am 8eb770d3: Merge "Remove long-dead readtty."
* commit '8eb770d37cd9470630fdbe496f22b7a04549fef7':
Remove long-dead readtty.
diff --git a/adb/Android.mk b/adb/Android.mk
index 3cadee3..24cbce0 100644
--- a/adb/Android.mk
+++ b/adb/Android.mk
@@ -112,6 +112,7 @@
jdwp_service.c \
framebuffer_service.c \
remount_service.c \
+ disable_verity_service.c \
usb_linux_client.c
LOCAL_CFLAGS := \
@@ -126,14 +127,27 @@
LOCAL_CFLAGS += -DALLOW_ADBD_ROOT=1
endif
+ifneq (,$(filter userdebug,$(TARGET_BUILD_VARIANT)))
+LOCAL_CFLAGS += -DALLOW_ADBD_DISABLE_VERITY=1
+endif
+
LOCAL_MODULE := adbd
LOCAL_FORCE_STATIC_EXECUTABLE := true
LOCAL_MODULE_PATH := $(TARGET_ROOT_OUT_SBIN)
LOCAL_UNSTRIPPED_PATH := $(TARGET_ROOT_OUT_SBIN_UNSTRIPPED)
+LOCAL_C_INCLUDES += system/extras/ext4_utils system/core/fs_mgr/include
-LOCAL_STATIC_LIBRARIES := liblog libcutils libc libmincrypt libselinux
+LOCAL_STATIC_LIBRARIES := liblog \
+ libfs_mgr \
+ libcutils \
+ libc \
+ libmincrypt \
+ libselinux \
+ libext4_utils_static
+
LOCAL_ADDITIONAL_DEPENDENCIES := $(LOCAL_PATH)/Android.mk
+
include $(BUILD_EXECUTABLE)
diff --git a/adb/adb.h b/adb/adb.h
index 6f5f997..f584c57 100644
--- a/adb/adb.h
+++ b/adb/adb.h
@@ -329,6 +329,7 @@
#if !ADB_HOST
void framebuffer_service(int fd, void *cookie);
void remount_service(int fd, void *cookie);
+void disable_verity_service(int fd, void* cookie);
#endif
/* packet allocator */
diff --git a/adb/adb_auth.h b/adb/adb_auth.h
index b24c674..54dd537 100644
--- a/adb/adb_auth.h
+++ b/adb/adb_auth.h
@@ -18,6 +18,7 @@
#define __ADB_AUTH_H
void adb_auth_init(void);
+int adb_auth_keygen(const char* filename);
void adb_auth_verified(atransport *t);
void send_auth_request(atransport *t);
diff --git a/adb/adb_auth_host.c b/adb/adb_auth_host.c
index c72fe42..a859199 100644
--- a/adb/adb_auth_host.c
+++ b/adb/adb_auth_host.c
@@ -15,9 +15,12 @@
*/
#include <stdio.h>
+#include <stdlib.h>
#ifdef _WIN32
-# define WIN32_LEAN_AND_MEAN
+# ifndef WIN32_LEAN_AND_MEAN
+# define WIN32_LEAN_AND_MEAN
+# endif
# include "windows.h"
# include "shlobj.h"
#else
@@ -114,18 +117,34 @@
static void get_user_info(char *buf, size_t len)
{
char hostname[1024], username[1024];
- int ret;
+ int ret = -1;
+
+ if (getenv("HOSTNAME") != NULL) {
+ strncpy(hostname, getenv("HOSTNAME"), sizeof(hostname));
+ hostname[sizeof(hostname)-1] = '\0';
+ ret = 0;
+ }
#ifndef _WIN32
- ret = gethostname(hostname, sizeof(hostname));
if (ret < 0)
+ ret = gethostname(hostname, sizeof(hostname));
#endif
+ if (ret < 0)
strcpy(hostname, "unknown");
+ ret = -1;
+
+ if (getenv("LOGNAME") != NULL) {
+ strncpy(username, getenv("LOGNAME"), sizeof(username));
+ username[sizeof(username)-1] = '\0';
+ ret = 0;
+ }
+
#if !defined _WIN32 && !defined ADB_HOST_ON_TARGET
- ret = getlogin_r(username, sizeof(username));
if (ret < 0)
+ ret = getlogin_r(username, sizeof(username));
#endif
+ if (ret < 0)
strcpy(username, "unknown");
ret = snprintf(buf, len, " %s@%s", username, hostname);
@@ -436,6 +455,11 @@
return ret + 1;
}
+int adb_auth_keygen(const char* filename) {
+ adb_trace_mask |= (1 << TRACE_AUTH);
+ return (generate_key(filename) == 0);
+}
+
void adb_auth_init(void)
{
int ret;
diff --git a/adb/commandline.c b/adb/commandline.c
index 23e9ea4..903b818 100644
--- a/adb/commandline.c
+++ b/adb/commandline.c
@@ -36,6 +36,7 @@
#define TRACE_TAG TRACE_ADB
#include "adb.h"
#include "adb_client.h"
+#include "adb_auth.h"
#include "file_sync_service.h"
static int do_cmd(transport_type ttype, char* serial, char *cmd, ...);
@@ -189,6 +190,10 @@
"\n"
" adb restore <file> - restore device contents from the <file> backup archive\n"
"\n"
+ " adb disable-verity - disable dm-verity checking on USERDEBUG builds\n"
+ " adb keygen <file> - generate adb public/private key. The private key is stored in <file>,\n"
+ " and the public key is stored in <file>.pub. Any existing files\n"
+ " are overwritten.\n"
" adb help - show this help message\n"
" adb version - show version num\n"
"\n"
@@ -205,8 +210,7 @@
" adb reboot-bootloader - reboots the device into the bootloader\n"
" adb root - restarts the adbd daemon with root permissions\n"
" adb usb - restarts the adbd daemon listening on USB\n"
- " adb tcpip <port> - restarts the adbd daemon listening on TCP on the specified port"
- "\n"
+ " adb tcpip <port> - restarts the adbd daemon listening on TCP on the specified port\n"
"networking:\n"
" adb ppp <tty> [parameters] - Run PPP over USB.\n"
" Note: you should not automatically start a PPP connection.\n"
@@ -1442,7 +1446,7 @@
if(!strcmp(argv[0], "remount") || !strcmp(argv[0], "reboot")
|| !strcmp(argv[0], "reboot-bootloader")
|| !strcmp(argv[0], "tcpip") || !strcmp(argv[0], "usb")
- || !strcmp(argv[0], "root")) {
+ || !strcmp(argv[0], "root") || !strcmp(argv[0], "disable-verity")) {
char command[100];
if (!strcmp(argv[0], "reboot-bootloader"))
snprintf(command, sizeof(command), "reboot:bootloader");
@@ -1725,6 +1729,11 @@
return restore(argc, argv);
}
+ if (!strcmp(argv[0], "keygen")) {
+ if (argc < 2) return usage();
+ return adb_auth_keygen(argv[1]);
+ }
+
if (!strcmp(argv[0], "jdwp")) {
int fd = adb_connect("jdwp");
if (fd >= 0) {
diff --git a/adb/disable_verity_service.c b/adb/disable_verity_service.c
new file mode 100644
index 0000000..ed3da52
--- /dev/null
+++ b/adb/disable_verity_service.c
@@ -0,0 +1,199 @@
+/*
+ * Copyright (C) 2014 The Android Open Source Project
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+#include "sysdeps.h"
+
+#define TRACE_TAG TRACE_ADB
+#include "adb.h"
+
+#include <stdio.h>
+#include <stdarg.h>
+#include <sys/stat.h>
+#include <fcntl.h>
+#include <inttypes.h>
+
+#include "cutils/properties.h"
+#include "ext4_sb.h"
+#include <fs_mgr.h>
+
+#define FSTAB_PREFIX "/fstab."
