From 385baf27de2df962555ef38e07e163183579a5ec Mon Sep 17 00:00:00 2001 From: chapin Date: Mon, 1 Feb 2021 22:29:59 +0000 Subject: [PATCH 01/20] Revert "Remove ART APEX from the bootstrap apexes" Revert submission 1563392-remove_art_from_bootstrap Reason for revert: Bug: 179002105 Reverted Changes: I65e2a2089:Remove ART APEX from the bootstrap apexes Ic20df80e2:Remove ART APEX from the bootstrap apexes Change-Id: I474ab95805c5ca28e0bba91f3d226e8db5a7a9ea (cherry picked from commit 6d869dd6abb2dab2997ec8344948cffd8928521b) --- init/service.cpp | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/init/service.cpp b/init/service.cpp index cfb82842de9f..f6ce094ef444 100644 --- a/init/service.cpp +++ b/init/service.cpp @@ -127,7 +127,8 @@ static bool ExpandArgsAndExecv(const std::vector& args, bool sigsto static bool AreRuntimeApexesReady() { struct stat buf; - return stat("/apex/com.android.runtime/", &buf) == 0; + return stat("/apex/com.android.art/", &buf) == 0 && + stat("/apex/com.android.runtime/", &buf) == 0; } unsigned long Service::next_start_order_ = 1; From 7744fd8dec3d623d68f802151cc8cb186c0770e9 Mon Sep 17 00:00:00 2001 From: chapin Date: Mon, 1 Feb 2021 22:29:59 +0000 Subject: [PATCH 02/20] Revert "Remove ART APEX from the bootstrap apexes" Revert submission 1563392-remove_art_from_bootstrap Reason for revert: Bug: 179002105 Reverted Changes: I65e2a2089:Remove ART APEX from the bootstrap apexes Ic20df80e2:Remove ART APEX from the bootstrap apexes Change-Id: I474ab95805c5ca28e0bba91f3d226e8db5a7a9ea (cherry picked from commit 6d869dd6abb2dab2997ec8344948cffd8928521b) --- init/service.cpp | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/init/service.cpp b/init/service.cpp index cfb82842de9f..f6ce094ef444 100644 --- a/init/service.cpp +++ b/init/service.cpp @@ -127,7 +127,8 @@ static bool ExpandArgsAndExecv(const std::vector& args, bool sigsto static bool AreRuntimeApexesReady() { struct stat buf; - return stat("/apex/com.android.runtime/", &buf) == 0; + return stat("/apex/com.android.art/", &buf) == 0 && + stat("/apex/com.android.runtime/", &buf) == 0; } unsigned long Service::next_start_order_ = 1; From 8f8f5ed6efc4200a469720a2b4e76997131d2ea0 Mon Sep 17 00:00:00 2001 From: Orion Hodson Date: Thu, 18 Mar 2021 16:57:04 +0000 Subject: [PATCH 03/20] Revert "Exec_start derive_classpath on post-fs-data." Revert "Introduce derive_classpath service." Revert "Introduce derive_classpath." Revert submission 1602413-derive_classpath Bug: 180105615 Fix: 183079517 Reason for revert: SELinux failure leading to *CLASSPATH variables not being set in all builds Reverted Changes: I6e3c64e7a:Introduce derive_classpath service. I60c539a8f:Exec_start derive_classpath on post-fs-data. I4150de69f:Introduce derive_classpath. Change-Id: Iefbe057ba45091a1675326e3d5db3f39cc3e2820 (cherry picked from commit 9ebc6085da8cf991e7e147a36a024bc69719d816) --- rootdir/init.rc | 10 +++------- 1 file changed, 3 insertions(+), 7 deletions(-) diff --git a/rootdir/init.rc b/rootdir/init.rc index 6b8868b59885..11b3da7d35d9 100644 --- a/rootdir/init.rc +++ b/rootdir/init.rc @@ -884,12 +884,9 @@ on post-fs-data wait_for_prop apexd.status activated perform_apex_config - # Define and export *CLASSPATH variables - mkdir /data/system/environ 0700 system system - # Must start before 'odsign', as odsign depends on *CLASSPATH variables - exec_start derive_classpath - load_exports /data/system/environ/classpath - rm /data/system/environ/classpath + # Export *CLASSPATH variables from /etc/classpath + # TODO(b/180105615): export from the generated file instead. + load_exports /etc/classpath # Special-case /data/media/obb per b/64566063 mkdir /data/media 0770 media_rw media_rw encryption=None @@ -905,7 +902,6 @@ on post-fs-data # Start the on-device signing daemon, and wait for it to finish, to ensure # ART artifacts are generated if needed. - # Must start after 'derive_classpath' to have *CLASSPATH variables set. exec_start odsign # After apexes are mounted, tell keymaster early boot has ended, so it will From cfdf5c082ebe14fdabd758cef4cd21f97d850377 Mon Sep 17 00:00:00 2001 From: William Bellavance Date: Tue, 30 Aug 2016 08:04:38 -0400 Subject: [PATCH 04/20] init: don't skip starting a service with no domain if permissive Requires external/libselinux change as well [Adrian DC] Preserve the log while permissive Change-Id: I3f2887930e15d09014c2594141ba4acbbc8d6d9d --- init/service.cpp | 17 ++++++++++------- 1 file changed, 10 insertions(+), 7 deletions(-) diff --git a/init/service.cpp b/init/service.cpp index c3069f5b2b59..8c8aebd94d07 100644 --- a/init/service.cpp +++ b/init/service.cpp @@ -88,13 +88,16 @@ static Result ComputeContextFromExecutable(const std::string& servi free(new_con); } if (rc == 0 && computed_context == mycon.get()) { - return Error() << "File " << service_path << "(labeled \"" << filecon.get() - << "\") has incorrect label or no domain transition from " << mycon.get() - << " to another SELinux domain defined. Have you configured your " - "service correctly? https://source.android.com/security/selinux/" - "device-policy#label_new_services_and_address_denials. Note: this " - "error shows up even in permissive mode in order to make auditing " - "denials possible."; + std::string error = StringPrintf( + "File %s (labeled \"%s\") has incorrect label or no domain transition from %s to " + "another SELinux domain defined. Have you configured your " + "service correctly? https://source.android.com/security/selinux/" + "device-policy#label_new_services_and_address_denials", + service_path.c_str(), filecon.get(), mycon.get()); + if (selinux_status_getenforce() > 0) { + return Error() << error; + } + LOG(ERROR) << error; } if (rc < 0) { return Error() << "Could not get process context"; From a38d9492f7d37332327ccabd61bd2dfef3803a7b