Merge "Add support for getting TLS on all arches." into main
diff --git a/debuggerd/Android.bp b/debuggerd/Android.bp
index 3257a2c..0e62ceb 100644
--- a/debuggerd/Android.bp
+++ b/debuggerd/Android.bp
@@ -505,6 +505,7 @@
"libbase",
"libdebuggerd_client",
"liblog",
+ "libprocessgroup",
"libprocinfo",
],
diff --git a/debuggerd/debuggerd.cpp b/debuggerd/debuggerd.cpp
index 0d4b91f..7a2500c 100644
--- a/debuggerd/debuggerd.cpp
+++ b/debuggerd/debuggerd.cpp
@@ -23,11 +23,11 @@
#include <string_view>
#include <thread>
-#include <android-base/file.h>
#include <android-base/logging.h>
#include <android-base/parseint.h>
#include <android-base/unique_fd.h>
#include <debuggerd/client.h>
+#include <processgroup/processgroup.h>
#include <procinfo/process.h>
#include "util.h"
@@ -92,13 +92,8 @@
}
// unfreeze if pid is frozen.
- const std::string freeze_file = android::base::StringPrintf(
- "/sys/fs/cgroup/uid_%d/pid_%d/cgroup.freeze", proc_info.uid, proc_info.pid);
- if (std::string freeze_status;
- android::base::ReadFileToString(freeze_file, &freeze_status) && freeze_status[0] == '1') {
- android::base::WriteStringToFile("0", freeze_file);
- // we don't restore the frozen state as this is considered a benign change.
- }
+ SetProcessProfiles(proc_info.uid, proc_info.pid, {"Unfrozen"});
+ // we don't restore the frozen state as this is considered a benign change.
unique_fd output_fd(fcntl(STDOUT_FILENO, F_DUPFD_CLOEXEC, 0));
if (output_fd.get() == -1) {
diff --git a/gatekeeperd/fuzzer/GateKeeperServiceFuzzer.cpp b/gatekeeperd/fuzzer/GateKeeperServiceFuzzer.cpp
index bc0d5fe..a3cc3f3 100644
--- a/gatekeeperd/fuzzer/GateKeeperServiceFuzzer.cpp
+++ b/gatekeeperd/fuzzer/GateKeeperServiceFuzzer.cpp
@@ -22,6 +22,8 @@
using android::GateKeeperProxy;
extern "C" int LLVMFuzzerTestOneInput(const uint8_t* data, size_t size) {
+ // TODO(b/183141167): need to rewrite 'dump' to avoid SIGPIPE.
+ signal(SIGPIPE, SIG_IGN);
auto gatekeeperService = new GateKeeperProxy();
fuzzService(gatekeeperService, FuzzedDataProvider(data, size));
return 0;
diff --git a/init/Android.bp b/init/Android.bp
index 4ee3be2..ed19b4b 100644
--- a/init/Android.bp
+++ b/init/Android.bp
@@ -268,7 +268,6 @@
cc_defaults {
name: "init_second_stage_defaults",
- recovery_available: true,
stem: "init",
defaults: ["init_defaults"],
srcs: ["main.cpp"],
@@ -280,37 +279,38 @@
defaults: ["init_second_stage_defaults"],
static_libs: ["libinit"],
visibility: ["//visibility:any_system_partition"],
- target: {
- platform: {
- required: [
- "init.rc",
- "ueventd.rc",
- "e2fsdroid",
- "extra_free_kbytes",
- "make_f2fs",
- "mke2fs",
- "sload_f2fs",
- ],
- },
- recovery: {
- cflags: ["-DRECOVERY"],
- exclude_static_libs: [
- "libxml2",
- ],
- exclude_shared_libs: [
- "libbinder",
- "libutils",
- ],
- required: [
- "init_recovery.rc",
- "ueventd.rc.recovery",
- "e2fsdroid.recovery",
- "make_f2fs.recovery",
- "mke2fs.recovery",
- "sload_f2fs.recovery",
- ],
- },
- },
+ required: [
+ "init.rc",
+ "ueventd.rc",
+ "e2fsdroid",
+ "extra_free_kbytes",
+ "make_f2fs",
+ "mke2fs",
+ "sload_f2fs",
+ ],
+}
+
+cc_binary {
+ name: "init_second_stage.recovery",
+ defaults: ["init_second_stage_defaults"],
+ static_libs: ["libinit"],
+ recovery: true,
+ cflags: ["-DRECOVERY"],
+ exclude_static_libs: [
+ "libxml2",
+ ],
+ exclude_shared_libs: [
+ "libbinder",
+ "libutils",
+ ],
+ required: [
+ "init_recovery.rc",
+ "ueventd.rc.recovery",
+ "e2fsdroid.recovery",
