This makes the build system include split SELinux policy (three CIL
files and the secilc compiler needed to compile them) if
PRODUCT_FULL_TREBLE is set to true. Otherwise, the monolitic SELinux
policy is included.
Split policy currently adds around 400 ms to boot time (measured on
marlin/sailfish and bullhead) because the policy needs to be compiled
during boot. This is the main reason why we include split policy only
on devices which require it.
Test: Device boots, no additional SELinux denials. This test is
performed on a device with PRODUCT_FULL_TREBLE set to true, and
on a device with PRODUCT_FULL_TREBLE set to false.
Test: Device with PRODUCT_FULL_TREBLE set to true contains secilc and
the three *.cil files, but does not contain the sepolicy file.
Device with PRODUCT_FULL_TREBLE set to false contains sepolicy
file but does not contain the secilc file or any *.cil files.
Bug: 31363362
Change-Id: I419aa35bad6efbc7f936bddbdc776de5633846fc
Traditionally, qemu_pipe has both the declaration and implentation of each
function in one header file--qemu_pipe.h, and it is getting incovenient to
maintain.
This CL separates the implementation of functions from the header file,
and makes qemu_pipe a static library for other modules to link to.
Note that the interface and implementation of qemu_pipe are kept unchanged,
and future CLs will enhance the implementation to make it more reliable and
more compatible with old and new API levels.
Following projects are affected by this refactoring, and they are modified
accordingly:
device/generic/goldfish
device/generic/goldfish-opengl
hardware/ril/reference-ril
Change-Id: I541ecbf0cc7eadeef9d4e37ffd9ca7bfcc5c94c0
This modifies init's loading of SELinux policy into the kernel to
load the split (platform/system vs non-platform/vendor) policy if it's
present. If the split policy is not present, the usual monolithic
policy is loaded into the kernel, same as before.
Split policy is loaded by first compiling it from CIL form using
secilc compiler into the conventional monolithic/compiled form which
is then loaded into the kernel.
The build system has not yet been modified to place split policy onto
devices. Thus, this commit currently has no effect. For testing split
policy, build plat_sepolicy.cil, nonplat_sepolicy.cil, and
mapping_sepolicy.cil, and place them into the root directory of the
device.
The following tests were performed for a device with monolithic policy
and for the same device with split policy.
Test: Device boots, no new denials
Test: Play Movies plays back movies
Test: Load ip6.me im Chrome
Bug: 31363362
Change-Id: I9a75a48ac88f3392abc36669f91b0803e88cd147
Deal with yet another reentrancy issue with strtok() and do not
treat optarg as fungible data, allocate a temporary copy. Add
support in the -v flag and environmental variable ANDROID_PRINTF_LOG
for a comma-separated list of format and format modifiers.
Test: manual + gTest logcat-unit-tests
Bug: 35326290
Change-Id: I073e5676d59ba41bfd36df86942342766ef730f1
- Replace all NULL, macro defined to 0, with nullptr. nullptr is a
keyword of type nullptr_t, with a value of (nullptr_t)0, a pointer
type of sizeof(void*) that can not confusingly promote to an int.
- Replace all boolean evaluations of values against 0, NULL, and
nullptr with direct, ! or !! as appropriate.
- Note that thread_stopped should be semaphore, defer that to
a non-code-quality improvement patch.
- Check for null context in android_logcat_destroy.
- Run clang-format to realign format with setting.
Test: compile and gTest logcat-unit-tests
Bug: 35326290
Change-Id: Iaf729cd7899c6cece78431536ed325604f0e353f
We don't need early mount in recovery mode for security considerations,
e.g., users should explicitly select 'mount /system' from the recovery
menu. This CL checks the existence of file "/sbin/recovery" and skip
early mount when it is found.
Bug: 35853576
Test: early mount /vendor without dm-verity on sailfish
Test: early mount not happen in recovery mode on sailfish
Change-Id: I69cc96f6fd0de6ce493082921738a958dd571115
Deal with cache miss in the event tag map resources and switch to
"Plan B" to ask long-path to logd for a determination on the tag,
name and format.
logcat-unit-tests liblogcat.descriptive does an under-the-hood call
to logd to add a new logtag but the in-process mapping fails to
pick it up because the /dev/event-tag-map map is SHARED PRIVATE for a
few moments to garner some (linux) efficiency with other copies that
are in the process. Without the workaround of marking the mapping
dirty to be reread, we are using this change as the proper workaround
that fixes the later parts of this test.
