Loading fs_mgr/libsnapshot/include/libsnapshot/cow_format.h +2 −0 Original line number Original line Diff line number Diff line Loading @@ -24,6 +24,8 @@ static constexpr uint64_t kCowMagicNumber = 0x436f77634f572121ULL; static constexpr uint32_t kCowVersionMajor = 1; static constexpr uint32_t kCowVersionMajor = 1; static constexpr uint32_t kCowVersionMinor = 0; static constexpr uint32_t kCowVersionMinor = 0; static constexpr uint32_t kCowVersionManifest = 1; // This header appears as the first sequence of bytes in the COW. All fields // This header appears as the first sequence of bytes in the COW. All fields // in the layout are little-endian encoded. The on-disk layout is: // in the layout are little-endian encoded. The on-disk layout is: // // Loading fs_mgr/libsnapshot/inspect_cow.cpp +28 −4 Original line number Original line Diff line number Diff line Loading @@ -38,7 +38,8 @@ void MyLogger(android::base::LogId, android::base::LogSeverity severity, const c static void usage(void) { static void usage(void) { LOG(ERROR) << "Usage: inspect_cow [-sd] <COW_FILE>"; LOG(ERROR) << "Usage: inspect_cow [-sd] <COW_FILE>"; LOG(ERROR) << "\t -s Run Silent"; LOG(ERROR) << "\t -s Run Silent"; LOG(ERROR) << "\t -d Attempt to decompress\n"; LOG(ERROR) << "\t -d Attempt to decompress"; LOG(ERROR) << "\t -b Show data for failed decompress\n"; } } // Sink that always appends to the end of a string. // Sink that always appends to the end of a string. Loading @@ -59,7 +60,25 @@ class StringSink : public IByteSink { std::string stream_; std::string stream_; }; }; static bool Inspect(const std::string& path, bool silent, bool decompress) { static void ShowBad(CowReader& reader, const struct CowOperation& op) { size_t count; auto buffer = std::make_unique<uint8_t[]>(op.data_length); if (!reader.GetRawBytes(op.source, buffer.get(), op.data_length, &count)) { std::cerr << "Failed to read at all!\n"; } else { std::cout << "The Block data is:\n"; for (int i = 0; i < op.data_length; i++) { std::cout << std::hex << (int)buffer[i]; } std::cout << std::dec << "\n\n"; if (op.data_length >= sizeof(CowOperation)) { std::cout << "The start, as an op, would be " << *(CowOperation*)buffer.get() << "\n"; } } } static bool Inspect(const std::string& path, bool silent, bool decompress, bool show_bad) { android::base::unique_fd fd(open(path.c_str(), O_RDONLY)); android::base::unique_fd fd(open(path.c_str(), O_RDONLY)); if (fd < 0) { if (fd < 0) { PLOG(ERROR) << "open failed: " << path; PLOG(ERROR) << "open failed: " << path; Loading Loading @@ -107,6 +126,7 @@ static bool Inspect(const std::string& path, bool silent, bool decompress) { if (!reader.ReadData(op, &sink)) { if (!reader.ReadData(op, &sink)) { std::cerr << "Failed to decompress for :" << op << "\n"; std::cerr << "Failed to decompress for :" << op << "\n"; success = false; success = false; if (show_bad) ShowBad(reader, op); } } sink.Reset(); sink.Reset(); } } Loading @@ -124,7 +144,8 @@ int main(int argc, char** argv) { int ch; int ch; bool silent = false; bool silent = false; bool decompress = false; bool decompress = false; while ((ch = getopt(argc, argv, "sd")) != -1) { bool show_bad = false; while ((ch = getopt(argc, argv, "sdb")) != -1) { switch (ch) { switch (ch) { case 's': case 's': silent = true; silent = true; Loading @@ -132,6 +153,9 @@ int main(int argc, char** argv) { case 'd': case 'd': decompress = true; decompress = true; break; break; case 