Merge "LruCache: avoid copying keys in lookup"
diff --git a/adb/daemon/main.cpp b/adb/daemon/main.cpp
index b0a0162..b54243e 100644
--- a/adb/daemon/main.cpp
+++ b/adb/daemon/main.cpp
@@ -28,8 +28,10 @@
#include <memory>
#include <android-base/logging.h>
+#include <android-base/macros.h>
#include <android-base/stringprintf.h>
#include <libminijail.h>
+#include <scoped_minijail.h>
#include "cutils/properties.h"
#include "debuggerd/client.h"
@@ -99,8 +101,7 @@
}
static void drop_privileges(int server_port) {
- std::unique_ptr<minijail, void (*)(minijail*)> jail(minijail_new(),
- &minijail_destroy);
+ ScopedMinijail jail(minijail_new());
// Add extra groups:
// AID_ADB to access the USB driver
@@ -116,9 +117,7 @@
AID_INET, AID_NET_BT, AID_NET_BT_ADMIN,
AID_SDCARD_R, AID_SDCARD_RW, AID_NET_BW_STATS,
AID_READPROC};
- minijail_set_supplementary_gids(jail.get(),
- sizeof(groups) / sizeof(groups[0]),
- groups);
+ minijail_set_supplementary_gids(jail.get(), arraysize(groups), groups);
// Don't listen on a port (default 5037) if running in secure mode.
// Don't run as root if running in secure mode.
diff --git a/debuggerd/Android.mk b/debuggerd/Android.mk
index 19c7298..fdedb76 100644
--- a/debuggerd/Android.mk
+++ b/debuggerd/Android.mk
@@ -130,6 +130,9 @@
-Wno-missing-field-initializers \
-fno-rtti \
+# Bug: http://b/29823425 Disable -Wvarargs for Clang update to r271374
+debuggerd_cpp_flags += -Wno-varargs
+
# Only build the host tests on linux.
ifeq ($(HOST_OS),linux)
diff --git a/include/cutils/klog.h b/include/cutils/klog.h
index 2078fa2..c837edb 100644
--- a/include/cutils/klog.h
+++ b/include/cutils/klog.h
@@ -23,7 +23,6 @@
__BEGIN_DECLS
-void klog_init(void);
int klog_get_level(void);
void klog_set_level(int level);
diff --git a/include/private/android_filesystem_config.h b/include/private/android_filesystem_config.h
index 5ccd80e..bc1c0ca 100644
--- a/include/private/android_filesystem_config.h
+++ b/include/private/android_filesystem_config.h
@@ -94,6 +94,7 @@
#define AID_NVRAM 1050 /* Access-controlled NVRAM */
#define AID_DNS 1051 /* DNS resolution daemon (system: netd) */
#define AID_DNS_TETHER 1052 /* DNS resolution daemon (tether: dnsmasq) */
+#define AID_WEBVIEW_ZYGOTE 1053 /* WebView zygote process */
/* Changes to this file must be made in AOSP, *not* in internal branches. */
#define AID_SHELL 2000 /* adb and debug shell user */
@@ -207,6 +208,7 @@
{ "nvram", AID_NVRAM, },
{ "dns", AID_DNS, },
{ "dns_tether", AID_DNS_TETHER, },
+ { "webview_zygote", AID_WEBVIEW_ZYGOTE, },
{ "shell", AID_SHELL, },
{ "cache", AID_CACHE, },
diff --git a/init/init.cpp b/init/init.cpp
index fe2aee4..fc3e80f 100644
--- a/init/init.cpp
+++ b/init/init.cpp
@@ -444,6 +444,22 @@
}
}
+// Set the UDC controller for the ConfigFS USB Gadgets.
+// Read the UDC controller in use from "/sys/class/udc".
+// In case of multiple UDC controllers select the first one.
