Snap for 13182071 from ac2ac367fb2fae339726fc3b108fbd8e1dd6ff33 to 25Q2-release
Change-Id: I6a50433da785f0000162e99fbb18c7e15c384cd7
diff --git a/fs_mgr/fs_mgr.cpp b/fs_mgr/fs_mgr.cpp
index a30d9c0..204e690 100644
--- a/fs_mgr/fs_mgr.cpp
+++ b/fs_mgr/fs_mgr.cpp
@@ -2023,6 +2023,84 @@
return InstallZramDevice(loop_device);
}
+// Check whether it is in recovery mode or not.
+//
+// This is a copy from util.h in libinit.
+//
+// You need to check ALL relevant executables calling this function has access to
+// "/system/bin/recovery" (including SELinux permissions and UNIX permissions).
+static bool IsRecovery() {
+ return access("/system/bin/recovery", F_OK) == 0;
+}
+
+// Decides whether swapon_all should skip setting up zram.
+//
+// swapon_all is deprecated to setup zram after mmd is launched. swapon_all command should skip
+// setting up zram if mmd is enabled by AConfig flag and mmd is configured to set up zram.
+static bool ShouldSkipZramSetup() {
+ if (IsRecovery()) {
+ // swapon_all continue to support zram setup in recovery mode after mmd launch.
+ return false;
+ }
+
+ // Since AConfig does not support to load the status from init, we use the system property
+ // "mmd.enabled_aconfig" copied from AConfig by `mmd --set-property` command to check whether
+ // mmd is enabled or not.
+ //
+ // aconfig_prop can have either of:
+ //
+ // * "true": mmd is enabled by AConfig
+ // * "false": mmd is disabled by AConfig
+ // * "": swapon_all is executed before `mmd --set-property`
+ //
+ // During mmd being launched, we request OEMs, who decided to use mmd to set up zram, to execute
+ // swapon_all after "mmd.enabled_aconfig" system property is initialized. Init can wait the
+ // "mmd.enabled_aconfig" initialization by `property:mmd.enabled_aconfig=*` trigger.
+ //
+ // After mmd is launched, we deprecate swapon_all command for setting up zram but recommend to
+ // use `mmd --setup-zram`. It means that the system should call swapon_all with fstab with no
+ // zram entry or the system should never call swapon_all.
+ //
+ // As a transition, OEMs can use the deprecated swapon_all to set up zram for several versions
+ // after mmd is launched. swapon_all command will show warning logs during the transition
+ // period.
+ const std::string aconfig_prop = android::base::GetProperty("mmd.enabled_aconfig", "");
+ const bool is_zram_managed_by_mmd = android::base::GetBoolProperty("mmd.zram.enabled", false);
+ if (aconfig_prop == "true" && is_zram_managed_by_mmd) {
+ // Skip zram setup since zram is managed by mmd.
+ //
+ // We expect swapon_all is not called when mmd is enabled by AConfig flag.
+ // TODO: b/394484720 - Make this log as warning after mmd is launched.
+ LINFO << "Skip setting up zram because mmd sets up zram instead.";
+ return true;
+ }
+
+ if (aconfig_prop == "false") {
+ // It is expected to swapon_all command to set up zram before mmd is launched.
+ LOG(DEBUG) << "mmd is not launched yet. swapon_all setup zram.";
+ } else if (is_zram_managed_by_mmd) {
+ // This branch is for aconfig_prop == ""
+
+ // On the system which uses mmd to setup zram, swapon_all must be executed after
+ // mmd.enabled_aconfig is initialized.
+ LERROR << "swapon_all must be called after mmd.enabled_aconfig system "
+ "property is initialized";
+ // Since we don't know whether mmd is enabled on the system or not, we fall back to enable
+ // zram from swapon_all conservatively. Both swapon_all and `mmd --setup-zram` command
+ // trying to set up zram does not break the system but just either ends up failing.
+ } else {
+ // We show the warning log for swapon_all deprecation on both aconfig_prop is "true" and ""
+ // cases.
+ // If mmd is enabled, swapon_all is already deprecated.
+ // If aconfig_prop is "", we don't know whether mmd is launched or not. But we show the
+ // deprecation warning log conservatively.
+ LWARNING << "mmd is recommended to set up zram over swapon_all command with "
+ "fstab entry.";
+ }
+
+ return false;
+}
+
bool fs_mgr_swapon_all(const Fstab& fstab) {
bool ret = true;
for (const auto& entry : fstab) {
@@ -2032,6 +2110,10 @@
}
if (entry.zram_size > 0) {
+ if (ShouldSkipZramSetup()) {
+ continue;
+ }
+
if (!PrepareZramBackingDevice(entry.zram_backingdev_size)) {
LERROR << "Failure of zram backing device file for '" << entry.blk_device << "'";
}
diff --git a/fs_mgr/libsnapshot/include/libsnapshot/snapshot.h b/fs_mgr/libsnapshot/include/libsnapshot/snapshot.h
index e613d54..8a8100c 100644
--- a/fs_mgr/libsnapshot/include/libsnapshot/snapshot.h
+++ b/fs_mgr/libsnapshot/include/libsnapshot/snapshot.h
@@ -429,6 +429,9 @@
// Pause the snapshot merge.
bool PauseSnapshotMerge();
+ // Resume the snapshot merge.
+ bool ResumeSnapshotMerge();
+
enum class SnapshotDriver {
DM_SNAPSHOT,
DM_USER,
diff --git a/fs_mgr/libsnapshot/scripts/apply-update.sh b/fs_mgr/libsnapshot/scripts/apply-update.sh
index 2a5a8a2..92bff3b 100755
--- a/fs_mgr/libsnapshot/scripts/apply-update.sh
+++ b/fs_mgr/libsnapshot/scripts/apply-update.sh
@@ -99,6 +99,8 @@
Now, the script can safely use this flag for update purpose.
--wipe Wipe user data during the update.
+ --boot_snapshot Boot the device off snapshots - No data wipe is supported
+ To revert back to original state - `adb shell snapshotctl revert-snapshots`
--help Display this help message.
Environment Variables:
@@ -123,6 +125,7 @@
}
skip_static_partitions=0
+boot_snapshot=0
flash_bootloader=1
wipe_flag=0
help_flag=0
@@ -139,6 +142,9 @@
--skip_bootloader)
flash_bootloader=0
;;
+ --boot_snapshot)
+ boot_snapshot=1
+ ;;
--help)
help_flag=1
;;
@@ -208,7 +214,9 @@
log_message "Applying update"
-if (( wipe_flag )); then
+if (( boot_snapshot)); then
+ adb shell snapshotctl map-snapshots $DEVICE_PATH
+elif (( wipe_flag )); then
adb shell snapshotctl apply-update $DEVICE_PATH -w
else
adb shell snapshotctl apply-update $DEVICE_PATH
diff --git a/fs_mgr/libsnapshot/snapshot.cpp b/fs_mgr/libsnapshot/snapshot.cpp
index d456197..adfb16b 100644
--- a/fs_mgr/libsnapshot/snapshot.cpp
+++ b/fs_mgr/libsnapshot/snapshot.cpp
@@ -351,9 +351,14 @@
LOG(INFO) << "Removing all update state.";
- if (!RemoveAllSnapshots(lock)) {
- LOG(ERROR) << "Could not remove all snapshots";
- return false;
+ if (ReadUpdateState(lock) != UpdateState::None) {
+ // Only call this if we're actually cancelling an update. It's not
+ // expected to yield anything otherwise, and firing up gsid on normal
+ // boot is expensive.
