diff options
| -rw-r--r-- | fs_mgr/fs_mgr_remount.cpp | 3 | ||||
| -rw-r--r-- | fs_mgr/fs_mgr_roots.cpp | 9 | ||||
| -rw-r--r-- | fs_mgr/libfs_avb/fs_avb.cpp | 6 | ||||
| -rw-r--r-- | healthd/BatteryMonitor.cpp | 41 | ||||
| -rw-r--r-- | init/Android.bp | 9 | ||||
| -rw-r--r-- | init/NOTICE | 26 | ||||
| -rw-r--r-- | init/property_service.cpp | 37 | ||||
| -rw-r--r-- | init/service.cpp | 17 | ||||
| -rw-r--r-- | init/vendor_init.cpp | 37 | ||||
| -rw-r--r-- | init/vendor_init.h | 33 |
10 files changed, 196 insertions, 22 deletions
diff --git a/fs_mgr/fs_mgr_remount.cpp b/fs_mgr/fs_mgr_remount.cpp index e685070a8..5411acacf 100644 --- a/fs_mgr/fs_mgr_remount.cpp +++ b/fs_mgr/fs_mgr_remount.cpp @@ -420,7 +420,8 @@ static int do_remount(int argc, char* argv[]) { break; } // Find overlayfs mount point? - if ((mount_point == "/") && (rentry.mount_point == "/system")) { + if ((mount_point == "/" && rentry.mount_point == "/system") || + (mount_point == "/system" && rentry.mount_point == "/")) { blk_device = rentry.blk_device; mount_point = "/system"; found = true; diff --git a/fs_mgr/fs_mgr_roots.cpp b/fs_mgr/fs_mgr_roots.cpp index fdaffbeb0..93d3e31e5 100644 --- a/fs_mgr/fs_mgr_roots.cpp +++ b/fs_mgr/fs_mgr_roots.cpp @@ -119,15 +119,6 @@ bool EnsurePathMounted(Fstab* fstab, const std::string& path, const std::string& } int result = fs_mgr_do_mount_one(*rec, mount_point); - if (result == -1 && rec->fs_mgr_flags.formattable) { - PERROR << "Failed to mount " << mount_point << "; formatting"; - bool crypt_footer = rec->is_encryptable() && rec->key_loc == "footer"; - if (fs_mgr_do_format(*rec, crypt_footer) != 0) { - PERROR << "Failed to format " << mount_point; - return false; - } - result = fs_mgr_do_mount_one(*rec, mount_point); - } if (result == -1) { PERROR << "Failed to mount " << mount_point; diff --git a/fs_mgr/libfs_avb/fs_avb.cpp b/fs_mgr/libfs_avb/fs_avb.cpp index 1da71176c..89d73b12f 100644 --- a/fs_mgr/libfs_avb/fs_avb.cpp +++ b/fs_mgr/libfs_avb/fs_avb.cpp @@ -241,7 +241,8 @@ AvbUniquePtr AvbHandle::LoadAndVerifyVbmeta( bool verification_disabled = ((AvbVBMetaImageFlags)vbmeta_header->flags & AVB_VBMETA_IMAGE_FLAGS_VERIFICATION_DISABLED); bool hashtree_disabled = - ((AvbVBMetaImageFlags)vbmeta_header->flags & AVB_VBMETA_IMAGE_FLAGS_HASHTREE_DISABLED); + ((AvbVBMetaImageFlags)vbmeta_header->flags & AVB_VBMETA_IMAGE_FLAGS_HASHTREE_DISABLED) || + allow_verification_error; if (verification_disabled) { avb_handle->status_ = AvbHandleStatus::kVerificationDisabled; } else if (hashtree_disabled) { @@ -457,7 +458,8 @@ AvbUniquePtr AvbHandle::Open() { // - vbmeta struct in all partitions are still processed, just disable // dm-verity in the user space. bool hashtree_disabled = - ((AvbVBMetaImageFlags)vbmeta_header.flags & AVB_VBMETA_IMAGE_FLAGS_HASHTREE_DISABLED); + ((AvbVBMetaImageFlags)vbmeta_header.flags & AVB_VBMETA_IMAGE_FLAGS_HASHTREE_DISABLED) || + allow_verification_error; if (verification_disabled) { avb_handle->status_ = AvbHandleStatus::kVerificationDisabled; diff --git a/healthd/BatteryMonitor.cpp b/healthd/BatteryMonitor.cpp index 377acb75e..9c5ae688a 100644 --- a/healthd/BatteryMonitor.cpp +++ b/healthd/BatteryMonitor.cpp @@ -190,12 +190,15 @@ BatteryMonitor::PowerSupplyType BatteryMonitor::readPowerSupplyType(const String {"USB", ANDROID_POWER_SUPPLY_TYPE_USB}, {"USB_DCP", ANDROID_POWER_SUPPLY_TYPE_AC}, {"USB_HVDCP", ANDROID_POWER_SUPPLY_TYPE_AC}, + {"USB_HVDCP_3", ANDROID_POWER_SUPPLY_TYPE_AC}, + {"USB_HVDCP_3P5", ANDROID_POWER_SUPPLY_TYPE_AC}, {"USB_CDP", ANDROID_POWER_SUPPLY_TYPE_AC}, {"USB_ACA", ANDROID_POWER_SUPPLY_TYPE_AC}, {"USB_C", ANDROID_POWER_SUPPLY_TYPE_AC}, {"USB_PD", ANDROID_POWER_SUPPLY_TYPE_AC}, {"USB_PD_DRP", ANDROID_POWER_SUPPLY_TYPE_USB}, {"Wireless", ANDROID_POWER_SUPPLY_TYPE_WIRELESS}, + {"DASH", ANDROID_POWER_SUPPLY_TYPE_AC}, {NULL, 