Similar reasoning as aosp/2255456. ro.product.device could be overridden
by GSI if system.img was replaced with GSI.
Use ro.product.vendor.device, which comes from the vendor.img, to
determine the "device" type.
Bug: 243116800
Test: adb-remount-test on cuttlefish
Change-Id: Ib4a956047ef46d8e4837b27334f8d58162d4fa2a
F2FS doesn't allow remount,rw for RO partition, so that it caused adb remount.
Fix it.
Signed-off-by: Jaegeuk Kim <jaegeuk@google.com>
Change-Id: Ia4410d08e8be344d79292c16a335a7e5be7a48bb
According to https://www.slideshare.net/nan1nan1/eat-my-data ,
rename() without an fsync() is not safe, and cannot guarantee data
integrity in case of powerloss of OS failure.
Test: partner verification, th
Bug: 238702018
Change-Id: I5809770062ed7bfa47df81de418a2d8f7cbc6620
check whether the scratch partition is writable.
Delate fs_mgr_dir_is_writable, as it may cause remount to fail.
Steps to reproduce:
1.adb root
2.adb remount
3.adb reboot
4.adb remount
5.push files to the system partition until the scratch partition is full
6.check that the Available of /mnt/scratch is zero through the df command
7.reboot
8.adb root
9.adb remount
Now, overlayfs failed to mount.
But I want to continue to view the files that were previously pushed to
the system partition.
Mounting of overlayfs should not be blocked when there is not enough space.
It seems reasonable to use fs_mgr_rw_access(work) to check whether
the partition is writable.
We should allow mount even if scratch is full, because this allows
the user to delete previously pushed files to free up space.
Bug: 240635368
Change-Id: I726ccd064cfabfab29789e7c690ea8cb574a6344
Signed-off-by: yi.sun <yi.sun@unisoc.com>
The new sequence of operation would be:
1: Load sepolicy - Daemon will continue to be alive and serve any I/O request
2: After sepolicy loading is complete - Switch the device-mapper tables.
3: Kill the block device daemon launched in the first-stage init.
4: Re-launch the daemon with the correct selinux labels set.
5: Enforce the sepolicy
Bug: 240321741
Test: Full OTA on pixel
Signed-off-by: Akilesh Kailash <akailash@google.com>
Change-Id: Idd392f0f0aae7d93e546c0ec0762e6c07b6263e4
* Remove AVB 1.0 (fec).
* Assert device is bootloader unlocked in main().
* Since error is already logged to stderr and logd, there is no need to
return an opaque enum value as error code. Just return 1 if main()
encounters any error.
Bug: 241688845
Test: Presubmit
Test: adb-remount-test
Change-Id: I06df6f92a3d4adaca77061920736056c9051c112
Deprecate physical scratch path, support only dynamic partition scratch
and scratch on /cache.
Bug: 243116800
Test: adb-remount-test
Change-Id: I8b5e08a38e323139b56b169865dcaf1a6620cf20
Make the control flow less chaotic and rename to cpp style function
name.
Bug: 243116800
Test: adb-remount-test
Change-Id: Iccfe06f9cb9659b7b0bad085250422e298cc4f27
Since update-engine already has this profile set,
it is better to have similar profile for the daemon
so that threads don't run at high priority.
Additionally, lower the nice value for worker
threads.
No change in the OTA install time observed.
Bug: 237490659
Test: Full OTA on Pixel
Change-Id: I53ec8c647eb781965792683b04621e6fec5eb5f2
Signed-off-by: Akilesh Kailash <akailash@google.com>
* Categorize functions in fs_mgr_overlayfs.h into three classes:
- Type 1: common and non-critical utilities.
- Type 2: internal routines for facilitating remount.
- Type 3: external entry points for users of fs_mgr_overlayfs, like
fs_mgr_overlayfs_mount_all().
* Move type 1 to common utils header fs_mgr_priv.h & fs_mgr.cpp.
* Move type 2 to new private header fs_mgr_priv_overlayfs.h.
* Keep type 3 in fs_mgr_overlayfs.h.
* Move set-verity-state.cpp under fs_mgr so it can include
fs_mgr_priv_overlayfs.h. File is reformatted as a result. We should
eventually merge and dedup set-verity-state and fs_mgr_remount.
* Add myself to OWNERS for remount-related maintenance work.
Bug: 241179247
Bug: 241688845
Test: Full build -user and -userdebug build.
Test: Presubmit
Test: Treehugger run v2/android-gki/adb_remount
Change-Id: Id5fd0e2b12c693939d712a586dd553cc4d8bfeb1
* remount don't check errno after calling fs_mgr_overlayfs_mount_all()
as we don't report error status through errno anymore.
* fs_mgr_overlayfs_mount_all() returns false if any failure.
* fs_mgr_overlayfs_mount_all() returns true if no overlayfs to mount or
all overlayfs are either already mounted or mounted successfully.
