It has too many arguments.
Also fixed CreateLogicalPartitionParams::InitDefaults because
it doesn't use the provided partition opener to read metadata
(which breaks tests).
Test: libsnapshot_test
Test: liblp_test
Change-Id: I74cf8d468274f741c6f3743438fe8855b2aef15b
Currently, we replace snapshot-merge with a linear device wrapping the
base device. This is not efficient. This patch reads LpMetadata for the
underlying partition, and duplicates its table into the snapshot-merge
device. This removes a layer of stacking and also allows removing the
base device.
Note that snapshot_test is growing a bit unwiedly, because it's starting
to implement pieces of libsnapshot that will be filled in later for
update_engine. (MapUpdatePartitions is a good example of this.) When
those pieces land in libsnapshot, snapshot_test will be cleaned up to
remove much of this manual fiddling.
Bug: 139090440
Test: libsnapshot_test gtest
Change-Id: I3872dc51d9e5980803303806f42a5c7e74b0b78a
With this patch, init can mount snapshots in the first stage by
performing the following operations:
1. First, check if SnapshotManager::kBootIndicatorPath exists.
2. If so, call SnapshotManager::NewForFirstStageMount.
3. If NeedSnapshotsInFirstStageMount returns true,
4. Call CreateLogicalAndSnapshotPartitions().
When called, this replaces any calls to CreateLogicalPartitions().
Rather than split this into multiple functions (to generate uevents as
needed), we instead use major:minor strings for device-mapper tables.
This means we don't have to wait for paths to resolve.
Bug: 139204329
Test: libsnapshot_test gtest
Change-Id: Ia7ec196a62e51748d6f01a66fe4e9eef25f2898f
IPartitionOpener is useful for writing gtests, however, it can't easily
be used with CreateLogicalPartition. fs_mgr assumes the super partition
name will map to /dev/block/by-name/super whereas in tests we want to
redirect it to a different block device.
This CL makes two changes. First, it adds a new method to IPartitionOpener
to return a "device string" for a device name. The string must either be
an absolute path (for example /dev/block/by-name/super) or a major:minor
sequence, since device-mapper will accept either.
Second, CreateLogicalPartition now accepts an optional IPartitionOpener.
When converting block devices to paths, it uses the opener instead of
automatically prepending /dev/block/by-name.
Bug: 139204329
Test: liblp_test gtest
libsnapshot_test gtest
Change-Id: Id6b3120cc2ef5c0dd941b29ff96215ad3c8ec848
Introduce a parameter struct to eliminate parameter explosion, and refactor
existing callers to use the new helper.
Test: manual test
Bug: 135752105
Change-Id: I0c5ebe4e084ad7503c2ac6c65886a71505d50d00
This is no longer needed as CreateLogicalPartition() ensures the
obtained path will not race with device deletion.
Bug: 135771280
Test: device builds, flashes
Change-Id: I821290aa08fede99d5c51cd68681c351a1ea97bc
When both ext4 user data checkpoints and metadata encryption are
enabled, we are creating two stacked dm devices. This had not been
properly thought through or debugged.
Test: Enable metadata encryption on taimen (add
keydirectory=/metadata/vold/metadata_encryption to flags for userdata in
fstab.hardware)
Unfortunately metadata is not wiped by fastboot -w, so it is
necessary to rm metadata/vold -rf whenever you wipe data.
fastboot flashall -w works
fastboot reboot -w works
A normal boot works
Disable checkpoint commits with
setprop persist.vold.dont_commit_checkpoint 1
vdc checkpoint startCheckpoint 10
adb reboot
wait for device to fully boot then
adb reboot
Wait for device to fully boot then
adb logcat -d | grep Checkpoint shows the rollback in the logs
This tests encryption on top of checkpoints with commit, encryption
without checkpoints, and rollback, which seems to be the key cases.
Bug: 135905679
Change-Id: I24387a2943dce28b918c34894f24911b20429be7
If we just disabled verity, take the step to setup the backing
storage for overlayfs.
