Damaged avb metadata can result in avb_slot_verify returning a
nullptr in avb_slot_data. Instead of an illegal access
violation in first_stage_init, we return the verify_result so
that it can be acted upon.
Test: confirm happenstance damaged vbmeta does not crash init.
Change-Id: I15be5bd32760bcc3418c5d8a943b016c0ddd56bc
This change adds an install-atomic command to adb that is shorthand for
creating an atomic install session and an individual session for each
APK supplied to the command.
Bug: 109941548
Test: run command with multiple APKs, observe atomic install
Change-Id: I2817a1ed2d312925d9c7bd621e6c82670a6275fd
* changes:
Don't create separate mount namespaces for pre-apexd processes
Bionic libs are located at /system/lib
Bionic libs and the dynamic linker are bind mounted
It is causing problem to the sdcardfs. Specifically, re-mounting events
for /mnt/runtime/{runtime|write} done by the vold process (which is a
pre-apexd process) are not being propagated to other mount namespaces.
As a result, SDCard access isn't working.
The propagation problem is a bug in sdcardfs which is fixed by [1].
However, we can't make all Android devices to have the patch at the same
time. Therefore, by default the separate mount namespace is not created
and will be created only for the devices where the kernel patches are in and
ro.apex.bionic_updatable sysprop is set to true.
[1]
d73d07673edbdbe78e1a7d00e7827ba9bfd86a59 ("ANDROID: mnt: Fix next_descendent")
b5858221c1c4f4bdc9ef67eb75ecf22580368820 ("ANDROID: mnt: remount should propagate to slaves of slaves")
Bug: 122559956
Test: m
Test: device boots
Test: sdcard works (e.g. camera can take pictures)
Test: atest android.appsecurity.cts.ExternalStorageHostTest
Change-Id: I7a309bab46356ee5782f34c5963d1760963c0b14
Bionic libs, regardless of whether they are bootstrap ones or from the
runtime APEX, are available via /system/lib. Since /system/lib is in the
search paths of the default(platform) namespace, there is no need to
list the bionic libs to the namespace link to the runtime namespace.
Bug: 120266448
Test: m; device boots
Test: atest CtsJniTestCases CtsCompilationTestCases CtsBionicTestCases
all passing except for following tests that are also failing at ToT
dl#exec_linker
dl#exec_linker_load_from_zip
dl#exec_linker_load_self
dl#exec_linker_load_file
Change-Id: Ib67acd4f384b2f0e70b5fe8ec6b45a5506367223
This change makes the bionic libs and the dynamic linker from the
runtime APEX (com.android.runtime) available to all processes started
after apexd finishes activating APEXes.
Specifically, the device has two sets of bionic libs and the dynamic
linker: one in the system partition for pre-apexd processes and another
in the runtime APEX for post-apexd processes. The former is referred as
the 'bootstrap' bionic and are located at
/system/lib/{libc|libdl|libm}.so and /system/bin/linker. The latter is
referred as the 'runtime' bionic and are located at
/apex/com.android.runtime/lib/bionic/{libc|libdl|libm}.so and
/apex/com.android.runtime/bin/linker.
Although the two sets are located in different directories, at runtime,
they are accessed via the same path: /system/lib/* and
/system/bin/linker ... for both pre/post-apexd processes. This is done
by bind-mounting the bootstrap or the runtime bionic to the same path.
Keeping the same path is necessary because there are many modules and
apps that explicitly or implicitly depend on the fact that bionic libs
are located in /system/lib and are loaded into the default linker
namespace (which has /system/lib in its search paths).
Before the apexd is started, init executes a built-in action
'prepare_bootstrap_bionic' that bind-mounts the bootstrap bionic to the
mount points. Processes started during this time are provided with the
bootstrap bionic. Then after the apexd is finished, init executes
another built-in action 'setup_runtime_bionic' which again mounts the
runtime bionic to the same mount points, thus hiding the previous mounts
that target the bootstrap bionic. The mounting of the runtime bionic
(which is only for post-apexd processes) is hidden from pre-apexd
processes by changing propagation type of the mount points to 'private'
and execute the pre-apexd processes with a new mount namespace using
unshare(2). If a pre-apexd process crashes and re-launched after the
apexd is on, the process still gets the bootstrap bionic by unmounting
the runtime bionic which effectively un-hides the previous bind-mounts
targeting the bootstrap bionic.
Bug: 120266448
Test: device boots
Test: cat /proc/`pidof zygote`/mountinfo shows that
/system/lib/{libc|libdl|libm}.so and /system/bin/linker are from the
runtime APEX
Test: cat /proc/'pidof vold`/mountinfo shows that the same mount points
are from system partition.
Change-Id: I7ca67755dc0656c0f0c834ba94bf23ba9b1aca68
This is to read profile guide compiled oat files of debuggable apps, which is
needed by simpleperf for profiling.
Bug: none
Test: run run-as manually.
Change-Id: I8ec8897b882be650f02124413c7d20ed8b1b444b
sync() will never return if the io subsystem is locked up, drop it.
Test: llkd_unit_test
Bug: 122263600
Change-Id: Ib378124415ce94da987d73391b027dc10317dbe9
Fixes adb-remount-test and flashstation because the scratch device
was set to readonly before.
