Revert \"logd: enforce policy integrity\"
am: a742d10277
Change-Id: Idb721b2ff7a57643b671b3d87cb09bb96f1ad465
diff --git a/fs_mgr/fs_mgr_fstab.c b/fs_mgr/fs_mgr_fstab.c
index 6d44e06..45adb34 100644
--- a/fs_mgr/fs_mgr_fstab.c
+++ b/fs_mgr/fs_mgr_fstab.c
@@ -32,11 +32,12 @@
int partnum;
int swap_prio;
unsigned int zram_size;
+ unsigned int file_encryption_mode;
};
struct flag_list {
const char *name;
- unsigned flag;
+ unsigned int flag;
};
static struct flag_list mount_flags[] = {
@@ -63,7 +64,7 @@
{ "check", MF_CHECK },
{ "encryptable=",MF_CRYPT },
{ "forceencrypt=",MF_FORCECRYPT },
- { "fileencryption",MF_FILEENCRYPTION },
+ { "fileencryption=",MF_FILEENCRYPTION },
{ "forcefdeorfbe=",MF_FORCEFDEORFBE },
{ "nonremovable",MF_NONREMOVABLE },
{ "voldmanaged=",MF_VOLDMANAGED},
@@ -81,6 +82,15 @@
{ 0, 0 },
};
+#define EM_SOFTWARE 1
+#define EM_ICE 2
+
+static struct flag_list encryption_modes[] = {
+ {"software", EM_SOFTWARE},
+ {"ice", EM_ICE},
+ {0, 0}
+};
+
static uint64_t calculate_zram_size(unsigned int percentage)
{
uint64_t total;
@@ -147,6 +157,21 @@
* location of the keys. Get it and return it.
*/
flag_vals->key_loc = strdup(strchr(p, '=') + 1);
+ flag_vals->file_encryption_mode = EM_SOFTWARE;
+ } else if ((fl[i].flag == MF_FILEENCRYPTION) && flag_vals) {
+ /* The fileencryption flag is followed by an = and the
+ * type of the encryption. Get it and return it.
+ */
+ const struct flag_list *j;
+ const char *mode = strchr(p, '=') + 1;
+ for (j = encryption_modes; j->name; ++j) {
+ if (!strcmp(mode, j->name)) {
+ flag_vals->file_encryption_mode = j->flag;
+ }
+ }
+ if (flag_vals->file_encryption_mode == 0) {
+ ERROR("Unknown file encryption mode: %s\n", mode);
+ }
} else if ((fl[i].flag == MF_LENGTH) && flag_vals) {
/* The length flag is followed by an = and the
* size of the partition. Get it and return it.
@@ -337,6 +362,7 @@
fstab->recs[cnt].partnum = flag_vals.partnum;
fstab->recs[cnt].swap_prio = flag_vals.swap_prio;
fstab->recs[cnt].zram_size = flag_vals.zram_size;
+ fstab->recs[cnt].file_encryption_mode = flag_vals.file_encryption_mode;
cnt++;
}
/* If an A/B partition, modify block device to be the real block device */
@@ -479,6 +505,17 @@
return fstab->fs_mgr_flags & MF_FILEENCRYPTION;
}
+const char* fs_mgr_get_file_encryption_mode(const struct fstab_rec *fstab)
+{
+ const struct flag_list *j;
+ for (j = encryption_modes; j->name; ++j) {
+ if (fstab->file_encryption_mode == j->flag) {
+ return j->name;
+ }
+ }
+ return NULL;
+}
+
int fs_mgr_is_convertible_to_fbe(const struct fstab_rec *fstab)
{
return fstab->fs_mgr_flags & MF_FORCEFDEORFBE;
diff --git a/fs_mgr/fs_mgr_verity.cpp b/fs_mgr/fs_mgr_verity.cpp
index 719096f..4c6e071 100644
--- a/fs_mgr/fs_mgr_verity.cpp
+++ b/fs_mgr/fs_mgr_verity.cpp
@@ -30,7 +30,7 @@
#include <time.h>
#include <android-base/file.h>
-#include <private/android_filesystem_config.h>
+#include <android-base/strings.h>
#include <cutils/properties.h>
#include <logwrap/logwrap.h>
@@ -229,7 +229,7 @@
}
struct verity_table_params {
- const char *table;
+ char *table;
int mode;
struct fec_ecc_metadata ecc;
const char *ecc_dev;
@@ -861,15 +861,42 @@
return rc;
}
+static void update_verity_table_blk_device(char *blk_device, char **table)
+{
+ std::string result, word;
+ auto tokens = android::base::Split(*table, " ");
+
