Commit graph

160 commits

Author SHA1 Message Date
Yifan Hong
c02509b500 fs_mgr: CreateDmTable takes CreateLogicalPartitionParams
It has too many arguments.

Also fixed CreateLogicalPartitionParams::InitDefaults because
it doesn't use the provided partition opener to read metadata
(which breaks tests).

Test: libsnapshot_test
Test: liblp_test

Change-Id: I74cf8d468274f741c6f3743438fe8855b2aef15b
2019-09-11 18:32:57 -07:00
Treehugger Robot
50ca448402 Merge "fs_mgr: Allow to set defaults for CreateLogicalPartitionParams" 2019-08-29 02:56:40 +00:00
Yifan Hong
1ada55e42a fs_mgr: Allow to set defaults for CreateLogicalPartitionParams
Test: boots
Change-Id: I6a969a19b9d29e682f50872bd3e9027eaca41512
2019-08-28 13:40:15 -07:00
David Anderson
1145c01e8e libsnapshot: Improve how devices are collapsed after merging.
Currently, we replace snapshot-merge with a linear device wrapping the
base device. This is not efficient. This patch reads LpMetadata for the
underlying partition, and duplicates its table into the snapshot-merge
device. This removes a layer of stacking and also allows removing the
base device.

Note that snapshot_test is growing a bit unwiedly, because it's starting
to implement pieces of libsnapshot that will be filled in later for
update_engine. (MapUpdatePartitions is a good example of this.) When
those pieces land in libsnapshot, snapshot_test will be cleaned up to
remove much of this manual fiddling.

Bug: 139090440
Test: libsnapshot_test gtest
Change-Id: I3872dc51d9e5980803303806f42a5c7e74b0b78a
2019-08-27 15:09:56 -07:00
David Anderson
9267c3f5c4 libsnapshot: Add helper for first-stage init mounting
With this patch, init can mount snapshots in the first stage by
performing the following operations:
 1. First, check if SnapshotManager::kBootIndicatorPath exists.
 2. If so, call SnapshotManager::NewForFirstStageMount.
 3. If NeedSnapshotsInFirstStageMount returns true,
 4. Call CreateLogicalAndSnapshotPartitions().

When called, this replaces any calls to CreateLogicalPartitions().

Rather than split this into multiple functions (to generate uevents as
needed), we instead use major:minor strings for device-mapper tables.
This means we don't have to wait for paths to resolve.

Bug: 139204329
Test: libsnapshot_test gtest
Change-Id: Ia7ec196a62e51748d6f01a66fe4e9eef25f2898f
2019-08-23 14:42:05 -07:00
David Anderson
4929df0c44 fs_mgr: Allow using major:minor device strings in CreateLogicalPartition.
IPartitionOpener is useful for writing gtests, however, it can't easily
be used with CreateLogicalPartition. fs_mgr assumes the super partition
name will map to /dev/block/by-name/super whereas in tests we want to
redirect it to a different block device.

This CL makes two changes. First, it adds a new method to IPartitionOpener
to return a "device string" for a device name. The string must either be
an absolute path (for example /dev/block/by-name/super) or a major:minor
sequence, since device-mapper will accept either.

Second, CreateLogicalPartition now accepts an optional IPartitionOpener.
When converting block devices to paths, it uses the opener instead of
automatically prepending /dev/block/by-name.

Bug: 139204329
Test: liblp_test gtest
      libsnapshot_test gtest

Change-Id: Id6b3120cc2ef5c0dd941b29ff96215ad3c8ec848
2019-08-15 16:39:48 -07:00
David Anderson
15aa9540df liblp: CreateLogicalPartition with a given mapped name
Introduce a parameter struct to eliminate parameter explosion, and refactor
existing callers to use the new helper.

Test: manual test
Bug: 135752105
Change-Id: I0c5ebe4e084ad7503c2ac6c65886a71505d50d00
2019-08-13 13:41:36 -07:00
David Anderson
470fe2b5f0 fs_mgr: Remove the timeout parameter to DestroyLogicalPartition.
This is no longer needed as CreateLogicalPartition() ensures the
obtained path will not race with device deletion.

