Commit Graph

55483 Commits

Author SHA1 Message Date
Davide Pallotti 2acd25a33d Make OSTREAM_STRING_POINTER_USAGE_WARNING build even with GCC
This is for projects built with GCC that import parts of Android that,
despite not having Android-specific dependencies, still end up
depending on logging.h.
Also removes outdated notes.

Change-Id: I5a47b302bcaeeb935592d8fc7ad2fe5068d226c3
2020-01-21 10:54:36 +01:00
Woody Chow 7fb93c168e Fix unsigned integer overflow of i, which gives SIGABRT
Bug: 147640670
Test: None

Change-Id: I157aacbf9ddaa6a91eccd940573cf187b58e8d5e
2020-01-21 02:00:54 +00:00
Satoshi Niwa 1eb300dca5 init: Fix a bug in MountDir
mkdir always returns -1 for any types of errors.
errno should be checked for actual error type.

Test: m
Change-Id: I1b56d48ba48992a2f9629dc09d795c277b5b774d
2020-01-20 18:00:49 +09:00
Treehugger Robot 0852b10b37 Merge "[vts-core] Make VtsKernelLibcutilsTest runnable by base TradeFed" 2020-01-20 02:32:56 +00:00
Josh Gao 55c7ed4e2e debuggerd_handler: increase thread stack size.
1 page isn't enough to log on AArch64, and clean pages are free, so
increase the stack size to 8 pages.

Bug: http://b/144887737
Test: treehugger
Change-Id: I731b3bc27ab37f4b830a9478a04cd34d4f7648d3
2020-01-17 17:25:30 -08:00
Janis Danisevskis 8fe0cfb098 First working version of the confirmationui HAL service
This implementation does not provide any security guaranties.
 * The input method (NotSoSecureInput) runs a crypto protocols that is
   sufficiently secure IFF the end point is implemented on a trustworthy
   secure input device. But since the endpoint is currently in the HAL
   service itself this implementation is not secure.
 * This implementation provides most of the functionality, but not the
   secure UI infrastructure required to run Android Protected
   Confirmation.

Bug: 146078942
Test: VtsHalConfirmationUIV1_0TargetTest
Change-Id: I14717b5fa4ef15db960cdd506b8c6fe5369aec8d
2020-01-17 16:34:48 -08:00
Yabin Cui 1c22b4fedf libprocinfo: remove error msg for unknown process state.
Unknown process states are expected since libprocinfo doesn't
list all process states in
https://github.com/torvalds/linux/blob/master/fs/proc/array.c#L130.
So remove error message for unknown state.

Bug: none
Test: run libprocinfo_test.
Change-Id: I321893855235367e037afd58ccb63d5140619095
2020-01-17 15:55:13 -08:00
Steven Moreland 306f8b5713 libutils: sp lh comparison w/ pointer
Perhaps the better question is, why have I 100s of times, typed
"ASSERT_NE(nullptr, foo)" for sp<> foo, and got a compiler error and
then change it to "foo.get()". This CL so we can stop wasting cycles
with that error.

Fixes: 147842528
Test: libutils_test
Change-Id: Id63b29d2a1ff3077201a62b69d864c5a826c47e0
2020-01-17 22:50:30 +00:00
Yifan Hong b37311d4dd SnapshotManager::Return -> Return
Now that the class becomes more complicated, move it out
of SnapshotManager.

Also, make it independent of FiemapStatus. libsnapshot and
libfiemap has different return classes.

Test: libsnapshot_test
Change-Id: If340959ba60bcd51c36e2b48f4d11c149ead907a
2020-01-17 14:43:27 -08:00
Oli Lan d6289bdf13 Merge "Give x permission on apex data directories." 2020-01-17 17:08:21 +00:00
Alessio Balsini fb58f0d45a When encountered an unexpected status, mention it
Instead of just mentioning that something wrong has been found when
parsing UpdateState, also log the value of the erroneous status.

