Added SPDX-license-identifier-Apache-2.0 to:
rootdir/Android.mk
Bug: 68860345
Bug: 151177513
Bug: 151953481
Test: m all
Change-Id: I19aaea76a932cc928bbc178c01a33fdc98b0cf16
Currently, debuggerd tells the teacher that an app that received a fatal
signal. On the playground, dobbing on a process that doesn't actually
need to be killed is considered a friendship-ending move.
Because recoverable GWP-ASan is *supposed* to not crash your app,
suppress this behaviour and don't let ActivityManager know about the
crash.
Bug: N/A
Test: Run a use-after-free in an app that's using recoverable GWP-ASan,
through the 'libc.debug.gwp_asan.recoverable.<app_name>=1' and
'libc.debug.gwp_asan.process_sampling.<app_name>=1' sysprops.
Change-Id: I033ea67d577573df10936e37db7302d4f4bc0069
These tests have historically been pretty flaky, and have gone through a
few rounds of improvement. This is yet another: remove the
parameterization, so we can test that at least one variant of the test
succeeds, rather than all of them.
Filesystems (especially F2FS) have a lot going on underneath the hood,
and there's no guarantee that precise free space can be allocated,
measured, or relied upon in the ways this test expects. And all that we
really need to test is that some kind of out-of-space error can be
triggered.
Bug: 266645706
Test: vts_libsnapshot_test
Change-Id: I9620e5b496d5020b21cc37074e87dd21fc419ed2
Adds a background watchdog thread to the Trusty storageproxy to monitor
and log any requests that are delayed for too long. This is intended to
assist in recognizing and debugging any sources of hangs related to
servicing Trusty storage requests in Android.
Test: Add sleep() and run trusty storage tests
Bug: 266595872
Change-Id: I98dfaff0dff04f97d5c657ee131e746f63b39739
This reverts commit 3e6c9dbee8.
Reason for revert: This is breaking boot on several devices.
Bug: 267836481
Bug: 261678056
Change-Id: I67c4b784936828c448a53e3092af70d949fcbc65
So fastboot_driver.h includes <android-base/logging.h>, but that
file has a dependency on <android-base/endian.h>. So if
fastboot_driver.h gets included somewhere before
<android-base/endian.h>, it results in *very* opaque error
message:
system/core/fastboot/fastboot.cpp:1490:9: error: expected unqualified-id
LOG(VERBOSE) << "Cannot optimize flashing super on non-AB device";
^
system/libbase/include/android-base/logging.h:221:23: note: expanded from macro 'LOG'
^
system/libbase/include/android-base/logging.h:227:4: note: expanded from macro 'LOGGING_PREAMBLE'
(WOULD_LOG(severity) && \
^
system/libbase/include/android-base/logging.h:202:40: note: expanded from macro 'WOULD_LOG'
(UNLIKELY(::android::base::ShouldLog(SEVERITY_LAMBDA(severity), _LOG_TAG_INTERNAL)) || \
^
system/libbase/include/android-base/logging.h:174:26: note: expanded from macro 'SEVERITY_LAMBDA'
using ::android::base::ERROR; \
^
prebuilts/gcc/linux-x86/host/x86_64-w64-mingw32-4.8/x86_64-w64-mingw32/include/wingdi.h:75:15: note: expanded from macro 'ERROR'
^
This patch includes <android-base/endian.h> before
<android-base/logging.h> to avoid this issue.
Reported-by: Daniel Zheng <zhengdaniel@google.com>
Signed-off-by: John Stultz <jstultz@google.com>
Change-Id: I8752f2cdbef5b13901f0f4e8adfe60a21db785b6
We want to set the contents of "out_size_num_byte", and not
the pointer value, in the error case.
Bug: 266757931
Change-Id: I02edddcbcc4fc80dbb61efe8dc7c45bd3ce1c904
Test: TreeHugger
Recoverable GWP-ASan is a mode landed upstream in
https://reviews.llvm.org/D140173. For more information about why/what it
is, see
https://android-review.git.corp.google.com/c/platform/bionic/+/2394588.
This patch makes debuggerd call the required libc callbacks for GWP-ASan
to recover from the memory corruption. It also adds the functionality
that libart/sigchain eventually ends up calling, which dumps a GWP-ASan
report for the first error encountered.
Test: Build the platform, run sanitizer-status in recoverable mode,
asserting that it doesn't crash but we get a debuggerd report.
Bug: 247012630
Change-Id: I27212f7250844c20a8fd1e961417cdb4e5bd3626
* changes:
fastboot: Move some helpers into util.h/.cpp.
fastboot: Allow using LOG().
fastboot: Use RAII for sparse_file objects.
liblp: Add a helper class for building sparse-compatible super image layouts.
Reboots to fastbootd (userspace fastboot) take a long time, particularly
due to the orange AVB screen and the likelihood of devices having uart
enabled. For "flashall", there is rarely a need to actually go into
userspace, because all of super is getting thrown away. We can just
flash super in the bootloader.
In the past we didn't do this because computing super.img is expensive -
both in terms of time (due to reading dependent images) and in terms of
space (it's easily over 5GB).
But we don't actually need to fully compute super.img. We can build a
sparse_file containing the metadata/headers, with additional references
to each image file containing partition data. Liblp provides the API to
do that, and here, we simply need to translate the layout to libsparse.
On Pixel, this reduces flashall time by around 35-50 seconds, or around
20% of total time, depending on whether uart is in use.
There are some caveats, in which case we'll fall back to normal
fastbootd. This does not work on non-A/B devices, on retrofit dynamic
partition devices (Pixel 3), and in some other edge-casey scenarios. If
it fails, -v will add logging information about why.