Mon Sep 17 00:00:00 2001 From: David Ng Date: Mon, 23 Sep 2013 18:50:24 -0700 Subject: [PATCH 05/20] init: Add vendor-specific initialization hooks. Allow optional vendor-specific initializations within init. This can be used for runtime initialization setup that init rc scripts do not support. [PIG]: Convert lineage product variables to soong config variables Change-Id: I7623a0d59b18f9ec8e3623958e2f7ccd72b877bf --- init/Android.bp | 9 +++++++++ init/NOTICE | 26 ++++++++++++++++++++++++++ init/property_service.cpp | 4 ++++ init/vendor_init.cpp | 37 +++++++++++++++++++++++++++++++++++++ init/vendor_init.h | 33 +++++++++++++++++++++++++++++++++ 5 files changed, 109 insertions(+) create mode 100644 init/vendor_init.cpp create mode 100644 init/vendor_init.h diff --git a/init/Android.bp b/init/Android.bp index 7eeafa24b8b0..69f8815ed80d 100644 --- a/init/Android.bp +++ b/init/Android.bp @@ -89,6 +89,14 @@ init_host_sources = [ "host_init_verifier.cpp", ] +cc_library_static { + name: "vendor_init", + recovery_available: true, + srcs: [ + "vendor_init.cpp", + ], +} + cc_defaults { name: "init_defaults", sanitize: { @@ -182,6 +190,7 @@ cc_library_static { defaults: [ "init_defaults", "selinux_policy_version", + "vendor_init_defaults", ], srcs: init_common_sources + init_device_sources, generated_sources: [ diff --git a/init/NOTICE b/init/NOTICE index c5b1efa7aac7..383d0f5418a6 100644 --- a/init/NOTICE +++ b/init/NOTICE @@ -188,3 +188,29 @@ END OF TERMS AND CONDITIONS +Copyright (c) 2013, The Linux Foundation. All rights reserved. + +Redistribution and use in source and binary forms, with or without +modification, are permitted provided that the following conditions are +met: + * Redistributions of source code must retain the above copyright + notice, this list of conditions and the following disclaimer. + * Redistributions in binary form must reproduce the above + copyright notice, this list of conditions and the following + disclaimer in the documentation and/or other materials provided + with the distribution. + * Neither the name of The Linux Foundation nor the names of its + contributors may be used to endorse or promote products derived + from this software without specific prior written permission. + +THIS SOFTWARE IS PROVIDED "AS IS" AND ANY EXPRESS OR IMPLIED +WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF +MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NON-INFRINGEMENT +ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS +BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR +CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF +SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR +BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, +WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE +OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN +IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. diff --git a/init/property_service.cpp b/init/property_service.cpp index 2d67bf5d7722..5a8fc5418279 100644 --- a/init/property_service.cpp +++ b/init/property_service.cpp @@ -73,6 +73,7 @@ #include "subcontext.h" #include "system/core/init/property_service.pb.h" #include "util.h" +#include "vendor_init.h" using namespace std::literals; @@ -1097,6 +1098,9 @@ void PropertyLoadBootDefaults() { } } + // Update with vendor-specific property runtime overrides + vendor_load_properties(); + property_initialize_ro_product_props(); property_initialize_build_id(); property_derive_build_fingerprint(); diff --git a/init/vendor_init.cpp b/init/vendor_init.cpp new file mode 100644 index 000000000000..d3fd5ffe2be9 --- /dev/null +++ b/init/vendor_init.cpp @@ -0,0 +1,37 @@ +/* +Copyright (c) 2013, The Linux Foundation. All rights reserved. + +Redistribution and use in source and binary forms, with or without +modification, are permitted provided that the following conditions are +met: + * Redistributions of source code must retain the above copyright + notice, this list of conditions and the following disclaimer. + * Redistributions in binary form must reproduce the above + copyright notice, this list of conditions and the following + disclaimer in the documentation and/or other materials provided + with the distribution. + * Neither the name of The Linux Foundation nor the names of its + contributors may be used to endorse or promote products derived + from this software without specific prior written permission. + +THIS SOFTWARE IS PROVIDED "AS IS" AND ANY EXPRESS OR IMPLIED +WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF +MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NON-INFRINGEMENT +ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS +BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR +CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF +SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR +BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, +WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE +OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN +IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. + */ + +#include "vendor_init.h" + +/* init vendor override stubs */ + +__attribute__ ((weak)) +void vendor_load_properties() +{ +} diff --git a/init/vendor_init.h b/init/vendor_init.h new file mode 100644 index 000000000000..9afb449be013 --- /dev/null +++ b/init/vendor_init.h @@ -0,0 +1,33 @@ +/* +Copyright (c) 2013, The Linux Foundation. All rights reserved. + +Redistribution and use in source and binary forms, with or without +modification, are permitted provided that the following conditions are +met: + * Redistributions of source code must retain the above copyright + notice, this list of conditions and the following disclaimer. + * Redistributions in binary form must reproduce the above + copyright notice, this list of conditions