Merge "Move selinux policy build decisions to sepolicy Makefile"
diff --git a/adb/adb_utils.cpp b/adb/adb_utils.cpp
index 7058acb..31d3dc6 100644
--- a/adb/adb_utils.cpp
+++ b/adb/adb_utils.cpp
@@ -75,7 +75,7 @@
 
 bool directory_exists(const std::string& path) {
   struct stat sb;
-  return lstat(path.c_str(), &sb) != -1 && S_ISDIR(sb.st_mode);
+  return stat(path.c_str(), &sb) != -1 && S_ISDIR(sb.st_mode);
 }
 
 std::string escape_arg(const std::string& s) {
diff --git a/adb/adb_utils_test.cpp b/adb/adb_utils_test.cpp
index a3bc445..e1b6287 100644
--- a/adb/adb_utils_test.cpp
+++ b/adb/adb_utils_test.cpp
@@ -55,7 +55,6 @@
   ASSERT_FALSE(directory_exists(subdir(profiles_dir, "does-not-exist")));
 #else
   ASSERT_TRUE(directory_exists("/proc"));
-  ASSERT_FALSE(directory_exists("/proc/self")); // Symbolic link.
   ASSERT_FALSE(directory_exists("/proc/does-not-exist"));
 #endif
 }
diff --git a/adb/commandline.cpp b/adb/commandline.cpp
index 3de7be6..4979eef 100644
--- a/adb/commandline.cpp
+++ b/adb/commandline.cpp
@@ -782,9 +782,16 @@
     return RemoteShell(use_shell_protocol, shell_type_arg, escape_char, command);
 }
 
-static int adb_download_buffer(const char *service, const char *fn, const void* data, unsigned sz,
-                               bool show_progress)
-{
+static int adb_download_buffer(const char* service, const char* filename) {
+    std::string content;
+    if (!android::base::ReadFileToString(filename, &content)) {
+        fprintf(stderr, "error: couldn't read %s: %s\n", filename, strerror(errno));
+        return -1;
+    }
+
+    const uint8_t* data = reinterpret_cast<const uint8_t*>(content.data());
+    unsigned sz = content.size();
+
     std::string error;
     int fd = adb_connect(android::base::StringPrintf("%s:%d", service, sz), &error);
     if (fd < 0) {
@@ -798,10 +805,8 @@
     unsigned total = sz;
     const uint8_t* ptr = reinterpret_cast<const uint8_t*>(data);
 
-    if (show_progress) {
-        const char* x = strrchr(service, ':');
-        if (x) service = x + 1;
-    }
+    const char* x = strrchr(service, ':');
+    if (x) service = x + 1;
 
     while (sz > 0) {
         unsigned xfer = (sz > CHUNK_SIZE) ? CHUNK_SIZE : sz;
@@ -814,14 +819,10 @@
         }
         sz -= xfer;
         ptr += xfer;
-        if (show_progress) {
-            printf("sending: '%s' %4d%%    \r", fn, (int)(100LL - ((100LL * sz) / (total))));
-            fflush(stdout);
-        }
+        printf("sending: '%s' %4d%%    \r", filename, (int)(100LL - ((100LL * sz) / (total))));
+        fflush(stdout);
     }
-    if (show_progress) {
-        printf("\n");
-    }
+    printf("\n");
 
     if (!adb_status(fd, &error)) {
         fprintf(stderr,"* error response '%s' *\n", error.c_str());
@@ -854,38 +855,40 @@
  * - When the other side sends "DONEDONE" instead of a block number,
  *   we hang up.
  */
-static int adb_sideload_host(const char* fn) {
-    fprintf(stderr, "loading: '%s'...\n", fn);
-
-    std::string content;
-    if (!android::base::ReadFileToString(fn, &content)) {
-        fprintf(stderr, "failed: %s\n", strerror(errno));
+static int adb_sideload_host(const char* filename) {
+    fprintf(stderr, "opening '%s'...\n", filename);
+    struct stat sb;
+    if (stat(filename, &sb) == -1) {
+        fprintf(stderr, "failed to stat file %s: %s\n", filename, strerror(errno));
+        return -1;
+    }
+    unique_fd package_fd(adb_open(filename, O_RDONLY));
+    if (package_fd == -1) {
+        fprintf(stderr, "failed to open file %s: %s\n", filename, strerror(errno));
         return -1;
     }
 
-    const uint8_t* data = reinterpret_cast<const uint8_t*>(content.data());
-    unsigned sz = content.size();
-
     fprintf(stderr, "connecting...\n");
-    std::string service =
-            android::base::StringPrintf("sideload-host:%d:%d", sz, SIDELOAD_HOST_BLOCK_SIZE);
+    std::string service = android::base::StringPrintf(
+        "sideload-host:%d:%d", static_cast<int>(sb.st_size), SIDELOAD_HOST_BLOCK_SIZE);
     std::string error;
-    unique_fd fd(adb_connect(service, &error));
-    if (fd < 0) {
-        // Try falling back to the older sideload method.  Maybe this
+    unique_fd device_fd(adb_connect(service, &error));
+    if (device_fd < 0) {
+        // Try falling back to the older (<= K) sideload method. Maybe this
         // is an older device that doesn't support sideload-host.
         fprintf(stderr, "falling back to older sideload method...\n");
-        return adb_download_buffer("sideload", fn, data, sz, true);
+        return adb_download_buffer("sideload", filename);
     }
 
     int opt = SIDELOAD_HOST_BLOCK_SIZE;
-    adb_setsockopt(fd, SOL_SOCKET, SO_SNDBUF, &opt, sizeof(opt));
+    adb_setsockopt(device_fd, SOL_SOCKET, SO_SNDBUF, &opt, sizeof(opt));
+
+    char buf[SIDELOAD_HOST_BLOCK_SIZE];
 
