Merge "fs_mgr: overlay: suppress noise associated with test mounting scratch partition"
diff --git a/adb/client/adb_client.cpp b/adb/client/adb_client.cpp
index 9fa827d..5a7bc8d 100644
--- a/adb/client/adb_client.cpp
+++ b/adb/client/adb_client.cpp
@@ -259,7 +259,7 @@
if (fd >= 0) {
std::string version_string;
if (!ReadProtocolString(fd, &version_string, error)) {
- return -1;
+ return false;
}
ReadOrderlyShutdown(fd);
diff --git a/adb/daemon/usb.cpp b/adb/daemon/usb.cpp
index f4458a2..d07a007 100644
--- a/adb/daemon/usb.cpp
+++ b/adb/daemon/usb.cpp
@@ -115,7 +115,7 @@
};
struct IoBlock {
- bool pending;
+ bool pending = false;
struct iocb control;
std::shared_ptr<Block> payload;
diff --git a/fs_mgr/liblp/builder.cpp b/fs_mgr/liblp/builder.cpp
index ebd6997..27222af 100644
--- a/fs_mgr/liblp/builder.cpp
+++ b/fs_mgr/liblp/builder.cpp
@@ -591,11 +591,25 @@
free_regions = PrioritizeSecondHalfOfSuper(free_regions);
}
- // Find gaps that we can use for new extents. Note we store new extents in a
- // temporary vector, and only commit them if we are guaranteed enough free
- // space.
+ // Note we store new extents in a temporary vector, and only commit them
+ // if we are guaranteed enough free space.
std::vector<std::unique_ptr<LinearExtent>> new_extents;
+
+ // If the last extent in the partition has a size < alignment, then the
+ // difference is unallocatable due to being misaligned. We peek for that
+ // case here to avoid wasting space.
+ if (auto extent = ExtendFinalExtent(partition, free_regions, sectors_needed)) {
+ sectors_needed -= extent->num_sectors();
+ new_extents.emplace_back(std::move(extent));
+ }
+
for (auto& region : free_regions) {
+ // Note: this comes first, since we may enter the loop not needing any
+ // more sectors.
+ if (!sectors_needed) {
+ break;
+ }
+
if (region.length() % sectors_per_block != 0) {
// This should never happen, because it would imply that we
// once allocated an extent that was not a multiple of the
@@ -613,22 +627,10 @@
}
uint64_t sectors = std::min(sectors_needed, region.length());
- if (sectors < region.length()) {
- const auto& block_device = block_devices_[region.device_index];
- if (block_device.alignment) {
- const uint64_t alignment = block_device.alignment / LP_SECTOR_SIZE;
- sectors = AlignTo(sectors, alignment);
- sectors = std::min(sectors, region.length());
- }
- }
CHECK(sectors % sectors_per_block == 0);
auto extent = std::make_unique<LinearExtent>(sectors, region.device_index, region.start);
new_extents.push_back(std::move(extent));
- if (sectors >= sectors_needed) {
- sectors_needed = 0;
- break;
- }
sectors_needed -= sectors;
}
if (sectors_needed) {
@@ -677,6 +679,64 @@
return second_half;
}
+std::unique_ptr<LinearExtent> MetadataBuilder::ExtendFinalExtent(
+ Partition* partition, const std::vector<Interval>& free_list,
+ uint64_t sectors_needed) const {
+ if (partition->extents().empty()) {
+ return nullptr;
+ }
+ LinearExtent* extent = partition->extents().back()->AsLinearExtent();
+ if (!extent) {
+ return nullptr;
+ }
+
+ // If the sector ends where the next aligned chunk begins, then there's
+ // no missing gap to try and allocate.
+ const auto& block_device = block_devices_[extent->device_index()];
+ uint64_t next_aligned_sector = AlignSector(block_device, extent->end_sector());
+ if (extent->end_sector() == next_aligned_sector) {
+ return nullptr;
+ }
+
+ uint64_t num_sectors = std::min(next_aligned_sector - extent->end_sector(), sectors_needed);
+ auto new_extent = std::make_unique<LinearExtent>(num_sectors, extent->device_index(),
+ extent->end_sector());
+ if (IsAnyRegionAllocated(*new_extent.get()) ||
+ IsAnyRegionCovered(free_list, *new_extent.get())) {
+ LERROR << "Misaligned region " << new_extent->physical_sector() << ".."
