Adding flag to override fastboot_info for a quick fix in case
fastboot_info format is wrong
Test: fastboot flashall
Change-Id: I1f41646f14d747ce7ac7636ca9ced7279e13f7b0
adding test to compare task list formed from fastboot-info vs list
formed from image list. To test, we need to set sparse_limit in flashing
plan and turn off update-super-optimization. The list of partitions to
be flashed by parsing fastboot-info should be a superset of the
partitions flashed by the hardcoded list. Changing is_retrofit_device()
to also take in a fastboot driver so we can pass in a mock
Test: fastboot_test
Bug: 194686221
Change-Id: Ib860c24c85779de1fbaa6bec8778e1f5ebb9475a
Adding check to ensure flashing plan is used in do_flash. FlashingPlan
should never be null
Test: fastboot flashall -w
Change-Id: I8e69326c59b31c7b54d6d2e04c8ce5c0f12693a7
Changing implementation to have mock fastboot driver return a the
sparse_limit rather than modifying the variable inside of flashing plan
Test: fastboot_test
Change-Id: I850ccd5bd09b6a8479ccc8cf7bf1d227abb87e3a
The "update_verifier_nonencrypted" service is being replaced with simply
"update_verifier", so update init.rc accordingly.
Bug: 208476087
Test: presubmit
Change-Id: I58f3fb25167ff7d3679c72e5e9c012f02fa5b516
The three actions for "zygote-start" are identical except for their
property triggers. This seems to have been left over from when Android
supported both File Based Encryption (FBE) and Full Disk Encryption
(FDE), causing there to be four possible encryption states:
- ro.crypto.state=unsupported (No encryption configured)
- ro.crypto.state=encrypted && ro.crypto.type=file (FBE enabled)
- ro.crypto.state=unencrypted (FDE supported but disabled)
- ro.crypto.state=encrypted && ro.crypto.type=block (FDE enabled)
It seems that the reason the zygote-start action was duplicated three
times was to exclude the "FDE enabled" case, which could only be done by
explicitly listing the other three cases.
However, now that FDE is no longer supported, only the first two cases
are possible. Therefore, zygote-start can just be the whole trigger.
Bug: 208476087
Test: presubmit
Change-Id: Icd6e4b0d2fb3f9f20595c0af4e2e35350564da8d
free(NULL) is defined as a no-op. Don't overcomplicate things.
Bug: http://b/287138549
Test: treehugger
Change-Id: I9ae532a71f986d9468f191972a9b7acf6e709d13
Combine some cases that are handled identically, and remove the
'userdata_remount' parameter which is unused. No change in behavior.
Test: presubmit
Change-Id: I0567e47d02942af7865c155dab76e6d0e9d71a1f
Until the verification of the /vendor partition we restrict the usage of
the feature to only debuggable VMs. If a non-debuggable Microdroid VM
is requested to mount /vendor, first_stage_init will crash and the VM
won't boot.
Bug: 285855436
Test: vm run-microdroid --debug none --vendor test_vendor.img
Change-Id: I9d44ad5c1d971bac1a9173c291ce61b628f2f8e9
first_stage_init will only mount the /vendor partition in Microdroid if
the androidboot.microdroid.mount_vendor=1 is provided in the kernel
cmdline.
Bug: 285855433
Test: atest MicrodroidTestApp
Change-Id: I5b840b5474bc52ec2696a0ba6ead0476acddfb1a
The existing approach in first_stage_init/first_stage_mount makes it
harder to add conditional logic that should only be applied for
Microdroid. Additionally, it forces the FirstStageMount object to be
created twice.
This change refactors the control flow to make first_stage_init take the
ownership of the FirstStageMount object. It will help with the follow up
change (which will add logic to conditionally mount /vendor partition
while booting Microdroid). As a nice side effect, this refactoring also
fixes the problem of the FirstStageMount being created twice.
This change also merges the FirstStageMount and FirstStageMountVBootV2
in a single class, since nobody actually uses FirstStageMount.
Bug: 285855433
Test: device boots
Test: atest MicrodroidTestApp
Change-Id: I38a72c0f20e7c1ac70031498aeeca22b091fa827
Remove the code that "locked" the .fs-verity keyring at a certain point
in the boot. It probably was thought that this achieved some useful
security property, which is a bit questionable. Regardless, Android no
longer uses fsverity builtin signatures. The only code that is still
being kept around is enough to access existing files on old kernels, and
for this "locking" the keyring is definitely not essential.
Bug: 290064770
Test: presubmit and booting Cuttlefish
Change-Id: Ide5729aeac5772658b2a3f0abe835988b8842b02
The APEX sepolicy feature has unfinished support for verifying the
sepolicy file using fsverity with a builtin signature. However, this
was never finished and doesn't really make sense, since the
already-implemented scheme that uses a full-file hash combined with a
userspace signature check is better suited to the problem. Therefore,
remove this unfinished code.
Bug: 290064770
Test: presubmit and booting Cuttlefish
Change-Id: I3403a3303bcea32c7340642b843cd1541fe1fd2f
base::Callback comes from libchrome which is undermaintained. Since
C++11 there's standard library support for function objects. Migrate to
a more well knowned solution for function objects.
Test: th
Change-Id: Id19bcd7e92691f57d97520f8f1f4909ca9c25b33
Only write to dm_user_header in the functions which explicitly need to
marshal it. This avoids leakage of dm-user specifics into core logic.
This also simplifies the existing control flow by allowing us to set an
error anywhere, or nowhere, as any "return false" from ProcessIORequest
will automatically set an error header.
Bug: 288273605
Test: snapuserd_test
Change-Id: I85f67208197d7ecc49e348ab3013827a38e84761
RespondIOError could return "true" which is not the correct value for
its callers, usually. However since RespondIOError is not specifically
needed anymore, we can also avoid calling it in most places.
This also fixes a bug where ReadUnalignedSector's return value was
implicitly converted to boolean.
Bug: 288273605
Test: snapuserd_test
Change-Id: I62140b2b05d0f9f53cb669c5c0d7e0ffc7f4c9a1
header_response is meant to only be true for the first call to
WriteDmUserPayload. Codify this by making it a member variable and
resetting it on each request.
Bug: 288273605
Test: snapuserd_test
Change-Id: Ic92f5932391a607b63345d579f379d12e78e8f6c
It could never have gotten much coverage.
Bug: 288741501
Test: libutils_fuzz_vector (2,000,000 iterations)
(~60k-100k iterations/s)
Change-Id: I6f442642b5a3246dd08784f735db5aad5fd4d398
The variant excludes the code that is not for /proc/mounts, and
therefore saves code size when being called.
Also, after this change, the call to `SkipMountingPartitions` is skipped
for /proc/mounts because it is not needed.
Bug: 287958783
Test: atest CtsFsMgrTestCases
Change-Id: Ie243257fa2e87e666be7decf97ec36c806bc4524
Based on experiments, we fount out 128 (128 x global readahead window
size = 16mb) is the optimal multiple to boost up read speeds for the
sequentially accessed files with POSIX_FADV_SEQUENTIAL.
Bug: 195311558
Test: check the /sys/fs/f2fs/<userdata partition>/seq_file_ra_mul value
Change-Id: I7563ad6e47b9ab76ae7fe36978d0e5970a7490e8
Signed-off-by: Daeho Jeong <daehojeong@google.com>