0}, }; std::string buf; @@ -204,10 +207,8 @@ BatteryMonitor::PowerSupplyType BatteryMonitor::readPowerSupplyType(const String return ANDROID_POWER_SUPPLY_TYPE_UNKNOWN; auto ret = mapSysfsString(buf.c_str(), supplyTypeMap); - if (!ret) { - KLOG_WARNING(LOG_TAG, "Unknown power supply type '%s'\n", buf.c_str()); + if (!ret) *ret = ANDROID_POWER_SUPPLY_TYPE_UNKNOWN; - } return static_cast<BatteryMonitor::PowerSupplyType>(*ret); } @@ -301,6 +302,40 @@ void BatteryMonitor::updateValues(void) { double MaxPower = 0; + // Rescan for the available charger types + std::unique_ptr<DIR, decltype(&closedir)> dir(opendir(POWER_SUPPLY_SYSFS_PATH), closedir); + if (dir == NULL) { + KLOG_ERROR(LOG_TAG, "Could not open %s\n", POWER_SUPPLY_SYSFS_PATH); + } else { + struct dirent* entry; + String8 path; + + mChargerNames.clear(); + + while ((entry = readdir(dir.get()))) { + const char* name = entry->d_name; + + if (!strcmp(name, ".") || !strcmp(name, "..")) + continue; + + // Look for "type" file in each subdirectory + path.clear(); + path.appendFormat("%s/%s/type", POWER_SUPPLY_SYSFS_PATH, name); + switch(BatteryMonitor::readPowerSupplyType(path)) { + case ANDROID_POWER_SUPPLY_TYPE_AC: + case ANDROID_POWER_SUPPLY_TYPE_USB: + case ANDROID_POWER_SUPPLY_TYPE_WIRELESS: + path.clear(); + path.appendFormat("%s/%s/online", POWER_SUPPLY_SYSFS_PATH, name); + if (access(path.string(), R_OK) == 0) + mChargerNames.add(String8(name)); + break; + default: + break; + } + } + } + for (size_t i = 0; i < mChargerNames.size(); i++) { String8 path; path.appendFormat("%s/%s/online", POWER_SUPPLY_SYSFS_PATH, diff --git a/init/Android.bp b/init/Android.bp index a57f3a407..00ac6a752 100644 --- a/init/Android.bp +++ b/init/Android.bp @@ -89,6 +89,14 @@ init_host_sources = [ "host_init_verifier.cpp", ] +cc_library_static { + name: "vendor_init", + recovery_available: true, + srcs: [ + "vendor_init.cpp", + ], +} + soong_config_module_type { name: "libinit_cc_defaults", module_type: "cc_defaults", @@ -203,6 +211,7 @@ cc_library_static { defaults: [ "init_defaults", "selinux_policy_version", + "vendor_init_defaults", ], srcs: init_common_sources + init_device_sources, generated_sources: [ diff --git a/init/NOTICE b/init/NOTICE index c5b1efa7a..383d0f541 100644 --- a/init/NOTICE +++ b/init/NOTICE @@ -188,3 +188,29 @@ END OF TERMS AND CONDITIONS +Copyright (c) 2013, The Linux Foundation. All rights reserved. + +Redistribution and use in source and binary forms, with or without +modification, are permitted provided that the following conditions are +met: + * Redistributions of source code must retain the above copyright + notice, this list of conditions and the following disclaimer. + * Redistributions in binary form must reproduce the above + copyright notice, this list of conditions and the following + disclaimer in the documentation and/or other materials provided + with the distribution. + * Neither the name of The Linux Foundation nor the names of its + contributors may be used to endorse or promote products derived + from this software without specific prior written permission. + +THIS SOFTWARE IS PROVIDED "AS IS" AND ANY EXPRESS OR IMPLIED +WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF +MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NON-INFRINGEMENT +ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS +BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR +CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF +SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR +BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, +WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE +OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN +IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. diff --git a/init/property_service.cpp b/init/property_service.cpp index 600f27919..0765b3bc9 100644 --- a/init/property_service.cpp +++ b/init/property_service.cpp @@ -73,6 +73,7 @@ #include "subcontext.h" #include "system/core/init/property_service.pb.h" #include "util.h" +#include "vendor_init.h" using namespace std::literals; @@ -1200,6 +1201,9 @@ void PropertyLoadBootDefaults() { } } + // Update with vendor-specific property runtime overrides + vendor_load_properties(); + property_initialize_ro_product_props(); property_initialize_build_id(); property_derive_build_props(); @@ -1332,6 +1336,7 @@ static void ProcessKernelDt() { } constexpr auto ANDROIDBOOT_PREFIX = "androidboot."sv; +constexpr auto ANDROIDBOOT_MODE = "androidboot.mode"sv; static void ProcessKernelCmdline() { ImportKernelCmdline([&](const std::string& key, const std::string& value) { @@ -1350,6 +1355,35 @@ static void ProcessBootconfig() { }); } +static void SetSafetyNetProps() { + // Check whether this is a normal boot, and whether the bootloader is actually locked + auto isNormalBoot = true; // no prop = normal boot + // This runs before keys are set as props, so we need to process them ourselves. + ImportKernelCmdline([&](const std::string& key, const std::string& value) { + if (key == ANDROIDBOOT_MODE && value != "normal") { + isNormalBoot = false; + } + }); + ImportBootconfig([&](const std::string& key, const std::string& value) { + if (key == ANDROIDBOOT_MODE && value != "normal") { + isNormalBoot = false; + } + }); + + // Bail out if this is recovery, fastbootd, or anything other than a normal boot. + // fastbootd, in particular, needs the real values so it can allow flashing on + // unlocked bootloaders. + if (!isNormalBoot) { + return; + } + + // Spoof properties + InitPropertySet("ro.boot.flash.locked", "1"); + InitPropertySet("ro.boot.verifiedbootstate", "green"); + InitPropertySet("ro.boot.veritymode", "enforcing"); + InitPropertySet("ro.boot.vbmeta.device_state", "locked"); +} + void PropertyInit() { selinux_callback cb; cb.func_audit = PropertyAuditCallback; @@ -1364,6 +1398,9 @@ void PropertyInit() { LOG(FATAL) << "Failed to load serialized property info file"; } + // Report valid verified boot chain to help pass Google SafetyNet integrity checks + SetSafetyNetProps(); + // If arguments are passed both on the command line and in DT, // properties set in DT always have priority over the command-line ones. ProcessKernelDt(); diff --git a/init/service.cpp b/init/service.cpp index c3069f5b2..dcb3d0c3c 100644 --- a/init/service.cpp +++ b/init/service.cpp @@ -88,13 +88,16 @@ static Result<std::string> ComputeContextFromExecutable(const std::string& servi free(new_con); } if (rc == 0 && computed_context == mycon.get()) { - return Error() << "File " << service_path << "(labeled \"" << filecon.get() - << "\") has incorrect label or no domain transition from " << mycon.get() - << " to another SELinux domain defined. Have you configured your " - "service correctly? https://source.android.com/security/selinux/" - "device-policy#label_new_services_and_address_denials. Note: this " - "error shows up even in permissive mode in order to make auditing " - "denials possible."; + std::string error = StringPrintf( + "File %s (labeled \"%s\") has incorrect label or no domain transition from %s to " + "another SELinux domain defined. Have you configured your " + "service