They are still restricted by SELinux, and apps still cannot open them
because they don't have `open` SELinux permission.
Bug: 312740614
Change-Id: I83b7e6ed39f5af64f161af3b3e8e33af0d125b20
/metadta/aconfig/boot dirs
Create aconfig dirs on /metadata to store aconfig storage related files.
Under /metadata/aconfig we will store the following pb files:
1, aconfig_storage_location.pb, store the location of the storage files for
each container.
2, aconfig_flag_persistent_overrides.pb, store the local flag value overrides.
Under /metadata/aconfig/flags we will store flag value and info files
for each container, this include:
1, <container_name>.val flag value file
2, <container_name>.info flag info file
Under /metadata/aconfig/boot we will store read only flag value files
copied from /metadata/aconfig/flags at boot. These read only files are
used to serve flag read queries.
Bug: 312444587
Test: m
Change-Id: I8ae06e56fc9b9e8c0b06f86e3deb4219d7f49660
CL aosp/2929791 removed I/O priority support to prepare for a clean
revert of the CL that migrates the blkio controller from the v1 to the
v2 cgroup hierarchy. Since there was no other reason to revert the I/O
priority CL, restore I/O priority support.
Bug: 186902601
Change-Id: I1a4053140ab55973878bfeacfb546da3c601a895
Signed-off-by: Bart Van Assche <bvanassche@google.com>
ot-daemon may use multiple unix sockets so create a dir for it.
Bug: 320451788
Test: verified that ot-daemon can create socket
/dev/socket/ot-daemon/thread-wpan.sock
Change-Id: I43ccb11ed664cf0d59fc02e2efc721ed7284e2a0
This reverts commit 40e1666fb9.
Reason for revert: this directory is for the Thread stack which is
in the Tethering mainline module. Per mainline guideline, the data
should be saved in a APEX specific directory (i.e.
/data/misc/apexdata/com.android.tethering). It's safe to remove this
directory directly given this is a new feature targeting Android V
Bug: 309932508
Test: manually verified that Thread settings file can be written to
/data/misc/apexdata/com.android.tethering/threadnetwork
Change-Id: I3a7e24b4cdc1c99ca36a22414507538279dd31cd
/tmp is a volatile temporary storage location for the shell user.
As with /data/local/tmp, it is owned by shell:shell and is chmod 771.
Bug: 311263616
Change-Id: Ice0229d937989b097971d9db434d5589ac2da99a
There are multiple use cases in Android for which background writes need
to be controlled via the cgroup mechanism. The cgroup mechanism can only
control background writes if both the blkio and memcg controllers are
mounted in the v2 cgroup hierarchy. Hence this patch that migrates the
blkio controller from the v1 to the v2 cgroup hierarchy.
The changes compared to the previous version of this CL are as follows:
- The JoinCgroup actions for the "io" controller have been left out
since these caused processes to be migrated to the v2 root cgroup.
- The BfqWeight / CfqGroupIdle / CfqWeight settings have been included
in this CL instead of applying these settings as a separate CL.
Change-Id: I67e06ce3462bb1c1345dba78f8d3d655b6519c74
Signed-off-by: Bart Van Assche <bvanassche@google.com>
This allows system_server to access these devices.
Note: This also matches existing ueventd rules used by any
device which followed the Sensor HAL's dynamic sensor README.
Bug: 303522222
Test: ls -l /dev/hidraw0
Change-Id: I0830aca77422d6cab64af05dba1554667737760c
This reverts commit c7a6fe684c.
Repply the blkio controller migration because it was not responsible
for the test failures that led to the revert. See also the following bugs:
* https://b.corp.google.com/issues/260143932
(v2/android-virtual-infra/test_mapping/presubmit-avd test failure)
* https://b.corp.google.com/issues/264620181
(CtsInitTestCases.RebootTest#StopServicesSIGKILL failure)
The only change compared with the previous version is that the io
controller has been declared optional. This is necessary because some
devices have a kernel that does not support the io controller.
Bug: 213617178
Test: Cuttlefish and various phones
Change-Id: I490740e1c9ee4f7bb5bb7afba721a083f952c8f2
Signed-off-by: Bart Van Assche <bvanassche@google.com>
libbinder_rpc_unstable is in the list of system required libs, but the
library is already located in the system/{LIB}, and this creates link to
the self namespace. Remove libbinder_rpc_unstable from system required
libs as it doesn't make sense to have require and provide same library
in a single image.
Bug: 298333253
Test: Cuttlefish build and boot succeded
Change-Id: Idb40e1dbc1053d4882093c188a36b2cc8d86e918
ALL_ROOTDIR_SYMLINKS and add them to ALL_DEFAULT_INSTALLED_MODULES,
so they can be included in product SBOMs properly.
Bug: 272358980
Test: CIs and build/soong/tests/sbom_test.sh
Change-Id: I73dfb34156d681786c013912e59a0d0c0c48ecc7
If ro.zygote is zygote64, don't bother running 32-bit test.