Test: adb-remount-test.sh
Bug: 130131892
Change-Id: Ic56569eaf363e4417a0ce5df11ee5480a07b8b03
umount_all is the cleanup step for mount_all.
In particular, the mount_all builtin creates a verity device,
'postinstall-verity', for the following line:
system /postinstall ... ... slotselect_other,logical,avb_keys=...
cppreopt umounts /postinstall but doesn't destroy the postinstall-verity
device, causing OTA to fail (because it cannot destroy the
system_[other] device). umount_all also destroy the verity device.
Note that mount_all does not map system_[other]; it is mapped by
first stage init. Hence, umount_all doesn't destroy it either. The OTA
client is reponsible for unmapping the device itself.
Bug: 129988285
Test: flash, boot, then check `dmctl list devices`, then OTA
Change-Id: Id3ab65b3860b6ea6cfec310ab13652009c81f415
Merged-In: Id3ab65b3860b6ea6cfec310ab13652009c81f415
Bug: 126230649
Bug: 127953521
Test: GSI boots when installed to sdcard on hikey960
GSI boots when installed to /data/gsi
Change-Id: Id59926ebe363939c8c5745bb1bf5bd13722dae7e
Refactor fs_mgr_candidate_list into fs_mgr_overlayfs_candidate_list
that reports all the possible candidates. The caller is responsible
for filtering out any that have verity enabled.
Sundry improvements to the adb-remount-test.sh script to improve
stability and feedback.
Test: adb-remount-test.sh
Bug: 122602260
Change-Id: I2399f83d8ed77d8f3d2ad1405d0c187ccbace764
fs_mgr_update_verity_state() has two callers with generally different
intentions. One caller loops through all entries in the default fstab
to set partition.<mount_point>.verified properties. The other caller
is only interested in whether or a specific mount point has verity
enabled.
Given this, we refactor fs_mgr_update_verity_state() to
fs_mgr_get_verity_mount_point() which takes a single FstabEntry and
returns the mount point used for the dm-verity device or an empty
option if verity is not enabled on that mount point.
Test: adb-remount-test.sh test on blueline
Change-Id: Ic7dd8390509e95b2931b21e544c919a544138864
Particularly, capitulate that GetEntryForMountPoint() would be cleaner
than std::find_if() and update the rest of system/core to use it.
Test: build
Change-Id: I982b5a8552d44852d3ab22c20db83afcd4dd652b
And deprecate one more old style function that is not used after this
change.
Test: boot, disable and enable verity
Change-Id: Id509f479850120352b4ea4dc3b6c40f6e8e2e53e
This will be used by gsid to invoke mkfs.ext4 on the userdata_gsi
partition. Since the extents are not located on the super partition, we
need a helper method that takes in an LpMetadata.
Bug: 121210348
Test: manual test
Change-Id: I00467ace8a745fb0c0d130babfda1a2d5d97c208
Move some mounting functionalities from librecovery so that
other modules can also mount logical partitions correctly.
- Also, refactor to use C++ Fstab struct.
- Also, fixed CreateLogicalPartitions() to take full path of
super device.
Test: run recovery tests
Test: vintf_object_recovery_test
Bug: 118634720
Bug: 113182233
Bug: 62292478
Change-Id: Ie02c3a941ed801fdae5818099faf5f3863444296
In the non-retrofit case, the metadata source partition will be
hardcoded as "super", but such a partition may not exist or may have
been overridden by super_partition=<something>. Make this work reliably
by plumbing the resolved metadata block device through, and using it any
time a partition called "super" is requested.
This also fixes a case in the first_stage_mount code that assumed that
detected a non-A/B, non-retrofit case by assuming the metadata source
partition would be called "super".
Bug: 113175337
Test: boot test on cuttlefish
Change-Id: I8ce1defb902e257eeb7170d697b378eba31faee3
Provide a means to determine if overlayfs is currently active with
fs_mgr_overlayfs_is_setup(). Search for current clues in the system
that the overrides are in play. If /mnt/scratch/ is mounted, that
may be enough of a smoking gun because the resource itself may
interfere with operations.
