Merge "Add erofs to supported fs type"
diff --git a/init/README.ueventd.md b/init/README.ueventd.md
index 4363f3c..2a76620 100644
--- a/init/README.ueventd.md
+++ b/init/README.ueventd.md
@@ -13,6 +13,16 @@
uevent_socket_rcvbuf_size 16M
Sets the uevent socket rcvbuf_size to 16 megabytes.
+## Importing configuration files
+--------------------------------
+Ueventd reads /system/etc/ueventd.rc, all other files are imported via the `import` command, which
+takes the format of
+
+ import <path>
+This command parses an ueventd config file, extending the current configuration. If _path_ is a
+directory, each file in the directory is parsed as a config file. It is not recursive, nested
+directories will not be parsed. Imported files are parsed after the current file has been parsed.
+
## /dev
----
Ueventd listens to the kernel uevent sockets and creates/deletes nodes in `/dev` based on the
@@ -32,7 +42,7 @@
The permissions can be modified using a ueventd.rc script and a line that beings with `/dev`. These
lines take the format of
- devname mode uid gid
+ devname mode uid gid [options]
For example
/dev/null 0666 root root
@@ -70,7 +80,7 @@
certain files in `/sys` when matching uevents are generated. This is done using a ueventd.rc script
and a line that begins with `/sys`. These lines take the format of
- nodename attr mode uid gid
+ nodename attr mode uid gid [options]
For example
/sys/devices/system/cpu/cpu* cpufreq/scaling_max_freq 0664 system system
@@ -78,7 +88,15 @@
attribute, `cpufreq/scaling_max_freq`, will have its mode set to `0664`, its user to to `system` and
its group set to `system`.
-Note that `*` matches as a wildcard and can be used anywhere in a path.
+## Path matching
+----------------
+The path for a `/dev` or `/sys` entry can contain a `*` anywhere in the path.
+1. If the only `*` appears at the end of the string or if the _options_ parameter is set to
+`no_fnm_pathname`, ueventd matches the entry by `fnmatch(entry_path, incoming_path, 0)`
+2. Otherwise, ueventd matches the entry by `fnmatch(entry_path, incoming_path, FNM_PATHNAME)`
+
+See the [man page for fnmatch](https://www.man7.org/linux/man-pages/man3/fnmatch.3.html) for more
+details.
## Firmware loading
----------------
diff --git a/init/devices.cpp b/init/devices.cpp
index 5888c06..ce6298a 100644
--- a/init/devices.cpp
+++ b/init/devices.cpp
@@ -124,8 +124,15 @@
return true;
}
-Permissions::Permissions(const std::string& name, mode_t perm, uid_t uid, gid_t gid)
- : name_(name), perm_(perm), uid_(uid), gid_(gid), prefix_(false), wildcard_(false) {
+Permissions::Permissions(const std::string& name, mode_t perm, uid_t uid, gid_t gid,
+ bool no_fnm_pathname)
+ : name_(name),
+ perm_(perm),
+ uid_(uid),
+ gid_(gid),
+ prefix_(false),
+ wildcard_(false),
+ no_fnm_pathname_(no_fnm_pathname) {
// Set 'prefix_' or 'wildcard_' based on the below cases:
//
// 1) No '*' in 'name' -> Neither are set and Match() checks a given path for strict
@@ -136,7 +143,6 @@
//
// 3) '*' appears elsewhere -> 'wildcard_' is set to true and Match() uses fnmatch()
// with FNM_PATHNAME to compare 'name' to a given path.