Bug: 135771280
Test: device builds, flashes
Change-Id: I821290aa08fede99d5c51cd68681c351a1ea97bc
2019-07-11 15:39:53 -07:00
Paul Lawrence
323959ea27 Make ext4 userdata checkpoints work with metadata encryption
When both ext4 user data checkpoints and metadata encryption are
enabled, we are creating two stacked dm devices. This had not been
properly thought through or debugged.

Test: Enable metadata encryption on taimen (add
keydirectory=/metadata/vold/metadata_encryption to flags for userdata in
fstab.hardware)
    Unfortunately metadata is not wiped by fastboot -w, so it is
    necessary to rm metadata/vold -rf whenever you wipe data.
    fastboot flashall -w works
    fastboot reboot -w works
    A normal boot works
    Disable checkpoint commits with
    setprop persist.vold.dont_commit_checkpoint 1
    vdc checkpoint startCheckpoint 10
    adb reboot
    wait for device to fully boot then
    adb reboot
    Wait for device to fully boot then
    adb logcat -d | grep Checkpoint shows the rollback in the logs

    This tests encryption on top of checkpoints with commit, encryption
    without checkpoints, and rollback, which seems to be the key cases.

Bug: 135905679
Change-Id: I24387a2943dce28b918c34894f24911b20429be7
2019-06-26 15:09:07 -07:00
David Anderson
c65121306a Introduce inotify-based replacements for fs_mgr_wait_for_file.
Bug: 134966533
Test: fs_mgr_unit_test gtest
Change-Id: I36802b87cec59b5277267eb919851ca390fea425
2019-06-18 15:27:09 -07:00
Mark Salyzyn
e0c581fec3 fs_mgr: overlayfs: pre-emptive filesystem setup
If we just disabled verity, take the step to setup the backing
storage for overlayfs.

Test: adb-remount-test.sh
Bug: 130131892
Change-Id: Ic56569eaf363e4417a0ce5df11ee5480a07b8b03
2019-05-31 11:23:01 -07:00
Yifan Hong
402633d605 init: add umount_all builtin.
umount_all is the cleanup step for mount_all.

In particular, the mount_all builtin creates a verity device,
'postinstall-verity', for the following line:

system /postinstall ... ... slotselect_other,logical,avb_keys=...

cppreopt umounts /postinstall but doesn't destroy the postinstall-verity
device, causing OTA to fail (because it cannot destroy the
system_[other] device). umount_all also destroy the verity device.

Note that mount_all does not map system_[other]; it is mapped by
first stage init. Hence, umount_all doesn't destroy it either. The OTA
client is reponsible for unmapping the device itself.

Bug: 129988285
Test: flash, boot, then check `dmctl list devices`, then OTA

Change-Id: Id3ab65b3860b6ea6cfec310ab13652009c81f415
Merged-In: Id3ab65b3860b6ea6cfec310ab13652009c81f415
2019-04-15 15:11:28 -07:00
David Anderson
ee725f610f init: Support booting off GSIs installed to non-userdata block devices.
Bug: 126230649
Bug: 127953521
Test: GSI boots when installed to sdcard on hikey960
      GSI boots when installed to /data/gsi
Change-Id: Id59926ebe363939c8c5745bb1bf5bd13722dae7e
2019-03-20 18:22:00 -07:00
Mark Salyzyn
dffdb4374b fs_mgr: overlayfs: export fs_mgr_overlayfs_candidate_list
Refactor fs_mgr_candidate_list into fs_mgr_overlayfs_candidate_list
that reports all the possible candidates.  The caller is responsible
for filtering out any that have verity enabled.

Sundry improvements to the adb-remount-test.sh script to improve
stability and feedback.

Test: adb-remount-test.sh
Bug: 122602260
Change-Id: I2399f83d8ed77d8f3d2ad1405d0c187ccbace764
2019-02-13 10:49:18 -08:00
Tom Cherry
cf80b6d6e5 Refactor fs_mgr_update_verity_state()
fs_mgr_update_verity_state() has two callers with generally different
intentions.  One caller loops through all entries in the default fstab
to set partition.<mount_point>.verified properties.  The other caller
is only interested in whether or a specific mount point has verity
enabled.

