Commit Graph

44914 Commits

Author SHA1 Message Date
Victor Hsieh 59183120c2 Initialize fs-verity keys in shell script
This gives us two benefits:
  - Better compatibility to keyctl(1), which doesn't have "dadd"
  - Pave the way to specify key's security labels, since keyctl(1)
    doesn't support, and we want to avoid adding incompatible option.

Test: See keys loaded in /proc/keys
Bug: 128607724
Change-Id: Ia45f6e9dea80d037c0820cf1fd2bc9d7c8bb6302
2019-03-22 09:18:00 -07:00
Suren Baghdasaryan b552c4ad9a Merge "libprocessgroup: Deliberately leak TaskProfiles and CgroupMap instances." 2019-03-22 16:04:56 +00:00
Yifan Hong 567f1874fd init: expand prop in 'file'
Allow having properties in 'file' option of a service.

Test: boots (sanity)
Test: lpdumpd
Bug: 126233777
Change-Id: I55158b81e3829b393a9725fd8f09200690d0230f
2019-03-21 16:00:00 -07:00
Yifan Hong dd6eefca30 libcutils: android_get_control_file uses realpath.
If the path to android_get_control_file is a symlink, the final sanity
check will fail that the fd does not have the same path as the given
file. We can't expect callers to readlink() because this would change
the environment key. Instead, try to call realpath on both paths.

Bug: 126233777
Test: lpdump
Change-Id: I0df10d7dbe3e572b8335faad812e5cd80bff1733
2019-03-21 16:00:00 -07:00
Elliott Hughes 7acb0d39e8 Clean up some mess by only building Android-specific code for the device.
Test: treehugger
Change-Id: Id44721ccd1817d8c537b226f60a58b7cb691fb01
2019-03-21 14:59:45 -07:00
Vic Yang 87215c2530 Fix parse_apex_configs doc in README.md
Test: None
Change-Id: I0871e640cfcab706a5396e3824a1f75239c29840
2019-03-21 11:59:29 -07:00
Colin Cross b566e3cb2f Merge "Catch SIGBUS in HeapWalker" 2019-03-21 17:48:03 +00:00
Vic Yang 4a85f3c92a Fix sed command on Mac builds
Bug: 119423884
Test: Manually test sed command on Mac
Change-Id: I8df32b2476a01e2b758ea81f00dae0b6179ba79a
2019-03-21 10:16:06 -07:00
Pete Bentley cc6c50a123 Tighten native API surface.
AsynchronousCloseMonitor is moved into libandroidio by
r.android.com/910073 and so libjavacore no longer needs to
be linked to the conscrypt namespace.

Bug: 123744297
Test: m && flashall
Test: atest CtsLibcoreOkHttpTestCases
Test: atest CtsLibcoreTestCases
Change-Id: Id720b59e4ef42a2c0226b497a1cc3c54f7a837d0
2019-03-21 17:13:14 +00:00
Yurii Zubrytskyi 1265bc9c6f Merge "[base] Convert Starts/Ends/Equals string functions to string_view" 2019-03-21 17:08:48 +00:00
Peter Collingbourne dba6d44376 libprocessgroup: Deliberately leak TaskProfiles and CgroupMap instances.
This avoids a race between destruction on process exit and concurrent
access from another thread.

Bug: 129023204
Change-Id: Iecafa67a78e2cce53687156e7f91547b4a23ec13
2019-03-21 17:00:48 +00:00
Nick Kralevich 104771e55e zip_archive.cc: delete android_errorWriteLog
The process of determining whether or not to emit a safetynet error
entry while processing a malformed file relies on addition overflow.
Since this is only logging, and logging which isn't used, delete the
code instead of trying to fix the logic which is causing the integer
overflow.

This change is necessary to enable integer sanitization on this code.

Somewhat related to Bug: 122975762
Test: atest ziparchive-tests

Change-Id: I6b41ccf7881348cb4e5236324eaa44a05662a725
2019-03-21 09:58:56 -07:00
Yurii Zubrytskyi 59d876c7a2 [base] Convert Starts/Ends/Equals string functions to string_view
Test: UTs

Change-Id: I3751656d44e7a814488169c53d3e8af0da44f262
2019-03-21 16:29:46 +00:00
Nick Kralevich c5da03f448 entry_name_utils-inl.h: clear top bit before shifting
Attempting to shift a uint8_t which has the top bit set results in a
value outside of the range allowable for a uint8_t. The process of
converting this value back to a uint8_t triggers ubsan's
implicit-conversion sanitizer.

Ensure the high order bit is stripped before shifting, so that the
shifted value fits into the allowable uint8_t range.

This change is necessary to enable integer sanitization on this code.

Somewhat related to Bug: 122975762
Test: atest ziparchive-tests

Change-Id: I940c8b2828ac88348d80f731274b990e35de6631
2019-03-21 09:29:31 -07:00
Luke Huang 9f409f2e4c Enlarge cmd buffer size of FrameworkListener
Only Netd and Logd use FrameworkListener currently.
Run realted test to ensure anything are still fine.

Bug: 126307309
Test: built, flashed, booted
      system/netd/tests/runtests.sh pass
      atest CtsLogdTestCases

Change-Id: Iacd0cc13f23f457a0868a8a706080c3edc9a3cbd
2019-03-21 23:09:16 +08:00
Vic Yang c3e96512c0 Merge "Add support for no-vendor-variant VNDK" 2019-03-21 04:30:47 +00:00
David Anderson ee725f610f init: Support booting off GSIs installed to non-userdata block devices.
Bug: 126230649
Bug: 127953521
Test: GSI boots when installed to sdcard on hikey960
      GSI boots when installed to /data/gsi
Change-Id: Id59926ebe363939c8c5745bb1bf5bd13722dae7e
2019-03-20 18:22:00 -07:00
Mark Salyzyn ddae5c85b9 Merge "bootstat: add 4 reboot reasons to known set" 2019-03-21 00:18:37 +00:00
Colin Cross 87315e9d2f Catch SIGBUS in HeapWalker
SIGBUS shouldn't happen, since all of the regions being walked
were previously read out of /prod/pid/maps, but it seems to happen
rarely.  Catch it so it can produce a better log message.

Bug: 128983715
Test: atest memunreachable_test
Change-Id: I82d3941a382a0451c0dda12f5eb849ad8d697bc9
2019-03-20 16:06:52 -07:00
Nick Kralevich 30dec070dd libziparchive: add integer checks
The code in libziparchive has lots of questionable looking but not
obviously wrong integer operations. In order to shake out integer bugs
in libziparchive (for example, commit
1ee4892e66 from bug 31251826) and provide
protection against security bugs, enable some integer sanitization
options in libziparchive.

Bug: 122975762
Bug: https://bugs.chromium.org/p/chromium/issues/detail?id=941802
Test: device boots and no obvious problems.
Change-Id: I215d81892a6eff12d692648c69a03e8200b334d7
2019-03-20 13:04:02 -07:00
Evgenii Stepanov b4ef0beb99 Merge "Fix libmemunreachable vs hwasan conflict." 2019-03-20 19:41:29 +00:00
Jone Chou d51036d641 bootstat: add 4 reboot reasons to known set
- reboot,rtc
- reboot,dm-verity_device_corrupted
- reboot,dm-verity_enforcing
- reboot,keys_clear

Test: none
Bug: 128929506
Bug: 128929604
Change-Id: I5438c236abb67b74c7b9d717930c0ea69f70540d
Signed-off-by: Jone Chou <jonechou@google.com>
2019-03-20 16:53:29 +00:00
Treehugger Robot ee3cce8b7b Merge "init: make sepolicy dependency optional" 2019-03-20 16:42:29 +00:00
Treehugger Robot 4dd15cbe24 Merge "fs_mgr: remount: manufacture a missing / entry for default fstab" 2019-03-20 15:01:16 +00:00
Treehugger Robot 6bddf40d31 Merge "Add more tests for dynamic partitions" 2019-03-20 04:32:23 +00:00
Treehugger Robot b0f125d581 Merge "Add a test for logical partitions." 2019-03-20 04:32:03 +00:00
Evgenii Stepanov 3e1c604c07 Fix libmemunreachable vs hwasan conflict.
* Scan memory in a non-sanitized function.
* Don't scan hwasan shadow mappings.
  Shadow is ~33G and never contains any heap pointers. The scan takes
  about a minute on my device.

Bug: 112438058
Test: memunreachable_test with SANITIZE_TARGET=hwaddress
      the test still fails, but now there are no hwasan reports or new
      tombstones, and it completes in less than a minute

Change-Id: Ibe4811c67609ca9fe317edc250993b915570a638
2019-03-19 17:17:47 -07:00
Jeff Vander Stoep 402e4a6615 init: make sepolicy dependency optional
Test: make system/core/init
Change-Id: Ie2e7ba57fe885baf017ef12334aea7f2f9f8f0c1
2019-03-19 17:01:09 -07:00
Mark Salyzyn a497ab9b55 fs_mgr: remount: manufacture a missing / entry for default fstab
Adjust adb-remount-test.sh to run on cuttlefish.

Test: adb-remount-test.sh
Bug: 128033396
Change-Id: I86825a519fcc821f7da67b0570d7eb2043ae4b42
2019-03-19 16:45:12 -07:00
Florian Mayer 9ec8cfe6df Merge "Add versionCode parser for package list." 2019-03-19 23:35:42 +00:00
Jeffrey Vander Stoep e21d07fbab Merge "selinux: use the policy version defined in sepolicy" 2019-03-19 21:44:59 +00:00
Hridya Valsaraju 405431fd50 Add more tests for dynamic partitions
Test: ./fuzzy_fastboot --gtest_filter=LogicalPartitionCompliance*
Bug: 117220134
Change-Id: Ica489b0f9b252b2981cd44676bb892ded977de22
2019-03-19 21:36:07 +00:00
Hridya Valsaraju 68e639ecf6 Add a test for logical partitions.
Test: ./fuzzy_fastboot --gtest_filter=LogicalPartitionCompliance*
Bug: 117220134

Change-Id: Ib68f98ec5c8c402f9a80139134a0118ab65f8cd3
2019-03-19 14:33:54 -07:00
Josh Gao 965d0c38c8 Merge "debuggerd_handler: demote abort on exec failure to log." 2019-03-19 19:44:43 +00:00
Josh Gao affe351420 Merge "adbd: support ro.adb.nonblocking_ffs." 2019-03-19 19:44:00 +00:00
Treehugger Robot 0eadef4076 Merge "fs_mgr: overlay: suppress noise associated with test mounting scratch partition" 2019-03-19 18:58:41 +00:00
Yi Kong 63c89a37fd Merge "Suppress -Wstring-plus-int warning" 2019-03-19 18:37:43 +00:00
Matthew Maurer b0a8c9520b Enable Trusty Gatekeeper@1.0
Previously we only installed the gatekeeper.trusty.so library, which is
insufficient to actually start Gatekeeper. We now also install the -impl
and -service wrappers.

Bug: 127700127
Test: Gatekeeper 1.0 VTS with Trusty running
Change-Id: Idd8d6a4e1e409c2a712dddfd92d5f9cf6b16b50c
2019-03-19 11:18:38 -07:00
Florian Mayer bda4041912 Add versionCode parser for package list.
Bug: 123186697
Change-Id: I9194cc55abd943c4b8b2f9d29dcad035170f2736
2019-03-19 17:04:46 +00:00
Treehugger Robot aaee497db2 Merge "Enable fsverity signature checking" 2019-03-19 16:40:48 +00:00
Roland Levillain d503239292 Merge "Include tests directories in the linker legacy configuration." 2019-03-19 10:17:10 +00:00
Neil Fuller ed6b5177e2 Merge "Address syntax / error case nits" 2019-03-19 09:37:55 +00:00
Yi Kong dd2ea5fd68 Suppress -Wstring-plus-int warning
The code section is already marked as to be removed, simply suppress
the -Wstring-plus-int warning.

Test: m checkbuild
Bug: 128878287
Change-Id: I95a03aca90dbb5d27db49f5baf534cbaacf9b830
2019-03-18 22:16:14 -07:00
Treehugger Robot 588a87d68e Merge "adb: fix uninitialized variable." 2019-03-19 03:14:17 +00:00
Josh Gao 8038e35fdf adbd: support ro.adb.nonblocking_ffs.
Allow disabling ro.adb.nonblocking_ffs via an ro system property, which
gets overridden by the currently supported persist.adb.nonblocking_ffs.

Bug: http://b/128679787
Test: mma
Change-Id: I28891d2da129e9654bf63ab8a4c330c4d2f5b336
2019-03-18 17:59:24 -07:00
Treehugger Robot 8aa059438d Merge "mini-keyctl: use ParseInt to parse keys" 2019-03-19 00:25:52 +00:00
Josh Gao b019574476 adb: fix uninitialized variable.
Previously, we were initializing IoBlock::pending when submitting a read,
but leaving it uninitialized when doing a write, which would sometimes
result in an assertion firing when we received a previously allocated
block of memory that happened to have a nonzero value in pending.

Test: treehugger
Change-Id: I434c65f554ceed313fea9cfcc98788908f3ca8bc
2019-03-18 17:12:19 -07:00
Hridya Valsaraju bcab240cbc Fuzzy_fastboot must set back the original slot after test
Test: ./fuzzy_fastboot --gtest_filter=Conformance.SetActive
Bug: 117220134

Change-Id: I1fb6975dda52ace3e6d2a81a50cba5ff55310818
2019-03-18 15:39:32 -07:00
Treehugger Robot e16a253cb0 Merge "mini-keyctl cleanup: keep local funcitons static" 2019-03-18 22:08:46 +00:00
Josh Gao 5e8d68c2b2 debuggerd_handler: demote abort on exec failure to log.
If a process is ptraced already, we might not be able to exec crash_dump
due to selinux. Since we can be called for non-fatal events, we
shouldn't abort in that case.

Bug: http://b/128054996
Test: treehugger
Change-Id: I1442041caa7af908df2ab87b9e010c44082e7587
2019-03-18 14:39:47 -07:00