Bug: 241179247
Bug: 248295731
Test: Treehugger
Change-Id: Ia9c7ac686f6538a9f5da7efc4cda6f28aff056f6
F2FS gives EINVAL when trying to mount zoned device with atgc. This patch
allows to keep the single fstab to support legacy and zoned devices at the
same time.
Signed-off-by: Jaegeuk Kim <jaegeuk@google.com>
Change-Id: I47a667443e7e60cb6729553b2ca24026e21fd90d
This removes all remaining save/restores of errno in
fs_mgr_overlayfs.cpp.
Bug: 241179247
Test: adb-remount-test.sh
Change-Id: I8bae6eb2752fe9460763455e88f9b82ad57c10e4
This patch eliminates errno as part of the return contract for
fs_mgr_overlayfs_teardown().
The non-standard use of implicit errno makes it extremely difficult to
reason about how these functions can fail. As it turns out,
fs_mgr_overlayfs_teardown has been consistently failing for a long time,
but in a place where errno isn't set, which meant "enable-verity" never
saw the failure.
The failure was originating from umount2(MNT_DETACH) which guaranteed
that DeleteBackingImage would fail with EBUSY, and DeleteBackingImage is
a binder call that doesn't set errno.
This patch switches to umount() and returns a "busy" status if the
unmount fails with EBUSY. In this case it will also disable the scratch
partition. There is a long-standing existing bug where, for non-VAB
devices, it will delete the underlying scratch partition off super. This
is pretty risky with MNT_DETACH, but that path is left unchanged here.
Some duplicated code in set-verity-state was refactored as well, since
the return value of fs_mgr_overlayfs_teardown is now more complex.
Bug: 241179247
Test: adb-remount-test.sh
Change-Id: I2ca75332b75a302622ba9b86d122a6f2accdda3e
This patch fixes a few lingering issues in vts_libsnapshot_test.
The most important fix is a crash in snapuserd when handler deletion
races with the merge monitor thread. Since tests issue lots of
snapshot-related requests in rapid succession, this was easy to hit in
presubmit, and resulted in a null-pointer deref.
SnapuserdClient's CloseConnection does the same thing as the destructor,
but leaves SnapuserdClient in an unusable state. This method is removed
in favor of RAII.
Fix a bug in SnapshotManager where CloseConnection could be called
without zapping snapuserd_client_.
Fix a bug where POLLHUP was checked before calling recv().
Add test name logging so presubmit failures can be diagnosed via logcat
dumps.
Bug: N/A
Test: vts_libsnapshot_test on cuttlefish
Change-Id: I8f22a45e537c24a3c6d327ac47bf8b1352108706
mount_with_alternatives() supports mounting any of the
consecutive fstab entries. Some log messages shouldn't
be treated as error so changing log level to INFO instead.
Bug: 245468764
Test: TreeHugger
Change-Id: I94a18d4cf91ee5bb58cf5ba5f853a0e6599071d1
* changes:
adb-remount-test: Refactor test cleanup
adb-remount-test: Replace libc.so test with build.prop test
adb-remount-test: Check override_creds only if overlayfs is used
adb-remount-test: Print log timestamp & auto-detect color
* Call adb_wait in adb_reboot, as virtually all adb_reboot callsites are
immediately followed by adb_wait.
* Remove |data| option from skip_administrative_mounts. The |data|
option doesn't really work anyway, because vold & init creates
bewildering heirarchy of /data bind-mounts, so it's not feasible to
filter /data by mountpoints. It's more sensible to filter by the /data
device node name, which should be done by the caller.
* Untangle skip_administrative_mounts and skip_unrelated_mounts.
I don't know why we need two separate functions that do similar
things. Just merge them together.
Bug: 243116800
Test: adb-remount-test
Change-Id: I847f0b8cc2a952bb4c8656a43da783f312670061
* If adb remount calls for a reboot during cleanup, this means it's
trying to recreate vendor overlay. Don't reboot in this case because
it's pointless. Total test runtime reduced by one reboot.
* Since this entire script assumes /system & /vendor must exist and
remountable, add them to the MOUNTS list unconditionally.
* Remove /system/hello & /vendor/hello test, as we can just loop over
MOUNTS to check those.
Bug: 243116800
Test: adb-remount-test
Change-Id: I2360314c404ee247356146760314c91ba2795ff5
Since /bionic mountpoint is deprecated, we don't _have_ to explicitly
check consistency of /system/lib/bootstrap/libc.so anymore.
Remove the test which adds junk to the end of libc.so. Editing libc.so
looks dangerous (albeit not!) and has unclear expectations.
Add test which edits /system/build.prop. Editing build.prop file is more
"safe" as it's just text edit, and the expectations are clear (edited
system properties should be loaded after reboot.)
Bug: 243116800
Test: adb-remount-test
Change-Id: I51bd32c6ffcc57eb646eeec0537e996847e6c2a5
Instead of probing the kernel to see if overlayfs is supported, just
check `df` after disable-verity.
