Soong generates classpaths.proto config and puts it into
/system/etc/classpaths/ for derive_classpath to read at runtime. There
is no need to plumb these values via make anymore.
Bug: 180105615
Test: m && launch_cvd; presubmit / DeviceBootTest
Change-Id: I514c5036871233ae865b972effea8321dbe4aea9
Rename ro.product.enforce_debugfs_restrictions to
ro.product.debugfs_restrictions.enabled as per the sysprop naming
scheme.
Bug: 184381659
Test: build, boot
Change-Id: Ie350eefa342e7e16d31363139257ed285780e874
platform-bootclasspath module generates classpaths.proto config with
the information for derive_classpath to read and parse at runtime.
See go/updatable-bootclasspath.
Bug: 180105615
Test: m && launch_cvd; presubmit / DeviceBootTest
Change-Id: I0f4b1cfce9468fd6e3377a1d7233245e30f1ea51
Revert submission revert-1660531-max-boot-level-crypto-KFMCEDKSIV
Reason for revert: topic:vold-use-keystore2 has landed fixing the bug
Reverted changes:
Ibf63734a: Revert "Set earlyBootEnded before apex starts"
Id02f63a7: Revert "Expose AID_KEYSTORE"
Ibcedeff4: Revert "Cryptographic security for MAX_BOOT_LEVEL"
Restored changes:
Ia3b968afc:Set earlyBootEnded before apex starts
Ia69891291:Expose AID_KEYSTORE
I12530cd13:Cryptographic security for MAX_BOOT_LEVEL
Reverted-SHA1: 82cfe66794
Original commit message:
earlyBootEnded signals to keystore2 to read the database for the first
time, and start the MAX_BOOT_LEVEL system. It must therefore run
after /data is mounted and /data/misc/keystore is created, but before
apexd or odsign starts.
Bug: 176450483
Test: atest com.android.tests.odsign.OnDeviceSigningHostTest#verifyArtUpgradeSignsFiles
Change-Id: Ib9c2b4bbdddecdf73924125f9bdc75c82e1dd257
Adding in case of link required from the system image to nn apex.
Test: Run sample vendor service on cf device
Bug: 172925288
Change-Id: Ic4609cc0b73dfd5c9d39b75b22e241c30d61b753
so that this can be packaged in a filesystem(e.g microdroid)
Bug: 181093750
Test: MicrodroidTestCase
Change-Id: Ib86789de4632a32eee31fee0607d5ade8ae6b33f
Debugfs cannot be mounted in userbuilds since Android R. Since init only
mounts/unmounts debugfs during boot for debug builds, move it to
init-debug.rc.
Bug: 184381659
Test: build/boot
Change-Id: Ib51e82b99ec1eb95a2647c91855f6d4d1585040a
Metrics are written to /data/misc/odrefresh by odrefresh during early
boot, then the zygote passes them to statsd and delete the metrics
files.
Bug: 169925964
Test: manual
Change-Id: Ia39098109d59600ae8d7b197f46e9a6de18ca57c
Revert "Merge libdexfile_external into libdexfile (reland)."
Revert "Rename libdexfile_external_static to libdexfile_static (..."
Revert "Rename libdexfile_external_static to libdexfile_static (..."
Revert submission 1666119-libdexfile-noext-2
Reason for revert: broken build 7270939 on aosp-master on full-eng
Reverted Changes:
I582e49ae7:Merge libdexfile_external into libdexfile (reland)...
Iaa6a90f41:Rename libdexfile_external_static to libdexfile_st...
I4315189b2:libdexfile_external is replaced by libdexfile (rel...
Ia065119c2:Rename libdexfile_external_static to libdexfile_st...
Bug: 184929782
Change-Id: Id4830ded68e6fb3e9da0bcd8e428c46a79df3ff8
Test: forrest build for aosp-master on full-eng
Revert "Cryptographic security for MAX_BOOT_LEVEL"
Revert submission 1660531-max-boot-level-crypto
Reason for revert: broken test com.android.tests.odsign.OnDeviceSigningHostTest#verifyArtUpgradeSignsFiles on aosp-master on aosp_cf_x86_64_phone-userdebug at 7261517
Reverted Changes:
Ia3b968afc:Set earlyBootEnded before apex starts
Ia69891291:Expose AID_KEYSTORE
I12530cd13:Cryptographic security for MAX_BOOT_LEVEL
Bug: 184635938
Change-Id: Ibf63734a02a2c132142671c0fae5d0177bf46079
Test: forrest run for the broken test
This relands https://r.android.com/1644045 after fixing the build issue
in b/184239856.
Test: atest CtsSimpleperfTestCases
Bug: 143978909
Change-Id: I4315189b243503f5633f64d46a0ffedad3bebf0c
earlyBootEnded signals to keystore2 to read the database for the first
time, and start the MAX_BOOT_LEVEL system. It must therefore run
after /data is mounted and /data/misc/keystore is created, but before
apexd or odsign starts.
Bug: 176450483
Test: cuttlefish: check keystore2 logs to ensure all looks well.