Given this, we refactor fs_mgr_update_verity_state() to
fs_mgr_get_verity_mount_point() which takes a single FstabEntry and
returns the mount point used for the dm-verity device or an empty
option if verity is not enabled on that mount point.

Test: adb-remount-test.sh test on blueline
Change-Id: Ic7dd8390509e95b2931b21e544c919a544138864
2019-02-11 12:50:22 -08:00
Tom Cherry
685c2c7b1e Remove old C fs_mgr interface
Remove superfluous fs_mgr flags as well.

Bug: 62292478
Test: tree hugger, fs_mgr_unit_test
Change-Id: Ib307400941b46ca8bcb51d479668efd82fc3ed2d
2019-02-04 15:09:02 -08:00
Tom Cherry
a3530e6366 Add android::fs_mgr namespace for new Fstab code
Should have been done a while ago, but better late than never.

Test: treehugger
Change-Id: I0ea6e8d459cd3f3b3ce2d00a7a6a9786d52c52dd
2019-01-30 20:20:05 -08:00
Tom Cherry
2e545f8b2f fs_mgr: make changes needed to port vold to new Fstab interface
Particularly, capitulate that GetEntryForMountPoint() would be cleaner
than std::find_if() and update the rest of system/core to use it.

Test: build

Change-Id: I982b5a8552d44852d3ab22c20db83afcd4dd652b
2019-01-29 14:56:49 -08:00
Tom Cherry
b688d917cd Remove the rest of users of the old style fstab
And deprecate one more old style function that is not used after this
change.

Test: boot, disable and enable verity
Change-Id: Id509f479850120352b4ea4dc3b6c40f6e8e2e53e
2019-01-28 12:34:33 -08:00
David Anderson
908f07b0b8 fs_mgr: Add a helper for creating one-off dynamic partitions.
This will be used by gsid to invoke mkfs.ext4 on the userdata_gsi
partition. Since the extents are not located on the super partition, we
need a helper method that takes in an LpMetadata.

Bug: 121210348
Test: manual test
Change-Id: I00467ace8a745fb0c0d130babfda1a2d5d97c208
2019-01-07 18:31:54 -08:00
Yifan Hong
bf80e7dd91 Move parts of roots.cpp from librecovery
Move some mounting functionalities from librecovery so that
other modules can also mount logical partitions correctly.

- Also, refactor to use C++ Fstab struct.
- Also, fixed CreateLogicalPartitions() to take full path of
super device.

Test: run recovery tests
Test: vintf_object_recovery_test

Bug: 118634720
Bug: 113182233
Bug: 62292478
Change-Id: Ie02c3a941ed801fdae5818099faf5f3863444296
2018-12-19 10:23:50 -08:00
Yifan Hong
0cd2d5f048 fs_mgr_do_mount_one: allow overriding mount_point
Test: boots
Bug: 118634720
Change-Id: Ie2d05fdead27bfb1c922749272ff648bc7c418d1
2018-12-19 10:23:50 -08:00
Tom Cherry
23319ebebf Start using new C++ Fstab class widely
Bug: 62292478
Test: boot
Test: adb-remount-test.sh

Change-Id: Id4715af4c1f03e2cfc67de92d3ea58e933685e51
2018-12-12 17:08:09 +00:00
Tom Cherry
02eff5cccd Update fs_mgr_update_verity_state() for new C++ Fstab
Bug: 62292478
Test: boot and check verity state
Change-Id: I4912a16ada9a6d72480d7ac905654b764c5d18b6
2018-12-07 14:14:54 -08:00
Treehugger Robot
323ca1ea6b Merge "fs_mgr: Add fs_mgr_overlayfs_is_setup()" 2018-12-06 01:01:06 +00:00
Tom Cherry
e1e71b9b98 Merge "init: allow first stage mount to read an fstab" 2018-12-05 20:32:08 +00:00
Alistair Strachan
5d55580fe1 Merge "Handle renamed "super" device correctly" 2018-12-05 00:06:41 +00:00
Alistair Strachan
1906d5f357 Handle renamed "super" device correctly
In the non-retrofit case, the metadata source partition will be
hardcoded as "super", but such a partition may not exist or may have
been overridden by super_partition=<something>. Make this work reliably
by plumbing the resolved metadata block device through, and using it any
time a partition called "super" is requested.

