diff --git a/mkbootfs/src/mkbootfs/cpp/fs_config.cpp b/mkbootfs/src/mkbootfs/cpp/fs_config.cpp index cc96ff8..0f2b460 100644 --- a/mkbootfs/src/mkbootfs/cpp/fs_config.cpp +++ b/mkbootfs/src/mkbootfs/cpp/fs_config.cpp @@ -14,6 +14,8 @@ * limitations under the License. */ +#include + // This file is used to define the properties of the filesystem // images generated by build tools (mkbootfs and mkyaffs2image) and // by the device side of adb. @@ -22,7 +24,6 @@ #include #include -#include #include #include #include @@ -32,7 +33,6 @@ #include #include -#include #include #ifndef O_BINARY @@ -80,7 +80,6 @@ static const struct fs_path_config android_dirs[] = { { 00775, AID_ROOT, AID_ROOT, 0, "data/preloads" }, { 00771, AID_SYSTEM, AID_SYSTEM, 0, "data" }, { 00755, AID_ROOT, AID_SYSTEM, 0, "mnt" }, - { 00755, AID_ROOT, AID_ROOT, 0, "root" }, { 00750, AID_ROOT, AID_SHELL, 0, "sbin" }, { 00777, AID_ROOT, AID_ROOT, 0, "sdcard" }, { 00751, AID_ROOT, AID_SDCARD_R, 0, "storage" }, @@ -123,6 +122,12 @@ static const char* conf[][2] = { {odm_conf_file, odm_conf_dir}, }; +// Do not use android_files to grant Linux capabilities. Use ambient capabilities in their +// associated init.rc file instead. See https://source.android.com/devices/tech/config/ambient. + +// Do not place any new vendor/, data/vendor/, etc entries in android_files. +// Vendor entries should be done via a vendor or device specific config.fs. +// See https://source.android.com/devices/tech/config/filesystem#using-file-system-capabilities static const struct fs_path_config android_files[] = { // clang-format off { 00644, AID_SYSTEM, AID_SYSTEM, 0, "data/app/*" }, @@ -142,6 +147,7 @@ static const struct fs_path_config android_files[] = { { 00444, AID_ROOT, AID_ROOT, 0, odm_conf_file + 1 }, { 00444, AID_ROOT, AID_ROOT, 0, oem_conf_dir + 1 }, { 00444, AID_ROOT, AID_ROOT, 0, oem_conf_file + 1 }, + { 00600, AID_ROOT, AID_ROOT, 0, "product/build.prop" }, { 00750, AID_ROOT, AID_SHELL, 0, "sbin/fs_mgr" }, { 00755, AID_ROOT, AID_SHELL, 0, "system/bin/crash_dump32" }, { 00755, AID_ROOT, AID_SHELL, 0, "system/bin/crash_dump64" }, @@ -176,6 +182,8 @@ static const struct fs_path_config android_files[] = { CAP_MASK_LONG(CAP_AUDIT_CONTROL) | CAP_MASK_LONG(CAP_SETGID), "system/bin/logd" }, + { 00550, AID_SYSTEM, AID_LOG, CAP_MASK_LONG(CAP_SYSLOG), + "system/bin/bootstat" }, { 00750, AID_ROOT, AID_SHELL, CAP_MASK_LONG(CAP_SETUID) | CAP_MASK_LONG(CAP_SETGID), "system/bin/run-as" }, @@ -183,33 +191,6 @@ static const struct fs_path_config android_files[] = { // Support FIFO scheduling mode in SurfaceFlinger. { 00755, AID_SYSTEM, AID_GRAPHICS, CAP_MASK_LONG(CAP_SYS_NICE), "system/bin/surfaceflinger" }, - - // Support hostapd administering a network interface. - { 00755, AID_WIFI, AID_WIFI, CAP_MASK_LONG(CAP_NET_ADMIN) | - CAP_MASK_LONG(CAP_NET_RAW), - "vendor/bin/hostapd" }, - - // Support Bluetooth legacy hal accessing /sys/class/rfkill - // Support RT scheduling in