Merge "init: Allow persistent properties to be written asynchronously."
diff --git a/debuggerd/crash_dump.cpp b/debuggerd/crash_dump.cpp
index 2a769c7..70f333e 100644
--- a/debuggerd/crash_dump.cpp
+++ b/debuggerd/crash_dump.cpp
@@ -303,6 +303,7 @@
process_info->scudo_stack_depot = crash_info->data.d.scudo_stack_depot;
process_info->scudo_region_info = crash_info->data.d.scudo_region_info;
process_info->scudo_ring_buffer = crash_info->data.d.scudo_ring_buffer;
+ process_info->scudo_ring_buffer_size = crash_info->data.d.scudo_ring_buffer_size;
FALLTHROUGH_INTENDED;
case 1:
case 2:
diff --git a/debuggerd/handler/debuggerd_handler.cpp b/debuggerd/handler/debuggerd_handler.cpp
index c64de0e..7120d73 100644
--- a/debuggerd/handler/debuggerd_handler.cpp
+++ b/debuggerd/handler/debuggerd_handler.cpp
@@ -187,27 +187,29 @@
* mutex is being held, so we don't want to use any libc functions that
* could allocate memory or hold a lock.
*/
-static void log_signal_summary(const siginfo_t* info) {
+static void log_signal_summary(const siginfo_t* si) {
char main_thread_name[MAX_TASK_NAME_LEN + 1];
if (!get_main_thread_name(main_thread_name, sizeof(main_thread_name))) {
strncpy(main_thread_name, "<unknown>", sizeof(main_thread_name));
}
- if (info->si_signo == BIONIC_SIGNAL_DEBUGGER) {
+ if (si->si_signo == BIONIC_SIGNAL_DEBUGGER) {
async_safe_format_log(ANDROID_LOG_INFO, "libc", "Requested dump for pid %d (%s)", __getpid(),
main_thread_name);
return;
}
- // Many signals don't have an address or sender.
- char addr_desc[32] = ""; // ", fault addr 0x1234"
- if (signal_has_si_addr(info)) {
- async_safe_format_buffer(addr_desc, sizeof(addr_desc), ", fault addr %p", info->si_addr);
- }
+ // Many signals don't have a sender or extra detail, but some do...
pid_t self_pid = __getpid();
char sender_desc[32] = {}; // " from pid 1234, uid 666"
- if (signal_has_sender(info, self_pid)) {
- get_signal_sender(sender_desc, sizeof(sender_desc), info);
+ if (signal_has_sender(si, self_pid)) {
+ get_signal_sender(sender_desc, sizeof(sender_desc), si);
+ }
+ char extra_desc[32] = {}; // ", fault addr 0x1234" or ", syscall 1234"
+ if (si->si_signo == SIGSYS && si->si_code == SYS_SECCOMP) {
+ async_safe_format_buffer(extra_desc, sizeof(extra_desc), ", syscall %d", si->si_syscall);
+ } else if (signal_has_si_addr(si)) {
+ async_safe_format_buffer(extra_desc, sizeof(extra_desc), ", fault addr %p", si->si_addr);
}
char thread_name[MAX_TASK_NAME_LEN + 1]; // one more for termination
@@ -221,8 +223,8 @@
async_safe_format_log(ANDROID_LOG_FATAL, "libc",
"Fatal signal %d (%s), code %d (%s%s)%s in tid %d (%s), pid %d (%s)",
- info->si_signo, get_signame(info), info->si_code, get_sigcode(info),
- sender_desc, addr_desc, __gettid(), thread_name, self_pid, main_thread_name);
+ si->si_signo, get_signame(si), si->si_code, get_sigcode(si), sender_desc,
+ extra_desc, __gettid(), thread_name, self_pid, main_thread_name);
}
/*
@@ -371,12 +373,30 @@
{.iov_base = thread_info->ucontext, .iov_len = sizeof(ucontext_t)},
};
+ constexpr size_t kHeaderSize = sizeof(version) + sizeof(siginfo_t) + sizeof(ucontext_t);
+
if (thread_info->process_info.fdsan_table) {
// Dynamic executables always use version 4. There is no need to increment the version number if
// the format changes, because the sender (linker) and receiver (crash_dump) are version locked.
version = 4;
expected = sizeof(CrashInfoHeader) + sizeof(CrashInfoDataDynamic);
+ static_assert(sizeof(CrashInfoHeader) + sizeof(CrashInfoDataDynamic) ==
+ kHeaderSize + sizeof(thread_info->process_info),
+ "Wire protocol structs do not match the data sent.");
+#define ASSERT_SAME_OFFSET(MEMBER1, MEMBER2) \
+ static_assert(sizeof(CrashInfoHeader) + offsetof(CrashInfoDataDynamic, MEMBER1) == \
+ kHeaderSize + offsetof(debugger_process_info, MEMBER2), \
+ "Wire protocol offset does not match data sent: " #MEMBER1);
+ ASSERT_SAME_OFFSET(fdsan_table_address, fdsan_table);
+ ASSERT_SAME_OFFSET(gwp_asan_state, gwp_asan_state);
+ ASSERT_SAME_OFFSET(gwp_asan_metadata, gwp_asan_metadata);
+ ASSERT_SAME_OFFSET(scudo_stack_depot, scudo_stack_depot);
+ ASSERT_SAME_OFFSET(scudo_region_info, scudo_region_info);
+ ASSERT_SAME_OFFSET(scudo_ring_buffer, scudo_ring_buffer);
+ ASSERT_SAME_OFFSET(scudo_ring_buffer_size, scudo_ring_buffer_size);
+#undef ASSERT_SAME_OFFSET
+
iovs[3] = {.iov_base = &thread_info->process_info,
.iov_len = sizeof(thread_info->process_info)};
} else {
@@ -384,6 +404,10 @@
version = 1;
expected = sizeof(CrashInfoHeader) + sizeof(CrashInfoDataStatic);
+ static_assert(
+ sizeof(CrashInfoHeader) + sizeof(CrashInfoDataStatic) == kHeaderSize + sizeof(uintptr_t),
+ "Wire protocol structs do not match the data sent.");
+
iovs[3] = {.iov_base = &thread_info->process_info.abort_msg, .iov_len = sizeof(uintptr_t)};
}
errno = 0;
diff --git a/debuggerd/include/debuggerd/handler.h b/debuggerd/include/debuggerd/handler.h
index 68b2e67..1f9f4e2 100644
--- a/debuggerd/include/debuggerd/handler.h
+++ b/debuggerd/include/debuggerd/handler.h
@@ -43,6 +43,7 @@
const char* scudo_stack_depot;
const char* scudo_region_info;
const char* scudo_ring_buffer;
+ size_t scudo_ring_buffer_size;
};
// These callbacks are called in a signal handler, and thus must be async signal safe.
diff --git a/debuggerd/libdebuggerd/include/libdebuggerd/types.h b/debuggerd/libdebuggerd/include/libdebuggerd/types.h
index a51e276..5a2a7ab 100644
--- a/debuggerd/libdebuggerd/include/libdebuggerd/types.h
+++ b/debuggerd/libdebuggerd/include/libdebuggerd/types.h
@@ -50,6 +50,7 @@
uintptr_t scudo_stack_depot = 0;
uintptr_t scudo_region_info = 0;
uintptr_t scudo_ring_buffer = 0;
+ size_t scudo_ring_buffer_size = 0;
bool has_fault_address = false;
uintptr_t untagged_fault_address = 0;
diff --git a/debuggerd/libdebuggerd/scudo.cpp b/debuggerd/libdebuggerd/scudo.cpp
index 5d861f8..37e390b 100644
--- a/debuggerd/libdebuggerd/scudo.cpp
+++ b/debuggerd/libdebuggerd/scudo.cpp
@@ -45,7 +45,7 @@
auto region_info = AllocAndReadFully(process_memory, process_info.scudo_region_info,
__scudo_get_region_info_size());
auto ring_buffer = AllocAndReadFully(process_memory, process_info.scudo_ring_buffer,
- __scudo_get_ring_buffer_size());
+ process_info.scudo_ring_buffer_size);
if (!stack_depot || !region_info || !ring_buffer) {
return;
}
diff --git a/debuggerd/protocol.h b/debuggerd/protocol.h
index f33b2f0..e7cb218 100644
--- a/debuggerd/protocol.h
+++ b/debuggerd/protocol.h
@@ -98,6 +98,7 @@
uintptr_t scudo_stack_depot;
uintptr_t scudo_region_info;
uintptr_t scudo_ring_buffer;
+ size_t scudo_ring_buffer_size;
};
struct __attribute__((__packed__)) CrashInfo {
diff --git a/debuggerd/test_permissive_mte/Android.bp b/debuggerd/test_permissive_mte/Android.bp
index 1c09240..d3f7520 100644
--- a/debuggerd/test_permissive_mte/Android.bp
+++ b/debuggerd/test_permissive_mte/Android.bp
@@ -18,6 +18,7 @@
cc_binary {
name: "mte_crash",
+ tidy: false,
srcs: ["mte_crash.cpp"],
sanitize: {
memtag_heap: true,
diff --git a/fastboot/usb_osx.cpp b/fastboot/usb_osx.cpp
index 610eebf..a4b9307 100644
--- a/fastboot/usb_osx.cpp
+++ b/fastboot/usb_osx.cpp
@@ -191,16 +191,30 @@
// Iterate over the endpoints for this interface and see if there
// are any that do bulk in/out.
- for (UInt8 endpoint = 1; endpoint <= interfaceNumEndpoints; endpoint++) {
+ for (UInt8 endpoint = 1; endpoint <= interfaceNumEndpoints; ++endpoint) {
UInt8 transferType;
- UInt16 maxPacketSize;
+ UInt16 endPointMaxPacketSize = 0;
UInt8 interval;
+
+ // Attempt to retrieve the 'true' packet-size from supported interface.
+ kr = (*interface)
+ ->GetEndpointProperties(interface, 0, endpoint,
+ kUSBOut,
+ &transferType,
+ &endPointMaxPacketSize, &interval);
+ if (kr == kIOReturnSuccess && !endPointMaxPacketSize) {
+ ERR("GetEndpointProperties() returned zero len packet-size");
+ }
+
+ UInt16 pipePropMaxPacketSize;
UInt8 number;
UInt8 direction;
+ // Proceed with extracting the transfer direction, so we can fill in the
+ // appropriate fields (bulkIn or bulkOut).
kr = (*interface)->GetPipeProperties(interface, endpoint,
&direction,
- &number, &transferType, &maxPacketSize, &interval);
+ &number, &transferType, &pipePropMaxPacketSize, &interval);
if (kr == 0) {
if (transferType != kUSBBulk) {
@@ -216,7 +230,8 @@
}
if (handle->info.ifc_protocol == 0x01) {
- handle->zero_mask = maxPacketSize - 1;
+ handle->zero_mask = (endPointMaxPacketSize == 0) ?
