Merge changes I6e95870e,Ibcef6b73,I302ce3c2 into main
* changes:
libprocessgroup: Use pid_t consistently for TIDs
libprocessgroup: Use pid_t consistently for PIDs
libprocessgroup: Use uid_t consistently for UIDs
diff --git a/libprocessgroup/profiles/cgroups.json b/libprocessgroup/profiles/cgroups.json
index d013ec8..3e4393d 100644
--- a/libprocessgroup/profiles/cgroups.json
+++ b/libprocessgroup/profiles/cgroups.json
@@ -1,6 +1,13 @@
{
"Cgroups": [
{
+ "Controller": "blkio",
+ "Path": "/dev/blkio",
+ "Mode": "0775",
+ "UID": "system",
+ "GID": "system"
+ },
+ {
"Controller": "cpu",
"Path": "/dev/cpuctl",
"Mode": "0755",
@@ -32,12 +39,6 @@
{
"Controller": "freezer",
"Path": "."
- },
- {
- "Controller": "io",
- "Path": ".",
- "NeedsActivation": true,
- "Optional": true
}
]
}
diff --git a/libprocessgroup/profiles/task_profiles.json b/libprocessgroup/profiles/task_profiles.json
index f2ef316..1fc66ba 100644
--- a/libprocessgroup/profiles/task_profiles.json
+++ b/libprocessgroup/profiles/task_profiles.json
@@ -76,26 +76,6 @@
"Name": "FreezerState",
"Controller": "freezer",
"File": "cgroup.freeze"
- },
- {
- "Name": "BfqWeight",
- "Controller": "io",
- "File": "io.bfq.weight"
- },
- {
- "Name": "CfqGroupIdle",
- "Controller": "io",
- "File": "io.group_idle"
- },
- {
- "Name": "CfqWeight",
- "Controller": "io",
- "File": "io.weight"
- },
- {
- "Name": "IoPrioClass",
- "Controller": "io",
- "File": "io.prio.class"
}
],
@@ -459,39 +439,11 @@
"Name": "LowIoPriority",
"Actions": [
{
- "Name": "SetAttribute",
+ "Name": "JoinCgroup",
"Params":
{
- "Name": "BfqWeight",
- "Value": "10",
- "Optional": "true"
- }
- },
- {
- "Name": "SetAttribute",
- "Params":
- {
- "Name": "CfqGroupIdle",
- "Value": "0",
- "Optional": "true"
- }
- },
- {
- "Name": "SetAttribute",
- "Params":
- {
- "Name": "CfqWeight",
- "Value": "200",
- "Optional": "true"
- }
- },
- {
- "Name": "SetAttribute",
- "Params":
- {
- "Name": "IoPrioClass",
- "Value": "restrict-to-be",
- "Optional": "true"
+ "Controller": "blkio",
+ "Path": "background"
}
}
]
@@ -500,39 +452,11 @@
"Name": "NormalIoPriority",
"Actions": [
{
- "Name": "SetAttribute",
+ "Name": "JoinCgroup",
"Params":
{
- "Name": "BfqWeight",
- "Value": "100",
- "Optional": "true"
- }
- },
- {
- "Name": "SetAttribute",
- "Params":
- {
- "Name": "CfqGroupIdle",
- "Value": "0",
- "Optional": "true"
- }
- },
- {
- "Name": "SetAttribute",
- "Params":
- {
- "Name": "CfqWeight",
- "Value": "1000",
- "Optional": "true"
- }
- },
- {
- "Name": "SetAttribute",
- "Params":
- {
- "Name": "IoPrioClass",
- "Value": "restrict-to-be",
- "Optional": "true"
+ "Controller": "blkio",
+ "Path": ""
}
}
]
@@ -541,39 +465,11 @@
"Name": "HighIoPriority",
"Actions": [
{
- "Name": "SetAttribute",
+ "Name": "JoinCgroup",
"Params":
{
- "Name": "BfqWeight",
- "Value": "100",
- "Optional": "true"
- }
- },
- {
- "Name": "SetAttribute",
- "Params":
- {
- "Name": "CfqGroupIdle",
- "Value": "0",
- "Optional": "true"
- }
- },
- {
- "Name": "SetAttribute",
- "Params":
- {
- "Name": "CfqWeight",
- "Value": "1000",
- "Optional": "true"
- }
- },
- {
- "Name": "SetAttribute",
- "Params":
- {
- "Name": "IoPrioClass",
- "Value": "promote-to-rt",
- "Optional": "true"
+ "Controller": "blkio",
+ "Path": ""
}
}
]
@@ -582,39 +478,11 @@
"Name": "MaxIoPriority",
"Actions": [
{
- "Name": "SetAttribute",
+ "Name": "JoinCgroup",
"Params":
{
- "Name": "BfqWeight",