+ if (!RemoveAllSnapshots(lock)) {
+ LOG(ERROR) << "Could not remove all snapshots";
+ return false;
+ }
}
// It's okay if these fail:
@@ -4696,6 +4701,15 @@
return false;
}
+bool SnapshotManager::ResumeSnapshotMerge() {
+ auto snapuserd_client = SnapuserdClient::TryConnect(kSnapuserdSocket, 5s);
+ if (snapuserd_client) {
+ // Resume the snapshot-merge
+ return snapuserd_client->ResumeMerge();
+ }
+ return false;
+}
+
bool SnapshotManager::IsUserspaceSnapshotUpdateInProgress(
std::vector<std::string>& dynamic_partitions) {
// We cannot grab /metadata/ota lock here as this
diff --git a/fs_mgr/libsnapshot/snapshotctl.cpp b/fs_mgr/libsnapshot/snapshotctl.cpp
index e1a3310..32c8e37 100644
--- a/fs_mgr/libsnapshot/snapshotctl.cpp
+++ b/fs_mgr/libsnapshot/snapshotctl.cpp
@@ -83,6 +83,10 @@
" Deprecated.\n"
" map\n"
" Map all partitions at /dev/block/mapper\n"
+ " pause-merge\n"
+ " Pause snapshot merge\n"
+ " resume-merge\n"
+ " Resume snapshot merge\n"
" map-snapshots <directory where snapshot patches are present>\n"
" Map all snapshots based on patches present in the directory\n"
" unmap-snapshots\n"
@@ -539,6 +543,16 @@
return SnapshotManager::New()->UnmapAllSnapshots();
}
+bool PauseSnapshotMerge(int, char** argv) {
+ android::base::InitLogging(argv, TeeLogger(LogdLogger(), &StderrLogger));
+ return SnapshotManager::New()->PauseSnapshotMerge();
+}
+
+bool ResumeSnapshotMerge(int, char** argv) {
+ android::base::InitLogging(argv, TeeLogger(LogdLogger(), &StderrLogger));
+ return SnapshotManager::New()->ResumeSnapshotMerge();
+}
+
bool MergeCmdHandler(int /*argc*/, char** argv) {
android::base::InitLogging(argv, TeeLogger(LogdLogger(), &StderrLogger));
LOG(WARNING) << "Deprecated. Call update_engine_client --merge instead.";
@@ -1088,6 +1102,8 @@
{"dump-verity-hash", DumpVerityHash},
#endif
{"unmap", UnmapCmdHandler},
+ {"pause-merge", PauseSnapshotMerge},
+ {"resume-merge", ResumeSnapshotMerge},
// clang-format on
};
diff --git a/fs_mgr/libsnapshot/snapuserd/include/snapuserd/snapuserd_client.h b/fs_mgr/libsnapshot/snapuserd/include/snapuserd/snapuserd_client.h
index 453627c..39850c0 100644
--- a/fs_mgr/libsnapshot/snapuserd/include/snapuserd/snapuserd_client.h
+++ b/fs_mgr/libsnapshot/snapuserd/include/snapuserd/snapuserd_client.h
@@ -111,6 +111,9 @@
// Pause Merge threads
bool PauseMerge();
+
+ // Resume Merge threads
+ bool ResumeMerge();
};
} // namespace snapshot
diff --git a/fs_mgr/libsnapshot/snapuserd/snapuserd_client.cpp b/fs_mgr/libsnapshot/snapuserd/snapuserd_client.cpp
index 0497c65..693fe39 100644
--- a/fs_mgr/libsnapshot/snapuserd/snapuserd_client.cpp
+++ b/fs_mgr/libsnapshot/snapuserd/snapuserd_client.cpp
@@ -395,7 +395,17 @@
LOG(ERROR) << "Failed to pause snapshot merge.";
return false;
}
- return true;
+ std::string response = Receivemsg();
+ return response == "success";
+}
+
+bool SnapuserdClient::ResumeMerge() {
+ if (!Sendmsg("resume_merge")) {
+ LOG(ERROR) << "Failed to resume snapshot merge.";
+ return false;
+ }
+ std::string response = Receivemsg();
+ return response == "success";
}
} // namespace snapshot
diff --git a/fs_mgr/libsnapshot/snapuserd/user-space-merge/snapuserd_server.cpp b/fs_mgr/libsnapshot/snapuserd/user-space-merge/snapuserd_server.cpp
index a40617b..372b2f2 100644
--- a/fs_mgr/libsnapshot/snapuserd/user-space-merge/snapuserd_server.cpp
+++ b/fs_mgr/libsnapshot/snapuserd/user-space-merge/snapuserd_server.cpp
@@ -229,7 +229,10 @@
return Sendmsg(fd, "success");
} else if (cmd == "pause_merge") {
handlers_->PauseMerge();
- return true;
+ return Sendmsg(fd, "success");
+ } else if (cmd == "resume_merge") {
+ handlers_->ResumeMerge();
+ return Sendmsg(fd, "success");
} else {
LOG(ERROR) << "Received unknown message type from client";
Sendmsg(fd, "fail");
diff --git a/init/Android.bp b/init/Android.bp
index 016c05f..9edbe9d 100644
--- a/init/Android.bp
+++ b/init/Android.bp
@@ -602,6 +602,7 @@
],
static_libs: [
"libbase",
+ "libfstab",
"libselinux",
"libpropertyinfoserializer",
"libpropertyinfoparser",
diff --git a/init/README.md b/init/README.md
index 89e20a4..c9742ad 100644
--- a/init/README.md
+++ b/init/README.md
@@ -785,6 +785,16 @@
fstab.${ro.hardware} or fstab.${ro.hardware.platform} will be scanned for
under /odm/etc, /vendor/etc, or / at runtime, in that order.
+> swapon_all is deprecated and will do nothing if `mmd_enabled` AConfig flag
+ in `system_performance` namespace and `mmd.zram.enabled` sysprop are enabled.
+ OEMs, who decided to use mmd to manage zram, must remove zram entry from fstab
+ or remove swapon_all call from their init script.
+
+> swapon_all continues to support setting up non-zram swap devices.
+
+> swapon_all on recovery mode continues to support setting up zram because mmd
+ does not support the recovery mode.
+
`swapoff <path>`
> Stops swapping to the file or block device specified by path.
diff --git a/init/init.cpp b/init/init.cpp
index b6ba6a8..920b926 100644
--- a/init/init.cpp
+++ b/init/init.cpp
@@ -100,6 +100,8 @@
using android::base::boot_clock;
using android::base::ConsumePrefix;
using android::base::GetProperty;
+using android::base::GetIntProperty;
+using android::base::GetBoolProperty;
using android::base::ReadFileToString;
using android::base::SetProperty;
using android::base::StringPrintf;
@@ -108,6 +110,8 @@
using android::base::unique_fd;
using android::fs_mgr::AvbHandle;
using android::snapshot::SnapshotManager;
+using android::base::WaitForProperty;
+using android::base::WriteStringToFile;
namespace android {
namespace init {
@@ -919,6 +923,34 @@
return {};
}
+static void SecondStageBootMonitor(int timeout_sec) {
+ auto cur_time = boot_clock::now().time_since_epoch();
+ int cur_sec = std::chrono::duration_cast<std::chrono::seconds>(cur_time).count();
+ int extra_sec = timeout_sec <= cur_sec? 0 : timeout_sec - cur_sec;
+ auto boot_timeout = std::chrono::seconds(extra_sec);
+
+ LOG(INFO) << "Started BootMonitorThread, expiring in "
+ << timeout_sec
+ << " seconds from boot-up";
+
+ if (!WaitForProperty("sys.boot_completed", "1", boot_timeout)) {
+ LOG(ERROR) << "BootMonitorThread: boot didn't complete in "
+ << timeout_sec
+ << " seconds. Trigger a panic!";
+
+ // add a short delay for logs to be flushed out.
+ std::this_thread::sleep_for(200ms);
+
+ // trigger a kernel panic
+ WriteStringToFile("c", PROC_SYSRQ);
+ }
+}
+
+static void StartSecondStageBootMonitor(int timeout_sec) {
+ std::thread monitor_thread(&SecondStageBootMonitor, timeout_sec);
+ monitor_thread.detach();
+}
+
int SecondStageMain(int argc, char** argv) {
if (REBOOT_BOOTLOADER_ON_PANIC) {
InstallRebootSignalHandlers();
@@ -1010,6 +1042,14 @@
InstallInitNotifier(&epoll);
StartPropertyService(&property_fd);
+ // If boot_timeout property has been set in a debug build, start the boot monitor
+ if (GetBoolProperty("ro.debuggable", false)) {
+ int timeout = GetIntProperty("ro.boot.boot_timeout", 0);
+ if (timeout > 0) {
+ StartSecondStageBootMonitor(timeout);
+ }
+ }
+
// Make the time that init stages started available for bootstat to log.
RecordStageBoottimes(start_time);
diff --git a/init/libprefetch/prefetch/prefetch.rc b/init/libprefetch/prefetch/prefetch.rc
index dee37bb..bdcbbc6 100644
--- a/init/libprefetch/prefetch/prefetch.rc
+++ b/init/libprefetch/prefetch/prefetch.rc
@@ -1,28 +1,36 @@
-on init && property:ro.prefetch_boot.enabled=true
- start prefetch
-
-service prefetch /system/bin/prefetch start
- class main
- user root
- group root system
- disabled
- oneshot
-
-on property:prefetch_boot.record=true
- start prefetch_record
+# Reads data from disk in advance and populates page cache
+# to speed up subsequent disk access.
+#
+# Record:
+# start by `start prefetch_record` at appropriate timing.
+# stop by setting `prefetch_boot.record_stop` to 1.
+# set --duration to only capture for a certain duration instead.
+#
+# Replay:
+# start by `start prefetch_replay` at appropriate timing.
+# it will depend on several files generated from record.
+#
+# replay is I/O intensive. make sure you pick appropriate
+# timing to run each, so that you can maximize the page cache
+# hit for subsequent disk access.
