Commit graph

30231 commits

Author SHA1 Message Date
Tom Cherry
0c8d6d2730 init: split security functions out of init.cpp
This change splits out the selinux initialization and supporting
functionality into selinux.cpp and splits the security related
initialization of the rng, etc to security.cpp.  It also provides
additional documentation for SEPolicy loading as this has been
requested by some teams.

It additionally cleans up sehandle and sehandle_prop.  The former is
static within selinux.cpp and new wrapper functions are created around
selabel_lookup*() to better serve the users.  The latter is moved to
property_service.cpp as it is isolated to that file for its usage.

Test: boot bullhead
Merged-In: Idc95d493cebc681fbe686b5160502f36af149f60
Change-Id: Idc95d493cebc681fbe686b5160502f36af149f60
2017-08-14 09:40:01 -07:00
Christopher Ferris
bb2f03f344 Merge "Compare new unwinder to old unwinder in debuggerd." 2017-08-12 16:06:48 +00:00
Christopher Ferris
6452b9036d Merge "Add demangling of function name." 2017-08-12 16:06:18 +00:00
Treehugger Robot
28fa8b0924 Merge "Enable non-secure side to receive messages > 4K" 2017-08-12 03:02:01 +00:00
Treehugger Robot
94b0e4f5df Merge "debuggerd_handler: print pid and process name." 2017-08-12 01:27:53 +00:00
Treehugger Robot
f95338f634 Merge "init: fix format issue" 2017-08-12 00:07:58 +00:00
Christopher Ferris
9a8c855780 Compare new unwinder to old unwinder in debuggerd.
In debuggerd, when dumping a tombstone, run the new unwinder and verify
the old and new unwinder are the same. If not, dump enough information
in the tombstones to figure out how to duplicate the failure.

Bug: 23762183

Test: Builds, ran and forced a mismatch and verified output.
Change-Id: Ia178bde64d67e623d4f35086ebda68aebbff0c3c
2017-08-11 16:37:59 -07:00
Josh Gao
81e6c0b613 debuggerd_handler: print pid and process name.
Bug: http://b/64483618
Test: manual
Change-Id: Ie772324895a8ffcd41d919a4a6113862a6468d12
2017-08-11 15:38:51 -07:00
Christopher Ferris
04fdec0bbf Add demangling of function name.
Bug: 23762183

Test: Builds, unit tests pass.
Change-Id: Id49248a27d822db0f3837bfc0c20d004c55315fc
2017-08-11 15:17:46 -07:00
Treehugger Robot
12bd22badf Merge "init: Add readahead built-in command" 2017-08-11 21:37:47 +00:00
Tom Cherry
1f87cd1bd0 init: fix format issue
Trying to limit merge conflicts later...

Test: build
Change-Id: I802f2cf86b8432f65ad4dcd45bfd543ee5091775
2017-08-11 13:22:37 -07:00
Wei Wang
542aae443f init: Add readahead built-in command
Inspired by ag/2659809/, this CL add readahead built-in command in init
to let files be prefetched into pagecache for faster reading.
Readahead happens in background but due to filesystem limitation it
might take small amount of time in it reading the filesystem metadata
needed to locate the requested blocks. So the command is executed in a
forked process to not block init execution.

Bug: 62413151
Test: boottime, dumpcache
Change-Id: I56c86e2ebc20efda4aa509e6efb736bd1d92baa5
2017-08-11 11:24:08 -07:00
Christopher Ferris
af6a262020 Merge "Fix another set of bugs." 2017-08-11 14:28:46 +00:00
Christopher Ferris
9e484bdb4a Fix another set of bugs.
- The pc read from the eh frame binary table of pc/fde offset is off by 4.
  I verified that on arm/arm64/x86/x86_64 the pc in this table matches
  the fde pc_start value. I did this by adding an error if this occurred
  and ran unwind_info over everything in system/lib, system/lib64, system/bin.
- Fixed unit tests for the above change.
- Fix a small bug in the processing encoded values. The high
  bit of the encoding should be masked off, but I wasn't doing that. That
  meant during processing of the fde, I was incorrectly returning
  an error because the encoded value was unknown.
- Added a new test for this encoding change.

Bug: 23762183

Test: Build and all unit tests pass. Also, see above comments.
Change-Id: If074a410a1726392274cd72c64470ca0be48e0db
2017-08-10 17:37:32 -07:00
Jocelyn Bohr
b3ed3772b9 Enable non-secure side to receive messages > 4K
AttestKeyResponse may be larger than 4K (always less than 8K) when
attesting an RSA key. This change allows the non-secure side to read a
response that may be larger than 4K by adding an additional bit
indicating the end of a response. If a message command has the
KEYMASTER_STOP_BIT set, then the non-secure side knows that the response
has been fully read.

Test: android.keystore.cts.KeyAttestationTest#testRsaAttestation passes
      with production attestation key and chain, when AttestKeyResponse is
      larger than 4K.

      Tested with other CTS tests when keymaster messages are smaller
      than 4K, still passes.