+ "make_f2fs.recovery",
+ "mke2fs.recovery",
+ "sload_f2fs.recovery",
+ ],
}
cc_binary {
@@ -319,7 +319,6 @@
"avf_build_flags_cc",
"init_second_stage_defaults",
],
- recovery_available: false,
static_libs: ["libinit.microdroid"],
cflags: ["-DMICRODROID=1"],
no_full_install: true,
diff --git a/reboot/Android.bp b/reboot/Android.bp
index 7b243bd..1cca824 100644
--- a/reboot/Android.bp
+++ b/reboot/Android.bp
@@ -4,10 +4,25 @@
default_applicable_licenses: ["Android-Apache-2.0"],
}
-cc_binary {
- name: "reboot",
+cc_defaults {
+ name: "reboot_defaults",
srcs: ["reboot.c"],
shared_libs: ["libcutils"],
cflags: ["-Werror"],
- recovery_available: true,
+}
+
+cc_binary {
+ name: "reboot",
+ defaults: [
+ "reboot_defaults",
+ ],
+}
+
+cc_binary {
+ name: "reboot.recovery",
+ defaults: [
+ "reboot_defaults",
+ ],
+ recovery: true,
+ stem: "reboot",
}
diff --git a/rootdir/Android.bp b/rootdir/Android.bp
index 44acbba..d3db2ff 100644
--- a/rootdir/Android.bp
+++ b/rootdir/Android.bp
@@ -47,7 +47,13 @@
prebuilt_etc {
name: "ueventd.rc",
src: "ueventd.rc",
- recovery_available: true,
+}
+
+prebuilt_etc {
+ name: "ueventd.rc.recovery",
+ src: "ueventd.rc",
+ recovery: true,
+ filename: "ueventd.rc",
}
filegroup {
diff --git a/rootdir/init.rc b/rootdir/init.rc
index e487797..ae6a658 100644
--- a/rootdir/init.rc
+++ b/rootdir/init.rc
@@ -1004,6 +1004,11 @@
exec_start system_aconfigd_mainline_init
start system_aconfigd_socket_service
+ # start mainline aconfigd init, after transition, the above system_aconfigd_mainline_init
+ # will be deprecated
+ exec_start mainline_aconfigd_init
+ start mainline_aconfigd_socket_service
+
# Create directories for boot animation.
mkdir /data/misc/bootanim 0755 system system
diff --git a/shell_and_utilities/Android.bp b/shell_and_utilities/Android.bp
index 1f5c179..0a1f7c5 100644
--- a/shell_and_utilities/Android.bp
+++ b/shell_and_utilities/Android.bp
@@ -43,9 +43,10 @@
required: [
"sh.recovery",
"toolbox.recovery",
- "toybox.recovery",
+ "toybox_recovery",
"ziptool.recovery",
],
+ recovery: true,
}
phony {
diff --git a/toolbox/Android.bp b/toolbox/Android.bp
index 120cc6e..3142542 100644
--- a/toolbox/Android.bp
+++ b/toolbox/Android.bp
@@ -68,11 +68,17 @@
cc_binary {
name: "toolbox",
defaults: ["toolbox_binary_defaults"],
- recovery_available: true,
vendor_ramdisk_available: true,
}
cc_binary {
+ name: "toolbox.recovery",
+ defaults: ["toolbox_binary_defaults"],
+ recovery: true,
+ stem: "toolbox",
+}
+
+cc_binary {
name: "toolbox_vendor",
stem: "toolbox",
vendor: true,
diff --git a/trusty/secretkeeper/Android.bp b/trusty/secretkeeper/Android.bp
index 6523eda..d399bf8 100644
--- a/trusty/secretkeeper/Android.bp
+++ b/trusty/secretkeeper/Android.bp
@@ -27,18 +27,16 @@
"src/hal_main.rs",
],
rustlibs: [
+ "android.hardware.security.secretkeeper-V1-rust",
"libandroid_logger",
"libauthgraph_hal",
"libauthgraph_wire",
"libbinder_rs",
"liblibc",
"liblog_rust",
- "libsecretkeeper_hal",
+ "libsecretkeeper_hal_v1",
"libtrusty-rs",
],
- defaults: [
- "secretkeeper_use_latest_hal_aidl_rust",
- ],
prefer_rlib: true,
}
diff --git a/trusty/trusty-storage-cf.mk b/trusty/trusty-storage-cf.mk
index 3b46445..acefd3e 100644
--- a/trusty/trusty-storage-cf.mk
+++ b/trusty/trusty-storage-cf.mk
@@ -22,4 +22,5 @@
PRODUCT_PACKAGES += \
storageproxyd.system \
rpmb_dev.system \
+ rpmb_dev.test.system \
diff --git a/trusty/utils/rpmb_dev/Android.bp b/trusty/utils/rpmb_dev/Android.bp