Otherwise abilist{32,64} decides what tests to run.
Bug: 291874369
Test: make gsi_arm64-user; Check /system/etc/init/hw
Change-Id: Id10b2242606d6400acc29c3174f713581d6cce2e
To start an early_hal service from a bootstrap vendor apex, init now
reads .rc files from bootstrap apexes as well.
In this change, perform_apex_config command is re-purposed to support
bootstrap mode. Now we have some similarity between two apexd calls:
- for bootstrap apexes (in the bootstrap mount namespace):
exec_start apexd-bootstrap
perform_apex_config --bootstrap
- for normal apexes (in the default mount namespace):
restart apexd
...
wait_for_prop apexd.status activated
perform_apex_config
Note that some tasks in perform_apex_config are not needed in the
bootstrap. For example, we don't need to create apexdata directories
for bootstrap apexes.
Bug: 290148081
Test: VendorApexHostTestCases
Change-Id: I8f683a4dcd7cd9a2466a4b1b417d84c025c37761
This new directory is bind-mounted to /apex in the bootstrap mount
namespace so that apexd-bootstrap mounts bootstrap APEXes there via
/apex.
The directory is shared between two mount namespaces, hence visible
in the default mount namespace.
Bug: 290148078
Test: VendorApexHostTestCases
Change-Id: I841480e41be8def5a4c6a4aa874c4e21465a71d3
This new directory is bind-mounted to /apex in the bootstrap mount
namespace so that apexd-bootstrap mounts bootstrap APEXes there via
/apex.
The directory is detached from /apex in the default mount namespace but
still visible in case bootstrap APEXes are needed.
However, there are (mostly, virtual) devices which don't need two mount
namespaces. Those devices don't need to make /bootstrap-apex directory
at all.
Bug: 290148078
Test: atest VendorApexHostTestCases
Test: atest MicrodroidTests
Change-Id: I541cec71d9970b14971d46e01e4808b23590dbed
This folder is used to host bootanim data files.
Bug: 210757252
Test: /data/misc/bootanim is correctly created.
Change-Id: I9c9949316d073ad7ebac503f097c5fee6c0b2a22
VFIO nodes, both the container (`vfio`) node and group (numbered)
nodes, should be located in `/dev/vfio`. This change prevents
ueventd from flattening that structure.
Test: Bind a device to VFIO driver to create a VFIO group
Change-Id: I635e9febe6bb52718df263e735479f361eacad4c
lpdumpd runs as "system", not "root". Adjust the DAC permissions of
/metadata/ota so it can call SnapshotManager::Dump.
Bug: 291083311
Test: lpdump
Change-Id: I97fd7eb2055cf6d31fd42f1021e2f99edbdb838a
The "update_verifier_nonencrypted" service is being replaced with simply
"update_verifier", so update init.rc accordingly.
Bug: 208476087
Test: presubmit
Change-Id: I58f3fb25167ff7d3679c72e5e9c012f02fa5b516
The three actions for "zygote-start" are identical except for their
property triggers. This seems to have been left over from when Android
supported both File Based Encryption (FBE) and Full Disk Encryption
(FDE), causing there to be four possible encryption states:
- ro.crypto.state=unsupported (No encryption configured)
- ro.crypto.state=encrypted && ro.crypto.type=file (FBE enabled)
- ro.crypto.state=unencrypted (FDE supported but disabled)
- ro.crypto.state=encrypted && ro.crypto.type=block (FDE enabled)
It seems that the reason the zygote-start action was duplicated three
times was to exclude the "FDE enabled" case, which could only be done by
explicitly listing the other three cases.
However, now that FDE is no longer supported, only the first two cases
are possible. Therefore, zygote-start can just be the whole trigger.
Bug: 208476087
Test: presubmit
Change-Id: Icd6e4b0d2fb3f9f20595c0af4e2e35350564da8d
Remove the code that "locked" the .fs-verity keyring at a certain point
in the boot. It probably was thought that this achieved some useful
security property, which is a bit questionable. Regardless, Android no
longer uses fsverity builtin signatures. The only code that is still
being kept around is enough to access existing files on old kernels, and
for this "locking" the keyring is definitely not essential.
Bug: 290064770
Test: presubmit and booting Cuttlefish
Change-Id: Ide5729aeac5772658b2a3f0abe835988b8842b02
Based on experiments, we fount out 128 (128 x global readahead window
size = 16mb) is the optimal multiple to boost up read speeds for the
sequentially accessed files with POSIX_FADV_SEQUENTIAL.
Bug: 195311558
Test: check the /sys/fs/f2fs/<userdata partition>/seq_file_ra_mul value
Change-Id: I7563ad6e47b9ab76ae7fe36978d0e5970a7490e8
Signed-off-by: Daeho Jeong <daehojeong@google.com>