+#
+# Example:
+# on early-init && property:ro.prefetch_boot.enabled=true
+# start prefetch_replay
+#
+# on init && property:ro.prefetch_boot.enabled=true
+# start prefetch_record
+#
+# on property:sys.boot_completed=1 && property:ro.prefetch_boot.enabled=true
+# setprop prefetch_boot.record_stop 1
service prefetch_record /system/bin/prefetch record --duration ${ro.prefetch_boot.duration_s:-0}
- class main
user root
group root system
disabled
oneshot
-on property:prefetch_boot.replay=true
- start prefetch_replay
-
service prefetch_replay /system/bin/prefetch replay --io-depth ${ro.prefetch_boot.io_depth:-2} --max-fds ${ro.prefetch_boot.max_fds:-128}
- class main
user root
group root system
disabled
diff --git a/init/libprefetch/prefetch/src/arch/android.rs b/init/libprefetch/prefetch/src/arch/android.rs
index a11767e..a87502d 100644
--- a/init/libprefetch/prefetch/src/arch/android.rs
+++ b/init/libprefetch/prefetch/src/arch/android.rs
@@ -1,18 +1,15 @@
use crate::Error;
use crate::RecordArgs;
-use crate::StartArgs;
-use log::info;
use log::warn;
use std::fs::File;
use std::fs::OpenOptions;
use std::io::Write;
+use std::path::Path;
use std::time::Duration;
use rustutils::system_properties::error::PropertyWatcherError;
use rustutils::system_properties::PropertyWatcher;
-const PREFETCH_RECORD_PROPERTY: &str = "prefetch_boot.record";
-const PREFETCH_REPLAY_PROPERTY: &str = "prefetch_boot.replay";
const PREFETCH_RECORD_PROPERTY_STOP: &str = "prefetch_boot.record_stop";
fn wait_for_property_true(
@@ -31,68 +28,41 @@
});
}
-fn start_prefetch_service(property_name: &str) -> Result<(), Error> {
- match rustutils::system_properties::write(property_name, "true") {
- Ok(_) => {}
- Err(_) => {
- return Err(Error::Custom { error: "Failed to start prefetch service".to_string() });
- }
- }
- Ok(())
-}
-
-/// Start prefetch service
-///
-/// 1: Check the presence of the file 'prefetch_ready'. If it doesn't
-/// exist then the device is booting for the first time after wipe.
-/// Thus, we would just create the file and exit as we do not want
-/// to initiate the record after data wipe primiarly because boot
-/// after data wipe is long and the I/O pattern during first boot may not actually match
-/// with subsequent boot.
-///
-/// 2: If the file 'prefetch_ready' is present:
-///
-/// a: Compare the build-finger-print of the device with the one record format
-/// is associated with by reading the file 'build_finger_print'. If they match,
-/// start the prefetch_replay.
-///
-/// b: If they don't match, then the device was updated through OTA. Hence, start
-/// a fresh record and delete the build-finger-print file. This should also cover
-/// the case of device rollback.
-///
-/// c: If the build-finger-print file doesn't exist, then just restart the record
-/// from scratch.
-pub fn start_prefetch(args: &StartArgs) -> Result<(), Error> {
- if !args.path.exists() {
- match File::create(args.path.clone()) {
- Ok(_) => {}
- Err(_) => {
- return Err(Error::Custom { error: "File Creation failed".to_string() });
- }
- }
- return Ok(());
+/// Checks if we can perform replay phase.
+/// Ensure that the pack file exists and is up-to-date, returns false otherwise.
+pub fn can_perform_replay(pack_path: &Path, fingerprint_path: &Path) -> Result<bool, Error> {
+ if !pack_path.exists() || !fingerprint_path.exists() {
+ return Ok(false);
}
- if args.build_fingerprint_path.exists() {
- let device_build_fingerprint = rustutils::system_properties::read("ro.build.fingerprint")
- .map_err(|e| Error::Custom {
+ let saved_fingerprint = std::fs::read_to_string(fingerprint_path)?;
+
+ let current_device_fingerprint = rustutils::system_properties::read("ro.build.fingerprint")
+ .map_err(|e| Error::Custom {
error: format!("Failed to read ro.build.fingerprint: {}", e),
})?;
- let pack_build_fingerprint = std::fs::read_to_string(&args.build_fingerprint_path)?;
- if pack_build_fingerprint.trim() == device_build_fingerprint.as_deref().unwrap_or_default()
- {
- info!("Start replay");
- start_prefetch_service(PREFETCH_REPLAY_PROPERTY)?;
- } else {
- info!("Start record");
- std::fs::remove_file(&args.build_fingerprint_path)?;
- start_prefetch_service(PREFETCH_RECORD_PROPERTY)?;
- }
- } else {
- info!("Start record");
- start_prefetch_service(PREFETCH_RECORD_PROPERTY)?;
+
+ Ok(current_device_fingerprint.is_some_and(|fp| fp == saved_fingerprint.trim()))
+}
+
+/// Checks if we can perform record phase.
+/// Ensure that following conditions hold:
+/// - File specified in ready_path exists. otherwise, create a new file and return false.
+/// - can_perform_replay is false.
+pub fn ensure_record_is_ready(
+ ready_path: &Path,
+ pack_path: &Path,
+ fingerprint_path: &Path,
+) -> Result<bool, Error> {
+ if !ready_path.exists() {
+ File::create(ready_path)
+ .map_err(|_| Error::Custom { error: "File Creation failed".to_string() })?;
+
+ return Ok(false);
}
- Ok(())
+
+ let can_replay = can_perform_replay(pack_path, fingerprint_path)?;
+ Ok(!can_replay)
}
/// Write build finger print to associate prefetch pack file
diff --git a/init/libprefetch/prefetch/src/args.rs b/init/libprefetch/prefetch/src/args.rs
index e534210..4c1e689 100644
--- a/init/libprefetch/prefetch/src/args.rs
+++ b/init/libprefetch/prefetch/src/args.rs
@@ -25,8 +25,6 @@
pub use args_internal::OutputFormat;
pub use args_internal::ReplayArgs;
-#[cfg(target_os = "android")]
-pub use args_internal::StartArgs;
pub use args_internal::TracerType;
pub use args_internal::{DumpArgs, MainArgs, RecordArgs, SubCommands};
use serde::Deserialize;
@@ -68,8 +66,6 @@
SubCommands::Dump(arg) => {
ensure_path_exists(&arg.path)?;
}
- #[cfg(target_os = "android")]
- SubCommands::Start(_arg) => return Ok(()),
}
Ok(())
}
diff --git a/init/libprefetch/prefetch/src/args/args_argh.rs b/init/libprefetch/prefetch/src/args/args_argh.rs
index 65084ee..d2251e6 100644
--- a/init/libprefetch/prefetch/src/args/args_argh.rs
+++ b/init/libprefetch/prefetch/src/args/args_argh.rs
@@ -40,12 +40,6 @@
Replay(ReplayArgs),
/// Dump prefetch data in human readable format
Dump(DumpArgs),
- /// Start prefetch service if possible
- /// If the pack file is present, then prefetch replay is started
- /// If the pack file is absent or if the build fingerprint
- /// of the current pack file is different, then prefetch record is started.
- #[cfg(target_os = "android")]
- Start(StartArgs),
}
#[cfg(target_os = "android")]
@@ -58,22 +52,6 @@
PathBuf::from("/metadata/prefetch/build_finger_print")
}
-#[cfg(target_os = "android")]
-#[derive(Eq, PartialEq, Debug, Default, FromArgs)]
-/// Start prefetch service based on if pack file is present.
-#[argh(subcommand, name = "start")]
-pub struct StartArgs {
- /// file path to check if prefetch_ready is present.
- ///
- /// A new file is created at the given path if it's not present.
- #[argh(option, default = "default_ready_path()")]
- pub path: PathBuf,
-
- /// file path where build fingerprint is stored
- #[argh(option, default = "default_build_finger_print_path()")]
- pub build_fingerprint_path: PathBuf,
-}
-
impl Default for SubCommands {
fn default() -> Self {
Self::Dump(DumpArgs::default())
@@ -147,6 +125,13 @@
/// store build_finger_print to tie the pack format
#[argh(option, default = "default_build_finger_print_path()")]
pub build_fingerprint_path: PathBuf,
+
+ #[cfg(target_os = "android")]
+ /// file path to check if prefetch_ready is present.
+ ///
+ /// A new file is created at the given path if it's not present.
+ #[argh(option, default = "default_ready_path()")]
+ pub ready_path: PathBuf,
}
/// Type of tracing subsystem to use.