+ for (const auto token : tokens) {
+ if (android::base::StartsWith(token, "/dev/block/") &&
+ android::base::StartsWith(blk_device, token.c_str())) {
+ word = blk_device;
+ } else {
+ word = token;
+ }
+
+ if (result.empty()) {
+ result = word;
+ } else {
+ result += " " + word;
+ }
+ }
+
+ if (result.empty()) {
+ return;
+ }
+
+ free(*table);
+ *table = strdup(result.c_str());
+}
+
int fs_mgr_setup_verity(struct fstab_rec *fstab)
{
int retval = FS_MGR_SETUP_VERITY_FAIL;
int fd = -1;
- char *invalid_table = NULL;
char *verity_blk_name = NULL;
struct fec_handle *f = NULL;
struct fec_verity_metadata verity;
- struct verity_table_params params;
+ struct verity_table_params params = { .table = NULL };
alignas(dm_ioctl) char buffer[DM_BUF_SIZE];
struct dm_ioctl *io = (struct dm_ioctl *) buffer;
@@ -930,6 +957,15 @@
params.mode = VERITY_MODE_EIO;
}
+ if (!verity.table) {
+ goto out;
+ }
+
+ params.table = strdup(verity.table);
+ if (!params.table) {
+ goto out;
+ }
+
// verify the signature on the table
if (verify_verity_signature(verity) < 0) {
if (params.mode == VERITY_MODE_LOGGING) {
@@ -939,20 +975,18 @@
}
// invalidate root hash and salt to trigger device-specific recovery
- invalid_table = strdup(verity.table);
-
- if (!invalid_table ||
- invalidate_table(invalid_table, verity.table_length) < 0) {
+ if (invalidate_table(params.table, verity.table_length) < 0) {
goto out;
}
-
- params.table = invalid_table;
- } else {
- params.table = verity.table;
}
INFO("Enabling dm-verity for %s (mode %d)\n", mount_point, params.mode);
+ if (fstab->fs_mgr_flags & MF_SLOTSELECT) {
+ // Update the verity params using the actual block device path
+ update_verity_table_blk_device(fstab->blk_device, ¶ms.table);
+ }
+
// load the verity mapping table
if (load_verity_table(io, mount_point, verity.data_size, fd, ¶ms,
format_verity_table) == 0) {
@@ -1018,7 +1052,7 @@
}
fec_close(f);
- free(invalid_table);
+ free(params.table);
free(verity_blk_name);
return retval;
diff --git a/fs_mgr/include/fs_mgr.h b/fs_mgr/include/fs_mgr.h
index 6f4580e..46d8f97 100644
--- a/fs_mgr/include/fs_mgr.h
+++ b/fs_mgr/include/fs_mgr.h
@@ -65,6 +65,7 @@
int partnum;
int swap_prio;
unsigned int zram_size;
+ unsigned int file_encryption_mode;
};
// Callback function for verity status
@@ -85,6 +86,7 @@
#define FS_MGR_DOMNT_FAILED -1
#define FS_MGR_DOMNT_BUSY -2
+
int fs_mgr_do_mount(struct fstab *fstab, char *n_name, char *n_blk_device,
char *tmp_mount_point);
int fs_mgr_do_tmpfs_mount(char *n_name);
@@ -102,6 +104,7 @@
int fs_mgr_is_verified(const struct fstab_rec *fstab);
int fs_mgr_is_encryptable(const struct fstab_rec *fstab);
int fs_mgr_is_file_encrypted(const struct fstab_rec *fstab);
+const char* fs_mgr_get_file_encryption_mode(const struct fstab_rec *fstab);
int fs_mgr_is_convertible_to_fbe(const struct fstab_rec *fstab);
int fs_mgr_is_noemulatedsd(const struct fstab_rec *fstab);
int fs_mgr_is_notrim(struct fstab_rec *fstab);
diff --git a/include/system/graphics.h b/include/system/graphics.h
index a9e451f..1ac1a00 100644
--- a/include/system/graphics.h
+++ b/include/system/graphics.h
@@ -477,6 +477,102 @@
uint32_t reserved[8];
};
+/*
+ * Structures for describing flexible YUVA/RGBA formats for consumption by
+ * applications. Such flexible formats contain a plane for each component (e.g.
