Last generic ld.config.txt deprecation caused build error from
build_test build because of invalid ld.config.txt build target. To fix
this ld.config.txt build target should be enabled until
ld.config.vndklite.txt and ld.config.legacy.txt also become deprecated.
Bug: 138920271
Test: m ld.config.txt passed
Test: build_test passed
Change-Id: I7f45ee66d3ed70a1a698261e1e801a30729f592f
libneuralnetworks.so could be preloaded. In that case, it should be
accessible from libnativeloader which runs in the runtime namespace.
Bug: 141847343
Bug: 142111172
Test: m, marlin/sailfish boots
Change-Id: I5b2f3073d0711d6049b4e1e1bd0bcc403949fe14
This change is part of a topic that moves the recovery resources from the
system partition to the vendor partition, if it exists, or the vendor directory
on the system partition otherwise. The recovery resources are moving from the
system image to the vendor partition so that a single system image may be used
with either an A/B or a non-A/B vendor image. The topic removes a delta in the
system image that prevented such reuse in the past.
The recovery resources that are moving are involved with updating the recovery
partition after an update. In a non-A/B configuration, the system boots from
the recovery partition, updates the other partitions (system, vendor, etc.)
Then, the next time the system boots normally, a script updates the recovery
partition (if necessary). This script, the executables it invokes, and the data
files that it uses were previously on the system partition. The resources that
are moving include the following.
* install-recovery.sh
* applypatch
* recovery-resource.dat (if present)
* recovery-from-boot.p (if present)
This change moves the recovery resources to vendor in libcutils/fs_config.cpp
and removes the flash_recovery service from rootdir/init.rc. This service moved
to a vendor init.rc file in bootable/recovery/applypatch.
Bug: 68319577
Test: Ensure that recovery partition is updated correctly.
Change-Id: I492f7989ea8042912e9d0e0eadeaa351affbee13
From latest change fully treblelized devices started to use
ld.config.txt from generator instead of the one under /system/etc. As so
existing ld.config.txt is no longer required. This change removes all
ld.config.txt content and build script for it.
Bug: 138920271
Test: m -j passed
Test: Tested from Cuttlefish
Change-Id: I9e2d4b305442a4fccc4378a997ec92bfd6cddb84
Some device requires VNDK_USING_CORE_VARIANT list, but it was not
implemented in previous. Adding this library list to the build target so
it can be added to system image.
Bug: 141695559
Test: m -j passed & Tested from Cuttlefish
Change-Id: I52750583050401098ca8dacee9cf84e8c5727e36
We want ashmem to only be used via libcutils API, with long-term goal
being deprecation of ashmem with memfd. To do that we route libcutils to
a new source of ashmem fds. We then phase out uses of /dev/ashmem that
doesn't go through libcutils using SELinux.
In Q, we introduced ashmemd as the source of ashmem fds to libcutils.
However, having a separate process and, consequently, binder hops to
handle /dev/ashmem results in performance/memory overhead.
To address the overhead, replace ashmemd with a duplicate of
/dev/ashmem. Name it /dev/ashmem<boot_id>, where boot_id is a random
number generated on each boot. This way we make sure that developers
don't accidentally depend on /dev/ashmem<boot_id>, as that name can't be
hardcoded.
Bug: 139855428
Test: writing "add"/"remove" to /sys/class/misc/ashmem/uevent correctly
adds/removes /dev/ashmem and /dev/ashmem/boot_id
Change-Id: I36d23116048bfcd99903ba46cc133161835a2cfa
Current implementation just uses VNDK library list from variable.
However this does not match with expected library name as some libraries
change their names from initial one by appending extra information such
as version. To match this name each libraries should be searched from
installed module list.
Bug: 141584631
Test: m -j passed
Test: Tested from cuttlefish
Change-Id: If9685be59404226de4db16642781546e478694fb
To aid in debugging if there are failures.
Bug: 137267623
Test: add prints to boringssl_self_test and see them
Test: add failure prints to the linker and see them before
boringssl_self_test runs
Change-Id: I89d50c6a46df994d6ea1fadf00e3a8a796043234
Execute mkdir -p /mnt/pass_through/0/emulated
and bootstrap the emulated volume for user 0.
The 'pass_through' paths allow us bind mount the lower
filesystem directly into /storage, bypassing any sdcardfs
of FUSE mounts.
This change is part of enabling upcoming platform changes that are
described in the bug linked below.
Bug: 135341433
Test: builds, boots and pass through directories are created
Change-Id: I46ce207d06a1ec550b8bacac259387371fc0b841
For using Gtest to run vts_security_avb_test and test it in the
vts-core, we have to add this rule to copy the *-gsi.avbpubkey to the
testcase folder.
Bug: 132702215
Test: 1. add data: "q-gsi.avbpubkey" to Android.bp of the module
2. m module_name
Change-Id: I810231f39c970da4d2b8ab63daeee02379c7f952
If this check fails and an OTA or mainline module update has recently
happened, we want to rollback the recent change. The easiest way to
handle this is to reboot, which will trigger the fallback mechanisms
that are already in place.
Bug: 141082587
Test: device reboots if self test fails
Test: device rolls back a recently applied OTA with failing self test
Test: device rolls back a recently applied conscrypt apex update with
failing self test
Change-Id: Iff879deff09d347262dc7a2acadb9164a5029d4a
No longer required for hwasan builds, since b/140790209 is fixed.
