When a read request is for a single sector, and the sector is
block-aligned, it falls into the ReadAlignedSector path, which assumes
block-sized reads. Fix this by clamping the expected size.
Bug: 291862304
Test: manual test of ReadWorker::ReadAlignedSector
full OTA
Change-Id: I00e460c333e8a9a4dc2433443e3633f3d794da1d
The Trusty storage proxy requires that the suspend service is started to
acquire a wakelock for UFS RPMB operations. Without the binder thread
pool running, starting this service results in at least a 1s polling
delay. This change ensures that we start the thread pool before handling
any RPMB operations, so acquiring the wakelock will complete as soon as
the service is ready without needing to poll once per second.
Test: m storageproxyd
Test: Artificially delay suspend_service to check if we poll
Bug: 281951047
Change-Id: I1a4cdd48d57201b0cf9c24523d22e5bdbcea376a
VFIO nodes, both the container (`vfio`) node and group (numbered)
nodes, should be located in `/dev/vfio`. This change prevents
ueventd from flattening that structure.
Test: Bind a device to VFIO driver to create a VFIO group
Change-Id: I635e9febe6bb52718df263e735479f361eacad4c
Since Android 14, Android does not use fsverity builtin signatures.
(fsverity remains supported, but signatures are verified in userspace,
or fsverity is used for integrity-only use cases.) Therefore, the only
reason to still run 'fsverity_init --load-verified-keys' at boot time is
to ensure that old files can still be opened, if:
- They were created by Android 13 or earlier, with an fsverity builtin
signature by a key in /{system,product}/etc/security/fsverity/.
- *And*, the kernel still has CONFIG_FS_VERITY_BUILTIN_SIGNATURES=y.
However, it appears that this isn't actually needed anymore. Only two
features could potentially be affected: APK verity and updatable fonts.
APK verity wasn't widely rolled out before being disabled, and updatable
fonts have recovery logic in place for when the files cannot be opened.
And in any case, disabling CONFIG_FS_VERITY_BUILTIN_SIGNATURES in the
kernel is recommended and would avoid any problem.
Bug: 290064770
Test: presubmit
Change-Id: I3376c3f0b4b9bd4ba2fd614259522be0c1daafb6
Bug: 290835996
Test: libutils_fuzz_string8 for several minutes
String8::removeAll() has 2 serious problems:
1. When `other` is an empty string, `removeAll()` will loop infinitely
due to below process:
a) with `other` being empty string `""`, find() will call strstr()
on an empty string, which always returns `mString`, and thus
find() always return 0 in this case
b) with find() returns 0 for empty string, the next while loop in
String8::removeAll() will keep loop infinitely as `index` will
always be 0
This CL fixes this problem by returning true if `other` is an empty
string (i.e. `strlen(other) == 0`), this follows the logic that an
empty string will always be found and no actual remove needs to be
done.
2. When `other` is a NULL string, strstr() has undefined behavior. See
https://www.open-std.org/jtc1/sc22/wg14/www/docs/n1570.pdf.
This undefined behavior on Android unfortunately causes immediate
segmentation fault as the current `strstr` implementation in bionic
libc doesn't check `needle` being NULL, and an access to a NULL
location is performed to check if the `needle` string is an empty
string, and thus causes segmentation fault.
This CL gives an error message and aborts instead of having a
segfault, and to keep some backward compatibility.
This CL also adds test for String8::removeAll()
Change-Id: Ie2ccee6767efe0fed476db4ec6072717198279e9
adding --help documentation to fastboot for --disable-super-optimization
and --disable-fastboot-info
Test: fastboot -h
Change-Id: Ia8993b3894d302a63cc97796d66e0af3fb004eef
Currently all I/O is processed through BufferSink. However, the
allocation of buffers is implicit in low-level helper functions, which
have no knowledge of how much data will actually be sent. As a result,
"allocation of buffers" and "tracking of how many bytes were written" is
disjoint. This will make it very difficult to break dependence on
dm-user, without a much more complex API.
This patch refactors how BufferSink is used. First, GetPayloadBuffer has
been deprecated in favor of AcquireBuffer. AcquireBuffer performs both
allocation and write tracking. The number of bytes written is not
necessarily the number of bytes allocated, and the new API allows for
this.
The "Process" helpers now take in an explicit buffer, and their callers
are responsible for allocating a buffer. This allows for
ReadUnalignedSector to have proper buffer offset tracking.
Because write tracking is now accurate, no explicit size needs to be
passed to WriteDmUserPayload. It can simply read the current watermark
in BufferSink.
This patch also removes XorSink, since its dependence on BufferSink made
this change more difficult.
Bug: 288273605
Test: snapuserd_test
Change-Id: Id9ca5044f9c0386f351b250349793b6b276b01b7
One of the first ERROR messages in logcat of a normal boot of Cuttlefish
is from failure to open SEPolicy.zip. This condition is expected.
Therefore don't try to load SEPolicy.zip when it doesn't exist. This
replaces the following log messages:
0 0 I init : Error: Apex SEPolicy failed signature check
0 0 I init : Loading APEX Sepolicy from /system/etc/selinux/apex/SEPolicy.zip
0 0 E init : Failed to open package /system/etc/selinux/apex/SEPolicy.zip: No such file or directory
... with just:
0 0 I init : No APEX Sepolicy found
Change-Id: If3a77407c35130165df5782b9ef91912e8374dbf