+struct fstab *fstab;
+
+__attribute__((__format__(printf, 2, 3))) __nonnull((2))
+static void write_console(int fd, const char* format, ...)
+{
+ char buffer[256];
+ va_list args;
+ va_start (args, format);
+ vsnprintf (buffer, sizeof(buffer), format, args);
+ va_end (args);
+
+ adb_write(fd, buffer, strnlen(buffer, sizeof(buffer)));
+}
+
+static int get_target_device_size(int fd, const char *blk_device,
+ uint64_t *device_size)
+{
+ int data_device;
+ struct ext4_super_block sb;
+ struct fs_info info;
+
+ info.len = 0; /* Only len is set to 0 to ask the device for real size. */
+
+ data_device = adb_open(blk_device, O_RDONLY | O_CLOEXEC);
+ if (data_device < 0) {
+ write_console(fd, "Error opening block device (%s)\n", strerror(errno));
+ return -1;
+ }
+
+ if (lseek64(data_device, 1024, SEEK_SET) < 0) {
+ write_console(fd, "Error seeking to superblock\n");
+ adb_close(data_device);
+ return -1;
+ }
+
+ if (adb_read(data_device, &sb, sizeof(sb)) != sizeof(sb)) {
+ write_console(fd, "Error reading superblock\n");
+ adb_close(data_device);
+ return -1;
+ }
+
+ ext4_parse_sb(&sb, &info);
+ *device_size = info.len;
+
+ adb_close(data_device);
+ return 0;
+}
+
+static int disable_verity(int fd, const char *block_device,
+ const char* mount_point)
+{
+ uint32_t magic_number;
+ const uint32_t voff = VERITY_METADATA_MAGIC_DISABLE;
+ uint64_t device_length;
+ int device;
+ int retval = -1;
+
+ device = adb_open(block_device, O_RDWR | O_CLOEXEC);
+ if (device == -1) {
+ write_console(fd, "Could not open block device %s (%s).\n",
+ block_device, strerror(errno));
+ write_console(fd, "Maybe run adb remount?\n");
+ goto errout;
+ }
+
+ // find the start of the verity metadata
+ if (get_target_device_size(fd, (char*)block_device, &device_length) < 0) {
+ write_console(fd, "Could not get target device size.\n");
+ goto errout;
+ }
+
+ if (lseek64(device, device_length, SEEK_SET) < 0) {
+ write_console(fd,
+ "Could not seek to start of verity metadata block.\n");
+ goto errout;
+ }
+
+ // check the magic number
+ if (adb_read(device, &magic_number, sizeof(magic_number))
+ != sizeof(magic_number)) {
+ write_console(fd, "Couldn't read magic number!\n");
+ goto errout;
+ }
+
+ if (magic_number == VERITY_METADATA_MAGIC_DISABLE) {
+ write_console(fd, "Verity already disabled on %s\n", mount_point);
+ goto errout;
+ }
+
+ if (magic_number != VERITY_METADATA_MAGIC_NUMBER) {
+ write_console(fd,
+ "Couldn't find verity metadata at offset %"PRIu64"!\n",
+ device_length);
+ goto errout;
+ }
+
+ if (lseek64(device, device_length, SEEK_SET) < 0) {
+ write_console(fd,
+ "Could not seek to start of verity metadata block.\n");
+ goto errout;
+ }
+
+ if (adb_write(device, &voff, sizeof(voff)) != sizeof(voff)) {
+ write_console(fd, "Could not set verity disabled flag on device %s\n",
+ block_device);
+ goto errout;
+ }
+
+ write_console(fd, "Verity disabled on %s\n", mount_point);
+ retval = 0;
+errout:
+ if (device != -1)
+ adb_close(device);
+ return retval;
+}
+
+void disable_verity_service(int fd, void* cookie)
+{
+#ifdef ALLOW_ADBD_DISABLE_VERITY
+ char fstab_filename[PROPERTY_VALUE_MAX + sizeof(FSTAB_PREFIX)];
+ char propbuf[PROPERTY_VALUE_MAX];
+ int i;
+ bool any_disabled = false;
+
+ property_get("ro.secure", propbuf, "0");
+ if (strcmp(propbuf, "1")) {
+ write_console(fd, "verity not enabled - ENG build\n");
+ goto errout;
+ }
+
+ property_get("ro.debuggable", propbuf, "0");
+ if (strcmp(propbuf, "1")) {
+ write_console(fd, "verity cannot be disabled - USER build\n");
+ goto errout;
+ }
+
+ property_get("ro.hardware", propbuf, "");
+ snprintf(fstab_filename, sizeof(fstab_filename), FSTAB_PREFIX"%s", propbuf);
+
+ fstab = fs_mgr_read_fstab(fstab_filename);
+ if (!fstab) {
+ write_console(fd, "Failed to open %s\nMaybe run adb root?\n",
+ fstab_filename);
+ goto errout;
+ }
+
+ /* Loop through entries looking for ones that vold manages */
+ for (i = 0; i < fstab->num_entries; i++) {
+ if(fs_mgr_is_verified(&fstab->recs[i])) {
+ if (!disable_verity(fd, fstab->recs[i].blk_device,
+ fstab->recs[i].mount_point)) {
+ any_disabled = true;
+ }
+ }
+ }
+
+ if (any_disabled) {
+ write_console(fd,
+ "Now reboot your device for settings to take effect\n");
+ }
+#else
+ write_console(fd, "disable-verity only works for userdebug builds\n");
+#endif
+
+errout:
+ adb_close(fd);
+}
diff --git a/adb/remount_service.c b/adb/remount_service.c
index 72d15a1..36367a7 100644
--- a/adb/remount_service.c
+++ b/adb/remount_service.c
@@ -14,6 +14,8 @@
* limitations under the License.
