Merge changes I669a03a6,Ibb774d6d
* changes:
libsnapshot: Fix footer values and verification
libsnapshot: Fix some minor formatting bugs
diff --git a/TEST_MAPPING b/TEST_MAPPING
index 89bd66a..52cff94 100644
--- a/TEST_MAPPING
+++ b/TEST_MAPPING
@@ -22,12 +22,6 @@
"name": "CtsInitTestCases"
},
{
- "name": "CtsLiblogTestCases"
- },
- {
- "name": "CtsLogdTestCases"
- },
- {
"name": "debuggerd_test"
},
{
diff --git a/debuggerd/debuggerd_test.cpp b/debuggerd/debuggerd_test.cpp
index 5ed9e57..5565e8b 100644
--- a/debuggerd/debuggerd_test.cpp
+++ b/debuggerd/debuggerd_test.cpp
@@ -312,7 +312,7 @@
if (mte_supported()) {
// Test that the default TAGGED_ADDR_CTRL value is set.
- ASSERT_MATCH(result, R"(tagged_addr_ctrl: 000000000007fff3)");
+ ASSERT_MATCH(result, R"(tagged_addr_ctrl: 000000000007fff5)");
}
}
diff --git a/fastboot/device/flashing.cpp b/fastboot/device/flashing.cpp
index 1bf4c9c..333ca50 100644
--- a/fastboot/device/flashing.cpp
+++ b/fastboot/device/flashing.cpp
@@ -67,7 +67,7 @@
if ((partition + device->GetCurrentSlot()) == partition_name) {
mount_metadata.emplace();
- fs_mgr_overlayfs_teardown(entry.mount_point.c_str());
+ android::fs_mgr::TeardownAllOverlayForMountPoint(entry.mount_point);
}
}
}
@@ -194,7 +194,7 @@
if (!FlashPartitionTable(super_name, *new_metadata.get())) {
return device->WriteFail("Unable to flash new partition table");
}
- fs_mgr_overlayfs_teardown();
+ android::fs_mgr::TeardownAllOverlayForMountPoint();
sync();
return device->WriteOkay("Successfully flashed partition table");
}
@@ -234,7 +234,7 @@
if (!UpdateAllPartitionMetadata(device, super_name, *new_metadata.get())) {
return device->WriteFail("Unable to write new partition table");
}
- fs_mgr_overlayfs_teardown();
+ android::fs_mgr::TeardownAllOverlayForMountPoint();
sync();
return device->WriteOkay("Successfully updated partition table");
}
diff --git a/fs_mgr/fs_mgr.cpp b/fs_mgr/fs_mgr.cpp
index fe72393..6294b3f 100644
--- a/fs_mgr/fs_mgr.cpp
+++ b/fs_mgr/fs_mgr.cpp
@@ -1534,6 +1534,8 @@
attempted_entry.mount_point},
nullptr)) {
++error_count;
+ } else if (current_entry.mount_point == "/data") {
+ userdata_mounted = true;
}
encryptable = FS_MGR_MNTALL_DEV_IS_METADATA_ENCRYPTED;
continue;
diff --git a/fs_mgr/fs_mgr_fstab.cpp b/fs_mgr/fs_mgr_fstab.cpp
index 616a06f..793a725 100644
--- a/fs_mgr/fs_mgr_fstab.cpp
+++ b/fs_mgr/fs_mgr_fstab.cpp
@@ -591,7 +591,7 @@
FstabEntry userdata;
if (FstabEntry* entry = GetEntryForMountPoint(fstab, "/data")) {
userdata = *entry;
- userdata.blk_device = "userdata_gsi";
+ userdata.blk_device = android::gsi::kDsuUserdata;
userdata.fs_mgr_flags.logical = true;
userdata.fs_mgr_flags.formattable = true;
if (!userdata.metadata_key_dir.empty()) {
@@ -611,7 +611,11 @@
continue;
}
// userdata has been handled
- if (StartsWith(partition, "user")) {
+ if (partition == android::gsi::kDsuUserdata) {
+ continue;
+ }
+ // scratch is handled by fs_mgr_overlayfs
+ if (partition == android::gsi::kDsuScratch) {
continue;
}
// dsu_partition_name = corresponding_partition_name + kDsuPostfix
diff --git a/fs_mgr/fs_mgr_overlayfs.cpp b/fs_mgr/fs_mgr_overlayfs.cpp
index a7704de..899978f 100644
--- a/fs_mgr/fs_mgr_overlayfs.cpp
+++ b/fs_mgr/fs_mgr_overlayfs.cpp
@@ -73,6 +73,25 @@
return ret;
}
+bool fs_mgr_in_recovery() {
+ // Check the existence of recovery binary instead of using the compile time
+ // macro, because first-stage-init is compiled with __ANDROID_RECOVERY__
+ // defined, albeit not in recovery. More details: system/core/init/README.md
+ return fs_mgr_access("/system/bin/recovery");
+}
+
+bool fs_mgr_is_dsu_running() {
+ // Since android::gsi::CanBootIntoGsi() or android::gsi::MarkSystemAsGsi() is
+ // never called in recovery, the return value of android::gsi::IsGsiRunning()
+ // is not well-defined. In this case, just return false as being in recovery
+ // implies not running a DSU system.
+ if (fs_mgr_in_recovery()) return false;
+ auto saved_errno = errno;
+ auto ret = android::gsi::IsGsiRunning();
+ errno = saved_errno;
+ return ret;
+}
+
// determine if a filesystem is available
bool fs_mgr_overlayfs_filesystem_available(const std::string& filesystem) {
std::string filesystems;
@@ -113,8 +132,11 @@
namespace android {
namespace fs_mgr {
-void MapScratchPartitionIfNeeded(Fstab*,
- const std::function<bool(const std::set<std::string>&)>&) {}
+void MapScratchPartitionIfNeeded(Fstab*, const std::function<bool(const std::set<std::string>&)>&) {
+}
+
+void TeardownAllOverlayForMountPoint(const std::string&) {}
+
} // namespace fs_mgr
} // namespace android
@@ -171,6 +193,10 @@
// Note: this is meant only for recovery/first-stage init.
bool ScratchIsOnData() {
+ // The scratch partition of DSU is managed by gsid.
+ if (fs_mgr_is_dsu_running()) {
+ return false;
+ }
return fs_mgr_access(kScratchImageMetadata);
}
@@ -464,6 +490,12 @@
// umount and delete kScratchMountPoint storage if we have logical partitions
if (overlay != kScratchMountPoint) return true;
+ // Validation check.
+ if (fs_mgr_is_dsu_running()) {
+ LERROR << "Destroying DSU scratch is not allowed.";
+ return false;
+ }
+
auto save_errno = errno;
if (fs_mgr_overlayfs_already_mounted(kScratchMountPoint, false)) {
fs_mgr_overlayfs_umount_scratch();
@@ -512,10 +544,13 @@
}
bool fs_mgr_overlayfs_teardown_one(const std::string& overlay, const std::string& mount_point,
- bool* change) {
+ bool* change, bool* should_destroy_scratch = nullptr) {
const auto top = overlay + kOverlayTopDir;
- if (!fs_mgr_access(top)) return fs_mgr_overlayfs_teardown_scratch(overlay, change);
+ if (!fs_mgr_access(top)) {
+ if (should_destroy_scratch) *should_destroy_scratch = true;
+ return true;
+ }
auto cleanup_all = mount_point.empty();
const auto partition_name = android::base::Basename(mount_point);
@@ -571,7 +606,7 @@
PERROR << "rmdir " << top;
}
}
- if (cleanup_all) ret &= fs_mgr_overlayfs_teardown_scratch(overlay, change);
+ if (should_destroy_scratch) *should_destroy_scratch = cleanup_all;
return ret;
}
@@ -881,12 +916,29 @@
return "";
}
+// Note: The scratch partition of DSU is managed by gsid, and should be initialized during
+// first-stage-mount. Just check if the DM device for DSU scratch partition is created or not.
+static std::string GetDsuScratchDevice() {
+ auto& dm = DeviceMapper::Instance();
+ std::string device;
+ if (dm.GetState(android::gsi::kDsuScratch) != DmDeviceState::INVALID &&
+ dm.GetDmDevicePathByName(android::gsi::kDsuScratch, &device)) {
+ return device;
+ }
+ return "";
+}
+
// This returns the scratch device that was detected during early boot (first-
// stage init). If the device was created later, for example during setup for
// the adb remount command, it can return an empty string since it does not
// query ImageManager. (Note that ImageManager in first-stage init will always
// use device-mapper, since /data is not available to use loop devices.)
static std::string GetBootScratchDevice() {
+ // Note: fs_mgr_is_dsu_running() always returns false in recovery or fastbootd.
+ if (fs_mgr_is_dsu_running()) {
+ return GetDsuScratchDevice();
+ }
+
auto& dm = DeviceMapper::Instance();
// If there is a scratch partition allocated in /data or on super, we
@@ -1108,6 +1160,14 @@
bool fs_mgr_overlayfs_create_scratch(const Fstab& fstab, std::string* scratch_device,
bool* partition_exists, bool* change) {
+ // Use the DSU scratch device managed by gsid if within a DSU system.
+ if (fs_mgr_is_dsu_running()) {
+ *scratch_device = GetDsuScratchDevice();
+ *partition_exists = !scratch_device->empty();
+ *change = false;
+ return *partition_exists;
+ }
+
// Try a physical partition first.
*scratch_device = GetPhysicalScratchDevice();
if (!scratch_device->empty() && fs_mgr_rw_access(*scratch_device)) {
@@ -1166,12 +1226,8 @@
bool fs_mgr_overlayfs_invalid() {
if (fs_mgr_overlayfs_valid() == OverlayfsValidResult::kNotSupported) return true;
- // in recovery, fastbootd, or gsi mode, not allowed!
- if (fs_mgr_access("/system/bin/recovery")) return true;
- auto save_errno = errno;
- auto ret = android::gsi::IsGsiRunning();
- errno = save_errno;
- return ret;
+ // in recovery or fastbootd, not allowed!
+ return fs_mgr_in_recovery();
}
} // namespace
@@ -1314,6 +1370,8 @@
return ret;
}
+// Note: This function never returns the DSU scratch device in recovery or fastbootd,
+// because the DSU scratch is created in the first-stage-mount, which is not run in recovery.
static bool EnsureScratchMapped(std::string* device, bool* mapped) {
*mapped = false;
*device = GetBootScratchDevice();
@@ -1321,6 +1379,11 @@
return true;
}
+ if (!fs_mgr_in_recovery()) {
+ errno = EINVAL;
+ return false;
+ }
+
auto partition_name = android::base::Basename(kScratchMountPoint);
// Check for scratch on /data first, before looking for a modified super
@@ -1362,10 +1425,27 @@
return true;
}
-static void UnmapScratchDevice() {
- // This should only be reachable in recovery, where scratch is not
- // automatically mapped and therefore can be unmapped.