      Manual test to verify that a tipc error due to large message size is
      handled correctly.
Bug: 63335726

Change-Id: I8776ba7ca70da893648e15cfa770784ab31a2cb0
2017-08-10 16:53:27 -07:00
Treehugger Robot
4723d7c66d Merge "Add HSM AID." 2017-08-10 21:28:30 +00:00
Andrew Scull
f73c5e1f84 Add HSM AID.
This is used by resources related to a hardware security module (HSM).

Bug: 64569509
Change-Id: I30d47e1b275e3c4ae0a00f7ceb286a1096d84273
2017-08-10 20:25:11 +01:00
Treehugger Robot
de6b44aa0e Merge "bootstat: switch from root.root to system.log" 2017-08-10 14:56:37 +00:00
Treehugger Robot
ff7e13c260 Merge "Don't try to strip a shell script" 2017-08-10 05:42:46 +00:00
Tom Cherry
30bd51c61f Merge changes If1cffa85,I9011a959
* changes:
  init: move property_service.cpp to libinit
  init: statically link libselinux to init_tests
2017-08-10 04:31:54 +00:00
Dan Willemsen
e1cf0f5f73 Don't try to strip a shell script
Test: lunch aosp_mips-eng; mmma system/core/logcat
Change-Id: I4e641701522fb5b042d52e460d40b42ed12f22c8
2017-08-09 20:20:48 -07:00
Treehugger Robot
5d89e6c7fe Merge "Include asan options from data partition." 2017-08-10 01:05:44 +00:00
Tom Cherry
2a978d32d2 init: move property_service.cpp to libinit
service.cpp, which is part of libinit, references symbols in
property_service.cpp, which causes the linker to complain when linking
libinit.a in some situations.

Therefore, we move property_service.cpp to libinit.

Separately, this will make it easier to write tests for
property_service.cpp, which we will want to do in the future.

Test: build, init unit tests
Change-Id: If1cffa8510b97e9436efed3c8ea0724272383eba
2017-08-09 17:13:21 -07:00
Tom Cherry
45a9d67cec init: statically link libselinux to init_tests
The shared libselinux library does not export all of the symbols that
we use in init and the linker is now complaining about this, so let's
use the static libselinux library in init_tests to match init itself.

Test: build, init unit tests
Change-Id: I9011a959a7c49446b3529740e606140a4ee8c32d
2017-08-09 17:09:04 -07:00
Christopher Ferris
5cd87d39d7 Merge "Small clean ups" 2017-08-09 23:22:22 +00:00
Mark Salyzyn
ad7f1bc0b3 Merge "logcat: transition to Android.bp" 2017-08-09 23:18:00 +00:00
Ryan Campbell
ce30d07b11 Include asan options from data partition.
Look for asan options under /data/asan so that multi-process coverage
can be enabled on a newly-started remote process without disabling
verity and without forcing it to be always-on.

Test: adb shell echo "include_if_exists=/data/asan/asan.options.%b" >>
/system/asan.options && adb shell echo
"coverage=1\ncoverage_dir=/data/misc/trace" >
/data/asan/asan.options.android.hardware.light@2.0-service && adb shell killall
android.hardware.light@2.0-service
Bug: 64019182

Change-Id: I241ad8478439323681dc1cfde2fa0770f030ae75
2017-08-09 15:32:23 -07:00
Mark Salyzyn
c3ad75be84 bootstat: switch from root.root to system.log
bootstat does not need root uid and root gid permissions to perform
its tasks.  It appears that system uid and log gid are adequate and
appropriate.

Test: manual
Bug: 63736262
Change-Id: I094c2cb054e441562fa8717a4d3dc0086fb70a7a
2017-08-09 15:08:21 -07:00
Christopher Ferris
3b4b075fea Small clean ups
- Remove redundant map_info checks.
- Initialize fde_count_ to zero.

Bug: 23762183

Contributed-By: Ivan Maidanski <i.maidanski@samsung.com>

Test: Builds, run backtrace_test modifying CreateNew to Create and vice-versa.
Change-Id: I6e9cdfa99734f8cc2d9915cc32c66a1455e79f1b
2017-08-09 14:22:12 -07:00
Mark Salyzyn
507f69f80e logcat: transition to Android.bp
Switch logcat, logcatd and liblogcat to use Android.bp.

Test: compile
Change-Id: I01c0d8cbc6a713ad5b4b413677574e3c6463afcb
2017-08-09 13:30:03 -07:00
Treehugger Robot
2d1d8812cc Merge "logcat: fix error propagation." 2017-08-09 00:45:20 +00:00
Mark Salyzyn
210e43c354 logcat: fix error propagation.
Fix some _serious_ error propagation issues discovered with
additional warning flags (-Wextra).

