[automerger skipped] Add AID for PRNG seeder daemon. am: 046a809a90 -s ours am: 309102b314 -s ours
am skip reason: Merged-In I4d526844b232fc2a1fa5ffd701ca5bc5c09e7e96 with SHA-1 6cb61610e6 is already in history
Original change: https://googleplex-android-review.googlesource.com/c/platform/system/core/+/20112204
Change-Id: I5682ab714c62dadce6bbcd031059b6dbe5c13ee5
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
diff --git a/fs_mgr/libsnapshot/partition_cow_creator.cpp b/fs_mgr/libsnapshot/partition_cow_creator.cpp
index 7057223..5bc7e65 100644
--- a/fs_mgr/libsnapshot/partition_cow_creator.cpp
+++ b/fs_mgr/libsnapshot/partition_cow_creator.cpp
@@ -131,15 +131,28 @@
return is_optimized;
}
-void WriteExtent(DmSnapCowSizeCalculator* sc, const chromeos_update_engine::Extent& de,
+bool WriteExtent(DmSnapCowSizeCalculator* sc, const chromeos_update_engine::Extent& de,
unsigned int sectors_per_block) {
const auto block_boundary = de.start_block() + de.num_blocks();
for (auto b = de.start_block(); b < block_boundary; ++b) {
for (unsigned int s = 0; s < sectors_per_block; ++s) {
- const auto sector_id = b * sectors_per_block + s;
+ // sector_id = b * sectors_per_block + s;
+ uint64_t block_start_sector_id;
+ if (__builtin_mul_overflow(b, sectors_per_block, &block_start_sector_id)) {
+ LOG(ERROR) << "Integer overflow when calculating sector id (" << b << " * "
+ << sectors_per_block << ")";
+ return false;
+ }
+ uint64_t sector_id;
+ if (__builtin_add_overflow(block_start_sector_id, s, §or_id)) {
+ LOG(ERROR) << "Integer overflow when calculating sector id ("
+ << block_start_sector_id << " + " << s << ")";
+ return false;
+ }
sc->WriteSector(sector_id);
}
}
+ return true;
}
std::optional<uint64_t> PartitionCowCreator::GetCowSize() {
@@ -167,7 +180,7 @@
// Allocate space for extra extents (if any). These extents are those that can be
// used for error corrections or to store verity hash trees.
for (const auto& de : extra_extents) {
- WriteExtent(&sc, de, sectors_per_block);
+ if (!WriteExtent(&sc, de, sectors_per_block)) return std::nullopt;
}
if (update == nullptr) return sc.cow_size_bytes();
@@ -182,7 +195,7 @@
}
for (const auto& de : written_op->dst_extents()) {
- WriteExtent(&sc, de, sectors_per_block);
+ if (!WriteExtent(&sc, de, sectors_per_block)) return std::nullopt;
}
}
diff --git a/libprocessgroup/include/processgroup/processgroup.h b/libprocessgroup/include/processgroup/processgroup.h
index 45a723f..f3cd421 100644
--- a/libprocessgroup/include/processgroup/processgroup.h
+++ b/libprocessgroup/include/processgroup/processgroup.h
@@ -35,6 +35,7 @@
bool SetTaskProfiles(int tid, const std::vector<std::string>& profiles, bool use_fd_cache = false);
bool SetProcessProfiles(uid_t uid, pid_t pid, const std::vector<std::string>& profiles);
+bool SetUserProfiles(uid_t uid, const std::vector<std::string>& profiles);
__END_DECLS
diff --git a/libprocessgroup/processgroup.cpp b/libprocessgroup/processgroup.cpp
index bdda102..393936c 100644
--- a/libprocessgroup/processgroup.cpp
+++ b/libprocessgroup/processgroup.cpp
@@ -195,6 +195,11 @@
return SetProcessProfiles(uid, pid, std::span<const std::string_view>(profiles_));
}
+bool SetUserProfiles(uid_t uid, const std::vector<std::string>& profiles) {
+ return TaskProfiles::GetInstance().SetUserProfiles(uid, std::span<const std::string>(profiles),
+ false);
+}
+
static std::string ConvertUidToPath(const char* cgroup, uid_t uid) {
return StringPrintf("%s/uid_%d", cgroup, uid);
}
diff --git a/libprocessgroup/task_profiles.cpp b/libprocessgroup/task_profiles.cpp
