Merge tag 'android-5.1.0_r1' into HEAD

Android 5.1.0 release 1

Conflicts:
	fs_mgr/fs_mgr.c
	healthd/healthd_mode_charger.cpp
	include/system/audio.h
	rootdir/init.environ.rc.in

Change-Id: I7a11f9aaf2f73854a724392625b0c2719fb2a829

Author: Anh Nguyen

adb/Android.mk

@@ -111,6 +111,7 @@ LOCAL_SRC_FILES := \
 	jdwp_service.c \
 	framebuffer_service.c \
 	remount_service.c \
+	disable_verity_service.c \
 	usb_linux_client.c
 
 ifeq ($(call is-vendor-board-platform,QCOM),true)
@@ -125,13 +126,25 @@ ifneq (,$(filter userdebug eng,$(TARGET_BUILD_VARIANT)))
 LOCAL_CFLAGS += -DALLOW_ADBD_ROOT=1
 endif
 
+ifneq (,$(filter userdebug,$(TARGET_BUILD_VARIANT)))
+LOCAL_CFLAGS += -DALLOW_ADBD_DISABLE_VERITY=1
+endif
+
 LOCAL_MODULE := adbd
 
 LOCAL_FORCE_STATIC_EXECUTABLE := true
 LOCAL_MODULE_PATH := $(TARGET_ROOT_OUT_SBIN)
 LOCAL_UNSTRIPPED_PATH := $(TARGET_ROOT_OUT_SBIN_UNSTRIPPED)
+LOCAL_C_INCLUDES += system/extras/ext4_utils system/core/fs_mgr/include
+
+LOCAL_STATIC_LIBRARIES := liblog \
+	libfs_mgr \
+	libcutils \
+	libc \
+	libmincrypt \
+	libselinux \
+	libext4_utils_static
 
-LOCAL_STATIC_LIBRARIES := liblog libcutils libc libmincrypt libselinux
 include $(BUILD_EXECUTABLE)
 
 

adb/adb.h

@@ -329,6 +329,7 @@ int handle_forward_request(const char* service, transport_type ttype, char* seri
 #if !ADB_HOST
 void framebuffer_service(int fd, void *cookie);
 void remount_service(int fd, void *cookie);
+void disable_verity_service(int fd, void* cookie);
 #endif
 
 /* packet allocator */

adb/adb_auth.h

@@ -18,6 +18,7 @@
 #define __ADB_AUTH_H
 
 void adb_auth_init(void);
+int adb_auth_keygen(const char* filename);
 void adb_auth_verified(atransport *t);
 
 void send_auth_request(atransport *t);

adb/adb_auth_host.c

@@ -15,9 +15,12 @@
  */
 
 #include <stdio.h>
+#include <stdlib.h>
 
 #ifdef _WIN32
-#  define WIN32_LEAN_AND_MEAN
+#  ifndef WIN32_LEAN_AND_MEAN
+#    define WIN32_LEAN_AND_MEAN
+#  endif
 #  include "windows.h"
 #  include "shlobj.h"
 #else
@@ -110,18 +113,34 @@ static int RSA_to_RSAPublicKey(RSA *rsa, RSAPublicKey *pkey)
 static void get_user_info(char *buf, size_t len)
 {
     char hostname[1024], username[1024];
-    int ret;
+    int ret = -1;
+
+    if (getenv("HOSTNAME") != NULL) {
+        strncpy(hostname, getenv("HOSTNAME"), sizeof(hostname));
+        hostname[sizeof(hostname)-1] = '\0';
+        ret = 0;
+    }
 
 #ifndef _WIN32
-    ret = gethostname(hostname, sizeof(hostname));
     if (ret < 0)
+        ret = gethostname(hostname, sizeof(hostname));
 #endif
+    if (ret < 0)
         strcpy(hostname, "unknown");
 
+    ret = -1;
+
+    if (getenv("LOGNAME") != NULL) {
+        strncpy(username, getenv("LOGNAME"), sizeof(username));
+        username[sizeof(username)-1] = '\0';
+        ret = 0;
+    }
+
 #if !defined _WIN32 && !defined ADB_HOST_ON_TARGET
-    ret = getlogin_r(username, sizeof(username));
     if (ret < 0)
+        ret = getlogin_r(username, sizeof(username));
 #endif
+    if (ret < 0)
         strcpy(username, "unknown");
 
     ret = snprintf(buf, len, " %s@%s", username, hostname);
@@ -408,6 +427,11 @@ int adb_auth_get_userkey(unsigned char *data, size_t len)
     return ret + 1;
 }
 