Bug: none
Test: m
Change-Id: I487a115a9347199059a684ef682bec79fa5f26a9
Signed-off-by: Alessio Balsini <balsini@google.com>
2020-01-17 16:56:05 +00:00
Treehugger Robot 0a86d01080 Merge changes Ibb4b4ca4,I31572afa
* changes:
  llkd: test: llkd.sleep also check for __arm64_sys_openat
  llkd: requires sys_admin permissions
2020-01-17 15:39:45 +00:00
Marco Ballesio 11159b5214 Merge "llkd: ignore frozen processes" 2020-01-17 15:35:20 +00:00
Nikita Ioffe a36f7c1f93 Merge "Fix ota test case" 2020-01-17 12:18:53 +00:00
Oli Lan 90c523b30b Give x permission on apex data directories.
This gives search (x) permission on the parent apex data
directory /data/misc/apexdata so that directories below it
may be opened. It also gives that permission on the apex
data directories themselves.

Bug: 147848983
Test: Build & flash, check perms are correct
Change-Id: I27c4ea01602002c89d0771a144265e3879d9041a
2020-01-17 11:41:04 +00:00
Treehugger Robot d82d9851de Merge "Add version #29 and #30 to liblog" 2020-01-17 03:11:11 +00:00
nelsonli d83f390896 [vts-core] Make VtsKernelLibcutilsTest runnable by base TradeFed
Create KernelLibcutilsTest and add it to vts-core.
VtsKernelLibcutilsTest just run the test of libcutils_test_static
and filter-out all of the test except AshmemTest#. We can just use the
include-filter to do the same thing.

Bug: 147789274
Test: atest KernelLibcutilsTest
Change-Id: Idb5cee3596bf063c2419f1a11055a17ad3075e26
2020-01-17 09:48:58 +08:00
Junyong Sun 1ffccf5c8b adb: windows: fix adb execute root cmd with no tips
fwrite can cross windows platform to show log on terminal,
so we use it instead of WriteFdExactly.

Change-Id: I252c15a0bc72e1dbd98b7b5ec8000ecdcde16416
Signed-off-by: Junyong Sun <sunjy516@gmail.com>
2020-01-17 09:39:21 +08:00
Elliott Hughes 22690af334 Update shell_and_utilities docs for R.
Change-Id: I4db2aea050f101d2594242336d0413662fd2f0f3
2020-01-16 15:54:16 -08:00
Treehugger Robot 4659cdaf5c Merge "Add user for credstore." 2020-01-16 23:07:35 +00:00
Marco Ballesio 38c735e6ef llkd: ignore frozen processes
verify a process frozen state by reading its frezer cgroup value and
don't consider it as loop-locked if frozen.

Bug: 145698592
Test: llkd_unit_test
Test: Manually froze a few processes and waited for llkd timeout, verifying that
      no processes are killed, no reboot or ramdump occur and no llkd events are
      logged.
Change-Id: Iea02cd86dbd1df0e6658d02581aa4bb9b658f107
2020-01-16 22:55:37 +00:00
Nikita Ioffe c3ea429112 Fix ota test case
It was failing with:
build/make/core/main.mk:2: Calling make directly is no longer supported.
build/make/core/main.mk:3: Either use 'envsetup.sh; m' or 'build/soong/soong_ui.bash --make-mode'
build/make/core/main.mk:4: *** done.  Stop.

Test: system/core/bootstat/boot_reason_test.sh ota
Change-Id: I4fea25f1c09e6ec2f346b6de3749699e254ffd26
2020-01-16 20:14:25 +00:00
Chong Zhang 265eee2006 Add version #29 and #30 to liblog
bug: 147759770
test: build
Change-Id: I38bcab9bc14088adbdbc3a92620f89a6fe397994
2020-01-16 11:11:44 -08:00
David Zeuthen e83f386653 Add user for credstore.
The credstore system daemon is running as an unprivileged user. This
CL adds this user and also creates a directory (/data/misc/credstore/)
where this daemon can store its data.

