Commit graph

75296 commits

Author SHA1 Message Date
David Anderson
1acfc08e30 Merge "libsnapshot: Add more feature flags to SnapshotMergeReport." 2022-05-26 00:23:13 +00:00
David Anderson
3c8a95e3be Merge "fastboot: Print OemCmdHandler return message on success" 2022-05-26 00:20:46 +00:00
Treehugger Robot
b2e68186e5 Merge "Relax filesystem requirements in vts_fs_test." 2022-05-25 22:40:59 +00:00
Christopher Ferris
7e1042d046 Merge "Fix check for thread unwind." 2022-05-25 22:37:43 +00:00
David Anderson
5bbdc23837 Relax filesystem requirements in vts_fs_test.
Bug: 233926292
Test: vts_fs_test
Change-Id: I9665acebd6ebfde14e0cd76e8044e7ced9ffbeb3
2022-05-25 13:44:33 -07:00
David Anderson
93faa18bce libsnapshot: Add more feature flags to SnapshotMergeReport.
This patch also begins reducing the complexity of SnapshotMergeStats by
eliminating the indirection layer between the protobuf and
SnapshotManager.

Bug: 222117189
Test: statsd_testdrive
Change-Id: I15d740121c381da7d8311f0cbbd0da82db877555
2022-05-25 13:40:31 -07:00
Christopher Ferris
303c6bef77 Fix check for thread unwind.
If a process requires executing fallback unwinder and the thread
crashing is not the main thread, the wrong unwinder is used.
Fix this case, and add a new unit test that causes an abort in
the non main thread.

Bug: 233721755

Test: New unit test passes with fix and fails without.
Test: Ran debuggerd on swcodec process and it still dumps all threads.
Change-Id: I70fffc5d680256ce867e7a1d427593b584259160
Merged-In: I70fffc5d680256ce867e7a1d427593b584259160
(cherry picked from commit 2d5d46ca85)
2022-05-25 13:07:07 -07:00
Kelvin Zhang
321d47639e Merge changes from topic "snapuserd_ramdisk"
* changes:
  Prefer generic ramdisk copy of snapuserd
  Install snapuserd.ramdisk with a separate path
2022-05-25 15:39:17 +00:00
Rubin Xu
b17a5e4cc4 Merge "Add AID_SECURITY_LOG_WRITER" 2022-05-25 11:43:49 +00:00
Treehugger Robot
216b8b67fb Merge "Suppress most load_property_from_file logs" 2022-05-25 03:56:24 +00:00
Inseob Kim
946c972162 Suppress most load_property_from_file logs
Some partitions may not have build.prop files (and it's totally fine).
Rather than logging such failures as WARNING, load_property_from_file
now returns a Result<void> object so callers can manually log for
themselves.

Bug: 228389036
Test: boot and logcat
Change-Id: Ia4ad7eef34d572182a3f6e86547664ae31dfd29f
2022-05-25 09:47:08 +09:00
Rubin Xu
7e14d138ae Add AID_SECURITY_LOG_WRITER
A suppplementary group to mark which app can write to the security log
buffer. Granted via android.permission.WRITE_SECURITY_LOG and checked by
logd.

Bug: 232283779
Test: manual
Change-Id: I3ad66031ab1c9eef26db0f3e8968659dfa2855cb
2022-05-24 23:34:33 +01:00
David Anderson
7397fa566f Merge "Rectify Boottime property" 2022-05-24 22:19:29 +00:00
Treehugger Robot
a09cace1d1 Merge "Updating ATRACE_ASYNC_FOR_TRACK_END to not require a name argument" 2022-05-24 19:27:55 +00:00
Victor Hsieh
e325682764 Merge "Rename VMCompilationPerformance to SCHED_SP_COMPUTE" 2022-05-24 15:05:01 +00:00
Treehugger Robot
8b3dff3e82 Merge "init: Disable 'on' for non-Vendor APEXes" 2022-05-24 13:35:04 +00:00
Victor Hsieh
29b26409e4 Rename VMCompilationPerformance to SCHED_SP_COMPUTE
There isn't any reason to keep the VMCompilationPerformance special, so
rename to a more generic, reusable name.

One day we may support whatever-purpose VMs using other generic
profiles.

Bug: 231437770
Test: TH
Change-Id: Id7e78ba4d6ea0dc415ed0bc1f4bdf051f7e7fe05
2022-05-23 11:06:09 -07:00
Jooyung Han
99fa346c35 init: Disable 'on' for non-Vendor APEXes
Mainline modules are not supposed to rely on 'on' action triggers in
their init scripts because events/properties are not guranteed to be
stable across many devices.