Related to update_engine calling this function to reject performing
an OTA as its operations are incompatible with the overrides.
Test: adb-remount-test.sh
Bug: 120034852
Change-Id: I641163b1559c1a83fe7d0c336d04c10e9956ad3a
Now that we have a first stage ramdisk (or use recovery in its place),
it's possible to place a vendor specific fstab along with first stage
init, removing the need for device tree modifications to have an
fstab.
Bug: 117933812
Test: hikey boots with only an fstab in first stage ramdisk
Test: blueline mainline boots with a disabled DT fstab and an fstab in recovery
Change-Id: I4460b88851557a75ba06ff795cd842e7dfb6da46
This CL also adds namespace android::fs_mgr and remove FsManager* prefix
for class names. Note that android::fs_mgr::FsManagerAvbOps will be removed
in later CLs when fs_mgr doesn't rely on libavb->avb_slot_verify() to
parse vbmeta structs.
Some lingering sources for by_name_symlink_map_ are also removed.
Bug: 112103720
Test: boot crosshatch_mainline-userdebug
Change-Id: I2d1a5cc39bcd5a699da8d5539f191d8c7737c4af
With the addition of the /dev/block/by-name/ symlinks created for the
boot_device, we no longer need to use a map to track the symlinks for
the partitions AVB needs to access.
This will help us in removing the requirement to specify which
partitions contain AVB metadata.
Bug: 117933812
Test: boot blueline_mainline with AVB
Change-Id: I1d46dba5b2fc16b2a14f861b34225ac0f2995b60
Kernels at or older than 4.6, the overlayfs drivers do not need,
or support, override_creds=off. Drop using the mount option.
Commit 3fe6e52f062643676eb4518d68cee3bc1272091b introduced the
need for override_creds=off, and none of the kernels that contain
this patch without the patch that introduces override_creds can
be used with Android.
Test: compile
Bug: 118882257
Bug: 109821005
Change-Id: I832c8ca3fce0269bdef4ce988541adb7ba9662ed
This patch adds another uevent-regeneration pass to the first stage
mount. When the super partition spans multiple block devices, we need
/dev/block/by-name symlinks to have been created before we begin mapping
dynamic partitions.
Bug: 116802789
Test: retrofit device boots
Change-Id: I00bb277e1d81385a457c5b4205a95d8fbe365bb2
Using overlayfs, the system partition may provide files for older
version of vendor partitions by overlaying on the vendor partition.
Directories in /system/vendor_overlay will be overlaid on the
directories in /vendor to override existing files or provide new
files.
This feature works only if the kernel support overlayfs and has a
patch for override_creds. Otherwise, no-op.
Bug: 114679254
Test: Build and boot: nothing affected without overlayfs, or
vendor file is overrided with overlayfs
Change-Id: Iff3a308945299034123ba7bcb40dc787e102730e
fs_mgr_overlayfs_mount_all() and fs_mgr_overlayfs_required_devices()
to also take const std::vector<const fstab_rec*>& argument.
Bug: 117933812
Test: manual adb-remount-test.sh
Change-Id: Ic72fcca1fe32c311ff3f903c7275e6f7dfba46a7
For logical partitions, the fstab supplied during
fs_mgr_overlayfs_setup() does not have the correct blk_device and
thus check in fs_mgr_has_shared_blocks() inside
fs_mgr_overlayfs_enabled() will fail to provide the correct status.
Call fs_mgr_update_logical_partition() to fix this up. Side effect
is an API change where fstab can no longer be considered const when
passed into fs_mgr_overlayfs_mount_all() and
fs_mgr_overlayfs_required_devices().
Some additional minor cleanup as well. Move fs_mgr_rm_all() higher
up as-is in the file as it has no dependencies, which will complicate
future changes. Add --help to adb-remount-test.sh unit test script,
improve error handling and checking.
Test: adb-remount-test.sh
Bug: 109821005
Bug: 117605276
Change-Id: I548d3797d49661529490d1a0bf96b63e57491704
Added fs_mgr_overlayfs_required_devices() as hint to init to make sure
the device gets created before fs_mgr_overlayfs_mount_all().
