Merge "Remove InitProperties" into main
diff --git a/debuggerd/tombstoned/tombstoned.cpp b/debuggerd/tombstoned/tombstoned.cpp
index fa67d46..2c72379 100644
--- a/debuggerd/tombstoned/tombstoned.cpp
+++ b/debuggerd/tombstoned/tombstoned.cpp
@@ -158,7 +158,7 @@
}
}
- return std::move(result);
+ return result;
}
std::optional<CrashOutput> get_output(DebuggerdDumpType dump_type) {
diff --git a/fs_mgr/libsnapshot/device_info.cpp b/fs_mgr/libsnapshot/device_info.cpp
index 0ab6103..e0969f4 100644
--- a/fs_mgr/libsnapshot/device_info.cpp
+++ b/fs_mgr/libsnapshot/device_info.cpp
@@ -104,6 +104,24 @@
return first_stage_init_;
}
+bool DeviceInfo::SetActiveBootSlot([[maybe_unused]] unsigned int slot) {
+#ifdef LIBSNAPSHOT_USE_HAL
+ if (!EnsureBootHal()) {
+ return false;
+ }
+
+ CommandResult result = boot_control_->SetActiveBootSlot(slot);
+ if (!result.success) {
+ LOG(ERROR) << "Error setting slot " << slot << " active: " << result.errMsg;
+ return false;
+ }
+ return true;
+#else
+ LOG(ERROR) << "HAL support not enabled.";
+ return false;
+#endif
+}
+
bool DeviceInfo::SetSlotAsUnbootable([[maybe_unused]] unsigned int slot) {
#ifdef LIBSNAPSHOT_USE_HAL
if (!EnsureBootHal()) {
diff --git a/fs_mgr/libsnapshot/device_info.h b/fs_mgr/libsnapshot/device_info.h
index d06f1be..9153abb 100644
--- a/fs_mgr/libsnapshot/device_info.h
+++ b/fs_mgr/libsnapshot/device_info.h
@@ -36,6 +36,7 @@
std::string GetSuperDevice(uint32_t slot) const override;
bool IsOverlayfsSetup() const override;
bool SetBootControlMergeStatus(MergeStatus status) override;
+ bool SetActiveBootSlot(unsigned int slot) override;
bool SetSlotAsUnbootable(unsigned int slot) override;
bool IsRecovery() const override;
std::unique_ptr<IImageManager> OpenImageManager() const override;
diff --git a/fs_mgr/libsnapshot/include/libsnapshot/mock_device_info.h b/fs_mgr/libsnapshot/include/libsnapshot/mock_device_info.h
index 573a85b..ca1ac1e 100644
--- a/fs_mgr/libsnapshot/include/libsnapshot/mock_device_info.h
+++ b/fs_mgr/libsnapshot/include/libsnapshot/mock_device_info.h
@@ -29,6 +29,7 @@
MOCK_METHOD(const android::fs_mgr::IPartitionOpener&, GetPartitionOpener, (), (const));
MOCK_METHOD(bool, IsOverlayfsSetup, (), (const, override));
MOCK_METHOD(bool, SetBootControlMergeStatus, (MergeStatus status), (override));
+ MOCK_METHOD(bool, SetActiveBootSlot, (unsigned int slot), (override));
MOCK_METHOD(bool, SetSlotAsUnbootable, (unsigned int slot), (override));
MOCK_METHOD(bool, IsRecovery, (), (const, override));
MOCK_METHOD(bool, IsFirstStageInit, (), (const, override));
diff --git a/fs_mgr/libsnapshot/include/libsnapshot/snapshot.h b/fs_mgr/libsnapshot/include/libsnapshot/snapshot.h
index 4a3ec1d..deb2d6e 100644
--- a/fs_mgr/libsnapshot/include/libsnapshot/snapshot.h
+++ b/fs_mgr/libsnapshot/include/libsnapshot/snapshot.h
@@ -104,6 +104,7 @@
virtual const android::fs_mgr::IPartitionOpener& GetPartitionOpener() const = 0;
virtual bool IsOverlayfsSetup() const = 0;
virtual bool SetBootControlMergeStatus(MergeStatus status) = 0;
+ virtual bool SetActiveBootSlot(unsigned int slot) = 0;
virtual bool SetSlotAsUnbootable(unsigned int slot) = 0;
virtual bool IsRecovery() const = 0;
virtual bool IsTestDevice() const { return false; }
@@ -675,6 +676,8 @@
std::string GetBootSnapshotsWithoutSlotSwitchPath();
std::string GetSnapuserdFromSystemPath();
+ bool HasForwardMergeIndicator();
+
const LpMetadata* ReadOldPartitionMetadata(LockedFile* lock);
bool MapAllPartitions(LockedFile* lock, const std::string& super_device, uint32_t slot,
@@ -785,11 +788,8 @@
bool UpdateForwardMergeIndicator(bool wipe);
// Helper for HandleImminentDataWipe.
