diff options
| -rw-r--r-- | adb/Android.mk | 16 | ||||
| -rw-r--r-- | adb/adb.h | 1 | ||||
| -rw-r--r-- | adb/adb_auth.h | 1 | ||||
| -rw-r--r-- | adb/adb_auth_host.c | 32 | ||||
| -rw-r--r-- | adb/commandline.c | 15 | ||||
| -rw-r--r-- | adb/disable_verity_service.c | 199 | ||||
| -rw-r--r-- | adb/remount_service.c | 34 | ||||
| -rw-r--r-- | adb/services.c | 2 | ||||
| -rw-r--r-- | adb/sysdeps_win32.c | 1 | ||||
| -rw-r--r-- | adb/usb_windows.c | 1 | ||||
| -rw-r--r-- | fastboot/usb_windows.c | 1 | ||||
| -rw-r--r-- | fs_mgr/Android.mk | 4 | ||||
| -rw-r--r-- | fs_mgr/fs_mgr.c | 29 | ||||
| -rw-r--r-- | fs_mgr/fs_mgr_fstab.c | 5 | ||||
| -rw-r--r-- | fs_mgr/fs_mgr_priv_verity.h | 5 | ||||
| -rw-r--r-- | fs_mgr/fs_mgr_verity.c | 126 | ||||
| -rw-r--r-- | fs_mgr/include/fs_mgr.h | 8 | ||||
| -rw-r--r-- | healthd/BatteryMonitor.cpp | 10 | ||||
| -rw-r--r-- | healthd/healthd.cpp | 3 | ||||
| -rw-r--r-- | healthd/healthd.h | 1 | ||||
| -rw-r--r-- | healthd/healthd_mode_charger.cpp | 74 | ||||
| -rw-r--r-- | include/system/audio.h | 1 | ||||
| -rw-r--r-- | libcutils/native_handle.c | 8 | ||||
| -rw-r--r-- | libcutils/sched_policy.c | 26 | ||||
| -rw-r--r-- | libnativebridge/tests/CompleteFlow_test.cpp | 1 | ||||
| -rw-r--r-- | rootdir/init.rc | 23 | ||||
| -rw-r--r-- | rootdir/ueventd.rc | 1 | ||||
| -rw-r--r-- | toolbox/Android.mk | 1 | ||||
| -rw-r--r-- | toolbox/prlimit.c | 76 |
29 files changed, 553 insertions, 152 deletions
diff --git a/adb/Android.mk b/adb/Android.mk index 3cadee3..24cbce0 100644 --- a/adb/Android.mk +++ b/adb/Android.mk @@ -112,6 +112,7 @@ LOCAL_SRC_FILES := \ jdwp_service.c \ framebuffer_service.c \ remount_service.c \ + disable_verity_service.c \ usb_linux_client.c LOCAL_CFLAGS := \ @@ -126,14 +127,27 @@ ifneq (,$(filter userdebug eng,$(TARGET_BUILD_VARIANT))) LOCAL_CFLAGS += -DALLOW_ADBD_ROOT=1 endif +ifneq (,$(filter userdebug,$(TARGET_BUILD_VARIANT))) +LOCAL_CFLAGS += -DALLOW_ADBD_DISABLE_VERITY=1 +endif + LOCAL_MODULE := adbd LOCAL_FORCE_STATIC_EXECUTABLE := true LOCAL_MODULE_PATH := $(TARGET_ROOT_OUT_SBIN) LOCAL_UNSTRIPPED_PATH := $(TARGET_ROOT_OUT_SBIN_UNSTRIPPED) +LOCAL_C_INCLUDES += system/extras/ext4_utils system/core/fs_mgr/include + +LOCAL_STATIC_LIBRARIES := liblog \ + libfs_mgr \ + libcutils \ + libc \ + libmincrypt \ + libselinux \ + libext4_utils_static -LOCAL_STATIC_LIBRARIES := liblog libcutils libc libmincrypt libselinux LOCAL_ADDITIONAL_DEPENDENCIES := $(LOCAL_PATH)/Android.mk + include $(BUILD_EXECUTABLE) @@ -329,6 +329,7 @@ int handle_forward_request(const char* service, transport_type ttype, char* seri #if !ADB_HOST void framebuffer_service(int fd, void *cookie); void remount_service(int fd, void *cookie); +void disable_verity_service(int fd, void* cookie); #endif /* packet allocator */ diff --git a/adb/adb_auth.h b/adb/adb_auth.h index b24c674..54dd537 100644 --- a/adb/adb_auth.h +++ b/adb/adb_auth.h @@ -18,6 +18,7 @@ #define __ADB_AUTH_H void adb_auth_init(void); +int adb_auth_keygen(const char* filename); void adb_auth_verified(atransport *t); void send_auth_request(atransport *t); diff --git a/adb/adb_auth_host.c b/adb/adb_auth_host.c index c72fe42..a859199 100644 --- a/adb/adb_auth_host.c +++ b/adb/adb_auth_host.c @@ -15,9 +15,12 @@ */ #include <stdio.h> +#include <stdlib.h> #ifdef _WIN32 -# define WIN32_LEAN_AND_MEAN +# ifndef WIN32_LEAN_AND_MEAN +# define WIN32_LEAN_AND_MEAN +# endif # include "windows.h" # include "shlobj.h" #else @@ -114,18 +117,34 @@ out: static void get_user_info(char *buf, size_t len) { char hostname[1024], username[1024]; - int ret; + int ret = -1; + + if (getenv("HOSTNAME") != NULL) { + strncpy(hostname, getenv("HOSTNAME"), sizeof(hostname)); + hostname[sizeof(hostname)-1] = '\0'; + ret = 0; + } #ifndef _WIN32 - ret = gethostname(hostname, sizeof(hostname)); if (ret < 0) + ret = gethostname(hostname, sizeof(hostname)); #endif + if (ret < 0) strcpy(hostname, "unknown"); + ret = -1; + + if (getenv("LOGNAME") != NULL) { + strncpy(username, getenv("LOGNAME"), sizeof(username)); + username[sizeof(username)-1] = '\0'; + ret = 0; + } + #if !defined _WIN32 && !defined ADB_HOST_ON_TARGET - ret = getlogin_r(username, sizeof(username)); if (ret < 0) + ret = getlogin_r(username, sizeof(username)); #endif + if (ret < 0) strcpy(username, "unknown"); ret = snprintf(buf, len, " %s@%s", username, hostname); @@ -436,6 +455,11 @@ int adb_auth_get_userkey(unsigned char *data, size_t len) return ret + 1; } +int adb_auth_keygen(const char* filename) { + adb_trace_mask |= (1 << TRACE_AUTH); + return (generate_key(filename) == 0); +} + void adb_auth_init(void) { int ret; diff --git a/adb/commandline.c b/adb/commandline.c index 23e9ea4..903b818 100644 --- a/adb/commandline.c +++ b/adb/commandline.c @@ -36,6 +36,7 @@ #define TRACE_TAG TRACE_ADB #include "adb.h" #include "adb_client.h" +#include "adb_auth.h" #include "file_sync_service.h" static int do_cmd(transport_type ttype, char* serial, char *cmd, ...); @@ -189,6 +190,10 @@ void help() "\n" " adb restore <file> - restore device contents from the <file> backup archive\n" "\n" + " adb disable-verity - disable dm-verity checking on USERDEBUG builds\n" + " adb keygen <file> - generate adb public/private key. The private key is stored in <file>,\n" + " and the public key is stored in <file>.pub. Any existing files\n" + " are overwritten.