* changes:
Add skip-secondary flag
Switch fastboot to new A/B spec
Add Fastboot support for flashing secondary images
Handle invalid suffix lists
Call set_active after flashall and update
Previously, after 10 failed authentications, we'd sleep for a second,
and we're up to 11 vendor keys in internal now...
Bug: http://b/30927527
Change-Id: I094e830521f6a2768a880c6684f32ff1ce2a3c2e
This was broken by commit e8b663fe, which removed the null-terminator
from the message sent. For some reason, adbd requires the key to be
null terminated, despite an explicit length being part of the message.
Bug: http://b/30971808
Change-Id: I9761298a57ed76ca2bc02b05490f98cdffbaa0c3
Test: manually tested, adb authorization dialog box shows up
Allow directories to be specified in ADB_VENDOR_KEYS. On Linux, monitor
this directory for new keys to be added.
Additionally, deduplicate keys by hashing their public key.
Bug: http://b/29273531
Bug: http://b/30927527
Change-Id: I8d3312b216b7f2c11900f2235f1f1b1d1c7aa767
Test: manually tested by adding a key to a directory, and verifying
that devices became authorized after replugging.
The skip-secondary flag now replaces flash-primary. This flag will
skip over the secondary images for both flashall and update.
Change-Id: I9f380f3195006d325d6c45776bf79ecec17506ad
(cherry-picked from commit e180929866)
Slots are now referred to as a and b instead
of _a and _b. For the moment, _a and _b will
still be supported. For old devices that
support A/B, they are assumed to have 2 slots.
Bug: 29643845
Change-Id: Ieab6bed7b4977d8386dcec0afa434371f54bd63f
(cherry-picked from commit 563fcf6f69)
Fastboot update and flashall will now flash secondary
images if provided, and if the --slot flag is not set
to 'all'. Also added flash-primary to preserve the
previous behavior, and flash-secondary to just flash
the secondary images.
Fixes from: I5bd2de1c1e0e6224a195b566f7dcbe383555a80a
Bug: 29278988
Change-Id: Ia870e4be55617c0eefa4e1381287f8cd14affe7e
(cherry-picked from commit 6c98509c34)
Some devices will report an error string as a value
when unknown variables are queried. This can lead to
unexpected behavior, so we attempt to detect this case
by seeing if the suffix list doesn't make sense.
Change-Id: I939b1e01c40ddc05d881fd54423406db250cc8e5
(cherry-picked from commit 190d968414)
If the device has previously failed to boot, and the current slot is
marked as unbootable, we must call set_active to reenable the slot.
Bug: 29827625
Change-Id: I8b723dda80e246b48e5967aff4503c3d120bfb9b
(cherry-picked from commit 9c9a6c62e5)
Right now these two partitions are mounted in the fs stage of the init
process. As a result, many vendor/ODM files needed earlier in the boot
process (e.g., init.<hardware>.rc, fstab.<hardware>.rc,
uevent.<hardware>.rc, SELinux policy files etc) can only live on the root
partition.
To prevent vendors/ODMs from polluting the root partition, this patch makes
it possible to mount the vendor and ODM partitions in the first stage of the
init process. The fstab info of both partitions to be mounted early is
composed from new kernel cmdline arguments android.early.prefix and
android.early.fstab.
For example, with:
android.early.prefix=/sys/devices/1010000.msdc0/mmc_host/mmc0/mmc0:0001/block/mmcblk0/
android.early.fstab=mmcblk0p10+/odm+ext4+ro+verify\nmmcblk0p09+/vendor+ext4+ro+verify
the final fstab string will be:
/sys/devices/1010000.msdc0/mmc_host/mmc0/mmc0:0001/block/mmcblk0/mmcblk0p10 /odm ext4 ro verify
/sys/devices/1010000.msdc0/mmc_host/mmc0/mmc0:0001/block/mmcblk0/mmcblk0p09 /vendor ext4 ro verify
The android.early.prefix is optional. When it is missing, the final fstab
string will be directly converted from android.early.fstab.
This patch also makes sure that the early mounted partitions are dm-verity
enabled so that they are trust worthy to store system files.
BUG=27805372
Change-Id: I3cf32482a5ec65445ba3aedab2164c7ba8f12694
Use correct memory ordering.
Start the reference count at zero instead of one, thus giving us a
chance to actually deallocate something.
Remove remaining (unused) inclusions of cutils/atomic.h from
libpixelflinger.
Bug: 30838047
Change-Id: I3c6fd4a4861b3635cf398ca2aa3e915118100b10
This prevents two different kinds of client errors from causing
undetected memory corruption, and helps with the detection of others:
1. We no longer deallocate objects when the weak count goes to zero
and there have been no strong references. This otherwise causes
us to return a garbage object from a constructor if the constructor
allocates and deallocates a weak pointer to this. And we do know
that clients allocate such weak pointers in constructors and their
lifetime is hard to trace.
2. We abort if a RefBase object is explicitly destroyed while
the weak count is nonzero. Otherwise a subsequent decrement
would cause a write to potentially reallocated memory.
3. We check counter values returned by atomic decrements for
plausibility, and fail immediately if they are not plausible.
We unconditionally log any cases in which 1 changes behavior
from before. We abort in cases in which 2 changes behavior, since
those reflect clear bugs.
In case 1, a log message now indicates a possible leak. We have
not seen such a message in practice.
The third point introduces a small amount of overhead into the
reference count decrement path. But this should be negligible
compared to the actual decrement cost.
Add a test for promote/attemptIncStrong that tries to check for
both (1) above and concurrent operation of attemptIncStrong.
Add some additional warnings and explanations to the RefBase
documentation.
Bug: 30503444
Bug: 30292291
Bug: 30292538
Change-Id: Ida92b9a2e247f543a948a75d221fbc0038dea66c
These were previously required when bionic used tgkill to reraise
signals, but now that we use rt_tgsigqueueinfo to reraise signals, they
are no longer necessary.
Change-Id: I46ba9f14039a727d0a2c4c3a9d93a3532ba8f263
This is probably not very significant in this standalone tool,
but makes it easier for us to find leaks in our other system
code via static analysis.
(cherry-pick of 407a2195391685627e6be947491041ae3c8cbe61.)
Change-Id: I4e14cadc1e53bac0848e0e0c7f531f920e43cb0a
LogBuffer::pidToUid(pid_t pid) { return stats.pidToUid(pid); }
needs to have LogBuffer::lock()/unlock() to prevent unordered_map
data corruption. This can lead to multiple symptoms, crashes and
continuous spins on corrupted iterators.
Bug: 30688716
Bug: 30050636
Bug: 30614675
Bug: 25620123
Bug: 30792935
Change-Id: I1d8fec8e5fda98c6a08645e7456b081507696b3c
This includes the locking we need to be able to re-load the keys at runtime.
We should rename "adb_auth_client.cpp" to "adb_auth_adbd.cpp" or
"adbd_auth.cpp" in a later change.
Change-Id: I9e1d5b6b7d0497d6f6e5d9c4fb660118cdff05a8
Test: "adb devices" works against a non-AOSP device with $ADB_VENDOR_KEYS set, says "unauthorized" without.
Bug: http://b/29273531
Josh Gao