Merge "Add some basic docs for <android-base/logging.h>"
diff --git a/adb/adb.cpp b/adb/adb.cpp
index ece143c..577e9b9 100644
--- a/adb/adb.cpp
+++ b/adb/adb.cpp
@@ -1129,6 +1129,18 @@
return 0;
}
+#if ADB_HOST
+ if (!strcmp(service, "host-features")) {
+ FeatureSet features = supported_features();
+ // Abuse features to report libusb status.
+ if (should_use_libusb()) {
+ features.insert(kFeatureLibusb);
+ }
+ SendOkay(reply_fd, FeatureSetToString(features));
+ return 0;
+ }
+#endif
+
// remove TCP transport
if (!strncmp(service, "disconnect:", 11)) {
const std::string address(service + 11);
diff --git a/adb/adb.h b/adb/adb.h
index a30e297..aea5fb8 100644
--- a/adb/adb.h
+++ b/adb/adb.h
@@ -54,7 +54,7 @@
std::string adb_version();
// Increment this when we want to force users to start a new adb server.
-#define ADB_SERVER_VERSION 38
+#define ADB_SERVER_VERSION 39
class atransport;
diff --git a/adb/client/usb_dispatch.cpp b/adb/client/usb_dispatch.cpp
index f02dccf..bfc8e16 100644
--- a/adb/client/usb_dispatch.cpp
+++ b/adb/client/usb_dispatch.cpp
@@ -17,11 +17,6 @@
#include <android-base/logging.h>
#include "usb.h"
-static bool should_use_libusb() {
- static bool enable = getenv("ADB_LIBUSB") && strcmp(getenv("ADB_LIBUSB"), "1") == 0;
- return enable;
-}
-
void usb_init() {
if (should_use_libusb()) {
LOG(DEBUG) << "using libusb backend";
diff --git a/adb/commandline.cpp b/adb/commandline.cpp
index 3b2df2e..5a2206f 100644
--- a/adb/commandline.cpp
+++ b/adb/commandline.cpp
@@ -1929,8 +1929,7 @@
else if (!strcmp(argv[0], "--version") || !strcmp(argv[0], "version")) {
fprintf(stdout, "%s", adb_version().c_str());
return 0;
- }
- else if (!strcmp(argv[0], "features")) {
+ } else if (!strcmp(argv[0], "features")) {
// Only list the features common to both the adb client and the device.
FeatureSet features;
std::string error;
@@ -1945,6 +1944,8 @@
}
}
return 0;
+ } else if (!strcmp(argv[0], "host-features")) {
+ return adb_query_command("host:host-features");
} else if (!strcmp(argv[0], "reconnect")) {
if (argc == 1) {
return adb_query_command("host:reconnect");
diff --git a/adb/transport.cpp b/adb/transport.cpp
index 60f3b5c..c951f5b 100644
--- a/adb/transport.cpp
+++ b/adb/transport.cpp
@@ -51,6 +51,7 @@
const char* const kFeatureShell2 = "shell_v2";
const char* const kFeatureCmd = "cmd";
const char* const kFeatureStat2 = "stat_v2";
+const char* const kFeatureLibusb = "libusb";
static std::string dump_packet(const char* name, const char* func, apacket* p) {
unsigned command = p->msg.command;
diff --git a/adb/transport.h b/adb/transport.h
index 3306388..490e513 100644
--- a/adb/transport.h
+++ b/adb/transport.h
@@ -47,6 +47,8 @@
// The 'cmd' command is available
extern const char* const kFeatureCmd;
extern const char* const kFeatureStat2;
+// The server is running with libusb enabled.
+extern const char* const kFeatureLibusb;
class atransport {
public:
diff --git a/adb/transport_usb.cpp b/adb/transport_usb.cpp
index 3d6cc99..e16cf12 100644
--- a/adb/transport_usb.cpp
+++ b/adb/transport_usb.cpp
@@ -97,3 +97,12 @@
{
return (usb_class == ADB_CLASS && usb_subclass == ADB_SUBCLASS && usb_protocol == ADB_PROTOCOL);
}
+
+bool should_use_libusb() {
+#if defined(_WIN32) || !ADB_HOST
+ return false;
+#else
+ static bool enable = getenv("ADB_LIBUSB") && strcmp(getenv("ADB_LIBUSB"), "1") == 0;
+ return enable;
+#endif
+}
diff --git a/adb/usb.h b/adb/usb.h
index 879bacc..ba70de4 100644
--- a/adb/usb.h
+++ b/adb/usb.h
@@ -55,3 +55,5 @@
// USB device detection.
int is_adb_interface(int usb_class, int usb_subclass, int usb_protocol);
+
+bool should_use_libusb();
diff --git a/fs_mgr/Android.mk b/fs_mgr/Android.mk
index 6939428..f1a7ad6 100644
--- a/fs_mgr/Android.mk
+++ b/fs_mgr/Android.mk
@@ -25,7 +25,8 @@
fs_mgr_slotselect.cpp \
fs_mgr_verity.cpp \
fs_mgr_avb.cpp \
- fs_mgr_avb_ops.cpp
+ fs_mgr_avb_ops.cpp \
+ fs_mgr_boot_config.cpp
LOCAL_C_INCLUDES := \
$(LOCAL_PATH)/include \
system/vold \
diff --git a/fs_mgr/fs_mgr.cpp b/fs_mgr/fs_mgr.cpp
index 1768078..25c41b9 100644
--- a/fs_mgr/fs_mgr.cpp
+++ b/fs_mgr/fs_mgr.cpp
@@ -48,7 +48,6 @@
#include "fs_mgr_priv.h"
#include "fs_mgr_priv_avb.h"
-#include "fs_mgr_priv_verity.h"
#define KEY_LOC_PROP "ro.crypto.keyfile.userdata"
#define KEY_IN_FOOTER "footer"
@@ -661,6 +660,8 @@
}
}
+// TODO: add ueventd notifiers if they don't exist.
