Merge changes I1da95645,I1a2219b5,I57dbf204
* changes:
libsnapshot: Fix incorrect CHECK in PerformInitTransition().
libsnapshot: Propagate the compression bit across state changes.
libsnapshot: Adjust partition sizes so tests pass with or without compression.
diff --git a/debuggerd/debuggerd_test.cpp b/debuggerd/debuggerd_test.cpp
index 7938a61..45e555f 100644
--- a/debuggerd/debuggerd_test.cpp
+++ b/debuggerd/debuggerd_test.cpp
@@ -16,6 +16,7 @@
#include <err.h>
#include <fcntl.h>
+#include <malloc.h>
#include <stdlib.h>
#include <sys/capability.h>
#include <sys/mman.h>
@@ -32,7 +33,6 @@
#include <android/fdsan.h>
#include <android/set_abort_message.h>
-#include <bionic/malloc.h>
#include <bionic/mte.h>
#include <bionic/reserved_signals.h>
@@ -385,8 +385,7 @@
#if defined(__aarch64__)
static void SetTagCheckingLevelSync() {
- HeapTaggingLevel heap_tagging_level = M_HEAP_TAGGING_LEVEL_SYNC;
- if (!android_mallopt(M_SET_HEAP_TAGGING_LEVEL, &heap_tagging_level, sizeof(heap_tagging_level))) {
+ if (mallopt(M_BIONIC_SET_HEAP_TAGGING_LEVEL, M_HEAP_TAGGING_LEVEL_SYNC) == 0) {
abort();
}
}
diff --git a/fastboot/fastboot.bash b/fastboot/fastboot.bash
index 406e8b8..f5a3384 100644
--- a/fastboot/fastboot.bash
+++ b/fastboot/fastboot.bash
@@ -109,7 +109,7 @@
cur="${COMP_WORDS[COMP_CWORD]}"
if [[ $i -eq $COMP_CWORD ]]; then
- partitions="boot bootloader dtbo modem odm odm_dlkm oem product radio recovery system vbmeta vendor vendor_dlkm"
+ partitions="boot bootloader dtbo modem odm odm_dlkm oem product pvmfw radio recovery system vbmeta vendor vendor_dlkm"
COMPREPLY=( $(compgen -W "$partitions" -- $cur) )
else
_fastboot_util_complete_local_file "${cur}" '!*.img'
diff --git a/fastboot/fastboot.cpp b/fastboot/fastboot.cpp
index 62f6ac7..f7edf8e 100644
--- a/fastboot/fastboot.cpp
+++ b/fastboot/fastboot.cpp
@@ -147,6 +147,7 @@
{ "odm", "odm.img", "odm.sig", "odm", true, ImageType::Normal },
{ "odm_dlkm", "odm_dlkm.img", "odm_dlkm.sig", "odm_dlkm", true, ImageType::Normal },
{ "product", "product.img", "product.sig", "product", true, ImageType::Normal },
+ { "pvmfw", "pvmfw.img", "pvmfw.sig", "pvmfw", true, ImageType::BootCritical },
{ "recovery", "recovery.img", "recovery.sig", "recovery", true, ImageType::BootCritical },
{ "super", "super.img", "super.sig", "super", true, ImageType::Extra },
{ "system", "system.img", "system.sig", "system", false, ImageType::Normal },
diff --git a/libcutils/Android.bp b/libcutils/Android.bp
index cf809f1..d46aeab 100644
--- a/libcutils/Android.bp
+++ b/libcutils/Android.bp
@@ -210,9 +210,6 @@
"uevent.cpp",
],
},
- bionic: {
- header_libs: ["bionic_libc_platform_headers"],
- },
android_arm: {
sanitize: {
diff --git a/libcutils/memory.cpp b/libcutils/memory.cpp
index f526520..5a410c2 100644
--- a/libcutils/memory.cpp
+++ b/libcutils/memory.cpp
@@ -18,19 +18,18 @@
#include <log/log.h>
-#ifdef __BIONIC__
-#include <bionic/malloc.h>
+#if !defined(__APPLE__)
+#include <malloc.h>
#endif
void process_disable_memory_mitigations() {
bool success = false;
#ifdef __BIONIC__
- // TODO(b/158870657) is fixed and scudo is used globally, we can assert when an
- // an error is returned.