Bue: 266982466
Test: fastboot flashall on Pixel 5+
Change-Id: Ie040da597d739faa7f834202184cec8f8e412076
The die() and verbose() macros are not really standard for AOSP. To
allow a gradual transition off them, call InitLogging on startup. This
will also allow seeing liblp logs when -v is passed.
Bug: 266982466
Test: builds
Change-Id: I74278bb5f698edb0dc81477a575b130b0bd11cdf
Powerloss of OS failure occurs when super is merging,
then the device can't bring up again for no lp_metadata sync,
so make lp_metadata sync in time.
Change-Id: I1ea31662b838e35022a566b614796f2d5e05df4b
Signed-off-by: Jia Jia <jia.jia@zte.com.cn>
get_sched_policy uses the cpuset policy as fallback if the cpu cgroup
is not recognized. Pixel is currently not using the cpu cgroup for
background policy due to b/208895940.
Bug: 265852986
Test: atest libcutils_test:libcutils_test.SchedPolicy#set_sched_policy -- --abi arm64-v8a
Change-Id: Ia77ace7513c48b1a14290c6ecc0222b46d6bf927
Signed-off-by: Edward Liaw <edliaw@google.com>
This class helps export a list of regions comprising a super partition,
and what the contents of those regions should be. It is very similar to
ImageBuilder, except that it does not require actual partition image
files, nor does it actually write an image file to disk.
The goal is to support building an in-memory super image that uses as
little memory and backing storage as possible. For example, fastboot can
use this to upload a super image without having to read and write
gigabytes of unnecessary data.
Since the goal is to optimize fastboot, we've taken some shortcuts here.
Retrofit devices and other edge-casey behavior are safely rejected. We
also don't rely on libsparse behavior here, and attempt to make the
translation to sparse records as trivial as possible, by explicitly
declaring where fill/dontcare gaps are, and only exporting 4KB aligned
regions. Hopefully this will allow the code to be portable to
non-fastboot consumers.
Bug: 266982466
Test: liblp_test
Change-Id: I1b41d233bc4512c4b62e19603e8e77bc5867cfab
When moving to a proto tombstone, backtraces no longer contain
an offset when a frame is in a shared library from an apk.
Add the offset display again if needed, and add a test to
verify this behavior.
Bug: 267341682
Test: All unit tests pass.
Test: Dumped a process running through an apk to verify the offset
Test: is present.
Change-Id: Ib720ccb5bfcc8531d1e407f3d01817e8a0b9128c
This might allow avb to save some memory by only allocate as much memory
needed to hold the partition data, instead of allocating for maximum
possible partition size(64K).
Bug: 266757931
Change-Id: I82a4b1ba3544910072050e45a7cb91e0dcbc4d05
PropertyInit loads the build.prop files and set the system properties.
Set the SELinux log callback before that to show the avc denials for debugging.
Test: $ make init_system
Push this module and ensure system property set denials are shown during boot
Bug: 185920634
Bug: 211547922
Change-Id: If9f34d469d3da2ebdfe64bb611de85a3ca37e000
This is but a cosmetic change. Before:
> [libfs_mgr]__mount(...
After:
> [libfs_mgr] __mount(...
Also change liblp, libfs_avb and libvbmeta.
Bug: 241688845
Test: Presubmit
Change-Id: I7d408a94a7fe279d9b65d699e22159b167f34526
Grant read/write access to anyone for /data/misc/wmtrace folder on
debuggable builds, it's further protected by the selinux policy.
This is to allow systemui process to write proto logs to the same folder
on device as WindowManager, both can contribute to the transitions like
PiP, Split-Screen and etc.
Bug: 251513116
Test: adb shell dumpsys activity service SystemUIService \
WMShell protolog [start | stop]
Change-Id: Ice57efa17c61d132b02c0a11a762c24d772bd90a
Make the module directory optional by reading the kernel release
version. This path is where the kernel installs modules by default.
Similar behaviour can be found in several modprobe implementations.
Bug: 254835242
Change-Id: I61707636705e5b4d9bd8ccf6351e7057eae6bcf5
Resolves a pair of TODO's, and makes a pair of error return
code paths not return null function pointers.
Note that:
system/netd/client/NetdClient.cpp
implements this as:
int checkSocket(int socketFd) {
if (socketFd < 0) {
return -EBADF;
}
int family;
socklen_t familyLen = sizeof(family);
if (getsockopt(socketFd, SOL_SOCKET, SO_DOMAIN, &family, &familyLen) == -1) {
return -errno;
}
if (!FwmarkClient::shouldSetFwmark(family)) {
return -EAFNOSUPPORT;
}
return 0;
}
$define CHECK_SOCKET_IS_MARKABLE(sock) \
do { \
int err = checkSocket(sock); \
if (err) return err; \
} while (false)
extern "C" int tagSocket(int socketFd, uint32_t tag, uid_t uid) {
CHECK_SOCKET_IS_MARKABLE(socketFd);
FwmarkCommand command = {FwmarkCommand::TAG_SOCKET, 0, uid, tag};
return FwmarkClient().send(&command, socketFd, nullptr);
}
extern "C" int untagSocket(int socketFd) {
CHECK_SOCKET_IS_MARKABLE(socketFd);
FwmarkCommand command = {FwmarkCommand::UNTAG_SOCKET, 0, 0, 0};
return FwmarkClient().send(&command, socketFd, nullptr);
}
which means it *already* verifies that the passed in sockfd
is >= 0 and a socket via getsockopt(SOL_SOCKET, SO_DOMAIN),
as such the 'fcntl(sockfd, F_GETFD)' check is spurious.
Test: TreeHugger
Signed-off-by: Maciej Żenczykowski <maze@google.com>
Change-Id: I91ef68be5b0cc6b1972d514c13a76eaf834a3d5d