+static void set_usb_controller() {
+ std::unique_ptr<DIR, decltype(&closedir)>dir(opendir("/sys/class/udc"), closedir);
+ if (!dir) return;
+
+ dirent* dp;
+ while ((dp = readdir(dir.get())) != nullptr) {
+ if (dp->d_name[0] == '.') continue;
+
+ property_set("sys.usb.controller", dp->d_name);
+ break;
+ }
+}
+
int main(int argc, char** argv) {
if (!strcmp(basename(argv[0]), "ueventd")) {
return ueventd_main(argc, argv);
@@ -536,6 +552,7 @@
property_load_boot_defaults();
export_oem_lock_status();
start_property_service();
+ set_usb_controller();
const BuiltinFunctionMap function_map;
Action::set_function_map(&function_map);
diff --git a/libcutils/iosched_policy.c b/libcutils/iosched_policy.c
index 71bc94b..13c2ceb 100644
--- a/libcutils/iosched_policy.c
+++ b/libcutils/iosched_policy.c
@@ -24,7 +24,8 @@
#include <cutils/iosched_policy.h>
#if defined(__ANDROID__)
-#include <linux/ioprio.h>
+#define IOPRIO_WHO_PROCESS (1)
+#define IOPRIO_CLASS_SHIFT (13)
#include <sys/syscall.h>
#define __android_unused
#else
diff --git a/libcutils/klog.cpp b/libcutils/klog.cpp
index 11ebf88..abf643f 100644
--- a/libcutils/klog.cpp
+++ b/libcutils/klog.cpp
@@ -36,9 +36,6 @@
klog_level = level;
}
-void klog_init(void) {
-}
-
static int __open_klog(void) {
int fd = open("/dev/kmsg", O_WRONLY | O_CLOEXEC);
if (fd == -1) {
diff --git a/liblog/pmsg_reader.c b/liblog/pmsg_reader.c
index 2e4fc5d..a4eec65 100644
--- a/liblog/pmsg_reader.c
+++ b/liblog/pmsg_reader.c
@@ -144,6 +144,7 @@
struct __attribute__((__packed__)) {
android_pmsg_log_header_t p;
android_log_header_t l;
+ uint8_t prio;
} buf;
static uint8_t preread_count;
bool is_system;
@@ -180,11 +181,16 @@
if (preread_count != sizeof(buf)) {
return preread_count ? -EIO : -EAGAIN;
}
- if ((buf.p.magic != LOGGER_MAGIC)
- || (buf.p.len <= sizeof(buf))
- || (buf.p.len > (sizeof(buf) + LOGGER_ENTRY_MAX_PAYLOAD))
- || (buf.l.id >= LOG_ID_MAX)
- || (buf.l.realtime.tv_nsec >= NS_PER_SEC)) {
+ if ((buf.p.magic != LOGGER_MAGIC) ||
+ (buf.p.len <= sizeof(buf)) ||
+ (buf.p.len > (sizeof(buf) + LOGGER_ENTRY_MAX_PAYLOAD)) ||
+ (buf.l.id >= LOG_ID_MAX) ||
+ (buf.l.realtime.tv_nsec >= NS_PER_SEC) ||
+ ((buf.l.id != LOG_ID_EVENTS) &&
+ (buf.l.id != LOG_ID_SECURITY) &&
+ ((buf.prio == ANDROID_LOG_UNKNOWN) ||
+ (buf.prio == ANDROID_LOG_DEFAULT) ||
+ (buf.prio >= ANDROID_LOG_SILENT)))) {
do {
memmove(&buf.p.magic, &buf.p.magic + 1, --preread_count);
} while (preread_count && (buf.p.magic != LOGGER_MAGIC));
@@ -202,10 +208,12 @@
uid = get_best_effective_uid();
is_system = uid_has_log_permission(uid);
if (is_system || (uid == buf.p.uid)) {
+ char *msg = is_system ?
+ log_msg->entry_v4.msg :
+ log_msg->entry_v3.msg;
+ *msg = buf.prio;
ret = TEMP_FAILURE_RETRY(read(transp->context.fd,
- is_system ?
- log_msg->entry_v4.msg :
- log_msg->entry_v3.msg,
+ msg + sizeof(buf.prio),
buf.p.len - sizeof(buf)));
if (ret < 0) {
return -errno;
@@ -214,7 +222,7 @@
return -EIO;
}
- log_msg->entry_v4.len = buf.p.len - sizeof(buf);
+ log_msg->entry_v4.len = buf.p.len - sizeof(buf) + sizeof(buf.prio);
log_msg->entry_v4.hdr_size = is_system ?
sizeof(log_msg->entry_v4) :
sizeof(log_msg->entry_v3);
@@ -227,7 +235,7 @@
log_msg->entry_v4.uid = buf.p.uid;
}
- return ret + log_msg->entry_v4.hdr_size;
+ return ret + sizeof(buf.prio) + log_msg->entry_v4.hdr_size;
}
}
diff --git a/libpackagelistparser/Android.bp b/libpackagelistparser/Android.bp
new file mode 100644
index 0000000..70ff528
--- /dev/null
+++ b/libpackagelistparser/Android.bp
@@ -0,0 +1,13 @@
+cc_library {
+
+ name: "libpackagelistparser",
+ srcs: ["packagelistparser.c"],
+ shared_libs: ["liblog"],
+ local_include_dirs: ["include"],
+ export_include_dirs: ["include"],
+
+ clang: true,
+ sanitize: {
+ misc_undefined: ["integer"],
+ },
+}
diff --git a/libpackagelistparser/Android.mk b/libpackagelistparser/Android.mk
deleted file mode 100644
index c8be050..0000000
--- a/libpackagelistparser/Android.mk
+++ /dev/null
@@ -1,32 +0,0 @@
-LOCAL_PATH:= $(call my-dir)
-
-#########################
-include $(CLEAR_VARS)
-
-LOCAL_MODULE := libpackagelistparser
-LOCAL_MODULE_TAGS := optional
-LOCAL_SRC_FILES := packagelistparser.c
-LOCAL_SHARED_LIBRARIES := liblog
-LOCAL_C_INCLUDES := $(LOCAL_PATH)/include
-LOCAL_EXPORT_C_INCLUDE_DIRS := $(LOCAL_PATH)/include
-
-LOCAL_CLANG := true
-LOCAL_SANITIZE := integer
-
-include $(BUILD_SHARED_LIBRARY)
-
-#########################
-include $(CLEAR_VARS)
-
-
-LOCAL_MODULE := libpackagelistparser
-LOCAL_MODULE_TAGS := optional
-LOCAL_SRC_FILES := packagelistparser.c
-LOCAL_STATIC_LIBRARIES := liblog
-LOCAL_C_INCLUDES := $(LOCAL_PATH)/include
