Merge "[trusty-base] Update Trusty Keymint properties"
diff --git a/fs_mgr/libfiemap/fiemap_writer_test.cpp b/fs_mgr/libfiemap/fiemap_writer_test.cpp
index 3c8ab42..b31c78d 100644
--- a/fs_mgr/libfiemap/fiemap_writer_test.cpp
+++ b/fs_mgr/libfiemap/fiemap_writer_test.cpp
@@ -16,6 +16,7 @@
#include <fcntl.h>
#include <inttypes.h>
+#include <linux/limits.h>
#include <stdint.h>
#include <stdlib.h>
#include <string.h>
@@ -299,6 +300,27 @@
ASSERT_EQ(errno, ENOENT);
}
+TEST_F(SplitFiemapTest, CorruptSplit) {
+ unique_fd fd(open(testfile.c_str(), O_RDWR | O_CREAT | O_TRUNC, 0700));
+ ASSERT_GE(fd, 0);
+
+ // Make a giant random string.
+ std::vector<char> data;
+ for (size_t i = 0x1; i < 0x7f; i++) {
+ for (size_t j = 0; j < 100; j++) {
+ data.emplace_back(i);
+ }
+ }
+ ASSERT_GT(data.size(), PATH_MAX);
+
+ data.emplace_back('\n');
+
+ ASSERT_TRUE(android::base::WriteFully(fd, data.data(), data.size()));
+ fd = {};
+
+ ASSERT_TRUE(SplitFiemap::RemoveSplitFiles(testfile));
+}
+
static string ReadSplitFiles(const std::string& base_path, size_t num_files) {
std::string result;
for (int i = 0; i < num_files; i++) {
diff --git a/fs_mgr/libfiemap/split_fiemap_writer.cpp b/fs_mgr/libfiemap/split_fiemap_writer.cpp
index 36bb3df..0df6125 100644
--- a/fs_mgr/libfiemap/split_fiemap_writer.cpp
+++ b/fs_mgr/libfiemap/split_fiemap_writer.cpp
@@ -136,6 +136,7 @@
return FiemapStatus::FromErrno(errno);
}
}
+ fsync(fd.get());
// Unset this bit, so we don't unlink on destruction.
out->creating_ = false;
@@ -192,6 +193,9 @@
std::vector<std::string> files;
if (GetSplitFileList(file_path, &files)) {
for (const auto& file : files) {
+ if (access(file.c_str(), F_OK) != 0 && (errno == ENOENT || errno == ENAMETOOLONG)) {
+ continue;
+ }
ok &= android::base::RemoveFileIfExists(file, message);
}
}
diff --git a/fs_mgr/libsnapshot/snapshot.cpp b/fs_mgr/libsnapshot/snapshot.cpp
index bed5f56..c3db32e 100644
--- a/fs_mgr/libsnapshot/snapshot.cpp
+++ b/fs_mgr/libsnapshot/snapshot.cpp
@@ -2530,6 +2530,7 @@
SnapshotUpdateStatus old_status = ReadSnapshotUpdateStatus(lock);
status.set_compression_enabled(old_status.compression_enabled());
status.set_source_build_fingerprint(old_status.source_build_fingerprint());
+ status.set_merge_phase(old_status.merge_phase());
}
return WriteSnapshotUpdateStatus(lock, status);
}
diff --git a/init/README.md b/init/README.md
index 4b04628..f447ab2 100644
--- a/init/README.md
+++ b/init/README.md
@@ -277,8 +277,6 @@
CLD_EXITED or an status other than '0', reboot the system with the target specified in
_target_. _target_ takes the same format as the parameter to sys.powerctl. This is particularly
intended to be used with the `exec_start` builtin for any must-have checks during boot.
- A service being stopped by init (e.g. using the `stop` or `class_reset` commands) is not
- considered a failure for the purpose of this setting.
`restart_period <seconds>`
> If a non-oneshot service exits, it will be restarted at its start time plus
diff --git a/init/service.cpp b/init/service.cpp
index 5af81bf..c3069f5 100644
--- a/init/service.cpp
+++ b/init/service.cpp
@@ -194,8 +194,6 @@
<< ") process group...";
int max_processes = 0;
int r;
-
- flags_ |= SVC_STOPPING;
if (signal == SIGTERM) {
r = killProcessGroupOnce(proc_attr_.uid, pid_, signal, &max_processes);
} else {
@@ -279,8 +277,7 @@
f(siginfo);
}
- if ((siginfo.si_code != CLD_EXITED || siginfo.si_status != 0) && on_failure_reboot_target_ &&
- !(flags_ & SVC_STOPPING)) {
+ if ((siginfo.si_code != CLD_EXITED || siginfo.si_status != 0) && on_failure_reboot_target_) {
LOG(ERROR) << "Service with 'reboot_on_failure' option failed, shutting down system.";
trigger_shutdown(*on_failure_reboot_target_);
}
@@ -290,7 +287,7 @@
if (flags_ & SVC_TEMPORARY) return;
pid_ = 0;
- flags_ &= ~(SVC_RUNNING | SVC_STOPPING);
+ flags_ &= (~SVC_RUNNING);
start_order_ = 0;
// Oneshot processes go into the disabled state on exit,
@@ -414,8 +411,7 @@
bool disabled = (flags_ & (SVC_DISABLED | SVC_RESET));
// Starting a service removes it from the disabled or reset state and
// immediately takes it out of the restarting state if it was in there.