     size_t xfer = 0;
     int last_percent = -1;
     while (true) {
-        char buf[9];
-        if (!ReadFdExactly(fd, buf, 8)) {
+        if (!ReadFdExactly(device_fd, buf, 8)) {
             fprintf(stderr, "* failed to read command: %s\n", strerror(errno));
             return -1;
         }
@@ -893,26 +896,35 @@
 
         if (strcmp("DONEDONE", buf) == 0) {
             printf("\rTotal xfer: %.2fx%*s\n",
-                   (double)xfer / (sz ? sz : 1), (int)strlen(fn)+10, "");
+                   static_cast<double>(xfer) / (sb.st_size ? sb.st_size : 1),
+                   static_cast<int>(strlen(filename) + 10), "");
             return 0;
         }
 
         int block = strtol(buf, NULL, 10);
 
         size_t offset = block * SIDELOAD_HOST_BLOCK_SIZE;
-        if (offset >= sz) {
+        if (offset >= static_cast<size_t>(sb.st_size)) {
             fprintf(stderr, "* attempt to read block %d past end\n", block);
             return -1;
         }
-        const uint8_t* start = data + offset;
-        size_t offset_end = offset + SIDELOAD_HOST_BLOCK_SIZE;
+
         size_t to_write = SIDELOAD_HOST_BLOCK_SIZE;
-        if (offset_end > sz) {
-            to_write = sz - offset;
+        if ((offset + SIDELOAD_HOST_BLOCK_SIZE) > static_cast<size_t>(sb.st_size)) {
+            to_write = sb.st_size - offset;
         }
 
-        if (!WriteFdExactly(fd, start, to_write)) {
-            adb_status(fd, &error);
+        if (adb_lseek(package_fd, offset, SEEK_SET) != static_cast<int>(offset)) {
+            fprintf(stderr, "* failed to seek to package block: %s\n", strerror(errno));
+            return -1;
+        }
+        if (!ReadFdExactly(package_fd, buf, to_write)) {
+            fprintf(stderr, "* failed to read package block: %s\n", strerror(errno));
+            return -1;
+        }
+
+        if (!WriteFdExactly(device_fd, buf, to_write)) {
+            adb_status(device_fd, &error);
             fprintf(stderr,"* failed to write data '%s' *\n", error.c_str());
             return -1;
         }
@@ -924,9 +936,9 @@
         // extra access to things like the zip central directory).
         // This estimate of the completion becomes 100% when we've
         // transferred ~2.13 (=100/47) times the package size.
-        int percent = (int)(xfer * 47LL / (sz ? sz : 1));
+        int percent = static_cast<int>(xfer * 47LL / (sb.st_size ? sb.st_size : 1));
         if (percent != last_percent) {
-            printf("\rserving: '%s'  (~%d%%)    ", fn, percent);
+            printf("\rserving: '%s'  (~%d%%)    ", filename, percent);
             fflush(stdout);
             last_percent = percent;
         }
diff --git a/cpio/mkbootfs.c b/cpio/mkbootfs.c
index b89c395..e52762e 100644
--- a/cpio/mkbootfs.c
+++ b/cpio/mkbootfs.c
@@ -301,6 +301,7 @@
             allocated *= 2;
             canned_config = (struct fs_config_entry*)realloc(
                 canned_config, allocated * sizeof(struct fs_config_entry));
+            if (canned_config == NULL) die("failed to reallocate memory");
         }
 
         struct fs_config_entry* cc = canned_config + used;
@@ -320,6 +321,7 @@
         ++allocated;
         canned_config = (struct fs_config_entry*)realloc(
             canned_config, allocated * sizeof(struct fs_config_entry));
+        if (canned_config == NULL) die("failed to reallocate memory");
     }
     canned_config[used].name = NULL;
 
diff --git a/debuggerd/handler/debuggerd_handler.cpp b/debuggerd/handler/debuggerd_handler.cpp
index cf24d57..cd00dc5 100644
--- a/debuggerd/handler/debuggerd_handler.cpp
+++ b/debuggerd/handler/debuggerd_handler.cpp
@@ -120,7 +120,7 @@
   }
 
   if (signum == DEBUGGER_SIGNAL) {
-    __libc_format_log(ANDROID_LOG_FATAL, "libc", "Requested dump for tid %d (%s)", gettid(),
+    __libc_format_log(ANDROID_LOG_INFO, "libc", "Requested dump for tid %d (%s)", gettid(),
                       thread_name);
     return;
   }
diff --git a/fs_mgr/fs_mgr_avb.cpp b/fs_mgr/fs_mgr_avb.cpp
index 2cb7e34..a762038 100644
--- a/fs_mgr/fs_mgr_avb.cpp
+++ b/fs_mgr/fs_mgr_avb.cpp
@@ -454,12 +454,12 @@
     // be returned when there is an error.
 
     std::string hash_alg;
-    if (fs_mgr_get_boot_config("vbmeta.hash_alg", &hash_alg) == 0) {
-        if (hash_alg == "sha256" || hash_alg == "sha512") {
-            return true;
-        }
+    if (!fs_mgr_get_boot_config("vbmeta.hash_alg", &hash_alg)) {
+        return false;
     }
-
+    if (hash_alg == "sha256" || hash_alg == "sha512") {
+        return true;
+    }
     return false;
 }
 