-LOCAL_EXPORT_C_INCLUDE_DIRS := $(LOCAL_PATH)/include
-
-LOCAL_CLANG := true
-LOCAL_SANITIZE := integer
-
-include $(BUILD_STATIC_LIBRARY)
diff --git a/logd/Android.mk b/logd/Android.mk
index 203943c..3348890 100644
--- a/logd/Android.mk
+++ b/logd/Android.mk
@@ -28,7 +28,8 @@
liblog \
libcutils \
libbase \
- libpackagelistparser
+ libpackagelistparser \
+ libminijail
# This is what we want to do:
# event_logtags = $(shell \
@@ -38,7 +39,7 @@
# event_flag := $(call event_logtags,auditd)
# event_flag += $(call event_logtags,logd)
# so make sure we do not regret hard-coding it as follows:
-event_flag := -DAUDITD_LOG_TAG=1003 -DLOGD_LOG_TAG=1004
+event_flag := -DAUDITD_LOG_TAG=1003 -DCHATTY_LOG_TAG=1004
LOCAL_CFLAGS := -Werror $(event_flag)
diff --git a/logd/LogBuffer.cpp b/logd/LogBuffer.cpp
index db65978..fa95733 100644
--- a/logd/LogBuffer.cpp
+++ b/logd/LogBuffer.cpp
@@ -313,16 +313,16 @@
LogBufferElement *element = *it;
log_id_t id = element->getLogId();
- { // start of scope for uid found iterator
- LogBufferIteratorMap::iterator found =
- mLastWorstUid[id].find(element->getUid());
- if ((found != mLastWorstUid[id].end())
- && (it == found->second)) {
- mLastWorstUid[id].erase(found);
+ { // start of scope for found iterator
+ int key = ((id == LOG_ID_EVENTS) || (id == LOG_ID_SECURITY)) ?
+ element->getTag() : element->getUid();
+ LogBufferIteratorMap::iterator found = mLastWorst[id].find(key);
+ if ((found != mLastWorst[id].end()) && (it == found->second)) {
+ mLastWorst[id].erase(found);
}
}
- if (element->getUid() == AID_SYSTEM) {
+ if ((id != LOG_ID_EVENTS) && (id != LOG_ID_SECURITY) && (element->getUid() == AID_SYSTEM)) {
// start of scope for pid found iterator
LogBufferPidIteratorMap::iterator found =
mLastWorstPidOfSystem[id].find(element->getPid());
@@ -544,48 +544,31 @@
bool hasBlacklist = (id != LOG_ID_SECURITY) && mPrune.naughty();
while (!clearAll && (pruneRows > 0)) {
// recalculate the worst offender on every batched pass
- uid_t worst = (uid_t) -1;
+ int worst = -1; // not valid for getUid() or getKey()
size_t worst_sizes = 0;
size_t second_worst_sizes = 0;
pid_t worstPid = 0; // POSIX guarantees PID != 0
if (worstUidEnabledForLogid(id) && mPrune.worstUidEnabled()) {
- { // begin scope for UID sorted list
- std::unique_ptr<const UidEntry *[]> sorted = stats.sort(
- AID_ROOT, (pid_t)0, 2, id);
+ // Calculate threshold as 12.5% of available storage
+ size_t threshold = log_buffer_size(id) / 8;
- if (sorted.get() && sorted[0] && sorted[1]) {
- worst_sizes = sorted[0]->getSizes();
- // Calculate threshold as 12.5% of available storage
- size_t threshold = log_buffer_size(id) / 8;
- if ((worst_sizes > threshold)
- // Allow time horizon to extend roughly tenfold, assume
- // average entry length is 100 characters.
- && (worst_sizes > (10 * sorted[0]->getDropped()))) {
- worst = sorted[0]->getKey();
- second_worst_sizes = sorted[1]->getSizes();
- if (second_worst_sizes < threshold) {
- second_worst_sizes = threshold;
- }
- }
- }
- }
+ if ((id == LOG_ID_EVENTS) || (id == LOG_ID_SECURITY)) {
+ stats.sortTags(AID_ROOT, (pid_t)0, 2, id).findWorst(
+ worst, worst_sizes, second_worst_sizes, threshold);
+ } else {
+ stats.sort(AID_ROOT, (pid_t)0, 2, id).findWorst(
+ worst, worst_sizes, second_worst_sizes, threshold);
- if ((worst == AID_SYSTEM) && mPrune.worstPidOfSystemEnabled()) {
- // begin scope of PID sorted list
- std::unique_ptr<const PidEntry *[]> sorted = stats.sort(
- worst, (pid_t)0, 2, id, worst);
- if (sorted.get() && sorted[0] && sorted[1]) {
- worstPid = sorted[0]->getKey();
- second_worst_sizes = worst_sizes
- - sorted[0]->getSizes()
- + sorted[1]->getSizes();
+ if ((worst == AID_SYSTEM) && mPrune.worstPidOfSystemEnabled()) {
+ stats.sortPids(worst, (pid_t)0, 2, id).findWorst(
+ worstPid, worst_sizes, second_worst_sizes);
}
}
}
// skip if we have neither worst nor naughty filters
- if ((worst == (uid_t) -1) && !hasBlacklist) {
+ if ((worst == -1) && !hasBlacklist) {
break;
}
@@ -597,10 +580,10 @@
// - coalesce chatty tags
// - check age-out of preserved logs
bool gc = pruneRows <= 1;
- if (!gc && (worst != (uid_t) -1)) {
- { // begin scope for uid worst found iterator
- LogBufferIteratorMap::iterator found = mLastWorstUid[id].find(worst);
- if ((found != mLastWorstUid[id].end())
+ if (!gc && (worst != -1)) {
+ { // begin scope for worst found iterator
+ LogBufferIteratorMap::iterator found = mLastWorst[id].find(worst);
+ if ((found != mLastWorst[id].end())
&& (found->second != mLogElements.end())) {
leading = false;
it = found->second;
@@ -658,6 +641,10 @@
continue;
}
+ int key = ((id == LOG_ID_EVENTS) || (id == LOG_ID_SECURITY)) ?
