Merge "Initialize key structure to zero in charger"
diff --git a/fs_mgr/libfs_avb/Android.bp b/fs_mgr/libfs_avb/Android.bp
index bf51fe7..8fb9697 100644
--- a/fs_mgr/libfs_avb/Android.bp
+++ b/fs_mgr/libfs_avb/Android.bp
@@ -31,6 +31,7 @@
static_libs: [
"libavb",
"libdm",
+ "libgsi",
"libfstab",
],
export_static_lib_headers: [
diff --git a/fs_mgr/libfs_avb/fs_avb.cpp b/fs_mgr/libfs_avb/fs_avb.cpp
index ed623bc..5d504ab 100644
--- a/fs_mgr/libfs_avb/fs_avb.cpp
+++ b/fs_mgr/libfs_avb/fs_avb.cpp
@@ -33,6 +33,7 @@
#include <android-base/strings.h>
#include <libavb/libavb.h>
#include <libdm/dm.h>
+#include <libgsi/libgsi.h>
#include "avb_ops.h"
#include "avb_util.h"
@@ -266,6 +267,18 @@
return avb_handle;
}
+static bool IsAvbPermissive() {
+ if (IsDeviceUnlocked()) {
+ // Manually putting a file under metadata partition can enforce AVB verification.
+ if (!access(DSU_METADATA_PREFIX "avb_enforce", F_OK)) {
+ LINFO << "Enforcing AVB verification when the device is unlocked";
+ return false;
+ }
+ return true;
+ }
+ return false;
+}
+
AvbUniquePtr AvbHandle::LoadAndVerifyVbmeta(const FstabEntry& fstab_entry,
const std::vector<std::string>& preload_avb_key_blobs) {
// At least one of the following should be provided for public key matching.
@@ -275,7 +288,7 @@
}
// Binds allow_verification_error and rollback_protection to device unlock state.
- bool allow_verification_error = IsDeviceUnlocked();
+ bool allow_verification_error = IsAvbPermissive();
bool rollback_protection = !allow_verification_error;
std::string public_key_data;
@@ -364,15 +377,15 @@
return LoadAndVerifyVbmeta("vbmeta", fs_mgr_get_slot_suffix(), fs_mgr_get_other_slot_suffix(),
{} /* expected_public_key, already checked by bootloader */,
HashAlgorithm::kSHA256,
- IsDeviceUnlocked(), /* allow_verification_error */
- true, /* load_chained_vbmeta */
+ IsAvbPermissive(), /* allow_verification_error */
+ true, /* load_chained_vbmeta */
false, /* rollback_protection, already checked by bootloader */
nullptr /* custom_device_path */);
}
// TODO(b/128807537): removes this function.
AvbUniquePtr AvbHandle::Open() {
- bool is_device_unlocked = IsDeviceUnlocked();
+ bool allow_verification_error = IsAvbPermissive();
AvbUniquePtr avb_handle(new AvbHandle());
if (!avb_handle) {
@@ -381,8 +394,9 @@
}
FsManagerAvbOps avb_ops;
- AvbSlotVerifyFlags flags = is_device_unlocked ? AVB_SLOT_VERIFY_FLAGS_ALLOW_VERIFICATION_ERROR
- : AVB_SLOT_VERIFY_FLAGS_NONE;
+ AvbSlotVerifyFlags flags = allow_verification_error
+ ? AVB_SLOT_VERIFY_FLAGS_ALLOW_VERIFICATION_ERROR
+ : AVB_SLOT_VERIFY_FLAGS_NONE;
AvbSlotVerifyResult verify_result =
avb_ops.AvbSlotVerify(fs_mgr_get_slot_suffix(), flags, &avb_handle->vbmeta_images_);
@@ -405,9 +419,8 @@
break;
case AVB_SLOT_VERIFY_RESULT_ERROR_VERIFICATION:
case AVB_SLOT_VERIFY_RESULT_ERROR_PUBLIC_KEY_REJECTED:
- if (!is_device_unlocked) {
- LERROR << "ERROR_VERIFICATION / PUBLIC_KEY_REJECTED isn't allowed "
- << "if the device is LOCKED";
+ if (!allow_verification_error) {
+ LERROR << "ERROR_VERIFICATION / PUBLIC_KEY_REJECTED isn't allowed ";
return nullptr;
}
avb_handle->status_ = AvbHandleStatus::kVerificationError;
diff --git a/libcutils/KernelLibcutilsTest.xml b/libcutils/KernelLibcutilsTest.xml
index e27fac6..40e4ef4 100644
--- a/libcutils/KernelLibcutilsTest.xml
+++ b/libcutils/KernelLibcutilsTest.xml
@@ -13,7 +13,7 @@
See the License for the specific language governing permissions and
limitations under the License.