*/
+#include "sysdeps.h"
+
#include <errno.h>
#include <fcntl.h>
#include <stdio.h>
@@ -22,7 +24,7 @@
#include <sys/mount.h>
#include <unistd.h>
-#include "sysdeps.h"
+#include "cutils/properties.h"
#define TRACE_TAG TRACE_ADB
#include "adb.h"
@@ -115,6 +117,36 @@
void remount_service(int fd, void *cookie)
{
char buffer[200];
+ char prop_buf[PROPERTY_VALUE_MAX];
+
+ bool system_verified = false, vendor_verified = false;
+ property_get("partition.system.verified", prop_buf, "0");
+ if (!strcmp(prop_buf, "1")) {
+ system_verified = true;
+ }
+
+ property_get("partition.vendor.verified", prop_buf, "0");
+ if (!strcmp(prop_buf, "1")) {
+ vendor_verified = true;
+ }
+
+ if (system_verified || vendor_verified) {
+ // Allow remount but warn of likely bad effects
+ bool both = system_verified && vendor_verified;
+ snprintf(buffer, sizeof(buffer),
+ "dm_verity is enabled on the %s%s%s partition%s.\n",
+ system_verified ? "system" : "",
+ both ? " and " : "",
+ vendor_verified ? "vendor" : "",
+ both ? "s" : "");
+ write_string(fd, buffer);
+ snprintf(buffer, sizeof(buffer),
+ "Use \"adb disable-verity\" to disable verity.\n"
+ "If you do not, remount may succeed, however, you will still "
+ "not be able to write to these volumes.\n");
+ write_string(fd, buffer);
+ }
+
if (remount("/system", &system_ro)) {
snprintf(buffer, sizeof(buffer), "remount of system failed: %s\n",strerror(errno));
write_string(fd, buffer);
diff --git a/adb/services.c b/adb/services.c
index bcfc163..703aec8 100644
--- a/adb/services.c
+++ b/adb/services.c
@@ -469,6 +469,8 @@
free(cookie);
}
}
+ } else if(!strncmp(name, "disable-verity:", 15)) {
+ ret = create_service_thread(disable_verity_service, NULL);
#endif
}
if (ret >= 0) {
diff --git a/adb/sysdeps_win32.c b/adb/sysdeps_win32.c
index b082c6d..e69ec2b 100644
--- a/adb/sysdeps_win32.c
+++ b/adb/sysdeps_win32.c
@@ -2,6 +2,7 @@
#include <winsock2.h>
#include <windows.h>
#include <stdio.h>
+#include <stdlib.h>
#include <errno.h>
#define TRACE_TAG TRACE_SYSDEPS
#include "adb.h"
diff --git a/adb/usb_windows.c b/adb/usb_windows.c
index b7ad913..a2d7226 100644
--- a/adb/usb_windows.c
+++ b/adb/usb_windows.c
@@ -21,6 +21,7 @@
#include <usb100.h>
#include <adb_api.h>
#include <stdio.h>
+#include <stdlib.h>
#include "sysdeps.h"
diff --git a/fastboot/usb_windows.c b/fastboot/usb_windows.c
index 0d13863..a09610f 100644
--- a/fastboot/usb_windows.c
+++ b/fastboot/usb_windows.c
@@ -32,6 +32,7 @@
#include <usb100.h>
#include <adb_api.h>
#include <stdio.h>
+#include <stdlib.h>
#include "usb.h"
diff --git a/fs_mgr/Android.mk b/fs_mgr/Android.mk
index 7cffc37..61bf1ee 100644
--- a/fs_mgr/Android.mk
+++ b/fs_mgr/Android.mk
@@ -13,6 +13,10 @@
LOCAL_EXPORT_C_INCLUDE_DIRS := $(LOCAL_PATH)/include
LOCAL_CFLAGS := -Werror
+ifneq (,$(filter userdebug,$(TARGET_BUILD_VARIANT)))
+LOCAL_CFLAGS += -DALLOW_ADBD_DISABLE_VERITY=1
+endif
+
include $(BUILD_STATIC_LIBRARY)
diff --git a/fs_mgr/fs_mgr.c b/fs_mgr/fs_mgr.c
index 91e6c33..d1e92f2 100644
--- a/fs_mgr/fs_mgr.c
+++ b/fs_mgr/fs_mgr.c
@@ -141,9 +141,10 @@
} else if (!strcmp(fs_type, "f2fs")) {
char *f2fs_fsck_argv[] = {
F2FS_FSCK_BIN,
+ "-f",
blk_device
};
- INFO("Running %s on %s\n", F2FS_FSCK_BIN, blk_device);
+ INFO("Running %s -f %s\n", F2FS_FSCK_BIN, blk_device);
ret = android_fork_execvp_ext(ARRAY_SIZE(f2fs_fsck_argv), f2fs_fsck_argv,
&status, true, LOG_KLOG | LOG_FILE,
@@ -245,6 +246,16 @@
return strcmp(value, "1") ? 0 : 1;
}
+static int device_is_secure() {
+ int ret = -1;
+ char value[PROP_VALUE_MAX];
+ ret = __system_property_get("ro.secure", value);
+ /* If error, we want to fail secure */
+ if (ret < 0)
+ return 1;
+ return strcmp(value, "0") ? 1 : 0;
+}
+
/*
* Tries to mount any of the consecutive fstab entries that match
* the mountpoint of the one given by fstab->recs[start_idx].
