I'd like to mark setuid() WARN_UNUSED_RESULT to prevent security bugs.
This line would break because the file is compiled with -Werror.
Bug: 34251640
Test: Build, run unit test.
Change-Id: Ibb6fa5e5b899d47f77f2a32da762165de310101d
Make the code more C++-ish by replacing char* or char** with
std::string&.
Bug: 31264231
Test: check device can boot with dm-verity
Change-Id: Ie3ca3f449b52959d1a7b2887d722eb5ce366c4f9
Some of Android componets e.g. init have migrated to use base/logging to get rid
of klog utilities. However, without explicit initilization, the default
klog_level is set to 3 which masks the logwrap output.
This patch sets default klog_level to KLOG_INFO_LEVEL to make
android_fork_execvp_ext log available.
Bug: 34256270
Test: manual
Change-Id: Ibe74707a92c954053cd0e6828a984fbd72b4acae
This commits moves some common functions out of fs_mgr_verity.cpp to be
reused by other verified boot flows. It includes:
- Move common functions into fs_mgr.c
- Move dm_ioctl related functions to a new file: fs_mgr_dm_ioctl.cpp
Bug: 31264231
Test: check device can boot with dm-verity
Change-Id: Iaa0d8031efbaae12aa28f872f62d3fc3d3763b51
This now combines all the "libsparse" libraries into the same soong
target. A minor side-effect of this change is that the libsparse
static library depends on the libz shared library instead of the libz
static library. This minor change has no effect since targets using
the static libsparse library need to explicitly include either the
static libz or the shared one.
Bug: 34220783
Change-Id: I8f41586cf4c3336791cfa57ab4f5ae59a76d7ffa
Since splitting tracefs out from debugfs, we now need to set the
attributes explicitly on tracing folder.
Test: Run adb shell atrace -c -b 16000 -t 5 gfx
Bug: 34197733
Change-Id: If2a962332b6d1ec227e289bdf952213756e26186
Everything should be using the functionfs interface instead by now.
Bug: http://b/34228376
Test: grepping for f_adb, android_adb in source tree
Test: m
Change-Id: I6bc41049c49a867499832588dac8ed108c636c11
This allows a remount to be performed on partitions which have been
verified at boot, without causing the verity service to complain of
"corrupted" blocks that could have been modified as a result of a
remount (while the verity checksum remained unchanged).
(cherry picked from commit dd78ae75ff)
Bug: 32638755
Test: Compile
Change-Id: I77cf7dd20ee5c5f5dac80f73f292e32583fe5906
Running dm-verity on heavily accessed partitions leads to performance
slowdowns, especially on low-RAM and slow-CPU devices.
This patch introduces a flag to allow an entire verified partition to be
read once at boot, to check for corruptions. If the reads are
successful, we can mount the partition as raw & read-only, and if not,
we can revert to mounting it as a verity partition, just like before.
Usage of this flag will entail a slowdown of time-to-boot, but should
lead to improvements in runtime performance.
(cherry picked from commit 34543c03e6)
Bug: 32433608
Test: Compile
Change-Id: I97717683a00ad6fa347e63b72b1a9bf1d2946315
- Drop forced (-f) e2fsck check when the product has
enabled new ext4 generation by setting TARGET_USES_MKE2FS.
- The new generation tool is supposed to give better stability,
thus justifying dropping -f.
- This should help reducing boot-up time as full check (-f) can
increase boot-up time significantly depending on amount of data.
bug: 32246772
Test: many reboots
Change-Id: I631525bf7504bbfb025e170c8d24ad9d3ef3532e
Change tzdatacheck to account for bundle format changes:
The update bundle now contains a bundle_version file to enable
us to detect changes to the format of the files in addition to
just checking the IANA rules version. The version will be
incremented as we make incompatible changes to the structure
of the bundle (e.g. the files present or their names), the
file formats or the file contents.
The old assumption was that a system image would typically
contain newer rules than had been pushed via ConfigUpdater
and we'd never get rid of the tzdata file from the bundle
content.
If Android makes rule updates routinely or makes substantial
changes to the timezone data files between major releases
then this assumption becomes (even more) untenable.
The bundle_version file in the bundle is expected to contain
the ASCII bytes for "001". This could be extended
in a future version to include minor versioning information
(e.g. "002.001") and so the code here only reads the first
three bytes. This allows for a future change to add the minor
version suffix and optionally increment the major version if
required.
Some error conditions that were previously treated as fatal
are now handled more elegantly. Generally if things are not
as expected with the installed bundle in /data tzdatacheck
will attempt to delete it. The return code of the binary is
used to distinguish between failure cases, which will be
used in a future automated test.
Some of the ConfigUpdater deletion code has been temporarily
retained (with a TODO) so the v2 of the installer code can be
used with ConfigUpdater/ConfigInstaller and keep something
like the existing process working until we have replaced it
with some thing better.
Using the v2 installer code with ConfigInstaller is one
possible fallback if the new distribution approach is not
completed in time.
Bug: 31008728
Test: Manual testing
Change-Id: Ib253f7d4c9cd72d3e392754f4b787a98ec22bc53
Deal with recovering after transitory failures surrounding logd
crash or recovery. Improve the chances that the logging functions
can work in a signal handler, not officially supported, but making
sure logging is not blamed for system lockups when misused.
Reorder gTests so that setuid(AID_SYSTEM) is performed after
liblog.enoent test, and that this occurs after other tests that
like to see buffers with content in them as we stop logd.
Test: gTest liblog-unit-tests --gtest_filter=liblog.enoent
Bug: 33755074
Change-Id: I66f88599534614b7b61da6b2ae5fe099ebaced3a
This helps to avoid tearDownInterfaces call from WiFiStateMachine's
constructor.
Bug: 33752168
Test: on device
(cherry picked from commit 0db195d0757e36c73b9da5a95d9b9986386f0f2e)
Change-Id: I55f56dd8daa5089073ff8dd424e92d09326c7d00
Some tests use hard-coded offsets to interpret the binary
events buffers. Switch to using the private event structures
to access the components of common event messages.
Test: gTest liblog-unit-tests
Bug: 33755074
Change-Id: I17447814583099d5ec417a54389e962158456005
Elliott Hughes