- flags_ &= (~(SVC_DISABLED | SVC_RESTARTING | SVC_RESET | SVC_RESTART | SVC_DISABLED_START |
- SVC_STOPPING));
+ flags_ &= (~(SVC_DISABLED|SVC_RESTARTING|SVC_RESET|SVC_RESTART|SVC_DISABLED_START));
// Running processes require no additional work --- if they're in the
// process of exiting, we've ensured that they will immediately restart
diff --git a/init/service.h b/init/service.h
index 89b1f09..043555f 100644
--- a/init/service.h
+++ b/init/service.h
@@ -54,7 +54,6 @@
// should not be killed during shutdown
#define SVC_TEMPORARY 0x1000 // This service was started by 'exec' and should be removed from the
// service list once it is reaped.
-#define SVC_STOPPING 0x2000 // service is being stopped by init
#define NR_SVC_SUPP_GIDS 12 // twelve supplementary groups
diff --git a/libcutils/include/cutils/trace.h b/libcutils/include/cutils/trace.h
index ef426ff..24c6ae6 100644
--- a/libcutils/include/cutils/trace.h
+++ b/libcutils/include/cutils/trace.h
@@ -75,8 +75,7 @@
#define ATRACE_TAG_AIDL (1<<24)
#define ATRACE_TAG_NNAPI (1<<25)
#define ATRACE_TAG_RRO (1<<26)
-#define ATRACE_TAG_SYSPROP (1<<27)
-#define ATRACE_TAG_LAST ATRACE_TAG_SYSPROP
+#define ATRACE_TAG_LAST ATRACE_TAG_RRO
// Reserved for initialization.
#define ATRACE_TAG_NOT_READY (1ULL<<63)
diff --git a/libutils/String8.cpp b/libutils/String8.cpp
index 195e122..8511da9 100644
--- a/libutils/String8.cpp
+++ b/libutils/String8.cpp
@@ -429,24 +429,17 @@
// ---------------------------------------------------------------------------
// Path functions
-void String8::setPathName(const char* name)
-{
- setPathName(name, strlen(name));
-}
-
-void String8::setPathName(const char* name, size_t len)
-{
- char* buf = lockBuffer(len);
+static void setPathName(String8& s, const char* name) {
+ size_t len = strlen(name);
+ char* buf = s.lockBuffer(len);
memcpy(buf, name, len);
// remove trailing path separator, if present
- if (len > 0 && buf[len-1] == OS_PATH_SEPARATOR)
- len--;
-
+ if (len > 0 && buf[len - 1] == OS_PATH_SEPARATOR) len--;
buf[len] = '\0';
- unlockBuffer(len);
+ s.unlockBuffer(len);
}
String8 String8::getPathLeaf(void) const
@@ -559,7 +552,7 @@
size_t len = length();
if (len == 0) {
// no existing filename, just use the new one
- setPathName(name);
+ setPathName(*this, name);
return *this;
}
@@ -579,7 +572,7 @@
return *this;
} else {
- setPathName(name);
+ setPathName(*this, name);
return *this;
}
}
diff --git a/libutils/String8_fuzz.cpp b/libutils/String8_fuzz.cpp
index a45d675..faf49b6 100644
--- a/libutils/String8_fuzz.cpp
+++ b/libutils/String8_fuzz.cpp
@@ -91,10 +91,6 @@
},
[](FuzzedDataProvider* dataProvider, android::String8* str1,
android::String8*) -> void {
- str1->setPathName(dataProvider->ConsumeBytesWithTerminator<char>(5).data());
- },
- [](FuzzedDataProvider* dataProvider, android::String8* str1,
- android::String8*) -> void {
str1->appendPath(dataProvider->ConsumeBytesWithTerminator<char>(5).data());
},
};
diff --git a/libutils/include/utils/String8.h b/libutils/include/utils/String8.h
index cee5dc6..8b2dcf9 100644
--- a/libutils/include/utils/String8.h
+++ b/libutils/include/utils/String8.h
@@ -137,14 +137,6 @@
*/
/*
- * Set the filename field to a specific value.