+int adb_auth_keygen(const char* filename) {
+    adb_trace_mask |= (1 << TRACE_AUTH);
+    return (generate_key(filename) == 0);
+}
+
 void adb_auth_init(void)
 {
     int ret;

adb/commandline.c

@@ -36,6 +36,7 @@
 #define  TRACE_TAG  TRACE_ADB
 #include "adb.h"
 #include "adb_client.h"
+#include "adb_auth.h"
 #include "file_sync_service.h"
 
 static int do_cmd(transport_type ttype, char* serial, char *cmd, ...);
@@ -189,6 +190,10 @@ void help()
         "\n"
         "  adb restore <file>           - restore device contents from the <file> backup archive\n"
         "\n"
+        "  adb disable-verity           - disable dm-verity checking on USERDEBUG builds\n"
+        "  adb keygen <file>            - generate adb public/private key. The private key is stored in <file>,\n"
+        "                                 and the public key is stored in <file>.pub. Any existing files\n"
+        "                                 are overwritten.\n"
         "  adb help                     - show this help message\n"
         "  adb version                  - show version num\n"
         "\n"
@@ -205,8 +210,7 @@ void help()
         "  adb reboot-bootloader        - reboots the device into the bootloader\n"
         "  adb root                     - restarts the adbd daemon with root permissions\n"
         "  adb usb                      - restarts the adbd daemon listening on USB\n"
-        "  adb tcpip <port>             - restarts the adbd daemon listening on TCP on the specified port"
-        "\n"
+        "  adb tcpip <port>             - restarts the adbd daemon listening on TCP on the specified port\n"
         "networking:\n"
         "  adb ppp <tty> [parameters]   - Run PPP over USB.\n"
         " Note: you should not automatically start a PPP connection.\n"
@@ -1437,7 +1441,7 @@ int adb_commandline(int argc, char **argv)
     if(!strcmp(argv[0], "remount") || !strcmp(argv[0], "reboot")
             || !strcmp(argv[0], "reboot-bootloader")
             || !strcmp(argv[0], "tcpip") || !strcmp(argv[0], "usb")
-            || !strcmp(argv[0], "root")) {
+            || !strcmp(argv[0], "root") || !strcmp(argv[0], "disable-verity")) {
         char command[100];
         if (!strcmp(argv[0], "reboot-bootloader"))
             snprintf(command, sizeof(command), "reboot:bootloader");
@@ -1720,6 +1724,11 @@ int adb_commandline(int argc, char **argv)
         return restore(argc, argv);
     }
 
+    if (!strcmp(argv[0], "keygen")) {
+        if (argc < 2) return usage();
+        return adb_auth_keygen(argv[1]);
+    }
+
     if (!strcmp(argv[0], "jdwp")) {
         int  fd = adb_connect("jdwp");
         if (fd >= 0) {