- DestroyLogicalPartition(android::base::Basename(kScratchMountPoint));
+// This should only be reachable in recovery, where DSU scratch is not
+// automatically mapped.
+static bool MapDsuScratchDevice(std::string* device) {
+ std::string dsu_slot;
+ if (!android::gsi::IsGsiInstalled() || !android::gsi::GetActiveDsu(&dsu_slot) ||
+ dsu_slot.empty()) {
+ // Nothing to do if no DSU installation present.
+ return false;
+ }
+
+ auto images = IImageManager::Open("dsu/" + dsu_slot, 10s);
+ if (!images || !images->BackingImageExists(android::gsi::kDsuScratch)) {
+ // Nothing to do if DSU scratch device doesn't exist.
+ return false;
+ }
+
+ images->UnmapImageDevice(android::gsi::kDsuScratch);
+ if (!images->MapImageDevice(android::gsi::kDsuScratch, 10s, device)) {
+ return false;
+ }
+ return true;
}
// Returns false if teardown not permitted, errno set to last error.
@@ -1377,21 +1457,27 @@
// If scratch exists, but is not mounted, lets gain access to clean
// specific override entries.
auto mount_scratch = false;
- bool unmap = false;
if ((mount_point != nullptr) && !fs_mgr_overlayfs_already_mounted(kScratchMountPoint, false)) {
- std::string scratch_device;
- if (EnsureScratchMapped(&scratch_device, &unmap)) {
+ std::string scratch_device = GetBootScratchDevice();
+ if (!scratch_device.empty()) {
mount_scratch = fs_mgr_overlayfs_mount_scratch(scratch_device,
fs_mgr_overlayfs_scratch_mount_type());
}
}
+ bool should_destroy_scratch = false;
for (const auto& overlay_mount_point : kOverlayMountPoints) {
ret &= fs_mgr_overlayfs_teardown_one(
- overlay_mount_point, mount_point ? fs_mgr_mount_point(mount_point) : "", change);
+ overlay_mount_point, mount_point ? fs_mgr_mount_point(mount_point) : "", change,
+ overlay_mount_point == kScratchMountPoint ? &should_destroy_scratch : nullptr);
+ }
+ // Do not attempt to destroy DSU scratch if within a DSU system,
+ // because DSU scratch partition is managed by gsid.
+ if (should_destroy_scratch && !fs_mgr_is_dsu_running()) {
+ ret &= fs_mgr_overlayfs_teardown_scratch(kScratchMountPoint, change);
}
if (fs_mgr_overlayfs_valid() == OverlayfsValidResult::kNotSupported) {
// After obligatory teardown to make sure everything is clean, but if
- // we didn't want overlayfs in the the first place, we do not want to
+ // we didn't want overlayfs in the first place, we do not want to
// waste time on a reboot (or reboot request message).
if (change) *change = false;
}
@@ -1405,9 +1491,6 @@
if (mount_scratch) {
fs_mgr_overlayfs_umount_scratch();
}
- if (unmap) {
- UnmapScratchDevice();
- }
return ret;
}
@@ -1475,6 +1558,54 @@
}
}
+void TeardownAllOverlayForMountPoint(const std::string& mount_point) {
+ if (!fs_mgr_in_recovery()) {
+ LERROR << __FUNCTION__ << "(): must be called within recovery.";
+ return;
+ }
+
+ // Empty string means teardown everything.
+ const std::string teardown_dir = mount_point.empty() ? "" : fs_mgr_mount_point(mount_point);
+ constexpr bool* ignore_change = nullptr;
+
+ // Teardown legacy overlay mount points that's not backed by a scratch device.
+ for (const auto& overlay_mount_point : kOverlayMountPoints) {
+ if (overlay_mount_point == kScratchMountPoint) {
+ continue;
+ }
+ fs_mgr_overlayfs_teardown_one(overlay_mount_point, teardown_dir, ignore_change);
+ }
+
+ // Map scratch device, mount kScratchMountPoint and teardown kScratchMountPoint.
+ bool mapped = false;
+ std::string scratch_device;
+ if (EnsureScratchMapped(&scratch_device, &mapped)) {
+ fs_mgr_overlayfs_umount_scratch();
+ if (fs_mgr_overlayfs_mount_scratch(scratch_device, fs_mgr_overlayfs_scratch_mount_type())) {
+ bool should_destroy_scratch = false;
+ fs_mgr_overlayfs_teardown_one(kScratchMountPoint, teardown_dir, ignore_change,
+ &should_destroy_scratch);
+ if (should_destroy_scratch) {
+ fs_mgr_overlayfs_teardown_scratch(kScratchMountPoint, nullptr);
+ }
+ fs_mgr_overlayfs_umount_scratch();
+ }
+ if (mapped) {
+ DestroyLogicalPartition(android::base::Basename(kScratchMountPoint));
+ }
+ }
+
+ // Teardown DSU overlay if present.
+ if (MapDsuScratchDevice(&scratch_device)) {
+ fs_mgr_overlayfs_umount_scratch();
+ if (fs_mgr_overlayfs_mount_scratch(scratch_device, fs_mgr_overlayfs_scratch_mount_type())) {
+ fs_mgr_overlayfs_teardown_one(kScratchMountPoint, teardown_dir, ignore_change);
+ fs_mgr_overlayfs_umount_scratch();
+ }
+ DestroyLogicalPartition(android::gsi::kDsuScratch);
+ }
+}
+
} // namespace fs_mgr
} // namespace android
diff --git a/fs_mgr/include/fs_mgr_overlayfs.h b/fs_mgr/include/fs_mgr_overlayfs.h
index 34aded9..d45e2de 100644
--- a/fs_mgr/include/fs_mgr_overlayfs.h
+++ b/fs_mgr/include/fs_mgr_overlayfs.h
@@ -49,5 +49,12 @@
const std::function<bool(const std::set<std::string>&)>& init);
void CleanupOldScratchFiles();
+// Teardown overlays of all sources (cache dir, scratch device, DSU) for |mount_point|.
+// Teardown all overlays if |mount_point| is empty.
+//
+// Note: This should be called if and only if in recovery or fastbootd to teardown
+// overlays if any partition is flashed or updated.
+void TeardownAllOverlayForMountPoint(const std::string& mount_point = {});
+
} // namespace fs_mgr
} // namespace android
diff --git a/fs_mgr/libsnapshot/Android.bp b/fs_mgr/libsnapshot/Android.bp
index 059a469..f1b0031 100644
--- a/fs_mgr/libsnapshot/Android.bp
+++ b/fs_mgr/libsnapshot/Android.bp
@@ -31,15 +31,17 @@
"libbrotli",
"libdm",
"libfstab",
- "libsnapshot_cow",
"update_metadata-protos",
],
whole_static_libs: [
+ "libbrotli",
"libcutils",
"libext2_uuid",
"libext4_utils",
"libfstab",
+ "libsnapshot_cow",
"libsnapshot_snapuserd",
+ "libz",
],
header_libs: [
"libchrome",
@@ -432,6 +434,7 @@
init_rc: [
"snapuserd.rc",
],
+ static_executable: true,
}
cc_binary {
diff --git a/fs_mgr/libsnapshot/include/libsnapshot/snapshot.h b/fs_mgr/libsnapshot/include/libsnapshot/snapshot.h
index 35ed04a..8bed1b9 100644
--- a/fs_mgr/libsnapshot/include/libsnapshot/snapshot.h
+++ b/fs_mgr/libsnapshot/include/libsnapshot/snapshot.h
@@ -15,6 +15,7 @@
#pragma once
#include <stdint.h>
+#include <unistd.h>
#include <chrono>
#include <map>
@@ -77,6 +78,7 @@
class SnapshotStatus;
static constexpr const std::string_view kCowGroupName = "cow";
+static constexpr char kVirtualAbCompressionProp[] = "ro.virtual_ab.compression.enabled";
bool OptimizeSourceCopyOperation(const chromeos_update_engine::InstallOperation& operation,
chromeos_update_engine::InstallOperation* optimized);
@@ -104,6 +106,7 @@
android::hardware::boot::V1_1::MergeStatus status) = 0;
virtual bool SetSlotAsUnbootable(unsigned int slot) = 0;
virtual bool IsRecovery() const = 0;
+ virtual bool IsTestDevice() const { return false; }
};
virtual ~ISnapshotManager() = default;
@@ -303,6 +306,14 @@
// Helper function for second stage init to restorecon on the rollback indicator.
static std::string GetGlobalRollbackIndicatorPath();
+ // Initiate the transition from first-stage to second-stage snapuserd. This
+ // process involves re-creating the dm-user table entries for each device,
+ // so that they connect to the new daemon. Once all new tables have been
+ // activated, we ask the first-stage daemon to cleanly exit.
+ //
+ // The caller must pass a function which starts snapuserd.
+ bool PerformSecondStageTransition();
+
// ISnapshotManager overrides.
bool BeginUpdate() override;
bool CancelUpdate() override;
@@ -345,6 +356,7 @@
FRIEND_TEST(SnapshotTest, Merge);
FRIEND_TEST(SnapshotTest, NoMergeBeforeReboot);
FRIEND_TEST(SnapshotTest, UpdateBootControlHal);
+ FRIEND_TEST(SnapshotUpdateTest, DaemonTransition);
FRIEND_TEST(SnapshotUpdateTest, DataWipeAfterRollback);
FRIEND_TEST(SnapshotUpdateTest, DataWipeRollbackInRecovery);
FRIEND_TEST(SnapshotUpdateTest, FullUpdateFlow);
@@ -372,11 +384,13 @@
// Ensure we're connected to snapuserd.
bool EnsureSnapuserdConnected();
- // Helper for first-stage init.
+ // Helpers for first-stage init.
bool ForceLocalImageManager();
+ const std::unique_ptr<IDeviceInfo>& device() const { return device_; }
- // Helper function for tests.
+ // Helper functions for tests.
IImageManager* image_manager() const { return images_.get(); }
+ void set_use_first_stage_snapuserd(bool value) { use_first_stage_snapuserd_ = value; }
// Since libsnapshot is included into multiple processes, we flock() our
// files for simple synchronization. LockedFile is a helper to assist with
@@ -545,6 +559,9 @@
std::string GetSnapshotDeviceName(const std::string& snapshot_name,
const SnapshotStatus& status);
+ bool MapAllPartitions(LockedFile* lock, const std::string& super_device, uint32_t slot,
+ const std::chrono::milliseconds& timeout_ms);
+
// Reason for calling MapPartitionWithSnapshot.
enum class SnapshotContext {
// For writing or verification (during update_engine).
@@ -618,9 +635,12 @@
const LpMetadata* exported_target_metadata, const std::string& target_suffix,
const std::map<std::string, SnapshotStatus>& all_snapshot_status);
+ // Implementation of UnmapAllSnapshots(), with the lock provided.
+ bool UnmapAllSnapshots(LockedFile* lock);
+
// Unmap all partitions that were mapped by CreateLogicalAndSnapshotPartitions.
