diff --git a/code_coverage/Android.mk b/code_coverage/Android.mk new file mode 100644 index 0000000000..80ab36be67 --- /dev/null +++ b/code_coverage/Android.mk @@ -0,0 +1,37 @@ +# policies to allow processes inside minijail to dump code coverage information +# + +LOCAL_PATH := $(call my-dir) + + +include $(CLEAR_VARS) +LOCAL_MODULE := code_coverage.policy +LOCAL_MODULE_CLASS := ETC +LOCAL_MULTILIB := both + +ifeq ($(TARGET_ARCH), $(filter $(TARGET_ARCH), arm arm64)) +LOCAL_MODULE_STEM_32 := code_coverage.arm.policy +LOCAL_MODULE_STEM_64 := code_coverage.arm64.policy +endif + +ifeq ($(TARGET_ARCH), $(filter $(TARGET_ARCH), x86 x86_64)) +LOCAL_MODULE_STEM_32 := code_coverage.x86.policy +LOCAL_MODULE_STEM_64 := code_coverage.x86_64.policy +endif + +# different files for different configurations +ifeq ($(NATIVE_COVERAGE),true) +LOCAL_SRC_FILES_arm := seccomp_policy/code_coverage.arm.policy +LOCAL_SRC_FILES_arm64 := seccomp_policy/code_coverage.arm64.policy +LOCAL_SRC_FILES_x86 := seccomp_policy/code_coverage.x86.policy +LOCAL_SRC_FILES_x86_64 := seccomp_policy/code_coverage.x86_64.policy +else +LOCAL_SRC_FILES_arm := empty_policy/code_coverage.arm.policy +LOCAL_SRC_FILES_arm64 := empty_policy/code_coverage.arm64.policy +LOCAL_SRC_FILES_x86 := empty_policy/code_coverage.x86.policy +LOCAL_SRC_FILES_x86_64 := empty_policy/code_coverage.x86_64.policy +endif + +LOCAL_MODULE_TARGET_ARCH := arm arm64 x86 x86_64 +LOCAL_MODULE_PATH := $(TARGET_OUT)/etc/seccomp_policy +include $(BUILD_PREBUILT) diff --git a/code_coverage/empty_policy/code_coverage.arm.policy b/code_coverage/empty_policy/code_coverage.arm.policy new file mode 100644 index 0000000000..4c9132b069 --- /dev/null +++ b/code_coverage/empty_policy/code_coverage.arm.policy @@ -0,0 +1,2 @@ +# empty unless code_coverage is enabled. +# code_coverage.arm.policy diff --git a/code_coverage/empty_policy/code_coverage.arm64.policy b/code_coverage/empty_policy/code_coverage.arm64.policy new file mode 100644 index 0000000000..dc5c35a4d5 --- /dev/null +++ b/code_coverage/empty_policy/code_coverage.arm64.policy @@ -0,0 +1,2 @@ +# empty unless code_coverage is enabled. +# code_coverage.arm64.policy diff --git a/code_coverage/empty_policy/code_coverage.x86.policy b/code_coverage/empty_policy/code_coverage.x86.policy new file mode 100644 index 0000000000..044f34c963 --- /dev/null +++ b/code_coverage/empty_policy/code_coverage.x86.policy @@ -0,0 +1,2 @@ +# empty unless code_coverage is enabled. +# code_coverage.x86.policy diff --git a/code_coverage/empty_policy/code_coverage.x86_64.policy b/code_coverage/empty_policy/code_coverage.x86_64.policy new file mode 100644 index 0000000000..6dcd22d79d --- /dev/null +++ b/code_coverage/empty_policy/code_coverage.x86_64.policy @@ -0,0 +1,2 @@ +# empty unless code_coverage is enabled. +# code_coverage.x86_64.policy diff --git a/code_coverage/seccomp_policy/code_coverage.arm.policy b/code_coverage/seccomp_policy/code_coverage.arm.policy new file mode 100644 index 0000000000..d6784e371d --- /dev/null +++ b/code_coverage/seccomp_policy/code_coverage.arm.policy @@ -0,0 +1,14 @@ +close: 1 +mkdirat: 1 +msync: 1 +munmap: 1 +openat: 1 +write: 1 +fcntl64: 1 +fstat64: 1 +geteuid32: 1 +_llseek: 1 +mmap2: 1 +sigreturn: 1 +gettimeofday: 1 +prctl: 1 diff --git a/code_coverage/seccomp_policy/code_coverage.arm64.policy b/code_coverage/seccomp_policy/code_coverage.arm64.policy new file mode 100644 index 0000000000..4c3dd26645 --- /dev/null +++ b/code_coverage/seccomp_policy/code_coverage.arm64.policy @@ -0,0 +1,13 @@ +close: 1 +mkdirat: 1 +msync: 1 +munmap: 1 +openat: 1 +write: 1 +fcntl: 1 +fstat: 1 +geteuid: 1 +lseek: 1 +mmap: 1 +rt_sigreturn: 1 +prctl: 1 diff --git a/code_coverage/seccomp_policy/code_coverage.policy.def b/code_coverage/seccomp_policy/code_coverage.policy.def new file mode 100644 index 0000000000..f136084bcd --- /dev/null +++ b/code_coverage/seccomp_policy/code_coverage.policy.def @@ -0,0 +1,51 @@ +// SECCOMP_MODE_STRICT +// +// minijail allowances for code coverage +// this is processed with generate.sh, so we can use appropriate directives +// size specific: __LP64__ for 64 bit, else 32 bit +// arch specific: __arm__, __aarch64__, __i386__, __x86_64__ + +// includes *all* syscalls used during the coverage dumping +// no skipping just because they might have been in another policy file. + +// coverage tool uses different operations on different passes +// 1st: uses write() to fill the file +// 2nd-Nth: uses mmap() to update in place + +close: 1 +mkdirat: 1 +msync: 1 +munmap: 1 +openat: 1 +write: 1 + +#if defined(__LP64__) +fcntl: 1 +fstat: 1 +geteuid: 1 +lseek: 1 +mmap: 1 +rt_sigreturn: 1 +#else +fcntl64: 1 +fstat64: 1 +geteuid32: 1 +_llseek: 1 +mmap2: 1 +sigreturn: 1 +#endif + +#if defined(__arm__) +gettimeofday: 1 +#endif + +#if defined(__i386__) +madvise: 1 +#endif + +#if defined(__arm__) +prctl: 1 +#elif defined(__aarch64__) +prctl: 1 +#endif + diff --git a/code_coverage/seccomp_policy/code_coverage.x86.policy b/code_coverage/seccomp_policy/code_coverage.x86.policy new file mode 100644 index 0000000000..24ff8b9c0d --- /dev/null +++ b/code_coverage/seccomp_policy/code_coverage.x86.policy @@ -0,0 +1,13 @@ +close: 1 +mkdirat: 1 +msync: 1 +munmap: 1 +openat: 1 +write: 1 +fcntl64: 1 +fstat64: 1 +geteuid32: 1 +_llseek: 1 +mmap2: 1 +sigreturn: 1 +madvise: 1 diff --git a/code_coverage/seccomp_policy/code_coverage.x86_64.policy b/code_coverage/seccomp_policy/code_coverage.x86_64.policy new file mode 100644 index 0000000000..308103654b --- /dev/null +++ b/code_coverage/seccomp_policy/code_coverage.x86_64.policy @@ -0,0 +1,12 @@ +close: 1 +mkdirat: 1 +msync: 1 +munmap: 1 +openat: 1 +write: 1 +fcntl: 1 +fstat: 1 +geteuid: 1 +lseek: 1 +mmap: 1 +rt_sigreturn: 1 diff --git a/code_coverage/seccomp_policy/generate.sh b/code_coverage/seccomp_policy/generate.sh new file mode 100755 index 0000000000..ae582c6475 --- /dev/null +++ b/code_coverage/seccomp_policy/generate.sh @@ -0,0 +1,12 @@ +#!