-
- success = android_mallopt(M_DISABLE_MEMORY_MITIGATIONS, nullptr, 0);
+ success = mallopt(M_BIONIC_DISABLE_MEMORY_MITIGATIONS, 0);
#endif
+ // TODO: if b/158870657 is fixed and scudo is used globally,
+ // we can assert on failure rather than just log.
if (success) {
ALOGI("Disabled memory mitigations for process.");
} else {
diff --git a/libprocessgroup/cgroup_map.cpp b/libprocessgroup/cgroup_map.cpp
index b82b0ab..5ca0967 100644
--- a/libprocessgroup/cgroup_map.cpp
+++ b/libprocessgroup/cgroup_map.cpp
@@ -71,7 +71,7 @@
if (!HasValue()) return false;
if (state_ == UNKNOWN) {
- if (ACgroupController_getFlags != nullptr) {
+ if (__builtin_available(android 30, *)) {
uint32_t flags = ACgroupController_getFlags(controller_);
state_ = (flags & CGROUPRC_CONTROLLER_FLAG_MOUNTED) != 0 ? USABLE : MISSING;
} else {
@@ -172,7 +172,7 @@
auto controller_count = ACgroupFile_getControllerCount();
for (uint32_t i = 0; i < controller_count; ++i) {
const ACgroupController* controller = ACgroupFile_getController(i);
- if (ACgroupController_getFlags != nullptr) {
+ if (__builtin_available(android 30, *)) {
LOG(INFO) << "\t" << ACgroupController_getName(controller) << " ver "
<< ACgroupController_getVersion(controller) << " path "
<< ACgroupController_getPath(controller) << " flags "
diff --git a/libprocessgroup/cgrouprc/include/android/cgrouprc.h b/libprocessgroup/cgrouprc/include/android/cgrouprc.h
index 7e74432..9a79954 100644
--- a/libprocessgroup/cgrouprc/include/android/cgrouprc.h
+++ b/libprocessgroup/cgrouprc/include/android/cgrouprc.h
@@ -28,8 +28,6 @@
struct ACgroupController;
typedef struct ACgroupController ACgroupController;
-#if __ANDROID_API__ >= __ANDROID_API_Q__
-
// ACgroupFile
/**
@@ -71,8 +69,6 @@
#define CGROUPRC_CONTROLLER_FLAG_MOUNTED 0x1
#define CGROUPRC_CONTROLLER_FLAG_NEEDS_ACTIVATION 0x2
-#if __ANDROID_API__ >= __ANDROID_API_R__
-
/**
* Returns the flags bitmask of the given controller.
* If the given controller is null, return 0.
@@ -80,8 +76,6 @@
__attribute__((warn_unused_result, weak)) uint32_t ACgroupController_getFlags(
const ACgroupController*) __INTRODUCED_IN(30);
-#endif
-
/**
* Returns the name of the given controller.
* If the given controller is null, return nullptr.
@@ -97,5 +91,3 @@
__INTRODUCED_IN(29);
__END_DECLS
-
-#endif
diff --git a/libsync/include/ndk/sync.h b/libsync/include/ndk/sync.h
index 2a59e35..38ccb68 100644
--- a/libsync/include/ndk/sync.h
+++ b/libsync/include/ndk/sync.h
@@ -33,8 +33,6 @@
__BEGIN_DECLS
-#if __ANDROID_API__ >= 26
-
/* Fences indicate the status of an asynchronous task. They are initially
* in unsignaled state (0), and make a one-time transition to either signaled
* (1) or error (< 0) state. A sync file is a collection of one or more fences;
@@ -101,8 +99,6 @@
*/
void sync_file_info_free(struct sync_file_info* info) __INTRODUCED_IN(26);
-#endif /* __ANDROID_API__ >= 26 */
-
__END_DECLS
#endif /* ANDROID_SYNC_H */
diff --git a/rootdir/init.rc b/rootdir/init.rc
index 049301d..19c00f9 100644
--- a/rootdir/init.rc
+++ b/rootdir/init.rc
@@ -856,13 +856,6 @@
wait_for_prop apexd.status activated
perform_apex_config
- # Lock the fs-verity keyring, so no more keys can be added
- exec -- /system/bin/fsverity_init --lock
-
- # After apexes are mounted, tell keymaster early boot has ended, so it will
- # stop allowing use of early-boot keys
- exec - system system -- /system/bin/vdc keymaster earlyBootEnded
-
# Special-case /data/media/obb per b/64566063
mkdir /data/media 0770 media_rw media_rw encryption=None
exec - media_rw media_rw -- /system/bin/chattr +F /data/media
@@ -872,15 +865,22 @@
init_user0
+ # Set SELinux security contexts on upgrade or policy update.