\n" " adb help - show this help message\n" " adb version - show version num\n" "\n" @@ -205,8 +210,7 @@ void help() " adb reboot-bootloader - reboots the device into the bootloader\n" " adb root - restarts the adbd daemon with root permissions\n" " adb usb - restarts the adbd daemon listening on USB\n" - " adb tcpip <port> - restarts the adbd daemon listening on TCP on the specified port" - "\n" + " adb tcpip <port> - restarts the adbd daemon listening on TCP on the specified port\n" "networking:\n" " adb ppp <tty> [parameters] - Run PPP over USB.\n" " Note: you should not automatically start a PPP connection.\n" @@ -1442,7 +1446,7 @@ top: if(!strcmp(argv[0], "remount") || !strcmp(argv[0], "reboot") || !strcmp(argv[0], "reboot-bootloader") || !strcmp(argv[0], "tcpip") || !strcmp(argv[0], "usb") - || !strcmp(argv[0], "root")) { + || !strcmp(argv[0], "root") || !strcmp(argv[0], "disable-verity")) { char command[100]; if (!strcmp(argv[0], "reboot-bootloader")) snprintf(command, sizeof(command), "reboot:bootloader"); @@ -1725,6 +1729,11 @@ top: return restore(argc, argv); } + if (!strcmp(argv[0], "keygen")) { + if (argc < 2) return usage(); + return adb_auth_keygen(argv[1]); + } + if (!strcmp(argv[0], "jdwp")) { int fd = adb_connect("jdwp"); if (fd >= 0) { diff --git a/adb/disable_verity_service.c b/adb/disable_verity_service.c new file mode 100644 index 0000000..ed3da52 --- /dev/null +++ b/adb/disable_verity_service.c @@ -0,0 +1,199 @@ +/* + * Copyright (C) 2014 The Android Open Source Project + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +#include "sysdeps.h" + +#define TRACE_TAG TRACE_ADB +#include "adb.h" + +#include <stdio.h> +#include <stdarg.h> +#include <sys/stat.h> +#include <fcntl.h> +#include <inttypes.h> + +#include "cutils/properties.h" +#include "ext4_sb.h" +#include <fs_mgr.h> + +#define FSTAB_PREFIX "/fstab." +struct fstab *fstab; + +__attribute__((__format__(printf, 2, 3))) __nonnull((2)) +static void write_console(int fd, const char* format, ...) +{ + char buffer[256]; + va_list args; + va_start (args, format); + vsnprintf (buffer, sizeof(buffer), format, args); + va_end (args); + + adb_write(fd, buffer, strnlen(buffer, sizeof(buffer))); +} + +static int get_target_device_size(int fd, const char *blk_device, + uint64_t *device_size) +{ + int data_device; + struct ext4_super_block sb; + struct fs_info info; + + info.len = 0; /* Only len is set to 0 to ask the device for real size. */ + + data_device = adb_open(blk_device, O_RDONLY | O_CLOEXEC); + if (data_device < 0) { + write_console(fd, "Error opening block device (%s)\n", strerror(errno)); + return -1; + } + + if (lseek64(data_device, 1024, SEEK_SET) < 0) { + write_console(fd, "Error seeking to superblock\n"); + adb_close(data_device); + return -1; + } + + if (adb_read(data_device, &sb, sizeof(sb)) != sizeof(sb)) { + write_console(fd, "Error reading superblock\n"); + adb_close(data_device); + return -1; + } + + ext4_parse_sb(&sb, &info); + *device_size = info.len; + + adb_close(data_device); + return 0; +} + +static int disable_verity(int fd, const char *block_device, + const char* mount_point) +{ + uint32_t magic_number; + const uint32_t voff = VERITY_METADATA_MAGIC_DISABLE; + uint64_t device_length; + int device; + int retval = -1; + + device = adb_open(block_device, O_RDWR | O_CLOEXEC); + if (device == -1) { + write_console(fd, "Could not open block device %s (%s).\n", + block_device, strerror(errno)); + write_console(fd, "Maybe run adb remount?\n"); + goto errout; + } + + // find the start of the verity metadata + if (get_target_device_size(fd, (char*)block_device, &device_length) < 0) { + write_console(fd, "Could not get target device size.\n"); + goto errout; + } + + if (lseek64(device, device_length, SEEK_SET) < 0) { + write_console(fd, + "Could not seek to start of verity metadata block.\n"); + goto errout; + } + + // check the magic number + if (adb_read(device, &magic_number, sizeof(magic_number)) + != sizeof(magic_number)) { + write_console(fd, "Couldn't read magic number!\n"); + goto errout; + } + + if (magic_number == VERITY_METADATA_MAGIC_DISABLE) { + write_console(fd, "Verity already disabled on %s\n", mount_point); + goto errout; + } + + if (magic_number != VERITY_METADATA_MAGIC_NUMBER) { + write_console(fd, + "Couldn't find verity metadata at offset %"PRIu64"!\n", + device_length); + goto errout; + } + + if (lseek64(device, device_length, SEEK_SET) < 0) { + write_console(fd, + "Could not seek to start of verity metadata block.\n"); + goto errout; + } + + if (adb_write(device, &voff, sizeof(voff)) != sizeof(voff)) { + write_console(fd, "Could not set verity disabled flag on device %s\n", + block_device); + goto errout; + } + + write_console(fd, "Verity disabled on %s\n", mount_point); + retval = 0; +errout: + if (device != -1) + adb_close(device); + return retval; +} + +void disable_verity_service(int fd, void* cookie) +{ +#ifdef ALLOW_ADBD_DISABLE_VERITY + char fstab_filename[PROPERTY_VALUE_MAX + sizeof(FSTAB_PREFIX)]; + char propbuf[PROPERTY_VALUE_MAX]; + int i; + bool any_disabled = false; + + property_get("ro.secure", propbuf, "0"); + if (strcmp(propbuf, "1")) { + write_console(fd, "verity not enabled - ENG build\n"); + goto errout; + } + + property_get("ro.debuggable", propbuf, "0"); + if (strcmp(propbuf, "1")) { + write_console(fd, "verity cannot be disabled - USER build\n"); + goto errout; + } + + property_get("ro.hardware", propbuf, ""); + snprintf(fstab_filename, sizeof(fstab_filename), FSTAB_PREFIX"%s", propbuf); + + fstab = fs_mgr_read_fstab(fstab_filename); + if (!fstab) { + write_console(fd, "Failed to open %s\nMaybe run adb root?