+// This is just doing a wait_for_device for maximum of 1s
int fs_mgr_test_access(const char *device) {
int tries = 25;
while (tries--) {
@@ -880,6 +881,24 @@
}
}
+/* wrapper to __mount() and expects a fully prepared fstab_rec,
+ * unlike fs_mgr_do_mount which does more things with avb / verity
+ * etc.
+ */
+int fs_mgr_do_mount_one(struct fstab_rec *rec)
+{
+ if (!rec) {
+ return FS_MGR_DOMNT_FAILED;
+ }
+
+ int ret = __mount(rec->blk_device, rec->mount_point, rec);
+ if (ret) {
+ ret = (errno == EBUSY) ? FS_MGR_DOMNT_BUSY : FS_MGR_DOMNT_FAILED;
+ }
+
+ return ret;
+}
+
/* If tmp_mount_point is non-null, mount the filesystem there. This is for the
* tmp mount we do to check the user password
* If multiple fstab entries are to be mounted on "n_name", it will try to mount each one
@@ -1171,22 +1190,3 @@
return 0;
}
-
-int fs_mgr_early_setup_verity(struct fstab_rec *fstab_rec)
-{
- if ((fstab_rec->fs_mgr_flags & MF_VERIFY) && device_is_secure()) {
- int rc = fs_mgr_setup_verity(fstab_rec, false);
- if (__android_log_is_debuggable() && rc == FS_MGR_SETUP_VERITY_DISABLED) {
- LINFO << "Verity disabled";
- return FS_MGR_EARLY_SETUP_VERITY_NO_VERITY;
- } else if (rc == FS_MGR_SETUP_VERITY_SUCCESS) {
- return FS_MGR_EARLY_SETUP_VERITY_SUCCESS;
- } else {
- return FS_MGR_EARLY_SETUP_VERITY_FAIL;
- }
- } else if (device_is_secure()) {
- LERROR << "Verity must be enabled for early mounted partitions on secured devices";
- return FS_MGR_EARLY_SETUP_VERITY_FAIL;
- }
- return FS_MGR_EARLY_SETUP_VERITY_NO_VERITY;
-}
diff --git a/fs_mgr/fs_mgr_avb.cpp b/fs_mgr/fs_mgr_avb.cpp
index 68efb00..2cb7e34 100644
--- a/fs_mgr/fs_mgr_avb.cpp
+++ b/fs_mgr/fs_mgr_avb.cpp
@@ -441,18 +441,23 @@
static bool init_is_avb_used() {
// When AVB is used, boot loader should set androidboot.vbmeta.{hash_alg,
- // size, digest} in kernel cmdline. They will then be imported by init
- // process to system properties: ro.boot.vbmeta.{hash_alg, size, digest}.
+ // size, digest} in kernel cmdline or in device tree. They will then be
+ // imported by init process to system properties: ro.boot.vbmeta.{hash_alg, size, digest}.
+ //
+ // In case of early mount, init properties are not initialized, so we also
+ // ensure we look into kernel command line and device tree if the property is
+ // not found
//
// Checks hash_alg as an indicator for whether AVB is used.
// We don't have to parse and check all of them here. The check will
// be done in fs_mgr_load_vbmeta_images() and FS_MGR_SETUP_AVB_FAIL will
// be returned when there is an error.
- std::string hash_alg = android::base::GetProperty("ro.boot.vbmeta.hash_alg", "");
-
- if (hash_alg == "sha256" || hash_alg == "sha512") {
- return true;
+ std::string hash_alg;
+ if (fs_mgr_get_boot_config("vbmeta.hash_alg", &hash_alg) == 0) {
+ if (hash_alg == "sha256" || hash_alg == "sha512") {
+ return true;
+ }
}
return false;
@@ -482,10 +487,11 @@
// Sets requested_partitions to nullptr as it's to copy the contents
// of HASH partitions into fs_mgr_avb_verify_data, which is not required as
// fs_mgr only deals with HASHTREE partitions.
