I accidentally changed some _mode enums from unsigned int to off64_t
along with the rest changes. They probably shouldn't have been
unsigned anyway though, so let's make them plain 'int' while we fix
the original typo.
Test: boot
Change-Id: I0c6c51a1a8170056b99087d249539eb79026cffe
Test script assumes overlayfs takeup after disable-verity, although
that can happen if verity is already disabled, it is not the case
for devices that just had it disabled. Move takeup and first stage
init tests downwards to where the condition is guaranteed.
Differentiate the test for devices that support or have verity, and
those that do not.
Fortify test to also use /data mount to check init first stage limit.
Test: adb-remount-test.sh
Bug: 109821005
Change-Id: I5241d6c97bf374614e50aa0aa18a1b9d118be093
This reverts commit 1272e7a592.
Reason for revert: All notice fix changes have been merged and running peacefully for a sustained period. Now this can be reverted for good.
Change-Id: I74e4e291a504fcb9a14ae50e916e494c7359db34
'off64_t' is the correct way to specify a size of a file system, so we
update the various fs_mgr fstab attributes accordingly.
Test: boot
Change-Id: I07ebe687b7c215a8d07ce49d6d32e81b798d1cd3
Bug 120032857 is seeing what appears to be allocations with incorrect
end addresses, leading to a much later crash when it tries to map
a zero page outside the valid virtual address space. Detect allocations
that extend outside the highest or lowest memory mapping and crash
immediately instead.
Test: memunreachable_test
Bug: 120032857
Change-Id: I9be670a025143e7078360a6bf7a83219279614d9
Even though it isn't strictly needed when not system-as-root, for
backwards compatibility, it is desired to keep this symlink.
Bug: 119851742
Test: tree-hugger
Change-Id: I47bc25ab257336f56ef09b5db6ebaf6b17daad35
This change adds an ANDROID_RUNTIME_ROOT environment variable
to indicate the root of the Android runtime. This can be
used in place of ANDROID_SYSTEM to locate files when they
move inside the runtime APEX.
Bug: 119935277
Test: build / boot
Change-Id: Ic3b1ae3e3c98eea7d7c59e514ce62994679ab7b7
This CL also adds namespace android::fs_mgr and remove FsManager* prefix
for class names. Note that android::fs_mgr::FsManagerAvbOps will be removed
in later CLs when fs_mgr doesn't rely on libavb->avb_slot_verify() to
parse vbmeta structs.
Some lingering sources for by_name_symlink_map_ are also removed.
Bug: 112103720
Test: boot crosshatch_mainline-userdebug
Change-Id: I2d1a5cc39bcd5a699da8d5539f191d8c7737c4af
The --fastdeploy switch caused errors when CRC collisions were present in the input apk and/or
an apk with a similar package name to the input apk was already installed on the device.
Test: mm -j 64
Test: adb install -r --fastdeploy --force-agent --local-agent /mnt/raid/boat-attack-apk/boat-attack-swappy.apk
Bug: 119934862
Change-Id: Ibfe0cec38bdbb7371803fc2f73b0ec1697cef624
On retrofit devices, if both slots contain dynamic partition builds,
then "flashall" will attempt to write secondary images to dynamic
partitions in the other slot. At worst, this can fail with an error. At
best, it will result in the "other" partition not being mounted on first
boot.
This patch therefore deletes logical partitions for secondary images, on
retrofit devices only. On a Pixel device on the "b" slot, this means
"system_a" and "vendor_a" will be deleted before flashing, and therefore
system_other and vendor_other will be flashed to physical partitions
instead.
Bug: 120034852
Test: fastboot set_active a
fastboot flashall
fastboot set_active b
fastboot flashall
Change-Id: I6affe9a6c639b0495bffc77fcf20f329b86ad159
Check if overlayfs is supplied in the kernel before proceeding to
determining if there is a disabled verity and an overlayfs filesystem
to deploy.
Test: adb-remount-test.sh
Bug: 119929969
Change-Id: I28116f0aa6959040bb9f38f46c058a221591f735
NIAP certification requires that all cryptographic functions
undergo a self-test during startup to demonstrate correct
operation. This change adds such a check.
If the check fails, it will prevent the device from booting
by rebooting into the bootloader.
Bug: 119826244
Test: Built for walleye. After device booted examined dmesg and
observed logs from init showing that the new task did
start. Further, when BoringSSL is built to fail its self
check the device did stop during a normal boot and enter
the bootloader, and did so before the boot animation stopped.
Change-Id: I07a5dc73a314502c87de566bb26f4d73499d2675
This reverts commit 055347e564.
Reason for revert:
init boots with XOM now. I think this was fixed when this boringssl patch got merged in earlier this week (init has a static dependency on libcrypto):
https://boringssl-review.googlesource.com/c/boringssl/+/33245
Change-Id: I70e15fad4a194c0d2087941bba70dfcd38abe8b5
Follow up to the change made for AVB2 devices in
I19371b05912240480dc50864a2c04131258a7103.