@@ -489,7 +489,13 @@
     // fs_mgr only deals with HASHTREE partitions.
     const char *requested_partitions[] = {nullptr};
     std::string ab_suffix;
-    fs_mgr_get_boot_config("slot_suffix", &ab_suffix);
+    std::string slot;
+    if (fs_mgr_get_boot_config("slot", &slot)) {
+        ab_suffix = "_" + slot;
+    } else {
+        // remove slot_suffix once bootloaders update to new androidboot.slot param
+        fs_mgr_get_boot_config("slot_suffix", &ab_suffix);
+    }
     AvbSlotVerifyResult verify_result =
         avb_slot_verify(fs_mgr_avb_ops, requested_partitions, ab_suffix.c_str(),
                         fs_mgr_vbmeta_prop.allow_verification_error, &fs_mgr_avb_verify_data);
diff --git a/fs_mgr/fs_mgr_fstab.cpp b/fs_mgr/fs_mgr_fstab.cpp
index a4f88ba..720ec03 100644
--- a/fs_mgr/fs_mgr_fstab.cpp
+++ b/fs_mgr/fs_mgr_fstab.cpp
@@ -646,7 +646,10 @@
     std::string hw;
     std::string default_fstab;
 
-    if (fs_mgr_get_boot_config("hardware", &hw)) {
+    // Use different fstab paths for normal boot and recovery boot, respectively
+    if (access("/sbin/recovery", F_OK) == 0) {
+        default_fstab = "/etc/recovery.fstab";
+    } else if (fs_mgr_get_boot_config("hardware", &hw)) {  // normal boot
         for (const char *prefix : {"/odm/etc/fstab.","/vendor/etc/fstab.", "/fstab."}) {
             default_fstab = prefix + hw;
             if (access(default_fstab.c_str(), F_OK) == 0) break;
diff --git a/fs_mgr/fs_mgr_slotselect.cpp b/fs_mgr/fs_mgr_slotselect.cpp
index a536b22..7a45473 100644
--- a/fs_mgr/fs_mgr_slotselect.cpp
+++ b/fs_mgr/fs_mgr_slotselect.cpp
@@ -31,15 +31,16 @@
             char *tmp;
 
             if (!got_suffix) {
-                if (!fs_mgr_get_boot_config("slot_suffix", &suffix)) {
-                  return -1;
+                std::string slot;
+                if (fs_mgr_get_boot_config("slot", &slot)) {
+                    suffix = "_" + slot;
+                } else if (!fs_mgr_get_boot_config("slot_suffix", &suffix)) {
+                    // remove slot_suffix once bootloaders update to new androidboot.slot param
+                    return -1;
                 }
-                got_suffix = 1;
-                // remove below line when bootloaders fix androidboot.slot_suffix param
-                if (suffix[0] == '_') suffix.erase(suffix.begin());
             }
 
-            if (asprintf(&tmp, "%s_%s", fstab->recs[n].blk_device, suffix.c_str()) > 0) {
+            if (asprintf(&tmp, "%s%s", fstab->recs[n].blk_device, suffix.c_str()) > 0) {
                 free(fstab->recs[n].blk_device);
                 fstab->recs[n].blk_device = tmp;
             } else {
diff --git a/init/README.md b/init/README.md
index 99522b9..709c667 100644
--- a/init/README.md
+++ b/init/README.md
@@ -282,6 +282,11 @@
 `copy <src> <dst>`
 > Copies a file. Similar to write, but useful for binary/large
   amounts of data.
+  Regarding to the src file, copying from symbol link file and world-writable
+  or group-writable files are not allowed.
+  Regarding to the dst file, the default mode created is 0600 if it does not
+  exist. And it will be truncated if dst file is a normal regular file and
+  already exists.
 
 `domainname <name>`
 > Set the domain name.
diff --git a/init/builtins.cpp b/init/builtins.cpp
index 24875d5..32e9ef6 100644
--- a/init/builtins.cpp
+++ b/init/builtins.cpp
@@ -704,61 +704,11 @@
 }
 
 static int do_copy(const std::vector<std::string>& args) {
-    char *buffer = NULL;
-    int rc = 0;
-    int fd1 = -1, fd2 = -1;
-    struct stat info;
-    int brtw, brtr;
-    char *p;
-
-    if (stat(args[1].c_str(), &info) < 0)
-        return -1;
-
-    if ((fd1 = open(args[1].c_str(), O_RDONLY|O_CLOEXEC)) < 0)
-        goto out_err;
-
-    if ((fd2 = open(args[2].c_str(), O_WRONLY|O_CREAT|O_TRUNC|O_CLOEXEC, 0660)) < 0)
-        goto out_err;
-
-    if (!(buffer = (char*) malloc(info.st_size)))
-        goto out_err;
-
-    p = buffer;
-    brtr = info.st_size;
-    while(brtr) {
-        rc = read(fd1, p, brtr);
-        if (rc < 0)
-            goto out_err;
-        if (rc == 0)
-            break;
-        p += rc;
-        brtr -= rc;
+    std::string data;
+    if (read_file(args[1].c_str(), &data)) {
+        return write_file(args[2].c_str(), data.data()) ? 0 : 1;
     }
-
-    p = buffer;
-    brtw = info.st_size;
-    while(brtw) {
-        rc = write(fd2, p, brtw);
-        if (rc < 0)
-            goto out_err;
-        if (rc == 0)
-            break;
-        p += rc;
-        brtw -= rc;
-    }
-
-    rc = 0;
-    goto out;
-out_err:
-    rc = -1;
-out:
-    if (buffer)
-        free(buffer);
-    if (fd1 >= 0)
-        close(fd1);
-    if (fd2 >= 0)
-        close(fd2);
-    return rc;
+    return 1;
 }
 
 static int do_chown(const std::vector<std::string>& args) {
diff --git a/init/init.cpp b/init/init.cpp
index 0ce1c05..23448d6 100644
--- a/init/init.cpp
+++ b/init/init.cpp
@@ -1322,22 +1322,24 @@
     am.QueueBuiltinAction(queue_property_triggers_action, "queue_property_triggers");
 
     while (true) {
-        if (!(waiting_for_exec || waiting_for_prop)) {
-            am.ExecuteOneCommand();
-            restart_processes();
-        }
-
         // By default, sleep until something happens.
         int epoll_timeout_ms = -1;
 
