We only need a single binder thread to receive notifications, so we
should set the thread pool max to 0 rather than 1. startThreadPool()
starts one thread + the max count.
Test: m storageproxyd
Bug: 281951047
Fixes: 292030372
Change-Id: I53a90eaa2aa69469fd3a00b6da0d7061318c8ba9
Inline some trivial helpers and remove unused header declarations.
Remove fs_mgr_*access() as it is really just access().
Remove fs_mgr_overlayfs_super_device() as we always want the primary
slot and having this wrapper isn't particularly helpful.
Test: adb-remount-test
Change-Id: I2581fd7c7d5071cbb97778535b7811dbcb80d76e
According to https://abseil.io/tips/140, string constants should be
constexpr char array or string_view object. This avoids subtle bugs due
to the toolchain shuffling object initialization order between/within
compilation units.
string_view has bad interoperability between C APIs as many of those
functions require string values to be null-terminated. Thus we can only
rely on good old c-string constants.
This change groups all string constants together and change them all to
constexpr char array for consistent style.
Also remove some duplicated method definition.
Test: adb-remount-test
Change-Id: I1ed57e6dc24ce3750e72c5538c388a6872cd2b40
We use the %d format specificier for uid_t, which maps to
__kernel_uid32_t, which is unsigned. [1] This is undefined behavior
which can lead to paths with negative UIDs when erroneously large
values are passed for uid:
E libprocessgroup: No such cgroup attribute: /sys/fs/cgroup/uid_-89846/cgroup.freeze
Fix it with %u.
[1] https://cs.android.com/search?q=typedef.*__kernel_uid32_t&ss=android%2Fplatform%2Fsuperproject%2Fmain
Change-Id: Ibb52ba2503e30e2f20770b7d23629167e38d076a
When a read request is for a single sector, and the sector is
block-aligned, it falls into the ReadAlignedSector path, which assumes
block-sized reads. Fix this by clamping the expected size.
Bug: 291862304
Test: manual test of ReadWorker::ReadAlignedSector
full OTA
Change-Id: I00e460c333e8a9a4dc2433443e3633f3d794da1d
The Trusty storage proxy requires that the suspend service is started to
acquire a wakelock for UFS RPMB operations. Without the binder thread
pool running, starting this service results in at least a 1s polling
delay. This change ensures that we start the thread pool before handling
any RPMB operations, so acquiring the wakelock will complete as soon as
the service is ready without needing to poll once per second.
Test: m storageproxyd
Test: Artificially delay suspend_service to check if we poll
Bug: 281951047
Change-Id: I1a4cdd48d57201b0cf9c24523d22e5bdbcea376a
VFIO nodes, both the container (`vfio`) node and group (numbered)
nodes, should be located in `/dev/vfio`. This change prevents
ueventd from flattening that structure.
Test: Bind a device to VFIO driver to create a VFIO group
Change-Id: I635e9febe6bb52718df263e735479f361eacad4c
Bug: 290835996
Test: libutils_fuzz_string8 for several minutes
String8::removeAll() has 2 serious problems:
1. When `other` is an empty string, `removeAll()` will loop infinitely
due to below process:
a) with `other` being empty string `""`, find() will call strstr()
on an empty string, which always returns `mString`, and thus
find() always return 0 in this case
b) with find() returns 0 for empty string, the next while loop in
String8::removeAll() will keep loop infinitely as `index` will
always be 0
This CL fixes this problem by returning true if `other` is an empty
string (i.e. `strlen(other) == 0`), this follows the logic that an
empty string will always be found and no actual remove needs to be
done.
2. When `other` is a NULL string, strstr() has undefined behavior. See
https://www.open-std.org/jtc1/sc22/wg14/www/docs/n1570.pdf.
This undefined behavior on Android unfortunately causes immediate
segmentation fault as the current `strstr` implementation in bionic
libc doesn't check `needle` being NULL, and an access to a NULL
location is performed to check if the `needle` string is an empty
string, and thus causes segmentation fault.
This CL gives an error message and aborts instead of having a
segfault, and to keep some backward compatibility.