and the following + disclaimer in the documentation and/or other materials provided + with the distribution. + * Neither the name of The Linux Foundation nor the names of its + contributors may be used to endorse or promote products derived + from this software without specific prior written permission. + +THIS SOFTWARE IS PROVIDED "AS IS" AND ANY EXPRESS OR IMPLIED +WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF +MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NON-INFRINGEMENT +ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS +BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR +CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF +SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR +BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, +WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE +OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN +IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. + */ + +#ifndef __INIT_VENDOR__H__ +#define __INIT_VENDOR__H__ +extern void vendor_load_properties(void); +#endif /* __INIT_VENDOR__H__ */ From 564692fac1705110fd459e38b9ad027e16562271 Mon Sep 17 00:00:00 2001 From: Steve Kondik Date: Thu, 28 Jul 2016 12:17:40 -0700 Subject: [PATCH 06/20] healthd: Add DASH charger type Change-Id: Ie1ca5018c465f6b2c15cbc00bdf3bb866d98ddef --- healthd/BatteryMonitor.cpp | 1 + 1 file changed, 1 insertion(+) diff --git a/healthd/BatteryMonitor.cpp b/healthd/BatteryMonitor.cpp index 377acb75e48e..98dffc3b8a15 100644 --- a/healthd/BatteryMonitor.cpp +++ b/healthd/BatteryMonitor.cpp @@ -196,6 +196,7 @@ BatteryMonitor::PowerSupplyType BatteryMonitor::readPowerSupplyType(const String {"USB_PD", ANDROID_POWER_SUPPLY_TYPE_AC}, {"USB_PD_DRP", ANDROID_POWER_SUPPLY_TYPE_USB}, {"Wireless", ANDROID_POWER_SUPPLY_TYPE_WIRELESS}, + {"DASH", ANDROID_POWER_SUPPLY_TYPE_AC}, {NULL, 0}, }; std::string buf; From cbac2b9b75d6a09bd68f2bbb477fe47ddf138a98 Mon Sep 17 00:00:00 2001 From: Abhijeet Dharmapurikar Date: Mon, 14 Sep 2015 16:35:26 -0700 Subject: [PATCH 07/20] healthd: Add support for HVDCP_3 chargers HVDCP_3 is a high voltage DCP charger where the charger's voltage can be changed by issuing pulses on the D+/D- lines. Add support to recognize it and treat it as an AC power source. Change-Id: Ib719529904e8b7a676bbdc5f5953f0f9da6df3fa --- healthd/BatteryMonitor.cpp | 1 + 1 file changed, 1 insertion(+) diff --git a/healthd/BatteryMonitor.cpp b/healthd/BatteryMonitor.cpp index 98dffc3b8a15..0278d25b87e9 100644 --- a/healthd/BatteryMonitor.cpp +++ b/healthd/BatteryMonitor.cpp @@ -190,6 +190,7 @@ BatteryMonitor::PowerSupplyType BatteryMonitor::readPowerSupplyType(const String {"USB", ANDROID_POWER_SUPPLY_TYPE_USB}, {"USB_DCP", ANDROID_POWER_SUPPLY_TYPE_AC}, {"USB_HVDCP", ANDROID_POWER_SUPPLY_TYPE_AC}, + {"USB_HVDCP_3", ANDROID_POWER_SUPPLY_TYPE_AC}, {"USB_CDP", ANDROID_POWER_SUPPLY_TYPE_AC}, {"USB_ACA", ANDROID_POWER_SUPPLY_TYPE_AC}, {"USB_C", ANDROID_POWER_SUPPLY_TYPE_AC}, From ca9c771e73f815cefa8ce712cfafbf2a747df559 Mon Sep 17 00:00:00 2001 From: Abhijeet Dharmapurikar Date: Tue, 24 May 2016 15:12:11 -0700 Subject: [PATCH 08/20] healthd: Reinitialize mChargerNames for every battery update Booting up the device without usb, the kernel sets the usb power supply type as UNKNOWN. The type of usb power supply changes at run-time as various chargers are plugged in/out. However, healthd initilizes the charger list only at bootup. Change it such that it checks for charger type changes with every battery or usb uevent. While at it, the kernel may have a power supply type which is not known to healthd. This is perfectly fine. Update healthd to not print a warning. Change-Id: I2ec9f9a420ca61814d43c316b418ce94de3691bc --- healthd/BatteryMonitor.cpp | 38 +++++++++++++++++++++++++++++++++++--- 1 file changed, 35 insertions(+), 3 deletions(-) diff --git a/healthd/BatteryMonitor.cpp b/healthd/BatteryMonitor.cpp index 0278d25b87e9..b4b853507618 100644 --- a/healthd/BatteryMonitor.cpp +++ b/healthd/BatteryMonitor.cpp @@ -206,10 +206,8 @@ BatteryMonitor::PowerSupplyType BatteryMonitor::readPowerSupplyType(const String return ANDROID_POWER_SUPPLY_TYPE_UNKNOWN; auto ret = mapSysfsString(buf.c_str(), supplyTypeMap); - if (!ret) { - KLOG_WARNING(LOG_TAG, "Unknown power supply type '%s'\n", buf.c_str()); + if (!ret) *ret = ANDROID_POWER_SUPPLY_TYPE_UNKNOWN; - } return static_cast(*ret); } @@ -303,6 +301,40 @@ void BatteryMonitor::updateValues(void) { double MaxPower = 0; + // Rescan for the available charger types + std::unique_ptr dir(opendir(POWER_SUPPLY_SYSFS_PATH), closedir); + if (dir == NULL) { + KLOG_ERROR(LOG_TAG, "Could not open %s\n", POWER_SUPPLY_SYSFS_PATH); + } else { + struct dirent* entry; + String8 path; + + mChargerNames.clear(); + + while ((entry = readdir(dir.get()))) { + const char* name = entry->d_name; + + if (!strcmp(name, ".") || !strcmp(name, "..")) + continue; + + // Look for "type" file in each subdirectory + path.clear(); + path.appendFormat("%s/%s/type", POWER_SUPPLY_SYSFS_PATH, name); + switch(BatteryMonitor::readPowerSupplyType(path)) { + case ANDROID_POWER_SUPPLY_TYPE_AC: + case ANDROID_POWER_SUPPLY_TYPE_USB: + case ANDROID_POWER_SUPPLY_TYPE_WIRELESS: + path.clear(); + path.appendFormat("%s/%s/online", POWER_SUPPLY_SYSFS_PATH, name); + if (access(path.string(), R_OK) == 0) + mChargerNames.add(String8(name)); + break; + default: + break; + } + } + } + for (size_t i = 0; i < mChargerNames.size(); i++) { String8 path; path.appendFormat("%s/%s/online", POWER_SUPPLY_SYSFS_PATH, From 9bc903e715403eba710e732867122dedcf91c5e5 Mon Sep 17 00:00:00 2001 From: David Anderson Date: Mon, 23 Aug 2021 22:22:43 -0700 Subject: [PATCH 09/20] libsnapshot: Fix missing source partitions when adding a new partition. When adding a new partition, don't attempt to