Bluetooth - { 00700, AID_BLUETOOTH, AID_BLUETOOTH, CAP_MASK_LONG(CAP_NET_ADMIN) | - CAP_MASK_LONG(CAP_SYS_NICE), - "vendor/bin/hw/android.hardware.bluetooth@1.0-service" }, - - // Support wifi_hal_legacy administering a network interface. - { 00755, AID_WIFI, AID_WIFI, CAP_MASK_LONG(CAP_NET_ADMIN) | - CAP_MASK_LONG(CAP_NET_RAW), - "vendor/bin/hw/android.hardware.wifi@1.0-service" }, - - // A non-privileged zygote that spawns isolated processes for web rendering. - { 0750, AID_ROOT, AID_ROOT, CAP_MASK_LONG(CAP_SETUID) | - CAP_MASK_LONG(CAP_SETGID) | - CAP_MASK_LONG(CAP_SETPCAP), - "system/bin/webview_zygote32" }, - { 0750, AID_ROOT, AID_ROOT, CAP_MASK_LONG(CAP_SETUID) | - CAP_MASK_LONG(CAP_SETGID) | - CAP_MASK_LONG(CAP_SETPCAP), - "system/bin/webview_zygote64" }, - // generic defaults { 00755, AID_ROOT, AID_ROOT, 0, "bin/*" }, { 00640, AID_ROOT, AID_SHELL, 0, "fstab.*" }, diff --git a/mkbootfs/src/mkbootfs/cpp/mkbootfs.c b/mkbootfs/src/mkbootfs/cpp/mkbootfs.c index 632116b..e52762e 100644 --- a/mkbootfs/src/mkbootfs/cpp/mkbootfs.c +++ b/mkbootfs/src/mkbootfs/cpp/mkbootfs.c @@ -1,4 +1,4 @@ -#include + #include #include #include @@ -13,7 +13,7 @@ #include #include -#include + /* NOTES ** ** - see buffer-format.txt from the linux kernel docs for @@ -100,11 +100,7 @@ static void _eject(struct stat *s, char *out, int olen, char *data, unsigned dat putchar(0); } -#ifdef CFIG_NO_FIX_STAT -#warning CFIG_NO_FIX_STAT defined, will not fix_stat() defined in Android -#else fix_stat(out, s); -#endif // fprintf(stderr, "_eject %s: mode=0%o\n", out, s->st_mode); printf("%06x%08x%08x%08x%08x%08x%08x" @@ -176,7 +172,7 @@ static void _archive_dir(char *in, char *out, int ilen, int olen) int size = 32; int entries = 0; - char** names = (char**) malloc(size * sizeof(char*)); + char** names = malloc(size * sizeof(char*)); if (names == NULL) { fprintf(stderr, "failed to allocate dir names array (size %d)\n", size); exit(1); @@ -191,7 +187,7 @@ static void _archive_dir(char *in, char *out, int ilen, int olen) if (entries >= size) { size *= 2; - names = (char**) realloc(names, size * sizeof(char*)); + names = realloc(names, size * sizeof(char*)); if (names == NULL) { fprintf(stderr, "failed to reallocate dir names array (size %d)\n", size); diff --git a/mkbootfs/src/mkbootfs/headers/private/android_filesystem_config.h b/mkbootfs/src/mkbootfs/headers/private/android_filesystem_config.h index d4ba019..3be8ad0 100644 --- a/mkbootfs/src/mkbootfs/headers/private/android_filesystem_config.h +++ b/mkbootfs/src/mkbootfs/headers/private/android_filesystem_config.h @@ -55,6 +55,9 @@ */ #define AID_ROOT 0 /* traditional unix root user */ +/* The following are for LTP and should only be used for testing */ +#define AID_DAEMON 1 /* traditional unix daemon owner */ +#define AID_BIN 2 /* traditional unix binaries owner */ #define AID_SYSTEM 1000 /* system server */ @@ -120,6 +123,14 @@ #define AID_ESE 1060 /* embedded secure element (eSE) subsystem */ #define AID_OTA_UPDATE 1061 /* resource tracking UID for OTA updates */ #define AID_AUTOMOTIVE_EVS 1062 /* Automotive rear and surround view system */ +#define AID_LOWPAN 1063 /* LoWPAN subsystem */ +#define AID_HSM 1064 /* hardware security module subsystem */ +#define AID_RESERVED_DISK 1065 /* GID that has access to reserved disk space */ +#define AID_STATSD 1066 /* statsd daemon */ +#define AID_INCIDENTD 1067 /* incidentd daemon */ +#define AID_SECURE_ELEMENT 1068 /* secure element subsystem */ +#define AID_LMKD 1069 /* low memory killer daemon */ +#define AID_LLKD 1070 /* live lock daemon */ /* Changes to this file must be made in AOSP, *not* in internal branches. */ #define AID_SHELL 2000 /* adb and debug shell user */ @@ -168,6 +179,14 @@ #define AID_SHARED_GID_START 50000 /* start of gids for apps in each user to share */ #define AID_SHARED_GID_END 59999 /* end of gids for apps in each user to share */ +/* + * This is a magic number in the kernel and not something that was picked + * arbitrarily. This value is returned whenever a uid that has no mapping in the + * user namespace is returned to userspace: + * https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/tree/include/linux/highuid.h?h=v4.4#n40 + */ +#define AID_OVERFLOWUID 65534 /* unmapped user in the user namespace */ + #define AID_ISOLATED_START 99000 /* start of uids for fully isolated sandboxed processes */ #define AID_ISOLATED_END 99999 /* end of uids for fully isolated sandboxed processes */ diff --git a/mkbootfs/src/mkbootfs/headers/private/fs_config.h b/mkbootfs/src/mkbootfs/headers/private/fs_config.h index aab5042..8926491 100644 --- a/mkbootfs/src/mkbootfs/headers/private/fs_config.h +++ b/mkbootfs/src/mkbootfs/headers/private/fs_config.h @@ -24,6 +24,7 @@ #include #include +#include #if defined(__BIONIC__) #include diff --git a/port.mk b/port.mk new file mode 100644 index 0000000..f1ef72a --- /dev/null +++ b/port.mk @@ -0,0 +1,69 @@ +ROOTDIR := staging +LOG_H := $(ROOTDIR)/src/mkbootfs/headers/log/log.h + +define build_gradle_content +YXBwbHkgcGx1Z2luOiAnY3BwJyAKYXBwbHkgcGx1Z2luOiAnYycgCgptb2RlbCB7CiAgICBidWls +ZFR5cGVzIHsKICAgICAgICByZWxlYXNlCiAgICB9ICAgCgogICAgY29tcG9uZW50cyB7CiAgICAg +ICAgbWtib290ZnMoTmF0aXZlRXhlY3V0YWJsZVNwZWMpIHsKICAgICAgICAgICAgYmluYXJpZXMu +YWxsIHsKICAgICAgICAgICAgICAgIGNwcENvbXBpbGVyLmRlZmluZSAiX19BTkRST0lEX1ZOREtf +XyIKICAgICAgICAgICAgICAgIC8vY3BwQ29tcGlsZXIuZGVmaW5lICdDRklHX05PX0ZJWF9TVEFU +JwogICAgICAgICAgICAgICAgY3BwQ29tcGlsZXIuYXJncyA8PCAnLXN0ZD1nbnUrKzExJyA8PCAi +LVduby13cml0ZS1zdHJpbmdzIgogICAgICAgICAgICB9ICAgCiAgICAgICAgfSAgIAogICAgfSAg +IAp9Cg== +endef + +define log_h_content +I2lmbmRlZiBfQ0ZJR19MT0dfSAojZGVmaW5lIF9DRklHX0xPR19ICgojZGVmaW5lIEFMT0dFIHBy +aW50ZgoKI2VuZGlmCg== +endef + +define mkbootfs_patch_content +ZGlmZiAtLWdpdCBhL3NyYy9ta2Jvb3Rmcy9jcHAvbWtib290ZnMuYyBiL3NyYy9ta2Jvb3Rmcy9j +cHAvbWtib290ZnMuYwppbmRleCBlNTI3NjJlLi5lYmEzNjU3IDEwMDY0NAotLS0gYS9zcmMvbWti +b290ZnMvY3BwL21rYm9vdGZzLmMKKysrIGIvc3JjL21rYm9vdGZzL2NwcC9ta2Jvb3Rmcy5jCkBA +IC0xMyw2ICsxMywxMCBAQAogI2luY2x1ZGUgPGZjbnRsLmg+CiAKICNpbmNsdWRlIDxwcml2YXRl +L2FuZHJvaWRfZmlsZXN5c3RlbV9jb25maWcuaD4KKy8vWFhYCisjaW5jbHVkZSA8Y3N0ZGludD4K +KyNpbmNsdWRlIDxwcml2YXRlL2ZzX2NvbmZpZy5oPgorLy9YWFgKIAogLyogTk9URVMKICoqCkBA +IC0xMDAsNyArMTA0LDExIEBAIHN0YXRpYyB2b2lkIF9lamVjdChzdHJ1Y3Qgc3RhdCAqcywgY2hh +ciAqb3V0LCBpbnQgb2xlbiwgY2hhciAqZGF0YSwgdW5zaWduZWQgZGF0CiAgICAgICAgIHB1dGNo +YXIoMCk7CiAgICAgfQogCisjaWZkZWYgQ0ZJR19OT19GSVhfU1RBVAorI3dhcm5pbmcgQ0ZJR19O +T19GSVhfU1RBVCBkZWZpbmVkLCB3aWxsIG5vdCBmaXhfc3RhdCgpIGRlZmluZWQgaW4gQW5kcm9p +ZAorI2Vsc2UKICAgICBmaXhfc3RhdChvdXQsIHMpOworI2VuZGlmCiAvLyAgICBmcHJpbnRmKHN0 +ZGVyciwgIl9lamVjdCAlczogbW9kZT0wJW9cbiIsIG91dCwgcy0+c3RfbW9kZSk7CiAKICAgICBw +cmludGYoIiUwNnglMDh4JTA4eCUwOHglMDh4JTA4eCUwOHgiCkBAIC0xNzIsNyArMTgwLDcgQEAg +c3RhdGljIHZvaWQgX2FyY2hpdmVfZGlyKGNoYXIgKmluLCBjaGFyICpvdXQsIGludCBpbGVuLCBp +bnQgb2xlbikKIAogICAgIGludCBzaXplID0gMzI7CiAgICAgaW50IGVudHJpZXMgPSAwOwotICAg +IGNoYXIqKiBuYW1lcyA9IG1hbGxvYyhzaXplICogc2l6ZW9mKGNoYXIqKSk7CisgICAgY2hhcioq +IG5hbWVzID0gKGNoYXIqKikgbWFsbG9jKHNpemUgKiBzaXplb2YoY2hhciopKTsKICAgICBpZiAo +bmFtZXMgPT0gTlVMTCkgewogICAgICAgZnByaW50ZihzdGRlcnIsICJmYWlsZWQgdG8gYWxsb2Nh +dGUgZGlyIG5hbWVzIGFycmF5IChzaXplICVkKVxuIiwgc2l6ZSk7CiAgICAgICBleGl0KDEpOwpA +QCAtMTg3LDcgKzE5NSw3IEBAIHN0YXRpYyB2b2lkIF9hcmNoaXZlX2RpcihjaGFyICppbiwgY2hh +ciAqb3V0LCBpbnQgaWxlbiwgaW50IG9sZW4pCiAKICAgICAgICAgaWYgKGVudHJpZXMgPj0gc2l6 +ZSkgewogICAgICAgICAgIHNpemUgKj0gMjsKLSAgICAgICAgICBuYW1lcyA9IHJlYWxsb2MobmFt +ZXMsIHNpemUgKiBzaXplb2YoY2hhciopKTsKKyAgICAgICAgICBuYW1lcyA9IChjaGFyKiopIHJl +YWxsb2MobmFtZXMsIHNpemUgKiBzaXplb2YoY2hhciopKTsKICAgICAgICAgICBpZiAobmFtZXMg +PT0gTlVMTCkgewogICAgICAgICAgICAgZnByaW50ZihzdGRlcnIsICJmYWlsZWQgdG8gcmVhbGxv +Y2F0ZSBkaXIgbmFtZXMgYXJyYXkgKHNpemUgJWQpXG4iLAogICAgICAgICAgICAgICAgICAgICBz +aXplKTsK +endef + +export build_gradle_content +export log_h_content +export mkbootfs_patch_content +t: + rm -fr $(ROOTDIR) + mkdir $(ROOTDIR) + mkdir -p $(ROOTDIR)/src/mkbootfs/cpp + mkdir -p $(ROOTDIR)/src/mkbootfs/headers/private + mkdir -p $(ROOTDIR)/src/mkbootfs/headers/utils + mkdir -p $(ROOTDIR)/src/mkbootfs/headers/log + cp -v system/core/cpio/mkbootfs.c $(ROOTDIR)/src/mkbootfs/cpp/ + cp -v system/core/libcutils/fs_config.cpp $(ROOTDIR)/src/mkbootfs/cpp/ + cp -v system/core/libcutils/include/private/android_filesystem_config.h $(ROOTDIR)/src/mkbootfs/headers/private/ + cp -v system/core/libcutils/include/private/android_filesystem_capability.h $(ROOTDIR)/src/mkbootfs/headers/private/ + cp -v system/core/libcutils/include/private/fs_config.h $(ROOTDIR)/src/mkbootfs/headers/private/ + cp -v system/core/libutils/include/utils/Compat.h $(ROOTDIR)/src/mkbootfs/headers/utils/ + echo "$$log_h_content" | base64 -d > $(LOG_H) + echo "$$build_gradle_content" | base64 -d > $(ROOTDIR)/build.gradle + echo "$$mkbootfs_patch_content" | base64 -d > $(ROOTDIR)/1.diff +