-        // If there's a process that needs restarting, wake up in time for that.
-        if (process_needs_restart_at != 0) {
-            epoll_timeout_ms = (process_needs_restart_at - time(nullptr)) * 1000;
-            if (epoll_timeout_ms < 0) epoll_timeout_ms = 0;
+        if (!(waiting_for_exec || waiting_for_prop)) {
+            am.ExecuteOneCommand();
         }
+        if (!(waiting_for_exec || waiting_for_prop)) {
+            restart_processes();
 
-        // If there's more work to do, wake up again immediately.
-        if (am.HasMoreCommands()) epoll_timeout_ms = 0;
+            // If there's a process that needs restarting, wake up in time for that.
+            if (process_needs_restart_at != 0) {
+                epoll_timeout_ms = (process_needs_restart_at - time(nullptr)) * 1000;
+                if (epoll_timeout_ms < 0) epoll_timeout_ms = 0;
+            }
+
+            // If there's more work to do, wake up again immediately.
+            if (am.HasMoreCommands()) epoll_timeout_ms = 0;
+        }
 
         epoll_event ev;
         int nr = TEMP_FAILURE_RETRY(epoll_wait(epoll_fd, &ev, 1, epoll_timeout_ms));
diff --git a/init/reboot.cpp b/init/reboot.cpp
index 3e2d61e..1559b6f 100644
--- a/init/reboot.cpp
+++ b/init/reboot.cpp
@@ -182,6 +182,7 @@
 
 static void __attribute__((noreturn))
 RebootSystem(unsigned int cmd, const std::string& rebootTarget) {
+    LOG(INFO) << "Reboot ending, jumping to kernel";
     switch (cmd) {
         case ANDROID_RB_POWEROFF:
             reboot(RB_POWER_OFF);
@@ -201,6 +202,16 @@
     abort();
 }
 
+static void DoSync() {
+    // quota sync is not done by sync call, so should be done separately.
+    // quota sync is in VFS level, so do it before sync, which goes down to fs level.
+    int r = quotactl(QCMD(Q_SYNC, 0), nullptr, 0 /* do not care */, 0 /* do not care */);
+    if (r < 0) {
+        PLOG(ERROR) << "quotactl failed";
+    }
+    sync();
+}
+
 /* Find all read+write block devices and emulated devices in /proc/mounts
  * and add them to correpsponding list.
  */
@@ -279,6 +290,7 @@
             UmountPartitions(&emulatedPartitions, 1, MNT_DETACH);
         }
     }
+    DoSync();  // emulated partition change can lead to update
     UmountStat stat = UMOUNT_STAT_SUCCESS;
     /* data partition needs all pending writes to be completed and all emulated partitions
      * umounted. If umount failed in the above step, it DETACH is requested, so umount can
@@ -300,15 +312,7 @@
     return stat;
 }
 
-static void DoSync() {
-    // quota sync is not done by sync cal, so should be done separately.
-    // quota sync is in VFS level, so do it before sync, which goes down to fs level.
-    int r = quotactl(QCMD(Q_SYNC, 0), nullptr, 0 /* do not care */, 0 /* do not care */);
-    if (r < 0) {
-        PLOG(ERROR) << "quotactl failed";
-    }
-    sync();
-}
+static void KillAllProcesses() { android::base::WriteStringToFile("i", "/proc/sysrq-trigger"); }
 
 static void __attribute__((noreturn)) DoThermalOff() {
     LOG(WARNING) << "Thermal system shutdown";
@@ -320,12 +324,7 @@
 void DoReboot(unsigned int cmd, const std::string& reason, const std::string& rebootTarget,
               bool runFsck) {
     Timer t;
-    std::string timeout = property_get("ro.build.shutdown_timeout");
-    unsigned int delay = 0;
-
-    if (!android::base::ParseUint(timeout, &delay)) {
-        delay = 3;  // force service termination by default
-    }
+    LOG(INFO) << "Reboot start, reason: " << reason << ", rebootTarget: " << rebootTarget;
 
     android::base::WriteStringToFile(StringPrintf("%s\n", reason.c_str()), LAST_REBOOT_REASON_FILE);
 
@@ -333,6 +332,15 @@
         DoThermalOff();
         abort();
     }
+
+    std::string timeout = property_get("ro.build.shutdown_timeout");
+    unsigned int delay = 0;
+    if (!android::base::ParseUint(timeout, &delay)) {
+        delay = 3;  // force service termination by default
+    } else {
+        LOG(INFO) << "ro.build.shutdown_timeout set:" << delay;
+    }
+
     static const constexpr char* shutdown_critical_services[] = {"vold", "watchdogd"};
     for (const char* name : shutdown_critical_services) {
         Service* s = ServiceManager::GetInstance().FindServiceByName(name);
@@ -398,11 +406,12 @@
     Service* voldService = ServiceManager::GetInstance().FindServiceByName("vold");
     if (voldService != nullptr && voldService->IsRunning()) {
         ShutdownVold();
-        voldService->Terminate();
     } else {
         LOG(INFO) << "vold not running, skipping vold shutdown";
     }
-
+    if (delay == 0) {  // no processes terminated. kill all instead.
+        KillAllProcesses();
+    }
     // 4. sync, try umount, and optionally run fsck for user shutdown
     DoSync();
     UmountStat stat = TryUmountAndFsck(runFsck);
diff --git a/init/service.cpp b/init/service.cpp
index 35aaa56..c8d1cb1 100644
--- a/init/service.cpp
+++ b/init/service.cpp
@@ -889,15 +889,10 @@
         }
     }
 