-
auto wildcard_position = name_.find('*');
if (wildcard_position != std::string::npos) {
if (wildcard_position == name_.length() - 1) {
@@ -150,7 +156,8 @@
bool Permissions::Match(const std::string& path) const {
if (prefix_) return StartsWith(path, name_);
- if (wildcard_) return fnmatch(name_.c_str(), path.c_str(), FNM_PATHNAME) == 0;
+ if (wildcard_)
+ return fnmatch(name_.c_str(), path.c_str(), no_fnm_pathname_ ? 0 : FNM_PATHNAME) == 0;
return path == name_;
}
@@ -461,9 +468,10 @@
}
void DeviceHandler::HandleUevent(const Uevent& uevent) {
- if (uevent.action == "add" || uevent.action == "change" || uevent.action == "online") {
- FixupSysPermissions(uevent.path, uevent.subsystem);
- }
+ if (uevent.action == "add" || uevent.action == "change" ||
+ uevent.action == "bind" || uevent.action == "online") {
+ FixupSysPermissions(uevent.path, uevent.subsystem);
+ }
// if it's not a /dev device, nothing to do
if (uevent.major < 0 || uevent.minor < 0) return;
diff --git a/init/devices.h b/init/devices.h
index 05d64da..d70d746 100644
--- a/init/devices.h
+++ b/init/devices.h
@@ -38,7 +38,7 @@
public:
friend void TestPermissions(const Permissions& expected, const Permissions& test);
- Permissions(const std::string& name, mode_t perm, uid_t uid, gid_t gid);
+ Permissions(const std::string& name, mode_t perm, uid_t uid, gid_t gid, bool no_fnm_pathname);
bool Match(const std::string& path) const;
@@ -56,6 +56,7 @@
gid_t gid_;
bool prefix_;
bool wildcard_;
+ bool no_fnm_pathname_;
};
class SysfsPermissions : public Permissions {
@@ -63,8 +64,8 @@
friend void TestSysfsPermissions(const SysfsPermissions& expected, const SysfsPermissions& test);
SysfsPermissions(const std::string& name, const std::string& attribute, mode_t perm, uid_t uid,
- gid_t gid)
- : Permissions(name, perm, uid, gid), attribute_(attribute) {}
+ gid_t gid, bool no_fnm_pathname)
+ : Permissions(name, perm, uid, gid, no_fnm_pathname), attribute_(attribute) {}
bool MatchWithSubsystem(const std::string& path, const std::string& subsystem) const;
void SetPermissions(const std::string& path) const;
diff --git a/init/devices_test.cpp b/init/devices_test.cpp
index c408bc1..e7bac68 100644
--- a/init/devices_test.cpp
+++ b/init/devices_test.cpp
@@ -221,7 +221,7 @@
TEST(device_handler, DevPermissionsMatchNormal) {
// Basic from ueventd.rc
// /dev/null 0666 root root
- Permissions permissions("/dev/null", 0666, 0, 0);
+ Permissions permissions("/dev/null", 0666, 0, 0, false);
EXPECT_TRUE(permissions.Match("/dev/null"));
EXPECT_FALSE(permissions.Match("/dev/nullsuffix"));
EXPECT_FALSE(permissions.Match("/dev/nul"));
@@ -233,7 +233,7 @@
TEST(device_handler, DevPermissionsMatchPrefix) {
// Prefix from ueventd.rc
// /dev/dri/* 0666 root graphics
- Permissions permissions("/dev/dri/*", 0666, 0, 1000);
+ Permissions permissions("/dev/dri/*", 0666, 0, 1000, false);
EXPECT_TRUE(permissions.Match("/dev/dri/some_dri_device"));
EXPECT_TRUE(permissions.Match("/dev/dri/some_other_dri_device"));
EXPECT_TRUE(permissions.Match("/dev/dri/"));
@@ -246,7 +246,7 @@
TEST(device_handler, DevPermissionsMatchWildcard) {
// Wildcard example
// /dev/device*name 0666 root graphics
- Permissions permissions("/dev/device*name", 0666, 0, 1000);
+ Permissions permissions("/dev/device*name", 0666, 0, 1000, false);
EXPECT_TRUE(permissions.Match("/dev/devicename"));
EXPECT_TRUE(permissions.Match("/dev/device123name"));
EXPECT_TRUE(permissions.Match("/dev/deviceabcname"));
@@ -260,13 +260,31 @@
TEST(device_handler, DevPermissionsMatchWildcardPrefix) {
// Wildcard+Prefix example
// /dev/device*name* 0666 root graphics
- Permissions permissions("/dev/device*name*", 0666, 0, 1000);
+ Permissions permissions("/dev/device*name*", 0666, 0, 1000, false);
EXPECT_TRUE(permissions.Match("/dev/devicename"));
EXPECT_TRUE(permissions.Match("/dev/device123name"));
EXPECT_TRUE(permissions.Match("/dev/deviceabcname"));
EXPECT_TRUE(permissions.Match("/dev/device123namesomething"));
// FNM_PATHNAME doesn't match '/' with *
EXPECT_FALSE(permissions.Match("/dev/device123name/something"));
+ EXPECT_FALSE(permissions.Match("/dev/device/1/2/3name/something"));
+ EXPECT_FALSE(permissions.Match("/dev/deviceame"));
+ EXPECT_EQ(0666U, permissions.perm());
+ EXPECT_EQ(0U, permissions.uid());
+ EXPECT_EQ(1000U, permissions.gid());
+}
+
+TEST(device_handler, DevPermissionsMatchWildcardPrefix_NoFnmPathName) {
+ // Wildcard+Prefix example with no_fnm_pathname
+ // /dev/device*name* 0666 root graphics
+ Permissions permissions("/dev/device*name*", 0666, 0, 1000, true);
+ EXPECT_TRUE(permissions.Match("/dev/devicename"));
+ EXPECT_TRUE(permissions.Match("/dev/device123name"));
+ EXPECT_TRUE(permissions.Match("/dev/deviceabcname"));
+ EXPECT_TRUE(permissions.Match("/dev/device123namesomething"));
+ // With NoFnmPathName, the below matches, unlike DevPermissionsMatchWildcardPrefix.