+ restorecon --recursive --skip-ce /data
+
+ # After apexes are mounted, tell keymaster early boot has ended, so it will
+ # stop allowing use of early-boot keys
+ exec - system system -- /system/bin/vdc keymaster earlyBootEnded
+
+ # Lock the fs-verity keyring, so no more keys can be added
+ exec -- /system/bin/fsverity_init --lock
+
# Allow apexd to snapshot and restore device encrypted apex data in the case
# of a rollback. This should be done immediately after DE_user data keys
# are loaded. APEXes should not access this data until this has been
# completed and apexd.status becomes "ready".
exec_start apexd-snapshotde
- # Set SELinux security contexts on upgrade or policy update.
- restorecon --recursive --skip-ce /data
-
# Check any timezone data in /data is newer than the copy in the time zone data
# module, delete if not.
exec - system system -- /system/bin/tzdatacheck /apex/com.android.tzdata/etc/tz /data/misc/zoneinfo
diff --git a/trusty/confirmationui/fuzz/fuzz.cpp b/trusty/confirmationui/fuzz/fuzz.cpp
index 9d3008b..df2517c 100644
--- a/trusty/confirmationui/fuzz/fuzz.cpp
+++ b/trusty/confirmationui/fuzz/fuzz.cpp
@@ -14,10 +14,7 @@
* limitations under the License.
*/
-#undef NDEBUG
-
-#include <assert.h>
-#include <log/log.h>
+#include <iostream>
#include <stdlib.h>
#include <trusty/coverage/coverage.h>
#include <trusty/fuzz/counters.h>
@@ -30,6 +27,7 @@
#define TIPC_DEV "/dev/trusty-ipc-dev0"
#define CONFIRMATIONUI_PORT "com.android.trusty.confirmationui"
+#define CONFIRMATIONUI_MODULE_NAME "confirmationui.syms.elf"
/* ConfirmationUI TA's UUID is 7dee2364-c036-425b-b086-df0f6c233c1b */
static struct uuid confirmationui_uuid = {
@@ -48,11 +46,14 @@
uint8_t payload[];
};
-static CoverageRecord record(TIPC_DEV, &confirmationui_uuid);
+static CoverageRecord record(TIPC_DEV, &confirmationui_uuid, CONFIRMATIONUI_MODULE_NAME);
extern "C" int LLVMFuzzerInitialize(int* /* argc */, char*** /* argv */) {
auto ret = record.Open();
- assert(ret.ok());
+ if (!ret.ok()) {
+ std::cerr << ret.error() << std::endl;
+ exit(-1);
+ }
return 0;
}
diff --git a/trusty/coverage/coverage.cpp b/trusty/coverage/coverage.cpp
index 185abe5..5eccdc5 100644
--- a/trusty/coverage/coverage.cpp
+++ b/trusty/coverage/coverage.cpp
@@ -39,6 +39,7 @@
using android::base::ErrnoError;
using android::base::Error;
using std::string;
+using std::to_string;
using std::unique_ptr;
static inline uintptr_t RoundPageUp(uintptr_t val) {
@@ -54,11 +55,11 @@
shm_(NULL),
shm_len_(0) {}
-CoverageRecord::CoverageRecord(string tipc_dev, struct uuid* uuid, string sancov_filename)
+CoverageRecord::CoverageRecord(string tipc_dev, struct uuid* uuid, string module_name)
: tipc_dev_(std::move(tipc_dev)),
coverage_srv_fd_(-1),
uuid_(*uuid),
- sancov_filename_(sancov_filename),
+ sancov_filename_(module_name + "." + to_string(getpid()) + ".sancov"),
record_len_(0),
shm_(NULL),
shm_len_(0) {}
diff --git a/trusty/coverage/include/trusty/coverage/coverage.h b/trusty/coverage/include/trusty/coverage/coverage.h
index ed723f6..5da68da 100644
--- a/trusty/coverage/include/trusty/coverage/coverage.h
+++ b/trusty/coverage/include/trusty/coverage/coverage.h
@@ -43,7 +43,7 @@
* Create a coverage record interface. On destruction, write this coverage
* to the given sancov filename.