To reduce the potential risk of enabling 'on' for APEXes, for now, we
enable it for only Vendor APEXes.

When an init script in a non-Vendor APEX contains 'on' section, init
emits an error on parsing the script and skip the section.

For example, when init.rc in the ADBD APEX has 'on' section,
the following error is emitted on parsing the script.

  init: Parsing file /apex/com.android.adbd/etc/init.rc...
  init: /apex/com.android.adbd/etc/init.rc: 8: ParseSection() failed:
    'on' is supported for only Vendor APEXes.

Bug: 232543017
Test: see above
Change-Id: I6509c8d2c6b632369d215128f740f9ed78858605
2022-05-20 09:31:08 +00:00
Akilesh Kailash
1a3572b0b3 Merge "libsnapshot: Initialize merge_op_start_ to zero." 2022-05-20 05:08:03 +00:00
Akilesh Kailash
fc9a48f5cb libsnapshot: Initialize merge_op_start_ to zero.
merge_op_start_ is used to set the iterator for merge operations.
Uninitialized value can potentially lead to setting up
of bad iterator.

Bug: 233246309
Test: Full OTA
Signed-off-by: Akilesh Kailash <akailash@google.com>
Change-Id: I3cc48a66b532cfe8b2d87c8724d77ab3169a2ddb
2022-05-19 20:06:07 +00:00
David Drysdale
5b8dfacf5b Merge "KeyMint HAL: pass auth token on updateAad" 2022-05-19 05:50:51 +00:00
Matthew Duggan
91d24d5bad Merge "storaged: Avoid divide-by-zero in performance measurement" 2022-05-19 00:15:50 +00:00
David Drysdale
37a8ac1d45 KeyMint HAL: pass auth token on updateAad
Bug: 230716629
Test: CtsVerifier with aosp/2077898 included
Change-Id: I2ba275718ef7ce6cc701ac2eb4a122639d7a4351
2022-05-18 11:12:01 +01:00
Matthew Duggan
5a02a9bab9 storaged: Avoid divide-by-zero in performance measurement
The code previously assumed that write() took a non-zero number of clock
ticks.  This is mostly true, but can't be guaranteed.  Add a check to
avoid crashing if it's 0.

Bug: 233008287
Test: Compile
Change-Id: Idec0052f534dc4abb81a414ca76f6c11f4a4dded
2022-05-18 17:05:54 +09:00
Treehugger Robot
0ddcf6d2f1 Merge "init: log services requested restart" 2022-05-18 05:31:04 +00:00
Treehugger Robot
3a728ac7c6 Merge "init.rc: restorecon /data/media before chattr" 2022-05-18 00:00:23 +00:00
Steven Moreland
61169c76dd init: log services requested restart
We have a case where a service is requested to be started and does
not appear to be running, but we see no indication that it is
actually starting. This log should be enough information to see
if init is in a bad state.

Bug: 232297944
Test: doesn't add too much spam
    ~/android/aosp/system/core/init :) adb logcat -d | grep "requested start" | wc -l
    42
Change-Id: Ic07f250c98b200b9e5b4432200c3668c6ca0ff35
2022-05-17 22:54:55 +00:00
Eric Biggers
dce8ba253e init.rc: restorecon /data/media before chattr
The SELinux type of /data/media has changed from media_rw_data_file to
media_userdir_file, but the recursive restorecon of /data happens too
late when taking an upgrade.  Add a restorecon of /data/media to just
above the chattr command which needs the new label to be allowed.  This
doesn't "really" matter, since the chattr command is only needed just
after the directory was created anyway, but this fixes a SELinux denial.

Bug: 156305599
Bug: 232824121
Change-Id: I897be19ceb4686511469bdf7efda2483f298eee4
2022-05-17 02:40:22 +00:00
Eric Biggers
9fcf000264 Merge changes If6611d64,Ie55c3ac1
* changes:
  init: remove unneeded special cases from FscryptInferAction
  init: fix mkdir to reliably detect top-level /data directories
2022-05-17 01:09:21 +00:00
Victor Hsieh
04e6f149e0 Merge "Make VMCompilationPerformance an aggregated profile with default" 2022-05-16 21:12:51 +00:00
Victor Hsieh
c9e0f79593 Make VMCompilationPerformance an aggregated profile with default
The VMCompilationPerformance profile is used to run Isolated Compilation
in a Protected VM, normally during the device idle, where relevant
APEXes are staged.

The original VMCompilationPerformance introduced in aosp/2060891 does
not have any specific definition and requires vendors to customize it.
This change re-defines it as an aggregated profile with a default set of
existing profiles, so that performance can be reasonable by default.