- "Value": "100",
- "Optional": "true"
- }
- },
- {
- "Name": "SetAttribute",
- "Params":
- {
- "Name": "CfqGroupIdle",
- "Value": "0",
- "Optional": "true"
- }
- },
- {
- "Name": "SetAttribute",
- "Params":
- {
- "Name": "CfqWeight",
- "Value": "1000",
- "Optional": "true"
- }
- },
- {
- "Name": "SetAttribute",
- "Params":
- {
- "Name": "IoPrioClass",
- "Value": "promote-to-rt",
- "Optional": "true"
+ "Controller": "blkio",
+ "Path": ""
}
}
]
diff --git a/rootdir/init.rc b/rootdir/init.rc
index 768e0ff..4c07c83 100644
--- a/rootdir/init.rc
+++ b/rootdir/init.rc
@@ -228,6 +228,26 @@
write /dev/stune/nnapi-hal/schedtune.boost 1
write /dev/stune/nnapi-hal/schedtune.prefer_idle 1
+ # Create blkio group and apply initial settings.
+ # This feature needs kernel to support it, and the
+ # device's init.rc must actually set the correct values.
+ mkdir /dev/blkio/background
+ chown system system /dev/blkio
+ chown system system /dev/blkio/background
+ chown system system /dev/blkio/tasks
+ chown system system /dev/blkio/background/tasks
+ chown system system /dev/blkio/cgroup.procs
+ chown system system /dev/blkio/background/cgroup.procs
+ chmod 0664 /dev/blkio/tasks
+ chmod 0664 /dev/blkio/background/tasks
+ chmod 0664 /dev/blkio/cgroup.procs
+ chmod 0664 /dev/blkio/background/cgroup.procs
+ write /dev/blkio/blkio.weight 1000
+ write /dev/blkio/background/blkio.weight 200
+ write /dev/blkio/background/blkio.bfq.weight 10
+ write /dev/blkio/blkio.group_idle 0
+ write /dev/blkio/background/blkio.group_idle 0
+
restorecon_recursive /mnt
mount configfs none /config nodev noexec nosuid
@@ -781,6 +801,7 @@
mkdir /data/misc/apns 0770 system radio
mkdir /data/misc/emergencynumberdb 0770 system radio
mkdir /data/misc/network_watchlist 0774 system system
+ mkdir /data/misc/telephonyconfig 0770 system radio
mkdir /data/misc/textclassifier 0771 system system
mkdir /data/misc/vpn 0770 system vpn
mkdir /data/misc/shared_relro 0771 shared_relro shared_relro
diff --git a/trusty/fuzz/Android.bp b/trusty/fuzz/Android.bp
index 5d0ff79..8a93e5e 100644
--- a/trusty/fuzz/Android.bp
+++ b/trusty/fuzz/Android.bp
@@ -41,9 +41,6 @@
"utils.cpp",
],
export_include_dirs: ["include"],
- static_libs: [
- "libFuzzer",
- ],
shared_libs: [
"libtrusty_coverage",
"libbase",
diff --git a/trusty/fuzz/counters.cpp b/trusty/fuzz/counters.cpp
index 65a3ba6..e730ec3 100644
--- a/trusty/fuzz/counters.cpp
+++ b/trusty/fuzz/counters.cpp
@@ -16,12 +16,12 @@
#define LOG_TAG "trusty-fuzz-counters"
-#include <FuzzerDefs.h>
-
#include <trusty/fuzz/counters.h>
#include <android-base/logging.h>
+#include <assert.h>
#include <log/log.h>
+#include <string.h>
#include <trusty/coverage/coverage.h>
#include <trusty/coverage/tipc.h>
@@ -45,9 +45,6 @@
return;
}
- assert(fuzzer::ExtraCountersBegin());
- assert(fuzzer::ExtraCountersEnd());
-
volatile uint8_t* begin = NULL;
volatile uint8_t* end = NULL;
record_->GetRawCounts(&begin, &end);
@@ -66,9 +63,8 @@
if (!record_->IsOpen()) {
return;
}
-
record_->ResetCounts();
- fuzzer::ClearExtraCounters();
+ memset_explicit(const_cast<uint8_t*>(counters), 0, sizeof(counters));
}
void ExtraCounters::Flush() {
diff --git a/trusty/fuzz/tipc_fuzzer.cpp b/trusty/fuzz/tipc_fuzzer.cpp
index edc2a79..f265ced 100644
--- a/trusty/fuzz/tipc_fuzzer.cpp
+++ b/trusty/fuzz/tipc_fuzzer.cpp
@@ -14,8 +14,6 @@
* limitations under the License.