- // Call ProcessUpdateState and handle states with special rules before data wipe. Specifically,
- // if |allow_forward_merge| and allow-forward-merge indicator exists, initiate merge if
- // necessary.
- UpdateState ProcessUpdateStateOnDataWipe(bool allow_forward_merge,
- const std::function<bool()>& callback);
+ // Call ProcessUpdateState and handle states with special rules before data wipe.
+ UpdateState ProcessUpdateStateOnDataWipe(const std::function<bool()>& callback);
// Return device string of a mapped image, or if it is not available, the mapped image path.
bool GetMappedImageDeviceStringOrPath(const std::string& device_name,
@@ -848,7 +848,6 @@
std::string metadata_dir_;
std::unique_ptr<IImageManager> images_;
bool use_first_stage_snapuserd_ = false;
- bool in_factory_data_reset_ = false;
std::function<bool(const std::string&)> uevent_regen_callback_;
std::unique_ptr<SnapuserdClient> snapuserd_client_;
std::unique_ptr<LpMetadata> old_partition_metadata_;
diff --git a/fs_mgr/libsnapshot/include_test/libsnapshot/test_helpers.h b/fs_mgr/libsnapshot/include_test/libsnapshot/test_helpers.h
index 0afd8bd..620b03c 100644
--- a/fs_mgr/libsnapshot/include_test/libsnapshot/test_helpers.h
+++ b/fs_mgr/libsnapshot/include_test/libsnapshot/test_helpers.h
@@ -92,6 +92,7 @@
}
bool IsOverlayfsSetup() const override { return false; }
bool IsRecovery() const override { return recovery_; }
+ bool SetActiveBootSlot([[maybe_unused]] unsigned int slot) override { return true; }
bool SetSlotAsUnbootable(unsigned int slot) override {
unbootable_slots_.insert(slot);
return true;
diff --git a/fs_mgr/libsnapshot/partition_cow_creator_test.cpp b/fs_mgr/libsnapshot/partition_cow_creator_test.cpp
index a4a2c1a..8356c0c 100644
--- a/fs_mgr/libsnapshot/partition_cow_creator_test.cpp
+++ b/fs_mgr/libsnapshot/partition_cow_creator_test.cpp
@@ -250,8 +250,8 @@
.target_partition = system_b,
.current_metadata = builder_a.get(),
.current_suffix = "_a",
- .using_snapuserd = true,
- .update = &update};
+ .update = &update,
+ .using_snapuserd = true};
auto ret = creator.Run();
ASSERT_TRUE(ret.has_value());
@@ -276,8 +276,8 @@
.target_partition = system_b,
.current_metadata = builder_a.get(),
.current_suffix = "_a",
- .using_snapuserd = true,
- .update = nullptr};
+ .update = nullptr,
+ .using_snapuserd = true};
auto ret = creator.Run();
ASSERT_FALSE(ret.has_value());
diff --git a/fs_mgr/libsnapshot/snapshot.cpp b/fs_mgr/libsnapshot/snapshot.cpp
index 265445b..108fd90 100644
--- a/fs_mgr/libsnapshot/snapshot.cpp
+++ b/fs_mgr/libsnapshot/snapshot.cpp
@@ -4005,44 +4005,90 @@
// We allow the wipe to continue, because if we can't mount /metadata,
// it is unlikely the device would have booted anyway. If there is no
// metadata partition, then the device predates Virtual A/B.
+ LOG(INFO) << "/metadata not found; allowing wipe.";
return true;
}
- // Check this early, so we don't accidentally start trying to populate
- // the state file in recovery. Note we don't call GetUpdateState since
- // we want errors in acquiring the lock to be propagated, instead of
- // returning UpdateState::None.
- auto state_file = GetStateFilePath();
- if (access(state_file.c_str(), F_OK) != 0 && errno == ENOENT) {
- return true;
- }
-
- auto slot_number = SlotNumberForSlotSuffix(device_->GetSlotSuffix());
- auto super_path = device_->GetSuperDevice(slot_number);
- if (!CreateLogicalAndSnapshotPartitions(super_path, 20s)) {
- LOG(ERROR) << "Unable to map partitions to complete merge.";
- return false;
- }
-
- auto process_callback = [&]() -> bool {
- if (callback) {
- callback();
+ // This could happen if /metadata mounted but there is no filesystem
+ // structure. Weird, but we have to assume there's no OTA pending, and
+ // thus we let the wipe proceed.
