aconfigd-mainline-init is the service target to initialize mainline
storage files. aconfigd is the service target to start aconfigd socket
for incoming messages.
Bug: b/312444587
Test: m and avd
Change-Id: Ic8052eaf933501da3371812c482ad816ec353b27
App metadata bundles, also known as Android Safety Labels (ASL),
contains information about the app's privacy and security practices.
This information is used to help users make more informed choices when,
for example, granting access to permissions.
ASL can currently only be preloaded on the system image or distributed
by the installer and written to a file in the app's codePath. To support
embedded ASL in APK we need to extract ASLs from APKs to a writeable
location. For non-preloaded apps we can write to the app's codePath like
the installer provided ASLs, however, we need to create a new writable
directory for preloaded apps located on read only partitions.
Bug: 336618214
Test: manual
Change-Id: I651b2dab45c3132d8467c507dc4ee304001f73f5
Creating the directory /data/storage_area (which will store each user's directory
of app directories of storage areas) on startup, and adding this directory
/data/storage_area to the tmpfs mirror so it can be protected by app data isolation
in zygote.
Bug: 325121608
Test: atest StorageAreaTest
Change-Id: Ia938e89fd8b794dbcbb844b01b790db7c0a62319
U requires 4.14+
V requires 4.19+
as such this is no longer useful
Test: TreeHugger
Signed-off-by: Maciej Żenczykowski <maze@google.com>
Change-Id: I39d01cc16897c6c9174cf074e27c888bc758f1cc
which has been fully replaced by eBpf
(started in android P, finished in android S)
Test: TreeHugger
Signed-off-by: Maciej Żenczykowski <maze@google.com>
Change-Id: Ie38e54600a9bb01c7ecdde63d9a9256bed047f41
/data/misc already sets encryption=Require and this causes certain
devices not being able to boot with the following error:
init: Failed to set encryption policy of /data/misc/bootanim to
a5a40d896b46d8c6 v1 modes 127/4 flags 0x0: The directory already
has a different encryption policy.
init: Setting a5a40d896b46d8c6 policy on /data/misc/bootanim failed!
init: Setting policy failed, deleting: /data/misc/bootanim
init: Failed to set encryption policy of /data/misc/bootanim to
a5a40d896b46d8c6 v1 modes 127/4 flags 0x0: The directory already
has a different encryption policy.
init: Setting a5a40d896b46d8c6 policy on /data/misc/bootanim failed!
init: Rebooting into recovery
init: Got shutdown_command 'reboot,recovery' Calling
HandlePowerctlMessage()
Test: m; fastboot flashall, observe device boots successfully
Change-Id: I86a2b2b8fe8e438ca405a0e901739d11550d3ebd
This revert was created by Android Culprit Assistant. The culprit was identified in the following culprit search session (http://go/aca-get/2def2bc9-4177-4451-930d-96612adf7d95).
Change-Id: I232a36309883bff892fff5a5d43fd1432d7f1c6e
The default I/O priority is "best effort" so the combination of "none"
and "restrict-to-be" is not sufficient to make foreground and background
I/O priorities different. This CL makes sure that foreground and
background I/O priorities are different.
As one can see, this CL has the intended effect in Cuttlefish:
$ adb -s 0.0.0.0:6520 shell 'cd /dev/blkio && grep -aH . blkio.prio.class background/blkio.prio.class'
blkio.prio.class:promote-to-rt
background/blkio.prio.class:restrict-to-be
Bug: 186902601
Change-Id: I24d30d360280d8c398684b0b5e88635f658ff870
Signed-off-by: Bart Van Assche <bvanassche@google.com>
Running snapshotctl involves talking to gsid, which requires the UID to
be 0. To allow other processes to run snapshotctl without running as the
root user, this change adds system properties "sys.snapshotctl.map" and
"sys.snapshotctl.unmap" that proxy snapshotctl calls.
Bug: 311377497
Test: adb shell setprop sys.snapshotctl.map requested
Test: adb shell setprop sys.snapshotctl.unmap requested
Change-Id: Ia29dde30021a94511b8e699c2c8f3816b851bf5c
They are still restricted by SELinux, and apps still cannot open them
because they don't have `open` SELinux permission.
Bug: 312740614
Change-Id: I83b7e6ed39f5af64f161af3b3e8e33af0d125b20
/metadta/aconfig/boot dirs
Create aconfig dirs on /metadata to store aconfig storage related files.
Under /metadata/aconfig we will store the following pb files:
1, aconfig_storage_location.pb, store the location of the storage files for
each container.
2, aconfig_flag_persistent_overrides.pb, store the local flag value overrides.
Under /metadata/aconfig/flags we will store flag value and info files
for each container, this include:
1, <container_name>.val flag value file
2, <container_name>.info flag info file
Under /metadata/aconfig/boot we will store read only flag value files
copied from /metadata/aconfig/flags at boot. These read only files are
used to serve flag read queries.