+ EXPECT_TRUE(permissions.Match("/dev/device123name/something"));
+ EXPECT_TRUE(permissions.Match("/dev/device/1/2/3name/something"));
EXPECT_FALSE(permissions.Match("/dev/deviceame"));
EXPECT_EQ(0666U, permissions.perm());
EXPECT_EQ(0U, permissions.uid());
@@ -275,7 +293,8 @@
TEST(device_handler, SysfsPermissionsMatchWithSubsystemNormal) {
// /sys/devices/virtual/input/input* enable 0660 root input
- SysfsPermissions permissions("/sys/devices/virtual/input/input*", "enable", 0660, 0, 1001);
+ SysfsPermissions permissions("/sys/devices/virtual/input/input*", "enable", 0660, 0, 1001,
+ false);
EXPECT_TRUE(permissions.MatchWithSubsystem("/sys/devices/virtual/input/input0", "input"));
EXPECT_FALSE(permissions.MatchWithSubsystem("/sys/devices/virtual/input/not_input0", "input"));
EXPECT_EQ(0660U, permissions.perm());
@@ -285,7 +304,7 @@
TEST(device_handler, SysfsPermissionsMatchWithSubsystemClass) {
// /sys/class/input/event* enable 0660 root input
- SysfsPermissions permissions("/sys/class/input/event*", "enable", 0660, 0, 1001);
+ SysfsPermissions permissions("/sys/class/input/event*", "enable", 0660, 0, 1001, false);
EXPECT_TRUE(permissions.MatchWithSubsystem(
"/sys/devices/soc.0/f9924000.i2c/i2c-2/2-0020/input/input0/event0", "input"));
EXPECT_FALSE(permissions.MatchWithSubsystem(
@@ -299,7 +318,7 @@
TEST(device_handler, SysfsPermissionsMatchWithSubsystemBus) {
// /sys/bus/i2c/devices/i2c-* enable 0660 root input
- SysfsPermissions permissions("/sys/bus/i2c/devices/i2c-*", "enable", 0660, 0, 1001);
+ SysfsPermissions permissions("/sys/bus/i2c/devices/i2c-*", "enable", 0660, 0, 1001, false);
EXPECT_TRUE(permissions.MatchWithSubsystem("/sys/devices/soc.0/f9967000.i2c/i2c-5", "i2c"));
EXPECT_FALSE(permissions.MatchWithSubsystem("/sys/devices/soc.0/f9967000.i2c/not-i2c", "i2c"));
EXPECT_FALSE(
diff --git a/init/service.cpp b/init/service.cpp
index 766eb5d..d84dcd4 100644
--- a/init/service.cpp
+++ b/init/service.cpp
@@ -72,12 +72,12 @@
if (getcon(&raw_con) == -1) {
return Error() << "Could not get security context";
}
- std::unique_ptr<char> mycon(raw_con);
+ std::unique_ptr<char, decltype(&freecon)> mycon(raw_con, freecon);
if (getfilecon(service_path.c_str(), &raw_filecon) == -1) {
return Error() << "Could not get file context";
}
- std::unique_ptr<char> filecon(raw_filecon);
+ std::unique_ptr<char, decltype(&freecon)> filecon(raw_filecon, freecon);
char* new_con = nullptr;
int rc = security_compute_create(mycon.get(), filecon.get(),
diff --git a/init/ueventd.cpp b/init/ueventd.cpp
index 54659c5..923d769 100644
--- a/init/ueventd.cpp
+++ b/init/ueventd.cpp
@@ -283,12 +283,7 @@
std::vector<std::unique_ptr<UeventHandler>> uevent_handlers;
- // Keep the current product name base configuration so we remain backwards compatible and
- // allow it to override everything.