+ pipePropMaxPacketSize - 1 : endPointMaxPacketSize - 1;
}
} else {
ERR("could not get pipe properties for endpoint %u (%08x)\n", endpoint, kr);
diff --git a/fs_mgr/fs_mgr_remount.cpp b/fs_mgr/fs_mgr_remount.cpp
index 5fddf86..5a9f391 100644
--- a/fs_mgr/fs_mgr_remount.cpp
+++ b/fs_mgr/fs_mgr_remount.cpp
@@ -175,6 +175,8 @@
}
if (checkpointing) {
LOG(ERROR) << "Cannot use remount when a checkpoint is in progress.";
+ LOG(ERROR) << "To force end checkpointing, call 'vdc checkpoint commitChanges'";
+ LOG(ERROR) << "Warning: this can lead to data corruption if rolled back.";
return false;
}
return true;
diff --git a/fs_mgr/libdm/dm.cpp b/fs_mgr/libdm/dm.cpp
index 0624fe0..deffae1 100644
--- a/fs_mgr/libdm/dm.cpp
+++ b/fs_mgr/libdm/dm.cpp
@@ -20,6 +20,7 @@
#include <sys/ioctl.h>
#include <sys/sysmacros.h>
#include <sys/types.h>
+#include <sys/utsname.h>
#include <chrono>
#include <functional>
@@ -711,5 +712,28 @@
return dm_block_devices;
}
+bool DeviceMapper::CreatePlaceholderDevice(const std::string& name) {
+ if (!CreateEmptyDevice(name)) {
+ return false;
+ }
+
+ struct utsname uts;
+ unsigned int major, minor;
+ if (uname(&uts) != 0 || sscanf(uts.release, "%u.%u", &major, &minor) != 2) {
+ LOG(ERROR) << "Could not parse the kernel version from uname";
+ return true;
+ }
+
+ // On Linux 5.15+, there is no uevent until DM_TABLE_LOAD.
+ if (major > 5 || (major == 5 && minor >= 15)) {
+ DmTable table;
+ table.Emplace<DmTargetError>(0, 1);
+ if (!LoadTable(name, table)) {
+ return false;
+ }
+ }
+ return true;
+}
+
} // namespace dm
} // namespace android
diff --git a/fs_mgr/libdm/include/libdm/dm.h b/fs_mgr/libdm/include/libdm/dm.h
index f17ae13..dbef8f9 100644
--- a/fs_mgr/libdm/include/libdm/dm.h
+++ b/fs_mgr/libdm/include/libdm/dm.h
@@ -292,6 +292,12 @@
// Returns mapping <partition-name, /dev/block/dm-x>
std::map<std::string, std::string> FindDmPartitions();
+ // Create a placeholder device. This is useful for ensuring that a uevent is in the pipeline,
+ // to reduce the amount of time a future WaitForDevice will block. On kernels < 5.15, this
+ // simply calls CreateEmptyDevice. On 5.15 and higher, it also loads (but does not activate)
+ // a placeholder table containing dm-error.
+ bool CreatePlaceholderDevice(const std::string& name);
+
private:
// Maximum possible device mapper targets registered in the kernel.
// This is only used to read the list of targets from kernel so we allocate
diff --git a/fs_mgr/libsnapshot/include/libsnapshot/cow_writer.h b/fs_mgr/libsnapshot/include/libsnapshot/cow_writer.h
index 798bc73..c7b83a8 100644
--- a/fs_mgr/libsnapshot/include/libsnapshot/cow_writer.h
+++ b/fs_mgr/libsnapshot/include/libsnapshot/cow_writer.h
@@ -120,6 +120,12 @@
void EnqueueCompressBlocks(const void* buffer, size_t num_blocks);
bool GetCompressedBuffers(std::vector<std::basic_string<uint8_t>>* compressed_buf);
void Finalize();
+ static std::basic_string<uint8_t> Compress(CowCompressionAlgorithm compression,
+ const void* data, size_t length);
+
+ static bool CompressBlocks(CowCompressionAlgorithm compression, size_t block_size,
+ const void* buffer, size_t num_blocks,
+ std::vector<std::basic_string<uint8_t>>* compressed_data);
private:
struct CompressWork {
diff --git a/fs_mgr/libsnapshot/include/libsnapshot/snapshot.h b/fs_mgr/libsnapshot/include/libsnapshot/snapshot.h
index cdff06e..9eb89b6 100644
--- a/fs_mgr/libsnapshot/include/libsnapshot/snapshot.h
+++ b/fs_mgr/libsnapshot/include/libsnapshot/snapshot.h
@@ -395,6 +395,10 @@
// first-stage to decide whether to launch snapuserd.
bool IsSnapuserdRequired();
+ // This is primarily used to device reboot. If OTA update is in progress,
+ // init will avoid killing processes
+ bool IsUserspaceSnapshotUpdateInProgress();
+
enum class SnapshotDriver {
DM_SNAPSHOT,
DM_USER,
diff --git a/fs_mgr/libsnapshot/libsnapshot_cow/cow_compress.cpp b/fs_mgr/libsnapshot/libsnapshot_cow/cow_compress.cpp
index 4d9b748..9b50986 100644
--- a/fs_mgr/libsnapshot/libsnapshot_cow/cow_compress.cpp
+++ b/fs_mgr/libsnapshot/libsnapshot_cow/cow_compress.cpp
@@ -32,9 +32,13 @@
namespace android {
namespace snapshot {
-
std::basic_string<uint8_t> CompressWorker::Compress(const void* data, size_t length) {
- switch (compression_) {
+ return Compress(compression_, data, length);
+}
+
+std::basic_string<uint8_t> CompressWorker::Compress(CowCompressionAlgorithm compression,
+ const void* data, size_t length) {
+ switch (compression) {
case kCowCompressGz: {
const auto bound = compressBound(length);
std::basic_string<uint8_t> buffer(bound, '\0');
@@ -94,17 +98,22 @@
return buffer;
}
default:
- LOG(ERROR) << "unhandled compression type: " << compression_;
+ LOG(ERROR) << "unhandled compression type: " << compression;
break;
}
return {};
}
-
bool CompressWorker::CompressBlocks(const void* buffer, size_t num_blocks,
std::vector<std::basic_string<uint8_t>>* compressed_data) {
+ return CompressBlocks(compression_, block_size_, buffer, num_blocks, compressed_data);
+}
+
+bool CompressWorker::CompressBlocks(CowCompressionAlgorithm compression, size_t block_size,
+ const void* buffer, size_t num_blocks,
+ std::vector<std::basic_string<uint8_t>>* compressed_data) {
const uint8_t* iter = reinterpret_cast<const uint8_t*>(buffer);
while (num_blocks) {
- auto data = Compress(iter, block_size_);
+ auto data = Compress(compression, iter, block_size);
if (data.empty()) {
PLOG(ERROR) << "CompressBlocks: Compression failed";
return false;
@@ -116,7 +125,7 @@
compressed_data->emplace_back(std::move(data));
num_blocks -= 1;
- iter += block_size_;
+ iter += block_size;
}
return true;
}
diff --git a/fs_mgr/libsnapshot/libsnapshot_cow/cow_writer.cpp b/fs_mgr/libsnapshot/libsnapshot_cow/cow_writer.cpp
index 2d5e4bc..3932fad 100644
--- a/fs_mgr/libsnapshot/libsnapshot_cow/cow_writer.cpp
+++ b/fs_mgr/libsnapshot/libsnapshot_cow/cow_writer.cpp
@@ -275,6 +275,10 @@
}
void CowWriter::InitWorkers() {
+ if (num_compress_threads_ <= 1) {
+ LOG(INFO) << "Not creating new threads for compression.";
+ return;
+ }
for (int i = 0; i < num_compress_threads_; i++) {
auto wt = std::make_unique<CompressWorker>(compression_, header_.block_size);
threads_.emplace_back(std::async(std::launch::async, &CompressWorker::RunThread, wt.get()));
@@ -447,6 +451,10 @@
size_t num_blocks_per_thread = num_blocks / num_threads;
const uint8_t* iter = reinterpret_cast<const uint8_t*>(data);
compressed_buf_.clear();
+ if (num_threads <= 1) {
+ return CompressWorker::CompressBlocks(compression_, options_.block_size, data, num_blocks,
+ &compressed_buf_);
+ }
// Submit the blocks per thread. The retrieval of
// compressed buffers has to be done in the same order.