// This should only be called in recovery.
- bool UnmapAllPartitions();
+ bool UnmapAllPartitionsInRecovery();
// Check no snapshot overflows. Note that this returns false negatives if the snapshot
// overflows, then is remapped and not written afterwards.
@@ -660,6 +680,7 @@
std::unique_ptr<IDeviceInfo> device_;
std::unique_ptr<IImageManager> images_;
bool has_local_image_manager_ = false;
+ bool use_first_stage_snapuserd_ = false;
bool in_factory_data_reset_ = false;
std::unique_ptr<SnapuserdClient> snapuserd_client_;
};
diff --git a/fs_mgr/libsnapshot/include/libsnapshot/snapuserd_client.h b/fs_mgr/libsnapshot/include/libsnapshot/snapuserd_client.h
index 0bbdaa5..aaec229 100644
--- a/fs_mgr/libsnapshot/include/libsnapshot/snapuserd_client.h
+++ b/fs_mgr/libsnapshot/include/libsnapshot/snapuserd_client.h
@@ -14,6 +14,8 @@
#pragma once
+#include <unistd.h>
+
#include <chrono>
#include <cstring>
#include <iostream>
@@ -31,9 +33,15 @@
static constexpr char kSnapuserdSocketFirstStage[] = "snapuserd_first_stage";
static constexpr char kSnapuserdSocket[] = "snapuserd";
+static constexpr char kSnapuserdFirstStagePidVar[] = "FIRST_STAGE_SNAPUSERD_PID";
+
// Ensure that the second-stage daemon for snapuserd is running.
bool EnsureSnapuserdStarted();
+// Start the first-stage version of snapuserd, returning its pid. This is used
+// by first-stage init, as well as vts_libsnapshot_test. On failure, -1 is returned.
+pid_t StartFirstStageSnapuserd();
+
class SnapuserdClient {
private:
android::base::unique_fd sockfd_;
diff --git a/fs_mgr/libsnapshot/include_test/libsnapshot/test_helpers.h b/fs_mgr/libsnapshot/include_test/libsnapshot/test_helpers.h
index 197aeaa..7aef086 100644
--- a/fs_mgr/libsnapshot/include_test/libsnapshot/test_helpers.h
+++ b/fs_mgr/libsnapshot/include_test/libsnapshot/test_helpers.h
@@ -95,6 +95,7 @@
unbootable_slots_.insert(slot);
return true;
}
+ bool IsTestDevice() const override { return true; }
bool IsSlotUnbootable(uint32_t slot) { return unbootable_slots_.count(slot) != 0; }
diff --git a/fs_mgr/libsnapshot/snapshot.cpp b/fs_mgr/libsnapshot/snapshot.cpp
index 7061d56..f9bb0dd 100644
--- a/fs_mgr/libsnapshot/snapshot.cpp
+++ b/fs_mgr/libsnapshot/snapshot.cpp
@@ -31,8 +31,10 @@
#include <android-base/properties.h>
#include <android-base/strings.h>
#include <android-base/unique_fd.h>
+#include <cutils/sockets.h>
#include <ext4_utils/ext4_utils.h>
#include <fs_mgr.h>
+#include <fs_mgr/file_wait.h>
#include <fs_mgr_dm_linear.h>
#include <fstab/fstab.h>
#include <libdm/dm.h>
@@ -100,6 +102,12 @@
if (!sm || !sm->ForceLocalImageManager()) {
return nullptr;
}
+
+ // The first-stage version of snapuserd is explicitly started by init. Do
+ // not attempt to using it during tests (which run in normal AOSP).
+ if (!sm->device()->IsTestDevice()) {
+ sm->use_first_stage_snapuserd_ = true;
+ }
return sm;
}
@@ -400,8 +408,15 @@
base_sectors = dev_size / kSectorSize;
}
+ // Use an extra decoration for first-stage init, so we can transition
+ // to a new table entry in second-stage.
+ std::string misc_name = name;
+ if (use_first_stage_snapuserd_) {
+ misc_name += "-init";
+ }
+
DmTable table;
- table.Emplace<DmTargetUser>(0, base_sectors, name);
+ table.Emplace<DmTargetUser>(0, base_sectors, misc_name);
if (!dm.CreateDevice(name, table, path, timeout_ms)) {
return false;
}
@@ -410,7 +425,7 @@
return false;
}
- auto control_device = "/dev/dm-user/" + name;
+ auto control_device = "/dev/dm-user/" + misc_name;
return snapuserd_client_->InitializeSnapuserd(cow_file, base_device, control_device);
}
@@ -1284,6 +1299,107 @@
return RemoveAllUpdateState(lock, before_cancel);
}
+bool SnapshotManager::PerformSecondStageTransition() {
+ LOG(INFO) << "Performing second-stage transition for snapuserd.";
+
+ // Don't use EnsuerSnapuserdConnected() because this is called from init,
+ // and attempting to do so will deadlock.
+ if (!snapuserd_client_) {
+ snapuserd_client_ = SnapuserdClient::Connect(kSnapuserdSocket, 10s);
+ if (!snapuserd_client_) {
+ LOG(ERROR) << "Unable to connect to snapuserd";
+ return false;
+ }
+ }
+
+ auto& dm = DeviceMapper::Instance();
+
+ auto lock = LockExclusive();
+ if (!lock) return false;
+
+ std::vector<std::string> snapshots;
+ if (!ListSnapshots(lock.get(), &snapshots)) {
+ LOG(ERROR) << "Failed to list snapshots.";
+ return false;
+ }
+
+ size_t num_cows = 0;
+ size_t ok_cows = 0;
+ for (const auto& snapshot : snapshots) {
+ std::string cow_name = GetDmUserCowName(snapshot);
+ if (dm.GetState(cow_name) == DmDeviceState::INVALID) {
+ continue;
+ }
+
+ DeviceMapper::TargetInfo target;
+ if (!GetSingleTarget(cow_name, TableQuery::Table, &target)) {
+ continue;
+ }
+
+ auto target_type = DeviceMapper::GetTargetType(target.spec);
+ if (target_type != "user") {
+ LOG(ERROR) << "Unexpected target type for " << cow_name << ": " << target_type;
+ continue;
+ }
+
+ num_cows++;
+
+ DmTable table;
+ table.Emplace<DmTargetUser>(0, target.spec.length, cow_name);
+ if (!dm.LoadTableAndActivate(cow_name, table)) {
+ LOG(ERROR) << "Unable to swap tables for " << cow_name;
+ continue;
+ }
+
+ std::string backing_device;
+ if (!dm.GetDmDevicePathByName(GetBaseDeviceName(snapshot), &backing_device)) {
+ LOG(ERROR) << "Could not get device path for " << GetBaseDeviceName(snapshot);
+ continue;
+ }
+
+ std::string cow_device;
+ if (!dm.GetDmDevicePathByName(GetCowName(snapshot), &cow_device)) {
+ LOG(ERROR) << "Could not get device path for " << GetCowName(snapshot);
+ continue;
+ }
+
+ // Wait for ueventd to acknowledge and create the control device node.
+ std::string control_device = "/dev/dm-user/" + cow_name;
+ if (!android::fs_mgr::WaitForFile(control_device, 10s)) {
+ LOG(ERROR) << "Could not find control device: " << control_device;
+ continue;
+ }
+
+ if (!snapuserd_client_->InitializeSnapuserd(cow_device, backing_device, control_device)) {
+ // This error is unrecoverable. We cannot proceed because reads to
+ // the underlying device will fail.
+ LOG(FATAL) << "Could not initialize snapuserd for " << cow_name;
+ return false;
+ }
+
+ ok_cows++;
+ }
+
+ if (ok_cows != num_cows) {
+ LOG(ERROR) << "Could not transition all snapuserd consumers.";
+ return false;
+ }
+
+ int pid;
+ const char* pid_str = getenv(kSnapuserdFirstStagePidVar);
+ if (pid_str && android::base::ParseInt(pid_str, &pid)) {
+ if (kill(pid, SIGTERM) < 0 && errno != ESRCH) {
+ LOG(ERROR) << "kill snapuserd failed";
+ return false;
+ }
+ } else {
+ LOG(ERROR) << "Could not find or parse " << kSnapuserdFirstStagePidVar
+ << " for snapuserd pid";
+ return false;
+ }
+ return true;
+}
+
std::unique_ptr<LpMetadata> SnapshotManager::ReadCurrentMetadata() {
const auto& opener = device_->GetPartitionOpener();
uint32_t slot = SlotNumberForSlotSuffix(device_->GetSlotSuffix());
@@ -1593,8 +1709,13 @@
auto lock = LockExclusive();
if (!lock) return false;
- const auto& opener = device_->GetPartitionOpener();
uint32_t slot = SlotNumberForSlotSuffix(device_->GetSlotSuffix());
+ return MapAllPartitions(lock.get(), super_device, slot, timeout_ms);
+}
+
+bool SnapshotManager::MapAllPartitions(LockedFile* lock, const std::string& super_device,
+ uint32_t slot, const std::chrono::milliseconds& timeout_ms) {
+ const auto& opener = device_->GetPartitionOpener();
auto metadata = android::fs_mgr::ReadMetadata(opener, super_device, slot);
if (!metadata) {
LOG(ERROR) << "Could not read dynamic partition metadata for device: " << super_device;
@@ -1615,12 +1736,20 @@
.partition_opener = &opener,
.timeout_ms = timeout_ms,
};
- if (!MapPartitionWithSnapshot(lock.get(), std::move(params), SnapshotContext::Mount,
- nullptr)) {
+ if (!MapPartitionWithSnapshot(lock, std::move(params), SnapshotContext::Mount, nullptr)) {
return false;
}
}
+ if (use_first_stage_snapuserd_) {
+ // Remove the first-stage socket as a precaution, there is no need to
+ // access the daemon anymore and we'll be killing it once second-stage
+ // is running.
+ auto socket = ANDROID_SOCKET_DIR + "/"s + kSnapuserdSocketFirstStage;
+ snapuserd_client_ = nullptr;
+ unlink(socket.c_str());
+ }
+
LOG(INFO) << "Created logical partitions with snapshot.";
return true;
}
@@ -1925,10 +2054,18 @@
LOG(ERROR) << "Cannot unmap " << dm_user_name;
return false;
}
- if (!snapuserd_client_->WaitForDeviceDelete("/dev/dm-user/" + dm_user_name)) {
+
+ auto control_device = "/dev/dm-user/" + dm_user_name;
+ if (!snapuserd_client_->WaitForDeviceDelete(control_device)) {
LOG(ERROR) << "Failed to wait for " << dm_user_name << " control device to delete";
return false;
}
+
+ // Ensure the control device is gone so we don't run into ABA problems.
