Loading fastboot/fastboot.cpp +0 −6 Original line number Diff line number Diff line Loading @@ -457,12 +457,6 @@ static void* load_bootable_image(const std::string& kernel, const std::string& r } if (!memcmp(kdata, BOOT_MAGIC, BOOT_MAGIC_SIZE)) { if (cmdline) bootimg_set_cmdline(reinterpret_cast<boot_img_hdr_v1*>(kdata), cmdline); uint32_t header_version_existing = reinterpret_cast<boot_img_hdr_v1*>(kdata)->header_version; if (header_version != header_version_existing) { die("header version mismatch, expected: %" PRIu32 " found %" PRIu32 "", header_version, header_version_existing); } if (!ramdisk.empty()) die("cannot boot a boot.img *and* ramdisk"); Loading fs_mgr/fs_mgr_priv.h +1 −1 Original line number Diff line number Diff line Loading @@ -45,7 +45,7 @@ #define PWARNING PLOG(WARNING) << FS_MGR_TAG #define PERROR PLOG(ERROR) << FS_MGR_TAG #define CRYPTO_TMPFS_OPTIONS "size=256m,mode=0771,uid=1000,gid=1000" #define CRYPTO_TMPFS_OPTIONS "size=512m,mode=0771,uid=1000,gid=1000" /* fstab has the following format: * Loading init/builtins.cpp +33 −13 Original line number Diff line number Diff line Loading @@ -82,6 +82,7 @@ namespace init { static constexpr std::chrono::nanoseconds kCommandRetryTimeout = 5s; static Result<Success> reboot_into_recovery(const std::vector<std::string>& options) { LOG(ERROR) << "Rebooting into recovery"; std::string err; if (!write_bootloader_message(options, &err)) { return Error() << "Failed to set bootloader message: " << err; Loading Loading @@ -285,11 +286,8 @@ static Result<Success> do_mkdir(const BuiltinArguments& args) { if (e4crypt_is_native()) { if (e4crypt_set_directory_policy(args[1].c_str())) { const std::vector<std::string> options = { "--prompt_and_wipe_data", "--reason=set_policy_failed:"s + args[1]}; reboot_into_recovery(options); return Success(); return reboot_into_recovery( {"--prompt_and_wipe_data", "--reason=set_policy_failed:"s + args[1]}); } } return Success(); Loading Loading @@ -493,8 +491,7 @@ static Result<Success> queue_fs_event(int code) { /* Setup a wipe via recovery, and reboot into recovery */ PLOG(ERROR) << "fs_mgr_mount_all suggested recovery, so wiping data via recovery."; const std::vector<std::string> options = {"--wipe_data", "--reason=fs_mgr_mount_all" }; reboot_into_recovery(options); return Success(); return reboot_into_recovery(options); /* If reboot worked, there is no return. */ } else if (code == FS_MGR_MNTALL_DEV_FILE_ENCRYPTED) { if (e4crypt_install_keyring()) { Loading Loading @@ -987,6 +984,29 @@ static bool is_file_crypto() { return android::base::GetProperty("ro.crypto.type", "") == "file"; } static Result<Success> ExecWithRebootOnFailure(const std::string& reboot_reason, const BuiltinArguments& args) { auto service = Service::MakeTemporaryOneshotService(args.args); if (!service) { return Error() << "Could not create exec service"; } service->AddReapCallback([reboot_reason](const siginfo_t& siginfo) { if (siginfo.si_code != CLD_EXITED || siginfo.si_status != 0) { if (e4crypt_is_native()) { LOG(ERROR) << "Rebooting into recovery, reason: " << reboot_reason; reboot_into_recovery({"--prompt_and_wipe_data", "--reason="s + reboot_reason}); } else { LOG(ERROR) << "Failure (reboot suppressed): " << reboot_reason; } } }); if (auto result = service->ExecStart(); !result) { return Error() << "Could not start exec service: " << result.error(); } ServiceList::GetInstance().AddService(std::move(service)); return Success(); } static Result<Success> do_installkey(const BuiltinArguments& args) { if (!is_file_crypto()) return Success(); Loading @@ -994,15 +1014,15 @@ static Result<Success> do_installkey(const BuiltinArguments& args) { if (!make_dir(unencrypted_dir, 0700) && errno != EEXIST) { return ErrnoError() << "Failed to create " << unencrypted_dir; } std::vector<std::string> exec_args = {"exec", "/system/bin/vdc", "--wait", "cryptfs", "enablefilecrypto"}; return