+ << new_extent->end_sector() << " was allocated or marked allocatable.";
+ return nullptr;
+ }
+ return new_extent;
+}
+
+bool MetadataBuilder::IsAnyRegionCovered(const std::vector<Interval>& regions,
+ const LinearExtent& candidate) const {
+ for (const auto& region : regions) {
+ if (region.device_index == candidate.device_index() &&
+ (candidate.OwnsSector(region.start) || candidate.OwnsSector(region.end))) {
+ return true;
+ }
+ }
+ return false;
+}
+
+bool MetadataBuilder::IsAnyRegionAllocated(const LinearExtent& candidate) const {
+ for (const auto& partition : partitions_) {
+ for (const auto& extent : partition->extents()) {
+ LinearExtent* linear = extent->AsLinearExtent();
+ if (!linear || linear->device_index() != candidate.device_index()) {
+ continue;
+ }
+ if (linear->OwnsSector(candidate.physical_sector()) ||
+ linear->OwnsSector(candidate.end_sector() - 1)) {
+ return true;
+ }
+ }
+ }
+ return false;
+}
+
void MetadataBuilder::ShrinkPartition(Partition* partition, uint64_t aligned_size) {
partition->ShrinkTo(aligned_size);
}
diff --git a/fs_mgr/liblp/builder_test.cpp b/fs_mgr/liblp/builder_test.cpp
index 81305b3..46bfe92 100644
--- a/fs_mgr/liblp/builder_test.cpp
+++ b/fs_mgr/liblp/builder_test.cpp
@@ -209,8 +209,8 @@
ASSERT_TRUE(builder->ResizePartition(a, a->size() + 4096));
ASSERT_TRUE(builder->ResizePartition(b, b->size() + 4096));
}
- EXPECT_EQ(a->size(), 7864320);
- EXPECT_EQ(b->size(), 7864320);
+ EXPECT_EQ(a->size(), 40960);
+ EXPECT_EQ(b->size(), 40960);
unique_ptr<LpMetadata> exported = builder->Export();
ASSERT_NE(exported, nullptr);
@@ -218,7 +218,7 @@
// Check that each starting sector is aligned.
for (const auto& extent : exported->extents) {
ASSERT_EQ(extent.target_type, LP_TARGET_TYPE_LINEAR);
- EXPECT_EQ(extent.num_sectors, 1536);
+ EXPECT_EQ(extent.num_sectors, 80);
uint64_t lba = extent.target_data * LP_SECTOR_SIZE;
uint64_t aligned_lba = AlignTo(lba, device_info.alignment, device_info.alignment_offset);
@@ -226,7 +226,7 @@
}
// Sanity check one extent.
- EXPECT_EQ(exported->extents.back().target_data, 30656);
+ EXPECT_EQ(exported->extents.back().target_data, 3008);
}
TEST_F(BuilderTest, UseAllDiskSpace) {
@@ -698,7 +698,7 @@
EXPECT_EQ(metadata->extents[1].target_type, LP_TARGET_TYPE_LINEAR);
EXPECT_EQ(metadata->extents[1].target_data, 1472);
EXPECT_EQ(metadata->extents[1].target_source, 1);
- EXPECT_EQ(metadata->extents[2].num_sectors, 129600);
+ EXPECT_EQ(metadata->extents[2].num_sectors, 129088);
EXPECT_EQ(metadata->extents[2].target_type, LP_TARGET_TYPE_LINEAR);
EXPECT_EQ(metadata->extents[2].target_data, 1472);
EXPECT_EQ(metadata->extents[2].target_source, 2);
@@ -805,7 +805,7 @@
EXPECT_EQ(exported->extents[0].target_data, 10487808);
EXPECT_EQ(exported->extents[0].num_sectors, 10483712);
EXPECT_EQ(exported->extents[1].target_data, 6292992);
- EXPECT_EQ(exported->extents[1].num_sectors, 2099712);
+ EXPECT_EQ(exported->extents[1].num_sectors, 2099200);
EXPECT_EQ(exported->extents[2].target_data, 1536);
EXPECT_EQ(exported->extents[2].num_sectors, 6291456);
}
@@ -821,7 +821,7 @@
ASSERT_NE(vendor, nullptr);
ASSERT_TRUE(builder->ResizePartition(system, device_info.alignment + 4096));
ASSERT_TRUE(builder->ResizePartition(vendor, device_info.alignment));
- ASSERT_EQ(system->size(), device_info.alignment * 2);
+ ASSERT_EQ(system->size(), device_info.alignment + 4096);
ASSERT_EQ(vendor->size(), device_info.alignment);
ASSERT_TRUE(builder->ResizePartition(system, device_info.alignment * 2));
diff --git a/fs_mgr/liblp/include/liblp/builder.h b/fs_mgr/liblp/include/liblp/builder.h
index 486a71f..c706f2a 100644
--- a/fs_mgr/liblp/include/liblp/builder.h
+++ b/fs_mgr/liblp/include/liblp/builder.h
@@ -66,6 +66,10 @@
uint64_t end_sector() const { return physical_sector_ + num_sectors_; }
uint32_t device_index() const { return device_index_; }
+ bool OwnsSector(uint64_t sector) const {