-    std::unique_ptr<Service> svc_p(new Service(name, "default", flags, uid, gid, supp_gids,
-                                               no_capabilities, namespace_flags, seclabel,
-                                               str_args));
-    if (!svc_p) {
-        LOG(ERROR) << "Couldn't allocate service for exec of '" << str_args[0] << "'";
-        return nullptr;
-    }
+    auto svc_p = std::make_unique<Service>(name, "default", flags, uid, gid, supp_gids,
+                                           no_capabilities, namespace_flags, seclabel, str_args);
     Service* svc = svc_p.get();
-    services_.push_back(std::move(svc_p));
+    services_.emplace_back(std::move(svc_p));
 
     return svc;
 }
diff --git a/init/util.cpp b/init/util.cpp
index b90e5b1..0ba9800 100644
--- a/init/util.cpp
+++ b/init/util.cpp
@@ -185,8 +185,8 @@
 }
 
 bool write_file(const char* path, const char* content) {
-    android::base::unique_fd fd(
-        TEMP_FAILURE_RETRY(open(path, O_WRONLY | O_CREAT | O_NOFOLLOW | O_CLOEXEC, 0600)));
+    android::base::unique_fd fd(TEMP_FAILURE_RETRY(
+        open(path, O_WRONLY | O_CREAT | O_NOFOLLOW | O_TRUNC | O_CLOEXEC, 0600)));
     if (fd == -1) {
         PLOG(ERROR) << "write_file: Unable to open '" << path << "'";
         return false;
diff --git a/init/util_test.cpp b/init/util_test.cpp
index 24c75c4..4e82e76 100644
--- a/init/util_test.cpp
+++ b/init/util_test.cpp
@@ -17,9 +17,15 @@
 #include "util.h"
 
 #include <errno.h>
+#include <fcntl.h>
+
+#include <sys/stat.h>
 
 #include <gtest/gtest.h>
 
+#include <android-base/stringprintf.h>
+#include <android-base/test_utils.h>
+
 TEST(util, read_file_ENOENT) {
   std::string s("hello");
   errno = 0;
@@ -28,6 +34,35 @@
   EXPECT_EQ("", s); // s was cleared.
 }
 
+TEST(util, read_file_group_writeable) {
+    std::string s("hello");
+    TemporaryFile tf;
+    ASSERT_TRUE(tf.fd != -1);
+    EXPECT_TRUE(write_file(tf.path, s.c_str())) << strerror(errno);
+    EXPECT_NE(-1, fchmodat(AT_FDCWD, tf.path, 0620, AT_SYMLINK_NOFOLLOW)) << strerror(errno);
+    EXPECT_FALSE(read_file(tf.path, &s)) << strerror(errno);
+    EXPECT_EQ("", s);  // s was cleared.
+}
+
+TEST(util, read_file_world_writeable) {
+    std::string s("hello");
+    TemporaryFile tf;
+    ASSERT_TRUE(tf.fd != -1);
+    EXPECT_TRUE(write_file(tf.path, s.c_str())) << strerror(errno);
+    EXPECT_NE(-1, fchmodat(AT_FDCWD, tf.path, 0602, AT_SYMLINK_NOFOLLOW)) << strerror(errno);
+    EXPECT_FALSE(read_file(tf.path, &s)) << strerror(errno);
+    EXPECT_EQ("", s);  // s was cleared.
+}
+
+TEST(util, read_file_symbol_link) {
+    std::string s("hello");
+    errno = 0;
+    // lrwxrwxrwx 1 root root 13 1970-01-01 00:00 charger -> /sbin/healthd
+    EXPECT_FALSE(read_file("/charger", &s));
+    EXPECT_EQ(ELOOP, errno);
+    EXPECT_EQ("", s);  // s was cleared.
+}
+
 TEST(util, read_file_success) {
   std::string s("hello");
   EXPECT_TRUE(read_file("/proc/version", &s));
@@ -37,6 +72,42 @@
   EXPECT_STREQ("Linux", s.c_str());
 }
 
+TEST(util, write_file_not_exist) {
+    std::string s("hello");
+    std::string s2("hello");
+    TemporaryDir test_dir;
+    std::string path = android::base::StringPrintf("%s/does-not-exist", test_dir.path);
+    EXPECT_TRUE(write_file(path.c_str(), s.c_str()));
+    EXPECT_TRUE(read_file(path.c_str(), &s2));
+    EXPECT_EQ(s, s2);
+    struct stat sb;
+    int fd = open(path.c_str(), O_RDONLY | O_NOFOLLOW | O_CLOEXEC);
+    EXPECT_NE(-1, fd);
+    EXPECT_EQ(0, fstat(fd, &sb));
+    EXPECT_NE(0u, sb.st_mode & S_IRUSR);
+    EXPECT_NE(0u, sb.st_mode & S_IWUSR);
+    EXPECT_EQ(0u, sb.st_mode & S_IXUSR);
+    EXPECT_EQ(0u, sb.st_mode & S_IRGRP);
+    EXPECT_EQ(0u, sb.st_mode & S_IWGRP);
+    EXPECT_EQ(0u, sb.st_mode & S_IXGRP);
+    EXPECT_EQ(0u, sb.st_mode & S_IROTH);
+    EXPECT_EQ(0u, sb.st_mode & S_IWOTH);
+    EXPECT_EQ(0u, sb.st_mode & S_IXOTH);
+    EXPECT_EQ(0, unlink(path.c_str()));
+}
+
+TEST(util, write_file_exist) {
+    std::string s2("");
+    TemporaryFile tf;
+    ASSERT_TRUE(tf.fd != -1);
+    EXPECT_TRUE(write_file(tf.path, "1hello1")) << strerror(errno);
+    EXPECT_TRUE(read_file(tf.path, &s2));
+    EXPECT_STREQ("1hello1", s2.c_str());
+    EXPECT_TRUE(write_file(tf.path, "2hello2"));
+    EXPECT_TRUE(read_file(tf.path, &s2));
+    EXPECT_STREQ("2hello2", s2.c_str());
+}
+
 TEST(util, decode_uid) {
   EXPECT_EQ(0U, decode_uid("root"));
   EXPECT_EQ(UINT_MAX, decode_uid("toot"));
diff --git a/libbacktrace/Android.bp b/libbacktrace/Android.bp
index 0e7c6f3..8f74a1a 100644
--- a/libbacktrace/Android.bp
+++ b/libbacktrace/Android.bp
@@ -114,7 +114,7 @@
         none: true,
     },
     cflags: ["-O0"],
-    srcs: ["backtrace_testlib.c"],
+    srcs: ["backtrace_testlib.cpp"],
 