Bug: 111446262
Test: N/A
Change-Id: I8da2c32dd04fef797870b8a7bbc5e499bed71f9e
2020-01-16 07:32:04 -05:00
Howard Chen 62f35129d4 Merge "Refine the first stage mount for DSU" 2020-01-16 05:33:09 +00:00
Tom Cherry f633b62b63 Merge "Require liblog for libbase in all configurations" 2020-01-15 23:20:07 +00:00
Nikita Ioffe 661c77be0f Merge "Don't reboot into recovery during userspace reboot" 2020-01-15 22:22:18 +00:00
Ryan Savitski f0f7e70186 init: add builtin check for perf_event LSM hooks
Historically, the syscall was controlled by a system-wide
perf_event_paranoid sysctl, which is not flexible enough to allow only
specific processes to use the syscall. However, SELinux support for the
syscall has been upstreamed recently[1] (and is being backported to
Android R release common kernels).
[1] da97e18458

As the presence of these hooks is not guaranteed on all Android R
platforms (since we support upgrades while keeping an older kernel), we
need to test for the feature dynamically. The LSM hooks themselves have
no way of being detected directly, so we instead test for their effects,
so we perform several syscalls, and look for a specific success/failure
combination, corresponding to the platform's SELinux policy.

If hooks are detected, perf_event_paranoid is set to -1 (unrestricted),
as the SELinux policy is then sufficient to control access.

This is done within init for several reasons:
* CAP_SYS_ADMIN side-steps perf_event_paranoid, so the tests can be done
  if non-root users aren't allowed to use the syscall (the default).
* init is already the setter of the paranoid value (see init.rc), which
  is also a privileged operation.
* the test itself is simple (couple of syscalls), so having a dedicated
  test binary/domain felt excessive.

I decided to go through a new sysprop (set by a builtin test in
second-stage init), and keeping the actuation in init.rc. We can change
it to an immediate write to the paranoid value if a use-case comes up
that requires the decision to be made earlier in the init sequence.

Bug: 137092007
Change-Id: Ib13a31fee896f17a28910d993df57168a83a4b3d
2020-01-15 20:58:15 +00:00
Treehugger Robot 6e016ef80e Merge "libcutils: fallback to /dev/ashmem" 2020-01-15 19:48:26 +00:00
Treehugger Robot ec7be0dc0f Merge "Create /mnt/data_mirror/cur_profiles in init.rc" 2020-01-15 19:47:52 +00:00
Mark Salyzyn 92f7bbfbe5 llkd: test: llkd.sleep also check for __arm64_sys_openat
4.19 kernel reported __arm64_sys_openat instead of SyS_openat, so
the test for llkd.sleep also needs to check for that as well.

Signed-off-by: Mark Salyzyn <salyzyn@google.com>
Bug: 147486902
Test: llkd_unit_test
Change-Id: Ibb4b4ca45391e35fd03fcb8e7ccea01f547b76e1
2020-01-15 09:08:48 -08:00
Mark Salyzyn be2e2f2beb llkd: requires sys_admin permissions
As a result of commit f8a00cef17206ecd1b30d3d9f99e10d9fa707aa7
("proc: restrict kernel stack dumps to root")
the userdebug feature where llkd can monitor for live lock
signatures in the stack traces broke.

So now userdebug variant of llkd requires sys_admin permissions.

Signed-off-by: Mark Salyzyn <salyzyn@google.com>
Test: llkd_unit_test
Bug: 147486902
Change-Id: I31572afa08daa490a69783855bce55313eaed96c
2020-01-15 09:08:48 -08:00
Alessio Balsini 30c681dd37 Snapshot merge progress percentage
Compute and print the progress percentage of the dm-snapshot devices
merging after an update is marked as successful.
All the snapshot devices are queried for their update states and all
their allocated, metadata and total sectors are summed as if the system
consists of a single big snapshot device, as well as the initial
allocated sectors to keep trace of the absolute progress. Then the merge
percentage is computed on the numbers for this fake snapshot device.

