This functionality is now handled in mainline and has been removed from
netd in Android T.
Test: builds & boots
Change-Id: Ic435eee0d89bda30d733efbc655692c697bbe9e8
Replace /system_dlkm mount guard flga from
BOARD_USES_SYSTEM_DLKM_PARTITION to
BOARD_USES_SYSTEM_DLKMIMAGE. board_config.mk
and other tools are using this format of image
name to auto generate code to prevent duplication.
Bug: 200082547
Test: TH
Signed-off-by: Ramji Jiyani <ramjiyani@google.com>
Change-Id: Ie4dc899509cf42afb553936e6dbf69d5ce234d01
Change use of new_ to old_ to save the old sigaction data. This hasn't
caused any issues, but it's obviously wrong.
Test: Ran unit tests on coral.
Change-Id: I96be5b0980c323c3aeafb422fbc06202577604a2
[reland aosp/1910032]
Updatable sepolicy is shipped within an zip within an APEX. Because
it needs to be available before Apexes are mounted, apexd copies
the zip from the APEX and stores it in /metadata/sepolicy. If there is
not updatable sepolicy in /metadata/sepolicy, then updatable policy is
loaded from /system/etc/selinux/apex. Init performs the following
steps on boot:
1. Validates the zip by checking its signature against a public key
that is stored in /system/etc/selinux.
2. Extracts files from zip and stores them in /dev/selinux.
3. Checks if the apex_sepolicy.sha256 matches the sha256 of
precompiled_sepolicy. if so, the precompiled sepolicy is used.
Otherwise, an on-device compile of the policy is used. This is the
same flow as on-device compilation of policy for Treble.
4. Cleans up files in /dev/selinux which are no longer needed.
5. Restorecons the remaining files in /dev/selinux.
6. Sets selinux into enforcing mode and continues normal booting.
Bug: 199914227
Test: adb root
adb shell cp /apex/com.android.sepolicy.apex/etc/SEPolicy-33.zip \
/metadata/sepolicy/SEPolicy.zip
adb shell cp /apex/com.android.sepolicy.apex/etc/SEPolicy-33.zip.sig \
/metadata/sepolicy/SEPolicy.apk.sig
adb shell cp /apex/com.android.sepolicy.apex/etc/SEPolicy-33.zip.fsv_sig \
/metadata/sepolicy/SEPolicy.zip.fsv_sig
adb reboot
ls -laZ /dev/selinux/
Verify that files exist and that the labels are expected.
Change-Id: I2dbe43e329e91f46abedc7e44f7d24b220e19173
In targets that do not include a zygote binary, attempting to start the
zygote service will result in repeated service restarts. Avoid this by
providing a way for targets to opt out of declaring a zygote service.
The fvp_mini target does not have a zygote, so apply this opt-out to
that target.
Change-Id: I4f918502e611e950fa039e4e2ed817c97b928ba2
This adds support for filesystem-level sparse files. These files have
holes which are not stored in the filesystem and when read are full of
zeros. While these zeros may be significant in some types of files,
other types of files may not care about the contents of holes. For
example, most filesystem creation tools write to all the blocks they
care about. Those blocks not written to will remain holes, and can be
safely represented by "don't care" chunks. Using "don't care" chunks
instead of fill chunks can result in a substantial reduction of the time
it takes to program a sparse image.
To accomplish this, we extend the existing "sparse" boolean parameter to
be an enum of mode types. This enum represents the strategy we take when
reading in a file. For the most part the implementation is
straightforward. We use lseek to determine where the holes in the file
are, and then use do_sparse_file_read_normal to create chunks for the
data section. Note that every file has an implicit hole at its end.
Change-Id: I0cfbf08886fca9a91cb753ec8734c84fcbe52c9f
This reverts commit 97ff3ab852.
