If signature verification fails and we have an error corrected
signature available, attempt to verify that instead.
Needs changes from
Ie913c21ba1d07d6df4c6feeb7226b2ec963f4d19
Bug: 28943429
Change-Id: I7d48701916fe430b17aa05acb120f22a1802733d
When non-interactive sessions exit via Ctrl+C, adbd sends SIGHUP
to the child process to let it know to exit. However, adbd was not
closing the pipes to the child process, so if the subprocess ignored
SIGHUP and continued writing it could fill up the pipe and block
forever while adbd waits for it to exit.
This CL adds the necessary calls to close the subprocess pipe after
sending SIGHUP.
Bug: 28981563
Change-Id: I318e322e563241052648361172f4859c297837fb
(cherry picked from commit f2aa186c7b)
(Cherry picked from commit 2b22a66382)
This adds a system property for controlling unprivileged access to
perf_event_paranoid. It depends on adding kernel support for
perf_event_paranoid=3 based on grsecurity's PERF_HARDEN feature to
completely disable unprivileged access to perf. A minimal port of this
feature is used in the vanilla Debian kernel by default.
It hides the non-hardened value as an implementation detail, since while
it is currently 1, it will probably become 2 in the future.
Bug: 29054680
Change-Id: I6e3ae3cf18d8c76df94f879c34fb6fde519b89a9
Emulator console now requires authentication; this means
'adb emu ...' commands silently fail because of it.
This CL adds an 'auth <token>' command to each user command,
making sure it won't be silently ignored.
Bug: https://code.google.com/p/android/issues/detail?id=211233
Change-Id: Id9ca4999fd2e6393cc88278eaf444243e13c0ec0
Since linker-namespaces are enabled for all target_sdk_versions
and there is no longer need in workarounds in libnativeloader -
remove unused target_sdk_version parameter for internal calls.
This also brings libnativeloader closer to aosp/master
Bug: http://b/26040253
Change-Id: I7d6f6ac31be0dca5f3c3f6ea20e6cc87ce3a3c7f
Add comment that SharedBuffer is deprecated.
Both aref and SharedBuffer had memory ordering bugs. Aref has no
clients.
SharedBuffer had several bugs, which are fixed here:
mRefs was declared neither volatile, not atomic, allowing the
compiler to, for example, reuse a stale previously loaded value.
It used the default android_atomic release memory ordering, which
is insufficient for reference count decrements.
It used an ordinary memory read in onlyOwner() to check whether
an object is safe to deallocate, without any attempt to ensure
memory ordering.
Comments claimed that SharedBuffer was exactly 16 bytes, but
this was neither checked, nor correct on 64-bit platforms.
This turns mRef into a std::atomic and removes the android_atomic
dependency.
Bug: 28826227
Change-Id: I39fa0b4f70ac0471b14ad274806fc4e0c0802e78
(cherry picked from commit 3e4c076ef2)
Convert to use std::atomic directly.
Consistently use relaxed ordering for increments, release ordering
for decrements, and an added acquire fence when the count goes to
zero.
Fix what looks like another race in attemptIncStrong:
It seems entirely possible that the final adjustment for
INITIAL_STRONG_VALUE would see e.g. INITIAL_STRONG_VALUE + 1,
since we could be running in the middle of another initial
increment.
Attempt to somewhat document what this actually does, and
what's expected from the client. Hide the documentation in
the .cpp file for now.
Remove a confusing redundant test in decWeak. OBJECT_LIFETIME_STRONG
and OBJECT_LIFETIME_WEAK are the only options, in spite of some
of the original comments.
It's conceivable that either of these issues has resulted in
actual crashes, though I would guess the probability is small.
It's hard enough to reason about this code without the bugs.
Bug: 28705989
Change-Id: I4107a56c3fc0fdb7ee17fc8a8f0dd7fb128af9d8
(cherry picked from commit e263e6c633)
* changes:
adb: use asocket's close function when closing.
adb: switch the socket list mutex to a recursive_mutex.
adb: clang-format sockets.cpp.
adb: add implementations of mutex, recursive_mutex.
close_all_sockets was assuming that all registered local sockets used
local_socket_close as their close function. However, this is not true
for JDWP sockets.