+ UpdateState state;
+ {
+ auto lock = LockExclusive();
+ if (!lock) {
+ LOG(ERROR) << "Unable to determine update state; allowing wipe.";
+ return true;
}
- return true;
- };
- in_factory_data_reset_ = true;
- UpdateState state =
- ProcessUpdateStateOnDataWipe(true /* allow_forward_merge */, process_callback);
- in_factory_data_reset_ = false;
-
- if (state == UpdateState::MergeFailed) {
- return false;
+ state = ReadUpdateState(lock.get());
+ LOG(INFO) << "Update state before wipe: " << state << "; slot: " << GetCurrentSlot()
+ << "; suffix: " << device_->GetSlotSuffix();
}
- // Nothing should be depending on partitions now, so unmap them all.
- if (!UnmapAllPartitionsInRecovery()) {
- LOG(ERROR) << "Unable to unmap all partitions; fastboot may fail to flash.";
+ bool try_merge = false;
+ switch (state) {
+ case UpdateState::None:
+ case UpdateState::Initiated:
+ LOG(INFO) << "Wipe is not impacted by update state; allowing wipe.";
+ break;
+ case UpdateState::Unverified:
+ if (GetCurrentSlot() != Slot::Target) {
+ LOG(INFO) << "Wipe is not impacted by rolled back update; allowing wipe";
+ break;
+ }
+ if (!HasForwardMergeIndicator()) {
+ auto slot_number = SlotNumberForSlotSuffix(device_->GetSlotSuffix());
+ auto other_slot_number = SlotNumberForSlotSuffix(device_->GetOtherSlotSuffix());
+
+ // We're not allowed to forward merge, so forcefully rollback the
+ // slot switch.
+ LOG(INFO) << "Allowing wipe due to lack of forward merge indicator; reverting to "
+ "old slot since update will be deleted.";
+ device_->SetSlotAsUnbootable(slot_number);
+ device_->SetActiveBootSlot(other_slot_number);
+ break;
+ }
+
+ // Forward merge indicator means we have to mount snapshots and try to merge.
+ LOG(INFO) << "Forward merge indicator is present.";
+ try_merge = true;
+ break;
+ case UpdateState::Merging:
+ case UpdateState::MergeFailed:
+ try_merge = true;
+ break;
+ case UpdateState::MergeNeedsReboot:
+ case UpdateState::Cancelled:
+ LOG(INFO) << "Unexpected update state in recovery; allowing wipe.";
+ break;
+ default:
+ break;
+ }
+
+ if (try_merge) {
+ auto slot_number = SlotNumberForSlotSuffix(device_->GetSlotSuffix());
+ auto super_path = device_->GetSuperDevice(slot_number);
+ if (!CreateLogicalAndSnapshotPartitions(super_path, 20s)) {
+ LOG(ERROR) << "Unable to map partitions to complete merge.";
+ return false;
+ }
+
+ auto process_callback = [&]() -> bool {
+ if (callback) {
+ callback();
+ }
+ return true;
+ };
+
+ state = ProcessUpdateStateOnDataWipe(process_callback);
+ if (state == UpdateState::MergeFailed) {
+ return false;
+ }
+
+ // Nothing should be depending on partitions now, so unmap them all.
+ if (!UnmapAllPartitionsInRecovery()) {
+ LOG(ERROR) << "Unable to unmap all partitions; fastboot may fail to flash.";
+ }
}
if (state != UpdateState::None) {
@@ -4088,58 +4134,40 @@
return true;
}
-UpdateState SnapshotManager::ProcessUpdateStateOnDataWipe(bool allow_forward_merge,
- const std::function<bool()>& callback) {
- auto slot_number = SlotNumberForSlotSuffix(device_->GetSlotSuffix());
- UpdateState state = ProcessUpdateState(callback);
- LOG(INFO) << "Update state in recovery: " << state;
- switch (state) {
- case UpdateState::MergeFailed:
- LOG(ERROR) << "Unrecoverable merge failure detected.";
- return state;
- case UpdateState::Unverified: {
- // If an OTA was just applied but has not yet started merging:
- //
- // - if forward merge is allowed, initiate merge and call
- // ProcessUpdateState again.
- //
- // - if forward merge is not allowed, we
- // have no choice but to revert slots, because the current slot will
- // immediately become unbootable. Rather than wait for the device
- // to reboot N times until a rollback, we proactively disable the
- // new slot instead.
- //
- // Since the rollback is inevitable, we don't treat a HAL failure
- // as an error here.