-->
-<configuration description="Runs libcutils_test_static.">
+<configuration description="Runs KernelLibcutilsTest.">
<option name="test-suite-tag" value="apct" />
<option name="test-suite-tag" value="apct-native" />
@@ -22,12 +22,12 @@
<target_preparer class="com.android.tradefed.targetprep.PushFilePreparer">
<option name="cleanup" value="true" />
- <option name="push" value="libcutils_test_static->/data/local/tmp/libcutils_test_static" />
+ <option name="push" value="KernelLibcutilsTest->/data/local/tmp/KernelLibcutilsTest" />
</target_preparer>
<test class="com.android.tradefed.testtype.GTest" >
<option name="native-test-device-path" value="/data/local/tmp" />
- <option name="module-name" value="libcutils_test_static" />
+ <option name="module-name" value="KernelLibcutilsTest" />
<option name="include-filter" value="*AshmemTest*" />
</test>
</configuration>
diff --git a/libutils/Threads.cpp b/libutils/Threads.cpp
index 31ca138..540dcf4 100644
--- a/libutils/Threads.cpp
+++ b/libutils/Threads.cpp
@@ -18,8 +18,8 @@
#define LOG_TAG "libutils.threads"
#include <assert.h>
-#include <utils/Thread.h>
#include <utils/AndroidThreads.h>
+#include <utils/Thread.h>
#if !defined(_WIN32)
# include <sys/resource.h>
@@ -36,7 +36,10 @@
#include <utils/Log.h>
+#if defined(__ANDROID__)
+#include <processgroup/processgroup.h>
#include <processgroup/sched_policy.h>
+#endif
#if defined(__ANDROID__)
# define __android_unused
@@ -64,6 +67,7 @@
typedef void* (*android_pthread_entry)(void*);
+#if defined(__ANDROID__)
struct thread_data_t {
thread_func_t entryFunction;
void* userData;
@@ -79,10 +83,11 @@
char * name = t->threadName;
delete t;
setpriority(PRIO_PROCESS, 0, prio);
+
+ // A new thread will be in its parent's sched group by default,
+ // so we just need to handle the background case.
if (prio >= ANDROID_PRIORITY_BACKGROUND) {
- set_sched_policy(0, SP_BACKGROUND);
- } else {
- set_sched_policy(0, SP_FOREGROUND);
+ SetTaskProfiles(0, {"SCHED_SP_BACKGROUND"}, true);
}
if (name) {
@@ -92,6 +97,7 @@
return f(u);
}
};
+#endif
void androidSetThreadName(const char* name) {
#if defined(__linux__)
@@ -300,11 +306,19 @@
{
int rc = 0;
int lasterr = 0;
+ int curr_pri = getpriority(PRIO_PROCESS, tid);
+
+ if (curr_pri == pri) {
+ return rc;
+ }
if (pri >= ANDROID_PRIORITY_BACKGROUND) {
- rc = set_sched_policy(tid, SP_BACKGROUND);
- } else if (getpriority(PRIO_PROCESS, tid) >= ANDROID_PRIORITY_BACKGROUND) {
- rc = set_sched_policy(tid, SP_FOREGROUND);
+ rc = SetTaskProfiles(tid, {"SCHED_SP_BACKGROUND"}, true) ? 0 : -1;
+ } else if (curr_pri >= ANDROID_PRIORITY_BACKGROUND) {
+ SchedPolicy policy = SP_FOREGROUND;
+ // Change to the sched policy group of the process.
+ get_sched_policy(getpid(), &policy);
+ rc = SetTaskProfiles(tid, {get_sched_policy_profile_name(policy)}, true) ? 0 : -1;
}
if (rc) {
diff --git a/rootdir/init.rc b/rootdir/init.rc
index 2d89cf2..050f8a8 100644
--- a/rootdir/init.rc
+++ b/rootdir/init.rc
@@ -612,6 +612,8 @@
mkdir /data/misc/apexdata 0711 root root
mkdir /data/misc/apexrollback 0700 root root
mkdir /data/misc/snapshotctl_log 0770 root root
+ # create location to store pre-reboot information
+ mkdir /data/misc/prereboot 0700 system system
mkdir /data/preloads 0775 system system encryption=None
@@ -762,6 +764,9 @@
# IOCTLs on ashmem fds any more.
setprop sys.use_memfd false
+ # Explicitly disable FUSE
+ setprop persist.sys.fuse false
+
# Set fscklog permission
chown root system /dev/fscklogs/log
chmod 0770 /dev/fscklogs/log