Merge "Add memcg related configs to init."
diff --git a/adb/Android.mk b/adb/Android.mk
index 1f6f194..ae03593 100644
--- a/adb/Android.mk
+++ b/adb/Android.mk
@@ -350,11 +350,11 @@
-D_GNU_SOURCE \
-Wno-deprecated-declarations \
+LOCAL_CFLAGS += -DALLOW_ADBD_ROOT=$(if $(filter userdebug eng,$(TARGET_BUILD_VARIANT)),1,0)
LOCAL_CFLAGS += -DALLOW_ADBD_NO_AUTH=$(if $(filter userdebug eng,$(TARGET_BUILD_VARIANT)),1,0)
ifneq (,$(filter userdebug eng,$(TARGET_BUILD_VARIANT)))
LOCAL_CFLAGS += -DALLOW_ADBD_DISABLE_VERITY=1
-LOCAL_CFLAGS += -DALLOW_ADBD_ROOT=1
endif
LOCAL_MODULE := adbd
diff --git a/adb/daemon/main.cpp b/adb/daemon/main.cpp
index 1c94298..e0629ab 100644
--- a/adb/daemon/main.cpp
+++ b/adb/daemon/main.cpp
@@ -49,17 +49,23 @@
static const char* root_seclabel = nullptr;
+static inline bool is_device_unlocked() {
+ return "orange" == android::base::GetProperty("ro.boot.verifiedbootstate", "");
+}
+
static void drop_capabilities_bounding_set_if_needed(struct minijail *j) {
-#if defined(ALLOW_ADBD_ROOT)
- if (__android_log_is_debuggable()) {
- return;
+ if (ALLOW_ADBD_ROOT || is_device_unlocked()) {
+ if (__android_log_is_debuggable()) {
+ return;
+ }
}
-#endif
minijail_capbset_drop(j, CAP_TO_MASK(CAP_SETUID) | CAP_TO_MASK(CAP_SETGID));
}
static bool should_drop_privileges() {
-#if defined(ALLOW_ADBD_ROOT)
+ // "adb root" not allowed, always drop privileges.
+ if (!ALLOW_ADBD_ROOT && !is_device_unlocked()) return true;
+
// The properties that affect `adb root` and `adb unroot` are ro.secure and
// ro.debuggable. In this context the names don't make the expected behavior
// particularly obvious.
@@ -89,9 +95,6 @@
}
return drop;
-#else
- return true; // "adb root" not allowed, always drop privileges.
-#endif // ALLOW_ADBD_ROOT
}
static void drop_privileges(int server_port) {
@@ -158,7 +161,10 @@
// descriptor will always be open.
adbd_cloexec_auth_socket();
- if (ALLOW_ADBD_NO_AUTH && !android::base::GetBoolProperty("ro.adb.secure", false)) {
+ // Respect ro.adb.secure in userdebug/eng builds (ALLOW_ADBD_NO_AUTH), or when the
+ // device is unlocked.
+ if ((ALLOW_ADBD_NO_AUTH || is_device_unlocked()) &&
+ !android::base::GetBoolProperty("ro.adb.secure", false)) {
auth_required = false;
}
diff --git a/init/Android.bp b/init/Android.bp
index fce424e..47578ea 100644
--- a/init/Android.bp
+++ b/init/Android.bp
@@ -153,6 +153,7 @@
"init_test.cpp",
"property_service_test.cpp",
"service_test.cpp",
+ "ueventd_test.cpp",
"util_test.cpp",
],
shared_libs: [
diff --git a/init/Android.mk b/init/Android.mk
index 6cd47f4..325614e 100644
--- a/init/Android.mk
+++ b/init/Android.mk
@@ -30,6 +30,10 @@
init_options += -DLOG_UEVENTS=0
+ifeq ($(TARGET_USER_MODE_LINUX), true)
+ init_cflags += -DUSER_MODE_LINUX
+endif
+
init_cflags += \
$(init_options) \
-Wall -Wextra \
diff --git a/init/init.cpp b/init/init.cpp
index bf251ff..b0b2e49 100644
--- a/init/init.cpp
+++ b/init/init.cpp
@@ -391,7 +391,10 @@
int ret = -1;
/* values are arch-dependent */
-#if defined(__aarch64__)
+#if defined(USER_MODE_LINUX)
+ /* uml does not support mmap_rnd_bits */
+ ret = 0;
+#elif defined(__aarch64__)
/* arm64 supports 18 - 33 bits depending on pagesize and VA_SIZE */
if (set_mmap_rnd_bits_min(33, 24, false)
&& set_mmap_rnd_bits_min(16, 16, true)) {
diff --git a/init/reboot.cpp b/init/reboot.cpp
index 969caec..8196d58 100644
--- a/init/reboot.cpp
+++ b/init/reboot.cpp
@@ -234,7 +234,12 @@
LOG(INFO) << "mount entry " << mentry->mnt_fsname << ":" << mentry->mnt_dir << " opts "
<< mentry->mnt_opts << " type " << mentry->mnt_type;
} else if (MountEntry::IsBlockDevice(*mentry) && hasmntopt(mentry, "rw")) {
- blockDevPartitions->emplace(blockDevPartitions->begin(), *mentry);
+ std::string mount_dir(mentry->mnt_dir);
+ // These are R/O partitions changed to R/W after adb remount.
