diff --git a/debuggerd/Android.bp b/debuggerd/Android.bp index d20de6bbf724..f60e7351ace2 100644 --- a/debuggerd/Android.bp +++ b/debuggerd/Android.bp @@ -257,7 +257,7 @@ cc_library_static { cflags: ["-DROOT_POSSIBLE"], }, - malloc_not_svelte: { + malloc_use_scudo: { cflags: ["-DUSE_SCUDO"], whole_static_libs: ["libscudo"], srcs: ["libdebuggerd/scudo.cpp"], diff --git a/healthd/BatteryMonitor.cpp b/healthd/BatteryMonitor.cpp index 75af4402c7e1..4d6f72c5ce15 100644 --- a/healthd/BatteryMonitor.cpp +++ b/healthd/BatteryMonitor.cpp @@ -46,6 +46,8 @@ #define POWER_SUPPLY_SUBSYSTEM "power_supply" #define POWER_SUPPLY_SYSFS_PATH "/sys/class/" POWER_SUPPLY_SUBSYSTEM +#define SYSFS_BATTERY_CURRENT "/sys/class/power_supply/battery/current_now" +#define SYSFS_BATTERY_VOLTAGE "/sys/class/power_supply/battery/voltage_now" #define FAKE_BATTERY_CAPACITY 42 #define FAKE_BATTERY_TEMPERATURE 424 #define MILLION 1.0e6 @@ -520,19 +522,13 @@ void BatteryMonitor::updateValues(void) { KLOG_WARNING(LOG_TAG, "%s: Unknown power supply type\n", mChargerNames[i].string()); } - path.clear(); - path.appendFormat("%s/%s/current_max", POWER_SUPPLY_SYSFS_PATH, - mChargerNames[i].string()); - int ChargingCurrent = - (access(path.string(), R_OK) == 0) ? getIntField(path) : 0; - path.clear(); - path.appendFormat("%s/%s/voltage_max", POWER_SUPPLY_SYSFS_PATH, - mChargerNames[i].string()); + int ChargingCurrent = + (access(SYSFS_BATTERY_CURRENT, R_OK) == 0) ? abs(getIntField(String8(SYSFS_BATTERY_CURRENT))) : 0; int ChargingVoltage = - (access(path.string(), R_OK) == 0) ? getIntField(path) : - DEFAULT_VBUS_VOLTAGE; + (access(SYSFS_BATTERY_VOLTAGE, R_OK) == 0) ? getIntField(String8(SYSFS_BATTERY_VOLTAGE)) : + DEFAULT_VBUS_VOLTAGE; double power = ((double)ChargingCurrent / MILLION) * ((double)ChargingVoltage / MILLION); diff --git a/init/property_service.cpp b/init/property_service.cpp index c8e1e14c35d3..7850bb7c4f5b 100644 --- a/init/property_service.cpp +++ b/init/property_service.cpp @@ -128,6 +128,8 @@ struct PropertyAuditData { const char* name; }; +static bool weaken_prop_override_security = false; + static int PropertyAuditCallback(void* data, security_class_t /*cls*/, char* buf, size_t len) { auto* d = reinterpret_cast(data); @@ -397,8 +399,8 @@ static std::optional PropertySet(const std::string& name, const std::s prop_info* pi = (prop_info*)__system_property_find(name.c_str()); if (pi != nullptr) { - // ro.* properties are actually "write-once". - if (StartsWith(name, "ro.")) { + // ro.* properties are actually "write-once", unless the system decides to + if (StartsWith(name, "ro.") && !weaken_prop_override_security) { *error = "Read-only property was already set"; return {PROP_ERROR_READ_ONLY_PROPERTY}; } @@ -858,6 +860,94 @@ static void load_override_properties() { } } +static const char *snet_prop_key[] = { + "ro.boot.vbmeta.device_state", + "ro.boot.verifiedbootstate", + "ro.boot.flash.locked", + "ro.boot.selinux", + "ro.boot.veritymode", + "ro.boot.warranty_bit", + "ro.warranty_bit", + "ro.debuggable", + "ro.secure", + "ro.build.type", + "ro.system.build.type", + "ro.system_ext.build.type", + "ro.vendor.build.type", + "ro.product.build.type", + "ro.odm.build.type", + "ro.build.keys", + "ro.build.tags", + "ro.system.build.tags", + "ro.vendor.boot.warranty_bit", + "ro.vendor.warranty_bit", + "vendor.boot.vbmeta.device_state", + "vendor.boot.verifiedbootstate", + NULL +}; + +static const char *snet_prop_value[] = { + "locked", // ro.boot.vbmeta.device_state + "green", // ro.boot.verifiedbootstate + "1", // ro.boot.flash.locked + "enforcing", // ro.boot.selinux + "enforcing", // ro.boot.veritymode + "0", // ro.boot.warranty_bit + "0", // ro.warranty_bit + "0", // ro.debuggable + "1", // ro.secure + "user", // ro.build.type + "user", // ro.system.build.type + "user", // ro.system_ext.build.type + "user", // ro.vendor.build.type + "user", // ro.product.build.type + "user", // ro.odm.build.type + "release-keys", // ro.build.keys + "release-keys", // ro.build.tags + "release-keys", // ro.system.build.tags + "0", // ro.vendor.boot.warranty_bit + "0", // ro.vendor.warranty_bit + "locked", // vendor.boot.vbmeta.device_state + "green", // vendor.boot.verifiedbootstate + NULL +}; + +static void workaround_snet_properties() { + std::string build_type = android::base::GetProperty("ro.build.type", ""); + + // Bail out if this is recovery, fastbootd, or anything other than a normal boot. + // fastbootd, in particular, needs the real values so it can allow flashing on + // unlocked bootloaders. + if (IsRecoveryMode()) { + return; + } + + // Exit if eng build + if (build_type == "eng") { + return; + } + + // Weaken property override security to set safetynet props + weaken_prop_override_security = true; + + std::string error; + + // Hide all sensitive props + LOG(INFO) << "snet: Hiding sensitive props"; + for (int i = 0; snet_prop_key[i]; ++i) { + PropertySetNoSocket(snet_prop_key[i], snet_prop_value[i], &error); + } + + // Extra pops + std::string build_flavor_key = "ro.build.flavor"; + std::string build_flavor_value = android::base::GetProperty(build_flavor_key, ""); + build_flavor_value = android::base::StringReplace(build_flavor_value, "userdebug", "user", false); + PropertySetNoSocket(build_flavor_key, build_flavor_value, &error); + + // Restore the normal property override security after safetynet props have been set + weaken_prop_override_security = false; +} + // If the ro.product.[brand|device|manufacturer|model|name] properties have not been explicitly // set, derive them from ro.product.${partition}.* properties static void property_initialize_ro_product_props() { @@ -1207,6 +1297,9 @@ void PropertyLoadBootDefaults() { } } + // Weaken property override security during execution of the vendor init extension + weaken_prop_override_security = true; + // Update with vendor-specific property runtime overrides vendor_load_properties(); @@ -1217,7 +1310,13 @@ void PropertyLoadBootDefaults() { property_initialize_ro_cpu_abilist(); property_initialize_ro_vendor_api_level(); + // Restore the normal property override security after init extension is executed + weaken_prop_override_security = false; + update_sys_usb_config(); + + // Workaround SafetyNet + workaround_snet_properties(); } bool LoadPropertyInfoFromFile(const std::string& filename, diff --git a/libprocessgroup/profiles/task_profiles.json b/libprocessgroup/profiles/task_profiles.json index 1fc66ba10a64..46b7a238a088 100644 --- a/libprocessgroup/profiles/task_profiles.json +++ b/libprocessgroup/profiles/task_profiles.json @@ -521,7 +521,7 @@ "Params": { "Controller": "cpuset", - "Path": "system-background" + "Path": "foreground" } } ] @@ -534,7 +534,7 @@ "Params": { "Controller": "cpuset", - "Path": "system-background" + "Path": "foreground" } } ] diff --git a/rootdir/etc/hosts b/rootdir/etc/hosts index 649151cef760..0a1764ee0e05 100644 --- a/rootdir/etc/hosts +++ b/rootdir/etc/hosts @@ -1,2 +1,5 @@ 127.0.0.1 localhost ::1 ip6-localhost +127.0.0.1 ota.googlezip.net +127.0.0.1 ota-cache1.googlezip.net +127.0.0.1 ota-cache2.googlezip.net diff --git a/rootdir/init.rc b/rootdir/init.rc index c9b583238eba..c128248e7c4a 100644 --- a/rootdir/init.rc +++ b/rootdir/init.rc @@ -1096,10 +1096,9 @@ on zygote-start && property:ro.crypto.state=encrypted && property:ro.crypto.type start zygote start zygote_secondary +# Tweak background writeout on boot && property:ro.config.low_ram=true - # Tweak background writeout write /proc/sys/vm/dirty_expire_centisecs 200 - write /proc/sys/vm/dirty_background_ratio 5 on boot # basic network init @@ -1115,6 +1114,8 @@ on boot # parameters to match how it is managing things. write /proc/sys/vm/overcommit_memory 1 write /proc/sys/vm/min_free_order_shift 4 + write /proc/sys/vm/dirty_background_bytes 52428800 + write /proc/sys/vm/dirty_bytes 209715200 # System server manages zram writeback chown root system /sys/block/zram0/idle