In microdroid, APEXes are passed as block devices from host, and then
mounted directly, without using /data. Unmounting APEXes on reboot is
for clean unmount of /data, so it's not needed in microdroid.
This skips unmounting in microdroid to remove unnecessary SELinux
denials.
Bug: 256793087
Test: run microdroid and reboot, see no denials happen
Change-Id: Iaf737876f5ab5de5e8f76ed8bb0963cc25d73a80
This will change cow size estimation. But since we haven't put lz4 on
SAC website yet, we can still change it.
Bug: 228478555
Test: th
Change-Id: Ifba7107954622ea04cbd25115700dfba50cec9c6
rename() isn't necessarily atomic, call fsync() on the directory to
ensure that changes in fs structure hit the disk.
Test: th
Bug: 254211456
Change-Id: I2de842f03766a1108e0f54581738fb964989658a
Prepare for using the interprocess communication channel in two
directions.
Bug: 213617178
Change-Id: Ic78a3d8a2ec1f808fa5b4c4b198051655ee1b0ec
Signed-off-by: Bart Van Assche <bvanassche@google.com>
Dedup fs_mgr_remount.cpp and set-verity-state.cpp by merging them
together and make '/system/bin/set-verity-state' a symlink to
'/system/bin/remount'.
Bug: 241688845
Test: adb-remount-test
Change-Id: I42a2344b9bdac112bf8767d428a99cb020267546
* Use the MyLogger class from set-verity-state.cpp and eliminate the
|verbose| global variable.
* Support specifying reboot() reason. Log error if reboot() failed to
reboot.
* Move precondition checks after all |argv| are processed. This way (-h)
help message can be shown w/o root user.
* Log "remount [succeeded|failed]" message before auto-reboot. Give
users a clear succeeded/failed message.
Bug: 241688845
Test: adb-remount-test
Change-Id: If45de2eba0d532632de43b19c797ffdeea90cd6d
The "sys.init.perf_lsm_hooks" is set on TestPerEventSelinux and it
is before early-init, but it need trigger by queue_property_triggers
and it is after late-init (zygote start on late-init).
The property is ready on load_bpf_programs, make sure
bpf_attach_tracepoint() is available on zygote start.
Bug: 257102190
Test: cat /sys/fs/bpf/map_time_in_state_uid_time_in_state_map
Change-Id: I5aa102df54b82e1584882800e93efd06ccf61c16
This gives a more detailed message when we run out of cow space.
Also, previously, it's possible that the COW op metadata writes
successfully but op data fails due to out of space, resulting in a
broken COW image. After this change, we won't write anything unless
there's sufficient space for both OP metadata and block data. This makes
COW operations more atomic and easier to debug/inspect.
Test: th
Change-Id: I6c1347e91b4ec2d7e434b47a0f47b290e288e600
In non-A/B configurations system partitions often
have layout with not so much free space left, while having
large /cache partition.
In a dynamic partitions configuration 'remount' for backing
storage will user either:
-- /data partition, which is not guaranteed to have
enough space due to applications disk usage;
-- or super partition, which is tied to system images size
having a little room for growing.
At the same time, /cache is guaranteed to be free,
so non-A/B platform can force it to be used as
backing storage.
Test: remount
Signed-off-by: Oleg Lyovin <ovlevin@sberdevices.ru>
Change-Id: I68e621b884b2fe21a5c464b3deaf679186232eb3
In CreateScratchOnData(), if backing image is allocated but failed to
map, then remove the backing image. Otherwise the unusable (unmappable)
image would waste a lot of space.
Bug: 255593675
Test: On device that don't support mapping gsid scratch,
run `adb remount` and then check that gsid scratch is removed and
scratch is allocated on super.
Test: TH run g3-app-compat-main
Change-Id: I0c01c2fd93a30ac0e46f4350c900403337530406
Multiple tests in CtsInitTestCases, e.g. RebootTest#StopServicesSIGKILL,
can trigger the following race condition:
* A service is started. This involves calling fork() and also to call
RunService() in the child process. RunService() calls setpgid().