- const char* requested_partitions[] = {nullptr};
- const char* ab_suffix = android::base::GetProperty("ro.boot.slot_suffix", "").c_str();
+ const char *requested_partitions[] = {nullptr};
+ std::string ab_suffix;
+ fs_mgr_get_boot_config("slot_suffix", &ab_suffix);
AvbSlotVerifyResult verify_result =
- avb_slot_verify(fs_mgr_avb_ops, requested_partitions, ab_suffix,
+ avb_slot_verify(fs_mgr_avb_ops, requested_partitions, ab_suffix.c_str(),
fs_mgr_vbmeta_prop.allow_verification_error, &fs_mgr_avb_verify_data);
// Only allow two verify results:
diff --git a/fs_mgr/fs_mgr_boot_config.cpp b/fs_mgr/fs_mgr_boot_config.cpp
new file mode 100644
index 0000000..ae442cf
--- /dev/null
+++ b/fs_mgr/fs_mgr_boot_config.cpp
@@ -0,0 +1,71 @@
+/*
+ * Copyright (C) 2017 The Android Open Source Project
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+#include <android-base/file.h>
+#include <android-base/stringprintf.h>
+#include <android-base/strings.h>
+#include <android-base/properties.h>
+
+#include "fs_mgr_priv.h"
+
+// Tries to get the boot config value in properties, kernel cmdline and
+// device tree (in that order). returns 'true' if successfully found, 'false'
+// otherwise
+bool fs_mgr_get_boot_config(const std::string& key, std::string* out_val) {
+ FS_MGR_CHECK(out_val != nullptr);
+
+ // first check if we have "ro.boot" property already
+ *out_val = android::base::GetProperty("ro.boot." + key, "");
+ if (!out_val->empty()) {
+ return true;
+ }
+
+ // fallback to kernel cmdline, properties may not be ready yet
+ std::string cmdline;
+ std::string cmdline_key("androidboot." + key);
+ if (android::base::ReadFileToString("/proc/cmdline", &cmdline)) {
+ for (const auto& entry : android::base::Split(android::base::Trim(cmdline), " ")) {
+ std::vector<std::string> pieces = android::base::Split(entry, "=");
+ if (pieces.size() == 2) {
+ if (pieces[0] == cmdline_key) {
+ *out_val = pieces[1];
+ return true;
+ }
+ }
+ }
+ }
+
+ // lastly, check the device tree
+ static const std::string android_dt_dir("/proc/device-tree/firmware/android");
+ std::string file_name = android_dt_dir + "/compatible";
+ std::string dt_value;
+ if (android::base::ReadFileToString(file_name, &dt_value)) {
+ if (dt_value != "android,firmware") {
+ LERROR << "Error finding compatible android DT node";
+ return false;
+ }
+
+ file_name = android_dt_dir + "/" + key;
+ // DT entries terminate with '\0' but so do the properties
+ if (android::base::ReadFileToString(file_name, out_val)) {
+ return true;
+ }
+
+ LERROR << "Error finding '" << key << "' in device tree";
+ }
+
+ return false;
+}
diff --git a/fs_mgr/fs_mgr_fstab.cpp b/fs_mgr/fs_mgr_fstab.cpp
index 48ddf29..10e70d6 100644
--- a/fs_mgr/fs_mgr_fstab.cpp
+++ b/fs_mgr/fs_mgr_fstab.cpp
@@ -557,6 +557,11 @@
return fstab->fs_mgr_flags & MF_VERIFY;
}
+int fs_mgr_is_verifyatboot(const struct fstab_rec *fstab)
+{
+ return fstab->fs_mgr_flags & MF_VERIFYATBOOT;
+}
+
int fs_mgr_is_encryptable(const struct fstab_rec *fstab)
{
return fstab->fs_mgr_flags & (MF_CRYPT | MF_FORCECRYPT | MF_FORCEFDEORFBE);
diff --git a/fs_mgr/fs_mgr_priv.h b/fs_mgr/fs_mgr_priv.h
index 79c27c4..478c145 100644
--- a/fs_mgr/fs_mgr_priv.h
+++ b/fs_mgr/fs_mgr_priv.h
@@ -19,6 +19,7 @@
#include <android-base/logging.h>
#include <fs_mgr.h>
+#include "fs_mgr_priv_boot_config.h"
/* The CHECK() in logging.h will use program invocation name as the tag.
* Thus, the log will have prefix "init: " when libfs_mgr is statically
diff --git a/fs_mgr/fs_mgr_priv_verity.h b/fs_mgr/fs_mgr_priv_boot_config.h
similarity index 68%
rename from fs_mgr/fs_mgr_priv_verity.h
rename to fs_mgr/fs_mgr_priv_boot_config.h
index 1a6d215..74bb5eb 100644
--- a/fs_mgr/fs_mgr_priv_verity.h
+++ b/fs_mgr/fs_mgr_priv_boot_config.h
@@ -1,5 +1,5 @@
/*
- * Copyright (C) 2013 The Android Open Source Project
+ * Copyright (C) 2017 The Android Open Source Project
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
@@ -14,14 +14,12 @@
* limitations under the License.
*/
+#ifndef __CORE_FS_MGR_PRIV_BOOTCONFIG_H
+#define __CORE_FS_MGR_PRIV_BOOTCONFIG_H
+
#include <sys/cdefs.h>
+#include <string>
-#define FS_MGR_SETUP_VERITY_DISABLED (-2)
-#define FS_MGR_SETUP_VERITY_FAIL (-1)
-#define FS_MGR_SETUP_VERITY_SUCCESS 0
+bool fs_mgr_get_boot_config(const std::string& key, std::string* out_val);
-__BEGIN_DECLS
-
-int fs_mgr_setup_verity(struct fstab_rec *fstab, bool verify_dev);
-
-__END_DECLS
+#endif /* __CORE_FS_MGR_PRIV_BOOTCONFIG_H */
diff --git a/fs_mgr/fs_mgr_slotselect.cpp b/fs_mgr/fs_mgr_slotselect.cpp
index b30417f..f3bba7b 100644
--- a/fs_mgr/fs_mgr_slotselect.cpp
+++ b/fs_mgr/fs_mgr_slotselect.cpp
@@ -14,118 +14,31 @@
* limitations under the License.