map a source partition during boot, because none exists. Instead use the base device. Bug: 196922070 Test: vts_libsnapshot_test Change-Id: Ice6015237b0a76a0210819994433e52159376393 --- .../include/libsnapshot/snapshot.h | 1 + fs_mgr/libsnapshot/snapshot.cpp | 18 +++-- fs_mgr/libsnapshot/snapshot_test.cpp | 66 ++++++++++++++++++- 3 files changed, 77 insertions(+), 8 deletions(-) diff --git a/fs_mgr/libsnapshot/include/libsnapshot/snapshot.h b/fs_mgr/libsnapshot/include/libsnapshot/snapshot.h index 15882b382302..9bf5db18ed55 100644 --- a/fs_mgr/libsnapshot/include/libsnapshot/snapshot.h +++ b/fs_mgr/libsnapshot/include/libsnapshot/snapshot.h @@ -399,6 +399,7 @@ class SnapshotManager final : public ISnapshotManager { FRIEND_TEST(SnapshotTest, MergeFailureCode); FRIEND_TEST(SnapshotTest, NoMergeBeforeReboot); FRIEND_TEST(SnapshotTest, UpdateBootControlHal); + FRIEND_TEST(SnapshotUpdateTest, AddPartition); FRIEND_TEST(SnapshotUpdateTest, DaemonTransition); FRIEND_TEST(SnapshotUpdateTest, DataWipeAfterRollback); FRIEND_TEST(SnapshotUpdateTest, DataWipeRollbackInRecovery); diff --git a/fs_mgr/libsnapshot/snapshot.cpp b/fs_mgr/libsnapshot/snapshot.cpp index 0e36da151949..739fcbb2f544 100644 --- a/fs_mgr/libsnapshot/snapshot.cpp +++ b/fs_mgr/libsnapshot/snapshot.cpp @@ -2091,14 +2091,18 @@ bool SnapshotManager::MapPartitionWithSnapshot(LockedFile* lock, if (live_snapshot_status->compression_enabled()) { // Get the source device (eg the view of the partition from before it was resized). std::string source_device_path; - if (!MapSourceDevice(lock, params.GetPartitionName(), remaining_time, - &source_device_path)) { - LOG(ERROR) << "Could not map source device for: " << cow_name; - return false; - } + if (live_snapshot_status->old_partition_size() > 0) { + if (!MapSourceDevice(lock, params.GetPartitionName(), remaining_time, + &source_device_path)) { + LOG(ERROR) << "Could not map source device for: " << cow_name; + return false; + } - auto source_device = GetSourceDeviceName(params.GetPartitionName()); - created_devices.EmplaceBack(&dm, source_device); + auto source_device = GetSourceDeviceName(params.GetPartitionName()); + created_devices.EmplaceBack(&dm, source_device); + } else { + source_device_path = base_path; + } if (!WaitForDevice(source_device_path, remaining_time)) { return false; diff --git a/fs_mgr/libsnapshot/snapshot_test.cpp b/fs_mgr/libsnapshot/snapshot_test.cpp index 60186434ae46..7da17bddf79e 100644 --- a/fs_mgr/libsnapshot/snapshot_test.cpp +++ b/fs_mgr/libsnapshot/snapshot_test.cpp @@ -963,7 +963,7 @@ class SnapshotUpdateTest : public SnapshotTest { } AssertionResult UnmapAll() { - for (const auto& name : {"sys", "vnd", "prd"}) { + for (const auto& name : {"sys", "vnd", "prd", "dlkm"}) { if (!dm_.DeleteDeviceIfExists(name + "_a"s)) { return AssertionFailure() << "Cannot unmap " << name << "_a"; } @@ -2026,6 +2026,70 @@ TEST_F(SnapshotUpdateTest, LowSpace) { ASSERT_LT(res.required_size(), 40_MiB); } +TEST_F(SnapshotUpdateTest, AddPartition) { + // OTA client blindly unmaps all partitions that are possibly mapped. + for (const auto& name : {"sys_b", "vnd_b", "prd_b"}) { + ASSERT_TRUE(sm->UnmapUpdateSnapshot(name)); + } + + group_->add_partition_names("dlkm"); + + auto dlkm = manifest_.add_partitions(); + dlkm->set_partition_name("dlkm"); + dlkm->set_estimate_cow_size(2_MiB); + SetSize(dlkm, 3_MiB); + + // Grow all partitions. Set |prd| large enough that |sys| and |vnd|'s COWs + // fit in super, but not |prd|. + constexpr uint64_t partition_size = 3788_KiB; + SetSize(sys_, partition_size); + SetSize(vnd_, partition_size); + SetSize(prd_, partition_size); + SetSize(dlkm, partition_size); + + AddOperationForPartitions({sys_, vnd_, prd_, dlkm}); + + // Execute the update. + ASSERT_TRUE(sm->BeginUpdate()); + ASSERT_TRUE(sm->CreateUpdateSnapshots(manifest_)); + + // Write some data to target partitions. + for (const auto& name : {"sys_b", "vnd_b", "prd_b", "dlkm_b"}) { + ASSERT_TRUE(WriteSnapshotAndHash(name)); + } + + // Assert that source partitions aren't affected. + for (const auto& name : {"sys_a", "vnd_a", "prd_a"}) { + ASSERT_TRUE(IsPartitionUnchanged(name)); + } + + ASSERT_TRUE(sm->FinishedSnapshotWrites(false)); + + // Simulate shutting down the device. + ASSERT_TRUE(UnmapAll()); + + // After reboot, init does first stage mount. + auto init = NewManagerForFirstStageMount("_b"); + ASSERT_NE(init, nullptr); + ASSERT_TRUE(init->NeedSnapshotsInFirstStageMount()); + ASSERT_TRUE(init->CreateLogicalAndSnapshotPartitions("super", snapshot_timeout_)); + + // Check that the target partitions have the same content. + for (const auto& name : {"sys_b", "vnd_b", "prd_b", "dlkm_b"}) { + ASSERT_TRUE(IsPartitionUnchanged(name)); + } + + // Initiate the merge and wait for it to be completed. + ASSERT_TRUE(init->InitiateMerge()); + ASSERT_EQ(UpdateState::MergeCompleted, init->ProcessUpdateState()); + + // Check that the target partitions have the same content after the merge. + for (const auto& name : {"sys_b", "vnd_b", "prd_b", "dlkm_b"}) { + ASSERT_TRUE(IsPartitionUnchanged(name)) + << "Content of " << name << " changes after the merge"; + } +} + class AutoKill final { public: explicit AutoKill(pid_t pid) : pid_(pid) {} From 1b7ff44db5f67125d1dc64605312fde9ab0d08f7 Mon Sep 17 00:00:00 2001 From: Akilesh Kailash Date: Sun, 12 Sep 2021 12:31:33 +0000 Subject: [PATCH 10/20] libsnapshot: Error handling after QuerySnapshotStatus QuerySnapshotStatus will capture the error codes from dm-snapshot if there are any snapshot related failure. Handle the error codes and fail the QuerySnapshotStatus call. Validate snapshot status in MapSnapshot(). If the mode is set to Persistent and snapshot status is in Merging state, then forcefully set the mode to Merge state. Bug: 198265278 Test: Full/incremental OTA Signed-off-by: Akilesh Kailash Change-Id: I779184f1998b23edacd6e780acf2676442004340 --- fs_mgr/libsnapshot/snapshot.cpp | 11 +++++++++++ 1 file changed, 11 insertions(+) diff --git a/fs_mgr/libsnapshot/snapshot.cpp b/fs_mgr/libsnapshot/snapshot.cpp index 739fcbb2f544..65b73614dc67 100644 --- a/fs_mgr/libsnapshot/snapshot.cpp +++ b/fs_mgr/libsnapshot/snapshot.cpp @@ -518,6 +518,13 @@ bool SnapshotManager::MapSnapshot(LockedFile* lock, const std::string& name, break; } + if (mode == SnapshotStorageMode::Persistent && status.state() == SnapshotState::MERGING) { + LOG(ERROR) << "Snapshot: " << name + << " has snapshot status Merging but mode set to Persistent." + << " Changing mode to Snapshot-Merge."; + mode = SnapshotStorageMode::Merge; + } + DmTable table; table.Emplace(0, snapshot_sectors, base_device, cow_device, mode, kSnapshotChunkSize); @@ -886,6 +893,10 @@ bool SnapshotManager::QuerySnapshotStatus(const std::string& dm_name, std::strin if (target_type) { *target_type = DeviceMapper::GetTargetType(target.spec); } + if (!status->error.empty()) { + LOG(ERROR) << "Snapshot: " << dm_name << " returned error code: " << status->error; + return false; + } return true; } From e8a1b2d5dce72b23b0b5f75167130882601cc875 Mon Sep 17 00:00:00 2001 From: David Anderson Date: Wed, 1 Sep 2021 20:51:35 -0700 Subject: [PATCH 11/20] libsnapshot: Fix new partitions not transitioning in second-stage init. Bug: 196922070 Test: vts_libsnapshot_test Change-Id: If8a7afde218fd719e4426dc1dda41f53a4e6544b --- fs_mgr/libsnapshot/snapshot.cpp | 11 +++++++++-- fs_mgr/libsnapshot/snapshot_test.cpp | 12 +++++++++++- 2 files changed, 20 insertions(+), 3 deletions(-) diff --git a/fs_mgr/libsnapshot/snapshot.cpp b/fs_mgr/libsnapshot/snapshot.cpp index 65b73614dc67..4c94da28fcc1 100644 --- a/fs_mgr/libsnapshot/snapshot.cpp +++ b/fs_mgr/libsnapshot/snapshot.cpp @@ -1467,7 +1467,7 @@ bool SnapshotManager::PerformInitTransition(InitTransition transition, std::vector* snapuserd_argv) { LOG(INFO) << "Performing transition for snapuserd."; - // Don't use EnsuerSnapuserdConnected() because this is called from init, + // Don't use EnsureSnapuserdConnected() because this is called from init, // and attempting to do so will deadlock. if (!snapuserd_client_ && transition != InitTransition::SELINUX_DETACH) { snapuserd_client_ = SnapuserdClient::Connect(kSnapuserdSocket, 10s); @@ -1524,8 +1524,15 @@ bool SnapshotManager::PerformInitTransition(InitTransition transition, continue; } + std::string source_device_name; + if (snapshot_status.old_partition_size() > 0) { + source_device_name = GetSourceDeviceName(snapshot); + } else { + source_device_name = GetBaseDeviceName(snapshot); + } + std::string source_device; - if (!dm.GetDmDevicePathByName(GetSourceDeviceName(snapshot), &source_device)) { + if (!dm.GetDmDevicePathByName(source_device_name, &source_device)) { LOG(ERROR) << "Could not get device path for " << GetSourceDeviceName(snapshot); continue; } diff --git a/fs_mgr/libsnapshot/snapshot_test.cpp b/fs_mgr/libsnapshot/snapshot_test.cpp index 7da17bddf79e..7630efe3f8ad 100644 --- a/fs_mgr/libsnapshot/snapshot_test.cpp +++ b/fs_mgr/libsnapshot/snapshot_test.cpp @@ -2071,14 +2071,24 @@ TEST_F(SnapshotUpdateTest, AddPartition) { // After reboot, init does first stage mount. auto init = NewManagerForFirstStageMount("_b"); ASSERT_NE(init, nullptr); + + ASSERT_TRUE(init->EnsureSnapuserdConnected()); + init->set_use_first_stage_snapuserd(true); + ASSERT_TRUE(init->NeedSnapshotsInFirstStageMount()); ASSERT_TRUE(init->CreateLogicalAndSnapshotPartitions("super", snapshot_timeout_)); // Check that the target partitions have the same content. - for (const auto& name : {"sys_b", "vnd_b", "prd_b", "dlkm_b"}) { + std::vector partitions = {"sys_b", "vnd_b", "prd_b", "dlkm_b"}; + for (const auto& name : partitions) { ASSERT_TRUE(IsPartitionUnchanged(name)); } + ASSERT_TRUE(init->PerformInitTransition(SnapshotManager::InitTransition::SECOND_STAGE)); + for (const auto& name : partitions) { + ASSERT_TRUE(init->snapuserd_client()->WaitForDeviceDelete(name + "-user-cow-init")); + } + // Initiate the merge and wait for it to be completed. ASSERT_TRUE(init->InitiateMerge()); ASSERT_EQ(UpdateState::MergeCompleted, init->ProcessUpdateState()); From a5ff99059e8502286ba41d509963d67ec06bd1df Mon Sep 17 00:00:00 2001 From: dianlujitao Date: Sun, 15 Sep 2019 19:46:14 +0800 Subject: [PATCH 12/20] Add wrapped key support These commits added wrapped key support: https://source.codeaurora.org/quic/la/platform/system/core/commit/?h=LA.UM.8.1.r1-08800-sm8150.0&id=ddd34f7b85ea6701d0c62f1e7c6cb98bbef60738 https://source.codeaurora.org/quic/la/platform/system/core/commit/?h=LA.UM.8.1.r1-08800-sm8150.0&id=98ee612a86f40a862889347a4f3bb6231fcdb0e0 https://source.codeaurora.org/quic/la/platform/system/core/commit/?h=LA.UM.8.1.r1-08800-sm8150.0&id=c69050ee52338339f0eb1a07aa3eeeeeb2e209d9 Although, got either reverted by follow-ups or removed after the big Q merge commit: https://source.codeaurora.org/quic/la/platform/system/core/commit/?h=LA.UM.8.1.r1-08800-sm8150.0&id=dd28b6d7f1f44a529a2262d09834da4ca48937f4 Bring in the relevant bits so that system/vold part compiles. Conflicts: fs_mgr/fs_mgr_fstab.cpp fs_mgr/include_fstab/fstab/fstab.h Change-Id: Ibdf035e548c3f5085401f60df158c9a327947f33 (cherry picked from commit 9f03019be92a1ce86910ef20e6372a4785ba56c1) Signed-off-by: Volodymyr Zhdanov --- fs_mgr/fs_mgr_fstab.cpp | 1 + fs_mgr/include_fstab/fstab/fstab.h | 1 + 2 files changed, 2 insertions(+) diff --git a/fs_mgr/fs_mgr_fstab.cpp b/fs_mgr/fs_mgr_fstab.cpp index d0c89b90946b..9a2332445f69 100644 --- a/fs_mgr/fs_mgr_fstab.cpp +++ b/fs_mgr/fs_mgr_fstab.cpp @@ -181,6 +181,7 @@ void ParseFsMgrFlags(const std::string& flags, FstabEntry* entry) { CheckFlag("fsverity", fs_verity); CheckFlag("metadata_csum", ext_meta_csum); CheckFlag("fscompress", fs_compress); + CheckFlag("wrappedkey", wrapped_key); #undef CheckFlag diff --git a/fs_mgr/include_fstab/fstab/fstab.h b/fs_mgr/include_fstab/fstab/fstab.h index f33768b9d674..0d1e935c0e41 100644 --- a/fs_mgr/include_fstab/fstab/fstab.h +++ b/fs_mgr/include_fstab/fstab/fstab.h @@ -86,6 +86,7 @@ struct FstabEntry { bool fs_verity : 1; bool ext_meta_csum : 1; bool fs_compress : 1; + bool wrapped_key : 1; } fs_mgr_flags = {}; bool is_encryptable() const { From 69b2931e8ec38d1e69f145a3a81310b425fe5492 Mon Sep 17 00:00:00 2001 From: Alex Naidis Date: Sun, 9 Apr 2017 01:29:27 +0200 Subject: [PATCH 13/20] init: Weaken property override security for the init extension Sometimes we need to override ro.