correctly? https://source.android.com/security/selinux/" + "device-policy#label_new_services_and_address_denials", + service_path.c_str(), filecon.get(), mycon.get()); + if (security_getenforce() != 0) { + return Error() << error; + } + LOG(ERROR) << error; } if (rc < 0) { return Error() << "Could not get process context"; diff --git a/init/vendor_init.cpp b/init/vendor_init.cpp new file mode 100644 index 000000000..d3fd5ffe2 --- /dev/null +++ b/init/vendor_init.cpp @@ -0,0 +1,37 @@ +/* +Copyright (c) 2013, The Linux Foundation. All rights reserved. + +Redistribution and use in source and binary forms, with or without +modification, are permitted provided that the following conditions are +met: + * Redistributions of source code must retain the above copyright + notice, this list of conditions and the following disclaimer. + * Redistributions in binary form must reproduce the above + copyright notice, this list of conditions and the following + disclaimer in the documentation and/or other materials provided + with the distribution. + * Neither the name of The Linux Foundation nor the names of its + contributors may be used to endorse or promote products derived + from this software without specific prior written permission. + +THIS SOFTWARE IS PROVIDED "AS IS" AND ANY EXPRESS OR IMPLIED +WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF +MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NON-INFRINGEMENT +ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS +BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR +CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF +SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR +BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, +WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE +OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN +IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. + */ + +#include "vendor_init.h" + +/* init vendor override stubs */ + +__attribute__ ((weak)) +void vendor_load_properties() +{ +} diff --git a/init/vendor_init.h b/init/vendor_init.h new file mode 100644 index 000000000..9afb449be --- /dev/null +++ b/init/vendor_init.h @@ -0,0 +1,33 @@ +/* +Copyright (c) 2013, The Linux Foundation. All rights reserved. + +Redistribution and use in source and binary forms, with or without +modification, are permitted provided that the following conditions are +met: + * Redistributions of source code must retain the above copyright + notice, this list of conditions and the following disclaimer. + * Redistributions in binary form must reproduce the above + copyright notice, this list of conditions and the following + disclaimer in the documentation and/or other materials provided + with the distribution. + * Neither the name of The Linux Foundation nor the names of its + contributors may be used to endorse or promote products derived + from this software without specific prior written permission. + +THIS SOFTWARE IS PROVIDED "AS IS" AND ANY EXPRESS OR IMPLIED +WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF +MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NON-INFRINGEMENT +ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS +BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR +CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF +SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR +BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, +WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE +OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN +IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. + */ + +#ifndef __INIT_VENDOR__H__ +#define __INIT_VENDOR__H__ +extern void vendor_load_properties(void); +#endif /* __INIT_VENDOR__H__ */ |