In N we moved some code from C to C++ without realizing that EVP_EncodedLength
includes space for a terminating NUL and EVP_EncodeBlock writes one. Because
our key reading code copes with the NUL, we never noticed.
Distinguish between the required space returned by EVP_EncodedLength and the
actual number of bytes (not including NUL) used return by EVP_EncodeBlock.
Bug: http://b/36187819
Test: hexdump of ~/.android/adbkey.pub
(cherry picked from commit 0b771b33fd)
Change-Id: I6e16b8d48d097b4054417c1d1a225bf7ece985b9
(cherry picked from commit f0b53d0726)
(added "system/vendor/bin/hostapd" to list)
Cover both direct and symlink indirect paths to the referenced
files in the vendor, odm and oem partitions.
Test: compile and hand-verify properties
Bug: 37703469
Change-Id: I5b3a887e904baee2ac193ac4a73aaaee0bbfdb9f
Add unit test to ensure all POD types of Service are initialized.
Bug: 37855222
Test: Ensure bugreport is triggered via keychord properly.
Test: New unit tests
Merged-In: If2cfea15a74ab417a7b909a60c264cb8eb990de7
Change-Id: If2cfea15a74ab417a7b909a60c264cb8eb990de7
(cherry picked from commit 7da548578c)
The enum is being introduced into libnativewindow, but back ported here
since window-deprecated.h is still being depended by other system
componenets.
Bug: 35726763
Test: videoplayer-nodrm-protected.apk and videoplayer-drm-protected.apk
both works.
Change-Id: I9298ff9b1ddd7f868e59db41e1a84e2cdd3d02b5
* changes:
init: fix first stage mount failure when two fstab entries have verity_loc
init: set ro.boot.avb_version in recovery mode
init: moving early mount logic into init_first_stage.cpp
See build/soong/README.md for more information.
Test: m -j checkbuild
Bug: 37567578
cherry picked from cafe889aa8
Merged-In: Ia11dffde6fc4d89be6ee651be06b48131c877dc0
Change-Id: Ia11dffde6fc4d89be6ee651be06b48131c877dc0
- allows easier tracking of wait time from monitoring tools
- this change also reduces unnecessary log spam
- service exit log looks like this:
init: Service 'exec 4 (/system/bin/otapreopt_slot)' (pid 611) exited with status 0 waiting took 0.060771 seconds
bug: 37752410
Test: reboot and check log
(cherry picked from commit 4de31e1481)
Change-Id: Icb83a6a23b45ebd9b4c9d86ee37df8ee3d6e790a
Applications can set abort messages via android_set_abort_message
without actually aborting. This leads to following non-fatal dumps
printing their output to logcat in the same format as a regular crash.
Bug: http://b/37754992
Test: debuggerd_test
Change-Id: I9c5e942984dfda36448860202b0ff1c2950bdd07
(cherry picked from commit e06f2a4886)
This got moved when refactoring the reboot commands.
Bug: 37540660
Test: verify bullhead's last_reboot_reason is correct
Change-Id: I3b86496fc469ca41645df7e7ba8bb51dd25b6b38
(cherry picked from commit 47336cebc3)
- Test data shows that most shutdown finishes in 6 secs.
- The original 10 secs is too long wih no shutdown animation
running in screen.
bug: 36657139
Test: check time with reboot
(cherry picked from commit 7feab68238)
Change-Id: I2e0ec81baa7b6cdb1ff0163c16f643c2549d74ab
- init will only keep animation related services as shutdown critical.
- external component like system server can start shutdown animation.
bug: 37500823
Test: reboot
(cherry picked from commit e2b04b71ae)
Change-Id: I9a0432148887557b705d6b8bbe35f5fb1ffad5b9
The Bluetooth HAL has threads that process Bluetooth audio. They need
to be scheduled as RT priority, so allow the Bluetooth HAL to set its
threads to RT scheduling.
Bug 37518404
Test: play Bluetooth audio, confirm priority via systrace
Merged-In: I4928cf182a0805c0714e4d073cba15c864fbe328
Change-Id: I4928cf182a0805c0714e4d073cba15c864fbe328
(cherry picked from commit e08303d8cf)
The previous check is incorrect because it compares the basename of
previous verity_loc with the full path of current verity_loc.