- auto slot = GetCurrentSlot();
- if (slot == Slot::Target) {
- if (allow_forward_merge &&
- access(GetForwardMergeIndicatorPath().c_str(), F_OK) == 0) {
- LOG(INFO) << "Forward merge allowed, initiating merge now.";
-
- if (!InitiateMerge()) {
- LOG(ERROR) << "Failed to initiate merge on data wipe.";
- return UpdateState::MergeFailed;
- }
- return ProcessUpdateStateOnDataWipe(false /* allow_forward_merge */, callback);
+UpdateState SnapshotManager::ProcessUpdateStateOnDataWipe(const std::function<bool()>& callback) {
+ while (true) {
+ UpdateState state = ProcessUpdateState(callback);
+ LOG(INFO) << "Processed updated state in recovery: " << state;
+ switch (state) {
+ case UpdateState::MergeFailed:
+ LOG(ERROR) << "Unrecoverable merge failure detected.";
+ return state;
+ case UpdateState::Unverified: {
+ // Unverified was already handled earlier, in HandleImminentDataWipe,
+ // but it will fall through here if a forward merge is required.
+ //
+ // If InitiateMerge fails, we early return. If it succeeds, then we
+ // are guaranteed that the next call to ProcessUpdateState will not
+ // return Unverified.
+ if (!InitiateMerge()) {
+ LOG(ERROR) << "Failed to initiate merge on data wipe.";
+ return UpdateState::MergeFailed;
}
-
- LOG(ERROR) << "Reverting to old slot since update will be deleted.";
- device_->SetSlotAsUnbootable(slot_number);
- } else {
- LOG(INFO) << "Booting from " << slot << " slot, no action is taken.";
+ continue;
}
- break;
+ case UpdateState::MergeNeedsReboot:
+ // We shouldn't get here, because nothing is depending on
+ // logical partitions.
+ LOG(ERROR) << "Unexpected merge-needs-reboot state in recovery.";
+ return state;
+ default:
+ return state;
}
- case UpdateState::MergeNeedsReboot:
- // We shouldn't get here, because nothing is depending on
- // logical partitions.
- LOG(ERROR) << "Unexpected merge-needs-reboot state in recovery.";
- break;
- default:
- break;
}
- return state;
+}
+
+bool SnapshotManager::HasForwardMergeIndicator() {
+ return access(GetForwardMergeIndicatorPath().c_str(), F_OK) == 0;
}
bool SnapshotManager::EnsureNoOverflowSnapshot(LockedFile* lock) {
diff --git a/fs_mgr/libsnapshot/snapshot_test.cpp b/fs_mgr/libsnapshot/snapshot_test.cpp
index d66490c..16c247f 100644
--- a/fs_mgr/libsnapshot/snapshot_test.cpp
+++ b/fs_mgr/libsnapshot/snapshot_test.cpp
@@ -2102,10 +2102,10 @@
test_device->set_recovery(true);
auto new_sm = NewManagerForFirstStageMount(test_device);
+ EXPECT_EQ(new_sm->GetUpdateState(), UpdateState::Unverified);
ASSERT_TRUE(new_sm->HandleImminentDataWipe());
// Manually mount metadata so that we can call GetUpdateState() below.
MountMetadata();
- EXPECT_EQ(new_sm->GetUpdateState(), UpdateState::None);
EXPECT_TRUE(test_device->IsSlotUnbootable(1));
EXPECT_FALSE(test_device->IsSlotUnbootable(0));
}
@@ -2127,6 +2127,7 @@
test_device->set_recovery(true);
auto new_sm = NewManagerForFirstStageMount(test_device);
+ EXPECT_EQ(new_sm->GetUpdateState(), UpdateState::Unverified);
ASSERT_TRUE(new_sm->HandleImminentDataWipe());
EXPECT_EQ(new_sm->GetUpdateState(), UpdateState::None);
EXPECT_FALSE(test_device->IsSlotUnbootable(0));
@@ -2135,10 +2136,6 @@
// Test update package that requests data wipe.
TEST_F(SnapshotUpdateTest, DataWipeRequiredInPackage) {
- if (ShouldSkipLegacyMerging()) {
- GTEST_SKIP() << "Skipping legacy merge in test";
- }
-
AddOperationForPartitions();
// Execute the update.
ASSERT_TRUE(sm->BeginUpdate());
@@ -2157,6 +2154,7 @@
test_device->set_recovery(true);
auto new_sm = NewManagerForFirstStageMount(test_device);
+ EXPECT_EQ(new_sm->GetUpdateState(), UpdateState::Unverified);
ASSERT_TRUE(new_sm->HandleImminentDataWipe());
// Manually mount metadata so that we can call GetUpdateState() below.
MountMetadata();
@@ -2178,10 +2176,6 @@
// Test update package that requests data wipe.
TEST_F(SnapshotUpdateTest, DataWipeWithStaleSnapshots) {
- if (ShouldSkipLegacyMerging()) {
- GTEST_SKIP() << "Skipping legacy merge in test";
- }
-
AddOperationForPartitions();
// Execute the update.
@@ -2222,6 +2216,7 @@
test_device->set_recovery(true);
auto new_sm = NewManagerForFirstStageMount(test_device);
+ EXPECT_EQ(new_sm->GetUpdateState(), UpdateState::Unverified);
ASSERT_TRUE(new_sm->HandleImminentDataWipe());
// Manually mount metadata so that we can call GetUpdateState() below.
