Also adjust permissions on /dev/hw_random to allow prng_seeder group
read access.
Manual testing protocol:
* Verify prng_seeder daemon is running and has the
correct label and uid/gid.
* Verify prng_seeder socket present and has correct
label and permissions
* Verify no SELinux denials
* strace a libcrypto process and verify it reads seeding
data from prng_seeder (e.g. strace bssl rand -hex 1024)
* strace seeder daemon to observe incoming connections
(e.g. strace -f -p `pgrep prng_seeder`)
* Kill daemon, observe that init restarts it
* strace again and observe clients now seed from new instance
Bug: 243933553
Test: Manual - see above
Change-Id: I4d526844b232fc2a1fa5ffd701ca5bc5c09e7e96
This folder is used to store Thread network settings data files.
Bug: b/248145048
Test: /data/misc/threadnetwork is created.
Change-Id: I58eb3d814723c5f7acfbecef7f852d8e5336c975
Without the directory (this happens on the very first boot),
load_persist_props can't create an initial version of
/data/property/persistent_properties (probably empty). This leads to
persisting all in-memory "persist.*" properties later when a persistent
property is set. This is regression from Android S because persistent
props from, for example, build.prop will be persisted even when there's
no process to explicitly setprop.
Bug: 242264580
Test: launch cuttlefish and verify that there's no props from build.prop
Change-Id: I5819a97750e4d5d1ee5a7c308bf944c7aeab2f90
This reverts commit da94c7f650.
Reason for revert: It appears this change slows down boot on normal devices.
Technically, this change is not necessary, but it prevents starting the secondary and having it throw an error in the only run 64 bit zygote config. But it's easier to throw the error than slow down boot up.
Bug: 238971179
Test: Verified that on a 64 with 32 config, the secondary zygote
Test: starts but exits.
Change-Id: I7ab0496a402db83e70168d52e5d5911b82a3b06a
In previous releases, these self tests had a secondary purpose
of writing a flag file to save future processes from running
some slow self checks. This is no longer true in T.
However running the tests from early-init has caused issues
on some devices as the kernel's entropy pool is not yet
initialised, causing the process to block for a second or more.
Bug: 231946889
Test: m && flashall
Change-Id: I2116f2029ca6a21e4359407dfff4dc79edd39084
APK time zone update mechanism used to store tzdata file there.
The feature is removed, no need to create that folder.
Bug: 148144561
Test: atest CtsBionicTestCases
Test: atest BionicTzdbConsistencyTest
Change-Id: I249f1d1b6c1a3f1a283d1ca43fcc93b10cbd910a
The current/proc/bootconfig node is the root user group,but some Android modules of our company do not have permission to access the root user group node. We want to add the same permissions to /proc/cmdline for the proc/bootconfig node in init.rc
Change-Id: I98f63a09cf7306be65c40674b1b28f1153c705fb
The feature was superseded by tzdata mainline module(s).
Bug: 148144561
Test: see system/timezone
Change-Id: If87e9a71a725f665bfc977d95e52c04668447081
Merged-In: If87e9a71a725f665bfc977d95e52c04668447081
The SELinux type of /data/media has changed from media_rw_data_file to
media_userdir_file, but the recursive restorecon of /data happens too
late when taking an upgrade. Add a restorecon of /data/media to just
above the chattr command which needs the new label to be allowed. This
doesn't "really" matter, since the chattr command is only needed just
after the directory was created anyway, but this fixes a SELinux denial.
Bug: 156305599
Bug: 232824121
Change-Id: I897be19ceb4686511469bdf7efda2483f298eee4
Although metadata encryption makes the device encryption policy
redundant, for now it is still being used, and the rule is still that
every top-level directory in /data is encrypted by the device policy
unless there is a specific reason why the directory can't be encrypted.
There are various cases where encryption=None is legimately needed and
is used, but they aren't explained in the code, and the option is prone
to be copy-and-pasted (as was done in https://r.android.com/1932960).
Fix this by explicitly commenting every case where encryption=None is
used, and consolidating the creation of all the user parent directories
into one place. (I left /data/bootanim as-is since it will be changed
to encrypted; see b/232299581.)