This CL also adds test for String8::removeAll()
Change-Id: Ie2ccee6767efe0fed476db4ec6072717198279e9
adding --help documentation to fastboot for --disable-super-optimization
and --disable-fastboot-info
Test: fastboot -h
Change-Id: Ia8993b3894d302a63cc97796d66e0af3fb004eef
Currently all I/O is processed through BufferSink. However, the
allocation of buffers is implicit in low-level helper functions, which
have no knowledge of how much data will actually be sent. As a result,
"allocation of buffers" and "tracking of how many bytes were written" is
disjoint. This will make it very difficult to break dependence on
dm-user, without a much more complex API.
This patch refactors how BufferSink is used. First, GetPayloadBuffer has
been deprecated in favor of AcquireBuffer. AcquireBuffer performs both
allocation and write tracking. The number of bytes written is not
necessarily the number of bytes allocated, and the new API allows for
this.
The "Process" helpers now take in an explicit buffer, and their callers
are responsible for allocating a buffer. This allows for
ReadUnalignedSector to have proper buffer offset tracking.
Because write tracking is now accurate, no explicit size needs to be
passed to WriteDmUserPayload. It can simply read the current watermark
in BufferSink.
This patch also removes XorSink, since its dependence on BufferSink made
this change more difficult.
Bug: 288273605
Test: snapuserd_test
Change-Id: Id9ca5044f9c0386f351b250349793b6b276b01b7
One of the first ERROR messages in logcat of a normal boot of Cuttlefish
is from failure to open SEPolicy.zip. This condition is expected.
Therefore don't try to load SEPolicy.zip when it doesn't exist. This
replaces the following log messages:
0 0 I init : Error: Apex SEPolicy failed signature check
0 0 I init : Loading APEX Sepolicy from /system/etc/selinux/apex/SEPolicy.zip
0 0 E init : Failed to open package /system/etc/selinux/apex/SEPolicy.zip: No such file or directory
... with just:
0 0 I init : No APEX Sepolicy found
Change-Id: If3a77407c35130165df5782b9ef91912e8374dbf
* changes:
snapuserd: Move Process ops out of Worker.
snapuserd: Move more fields out of Worker.
snapuserd: Split more methods out of Worker.
snapuserd: Create a ReadWorker class.
snapuserd: Create a MergeWorker class.
After MapDmUserCow, there is no further calls in this function. Snapshot
is mapped; Hence, checking remaining time is not required as
it may return false if the time was exceeded. This would mean function returning false even though snapshots were successfully mapped.
Bug: 291288998
Test: OTA
Change-Id: I4fd8fa6ef90a48885392297f217361507268ba51
Signed-off-by: Akilesh Kailash <akailash@google.com>
fs_mgr_defaults gets used in lots of places, propagate
local_include_dirs to where it's needed so it doesn't cause problems on
modules that don't have an "includes" directory.
Bug: 291083311
Test: builds
Change-Id: Ief2f6362f584b99d3e2dc7dc1b46450609ad189d
lpdumpd runs as "system", not "root". Adjust the DAC permissions of
/metadata/ota so it can call SnapshotManager::Dump.
Bug: 291083311
Test: lpdump
Change-Id: I97fd7eb2055cf6d31fd42f1021e2f99edbdb838a
One of the paint points for fs_mgr_overlayfs is that mounting and
scratch management code are somewhat unrelated but very intertwined in
the same file.
Split it into two files: fs_mgr_overlayfs_mount, which is only for
mount-related code, and fs_mgr_overlayfs_control, which is only for
setup/teardown code.
The code removed from fs_mgr_overlayfs_control.cpp is code that moved
to fs_mgr_overlayfs_mount.cpp.
This converts a bunch of functions to "static", and splits
fs_mgr_priv_overlayfs.h into two new files (fs_mgr_overlayfs_mount.h and
fs_mgr_overlayfs_control.h).
Bug: N/A
Test: remount
Change-Id: I83da43652b4787f344da75a1d30177df1d7f63b2
These are so small they can be inlined into MergeWorker. Sharing these
methods will be difficult after decoupling from dm-user, since
acquisition of buffers will change.
Bug: 288273605
Test: snapuserd_test
Change-Id: I1625d1a6e55bcb2041f73453ca15a01f98263e8a
These fields are specific to either ReadWorker or MergeWorker, but not
both.
Bug: 288273605
Test: snapuserd_test
Change-Id: I2db9cfa2a8f034249879517bd90a40babe97bc64