- auto hardware = android::base::GetProperty("ro.hardware", "");
-
- auto ueventd_configuration = ParseConfig({"/system/etc/ueventd.rc", "/vendor/ueventd.rc",
- "/odm/ueventd.rc", "/ueventd." + hardware + ".rc"});
+ auto ueventd_configuration = ParseConfig("/system/etc/ueventd.rc");
uevent_handlers.emplace_back(std::make_unique<DeviceHandler>(
std::move(ueventd_configuration.dev_permissions),
diff --git a/init/ueventd_parser.cpp b/init/ueventd_parser.cpp
index 09dce44..2605158 100644
--- a/init/ueventd_parser.cpp
+++ b/init/ueventd_parser.cpp
@@ -21,6 +21,7 @@
#include <android-base/parseint.h>
+#include "import_parser.h"
#include "keyword_map.h"
#include "parser.h"
@@ -33,12 +34,12 @@
std::vector<SysfsPermissions>* out_sysfs_permissions,
std::vector<Permissions>* out_dev_permissions) {
bool is_sysfs = out_sysfs_permissions != nullptr;
- if (is_sysfs && args.size() != 5) {
- return Error() << "/sys/ lines must have 5 entries";
+ if (is_sysfs && !(args.size() == 5 || args.size() == 6)) {
+ return Error() << "/sys/ lines must have 5 or 6 entries";
}
- if (!is_sysfs && args.size() != 4) {
- return Error() << "/dev/ lines must have 4 entries";
+ if (!is_sysfs && !(args.size() == 4 || args.size() == 5)) {
+ return Error() << "/dev/ lines must have 4 or 5 entries";
}
auto it = args.begin();
@@ -69,10 +70,19 @@
}
gid_t gid = grp->gr_gid;
+ bool no_fnm_pathname = false;
+ if (it != args.end()) {
+ std::string& flags = *it++;
+ if (flags != "no_fnm_pathname") {
+ return Error() << "invalid option '" << flags << "', only no_fnm_pathname is supported";
+ }
+ no_fnm_pathname = true;
+ }
+
if (is_sysfs) {
- out_sysfs_permissions->emplace_back(name, sysfs_attribute, perm, uid, gid);
+ out_sysfs_permissions->emplace_back(name, sysfs_attribute, perm, uid, gid, no_fnm_pathname);
} else {
- out_dev_permissions->emplace_back(name, perm, uid, gid);
+ out_dev_permissions->emplace_back(name, perm, uid, gid, no_fnm_pathname);
}
return {};
}
@@ -220,10 +230,11 @@
return {};
}
-UeventdConfiguration ParseConfig(const std::vector<std::string>& configs) {
+UeventdConfiguration ParseConfig(const std::string& config) {
Parser parser;
UeventdConfiguration ueventd_configuration;
+ parser.AddSectionParser("import", std::make_unique<ImportParser>(&parser));
parser.AddSectionParser("subsystem",
std::make_unique<SubsystemParser>(&ueventd_configuration.subsystems));
@@ -249,9 +260,7 @@
std::bind(ParseEnabledDisabledLine, _1,
&ueventd_configuration.enable_parallel_restorecon));
- for (const auto& config : configs) {
- parser.ParseConfig(config);
- }
+ parser.ParseConfig(config);
return ueventd_configuration;
}
diff --git a/init/ueventd_parser.h b/init/ueventd_parser.h
index eaafa5a..2672626 100644
--- a/init/ueventd_parser.h
+++ b/init/ueventd_parser.h
@@ -36,7 +36,7 @@
bool enable_parallel_restorecon = false;
};
-UeventdConfiguration ParseConfig(const std::vector<std::string>& configs);
+UeventdConfiguration ParseConfig(const std::string& config);
} // namespace init
} // namespace android
diff --git a/init/ueventd_parser_test.cpp b/init/ueventd_parser_test.cpp
index 172ba0b..b604c53 100644
--- a/init/ueventd_parser_test.cpp
+++ b/init/ueventd_parser_test.cpp
@@ -104,21 +104,21 @@
/dev/graphics/* 0660 root graphics
/dev/*/test 0660 root system
-/sys/devices/platform/trusty.* trusty_version 0440 root log
-/sys/devices/virtual/input/input enable 0660 root input
-/sys/devices/virtual/*/input poll_delay 0660 root input
+/sys/devices/platform/trusty.* trusty_version 0440 root log
+/sys/devices/virtual/input/input enable 0660 root input
+/sys/devices/virtual/*/input poll_delay 0660 root input no_fnm_pathname
)";
auto permissions = std::vector<Permissions>{
- {"/dev/rtc0", 0640, AID_SYSTEM, AID_SYSTEM},
- {"/dev/graphics/*", 0660, AID_ROOT, AID_GRAPHICS},
- {"/dev/*/test", 0660, AID_ROOT, AID_SYSTEM},
