merge in mnc-release history after reset to mnc-dev
diff --git a/adb/adb_utils.cpp b/adb/adb_utils.cpp
index 0ce5ece..604bd57 100644
--- a/adb/adb_utils.cpp
+++ b/adb/adb_utils.cpp
@@ -45,11 +45,16 @@
std::string escape_arg(const std::string& s) {
std::string result = s;
- // Insert a \ before any ' in the string.
- for (auto it = result.begin(); it != result.end(); ++it) {
- if (*it == '\'') {
- it = result.insert(it, '\\') + 1;
- }
+ // Escape any ' in the string (before we single-quote the whole thing).
+ // The correct way to do this for the shell is to replace ' with '\'' --- that is,
+ // close the existing single-quoted string, escape a single single-quote, and start
+ // a new single-quoted string. Like the C preprocessor, the shell will concatenate
+ // these pieces into one string.
+ for (size_t i = 0; i < s.size(); ++i) {
+ if (s[i] == '\'') {
+ result.insert(i, "'\\'");
+ i += 2;
+ }
}
// Prefix and suffix the whole string with '.
diff --git a/adb/adb_utils_test.cpp b/adb/adb_utils_test.cpp
index a395079..052aea5 100644
--- a/adb/adb_utils_test.cpp
+++ b/adb/adb_utils_test.cpp
@@ -30,21 +30,21 @@
ASSERT_EQ(R"('abc')", escape_arg("abc"));
ASSERT_EQ(R"(' abc')", escape_arg(" abc"));
- ASSERT_EQ(R"('\'abc')", escape_arg("'abc"));
+ ASSERT_EQ(R"(''\''abc')", escape_arg("'abc"));
ASSERT_EQ(R"('"abc')", escape_arg("\"abc"));
ASSERT_EQ(R"('\abc')", escape_arg("\\abc"));
ASSERT_EQ(R"('(abc')", escape_arg("(abc"));
ASSERT_EQ(R"(')abc')", escape_arg(")abc"));
ASSERT_EQ(R"('abc abc')", escape_arg("abc abc"));
- ASSERT_EQ(R"('abc\'abc')", escape_arg("abc'abc"));
+ ASSERT_EQ(R"('abc'\''abc')", escape_arg("abc'abc"));
ASSERT_EQ(R"('abc"abc')", escape_arg("abc\"abc"));
ASSERT_EQ(R"('abc\abc')", escape_arg("abc\\abc"));
ASSERT_EQ(R"('abc(abc')", escape_arg("abc(abc"));
ASSERT_EQ(R"('abc)abc')", escape_arg("abc)abc"));
ASSERT_EQ(R"('abc ')", escape_arg("abc "));
- ASSERT_EQ(R"('abc\'')", escape_arg("abc'"));
+ ASSERT_EQ(R"('abc'\''')", escape_arg("abc'"));
ASSERT_EQ(R"('abc"')", escape_arg("abc\""));
ASSERT_EQ(R"('abc\')", escape_arg("abc\\"));
ASSERT_EQ(R"('abc(')", escape_arg("abc("));
diff --git a/adb/tests/test_adb.py b/adb/tests/test_adb.py
index 237ef47..0ff87d2 100755
--- a/adb/tests/test_adb.py
+++ b/adb/tests/test_adb.py
@@ -6,6 +6,7 @@
"""
import hashlib
import os
+import pipes
import random
import re
import shlex
@@ -162,6 +163,9 @@
def shell_nocheck(self, cmd):
return call_combined(self.adb_cmd + "shell " + cmd)
+ def install(self, filename):
+ return call_checked(self.adb_cmd + "install {}".format(pipes.quote(filename)))
+
def push(self, local, remote):
return call_checked(self.adb_cmd + "push {} {}".format(local, remote))
@@ -290,6 +294,18 @@
self.assertEqual('t', adb.shell("FOO=a BAR=b echo t").strip())
self.assertEqual('123Linux', adb.shell("echo -n 123\;uname").strip())
+ def test_install_argument_escaping(self):
+ """Make sure that install argument escaping works."""
+ adb = AdbWrapper()
+
+ # http://b/20323053
+ tf = tempfile.NamedTemporaryFile("w", suffix="-text;ls;1.apk")
+ self.assertIn("-text;ls;1.apk", adb.install(tf.name))
+
+ # http://b/3090932
+ tf = tempfile.NamedTemporaryFile("w", suffix="-Live Hold'em.apk")
+ self.assertIn("-Live Hold'em.apk", adb.install(tf.name))
+
class AdbFile(unittest.TestCase):
SCRATCH_DIR = "/data/local/tmp"
diff --git a/debuggerd/backtrace.cpp b/debuggerd/backtrace.cpp
index c2a1dbc..b8084c5 100644
--- a/debuggerd/backtrace.cpp
+++ b/debuggerd/backtrace.cpp
@@ -14,6 +14,8 @@
* limitations under the License.