- *
- * Normalizes the filename, removing a trailing '/' if present.
- */
- void setPathName(const char* name);
- void setPathName(const char* name, size_t numChars);
-
- /*
* Get just the filename component.
*
* "/tmp/foo/bar.c" --> "bar.c"
diff --git a/trusty/keymaster/TrustyKeymaster.cpp b/trusty/keymaster/TrustyKeymaster.cpp
index aee3333..cdfbd90 100644
--- a/trusty/keymaster/TrustyKeymaster.cpp
+++ b/trusty/keymaster/TrustyKeymaster.cpp
@@ -79,6 +79,16 @@
return -1;
}
+ // Set the vendor patchlevel to value retrieved from system property (which
+ // requires SELinux permission).
+ ConfigureVendorPatchlevelRequest vendor_req(message_version());
+ vendor_req.vendor_patchlevel = GetVendorPatchlevel();
+ ConfigureVendorPatchlevelResponse vendor_rsp = ConfigureVendorPatchlevel(vendor_req);
+ if (vendor_rsp.error != KM_ERROR_OK) {
+ LOG(ERROR) << "Failed to configure keymaster vendor patchlevel: " << vendor_rsp.error;
+ // Don't fail if this message isn't understood.
+ }
+
return 0;
}
@@ -262,4 +272,11 @@
return response;
}
+ConfigureVendorPatchlevelResponse TrustyKeymaster::ConfigureVendorPatchlevel(
+ const ConfigureVendorPatchlevelRequest& request) {
+ ConfigureVendorPatchlevelResponse response(message_version());
+ ForwardCommand(KM_CONFIGURE_VENDOR_PATCHLEVEL, request, &response);
+ return response;
+}
+
} // namespace keymaster
diff --git a/trusty/keymaster/include/trusty_keymaster/TrustyKeymaster.h b/trusty/keymaster/include/trusty_keymaster/TrustyKeymaster.h
index 35eda45..f80e02f 100644
--- a/trusty/keymaster/include/trusty_keymaster/TrustyKeymaster.h
+++ b/trusty/keymaster/include/trusty_keymaster/TrustyKeymaster.h
@@ -64,6 +64,8 @@
GetVersion2Response GetVersion2(const GetVersion2Request& request);
EarlyBootEndedResponse EarlyBootEnded();
DeviceLockedResponse DeviceLocked(const DeviceLockedRequest& request);
+ ConfigureVendorPatchlevelResponse ConfigureVendorPatchlevel(
+ const ConfigureVendorPatchlevelRequest& request);
uint32_t message_version() const { return message_version_; }
diff --git a/trusty/keymaster/include/trusty_keymaster/ipc/keymaster_ipc.h b/trusty/keymaster/include/trusty_keymaster/ipc/keymaster_ipc.h
index 17fee15..fa475ae 100644
--- a/trusty/keymaster/include/trusty_keymaster/ipc/keymaster_ipc.h
+++ b/trusty/keymaster/include/trusty_keymaster/ipc/keymaster_ipc.h
@@ -58,6 +58,7 @@
KM_DEVICE_LOCKED = (30 << KEYMASTER_REQ_SHIFT),
KM_GENERATE_RKP_KEY = (31 << KEYMASTER_REQ_SHIFT),
KM_GENERATE_CSR = (32 << KEYMASTER_REQ_SHIFT),
+ KM_CONFIGURE_VENDOR_PATCHLEVEL = (33 << KEYMASTER_REQ_SHIFT),
// Bootloader/provisioning calls.
KM_SET_BOOT_PARAMS = (0x1000 << KEYMASTER_REQ_SHIFT),
@@ -71,7 +72,8 @@
KM_SET_PRODUCT_ID = (0x9000 << KEYMASTER_REQ_SHIFT),
KM_CLEAR_ATTESTATION_CERT_CHAIN = (0xa000 << KEYMASTER_REQ_SHIFT),
KM_SET_WRAPPED_ATTESTATION_KEY = (0xb000 << KEYMASTER_REQ_SHIFT),
- KM_SET_ATTESTATION_IDS = (0xc000 << KEYMASTER_REQ_SHIFT)
+ KM_SET_ATTESTATION_IDS = (0xc000 << KEYMASTER_REQ_SHIFT),
+ KM_CONFIGURE_BOOT_PATCHLEVEL = (0xd000 << KEYMASTER_REQ_SHIFT),
};
#ifdef __ANDROID__