Bug: 191369319
Test: Presubmit
Test: Verify libfs_mgr.recovery no longer depends on core variation
modules in the ninja graph.
Change-Id: I3c8b1f3d00ff9a67f4d9ea552052e308e550c403
The reason for two mount namespace (bootstrap/default) is that we have
two sets of different APEXes to activate. But in microdroid, we don't
need two separate mount namespaces because there's only one set of
non-updatable APEXes in built-in directories and payloads (passed from
host Android).
Bug: 185991357
Test: MicrodroidHostTestCases
Change-Id: I4469f3b1d90f9543ecb980a450eaaf1c20b94c58
This uses a property to communicate when snapuserd is ready to accept
connections, to eliminate some non-determinism from the connect loop.
Bug: 193833730
Test: update_engine connects to snapuserd
Change-Id: I2fc0063486c3df542db1e60d12564a5bc1581a37
This is a corner case wherein a crash during OTA
merge can lead to missing of some COW operations to be
merged thereby some blocks may end up with stale data.
Fix here is to avoid any re-ordering of COW operations.
Merge the COW operations as present in the COW file.
New tests have been added to cow_snapuserd.
Bug: 194955361
Test: cow_snapuserd_test, Incremental OTA
Signed-off-by: Akilesh Kailash <akailash@google.com>
Change-Id: Id895fe7a3d6b4510676490a86d0caf62dec9b079
Enhanced the checkpoint=disable GC threshold fallback mechanism by first
dropping to checkpoint=disable before dropping the option completely for
kernel compatibility.
Test: atest vts_kernel_checkpoint_test
Bug: 193216993
Change-Id: I50ecdf3a82eb7bc677965e8fd3821227fd41bfc2
Signed-off-by: Jerry Wong <jerry.wong@broadcom.com>
Currently there is no socket for daemon instances launched during the
selinux phase of init. We don't create any sockets due to the complexity
of the required sepolicy.
This workaround will allow us to create the socket with very minimal
sepolicy changes. init will launch a one-off instance of snapuserd in
"proxy" mode, and then the following steps will occur:
1. The proxy daemon will be given two sockets, the "normal" socket that
snapuserd clients would connect to, and a "proxy" socket.
2. The proxy daemon will listen on the proxy socket.
3. The first-stage daemon will wake up and connect to the proxy daemon
as a client.
4. The proxy will send the normal socket via SCM_RIGHTS, then exit.
5. The first-stage daemon can now listen and accept on the normal
socket.
Ordering of these events is achieved through a snapuserd.proxy_ready
property.
Some special-casing was needed in init to make this work. The snapuserd
socket owned by snapuserd_proxy is placed into a "persist" mode so it
doesn't get deleted when snapuserd_proxy exits. There's also a special
case method to create a Service object around a previously existing pid.
Finally, first-stage init is technically on a different updateable
partition than snapuserd. Thus, we add a way to query snapuserd to see
if it supports socket handoff. If it does, we communicate this
information through an environment variable to second-stage init.
Bug: 193833730
Test: manual test
Change-Id: I1950b31028980f0138bc03578cd455eb60ea4a58
If the sequence op contains a Cow Operation that doesn't exist, we
should log the error and abort. Otherwise we'll try to merge an op that
doesn't exist.
Test: cow_api_test CowTest.MissingSeqOp
Bug: 177104308
Change-Id: I1a96f09798bc16126ae1338c6259506b18c88f51
The ndk_platform backend will soon be deprecated because the ndk backend
can serve the same purpose. This is to eliminate the confusion about
having two variants (ndk and ndk_platform) for the same 'ndk' backend.
Bug: 161456198
Test: m
Change-Id: I7e60ee840fd64f9e36bafa8baea19daab9c15cea
Move all the code relevant to snapuserd to a seperate
directory. Add OWNERS file.
No other code changes apart from moving files around
and fixing couple location of header paths
at few places.
Bug: 194642092
Test: Compile, Full OTA
Signed-off-by: Akilesh Kailash <akailash@google.com>
Change-Id: Ib1d852bfeda4eca5c996d6cd7b057f141cb5ddad
So that init_second_stage (core) depends on core variant tools and rc
files, and init_second_stage.recovery depends on recovery variant tools
and recovery specific rc files.
Bug: 191369319
Test: Presubmit
Test: Check the ninja graph, init_second_stage.recovery no longer depend
on core variation modules
Test: Check out/soong/Android-${PRODUCT}.mk
Change-Id: I03f0cf6af10617fe2e7de677e9dde1aecb2afc74
This reverts commit 1c51525f66 because it
accidentally made reboot_on_failure be a no-op for all services. This
is because Reap() itself calls KillProcessGroup() on devices with a
vendor level >= R, which in turn sets SVC_STOPPING. I had overlooked
this somehow, probably because I didn't consider that a service can
consist of multiple processes.