* properties by using our vendor init extension. Previously there was a security check which was blocking that. To resolve the issue, we need to weaken the security check during the execution of our vendor init extension. This is safe because the vendor init extension gets executed as part of init construction and it is considered a trusted system component. Change-Id: Ia7d60686968695f1fb43be4ed58770ce10da88c5 Former-commit-id: 91d12168b9500a44211a7d5a092e0ebcfed48d4d Change-Id: I07629b6c19b5ebfa019307c497c18d8bcc719685 --- init/property_service.cpp | 12 ++++++++++-- 1 file changed, 10 insertions(+), 2 deletions(-) diff --git a/init/property_service.cpp b/init/property_service.cpp index 5a8fc5418279..172a5a6922b8 100644 --- a/init/property_service.cpp +++ b/init/property_service.cpp @@ -118,6 +118,8 @@ struct PropertyAuditData { const char* name; }; +static bool weaken_prop_override_security = false; + static int PropertyAuditCallback(void* data, security_class_t /*cls*/, char* buf, size_t len) { auto* d = reinterpret_cast(data); @@ -188,8 +190,8 @@ static uint32_t PropertySet(const std::string& name, const std::string& value, s prop_info* pi = (prop_info*) __system_property_find(name.c_str()); if (pi != nullptr) { - // ro.* properties are actually "write-once". - if (StartsWith(name, "ro.")) { + // ro.* properties are actually "write-once", unless the system decides to + if (StartsWith(name, "ro.") && !weaken_prop_override_security) { *error = "Read-only property was already set"; return PROP_ERROR_READ_ONLY_PROPERTY; } @@ -1098,6 +1100,9 @@ void PropertyLoadBootDefaults() { } } + // Weaken property override security during execution of the vendor init extension + weaken_prop_override_security = true; + // Update with vendor-specific property runtime overrides vendor_load_properties(); @@ -1108,6 +1113,9 @@ void PropertyLoadBootDefaults() { property_initialize_ro_cpu_abilist(); update_sys_usb_config(); + + // Restore the normal property override security after init extension is executed + weaken_prop_override_security = false; } bool LoadPropertyInfoFromFile(const std::string& filename, From 765f9e95485899e4d59ccb05e7aa8032d77ce728 Mon Sep 17 00:00:00 2001 From: Park Ju Hyung Date: Mon, 6 Nov 2017 20:30:39 +0900 Subject: [PATCH 14/20] init: workaround SafetyNet check Doing this in the userspace allows more properties to be spoofed and eliminate the needs for a hack in the kernel. Former-commit-id: e036a461c7dd4d97e1df77979c85f3c198e1e784 Change-Id: I76f6e210247a032b764dea2f5a23a184745f59a0 --- init/property_service.cpp | 47 +++++++++++++++++++++++++++++++++++++++ 1 file changed, 47 insertions(+) diff --git a/init/property_service.cpp b/init/property_service.cpp index 172a5a6922b8..7c65c5227980 100644 --- a/init/property_service.cpp +++ b/init/property_service.cpp @@ -797,6 +797,50 @@ static void load_override_properties() { } } +static const char *snet_prop_key[] = { + "ro.boot.vbmeta.device_state", + "ro.boot.verifiedbootstate", + "ro.boot.flash.locked", + "ro.boot.selinux", + "ro.boot.veritymode", + "ro.boot.warranty_bit", + "ro.warranty_bit", + "ro.debuggable", + "ro.secure", + "ro.build.type", + "ro.build.keys", + "ro.build.tags", + "ro.system.build.tags", + NULL +}; + +static const char *snet_prop_value[] = { + "locked", // ro.boot.vbmeta.device_state + "green", // ro.boot.verifiedbootstate + "1", // ro.boot.flash.locked + "enforcing", // ro.boot.selinux + "enforcing", // ro.boot.veritymode + "0", // ro.boot.warranty_bit + "0", // ro.warranty_bit + "0", // ro.debuggable + "1", // ro.secure + "user", // ro.build.type + "release-keys", // ro.build.keys + "release-keys", // ro.build.tags + "release-keys", // ro.system.build.tags + NULL +}; + +static void workaround_snet_properties() { + std::string error; + LOG(INFO) << "snet: Hiding sensitive props"; + + // Hide all sensitive props + for (int i = 0; snet_prop_key[i]; ++i) { + PropertySet(snet_prop_key[i], snet_prop_value[i], &error); + } +} + // If the ro.product.[brand|device|manufacturer|model|name] properties have not been explicitly // set, derive them from ro.product.${partition}.* properties static void property_initialize_ro_product_props() { @@ -1114,6 +1158,9 @@ void PropertyLoadBootDefaults() { update_sys_usb_config(); + // Workaround SafetyNet + workaround_snet_properties(); + // Restore the normal property override security after init extension is executed weaken_prop_override_security = false; } From c5012b88118ddd4f9960ecd09af8976936032b53 Mon Sep 17 00:00:00 2001 From: Chris Renshaw Date: Sat, 9 May 2020 06:53:32 -0300 Subject: [PATCH 15/20] init: add vendor.