+ if (!android::fs_mgr::WaitForFileDeleted(control_device, 10s)) {
+ LOG(ERROR) << "Timed out waiting for " << control_device << " to unlink";
+ return false;
+ }
}
auto cow_name = GetCowName(name);
@@ -1945,14 +2082,49 @@
return true;
}
-bool SnapshotManager::MapAllSnapshots(const std::chrono::milliseconds&) {
- LOG(ERROR) << "Not yet implemented.";
- return false;
+bool SnapshotManager::MapAllSnapshots(const std::chrono::milliseconds& timeout_ms) {
+ auto lock = LockExclusive();
+ if (!lock) return false;
+
+ auto state = ReadUpdateState(lock.get());
+ if (state == UpdateState::Unverified) {
+ if (GetCurrentSlot() == Slot::Target) {
+ LOG(ERROR) << "Cannot call MapAllSnapshots when booting from the target slot.";
+ return false;
+ }
+ } else if (state != UpdateState::Initiated) {
+ LOG(ERROR) << "Cannot call MapAllSnapshots from update state: " << state;
+ return false;
+ }
+
+ if (!UnmapAllSnapshots(lock.get())) {
+ return false;
+ }
+
+ uint32_t slot = SlotNumberForSlotSuffix(device_->GetOtherSlotSuffix());
+ return MapAllPartitions(lock.get(), device_->GetSuperDevice(slot), slot, timeout_ms);
}
bool SnapshotManager::UnmapAllSnapshots() {
- LOG(ERROR) << "Not yet implemented.";
- return false;
+ auto lock = LockExclusive();
+ if (!lock) return false;
+
+ return UnmapAllSnapshots(lock.get());
+}
+
+bool SnapshotManager::UnmapAllSnapshots(LockedFile* lock) {
+ std::vector<std::string> snapshots;
+ if (!ListSnapshots(lock, &snapshots)) {
+ return false;
+ }
+
+ for (const auto& snapshot : snapshots) {
+ if (!UnmapPartitionWithSnapshot(lock, snapshot)) {
+ LOG(ERROR) << "Failed to unmap snapshot: " << snapshot;
+ return false;
+ }
+ }
+ return true;
}
auto SnapshotManager::OpenFile(const std::string& file, int lock_flags)
@@ -2212,15 +2384,35 @@
}
bool SnapshotManager::EnsureSnapuserdConnected() {
- if (!snapuserd_client_) {
+ if (snapuserd_client_) {
+ return true;
+ }
+
+ std::string socket;
+ if (use_first_stage_snapuserd_) {
+ auto pid = StartFirstStageSnapuserd();
+ if (pid < 0) {
+ LOG(ERROR) << "Failed to start snapuserd";
+ return false;
+ }
+
+ auto pid_str = std::to_string(static_cast<int>(pid));
+ if (setenv(kSnapuserdFirstStagePidVar, pid_str.c_str(), 1) < 0) {
+ PLOG(ERROR) << "setenv failed storing the snapuserd pid";
+ }
+
+ socket = kSnapuserdSocketFirstStage;
+ } else {
if (!EnsureSnapuserdStarted()) {
return false;
}
- snapuserd_client_ = SnapuserdClient::Connect(kSnapuserdSocket, 10s);
- if (!snapuserd_client_) {
- LOG(ERROR) << "Unable to connect to snapuserd";
- return false;
- }
+ socket = kSnapuserdSocket;
+ }
+
+ snapuserd_client_ = SnapuserdClient::Connect(socket, 10s);
+ if (!snapuserd_client_) {
+ LOG(ERROR) << "Unable to connect to snapuserd";
+ return false;
}
return true;
}
@@ -2538,11 +2730,26 @@
return Return::Error();
}
- auto ret = InitializeCow(cow_path);
- if (!ret.is_ok()) {
- LOG(ERROR) << "Can't zero-fill COW device for " << target_partition->name() << ": "
- << cow_path;
- return AddRequiredSpace(ret, all_snapshot_status);
+ if (IsCompressionEnabled()) {
+ unique_fd fd(open(cow_path.c_str(), O_RDWR | O_CLOEXEC));
+ if (fd < 0) {
+ PLOG(ERROR) << "open " << cow_path << " failed for snapshot "
+ << cow_params.partition_name;
+ return Return::Error();
+ }
+
+ CowWriter writer(CowOptions{});
+ if (!writer.Initialize(fd) || !writer.Finalize()) {
+ LOG(ERROR) << "Could not initialize COW device for " << target_partition->name();
+ return Return::Error();
+ }
+ } else {
+ auto ret = InitializeKernelCow(cow_path);
+ if (!ret.is_ok()) {
+ LOG(ERROR) << "Can't zero-fill COW device for " << target_partition->name() << ": "
+ << cow_path;
+ return AddRequiredSpace(ret, all_snapshot_status);
+ }
}
// Let destructor of created_devices_for_cow to unmap the COW devices.
};
@@ -2700,7 +2907,7 @@
return UnmapPartitionWithSnapshot(lock.get(), target_partition_name);
}
-bool SnapshotManager::UnmapAllPartitions() {
+bool SnapshotManager::UnmapAllPartitionsInRecovery() {
auto lock = LockExclusive();
if (!lock) return false;
@@ -2844,7 +3051,7 @@
}
// Nothing should be depending on partitions now, so unmap them all.
- if (!UnmapAllPartitions()) {
+ if (!UnmapAllPartitionsInRecovery()) {
LOG(ERROR) << "Unable to unmap all partitions; fastboot may fail to flash.";
}
return true;
@@ -2875,7 +3082,7 @@
}
// Nothing should be depending on partitions now, so unmap them all.
- if (!UnmapAllPartitions()) {
+ if (!UnmapAllPartitionsInRecovery()) {
LOG(ERROR) << "Unable to unmap all partitions; fastboot may fail to flash.";
}
return true;
diff --git a/fs_mgr/libsnapshot/snapshot_test.cpp b/fs_mgr/libsnapshot/snapshot_test.cpp
index 9660357..7fc64e5 100644
--- a/fs_mgr/libsnapshot/snapshot_test.cpp
+++ b/fs_mgr/libsnapshot/snapshot_test.cpp
@@ -15,6 +15,7 @@
#include <libsnapshot/snapshot.h>
#include <fcntl.h>
+#include <signal.h>
#include <sys/file.h>
#include <sys/stat.h>
#include <sys/types.h>
@@ -29,6 +30,7 @@
#include <android-base/properties.h>
#include <android-base/strings.h>
#include <android-base/unique_fd.h>
+#include <fs_mgr/file_wait.h>
#include <fs_mgr/roots.h>
#include <fs_mgr_dm_linear.h>
#include <gtest/gtest.h>
@@ -118,6 +120,8 @@
image_manager_ = sm->image_manager();
test_device->set_slot_suffix("_a");
+
+ sm->set_use_first_stage_snapuserd(false);
}
void CleanupTestArtifacts() {
@@ -265,7 +269,7 @@
if (!map_res) {
return map_res;
}
- if (!InitializeCow(cow_device)) {
+ if (!InitializeKernelCow(cow_device)) {
return AssertionFailure() << "Cannot zero fill " << cow_device;
}
if (!sm->UnmapCowImage(name)) {
@@ -1736,6 +1740,74 @@
ASSERT_LT(res.required_size(), 15_MiB);
}
+class AutoKill final {
+ public:
+ explicit AutoKill(pid_t pid) : pid_(pid) {}
+ ~AutoKill() {
+ if (pid_ > 0) kill(pid_, SIGKILL);
+ }
+
+ bool valid() const { return pid_ > 0; }
+
+ private:
+ pid_t pid_;
+};
+
+TEST_F(SnapshotUpdateTest, DaemonTransition) {
+ if (!IsCompressionEnabled()) {
+ GTEST_SKIP() << "Skipping Virtual A/B Compression test";
+ }
+
+ AutoKill auto_kill(StartFirstStageSnapuserd());
+ ASSERT_TRUE(auto_kill.valid());
+
+ // Ensure a connection to the second-stage daemon, but use the first-stage
+ // code paths thereafter.
+ ASSERT_TRUE(sm->EnsureSnapuserdConnected());
+ sm->set_use_first_stage_snapuserd(true);
+
+ AddOperationForPartitions();
+ // Execute the update.
+ ASSERT_TRUE(sm->BeginUpdate());
+ ASSERT_TRUE(sm->CreateUpdateSnapshots(manifest_));
+ ASSERT_TRUE(MapUpdateSnapshots());
+ ASSERT_TRUE(sm->FinishedSnapshotWrites(false));
+ ASSERT_TRUE(UnmapAll());
+
+ auto init = SnapshotManager::NewForFirstStageMount(new TestDeviceInfo(fake_super, "_b"));
+ ASSERT_NE(init, nullptr);
+
+ ASSERT_TRUE(init->EnsureSnapuserdConnected());
+ init->set_use_first_stage_snapuserd(true);
+
+ ASSERT_TRUE(init->NeedSnapshotsInFirstStageMount());
+ ASSERT_TRUE(init->CreateLogicalAndSnapshotPartitions("super", snapshot_timeout_));
+
+ ASSERT_EQ(access("/dev/dm-user/sys_b-user-cow-init", F_OK), 0);
+ ASSERT_EQ(access("/dev/dm-user/sys_b-user-cow", F_OK), -1);
+
+ ASSERT_TRUE(init->PerformSecondStageTransition());
+
+ // The control device should have been renamed.
+ ASSERT_TRUE(android::fs_mgr::WaitForFileDeleted("/dev/dm-user/sys_b-user-cow-init", 10s));
+ ASSERT_EQ(access("/dev/dm-user/sys_b-user-cow", F_OK), 0);
+}
+
+TEST_F(SnapshotUpdateTest, MapAllSnapshots) {
+ AddOperationForPartitions();
+ // Execute the update.
+ ASSERT_TRUE(sm->BeginUpdate());
+ ASSERT_TRUE(sm->CreateUpdateSnapshots(manifest_));
+ for (const auto& name : {"sys_b", "vnd_b", "prd_b"}) {
+ ASSERT_TRUE(WriteSnapshotAndHash(name));
+ }
+ ASSERT_TRUE(sm->FinishedSnapshotWrites(false));
+ ASSERT_TRUE(sm->MapAllSnapshots(10s));
+
+ // Read bytes back and verify they match the cache.