*/
-#include <fcntl.h>
-#include <sys/types.h>
-#include <sys/stat.h>
-#include <unistd.h>
-
-#include <ctype.h>
-#include <errno.h>
#include <stdio.h>
-#include <stdlib.h>
-#include <string.h>
-
-#include <android-base/file.h>
-#include <android-base/stringprintf.h>
-#include <android-base/strings.h>
-#include <cutils/properties.h>
#include "fs_mgr.h"
#include "fs_mgr_priv.h"
-// finds slot_suffix in androidboot.slot_suffix kernel command line argument
-// or in the device tree node at /firmware/android/slot_suffix property
-static int get_active_slot_suffix_from_kernel(char *out_suffix,
- size_t suffix_len)
-{
- std::string cmdline;
- if (android::base::ReadFileToString("/proc/cmdline", &cmdline)) {
- for (const auto& entry : android::base::Split(android::base::Trim(cmdline), " ")) {
- std::vector<std::string> pieces = android::base::Split(entry, "=");
- if (pieces.size() == 2) {
- if (pieces[0] == "androidboot.slot_suffix") {
- strncpy(out_suffix, pieces[1].c_str(), suffix_len);
- return 0;
- }
- }
- }
- }
-
- // if we can't find slot_suffix in cmdline, check the DT
- static constexpr char android_dt_dir[] = "/proc/device-tree/firmware/android";
- std::string file_name = android::base::StringPrintf("%s/compatible", android_dt_dir);
- std::string dt_value;
- if (android::base::ReadFileToString(file_name, &dt_value)) {
- if (!dt_value.compare("android,firmware")) {
- LERROR << "Error finding compatible android DT node";
- return -1;
- }
-
- file_name = android::base::StringPrintf("%s/%s", android_dt_dir, "slot_suffix");
- if (!android::base::ReadFileToString(file_name, &dt_value)) {
- LERROR << "Error finding slot_suffix in device tree";
- return -1;
- }
-
- // DT entries have a terminating '\0', so 'suffix_len' is safe.
- strncpy(out_suffix, dt_value.c_str(), suffix_len);
- return 0;
- }
-
- // slot_suffix missing in kernel cmdline or device tree
- return -1;
-}
-
-// Gets slot_suffix from either the kernel cmdline / device tree. Sets
-// |out_suffix| on success and returns 0. Returns -1 if slot_suffix could not
-// be determined.
-static int get_active_slot_suffix(char *out_suffix, size_t suffix_len)
-{
- char propbuf[PROPERTY_VALUE_MAX];
-
- // Get the suffix from the kernel commandline (note that we don't
- // allow the empty suffix). On bootloaders natively supporting A/B
- // we'll hit this path every time so don't bother logging it.
- property_get("ro.boot.slot_suffix", propbuf, "");
- if (propbuf[0] != '\0') {
- strncpy(out_suffix, propbuf, suffix_len);
- return 0;
- }
-
- // if the property is not set, we are probably being invoked early during
- // boot. Try to find the slotsuffix ourselves in the kernel command line
- // or the device tree
- if (get_active_slot_suffix_from_kernel(out_suffix, suffix_len) == 0) {
- LINFO << "Using slot suffix '" << out_suffix << "' from kernel";
- return 0;
- }
-
- LERROR << "Error determining slot_suffix";
-
- return -1;
-}
-
// Updates |fstab| for slot_suffix. Returns 0 on success, -1 on error.
int fs_mgr_update_for_slotselect(struct fstab *fstab)
{
int n;
- char suffix[PROPERTY_VALUE_MAX];
int got_suffix = 0;
+ std::string suffix;
for (n = 0; n < fstab->num_entries; n++) {
if (fstab->recs[n].fs_mgr_flags & MF_SLOTSELECT) {
char *tmp;
if (!got_suffix) {
- memset(suffix, '\0', sizeof(suffix));
- if (get_active_slot_suffix(suffix, sizeof(suffix) - 1) != 0) {
+ if (!fs_mgr_get_boot_config("slot_suffix", &suffix)) {
return -1;
}
got_suffix = 1;
}
if (asprintf(&tmp, "%s%s", fstab->recs[n].blk_device,
- suffix) > 0) {
+ suffix.c_str()) > 0) {
free(fstab->recs[n].blk_device);
fstab->recs[n].blk_device = tmp;
} else {
diff --git a/fs_mgr/fs_mgr_verity.cpp b/fs_mgr/fs_mgr_verity.cpp
index 1ec4540..2c9b0a9 100644
--- a/fs_mgr/fs_mgr_verity.cpp
+++ b/fs_mgr/fs_mgr_verity.cpp
@@ -45,7 +45,6 @@
#include "fs_mgr.h"
#include "fs_mgr_priv.h"
#include "fs_mgr_priv_dm_ioctl.h"
-#include "fs_mgr_priv_verity.h"
#define FSTAB_PREFIX "/fstab."