do_exec({std::move(exec_args), args.context}); return ExecWithRebootOnFailure( "enablefilecrypto_failed", {{"exec", "/system/bin/vdc", "--wait", "cryptfs", "enablefilecrypto"}, args.context}); } static Result<Success> do_init_user0(const BuiltinArguments& args) { std::vector<std::string> exec_args = {"exec", "/system/bin/vdc", "--wait", "cryptfs", "init_user0"}; return do_exec({std::move(exec_args), args.context}); return ExecWithRebootOnFailure( "init_user0_failed", {{"exec", "/system/bin/vdc", "--wait", "cryptfs", "init_user0"}, args.context}); } // Builtin-function-map start Loading init/init.cpp +8 −0 Original line number Diff line number Diff line Loading @@ -595,6 +595,14 @@ int main(int argc, char** argv) { mknod("/dev/random", S_IFCHR | 0666, makedev(1, 8)); mknod("/dev/urandom", S_IFCHR | 0666, makedev(1, 9)); // Mount staging areas for devices managed by vold // See storage config details at http://source.android.com/devices/storage/ mount("tmpfs", "/mnt", "tmpfs", MS_NOEXEC | MS_NOSUID | MS_NODEV, "mode=0755,uid=0,gid=1000"); // /mnt/vendor is used to mount vendor-specific partitions that can not be // part of the vendor partition, e.g. because they are mounted read-write. mkdir("/mnt/vendor", 0755); // Now that tmpfs is mounted on /dev and we have /dev/kmsg, we can actually // talk to the outside world... InitKernelLogging(argv); Loading init/service.cpp +5 −1 Original line number Diff line number Diff line Loading @@ -303,7 +303,7 @@ void Service::SetProcessAttributes() { } } void Service::Reap() { void Service::Reap(const siginfo_t& siginfo) { if (!(flags_ & SVC_ONESHOT) || (flags_ & SVC_RESTART)) { KillProcessGroup(SIGKILL); } Loading @@ -312,6 +312,10 @@ void Service::Reap() { std::for_each(descriptors_.begin(), descriptors_.end(), std::bind(&DescriptorInfo::Clean, std::placeholders::_1)); for (const auto& f : reap_callbacks_) { f(siginfo); } if (flags_ & SVC_EXEC) UnSetExec(); if (flags_ & SVC_TEMPORARY) return; Loading Loading
fastboot/fastboot.cpp +0 −6 Original line number Diff line number Diff line Loading @@ -457,12 +457,6 @@ static void* load_bootable_image(const std::string& kernel, const std::string& r } if (!memcmp(kdata, BOOT_MAGIC, BOOT_MAGIC_SIZE)) { if (cmdline) bootimg_set_cmdline(reinterpret_cast<boot_img_hdr_v1*>(kdata), cmdline); uint32_t header_version_existing = reinterpret_cast<boot_img_hdr_v1*>(kdata)->header_version; if (header_version != header_version_existing) { die("header version mismatch, expected: %" PRIu32 " found %" PRIu32 "", header_version, header_version_existing); } if (!ramdisk.empty()) die("cannot boot a boot.img *and* ramdisk"); Loading
fs_mgr/fs_mgr_priv.h +1 −1 Original line number Diff line number Diff line Loading @@ -45,7 +45,7 @@ #define PWARNING PLOG(WARNING) << FS_MGR_TAG #define PERROR PLOG(ERROR) << FS_MGR_TAG #define CRYPTO_TMPFS_OPTIONS "size=256m,mode=0771,uid=1000,gid=1000" #define CRYPTO_TMPFS_OPTIONS "size=512m,mode=0771,uid=1000,gid=1000" /* fstab has the following format: * Loading
init/builtins.cpp +33 −13 Original line number Diff line number Diff line Loading @@ -82,6 +82,7 @@ namespace init { static constexpr std::chrono::nanoseconds kCommandRetryTimeout = 5s; static Result<Success> reboot_into_recovery(const std::vector<std::string>& options) { LOG(ERROR) << "Rebooting into recovery"; std::string err; if (!write_bootloader_message(options, &err)) { return Error() << "Failed to set bootloader message: " << err; Loading Loading @@ -285,11 +286,8 @@ static Result<Success> do_mkdir(const BuiltinArguments& args) { if (e4crypt_is_native()) { if (e4crypt_set_directory_policy(args[1].c_str())) { const std::vector<std::string> options = { "--prompt_and_wipe_data", "--reason=set_policy_failed:"s + args[1]}; reboot_into_recovery(options); return Success(); return reboot_into_recovery( {"--prompt_and_wipe_data", "--reason=set_policy_failed:"s + args[1]}); } } return Success(); Loading Loading @@ -493,8 +491,7 @@ static Result<Success> queue_fs_event(int code) { /* Setup a wipe via recovery, and reboot into recovery */ PLOG(ERROR) << "fs_mgr_mount_all suggested recovery, so wiping data via recovery."; const std::vector<std::string> options = {"--wipe_data", "--reason=fs_mgr_mount_all" }; reboot_into_recovery(options); return Success(); return reboot_into_recovery(options); /* If reboot worked, there is no return. */ } else if (code == FS_MGR_MNTALL_DEV_FILE_ENCRYPTED) { if (e4crypt_install_keyring()) { Loading Loading @@ -987,6 +984,29 @@ static bool is_file_crypto() { return android::base::GetProperty("ro.crypto.type", "") == "file"; } static Result<Success> ExecWithRebootOnFailure(const std::string& reboot_reason, const BuiltinArguments& args) { auto service = Service::MakeTemporaryOneshotService(args.args); if (!service) { return Error() << "Could not create exec service"; } service->AddReapCallback([reboot_reason](const siginfo_t& siginfo) { if (siginfo.si_code != CLD_EXITED || siginfo.si_status != 0) { if (e4crypt_is_native()) { LOG(ERROR) << "Rebooting into recovery, reason: " << reboot_reason; reboot_into_recovery({"--prompt_and_wipe_data", "--reason="s + reboot_reason}); } else { LOG(ERROR) << "Failure (reboot suppressed): " << reboot_reason; } } }); if (auto result = service->ExecStart(); !result) { return Error() << "Could not start exec service: " << result.error(); } ServiceList::GetInstance().AddService(std::move(service)); return Success(); } static Result<Success> do_installkey(const BuiltinArguments& args) { if (!is_file_crypto()) return Success(); Loading @@ -994,15 +1014,15 @@ static Result<Success> do_installkey(const BuiltinArguments& args) { if (!make_dir(unencrypted_dir, 0700) && errno != EEXIST) { return ErrnoError() << "Failed to create " << unencrypted_dir; } std::vector<std::string> exec_args = {"exec", "/system/bin/vdc", "--wait", "cryptfs", "enablefilecrypto"}; return do_exec({std::move(exec_args), args.context}); return ExecWithRebootOnFailure( "enablefilecrypto_failed", {{"exec", "/system/bin/vdc", "--wait", "cryptfs", "enablefilecrypto"}, args.context}); } static Result<Success> do_init_user0(const BuiltinArguments& args) { std::vector<std::string> exec_args = {"exec", "/system/bin/vdc", "--wait", "cryptfs", "init_user0"}; return do_exec({std::move(exec_args), args.context}); return ExecWithRebootOnFailure( "init_user0_failed", {{"exec", "/system/bin/vdc", "--wait", "cryptfs", "init_user0"}, args.context}); } // Builtin-function-map start Loading
init/init.cpp +8 −0 Original line number Diff line number Diff line Loading @@ -595,6 +595,14 @@ int main(int argc, char** argv) { mknod("/dev/random", S_IFCHR | 0666, makedev(1, 8)); mknod("/dev/urandom", S_IFCHR | 0666, makedev(1, 9)); // Mount staging areas for devices managed by vold // See storage config details at http://source.android.com/devices/storage/ mount("tmpfs", "/mnt", "tmpfs", MS_NOEXEC | MS_NOSUID | MS_NODEV, "mode=0755,uid=0,gid=1000"); // /mnt/vendor is used to mount vendor-specific partitions that can not be // part of the vendor partition, e.g. because they are mounted read-write. mkdir("/mnt/vendor", 0755); // Now that tmpfs is mounted on /dev and we have /dev/kmsg, we can actually // talk to the outside world... InitKernelLogging(argv); Loading
init/service.cpp +5 −1 Original line number Diff line number Diff line Loading @@ -303,7 +303,7 @@ void Service::SetProcessAttributes() { } } void Service::Reap() { void Service::Reap(const siginfo_t& siginfo) { if (!(flags_ & SVC_ONESHOT) || (flags_ & SVC_RESTART)) { KillProcessGroup(SIGKILL); } Loading @@ -312,6 +312,10 @@ void Service::Reap() { std::for_each(descriptors_.begin(), descriptors_.end(), std::bind(&DescriptorInfo::Clean, std::placeholders::_1)); for (const auto& f : reap_callbacks_) { f(siginfo); } if (flags_ & SVC_EXEC) UnSetExec(); if (flags_ & SVC_TEMPORARY) return; Loading