+ element->getTag() :
+ element->getUid();
+
if (hasBlacklist && mPrune.naughty(element)) {
last.clear(element);
it = erase(it);
@@ -670,7 +657,7 @@
break;
}
- if (element->getUid() == worst) {
+ if (key == worst) {
kick = true;
if (worst_sizes < second_worst_sizes) {
break;
@@ -689,20 +676,19 @@
last.add(element);
if (worstPid
&& ((!gc && (element->getPid() == worstPid))
- || (mLastWorstPidOfSystem[id].find(element->getPid())
+ || (mLastWorstPidOfSystem[id].find(element->getPid())
== mLastWorstPidOfSystem[id].end()))) {
- mLastWorstPidOfSystem[id][element->getUid()] = it;
+ mLastWorstPidOfSystem[id][key] = it;
}
- if ((!gc && !worstPid && (element->getUid() == worst))
- || (mLastWorstUid[id].find(element->getUid())
- == mLastWorstUid[id].end())) {
- mLastWorstUid[id][element->getUid()] = it;
+ if ((!gc && !worstPid && (key == worst))
+ || (mLastWorst[id].find(key) == mLastWorst[id].end())) {
+ mLastWorst[id][key] = it;
}
++it;
continue;
}
- if ((element->getUid() != worst)
+ if ((key != worst)
|| (worstPid && (element->getPid() != worstPid))) {
leading = false;
last.clear(element);
@@ -734,9 +720,9 @@
== mLastWorstPidOfSystem[id].end()))) {
mLastWorstPidOfSystem[id][worstPid] = it;
}
- if ((!gc && !worstPid) || (mLastWorstUid[id].find(worst)
- == mLastWorstUid[id].end())) {
- mLastWorstUid[id][worst] = it;
+ if ((!gc && !worstPid) ||
+ (mLastWorst[id].find(worst) == mLastWorst[id].end())) {
+ mLastWorst[id][worst] = it;
}
++it;
}
diff --git a/logd/LogBuffer.h b/logd/LogBuffer.h
index 7e99236..b390a0c 100644
--- a/logd/LogBuffer.h
+++ b/logd/LogBuffer.h
@@ -89,7 +89,7 @@
typedef std::unordered_map<uid_t,
LogBufferElementCollection::iterator>
LogBufferIteratorMap;
- LogBufferIteratorMap mLastWorstUid[LOG_ID_MAX];
+ LogBufferIteratorMap mLastWorst[LOG_ID_MAX];
// watermark of any worst/chatty pid of system processing
typedef std::unordered_map<pid_t,
LogBufferElementCollection::iterator>
diff --git a/logd/LogBufferElement.cpp b/logd/LogBufferElement.cpp
index eb5194c..3e6e586 100644
--- a/logd/LogBufferElement.cpp
+++ b/logd/LogBufferElement.cpp
@@ -181,7 +181,7 @@
android_log_event_string_t *event =
reinterpret_cast<android_log_event_string_t *>(buffer);
- event->header.tag = htole32(LOGD_LOG_TAG);
+ event->header.tag = htole32(CHATTY_LOG_TAG);
event->type = EVENT_TYPE_STRING;
event->length = htole32(len);
} else {
diff --git a/logd/LogStatistics.cpp b/logd/LogStatistics.cpp
index 02a4a75..86d33b2 100644
--- a/logd/LogStatistics.cpp
+++ b/logd/LogStatistics.cpp
@@ -152,6 +152,15 @@
pidTable.drop(element->getPid(), element);
tidTable.drop(element->getTid(), element);
+
+ uint32_t tag = element->getTag();
+ if (tag) {
+ if (log_id == LOG_ID_SECURITY) {
+ securityTagTable.drop(tag, element);
+ } else {
+ tagTable.drop(tag, element);
+ }
+ }
}
// caller must own and free character string
@@ -284,7 +293,7 @@
if ((spaces <= 0) && pruned.length()) {
spaces = 1;
}
- if (spaces > 0) {
+ if ((spaces > 0) && (pruned.length() != 0)) {
change += android::base::StringPrintf("%*s", (int)spaces, "");
}
pruned = change + pruned;
@@ -438,6 +447,10 @@
getSizes());
std::string pruned = "";
+ size_t dropped = getDropped();
+ if (dropped) {
+ pruned = android::base::StringPrintf("%zu", dropped);