+ {"/dev/rtc0", 0640, AID_SYSTEM, AID_SYSTEM, false},
+ {"/dev/graphics/*", 0660, AID_ROOT, AID_GRAPHICS, false},
+ {"/dev/*/test", 0660, AID_ROOT, AID_SYSTEM, false},
};
auto sysfs_permissions = std::vector<SysfsPermissions>{
- {"/sys/devices/platform/trusty.*", "trusty_version", 0440, AID_ROOT, AID_LOG},
- {"/sys/devices/virtual/input/input", "enable", 0660, AID_ROOT, AID_INPUT},
- {"/sys/devices/virtual/*/input", "poll_delay", 0660, AID_ROOT, AID_INPUT},
+ {"/sys/devices/platform/trusty.*", "trusty_version", 0440, AID_ROOT, AID_LOG, false},
+ {"/sys/devices/virtual/input/input", "enable", 0660, AID_ROOT, AID_INPUT, false},
+ {"/sys/devices/virtual/*/input", "poll_delay", 0660, AID_ROOT, AID_INPUT, true},
};
TestUeventdFile(ueventd_file, {{}, sysfs_permissions, permissions, {}, {}});
@@ -240,7 +240,7 @@
dirname /dev/graphics
/dev/*/test 0660 root system
-/sys/devices/virtual/*/input poll_delay 0660 root input
+/sys/devices/virtual/*/input poll_delay 0660 root input no_fnm_pathname
firmware_directories /more
external_firmware_handler /devices/path/firmware/firmware001.bin root /vendor/bin/touch.sh
@@ -259,15 +259,15 @@
{"test_devpath_dirname", Subsystem::DEVNAME_UEVENT_DEVPATH, "/dev/graphics"}};
auto permissions = std::vector<Permissions>{
- {"/dev/rtc0", 0640, AID_SYSTEM, AID_SYSTEM},
- {"/dev/graphics/*", 0660, AID_ROOT, AID_GRAPHICS},
- {"/dev/*/test", 0660, AID_ROOT, AID_SYSTEM},
+ {"/dev/rtc0", 0640, AID_SYSTEM, AID_SYSTEM, false},
+ {"/dev/graphics/*", 0660, AID_ROOT, AID_GRAPHICS, false},
+ {"/dev/*/test", 0660, AID_ROOT, AID_SYSTEM, false},
};
auto sysfs_permissions = std::vector<SysfsPermissions>{
- {"/sys/devices/platform/trusty.*", "trusty_version", 0440, AID_ROOT, AID_LOG},
- {"/sys/devices/virtual/input/input", "enable", 0660, AID_ROOT, AID_INPUT},
- {"/sys/devices/virtual/*/input", "poll_delay", 0660, AID_ROOT, AID_INPUT},
+ {"/sys/devices/platform/trusty.*", "trusty_version", 0440, AID_ROOT, AID_LOG, false},
+ {"/sys/devices/virtual/input/input", "enable", 0660, AID_ROOT, AID_INPUT, false},
+ {"/sys/devices/virtual/*/input", "poll_delay", 0660, AID_ROOT, AID_INPUT, true},
};
auto firmware_directories = std::vector<std::string>{
@@ -299,6 +299,7 @@
/sys/devices/platform/trusty.* trusty_version badmode root log
/sys/devices/platform/trusty.* trusty_version 0440 baduidbad log
/sys/devices/platform/trusty.* trusty_version 0440 root baduidbad
+/sys/devices/platform/trusty.* trusty_version 0440 root root bad_option
uevent_socket_rcvbuf_size blah
diff --git a/libcutils/include/cutils/threads.h b/libcutils/include/cutils/threads.h
index ba4846e..bbbba6d 100644
--- a/libcutils/include/cutils/threads.h
+++ b/libcutils/include/cutils/threads.h
@@ -14,8 +14,7 @@
* limitations under the License.
*/
-#ifndef _LIBS_CUTILS_THREADS_H
-#define _LIBS_CUTILS_THREADS_H
+#pragma once
#include <sys/types.h>
@@ -29,16 +28,6 @@
extern "C" {
#endif
-//
-// Deprecated: use android::base::GetThreadId instead, which doesn't truncate on Mac/Windows.
-//
-
-extern pid_t gettid();
-
-//
-// Deprecated: use `_Thread_local` in C or `thread_local` in C++.
-//
-
#if !defined(_WIN32)
typedef struct {
@@ -49,29 +38,24 @@
#define THREAD_STORE_INITIALIZER { PTHREAD_MUTEX_INITIALIZER, 0, 0 }
-#else // !defined(_WIN32)
+#endif
-typedef struct {
- int lock_init;
- int has_tls;
- DWORD tls;
- CRITICAL_SECTION lock;
-} thread_store_t;
+//
+// Deprecated: use android::base::GetThreadId instead, which doesn't truncate on Mac/Windows.
+//
+extern pid_t gettid();
-#define THREAD_STORE_INITIALIZER { 0, 0, 0, {0, 0, 0, 0, 0, 0} }
-
-#endif // !defined(_WIN32)
-
-typedef void (*thread_store_destruct_t)(void* value);
-
-extern void* thread_store_get(thread_store_t* store);
-
-extern void thread_store_set(thread_store_t* store,
- void* value,
- thread_store_destruct_t destroy);
+//
+// Deprecated: use `_Thread_local` in C or `thread_local` in C++.
