
s->SetShutdownCritical();
} else if (s->IsShutdownCritical()) {
- s->Start(); // start shutdown critical service if not started
+ // Start shutdown critical service if not started.
+ if (auto result = s->Start(); !result) {
+ LOG(ERROR) << "Could not start shutdown critical service '" << s->name()
+ << "': " << result.error();
+ }
}
}
diff --git a/init/rlimit_parser.cpp b/init/rlimit_parser.cpp
new file mode 100644
index 0000000..fe1d6a7
--- /dev/null
+++ b/init/rlimit_parser.cpp
@@ -0,0 +1,78 @@
+/*
+ * Copyright (C) 2017 The Android Open Source Project
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+#include "rlimit_parser.h"
+
+#include <android-base/parseint.h>
+#include <android-base/strings.h>
+
+using android::base::EqualsIgnoreCase;
+using android::base::ParseInt;
+using android::base::ParseUint;
+using android::base::StartsWith;
+
+namespace android {
+namespace init {
+
+// Builtins and service definitions both have their arguments start at 1 and finish at 3.
+Result<std::pair<int, rlimit>> ParseRlimit(const std::vector<std::string>& args) {
+ static const std::vector<std::pair<const char*, int>> text_to_resources = {
+ {"cpu", 0}, {"fsize", 1}, {"data", 2}, {"stack", 3},
+ {"core", 4}, {"rss", 5}, {"nproc", 6}, {"nofile", 7},
+ {"memlock", 8}, {"as", 9}, {"locks", 10}, {"sigpending", 11},
+ {"msgqueue", 12}, {"nice", 13}, {"rtprio", 14}, {"rttime", 15},
+ };
+
+ int resource;
+
+ if (ParseInt(args[1], &resource)) {
+ if (resource >= RLIM_NLIMITS) {
+ return Error() << "Resource '" << args[1] << "' over the maximum resource value '"
+ << RLIM_NLIMITS << "'";
+ } else if (resource < 0) {
+ return Error() << "Resource '" << args[1] << "' below the minimum resource value '0'";
+ }
+ } else {
+ std::string resource_string;
+ if (StartsWith(args[1], "RLIM_")) {
+ resource_string = args[1].substr(5);
+ } else {
+ resource_string = args[1];
+ }
+
+ auto it = std::find_if(text_to_resources.begin(), text_to_resources.end(),
+ [&resource_string](const auto& entry) {
+ return EqualsIgnoreCase(resource_string, entry.first);
+ });
+ if (it == text_to_resources.end()) {
+ return Error() << "Could not parse resource '" << args[1] << "'";
+ }
+
+ resource = it->second;
+ }
+
+ rlimit limit;
+ if (!ParseUint(args[2], &limit.rlim_cur)) {
+ return Error() << "Could not parse soft limit '" << args[2] << "'";
+ }
+ if (!ParseUint(args[3], &limit.rlim_max)) {
+ return Error() << "Could not parse hard limit '" << args[3] << "'";
+ }
+ return {resource, limit};
+}
+
+} // namespace init
+} // namespace android
diff --git a/init/rlimit_parser.h b/init/rlimit_parser.h
new file mode 100644
index 0000000..0396463
--- /dev/null
+++ b/init/rlimit_parser.h
@@ -0,0 +1,35 @@
+/*
+ * Copyright (C) 2017 The Android Open Source Project
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+#ifndef _INIT_RLIMIT_PARSER_H
+#define _INIT_RLIMIT_PARSER_H
+
+#include <sys/resource.h>
+
+#include <string>
+#include <vector>
+
+#include "result.h"
+
+namespace android {
+namespace init {
+
+Result<std::pair<int, rlimit>> ParseRlimit(const std::vector<std::string>& args);
+
+} // namespace init
+} // namespace android
+
+#endif
diff --git a/init/rlimit_parser_test.cpp b/init/rlimit_parser_test.cpp
new file mode 100644
index 0000000..f3f9eb4
--- /dev/null
+++ b/init/rlimit_parser_test.cpp
@@ -0,0 +1,126 @@
+/*
+ * Copyright (C) 2017 The Android Open Source Project
