Commit Graph

27036 Commits

Author SHA1 Message Date
Alex Klyubin b51f9abf45 Include correct type of SELinux policy
This makes the build system include split SELinux policy (three CIL
files and the secilc compiler needed to compile them) if
PRODUCT_FULL_TREBLE is set to true. Otherwise, the monolitic SELinux
policy is included.

Split policy currently adds around 400 ms to boot time (measured on
marlin/sailfish and bullhead) because the policy needs to be compiled
during boot. This is the main reason why we include split policy only
on devices which require it.

Test: Device boots, no additional SELinux denials. This test is
      performed on a device with PRODUCT_FULL_TREBLE set to true, and
      on a device with PRODUCT_FULL_TREBLE set to false.
Test: Device with PRODUCT_FULL_TREBLE set to true contains secilc and
      the three *.cil files, but does not contain the sepolicy file.
      Device with PRODUCT_FULL_TREBLE set to false contains sepolicy
      file but does not contain the secilc file or any *.cil files.
Bug: 31363362

Change-Id: I419aa35bad6efbc7f936bddbdc776de5633846fc
2017-03-02 13:25:17 -08:00
Bo Hu 8c35491151 Merge "DO NOT MERGE ANYWHERE Qemu-pipe: refactor qemu_pipe.h into libqemu_pipe" 2017-03-02 18:03:30 +00:00
Treehugger Robot 056eca201b Merge "Use split SELinux policy at boot, if available" 2017-03-02 01:02:15 +00:00
bohu 294d44be33 DO NOT MERGE ANYWHERE Qemu-pipe: refactor qemu_pipe.h into libqemu_pipe
Traditionally, qemu_pipe has both the declaration and implentation of each
function in one header file--qemu_pipe.h, and it is getting incovenient to
maintain.

This CL separates the implementation of functions from the header file,
and makes qemu_pipe a static library for other modules to link to.

Note that the interface and implementation of qemu_pipe are kept unchanged,
and future CLs will enhance the implementation to make it more reliable and
more compatible with old and new API levels.

Following projects are affected by this refactoring, and they are modified
accordingly:

device/generic/goldfish
device/generic/goldfish-opengl
hardware/ril/reference-ril

Change-Id: I541ecbf0cc7eadeef9d4e37ffd9ca7bfcc5c94c0
2017-03-01 16:33:44 -08:00
Treehugger Robot a02a42ecb1 Merge "liblogcat: -v and ${ANDROID_PRINTF_LOG} support comma separated list" 2017-03-01 23:52:54 +00:00
Treehugger Robot 7826f853bc Merge "liblogcat: replace NULL with nullptr" 2017-03-01 23:50:01 +00:00
Josh Gao b038995d29 Merge "debuggerd: remove obsolete dumpable check." 2017-03-01 22:59:01 +00:00
Alex Klyubin 16696e201b Use split SELinux policy at boot, if available
This modifies init's loading of SELinux policy into the kernel to
load the split (platform/system vs non-platform/vendor) policy if it's
present. If the split policy is not present, the usual monolithic
policy is loaded into the kernel, same as before.

Split policy is loaded by first compiling it from CIL form using
secilc compiler into the conventional monolithic/compiled form which
is then loaded into the kernel.

The build system has not yet been modified to place split policy onto
devices. Thus, this commit currently has no effect. For testing split
policy, build plat_sepolicy.cil, nonplat_sepolicy.cil, and
mapping_sepolicy.cil, and place them into the root directory of the
device.

The following tests were performed for a device with monolithic policy
and for the same device with split policy.

Test: Device boots, no new denials
Test: Play Movies plays back movies
Test: Load ip6.me im Chrome
Bug: 31363362
Change-Id: I9a75a48ac88f3392abc36669f91b0803e88cd147
2017-03-01 14:07:40 -08:00
Josh Gao 981761bbb2 debuggerd: remove obsolete dumpable check.
PR_SET_DUMPABLE is ignored now.

Bug: http://b/35872161
Test: debuggerd -b `pidof surfaceflinger`
Change-Id: Iefd090f2b762d454d1e6ce8061ff5f992974267c
2017-03-01 11:55:16 -08:00
Treehugger Robot 8951c1313d Merge "init: skip early mount in recovery mode" 2017-03-01 18:21:17 +00:00
Mark Salyzyn b45a175cdc liblogcat: -v and ${ANDROID_PRINTF_LOG} support comma separated list
Deal with yet another reentrancy issue with strtok() and do not
treat optarg as fungible data, allocate a temporary copy.  Add
support in the -v flag and environmental variable ANDROID_PRINTF_LOG
for a comma-separated list of format and format modifiers.

