Adding two new public keys for R-Developer-GSI and S-Developer-GSI,
respectively.
Bug: 149805495
Test: m r-developer-gsi.avbpubkey
Test: m s-developer-gsi.avbpubkey
Change-Id: Iaa7521ef40b94f13fe3c9c61d276678f47c60b98
Helps with support of recovery and rollback boot reason history, by
also using /metadata/bootstat/persist.sys.boot.reason to file the
reboot reason.
Test: manual
Bug: 129007837
Change-Id: Id1d21c404067414847bef14a0c43f70cafe1a3e2
When kernel lowmemorykiller driver is enabled lmkd detects it by
checking write access to /sys/module/lowmemorykiller/parameters/minfree
parameter. By default this file does not have write access and init
process changes that from "on boot" section of init.rc. However
"on boot" is never executed in the charger mode, therefore lmkd fails
to detect the kernel driver. Fix this by setting lowmemorykiller kernel
driver parameters before lmkd is started.
Bug: 148572711
Test: boot into charger mode with kernel lmk driver enabled
Change-Id: Ifc3ef725b95bdb5f7d801031429dc26bae014d1f
Signed-off-by: Suren Baghdasaryan <surenb@google.com>
It is already disabled, but having an explcit value in the prop makes
some code in the system_server, easier.
Will follow up with a cl to explicitly enable it on internal master,
aosp will remain this way since it doesn't have the additional
components to run FUSE.
Test: Freshly wiped and flashed device has persist.sys.fuse set to false
Bug: 135341433
Merged-In: I1493e2806823b5751794a9a17ee248dc72b857ff
Change-Id: Ibb955a543e367aa2f4518d5c1c4d070cd084eca0
- schedtune.prefer_idle 1
- schedtune.boost 1
Test: mm
Test: configure NNAPI HAL to use nnapi-hal stune
Test: measure perf difference using MLTS benchmark
Change-Id: I5f467c6a58f2c1da40ec8276e101defc808854a3
(cherry picked from commit 1d748feaec)
Instead they will be logged from system_server. This CL just prepares
grounds for logging CL to land.
Test: adb reboot userspace
Bug: 148767783
Change-Id: Ie9482ef735344ecfb0de8a37785d314a3c0417ff
snapshotctl merge --logcat --log-to-file
- If --logcat, log to logcat
- If --log-to-file, log to /data/misc/snapshotctl_log/
- If both, log to both
- If none, log to stdout
Test: manually test these 4 cases
Bug: 148818798
Change-Id: I44b52936c0d095867acc6ee781c6bec04f6ebd6b
Mount binderfs at /dev/binderfs. Also add symlinks from /dev/binder,
/dev/hwbinder and /dev/vndbinder to /dev/binderfs/binder,
/dev/binderfs/hwbinder and /dev/binderfs/vndbinder respectively.
The symlink commands will fail harmlessly on a kernel
which does not support binderfs since /dev/{binder,hwbinder,vndbinder}
devices will exist on the same.
Bug: 136497735
Bug: 148696163
Test: Cuttlefish boots on Android Common Kernel 4.19 with kernel config
CONFIG_ANDROID_BINDERFS=y.
Change-Id: I8e04340dc4622b0a3c1fc4aa6bbefcb24eefe00b
This calls into apexd to allow it to snapshot and restore DE apex data
in the case of a rollback. See the corresponding apexd change for more
information.
Cherry-pick from (unsubmitted) internal CL: ag/10163227
Bug: 141148175
Test: atest StagedRollbackTest#testRollbackApexDataDirectories_DeSys
Change-Id: Ia4bacc9b7b7a77038ba897acbc7db29e177a6433
Use chattr to apply +F to /data/media
This will fail on devices who do not support casefolding on userdata.
Bug: 138322712
Test: /data/media is set to +F.
Change-Id: Ib341c23a0992ee97b23113b3a72f33a61e583b04
This reverts commit 8e50be74ae.
Reason for revert: Several devices did not boot
Test: Local build with this reverted had the device boot
Bug: 148689473
Merged-In: I97e96bd86d02a9fe70c5ef02df85c604b0cfb3c3
Change-Id: Ic4a2990e7c0cb08c374a336422c08d9aad28049d
Only the FUSE daemon (with media_rw gid) needs access to paths on
/mnt/pass_through. And even then, it only needs execute access on the
dirs, since there will always be a bind mount either from sdcardfs or
the lower filesystem on it and that bind mount correctly handles ACLs
for the FUSE daemon.
Test: manual
Bug: 135341433
Change-Id: I999451e095da355e6247e9e18fb6fe1ab8fc45d6
This is the expected location on Linux and this makes 'ip tuntap' work.
