No longer required for hwasan builds, since b/140790209 is fixed.
This reverts change-id I27069b20f7c7068b931340f548b284ce1676466c.
This also reverts the identified change for the memory regression in
b/140648539.
Test: Build & boot on taimen_hwasan-userdebug
Test: Build & boot on crosshatch_hwasan-userdebug
Bug: 140790209
Bug: 139408016
Bug: 140648539
Change-Id: Ib61c53571a4de0970a86ebc391a2ce780247943a
Any used files need to be in the dependencies list for rules. In this
case, this is more than what's actually read in the script, but the
older ones shouldn't change as much, and replicating the logic is
non-trivial.
Bug: 130111713
Test: run with RBE, no longer see error about file not found
Change-Id: I88baf541ce6250a5dbf7b8a7d6b8005ed7cf5cc6
Bug: 140882488
Test: Booted twice, checked logs to ensure encryption
is different each time, adb created files in directory.
Change-Id: I44f746acd1040f7baa9123d4824ba39b194f287b
libcrypto performs a self test when it is loaded, unless
a marker file /dev/boringssl/selftest/[hash] exists which
indicates that the self test has already successfully
completed since the last time the device was booted.
Before this CL topic, libcrypto attempted to create the
marker file when the self test successfully completed.
On Android, dedicated boringssl_self_test{32,64} binaries
are run early during boot and are the only binaries
(apart from init and vendor_int) that have permission to
create these files.
Another CL in this topic stops the boringssl self test
creating a marker file unless the environment variable
BORINGSSL_SELF_TEST_CREATE_FLAG is set to a nonempty value.
This CL sets that value to "true" when running the dedicated
self test binaries, but not for other binaries. This has
the effect that other binaries that run the self test
early during boot (before the dedicated self test binaries
have created the marker files) and which run the self test
will no longer attempt to create the marker file, which
SELinux would have denied anyway.
Bug: 137267623
Test: Treehugger
Change-Id: I99317df1a8c3496d33ae83f9ec346782b2286ac9
This replaces the recently added `exec_reboot_on_failure` builtin, since
it'll be cleaner to extend service definitions than extending `exec`.
This is in line with what we decided when adding `exec_start` instead
of extending `exec` to add parameters for priority.
Test: `exec_start` a service with a reboot_on_failure option and watch
the system reboot appropriately when the service is not found and when
the service terminates with a non-zero exit code.
Change-Id: I332bf9839fa94840d159a810c4a6ba2522189d0b
This should ensure that the self tests run before any other binaries
that load libcrypto and which would otherwise run into SELinux denials
trying to create the marker file /dev/boringssl/selftest/[hash]
The invocation of the self test binaries from the Conscrypt apex
requires the apex to be mounted so it remains at a later point in
the boot process.
Bug: 137267623
Test: Treehugger
Change-Id: I34266d6e9d2f394fffa8a2c7725479b5770d119c
The accidental trailing ':' appears to stop the line
triggering.
Bug: 137267623
Test: Checked the /system/bin/boringssl_self_test32
now runs on aosp_cf_x86_phone-userdebug
Change-Id: I7b4b1d6b838d8d1a7a0db7f104a94b34962df030
vold is already started during early-fs which happens before
post-fs-data.
Trying to start it again in post-fs-data is a little bit confusing.
Test: device boots
Change-Id: I5faefe6d1f1bb7472ea3d032b1f157c69da565f1
The script needs to run after keystore, which is now a core service.
Note the previous APEX requirement by ART is no longer needed.
Test: see keys loaded
Bug: 112038744
Change-Id: I02fb6ce193bb301488b259421f120e6aa6cd75b9
The installed file name of modules may not match the module name.
Use module-installed-files to get the installed file name.
Bug: 117607748
Test: m checkbuild
Test: only libprotobuf-cpp-*-3.9.1.so changed in ld.config.R.txt
Change-Id: I83b7519f344b65b6cd98c4cabcf9bce0e753ba92
Merged-In: I83b7519f344b65b6cd98c4cabcf9bce0e753ba92
Instead of init.cpp knowning about the boringssl self
test, use init.rc to exec dedicated self test executables.
Advantages:
- The self test is run not only both the copy of libcrypto
in /system but also /apex/com.android.conscrypt.
- The self test is run not only for the primary (e.g. 64bit)
ABI but also for a secondarry (e.g. 32bit) ABI.