*/
+#define LOG_TAG "DEBUG"
+
#include <stddef.h>
#include <stdlib.h>
#include <string.h>
@@ -26,8 +28,11 @@
#include <sys/types.h>
#include <sys/ptrace.h>
+#include <memory>
+
#include <backtrace/Backtrace.h>
-#include <UniquePtr.h>
+
+#include <log/log.h>
#include "backtrace.h"
@@ -92,9 +97,11 @@
return;
}
- UniquePtr<Backtrace> backtrace(Backtrace::Create(tid, BACKTRACE_CURRENT_THREAD));
+ std::unique_ptr<Backtrace> backtrace(Backtrace::Create(tid, BACKTRACE_CURRENT_THREAD));
if (backtrace->Unwind(0)) {
dump_backtrace_to_log(backtrace.get(), log, " ");
+ } else {
+ ALOGE("Unwind failed: tid = %d", tid);
}
if (!attached && ptrace(PTRACE_DETACH, tid, 0, 0) != 0) {
diff --git a/debuggerd/tombstone.cpp b/debuggerd/tombstone.cpp
index b7e6b17..ccdfe85 100644
--- a/debuggerd/tombstone.cpp
+++ b/debuggerd/tombstone.cpp
@@ -32,6 +32,9 @@
#include <sys/stat.h>
#include <sys/un.h>
+#include <memory>
+#include <string>
+
#include <private/android_filesystem_config.h>
#include <base/stringprintf.h>
@@ -45,10 +48,6 @@
#include <selinux/android.h>
-#include <UniquePtr.h>
-
-#include <string>
-
#include "backtrace.h"
#include "elf_utils.h"
#include "machine.h"
@@ -445,9 +444,11 @@
dump_thread_info(log, pid, new_tid);
dump_registers(log, new_tid);
- UniquePtr<Backtrace> backtrace(Backtrace::Create(pid, new_tid, map));
+ std::unique_ptr<Backtrace> backtrace(Backtrace::Create(pid, new_tid, map));
if (backtrace->Unwind(0)) {
dump_backtrace_and_stack(backtrace.get(), log);
+ } else {
+ ALOGE("Unwind of sibling failed: pid = %d, tid = %d", pid, new_tid);
}
log->current_tid = log->crashed_tid;
@@ -644,15 +645,19 @@
dump_signal_info(log, tid, signal, si_code);
}
- UniquePtr<BacktraceMap> map(BacktraceMap::Create(pid));
- UniquePtr<Backtrace> backtrace(Backtrace::Create(pid, tid, map.get()));
+ std::unique_ptr<BacktraceMap> map(BacktraceMap::Create(pid));
+ std::unique_ptr<Backtrace> backtrace(Backtrace::Create(pid, tid, map.get()));
dump_abort_message(backtrace.get(), log, abort_msg_address);
dump_registers(log, tid);
if (backtrace->Unwind(0)) {
dump_backtrace_and_stack(backtrace.get(), log);
+ } else {
+ ALOGE("Unwind failed: pid = %d, tid = %d", pid, tid);
}
dump_memory_and_code(log, tid);
- dump_all_maps(backtrace.get(), map.get(), log, tid);
+ if (map.get() != nullptr) {
+ dump_all_maps(backtrace.get(), map.get(), log, tid);
+ }
if (want_logs) {
dump_logs(log, pid, 5);
diff --git a/gatekeeperd/Android.mk b/gatekeeperd/Android.mk
index f743cc3..be3d6fc 100644
--- a/gatekeeperd/Android.mk
+++ b/gatekeeperd/Android.mk
@@ -18,14 +18,16 @@
include $(CLEAR_VARS)
LOCAL_CFLAGS := -Wall -Wextra -Werror -Wunused
-LOCAL_SRC_FILES := IGateKeeperService.cpp gatekeeperd.cpp
+LOCAL_SRC_FILES := SoftGateKeeperDevice.cpp IGateKeeperService.cpp gatekeeperd.cpp
LOCAL_MODULE := gatekeeperd
LOCAL_SHARED_LIBRARIES := \
libbinder \
+ libgatekeeper \
liblog \
libhardware \
libutils \
+ libcrypto \
libkeystore_binder
-LOCAL_C_INCLUDES := \
- system/gatekeeper/include
+LOCAL_STATIC_LIBRARIES := libscrypt_static
+LOCAL_C_INCLUDES := external/scrypt/lib/crypto
include $(BUILD_EXECUTABLE)
diff --git a/gatekeeperd/SoftGateKeeperDevice.cpp b/gatekeeperd/SoftGateKeeperDevice.cpp
new file mode 100644
index 0000000..b96bf8d
--- /dev/null
+++ b/gatekeeperd/SoftGateKeeperDevice.cpp
@@ -0,0 +1,100 @@
+/*
+ * Copyright (C) 2015 The Android Open Source Project
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+#include <gatekeeper/soft_gatekeeper.h>
+
+#include "SoftGateKeeperDevice.h"
+
+namespace android {
+
+int SoftGateKeeperDevice::enroll(uint32_t uid,
+ const uint8_t *current_password_handle, uint32_t current_password_handle_length,