@@ -350,9 +361,11 @@
wait_for_file(fstab->recs[i].blk_device, WAIT_TIMEOUT);
}
- if ((fstab->recs[i].fs_mgr_flags & MF_VERIFY) &&
- !device_is_debuggable()) {
- if (fs_mgr_setup_verity(&fstab->recs[i]) < 0) {
+ if ((fstab->recs[i].fs_mgr_flags & MF_VERIFY) && device_is_secure()) {
+ int rc = fs_mgr_setup_verity(&fstab->recs[i]);
+ if (device_is_debuggable() && rc == FS_MGR_SETUP_VERITY_DISABLED) {
+ INFO("Verity disabled");
+ } else if (rc != FS_MGR_SETUP_VERITY_SUCCESS) {
ERROR("Could not set up verified partition, skipping!\n");
continue;
}
@@ -467,9 +480,11 @@
fstab->recs[i].mount_point);
}
- if ((fstab->recs[i].fs_mgr_flags & MF_VERIFY) &&
- !device_is_debuggable()) {
- if (fs_mgr_setup_verity(&fstab->recs[i]) < 0) {
+ if ((fstab->recs[i].fs_mgr_flags & MF_VERIFY) && device_is_secure()) {
+ int rc = fs_mgr_setup_verity(&fstab->recs[i]);
+ if (device_is_debuggable() && rc == FS_MGR_SETUP_VERITY_DISABLED) {
+ INFO("Verity disabled");
+ } else if (rc != FS_MGR_SETUP_VERITY_SUCCESS) {
ERROR("Could not set up verified partition, skipping!\n");
continue;
}
diff --git a/fs_mgr/fs_mgr_fstab.c b/fs_mgr/fs_mgr_fstab.c
index 3f84179..ab8f128 100644
--- a/fs_mgr/fs_mgr_fstab.c
+++ b/fs_mgr/fs_mgr_fstab.c
@@ -418,6 +418,11 @@
return fstab->fs_mgr_flags & MF_NONREMOVABLE;
}
+int fs_mgr_is_verified(struct fstab_rec *fstab)
+{
+ return fstab->fs_mgr_flags & MF_VERIFY;
+}
+
int fs_mgr_is_encryptable(struct fstab_rec *fstab)
{
return fstab->fs_mgr_flags & (MF_CRYPT | MF_FORCECRYPT);
diff --git a/fs_mgr/fs_mgr_priv_verity.h b/fs_mgr/fs_mgr_priv_verity.h
index 6193784..f90e596 100644
--- a/fs_mgr/fs_mgr_priv_verity.h
+++ b/fs_mgr/fs_mgr_priv_verity.h
@@ -14,4 +14,7 @@
* limitations under the License.
*/
-int fs_mgr_setup_verity(struct fstab_rec *fstab);
\ No newline at end of file
+#define FS_MGR_SETUP_VERITY_DISABLED -2
+#define FS_MGR_SETUP_VERITY_FAIL -1
+#define FS_MGR_SETUP_VERITY_SUCCESS 0
+int fs_mgr_setup_verity(struct fstab_rec *fstab);
diff --git a/fs_mgr/fs_mgr_verity.c b/fs_mgr/fs_mgr_verity.c
index 01f7844..51555a1 100644
--- a/fs_mgr/fs_mgr_verity.c
+++ b/fs_mgr/fs_mgr_verity.c
@@ -43,7 +43,6 @@
#include "fs_mgr_priv_verity.h"
#define VERITY_METADATA_SIZE 32768
-#define VERITY_METADATA_MAGIC_NUMBER 0xb001b001
#define VERITY_TABLE_RSA_KEY "/verity_key"
extern struct fs_info info;
@@ -87,11 +86,11 @@
static int verify_table(char *signature, char *table, int table_length)
{
RSAPublicKey *key;
- uint8_t hash_buf[SHA_DIGEST_SIZE];
+ uint8_t hash_buf[SHA256_DIGEST_SIZE];
int retval = -1;
// Hash the table
- SHA_hash((uint8_t*)table, table_length, hash_buf);
+ SHA256_hash((uint8_t*)table, table_length, hash_buf);
// Now get the public key from the keyfile
key = load_key(VERITY_TABLE_RSA_KEY);
@@ -105,7 +104,7 @@
(uint8_t*) signature,
RSANUMBYTES,
(uint8_t*) hash_buf,
- SHA_DIGEST_SIZE)) {
+ SHA256_DIGEST_SIZE)) {
ERROR("Couldn't verify table.");
goto out;
}
@@ -125,28 +124,28 @@
info.len = 0; /* Only len is set to 0 to ask the device for real size. */
- data_device = open(blk_device, O_RDONLY);
- if (data_device < 0) {
+ data_device = TEMP_FAILURE_RETRY(open(blk_device, O_RDONLY | O_CLOEXEC));
+ if (data_device == -1) {
ERROR("Error opening block device (%s)", strerror(errno));
return -1;
}
- if (lseek64(data_device, 1024, SEEK_SET) < 0) {
+ if (TEMP_FAILURE_RETRY(lseek64(data_device, 1024, SEEK_SET)) < 0) {
ERROR("Error seeking to superblock");
- close(data_device);
+ TEMP_FAILURE_RETRY(close(data_device));
return -1;
}
- if (read(data_device, &sb, sizeof(sb)) != sizeof(sb)) {
+ if (TEMP_FAILURE_RETRY(read(data_device, &sb, sizeof(sb))) != sizeof(sb)) {
ERROR("Error reading superblock");
- close(data_device);
+ TEMP_FAILURE_RETRY(close(data_device));
return -1;
}
ext4_parse_sb(&sb, &info);
*device_size = info.len;
- close(data_device);
+ TEMP_FAILURE_RETRY(close(data_device));
return 0;
}
@@ -156,11 +155,13 @@
unsigned table_length;
uint64_t device_length;
int protocol_version;
- FILE *device;
- int retval = -1;
+ int device;
+ int retval = FS_MGR_SETUP_VERITY_FAIL;
+ *signature = 0;
+ *table = 0;
- device = fopen(block_device, "r");
- if (!device) {
+ device = TEMP_FAILURE_RETRY(open(block_device, O_RDONLY | O_CLOEXEC));
+ if (device == -1) {
ERROR("Could not open block device %s (%s).\n", block_device, strerror(errno));
goto out;
}
@@ -170,23 +171,35 @@
ERROR("Could not get target device size.\n");
goto out;
}
- if (fseek(device, device_length, SEEK_SET) < 0) {
+ if (TEMP_FAILURE_RETRY(lseek64(device, device_length, SEEK_SET)) < 0) {
ERROR("Could not seek to start of verity metadata block.\n");
goto out;
}
// check the magic number