@@ -658,7 +657,6 @@
static int load_verity_state(struct fstab_rec *fstab, int *mode)
{
- char propbuf[PROPERTY_VALUE_MAX];
int match = 0;
off64_t offset = 0;
@@ -666,10 +664,9 @@
*mode = VERITY_MODE_EIO;
/* use the kernel parameter if set */
- property_get("ro.boot.veritymode", propbuf, "");
-
- if (*propbuf != '\0') {
- if (!strcmp(propbuf, "enforcing")) {
+ std::string veritymode;
+ if (fs_mgr_get_boot_config("veritymode", &veritymode)) {
+ if (veritymode.compare("enforcing")) {
*mode = VERITY_MODE_DEFAULT;
}
return 0;
@@ -859,7 +856,10 @@
*table = strdup(result.c_str());
}
-int fs_mgr_setup_verity(struct fstab_rec *fstab, bool verify_dev)
+// prepares the verity enabled (MF_VERIFY / MF_VERIFYATBOOT) fstab record for
+// mount. The 'wait_for_verity_dev' parameter makes this function wait for the
+// verity device to get created before return
+int fs_mgr_setup_verity(struct fstab_rec *fstab, bool wait_for_verity_dev)
{
int retval = FS_MGR_SETUP_VERITY_FAIL;
int fd = -1;
@@ -1026,7 +1026,7 @@
}
// make sure we've set everything up properly
- if (verify_dev && fs_mgr_test_access(fstab->blk_device) < 0) {
+ if (wait_for_verity_dev && fs_mgr_test_access(fstab->blk_device) < 0) {
goto out;
}
diff --git a/fs_mgr/include/fs_mgr.h b/fs_mgr/include/fs_mgr.h
index a9deed9..0402b55 100644
--- a/fs_mgr/include/fs_mgr.h
+++ b/fs_mgr/include/fs_mgr.h
@@ -103,6 +103,7 @@
int fs_mgr_do_mount(struct fstab *fstab, const char *n_name, char *n_blk_device,
char *tmp_mount_point);
+int fs_mgr_do_mount_one(struct fstab_rec *rec);
int fs_mgr_do_tmpfs_mount(char *n_name);
int fs_mgr_unmount_all(struct fstab *fstab);
int fs_mgr_get_crypt_info(struct fstab *fstab, char *key_loc,
@@ -116,6 +117,7 @@
int fs_mgr_is_voldmanaged(const struct fstab_rec *fstab);
int fs_mgr_is_nonremovable(const struct fstab_rec *fstab);
int fs_mgr_is_verified(const struct fstab_rec *fstab);
+int fs_mgr_is_verifyatboot(const struct fstab_rec *fstab);
int fs_mgr_is_encryptable(const struct fstab_rec *fstab);
int fs_mgr_is_file_encrypted(const struct fstab_rec *fstab);
const char* fs_mgr_get_file_encryption_mode(const struct fstab_rec *fstab);
@@ -131,10 +133,10 @@
int fs_mgr_do_format(struct fstab_rec *fstab, bool reserve_footer);
-#define FS_MGR_EARLY_SETUP_VERITY_NO_VERITY -2
-#define FS_MGR_EARLY_SETUP_VERITY_FAIL -1
-#define FS_MGR_EARLY_SETUP_VERITY_SUCCESS 0
-int fs_mgr_early_setup_verity(struct fstab_rec *fstab);
+#define FS_MGR_SETUP_VERITY_DISABLED (-2)
+#define FS_MGR_SETUP_VERITY_FAIL (-1)
+#define FS_MGR_SETUP_VERITY_SUCCESS 0
+int fs_mgr_setup_verity(struct fstab_rec *fstab, bool wait_for_verity_dev);
#ifdef __cplusplus
}
diff --git a/init/Android.mk b/init/Android.mk
index a10a714..18cbedc 100644
--- a/init/Android.mk
+++ b/init/Android.mk
@@ -123,6 +123,7 @@
LOCAL_MODULE := init_tests
LOCAL_SRC_FILES := \
init_parser_test.cpp \
+ property_service_test.cpp \
util_test.cpp \
LOCAL_SHARED_LIBRARIES += \
diff --git a/init/devices.cpp b/init/devices.cpp
index b3b808b..5f54ff8 100644
--- a/init/devices.cpp
+++ b/init/devices.cpp
@@ -999,15 +999,20 @@
}
void device_init(const char* path, coldboot_callback fn) {
- sehandle = selinux_android_file_context_handle();
- selinux_status_open(true);
-
- /* is 256K enough? udev uses 16MB! */
- device_fd.reset(uevent_open_socket(256*1024, true));
- if (device_fd == -1) {
- return;
+ if (!sehandle) {
+ sehandle = selinux_android_file_context_handle();
}
- fcntl(device_fd, F_SETFL, O_NONBLOCK);
+ // open uevent socket and selinux status only if it hasn't been
+ // done before
+ if (device_fd == -1) {
+ /* is 256K enough? udev uses 16MB! */
+ device_fd.reset(uevent_open_socket(256 * 1024, true));
+ if (device_fd == -1) {
+ return;
+ }
+ fcntl(device_fd, F_SETFL, O_NONBLOCK);
+ selinux_status_open(true);
+ }
if (access(COLDBOOT_DONE, F_OK) == 0) {
LOG(VERBOSE) << "Skipping coldboot, already done!";
@@ -1040,6 +1045,7 @@
void device_close() {
destroy_platform_devices();
device_fd.reset();
+ selinux_status_close();
}
int get_device_fd() {
diff --git a/init/init.cpp b/init/init.cpp
index 7f7eb2f..05f2cfd 100644
--- a/init/init.cpp
+++ b/init/init.cpp
@@ -736,6 +736,38 @@
return fstab;
}
+static bool early_mount_one(struct fstab_rec* rec) {
+ if (rec && fs_mgr_is_verified(rec)) {
+ // setup verity and create the dm-XX block device
+ // needed to mount this partition
+ int ret = fs_mgr_setup_verity(rec, false);
+ if (ret == FS_MGR_SETUP_VERITY_FAIL) {
+ PLOG(ERROR) << "early_mount: Failed to setup verity for '" << rec->mount_point << "'";
+ return false;
+ }
+
+ // The exact block device name is added as a mount source by
+ // fs_mgr_setup_verity() in ->blk_device as "/dev/block/dm-XX"
+ // We create that device by running coldboot on /sys/block/dm-XX
+ std::string dm_device(basename(rec->blk_device));
+ std::string syspath = StringPrintf("/sys/block/%s", dm_device.c_str());
+ device_init(syspath.c_str(), [&](uevent* uevent) -> coldboot_action_t {
+ if (uevent->device_name && !strcmp(dm_device.c_str(), uevent->device_name)) {
+ LOG(VERBOSE) << "early_mount: creating dm-verity device : " << dm_device;
