Merge changes Ia8bd5d47,I9ef7c82f,Iac923cca into main
* changes:
ashmem_test: Always include PROT_EXEC as an expected permission
ashmem_test: Remove tests that remove read access
ashmem_test: Cleanup and document fork tests
diff --git a/debuggerd/crash_dump.cpp b/debuggerd/crash_dump.cpp
index 7d3830c..92d81b3 100644
--- a/debuggerd/crash_dump.cpp
+++ b/debuggerd/crash_dump.cpp
@@ -451,10 +451,8 @@
return false;
}
#elif defined(__arm__)
- if (ptrace(PTRACE_GET_THREAD_AREA, tid, nullptr, &base) == 0) {
- PLOG(ERROR) << "failed to get thread area for thread " << tid;
- return false;
- }
+ // Arm doesn't support any guest architectures yet.
+ return false;
#elif defined(__i386__)
struct user_regs_struct regs;
struct iovec pt_iov = {.iov_base = ®s, .iov_len = sizeof(regs)};
diff --git a/debuggerd/crasher/Android.bp b/debuggerd/crasher/Android.bp
index 4c6a400..3af806b 100644
--- a/debuggerd/crasher/Android.bp
+++ b/debuggerd/crasher/Android.bp
@@ -15,7 +15,6 @@
"-fstack-protector-all",
"-Wno-date-time",
],
- tidy: false, // crasher.cpp tests many memory access errors
srcs: ["crasher.cpp"],
arch: {
arm: {
diff --git a/debuggerd/test_permissive_mte/Android.bp b/debuggerd/test_permissive_mte/Android.bp
index f333242..4403b8a 100644
--- a/debuggerd/test_permissive_mte/Android.bp
+++ b/debuggerd/test_permissive_mte/Android.bp
@@ -18,7 +18,6 @@
cc_binary {
name: "mte_crash",
- tidy: false,
srcs: ["mte_crash.cpp"],
sanitize: {
memtag_heap: true,
diff --git a/fastboot/Android.bp b/fastboot/Android.bp
index d3e0581..6e47a08 100644
--- a/fastboot/Android.bp
+++ b/fastboot/Android.bp
@@ -307,12 +307,6 @@
generated_headers: ["platform_tools_version"],
- tidy_flags: [
- // DO NOT add quotes around header-filter flag regex argument,
- // because build/soong will add quotes around the whole flag.
- "-header-filter=(system/core/fastboot/|development/host/windows/usb/api/)",
- ],
-
target: {
windows: {
srcs: ["usb_windows.cpp"],
diff --git a/init/libprefetch/prefetch/prefetch.rc b/init/libprefetch/prefetch/prefetch.rc
index fb3fb3b..dee37bb 100644
--- a/init/libprefetch/prefetch/prefetch.rc
+++ b/init/libprefetch/prefetch/prefetch.rc
@@ -8,7 +8,7 @@
disabled
oneshot
-on property:ro.prefetch_boot.record=true
+on property:prefetch_boot.record=true
start prefetch_record
service prefetch_record /system/bin/prefetch record --duration ${ro.prefetch_boot.duration_s:-0}
@@ -18,7 +18,7 @@
disabled
oneshot
-on property:ro.prefetch_boot.replay=true
+on property:prefetch_boot.replay=true
start prefetch_replay
service prefetch_replay /system/bin/prefetch replay --io-depth ${ro.prefetch_boot.io_depth:-2} --max-fds ${ro.prefetch_boot.max_fds:-128}
diff --git a/init/libprefetch/prefetch/src/arch/android.rs b/init/libprefetch/prefetch/src/arch/android.rs
index 3404e42..a11767e 100644
--- a/init/libprefetch/prefetch/src/arch/android.rs
+++ b/init/libprefetch/prefetch/src/arch/android.rs
@@ -13,7 +13,7 @@
const PREFETCH_RECORD_PROPERTY: &str = "prefetch_boot.record";
const PREFETCH_REPLAY_PROPERTY: &str = "prefetch_boot.replay";
-const PREFETCH_RECORD_PROPERTY_STOP: &str = "ro.prefetch_boot.record_stop";