- if (!fread(&magic_number, sizeof(int), 1, device)) {
+ if (TEMP_FAILURE_RETRY(read(device, &magic_number, sizeof(magic_number))) !=
+ sizeof(magic_number)) {
ERROR("Couldn't read magic number!\n");
goto out;
}
+
+#ifdef ALLOW_ADBD_DISABLE_VERITY
+ if (magic_number == VERITY_METADATA_MAGIC_DISABLE) {
+ retval = FS_MGR_SETUP_VERITY_DISABLED;
+ INFO("Attempt to cleanly disable verity - only works in USERDEBUG");
+ goto out;
+ }
+#endif
+
if (magic_number != VERITY_METADATA_MAGIC_NUMBER) {
- ERROR("Couldn't find verity metadata at offset %"PRIu64"!\n", device_length);
+ ERROR("Couldn't find verity metadata at offset %"PRIu64"!\n",
+ device_length);
goto out;
}
// check the protocol version
- if (!fread(&protocol_version, sizeof(int), 1, device)) {
+ if (TEMP_FAILURE_RETRY(read(device, &protocol_version,
+ sizeof(protocol_version))) != sizeof(protocol_version)) {
ERROR("Couldn't read verity metadata protocol version!\n");
goto out;
}
@@ -196,43 +209,49 @@
}
// get the signature
- *signature = (char*) malloc(RSANUMBYTES * sizeof(char));
+ *signature = (char*) malloc(RSANUMBYTES);
if (!*signature) {
ERROR("Couldn't allocate memory for signature!\n");
goto out;
}
- if (!fread(*signature, RSANUMBYTES, 1, device)) {
+ if (TEMP_FAILURE_RETRY(read(device, *signature, RSANUMBYTES)) != RSANUMBYTES) {
ERROR("Couldn't read signature from verity metadata!\n");
- free(*signature);
goto out;
}
// get the size of the table
- if (!fread(&table_length, sizeof(int), 1, device)) {
+ if (TEMP_FAILURE_RETRY(read(device, &table_length, sizeof(table_length))) !=
+ sizeof(table_length)) {
ERROR("Couldn't get the size of the verity table from metadata!\n");
- free(*signature);
goto out;
}
// get the table + null terminator
- table_length += 1;
- *table = malloc(table_length);
- if(!*table) {
+ *table = malloc(table_length + 1);
+ if (!*table) {
ERROR("Couldn't allocate memory for verity table!\n");
goto out;
}
- if (!fgets(*table, table_length, device)) {
+ if (TEMP_FAILURE_RETRY(read(device, *table, table_length)) !=
+ (ssize_t)table_length) {
ERROR("Couldn't read the verity table from metadata!\n");
- free(*table);
- free(*signature);
goto out;
}
- retval = 0;
+ (*table)[table_length] = 0;
+ retval = FS_MGR_SETUP_VERITY_SUCCESS;
out:
- if (device)
- fclose(device);
+ if (device != -1)
+ TEMP_FAILURE_RETRY(close(device));
+
+ if (retval != FS_MGR_SETUP_VERITY_SUCCESS) {
+ free(*table);
+ free(*signature);
+ *table = 0;
+ *signature = 0;
+ }
+
return retval;
}
@@ -359,11 +378,12 @@
int fs_mgr_setup_verity(struct fstab_rec *fstab) {
- int retval = -1;
+ int retval = FS_MGR_SETUP_VERITY_FAIL;
+ int fd = -1;
- char *verity_blk_name;
- char *verity_table;
- char *verity_table_signature;
+ char *verity_blk_name = 0;
+ char *verity_table = 0;
+ char *verity_table_signature = 0;
char buffer[DM_BUF_SIZE];
struct dm_ioctl *io = (struct dm_ioctl *) buffer;
@@ -380,11 +400,21 @@
return retval;
}
+ // read the verity block at the end of the block device
+ // send error code up the chain so we can detect attempts to disable verity
+ retval = read_verity_metadata(fstab->blk_device,
+ &verity_table_signature,
+ &verity_table);
+ if (retval < 0) {
+ goto out;
+ }
+
+ retval = FS_MGR_SETUP_VERITY_FAIL;
+
// get the device mapper fd
- int fd;
if ((fd = open("/dev/device-mapper", O_RDWR)) < 0) {
ERROR("Error opening device mapper (%s)", strerror(errno));
- return retval;
+ goto out;
}
// create the device
@@ -399,14 +429,6 @@
goto out;
}
- verity_table = verity_table_signature = NULL;
- // read the verity block at the end of the block device
- if (read_verity_metadata(fstab->blk_device,
- &verity_table_signature,
- &verity_table) < 0) {
- goto out;
- }
-
// verify the signature on the table
if (verify_table(verity_table_signature,
verity_table,
@@ -427,6 +449,7 @@
// assign the new verity block device as the block device
free(fstab->blk_device);
fstab->blk_device = verity_blk_name;
+ verity_blk_name = 0;
// make sure we've set everything up properly
if (test_access(fstab->blk_device) < 0) {
@@ -437,6 +460,13 @@
retval = set_verified_property(mount_point);
out:
- close(fd);
+ if (fd != -1) {
+ close(fd);
+ }
+
+ free(verity_table);
+ free(verity_table_signature);
+ free(verity_blk_name);
+
return retval;
}
diff --git a/fs_mgr/include/fs_mgr.h b/fs_mgr/include/fs_mgr.h
index 0c7eb20..5e2ff41 100644
--- a/fs_mgr/include/fs_mgr.h
+++ b/fs_mgr/include/fs_mgr.h
@@ -20,6 +20,13 @@
#include <stdint.h>
#include <linux/dm-ioctl.h>
+// Magic number at start of verity metadata
+#define VERITY_METADATA_MAGIC_NUMBER 0xb001b001
+
+// Replacement magic number at start of verity metadata to cleanly
+// turn verity off in userdebug builds.