Test: manual + gTest logcat-unit-tests
Bug: 35326290
Change-Id: I073e5676d59ba41bfd36df86942342766ef730f1
2017-03-01 08:48:33 -08:00
Mark Salyzyn de022a841f liblogcat: replace NULL with nullptr
- Replace all NULL, macro defined to 0, with nullptr.  nullptr is a
  keyword of type nullptr_t, with a value of (nullptr_t)0, a pointer
  type of sizeof(void*) that can not confusingly promote to an int.
- Replace all boolean evaluations of values against 0, NULL, and
  nullptr with direct, ! or !! as appropriate.
- Note that thread_stopped should be semaphore, defer that to
  a non-code-quality improvement patch.
- Check for null context in android_logcat_destroy.
- Run clang-format to realign format with setting.

Test: compile and gTest logcat-unit-tests
Bug: 35326290
Change-Id: Iaf729cd7899c6cece78431536ed325604f0e353f
2017-03-01 08:48:04 -08:00
Bowgo Tsai 32232724fb init: skip early mount in recovery mode
We don't need early mount in recovery mode for security considerations,
e.g., users should explicitly select 'mount /system' from the recovery
menu. This CL checks the existence of file "/sbin/recovery" and skip
early mount when it is found.

Bug: 35853576
Test: early mount /vendor without dm-verity on sailfish
Test: early mount not happen in recovery mode on sailfish
Change-Id: I69cc96f6fd0de6ce493082921738a958dd571115
2017-03-02 00:30:58 +08:00
Treehugger Robot b6cb9b0457 Merge "There's no longer a limit to property names." 2017-03-01 00:03:58 +00:00
Treehugger Robot df0f792a9e Merge "Add global GCOV_PREFIX option." 2017-02-28 23:28:45 +00:00
Keun-young Park 22a64b3a8a Merge "add base::WaitForPropertyCreation" 2017-02-28 22:39:41 +00:00
Keun-young Park 73c6544b08 Merge "set ro.boottime.persistent_properties when persisted props are restored" 2017-02-28 22:39:41 +00:00
Mark Salyzyn 364bf6db00 Merge "liblog: event log tags cache miss call logd for update" 2017-02-28 22:24:17 +00:00
Mark Salyzyn 2a0044e4b0 liblog: event log tags cache miss call logd for update
Deal with cache miss in the event tag map resources and switch to
"Plan B" to ask long-path to logd for a determination on the tag,
name and format.

logcat-unit-tests liblogcat.descriptive does an under-the-hood call
to logd to add a new logtag but the in-process mapping fails to
pick it up because the /dev/event-tag-map map is SHARED PRIVATE for a
few moments to garner some (linux) efficiency with other copies that
are in the process.  Without the workaround of marking the mapping
dirty to be reread, we are using this change as the proper workaround
that fixes the later parts of this test.

Test: gTest logcat-unit-tests --gtest_filter=liblogcat.descriptive
Bug: 31456426
Bug: 35326290
Change-Id: Ibe54d4df00ed92248e1e644ecebc95f60b222b4d
2017-02-28 14:23:18 -08:00
Elliott Hughes b7788fd454 There's no longer a limit to property names.
Bug: http://b/33926793
Test: boots
Change-Id: I8554d7af74e064c114cf817f5a2ba1247fa2a2db
2017-02-28 14:12:54 -08:00
Colin Cross a9ef4dc7a2 Merge changes I975ba933,Ica9d211b
* changes:
  Add tests for multiton issue
  Add GetExecutableDirectory to libbase
2017-02-28 20:29:17 +00:00
Keun-young Park e2d986daa6 add base::WaitForPropertyCreation
- unlike base::WaitForProperty, which waits for specific value to
  be set, this one only waits until the property is created.

bug: 35178781
Test: added unit test
Change-Id: Idbf98c2152fe768357302f6b69310c55305f5d54
2017-02-28 12:08:54 -08:00
Keun-young Park 7d3202650d set ro.boottime.persistent_properties when persisted props are restored
- allows components relying on persisted props to wait for this property.

bug: 35178781
Test: reboots
Change-Id: I06cbf2a6b375654fcc277a2699fceeb23846a241
2017-02-28 11:31:54 -08:00
Treehugger Robot 8a3a166066 Merge "liblogcat: measure performance" 2017-02-28 17:18:46 +00:00
Treehugger Robot 1f8aa4cffd Merge "liblogcat: add simple stdout redirection" 2017-02-28 17:06:13 +00:00
Colin Cross a0931ebd64 Add tests for multiton issue
Test accessing a singleton from two libraries, the second of which
depends on the first but is dlopen'd after the first is already
loaded.