+ const uint8_t *current_password, uint32_t current_password_length,
+ const uint8_t *desired_password, uint32_t desired_password_length,
+ uint8_t **enrolled_password_handle, uint32_t *enrolled_password_handle_length) {
+
+ if (enrolled_password_handle == NULL || enrolled_password_handle_length == NULL ||
+ desired_password == NULL || desired_password_length == 0)
+ return -EINVAL;
+
+ // Current password and current password handle go together
+ if (current_password_handle == NULL || current_password_handle_length == 0 ||
+ current_password == NULL || current_password_length == 0) {
+ current_password_handle = NULL;
+ current_password_handle_length = 0;
+ current_password = NULL;
+ current_password_length = 0;
+ }
+
+ SizedBuffer desired_password_buffer(desired_password_length);
+ memcpy(desired_password_buffer.buffer.get(), desired_password, desired_password_length);
+
+ SizedBuffer current_password_handle_buffer(current_password_handle_length);
+ if (current_password_handle) {
+ memcpy(current_password_handle_buffer.buffer.get(), current_password_handle,
+ current_password_handle_length);
+ }
+
+ SizedBuffer current_password_buffer(current_password_length);
+ if (current_password) {
+ memcpy(current_password_buffer.buffer.get(), current_password, current_password_length);
+ }
+
+ EnrollRequest request(uid, ¤t_password_handle_buffer, &desired_password_buffer,
+ ¤t_password_buffer);
+ EnrollResponse response;
+
+ impl_->Enroll(request, &response);
+
+ if (response.error != ERROR_NONE)
+ return -EINVAL;
+
+ *enrolled_password_handle = response.enrolled_password_handle.buffer.release();
+ *enrolled_password_handle_length = response.enrolled_password_handle.length;
+ return 0;
+}
+
+int SoftGateKeeperDevice::verify(uint32_t uid,
+ uint64_t challenge, const uint8_t *enrolled_password_handle,
+ uint32_t enrolled_password_handle_length, const uint8_t *provided_password,
+ uint32_t provided_password_length, uint8_t **auth_token, uint32_t *auth_token_length) {
+
+ if (enrolled_password_handle == NULL ||
+ provided_password == NULL) {
+ return -EINVAL;
+ }
+
+ SizedBuffer password_handle_buffer(enrolled_password_handle_length);
+ memcpy(password_handle_buffer.buffer.get(), enrolled_password_handle,
+ enrolled_password_handle_length);
+ SizedBuffer provided_password_buffer(provided_password_length);
+ memcpy(provided_password_buffer.buffer.get(), provided_password, provided_password_length);
+
+ VerifyRequest request(uid, challenge, &password_handle_buffer, &provided_password_buffer);
+ VerifyResponse response;
+
+ impl_->Verify(request, &response);
+
+ if (response.error != ERROR_NONE)
+ return -EINVAL;
+
+ if (auth_token != NULL && auth_token_length != NULL) {
+ *auth_token = response.auth_token.buffer.release();
+ *auth_token_length = response.auth_token.length;
+ }
+
+ return 0;
+}
+} // namespace android
diff --git a/gatekeeperd/SoftGateKeeperDevice.h b/gatekeeperd/SoftGateKeeperDevice.h
new file mode 100644
index 0000000..c0b5047
--- /dev/null
+++ b/gatekeeperd/SoftGateKeeperDevice.h
@@ -0,0 +1,75 @@
+/*
+ * Copyright 2015 The Android Open Source Project
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+#ifndef SOFT_GATEKEEPER_DEVICE_H_
+#define SOFT_GATEKEEPER_DEVICE_H_
+
+#include <gatekeeper/soft_gatekeeper.h>
+#include <UniquePtr.h>
+
+using namespace gatekeeper;
+
+namespace android {
+
+/**
+ * Software based GateKeeper implementation
+ */
+class SoftGateKeeperDevice {
+public:
+ SoftGateKeeperDevice() {
+ impl_.reset(new SoftGateKeeper());
+ }
+
+ // Wrappers to translate the gatekeeper HAL API to the Kegyuard Messages API.
