2018-11-21 21:50:27 +01:00
|
|
|
Android Overlayfs integration with adb remount
|
|
|
|
==============================================
|
|
|
|
|
|
|
|
Introduction
|
|
|
|
------------
|
|
|
|
|
|
|
|
Users working with userdebug or eng builds expect to be able to
|
|
|
|
remount the system partition as read-write and then add or modify
|
|
|
|
any number of files without reflashing the system image, which is
|
|
|
|
understandably efficient for a development cycle.
|
|
|
|
Limited memory systems that chose to use readonly filesystems like
|
|
|
|
*squashfs*, or *Logical Resizable Android Partitions* which land
|
|
|
|
system partition images right-sized, and with filesystem that have
|
|
|
|
been deduped on the block level to compress the content; means that
|
|
|
|
either a remount is not possible directly, or when done offers
|
|
|
|
little or no utility because of remaining space limitations or
|
|
|
|
support logistics.
|
|
|
|
|
|
|
|
*Overlayfs* comes to the rescue for these debug scenarios, and logic
|
|
|
|
will _automatically_ setup backing storage for a writable filesystem
|
|
|
|
as an upper reference, and mount overtop the lower. These actions
|
|
|
|
will be performed in the **adb disable-verity** and **adb remount**
|
|
|
|
requests.
|
|
|
|
|
|
|
|
Operations
|
|
|
|
----------
|
|
|
|
|
|
|
|
### Cookbook
|
|
|
|
|
|
|
|
The typical action to utilize the remount facility is:
|
|
|
|
|
|
|
|
$ adb root
|
|
|
|
$ adb disable-verity
|
|
|
|
$ adb reboot
|
|
|
|
$ adb wait-for-device
|
|
|
|
$ adb root
|
|
|
|
$ adb remount
|
|
|
|
|
|
|
|
Followed by one of the following:
|
|
|
|
|
|
|
|
$ adb stop
|
|
|
|
$ adb sync
|
|
|
|
$ adb start
|
|
|
|
$ adb reboot
|
|
|
|
|
|
|
|
*or*
|
|
|
|
|
|
|
|
$ adb push <source> <destination>
|
|
|
|
$ adb reboot
|
|
|
|
|
|
|
|
Note that the sequence above:
|
|
|
|
|
|
|
|
$ adb disable-verity
|
|
|
|
$ adb reboot
|
|
|
|
|
2019-01-14 22:24:15 +01:00
|
|
|
*or*
|
|
|
|
|
|
|
|
$ adb remount
|
|
|
|
|
|
|
|
can be replaced in both places with:
|
2018-11-21 21:50:27 +01:00
|
|
|
|
2019-01-14 22:24:15 +01:00
|
|
|
$ adb remount -R
|
2018-11-21 21:50:27 +01:00
|
|
|
|
|
|
|
which will not reboot if everything is already prepared and ready
|
|
|
|
to go.
|
|
|
|
|
|
|
|
None of this changes if *overlayfs* needs to be engaged.
|
|
|
|
The decisions whether to use traditional direct filesystem remount,
|
|
|
|
or one wrapped by *overlayfs* is automatically determined based on
|
|
|
|
a probe of the filesystem types and space remaining.
|
|
|
|
|
|
|
|
### Backing Storage
|
|
|
|
|
|
|
|
When *overlayfs* logic is feasible, it will use either the
|
|
|
|
**/cache/overlay/** directory for non-A/B devices, or the
|
|
|
|
**/mnt/scratch/overlay** directory for A/B devices that have
|
2019-02-08 16:51:01 +01:00
|
|
|
access to *Logical Resizable Android Partitions*.
|
2018-11-21 21:50:27 +01:00
|
|
|
The backing store is used as soon as possible in the boot
|
|
|
|
process and can occur at first stage init, or at the
|
|
|
|
mount_all init rc commands.
|
|
|
|
|
|
|
|
This early as possible attachment of *overlayfs* means that
|
|
|
|
*sepolicy* or *init* itself can also be pushed and used after
|
|
|
|
the exec phases that accompany each stage.
|
|
|
|
|
|
|
|
Caveats
|
|
|
|
-------
|
|
|
|
|
|
|
|
- Space used in the backing storage is on a file by file basis
|
2018-12-06 17:39:11 +01:00
|
|
|
and will require more space than if updated in place. As such
|
|
|
|
it is important to be mindful of any wasted space, for instance
|
|
|
|
**BOARD_<partition>IMAGE_PARTITION_RESERVED_SIZE** being defined
|
|
|
|
will have a negative impact on the overall right-sizing of images
|
|
|
|
and thus free dynamic partition space.
|
2018-11-21 21:50:27 +01:00
|
|
|
- Kernel must have CONFIG_OVERLAY_FS=y and will need to be patched
|
|
|
|
with "*overlayfs: override_creds=off option bypass creator_cred*"
|
2019-02-26 17:39:40 +01:00
|
|
|
if kernel is 4.4 or higher.
|
2019-02-08 16:51:01 +01:00
|
|
|
The patch is available on the upstream mailing list and the latest as of
|
|
|
|
Feb 8 2019 is https://lore.kernel.org/patchwork/patch/1009299/.
|
|
|
|
This patch adds an override_creds _mount_ option to overlayfs that
|
|
|
|
permits legacy behavior for systems that do not have overlapping
|
|
|
|
sepolicy rules, principals of least privilege, which is how Android behaves.
|
2018-11-21 21:50:27 +01:00
|
|
|
- *adb enable-verity* will free up overlayfs and as a bonus the
|
|
|
|
device will be reverted pristine to before any content was updated.
|
2018-12-03 22:42:22 +01:00
|
|
|
Update engine does not take advantage of this, will perform a full OTA.
|
2018-12-06 17:39:11 +01:00
|
|
|
- Update engine may not run if *fs_mgr_overlayfs_is_setup*() reports
|
2019-02-08 16:51:01 +01:00
|
|
|
true as adb remount overrides are incompatible with an OTA resources.
|
2018-11-26 18:57:17 +01:00
|
|
|
- For implementation simplicity on retrofit dynamic partition devices,
|
|
|
|
take the whole alternate super (eg: if "*a*" slot, then the whole of
|
|
|
|
"*system_b*").
|
|
|
|
Since landing a filesystem on the alternate super physical device
|
|
|
|
without differentiating if it is setup to support logical or physical,
|
|
|
|
the alternate slot metadata and previous content will be lost.
|
2018-11-28 01:14:35 +01:00
|
|
|
- If dynamic partitions runs out of space, resizing a logical
|
|
|
|
partition larger may fail because of the scratch partition.
|
|
|
|
If this happens, either fastboot flashall or adb enable-verity can
|
|
|
|
be used to clear scratch storage to permit the flash.
|
|
|
|
Then reinstate the overrides and continue.
|
2018-11-21 21:50:27 +01:00
|
|
|
- File bugs or submit fixes for review.
|