Change the signatures of Idmap::FromApkAssets and
Idmap::FromBinaryStream from
std::unique_ptr<const Idmap> func(..., std::ostream& out_error);
to
Result<std::unique_ptr<const Idmap>> func(...);
The returned pointer is still a unique pointer to ensure the dynamically
allocated memory is automatically released when no longer used. This
means that using the returned value of either function requires one of
two patterns:
const auto idmap = func(...);
if (!idmap) {
return Error(...);
}
(*idmap)->accept(...);
or
auto result = func(...);
if (!result) {
return Error(...);
}
const auto idmap = std::move(*result);
idmap->accept(...);
Note that in the second example, result must be non-const or
the call to std::move(*result) will not compile.
With this change, the entire idmap2 project has been converted to use
Result.
Test: make idmap2_tests
Change-Id: I533f4e03b99645523d94dd5f446ad76fb435f661
Change the signature of the idmap2 commands (Create, Dump, ...) to
return Result<Unit> instead of bool. This removes the need to pass in an
ostream for error messages: instead, those messages are part of the
returned Result.
Consolidate error messages: texts in Error objects should not be
prefixed with "error:", that is the responsibility of the outer-most
caller (i.e. main()).
Test: make idmap2_tests
Change-Id: I074881b3d1982ea8f4be5752161ac74b14fcba95
Remove the old std::optional based Result class, replace uses with the
new std::variant based Result class.
Test: make idmap2_tests
Change-Id: I401cb36e5af06133a2872d835cf29bfb0b106597
Thanks to the ART team for art/libartbase/base/systrace.h which served
as inspiration for the SYSTRACE macro.
Bug: 119761810
Test: run idmap2_tests on device while capturing systrace
Change-Id: I81112ae8e58daf20ebed33ef8b0f5a0caa4dbc73
Deny write access to /data/resource-cache for UIDs other than root and
system. While this is already handled by SELinux rules, add an
additional layer of security to explicitly prevent malicious apps from
messing with the system's idmap files.
Test: make idmap2_tests
Change-Id: Id986633558d5d02452276f05f64337a8700f148a
Teaches idmap2 to recognize policy restrictions put on overlayable
resources. If overlayable enforcement is turned on for an overlay, then
any resources defined within the overlayable api of the target will have
policy restrictions imposed on them. All resources without overlayable
definitions will continue to be overlayable without policy restrictions.
Bug: 119390857
Test: atest idmap2 and booting
Co-authored-by: Ryan Mitchell <rtmitchell@google.com>
Change-Id: I7e435648eb6e4a87b0b90a7b2a0c3f33c1516ea6
For clarity, split IIdmap2::createIdmap into two separate functions:
- IIdmap2::verifyIdmap [check if an existing idmap file is OK to use]
- IIdmap2::createIdmap [unconditionally (re)create an idmap file]
Teach the IdmapManager to call verifyIdmap and to proceed with
createIdmap only if actually needed.
Test: atest OverlayDeviceTests OverlayHostTests
Change-Id: I9f6f1192011fcb094adffeca1eb3f709520bbd24
idmap2 is a reboot of the idmap project. The project aims to
- use modern C++
- greatly improve test and debug support
- interface towards AssetManager2 (instead of AssetManager)
- provide a solid foundation to add support for new features
To make it easier to verify correctness, this first version of idmap2 is
feature equivalent to idmap. Later versions will add support for new
features such as <overlayable>.
Bug: 78815803
Test: make idmap2_tests
Change-Id: I1d806dc875a493e730ab55d2fdb027618e586d16
