Merge changes I43be5550,Ic40da64f,If8241959
* changes:
Refactor public_libraries.*
Introduce utils.h
Move public libraries list to a separate source file
diff --git a/base/Android.bp b/base/Android.bp
index 38f301a..d4268ca 100644
--- a/base/Android.bp
+++ b/base/Android.bp
@@ -29,6 +29,7 @@
vendor_available: true,
recovery_available: true,
host_supported: true,
+ native_bridge_supported: true,
export_include_dirs: ["include"],
target: {
@@ -100,6 +101,7 @@
vendor_available: true,
recovery_available: true,
host_supported: true,
+ native_bridge_supported: true,
vndk: {
enabled: true,
support_system_process: true,
diff --git a/fs_mgr/libfs_avb/fs_avb.cpp b/fs_mgr/libfs_avb/fs_avb.cpp
index 04776ed..c4d7511 100644
--- a/fs_mgr/libfs_avb/fs_avb.cpp
+++ b/fs_mgr/libfs_avb/fs_avb.cpp
@@ -338,6 +338,7 @@
nullptr /* custom_device_path */);
}
+// TODO(b/128807537): removes this function.
AvbUniquePtr AvbHandle::Open() {
bool is_device_unlocked = IsDeviceUnlocked();
@@ -353,25 +354,28 @@
AvbSlotVerifyResult verify_result =
avb_ops.AvbSlotVerify(fs_mgr_get_slot_suffix(), flags, &avb_handle->vbmeta_images_);
- // Only allow two verify results:
+ // Only allow the following verify results:
// - AVB_SLOT_VERIFY_RESULT_OK.
- // - AVB_SLOT_VERIFY_RESULT_ERROR_VERIFICATION (for UNLOCKED state).
- // If the device is UNLOCKED, i.e., |allow_verification_error| is true for
- // AvbSlotVerify(), then the following return values are all non-fatal:
- // * AVB_SLOT_VERIFY_RESULT_ERROR_VERIFICATION
- // * AVB_SLOT_VERIFY_RESULT_ERROR_PUBLIC_KEY_REJECTED
- // * AVB_SLOT_VERIFY_RESULT_ERROR_ROLLBACK_INDEX
- // The latter two results were checked by bootloader prior to start fs_mgr so
- // we just need to handle the first result here. See *dummy* operations in
- // FsManagerAvbOps and the comments in external/avb/libavb/avb_slot_verify.h
- // for more details.
+ // - AVB_SLOT_VERIFY_RESULT_ERROR_VERIFICATION (UNLOCKED only).
+ // Might occur in either the top-level vbmeta or a chained vbmeta.
+ // - AVB_SLOT_VERIFY_RESULT_ERROR_PUBLIC_KEY_REJECTED (UNLOCKED only).
+ // Could only occur in a chained vbmeta. Because we have *dummy* operations in
+ // FsManagerAvbOps such that avb_ops->validate_vbmeta_public_key() used to validate
+ // the public key of the top-level vbmeta always pass in userspace here.
+ //
+ // The following verify result won't happen, because the *dummy* operation
+ // avb_ops->read_rollback_index() always returns the minimum value zero. So rollbacked
+ // vbmeta images, which should be caught in the bootloader stage, won't be detected here.