+const PREFETCH_RECORD_PROPERTY_STOP: &str = "prefetch_boot.record_stop";
fn wait_for_property_true(
property_name: &str,
diff --git a/libcutils/fs_config.cpp b/libcutils/fs_config.cpp
index 2e4b9b4..00a1114 100644
--- a/libcutils/fs_config.cpp
+++ b/libcutils/fs_config.cpp
@@ -205,6 +205,7 @@
{ 00755, AID_ROOT, AID_ROOT, 0, "first_stage_ramdisk/system/bin/fsck.f2fs" },
// generic defaults
{ 00755, AID_ROOT, AID_ROOT, 0, "bin/*" },
+ { 00755, AID_ROOT, AID_ROOT, 0, "first_stage.sh"},
{ 00640, AID_ROOT, AID_SHELL, 0, "fstab.*" },
{ 00750, AID_ROOT, AID_SHELL, 0, "init*" },
{ 00644, AID_ROOT, AID_ROOT, 0, "*.rc" },
diff --git a/libpackagelistparser/packagelistparser.cpp b/libpackagelistparser/packagelistparser.cpp
index 638cc43..5517b68 100644
--- a/libpackagelistparser/packagelistparser.cpp
+++ b/libpackagelistparser/packagelistparser.cpp
@@ -21,6 +21,7 @@
#include <errno.h>
#include <inttypes.h>
#include <stdio.h>
+#include <stdlib.h>
#include <string.h>
#include <sys/limits.h>
diff --git a/libprocessgroup/vts/vts_libprocessgroup.cpp b/libprocessgroup/vts/vts_libprocessgroup.cpp
index af0b0af..e51fa3d 100644
--- a/libprocessgroup/vts/vts_libprocessgroup.cpp
+++ b/libprocessgroup/vts/vts_libprocessgroup.cpp
@@ -15,18 +15,14 @@
*/
#include <cerrno>
-#include <chrono>
#include <cstdio>
#include <filesystem>
-#include <future>
#include <iostream>
#include <optional>
#include <random>
#include <string>
#include <vector>
-#include <unistd.h>
-
#include <android-base/file.h>
#include <android-base/strings.h>
using android::base::ReadFileToString;
@@ -83,16 +79,6 @@
} // anonymous namespace
-
-class MemcgV2Test : public testing::Test {
- protected:
- void SetUp() override {
- std::optional<bool> memcgV2Enabled = isMemcgV2Enabled();
- ASSERT_NE(memcgV2Enabled, std::nullopt);
- if (!*memcgV2Enabled) GTEST_SKIP() << "Memcg v2 not enabled";
- }
-};
-
class MemcgV2SubdirTest : public testing::Test {
protected:
std::optional<std::string> mRandDir;
@@ -150,26 +136,3 @@
ASSERT_TRUE(WriteStringToFile("+memory", *mRandDir + "/cgroup.subtree_control"))
<< "Could not enable memcg under child cgroup subtree";
}
-
-// Test for fix: mm: memcg: use larger batches for proactive reclaim
-// https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=287d5fedb377ddc232b216b882723305b27ae31a
-TEST_F(MemcgV2Test, ProactiveReclaimDoesntTakeForever) {
- // Not all kernels have memory.reclaim
- const std::filesystem::path reclaim(CGROUP_V2_ROOT_PATH + "/memory.reclaim");
- if (!std::filesystem::exists(reclaim)) GTEST_SKIP() << "memory.reclaim not found";
-
- // Use the total device memory as the amount to reclaim
- const long numPages = sysconf(_SC_PHYS_PAGES);
- const long pageSize = sysconf(_SC_PAGE_SIZE);
- ASSERT_GT(numPages, 0);
- ASSERT_GT(pageSize, 0);
- const unsigned long long totalMem =
- static_cast<unsigned long long>(numPages) * static_cast<unsigned long long>(pageSize);
-
- auto fut = std::async(std::launch::async,
- [&]() { WriteStringToFile(std::to_string(totalMem), reclaim); });
-
- // This is a test for completion within the timeout. The command is likely to "fail" since we
- // are asking to reclaim all device memory.