Test: adb-remount-test
Change-Id: I12551d1ed99fb7cfd04f84fcc2b77d3cb94275b2
Fixes: 122454600
Fixes: 122602260
No users ever signed up to use this, so remove it to ease the
refactoring of liblog/libbase.
Bug: 119867234
Test: liblog unit tests
Change-Id: I37b99644112bae7b4a2e3f4d06749db08de4ea14
This commits allows multiple lines in a fstab have the same mount
point for first-stage mount, where the first successful mount will be
used.
This allows us to specify a common/shared fstab, with different
settings (e.g., ext4, squashfs) per line, to mount different types
of images on the same mount point. e.g., allows the device to mount
GSI (ext4) while support mounting the original squashfs system.img.
Sample fstab:
fstab in dt:
android {
fstab {
odm_ext4 {
dev = "/dev/block/by-name/odm";
mnt_point = "/odm";
type = ext4;
mnt_flags = "ro";
fs_mgr_flags = "slotselect";
};
odm_f2fs {
dev = "/dev/block/by-name/odm";
mnt_point = "/odm";
type = f2fs;
mnt_flags = "ro";
fs_mgr_flags = "slotselect";
};
};
}
fstab in file:
/dev/block/by-name/odm /odm ext4 ro slotselect
/dev/block/by-name/odm /odm f2fs ro slotselect
Test: make & boot & check /proc/mounts
Change-Id: I64892e3007b0cfd7d06dad1cfc664c45305197ee
This commit has the following changes:
1. Builds libfs_avb via "fs_mgr/libfs_avb/Android.bp" instead of
"fs_mgr/Android.bp", and removes the libfs_avb source
dependencies on "fs_mgr/fs_mgr_priv.h".
2. Moves static functions in fs_avb.cpp into util.cpp or
avb_util.cpp, depending on whether the function is related to
AVB or not.
3. Introduces two host unit tests: libfs_avb_test and
libfs_avb_internal_test, the former is to test public
<fs_avb/fs_avb.h> APIs, while the latter is to test libfs_avb
internal functions.
4. Splits fs_avb_unittest_util.* into:
- fs_avb_test_util.* (host static lib: libfs_avb_test_util),
- basic_test.cpp (host executable: libfs_avb_test)
Bug: 112103720
Bug: 117960205
Test: atest libfs_avb_test
Test: atest libfs_avb_internal_test
Test: boot a device
Change-Id: I11d6c9e9019e20b594d9321b9a28118d4806e5a7
X86 Kernel could pass CPU capablity to init as argument. This will cause init
can't start first-stage because unknown argument. Need remove this restriction
of arguments to start init successfully.
Fixes: 122435289
Test: Android init can start successfully
Change-Id: I1d432e25553589dd7f618e42ad238b9372dbe34f
Signed-off-by: Haoyu Tang <haoyu.tang@intel.com>
Signed-off-by: Xihua Chen <xihua.chen@intel.com>
Removing restorecon on root sepolicy files because:
1. Under normal boot the files are properly labeled when creating the
image. Restorecon'ing them successfully would require "adb remount".
2. These restorecon's are not required for recovery to function.
Fixes: 122535196
Test: boot blueline
Change-Id: I20b127e950b16535d4bfa9fd4e626e11228925e7
When testing adb-remount with overlayfs, vendor overlay may fail the
test because there are unexpected overlayfs uses by vendor overlay.
By excluding mount entries for vendor overlay, the test runs
regardless of vendor overlay mount.
Bug: 122231184
Test: run adb-remount-test.sh with vendor overlay mount
Change-Id: I795774b27d5e5f973792337813b67487a5d72e29
Test: m
Test: mmma system/core/{libunwindstack,libbacktrace} and run host gtests
Bug: 119632407
Bug: 120978655
Change-Id: I919586ab503be3617e8a0604dfe48db331e7af94
This adds the ability to prevent a class from starting
if a certain persistent property has been set to
disallow it.
A class will only load if there is not a property named
persist.init.dont_start_class.[class name] set to 1.
Test: Set a property called persist.dont_start_class.[class]
to 1. Verify that the given class does not start
Change-Id: I51c70ad635762ed77855d0509e630adb0aec0eb1
As bionic libs are moved from /system to the runtime APEX, anything that
is outside of the runtime APEX cannot use private symbols from the
bionic libs.
init is not included in the runtime APEX but is using private bionic
APIs: __system_property_[add|area_init|update|...]. So, it was required
to publicize the private symbols for init.
However, since init is started before the runtime APEX is activated, it
actually cannot use the bionic libs from the runtime APEX, but will use
the bootstrap bionic libs left in /system/bootstrap/lib[64]. Because
init and the bootstrap libs are in the same partition, init doesn't need
to link against the stubs of bionic libs. In order to make this
possible, the new property 'bootstrap' is set to true allow init to use
the bootstrap bionic.
Bug: 120266448
Test: m with https://android-review.googlesource.com/c/platform/bionic/+/849044
Change-Id: If61f25faf9aed4968bf2922859ceb94276ba03fb