MountMetadata();
diff --git a/init/test_kill_services/OWNERS b/init/test_kill_services/OWNERS
new file mode 100644
index 0000000..40164aa
--- /dev/null
+++ b/init/test_kill_services/OWNERS
@@ -0,0 +1 @@
+smoreland@google.com
diff --git a/libprocessgroup/Android.bp b/libprocessgroup/Android.bp
index 33e00bc..a60bfe9 100644
--- a/libprocessgroup/Android.bp
+++ b/libprocessgroup/Android.bp
@@ -79,12 +79,12 @@
],
static_libs: [
"libjsoncpp",
+ "libprocessgroup_util",
],
// for cutils/android_filesystem_config.h
header_libs: [
"libcutils_headers",
"libprocessgroup_headers",
- "libprocessgroup_util",
],
export_include_dirs: ["include"],
export_header_lib_headers: [
diff --git a/libprocessgroup/setup/Android.bp b/libprocessgroup/setup/Android.bp
index 76f0a11..1a4ad01 100644
--- a/libprocessgroup/setup/Android.bp
+++ b/libprocessgroup/setup/Android.bp
@@ -34,10 +34,10 @@
],
static_libs: [
"libcgrouprc_format",
+ "libprocessgroup_util",
],
header_libs: [
"libprocessgroup_headers",
- "libprocessgroup_util",
],
export_header_lib_headers: [
"libprocessgroup_headers",
diff --git a/libprocessgroup/util/Android.bp b/libprocessgroup/util/Android.bp
index 4a940b7..54ba69b 100644
--- a/libprocessgroup/util/Android.bp
+++ b/libprocessgroup/util/Android.bp
@@ -19,7 +19,7 @@
default_applicable_licenses: ["Android-Apache-2.0"],
}
-cc_library_headers {
+cc_library_static {
name: "libprocessgroup_util",
vendor_available: true,
product_available: true,
@@ -36,12 +36,15 @@
export_include_dirs: [
"include",
],
+ srcs: [
+ "util.cpp",
+ ],
defaults: ["libprocessgroup_build_flags_cc"],
}
cc_test {
name: "libprocessgroup_util_test",
- header_libs: ["libprocessgroup_util"],
+ static_libs: ["libprocessgroup_util"],
srcs: ["tests/util.cpp"],
test_suites: ["general-tests"],
}
diff --git a/libprocessgroup/util/include/processgroup/util.h b/libprocessgroup/util/include/processgroup/util.h
index 5240744..8d013af 100644
--- a/libprocessgroup/util/include/processgroup/util.h
+++ b/libprocessgroup/util/include/processgroup/util.h
@@ -16,46 +16,10 @@
#pragma once
-#include <algorithm>
-#include <iterator>
#include <string>
namespace util {
-namespace internal {
-
-const char SEP = '/';
-
-std::string DeduplicateAndTrimSeparators(const std::string& path) {
- bool lastWasSep = false;
- std::string ret;
-
- std::copy_if(path.begin(), path.end(), std::back_inserter(ret), [&lastWasSep](char c) {
- if (lastWasSep) {
- if (c == SEP) return false;
- lastWasSep = false;
- } else if (c == SEP) {
- lastWasSep = true;
- }
- return true;
- });
-
- if (ret.length() > 1 && ret.back() == SEP) ret.pop_back();
-
- return ret;
-}
-
-} // namespace internal
-
-unsigned int GetCgroupDepth(const std::string& controller_root, const std::string& cgroup_path) {
- const std::string deduped_root = internal::DeduplicateAndTrimSeparators(controller_root);
- const std::string deduped_path = internal::DeduplicateAndTrimSeparators(cgroup_path);
-
- if (deduped_root.empty() || deduped_path.empty() || !deduped_path.starts_with(deduped_root))
- return 0;
-
- return std::count(deduped_path.begin() + deduped_root.size(), deduped_path.end(),
- internal::SEP);
-}
+unsigned int GetCgroupDepth(const std::string& controller_root, const std::string& cgroup_path);
} // namespace util
diff --git a/libprocessgroup/util/util.cpp b/libprocessgroup/util/util.cpp
new file mode 100644
index 0000000..9b88a22
--- /dev/null
+++ b/libprocessgroup/util/util.cpp
@@ -0,0 +1,59 @@
+/*
+ * Copyright (C) 2024 The Android Open Source Project
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+#include <processgroup/util.h>
+
+#include <algorithm>
+#include <iterator>
+
+namespace {
+
+const char SEP = '/';
