Replace libcrypto with libcrypto_static, which can be protected through
visibility to ensure only modules that don't affect FIPS certification
can use it.
Bug: 141248879
Test: m checkbuild
Change-Id: I5f0b9acfb57f68570f6f58f2395f2bb1bc015365
A regression from commit 8c2198c809
("adb: use shell for remount to forward return codes.") where the
optional argv[1] got missed for the remount command. This change
hands off _all_ the arguments if to a shell and activates some of
the extra features in the remount command.
$ adb remount --help
remount [-h] [-R] [-T fstab_file] [partition]...
-h --help this help
-R --reboot disable verity & reboot to facilitate remount
-T --fstab custom fstab file location
partition specific partition(s) (empty does all)
Remount specified partition(s) read-write, by name or mount point.
-R notwithstanding, verity must be disabled on partition(s).
$
SideEffects: adb remount [-h] [-R] [-T fstab_file] [partition]...
Test: adb-remount-test.sh
Bug: 138577868
Bug: 139283818
Bug: 139226412
Change-Id: I8223d4000ab20857e9b634e4d4a326eed530d7be
<winsock2.h> has defined htonl(), ntohl(), htons() and ntohs() with
different return type that cannot be replaced by those macro definitions
in <android-base/endian.h>.
Includes <winsock2.h> first to prevent them from being replaced.
Then defines the macro later so we don't need to call into DLL
when using those functions.
Bug: 139639521
Test: m libbase_test && wine out/host/windows-x86/nativetest64/libbase_test/libbase_test64.exe
Test: m checkbuild
Change-Id: I672f23a31c6800df10e04d36695d446bca4c91e9
The fdsan code uses getrlimit/ugetrlimit so need to allow that when
running the debuggerd unit tests.
Bug: 141045754
Test: Ran the offending tests hundreds of times without failure.
Change-Id: Iece94f03e7895d61ca8a8f3ab17dce7e54ddf9cd
load_buf_fd() attempts to find the size of the file that it is about
to load by first calling sparse_file_import_auto() then using
sparse_file_len() upon success or falling back to the file size on the
filesystem on failure.
This is problematic however as sparse_file_import_auto() creates a
sparse_file out of the normal file, but does not resparse it, so an
assertion fails during the sparse_file_len() call.
This is fixed by using sparse_file_import() instead. This will fail
in the case that the file is not sparse and the call to
sparse_file_len() will be properly skipped.
Bug: 140538105
Test: flash blueline factory image with assertions enabled in
libsparse/sparse.cpp
Change-Id: I0283be33563a3301ce5b09bde41105a20f91086c
When userdata is used to store COW devices, we need to ensure we've
generated uevents for it.
This patch also refactors FirstStageMount to pass required devices
through arguments rather than a member variable.
Bug: 140761481
Test: manual test
Change-Id: Ie5e1c9699f084da5467a758eea41c7907fecc5ca
DeltaArchiveManifest includes full update package metadata.
Now, CreateUpdateSnapshot reads the source
metadata, updates it, and write to target metadata slot as well.
Test: libsnapshot_test
Bug: 140868231
Change-Id: Ia885b336145d02111ecff1aad421cb9b1efd18c2
This class knows how to update super metadata for virtual A/B devices.
Test: libsnapshot_test
Bug: 138816109
Change-Id: I9e375c76814e0dcbb47fc2ea9e4903ba69ccf7f8
We've seen USB writes failing due to inability to allocate contiguous
chunks of memory in the kernel on devices, but it looks like the same
problem can occur on the host, as well. It's a mild performance
regression (90->80 MB/s on a blueline) to split the writes always, so
attempt the full write first, and fall back to splitting it up if that
fails with ENOMEM. Once we switch over the the asynchronous transport
API, we'll be able to submit multiple writes cheaply, like on devices,
so we won't need to retry at that point.
Bug: http://b/140985544
Test: test_device.py
Change-Id: I1517c348375b829dfff6796c4e9d394802b02d5b
Avoid accessing nullptr of already deleted entry.
Add new unit tests that pass with the fix and fail without.