Changes it to compare the full device file path instead of just the basename
of verity_loc. This can catch the case of two different verity_loc
values with the same basename, e.g.,
- verify=/dev/block/platform/SOC.0/by-name/metadata
- verify=/dev/block/platform/SOC.1/by-name/metadata
Bug: 37413399
Bug: 37619597
Test: first stage mount /system and /vendor with the following fs_mgr_flags on bullhead
- wait,verify=/dev/block/platform/soc.0/f9824900.sdhci/by-name/metadataa
Test: first stage mount /system and /vendor with different verity_loc values
on bullhead, checks it bails out
Change-Id: I017c8bd9f0790d45e08e57df9a2878e4f62c5f9c
Merged-In: I017c8bd9f0790d45e08e57df9a2878e4f62c5f9c
(cherry picked from commit 71881fffd6)
VNDK-SP is relocated back to /system partition from /vendor partition,
following the original design.
In addition, the namespace for RenderScript is added. The namespace is
dedicated for loading VNDK-SP libs for RenderScript such as
libRS_internal.so. The reason for having a separate namespace is that
RenderScript requires more permitted paths (/data/*) which should not be
allowed for normal SP-HALs.
Bug: 37522144
Bug: 37550338
Test: sailfish builds and boots well
Test: lsof shows VNDK-SP libs are loaded from /system/lib/vndk-sp
Test: RenderScript app (CameraScript) runs well
Change-Id: Id139f626cafae2e43ee4eefc5a57a204e31bbbc9
Currently zygote is started early for FBE device but update_verifier is run later
which creates a potential risk. This CL ensures update_verifier run before
zygote touches anything within data/ partition. With this change, we also start zygote
early for unencrypted/unsupported encryption state device.
Bug: 37543411
Test: marlin boots
(cherry picked from commit 5dc05effec)
Change-Id: I97cde0c20f74b1b17c995d84c2e31c86fe006395
Previously we set ro.boot.avb_version during the first stage mount in normal mode:
- https://android-review.googlesource.com/#/c/371774/
As the first stage mount is not performed in recovery mode, we need to set the
property separately in recovery mode.
Bug: 37414003
Test: first stage mount /vendor with vboot 2.0 (avb) on bullhead in normal mode
Test: first stage mount /system without verity on bullhead in normal mode
Test: checks ro.boot.avb_version is 1.0 on bullhead in recovery mode
Test: first mount /vendor with with vboot 1.0 on sailfish in normal mode
Test: checks ro.boot.avb_version doesn't exist on sailfish in recovery mode
Change-Id: I262e75b8b557c4de7609b4049ccb01793644245e
Merged-In: I262e75b8b557c4de7609b4049ccb01793644245e
(cherry picked from commit fd18a452be)
Also renames "early mount" to "first stage mount" to prevent confusion
with "mount_all --early", which is run in the init second stage.
Also creates a base class: FirstStageMount and two derived classes:
FirstStageMountVBootV1 and FirstStageMountVBootV2 to replace/refactor
existing functions:
- early_mount() -> DoFirstStageMount() and FirstStageMount::DoFirstStageMount()
- vboot_1_0_early_partitions -> FirstStageMountVBootV1::GetRequiredDevices()
- vboot_2_0_early_partitions -> FirstStageMountVBootV2::GetRequiredDevices()
- vboot_1_0_mount_partitions ->
FirstStageMount::MountPartitions() and
FirstStageMountVBootV1::SetUpDmVerity()
- vboot_2_0_mount_partitions ->
FirstStageMount::MountPartitions() and
FirstStageMountVBootV2::SetUpDmVerity()
Bug: 37413399
Test: first stage mount /vendor with vboot 2.0 (avb) on bullhead
Test: first stage mount /system with without verity on bullhead
Test: first stage mount /vendor with vboot 1.0 on sailfish
Change-Id: I6584bdf7d832c9fbc8740f97c9b8b94e68a90783
Merged-In: I6584bdf7d832c9fbc8740f97c9b8b94e68a90783
(cherry picked from commit d262017fef)
Add asan counterparts.
