If device doesn't enable AVB altogether, then it might not have a vbmeta
partition at all. In this case, we shall ignore disable-verity errors.
We still disable verity unconditionally to keep the logic simple, but we
ignore any disable-verity error if AVB is not enabled in the first
place.
Bug: 241688845
Test: adb-remount-test on emulator
Test: Test remount on yukawa
Change-Id: Ifc763b3f0ca6989550c139a8c3a2308c9c2a7c3e
Multiple tests in CtsInitTestCases, e.g. RebootTest#StopServicesSIGKILL,
can trigger the following race condition:
* A service is started. This involves calling fork() and also to call
RunService() in the child process. RunService() calls setpgid().
* Service::Stop() is called and calls KillProcessGroup().
KillProcessGroup() calls kill(-pgid, SIGKILL) before the child process
has called setpgid(). pgid is the process ID of the child process. The
kill() call fails because setpgid() has not yet been called.
Fix this race condition by adding a setpgid() call in the parent process
and by waiting from the parent until the child has called setsid() if a
console is attached.
Bug: 213617178
Change-Id: Ieb9e6908df725447e3695ed66bb8bd30e4e38aa9
Signed-off-by: Bart Van Assche <bvanassche@google.com>
Prepare for adding more code in the parent process that depends on
whether or not a console is required.
Bug: 213617178
Change-Id: I066ede32fcd4ce09d06be23158f3c1970064a697
Signed-off-by: Bart Van Assche <bvanassche@google.com>
Make the code easier to read by introducing symbolic names for the
constants used by Service::Start() for communication between the parent
and child processes.
Bug: 213617178
Change-Id: I3e735e149682fa9df2ed57f75eb5a67d7c68bd92
Signed-off-by: Bart Van Assche <bvanassche@google.com>
Change setpgid(0, getpid()) into setpgid(0, 0). This patch removes one
system call but does not change the behavior of the code. From the
setpgid() man page: "If pgid is zero, then the PGID of the process
specified by pid is made the same as its process ID."
Bug: 213617178
Change-Id: I7031d9eb3711f526751da495c07a8927f9386d97
Signed-off-by: Bart Van Assche <bvanassche@google.com>
Revert commit 9c61dad67e in preparation of
introducing a second interprocess communication channel.
Bug: 213617178
Change-Id: I2959a3902a1b994cca2ac99855be1fc60d63bcbb
Signed-off-by: Bart Van Assche <bvanassche@google.com>
It is nontrivial to derive from the implementation of class Service
which members are not modified. Hence this CL that documents this by
declaring these members 'const'.
Change-Id: I27b907a1c7044376d5c5393a29050c66cbdab7bf
Signed-off-by: Bart Van Assche <bvanassche@google.com>
Treehugger starts Cuttlefish with the console disabled. Add a test that
enables the console. The purpose of this test is to trigger the code paths
in Service::Start() that are unique to processes associated with a
console.
Bug: 213617178
Change-Id: I834632ce6ec5c237c9c2c3f5b1aa7bc98c3ef260
Signed-off-by: Bart Van Assche <bvanassche@google.com>
No matter verity is enabled or disabled, androidboot.veritymode is
always "enforcing" on emulator kernel cmdline.
This is a violation of the AVB contract:
https://cs.android.com/android/platform/superproject/+/master:external/avb/README.md#handling-dm-verity-errors
Before emulator can fix this, workaround this by checking the device
mapper table to see if verity is disabled or not.
If no "<partition>-verity" device is present, than assume verity is
already disabled.
Also log mountpoints that are successfully remounted.
Bug: 241688845
Bug: 259207493
Test: adb-remount-test
Test: Run adb remount on emulator
Change-Id: Id5767b05cbfb48adf2a8c372dfdad4d15b98e091
It was only added in 2012, so it's been dead for 10 times longer than it
was ever built for at this point... YAGNI.
Test: treehugger
Change-Id: I6f31a3d1354f4d3304da463322cd1d9eff9e0597
Revert submission 2291455-localhost_v6
Reason for revert: b/258627476
Reverted Changes:
Icd11fab47:[Test] Update test to comply with etc/hosts change...
Ibcee52a14:Add ::1 to localhost in etc/hosts
Bug: 258627476
Change-Id: I42c8b0aebdbd8b73a90606c0a999f25d8d071cd1
Multiple tests in CtsInitTestCases, e.g. RebootTest#StopServicesSIGKILL,
can trigger the following race condition:
* A service is started. This involves calling fork() and also to call
RunService() in the child process. RunService() calls setpgid().
* Service::Stop() is called and calls KillProcessGroup().
KillProcessGroup() calls kill(-pgid, SIGKILL) before the child process
has called setpgid(). pgid is the process ID of the child process. The
kill() call fails because setpgid() has not yet been called.
Fix this race condition by adding a setpgid() call in the parent process
and by waiting from the parent until the child has called setsid() if a
console is attached.
Bug: 213617178
Test: Cuttlefish + atest 'CtsInitTestCases'
Change-Id: I6931cd579e607c247b4f79a5b375455ca3d52e29
Signed-off-by: Bart Van Assche <bvanassche@google.com>
All errors are already logged and the exit code is not used anywhere by
anyone.
Functions should instead return (true/false) or
(EXIT_SUCCESS/EXIT_FAILURE) to indicate error state, and log error
reasons to logd and stderr.
Bug: 241688845
Test: adb-remount-test
Change-Id: Iba86a814a75f81ed0f6e43659d1aca72813824bc
We are calling avb_user_verity_set() _for each_ fstab entry in order to
disable verity. This is an artifact from back when each partition has
its own verity flag (VB1.0). Since AVB, the verity flag in vbmeta
affects all dm-verity device, thus we only need to call
avb_user_verity_set() once.
Bug: 241688845
Test: adb-remount-test
Change-Id: Ie5b788e2d34f83152228db62f84d26a32e2b26e0
ro.boot.vbmeta.* properties could be missing if device is verification
disabled.
Instead use ro.boot.verifiedbootstate to check device locked state.
No need to check ro.boot.vbmeta.digest, as we no longer support VB1.0.
In other words, all device running this piece of code must be using AVB.
Bug: 241688845
Test: adb-remount-test
Change-Id: If5d702ab3a6f12deef8204dba698e6c62eaae46f
On a device that don't use overlayfs remount (e.g. no EXT4 dup blocks;
this can be simulated by patching fs_mgr_wants_overlayfs()), if we run
disable-verity or enable-verity twice in a row then the second
invocation would not suggest a reboot:
adb disable-verity
> Successfully disabled verity
> Reboot to take effect...
adb disable-verity
> Verity is already disabled
^^^ this is WRONG! verity is disabled only after a reboot
It behaves like this because it suggest a reboot only if the vbmeta
verity (HASHTREE) flag is changed.
Read the ro.boot.veritymode property instead to determine the current
dm-verity state and suggest a reboot by comparing current and future
verity state:
* If AVB verification is disabled, then ro.boot.veritymode is undefined
(probably empty), don't suggest reboot in this case as it's pointless.
* Otherwise suggest a reboot if the new state (which would take effect
after reboot) differs from the current verity state.
* Reference:
https://android.googlesource.com/platform/external/avb/+/master/README.md#handling-dm_verity-errors
Bug: 241688845
Test: adb-remount-test
Test: Run "adb enable-verity" & "adb disable-verity" multiple times
Change-Id: If1df5bee6e5dcbda580b3dff6c32da93d08bbb46