This profile may be renamed to a more generic name later, e.g.
"SCHED_SP_COMPUTE".

Bug: 231437770
Test: Run `composd_cmd test-compile` on a local device.
      Before: 1m50s +/- 10s (with whatever that's default)
      After: 1m25s +/- 5s
Change-Id: Ib8cd65782c818474fb129efbd9ef9a3e23ad1eb3
2022-05-16 14:09:37 -07:00
Eric Biggers
48c05a6d03 init: remove unneeded special cases from FscryptInferAction
All the individual directories being treated specially by
FscryptInferAction() already have an explicit encryption action in the
corresponding mkdir commands.  The explicit action is the source of
truth, so the special cases in FscryptInferAction() are unnecessary.

Also, some of these cases were outdated.  For example, /data/app-staging
was changed from encryption=None to encryption=DeleteIfNecessary at some
point, but FscryptInferAction() was not updated.  This is causing the
warning "Inferred action different from explicit one" to be logged.

Additional "Inferred action different from explicit one" warnings are
logged due to subdirectories of /data/apex being explicitly encrypted.

Change FscryptInferAction() to only do what it needs to do: check
whether the directory is a top-level directory of /data or not.  Remove
the above-mentioned warning which is not useful.

Bug: 232554803
Change-Id: If6611d64107a19d242892c92dfea095577e193e5
2022-05-16 19:06:22 +00:00
Michael Bestas
bcf7680614
fastboot: Print OemCmdHandler return message on success
This allows OEM commands to print messages in fastboot output.

Test: run fastboot oem getprop ro.boot.rf_version
      and observe property value being printed in console

Change-Id: Id9bd5a107861a790cd02dc87057600de5bb94d42
2022-05-16 19:42:28 +03:00
Treehugger Robot
e4200bac8d Merge "Change the encryption rule of /data/bootanim to DeleteIfNecessary" 2022-05-13 21:27:36 +00:00
Christopher Ferris
f26a9504db Merge "Use the new AndroidUnwinder object." 2022-05-13 21:14:16 +00:00
Jaegeuk Kim
85d86d0e85 Merge "logwrap_fork_execvp block recovery auto reboot" 2022-05-13 21:08:39 +00:00
Eric Biggers
47742ecc54 Merge "Annotate and consolidate use of encryption=None" 2022-05-13 20:24:08 +00:00
Eric Biggers
6cb5a36f4c init: fix mkdir to reliably detect top-level /data directories
To determine the default encryption action, the mkdir command checks
whether the given path is a top-level directory of /data.  However, it
assumed a path without any duplicate slashes or trailing slash(es).

While everyone *should* be providing paths without unnecessary slashes,
it is not guaranteed, as paths with unnecessary slashes still work
correctly for all other parts of the mkdir command, including the
SELinux label lookup and the actual directory creation.  In particular,
the /data/fonts directory is being created using 'mkdir /data/fonts/'.

The effect is that the mkdir command thinks that /data/fonts/ is *not* a
top-level directory of /data, so it defaults to no encryption action.
Fortunately, the full command happens to use "encryption=Require", so we
dodged a bullet there, though the warning "Inferred action different
from explicit one" is still triggered.

There are a few approaches we could take here, including even just
fixing the /data/fonts/ command specifically, but I think the best
solution is to have mkdir clean its path at the very beginning.  This
retains the Linux path semantics that people expect, while avoiding
surprises in path processing afterwards.  This CL implements that.

Note, this CL intentionally changes the behavior of, and thus would
break, any existing cases where mkdir is used to create a top-level
/data directory using a path with unnecessary slashes and without using
an explicit encryption action.  There are no known cases where this
already occurs, however.  No cases exist in platform code, and vendor
init scripts shouldn't be creating top-level /data directories anyway.

Test: atest CtsInitTestCases
Test: Booted and verified that a trailing slash is no longer present in
      the log message "Verified that /data/fonts/ has the encryption
      policy ...".  Also verified that the message "Inferred action
      different ..." is no longer present just above it.
Bug: 232554803
Change-Id: Ie55c3ac1a2b1cf50632d54a1e565cb98c17b2a6a
2022-05-13 19:29:00 +00:00
Treehugger Robot
79677f8b49 Merge "img2simg: Add support for converting holes to "don't care" chunks" 2022-05-13 19:07:36 +00:00
liyong
ed88361e6c logwrap_fork_execvp block recovery auto reboot
Bug:231647359
Test:call ensure_path_mounted("/data") in WipeData function in recovery then factory reset

Change-Id: Ia5b669319776fae9478534484e3993c15fe4e6bf
2022-05-13 11:15:11 -07:00
Eric Biggers
72c781df26 Annotate and consolidate use of encryption=None
Although metadata encryption makes the device encryption policy
redundant, for now it is still being used, and the rule is still that
every top-level directory in /data is encrypted by the device policy
unless there is a specific reason why the directory can't be encrypted.
There are various cases where encryption=None is legimately needed and
is used, but they aren't explained in the code, and the option is prone
to be copy-and-pasted (as was done in https://r.android.com/1932960).