* Service::Stop() is called and calls KillProcessGroup().
KillProcessGroup() calls kill(-pgid, SIGKILL) before the child process
has called setpgid(). pgid is the process ID of the child process. The
kill() call fails because setpgid() has not yet been called.
Fix this race condition by adding a setpgid() call in the parent process
and by waiting from the parent until the child has called setsid() if a
console is attached.
Bug: 213617178
Test: Cuttlefish + atest 'CtsInitTestCases'
Change-Id: I4c55790c2dcde8716b860aecd57708d51a081086
Signed-off-by: Bart Van Assche <bvanassche@google.com>
It is essential for correct operation of ReapAnyOutstandingChildren()
that ReapOneProcess() does not modify 'pid'. Make it easier to verify
for humans that ReapOneProcess() does not modify the 'pid' local
variable. Document the value of siginfo.si_signo with DCHECK_EQ()
statements.
Bug: 213617178
Change-Id: I14baaa7adbe5416b7f777f32fb76896f2ae27b4e
Signed-off-by: Bart Van Assche <bvanassche@google.com>
The newly logged information includes the pending signals bitmask (SigPnd).
That information allows to determine whether kill() did not deliver a
signal or whether SIGCHLD has not been processed in time. This patch is
expected to help with root-causing b/254878413.
Bug: 254878413
Change-Id: Id33d1fb724163f8e5d4b3edfeb6c4be5321c0d95
Signed-off-by: Bart Van Assche <bvanassche@google.com>
There are two bugs in HandleSignalFd():
* If the one_off argument is true and if no data is read from the
signalfd, 'siginfo' is left uninitialized and used in the switch
statement in HandleSignalFd().
* The PLOG() statement in the switch statement should be a LOG()
statement since it does not report a failed system call.
This CL has been tested by changing kDiagnosticTimeout locally from 10s
into 100ms.
Change-Id: I0e488dd95bc13e1befaef770c0748d1d47f6e431
Signed-off-by: Bart Van Assche <bvanassche@google.com>
Remove the 'slave' mount flag that was added by commit ef9275223c
(https://r.android.com/2095463) because it doesn't actually do anything
in this context. MS_SLAVE can only be used to change the propagation
type of an existing mount, and the kernel ignores it if MS_BIND is also
specified, due to the way the various high-level operations that the
mount() system call can do are prioritized.
The reason that the /data/user/0 mount gets propagated into /data_mirror
anyway is because the /data mount has the "shared" propagation type. In
the above-mentioned commit I had assumed the default Linux mount
semantics, but actually Android applies the "shared" propagation type to
everything (see SetupMountNamespaces() in init/mount_namespace.cpp).
Test: Booted Cuttlefish and verified (via /proc/self/mountinfo) that
/data/data is still bind-mounted to both /data/user/0 and
/data_mirror/data_ce/null/0.
Bug: 156305599
BYPASS_INCLUSIVE_LANGUAGE_REASON=commit message mentioning removed code
Change-Id: Idc45d8dcb3a21d4e8e2e72f4d4dda7286f898127
This change prevents that a later CL will trigger the following warning:
parameter 'test_context' is passed by value and only copied once; consider
moving it to avoid unnecessary copies
Change-Id: If5837ee6438efdf194781de041779c1089897789
Signed-off-by: Bart Van Assche <bvanassche@google.com>
Allow us to check if check_at_most_once is set for any partitions.
This property should be false for any device with a reasonable amount of
RAM and a modern CPU. Enabling check_at_most_once violates AVB best
practices, it should only be allowed on performance limited devices.
Bug: 253033920
Test: Ensure that avbHashtreeNotUsingSha1 CTS test still passes
and that partition.system.verified.check_at_most_once is set.
Change-Id: I8174adf81111cc0df547ea01f81b0dfaca32631f
Signed-off-by: Nathan Huckleberry <nhuck@google.com>