* keys to spoof safetynet aswinas@pixysos: add some more props from magisk hide to userspace hack by arter97 Former-commit-id: fc79269db601c9cd0dad3781d4e6ee8f209c55fc Change-Id: I8a88862674ca5a9eb8df5050e04344a2acb0a79f --- init/property_service.cpp | 8 ++++++++ 1 file changed, 8 insertions(+) diff --git a/init/property_service.cpp b/init/property_service.cpp index 7c65c5227980..c06de0e0a0d1 100644 --- a/init/property_service.cpp +++ b/init/property_service.cpp @@ -811,6 +811,10 @@ static const char *snet_prop_key[] = { "ro.build.keys", "ro.build.tags", "ro.system.build.tags", + "ro.vendor.boot.warranty_bit", + "ro.vendor.warranty_bit", + "vendor.boot.vbmeta.device_state", + "vendor.boot.verifiedbootstate", NULL }; @@ -828,6 +832,10 @@ static const char *snet_prop_value[] = { "release-keys", // ro.build.keys "release-keys", // ro.build.tags "release-keys", // ro.system.build.tags + "0", // ro.vendor.boot.warranty_bit + "0", // ro.vendor.warranty_bit + "locked", // vendor.boot.vbmeta.device_state + "green", // vendor.boot.verifiedbootstate NULL }; From 29d8a8e309c883af396349d8158e71a33f569f8a Mon Sep 17 00:00:00 2001 From: jhenrique09 Date: Fri, 20 Nov 2020 11:34:54 -0300 Subject: [PATCH 16/20] init: Weaken property override security only when spoofing safetynet Change-Id: I740afaa27de82bec1e6d58b58d431141ca6b4e3f Former-commit-id: ca62a22d017f44c9f63553a44f5017eb5b8e9095 Change-Id: Icea7076c6c0ffc2ab3d66899335a5a477ccc519a --- init/property_service.cpp | 12 ++++++------ 1 file changed, 6 insertions(+), 6 deletions(-) diff --git a/init/property_service.cpp b/init/property_service.cpp index c06de0e0a0d1..94e9c5b980dc 100644 --- a/init/property_service.cpp +++ b/init/property_service.cpp @@ -840,6 +840,9 @@ static const char *snet_prop_value[] = { }; static void workaround_snet_properties() { + // Weaken property override security to set safetynet props + weaken_prop_override_security = true; + std::string error; LOG(INFO) << "snet: Hiding sensitive props"; @@ -847,6 +850,9 @@ static void workaround_snet_properties() { for (int i = 0; snet_prop_key[i]; ++i) { PropertySet(snet_prop_key[i], snet_prop_value[i], &error); } + + // Restore the normal property override security after safetynet props have been set + weaken_prop_override_security = false; } // If the ro.product.[brand|device|manufacturer|model|name] properties have not been explicitly @@ -1152,9 +1158,6 @@ void PropertyLoadBootDefaults() { } } - // Weaken property override security during execution of the vendor init extension - weaken_prop_override_security = true; - // Update with vendor-specific property runtime overrides vendor_load_properties(); @@ -1168,9 +1171,6 @@ void PropertyLoadBootDefaults() { // Workaround SafetyNet workaround_snet_properties(); - - // Restore the normal property override security after init extension is executed - weaken_prop_override_security = false; } bool LoadPropertyInfoFromFile(const std::string& filename, From 22d29032280b7269fc0787c56a2625703669c9c0 Mon Sep 17 00:00:00 2001 From: jhenrique09 Date: Fri, 20 Nov 2020 20:33:21 -0300 Subject: [PATCH 17/20] init: Only set safetynet props if not eng build Change-Id: Ic07539b4a7a97316720defd000425d1b6d15fd67 Former-commit-id: 9d4ca9403943feecd6f902e69d581aad3ee84839 Change-Id: Ic34d95c23afd8caf95c7b2a2517650dbf116fdde --- init/property_service.cpp | 14 +++++++++----- 1 file changed, 9 insertions(+), 5 deletions(-) diff --git a/init/property_service.cpp b/init/property_service.cpp index 94e9c5b980dc..ec854b44a6f8 100644 --- a/init/property_service.cpp +++ b/init/property_service.cpp @@ -840,16 +840,20 @@ static const char *snet_prop_value[] = { }; static void workaround_snet_properties() { + std::string build_type = android::base::GetProperty("ro.build.type", ""); + // Weaken property override security to set safetynet props weaken_prop_override_security = true; std::string error; - LOG(INFO) << "snet: Hiding sensitive props"; - // Hide all sensitive props - for (int i = 0; snet_prop_key[i]; ++i) { - PropertySet(snet_prop_key[i], snet_prop_value[i], &error); - } + // Hide all sensitive props if not eng build + if (build_type != "eng") { + LOG(INFO) << "snet: Hiding sensitive props"; + for (int i = 0; snet_prop_key[i]; ++i) { + PropertySet(snet_prop_key[i], snet_prop_value[i], &error); + } + } // Restore the normal property override security after safetynet props have been set weaken_prop_override_security = false; From a465848efe0cf340bd2ee6df9caad75ac903ad76 Mon Sep 17 00:00:00 2001 From: jhenrique09 Date: Tue, 1 Dec 2020 18:46:03 -0300 Subject: [PATCH 18/20] core: Add more props for snet spoofing Also reformat code Change-Id: I98aafcc2c1d8dae1448ecf3c18981fb7945599ba --- init/property_service.cpp | 98 +++++++++++++++++++++++---------------- 1 file changed, 57 insertions(+), 41 deletions(-) diff --git a/init/property_service.cpp b/init/property_service.cpp index ec854b44a6f8..63eee73e8d3a 100644 --- a/init/property_service.cpp +++ b/init/property_service.cpp @@ -798,45 +798,55 @@ static void load_override_properties() { } static const char *snet_prop_key[] = { - "ro.boot.vbmeta.device_state", - "ro.boot.verifiedbootstate", - "ro.boot.flash.locked", - "ro.boot.selinux", - "ro.boot.veritymode", - "ro.boot.warranty_bit", - "ro.warranty_bit", - "ro.debuggable", - "ro.secure", - "ro.build.type", - "ro.build.keys", - "ro.build.tags", - "ro.system.build.tags", - "ro.vendor.boot.warranty_bit", - "ro.vendor.warranty_bit", - "vendor.boot.vbmeta.device_state", - "vendor.boot.verifiedbootstate", - NULL + "ro.boot.vbmeta.device_state", + "ro.boot.verifiedbootstate", + "ro.boot.flash.locked", + "ro.boot.selinux", + "ro.boot.veritymode", + "ro.boot.warranty_bit", + "ro.warranty_bit", + "ro.debuggable", + "ro.secure", + "ro.build.type", + "ro.system.build.type", + "ro.system_ext.build.type", + "ro.vendor.build.type", + "ro.product.build.type", + "ro.odm.build.type", + "ro.build.keys", + "ro.build.tags", + "ro.system.build.tags", + "ro.vendor.boot.warranty_bit", + "ro.vendor.warranty_bit", + "vendor.boot.vbmeta.device_state", + "vendor.boot.verifiedbootstate", + NULL }; static const char *snet_prop_value[] = { - "locked", // ro.boot.vbmeta.device_state - "green", // ro.boot.verifiedbootstate - "1", // ro.boot.flash.locked - "enforcing", // ro.boot.selinux - "enforcing", // ro.boot.veritymode - "0", // ro.boot.warranty_bit - "0", // ro.warranty_bit - "0", // ro.debuggable - "1", // ro.secure - "user", // ro.build.type - "release-keys", // ro.build.keys - "release-keys", // ro.build.tags - "release-keys", // ro.system.build.tags - "0", // ro.vendor.boot.warranty_bit - "0", // ro.vendor.warranty_bit - "locked", // vendor.boot.vbmeta.device_state - "green", // vendor.boot.verifiedbootstate - NULL + "locked", // ro.boot.vbmeta.device_state + "green", // ro.boot.verifiedbootstate + "1", // ro.boot.flash.locked + "enforcing", // ro.boot.selinux + "enforcing", // ro.boot.veritymode + "0", // ro.boot.warranty_bit + "0", // ro.warranty_bit + "0", // ro.debuggable + "1", // ro.secure + "user", // ro.build.type + "user", // ro.system.build.type + "user", // ro.system_ext.build.type + "user", // ro.vendor.build.type + "user", // ro.product.build.type + "user", // ro.odm.build.type + "release-keys", // ro.build.keys + "release-keys", // ro.build.tags + "release-keys", // ro.system.build.tags + "0", // ro.vendor.boot.warranty_bit + "0", // ro.vendor.warranty_bit + "locked", // vendor.boot.vbmeta.device_state + "green", // vendor.boot.verifiedbootstate + NULL }; static void workaround_snet_properties() { @@ -845,16 +855,22 @@ static void workaround_snet_properties() { // Weaken property override security to set safetynet props weaken_prop_override_security = true; - std::string error; + std::string error; - // Hide all sensitive props if not eng build + // Hide all sensitive props if not eng build if (build_type != "eng") { - LOG(INFO) << "snet: Hiding sensitive props"; - for (int i = 0; snet_prop_key[i]; ++i) { + LOG(INFO) << "snet: Hiding sensitive props"; + for (int i = 0; snet_prop_key[i]; ++i) { PropertySet(snet_prop_key[i], snet_prop_value[i], &error); - } + } } + // Extra pops + std::string build_flavor_key = "ro.build.flavor"; + std::string build_flavor_value = android::base::GetProperty(build_flavor_key, ""); + build_flavor_value = android::base::StringReplace(build_flavor_value, "userdebug", "user", false); + PropertySet(build_flavor_key, build_flavor_value, &error); + // Restore the normal property override security after safetynet props have been set weaken_prop_override_security = false; } From 0fbc0857819daf97910e7d8f796f1c7c8f88f28e Mon Sep 17 00:00:00 2001 From: Jarl-Penguin Date: Wed, 16 Jun 2021 11:28:46 +0000 Subject: [PATCH 19/20] core: Don't spoof props in recovery mode Signed-off-by: Jarl-Penguin Change-Id: Ib6d3808c3b8f3e0cffab685a24d3cdd436b0fe9b --- init/property_service.cpp | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/init/property_service.cpp b/init/property_service.cpp index 63eee73e8d3a..40ba4e16f03b 100644 --- a/init/property_service.cpp +++ b/init/property_service.cpp @@ -1190,7 +1190,9 @@ void PropertyLoadBootDefaults() { update_sys_usb_config(); // Workaround SafetyNet - workaround_snet_properties(); + if (!IsRecoveryMode()) { + workaround_snet_properties(); + } } bool LoadPropertyInfoFromFile(const std::string& filename, From 43c81da749d57dc3dbecf223594d0b004252f4ef Mon Sep 17 00:00:00 2001 From: Arian Date: Fri, 17 Dec 2021 08:22:39 +0000 Subject: [PATCH 20/20] Revert "libfs_avb: verifying vbmeta digest early" This reverts commit ec10d3cf6e328da90dd4a388761d2d26543fce8f. --- fs_mgr/libfs_avb/fs_avb.cpp | 36 ++++++++++++++++++------------------ 1 file changed, 18 insertions(+), 18 deletions(-) diff --git a/fs_mgr/libfs_avb/fs_avb.cpp b/fs_mgr/libfs_avb/fs_avb.cpp index 1da71176c862..49333a13b2eb 100644 --- a/fs_mgr/libfs_avb/fs_avb.cpp +++ b/fs_mgr/libfs_avb/fs_avb.cpp @@ -433,16 +433,6 @@ AvbUniquePtr AvbHandle::Open() { // Sets the MAJOR.MINOR for init to set it into "ro.boot.avb_version". avb_handle->avb_version_ = StringPrintf("%d.%d", AVB_VERSION_MAJOR, AVB_VERSION_MINOR); - // Verifies vbmeta structs against the digest passed from bootloader in kernel cmdline. - std::unique_ptr avb_verifier = AvbVerifier::Create(); - if (!avb_verifier || !avb_verifier->VerifyVbmetaImages(avb_handle->vbmeta_images_)) { - LERROR << "Failed to verify vbmeta digest"; - if (!allow_verification_error) { - LERROR << "vbmeta digest error isn't allowed "; - return nullptr; - } - } - // Checks whether FLAGS_VERIFICATION_DISABLED is set: // - Only the top-level vbmeta struct is read. // - vbmeta struct in other partitions are NOT processed, including AVB HASH descriptor(s) @@ -453,16 +443,26 @@ AvbUniquePtr AvbHandle::Open() { bool verification_disabled = ((AvbVBMetaImageFlags)vbmeta_header.flags & AVB_VBMETA_IMAGE_FLAGS_VERIFICATION_DISABLED); - // Checks whether FLAGS_HASHTREE_DISABLED is set. - // - vbmeta struct in all partitions are still processed, just disable - // dm-verity in the user space. - bool hashtree_disabled = - ((AvbVBMetaImageFlags)vbmeta_header.flags & AVB_VBMETA_IMAGE_FLAGS_HASHTREE_DISABLED); - if (verification_disabled) { avb_handle->status_ = AvbHandleStatus::kVerificationDisabled; - } else if (hashtree_disabled) { - avb_handle->status_ = AvbHandleStatus::kHashtreeDisabled; + } else { + // Verifies vbmeta structs against the digest passed from bootloader in kernel cmdline. + std::unique_ptr avb_verifier = AvbVerifier::Create(); + if (!avb_verifier) { + LERROR << "Failed to create AvbVerifier"; + return nullptr; + } + if (!avb_verifier->VerifyVbmetaImages(avb_handle->vbmeta_images_)) { + LERROR << "VerifyVbmetaImages failed"; + return nullptr; + } + + // Checks whether FLAGS_HASHTREE_DISABLED is set. + bool hashtree_disabled = ((AvbVBMetaImageFlags)vbmeta_header.flags & + AVB_VBMETA_IMAGE_FLAGS_HASHTREE_DISABLED); + if (hashtree_disabled) { + avb_handle->status_ = AvbHandleStatus::kHashtreeDisabled; + } } LINFO << "Returning avb_handle with status: " << avb_handle->status_;