StrongPointer_test.cpp's Foo was colliding with RefBase_test.cpp's
Foo.
Test: out/host/linux-x86/nativetest64/libutils_tests/libutils_tests
from later CL
Change-Id: I2a4e956c88a07cec72d7ce734cf06c58134a4235
I385a05a3ca01258e44fe3b37ef77e4aaff547b26 broke Singleton in the
same way that 544e3e3606 had already
fixed once. Fix it again, the next CL will add tests.
This affected cases where two libraries referenced the same singleton,
the one that was supposed to define the singleton was already loaded,
and then the second library was dlopen'd.
Bug: 35674422
Test: out/host/linux-x86/nativetest64/libutils_tests/libutils_tests
from later CL
Change-Id: I87c64f95ed294a887e67a6c11be3072299789f01
verity toggle through adb failed to work for early mount due to fstab
entries being moved into kernel/dt. This change fixes that by using the
new fs_mgr_read_fstab_default() api that will make sure all fstab
entries (from dt as well as from /fstab.{ro.hardware}) are combined
before returning the fstab object.
b/27805372
Test: early mount /system and /vendor on angler.
- test adb disable-verity && adb root to ensure rebooted instance
doesn't have 'partition.system.verified' property set. i.e. verity is
indeed disabled.
- test adb enable-verity && adb root to ensure rebooted instance does
have 'partition.system.verified' property set, i.e. verity is enabled.
also verified by trying to do 'adb remount' which correctly warns about
verity
Change-Id: Iffdcc0a0b959a65c326219bd4e9e41cba9ec7c88
Signed-off-by: Sandeep Patil <sspatil@google.com>
With init parsing fstab fragments from kernel separately, the fs_mgr
would completely miss the device tree entries. That leads to things like
'adb remount' to go through without warning for verity even if /system
is verified. This happens because 'verity_update_state' completely
misses the partitions passed to android through the device tree.
solution is to teach fs_mgr about device tree fstab entries and add 2
new public APIs.
1. fs_mgr_read_fstab_dt() - reads device tree and returns fstab
generated from it.
2. fs_mgr_read_fstab_default() - reads both device tree fstab and
/fstab.{ro.hardware} and returns the combined table.
This also reduces the hardcoded /fstab.{ro.hardware} occurence only to
fs_mgr and for eveyone who wants to read the "default" fstab must be
changed to call fs_mgr_read_fstab_default() instead. e.g. adb.
b/27805372
Test: Angler was used since it has 2 early mounted partitions instead of
one. 1 verified and 1 unverified.
- Boot angler successfully without early mount
- Boot angler successfully with /vendor early mount and test if 'adb
remount' warns us about verity
- Boot angler successfully with both /system and /vendor early mounted
and ensure 'adb remount' warns us about verity.
- check partitions.system.verified status after /system early mount ot
ensure it is set to VERITY_MODE_DEFAULT.
- 'adb disable-verity' with early mounted /system doesn't work due to
missing changes in adb
TODO:
change adb to use the new fs_mgr_read_fstab_default() API
Change-Id: I82038d87c7a44488e938acce2cc1082c08f6f73a
Signed-off-by: Sandeep Patil <sspatil@google.com>
The clang static analyzer is complaining that we are not checking the
setegid() return value, so let's add these checks. We should never
fail to return to AID_ROOT, so fail hard in this case.
Bug: 26962034
Test: Boot bullhead
Test: export WITH_STATIC_ANALYZER=1 and run 'mm' in the project directory
Change-Id: I62e95b045c5734305c71502871b6cf17f152edbc
Changes to the REALTIME clock can cause Condition::waitRelative() to
timeout early or delayed. This behavior is undesired and new since
https://android-review.googlesource.com/#/c/181058/ moved the
underlying pthread_cond_timedwait() implementation to use absolute
timeouts rather than relative ones. Having Condition use
CLOCK_MONOTONIC prevents these timeout issues.
Bug: 34592766
Bug: 35678943
Test: Boot bullhead
Test: Ensure time changes do not cause Condition::waitRelative() to
timeout early or delayed
Change-Id: I3a8d7a48f9b42fe990c3c7331313b6d85aa546f9
* changes:
fs_mgr: add a generic fs_mgr_get_boot_config internal API
init: early_mount: create device node for verity metadata partition
init: early_mount: disallow partitions to be verified at boot
init: early_mount: add support to mount verity enabled partitions early
fs_mgr: make fs_mgr_setup_verity public API
fs_mgr: fix the fs_mgr_setup_verity param name
init: refactor to allow successive device_init calls
fs_mgr: add fs_mgr_do_mount_one() API
Add a 'host-features' command to get the features of the currently
running host adb server. Abuse it to report libusb status.
Bug: http://b/34983123
Test: adb host-features; adb kill-server; ADB_LIBUSB=1 adb start-server; adb host-features
Change-Id: I0e8d503a2dbdff9002ebb6ce8a298498a9421422
This is the precursor for "Plan B" recovery when access to
/dev/event-log-tags is blocked to untrusted zones. Also
deals with mitigating issues with long-lived mappings that
do not update /dev/event-log-tags when dynamically changed.
Test: gTest logd-unit-test --gtest_filter=logd.getEventTag_42
Bug: 31456426
Bug: 35326290
Change-Id: I3db2e73763603727a369da3952c5ab4cf709f901
depending on when fs_mgr is trying to read the configuration passed into
the kernel commandline, it may be able to read it successfully.
Specially in the case when init has not initialized properties.