@@ -490,13 +498,12 @@
while (num_blocks) {
size_t pending_blocks = (std::min(kProcessingBlocks, num_blocks));
- if (compression_) {
+ if (compression_ && num_compress_threads_ > 1) {
if (!CompressBlocks(pending_blocks, iter)) {
return false;
}
buf_iter_ = compressed_buf_.begin();
CHECK(pending_blocks == compressed_buf_.size());
- iter += (pending_blocks * header_.block_size);
}
num_blocks -= pending_blocks;
@@ -512,7 +519,17 @@
}
if (compression_) {
- auto data = std::move(*buf_iter_);
+ auto data = [&, this]() {
+ if (num_compress_threads_ > 1) {
+ auto data = std::move(*buf_iter_);
+ buf_iter_++;
+ return data;
+ } else {
+ auto data =
+ CompressWorker::Compress(compression_, iter, header_.block_size);
+ return data;
+ }
+ }();
op.compression = compression_;
op.data_length = static_cast<uint16_t>(data.size());
@@ -520,15 +537,14 @@
PLOG(ERROR) << "AddRawBlocks: write failed";
return false;
}
- buf_iter_++;
} else {
op.data_length = static_cast<uint16_t>(header_.block_size);
if (!WriteOperation(op, iter, header_.block_size)) {
PLOG(ERROR) << "AddRawBlocks: write failed";
return false;
}
- iter += header_.block_size;
}
+ iter += header_.block_size;
i += 1;
pending_blocks -= 1;
diff --git a/fs_mgr/libsnapshot/snapshot.cpp b/fs_mgr/libsnapshot/snapshot.cpp
index 6fed09c..10d2f18 100644
--- a/fs_mgr/libsnapshot/snapshot.cpp
+++ b/fs_mgr/libsnapshot/snapshot.cpp
@@ -4349,5 +4349,16 @@
return status.source_build_fingerprint();
}
+bool SnapshotManager::IsUserspaceSnapshotUpdateInProgress() {
+ auto slot = GetCurrentSlot();
+ if (slot == Slot::Target) {
+ if (IsSnapuserdRequired()) {
+ return true;
+ }
+ }
+
+ return false;
+}
+
} // namespace snapshot
} // namespace android
diff --git a/fs_mgr/tests/vts_fs_test.cpp b/fs_mgr/tests/vts_fs_test.cpp
index b8b34e2..bb2ceb9 100644
--- a/fs_mgr/tests/vts_fs_test.cpp
+++ b/fs_mgr/tests/vts_fs_test.cpp
@@ -66,6 +66,14 @@
int vsr_level = GetVsrLevel();
+ std::vector<std::string> must_be_f2fs;
+ if (vsr_level >= __ANDROID_API_T__) {
+ must_be_f2fs.emplace_back("/data");
+ }
+ if (vsr_level >= __ANDROID_API_U__) {
+ must_be_f2fs.emplace_back("/metadata");
+ }
+
for (const auto& entry : fstab) {
std::string parent_bdev = entry.blk_device;
while (true) {
@@ -99,15 +107,15 @@
}
if (entry.flags & MS_RDONLY) {
- std::vector<std::string> allowed = {"erofs", "ext4"};
- if (vsr_level == __ANDROID_API_T__) {
- allowed.emplace_back("f2fs");
- }
+ std::vector<std::string> allowed = {"erofs", "ext4", "f2fs"};
EXPECT_NE(std::find(allowed.begin(), allowed.end(), entry.fs_type), allowed.end())
<< entry.mount_point;
} else {
- EXPECT_NE(entry.fs_type, "ext4") << entry.mount_point;
+ if (std::find(must_be_f2fs.begin(), must_be_f2fs.end(), entry.mount_point) !=
+ must_be_f2fs.end()) {
+ EXPECT_EQ(entry.fs_type, "f2fs") << entry.mount_point;
+ }
}
}
}
diff --git a/healthd/Android.bp b/healthd/Android.bp
index a090b74..76b6ad0 100644
--- a/healthd/Android.bp
+++ b/healthd/Android.bp
@@ -2,17 +2,8 @@
default_applicable_licenses: ["Android-Apache-2.0"],
}
-cc_library_headers {
- name: "libhealthd_headers",
- vendor_available: true,
- recovery_available: true,
- export_include_dirs: ["include"],
- header_libs: ["libbatteryservice_headers"],
- export_header_lib_headers: ["libbatteryservice_headers"],
-}
-
-cc_library_static {
- name: "libbatterymonitor",
+cc_defaults {
+ name: "libbatterymonitor_defaults",
srcs: ["BatteryMonitor.cpp"],
cflags: ["-Wall", "-Werror"],
vendor_available: true,
@@ -25,6 +16,66 @@
// Need HealthInfo definition from headers of these shared
// libraries. Clients don't need to link to these.
"android.hardware.health@2.1",
+ ],
+ header_libs: ["libhealthd_headers"],
+ export_header_lib_headers: ["libhealthd_headers"],
+}
+
+cc_defaults {
+ name: "libhealthd_charger_ui_defaults",
+ vendor_available: true,
+ export_include_dirs: [
+ "include",
+ "include_charger",
+ ],
+
+ static_libs: [
+ "libcharger_sysprop",
+ "libhealthd_draw",
+ "libhealthloop",
+ "libminui",
+ ],
+
+ shared_libs: [
+ "libbase",
+ "libcutils",
+ "liblog",
+ "libpng",
+ "libsuspend",
+ "libutils",
+ ],
+
+ header_libs: [
+ "libhealthd_headers",
+ ],
+
+ srcs: [
+ "healthd_mode_charger.cpp",
+ "AnimationParser.cpp",
+ ],
+
+ target: {
+ vendor: {
+ exclude_static_libs: [
+ "libcharger_sysprop",
+ ],
+ },
+ },
+}
+
+cc_library_headers {
+ name: "libhealthd_headers",
+ vendor_available: true,
+ recovery_available: true,
+ export_include_dirs: ["include"],
+ header_libs: ["libbatteryservice_headers"],
+ export_header_lib_headers: ["libbatteryservice_headers"],
+}
+
+cc_library_static {
+ name: "libbatterymonitor",
+ defaults: ["libbatterymonitor_defaults"],
+ static_libs: [
"android.hardware.health-V1-ndk",
],
whole_static_libs: [
@@ -32,8 +83,20 @@
// BatteryMonitor.
"android.hardware.health-translate-ndk",
],
- header_libs: ["libhealthd_headers"],
- export_header_lib_headers: ["libhealthd_headers"],
+}
+
+// TODO(b/251425963): remove when android.hardware.health is upgraded to V2.
+cc_library_static {
+ name: "libbatterymonitor-V1",
+ defaults: ["libbatterymonitor_defaults"],
+ static_libs: [
+ "android.hardware.health-V1-ndk",
+ ],
+ whole_static_libs: [
+ // Need to translate HIDL to AIDL to support legacy APIs in
+ // BatteryMonitor.
+ "android.hardware.health-translate-V1-ndk",
+ ],
}
cc_defaults {
@@ -136,50 +199,31 @@
cc_library_static {
name: "libhealthd_charger_ui",
- vendor_available: true,
- export_include_dirs: [
- "include",
- "include_charger",
- ],
+ defaults: ["libhealthd_charger_ui_defaults"],
static_libs: [
"android.hardware.health-V1-ndk",
"android.hardware.health-translate-ndk",
- "libcharger_sysprop",
- "libhealthd_draw",
- "libhealthloop",
- "libminui",
- ],
-
- shared_libs: [
- "libbase",
- "libcutils",
- "liblog",
- "libpng",
- "libsuspend",
- "libutils",
- ],
-
- header_libs: [
- "libhealthd_headers",
],
export_static_lib_headers: [
"android.hardware.health-V1-ndk",
],
+}
- srcs: [
- "healthd_mode_charger.cpp",
- "AnimationParser.cpp",
+// TODO(b/251425963): remove when android.hardware.health is upgraded to V2.
+cc_library_static {
+ name: "libhealthd_charger_ui-V1",
+ defaults: ["libhealthd_charger_ui_defaults"],
+
+ static_libs: [
+ "android.hardware.health-V1-ndk",
+ "android.hardware.health-translate-V1-ndk",
],
- target: {
- vendor: {
- exclude_static_libs: [
- "libcharger_sysprop",
- ],
- },
- },
+ export_static_lib_headers: [
+ "android.hardware.health-V1-ndk",
+ ],
}
cc_library_static {
diff --git a/init/README.md b/init/README.md
index 120d293..b006365 100644
--- a/init/README.md
+++ b/init/README.md
@@ -206,8 +206,10 @@
capability without the "CAP\_" prefix, like "NET\_ADMIN" or "SETPCAP". See
http://man7.org/linux/man-pages/man7/capabilities.7.html for a list of Linux
capabilities.
- If no capabilities are provided, then all capabilities are removed from this service, even if it
- runs as root.
+ If no capabilities are provided, then behaviour depends on the user the service runs under:
+ * if it's root, then the service will run with all the capabitilies (note: whether the
+ service can actually use them is controlled by selinux);
+ * otherwise all capabilities will be dropped.
`class <name> [ <name>\* ]`
> Specify class names for the service. All services in a
@@ -253,6 +255,10 @@
"r", "w" or "rw". For native executables see libcutils
android\_get\_control\_file().
+`gentle_kill`
+> This service will be sent SIGTERM instead of SIGKILL when stopped. After a 200 ms timeout, it will
+ be sent SIGKILL.
+
`group <groupname> [ <groupname>\* ]`
> Change to 'groupname' before exec'ing this service. Additional
groupnames beyond the (required) first one are used to set the
@@ -421,7 +427,7 @@
using this new mechanism, processes can use the user option to
select their desired uid without ever running as root.
As of Android O, processes can also request capabilities directly in their .rc
- files. See the "capabilities" option below.
+ files. See the "capabilities" option above.
`writepid <file> [ <file>\* ]`
> Write the child's pid to the given files when it forks. Meant for
diff --git a/init/apex_init_util.cpp b/init/apex_init_util.cpp
index d618a6e..c818f8f 100644
--- a/init/apex_init_util.cpp
+++ b/init/apex_init_util.cpp
@@ -18,7 +18,6 @@
#include <glob.h>
-#include <map>
#include <vector>
#include <android-base/logging.h>
@@ -66,18 +65,20 @@
}
static Result<void> ParseConfigs(const std::vector<std::string>& configs) {
- Parser parser = CreateApexConfigParser(ActionManager::GetInstance(),
- ServiceList::GetInstance());
- bool success = true;
+ Parser parser =
+ CreateApexConfigParser(ActionManager::GetInstance(), ServiceList::GetInstance());
+ std::vector<std::string> errors;
for (const auto& c : configs) {
- success &= parser.ParseConfigFile(c);
+ auto result = parser.ParseConfigFile(c);
+ // We should handle other config files even when there's an error.