+ // Do not umount them as shutdown critical services may rely on them.
+ if (mount_dir != "/system" && mount_dir != "/vendor" && mount_dir != "/oem") {
+ blockDevPartitions->emplace(blockDevPartitions->begin(), *mentry);
+ }
} else if (MountEntry::IsEmulatedDevice(*mentry)) {
emulatedPartitions->emplace(emulatedPartitions->begin(), *mentry);
}
diff --git a/init/ueventd_test.cpp b/init/ueventd_test.cpp
new file mode 100644
index 0000000..86d7055
--- /dev/null
+++ b/init/ueventd_test.cpp
@@ -0,0 +1,112 @@
+/*
+ * Copyright (C) 2017 The Android Open Source Project
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+#include <linux/futex.h>
+#include <pthread.h>
+#include <sys/stat.h>
+#include <unistd.h>
+
+#include <string>
+#include <thread>
+#include <vector>
+
+#include <android-base/file.h>
+#include <android-base/scopeguard.h>
+#include <android-base/test_utils.h>
+#include <gtest/gtest.h>
+#include <selinux/selinux.h>
+
+using namespace std::string_literals;
+
+template <typename T, typename F>
+void WriteFromMultipleThreads(std::vector<std::pair<std::string, T>>& files_and_parameters,
+ F function) {
+ auto num_threads = files_and_parameters.size();
+ pthread_barrier_t barrier;
+ pthread_barrier_init(&barrier, nullptr, num_threads);
+ auto barrier_destroy =
+ android::base::make_scope_guard([&barrier]() { pthread_barrier_destroy(&barrier); });
+
+ auto make_thread_function = [&function, &barrier](const auto& file, const auto& parameter) {
+ return [&]() {
+ function(parameter);
+ pthread_barrier_wait(&barrier);
+ android::base::WriteStringToFile("<empty>", file);
+ };
+ };
+
+ std::vector<std::thread> threads;
+ // TODO(b/63712782): Structured bindings + templated containers are broken in clang :(
+ // for (const auto& [file, parameter] : files_and_parameters) {
+ for (const auto& pair : files_and_parameters) {
+ const auto& file = pair.first;
+ const auto& parameter = pair.second;
+ threads.emplace_back(std::thread(make_thread_function(file, parameter)));
+ }
+
+ for (auto& thread : threads) {
+ thread.join();
+ }
+}
+
+TEST(ueventd, setegid_IsPerThread) {
+ if (getuid() != 0) return;
+
+ TemporaryDir dir;
+
+ gid_t gid = 0;
+ std::vector<std::pair<std::string, gid_t>> files_and_gids;
+ std::generate_n(std::back_inserter(files_and_gids), 100, [&gid, &dir]() {
+ gid++;
+ return std::pair(dir.path + "/gid_"s + std::to_string(gid), gid);
+ });
+
+ WriteFromMultipleThreads(files_and_gids, [](gid_t gid) { EXPECT_EQ(0, setegid(gid)); });
+
+ for (const auto& [file, expected_gid] : files_and_gids) {
+ struct stat info;
+ EXPECT_EQ(0, stat(file.c_str(), &info));
+ EXPECT_EQ(expected_gid, info.st_gid);
+ }
+}
+
+TEST(ueventd, setfscreatecon_IsPerThread) {
+ if (getuid() != 0) return;
+
+ const char* const contexts[] = {
+ "u:object_r:audio_device:s0",
+ "u:object_r:sensors_device:s0",
+ "u:object_r:video_device:s0"
+ "u:object_r:zero_device:s0",
+ };
+
+ TemporaryDir dir;
+ std::vector<std::pair<std::string, std::string>> files_and_contexts;
+ for (const char* context : contexts) {
+ files_and_contexts.emplace_back(dir.path + "/context_"s + context, context);
+ }
+
+ WriteFromMultipleThreads(files_and_contexts, [](const std::string& context) {
+ EXPECT_EQ(0, setfscreatecon(context.c_str()));
+ });
+
+ for (const auto& [file, expected_context] : files_and_contexts) {
+ char* file_context;
+ EXPECT_GT(getfilecon(file.c_str(), &file_context), 0);
+ EXPECT_EQ(expected_context, file_context);
+ freecon(file_context);
+ }
+}
diff --git a/libmetricslogger/Android.bp b/libmetricslogger/Android.bp
