[automerger skipped] Merge "libdm: Redact keys from dm-crypt targets when calling GetTable." into sc-qpr1-dev am: 3b92281e2f -s ours am: 6fe136b92b -s ours am: 186d0d0fec -s ours
am skip reason: Merged-In I40b9a0129e58b1a0f116ca29f0ee66f91a27a73d with SHA-1 c434d801d6 is already in history
Original change: https://googleplex-android-review.googlesource.com/c/platform/system/core/+/30087167
Change-Id: I6da9d883b54b4b0a73c573d17be896b2327df5b4
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
diff --git a/fastboot/fastboot.bash b/fastboot/fastboot.bash
index e9bf9e9..911071a 100644
--- a/fastboot/fastboot.bash
+++ b/fastboot/fastboot.bash
@@ -109,7 +109,7 @@
cur="${COMP_WORDS[COMP_CWORD]}"
if [[ $i -eq $COMP_CWORD ]]; then
- partitions="boot bootloader dtbo init_boot modem odm odm_dlkm oem product pvmfw radio recovery system system_dlkm vbmeta vendor vendor_dlkm"
+ partitions="boot bootloader dtbo init_boot modem odm odm_dlkm oem product pvmfw radio recovery system system_dlkm vbmeta vendor vendor_dlkm vendor_kernel_boot"
COMPREPLY=( $(compgen -W "$partitions" -- $cur) )
else
_fastboot_util_complete_local_file "${cur}" '!*.img'
diff --git a/fastboot/fastboot.cpp b/fastboot/fastboot.cpp
index 39d86f9..79c3ac7 100644
--- a/fastboot/fastboot.cpp
+++ b/fastboot/fastboot.cpp
@@ -186,6 +186,11 @@
"vendor_dlkm.img", "vendor_dlkm.sig",
"vendor_dlkm",
true, ImageType::Normal },
+ { "vendor_kernel_boot",
+ "vendor_kernel_boot.img",
+ "vendor_kernel_boot.sig",
+ "vendor_kernel_boot",
+ true, ImageType::BootCritical },
{ nullptr, "vendor_other.img", "vendor.sig", "vendor", true, ImageType::Normal },
// clang-format on
};
diff --git a/fs_mgr/libdm/dm_test.cpp b/fs_mgr/libdm/dm_test.cpp
index f4c9784..541f254 100644
--- a/fs_mgr/libdm/dm_test.cpp
+++ b/fs_mgr/libdm/dm_test.cpp
@@ -690,32 +690,3 @@
// Empty device should be in suspended state.
ASSERT_EQ(DmDeviceState::SUSPENDED, dm.GetState("empty-device"));
}
-
-TEST(libdm, RedactDmCrypt) {
- static constexpr uint64_t kImageSize = 65536;
- static constexpr const char* kTestName = "RedactDmCrypt";
- unique_fd temp_file(CreateTempFile("file_1", kImageSize));
- ASSERT_GE(temp_file, 0);
-
- LoopDevice loop(temp_file, 10s);
- ASSERT_TRUE(loop.valid());
-
- static constexpr const char* kAlgorithm = "aes-cbc-essiv:sha256";
- static constexpr const char* kKey = "0e64ef514e6a1315b1f6390cb57c9e6a";
-
- auto target = std::make_unique<DmTargetCrypt>(0, kImageSize / 512, kAlgorithm, kKey, 0,
- loop.device(), 0);
- target->AllowDiscards();
-
- DmTable table;
- table.AddTarget(std::move(target));
-
- auto& dm = DeviceMapper::Instance();
- std::string crypt_path;
- ASSERT_TRUE(dm.CreateDevice(kTestName, table, &crypt_path, 10s));
-
- std::vector<DeviceMapper::TargetInfo> targets;
- ASSERT_TRUE(dm.GetTableInfo(kTestName, &targets));
- ASSERT_EQ(targets.size(), 1);
- EXPECT_EQ(targets[0].data.find(kKey), std::string::npos);
