This is testing behavior that no longer exists. We never perform an OTA
while system_other is mapped, since it would collide with the snapshot
for system.
Bug: 208944665
Test: vts_libsnapshot_test
Change-Id: I1e462fad3fd59b8b881d98da982a7c22408b837b
Static binaries are pretty rare (and usually a bad idea) but there's a
rationale for this one, so we should record it.
Test: treehugger
Change-Id: I7fc5c32bbbec1ccf195d94eaedfb1bd718a364e1
This test fails because CreateLogicalPartitions is effectively called
twice without unmapping anything.
Bug: 208944665
Test: run_snapshot_tests.sh
Change-Id: I7e79f43e8de2f79bb72888c4198a95d9bd76bcdd
std::string doesn't like being initialized with negative values, so use
memset() instead.
Bug: 208944665
Test: vts_libsnapshot_test
Change-Id: I42a1a01fd9e59ffc9913c9df9f4bb8ab85113356
Many modules requiring min_sdk_version have been used without setting
it, but hard-coded as "30" in allowlist.
Bug: 158059172
Test: m
Change-Id: I0b461c28077584f2db2d2f688423f2227c0a2d1a
When the scratch space is mmap'ed, the metadata buffer
will be un-aligned. This may lead to alignment fault
on 32-bit systems. Address this by temporarily copying
it to buffer.
No perf impact as this code path is not in I/O path
and the copy is a for the size of metadata buffer which
is 8k.
Bug: 206426215
Test: Full and Incremental OTA on pixel
1: Compile snapuserd as 32 bit and reproduced the bug on pixel.
2: With fix - OTA applied successfully.
3: Reboot the device when merge was in-flight as the fix is primarily
in that path.
4: Verify merge completion and data integrity post merge.
Signed-off-by: Akilesh Kailash <akailash@google.com>
Change-Id: I63c0d862057ebf138c9d1696a942030e30598739
This entry is redundant, as system_shared_libs by default includes
libdl.
This should be a no-op change for the current build system, but avoids
an issue on the alternative (experimantal) build system, Bazel.
Test: md5sum libutils.so before/after on aosp_flame, verified no changes
Change-Id: I18f6e67c3e23299a0f1e0ef530a0a809b068dc03
rpmb_dev is a rpmb device stub used in emulation
as well as platform early bringup so we don't expect
any open source developer to be impacted by the migration
from MIT to Apache 2.0.
Note that with such a migration to Apache 2.0, recipients
won't receive lesser permissions, they just have updated
requirements for which license text to share along with the code.
Bug: 191508826
Test: None
Signed-off-by: Armelle Laine <armellel@google.com>
Change-Id: I0ae2bc66901344f8f9227e929a98946e52c50355
So libfsverity_init can be used in init to load fsverity keys in
early boot.
Bug: 199914227
Test: build
Change-Id: I514ab602ef03f4528cb013bd268fa6dfcb7eb5b2
* changes:
snapuserd: Add unit test for test merge code path
libsnapshot: Add vts_userspace_snapshot_test
libsnapshot: Integrate userspace snapshots APIs
fs-verity is required for new devices launched with R.
This allows files stored on /metadata to be protected by fsverity.
Bug: 199914227
Test: mini-keyctl padd asymmetric fsv-sepolicy .fs-verity \
< /system/etc/security/com.android.sepolicy.cert.der
cp /apex/com.android.sepolicy.apex/app/SEPolicy-33/SEPolicy-33.apk \
/metadata/sepolicy/
fsverity enable /metadata/sepolicy/SEPolicy-33.apk \
--signature=/apex/com.android.sepolicy.apex/etc/SEPolicy-33.apk.fsv_sig
Change-Id: I44434e3d026f1dbe6e261c365b3c70d3556a80b1
Vendor APEX section should not separate SPHAL in generic, and also
default namespace does not contain vendor libs in the scope. This change
updates libvndksupport to check 'vendor' namespace when there is no
sphal namespace for vendor APEX section case.
Bug: 193861508
Test: AOSP CF x86_64 boot succeeded
Change-Id: I04cefc12be4c8ec261efb1688a8307b7061bf068
In previous kernels, overlayfs stored its xattrs with a "trusted."
prefix. This requires CAP_SYS_ADMIN. As a workaround, we carried
out-of-tree kernel patches to bypass the security checks on these attrs.
The 5.15 kernel however has a new mount option "userxattr". When this is
set, the "trusted." prefix is replaced with "user.", which eliminates
the CAP_SYS_ADMIN requirement.
On kernels >= 5.15 we can use this feature and drop some of our
out-of-tree patches.
Bug: 204981027
Test: adb remount on cuttlefish with >=5.15
Change-Id: I3f0ca637a62c949fe481eea84f2c682f1ff4517a
Most of the test cases are similar to dm-snapshot-merge.
Additional test cases have been added primarily to test
I/O's in parallel with merge.
Bug: 193863397
Test: snapuserd_test
Signed-off-by: Akilesh Kailash <akailash@google.com>
Change-Id: I2764e6971989c121be873cc425cac464f31ce85f
dm-user block device will be the snapshot device; thus, no
more explicit call to MapSnapshot(). Additionally, block device
name for dm-user will be the snapshot name so that mount works
seamlessly.
API's to query the snapshot status, merge progress has been
integrated. Since daemon requires base device for merge, we pass
additional parameter during initialization.
Add a new virtual a/b property flag to enable/disable
user-snapshots feature. Propagate this flag to init layer
for first stage mount during boot process.
Some minor cleanup and renaming of variables.
Bug: 193863443
Test: 1: Full OTA on CF and pixel and verify the merge completion.
Tested merge-resume path by rebooting device during merge.
2: Incremental OTA on CF and pixel
Signed-off-by: Akilesh Kailash <akailash@google.com>
Change-Id: I5088f40a55807946cd044b3987678ead3696d996
It is expensive to keep the non-protobuf path around and it hasn't
been used for an entire release without anyone noticing, so remove it.
Create new end-to-end unit tests that cover tests of the non-proto
code paths that are being deleted.
Bug: 197981919
Test: Unit tests pass.
Change-Id: Ia1c45572300bd63e5f196ad61e5e5386830c8ece
ReadFstabFromFp() have two callers right now, ReadFstabFromFile() and
ReadFstabFromDt(). ReadFstabFromFile() opens a FILE* and pass it to
ReadFstabFromFp(), and ReadFstabFromDt() wraps a std::string::c_str()
buffer in a FILE* adaptor with fmemopen().
There's no need for such adaptor, just change ReadFstabFromFp() to
accept std::string and we're good.
Bug: 206740783
Bug: 204056804
Test: atest CtsFsMgrTestCases
Test: m libfstab_fuzzer
Change-Id: I3f56a83ec5baf7b0d97a618a2c2bb6e31b67b5d9
android::base::Tokenize() is like android::base::Split() but ignores
empty tokens. Think strtok_r() and strsep().
C++-ify parsing code by replacing strtok_r() with Tokenize(), which
results in more concise and readable code.
Bug: 204056804
Test: atest CtsFsMgrTestCases
(cherry picked from commit 3c1b581fd5)
Change-Id: Icce8c1b5ad074421052f68fa138d90adb85cca27