+ }
return formatLine(name, size, pruned);
}
diff --git a/logd/LogStatistics.h b/logd/LogStatistics.h
index b32c27d..71ad73a 100644
--- a/logd/LogStatistics.h
+++ b/logd/LogStatistics.h
@@ -203,7 +203,7 @@
EntryBaseDropped():dropped(0) { }
EntryBaseDropped(LogBufferElement *element):
EntryBase(element),
- dropped(element->getDropped()){
+ dropped(element->getDropped()) {
}
size_t getDropped() const { return dropped; }
@@ -370,13 +370,13 @@
std::string format(const LogStatistics &stat, log_id_t id) const;
};
-struct TagEntry : public EntryBase {
+struct TagEntry : public EntryBaseDropped {
const uint32_t tag;
pid_t pid;
uid_t uid;
TagEntry(LogBufferElement *element):
- EntryBase(element),
+ EntryBaseDropped(element),
tag(element->getTag()),
pid(element->getPid()),
uid(element->getUid()) {
@@ -401,6 +401,43 @@
std::string format(const LogStatistics &stat, log_id_t id) const;
};
+template <typename TEntry>
+class LogFindWorst {
+ std::unique_ptr<const TEntry *[]> sorted;
+
+public:
+
+ LogFindWorst(std::unique_ptr<const TEntry *[]> &&sorted) : sorted(std::move(sorted)) { }
+
+ void findWorst(int &worst,
+ size_t &worst_sizes, size_t &second_worst_sizes,
+ size_t threshold) {
+ if (sorted.get() && sorted[0] && sorted[1]) {
+ worst_sizes = sorted[0]->getSizes();
+ if ((worst_sizes > threshold)
+ // Allow time horizon to extend roughly tenfold, assume
+ // average entry length is 100 characters.
+ && (worst_sizes > (10 * sorted[0]->getDropped()))) {
+ worst = sorted[0]->getKey();
+ second_worst_sizes = sorted[1]->getSizes();
+ if (second_worst_sizes < threshold) {
+ second_worst_sizes = threshold;
+ }
+ }
+ }
+ }
+
+ void findWorst(int &worst,
+ size_t worst_sizes, size_t &second_worst_sizes) {
+ if (sorted.get() && sorted[0] && sorted[1]) {
+ worst = sorted[0]->getKey();
+ second_worst_sizes = worst_sizes
+ - sorted[0]->getSizes()
+ + sorted[1]->getSizes();
+ }
+ }
+};
+
// Log Statistics
class LogStatistics {
friend UidEntry;
@@ -451,13 +488,14 @@
--mDroppedElements[log_id];
}
- std::unique_ptr<const UidEntry *[]> sort(uid_t uid, pid_t pid,
- size_t len, log_id id) {
- return uidTable[id].sort(uid, pid, len);
+ LogFindWorst<UidEntry> sort(uid_t uid, pid_t pid, size_t len, log_id id) {
+ return LogFindWorst<UidEntry>(uidTable[id].sort(uid, pid, len));
}
- std::unique_ptr<const PidEntry *[]> sort(uid_t uid, pid_t pid,
- size_t len, log_id id, uid_t) {
- return pidSystemTable[id].sort(uid, pid, len);
+ LogFindWorst<PidEntry> sortPids(uid_t uid, pid_t pid, size_t len, log_id id) {
+ return LogFindWorst<PidEntry>(pidSystemTable[id].sort(uid, pid, len));
+ }
+ LogFindWorst<TagEntry> sortTags(uid_t uid, pid_t pid, size_t len, log_id) {
+ return LogFindWorst<TagEntry>(tagTable.sort(uid, pid, len));
}
// fast track current value by id only
diff --git a/logd/LogUtils.h b/logd/LogUtils.h
index aa4b6e1..fc66330 100644
--- a/logd/LogUtils.h
+++ b/logd/LogUtils.h
@@ -56,7 +56,8 @@
bool property_get_bool(const char *key, int def);
static inline bool worstUidEnabledForLogid(log_id_t id) {
- return (id == LOG_ID_MAIN) || (id == LOG_ID_SYSTEM) || (id == LOG_ID_RADIO);
+ return (id == LOG_ID_MAIN) || (id == LOG_ID_SYSTEM) ||
+ (id == LOG_ID_RADIO) || (id == LOG_ID_EVENTS);