This also fixes a case in the first_stage_mount code that assumed that
detected a non-A/B, non-retrofit case by assuming the metadata source
partition would be called "super".

Bug: 113175337
Test: boot test on cuttlefish
Change-Id: I8ce1defb902e257eeb7170d697b378eba31faee3
2018-12-04 11:21:34 -08:00
Mark Salyzyn
dd748aa41c fs_mgr: Add fs_mgr_overlayfs_is_setup()
Provide a means to determine if overlayfs is currently active with
fs_mgr_overlayfs_is_setup().  Search for current clues in the system
that the overrides are in play.  If /mnt/scratch/ is mounted, that
may be enough of a smoking gun because the resource itself may
interfere with operations.

Related to update_engine calling this function to reject performing
an OTA as its operations are incompatible with the overrides.

Test: adb-remount-test.sh
Bug: 120034852
Change-Id: I641163b1559c1a83fe7d0c336d04c10e9956ad3a
2018-12-04 11:06:47 -08:00
Tom Cherry
e68bf85fd6 init: allow first stage mount to read an fstab
Now that we have a first stage ramdisk (or use recovery in its place),
it's possible to place a vendor specific fstab along with first stage
init, removing the need for device tree modifications to have an
fstab.

Bug: 117933812
Test: hikey boots with only an fstab in first stage ramdisk
Test: blueline mainline boots with a disabled DT fstab and an fstab in recovery
Change-Id: I4460b88851557a75ba06ff795cd842e7dfb6da46
2018-12-04 11:06:30 -08:00
Tom Cherry
3055457a96 Convert fs_mgr_swapon_all() to use the new Fstab struct
Bug: 62292478
Test: build
Change-Id: Ifbde514bf73d3ce2f321326291daa025b6afac46
2018-12-03 09:41:01 -08:00
Bowgo Tsai
c1bc2813c9 fs_mgr: move AVB related source into libfs_avb
This CL also adds namespace android::fs_mgr and remove FsManager* prefix
for class names. Note that android::fs_mgr::FsManagerAvbOps will be removed
in later CLs when fs_mgr doesn't rely on libavb->avb_slot_verify() to
parse vbmeta structs.

Some lingering sources for by_name_symlink_map_ are also removed.

Bug: 112103720
Test: boot crosshatch_mainline-userdebug
Change-Id: I2d1a5cc39bcd5a699da8d5539f191d8c7737c4af
2018-11-29 22:21:33 +08:00
Tom Cherry
9856460763 fs_mgr: remove by_name_symlinks_map_ from AvpOps
With the addition of the /dev/block/by-name/ symlinks created for the
boot_device, we no longer need to use a map to track the symlinks for
the partitions AVB needs to access.

This will help us in removing the requirement to specify which
partitions contain AVB metadata.

Bug: 117933812
Test: boot blueline_mainline with AVB
Change-Id: I1d46dba5b2fc16b2a14f861b34225ac0f2995b60
2018-11-13 11:37:36 -08:00
Mark Salyzyn
6a11694c1b fs_mgr: overlayfs earlier kernels do not need override_creds=off
Kernels at or older than 4.6, the overlayfs drivers do not need,
or support, override_creds=off.  Drop using the mount option.

Commit 3fe6e52f062643676eb4518d68cee3bc1272091b introduced the
need for override_creds=off, and none of the kernels that contain
this patch without the patch that introduces override_creds can
be used with Android.

Test: compile
Bug: 118882257
Bug: 109821005
Change-Id: I832c8ca3fce0269bdef4ce988541adb7ba9662ed
2018-11-07 11:05:18 -08:00
David Anderson
f89b1df1a5 init: Regenerate uevents for dependent super partition devices.
This patch adds another uevent-regeneration pass to the first stage
mount. When the super partition spans multiple block devices, we need
/dev/block/by-name symlinks to have been created before we begin mapping
dynamic partitions.