+#define VERITY_METADATA_MAGIC_DISABLE 0x46464f56 // "VOFF"
+
#ifdef __cplusplus
extern "C" {
#endif
@@ -74,6 +81,7 @@
struct fstab_rec *fs_mgr_get_entry_for_mount_point(struct fstab *fstab, const char *path);
int fs_mgr_is_voldmanaged(struct fstab_rec *fstab);
int fs_mgr_is_nonremovable(struct fstab_rec *fstab);
+int fs_mgr_is_verified(struct fstab_rec *fstab);
int fs_mgr_is_encryptable(struct fstab_rec *fstab);
int fs_mgr_is_noemulatedsd(struct fstab_rec *fstab);
int fs_mgr_swapon_all(struct fstab *fstab);
diff --git a/healthd/BatteryMonitor.cpp b/healthd/BatteryMonitor.cpp
index 4a6b702..9388ed0 100644
--- a/healthd/BatteryMonitor.cpp
+++ b/healthd/BatteryMonitor.cpp
@@ -265,10 +265,10 @@
"battery none");
}
- KLOG_INFO(LOG_TAG, "%s chg=%s%s%s\n", dmesgline,
- props.chargerAcOnline ? "a" : "",
- props.chargerUsbOnline ? "u" : "",
- props.chargerWirelessOnline ? "w" : "");
+ KLOG_WARNING(LOG_TAG, "%s chg=%s%s%s\n", dmesgline,
+ props.chargerAcOnline ? "a" : "",
+ props.chargerUsbOnline ? "u" : "",
+ props.chargerWirelessOnline ? "w" : "");
}
healthd_mode_ops->battery_update(&props);
@@ -512,7 +512,7 @@
if (!mChargerNames.size())
KLOG_ERROR(LOG_TAG, "No charger supplies found\n");
if (!mBatteryDevicePresent) {
- KLOG_INFO(LOG_TAG, "No battery devices found\n");
+ KLOG_WARNING(LOG_TAG, "No battery devices found\n");
hc->periodic_chores_interval_fast = -1;
hc->periodic_chores_interval_slow = -1;
} else {
diff --git a/healthd/healthd.cpp b/healthd/healthd.cpp
index 30a4b42..f4171bd 100644
--- a/healthd/healthd.cpp
+++ b/healthd/healthd.cpp
@@ -53,6 +53,7 @@
.batteryCurrentAvgPath = String8(String8::kEmptyString),
.batteryChargeCounterPath = String8(String8::kEmptyString),
.energyCounter = NULL,
+ .screen_on = NULL,
};
static int eventct;
@@ -314,8 +315,8 @@
return -1;
}
- healthd_mode_ops->init(&healthd_config);
healthd_board_init(&healthd_config);
+ healthd_mode_ops->init(&healthd_config);
wakealarm_init();
uevent_init();
gBatteryMonitor = new BatteryMonitor();
diff --git a/healthd/healthd.h b/healthd/healthd.h
index 972e728..4704f0b 100644
--- a/healthd/healthd.h
+++ b/healthd/healthd.h
@@ -67,6 +67,7 @@
android::String8 batteryChargeCounterPath;
int (*energyCounter)(int64_t *);
+ bool (*screen_on)(android::BatteryProperties *props);
};
// Global helper functions
diff --git a/healthd/healthd_mode_charger.cpp b/healthd/healthd_mode_charger.cpp
index 394feb8..5039649 100644
--- a/healthd/healthd_mode_charger.cpp
+++ b/healthd/healthd_mode_charger.cpp
@@ -68,14 +68,13 @@
#define UNPLUGGED_SHUTDOWN_TIME (10 * MSEC_PER_SEC)
#define BATTERY_FULL_THRESH 95
-#define SCREEN_ON_BATTERY_THRESH 0
#define LAST_KMSG_PATH "/proc/last_kmsg"
#define LAST_KMSG_PSTORE_PATH "/sys/fs/pstore/console-ramoops"
#define LAST_KMSG_MAX_SZ (32 * 1024)
#define LOGE(x...) do { KLOG_ERROR("charger", x); } while (0)
-#define LOGI(x...) do { KLOG_INFO("charger", x); } while (0)
+#define LOGW(x...) do { KLOG_WARNING("charger", x); } while (0)
#define LOGV(x...) do { KLOG_DEBUG("charger", x); } while (0)
struct key_state {
@@ -109,7 +108,6 @@
struct charger {
bool have_battery_state;
bool charger_connected;
- int capacity;
int64_t next_screen_transition;
int64_t next_key_check;
int64_t next_pwr_check;
@@ -170,7 +168,8 @@
};
static struct charger charger_state;
-
+static struct healthd_config *healthd_config;
+static struct android::BatteryProperties *batt_prop;
static int char_width;
static int char_height;
static bool minui_inited;
@@ -198,15 +197,15 @@
unsigned sz = 0;
int len;
- LOGI("\n");
- LOGI("*************** LAST KMSG ***************\n");
- LOGI("\n");
+ LOGW("\n");
+ LOGW("*************** LAST KMSG ***************\n");
+ LOGW("\n");
buf = (char *)load_file(LAST_KMSG_PSTORE_PATH, &sz);
if (!buf || !sz) {
buf = (char *)load_file(LAST_KMSG_PATH, &sz);
if (!buf || !sz) {
- LOGI("last_kmsg not found. Cold reset?\n");
+ LOGW("last_kmsg not found. Cold reset?\n");
goto out;
}
}
@@ -225,7 +224,7 @@
yoink = ptr[cnt];
ptr[cnt] = '\0';
- klog_write(6, "<6>%s", ptr);
+ klog_write(6, "<4>%s", ptr);
ptr[cnt] = yoink;
len -= cnt;
@@ -235,14 +234,9 @@
free(buf);
out:
- LOGI("\n");
- LOGI("************* END LAST KMSG *************\n");
- LOGI("\n");
-}
-
-static int get_battery_capacity()
-{
- return charger_state.capacity;
+ LOGW("\n");
+ LOGW("************* END LAST KMSG *************\n");
+ LOGW("\n");
}
#ifdef CHARGER_ENABLE_SUSPEND
@@ -357,15 +351,16 @@
return;
if (!minui_inited) {
- int batt_cap = get_battery_capacity();
- if (batt_cap < SCREEN_ON_BATTERY_THRESH) {
- LOGV("[%" PRId64 "] level %d, leave screen off\n", now, batt_cap);
- batt_anim->run = false;
- charger->next_screen_transition = -1;
- if (charger->charger_connected)
- request_suspend(true);
- return;
+ if (healthd_config && healthd_config->screen_on) {
+ if (!healthd_config->screen_on(batt_prop)) {
+ LOGV("[%" PRId64 "] leave screen off\n", now);
+ batt_anim->run = false;