+
+ /**
+ * Enrolls password_payload, which should be derived from a user selected pin or password,
+ * with the authentication factor private key used only for enrolling authentication
+ * factor data.
+ *
+ * Returns: 0 on success or an error code less than 0 on error.
+ * On error, enrolled_password_handle will not be allocated.
+ */
+ int enroll(uint32_t uid,
+ const uint8_t *current_password_handle, uint32_t current_password_handle_length,
+ const uint8_t *current_password, uint32_t current_password_length,
+ const uint8_t *desired_password, uint32_t desired_password_length,
+ uint8_t **enrolled_password_handle, uint32_t *enrolled_password_handle_length);
+
+ /**
+ * Verifies provided_password matches enrolled_password_handle.
+ *
+ * Implementations of this module may retain the result of this call
+ * to attest to the recency of authentication.
+ *
+ * On success, writes the address of a verification token to auth_token,
+ * usable to attest password verification to other trusted services. Clients
+ * may pass NULL for this value.
+ *
+ * Returns: 0 on success or an error code less than 0 on error
+ * On error, verification token will not be allocated
+ */
+ int verify(uint32_t uid, uint64_t challenge,
+ const uint8_t *enrolled_password_handle, uint32_t enrolled_password_handle_length,
+ const uint8_t *provided_password, uint32_t provided_password_length,
+ uint8_t **auth_token, uint32_t *auth_token_length);
+private:
+ UniquePtr<GateKeeper> impl_;
+};
+
+} // namespace gatekeeper
+
+#endif //SOFT_GATEKEEPER_DEVICE_H_
diff --git a/gatekeeperd/gatekeeperd.cpp b/gatekeeperd/gatekeeperd.cpp
index 75cd225..72c7ba2 100644
--- a/gatekeeperd/gatekeeperd.cpp
+++ b/gatekeeperd/gatekeeperd.cpp
@@ -38,6 +38,8 @@
#include <hardware/gatekeeper.h>
#include <hardware/hw_auth_token.h>
+#include "SoftGateKeeperDevice.h"
+
namespace android {
static const String16 KEYGUARD_PERMISSION("android.permission.ACCESS_KEYGUARD_SECURE_STORAGE");
@@ -47,15 +49,18 @@
public:
GateKeeperProxy() {
int ret = hw_get_module_by_class(GATEKEEPER_HARDWARE_MODULE_ID, NULL, &module);
- if (ret < 0)
- LOG_ALWAYS_FATAL_IF(ret < 0, "Unable to find GateKeeper HAL");
- ret = gatekeeper_open(module, &device);
- if (ret < 0)
- LOG_ALWAYS_FATAL_IF(ret < 0, "Unable to open GateKeeper HAL");
+ if (ret < 0) {
+ ALOGW("falling back to software GateKeeper");
+ soft_device.reset(new SoftGateKeeperDevice());
+ } else {
+ ret = gatekeeper_open(module, &device);
+ if (ret < 0)
+ LOG_ALWAYS_FATAL_IF(ret < 0, "Unable to open GateKeeper HAL");
+ }
}
virtual ~GateKeeperProxy() {
- gatekeeper_close(device);
+ if (device) gatekeeper_close(device);
}
void store_sid(uint32_t uid, uint64_t sid) {
@@ -111,11 +116,22 @@
// need a desired password to enroll
if (desired_password_length == 0) return -EINVAL;
- int ret = device->enroll(device, uid,
- current_password_handle, current_password_handle_length,
- current_password, current_password_length,
- desired_password, desired_password_length,
- enrolled_password_handle, enrolled_password_handle_length);
+
+ int ret;
+ if (device) {
+ ret = device->enroll(device, uid,
+ current_password_handle, current_password_handle_length,
+ current_password, current_password_length,
+ desired_password, desired_password_length,
+ enrolled_password_handle, enrolled_password_handle_length);
+ } else {
+ ret = soft_device->enroll(uid,
+ current_password_handle, current_password_handle_length,
+ current_password, current_password_length,
+ desired_password, desired_password_length,
+ enrolled_password_handle, enrolled_password_handle_length);
+ }
+
if (ret >= 0) {
gatekeeper::password_handle_t *handle =
reinterpret_cast<gatekeeper::password_handle_t *>(*enrolled_password_handle);
@@ -150,9 +166,16 @@
if ((enrolled_password_handle_length | provided_password_length) == 0)
return -EINVAL;
- int ret = device->verify(device, uid, challenge,
+ int ret;
+ if (device) {
+ ret = device->verify(device, uid, challenge,
enrolled_password_handle, enrolled_password_handle_length,
provided_password, provided_password_length, auth_token, auth_token_length);
+ } else {
+ ret = soft_device->verify(uid, challenge,
+ enrolled_password_handle, enrolled_password_handle_length,
+ provided_password, provided_password_length, auth_token, auth_token_length);
+ }
if (ret >= 0 && *auth_token != NULL && *auth_token_length > 0) {
// TODO: cache service?