Change-Id: I6db5f4be7774e3d250c370638e8e7e33e226f3e7
Directories should always be encrypted unless there is a specific reason
they can't be. /data/bootanim is unencrypted without a specific reason,
so fix it to be encrypted. It is too late to use encryption=Require.
However, the contents of this directory doesn't need to be preserved on
updates, so we can use encryption=DeleteIfNecessary instead of
encryption=Attempt.
Bug: 232299581
Test: build success
Change-Id: I17bcb901ad533cada4e0aa061196fc94d7b213ec
No longer needed as the code to generate flag files based on
this environment variable is removed in Android 13.
Bug: 231946889
Test: Build and boot,
Change-Id: I8ce57619aa4d1e6457f3f864bf5e403f727c040c
Since apexd.status=ready is system-only property, we need a similar or
equivalent event or property which non-system APEXes can use to define
'on' trigger actions.
Note that services can be started without its own trigger actions by
setting 'class'. For example, 'hal'-class services are started 'on boot'
automatically.
Bug: 202731768
Test: atest CtsInitTestCases
Test: atest CtsBluetoothTestCases (cuttlefish's bt apex defines
'on' actions in the APEX config)
Change-Id: I6eb62ba8d6e350add2ebafe7da06fcaa57d825ff
Aptx and aptx-Hd are both vendor libs in system_ext.
In order to load their dependencies from a compatible environement
Bluetooth need to setup the linker
Fix: 231967310
Test: atest net_test_stack_a2dp_native
Test: Log analyze after bluetooth boot
Tag: #refactor
Ignore-AOSP-First: Apex only on tm and below
Change-Id: I752e65889a42fe3378f51bd0821c2958ed9b5a7d
To prevent bugs, directory creation and encryption should happen
together. /data/user/0 (and its "alias" /data/data) is a per-user
encrypted directory; such directories can only be encrypted by vold.
Therefore, move its creation to vold as well.
Besides closing the uncomfortably-large gap between the creation and
encryption of /data/user/0, this allows removing init's write access to
/data/user and similar directories (SELinux type system_userdir_file) to
prevent any such issues from being reintroduced in the future.
To also allow removing init's write access to /data/media (SELinux type
media_userdir_file), which also contains per-user encrypted directories,
also move the creation and encryption of /data/media/obb to vold.
Bug: 156305599
BYPASS_INCLUSIVE_LANGUAGE_REASON=Linux API ("slave" mount flag)
Change-Id: I7245251eeb56b345b6c7711482c0aa5848648edb
The uevent.rc will setup owner/group/permissions in all the conditions
including device boot, cpu hotplugs, and cpu online/offline.
Since ueventd always regenerates uevents at boot, we could remove the
redundant settings in init.rc.
Bug: 230291215
Test: Build and check scaling_max_freq on Cuttlefish and B3 device
Change-Id: I4fcc440f2a950967667f88da574faa501b3e227c
The ueventd.rc sets permissions to 0664 but init.rc sets cpu0 to
0660. Since lots of processes already had read access for cpufreq nodes
(refer to system/sepolicy/public/domain.te), align all cpus to 0644
permissions.
Bug: 230291215
Test: Build
Change-Id: I3c72d69590998f8da894fb02097212f834edd48c
We need to fix the below error happening in early stage.
[ 24.835617][ T1] init: [libfs_mgr]Running /system/bin/fsck.f2fs -a -c 10000 --debug-cache /dev/block/sda1
[ 24.843693][ T1] logwrapper: Cannot log to file /dev/fscklogs/log
Bug: 230637147
Bug: 230879192
Signed-off-by: Jaegeuk Kim <jaegeuk@google.com>
Change-Id: I19bc5f7154577e29414f855de6ce72172b281975
Set readahead window multiplier for POSIX_FADV_SEQUENTIAL files as 16 to
enhance file read performance like a language package loading.
Bug: 192011293
Test: adb shell cat /dev/sys/fs/by-name/userdata/seq_file_ra_mul
Signed-off-by: Daeho Jeong <daehojeong@google.com>
Change-Id: I7f7e4339651be2d6aa99b07bcb12ab62136a940e
Merged-In: I7f7e4339651be2d6aa99b07bcb12ab62136a940e
Set readahead window multiplier for POSIX_FADV_SEQUENTIAL files as 16 to
enhance file read performance like a language package loading.
Bug: 192011293
Test: adb shell cat /dev/sys/fs/by-name/userdata/seq_file_ra_mul
Signed-off-by: Daeho Jeong <daehojeong@google.com>
Change-Id: I7f7e4339651be2d6aa99b07bcb12ab62136a940e
Delete all files and directories under
/data/misc/virtualizationservice at boot. Originally they were owned
by the virtualizationservice user; we now run as system, and don't
have permission to remove them after boot.
Bug: 230056726
Test: Create fake stale dir+file, see them deleted
Change-Id: I5ff7d055aeeb25ba7693e50876d6b8a830c4bf51
(cherry picked from commit 34ee0c931c)
Delete all files and directories under
/data/misc/virtualizationservice at boot. Originally they were owned
by the virtualizationservice user; we now run as system, and don't
have permission to remove them after boot.
Bug: 230056726
Test: Create fake stale dir+file, see them deleted
Ignore-AOSP-First: Needed in T, will CP to aosp
Change-Id: I5ff7d055aeeb25ba7693e50876d6b8a830c4bf51
[1] changed the UID of the virtualizationservice daemon and
/data/misc/virtualizationservice directory to `system`. However, this
can cause a permission denial issue when the directory has stale files
when the device was running a build before [1] and an OTA to [1] (or
above) is attempted. The daemon tries to delete the stale files - which
must have been still labeled as old UID and thus the daemon has no
privileged to delete them.
Fixing this issue by ensuring that the directory is always empty by
init.
[1] https://android-review.googlesource.com/c/platform/packages/modules/Virtualization/+/2059527
Bug: 230056726
Test: watch TH
Merged-In: I61c0297503347932b14b83859bec9ff82628336f
Change-Id: I61c0297503347932b14b83859bec9ff82628336f
[1] changed the UID of the virtualizationservice daemon and
/data/misc/virtualizationservice directory to `system`. However, this
can cause a permission denial issue when the directory has stale files
when the device was running a build before [1] and an OTA to [1] (or
above) is attempted. The daemon tries to delete the stale files - which
must have been still labeled as old UID and thus the daemon has no
privileged to delete them.
Fixing this issue by ensuring that the directory is always empty by
init.
[1] https://android-review.googlesource.com/c/platform/packages/modules/Virtualization/+/2059527
Bug: 230056726
Test: watch TH
Change-Id: I61c0297503347932b14b83859bec9ff82628336f
Previously, virtualizationservice had its own UID
`virtualizationservice`. As a result, crosvm, which is spawed by
virtualizationservice`, also run as the UID. However, that prevented us
from applying task profiles to the crosvm process because joining a
process to a cgroup requires system UID.
To fix that, virtualizationservice now runs as system UID. As a result,
this directory that virtualizationservice accesses has to change its
owner and group to system.
Bug: 223790172
Bug: 216788146
Test: watch TH
Change-Id: I2bdf49e99f1841bf77ff046b0c2455064b174e0a
/dev/kvm and /dev/vhost-vsock are used by crosvm. Previously, it ran as
a custom UID `virtualizationservice`. However, this prevented us from
applying task profiles to the crosvm process because joining a process
to a cgroup requires system UID.
Now, crosvm (and its parent virtualizationservice as well) runs in
system UID. Therefore, the ownership of two device files are also
updated accorgly.
BUG=b:216788146
BUG=b:223790172
Test: watch TH
Change-Id: I1f63a12532d3a2cb5724291dbbb40210bd7c9203
This is part of the changes that will allow creating a single
system image but a different set of properties will either
start or not start the secondary zygote.
Bug: 227482437
Test: Verified that secondary doesn't start with same system image
Test: with ro.zygote set to zygote64 and abilists set appropriately.
Test: Verified that secondary does not start when restarting netd.
Test: Verified that secondary does start with same system image
Test: with ro.zygote set to zygote64_32 and abilists set appropriately.
Test: Verified that secondary does start when restarting netd.
Test: Verified that a 64 bit device only starts the primary.
Test: Verified that a 32 bit device only starts the primary.
Change-Id: Id37a223c73f9a61868b2e26450ef4b6964f7b496
Experiments can enable/disable MG-LRU using the
persist.device_config.mglru_native.lru_gen_enabled property
which will update the coresponding sysfs control to enable or
disable this feature in the kernel.
Test: adb shell device_config put mglru_native lru_gen_config [none, core, ...]
Test: verify MG RLU is enabled/disabled: cat /sys/kernel/mm/lru_gen/enabled
Bug: 227651406
Bug: 228525049
Change-Id: I0708df8c78a85359d5cb6d5b167836768029380e
This is required so that system_server can read/delete the file(s) in
/data/misc/odsign/metrics & report to statsd
Note the group change in odsign directory was required so that
system_server can get the execute permission to read file in the sub dir
Test: adb shell ls -l /data/misc/odsign/metrics
Bug: 202926606
Change-Id: I6dd80e05bbfb9daf4aa3e996fc22bba1de8bd2ce
Revert "Migrate the blkio controller to the cgroup v2 hierarchy"
Revert "Migrate the blkio controller to the cgroup v2 hierarchy"
Revert "Migrate the blkio controller to the cgroup v2 hierarchy"
Revert submission 1962326-blkio-cgroup-v2
Reason for revert: This set of changes is suspected to have caused a redfin boot time regression for the git_tm-dev branch.
Reverted Changes:
Id18d876b6:Migrate the blkio controller to the cgroup v2 hier...
I7dfa52136:Migrate the blkio controller to the v2 cgroup hier...
I5336167be:Migrate the blkio controller to the cgroup v2 hier...
I3f0131d8f:Migrate the blkio controller to the cgroup v2 hier...
Ibb62b2d4d:Migrate the blkio controller to the cgroup v2 hier...
Bug: 227382327
Bug: 227389363
Change-Id: I6c8183ed1c3044c8947c4fca07799deff98101b3
This patch preserves the following parameter values:
* Foreground BFQ weight: 100
* Foreground CFQ group_idle: 0
* Foreground CFQ weight: 1000
* Background BFQ weight: 10
* Background CFQ group_idle: 0
* Background CFQ weight: 200
The foreground BFQ weight in task_profiles.json is the default BFQ
weight. From
https://www.kernel.org/doc/Documentation/block/bfq-iosched.txt:
"weight (namely blkio.bfq.weight or io.bfq-weight): the weight of the
group inside its parent. Available values: 1..10000 (default 100). The
linear mapping between ioprio and weights, described at the beginning
of the tunable section, is still valid, but all weights higher than
IOPRIO_BE_NR*10 are mapped to ioprio 0."
Bug: 213617178
Test: Booted Android in Cuttlefish and ran the following test:
Test: adb -e shell cat /sys/fs/cgroup/*/*/io.bfq.weight | sort | uniq -c
Test: 22 default 10
Test: 98 default 100
Change-Id: I7dfa521363a316592852fecce9192708c7a90514
Signed-off-by: Bart Van Assche <bvanassche@google.com>
The "vold.post_fs_data_done" system property was only used by FDE, which
is no longer supported, and this code was commented out anyway.
Bug: 208476087
Change-Id: Ib9346d14368c77058a598e5c4f5f2ed72f5a5316
* changes:
Init: add dev.mnt.blk.bootdevice to access device sysfs
init: mount_handler: detect main block device more reliably
init.rc: use /sys/class/block instead of /sys/devices/virtual/block
This patch adds a new property, 'dev.mnt.root.<mount_point>', which provides,
for example of /data,
1. dm-N
dev.mnt.dev.data = dm-N
dev.mnt.blk.data = sdaN or mmcblk0pN
dev.mnt.rootdisk.data = sda or mmcblk0
2. sdaN or mmcblk0pN
dev.mnt.dev.data = sdaN or mmcblk0pN
dev.mnt.blk.data = sdaN or mmcblk0pN
dev.mnt.rootdisk.data = sda or mmcblk0
Signed-off-by: Jaegeuk Kim <jaegeuk@google.com>
Change-Id: I0a58a62d416f966f26b5de04112c2f9a7eceb22c
/sys/class/block covers all of dm-[0-9], sd[a-z], mmcblk[0-9].
Use it instead of /sys/devices/virtual/block, which only covers dm
devices.
This allows f2fs tunings to be applied more reliably regardless of
how the userdata partition is set up.
Do note that while everything under /sys/devices/virtual/block are
expected to have correct SELinux labels by AOSP, some under
/sys/class/block are not as it's symlinked to platform-specific paths,
and it is up to the vendors to label them correctly.
Test: Confirm entries under /dev/sys aren't dangling and cp_interval,
gc_urgent_sleep_time, iostat_enable and discard_max_bytes are
all set up properly under FBE, FDE and unencrypted.
Change-Id: I089af5bc068445f33919df6659671e50456d49f9
Signed-off-by: Juhyung Park <qkrwngud825@gmail.com>
Bug: http://b/194128476
If CLANG_COVERAGE_CONTINUOUS_MODE is set, enable continuous mode by
adding '%c' to LLVM_PROFILE_FILE.
Test: CLANG_COVERAGE_CONTINUOUS_MODE m and verify continuous mode works.
Change-Id: I8ace01f2aeaef62857e73308b04a535739171b53
The clang prebuilts now provide a single module with per-architecture
variants instead of a module per architecture, which means the module
name doesn't match the installed file name. Use the file names
exported from Soong instead of the module names.
Bug: 220019988
Test: m out/target/produuct/coral/system/etc/sanitizer.libraries.txt
Change-Id: I12e7e988ce60d928987db8611883e67f2ecdee87
In targets that do not include a zygote binary, attempting to start the
zygote service will result in repeated service restarts. Avoid this by
providing a way for targets to opt out of declaring a zygote service.
The fvp_mini target does not have a zygote, so apply this opt-out to
that target.
Relanding after fixing breakage on an internal branch.
Bug: 217455793
Change-Id: Ic26f76142afb5f700bd7b12359d62feb2652b617
Revert "Add a core configuration that disables the zygote."
Revert submission 1964759-master-I4f918502e611e950fa039e4e2ed817c97b928ba2
Reason for revert: b/217993447
Reverted Changes:
I4f918502e:Add a core configuration that disables the zygote....
I4f918502e:Add a core configuration that disables the zygote....
I4f918502e:Add a core configuration that disables the zygote....
Change-Id: I9dc73c6338ed158bd712324b99ae9e3cd4a36424
Always create system_dlkm mountpoint like
vendor_dlkm and odm_dlkm; as some CF mixed
tests are using the dynamic partition to boot
with builds with no system_dlkm which causes
avd boot failures.
Bug: 217511547
Test: TH
Signed-off-by: Ramji Jiyani <ramjiyani@google.com>
Change-Id: Ibf32127df22898706db02400addaa0f1193c105c
Replace /system_dlkm mount guard flga from
BOARD_USES_SYSTEM_DLKM_PARTITION to
BOARD_USES_SYSTEM_DLKMIMAGE. board_config.mk
and other tools are using this format of image
name to auto generate code to prevent duplication.
Bug: 200082547
Test: TH
Signed-off-by: Ramji Jiyani <ramjiyani@google.com>
Change-Id: Ie4dc899509cf42afb553936e6dbf69d5ce234d01
In targets that do not include a zygote binary, attempting to start the
zygote service will result in repeated service restarts. Avoid this by
providing a way for targets to opt out of declaring a zygote service.
The fvp_mini target does not have a zygote, so apply this opt-out to
that target.
Change-Id: I4f918502e611e950fa039e4e2ed817c97b928ba2
Set permissions to cgroup.procs files in cgroup hierarchies similar to
permissions for tasks files so that SetProcessProfiles can access them.
Bug: 215557553
Signed-off-by: Suren Baghdasaryan <surenb@google.com>
Change-Id: Id0c82288392146c8d536d273790a0252580c4203
Add libnetd_updatable.so as dependency of platform. The library will be
used by Netd. Linker config is required if a library in mainline module
is linked by platform.
Bug: 202086915
Test: m; flash; boot
Change-Id: I97183f022b229e788184a979d1a211968295563d
Bug: http://b/194128476
Bug: http://b/210012154
This reverts commit e59f0f66fc.
Coverage metrics dropped for ~10 of the 40 modules. There are also
regressions in mainline when running tests on older platform builds.
Test: presubmit
Change-Id: I50a011f68dcdc25883a68701c51e7e2aabc5a7dc
This folder is used to host bootanim data files.
Bug: 210757252
Test: /data/bootanim is correctly created.
Change-Id: I5019a92df4526865d53797bfd93cd68c3e6d2886
Bug: http://b/194128476
Bug: http://b/210012154
- Do not use %c if coverage is enabled for bionic/libc.
Test: Run tests with this topic and verify coverage still works and also
test memory-mapped coverage (death tests, JNI code in CTS)
Change-Id: Id1ade9c6f45d69a1da912e3e57acd1d0197c11b5
Add AID_READTRACEFS and mount tracefs with gid=AID_READTRACEFS
Bug: 209513178
Test: adb shell ls -l /sys/kernel/tracing/events
Change-Id: Ibbfdf8a4b771bd7520ecbaaf15a1153d6bf0e599
Revert "Demonstrate multi-installed APEXes."
Revert "Adds a new prop context for choosing between multi-insta..."
Revert "Adds multi_install_skip_symbol_files field (default fals..."
Revert submission 1869814-vapex-multi-config
Bug: 206551398
Reason for revert: DroidMonitor-triggered revert due to breakage https://android-build.googleplex.com/builds/tests/view?invocationId=I55600009996329947&testResultId=TR93527797572038984, bug b/206551398
Reverted Changes:
I0cd9d748d:Adds multi_install_skip_symbol_files field (defaul...
I5912a18e3:Demonstrate multi-installed APEXes.
I0e6881e3a:Load persist props before starting apexd.
I932442ade:Adds a new prop context for choosing between multi...
I754ecc3f7:Allow users to choose between multi-installed vend...
Change-Id: I27a4985061b112af7d0e9b95b6d42ccd9b846471
apexd now reads persist props to select between multi-installed APEXes
for debug builds.
Bug: 199290365
Test: see https://r.android.com/1872018
Change-Id: I0e6881e3a5a3775560b580556a7de2e2da043d34
Create a new group for dex2oat in cpu cgroup, which is dedicated for
dex2oat processes. Also modify task profiles for this change.
Bug: 201223712
Test: dex2oat group created
Change-Id: Ic61f4b8a64d01c03549b680970805e12b9ce4fcc
This is required since Android 12, because
CtsNativeVerifiedBootTestCases will read property
"partition.${partition}.verified.hash_alg" to
check that sha1 is not used.
Also see https://r.android.com/1546980 for more details.
Bug: 175236047
Bug: 203720638
Test: build and boot a device
Change-Id: I300265f4af9c2781d40537f391bda9eaf62c27ba
The tracing instance takes extra RAM and is not needed on devices running older kernels.
Bug: 194156700
Test: manual on a Pixel device
Change-Id: I794062741688ebea0e4bc500723a966f8f646ee1
Signed-off-by: Alexander Potapenko <glider@google.com>
In order for crashes when executables are run from the
/data/local/tests directory, set the executable bit for that
directory and sub-directories. Without this, neither the root
user nor shell user can read any executables or shared libraries in
the tests directory.
Bug: 197229540
Test: Used the crasher executable and copied it to /data/local/tests
Test: and verified that running it as root and shell results in
Test: tombstones that have full unwinds with function names.
Change-Id: Ice669358decad9766e0496c156aa84d4ecacd124