+ ASSERT_TRUE(IsPartitionUnchanged("sys_b"));
+}
+
class FlashAfterUpdateTest : public SnapshotUpdateTest,
public WithParamInterface<std::tuple<uint32_t, bool>> {
public:
diff --git a/fs_mgr/libsnapshot/snapuserd_client.cpp b/fs_mgr/libsnapshot/snapuserd_client.cpp
index 35bb29b..5650139 100644
--- a/fs_mgr/libsnapshot/snapuserd_client.cpp
+++ b/fs_mgr/libsnapshot/snapuserd_client.cpp
@@ -51,6 +51,25 @@
return true;
}
+pid_t StartFirstStageSnapuserd() {
+ pid_t pid = fork();
+ if (pid < 0) {
+ PLOG(ERROR) << "fork failed";
+ return pid;
+ }
+ if (pid != 0) {
+ return pid;
+ }
+
+ std::string arg0 = "/system/bin/snapuserd";
+ std::string arg1 = kSnapuserdSocketFirstStage;
+ char* const argv[] = {arg0.data(), arg1.data(), nullptr};
+ if (execv(arg0.c_str(), argv) < 0) {
+ PLOG(FATAL) << "execv failed";
+ }
+ return pid;
+}
+
SnapuserdClient::SnapuserdClient(android::base::unique_fd&& sockfd) : sockfd_(std::move(sockfd)) {}
static inline bool IsRetryErrno() {
diff --git a/fs_mgr/libsnapshot/snapuserd_server.cpp b/fs_mgr/libsnapshot/snapuserd_server.cpp
index 6b8cdd9..6a89218 100644
--- a/fs_mgr/libsnapshot/snapuserd_server.cpp
+++ b/fs_mgr/libsnapshot/snapuserd_server.cpp
@@ -191,6 +191,8 @@
}
void SnapuserdServer::RunThread(DmUserHandler* handler) {
+ LOG(INFO) << "Entering thread for handler: " << handler->GetControlDevice();
+
while (!StopRequested()) {
if (handler->snapuserd()->Run() < 0) {
LOG(INFO) << "Snapuserd: Thread terminating as control device is de-registered";
@@ -198,6 +200,8 @@
}
}
+ LOG(INFO) << "Exiting thread for handler: " << handler->GetControlDevice();
+
if (auto client = RemoveHandler(handler->GetControlDevice())) {
// The main thread did not receive a WaitForDelete request for this
// control device. Since we transferred ownership within the lock,
diff --git a/fs_mgr/libsnapshot/utility.cpp b/fs_mgr/libsnapshot/utility.cpp
index d32b61e..4cae83a 100644
--- a/fs_mgr/libsnapshot/utility.cpp
+++ b/fs_mgr/libsnapshot/utility.cpp
@@ -91,7 +91,7 @@
}
}
-Return InitializeCow(const std::string& device) {
+Return InitializeKernelCow(const std::string& device) {
// When the kernel creates a persistent dm-snapshot, it requires a CoW file
// to store the modifications. The kernel interface does not specify how
// the CoW is used, and there is no standard associated.
diff --git a/fs_mgr/libsnapshot/utility.h b/fs_mgr/libsnapshot/utility.h
index e69bdad..482888a 100644
--- a/fs_mgr/libsnapshot/utility.h
+++ b/fs_mgr/libsnapshot/utility.h
@@ -112,7 +112,7 @@
android::fs_mgr::MetadataBuilder* builder, const std::string& suffix);
// Initialize a device before using it as the COW device for a dm-snapshot device.
-Return InitializeCow(const std::string& device);
+Return InitializeKernelCow(const std::string& device);
// "Atomically" write string to file. This is done by a series of actions:
// 1. Write to path + ".tmp"
diff --git a/fs_mgr/tests/adb-remount-test.sh b/fs_mgr/tests/adb-remount-test.sh
index e995888..f5bbe35 100755
--- a/fs_mgr/tests/adb-remount-test.sh
+++ b/fs_mgr/tests/adb-remount-test.sh
@@ -1380,9 +1380,9 @@
check_eq "${VENDOR_DEVT}" "`adb_sh stat --format=%D /vendor/hello </dev/null`" vendor devt after reboot
check_eq "${SYSTEM_INO}" "`adb_sh stat --format=%i /system/hello </dev/null`" system inode after reboot
check_eq "${VENDOR_INO}" "`adb_sh stat --format=%i /vendor/hello </dev/null`" vendor inode after reboot
-check_eq "${BASE_SYSTEM_DEVT}" "`adb_sh stat --format=%D /system/bin/stat </dev/null`" base system devt after reboot
-check_eq "${BASE_VENDOR_DEVT}" "`adb_sh stat --format=%D /vendor/bin/stat </dev/null`" base system devt after reboot
-check_eq "${BASE_SYSTEM_DEVT}" "`adb_sh stat --format=%D /system/xbin/su </dev/null`" devt for su after reboot
+check_eq "${BASE_SYSTEM_DEVT}" "`adb_sh stat --format=%D /system/bin/stat </dev/null`" --warning base system devt after reboot
+check_eq "${BASE_VENDOR_DEVT}" "`adb_sh stat --format=%D /vendor/bin/stat </dev/null`" --warning base vendor devt after reboot
+check_eq "${BASE_SYSTEM_DEVT}" "`adb_sh stat --format=%D /system/xbin/su </dev/null`" --warning devt for su after reboot
# Feed log with selinux denials as a result of overlays
adb_sh find ${MOUNTS} </dev/null >/dev/null 2>/dev/null
@@ -1509,8 +1509,8 @@
check_eq "${SYSTEM_DEVT}" "`adb_sh stat --format=%D /system/hello </dev/null`" system devt after reboot
check_eq "${SYSTEM_INO}" "`adb_sh stat --format=%i /system/hello </dev/null`" system inode after reboot
- check_eq "${BASE_SYSTEM_DEVT}" "`adb_sh stat --format=%D /system/bin/stat </dev/null`" base system devt after reboot
- check_eq "${BASE_SYSTEM_DEVT}" "`adb_sh stat --format=%D /system/xbin/su </dev/null`" devt for su after reboot
+ check_eq "${BASE_SYSTEM_DEVT}" "`adb_sh stat --format=%D /system/bin/stat </dev/null`" --warning base system devt after reboot
+ check_eq "${BASE_SYSTEM_DEVT}" "`adb_sh stat --format=%D /system/xbin/su </dev/null`" --warning devt for su after reboot
fi
diff --git a/init/first_stage_init.cpp b/init/first_stage_init.cpp
index 554f301..d2a952f 100644
--- a/init/first_stage_init.cpp
+++ b/init/first_stage_init.cpp
@@ -99,6 +99,34 @@
return cmdline.find("androidboot.force_normal_boot=1") != std::string::npos;
}
+// Move e2fsck before switching root, so that it is available at the same path
+// after switching root.
+void PrepareSwitchRoot() {
+ constexpr const char* src = "/system/bin/e2fsck";
+ constexpr const char* dst = "/first_stage_ramdisk/system/bin/e2fsck";
+
+ if (access(dst, X_OK) == 0) {
+ LOG(INFO) << dst << " already exists and it can be executed";
+ return;
+ }
+
+ if (access(src, F_OK) != 0) {
+ PLOG(INFO) << "Not moving " << src << " because it cannot be accessed";
+ return;
+ }
+
+ auto dst_dir = android::base::Dirname(dst);
+ std::error_code ec;
+ if (!fs::create_directories(dst_dir, ec)) {
+ LOG(FATAL) << "Cannot create " << dst_dir << ": " << ec.message();
+ }
+ if (rename(src, dst) != 0) {
+ PLOG(FATAL) << "Cannot move " << src << " to " << dst
+ << ". Either install e2fsck.ramdisk so that it is at the correct place (" << dst
+ << "), or make ramdisk writable";
+ }
+}
+
} // namespace
std::string GetModuleLoadList(bool recovery, const std::string& dir_path) {
@@ -298,6 +326,7 @@
if (ForceNormalBoot(cmdline)) {
mkdir("/first_stage_ramdisk", 0755);
+ PrepareSwitchRoot();
// SwitchRoot() must be called with a mount point as the target, so we bind mount the
// target directory to itself here.
if (mount("/first_stage_ramdisk", "/first_stage_ramdisk", nullptr, MS_BIND, nullptr) != 0) {
diff --git a/init/init.cpp b/init/init.cpp
index ea04494..c6f2066 100644
--- a/init/init.cpp
+++ b/init/init.cpp
@@ -53,6 +53,7 @@
#include <keyutils.h>
#include <libavb/libavb.h>
#include <libgsi/libgsi.h>
+#include <libsnapshot/snapshot.h>
#include <processgroup/processgroup.h>
#include <processgroup/setup.h>
#include <selinux/android.h>
@@ -94,6 +95,7 @@
using android::base::Timer;
using android::base::Trim;
using android::fs_mgr::AvbHandle;
+using android::snapshot::SnapshotManager;
namespace android {
namespace init {
@@ -722,6 +724,32 @@
}
}
+static Result<void> TransitionSnapuserdAction(const BuiltinArguments&) {
+ if (!SnapshotManager::IsSnapshotManagerNeeded() ||
+ !android::base::GetBoolProperty(android::snapshot::kVirtualAbCompressionProp, false)) {
+ return {};
+ }
+
+ auto sm = SnapshotManager::New();
+ if (!sm) {
+ LOG(FATAL) << "Failed to create SnapshotManager, will not transition snapuserd";
+ return {};
+ }
+
+ ServiceList& service_list = ServiceList::GetInstance();
+ auto svc = service_list.FindService("snapuserd");
+ if (!svc) {
+ LOG(FATAL) << "Failed to find snapuserd service, aborting transition";
+ return {};
+ }
+ svc->Start();
+
+ if (!sm->PerformSecondStageTransition()) {
+ LOG(FATAL) << "Failed to transition snapuserd to second-stage";
+ }
+ return {};
+}
+
int SecondStageMain(int argc, char** argv) {
if (REBOOT_BOOTLOADER_ON_PANIC) {
InstallRebootSignalHandlers();
@@ -847,6 +875,7 @@
SetProperty(gsi::kGsiInstalledProp, is_installed);
am.QueueBuiltinAction(SetupCgroupsAction, "SetupCgroups");
+ am.QueueBuiltinAction(TransitionSnapuserdAction, "TransitionSnapuserd");
am.QueueBuiltinAction(SetKptrRestrictAction, "SetKptrRestrict");
am.QueueBuiltinAction(TestPerfEventSelinuxAction, "TestPerfEventSelinux");
am.QueueEventTrigger("early-init");
diff --git a/init/security.cpp b/init/security.cpp
index 2450d65..ac784a3 100644
--- a/init/security.cpp
+++ b/init/security.cpp
@@ -19,6 +19,7 @@
#include <errno.h>
#include <fcntl.h>
#include <linux/perf_event.h>
+#include <selinux/selinux.h>
#include <sys/ioctl.h>
#include <sys/syscall.h>
#include <unistd.h>
@@ -222,6 +223,19 @@
// supporting kernels that precede the perf_event_open hooks (Android common
// kernels 4.4 and 4.9).
Result<void> TestPerfEventSelinuxAction(const BuiltinArguments&) {
+ // Special case: for *development devices* that boot with permissive
+ // SELinux, treat the LSM hooks as present for the effect of lowering the
+ // perf_event_paranoid sysctl. The sysprop is reused for pragmatic reasons,
+ // as there no existing way for init rules to check for permissive boot at
+ // the time of writing.