     target: {
         linux: {
diff --git a/libbacktrace/Backtrace.cpp b/libbacktrace/Backtrace.cpp
index 4354f0b..3545661 100644
--- a/libbacktrace/Backtrace.cpp
+++ b/libbacktrace/Backtrace.cpp
@@ -155,7 +155,7 @@
   case BACKTRACE_UNWIND_ERROR_THREAD_DOESNT_EXIST:
     return "Thread doesn't exist";
   case BACKTRACE_UNWIND_ERROR_THREAD_TIMEOUT:
-    return "Thread has not repsonded to signal in time";
+    return "Thread has not responded to signal in time";
   case BACKTRACE_UNWIND_ERROR_UNSUPPORTED_OPERATION:
     return "Attempt to use an unsupported feature";
   case BACKTRACE_UNWIND_ERROR_NO_CONTEXT:
diff --git a/libbacktrace/backtrace_test.cpp b/libbacktrace/backtrace_test.cpp
index 24e48cd..fb463b0 100644
--- a/libbacktrace/backtrace_test.cpp
+++ b/libbacktrace/backtrace_test.cpp
@@ -36,6 +36,7 @@
 #include <algorithm>
 #include <list>
 #include <memory>
+#include <ostream>
 #include <string>
 #include <vector>
 
@@ -52,6 +53,7 @@
 
 // For the THREAD_SIGNAL definition.
 #include "BacktraceCurrent.h"
+#include "backtrace_testlib.h"
 #include "thread_utils.h"
 
 // Number of microseconds per milliseconds.
@@ -80,13 +82,6 @@
   int32_t done;
 };
 
-extern "C" {
-// Prototypes for functions in the test library.
-int test_level_one(int, int, int, int, void (*)(void*), void*);
-
-int test_recursive_call(int, void (*)(void*), void*);
-}
-
 static uint64_t NanoTime() {
   struct timespec t = { 0, 0 };
   clock_gettime(CLOCK_MONOTONIC, &t);
@@ -1602,6 +1597,150 @@
   munmap(device_map, DEVICE_MAP_SIZE);
 }
 
+class ScopedSignalHandler {
+ public:
+  ScopedSignalHandler(int signal_number, void (*handler)(int)) : signal_number_(signal_number) {
+    memset(&action_, 0, sizeof(action_));
+    action_.sa_handler = handler;
+    sigaction(signal_number_, &action_, &old_action_);
+  }
+
+  ScopedSignalHandler(int signal_number, void (*action)(int, siginfo_t*, void*))
+      : signal_number_(signal_number) {
+    memset(&action_, 0, sizeof(action_));
+    action_.sa_flags = SA_SIGINFO;
+    action_.sa_sigaction = action;
+    sigaction(signal_number_, &action_, &old_action_);
+  }
+
+  ~ScopedSignalHandler() { sigaction(signal_number_, &old_action_, nullptr); }
+
+ private:
+  struct sigaction action_;
+  struct sigaction old_action_;
+  const int signal_number_;
+};
+
+static void SetValueAndLoop(void* data) {
+  volatile int* value = reinterpret_cast<volatile int*>(data);
+
+  *value = 1;
+  for (volatile int i = 0;; i++)
+    ;
+}
+
+static void UnwindThroughSignal(bool use_action) {
+  volatile int value = 0;
+  pid_t pid;
+  if ((pid = fork()) == 0) {
+    if (use_action) {
+      ScopedSignalHandler ssh(SIGUSR1, test_signal_action);
+
+      test_level_one(1, 2, 3, 4, SetValueAndLoop, const_cast<int*>(&value));
+    } else {
+      ScopedSignalHandler ssh(SIGUSR1, test_signal_handler);
+
+      test_level_one(1, 2, 3, 4, SetValueAndLoop, const_cast<int*>(&value));
+    }
+  }
+  ASSERT_NE(-1, pid);
+
+  int read_value = 0;
+  uint64_t start = NanoTime();
+  while (read_value == 0) {
+    usleep(1000);
+
+    // Loop until the remote function gets into the final function.
+    ASSERT_TRUE(ptrace(PTRACE_ATTACH, pid, 0, 0) == 0);
+
+    WaitForStop(pid);
+
+    std::unique_ptr<Backtrace> backtrace(Backtrace::Create(pid, pid));
+
+    size_t bytes_read = backtrace->Read(reinterpret_cast<uintptr_t>(const_cast<int*>(&value)),
+                                        reinterpret_cast<uint8_t*>(&read_value), sizeof(read_value));
+    ASSERT_EQ(sizeof(read_value), bytes_read);
+
+    ASSERT_TRUE(ptrace(PTRACE_DETACH, pid, 0, 0) == 0);
+
+    ASSERT_TRUE(NanoTime() - start < 5 * NS_PER_SEC)
+        << "Remote process did not execute far enough in 5 seconds.";
+  }
+
+  // Now need to send a signal to the remote process.
+  kill(pid, SIGUSR1);
+
+  // Wait for the process to get to the signal handler loop.
+  Backtrace::const_iterator frame_iter;
+  start = NanoTime();
+  std::unique_ptr<Backtrace> backtrace;
+  while (true) {
+    usleep(1000);
+
+    ASSERT_TRUE(ptrace(PTRACE_ATTACH, pid, 0, 0) == 0);
+
+    WaitForStop(pid);
+
+    backtrace.reset(Backtrace::Create(pid, pid));
+    ASSERT_TRUE(backtrace->Unwind(0));
+    bool found = false;
+    for (frame_iter = backtrace->begin(); frame_iter != backtrace->end(); ++frame_iter) {
+      if (frame_iter->func_name == "test_loop_forever") {
+        ++frame_iter;
+        found = true;
+        break;
+      }
+    }
+    if (found) {
+      break;
+    }
+
+    ASSERT_TRUE(ptrace(PTRACE_DETACH, pid, 0, 0) == 0);
+
+    ASSERT_TRUE(NanoTime() - start < 5 * NS_PER_SEC)
+        << "Remote process did not get in signal handler in 5 seconds." << std::endl
+        << DumpFrames(backtrace.get());
+  }
+
+  std::vector<std::string> names;
+  // Loop through the frames, and save the function names.
+  size_t frame = 0;
+  for (; frame_iter != backtrace->end(); ++frame_iter) {
+    if (frame_iter->func_name == "test_level_four") {
+      frame = names.size() + 1;
+    }
+    names.push_back(frame_iter->func_name);
+  }
+  ASSERT_NE(0U, frame) << "Unable to find test_level_four in backtrace" << std::endl
+                       << DumpFrames(backtrace.get());
+
+  // The expected order of the frames:
+  //   test_loop_forever
+  //   test_signal_handler|test_signal_action
+  //   <OPTIONAL_FRAME> May or may not exist.
+  //   SetValueAndLoop (but the function name might be empty)
+  //   test_level_four
+  //   test_level_three
+  //   test_level_two
+  //   test_level_one
+  ASSERT_LE(frame + 2, names.size()) << DumpFrames(backtrace.get());
+  ASSERT_LE(2U, frame) << DumpFrames(backtrace.get());
+  if (use_action) {
+    ASSERT_EQ("test_signal_action", names[0]) << DumpFrames(backtrace.get());
+  } else {
+    ASSERT_EQ("test_signal_handler", names[0]) << DumpFrames(backtrace.get());
+  }
+  ASSERT_EQ("test_level_three", names[frame]) << DumpFrames(backtrace.get());
+  ASSERT_EQ("test_level_two", names[frame + 1]) << DumpFrames(backtrace.get());
+  ASSERT_EQ("test_level_one", names[frame + 2]) << DumpFrames(backtrace.get());
+
+  FinishRemoteProcess(pid);
+}
+
+TEST(libbacktrace, unwind_remote_through_signal_using_handler) { UnwindThroughSignal(false); }
+
+TEST(libbacktrace, unwind_remote_through_signal_using_action) { UnwindThroughSignal(true); }
+
 #if defined(ENABLE_PSS_TESTS)
 #include "GetPss.h"
 
