If there are snapshot metadata persisting in /metadata/ota/snapshots,
remove them before applying a new update. Make sure that
the snapshots are indeed invalid before removing them.
On a sidenote, add a comment in init.cpp related to
b/223076262.
Bug: 228250473
Test: 1: Apply OTA in recovery through adb sideload
2: Reboot
3: Apply OTA OTA again through update_device.py
4: Re-run Full OTA updates just from update_device.py
Signed-off-by: Akilesh Kailash <akailash@google.com>
Change-Id: I116bbafae09042b9c391ccd58c102704571c214e
* changes:
DO NOT MERGE: Revert "init: Add more diagnostics for signalfd hangs."
DO NOT MERGE: Revert "init: Add diagnostics for signalfd epoll failures."
With the addition of runtime-configurable GWP-ASan, there might be many,
many more than 1,000 allocations. Have support for them, but keep a
hopefully-won't-crash-the-device limit.
Bug: 219651032
Test: atest bionic-unit-tests
Change-Id: I7b8e2bf5ab7c723ab6c61365f0dc610e400dbbce
Previously, virtualizationservice had its own UID
`virtualizationservice`. As a result, crosvm, which is spawed by
virtualizationservice`, also run as the UID. However, that prevented us
from applying task profiles to the crosvm process because joining a
process to a cgroup requires system UID.
To fix that, virtualizationservice now runs as system UID. As a result,
this directory that virtualizationservice accesses has to change its
owner and group to system.
Bug: 223790172
Bug: 216788146
Test: watch TH
Change-Id: I2bdf49e99f1841bf77ff046b0c2455064b174e0a
/dev/kvm and /dev/vhost-vsock are used by crosvm. Previously, it ran as
a custom UID `virtualizationservice`. However, this prevented us from
applying task profiles to the crosvm process because joining a process
to a cgroup requires system UID.
Now, crosvm (and its parent virtualizationservice as well) runs in
system UID. Therefore, the ownership of two device files are also
updated accorgly.
BUG=b:216788146
BUG=b:223790172
Test: watch TH
Change-Id: I1f63a12532d3a2cb5724291dbbb40210bd7c9203
The wrapper is to call SetProcessFiles (C++ API) from crosvm via FFI.
Bug: 223790172
Bug: 216788146
Test: m
Change-Id: If342ca0d19deb1cb7ee581bba2cc543385199cbe
One is intentionally seeting the abort message. The other is to set
the abort message to null.
Also, make the libseccomp_policy static so that the crasher
executable can be copied to the system afterwards without
requiring libseccomp_policy.so.
Test: Ran both new crash commands on device.
Test: Ran the seccomp crash command to verify seccomp still works.
Change-Id: I255b5f37e6eb188719e5b72302ca3f5911c8d821
Mark this as 29 for easy inclusion in APEXes when debugging. Make
sure we don't introduce calls to things here which would prevent
this from being used on old platforms.
Fixes: 228561718
Test: build
Change-Id: I2574455dbfe681117e4afcf6eef3546be51393fa
Experiments can enable/disable MG-LRU using the
persist.device_config.mglru_native.lru_gen_enabled property
which will update the coresponding sysfs control to enable or
disable this feature in the kernel.
Test: adb shell device_config put mglru_native lru_gen_config [none, core, ...]
Test: verify MG RLU is enabled/disabled: cat /sys/kernel/mm/lru_gen/enabled
Bug: 227651406
Bug: 228525049
Change-Id: I0708df8c78a85359d5cb6d5b167836768029380e
* Add new `recv` method that takes a `Vec<u8>` and automatically
allocates extra buffer space and retries the read call if the buffer
does not have enough capacity.
* Rename the existing `recv` method to `recv_no_alloc`, and update docs
to clarify the behaviors of both methods.
* Add tests for the new `recv` method and update existing tests to use
`recv_no_alloc` instead.
Test: tipc-test-rs -m 1024 -t echo
Bug: 226659377
Change-Id: Ic437b617751e865da119fe0c4ef8aa456a63bf3c
Test logic is based on the tests in the original tipc-test C binary,
but adapted to use the Rust unit test infrastructure to make running
tests easier.
Test: Ran the tests
Bug: 226659377
Change-Id: I998013b2f8b304299acb09d58beb49330747802a
This is required so that system_server can read/delete the file(s) in
/data/misc/odsign/metrics & report to statsd
Note the group change in odsign directory was required so that
system_server can get the execute permission to read file in the sub dir
Test: adb shell ls -l /data/misc/odsign/metrics
Bug: 202926606
Change-Id: I6dd80e05bbfb9daf4aa3e996fc22bba1de8bd2ce
Add a specific error message to the Android CLI tool for the
case where the policy engine (http://go/aog/2051516) disallows
loading.
Test: Load a signed app that violates the policy
Bug: 208968719
Change-Id: I2aaa218ab3a7297ea62448de49baa0bfd6b1ee52
In Android S, snapuserd binary was on vendor partition.
When there is an OTA update from S -> T, it is possible
that vendor partitions are not updated. In that case,
successive OTA updates T1 -> T2 will continue to have
snapuserd from Android S as vendor partition wasn't updated
to T. All this means, we should disable user-space snapshots.
When installing OTA during runtime, check for property
ro.vendor.build.version.release_or_codename; if the property
is set to "12", then skip userspace-snapshots.
Bug: 227614163
Test: Simulate OTA test on Pixel 6 from T1 -> T2 by forcefully
setting the property to 12 and verify OTA is applied
successfully by falling back to dm-snapshot.
Signed-off-by: Akilesh Kailash <akailash@google.com>
Change-Id: I95f29145e5cd9ffb8d03d28ae414f0037b88be90