@@ -214,6 +237,7 @@
private:
gatekeeper_device_t *device;
+ UniquePtr<SoftGateKeeperDevice> soft_device;
const hw_module_t *module;
};
}// namespace android
diff --git a/init/init.cpp b/init/init.cpp
index dd74538..5185f77 100644
--- a/init/init.cpp
+++ b/init/init.cpp
@@ -618,7 +618,10 @@
Timer t;
NOTICE("Waiting for %s...\n", COLDBOOT_DONE);
- if (wait_for_file(COLDBOOT_DONE, COMMAND_RETRY_TIMEOUT)) {
+ // Any longer than 1s is an unreasonable length of time to delay booting.
+ // If you're hitting this timeout, check that you didn't make your
+ // sepolicy regular expressions too expensive (http://b/19899875).
+ if (wait_for_file(COLDBOOT_DONE, 1)) {
ERROR("Timed out waiting for %s\n", COLDBOOT_DONE);
}
diff --git a/libbacktrace/Backtrace.cpp b/libbacktrace/Backtrace.cpp
index 4e4003e..128bb04 100644
--- a/libbacktrace/Backtrace.cpp
+++ b/libbacktrace/Backtrace.cpp
@@ -114,7 +114,9 @@
}
void Backtrace::FillInMap(uintptr_t pc, backtrace_map_t* map) {
- map_->FillIn(pc, map);
+ if (map_ != nullptr) {
+ map_->FillIn(pc, map);
+ }
}
Backtrace* Backtrace::Create(pid_t pid, pid_t tid, BacktraceMap* map) {
diff --git a/libbacktrace/BacktraceCurrent.cpp b/libbacktrace/BacktraceCurrent.cpp
index 14f04de..95cd4d1 100644
--- a/libbacktrace/BacktraceCurrent.cpp
+++ b/libbacktrace/BacktraceCurrent.cpp
@@ -65,6 +65,11 @@
}
bool BacktraceCurrent::Unwind(size_t num_ignore_frames, ucontext_t* ucontext) {
+ if (GetMap() == nullptr) {
+ // Without a map object, we can't do anything.
+ return false;
+ }
+
if (ucontext) {
return UnwindFromContext(num_ignore_frames, ucontext);
}
diff --git a/libbacktrace/UnwindPtrace.cpp b/libbacktrace/UnwindPtrace.cpp
index a7c3de5..07c2430 100644
--- a/libbacktrace/UnwindPtrace.cpp
+++ b/libbacktrace/UnwindPtrace.cpp
@@ -48,6 +48,11 @@
}
bool UnwindPtrace::Unwind(size_t num_ignore_frames, ucontext_t* ucontext) {
+ if (GetMap() == nullptr) {
+ // Without a map object, we can't do anything.
+ return false;
+ }
+
if (ucontext) {
BACK_LOGW("Unwinding from a specified context not supported yet.");
return false;
diff --git a/libmincrypt/Android.mk b/libmincrypt/Android.mk
index 503bcb4..7906986 100644
--- a/libmincrypt/Android.mk
+++ b/libmincrypt/Android.mk
@@ -6,8 +6,6 @@
LOCAL_MODULE := libmincrypt
LOCAL_SRC_FILES := dsa_sig.c p256.c p256_ec.c p256_ecdsa.c rsa.c sha.c sha256.c
LOCAL_CFLAGS := -Wall -Werror
-# Clang's slp-vectorize phase has segmentation fault when compiling p256_ec.c.
-LOCAL_CLANG_CFLAGS += -fno-slp-vectorize
include $(BUILD_STATIC_LIBRARY)
include $(CLEAR_VARS)