\n", + fstab_filename); + goto errout; + } + + /* Loop through entries looking for ones that vold manages */ + for (i = 0; i < fstab->num_entries; i++) { + if(fs_mgr_is_verified(&fstab->recs[i])) { + if (!disable_verity(fd, fstab->recs[i].blk_device, + fstab->recs[i].mount_point)) { + any_disabled = true; + } + } + } + + if (any_disabled) { + write_console(fd, + "Now reboot your device for settings to take effect\n"); + } +#else + write_console(fd, "disable-verity only works for userdebug builds\n"); +#endif + +errout: + adb_close(fd); +} diff --git a/adb/remount_service.c b/adb/remount_service.c index 72d15a1..36367a7 100644 --- a/adb/remount_service.c +++ b/adb/remount_service.c @@ -14,6 +14,8 @@ * limitations under the License. */ +#include "sysdeps.h" + #include <errno.h> #include <fcntl.h> #include <stdio.h> @@ -22,7 +24,7 @@ #include <sys/mount.h> #include <unistd.h> -#include "sysdeps.h" +#include "cutils/properties.h" #define TRACE_TAG TRACE_ADB #include "adb.h" @@ -115,6 +117,36 @@ static void write_string(int fd, const char* str) void remount_service(int fd, void *cookie) { char buffer[200]; + char prop_buf[PROPERTY_VALUE_MAX]; + + bool system_verified = false, vendor_verified = false; + property_get("partition.system.verified", prop_buf, "0"); + if (!strcmp(prop_buf, "1")) { + system_verified = true; + } + + property_get("partition.vendor.verified", prop_buf, "0"); + if (!strcmp(prop_buf, "1")) { + vendor_verified = true; + } + + if (system_verified || vendor_verified) { + // Allow remount but warn of likely bad effects + bool both = system_verified && vendor_verified; + snprintf(buffer, sizeof(buffer), + "dm_verity is enabled on the %s%s%s partition%s.\n", + system_verified ? "system" : "", + both ? " and " : "", + vendor_verified ? "vendor" : "", + both ? "s" : ""); + write_string(fd, buffer); + snprintf(buffer, sizeof(buffer), + "Use \"adb disable-verity\" to disable verity.\n" + "If you do not, remount may succeed, however, you will still " + "not be able to write to these volumes.\n"); + write_string(fd, buffer); + } + if (remount("/system", &system_ro)) { snprintf(buffer, sizeof(buffer), "remount of system failed: %s\n",strerror(errno)); write_string(fd, buffer); diff --git a/adb/services.c b/adb/services.c index bcfc163..703aec8 100644 --- a/adb/services.c +++ b/adb/services.c @@ -469,6 +469,8 @@ int service_to_fd(const char *name) free(cookie); } } + } else if(!strncmp(name, "disable-verity:", 15)) { + ret = create_service_thread(disable_verity_service, NULL); #endif } if (ret >= 0) { diff --git a/adb/sysdeps_win32.c b/adb/sysdeps_win32.c index b082c6d..e69ec2b 100644 --- a/adb/sysdeps_win32.c +++ b/adb/sysdeps_win32.c @@ -2,6 +2,7 @@ #include <winsock2.h> #include <windows.h> #include <stdio.h> +#include <stdlib.h> #include <errno.h> #define TRACE_TAG TRACE_SYSDEPS #include "adb.h" diff --git a/adb/usb_windows.c b/adb/usb_windows.c index b7ad913..a2d7226 100644 --- a/adb/usb_windows.c +++ b/adb/usb_windows.c @@ -21,6 +21,7 @@ #include <usb100.h> #include <adb_api.h> #include <stdio.h> +#include <stdlib.h> #include "sysdeps.h" diff --git a/fastboot/usb_windows.c b/fastboot/usb_windows.c index 0d13863..a09610f 100644 --- a/fastboot/usb_windows.c +++ b/fastboot/usb_windows.c @@ -32,6 +32,7 @@ #include <usb100.h> #include <adb_api.h> #include <stdio.h> +#include <stdlib.h> #include "usb.h" diff --git a/fs_mgr/Android.mk b/fs_mgr/Android.mk index 7cffc37..61bf1ee 100644 --- a/fs_mgr/Android.mk +++ b/fs_mgr/Android.mk @@ -13,6 +13,10 @@ LOCAL_C_INCLUDES += system/extras/ext4_utils LOCAL_EXPORT_C_INCLUDE_DIRS := $(LOCAL_PATH)/include LOCAL_CFLAGS := -Werror +ifneq (,$(filter userdebug,$(TARGET_BUILD_VARIANT))) +LOCAL_CFLAGS += -DALLOW_ADBD_DISABLE_VERITY=1 +endif + include $(BUILD_STATIC_LIBRARY) diff --git a/fs_mgr/fs_mgr.c b/fs_mgr/fs_mgr.c index 91e6c33..d1e92f2 100644 --- a/fs_mgr/fs_mgr.c +++ b/fs_mgr/fs_mgr.c @@ -141,9 +141,10 @@ static void check_fs(char *blk_device, char *fs_type, char *target) } else if (!strcmp(fs_type, "f2fs")) { char *f2fs_fsck_argv[] = { F2FS_FSCK_BIN, + "-f", blk_device }; - INFO("Running %s on %s\n", F2FS_FSCK_BIN, blk_device); + INFO("Running %s -f %s\n", F2FS_FSCK_BIN, blk_device); ret = android_fork_execvp_ext(ARRAY_SIZE(f2fs_fsck_argv), f2fs_fsck_argv, &status, true, LOG_KLOG | LOG_FILE, @@ -245,6 +246,16 @@ static int device_is_debuggable() { return strcmp(value, "1") ? 0 : 1; } +static int device_is_secure() { + int ret = -1; + char value[PROP_VALUE_MAX]; + ret = __system_property_get("ro.secure", value); + /* If error, we want to fail secure */ + if (ret < 0) + return 1; + return strcmp(value, "0") ? 1 : 0; +} + /* * Tries to mount any of the consecutive fstab entries that match * the mountpoint of the one given by fstab->recs[start_idx]. @@ -350,9 +361,11 @@ int fs_mgr_mount_all(struct fstab *fstab) wait_for_file(fstab->recs[i].blk_device, WAIT_TIMEOUT); } - if ((fstab->recs[i].fs_mgr_flags & MF_VERIFY) && - !device_is_debuggable()) { - if (fs_mgr_setup_verity(&fstab->recs[i]) < 0) { + if ((fstab->recs[i].fs_mgr_flags & MF_VERIFY) && device_is_secure()) { + int rc = fs_mgr_setup_verity(&fstab->recs[i]); + if (device_is_debuggable() && rc == FS_MGR_SETUP_VERITY_DISABLED) { + INFO("Verity disabled"); + } else if (rc != FS_MGR_SETUP_VERITY_SUCCESS) { ERROR("Could not set up verified partition, skipping!