This change adds a new fs_mgr_get_boot_config() API to be used by all
fs_mgr code in order to get filesystem parameters specified in kernel
command line or device tree. This way the fs_mgr code doesn't have to
handle the "early" cases separately anywhere.
Test:
Tested angler boot with both /system and /vendor mounted in init
first stage.
Tested sailfish to make sure /vendor can be continued to be
mounted early without verity
Change-Id: I9a44cdfc32681f714c5d73ae55c3deda95c02545
Most devices pass the veritymode through 'androidboot.veritymode' kernel
cmdline partition. However, for those who don't, the verity state is
read from a different block device whose path it passed to "verify="
fs_mgr option in fstab.
This change add support for such a case if the partition that needs to
be mounted early requires this additional block device to load the
verity state from.
Note that, there can only be 1 partition to get the verity state
regardless of the number of partitions we enable verity for.
Bug: 27805372
Test: Test angler by removing the metdata argument in fstab when it
boots fine. Tested by adding the argument when it fails to boot as
veritymode gets set to EIO during early mount due to lack of access to
properties as expected.
TODO: fs_mgr must pull the veritymode from kernel cmdline or device tree
by itself
Change-Id: I9e62b8c1bf2c0ae0365677df697a0cbe9e5810c1
Signed-off-by: Sandeep Patil <sspatil@google.com>
While technically possible, the verification at boot basically will
block init for as long as the entire partition is read while nothing
else is running. Disallow that as this is not going to be used anywhere.
Bug: 27805372
Test: boot angler with verifyatboot fs_mgr option for early mounted
vendor partition. That resulted in a panic() as expected.
Change-Id: I9da5caa163cae8bce6dbfb630f0ed5605ea044a0
Signed-off-by: Sandeep Patil <sspatil@google.com>
support mounting partitions early regardless of their "verified" status.
uses the newly exported fs_mgr APIs to split verity setup and mount
operations.
b/27805372
Test:
Angler:
- Early mount /vendor without dm-verity
Sailfish:
- Early mount /vendor without dm-verity
- Early mount /vendor with dm-verity
TODO:
add support for metadata partition used in angler
to load dm-verity data
Change-Id: Ie2768d4d895c19d045293c573773ee7bb03fff99
Signed-off-by: Sandeep Patil <sspatil@google.com>
Consequently this removes the 'early' version of the exact same API.
This is to be used by early mount code where we need to do
1. setup verity
2. create verity device
3. mount partition
as separate steps since that happens during init first stage.
b/27805372
Test: Boot sailfish successfully
Change-Id: I01abecfdfa210d3e240a291ddcb3d2e9ed39ede6
Signed-off-by: Sandeep Patil <sspatil@google.com>
The 'verify_dev' parameter for fs_mgr_setup_verity is confusing, since
it doesn't necessarily control the "verification" part of the function.
Instead, it merely allows the caller to skip the
wait_for_dm_verity_device part of the function. So, rename that
parameter for what it is.
b/27805372
Test: Boot sailfish
Change-Id: I024e02fd728f5cd5bb333d9c3b512861731fa215
Signed-off-by: Sandeep Patil <sspatil@google.com>
device_init opens the uevent socket and sehandle when called.
For early_mount however, depending on the fs_mgr flags we may call this
in order to run coldboot for device mapper, dm-verity devices etc.
So the change makes sure we don't try to re-open the uevent socket,
file context handle and selinux status on successive calls to
device_init from within the same process.
b/27805372
Test: Boot saifish successfully
Change-Id: Ifa0e665403211684183efb9be66e4e8d0d86a206
Signed-off-by: Sandeep Patil <sspatil@google.com>
The -Q option is used in emulator and it fails to redirect the
output of logcat to the desired file.
This CL fixes that problem.
There is no gTest because of /proc/cmdline sniffing for this option.
manually tested on /dev/qemu_pipe inside emulator
Test: manual
Bug: 35326290
Change-Id: I282da685e90450aadb2a989a0517dc3b1bb6634d
Explicitly link against the static libwinpthread.a to avoid a
dependency on the dll.
Also, make the tests link against libbase statically.
Bug: http://b/31665213
Test: wine adb.exe
Test: wine adb_test.exe
Change-Id: Ifd41afcb1756a4b9b6db12e102b4db502e73d846
Sometimes when endpoint_alloc returns ENODEV,
max_rw will end up being a value that is too
big.
Bug: 35634401
Test: push/pull files
Change-Id: Iaa81a3311b1855e2a835562cdf7a46ff4399feb1
Logd currently checks against LOG_ID_MAX and LOG_ID_KERNEL to
determine if a given log_id is available. liblog uses only
LOG_ID_KERNEL. While this matches with the comments in log/log_id.h
to always keep LOG_ID_KERNEL at the end it does not match with other
checks that logd makes, causing inconsistent behavior. This
inconsistency is noticable on devices that errantly rewrite
LOG_ID_MAX to not equal LOG_ID_KERNEL + 1. For log buffers with
id's greater than LOG_ID_KERNEL, liblog reports that logd is
unavailable while logd would accept the request.
The guideline is to not use buffer ids above LOG_ID_KERNEL.
This hardening change prevents an inconsistency that results if these
guidelines are not followed. Partners are urged instead to increase
LOG_ID_KERNEL locally to match their LOG_ID_MAX - 1 when they add new
local log buffers in their private builds.
Signed-off-by: Evan Ralston <eralston@amazon.com>
Signed-off-by: Mark Salyzyn <salyzyn@google.com>
Test: compiles. no functional change
Change-Id: Icd4b12ac79c1e5cd1d8a32f67a9795797580aad5
Richard Uhler