index 744710f..0fbfc8c 100644
--- a/libprocessgroup/task_profiles.cpp
+++ b/libprocessgroup/task_profiles.cpp
@@ -139,6 +139,17 @@
return true;
}
+bool ProfileAttribute::GetPathForUID(uid_t uid, std::string* path) const {
+ if (path == nullptr) {
+ return true;
+ }
+
+ const std::string& file_name =
+ controller()->version() == 2 && !file_v2_name_.empty() ? file_v2_name_ : file_name_;
+ *path = StringPrintf("%s/uid_%d/%s", controller()->path(), uid, file_name.c_str());
+ return true;
+}
+
bool SetClampsAction::ExecuteForProcess(uid_t, pid_t) const {
// TODO: add support when kernel supports util_clamp
LOG(WARNING) << "SetClampsAction::ExecuteForProcess is not supported";
@@ -225,6 +236,29 @@
return true;
}
+bool SetAttributeAction::ExecuteForUID(uid_t uid) const {
+ std::string path;
+
+ if (!attribute_->GetPathForUID(uid, &path)) {
+ LOG(ERROR) << "Failed to find cgroup for uid " << uid;
+ return false;
+ }
+
+ if (!WriteStringToFile(value_, path)) {
+ if (access(path.c_str(), F_OK) < 0) {
+ if (optional_) {
+ return true;
+ } else {
+ LOG(ERROR) << "No such cgroup attribute: " << path;
+ return false;
+ }
+ }
+ PLOG(ERROR) << "Failed to write '" << value_ << "' to " << path;
+ return false;
+ }
+ return true;
+}
+
SetCgroupAction::SetCgroupAction(const CgroupController& c, const std::string& p)
: controller_(c), path_(p) {
FdCacheHelper::Init(controller_.GetTasksFilePath(path_), fd_[ProfileAction::RCT_TASK]);
@@ -552,6 +586,16 @@
return true;
}
+bool TaskProfile::ExecuteForUID(uid_t uid) const {
+ for (const auto& element : elements_) {
+ if (!element->ExecuteForUID(uid)) {
+ LOG(VERBOSE) << "Applying profile action " << element->Name() << " failed";
+ return false;
+ }
+ }
+ return true;
+}
+
void TaskProfile::EnableResourceCaching(ProfileAction::ResourceCacheType cache_type) {
if (res_cached_) {
return;
@@ -805,6 +849,24 @@
}
template <typename T>
+bool TaskProfiles::SetUserProfiles(uid_t uid, std::span<const T> profiles, bool use_fd_cache) {
+ for (const auto& name : profiles) {
+ TaskProfile* profile = GetProfile(name);
+ if (profile != nullptr) {
+ if (use_fd_cache) {
+ profile->EnableResourceCaching(ProfileAction::RCT_PROCESS);
+ }
+ if (!profile->ExecuteForUID(uid)) {
+ PLOG(WARNING) << "Failed to apply " << name << " process profile";
+ }
+ } else {
+ PLOG(WARNING) << "Failed to find " << name << "process profile";
+ }
+ }
+ return true;
+}
+
+template <typename T>
bool TaskProfiles::SetProcessProfiles(uid_t uid, pid_t pid, std::span<const T> profiles,
bool use_fd_cache) {
bool success = true;
@@ -857,3 +919,5 @@
bool use_fd_cache);
template bool TaskProfiles::SetTaskProfiles(int tid, std::span<const std::string_view> profiles,
bool use_fd_cache);
+template bool TaskProfiles::SetUserProfiles(uid_t uid, std::span<const std::string> profiles,
+ bool use_fd_cache);
diff --git a/libprocessgroup/task_profiles.h b/libprocessgroup/task_profiles.h
index 85b3f91..a8ecb87 100644
--- a/libprocessgroup/task_profiles.h
+++ b/libprocessgroup/task_profiles.h
@@ -36,6 +36,7 @@
virtual const CgroupController* controller() const = 0;
virtual const std::string& file_name() const = 0;
virtual bool GetPathForTask(int tid, std::string* path) const = 0;
+ virtual bool GetPathForUID(uid_t uid, std::string* path) const = 0;
};
class ProfileAttribute : public IProfileAttribute {
@@ -53,6 +54,7 @@
void Reset(const CgroupController& controller, const std::string& file_name) override;
bool GetPathForTask(int tid, std::string* path) const override;
+ bool GetPathForUID(uid_t uid, std::string* path) const override;