/bin/bash + +# generate the arch-specific files from the generic one + +set -ex + +cd "$(dirname "$0")" +CPP='cpp -undef -E -P code_coverage.policy.def' +$CPP -D__arm__ -o code_coverage.arm.policy +$CPP -D__aarch64__ -D__LP64__ -o code_coverage.arm64.policy +$CPP -D__i386__ -o code_coverage.x86.policy +$CPP -D__x86_64__ -D__LP64__ -o code_coverage.x86_64.policy diff --git a/debuggerd/debuggerd_test.cpp b/debuggerd/debuggerd_test.cpp index 64df53e9e0..1f249c55c4 100644 --- a/debuggerd/debuggerd_test.cpp +++ b/debuggerd/debuggerd_test.cpp @@ -176,7 +176,7 @@ CrasherTest::~CrasherTest() { if (crasher_pid != -1) { kill(crasher_pid, SIGKILL); int status; - waitpid(crasher_pid, &status, WUNTRACED); + TEMP_FAILURE_RETRY(waitpid(crasher_pid, &status, WUNTRACED)); } android::base::SetProperty(kWaitForGdbKey, previous_wait_for_gdb ? "1" : "0"); @@ -195,8 +195,7 @@ void CrasherTest::StartIntercept(unique_fd* output_fd, DebuggerdDumpType interce void CrasherTest::FinishIntercept(int* result) { InterceptResponse response; - // Timeout for tombstoned intercept is 10 seconds. - ssize_t rc = TIMEOUT(20, read(intercept_fd.get(), &response, sizeof(response))); + ssize_t rc = TIMEOUT(30, read(intercept_fd.get(), &response, sizeof(response))); if (rc == -1) { FAIL() << "failed to read response from tombstoned: " << strerror(errno); } else if (rc == 0) { @@ -233,7 +232,7 @@ void CrasherTest::FinishCrasher() { FAIL() << "crasher pipe uninitialized"; } - ssize_t rc = write(crasher_pipe.get(), "\n", 1); + ssize_t rc = TEMP_FAILURE_RETRY(write(crasher_pipe.get(), "\n", 1)); if (rc == -1) { FAIL() << "failed to write to crasher pipe: " << strerror(errno); } else if (rc == 0) { @@ -243,9 +242,10 @@ void CrasherTest::FinishCrasher() { void CrasherTest::AssertDeath(int signo) { int status; - pid_t pid = TIMEOUT(5, waitpid(crasher_pid, &status, 0)); + pid_t pid = TIMEOUT(30, waitpid(crasher_pid, &status, 0)); if (pid != crasher_pid) { - printf("failed to wait for crasher (pid %d)\n", crasher_pid); + printf("failed to wait for crasher (expected pid %d, return value %d): %s\n", crasher_pid, pid, + strerror(errno)); sleep(100); FAIL() << "failed to wait for crasher: " << strerror(errno); } @@ -440,7 +440,7 @@ TEST_F(CrasherTest, wait_for_gdb) { FinishCrasher(); int status; - ASSERT_EQ(crasher_pid, waitpid(crasher_pid, &status, WUNTRACED)); + ASSERT_EQ(crasher_pid, TEMP_FAILURE_RETRY(waitpid(crasher_pid, &status, WUNTRACED))); ASSERT_TRUE(WIFSTOPPED(status)); ASSERT_EQ(SIGSTOP, WSTOPSIG(status)); @@ -608,7 +608,7 @@ static pid_t seccomp_fork_impl(void (*prejail)()) { PLOG(FATAL) << "tmpfile failed"; } - unique_fd tmp_fd(dup(fileno(tmp_file))); + unique_fd tmp_fd(TEMP_FAILURE_RETRY(dup(fileno(tmp_file)))); if (!android::base::WriteStringToFd(policy, tmp_fd.get())) { PLOG(FATAL) << "failed to write policy to tmpfile"; } @@ -821,7 +821,7 @@ TEST_F(CrasherTest, competing_tracer) { FinishCrasher(); int status; - ASSERT_EQ(crasher_pid, waitpid(crasher_pid, &status, 0)); + ASSERT_EQ(crasher_pid, TEMP_FAILURE_RETRY(waitpid(crasher_pid, &status, 0))); ASSERT_TRUE(WIFSTOPPED(status)); ASSERT_EQ(SIGABRT, WSTOPSIG(status)); @@ -836,7 +836,7 @@ TEST_F(CrasherTest, competing_tracer) { regex += R"( \(.