Bug: 312444587
Test: m
Change-Id: I8ae06e56fc9b9e8c0b06f86e3deb4219d7f49660
CL aosp/2929791 removed I/O priority support to prepare for a clean
revert of the CL that migrates the blkio controller from the v1 to the
v2 cgroup hierarchy. Since there was no other reason to revert the I/O
priority CL, restore I/O priority support.
Bug: 186902601
Change-Id: I1a4053140ab55973878bfeacfb546da3c601a895
Signed-off-by: Bart Van Assche <bvanassche@google.com>
ot-daemon may use multiple unix sockets so create a dir for it.
Bug: 320451788
Test: verified that ot-daemon can create socket
/dev/socket/ot-daemon/thread-wpan.sock
Change-Id: I43ccb11ed664cf0d59fc02e2efc721ed7284e2a0
This reverts commit 40e1666fb9.
Reason for revert: this directory is for the Thread stack which is
in the Tethering mainline module. Per mainline guideline, the data
should be saved in a APEX specific directory (i.e.
/data/misc/apexdata/com.android.tethering). It's safe to remove this
directory directly given this is a new feature targeting Android V
Bug: 309932508
Test: manually verified that Thread settings file can be written to
/data/misc/apexdata/com.android.tethering/threadnetwork
Change-Id: I3a7e24b4cdc1c99ca36a22414507538279dd31cd
Create a new folder for connectivity blobs, to be used by
ConnectivityBlobStore for VPN and WIFI to replace legacy
keystore. System server and Settings app will need permissions
to manage databases in the folder.
Bug: 307903113
Test: build and manual test to confirm folder is created.
Change-Id: I3b558d8d5913e0d3d1efe5cb56d5f7f2e84fd22a
/tmp is a volatile temporary storage location for the shell user.
As with /data/local/tmp, it is owned by shell:shell and is chmod 771.
Bug: 311263616
Change-Id: Ice0229d937989b097971d9db434d5589ac2da99a
There are multiple use cases in Android for which background writes need
to be controlled via the cgroup mechanism. The cgroup mechanism can only
control background writes if both the blkio and memcg controllers are
mounted in the v2 cgroup hierarchy. Hence this patch that migrates the
blkio controller from the v1 to the v2 cgroup hierarchy.
The changes compared to the previous version of this CL are as follows:
- The JoinCgroup actions for the "io" controller have been left out
since these caused processes to be migrated to the v2 root cgroup.
- The BfqWeight / CfqGroupIdle / CfqWeight settings have been included
in this CL instead of applying these settings as a separate CL.
Change-Id: I67e06ce3462bb1c1345dba78f8d3d655b6519c74
Signed-off-by: Bart Van Assche <bvanassche@google.com>
This reverts commit c7a6fe684c.
Repply the blkio controller migration because it was not responsible
for the test failures that led to the revert. See also the following bugs:
* https://b.corp.google.com/issues/260143932
(v2/android-virtual-infra/test_mapping/presubmit-avd test failure)
* https://b.corp.google.com/issues/264620181
(CtsInitTestCases.RebootTest#StopServicesSIGKILL failure)
The only change compared with the previous version is that the io
controller has been declared optional. This is necessary because some
devices have a kernel that does not support the io controller.
Bug: 213617178
Test: Cuttlefish and various phones
Change-Id: I490740e1c9ee4f7bb5bb7afba721a083f952c8f2
Signed-off-by: Bart Van Assche <bvanassche@google.com>
If ro.zygote is zygote64, don't bother running 32-bit test.
Otherwise abilist{32,64} decides what tests to run.
Bug: 291874369
Test: make gsi_arm64-user; Check /system/etc/init/hw
Change-Id: Id10b2242606d6400acc29c3174f713581d6cce2e
To start an early_hal service from a bootstrap vendor apex, init now
reads .rc files from bootstrap apexes as well.
In this change, perform_apex_config command is re-purposed to support
bootstrap mode. Now we have some similarity between two apexd calls:
- for bootstrap apexes (in the bootstrap mount namespace):
exec_start apexd-bootstrap
perform_apex_config --bootstrap
- for normal apexes (in the default mount namespace):
restart apexd
...
wait_for_prop apexd.status activated
perform_apex_config
Note that some tasks in perform_apex_config are not needed in the
bootstrap. For example, we don't need to create apexdata directories
for bootstrap apexes.
Bug: 290148081
Test: VendorApexHostTestCases
Change-Id: I8f683a4dcd7cd9a2466a4b1b417d84c025c37761
This folder is used to host bootanim data files.
Bug: 210757252
Test: /data/misc/bootanim is correctly created.
Change-Id: I9c9949316d073ad7ebac503f097c5fee6c0b2a22
lpdumpd runs as "system", not "root". Adjust the DAC permissions of
/metadata/ota so it can call SnapshotManager::Dump.
Bug: 291083311
Test: lpdump
Change-Id: I97fd7eb2055cf6d31fd42f1021e2f99edbdb838a
