To determine the default encryption action, the mkdir command checks
whether the given path is a top-level directory of /data. However, it
assumed a path without any duplicate slashes or trailing slash(es).
While everyone *should* be providing paths without unnecessary slashes,
it is not guaranteed, as paths with unnecessary slashes still work
correctly for all other parts of the mkdir command, including the
SELinux label lookup and the actual directory creation. In particular,
the /data/fonts directory is being created using 'mkdir /data/fonts/'.
The effect is that the mkdir command thinks that /data/fonts/ is *not* a
top-level directory of /data, so it defaults to no encryption action.
Fortunately, the full command happens to use "encryption=Require", so we
dodged a bullet there, though the warning "Inferred action different
from explicit one" is still triggered.
There are a few approaches we could take here, including even just
fixing the /data/fonts/ command specifically, but I think the best
solution is to have mkdir clean its path at the very beginning. This
retains the Linux path semantics that people expect, while avoiding
surprises in path processing afterwards. This CL implements that.
Note, this CL intentionally changes the behavior of, and thus would
break, any existing cases where mkdir is used to create a top-level
/data directory using a path with unnecessary slashes and without using
an explicit encryption action. There are no known cases where this
already occurs, however. No cases exist in platform code, and vendor
init scripts shouldn't be creating top-level /data directories anyway.
Test: atest CtsInitTestCases
Test: Booted and verified that a trailing slash is no longer present in
the log message "Verified that /data/fonts/ has the encryption
policy ...". Also verified that the message "Inferred action
different ..." is no longer present just above it.
Bug: 232554803
Change-Id: Ie55c3ac1a2b1cf50632d54a1e565cb98c17b2a6a
No longer needed as the code to generate flag files based on
this environment variable is removed in Android 13.
Bug: 231946889
Test: Build and boot,
Change-Id: I8ce57619aa4d1e6457f3f864bf5e403f727c040c
Instead of using config file path, use APEX's preinstalled path to
determine whether to use subcontext or not for APEX configs.
Bug: 232021354
Test: CtsInitTestCases, CtsBluetoothTestCases
Change-Id: Iba603f09602f0bec3113e2be3d15c62055c09e72
Since apexd.status=ready is system-only property, we need a similar or
equivalent event or property which non-system APEXes can use to define
'on' trigger actions.
Note that services can be started without its own trigger actions by
setting 'class'. For example, 'hal'-class services are started 'on boot'
automatically.
Bug: 202731768
Test: atest CtsInitTestCases
Test: atest CtsBluetoothTestCases (cuttlefish's bt apex defines
'on' actions in the APEX config)
Change-Id: I6eb62ba8d6e350add2ebafe7da06fcaa57d825ff
APEX configs have supported only 'service' definitions. For those
services relying on 'on' trigger actions, we had to have separate config
files installed in read-only partitions (e.g. /system/etc/init).
This was suboptimal because even though APEXes are updatable, read-only
partitions are not.
Now, 'on' is supported in APEX configs. Putting 'on' trigger actions
near to service definitions makes APEX more self-contained.
'on' trigger actions loaded from APEX configs are not sticky. So, events
happens before loading APEX configs can't trigger actions. For example,
'post-fs-data' is where APEX configs are loaded for now, so 'on
post-fs-data' in APEX configs can't be triggerd.
Bug: 202731768
Test: atest CtsInitTestCases
Change-Id: I5a01d9c7c57b07955b829d6cc157e7f0c91166f9
Replace libbacktrace with the new AndroidUnwinder object.
Bug: 120606663
Test: Ran unit tests.
Test: Added call of UnwindMainThreadStack() in DebugRebootLogging()
Test: and verified unwind data is logged properly.
Change-Id: Ia724f9485377d6d2c894283242a3c5653bf82768
To prevent bugs, directory creation and encryption should happen
together. /data/user/0 (and its "alias" /data/data) is a per-user
encrypted directory; such directories can only be encrypted by vold.
Therefore, move its creation to vold as well.
Besides closing the uncomfortably-large gap between the creation and
encryption of /data/user/0, this allows removing init's write access to
/data/user and similar directories (SELinux type system_userdir_file) to
prevent any such issues from being reintroduced in the future.
To also allow removing init's write access to /data/media (SELinux type
media_userdir_file), which also contains per-user encrypted directories,
also move the creation and encryption of /data/media/obb to vold.