+ return sector >= physical_sector_ && sector < end_sector();
+ }
+
private:
uint32_t device_index_;
uint64_t physical_sector_;
@@ -322,9 +326,15 @@
}
};
std::vector<Interval> GetFreeRegions() const;
+ bool IsAnyRegionCovered(const std::vector<Interval>& regions,
+ const LinearExtent& candidate) const;
+ bool IsAnyRegionAllocated(const LinearExtent& candidate) const;
void ExtentsToFreeList(const std::vector<Interval>& extents,
std::vector<Interval>* free_regions) const;
std::vector<Interval> PrioritizeSecondHalfOfSuper(const std::vector<Interval>& free_list);
+ std::unique_ptr<LinearExtent> ExtendFinalExtent(Partition* partition,
+ const std::vector<Interval>& free_list,
+ uint64_t sectors_needed) const;
static bool sABOverrideValue;
static bool sABOverrideSet;
diff --git a/init/first_stage_mount.cpp b/init/first_stage_mount.cpp
index 17cd470..4b0f05d 100644
--- a/init/first_stage_mount.cpp
+++ b/init/first_stage_mount.cpp
@@ -580,7 +580,14 @@
required_devices_partition_names_.emplace(basename(device.c_str()));
auto uevent_callback = [this](const Uevent& uevent) { return UeventCallback(uevent); };
uevent_listener_.RegenerateUevents(uevent_callback);
- uevent_listener_.Poll(uevent_callback, 10s);
+ if (!required_devices_partition_names_.empty()) {
+ uevent_listener_.Poll(uevent_callback, 10s);
+ if (!required_devices_partition_names_.empty()) {
+ LOG(ERROR) << __PRETTY_FUNCTION__
+ << ": partition(s) not found after polling timeout: "
+ << android::base::Join(required_devices_partition_names_, ", ");
+ }
+ }
} else {
InitMappedDevice(device);
}
diff --git a/libkeyutils/mini_keyctl.cpp b/libkeyutils/mini_keyctl.cpp
index 844f873..e09c864 100644
--- a/libkeyutils/mini_keyctl.cpp
+++ b/libkeyutils/mini_keyctl.cpp
@@ -20,6 +20,7 @@
#include "mini_keyctl_utils.h"
+#include <error.h>
#include <stdio.h>
#include <unistd.h>
@@ -36,6 +37,14 @@
_exit(exit_code);
}
+static key_serial_t parseKeyOrDie(const char* str) {
+ key_serial_t key;
+ if (!android::base::ParseInt(str, &key)) {
+ error(1 /* exit code */, 0 /* errno */, "Unparsable key: '%s'\n", str);
+ }
+ return key;
+}
+
int main(int argc, const char** argv) {
if (argc < 2) Usage(1);
const std::string action = argv[1];
@@ -67,17 +76,13 @@
return RestrictKeyring(keyring);
} else if (action == "unlink") {
if (argc != 4) Usage(1);
- key_serial_t key = std::stoi(argv[2], nullptr, 16);
+ key_serial_t key = parseKeyOrDie(argv[2]);
const std::string keyring = argv[3];
return Unlink(key, keyring);
} else if (action == "security") {
if (argc != 3) Usage(1);
const char* key_str = argv[2];
- key_serial_t key;
- if (!android::base::ParseInt(key_str, &key)) {
- fprintf(stderr, "Unparsable key: '%s'\n", key_str);
- return 1;
- }
+ key_serial_t key = parseKeyOrDie(key_str);
std::string context = RetrieveSecurityContext(key);
if (context.empty()) {
perror(key_str);
diff --git a/libkeyutils/mini_keyctl_utils.cpp b/libkeyutils/mini_keyctl_utils.cpp
index 3651606..9fe2dfe 100644
--- a/libkeyutils/mini_keyctl_utils.cpp
+++ b/libkeyutils/mini_keyctl_utils.cpp
@@ -30,18 +30,62 @@
#include <android-base/file.h>
#include <android-base/logging.h>
+#include <android-base/parseint.h>
#include <android-base/properties.h>
#include <android-base/strings.h>
#include <keyutils.h>
static constexpr int kMaxCertSize = 4096;
-std::vector<std::string> SplitBySpace(const std::string& s) {
+static std::vector<std::string> SplitBySpace(const std::string& s) {
std::istringstream iss(s);
return std::vector<std::string>{std::istream_iterator<std::string>{iss},
std::istream_iterator<std::string>{}};
}
+// Find the keyring id. Because request_key(2) syscall is not available or the key is
+// kernel keyring, the id is looked up from /proc/keys. The keyring description may contain other
+// information in the descritption section depending on the key type, only the first word in the
+// keyring description is used for searching.