+//
+#if !defined(_WIN32)
+typedef void (*thread_store_destruct_t)(void* x);
+extern void* thread_store_get(thread_store_t* x)
+ __attribute__((__deprecated__("use thread_local instead")));
+extern void thread_store_set(thread_store_t* x, void* y, thread_store_destruct_t z)
+ __attribute__((__deprecated__("use thread_local instead")));
+#endif
#ifdef __cplusplus
}
#endif
-
-#endif /* _LIBS_CUTILS_THREADS_H */
diff --git a/libcutils/threads.cpp b/libcutils/threads.cpp
index a7e6b2d..eac63b5 100644
--- a/libcutils/threads.cpp
+++ b/libcutils/threads.cpp
@@ -47,7 +47,6 @@
#endif // __ANDROID__
#if !defined(_WIN32)
-
void* thread_store_get( thread_store_t* store )
{
if (!store->has_tls)
@@ -72,40 +71,4 @@
pthread_setspecific( store->tls, value );
}
-
-#else /* !defined(_WIN32) */
-void* thread_store_get( thread_store_t* store )
-{
- if (!store->has_tls)
- return NULL;
-
- return (void*) TlsGetValue( store->tls );
-}
-
-void thread_store_set( thread_store_t* store,
- void* value,
- thread_store_destruct_t /*destroy*/ )
-{
- /* XXX: can't use destructor on thread exit */
- if (!store->lock_init) {
- store->lock_init = -1;
- InitializeCriticalSection( &store->lock );
- store->lock_init = -2;
- } else while (store->lock_init != -2) {
- Sleep(10); /* 10ms */
- }
-
- EnterCriticalSection( &store->lock );
- if (!store->has_tls) {
- store->tls = TlsAlloc();
- if (store->tls == TLS_OUT_OF_INDEXES) {
- LeaveCriticalSection( &store->lock );
- return;
- }
- store->has_tls = 1;
- }
- LeaveCriticalSection( &store->lock );
-
- TlsSetValue( store->tls, value );
-}
-#endif /* !defined(_WIN32) */
+#endif
diff --git a/libprocessgroup/processgroup.cpp b/libprocessgroup/processgroup.cpp
index 2bf48fc..d669ebe 100644
--- a/libprocessgroup/processgroup.cpp
+++ b/libprocessgroup/processgroup.cpp
@@ -131,25 +131,13 @@
return StringPrintf("%s/uid_%d/pid_%d", cgroup, uid, pid);
}
-static int RemoveProcessGroup(const char* cgroup, uid_t uid, int pid, unsigned int retries) {
- int ret = 0;
+static int RemoveProcessGroup(const char* cgroup, uid_t uid, int pid) {
+ int ret;
+
auto uid_pid_path = ConvertUidPidToPath(cgroup, uid, pid);
+ ret = rmdir(uid_pid_path.c_str());
+
auto uid_path = ConvertUidToPath(cgroup, uid);
-
- if (retries == 0) {
- retries = 1;
- }
-
- while (retries--) {
- ret = rmdir(uid_pid_path.c_str());
- if (!ret || errno != EBUSY) break;
- std::this_thread::sleep_for(5ms);
- }
-
- // With the exception of boot or shutdown, system uid_ folders are always populated. Spinning
- // here would needlessly delay most pid removals. Additionally, once empty a uid_ cgroup won't
- // have processes hanging on it (we've already spun for all its pid_), so there's no need to
- // spin anyway.
rmdir(uid_path.c_str());
return ret;
@@ -188,7 +176,7 @@
std::vector<std::string> cgroups;
std::string path;
- if (CgroupGetControllerPath(CGROUPV2_CONTROLLER_NAME, &path)) {
+ if (CgroupGetControllerPath("cpuacct", &path)) {
cgroups.push_back(path);
}
if (CgroupGetControllerPath("memory", &path)) {
@@ -224,49 +212,19 @@
}
}
-/**
- * Process groups are primarily created by the Zygote, meaning that uid/pid groups are created by
- * the user root. Ownership for the newly created cgroup and all of its files must thus be
- * transferred for the user/group passed as uid/gid before system_server can properly access them.