+ charger->next_screen_transition = -1;
+ if (charger->charger_connected)
+ request_suspend(true);
+ return;
+ }
}
gr_init();
@@ -392,17 +387,15 @@
/* animation starting, set up the animation */
if (batt_anim->cur_frame == 0) {
- int batt_cap;
int ret;
LOGV("[%" PRId64 "] animation starting\n", now);
- batt_cap = get_battery_capacity();
- if (batt_cap >= 0 && batt_anim->num_frames != 0) {
+ if (batt_prop && batt_prop->batteryLevel >= 0 && batt_anim->num_frames != 0) {
int i;
/* find first frame given current capacity */
for (i = 1; i < batt_anim->num_frames; i++) {
- if (batt_cap < batt_anim->frames[i].min_capacity)
+ if (batt_prop->batteryLevel < batt_anim->frames[i].min_capacity)
break;
}
batt_anim->cur_frame = i - 1;
@@ -410,8 +403,8 @@
/* show the first frame for twice as long */
disp_time = batt_anim->frames[batt_anim->cur_frame].disp_time * 2;
}
-
- batt_anim->capacity = batt_cap;
+ if (batt_prop)
+ batt_anim->capacity = batt_prop->batteryLevel;
}
/* unblank the screen on first cycle */
@@ -527,10 +520,10 @@
all devices. Check the property and continue booting or reboot
accordingly. */
if (property_get_bool("ro.enable_boot_charger_mode", false)) {
- LOGI("[%" PRId64 "] booting from charger mode\n", now);
+ LOGW("[%" PRId64 "] booting from charger mode\n", now);
property_set("sys.boot_from_charger_mode", "1");
} else {
- LOGI("[%" PRId64 "] rebooting\n", now);
+ LOGW("[%" PRId64 "] rebooting\n", now);
android_reboot(ANDROID_RB_RESTART, 0, 0);
}
} else {
@@ -568,10 +561,10 @@
request_suspend(false);
if (charger->next_pwr_check == -1) {
charger->next_pwr_check = now + UNPLUGGED_SHUTDOWN_TIME;
- LOGI("[%" PRId64 "] device unplugged: shutting down in %" PRId64 " (@ %" PRId64 ")\n",
+ LOGW("[%" PRId64 "] device unplugged: shutting down in %" PRId64 " (@ %" PRId64 ")\n",
now, (int64_t)UNPLUGGED_SHUTDOWN_TIME, charger->next_pwr_check);
} else if (now >= charger->next_pwr_check) {
- LOGI("[%" PRId64 "] shutting down\n", now);
+ LOGW("[%" PRId64 "] shutting down\n", now);
android_reboot(ANDROID_RB_POWEROFF, 0, 0);
} else {
/* otherwise we already have a shutdown timer scheduled */
@@ -579,7 +572,7 @@
} else {
/* online supply present, reset shutdown timer if set */
if (charger->next_pwr_check != -1) {
- LOGI("[%" PRId64 "] device plugged in: shutdown cancelled\n", now);
+ LOGW("[%" PRId64 "] device plugged in: shutdown cancelled\n", now);
kick_animation(charger->batt_anim);
}
charger->next_pwr_check = -1;
@@ -609,7 +602,6 @@
charger->charger_connected =
props->chargerAcOnline || props->chargerUsbOnline ||
props->chargerWirelessOnline;
- charger->capacity = props->batteryLevel;
if (!charger->have_battery_state) {
charger->have_battery_state = true;
@@ -617,6 +609,7 @@
reset_animation(charger->batt_anim);
kick_animation(charger->batt_anim);
}
+ batt_prop = props;
}
int healthd_mode_charger_preparetowait(void)
@@ -669,7 +662,7 @@
ev_dispatch();
}
-void healthd_mode_charger_init(struct healthd_config* /*config*/)
+void healthd_mode_charger_init(struct healthd_config* config)
{
int ret;
struct charger *charger = &charger_state;
@@ -678,7 +671,7 @@
dump_last_kmsg();
- LOGI("--------------- STARTING CHARGER MODE ---------------\n");
+ LOGW("--------------- STARTING CHARGER MODE ---------------\n");
ret = ev_init(input_callback, charger);
if (!ret) {
@@ -717,4 +710,5 @@
charger->next_screen_transition = -1;
charger->next_key_check = -1;
charger->next_pwr_check = -1;
+ healthd_config = config;
}
diff --git a/include/system/audio.h b/include/system/audio.h
index 9a25cfb..df454ff 100644
--- a/include/system/audio.h
+++ b/include/system/audio.h
@@ -135,6 +135,7 @@
/* play the mix captured by this audio source. */
AUDIO_SOURCE_CNT,
AUDIO_SOURCE_MAX = AUDIO_SOURCE_CNT - 1,
+ AUDIO_SOURCE_FM_TUNER = 1998,
AUDIO_SOURCE_HOTWORD = 1999, /* A low-priority, preemptible audio source for
for background software hotword detection.
Same tuning as AUDIO_SOURCE_VOICE_RECOGNITION.
diff --git a/libcutils/native_handle.c b/libcutils/native_handle.c
index 4089968..9a4a5bb 100644
--- a/libcutils/native_handle.c
+++ b/libcutils/native_handle.c
@@ -30,9 +30,11 @@
native_handle_t* h = malloc(
sizeof(native_handle_t) + sizeof(int)*(numFds+numInts));
- h->version = sizeof(native_handle_t);
- h->numFds = numFds;
- h->numInts = numInts;
+ if (h) {
+ h->version = sizeof(native_handle_t);
+ h->numFds = numFds;
+ h->numInts = numInts;
+ }
return h;
}
diff --git a/libcutils/sched_policy.c b/libcutils/sched_policy.c
index d3cedd4..e07bbbd 100644
--- a/libcutils/sched_policy.c
+++ b/libcutils/sched_policy.c
@@ -45,8 +45,6 @@
#define POLICY_DEBUG 0
-#define CAN_SET_SP_SYSTEM 0 // non-zero means to implement set_sched_policy(tid, SP_SYSTEM)
-
// This prctl is only available in Android kernels.
#define PR_SET_TIMERSLACK_PID 41
@@ -60,9 +58,6 @@
// File descriptors open to /dev/cpuctl/../tasks, setup by initialize, or -1 on error.