If after disable-verity and overlays were mounted, then check that
override_creds patches are applied.
Bug: 243116800
Test: adb-remount-test
Change-Id: Icb1363278536a8177836263882b1a8a0d9f246c9
* Change --print-time to default true, and print timestamp of each log
message.
* Auto-detect color support. If stdout if terminal, then color default
to true, else default to false.
Bug: 243116800
Test: adb-remount-test
Change-Id: Id8425488c4b18fe0bc4dd7e50c3e2ae2e8c74cfe
Move "raw remount test" right after "disable-verity -R test".
Device is expected to be in a clean state right after disable-verity, so
we can perform "raw remount test" immediately after. This saves us one
reboot.
Move "remount from scratch test" right before "remount -R test".
Since they both require overlay teardown state, group them together so
we only need to teardown (and reboot) once. This saves us one reboot.
Total test runtime reduced by two reboots.
Bug: 243116800
Test: adb-remount-test
Change-Id: Ifd95ba713f1819a7d31e88cd70077dc306c64c58
Instead of relying on a local dev tree (which CI machines never have),
just pull the vendor partition image from device.
This way we can have CI coverage on fastbootd as well.
Stop redefining cleanup() hook, just toss all temporary files to $TMPDIR
and always clean up $TMPDIR on exit.
Clarify logs and error messages.
Bug: 243116800
Test: adb-remount-test
Change-Id: I08fb8df58a61c03db3274b22b51e40a1a8f41095
* Check mount flag changes (ro/rw) before and after "adb remount".
* Add comment explaining what's going on with the |uses_dynamic_scratch|
and |scratch_partition| variables.
* Add rich logs reporting infomation about the scratch partition.
* Add rich error messages.
* Filter out /data devices and external volumes (vold managed device)
when checking RW partitions. We are only interested in system
partitions.
* Remove redundant "remount from setup" test from end-of-file, as they
are testing the same thing as the refactored remount test. Total test
runtime reduced by one reboot.
Bug: 243116800
Test: adb-remount-test
Change-Id: Icda5bff78372bebfe2e166d8537a06be66fff886
Pick exactly one fstab file whose pathname suffix matches one of the
fstab suffix properties.
This helps on CF who ships redundant copies of fstab.
Bug: 243116800
Test: adb-remount-test
Change-Id: I4d38859014161e14dba1f7e19dbce44a2621d0f1
There's quite a lot of noise from running "Checking current overlayfs
status". Improve the test output by filtering uninteresting df lines.
* "/apex/..." mounts not interesting.
* "rw" mounts not interesting.
* "fuse" devices not interesting.
Bug: 243116800
Test: adb-remount-test
Change-Id: Id15844d853aaf3f7ed86f1a83544494b697b5b39
* When guessing the ANDROID_SERIAL, use output of `adb devices` instead
of ro.serialno, because ro.serialno won't work for network devices.
* Ensure ANDROID_SERIAL is exported so the test don't fail if a new
device is plugged into the host machine mid test.
* Change --wait-screen warning to info. The "warning" isn't helpful as
it's not showing any potential problems.
* Register cleanup hooks to EXIT trap. This ensures cleanup code are
always executed, and failure to clean up counts as test failure.
* Rewrite some unnecessarily complex command chaining to plain exit
status check.
* Use `test` command to test file existence. Don't use `ls` or `cat` to
test file as this isn't their intended usage, and parsing their error
output can be finicky.
Bug: 243116800
Fixes: 178256393
Test: adb-remount-test
Change-Id: Iec4224d8a236a9852ce417b1129c27205d435d5b
Since remount -R and disable-verity -R have similar expectations, group
them together and reuse each other's test code.
Remove the redundant "remount -R" test at end of file.
Total test runtime reduced by one reboot.
Bug: 243116800
Test: adb-remount-test
Change-Id: I510a9de39f94b73450df9abf82a55496df96bea1
While doing precondition check, verify that device is debuggable and
unlocked.
The /sys/module/overlay mining code had some remarkably written chained
... && ... || ... expressions. This is also remarkably unreadable for
those untrained of bash command chaining pitfalls.
Just rewrite these with plain old if-then-else expressions.
Bug: 243116800
Test: adb-remount-test
Change-Id: I56b1dea5b9147755a43462682a51bc5802ee64c1
The redefining of cleanup hooks are making the script rather difficult
to read. Instead of redefining restore() just to skip some parts of it,
let restore() check flags and conditionally execute cleanup code.
Bug: 243116800
Test: adb-remount-test
Change-Id: If9d627618b54e215200455e8133492670737571d
Just use bash [[ for regex compare, which result in shorter code and
more robust.
Simplify the messaging pipeline:
If success, don't print anything and return 0. Let caller decide what
to log.
If failure and --warning, log error message and return 1.
If failure and ! --warning, die with error message.
Bug: 243116800
Test: adb-remount-test
Change-Id: Ie5426ff3fa57395aa6b4fe71c9bf96bd8e9afc35