+ return COLDBOOT_STOP;
+ }
+ return COLDBOOT_CONTINUE;
+ });
+ }
+
+ if (rec && fs_mgr_do_mount_one(rec)) {
+ PLOG(ERROR) << "early_mount: Failed to mount '" << rec->mount_point << "'";
+ return false;
+ }
+
+ return true;
+}
+
/* Early mount vendor and ODM partitions. The fstab is read from device-tree. */
static bool early_mount() {
std::string fstab = import_dt_fstab();
@@ -759,6 +791,8 @@
}
// find out fstab records for odm, system and vendor
+ // TODO: add std::map<std::string, fstab_rec*> so all required information about
+ // them can be gathered at once in a single loop
fstab_rec* odm_rec = fs_mgr_get_entry_for_mount_point(tab.get(), "/odm");
fstab_rec* system_rec = fs_mgr_get_entry_for_mount_point(tab.get(), "/system");
fstab_rec* vendor_rec = fs_mgr_get_entry_for_mount_point(tab.get(), "/vendor");
@@ -767,13 +801,41 @@
return true;
}
+ // don't allow verifyatboot for early mounted partitions
+ if ((odm_rec && fs_mgr_is_verifyatboot(odm_rec)) ||
+ (system_rec && fs_mgr_is_verifyatboot(system_rec)) ||
+ (vendor_rec && fs_mgr_is_verifyatboot(vendor_rec))) {
+ LOG(ERROR) << "Early mount partitions can't be verified at boot";
+ return false;
+ }
+
// assume A/B device if we find 'slotselect' in any fstab entry
bool is_ab = ((odm_rec && fs_mgr_is_slotselect(odm_rec)) ||
(system_rec && fs_mgr_is_slotselect(system_rec)) ||
(vendor_rec && fs_mgr_is_slotselect(vendor_rec)));
+
+ // check for verified partitions
+ bool need_verity = ((odm_rec && fs_mgr_is_verified(odm_rec)) ||
+ (system_rec && fs_mgr_is_verified(system_rec)) ||
+ (vendor_rec && fs_mgr_is_verified(vendor_rec)));
+
+ // check if verity metadata is on a separate partition and get partition
+ // name from the end of the ->verity_loc path. verity state is not partition
+ // specific, so there must be only 1 additional partition that carries
+ // verity state.
+ std::string meta_partition;
+ if (odm_rec && odm_rec->verity_loc) {
+ meta_partition = basename(odm_rec->verity_loc);
+ } else if (system_rec && system_rec->verity_loc) {
+ meta_partition = basename(system_rec->verity_loc);
+ } else if (vendor_rec && vendor_rec->verity_loc) {
+ meta_partition = basename(vendor_rec->verity_loc);
+ }
+
bool found_odm = !odm_rec;
bool found_system = !system_rec;
bool found_vendor = !vendor_rec;
+ bool found_meta = meta_partition.empty();
int count_odm = 0, count_vendor = 0, count_system = 0;
// create the devices we need..
@@ -802,9 +864,7 @@
// wait twice for A/B-ed partitions
count_odm++;
- if (!is_ab) {
- found_odm = true;
- } else if (count_odm == 2) {
+ if (!is_ab || count_odm == 2) {
found_odm = true;
}
@@ -813,9 +873,7 @@
LOG(VERBOSE) << "early_mount: found (" << uevent->partition_name << ") partition";
count_system++;
- if (!is_ab) {
- found_system = true;
- } else if (count_system == 2) {
+ if (!is_ab || count_system == 2) {
found_system = true;
}
@@ -823,13 +881,15 @@
} else if (!found_vendor && !strncmp(uevent->partition_name, "vendor", 6)) {
LOG(VERBOSE) << "early_mount: found (" << uevent->partition_name << ") partition";
count_vendor++;
- if (!is_ab) {
- found_vendor = true;
- } else if (count_vendor == 2) {
+ if (!is_ab || count_vendor == 2) {
found_vendor = true;
}
create_this_node = true;
+ } else if (!found_meta && (meta_partition == uevent->partition_name)) {
+ LOG(VERBOSE) << "early_mount: found (" << uevent->partition_name << ") partition";
+ found_meta = true;
+ create_this_node = true;
}
}
@@ -837,7 +897,7 @@
// node and stop coldboot. If this is a prefix matched
// partition, create device node and continue. For everything
// else skip the device node
- if (found_odm && found_system && found_vendor) {
+ if (found_meta && found_odm && found_system && found_vendor) {
ret = COLDBOOT_STOP;
} else if (create_this_node) {
ret = COLDBOOT_CREATE;
@@ -848,24 +908,20 @@
return ret;
});
- // TODO: add support to mount partitions w/ verity
-
- int ret = 0;
- if (odm_rec &&
- (ret = fs_mgr_do_mount(tab.get(), odm_rec->mount_point, odm_rec->blk_device, NULL))) {
- PLOG(ERROR) << "early_mount: fs_mgr_do_mount returned error for mounting odm";
- return false;
+ if (need_verity) {
+ // create /dev/device mapper
+ device_init("/sys/devices/virtual/misc/device-mapper",
+ [&](uevent* uevent) -> coldboot_action_t { return COLDBOOT_STOP; });
}
- if (vendor_rec &&
- (ret = fs_mgr_do_mount(tab.get(), vendor_rec->mount_point, vendor_rec->blk_device, NULL))) {
- PLOG(ERROR) << "early_mount: fs_mgr_do_mount returned error for mounting vendor";
- return false;
- }
+ bool success = true;
+ if (odm_rec && !(success = early_mount_one(odm_rec))) goto done;
+ if (system_rec && !(success = early_mount_one(system_rec))) goto done;
+ if (vendor_rec && !(success = early_mount_one(vendor_rec))) goto done;
+done:
device_close();
-
- return true;
+ return success;
}
int main(int argc, char** argv) {
diff --git a/init/property_service.cpp b/init/property_service.cpp
index ce197ee..04bcb18 100644
--- a/init/property_service.cpp
+++ b/init/property_service.cpp
@@ -245,6 +245,13 @@
return true;
}
+ // http://b/35166374: don't allow init to make arbitrarily large allocations.
