For encoding errors, this function will return a negative value which
causes problems down the line. Check for an error and return. Also,
integer overflows are guarded.
Bug: 161894517
Test: fuzzer test case
Change-Id: Ia85067d4258bde4b875c832d6223db5dd26b8838
Merged-In: Ia85067d4258bde4b875c832d6223db5dd26b8838
Instead of aborting when FileMap::create detects an overflow, detect the
overflow directly and fail the call.
Bug: 156997193
Test: Ran unit tests, including new unit test that aborted before.
Change-Id: Ie49975b8949fd12bbde14346ec9bbb774ef88a51
Merged-In: Ie49975b8949fd12bbde14346ec9bbb774ef88a51
(cherry picked from commit 68604b9c29)
In violation to the documentation of GateKeeper::GetAuthTokenKey and
GateKeeper::GetPasswordKey, the implementations in SoftGateKeeper
allocate and return buffers and relinquish ownership causing a memory
leak, because the caller expects the implementation to retain ownership.
Bug: 129768470
Bug: 134557251
Test: gatekeeper-unit-tests
Change-Id: I0af9539d3dcd47dfd1e7d80cdee700ea0c2d6d0f
Merged-In: I0af9539d3dcd47dfd1e7d80cdee700ea0c2d6d0f
We used to start update_verifier after mounting userdata (post-fs-data),
as part of zygote-start. This leads to issues in practice for security
updates, where an A/B device falls back into the old slot (for any
reason, which unrelates to this change) but failing to boot due to
upgraded key blob. It essentially breaks the fallback capability offered
by A/B OTA.
This CL mitigates the issue by starting update_verifier early, before
mounting userdata. This avoids the device from falling back to the old
slot with an already-upgraded key blob. update_verifier loses the
opportunity of verifying _all_ the updated blocks based on the info
that's stored in userdata. Instead it will only trigger the minimal
read to finish the work of marking a successful boot. This is a
trade-off in P to avoid putting the device in a bad state after
fallback, which will be improved in Q by better handling the fallback
path in vold.
Bug: 131176531
Test: Flash and boot crosshatch. Check the start of update_verifier and
it marks a successful boot.
Change-Id: I3f4c4333ff38772a9a93c9d027d497db11de1d63
This should help speed up reclaim memory.
Bug: 118468011
Bug: 121439388
Test: run mem-pressure with lmkd
Change-Id: Iae7aa35483eb0e8bbeccaa425559c6021c845ee1
Merged-In: Iae7aa35483eb0e8bbeccaa425559c6021c845ee1
NIAP certification requires that all cryptographic functions
undergo a self-test during startup to demonstrate correct
operation. This change adds such a check.
If the check fails, it will prevent the device from booting
by rebooting into the bootloader.
Bug: 119826244
Test: Built for walleye. After device booted examined dmesg and
observed logs from init showing that the new task did
start. Further, when BoringSSL is built to fail its self
check the device did stop during a normal boot and enter
the bootloader, and did so before the boot animation stopped.
Change-Id: I4df375cfcdbadcae7f67b01441fef6e729312807
Merged-In: I07a5dc73a314502c87de566bb26f4d73499d2675
am: c9455b4740 -s ours
am skip reason: change_id I0eafff70d3a7e4d732fe600a0052efb90108208d with SHA1 02debfa2df is in history
Change-Id: I685d84c532ebd165914abb016e8c9d1601208680
am: 479b8544c6 -s ours
am skip reason: change_id I0eafff70d3a7e4d732fe600a0052efb90108208d with SHA1 02debfa2df is in history
Change-Id: If4f1b92e9ed89bfd50fc0621ded802255165b2de
am: c1cea05b5f -s ours
am skip reason: change_id I0eafff70d3a7e4d732fe600a0052efb90108208d with SHA1 02debfa2df is in history
Change-Id: I64ce50c8c687a849a2e2acdcacda42c98d3a4115
So we can deserialize it consisently and safely.
Bug: 120084106
Test: builds
Change-Id: I0eafff70d3a7e4d732fe600a0052efb90108208d
Merged-In: I0eafff70d3a7e4d732fe600a0052efb90108208d
Kill a single process at a time and try to wait up to 100ms for
that process to reclaim memory before triggering another kill.