*/
-#include <android-base/result.h>
-#include <fuzzer/FuzzedDataProvider.h>
#include <stdlib.h>
#include <trusty/coverage/coverage.h>
#include <trusty/coverage/uuid.h>
@@ -25,7 +23,6 @@
#include <iostream>
#include <memory>
-using android::base::Result;
using android::trusty::coverage::CoverageRecord;
using android::trusty::fuzz::ExtraCounters;
using android::trusty::fuzz::TrustyApp;
@@ -44,14 +41,7 @@
#error "Binary file name must be parameterized using -DTRUSTY_APP_FILENAME."
#endif
-#ifdef TRUSTY_APP_MAX_CONNECTIONS
-constexpr size_t MAX_CONNECTIONS = TRUSTY_APP_MAX_CONNECTIONS;
-#else
-constexpr size_t MAX_CONNECTIONS = 1;
-#endif
-
-static_assert(MAX_CONNECTIONS >= 1);
-
+static TrustyApp kTrustyApp(TIPC_DEV, TRUSTY_APP_PORT);
static std::unique_ptr<CoverageRecord> record;
extern "C" int LLVMFuzzerInitialize(int* /* argc */, char*** /* argv */) {
@@ -63,8 +53,7 @@
}
/* Make sure lazy-loaded TAs have started and connected to coverage service. */
- TrustyApp ta(TIPC_DEV, TRUSTY_APP_PORT);
- auto ret = ta.Connect();
+ auto ret = kTrustyApp.Connect();
if (!ret.ok()) {
std::cerr << ret.error() << std::endl;
exit(-1);
@@ -84,56 +73,24 @@
return 0;
}
-Result<void> testOneInput(FuzzedDataProvider& provider) {
- std::vector<TrustyApp> trustyApps;
-
- while (provider.remaining_bytes() > 0) {
- if (trustyApps.size() < MAX_CONNECTIONS && provider.ConsumeBool()) {
- auto& ta = trustyApps.emplace_back(TIPC_DEV, TRUSTY_APP_PORT);
- const auto result = ta.Connect();
- if (!result.ok()) {
- return result;
- }
- } else {
- const auto i = provider.ConsumeIntegralInRange<size_t>(0, trustyApps.size());
- std::swap(trustyApps[i], trustyApps.back());
-
- if (provider.ConsumeBool()) {
- auto& ta = trustyApps.back();
-
- const auto data = provider.ConsumeRandomLengthString();
- auto result = ta.Write(data.data(), data.size());
- if (!result.ok()) {
- return result;
- }
-
- std::array<uint8_t, TIPC_MAX_MSG_SIZE> buf;
- result = ta.Read(buf.data(), buf.size());
- if (!result.ok()) {
- return result;
- }
-
- // Reconnect to ensure that the service is still up.
- ta.Disconnect();
- result = ta.Connect();
- if (!result.ok()) {
- std::cerr << result.error() << std::endl;
- android::trusty::fuzz::Abort();
- return result;
- }
- } else {
- trustyApps.pop_back();
- }
- }
- }
- return {};
-}
-
extern "C" int LLVMFuzzerTestOneInput(const uint8_t* data, size_t size) {
+ static uint8_t buf[TIPC_MAX_MSG_SIZE];
+
ExtraCounters counters(record.get());
counters.Reset();
- FuzzedDataProvider provider(data, size);
- const auto result = testOneInput(provider);
- return result.ok() ? 0 : -1;
+ auto ret = kTrustyApp.Write(data, size);
+ if (ret.ok()) {
+ ret = kTrustyApp.Read(&buf, sizeof(buf));
+ }
+
+ // Reconnect to ensure that the service is still up
+ kTrustyApp.Disconnect();
+ ret = kTrustyApp.Connect();
+ if (!ret.ok()) {
+ std::cerr << ret.error() << std::endl;
+ android::trusty::fuzz::Abort();
+ }
+
+ return ret.ok() ? 0 : -1;
}
diff --git a/trusty/secretkeeper/Android.bp b/trusty/secretkeeper/Android.bp
index f6b740a..6523eda 100644
--- a/trusty/secretkeeper/Android.bp
+++ b/trusty/secretkeeper/Android.bp
@@ -28,12 +28,13 @@
],
rustlibs: [
"libandroid_logger",
- "libbinder_rs",
"libauthgraph_hal",
- "libtrusty-rs",
+ "libauthgraph_wire",
+ "libbinder_rs",
"liblibc",
"liblog_rust",
"libsecretkeeper_hal",
+ "libtrusty-rs",
],
defaults: [
"secretkeeper_use_latest_hal_aidl_rust",
diff --git a/trusty/secretkeeper/src/hal_main.rs b/trusty/secretkeeper/src/hal_main.rs
index 9439c36..1dc697d 100644
--- a/trusty/secretkeeper/src/hal_main.rs
+++ b/trusty/secretkeeper/src/hal_main.rs
@@ -14,7 +14,8 @@
// limitations under the License.