- ASSERT_NE(fut.wait_for(std::chrono::seconds(20)), std::future_status::timeout);
-}
diff --git a/libstats/expresslog/Android.bp b/libstats/expresslog/Android.bp
index f70252a..ad86d87 100644
--- a/libstats/expresslog/Android.bp
+++ b/libstats/expresslog/Android.bp
@@ -51,7 +51,7 @@
min_sdk_version: "33",
apex_available: [
"//apex_available:platform",
- "com.android.btservices",
+ "com.android.bt",
],
}
@@ -85,7 +85,7 @@
min_sdk_version: "33",
apex_available: [
"//apex_available:platform",
- "com.android.btservices",
+ "com.android.bt",
],
}
diff --git a/libsysutils/Android.bp b/libsysutils/Android.bp
index 842db40..18a6aa6 100644
--- a/libsysutils/Android.bp
+++ b/libsysutils/Android.bp
@@ -32,18 +32,6 @@
export_include_dirs: ["include"],
- tidy: true,
- tidy_checks: [
- "-*",
- "cert-*",
- "clang-analyzer-security*",
- "android-*",
- ],
- tidy_checks_as_errors: [
- "cert-*",
- "clang-analyzer-security*",
- "android-*",
- ],
apex_available: [
"//apex_available:anyapex",
"//apex_available:platform",
diff --git a/rootdir/create_root_structure.mk b/rootdir/create_root_structure.mk
index d0be897..15d78a6 100644
--- a/rootdir/create_root_structure.mk
+++ b/rootdir/create_root_structure.mk
@@ -41,7 +41,8 @@
$(TARGET_ROOT_OUT)/etc \
$(TARGET_ROOT_OUT)/bugreports \
$(TARGET_ROOT_OUT)/d \
- $(TARGET_ROOT_OUT)/sdcard
+ $(TARGET_ROOT_OUT)/sdcard \
+ $(TARGET_ROOT_OUT)/adb_keys \
ifdef BOARD_USES_VENDORIMAGE
LOCAL_POST_INSTALL_CMD += ; mkdir -p $(TARGET_ROOT_OUT)/vendor
diff --git a/toolbox/Android.bp b/toolbox/Android.bp
index 3142542..5169aa1 100644
--- a/toolbox/Android.bp
+++ b/toolbox/Android.bp
@@ -84,3 +84,22 @@
vendor: true,
defaults: ["toolbox_binary_defaults"],
}
+
+// This one is installed in the generic ramdisk, and can be executed during
+// init-first-stage.
+// As there are no dynamic linker available, this must be statically linked.
+cc_binary {
+ name: "toolbox_ramdisk",
+ defaults: ["toolbox_binary_defaults"],
+ ramdisk: true,
+ static_executable: true,
+ system_shared_libs: [],
+ exclude_shared_libs: [
+ "libbase",
+ "liblog",
+ ],
+ static_libs: [
+ "libbase",
+ "liblog",
+ ],
+}
diff --git a/trusty/fuzz/tipc_fuzzer.cpp b/trusty/fuzz/tipc_fuzzer.cpp
index f265ced..d5e23e0 100644
--- a/trusty/fuzz/tipc_fuzzer.cpp
+++ b/trusty/fuzz/tipc_fuzzer.cpp
@@ -14,6 +14,8 @@
* limitations under the License.
*/
+#include <android-base/result.h>
+#include <fuzzer/FuzzedDataProvider.h>
#include <stdlib.h>
#include <trusty/coverage/coverage.h>
#include <trusty/coverage/uuid.h>
@@ -23,6 +25,7 @@
#include <iostream>
#include <memory>
+using android::base::Result;
using android::trusty::coverage::CoverageRecord;
using android::trusty::fuzz::ExtraCounters;
using android::trusty::fuzz::TrustyApp;
@@ -41,7 +44,12 @@
#error "Binary file name must be parameterized using -DTRUSTY_APP_FILENAME."
#endif
-static TrustyApp kTrustyApp(TIPC_DEV, TRUSTY_APP_PORT);
+#ifdef TRUSTY_APP_MAX_CONNECTIONS
+constexpr size_t MAX_CONNECTIONS = TRUSTY_APP_MAX_CONNECTIONS;
+#else
+constexpr size_t MAX_CONNECTIONS = 1;
+#endif
+
static std::unique_ptr<CoverageRecord> record;
extern "C" int LLVMFuzzerInitialize(int* /* argc */, char*** /* argv */) {
@@ -53,7 +61,8 @@
}
/* Make sure lazy-loaded TAs have started and connected to coverage service. */
- auto ret = kTrustyApp.Connect();
+ TrustyApp ta(TIPC_DEV, TRUSTY_APP_PORT);
+ auto ret = ta.Connect();
if (!ret.ok()) {
std::cerr << ret.error() << std::endl;
exit(-1);
@@ -73,24 +82,74 @@
return 0;
}
-extern "C" int LLVMFuzzerTestOneInput(const uint8_t* data, size_t size) {
- static uint8_t buf[TIPC_MAX_MSG_SIZE];
+void abortResult(Result<void> result) {
+ if (result.ok()) {
+ return;
+ }
+ std::cerr << result.error() << std::endl;
+ android::trusty::fuzz::Abort();
+}
+void testOneInput(FuzzedDataProvider& provider) {
+ std::vector<TrustyApp> trustyApps;
+
+ while (provider.remaining_bytes() > 0) {
+ static_assert(MAX_CONNECTIONS >= 1);
+
+ // Either
+ // 1. Add a new TA and connect.