+ if (len > 0xffff) {
+ LOG(ERROR) << "sys_prop: RecvString asked to read huge string: " << len;
+ errno = ENOMEM;
+ return false;
+ }
+
std::vector<char> chars(len);
if (!RecvChars(&chars[0], len, timeout_ms)) {
return false;
@@ -386,12 +393,11 @@
return;
}
- /* Check socket options here */
struct ucred cr;
socklen_t cr_size = sizeof(cr);
if (getsockopt(s, SOL_SOCKET, SO_PEERCRED, &cr, &cr_size) < 0) {
close(s);
- PLOG(ERROR) << "Unable to receive socket options";
+ PLOG(ERROR) << "sys_prop: unable to get SO_PEERCRED";
return;
}
@@ -399,14 +405,13 @@
uint32_t timeout_ms = kDefaultSocketTimeout;
uint32_t cmd = 0;
-
if (!socket.RecvUint32(&cmd, &timeout_ms)) {
PLOG(ERROR) << "sys_prop: error while reading command from the socket";
socket.SendUint32(PROP_ERROR_READ_CMD);
return;
}
- switch(cmd) {
+ switch (cmd) {
case PROP_MSG_SETPROP: {
char prop_name[PROP_NAME_MAX];
char prop_value[PROP_VALUE_MAX];
@@ -437,7 +442,9 @@
handle_property_set(socket, name, value, false);
break;
}
+
default:
+ LOG(ERROR) << "sys_prop: invalid command " << cmd;
socket.SendUint32(PROP_ERROR_INVALID_CMD);
break;
}
diff --git a/init/property_service_test.cpp b/init/property_service_test.cpp
new file mode 100644
index 0000000..4d784aa
--- /dev/null
+++ b/init/property_service_test.cpp
@@ -0,0 +1,48 @@
+/*
+ * Copyright (C) 2017 The Android Open Source Project
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+#include <errno.h>
+#include <sys/socket.h>
+#include <sys/un.h>
+
+#define _REALLY_INCLUDE_SYS__SYSTEM_PROPERTIES_H_
+#include <sys/_system_properties.h>
+
+#include <gtest/gtest.h>
+
+TEST(property_service, very_long_name_35166374) {
+ // Connect to the property service directly...
+ int fd = socket(AF_LOCAL, SOCK_STREAM | SOCK_CLOEXEC, 0);
+ ASSERT_NE(fd, -1);
+
+ static const char* property_service_socket = "/dev/socket/" PROP_SERVICE_NAME;
+ sockaddr_un addr = {};
+ addr.sun_family = AF_LOCAL;
+ strlcpy(addr.sun_path, property_service_socket, sizeof(addr.sun_path));
+
+ socklen_t addr_len = strlen(property_service_socket) + offsetof(sockaddr_un, sun_path) + 1;
+ ASSERT_NE(connect(fd, reinterpret_cast<sockaddr*>(&addr), addr_len), -1);
+
+ // ...so we can send it a malformed request.
+ uint32_t msg = PROP_MSG_SETPROP2;
+ uint32_t size = 0xffffffff;
+ uint32_t data = 0xdeadbeef;
+
+ ASSERT_EQ(static_cast<ssize_t>(sizeof(msg)), send(fd, &msg, sizeof(msg), 0));
+ ASSERT_EQ(static_cast<ssize_t>(sizeof(size)), send(fd, &size, sizeof(size), 0));
+ ASSERT_EQ(static_cast<ssize_t>(sizeof(data)), send(fd, &data, sizeof(data), 0));
+ ASSERT_EQ(0, close(fd));
+}
diff --git a/liblog/logprint.c b/liblog/logprint.c
index e61850d..af52528 100644
--- a/liblog/logprint.c
+++ b/liblog/logprint.c
@@ -625,14 +625,14 @@
}
static bool findChar(const char** cp, size_t* len, int c) {
- while (*len && isspace(**cp)) {
- ++*cp;
- --*len;
+ while ((*len) && isspace(*(*cp))) {
+ ++(*cp);
+ --(*len);
}
if (c == INT_MAX) return *len;
- if (*len && (**cp == c)) {
- ++*cp;
- --*len;
+ if ((*len) && (*(*cp) == c)) {
+ ++(*cp);
+ --(*len);
return true;
}
return false;
@@ -991,7 +991,7 @@
LIBLOG_ABI_PUBLIC int android_log_processBinaryLogBuffer(
struct logger_entry *buf,
AndroidLogEntry *entry,
- const EventTagMap *map __unused,
+ const EventTagMap *map __unused, // only on !__ANDROID__
char *messageBuf, int messageBufLen)
{
size_t inCount;
diff --git a/libutils/include/utils/Condition.h b/libutils/include/utils/Condition.h
index 25a53aa..2c80acd 100644
--- a/libutils/include/utils/Condition.h
+++ b/libutils/include/utils/Condition.h
@@ -86,19 +86,22 @@
#if !defined(_WIN32)
-inline Condition::Condition() {
- pthread_cond_init(&mCond, NULL);
+inline Condition::Condition() : Condition(PRIVATE) {
}
inline Condition::Condition(int type) {
+ pthread_condattr_t attr;
+ pthread_condattr_init(&attr);
+#if defined(__linux__)
+ pthread_condattr_setclock(&attr, CLOCK_MONOTONIC);
+#endif
+
if (type == SHARED) {
- pthread_condattr_t attr;
- pthread_condattr_init(&attr);
pthread_condattr_setpshared(&attr, PTHREAD_PROCESS_SHARED);
- pthread_cond_init(&mCond, &attr);
- pthread_condattr_destroy(&attr);
- } else {
- pthread_cond_init(&mCond, NULL);
}
+
+ pthread_cond_init(&mCond, &attr);
+ pthread_condattr_destroy(&attr);
+
}
inline Condition::~Condition() {
pthread_cond_destroy(&mCond);
@@ -109,7 +112,7 @@
inline status_t Condition::waitRelative(Mutex& mutex, nsecs_t reltime) {
struct timespec ts;
#if defined(__linux__)
- clock_gettime(CLOCK_REALTIME, &ts);
+ clock_gettime(CLOCK_MONOTONIC, &ts);
#else // __APPLE__
// Apple doesn't support POSIX clocks.