+ if (ALLOW_PERMISSIVE_SELINUX) {
+ if (!security_getenforce()) {
+ LOG(INFO) << "Permissive SELinux boot, forcing sys.init.perf_lsm_hooks to 1.";
+ SetProperty("sys.init.perf_lsm_hooks", "1");
+ return {};
+ }
+ }
+
// Use a trivial event that will be configured, but not started.
struct perf_event_attr pe = {
.type = PERF_TYPE_SOFTWARE,
diff --git a/libbacktrace b/libbacktrace
deleted file mode 120000
index 571194c..0000000
--- a/libbacktrace
+++ /dev/null
@@ -1 +0,0 @@
-../unwinding/libbacktrace
\ No newline at end of file
diff --git a/liblog b/liblog
deleted file mode 120000
index 71443ae..0000000
--- a/liblog
+++ /dev/null
@@ -1 +0,0 @@
-../logging/liblog
\ No newline at end of file
diff --git a/libpackagelistparser/Android.bp b/libpackagelistparser/Android.bp
index b56dcdb..c3f8692 100644
--- a/libpackagelistparser/Android.bp
+++ b/libpackagelistparser/Android.bp
@@ -1,5 +1,7 @@
cc_library {
name: "libpackagelistparser",
+ ramdisk_available: true,
+ vendor_ramdisk_available: true,
recovery_available: true,
srcs: ["packagelistparser.cpp"],
shared_libs: ["liblog"],
diff --git a/libprocessgroup/Android.bp b/libprocessgroup/Android.bp
index d101774..71e2b91 100644
--- a/libprocessgroup/Android.bp
+++ b/libprocessgroup/Android.bp
@@ -32,6 +32,8 @@
name: "libprocessgroup",
host_supported: true,
native_bridge_supported: true,
+ ramdisk_available: true,
+ vendor_ramdisk_available: true,
recovery_available: true,
vendor_available: true,
vndk: {
diff --git a/libprocessgroup/cgrouprc/Android.bp b/libprocessgroup/cgrouprc/Android.bp
index a107baa..bb59942 100644
--- a/libprocessgroup/cgrouprc/Android.bp
+++ b/libprocessgroup/cgrouprc/Android.bp
@@ -15,6 +15,8 @@
cc_library {
name: "libcgrouprc",
host_supported: true,
+ ramdisk_available: true,
+ vendor_ramdisk_available: true,
recovery_available: true,
// Do not ever mark this as vendor_available; otherwise, vendor modules
// that links to the static library will behave unexpectedly. All on-device
diff --git a/libprocessgroup/cgrouprc_format/Android.bp b/libprocessgroup/cgrouprc_format/Android.bp
index 559a869..6428930 100644
--- a/libprocessgroup/cgrouprc_format/Android.bp
+++ b/libprocessgroup/cgrouprc_format/Android.bp
@@ -15,6 +15,8 @@
cc_library_static {
name: "libcgrouprc_format",
host_supported: true,
+ ramdisk_available: true,
+ vendor_ramdisk_available: true,
recovery_available: true,
native_bridge_supported: true,
srcs: [
diff --git a/libprocessgroup/profiles/cgroups.json b/libprocessgroup/profiles/cgroups.json
index 4518487..5b7a28a 100644
--- a/libprocessgroup/profiles/cgroups.json
+++ b/libprocessgroup/profiles/cgroups.json
@@ -32,13 +32,6 @@
"Mode": "0700",
"UID": "root",
"GID": "system"
- },
- {
- "Controller": "schedtune",
- "Path": "/dev/stune",
- "Mode": "0755",
- "UID": "system",
- "GID": "system"
}
],
"Cgroups2": {
diff --git a/libprocessgroup/profiles/task_profiles.json b/libprocessgroup/profiles/task_profiles.json
index c4dbf8e..ea0064f 100644
--- a/libprocessgroup/profiles/task_profiles.json
+++ b/libprocessgroup/profiles/task_profiles.json
@@ -31,16 +31,6 @@
"File": "memory.swappiness"
},
{
- "Name": "STuneBoost",
- "Controller": "schedtune",
- "File": "schedtune.boost"
- },
- {
- "Name": "STunePreferIdle",
- "Controller": "schedtune",
- "File": "schedtune.prefer_idle"
- },
- {
"Name": "UClampMin",
"Controller": "cpu",
"File": "cpu.uclamp.min"
@@ -51,6 +41,11 @@
"File": "cpu.uclamp.max"
},
{
+ "Name": "UClampLatencySensitive",
+ "Controller": "cpu",
+ "File": "cpu.uclamp.latency_sensitive"
+ },
+ {
"Name": "FreezerState",
"Controller": "freezer",
"File": "cgroup.freeze"
@@ -65,7 +60,7 @@
"Name": "JoinCgroup",
"Params":
{
- "Controller": "schedtune",
+ "Controller": "cpu",
"Path": "background"
}
}
@@ -104,7 +99,7 @@
"Name": "JoinCgroup",
"Params":
{
- "Controller": "schedtune",
+ "Controller": "cpu",
"Path": ""
}
}
@@ -117,7 +112,7 @@
"Name": "JoinCgroup",
"Params":
{
- "Controller": "schedtune",
+ "Controller": "cpu",
"Path": "foreground"
}
}
@@ -130,7 +125,7 @@
"Name": "JoinCgroup",
"Params":
{
- "Controller": "schedtune",
+ "Controller": "cpu",
"Path": "top-app"
}
}
@@ -143,7 +138,7 @@
"Name": "JoinCgroup",
"Params":
{
- "Controller": "schedtune",
+ "Controller": "cpu",
"Path": "rt"
}
}
@@ -156,12 +151,25 @@
"Name": "JoinCgroup",
"Params":
{
- "Controller": "schedtune",
+ "Controller": "cpu",
"Path": "camera-daemon"
}
}
]
},
+ {
+ "Name": "NNApiHALPerformance",
+ "Actions": [
+ {
+ "Name": "JoinCgroup",
+ "Params":
+ {
+ "Controller": "cpu",
+ "Path": "nnapi-hal"
+ }
+ }
+ ]
+ },
{
"Name": "CpuPolicySpread",
@@ -170,7 +178,7 @@
"Name": "SetAttribute",
"Params":
{
- "Name": "STunePreferIdle",
+ "Name": "UClampLatencySensitive",
"Value": "1"
}
}
@@ -183,7 +191,7 @@
"Name": "SetAttribute",
"Params":
{
- "Name": "STunePreferIdle",
+ "Name": "UClampLatencySensitive",
"Value": "0"
}
}
diff --git a/libprocinfo b/libprocinfo
deleted file mode 120000
index dec8cf8..0000000
--- a/libprocinfo
+++ /dev/null
@@ -1 +0,0 @@
-../libprocinfo
\ No newline at end of file
diff --git a/libunwindstack b/libunwindstack
deleted file mode 120000
index 9a12403..0000000
--- a/libunwindstack
+++ /dev/null
@@ -1 +0,0 @@
-../unwinding/libunwindstack
\ No newline at end of file
diff --git a/rootdir/init.rc b/rootdir/init.rc
index 900edb4..746fc61 100644
--- a/rootdir/init.rc
+++ b/rootdir/init.rc
@@ -148,6 +148,27 @@
chmod 0664 /dev/stune/top-app/tasks
chmod 0664 /dev/stune/rt/tasks
+ # cpuctl hierarchy for devices using utilclamp
+ mkdir /dev/cpuctl/foreground
+ mkdir /dev/cpuctl/background
+ mkdir /dev/cpuctl/top-app
+ mkdir /dev/cpuctl/rt
+ chown system system /dev/cpuctl
+ chown system system /dev/cpuctl/foreground
+ chown system system /dev/cpuctl/background
+ chown system system /dev/cpuctl/top-app
+ chown system system /dev/cpuctl/rt
+ chown system system /dev/cpuctl/tasks
+ chown system system /dev/cpuctl/foreground/tasks
+ chown system system /dev/cpuctl/background/tasks
+ chown system system /dev/cpuctl/top-app/tasks
+ chown system system /dev/cpuctl/rt/tasks
+ chmod 0664 /dev/cpuctl/tasks
+ chmod 0664 /dev/cpuctl/foreground/tasks
+ chmod 0664 /dev/cpuctl/background/tasks
+ chmod 0664 /dev/cpuctl/top-app/tasks
+ chmod 0664 /dev/cpuctl/rt/tasks
+
# Create an stune group for NNAPI HAL processes
mkdir /dev/stune/nnapi-hal
chown system system /dev/stune/nnapi-hal
@@ -156,6 +177,14 @@
write /dev/stune/nnapi-hal/schedtune.boost 1
write /dev/stune/nnapi-hal/schedtune.prefer_idle 1
+ # cpuctl hierarchy for devices using utilclamp
+ mkdir /dev/cpuctl/nnapi-hal
+ chown system system /dev/cpuctl/nnapi-hal
+ chown system system /dev/cpuctl/nnapi-hal/tasks
+ chmod 0664 /dev/cpuctl/nnapi-hal/tasks
+ write /dev/cpuctl/nnapi-hal/cpu.uclamp.min 1
+ write /dev/cpuctl/nnapi-hal/cpu.uclamp.latency_sensitive 1
+
# Create blkio group and apply initial settings.
# This feature needs kernel to support it, and the
# device's init.rc must actually set the correct values.
diff --git a/shell_and_utilities/Android.bp b/shell_and_utilities/Android.bp
index f83c43e..5e013fe 100644
--- a/shell_and_utilities/Android.bp
+++ b/shell_and_utilities/Android.bp
@@ -51,3 +51,13 @@
"toybox_vendor",
],
}
+
+// shell and utilities for first stage console. The list of binaries are
+// enough for debugging purposes.