Reason for revert: b/216491364 boot time regression
Bug: 216491364
Change-Id: I6c9af0887affa130cc61edf70506e79453dbd228
Bug: 191831427
Test: charging animation can show in display correctly
Signed-off-by: Jack Wu <wjack@google.com>
Change-Id: Iedcd7d6c3cd841c44bdf1116701abcbd12a26959
Bug: 191831427
Test: charging animation can show in display correctly
Signed-off-by: Jack Wu <wjack@google.com>
Change-Id: Id99a7401f53f647790e179e995dad9841f8284bb
set first connector as default
Test: charging animation can show in correct display
Bug: 191831427
Signed-off-by: Jack Wu <wjack@google.com>
Change-Id: Ia79981569e799f01db0036f0ecbdaca36a539ac6
Updatable sepolicy is shipped within an zip within an APEX. Because
it needs to be available before Apexes are mounted, apexd copies
the zip from the APEX and stores it in /metadata/sepolicy. If there is
not updatable sepolicy in /metadata/sepolicy, then updatable policy is
loaded from /system/etc/selinux/apex. Init performs the following
steps on boot:
1. Validates the zip by checking its signature against a public key
that is stored in /system/etc/selinux.
2. Extracts files from zip and stores them in /dev/selinux.
3. Checks if the apex_sepolicy.sha256 matches the sha256 of
precompiled_sepolicy. if so, the precompiled sepolicy is used.
Otherwise, an on-device compile of the policy is used. This is the
same flow as on-device compilation of policy for Treble.
4. Cleans up files in /dev/selinux which are no longer needed.
5. Restorecons the remaining files in /dev/selinux.
6. Sets selinux into enforcing mode and continues normal booting.
Bug: 199914227
Test: adb root
adb shell cp /apex/com.android.sepolicy.apex/etc/SEPolicy-33.zip \
/metadata/sepolicy/SEPolicy.zip
adb shell cp /apex/com.android.sepolicy.apex/etc/SEPolicy-33.zip.sig \
/metadata/sepolicy/SEPolicy.apk.sig
adb shell cp /apex/com.android.sepolicy.apex/etc/SEPolicy-33.zip.fsv_sig \
/metadata/sepolicy/SEPolicy.zip.fsv_sig
adb reboot
ls -laZ /dev/selinux/
Verify that files exist and that the labels are expected.
Change-Id: I614e8d84892693ecc663b17eebd204096367693d
This is a race between init process and bionic libc initialization of
snapuserd.
init->fork() ----------------> SecondStageMain() -> PropertyInit()
|
|
v
execveat ---> __libc_init_common() -> __system_properties_init()
(snapuserd)
When init process calls PropertyInit(), /dev/__properties__ directory
is created. When bionic libc of snapuserd daemon invokes __system_properties_init
_after_ init process PropertyInit() function is invoked, libc will
try to initialize the property by reading
/system/etc/selinux/plat_property_contexts. Since any reads on /system
has to be served by snapuserd, this specific read from libc cannot be
serviced leading to deadlock.
Reproduce the race by inducing a sleep of 1500ms just before execveat()
so that init process calls PropertyInit() before bionic libc
initialization. This leads to deadlock
immediately and with additional kernel instrumentation with debug
logs confirms the failure:
======================================================
init: Relaunched snapuserd with pid: 428
ext4_file_open: SNAPUSERD: path /system/etc/selinux/plat_property_contexts - Pid: 428 comm 8
ext4_file_read_iter: SNAPUSERD for path: /system/etc/selinux/plat_property_contexts pid: 428 comm 8
[ 25.418043][ T428] ext4_file_read_iter+0x3dc/0x3e0
[ 25.423000][ T428] vfs_read+0x2e0/0x354
[ 25.426986][ T428] ksys_read+0x7c/0xec
[ 25.430894][ T428] __arm64_sys_read+0x20/0x30
[ 25.435419][ T428] el0_svc_common.llvm.17612735770287389485+0xd0/0x1e0
[ 25.442095][ T428] do_el0_svc+0x28/0xa0
[ 25.446100][ T428] el0_svc+0x14/0x24
[ 25.449825][ T428] el0_sync_handler+0x88/0xec
[ 25.454343][ T428] el0_sync+0x1c0/0x200
=====================================================
Fix:
Before starting init second stage, we will wait
for snapuserd daemon to be up and running. We do a simple probe by
reading system partition. This read will eventually be serviced by
daemon confirming that daemon is up and running. Furthermore,
we are still in the kernel domain and sepolicy has not been enforced yet.
Thus, access to these device mapper block devices are ok even though
we may see audit logs.
