This CL change the mini-keyctl tool to make it compitable with libkeyctl
tool to make it more useful.
Bug: 112038861
Test: mini-keyctl padd asymmetric 'desc' .fs-verity < /path/to/cert.der
Test: mini-keyctl unlink <key_id> <keyring_id>
Test: mini-keyctl restrict_keyring <keyring_id>
Change-Id: I950f07c7718f173823ce5a5cd08e0d1a0e23a007
Bug: http://b/119818070 "app crashes when reading asset of zero length"
Add support for zero-length mappings for the Windows code path as well.
Test: ran libbase_test on Windows under wine.
Change-Id: Iccb65fa800c636444100c9369f41e36d24a53a99
This is a temporal fix. With this change, the extractor plug-ins uses
unstable libs under /system/lib[64]. The right resolution is being
discussed.
Test: applied the same change to ld.config.txt and checked
the memory map of media.extractor on cuttlefish.
Bug: 127791685
Change-Id: Ifd5b79831f27ef4017bb8aa774671aa9b2c5264e
Removing 'updatable' from zygote as zygote is started after apexd. All
APEXes are guaranteed to be activated at the moment.
Sequence of actions:
1) /data mounted. post-fs-data is triggered.
2) apexd starts. APEXes are activated. Init does not execute more
commands until the activation finishes.
3) all post-fs-data sections from other *.rc are executed.
4) zygote-start is triggered.
Bug: 123404717
Bug: 126555629
Bug: 125549215
Test: device boots
Test: no following message on the logcat log
Could not restart 'zygote': Cannot start an updatable service 'zygote' before configs from APEXes are all loaded. Queued for execution.
Merged-In: Ib4d0716ed5225b6ade3adaa247ff6140a9b2b9d5
Change-Id: Ib4d0716ed5225b6ade3adaa247ff6140a9b2b9d5
(cherry picked from commit 3bddd540dd)
Our servers can comfortably run more than 16 emulators, and this is
much easier than messing with hypervisors or docker port allocation.
Assumes you know how to avoid clashes with Google Wear's default port.
Test: manual - still registers emulators.
Change-Id: I47cfd28725a550de0bd77fd11fcd94cdd11d2cc2
Currently libnativeloader appends vendor lib path if apk is from vendor
partition. Similar to this we should add product lib path if apk if from product partition.
Bug: 124705551
Test: m -j && tested from crosshatch with product apps (such as Wallpaper)
Change-Id: I8c3473f1f70b1c22dcaed7eb2d5f9c3deee9e1a5
Merged-In: I8690167ca8098015c8ae4bbb4f028404c5e94dc0
This adds few new methods to introduce write support to SplitFiemap:
(1) Write(), which has an internal cursor to stream data into the split
files. As the end of one file is reached, the next is opened.
(2) Flush(), which calls fsync() on each internal FiemapWriter.
(3) HasPinnedExtents(), which calls the same on each internal
FiemapWriter.
Included are some tests for edge cases in Write().
Bug: 126230649
Test: fiemap_writer_test gtest
Change-Id: I9fd509215975dbbb20a44b020315d3c1b287d1a0
This CL splits out healthd_mode_charger_nops for building
charger.recovery. It doesn't change the functionality of the charger
module under recovery, i.e. a) it still doesn't do much work other than
reporting the battery status periodically; b) it keeps calling
device-specific healthd functions (healthd_board_init and
healthd_board_battery_update) via the statically linked HAL.
Previously `charger -r` was used to indicate starting charger under
recovery mode. This CL makes it a noop since we've changed the caller in
recovery.
Bug: 73660730
Bug: 114042635
Test: Boot into charger mode on walleye. Check that charger UI works.
Test: Boot into recovery mode on walleye. Check that /system/bin/charger
keeps working.
Test: Run charger_test on walleye.
Change-Id: Id91acfcc77ec315c2382392dc54e36c3e85de2eb
With the change in [1], /sbin/charger always gets included into
system.img (as opposed to ramdisk) and started by second-stage-init. It
no longer needs to be statically linked. This CL switches it to use
shared libraries, and moves it to /system/bin/charger.
With this change, charger no longer gets installed into recovery image,
which will be handled by a follow-up CL.