adb/disable_verity_service.c

@@ -0,0 +1,199 @@
+/*
+ * Copyright (C) 2014 The Android Open Source Project
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *      http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+#include "sysdeps.h"
+
+#define  TRACE_TAG  TRACE_ADB
+#include "adb.h"
+
+#include <stdio.h>
+#include <stdarg.h>
+#include <sys/stat.h>
+#include <fcntl.h>
+#include <inttypes.h>
+
+#include "cutils/properties.h"
+#include "ext4_sb.h"
+#include <fs_mgr.h>
+
+#define FSTAB_PREFIX "/fstab."
+struct fstab *fstab;
+
+__attribute__((__format__(printf, 2, 3))) __nonnull((2))
+static void write_console(int fd, const char* format, ...)
+{
+    char buffer[256];
+    va_list args;
+    va_start (args, format);
+    vsnprintf (buffer, sizeof(buffer), format, args);
+    va_end (args);
+
+    adb_write(fd, buffer, strnlen(buffer, sizeof(buffer)));
+}
+
+static int get_target_device_size(int fd, const char *blk_device,
+                                  uint64_t *device_size)
+{
+    int data_device;
+    struct ext4_super_block sb;
+    struct fs_info info;
+
+    info.len = 0;  /* Only len is set to 0 to ask the device for real size. */
+
+    data_device = adb_open(blk_device, O_RDONLY | O_CLOEXEC);
+    if (data_device < 0) {
+        write_console(fd, "Error opening block device (%s)\n", strerror(errno));
+        return -1;
+    }
+
+    if (lseek64(data_device, 1024, SEEK_SET) < 0) {
+        write_console(fd, "Error seeking to superblock\n");
+        adb_close(data_device);
+        return -1;
+    }
+
+    if (adb_read(data_device, &sb, sizeof(sb)) != sizeof(sb)) {
+        write_console(fd, "Error reading superblock\n");
+        adb_close(data_device);
+        return -1;
+    }
+
+    ext4_parse_sb(&sb, &info);
+    *device_size = info.len;
+
+    adb_close(data_device);
+    return 0;
+}
+
+static int disable_verity(int fd, const char *block_device,
+                          const char* mount_point)
+{
+    uint32_t magic_number;
+    const uint32_t voff = VERITY_METADATA_MAGIC_DISABLE;
+    uint64_t device_length;
+    int device;
+    int retval = -1;
+
+    device = adb_open(block_device, O_RDWR | O_CLOEXEC);
+    if (device == -1) {
+        write_console(fd, "Could not open block device %s (%s).\n",
+                      block_device, strerror(errno));
+        write_console(fd, "Maybe run adb remount?\n");
+        goto errout;
+    }
+
+    // find the start of the verity metadata
+    if (get_target_device_size(fd, (char*)block_device, &device_length) < 0) {
+        write_console(fd, "Could not get target device size.\n");
+        goto errout;
+    }
+
+    if (lseek64(device, device_length, SEEK_SET) < 0) {
+        write_console(fd,
+                      "Could not seek to start of verity metadata block.\n");
+        goto errout;
+    }
+
+    // check the magic number
+    if (adb_read(device, &magic_number, sizeof(magic_number))
+             != sizeof(magic_number)) {
+        write_console(fd, "Couldn't read magic number!\n");
+        goto errout;
+    }
+
+    if (magic_number == VERITY_METADATA_MAGIC_DISABLE) {
+        write_console(fd, "Verity already disabled on %s\n", mount_point);
+        goto errout;
+    }
+
+    if (magic_number != VERITY_METADATA_MAGIC_NUMBER) {
+        write_console(fd,
+                      "Couldn't find verity metadata at offset %"PRIu64"!\n",
+                      device_length);
+        goto errout;
+    }
+
+    if (lseek64(device, device_length, SEEK_SET) < 0) {
+        write_console(fd,
+                      "Could not seek to start of verity metadata block.\n");
+        goto errout;
+    }
+
+    if (adb_write(device, &voff, sizeof(voff)) != sizeof(voff)) {
+        write_console(fd, "Could not set verity disabled flag on device %s\n",
+                      block_device);
+        goto errout;
+    }
+
+    write_console(fd, "Verity disabled on %s\n", mount_point);
+    retval = 0;
+errout:
+    if (device != -1)
+        adb_close(device);
+    return retval;
+}
+
+void disable_verity_service(int fd, void* cookie)
+{
+#ifdef ALLOW_ADBD_DISABLE_VERITY
+    char fstab_filename[PROPERTY_VALUE_MAX + sizeof(FSTAB_PREFIX)];
+    char propbuf[PROPERTY_VALUE_MAX];
+    int i;
+    bool any_disabled = false;
+
+    property_get("ro.secure", propbuf, "0");
+    if (strcmp(propbuf, "1")) {
+        write_console(fd, "verity not enabled - ENG build\n");
+        goto errout;
+    }
+
+    property_get("ro.debuggable", propbuf, "0");
+    if (strcmp(propbuf, "1")) {
+        write_console(fd, "verity cannot be disabled - USER build\n");
+        goto errout;
+    }
+
+    property_get("ro.hardware", propbuf, "");
+    snprintf(fstab_filename, sizeof(fstab_filename), FSTAB_PREFIX"%s", propbuf);
+
+    fstab = fs_mgr_read_fstab(fstab_filename);
+    if (!fstab) {
+        write_console(fd, "Failed to open %s\nMaybe run adb root?\n",
+                      fstab_filename);
+        goto errout;
+    }
+
+    /* Loop through entries looking for ones that vold manages */
+    for (i = 0; i < fstab->num_entries; i++) {
+        if(fs_mgr_is_verified(&fstab->recs[i])) {
+            if (!disable_verity(fd, fstab->recs[i].blk_device,
+                                fstab->recs[i].mount_point)) {
+                any_disabled = true;
+            }
+       }
+    }
+
+    if (any_disabled) {
+        write_console(fd,
+                      "Now reboot your device for settings to take effect\n");
+    }
+#else
+    write_console(fd, "disable-verity only works for userdebug builds\n");
+#endif
+
+errout:
+    adb_close(fd);
+}

adb/get_my_path_darwin.c

@@ -19,12 +19,12 @@
 
 void get_my_path(char *s, size_t maxLen)
 {
-    ProcessSerialNumber psn;
-    GetCurrentProcess(&psn);
-    CFDictionaryRef dict;
-    dict = ProcessInformationCopyDictionary(&psn, 0xffffffff);
-    CFStringRef value = (CFStringRef)CFDictionaryGetValue(dict,
-                CFSTR("CFBundleExecutable"));
-    CFStringGetCString(value, s, maxLen, kCFStringEncodingUTF8);
+    CFBundleRef mainBundle = CFBundleGetMainBundle();
+    CFURLRef executableURL = CFBundleCopyExecutableURL(mainBundle);
+    CFStringRef executablePathString = CFURLCopyFileSystemPath(executableURL, kCFURLPOSIXPathStyle);
+    CFRelease(executableURL);
+
+    CFStringGetFileSystemRepresentation(executablePathString, s, maxLen);
+    CFRelease(executablePathString);
 }