Invent keyutils.h to supply capability to set session keyring.
The keyring will hold things like the FBE encryption keys.
Test: gTest logd-unit-tests --gtest_filter=logd.statistics
Bug: 37751120
Bug: 36645158
Change-Id: Ieb44fa8f53dda6cf506a6243498c72d7f7f3cde7
For legacy reason, /data/data is a real dir and /data/user/0 is a
symbolic link to it. Overhead for linux kernel to walk through
symbolic link is not negligible. This is unnessary overhead to
carry over. This patch is to make /data/user/0 a a real dir and
make legacy folder /data/data a symbolic link. OTAed system does
not get impacted.
Test: Manual test
Change-Id: I419564a75f6ebf3154badb8725ba9831164592b6
Signed-off-by: cjbao <cathy.bao@intel.com>
Refine DAC security surrounding logd.daemon worker thread and add a
positive test for logd failure to access /data/system/packages.list.
- Add AID_PACKAGE_INFO to groups of worker thread.
- Move AID_SYSTEM to groups, setgid to AID_LOGD.
- Do not drop capabilities until after setting the uid and gids.
- Add a test that is part of logd.statistics test to check when
packagelistparser appears broken.
- If /data/system/packages.list is encrypted, ensure we do not pick
up the existing inode to ensure strong positive when finding access
problems.
- Replace all occurrences of NULL with nullptr in gTest code for
compliance with best practices.
Test: gTest logd-unit-tests --gtest_filter=logd.statistics
(expect consistent failure, later CLs fix)
Bug: 37751120
Bug: 36645158
Change-Id: I01b26fe5e25203246ae432d272c8daa9c07cab54
Delete the sysdeps/mutex tests that -Wthread-safety complains about.
We're using the standard library's std::mutex on all platforms now,
anyway.
Test: mma
Change-Id: I3bf958c72604b29dfb1d9c898d3c9aa34aed2685
Similar to what installkey used to do, init_user0 forks and
synchronously waits for vdc to return. This is dangerous to do in
init however as init also processes properties from a single thread.
I'm not aware of any specific issues that this is currently causing,
but it's a good preventative measure to match what installkey does and
use do_exec().
Test: Boot bullhead, see that init_user0 still happens
Change-Id: I853c61594fe3d97e91bbb2319ebddf2bbe80d457
Previously, adb was assuming a fixed maximum packet size of 1024 bytes
(the value for an endpoint connected via USB 3.0). When connected to an
endpoint that has an actual maximum packet size of 512 bytes (i.e.
every single device over USB 2.0), the following could occur:
device sends amessage with 512 byte payload
client reads amessage
client tries to read payload with a length of 1024
In this scenario, the kernel will block, waiting for an additional
packet which won't arrive until something else gets sent across the
wire, which will result in the previous read failing, and the new
packet being dropped.
Bug: http://b/37783561
Test: python test_device.py on linux/darwin, with native/libusb
Change-Id: I556f5344945e22dd1533b076f662a97eea24628e
Move the name of the "private/libc_logging.h" header to <async_safe/log.h>.
For use of libc_malloc_debug_backtrace, remove the libc_logging library.
The library now includes the async safe log functions.
Remove the references to libc_logging.cpp in liblog, it isn't needed because
the code is already protected by a check of the __ANDROID__ define.
Test: Compiled and boot bullhead device.
Test: Run debuggerd unit tests.
Test: Run liblog unit tests on target and host.
Test: Run libmemunreachable unit tests (these tests are flaky though).
Change-Id: Ie79d7274febc31f210b610a2c4da958b5304e402
Rather than quietly fall through to the legacy code with no explanation,
say why the first connection failed, and that the second attempt is only
going to be relevant for folks trying to sideload to a pre-KitKit device.
Before:
$ adb sideload mysid-ota-424425.zip
opening 'mysid-ota-424425.zip'...
connecting...
falling back to older sideload method...
error: closed
After:
$ adb sideload mysid-ota-424425.zip
adb: sideload connection failed: no devices/emulators found
adb: trying pre-KitKat sideload method...
adb: pre-KitKat sideload connection failed: no devices/emulators found
Also switch the legacy code to just read+write blocks rather than trying to
load the whole OTA package into RAM (which is in short supply on Win32).