This reverts change-id I27069b20f7c7068b931340f548b284ce1676466c.
This also reverts the identified change for the memory regression in
b/140648539.
Test: Build & boot on taimen_hwasan-userdebug
Test: Build & boot on crosshatch_hwasan-userdebug
Bug: 140790209
Bug: 139408016
Bug: 140648539
Change-Id: Ib61c53571a4de0970a86ebc391a2ce780247943a
Any used files need to be in the dependencies list for rules. In this
case, this is more than what's actually read in the script, but the
older ones shouldn't change as much, and replicating the logic is
non-trivial.
Bug: 130111713
Test: run with RBE, no longer see error about file not found
Change-Id: I88baf541ce6250a5dbf7b8a7d6b8005ed7cf5cc6
Bug: 140882488
Test: Booted twice, checked logs to ensure encryption
is different each time, adb created files in directory.
Change-Id: I44f746acd1040f7baa9123d4824ba39b194f287b
libcrypto performs a self test when it is loaded, unless
a marker file /dev/boringssl/selftest/[hash] exists which
indicates that the self test has already successfully
completed since the last time the device was booted.
Before this CL topic, libcrypto attempted to create the
marker file when the self test successfully completed.
On Android, dedicated boringssl_self_test{32,64} binaries
are run early during boot and are the only binaries
(apart from init and vendor_int) that have permission to
create these files.
Another CL in this topic stops the boringssl self test
creating a marker file unless the environment variable
BORINGSSL_SELF_TEST_CREATE_FLAG is set to a nonempty value.
This CL sets that value to "true" when running the dedicated
self test binaries, but not for other binaries. This has
the effect that other binaries that run the self test
early during boot (before the dedicated self test binaries
have created the marker files) and which run the self test
will no longer attempt to create the marker file, which
SELinux would have denied anyway.
Bug: 137267623
Test: Treehugger
Change-Id: I99317df1a8c3496d33ae83f9ec346782b2286ac9
This replaces the recently added `exec_reboot_on_failure` builtin, since
it'll be cleaner to extend service definitions than extending `exec`.
This is in line with what we decided when adding `exec_start` instead
of extending `exec` to add parameters for priority.
Test: `exec_start` a service with a reboot_on_failure option and watch
the system reboot appropriately when the service is not found and when
the service terminates with a non-zero exit code.
Change-Id: I332bf9839fa94840d159a810c4a6ba2522189d0b
This should ensure that the self tests run before any other binaries
that load libcrypto and which would otherwise run into SELinux denials
trying to create the marker file /dev/boringssl/selftest/[hash]
The invocation of the self test binaries from the Conscrypt apex
requires the apex to be mounted so it remains at a later point in
the boot process.
Bug: 137267623
Test: Treehugger
Change-Id: I34266d6e9d2f394fffa8a2c7725479b5770d119c
The accidental trailing ':' appears to stop the line
triggering.
Bug: 137267623
Test: Checked the /system/bin/boringssl_self_test32
now runs on aosp_cf_x86_phone-userdebug
Change-Id: I7b4b1d6b838d8d1a7a0db7f104a94b34962df030
vold is already started during early-fs which happens before
post-fs-data.
Trying to start it again in post-fs-data is a little bit confusing.
Test: device boots
Change-Id: I5faefe6d1f1bb7472ea3d032b1f157c69da565f1
The script needs to run after keystore, which is now a core service.
Note the previous APEX requirement by ART is no longer needed.
Test: see keys loaded
Bug: 112038744
Change-Id: I02fb6ce193bb301488b259421f120e6aa6cd75b9
The installed file name of modules may not match the module name.
Use module-installed-files to get the installed file name.
Bug: 117607748
Test: m checkbuild
Test: only libprotobuf-cpp-*-3.9.1.so changed in ld.config.R.txt
Change-Id: I83b7519f344b65b6cd98c4cabcf9bce0e753ba92
Merged-In: I83b7519f344b65b6cd98c4cabcf9bce0e753ba92
Instead of init.cpp knowning about the boringssl self
test, use init.rc to exec dedicated self test executables.
Advantages:
- The self test is run not only both the copy of libcrypto
in /system but also /apex/com.android.conscrypt.
- The self test is run not only for the primary (e.g. 64bit)
ABI but also for a secondarry (e.g. 32bit) ABI.
- The dependency on libcrypto is kept to the self test binary.
- The self test binary abstracts the exact native API for
running the self test (this will change soon because the
self test will be run when the library is loaded).
Bug: 137267623
Test: Check that logcat shows both binaries being started as root,
and finishing with exit code 0.
Change-Id: I1e716749ee2133993f0f7b2836483391fd1a62f0
For now, keep symlinks only to the binaries demonstrably in use by apps
(dex2oat and dalvikvm).
Test: adb shell ls -l /system/bin
Bug: 124106384
Change-Id: Id662beb4c13785ac9d44bf41f9f33907219b69be
This is a temporary fix to keep the Bionic-associated libraries accessible
in the runtime namespace, pending a proper namespace split.
Test: Build & boot with taimen_hwasan-userdebug
Bug: 139408016
Bug: 139916951
Exempt-From-Owner-Approval: Approved internally
Change-Id: I27069b20f7c7068b931340f548b284ce1676466c
Merged-In: I27069b20f7c7068b931340f548b284ce1676466c