+ if (!result.ok()) {
+ errors.push_back(result.error().message());
+ }
}
-
- if (success) {
- return {};
- } else {
- return Error() << "Unable to parse apex configs";
+ if (!errors.empty()) {
+ return Error() << "Unable to parse apex configs: " << base::Join(errors, "|");
}
+ return {};
}
Result<void> ParseApexConfigs(const std::string& apex_name) {
diff --git a/init/init_test.cpp b/init/init_test.cpp
index aea1cb3..1e69ede 100644
--- a/init/init_test.cpp
+++ b/init/init_test.cpp
@@ -16,13 +16,16 @@
#include <functional>
#include <string_view>
+#include <thread>
#include <type_traits>
#include <android-base/file.h>
#include <android-base/logging.h>
#include <android-base/properties.h>
+#include <android/api-level.h>
#include <gtest/gtest.h>
#include <selinux/selinux.h>
+#include <sys/resource.h>
#include "action.h"
#include "action_manager.h"
@@ -194,13 +197,14 @@
}
TEST(init, StartConsole) {
- if (access("/dev/console", F_OK) < 0) {
- GTEST_SKIP() << "/dev/console not found";
+ if (GetProperty("ro.build.type", "") == "user") {
+ GTEST_SKIP() << "Must run on userdebug/eng builds. b/262090304";
+ return;
}
std::string init_script = R"init(
service console /system/bin/sh
class core
- console console
+ console null
disabled
user root
group root shell log readproc
@@ -625,6 +629,105 @@
ASSERT_EQ(1u, parser.parse_error_count());
}
+TEST(init, MemLockLimit) {
+ // Test is enforced only for U+ devices
+ if (android::base::GetIntProperty("ro.vendor.api_level", 0) < __ANDROID_API_U__) {
+ GTEST_SKIP();
+ }
+
+ // Verify we are running memlock at, or under, 64KB
+ const unsigned long max_limit = 65536;
+ struct rlimit curr_limit;
+ ASSERT_EQ(getrlimit(RLIMIT_MEMLOCK, &curr_limit), 0);
+ ASSERT_LE(curr_limit.rlim_cur, max_limit);
+ ASSERT_LE(curr_limit.rlim_max, max_limit);
+}
+
+static std::vector<const char*> ConvertToArgv(const std::vector<std::string>& args) {
+ std::vector<const char*> argv;
+ argv.reserve(args.size() + 1);
+ for (const auto& arg : args) {
+ if (argv.empty()) {
+ LOG(DEBUG) << arg;
+ } else {
+ LOG(DEBUG) << " " << arg;
+ }
+ argv.emplace_back(arg.data());
+ }
+ argv.emplace_back(nullptr);
+ return argv;
+}
+
+pid_t ForkExecvpAsync(const std::vector<std::string>& args) {
+ auto argv = ConvertToArgv(args);
+
+ pid_t pid = fork();
+ if (pid == 0) {
+ close(STDIN_FILENO);
+ close(STDOUT_FILENO);
+ close(STDERR_FILENO);
+
+ execvp(argv[0], const_cast<char**>(argv.data()));
+ PLOG(ERROR) << "exec in ForkExecvpAsync init test";
+ _exit(EXIT_FAILURE);
+ }
+ if (pid == -1) {
+ PLOG(ERROR) << "fork in ForkExecvpAsync init test";
+ return -1;
+ }
+ return pid;
+}
+
+TEST(init, GentleKill) {
+ std::string init_script = R"init(
+service test_gentle_kill /system/bin/sleep 1000
+ disabled
+ oneshot
+ gentle_kill
+ user root
+ group root
+ seclabel u:r:toolbox:s0
+)init";
+
+ ActionManager action_manager;
+ ServiceList service_list;
+ TestInitText(init_script, BuiltinFunctionMap(), {}, &action_manager, &service_list);
+ ASSERT_EQ(std::distance(service_list.begin(), service_list.end()), 1);
+
+ auto service = service_list.begin()->get();
+ ASSERT_NE(service, nullptr);
+ ASSERT_RESULT_OK(service->Start());
+ const pid_t pid = service->pid();
+ ASSERT_GT(pid, 0);
+ EXPECT_NE(getsid(pid), 0);
+
+ TemporaryFile logfile;
+ logfile.DoNotRemove();
+ ASSERT_TRUE(logfile.fd != -1);
+
+ std::vector<std::string> cmd;
+ cmd.push_back("system/bin/strace");
+ cmd.push_back("-o");
+ cmd.push_back(logfile.path);
+ cmd.push_back("-e");
+ cmd.push_back("signal");
+ cmd.push_back("-p");
+ cmd.push_back(std::to_string(pid));
+ pid_t strace_pid = ForkExecvpAsync(cmd);
+
+ // Give strace a moment to connect
+ std::this_thread::sleep_for(1s);
+ service->Stop();
+
+ int status;
+ waitpid(strace_pid, &status, 0);
+
+ std::string logs;
+ android::base::ReadFdToString(logfile.fd, &logs);
+ int pos = logs.find("killed by SIGTERM");
+ ASSERT_NE(pos, (int)std::string::npos);
+}
+
class TestCaseLogger : public ::testing::EmptyTestEventListener {
void OnTestStart(const ::testing::TestInfo& test_info) override {
#ifdef __ANDROID__
diff --git a/init/parser.cpp b/init/parser.cpp
index 0a388db..adb41ad 100644
--- a/init/parser.cpp
+++ b/init/parser.cpp
@@ -141,19 +141,19 @@
return true;
}
-bool Parser::ParseConfigFile(const std::string& path) {
+Result<void> Parser::ParseConfigFile(const std::string& path) {
LOG(INFO) << "Parsing file " << path << "...";
android::base::Timer t;
auto config_contents = ReadFile(path);
if (!config_contents.ok()) {
- LOG(INFO) << "Unable to read config file '" << path << "': " << config_contents.error();
- return false;
+ return Error() << "Unable to read config file '" << path
+ << "': " << config_contents.error();
}
ParseData(path, &config_contents.value());
LOG(VERBOSE) << "(Parsing " << path << " took " << t << ".)";
- return true;
+ return {};
}
bool Parser::ParseConfigDir(const std::string& path) {
@@ -176,8 +176,8 @@
// Sort first so we load files in a consistent order (bug 31996208)
std::sort(files.begin(), files.end());
for (const auto& file : files) {
- if (!ParseConfigFile(file)) {
- LOG(ERROR) << "could not import file '" << file << "'";
+ if (auto result = ParseConfigFile(file); !result.ok()) {
+ LOG(ERROR) << "could not import file '" << file << "': " << result.error();
}
}
return true;
@@ -187,7 +187,11 @@
if (is_dir(path.c_str())) {
return ParseConfigDir(path);
}
- return ParseConfigFile(path);
+ auto result = ParseConfigFile(path);
+ if (!result.ok()) {
+ LOG(INFO) << result.error();
+ }
+ return result.ok();
}
} // namespace init
diff --git a/init/parser.h b/init/parser.h
index 95b0cd7..980ae0c 100644
--- a/init/parser.h
+++ b/init/parser.h
@@ -72,7 +72,7 @@
Parser();
bool ParseConfig(const std::string& path);
- bool ParseConfigFile(const std::string& path);
+ Result<void> ParseConfigFile(const std::string& path);
void AddSectionParser(const std::string& name, std::unique_ptr<SectionParser> parser);
void AddSingleLineParser(const std::string& prefix, LineCallback callback);
diff --git a/init/reboot.cpp b/init/reboot.cpp
index a3fc534..27a7876 100644
--- a/init/reboot.cpp
+++ b/init/reboot.cpp
@@ -51,6 +51,7 @@
#include <bootloader_message/bootloader_message.h>
#include <cutils/android_reboot.h>
#include <fs_mgr.h>
+#include <libsnapshot/snapshot.h>
#include <logwrap/logwrap.h>
#include <private/android_filesystem_config.h>
#include <selinux/selinux.h>
@@ -422,11 +423,31 @@
if (run_fsck && !FindPartitionsToUmount(&block_devices, &emulated_devices, false)) {
return UMOUNT_STAT_ERROR;
}
-
+ auto sm = snapshot::SnapshotManager::New();
+ bool ota_update_in_progress = false;
+ if (sm->IsUserspaceSnapshotUpdateInProgress()) {
+ LOG(INFO) << "OTA update in progress";
+ ota_update_in_progress = true;
+ }
UmountStat stat = UmountPartitions(timeout - t.duration());
if (stat != UMOUNT_STAT_SUCCESS) {
LOG(INFO) << "umount timeout, last resort, kill all and try";
if (DUMP_ON_UMOUNT_FAILURE) DumpUmountDebuggingInfo();
+ // Since umount timedout, we will try to kill all processes
+ // and do one more attempt to umount the partitions.
+ //
+ // However, if OTA update is in progress, we don't want
+ // to kill the snapuserd daemon as the daemon will
+ // be serving I/O requests. Killing the daemon will
+ // end up with I/O failures. If the update is in progress,
+ // we will just return the umount failure status immediately.
+ // This is ok, given the fact that killing the processes
+ // and doing an umount is just a last effort. We are
+ // still not doing fsck when all processes are killed.
+ //
+ if (ota_update_in_progress) {
+ return stat;
+ }
KillAllProcesses();
// even if it succeeds, still it is timeout and do not run fsck with all processes killed
UmountStat st = UmountPartitions(0ms);
diff --git a/init/service.cpp b/init/service.cpp
index d495b91..87d9c3a 100644
--- a/init/service.cpp
+++ b/init/service.cpp
@@ -26,6 +26,7 @@
#include <sys/time.h>
#include <termios.h>
#include <unistd.h>
+#include <thread>
#include <android-base/file.h>
#include <android-base/logging.h>
@@ -700,8 +701,9 @@
if (!result.ok()) {
return Error() << "Sending notification failed: " << result.error();
}
- return Error() << "createProcessGroup(" << proc_attr_.uid << ", " << pid_
- << ") failed for service '" << name_ << "'";
+ return Error() << "createProcessGroup(" << proc_attr_.uid << ", " << pid_ << ", "
+ << use_memcg << ") failed for service '" << name_
+ << "': " << strerror(errno);
}
// When the blkio controller is mounted in the v1 hierarchy, NormalIoPriority is
@@ -886,6 +888,10 @@
}
if (pid_) {
+ if (flags_ & SVC_GENTLE_KILL) {
+ KillProcessGroup(SIGTERM);
+ if (!process_cgroup_empty()) std::this_thread::sleep_for(200ms);
+ }
KillProcessGroup(SIGKILL);
NotifyStateChange("stopping");
} else {
diff --git a/init/service.h b/init/service.h
index f9749d2..3ef8902 100644
--- a/init/service.h
+++ b/init/service.h
@@ -56,6 +56,8 @@
// should not be killed during shutdown
#define SVC_TEMPORARY 0x1000 // This service was started by 'exec' and should be removed from the
// service list once it is reaped.