Change-Id: Ia3b968afc38edf95712480e99e545ba88ea309c3
restrictions
Use the property ro.product.enforce_debugfs_restrictions to enable
debugfs restrictions instead of checking the launch API level. Vendors
can enable build-time as well as run-time debugfs restrictions by
setting the build flag PRODUCT_SET_DEBUGFS_RESTRICTIONS true which in
turn sets ro.product.enforce_debugfs_restrictions true as well enables
sepolicy neverallow restrictions that prevent debugfs access. The
intention of the build flag is to prevent debugfs dependencies from
creeping in during development on userdebug/eng builds.
Test: build and boot
Bug: 184381659
Change-Id: If555037f973e6e4f35eb7312637f58e8360c3013
Revert "Merge libdexfile_external into libdexfile."
Revert "libdexfile_external is replaced by libdexfile."
Revert "Rename libdexfile_external_static to libdexfile_static."
Revert "Rename libdexfile_external_static to libdexfile_static."
Revert "Allow dependencies from platform variants to APEX modules."
Revert submission 1658000
Reason for revert: Breaks full-eng build: b/184239856
Reverted Changes:
I4f8ead785:Avoid internal APEX stubs for libsigchain and clea...
I68affdf69:Allow dependencies from platform variants to APEX ...
I54b33784e:Rename libdexfile_external_static to libdexfile_st...
Id68ae9438:libdexfile_external is being replaced by libdexfil...
I12ac84eb4:libdexfile_external is replaced by libdexfile.
If05dbffc8:Rename libdexfile_external_static to libdexfile_st...
Ia011fa3a8:Merge libdexfile_external into libdexfile.
Change-Id: I2448810c9a863cde32b6ed98d9ed0a99cf260d34
It must run before odsign; and now runs after restorecon on /data as well.
Bug: 183861600
Bug: 180105615
Test: presubmit && cuttlefish boots
Change-Id: Iefe59d94a7a40ed1e526c189cbc2baf69156f334
To improve boottime, we want to run odsign in an asynchronous fashion;
but there are 2 places where we do need it be sync:
1) We need to know when it's done using its key, so that we lock
keyrings and advance the boot stage
2) We need to know verification is complete before we start the zygote
These are indicated by odsign using separate properties.
Bug: 165630556
Test: init waits for the properties, and proceeds when done
Change-Id: I623c24a683340961b339ed19be2f577d9293b097
Revert "Introduce derive_classpath service."
Revert "Introduce derive_classpath."
Revert submission 1602413-derive_classpath
Bug: 180105615
Fix: 183079517
Reason for revert: SELinux failure leading to *CLASSPATH variables not being set in all builds
Reverted Changes:
I6e3c64e7a:Introduce derive_classpath service.
I60c539a8f:Exec_start derive_classpath on post-fs-data.
I4150de69f:Introduce derive_classpath.
Change-Id: Iefbe057ba45091a1675326e3d5db3f39cc3e2820
Currently, tcp receive window size is read from
net.tcp.default_init_rwnd then set to net.tcp_def_init_rwnd. It
should not use seperate property to read/write the value, it only
needs one of property basically. So migrate
net.tcp.default_init_rwnd to net.tcp_def_init_rwnd which has
formal API.
Bug: 182538166
Test: Manually check that net.tcp_def_init_rwnd has default
value and proc/sys/net/ipv4/tcp_default_inti_rwnd node
is created with same value.
Change-Id: I6748485f99198b1200c67d6595b659aac7d7e1e0
The service parses and merges configs from multiple partitions, defines
*CLASSPATH environ variables' values and writes them to file, for
init to export.
See go/updatable-classpath for more details.
Bug: 180105615
Test: manual
Change-Id: I60c539a8fef4d690f47704e896f67949ec49db60
The first user of keystore boot levels is on-device signing; transition
the boot level to 30 before running the post-fs data hook, and
transition it to 40 right after on-device signing is done. This leaves
some space for future boot levels to be inserted, if we wanted.
Bug: 165630556
Test: inspect logs
Change-Id: If0a74cbe9ea8fce806020d8a42a978cfb9117ded
This instance will be used to monitor the error_report_end tracing
events sent by kernel tools in the case of a memory corruption.
Bug: 172316664
Bug: 181778620
Test: manual runs with KFENCE enabled
Signed-off-by: Alexander Potapenko <glider@google.com>
Change-Id: Ibc5cd3b60fb99030cc55db6b490d6d4bbbca3963
Revert "Selinux policy for bootreceiver tracing instance"
Revert submission 1572240-kernel_bootreceiver
Reason for revert: DroidMonitor: Potential culprit for Bug 181778620 - verifying through Forrest before revert submission. This is part of the standard investigation process, and does not mean your CL will be reverted.
Reverted Changes:
Ic1c49a695:init.rc: set up a tracing instance for BootReceive...
I828666ec3:Selinux policy for bootreceiver tracing instance
Change-Id: I5c2ccfe3eeb8863086b7cb9b3de43c6e076d995a
This instance will be used to monitor the error_report_end tracing
events sent by kernel tools in the case of a memory corruption.
Bug: 172316664
Test: manual runs with KFENCE enabled
Signed-off-by: Alexander Potapenko <glider@google.com>
Change-Id: Ic1c49a695ff7df4147a7351051db7b6707c86e0a
Keystore listens to this property and uses it to honor the
MAX_BOOT_LEVEL key tag.
Test: boot, use adb getprop to find the current value.
Bug: 176450483
Change-Id: If32b20f56f96afa24166188c2dd931620dcaef98