Bug: 116802789
Test: retrofit device boots
Change-Id: I00bb277e1d81385a457c5b4205a95d8fbe365bb2
2018-11-05 17:53:49 -08:00
Justin Yun
6bab0a9c23 Mount vendor overlay from the system partition
Using overlayfs, the system partition may provide files for older
version of vendor partitions by overlaying on the vendor partition.
Directories in /system/vendor_overlay will be overlaid on the
directories in /vendor to override existing files or provide new
files.

This feature works only if the kernel support overlayfs and has a
patch for override_creds. Otherwise, no-op.

Bug: 114679254
Test: Build and boot: nothing affected without overlayfs, or
                      vendor file is overrided with overlayfs

Change-Id: Iff3a308945299034123ba7bcb40dc787e102730e
2018-11-01 10:26:12 +09:00
Mark Salyzyn
a762e007c5 fs_mgr: overlayfs takes const std::vector<const fstab_rec*>&
fs_mgr_overlayfs_mount_all() and fs_mgr_overlayfs_required_devices()
to also take const std::vector<const fstab_rec*>& argument.

Bug: 117933812
Test: manual adb-remount-test.sh
Change-Id: Ic72fcca1fe32c311ff3f903c7275e6f7dfba46a7
2018-10-31 14:42:44 +00:00
Mark Salyzyn
1b066c313b fs_mgr: fs_mgr_has_shared_blocks() needs logical blk_device
For logical partitions, the fstab supplied during
fs_mgr_overlayfs_setup() does not have the correct blk_device and
thus check in fs_mgr_has_shared_blocks() inside
fs_mgr_overlayfs_enabled() will fail to provide the correct status.

Call fs_mgr_update_logical_partition() to fix this up.  Side effect
is an API change where fstab can no longer be considered const when
passed into fs_mgr_overlayfs_mount_all() and
fs_mgr_overlayfs_required_devices().

Some additional minor cleanup as well.  Move fs_mgr_rm_all() higher
up as-is in the file as it has no dependencies, which will complicate
future changes.  Add --help to adb-remount-test.sh unit test script,
improve error handling and checking.

Test: adb-remount-test.sh
Bug: 109821005
Bug: 117605276
Change-Id: I548d3797d49661529490d1a0bf96b63e57491704
2018-10-26 22:54:46 +00:00
Mark Salyzyn
b5ca72811c fs_mgr.h cleanup
Drop struct from specifications, fix style.

Test: compile
Change-Id: I94665a41d514501d2f4cd6888361316e08813431
2018-10-10 12:26:49 -07:00
Mark Salyzyn
e511e3a3b1 fs_mgr: Add fs_mgr_overlayfs_required_devices()
Added fs_mgr_overlayfs_required_devices() as hint to init to make sure
the device gets created before fs_mgr_overlayfs_mount_all().

Test: manual
Bug: 109821005
Change-Id: Iab038f3e0252a357b082bb08db3679512b9badec
2018-10-04 15:15:02 -07:00
David Anderson
5cbd2e43ee Don't hardcode the super partition name.
If a device has logical partitions but does not use a partition called
"super", we will need this to be configurable. Note that the "slot"
argument is currently unused, but will be necessary for update_engine if
there are A and B super partitions.

Bug: 116608795
Test: super partition works
Change-Id: Ieb548a158faeb423f3561230f26d582325efbc6b
2018-10-01 14:13:22 -07:00
Mark Salyzyn
f35db9b11b fs_mgr: init: adb: add fstab argument to fs_mgr_overlayfs_mount_all
Add an fstab argument for fs_mgr_overlayfs_mount_all so that it can
leverage the locally and timely acquired fstab entries.  Affects all
callers, adb and init.

Test: manual
Bug: 109821005
Bug: 115751838
Change-Id: I96e2045d88525a6ce39bef63327a0fcf0704e9bc
2018-09-25 07:30:55 -07:00
Daniel Rosenberg
4c93b256f6 fs_mgr: Support checkpoints
Adds support for partitions with checkpointing enabled. If the
checkpoint= fs_mgr flag is set, and the system has checkpointing on,
the partition will be mounted in checkpointing mode.