- The dependency on libcrypto is kept to the self test binary.
- The self test binary abstracts the exact native API for
running the self test (this will change soon because the
self test will be run when the library is loaded).
Bug: 137267623
Test: Check that logcat shows both binaries being started as root,
and finishing with exit code 0.
Change-Id: I1e716749ee2133993f0f7b2836483391fd1a62f0
For now, keep symlinks only to the binaries demonstrably in use by apps
(dex2oat and dalvikvm).
Test: adb shell ls -l /system/bin
Bug: 124106384
Change-Id: Id662beb4c13785ac9d44bf41f9f33907219b69be
This is a temporary fix to keep the Bionic-associated libraries accessible
in the runtime namespace, pending a proper namespace split.
Test: Build & boot with taimen_hwasan-userdebug
Bug: 139408016
Bug: 139916951
Exempt-From-Owner-Approval: Approved internally
Change-Id: I27069b20f7c7068b931340f548b284ce1676466c
Merged-In: I27069b20f7c7068b931340f548b284ce1676466c
Start the serial console at the 'init' trigger instead of much later
when property triggers happen. This will help debugging early boot
issues.
Test: serial console starts early for a userdebug build
Test: serial console still doesn't start on a user build
Change-Id: I7112a8e7171c9fa865c8787c9a3d14515bc59478
Init sets the encryption policy on these directores when created.
Bug: b/139193659
Test: Boot device without this, then try to boot with it without wiping.
Cherrypicked-From: 7bf42f148a
Change-Id: I6b26710674b51d62fa4a07b06e06c539571fb7ac
Merged-In: I6b26710674b51d62fa4a07b06e06c539571fb7ac
This directory is intended to be used by boringssl
(through the bssl_self_test{,64} binaries) to create /
check for the existence of marker files indicating that
the self test has successfully run.
It appears that because this is an .rc script for init
rather than a shell,
mkdir -p /dev/boringssl/selftest 0755 root root
wouldn't work.
Bug: 139348610
Bug: 136262690
Test: Checked that after booting, /dev/boringssl/selftest
exists:
$ su root ls -l /dev/boringssl
total 0
drwxr-xr-x 2 root root 40 1972-02-11 03:27 selftest
Test: Checked that if I instead try:
mkdir -p /dev/boringssl/selftest 0755 root root
in init.rc then the directory isn't created (there is
no error message in logcat because logd is only
started in line 311).
Change-Id: I12fdd08c8ead152ac4e62cbd0a2099a9d6170ddb
Linker namespace 'rs' has /system/lib/vndk-sp in its search paths.
So we don't need to link 'rs' namespace to 'vndk' namespace.
Bug: 139706981
Test: run RS-using apps from Play
Change-Id: I14c1d6c4e7624bbd6551731ea88de1b4c2e5edb6
This change fixes a bug that neuralnetworks namespace is linked to the
default namespace in [vendor] section. Default namespace is for
/vendor/lib in [vendor] section. System libraries are available in the
'system' namespace.
Bug: 139113342
Test: N/A
Change-Id: I1b6751e5e33522f9829f3d9ad7371efdce01b0f0
This change is part of enabling upcoming platform changes that are
described in the bug linked below.
Bug: 135341433
Test: builds, boots successfully and external storage remains
an sdcardfs mount by default and works correctly
Test: cat /proc/1/mountinfo is unchanged
Change-Id: Idf851b3a42910e0ce8fdd75daea1cce91dd1aa98
Linker ignores link configuration if either namespace is not valid.
However there was a link configuration from postinstall section which
target link namespace does not exist. Also, there was no binary within
postinstall from hwasan build (checked with bonito), so there may be no
usage for this section now. Removing this line for better human
readability, and behavior of the linker would be same as before.
Test: m -j && tested from cuttlefish
Change-Id: I0c7b2949d055ba767e1429238e8764ee7798fe44
This CL implements some of the libsnapshot internals necessary to work
with update_engine. In particular it implements snapshot and update
state, as well as creating and mapping snapshot devices. It does not
implement anything related to merging, nor does it implement the full
update_engine flow.
Update state is stored in /metadata/ota/state. To synchronize callers of
libsnapshot, we always flock() this file at the top of public functions
in SnapshotManager. Internal functions are only called while the lock is
held, and a "LockedFile" guard object is always passed through to
indicate proof-of-lock.