The same consideration must be made in the fall through case, which
is taken either if AVB is completely disabled, or the dm-verity / AVB1
mechanism is used.
Bug: 113175337
Test: boot test on cuttlefish
Change-Id: I99d46a2c2630c40f5f5c02279b11e423998a1e05
Some devices we want to test on, like cuttlefish, may not have a
partition table on any block device Android can see. The partitions are
simply exposed as separate block devices. This means we need to be able
to override the super_partition name to a regular block device name even
on non-A/B devices.
Bug: 113175337
Test: boot test on cuttlefish
Change-Id: I6ff460d0ba7b1e26cb5d60ba446737aa49549c18
When checking for existence of "super_empty.img" to determine if
flash image product set is meant for logical partitions, we die if
ANDROID_PRODUCT_OUT environment is unset or empty. This check
is done before we look at the flash image name to determine if it
is a candidate to look at the logical metadata.
Instead, allow this check to conservatively fail for now.
Test: export ANDROID_PRODUCT_OUT=
fastboot flash bootloader
Bug: 120041144
Change-Id: I43f124015f9d26c79a0feb9123522432fe937343
Merged-In: I43f124015f9d26c79a0feb9123522432fe937343
Non-treblized devices use ld.config.legacy.txt, which does not
support product partition, leading to access denial from/to product partition.
Declare directly /product since search paths are resolved in linker config.
Test: m -j with non-treblized device upgraded to P.
Change-Id: Ic142b807f5dbffdfa5c774b3df8d0903b9626b6a
There is a problem about tombstone, which it will fail to
generate tombstone file in some scenarios due to socket
communication exception.
Reproduce step:
step 1: reboot device
step 2: ps -ef |grep zygote , get the pid of zygote64
(Attention: zygote64 should never been killed or reboot,
otherwise we can get the tombstone file)
step 3: kill -5 pid of zygote64
step 4: cd data/tombstones/, and could not find the tombstone
file of zygote64.
[Cause Analysis]
1. There are following logs by logcat:
11-19 15:38:43.789 569 569 F libc : Fatal signal 5 (SIGTRAP),
code 0 (SI_USER) in tid 569 (main), pid 569 (main)
11-19 15:38:43.829 6115 6115 I crash_dump64: obtaining output
fd from tombstoned, type: kDebuggerdTombstone
11-19 15:38:43.830 569 5836 I Zygote : Process 6114 exited
cleanly (0)
11-19 15:38:43.830 777 777 I /system/bin/tombstoned: received
crash request for pid 569
11-19 15:38:43.831 6115 6115 I crash_dump64: performing dump of
process 569 (target tid = 569)
...
11-19 15:38:43.937 777 777 W /system/bin/tombstoned: crash
socket received short read of length 0 (expected 12)
2. The last log was print by function of crash_request_cb in
file of tombstoned.cpp, following related code:
rc = TEMP_FAILURE_RETRY(read(sockfd, &request, sizeof(request)));
if (rc == -1) {
PLOG(WARNING) << "failed to read from crash socket";
goto fail;
} else if (rc != sizeof(request)) {
LOG(WARNING) << "crash socket received short read of length " << rc << " (expected "
<< sizeof(request) << ")";
goto fail;
}
Tombstoned read message by socket, and now the message length is
zero. Some socket communication exception occurs at that time.
We try to let crash_dump resend the socket message when the
communication is abnormal. Just as this CL.
Test: 1 reboot device
2 ps -ef |grep zygote , get the pid of zygote64
(Attention: zygote64 should never been killed or reboot,
otherwise we can get the tombstone file)
3 kill -5 pid of zygote64
4 cd data/tombstones/, and could find the tombstone file of
zygote64.
Change-Id: Ic152b081024d6c12f757927079fd221b63445b18
The excessive logging of pages with segfaults is making it hard to
see what caused the problem, only log the first page that segfaults,
the range that was being walked when the first segfault happened,
and the total number of pages that segfaulted.
Bug: 120032857
Test: memunreachable_test --gtest_filter=HeapWalkerTest.segv
Change-Id: I71821a3f5be65f2fbcb36afc4b7b1ffa4a48e660
Most vendor_overlay files are product specific that are not allowed
to be installed on system partition.
To install those files on product partition, product/vendor_overlay
is added to the vendor_overlay source directory list.
If the same files are provided from both partitions, files on product
partition will be used.
Bug: 119850553
Test: Build and boot to check if the vendor_overlay works
Change-Id: I1ae97cb5c9dd66d1da5c9eaa3133426d2ba77471
There is an issue in LogAudit::auditParse where
android::uidToName(uid) crashes with a null pointer dereference.
Include a null check on the value before passing it on.
Bug: 120043607
Test: End-to-end test with syzkaller as per instructions in bug.
Change-Id: Ic0ac5c3003fcd289ec156ce63fbd668413763429