diff --git a/libbacktrace/backtrace_testlib.c b/libbacktrace/backtrace_testlib.cpp
similarity index 61%
rename from libbacktrace/backtrace_testlib.c
rename to libbacktrace/backtrace_testlib.cpp
index 6f6b535..3081d64 100644
--- a/libbacktrace/backtrace_testlib.c
+++ b/libbacktrace/backtrace_testlib.cpp
@@ -15,32 +15,42 @@
  */
 
 #include <libunwind.h>
+#include <signal.h>
 #include <stdio.h>
 
-int test_level_four(int one, int two, int three, int four,
-                    void (*callback_func)(void*), void* data) {
+#include "backtrace_testlib.h"
+
+void test_loop_forever() {
+  while (1)
+    ;
+}
+
+void test_signal_handler(int) { test_loop_forever(); }
+
+void test_signal_action(int, siginfo_t*, void*) { test_loop_forever(); }
+
+int test_level_four(int one, int two, int three, int four, void (*callback_func)(void*),
+                    void* data) {
   if (callback_func != NULL) {
     callback_func(data);
   } else {
-    while (1) {
-    }
+    while (1)
+      ;
   }
   return one + two + three + four;
 }
 
-int test_level_three(int one, int two, int three, int four,
-                     void (*callback_func)(void*), void* data) {
-  return test_level_four(one+3, two+6, three+9, four+12, callback_func, data) + 3;
+int test_level_three(int one, int two, int three, int four, void (*callback_func)(void*),
+                     void* data) {
+  return test_level_four(one + 3, two + 6, three + 9, four + 12, callback_func, data) + 3;
 }
 
-int test_level_two(int one, int two, int three, int four,
-                   void (*callback_func)(void*), void* data) {
-  return test_level_three(one+2, two+4, three+6, four+8, callback_func, data) + 2;
+int test_level_two(int one, int two, int three, int four, void (*callback_func)(void*), void* data) {
+  return test_level_three(one + 2, two + 4, three + 6, four + 8, callback_func, data) + 2;
 }
 
-int test_level_one(int one, int two, int three, int four,
-                   void (*callback_func)(void*), void* data) {
-  return test_level_two(one+1, two+2, three+3, four+4, callback_func, data) + 1;
+int test_level_one(int one, int two, int three, int four, void (*callback_func)(void*), void* data) {
+  return test_level_two(one + 1, two + 2, three + 3, four + 4, callback_func, data) + 1;
 }
 