+#define SVC_GENTLE_KILL 0x2000 // This service should be stopped with SIGTERM instead of SIGKILL
+ // Will still be SIGKILLed after timeout period of 200 ms
#define NR_SVC_SUPP_GIDS 12 // twelve supplementary groups
diff --git a/init/service_parser.cpp b/init/service_parser.cpp
index 24a2024..3563084 100644
--- a/init/service_parser.cpp
+++ b/init/service_parser.cpp
@@ -151,6 +151,11 @@
return {};
}
+Result<void> ServiceParser::ParseGentleKill(std::vector<std::string>&& args) {
+ service_->flags_ |= SVC_GENTLE_KILL;
+ return {};
+}
+
Result<void> ServiceParser::ParseGroup(std::vector<std::string>&& args) {
auto gid = DecodeUid(args[1]);
if (!gid.ok()) {
@@ -584,6 +589,7 @@
{"disabled", {0, 0, &ServiceParser::ParseDisabled}},
{"enter_namespace", {2, 2, &ServiceParser::ParseEnterNamespace}},
{"file", {2, 2, &ServiceParser::ParseFile}},
+ {"gentle_kill", {0, 0, &ServiceParser::ParseGentleKill}},
{"group", {1, NR_SVC_SUPP_GIDS + 1, &ServiceParser::ParseGroup}},
{"interface", {2, 2, &ServiceParser::ParseInterface}},
{"ioprio", {2, 2, &ServiceParser::ParseIoprio}},
diff --git a/init/service_parser.h b/init/service_parser.h
index 54503dd..670a5c6 100644
--- a/init/service_parser.h
+++ b/init/service_parser.h
@@ -53,6 +53,7 @@
Result<void> ParseDisabled(std::vector<std::string>&& args);
Result<void> ParseEnterNamespace(std::vector<std::string>&& args);
Result<void> ParseGroup(std::vector<std::string>&& args);
+ Result<void> ParseGentleKill(std::vector<std::string>&& args);
Result<void> ParsePriority(std::vector<std::string>&& args);
Result<void> ParseInterface(std::vector<std::string>&& args);
Result<void> ParseIoprio(std::vector<std::string>&& args);
diff --git a/init/test_upgrade_mte/mte_upgrade_test_helper.cpp b/init/test_upgrade_mte/mte_upgrade_test_helper.cpp
index 3188337..6728cc6 100644
--- a/init/test_upgrade_mte/mte_upgrade_test_helper.cpp
+++ b/init/test_upgrade_mte/mte_upgrade_test_helper.cpp
@@ -60,6 +60,10 @@
if (prctl(PR_SET_TAGGED_ADDR_CTRL, res & ~PR_MTE_TCF_SYNC, 0, 0, 0) == -1) abort();
}
std::unique_ptr<volatile char[]> f(new char[1]);
+ // This out-of-bounds is on purpose: we are testing MTE, which is designed to turn
+ // out-of-bound errors into segfaults.
+ // This binary gets run by src/com/android/tests/init/MteUpgradeTest.java, which
+ // asserts that it crashes as expected.
f[17] = 'x';
char buf[1];
read(1, buf, 1);
diff --git a/libcutils/ashmem_test.cpp b/libcutils/ashmem_test.cpp
index fb657f6..d158427 100644
--- a/libcutils/ashmem_test.cpp
+++ b/libcutils/ashmem_test.cpp
@@ -75,7 +75,7 @@
unique_fd fd;
ASSERT_NO_FATAL_FAILURE(TestCreateRegion(size, fd, PROT_READ | PROT_WRITE));
- void *region1;
+ void* region1 = nullptr;
ASSERT_NO_FATAL_FAILURE(TestMmap(fd, size, PROT_READ | PROT_WRITE, ®ion1));
memcpy(region1, &data, size);
@@ -97,7 +97,7 @@
unique_fd fd;
ASSERT_NO_FATAL_FAILURE(TestCreateRegion(size, fd, PROT_READ | PROT_WRITE));
- void *region1;
+ void* region1 = nullptr;
ASSERT_NO_FATAL_FAILURE(TestMmap(fd, size, PROT_READ | PROT_WRITE, ®ion1));
memcpy(region1, &data, size);
@@ -131,7 +131,7 @@
TEST(AshmemTest, FileOperationsTest) {
unique_fd fd;
- void* region;
+ void* region = nullptr;
// Allocate a 4-page buffer, but leave page-sized holes on either side
constexpr size_t size = PAGE_SIZE * 4;
@@ -246,7 +246,7 @@
unique_fd fd[nRegions];
for (int i = 0; i < nRegions; i++) {
ASSERT_NO_FATAL_FAILURE(TestCreateRegion(size, fd[i], PROT_READ | PROT_WRITE));
- void *region;
+ void* region = nullptr;
ASSERT_NO_FATAL_FAILURE(TestMmap(fd[i], size, PROT_READ | PROT_WRITE, ®ion));
memcpy(region, &data, size);
ASSERT_EQ(0, memcmp(region, &data, size));
diff --git a/libcutils/include/cutils/qtaguid.h b/libcutils/include/cutils/qtaguid.h
index a5ffb03..8902c2b 100644
--- a/libcutils/include/cutils/qtaguid.h
+++ b/libcutils/include/cutils/qtaguid.h
@@ -33,12 +33,6 @@
*/
extern int qtaguid_untagSocket(int sockfd);
-/*
- * Enable/disable qtaguid functionnality at a lower level.
- * When pacified, the kernel will accept commands but do nothing.
- */
-extern int qtaguid_setPacifier(int on);
-
#ifdef __cplusplus
}
#endif
diff --git a/libdiskconfig/diskconfig.c b/libdiskconfig/diskconfig.c
index c7e1b43..5f34748 100644
--- a/libdiskconfig/diskconfig.c
+++ b/libdiskconfig/diskconfig.c
@@ -398,7 +398,7 @@
case PART_SCHEME_GPT:
/* not supported yet */
default:
- ALOGE("Uknown partition scheme.");
+ ALOGE("Unknown partition scheme.");
break;
}
diff --git a/libprocessgroup/OWNERS b/libprocessgroup/OWNERS
index 8ebb8cc..d5aa721 100644
--- a/libprocessgroup/OWNERS
+++ b/libprocessgroup/OWNERS
@@ -1,2 +1,4 @@
-ccross@google.com
+# Bug component: 1293033
surenb@google.com
+tjmercier@google.com
+carlosgalo@google.com
diff --git a/libprocessgroup/cgroup_map.cpp b/libprocessgroup/cgroup_map.cpp
index 8c00326..468d796 100644
--- a/libprocessgroup/cgroup_map.cpp
+++ b/libprocessgroup/cgroup_map.cpp
@@ -49,7 +49,7 @@
static constexpr const char* CGROUP_PROCS_FILE = "/cgroup.procs";
static constexpr const char* CGROUP_TASKS_FILE = "/tasks";
-static constexpr const char* CGROUP_TASKS_FILE_V2 = "/cgroup.tasks";
+static constexpr const char* CGROUP_TASKS_FILE_V2 = "/cgroup.threads";
uint32_t CgroupController::version() const {
CHECK(HasValue());
diff --git a/libprocessgroup/processgroup.cpp b/libprocessgroup/processgroup.cpp
index 45ac99c..1da69ba 100644
--- a/libprocessgroup/processgroup.cpp
+++ b/libprocessgroup/processgroup.cpp
@@ -471,6 +471,11 @@
*max_processes = processes;
}
LOG(VERBOSE) << "Killed " << processes << " processes for processgroup " << initialPid;
+ if (!CgroupsAvailable()) {
+ // makes no sense to retry, because there are no cgroup_procs file
+ processes = 0; // no remaining processes
+ break;
+ }
if (retry > 0) {
std::this_thread::sleep_for(5ms);
--retry;
diff --git a/libprocessgroup/profiles/task_profiles.json b/libprocessgroup/profiles/task_profiles.json
index c485097..e44d3bf 100644
--- a/libprocessgroup/profiles/task_profiles.json
+++ b/libprocessgroup/profiles/task_profiles.json
@@ -80,17 +80,20 @@
{
"Name": "BfqWeight",
"Controller": "io",
- "File": "io.bfq.weight"
+ "File": "blkio.bfq.weight",
+ "FileV2": "io.bfq.weight"
},
{
"Name": "CfqGroupIdle",
"Controller": "io",
- "File": "io.group_idle"
+ "File": "blkio.group_idle",
+ "FileV2": "io.group_idle"
},
{
"Name": "CfqWeight",
"Controller": "io",
- "File": "io.weight"
+ "File": "blkio.weight",
+ "FileV2": "io.weight"
}
],
@@ -459,7 +462,7 @@
{
"Controller": "blkio",
"Path": "background"
- }
+ }
},
{
"Name": "SetAttribute",
@@ -499,7 +502,7 @@
{
"Controller": "blkio",
"Path": ""
- }
+ }
},
{
"Name": "SetAttribute",
@@ -539,7 +542,7 @@
{
"Controller": "blkio",
"Path": ""
- }
+ }
},
{
"Name": "SetAttribute",
@@ -579,7 +582,7 @@
{
"Controller": "blkio",
"Path": ""
- }
+ }
},
{
"Name": "SetAttribute",
diff --git a/libutils/Android.bp b/libutils/Android.bp
index b07058a..162f0f4 100644
--- a/libutils/Android.bp
+++ b/libutils/Android.bp
@@ -21,11 +21,13 @@
vendor_ramdisk_available: true,
host_supported: true,
native_bridge_supported: true,
+ defaults: [
+ "apex-lowest-min-sdk-version",
+ ],
apex_available: [
"//apex_available:platform",
"//apex_available:anyapex",
],
- min_sdk_version: "apex_inherit",
header_libs: [
"libbase_headers",
@@ -124,7 +126,10 @@
cc_defaults {
name: "libutils_impl_defaults",
- defaults: ["libutils_defaults"],
+ defaults: [
+ "libutils_defaults",
+ "apex-lowest-min-sdk-version",
+ ],
native_bridge_supported: true,
srcs: [
@@ -167,7 +172,6 @@
"//apex_available:anyapex",
"//apex_available:platform",
],
- min_sdk_version: "apex_inherit",
afdo: true,
}
diff --git a/mkbootfs/mkbootfs.c b/mkbootfs/mkbootfs.c
index 05d1940..d3922bf 100644
--- a/mkbootfs/mkbootfs.c
+++ b/mkbootfs/mkbootfs.c
@@ -1,40 +1,32 @@
+#include <ctype.h>
+#include <dirent.h>
+#include <err.h>
+#include <errno.h>
+#include <fcntl.h>
+#include <getopt.h>
+#include <stdarg.h>
#include <stdio.h>
#include <stdlib.h>
-#include <unistd.h>
#include <string.h>
-#include <ctype.h>
-
-#include <sys/types.h>
#include <sys/stat.h>
-#include <dirent.h>
+#include <sys/sysmacros.h>
+#include <sys/types.h>
+#include <unistd.h>
-#include <stdarg.h>
-#include <fcntl.h>
+#include <linux/kdev_t.h>
#include <private/android_filesystem_config.h>
#include <private/fs_config.h>
/* NOTES
**
-** - see buffer-format.txt from the linux kernel docs for
-** an explanation of this file format
+** - see https://www.kernel.org/doc/Documentation/early-userspace/buffer-format.txt
+** for an explanation of this file format
** - dotfiles are ignored
** - directories named 'root' are ignored
-** - device notes, pipes, etc are not supported (error)
*/
-static void die(const char* why, ...) {
- va_list ap;
-
- va_start(ap, why);
- fprintf(stderr,"error: ");
- vfprintf(stderr, why, ap);
- fprintf(stderr,"\n");
- va_end(ap);
- exit(1);
-}
-
struct fs_config_entry {
char* name;
int uid, gid, mode;
@@ -43,17 +35,8 @@
static struct fs_config_entry* canned_config = NULL;
static const char* target_out_path = NULL;
-/* Each line in the canned file should be a path plus three ints (uid,
- * gid, mode). */
-#ifdef PATH_MAX
-#define CANNED_LINE_LENGTH (PATH_MAX+100)
-#else
-#define CANNED_LINE_LENGTH (1024)
-#endif
-
#define TRAILER "TRAILER!!!"