}
template <int (*cmp)(const char *l, const char *r, const size_t s)>
diff --git a/logd/event.logtags b/logd/event.logtags
index db8c19b..0d24df0 100644
--- a/logd/event.logtags
+++ b/logd/event.logtags
@@ -34,4 +34,4 @@
# TODO: generate ".java" and ".h" files with integer constants from this file.
1003 auditd (avc|3)
-1004 logd (dropped|3)
+1004 chatty (dropped|3)
diff --git a/logd/main.cpp b/logd/main.cpp
index 3095f7f..b69927d 100644
--- a/logd/main.cpp
+++ b/logd/main.cpp
@@ -36,12 +36,15 @@
#include <cstdbool>
#include <memory>
+#include <android-base/macros.h>
#include <cutils/properties.h>
#include <cutils/sched_policy.h>
#include <cutils/sockets.h>
+#include <libminijail.h>
#include <log/event_tag_map.h>
#include <packagelistparser/packagelistparser.h>
#include <private/android_filesystem_config.h>
+#include <scoped_minijail.h>
#include <utils/threads.h>
#include "CommandListener.h"
@@ -58,14 +61,14 @@
'>'
//
-// The service is designed to be run by init, it does not respond well
+// The service is designed to be run by init, it does not respond well
// to starting up manually. When starting up manually the sockets will
// fail to open typically for one of the following reasons:
// EADDRINUSE if logger is running.
// EACCESS if started without precautions (below)
//
// Here is a cookbook procedure for starting up logd manually assuming
-// init is out of the way, pedantically all permissions and selinux
+// init is out of the way, pedantically all permissions and SELinux
// security is put back in place:
//
// setenforce 0
@@ -102,43 +105,13 @@
return -1;
}
- if (prctl(PR_SET_KEEPCAPS, 1) < 0) {
- return -1;
- }
-
gid_t groups[] = { AID_READPROC };
-
- if (setgroups(sizeof(groups) / sizeof(groups[0]), groups) == -1) {
- return -1;
- }
-
- if (setgid(AID_LOGD) != 0) {
- return -1;
- }
-
- if (setuid(AID_LOGD) != 0) {
- return -1;
- }
-
- struct __user_cap_header_struct capheader;
- struct __user_cap_data_struct capdata[2];
- memset(&capheader, 0, sizeof(capheader));
- memset(&capdata, 0, sizeof(capdata));
- capheader.version = _LINUX_CAPABILITY_VERSION_3;
- capheader.pid = 0;
-
- capdata[CAP_TO_INDEX(CAP_SYSLOG)].permitted = CAP_TO_MASK(CAP_SYSLOG);
- capdata[CAP_TO_INDEX(CAP_AUDIT_CONTROL)].permitted |= CAP_TO_MASK(CAP_AUDIT_CONTROL);
-
- capdata[0].effective = capdata[0].permitted;
- capdata[1].effective = capdata[1].permitted;
- capdata[0].inheritable = 0;
- capdata[1].inheritable = 0;
-
- if (capset(&capheader, &capdata[0]) < 0) {
- return -1;
- }
-
+ ScopedMinijail j(minijail_new());
+ minijail_set_supplementary_gids(j.get(), arraysize(groups), groups);
+ minijail_change_uid(j.get(), AID_LOGD);
+ minijail_change_gid(j.get(), AID_LOGD);
+ minijail_use_caps(j.get(), CAP_TO_MASK(CAP_SYSLOG) | CAP_TO_MASK(CAP_AUDIT_CONTROL));
+ minijail_enter(j.get());
return 0;
}
@@ -212,7 +185,7 @@
}
static int fdDmesg = -1;
-void inline android::prdebug(const char *fmt, ...) {
+void android::prdebug(const char *fmt, ...) {
if (fdDmesg < 0) {
return;
}
diff --git a/run-as/Android.mk b/run-as/Android.mk
index 2e305d7..7111fbe 100644
--- a/run-as/Android.mk
+++ b/run-as/Android.mk
@@ -1,8 +1,8 @@
LOCAL_PATH:= $(call my-dir)
include $(CLEAR_VARS)
-LOCAL_CFLAGS := -Werror
+LOCAL_CFLAGS := -Wall -Werror
LOCAL_MODULE := run-as
-LOCAL_SHARED_LIBRARIES := libselinux libpackagelistparser
+LOCAL_SHARED_LIBRARIES := libselinux libpackagelistparser libminijail
LOCAL_SRC_FILES := run-as.cpp
include $(BUILD_EXECUTABLE)
diff --git a/run-as/run-as.cpp b/run-as/run-as.cpp
index 50b47b9..aec51f4 100644
--- a/run-as/run-as.cpp
+++ b/run-as/run-as.cpp
@@ -25,6 +25,9 @@
#include <sys/types.h>
#include <unistd.h>
+#include <libminijail.h>
+#include <scoped_minijail.h>
+
#include <packagelistparser/packagelistparser.h>
#include <private/android_filesystem_config.h>
#include <selinux/android.h>
@@ -136,19 +139,6 @@
error(1, 0, "only 'shell' or 'root' users can run this program");
}
- __user_cap_header_struct capheader;
- __user_cap_data_struct capdata[2];
- memset(&capheader, 0, sizeof(capheader));
- memset(&capdata, 0, sizeof(capdata));
- capheader.version = _LINUX_CAPABILITY_VERSION_3;
- capdata[CAP_TO_INDEX(CAP_SETUID)].effective |= CAP_TO_MASK(CAP_SETUID);
- capdata[CAP_TO_INDEX(CAP_SETGID)].effective |= CAP_TO_MASK(CAP_SETGID);
- capdata[CAP_TO_INDEX(CAP_SETUID)].permitted |= CAP_TO_MASK(CAP_SETUID);
- capdata[CAP_TO_INDEX(CAP_SETGID)].permitted |= CAP_TO_MASK(CAP_SETGID);
- if (capset(&capheader, &capdata[0]) == -1) {
- error(1, errno, "couldn't set capabilities");
- }
-
char* pkgname = argv[1];
int cmd_argv_offset = 2;
@@ -201,18 +191,10 @@
// same time to avoid nasty surprises.