Bug: 139088917
Test: manual OTA
Change-Id: Ia9a51742105c90b7fd043f3cbf4249877def7f08
Signed-off-by: Alessio Balsini <balsini@google.com>
2020-01-15 16:32:37 +00:00
Nikita Ioffe 05506f05b6 Don't reboot into recovery during userspace reboot
In case one of the cryptfs calls to vdc fails, first try a normal
reboot.

Test: manual
Bug: 135984674
Bug: 143970043
Change-Id: I5706d9cd6c3a08fa06329ffb7d141de632620e3d
2020-01-15 16:27:39 +00:00
Tom Cherry e2dad0a296 Merge "liblog: remove log_portability.h" 2020-01-15 16:10:30 +00:00
Tom Cherry 2ea787137f Merge "liblog: use libbase_headers for TEMP_FAILURE_RETRY" 2020-01-15 16:09:45 +00:00
Nikita Ioffe 60ddf3a29a Merge "Change scope of ro.init.userspace_reboot.is_supported to public" 2020-01-15 14:14:08 +00:00
Treehugger Robot 5c63dc9322 Merge "Refactor update status management as protobuf" 2020-01-15 14:04:25 +00:00
Treehugger Robot e4505960b9 Merge "Disable dm-verity hash prefetching." 2020-01-15 13:13:01 +00:00
Treehugger Robot f7593a9a2a Merge "[incrementa;] set mode and encryption for /data/incremental" 2020-01-15 02:58:02 +00:00
Treehugger Robot aba02dbe6e Merge "remove deprecated bp 'subdirs'" 2020-01-15 01:37:27 +00:00
Yifan Hong 38f3706ab3 Merge "fastboot: Mount /metadata before overlayfs teardown." 2020-01-15 01:31:59 +00:00
Peter Collingbourne 9ef741ccac Merge "Add unique_fd::operator{==,!=} overloads that take a unique_fd." 2020-01-15 01:24:01 +00:00
Tom Cherry acd17330df Merge changes from topic "remove-log_to"
* changes:
  base: remove LOG_TO(), PLOG_TO() and LOG_STREAM_TO() macros
  storaged: replace LOG_TO() macros with LOG()
2020-01-14 22:16:57 +00:00
Steven Moreland e40e4270e8 remove deprecated bp 'subdirs'
noticed some, so thought I would remove them everywhere here

Bug: N/A
Test: N/A
Change-Id: I2978673b158d6c253914ea22f7f0129e446a5f91
2020-01-14 12:18:40 -08:00
Steven Moreland 4f99dd3af1 libcutils: fallback to /dev/ashmem
For a Q APEX built with use_vendor, rather than using AIDL to talk to
ashmemd, it would directly open /dev/ashmem. R libcutils does ashmem
differently, but in order to allow R-built APEXes to replace this
category of APEXes, falling back to /dev/ashmem.

Fixes: 147363115
Test: tested on Q in swcodec APEX
Change-Id: I625e46b15fee6649251ab9be7a1bbe11c5427525
2020-01-14 18:19:10 +00:00
Tom Cherry 02ff976065 liblog: remove log_portability.h
__BEGIN_DECLS and __END_DECLS are all that are left, and I can compile
with using normal <sys/cdefs.h>, so hopefully we can remove this at
last.

Test: build
Change-Id: I6df7ef0da027bb91c98806e0f9661d7416ebaa5d
2020-01-14 09:56:30 -08:00
Tom Cherry 121292dd81 liblog: use libbase_headers for TEMP_FAILURE_RETRY
Test: build
Change-Id: Id3b57ff0327d4632e91960e5e70f3aa21992ed15
2020-01-14 09:56:25 -08:00
Nikita Ioffe 10cdc17283 Change scope of ro.init.userspace_reboot.is_supported to public
Test: atest CtsUserspaceRebootHostSideTestCases
Test: m checkbuild
Bug: 135984674
Change-Id: Ie11c6720ee21afef99b4b53415da00d8c1e446ca
2020-01-14 12:42:48 +00:00
Nikita Ioffe 07892ea610 Merge "Reduce log spam when unmounting /data" 2020-01-14 10:05:33 +00:00