Low-level functions, such as snapshot management, have been moved to
private methods. Higher-level methods designed for update_engine will
ultimately call into these.
This CL also adds some functional tests for SnapshotManager. Test state
is stored in /metadata/ota/test to avoid conflicts with the rest of the
system.
Bug: 136678799
Test: libsnapshot_test gtest
Change-Id: I78c769ed33b307d5214ee386bb13648e35db6cc6
Move the symlink destination of /system/usr/icu from Runtime APEX to
i18n APEX
Bug: 137009149
Test: Device boots
Change-Id: I86ff83a28d4124892d2b5d84ff09bc539f76c941
Linkerconfig requires more libraries txt files to get library list
related variable values. To make this available from runtime, those
should be added as build target and included in system image.
Bug: 137511540
Test: m -j && tested from cuttlefish
Change-Id: Id3304eea5a7d8f2ffc171cd3b110b7d65e881f8c
Makes updated libneuralnetworks.so in /apex/com.android.neuralnetworks/{LIB}
loadable from all relevant namespaces.
Test: Verified that right library is being loaded using lsof and
Test: verbose debug logs from bionic/ld.
Bug: 137320025
Change-Id: I38140bb9915a3f85f10456e15ed0f492dbdba802
Recently Android build team changed environment to use prebuilt toybox
binaries for common tools (aosp/852849). However, as toybox xargs does
not support -I option, update_and_install_ld_config.mk started to fail
filtering out private vndk libraries from the list. To resolve this,
xargs usages are replaced with other shell command (read).
Bug: 137832162
Test: m -j && tested on Cuttlefish
Change-Id: I218ce6272c781f826b87c8efc0d3c77bf6bc3af5
/metadata/ota will store the update state ("none", "applying",
"booting", "merging") for each dynamic partition. The data will be
managed by libsnapshot, whose primary consumer will be update_engine
but will also be available to recovery/fastbootd.
Bug: 136678799
Test: /metadata/ota exists
Change-Id: I3e06484cafeb363904914767abc8984adaa37021
system_suspend need to be an early_hal as it's required before storage
encryption can get unlock on FDE devices.
/sys/power/wake_lock is a dependency of system_suspend (only in Q and
earlier). Permissions on this file need to be set early enough.
Bug: 136777986
Bug: 133175847
Test: boot blueline
Change-Id: I8a9d3374b327e451fb98d2279d1bac9477a9560d
This reverts commit 997a2d93d7.
Reason for revert: This revert is needed, just also need some selinux rules for changes to the script that runs if this folder is present.
Bug: 136199978
Change-Id: Ie0544954965e3c90abc2f833c41949976c3bea65
(cherry picked from commit 35708b9d7b)
This reverts commit 997a2d93d7.
Reason for revert: This revert is needed, just also need some selinux rules for changes to the script that runs if this folder is present.
Bug: 136199978
Change-Id: Ie0544954965e3c90abc2f833c41949976c3bea65
This reverts commit 891a011394.
Reason for revert: Some Test failed, need more investigation
Bug: 136199978
Change-Id: Ibad0dad02a6701447c39ddcc805d44c9e68bdcce
Create linkerconfig tmpfs mount and create ld.config.txt using
linkerconfig during init
Bug: 135004088
Test: m -j & tested from device
Change-Id: Iea30259871ef26d6c04beebf42b17ba7b494db0d
This reverts commit c6ca823710.
Reason for revert: Q-GSI on Pie devices would crash kernel.
Bug: 136199978
Change-Id: I16a2cb81a1f21627db0cb00324679a322ba42fe0
Update adb, fastboot and mount point
Bug: 134359158
Test: build and check if system_ext.img can be flashed
Change-Id: I6219f72242c5fe42a508008c0b1fd218d74da5b6
We need vold on early-fs so we can handle userdata checkpointing.
Without this, devices will take an extra minute or two as checkpointing
related vdc calls attempt to reach vold before it is available.
Bug: 134114000
Test: Boot, see vold has started before vdc checkpointing tries to call
out to vold.
Merged-In: Idfdb304503a163fbb91f9317949eb98c06fecce1
Change-Id: Idfdb304503a163fbb91f9317949eb98c06fecce1
We need vold on early-fs so we can handle userdata checkpointing.
Without this, devices will take an extra minute or two as checkpointing
related vdc calls attempt to reach vold before it is available.