+ * red, green, blue), where each plane is laid out in a grid-like pattern
+ * occupying unique byte addresses and with consistent byte offsets between
+ * neighboring pixels.
+ *
+ * The android_flex_layout structure is used with any pixel format that can be
+ * represented by it, such as:
+ * - HAL_PIXEL_FORMAT_YCbCr_*_888
+ * - HAL_PIXEL_FORMAT_FLEX_RGB*_888
+ * - HAL_PIXEL_FORMAT_RGB[AX]_888[8],BGRA_8888,RGB_888
+ * - HAL_PIXEL_FORMAT_YV12,Y8,Y16,YCbCr_422_SP/I,YCrCb_420_SP
+ * - even implementation defined formats that can be represented by
+ * the structures
+ *
+ * Vertical increment (aka. row increment or stride) describes the distance in
+ * bytes from the first pixel of one row to the first pixel of the next row
+ * (below) for the component plane. This can be negative.
+ *
+ * Horizontal increment (aka. column or pixel increment) describes the distance
+ * in bytes from one pixel to the next pixel (to the right) on the same row for
+ * the component plane. This can be negative.
+ *
+ * Each plane can be subsampled either vertically or horizontally by
+ * a power-of-two factor.
+ *
+ * The bit-depth of each component can be arbitrary, as long as the pixels are
+ * laid out on whole bytes, in native byte-order, using the most significant
+ * bits of each unit.
+ */
+
+typedef enum android_flex_component {
+ /* luma */
+ FLEX_COMPONENT_Y = 1 << 0,
+ /* chroma blue */
+ FLEX_COMPONENT_Cb = 1 << 1,
+ /* chroma red */
+ FLEX_COMPONENT_Cr = 1 << 2,
+
+ /* red */
+ FLEX_COMPONENT_R = 1 << 10,
+ /* green */
+ FLEX_COMPONENT_G = 1 << 11,
+ /* blue */
+ FLEX_COMPONENT_B = 1 << 12,
+
+ /* alpha */
+ FLEX_COMPONENT_A = 1 << 30,
+} android_flex_component_t;
+
+typedef struct android_flex_plane {
+ /* pointer to the first byte of the top-left pixel of the plane. */
+ uint8_t *top_left;
+
+ android_flex_component_t component;
+
+ /* bits allocated for the component in each pixel. Must be a positive
+ multiple of 8. */
+ int32_t bits_per_component;
+ /* number of the most significant bits used in the format for this
+ component. Must be between 1 and bits_per_component, inclusive. */
+ int32_t bits_used;
+
+ /* horizontal increment */
+ int32_t h_increment;
+ /* vertical increment */
+ int32_t v_increment;
+ /* horizontal subsampling. Must be a positive power of 2. */
+ int32_t h_subsampling;
+ /* vertical subsampling. Must be a positive power of 2. */
+ int32_t v_subsampling;
+} android_flex_plane_t;
+
+typedef enum android_flex_format {
+ /* not a flexible format */
+ FLEX_FORMAT_INVALID = 0x0,
+ FLEX_FORMAT_Y = FLEX_COMPONENT_Y,
+ FLEX_FORMAT_YCbCr = FLEX_COMPONENT_Y | FLEX_COMPONENT_Cb | FLEX_COMPONENT_Cr,
+ FLEX_FORMAT_YCbCrA = FLEX_FORMAT_YCbCr | FLEX_COMPONENT_A,
+ FLEX_FORMAT_RGB = FLEX_COMPONENT_R | FLEX_COMPONENT_G | FLEX_COMPONENT_B,
+ FLEX_FORMAT_RGBA = FLEX_FORMAT_RGB | FLEX_COMPONENT_A,
+} android_flex_format_t;
+
+typedef struct android_flex_layout {
+ /* the kind of flexible format */
+ android_flex_format_t format;
+
+ /* number of planes; 0 for FLEX_FORMAT_INVALID */
+ uint32_t num_planes;
+ /* a plane for each component; ordered in increasing component value order.