-static int verbose = 0;
static int total_size = 0;
static void fix_stat(const char *path, struct stat *s)
@@ -86,6 +69,10 @@
fs_config(path, is_dir, target_out_path, &s->st_uid, &s->st_gid, &st_mode, &capabilities);
s->st_mode = (typeof(s->st_mode)) st_mode;
}
+
+ if (S_ISREG(s->st_mode) || S_ISDIR(s->st_mode) || S_ISLNK(s->st_mode)) {
+ s->st_rdev = 0;
+ }
}
static void _eject(struct stat *s, char *out, int olen, char *data, unsigned datasize)
@@ -115,8 +102,8 @@
datasize,
0, // volmajor
0, // volminor
- 0, // devmajor
- 0, // devminor,
+ major(s->st_rdev),
+ minor(s->st_rdev),
olen + 1,
0,
out,
@@ -125,7 +112,7 @@
total_size += 6 + 8*13 + olen + 1;
- if(strlen(out) != (unsigned int)olen) die("ACK!");
+ if(strlen(out) != (unsigned int)olen) errx(1, "ACK!");
while(total_size & 3) {
total_size++;
@@ -159,23 +146,16 @@
static void _archive_dir(char *in, char *out, int ilen, int olen)
{
int i, t;
- DIR *d;
struct dirent *de;
- if(verbose) {
- fprintf(stderr,"_archive_dir('%s','%s',%d,%d)\n",
- in, out, ilen, olen);
- }
-
- d = opendir(in);
- if(d == 0) die("cannot open directory '%s'", in);
+ DIR* d = opendir(in);
+ if (d == NULL) err(1, "cannot open directory '%s'", in);
int size = 32;
int entries = 0;
char** names = malloc(size * sizeof(char*));
if (names == NULL) {
- fprintf(stderr, "failed to allocate dir names array (size %d)\n", size);
- exit(1);
+ errx(1, "failed to allocate dir names array (size %d)", size);
}
while((de = readdir(d)) != 0){
@@ -189,16 +169,12 @@
size *= 2;
names = realloc(names, size * sizeof(char*));
if (names == NULL) {
- fprintf(stderr, "failed to reallocate dir names array (size %d)\n",
- size);
- exit(1);
+ errx(1, "failed to reallocate dir names array (size %d)", size);
}
}
names[entries] = strdup(de->d_name);
if (names[entries] == NULL) {
- fprintf(stderr, "failed to strdup name \"%s\"\n",
- de->d_name);
- exit(1);
+ errx(1, "failed to strdup name \"%s\"", de->d_name);
}
++entries;
}
@@ -232,26 +208,17 @@
static void _archive(char *in, char *out, int ilen, int olen)
{
struct stat s;
-
- if(verbose) {
- fprintf(stderr,"_archive('%s','%s',%d,%d)\n",
- in, out, ilen, olen);
- }
-
- if(lstat(in, &s)) die("could not stat '%s'\n", in);
+ if(lstat(in, &s)) err(1, "could not stat '%s'", in);
if(S_ISREG(s.st_mode)){
- char *tmp;
- int fd;
+ int fd = open(in, O_RDONLY);
+ if(fd < 0) err(1, "cannot open '%s' for read", in);
- fd = open(in, O_RDONLY);
- if(fd < 0) die("cannot open '%s' for read", in);
-
- tmp = (char*) malloc(s.st_size);
- if(tmp == 0) die("cannot allocate %d bytes", s.st_size);
+ char* tmp = (char*) malloc(s.st_size);
+ if(tmp == 0) errx(1, "cannot allocate %zd bytes", s.st_size);
if(read(fd, tmp, s.st_size) != s.st_size) {
- die("cannot read %d bytes", s.st_size);
+ err(1, "cannot read %zd bytes", s.st_size);
}
_eject(&s, out, olen, tmp, s.st_size);
@@ -265,10 +232,13 @@
char buf[1024];
int size;
size = readlink(in, buf, 1024);
- if(size < 0) die("cannot read symlink '%s'", in);
+ if(size < 0) err(1, "cannot read symlink '%s'", in);
_eject(&s, out, olen, buf, size);
+ } else if(S_ISBLK(s.st_mode) || S_ISCHR(s.st_mode) ||
+ S_ISFIFO(s.st_mode) || S_ISSOCK(s.st_mode)) {
+ _eject(&s, out, olen, NULL, 0);
} else {
- die("Unknown '%s' (mode %d)?\n", in, s.st_mode);
+ errx(1, "Unknown '%s' (mode %d)?", in, s.st_mode);
}
}
@@ -290,17 +260,18 @@
canned_config =
(struct fs_config_entry*)malloc(allocated * sizeof(struct fs_config_entry));
- char line[CANNED_LINE_LENGTH];
- FILE* f = fopen(filename, "r");
- if (f == NULL) die("failed to open canned file '%s'", filename);
+ FILE* fp = fopen(filename, "r");
+ if (fp == NULL) err(1, "failed to open canned file '%s'", filename);
- while (fgets(line, CANNED_LINE_LENGTH, f) != NULL) {
+ char* line = NULL;
+ size_t allocated_len;
+ while (getline(&line, &allocated_len, fp) != -1) {
if (!line[0]) break;
if (used >= allocated) {
allocated *= 2;
canned_config = (struct fs_config_entry*)realloc(
canned_config, allocated * sizeof(struct fs_config_entry));
- if (canned_config == NULL) die("failed to reallocate memory");
+ if (canned_config == NULL) errx(1, "failed to reallocate memory");
}
struct fs_config_entry* cc = canned_config + used;
@@ -320,41 +291,166 @@
++allocated;
canned_config = (struct fs_config_entry*)realloc(
canned_config, allocated * sizeof(struct fs_config_entry));
- if (canned_config == NULL) die("failed to reallocate memory");
+ if (canned_config == NULL) errx(1, "failed to reallocate memory");
}
canned_config[used].name = NULL;
- fclose(f);
+ free(line);
+ fclose(fp);
}
+static void devnodes_desc_error(const char* filename, unsigned long line_num,
+ const char* msg)
+{
+ errx(1, "failed to read nodes desc file '%s' line %lu: %s", filename, line_num, msg);
+}
+
+static int append_devnodes_desc_dir(char* path, char* args)
+{
+ struct stat s;
+
+ if (sscanf(args, "%o %d %d", &s.st_mode, &s.st_uid, &s.st_gid) != 3) return -1;
+
+ s.st_mode |= S_IFDIR;
+
+ _eject(&s, path, strlen(path), NULL, 0);
+
+ return 0;
+}
+
+static int append_devnodes_desc_nod(char* path, char* args)
+{
+ int minor, major;
+ struct stat s;
+ char dev;
+
+ if (sscanf(args, "%o %d %d %c %d %d", &s.st_mode, &s.st_uid, &s.st_gid,
+ &dev, &major, &minor) != 6) return -1;
+
+ s.st_rdev = MKDEV(major, minor);
+ switch (dev) {
+ case 'b':
+ s.st_mode |= S_IFBLK;
+ break;
+ case 'c':
+ s.st_mode |= S_IFCHR;
+ break;
+ default:
+ return -1;
+ }
+
+ _eject(&s, path, strlen(path), NULL, 0);
+
+ return 0;
+}
+
+static void append_devnodes_desc(const char* filename)
+{
+ FILE* fp = fopen(filename, "re");
+ if (!fp) err(1, "failed to open nodes description file '%s'", filename);
+
+ unsigned long line_num = 0;
+
+ char* line = NULL;
+ size_t allocated_len;
+ while (getline(&line, &allocated_len, fp) != -1) {
+ char *type, *path, *args;
+
+ line_num++;
+
+ if (*line == '#') continue;
+
+ if (!(type = strtok(line, " \t"))) {
+ devnodes_desc_error(filename, line_num, "a type is missing");
+ }
+
+ if (*type == '\n') continue;
+
+ if (!(path = strtok(NULL, " \t"))) {
+ devnodes_desc_error(filename, line_num, "a path is missing");
+ }
+
+ if (!(args = strtok(NULL, "\n"))) {
+ devnodes_desc_error(filename, line_num, "args are missing");
+ }
+
+ if (!strcmp(type, "dir")) {
+ if (append_devnodes_desc_dir(path, args)) {
+ devnodes_desc_error(filename, line_num, "bad arguments for dir");
+ }
+ } else if (!strcmp(type, "nod")) {
+ if (append_devnodes_desc_nod(path, args)) {
+ devnodes_desc_error(filename, line_num, "bad arguments for nod");
+ }
+ } else {
+ devnodes_desc_error(filename, line_num, "type unknown");
+ }
+ }
+
+ free(line);
+ fclose(fp);
+}
+
+static const struct option long_options[] = {
+ { "dirname", required_argument, NULL, 'd' },
+ { "file", required_argument, NULL, 'f' },
+ { "help", no_argument, NULL, 'h' },
+ { "nodes", required_argument, NULL, 'n' },
+ { NULL, 0, NULL, 0 },
+};
+
+static void usage(void)
+{
+ fprintf(stderr,
+ "Usage: mkbootfs [-n FILE] [-d DIR|-F FILE] DIR...\n"
+ "\n"
+ "\t-d, --dirname=DIR: fs-config directory\n"
+ "\t-f, --file=FILE: Canned configuration file\n"
+ "\t-h, --help: Print this help\n"
+ "\t-n, --nodes=FILE: Dev nodes description file\n"
+ "\n"
+ "Dev nodes description:\n"
+ "\t[dir|nod] [perms] [uid] [gid] [c|b] [minor] [major]\n"
+ "\tExample:\n"
+ "\t\t# My device nodes\n"
+ "\t\tdir dev 0755 0 0\n"
+ "\t\tnod dev/null 0600 0 0 c 1 5\n"
+ );
+}
int main(int argc, char *argv[])
{
- if (argc == 1) {
- fprintf(stderr,
- "usage: %s [-d TARGET_OUTPUT_PATH] [-f CANNED_CONFIGURATION_PATH] DIRECTORIES...\n",
- argv[0]);
- exit(1);
+ int opt, unused;
+
+ while ((opt = getopt_long(argc, argv, "hd:f:n:", long_options, &unused)) != -1) {
+ switch (opt) {
+ case 'd':
+ target_out_path = argv[optind - 1];
+ break;
+ case 'f':
+ read_canned_config(argv[optind - 1]);
+ break;
+ case 'h':
+ usage();
+ return 0;
+ case 'n':
+ append_devnodes_desc(argv[optind - 1]);
+ break;
+ default:
+ usage();
+ errx(1, "Unknown option %s", argv[optind - 1]);
+ }
}
- argc--;
- argv++;