Bug: 134114000
Test: Boot, see vold has started before vdc checkpointing tries to call
out to vold.
Change-Id: Idfdb304503a163fbb91f9317949eb98c06fecce1
Without this, binaries can't be run out of /data/local/tmp on a HWASANified
device.
Bug: http://b/134503977
Test: Chromium's /data/local/tmp/md5sum/md5sum_bin works on walleye_hwasan-userdebug
Change-Id: Ieceaab8aae0024864022ca42b38aa36e6212cf31
(cherry picked from commit 563ca38154)
Without this, binaries can't be run out of /data/local/tmp on a HWASANified
device.
Test: Chromium's /data/local/tmp/md5sum/md5sum_bin works on walleye_hwasan-userdebug
Change-Id: Ieceaab8aae0024864022ca42b38aa36e6212cf31
The old "time zone updates via APK" feature installs time zone data
files in /data. tzdatacheck is run during boot to guard against an
OTA leaving the data in /data older, or in a different format, than the
files that exist elsewhere on device. If such files existed the system
could use old versions of tzdb (and related) data or even end up
unstable.
Soon, the time zone data mainline module will be made "functionally
mandatory" by the removal of most time zone data files from the
runtime module APEX, i.e. the time zone data module cannot be absent,
and the runtime module won't have files to compare against.
This change modifies the command line args for tzdatacheck to reference
the contents of time zone data module instead of the runtime module.
Bug: 132168458
Test: Build / boot / inspect logcat
Change-Id: Iac8023b7cbb72213df344d603c121caa867a196f
There is no reason that rlimits cannot be set earlier than they are,
and apexd-bootstrap may want to set the priority service option, which
would require that these rlimits have been set, so we move these to
the beginning of early-init.
Bug: 134668377
Test: apexd-bootstrap can set the priorty service option
Change-Id: I8040190cd4dc5e141784496ae65cfab80d9cad53
The canonical location of the HWASAN runtime, an LL-NDK library, is being moved
to the runtime APEX. It is apparently the first LL-NDK library in the runtime
APEX that does not require a legacy symlink in /system/${LIB}. Therefore we
need to link the HWASAN runtime in the runtime namespace to various namespaces
so that the library can be loaded from outside of the namespace.
Also, add $SANITIZER_RUNTIME_LIBRARIES to
namespace.default.link.system.shared_libs. This is necessary because in
the accompanying Soong change, we cause the HWASAN runtime to be removed
from $LLNDK_LIBRARIES. In most cases, except for this one, this was a no-op
because we were already including both sets of libraries in shared_libs.
Bug: http://b/134503977
Test: Builds
Change-Id: I67d64788855d28f3a156a1b9cf8a897617277730
Merged-In: I67d64788855d28f3a156a1b9cf8a897617277730
(cherry picked from commit fb1c5a724e)
This directory is no longer used. OBB content is
placed in /data/media/$user/Android.
Test: make
Test: manually verify the path doesn't exist.
Bug: 129167772
Change-Id: I8549826586b9a68c8cfa3fe2e51295363f9b4e11
Executable in /data/ runs in default linker namespace, not
classloader namespace.
In Q, we moved libicuuc.so and libicui18n into the runtime
namespace, and allow linking from runtime namespace and classloader
namespace.
This change further allows linking from default namespace, and tries
to fix the regression temporarily.
Bug: 130788466
Test: The app issue is fixed after this CL
Merged-In: Ifae52b554124514e433cfe78875643a7450fbabd
Change-Id: Ifae52b554124514e433cfe78875643a7450fbabd
(cherry picked from commit 0c7edece94)
Permitted paths were empty for ASAN builds with the media namespace.
Bug: 131625115
Test: no dlopen failure on libflacextractor.so in aosp_cf_x86_pasan
Change-Id: I90050fc54820ba68d64931412572f3b0954e6616
Executable in /data/ runs in default linker namespace, not
classloader namespace.
In Q, we moved libicuuc.so and libicui18n into the runtime
namespace, and allow linking from runtime namespace and classloader
namespace.
This change further allows linking from default namespace, and tries
to fix the regression temporarily.
Bug: 130788466
Test: The app issue is fixed after this CL
Change-Id: Ifae52b554124514e433cfe78875643a7450fbabd
We used to start update_verifier after mounting userdata (post-fs-data),
as part of zygote-start. This leads to issues in practice for security
updates, where an A/B device falls back into the old slot (for any
reason, which unrelates to this change) but failing to boot due to
upgraded key blob. It essentially breaks the fallback capability offered
by A/B OTA.