Test: gTest logcat-unit-tests --gtest_filter=liblogcat.descriptive
Bug: 31456426
Bug: 35326290
Change-Id: Ibe54d4df00ed92248e1e644ecebc95f60b222b4d
- unlike base::WaitForProperty, which waits for specific value to
be set, this one only waits until the property is created.
bug: 35178781
Test: added unit test
Change-Id: Idbf98c2152fe768357302f6b69310c55305f5d54
- allows components relying on persisted props to wait for this property.
bug: 35178781
Test: reboots
Change-Id: I06cbf2a6b375654fcc277a2699fceeb23846a241
Test accessing a singleton from two libraries, the second of which
depends on the first but is dlopen'd after the first is already
loaded.
Bug: 35674422
Test: out/host/linux-x86/nativetest64/libutils_tests/libutils_tests
Change-Id: I975ba933a19b941a52bdb6e9c221a6910ffb8081
Tests will often want to get the executable directory in order to
find test data.
Test: out/host/linux-x86/nativetest64/libbase_tests/libbase_tests
Change-Id: Ica9d211bcd039fcf83a22fd494816abd01b97aa3
adb already provides an implementation of dirname and basename that
take and produce std::strings, move it into libbase so it can be
used in the implementation of GetExecutableDirectory.
Test: out/host/linux-x86/nativetest64/adb_test/adb_test
Test: out/host/linux-x86/nativetest64/libbase_test/libbase_test
Test: adb shell /data/nativetest64/libbase_test/libbase_test64
Change-Id: Ideb1627607b14562121316d4ed27fa6fb0930684
Bug: 35328775
Test: works in both binderized and passthrough modes
Merged-In: I61f1ff6b777089d7aad5184c0aee4f653897b32e
Change-Id: I61f1ff6b777089d7aad5184c0aee4f653897b32e
When native coverage is enabled, add a global GCOV_PREFIX
environment variable specifying that gcda files be output
with path prefix /data/local/tmp.
Bug: 35635587
Test: make NATIVE_COVERAGE=true; check init.environ.rc
Change-Id: I40972aea3ca3168d0687bdc93e9d4b7b3a1071b9
There's no reason for SELinux policy compiler to be accessible by
anybode other than root.
Test: Device boots -- secilc isn't used yet anyway
Bug: 31363362
Change-Id: I26cf34f1412b8dd471f79271c491b473617a6df6
During early mount property area is not initialized, and as a result an
'eng' build will always incorrectly be detected as a 'secure' build by
early mount code path resulting into verity error and consequent boot
loop.
The change here makes sure the is_device_secure() check works with /
without properties based on the 'eng' build based build flag so the
early mount code works fine both ways.
Bug: 35791581
Bug: 27805372
Test: Boot sailfish-{eng,userdebug} builds successfully w/ early
mount enabled
Change-Id: Icd101ccad56b669f49b60bbb3005d5be9f53b02b
Signed-off-by: Sandeep Patil <sspatil@google.com>
Current early mount has some hard-coded paths that are not easy to extend
when we switch verified boot to AVB (external/avb/libavb). This CL uses some
C++ containers to replace those fixed paths.
Bug: 33254008
Test: early mount /vendor with dm-verity on sailfish
Test: early mount /vendor without dm-verity on sailfish
Test: early mount /vendor with dm-verity on bullhead
Change-Id: I32a22fe486d7649e33bb23c9018ddc0428df6069
Treblization requires to locate partner-specific modules in its own
partition. So their own init.rc file could be located in /odm or
/vendor.
This CL is to support those locations for the init.rc.
Additionally thic CL modified import parser to support importing a
relative path.
Test: building succeeded and tested on sailfish with enabling early
mount.
Bug: 35269867
Change-Id: I1bce924a32c8a2b53fb5d981d35d758cf9ddd9a6
Bionic has <sys/endian.h>, glibc <endian.h>, and macOS and Windows have
nothing. This has often been annoying.
Bug: N/A
Test: new tests
Change-Id: I2a40c570df6a9bb30607ace1af653265938cc4b8
If Device tree values are read for comparison, they produce false
negatives with std::strings due to trailing '\0'. This change
consolidates the triming of trailing null into a single helper function
to be used everywhere fs_mgr reads DT values for comparison or other
reasons where it wishes to have the trailing null trimmed.
b/27805372
Test: Boot sailfish w/ early mount /vendor
Change-Id: If71efc830dc440323df764c7461867e71ed6515b
Signed-off-by: Sandeep Patil <sspatil@google.com>
Fixes the compatible check in fs_mgr_boot_config by consolidating the
check in a single privately exported function within fs_mgr (i.e.
is_dt_compatible()).
b/27805372
Test: Boot sailfish w/ early mount
Change-Id: Ie2d1646b81cf9eba8d16828ca8cf2c75156c294c
Signed-off-by: Sandeep Patil <sspatil@google.com>
Alex Klyubin