Note that daemon will re-initialize the __system_property_init()
as part of WaitForSocket() call. This is subtle but important; since
bionic libc initialized had failed silently, it is important
that this re-initialization is done.
Bug: 207298357
Test: Induce the failure by explicitly delaying the call of execveat().
With fix, no issues observed.
Tested incremental OTA on pixel ~15 times.
Signed-off-by: Akilesh Kailash <akailash@google.com>
Change-Id: I86c2de977de052bfe9dcdc002dcbd9026601d0f3
* changes:
init.rc: Set permissions to cgroup.procs files
libprocessgroup: Add fd caching support for SetProcessProfiles
libprocessgroup: Move fd caching code into FdCacheHelper
Set permissions to cgroup.procs files in cgroup hierarchies similar to
permissions for tasks files so that SetProcessProfiles can access them.
Bug: 215557553
Signed-off-by: Suren Baghdasaryan <surenb@google.com>
Change-Id: Id0c82288392146c8d536d273790a0252580c4203
Process profiles operating on paths that do not depend on pid or uid of
the process can cache the fd of the file they are operating on. Add
support for fd caching similar to how SetTaskProfiles caches the fd
of the file it needs to write to.
Bug: 215557553
Signed-off-by: Suren Baghdasaryan <surenb@google.com>
Change-Id: Ie73ebcbbf1919d90409f40c1f6b08743f4edf97c
Refactor file descriptor caching code and move it into FdCacheHelper
because later on when we introduce fd caching for SetProcessProfiles
the children of CachedFdProfileAction become different enough that
sharing the same parent becomes a hindrance.
Bug: 215557553
Signed-off-by: Suren Baghdasaryan <surenb@google.com>
Change-Id: If3812a0090c81a29e25f0888b0511cfaf48edea3
Sony needed to increase the limit for a UVC device with > 4KiB
descriptors, but there wasn't one clean place to do that. Tidy up, and
also go straight to *16KiB* which was the largest buffer any copy of
this code was using to date.
Test: treehugger
Change-Id: Ide41a217dcf4291a7d38836264f59e06967d9d91
Switches to syncing the parent directory immediately when creating a new
file rather than lazily waiting for a sync request. Because we only
create a new file when the userdata partition is cleared, this operation
doesn't need to be fast in the normal case. This avoids needing to track
the parent directory for each file for lazy syncing later, since storage
backing files may be in a subdirectory of the root.
Test: m storageproxyd, boot using new service binary
Bug: None
Change-Id: Ibcafae7da493864515c099bd81d48c95b0e5d8c3
Adds a check for a DSU mode boot in storageproxyd. Changes path handling
so that storageproxyd will not allow opening a file in the root data
path in DSU mode. Instead, storageproxyd creates an "alternate/"
directory in the data directory and the TA must use this directory to
store its backing file.
Re-landing reverted change: Iad68872dc6915f64eaf26cd3c92c04d9071ef169
Test: Boot into DSU and inspect logs for "Cannot open root data file"
Test: Test that TD writes in DSU mode don't corrupt host image storage
when using a compatible storage TA that supports alternate data mode.
Bug: 203719297
Change-Id: I1d07e7c3d15dc1beba2d340181d1b11a7988f869
This patch attempts to diagnose snapuserd hangs by performing reads
immediately after entering second-stage init. This is done by spawning
two threads: one to perform the reads, and another to wait for the read
thread to finish. If any aspect of the read fails, or the read thread
does not complete in 10 seconds, then a list of snapuserd's open file
descriptors are logged.
Bug: 207298357
Test: apply working OTA, check logcat for success
apply broken OTA, check logcat for fd map
Change-Id: I549e07b7d576fcdaca9b2d6ff33e0924c3812c07
Add libnetd_updatable.so as dependency of platform. The library will be
used by Netd. Linker config is required if a library in mainline module
is linked by platform.
Bug: 202086915
Test: m; flash; boot
Change-Id: I97183f022b229e788184a979d1a211968295563d
This reverts commit 7c5658b5fd.
Reason for revert: selinux test errors in some branches
Bug: 215630608
Change-Id: I2a9c9d914b6c1d1248b4f11bd69484ae6b0ba8d1