+debuggerd_test)"; ASSERT_MATCH(result, regex.c_str()); - ASSERT_EQ(crasher_pid, waitpid(crasher_pid, &status, 0)); + ASSERT_EQ(crasher_pid, TEMP_FAILURE_RETRY(waitpid(crasher_pid, &status, 0))); ASSERT_TRUE(WIFSTOPPED(status)); ASSERT_EQ(SIGABRT, WSTOPSIG(status)); @@ -850,7 +850,7 @@ TEST_F(CrasherTest, fdsan_warning_abort_message) { StartProcess([]() { android_fdsan_set_error_level(ANDROID_FDSAN_ERROR_LEVEL_WARN_ONCE); - unique_fd fd(open("/dev/null", O_RDONLY | O_CLOEXEC)); + unique_fd fd(TEMP_FAILURE_RETRY(open("/dev/null", O_RDONLY | O_CLOEXEC))); if (fd == -1) { abort(); } @@ -885,13 +885,13 @@ TEST(crash_dump, zombie) { raise(DEBUGGER_SIGNAL); errno = 0; - rc = waitpid(-1, &status, __WALL | __WNOTHREAD); + rc = TEMP_FAILURE_RETRY(waitpid(-1, &status, __WALL | __WNOTHREAD)); if (rc != -1 || errno != ECHILD) { errx(2, "second waitpid returned %d (%s), expected failure with ECHILD", rc, strerror(errno)); } _exit(0); } else { - rc = waitpid(forkpid, &status, 0); + rc = TEMP_FAILURE_RETRY(waitpid(forkpid, &status, 0)); ASSERT_EQ(forkpid, rc); ASSERT_TRUE(WIFEXITED(status)); ASSERT_EQ(0, WEXITSTATUS(status)); diff --git a/fs_mgr/fs_mgr_fstab.cpp b/fs_mgr/fs_mgr_fstab.cpp index 9d61b4eafc..670709d2bf 100644 --- a/fs_mgr/fs_mgr_fstab.cpp +++ b/fs_mgr/fs_mgr_fstab.cpp @@ -822,7 +822,8 @@ FstabEntry BuildGsiSystemFstabEntry() { // could add more keys separated by ':'. .avb_keys = "/avb/q-gsi.avbpubkey:/avb/q-developer-gsi.avbpubkey:" - "/avb/r-gsi.avbpubkey:/avb/s-gsi.avbpubkey", + "/avb/r-gsi.avbpubkey:/avb/s-gsi.avbpubkey" + "/avb/r-developer-gsi.avbpubkey:/avb/s-developer-gsi.avbpubkey", .logical_partition_name = "system"}; system.fs_mgr_flags.wait = true; system.fs_mgr_flags.logical = true; diff --git a/property_service/libpropertyinfoserializer/property_info_serializer_test.cpp b/property_service/libpropertyinfoserializer/property_info_serializer_test.cpp index f4845505cf..6846a69a05 100644 --- a/property_service/libpropertyinfoserializer/property_info_serializer_test.cpp +++ b/property_service/libpropertyinfoserializer/property_info_serializer_test.cpp @@ -375,9 +375,11 @@ TEST(propertyinfoserializer, RealProperties) { {"audio_hal.period_size", "u:object_r:default_prop:s0"}, {"bluetooth.enable_timeout_ms", "u:object_r:bluetooth_prop:s0"}, {"dalvik.vm.appimageformat", "u:object_r:dalvik_prop:s0"}, + {"dalvik.vm.boot-dex2oat-cpu-set", "u:object_r:dalvik_prop:s0"}, {"dalvik.vm.boot-dex2oat-threads", "u:object_r:dalvik_prop:s0"}, {"dalvik.vm.dex2oat-Xms", "u:object_r:dalvik_prop:s0"}, {"dalvik.vm.dex2oat-Xmx", "u:object_r:dalvik_prop:s0"}, + {"dalvik.vm.dex2oat-cpu-set", "u:object_r:dalvik_prop:s0"}, {"dalvik.vm.dex2oat-threads", "u:object_r:dalvik_prop:s0"}, {"dalvik.vm.dexopt.secondary", "u:object_r:dalvik_prop:s0"}, {"dalvik.vm.heapgrowthlimit", "u:object_r:dalvik_prop:s0"}, @@ -388,6 +390,7 @@ TEST(propertyinfoserializer, RealProperties) { {"dalvik.vm.heaptargetutilization", "u:object_r:dalvik_prop:s0"}, {"dalvik.vm.image-dex2oat-Xms", "u:object_r:dalvik_prop:s0"}, {"dalvik.vm.image-dex2oat-Xmx", "u:object_r:dalvik_prop:s0"}, + {"dalvik.vm.image-dex2oat-cpu-set", "u:object_r:dalvik_prop:s0"}, {"dalvik.vm.image-dex2oat-threads", "u:object_r:dalvik_prop:s0"}, {"dalvik.vm.isa.arm.features", "u:object_r:dalvik_prop:s0"}, {"dalvik.vm.isa.arm.variant", "u:object_r:dalvik_prop:s0"}, diff --git a/rootdir/Android.mk b/rootdir/Android.mk index 7ff1588b23..24b39991aa 100644 --- a/rootdir/Android.mk +++ b/rootdir/Android.mk @@ -89,7 +89,7 @@ endif EXPORT_GLOBAL_GCOV_OPTIONS := ifeq ($(NATIVE_COVERAGE),true) - EXPORT_GLOBAL_GCOV_OPTIONS := export GCOV_PREFIX /data/misc/gcov + EXPORT_GLOBAL_GCOV_OPTIONS := export GCOV_PREFIX /data/misc/trace endif # Put it here instead of in init.rc module definition, diff --git a/rootdir/avb/Android.mk b/rootdir/avb/Android.mk index 80573fb375..f96ffddb35 100644 --- a/rootdir/avb/Android.mk +++ b/rootdir/avb/Android.mk @@ -45,6 +45,21 @@ endif include $(BUILD_PREBUILT) +####################################### +# r-developer-gsi.avbpubkey +include $(CLEAR_VARS) + +LOCAL_MODULE := r-developer-gsi.avbpubkey +LOCAL_MODULE_CLASS := ETC +LOCAL_SRC_FILES := $(LOCAL_MODULE) +ifeq ($(BOARD_USES_RECOVERY_AS_BOOT),true) +LOCAL_MODULE_PATH := $(TARGET_RECOVERY_ROOT_OUT)/first_stage_ramdisk/avb +else +LOCAL_MODULE_PATH := $(TARGET_RAMDISK_OUT)/avb +endif + +include $(BUILD_PREBUILT) + ####################################### # s-gsi.avbpubkey include $(CLEAR_VARS) @@ -59,3 +74,18 @@ LOCAL_MODULE_PATH := $(TARGET_RAMDISK_OUT)/avb endif include $(BUILD_PREBUILT) + +####################################### +# s-developer-gsi.avbpubkey +include $(CLEAR_VARS) + +LOCAL_MODULE := s-developer-gsi.avbpubkey +LOCAL_MODULE_CLASS := ETC +LOCAL_SRC_FILES := $(LOCAL_MODULE) +ifeq ($(BOARD_USES_RECOVERY_AS_BOOT),true) +LOCAL_MODULE_PATH := $(TARGET_RECOVERY_ROOT_OUT)/first_stage_ramdisk/avb +else +LOCAL_MODULE_PATH := $(TARGET_RAMDISK_OUT)/avb +endif + +include $(BUILD_PREBUILT) diff --git a/rootdir/avb/r-developer-gsi.avbpubkey b/rootdir/avb/r-developer-gsi.avbpubkey new file mode 100644 index 0000000000..aac39cc867 Binary files /dev/null and b/rootdir/avb/r-developer-gsi.avbpubkey differ diff --git a/rootdir/avb/s-developer-gsi.avbpubkey b/rootdir/avb/s-developer-gsi.avbpubkey new file mode 100644 index 0000000000..f0a6c11b82 Binary files /dev/null and b/rootdir/avb/s-developer-gsi.avbpubkey differ diff --git a/rootdir/init.rc b/rootdir/init.rc index 58a83e091b..4e101a90e4 100644 --- a/rootdir/init.rc +++ b/rootdir/init.rc @@ -687,6 +687,11 @@ on boot write /sys/fs/f2fs/${dev.mnt.blk.data}/cp_interval 200 write /sys/fs/f2fs/${dev.mnt.blk.data}/gc_urgent_sleep_time 50 + # limit discard size to 128MB in order to avoid long IO latency + # for filesystem tuning first (dm or sda) + # Note that, if dm- is used, sda/mmcblk0 should be tuned in vendor/init.rc + write /sys/devices/virtual/block/${dev.mnt.blk.data}/queue/discard_max_bytes 134217728 + # Permissions for System Server and daemons. chown radio system /sys/android_power/state chown radio system /sys/android_power/request_state