@@ -204,6 +189,11 @@
/// file path from where the prefetch config file will be read
#[argh(option, default = "PathBuf::new()")]
pub config_path: PathBuf,
+
+ #[cfg(target_os = "android")]
+ /// store build_finger_print to tie the pack format
+ #[argh(option, default = "default_build_finger_print_path()")]
+ pub build_fingerprint_path: PathBuf,
}
/// dump records file in given format
diff --git a/init/libprefetch/prefetch/src/lib.rs b/init/libprefetch/prefetch/src/lib.rs
index 6564c4b..ea84c59 100644
--- a/init/libprefetch/prefetch/src/lib.rs
+++ b/init/libprefetch/prefetch/src/lib.rs
@@ -42,8 +42,6 @@
pub use args::args_from_env;
use args::OutputFormat;
pub use args::ReplayArgs;
-#[cfg(target_os = "android")]
-pub use args::StartArgs;
pub use args::{DumpArgs, MainArgs, RecordArgs, SubCommands};
pub use error::Error;
pub use format::FileId;
@@ -59,6 +57,13 @@
/// Records prefetch data for the given configuration
pub fn record(args: &RecordArgs) -> Result<(), Error> {
+ #[cfg(target_os = "android")]
+ if !ensure_record_is_ready(&args.ready_path, &args.path, &args.build_fingerprint_path)? {
+ info!("Cannot perform record -- skipping");
+ return Ok(());
+ }
+
+ info!("Starting record.");
let (mut tracer, exit_tx) = tracer::Tracer::create(
args.trace_buffer_size_kib,
args.tracing_subsystem.clone(),
@@ -109,6 +114,13 @@
/// Replays prefetch data for the given configuration
pub fn replay(args: &ReplayArgs) -> Result<(), Error> {
+ #[cfg(target_os = "android")]
+ if !can_perform_replay(&args.path, &args.build_fingerprint_path)? {
+ info!("Cannot perform replay -- exiting.");
+ return Ok(());
+ }
+
+ info!("Starting replay.");
let replay = Replay::new(args)?;
replay.replay()
}
diff --git a/init/libprefetch/prefetch/src/main.rs b/init/libprefetch/prefetch/src/main.rs
index eab826f..046e07e 100644
--- a/init/libprefetch/prefetch/src/main.rs
+++ b/init/libprefetch/prefetch/src/main.rs
@@ -22,8 +22,6 @@
use prefetch_rs::init_logging;
use prefetch_rs::record;
use prefetch_rs::replay;
-#[cfg(target_os = "android")]
-use prefetch_rs::start_prefetch;
use prefetch_rs::LogLevel;
use prefetch_rs::MainArgs;
use prefetch_rs::SubCommands;
@@ -35,8 +33,6 @@
SubCommands::Record(args) => record(args),
SubCommands::Replay(args) => replay(args),
SubCommands::Dump(args) => dump(args),
- #[cfg(target_os = "android")]
- SubCommands::Start(args) => start_prefetch(args),
};
if let Err(err) = ret {
diff --git a/init/service_test.cpp b/init/service_test.cpp
index 53b53ed..d75d4f1 100644
--- a/init/service_test.cpp
+++ b/init/service_test.cpp
@@ -27,6 +27,7 @@
#include <android-base/file.h>
#include <android-base/stringprintf.h>
#include <android-base/strings.h>
+#include <fstab/fstab.h>
#include <selinux/selinux.h>
#include <sys/signalfd.h>
#include "lmkd_service.h"
@@ -280,5 +281,74 @@
INSTANTIATE_TEST_SUITE_P(service, ServiceStopTest, testing::Values(false, true));
+// Entering a network namespace requires remounting sysfs to update contents of
+// /sys/class/net whose contents depend on the network namespace of the process
+// that mounted it rather than the effective network namespace of the reading
+// process.
+//
+// A side effect of the remounting is unmounting all filesystems mounted under
+// /sys, like tracefs. Verify that init doesn't leave them unmounted by
+// accident.
+TEST(service, enter_namespace_net_preserves_mounts) {
+ if (getuid() != 0) {
+ GTEST_SKIP() << "Must be run as root.";
+ return;
+ }
+
+ struct ScopedNetNs {
+ std::string name;
+ ScopedNetNs(std::string n) : name(n) {
+ EXPECT_EQ(system(("/system/bin/ip netns add " + name).c_str()), 0);
+ }
+ ~ScopedNetNs() { EXPECT_EQ(system(("/system/bin/ip netns delete " + name).c_str()), 0); }
+ };
+ const ScopedNetNs netns("test_ns");
+
+ static constexpr std::string_view kServiceName = "ServiceA";
+ static constexpr std::string_view kScriptTemplate = R"init(
+service $name /system/bin/yes
+ user shell
+ group shell
+ seclabel $selabel
+ enter_namespace net /mnt/run/$ns_name
+)init";
+
+ std::string script = StringReplace(kScriptTemplate, "$name", kServiceName, false);
+ script = StringReplace(script, "$selabel", GetSecurityContext(), false);
+ script = StringReplace(script, "$ns_name", netns.name, false);
+
+ ServiceList& service_list = ServiceList::GetInstance();
+ Parser parser;
+ parser.AddSectionParser("service", std::make_unique<ServiceParser>(&service_list, nullptr));
+
+ TemporaryFile tf;
+ ASSERT_GE(tf.fd, 0);
+ ASSERT_TRUE(WriteStringToFd(script, tf.fd));
+ ASSERT_TRUE(parser.ParseConfig(tf.path));
+
+ Service* const service = ServiceList::GetInstance().FindService(kServiceName);
+ ASSERT_NE(service, nullptr);
+ ASSERT_RESULT_OK(service->Start());
+ ASSERT_TRUE(service->IsRunning());
+
+ android::fs_mgr::Fstab root_mounts;
+ ASSERT_TRUE(ReadFstabFromFile("/proc/mounts", &root_mounts));
+
+ android::fs_mgr::Fstab ns_mounts;
+ ASSERT_TRUE(ReadFstabFromFile(StringReplace("/proc/$pid/mounts", "$pid",
+ std::to_string(service->pid()), /*all=*/false),
+ &ns_mounts));
+
+ for (const auto& expected_mount : root_mounts) {
+ auto it = std::find_if(ns_mounts.begin(), ns_mounts.end(), [&](const auto& ns_mount) {
+ return ns_mount.mount_point == expected_mount.mount_point;
+ });
+ EXPECT_TRUE(it != ns_mounts.end()) << StringPrintf(
+ "entering network namespace unmounted %s", expected_mount.mount_point.c_str());
+ }
+
+ ServiceList::GetInstance().RemoveService(*service);
+}
+
} // namespace init
} // namespace android
diff --git a/init/service_utils.cpp b/init/service_utils.cpp
index 0e19bcc..f8821a0 100644
--- a/init/service_utils.cpp
+++ b/init/service_utils.cpp
@@ -18,11 +18,11 @@
#include <fcntl.h>
#include <grp.h>
-#include <map>
#include <sys/mount.h>
#include <sys/prctl.h>
#include <sys/wait.h>
#include <unistd.h>
+#include <map>
#include <android-base/file.h>
#include <android-base/logging.h>
@@ -31,6 +31,7 @@
#include <android-base/strings.h>
#include <cutils/android_get_control_file.h>
#include <cutils/sockets.h>
+#include <fstab/fstab.h>
#include <processgroup/processgroup.h>
#include "mount_namespace.h"
@@ -82,12 +83,29 @@
}
}
if (remount_sys) {
+ android::fs_mgr::Fstab mounts;
+ if (!ReadFstabFromFile("/proc/mounts", &mounts)) {
+ LOG(ERROR) << "Could not read /proc/mounts";
+ }
if (umount2("/sys", MNT_DETACH) == -1) {
return ErrnoError() << "Could not umount(/sys)";
}
- if (mount("", "/sys", "sysfs", kSafeFlags, "") == -1) {
+ if (mount("sysfs", "/sys", "sysfs", kSafeFlags, "") == -1) {
return ErrnoError() << "Could not mount(/sys)";
}
+ // Unmounting /sys also unmounts all nested mounts like tracefs.
+ //
+ // Look up the filesystems that were mounted under /sys before we wiped
+ // it and attempt to restore them.
+ for (const auto& entry : mounts) {
+ if (entry.mount_point.starts_with("/sys/")) {
+ if (mount(entry.blk_device.c_str(), entry.mount_point.c_str(),
+ entry.fs_type.c_str(), entry.flags, "")) {
+ LOG(WARNING) << "Could not mount(" << entry.mount_point
+ << ") after switching netns: " << ErrnoError().str();
+ }
+ }
+ }
}
return {};
}
diff --git a/libcutils/ashmem-dev.cpp b/libcutils/ashmem-dev.cpp
index 768db81..80c4f4c 100644
--- a/libcutils/ashmem-dev.cpp
+++ b/libcutils/ashmem-dev.cpp
@@ -44,6 +44,8 @@
#include <android-base/strings.h>
#include <android-base/unique_fd.h>
+#include "ashmem-internal.h"
+
/* ashmem identity */
static dev_t __ashmem_rdev;
/*
@@ -76,8 +78,8 @@
* debugging.
*/
-static bool debug_log = false; /* set to true for verbose logging and other debug */
-static bool pin_deprecation_warn = true; /* Log the pin deprecation warning only once */
+/* set to true for verbose logging and other debug */
+static bool debug_log = false;
/* Determine if vendor processes would be ok with memfd in the system:
*
@@ -114,17 +116,8 @@
// Check if kernel support exists, otherwise fall back to ashmem.
// This code needs to build on old API levels, so we can't use the libc
// wrapper.
- //
- // MFD_NOEXEC_SEAL is used to match the semantics of the ashmem device,
- // which did not have executable permissions. This also seals the executable
- // permissions of the buffer (i.e. they cannot be changed by fchmod()).
- //
- // MFD_NOEXEC_SEAL implies MFD_ALLOW_SEALING.
- const char *test_buf_name = "test_android_memfd";
- size_t buf_size = getpagesize();
-
android::base::unique_fd fd(
- syscall(__NR_memfd_create, test_buf_name, MFD_CLOEXEC | MFD_NOEXEC_SEAL));
+ syscall(__NR_memfd_create, "test_android_memfd", MFD_CLOEXEC | MFD_ALLOW_SEALING));
if (fd == -1) {
ALOGE("memfd_create failed: %m, no memfd support");
return false;
@@ -135,9 +128,9 @@
return false;
}
+ size_t buf_size = getpagesize();
if (ftruncate(fd, buf_size) == -1) {
- ALOGE("ftruncate(%s, %zd) failed to set memfd buffer size: %m, no memfd support",
- test_buf_name, buf_size);
+ ALOGE("ftruncate(%zd) failed to set memfd buffer size: %m, no memfd support", buf_size);
return false;
}
@@ -158,12 +151,8 @@
return true;
}
-static bool has_memfd_support() {
- /* memfd_supported is the initial global per-process state of what is known
- * about memfd.