- */
static bool MkdirAndChown(const std::string& path, mode_t mode, uid_t uid, gid_t gid) {
if (mkdir(path.c_str(), mode) == -1 && errno != EEXIST) {
return false;
}
- auto dir = std::unique_ptr<DIR, decltype(&closedir)>(opendir(path.c_str()), closedir);
-
- if (dir == NULL) {
- PLOG(ERROR) << "opendir failed for " << path;
- goto err;
- }
-
- struct dirent* dir_entry;
- while ((dir_entry = readdir(dir.get()))) {
- if (!strcmp("..", dir_entry->d_name)) {
- continue;
- }
-
- std::string file_path = path + "/" + dir_entry->d_name;
-
- if (lchown(file_path.c_str(), uid, gid) < 0) {
- PLOG(ERROR) << "lchown failed for " << file_path;
- goto err;
- }
-
- if (fchmodat(AT_FDCWD, file_path.c_str(), mode, AT_SYMLINK_NOFOLLOW) != 0) {
- PLOG(ERROR) << "fchmodat failed for " << file_path;
- goto err;
- }
+ if (chown(path.c_str(), uid, gid) == -1) {
+ int saved_errno = errno;
+ rmdir(path.c_str());
+ errno = saved_errno;
+ return false;
}
return true;
-err:
- int saved_errno = errno;
- rmdir(path.c_str());
- errno = saved_errno;
-
- return false;
}
// Returns number of processes killed on success
@@ -344,9 +302,17 @@
static int KillProcessGroup(uid_t uid, int initialPid, int signal, int retries,
int* max_processes) {
- std::string hierarchy_root_path;
- CgroupGetControllerPath(CGROUPV2_CONTROLLER_NAME, &hierarchy_root_path);
- const char* cgroup = hierarchy_root_path.c_str();
+ std::string cpuacct_path;
+ std::string memory_path;
+
+ CgroupGetControllerPath("cpuacct", &cpuacct_path);
+ CgroupGetControllerPath("memory", &memory_path);
+ memory_path += "/apps";
+
+ const char* cgroup =
+ (!access(ConvertUidPidToPath(cpuacct_path.c_str(), uid, initialPid).c_str(), F_OK))
+ ? cpuacct_path.c_str()
+ : memory_path.c_str();
std::chrono::steady_clock::time_point start = std::chrono::steady_clock::now();
@@ -389,17 +355,7 @@
LOG(INFO) << "Successfully killed process cgroup uid " << uid << " pid " << initialPid
<< " in " << static_cast<int>(ms) << "ms";
}
-
- int err = RemoveProcessGroup(cgroup, uid, initialPid, retries);
-
- if (isMemoryCgroupSupported() && UsePerAppMemcg()) {
- std::string memory_path;
- CgroupGetControllerPath("memory", &memory_path);
- memory_path += "/apps";
- if (RemoveProcessGroup(memory_path.c_str(), uid, initialPid, retries)) return -1;
- }
-
- return err;
+ return RemoveProcessGroup(cgroup, uid, initialPid);
} else {
if (retries > 0) {
LOG(ERROR) << "Failed to kill process cgroup uid " << uid << " pid " << initialPid
@@ -418,7 +374,15 @@
return KillProcessGroup(uid, initialPid, signal, 0 /*retries*/, max_processes);
}
-static int createProcessGroupInternal(uid_t uid, int initialPid, std::string cgroup) {
+int createProcessGroup(uid_t uid, int initialPid, bool memControl) {
+ std::string cgroup;
+ if (isMemoryCgroupSupported() && (memControl || UsePerAppMemcg())) {
+ CgroupGetControllerPath("memory", &cgroup);
+ cgroup += "/apps";
+ } else {
+ CgroupGetControllerPath("cpuacct", &cgroup);
+ }
+
auto uid_path = ConvertUidToPath(cgroup.c_str(), uid);
if (!MkdirAndChown(uid_path, 0750, AID_SYSTEM, AID_SYSTEM)) {
@@ -444,27 +408,6 @@
return ret;
}
-int createProcessGroup(uid_t uid, int initialPid, bool memControl) {
- std::string cgroup;
-
- if (memControl && !UsePerAppMemcg()) {
- PLOG(ERROR) << "service memory controls are used without per-process memory cgroup support";
- return -EINVAL;
- }
-
- if (isMemoryCgroupSupported() && UsePerAppMemcg()) {
- CgroupGetControllerPath("memory", &cgroup);
- cgroup += "/apps";
- int ret = createProcessGroupInternal(uid, initialPid, cgroup);
- if (ret != 0) {
- return ret;
- }
- }
-
- CgroupGetControllerPath(CGROUPV2_CONTROLLER_NAME, &cgroup);
- return createProcessGroupInternal(uid, initialPid, cgroup);
-}
-
static bool SetProcessGroupValue(int tid, const std::string& attr_name, int64_t value) {
if (!isMemoryCgroupSupported()) {
PLOG(ERROR) << "Memcg is not mounted.";
diff --git a/libprocessgroup/profiles/cgroups.json b/libprocessgroup/profiles/cgroups.json
index 962d2ba..792af6f 100644