Bug: 37579959
Test: m && m SANITIZE_TARGET=address
Merged-in: I23f05436b79fbcb3f6fa11d84c95fcd180fad3b3
Change-Id: I23f05436b79fbcb3f6fa11d84c95fcd180fad3b3
persist.sys.usb.config values can't be combined on build-time when
property files are split into each partition.
So we need to apply the same rule of
build/make/tools/post_process_props.py on runtime.
Test: building succeeded and tested on sailfish.
Bug: 37617113
Bug: 37648659
Merged-In: If1e4279f05d74eccf5ce23eef41a466b7d8e3bde
Merged-In: I1e5ad9da360bfb3cb4970e12a76522fd0a5126b8
Change-Id: I78cdffee446d3ae6a89f138faed5f3149e4b507d
(cherry picked from commit 0cf3a07e14)
Fixes issue where attributes used exclusively in neverallow
rules were removed from policy.
Bug: 37357742
Test: Force on-device compile by removing precompiled policy.
Verify no increase in compile time.
Change-Id: I0d145fd311c2ddcb226a827f2a997f10c20a8379
It's now specified in the hal .rc file.
Bug: 37105075
Bug: 37483427
Test: Wifi HAL runs on Fugu and Pixel.
Change-Id: Iead8d4146a794cf9afbaa06a60e9f269ddc425af
- late start of zygote_secondary leads into occasional
1 second wait for starting system service.
- Early start secondary zygote so that there is no additional
wait.
bug: 37508384
Test: python packages/services/Car/tools/bootanalyze/bootanalyze.py -r -c packages/services/Car/tools/bootanalyze/config.yaml -n 100 -f -e 16 -w 30
(cherry picked from commit f8532445b4)
Change-Id: Ia46b07f3d6abb090cc169ebd807e21b16694d172
This reverts commit 5e801e7bd5.
The file permissions don't allow access to the lock on devices
where vendor code runs with UID root and GID radio. They are
no longer necessary because we have a more flexible selinux-based
solution in https://android-review.googlesource.com/#/c/354223/ .
Test: strace -f -e flock -p <netmgrd_pid> on angler shows flock succeeds
Test: strace -f -e flock -p <netmgrd_pid> on marlin shows flock succeeds
Test: netd_unit_test passes on marlin
Test: strace -f -e flock -p <netd_pid> on marlin shows flock succeeds
Bug: 36108349
Bug: 37483189
(cherry picked from commit b6e4b35fe4)
Change-Id: Ia1bbf8d93ec6777514be66cbd1a32dfc95df95c0
Merged-In: Ia1bbf8d93ec6777514be66cbd1a32dfc95df95c0
(cherry pick from commit b867beac56)
The gTest should not be able to set ro.device_owner, either as a unit
test or a CTS test. The CTS test should not be able to set
persist.logd.security, the gTest may as it is run on userdebug with
root, so check if we are root to discern expectations.
Test: gTest liblog-unit-tests --gtest_filter=liblog.__security
Test: cts-tradefed run cts-dev -a armeabi-v7a -m CtsLiblogTestCases -t liblog#__security
Bug: 36480230
Change-Id: I1da88aae34da4e2fca8dd88d740eeb879d9c65bb
(cherry pick from commit 3510359a3c)
ro.logd.kernel, ro.config.low_ram, ro.logd.timestamp and ro.debuggable
need to be retrieved prior to logd start in order for the service to
behave in a configured manner. Other essential services are also
dependent on these system properties as well, so it just makes sense
to pick them all up first in 'on fs'.
Test: smoke test
Bug: 37425809
Change-Id: I33ad185f397ee527ed3c84cc2bcb40ff8ca785b5
- Do not use -f if it was cleanly shutdown.
- For unclean shutdown or other operation failures like
mount, tune2fs failure, run full check.
- Still old image will run full check once in 5 reboots
while new image will not run full check unless something
fails.
- Add retry for final mount. If mount fails once, run full fsck
once and try again.
bug: 32246772
bug: 35366616
Test: many reboots
(cherry picked from commit 40db04d640)
Change-Id: If312d91e09aca0648dd926e26a3d1e5f7ddedb46
Nick Kralevich