- */
+bool has_memfd_support() {
static bool memfd_supported = __has_memfd_support();
-
return memfd_supported;
}
@@ -173,75 +162,54 @@
if (!android::base::ReadFileToString(boot_id_path, &boot_id)) {
ALOGE("Failed to read %s: %m", boot_id_path.c_str());
return "";
- };
+ }
boot_id = android::base::Trim(boot_id);
return "/dev/ashmem" + boot_id;
}
/* logistics of getting file descriptor for ashmem */
-static int __ashmem_open_locked()
-{
+static int __ashmem_open_locked() {
static const std::string ashmem_device_path = get_ashmem_device_path();
if (ashmem_device_path.empty()) {
return -1;
}
- int fd = TEMP_FAILURE_RETRY(open(ashmem_device_path.c_str(), O_RDWR | O_CLOEXEC));
-
- // fallback for APEX w/ use_vendor on Q, which would have still used /dev/ashmem
- if (fd < 0) {
- int saved_errno = errno;
- fd = TEMP_FAILURE_RETRY(open("/dev/ashmem", O_RDWR | O_CLOEXEC));
- if (fd < 0) {
- /* Q launching devices and newer must not reach here since they should have been
- * able to open ashmem_device_path */
- ALOGE("Unable to open ashmem device %s (error = %s) and /dev/ashmem(error = %s)",
- ashmem_device_path.c_str(), strerror(saved_errno), strerror(errno));
- return fd;
- }
+ android::base::unique_fd fd(TEMP_FAILURE_RETRY(open(ashmem_device_path.c_str(), O_RDWR | O_CLOEXEC)));
+ if (!fd.ok()) {
+ ALOGE("Unable to open ashmem device: %m");
+ return -1;
}
+
struct stat st;
- int ret = TEMP_FAILURE_RETRY(fstat(fd, &st));
- if (ret < 0) {
- int save_errno = errno;
- close(fd);
- errno = save_errno;
- return ret;
+ if (TEMP_FAILURE_RETRY(fstat(fd, &st)) == -1) {
+ return -1;
}
if (!S_ISCHR(st.st_mode) || !st.st_rdev) {
- close(fd);
errno = ENOTTY;
return -1;
}
__ashmem_rdev = st.st_rdev;
- return fd;
+ return fd.release();
}
-static int __ashmem_open()
-{
- int fd;
-
+static int __ashmem_open() {
pthread_mutex_lock(&__ashmem_lock);
- fd = __ashmem_open_locked();
+ int fd = __ashmem_open_locked();
pthread_mutex_unlock(&__ashmem_lock);
-
return fd;
}
/* Make sure file descriptor references ashmem, negative number means false */
-static int __ashmem_is_ashmem(int fd, int fatal)
-{
- dev_t rdev;
+static int __ashmem_is_ashmem(int fd, bool fatal) {
struct stat st;
-
if (fstat(fd, &st) < 0) {
return -1;
}
- rdev = 0; /* Too much complexity to sniff __ashmem_rdev */
+ dev_t rdev = 0; /* Too much complexity to sniff __ashmem_rdev */
if (S_ISCHR(st.st_mode) && st.st_rdev) {
pthread_mutex_lock(&__ashmem_lock);
rdev = __ashmem_rdev;
@@ -282,16 +250,15 @@
return -1;
}
-static int __ashmem_check_failure(int fd, int result)
-{
- if (result == -1 && errno == ENOTTY) __ashmem_is_ashmem(fd, 1);
+static int __ashmem_check_failure(int fd, int result) {
+ if (result == -1 && errno == ENOTTY) __ashmem_is_ashmem(fd, true);
return result;
}
-static bool memfd_is_ashmem(int fd) {
+static bool is_ashmem_fd(int fd) {
static bool fd_check_error_once = false;
- if (__ashmem_is_ashmem(fd, 0) == 0) {
+ if (__ashmem_is_ashmem(fd, false) == 0) {
if (!fd_check_error_once) {
ALOGE("memfd: memfd expected but ashmem fd used - please use libcutils");
fd_check_error_once = true;
@@ -303,25 +270,22 @@
return false;
}
-int ashmem_valid(int fd)
-{
- if (has_memfd_support() && !memfd_is_ashmem(fd)) {
+static bool is_memfd_fd(int fd) {
+ return has_memfd_support() && !is_ashmem_fd(fd);
+}
+
+int ashmem_valid(int fd) {
+ if (is_memfd_fd(fd)) {
return 1;
}
- return __ashmem_is_ashmem(fd, 0) >= 0;
+ return __ashmem_is_ashmem(fd, false) >= 0;
}
static int memfd_create_region(const char* name, size_t size) {
// This code needs to build on old API levels, so we can't use the libc
// wrapper.
- //
- // MFD_NOEXEC_SEAL to match the semantics of the ashmem device, which did
- // not have executable permissions. This also seals the executable
- // permissions of the buffer (i.e. they cannot be changed by fchmod()).
- //
- // MFD_NOEXEC_SEAL implies MFD_ALLOW_SEALING.
- android::base::unique_fd fd(syscall(__NR_memfd_create, name, MFD_CLOEXEC | MFD_NOEXEC_SEAL));
+ android::base::unique_fd fd(syscall(__NR_memfd_create, name, MFD_CLOEXEC | MFD_ALLOW_SEALING));
if (fd == -1) {
ALOGE("memfd_create(%s, %zd) failed: %m", name, size);
@@ -352,41 +316,20 @@
* `name' is an optional label to give the region (visible in /proc/pid/maps)
* `size' is the size of the region, in page-aligned bytes
*/
-int ashmem_create_region(const char *name, size_t size)
-{
- int ret, save_errno;
+int ashmem_create_region(const char* name, size_t size) {
+ if (name == NULL) name = "none";
if (has_memfd_support()) {
- return memfd_create_region(name ? name : "none", size);
+ return memfd_create_region(name, size);
}
- int fd = __ashmem_open();
- if (fd < 0) {
- return fd;
+ android::base::unique_fd fd(__ashmem_open());
+ if (!fd.ok() ||
+ TEMP_FAILURE_RETRY(ioctl(fd, ASHMEM_SET_NAME, name) < 0) ||
+ TEMP_FAILURE_RETRY(ioctl(fd, ASHMEM_SET_SIZE, size) < 0)) {
+ return -1;
}
-
- if (name) {
- char buf[ASHMEM_NAME_LEN] = {0};
-
- strlcpy(buf, name, sizeof(buf));
- ret = TEMP_FAILURE_RETRY(ioctl(fd, ASHMEM_SET_NAME, buf));
- if (ret < 0) {
- goto error;
- }
- }
-
- ret = TEMP_FAILURE_RETRY(ioctl(fd, ASHMEM_SET_SIZE, size));
- if (ret < 0) {
- goto error;
- }
-
- return fd;
-
-error:
- save_errno = errno;
- close(fd);
- errno = save_errno;
- return ret;
+ return fd.release();
}
static int memfd_set_prot_region(int fd, int prot) {
@@ -418,61 +361,45 @@
return 0;
}
-int ashmem_set_prot_region(int fd, int prot)
-{
- if (has_memfd_support() && !memfd_is_ashmem(fd)) {
+int ashmem_set_prot_region(int fd, int prot) {
+ if (is_memfd_fd(fd)) {
return memfd_set_prot_region(fd, prot);
}
return __ashmem_check_failure(fd, TEMP_FAILURE_RETRY(ioctl(fd, ASHMEM_SET_PROT_MASK, prot)));
}
-int ashmem_pin_region(int fd, size_t offset, size_t len)
-{
- if (!pin_deprecation_warn || debug_log) {
+static int do_pin(int op, int fd, size_t offset, size_t length) {
+ static bool already_warned_about_pin_deprecation = false;
+ if (!already_warned_about_pin_deprecation || debug_log) {
ALOGE("Pinning is deprecated since Android Q. Please use trim or other methods.");
- pin_deprecation_warn = true;
+ already_warned_about_pin_deprecation = true;
}
- if (has_memfd_support() && !memfd_is_ashmem(fd)) {
+ if (is_memfd_fd(fd)) {
return 0;
}
// TODO: should LP64 reject too-large offset/len?
- ashmem_pin pin = { static_cast<uint32_t>(offset), static_cast<uint32_t>(len) };
- return __ashmem_check_failure(fd, TEMP_FAILURE_RETRY(ioctl(fd, ASHMEM_PIN, &pin)));
+ ashmem_pin pin = { static_cast<uint32_t>(offset), static_cast<uint32_t>(length) };
+ return __ashmem_check_failure(fd, TEMP_FAILURE_RETRY(ioctl(fd, op, &pin)));
}
-int ashmem_unpin_region(int fd, size_t offset, size_t len)
-{
- if (!pin_deprecation_warn || debug_log) {
- ALOGE("Pinning is deprecated since Android Q. Please use trim or other methods.");
- pin_deprecation_warn = true;
- }
-
- if (has_memfd_support() && !memfd_is_ashmem(fd)) {
- return 0;
- }
-
- // TODO: should LP64 reject too-large offset/len?