+static bool GetKeyringId(const std::string& keyring_desc, key_serial_t* keyring_id) {
+ if (!keyring_id) {
+ LOG(ERROR) << "keyring_id is null";
+ return false;
+ }
+
+ // If the keyring id is already a hex number, directly convert it to keyring id
+ if (android::base::ParseInt(keyring_desc.c_str(), keyring_id)) {
+ return true;
+ }
+
+ // Only keys allowed by SELinux rules will be shown here.
+ std::ifstream proc_keys_file("/proc/keys");
+ if (!proc_keys_file.is_open()) {
+ PLOG(ERROR) << "Failed to open /proc/keys";
+ return false;
+ }
+
+ std::string line;
+ while (getline(proc_keys_file, line)) {
+ std::vector<std::string> tokens = SplitBySpace(line);
+ if (tokens.size() < 9) {
+ continue;
+ }
+ std::string key_id = tokens[0];
+ std::string key_type = tokens[7];
+ // The key description may contain space.
+ std::string key_desc_prefix = tokens[8];
+ // The prefix has a ":" at the end
+ std::string key_desc_pattern = keyring_desc + ":";
+ if (key_type != "keyring" || key_desc_prefix != key_desc_pattern) {
+ continue;
+ }
+ *keyring_id = std::stoi(key_id, nullptr, 16);
+ return true;
+ }
+ return false;
+}
+
int AddCertsFromDir(const std::string& type, const std::string& desc_prefix,
const std::string& cert_dir, const std::string& keyring) {
key_serial_t keyring_id;
@@ -89,49 +133,6 @@
return 0;
}
-bool GetKeyringId(const std::string& keyring_desc, key_serial_t* keyring_id) {
- if (!keyring_id) {
- LOG(ERROR) << "keyring_id is null";
- return false;
- }
-
- // If the keyring id is already a hex number, directly convert it to keyring id
- try {
- key_serial_t id = std::stoi(keyring_desc, nullptr, 16);
- *keyring_id = id;
- return true;
- } catch (const std::exception& e) {
- LOG(INFO) << "search /proc/keys for keyring id";
- }
-
- // Only keys allowed by SELinux rules will be shown here.
- std::ifstream proc_keys_file("/proc/keys");
- if (!proc_keys_file.is_open()) {
- PLOG(ERROR) << "Failed to open /proc/keys";
- return false;
- }
-
- std::string line;
- while (getline(proc_keys_file, line)) {
- std::vector<std::string> tokens = SplitBySpace(line);
- if (tokens.size() < 9) {
- continue;
- }
- std::string key_id = tokens[0];
- std::string key_type = tokens[7];
- // The key description may contain space.
- std::string key_desc_prefix = tokens[8];
- // The prefix has a ":" at the end
- std::string key_desc_pattern = keyring_desc + ":";
- if (key_type != "keyring" || key_desc_prefix != key_desc_pattern) {
- continue;
- }
- *keyring_id = std::stoi(key_id, nullptr, 16);
- return true;
- }
- return false;
-}
-
int Unlink(key_serial_t key, const std::string& keyring) {
key_serial_t keyring_id;
if (!GetKeyringId(keyring, &keyring_id)) {
diff --git a/libkeyutils/mini_keyctl_utils.h b/libkeyutils/mini_keyctl_utils.h
index 150967d..804a357 100644
--- a/libkeyutils/mini_keyctl_utils.h
+++ b/libkeyutils/mini_keyctl_utils.h
@@ -23,11 +23,6 @@
int AddCertsFromDir(const std::string& type, const std::string& desc_prefix,
const std::string& cert_dir, const std::string& keyring);
-// Add all the certs from directory path to keyring with keyring_id. Returns the number of keys
-// added. Returns non-zero if any error happens.