'b': show_bad = true; break; default: default: android::snapshot::usage(); android::snapshot::usage(); } } Loading @@ -143,7 +167,7 @@ int main(int argc, char** argv) { return 1; return 1; } } if (!android::snapshot::Inspect(argv[optind], silent, decompress)) { if (!android::snapshot::Inspect(argv[optind], silent, decompress, show_bad)) { return 1; return 1; } } return 0; return 0; Loading init/selinux.cpp +13 −13 Original line number Original line Diff line number Diff line Loading @@ -240,25 +240,25 @@ Result<std::string> FindPrecompiledSplitPolicy() { } } // Use precompiled sepolicy only when all corresponding hashes are equal. // Use precompiled sepolicy only when all corresponding hashes are equal. // plat_sepolicy is always checked, while system_ext and product are checked only when they // exist. std::vector<std::pair<std::string, std::string>> sepolicy_hashes{ std::vector<std::pair<std::string, std::string>> sepolicy_hashes{ {"/system/etc/selinux/plat_sepolicy_and_mapping.sha256", {"/system/etc/selinux/plat_sepolicy_and_mapping.sha256", precompiled_sepolicy + ".plat_sepolicy_and_mapping.sha256"}, precompiled_sepolicy + ".plat_sepolicy_and_mapping.sha256"}, {"/system_ext/etc/selinux/system_ext_sepolicy_and_mapping.sha256", precompiled_sepolicy + ".system_ext_sepolicy_and_mapping.sha256"}, {"/product/etc/selinux/product_sepolicy_and_mapping.sha256", precompiled_sepolicy + ".product_sepolicy_and_mapping.sha256"}, }; }; if (access("/system_ext/etc/selinux/system_ext_sepolicy.cil", F_OK) == 0) { for (const auto& [actual_id_path, precompiled_id_path] : sepolicy_hashes) { sepolicy_hashes.emplace_back( // Both of them should exist or both of them shouldn't exist. "/system_ext/etc/selinux/system_ext_sepolicy_and_mapping.sha256", if (access(actual_id_path.c_str(), R_OK) != 0) { precompiled_sepolicy + ".system_ext_sepolicy_and_mapping.sha256"); if (access(precompiled_id_path.c_str(), R_OK) == 0) { return Error() << precompiled_id_path << " exists but " << actual_id_path << " doesn't"; } } continue; if (access("/product/etc/selinux/product_sepolicy.cil", F_OK) == 0) { sepolicy_hashes.emplace_back("/product/etc/selinux/product_sepolicy_and_mapping.sha256", precompiled_sepolicy + ".product_sepolicy_and_mapping.sha256"); } } for (const auto& [actual_id_path, precompiled_id_path] : sepolicy_hashes) { std::string actual_id; std::string actual_id; if (!ReadFirstLine(actual_id_path.c_str(), &actual_id)) { if (!ReadFirstLine(actual_id_path.c_str(), &actual_id)) { return ErrnoError() << "Failed to read " << actual_id_path; return ErrnoError() << "Failed to read " << actual_id_path; Loading libcutils/include/private/android_filesystem_config.h +1 −0 Original line number Original line Diff line number Diff line Loading @@ -129,6 +129,7 @@ #define AID_CONTEXT_HUB 1080 /* GID for access to the Context Hub */ #define AID_CONTEXT_HUB 1080 /* GID for access to the Context Hub */ #define AID_VIRTMANAGER 1081 /* VirtManager daemon */ #define AID_VIRTMANAGER 1081 /* VirtManager daemon */ #define AID_ARTD 1082 /* ART Service daemon */ #define AID_ARTD 1082 /* ART Service daemon */ #define AID_UWB 1083 /* UWB subsystem */ /* Changes to this file must be made in AOSP, *not* in internal branches. */ /* Changes to this file must be made in AOSP, *not* in internal branches. */ #define AID_SHELL 2000 /* adb and debug shell user */ #define AID_SHELL 2000 /* adb and debug shell user */ Loading Loading
