Recursively delete all contents in a temporary directory in the
destructor. If the caller wants the contents preserved, then
call DoNotRemove().
Test: compile
Bug: 119313545
Change-Id: I3601c06334920055a60dd3074b249824f4d6f510
Recursively delete all contents in a temporary directory in the
destructor.
Test: compile
Bug: 119313545
Change-Id: I9570a8591f4e51f8f4f1157e75ccc1b781f8a19d
lpmake should be using the intermediates directory for temporary work
rather than /tmp. Add ability to respect TMPDIR environment as
inherited from TemporaryFile.
Bug: 119313545
Test: manual test
Change-Id: I1a0317538875ee37fb4066602ff7a75e4658d74b
Allow a wider legitimate audience to use TemporaryFile and
TemporaryDir by moving them from android-base/test_utils.h to
android-base/file.h.
Test: compile
Bug: 119313545
Change-Id: Ie558c5873ce5b3937914918b6bfb427e5b61d0da
With the addition of the /dev/block/by-name/ symlinks created for the
boot_device, we no longer need to use a map to track the symlinks for
the partitions AVB needs to access.
This will help us in removing the requirement to specify which
partitions contain AVB metadata.
Bug: 117933812
Test: boot blueline_mainline with AVB
Change-Id: I1d46dba5b2fc16b2a14f861b34225ac0f2995b60
* changes:
adb: fix NonblockingFdConnection's behavior with large writes.
adb: fix zero-initialization in Block.
adb: make benchmarks build on the host.
Large opportunistic writes would perform a write without updating
writable_ or waking up the polling thread, which resulted in the worker
thread never polling with POLLOUT.
Test: adb_benchmark
Change-Id: Ifed3b97a4b647b539dcd2df858572fa7da9a22d0
Iccfe3bd4fe45a0319bd9f23b8cbff4c7070c9f4d changed Block from using
malloc to std::make_unique, which does the equivalent of
`new char[size]()`, which value initializes the array members to 0.
Switch to `reset(new char[size])` to avoid this costly initialization.
Test: adb_benchmark
Change-Id: I09aacb949a7bd4a946ce35a8ee65d1f451577b72
The first split of 1st/2nd stage init went a bit overboard, since it
split these even in the case of the recovery image and system-as-root,
which don't actually need the split. This change simplifies this a
bit:
system-as-root and recovery have a single combined /system/bin/init
and a symlink from /init to it.
non-system-as-root has a separate first stage init at /init on the
first stage ramdisk and a combined /system/bin/init on system.img.
Two particular benefits from this:
1) Removal of the rsync of TARGET_RAMDISK_OUT to the recovery image
2) Decrease of overall space on the recovery image since it won't have
a statically linked first stage init
This also unified the various entry points of init to depend entirely
on the arguments passed to it, instead of the hybrid of arguments and
environment variable used previously.
Bug: 80395578
Test: boot both system-as-root and non-system-as-root
Change-Id: Ic2f29b6f56b7defc80eaa0e7cd0c9107e978816f
A service with 'updatable' option can be overriden by the same service
definition in APEXes.
/system/etc/init/foo.rc:
service foo /system/bin/foo
updatable
/apex/myapex/etc/init.rc:
service foo /apex/myapex/bin/foo
override
Overriding a non-updatable (i.e. without updatable option) service
from APEXes is prohibited.
When an updatable service is started before APEXes are all activated,
the execution is delayed until when the APEXes are all activated.
Bug: 117403679
Test: m apex.test; adb push <built_apex> /data/apex; adb reboot
adb shell, then lsof -p $(pidof surfaceflinger) shows that
the process is executing
/apex/com.android.example.apex@1/bin/surfaceflinger instead of
/system/bin/surfaceflinger
Change-Id: I8a57b8e7f6da81b4d2843e261a9a935dd279067c
The following message creates unnecessary alarm:
init: Partition system_a already existed in the by-name symlink map \
with a value of \
/dev/block/platform/soc/1d84000.ufshc/by-name/system_a, new value \
/dev/block/platform/soc/1d84000.ufshc/by-name/system_a will be \
ignored.
and in the code is cited as an ERROR. The message admittedly does
point out an inefficiency by reporting multiple updates.
Test: compile
Change-Id: I388a76fa078cf9de5840930247f732d16ccb0719
Kernel panic - not syncing: Out of memory occurred once after 8 hours
automatic test which cases are about Summary:logd memory leak UTResult
: 1/1
IssueID: 93440
Rootcause: the method "LogTimeEntry::FilterSecondPass"(called inside
"LogBuffer::flushTo") does not check the condition flag
"LogTimeEntry::mRelease" which will be set to true when "logd" begins
to kick off a client when it finding the client is slow-est.
Therefore the client cannot be kicked off and hence the log-element
list becomes longer and longer if the slowest client reading more
slower than the writer writing.
Change-Id: I91a44a393e63b3122c15ce269ee195e0eb4339e8
Solution: add the check.