Fix this by explicitly commenting every case where encryption=None is
used, and consolidating the creation of all the user parent directories
into one place.  (I left /data/bootanim as-is since it will be changed
to encrypted; see b/232299581.)

Change-Id: I6db5f4be7774e3d250c370638e8e7e33e226f3e7
2022-05-13 17:48:51 +00:00
Josh Yang
a1039f9a4b Change the encryption rule of /data/bootanim to DeleteIfNecessary
Directories should always be encrypted unless there is a specific reason
they can't be.  /data/bootanim is unencrypted without a specific reason,
so fix it to be encrypted.  It is too late to use encryption=Require.
However, the contents of this directory doesn't need to be preserved on
updates, so we can use encryption=DeleteIfNecessary instead of
encryption=Attempt.

Bug: 232299581
Test: build success
Change-Id: I17bcb901ad533cada4e0aa061196fc94d7b213ec
2022-05-13 17:02:48 +00:00
Jooyung Han
ec76b5cb4e Merge changes from topics "action-in-apex-config", "apex-ready-event", "subcontext-for-vendor-apex"
* changes:
  Use subcontext for APEX configs from /{vendor, odm}
  add apex-ready event after post-fs-data
  APEX configs support 'on' as well
2022-05-13 01:47:40 +00:00
Christopher Ferris
3b7b7ba90e Use the new AndroidUnwinder object.
This simplifies most of the calls to avoid doing any Android
specific code.

Bug: 120606663

Test: All unit tests pass.
Change-Id: I511e637b9459a1f052a01e501b134e31d65b5fbe
2022-05-12 15:18:46 -07:00
Eric Biggers
93a8fc215e Merge "Move creation of /data/user/0 and /data/media/obb to vold" 2022-05-12 18:41:21 +00:00
Treehugger Robot
c970c8257d Merge "Remove setenvs when running boringssl_self_test." 2022-05-12 15:30:22 +00:00
Pete Bentley
ba830eb81b Remove setenvs when running boringssl_self_test.
No longer needed as the code to generate flag files based on
this environment variable is removed in Android 13.

Bug: 231946889
Test: Build and boot,
Change-Id: I8ce57619aa4d1e6457f3f864bf5e403f727c040c
2022-05-12 13:50:37 +01:00
Jooyung Han
38e8e74550 Use subcontext for APEX configs from /{vendor, odm}
Instead of using config file path, use APEX's preinstalled path to
determine whether to use subcontext or not for APEX configs.

Bug: 232021354
Test: CtsInitTestCases, CtsBluetoothTestCases
Change-Id: Iba603f09602f0bec3113e2be3d15c62055c09e72
2022-05-12 13:37:19 +09:00
Jooyung Han
1eb3394e9c add apex-ready event after post-fs-data
Since apexd.status=ready is system-only property, we need a similar or
equivalent event or property which non-system APEXes can use to define
'on' trigger actions.

Note that services can be started without its own trigger actions by
setting 'class'. For example, 'hal'-class services are started 'on boot'
automatically.

Bug: 202731768
Test: atest CtsInitTestCases
Test: atest CtsBluetoothTestCases (cuttlefish's bt apex defines
   'on' actions in the APEX config)
Change-Id: I6eb62ba8d6e350add2ebafe7da06fcaa57d825ff
2022-05-12 13:37:19 +09:00
Jooyung Han
badb7de1a2 APEX configs support 'on' as well
APEX configs have supported only 'service' definitions. For those
services relying on 'on' trigger actions, we had to have separate config
files installed in read-only partitions (e.g. /system/etc/init).

This was suboptimal because even though APEXes are updatable, read-only
partitions are not.

Now, 'on' is supported in APEX configs. Putting 'on' trigger actions
near to service definitions makes APEX more self-contained.

'on' trigger actions loaded from APEX configs are not sticky. So, events
happens before loading APEX configs can't trigger actions. For example,
'post-fs-data' is where APEX configs are loaded for now, so 'on
post-fs-data' in APEX configs can't be triggerd.

Bug: 202731768
Test: atest CtsInitTestCases
Change-Id: I5a01d9c7c57b07955b829d6cc157e7f0c91166f9
2022-05-12 13:37:13 +09:00