This change allows specifying additional avb keys to verify a fstab
entry. It can be used together with the original 'avb' flag. When both
'avb' and 'avb_keys' are present, it will try to use avb_keys to verify
this partition and extract the AVB descriptor from the end of it first.
When avb_key fails, it falls back to searching the AVB descriptor in the
built-in /vbmeta (and its chained partitions) with the matched partition
name.
An example of a fstab file:
system /system ext4 ro,barrier=1 wait,slotselect,avb=vbmeta,logical,first_stage_mount,avb_keys=/avb/gsi.avbpubkey
vendor /vendor ext4 ro,barrier=1 wait,slotselect,avb,logical,first_stage_mount
The overhead of adding an additional 'avb_keys' should not be significant,
as the typical size of a AVB Hashtree descriptor for /system is usually
less than 1000 bytes. e.g., on crosshatch, it's about 600 bytes, which
takes less than 1 millisecond for the following call to return failure.
auto avb_standalone_handle = AvbHandle::LoadAndVerifyVbmeta(*fstab_entry);
We also checked the time spent on init's first stage on crosshatch, with the
following CL to set ro.boottime.init.first_stage. The testing result
shows no significant difference between them as well.
https://android-review.googlesource.com/c/platform/system/core/+/934536
With an additional avb_keys entry for /system
[ro.boottime.init.first_stage]: [728]
[ro.boottime.init.first_stage]: [720]
[ro.boottime.init.first_stage]: [722]
Without an additional avb_keys entry for /system
[ro.boottime.init.first_stage]: [730]
[ro.boottime.init.first_stage]: [728]
[ro.boottime.init.first_stage]: [725]
Bug: 124491153
Test: boot a device with above fstab settings
Change-Id: I0c81f816efb0dd40c93da2df304f2e215df9d105
Also, print key id in padd/add like keyctl(1). This makes local
debugging and integration test easier.
Test: run all commands manually in shell, see expected output
Bug: None
Change-Id: I6be6ea9e273e80e7d5848da5cf348da8308a62c1
Vendor must be a logical partition and boot must not be a logical
partition.
Test: fuzzy_fastboot --gtest_filter=*Logical*
Bug: 117220134
Change-Id: Ifc6f2f715ca92cd1fe779e8fce2d6a10a1f140b9
converting from a size_t to a uint8_t results in a loss of precision,
which triggers ubsan's implicit-unsigned-integer-truncation checker.
Make the conversion explicit.
This change allows the ziparchive-tests to pass with ubsan enabled.
Test: atest ziparchive-tests
Test: compiles and boots
Bug: 122975762
Change-Id: I63f28b58f1ca1f4c57323494cb1f4a41e0f34fba
Although ubsan's implicit-unsigned-integer-truncation sanitizer may be
happy, this code still performs an implicit conversion from a wider
width data structure to a narrower width data structure. Rather than
masking the bits, make the conversion explicit. This keeps ubsan happy
as well as addressing a -Wconversion warning.
This change addresses comments from the post-submit review
of a4e5433660.
Test: compiles and boots.
Bug: 122975762
Change-Id: I1fa6d6f8a6fcfb93ba9916b7d2b3564ca1d8caf3
Add a new ashmem_init function that only dlopens libashmemd_client.
This allows the library to be preloaded in the zygote.
Test: boots, works
Bug: 129543489
Change-Id: Ie106791edf381654f085203c266c9f9c0df35cfc
std::hash returns a 64 bit value, which is truncated to a 32 bit value
in ComputeHash. ubsan's implicit-unsigned-integer-truncation doesn't
like this implicit truncation and crashes the program. Explicitly strip
off the top order bits after computing the hash.
Remove the windows specific version of the hash computation. The windows
compile now uses clang, so this code is obsolete. This also avoids us
having to add __attribute__((no_sanitize("integer"))) to the windows
code.
This is needed to support Android booting with ubsan's
implicit-unsigned-integer-truncation option enabled.
Test: compiles and boots
Bug: 122975762
Change-Id: I2f05fbf5ffee8e90a66a6fda32e80de9cca246c0
- Rename SparseBuilder to ImageBuilder, WriteSplitSparseFiles
to WriteSplitImageFiles, WriteToSparseFile to WriteToImageFile, etc.
- Add sparsify argument to ImageBuilder, WriteToImageFile, and
WriteSplitImageFiles
This allows lpmake to write non-sparse super image directly. Virtual
devices needs non-sparse images to work on.
Test: lpmake without --sparse
Test: liblp_test
Bug: 120041578
Change-Id: I76ee09efd02df7caaa8abd37a55ae0bebf9cfa29
The purpose of having fine grain read/write control over the property
space is to help ensure the confidentiality of data stored in
properties. Leaking property values into the dmesg buffer on errors
exposes the value outside of the access control rules specified by
policy.
(arguably this is also true for the property name, not just the value.
However, property names are exposed in other places now, so the
incentive to fix this is lower. It would also take away a valuable
debugging tool.)
Test: compiles
Change-Id: I4a0634b8b5e4fd2edf718eaf7343940df627366d
This is required for read() to function correctly
in Windows since it behaves differently in text mode and
binary mode and may cause unpredictable behavior depending
on the contents of the image file.
Bug: 129281908
Test: fastboot.exe flashall
Change-Id: I64370af44a050bafea60ff1b0b2be18cc531480a
Update unit tests and add new build id displaying in offline unwinds.
Bug: 129873279
Test: All unit tests pass.
Test: Verify that debuggerd displays build id properly.
Change-Id: I97f4a204842447a20c812f535a458155b937d5e1
- If file is unlinked, the mmapped region is still there.
- If file is truncated, a SIGBUS will be seen, and holding
the fd doesn't help.
Test: boots (sanity)
Bug: 123664216
Change-Id: I6683804bc795fab6798891a4471e5fe58fbffe13
Unblocked the previous error we are now reaching the
default 5min timeout which is too short for this test.
Increase it to 1h.
Test: None
Bug: 117670584
Change-Id: I7fe40e54a7fb978392ee919226c0f05413e7349e
Use the LL-NDK library to read cgroup.rc.
As a side-effect, the CgroupController class is changed
to a wrapper of ACgroupController* from the library. The
class itself essentially becomes the pointer, and can be
trivially copied. Modify all client code for this change.
Test: builds and boots
Bug: 123664216
Change-Id: I635d9885db62e82f37421f6d20f59c84a6f4cbb2
Merged-In: I635d9885db62e82f37421f6d20f59c84a6f4cbb2