Test: logd kills slow reader
Similar to the change to adb in Id26760bc62c89a1f7ef67511b21f9d9252ab69f3,
pin the interface version to IOUSBFamily 5.0.0.
Bug: 119264733
Test: Manual
Change-Id: Ied9164532c0ba6f20415dafecb0c774578aa5c57
Currently, /system/bin, /system/xbin, /product/bin, and /vendor/bin
are 0755, which allows any process to iterate through those
directories and list out the contents. For the vast majority of
processes, this is unnecessary. They only need to know whether a
particular binary exists or doesn't exist, but they don't need to
know the other binaries within those directories.
Allowing this is particularly problematic for SELinux. In particular,
some third party Android applications try to examine every file in
the bin directories, generating SELinux audit noise along the
way. This audit noise makes it harder to see real bugs, and falsely
implies an architectural dependency between the application and random
files in directories like /system/bin.
This change removes the ability to list the contents of the various bin
directories, preventing random probing by such apps. The ability to
execute files, or to probe a specific file by name, remain unchanged.
Addresses SELinux denials similar to the following:
avc: denied { getattr } for comm="Thread-11" path="/system/bin/atrace" dev="dm-0" ino=189 scontext=u:r:untrusted_app_27:s0:c512,c768 tcontext=u:object_r:atrace_exec:s0 tclass=file permissive=0 app=uk.co.santander.santanderUK
avc: denied { getattr } for comm="Binder:26637_2" path="/system/bin/atrace" dev="dm-0" ino=168 scontext=u:r:untrusted_app_25:s0:c512,c768 tcontext=u:object_r:atrace_exec:s0 tclass=file permissive=0 app=com.tencent.mm
avc: denied { getattr } for comm="Thread-12" path="/system/bin/apexd" dev="dm-0" ino=451 scontext=u:r:untrusted_app_27:s0:c512,c768 tcontext=u:object_r:apexd_exec:s0 tclass=file permissive=1 app=com.grppl.android.shell.CMBlloydsTSB73
Shell access to these directories continues to be allowed, to allow for
host-side CTS tests.
Also adjust the indentation of some clang directives, to make the
presubmit hooks happy.
Test: Device boots and no apparent problems.
Change-Id: Ibe75682fac1983d39f3f479a5850ab5a96f6627d
This adds a new MetadataBuilder constructor, NewForUpdate, that can be
used by update_engine to simplify upgrading metadata. It is safe to call
whether or not the device is a retrofit. If the metadata has block
devices assigned to a specific slot, and that slot matches the slot
suffix, it will ensure that an equivalent entry exists for the alternate
slot.
Thus, if the source slot is _a and the target slot is _b, and the
metadata has "system_a" as a block device but not "system_b", this will
automatically add "system_b" as a block device.
Bug: 116802789
Test: liblp_test gtest
Change-Id: Ie89d4dbf4c708b5705e658220227ebf33fcb1930
When using the recovery image as a trampoline to boot the system,
first chroot from the recovery image to /first_stage_ramdisk, to
minimize differences between these two boot paths.
Primary motivation is due to the fact that the basename of each mount
point is used by device-manager to name its nodes, and the previous
code that created used /system_recovery_mount as the mount point for
system.img broke AVB. Instead of hacking around that issue, this
change unified mounting for the recovery trampoline and true first
stage ramdisk paths.
Change when relanding: the original change skipped the move mount from
/first_stage_ramdisk to / and only did a chroot instead. This was a
mistake that resulted in the subsequent move mount of /system to / to
mount over the '/' directory instead of moving that mount. This
change uses a bind mount of /first_stage_ramdisk to itself instead of
skipping the first move mount.
Bug: 114062208
Test: AVB works with blueline_mainline
Change-Id: I65207edfe98531892da2eafcbff19b438c9c64fe
Init now parses *.rc files from the APEXs when the apexd notifies the
mount event via apexd.status sysprop.
Bug: 117403679
Test: m apex.test; adb root; adb push <builtfile> /data/apex; adb reboot
adb root; adb shell setprop ctl.start apex.test; dmesg shows that init
tries to start the service which doesn't exist.
[ 47.979657] init: Could not ctl.start for 'apex.test': Cannot find '/apex/com.android.example.apex/bin/test': No such file or directory
Change-Id: I3f12355346eeb212eca4de85b6b73257283fa054
This reverts commit 56999b41af.
Reason for revert: Something is broken here; we're not switching to /system properly.
Change-Id: I777fedcfb545c11275c9cc12f99b99a2423959a0
With chained vbmeta and especially its use with dynamic partitions,
this check is no longer always true. A concrete example is the
chained vbmeta_system partition that contains the metadata for /system
and /product_services for mainline devices.
Test: blueline_mainline boots with AVB enabled
Change-Id: Ib4115831bb3bb49bf6d2a908df59ba32f8405de7
These broke after recent changes to use IPartitionOpener in more places.
The io_tests must now give block device info to TestPartitionOpener.
Bug: N/A
Test: liblp_test gtest
Change-Id: I0a6505c7223e74507dc13184069fdc34bb6b81e4