fs_mgr/libsnapshot/include/libsnapshot/cow_format.h +2 −0 Original line number Original line Diff line number Diff line Loading @@ -24,6 +24,8 @@ static constexpr uint64_t kCowMagicNumber = 0x436f77634f572121ULL; static constexpr uint32_t kCowVersionMajor = 1; static constexpr uint32_t kCowVersionMajor = 1; static constexpr uint32_t kCowVersionMinor = 0; static constexpr uint32_t kCowVersionMinor = 0; static constexpr uint32_t kCowVersionManifest = 1; // This header appears as the first sequence of bytes in the COW. All fields // This header appears as the first sequence of bytes in the COW. All fields // in the layout are little-endian encoded. The on-disk layout is: // in the layout are little-endian encoded. The on-disk layout is: // // Loading
fs_mgr/libsnapshot/inspect_cow.cpp +28 −4 Original line number Original line Diff line number Diff line Loading @@ -38,7 +38,8 @@ void MyLogger(android::base::LogId, android::base::LogSeverity severity, const c static void usage(void) { static void usage(void) { LOG(ERROR) << "Usage: inspect_cow [-sd] <COW_FILE>"; LOG(ERROR) << "Usage: inspect_cow [-sd] <COW_FILE>"; LOG(ERROR) << "\t -s Run Silent"; LOG(ERROR) << "\t -s Run Silent"; LOG(ERROR) << "\t -d Attempt to decompress\n"; LOG(ERROR) << "\t -d Attempt to decompress"; LOG(ERROR) << "\t -b Show data for failed decompress\n"; } } // Sink that always appends to the end of a string. // Sink that always appends to the end of a string. Loading @@ -59,7 +60,25 @@ class StringSink : public IByteSink { std::string stream_; std::string stream_; }; }; static bool Inspect(const std::string& path, bool silent, bool decompress) { static void ShowBad(CowReader& reader, const struct CowOperation& op) { size_t count; auto buffer = std::make_unique<uint8_t[]>(op.data_length); if (!reader.GetRawBytes(op.source, buffer.get(), op.data_length, &count)) { std::cerr << "Failed to read at all!\n"; } else { std::cout << "The Block data is:\n"; for (int i = 0; i < op.data_length; i++) { std::cout << std::hex << (int)buffer[i]; } std::cout << std::dec << "\n\n"; if (op.data_length >= sizeof(CowOperation)) { std::cout << "The start, as an op, would be " << *(CowOperation*)buffer.get() << "\n"; } } } static bool Inspect(const std::string& path, bool silent, bool decompress, bool show_bad) { android::base::unique_fd fd(open(path.c_str(), O_RDONLY)); android::base::unique_fd fd(open(path.c_str(), O_RDONLY)); if (fd < 0) { if (fd < 0) { PLOG(ERROR) << "open failed: " << path; PLOG(ERROR) << "open failed: " << path; Loading Loading @@ -107,6 +126,7 @@ static bool Inspect(const std::string& path, bool silent, bool decompress) { if (!reader.ReadData(op, &sink)) { if (!reader.ReadData(op, &sink)) { std::cerr << "Failed to decompress for :" << op << "\n"; std::cerr << "Failed to decompress for :" << op << "\n"; success = false; success = false; if (show_bad) ShowBad(reader, op); } } sink.Reset(); sink.Reset(); } } Loading @@ -124,7 +144,8 @@ int main(int argc, char** argv) { int ch; int ch; bool silent = false; bool silent = false; bool decompress = false; bool decompress = false; while ((ch = getopt(argc, argv, "sd")) != -1) { bool show_bad = false; while ((ch = getopt(argc, argv, "sdb")) != -1) { switch (ch) { switch (ch) { case 's': case 's': silent = true; silent = true; Loading @@ -132,6 +153,9 @@ int main(int argc, char** argv) { case 'd': case 'd': decompress = true; decompress = true; break; break; case 'b': show_bad = true; break; default: default: android::snapshot::usage(); android::snapshot::usage(); } } Loading @@ -143,7 +167,7 @@ int main(int argc, char** argv) { return 1; return 1; } } if (!android::snapshot::Inspect(argv[optind], silent, decompress)) { if (!android::snapshot::Inspect(argv[optind], silent, decompress, show_bad)) { return 1; return 1; } } return 0; return 0; Loading
