resolve merge conflicts of e3083de to nyc-mr1-dev-plus-aosp
am: 485c647432
Change-Id: I71812e3469303c927fa48f8d23d866c0d5e819c5
diff --git a/debuggerd/tombstone.cpp b/debuggerd/tombstone.cpp
index 1e47483..b9fbe07 100644
--- a/debuggerd/tombstone.cpp
+++ b/debuggerd/tombstone.cpp
@@ -571,7 +571,7 @@
if (log_entry.id() == LOG_ID_EVENTS) {
if (!g_eventTagMap) {
- g_eventTagMap = android_openEventTagMap(EVENT_TAG_MAP_FILE);
+ g_eventTagMap = android_openEventTagMap(NULL);
}
AndroidLogEntry e;
char buf[512];
diff --git a/fs_mgr/fs_mgr_fstab.c b/fs_mgr/fs_mgr_fstab.c
index 90c7435..f25d10c 100644
--- a/fs_mgr/fs_mgr_fstab.c
+++ b/fs_mgr/fs_mgr_fstab.c
@@ -75,6 +75,7 @@
{ "swapprio=", MF_SWAPPRIO },
{ "zramsize=", MF_ZRAMSIZE },
{ "max_comp_streams=", MF_MAX_COMP_STREAMS },
+ { "verifyatboot", MF_VERIFYATBOOT },
{ "verify", MF_VERIFY },
{ "noemulatedsd", MF_NOEMULATEDSD },
{ "notrim", MF_NOTRIM },
diff --git a/fs_mgr/fs_mgr_priv.h b/fs_mgr/fs_mgr_priv.h
index 23c97e4..4632521 100644
--- a/fs_mgr/fs_mgr_priv.h
+++ b/fs_mgr/fs_mgr_priv.h
@@ -85,6 +85,7 @@
#define MF_FORCEFDEORFBE 0x10000
#define MF_LATEMOUNT 0x20000
#define MF_NOFAIL 0x40000
+#define MF_VERIFYATBOOT 0x80000
#define MF_MAX_COMP_STREAMS 0x100000
#define MF_RESERVEDSIZE 0x200000
diff --git a/fs_mgr/fs_mgr_verity.cpp b/fs_mgr/fs_mgr_verity.cpp
index 031b042..bb61b93 100644
--- a/fs_mgr/fs_mgr_verity.cpp
+++ b/fs_mgr/fs_mgr_verity.cpp
@@ -32,6 +32,7 @@
#include <android-base/file.h>
#include <android-base/strings.h>
#include <crypto_utils/android_pubkey.h>
+#include <android-base/unique_fd.h>
#include <cutils/properties.h>
#include <logwrap/logwrap.h>
#include <openssl/obj_mac.h>
@@ -73,6 +74,8 @@
#define VERITY_KMSG_RESTART "dm-verity device corrupted"
#define VERITY_KMSG_BUFSIZE 1024
+#define READ_BUF_SIZE 4096
+
#define __STRINGIFY(x) #x
#define STRINGIFY(x) __STRINGIFY(x)
@@ -205,6 +208,16 @@
return 0;
}
+static int destroy_verity_device(struct dm_ioctl *io, char *name, int fd)
+{
+ verity_ioctl_init(io, name, 0);
+ if (ioctl(fd, DM_DEV_REMOVE, io)) {
+ ERROR("Error removing device mapping (%s)", strerror(errno));
+ return -1;
+ }
+ return 0;
+}
+
static int get_verity_device_name(struct dm_ioctl *io, char *name, int fd, char **dev_name)
{
verity_ioctl_init(io, name, 0);
@@ -606,6 +619,30 @@
return rc;
}
+static int read_partition(const char *path, uint64_t size)
+{
+ char buf[READ_BUF_SIZE];
+ ssize_t size_read;
+ android::base::unique_fd fd(TEMP_FAILURE_RETRY(open(path, O_RDONLY | O_CLOEXEC)));
+
+ if (fd == -1) {
+ ERROR("Failed to open %s: %s\n", path, strerror(errno));
+ return -errno;
+ }
+
+ while (size) {
+ size_read = TEMP_FAILURE_RETRY(read(fd, buf, READ_BUF_SIZE));
+ if (size_read == -1) {
+ ERROR("Error in reading partition %s: %s\n", path,
+ strerror(errno));
+ return -errno;
+ }
+ size -= size_read;
+ }
+
+ return 0;
+}
+
static int compare_last_signature(struct fstab_rec *fstab, int *match)
{
char tag[METADATA_TAG_MAX_LENGTH + 1];
@@ -788,7 +825,7 @@
char fstab_filename[PROPERTY_VALUE_MAX + sizeof(FSTAB_PREFIX)];
const char *mount_point;
char propbuf[PROPERTY_VALUE_MAX];
- char *status;
+ const char *status;
int fd = -1;
int i;
int mode;
@@ -838,9 +875,13 @@
verity_ioctl_init(io, mount_point, 0);
if (ioctl(fd, DM_TABLE_STATUS, io)) {
- ERROR("Failed to query DM_TABLE_STATUS for %s (%s)\n", mount_point,
- strerror(errno));
- continue;
+ if (fstab->recs[i].fs_mgr_flags & MF_VERIFYATBOOT) {
+ status = "V";
+ } else {
+ ERROR("Failed to query DM_TABLE_STATUS for %s (%s)\n", mount_point,
+ strerror(errno));
+ continue;
+ }
}
status = &buffer[io->data_start + sizeof(struct dm_target_spec)];
@@ -904,6 +945,7 @@
alignas(dm_ioctl) char buffer[DM_BUF_SIZE];
struct dm_ioctl *io = (struct dm_ioctl *) buffer;
char *mount_point = basename(fstab->mount_point);
+ bool verified_at_boot = false;
if (fec_open(&f, fstab->blk_device, O_RDONLY, FEC_VERITY_DISABLE,
FEC_DEFAULT_ROOTS) < 0) {
@@ -1037,10 +1079,26 @@
// mark the underlying block device as read-only
fs_mgr_set_blk_ro(fstab->blk_device);
+ // Verify the entire partition in one go
+ // If there is an error, allow it to mount as a normal verity partition.