//! This module implements the HAL service for Secretkeeper in Trusty.
-use authgraph_hal::{channel::SerializedChannel};
+use authgraph_hal::channel::SerializedChannel;
+use authgraph_wire::fragmentation::{Fragmenter, Reassembler};
use secretkeeper_hal::SecretkeeperService;
use android_hardware_security_secretkeeper::aidl::android::hardware::security::secretkeeper::ISecretkeeper::{
ISecretkeeper, BpSecretkeeper,
@@ -22,6 +23,7 @@
use log::{error, info};
use std::{
ffi::CString,
+ fmt::Debug,
panic,
sync::{Arc, Mutex},
};
@@ -29,6 +31,7 @@
const SK_TIPC_SERVICE_PORT: &str = "com.android.trusty.secretkeeper";
const AG_TIPC_SERVICE_PORT: &str = "com.android.trusty.secretkeeper.authgraph";
+const TIPC_MAX_SIZE: usize = 4000;
static SERVICE_INSTANCE: &str = "default";
@@ -47,38 +50,43 @@
}
}
+fn binderr<E: Debug>(msg: &str, e: E) -> binder::Status {
+ binder::Status::new_exception(
+ binder::ExceptionCode::TRANSACTION_FAILED,
+ Some(&CString::new(format!("Failed to {msg} via tipc channel: {e:?}",)).unwrap()),
+ )
+}
+
impl SerializedChannel for TipcChannel {
- const MAX_SIZE: usize = 4000;
+ // No maximum size for messages passed to `execute()` because it performs fragmentation
+ // and reassembly internally.
+ const MAX_SIZE: usize = usize::MAX;
+
fn execute(&self, req_data: &[u8]) -> binder::Result<Vec<u8>> {
// Hold lock across both request and response.
let mut channel = self.channel.lock().unwrap();
- channel.send(req_data).map_err(|e| {
- binder::Status::new_exception(
- binder::ExceptionCode::TRANSACTION_FAILED,
- Some(
- &CString::new(format!(
- "Failed to send the request via tipc channel because of {:?}",
- e
- ))
- .unwrap(),
- ),
- )
- })?;
- // TODO: cope with fragmentation and reassembly
- let mut rsp_data = Vec::new();
- channel.recv(&mut rsp_data).map_err(|e| {
- binder::Status::new_exception(
- binder::ExceptionCode::TRANSACTION_FAILED,
- Some(
- &CString::new(format!(
- "Failed to receive the response via tipc channel because of {:?}",
- e
- ))
- .unwrap(),
- ),
- )
- })?;
- Ok(rsp_data)
+ let mut pending_rsp = Reassembler::default();
+
+ // Break request message into fragments to send.
+ for req_frag in Fragmenter::new(req_data, TIPC_MAX_SIZE) {
+ channel.send(&req_frag).map_err(|e| binderr("send request", e))?;
+
+ // Every request gets a response.
+ let mut rsp_frag = Vec::new();
+ channel.recv(&mut rsp_frag).map_err(|e| binderr("receive response", e))?;
+
+ if let Some(full_rsp) = pending_rsp.accumulate(&rsp_frag) {
+ return Ok(full_rsp.to_vec());
+ }
+ }
+ // There may be additional response fragments to receive.
+ loop {
+ let mut rsp_frag = Vec::new();
+ channel.recv(&mut rsp_frag).map_err(|e| binderr("receive response", e))?;
+ if let Some(full_rsp) = pending_rsp.accumulate(&rsp_frag) {
+ return Ok(full_rsp.to_vec());
+ }
+ }
}
}