init/selinux.cpp +13 −13 Original line number Original line Diff line number Diff line Loading @@ -240,25 +240,25 @@ Result<std::string> FindPrecompiledSplitPolicy() { } } // Use precompiled sepolicy only when all corresponding hashes are equal. // Use precompiled sepolicy only when all corresponding hashes are equal. // plat_sepolicy is always checked, while system_ext and product are checked only when they // exist. std::vector<std::pair<std::string, std::string>> sepolicy_hashes{ std::vector<std::pair<std::string, std::string>> sepolicy_hashes{ {"/system/etc/selinux/plat_sepolicy_and_mapping.sha256", {"/system/etc/selinux/plat_sepolicy_and_mapping.sha256", precompiled_sepolicy + ".plat_sepolicy_and_mapping.sha256"}, precompiled_sepolicy + ".plat_sepolicy_and_mapping.sha256"}, {"/system_ext/etc/selinux/system_ext_sepolicy_and_mapping.sha256", precompiled_sepolicy + ".system_ext_sepolicy_and_mapping.sha256"}, {"/product/etc/selinux/product_sepolicy_and_mapping.sha256", precompiled_sepolicy + ".product_sepolicy_and_mapping.sha256"}, }; }; if (access("/system_ext/etc/selinux/system_ext_sepolicy.cil", F_OK) == 0) { for (const auto& [actual_id_path, precompiled_id_path] : sepolicy_hashes) { sepolicy_hashes.emplace_back( // Both of them should exist or both of them shouldn't exist. "/system_ext/etc/selinux/system_ext_sepolicy_and_mapping.sha256", if (access(actual_id_path.c_str(), R_OK) != 0) { precompiled_sepolicy + ".system_ext_sepolicy_and_mapping.sha256"); if (access(precompiled_id_path.c_str(), R_OK) == 0) { return Error() << precompiled_id_path << " exists but " << actual_id_path << " doesn't"; } } continue; if (access("/product/etc/selinux/product_sepolicy.cil", F_OK) == 0) { sepolicy_hashes.emplace_back("/product/etc/selinux/product_sepolicy_and_mapping.sha256", precompiled_sepolicy + ".product_sepolicy_and_mapping.sha256"); } } for (const auto& [actual_id_path, precompiled_id_path] : sepolicy_hashes) { std::string actual_id; std::string actual_id; if (!ReadFirstLine(actual_id_path.c_str(), &actual_id)) { if (!ReadFirstLine(actual_id_path.c_str(), &actual_id)) { return ErrnoError() << "Failed to read " << actual_id_path; return ErrnoError() << "Failed to read " << actual_id_path; Loading
libcutils/include/private/android_filesystem_config.h +1 −0 Original line number Original line Diff line number Diff line Loading @@ -129,6 +129,7 @@ #define AID_CONTEXT_HUB 1080 /* GID for access to the Context Hub */ #define AID_CONTEXT_HUB 1080 /* GID for access to the Context Hub */ #define AID_VIRTMANAGER 1081 /* VirtManager daemon */ #define AID_VIRTMANAGER 1081 /* VirtManager daemon */ #define AID_ARTD 1082 /* ART Service daemon */ #define AID_ARTD 1082 /* ART Service daemon */ #define AID_UWB 1083 /* UWB subsystem */ /* Changes to this file must be made in AOSP, *not* in internal branches. */ /* Changes to this file must be made in AOSP, *not* in internal branches. */ #define AID_SHELL 2000 /* adb and debug shell user */ #define AID_SHELL 2000 /* adb and debug shell user */ Loading