Bug: 35674422
Test: out/host/linux-x86/nativetest64/libutils_tests/libutils_tests
Change-Id: I975ba933a19b941a52bdb6e9c221a6910ffb8081
2017-02-28 16:34:35 +00:00
Colin Cross bb3a515f46 Add GetExecutableDirectory to libbase
Tests will often want to get the executable directory in order to
find test data.

Test: out/host/linux-x86/nativetest64/libbase_tests/libbase_tests
Change-Id: Ica9d211bcd039fcf83a22fd494816abd01b97aa3
2017-02-28 16:34:04 +00:00
Treehugger Robot 5a8db38b01 Merge "Move adb_dirname and adb_basename to libbase" 2017-02-28 07:28:54 +00:00
Treehugger Robot 1e48879b6c Merge "Bluetooth hal: moved to vendor partition." 2017-02-28 04:00:58 +00:00
Colin Cross 58021d15c9 Move adb_dirname and adb_basename to libbase
adb already provides an implementation of dirname and basename that
take and produce std::strings, move it into libbase so it can be
used in the implementation of GetExecutableDirectory.

Test: out/host/linux-x86/nativetest64/adb_test/adb_test
Test: out/host/linux-x86/nativetest64/libbase_test/libbase_test
Test: adb shell /data/nativetest64/libbase_test/libbase_test64
Change-Id: Ideb1627607b14562121316d4ed27fa6fb0930684
2017-02-27 18:18:31 -08:00
Steven Moreland 18676b2ca8 Bluetooth hal: moved to vendor partition.
Bug: 35328775
Test: works in both binderized and passthrough modes
Merged-In: I61f1ff6b777089d7aad5184c0aee4f653897b32e
Change-Id: I61f1ff6b777089d7aad5184c0aee4f653897b32e
2017-02-28 01:34:59 +00:00
Treehugger Robot f719c255fa Merge "init: early_mount: removing hard-coded paths" 2017-02-28 01:29:13 +00:00
Treehugger Robot dfbae6ddbb Merge changes Iede18a00,Ib0fa24fb,Ic4c8a137
* changes:
  libcutils: build tests with -Wall -Wextra -Werror
  libcutils: fix socket type in SocketsTest.TestGetLocalPort
  libcutils: fix Wsign-compare warnings in multiuser_test
2017-02-28 00:11:07 +00:00
Treehugger Robot 0cde0eae09 Merge changes Ie9dd5d5d,Ifc6038c1
* changes:
  libadf: convert to C++
  libadf: adf_test: fix crash on adf.devices failure
2017-02-28 00:07:52 +00:00
Treehugger Robot e803818832 Merge "Make secilc accessible by root only" 2017-02-27 23:20:59 +00:00
Ryan Campbell 0b36473272 Add global GCOV_PREFIX option.
When native coverage is enabled, add a global GCOV_PREFIX
environment variable specifying that gcda files be output
with path prefix /data/local/tmp.

Bug: 35635587
Test: make NATIVE_COVERAGE=true; check init.environ.rc
Change-Id: I40972aea3ca3168d0687bdc93e9d4b7b3a1071b9
2017-02-27 15:00:18 -08:00
Treehugger Robot 0026f1e693 Merge "fs_mgr: make is_device_secure() work even in the absence of properties." 2017-02-27 22:42:33 +00:00
Alex Klyubin 3380927e71 Make secilc accessible by root only
There's no reason for SELinux policy compiler to be accessible by
anybode other than root.

Test: Device boots -- secilc isn't used yet anyway
Bug: 31363362
Change-Id: I26cf34f1412b8dd471f79271c491b473617a6df6
2017-02-27 13:27:58 -08:00
Sandeep Patil e7a1b3757f fs_mgr: make is_device_secure() work even in the absence of properties.
During early mount property area is not initialized, and as a result an
'eng' build will always incorrectly be detected as a 'secure' build by
early mount code path resulting into verity error and consequent boot
loop.