+ if (fstab->fs_mgr_flags & MF_VERIFYATBOOT) {
+ INFO("Verifying partition %s at boot\n", fstab->blk_device);
+ int err = read_partition(verity_blk_name, verity.data_size);
+ if (!err) {
+ INFO("Verified verity partition %s at boot\n", fstab->blk_device);
+ verified_at_boot = true;
+ }
+ }
+
// assign the new verity block device as the block device
- free(fstab->blk_device);
- fstab->blk_device = verity_blk_name;
- verity_blk_name = 0;
+ if (!verified_at_boot) {
+ free(fstab->blk_device);
+ fstab->blk_device = verity_blk_name;
+ verity_blk_name = 0;
+ } else if (destroy_verity_device(io, mount_point, fd) < 0) {
+ ERROR("Failed to remove verity device %s\n", mount_point);
+ goto out;
+ }
// make sure we've set everything up properly
if (test_access(fstab->blk_device) < 0) {
diff --git a/healthd/healthd.cpp b/healthd/healthd.cpp
index 3f0e047..aa6735d 100644
--- a/healthd/healthd.cpp
+++ b/healthd/healthd.cpp
@@ -297,12 +297,18 @@
}
static void healthd_mainloop(void) {
+ int nevents = 0;
while (1) {
struct epoll_event events[eventct];
- int nevents;
int timeout = awake_poll_interval;
int mode_timeout;
+ /* Don't wait for first timer timeout to run periodic chores */
+ if (!nevents)
+ periodic_chores();
+
+ healthd_mode_ops->heartbeat();
+
mode_timeout = healthd_mode_ops->preparetowait();
if (timeout < 0 || (mode_timeout > 0 && mode_timeout < timeout))
timeout = mode_timeout;
@@ -318,11 +324,6 @@
if (events[n].data.ptr)
(*(void (*)(int))events[n].data.ptr)(events[n].events);
}
-
- if (!nevents)
- periodic_chores();
-
- healthd_mode_ops->heartbeat();
}
return;
diff --git a/liblog/event_tag_map.c b/liblog/event_tag_map.c
index f9cad99..e8e0335 100644
--- a/liblog/event_tag_map.c
+++ b/liblog/event_tag_map.c
@@ -73,12 +73,13 @@
EventTagMap* newTagMap;
off_t end;
int save_errno;
+ const char* tagfile = fileName ? fileName : EVENT_TAG_MAP_FILE;
- int fd = open(fileName, O_RDONLY | O_CLOEXEC);
+ int fd = open(tagfile, O_RDONLY | O_CLOEXEC);
if (fd < 0) {
save_errno = errno;
fprintf(stderr, "%s: unable to open map '%s': %s\n",
- OUT_TAG, fileName, strerror(save_errno));
+ OUT_TAG, tagfile, strerror(save_errno));
goto fail_errno;
}
@@ -87,7 +88,7 @@
(void) lseek(fd, 0L, SEEK_SET);
if (end < 0) {
fprintf(stderr, "%s: unable to seek map '%s' %s\n",
- OUT_TAG, fileName, strerror(save_errno));
+ OUT_TAG, tagfile, strerror(save_errno));
goto fail_close;
}
@@ -103,7 +104,7 @@
fd = -1;
if ((newTagMap->mapAddr == MAP_FAILED) || (newTagMap->mapAddr == NULL)) {
fprintf(stderr, "%s: mmap(%s) failed: %s\n",
- OUT_TAG, fileName, strerror(save_errno));
+ OUT_TAG, tagfile, strerror(save_errno));
goto fail_free;
}
diff --git a/liblog/logger_write.c b/liblog/logger_write.c
index 157bd88..170c8d1 100644
--- a/liblog/logger_write.c
+++ b/liblog/logger_write.c
@@ -293,7 +293,7 @@
ret = __android_log_trylock();
m = (EventTagMap *)atomic_load(&tagMap); /* trylock flush cache */
if (!m) {
- m = android_openEventTagMap(EVENT_TAG_MAP_FILE);
+ m = android_openEventTagMap(NULL);
if (ret) { /* trylock failed, use local copy, mark for close */
f = m;
} else {
diff --git a/logcat/logcat.cpp b/logcat/logcat.cpp
index 41f2280..94b8691 100644
--- a/logcat/logcat.cpp
+++ b/logcat/logcat.cpp
@@ -177,7 +177,7 @@
static EventTagMap *eventTagMap = NULL;
if (!eventTagMap && !hasOpenedEventTagMap) {
- eventTagMap = android_openEventTagMap(EVENT_TAG_MAP_FILE);
+ eventTagMap = android_openEventTagMap(NULL);
hasOpenedEventTagMap = true;
}
err = android_log_processBinaryLogBuffer(&buf->entry_v1, &entry,
diff --git a/logd/main.cpp b/logd/main.cpp
index 7550c41..c3343d7 100644
--- a/logd/main.cpp
+++ b/logd/main.cpp
@@ -311,7 +311,7 @@
if (!map) {
sem_wait(&sem_name);
if (!map) {
- map = android_openEventTagMap(EVENT_TAG_MAP_FILE);
+ map = android_openEventTagMap(NULL);
}
sem_post(&sem_name);
if (!map) {