Test: manual
Bug: 109821005
Change-Id: Iab038f3e0252a357b082bb08db3679512b9badec
If a device has logical partitions but does not use a partition called
"super", we will need this to be configurable. Note that the "slot"
argument is currently unused, but will be necessary for update_engine if
there are A and B super partitions.
Bug: 116608795
Test: super partition works
Change-Id: Ieb548a158faeb423f3561230f26d582325efbc6b
Add an fstab argument for fs_mgr_overlayfs_mount_all so that it can
leverage the locally and timely acquired fstab entries. Affects all
callers, adb and init.
Test: manual
Bug: 109821005
Bug: 115751838
Change-Id: I96e2045d88525a6ce39bef63327a0fcf0704e9bc
Adds support for partitions with checkpointing enabled. If the
checkpoint= fs_mgr flag is set, and the system has checkpointing on,
the partition will be mounted in checkpointing mode.
Test: Use vdc checkpoint commands, the checkpoint=fs fs_mgr flag
in the fstab, and a kernel containing the f2fs checkpoint
changes. https://lkml.org/lkml/2018/8/21/22
Change-Id: I3ea8da932de06fcfd2eed06b8640a8b1df837f1f
Note that in addition to waiting for the path to appear, we must also
wait for it to be unlinked. Otherwise, we could accidentally access an
older device when opening and closing the same partition twice in a row.
Bug: 114198005
Test: fastboot flashall works
Change-Id: Iddffc34e1ac8aa066c28e7b1a92b09b6dfd7945c
Add fs_mgr_has_shared_blocks in fs_mgr. Use it as a default decision
to utilize overlayfs if not overridden by the platform.
Test: compile
Bug: 109821005
Change-Id: Ifab22a4c9898966515e268349c24bb4c28a39368
Logistics for adb remount on developer builds for readonly system
partitions using overlayfs to deal with not being able to remount
with read-write.
Conditions are that filesystem is squashfs, read-only, debug build,
kernel supports overlayfs. The default is a valid /cache/overlay/
directory, with .../<mount_point>/upper and .../<mount_point>/work,
associated with each system partition <mount_point>.
Will take the sepolicy of context of lowerdir as rootcontext= option.
Add fs_mgr_overlayfs_mount_all() to recurse through
fs_mgr_read_fstab_default(), and checking against /proc/mounts to
add any acceptable overlayfs mounts. The checking with /proc/mounts
makes sure we do not overlayfs overtop an overlayfs.
Add fs_mgr_overlayfs_setup(const char*, const char* bool*) and
fs_mgr_overlayfs_teardown(const char*, bool*) to respectively setup
or teardown the overlayfs support directories. Return value
includes success and optional supplied change booleans.
Test: compile
Bug: 109821005
Bug: 110985612
Change-Id: Ie9b4e9ca0f2bdd9275ac2e2e905431636948e131
By default, logical partitions with the readonly flag are created with a
readonly device. This change allows callers of CreateLogicalPartition
to create writable devices so they can still be flashed.
Bug: 78793464
Test: fastboot flash product_services works with fastbootd
Change-Id: Ia8d2761a3067e3b62815acbf0b6fb7f033072ba2
fastbootd needs to temporarily map and unmap logical partitions in order
to flash them. To make this easier, this change introduces fs_mgr
methods to create and destroy a single logical partition by name.
Bug: 79173901
Test: N/A
Change-Id: Ic085f2175c26a5edf5f18544012dcfe6d8088f09
This early code is no longer needed now that logical partitions can be
created and flashed normally.
Bug: 79173901
Test: N/A
Change-Id: I393ef23b3d3ce1cd9c80833358051838d0e9f333
By changing to a std:function from a plain function pointer as an
argument to fs_mgr_update_verity_state(), a lambda with captured
objects can be executed providing thread safety.
Test: compile and boot
Bug: 109821005
Change-Id: I2699a08cc2c5216625dcbf84eeac0c460f4ae36a