The change here makes sure the is_device_secure() check works with /
without properties based on the 'eng' build based build flag so the
early mount code works fine both ways.

Bug: 35791581
Bug: 27805372

Test: Boot sailfish-{eng,userdebug} builds successfully w/ early
mount enabled

Change-Id: Icd101ccad56b669f49b60bbb3005d5be9f53b02b
Signed-off-by: Sandeep Patil <sspatil@google.com>
2017-02-27 12:46:18 -08:00
Bowgo Tsai d4beed22e8 init: early_mount: removing hard-coded paths
Current early mount has some hard-coded paths that are not easy to extend
when we switch verified boot to AVB (external/avb/libavb). This CL uses some
C++ containers to replace those fixed paths.

Bug: 33254008
Test: early mount /vendor with dm-verity on sailfish
Test: early mount /vendor without dm-verity on sailfish
Test: early mount /vendor with dm-verity on bullhead

Change-Id: I32a22fe486d7649e33bb23c9018ddc0428df6069
2017-02-27 13:09:06 +08:00
Treehugger Robot 7a5d535cd2 Merge "fs_mgr: fix const parameter in fs_mgr_do_tmpfs_mount" 2017-02-25 05:11:04 +00:00
Wei Wang 4d71bc5350 fs_mgr: fix const parameter in fs_mgr_do_tmpfs_mount
Bug: 35425974
Test: mma, marlin/angler boot
Change-Id: Ibadd04ad3a7c4ea184a6344d566302d577d8fee3
2017-02-24 19:33:53 -08:00
Treehugger Robot 76e9a180a8 Merge "Treblize init.rc location" 2017-02-25 02:41:29 +00:00
Elliott Hughes 8a16081fa1 Merge "Add cross-platform <android-base/endian.h>." 2017-02-25 02:07:05 +00:00
Jaekyun Seok 4ec72cc25f Treblize init.rc location
Treblization requires to locate partner-specific modules in its own
partition. So their own init.rc file could be located in /odm or
/vendor.
This CL is to support those locations for the init.rc.
Additionally thic CL modified import parser to support importing a
relative path.

Test: building succeeded and tested on sailfish with enabling early
mount.
Bug: 35269867

Change-Id: I1bce924a32c8a2b53fb5d981d35d758cf9ddd9a6
2017-02-25 08:06:12 +09:00
Treehugger Robot dbb40b64e9 Merge changes from topic 'fs_mgr_dt'
* changes:
  fs_mgr: refactor: consolidate device tree file reading in one place
  fs_mgr: consolidate DT compatible check
2017-02-24 23:01:08 +00:00
Elliott Hughes 1dbd976200 Add cross-platform <android-base/endian.h>.
Bionic has <sys/endian.h>, glibc <endian.h>, and macOS and Windows have
nothing. This has often been annoying.

Bug: N/A
Test: new tests
Change-Id: I2a40c570df6a9bb30607ace1af653265938cc4b8
2017-02-24 14:03:36 -08:00
Sandeep Patil 4cd9a46916 fs_mgr: refactor: consolidate device tree file reading in one place
If Device tree values are read for comparison, they produce false
negatives with std::strings due to trailing '\0'. This change
consolidates the triming of trailing null into a single helper function
to be used everywhere fs_mgr reads DT values for comparison or other
reasons where it wishes to have the trailing null trimmed.

b/27805372

Test: Boot sailfish w/ early mount /vendor

Change-Id: If71efc830dc440323df764c7461867e71ed6515b
Signed-off-by: Sandeep Patil <sspatil@google.com>
2017-02-24 13:29:33 -08:00
Sandeep Patil e396c607ff fs_mgr: consolidate DT compatible check
Fixes the compatible check in fs_mgr_boot_config by consolidating the
check in a single privately exported function within fs_mgr (i.e.
is_dt_compatible()).

b/27805372

Test: Boot sailfish w/ early mount

Change-Id: Ie2d1646b81cf9eba8d16828ca8cf2c75156c294c
Signed-off-by: Sandeep Patil <sspatil@google.com>
2017-02-24 13:29:26 -08:00
Colin Cross f5fd4888ce Merge "Make libutils test compile on the host" 2017-02-24 21:16:01 +00:00