Test: compile
Change-Id: I5148550092e4ecb6cafba91229c350c516e7e244
2017-08-08 15:49:21 -07:00
Tom Cherry
2c3a2a8c5c Merge "ueventd: add test to ensure selabel_lookup() is thread safe" 2017-08-08 22:00:26 +00:00
Tom Cherry
57ef66b6fa ueventd: add test to ensure selabel_lookup() is thread safe
selabel_lookup() must be threadsafe, but had failed in the past.

Bug: 63861738
Test: this newly added test
Change-Id: I78bdb8e555433e8217ac6d4be112ba91de9f03bb
2017-08-08 13:11:44 -07:00
Treehugger Robot
24c39f0b4c Merge "fastboot: Add --disable-verity and --disable-verification options." 2017-08-08 20:01:16 +00:00
Treehugger Robot
f602dd4ced Merge "Add AID for LoWPAN subsystem" 2017-08-07 23:50:02 +00:00
David Zeuthen
b6ea435a20 fastboot: Add --disable-verity and --disable-verification options.
This can be used to disable verity and/or verification when flashing a
build to a device. It works with both 'fastboot flashall' and
'fastboot flash vbmeta /path/to/vbmeta.img'.

Bug: 62903976
Test: Manually tested.
Change-Id: Iad22d42a9dd5befd70ecd0224803721a10a28d90
2017-08-07 16:52:55 -04:00
Robert Quattlebaum
01f7576a3e Add AID for LoWPAN subsystem
Bug: b/64399805
Change-Id: Ida6aa60d8beee9151a723826d99c1e9044dc05be
2017-08-04 16:19:34 -07:00
Chih-hung Hsieh
69ff5009c7 Merge "Fix clang-tidy performance warnings in system/core." 2017-08-04 21:05:51 +00:00
Tom Cherry
401c9cb330 Merge "init: more unique_fd, less goto" 2017-08-04 20:13:10 +00:00
Tom Cherry
7c4609cfb3 init: more unique_fd, less goto
Test: boot bullhead
Change-Id: I3c31ca045538d9c9dbbf9c8f27f63033344627fd
2017-08-04 20:12:56 +00:00
Treehugger Robot
59b33cb01c Merge "libcutils: write trace event into socket in container" 2017-08-04 00:50:59 +00:00
Treehugger Robot
90657bbeab Merge "Return correct error code when finish input length is too long." 2017-08-03 23:35:05 +00:00
Jocelyn Bohr
f1e5edf765 Return correct error code when finish input length is too long.
Bug: 63745895
Change-Id: I465bf9138a0a21363f89f2c6074f7108ee33af70
2017-08-03 13:59:10 -07:00
Chih-Hung Hsieh
e5d975c7cc Fix clang-tidy performance warnings in system/core.
* Use const reference parameter type to avoid unnecessary copy.
* Use more efficient overloaded string methods.

Bug: 30407689
Bug: 30411878
Test: build with WITH_TIDY=1
Change-Id: Ia5a00581e718d412255d6177e5a7c286cdfbec11
2017-08-03 13:58:05 -07:00
Christopher Ferris
172b1d0008 Merge "Add support for the new unwind method." 2017-08-03 19:08:34 +00:00
Yifan Hong
472808a570 Merge changes from topic 'libcutils_private_headers'
* changes:
  Remove private headers from libcutils.vendor
  Move android_filesystem_config.h => fs_config.h
2017-08-03 18:24:04 +00:00
Christopher Ferris
6f3981c181 Add support for the new unwind method.
Also add a comment to the GetElf function to indicate that it never returns
nullptr.

Also needed to add this library to the a million and one places that the vndk
has hard-coded this data.

Bug: 23762183

Test: Built, nothing uses the new code.
Test: However, I did run backtrace_test using this code, and all tests pass.
Change-Id: Ib270665dcb7a7607075e36d88be76dbde6e2faa8
(cherry picked from commit dc4104b720)
2017-08-03 10:15:44 -07:00
Earl Ou
e4030384c4 libcutils: write trace event into socket in container
When Android is running in a container, ftrace trace_marker may be
disabled, e.g. Chrome OS verified mode. To enable trace, a socket is
created for everyone to send trace event.

Modify libcutils so apps using it can write trace to the socket.

To achieve this goal without touching code for normal device,
trace-container.c is created for code specific to container. Shared
code between trace-dev.c and trace-container.c is moved to local
trace-dev.h.

Note that to avoid sharing FDs across different processes, Zygote closes
FD and reopen it to /dev/null if it is a socket. Therefore, we need to
manually close FD and reopen it again after forking. This is done in
the atrace_set_tracing_enabled as Zygote also use it to clear flags
during forking.

Related change:
- http://crrev.com/2400163003 (Chromium)
- http://ag/2028075 (Android system/core)
- http://ag/1738271 (Android device/google/cheets2)

Bug: 29776474, 62410809
Test: run chrome://tracing and see data from the host side.
Change-Id: I3fe969e284b972c28e4f32f23cd948aaea61a043
2017-08-03 15:16:44 +08:00
Treehugger Robot
5c655991f5 Merge "cutils: update property_get to use diagnose_if." 2017-08-03 02:15:54 +00:00