\n"); continue; } @@ -467,9 +480,11 @@ int fs_mgr_do_mount(struct fstab *fstab, char *n_name, char *n_blk_device, fstab->recs[i].mount_point); } - if ((fstab->recs[i].fs_mgr_flags & MF_VERIFY) && - !device_is_debuggable()) { - if (fs_mgr_setup_verity(&fstab->recs[i]) < 0) { + if ((fstab->recs[i].fs_mgr_flags & MF_VERIFY) && device_is_secure()) { + int rc = fs_mgr_setup_verity(&fstab->recs[i]); + if (device_is_debuggable() && rc == FS_MGR_SETUP_VERITY_DISABLED) { + INFO("Verity disabled"); + } else if (rc != FS_MGR_SETUP_VERITY_SUCCESS) { ERROR("Could not set up verified partition, skipping!\n"); continue; } diff --git a/fs_mgr/fs_mgr_fstab.c b/fs_mgr/fs_mgr_fstab.c index 3f84179..ab8f128 100644 --- a/fs_mgr/fs_mgr_fstab.c +++ b/fs_mgr/fs_mgr_fstab.c @@ -418,6 +418,11 @@ int fs_mgr_is_nonremovable(struct fstab_rec *fstab) return fstab->fs_mgr_flags & MF_NONREMOVABLE; } +int fs_mgr_is_verified(struct fstab_rec *fstab) +{ + return fstab->fs_mgr_flags & MF_VERIFY; +} + int fs_mgr_is_encryptable(struct fstab_rec *fstab) { return fstab->fs_mgr_flags & (MF_CRYPT | MF_FORCECRYPT); diff --git a/fs_mgr/fs_mgr_priv_verity.h b/fs_mgr/fs_mgr_priv_verity.h index 6193784..f90e596 100644 --- a/fs_mgr/fs_mgr_priv_verity.h +++ b/fs_mgr/fs_mgr_priv_verity.h @@ -14,4 +14,7 @@ * limitations under the License. */ -int fs_mgr_setup_verity(struct fstab_rec *fstab);
\ No newline at end of file +#define FS_MGR_SETUP_VERITY_DISABLED -2 +#define FS_MGR_SETUP_VERITY_FAIL -1 +#define FS_MGR_SETUP_VERITY_SUCCESS 0 +int fs_mgr_setup_verity(struct fstab_rec *fstab); diff --git a/fs_mgr/fs_mgr_verity.c b/fs_mgr/fs_mgr_verity.c index 01f7844..51555a1 100644 --- a/fs_mgr/fs_mgr_verity.c +++ b/fs_mgr/fs_mgr_verity.c @@ -43,7 +43,6 @@ #include "fs_mgr_priv_verity.h" #define VERITY_METADATA_SIZE 32768 -#define VERITY_METADATA_MAGIC_NUMBER 0xb001b001 #define VERITY_TABLE_RSA_KEY "/verity_key" extern struct fs_info info; @@ -87,11 +86,11 @@ static RSAPublicKey *load_key(char *path) static int verify_table(char *signature, char *table, int table_length) { RSAPublicKey *key; - uint8_t hash_buf[SHA_DIGEST_SIZE]; + uint8_t hash_buf[SHA256_DIGEST_SIZE]; int retval = -1; // Hash the table - SHA_hash((uint8_t*)table, table_length, hash_buf); + SHA256_hash((uint8_t*)table, table_length, hash_buf); // Now get the public key from the keyfile key = load_key(VERITY_TABLE_RSA_KEY); @@ -105,7 +104,7 @@ static int verify_table(char *signature, char *table, int table_length) (uint8_t*) signature, RSANUMBYTES, (uint8_t*) hash_buf, - SHA_DIGEST_SIZE)) { + SHA256_DIGEST_SIZE)) { ERROR("Couldn't verify table."); goto out; } @@ -125,28 +124,28 @@ static int get_target_device_size(char *blk_device, uint64_t *device_size) info.len = 0; /* Only len is set to 0 to ask the device for real size. */ - data_device = open(blk_device, O_RDONLY); - if (data_device < 0) { + data_device = TEMP_FAILURE_RETRY(open(blk_device, O_RDONLY | O_CLOEXEC)); + if (data_device == -1) { ERROR("Error opening block device (%s)", strerror(errno)); return -1; } - if (lseek64(data_device, 1024, SEEK_SET) < 0) { + if (TEMP_FAILURE_RETRY(lseek64(data_device, 1024, SEEK_SET)) < 0) { ERROR("Error seeking to superblock"); - close(data_device); + TEMP_FAILURE_RETRY(close(data_device)); return -1; } - if (read(data_device, &sb, sizeof(sb)) != sizeof(sb)) { + if (TEMP_FAILURE_RETRY(read(data_device, &sb, sizeof(sb))) != sizeof(sb)) { ERROR("Error reading superblock"); - close(data_device); + TEMP_FAILURE_RETRY(close(data_device)); return -1; } ext4_parse_sb(&sb, &info); *device_size = info.len; - close(data_device); + TEMP_FAILURE_RETRY(close(data_device)); return 0; } @@ -156,11 +155,13 @@ static int read_verity_metadata(char *block_device, char **signature, char **tab unsigned table_length; uint64_t device_length; int protocol_version; - FILE *device; - int retval = -1; + int device; + int retval = FS_MGR_SETUP_VERITY_FAIL; + *signature = 0; + *table = 0; - device = fopen(block_device, "r"); - if (!device) { + device = TEMP_FAILURE_RETRY(open(block_device, O_RDONLY | O_CLOEXEC)); + if (device == -1) { ERROR("Could not open block device %s (%s).\n", block_device, strerror(errno)); goto out; } @@ -170,23 +171,35 @@ static int read_verity_metadata(char *block_device, char **signature, char **tab ERROR("Could not get target device size.\n"); goto out; } - if (fseek(device, device_length, SEEK_SET) < 0) { + if (TEMP_FAILURE_RETRY(lseek64(device, device_length, SEEK_SET)) < 0) { ERROR("Could not seek to start of verity metadata block.\n"); goto out; } // check the magic number - if (!fread(&magic_number, sizeof(int), 1, device)) { + if (TEMP_FAILURE_RETRY(read(device, &magic_number, sizeof(magic_number))) != + sizeof(magic_number)) { ERROR("Couldn't read magic number!\n"); goto out; } + +#ifdef ALLOW_ADBD_DISABLE_VERITY + if (magic_number == VERITY_METADATA_MAGIC_DISABLE) { + retval = FS_MGR_SETUP_VERITY_DISABLED; + INFO("Attempt to cleanly disable verity - only works in USERDEBUG"); + goto out; + } +#endif + if (magic_number != VERITY_METADATA_MAGIC_NUMBER) { - ERROR("Couldn't find verity metadata at offset %"PRIu64"!\n", device_length); + ERROR("Couldn't find verity metadata at offset %"PRIu64"!\n", + device_length); goto out; } // check the protocol version - if (!fread(&protocol_version, sizeof(int), 1, device)) { + if (TEMP_FAILURE_RETRY(read(device, &protocol_version, + sizeof(protocol_version))) != sizeof(protocol_version)) { ERROR("Couldn't read verity metadata protocol version!