Test: fixes unwinding in ART gcstress tests
Test: All unit tests pass.
Change-Id: Ideb00e2adc899904dd6aeb5dad3fb6fad150322d
Bug: 140882488
Test: Booted twice, checked logs to ensure encryption
is different each time, adb created files in directory.
Change-Id: I44f746acd1040f7baa9123d4824ba39b194f287b
libcrypto performs a self test when it is loaded, unless
a marker file /dev/boringssl/selftest/[hash] exists which
indicates that the self test has already successfully
completed since the last time the device was booted.
Before this CL topic, libcrypto attempted to create the
marker file when the self test successfully completed.
On Android, dedicated boringssl_self_test{32,64} binaries
are run early during boot and are the only binaries
(apart from init and vendor_int) that have permission to
create these files.
Another CL in this topic stops the boringssl self test
creating a marker file unless the environment variable
BORINGSSL_SELF_TEST_CREATE_FLAG is set to a nonempty value.
This CL sets that value to "true" when running the dedicated
self test binaries, but not for other binaries. This has
the effect that other binaries that run the self test
early during boot (before the dedicated self test binaries
have created the marker files) and which run the self test
will no longer attempt to create the marker file, which
SELinux would have denied anyway.
Bug: 137267623
Test: Treehugger
Change-Id: I99317df1a8c3496d33ae83f9ec346782b2286ac9
This replaces the recently added `exec_reboot_on_failure` builtin, since
it'll be cleaner to extend service definitions than extending `exec`.
This is in line with what we decided when adding `exec_start` instead
of extending `exec` to add parameters for priority.
Test: `exec_start` a service with a reboot_on_failure option and watch
the system reboot appropriately when the service is not found and when
the service terminates with a non-zero exit code.
Change-Id: I332bf9839fa94840d159a810c4a6ba2522189d0b
We already know 'existing_extent' is non-null (or else we would
have crashed on the previous line). We fix this to check
'existing_linear_extent' against nullptr.
Test: TreeHugger
Change-Id: I03338bca87d1c2bd0cbea0e1ec31244ba9570a40
init_first_stage is built in Make and statically links libcrypto,
so it needs to set LOCAL_INJECT_BSSL_HASH to make the FIPS self
test pass.
Bug: 137267623
Test: m checkbuild
Change-Id: Icd8ec07b731228a162db9a13d7304bf1d73127aa
This should ensure that the self tests run before any other binaries
that load libcrypto and which would otherwise run into SELinux denials
trying to create the marker file /dev/boringssl/selftest/[hash]
The invocation of the self test binaries from the Conscrypt apex
requires the apex to be mounted so it remains at a later point in
the boot process.
Bug: 137267623
Test: Treehugger
Change-Id: I34266d6e9d2f394fffa8a2c7725479b5770d119c
...so that it can be used by other tests.
Also, clean up the code before exposing it.
Test: libsnapshot_test
Test: liblp_test
Change-Id: I627326f696ea55b7113ff26b313f7dd04e341dc1
* changes:
libsnapshot: tests for public APIs.
fastbootd: skip COW group
libsnapshot: no overlayfs during virtual a/b ota.
libsnapshot: Also use empty space in super for COW
libsnapshot: APIs for all partitions
fs_mgr: CreateDmTable takes CreateLogicalPartitionParams
Userspace may want to load a different firmware than the one that the
kernel requests in some cases, therefore this change adds the ability
to ueventd to run an external handler that will determine the name of
the file that should actually be loaded.
Bug: 138352500
Test: unit tests
Change-Id: Ic5da37268fd78109f83ae52d1b903bf7322a5ee5
We regressed handling of the old host transport selection syntax, which
broke users that reimplement adb themselves (e.g. Studio via ddmlib).
Bug: https://issuetracker.google.com/140369526
Test: adb raw "host-serial:822X0028S:forward:tcp:42929;localabstract:/com.example.ndktest-0/platform-1568299082100.sock"
Test: ./test_device.py
Change-Id: Iaaec8fde952316fe9bf2a6f6c6c4a3bc9f74bf72
Colin Cross