+ // 2. Remove a TA.
+ // 3. Send a random message to a random TA.
+ const std::function<void()> options[] = {
+ // Add a new TA and connect.
+ [&]() {
+ if (trustyApps.size() >= MAX_CONNECTIONS) {
+ return;
+ }
+ auto& ta = trustyApps.emplace_back(TIPC_DEV, TRUSTY_APP_PORT);
+ abortResult(ta.Connect());
+ },
+ // Remove a TA.
+ [&]() {
+ if (trustyApps.empty()) {
+ return;
+ }
+ trustyApps.pop_back();
+ },
+ // Send a random message to a random TA.
+ [&]() {
+ if (trustyApps.empty()) {
+ return;
+ }
+
+ // Choose a random TA.
+ const auto i =
+ provider.ConsumeIntegralInRange<size_t>(0, trustyApps.size() - 1);
+ std::swap(trustyApps[i], trustyApps.back());
+ auto& ta = trustyApps.back();
+
+ // Send a random message.
+ const auto data = provider.ConsumeRandomLengthString();
+ abortResult(ta.Write(data.data(), data.size()));
+
+ std::array<uint8_t, TIPC_MAX_MSG_SIZE> buf;
+ abortResult(ta.Read(buf.data(), buf.size()));
+
+ // Reconnect to ensure that the service is still up.
+ ta.Disconnect();
+ abortResult(ta.Connect());
+ },
+ };
+
+ provider.PickValueInArray(options)();
+ }
+}
+
+extern "C" int LLVMFuzzerTestOneInput(const uint8_t* data, size_t size) {
ExtraCounters counters(record.get());
counters.Reset();
- auto ret = kTrustyApp.Write(data, size);
- if (ret.ok()) {
- ret = kTrustyApp.Read(&buf, sizeof(buf));
- }
-
- // Reconnect to ensure that the service is still up
- kTrustyApp.Disconnect();
- ret = kTrustyApp.Connect();
- if (!ret.ok()) {
- std::cerr << ret.error() << std::endl;
- android::trusty::fuzz::Abort();
- }
-
- return ret.ok() ? 0 : -1;
+ FuzzedDataProvider provider(data, size);
+ testOneInput(provider);
+ return 0;
}
diff --git a/trusty/sysprops/Android.bp b/trusty/sysprops/Android.bp
new file mode 100644
index 0000000..ec27f51
--- /dev/null
+++ b/trusty/sysprops/Android.bp
@@ -0,0 +1,15 @@
+sysprop_library {
+ name: "trusty-properties",
+ srcs: ["android/sysprop/trusty/security_vm.sysprop"],
+ property_owner: "Platform",
+ api_packages: ["android.sysprop.trusty"],
+ apex_available: [
+ "//apex_available:platform",
+ ],
+}
+
+rust_binary {
+ name: "trusty-properties-example",
+ srcs: ["example.rs"],
+ rustlibs: ["libtrusty_properties_rust"],
+}
diff --git a/trusty/sysprops/android/sysprop/trusty/security_vm.sysprop b/trusty/sysprops/android/sysprop/trusty/security_vm.sysprop
new file mode 100644
index 0000000..a079ecf
--- /dev/null
+++ b/trusty/sysprops/android/sysprop/trusty/security_vm.sysprop
@@ -0,0 +1,67 @@
+# Copyright (C) 2025 The Android Open Source Project
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+# This module accesses properties regarding the Trusty VM that runs apps
+# used to provide security for the system, such as Keymint or Gatekeeper.
+
+module: "android.sysprop.trusty.security_vm"
+owner: Platform
+
+# The default Context Identifier to connect to Trusty over vsock.
+prop {
+ api_name: "vm_cid"
+ prop_name: "trusty.security_vm.vm_cid"
+ type: Integer
+ scope: Internal
+ access: Readonly
+}
+
+# Signals when a nonsecure VM is ready.
+#
+# This is used to launch dependent HALs.
+#
+# Trusty security VMs come in two flavors: non-secure and secure.
+#
+# 1. Non-secure VMs run on emulated environments like Cuttlefish, which lack
+# pVM firmware and TEE support. Consequently, KeyMint's root-of-trust data
+# is passed into the VM from the host's HAL, and an RPMB proxy provides
+# secure storage.
+# 2. Secure VMs run on physical devices. Here, pVM firmware handles the
+# transfer of root-of-trust data via DeviceTree, and a TEE provides secure
+# storage.