\n"); goto out; } @@ -196,43 +209,49 @@ static int read_verity_metadata(char *block_device, char **signature, char **tab } // get the signature - *signature = (char*) malloc(RSANUMBYTES * sizeof(char)); + *signature = (char*) malloc(RSANUMBYTES); if (!*signature) { ERROR("Couldn't allocate memory for signature!\n"); goto out; } - if (!fread(*signature, RSANUMBYTES, 1, device)) { + if (TEMP_FAILURE_RETRY(read(device, *signature, RSANUMBYTES)) != RSANUMBYTES) { ERROR("Couldn't read signature from verity metadata!\n"); - free(*signature); goto out; } // get the size of the table - if (!fread(&table_length, sizeof(int), 1, device)) { + if (TEMP_FAILURE_RETRY(read(device, &table_length, sizeof(table_length))) != + sizeof(table_length)) { ERROR("Couldn't get the size of the verity table from metadata!\n"); - free(*signature); goto out; } // get the table + null terminator - table_length += 1; - *table = malloc(table_length); - if(!*table) { + *table = malloc(table_length + 1); + if (!*table) { ERROR("Couldn't allocate memory for verity table!\n"); goto out; } - if (!fgets(*table, table_length, device)) { + if (TEMP_FAILURE_RETRY(read(device, *table, table_length)) != + (ssize_t)table_length) { ERROR("Couldn't read the verity table from metadata!\n"); - free(*table); - free(*signature); goto out; } - retval = 0; + (*table)[table_length] = 0; + retval = FS_MGR_SETUP_VERITY_SUCCESS; out: - if (device) - fclose(device); + if (device != -1) + TEMP_FAILURE_RETRY(close(device)); + + if (retval != FS_MGR_SETUP_VERITY_SUCCESS) { + free(*table); + free(*signature); + *table = 0; + *signature = 0; + } + return retval; } @@ -359,11 +378,12 @@ static int set_verified_property(char *name) { int fs_mgr_setup_verity(struct fstab_rec *fstab) { - int retval = -1; + int retval = FS_MGR_SETUP_VERITY_FAIL; + int fd = -1; - char *verity_blk_name; - char *verity_table; - char *verity_table_signature; + char *verity_blk_name = 0; + char *verity_table = 0; + char *verity_table_signature = 0; char buffer[DM_BUF_SIZE]; struct dm_ioctl *io = (struct dm_ioctl *) buffer; @@ -380,11 +400,21 @@ int fs_mgr_setup_verity(struct fstab_rec *fstab) { return retval; } + // read the verity block at the end of the block device + // send error code up the chain so we can detect attempts to disable verity + retval = read_verity_metadata(fstab->blk_device, + &verity_table_signature, + &verity_table); + if (retval < 0) { + goto out; + } + + retval = FS_MGR_SETUP_VERITY_FAIL; + // get the device mapper fd - int fd; if ((fd = open("/dev/device-mapper", O_RDWR)) < 0) { ERROR("Error opening device mapper (%s)", strerror(errno)); - return retval; + goto out; } // create the device @@ -399,14 +429,6 @@ int fs_mgr_setup_verity(struct fstab_rec *fstab) { goto out; } - verity_table = verity_table_signature = NULL; - // read the verity block at the end of the block device - if (read_verity_metadata(fstab->blk_device, - &verity_table_signature, - &verity_table) < 0) { - goto out; - } - // verify the signature on the table if (verify_table(verity_table_signature, verity_table, @@ -427,6 +449,7 @@ int fs_mgr_setup_verity(struct fstab_rec *fstab) { // assign the new verity block device as the block device free(fstab->blk_device); fstab->blk_device = verity_blk_name; + verity_blk_name = 0; // make sure we've set everything up properly if (test_access(fstab->blk_device) < 0) { @@ -437,6 +460,13 @@ int fs_mgr_setup_verity(struct fstab_rec *fstab) { retval = set_verified_property(mount_point); out: - close(fd); + if (fd != -1) { + close(fd); + } + + free(verity_table); + free(verity_table_signature); + free(verity_blk_name); + return retval; } diff --git a/fs_mgr/include/fs_mgr.h b/fs_mgr/include/fs_mgr.h index 0c7eb20..5e2ff41 100644 --- a/fs_mgr/include/fs_mgr.h +++ b/fs_mgr/include/fs_mgr.h @@ -20,6 +20,13 @@ #include <stdint.h> #include <linux/dm-ioctl.h> +// Magic number at start of verity metadata +#define VERITY_METADATA_MAGIC_NUMBER 0xb001b001 + +// Replacement magic number at start of verity metadata to cleanly +// turn verity off in userdebug builds. +#define VERITY_METADATA_MAGIC_DISABLE 0x46464f56 // "VOFF" + #ifdef __cplusplus extern "C" { #endif @@ -74,6 +81,7 @@ int fs_mgr_add_entry(struct fstab *fstab, struct fstab_rec *fs_mgr_get_entry_for_mount_point(struct fstab *fstab, const char *path); int fs_mgr_is_voldmanaged(struct fstab_rec *fstab); int fs_mgr_is_nonremovable(struct fstab_rec *fstab); +int fs_mgr_is_verified(struct fstab_rec *fstab); int fs_mgr_is_encryptable(struct fstab_rec *fstab); int fs_mgr_is_noemulatedsd(struct fstab_rec *fstab); int fs_mgr_swapon_all(struct fstab *fstab); diff --git a/healthd/BatteryMonitor.cpp b/healthd/BatteryMonitor.cpp index 4a6b702..9388ed0 100644 --- a/healthd/BatteryMonitor.cpp +++ b/healthd/BatteryMonitor.cpp @@ -265,10 +265,10 @@ bool BatteryMonitor::update(void) { "battery none"); } - KLOG_INFO(LOG_TAG, "%s chg=%s%s%s\n", dmesgline, - props.chargerAcOnline ? "a" : "", - props.chargerUsbOnline ? "u" : "", - props.chargerWirelessOnline ? "w" : ""); + KLOG_WARNING(LOG_TAG, "%s chg=%s%s%s\n", dmesgline, + props.chargerAcOnline ? "a" : "", + props.chargerUsbOnline ? "u" : "", + props.chargerWirelessOnline ? "w" : ""); } healthd_mode_ops->battery_update(&props); @@ -512,7 +512,7 @@ void BatteryMonitor::init(struct healthd_config *hc) { if (!mChargerNames.size()) KLOG_ERROR(LOG_TAG, "No charger supplies found\n"); if (!mBatteryDevicePresent) { - KLOG_INFO(LOG_TAG, "No battery devices found\n"); + KLOG_WARNING(LOG_TAG, "No battery devices found\n"); hc->periodic_chores_interval_fast = -1; hc->periodic_chores_interval_slow = -1; } else { diff --git a/healthd/healthd.cpp b/healthd/healthd.cpp index 30a4b42..f4171bd 100644 --- a/healthd/healthd.cpp +++ b/healthd/healthd.cpp @@ -53,6 +53,7 @@ static struct healthd_config healthd_config = { .batteryCurrentAvgPath = String8(String8::kEmptyString), .batteryChargeCounterPath = String8(String8::kEmptyString), .energyCounter = NULL, + .screen_on = NULL, }; static int eventct; @@ -314,8 +315,8 @@ static int healthd_init() { return -1; } - healthd_mode_ops->init(&healthd_config); healthd_board_init(&healthd_config); + healthd_mode_ops->init(&healthd_config); wakealarm_init(); uevent_init(); gBatteryMonitor = new BatteryMonitor(); diff --git a/healthd/healthd.h b/healthd/healthd.h index 972e728..4704f0b 100644 --- a/healthd/healthd.h +++ b/healthd/healthd.h @@ -67,6 +67,7 @@ struct healthd_config { android::String8 batteryChargeCounterPath; int (*energyCounter)(int64_t *); + bool (*screen_on)(android::BatteryProperties *props); }; // Global helper functions diff --git a/healthd/healthd_mode_charger.cpp b/healthd/healthd_mode_charger.cpp index 394feb8..5039649 100644 --- a/healthd/healthd_mode_charger.cpp +++ b/healthd/healthd_mode_charger.cpp @@ -68,14 +68,13 @@ char *locale; #define UNPLUGGED_SHUTDOWN_TIME (10 * MSEC_PER_SEC) #define BATTERY_FULL_THRESH 95 -#define SCREEN_ON_BATTERY_THRESH 0 #define LAST_KMSG_PATH "/proc/last_kmsg" #define LAST_KMSG_PSTORE_PATH "/sys/fs/pstore/console-ramoops" #define LAST_KMSG_MAX_SZ (32 * 1024) #define LOGE(x...) do { KLOG_ERROR("charger", x); } while (0) -#define LOGI(x...) do { KLOG_INFO("charger", x); } while (0) +#define LOGW(x...) do { KLOG_WARNING("charger", x); } while (0) #define LOGV(x...) do { KLOG_DEBUG("charger", x); } while (0) struct key_state { @@ -109,7 +108,6 @@ struct animation { struct charger { bool have_battery_state; bool charger_connected; - int capacity; int64_t next_screen_transition; int64_t next_key_check; int64_t next_pwr_check; @@ -170,7 +168,8 @@ static struct animation battery_animation = { }; static struct charger charger_state; - +static struct healthd_config *healthd_config; +static struct android::BatteryProperties *batt_prop; static int char_width; static int char_height; static bool minui_inited; @@ -198,15 +197,15 @@ static void dump_last_kmsg(void) unsigned sz = 0; int len; - LOGI("\n"); - LOGI("*************** LAST KMSG ***************\n"); - LOGI("\n"); + LOGW("\n"); + LOGW("*************** LAST KMSG ***************\n"); + LOGW("\n"); buf = (char *)load_file(LAST_KMSG_PSTORE_PATH, &sz); if (!buf || !sz) { buf = (char *)load_file(LAST_KMSG_PATH, &sz); if (!buf || !sz) { - LOGI("last_kmsg not found. Cold reset?\n"); + LOGW("last_kmsg not found. Cold reset?\n"); goto out; } } @@ -225,7 +224,7 @@ static void dump_last_kmsg(void) yoink = ptr[cnt]; ptr[cnt] = '\0'; - klog_write(6, "<6>%s", ptr); + klog_write(6, "<4>%s", ptr); ptr[cnt] = yoink; len -= cnt; @@ -235,14 +234,9 @@ static void dump_last_kmsg(void) free(buf); out: - LOGI("\n"); - LOGI("************* END LAST KMSG *************\n"); - LOGI("\n"); -} - -static int get_battery_capacity() -{ - return charger_state.capacity; + LOGW("\n"); + LOGW("************* END LAST KMSG *************\n"); + LOGW("\n"); } #ifdef CHARGER_ENABLE_SUSPEND @@ -357,15 +351,16 @@ static void update_screen_state(struct charger *charger, int64_t now) return; if (!minui_inited) { - int batt_cap = get_battery_capacity(); - - if (batt_cap < SCREEN_ON_BATTERY_THRESH) { - LOGV("[%" PRId64 "] level %d, leave screen off\n", now, batt_cap); - batt_anim->run = false; - charger->next_screen_transition = -1; - if (charger->charger_connected) - request_suspend(true); - return; + + if (healthd_config && healthd_config->screen_on) { + if (!healthd_config->screen_on(batt_prop)) { + LOGV("[%" PRId64 "] leave screen off\n", now); + batt_anim->run = false; + charger->next_screen_transition = -1; + if (charger->charger_connected) + request_suspend(true); + return; + } } gr_init(); @@ -392,17 +387,15 @@ static void update_screen_state(struct charger *charger, int64_t now) /* animation starting, set up the animation */ if (batt_anim->cur_frame == 0) { - int batt_cap; int ret; LOGV("[%" PRId64 "] animation starting\n", now); - batt_cap = get_battery_capacity(); - if (batt_cap >= 0 && batt_anim->num_frames != 0) { + if (batt_prop && batt_prop->batteryLevel >= 0 && batt_anim->num_frames != 0) { int i; /* find first frame given current capacity */ for (i = 1; i < batt_anim->num_frames; i++) { - if (batt_cap < batt_anim->frames[i].min_capacity) + if (batt_prop->batteryLevel < batt_anim->frames[i].min_capacity) break; } batt_anim->cur_frame = i - 1; @@ -410,8 +403,8 @@ static void update_screen_state(struct charger *charger, int64_t now) /* show the first frame for twice as long */ disp_time = batt_anim->frames[batt_anim->cur_frame].disp_time * 2; } - - batt_anim->capacity = batt_cap; + if (batt_prop) + batt_anim->capacity = batt_prop->batteryLevel; } /* unblank the screen on first cycle */ @@ -527,10 +520,10 @@ static void process_key(struct charger *charger, int code, int64_t now) all devices. Check the property and continue booting or reboot