+
+std::string DeduplicateAndTrimSeparators(const std::string& path) {
+ bool lastWasSep = false;
+ std::string ret;
+
+ std::copy_if(path.begin(), path.end(), std::back_inserter(ret), [&lastWasSep](char c) {
+ if (lastWasSep) {
+ if (c == SEP) return false;
+ lastWasSep = false;
+ } else if (c == SEP) {
+ lastWasSep = true;
+ }
+ return true;
+ });
+
+ if (ret.length() > 1 && ret.back() == SEP) ret.pop_back();
+
+ return ret;
+}
+
+} // anonymous namespace
+
+namespace util {
+
+unsigned int GetCgroupDepth(const std::string& controller_root, const std::string& cgroup_path) {
+ const std::string deduped_root = DeduplicateAndTrimSeparators(controller_root);
+ const std::string deduped_path = DeduplicateAndTrimSeparators(cgroup_path);
+
+ if (deduped_root.empty() || deduped_path.empty() || !deduped_path.starts_with(deduped_root))
+ return 0;
+
+ return std::count(deduped_path.begin() + deduped_root.size(), deduped_path.end(), SEP);
+}
+
+} // namespace util
diff --git a/trusty/libtrusty-rs/Android.bp b/trusty/libtrusty-rs/Android.bp
index 4fc162b..e289005 100644
--- a/trusty/libtrusty-rs/Android.bp
+++ b/trusty/libtrusty-rs/Android.bp
@@ -21,9 +21,10 @@
crate_name: "trusty",
vendor_available: true,
srcs: [
- "src/lib.rs"
+ "src/lib.rs",
],
rustlibs: [
+ "liblog_rust",
"libnix",
"liblibc",
],
@@ -36,5 +37,5 @@
rustlibs: [
"libtrusty-rs",
"liblibc",
- ]
+ ],
}
diff --git a/trusty/libtrusty-rs/src/lib.rs b/trusty/libtrusty-rs/src/lib.rs
index 22b894a..9237c8b 100644
--- a/trusty/libtrusty-rs/src/lib.rs
+++ b/trusty/libtrusty-rs/src/lib.rs
@@ -61,12 +61,18 @@
//! ```
use crate::sys::tipc_connect;
+use log::{trace, warn};
+use nix::sys::socket;
+use std::convert::From;
use std::ffi::CString;
use std::fs::File;
+use std::io;
use std::io::prelude::*;
use std::io::{ErrorKind, Result};
use std::os::unix::prelude::AsRawFd;
use std::path::Path;
+use std::thread;
+use std::time;
mod sys;
@@ -98,7 +104,89 @@
/// bytes. This is handled with a panic because the service names are all
/// hard-coded constants, and so such an error should always be indicative of a
/// bug in the calling code.
- pub fn connect(device: impl AsRef<Path>, service: &str) -> Result<Self> {
+ pub fn connect(device: &str, service: &str) -> Result<Self> {
+ if let Some(cid_port_str) = device.strip_prefix("VSOCK:") {
+ Self::connect_vsock(cid_port_str, service)
+ } else {
+ Self::connect_tipc(device, service)
+ }
+ }
+
+ fn connect_vsock(type_cid_port_str: &str, service: &str) -> Result<Self> {
+ let cid_port_str;
+ let socket_type;
+ if let Some(stream_cid_port_str) = type_cid_port_str.strip_prefix("STREAM:") {
+ socket_type = socket::SockType::Stream;
+ cid_port_str = stream_cid_port_str;
+ } else if let Some(seqpacket_cid_port_str) = type_cid_port_str.strip_prefix("SEQPACKET:") {
+ socket_type = socket::SockType::SeqPacket;
+ cid_port_str = seqpacket_cid_port_str;
+ } else {
+ /*
+ * Default to SOCK_STREAM if neither type is specified.
+ *
+ * TODO: use SOCK_SEQPACKET by default instead of SOCK_STREAM when SOCK_SEQPACKET is fully
+ * supported since it matches tipc better. At the moment SOCK_SEQPACKET is not supported by
+ * crosvm. It is also significantly slower since the Linux kernel implementation (as of
+ * v6.7-rc1) sends credit update packets every time it receives a data packet while the
+ * SOCK_STREAM version skips these unless the remaining buffer space is "low".
+ */
+ socket_type = socket::SockType::Stream;
+ cid_port_str = type_cid_port_str;
+ }
+
+ let [cid, port]: [u32; 2] = cid_port_str
+ .split(':')
+ .map(|v| v.parse::<u32>().map_err(|e| io::Error::new(io::ErrorKind::InvalidInput, e)))
+ .collect::<Result<Vec<u32>>>()?