+ // - AVB_SLOT_VERIFY_RESULT_ERROR_ROLLBACK_INDEX
switch (verify_result) {
case AVB_SLOT_VERIFY_RESULT_OK:
avb_handle->status_ = AvbHandleStatus::kSuccess;
break;
case AVB_SLOT_VERIFY_RESULT_ERROR_VERIFICATION:
+ case AVB_SLOT_VERIFY_RESULT_ERROR_PUBLIC_KEY_REJECTED:
if (!is_device_unlocked) {
- LERROR << "ERROR_VERIFICATION isn't allowed when the device is LOCKED";
+ LERROR << "ERROR_VERIFICATION / PUBLIC_KEY_REJECTED isn't allowed "
+ << "if the device is LOCKED";
return nullptr;
}
avb_handle->status_ = AvbHandleStatus::kVerificationError;
diff --git a/libcutils/fs_config.cpp b/libcutils/fs_config.cpp
index 6217bc8..9d8fa95 100644
--- a/libcutils/fs_config.cpp
+++ b/libcutils/fs_config.cpp
@@ -88,7 +88,6 @@
{ 00771, AID_SYSTEM, AID_SYSTEM, 0, "data" },
{ 00755, AID_ROOT, AID_SYSTEM, 0, "mnt" },
{ 00751, AID_ROOT, AID_SHELL, 0, "product/bin" },
- { 00750, AID_ROOT, AID_SHELL, 0, "sbin" },
{ 00777, AID_ROOT, AID_ROOT, 0, "sdcard" },
{ 00751, AID_ROOT, AID_SDCARD_R, 0, "storage" },
{ 00751, AID_ROOT, AID_SHELL, 0, "system/bin" },
@@ -171,7 +170,6 @@
{ 00600, AID_ROOT, AID_ROOT, 0, "product_services/build.prop" },
{ 00444, AID_ROOT, AID_ROOT, 0, product_services_conf_dir + 1 },
{ 00444, AID_ROOT, AID_ROOT, 0, product_services_conf_file + 1 },
- { 00750, AID_ROOT, AID_SHELL, 0, "sbin/fs_mgr" },
{ 00755, AID_ROOT, AID_SHELL, 0, "system/bin/crash_dump32" },
{ 00755, AID_ROOT, AID_SHELL, 0, "system/bin/crash_dump64" },
{ 00755, AID_ROOT, AID_SHELL, 0, "system/bin/debuggerd" },
@@ -217,7 +215,6 @@
{ 00640, AID_ROOT, AID_SHELL, 0, "fstab.*" },
{ 00750, AID_ROOT, AID_SHELL, 0, "init*" },
{ 00755, AID_ROOT, AID_SHELL, 0, "product/bin/*" },
- { 00750, AID_ROOT, AID_SHELL, 0, "sbin/*" },
{ 00755, AID_ROOT, AID_SHELL, 0, "system/bin/*" },
{ 00755, AID_ROOT, AID_SHELL, 0, "system/xbin/*" },
{ 00755, AID_ROOT, AID_SHELL, 0, "system/apex/*/bin/*" },
diff --git a/liblog/Android.bp b/liblog/Android.bp
index da475cb..53d3ab3 100644
--- a/liblog/Android.bp
+++ b/liblog/Android.bp
@@ -45,6 +45,7 @@
host_supported: true,
vendor_available: true,
recovery_available: true,
+ native_bridge_supported: true,
export_include_dirs: ["include"],
system_shared_libs: [],
stl: "none",
@@ -67,6 +68,7 @@
name: "liblog",
host_supported: true,
recovery_available: true,
+ native_bridge_supported: true,
srcs: liblog_sources,
target: {
@@ -138,6 +140,7 @@
llndk_library {
name: "liblog",
+ native_bridge_supported: true,
symbol_file: "liblog.map.txt",
export_include_dirs: ["include_vndk"],
}
diff --git a/libsysutils/Android.bp b/libsysutils/Android.bp
index da5d86c..ccda5d1 100644
--- a/libsysutils/Android.bp
+++ b/libsysutils/Android.bp
@@ -26,6 +26,19 @@
],
export_include_dirs: ["include"],
+
+ tidy: true,
+ tidy_checks: [
+ "-*",
+ "cert-*",
+ "clang-analyzer-security*",
+ "android-*",
+ ],
+ tidy_checks_as_errors: [
+ "cert-*",
+ "clang-analyzer-security*",
+ "android-*",
+ ],
}
cc_test {
diff --git a/libsysutils/src/NetlinkEvent.cpp b/libsysutils/src/NetlinkEvent.cpp
index 9dc2699..8fe7854 100644
--- a/libsysutils/src/NetlinkEvent.cpp
+++ b/libsysutils/src/NetlinkEvent.cpp
@@ -39,9 +39,12 @@
const int LOCAL_QLOG_NL_EVENT = 112;
const int LOCAL_NFLOG_PACKET = NFNL_SUBSYS_ULOG << 8 | NFULNL_MSG_PACKET;
+#include <android-base/parseint.h>
#include <log/log.h>
#include <sysutils/NetlinkEvent.h>
+using android::base::ParseInt;
+
NetlinkEvent::NetlinkEvent() {
mAction = Action::kUnknown;
memset(mParams, 0, sizeof(mParams));
@@ -301,8 +304,9 @@
raw = (char*)nlAttrData(payload);
}
- char* hex = (char*) calloc(1, 5 + (len * 2));
- strcpy(hex, "HEX=");
+ size_t hexSize = 5 + (len * 2);
+ char* hex = (char*)calloc(1, hexSize);
+ strlcpy(hex, "HEX=", hexSize);
for (int i = 0; i < len; i++) {
hex[4 + (i * 2)] = "0123456789abcdef"[(raw[i] >> 4) & 0xf];
hex[5 + (i * 2)] = "0123456789abcdef"[raw[i] & 0xf];
@@ -474,23 +478,20 @@
struct nd_opt_rdnss *rndss_opt = (struct nd_opt_rdnss *) opthdr;
const uint32_t lifetime = ntohl(rndss_opt->nd_opt_rdnss_lifetime);
- // Construct "SERVERS=<comma-separated string of DNS addresses>".