*/
- CoverageRecord(std::string tipc_dev, struct uuid* uuid, std::string sancov_filename);
+ CoverageRecord(std::string tipc_dev, struct uuid* uuid, std::string module_name);
~CoverageRecord();
Result<void> Open();
diff --git a/trusty/fuzz/test/fuzz.cpp b/trusty/fuzz/test/fuzz.cpp
index 28bb3f7..e7913db 100644
--- a/trusty/fuzz/test/fuzz.cpp
+++ b/trusty/fuzz/test/fuzz.cpp
@@ -14,15 +14,12 @@
* limitations under the License.
*/
-#undef NDEBUG
-
-#include <assert.h>
-#include <log/log.h>
#include <stdlib.h>
#include <trusty/coverage/coverage.h>
#include <trusty/fuzz/counters.h>
#include <trusty/fuzz/utils.h>
#include <unistd.h>
+#include <iostream>
using android::trusty::coverage::CoverageRecord;
using android::trusty::fuzz::ExtraCounters;
@@ -43,7 +40,10 @@
extern "C" int LLVMFuzzerInitialize(int* /* argc */, char*** /* argv */) {
auto ret = record.Open();
- assert(ret.ok());
+ if (!ret.ok()) {
+ std::cerr << ret.error() << std::endl;
+ exit(-1);
+ }
return 0;
}
diff --git a/trusty/gatekeeper/fuzz/fuzz.cpp b/trusty/gatekeeper/fuzz/fuzz.cpp
index 4d885ce..7bfd7d1 100644
--- a/trusty/gatekeeper/fuzz/fuzz.cpp
+++ b/trusty/gatekeeper/fuzz/fuzz.cpp
@@ -14,15 +14,12 @@
* limitations under the License.
*/
-#undef NDEBUG
-
-#include <assert.h>
-#include <log/log.h>
#include <stdlib.h>
#include <trusty/coverage/coverage.h>
#include <trusty/fuzz/counters.h>
#include <trusty/fuzz/utils.h>
#include <unistd.h>
+#include <iostream>
using android::trusty::coverage::CoverageRecord;
using android::trusty::fuzz::ExtraCounters;
@@ -44,7 +41,10 @@
extern "C" int LLVMFuzzerInitialize(int* /* argc */, char*** /* argv */) {
auto ret = record.Open();
- assert(ret.ok());
+ if (!ret.ok()) {
+ std::cerr << ret.error() << std::endl;
+ exit(-1);
+ }
return 0;
}
diff --git a/trusty/keymaster/fuzz/fuzz.cpp b/trusty/keymaster/fuzz/fuzz.cpp
index 70e19e6..4ac97bb 100644
--- a/trusty/keymaster/fuzz/fuzz.cpp
+++ b/trusty/keymaster/fuzz/fuzz.cpp
@@ -14,10 +14,6 @@
* limitations under the License.
*/
-#undef NDEBUG
-
-#include <assert.h>
-#include <log/log.h>
#include <stdlib.h>
#include <trusty/coverage/coverage.h>
#include <trusty/fuzz/counters.h>