Bug: 156305599
BYPASS_INCLUSIVE_LANGUAGE_REASON=Linux API ("slave" mount flag)
Change-Id: I7245251eeb56b345b6c7711482c0aa5848648edb
The uevent.rc will setup owner/group/permissions in all the conditions
including device boot, cpu hotplugs, and cpu online/offline.
Since ueventd always regenerates uevents at boot, we could remove the
redundant settings in init.rc.
Bug: 230291215
Test: Build and check scaling_max_freq on Cuttlefish and B3 device
Change-Id: I4fcc440f2a950967667f88da574faa501b3e227c
Replaces libbacktrace in CallStack. There is one small behavioral
change, the BuildId data is added to the unwinds.
Bug: 120606663
Test: All unit tests pass.
Test: Run the fuzzer for over an hour without any crashes.
Change-Id: Ic8a4247c515ce0d3cdc4d2cc15167d1948b15fa5
The ueventd.rc sets permissions to 0664 but init.rc sets cpu0 to
0660. Since lots of processes already had read access for cpufreq nodes
(refer to system/sepolicy/public/domain.te), align all cpus to 0644
permissions.
Bug: 230291215
Test: Build
Change-Id: I3c72d69590998f8da894fb02097212f834edd48c
We need to fix the below error happening in early stage.
[ 24.835617][ T1] init: [libfs_mgr]Running /system/bin/fsck.f2fs -a -c 10000 --debug-cache /dev/block/sda1
[ 24.843693][ T1] logwrapper: Cannot log to file /dev/fscklogs/log
Bug: 230637147
Bug: 230879192
Signed-off-by: Jaegeuk Kim <jaegeuk@google.com>
Change-Id: I19bc5f7154577e29414f855de6ce72172b281975
Set readahead window multiplier for POSIX_FADV_SEQUENTIAL files as 16 to
enhance file read performance like a language package loading.
Bug: 192011293
Test: adb shell cat /dev/sys/fs/by-name/userdata/seq_file_ra_mul
Signed-off-by: Daeho Jeong <daehojeong@google.com>
Change-Id: I7f7e4339651be2d6aa99b07bcb12ab62136a940e
When system_server crashes or gets killed, it causes zygote to kill
itself, which in turn leads to killing all processes in the same
process group (all apps). This leaves empty process groups because
system_server is not there to remove them.
Purge empty process groups when init detects zygote death.
Bug: 228160715
Signed-off-by: Suren Baghdasaryan <surenb@google.com>
Change-Id: I0ce27eea28f8713e52033bbec2d5363a7b8ff5db
When system_server and zygote crash or get killed, all apps also get
killed but their process groups are left empty. Provide a function to
remove all empty process groups so that init can purge them when this
even happens.
Bug: 228160715
Signed-off-by: Suren Baghdasaryan <surenb@google.com>
Change-Id: Ife38ca021e80cd38106f218ae13183e8c2631bf0
Delete all files and directories under
/data/misc/virtualizationservice at boot. Originally they were owned
by the virtualizationservice user; we now run as system, and don't
have permission to remove them after boot.
Bug: 230056726
Test: Create fake stale dir+file, see them deleted
Change-Id: I5ff7d055aeeb25ba7693e50876d6b8a830c4bf51
(cherry picked from commit 34ee0c931c)
fuzzy_fastboot causes vts to fail when it has isolated set to true
so manually set it to false to avoid this.
Bug: 178498003
Test: Ran tests that failed presubmit
Change-Id: I871854c26e07ac6ad94feb14703b705a3054c176
Let's turn a bug into a feature... Since this code is built with intsan,
anyone who caused overflow here will have had an abort, so we know
no-one actually needs the BAD_INDEX return that was presumably the
original author's intent. So let's just mandate that, since it's a lot
harder to ignore an abort than it is to ignore an error return.
Bug: http://b/179044558
Test: treehugger
Change-Id: I08f1018f9da1e09de885699138b7543d55bb2a36
When bootchart is enabled its thread shares the mount namespace context
with the main thread. This prevents the main thread to switch the mount
namespace later with setns().
So, unshare() the mount namespace of the bootchart thread.
Bug: 229983560
Test: rebooted with bootcharting on/off
enter_default_mount_ns should succeeded.
Change-Id: Idac0d0efcb4f7f7d8a7cbcebf8fa2fa29f104c35