+phony {
+ name: "shell_and_utilities_vendor_ramdisk",
+ required: [
+ "sh.vendor_ramdisk",
+ "toybox.vendor_ramdisk",
+ ],
+}
diff --git a/trusty/fuzz/Android.bp b/trusty/fuzz/Android.bp
new file mode 100644
index 0000000..969431c
--- /dev/null
+++ b/trusty/fuzz/Android.bp
@@ -0,0 +1,42 @@
+// Copyright (C) 2020 The Android Open Source Project
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+// http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+
+cc_defaults {
+ name: "trusty_fuzzer_defaults",
+ static_libs: [
+ "libtrusty_fuzz_utils",
+ ],
+ shared_libs: [
+ "libbase",
+ "liblog",
+ ],
+ cflags: [
+ "-Wall",
+ "-Werror",
+ ],
+ fuzz_config: {
+ fuzz_on_haiku_device: false,
+ fuzz_on_haiku_host: false,
+ },
+}
+
+cc_library {
+ name: "libtrusty_fuzz_utils",
+ srcs: ["utils.cpp"],
+ export_include_dirs: ["include"],
+ shared_libs: [
+ "libbase",
+ "liblog",
+ ],
+}
diff --git a/trusty/fuzz/include/trusty/fuzz/utils.h b/trusty/fuzz/include/trusty/fuzz/utils.h
new file mode 100644
index 0000000..bca84e9
--- /dev/null
+++ b/trusty/fuzz/include/trusty/fuzz/utils.h
@@ -0,0 +1,50 @@
+/*
+ * Copyright (C) 2020 The Android Open Source Project
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+#pragma once
+
+#include <string>
+
+#include <android-base/result.h>
+#include <android-base/unique_fd.h>
+
+#define TIPC_MAX_MSG_SIZE PAGE_SIZE
+
+namespace android {
+namespace trusty {
+namespace fuzz {
+
+class TrustyApp {
+ public:
+ TrustyApp(std::string tipc_dev, std::string ta_port);
+
+ android::base::Result<void> Connect();
+ android::base::Result<void> Read(void* buf, size_t len);
+ android::base::Result<void> Write(const void* buf, size_t len);
+
+ android::base::Result<int> GetRawFd();
+
+ private:
+ std::string tipc_dev_;
+ std::string ta_port_;
+ android::base::unique_fd ta_fd_;
+};
+
+void Abort();
+
+} // namespace fuzz
+} // namespace trusty
+} // namespace android
diff --git a/trusty/fuzz/utils.cpp b/trusty/fuzz/utils.cpp
new file mode 100644
index 0000000..240afe7
--- /dev/null
+++ b/trusty/fuzz/utils.cpp
@@ -0,0 +1,152 @@
+/*
+ * Copyright (C) 2020 The Android Open Sourete Project
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+#define LOG_TAG "trusty-fuzz-utils"
+
+#include <trusty/fuzz/utils.h>
+
+#include <android-base/logging.h>
+#include <android-base/unique_fd.h>
+#include <linux/ioctl.h>
+#include <linux/types.h>
+#include <linux/uio.h>
+#include <log/log_read.h>
+#include <time.h>
+#include <iostream>
+
+using android::base::ErrnoError;
+using android::base::Error;
+using android::base::Result;
+using android::base::unique_fd;
+
+#define TIPC_IOC_MAGIC 'r'
+#define TIPC_IOC_CONNECT _IOW(TIPC_IOC_MAGIC, 0x80, char*)
+
+namespace {
+
+const size_t kTimeoutSeconds = 5;
+const std::string kTrustyLogTag = "trusty-log";
+
+const time_t kInitialTime = time(nullptr);
+
+void PrintTrustyLog() {
+ auto logger_list = android_logger_list_open(LOG_ID_KERNEL, ANDROID_LOG_NONBLOCK, 1000, 0);
+ if (logger_list == nullptr) {
+ std::cerr << "Could not open android kernel log\n";
+ return;
+ }
+
+ while (true) {
+ log_msg log_msg;
+ int rc = android_logger_list_read(logger_list, &log_msg);
+ if (rc < 0) {
+ break;
+ }
+ if (log_msg.entry.sec < kInitialTime) {
+ continue;
+ }
+ char* msg = log_msg.msg();
+ if (msg) {
+ std::string line(msg, log_msg.entry.len);
+ if (line.find(kTrustyLogTag) != std::string::npos) {
+ std::cerr << line.substr(kTrustyLogTag.length() + 2) << std::endl;
+ }
+ }
+ }
+
+ android_logger_list_free(logger_list);
+}
+
+} // namespace
+
+namespace android {
+namespace trusty {
+namespace fuzz {
+
+TrustyApp::TrustyApp(std::string tipc_dev, std::string ta_port)
+ : tipc_dev_(tipc_dev), ta_port_(ta_port), ta_fd_(-1) {}
+
+Result<void> TrustyApp::Connect() {
+ /*
+ * TODO: We can't use libtrusty because (yet)
+ * (1) cc_fuzz can't deal with vendor components (b/170753563)
+ * (2) We need non-blocking behavior to detect Trusty going down.
+ * (we could implement the timeout in the fuzzing code though, as
+ * it needs to be around the call to read())
+ */
+ alarm(kTimeoutSeconds);
+ int fd = open(tipc_dev_.c_str(), O_RDWR);
+ alarm(0);
+ if (fd < 0) {
+ return ErrnoError() << "failed to open TIPC device: ";
+ }
+ ta_fd_.reset(fd);
+
+ // This ioctl will time out in the kernel if it can't connect.
+ int rc = TEMP_FAILURE_RETRY(ioctl(ta_fd_, TIPC_IOC_CONNECT, ta_port_.c_str()));
+ if (rc < 0) {
+ return ErrnoError() << "failed to connect to TIPC service: ";
+ }
+
+ return {};
+}
+
+Result<void> TrustyApp::Read(void* buf, size_t len) {
+ if (ta_fd_ == -1) {
+ return Error() << "TA is not connected to yet: ";
+ }
+
+ alarm(kTimeoutSeconds);
+ int rc = read(ta_fd_, buf, len);
+ alarm(0);
+ if (rc < 0) {
+ return Error() << "failed to read TIPC message from TA: ";
+ }
+
+ return {};
+}
+
+Result<void> TrustyApp::Write(const void* buf, size_t len) {
+ if (ta_fd_ == -1) {
+ return Error() << "TA is not connected to yet: ";
+ }
+
+ alarm(kTimeoutSeconds);
+ int rc = write(ta_fd_, buf, len);
+ alarm(0);
+ if (rc < 0) {
+ return Error() << "failed to read TIPC message from TA: ";
+ }
+
+ return {};
+}
+
+Result<int> TrustyApp::GetRawFd() {
+ if (ta_fd_ == -1) {
+ return Error() << "TA is not connected to yet: ";
+ }
+
+ return ta_fd_;
+}
+
+void Abort() {
+ PrintTrustyLog();
+ exit(-1);
+}
+
+} // namespace fuzz
+} // namespace trusty
+} // namespace android
diff --git a/trusty/gatekeeper/fuzz/Android.bp b/trusty/gatekeeper/fuzz/Android.bp
new file mode 100644
index 0000000..7ffa776
--- /dev/null
+++ b/trusty/gatekeeper/fuzz/Android.bp
@@ -0,0 +1,24 @@
+// Copyright (C) 2020 The Android Open Source Project
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+// http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+
+cc_fuzz {
+ name: "trusty_gatekeeper_fuzzer",
+ defaults: ["trusty_fuzzer_defaults"],
+ srcs: ["fuzz.cpp"],
+
+ // The initial corpus for this fuzzer was derived by dumping messages from
+ // the `secure_env` emulator interface for cuttlefish while enrolling a new
+ // password in the emulator.
+ corpus: ["corpus/*"],
+}
diff --git a/trusty/gatekeeper/fuzz/corpus/gatekeeper-recv-2MMzSr b/trusty/gatekeeper/fuzz/corpus/gatekeeper-recv-2MMzSr
new file mode 100644
index 0000000..f3c1f79
--- /dev/null
+++ b/trusty/gatekeeper/fuzz/corpus/gatekeeper-recv-2MMzSr
Binary files differ
diff --git a/trusty/gatekeeper/fuzz/corpus/gatekeeper-recv-Et63W0 b/trusty/gatekeeper/fuzz/corpus/gatekeeper-recv-Et63W0
new file mode 100644
index 0000000..b3e6585
--- /dev/null
+++ b/trusty/gatekeeper/fuzz/corpus/gatekeeper-recv-Et63W0
Binary files differ
diff --git a/trusty/gatekeeper/fuzz/corpus/gatekeeper-recv-G41Iz8 b/trusty/gatekeeper/fuzz/corpus/gatekeeper-recv-G41Iz8
new file mode 100644
index 0000000..1cec413
--- /dev/null
+++ b/trusty/gatekeeper/fuzz/corpus/gatekeeper-recv-G41Iz8
Binary files differ
diff --git a/trusty/gatekeeper/fuzz/corpus/gatekeeper-recv-ItEoqJ b/trusty/gatekeeper/fuzz/corpus/gatekeeper-recv-ItEoqJ
new file mode 100644
index 0000000..85d38c7
--- /dev/null
+++ b/trusty/gatekeeper/fuzz/corpus/gatekeeper-recv-ItEoqJ
Binary files differ
diff --git a/trusty/gatekeeper/fuzz/corpus/gatekeeper-recv-MGXdfu b/trusty/gatekeeper/fuzz/corpus/gatekeeper-recv-MGXdfu
new file mode 100644
index 0000000..f8e1467
--- /dev/null
+++ b/trusty/gatekeeper/fuzz/corpus/gatekeeper-recv-MGXdfu
Binary files differ
diff --git a/trusty/gatekeeper/fuzz/corpus/gatekeeper-recv-Yq4f10 b/trusty/gatekeeper/fuzz/corpus/gatekeeper-recv-Yq4f10
new file mode 100644
index 0000000..c221077
--- /dev/null
+++ b/trusty/gatekeeper/fuzz/corpus/gatekeeper-recv-Yq4f10
Binary files differ
diff --git a/trusty/gatekeeper/fuzz/corpus/gatekeeper-recv-agxKZa b/trusty/gatekeeper/fuzz/corpus/gatekeeper-recv-agxKZa
new file mode 100644
index 0000000..1cec413
--- /dev/null
+++ b/trusty/gatekeeper/fuzz/corpus/gatekeeper-recv-agxKZa
Binary files differ
diff --git a/trusty/gatekeeper/fuzz/corpus/gatekeeper-recv-alhn2v b/trusty/gatekeeper/fuzz/corpus/gatekeeper-recv-alhn2v
new file mode 100644
index 0000000..1cec413
--- /dev/null
+++ b/trusty/gatekeeper/fuzz/corpus/gatekeeper-recv-alhn2v
Binary files differ
diff --git a/trusty/gatekeeper/fuzz/corpus/gatekeeper-recv-eVJFHV b/trusty/gatekeeper/fuzz/corpus/gatekeeper-recv-eVJFHV
new file mode 100644