- static const char kServerTag[] = "SERVERS=";
- static const size_t kTagLength = strlen(kServerTag);
+ // Construct a comma-separated string of DNS addresses.
// Reserve sufficient space for an IPv6 link-local address: all but the
// last address are followed by ','; the last is followed by '\0'.
static const size_t kMaxSingleAddressLength =
INET6_ADDRSTRLEN + strlen("%") + IFNAMSIZ + strlen(",");
- const size_t bufsize = kTagLength + numaddrs * kMaxSingleAddressLength;
+ const size_t bufsize = numaddrs * kMaxSingleAddressLength;
char *buf = (char *) malloc(bufsize);
if (!buf) {
SLOGE("RDNSS option: out of memory\n");
return false;
}
- strcpy(buf, kServerTag);
- size_t pos = kTagLength;
struct in6_addr *addrs = (struct in6_addr *) (rndss_opt + 1);
+ size_t pos = 0;
for (int i = 0; i < numaddrs; i++) {
if (i > 0) {
buf[pos++] = ',';
@@ -508,7 +509,8 @@
mSubsystem = strdup("net");
asprintf(&mParams[0], "INTERFACE=%s", ifname);
asprintf(&mParams[1], "LIFETIME=%u", lifetime);
- mParams[2] = buf;
+ asprintf(&mParams[2], "SERVERS=%s", buf);
+ free(buf);
} else if (opthdr->nd_opt_type == ND_OPT_DNSSL) {
// TODO: support DNSSL.
} else {
@@ -634,7 +636,9 @@
else if (!strcmp(a, "change"))
mAction = Action::kChange;
} else if ((a = HAS_CONST_PREFIX(s, end, "SEQNUM=")) != nullptr) {
- mSeq = atoi(a);
+ if (!ParseInt(a, &mSeq)) {
+ SLOGE("NetlinkEvent::parseAsciiNetlinkMessage: failed to parse SEQNUM=%s", a);
+ }
} else if ((a = HAS_CONST_PREFIX(s, end, "SUBSYSTEM=")) != nullptr) {
mSubsystem = strdup(a);
} else if (param_idx < NL_PARAMS_MAX) {
diff --git a/libziparchive/Android.bp b/libziparchive/Android.bp
index 858c0bb..3843252 100644
--- a/libziparchive/Android.bp
+++ b/libziparchive/Android.bp
@@ -84,6 +84,7 @@
host_supported: true,
vendor_available: true,
recovery_available: true,
+ native_bridge_supported: true,
vndk: {
enabled: true,
},
diff --git a/property_service/libpropertyinfoparser/Android.bp b/property_service/libpropertyinfoparser/Android.bp
index 5c57d69..ac802b5 100644
--- a/property_service/libpropertyinfoparser/Android.bp
+++ b/property_service/libpropertyinfoparser/Android.bp
@@ -3,6 +3,7 @@
host_supported: true,
vendor_available: true,
recovery_available: true,
+ native_bridge_supported: true,
srcs: ["property_info_parser.cpp"],
cpp_std: "experimental",
diff --git a/rootdir/init.rc b/rootdir/init.rc
index bd3ef45..84fa46e 100644
--- a/rootdir/init.rc
+++ b/rootdir/init.rc
@@ -80,7 +80,9 @@
chmod 0664 /dev/stune/top-app/tasks
chmod 0664 /dev/stune/rt/tasks
- # Create blkio tuning nodes
+ # Create blkio group and apply initial settings.
+ # This feature needs kernel to support it, and the
+ # device's init.rc must actually set the correct values.
mkdir /dev/blkio/background
chown system system /dev/blkio
chown system system /dev/blkio/background
@@ -88,6 +90,10 @@
chown system system /dev/blkio/background/tasks
chmod 0664 /dev/blkio/tasks
chmod 0664 /dev/blkio/background/tasks
+ write /dev/blkio/blkio.weight 1000
+ write /dev/blkio/background/blkio.weight 500
+ write /dev/blkio/blkio.group_idle 0
+ write /dev/blkio/background/blkio.group_idle 0
restorecon_recursive /mnt