Bug: http://b/28347842
Change-Id: I40a1174845cd33f15f30ce70828a7081cd5a087e
(cherry picked from commit 53eb31d87c)
sockets.cpp was branching on whether a socket close function was
local_socket_close in order to avoid a potential deadlock if the socket
list lock was held while closing a peer socket.
Bug: http://b/28347842
Change-Id: I5e56f17fa54275284787f0f1dc150d1960256ab3
(cherry picked from commit 9b587dec6d)
Our version of mingw doesn't support std::mutex or
std::recursive_mutex, so implement our own using the Windows primitives.
Bug: http://b/28347842
Change-Id: I4e1d56a89bc5fcb5f859bf5014343697a4a85b77
(cherry picked from commit 903b749f78)
This change allows applications to share RTLD_GLOBAL
native libraries between namespaces associated with
different classloaders.
The rule is - if a library is GLOBAL within namespace
associated with parent classloader, it is shared
with namespace associated with this classloader
Note that the sharing happens on create_namespace
event, which is tied to createClassloader in case of
application classloaders created by the framework, for
custom application classloaders it is tied to first
loadLibrary() event.
Bug: http://b/28560538
Bug: https://code.google.com/p/android/issues/detail?id=208458
Change-Id: I7ee701166f8ec5eff033b7acc0f80c7aa4ec5bda
(cherry picked from commit 24db75c1ce)
Now that we have the fixed list of whitelisted libraries
there is no longer need to check if java_permitted_path is nullptr.
In fact checking it prevents custom classloaders created by apps
from loading libraries using absolute path.
Bug: http://b/28659864
Change-Id: I1bfc16a573b090f70f078ecccd0e4016939a5dc0
(cherry picked from commit b31caa95ec)
strcmp needs a limit, otherwise it will compare the null terminator
with the next character in the haystack, which results in the compare
failing for all searches except where the needle is found at the very
end.
Bug: 28663748
Change-Id: I1939dc4037c2f2a75d617943b063d2d38a8c5e3a
setting fake properties.
healthd used to check for registered charger drivers to determine if the
device is an always-plugged device with no battery. This patch changes
it to check for battery instead.
Change-Id: Ie4ff5d3f21dc1a83a780a41eb0c929f66b86d631
Signed-off-by: Ruchi Kandoi <kandoiruchi@google.com>
(cherry picked from commit fabd490f58)
They are intended for platform use only and we shouldn't have them
in the public header file. This CL moves them to libnativeloader
private header file.
Bug: http://b/28174921
Change-Id: I01cf446d2d8d7cf6f9e31130aa3d4e54fbbbb9fc
(cherry picked from commit 6796522256)
Passing empty permitted path should result in no-op.
This addresses review comment on CL with commit
f334cbf0e1
Bug: http://b/28639227
Change-Id: I4a4540e522e90a145a374939921932c86f35e88d
If we fail to set a crypto policy on a system-DE directory, this is a
serious and unrecoverable condition; the only way forward is to erase
the entire device. In a future commit we will also allow users the
option of booting again.
Bug: 28318405
Change-Id: Iff1e52c5bbee1beed29dc4b609d24bfeb7d138da
Apps on sdcard live under /mnt/expand and therefore
this directory should be under linker namespaces
permitted_path.
Bug: http://b/28639227
Change-Id: I462f9f23656c95d9c2a48bb3f513abcd9d08f340
When user creates custom classloader which does not extend
BaseDexClassLoader the librarySearchPath gets set to null
by java.lang.Runtime.doLoad().
This patch makes nativeloader correctly handle it.
Bug: http://b/28659864
Change-Id: I1b61c6bc952984d7c49775a9178fc3270948e62a
(cherry picked from commit 8a0425b86a)