-int AddKeys(const std::string& path, const key_serial_t keyring_id, const std::string& type,
- const std::string& desc, int start_index);
-
// Add key to a keyring. Returns non-zero if error happens.
int Add(const std::string& type, const std::string& desc, const std::string& data,
const std::string& keyring);
@@ -41,11 +36,5 @@
// Apply key-linking to a keyring. Return non-zero if error happens.
int RestrictKeyring(const std::string& keyring);
-// Find the keyring id. Because request_key(2) syscall is not available or the key is
-// kernel keyring, the id is looked up from /proc/keys. The keyring description may contain other
-// information in the descritption section depending on the key type, only the first word in the
-// keyring description is used for searching.
-bool GetKeyringId(const std::string& keyring_desc, key_serial_t* keyring_id);
-
// Retrieves a key's security context. Return the context string, or empty string on error.
std::string RetrieveSecurityContext(key_serial_t key);
diff --git a/liblog/logger_write.cpp b/liblog/logger_write.cpp
index 908fe7f..7fa3f43 100644
--- a/liblog/logger_write.cpp
+++ b/liblog/logger_write.cpp
@@ -413,6 +413,8 @@
if (!tag) tag = "";
/* XXX: This needs to go! */
+#pragma clang diagnostic push
+#pragma clang diagnostic ignored "-Wstring-plus-int"
if (bufID != LOG_ID_RADIO) {
switch (tag[0]) {
case 'H':
@@ -454,6 +456,7 @@
break;
}
}
+#pragma clang diagnostic pop
#if __BIONIC__
if (prio == ANDROID_LOG_FATAL) {
diff --git a/rootdir/Android.mk b/rootdir/Android.mk
index e0b291d..54b019e 100644
--- a/rootdir/Android.mk
+++ b/rootdir/Android.mk
@@ -220,10 +220,10 @@
# A symlink can't overwrite a directory and the /system/usr/icu directory once
# existed so the required structure must be created whatever we find.
LOCAL_POST_INSTALL_CMD = mkdir -p $(TARGET_OUT)/usr && rm -rf $(TARGET_OUT)/usr/icu
-LOCAL_POST_INSTALL_CMD += ; ln -sf /apex/com.android.runtime/etc/icu $(TARGET_OUT)/usr/icu
+LOCAL_POST_INSTALL_CMD += && ln -sf /apex/com.android.runtime/etc/icu $(TARGET_OUT)/usr/icu
# TODO(b/124106384): Clean up compat symlinks for ART binaries.
-ART_BINARIES= \
+ART_BINARIES := \
dalvikvm \
dalvikvm32 \
dalvikvm64 \
@@ -235,10 +235,10 @@
oatdump \
profman \
-LOCAL_POST_INSTALL_CMD += ; mkdir -p $(TARGET_OUT)/bin
+LOCAL_POST_INSTALL_CMD += && mkdir -p $(TARGET_OUT)/bin
$(foreach b,$(ART_BINARIES), \
$(eval LOCAL_POST_INSTALL_CMD += \
- ; ln -sf /apex/com.android.runtime/bin/$(b) $(TARGET_OUT)/bin/$(b)) \
+ && ln -sf /apex/com.android.runtime/bin/$(b) $(TARGET_OUT)/bin/$(b)) \
)
# End of runtime APEX compatibilty.
diff --git a/rootdir/etc/ld.config.legacy.txt b/rootdir/etc/ld.config.legacy.txt
index d282cfa..fa46334 100644
--- a/rootdir/etc/ld.config.legacy.txt
+++ b/rootdir/etc/ld.config.legacy.txt
@@ -11,6 +11,11 @@
dir.legacy = /odm
dir.legacy = /sbin
+dir.legacy = /data/nativetest
+dir.legacy = /data/nativetest64
+dir.legacy = /data/benchmarktest
+dir.legacy = /data/benchmarktest64
+
# Except for /postinstall, where only /system and /product are searched
dir.postinstall = /postinstall
diff --git a/rootdir/init.rc b/rootdir/init.rc
index 0e96163..8e63a81 100644
--- a/rootdir/init.rc
+++ b/rootdir/init.rc
@@ -424,6 +424,8 @@
exec -- /system/bin/mini-keyctl dadd asymmetric vendor_cert /vendor/etc/security/cacerts_fsverity .fs-verity
# Prevent future key links to fsverity keyring
exec -- /system/bin/mini-keyctl restrict_keyring .fs-verity
+ # Enforce fsverity signature checking
+ write /proc/sys/fs/verity/require_signatures 1
# Make sure that apexd is started in the default namespace
enter_default_mount_ns