[1] https://android-review.googlesource.com/c/platform/build/+/728287
Bug: 73660730
Test: Boot into charger mode on taimen. Check that charger UI works.
Test: Run charger_test on taimen.
Change-Id: Idff70cfad09c825cdba4d35a471ff7ecd5f8a8f7
1. Don't clear O_CLOEXEC on an fd we're duping to stdin/out/err: dup2
does that for us if oldfd != newfd, and we know the fd can't be
stdin/out/err.
2. Use unique_fd.
3. Remove gotos by breaking the remount logic into its own function.
Test: mma
Change-Id: If9929e7f20de445322fd498e1379a2d4e572cb52
For devices that do not support overlayfs that are system as root,
need to pull /dev/root device from / mount point in fstab.
Test: adb-remount-test.sh
Bug: 126256072
Change-Id: I198c0e8c60770508737318afde95db2966294ff5
Report any discrepancy in the active slot.
Fix a problem with problematic error propagation for adb_cat()
Test: adb-remount-test.sh
Bug: 126256072
Change-Id: I8a5d4e364945c5e60d252333886987b8dca0cfb3
This directory is used to store the Weaver/GateKeeper slot map so GSIs
do not overwrite host keys in secure storage.
Bug: 123716647
Test: /metadata/password_slots exists after boot
Change-Id: Ib0ca13edec38e68cba1fc2124465571feedc4be7
In order to test Trusty gatekeeper automatically, the storage proxy
needs to be active inside the emulator. This patch allows storageproxyd
to speak a length-framed RPMB to an external RPMB daemon.
For a concrete example of a daemon speaking this protocol, see rpmb_dev
in the Trusty tree.
Bug: 124277696
Test: Launch storageproxyd with -t virt, use Trusty test infra
Change-Id: I391d4768976f0eb1f3b8df58eefd58fc3a9409cd
Currently, moving or copying a Maps object leads to double free of MapInfo.
Even moving a Maps object did not prevent this, as after a move
the object only has to be in an "unspecified but valid state", which can
be the original state for a vector of raw pointers (but not for a vector
of unique_ptrs).
Changing to unique_ptrs is the most failsafe way to make sure we never
accidentally destruct MapInfo.
Test: atest libuwindstack_test
Failed LocalUnwinderTest#unwind_after_dlopen which also fails at master.
Change-Id: Id1c9739b334da5c1ba532fd55366e115940a66d3
Log min_score_adj when lmkd kills a process to determine the oom_score
levels that lmkd considers during the kill.
Bug: 123024834
Change-Id: I986ae8f2808199b1654bc8d2a32dd88046c79aa3
Signed-off-by: Suren Baghdasaryan <surenb@google.com>
Summary: Boot sequence around apexd is changed to make it possible for
pre-apexd processes to use libraries from APEXes. They no longer need to
wait for the apexd to finish activating APEXes, which again can be
done only after /data/ is mounted. This improves overall boot
performance.
Detail: This change fixes the problem that processes that are started
before apexd (so called pre-apexd processes) can't access libraries
that are provided only by the APEXes but are not found in the system
partition (e.g. libdexfile_external.so, etc.). Main idea is to activate
system APEXes (/system/apex/*.apex) before /data is mounted and then
activate the updated APEXes (/data/apex/*.apex) after the /data mount.
Detailed boot sequence is as follows.
1) init prepares the bootstrap and default mount namespaces. A tmpfs is
mounted on /apex and the propagation type of the mountpoint is set to
private.
2) before any other process is started, apexd is started in bootstrap
mode. When executed in the mode, apexd only activates APEXes under
/system/apex. Note that APEXes activated in this phase are mounted in
the bootstrap mount namespace only.
3) other pre-apexd processes are started. They are in the bootstrap
mount namespace and thus are provided with the libraries from the system
APEXes.
4) /data is mounted. init switches into the default mount namespace and
starts apexd as a daemon as usual.
5) apexd scans both /data/apex and /system/apex, and activate latest
APEXes from the directories. Note that APEXes activated in this phase
are mounted in the default namespaces only and thus are not visible to
the pre-apexd processes.
Bug: 125549215
Test: m; device boots
Change-Id: I21c60d0ebe188fa4f24d6e6861f85ca204843069