Test: Use vdc checkpoint commands, the checkpoint=fs fs_mgr flag
      in the fstab, and a kernel containing the f2fs checkpoint
      changes. https://lkml.org/lkml/2018/8/21/22
Change-Id: I3ea8da932de06fcfd2eed06b8640a8b1df837f1f
2018-09-20 17:28:23 -07:00
David Anderson
c8ac4e7644 fastbootd: Wait for /dev/block paths when opening logical partitions.
Note that in addition to waiting for the path to appear, we must also
wait for it to be unlinked. Otherwise, we could accidentally access an
older device when opening and closing the same partition twice in a row.

Bug: 114198005
Test: fastboot flashall works
Change-Id: Iddffc34e1ac8aa066c28e7b1a92b09b6dfd7945c
2018-09-06 17:38:06 -07:00
Mark Salyzyn
3ff87d89ef fs_mgr: add fs_mgr_has_shared_blocks and make default if overlayfs
Add fs_mgr_has_shared_blocks in fs_mgr.  Use it as a default decision
to utilize overlayfs if not overridden by the platform.

Test: compile
Bug: 109821005
Change-Id: Ifab22a4c9898966515e268349c24bb4c28a39368
2018-08-15 10:07:27 -07:00
Mark Salyzyn
b28389f5ee fs_mgr: add overlayfs handling for squashfs system filesystems
Logistics for adb remount on developer builds for readonly system
partitions using overlayfs to deal with not being able to remount
with read-write.

Conditions are that filesystem is squashfs, read-only, debug build,
kernel supports overlayfs.  The default is a valid /cache/overlay/
directory, with .../<mount_point>/upper and .../<mount_point>/work,
associated with each system partition <mount_point>.

Will take the sepolicy of context of lowerdir as rootcontext= option.

Add fs_mgr_overlayfs_mount_all() to recurse through
fs_mgr_read_fstab_default(), and checking against /proc/mounts to
add any acceptable overlayfs mounts.  The checking with /proc/mounts
makes sure we do not overlayfs overtop an overlayfs.

Add fs_mgr_overlayfs_setup(const char*, const char* bool*) and
fs_mgr_overlayfs_teardown(const char*, bool*) to respectively setup
or teardown the overlayfs support directories.  Return value
includes success and optional supplied change booleans.

Test: compile
Bug: 109821005
Bug: 110985612
Change-Id: Ie9b4e9ca0f2bdd9275ac2e2e905431636948e131
2018-08-08 15:38:53 -07:00
David Anderson
4d71d85805 liblp: Allow flashing to readonly logical partitions.
By default, logical partitions with the readonly flag are created with a
readonly device. This change allows callers of CreateLogicalPartition
to create writable devices so they can still be flashed.

Bug: 78793464
Test: fastboot flash product_services works with fastbootd
Change-Id: Ia8d2761a3067e3b62815acbf0b6fb7f033072ba2
2018-08-06 15:47:26 -07:00
David Anderson
23de22d54b fs_mgr: Add a method for creating one-off partition instances.
fastbootd needs to temporarily map and unmap logical partitions in order
to flash them. To make this easier, this change introduces fs_mgr
methods to create and destroy a single logical partition by name.

Bug: 79173901
Test: N/A
Change-Id: Ic085f2175c26a5edf5f18544012dcfe6d8088f09
2018-07-23 11:43:27 -07:00
David Anderson
e0384bbc69 fs_mgr: Remove early prototype code.
This early code is no longer needed now that logical partitions can be
created and flashed normally.

Bug: 79173901
Test: N/A
Change-Id: I393ef23b3d3ce1cd9c80833358051838d0e9f333
2018-07-19 14:38:33 -07:00
Mark Salyzyn
b5065fcb28 fs_mgr: fs_mgr_update_verity_state take std::function
By changing to a std:function from a plain function pointer as an
argument to fs_mgr_update_verity_state(), a lambda with captured
objects can be executed providing thread safety.

Test: compile and boot
Bug: 109821005
Change-Id: I2699a08cc2c5216625dcbf84eeac0c460f4ae36a
2018-06-28 08:43:35 -07:00