uid_t uid = userAppId;
uid_t gid = userAppId;
- if (setresgid(gid, gid, gid) == -1) {
- error(1, errno, "setresgid failed");
- }
- if (setresuid(uid, uid, uid) == -1) {
- error(1, errno, "setresuid failed");
- }
-
- // Required if caller has uid and gid all non-zero.
- memset(&capdata, 0, sizeof(capdata));
- if (capset(&capheader, &capdata[0]) == -1) {
- error(1, errno, "couldn't clear all capabilities");
- }
+ ScopedMinijail j(minijail_new());
+ minijail_change_uid(j.get(), uid);
+ minijail_change_gid(j.get(), gid);
+ minijail_enter(j.get());
if (selinux_android_setcontext(uid, 0, info.seinfo, pkgname) < 0) {
error(1, errno, "couldn't set SELinux security context");
diff --git a/sdcard/Android.mk b/sdcard/Android.mk
index f87e2d5..992b51c 100644
--- a/sdcard/Android.mk
+++ b/sdcard/Android.mk
@@ -5,7 +5,7 @@
LOCAL_SRC_FILES := sdcard.cpp fuse.cpp
LOCAL_MODULE := sdcard
LOCAL_CFLAGS := -Wall -Wno-unused-parameter -Werror
-LOCAL_SHARED_LIBRARIES := libbase liblog libcutils libpackagelistparser
+LOCAL_SHARED_LIBRARIES := libbase liblog libcutils libminijail libpackagelistparser
LOCAL_SANITIZE := integer
LOCAL_CLANG := true
diff --git a/sdcard/fuse.cpp b/sdcard/fuse.cpp
index 1b6a5f1..9b1b190 100644
--- a/sdcard/fuse.cpp
+++ b/sdcard/fuse.cpp
@@ -275,8 +275,9 @@
case PERM_ANDROID_DATA:
case PERM_ANDROID_OBB:
case PERM_ANDROID_MEDIA:
- appid = (appid_t) (uintptr_t) hashmapGet(fuse->global->package_to_appid, node->name);
- if (appid != 0) {
+ const auto& iter = fuse->global->package_to_appid->find(node->name);
+ if (iter != fuse->global->package_to_appid->end()) {
+ appid = iter->second;
node->uid = multiuser_get_uid(parent->userid, appid);
}
break;
diff --git a/sdcard/fuse.h b/sdcard/fuse.h
index d76c664..634fbf1 100644
--- a/sdcard/fuse.h
+++ b/sdcard/fuse.h
@@ -30,14 +30,17 @@
#include <sys/uio.h>
#include <unistd.h>
+#include <map>
+#include <string>
+
#include <cutils/fs.h>
-#include <cutils/hashmap.h>
#include <cutils/log.h>
#include <cutils/multiuser.h>
#include <packagelistparser/packagelistparser.h>
#include <private/android_filesystem_config.h>
+// TODO(b/30222003): Fix compilation with FUSE_TRACE == 1.
#define FUSE_TRACE 0
#if FUSE_TRACE
@@ -59,6 +62,16 @@
* the largest possible data payload. */
#define MAX_REQUEST_SIZE (sizeof(struct fuse_in_header) + sizeof(struct fuse_write_in) + MAX_WRITE)
+namespace {
+struct CaseInsensitiveCompare {
+ bool operator()(const std::string& lhs, const std::string& rhs) const {
+ return strcasecmp(lhs.c_str(), rhs.c_str()) < 0;
+ }
+};
+}
+
+using AppIdMap = std::map<std::string, appid_t, CaseInsensitiveCompare>;
+
/* Permission mode for a specific node. Controls how file permissions
* are derived for children nodes. */
typedef enum {
@@ -135,7 +148,7 @@
char source_path[PATH_MAX];
char obb_path[PATH_MAX];
- Hashmap* package_to_appid;
+ AppIdMap* package_to_appid;
__u64 next_generation;
struct node root;
diff --git a/sdcard/sdcard.cpp b/sdcard/sdcard.cpp
index dd0c433..3d7bdc9 100644
--- a/sdcard/sdcard.cpp
+++ b/sdcard/sdcard.cpp
@@ -29,13 +29,16 @@
#include <unistd.h>
#include <android-base/logging.h>
+#include <android-base/macros.h>
#include <cutils/fs.h>
-#include <cutils/hashmap.h>
#include <cutils/log.h>
#include <cutils/multiuser.h>
#include <packagelistparser/packagelistparser.h>
+#include <libminijail.h>
+#include <scoped_minijail.h>
+
#include <private/android_filesystem_config.h>
// README
@@ -74,41 +77,22 @@
/* Supplementary groups to execute with. */
static const gid_t kGroups[1] = { AID_PACKAGE_INFO };
-static int str_hash(void *key) {
- return hashmapHash(key, strlen(static_cast<const char*>(key)));
-}
-
-/* Tests if two string keys are equal ignoring case. */
-static bool str_icase_equals(void *keyA, void *keyB) {
- return strcasecmp(static_cast<const char*>(keyA), static_cast<const char*>(keyB)) == 0;
-}
-
-static bool remove_str_to_int(void *key, void *value, void *context) {
- Hashmap* map = static_cast<Hashmap*>(context);
- hashmapRemove(map, key);
- free(key);
- return true;
-}
-
static bool package_parse_callback(pkg_info *info, void *userdata) {
struct fuse_global *global = (struct fuse_global *)userdata;
-
- char* name = strdup(info->name);
- hashmapPut(global->package_to_appid, name, (void*) (uintptr_t) info->uid);
+ bool res = global->package_to_appid->emplace(info->name, info->uid).second;
packagelist_free(info);
- return true;
+ return res;
}
static bool read_package_list(struct fuse_global* global) {
pthread_mutex_lock(&global->lock);
- hashmapForEach(global->package_to_appid, remove_str_to_int, global->package_to_appid);
-
+ global->package_to_appid->clear();
bool rc = packagelist_parse(package_parse_callback, global);
TRACE("read_package_list: found %zu packages\n",
- hashmapSize(global->package_to_appid));
+ global->package_to_appid->size());
- /* Regenerate ownership details using newly loaded mapping */
+ // Regenerate ownership details using newly loaded mapping.