This is probably of no practical use other than that it lets us report a
better error message (better than "terminate called after throwing an
instance of 'std::bad_alloc'").
Bug: https://issuetracker.google.com/37139736
Test: "adb sideload" with no device/a mysid/an angler
Change-Id: Ia568044aac61bd054301ebfd7fcd5ad5d6f3147a
The previous fix was taking account just the progress reported by dumpstate,
not progress/percentage. As such, it was not detecting the cases where the
percentage decreased but the progress didn't.
Bug: 37878670
Test: m -j32 adb_test && ./out/host/linux-x86/nativetest64/adb_test/adb_test --gtest_filter=BugreportTest.*
Change-Id: I5830028f3191a9b17f63aeed5c049b29fa7d1179
It has been reported that fs_mgr failed to open /dev/device-mapper
during the first stage mount. It's because other uevent (e.g., i2c
charger device) happens to be sent at the same time we're triggering
the device-mapper uevent to be sent. Current implementation returns
COLDBOOT_STOP unconditionally so it will only process the first received
uevent, leaving device-mapper uevent unhandled when the race happens.
Fix this by only returning COLDBOOT_STOP when the received uevent->path
matches that of device mapper.
Bug: 37745254
Test: first stage mount /vendor with vboot 2.0 (avb) on bullhead
Test: first stage mount /vendor with vboot 1.0 on sailfish
Change-Id: I4a77093ec8f90a5ca981a088f34d082d0270533b
Link with libavb_user and use this to enable/disable dm-verity if AVB
is in use.
Bug: 34124301
Test: Manually tested.
Change-Id: Ic03651312b955081cb3c126f6dafc46d6eeec0da
So a caller of native_handle_clone can trust errno to be relevant.
Bug: http://b/37215366
Test: builds
Change-Id: I0992f38ad559db4a02fce07123842dbad8e3f473
Init exposes a global 'sehandle' that ueventd references as part of
devices.cpp and util.cpp. This is particularly dangerous in
device_init() in which both uevent and init write to this global.
This change creates a separate local copy for devices.cpp and puts
restrictions on where init.h can be included to make sure the global
used by init is not reference by non-init code. Future changes to
init should remove this global.
Test: Boot bullhead
Change-Id: Ifefa9e1932e9d647d06cca2618f5c8e5a7a85460
In N we moved some code from C to C++ without realizing that EVP_EncodedLength
includes space for a terminating NUL and EVP_EncodeBlock writes one. Because
our key reading code copes with the NUL, we never noticed.
Distinguish between the required space returned by EVP_EncodedLength and the
actual number of bytes (not including NUL) used return by EVP_EncodeBlock.
Bug: http://b/36187819
Test: hexdump of ~/.android/adbkey.pub
Change-Id: I81a487ddbb5c884593b6426d1f41cfaece26ff90
Add unit test to ensure all POD types of Service are initialized.
Bug: 37855222
Test: Ensure bugreport is triggered via keychord properly.
Test: New unit tests
Change-Id: If2cfea15a74ab417a7b909a60c264cb8eb990de7
Remove -p (which only applied to "adb sync"), explicitly mention
$ANDROID_PRODUCT_OUT in the "adb sync" help text, and add "adb sync all"
as a synonym for "adb sync" for ease of documentation.
Bug: http://b/33761074
Test: "adb sync" still works, "adb --help" looks good
Change-Id: Ie5b2459a7e5e4140298f78815be25fa7c7bb47d0
An forward declaration for a function that was removed in later
patchsets was merged anyway. Since it's not used anywhere, this CL
removes it.
Test: build bullhead
Change-Id: Ie7223f7d23305b71438cb063b64a574ce32f96bb
Reloading sepolicy has been removed from the system, so this support
code can also now be removed.
Bug: 26544104
Test: Boot bullhead
Change-Id: If9dbc9d540d9a69340c1dd6a483c1f8fe5feb287
This ensures that future operations (e.g. function pointers in the
AvbOps struct) added to AvbOps are set to NULL.
Bug: 37709309
Test: Manually tested on UEFI-based bootloader.
Change-Id: If83ea57b7abad94e472768c594efa210e3351a4d