+prop {
+ api_name: "nonsecure_vm_ready"
+ prop_name: "trusty.security_vm.nonsecure_vm_ready"
+ type: Boolean
+ scope: Internal
+ access: Readonly
+}
+
+# The Trusty Security VM is enabled.
+prop {
+ api_name: "enabled"
+ prop_name: "trusty.security_vm.enabled"
+ type: Boolean
+ scope: Public
+ access: Readonly
+}
+
+# KeyMint is enabled in the Trusty Security VM.
+prop {
+ api_name: "keymint_enabled"
+ prop_name: "trusty.security_vm.keymint.enabled"
+ type: Boolean
+ scope: Public
+ access: Readonly
+}
diff --git a/trusty/sysprops/api/trusty-properties-current.txt b/trusty/sysprops/api/trusty-properties-current.txt
new file mode 100644
index 0000000..aa792fc
--- /dev/null
+++ b/trusty/sysprops/api/trusty-properties-current.txt
@@ -0,0 +1,11 @@
+props {
+ module: "android.sysprop.trusty.security_vm"
+ prop {
+ api_name: "enabled"
+ prop_name: "trusty.security_vm.enabled"
+ }
+ prop {
+ api_name: "keymint_enabled"
+ prop_name: "trusty.security_vm.keymint.enabled"
+ }
+}
diff --git a/trusty/sysprops/api/trusty-properties-latest.txt b/trusty/sysprops/api/trusty-properties-latest.txt
new file mode 100644
index 0000000..aa792fc
--- /dev/null
+++ b/trusty/sysprops/api/trusty-properties-latest.txt
@@ -0,0 +1,11 @@
+props {
+ module: "android.sysprop.trusty.security_vm"
+ prop {
+ api_name: "enabled"
+ prop_name: "trusty.security_vm.enabled"
+ }
+ prop {
+ api_name: "keymint_enabled"
+ prop_name: "trusty.security_vm.keymint.enabled"
+ }
+}
diff --git a/trusty/sysprops/example.rs b/trusty/sysprops/example.rs
new file mode 100644
index 0000000..f21e779
--- /dev/null
+++ b/trusty/sysprops/example.rs
@@ -0,0 +1,11 @@
+//! Example showing how to access the `trusty.security_vm.vm_cid` system property with Rust.
+
+use trusty_properties::security_vm;
+
+fn main() {
+ match security_vm::vm_cid() {
+ Ok(Some(cid)) => println!("CID: {cid}"),
+ Ok(None) => println!("CID property not set"),
+ Err(e) => println!("Error: {e:?}"),
+ }
+}
diff --git a/trusty/utils/rpmb_dev/rpmb_dev.wv.system.rc b/trusty/utils/rpmb_dev/rpmb_dev.wv.system.rc
index 003b6fe..4e42d46 100644
--- a/trusty/utils/rpmb_dev/rpmb_dev.wv.system.rc
+++ b/trusty/utils/rpmb_dev/rpmb_dev.wv.system.rc
@@ -1,5 +1,5 @@
service storageproxyd_wv_system /system_ext/bin/storageproxyd.system \
- -d ${storageproxyd_wv_system.trusty_ipc_dev:-/dev/trusty-ipc-dev0} \
+ -d VSOCK:${trusty.widevine_vm.vm_cid}:1 \
-r /dev/socket/rpmb_mock_wv_system \
-p /data/secure_storage_wv_system \
-t sock
@@ -23,20 +23,8 @@
group system
socket rpmb_mock_wv_system stream 660 system system
-# storageproxyd
-on boot && \
- property:trusty.widevine_vm.nonsecure_vm_ready=1 && \
- property:storageproxyd_wv_system.trusty_ipc_dev=*
- wait /dev/socket/rpmb_mock_wv_system
- enable storageproxyd_wv_system
-
-
# RPMB Mock
-on early-boot && \
- property:trusty.widevine_vm.enabled=1 && \
- property:trusty.widevine_vm.vm_cid=* && \
- property:ro.boot.vendor.apex.com.android.services.widevine=\
-com.android.services.widevine.cf_guest_trusty_nonsecure
+on early-boot
# Create a persistent location for the RPMB data
# (work around lack of RPMb block device on CF).
# file contexts secure_storage_rpmb_system_file
@@ -57,6 +45,5 @@
symlink /mnt/secure_storage_persist_wv_system/persist \
/data/secure_storage_wv_system/persist
chown root system /data/secure_storage_wv_system/persist
- setprop storageproxyd_wv_system.trusty_ipc_dev VSOCK:${trusty.widevine_vm.vm_cid}:1
exec_start rpmb_mock_init_wv_system
start rpmb_mock_wv_system