+ .try_into()
+ .map_err(|e| {
+ io::Error::new(io::ErrorKind::InvalidInput, format!("Wrong number of args: {e:?}"))
+ })?;
+
+ trace!("got cid, port: {cid}, {port}");
+ let s = socket::socket(
+ socket::AddressFamily::Vsock,
+ socket_type,
+ socket::SockFlag::SOCK_CLOEXEC,
+ None,
+ )?;
+ trace!("got socket");
+ let sa = socket::VsockAddr::new(cid, port);
+ trace!("got sa");
+
+ //let connect_timeout = libc::timeval {tv_sec: 60, tv_usec: 0};
+ // TODO: Set AF_VSOCK/SO_VM_SOCKETS_CONNECT_TIMEOUT sockopt.
+
+ let mut retry = 10;
+ loop {
+ let res = socket::connect(s.as_raw_fd(), &sa);
+ if res.is_ok() || retry <= 0 {
+ res?;
+ break;
+ }
+ warn!("vsock:{cid}:{port} connect failed {res:?}, {retry} retries remaining");
+ retry -= 1;
+ thread::sleep(time::Duration::from_secs(5));
+ }
+ trace!("connected");
+ // TODO: Current vsock tipc bridge in trusty expects a port name in the
+ // first packet. We need to replace this with a protocol that also does DICE
+ // based authentication.
+ // `s` is a valid file descriptor because it came from socket::socket.
+ let mut channel = Self(File::from(s));
+ channel.send(service.as_bytes())?;
+ trace!("sent tipc port name");
+
+ // Work around lack of seq packet support. Read a status byte to prevent
+ // the caller from sending more data until srv_name has been read.
+ let mut status = [0; 1];
+ channel.recv_no_alloc(&mut status)?;
+ trace!("got status byte: {status:?}");
+ Ok(channel)
+ }
+
+ fn connect_tipc(device: impl AsRef<Path>, service: &str) -> Result<Self> {
let file = File::options().read(true).write(true).open(device)?;
let srv_name = CString::new(service).expect("Service name contained null bytes");
@@ -108,7 +196,7 @@
tipc_connect(file.as_raw_fd(), srv_name.as_ptr())?;
}
- Ok(TipcChannel(file))
+ Ok(Self(file))
}
/// Sends a message to the connected service.
diff --git a/trusty/libtrusty/trusty.c b/trusty/libtrusty/trusty.c
index f44f8b4..63262a0 100644
--- a/trusty/libtrusty/trusty.c
+++ b/trusty/libtrusty/trusty.c
@@ -23,16 +23,161 @@
#include <stdlib.h>
#include <string.h>
#include <sys/ioctl.h>
+#include <sys/socket.h>
+#include <sys/uio.h>
#include <unistd.h>
+#include <linux/vm_sockets.h> /* must be after sys/socket.h */
#include <log/log.h>
#include <trusty/ipc.h>
+static const char* strip_prefix(const char* str, const char* prefix) {
+ size_t prefix_len = strlen(prefix);
+ if (strncmp(str, prefix, prefix_len) == 0) {
+ return str + prefix_len;
+ } else {
+ return NULL;
+ }
+}
+
+static bool use_vsock_connection = false;
+static int tipc_vsock_connect(const char* type_cid_port_str, const char* srv_name) {
+ int ret;
+ const char* cid_port_str;
+ char* port_str;
+ char* end_str;
+ int socket_type;
+ if ((cid_port_str = strip_prefix(type_cid_port_str, "STREAM:"))) {
+ socket_type = SOCK_STREAM;
+ } else if ((cid_port_str = strip_prefix(type_cid_port_str, "SEQPACKET:"))) {
+ socket_type = SOCK_SEQPACKET;
+ } else {
+ /*
+ * Default to SOCK_STREAM if neither type is specified.
+ *
+ * TODO: use SOCK_SEQPACKET by default instead of SOCK_STREAM when SOCK_SEQPACKET is fully
+ * supported since it matches tipc better. At the moment SOCK_SEQPACKET is not supported by
+ * crosvm. It is also significantly slower since the Linux kernel implementation (as of
+ * v6.7-rc1) sends credit update packets every time it receives a data packet while the
+ * SOCK_STREAM version skips these unless the remaining buffer space is "low".