Test: boots, works
bug: 116877958
Change-Id: I6775d0534b3e3728c04389d3eae1a00e3cbf9f27
1) increase thermal shutdown timeout to 3s for process to save work
2) respect property "ro.build.shutdown_timeout" in thermal shutdown if
it is set less than default time - "3s"
Bug: 112432890
Test: Build
Change-Id: Idc2b24dd44c1fab8f9b047fd2468de2ee45ff783
Merged-In: Idc2b24dd44c1fab8f9b047fd2468de2ee45ff783
(cherry picked from commit b5de088262)
Work around for the following crash:
02-08 05:34:20.968 root 990 990 F DEBUG : #00 pc 000000000001447c /system/lib64/libhwbinder.so (android::hardware::IPCThreadState::joinThreadPool(bool)+28)
02-08 05:34:20.968 root 990 990 F DEBUG : #01 pc 000000000001c174 /system/lib64/libhwbinder.so (android::hardware::PoolThread::threadLoop()+24)
02-08 05:34:20.968 root 990 990 F DEBUG : #02 pc 000000000000f934 /system/lib64/libutils.so (android::Thread::_threadLoop(void*)+280)
02-08 05:34:20.968 root 990 990 F DEBUG : #03 pc 00000000000821e0 /system/lib64/libc.so (__pthread_start(void*)+36)
02-08 05:34:20.968 root 990 990 F DEBUG : #04 pc 0000000000023178 /system/lib64/libc.so (__start_thread+68)
Bug: 117470462
Change-Id: I1e8f28a7d0f3041d9be8138a3dc9ed9c74419f91
lmkd keeps a list of pids registered by ActivityManager, however on rare
occasions when framework restarts and lmkd survives that list has to be
purged. Implement a command that can be used to clear the pid list.
Bug: 116801366
Test: locally by killing zygote process
Change-Id: I71d6012f86bb83a73edd5b687e05a0848e0569b1
Signed-off-by: Suren Baghdasaryan <surenb@google.com>
Excessive number of failed kill reports when lmkd can't find an eligible
process to kill or frees not enough memory pollutes logs and bugreports.
Cleanup kill reports to remove duplicate information and rate limit failed
kill attempts at 1 report per sec. The number of suppressed failed kills
will be reported in the next lmkd report.
Bug: 113864581
Test: Verified using lmkd_unit_test
Change-Id: I67fa1fec97613f136c7582115edcbc56b1503c9c
Merged-In: I67fa1fec97613f136c7582115edcbc56b1503c9c
Signed-off-by: Suren Baghdasaryan <surenb@google.com>
This reverts commit 49c27c5cb2.
Remove the Speck encryption support. It was eventually
decided not to allow Speck in Android P, so this code
is no longer needed and wasn't used outside of testing.
Bug: 112009351
Test: Confirmed AES continues to work with FBE.
Change-Id: Ia5458143be5687fff8d541d8fa2c8ee24a369da4
Bug: 111664962
Test: "pixelstats_client -s" uses the right ATOM value
Change-Id: I2944c6d9f79298ce88812fad218552b92afee97a
Signed-off-by: Thierry Strudel <tstrudel@google.com>
Path of product partitoin can be set as /product or /system/product
whether generate extra product partition or not.
Substitute %PRODUCT% to relevant path to know linker which path should
search and permit.
Bug: 110286945
Test: m -j # Check /system/etc/ld.config.$(PLATFORM_VNDK_VERSION).txt
Change-Id: I6ca177d0c9c5af00ad821879fece40848331fc8d
Merged-In: I6ca177d0c9c5af00ad821879fece40848331fc8d
(cherry picked from commit cccad0bf84)
As linker doesn't resolve paths in permitted paths, /system/product
variants should be added to support devices having product partition
under /system.
Bug: 110286945
Test: m -j succeeds on taimen and libraries under /system can dlopen
libraries under /system/product/apps
Change-Id: Icd102d44511702e4ec66c07a367b59c3d9700a44
Merged-In: Icd102d44511702e4ec66c07a367b59c3d9700a44
(cherry picked from commit 3918936b9e)