+ E.g. FLEX_FORMAT_RGBA maps 0 -> R, 1 -> G, etc.
+ Can be NULL for FLEX_FORMAT_INVALID */
+ android_flex_plane_t *planes;
+} android_flex_layout_t;
+
/**
* Structure used to define depth point clouds for format HAL_PIXEL_FORMAT_BLOB
* with dataSpace value of HAL_DATASPACE_DEPTH.
diff --git a/include/system/window.h b/include/system/window.h
index b8f33ff..44bfc9b 100644
--- a/include/system/window.h
+++ b/include/system/window.h
@@ -314,6 +314,7 @@
NATIVE_WINDOW_SET_SURFACE_DAMAGE = 20, /* private */
NATIVE_WINDOW_SET_SHARED_BUFFER_MODE = 21,
NATIVE_WINDOW_SET_AUTO_REFRESH = 22,
+ NATIVE_WINDOW_GET_FRAME_TIMESTAMPS = 23,
};
/* parameter for NATIVE_WINDOW_[API_][DIS]CONNECT */
@@ -976,6 +977,18 @@
return window->perform(window, NATIVE_WINDOW_SET_AUTO_REFRESH, autoRefresh);
}
+static inline int native_window_get_frame_timestamps(
+ struct ANativeWindow* window, uint32_t framesAgo,
+ int64_t* outPostedTime, int64_t* outAcquireTime,
+ int64_t* outRefreshStartTime, int64_t* outGlCompositionDoneTime,
+ int64_t* outDisplayRetireTime, int64_t* outReleaseTime)
+{
+ return window->perform(window, NATIVE_WINDOW_GET_FRAME_TIMESTAMPS,
+ framesAgo, outPostedTime, outAcquireTime, outRefreshStartTime,
+ outGlCompositionDoneTime, outDisplayRetireTime, outReleaseTime);
+}
+
+
__END_DECLS
#endif /* SYSTEM_CORE_INCLUDE_ANDROID_WINDOW_H */
diff --git a/libcutils/sched_policy.c b/libcutils/sched_policy.c
index b399643..2b21efe 100644
--- a/libcutils/sched_policy.c
+++ b/libcutils/sched_policy.c
@@ -294,7 +294,7 @@
case SP_AUDIO_APP:
case SP_AUDIO_SYS:
fd = fg_cpuset_fd;
- boost_fd = fg_schedboost_fd;
+ boost_fd = bg_schedboost_fd;
break;
case SP_TOP_APP :
fd = ta_cpuset_fd;
diff --git a/rootdir/Android.mk b/rootdir/Android.mk
index d53af2f..fd2b8b0 100644
--- a/rootdir/Android.mk
+++ b/rootdir/Android.mk
@@ -54,7 +54,7 @@
#
# create some directories (some are mount points) and symlinks
LOCAL_POST_INSTALL_CMD := mkdir -p $(addprefix $(TARGET_ROOT_OUT)/, \
- sbin dev proc sys system data oem acct cache config storage mnt root $(BOARD_ROOT_EXTRA_FOLDERS)); \
+ sbin dev proc sys system data oem acct config storage mnt root $(BOARD_ROOT_EXTRA_FOLDERS)); \