+ int num_dirs = argc - optind;
+ argv += optind;
- if (argc > 1 && strcmp(argv[0], "-d") == 0) {
- target_out_path = argv[1];
- argc -= 2;
- argv += 2;
+ if (num_dirs <= 0) {
+ usage();
+ errx(1, "no directories to process?!");
}
- if (argc > 1 && strcmp(argv[0], "-f") == 0) {
- read_canned_config(argv[1]);
- argc -= 2;
- argv += 2;
- }
-
- if(argc == 0) die("no directories to process?!");
-
- while(argc-- > 0){
+ while(num_dirs-- > 0){
char *x = strchr(*argv, '=');
if(x != 0) {
*x++ = 0;
diff --git a/rootdir/init.rc b/rootdir/init.rc
index 55be31a..efad37c 100644
--- a/rootdir/init.rc
+++ b/rootdir/init.rc
@@ -47,6 +47,9 @@
# Allow up to 32K FDs per process
setrlimit nofile 32768 32768
+ # set RLIMIT_MEMLOCK to 64KB
+ setrlimit memlock 65536 65536
+
# Set up linker config subdirectories based on mount namespaces
mkdir /linkerconfig/bootstrap 0755
mkdir /linkerconfig/default 0755
@@ -490,18 +493,26 @@
service boringssl_self_test32 /system/bin/boringssl_self_test32
reboot_on_failure reboot,boringssl-self-check-failed
stdio_to_kmsg
+ # Explicitly specify that boringssl_self_test32 doesn't require any capabilities
+ capabilities
service boringssl_self_test64 /system/bin/boringssl_self_test64
reboot_on_failure reboot,boringssl-self-check-failed
stdio_to_kmsg
+ # Explicitly specify that boringssl_self_test64 doesn't require any capabilities
+ capabilities
service boringssl_self_test_apex32 /apex/com.android.conscrypt/bin/boringssl_self_test32
reboot_on_failure reboot,boringssl-self-check-failed
stdio_to_kmsg
+ # Explicitly specify that boringssl_self_test_apex32 doesn't require any capabilities
+ capabilities
service boringssl_self_test_apex64 /apex/com.android.conscrypt/bin/boringssl_self_test64
reboot_on_failure reboot,boringssl-self-check-failed
stdio_to_kmsg
+ # Explicitly specify that boringssl_self_test_apex64 doesn't require any capabilities
+ capabilities
# Healthd can trigger a full boot from charger mode by signaling this
@@ -839,7 +850,7 @@
# Delete any stale files owned by the old virtualizationservice uid (b/230056726).
chmod 0770 /data/misc/virtualizationservice
exec - virtualizationservice system -- /bin/rm -rf /data/misc/virtualizationservice
- mkdir /data/misc/virtualizationservice 0770 system system
+ mkdir /data/misc/virtualizationservice 0771 system system
# /data/preloads uses encryption=None because it only contains preloaded
# files that are public information, similar to the system image.
diff --git a/rootdir/init.zygote32.rc b/rootdir/init.zygote32.rc
index 63b09c0..2f0ec8a 100644
--- a/rootdir/init.zygote32.rc
+++ b/rootdir/init.zygote32.rc
@@ -7,6 +7,9 @@
socket usap_pool_primary stream 660 root system
onrestart exec_background - system system -- /system/bin/vdc volume abort_fuse
onrestart write /sys/power/state on
+ # NOTE: If the wakelock name here is changed, then also
+ # update it in SystemSuspend.cpp
+ onrestart write /sys/power/wake_lock zygote_kwl
onrestart restart audioserver
onrestart restart cameraserver
onrestart restart media
diff --git a/rootdir/init.zygote64.rc b/rootdir/init.zygote64.rc
index b6ca5c0..74a64c8 100644
--- a/rootdir/init.zygote64.rc
+++ b/rootdir/init.zygote64.rc
@@ -7,6 +7,9 @@
socket usap_pool_primary stream 660 root system
onrestart exec_background - system system -- /system/bin/vdc volume abort_fuse
onrestart write /sys/power/state on
+ # NOTE: If the wakelock name here is changed, then also
+ # update it in SystemSuspend.cpp
+ onrestart write /sys/power/wake_lock zygote_kwl
onrestart restart audioserver
onrestart restart cameraserver
onrestart restart media
diff --git a/rootdir/ueventd.rc b/rootdir/ueventd.rc
index 4ec59af..0b7ffb8 100644
--- a/rootdir/ueventd.rc
+++ b/rootdir/ueventd.rc
@@ -69,8 +69,8 @@
# CDMA radio interface MUX
/dev/ppp 0660 radio vpn
-/dev/kvm 0600 system system
-/dev/vhost-vsock 0600 system system
+/dev/kvm 0666 root root
+/dev/vhost-vsock 0666 root root
# sysfs properties
/sys/devices/platform/trusty.* trusty_version 0440 root log
diff --git a/storaged/tests/storaged_test.cpp b/storaged/tests/storaged_test.cpp
index bb71bf3..9a281c2 100644
--- a/storaged/tests/storaged_test.cpp
+++ b/storaged/tests/storaged_test.cpp
@@ -284,6 +284,8 @@
dsm_detect.update_mean();
dsm_detect.update_std();
+ // FixLater: avoid floating point loop counters
+ // NOLINTNEXTLINE(clang-analyzer-security.FloatLoopCounter,cert-flp30-c)
for (double i = 0; i < 2 * dsm_detect.mSigma; i += 0.5) {
struct disk_perf test_perf;
struct disk_perf test_mean = dsm_detect.mMean;
diff --git a/trusty/keymaster/Android.bp b/trusty/keymaster/Android.bp
index 31f0a72..b249013 100644
--- a/trusty/keymaster/Android.bp
+++ b/trusty/keymaster/Android.bp
@@ -181,3 +181,30 @@
"-Werror",
],
}
+
+cc_binary {
+ name: "trusty_keymaster_set_attestation_ids",
+ vendor: true,
+
+ srcs: [
+ "set_attestation_ids/set_attestation_ids.cpp",
+ "ipc/trusty_keymaster_ipc.cpp",
+ ],
+
+ local_include_dirs: ["include"],
+
+ shared_libs: [
+ "libbase",
+ "libc",
+ "libcrypto",
+ "liblog",
+ "libtrusty",
+ "libhardware",
+ "libkeymaster_messages",
+ "libutils",
+ ],
+ cflags: [
+ "-Wall",
+ "-Werror",
+ ],
+}
diff --git a/trusty/keymaster/set_attestation_ids/set_attestation_ids.cpp b/trusty/keymaster/set_attestation_ids/set_attestation_ids.cpp
new file mode 100644
index 0000000..e944167
--- /dev/null
+++ b/trusty/keymaster/set_attestation_ids/set_attestation_ids.cpp
@@ -0,0 +1,162 @@
+/*
+ * Copyright (C) 2020 The Android Open Source Project
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+#include <getopt.h>
+
+#include <string>
+
+#include <android-base/properties.h>
+#include <trusty_keymaster/ipc/trusty_keymaster_ipc.h>
+
+namespace {
+
+const char* sopts = "hb:d:p:s:M:m:i:c:";
+const struct option lopts[] = {
+ {"help", no_argument, nullptr, 'h'},
+ {"brand", required_argument, nullptr, 'b'},
+ {"device", required_argument, nullptr, 'd'},
+ {"product", required_argument, nullptr, 'p'},
+ {"serial", required_argument, nullptr, 's'},
+ {"manufacturer", required_argument, nullptr, 'M'},
+ {"model", required_argument, nullptr, 'm'},
+ {"imei", required_argument, nullptr, 'i'},
+ {"meid", required_argument, nullptr, 'c'},
+ {0, 0, 0, 0},
+};
+
+std::string buf2string(const keymaster::Buffer& buf) {
+ return std::string(reinterpret_cast<const char*>(buf.peek_read()), buf.available_read());
+}
+
+void print_usage(const char* prog, const keymaster::SetAttestationIdsRequest& req) {
+ fprintf(stderr,
+ "Usage: %s [options]\n"
+ "\n"
+ "options:\n"
+ " -h, --help prints this message and exit\n"
+ " -b, --brand <val> set brand (default '%s')\n"
+ " -d, --device <val> set device (default '%s')\n"
+ " -p, --product <val> set product (default '%s')\n"
+ " -s, --serial <val> set serial (default '%s')\n"
+ " -M, --manufacturer <val> set manufacturer (default '%s')\n"
+ " -m, --model <val> set model (default '%s')\n"
+ " -i, --imei <val> set IMEI (default '%s')\n"
+ " -c, --meid <val> set MEID (default '%s')\n"
+ "\n",
+ prog, buf2string(req.brand).c_str(), buf2string(req.device).c_str(),
+ buf2string(req.product).c_str(), buf2string(req.serial).c_str(),
+ buf2string(req.manufacturer).c_str(), buf2string(req.model).c_str(),
+ buf2string(req.imei).c_str(), buf2string(req.meid).c_str());
+}
+
+void set_from_prop(keymaster::Buffer* buf, const std::string& prop) {
+ std::string prop_value = ::android::base::GetProperty(prop, /* default_value = */ "");
+ if (!prop_value.empty()) {
+ buf->Reinitialize(prop_value.data(), prop_value.size());
+ }
+}
+
+void populate_ids(keymaster::SetAttestationIdsRequest* req) {
+ set_from_prop(&req->brand, "ro.product.brand");
+ set_from_prop(&req->device, "ro.product.device");
+ set_from_prop(&req->product, "ro.product.name");
+ set_from_prop(&req->serial, "ro.serialno");
+ set_from_prop(&req->manufacturer, "ro.product.manufacturer");
+ set_from_prop(&req->model, "ro.product.model");
+}
+
+} // namespace
+
+int main(int argc, char** argv) {
+ // By default, set attestation IDs to the values in userspace properties.