index 0000000..f3c1f79
--- /dev/null
+++ b/trusty/gatekeeper/fuzz/corpus/gatekeeper-recv-eVJFHV
Binary files differ
diff --git a/trusty/gatekeeper/fuzz/corpus/gatekeeper-recv-et5K21 b/trusty/gatekeeper/fuzz/corpus/gatekeeper-recv-et5K21
new file mode 100644
index 0000000..f3c1f79
--- /dev/null
+++ b/trusty/gatekeeper/fuzz/corpus/gatekeeper-recv-et5K21
Binary files differ
diff --git a/trusty/gatekeeper/fuzz/corpus/gatekeeper-recv-gun5YX b/trusty/gatekeeper/fuzz/corpus/gatekeeper-recv-gun5YX
new file mode 100644
index 0000000..1cec413
--- /dev/null
+++ b/trusty/gatekeeper/fuzz/corpus/gatekeeper-recv-gun5YX
Binary files differ
diff --git a/trusty/gatekeeper/fuzz/corpus/gatekeeper-recv-kXw1R9 b/trusty/gatekeeper/fuzz/corpus/gatekeeper-recv-kXw1R9
new file mode 100644
index 0000000..1cec413
--- /dev/null
+++ b/trusty/gatekeeper/fuzz/corpus/gatekeeper-recv-kXw1R9
Binary files differ
diff --git a/trusty/gatekeeper/fuzz/corpus/gatekeeper-recv-moapss b/trusty/gatekeeper/fuzz/corpus/gatekeeper-recv-moapss
new file mode 100644
index 0000000..85d38c7
--- /dev/null
+++ b/trusty/gatekeeper/fuzz/corpus/gatekeeper-recv-moapss
Binary files differ
diff --git a/trusty/gatekeeper/fuzz/corpus/gatekeeper-recv-u5QySb b/trusty/gatekeeper/fuzz/corpus/gatekeeper-recv-u5QySb
new file mode 100644
index 0000000..09f9d74
--- /dev/null
+++ b/trusty/gatekeeper/fuzz/corpus/gatekeeper-recv-u5QySb
Binary files differ
diff --git a/trusty/gatekeeper/fuzz/corpus/gatekeeper-recv-uZtvkq b/trusty/gatekeeper/fuzz/corpus/gatekeeper-recv-uZtvkq
new file mode 100644
index 0000000..1cec413
--- /dev/null
+++ b/trusty/gatekeeper/fuzz/corpus/gatekeeper-recv-uZtvkq
Binary files differ
diff --git a/trusty/gatekeeper/fuzz/corpus/gatekeeper-recv-w5G2SF b/trusty/gatekeeper/fuzz/corpus/gatekeeper-recv-w5G2SF
new file mode 100644
index 0000000..d42956d
--- /dev/null
+++ b/trusty/gatekeeper/fuzz/corpus/gatekeeper-recv-w5G2SF
Binary files differ
diff --git a/trusty/gatekeeper/fuzz/corpus/gatekeeper-recv-y3H74x b/trusty/gatekeeper/fuzz/corpus/gatekeeper-recv-y3H74x
new file mode 100644
index 0000000..1cec413
--- /dev/null
+++ b/trusty/gatekeeper/fuzz/corpus/gatekeeper-recv-y3H74x
Binary files differ
diff --git a/trusty/gatekeeper/fuzz/corpus/gatekeeper-recv-yALfeS b/trusty/gatekeeper/fuzz/corpus/gatekeeper-recv-yALfeS
new file mode 100644
index 0000000..f3c1f79
--- /dev/null
+++ b/trusty/gatekeeper/fuzz/corpus/gatekeeper-recv-yALfeS
Binary files differ
diff --git a/trusty/gatekeeper/fuzz/corpus/gatekeeper-send-2S1GLi b/trusty/gatekeeper/fuzz/corpus/gatekeeper-send-2S1GLi
new file mode 100644
index 0000000..08b3449
--- /dev/null
+++ b/trusty/gatekeeper/fuzz/corpus/gatekeeper-send-2S1GLi
Binary files differ
diff --git a/trusty/gatekeeper/fuzz/corpus/gatekeeper-send-4j7hUc b/trusty/gatekeeper/fuzz/corpus/gatekeeper-send-4j7hUc
new file mode 100644
index 0000000..5507400
--- /dev/null
+++ b/trusty/gatekeeper/fuzz/corpus/gatekeeper-send-4j7hUc
Binary files differ
diff --git a/trusty/gatekeeper/fuzz/corpus/gatekeeper-send-6hsSQG b/trusty/gatekeeper/fuzz/corpus/gatekeeper-send-6hsSQG
new file mode 100644
index 0000000..ffa74cb
--- /dev/null
+++ b/trusty/gatekeeper/fuzz/corpus/gatekeeper-send-6hsSQG
Binary files differ
diff --git a/trusty/gatekeeper/fuzz/corpus/gatekeeper-send-E8CE7b b/trusty/gatekeeper/fuzz/corpus/gatekeeper-send-E8CE7b
new file mode 100644
index 0000000..21cdd9c
--- /dev/null
+++ b/trusty/gatekeeper/fuzz/corpus/gatekeeper-send-E8CE7b
Binary files differ
diff --git a/trusty/gatekeeper/fuzz/corpus/gatekeeper-send-GEDmHj b/trusty/gatekeeper/fuzz/corpus/gatekeeper-send-GEDmHj
new file mode 100644
index 0000000..23a8c08
--- /dev/null
+++ b/trusty/gatekeeper/fuzz/corpus/gatekeeper-send-GEDmHj
Binary files differ
diff --git a/trusty/gatekeeper/fuzz/corpus/gatekeeper-send-MpwDEN b/trusty/gatekeeper/fuzz/corpus/gatekeeper-send-MpwDEN
new file mode 100644
index 0000000..1795d09
--- /dev/null
+++ b/trusty/gatekeeper/fuzz/corpus/gatekeeper-send-MpwDEN
Binary files differ
diff --git a/trusty/gatekeeper/fuzz/corpus/gatekeeper-send-Qutf8O b/trusty/gatekeeper/fuzz/corpus/gatekeeper-send-Qutf8O
new file mode 100644
index 0000000..4f69edf
--- /dev/null
+++ b/trusty/gatekeeper/fuzz/corpus/gatekeeper-send-Qutf8O
Binary files differ
diff --git a/trusty/gatekeeper/fuzz/corpus/gatekeeper-send-Sg1WMt b/trusty/gatekeeper/fuzz/corpus/gatekeeper-send-Sg1WMt
new file mode 100644
index 0000000..ba6d1cb
--- /dev/null
+++ b/trusty/gatekeeper/fuzz/corpus/gatekeeper-send-Sg1WMt
Binary files differ
diff --git a/trusty/gatekeeper/fuzz/corpus/gatekeeper-send-U6Y1My b/trusty/gatekeeper/fuzz/corpus/gatekeeper-send-U6Y1My
new file mode 100644
index 0000000..631ef79
--- /dev/null
+++ b/trusty/gatekeeper/fuzz/corpus/gatekeeper-send-U6Y1My
Binary files differ
diff --git a/trusty/gatekeeper/fuzz/corpus/gatekeeper-send-WdSRky b/trusty/gatekeeper/fuzz/corpus/gatekeeper-send-WdSRky
new file mode 100644
index 0000000..02d4820
--- /dev/null
+++ b/trusty/gatekeeper/fuzz/corpus/gatekeeper-send-WdSRky
Binary files differ
diff --git a/trusty/gatekeeper/fuzz/corpus/gatekeeper-send-Ypw6WP b/trusty/gatekeeper/fuzz/corpus/gatekeeper-send-Ypw6WP
new file mode 100644
index 0000000..6d7574f
--- /dev/null
+++ b/trusty/gatekeeper/fuzz/corpus/gatekeeper-send-Ypw6WP
Binary files differ
diff --git a/trusty/gatekeeper/fuzz/corpus/gatekeeper-send-Yyj4Af b/trusty/gatekeeper/fuzz/corpus/gatekeeper-send-Yyj4Af
new file mode 100644
index 0000000..47f518d
--- /dev/null
+++ b/trusty/gatekeeper/fuzz/corpus/gatekeeper-send-Yyj4Af
Binary files differ
diff --git a/trusty/gatekeeper/fuzz/corpus/gatekeeper-send-amyF62 b/trusty/gatekeeper/fuzz/corpus/gatekeeper-send-amyF62
new file mode 100644
index 0000000..3a5fdf5
--- /dev/null
+++ b/trusty/gatekeeper/fuzz/corpus/gatekeeper-send-amyF62
Binary files differ
diff --git a/trusty/gatekeeper/fuzz/corpus/gatekeeper-send-gu8ziA b/trusty/gatekeeper/fuzz/corpus/gatekeeper-send-gu8ziA
new file mode 100644
index 0000000..bab5da1
--- /dev/null
+++ b/trusty/gatekeeper/fuzz/corpus/gatekeeper-send-gu8ziA
Binary files differ
diff --git a/trusty/gatekeeper/fuzz/corpus/gatekeeper-send-iCATsM b/trusty/gatekeeper/fuzz/corpus/gatekeeper-send-iCATsM
new file mode 100644
index 0000000..fae9173
--- /dev/null
+++ b/trusty/gatekeeper/fuzz/corpus/gatekeeper-send-iCATsM
Binary files differ
diff --git a/trusty/gatekeeper/fuzz/corpus/gatekeeper-send-kawT3I b/trusty/gatekeeper/fuzz/corpus/gatekeeper-send-kawT3I
new file mode 100644
index 0000000..51e3630
--- /dev/null
+++ b/trusty/gatekeeper/fuzz/corpus/gatekeeper-send-kawT3I
Binary files differ
diff --git a/trusty/gatekeeper/fuzz/corpus/gatekeeper-send-sYFzM5 b/trusty/gatekeeper/fuzz/corpus/gatekeeper-send-sYFzM5
new file mode 100644
index 0000000..173d77e
--- /dev/null
+++ b/trusty/gatekeeper/fuzz/corpus/gatekeeper-send-sYFzM5
Binary files differ
diff --git a/trusty/gatekeeper/fuzz/corpus/gatekeeper-send-yNFMdn b/trusty/gatekeeper/fuzz/corpus/gatekeeper-send-yNFMdn
new file mode 100644
index 0000000..96f9e42
--- /dev/null
+++ b/trusty/gatekeeper/fuzz/corpus/gatekeeper-send-yNFMdn
Binary files differ
diff --git a/trusty/gatekeeper/fuzz/fuzz.cpp b/trusty/gatekeeper/fuzz/fuzz.cpp
new file mode 100644
index 0000000..f8ec931
--- /dev/null
+++ b/trusty/gatekeeper/fuzz/fuzz.cpp
@@ -0,0 +1,55 @@
+/*
+ * Copyright (C) 2020 The Android Open Source Project
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+#undef NDEBUG
+
+#include <assert.h>
+#include <log/log.h>
+#include <stdlib.h>
+#include <trusty/fuzz/utils.h>
+#include <unistd.h>
+
+#define TIPC_DEV "/dev/trusty-ipc-dev0"
+#define GATEKEEPER_PORT "com.android.trusty.gatekeeper"
+
+extern "C" int LLVMFuzzerTestOneInput(const uint8_t* data, size_t size) {
+ static uint8_t buf[TIPC_MAX_MSG_SIZE];
+
+ android::trusty::fuzz::TrustyApp ta(TIPC_DEV, GATEKEEPER_PORT);
+
+ auto ret = ta.Connect();
+ /*
+ * If we can't connect, then assume TA crashed.
+ * TODO: Get some more info, e.g. stacks, to help Haiku dedup crashes.
+ */
+ if (!ret.ok()) {
+ android::trusty::fuzz::Abort();
+ }
+
+ /* Send message to test server */
+ ret = ta.Write(data, size);
+ if (!ret.ok()) {
+ return -1;
+ }
+
+ /* Read message from test server */
+ ret = ta.Read(&buf, sizeof(buf));
+ if (!ret.ok()) {
+ return -1;
+ }
+
+ return 0;
+}