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+#include "rlimit_parser.h"
+
+#include <iostream>
+
+#include <gtest/gtest.h>
+
+namespace android {
+namespace init {
+
+void TestRlimitSuccess(std::vector<std::string> input,
+ const std::pair<int, rlimit>& expected_result) {
+ input.emplace(input.begin(), "");
+ ASSERT_EQ(4U, input.size());
+ auto result = ParseRlimit(input);
+
+ ASSERT_TRUE(result) << "input: " << input[1];
+ const auto& [resource, rlimit] = *result;
+ const auto& [expected_resource, expected_rlimit] = expected_result;
+ EXPECT_EQ(expected_resource, resource);
+ EXPECT_EQ(expected_rlimit.rlim_cur, rlimit.rlim_cur);
+ EXPECT_EQ(expected_rlimit.rlim_max, rlimit.rlim_max);
+}
+
+void TestRlimitFailure(std::vector<std::string> input, const std::string& expected_result) {
+ input.emplace(input.begin(), "");
+ ASSERT_EQ(4U, input.size());
+ auto result = ParseRlimit(input);
+
+ ASSERT_FALSE(result) << "input: " << input[1];
+ EXPECT_EQ(expected_result, result.error_string());
+ EXPECT_EQ(0, result.error_errno());
+}
+
+TEST(rlimit, RlimitSuccess) {
+ const std::vector<std::pair<std::vector<std::string>, std::pair<int, rlimit>>>
+ inputs_and_results = {
+ {{"cpu", "10", "10"}, {0, {10, 10}}},
+ {{"fsize", "10", "10"}, {1, {10, 10}}},
+ {{"data", "10", "10"}, {2, {10, 10}}},
+ {{"stack", "10", "10"}, {3, {10, 10}}},
+ {{"core", "10", "10"}, {4, {10, 10}}},
+ {{"rss", "10", "10"}, {5, {10, 10}}},
+ {{"nproc", "10", "10"}, {6, {10, 10}}},
+ {{"nofile", "10", "10"}, {7, {10, 10}}},
+ {{"memlock", "10", "10"}, {8, {10, 10}}},
+ {{"as", "10", "10"}, {9, {10, 10}}},
+ {{"locks", "10", "10"}, {10, {10, 10}}},
+ {{"sigpending", "10", "10"}, {11, {10, 10}}},
+ {{"msgqueue", "10", "10"}, {12, {10, 10}}},
+ {{"nice", "10", "10"}, {13, {10, 10}}},
+ {{"rtprio", "10", "10"}, {14, {10, 10}}},
+ {{"rttime", "10", "10"}, {15, {10, 10}}},
+
+ {{"RLIM_CPU", "10", "10"}, {0, {10, 10}}},
+ {{"RLIM_FSIZE", "10", "10"}, {1, {10, 10}}},
+ {{"RLIM_DATA", "10", "10"}, {2, {10, 10}}},
+ {{"RLIM_STACK", "10", "10"}, {3, {10, 10}}},
+ {{"RLIM_CORE", "10", "10"}, {4, {10, 10}}},
+ {{"RLIM_RSS", "10", "10"}, {5, {10, 10}}},
+ {{"RLIM_NPROC", "10", "10"}, {6, {10, 10}}},
+ {{"RLIM_NOFILE", "10", "10"}, {7, {10, 10}}},
+ {{"RLIM_MEMLOCK", "10", "10"}, {8, {10, 10}}},
+ {{"RLIM_AS", "10", "10"}, {9, {10, 10}}},
+ {{"RLIM_LOCKS", "10", "10"}, {10, {10, 10}}},
+ {{"RLIM_SIGPENDING", "10", "10"}, {11, {10, 10}}},
+ {{"RLIM_MSGQUEUE", "10", "10"}, {12, {10, 10}}},
+ {{"RLIM_NICE", "10", "10"}, {13, {10, 10}}},
+ {{"RLIM_RTPRIO", "10", "10"}, {14, {10, 10}}},
+ {{"RLIM_RTTIME", "10", "10"}, {15, {10, 10}}},
+
+ {{"0", "10", "10"}, {0, {10, 10}}},
+ {{"1", "10", "10"}, {1, {10, 10}}},
+ {{"2", "10", "10"}, {2, {10, 10}}},
+ {{"3", "10", "10"}, {3, {10, 10}}},
+ {{"4", "10", "10"}, {4, {10, 10}}},
+ {{"5", "10", "10"}, {5, {10, 10}}},
+ {{"6", "10", "10"}, {6, {10, 10}}},
+ {{"7", "10", "10"}, {7, {10, 10}}},
+ {{"8", "10", "10"}, {8, {10, 10}}},
+ {{"9", "10", "10"}, {9, {10, 10}}},
+ {{"10", "10", "10"}, {10, {10, 10}}},
+ {{"11", "10", "10"}, {11, {10, 10}}},
+ {{"12", "10", "10"}, {12, {10, 10}}},
+ {{"13", "10", "10"}, {13, {10, 10}}},
+ {{"14", "10", "10"}, {14, {10, 10}}},
+ {{"15", "10", "10"}, {15, {10, 10}}},
+ };
+
+ for (const auto& [input, expected_result] : inputs_and_results) {
+ TestRlimitSuccess(input, expected_result);
+ }
+}
+
+TEST(rlimit, RlimitFailure) {