ln -sf /system/etc $(TARGET_ROOT_OUT)/etc; \
ln -sf /sys/kernel/debug $(TARGET_ROOT_OUT)/d; \
ln -sf /storage/self/primary $(TARGET_ROOT_OUT)/sdcard
@@ -63,6 +63,11 @@
else
LOCAL_POST_INSTALL_CMD += ; ln -sf /system/vendor $(TARGET_ROOT_OUT)/vendor
endif
+ifdef BOARD_CACHEIMAGE_FILE_SYSTEM_TYPE
+ LOCAL_POST_INSTALL_CMD += ; mkdir -p $(TARGET_ROOT_OUT)/cache
+else
+ LOCAL_POST_INSTALL_CMD += ; ln -sf /data/cache $(TARGET_ROOT_OUT)/cache
+endif
ifdef BOARD_ROOT_EXTRA_SYMLINKS
# BOARD_ROOT_EXTRA_SYMLINKS is a list of <target>:<link_name>.
LOCAL_POST_INSTALL_CMD += $(foreach s, $(BOARD_ROOT_EXTRA_SYMLINKS),\
diff --git a/rootdir/init.rc b/rootdir/init.rc
index 3466dce..3da836c 100644
--- a/rootdir/init.rc
+++ b/rootdir/init.rc
@@ -396,6 +396,10 @@
# create the A/B OTA directory, so as to enforce our permissions
mkdir /data/ota 0771 root root
+ # create the OTA package directory. It will be accessed by GmsCore (cache
+ # group), update_engine and update_verifier.
+ mkdir /data/ota_package 0770 system cache
+
# create resource-cache and double-check the perms
mkdir /data/resource-cache 0771 system system
chown system system /data/resource-cache
diff --git a/rootdir/init.zygote32.rc b/rootdir/init.zygote32.rc
index 22b9d6b..b41af92 100644
--- a/rootdir/init.zygote32.rc
+++ b/rootdir/init.zygote32.rc
@@ -7,4 +7,4 @@
onrestart restart cameraserver
onrestart restart media
onrestart restart netd
- writepid /dev/cpuset/foreground/tasks /dev/stune/foreground/tasks
+ writepid /dev/cpuset/foreground/tasks
diff --git a/rootdir/init.zygote32_64.rc b/rootdir/init.zygote32_64.rc
index 555eda4..2914f07 100644
--- a/rootdir/init.zygote32_64.rc
+++ b/rootdir/init.zygote32_64.rc
@@ -7,10 +7,10 @@
onrestart restart cameraserver
onrestart restart media
onrestart restart netd
- writepid /dev/cpuset/foreground/tasks /sys/fs/cgroup/stune/foreground/tasks
+ writepid /dev/cpuset/foreground/tasks
service zygote_secondary /system/bin/app_process64 -Xzygote /system/bin --zygote --socket-name=zygote_secondary
class main
socket zygote_secondary stream 660 root system
onrestart restart zygote
- writepid /dev/cpuset/foreground/tasks /dev/stune/foreground/tasks
+ writepid /dev/cpuset/foreground/tasks
diff --git a/rootdir/init.zygote64.rc b/rootdir/init.zygote64.rc
index 297468c..2cc0966 100644
--- a/rootdir/init.zygote64.rc
+++ b/rootdir/init.zygote64.rc
@@ -7,4 +7,4 @@
onrestart restart cameraserver
onrestart restart media
onrestart restart netd
- writepid /dev/cpuset/foreground/tasks /dev/stune/foreground/tasks
+ writepid /dev/cpuset/foreground/tasks
diff --git a/rootdir/init.zygote64_32.rc b/rootdir/init.zygote64_32.rc
index 46f9f02..a422fcc 100644
--- a/rootdir/init.zygote64_32.rc
+++ b/rootdir/init.zygote64_32.rc
@@ -7,10 +7,10 @@
onrestart restart cameraserver
onrestart restart media
onrestart restart netd
- writepid /dev/cpuset/foreground/tasks /sys/fs/cgroup/stune/foreground/tasks
+ writepid /dev/cpuset/foreground/tasks
service zygote_secondary /system/bin/app_process32 -Xzygote /system/bin --zygote --socket-name=zygote_secondary
class main
socket zygote_secondary stream 660 root system
onrestart restart zygote
- writepid /dev/cpuset/foreground/tasks /dev/stune/foreground/tasks
+ writepid /dev/cpuset/foreground/tasks