- ashmem_pin pin = { static_cast<uint32_t>(offset), static_cast<uint32_t>(len) };
- return __ashmem_check_failure(fd, TEMP_FAILURE_RETRY(ioctl(fd, ASHMEM_UNPIN, &pin)));
+int ashmem_pin_region(int fd, size_t offset, size_t length) {
+ return do_pin(ASHMEM_PIN, fd, offset, length);
}
-int ashmem_get_size_region(int fd)
-{
- if (has_memfd_support() && !memfd_is_ashmem(fd)) {
+int ashmem_unpin_region(int fd, size_t offset, size_t length) {
+ return do_pin(ASHMEM_UNPIN, fd, offset, length);
+}
+
+int ashmem_get_size_region(int fd) {
+ if (is_memfd_fd(fd)) {
struct stat sb;
-
if (fstat(fd, &sb) == -1) {
ALOGE("ashmem_get_size_region(%d): fstat failed: %m", fd);
return -1;
}
-
- if (debug_log) {
- ALOGD("ashmem_get_size_region(%d): %d", fd, static_cast<int>(sb.st_size));
- }
-
return sb.st_size;
}
diff --git a/libcutils/ashmem-internal.h b/libcutils/ashmem-internal.h
new file mode 100644
index 0000000..7bd037b
--- /dev/null
+++ b/libcutils/ashmem-internal.h
@@ -0,0 +1,19 @@
+/*
+ * Copyright (C) 2025 The Android Open Source Project
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+#pragma once
+
+bool has_memfd_support();
diff --git a/libcutils/ashmem_test.cpp b/libcutils/ashmem_test.cpp
index 96f20db..2bf274c 100644
--- a/libcutils/ashmem_test.cpp
+++ b/libcutils/ashmem_test.cpp
@@ -29,6 +29,8 @@
#include <cutils/ashmem.h>
#include <gtest/gtest.h>
+#include "ashmem-internal.h"
+
using android::base::unique_fd;
static void TestCreateRegion(size_t size, unique_fd &fd, int prot) {
@@ -316,3 +318,119 @@
ASSERT_NO_FATAL_FAILURE(ForkMultiRegionTest(fds, nRegions, size));
}
+
+class AshmemTestMemfdAshmemCompat : public ::testing::Test {
+ protected:
+ void SetUp() override {
+ if (!has_memfd_support()){
+ GTEST_SKIP() << "No memfd support; skipping memfd-ashmem compat tests";
+ }
+ }
+};
+
+TEST_F(AshmemTestMemfdAshmemCompat, SetNameTest) {
+ unique_fd fd;
+
+ // ioctl() should fail, since memfd names cannot be changed after the buffer has been created.
+ ASSERT_NO_FATAL_FAILURE(TestCreateRegion(getpagesize(), fd, PROT_READ | PROT_WRITE |
+ PROT_EXEC));
+ ASSERT_LT(ioctl(fd, ASHMEM_SET_NAME, "invalid-command"), 0);
+}
+
+TEST_F(AshmemTestMemfdAshmemCompat, GetNameTest) {
+ unique_fd fd;
+ ASSERT_NO_FATAL_FAILURE(TestCreateRegion(getpagesize(), fd, PROT_READ | PROT_WRITE |
+ PROT_EXEC));
+
+ char testBuf[ASHMEM_NAME_LEN];
+ ASSERT_EQ(0, ioctl(fd, ASHMEM_GET_NAME, &testBuf));
+ // ashmem_create_region(nullptr, ...) creates memfds with the name "none".
+ ASSERT_STREQ(testBuf, "none");
+}
+
+TEST_F(AshmemTestMemfdAshmemCompat, SetSizeTest) {
+ unique_fd fd;
+
+ // ioctl() should fail, since libcutils sets and seals the buffer size after creating it.
+ ASSERT_NO_FATAL_FAILURE(TestCreateRegion(getpagesize(), fd, PROT_READ | PROT_WRITE |
+ PROT_EXEC));
+ ASSERT_LT(ioctl(fd, ASHMEM_SET_SIZE, 2 * getpagesize()), 0);
+}
+
+TEST_F(AshmemTestMemfdAshmemCompat, GetSizeTest) {
+ unique_fd fd;
+ size_t bufSize = getpagesize();
+
+ ASSERT_NO_FATAL_FAILURE(TestCreateRegion(bufSize, fd, PROT_READ | PROT_WRITE | PROT_EXEC));
+ ASSERT_EQ(static_cast<int>(bufSize), ioctl(fd, ASHMEM_GET_SIZE, 0));
+}
+
+TEST_F(AshmemTestMemfdAshmemCompat, ProtMaskTest) {
+ unique_fd fd;
+ ASSERT_NO_FATAL_FAILURE(TestCreateRegion(getpagesize(), fd, PROT_READ | PROT_WRITE |
+ PROT_EXEC));
+
+ // We can only change PROT_WRITE for memfds since memfd implements ashmem's prot_mask through
+ // file seals, and only write seals exist.
+ //
+ // All memfd files start off as being writable (i.e. PROT_WRITE is part of the prot_mask).
+ // Test to ensure that the implementation only clears the PROT_WRITE bit when requested.
+ ASSERT_EQ(0, ioctl(fd, ASHMEM_SET_PROT_MASK, PROT_READ | PROT_WRITE | PROT_EXEC));
+ int prot = ioctl(fd, ASHMEM_GET_PROT_MASK, 0);
+ ASSERT_NE(prot, -1);
+ ASSERT_TRUE(prot & PROT_WRITE) << prot;
+
+ ASSERT_EQ(0, ioctl(fd, ASHMEM_SET_PROT_MASK, PROT_READ | PROT_EXEC));
+ prot = ioctl(fd, ASHMEM_GET_PROT_MASK, 0);
+ ASSERT_NE(prot, -1);
+ ASSERT_TRUE(!(prot & PROT_WRITE)) << prot;
+
+ // The shim layer should implement clearing PROT_WRITE via file seals, so check the file
+ // seals to ensure that F_SEAL_FUTURE_WRITE is set.
+ int seals = fcntl(fd, F_GET_SEALS, 0);
+ ASSERT_NE(seals, -1);
+ ASSERT_TRUE(seals & F_SEAL_FUTURE_WRITE) << seals;
+
+ // Similarly, ensure that file seals affect prot_mask
+ unique_fd fd2;
+ ASSERT_NO_FATAL_FAILURE(TestCreateRegion(getpagesize(), fd2, PROT_READ | PROT_WRITE |
+ PROT_EXEC));
+ ASSERT_EQ(0, fcntl(fd2, F_ADD_SEALS, F_SEAL_FUTURE_WRITE));
+ prot = ioctl(fd2, ASHMEM_GET_PROT_MASK, 0);
+ ASSERT_NE(prot, -1);
+ ASSERT_TRUE(!(prot & PROT_WRITE)) << prot;
+
+ // And finally, ensure that adding back permissions fails
+ ASSERT_LT(ioctl(fd2, ASHMEM_SET_PROT_MASK, PROT_READ | PROT_WRITE | PROT_EXEC), 0);
+}
+
+TEST_F(AshmemTestMemfdAshmemCompat, FileIDTest) {
+ unique_fd fd;
+ ASSERT_NO_FATAL_FAILURE(TestCreateRegion(getpagesize(), fd, PROT_READ | PROT_WRITE |
+ PROT_EXEC));
+
+ unsigned long ino;
+ ASSERT_EQ(0, ioctl(fd, ASHMEM_GET_FILE_ID, &ino));
+ struct stat st;
+ ASSERT_EQ(0, fstat(fd, &st));
+ ASSERT_EQ(ino, st.st_ino);
+}
+
+TEST_F(AshmemTestMemfdAshmemCompat, UnpinningTest) {
+ unique_fd fd;
+ size_t bufSize = getpagesize();
+ ASSERT_NO_FATAL_FAILURE(TestCreateRegion(getpagesize(), fd, PROT_READ | PROT_WRITE |
+ PROT_EXEC));
+
+ struct ashmem_pin pin = {
+ .offset = 0,
+ .len = static_cast<uint32_t>(bufSize),
+ };
+ ASSERT_EQ(0, ioctl(fd, ASHMEM_UNPIN, &pin));
+ // ASHMEM_UNPIN should just be a nop
+ ASSERT_EQ(ASHMEM_IS_PINNED, ioctl(fd, ASHMEM_GET_PIN_STATUS, 0));
+
+ // This shouldn't do anything; when we pin the page, it shouldn't have been purged.