 int test_recursive_call(int level, void (*callback_func)(void*), void* data) {
diff --git a/libbacktrace/backtrace_testlib.h b/libbacktrace/backtrace_testlib.h
new file mode 100644
index 0000000..16fedc4
--- /dev/null
+++ b/libbacktrace/backtrace_testlib.h
@@ -0,0 +1,38 @@
+/*
+ * Copyright (C) 2017 The Android Open Source Project
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *      http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+#ifndef _LIBBACKTRACE_BACKTRACE_TESTLIB_H
+#define _LIBBACKTRACE_BACKTRACE_TESTLIB_H
+
+#include <sys/cdefs.h>
+
+#include <libunwind.h>
+
+__BEGIN_DECLS
+
+void test_loop_forever();
+void test_signal_handler(int);
+void test_signal_action(int, siginfo_t*, void*);
+int test_level_four(int, int, int, int, void (*)(void*), void*);
+int test_level_three(int, int, int, int, void (*)(void*), void*);
+int test_level_two(int, int, int, int, void (*)(void*), void*);
+int test_level_one(int, int, int, int, void (*)(void*), void*);
+int test_recursive_call(int, void (*)(void*), void*);
+void test_get_context_and_wait(unw_context_t*, volatile int*);
+
+__END_DECLS
+
+#endif  // _LIBBACKTRACE_BACKTRACE_TESTLIB_H
diff --git a/libcutils/fs_config.c b/libcutils/fs_config.c
index f833af6..6a57a41 100644
--- a/libcutils/fs_config.c
+++ b/libcutils/fs_config.c
@@ -167,6 +167,7 @@
     { 00555, AID_ROOT,      AID_ROOT,      0, "system/etc/ppp/*" },
     { 00555, AID_ROOT,      AID_ROOT,      0, "system/etc/rc.*" },
     { 00440, AID_ROOT,      AID_ROOT,      0, "system/etc/recovery.img" },
+    { 00440, AID_RADIO,     AID_ROOT,      0, "system/etc/xtables.lock" },
     { 00600, AID_ROOT,      AID_ROOT,      0, "vendor/build.prop" },
     { 00600, AID_ROOT,      AID_ROOT,      0, "vendor/default.prop" },
     { 00444, AID_ROOT,      AID_ROOT,      0, ven_conf_dir + 1 },
diff --git a/libutils/include/utils/Compat.h b/libutils/include/utils/Compat.h
index 2709e3b..dee577e 100644
--- a/libutils/include/utils/Compat.h
+++ b/libutils/include/utils/Compat.h
@@ -37,6 +37,10 @@
     return pwrite(fd, buf, nbytes, offset);
 }
 
+static inline int ftruncate64(int fd, off64_t length) {
+    return ftruncate(fd, length);
+}
+
 #endif /* __APPLE__ */
 
 #if defined(_WIN32)
diff --git a/libziparchive/zip_writer.cc b/libziparchive/zip_writer.cc
index ddd4dd5..7600528 100644
--- a/libziparchive/zip_writer.cc
+++ b/libziparchive/zip_writer.cc
@@ -25,6 +25,7 @@
 #include <vector>
 
 #include "android-base/logging.h"
+#include "utils/Compat.h"
 #include "utils/Log.h"
 
 #include "entry_name_utils-inl.h"
diff --git a/libziparchive/zip_writer_test.cc b/libziparchive/zip_writer_test.cc
index 259bcff..30f4950 100644
--- a/libziparchive/zip_writer_test.cc
+++ b/libziparchive/zip_writer_test.cc
@@ -377,7 +377,7 @@
   ASSERT_EQ(0, writer.WriteBytes(data.data(), data.size()));
   ASSERT_EQ(0, writer.FinishEntry());
 
-  off64_t before_len = ftello64(file_);
+  off_t before_len = ftello(file_);
 
   ZipWriter::FileEntry entry;
   ASSERT_EQ(0, writer.GetLastEntry(&entry));
@@ -385,7 +385,7 @@
 
   ASSERT_EQ(0, writer.Finish());
 
-  off64_t after_len = ftello64(file_);
+  off_t after_len = ftello(file_);
 
   ASSERT_GT(before_len, after_len);
 }
diff --git a/rootdir/etc/ld.config.txt b/rootdir/etc/ld.config.txt
new file mode 100644
index 0000000..e3468ca
--- /dev/null
+++ b/rootdir/etc/ld.config.txt
@@ -0,0 +1,47 @@
+# Copyright (C) 2017 The Android Open Source Project
+#
+# Bionic loader config file.
+#
+
+#dir.vendor=/vendor/bin/
+#dir.system=/system/bin/
+
+[vendor]
+
+# When this flag is set to true linker will
+# set target_sdk_version for this binary to
+# the version specified in <dirname>/.version
+# file, where <dirname> = dirname(executable_path)
+#
+# default value is false
+enable.target.sdk.version = true
+
+# There is always the default namespace no
+# need to mention it in this list
+additional.namespaces=system
+
+# Is the namespace isolated
+namespace.default.isolated = true
+namespace.default.search.paths = /vendor/${LIB}
+
+# TODO: property for asan search path?
+namespace.default.permitted.paths = /vendor/${LIB}
+namespace.default.asan.permitted.paths = /data/vendor/${LIB}
+namespace.default.links = system
+
+# Todo complete this list
+namespace.default.link.system.shared_libs = libc.so:libm.so:libdl.so:libstdc++.so
+
+namespace.system.isolated = true
+namespace.system.search.paths = /system/${LIB}:/system/${LIB}/framework
+namespace.system.permitted.paths = /system/${LIB}
+
+[system]
+namespace.default.isolated = true
+namespace.default.search.paths = /system/${LIB}
+namespace.default.permitted.paths = /system/${LIB}
+
+# app_process will setup additional vendor namespace manually.
+# Note that zygote will need vendor namespace to setup list of public
+# libraries provided by vendors to apps.
+
diff --git a/rootdir/init.rc b/rootdir/init.rc
index ad5647b..7091ab9 100644
--- a/rootdir/init.rc
+++ b/rootdir/init.rc
@@ -299,6 +299,8 @@
 
 on post-fs
     start logd
+    start hwservicemanager
+
     # once everything is setup, no need to modify /
     mount rootfs rootfs / ro remount
     # Mount shared so changes propagate into child namespaces
@@ -346,9 +348,6 @@
     # create the lost+found directories, so as to enforce our permissions
     mkdir /cache/lost+found 0770 root root
 
-on late-fs
-    start hwservicemanager
-
 on post-fs-data
     # We chown/chmod /data again so because mount is run as root + defaults
     chown system system /data