Before:
vsoc_x86_64:/ # ip tuntap add dev tun0 mode tun
open: No such file or directory
vsoc_x86_64:/ # ip tuntap add dev tap0 mode tap
open: No such file or directory
vsoc_x86_64:/ # ip tuntap list
After:
vsoc_x86_64:/ # ip tuntap add dev tun0 mode tun
vsoc_x86_64:/ # ip tuntap add dev tap0 mode tap
vsoc_x86_64:/ # ip tuntap list
tap0: tap UNKNOWN_FLAGS:800
tun0: tun UNKNOWN_FLAGS:800
$ adbz shell ls -ldZ / /dev /dev/tun /dev/net /dev/net/tun
drwxr-xr-x 25 root root u:object_r:rootfs:s0 4096 2020-01-25 09:48 /
drwxr-xr-x 21 root root u:object_r:device:s0 1240 2020-01-25 09:48 /dev
drwxr-xr-x 2 root root u:object_r:device:s0 60 2020-01-25 09:48 /dev/net
lrwxrwxrwx 1 root root u:object_r:device:s0 6 2020-01-25 09:48 /dev/net/tun -> ../tun
crw-rw---- 1 system vpn u:object_r:tun_device:s0 10, 200 2020-01-25 09:48 /dev/tun
Test: see above
Signed-off-by: Maciej Żenczykowski <maze@google.com>
Change-Id: I2aa215711454ce4f8a0ef1f34c17621629060fa1
Mount binderfs at /dev/binderfs. Also add symlinks from /dev/binder,
/dev/hwbinder and /dev/vndbinder to /dev/binderfs/binder,
/dev/binderfs/hwbinder and /dev/binderfs/vndbinder respectively.
Bug: 136497735
Test: Cuttlefish boots on Android Common Kernel 4.19 with kernel config
CONFIG_ANDROID_BINDERFS=y.
Change-Id: I349face22a2e73bfd79af0188e41188c323388f7
In Android kernels >4.4 we will see an empty /sys/kernel/tracing
directory which is notionally where you should mount tracefs if you
don't want to mount debugfs. As we move towards not mounting debugfs,
ensure that the non-legacy location also has adequate permissions to be
read by tracing tools.
Note that this change will be OK even if the board init.rc doesn't mount
tracefs here, because sysfs will always create this directory.
Bug: 148436518
Change-Id: I674587d0f08effdb8471a82e3b1ceec3af8588de
Also reset some more properties to make bootanimation work properly.
Test: adb reboot userspace
Bug: 148172262
Change-Id: I0154d4fe9377c019150f5b1a709c406925db584d
To allow apps with MANAGE_EXTERNAL_STORAGE permission and therefore
external_storage gid to access unreliable volumes directly on
/mnt/media_rw/<volume>, they need access to the /mnt/media_rw path.
This change doesn't break the FUSE daemon, the only process that should
have media_rw gid in R because the FUSE daemon accesses the lower
filesystem from the pass_through bind mounts of the public volume mount
itself so it doesn't need to walk the /mnt/media_rw path itself
Test: With FUSE enabled, a reliably mounted public volume is accessible
on /storage
Bug: 144914977
Change-Id: Ia3fc9e7483894402c14fb520024e2acca821a24d
It previously had 0755 permission bits
With such permissive bits, an unauthorized app can access a file using
the /mnt/pass_through path for instance even if access via /storage
would have been restricted.
It is now 0700
TODO: Change ACL for /mnt/user from 0755 to 0700 in vold only when
FUSE flag is on. Changing it with FUSE off breaks accessing /sdcard
because /sdcard is eventually a symlink to /mnt/user/0/primary
Test: adb shell ls -d /mnt/pass_through
Bug: 135341433
Change-Id: I3ea9655c6b8c6b4f847b34a2d3b96784a8f4a160
This gives search (x) permission on the parent apex data
directory /data/misc/apexdata so that directories below it
may be opened. It also gives that permission on the apex
data directories themselves.
Bug: 147848983
Test: Build & flash, check perms are correct
Change-Id: I27c4ea01602002c89d0771a144265e3879d9041a
The credstore system daemon is running as an unprivileged user. This
CL adds this user and also creates a directory (/data/misc/credstore/)
where this daemon can store its data.
Bug: 111446262
Test: N/A
Change-Id: I8da2c32dd04fef797870b8a7bbc5e499bed71f9e
Historically, the syscall was controlled by a system-wide
perf_event_paranoid sysctl, which is not flexible enough to allow only
specific processes to use the syscall. However, SELinux support for the
syscall has been upstreamed recently[1] (and is being backported to
Android R release common kernels).
[1] da97e18458
As the presence of these hooks is not guaranteed on all Android R
platforms (since we support upgrades while keeping an older kernel), we
need to test for the feature dynamically. The LSM hooks themselves have
no way of being detected directly, so we instead test for their effects,
so we perform several syscalls, and look for a specific success/failure
combination, corresponding to the platform's SELinux policy.
If hooks are detected, perf_event_paranoid is set to -1 (unrestricted),
as the SELinux policy is then sufficient to control access.
This is done within init for several reasons:
* CAP_SYS_ADMIN side-steps perf_event_paranoid, so the tests can be done
if non-root users aren't allowed to use the syscall (the default).
* init is already the setter of the paranoid value (see init.rc), which
is also a privileged operation.
* the test itself is simple (couple of syscalls), so having a dedicated
test binary/domain felt excessive.
I decided to go through a new sysprop (set by a builtin test in
second-stage init), and keeping the actuation in init.rc. We can change
it to an immediate write to the paranoid value if a use-case comes up
that requires the decision to be made earlier in the init sequence.
Bug: 137092007
Change-Id: Ib13a31fee896f17a28910d993df57168a83a4b3d