private:
CgroupController controller_;
@@ -72,6 +74,7 @@
// Default implementations will fail
virtual bool ExecuteForProcess(uid_t, pid_t) const { return false; };
virtual bool ExecuteForTask(int) const { return false; };
+ virtual bool ExecuteForUID(uid_t) const { return false; };
virtual void EnableResourceCaching(ResourceCacheType) {}
virtual void DropResourceCaching(ResourceCacheType) {}
@@ -116,6 +119,7 @@
const char* Name() const override { return "SetAttribute"; }
bool ExecuteForProcess(uid_t uid, pid_t pid) const override;
bool ExecuteForTask(int tid) const override;
+ bool ExecuteForUID(uid_t uid) const override;
private:
const IProfileAttribute* attribute_;
@@ -179,6 +183,7 @@
bool ExecuteForProcess(uid_t uid, pid_t pid) const;
bool ExecuteForTask(int tid) const;
+ bool ExecuteForUID(uid_t uid) const;
void EnableResourceCaching(ProfileAction::ResourceCacheType cache_type);
void DropResourceCaching(ProfileAction::ResourceCacheType cache_type);
@@ -216,6 +221,8 @@
bool SetProcessProfiles(uid_t uid, pid_t pid, std::span<const T> profiles, bool use_fd_cache);
template <typename T>
bool SetTaskProfiles(int tid, std::span<const T> profiles, bool use_fd_cache);
+ template <typename T>
+ bool SetUserProfiles(uid_t uid, std::span<const T> profiles, bool use_fd_cache);
private:
TaskProfiles();
diff --git a/libprocessgroup/task_profiles_test.cpp b/libprocessgroup/task_profiles_test.cpp
index 09ac44c..aa74f9d 100644
--- a/libprocessgroup/task_profiles_test.cpp
+++ b/libprocessgroup/task_profiles_test.cpp
@@ -121,6 +121,10 @@
return true;
};
+ bool GetPathForUID(uid_t, std::string*) const override {
+ return false;
+ }
+
private:
const std::string file_name_;
};
diff --git a/libutils/Android.bp b/libutils/Android.bp
index c744b53..eb2a534 100644
--- a/libutils/Android.bp
+++ b/libutils/Android.bp
@@ -174,10 +174,6 @@
min_sdk_version: "apex_inherit",
afdo: true,
-
- header_abi_checker: {
- diff_flags: ["-allow-adding-removing-weak-symbols"],
- },
}
cc_library {
diff --git a/rootdir/init.rc b/rootdir/init.rc
index ec760d3..fe7f736 100644
--- a/rootdir/init.rc
+++ b/rootdir/init.rc
@@ -940,22 +940,28 @@
restorecon /data/media
exec - media_rw media_rw -- /system/bin/chattr +F /data/media
- # A tmpfs directory, which will contain all apps CE DE data directory that
- # bind mount from the original source.
+ # A tmpfs directory, which will contain all apps and sdk sandbox CE and DE
+ # data directory that bind mount from the original source.
mount tmpfs tmpfs /data_mirror nodev noexec nosuid mode=0700,uid=0,gid=1000
restorecon /data_mirror
mkdir /data_mirror/data_ce 0700 root root
mkdir /data_mirror/data_de 0700 root root
+ mkdir /data_mirror/misc_ce 0700 root root
+ mkdir /data_mirror/misc_de 0700 root root
# Create CE and DE data directory for default volume
mkdir /data_mirror/data_ce/null 0700 root root
mkdir /data_mirror/data_de/null 0700 root root
+ mkdir /data_mirror/misc_ce/null 0700 root root
+ mkdir /data_mirror/misc_de/null 0700 root root
# Bind mount CE and DE data directory to mirror's default volume directory.
# The 'slave' option (MS_SLAVE) is needed to cause the later bind mount of
# /data/data onto /data/user/0 to propagate to /data_mirror/data_ce/null/0.
mount none /data/user /data_mirror/data_ce/null bind rec slave
mount none /data/user_de /data_mirror/data_de/null bind rec
+ mount none /data/misc_ce /data_mirror/misc_ce/null bind rec
+ mount none /data/misc_de /data_mirror/misc_de/null bind rec
# Create mirror directory for jit profiles
mkdir /data_mirror/cur_profiles 0700 root root