+ ASSERT_EQ(0, ioctl(fd, ASHMEM_PURGE_ALL_CACHES, 0));
+ ASSERT_EQ(ASHMEM_NOT_PURGED, ioctl(fd, ASHMEM_PIN, &pin));
+}
\ No newline at end of file
diff --git a/libsparse/Android.bp b/libsparse/Android.bp
index 44907a1..1d67cbe 100644
--- a/libsparse/Android.bp
+++ b/libsparse/Android.bp
@@ -89,11 +89,6 @@
name: "simg_dump",
main: "simg_dump.py",
srcs: ["simg_dump.py"],
- version: {
- py3: {
- embedded_launcher: true,
- },
- },
}
cc_fuzz {
diff --git a/libsync/sync.c b/libsync/sync.c
index b8c48c7..c4c4472 100644
--- a/libsync/sync.c
+++ b/libsync/sync.c
@@ -117,7 +117,7 @@
UAPI_MODERN,
UAPI_LEGACY
};
-static atomic_int g_uapi_version = ATOMIC_VAR_INIT(UAPI_UNKNOWN);
+static atomic_int g_uapi_version = UAPI_UNKNOWN;
// ---------------------------------------------------------------------------
diff --git a/rootdir/init.rc b/rootdir/init.rc
index 4787ba3..1545d09 100644
--- a/rootdir/init.rc
+++ b/rootdir/init.rc
@@ -730,7 +730,6 @@
mkdir /data/apex/active 0755 root system
mkdir /data/apex/backup 0700 root system
mkdir /data/apex/decompressed 0755 root system encryption=Require
- mkdir /data/apex/sessions 0700 root system
mkdir /data/app-staging 0751 system system encryption=DeleteIfNecessary
mkdir /data/apex/ota_reserved 0700 root system encryption=Require
setprop apexd.status ""
diff --git a/trusty/storage/interface/Android.bp b/trusty/storage/interface/Android.bp
deleted file mode 100644
index 769f53d..0000000
--- a/trusty/storage/interface/Android.bp
+++ /dev/null
@@ -1,26 +0,0 @@
-//
-// Copyright (C) 2015 The Android Open-Source Project
-//
-// Licensed under the Apache License, Version 2.0 (the "License");
-// you may not use this file except in compliance with the License.
-// You may obtain a copy of the License at
-//
-// http://www.apache.org/licenses/LICENSE-2.0
-//
-// Unless required by applicable law or agreed to in writing, software
-// distributed under the License is distributed on an "AS IS" BASIS,
-// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-// See the License for the specific language governing permissions and
-// limitations under the License.
-//
-
-package {
- default_applicable_licenses: ["Android-Apache-2.0"],
-}
-
-cc_library_static {
- name: "libtrustystorageinterface",
- vendor_available: true,
- system_ext_specific: true,
- export_include_dirs: ["include"],
-}
diff --git a/trusty/storage/interface/include/trusty/interface/storage.h b/trusty/storage/interface/include/trusty/interface/storage.h
deleted file mode 100644
index 3291607..0000000
--- a/trusty/storage/interface/include/trusty/interface/storage.h
+++ /dev/null
@@ -1,313 +0,0 @@
-/*
- * Copyright (C) 2015-2016 The Android Open Source Project
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-
-#pragma once
-
-#include <stdint.h>
-
-/*
- * Storage port names
- * @STORAGE_CLIENT_TD_PORT: Port used by clients that require tamper and
- * rollback detection.
- * @STORAGE_CLIENT_TDEA_PORT: Port used by clients that require storage before
- * the non-secure os has booted.
- * @STORAGE_CLIENT_TP_PORT: Port used by clients that require tamper proof
- * storage. Note that non-secure code can prevent
- read and write operations from succeeding, but
- it cannot modify on-disk data.
- * @STORAGE_DISK_PROXY_PORT: Port used by non-secure proxy server
- */
-#define STORAGE_CLIENT_TD_PORT "com.android.trusty.storage.client.td"
-#define STORAGE_CLIENT_TDEA_PORT "com.android.trusty.storage.client.tdea"
-#define STORAGE_CLIENT_TP_PORT "com.android.trusty.storage.client.tp"
-#define STORAGE_DISK_PROXY_PORT "com.android.trusty.storage.proxy"
-
-enum storage_cmd {
- STORAGE_REQ_SHIFT = 1,
- STORAGE_RESP_BIT = 1,
-
- STORAGE_RESP_MSG_ERR = STORAGE_RESP_BIT,
-
- STORAGE_FILE_DELETE = 1 << STORAGE_REQ_SHIFT,
- STORAGE_FILE_OPEN = 2 << STORAGE_REQ_SHIFT,
- STORAGE_FILE_CLOSE = 3 << STORAGE_REQ_SHIFT,
- STORAGE_FILE_READ = 4 << STORAGE_REQ_SHIFT,
- STORAGE_FILE_WRITE = 5 << STORAGE_REQ_SHIFT,
- STORAGE_FILE_GET_SIZE = 6 << STORAGE_REQ_SHIFT,
- STORAGE_FILE_SET_SIZE = 7 << STORAGE_REQ_SHIFT,
-
- STORAGE_RPMB_SEND = 8 << STORAGE_REQ_SHIFT,
-
- /* transaction support */
- STORAGE_END_TRANSACTION = 9 << STORAGE_REQ_SHIFT,
-
- STORAGE_FILE_GET_MAX_SIZE = 12 << STORAGE_REQ_SHIFT,
-};
-
-/**
- * enum storage_err - error codes for storage protocol
- * @STORAGE_NO_ERROR: all OK
- * @STORAGE_ERR_GENERIC: unknown error. Can occur when there's an internal server
- * error, e.g. the server runs out of memory or is in a bad state.
- * @STORAGE_ERR_NOT_VALID: input not valid. May occur if the arguments passed
- * into the command are not valid, for example if the file handle
- * passed in is not a valid one.
- * @STORAGE_ERR_UNIMPLEMENTED: the command passed in is not recognized
- * @STORAGE_ERR_ACCESS: the file is not accessible in the requested mode
- * @STORAGE_ERR_NOT_FOUND: the file was not found
- * @STORAGE_ERR_EXIST the file exists when it shouldn't as in with OPEN_CREATE | OPEN_EXCLUSIVE.
- * @STORAGE_ERR_TRANSACT returned by various operations to indicate that current transaction
- * is in error state. Such state could be only cleared by sending
- * STORAGE_END_TRANSACTION message.
- * @STORAGE_ERR_SYNC_FAILURE indicates that the current operation failed to sync
- * to disk. Only returned if STORAGE_MSG_FLAG_PRE_COMMIT or
- * STORAGE_MSG_FLAG_POST_COMMIT was set for the request.
- */
-enum storage_err {
- STORAGE_NO_ERROR = 0,
- STORAGE_ERR_GENERIC = 1,
- STORAGE_ERR_NOT_VALID = 2,
- STORAGE_ERR_UNIMPLEMENTED = 3,
- STORAGE_ERR_ACCESS = 4,
- STORAGE_ERR_NOT_FOUND = 5,
- STORAGE_ERR_EXIST = 6,
- STORAGE_ERR_TRANSACT = 7,
- STORAGE_ERR_SYNC_FAILURE = 8,
-};
-
-/**
- * storage_delete_flag - flags for controlling delete semantics
- */
-enum storage_file_delete_flag {
- STORAGE_FILE_DELETE_MASK = 0,
-};
-
-/**
- * storage_file_flag - Flags to control 'open' semantics.
- * @STORAGE_FILE_OPEN_CREATE: if this file does not exist, create it.
- * @STORAGE_FILE_OPEN_CREATE_EXCLUSIVE: causes STORAGE_FILE_OPEN_CREATE to fail if the file
- * already exists. Only meaningful if used in combination
- * with STORAGE_FILE_OPEN_CREATE.
- * @STORAGE_FILE_OPEN_TRUNCATE: if this file already exists, discard existing content
- * and open it as a new file. No change in semantics if the
- * file does not exist.
- * @STORAGE_FILE_OPEN_MASK: mask for all open flags supported in current protocol.
- * All other bits must be set to 0.
- */
-enum storage_file_open_flag {
- STORAGE_FILE_OPEN_CREATE = (1 << 0),
- STORAGE_FILE_OPEN_CREATE_EXCLUSIVE = (1 << 1),
- STORAGE_FILE_OPEN_TRUNCATE = (1 << 2),
- STORAGE_FILE_OPEN_MASK = STORAGE_FILE_OPEN_CREATE |
- STORAGE_FILE_OPEN_TRUNCATE |
- STORAGE_FILE_OPEN_CREATE_EXCLUSIVE,
-};
-
-/**
- * enum storage_msg_flag - protocol-level flags in struct storage_msg
- * @STORAGE_MSG_FLAG_BATCH: if set, command belongs to a batch transaction.
- * No response will be sent by the server until
- * it receives a command with this flag unset, at
- * which point a cumulative result for all messages
- * sent with STORAGE_MSG_FLAG_BATCH will be sent.
- * This is only supported by the non-secure disk proxy
- * server.
- * @STORAGE_MSG_FLAG_PRE_COMMIT: if set, indicates that server need to commit
- * pending changes before processing this message.
- * @STORAGE_MSG_FLAG_POST_COMMIT: if set, indicates that server need to commit
- * pending changes after processing this message.
- * @STORAGE_MSG_FLAG_TRANSACT_COMPLETE: if set, indicates that server need to commit
- * current transaction after processing this message.
- * It is an alias for STORAGE_MSG_FLAG_POST_COMMIT.
- * @STORAGE_MSG_FLAG_PRE_COMMIT_CHECKPOINT: if set, indicates that server needs to ensure
- * that there is not a pending checkpoint for
- * userdata before processing this message.