index 38859d1..26a041a 100644
--- a/libmetricslogger/Android.bp
+++ b/libmetricslogger/Android.bp
@@ -31,7 +31,6 @@
// -----------------------------------------------------------------------------
cc_library_shared {
name: "libmetricslogger",
- vendor_available: true,
srcs: metricslogger_lib_src_files,
defaults: ["metricslogger_defaults"],
}
diff --git a/libutils/Android.bp b/libutils/Android.bp
index 0125eac..fbfb7c2 100644
--- a/libutils/Android.bp
+++ b/libutils/Android.bp
@@ -53,7 +53,6 @@
"FileMap.cpp",
"JenkinsHash.cpp",
"LinearTransform.cpp",
- "Log.cpp",
"NativeHandle.cpp",
"Printer.cpp",
"PropertyMap.cpp",
diff --git a/libutils/Log.cpp b/libutils/Log.cpp
deleted file mode 100644
index bffb56e..0000000
--- a/libutils/Log.cpp
+++ /dev/null
@@ -1,37 +0,0 @@
-/*
- * Copyright (C) 2012 The Android Open Source Project
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-
-#define LOG_TAG "Log"
-
-#include <utils/Log.h>
-#include <utils/Timers.h>
-
-namespace android {
-
-LogIfSlow::LogIfSlow(const char* tag, android_LogPriority priority,
- int timeoutMillis, const char* message) :
- mTag(tag), mPriority(priority), mTimeoutMillis(timeoutMillis), mMessage(message),
- mStart(systemTime(SYSTEM_TIME_BOOTTIME)) {
-}
-
-LogIfSlow::~LogIfSlow() {
- int durationMillis = nanoseconds_to_milliseconds(systemTime(SYSTEM_TIME_BOOTTIME) - mStart);
- if (durationMillis > mTimeoutMillis) {
- LOG_PRI(mPriority, mTag, "%s: %dms", mMessage, durationMillis);
- }
-}
-
-} // namespace android
diff --git a/libutils/include/utils/Log.h b/libutils/include/utils/Log.h
index 5276a49..42e03e7 100644
--- a/libutils/include/utils/Log.h
+++ b/libutils/include/utils/Log.h
@@ -1,72 +1,7 @@
-/*
- * Copyright (C) 2005 The Android Open Source Project
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
+// DO NOT INCLUDE ANYTHING NEW IN THIS FILE.
-//
-// C/C++ logging functions. See the logging documentation for API details.
-//
-// We'd like these to be available from C code (in case we import some from
-// somewhere), so this has a C interface.
-//
-// The output will be correct when the log file is shared between multiple
-// threads and/or multiple processes so long as the operating system
-// supports O_APPEND. These calls have mutex-protected data structures
-// and so are NOT reentrant. Do not use LOG in a signal handler.
-//
-#ifndef _LIBS_UTILS_LOG_H
-#define _LIBS_UTILS_LOG_H
-
-#include <sys/types.h>
+// <log/log.h> has replaced this file and all changes should go there instead.
+// This path remains strictly to include that header as there are thousands of
+// references to <utils/Log.h> in the tree.
#include <log/log.h>
-
-#ifdef __cplusplus
-
-namespace android {
-
-/*
- * A very simple utility that yells in the log when an operation takes too long.
- */
-class LogIfSlow {
-public:
- LogIfSlow(const char* tag, android_LogPriority priority,
- int timeoutMillis, const char* message);
- ~LogIfSlow();
-
-private:
- const char* const mTag;
- const android_LogPriority mPriority;
- const int mTimeoutMillis;
- const char* const mMessage;
- const int64_t mStart;
-};
-
-/*
- * Writes the specified debug log message if this block takes longer than the
- * specified number of milliseconds to run. Includes the time actually taken.
- *
- * {
- * ALOGD_IF_SLOW(50, "Excessive delay doing something.");
- * doSomething();
- * }
- */
-#define ALOGD_IF_SLOW(timeoutMillis, message) \
- android::LogIfSlow _logIfSlow(LOG_TAG, ANDROID_LOG_DEBUG, timeoutMillis, message);
-
-} // namespace android
-
-#endif // __cplusplus
-
-#endif // _LIBS_UTILS_LOG_H