struct timeval t;
diff --git a/logd/CommandListener.cpp b/logd/CommandListener.cpp
index 74e0ea5..6ad7351 100644
--- a/logd/CommandListener.cpp
+++ b/logd/CommandListener.cpp
@@ -301,6 +301,7 @@
const char *name = NULL;
const char *format = NULL;
+ const char *id = NULL;
for (int i = 1; i < argc; ++i) {
static const char _name[] = "name=";
if (!strncmp(argv[i], _name, strlen(_name))) {
@@ -313,6 +314,21 @@
format = argv[i] + strlen(_format);
continue;
}
+
+ static const char _id[] = "id=";
+ if (!strncmp(argv[i], _id, strlen(_id))) {
+ id = argv[i] + strlen(_id);
+ continue;
+ }
+ }
+
+ if (id) {
+ if (format || name) {
+ cli->sendMsg("can not mix id= with either format= or name=");
+ return 0;
+ }
+ cli->sendMsg(package_string(mBuf.formatEntry(atoi(id), uid)).c_str());
+ return 0;
}
cli->sendMsg(package_string(mBuf.formatGetEventTag(uid,
diff --git a/logd/LogBuffer.h b/logd/LogBuffer.h
index da63e12..9feef32 100644
--- a/logd/LogBuffer.h
+++ b/logd/LogBuffer.h
@@ -140,6 +140,9 @@
const char *name, const char *format) {
return tags.formatGetEventTag(uid, name, format);
}
+ std::string formatEntry(uint32_t tag, uid_t uid) {
+ return tags.formatEntry(tag, uid);
+ }
const char *tagToName(uint32_t tag) { return tags.tagToName(tag); }
// helper must be protected directly or implicitly by lock()/unlock()
diff --git a/logd/LogTags.cpp b/logd/LogTags.cpp
index a109592..64aa219 100644
--- a/logd/LogTags.cpp
+++ b/logd/LogTags.cpp
@@ -836,6 +836,11 @@
return ret;
}
+std::string LogTags::formatEntry(uint32_t tag, uid_t uid) {
+ android::RWLock::AutoRLock readLock(rwlock);
+ return formatEntry_locked(tag, uid);
+}
+
std::string LogTags::formatGetEventTag(uid_t uid,
const char* name, const char* format) {
bool all = name && (name[0] == '*') && !name[1];
diff --git a/logd/LogTags.h b/logd/LogTags.h
index 37a6d96..4457c46 100644
--- a/logd/LogTags.h
+++ b/logd/LogTags.h
@@ -106,6 +106,7 @@
// reverse lookup from tag
const char* tagToName(uint32_t tag) const;
const char* tagToFormat(uint32_t tag) const;
+ std::string formatEntry(uint32_t tag, uid_t uid);
// find associated tag
uint32_t nameToTag(const char* name) const;
diff --git a/logd/tests/logd_test.cpp b/logd/tests/logd_test.cpp
index adf583b..8a35059 100644
--- a/logd/tests/logd_test.cpp
+++ b/logd/tests/logd_test.cpp
@@ -836,6 +836,23 @@
#endif
}
+TEST(logd, getEventTag_42) {
+#ifdef __ANDROID__
+ char buffer[256];
+ memset(buffer, 0, sizeof(buffer));
+ snprintf(buffer, sizeof(buffer), "getEventTag id=42");
+ send_to_control(buffer, sizeof(buffer));
+ buffer[sizeof(buffer) - 1] = '\0';
+ char *cp;
+ long ret = strtol(buffer, &cp, 10);
+ EXPECT_GT(ret, 16);
+ EXPECT_TRUE(strstr(buffer, "\t(to life the universe etc|3)") != NULL);
+ EXPECT_TRUE(strstr(buffer, "answer") != NULL);
+#else
+ GTEST_LOG_(INFO) << "This test does nothing.\n";
+#endif
+}
+
TEST(logd, getEventTag_newentry) {
#ifdef __ANDROID__
char buffer[256];