+ */
+ socket_type = SOCK_STREAM;
+ cid_port_str = type_cid_port_str;
+ }
+ long cid = strtol(cid_port_str, &port_str, 0);
+ if (port_str[0] != ':') {
+ ALOGE("%s: invalid VSOCK str, \"%s\", need cid:port missing : after cid\n", __func__,
+ cid_port_str);
+ return -EINVAL;
+ }
+ long port = strtol(port_str + 1, &end_str, 0);
+ if (end_str[0] != '\0') {
+ ALOGE("%s: invalid VSOCK str, \"%s\", need cid:port got %ld:%ld\n", __func__, cid_port_str,
+ cid, port);
+ return -EINVAL;
+ }
+ int fd = socket(AF_VSOCK, socket_type, 0);
+ if (fd < 0) {
+ ret = -errno;
+ ALOGE("%s: can't get vsock %ld:%ld socket for tipc service \"%s\" (err=%d)\n", __func__,
+ cid, port, srv_name, errno);
+ return ret < 0 ? ret : -1;
+ }
+ struct timeval connect_timeout = {.tv_sec = 60, .tv_usec = 0};
+ ret = setsockopt(fd, AF_VSOCK, SO_VM_SOCKETS_CONNECT_TIMEOUT, &connect_timeout,
+ sizeof(connect_timeout));
+ if (ret) {
+ ALOGE("%s: vsock %ld:%ld: Failed to set connect timeout (err=%d)\n", __func__, cid, port,
+ errno);
+ /* failed to set longer timeout, but try to connect anyway */
+ }
+ struct sockaddr_vm sa = {
+ .svm_family = AF_VSOCK,
+ .svm_port = port,
+ .svm_cid = cid,
+ };
+ int retry = 10;
+ do {
+ ret = TEMP_FAILURE_RETRY(connect(fd, (struct sockaddr*)&sa, sizeof(sa)));
+ if (ret && (errno == ENODEV || errno == ESOCKTNOSUPPORT) && --retry) {
+ /*
+ * The kernel returns ESOCKTNOSUPPORT instead of ENODEV if the socket type is
+ * SOCK_SEQPACKET and the guest CID we are trying to connect to is not ready yet.
+ */
+ ALOGE("%s: Can't connect to vsock %ld:%ld for tipc service \"%s\" (err=%d) %d retries "
+ "remaining\n",
+ __func__, cid, port, srv_name, errno, retry);
+ sleep(1);
+ } else {
+ retry = 0;
+ }
+ } while (retry);
+ if (ret) {
+ ret = -errno;
+ ALOGE("%s: Can't connect to vsock %ld:%ld for tipc service \"%s\" (err=%d)\n", __func__,
+ cid, port, srv_name, errno);
+ close(fd);
+ return ret < 0 ? ret : -1;
+ }
+ /*
+ * TODO: Current vsock tipc bridge in trusty expects a port name in the
+ * first packet. We need to replace this with a protocol that also does DICE
+ * based authentication.
+ */
+ ret = TEMP_FAILURE_RETRY(write(fd, srv_name, strlen(srv_name)));
+ if (ret != strlen(srv_name)) {
+ ret = -errno;
+ ALOGE("%s: vsock %ld:%ld: failed to send tipc service name \"%s\" (err=%d)\n", __func__,
+ cid, port, srv_name, errno);
+ close(fd);
+ return ret < 0 ? ret : -1;
+ }
+ /*
+ * Work around lack of seq packet support. Read a status byte to prevent
+ * the caller from sending more data until srv_name has been read.
+ */
+ int8_t status;
+ ret = TEMP_FAILURE_RETRY(read(fd, &status, sizeof(status)));
+ if (ret != sizeof(status)) {
+ ALOGE("%s: vsock %ld:%ld: failed to read status byte for connect to tipc service name "
+ "\"%s\" (err=%d)\n",
+ __func__, cid, port, srv_name, errno);
+ close(fd);
+ return ret < 0 ? ret : -1;
+ }
+ use_vsock_connection = true;
+ return fd;
+}
+
+static size_t tipc_vsock_send(int fd, const struct iovec* iov, int iovcnt, struct trusty_shm* shms,
+ int shmcnt) {
+ int ret;
+
+ (void)shms;
+ if (shmcnt != 0) {
+ ALOGE("%s: vsock does not yet support passing fds\n", __func__);
+ return -ENOTSUP;
+ }
+ ret = TEMP_FAILURE_RETRY(writev(fd, iov, iovcnt));
+ if (ret < 0) {
+ ret = -errno;
+ ALOGE("%s: failed to send message (err=%d)\n", __func__, errno);
+ return ret < 0 ? ret : -1;
+ }
+
+ return ret;
+}
+
int tipc_connect(const char* dev_name, const char* srv_name) {
int fd;
int rc;
+ const char* type_cid_port_str = strip_prefix(dev_name, "VSOCK:");
+ if (type_cid_port_str) {
+ return tipc_vsock_connect(type_cid_port_str, srv_name);
+ }
+
fd = TEMP_FAILURE_RETRY(open(dev_name, O_RDWR));
if (fd < 0) {
rc = -errno;
@@ -54,6 +199,9 @@
ssize_t tipc_send(int fd, const struct iovec* iov, int iovcnt, struct trusty_shm* shms,
int shmcnt) {
+ if (use_vsock_connection) {
+ return tipc_vsock_send(fd, iov, iovcnt, shms, shmcnt);
+ }
struct tipc_send_msg_req req;
req.iov = (__u64)iov;
req.iov_cnt = (__u64)iovcnt;