+ const std::vector<std::pair<std::vector<std::string>, std::string>> inputs_and_results = {
+ {{"-4", "10", "10"}, "Resource '-4' below the minimum resource value '0'"},
+ {{"100", "10", "10"}, "Resource '100' over the maximum resource value '16'"},
+ {{"bad_string", "10", "10"}, "Could not parse resource 'bad_string'"},
+ {{"RLIM_", "10", "10"}, "Could not parse resource 'RLIM_'"},
+ {{"cpu", "abc", "10"}, "Could not parse soft limit 'abc'"},
+ {{"cpu", "10", "abc"}, "Could not parse hard limit 'abc'"},
+ };
+
+ for (const auto& [input, expected_result] : inputs_and_results) {
+ TestRlimitFailure(input, expected_result);
+ }
+}
+
+} // namespace init
+} // namespace android
diff --git a/init/service.cpp b/init/service.cpp
index dee0c3d..6f27a4b 100644
--- a/init/service.cpp
+++ b/init/service.cpp
@@ -43,6 +43,7 @@
#include "init.h"
#include "property_service.h"
+#include "rlimit_parser.h"
#include "util.h"
using android::base::boot_clock;
@@ -220,6 +221,12 @@
}
void Service::SetProcessAttributes() {
+ for (const auto& rlimit : rlimits_) {
+ if (setrlimit(rlimit.first, &rlimit.second) == -1) {
+ LOG(FATAL) << StringPrintf("setrlimit(%d, {rlim_cur=%ld, rlim_max=%ld}) failed",
+ rlimit.first, rlimit.second.rlim_cur, rlimit.second.rlim_max);
+ }
+ }
// Keep capabilites on uid change.
if (capabilities_.any() && uid_) {
// If Android is running in a container, some securebits might already
@@ -493,6 +500,14 @@
return Success();
}
+Result<Success> Service::ParseProcessRlimit(const std::vector<std::string>& args) {
+ auto rlimit = ParseRlimit(args);
+ if (!rlimit) return rlimit.error();
+
+ rlimits_.emplace_back(*rlimit);
+ return Success();
+}
+
Result<Success> Service::ParseSeclabel(const std::vector<std::string>& args) {
seclabel_ = args[1];
return Success();
@@ -613,6 +628,7 @@
{"memcg.limit_in_bytes",
{1, 1, &Service::ParseMemcgLimitInBytes}},
{"namespace", {1, 2, &Service::ParseNamespace}},
+ {"rlimit", {3, 3, &Service::ParseProcessRlimit}},
{"seclabel", {1, 1, &Service::ParseSeclabel}},
{"setenv", {2, 2, &Service::ParseSetenv}},
{"shutdown", {1, 1, &Service::ParseShutdown}},
diff --git a/init/service.h b/init/service.h
index 1f2c44f..67542ca 100644
--- a/init/service.h
+++ b/init/service.h
@@ -17,6 +17,7 @@
#ifndef _INIT_SERVICE_H
#define _INIT_SERVICE_H
+#include <sys/resource.h>
#include <sys/types.h>
#include <memory>
@@ -138,6 +139,7 @@
Result<Success> ParseMemcgSoftLimitInBytes(const std::vector<std::string>& args);
Result<Success> ParseMemcgSwappiness(const std::vector<std::string>& args);
Result<Success> ParseNamespace(const std::vector<std::string>& args);
+ Result<Success> ParseProcessRlimit(const std::vector<std::string>& args);
Result<Success> ParseSeclabel(const std::vector<std::string>& args);
Result<Success> ParseSetenv(const std::vector<std::string>& args);
Result<Success> ParseShutdown(const std::vector<std::string>& args);
@@ -195,6 +197,8 @@
unsigned long start_order_;
+ std::vector<std::pair<int, rlimit>> rlimits_;
+
std::vector<std::string> args_;
};
diff --git a/trusty/keymaster/trusty_keymaster_ipc.cpp b/trusty/keymaster/trusty_keymaster_ipc.cpp
index 54b251e..fbd0eb3 100644
--- a/trusty/keymaster/trusty_keymaster_ipc.cpp
+++ b/trusty/keymaster/trusty_keymaster_ipc.cpp
@@ -21,6 +21,7 @@
#include <errno.h>
#include <stdlib.h>
#include <string.h>
+#include <sys/uio.h>
#include <unistd.h>
#include <algorithm>