- */
-enum storage_msg_flag {
- STORAGE_MSG_FLAG_BATCH = 0x1,
- STORAGE_MSG_FLAG_PRE_COMMIT = 0x2,
- STORAGE_MSG_FLAG_POST_COMMIT = 0x4,
- STORAGE_MSG_FLAG_TRANSACT_COMPLETE = STORAGE_MSG_FLAG_POST_COMMIT,
- STORAGE_MSG_FLAG_PRE_COMMIT_CHECKPOINT = 0x8,
-};
-
-/*
- * The following declarations are the message-specific contents of
- * the 'payload' element inside struct storage_msg.
- */
-
-/**
- * struct storage_file_delete_req - request format for STORAGE_FILE_DELETE
- * @flags: currently unused, must be set to 0.
- * @name: the name of the file
- */
-struct storage_file_delete_req {
- uint32_t flags;
- char name[0];
-};
-
-/**
- * struct storage_file_open_req - request format for STORAGE_FILE_OPEN
- * @flags: any of enum storage_file_flag or'ed together
- * @name: the name of the file
- */
-struct storage_file_open_req {
- uint32_t flags;
- char name[0];
-};
-
-/**
- * struct storage_file_open_resp - response format for STORAGE_FILE_OPEN
- * @handle: opaque handle to the opened file. Only present on success.
- */
-struct storage_file_open_resp {
- uint32_t handle;
-};
-
-/**
- * struct storage_file_close_req - request format for STORAGE_FILE_CLOSE
- * @handle: the handle for the file to close
- */
-struct storage_file_close_req {
- uint32_t handle;
-};
-
-/**
- * struct storage_file_get_max_size_req - request format for
- * STORAGE_FILE_GET_MAX_SIZE
- * @handle: the handle for the file whose max size is requested
- */
-struct storage_file_get_max_size_req {
- uint32_t handle;
-};
-
-/**
- * struct storage_file_get_max_size_resp - response format for
- * STORAGE_FILE_GET_MAX_SIZE
- * @max_size: the maximum size of the file
- */
-struct storage_file_get_max_size_resp {
- uint64_t max_size;
-};
-
-/**
- * struct storage_file_read_req - request format for STORAGE_FILE_READ
- * @handle: the handle for the file from which to read
- * @size: the quantity of bytes to read from the file
- * @offset: the offset in the file from whence to read
- */
-struct storage_file_read_req {
- uint32_t handle;
- uint32_t size;
- uint64_t offset;
-};
-
-/**
- * struct storage_file_read_resp - response format for STORAGE_FILE_READ
- * @data: beginning of data retrieved from file
- */
-struct storage_file_read_resp {
- uint8_t data[0];
-};
-
-/**
- * struct storage_file_write_req - request format for STORAGE_FILE_WRITE
- * @handle: the handle for the file to write to
- * @offset: the offset in the file from whence to write
- * @__reserved: unused, must be set to 0.
- * @data: beginning of the data to be written
- */
-struct storage_file_write_req {
- uint64_t offset;
- uint32_t handle;
- uint32_t __reserved;
- uint8_t data[0];
-};
-
-/**
- * struct storage_file_get_size_req - request format for STORAGE_FILE_GET_SIZE
- * @handle: handle for which the size is requested
- */
-struct storage_file_get_size_req {
- uint32_t handle;
-};
-
-/**
- * struct storage_file_get_size_resp - response format for STORAGE_FILE_GET_SIZE
- * @size: the size of the file
- */
-struct storage_file_get_size_resp {
- uint64_t size;
-};
-
-/**
- * struct storage_file_set_size_req - request format for STORAGE_FILE_SET_SIZE
- * @handle: the file handle
- * @size: the desired size of the file
- */
-struct storage_file_set_size_req {
- uint64_t size;
- uint32_t handle;
-};
-
-/**
- * struct storage_rpmb_send_req - request format for STORAGE_RPMB_SEND
- * @reliable_write_size: size in bytes of reliable write region
- * @write_size: size in bytes of write region
- * @read_size: number of bytes to read for a read request
- * @__reserved: unused, must be set to 0
- * @payload: start of reliable write region, followed by
- * write region.
- *
- * Only used in proxy<->server interface.
- */
-struct storage_rpmb_send_req {
- uint32_t reliable_write_size;
- uint32_t write_size;
- uint32_t read_size;
- uint32_t __reserved;
- uint8_t payload[0];
-};
-
-/**
- * struct storage_rpmb_send_resp: response type for STORAGE_RPMB_SEND
- * @data: the data frames frames retrieved from the MMC.
- */
-struct storage_rpmb_send_resp {
- uint8_t data[0];
-};
-
-/**
- * struct storage_msg - generic req/resp format for all storage commands
- * @cmd: one of enum storage_cmd
- * @op_id: client chosen operation identifier for an instance
- * of a command or atomic grouping of commands (transaction).
- * @flags: one or many of enum storage_msg_flag or'ed together.
- * @size: total size of the message including this header
- * @result: one of enum storage_err
- * @__reserved: unused, must be set to 0.
- * @payload: beginning of command specific message format
- */
-struct storage_msg {
- uint32_t cmd;
- uint32_t op_id;
- uint32_t flags;
- uint32_t size;
- int32_t result;
- uint32_t __reserved;
- uint8_t payload[0];
-};
-
diff --git a/trusty/storage/lib/include/trusty/lib/storage.h b/trusty/storage/lib/include/trusty/lib/storage.h
index b8ddf67..4335619 100644
--- a/trusty/storage/lib/include/trusty/lib/storage.h
+++ b/trusty/storage/lib/include/trusty/lib/storage.h
@@ -16,8 +16,8 @@
#pragma once
+#include <interface/storage/storage.h>
#include <stdint.h>
-#include <trusty/interface/storage.h>
#define STORAGE_MAX_NAME_LENGTH_BYTES 159
diff --git a/trusty/storage/proxy/ipc.h b/trusty/storage/proxy/ipc.h
index 2e366bb..020f121 100644
--- a/trusty/storage/proxy/ipc.h
+++ b/trusty/storage/proxy/ipc.h
@@ -15,8 +15,8 @@
*/
#pragma once
+#include <interface/storage/storage.h>
#include <stdint.h>
-#include <trusty/interface/storage.h>
int ipc_connect(const char *device, const char *service_name);
void ipc_disconnect(void);
diff --git a/trusty/storage/proxy/rpmb.h b/trusty/storage/proxy/rpmb.h
index 04bdf9a..1761eec 100644
--- a/trusty/storage/proxy/rpmb.h
+++ b/trusty/storage/proxy/rpmb.h
@@ -15,8 +15,8 @@
*/
#pragma once
+#include <interface/storage/storage.h>
#include <stdint.h>
-#include <trusty/interface/storage.h>
#include "watchdog.h"
diff --git a/trusty/storage/proxy/storage.h b/trusty/storage/proxy/storage.h
index 6dbfe37..f46f785 100644
--- a/trusty/storage/proxy/storage.h
+++ b/trusty/storage/proxy/storage.h
@@ -15,8 +15,8 @@
*/
#pragma once
+#include <interface/storage/storage.h>
#include <stdint.h>
-#include <trusty/interface/storage.h>
/* Defined in watchdog.h */
struct watcher;
diff --git a/trusty/test/driver/Android.bp b/trusty/test/driver/Android.bp
index b813a04..3faa878 100644
--- a/trusty/test/driver/Android.bp
+++ b/trusty/test/driver/Android.bp
@@ -23,10 +23,4 @@
"**/*.py",
],
test_suites: ["general-tests"],
- version: {
- py3: {
- embedded_launcher: true,
- enabled: true,
- },
- },
}
diff --git a/trusty/utils/rpmb_dev/rpmb_dev.test.system.rc b/trusty/utils/rpmb_dev/rpmb_dev.test.system.rc
index 2127798..c85dd12 100644
--- a/trusty/utils/rpmb_dev/rpmb_dev.test.system.rc
+++ b/trusty/utils/rpmb_dev/rpmb_dev.test.system.rc
@@ -1,11 +1,15 @@
-service trusty_test_vm /apex/com.android.virt/bin/vm run \
- /data/local/tmp/TrustyTestVM_UnitTests/trusty-test_vm-config.json
+service storageproxyd_test_vm /system_ext/bin/storageproxyd.system \
+ -d VSOCK:${trusty.test_vm.vm_cid}:1 \
+ -r /dev/socket/rpmb_mock_test_system \
+ -p /data/secure_storage_test_system \
+ -t sock
disabled
+ class hal
user system
group system
-service storageproxyd_test_system /system_ext/bin/storageproxyd.system \
- -d VSOCK:${trusty.test_vm.vm_cid}:1 \
+service storageproxyd_test_vm_os /system_ext/bin/storageproxyd.system \
+ -d VSOCK:${trusty.test_vm_os.vm_cid}:1 \
-r /dev/socket/rpmb_mock_test_system \
-p /data/secure_storage_test_system \
-t sock
diff --git a/trusty/utils/trusty-ut-ctrl/Android.bp b/trusty/utils/trusty-ut-ctrl/Android.bp
index c255614..dbd8016 100644
--- a/trusty/utils/trusty-ut-ctrl/Android.bp
+++ b/trusty/utils/trusty-ut-ctrl/Android.bp
@@ -39,8 +39,8 @@
vendor: true,
}
-cc_binary {
+cc_test {
name: "trusty-ut-ctrl.system",
defaults: ["trusty-ut-ctrl.defaults"],
- system_ext_specific: true,
+ gtest: false,
}