index ef23cc5..2f362e8 100644
--- a/trusty/utils/rpmb_dev/Android.bp
+++ b/trusty/utils/rpmb_dev/Android.bp
@@ -58,3 +58,12 @@
"rpmb_dev.wv.system.rc",
],
}
+
+cc_binary {
+ name: "rpmb_dev.test.system",
+ defaults: ["rpmb_dev.cc_defaults"],
+ system_ext_specific: true,
+ init_rc: [
+ "rpmb_dev.test.system.rc",
+ ],
+}
diff --git a/trusty/utils/rpmb_dev/rpmb_dev.test.system.rc b/trusty/utils/rpmb_dev/rpmb_dev.test.system.rc
new file mode 100644
index 0000000..2127798
--- /dev/null
+++ b/trusty/utils/rpmb_dev/rpmb_dev.test.system.rc
@@ -0,0 +1,56 @@
+service trusty_test_vm /apex/com.android.virt/bin/vm run \
+ /data/local/tmp/TrustyTestVM_UnitTests/trusty-test_vm-config.json
+ disabled
+ user system
+ group system
+
+service storageproxyd_test_system /system_ext/bin/storageproxyd.system \
+ -d VSOCK:${trusty.test_vm.vm_cid}:1 \
+ -r /dev/socket/rpmb_mock_test_system \
+ -p /data/secure_storage_test_system \
+ -t sock
+ disabled
+ class hal
+ user system
+ group system
+
+service rpmb_mock_init_test_system /system_ext/bin/rpmb_dev.test.system \
+ --dev /mnt/secure_storage_rpmb_test_system/persist/RPMB_DATA --init --size 2048
+ disabled
+ user system
+ group system
+ oneshot
+
+service rpmb_mock_test_system /system_ext/bin/rpmb_dev.test.system \
+ --dev /mnt/secure_storage_rpmb_test_system/persist/RPMB_DATA \
+ --sock rpmb_mock_test_system
+ disabled
+ user system
+ group system
+ socket rpmb_mock_test_system stream 660 system system
+
+# RPMB Mock
+on post-fs-data
+ # Create a persistent location for the RPMB data
+ # (work around lack of RPMb block device on CF).
+ # file contexts secure_storage_rpmb_system_file
+ # (only used on Cuttlefish as this is non secure)
+ mkdir /metadata/secure_storage_rpmb_test_system 0770 system system
+ mkdir /mnt/secure_storage_rpmb_test_system 0770 system system
+ symlink /metadata/secure_storage_rpmb_test_system \
+ /mnt/secure_storage_rpmb_test_system/persist
+ # Create a system persist directory in /metadata
+ # (work around lack of dedicated system persist partition).
+ # file contexts secure_storage_persist_system_file
+ mkdir /metadata/secure_storage_persist_test_system 0770 system system
+ mkdir /mnt/secure_storage_persist_test_system 0770 system system
+ symlink /metadata/secure_storage_persist_test_system \
+ /mnt/secure_storage_persist_test_system/persist
+ # file contexts secure_storage_system_file
+ mkdir /data/secure_storage_test_system 0770 root system
+ symlink /mnt/secure_storage_persist_test_system/persist \
+ /data/secure_storage_test_system/persist
+ chown root system /data/secure_storage_test_system/persist
+ # setprop storageproxyd_test_system.trusty_ipc_dev VSOCK:${trusty.test_vm.vm_cid}:1
+ exec_start rpmb_mock_init_test_system
+ start rpmb_mock_test_system
diff --git a/watchdogd/Android.bp b/watchdogd/Android.bp
index 0388208..bc7ffb6 100644
--- a/watchdogd/Android.bp
+++ b/watchdogd/Android.bp
@@ -2,9 +2,8 @@
default_applicable_licenses: ["Android-Apache-2.0"],
}
-cc_binary {
- name: "watchdogd",
- recovery_available: true,
+cc_defaults {
+ name: "watchdogd_defaults",
srcs: ["watchdogd.cpp"],
cflags: [
"-Wall",
@@ -16,3 +15,19 @@
misc_undefined: ["signed-integer-overflow"],
},
}
+
+cc_binary {
+ name: "watchdogd",
+ defaults: [
+ "watchdogd_defaults",
+ ],
+}
+
+cc_binary {
+ name: "watchdogd.recovery",
+ defaults: [
+ "watchdogd_defaults",
+ ],
+ recovery: true,
+ stem: "watchdogd",
+}