Invent keyutils.h to supply capability to set session keyring.
The keyring will hold things like the FBE encryption keys.
Test: gTest logd-unit-tests --gtest_filter=logd.statistics
Bug: 37751120
Bug: 36645158
Change-Id: Ieb44fa8f53dda6cf506a6243498c72d7f7f3cde7
Refine DAC security surrounding logd.daemon worker thread and add a
positive test for logd failure to access /data/system/packages.list.
- Add AID_PACKAGE_INFO to groups of worker thread.
- Move AID_SYSTEM to groups, setgid to AID_LOGD.
- Do not drop capabilities until after setting the uid and gids.
- Add a test that is part of logd.statistics test to check when
packagelistparser appears broken.
- If /data/system/packages.list is encrypted, ensure we do not pick
up the existing inode to ensure strong positive when finding access
problems.
- Replace all occurrences of NULL with nullptr in gTest code for
compliance with best practices.
Test: gTest logd-unit-tests --gtest_filter=logd.statistics
(expect consistent failure, later CLs fix)
Bug: 37751120
Bug: 36645158
Change-Id: I01b26fe5e25203246ae432d272c8daa9c07cab54
Delete the sysdeps/mutex tests that -Wthread-safety complains about.
We're using the standard library's std::mutex on all platforms now,
anyway.
Test: mma
Change-Id: I3bf958c72604b29dfb1d9c898d3c9aa34aed2685
Similar to what installkey used to do, init_user0 forks and
synchronously waits for vdc to return. This is dangerous to do in
init however as init also processes properties from a single thread.
I'm not aware of any specific issues that this is currently causing,
but it's a good preventative measure to match what installkey does and
use do_exec().
Test: Boot bullhead, see that init_user0 still happens
Change-Id: I853c61594fe3d97e91bbb2319ebddf2bbe80d457
Move the name of the "private/libc_logging.h" header to <async_safe/log.h>.
For use of libc_malloc_debug_backtrace, remove the libc_logging library.
The library now includes the async safe log functions.
Remove the references to libc_logging.cpp in liblog, it isn't needed because
the code is already protected by a check of the __ANDROID__ define.
Test: Compiled and boot bullhead device.
Test: Run debuggerd unit tests.
Test: Run liblog unit tests on target and host.
Test: Run libmemunreachable unit tests (these tests are flaky though).
Change-Id: Ie79d7274febc31f210b610a2c4da958b5304e402
Rather than quietly fall through to the legacy code with no explanation,
say why the first connection failed, and that the second attempt is only
going to be relevant for folks trying to sideload to a pre-KitKit device.
Before:
$ adb sideload mysid-ota-424425.zip
opening 'mysid-ota-424425.zip'...
connecting...
falling back to older sideload method...
error: closed
After:
$ adb sideload mysid-ota-424425.zip
adb: sideload connection failed: no devices/emulators found
adb: trying pre-KitKat sideload method...
adb: pre-KitKat sideload connection failed: no devices/emulators found
Also switch the legacy code to just read+write blocks rather than trying to
load the whole OTA package into RAM (which is in short supply on Win32).
This is probably of no practical use other than that it lets us report a
better error message (better than "terminate called after throwing an
instance of 'std::bad_alloc'").
Bug: https://issuetracker.google.com/37139736
Test: "adb sideload" with no device/a mysid/an angler
Change-Id: Ia568044aac61bd054301ebfd7fcd5ad5d6f3147a
The previous fix was taking account just the progress reported by dumpstate,
not progress/percentage. As such, it was not detecting the cases where the
percentage decreased but the progress didn't.
Bug: 37878670
Test: m -j32 adb_test && ./out/host/linux-x86/nativetest64/adb_test/adb_test --gtest_filter=BugreportTest.*
Change-Id: I5830028f3191a9b17f63aeed5c049b29fa7d1179
It has been reported that fs_mgr failed to open /dev/device-mapper
during the first stage mount. It's because other uevent (e.g., i2c
charger device) happens to be sent at the same time we're triggering
the device-mapper uevent to be sent. Current implementation returns
COLDBOOT_STOP unconditionally so it will only process the first received
uevent, leaving device-mapper uevent unhandled when the race happens.
Fix this by only returning COLDBOOT_STOP when the received uevent->path
matches that of device mapper.
Bug: 37745254
Test: first stage mount /vendor with vboot 2.0 (avb) on bullhead
Test: first stage mount /vendor with vboot 1.0 on sailfish
Change-Id: I4a77093ec8f90a5ca981a088f34d082d0270533b
Link with libavb_user and use this to enable/disable dm-verity if AVB
is in use.
Bug: 34124301
Test: Manually tested.
Change-Id: Ic03651312b955081cb3c126f6dafc46d6eeec0da
So a caller of native_handle_clone can trust errno to be relevant.
Bug: http://b/37215366
Test: builds
Change-Id: I0992f38ad559db4a02fce07123842dbad8e3f473
Josh Gao