static int bg_cgroup_fd = -1;
static int fg_cgroup_fd = -1;
-#if CAN_SET_SP_SYSTEM
-static int system_cgroup_fd = -1;
-#endif
/* Add tid to the scheduling group defined by the policy */
static int add_tid_to_cgroup(int tid, SchedPolicy policy)
@@ -78,11 +73,6 @@
case SP_AUDIO_SYS:
fd = fg_cgroup_fd;
break;
-#if CAN_SET_SP_SYSTEM
- case SP_SYSTEM:
- fd = system_cgroup_fd;
- break;
-#endif
default:
fd = -1;
break;
@@ -123,21 +113,13 @@
if (!access("/dev/cpuctl/tasks", F_OK)) {
__sys_supports_schedgroups = 1;
-#if CAN_SET_SP_SYSTEM
filename = "/dev/cpuctl/tasks";
- system_cgroup_fd = open(filename, O_WRONLY | O_CLOEXEC);
- if (system_cgroup_fd < 0) {
- SLOGV("open of %s failed: %s\n", filename, strerror(errno));
- }
-#endif
-
- filename = "/dev/cpuctl/apps/tasks";
fg_cgroup_fd = open(filename, O_WRONLY | O_CLOEXEC);
if (fg_cgroup_fd < 0) {
SLOGE("open of %s failed: %s\n", filename, strerror(errno));
}
- filename = "/dev/cpuctl/apps/bg_non_interactive/tasks";
+ filename = "/dev/cpuctl/bg_non_interactive/tasks";
bg_cgroup_fd = open(filename, O_WRONLY | O_CLOEXEC);
if (bg_cgroup_fd < 0) {
SLOGE("open of %s failed: %s\n", filename, strerror(errno));
@@ -231,11 +213,9 @@
if (getSchedulerGroup(tid, grpBuf, sizeof(grpBuf)) < 0)
return -1;
if (grpBuf[0] == '\0') {
- *policy = SP_SYSTEM;
- } else if (!strcmp(grpBuf, "apps/bg_non_interactive")) {
- *policy = SP_BACKGROUND;
- } else if (!strcmp(grpBuf, "apps")) {
*policy = SP_FOREGROUND;
+ } else if (!strcmp(grpBuf, "bg_non_interactive")) {
+ *policy = SP_BACKGROUND;
} else {
errno = ERANGE;
return -1;
diff --git a/libnativebridge/tests/CompleteFlow_test.cpp b/libnativebridge/tests/CompleteFlow_test.cpp
index cf06d2c..b033792 100644
--- a/libnativebridge/tests/CompleteFlow_test.cpp
+++ b/libnativebridge/tests/CompleteFlow_test.cpp
@@ -36,6 +36,7 @@
// Unload
UnloadNativeBridge();
+
ASSERT_FALSE(NativeBridgeAvailable());
ASSERT_FALSE(NativeBridgeError());
diff --git a/rootdir/init.rc b/rootdir/init.rc
index 9093b54..cbcb842 100644
--- a/rootdir/init.rc
+++ b/rootdir/init.rc
@@ -119,25 +119,18 @@
mount cgroup none /dev/cpuctl cpu
chown system system /dev/cpuctl
chown system system /dev/cpuctl/tasks
- chmod 0660 /dev/cpuctl/tasks
+ chmod 0666 /dev/cpuctl/tasks
write /dev/cpuctl/cpu.shares 1024
- write /dev/cpuctl/cpu.rt_runtime_us 950000
+ write /dev/cpuctl/cpu.rt_runtime_us 800000
write /dev/cpuctl/cpu.rt_period_us 1000000
- mkdir /dev/cpuctl/apps
- chown system system /dev/cpuctl/apps/tasks
- chmod 0666 /dev/cpuctl/apps/tasks
- write /dev/cpuctl/apps/cpu.shares 1024
- write /dev/cpuctl/apps/cpu.rt_runtime_us 800000
- write /dev/cpuctl/apps/cpu.rt_period_us 1000000
-
- mkdir /dev/cpuctl/apps/bg_non_interactive
- chown system system /dev/cpuctl/apps/bg_non_interactive/tasks
- chmod 0666 /dev/cpuctl/apps/bg_non_interactive/tasks
+ mkdir /dev/cpuctl/bg_non_interactive
+ chown system system /dev/cpuctl/bg_non_interactive/tasks
+ chmod 0666 /dev/cpuctl/bg_non_interactive/tasks
# 5.0 %
- write /dev/cpuctl/apps/bg_non_interactive/cpu.shares 52
- write /dev/cpuctl/apps/bg_non_interactive/cpu.rt_runtime_us 700000
- write /dev/cpuctl/apps/bg_non_interactive/cpu.rt_period_us 1000000
+ write /dev/cpuctl/bg_non_interactive/cpu.shares 52
+ write /dev/cpuctl/bg_non_interactive/cpu.rt_runtime_us 700000
+ write /dev/cpuctl/bg_non_interactive/cpu.rt_period_us 1000000
# qtaguid will limit access to specific data based on group memberships.
# net_bw_acct grants impersonation of socket owners.
diff --git a/rootdir/ueventd.rc b/rootdir/ueventd.rc
index eff24c3..474f630 100644
--- a/rootdir/ueventd.rc
+++ b/rootdir/ueventd.rc
@@ -88,6 +88,7 @@
/dev/ppp 0660 radio vpn
# sysfs properties
+/sys/devices/platform/trusty.* trusty_version 0440 root log
/sys/devices/virtual/input/input* enable 0660 root input
/sys/devices/virtual/input/input* poll_delay 0660 root input
/sys/devices/virtual/usb_composite/* enable 0664 root system
diff --git a/toolbox/Android.mk b/toolbox/Android.mk
index 5d557fa..8783abf 100644
--- a/toolbox/Android.mk
+++ b/toolbox/Android.mk
@@ -170,6 +170,7 @@
nohup \
notify \
ps \
+ prlimit \
readlink \
renice \
restorecon \
diff --git a/toolbox/prlimit.c b/toolbox/prlimit.c
new file mode 100644
index 0000000..8cf202a
--- /dev/null
+++ b/toolbox/prlimit.c
@@ -0,0 +1,76 @@
+/*
+ * Copyright (c) 2014, The Android Open Source Project
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * * Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ * * Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in
+ * the documentation and/or other materials provided with the
+ * distribution.
+ * * Neither the name of Google, Inc. nor the names of its contributors
+ * may be used to endorse or promote products derived from this
+ * software without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
+ * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
+ * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS
+ * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
+ * COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT,
+ * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING,
+ * BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS
+ * OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED
+ * AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY,
+ * OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT
+ * OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ */
+
+#include <stdio.h>
+#include <unistd.h>
+#include <stdlib.h>
+#include <sys/time.h>
+#include <sys/resource.h>
+
+static void
+usage(const char *s)
+{
+ fprintf(stderr, "usage: %s pid resource cur max\n", s);
+ exit(EXIT_FAILURE);
+}
+
+int prlimit_main(int argc, char *argv[])
+{
+ pid_t pid;
+ struct rlimit64 rl;
+ int resource;
+ int rc;
+
+ if (argc != 5)
+ usage(*argv);
+
+ if (sscanf(argv[1], "%d", &pid) != 1)
+ usage(*argv);
+
+ if (sscanf(argv[2], "%d", &resource) != 1)
+ usage(*argv);
+
+ if (sscanf(argv[3], "%llu", &rl.rlim_cur) != 1)
+ usage(*argv);
+
+ if (sscanf(argv[4], "%llu", &rl.rlim_max) != 1)
+ usage(*argv);
+
+ printf("setting resource %d of pid %d to [%llu,%llu]\n", resource, pid,
+ rl.rlim_cur, rl.rlim_max);
+ rc = prlimit64(pid, resource, &rl, NULL);
+ if (rc < 0) {
+ perror("prlimit");
+ exit(EXIT_FAILURE);
+ }
+
+ return 0;
+}