Also, make sure snapuserd has closed its references. This is preventing
the merge from completing until a reboot.
Bug: N/A
Test: vts_libsnapshot_test
Change-Id: Iba18f887bdb262c630ec44461871e19fe64dbf3c
These tests are failing due to a missing WaitForFile call. Simplify
setting this up by adding a helper.
Bug: N/A
Test: vts_libsnapshot_test
Change-Id: Ic2afa74f72c7e364695233120b2327bae904882a
With compressed VAB updates, it is not possible to mount /system without
first running snapuserd, which is the userspace component to the dm-user
kernel module. This poses a problem because as soon as selinux
enforcement is enabled, snapuserd (running in a kernel context) does not
have access to read and decompress the underlying system partition.
To account for this, we split SelinuxInitialize into multiple steps:
First, sepolicy is read into an in-memory string.
Second, the device-mapper tables for all snapshots are rebuilt. This
flushes any pending reads and creates new dm-user devices. The original
kernel-privileged snapuserd is then killed.
Third, sepolicy is loaded from the in-memory string.
Fourth, we re-launch snapuserd and connect it to the newly created
dm-user devices. As part of this step we restorecon device-mapper
devices and /dev/block/by-name/super, since the new snapuserd is in a
limited context.
Finally, we set enforcing mode.
This sequence ensures that snapuserd has appropriate privileges with a
minimal number of permissive audits.
Bug: 173476209
Test: full OTA with VABC applies and boots
Change-Id: Ie4e0f5166b01c31a6f337afc26fc58b96217604e
This reverts commit 1414a0d4d8.
Reason for revert: reversions of CLs from http://b/174776875 removed dependencies for this CL, and made the freezer non-functional. This CL has to be reverted as well
Bug:174776875
Change-Id: Idbd9532374bb661330b3c7546bbdf086a046aba3
assemble_cvd directly or indirectly depends on these modules. To add
assemble_cvd to the com.anroid.virt APEX, these modules are marked as
being available to the APEX.
Bug: 174639526
Test: m com.android.virt
Change-Id: Id3b2989a9f038a1cdc769a2021a116cf09ab1b15
* In 'ActivateFlattenedApexesFrom', the 'readdir' detects
the APEX folders in a random way that depends on filesystems,
built packages and order of the build chain
* In normal cases, this is not an issue, however when building
with Go configurations, we have a case where the package
'com.android.tethering.inprocess' is built along the
'com.android.tethering' overriden binary, and depending on
the 'readdir' output, the mounts break the Tethering service
Change-Id: I8ac4a0284d8d885f732c71e846933869cf16a0bd
Signed-off-by: Adrian DC <radian.dc@gmail.com>
This adds the -d option to Inspect_Cow, which will cause it to attempt
to decompress all data blocks, reporting any errors it encounters.
Useful for detecting corruption in Cow files.
Bug: 172026020
Test: Inspect_Cow -d [cow_file]
Change-Id: Iebf5f7f485b33b36daab4ab07005ca37e51d692f
Previously, we'd check if a new cluster was needed before we added a Cow
Operation. This would cause an op's associated data to go to the wrong
location, so instead we check if we'll need a new cluster after writing
each op.
Bug: 172026020
Test: cow_api_test (ClusterCompressGz)
Change-Id: Ia43afedcfd430961b34f5914da4265b89e6fadb9
We want to add coverage statistics to the trusty-ut-ctrl tool, which is
a vendor binary. Thus we need a vendor variant of libtrusty_coverage.
Merges system libtrusty_test and vendor libtrusty into a single
vendor_available library so that we can add vendor_available to
libtrusty_coverage and make it accessible from vendor tools.
Bug: 175221942
Test: make libtrusty_coverage
Change-Id: I68cc8f1c1580bda8591dbe744e9751474811576d
Unlike apexd, tombstoned uses the regular dynamic linker path
(/system/bin/linker64). As a result, starting it after we have
switched to the default mount namespace but before APEXes have been
activated fails, because /system/bin/linker64 does not exist between
those two events. Fix that by starting tombstoned even earlier,
before we have switched mount namespace.
To avoid reintroducing the bug fixed by 2c9c8eb5ff ("init.rc:
create /data/vendor* earlier"), also make sure that /data/vendor* is
still created before /data/vendor/tombstones.
While at it, move the creation of /data/anr before starting
tombstoned, because tombstoned assumes that /data/anr exists.
Fixes: 81c94cdce6 ("Start tombstoned early in post-fs-data.")
Test: boot fvp-eng and fvp_mini-eng, check that tombstoned starts
succesfully on the first attempt
Change-Id: Ic52383c35fb39c61c2f0e0665fd10e795895d50d
Property variables should be written ${x.y} to be expanded.
Bug: 175645356
Test: The property ro.hardware is expanded properly.
Change-Id: Idf7ff7ecc002e6e4de4ccef70e89dcc1c10e63d0
The firmware_handler.HandleAbort and subcontext.RecoverAfterAbort
tests intentionally abort in the child process to ensure that
ueventd/init can recover if their child processes die. This generates
a tombstone which causes confusion. This change resets SIGABRT to
SIG_DFL right before the abort(), so that the child processes will
exit normally without generating a tombstone or writing a crash to
logcat.
Bug: 169771958
Bug: 175383788
Test: run the above tests and verify no stack traces are printed to
logcat and no tombstones are generated.
Change-Id: Ica09548d1c7a766bf5d9ff2e26c9fd558e85c7c1