accordingly. */ if (property_get_bool("ro.enable_boot_charger_mode", false)) { - LOGI("[%" PRId64 "] booting from charger mode\n", now); + LOGW("[%" PRId64 "] booting from charger mode\n", now); property_set("sys.boot_from_charger_mode", "1"); } else { - LOGI("[%" PRId64 "] rebooting\n", now); + LOGW("[%" PRId64 "] rebooting\n", now); android_reboot(ANDROID_RB_RESTART, 0, 0); } } else { @@ -568,10 +561,10 @@ static void handle_power_supply_state(struct charger *charger, int64_t now) request_suspend(false); if (charger->next_pwr_check == -1) { charger->next_pwr_check = now + UNPLUGGED_SHUTDOWN_TIME; - LOGI("[%" PRId64 "] device unplugged: shutting down in %" PRId64 " (@ %" PRId64 ")\n", + LOGW("[%" PRId64 "] device unplugged: shutting down in %" PRId64 " (@ %" PRId64 ")\n", now, (int64_t)UNPLUGGED_SHUTDOWN_TIME, charger->next_pwr_check); } else if (now >= charger->next_pwr_check) { - LOGI("[%" PRId64 "] shutting down\n", now); + LOGW("[%" PRId64 "] shutting down\n", now); android_reboot(ANDROID_RB_POWEROFF, 0, 0); } else { /* otherwise we already have a shutdown timer scheduled */ @@ -579,7 +572,7 @@ static void handle_power_supply_state(struct charger *charger, int64_t now) } else { /* online supply present, reset shutdown timer if set */ if (charger->next_pwr_check != -1) { - LOGI("[%" PRId64 "] device plugged in: shutdown cancelled\n", now); + LOGW("[%" PRId64 "] device plugged in: shutdown cancelled\n", now); kick_animation(charger->batt_anim); } charger->next_pwr_check = -1; @@ -609,7 +602,6 @@ void healthd_mode_charger_battery_update( charger->charger_connected = props->chargerAcOnline || props->chargerUsbOnline || props->chargerWirelessOnline; - charger->capacity = props->batteryLevel; if (!charger->have_battery_state) { charger->have_battery_state = true; @@ -617,6 +609,7 @@ void healthd_mode_charger_battery_update( reset_animation(charger->batt_anim); kick_animation(charger->batt_anim); } + batt_prop = props; } int healthd_mode_charger_preparetowait(void) @@ -669,7 +662,7 @@ static void charger_event_handler(uint32_t /*epevents*/) ev_dispatch(); } -void healthd_mode_charger_init(struct healthd_config* /*config*/) +void healthd_mode_charger_init(struct healthd_config* config) { int ret; struct charger *charger = &charger_state; @@ -678,7 +671,7 @@ void healthd_mode_charger_init(struct healthd_config* /*config*/) dump_last_kmsg(); - LOGI("--------------- STARTING CHARGER MODE ---------------\n"); + LOGW("--------------- STARTING CHARGER MODE ---------------\n"); ret = ev_init(input_callback, charger); if (!ret) { @@ -717,4 +710,5 @@ void healthd_mode_charger_init(struct healthd_config* /*config*/) charger->next_screen_transition = -1; charger->next_key_check = -1; charger->next_pwr_check = -1; + healthd_config = config; } diff --git a/include/system/audio.h b/include/system/audio.h index 9a25cfb..df454ff 100644 --- a/include/system/audio.h +++ b/include/system/audio.h @@ -135,6 +135,7 @@ typedef enum { /* play the mix captured by this audio source. */ AUDIO_SOURCE_CNT, AUDIO_SOURCE_MAX = AUDIO_SOURCE_CNT - 1, + AUDIO_SOURCE_FM_TUNER = 1998, AUDIO_SOURCE_HOTWORD = 1999, /* A low-priority, preemptible audio source for for background software hotword detection. Same tuning as AUDIO_SOURCE_VOICE_RECOGNITION. diff --git a/libcutils/native_handle.c b/libcutils/native_handle.c index 4089968..9a4a5bb 100644 --- a/libcutils/native_handle.c +++ b/libcutils/native_handle.c @@ -30,9 +30,11 @@ native_handle_t* native_handle_create(int numFds, int numInts) native_handle_t* h = malloc( sizeof(native_handle_t) + sizeof(int)*(numFds+numInts)); - h->version = sizeof(native_handle_t); - h->numFds = numFds; - h->numInts = numInts; + if (h) { + h->version = sizeof(native_handle_t); + h->numFds = numFds; + h->numInts = numInts; + } return h; } diff --git a/libcutils/sched_policy.c b/libcutils/sched_policy.c index d3cedd4..e07bbbd 100644 --- a/libcutils/sched_policy.c +++ b/libcutils/sched_policy.c @@ -45,8 +45,6 @@ static inline SchedPolicy _policy(SchedPolicy p) #define POLICY_DEBUG 0 -#define CAN_SET_SP_SYSTEM 0 // non-zero means to implement set_sched_policy(tid, SP_SYSTEM) - // This prctl is only available in Android kernels. #define PR_SET_TIMERSLACK_PID 41 @@ -60,9 +58,6 @@ static int __sys_supports_schedgroups = -1; // File descriptors open to /dev/cpuctl/../tasks, setup by initialize, or -1 on error. static int bg_cgroup_fd = -1; static int fg_cgroup_fd = -1; -#if CAN_SET_SP_SYSTEM -static int system_cgroup_fd = -1; -#endif /* Add tid to the scheduling group defined by the policy */ static int add_tid_to_cgroup(int tid, SchedPolicy policy) @@ -78,11 +73,6 @@ static int add_tid_to_cgroup(int tid, SchedPolicy policy) case SP_AUDIO_SYS: fd = fg_cgroup_fd; break; -#if CAN_SET_SP_SYSTEM - case SP_SYSTEM: - fd = system_cgroup_fd; - break; -#endif default: fd = -1; break; @@ -123,21 +113,13 @@ static void __initialize(void) { if (!access("/dev/cpuctl/tasks", F_OK)) { __sys_supports_schedgroups = 1; -#if CAN_SET_SP_SYSTEM filename = "/dev/cpuctl/tasks"; - system_cgroup_fd = open(filename, O_WRONLY | O_CLOEXEC); - if (system_cgroup_fd < 0) { - SLOGV("open of %s failed: %s\n", filename, strerror(errno)); - } -#endif - - filename = "/dev/cpuctl/apps/tasks"; fg_cgroup_fd = open(filename, O_WRONLY | O_CLOEXEC); if (fg_cgroup_fd < 0) { SLOGE("open of %s failed: %s\n", filename, strerror(errno)); } - filename = "/dev/cpuctl/apps/bg_non_interactive/tasks"; + filename = "/dev/cpuctl/bg_non_interactive/tasks"; bg_cgroup_fd = open(filename, O_WRONLY | O_CLOEXEC); if (bg_cgroup_fd < 0) { SLOGE("open of %s failed: %s\n", filename, strerror(errno)); @@ -231,11 +213,9 @@ int get_sched_policy(int tid, SchedPolicy *policy) if (getSchedulerGroup(tid, grpBuf, sizeof(grpBuf)) < 0) return -1; if (grpBuf[0] == '\0') { - *policy = SP_SYSTEM; - } else if (!strcmp(grpBuf, "apps/bg_non_interactive")) { - *policy = SP_BACKGROUND; - } else if (!strcmp(grpBuf, "apps")) { *policy = SP_FOREGROUND; + } else if (!strcmp(grpBuf, "bg_non_interactive")) { + *policy = SP_BACKGROUND; } else { errno = ERANGE; return -1; diff --git a/libnativebridge/tests/CompleteFlow_test.cpp b/libnativebridge/tests/CompleteFlow_test.cpp index cf06d2c..b033792 100644 --- a/libnativebridge/tests/CompleteFlow_test.cpp +++ b/libnativebridge/tests/CompleteFlow_test.cpp @@ -36,6 +36,7 @@ TEST_F(NativeBridgeTest, CompleteFlow) { // Unload UnloadNativeBridge(); + ASSERT_FALSE(NativeBridgeAvailable()); ASSERT_FALSE(NativeBridgeError()); diff --git a/rootdir/init.rc b/rootdir/init.rc index 9093b54..cbcb842 100644 --- a/rootdir/init.rc +++ b/rootdir/init.rc @@ -119,25 +119,18 @@ on init mount cgroup none /dev/cpuctl cpu chown system system /dev/cpuctl chown system system /dev/cpuctl/tasks - chmod 0660 /dev/cpuctl/tasks + chmod 0666 /dev/cpuctl/tasks write /dev/cpuctl/cpu.shares 1024 - write /dev/cpuctl/cpu.rt_runtime_us 950000 + write /dev/cpuctl/cpu.rt_runtime_us 800000 write /dev/cpuctl/cpu.rt_period_us 1000000 - mkdir /dev/cpuctl/apps - chown system system /dev/cpuctl/apps/tasks - chmod 0666 /dev/cpuctl/apps/tasks - write /dev/cpuctl/apps/cpu.shares 1024 - write /dev/cpuctl/apps/cpu.rt_runtime_us 800000 - write /dev/cpuctl/apps/cpu.rt_period_us 1000000 - - mkdir /dev/cpuctl/apps/bg_non_interactive - chown system system /dev/cpuctl/apps/bg_non_interactive/tasks - chmod 0666 /dev/cpuctl/apps/bg_non_interactive/tasks + mkdir /dev/cpuctl/bg_non_interactive + chown system system /dev/cpuctl/bg_non_interactive/tasks + chmod 0666 /dev/cpuctl/bg_non_interactive/tasks # 5.0 % - write /dev/cpuctl/apps/bg_non_interactive/cpu.shares 52 - write /dev/cpuctl/apps/bg_non_interactive/cpu.rt_runtime_us 700000 - write /dev/cpuctl/apps/bg_non_interactive/cpu.rt_period_us 1000000 + write /dev/cpuctl/bg_non_interactive/cpu.shares 52 + write /dev/cpuctl/bg_non_interactive/cpu.rt_runtime_us 700000 + write /dev/cpuctl/bg_non_interactive/cpu.rt_period_us 1000000 # qtaguid will limit access to specific data based on group memberships. # net_bw_acct grants impersonation of socket owners. diff --git a/rootdir/ueventd.rc b/rootdir/ueventd.rc index eff24c3..474f630 100644 --- a/rootdir/ueventd.rc +++ b/rootdir/ueventd.rc @@ -88,6 +88,7 @@ subsystem adf /dev/ppp 0660 radio vpn # sysfs properties +/sys/devices/platform/trusty.* trusty_version 0440 root log /sys/devices/virtual/input/input* enable 0660 root input /sys/devices/virtual/input/input* poll_delay 0660 root input /sys/devices/virtual/usb_composite/* enable 0664 root system diff --git a/toolbox/Android.mk b/toolbox/Android.mk index bc15aa8..d14bc79 100644 --- a/toolbox/Android.mk +++ b/toolbox/Android.mk @@ -145,6 +145,7 @@ OUR_TOOLS := \ nohup \ notify \ ps \ + prlimit \ readlink \ renice \ restorecon \ diff --git a/toolbox/prlimit.c b/toolbox/prlimit.c new file mode 100644 index 0000000..8cf202a --- /dev/null +++ b/toolbox/prlimit.c @@ -0,0 +1,76 @@ +/* + * Copyright (c) 2014, The Android Open Source Project + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * * Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * * Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in + * the documentation and/or other materials provided with the + * distribution. + * * Neither the name of Google, Inc. nor the names of its contributors + * may be used to endorse or promote products derived from this + * software without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS + * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT + * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS + * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE + * COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, + * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, + * BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS + * OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED + * AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, + * OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT + * OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + */ + +#include <stdio.h> +#include <unistd.h> +#include <stdlib.h> +#include <sys/time.h> +#include <sys/resource.h> + +static void +usage(const char *s) +{ + fprintf(stderr, "usage: %s pid resource cur max\n", s); + exit(EXIT_FAILURE); +} + +int prlimit_main(int argc, char *argv[]) +{ + pid_t pid; + struct rlimit64 rl; + int resource; + int rc; + + if (argc != 5) + usage(*argv); + + if (sscanf(argv[1], "%d", &pid) != 1) + usage(*argv); + + if (sscanf(argv[2], "%d", &resource) != 1) + usage(*argv); + + if (sscanf(argv[3], "%llu", &rl.rlim_cur) != 1) + usage(*argv); + + if (sscanf(argv[4], "%llu", &rl.rlim_max) != 1) + usage(*argv); + + printf("setting resource %d of pid %d to [%llu,%llu]\n", resource, pid, + rl.rlim_cur, rl.rlim_max); + rc = prlimit64(pid, resource, &rl, NULL); + if (rc < 0) { + perror("prlimit"); + exit(EXIT_FAILURE); + } + + return 0; +} |