This CL mitigates the issue by starting update_verifier early, before
mounting userdata. This avoids the device from falling back to the old
slot with an already-upgraded key blob. update_verifier loses the
opportunity of verifying _all_ the updated blocks based on the info
that's stored in userdata. Instead it will only trigger the minimal
read to finish the work of marking a successful boot. This is a
trade-off in P to avoid putting the device in a bad state after
fallback, which will be improved in Q by better handling the fallback
path in vold.
Bug: 131176531
Test: Flash and boot crosshatch. Check the start of update_verifier and
it marks a successful boot.
Change-Id: I3f4c4333ff38772a9a93c9d027d497db11de1d63
(cherry picked from commit 79cfc7d5a8)
The canonical location of the HWASAN runtime, an LL-NDK library, is being moved
to the runtime APEX. It is apparently the first LL-NDK library in the runtime
APEX that does not require a legacy symlink in /system/${LIB}. Therefore we
need to link the HWASAN runtime in the runtime namespace to various namespaces
so that the library can be loaded from outside of the namespace.
Also, add $SANITIZER_RUNTIME_LIBRARIES to
namespace.default.link.system.shared_libs. This is necessary because in
the accompanying Soong change, we cause the HWASAN runtime to be removed
from $LLNDK_LIBRARIES. In most cases, except for this one, this was a no-op
because we were already including both sets of libraries in shared_libs.
Change-Id: I67d64788855d28f3a156a1b9cf8a897617277730
This relands http://r.android.com/951440:
This affected binaries in the Runtime APEX, where the platform namespace is
"platform" rather than "default".
Also extend ANDROID_ADDITIONAL_PUBLIC_LIBRARIES to create links to both to
platform and runtime namespaces, so that it can be used to open up access to
internal libraries in the Runtime APEX as well, which is used by ART gtests
and run tests.
Also update some comments in the ld.config*.txt files to accurately explain
why some namespaces need to be visible, and some other minor changes for
consistency. There are no semantically significant changes in those files.
Test: Flash and boot
Test: Run an ART run test with the internal libarttest.so library
Test: lunch aosp_cf_x86_phone-eng;
atest android.compilation.cts.AdbRootDependentCompilationTest#testCompile_curProfile \
com.android.cts.dexmetadata.InstallDexMetadataHostTest#testProfileSnapshotAfterInstall \
installd_dexopt_test
Bug: 130293232
Bug: 121117762
Change-Id: I3d9f2102a03e83843e15bc78b5ad347220c52769
Follow up to http://r.android.com/943476. This library is only available in
debug builds of the Runtime APEX.
Test: Flash and boot with eng build
Change-Id: I260f9b838f44ba3f8976c117d9e42fc456239e88
This reverts commit 4ca0ca67bf.
Reason for revert: Breaks android.compilation.cts.AdbRootDependentCompilationTest#testCompile_curProfile and others: http://g/art-team/R2nEDA1Ka_s
Change-Id: Ia6285648133d21e61040efafc73cac97d702a7c4
This affected binaries in the Runtime APEX, where the platform namespace is
"platform" rather than "default".
Also extend ANDROID_ADDITIONAL_PUBLIC_LIBRARIES to create links to both to
platform and runtime namespaces, so that it can be used to open up access to
internal libraries in the Runtime APEX as well, which is used by ART gtests
and run tests.
Also update some comments in the ld.config*.txt files to accurately explain
why some namespaces need to be visible, and some other minor changes for
consistency. There are no semantically significant changes in those files.
Test: Flash and boot
Test: Run an ART run test with the internal libarttest.so library
Bug: 130293232
Bug: 121117762
Change-Id: I7ebaf5370dd0f533b1bb5f0e67e7c3c1df48e512
On devices that use FDE and APEX at the same time, we need to bring up a
minimal framework to be able to mount the /data partition. During this
period, a tmpfs /data filesystem is created, which doesn't contain any
of the updated APEXEs. As a consequence, all those processes will be
using the APEXes from the /system partition.
This is obviously not desired, as APEXes in /system may be old and/or
contain security issues. Additionally, it would create a difference
between FBE and FDE devices at runtime.