derive_permissions_recursive_locked(global->fuse_default, &global->root);
pthread_mutex_unlock(&global->lock);
@@ -204,6 +188,15 @@
return 0;
}
+static void drop_privs(uid_t uid, gid_t gid) {
+ ScopedMinijail j(minijail_new());
+ minijail_set_supplementary_gids(j.get(), arraysize(kGroups), kGroups);
+ minijail_change_gid(j.get(), gid);
+ minijail_change_uid(j.get(), uid);
+ /* minijail_enter() will abort if priv-dropping fails. */
+ minijail_enter(j.get());
+}
+
static void* start_handler(void* data) {
struct fuse_handler* handler = static_cast<fuse_handler*>(data);
handle_fuse_requests(handler);
@@ -232,7 +225,7 @@
memset(&handler_write, 0, sizeof(handler_write));
pthread_mutex_init(&global.lock, NULL);
- global.package_to_appid = hashmapCreate(256, str_hash, str_icase_equals);
+ global.package_to_appid = new AppIdMap;
global.uid = uid;
global.gid = gid;
global.multi_user = multi_user;
@@ -299,16 +292,8 @@
}
}
- /* Drop privs. */
- if (setgroups(sizeof(kGroups) / sizeof(kGroups[0]), kGroups) < 0) {
- PLOG(FATAL) << "cannot setgroups";
- }
- if (setgid(gid) < 0) {
- PLOG(FATAL) << "cannot setgid";
- }
- if (setuid(uid) < 0) {
- PLOG(FATAL) << "cannot setuid";
- }
+ // Will abort if priv-dropping fails.
+ drop_privs(uid, gid);
if (multi_user) {
fs_prepare_dir(global.obb_path, 0775, uid, gid);
diff --git a/toolbox/Android.mk b/toolbox/Android.mk
index c9e2ddd..4852fa4 100644
--- a/toolbox/Android.mk
+++ b/toolbox/Android.mk
@@ -33,7 +33,6 @@
OUR_TOOLS := \
getevent \
newfs_msdos \
- sendevent \
ALL_TOOLS = $(BSD_TOOLS) $(OUR_TOOLS)
diff --git a/toolbox/sendevent.c b/toolbox/sendevent.c
deleted file mode 100644
index 4d0ca17..0000000
--- a/toolbox/sendevent.c
+++ /dev/null
@@ -1,42 +0,0 @@
-#include <errno.h>
-#include <fcntl.h>
-#include <linux/input.h>
-#include <stdint.h>
-#include <stdio.h>
-#include <stdlib.h>
-#include <string.h>
-#include <sys/ioctl.h>
-#include <unistd.h>
-
-int sendevent_main(int argc, char *argv[])
-{
- int fd;
- ssize_t ret;
- int version;
- struct input_event event;
-
- if(argc != 5) {
- fprintf(stderr, "use: %s device type code value\n", argv[0]);
- return 1;
- }
-
- fd = open(argv[1], O_RDWR);
- if(fd < 0) {
- fprintf(stderr, "could not open %s, %s\n", argv[optind], strerror(errno));
- return 1;
- }
- if (ioctl(fd, EVIOCGVERSION, &version)) {
- fprintf(stderr, "could not get driver version for %s, %s\n", argv[optind], strerror(errno));
- return 1;
- }
- memset(&event, 0, sizeof(event));
- event.type = atoi(argv[2]);
- event.code = atoi(argv[3]);
- event.value = atoi(argv[4]);
- ret = write(fd, &event, sizeof(event));
- if(ret < (ssize_t) sizeof(event)) {
- fprintf(stderr, "write event failed, %s\n", strerror(errno));
- return -1;
- }
- return 0;
-}