--- a/libprocessgroup/profiles/cgroups.json
+++ b/libprocessgroup/profiles/cgroups.json
@@ -15,6 +15,11 @@
"GID": "system"
},
{
+ "Controller": "cpuacct",
+ "Path": "/acct",
+ "Mode": "0555"
+ },
+ {
"Controller": "cpuset",
"Path": "/dev/cpuset",
"Mode": "0755",
diff --git a/libprocessgroup/profiles/cgroups.recovery.json b/libprocessgroup/profiles/cgroups.recovery.json
index 2c63c08..f0bf5fd 100644
--- a/libprocessgroup/profiles/cgroups.recovery.json
+++ b/libprocessgroup/profiles/cgroups.recovery.json
@@ -1,2 +1,9 @@
{
+ "Cgroups": [
+ {
+ "Controller": "cpuacct",
+ "Path": "/acct",
+ "Mode": "0555"
+ }
+ ]
}
diff --git a/libstats/pull/Android.bp b/libstats/pull/Android.bp
index a8b4a4f..6d6b466 100644
--- a/libstats/pull/Android.bp
+++ b/libstats/pull/Android.bp
@@ -70,6 +70,7 @@
],
visibility: [
"//frameworks/base/apex/statsd/tests/libstatspull",
+ "//packages/modules/StatsD/apex/tests/libstatspull",
],
}
diff --git a/libstats/socket/Android.bp b/libstats/socket/Android.bp
index a93d268..a6ea185 100644
--- a/libstats/socket/Android.bp
+++ b/libstats/socket/Android.bp
@@ -79,6 +79,7 @@
visibility: [
"//frameworks/base/apex/statsd/tests/libstatspull",
"//frameworks/base/cmds/statsd",
+ "//packages/modules/StatsD/apex/tests/libstatspull",
"//packages/modules/StatsD/bin",
],
}
diff --git a/qemu_pipe/OWNERS b/qemu_pipe/OWNERS
index dbc1bf6..d67a329 100644
--- a/qemu_pipe/OWNERS
+++ b/qemu_pipe/OWNERS
@@ -1 +1,3 @@
bohu@google.com
+lfy@google.com
+rkir@google.com
diff --git a/rootdir/Android.mk b/rootdir/Android.mk
index 2bceb75..17d71f7 100644
--- a/rootdir/Android.mk
+++ b/rootdir/Android.mk
@@ -78,7 +78,7 @@
# create some directories (some are mount points) and symlinks
LOCAL_POST_INSTALL_CMD := mkdir -p $(addprefix $(TARGET_ROOT_OUT)/, \
dev proc sys system data data_mirror odm oem acct config storage mnt apex debug_ramdisk \
- linkerconfig second_stage_resources $(BOARD_ROOT_EXTRA_FOLDERS)); \
+ linkerconfig second_stage_resources postinstall $(BOARD_ROOT_EXTRA_FOLDERS)); \
ln -sf /system/bin $(TARGET_ROOT_OUT)/bin; \
ln -sf /system/etc $(TARGET_ROOT_OUT)/etc; \
ln -sf /data/user_de/0/com.android.shell/files/bugreports $(TARGET_ROOT_OUT)/bugreports; \
@@ -153,11 +153,6 @@
; mkdir -p $(dir $(TARGET_ROOT_OUT)/$(word 2,$(p))) \
; ln -sf $(word 1,$(p)) $(TARGET_ROOT_OUT)/$(word 2,$(p)))
endif
-# The A/B updater uses a top-level /postinstall directory to mount the new
-# system before reboot.
-ifeq ($(AB_OTA_UPDATER),true)
- LOCAL_POST_INSTALL_CMD += ; mkdir -p $(TARGET_ROOT_OUT)/postinstall
-endif
# The init symlink must be a post install command of a file that is to TARGET_ROOT_OUT.
# Since init.environ.rc is required for init and satisfies that requirement, we hijack it to create the symlink.
diff --git a/rootdir/init.rc b/rootdir/init.rc
index 2de066d..de608b1 100644
--- a/rootdir/init.rc
+++ b/rootdir/init.rc
@@ -612,6 +612,9 @@
# HALs required before storage encryption can get unlocked (FBE/FDE)
class_start early_hal
+ # Load trusted keys from dm-verity protected partitions
+ exec -- /system/bin/fsverity_init --load-verified-keys
+
on post-fs-data
mark_post_data
@@ -853,6 +856,9 @@
wait_for_prop apexd.status activated
perform_apex_config
+ # Lock the fs-verity keyring, so no more keys can be added
+ exec -- /system/bin/fsverity_init --lock
+
# After apexes are mounted, tell keymaster early boot has ended, so it will
# stop allowing use of early-boot keys
exec - system system -- /system/bin/vdc keymaster earlyBootEnded
@@ -1034,9 +1040,6 @@
class_start core
- # Requires keystore (currently a core service) to be ready first.
- exec -- /system/bin/fsverity_init
-
on nonencrypted
class_start main
class_start late_start
diff --git a/rootdir/ueventd.rc b/rootdir/ueventd.rc
index 1994bdb..42229bd 100644
--- a/rootdir/ueventd.rc
+++ b/rootdir/ueventd.rc
@@ -1,3 +1,7 @@
+import /vendor/ueventd.rc
+import /odm/ueventd.rc
+import /ueventd.{ro.hardware}.rc
+
firmware_directories /etc/firmware/ /odm/firmware/ /vendor/firmware/ /firmware/image/
uevent_socket_rcvbuf_size 16M