-}
diff --git a/rootdir/init.rc b/rootdir/init.rc
index cd71aa8..870a97b 100644
--- a/rootdir/init.rc
+++ b/rootdir/init.rc
@@ -823,7 +823,6 @@
mkdir /data/misc/odsign 0710 root system
# directory used for odsign metrics
mkdir /data/misc/odsign/metrics 0770 root system
-
# Directory for VirtualizationService temporary image files.
# Delete any stale files owned by the old virtualizationservice uid (b/230056726).
chmod 0770 /data/misc/virtualizationservice
@@ -1030,8 +1029,7 @@
exec_start update_verifier_nonencrypted
start statsd
start netd
- start zygote
- start zygote_secondary
+ trigger zygote-run
on zygote-start && property:ro.crypto.state=unsupported
wait_for_prop odsign.verification.done 1
@@ -1039,8 +1037,7 @@
exec_start update_verifier_nonencrypted
start statsd
start netd
- start zygote
- start zygote_secondary
+ trigger zygote-run
on zygote-start && property:ro.crypto.state=encrypted && property:ro.crypto.type=file
wait_for_prop odsign.verification.done 1
@@ -1048,6 +1045,15 @@
exec_start update_verifier_nonencrypted
start statsd
start netd
+ trigger zygote-run
+
+on zygote-run && property:ro.zygote=zygote32
+ start zygote
+
+on zygote-run && property:ro.zygote=zygote64
+ start zygote
+
+on zygote-run && property:ro.zygote=zygote64_32
start zygote
start zygote_secondary
diff --git a/rootdir/init.zygote64_32.rc b/rootdir/init.zygote64_32.rc
index efb30d6..dfe1645 100644
--- a/rootdir/init.zygote64_32.rc
+++ b/rootdir/init.zygote64_32.rc
@@ -25,3 +25,4 @@
socket usap_pool_secondary stream 660 root system
onrestart restart zygote
task_profiles ProcessCapacityHigh MaxPerformance
+ disabled
diff --git a/trusty/storage/interface/include/trusty/interface/storage.h b/trusty/storage/interface/include/trusty/interface/storage.h
index 3f1dcb8..255ade1 100644
--- a/trusty/storage/interface/include/trusty/interface/storage.h
+++ b/trusty/storage/interface/include/trusty/interface/storage.h
@@ -70,6 +70,9 @@
* @STORAGE_ERR_TRANSACT returned by various operations to indicate that current transaction
* is in error state. Such state could be only cleared by sending
* STORAGE_END_TRANSACTION message.
+ * @STORAGE_ERR_SYNC_FAILURE indicates that the current operation failed to sync
+ * to disk. Only returned if STORAGE_MSG_FLAG_PRE_COMMIT or
+ * STORAGE_MSG_FLAG_POST_COMMIT was set for the request.
*/
enum storage_err {
STORAGE_NO_ERROR = 0,
@@ -80,6 +83,7 @@
STORAGE_ERR_NOT_FOUND = 5,
STORAGE_ERR_EXIST = 6,
STORAGE_ERR_TRANSACT = 7,
+ STORAGE_ERR_SYNC_FAILURE = 8,
};
/**
diff --git a/trusty/storage/proxy/proxy.c b/trusty/storage/proxy/proxy.c
index 2620034..f015892 100644
--- a/trusty/storage/proxy/proxy.c
+++ b/trusty/storage/proxy/proxy.c
@@ -116,10 +116,11 @@
static int handle_req(struct storage_msg* msg, const void* req, size_t req_len) {
int rc;
- if ((msg->flags & STORAGE_MSG_FLAG_POST_COMMIT) && (msg->cmd != STORAGE_RPMB_SEND)) {
+ if ((msg->flags & STORAGE_MSG_FLAG_POST_COMMIT) && msg->cmd != STORAGE_RPMB_SEND &&
+ msg->cmd != STORAGE_FILE_WRITE) {
/*
- * handling post commit messages on non rpmb commands are not
- * implemented as there is no use case for this yet.
+ * handling post commit messages on commands other than rpmb and write
+ * operations are not implemented as there is no use case for this yet.
*/
ALOGE("cmd 0x%x: post commit option is not implemented\n", msg->cmd);
msg->result = STORAGE_ERR_UNIMPLEMENTED;
@@ -129,7 +130,7 @@
if (msg->flags & STORAGE_MSG_FLAG_PRE_COMMIT) {
rc = storage_sync_checkpoint();
if (rc < 0) {
- msg->result = STORAGE_ERR_GENERIC;
+ msg->result = STORAGE_ERR_SYNC_FAILURE;
return ipc_respond(msg, NULL, 0);
}
}
diff --git a/trusty/storage/proxy/storage.c b/trusty/storage/proxy/storage.c
index c00c399..c531cfd 100644
--- a/trusty/storage/proxy/storage.c
+++ b/trusty/storage/proxy/storage.c
@@ -407,6 +407,14 @@
goto err_response;
}
+ if (msg->flags & STORAGE_MSG_FLAG_POST_COMMIT) {
+ rc = storage_sync_checkpoint();
+ if (rc < 0) {
+ msg->result = STORAGE_ERR_SYNC_FAILURE;
+ goto err_response;
+ }
+ }
+
msg->result = STORAGE_NO_ERROR;
err_response: