The use of ReadAtOffset is meant to allow concurrent access
to the zip archive once it has been loaded. There were places
where this was the case, and some places that did a seek + read
combination, which could lead to data races.
NOTE: On Windows, we are not using pread as the implementation of
ReadAtOffset, therefore the guarantees on Windows are weaker.
On Linux, pread allows the file descriptor to be read at a specific
offset without changing the read pointer. This allows inherited fd's
and duped fds to be read concurrently.
On Windows, we use the ReadFile API, which allows for an atomic seek +
read operation, but modifies the read pointer. This means that any mix
use of ReadAtOffset and Read will have races. Just using ReadAtOffset is
safe.
For the Windows case, this is fine as the libziparchive code now only
uses ReadAtOffset.
Bug: 62184114
Bug: 62101783
Test: make ziparchive-tests (existing tests pass)
Change-Id: Ia7f9a30af2216682cdd9d578d26e84bc46773bb9
Latest device has rootfs instead of "/system" mount point
Bug: 37737296
Test: adb remount, reboot, and check log
Change-Id: I315ecf71e85255fc55c3a80619920b456bad0956
clang is the default compiler since Android nougat
Test: mma & verified it´s still build with clang
Change-Id: I34adaeef2f6558a09f26027271222bad94780507
Signed-off-by: Lennart Wieboldt <lennart.1997@gmx.de>
Setting androidboot.seccomp=global on the kernel command line shall
enable seccomp for all processes rather than just in zygote. Doing
this has a performance impact, for now it shall just be used to audit
syscall usage during testing.
Bug: 37960259
Change-Id: I6b9fc95e9bec5e2bcfe6ef0b4343a5b422e30152
Recent change in init has bring normal shutdown sequence in
thermal-shutdown condition. This CL will make sure init fire shutdown
trigger where holds custom shutdown actions for vendor SoC/platform.
Bug: 63686426
Test: adb shell setprop sys.powerctl thermal-shutdown
Change-Id: Ieb8579fdf9c30c1a81d60466a7375c9784f3ca98
Enable thread safety analysis annotations for clang.
See https://clang.llvm.org/docs/ThreadSafetyAnalysis.html
for instructions on using these in the source code.
Bug: 28094863
Test: annotated
frameworks/native/services/inputflinger/InputDispatcher.cpp
and enabled '-Werror' and '-Wthread-safety' clang
compiler flags in Android.bp for inputflinger.
Observed compiler errors when accessing
instance attributes without holding a lock. Also added
a compile test Mutex_test.cpp, which can be build using
m libutils_tests and run using
/data/nativetest64/libutils_tests/libutils_tests
Change-Id: I24ce111241cc339901bc45dda8b446df5299af4a
* changes:
fastboot: add mke2fs and e2fsdroid to build package
fastboot: call mke2fs tools to generate ext4 image
fs_mgr: call format_f2fs correctly with -f
init: require e2fsdroid and mke2fs when building init
init: rename mke2fs tools with _static suffix
Set MKE2FS_CONFIG to empty to use mke2fs default configs
Test: fastboot --wipe-and-use-fbe
Bug: 35219933
Change-Id: Ibc97bb125899e1f1fe820d53709fdb2ab291c171
(cherry picked from commit d14d7c14cb)
Because full disk encryption make surper block is not except contents. Only
judge the magic number can prevent most of encrypted surper block.
In particular, magic number plaintext may be equal ciphertext. In order to
avoid this situation, we add the judgment of adaptive situation of the
s_rev_level, s_log_block_size and EXT4_INODE_SIZE.
Test: 1. Config fstab,userdata add flags: forceencrypt=footer,reservedsize=128M
2. build a new target files, and flash all image.
3. Config encrypt userdata surperblock,set magic number is 0xEF53
4. reboot system and check log of fs_mgr.
Change-Id: I925584d58f17afabbb3aa91f8be2302518172bb2
Signed-off-by: katao <katao@xiaomi.com>
This patch formats f2fs with -f option.