Ideally, we restart all processes that have started after we created the
tmpfs /data. We can't (re)start based on class names alone, because some
classes (eg 'hal') contain services that are required to start apexd
itself and that shouldn't be killed (eg the graphics HAL).
To address this, keep track of which processes are started after /data
is mounted, with a new 'mark_post_data' keyword. Additionally, create
'class_reset_post_data', which resets all services in the class that
were created after the initial /data mount, and 'class_start_post_data',
which starts all services in the class that were started after /data was
mounted.
On a device with FBE, these keywords wouldn't be used; on a device with
FDE, we'd use them to bring down the right processes after the user has
entered the correct secret, and restart them.
Bug: 118485723
Test: manually verified process list
Change-Id: I16adb776dacf1dd1feeaff9e60639b99899905eb
On devices that use FDE and APEX at the same time, we need to bring up a
minimal framework to be able to mount the /data partition. During this
period, a tmpfs /data filesystem is created, which doesn't contain any
of the updated APEXEs. As a consequence, all those processes will be
using the APEXes from the /system partition.
This is obviously not desired, as APEXes in /system may be old and/or
contain security issues. Additionally, it would create a difference
between FBE and FDE devices at runtime.
Ideally, we restart all processes that have started after we created the
tmpfs /data. We can't (re)start based on class names alone, because some
classes (eg 'hal') contain services that are required to start apexd
itself and that shouldn't be killed (eg the graphics HAL).
To address this, keep track of which processes are started after /data
is mounted, with a new 'mark_post_data' keyword. Additionally, create
'class_reset_post_data', which resets all services in the class that
were created after the initial /data mount, and 'class_start_post_data',
which starts all services in the class that were started after /data was
mounted.
On a device with FBE, these keywords wouldn't be used; on a device with
FDE, we'd use them to bring down the right processes after the user has
entered the correct secret, and restart them.
Bug: 118485723
Test: manually verified process list
Change-Id: I16adb776dacf1dd1feeaff9e60639b99899905eb
The debug ramdisk can only be used if the device is unlocked.
When it's used, init will load adb_debug.prop and the userdebug
sepolicy from the debug ramdisk, to allow adb root on a user build.
Bug: 126493225
Test: 'make' and checks the file is installed
Change-Id: Id6962414197fc8f47f7c07818e8fb16107dc17a3
Merged-In: Id6962414197fc8f47f7c07818e8fb16107dc17a3
(cherry picked from commit 05f07d89a6)
The debug ramdisk can only be used if the device is unlocked.
When it's used, init will load adb_debug.prop and the userdebug
sepolicy from the debug ramdisk, to allow adb root on a user build.
Bug: 126493225
Test: 'make' and checks the file is installed
Change-Id: Id6962414197fc8f47f7c07818e8fb16107dc17a3
In previous implementation, userdebug sepoilcy and property files are
loaded from the system.img. This CL changes this to:
- first-stage init copies userdebug files from ramdisk to /debug_ramisk/*
- second-stage init loads files from /debug_ramdisk/*.
Note: same as before, the above can only be triggered, if the device
is UNLOCKED
With this, we don't have to put userdebug related files into the USER
system.img.
Bug: 126493225
Test: boot device with a ramdisk with /force_debuggable, checks related
files are loaded
Change-Id: I63f5f846e82ba78427062bf7615c26173878d8f3
Merged-In: I63f5f846e82ba78427062bf7615c26173878d8f3
(cherry picked from commit 30afda71c0)
In previous implementation, userdebug sepoilcy and property files are
loaded from the system.img. This CL changes this to:
- first-stage init copies userdebug files from ramdisk to /debug_ramisk/*
- second-stage init loads files from /debug_ramdisk/*.
Note: same as before, the above can only be triggered, if the device
is UNLOCKED
With this, we don't have to put userdebug related files into the USER
system.img.
Bug: 126493225
Test: boot device with a ramdisk with /force_debuggable, checks related
files are loaded
Change-Id: I63f5f846e82ba78427062bf7615c26173878d8f3
right now vendor_init is forked before we set oom_adj for init which
leaves a chance vendor_init could be killed in heavy memory pressure.
this CL set the oom_adj before forking everything to ensure all native
have correct oom_adj settings.
Fixes: 130824864
Test: procrank -o
(cherry picked from commit 45d8174fe7)
Change-Id: I68c18f9db24d55239f7f0608592fcc702f04542e