+ keymaster::SetAttestationIdsRequest req(/* ver = */ 4);
+ populate_ids(&req);
+
+ while (true) {
+ int oidx = 0;
+ int c = getopt_long(argc, argv, sopts, lopts, &oidx);
+ if (c == -1) {
+ break; /* done */
+ }
+
+ switch (c) {
+ case 'b':
+ req.brand.Reinitialize(optarg, strlen(optarg));
+ break;
+ case 'd':
+ req.device.Reinitialize(optarg, strlen(optarg));
+ break;
+ case 'p':
+ req.product.Reinitialize(optarg, strlen(optarg));
+ break;
+ case 's':
+ req.serial.Reinitialize(optarg, strlen(optarg));
+ break;
+ case 'M':
+ req.manufacturer.Reinitialize(optarg, strlen(optarg));
+ break;
+ case 'm':
+ req.model.Reinitialize(optarg, strlen(optarg));
+ break;
+ case 'i':
+ req.imei.Reinitialize(optarg, strlen(optarg));
+ break;
+ case 'c':
+ req.meid.Reinitialize(optarg, strlen(optarg));
+ break;
+ case 'h':
+ print_usage(argv[0], req);
+ exit(EXIT_SUCCESS);
+ default:
+ print_usage(argv[0], req);
+ exit(EXIT_FAILURE);
+ }
+ }
+ if (optind != argc) {
+ print_usage(argv[0], req);
+ exit(EXIT_FAILURE);
+ }
+
+ int ret = trusty_keymaster_connect();
+ if (ret) {
+ fprintf(stderr, "trusty_keymaster_connect failed: %d\n", ret);
+ return EXIT_FAILURE;
+ }
+
+ printf("Setting:\n"
+ " brand: %s\n"
+ " device: %s\n"
+ " product: %s\n"
+ " serial: %s\n"
+ " manufacturer: %s\n"
+ " model: %s\n"
+ " IMEI: %s\n"
+ " MEID: %s\n",
+ buf2string(req.brand).c_str(), buf2string(req.device).c_str(),
+ buf2string(req.product).c_str(), buf2string(req.serial).c_str(),
+ buf2string(req.manufacturer).c_str(), buf2string(req.model).c_str(),
+ buf2string(req.imei).c_str(), buf2string(req.meid).c_str());
+
+ keymaster::EmptyKeymasterResponse rsp(/* ver = */ 4);
+ ret = trusty_keymaster_send(KM_SET_ATTESTATION_IDS, req, &rsp);
+ if (ret) {
+ fprintf(stderr, "SET_ATTESTATION_IDS failed: %d\n", ret);
+ trusty_keymaster_disconnect();
+ return EXIT_FAILURE;
+ }
+
+ return EXIT_SUCCESS;
+}
diff --git a/trusty/trusty-base.mk b/trusty/trusty-base.mk
index 0609709..7b4aa26 100644
--- a/trusty/trusty-base.mk
+++ b/trusty/trusty-base.mk
@@ -22,8 +22,21 @@
# For gatekeeper, we include the generic -service and -impl to use legacy
# HAL loading of gatekeeper.trusty.
+# Allow the KeyMint HAL service implementation to be selected at build time. This needs to be
+# done in sync with the TA implementation included in Trusty. Possible values are:
+#
+# - Rust implementation: export TRUSTY_KEYMINT_IMPL=rust
+# - C++ implementation: (any other value of TRUSTY_KEYMINT_IMPL)
+
+ifeq ($(TRUSTY_KEYMINT_IMPL),rust)
+ LOCAL_KEYMINT_PRODUCT_PACKAGE := android.hardware.security.keymint-service.rust.trusty
+else
+ # Default to the C++ implementation
+ LOCAL_KEYMINT_PRODUCT_PACKAGE := android.hardware.security.keymint-service.trusty
+endif
+
PRODUCT_PACKAGES += \
- android.hardware.security.keymint-service.trusty \
+ $(LOCAL_KEYMINT_PRODUCT_PACKAGE) \
android.hardware.gatekeeper@1.0-service.trusty \
trusty_apploader \
RemoteProvisioner
diff --git a/usbd/Android.bp b/usbd/Android.bp
index 27db0fa..e67759c 100644
--- a/usbd/Android.bp
+++ b/usbd/Android.bp
@@ -8,10 +8,12 @@
srcs: ["usbd.cpp"],
shared_libs: [
"libbase",
+ "libbinder_ndk",
"libhidlbase",
"liblog",
"libutils",
"libhardware",
"android.hardware.usb.gadget@1.0",
+ "android.hardware.usb.gadget-V1-ndk",
],
}
diff --git a/usbd/usbd.cpp b/usbd/usbd.cpp
index 6e24d8e..0616cfb 100644
--- a/usbd/usbd.cpp
+++ b/usbd/usbd.cpp
@@ -18,43 +18,78 @@
#include <string>
+#include <aidl/android/hardware/usb/gadget/GadgetFunction.h>
+#include <aidl/android/hardware/usb/gadget/IUsbGadget.h>
#include <android-base/logging.h>
#include <android-base/properties.h>
+#include <android/binder_manager.h>
+#include <android/binder_process.h>
#include <android/hardware/usb/gadget/1.0/IUsbGadget.h>
-#include <hidl/HidlTransportSupport.h>
-
+using aidl::android::hardware::usb::gadget::GadgetFunction;
using android::base::GetProperty;
using android::base::SetProperty;
-using android::hardware::configureRpcThreadpool;
-using android::hardware::usb::gadget::V1_0::GadgetFunction;
-using android::hardware::usb::gadget::V1_0::IUsbGadget;
using android::hardware::Return;
+using ndk::ScopedAStatus;
+using std::shared_ptr;
+
+std::atomic<int> sUsbOperationCount{};
int main(int /*argc*/, char** /*argv*/) {
if (GetProperty("ro.bootmode", "") == "charger") exit(0);
+ int operationId = sUsbOperationCount++;
- configureRpcThreadpool(1, true /*callerWillJoin*/);
- android::sp<IUsbGadget> gadget = IUsbGadget::getService();
- Return<void> ret;
+ ABinderProcess_setThreadPoolMaxThreadCount(1);
+ ABinderProcess_startThreadPool();
+ const std::string service_name =
+ std::string(aidl::android::hardware::usb::gadget::IUsbGadget::descriptor)
+ .append("/default");
- if (gadget != nullptr) {
- LOG(INFO) << "Usb HAL found.";
- std::string function = GetProperty("persist.sys.usb.config", "");
- if (function == "adb") {
- LOG(INFO) << "peristent prop is adb";
- SetProperty("ctl.start", "adbd");
- ret = gadget->setCurrentUsbFunctions(static_cast<uint64_t>(GadgetFunction::ADB),
- nullptr, 0);
+ std::string function = GetProperty("persist.sys.usb.config", "");
+ if (function == "adb") {
+ LOG(INFO) << "persistent prop is adb";
+ SetProperty("ctl.start", "adbd");
+ }
+
+ if (AServiceManager_isDeclared(service_name.c_str())) {
+ shared_ptr<aidl::android::hardware::usb::gadget::IUsbGadget> gadget_aidl =
+ aidl::android::hardware::usb::gadget::IUsbGadget::fromBinder(
+ ndk::SpAIBinder(AServiceManager_waitForService(service_name.c_str())));
+ ScopedAStatus ret;
+ if (gadget_aidl != nullptr) {
+ LOG(INFO) << "Usb AIDL HAL found.";
+ if (function == "adb") {
+ ret = gadget_aidl->setCurrentUsbFunctions(
+ static_cast<uint64_t>(GadgetFunction::ADB), nullptr, 0, operationId);
+ } else {
+ LOG(INFO) << "Signal MTP to enable default functions";
+ ret = gadget_aidl->setCurrentUsbFunctions(
+ static_cast<uint64_t>(GadgetFunction::MTP), nullptr, 0, operationId);
+ }
+
+ if (!ret.isOk()) LOG(ERROR) << "Error while invoking usb hal";
} else {
- LOG(INFO) << "Signal MTP to enable default functions";
- ret = gadget->setCurrentUsbFunctions(static_cast<uint64_t>(GadgetFunction::MTP),
- nullptr, 0);
+ LOG(INFO) << "Usb AIDL HAL not found";
}
-
- if (!ret.isOk()) LOG(ERROR) << "Error while invoking usb hal";
} else {
- LOG(INFO) << "Usb HAL not found";
+ android::sp<android::hardware::usb::gadget::V1_0::IUsbGadget> gadget =
+ android::hardware::usb::gadget::V1_0::IUsbGadget::getService();
+ Return<void> ret;
+ if (gadget != nullptr) {
+ LOG(INFO) << "Usb HAL found.";
+ if (function == "adb") {
+ ret = gadget->setCurrentUsbFunctions(static_cast<uint64_t>(GadgetFunction::ADB),
+ nullptr, 0);
+ } else {
+ LOG(INFO) << "Signal MTP to enable default functions";
+ ret = gadget->setCurrentUsbFunctions(static_cast<uint64_t>(GadgetFunction::MTP),
+ nullptr, 0);
+ }
+
+ if (!ret.isOk()) LOG(ERROR) << "Error while invoking usb hal";
+ } else {
+ LOG(INFO) << "Usb HAL not found";
+ }
}
exit(0);
}