It turns out that real FDE devices don't actually need the above commit
because FDE devices aren't allowed to have updatable apexes enabled, and
without updatable apexes enabled, apexd exits automatically and
therefore doesn't have to be stopped. This can be verified by using the
aosp_cf_x86_phone_noapex build target, rather than aosp_cf_x86_phone
which I had used for testing before. So just revert it for now.
Bug: 194370048
Change-Id: I90eddf2a87397449b241e5acaaa8d4a4241d73a9
Revert "Add systrace tag for system property"
Revert "Add systrace tag for system property"
Revert "Adding system property tracing"
Revert submission 1403568-sysprop_trace
Reason for revert: makes property get/set non-reentrant
Reverted Changes:
I6f85f3f52:Add systrace tag for system property
Id2b93acb2:Adding system property tracing
Id78992d23:Add systrace tag for system property
I1ba9fc7bd:Add systrace tag for system property
Ignore-AOSP-First: b/193050299#comment17
Bug: 193050299
Change-Id: I9305003531c6a86194d55dc72c613337d213b53d
Merged-In: I9305003531c6a86194d55dc72c613337d213b53d
Test: build and boot a device
(cherry picked from commit 18e0f65cbf)
If a split fiemap header gets corrupted, we could get ENAMETOOLONG and
removal fails. Handle this gracefully.
Bug: N/A
Test: fiemap_writer_test
Change-Id: I4af9ca7ad4b4fa87a91ff05b8fadac4258006ab6
This reverts commit 70d9fb63e6.
Reason for revert: Outstanding usage of this method removed internally
Change-Id: Idcc00ec261aa1d97f11e47abdb08b10a37b5d20f
Test: Local build; treehugger (which I'll manually confirm runs on the appropriate targets)
If a merge fails we write a new snapshot status indicating that the merge
failed. If this happens to occur during the second merge phase, we fail
to propagate the phase counter to the new status. This means the merge
is unlikely to make progress and succeed later.
Bug: 193549218
Test: manual test
Change-Id: I31fdae6bde48e3a71b6f3fcc663541257f7ebd8f
If device abnormal restart during upgrade, update_engine just
created split cow image file and wrote the name to xxx-cow-img.img.
After restart, update_engine will report following err:
06-30 08:48:06.466 root 8918 8920 E gsid : Error removing image
product_b-cow-img: File name too long
That is because SplitFiemap::Create->DetermineMaximumFileSize
open xxx-cow-img.img to get some info, then fsync and unlink this
file.
On device use f2fs, after restart, f2fs_recover_fsync_data will
recover this file with inode block sync to ufs in following path:
DetermineMaximumFileSize
->FiemapWriter::Open
->AllocateFile
This make xxx-cow-img.img file content corruption.
Update_engine call TryCancelUpdate to clean up the residual files
of last upgrade, cannot read valid split file name from
xxx-cow-img.img, then report err log mentioned above.
Add fsync, f2fs can use correct inode to recover related files.
This can reduce the probability of this issue.
Test: abnormal restart when upgrade
Change-Id: Iceb3e5604d90495350c5fb1fb3433732372f3fec
Signed-off-by: lijiazi <lijiazi@xiaomi.com>
We add a wakelock to the sequence of UFS commands so that
the sequence will not be disrrupted when devices get suspended.
Bug: 193456223
Test: Trusty storage tests
Change-Id: Ib90f8b284017cf261d2a2aea940834a42c21de02
The function send_ufs_rpmb_req is missing return paths on errors.
This patch fixes it so that any UFS command failure will return
error code to the function caller.
Bug: 193855098
Test: Trusty storage tests
Change-Id: I391ecff9ed3f892b7c3adae0ceeb18930791326f
This allows the relevant IPC code to be included in the provisioner tool
easily as it's shuffled over into a non-AOSP component due to
chip specific requirements in provisioning Device IDs.
Bug: 178796950
Test: Stuff builds
Merged-In: I57482e89035e8648544f87291ec14c6aece09bd0
Change-Id: I57482e89035e8648544f87291ec14c6aece09bd0
Judging from local experiments, it looks like device-mapper doesn't
always generate a uevent after DM_DEV_CREATE ioctl.
Test: presubmit
Bug: 193462349
Change-Id: I8a74375631b20c14a32a41dbaf38380ebc0078e6
A recent change to libsnapshot caused us to filter out duplicate COW
ops. The merge consistency check relied on the old method of manually
counting ops, causing it to come up with a different number. Fix this by
using the already computed "official" count.
Bug: 193532829
Test: new test case in vts_libsnapshot_test
manual test with incremental OTA
Change-Id: I68d1e41f5c140af20a04ba80e3db0780a916ecf8