Change-Id: I3fc415f35d81f22cbf1eadebc619465d36205927
Signed-off-by: Jaegeuk Kim <jaegeuk@google.com>
(cherry picked from commit 0331c2cf77)
init calls fs_mgr to format ext4 partitions. This requires
e2fsdroid and mke2fs in /system/bin/
Bug: 35219933
Change-Id: Ia32fe438cd9b9332f8e18e0cbe7f61bd050adcb1
(cherry picked from commit 041f849548)
We build a static version for recovery mode. Give them
different names to avoid conflicts with regular version
in /system/bin/
Bug: 35219933
Change-Id: I738655ad9b9ad71c63ae604d9a4d659b0b671121
(cherry picked from commit a2421041bf)
- Skipping SIGTERM / SIGKILL / umount brings race between block
device driver and fs layer. Do umount before shutting down.
- Reduce timeout to 1 sec for thermal shutdown and skip other time
taking part like fsck.
- Refactor waiting part to check time in ms so that 1 sec can
have enough resolution.
bug: 63686426
Test: adb shell setprop sys.powerctl thermal-shutdown, adb shell setprop sys.powerctl reboot and check dmesg
Change-Id: I048bac767b328c8d656a97fe65dde5f2b5bf4ae5
- Change the field name load_base to load_bias (which is what it really is).
- Add a rel_pc field so that callers do not need to compute it themselves.
- Remove the BacktraceMap::GetRelativePc() since nobody should need to
compute this themselves.
Bug: 23762183
Test: Compiles and unit tests pass (debuggerd, libbacktrace).
Change-Id: I2cb579767120adf08c407a58f3c487ee3f2b45fc
Use ASSERT_EQ() instead of EXPECT_EQ() to prevent segfaults after
failed API calls.
Do not run setfscreatecon_IsPerThread unless we're in permissive mode
as it will not pass otherwise.
Test: init unit tests
Change-Id: I70525d438e89f1ec036255890169a50b5007b4c4
The StepIfSignalHandler code reads from the process memory object, which
is currently the slowest way to read memory. Change the code to read from
the elf memory object which will almost always be a memory mapped file and
should be really fast.
Also, move the tests for StepIfSignalHandler to its own file.
Bug: 23762183
Test: Unit tests pass.
Change-Id: I1100b50554e5ef736a87babd484f3f34e9071caa
On a A/B device, the image combination in VTS is:
- system.img (userdebug): provided by Google (system as root)
- vendor.img (user): provided by the OEM
The generic system.img provided by Google doesn't have /verity_key.
So verified boot will fail when it tries to verify the signature of
vendor.img. This CL allows signature verification error (including
no verity_key) when the device is unlocked.
This CL also changes the return value to FS_MGR_SETUP_VERITY_SKIPPED when
signature verification failed in logging mode. Otherwise, first stage
mount will fail because it assumes verity device initialization should be
successful when receiving FS_MGR_SETUP_VERITY_SUCCESS.
Bug: 63821912
Test: boot generic system.img on a A/B device
Change-Id: I33e5ef753913ae9f0c8b02c518ae94d4c8505611
- If problematic process is from user, kill all kills
it and dump does not show problematic process.
bug: 37737296
Test: reboot and check log
Change-Id: Iaa4f7d12f5a40fa7528c6672567c36e30b140372
- Add the StepIfSignalHandler function to the Regs object that checks
if the code is in a signal handler.
- Add tests for new code, also add a test that unwinds through a signal
handler.
- Slight modification to Elf to fail if a bad machine type is encountered.
Add tests for this.
Bug: 23762183
Test: Ran unit tests.
Change-Id: Idafa1105d00b91a9343d7464ac9ed1cb95830963
libnativeheader exports headers under nativeheader. These were
available before incorrectly as global headers in order to give
access to jni.h.
Test: modules using system/core find headers
Bug: 63762847
Change-Id: I86240f7857dd815100cab32ad261aa9a0a54329c
Allow configuring memory.swappiness, memory.soft_limit_in_bytes
and memory.limit_in_bytes by init; by doing so there is better
control of memory consumption per native app.
Test: tested on gobo branch.
bug: 63765067
Change-Id: I8906f3ff5ef77f75a0f4cdfbf9d424a579ed52bb
Steve Muckle